Wednesday, 2020-05-13

« Tuesday, 2020-05-12 Index Thursday, 2020-05-14 »
*** rfolco|rover|off has quit IRC00:25
*** tetsuro has joined #openstack-meeting-alt00:30
*** tetsuro_ has joined #openstack-meeting-alt00:40
*** tetsuro has quit IRC00:43
*** Liang__ has joined #openstack-meeting-alt00:59
*** redrobot has quit IRC01:34
*** masahito has joined #openstack-meeting-alt01:39
*** tetsuro has joined #openstack-meeting-alt01:44
*** tetsuro_ has quit IRC01:47
*** lbragstad_ is now known as lbragstad01:52
*** tetsuro_ has joined #openstack-meeting-alt02:12
*** tetsuro has quit IRC02:15
*** andrebeltrami has quit IRC02:28
*** tetsuro has joined #openstack-meeting-alt03:06
*** tetsuro_ has quit IRC03:09
*** lbragstad has quit IRC03:18
*** gyee has quit IRC03:18
*** masahito has quit IRC03:22
*** dustinc has quit IRC03:34
*** tetsuro_ has joined #openstack-meeting-alt04:06
*** tetsuro has quit IRC04:09
*** diablo_rojo has quit IRC04:44
*** links has joined #openstack-meeting-alt05:34
*** tetsuro has joined #openstack-meeting-alt05:43
*** tetsuro_ has quit IRC05:47
*** ccamacho has joined #openstack-meeting-alt06:00
*** tetsuro_ has joined #openstack-meeting-alt06:23
*** tetsuro has quit IRC06:26
*** tetsuro has joined #openstack-meeting-alt06:29
*** ttsiouts has joined #openstack-meeting-alt06:30
*** tetsuro_ has quit IRC06:32
*** links has quit IRC06:37
*** ttsiouts has quit IRC06:39
*** links has joined #openstack-meeting-alt06:40
*** ttsiouts has joined #openstack-meeting-alt06:41
*** lpetrut has joined #openstack-meeting-alt06:42
*** slaweq has joined #openstack-meeting-alt06:51
*** vishalmanchanda has joined #openstack-meeting-alt07:03
*** pavani_pedd has joined #openstack-meeting-alt07:04
*** apetrich has quit IRC07:11
*** tetsuro_ has joined #openstack-meeting-alt07:24
*** tetsuro has quit IRC07:27
*** pavani_pedd has quit IRC07:31
*** ralonsoh has joined #openstack-meeting-alt07:42
*** apetrich has joined #openstack-meeting-alt07:45
*** apetrich has quit IRC07:45
*** apetrich has joined #openstack-meeting-alt07:46
*** e0ne has joined #openstack-meeting-alt08:05
*** ttsiouts has quit IRC08:34
*** tetsuro_ has quit IRC08:47
*** ttsiouts has joined #openstack-meeting-alt08:53
*** tetsuro has joined #openstack-meeting-alt09:07
*** tetsuro has quit IRC09:23
*** jraju__ has joined #openstack-meeting-alt09:27
*** links has quit IRC09:28
*** Liang__ has quit IRC09:32
*** links has joined #openstack-meeting-alt09:47
*** jraju__ has quit IRC09:47
*** derekh has joined #openstack-meeting-alt10:20
*** vishakha has joined #openstack-meeting-alt10:47
*** yamamoto has joined #openstack-meeting-alt11:43
*** yamamoto has quit IRC11:43
*** rfolco has joined #openstack-meeting-alt12:04
*** rfolco is now known as rfolco|rover12:05
*** raildo has joined #openstack-meeting-alt12:05
*** lpetrut has quit IRC12:46
*** ianychoi has quit IRC12:55
*** gshippey has joined #openstack-meeting-alt13:03
*** ttsiouts has quit IRC13:04
*** enriquetaso has joined #openstack-meeting-alt13:12
*** ttsiouts has joined #openstack-meeting-alt13:13
*** lbragstad has joined #openstack-meeting-alt13:23
*** ttsiouts has quit IRC13:32
*** redrobot has joined #openstack-meeting-alt13:34
*** liuyulong has joined #openstack-meeting-alt13:49
*** sfernand has joined #openstack-meeting-alt14:04
*** ttsiouts has joined #openstack-meeting-alt14:12
*** ttsiouts has quit IRC14:17
*** lpetrut has joined #openstack-meeting-alt14:29
e0ne#startmeeting horizon15:01
openstackMeeting started Wed May 13 15:01:44 2020 UTC and is due to finish in 60 minutes.  The chair is e0ne. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
*** openstack changes topic to " (Meeting topic: horizon)"15:01
openstackThe meeting name has been set to 'horizon'15:01
*** priteau has joined #openstack-meeting-alt15:01
NizarsHi!15:01
jberg-devHello15:02
*** links has quit IRC15:02
e0nehi15:02
*** Andreas681 has joined #openstack-meeting-alt15:02
vishalmanchandahi all15:02
e0nelet's wait for a few minutes to get more people here15:02
Andreas681Hello15:02
amotokihi15:04
e0nelet's start15:05
e0ne#topic Notices15:05
*** openstack changes topic to "Notices (Meeting topic: horizon)"15:05
e0neOpenStack Ussuri is released today!15:05
e0ne#link https://releases.openstack.org/ussuri/index.html15:05
NizarsNice!15:05
amotokihttp://lists.openstack.org/pipermail/openstack-announce/2020-May/002035.html15:06
amotokithis is the official announcement :)15:06
NizarsInteresting :)15:06
* e0ne didn't check my mailbox today :(15:06
e0nethanks everybody for your contributions!15:07
e0neand special thanks to Akihiro amotoki for being our PTL during Ussury cycle15:07
amotokithanks all!15:07
*** lpetrut has quit IRC15:08
NizarsHopefully I will be able to contribute next time :)15:08
amotokiNizars: hope so :)15:08
e0nehere is victoria schedule: https://releases.openstack.org/victoria/schedule.html15:09
e0nethis time, V, means virtual15:10
e0neit could be un-official release name this time :(15:10
vishalmanchandahehe🙂)15:11
-amotoki- wonders what is a virtual release :)15:11
e0nePTG will be virtual too15:11
e0ne#link https://etherpad.opendev.org/p/horizon-v-ptg15:11
e0nefeel free to add topics you would like to discuss15:11
e0nePTG registration is open15:12
e0ne#link https://www.openstack.org/ptg15:12
e0neit's free to attend but OSF recommends to register15:12
NizarsNice :)15:13
NizarsCan I bring up the topic I would like to discuss now?15:13
e0nethat's all announcements I've got for today15:15
amotokiNizars: if you are bringing up a topic to this meeting, "On-demand agenda" section would be the one you want.15:15
NizarsI see, I still haven't familiarized myself properly with the format. I will wait until I see that appear.15:16
Nizarsamotoki: Thank you :)15:16
e0neamotoki, vishalmanchanda : do you have anything to add as announcements?15:17
amotokinothing from me15:18
vishalmanchandae0ne: no.15:18
e0neok15:18
e0ne#topic Open Discussion15:18
*** openstack changes topic to "Open Discussion (Meeting topic: horizon)"15:18
e0neNizarsL it's your turn15:18
NizarsThank!15:18
NizarsSo me and my team have been working on developing a plugin for Horizon15:19
NizarsThis is how it currently looks like:15:19
Nizarshttps://imgur.com/RB0o7Br15:19
NizarsWe have created a blueprint for it and we are hoping to have it approved.15:19
Nizarshttps://blueprints.launchpad.net/horizon/+spec/policies-plugin15:19
NizarsHere is the code for the plugin:15:20
Nizarshttps://github.com/nizos/horizon-policies-plugin15:20
e0neusually, blueprints are required for some features15:20
e0nea new plugin is a new project, so I'm not sure we need a plugin15:20
Nizarsyou mean that you are not sure we need a *blueprint right?15:21
e0neNizars: are you going to move this plugin under openstack umbrella to opendev?15:21
NizarsWe are hoping to contribute with it yes.15:21
amotokito the horizon repo or a separate repo?15:22
NizarsWe are ok with either, you know better. :)15:22
amotokiNizars: I think we discussed it several weeks before. Any update since then?15:23
NizarsNot really, we have been working on it. We are starting testing soon. There is one implementation left, which is the permissions check with openstack_auth.15:24
NizarsWe are currently working on that and cleaning out a few UI bugs and so on.15:25
amotokiI am not sure it was from you, but we discussed the UI for policies several weeks ago. Is it from some different folks?15:26
NizarsIt was us, that is correct. :)15:26
amotokithanks for the confirmation15:27
amotokiso, perhaps what we need to discuss are (1) updates from the previous discussion here and (2) the actual plan for the next steps15:27
NizarsWe are all very new to openstack and open source contribution but we hope we can contribute with this effort. Directions, guidance, critique and feedback is appreciated. :)15:28
amotokiNizars: IIRC, you said you will discuss it in oslo meeting. any update?15:28
amotokiNizars: from my memory, another action item is to check how the default policies are loaded.15:29
e0nealso, there was a concern, that current implementation will work only if we've got single node deployment15:31
NizarsOk, the goal of the plugin is to allow the installer to quickly view the policies and make modifications to them.  We were recommended to look into the permissions so that not anyone can access/modify policies through it. We are currently adding that functionality through openstack_auth. An issue that was brought up was how would this plugin be used with policies of projects on other servers and so on. We15:32
Nizarsdon't think we have a solution for that at the moment without going outside of the scope of the initial goal. We will have to look into creating a back end functionality that is to be installed on the different servers/nodes and allow them to communicate.15:32
NizarsI discussed the matter with either oslo or keystone, can't remember which one it was. The other one didn't sart their meeting at the time I was anticipating them to. There isn't really much to update you about from that discussion. There was something about finding a fitting team for us or something like that.15:34
NizarsI will attend the future meetings and check again with them.15:34
amotokifirst of all, openstack_auth just provides policies for GUI (horizon and plugins) (via openstack_auth.policy)15:35
NizarsExactly15:35
amotokiopenstack_auth is not a place to handle policies used by backend services like nova, neutorn, cinder and so on15:35
amotokiis it same as your understanding15:35
amotoki?15:35
NizarsYeah, no. That is not what I intended to communicate.15:36
NizarsWe are on the same page.15:36
amotokiso what would your solution like to provide?15:37
amotokiis it an UI to view and edit policies as a preparation for deployment?15:37
NizarsWe have currently just implemented it for usage with Horizon "identity" but it should easily be made to work with any other project on the same node.15:38
amotokia single node deployment is just for testing :(15:39
amotokiwe need to consider real deployment scenarios with multinode controllers (ie API nodes)15:39
amotokiso, we need to clarify how your UI can be used in production deployments15:40
NizarsThe solution is to allow for easy access and modification of policies. It provides functionalities such as autocomplete suggestion in the editor, tooltip information, restoring policies from uploaded file, download policy back ups, print, copy, search, sort, filter, view scopes, operations and descriptions for policies etc...15:40
NizarsIt is true what you say. If we can find a good approach to solve the multi-node deployment issue it could be used in production and not just testing.15:41
amotokiso, is the scenario in your mind that an operator check/update policies via your UI, then save it and deploy it to all nova/neutron/cinder API servers?15:42
*** gyee has joined #openstack-meeting-alt15:43
e0nemulti-node deployment is an extremely important in a containerised world15:43
NizarsIt should be possible to have it deploy the policies to the different projects. We just haven't done that yet. We just need to add the functionality to the back end and add the dictionary for the corresponding project policies.15:44
amotokiI don't understand your last statement...15:45
amotokiindividual projects (API servers) configure RBAC via policy files15:46
amotokiI am not sure what you mean by "dictionary".15:46
NizarsI agree, we would like to have it work in multi-node deployments. Maybe if a backend piece of software can be developed to communicate encrypted policy read/write instructions within the network, it should be able to do its job.15:46
NizarsThe dictionary is this:15:47
Nizarshttps://github.com/nizos/horizon-policies-plugin/blob/master/policies_plugin/api/resources/keystone_fields.py15:47
amotokiIn addition, the current OpenStack services can work with empty policy files because default policies are defined in their python codes.15:47
amotokiI am not sure how it works with your proposal.15:47
amotokieven in a single node.15:48
NizarsThe name of the file should be identity not keystone, it will be fixed in the next commit. But it is where the description, scopes, default rule, operation values and so on are retrieved from for the policies.15:48
NizarsThe plugin displays default rules15:48
amotokihow are they loaded?15:49
NizarsIt merges default rules from code with ones defined in the policy files.15:49
NizarsThis is the client:15:49
Nizarshttps://github.com/nizos/horizon-policies-plugin/blob/master/policies_plugin/api/rest/client.py15:49
amotokino, the default rules are defined in (for example) keystone.common.policies15:50
NizarsIt uses oslo policy enforcer to get the rules15:50
amotokimost operators uses policy files only when they would like to define different rules from the default ones.15:50
NizarsI see15:51
NizarsI assume that there is still value in viewing the default rules nonetheless? maybe an option can be configured to show/hide default rules.15:51
amotokinote that horizon policy support is behind the current situation and we the horizon team is trying to catch up with the current situation.15:52
amotokiyou cannot assume the horizon openstakc-auth implementation is the latest oen.15:52
NizarsNoted15:52
amotokiI think we need to discuss the next step rather than digging into the detail of imps.15:53
amotoki*implementations15:53
NizarsI see, do you think implementing something to make policies accessible to the plugin in multi-node deployments is feasible?15:54
amotokiin my current impression, it does not fit into the horizon repo at least because horizon provides GUI on top of REST APIs from backend services like keystone, nova, neutron and so on.15:54
NizarsI see.15:54
amotokiyour proposal sounds like a help tool to check/edit policy files.15:55
amotokia separate repository sounds better.15:55
NizarsUnderstood15:55
amotokimy next suggestion is to discuss it with operators to understand their real scenarios.15:55
NizarsIt's no problem for us.15:55
Nizarsok15:56
amotokiI don't have a good suggestion where you can discuss but openstack-discuss ml  would be a good place.15:56
amotokie0ne: vishalmanchanda: any comment?15:56
NizarsWe can communicate with some of the devs at City Network who work with Openstack, they might have some feedback for us.15:57
e0neamotoki: nothing more from my side15:57
amotokimy comments above are based on my operator experience (not from the dev experience)15:57
NizarsIt's appreciated!15:57
vishalmanchandaamotoki: it's good to discuss it on ml and tag tc as well.15:57
NizarsWhat is ml?15:57
amotokiNizars: openstack-discuss ML15:57
amotokiML = mailing list15:58
vishalmanchandaNizars: Open-discuss list15:58
NizarsAh ok!15:58
amotokiNizars: generally speaking, it is nice to have UI to check/view/modify policies15:58
amotokias it is not easy to check all policies15:59
e0neamotoki: +115:59
NizarsTrue, it just turned out to be more complicated than we originally anticipated.15:59
amotokibut the implementation needs to consider the current oslo.policy support and oeprators' scenarios.15:59
NizarsI had no idea what openstack was a couple of months ago so there is a lot to learn here and a lot is being picked up along the way.15:59
amotokiit is not just a GUI topic15:59
NizarsI agree16:00
-amotoki- we are out of time....16:00
NizarsThanks for everything. :)16:01
e0neNizars: we can continue the discussion in the horizon channel16:01
amotokiI will be there for a while after the meeting16:01
e0nethanks everybody for [articipation16:01
NizarsAnother day maybe, I need to get some rest but thanks for all the help. :)16:01
e0ne#endmeeting16:01
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"16:01
openstackMeeting ended Wed May 13 16:01:51 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:01
openstackMinutes:        http://eavesdrop.openstack.org/meetings/horizon/2020/horizon.2020-05-13-15.01.html16:01
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/horizon/2020/horizon.2020-05-13-15.01.txt16:01
openstackLog:            http://eavesdrop.openstack.org/meetings/horizon/2020/horizon.2020-05-13-15.01.log.html16:01
amotokio/16:02
*** sfernand has quit IRC16:13
*** andrebeltrami has joined #openstack-meeting-alt16:14
*** liuyulong has quit IRC16:17
*** rf0lc0 has joined #openstack-meeting-alt16:20
*** rfolco|rover has quit IRC16:23
*** Andreas681 has quit IRC16:25
*** rf0lc0 is now known as rfolco|rover16:56
*** derekh has quit IRC17:03
*** enriquetaso has quit IRC17:10
*** hemna_ has quit IRC17:29
*** hemna has joined #openstack-meeting-alt17:29
*** priteau has quit IRC17:38
*** ralonsoh has quit IRC17:44
*** e0ne has quit IRC17:55
*** enriquetaso has joined #openstack-meeting-alt18:06
*** vishakha has quit IRC19:29
*** ttsiouts has joined #openstack-meeting-alt20:13
*** gshippey has quit IRC20:24
*** ttsiouts has quit IRC20:30
*** vishalmanchanda has quit IRC20:31
*** ttsiouts has joined #openstack-meeting-alt20:32
*** ccamacho has quit IRC20:54
*** enriquetaso has quit IRC21:00
*** rfolco|rover has quit IRC21:16
*** raildo has quit IRC21:46
*** slaweq has quit IRC21:57
*** slaweq has joined #openstack-meeting-alt22:08
*** slaweq has quit IRC22:13
*** slaweq has joined #openstack-meeting-alt22:23
*** slaweq has quit IRC22:28
*** ttsiouts has quit IRC22:43
*** ttsiouts has joined #openstack-meeting-alt22:44
*** hongbin has joined #openstack-meeting-alt23:05
*** Liang__ has joined #openstack-meeting-alt23:29
*** rcernin has quit IRC23:31
*** rcernin has joined #openstack-meeting-alt23:32
*** early has quit IRC23:38
« Tuesday, 2020-05-12 Index Thursday, 2020-05-14 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!