Wednesday, 2018-07-04

*** liyi has joined #heat		00:03
*** sai- has left #heat		00:17
*** harlowja has joined #heat		00:26
*** harlowja has quit IRC		00:27
*** hongbin has joined #heat		01:27
openstackgerrit	Feilong Wang proposed openstack/heat-agents master: Add region_name for heat-config-notify https://review.openstack.org/579669	01:28
*** edmondsw has joined #heat		01:42
*** edmondsw has quit IRC		01:46
*** ricolin has joined #heat		01:48
*** schaney_ has quit IRC		01:50
*** jmlowe has quit IRC		01:53
*** Guest38444 has quit IRC		02:04
*** Guest38444 has joined #heat		02:08
*** neatherweb has joined #heat		02:11
*** jmlowe has joined #heat		03:03
*** masber has quit IRC		03:09
*** skramaja has joined #heat		03:09
*** liyi_ has joined #heat		03:13
*** liyi has quit IRC		03:16
*** liyi_ has quit IRC		03:17
*** liyi has joined #heat		03:18
openstackgerrit	Rico Lin proposed openstack/heat master: [TEST][DMT] check unittest issue https://review.openstack.org/580023	03:19
openstackgerrit	Rico Lin proposed openstack/heat master: Check NotFound with pool property in pool member https://review.openstack.org/541558	03:23
*** edmondsw has joined #heat		03:30
*** mdnadeem has joined #heat		03:33
*** edmondsw has quit IRC		03:35
*** yangyapeng has joined #heat		03:43
*** yangyapeng has quit IRC		03:46
*** yangyapeng has joined #heat		03:46
*** ramishra has joined #heat		03:49
*** liyi has quit IRC		03:53
*** hongbin has quit IRC		03:55
openstackgerrit	Rico Lin proposed openstack/heat master: Support remote stack from another OpenStack provider https://review.openstack.org/578393	04:00
openstackgerrit	Rico Lin proposed openstack/heat master: Add document for Multi OpenStack Cloud support https://review.openstack.org/578394	04:00
*** yangyapeng has quit IRC		04:08
*** liyi has joined #heat		04:21
*** yangyapeng has joined #heat		04:23
*** mdnadeem_ has joined #heat		04:28
*** mdnadeem has quit IRC		04:29
*** mdnadeem_ has quit IRC		04:32
*** yangyapeng has quit IRC		04:32
*** mdnadeem_ has joined #heat		04:45
*** yangyapeng has joined #heat		04:53
*** yangyapeng has quit IRC		05:11
*** yangyapeng has joined #heat		05:12
*** yangyapeng has quit IRC		05:17
*** edmondsw has joined #heat		05:19
*** edmondsw has quit IRC		05:24
*** dyasny has quit IRC		05:46
*** liyi_ has joined #heat		05:49
*** liyi_ has quit IRC		05:50
*** liyi has quit IRC		05:50
*** liyi has joined #heat		05:51
*** dyasny has joined #heat		05:57
*** armaan has joined #heat		05:57
*** hassaan has joined #heat		06:00
*** skramaja_ has joined #heat		06:00
*** skramaja has quit IRC		06:02
*** ysandeep has joined #heat		06:25
*** yangyapeng has joined #heat		06:28
*** nicolasbock has joined #heat		06:35
*** shardy has joined #heat		06:40
*** liyi_ has joined #heat		06:42
*** liyi has quit IRC		06:44
*** ysandeep has quit IRC		06:50
openstackgerrit	Nguyen Hung Phuong proposed openstack/heat-templates master: fix tox python3 overrides https://review.openstack.org/579786	06:54
openstackgerrit	Nguyen Hung Phuong proposed openstack/heat-templates master: fix tox python3 overrides https://review.openstack.org/579786	06:58
*** edmondsw has joined #heat		07:07
*** ysandeep has joined #heat		07:08
*** edmondsw has quit IRC		07:12
*** rcernin_ has quit IRC		07:13
*** mdnadeem_ has quit IRC		07:13
*** yangyapeng has quit IRC		07:16
*** mdnadeem_ has joined #heat		07:26
*** Guest38444 has quit IRC		07:28
*** Guest38444 has joined #heat		07:32
*** kiennt26 has joined #heat		07:38
openstackgerrit	Rico Lin proposed openstack/heat master: [TEST][DMT] check unittest issue https://review.openstack.org/580023	07:50
*** gkadam__ has joined #heat		07:59
openstackgerrit	Rico Lin proposed openstack/heat master: [TEST][DMT] check unittest issue https://review.openstack.org/580023	08:12
*** derekh has joined #heat		08:14
*** dbecker has joined #heat		08:34
*** liyi_ has quit IRC		08:36
openstackgerrit	Rico Lin proposed openstack/heat master: [TEST][DMT] check unittest https://review.openstack.org/580091	08:38
*** liyi has joined #heat		08:39
*** neatherweb has quit IRC		08:41
*** dbecker has quit IRC		08:42
*** edmondsw has joined #heat		08:56
openstackgerrit	Rico Lin proposed openstack/heat master: [TEST][DMT] check unittest issue https://review.openstack.org/580023	08:57
*** dbecker has joined #heat		09:00
*** edmondsw has quit IRC		09:01
*** serlex has joined #heat		09:02
*** armaan has quit IRC		09:02
openstackgerrit	Rico Lin proposed openstack/heat master: [TEST][DMT] check unittest issue https://review.openstack.org/580023	09:04
*** pbourke has quit IRC		09:12
*** pbourke has joined #heat		09:13
*** dbecker has quit IRC		09:14
*** armaan has joined #heat		09:38
openstackgerrit	Rico Lin proposed openstack/heat master: Support remote stack from another OpenStack provider https://review.openstack.org/578393	09:39
openstackgerrit	Rico Lin proposed openstack/heat master: Add document for Multi OpenStack Cloud support https://review.openstack.org/578394	09:39
*** liyi_ has joined #heat		09:40
*** liyi has quit IRC		09:43
*** liyi_ has quit IRC		09:45
*** armaan has quit IRC		09:56
*** armaan has joined #heat		09:57
*** armaan has quit IRC		09:57
*** armaan has joined #heat		09:59
*** kiennt26 has quit IRC		10:07
*** jmlowe has quit IRC		10:24
*** liyi has joined #heat		10:30
*** liyi has quit IRC		10:35
*** dbecker has joined #heat		10:37
*** armaan has quit IRC		10:42
*** armaan has joined #heat		10:43
*** edmondsw has joined #heat		10:45
*** armaan has quit IRC		10:48
*** edmondsw has quit IRC		10:50
*** armaan has joined #heat		11:11
*** yangyapeng has joined #heat		11:19
*** yangyapeng has quit IRC		11:23
*** yangyapeng has joined #heat		11:23
*** peereb has joined #heat		11:52
*** Guest38444 has quit IRC		12:01
*** jmlowe has joined #heat		12:02
*** armaan has quit IRC		12:03
*** armaan has joined #heat		12:04
*** mdnadeem_ has quit IRC		12:05
*** mdnadeem has joined #heat		12:06
*** jmlowe has quit IRC		12:07
*** Guest38444 has joined #heat		12:10
*** armaan has quit IRC		12:13
*** edmondsw has joined #heat		12:33
*** edmondsw has quit IRC		12:38
*** liyi has joined #heat		12:39
*** jmlowe has joined #heat		12:39
*** serlex has quit IRC		12:41
*** liyi has quit IRC		12:43
openstackgerrit	Rico Lin proposed openstack/python-heatclient master: Add extra functional tests in heatclient https://review.openstack.org/410063	12:57
ricolin	zaneb, is today a day off in US?	13:01
*** mdnadeem has quit IRC		13:03
*** ysandeep has quit IRC		13:10
*** serlex has joined #heat		13:13
*** mdnadeem has joined #heat		13:18
therve	ricolin: Yes	13:18
ricolin	therve, independence day!	13:20
therve	Yes :)	13:21
openstackgerrit	Merged openstack/python-heatclient master: fix tox python3 overrides https://review.openstack.org/573335	13:22
*** hjensas has quit IRC		13:22
*** ysandeep has joined #heat		13:27
*** liyi has joined #heat		13:28
*** mdnadeem has quit IRC		13:30
*** liyi has quit IRC		13:33
*** armaan has joined #heat		13:36
*** serlex has quit IRC		13:38
*** armaan has quit IRC		13:41
*** cliffparsons has quit IRC		13:41
*** hassaan has quit IRC		13:53
*** hjensas has joined #heat		13:55
*** hjensas has quit IRC		13:55
*** hjensas has joined #heat		13:55
*** ysandeep has quit IRC		13:56
*** ysandeep has joined #heat		13:56
*** skramaja_ has quit IRC		13:58
ricolin	#startmeeting heat	14:00
openstack	Meeting started Wed Jul 4 14:00:32 2018 UTC and is due to finish in 60 minutes. The chair is ricolin. Information about MeetBot at http://wiki.debian.org/MeetBot.	14:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	14:00
*** openstack changes topic to " (Meeting topic: heat)"		14:00
openstack	The meeting name has been set to 'heat'	14:00
ricolin	#topic roll call	14:00
*** openstack changes topic to "roll call (Meeting topic: heat)"		14:00
ricolin	Anyone around for meeting?:)	14:00
ramishra	hi	14:01
ricolin	o/	14:01
ramishra	ricolin: Do we've anything pressing in the agenda for today?	14:02
ricolin	ramishra, we might need to talk about keypair resource, ssl in remote stack, multicloud, but nothing pressing:)	14:03
*** neatherweb has joined #heat		14:04
ricolin	we can skip this one if you like:)	14:04
ramishra	yeah, we can keep those for the next meeting I suppose. I don't have anything than asking for some reviews	14:04
therve	Hi	14:04
ricolin	hi therve :)	14:04
ricolin	therve, ramishra if you have time, please help me review https://review.openstack.org/#/q/topic:bp/multiple-cloud-support+(status:open+OR+status:merged)	14:05
ramishra	ricolin: sure, will check. I would request we prioritize and review some bug fixes too:)	14:06
ricolin	therve, we're just talking about skip this meeting!	14:06
ricolin	ramishra, good point	14:07
ricolin	we can start to list bug/bps we needs to fix	14:08
therve	ricolin: As a remark, we don't need objects	14:09
therve	I thought about getting rid of them, not sure adding them is a great idea	14:09
openstackgerrit	Merged openstack/heat master: fix tox python3 overrides https://review.openstack.org/572959	14:09
ricolin	therve, which part?	14:10
therve	ricolin: https://review.openstack.org/578391	14:10
ricolin	#topic Open discussion	14:10
*** openstack changes topic to "Open discussion (Meeting topic: heat)"		14:10
ricolin	therve, yeah, that object actually doing nothing	14:10
*** sshnaidm\|rover is now known as sshnaidm\|afk		14:11
ricolin	therve, I can remove it, if that's fine by you all(actually prefer that)!	14:12
ramishra	the whole object layer is just passthrough	14:12
therve	ricolin: I don't know, it's just an idea	14:13
ricolin	ramishra, and do we required to have that the extra function that object bring might only be checking fields(compare to it's db api)	14:14
ricolin	#action move all topics to next meeting	14:16
ricolin	therve, ramishra let's continue with those meeting topics in next meeting	14:17
*** liyi has joined #heat		14:18
therve	ok	14:18
*** ramishra has quit IRC		14:18
ricolin	#link https://etherpad.openstack.org/p/Heat-Rocky-Targets-bps-and-bugs	14:19
*** flwang has quit IRC		14:20
ricolin	I'm creating this etherpad for listing bugs/bps, let's collect some and before next meeting and try to ordering it next time(hope it downsize to zero before next meeting:) )	14:20
ricolin	#action Put bug/bps prioritized into https://etherpad.openstack.org/p/Heat-Rocky-Targets-bps-and-bugs	14:21
ricolin	Okay let's end this meeting thanks therve	14:21
ricolin	#endmeeting	14:21
*** openstack changes topic to "OpenStack Heat Team (logs: http://eavesdrop.openstack.org/irclogs/%23heat/)"		14:21
openstack	Meeting ended Wed Jul 4 14:21:56 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	14:21
openstack	Minutes: http://eavesdrop.openstack.org/meetings/heat/2018/heat.2018-07-04-14.00.html	14:22
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/heat/2018/heat.2018-07-04-14.00.txt	14:22
openstack	Log: http://eavesdrop.openstack.org/meetings/heat/2018/heat.2018-07-04-14.00.log.html	14:22
*** edmondsw has joined #heat		14:22
*** ramishra has joined #heat		14:22
ramishra	disconnected sorry!	14:23
ricolin	ramishra, NP:)	14:23
*** liyi has quit IRC		14:23
ricolin	just talking about an action to Put bug/bps prioritized into https://etherpad.openstack.org/p/Heat-Rocky-Targets-bps-and-bugs	14:23
ramishra	ricolin: sounds good	14:24
ricolin	and than end meeting:)	14:24
therve	ricolin: You still around to chat about https://review.openstack.org/#/c/578363/5/specs/rocky/multi-cloud-support.rst ?	14:26
ricolin	therve, yes	14:26
*** edmondsw has quit IRC		14:27
therve	ricolin: It needs to define the clouds server side apparently?	14:27
therve	I guess... that makes sense?	14:27
ricolin	you mean needs to define clouds in remote server side?	14:28
ricolin	therve,	14:28
therve	Yes	14:28
ricolin	It can either be predefined clouds.yaml in server side, or directly provide a credential (Barbican secret) and we will use that to load authN info	14:29
therve	"All cloud general information will be fetched from clouds.yaml/secure.yaml file under ``~/.config/openstack/`"	14:30
therve	I'm not sure it's great to support local auth info	14:30
ricolin	yeah, which might be a problem of resource trying to access server file, but still keep it for now	14:30
therve	Mok	14:31
therve	I'm a bit puzzled on how it works :)	14:32
ricolin	therve, which part	14:32
therve	ricolin: Why is there an API change?	14:33
*** flwang has joined #heat		14:33
therve	Why do you need to pass credentials separetly	14:33
therve	separately	14:33
ricolin	we needs to parse a credential info(a barbican secret id) to remote site	14:33
therve	ricolin: Why? Shouldn't we load it before talking to the remote site?	14:35
therve	From the look of it, you use it in RemoteStack	14:36
therve	So in the local OpenStack, not on the remote one	14:36
ricolin	therve, we don't want to parse authN info cross two OpenStack cloud	14:36
*** serlex has joined #heat		14:37
therve	What	14:37
therve	ricolin: How do you talk to the remote OpenStack if you don't do authorisation?	14:38
therve	See https://review.openstack.org/#/c/578393/7/heat/engine/resources/openstack/heat/remote_stack.py	14:39
therve	Seems that you fetch the barbican secret here, and then talk to the remote openstack with the creds that you got	14:40
ricolin	therve, there is two credential, one for access to remote OpenStack, one for actually authorize to manage resources. we're parsing the second credential(secret id) to remote OpenStack side and parse it to refresh context	14:40
therve	I don't see why you need to pass additional credentials	14:40
therve	ricolin: OK so what's that second one for?	14:41
therve	"Authorize to manage resources", what does that mean	14:41
ricolin	yes, that's what the second one for. And the first credential is for access to remote OpenStack, which needs to store in local Barbican service. It's more secure if user limit the authZ of the first credential like you can only access to heat stack action etc	14:43
therve	I don't understand :)	14:44
ricolin	therve, that means actually have power to access to Nova, Cinder, etc	14:44
therve	ricolin: As opposed to what?	14:45
therve	I don't understand why you don't talk directly to the remote cloud with the proper credentials	14:46
ricolin	That's actually allowed if you just provide provider_credential_secret_id and don't provide `credential_secret_id`	14:47
ricolin	In that way, it will directly use the only credential you provided	14:48
ricolin	To directly access to remote OpenStack with a single credential means you need to either store the AuthN info in local Barbican server, or put it in property	14:51
*** hongbin has joined #heat		14:51
therve	I thought we dismissed the second option as insecure	14:51
*** ramishra has quit IRC		14:51
ricolin	yes, and I didn't implement it for sure	14:52
therve	ricolin: I still don't understand what those 2nd credentials do	14:52
therve	What's the benefit?	14:52
therve	Is there added security?	14:52
ricolin	therve, yes	14:52
therve	ricolin: OK, which one?	14:52
*** ramishra has joined #heat		14:53
ricolin	to provide two credential, the `credential_secret_id` will only parsed in remote OpenStack and only user who allowed to access can read it	14:53
therve	Doesn't that mean that this user has more privileges than what `credential_secret_id` holds?	14:55
ricolin	So we can limit the first credential to only allow create/update/etc. a stack and get that barbican secret and that's all we give for that credential	14:55
*** armaan has joined #heat		14:56
therve	That sounds super weird to me :)	14:56
therve	Also not really related to multi cloud support	14:56
therve	You're trying to reimplement keystone roles in Heat or something	14:56
ricolin	I mean, we allow to parse one credential all the way, but that means the user's authN info also parse around from local OpenStack to remote OpenStack	14:58
therve	I mean, yes, that's how auth works, no?	15:00
therve	If you don't pass creds, you can't talk to the remote service	15:00
therve	ricolin: So apparently, you can't pass both creds?	15:01
therve	What do you pass as primary creds if you specify the barbican id?	15:02
ricolin	if both provided, the `provider_credential_secret_id` will use to access to stack API and `credential_secret_id` will use to refresh context in remote side	15:03
therve	OK...	15:04
therve	ricolin: I think that all thing is very confusing	15:04
ricolin	`provider_credential_secret_id` will be fetch from local Barbican and get all auth info (including auth_url)	15:04
therve	I suspect that's the reason zaneb -2 the original patch too	15:04
therve	It would require tons of explanation in the spec	15:05
therve	I really don't see the benefit	15:05
ricolin	therve, this model is actually part of zaneb's idea too. I think we still can discuss more about which way we prefer and which is not in spec (I don't think to use clouds.yaml is a secure way but that just me), I can update it with more explanation as we got more feedback on it	15:09
therve	ricolin: Yes that'd be nice	15:10
therve	Because I think it would be much simpler without all that mechanism	15:10
therve	Which now I understand is why we need the new table and everything	15:10
ricolin	I will also write documentation once we settle down with specific implementation	15:13
ricolin	ramishra, about the ssl option, that's why I put ssl for remote stack as a topic	15:14
ricolin	whould like to know what's the best way if we like to keep it working https://review.openstack.org/#/c/480923	15:15
ricolin	therve, ramishra any idea on that?	15:15
*** ramishra has quit IRC		15:20
*** armaan has quit IRC		15:23
*** armaan has joined #heat		15:24
openstackgerrit	Merged openstack/heat master: Allow lazy load of raw_template but log warning https://review.openstack.org/388951	15:36
*** liyi has joined #heat		15:38
*** sshnaidm\|afk is now known as sshnaidm\|rover		15:38
*** serlex has quit IRC		15:39
*** liyi has quit IRC		15:42
*** serlex has joined #heat		15:44
*** armaan has quit IRC		15:52
*** armaan has joined #heat		15:52
*** armaan has quit IRC		15:57
*** shardy has quit IRC		15:58
*** edmondsw has joined #heat		16:10
*** edmondsw has quit IRC		16:15
*** gkadam__ has quit IRC		16:16
*** neatherweb has quit IRC		16:16
*** peereb has quit IRC		16:21
openstackgerrit	Merged openstack/heat master: Support region_name for software deployment https://review.openstack.org/579485	16:31
*** liyi has joined #heat		16:37
*** liyi has quit IRC		16:41
*** armaan has joined #heat		16:54
*** ysandeep has quit IRC		17:00
openstackgerrit	Merged openstack/heat master: Fix an exception message https://review.openstack.org/578255	17:06
*** derekh has quit IRC		17:10
*** armaan has quit IRC		17:32
*** armaan has joined #heat		17:32
*** armaan has quit IRC		17:36
*** dbecker has quit IRC		17:50
*** serlex has quit IRC		17:52
*** edmondsw has joined #heat		17:59
*** edmondsw has quit IRC		18:03
openstackgerrit	Merged openstack/heat master: Fix purging events from stacks converted to convergence https://review.openstack.org/579276	18:08
*** Guest38444 has quit IRC		18:43
*** Guest38444 has joined #heat		18:46
*** liyi has joined #heat		19:13
*** liyi has quit IRC		19:17
*** edmondsw has joined #heat		19:48
*** edmondsw has quit IRC		19:52
*** liyi has joined #heat		20:12
*** liyi has quit IRC		20:17
*** nicolasbock has quit IRC		21:16
*** ricolin_ has joined #heat		21:18
*** ricolin has quit IRC		21:21
*** edmondsw has joined #heat		21:36
*** edmondsw has quit IRC		21:41
*** hongbin has quit IRC		22:19
*** ricolin_ has quit IRC		22:22
*** rcernin has joined #heat		22:27
*** Guest38444 has quit IRC		22:58
*** Guest38444 has joined #heat		23:13
*** edmondsw has joined #heat		23:25
*** edmondsw has quit IRC		23:30
*** yangyapeng has quit IRC		23:49
*** yangyapeng has joined #heat		23:50
*** neatherweb has joined #heat		23:53
*** yangyapeng has quit IRC		23:54

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!