#openstack-meeting-alt log

18:00:34 <SlickNik> #startmeeting trove
18:00:35 <openstack> Meeting started Wed Jan 14 18:00:34 2015 UTC and is due to finish in 60 minutes.  The chair is SlickNik. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:36 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:39 <openstack> The meeting name has been set to 'trove'
18:01:25 <SlickNik> Giving folks a few minutes to trickle in
18:01:35 <SlickNik> Meeting agenda at: https://wiki.openstack.org/wiki/Meetings/TroveMeeting
18:01:38 <SlickNik> #link https://wiki.openstack.org/wiki/Meetings/TroveMeeting
18:01:46 <vkmc> o/
18:02:31 <georgelorch> o/
18:03:46 <SlickNik> Fairly light meeting agenda today — so let's get started.
18:03:54 <dougshelley66> o/
18:04:02 <bartash> o/
18:04:14 <SlickNik> #topic dib elements for DB2 Express-C
18:04:34 <johnma> Thats mine.
18:04:39 <SlickNik> johnma: go for it
18:04:49 <SlickNik> #link https://review.openstack.org/#/c/133856/
18:04:58 <peterstac> o/
18:05:33 <vgnbkr> o/
18:05:37 <johnma> To give everyone an idea of what this item is about - it is to add support for DB2 Express-C. One of the problems we identified early on with creating images for DB2 express-C was that it required user to go through a registration process even though its the free version of DB2
18:06:22 <johnma> like other databases Trove supports today, DB2 Express-C cannot be downloaded from a public repository either
18:07:20 <dougshelley66> johnma, do you mean "unlike"
18:07:25 <johnma> we have been pretty much having lots of internal discussions within IBM throughout last month and there isnt a way to bypass the registration process. Its there to prevent users from embargoed countries from downloading DB2
18:07:41 <johnma> yes unlike, mistyped
18:07:56 <johnma> thanks dougshelley66 :)
18:08:57 <johnma> so the solution we came up with was to have users go through the registration process and have them download the packages to a local repository from where trove can then access the packages.
18:09:31 <johnma> Then we can go through the usual process of installating DB2 Express-C and creating users and all that good stuff.
18:09:40 <XO19_> o/
18:10:02 <SlickNik> johnma: How would this work with a public CI system (like the one OpenStack has)?
18:10:08 <annashen> o/
18:10:59 <johnma> so what we can do is download the packages into a local directory on the local filesystem and then copy those packages to the temp filesystem that the dib has access to
18:11:00 <SlickNik> I think the primary driver for this requirement is for a CI system (OpenStack / public 3rd party) to be able to pick up the bits, and build an image that it can then use as part of CI?
18:12:10 <vkmc> right now, the image creation process is external to Trove, isn't that right?
18:12:18 <dougshelley66> SlickNik, are there plans to have the CI test more than mysql?
18:12:24 <SlickNik> johnma: I think that's okay as long as the CI system is able to download the packages — how does that work with the current registration wall?
18:12:25 <johnma> so whoever that wants to create an image for DB2 express-C would download the db2 package into a local directory and wouldnt have to worry about putting it on a local repository
18:14:05 <johnma> there is a website that the user will have to go and register. So user will have to go to the website and register and then download the packages and place it in the local directory. There isnt an automatic way to go through the registration process
18:14:24 <SlickNik> vkmc: Yes, and no. The image creation happens as a separate step, but the function tests that run as part of the CI today test both the image build, and int-tests.
18:14:27 <vkmc> dougshelley66, +1 I have the same concern
18:14:29 <vgnbkr> So every time you ran redstack kick-start it would make you register and re-download the database software?
18:14:36 <amrith> o/
18:14:55 <vkmc> SlickNik, I see
18:15:31 <SlickNik> dougshelley66: The plan is to have new datastores use a third party CI system to ensure that some sort of CI runs on that new datastore type.
18:15:52 <amrith> as I understand it, this approach will not work well for the CI system
18:16:07 <amrith> as it requires a person to download the db package and put it someplace accessible to the ci
18:16:13 <SlickNik> dougshelley66: So that we make sure that we don't regress functionality for those datastore types with changes in common code.
18:16:14 <johnma> the assumption is that once youregister and download the packages in a local directory that the dib has access to, everytime you run redstack kickstart it will automatically copy the package from your local dir to the temp FS and continue with the installation process
18:16:27 <johnma> so you wouldnt have to go through the registration process every time
18:16:32 <amrith> and that place, whatever it is, is one that would be for the most part, tantamount to redistributing the database, would it not?
18:17:16 <johnma> thats right amrith
18:17:42 <dougshelley66> johnma, so IBM lawyers are ok with people booting a pre-created image where the person booting the image didn't go thru the click wrap registration?
18:17:52 <johnma> I am assuming this could be a model that works for other databases which require licenses as well. I can speak for DB2 licensed versions and Cloudant
18:18:30 * amrith waits for answer to dougshelley66's question with bated breath
18:19:06 * vkmc as well
18:19:26 * amrith predicts that the answer will be no
18:19:29 <johnma> dougshelley66, thats right. For DB2 what matters is, the person downloading it isnt from an embargoed country.
18:19:55 <dougshelley66> johnma, what if the person booting the image is in an embargoed country?
18:19:59 <vkmc> and if the person using the pre created image with DB2 is in ...
18:20:01 <vkmc> that
18:20:03 <amrith> so the pre-created image will be created by someone who isn't in an embargoed country. What protection is there on theperson booting the miage
18:20:57 <shayneburgess> I believe the EULA you agree to when downloading these things says you can’t redist to an embargoed country. The intent is to do due diligence not full prevention
18:21:20 <amrith> the eula says you can't redistribute. <period>
18:21:33 <amrith> a guest image would violate that eula
18:21:48 <amrith> <disclaimer>I'm not a lawyer, I don't play one on IRC</disclaimer>
18:21:56 <johnma> thats possible and I did bring it up during our discussions and what mattered was the country from where the packages were downloaded. Now I can verify again but I am pretty sure they are going to be fine
18:22:11 <johnma> :) , no theses are good questions amrith
18:22:41 <SlickNik> amrith: Yes, which is probably the reason that we cannot cache the guest image and make it available for download in this case.
18:22:57 <amrith> SlickNik, yes. and for the same reason you can't build them on the fly
18:23:01 <amrith> which is the catch-22
18:23:31 <saurabhs> slicknik: is it necessary that the openstack CI system builds and tests every datastore. for non-opensource datastores/the one requiring user registration etc. should we allow similar build approach that johnma pointed out. and keep CI/CD for such datastore outside the scope of the openstack CI. let owners worry about doing CI/CD on these and in turn worry about the how they want to keep their images pacakges uptodate?
18:24:06 <vkmc> saurabhs, +1
18:24:19 <amrith> saurabhs, while your approach is attractive, how do I ensure that some change I make doesn't break some IBM code for db2?
18:24:19 <johnma> that would make my life easy
18:24:29 <SlickNik> saurabhs: We need to ensure that some sort of CI/CD Is happening on this as it's part of the trove codebase.
18:24:37 <shayneburgess> maybe the simple way to solve this is to clearly explain to the legal team how it will be usd. If they sign-off then it’s probably outside our area of concern/expertise
18:24:41 <amrith> recently I had a chkin which I though may impact RedHat so I requested vkmc and sgotliv to test
18:24:44 <amrith> but that isn't scalable.
18:24:49 <SlickNik> saurabhs: or else we're shipping code that's not tested.
18:25:07 <saurabhs> amrith: if your change breaks IBM code, their CI/CD should catch it and vote on your review of comment with approprite fix
18:25:35 <SlickNik> saurabhs: Yes, so we need to ensure that there is a 3rd party CI/CD system that is testing this in the public.
18:25:36 <amrith> except the CI/CD for IBM would then have to cherry pick each patch and test it in near real time
18:25:37 <johnma> when you say break IBM code, do you mean the guestagent code for DB2?
18:25:49 <amrith> and I wouldn't know because that CI/CD wouldn't know to notify me.
18:25:51 <amrith> I think
18:25:58 <amrith> johnma, yes
18:26:17 <dougshelley66> Just to be clear - at this point, the CI only tests mysql, right?
18:26:18 <shayneburgess> and do we want to extend the checkin gate time to whatever is the longest gate time of the third party gates
18:26:21 <saurabhs> amrith: I think we should take the approach that if you are not notified you shouldn'
18:26:22 <johnma> ok, that is a valid point Amrith
18:26:26 <saurabhs> shouldn
18:26:37 <saurabhs> shouldn't be worried about breaking it.
18:26:57 <SlickNik> dougshelley66: Yes, that is correct — currently there's only the OpenStack CI which tests only mysql.
18:27:13 <saurabhs> thirdpaty ci/cd should integrate with Openstack CI for voting.
18:27:15 <SlickNik> although there is an experimental mongo job
18:27:50 <peterstac> SlickNik: would the idea of 3rd party testing ...
18:28:02 <peterstac> ^^^ what saurabhs said ...
18:28:05 <saurabhs> I think there are lot of thirdparty drivers who have their CI/CD voting on various other projects. like neutron. there are many proprietary network drivers which vote on each neutron patch
18:28:08 <SlickNik> saurabhs: agreed. The issue here is that the 3rd party CI can't download and install the datastore in public.
18:28:53 <SlickNik> As long as that can be done, and the 3rd party CI system is set up to do it — I think we're okay.
18:28:59 <peterstac> well, in this case the 3rd party CI would be run on IBM's machines (presumably) so no issue
18:29:06 <peterstac> right?
18:29:17 <shayneburgess> also IMHO a non-voting CI will be ignored for the most part. Ownership of break in the third party gate is not clear
18:29:28 <saurabhs> Slicknik: not in public but they will be able to do it within their CI/CD system.
18:30:07 <amrith> as shayneburgess said. heck some projects ignore non-voting jobs in the openstack CI.
18:30:57 <saurabhs> looking for results from non-voting ci job can be part of the review process.
18:31:05 <SlickNik> amrith: and if the 3rd party CI job keeps failing for a long time , the code is pulled out of the project since it's deemed non-working (iirc)
18:31:32 <peterstac> saurabhs: probably won't happen, though
18:31:40 <vkmc> saurabhs, could be and should be
18:31:46 <johnma> petersac: I guess that would work
18:32:43 <SlickNik> I think the important part here is that we decide what tests are a requirement for the 3rd party CI system to run.
18:33:07 <shayneburgess> just curious. if my fix causes a break in the *example* IBM agent because of a seperate bug in the agent who owns fixing it before my checkin goes in?
18:33:16 <SlickNik> Getting the licensing right to download  the bits / create the image, and actually run the tests are up to the 3rd party CI system.
18:35:13 <SlickNik> shayneburgess: You bring up a good point — at that point presumably you'd have to work with the IBM folks to see what went wrong and one interested parties would have to propose a fix.
18:35:13 <johnma> so SlickNik, who owns the dib elements for DB2 in this case, do they become part of the trove-integration project
18:36:36 <johnma> so who is the IBM contact - right now I guess its just me. Whats the process of setting a contact from IBM or any other company for that matter - is there an existing process
18:36:52 <saurabhs> I believe dib elements should still go in trove-integration and third party CI should run everything from upstream trove-integration. so that if somebody else wants to build/test this they can (by registering and downloading the packages) etc.
18:36:56 <SlickNik> johnma: Yes, I'd assume that the dib elements would be part of the trove-integration project. I don't see a reason to keep it out.
18:36:56 <shayneburgess> SlickNick: makes sense. So third parties can add a gate and ultimate ownership of the quality of that resides with them, not Trove as a whole. It’s an indicator for the owner of that gate the quality of their datastore support
18:37:14 <amrith> SlickNik, a question for you ...
18:37:17 <amrith> related to that
18:37:28 <amrith> I just fixed https://review.openstack.org/#/c/146147/
18:37:38 <amrith> It involved making changes for redhat and ubuntu
18:37:50 <amrith> in the future, I would (in theory) have to make changes for db2 as well
18:38:00 <amrith> is it incumbent upon me as a developer to also make those changes?
18:38:28 <amrith> the issue is that unless reviewers catch the fact that the change hasn't been made for db2, the openstack CI won't break
18:38:50 <amrith> and no one will be the wiser and we'll get in the same kind of situation we're in with redhat where 'kick-start mysql' doesn't work!
18:38:52 <amrith> only worse
18:38:59 <SlickNik> amrith: You wouldn't have to make that change for DB2, those elements are shared across datastores, IIRC.
18:39:09 <SlickNik> you'd have to make that change for a new OS, perhaps
18:39:46 <amrith> SlickNik, you take my example more literally than I'd intended.
18:39:56 <amrith> I was only testing ubuntu but got help to test redhat
18:40:08 <amrith> if I make a change that potentially impacts multiple datastores, then I'd test with those
18:40:15 <amrith> like mongo, cassandra, mysql, ...
18:40:21 <amrith> in future would I also have to test db2?
18:40:21 <vkmc> its impossible to make a change and make sure it works for n datastores
18:40:44 <vkmc> more if they are not open source
18:41:03 <dougshelley66> vkmc, but if the CI tests all datastores, you would have to do that
18:41:05 <peterstac> vkmc: unless you test it against n datastores :)
18:41:09 <SlickNik> If we're designing this right, the footprint of code which is shared across datastore is not duplicated across the n-datasores.
18:41:41 <vkmc> dougshelley66, peterstac, that's my concern :)
18:41:59 <saurabhs> IMHO its impractical that a feature needs to be supported across each datastore. we should be able to add a feature to any datastore of our choice and if anybody else is interested they can get that feature ported/working for datastore of their choice
18:42:23 <saurabhs> that way when number of datastore increase in future our feature dev time doesn't increase with it
18:42:35 <edmondk> Are we proposing then every time a proprietary datastore is added we add a specific CI that runs on that companies machines and we then have to have a contact to that company if something breaks? Doesn't feel very open to me.
18:42:45 <amrith> saurabhs, I agree. the converse is my question. I don't believe that it is reasonable to say I want a fix in one datastore only and if I happen to break another datastore then the interested parties can fix that there.
18:42:49 <vkmc> edmondk, +1
18:43:36 <edmondk> What happens if we added Oracle, Microsoft SQL Server, do we need servers from Microsoft and Oracle to run a CI?
18:43:40 <saurabhs> amrith: correct we can take that approach only for new features for existing feature we should make sure that we don't break them for any datastore
18:44:14 <saurabhs> edmondk: if they don't want to put their images/packages on public repos
18:44:35 <amrith> saurabhs, the issue is how do I as a person fixing bugs ensure that I don't regress a datastore to which there's no CI as a direct part of my chkin process.
18:44:50 <shayneburgess> edmondk: +1. It’s not clear if Oracle or MS has any interest in us supporting their datastores
18:44:51 <SlickNik> edmondk: No — we're proposing a similar model to the Neutron Driver model. For any new datastore that anyone wants to add to Trove, we require a minimum set of int-tests to run on a 3rd party open public CI system that is transparent and votes on the gerrit reviews, with logs that are accessible in case of failures.
18:46:16 <SlickNik> 3rd party because the CI system and the corresponding resources are set up by the interested party in question.
18:46:17 <amrith> the issue with that proposal SlickNik is that it be an open public CI.
18:46:27 <vkmc> maybe it would be a good idea to ask Neutron folks how that work for them
18:46:50 <vkmc> are all those drivers in Neutron code base? or are them in external repos?
18:47:37 <SlickNik> vkmc: If you want your driver/datastore in an external repo — feel free and have at it. You can do whatever you like.
18:48:01 <SlickNik> I believe this is the minimum requirement for in-repo drivers (or in this case datastores)
18:48:45 <vkmc> SlickNik, so...you are saying that if the driver developer wants their driver to be in Trove codebase, then they also should provide a minimum set of int tests
18:48:51 <SlickNik> So that there is a minimum guarantee to the quality of the code that ships as part of the OpenStack project.
18:49:35 <edmondk> SlickNik: The scenario then would be IBM adds code for DB2 in upstream Trove, add int-tests, then also provide their own CI build machine that hooks into our gerrit review system to run those specific DB2 int-tests?
18:49:35 <SlickNik> vkmc: minimum set of int-tests, and a minimum infrastructure to run it and ensure that those tests and consequently the in-repo code is working.
18:50:10 <SlickNik> edmondk: Yes. that's the suggestion.
18:50:39 <amrith> SlickNik, would the jobs run on the IBM CI (in this case) be gating jobs in the openstack CI?
18:51:04 <vkmc> what happens if a change in Trove requires the 3rd party to change their code?
18:51:18 <SlickNik> amrith: Yes, if the jobs run stable — they can be promoted to voting jobs.
18:51:23 <SlickNik> amrith: http://ci.openstack.org/third_party.html
18:51:56 <peterstac> SlickNik, amrith: That's essentially what rdjenkins used to be, correct?
18:52:37 <SlickNik> vkmc: If it's a stable 3rd party job, that change in trove won't be able to land without a corresponding change in the 3rd party job.
18:52:49 <SlickNik> ^ amrith:
18:53:09 <amrith> SlickNik, I'm reading that link ...
18:53:29 <SlickNik> peterstac: Yes, more or less.
18:53:48 <iccha> hey guys not to interrupt, but please leave 5 min in the end to go over Anna's changes based on yesterday's discussion
18:54:07 <SlickNik> Yes, I think there's a lot here to cover for 3rd party stuff.
18:54:20 <SlickNik> Let's move on and we can revisit this topic in the channel.
18:54:28 <johnma> ok, sounds good
18:54:54 <SlickNik> #topic Review #131610
18:55:00 <iccha> XO19_: ^
18:55:12 <SlickNik> #topic Review 131610
18:55:24 <amrith> #link https://review.openstack.org/#/c/131610/
18:55:47 <SlickNik> I think XO19_ proposed a new patch set recently
18:55:56 <SlickNik> I haven't yet had a chance to review it.
18:56:08 <iccha> SlickNik: yes so yest in the channel amrith suggested we give the tenant to block log access to admin
18:56:17 <iccha> the changes in the review reflect that
18:57:19 <vkmc> I see the new patches proposed the addition of the admin_log_access boolean param
18:57:31 <vkmc> if that is set to true
18:57:41 <XO19_> and might want to decide if its better off implemented as an extension
18:57:57 <vkmc> does that mean that only the admin user of the project is the only one capable of accesing to the new endpoints?
18:58:13 <vkmc> or every user in the tenant can access them?
18:58:24 <iccha> vkmc: nope amrith wanted the tenant to decide whether admin can have accessin addition to the tenant
18:59:30 <SlickNik> I'm indifferent to the switch. IMO an admin can basically alter the trove code running underneath, so there are no guarantees that the switch would even have to be honored.
19:00:26 <SlickNik> IMO A malicious admin can pretty much do whatever he wants.
19:00:34 <vkmc> SlickNik, you are thinking about the cloud admin, not the project/tenant admin user
19:00:37 <vkmc> right?
19:01:12 <amrith> <time-check>
19:01:29 <SlickNik> Looks good to me either way.
19:01:50 <iccha> ok thank you, folks feel free to leave comments on review if any
19:02:00 <iccha> thanks XO19_ for working on the spec
19:02:15 <SlickNik> vkmc: yes — for a user in the same tenant they'd have access to the logs anyway.
19:02:15 <vkmc> thanks XO19_!
19:02:23 <SlickNik> #topic Open Discussion
19:02:47 <SlickNik> Anything?
19:03:06 <SlickNik> If so, let's continue the discussion in #openstack-trove.
19:03:06 <amrith> yes
19:03:14 <amrith> but acn we convene in #openstack-trove
19:03:19 <SlickNik> #endmeeting