| rafaelweingartner | #startmeeting cloudkitty | 14:01 |
|---|---|---|
| opendevmeet | Meeting started Mon Sep 2 14:01:07 2024 UTC and is due to finish in 60 minutes. The chair is rafaelweingartner. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:01 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:01 |
| opendevmeet | The meeting name has been set to 'cloudkitty' | 14:01 |
| rafaelweingartner | Hello guys! | 14:01 |
| rafaelweingartner | Roll count | 14:01 |
| rafaelweingartner | \o | 14:01 |
| mattcrees | o/ | 14:01 |
| priteau_ | o/ | 14:02 |
| rafaelweingartner | #topic Impact of oslo.policy bump | 14:03 |
| rafaelweingartner | I see that you added this topic in the meeting. Would you like to expand on this one? | 14:03 |
| priteau_ | Hello | 14:04 |
| priteau_ | This is only something I discovered today | 14:04 |
| priteau_ | gmann has sent the following email to the mailing list: https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/MPHSVG222OFHJL2AQD2A7CJGTH57SRCJ/ | 14:05 |
| priteau_ | TL;DR: oslo.policy 4.4.0 enables the RBAC new defaults by default, which means those will be enabled for all the OpenStack services unless they have disabled them by overriding the default value | 14:05 |
| priteau_ | However, we have not received any patches related to this, unlike many other projects | 14:05 |
| rafaelweingartner | I saw the email as weill, but I did not fully understand it. | 14:06 |
| rafaelweingartner | What is it about? | 14:06 |
| priteau_ | It is about this general RBAC change in OpenStack: https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html | 14:06 |
| priteau_ | So it is possible that as soon as https://review.opendev.org/c/openstack/requirements/+/925464 merges we will break, which would affect the project for Dalmatian | 14:07 |
| priteau_ | I think for this release we can disable the new defaults (this was done in some other projects) | 14:08 |
| priteau_ | But we will have to catch up in the next release (Epoxy) with a backlog of changes we haven't made | 14:08 |
| priteau_ | It is more a heads-up than a call for action. I think mattcrees and I can handle it. | 14:09 |
| rafaelweingartner | I still did not think. You mean, the default is going to be scoped tokens? | 14:10 |
| priteau_ | Not really. I think we are supposed to make some admin calls system-scope only | 14:12 |
| priteau_ | I need to review this RBAC policy change in full | 14:12 |
| rafaelweingartner | I thought that would not affect much, as these policies are defined in that policy.json file, right? | 14:12 |
| rafaelweingartner | that maps an API call security path to a set of attributes that describe the user in the token | 14:13 |
| priteau_ | The policy file (yaml now, json is deprecated) is only for the admin overrides | 14:14 |
| priteau_ | Policy is defined in code now | 14:15 |
| priteau_ | Anyway, I will pursue the conversation with gmann to understand the impact and push some changes if needed (probably with help from mattcrees) | 14:16 |
| rafaelweingartner | ok | 14:16 |
| rafaelweingartner | thanks | 14:16 |
| rafaelweingartner | Besides this topic, we do not have any new topics | 14:18 |
| rafaelweingartner | I mean, nothing that we see from our side | 14:18 |
| rafaelweingartner | do you guys have something else to add? | 14:19 |
| rafaelweingartner | ah, there is something | 14:19 |
| rafaelweingartner | #link https://github.com/gnocchixyz/gnocchi/pull/1396 | 14:19 |
| rafaelweingartner | this patch in Gnocchi, it will require some changes on CloudKitty side to now overload Gnocchi | 14:19 |
| rafaelweingartner | as soon as a new release of Gnocchi is made, we will propose this patch in CloudKitty | 14:19 |
| priteau_ | thanks | 14:22 |
| priteau_ | This reminds me that a colleague of mine had issues with cloudkitty/gnocchi/ceilometer recently | 14:22 |
| priteau_ | He has posted a bug on storyboard: https://storyboard.openstack.org/#!/story/2011217 | 14:22 |
| priteau_ | I haven't looked at the issue with him yet. Any input is welcome. | 14:24 |
| rafaelweingartner | I saw it | 14:29 |
| rafaelweingartner | but we would need more details | 14:29 |
| rafaelweingartner | I will ask for some details there | 14:30 |
| rafaelweingartner | is there something else from your side guys? | 14:32 |
| mattcrees | nothing new from me this time | 14:33 |
| priteau_ | There was the Elasticsearch topic? | 14:33 |
| rafaelweingartner | we decided to "remove any deprecation message in both logs and code" | 14:34 |
| rafaelweingartner | do we need to go back on this decision? | 14:34 |
| priteau_ | No, I think we should undeprecate | 14:37 |
| priteau_ | But we should do it now, before Dalmatian release | 14:37 |
| priteau_ | Do we have a patch up? I don't remember | 14:39 |
| rafaelweingartner | not yet | 14:39 |
| rafaelweingartner | I will create a patch for it then | 14:39 |
| priteau_ | Thanks | 14:41 |
| rafaelweingartner | Thank you guys for participating. Have a nice week. | 14:51 |
| rafaelweingartner | #endmeeting | 14:51 |
| opendevmeet | Meeting ended Mon Sep 2 14:51:41 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:51 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/cloudkitty/2024/cloudkitty.2024-09-02-14.01.html | 14:51 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/cloudkitty/2024/cloudkitty.2024-09-02-14.01.txt | 14:51 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/cloudkitty/2024/cloudkitty.2024-09-02-14.01.log.html | 14:51 |
| opendevreview | Pierre Riteau proposed openstack/cloudkitty master: Remove import of deprecated module https://review.opendev.org/c/openstack/cloudkitty/+/927742 | 14:54 |
| opendevreview | Ghanshyam proposed openstack/cloudkitty master: DNM: testing oslo.policy 4.4.0 https://review.opendev.org/c/openstack/cloudkitty/+/927753 | 17:50 |
| gmann | priteau_: ^^ cloudkitty have not implemented the new RBAC so there is no impact on cloudkitty but still I am testing cloudkitty with that | 17:51 |
| gmann | priteau_: for new RBAC, we have removed the system scope from goal, we need to implement only project perosnas (1. admin stay same 2. member role 3. reader role). please refer this doc for details and let me know if any query https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1 | 17:53 |
| gmann | I can propose Cloudkitty change in E cycle and you all can see how it looks like | 17:53 |
| priteau_ | Thanks gmann | 19:11 |
| *** priteau_ is now known as priteau | 19:12 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!