| *** ianw is now known as ianw_pto | 07:21 | |
| *** redrobot_ is now known as redrobot | 12:56 | |
| *** h_asahin1 is now known as h_asahina | 14:58 | |
| ayoung | lbragstad, do I have the time and place right? | 15:03 |
|---|---|---|
| lbragstad | ayoung yes | 15:03 |
| lbragstad | cc redrobot | 15:03 |
| redrobot | oh, whoops | 15:04 |
| redrobot | downstream meeting was blocking this out | 15:04 |
| redrobot | #startmeeting keystone | 15:04 |
| opendevmeet | Meeting started Tue Sep 28 15:04:26 2021 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:04 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:04 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:04 |
| redrobot | #topic Roll Call | 15:04 |
| lbragstad | o/ | 15:04 |
| redrobot | Courtesy ping for ayoung, bbobrov, crisloma, d34dh0r53, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, jdennis, ruan_he, wxy, sonuk, vishakha,Ajay, raildo, rafaelweingartner, redrobot, xek | 15:04 |
| xek | o/ | 15:05 |
| d34dh0r53 | o/ | 15:05 |
| ayoung | Can you add me to the courtesy ping list, please? | 15:05 |
| redrobot | As usual the agenda can be found here: | 15:05 |
| redrobot | #link https://etherpad.opendev.org/p/keystone-weekly-meeting | 15:05 |
| redrobot | ayoung, already on the ping :) | 15:06 |
| knikolla | o/ | 15:06 |
| redrobot | Looks like we've got a few topics to cover so let's get started | 15:06 |
| ayoung | Ah...cool | 15:06 |
| redrobot | #topic Review Past Meeting Action Items | 15:06 |
| redrobot | #link https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-09-21-15.00.html | 15:07 |
| h_asahina | o/ hello. it's the first time for me to attend this meeting. can i join? | 15:07 |
| gagehugo | o/ | 15:07 |
| redrobot | > redrobot to investigate who the Keystone liaisons are | 15:07 |
| redrobot | I did not do this :( | 15:07 |
| * redrobot punts it to next week | 15:07 | |
| redrobot | #action redrobot to investigate who the Keystone liaisons are | 15:07 |
| redrobot | That was the only action item | 15:07 |
| redrobot | moving on ... | 15:08 |
| redrobot | we'll skip the Liaison Update since we don't know who they are | 15:08 |
| redrobot | #topic Suggestion for OAuth2.0 support from OpenStack Tacker team (h-asahina) | 15:08 |
| knikolla | h_asahina: welcome :) | 15:08 |
| h_asahina | thanks | 15:08 |
| redrobot | h_asahina, floor is yours | 15:09 |
| knikolla | redrobot: i think i'm most liasons, hah | 15:09 |
| redrobot | knikolla, ack ... I'll circle back after this topic | 15:09 |
| redrobot | Looks like the summary from h_asahina 's topic description in the etherpad is: | 15:10 |
| redrobot | > we would like to propose OAuth2.0 support as an option of Keystone in the next PTG and implement it in Yoga. | 15:10 |
| h_asahina | yes | 15:11 |
| ayoung | Meaning you get SSO without Fedration? | 15:11 |
| h_asahina | no. we want to support Oauth2 for API calls. | 15:12 |
| knikolla | is there a spec discussing the proposal? | 15:12 |
| h_asahina | like oauth1 extension. | 15:12 |
| redrobot | h_asahina, the usual first step is to submit a Spec patch to our spec repo: | 15:12 |
| h_asahina | > is there a spec discussing the proposal?. sorry not yet. | 15:12 |
| redrobot | #link https://opendev.org/openstack/keystone-specs | 15:12 |
| knikolla | ayoung: i think this is about having keystone as a oauth 2.0 identity provider | 15:12 |
| knikolla | so that services can validate jwt tokens | 15:13 |
| redrobot | ^^^ that's the impression I got too | 15:13 |
| ayoung | So, reuse an existing library, or implement custom? | 15:14 |
| h_asahina | we considering implementing a new custom extension | 15:14 |
| h_asahina | we're also want to submit spec for next PTG. can we make it in time? | 15:15 |
| knikolla | yeah, please propose a spec in the keystone-specs repository describing the API and some implementation details (choice of library, support in clients, etc) | 15:15 |
| h_asahina | ok, when is the deadline for yoga | 15:16 |
| knikolla | https://releases.openstack.org/yoga/schedule.html | 15:17 |
| redrobot | h_asahina, feature freeze is the week of February 21 | 15:17 |
| h_asahina | got it. but i think we have to submit it before the next PTG, right? | 15:18 |
| knikolla | though the spec would have to be approved before that, ideally shortly after the PTG. if there are needs for revising with feedback from the PTG. | 15:18 |
| redrobot | h_asahina, yeah, it would be good to have a spec submitted before the PTG | 15:18 |
| redrobot | #link https://etherpad.opendev.org/p/yoga-ptg-keystone | 15:18 |
| redrobot | You can add it as a topic to be discussed during the PTG session | 15:18 |
| h_asahina | ok, thanks. | 15:19 |
| redrobot | h_asahina, thank you. looking forward to reviewing your spec. | 15:20 |
| redrobot | OK, moving on ... | 15:20 |
| redrobot | #topic PTG | 15:20 |
| redrobot | Just a reminder to sign up for the PTG | 15:20 |
| redrobot | Our session will be on Monday October 18 @ 1400-1600 UTC | 15:21 |
| redrobot | you can add topics to the etherpad I linked above. | 15:21 |
| redrobot | Moving on ... | 15:23 |
| redrobot | #topic Migrations Backport | 15:23 |
| redrobot | #link https://review.opendev.org/c/openstack/keystone/+/806381 | 15:24 |
| redrobot | I wanted to follow up on last week's discussion of xek's patch | 15:24 |
| redrobot | I spent a little bit of time looking at it | 15:24 |
| redrobot | and realized that Keystone uses an NIH migration library that hasn't been updated in years. | 15:25 |
| redrobot | so forget everything I mentioned about Alembic because I had no idea what I was talking about. | 15:25 |
| lbragstad | :) | 15:25 |
| ayoung | SQL Alchemy? | 15:25 |
| lbragstad | long live slqalchemy | 15:25 |
| redrobot | ayoung, yeah, it's a custom lib that uses SQLAlchemy | 15:25 |
| lbragstad | fwiw - we've had alembic on the backlog forever | 15:25 |
| knikolla | sqlalchemy-migrate | 15:25 |
| ayoung | I know it well | 15:25 |
| ayoung | _member_ FTW | 15:26 |
| redrobot | the outstanding question was whether it was safe to backport to Wallaby | 15:26 |
| lbragstad | because we didn't merge the placeholders before the wallaby release | 15:26 |
| redrobot | In my limited undestanding of sqlalchemy-migrate, I _think_ it should be OK, given that it's the only migration that landed | 15:27 |
| redrobot | but I'll defer to someone with better understanding of the lib | 15:27 |
| knikolla | ++, i have the same general feeling, given that there's nothing to mess up the ordering yet | 15:28 |
| ayoung | So we are cool with the 256 character limit, right? | 15:28 |
| ayoung | THis is just about the backportability of the patch? | 15:28 |
| redrobot | ayoung, right ... the patch has already landed on master | 15:28 |
| ayoung | And the migration in that patch is SQL alchemy. I assume that means that we've moved to Alembic since then? | 15:29 |
| ayoung | And the question is whether a SQL A migration can still land? | 15:29 |
| redrobot | ayoung, negative, no alembic support yet | 15:29 |
| * redrobot was confused about what migration strategy keystone uses | 15:30 | |
| ayoung | Its more of a tactic than a strategy | 15:30 |
| ayoung | And...why is the actual work done in contract? | 15:32 |
| ayoung | disregard | 15:32 |
| ayoung | I read them in ABC order. All makes sense | 15:32 |
| ayoung | OK, so this change is only going to adjust the size of the column in the database to a larger size. Why would there be an issue with the migration? Is there a Wallaby migration <079? | 15:33 |
| ayoung | Er > thatn 079 | 15:33 |
| lbragstad | no | 15:33 |
| lbragstad | we typically merge a series of placeholders before every release to allow for backporting migrations | 15:34 |
| lbragstad | but - we didn't do that | 15:34 |
| lbragstad | but we also haven't merged a migration in a long time | 15:34 |
| ayoung | Yes, I recall that practice. | 15:34 |
| lbragstad | so - we wanted to make sure we weren't screwing anything up by backporting a migration without a placeholder | 15:34 |
| lbragstad | i think the saving grace in this case is that both wallaby and master would have the latest migration | 15:35 |
| ayoung | Since the migration numbers would be consistant from Wallaby on forward, I would think there would be no risk. It would not break a future upgrade | 15:35 |
| ayoung | So long as there is no compacting of migrations, you will always get 0179 on top of 078 | 15:35 |
| ayoung | (I'm sure you've missed my typos) | 15:36 |
| lbragstad | i think it would be a problem if we implemented 79 and then xek's patch was 80 | 15:36 |
| lbragstad | then, we would have a problem | 15:36 |
| lbragstad | because we would have to backport 79 and 80 | 15:36 |
| ayoung | Right. | 15:36 |
| redrobot | So it sounds like we're clear to go ahead and merge? | 15:37 |
| lbragstad | i think so? | 15:37 |
| lbragstad | but we should probably 1.) make sure we do the placeholders or 2.) figure out if alembic makes the problem go away 3.) move to alembic anyway since sqlalchemy-migrate is on life-support | 15:38 |
| lbragstad | i think we're one of the only projects still using -migrate | 15:38 |
| ayoung | placeholders would make sense at the end of a release with a lot of database migrations | 15:38 |
| redrobot | 2) Yes. Alembic uses uuid-like strings to identify changes, and they point to the parent, and it's smart enough to know when a patch has already been applied. | 15:39 |
| lbragstad | nice | 15:39 |
| redrobot | Alembic is also good about squashing migrations | 15:39 |
| ayoung | it gives the option of backporting fixes prior to any real work | 15:39 |
| ayoung | Alembic is like git for Databases. I liked it when we evaluated it years back | 15:39 |
| lbragstad | yeah | 15:39 |
| ayoung | But, moving from SQL A to Alembic should be done in a release before any migrations land | 15:40 |
| lbragstad | regardless, we probably need to adopt something soon, we've been putting it off for a long time | 15:40 |
| redrobot | It was nice enough to get merged into SQLAlchemy proper | 15:40 |
| lbragstad | ok - so should we plan and stage that work for Z? | 15:40 |
| ayoung | Actually, it would be a good plan to do it at the end of Y | 15:41 |
| redrobot | lbragstad, we can always Upstream Friday the work. :) | 15:41 |
| ayoung | instead of "the first thing" make it the last | 15:41 |
| lbragstad | someone could PoC it, propose it for review, and we can merge it after plenty of time to play with it in review | 15:41 |
| knikolla | reminds me of https://review.opendev.org/c/openstack/keystone/+/760678 | 15:41 |
| redrobot | oof | 15:42 |
| ayoung | Hmm...now that I think of it, I don;t know that it needs to be first thing. Just needs to be an explicit cut over | 15:42 |
| lbragstad | agreed - but i need more time to think about the migration | 15:42 |
| lbragstad | the good thing is that we don't really have many migration in flight | 15:43 |
| ayoung | I think we are OK so long as we agree that 00X is the last SQL A migration | 15:43 |
| lbragstad | right | 15:43 |
| redrobot | ayoung++ | 15:43 |
| ayoung | and then DB sync does the right thing | 15:43 |
| ayoung | (tm) | 15:43 |
| redrobot | There's a few more patches in the agenda, so I want to move on from this, since it sounds like we have a plan. | 15:44 |
| redrobot | lbragstad, ayoung, knikolla, please +1/+2 the migration backport patch when you get a chance. | 15:45 |
| redrobot | moving on ... | 15:45 |
| redrobot | #topic Review Requests | 15:46 |
| lbragstad | i'd like to get some reviews on some trivial patches | 15:46 |
| lbragstad | #link https://review.opendev.org/c/openstack/keystone/+/806243 | 15:46 |
| lbragstad | #link https://review.opendev.org/c/openstack/keystone/+/806205 | 15:46 |
| lbragstad | #link https://review.opendev.org/c/openstack/keystone/+/810324 | 15:46 |
| knikolla | i already pushed them through :) | 15:46 |
| lbragstad | knikolla noice | 15:46 |
| lbragstad | thanks! | 15:46 |
| lbragstad | nevermind then :) | 15:46 |
| redrobot | that was fast! | 15:46 |
| lbragstad | we should back port those to the train release if possible | 15:47 |
| lbragstad | or as far back as possible | 15:47 |
| redrobot | I'll keep an eye out for cherry-picks | 15:47 |
| lbragstad | because the default sample doesn't make sense and is misleading | 15:47 |
| ayoung | submit them for backport and tag reviewers | 15:49 |
| redrobot | ^^^ | 15:49 |
| redrobot | OK, last topic for today | 15:49 |
| redrobot | #topic Bug Review | 15:49 |
| ayoung | NOt quite last...I added one | 15:49 |
| ayoung | :) | 15:50 |
| redrobot | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:50 |
| redrobot | Looks like no new keystone bugs in the last week | 15:50 |
| lbragstad | lot of untraiged bugs | 15:50 |
| ayoung | The region thing came up years ago | 15:51 |
| redrobot | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:51 |
| redrobot | And no new bugs in python-barbicanclient | 15:51 |
| redrobot | lbragstad, yeah, we've got a topic for PTG to try to triage some of those | 15:51 |
| redrobot | Although there is a lot | 15:51 |
| redrobot | so maybe we should set up a recurring triage meeting until those are all triaged | 15:52 |
| redrobot | something to think about for PTG anyway | 15:52 |
| redrobot | And a last minute topic | 15:52 |
| redrobot | #topic ayoung requests core again | 15:52 |
| ayoung | Just add the bugs to the end of the Keystone meeting that we want to triage and we get through as many of them as we can until the meetingruns out of time | 15:52 |
| ayoung | Yeah, so I'm back in an OpenStack world. | 15:53 |
| redrobot | ayoung, that's also a good suggestion | 15:53 |
| redrobot | ayoung, Welcome back! | 15:53 |
| lbragstad | ++ | 15:53 |
| ayoung | And I am happy to help move patches along again. | 15:53 |
| lbragstad | ack - i think we've only had to do this one other time | 15:53 |
| lbragstad | and that was with gyee | 15:53 |
| redrobot | (lord knows we need it) | 15:53 |
| ayoung | And I know where most of the bodies are buried | 15:53 |
| ayoung | including gyee's | 15:53 |
| ayoung | I mean, he's alive, I mean the bodies that he buried | 15:53 |
| knikolla | lol | 15:55 |
| redrobot | #link https://review.opendev.org/admin/groups/036b9e3b26007375b712b2fa8565e63f652fa3e9,members | 15:55 |
| lbragstad | ayoung how familiar are you with the current code? i know we've changed quite a bit with the flask migration, policy stuff, application credentials, token provider refactor | 15:55 |
| ayoung | I was there for flask migrations and app creds | 15:55 |
| lbragstad | but i can't remember where we were with all that when you stepped away | 15:55 |
| lbragstad | ok | 15:55 |
| lbragstad | cool | 15:55 |
| ayoung | token provider refactor needed to happen | 15:55 |
| * redrobot moves aside and lets ayoung cut in line to core | 15:55 | |
| ayoung | policy stuff...I've been keepingtrack of, and It started before I left | 15:56 |
| ayoung | its not a queue, redrobot | 15:56 |
| ayoung | and I am pretty sure Keystone has no quota on core | 15:56 |
| redrobot | I only know enough Keystone to be dangerous 😁 | 15:57 |
| ayoung | THat goes for all of us | 15:58 |
| ayoung | Keystone IS dangerous | 15:58 |
| redrobot | Almost at the top of the hour | 15:58 |
| redrobot | so we may need to let ayoung's request marinate | 15:59 |
| ayoung | Yeah, that is fine | 15:59 |
| ayoung | this is just the point where I let you know I am willing | 15:59 |
| redrobot | much appreciated, ayoung | 15:59 |
| lbragstad | agreed | 15:59 |
| ayoung | tag me on reviews, please | 15:59 |
| redrobot | #info tag ayoung on all reviews | 16:00 |
| lbragstad | fwiw - i think gyee reviewed for a few weeks until he was comfortable with the code again | 16:00 |
| redrobot | that should keep you busy for a while | 16:00 |
| ayoung | ++ | 16:00 |
| lbragstad | and then cmurphy reinstated him | 16:00 |
| redrobot | we'll revisit next week | 16:00 |
| lbragstad | but - we can work through that - ayoung let me know if there is an area of code you have questions about | 16:00 |
| knikolla | ++ | 16:01 |
| redrobot | thanks for joining, everyone! | 16:01 |
| redrobot | #endmeeting | 16:01 |
| opendevmeet | Meeting ended Tue Sep 28 16:01:25 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:01 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-09-28-15.04.html | 16:01 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-09-28-15.04.txt | 16:01 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-09-28-15.04.log.html | 16:01 |
| lbragstad | ayoung but - i'm fully confident that you'll be able to figure it all out :) | 16:01 |
| ayoung | OK, back to debuggin Ironic cleaning process | 16:04 |
| *** elodilles is now known as elodilles_pto | 20:52 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!