18:00:47 <johnma> #startmeeting Trove
18:00:48 <openstack> Meeting started Wed Feb  8 18:00:47 2017 UTC and is due to finish in 60 minutes.  The chair is johnma. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:51 <openstack> The meeting name has been set to 'trove'
18:01:07 <songjian> o/
18:02:18 <johnma> hello songjian
18:02:47 <songjian> hello johnma
18:03:19 <trevormc> o/
18:03:30 <johnma> Hi trevormc
18:03:47 <johnma> will wait for an additional minute or so
18:04:31 <johnma> amrith if travelling this week and next
18:05:02 <peterstac> o/
18:05:16 <johnma> hi peterstac, how are you
18:05:28 <peterstac> hi johnma, I'm good - yourself?
18:05:52 <johnma> doing good peterstac - the same old
18:06:01 <peterstac> yep :)
18:06:35 <johnma> alright, I guess we can get started.
18:07:28 <johnma> #info amrith cut rc-1 last Sunday and it looks like it failed due to some issues with the trovestack work
18:08:40 <johnma> but that was sorted and changes merged on master and stable/ocata but it looks like the proposal bot changes need to get merged: https://review.openstack.org/#/c/429419/1
18:08:57 <johnma> anyways we now have a stable/ocata branch and master is open for Pike
18:09:23 <johnma> apart from that I don't have any other announcements.
18:09:35 <johnma> I will open this up for any open discussions
18:10:15 <johnma> does anyone have any changesets that needs review
18:10:16 <trevormc> I did a little bit of digging into bugs this morning and thought of two I wanted to bring up
18:10:48 <johnma> peterstac: I will test the module-reapply patch today and review it. I just havent gotten a chance to test it
18:10:55 <peterstac> ok, thx
18:10:59 <johnma> sure trevormc
18:11:25 <trevormc> #link https://bugs.launchpad.net/trove/+bug/1656317
18:11:25 <openstack> Launchpad bug 1656317 in OpenStack DBaaS (Trove) "Remove XML support for Trove API" [Undecided,Confirmed] - Assigned to Shaik Apsar (sa709c)
18:11:43 <trevormc> I'm not sure if we need the application/xml as the default for our api requests but I thought we aren't allowed that anymore based on this link
18:11:56 <trevormc> #link https://review.openstack.org/#/c/68333/
18:13:33 <trevormc> https://github.com/openstack/trove/blob/master/trove/common/base_wsgi.py#L295 is what I'm referring to, do we use that for something else?
18:14:22 <johnma> and the bug you mentioned above is to reinstate xml support?
18:14:40 <trevormc> no the opposite, Remove XML support
18:17:52 <trevormc> I know our trove/integration directory has xml files and that may be why we use it. I just wasn't sure.
18:18:20 <peterstac> maybe push up a test changereq and see what the gate says?
18:18:25 <trevormc> yeah ok
18:18:44 <trevormc> so I have another bug I wanted to raise
18:18:47 <peterstac> it might work, but it also might require more changes ;)
18:18:59 <trevormc> :(
18:19:05 <johnma> oh ok. I am not sure if that is used anywhere else. You could go ahead and put out a patchset for review
18:19:16 <trevormc> #link https://bugs.launchpad.net/trove/+bug/1578666
18:19:16 <openstack> Launchpad bug 1578666 in OpenStack DBaaS (Trove) "Strong password policies enforced in Mysql will break replication" [Undecided,New] - Assigned to Simon Chang (changsimon)
18:19:59 <trevormc> After installing the plugin here and using it I faced in error from mysql for weak passwords. I don't think this error is propagated to the user
18:20:57 <trevormc> I tried running a trove create and I ran into errors but I was just wondering if anyone else has experience with this plugin
18:21:20 <trevormc> Here is the error that I received from mysql
18:21:23 <trevormc> #link http://paste.openstack.org/show/598126
18:22:03 <johnma> what plugin trevormc?
18:22:12 <trevormc> #link https://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin-installation.html
18:22:17 <peterstac> I know Simon did some work in that regards (adding a mechanism so that the default passwords would be 'strong')
18:22:39 <peterstac> I thought that got pushed US, but maybe it's still on the queue :(
18:22:50 <trevormc> yeah I didn't see any changes from Simon
18:23:18 <peterstac> I'll check with him next time I see him :)
18:23:34 <johnma> it doesn't look like a change from simon was pushed upstream
18:23:50 <trevormc> thanks, that is all for bugs. Although I have another topic I wanted to bring up.
18:24:03 <johnma> sure, go ahead
18:24:49 <trevormc> Has anyone here ran a fortify scan on trove? It shows security issues, a lot of which are false positivies. I just wanted to hear thoughts on pursuing changes related to those
18:25:38 <johnma> I haven't tried that. what kind of security issues?
18:25:44 <trevormc> One in particular is logging passwords in the debug log and try catch pass cases
18:25:52 <peterstac> we have support for running bandit
18:26:06 <peterstac> not sure how that compares to fortify
18:26:19 <peterstac> but it also reveals a bunch of false-positives :)
18:26:47 <trevormc> yeah bandit and fortify have some overlap, I just want to say I have a report handy. I'm going to be pursuing some changes where possible.
18:28:09 <johnma> that sounds fine trevormc.
18:28:14 <trevormc> I'd be interested in looking at bandit too, where is that supported?
18:28:48 <trevormc> I haven't used bandit personally, I've only heard about the overlap by word of mouth
18:28:50 <peterstac> I believe you can run it through tox
18:29:01 <trevormc> oh nice
18:29:24 <peterstac> 'tox bandit'
18:29:36 <trevormc> ok thats all I had. Thanks for the info, and I'd like to follow up on the mysql password validation plugin
18:29:57 <trevormc> expect a patch soon for the xml stuff too, I'm not sure if Shaik wants to do that or not.
18:31:16 <johnma> sounds good trevormc
18:31:32 <johnma> thanks. anything else?
18:31:44 <peterstac> Just about the Redis stuff
18:31:57 <johnma> you have a link handy peterstac
18:32:15 <peterstac> #link https://review.openstack.org/#/c/416361/
18:32:22 <peterstac> The Redis stuff is breaking because version 3.2.6 has new config options that we need to deal with
18:32:44 <peterstac> the above changereq switches to using a compiled redis
18:33:15 <peterstac> but even if we stay with the PPA, it's now pulling down 3.2.6 be default so we'd have to make the code changes at least
18:33:42 <johnma> aah ok. let me do this today as well.
18:33:46 <peterstac> (and to have Newton pass, it'd probably need to be backported)
18:35:12 <ShaikApsar> trevormc: I will on Remove XML support for Trove API
18:35:27 <trevormc> Hi ShaikApsar, thanks for the update
18:39:42 <peterstac> that's all I had :)
18:40:58 <trevormc> so when we create trove cluster what version should we use? I've only used 3.0 :(
18:41:09 <trevormc> for redis
18:42:24 <mariamjohn> I am so sorry. I got disconnected from my IRC client
18:42:40 <trevormc> ahh I see it's 3.2.6, I should look at the patch first :)
18:43:30 <trevormc> hi mariamjohn, it was quiet for the most part
18:43:51 <mariamjohn> ok, so #action for me
18:43:56 <peterstac> the other choice would be to pin the version to 3.0.7
18:44:06 <mariamjohn> #action 1: review redis patchset
18:44:20 <peterstac> might be a quicker solution (and easier to backport)
18:44:46 <mariamjohn> #action 2: look to backport this to stable/newton and stable/ocata, right peterstac
18:46:27 <mariamjohn> #action 3: review module-reapply patchset
18:47:21 <mariamjohn> anything else peterstac, trevormc,songjian
18:47:33 <peterstac> nothing here
18:47:47 <songjian> nothing
18:47:53 <trevormc> nothing too much. Thanks mariamjohn
18:48:46 <mariamjohn> awesome. thank you for joining today's meeting.  I will try to get these done today and in case anything else comes up, feel free to ping me on IRC
18:49:05 <trevormc> \o
18:49:17 <mariamjohn> have a great rest of the day.
18:50:04 <mariamjohn> I dont think I can end this meeting from a different client
18:50:19 <mariamjohn> #endmeeting
18:50:34 <mariamjohn> yeah nothing happened :)
18:50:59 <trevormc> maybe change your nick to johnma?
18:51:15 <trevormc> idk how it works
18:51:25 <mariamjohn> tried it
18:51:39 <mariamjohn> restarting my other laptop
18:54:28 <johnma> #endmeeting