#openstack-meeting log

20:31:48 <notmyname> #startmeeting
20:31:49 <openstack> Meeting started Wed May 16 20:31:48 2012 UTC.  The chair is notmyname. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:31:50 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:32:04 <notmyname> three things to talk about. shouldn't take long, I hope
20:32:13 <notmyname> 1) status of what to split out
20:32:19 <notmyname> 2) 1.5.0 release timeframe
20:32:25 <notmyname> 3) keystone stuff
20:32:38 <notmyname> #topic splitting stuff out of swift
20:33:10 <notmyname> I'd like to list the middleware we have (or had) and if anyone things it should stay in or be discussed, please speak up
20:33:18 <notmyname> swift3?
20:33:35 <chmouel> I that should def be split out
20:33:41 <notmyname> chmouel: were you goign to work with fujita on that?
20:33:52 <notmyname> he has the code split out, but no docs/packaging/etc
20:34:10 <chmouel> notmyname: I haven't get it touch with him yet (is he on IRC) but i can do as an action to get thing forward
20:34:18 <notmyname> someone could easily propose a patch to add that to hig gihub repo
20:34:31 <notmyname> cool
20:34:37 <notmyname> acl middleware?
20:34:53 <redbo> I'd prefer it stay in
20:35:03 <chmouel> yeah it used by all middleware
20:35:06 <notmyname> ya, I think that makes sense
20:35:09 <chmouel> auth middleware
20:35:11 <gholt> Those are really helper functions for other middleware tbh, so yeah stays.
20:35:21 <gholt> tempauth? stays
20:35:28 <notmyname> same with catch_errors, emcache
20:35:47 <notmyname> tempauth could depend on what we decide with keystone
20:35:48 <gholt> Did you mean tempauth?
20:36:09 <dfg> i don't think so- need tempauth for saio
20:36:12 <notmyname> no. acl.py
20:36:17 <gholt> I can't imagine separating tempauth. It's whole existence is to provide a test harness for the core swift repo.
20:36:55 <notmyname> domain_remap, formpost, tempurl, ratelimit? (they've all been removed. was that good for all of them?)
20:37:07 <notmyname> oh and staticweb too
20:37:30 <notmyname> anyone think they should stay in?
20:37:36 <redbo> I kind of do
20:37:48 <notmyname> all of them? why?
20:37:50 <pandemicsyn> ratelimit seems like a core thing
20:37:55 <torgomatic> I'd like to see ratelimit in
20:37:58 <chmouel> I think rate limit as well
20:38:11 <notmyname> anyone want to argue ratelimit should be out?
20:38:13 <gholt> I'm fine either way with all of those. I separated the ones I did to try to be consistent and hopefully not make other contributors upset that "their" stuff didn't get in.
20:39:02 <gholt> That seems like an action item for me then: Revert ratelimit removal.
20:39:12 <redbo> I don't know, staticweb and formpost seem like a good features.
20:39:18 <notmyname> domain_remap and cname_lookup (forgot that one) are pretty lightly used (I think). I'm fine with keeping those out. anyone think they should go back in?
20:39:25 <gholt> It's not good or not, it's in core repo or not.
20:39:49 <gholt> I don't want people to think "not in core; it must suck" or something. It's just division of reponsibilities.
20:39:57 <notmyname> ya, do we want to be responsible for maintaining that code and tie it's functionality to swift releases?
20:39:58 <chmouel> +1
20:40:07 <notmyname> s/it's/its
20:40:30 <redbo> I don't want people to say "Well we got swift, but to get this feature everyone uses, we've gotta go to github.com/dpgoetz"
20:40:43 <gholt> Not sure what "that" is in the context, but I'm already responsible for staticweb, formpost, tempurl, swauth
20:40:47 <pandemicsyn> is it more about deciding what should be a  "core feature" ?
20:40:54 <chmouel> redbo: that would be a packaging problem ?
20:41:27 <redbo> and we don't know if it's been tested to the same rigor as swift core, and we don't know what versions of swift it's been integration tested with
20:41:29 <dfg> is it "core repo" or "standard prod deploy".  don't we want to make standard deployements of swift as easy / robust as possible?  i'm worried about testing separate repos
20:41:52 <pandemicsyn> as the token ops guy im 100% with dfg
20:42:23 <notmyname> ya, we want installs to be as easy as possible, but we also want to keep the scope as small as reasonable
20:42:27 <gholt> Are we just talking about ratelimit? Or everything again?
20:42:56 <redbo> was maintaining these things really causing anyone pain?
20:43:06 <gholt> [Pronouns are irritating. :)]
20:43:08 <dfg> i'm talking about everything (sorry) i just want a good reason for the bugs that will happen because of this
20:43:44 <gholt> Dang, would've been cool for all this speak up while the geritt review was up. Hehe :)
20:43:45 <chmouel> I think it's because it opens door for other middleware to be added in swift core
20:43:58 <notmyname> redbo: I think swift3 compat causes some pain
20:43:59 <dfg> i was i little busy with SOS...
20:44:05 <gholt> dfg: :P
20:44:23 <redbo> Well, we can pull swift3 out, especially if the primary maintainers don't mind.
20:44:49 <notmyname> ya, and 3rd party APIs are to be separate now, per openstack policy (aws, cdmi, etc)
20:45:19 <redbo> while I reject their right to mandate that, I agree with the conclusion ;)
20:45:27 <notmyname> heh
20:45:29 <gholt> I guess I'll go back to my position that maybe caused a lot of this ruckus. I personally don't want to maintain CDMI and ZFS code. I feel it's pretty complicated and my brain in kinda full. If that's just my problem, I'll deal.
20:45:57 <torgomatic> gholt: +1
20:46:17 <pandemicsyn> theres a set of features that Swift has to have or ship with to make it a viable product for operations teams, but i don't think it has to be a "keep all" or "discard all" type of scenario
20:46:18 <redbo> I'm fine with that, I just don't like that that logic lead to a lot of things that I consider useful features to be pulled out of swift.
20:46:21 <notmyname> gholt: I don't think it's just your problem
20:46:26 <dfg> if there was a plan for how they'd all be tested i'd feel better.  before I approve commits I run unittests and functests.  those just became a lot less meaningful.
20:46:59 <dfg> (i do other stuf too :p)
20:47:17 <notmyname> ok, so swift3 should stay out. should all of the others come back in? or should some of them stay out too?
20:47:31 <notmyname> (and the next thing is the separation of the client libs and CLI)
20:48:04 <chmouel> should we make a vote with that #vote thing?
20:48:07 <redbo> I don't know, staticweb is the only thing that's kind of big enough to stand on its own.  But I think it's a pretty sweet feature and should probably be part of core.
20:48:09 <pandemicsyn> notmyname: im indifferent on tempurl/formpost, but stuff like ratelimit/healthcheck/tempauth should stay for sure
20:48:13 <notmyname> would you like to vote on each of them or have a bulk vote?
20:48:32 <gholt> Have to vote on the vote. :)
20:48:35 <notmyname> heh
20:48:38 <chmouel> ah
20:48:54 <pandemicsyn> prevote survey
20:49:07 <redbo> no exit polling
20:49:08 <notmyname> #startvote all middleware except swift3 should be included (or re-added) to swift: yes no
20:49:20 <notmyname> is that not how that works?
20:49:33 <gholt> Fingers crossed
20:49:38 <gholt> vote: yes
20:49:39 <notmyname> yes for include it, no for keep it separate
20:49:43 <chmouel> i think it's #agreed
20:49:46 <notmyname> #vote yes
20:49:52 <gholt> #vote yes
20:50:03 <chmouel> #agreed
20:50:05 <redbo> gholt's mom got exit polled.  After she voted in the last election.
20:50:12 <redbo> #vote yes
20:50:19 <pandemicsyn> #vote yes
20:50:19 <torgomatic> #vote yes
20:50:36 <dfg> #vote yes
20:50:40 <notmyname> #endvote
20:50:40 <gholt> shamockery
20:50:47 <chmouel> #vote yes
20:50:50 <notmyname> heh
20:51:00 <notmyname> I don't think I did that right, but we have a decision
20:51:11 <notmyname> #agreed keep or readd all the middleware except swift3
20:51:29 <notmyname> ok, so the client lib and CLI
20:51:33 <gholt> That includes Swauth.
20:51:35 <notmyname> chmouel: are you working on splitting that out?
20:51:36 <gholt> Joking joking
20:51:47 <redbo> I would now like to read glange's absentee vote.    glange: #vote discgolf
20:51:53 <redbo> I don't think he knew what we'd be voting on
20:51:55 <chmouel> notmyname: yeah my only concern is if we want to add the direct_api there
20:52:05 <notmyname> ya, what should be pulled out?
20:52:15 <chmouel> gholt: ^^
20:52:19 <notmyname> this would be stuff pulled out into a separate repo but still managed by the swift core team
20:52:38 <gholt> I'm not sure why really, if everything else is in.
20:52:47 <gholt> Just package stuff differently.
20:53:02 <chmouel> yeah well it would make easier for a lot of people to include it in pip
20:53:12 <chmouel> and not have to keep copy with bug or outdated in their own repos
20:53:18 <redbo> well, should swauth be in a repo that's controlled by the group, or just by you?
20:53:20 <chmouel> or have them to use python-cloudfiles
20:53:36 <redbo> gholt: ^ what I said
20:53:43 <notmyname> redbo: you'll have to beg him for collaborator access :-)
20:53:59 <notmyname> chmouel: is that solvable simply by packaging or does it require separate code locations
20:54:00 <gholt> or fork it and move on, hehe
20:54:07 <redbo> all of my precious swauth ideas wasted
20:54:15 <chmouel> notmyname: it is code location
20:54:16 <notmyname> the other openstack projects have separate code repos for their associated client libs
20:54:29 <chmouel> notmyname: as a pip cannot do subpackage
20:54:32 <notmyname> ah ok
20:54:56 <notmyname> so what needs to be in that separate code repo? just the client.py? the CLI? direct_client?
20:55:01 <pandemicsyn> separate client libs make sense
20:55:09 <notmyname> ya, I like the idea too
20:55:12 <pandemicsyn> breaking out the cli seems odd
20:55:15 <chmouel> definitively bin/swift and swift.common.client
20:55:17 <annegentle> how shall we do docs for the separate code use cases?
20:55:29 <torgomatic> client.py and the CLI sound good; not sure about direct_client
20:55:30 <notmyname> annegentle: how is it done for nova/glance/etc?
20:55:40 <notmyname> annegentle: I'd assume the same way
20:56:00 <chmouel> yeah the cli and the client is a different package for all other os projects
20:56:09 <annegentle> "important" use cases are documented in priority order, however we haven't had to have people go to separate code repos for those yet.
20:56:29 <notmyname> annegentle: ah. I thought that was already done for all the other projects
20:56:39 <notmyname> chmouel: is it not?
20:56:59 <annegentle> mostly stuff that has been split out from nova has had its own API
20:57:04 <notmyname> (to clarify, this is to move this code to another openstack repo, but with the same -core team (ie us))
20:57:28 <pandemicsyn> ahh, in that case moving the cli makes sense
20:57:38 <pandemicsyn> thought the cli would move to some random persons github
20:57:52 <notmyname> ok. anyone opposed to moving just the client lib and CLI to a separate openstack repo still managed by us?
20:58:11 <chmouel> (this is by the way ready here for just the CLI and client https://github.com/chmouel/python-swiftclient )
20:58:42 <notmyname> chmouel: can you working with mtaylor and jeblair about getting that set up in openstack?
20:58:53 <chmouel> notmyname: yep will do that
20:58:54 <notmyname> (chmouel is getting a big list of stuff to do)
20:59:10 <annegentle> we're already pondering this on doc-core with the additional options to the .conf files, such as https://review.openstack.org/#/c/7479/
20:59:17 <chmouel> hey hey and i'm on leave tomo and friday
20:59:30 <notmyname> ok, swift 1.5.0 release date
20:59:43 <notmyname> #topic swift 1.5.0 release
20:59:53 <notmyname> we'll release it when it's ready. what are we calling ready?
21:00:06 <notmyname> 1) getting the middleware situation cleaned up
21:00:15 <notmyname> do we need to get the client libs split off first?
21:00:23 <dfg> what's currently in there? i haven't been paying much attention?
21:00:27 <mtaylor> notmyname: ola
21:00:31 <mtaylor> chmouel: yay!
21:00:48 <notmyname> dfg: everything since before the summit
21:00:58 <notmyname> https://launchpad.net/swift/+milestone/1.5.0
21:01:32 <notmyname> I'd like to see the expanded recon support and proxy logging middleware be in 1.5.0, but those are lower priority to me
21:02:17 <notmyname> (less important == less important than solving the middleware issue, not that they aren't important)
21:02:53 <notmyname> anyone want to release 1.5.0 before those land? or should they be essential to the release?
21:03:31 <chmouel> the proxy logging middleware has problem with swift3 i think
21:03:32 <notmyname> ok, I'll take that to mean that they should all land :-)
21:03:41 <chmouel> but is it a problem anymore if it's pulled away?
21:04:11 <notmyname> yes, it's a problem overall, but it's not something that should block
21:04:33 <redbo> that might be fixed.  I don't have a good functional test for swift3.
21:04:51 <notmyname> ok, chmouel and redbo can work together to make sure that works
21:05:19 <notmyname> can we get these things merged by May 25th?
21:05:40 <notmyname> then we can test/QA the next week and release 1.5.0 on the 31st
21:05:43 <chmouel> cool ok, i think zaictev was interested as well to work on that
21:05:45 <notmyname> anyone opposed to that?
21:05:50 <notmyname> chmouel: cool
21:06:59 <dfg> fine with me
21:07:01 <notmyname> ok, I'll let ttx know that our tentative date for 1.5.0 is May 31st
21:07:24 <notmyname> now for the unexpected topic that came up yesterday: keystone
21:07:36 <notmyname> #topic swift+keystone sitting in a tree....
21:07:54 <redbo> s-p-i-t-t-i-n-g
21:08:08 <chmouel> I am personally all fine with the current situation
21:08:12 <notmyname> currently the swift+keystone middleware lives in the keystone project
21:08:58 <notmyname> I think the hard part is not who maintains the code but how the integration testing is done
21:08:59 <chmouel> as long we communicate the change that need to be done on the other auth middleware clearly
21:09:56 <notmyname> one argument is that we should manage the keystone integration so as to provide a "drop-in" usability of swift with the other projects
21:10:14 <notmyname> I was hoping that heckj would be able to be here for this, but he doesn't seem to be online
21:11:14 <notmyname> first question: where should the keystone middleware live? in swift or in keystone?
21:11:37 <chmouel> should we vote?
21:11:52 <notmyname> #startvote where should the keystone middleware live? in swift or in keystone?
21:11:53 <openstack> Begin voting on: where should the keystone middleware live? in swift or in keystone? Valid vote options are Yes, No.
21:11:54 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
21:12:00 <notmyname> heh
21:12:05 <chmouel> nice
21:12:07 <redbo> #vote no
21:12:08 <openstack> redbo: no is not a valid option. Valid options are Yes, No.
21:12:13 <notmyname> ok, yes == keystone, no == swift
21:12:15 <dfg> putting it into swift would also mean that its controlled by our core devs who don't have any experience with it and don't really use it. doesn't that mean we shouldn't control it?
21:12:24 * notmyname slaps openstack
21:12:37 <chmouel> dfg: well the argument can be seen from the other side
21:12:48 <dfg> chmouel: does anyone run both?
21:12:54 <annegentle> who gets to vote?
21:13:03 <notmyname> annegentle: core devs please :-)
21:13:08 <annegentle> notmyname: you got it
21:13:13 <notmyname> annegentle: but I welcome your input
21:13:17 <redbo> #vote whatever causes the least friction
21:13:17 <chmouel> dfg: and to tell truth the auth_token middleware abstract most of the keystone interaction
21:13:17 <openstack> redbo: whatever causes the least friction is not a valid option. Valid options are Yes, No.
21:13:30 <annegentle> hee hee openstack
21:13:38 <notmyname> chmouel: where does the middleware for the other projects live?
21:13:47 <chmouel> in their own
21:13:54 <notmyname> so nova in nova, etc?
21:13:55 <chmouel> i think that's the plan
21:14:10 <chmouel> yeah not for essex but for folsom that't the plan AFAIK
21:14:49 <chmouel> and have auth_token middleware only in keystone
21:14:59 <notmyname> what does auth_token do?
21:15:18 <chmouel> it sits in the pipeline
21:15:28 <chmouel> before the swift middleware and takes the login and do the validation
21:15:34 <chmouel> the credential i mean
21:15:53 <notmyname> so the admin token (as opposed to the user's token)?
21:15:55 <chmouel> and pass headers to the next middleware if authenticated with the roles etc...
21:16:29 <chmouel> notmyname: it will use the admin token to the validation
21:16:51 <notmyname> ok, so the responsibility is split? keystone does part of it and nova does another part of it?
21:17:01 <notmyname> and that's the plan overall for all openstack projects?
21:17:30 <chmouel> i need to double check but that was my understanding
21:18:04 <notmyname> torgomatic: thoughts from your perspective?
21:18:16 <notmyname> pandemicsyn: gholt: you've been quiet too
21:18:52 <gholt> I don't have enough information or concern to make a decision here. Abstain.
21:18:55 <notmyname> dfg: I think most swift-only deployments (most swift deployments) don't use keystone. but all openstack deployments use keystone
21:19:19 <anotherjesse> chmouel: there is the generic auth_token middleware that can validate a token and set some context variables in wsgi
21:19:22 <notmyname> but that's a guess based only on what I've heard
21:19:23 <torgomatic> I haven't used Keystone enough (at all, really) to have any useful input
21:19:31 <anotherjesse> https://github.com/openstack/keystone/blob/master/keystone/middleware/auth_token.py
21:19:40 <dfg> so- if we added keystone. it would be good for openstack deployments? since they'd have a single auth system?
21:19:41 <anotherjesse> there is actually a header with docs about what it does
21:20:09 <anotherjesse> the thing that needs to be in each project is the conversion of the auth_token variables to project specific shims
21:20:10 <torgomatic> my only concern would be that, if I do spin up a Swift cluster using Keystone, that I don't have to install all of Keystone on my Swift nodes just to get some auth middleware
21:20:11 <notmyname> dfg: well, if it's a full openstack deploy, then they already have keysone so they have the middleware either way
21:20:33 <anotherjesse> theoretically new services could consume auth_token directly and not need a shim between auth_token and the service
21:20:36 <notmyname> torgomatic: I think it would still be optional in that you could use tempauth
21:20:40 <dfg> does it have unit / func tests?
21:20:52 <anotherjesse> torgomatic: there is talk of moving auth_token.py to openstack-common
21:21:10 <chmouel> notmyname: yeah right to answer the question as anotherjesse is saying all the glance/nova middleware are out of keystone only swift_auth is there
21:21:11 <anotherjesse> since it is a standalone "module" that doesn't require anything else
21:21:51 <torgomatic> notmyname: right; I'm just talking about the quantity of unused (on my Swift nodes) code that comes along with a full Keystone install
21:21:52 <chmouel> yeah definitively auth_token stays in keystone
21:21:56 <anotherjesse> chmouel: correct - we used to have the nova-specific shim in keystone (due to the delays in keystone existing and nova being released while the middleware was still being tweaked)
21:21:59 <notmyname> torgomatic: ya, ok. I misread
21:22:03 <anotherjesse> but it is now in nova
21:22:41 <anotherjesse> torgomatic: we (openstack) should allow packagers to deploy keystone's auth_token middleware without the rest of keystone - nothing stops it currently
21:22:56 <notmyname> so moving the keystone piece into swift means that we are responsible for testing it with each release (commit, rather)
21:23:23 <mtaylor> chmouel: should the unittests in python-swiftclient be expected to work right now?
21:23:48 <anotherjesse> notmyname: https://github.com/openstack/keystone/blob/master/keystone/middleware/swift_auth.py is the file we are talking about right?
21:23:53 <notmyname> anotherjesse: ya
21:24:10 <chmouel> mtaylor: it should I think but it doesn't i'll take a look again at it
21:24:15 <anotherjesse> notmyname: that is a file that converts the settings from authtoken (in the example pipeline) to swift specific variables
21:24:22 <mtaylor> chmouel: ImportError: No module named unit.proxy.test_server
21:24:45 <anotherjesse> it is swift specific code - not keystone specific - although it does rely on the environment coming from authtoken
21:25:02 <chmouel> mtaylor: hum i'll follow up with you in #openstack-dev later
21:25:11 <mtaylor> chmouel: cool
21:25:14 <anotherjesse> the contract from authtoken *SHOULD* not change without considerable effort by all projects
21:25:19 <notmyname> anotherjesse: doesnt' that tie release schedules together (or at least tie them to freezing that env every 6 months)?
21:25:21 <anotherjesse> since it requires updating all the other projects
21:25:34 <notmyname> a
21:25:35 <notmyname> ya
21:25:48 <anotherjesse> notmyname: we haven't changed the interface since diablo
21:25:52 <anotherjesse> and don't expect to for folsom
21:26:43 <notmyname> that's good. I'm not sure either way yet. I'm still learning what taking responsibility for that truly entails
21:26:47 <anotherjesse> notmyname: the expectation is that you might want to change what the mapping is
21:26:54 <anotherjesse> for instance the reseller stuff
21:27:41 <dfg> its not much code. if it causes a problem it can be removed. i guess my only concern is who'll maintain / peer review it / will it cause bad dependencies between projects on different schedules
21:28:22 <notmyname> #endvote
21:28:23 <openstack> Voted on "where should the keystone middleware live? in swift or in keystone?" Results are
21:28:29 <notmyname> whatever
21:28:33 <chmouel> dfg: I can def maintain it in there and I know that the HP guys and mnewby from internet has been involved
21:28:49 <chmouel> i mean internap :)
21:29:01 <dfg> ok- then i'm fine with it being in.
21:29:07 <pandemicsyn> +1
21:29:14 <chmouel> there is more swift specifics than keystone specifics tbh
21:29:32 <notmyname> #startvote move swift_auth.py middleware from keystone to swift
21:29:39 <notmyname> stupid openstack bot
21:29:46 <notmyname> #startvote move swift_auth.py middleware from keystone to swift? yes no
21:29:47 <openstack> Begin voting on: move swift_auth.py middleware from keystone to swift? Valid vote options are yes, no.
21:29:48 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
21:29:57 <notmyname> wow it has to have a ?
21:29:59 <mnewby> ?
21:30:05 <notmyname> stupid openstack bot
21:30:07 <notmyname> ;-)
21:30:08 <dfg> #vote yes
21:30:12 <chmouel> #vote yes
21:30:16 <mnewby> #vote yes
21:30:18 <pandemicsyn> #vote yes
21:30:39 <notmyname> #vote yes
21:30:55 <gholt> abstain
21:31:02 <notmyname> redbo abstains too
21:31:03 <notmyname> torgomatic: ?
21:31:07 <torgomatic> abstain
21:31:11 <notmyname> #endvote
21:31:12 <openstack> Voted on "move swift_auth.py middleware from keystone to swift?" Results are
21:31:13 <openstack> yes (5): mnewby, dfg, pandemicsyn, chmouel, notmyname
21:31:30 <notmyname> ok, I'll work with heckj and see what needs to be done
21:31:48 <notmyname> I'll add this as a requirement to 1.5.0 since it shouldn't take much
21:32:03 <mnewby> sweet, finally.
21:32:16 <notmyname> ok, sorry this went longer that I expected. I wasn't planning on talking about keystone until yesterday
21:32:20 <notmyname> thanks all
21:32:22 <notmyname> #endmeeting