Tuesday, 2018-08-07

*** tetsuro_ has quit IRC		00:01
*** gyee has quit IRC		00:06
*** zhurong has joined #openstack-meeting-alt		00:22
*** harlowja has quit IRC		00:26
*** tetsuro_ has joined #openstack-meeting-alt		00:44
*** tetsuro_ has quit IRC		01:01
*** hongbin has joined #openstack-meeting-alt		01:03
*** erlon has joined #openstack-meeting-alt		01:06
*** tetsuro_ has joined #openstack-meeting-alt		01:09
*** erlon has quit IRC		01:13
*** pbourke has quit IRC		01:17
*** pbourke has joined #openstack-meeting-alt		01:18
*** erlon has joined #openstack-meeting-alt		01:26
*** zhurong has quit IRC		01:26
*** tetsuro_ has quit IRC		01:27
*** tetsuro_ has joined #openstack-meeting-alt		01:28
*** tetsuro_ has quit IRC		01:34
*** tetsuro_ has joined #openstack-meeting-alt		01:41
*** tetsuro_ has quit IRC		01:44
*** tetsuro_ has joined #openstack-meeting-alt		01:53
*** lbragstad has quit IRC		02:18
*** tetsuro_ has quit IRC		02:19
*** tetsuro_ has joined #openstack-meeting-alt		02:23
*** tetsuro_ has quit IRC		02:26
*** erlon has quit IRC		02:45
*** tetsuro_ has joined #openstack-meeting-alt		02:50
*** markstur_ has quit IRC		02:53
*** tetsuro__ has joined #openstack-meeting-alt		02:53
*** tetsuro_ has quit IRC		02:54
*** markstur has joined #openstack-meeting-alt		02:55
*** tetsuro__ has quit IRC		02:59
*** markstur has quit IRC		03:00
*** jhesketh_ is now known as jhesketh		03:14
*** diablo_rojo has quit IRC		03:25
*** dave-mccowan has quit IRC		03:31
*** liuyulong has joined #openstack-meeting-alt		03:34
*** markstur has joined #openstack-meeting-alt		03:37
*** tetsuro_ has joined #openstack-meeting-alt		03:39
*** janki has joined #openstack-meeting-alt		03:41
*** markstur has quit IRC		03:42
*** tetsuro_ has quit IRC		03:47
*** tetsuro_ has joined #openstack-meeting-alt		03:48
*** tetsuro_ has quit IRC		03:51
*** jaypipes has quit IRC		04:02
*** jaypipes has joined #openstack-meeting-alt		04:02
*** tetsuro_ has joined #openstack-meeting-alt		04:12
*** hongbin has quit IRC		04:15
*** markstur has joined #openstack-meeting-alt		04:18
*** markstur has quit IRC		04:23
*** markstur has joined #openstack-meeting-alt		04:39
*** markstur has quit IRC		04:44
*** e0ne has joined #openstack-meeting-alt		05:00
*** markstur has joined #openstack-meeting-alt		05:00
*** markstur has quit IRC		05:05
*** tetsuro_ has quit IRC		05:15
*** markstur has joined #openstack-meeting-alt		05:21
*** tetsuro_ has joined #openstack-meeting-alt		05:22
*** markstur has quit IRC		05:26
*** tetsuro_ has quit IRC		05:27
*** cloudrancher has joined #openstack-meeting-alt		05:31
*** e0ne has quit IRC		05:58
*** tetsuro_ has joined #openstack-meeting-alt		05:59
*** apetrich has joined #openstack-meeting-alt		06:01
*** e0ne has joined #openstack-meeting-alt		06:02
*** tetsuro_ has quit IRC		06:02
*** tetsuro_ has joined #openstack-meeting-alt		06:02
*** cloudrancher has quit IRC		06:12
*** markstur has joined #openstack-meeting-alt		06:30
*** markstur has quit IRC		06:36
*** tetsuro_ has quit IRC		06:36
*** cloudrancher has joined #openstack-meeting-alt		06:49
*** markstur has joined #openstack-meeting-alt		06:52
*** cloudrancher has quit IRC		06:52
*** markstur has quit IRC		06:56
*** e0ne has quit IRC		07:02
*** dpawlik has joined #openstack-meeting-alt		07:23
*** markstur has joined #openstack-meeting-alt		07:34
*** e0ne has joined #openstack-meeting-alt		07:35
*** markstur has quit IRC		07:39
*** ahrechny has joined #openstack-meeting-alt		07:39
*** e0ne has quit IRC		07:41
*** rmart04 has joined #openstack-meeting-alt		07:44
*** e0ne has joined #openstack-meeting-alt		07:52
*** e0ne has quit IRC		07:53
*** apetrich has quit IRC		07:56
*** slunkad has quit IRC		07:58
*** yamamoto has joined #openstack-meeting-alt		08:00
*** kopecmartin has joined #openstack-meeting-alt		08:03
*** ahrechny has left #openstack-meeting-alt		08:07
*** yamamoto has quit IRC		08:07
*** rcernin has quit IRC		08:11
*** GeraldK has joined #openstack-meeting-alt		08:11
*** Emine has joined #openstack-meeting-alt		08:16
*** markstur has joined #openstack-meeting-alt		08:17
*** markstur has quit IRC		08:21
*** sayalilunkad has joined #openstack-meeting-alt		08:31
*** panda\|rover-ish is now known as panda\|rover		08:33
*** markstur has joined #openstack-meeting-alt		08:38
*** markstur has quit IRC		08:43
*** yamamoto has joined #openstack-meeting-alt		08:46
*** derekh has joined #openstack-meeting-alt		08:46
*** tetsuro_ has joined #openstack-meeting-alt		08:53
*** priteau has joined #openstack-meeting-alt		08:55
*** markstur has joined #openstack-meeting-alt		08:59
*** GeraldK has quit IRC		09:00
*** masahito has joined #openstack-meeting-alt		09:01
masahito	#startmeeting blazar	09:01
openstack	Meeting started Tue Aug 7 09:01:39 2018 UTC and is due to finish in 60 minutes. The chair is masahito. Information about MeetBot at http://wiki.debian.org/MeetBot.	09:01
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	09:01
openstack	The meeting name has been set to 'blazar'	09:01
tetsuro_	o/	09:01
masahito	Hi blazar folks, time to weekly meeting	09:01
priteau	Hello everyone	09:02
masahito	#topic RollCall	09:02
priteau	o/	09:02
masahito	tetsuro_, priteau: hello	09:02
masahito	Today's agenda is	09:02
masahito	1. RC1 release	09:03
masahito	2. Next two weekly meetings	09:03
masahito	3. AOB	09:03
masahito	anything else?	09:03
*** markstur has quit IRC		09:04
masahito	#topic RC1 release	09:04
masahito	uhmmmm... the bot doesn't seem to react some commands.	09:05
masahito	Anyway, 9th August is RC deadline for Rocky cycle	09:05
masahito	I'll create put the tag and its branch tomorrow.	09:06
priteau	I am working on important fixes for bugs we've seen in production, can we merge them after RC1?	09:07
masahito	Does someone have any special patches?	09:07
priteau	My patches are not ready yet, actively working on them	09:08
masahito	priteau: Before the official release, we can backport the fix from master to stable/rocky. Then need to put RC2 tag	09:08
priteau	OK	09:08
masahito	The final release is week of 20th Aug. https://releases.openstack.org/rocky/schedule.html	09:08
priteau	Not much time left	09:09
masahito	I'm also hitting a problem at polling_hostmonitor in my local. I'm investigating the issue is caused by a bug or my settings.	09:10
priteau	Is that for the health check?	09:10
masahito	priteau: If your patch is late for the official release, we could backport it after the week and release 2.0.1 later.	09:11
*** yamamoto has quit IRC		09:11
masahito	priteau: yes. Related to authorization issue.	09:11
priteau	I am planning to test health check in our Chameleon environment as we upgrade to Rocky, so I will let you know if I see the issue	09:13
masahito	I'm expecting the auth error is caused by my wrong config and the another error happening in error handling is caused by a bug.	09:13
masahito	Got it. I'll also share its result once I've found the reason of the error.	09:15
masahito	Anything else?	09:16
priteau	Nothing else on RC1 from me	09:17
tetsuro_	Nothing from me	09:17
masahito	All right.	09:17
masahito	#topic Next 2 weekly meetings	09:18
masahito	Unfortunately, I won't attend the next 2 weekly meetings.	09:19
masahito	If nothing specially, we could skip the meetings.	09:20
priteau	I am also going to be on holiday for the next two weeks, although I will probably be working on August 21.	09:20
*** markstur has joined #openstack-meeting-alt		09:21
priteau	I think we can skip the meetings and keep in touch via Gerrit or email	09:22
masahito	yes.	09:22
tetsuro_	Sounds good to me, too.	09:22
masahito	okay, let's skip next two meetings.	09:22
masahito	#topic AOB	09:23
priteau	masahito: Will you still be able to process the release?	09:23
masahito	priteau: sorry, I'm not clear the "process". meaning putting the tag and the stable branch?	09:24
priteau	Yes	09:24
priteau	Actually I would like to also ask you, do you know when the PTL position changes?	09:25
masahito	yes. I'm planning put RC1 tag tomorrow.	09:25
masahito	Ah, I see.	09:25
*** markstur has quit IRC		09:25
masahito	IMHO, there is not exact position date.	09:26
priteau	Do you want to do the Rocky release and I handle afterwards?	09:27
masahito	However, I'm thinking I should have the responsibility until the Rocky will be officially released.	09:27
priteau	That sounds good, if you're able to do it.	09:28
priteau	Sorry, we switched to AOB topic already ;-)	09:29
masahito	The master branch targets Stein once the branch is created. Of course, you can do that because you're the PTL for Stein :-)	09:29
masahito	It's a good topic to AOB ;-)	09:29
priteau	Since we're planning to skip meetings until the Rocky release, I think most PTL activities will be related to the Rocky release.	09:30
*** finucannot is now known as stephenfin		09:30
masahito	I'll be online next two weeks. But I cant attend the two meeting because of my flights and etc...	09:32
masahito	Speaking of the PTL, I step down the Blazar PTL as I mailed to openstack-dev.	09:32
tetsuro_	I'm rather new to blazar, but have seen a lot of great work, masahito.	09:33
tetsuro_	as a PTL.	09:33
masahito	We had lots of progress to the project and I'm really appreciating all of activities by you all.	09:34
priteau	Thanks for all your work masahito!	09:36
masahito	priteau will run the PTL for Stein cycle. priteau has good insight for Blazar so I'm looking forward to how we'll move forward!!	09:36
masahito	tetsuro_, priteau: my pleasure.	09:36
priteau	I will do my best to lead the project forward during the next cycle.	09:38
tetsuro_	Yup, I'm looking forward to workin in a new Blazar team in Stein	09:41
masahito	All right. Any thing else to discuss?	09:41
priteau	I have one update	09:42
priteau	I will attend the PTG in Denver, Monday morning to Friday early afternoon.	09:42
masahito	Good to hear!	09:42
tetsuro_	good news!	09:42
priteau	Sorry it took so long to organize	09:42
masahito	np. Finally you will attend the PTG :-)	09:43
priteau	Should we organize a team dinner? ;-)	09:44
priteau	Maybe on Tuesday evening	09:44
*** tetsuro_ has quit IRC		09:45
masahito	sounds nice.	09:45
*** tetsuro_ has joined #openstack-meeting-alt		09:45
masahito	ah, tetsuro_ is away...	09:45
tetsuro_	I'm back now	09:45
masahito	he's back	09:45
masahito	Tuesday works for me.	09:46
priteau	We can discuss dinner closer to the event, there may be an official event on some days	09:46
tetsuro_	Tuesday works for me as well	09:46
masahito	Usually the official event is on Tuesday. We can go dinner after the event if we choose Tuesday.	09:47
priteau	We will need to check with Bertrand too	09:47
priteau	Let's discuss again later this month.	09:48
priteau	I put a note in the Etherpad	09:48
tetsuro_	good idea	09:49
masahito	Good news is few restaurants close to the venue. It's easy to pick up and don't worried about the place :-)	09:49
masahito	Right. we can back to the topic later.	09:49
priteau	masahito: I suppose I should lead the IRC meeting on August 28?	09:50
masahito	Looks nice week to switch the role.	09:51
priteau	I will prepare an agenda.	09:52
*** rmart04 has quit IRC		09:53
masahito	anything else?	09:56
masahito	last 5 mins	09:56
priteau	Nothing else from me	09:57
masahito	all right.	09:58
masahito	Thanks all	09:58
tetsuro_	Thanks!	09:58
masahito	bye	09:58
masahito	#endmeeting	09:58
priteau	Bye!	09:58
openstack	Meeting ended Tue Aug 7 09:58:51 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	09:58
openstack	Minutes: http://eavesdrop.openstack.org/meetings/blazar/2018/blazar.2018-08-07-09.01.html	09:58
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/blazar/2018/blazar.2018-08-07-09.01.txt	09:58
openstack	Log: http://eavesdrop.openstack.org/meetings/blazar/2018/blazar.2018-08-07-09.01.log.html	09:58
*** tetsuro_ has quit IRC		09:59
*** tetsuro has joined #openstack-meeting-alt		09:59
*** tetsuro has quit IRC		10:21
*** tetsuro has joined #openstack-meeting-alt		10:28
*** tetsuro has quit IRC		10:28
*** masahito has quit IRC		10:33
*** liuyulong has quit IRC		10:45
*** dave-mccowan has joined #openstack-meeting-alt		10:51
*** panda\|rover is now known as panda\|rover\|lunc		11:18
*** slagle has joined #openstack-meeting-alt		11:39
*** pingfrog has quit IRC		11:48
*** apetrich has joined #openstack-meeting-alt		11:53
*** erlon has joined #openstack-meeting-alt		11:56
*** raildo has joined #openstack-meeting-alt		12:02
*** raildo has quit IRC		12:03
*** edmondsw has joined #openstack-meeting-alt		12:04
*** raildo has joined #openstack-meeting-alt		12:06
*** raildo has quit IRC		12:07
*** tpsilva has joined #openstack-meeting-alt		12:07
*** raildo has joined #openstack-meeting-alt		12:15
*** panda\|rover\|lunc is now known as panda\|rover		12:16
*** e0ne has joined #openstack-meeting-alt		12:40
*** thomasem has quit IRC		12:50
*** weshay has quit IRC		12:50
*** ddmitriev has joined #openstack-meeting-alt		12:55
*** ccamacho has quit IRC		12:58
*** vgreen has joined #openstack-meeting-alt		12:58
*** dklyle has quit IRC		12:59
*** janki has quit IRC		13:03
*** janki has joined #openstack-meeting-alt		13:04
*** tssurya has joined #openstack-meeting-alt		13:07
*** lbragstad has joined #openstack-meeting-alt		13:11
*** dustins has joined #openstack-meeting-alt		13:23
*** namnh has joined #openstack-meeting-alt		13:27
*** ccamacho has joined #openstack-meeting-alt		13:28
*** jcoufal has joined #openstack-meeting-alt		13:42
*** dklyle has joined #openstack-meeting-alt		14:33
*** hongbin has joined #openstack-meeting-alt		14:38
*** e0ne has quit IRC		14:39
*** markstur has joined #openstack-meeting-alt		14:44
*** markstur has quit IRC		14:49
*** priteau has quit IRC		14:50
*** markstur has joined #openstack-meeting-alt		14:56
*** Emine has quit IRC		14:58
*** panda\|rover is now known as panda\|backin2h		15:01
*** lamt has joined #openstack-meeting-alt		15:02
*** dpawlik has quit IRC		15:10
*** markstur_ has joined #openstack-meeting-alt		15:18
*** markstur has quit IRC		15:20
*** priteau has joined #openstack-meeting-alt		15:26
*** gyee has joined #openstack-meeting-alt		15:32
*** gagehugo has joined #openstack-meeting-alt		15:36
*** dpawlik has joined #openstack-meeting-alt		15:38
*** dpawlik has quit IRC		15:42
lbragstad	#startmeeting keystone	16:00
openstack	Meeting started Tue Aug 7 16:00:20 2018 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.	16:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	16:00
openstack	The meeting name has been set to 'keystone'	16:00
*** wxy\|xiyuan has joined #openstack-meeting-alt		16:00
lbragstad	ping ayoung, breton, cmurphy, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, aselius, dpar, jdennis, ruan_he, wxy, sonuk	16:00
gagehugo	o/	16:00
kmalloc	o/	16:00
wxy\|xiyuan	o/	16:00
lbragstad	#link https://etherpad.openstack.org/p/keystone-weekly-meeting	16:00
lbragstad	agenda ^	16:01
cmurphy	o/	16:01
lamt	o/	16:01
lbragstad	short agenda today	16:01
*** armstrong has joined #openstack-meeting-alt		16:02
*** jcoufal has quit IRC		16:02
lbragstad	#topic release status	16:03
lbragstad	#link https://releases.openstack.org/rocky/schedule.html	16:03
lbragstad	#info rc1 target is the end of this week	16:03
lbragstad	if there is anything we want to get into RC1, we'll have to do it this week	16:04
*** ayoung has joined #openstack-meeting-alt		16:04
lbragstad	i went through bugs last week and I don't have any critical bugs on my radar	16:04
lbragstad	at least not ones that haven't been present in other releases	16:05
*** wxy\|xiyuan has quit IRC		16:05
ayoung	you mean we have bugs roll over from one release to the next?	16:05
lbragstad	right..	16:05
kmalloc	we have historically had that happen	16:05
lbragstad	correct	16:06
kmalloc	if the bug isn't critical, it can be fixed as needed	16:06
kmalloc	bugs may have existed prior to rocky but only discovered in rocky	16:06
ayoung	or if, say, Nova tags it as wishlist...	16:06
lbragstad	one thing i do is look at all bugs opened during the release and see if anything was opened that might be a release blocker	16:07
lbragstad	so far, i'm not seeing any release blockers	16:07
kmalloc	++	16:07
lbragstad	if you do see something, please feel free to raise a red flag or ping me	16:08
*** wxy-xiyuan has joined #openstack-meeting-alt		16:08
lbragstad	but everyone here is pretty well-versed in release activities	16:08
ayoung	will we have end to end support for service roles in Queens>	16:08
ayoung	?	16:09
ayoung	er	16:09
ayoung	Rocky?	16:09
lbragstad	i'm not sure i understand the question	16:09
* kmalloc is also confused.		16:10
ayoung	Will we be able to use System roles, including CLI support?	16:10
lbragstad	oh	16:10
*** namnh has quit IRC		16:10
*** knikolla has joined #openstack-meeting-alt		16:10
ayoung	and Oslo context so we can enforce on them	16:11
knikolla	o/	16:11
*** wxy-xiyuan_ has joined #openstack-meeting-alt		16:11
kmalloc	well, uhm. possibly in keystone, though i think it's another release before we're really going to be in full swing even in keystone and then outside of it is maybe a community goal?	16:11
knikolla	did we switch meeting channel?	16:11
kmalloc	knikolla: yeah, when we switched times ;)	16:11
lbragstad	we'll be pursing that in stein	16:11
kmalloc	knikolla: like... months ago :)	16:11
kmalloc	there was a conflict in -meeting.	16:12
kmalloc	for the new timeslot	16:12
knikolla	i remember	16:12
kmalloc	ayoung: we have all of the base code/support now in keystone (or most of it)	16:12
knikolla	i had the impression we were on meeting-3, so when i switched irc client i joined that instead :(	16:12
kmalloc	ayoung: and in stein we can be aggressive in making it the way forward.	16:12
ayoung	what is missing? Without System roles, mitigation for Bug 968696, falls back to is_admin_project	16:13
openstack	bug 968696 in OpenStack Identity (keystone) ""admin"-ness not properly scoped" [High,In progress] https://launchpad.net/bugs/968696 - Assigned to Adam Young (ayoung)	16:13
lbragstad	#link https://bugs.launchpad.net/keystone/+bugs?field.tag=policy	16:13
lbragstad	^ that tracks a lot of the work to make keystone's APIs account for different scopes	16:13
kmalloc	most of what is missing is migration paths, documentation, ensuring we make our APIs fully account for scopes	16:14
lbragstad	and it's dependent on the work kmalloc is doing to port APIs to use flask and remove the @protected decorator	16:14
ayoung	but we could write customer policy that bypasses that, so long as we have system scopes, right?	16:14
ayoung	customer policy is OK at this point, I'm concerned with python code support for System role assignments only	16:14
kmalloc	i think flask is ~50% done now,	16:14
kmalloc	and by rocky end i hope to have at least 75% of the work proposed.	16:14
kmalloc	if not all of it	16:15
kmalloc	[for APIs] there will be a couple more cleanups after that (breaking down our middleware)	16:15
ayoung	but we don't need that to enforce on system roles, correct?	16:15
ayoung	just to have it done by default	16:15
* kmalloc defers to lbragstad for that. my brain can't context switch to answer that question quickly enough.		16:15
*** jaypipes_ has joined #openstack-meeting-alt		16:16
lbragstad	correct - if a deployment wants to keep doing things with the old/broken policy, they can	16:16
lbragstad	for a certain amount of time	16:16
ayoung	No	16:16
ayoung	I want to do things with custom policy	16:16
ayoung	using System role assignements.	16:16
ayoung	Can we do that in Rocky with the existing work?	16:17
*** jaypipes has quit IRC		16:17
*** jaypipes_ has quit IRC		16:17
lbragstad	ayoung: what are you asking for? the ability to incorporate system scoped tokens into keystone's APIs?	16:18
*** e0ne has joined #openstack-meeting-alt		16:18
ayoung	lbragstad, yes, and to enforce on them via oslo-policy in Nova et alles	16:18
lbragstad	there is still work to be done in those other services	16:19
ayoung	lbragstad, assuming we put customer policy in place, it should work though, right?	16:19
lbragstad	what do you mean by customer policy?	16:20
ayoung	oslo-context gets its values from the header that we set in keystonemiddleware, so the other projects should not require code changes	16:20
ayoung	custom	16:20
ayoung	my fingers automatically added the 'er'	16:21
lbragstad	ok	16:21
lbragstad	i wasn't sure if you meant something else	16:21
lbragstad	there might still be service changes	16:21
lbragstad	#link https://bugs.launchpad.net/keystone/+bug/1750660 for example	16:21
openstack	Launchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,Triaged]	16:22
lbragstad	^ that's a case where the service (keystone specifically) needs to understand the scope of the token being used in order to give the user a response that makes sense within their authorization	16:22
lbragstad	which is more involved than a policy check	16:22
ayoung	OK, to be clear. We had a mitigation path in place using is_admin_project. I'd like to move people to using System roles. We need to know if that is going to work.	16:23
lbragstad	so - is_admin_project was basically an override that allowed people to do things at the system level	16:24
ayoung	right	16:24
lbragstad	the migration is that you need to make sure all people that have a role on the project you have acting as the is_admin_project, have that same role on the system	16:24
ayoung	Right. I want to know if we can start doing that based on Rocky	16:24
ayoung	or if there is no reason to start using system roles, and to build on top of is_admin_project today	16:25
lbragstad	i'm inclinced to say no, because i imagine there are bugs like https://bugs.launchpad.net/keystone/+bug/1750660 still in the system	16:25
openstack	Launchpad bug 1750660 in OpenStack Identity (keystone) "The v3 project API should account for different scopes" [High,Triaged]	16:25
lbragstad	the plumbing is there and ready to use, we just need to start using it in the business logic of the services	16:25
ayoung	++	16:26
*** wxy-xiyuan_ has quit IRC		16:26
*** wxy-xiyu_ has joined #openstack-meeting-alt		16:26
lbragstad	I'd like to make stein the release where we drive that home for keystone	16:26
lbragstad	(e.g. i give a system scoped tokne to keystone and list all projects and i get all projects in the deployment)	16:26
*** wxy-xiyu_ is now known as wxy-xiyuan_		16:26
lbragstad	anything else on release specific stuff?	16:28
ayoung	lbragstad, ok.	16:28
lbragstad	ayoung: happy to continue working through this in office hours, if you'd like	16:29
lbragstad	# PTG preparation	16:29
lbragstad	#topic PTG preparation	16:29
ayoung	It is a major feature. Just want to know if it really is in a specific release. I think we need a plan for making it official in Stein	16:29
lbragstad	ayoung: i'm all for that, too	16:30
lbragstad	hrybacki: was interested in it	16:30
lbragstad	though i assume there is a correlation there ;)	16:30
lbragstad	#topic PTG preparation	16:31
lbragstad	hmm - o well	16:31
lbragstad	anyway	16:31
lbragstad	#link https://etherpad.openstack.org/p/keystone-stein-ptg	16:31
lbragstad	be sure to continue adding things to that etherpad if you'd like to spend time on it at the PTG	16:31
lbragstad	we have Monday as a cross-project day	16:31
lbragstad	in addition to thursday and friday as keystone-specific days	16:31
lbragstad	i'm going to formalize the context into an actual schedule during the last week of august	16:32
*** lbragstad[m] has quit IRC		16:32
lbragstad	content*	16:32
lbragstad	anyone have anything specific for the PTG?	16:33
*** jaypipes has joined #openstack-meeting-alt		16:33
lbragstad	#topic open discussion	16:33
ayoung	Self service	16:34
lbragstad	just FYI - i'm going to be hanging out with wxy-xiyuan next week in Xi'an	16:34
ayoung	I'd like to have a long term focus on self service from the Keystone team, and a definitinon of what that means	16:34
lbragstad	so i expect most communication to by async	16:34
ayoung	knikolla, has some code for requesting new resources in Keystone. Its in a stand alone server. I think it points out some of the pain we've inflicted on Operators that we need separate servcie like that	16:35
ayoung	we need a series of statements like:	16:35
knikolla	with adjutant being accepted as an official project, we should piggyback on that	16:35
ayoung	as a member, I should be able to see the other members of a project	16:35
ayoung	as a user with no role assignments, I should be able to request a role on a project	16:36
ayoung	as a project administrator, I should be able to offer a role assignment to a user	16:36
lbragstad	yeah - that goes hand in hand with some of the system scope stuff	16:36
ayoung	some of that was in the Virtuyal Org discussion with David Chadwick a few years back...shiver	16:36
knikolla	ayoung: i would rewrite that to "as a project admin i would like to be able to add users to my project"	16:36
lbragstad	it's a good first step in helping enable a much better self-service story IMO	16:37
kmalloc	knikolla: as long as adjutant doesn't lean on keystone for auth.	16:37
ayoung	knikolla, assuming I know their user ID. But what if I just have Federation data?	16:37
kmalloc	knikolla: if it does, we run into the same issues we have with barbican	16:37
knikolla	kmalloc: what do you mean?	16:37
kmalloc	knikolla: barbican needs keystone auth to work	16:37
knikolla	users who have no auth at all?	16:37
kmalloc	therefore keystone cannot use barbican as a datastore	16:37
knikolla	oh, i see	16:38
knikolla	well, adjutant would be a layer on top of keystone	16:38
kmalloc	if adjutant needs keystone to auth things, keystone cannot use it as a backing project	16:38
ayoung	knikolla, can you set up a demo of your project at some point?	16:38
knikolla	keystone itself wouldn't need it	16:38
kmalloc	just to be clear adjutant needs to be over keystone	16:38
cmurphy	yes	16:38
kmalloc	wanted to be sure we didn't cross that conversaion again :)	16:38
knikolla	ayoung: i think i have one running. i used it to register spring's class.	16:39
ayoung	other self service operations are "as a project manager, I should be able to enumerate all resources scoped to my project" andthat one is a hard one	16:39
* kmalloc still would like to see keystone able to use vault for secret storage.		16:39
kmalloc	[and possibly fernet keys]	16:39
kmalloc	but that is a different thing.	16:39
cmurphy	i think we'll eventually be able to lean on castellan for that	16:40
knikolla	for context, by "my project" ayoung is referring to https://github.com/CCI-MOC/ksproj	16:40
ayoung	as a user, I should be able to list my roles on a project	16:40
ayoung	as a user, I should be able to identify what role I need to access a remote API	16:40
ayoung	and so on	16:40
knikolla	though i would like to merge its featureset to adjutant	16:40
ayoung	A user can get their list of roles via a token issue, but not via role list. Its a little wonky	16:41
lbragstad	we essentially have to teach those apis how to deal with scope	16:42
ayoung	knikolla, "adjutant" is what?	16:42
lbragstad	it's a new openstack project	16:42
knikolla	ayoung: self-service admin workflows	16:43
cmurphy	https://adjutant.readthedocs.io/en/latest/	16:43
lbragstad	#link https://github.com/openstack/adjutant	16:43
knikolla	right now i think you can add users to a project you are project-admin on, list, remove, etc.	16:44
lbragstad	adriant has been working on it for quite some time	16:44
lbragstad	they use it at catalyst?	16:44
ayoung	please tell me they used Flask.	16:44
knikolla	ayoung: django rest framework	16:44
ayoung	Ah well, close enough	16:45
*** tssurya has quit IRC		16:45
kmalloc	i have zero issues with django, flask, or <insert non-custom-rolled-webob wsgi thing here>	16:45
kmalloc	:)	16:45
kmalloc	heck, i'd take a nodejs application if it uses a good framework	16:46
ayoung	No you wouldn't	16:46
*** janki has quit IRC		16:47
ayoung	OK, so I'll work with the Adjutant stuff for self service.	16:47
knikolla	ayoung: i already has that	16:47
knikolla	the only blocker is federated users	16:47
knikolla	the mechanism for inviting users to project is very different in ksproj	16:47
ayoung	knikolla, OK, we can discuss off meeting	16:48
knikolla	++	16:48
knikolla	we should also talk to adriant, though timezone-wise that will be a bit hard	16:48
ayoung	++	16:48
lbragstad	anything else for open discussion?	16:50
kmalloc	lbragstad: i have topics for PTG, to add to the etherpad	16:50
lbragstad	awesome, it's all yours	16:50
kmalloc	i'll get that done and book PTG ticket etc.	16:52
lbragstad	PTG ticket prices are rising soon if they haven't already	16:52
lbragstad	just a heads up	16:52
cmurphy	some people internally have been approaching me about a standalone keystone, where'd we leave off on that? anyone else seeing a pressing use case for that?	16:53
* kmalloc was almost certain he booked the PTG ticket but i guess i didn't		16:53
lbragstad	cmurphy: as in strictly an identity provider?	16:53
kmalloc	cmurphy: as in a full fledged idp?	16:53
cmurphy	lbragstad: ya	16:53
cmurphy	kmalloc: also yes	16:53
kmalloc	i think we agreed it was somerhing we'd happily put on the roadmap and work on	16:54
lbragstad	afaik - i think that fell to the floor	16:54
kmalloc	but hasn't moved forward	16:54
kmalloc	so, yes we'll totally accept those changes.	16:54
lbragstad	something we all wanted to entertain but no movement on it	16:54
kmalloc	but no one is working on it	16:54
kmalloc	yet	16:54
cmurphy	what they want is to use it to integrate with non-openstack projects	16:54
kmalloc	oh thats right, PTG price is WAY higher this time. i need to expense it right away.	16:55
kmalloc	that is why i didn't do it yet.	16:55
*** Emine has joined #openstack-meeting-alt		16:55
knikolla	i think it started at 199 when i got it	16:55
kmalloc	cmurphy: right. and that lines up with the proxy-idp bit we were talkign to craig about	16:56
lbragstad	cmurphy: do you know what's preventing them from doing that today?	16:56
kmalloc	knikolla: it is $399 now =/	16:56
kmalloc	i think it was $399 when i first looked.	16:56
knikolla	i wouldn't be hard to implement the openid connect protocol in keystone	16:56
cmurphy	lbragstad: well it's not a fully-fledge IdP to start, also openstack's concepts of access control don't really map to access control models for other projects	16:57
lbragstad	i guess i need to see what features are missing the doesn't qualify keystone as a full-fledge idp	16:58
lbragstad	(i totally expect them to be there)	16:58
* lbragstad isn't making sense		16:58
lbragstad	I full expect keystone to be missing some of those features	16:58
lbragstad	fully&	16:58
cmurphy	yeah i can explain after the meeting	16:59
lbragstad	ok	16:59
lbragstad	i added it to the etherpad	16:59
lbragstad	just about out of time	16:59
lbragstad	thanks for the time everyone	16:59
lbragstad	see y'all in office hours	16:59
lbragstad	#endmeeting	17:00
openstack	Meeting ended Tue Aug 7 17:00:08 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	17:00
openstack	Minutes: http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-08-07-16.00.html	17:00
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-08-07-16.00.txt	17:00
openstack	Log: http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-08-07-16.00.log.html	17:00
*** wxy-xiyuan_ has quit IRC		17:00
*** derekh has quit IRC		17:00
*** armstrong has quit IRC		17:02
*** panda\|backin2h is now known as panda\|rover		17:08
*** cloudrancher has joined #openstack-meeting-alt		17:09
*** kopecmartin has quit IRC		17:13
*** dtrainor has quit IRC		17:16
*** dtrainor has joined #openstack-meeting-alt		17:19
*** e0ne has quit IRC		17:20
*** e0ne has joined #openstack-meeting-alt		17:21
*** e0ne has quit IRC		17:22
*** cloudrancher has quit IRC		17:22
*** harlowja has joined #openstack-meeting-alt		17:31
*** harlowja has quit IRC		17:43
*** markvoelker_ has quit IRC		17:45
*** ayoung has quit IRC		17:53
*** Leo_m has joined #openstack-meeting-alt		18:01
*** e0ne has joined #openstack-meeting-alt		18:04
*** Swami has joined #openstack-meeting-alt		18:12
*** AlanClark has joined #openstack-meeting-alt		18:21
*** apetrich has quit IRC		18:35
*** ChanServ sets mode: +o openstack		19:03
*** e0ne has quit IRC		19:32
*** apetrich has joined #openstack-meeting-alt		19:33
*** vgreen has quit IRC		19:46
*** raildo has quit IRC		20:02
*** raildo has joined #openstack-meeting-alt		20:07
*** raildo has quit IRC		20:28
*** dustins has quit IRC		20:30
*** dustins has joined #openstack-meeting-alt		20:36
*** AlanClark has quit IRC		20:41
*** dpawlik has joined #openstack-meeting-alt		20:45
*** apetrich has quit IRC		20:45
*** slaweq has quit IRC		20:58
*** dustins has quit IRC		21:18
*** slaweq has joined #openstack-meeting-alt		21:23
*** edmondsw has quit IRC		21:29
*** Leo_m has quit IRC		21:40
*** Leo_m has joined #openstack-meeting-alt		21:46
*** Leo_m has quit IRC		21:51
*** slagle has quit IRC		21:56
*** Leo_m has joined #openstack-meeting-alt		21:57
*** dpawlik has quit IRC		22:09
*** priteau has quit IRC		22:09
*** beagles has quit IRC		22:13
*** beagles has joined #openstack-meeting-alt		22:20
*** rcernin has joined #openstack-meeting-alt		22:20
*** strigazi has joined #openstack-meeting-alt		22:20
*** strigazi has quit IRC		22:21
*** strigazi has joined #openstack-meeting-alt		22:21
*** strigazi has quit IRC		22:27
*** strigazi has joined #openstack-meeting-alt		22:28
*** strigazi has quit IRC		22:28
*** strigazi has joined #openstack-meeting-alt		22:29
*** strigazi has quit IRC		22:32
*** strigazi has joined #openstack-meeting-alt		22:33
*** hongbin has quit IRC		22:39
*** edmondsw has joined #openstack-meeting-alt		22:54
*** edmondsw has quit IRC		22:59
*** tpsilva has quit IRC		23:12
*** priteau has joined #openstack-meeting-alt		23:16
*** Leo_m has quit IRC		23:46
*** Swami has quit IRC		23:46
*** Leo_m_ has joined #openstack-meeting-alt		23:46

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!