Tuesday, 2013-01-29

« Monday, 2013-01-28 Index Wednesday, 2013-01-30 »
*** heckj has quit IRC00:39
*** cp16net|away is now known as cp16net01:44
*** cp16net is now known as cp16net|away01:45
*** cp16net|away is now known as cp16net01:45
*** robertmyers has joined #openstack-meeting-alt02:02
*** cp16net is now known as cp16net|away02:09
*** chad has joined #openstack-meeting-alt02:15
*** chad is now known as Guest5249502:16
*** Guest52495 is now known as carimura02:16
*** carimura has quit IRC02:23
*** kaganos has quit IRC02:24
*** amyt has joined #openstack-meeting-alt02:28
*** cp16net|away is now known as cp16net02:52
*** grapex has quit IRC03:11
*** grapex has joined #openstack-meeting-alt03:12
*** bdpayne has quit IRC03:27
*** grapex has joined #openstack-meeting-alt03:30
*** grapex has quit IRC04:05
*** grapex has joined #openstack-meeting-alt04:06
*** grapex has quit IRC04:15
*** bdpayne has joined #openstack-meeting-alt04:32
*** chad has joined #openstack-meeting-alt05:16
*** chad is now known as carimura05:16
*** amyt has quit IRC05:28
*** amyt has joined #openstack-meeting-alt05:28
*** cp16net is now known as cp16net|away05:52
*** cp16net|away is now known as cp16net05:53
*** Alagar has quit IRC06:25
*** bdpayne has quit IRC06:47
*** carimura has quit IRC07:38
*** bdpayne has joined #openstack-meeting-alt07:40
*** bdpayne has quit IRC08:55
*** amyt has quit IRC09:29
*** robertmyers has quit IRC13:24
*** robertmyers has joined #openstack-meeting-alt14:31
*** cloudchimp2 has joined #openstack-meeting-alt14:55
*** bdpayne has joined #openstack-meeting-alt15:27
*** rnirmal has joined #openstack-meeting-alt15:44
*** grapex has joined #openstack-meeting-alt15:59
*** grapex has quit IRC15:59
*** grapex has joined #openstack-meeting-alt16:00
*** amyt has joined #openstack-meeting-alt16:00
*** cp16net is now known as cp16net|away16:02
*** amyt_ has joined #openstack-meeting-alt16:07
*** amyt has quit IRC16:07
*** amyt_ is now known as amyt16:07
*** jcru has joined #openstack-meeting-alt16:12
*** amyt has quit IRC16:13
*** amyt has joined #openstack-meeting-alt16:13
*** cloudchimp2 has quit IRC16:34
*** cloudchimp has joined #openstack-meeting-alt16:34
*** amyt_ has joined #openstack-meeting-alt16:36
*** amyt has quit IRC16:36
*** amyt_ is now known as amyt16:36
*** grapex has quit IRC16:39
*** carimura has joined #openstack-meeting-alt16:45
*** amyt has quit IRC16:47
*** amyt has joined #openstack-meeting-alt16:47
*** jcru is now known as jcru|away17:05
*** jcru|away is now known as jcru17:05
*** jcru is now known as jcru|away17:21
*** jcru|away is now known as jcru17:23
*** esp has joined #openstack-meeting-alt17:39
*** esp has left #openstack-meeting-alt17:39
*** heckj has joined #openstack-meeting-alt17:39
*** grapex has joined #openstack-meeting-alt17:43
*** grapex has quit IRC17:43
*** grapex has joined #openstack-meeting-alt17:43
*** kaganos has joined #openstack-meeting-alt17:50
*** carimura has quit IRC17:54
*** carimura has joined #openstack-meeting-alt17:55
*** carimura has quit IRC18:22
*** carimura has joined #openstack-meeting-alt18:23
*** carimura has quit IRC18:24
*** carimura has joined #openstack-meeting-alt18:25
*** vipul is now known as vipul|away18:31
*** kaganos has quit IRC18:43
*** kaganos has joined #openstack-meeting-alt18:45
*** vipul|away is now known as vipul19:11
*** cp16net|away is now known as cp16net19:28
*** vipul is now known as vipul|away20:04
*** vipul|away is now known as vipul20:51
*** hub_cap has joined #openstack-meeting-alt21:45
*** dkehn has joined #openstack-meeting-alt21:52
*** datsun180b has joined #openstack-meeting-alt21:56
*** SlickNik has joined #openstack-meeting-alt21:57
hub_cap#startmeeting reddwarf21:59
openstackMeeting started Tue Jan 29 21:59:26 2013 UTC.  The chair is hub_cap. Information about MeetBot at http://wiki.debian.org/MeetBot.21:59
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:59
*** openstack changes topic to " (Meeting topic: reddwarf)"21:59
openstackThe meeting name has been set to 'reddwarf'21:59
SlickNikhello there21:59
datsun180bhiya21:59
hub_caphowdy SlickNik21:59
vipulhere21:59
hub_capand everyone else :)21:59
hub_cap#link http://wiki.openstack.org/Meetings/RedDwarfMeeting21:59
juicehere21:59
juicepresent22:00
hub_caplets give a minute for the tricklers22:00
dkehnding22:00
jcooleyafternoon22:00
SlickNiksounds good.22:00
*** esp has joined #openstack-meeting-alt22:00
*** imsplitbit has joined #openstack-meeting-alt22:00
imsplitbitbam22:00
hub_caplol hi imsplitbit22:00
imsplitbithowdy22:00
imsplitbitsorry I'm late22:01
hub_capok lets rock this, we have enough22:01
datsun180bhe started a minute early22:01
grapexGreets22:01
*** jdbarry has joined #openstack-meeting-alt22:01
hub_capgrapex says he will be late22:01
datsun180bwon't hold it against him though22:01
hub_capWOAH nice grapex!22:01
imsplitbitgrapex, you live!22:01
hub_cap#topic action items22:01
*** openstack changes topic to "action items (Meeting topic: reddwarf)"22:01
*** yidclare has joined #openstack-meeting-alt22:01
hub_capvipul: link us your bp plz sir22:02
hub_capfor quotas22:02
vipul#link https://blueprints.launchpad.net/reddwarf/+spec/quotas22:02
SlickNikcool, thanks...22:02
vipulannashen, juice added a bunch to this one22:02
vipuli think this needs a good review, and some discussion22:02
vipulwhich i've put as part of the agenda later22:02
hub_caphokey. and we have a topic right?22:02
SlickNikthey've also got a bunch of info up on the openstack wiki...22:03
*** djohnstone has joined #openstack-meeting-alt22:03
hub_capso the testr BP22:03
dkehnlink to the wiki again22:03
vipul#link http://wiki.openstack.org/reddwarf-quotas22:04
SlickNik#link http://wiki.openstack.org/reddwarf-quotas22:04
dkehngotit22:04
juicegrr yes the wiki is more complete let me link to that22:04
juicethanks vipul and nik22:04
hub_capnice22:04
hub_capso lets defer too much convo to the actual topic in the meeting22:04
SlickNikYes, we have a topic for discussion on this,22:04
*** DandyPandy has joined #openstack-meeting-alt22:04
SlickNiksounds good.22:04
hub_capand breeze thru these action items22:04
hub_capas for testr BP, i reviewed last wk. the only suggestion i have is that i dont think we need to put the files that are changing in the BPs22:04
vipultestr Blueprint... I think we had some discussions here in the office, agreed to put everything testr related in /reddwarf/tests/unittest22:04
hub_capotherwise the content is good... cna someone link it?22:04
hub_capok that makes sense22:05
vipul#link https://blueprints.launchpad.net/reddwarf/+spec/testr-unit-tests22:05
*** CaptTofu has joined #openstack-meeting-alt22:05
SlickNikthanks vipul22:05
* CaptTofu is lurking22:05
hub_capHAI!22:05
vipuli think the idea was to show where tests would live, right esp?22:05
hub_capya ive seen a few of the BPs have full file listings22:05
SlickNikwelcome aboard, capt!22:05
espyeah I think so22:05
vipulwelcome CaptTofu22:05
CaptTofuhi!22:06
vipulbut yea, generally probalby don't need to have every file being changed listed in the bp22:06
hub_capthere was another recent one that had the 3 files (the guest conf grant chante one)22:06
CaptTofuone needs a break from chef22:06
hub_cap:)22:06
espwe decided to kill off the 'functional' package and shove everything under unittest I think.22:06
hub_capok that works for me esp22:06
esp#link https://blueprints.launchpad.net/reddwarf/+spec/create-restricted-root-account22:06
esp^^ we are still working out the details of this one22:07
hub_capya i love the content of that BP im just not sure we need the files at the top of it22:07
vipulany opposition to having a seaprate dbaas.conf file?22:07
espbut yeah it involves adding a new config for the grant22:07
hub_capid prefer a separate guest conf file personally22:07
hub_capso we know where the split is if we create a different guest :)22:07
espk, I will fix the content of the BP22:08
hub_capbut we got a bit OT on that one :)22:08
hub_capwe are on housing multiple images action item22:08
cp16net#agrees with hub_cap on separate guest conf22:08
hub_capi think weve beat that one to the ground right?22:08
SlickNiklol, yea…I think so...22:08
hub_cap:)22:08
vipulesp: seems like we need a separate one then22:08
espvipul: yeah I'm good with that22:09
hub_capya /me wants separate config.. it makes more sense22:09
vipuljust to be clear, there's gonna be a guestagent.conf.. and another conf for things like grants22:09
hub_capok now im confused22:09
vipulthigns that are hard-cdoed in dbaas.py could live there22:09
vipullol22:09
hub_caplets table this22:09
vipulthough so22:09
espalso note that we are note going to put the actual GRANT stmt in the config but we'll build it in code as per steveleon22:09
vipulcome back to it22:09
hub_capand put it on the agenda so we can get thru action items22:09
espk22:10
hub_capvipul: can u amend the agenda?22:10
hub_capSlicknik working on making integration tests run post devstack install + local.sh run for CI <-- you are up SlickNik22:10
vipulyep22:10
hub_capshould we table this to the CI section?22:10
SlickNikOkay, so I'm fixing up the two problematic tests...22:10
hub_capthere are 2 action items SlickNik owns, go head and chat em up22:11
SlickNikissues were being caused by apparmor and upstart trying to continuously start up mysql.22:11
hub_capproblematic tests? speed wise? or mucking up content?22:11
hub_capAHH22:11
hub_capim pretty sure upstart _is_ the devil22:11
SlickNikbecause of this the log files were never actually getting _fixed_22:11
hub_capya, grapex told me about that one recently22:12
vipulit's the restart tests - problem only seems to be evident on cloud servers.. since it's much slower22:12
SlickNikanyhow, after these fixes are in all the blackbox tests should run clean.22:12
hub_capcoolness22:12
SlickNikAlso, we had to take some smaller fixes to make the build/tests run under devstack-vm-gate.22:12
hub_capthats great news. then its hook into gerrit time :)22:12
grapexDid it seem like there was anything we could change to make the tests catch that bug every time?22:13
hub_capcool SlickNik i figured there would be a bit of work there...22:13
cp16netthats awesome news!22:13
grapexInstead of just on the slower environment?22:13
SlickNikand there's a couple more I need to code up that have to do with us always using 10.0.0.1 for the host ip..22:13
SlickNikvm-gate uses 10.1.0.122:13
vipulgrapex: I think an explicit 'stop' call may work22:13
dkehnand timeout issues with test_instance_created22:13
hub_capSlickNik: Ahhhh i was wondering why u mentioned removing that 10.0.0.1 hardcode... thx for the info22:14
SlickNikShould be able to get to that by tomorrow, so ever inching closer.22:14
hub_capso that takes care of 4, 5, and 622:14
hub_capSlickNik: AWESOME22:14
vipulhub_cap: http://eavesdrop.openstack.org/meetings/reddwarf/2013/reddwarf.2013-01-22-22.01.html22:14
hub_capvipul: #7 is you, once u and grapex figured out the apparmore thing u were good to og right?22:14
vipulare you on the right one?22:14
hub_capWEAK vipul no im not22:15
hub_capstale link22:15
vipullol22:15
vipulwas cornfused22:15
SlickNikheh, I was wondering too..22:15
hub_capso that takes care of 2, 3 and 4 :)22:15
juicejust one other note - on images, test and performance…I am digging into the over performance issues with the disk image builder images22:15
vipul#info juice looking into why diskimage builder images are slower22:16
hub_capif its over performing lets not look at it too hard /rimshot22:16
juiceI wish22:16
cp16netlol22:16
juicehub_cap: its a dog22:16
* hub_cap sheds a tear22:16
hub_capso i spoke w/ heckj wrt the api22:17
SlickNikI think it's an overperforming underperformer :P22:17
hub_cap:)22:17
vipulheh22:17
heckj??22:17
hub_caphi lurker22:17
* heckj waves22:17
heckjI thought I'd been summoned22:17
hub_capnope just talked _about_22:17
hub_capwe exchanged emailses about the spec and what some good lessons learned are, ill foward them to u vipul22:17
vipulsoudns good22:18
hub_cap#action hub_cap to forward joe hecks (so i dont mention his irc name heckj) email to vipul22:18
heckjheh22:18
hub_capsee how i did that there :P22:18
hub_capso our internal team does _not_ like the 1.0 2.0 spec change22:18
hub_capso we might just roll w/ a 1.1 spec22:18
heckjvipul, hub-cap: I don't think anything was terribly private in there, do with it as you please22:19
hub_cap<3 heckj22:19
hub_capand we are currently reviewing the internal 1.0 spec as per our doc writer, it should be up soon22:19
vipulhub_cap... what's the issue with 1.1 vs 2.0?22:19
heckjmostly my with-a-bourbon reflections on what went ok and what fucked up doing spec writing and pimping22:19
hub_capmmmm bourbon22:19
hub_capwell since we havent changd the api significantly from the 1.0 api, why not roll w/ 1.1 since its just mroe features22:20
hub_capwas their question.. and it makes sense22:20
vipulright, agreed, not a compatilibity change22:20
hub_capno reason to go 2.0 until we break the 1x contract22:20
hub_capyup22:20
SlickNikgotcha22:20
vipulhub_cap: you have a 1.1 API flushed out?22:21
hub_capvipul: nope we have a full day meeting planned next wk22:21
hub_capso any features u have already fleshed out, send our way22:21
hub_capor btter yet, blueprint :)22:21
vipulhub_cap: please forward our way22:21
vipulhub_cap: we have a snapshots blueprint just filed22:21
vipulI need to come up with an API around it22:21
hub_capDEF. itll be up on the database-api (but ill send u a working copy first)22:21
vipulthat's not quite int he BP yet22:21
hub_capcool22:21
hub_capya id like ot not reinvent the wheel for that since uve done it already22:22
hub_capand we have done work for the my.cnf edits api as well22:22
hub_capso we can turn it into a nice little doc and go bakc and forth a bit on it22:22
hub_cap#link http://wiki.openstack.org/Reddwarf22:22
hub_cap^ ^ needs love22:22
vipulcool... hopefuly next couple of weeks we can get a few of thos big items flushed out22:22
hub_capvipul: i think next week ill have something for u22:22
hub_capi do like that yall put the quotas BP up on that, and i like even more the under construction sign is still there :)22:23
hub_cap(sorry ive moved on to the next action item)22:23
vipul#action everyone add more content to wiki22:23
hub_cap#agreed22:23
hub_capjuice: percona bits to integration, hows that comin?22:24
juiceI can document the disk image builder stuff there22:24
hub_capnice plz do juice22:24
juicehub_cap: that was handed off to two folks here22:24
juiceI think they are just working on getting the flags/switches in there22:24
vipulSlickNik or I can document how to get RD intalled with devstack22:24
hub_capgreat. who is the new handler?22:24
juiceThough I don't know if they have yet gotten guest agent to set status to ACTIVE22:24
SlickNik#action SlickNik to document info about the new devstack - redstack build to the wiki22:24
vipulthanks22:25
SlickNikno worries, I'll run it by you vipul...22:25
vipulkaganos, kmansel22:25
hub_capok perfect22:25
kaganoshey22:25
vipulupdates on Percona image?22:25
kaganossorry, we're head down into something here ...22:25
kaganoswhat was the question?22:25
hub_cap#action kaganos and kmansel own percona bits for integration22:25
hub_capkaganos: just wondering update on status, no worries22:25
kaganosk22:26
hub_capdo what u gotta do we can talk in #reddwarf later22:26
kaganosstatus="working on it...22:26
kaganos"22:26
hub_cap:)22:26
hub_capha i got my smiley in your quotes22:26
hub_capso grapex and steveleon, how did the test reviews go?22:26
vipulI know the final review got merged...22:27
vipulguest agent 100%22:27
grapexThere's one open from Deniz Demir I haven't looked at yet. Sorry, I've been ill.22:27
hub_capnice!!22:27
steveleonyup22:27
steveleonhad some help from grapex....22:27
hub_capgrapex: caught the black lung22:27
SlickNikgrapex is here!22:28
SlickNikhope you're feeling better...22:28
hub_capand consequently is also a merman22:28
annashenwhat's black lung22:28
grapexThanks22:28
juicegrapex: flu or cold?22:28
vipultoo many cigarettes22:28
grapexhub_cap: water is the essence of liquid22:28
CaptTofucigarattitis22:28
steveleonvipul, you were saying that there was some intermittent failures with some tests22:28
hub_capgrapex: :)22:28
vipulsteveleon: yes, saw that last night on the 'coverage' patch... sqllite tests fail from time to time22:28
*** carimura has quit IRC22:28
vipulsince they are run parallel22:29
steveleonugh... i wonder if it is the fake id we are passing22:29
hub_capdid yall do the randomizing thing to it?22:29
grapexvipul: lifeless mentioned that if we ran those tests with sqlite in memory only, we'd get rid of those parallel problems22:29
hub_capisint that what the nova/cinder/etal tests do?22:30
vipulwe probably should just do that... no point in having a separate file, since i think we teardown/recreate db22:30
vipulon each test22:30
grapexvipul: Yeah, we never actually make use of persiting the sqlite db.22:30
grapexI'll make a blueprint to change that.22:30
vipul#action grapex to file BP on in-memory sqlite22:30
steveleonwouldnt a bug be sufficient?22:31
juiceI think it's just a param for connecting to sqllite22:31
vipulsteveleon, bug works too, shoudl be small22:31
grapexsteveleon: Is it breaking anything yet?22:31
*** carimura has joined #openstack-meeting-alt22:31
juicedb:men or something like that22:31
SlickNikrackers just want to flaunt the fact that they can create new bps :P22:31
steveleoni havent seen22:31
steveleonbut it has been passing most of the time22:31
grapexI say bp because we'll need to update redstack too. :(22:31
steveleoni havent seen it fail running it locally22:32
SlickNikAh, I see grapex…22:32
steveleonok bp sounds good22:32
vipullast action item...22:32
hub_capok so the last action item is qutoas22:32
steveleoni think it might just be a name change22:32
steveleonso instead of specifying the filename, you specify ":memory:"... or something like that22:33
vipulhub_cap you mentioned there was no consensus?22:33
datsun180bthat sounds about right22:33
hub_capwellllll..... vipul22:33
datsun180bwrt :memory: and sqlite22:33
hub_capthe consensus is that everyone has their own till someone ponys up and works on the kyestone one22:33
hub_capso that seems to me that we could do that as well22:34
hub_capwe will be using repose so i dont think we will be contributing cycles to it, but we welcome reviews to makeing it a better system...22:34
hub_capi know currently we only have max volumes and max geebees22:34
vipuli'd like to get a solution in there, that doesn't involve fixing up CI to support Java22:35
vipulso that's why i lean towards an embedded solution22:35
hub_capsure, we might just keep the java bits internal22:35
vipula stop-gap until its added to keystone, or some place better22:35
hub_capapt-get install apache-tomcat ;)22:35
hub_capcool.. well that maeks the quotas conversation easy22:36
hub_caplets go on to CI tho as per th emeeting22:36
vipulmight be that simple.. but it'll be a much bigger deal in openstack-ci me thinks22:36
hub_capyup22:36
juicehub_cap: why do you like the repose solution?22:36
vipulyep, have an item to dicuss futher later anyway22:36
hub_cap#topic testing-ci22:36
*** openstack changes topic to "testing-ci (Meeting topic: reddwarf)"22:36
hub_capso i tihnk we got updated w/ whats going on w/ CI right? lets summarize22:36
hub_cap#info SlickNik working on getting CI tests working w/ devstack vm gate, fixing small issues, support to come soon22:37
SlickNikyes..22:37
hub_capis that good?22:37
hub_capanything more to add SlickNik?22:37
*** djohnstone has quit IRC22:38
SlickNik#info dkehn also working on devstack-vm-gate22:38
SlickNiknope that's it.22:38
vipulshould have it pushed up to openstack CI this week (hopefully)22:38
SlickNikThe black box tests should be good to go soon.22:38
grapexSlickNik: Nice!22:38
dkehnthats if no more issues22:38
vipulyup22:39
SlickNikJust some more closing up on the devstack-vm-gate issues that keep cropping up. :)22:39
*** djohnstone has joined #openstack-meeting-alt22:39
hub_capthatll be so cool22:39
hub_capok do we have any unit test stuffs to talk about?22:39
hub_capif so ill mod the title otehrwise ill skip it22:39
vipulnope22:39
hub_caphokey22:40
hub_cap#topic quota consensus22:40
*** openstack changes topic to "quota consensus (Meeting topic: reddwarf)"22:40
hub_capso i feel like we have consensus, let me sumarize22:40
hub_cap#info quota support that mirrors cinder/nova will be added to reddwarf for the short to medium term22:41
hub_cap#info eventually we will use what the other openstack projects use but that has yet to materialize22:41
juicebut rackspace is using repose22:41
hub_cap#info rax to use repose internally22:41
vipulhub_cap.. quick question about repose.. won't you need to add repose APIs ?22:41
juicecan I ask why you guys like that solution22:41
hub_capjuice:  rax wrote repose, and uses it :)22:42
juicehub_cap: that's a good answer22:42
hub_capvipul: ya if we _have_ to add apis we can22:42
vipulhub_cap: ok..22:42
juiceas a matter of design/architecture what do you like about it22:42
vipulhub_cap: rate limits, we ok with similar approach to nova?22:42
hub_caprate limits will be another one too...22:42
hub_capvipul: ya i think so vipul, we should call them limits, not quotas22:43
hub_capto support rate and absolute22:43
vipulyup.. limits.py, possibly a request filter22:43
hub_capjuice: we are evaluating it now, so lets give u that answer next wk22:43
hub_cap:D22:43
juiceokie22:43
hub_capdjohnstone: is your man for that22:43
djohnstoneback looking at that tomorrow22:43
vipulhub_cap: there may be two use cases, one a filter (rate limits) and quotas really are checked upon time of creation)22:43
hub_caphe just started on it but he can give a summary next meeting22:43
vipulso may make sense to have them different22:44
hub_capvipul: likely there will be 2 different things22:44
hub_capi just meant we need to support limits of all types22:44
hub_capnot that the code shoudl be the same :D22:44
vipulya22:44
vipulok22:44
hub_capi mean, if yall get limits done and they are AWESOME then we might use them :P22:44
vipul#action djohnstone to give us an update on Repose?22:44
hub_caplol question mark at the end of that hah22:45
djohnstonethanks vipul22:45
cp16netlol22:45
vipulmakes it optional :D22:45
hub_caphahah nice22:45
hub_capok we feel good about limits?22:45
vipulok we good, juice?22:45
SlickNikSounds like a plan to me.22:46
juiceyup22:46
hub_capcoolness22:46
hub_cap#topic User Management22:46
*** openstack changes topic to "User Management (Meeting topic: reddwarf)"22:46
vipulthis is regarding the BP linked earlier...22:46
vipulwe wnat to be able to control grants given to root user on 'enableRoot'22:47
SlickNikesp was briefly mentioning it earlier as well...22:47
hub_capah okey. shall we discuss the multi config file together?22:47
hub_capvipul: i dont blame u for that. i think we talked about that too a while ago22:47
vipulyes... any opposition to having those grants live in a separate config (different from guestagent.conf)22:47
vipulsince dbaas.py -- has a ton of grants/sql statement hard coded22:47
steveleonso is it established that there will be a new conf file used only for root-privileges purposes?22:48
vipulpossibly this would be a config file that is gearted towards configuring dbaas.py22:48
hub_capso _why_ do we need yet another conf file?22:48
hub_capwhy cant we just put anotehr option in the conf file22:48
hub_capi thought, when i read that last night, that we were putting it all in the standard reddwarf.conf and got confused22:48
datsun180bdbaas.py is going to get even more grants and statements shortly :322:48
vipulwe _could_... although the thinking is that we're configuring a subset of the geust agent22:48
hub_capnot the guest.conf22:48
vipulno, not guest.conf that's diff22:49
hub_capvipul: but there is no notion of having > 1 config file anywehre in openstack... it just seems like its going against the current so to speak22:49
hub_capok so these are run by the guest, right?22:49
hub_capthe grants22:49
datsun180bthey are22:49
steveleoncorrect22:49
hub_capwhy would the grants not be in the conf file that is given to the guest22:49
vipulright... where do we move hard-coded sql statements22:49
steveleoni was under the impression that you didnt want the option in the guestagent.conf22:50
hub_capsteveleon: i was confused last night when i said that22:50
hub_capi saw reddwarf.conf i thought in that blueprint22:50
datsun180bi vote pull them not into a static config file but as a module to be imported by dbaas.py22:50
espinitially we were putting the full GRANT stmt in the config file which was pretty gross22:50
grapexIs the idea that the image could be build with a conf file that lives in it with the grants, and the dynamic conf file would just point to it?22:50
steveleonmy opinion is to put them in the guestagent.conf22:50
espdatsun180b: that's the approach sorta22:50
espso the ?.conf file will have a property:  root_grant= create delete update alter ….22:51
vipuldatsun180b.. there are certain things may need to enumerated.. like a list of privs that guest agnet could construct a grant statement from22:51
hub_capthey are config values.... everyone will have different config values for their setups22:51
steveleonput a list of all the privileges that root will have in a config file.. preferably guestagent.conf22:51
espand we will use the properties to build the GRANT stmt in code.22:51
hub_capsteveleon: it _only_ seems right to put them there steveleon... im sorry for confusion22:51
steveleonand dbaas.py will read from it and generate a grant sql query22:51
hub_capi feel like the email i sent out last night has caused all this22:51
espnah, we've been going back and forth on this22:52
hub_capgeneral rule of thumb. if its a config that only the guest will use, put it in the guest.conf22:52
espit's already changed like 522:52
espx22:52
hub_capif it sgonna differ from install to install put it in _a_ conf (not code)22:52
vipulso... i see two tracks.. put them in a module imported by dbaas.py... another to add to reddwarf-guestagent.conf22:52
hub_capso given that both of those are true, it seems it should be ina config right?22:52
datsun180bwe have our own homegrown Query class to facilitate guest agent queries, we can build a Grant to go with it22:52
espyep, I see no big deal putting it into reddwarf-guestagent.conf22:53
hub_capesp: #agreed22:53
grapexI like the config idea too.22:53
vipulright, let's go with reddwaf-guestagent.conf22:53
espdatsun180b: let's chat after, seems like that direction I'm going22:53
vipul#info static grants to be configurable through reddwarf-guestagent.conf22:53
hub_cap#agreed22:53
steveleonanother thing that surge from this discussion is the ability to have a disable-root feature22:53
SlickNikI prefer having it in a conf, rather than a module since it really is configuration.22:53
cp16net#agreed22:53
vipulok.. next item around this22:54
vipuladding a new API to disable root user22:54
steveleonthis will make it easier for support to see if and how long the user have used root privileges22:54
vipul#link https://blueprints.launchpad.net/reddwarf/+spec/revoke-root-user-api22:54
vipulsteveleon just filed22:54
*** DandyPandy has left #openstack-meeting-alt22:54
vipulany reason to not add this API?22:54
hub_caphmm... this is going to be a contention point :)22:54
datsun180besp: please do22:54
hub_capwell... we dont add it cuz once u enable root your support model changes22:55
hub_capbut thats a rackspace specific thing22:55
vipulright, but you have a history of if it was ever enabled22:55
datsun180bbreaking the seal voids your warranty, in short22:55
vipulso it's something that you could still use to determine that22:55
hub_capdatsun180b: exactly22:55
hub_capvipul: there is, ther is a root history table22:55
grapexI guess I don't see the point of disabling root once you have it, since by then the support model already changes.22:55
hub_capwell the support model should not govern the code22:56
grapexTrue22:56
hub_capand thats why i said "its a rax specific thing"22:56
vipulgrapex: there may be scenarios when the user needs it for a period of time to diagnose an issue.. but possible needs to turn it off when done22:56
hub_capso im kinda at odds w/ my brain here22:56
grapexbut I'm trying to figure out why someone would want that22:56
hub_capi see from a permissions standpoint22:56
hub_capdont want root being enabled remotely forever22:56
hub_capbut want to get in, touch something, and get out22:56
hub_capright?22:56
grapexvipul: I think then that may be a different concept. It seems like you're giving someone temporary root permissions, like say someone in support. Like it could be a mgmt api.22:56
espdoes the calling root create api to enable root multiple times have the same effect as resetting the root password?22:56
vipulright, and another tangent.. problay wnat a role-based access to the 'enableRoot' API22:57
steveleonhub_cap: correect22:57
grapexesp: Yes22:57
vipulhub_cap: exactly22:57
vipulgrapex: i don't see managemnt api something end user would have access to22:57
vipuli see a 'dba' at some company that needs temporary elevated access22:57
hub_capok i think that we need to talk internally about this22:58
vipulhub_cap.. ok, we just filed this today.. please review, add comment to BP22:58
espyeah I'm not sold yet :)22:58
hub_cap#action hub_cap to get back to vipul on root rmemove22:58
hub_capwow rmemove?!?!22:58
cp16netyeah well we have history of when root was enabled22:58
hub_cap#action hub_cap to learn how to type22:59
vipulcp16net: right, that's what would be the determining thing for your suppor tmodel i'd imagine22:59
espcp16net: yeah the history thing is cool.  we were pondering how disable would fit in22:59
vipulesp: temporary elevated privileges22:59
datsun180bhow can we determine which users can and can't use which api functions? would that eventually just grow into ACLs on api calls?22:59
cp16netyeah we need to talk about this internally to figure that out22:59
vipuldatsun180b: we need to add additonal roles i think to API23:00
vipulenableRoot shoudl only be accessible with a higher privileged user i thnk23:00
hub_capwe need a policy like nova possibly...23:00
vipulthat's a different discussion23:00
datsun180buser, superuser, and mgmt?23:00
vipulyep23:00
cp16netthat could be handled with keystone right?23:00
hub_capbut it can be whatever u want it to be... its configurable (nova policy)23:01
hub_capexactly cp16net23:01
espmaybe would could enable root with a timeout…but perhaps that just complicates things...23:01
hub_capesp: naw, some people want root 200% of the tiem :)23:01
cp16netthats x223:01
datsun180bjust an authentication that doesn't allow renewals23:01
SlickNikesp: I thought about that, but I don't like it...23:01
datsun180bthere's your timeout23:01
espyeah makes sense23:01
hub_capok so we never changed topic to the dbaas.py/conf file, but we have consensus ya?23:02
hub_capill topic change and jot it down23:02
vipuloh yea, forgot that was a separate item23:02
vipulwe're good on that one now23:02
SlickNikesp: I don't think that there would be a one size fits all timeout, so then we'd have to get into the business of configuring that, which could potentially get messy23:02
hub_capok lets just #info it then23:02
datsun180bthrowing my hat in for that one23:02
espSlickNik: yep.  I hear ya.23:02
cp16netSlickNik: yeah that would be messy quickly23:02
vipul#info grants will go into reddwarf-guestagent.conf, not a separate file23:02
hub_cap#info guest conf for configurable sql queries until we have a better solution23:02
hub_capdoh u beat me to it23:02
hub_cap#topic open discussion23:03
*** openstack changes topic to "open discussion (Meeting topic: reddwarf)"23:03
hub_capi dont have long, i have to run and clean my house (closing is thursday)23:03
cp16netJOY23:03
hub_capthats my open discussion :)23:03
SlickNikfun23:03
esphub_cap: congrats!23:03
steveleonare you living in the bay-area now?23:03
vipul#action vipul to file BP on additional roles in reddwarf (user, superuser, admin)23:03
SlickNikFYI, it's worth a mention that the tests are successfully running on RAX cloud :)23:04
vipulwoah nice23:04
hub_capWOOO23:04
grapexCool23:04
espvipul: is that to address the revoke api call? or something else?23:04
hub_capsteveleon: i will be flying out soon to look for a place, im in an apartment here23:04
cp16netawesome23:04
hub_capin austin23:04
vipulesp: it will be related to that... as well as limiting who can call 'enableRoot23:04
hub_capvipul: i tink that we should not be specific on that23:04
hub_capif we do a policy like nova does, it wont matter what _roles_ u want23:05
hub_capif u can say a user of role X can execute things in module Y23:05
hub_capwhich is what the nova policy file does23:05
vipulhub_cap: ok, will mention that in BP.. have a policy that dictates RBAC23:05
cp16net#define RBAC?23:05
vipulrole based access control :D23:06
SlickNikRole Based Access Control, I believe.23:06
cp16netok :)23:06
hub_capvipul: yar23:06
hub_capit _kinda_ does that currently23:06
vipulright, but it's limited to user/admin only?23:06
hub_capits limited to whatever u want really23:07
SlickNikCurrently just admin/non-admin, right?23:07
hub_capas long as u configure it23:07
hub_caphttps://github.com/openstack/nova/blob/master/etc/nova/policy.json23:07
hub_capu can make yoru own groups23:07
vipul#info https://github.com/openstack/nova/blob/master/etc/nova/policy.json23:07
vipuljust what i needed23:07
hub_capits just a Yes/No system really, so u can make the groups yourself based on the expressions23:07
cp16netnice23:07
cp16netwhat applies this policy though?23:08
vipulwhere do you implement the rule23:08
vipuladmin_or_owner example23:08
hub_cap    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",23:08
hub_cap    "context_is_admin":  "role:admin",23:08
hub_capthose are at the top23:08
vipuloh duh23:08
hub_capso u can say what the roles are :)23:08
hub_capand then put them accordingly in teh stuf down below23:08
hub_cap:D23:09
SlickNikI see.23:09
vipuland it's just a filter that get's added to wsgi?23:09
hub_capnow that im not 101% sure about but that _seems_ like itd be the only place for it23:09
hub_capi havent looked into how it works23:09
vipulok, cool that's a good start thanks for the info23:09
hub_capnp!!23:10
hub_capi think itll hold us over till keystone has decent rbac23:10
hub_capgod i wish thsi was all in nova-common23:10
hub_caperr, oslo-incubator23:10
cp16netyeah that _could_ work temp23:10
*** esp has quit IRC23:10
hub_capok im out of things to discuss23:11
hub_capanyone else?23:11
vipulyea temp is fine23:11
vipulnope.. i'm good23:11
*** esp has joined #openstack-meeting-alt23:11
hub_capvipul: sweet23:11
hub_capwelcome back esp23:11
hub_cap:P23:11
vipulexcess flood?23:11
cp16netesp's water was rising...23:11
cp16net:-P23:11
espsorry..23:11
vipulheh23:11
hub_caphis float bobber got too high and pulled the blug23:11
hub_cap*plug23:11
hub_cap#action hub_cap still cant type23:12
espman tough crowd today.23:12
hub_capwait thats mroe info23:12
hub_capLOL23:12
hub_capok im gonna call this23:12
cp16netkeep trying and surely one day....23:12
hub_capcp16net: LAWL23:12
hub_cap#endmeeting23:12
*** openstack changes topic to "OpenStack meetings (alternate) || Development in #openstack-dev || Help in #openstack"23:12
openstackMeeting ended Tue Jan 29 23:12:26 2013 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)23:12
openstackMinutes:        http://eavesdrop.openstack.org/meetings/reddwarf/2013/reddwarf.2013-01-29-21.59.html23:12
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/reddwarf/2013/reddwarf.2013-01-29-21.59.txt23:12
openstackLog:            http://eavesdrop.openstack.org/meetings/reddwarf/2013/reddwarf.2013-01-29-21.59.log.html23:12
hub_capu know we might not be the most productive but we are the most fun meeting :)23:12
vipulgood times23:12
*** robertmyers has left #openstack-meeting-alt23:12
cp16netpeace23:12
*** hub_cap has left #openstack-meeting-alt23:12
SlickNikthanks all23:12
grapexSee you later!23:13
SlickNiklater...23:13
*** SlickNik has left #openstack-meeting-alt23:13
espthx23:13
*** djohnstone_ has joined #openstack-meeting-alt23:14
*** dkehn has left #openstack-meeting-alt23:14
juicelate23:15
*** SpamapS has quit IRC23:15
*** djohnstone has quit IRC23:16
*** bdpayne has quit IRC23:16
*** jcru has quit IRC23:17
*** djohnstone_ has quit IRC23:18
*** jdbarry has left #openstack-meeting-alt23:20
*** grapex has quit IRC23:20
*** bdpayne has joined #openstack-meeting-alt23:23
*** cloudchimp has quit IRC23:27
*** carimura has quit IRC23:34
*** carimura has joined #openstack-meeting-alt23:34
*** esp has left #openstack-meeting-alt23:37
*** yidclare has left #openstack-meeting-alt23:40
*** rnirmal has quit IRC23:50
« Monday, 2013-01-28 Index Wednesday, 2013-01-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!