Thursday, 2015-07-09

« Wednesday, 2015-07-08 Index Friday, 2015-07-10 »
madhuriadrian_otto, sdake_ ping00:04
*** SourabhP has quit IRC00:04
*** jjfreric has quit IRC00:12
*** jjfreric has joined #openstack-containers00:16
adrian_ottohi madhuri00:16
madhurihi adrian_otto00:16
adrian_ottowhat's up?00:16
adrian_ottoI was just commenting on your TLS feature spec.00:16
madhuriJust so many things to discuss about TLS support00:16
madhuriI was trying to hunt you for long00:16
adrian_ottoI'm back at work again this week00:16
madhuriI and yuanying are working on it00:16
madhuriThank you00:16
adrian_ottoI agree we have plenty to talka bout00:17
madhuriWhat would be the good time for it?00:17
madhuriIs it ok to talk now?00:17
adrian_ottoI'm about to head out for the day00:17
adrian_ottobut we can plan a time to do it00:17
* adrian_otto looks at his calendar00:18
madhuriSure I really need it like anything00:18
adrian_ottomaybe tomorrow at 2300 UTC?00:18
madhuriJust one point to add Barbican seems to be most suitable option for us in many ways00:18
adrian_ottoI was the one who originally suggested that we not have that as a dependency00:19
adrian_ottobut considering that bays need to be scaled...00:19
adrian_ottowe need a secure place to fetch the cert/key files from00:19
adrian_ottoand I strongly believe that Barbican is the right tool for that job.00:19
adrian_ottowhat good is a bay that you can't scale00:20
adrian_ottothat sucks.00:20
madhuriCan you make it 23:30 UTC?00:20
adrian_ottoI can.00:20
madhuriThank you00:20
adrian_ottoeven 30 minutes together should help us converge on this00:20
madhuriWe can ask others also who want to join00:20
madhuriThis topic is so big that can't be discussed thoroughly in IRC meetings00:21
adrian_ottoplease email the ML indicating that we are planning a 30 min discussion at that time, and to attend if interested.00:21
madhuriSure00:21
madhuriOne last thing00:21
adrian_ottoright, we should plan a series of discussions00:21
madhuriCan you introduce us to any Barbican developer?00:21
*** dims has quit IRC00:21
madhuriThat would be a great help00:22
adrian_ottoyes00:22
*** dims has joined #openstack-containers00:22
adrian_ottook, I am making a reminder to do that fist thing tomorrow when I return to work00:22
madhuriThank you00:22
adrian_ottoalso, on the ML thread inviting folks to tomorrow's chat00:23
madhuriI will00:23
adrian_ottoalso add [barbican] to the subject line, and ask if they would join in too if possible00:23
madhuriOk00:23
adrian_ottook, talk to you tomorrow!00:24
madhuriThank you again00:24
*** dims has quit IRC00:26
madhuriadrian_otto,  Good night! See you tomorrow00:27
adrian_otto:-)00:27
*** adrian_otto has quit IRC00:27
*** sthillma has quit IRC00:33
*** sthillma has joined #openstack-containers00:34
*** ameybhide has left #openstack-containers00:46
*** sdake has joined #openstack-containers00:57
*** sdake_ has quit IRC01:01
*** suro-patz1 has joined #openstack-containers01:03
*** suro-patz2 has joined #openstack-containers01:03
*** suro-patz1 has quit IRC01:03
*** suro-patz has quit IRC01:04
*** jjfreric has quit IRC01:05
*** pgogia has quit IRC01:05
*** dane_leblanc has joined #openstack-containers01:07
sdakemadhuri shoot01:07
madhuriHi sdake01:08
madhuriI wanted to discuss about Magnum as a CA01:08
madhuriAnd I arranged a meeting tomorrow at 23:30 UTC01:08
madhuriPlease join01:08
sdakearranged where01:09
madhuriAt #openstack-containers01:12
*** sthillma_ has joined #openstack-containers01:12
madhuriAdrian will aslo join01:12
madhuriI asked barbican and anchor developers also to join01:12
madhurisdake, Can we discuss some points now?01:13
*** dane_leblanc has quit IRC01:13
sdakelet me see what time that is01:14
sdakei am negatory on hard depedencies, but that is just me01:14
*** suro-patz2 has quit IRC01:14
sdakei am negatory on any stackforge dependencies but that is just me01:15
*** sthillma has quit IRC01:15
*** sthillma_ is now known as sthillma01:15
madhuriI have sent a mail about it. Lets hear from others also01:15
sdakewe already have neutron as a a hard dependency and lose designs as a result because of it01:15
*** dane_leblanc has joined #openstack-containers01:15
madhuriAgree01:16
sdakei gave feedback in the review...01:16
madhuriAnd also I am not sure how does Openstack accepts stackforge project as a dependency.01:16
madhuriBarbican seems to be suitable for all our requirements01:17
madhuriBut I am not  sure again about its adaptibility01:17
madhuriBarbican can be used both to generate certificate and store it securely01:17
madhurisigned by CAs like Dogtag01:18
*** sdake_ has joined #openstack-containers01:19
sdake_the alternative is to write no spec, just code -  then there is no record except the code base which can be later altered01:19
sdake_in other words the code is not a premanent choice01:20
madhurisdake, Yes I agree and left the spec as it is01:20
madhuriBut still it provide lots of comment01:20
madhuriAnd I will surely look at all comments01:20
madhurisdake_, do you read my above comments about Barbican?01:21
sdake_no got disconnected01:21
*** sdake has quit IRC01:21
*** erkules_ has joined #openstack-containers01:23
madhuriOk I will resend them01:23
madhuriBarbican seems to be suitable for all our requirements01:23
madhuriBut I am not  sure again about its adaptibility01:24
madhuriBarbican can be used both to generate certificate and store it securely by CA like Dogtag01:24
*** erkules has quit IRC01:26
*** saksham_ has quit IRC01:33
*** suro-patz has joined #openstack-containers01:37
*** saksham has quit IRC01:37
*** sthillma has quit IRC01:37
*** suro-patz1 has joined #openstack-containers01:38
*** suro-patz has quit IRC01:41
*** bitblt has quit IRC01:45
*** ybathia has quit IRC01:47
*** sthillma has joined #openstack-containers01:48
*** erkules_ has quit IRC01:51
*** erkules_ has joined #openstack-containers01:52
*** eghobo has quit IRC01:53
*** unicell1 has quit IRC02:00
*** sdake_ has quit IRC02:07
*** suro-patz1 has quit IRC02:11
*** suro-patz has joined #openstack-containers02:12
*** sdake has joined #openstack-containers02:15
*** harshs has quit IRC02:18
*** achanda has quit IRC02:21
*** achanda has joined #openstack-containers02:21
*** achanda has quit IRC02:22
madhurisdake, around02:39
madhurisdake, http://kuberneteslaunch.com/ Kubernetes v1 will be released this July02:40
sdakeyes i am aware02:41
madhuriSo we can think of switching on to it02:42
sdakeyup02:42
madhuriAnd then probably move python-k8sclient to new project02:42
sdakeyuo02:49
*** rbrooker has quit IRC02:56
openstackgerritHua Wang proposed openstack/magnum: add .idea to .gitignore  https://review.openstack.org/19954403:02
*** humble_ has joined #openstack-containers03:02
openstackgerritHua Wang proposed openstack/magnum: add .idea to .gitignore  https://review.openstack.org/19954403:05
*** wanghua has quit IRC03:06
*** yuanying has quit IRC03:16
*** suro-patz has quit IRC03:17
*** achanda has joined #openstack-containers03:26
*** achanda has quit IRC03:34
*** Kennan2 has joined #openstack-containers03:35
*** Kennan has quit IRC03:36
*** julim has quit IRC03:36
*** julim has joined #openstack-containers03:37
*** julim has quit IRC03:37
*** pgogia has joined #openstack-containers03:43
*** dims has joined #openstack-containers03:45
*** dims_ has joined #openstack-containers03:46
*** dims_ has quit IRC03:46
*** dims_ has joined #openstack-containers03:46
*** dims has quit IRC03:49
*** dane_leblanc has quit IRC03:53
*** sthillma_ has joined #openstack-containers03:57
*** sthillma has quit IRC04:00
*** sthillma_ is now known as sthillma04:00
*** achanda has joined #openstack-containers04:00
*** Drago has quit IRC04:01
*** Marga_ has joined #openstack-containers04:02
*** Marga__ has joined #openstack-containers04:02
*** eghobo has joined #openstack-containers04:05
*** achanda has quit IRC04:06
*** Marga_ has quit IRC04:07
*** yuanying has joined #openstack-containers04:08
*** pgogia has left #openstack-containers04:09
openstackgerritHua Wang proposed openstack/magnum: remove unnecessary codes  https://review.openstack.org/19985004:09
openstackgerritMerged openstack/magnum: add .idea to .gitignore  https://review.openstack.org/19954404:14
*** dims_ has quit IRC04:14
*** dims has joined #openstack-containers04:15
humble_hi, all. we can only create containers in a swarm bay? I find that docker compose can run app. Do we have plans to use it?04:18
*** dims has quit IRC04:20
*** achanda has joined #openstack-containers04:24
*** eghobo has quit IRC04:27
*** eghobo has joined #openstack-containers04:37
*** wanghua has joined #openstack-containers04:43
*** sdake has quit IRC04:45
*** humble_ has quit IRC04:46
*** unicell has joined #openstack-containers04:52
*** dims has joined #openstack-containers05:01
*** dims_ has joined #openstack-containers05:02
*** harshs has joined #openstack-containers05:03
*** madhuri has quit IRC05:06
*** dims has quit IRC05:06
*** jruano has quit IRC05:06
*** dims_ has quit IRC05:14
*** humble_ has joined #openstack-containers05:20
*** wanghua has quit IRC05:24
*** sthillma has quit IRC05:29
*** eghobo_ has joined #openstack-containers05:31
*** sthillma has joined #openstack-containers05:31
*** SourabhP has joined #openstack-containers05:31
*** eghobo has quit IRC05:34
*** eghobo has joined #openstack-containers05:44
*** harshs has quit IRC05:44
*** eghobo has quit IRC05:45
*** fawadkhaliq has joined #openstack-containers05:45
*** eghobo_ has quit IRC05:46
*** ig0r_ has joined #openstack-containers05:52
*** ig0r__ has quit IRC05:55
openstackgerritHua Wang proposed openstack/magnum: Code refactor for prepare_service  https://review.openstack.org/19987505:57
*** j___ has quit IRC05:58
*** Kennan2 has quit IRC06:02
*** Kennan has joined #openstack-containers06:03
*** sdake has joined #openstack-containers06:03
*** unicell1 has joined #openstack-containers06:06
*** unicell has quit IRC06:08
*** sthillma_ has joined #openstack-containers06:11
*** suro-patz has joined #openstack-containers06:13
*** sthillma has quit IRC06:13
*** sthillma_ is now known as sthillma06:13
*** j___ has joined #openstack-containers06:14
*** dims has joined #openstack-containers06:15
*** BertrandN has joined #openstack-containers06:19
yuanyingKennan: arround?06:20
*** dims has quit IRC06:20
yuanyingironic template was failed because floating ip doesn't create06:20
*** suro-patz has quit IRC06:23
*** liudong has joined #openstack-containers06:23
*** BertrandN has quit IRC06:27
*** erkules_ is now known as erkules06:39
*** erkules has joined #openstack-containers06:39
Kennanyuanying: what env do you use ? I used devstack, all is OK06:41
Kennando you use devstack?06:41
yuanyingI found the reason06:41
yuanyingyes devstack06:41
yuanyingI'll comment it06:42
yuanyinghttps://review.openstack.org/#/c/198596/4/magnum/templates/heat-kubernetes/kubecluster-fedora-ironic.yaml06:42
Kennannot know, I booted all Successfully06:42
yuanyingdone06:42
yuanyingplease let me know about your devstack environment about neutron subnet06:43
*** BertrandN has joined #openstack-containers06:43
Kennanyes, it was need set IP_VERSION = 4 for devstack env06:43
yuanyingoh06:43
yuanyingok06:43
KennanI only allow neutron network to create ipv4 now06:43
KennanI did not allow to make it complicated first]06:43
yuanyingok06:43
Kennandevstack default create one network with two subnets(one ipv4 and one ipv6)06:44
yuanyingso this should be bug report or wishlist06:44
Kennandevstack once was created only with ipv4 network06:44
Kennanipv6 was new added06:44
Kennanand customers now many use ipv4, so if ipv6 need support, I could create a new bug06:45
yuanyingok06:45
Kennanand refine the templates later before those code merged06:45
Kennanyuanying: i think ipv6 support can be added later06:46
yuanyingSo we should add document about this limitation when ironic-template is supported in Magnum..06:46
yuanyingok06:46
Kennanyes, yuanying: we can added such document, as the document patch not supply now, as many patch now not approved and have some comments06:47
Kennanso I could not write doc now06:47
yuanyingOK, I will test using IP_VERSION = 406:48
yuanyingthen if it succeed, I'll take +206:48
KennanBTW: yuanying one point06:49
Kennanthe ironic tftp now seems confict with our magnum NAT rules06:50
Kennansudo iptables -t nat -A POSTROUTING -o br-ex -j MASQUERADE06:50
Kennanyou should not do that now06:50
openstackgerritMerged openstack/magnum: Fix minion registration failure  https://review.openstack.org/19893906:51
yuanyingok06:51
Kennanas we assume customer would have really floatiing ip in env06:51
Kennannot fork ip like 172,** in devstack06:51
yuanyingMaybe Ironic doesn't need it06:51
KennanI debugged that issue two days, and found that root cause becasue of our magnum iptables setting06:52
Kennan:)06:52
*** achanda has quit IRC06:52
Kennanlet me know if you have any questions. yuanying:06:52
yuanyingOK, thanks Kennan06:53
*** wanghua has joined #openstack-containers06:56
*** nihilifer has joined #openstack-containers06:58
*** humble_ has quit IRC06:58
*** humble_ has joined #openstack-containers06:59
*** wanghua has quit IRC07:03
*** ybathia has joined #openstack-containers07:03
*** sdake has quit IRC07:03
*** ybathia_ has joined #openstack-containers07:04
*** ybathia has quit IRC07:07
*** ybathia_ is now known as ybathia07:07
*** belmoreira has joined #openstack-containers07:15
*** SourabhP has quit IRC07:17
*** apuimedo has joined #openstack-containers07:18
*** tobe has joined #openstack-containers07:18
*** belmoreira has quit IRC07:21
*** belmoreira has joined #openstack-containers07:28
*** manjeets has joined #openstack-containers07:36
*** manjeets has quit IRC07:37
*** humble_ has quit IRC08:00
*** humble_ has joined #openstack-containers08:01
*** sthillma has quit IRC08:11
*** saksham has joined #openstack-containers08:12
*** saksham has quit IRC08:12
*** dims has joined #openstack-containers08:16
*** dims has quit IRC08:21
openstackgerritHua Wang proposed openstack/magnum: Code refactor for prepare_service  https://review.openstack.org/19987508:32
*** madhuri has joined #openstack-containers08:45
*** wanghua has joined #openstack-containers08:46
*** ybathia has quit IRC08:50
*** humble_ has quit IRC08:50
openstackgerritMartin Falatic proposed openstack/magnum: Updated Magnum documentation  https://review.openstack.org/19921209:09
openstackgerritHua Wang proposed openstack/magnum: Code refactor for prepare_service  https://review.openstack.org/19987509:09
openstackgerritKai Qiang Wu(Kennan) proposed openstack/magnum: Fix old network_id usage  https://review.openstack.org/19945809:10
*** ahcorporto has joined #openstack-containers09:12
*** nihilifer has quit IRC09:13
*** coolsvap|away is now known as coolsvap09:15
*** fawadkhaliq has quit IRC09:22
openstackgerritHua Wang proposed openstack/magnum: remove unnecessary codes  https://review.openstack.org/19985009:25
*** coolsvap is now known as coolsvap|away09:48
*** nihilifer has joined #openstack-containers09:55
*** coolsvap|away is now known as coolsvap10:11
*** dims has joined #openstack-containers10:17
*** dims has quit IRC10:21
*** fawadkhaliq has joined #openstack-containers10:22
*** fawadkhaliq has quit IRC10:23
*** fawadkhaliq has joined #openstack-containers10:23
*** coolsvap is now known as coolsvap|away10:25
wanghuaKennan: ping10:27
Kennanhi wanghua, going to leave, what's issue10:28
wanghuaKennan: ask one question. next time10:28
wanghuaKennan: bye10:28
Kennanok wanghua: other guys/cores can also help you10:29
Kennandont worry about it10:29
wanghuaKennan: ok10:29
* Kennan leave now10:30
*** humble_ has joined #openstack-containers10:31
*** wanghua has quit IRC10:34
*** yuanying has quit IRC10:41
openstackgerritZhiQiang Fan proposed openstack/magnum: upadte sample config file  https://review.openstack.org/20000810:44
*** sdake has joined #openstack-containers10:45
*** sdake_ has joined #openstack-containers10:46
*** wanghua has joined #openstack-containers10:47
*** humble_ has quit IRC10:49
*** sdake has quit IRC10:50
*** fawadkhaliq has quit IRC11:06
*** fawadkhaliq has joined #openstack-containers11:08
*** wanghua has quit IRC11:17
*** wanghua has joined #openstack-containers11:19
*** coolsvap|away is now known as coolsvap11:22
*** Daviey has joined #openstack-containers11:25
*** sdake_ has quit IRC11:33
*** sdake has joined #openstack-containers11:42
*** tobe has quit IRC11:48
*** zhenguo has quit IRC11:50
*** jruano has joined #openstack-containers11:56
*** sdake_ has joined #openstack-containers11:56
*** sdake has quit IRC12:00
*** dims has joined #openstack-containers12:17
*** dims has quit IRC12:22
*** fawadkhaliq has quit IRC12:22
*** sdake has joined #openstack-containers12:28
*** sdake_ has quit IRC12:31
*** jay-lau-513 has joined #openstack-containers12:36
openstackgerritMerged openstack/magnum: Code refactor for prepare_service  https://review.openstack.org/19987512:38
*** dims has joined #openstack-containers12:40
*** julim has joined #openstack-containers12:44
*** yuanying-alt has joined #openstack-containers12:45
*** fawadkhaliq has joined #openstack-containers12:45
*** jjfreric has joined #openstack-containers12:47
*** pserebryakov has joined #openstack-containers12:47
*** jjfreric has quit IRC12:52
*** wanghua has quit IRC12:56
*** wanghua has joined #openstack-containers12:56
*** Marga__ has quit IRC13:00
*** dane_leblanc has joined #openstack-containers13:00
*** ahcorporto has left #openstack-containers13:01
*** fawadkhaliq has quit IRC13:01
*** Marga_ has joined #openstack-containers13:05
*** dane_leblanc has quit IRC13:05
*** Marga_ has quit IRC13:07
*** Marga_ has joined #openstack-containers13:07
*** jay-lau-513 has quit IRC13:09
*** zhenguo has joined #openstack-containers13:09
*** jay-lau-513 has joined #openstack-containers13:09
openstackgerritZhiQiang Fan proposed openstack/magnum: Upadte sample config file  https://review.openstack.org/20000813:12
*** rbrooker has joined #openstack-containers13:13
*** dane_leblanc has joined #openstack-containers13:13
openstackgerritZhiQiang Fan proposed openstack/magnum: Update sample config file  https://review.openstack.org/20000813:15
*** rpothier has joined #openstack-containers13:19
*** dane_leblanc has quit IRC13:19
*** jjlehr has joined #openstack-containers13:26
*** yuanying-alt has quit IRC13:30
*** dboik_ has quit IRC13:36
*** jjfreric has joined #openstack-containers13:39
*** dane_leblanc has joined #openstack-containers13:41
*** rbrooker has quit IRC13:51
*** dboik has joined #openstack-containers13:56
*** pserebryakov has quit IRC14:00
*** Kennan2 has joined #openstack-containers14:03
*** Kennan has quit IRC14:04
*** jhova has joined #openstack-containers14:09
*** hongbin has joined #openstack-containers14:17
*** SourabhP has joined #openstack-containers14:18
*** hongbin_ has joined #openstack-containers14:26
*** macjack has quit IRC14:30
*** nihilifer has quit IRC14:39
*** kebray has joined #openstack-containers14:41
*** harshs has joined #openstack-containers14:42
*** kebray has quit IRC14:44
*** dims has quit IRC14:45
*** PaulCzar has joined #openstack-containers14:45
*** kebray has joined #openstack-containers14:45
*** adrian_otto has joined #openstack-containers14:49
*** dims has joined #openstack-containers14:50
*** adrian_otto has quit IRC14:55
*** adrian_otto has joined #openstack-containers14:55
*** jay-lau-513 has quit IRC14:58
*** jay-lau-513 has joined #openstack-containers14:59
*** adrian_otto has quit IRC15:00
*** achanda has joined #openstack-containers15:00
*** sdake_ has joined #openstack-containers15:01
*** sdake has quit IRC15:05
*** absubram has joined #openstack-containers15:05
*** achanda has quit IRC15:06
*** sdake_ has quit IRC15:09
*** coolsvap is now known as coolsvap|away15:09
*** sdake has joined #openstack-containers15:10
*** hongbin has quit IRC15:13
*** wanghua has quit IRC15:14
*** yuanying-alt has joined #openstack-containers15:19
*** Drago has joined #openstack-containers15:20
*** Drago has quit IRC15:20
*** Drago has joined #openstack-containers15:20
*** SourabhP has quit IRC15:23
*** yuanying-alt has quit IRC15:24
*** harshs has quit IRC15:29
*** dims has quit IRC15:30
openstackgerritMerged openstack/magnum: Update sample config file  https://review.openstack.org/20000815:30
*** dims has joined #openstack-containers15:32
*** dims has quit IRC15:32
*** dims has joined #openstack-containers15:33
*** nihilifer has joined #openstack-containers15:34
*** nihilifer has quit IRC15:34
*** harshs has joined #openstack-containers15:36
*** harshs has quit IRC15:47
*** daneyon has joined #openstack-containers15:48
*** belmoreira has quit IRC15:48
*** j___ has quit IRC15:51
*** coolsvap|away is now known as coolsvap15:54
*** BertrandN has quit IRC16:02
*** bitblt has joined #openstack-containers16:03
*** sthillma has joined #openstack-containers16:04
*** dims_ has joined #openstack-containers16:05
*** sthillma_ has joined #openstack-containers16:05
*** unicell1 has quit IRC16:05
*** sthillma has quit IRC16:08
*** sthillma_ is now known as sthillma16:08
*** dims has quit IRC16:09
*** fawadkhaliq has joined #openstack-containers16:11
*** Marga_ has quit IRC16:17
*** yuanying-alt has joined #openstack-containers16:20
*** yuanying-alt has quit IRC16:24
*** sthillma has quit IRC16:33
*** coolsvap is now known as coolsvap|away16:36
*** unicell has joined #openstack-containers16:40
*** dane_leblanc has quit IRC16:41
*** suro-patz has joined #openstack-containers16:42
openstackgerritMerged openstack/magnum: Fix old network_id usage  https://review.openstack.org/19945816:43
*** eghobo has joined #openstack-containers16:44
*** bitblt has quit IRC16:45
*** jruano has quit IRC16:46
*** dane_leblanc has joined #openstack-containers16:48
*** eghobo_ has joined #openstack-containers16:54
*** eghobo has quit IRC16:58
*** SourabhP has joined #openstack-containers17:03
*** coolsvap|away is now known as coolsvap17:08
*** rbrooker has joined #openstack-containers17:11
*** harshs has joined #openstack-containers17:13
*** sdake has quit IRC17:16
*** sdake has joined #openstack-containers17:20
*** achanda has joined #openstack-containers17:20
*** jjfreric has quit IRC17:22
*** saksham has joined #openstack-containers17:23
*** jjfreric has joined #openstack-containers17:24
*** sdake_ has joined #openstack-containers17:26
*** Marga_ has joined #openstack-containers17:27
*** sdake has quit IRC17:29
*** Marga_ has quit IRC17:30
*** Marga_ has joined #openstack-containers17:30
*** sdake has joined #openstack-containers17:30
*** sdake_ has quit IRC17:34
*** dims_ has quit IRC17:35
*** saksham has quit IRC17:36
*** dims has joined #openstack-containers17:37
*** j___ has joined #openstack-containers17:38
*** saksham has joined #openstack-containers17:39
suro-patzjay-lau-513: yt?17:45
*** SourabhP has quit IRC17:47
*** sthillma has joined #openstack-containers17:47
*** hongbin has joined #openstack-containers17:50
*** hongbin_ has quit IRC17:50
*** hongbin has quit IRC17:52
*** hongbin has joined #openstack-containers17:52
suro-patzupdated the blueprint https://blueprints.launchpad.net/magnum/+spec/magnum-service-list18:01
suro-patzjay-lau-513: ^^18:01
*** ameybhide has joined #openstack-containers18:03
*** jjfreric has quit IRC18:05
*** jjfreric has joined #openstack-containers18:05
*** hongbin has quit IRC18:06
*** hongbin has joined #openstack-containers18:07
*** yuanying-alt has joined #openstack-containers18:09
*** Tango has joined #openstack-containers18:09
*** SourabhP has joined #openstack-containers18:13
*** yuanying-alt has quit IRC18:13
TangoHi everyone, is there a link for the easy bugs for beginners?  I am helping several new developers who want to start contributing.18:17
eghobo_https://bugs.launchpad.net/magnum/+bugs?field.tag=low-hanging-fruit18:19
*** sdake is now known as sdae18:19
*** sdae is now known as sdake18:19
*** dims has quit IRC18:21
*** Marga_ has quit IRC18:24
*** suro-patz has quit IRC18:31
*** sdake_ has joined #openstack-containers18:33
*** suro-patz has joined #openstack-containers18:33
*** rbrooker has quit IRC18:34
*** sdake has quit IRC18:36
*** sdake has joined #openstack-containers18:37
*** manjeets has joined #openstack-containers18:39
*** sdake_ has quit IRC18:40
openstackgerritHongbin Lu proposed openstack/magnum: Add template definition of Mesos bay  https://review.openstack.org/19147618:48
TangoThanks eghobo_18:58
*** sthillma has quit IRC18:58
*** absubram has quit IRC19:00
*** coolsvap is now known as coolsvap|away19:04
*** Marga_ has joined #openstack-containers19:05
*** dims has joined #openstack-containers19:10
*** manjeets has quit IRC19:12
*** rbrooker has joined #openstack-containers19:19
*** sdake has quit IRC19:25
*** redrobot has joined #openstack-containers19:26
*** sdake has joined #openstack-containers19:29
*** Marga_ has quit IRC19:38
*** Marga_ has joined #openstack-containers19:39
*** eghobo_ has quit IRC19:40
*** jjlehr has quit IRC19:42
*** jjlehr has joined #openstack-containers19:43
*** zhenguo has quit IRC19:43
*** sthillma has joined #openstack-containers19:46
*** achanda has quit IRC19:48
*** eghobo has joined #openstack-containers19:49
*** yuanying-alt has joined #openstack-containers19:57
*** yuanying-alt has quit IRC20:02
*** daneyon has quit IRC20:14
*** achanda has joined #openstack-containers20:15
*** sdake_ has joined #openstack-containers20:15
openstackgerritHongbin Lu proposed openstack/magnum: Add documentation for smart scale down feature  https://review.openstack.org/19879920:16
openstackgerritHongbin Lu proposed openstack/magnum: Implement bay smart scale down  https://review.openstack.org/19652620:16
*** manjeets has joined #openstack-containers20:17
*** sdake has quit IRC20:19
*** sdake_ is now known as sdake20:29
*** achanda has quit IRC20:36
*** achanda has joined #openstack-containers20:49
manjeets#hongbin even with that you have to go to m-cond server to check reason20:51
manjeetsI was saying when you list bays if create status is failed it should print reason along with20:51
sdakewhen is 2300 utc?20:56
sdaketcammann ping me when your about pls20:57
sdaketcammann_ ping me when your about pls20:57
*** julim has quit IRC20:57
sdakere bay db thing20:57
hongbinmanjeets: Could you elaborate it?21:05
*** dims has quit IRC21:05
*** dims has joined #openstack-containers21:07
manjeetswhen you do bay-create it starts and if you list bays sometimes it shows status create_in_progress but if create get failed it does not notify on terminal from where you issued the command21:07
manjeetsi mean if gets failed it should display there itself21:08
hongbinmanjeets: Two cases here21:10
hongbinIf the bay fails and Heat tells the reason of failure and Magnum don't, it will be a bug in Magnum side.21:11
hongbinIf the bay fails and both Magnum and Heat donot give the reason, then you possibly need to look into Heat to check if anything can be improved.21:12
manjeetsmy point is to display reason at client side where u issued command . I am able to see the reason on m-cond service side21:15
*** apuimedo has quit IRC21:18
hongbinmanjeets: I think Magnum does display failure reason in server side https://bugs.launchpad.net/magnum/+bug/146009121:25
openstackLaunchpad bug 1460091 in Magnum "add an error message field to bay" [Wishlist,Fix committed] - Assigned to Lan Qi song (lqslan)21:25
hongbinmanjeets: If not, it could be a bug or something needs to be improved.21:26
manjeetsit does on server side but I suggesting it should give very precise reason of failure on client side21:27
*** eghobo has quit IRC21:28
*** rpothier has quit IRC21:33
*** jruano has joined #openstack-containers21:33
*** eghobo has joined #openstack-containers21:33
*** agireud has joined #openstack-containers21:35
sdakei think what manjeets is asking for is a blocking bay create21:35
sdakeyou should be able to get that information with bay-show manjeets21:36
*** slagle has quit IRC21:36
sdakeif you can't, file a blueprint and we will get to it atsome point :)21:36
*** sdake_ has joined #openstack-containers21:39
openstackgerritHongbin Lu proposed openstack/magnum: Eliminate mutable default arguments  https://review.openstack.org/19846521:40
*** agireud has quit IRC21:41
*** sdake has quit IRC21:42
*** dboik has quit IRC21:43
*** jjfreric has quit IRC21:44
*** dane_leblanc has quit IRC21:44
*** dane_leblanc_ has joined #openstack-containers21:45
*** yuanying-alt has joined #openstack-containers21:46
*** daneyon has joined #openstack-containers21:46
*** daneyon_ has joined #openstack-containers21:49
*** yuanying-alt has quit IRC21:50
*** daneyon has quit IRC21:52
openstackgerritZachary Sais proposed openstack/magnum: Add .DS_Store to .gitignore  https://review.openstack.org/20028121:54
manjeetsok21:54
*** daneyon has joined #openstack-containers21:56
*** dboik has joined #openstack-containers21:56
*** dboik has quit IRC21:57
*** eghobo has quit IRC21:57
*** daneyon_ has quit IRC22:00
*** daneyon_ has joined #openstack-containers22:01
*** jjlehr has quit IRC22:01
*** jruano has quit IRC22:02
*** dims has quit IRC22:03
*** dims has joined #openstack-containers22:03
*** daneyon has quit IRC22:04
*** coolsvap|away is now known as coolsvap22:05
*** daneyon_ has quit IRC22:11
*** manjeets has quit IRC22:13
*** Marga_ has quit IRC22:19
*** dane_leblanc_ has quit IRC22:40
*** fawadkhaliq has quit IRC22:43
*** Tango has quit IRC22:48
*** hongbin has quit IRC22:56
*** apuimedo has joined #openstack-containers22:57
*** zaneb has left #openstack-containers23:04
*** eghobo has joined #openstack-containers23:06
*** eghobo_ has joined #openstack-containers23:09
*** eghobo has quit IRC23:12
*** coolsvap is now known as coolsvap|afk23:14
*** adrian_otto has joined #openstack-containers23:15
madhuriGood morning all23:16
eghobo_actually it's 4pm in California ;)23:19
*** zhenguo has joined #openstack-containers23:21
*** sicarie has joined #openstack-containers23:23
madhuri:(23:23
madhuriadrian_otto, ping23:23
madhuriWe will have a meeting in 5 minutes about Magnum as a CA23:24
*** sdake has joined #openstack-containers23:24
adrian_ottomadhuri: pong23:25
adrian_ottoit is good day to everyone :-)23:25
redrobothttp://www.total-knowledge.com/~ilya/mips/ugt.html23:25
madhuriBlueprint link https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca23:25
madhuriJust checking for the meeting23:25
madhuriadrian_otto, Thank you for the introduction23:26
*** sdake__ has joined #openstack-containers23:26
redrobotmadhuri adrian_otto o/23:26
adrian_ottogood (UGT) day23:26
madhuriHi redrobot23:26
madhuriIs any Barbican or Anchor developer here?23:27
*** sdake_ has quit IRC23:27
redrobotmadhuri I'm the Barbican PTL23:27
madhuriOops. Sorry redrobot23:27
madhuriThank you for joining23:27
madhuriAnyone from Anchor team?23:28
redrobotmadhuri you're welcome :)23:28
madhuritcammann, ping23:28
adrian_ottosdake_ sdake ping23:28
*** yuanying has joined #openstack-containers23:28
adrian_ottosdake__ ping23:28
sdake__yo23:29
*** chair6 has joined #openstack-containers23:29
adrian_ottohi there, we wanted to pull you into our talk about TLS support23:29
sdake__shoot23:29
adrian_ottosdake__: can you join us for a bit?23:29
sdake__yup23:29
adrian_ottotx!23:29
*** sdake has quit IRC23:29
madhuriOk so to start we wanted to discuss about TLS support in Magnum23:30
*** sdake__ is now known as sdake23:30
adrian_ottoshould we log this?23:30
madhuriYes sure adrian_otto23:30
adrian_otto#startmeeting containers_tls23:30
openstackMeeting started Thu Jul  9 23:30:24 2015 UTC and is due to finish in 60 minutes.  The chair is adrian_otto. Information about MeetBot at http://wiki.debian.org/MeetBot.23:30
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.23:30
openstackThe meeting name has been set to 'containers_tls'23:30
adrian_ottoo/23:30
sdakeo/23:30
adrian_ottowho's here?23:30
madhurio/23:30
yuanyingo/23:30
sicarieo/23:30
redroboto/23:30
adrian_ottoMadhuri called us together for some discussion about our TLS feature today.23:31
madhuri#link  https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca23:31
adrian_ottoWe'll reference links to the blueprint and spec review23:31
madhuriTo support TLS in Magnum, we need to generate certs and store them securely23:31
madhuriWe have few options to do that23:32
madhuriSo I wanted to discuss which option is the best one23:32
adrian_otto#link https://review.openstack.org/194905 Add TLS support in Magnum.23:32
madhuriI will get the link here of the ml23:32
adrian_ottolet's back up one step23:32
adrian_ottothe reason we care about this at all is that Magnum bays are small distributed systems23:32
adrian_ottoand the components of those systems typically run on public networks23:33
adrian_ottoso the various API endpoints need suitable access control23:33
adrian_ottoMagnum does not adequately secure the kubernetes client-> master or master-> minion communications23:33
adrian_ottothere is no access control or encryption of those communications23:34
adrian_ottoso in order for Magnum to be production ready we must address that23:34
adrian_ottoKubernetes and Docker Swarm both support TLS, which can be used as a mechanism both for simple access control, and encryption23:34
adrian_ottoso Madhuri has been working on possible implementations to address this23:35
adrian_ottoMadhuri, you can lead from this point23:35
*** yuanying-alt has joined #openstack-containers23:35
madhuriThank you adrian_otto for the introduction23:35
madhuriSo Magnum needs certficates and to store them securely23:35
madhuriWe tried to use Anchor for it23:36
madhuriBut got some disagreement about it as being stackforge project23:36
chair6that changes tomorrow, when it moves from stackforge -> openstack namespace23:36
sdakei think the disageement would disappear if it were optional rather then mandatory madhuri23:36
adrian_ottoare those objections primarily related to the maturity level of the Anchor software?23:36
sdakeadrian_otto since its going to the openstack namespace this is a moot point23:37
madhuriYes for that we first thought of adding our own tool to generate certificate for initial release23:37
sdakebut my argument on this point is we dont want to depend on stackforge projects because they may never make it into the openstack namespace, making our project unshippable23:37
madhuriBut then we are left with no option for its secure storage23:37
madhuriAgree.23:37
sdakehard depend23:38
sdakesoft depend, different story23:38
*** openstack has joined #openstack-containers23:40
adrian_ottomadhuri: In an ideal world we would have a pluggable implementation. I'm not yet convinced that's the right first step.23:40
adrian_ottomy current attitude is that something that's likely to fit the majority of use cases initially is a good first attempt23:41
madhuriadrian_otto, About having our own tool?23:41
redrobotcurrently only Barbican has a concrete implementation, but we have plans to add KMIP support as well, so you could store secrets to a KMIP device directly23:41
adrian_ottoand refining that based on the ones who don't like it would be a subsequent effort23:41
*** suro-patz has quit IRC23:41
madhuriadrian_otto, I and yuanying wanted to support Barbican for the first release.23:41
adrian_ottoredrobot: for those of us not familiar with KMIP, can you describe that in more basic terms?23:42
redrobotKMIP is a protocol for storing keys.  Some vendors sell Hardware Security Modules that can speak KMIP23:42
sdakewell here i the bottom line - i'm not writing the code and wont reject reviews with -2 that solve the problem, but i really think a hard dependency is a terrible idea ;)23:42
adrian_ottook, so we should think of that as an interface to an HSM23:43
*** diga has joined #openstack-containers23:43
adrian_ottosdake, I am sympathetic to that view, and want to discuss that together a bit23:43
sdakei dont mind a hard dep on a library23:43
sdakeas long as its in openstack namespace23:43
adrian_ottolet's imagine for a moment that we want an implementation that does not rely on Barbican23:44
madhurisdake, That is what I am trying to have a pluggable system for it23:44
sdakean as long as a non server-based implementation can be written behind the abstraction23:44
adrian_ottowe do need some way for a Bay to "keep" the cert/key combination for setting up a new bay node when it scales out23:44
madhuri+1 adrian_otto23:44
adrian_ottowithout a secure storage service like Barbican that means storing both on the Bay master node, correct?23:44
sdakeyes, magnum stores the key info23:44
madhuriYes23:45
sdakein magnum itself not on the bay mastter node23:45
adrian_ottofrom a security perspective, I have a mild allergic response to that23:45
madhuriadrian_otto, I totally agree23:45
adrian_ottobasically no more secure than storing a cleartext password in a config file on the master node23:45
adrian_ottowhich as a security best practice is sternly frowned upon23:45
*** suro-patz has joined #openstack-containers23:45
sdakewell sure if someone roots your infrastructure your fked anyway23:45
adrian_ottoso if we offer that as an option, I don't want it to be on as default23:46
adrian_ottoand I want a "Use this at your own risk" warning where you turn it on23:46
sdakei am talking about the db storing the keys23:46
sdakenot the bay master23:46
adrian_ottothat's even less secure23:46
sdakeif the db were rooted, there is about 10000 ways to cause damage outside magnum23:46
adrian_ottobecause you have a single attack surface that risks all bays23:46
sdakethat exissts all over openstack today though23:47
adrian_ottoredrobot: what's your view?23:47
sdakesure we slightly add to the problem23:47
yuanyingAnd also there is no way to get secure key from k8s master node23:47
sdakebut its a problem all over openstack services including nova and heat23:47
madhuriI agree that storing keys on magnum is insecure way, but still we should support both them implementation. And make it "Use this at your own risks"23:48
adrian_ottoyuanying: what if each k8s master also had a standalone barbican service on it?23:48
sdakegroan23:48
adrian_ottook, so back up a bit23:48
sdakeseems heavy - mysql + rabbit23:48
adrian_ottocan we agree that we want a secure by default with an insecure option that allows you to deplyo Magnum without Barbican if you want to take the risk?23:49
*** sthillma has quit IRC23:49
sdakei disagree with your assertion that storing data in the database encrypted is any less secure then storing it encrypted in the barbican database...23:49
adrian_ottogood, let's debate that for a moment23:49
*** achanda has quit IRC23:49
adrian_ottowith barbican, I get encrypted storage.23:49
yuanyingIf we use barbican, k8s master get key from barbican23:50
adrian_ottoI think I *also* get an access log of what clients accessed which secrets23:50
adrian_ottoredrobot: is that true?23:50
yuanyingbut if we use database to store db, how to get the secure key from k8s master23:50
adrian_ottoand I can remove a secret23:50
redrobotadrian_otto so, not with kilo barbican, but we're adding auditing in liberty23:50
redrobotso yes, you'd get an audit log of every time the cert/key is accessed23:51
madhuriyuanying, Can we get from magnum itself?23:51
adrian_ottoso I at least have some way to detect unauthorized access23:51
*** Tango has joined #openstack-containers23:52
sdakean apples to apples comparison is current state of barbican with whatever we would roll23:52
adrian_ottomadhuri: we could do what sdake is suggesting and have an API call to fetch it from the Magnum db23:52
madhuriYes that is a way23:52
adrian_ottoor we could run an agent on the bay master node (not as elegant)23:52
sdakelisten folks, I dont really care strongly enough to -2 a review with a hard dependency, I just think from my years of being punished by taking on hard dependencies, it is something not to be done lightly23:52
sdake*EVERY* single project that has failed I have been involved with was because of a hard dependency23:53
madhuri+1 sdake23:53
sdakegranted those projects dont have mojo of magnum23:53
sdakeso that is why i wouldn't -223:53
sdakethat is the single only reason ;-)23:53
madhuriSo my point here is support both implementation23:53
madhuriI agree Barbican is the most secure way and best suit for us23:54
adrian_ottook, so what if we did an implementation that depended on barbican as a phase I, with a phase II to offer a non-barbican solution that has no external dependency?23:54
madhuriBut again making it hard dependency is not good23:54
adrian_ottowith a commitment from our implementers to do both23:54
yuanyingadrian_otto: agree23:54
adrian_ottoI think the implementation with barbican will actually be faster, and I want that for Liberty23:54
*** chair6 has left #openstack-containers23:54
sdakephasing works for me as long as phase 2 doesn't turn into "use barbican" :)23:54
madhuriadrian_otto, We tried to use Barbican for generating cert but failed23:54
madhuriyuanying, sent a mail for it but no response23:54
adrian_ottosdake, we have the stakeholders here to make that commitment23:54
sdakeimplementation speed is more essential then dependency management in this case23:55
redrobotmadhuri sorry about that.  which CA bakend were you using?23:55
madhuriWe tried to use the default one redrobot23:55
madhuriBut no CA was listed23:55
yuanyingand also snake_oil23:55
redrobot:(23:55
madhuriSnakeOil was also not configured23:55
madhuriThat's why we moved to other implementation of having our own tool to do it23:56
* redrobot takes notes to look into default CA errors23:56
madhuriredrobot, Now that you are involved, we can take up Barbican23:56
madhurias our first implementation23:56
sdakemadhuri I didn't see redrobot make that commitment yet ;)23:56
madhurisdake, I hope he does :)23:57
madhuriredrobot, ?23:57
adrian_ottoso let's make the ask. redrobot: are you willing to allocate some cycles to help us integrate Magnum with Barbican for this purpose?23:57
redrobotI would love to see more openstack projects use barbican.23:57
adrian_ottoit's our highest priority blueprint for this cycle23:57
madhuriIt's a yes :)23:57
sdakeyes it is essential23:57
sdakefailure here is not an option (TM)23:58
redrobotyes, I would definitely do whatever I can to help you guys out23:58
sdakeok well that wfm23:58
madhuriThank you redrobot23:58
sdakeas long as we revisit the non-hard dependency model in the future23:58
adrian_ottocool, so we are approaching our 30min mark23:58
sdakewithout a "its too hard"23:58
redrobotI would like to learn more about the use case though23:59
adrian_ottodo we have what we need for today, or should we discuss for longer?23:59
sdakedependencies = evil :(23:59
madhuriSure sdake23:59
madhuriWe will implement that also23:59
*** eghobo has joined #openstack-containers23:59
redrobotsdake rewriting everything is more evil, I think :)23:59
madhuriI think this is all I wanted to discuss, to come to a single point23:59
adrian_ottoredrobot: we will commit to giving you as much detail as you need to help us23:59
sdakeredrobot we have a doc23:59
« Wednesday, 2015-07-08 Index Friday, 2015-07-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!