Tuesday, 2019-02-12

*** tetsuro has joined #openstack-meeting-alt		00:25
*** TxGirlGeek has quit IRC		00:25
*** macza has joined #openstack-meeting-alt		00:29
*** tetsuro has quit IRC		00:30
*** tetsuro has joined #openstack-meeting-alt		00:32
*** macza has quit IRC		00:34
*** tetsuro has quit IRC		00:35
*** tetsuro_ has joined #openstack-meeting-alt		00:35
*** chhagarw has joined #openstack-meeting-alt		00:37
*** masahito has joined #openstack-meeting-alt		00:39
*** iyamahat has joined #openstack-meeting-alt		00:42
*** masahito has quit IRC		00:45
*** chhagarw has quit IRC		00:51
*** yamamoto has joined #openstack-meeting-alt		00:51
*** gyee has quit IRC		00:54
*** yamamoto has quit IRC		00:56
*** hrybacki has joined #openstack-meeting-alt		00:59
*** cosss_ has joined #openstack-meeting-alt		00:59
*** sweston has joined #openstack-meeting-alt		00:59
*** mrhillsman has joined #openstack-meeting-alt		00:59
*** sdake has joined #openstack-meeting-alt		01:01
*** macza has joined #openstack-meeting-alt		01:08
*** ijw has joined #openstack-meeting-alt		01:12
*** macza has quit IRC		01:13
*** tetsuro has joined #openstack-meeting-alt		01:20
*** tetsuro_ has quit IRC		01:20
*** cloudrancher has joined #openstack-meeting-alt		01:26
*** markvoelker has quit IRC		01:30
*** markvoelker has joined #openstack-meeting-alt		01:31
*** tetsuro has quit IRC		01:35
*** tetsuro_ has joined #openstack-meeting-alt		01:35
*** markvoelker has quit IRC		01:35
*** sdake has quit IRC		01:37
*** sdake has joined #openstack-meeting-alt		01:40
*** sdake has quit IRC		01:43
*** yamamoto has joined #openstack-meeting-alt		01:53
*** tetsuro has joined #openstack-meeting-alt		02:01
*** tetsuro_ has quit IRC		02:01
*** TxGirlGeek has joined #openstack-meeting-alt		02:04
*** lbragstad has quit IRC		02:06
*** ijw has quit IRC		02:07
*** macza has joined #openstack-meeting-alt		02:22
*** macza has quit IRC		02:27
*** macza has joined #openstack-meeting-alt		02:27
*** hongbin has joined #openstack-meeting-alt		02:29
*** cloudrancher has quit IRC		02:29
*** macza has quit IRC		02:31
*** markvoelker has joined #openstack-meeting-alt		02:31
*** iyamahat has quit IRC		02:35
*** TxGirlGeek has quit IRC		02:36
*** yamamoto has quit IRC		02:48
*** markvoelker has quit IRC		03:05
*** yamamoto has joined #openstack-meeting-alt		03:14
*** tetsuro has quit IRC		03:22
*** tetsuro_ has joined #openstack-meeting-alt		03:22
*** tetsuro has joined #openstack-meeting-alt		03:26
*** tetsuro_ has quit IRC		03:26
*** sdake has joined #openstack-meeting-alt		03:40
*** TxGirlGeek has joined #openstack-meeting-alt		03:57
*** dave-mccowan has quit IRC		03:58
*** sdake has quit IRC		03:59
*** markvoelker has joined #openstack-meeting-alt		04:02
*** tetsuro has quit IRC		04:05
*** lbragstad has joined #openstack-meeting-alt		04:09
*** diablo_rojo has quit IRC		04:09
*** janki has joined #openstack-meeting-alt		04:30
*** markvoelker has quit IRC		04:34
*** early has quit IRC		05:14
*** early has joined #openstack-meeting-alt		05:22
*** hongbin has quit IRC		05:30
*** markvoelker has joined #openstack-meeting-alt		05:32
*** TxGirlGeek has quit IRC		05:56
*** early has quit IRC		06:05
*** markvoelker has quit IRC		06:05
*** vishakha has joined #openstack-meeting-alt		06:08
*** early has joined #openstack-meeting-alt		06:13
*** whoami-rajat has joined #openstack-meeting-alt		06:19
*** sridharg has joined #openstack-meeting-alt		06:20
*** e0ne has joined #openstack-meeting-alt		06:24
*** e0ne has quit IRC		06:35
*** ccamacho has quit IRC		06:49
*** lbragstad has quit IRC		06:50
*** markvoelker has joined #openstack-meeting-alt		07:02
*** kopecmartin\|off is now known as kopecmartin		07:05
*** e0ne has joined #openstack-meeting-alt		07:12
*** e0ne has quit IRC		07:16
*** e0ne has joined #openstack-meeting-alt		07:24
*** e0ne has quit IRC		07:32
*** markvoelker has quit IRC		07:35
*** jrbalderrama has joined #openstack-meeting-alt		07:35
*** e0ne has joined #openstack-meeting-alt		07:42
*** slaweq has joined #openstack-meeting-alt		07:44
*** rdopiera has joined #openstack-meeting-alt		07:45
*** jrbalderrama has quit IRC		07:45
*** ccamacho has joined #openstack-meeting-alt		07:58
*** ccamacho has quit IRC		07:59
*** ccamacho has joined #openstack-meeting-alt		07:59
*** masahito has joined #openstack-meeting-alt		08:28
*** markvoelker has joined #openstack-meeting-alt		08:32
*** e0ne has quit IRC		08:35
*** e0ne has joined #openstack-meeting-alt		08:37
*** e0ne has quit IRC		08:38
*** e0ne has joined #openstack-meeting-alt		08:46
*** e0ne has quit IRC		08:48
*** e0ne has joined #openstack-meeting-alt		08:54
*** iyamahat has joined #openstack-meeting-alt		08:54
*** whoami-rajat has quit IRC		08:54
*** e0ne has quit IRC		08:56
*** priteau has joined #openstack-meeting-alt		08:59
*** tetsuro has joined #openstack-meeting-alt		09:00
priteau	#startmeeting blazar	09:00
openstack	Meeting started Tue Feb 12 09:00:35 2019 UTC and is due to finish in 60 minutes. The chair is priteau. Information about MeetBot at http://wiki.debian.org/MeetBot.	09:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	09:00
*** openstack changes topic to " (Meeting topic: blazar)"		09:00
openstack	The meeting name has been set to 'blazar'	09:00
priteau	#topic Roll call	09:01
*** openstack changes topic to "Roll call (Meeting topic: blazar)"		09:01
masahito	o/	09:01
priteau	Hi masahito	09:01
tetsuro	hi	09:02
priteau	Hi tetsuro	09:02
priteau	#topic stein-3 milestone	09:03
*** openstack changes topic to "stein-3 milestone (Meeting topic: blazar)"		09:03
priteau	We're getting closer to the stein-3 milestone	09:03
priteau	I've been working on refreshing some bug fixes that were implemented for Chameleon	09:04
*** panda\|off is now known as panda		09:04
priteau	Looks like today I may be able to review the new floating IP patches and placement work	09:05
*** tetsuro has quit IRC		09:05
*** markvoelker has quit IRC		09:05
*** tetsuro has joined #openstack-meeting-alt		09:05
priteau	masahito: I suppose you won't have time to work on "reservation candidate API" in this cycle?	09:06
masahito	priteau: right. sorry, no much time to work for it.	09:07
priteau	No problem. Allocation API was much more important IMHO.	09:07
tetsuro	masahito: I left some questions on the floating IP spec. https://review.openstack.org/#/c/609302/	09:08
masahito	tetsuro: thanks! I'll check it later.	09:09
priteau	Thanks tetsuro for your work on fixing https://bugs.launchpad.net/blazar/+bug/1814594	09:11
openstack	Launchpad bug 1814594 in Blazar "Failure to create a host" [High,In progress] - Assigned to Tetsuro Nakamura (tetsuro0907)	09:11
priteau	This was a random find really. I usually deploy DevStack on CentOS7, but that day used Ubuntu16.04 which had hostnames configured differently.	09:12
tetsuro	Good catch, thanks a lot	09:12
priteau	masahito: tetsuro's patches are at https://review.openstack.org/#/q/status:open+project:openstack/blazar+branch:master+topic:bug/1814594	09:12
masahito	I'll check it. thanks tetsuro	09:14
priteau	Anything else to discuss for stein-3?	09:15
*** tetsuro has quit IRC		09:16
*** tssurya has joined #openstack-meeting-alt		09:17
*** tetsuro has joined #openstack-meeting-alt		09:17
tetsuro	The network is unstable.. sorry.	09:18
priteau	No worries	09:18
priteau	Let's move to AOB	09:18
priteau	#topic AOB	09:19
*** openstack changes topic to "AOB (Meeting topic: blazar)"		09:19
priteau	Anything special to share today?	09:19
*** iyamahat has quit IRC		09:19
tetsuro	nop	09:20
masahito	May I ask tetsuro's patch if nothing?	09:21
tetsuro	sure	09:21
masahito	The patch and its commit message looks good to me. Is it needed any upgrading script that changes host_name to hypervisor_name in DB?	09:24
masahito	Or does the problem only happen in placement support?	09:24
tetsuro	Ah	09:24
tetsuro	good question.	09:25
tetsuro	Wait a moment plez	09:25
*** e0ne has joined #openstack-meeting-alt		09:25
*** e0ne has quit IRC		09:26
priteau	masahito: Both values of `hypervisor_hostname` and `service_name` are already in the database for each compute host	09:26
priteau	We're just getting another value to pass to placement	09:26
priteau	No DB changes are required	09:26
tetsuro	Yes, that's true	09:26
tetsuro	priteau is right, thanks	09:26
masahito	Okay, thanks.	09:27
priteau	Chameleon has been using a similar approach because it uses an experimental patch that allows host aggregates to be linked with hypervisor hostnames	09:31
tetsuro	Good to know	09:32
priteau	Any other questions?	09:32
tetsuro	https://review.openstack.org/#/q/topic:bug/1813252 also needs more eyes.	09:32
priteau	Thanks for the remidner	09:33
tetsuro	Not from me any more	09:34
masahito	Nothing from my side.	09:35
priteau	Thank you for joining today.	09:36
masahito	Thanks	09:36
priteau	Bye!	09:36
tetsuro	thanks	09:36
priteau	#endmeeting	09:36
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		09:36
openstack	Meeting ended Tue Feb 12 09:36:56 2019 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	09:36
openstack	Minutes: http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-02-12-09.00.html	09:36
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-02-12-09.00.txt	09:37
openstack	Log: http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-02-12-09.00.log.html	09:37
*** tetsuro has quit IRC		09:39
*** stephenfin_ is now known as stephenfin		10:01
*** markvoelker has joined #openstack-meeting-alt		10:02
*** derekh has joined #openstack-meeting-alt		10:27
*** markvoelker has quit IRC		10:35
*** purplerbot has joined #openstack-meeting-alt		10:41
*** jtomasek has quit IRC		10:46
*** obondarev has joined #openstack-meeting-alt		10:52
*** jtomasek has joined #openstack-meeting-alt		10:55
*** erlon has joined #openstack-meeting-alt		11:07
*** lpetrut has joined #openstack-meeting-alt		11:15
*** markvoelker has joined #openstack-meeting-alt		11:32
*** tetsuro has joined #openstack-meeting-alt		11:33
*** tetsuro has quit IRC		11:46
*** erlon has quit IRC		11:51
*** markvoelker has quit IRC		12:05
*** raildo has joined #openstack-meeting-alt		12:08
*** kaisers has quit IRC		12:24
*** erlon has joined #openstack-meeting-alt		12:29
*** kaisers has joined #openstack-meeting-alt		12:31
*** panda is now known as panda\|lunch		12:32
*** masahito has quit IRC		12:37
*** lpetrut has quit IRC		12:38
*** lpetrut has joined #openstack-meeting-alt		12:39
*** janki has quit IRC		12:44
*** janki has joined #openstack-meeting-alt		12:44
*** markvoelker has joined #openstack-meeting-alt		13:02
*** yamamoto has quit IRC		13:03
*** yamamoto has joined #openstack-meeting-alt		13:08
*** panda\|lunch is now known as panda		13:13
*** yamamoto has quit IRC		13:15
*** whoami-rajat has joined #openstack-meeting-alt		13:22
*** sdake has joined #openstack-meeting-alt		13:31
*** markvoelker has quit IRC		13:35
*** yamamoto has joined #openstack-meeting-alt		13:46
*** vishakha has quit IRC		13:50
*** yamamoto has quit IRC		13:56
*** e0ne has joined #openstack-meeting-alt		13:56
*** vishakha has joined #openstack-meeting-alt		13:58
*** gagehugo has joined #openstack-meeting-alt		13:59
*** sdake has quit IRC		14:03
*** dave-mccowan has joined #openstack-meeting-alt		14:04
*** yamamoto has joined #openstack-meeting-alt		14:06
*** yamamoto has quit IRC		14:06
*** dave-mccowan has quit IRC		14:09
*** liuyulong has joined #openstack-meeting-alt		14:15
*** obondarev has quit IRC		14:25
*** priteau has quit IRC		14:26
*** erlon has quit IRC		14:30
*** markvoelker has joined #openstack-meeting-alt		14:32
*** lbragstad has joined #openstack-meeting-alt		14:34
*** sdake_ has joined #openstack-meeting-alt		14:37
*** e0ne has quit IRC		14:44
*** carthaca has left #openstack-meeting-alt		14:47
*** janki has quit IRC		14:47
*** hongbin has joined #openstack-meeting-alt		14:49
*** cloudrancher has joined #openstack-meeting-alt		15:01
*** markvoelker has quit IRC		15:05
*** ianychoi has quit IRC		15:07
*** ianychoi has joined #openstack-meeting-alt		15:07
*** e0ne has joined #openstack-meeting-alt		15:09
*** hongbin has quit IRC		15:09
*** hongbin has joined #openstack-meeting-alt		15:12
*** yamamoto has joined #openstack-meeting-alt		15:16
*** TxGirlGeek has joined #openstack-meeting-alt		15:23
*** yamamoto has quit IRC		15:25
*** wxy\| has joined #openstack-meeting-alt		15:26
*** liuyulong has quit IRC		15:26
*** priteau has joined #openstack-meeting-alt		15:31
*** e0ne has quit IRC		15:33
*** jrbalderrama has joined #openstack-meeting-alt		15:38
*** liuyulong has joined #openstack-meeting-alt		15:41
*** e0ne has joined #openstack-meeting-alt		15:41
*** macza has joined #openstack-meeting-alt		15:42
*** diablo_rojo has joined #openstack-meeting-alt		15:47
*** cloudrancher has quit IRC		15:47
*** erlon has joined #openstack-meeting-alt		15:52
lbragstad	#startmeeting keystone	16:00
openstack	Meeting started Tue Feb 12 16:00:38 2019 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.	16:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	16:00
*** openstack changes topic to " (Meeting topic: keystone)"		16:00
openstack	The meeting name has been set to 'keystone'	16:00
*** erlon has quit IRC		16:00
vishakha	o/	16:00
gagehugo	o/	16:00
cmurphy	o/	16:01
wxy\|	o/	16:01
lbragstad	#link https://etherpad.openstack.org/p/keystone-weekly-meeting	16:01
lbragstad	agenda ^	16:01
lbragstad	we'll give folks a minute to join	16:01
knikolla	o/	16:02
*** markvoelker has joined #openstack-meeting-alt		16:03
lbragstad	#topic user survey questions	16:03
*** openstack changes topic to "user survey questions (Meeting topic: keystone)"		16:03
*** lpetrut has quit IRC		16:03
lbragstad	the foundation emailed me asking about the upcoming user survey	16:04
lbragstad	they usually check in each release and ask if we want to adjust the questions we have	16:04
lbragstad	i put the current questions/suggestions we have in etherpad	16:06
kmalloc	o/	16:06
lbragstad	which - i don't think have been updated since stevemar was ptl	16:06
lbragstad	so about 2+ years	16:06
lbragstad	ago	16:06
lbragstad	the foundation needs to know if we want to change any of those answers by friday	16:07
cmurphy	would be nice if the survey could let people add specific comments, the multiple choice question is a little too generic to get really good feedback	16:07
lbragstad	cmurphy i agree - but i don't think that's an option	16:07
cmurphy	yeah	16:07
knikolla	i would love to ask whether they're using sql backend or smth else	16:08
knikolla	to see adoption of federation	16:08
cmurphy	++	16:08
lbragstad	for which subsystems?	16:08
lbragstad	identity?	16:08
knikolla	yup	16:08
cmurphy	a "what features and drivers are you using" in general would be nice	16:08
lbragstad	with a text box for input?	16:09
knikolla	a multiple selection checkbox would work	16:09
cmurphy	we could probably enumerate it	16:10
hrybacki	o/	16:10
knikolla	as I don't thin there'll be many with non-standard drivers.	16:10
knikolla	thnk*	16:10
lbragstad	feel free to add thoughts to the etherpad, too	16:10
gagehugo	ok	16:10
lbragstad	in case i'm not capturing this properly	16:10
lbragstad	i'm for dropping the per domain configuration question	16:11
kmalloc	SQL, LDAP, Other (in-house developed)	16:11
lbragstad	that one has been low on the survey response for a long time	16:11
knikolla	lbragstad: ++	16:11
kmalloc	per domain config is used some places, enough to warrant continued top level support/development but not enough to warrant an endless place on the survey	16:12
knikolla	++	16:12
lbragstad	enhancing policy is also pretty vague	16:12
cmurphy	heh	16:12
lbragstad	ideas on how we can better gauge that area?	16:13
kmalloc	assume policy is something we don't need to ask about until system scope and default roles land	16:13
lbragstad	outside of "yes, make better plskthx"	16:13
kmalloc	like... the T cycle or so	16:13
cmurphy	"make policy unbad plz"	16:13
hrybacki	lbragstad: we could ask people what areas of policy they want enhanced?	16:13
hrybacki	lol cmurphy	16:13
kmalloc	right now it is enough in flux to not ask folks right now	16:13
knikolla	yup	16:13
knikolla	i think policy is moving in the right direction	16:13
kmalloc	cmurphy: you forgot "k thnx bye"	16:13
cmurphy	lol	16:14
lbragstad	so omit it from the survey completely?	16:14
kmalloc	lbragstad: yes	16:14
knikolla	i'm with kmalloc on this one.	16:14
kmalloc	add it back in the cycle AFTER we have stabilized default roles and system scope	16:14
kmalloc	and we can be more directed about it	16:14
* lbragstad feels like we're missing an opportunity to establish a feedback loop		16:15
kmalloc	"does X meet your needs"... "is y sufficient" ... "enhancements for z"	16:15
lbragstad	but i do see it as a turbulent area of keystone currently	16:15
kmalloc	i don't think so, this is so much in flux you're going to get not-super-useful data	16:15
kmalloc	i think the answers will be: "yeah, it might be better, but uhm... we aren't using it cause it's not usable yet"	16:15
*** jrbalderrama has quit IRC		16:16
*** ayoung has joined #openstack-meeting-alt		16:16
cmurphy	i disagree a little, it's still useful to compare it to past years on whether this is a top concern	16:16
* hrybacki nods		16:16
cmurphy	which it most likely will be but if we omit the question the data gets skewed	16:16
lbragstad	++	16:16
kmalloc	I'd probably ask for a direct question about top concerns/areas needing most work	16:16
hrybacki	this allowed us to see Federation re-raised in priority	16:16
kmalloc	rather than "is policy good/bad/something"	16:16
lbragstad	ok - so what would those direct questions be?	16:16
kmalloc	I'd go for something like: What part of keystone needs the most improvement for your deployment?	16:17
lbragstad	i've always been curious how many deployments roll custom policy and do what extent, but that's a tough one	16:17
knikolla	"Would you like to use your corporate identity provider with OpenStack but unable to do so?"	16:17
kmalloc	if we can do a ranked choice vs multi choice and list out what we think the components are it would be good	16:17
hrybacki	kmalloc++	16:18
ayoung	"Do you put a layer in front of OpenStack to prevent users having direct access due to access control concerns."	16:18
lbragstad	e.g., do you deploy adjutant	16:18
knikolla	lbragstad: i think i'm the minority in asnwering yes to that.	16:19
kmalloc	if we can't do a ranked choice, i totally get keeping policy question(s) in.	16:19
ayoung	I'm thinking more like in front of Nova	16:19
knikolla	ayoung: "do you stock up on alcohol before dealing with keystone?"	16:19
kmalloc	a multi-selection checkbox (check 3 of X) would also be fine.	16:19
ayoung	"do you allow end users access to Openstack directly, or do you make them go through a portal."	16:19
cmurphy	"do you modify default policy" might be interesting	16:20
ayoung	its not something people see in keystone, but rather policy across the board. Just, we are the ones driving it.	16:20
ayoung	cmurphy, yeah. Or :"Would you like to have a different policy but can't"	16:21
lbragstad	this is good	16:22
lbragstad	what else?	16:22
* kmalloc avoids really snarky questions.		16:23
* kmalloc is pre-coffee.		16:23
lbragstad	fwiw - aprice and jamesmcarthur are going to be around to answer questions about the survey format in 40 minutes	16:23
ayoung	Probably something about "what IdM features of public clouds would you mosty like to see in OpenStack"	16:23
lbragstad	does public cloud have to be a part of the question?	16:23
*** ccamacho has quit IRC		16:23
lbragstad	or can that apply to private/hybrid?	16:23
*** ccamacho has joined #openstack-meeting-alt		16:24
kmalloc	i would avoid asking specifically "what IdM features of other clouds" and ask more about generic Identity Management features (not cloud specific)	16:24
kmalloc	you can say "including public cloud providers"	16:25
kmalloc	but i wouldn't strictly limit in that way.	16:25
lbragstad	ok - keep thinking of topics, i'll be visiting with the foundation about the format for questions soon if anyone is interested in helping out there	16:26
lbragstad	i'll revise everything and send it off before friday	16:26
ayoung	it should be public cloud explicitly. Otherwise, we will never be forced to learn	16:26
ayoung	For example:	16:26
ayoung	in Azure,. if you delete a project, you delete all of the resources of that project.	16:27
kmalloc	ayoung: ok that isn't really IdM specific	16:27
kmalloc	i'd phrase that in another way. we've (in openstack) cross IdM with other types of management.	16:27
ayoung	Good point. We put it under the Id project, but THey don't	16:27
kmalloc	yes.	16:28
kmalloc	it's a great question, but we need to be sure we put it in the right context	16:28
lbragstad	are we good to move? we can circle back to this after?	16:28
ayoung	sure	16:28
lbragstad	#topic features in flight	16:28
*** openstack changes topic to "features in flight (Meeting topic: keystone)"		16:28
lbragstad	just a quick check point on the things we said we were going to deliver for this release	16:29
lbragstad	since we have 4 weeks until feature freeze	16:29
lbragstad	it's going to likely be a race with the gate	16:29
lbragstad	the MFA auth receipt work is done	16:29
lbragstad	the JWT provider work needs reviews - in addition to some careful eyes from wxy\| about the performance concerns	16:30
lbragstad	(i spent a bunch of time last week trying to performance test loading keys from disk - but i might need more information)	16:30
kmalloc	lbragstad: i can take a pass at trying to make it not-on-disk-specific as followups to your code	16:31
kmalloc	it is fine to land as-is imo	16:31
lbragstad	i was going to write up a summary on the mailing list about it, too	16:31
kmalloc	on the performance front	16:31
kmalloc	we can enhance past FF.	16:31
kmalloc	or in Train.	16:31
kmalloc	lets not spin too hard on this right now.	16:31
lbragstad	i'm fine with it being iterative,	16:31
kmalloc	fernet had iterations, JWT will too	16:31
wxy\|	kmalloc: ++, we can revisit it later.	16:32
lbragstad	but if we can nail down how to recreate the issues wxy\| mentioned for public cloud, i'll get something fixed before RC	16:32
kmalloc	yes.	16:32
lbragstad	wxy\| if i start a thread on the mailing list, would you be able to update it?	16:32
lbragstad	or just share/double check my process for recreating the issue?	16:33
kmalloc	it'll be easier to do that once JWT is landed. IT is not bad code nor something we should hold up. make sure we mark the release note that iterations on performance are expected to occur	16:33
kmalloc	or something.	16:33
wxy\|	lbragstad: Sure	16:33
lbragstad	#action lbragstad to summarize key loading performance notes on the openstack-discuss mailing list	16:33
wxy\|	I can try to get more information (like performance test data) from downstream team as well.	16:33
kmalloc	I fully expect you'll need to run some kind of io-contention running process to force it to duplicate the read-from-disk issues with low disk-cache / low ram available for disk caching	16:34
lbragstad	that'd be great	16:34
kmalloc	it's hard to replicate a real-world environment on that front.	16:34
kmalloc	especially with repos being deployed ${wherever} and shared with ${other_processes}	16:34
lbragstad	sounds good	16:34
hrybacki	I would like to say that we already have a big performance hit from uuid->fernet so it's worth paying close attention to for jwt (especially if we aim for it to be default)	16:34
kmalloc	heck, i wouldn't be surprised if folks deploy keys via NFS and have performance issues that way as well.	16:34
*** markvoelker has quit IRC		16:35
kmalloc	hrybacki: ++ and i think we can be better with JWT, fernet is hard to be a ton better with.,	16:35
kmalloc	asym crypto (signing) vs symmetric crypto (encryption)	16:35
* hrybacki nods		16:36
lbragstad	so - we have a plan for that it sounds like	16:36
lbragstad	explicit domain ids	16:36
lbragstad	someone was pinging about that last week - and it sounded like they were interested in helping out with the work	16:36
lbragstad	i'm not sure if they got in touch with you ayoung	16:37
lbragstad	optrenko i believe?	16:37
ayoung	Not that I remember seeing	16:38
lbragstad	ok	16:38
ayoung	With JWT validated in process, we should not need to go back to Keystone for every token, and performance should improve. It requires fetching and caching of Keystone data,though.	16:39
lbragstad	ok - if i see them i'll try and get an update	16:39
ayoung	The token body itself needs to contain all of the user specific data, not just Ids	16:39
ayoung	but not service catalog	16:40
lbragstad	the default roles work still needs a bunch of reviews - but we're getting there	16:40
kmalloc	so, the concern is token body size there ayoung	16:40
ayoung	roles can be ID only, if the service fetches and caches them.	16:40
ayoung	Yep. There should be a hard limit in the vicinity of 2K I'd say on token size	16:40
*** jamesmcarthur has joined #openstack-meeting-alt		16:40
ayoung	Just to draw a line in the sand	16:41
ayoung	we know 8 K is too big, and we know we can get away with 1K	16:41
hrybacki	lbragstad: lets sync this afternoon on the roles stuff. I've managed to sluff off enough responsibilities to aid now	16:41
*** aprice has joined #openstack-meeting-alt		16:41
ayoung	++	16:41
lbragstad	we still have a bunch to get through on the agenda - mind if we table the jwt stuff til office hours?	16:41
lbragstad	domain level unified limit support is all ready for review - waiting on a patch to fix a sqlite migration	16:42
lbragstad	hrybacki ++	16:42
lbragstad	is there anything i'm missing feature wise?	16:42
cmurphy	i'm making good progress with app cred whitelist, but it is going to be a lot of patches and there might not be enough time to review, if that happens i think it's okay to push it to next cycle	16:43
kmalloc	ayoung: yes, we absolutely need to be less than 4k, but also note significant sizes are a deal breaker for swift on the front of "Recommended" auth methods. when your auth token is larger than the data you are sending to the user.....	16:43
lbragstad	oh - yes cmurphy (sorry!)	16:43
cmurphy	np	16:43
lbragstad	cmurphy those are ready for review?	16:43
cmurphy	lbragstad: not really no	16:43
lbragstad	last i saw you had them WIP'd	16:43
cmurphy	these two ksa patches could be reviewed https://review.openstack.org/636030	16:44
cmurphy	they will need to land before ksm tests will work	16:44
lbragstad	ok	16:44
lbragstad	that brings up our next topic	16:45
cmurphy	wip ksm change if you want to see why those are needed https://review.openstack.org/633369	16:45
lbragstad	does anyone have patches they need eyes on?	16:45
lbragstad	cmurphy cool - i can take a look	16:45
vishakha	a small change https://review.openstack.org/#/c/635444/	16:46
lbragstad	thanks vishakha	16:46
kmalloc	vishakha: +2/+A	16:46
cmurphy	i think this ksm change is ready to go https://review.openstack.org/633695	16:46
vishakha	lbragstad,kmalloc: thanks	16:46
lbragstad	nice	16:47
kmalloc	and we probably want to revisit https://review.openstack.org/#/c/613675/ just to cleanup / make KSM easier to work with.	16:47
kmalloc	PKI[z] is long dead	16:47
kmalloc	it should land after a rebase on the one cmurphy just linked.	16:48
lbragstad	yeah - so my only reason for the -1 there was because we socialize a format for deprecation	16:48
kmalloc	so 635444 should land.	16:48
kmalloc	lbragstad: and my response to that stands.	16:48
lbragstad	it's a difference of logging a warning or not i think	16:49
kmalloc	and maintaining dead opts in the code that have zero impact.	16:49
lbragstad	mainly so people can see what they can clean up	16:49
ayoung	kmalloc, I think we should let cmurphy 's work land before we strip out all the PKI stuff.	16:49
kmalloc	it's fine on the order of landing.	16:49
ayoung	or order the two patches explicitly, to keep from rebase hell	16:49
kmalloc	i have no qualms when it lands.	16:50
cmurphy	10 minutes left	16:50
ayoung	Yeah, just want to not mess up the feature work	16:50
kmalloc	i knwo cmurphy did voice a "pki code" made some things more difficult	16:50
cmurphy	kmalloc: not pki specifically, the whole ksm test suite is a huge mess	16:50
kmalloc	lbragstad: it is communicated via release note that the options are removed.	16:50
kmalloc	cmurphy: fair.	16:50
kmalloc	cmurphy: and yes. it is.	16:50
cmurphy	cleaning up unecessary crap is a good start but would be good to do a full reorg	16:51
lbragstad	i'll re-review it kmalloc	16:51
kmalloc	lbragstad: it can land at anypoint	16:51
kmalloc	cmurphy: i think if we can strip out (do removals) of dead code it'll make the reorg easier too.	16:52
kmalloc	cmurphy: and yeah it def. needs to be reworked.	16:52
cmurphy	kmalloc: ++	16:52
lbragstad	ok - anything else for reviews?	16:52
lbragstad	#topic cleaning up stale blueprints	16:52
*** openstack changes topic to "cleaning up stale blueprints (Meeting topic: keystone)"		16:52
lbragstad	the state of blueprints in launchpad has been rough for a while	16:52
lbragstad	i'm going to put some time into removing cruft and updating things	16:53
lbragstad	if anyone is interested in learning about that process, just ping me	16:53
lbragstad	#topic ops meetup in berlin	16:53
*** openstack changes topic to "ops meetup in berlin (Meeting topic: keystone)"		16:53
kmalloc	fwiw, I still recommend dropping blueprints and just using RFE bugs.	16:53
*** ccamacho has quit IRC		16:53
* kmalloc has a change to the spec template to communicate that		16:53
kmalloc	proposed*	16:53
cmurphy	#link http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002614.html call for topics	16:53
hrybacki	would that be verbose enough?	16:53
kmalloc	hrybacki: we can chat more in -keystone post meeting.	16:53
cmurphy	I'll be at the berlin ops meetup in march	16:54
cmurphy	they are asking for topics that need more input from operators	16:54
cmurphy	so if there are deas follow up on the links in that email	16:54
cmurphy	and/or let me know and i can bring them up	16:54
ayoung	cmurphy, kmalloc we have the policy lab. If that gets the ax, I want to move it to the official keystone topics list. Maybe do so anyway?	16:54
lbragstad	thanks cmurphy	16:54
kmalloc	sure	16:55
hrybacki	ayoung: at the berlin meetup?	16:55
lbragstad	#topic open discussion	16:55
*** openstack changes topic to "open discussion (Meeting topic: keystone)"		16:55
kmalloc	fwiw, i will not be at the berlin meetup.	16:55
lbragstad	aprice and jamesmcarthur are here to help answer questions about the format of the user survey	16:55
cmurphy	lbragstad: re lp blueprints count me in	16:55
kmalloc	and i will not be at the shanghai summit.	16:55
jamesmcarthur	o/	16:55
lbragstad	aprice jamesmcarthur i think the biggest piece of information we're curious about is what format we're limited to with questions	16:56
* kmalloc rolls the piano in... realizes this is not the right time, and rolls the piano back out.		16:56
aprice	o/	16:56
lbragstad	we have some examples of the questions we'd like to ask starting at line 33 here - https://etherpad.openstack.org/p/keystone-weekly-meeting	16:56
jamesmcarthur	You can select pretty much any format you see on the survey.	16:56
kmalloc	is ranked choice for a question possible?	16:57
kmalloc	or is it better to just do a "select 3 of X" optioins	16:57
jamesmcarthur	There is a ranked choice option.	16:57
*** TxGirlGeek has quit IRC		16:57
kmalloc	cool. :)	16:57
*** sridharg has quit IRC		16:58
aprice	lbragstad: because of the volume of projects, each project is limited to two questions so we would want to select which ones out of that list that you would like to include.	16:58
kmalloc	hrybacki, lbragstad: ^ that could make the "what needs work" question more general and keep a pulse on it survey-to-survey	16:58
lbragstad	sure	16:58
hrybacki	yeah, we should think hard if we are limited to two	16:58
ayoung	hrybacki, ah, misread. I meant under the Denver summit/PTG umbrella.	16:58
hrybacki	ayoung: ack, thought so but wanted to clarify	16:59
aprice	if you do want to do more, we could link to a survey monkey that we could facilitate that could also be shared on the ML	16:59
hrybacki	gotta run o/ folks	16:59
aprice	but within the user survey specifically, there would be that limit	16:59
lbragstad	that's a good idea	16:59
*** hongbin has quit IRC		16:59
lbragstad	we're out of time, but we can continue in -keystone if folks are still curious about the survey	17:00
lbragstad	i appreciate the time, everyone	17:00
lbragstad	#endmeeting	17:00
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		17:00
openstack	Meeting ended Tue Feb 12 17:00:38 2019 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	17:00
openstack	Minutes: http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-02-12-16.00.html	17:00
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-02-12-16.00.txt	17:00
openstack	Log: http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-02-12-16.00.log.html	17:00
*** sdake_ has quit IRC		17:01
*** sdake has joined #openstack-meeting-alt		17:03
*** wxy\| has quit IRC		17:06
*** liuyulong has quit IRC		17:09
*** e0ne has quit IRC		17:27
*** _pewp_ has quit IRC		17:27
*** _pewp_ has joined #openstack-meeting-alt		17:28
*** jamesmcarthur has quit IRC		17:31
*** jamesmcarthur_ has joined #openstack-meeting-alt		17:32
*** markvoelker has joined #openstack-meeting-alt		17:32
*** gryf has quit IRC		17:34
*** whoami-rajat has quit IRC		17:36
*** jamesmcarthur_ has quit IRC		17:42
*** e0ne has joined #openstack-meeting-alt		17:43
*** yamamoto has joined #openstack-meeting-alt		17:44
*** sdake has quit IRC		17:44
*** dtrainor has quit IRC		17:46
*** sdake has joined #openstack-meeting-alt		17:47
*** gyee has joined #openstack-meeting-alt		17:47
*** dtrainor has joined #openstack-meeting-alt		17:48
*** yamamoto has quit IRC		17:48
*** jamesmcarthur has joined #openstack-meeting-alt		17:51
*** jamesmcarthur has quit IRC		17:56
*** derekh has quit IRC		17:56
*** jamesmcarthur has joined #openstack-meeting-alt		17:58
*** jamesmcarthur has quit IRC		17:58
*** kopecmartin is now known as kopecmartin\|off		17:58
*** jamesmcarthur has joined #openstack-meeting-alt		18:01
*** markvoelker has quit IRC		18:06
*** panda is now known as panda\|off		18:06
*** jamesmcarthur has quit IRC		18:07
*** jamesmcarthur has joined #openstack-meeting-alt		18:08
*** tssurya has quit IRC		18:09
*** yamamoto has joined #openstack-meeting-alt		18:11
*** jamesmcarthur has quit IRC		18:12
*** panda\|off has quit IRC		18:34
*** gcerami_ has joined #openstack-meeting-alt		18:37
*** sdake has quit IRC		18:44
*** priteau has quit IRC		18:47
*** sdake has joined #openstack-meeting-alt		18:51
*** jamesmcarthur has joined #openstack-meeting-alt		18:56
*** jamesmcarthur has quit IRC		18:58
*** slaweq has quit IRC		18:59
*** tsmith_ has joined #openstack-meeting-alt		19:01
*** markvoelker has joined #openstack-meeting-alt		19:03
*** vishalmanchanda_ has joined #openstack-meeting-alt		19:03
*** Dantalion has quit IRC		19:04
*** alex_xu has quit IRC		19:04
*** stephenfin has quit IRC		19:04
*** vishalmanchanda has quit IRC		19:04
*** jroll has quit IRC		19:04
*** number80 has quit IRC		19:04
*** mugsie has quit IRC		19:04
*** yamahata__ has quit IRC		19:04
*** tsmith2 has quit IRC		19:04
*** vishalmanchanda_ is now known as vishalmanchanda		19:04
*** tsmith_ is now known as tsmith2		19:04
*** yamahata__ has joined #openstack-meeting-alt		19:04
*** mugsie has joined #openstack-meeting-alt		19:05
*** stephenfin has joined #openstack-meeting-alt		19:06
*** jroll has joined #openstack-meeting-alt		19:06
*** number80 has joined #openstack-meeting-alt		19:06
*** jamesmcarthur has joined #openstack-meeting-alt		19:07
*** gcerami_ is now known as panda		19:14
*** jamesmcarthur has quit IRC		19:30
*** markvoelker has quit IRC		19:36
*** sdake has quit IRC		19:42
*** vishakha has quit IRC		19:50
*** jamesmcarthur has joined #openstack-meeting-alt		19:59
*** slaweq has joined #openstack-meeting-alt		20:19
*** e0ne has quit IRC		20:25
*** jamesmcarthur has quit IRC		20:31
*** markvoelker has joined #openstack-meeting-alt		20:33
*** e0ne has joined #openstack-meeting-alt		20:48
*** jamesmcarthur has joined #openstack-meeting-alt		20:52
*** jamesmcarthur has quit IRC		20:54
*** slaweq_ has joined #openstack-meeting-alt		21:03
*** slaweq has quit IRC		21:06
*** mugsie has quit IRC		21:06
*** markvoelker has quit IRC		21:06
*** mugsie has joined #openstack-meeting-alt		21:06
*** raildo has quit IRC		21:18
*** rdopiera has quit IRC		21:23
*** sdake has joined #openstack-meeting-alt		21:26
*** e0ne has quit IRC		21:28
*** aning has quit IRC		21:32
*** slaweq_ is now known as slaweq		21:32
*** jtomasek has quit IRC		21:35
*** sdake has quit IRC		21:50
*** markvoelker has joined #openstack-meeting-alt		22:03
*** jamesmcarthur has joined #openstack-meeting-alt		22:27
*** slaweq has quit IRC		22:34
*** markvoelker has quit IRC		22:36
*** cloudrancher has joined #openstack-meeting-alt		22:59
*** masahito has joined #openstack-meeting-alt		23:08
*** jamesmcarthur has quit IRC		23:11
*** whoami-rajat has joined #openstack-meeting-alt		23:12
*** jamesmcarthur has joined #openstack-meeting-alt		23:32
*** jamesmcarthur has quit IRC		23:32
*** jamesmcarthur has joined #openstack-meeting-alt		23:33
*** markvoelker has joined #openstack-meeting-alt		23:33
*** macza has quit IRC		23:42
*** macza has joined #openstack-meeting-alt		23:42
*** sdake has joined #openstack-meeting-alt		23:43
*** cloudrancher has quit IRC		23:44
*** jamesmcarthur has quit IRC		23:56

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!