#openstack-meeting log

17:00:30 <geoffarnold> #startmeeting mercadorproject
17:00:30 <openstack> Meeting started Fri Aug 14 17:00:30 2015 UTC and is due to finish in 60 minutes.  The chair is geoffarnold. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:31 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:33 <openstack> The meeting name has been set to 'mercadorproject'
17:00:39 <geoffarnold> ping
17:00:48 <shaleh> pong
17:00:53 <davidjc> pong
17:01:01 <gyee> bud
17:01:38 <geoffarnold> bud??? ;-)
17:02:04 <gyee> I was expecting 'light'
17:02:18 <davidjc> dy
17:02:19 <geoffarnold> OK, we've had some changes since we last met
17:02:46 <geoffarnold> Based on design discussions over at HP
17:03:09 <geoffarnold> The basic model is unchanged
17:03:46 <geoffarnold> Publisher service running in provider cloud, Subscriber running in consuming cloud
17:04:27 <geoffarnold> However rather than implementing Publisher and Subscriber as independent services, with their own endpoints, installation/configuration, etc....
17:04:46 <geoffarnold> we're going to integrate them into Keystone
17:04:54 <gyee> for now :)
17:05:04 <geoffarnold> This has some benefits and complications
17:05:09 <geoffarnold> yes, for now
17:05:39 <geoffarnold> Benefits: faster spinning up the POC, reduced round-trips between Keystone and Subscriber
17:05:49 <raildo> gyee: light \o
17:05:53 <geoffarnold> Complications: it's a fork of Keystone
17:06:15 <gyee> not quite
17:06:41 <geoffarnold> de facto, gyee?
17:06:43 <shaleh> gyee, it requires keystone mods beyond just dropping the mercador/ directory in contrib
17:06:55 <shaleh> my commit shows thay
17:07:00 <shaleh> s/thay/that/
17:07:05 <gyee> its a fork for conveninence
17:07:12 <gyee> but we are not touching keystone internals
17:07:15 <geoffarnold> exactly
17:07:35 <geoffarnold> except to interpose on CRUD for "project"
17:07:36 <gyee> it should not require keystone mod
17:07:42 <raildo> geoffarnold: do you want to use some stable release for this?
17:07:48 <gyee> just contrib and middleware
17:07:54 <davidjc> yes
17:07:55 <shaleh> raildo, I started with master
17:08:08 <geoffarnold> not especially, raildo
17:08:54 <geoffarnold> shaleh can you add raildo to the project in github
17:08:57 <gyee> raildo, not till we flesh out the landmines
17:09:11 <shaleh> geoffarnold, I just need a github user to invite
17:09:35 <raildo> maybe this will be a little painful, since we have to be doing a lot of rebases...
17:09:49 <raildo> geoffarnold: thanks
17:09:52 <shaleh> raildo: what is your github user name?
17:10:01 <raildo> raildo :P
17:10:06 <shaleh> one moment
17:10:13 <gyee> raildo, shouldn't be painful, we are NOT touching Keystone internals
17:10:27 <gyee> if we do, this ain't gonna end well
17:10:54 <raildo> gyee: ok
17:11:11 <geoffarnold> if we do, it shows that Keystone's contrib framework isn't as clean as intended
17:11:19 <gyee> exactly
17:11:37 <shaleh> geoffarnold: I added a "Contributors" team to the Org. Raildo has been invited
17:11:50 <geoffarnold> There's a Trello at https://trello.com/b/6tlmk3z4/mercador-stackforge-project
17:12:09 <shaleh> raildo: I forked keystone and friends to the Mercador Org on github. We made a branch for mercador-poc there
17:12:15 <geoffarnold> Still stays "stackforge", but no worries
17:12:36 <shaleh> all changes are intended to be in the keystone/contrib/mercado dir unless 100% necessary
17:12:43 <shaleh> so keeping up with master should be pretty easy
17:12:52 <gyee> ++
17:13:04 <geoffarnold> +++
17:13:18 <gyee> at the end, it should be a complete separatable service
17:13:22 <raildo> sure
17:15:15 <geoffarnold> Or two
17:15:37 <shaleh> raildo: if I need to fork something else into the Org let me know
17:16:15 <shaleh> the non Openstack project is my Vagrant/Ansible work to federate a collection of virtualbox nodes running devstack
17:16:53 <gyee> shaleh, how close are you in getting the ansible work done?
17:16:54 <raildo> shaleh: I think that is it.
17:17:17 <shaleh> gyee: I believe it is done but I need to fully test the federation connectivity
17:17:27 <gyee> sweet
17:17:41 <shaleh> I have a script to push projects/domains/users etc onto the SPs
17:17:53 <shaleh> then I can try to access them from the Idp using fed-tester box
17:18:01 <shaleh> once that is fully tested I can bless it
17:18:06 <shaleh> hopefully that is today
17:18:42 <shaleh> everything I have is up on GitHub.
17:18:49 <geoffarnold> I just pushed my API design notes to Pastebin:  http://pastebin.com/Sanc8WeR
17:18:58 <geoffarnold> Formatting sucks; I'll fix it up
17:19:25 <shaleh> geoffarnold: next step is putting that on the wiki yes?
17:19:30 <gyee> geoffarnold, you'll update the wiki with the API design too right?
17:19:45 <geoffarnold> Yes - in a few minutes
17:20:18 * geoffarnold mumbles about Word-to-Mediawiki conversion tools
17:20:40 <shaleh> raildo: the fork of Keystone has a "hello world" quality Mercador at the moment. It responds to /v1/subscribers
17:20:49 <shaleh> geoffarnold: so stop using Word :-)
17:21:01 <geoffarnold> Agreed
17:21:07 <gyee> hah
17:21:39 <raildo> ++ haha
17:21:40 <geoffarnold> markdown ftw
17:22:00 <shaleh> I actually like asciidoc .....
17:22:35 <geoffarnold> i'd missed that, shaleh - I'll check it out
17:22:39 <raildo> shaleh: I found, thanks
17:22:51 <shaleh> http://asciidoctor.org/
17:23:01 <shaleh> GitHub supports files named ".adoc"
17:23:15 <gyee> judge a doc by its content, but not its apparent - gyee's paraphrasing MLK
17:23:15 <geoffarnold> sweet
17:23:45 <shaleh> geoffarnold: what do we have for an agenda?
17:23:53 <shaleh> we have completed show & tell
17:24:06 <geoffarnold> nothing else AFAIK
17:24:18 <geoffarnold> Next week is crazy
17:24:24 <shaleh> my plan is to start on the token interceptor work
17:24:52 <geoffarnold> Monday is shot (Cisco mtgs), Tues-Wed is Operators Meetup, Thurs-Fri is Product WG (I'm hosting)
17:25:01 <shaleh> understood
17:25:18 <shaleh> when we meet the following week I expect to have a demo for the group
17:26:03 <gyee> geoffarnold, will Cisco folks help out on the rest of the API impl?
17:26:20 <geoffarnold> davidjc do you want to take a look at the CLI?
17:26:20 <shaleh> I've done my freebie :-)
17:26:29 <gyee> we are at a point we can multithreading now
17:26:44 <davidjc> well the CLI will be easy to develop once all of the backend APIs are completed
17:27:00 <davidjc> I plan on diving in on that today, or exploring the API backends as discussed
17:27:04 <davidjc> particularly for pub
17:27:08 <shaleh> CLI work expects changes to python-keystoneclient or an equiv
17:27:23 <geoffarnold> We should start by replicating shaleh's hello world
17:27:54 <geoffarnold> Just to demonstrate end-to-end
17:27:58 <shaleh> ++
17:28:08 <gyee> for CLI/client, I suggest separate packages for python-mercadorclient
17:28:18 <davidjc> +
17:28:19 <shaleh> the Subscriber CRUD is implemented as I understood it from the document
17:28:30 <shaleh> gyee: not a bad idea
17:29:02 <shaleh> copy/paste the existing keystoneclient to get the ball rolling quickly
17:29:15 <geoffarnold> defined, not yet implemented.... the changed approach means that the URL schemas change a bit (not significant)
17:29:30 <shaleh> there has been a lot of noise on the -dev list about Federation. Was any of it relevant. I have not kept up.
17:29:52 <gyee> shaleh, no, not relevant to this work
17:29:56 <geoffarnold> I missed most of it - thought it was ID fed
17:29:59 <gyee> WebSSO they are arguing over
17:30:05 <shaleh> ah, god
17:30:08 <shaleh> good
17:30:09 <gyee> we care about K2K
17:30:09 <shaleh> I meant
17:30:09 <geoffarnold> Yup
17:30:42 <shaleh> raildo: I gave you read/write as a Contributor.
17:30:53 <gyee> we need to think about how to make K2K config more dynamic
17:30:59 <gyee> but that's a parallel track
17:31:03 <shaleh> there is not Jenkins gate here so play nice everyone
17:31:15 <geoffarnold> I mistype "god" for "good" so often, I'm thinking of having MacOS translate "god" to "Cthulu"
17:31:26 <gyee> god is good
17:31:42 <raildo> shaleh: ok, if have some user story/task that I can contribute, let me know
17:31:53 * shaleh points to geoffarnold
17:32:27 <shaleh> raildo: you might end up being a dev tester for us if that is acceptable
17:32:38 <geoffarnold> Hey, raildo, on a parallel track, I'd like to get the reseller user stories into the Product WG discussions
17:32:46 <geoffarnold> I'll follow up offline
17:33:08 <shaleh> geoffarnold: if there are more people who need Contributor status let me know
17:33:15 <raildo> shaleh: I can do that :)
17:33:20 <geoffarnold> davidjc?
17:33:34 <shaleh> geoffarnold: he has been invited as an Owner like you were
17:33:43 <raildo> geoffarnold: sure, we can discuss when you have some time
17:33:53 <geoffarnold> (referring to his team)
17:34:00 <raildo> or I can send a email
17:34:27 <geoffarnold> raildo thanks, that would be good
17:34:34 <davidjc> I would like contributor status if I do not have such status already
17:34:39 <davidjc> thanks
17:34:50 <shaleh> davidjc: accept the Gihub invite sent Tuesday evening
17:34:55 <davidjc> will do
17:35:35 <shaleh> geoffarnold/davidjc: it probably makes sense for you guys to get some kind of Jenkins gate style system setup on your end to test as you get further along
17:35:46 <geoffarnold> agreed
17:36:02 <geoffarnold> one last question (for gyee)
17:36:20 <gyee> \o
17:36:30 <geoffarnold> I had to miss the Keystone mtg this week - was there anything important (apart from WebSSO)?
17:36:56 <gyee> policy distribution
17:37:10 <gyee> we voted to include it as experimental
17:37:22 <gyee> same holds for x.509 tokenless authz
17:37:58 <geoffarnold> thanks
17:38:05 <gyee> there were some concerns over policy distribution however
17:38:12 <gyee> performance wise
17:38:29 <gyee> so its going to be either keystone, consul, or zookeeper
17:38:36 <raildo> btw we need more reviews in the reseller patches :(
17:38:52 <gyee> so we still need a bunch of POC work to flush out the land mines
17:39:05 <geoffarnold> right
17:39:56 <geoffarnold> I'm still wrestling with the question of how/when we can fix the project/domain namespace problem
17:40:00 <gyee> raildo, yes will do
17:40:12 <gyee> raildo, I am having f2f with out PM next week in the ops midcycle
17:40:22 <geoffarnold> it takes API changes, DB changes, just about everything
17:41:29 <geoffarnold> come along to the large scale/public cloud breakout at the ops meeting
17:41:31 <gyee> geoffarnold, v4 :)
17:41:53 <geoffarnold> federation and safe delegation will be on the table
17:42:41 <shaleh> consul tries to hard to get people onto its pay cloud
17:42:56 <shaleh> but otherwise I kind of like it
17:43:00 <shaleh> I know morgan does too
17:43:17 <geoffarnold> I'll look at it
17:43:22 <gyee> I haven't had a chance to dig deep into it yet
17:43:32 <shaleh> geoffarnold: all we can do is point out how painful life is without a fix
17:44:14 <geoffarnold> Agreed. Maybe we need to bring a QSA along to rip holes in people's smug assumptions about trust
17:44:16 <shaleh> consul is Go lang. Pretty well documented. Written by hashi corp.
17:44:43 <davidjc> I have been messing around with Consul, it has some strengths and weaknesses
17:44:52 <shaleh> davidjc: agreed
17:45:00 <geoffarnold> Well, if we're going to include more non-Python bits, Go will be popular
17:45:05 <shaleh> I kind of like it over Zookeeper though
17:45:14 <shaleh> the not Java helps :-)
17:45:26 <gyee> or Oracle will sue ya
17:45:28 <davidjc> Well Consul and Zookeeper are for different purposes
17:45:35 <davidjc> the closest thing to Zookeeper is etcd
17:46:04 <shaleh> talking to Morgan he would like to divest more of Keystone to tools like Consul
17:46:20 <geoffarnold> +1
17:46:54 <geoffarnold> On the other hand.... WS-Discovery and UDDI left a lot of people nervous about this stuff
17:47:09 <shaleh> while in principle I agree, it makes OpenStack even more unwieldy
17:47:25 <shaleh> even more moving pieces, points of failure, etc.
17:47:37 <shaleh> I pity the ops crew who have to keep up with all of this mess
17:48:01 <gyee> shaleh, OpenStack by itself is unusable :) It needs a log of 3rd party tools
17:48:05 <shaleh> too many people in OpenStack seem to only see the DevStack view of the world
17:48:16 <geoffarnold> Wouldn't it be nice if we could apply all the Consul work (Raft, etc.) to make DNS really usable for this
17:48:25 <shaleh> geoffarnold: agreed
17:48:54 <geoffarnold> OK, we're drifting into the "over a pint of beer" mode, so let's wrap
17:48:59 <gyee> and there are load of commercial interest in the 3rd party tools
17:48:59 <davidjc> well the biggest problem with the state of DNS is performance in Python
17:49:10 <gyee> so we stuck in this no-op land
17:49:16 <shaleh> performance can always be fixed
17:49:26 <davidjc> by choosing a different language
17:49:35 <shaleh> "works good enough" gets you pretty far
17:49:44 <davidjc> are we talking about designate?
17:49:54 <shaleh> cheers all
17:50:05 <geoffarnold> not really, davidjc
17:50:09 <geoffarnold> cheers
17:50:13 <geoffarnold> #endmeeting