Tuesday, 2020-05-19

*** jamesmcarthur has joined #openstack-meeting-alt		00:09
*** slaweq has quit IRC		00:26
*** slaweq has joined #openstack-meeting-alt		00:37
*** slaweq has quit IRC		00:42
*** EmilienM\|off is now known as EmilienM		00:46
*** jhesketh has joined #openstack-meeting-alt		00:52
*** jamesmcarthur has quit IRC		00:58
*** andrebeltrami has quit IRC		00:58
*** yaawang has quit IRC		01:22
*** jamesmcarthur has joined #openstack-meeting-alt		01:23
*** yaawang has joined #openstack-meeting-alt		01:25
*** hongbin has joined #openstack-meeting-alt		03:00
*** jamesmcarthur has quit IRC		03:09
*** jamesmcarthur has joined #openstack-meeting-alt		03:10
*** gyee has quit IRC		03:23
*** jamesmcarthur has quit IRC		03:24
*** jamesmcarthur has joined #openstack-meeting-alt		03:26
*** jamesmcarthur has quit IRC		03:27
*** jamesmcarthur has joined #openstack-meeting-alt		03:28
*** tetsuro has quit IRC		03:45
*** tetsuro has joined #openstack-meeting-alt		04:15
*** hongbin has quit IRC		04:37
*** vishalmanchanda has joined #openstack-meeting-alt		04:52
*** links has joined #openstack-meeting-alt		05:19
*** vishakha has joined #openstack-meeting-alt		05:30
*** ccamacho has joined #openstack-meeting-alt		06:32
*** slaweq has joined #openstack-meeting-alt		06:47
*** ircuser-1 has joined #openstack-meeting-alt		06:49
*** jamesmcarthur has quit IRC		06:49
*** jamesmcarthur has joined #openstack-meeting-alt		06:50
*** jamesmcarthur has quit IRC		06:55
*** tetsuro_ has joined #openstack-meeting-alt		07:01
*** tetsuro has quit IRC		07:04
*** jamesmcarthur has joined #openstack-meeting-alt		07:14
*** jamesmcarthur has quit IRC		07:16
*** jamesmcarthur has joined #openstack-meeting-alt		07:17
*** ttsiouts has joined #openstack-meeting-alt		07:18
*** jamesmcarthur has quit IRC		07:22
*** jamesmcarthur has joined #openstack-meeting-alt		07:23
*** adam_g has quit IRC		07:24
*** adam_g has joined #openstack-meeting-alt		07:24
*** ralonsoh has joined #openstack-meeting-alt		07:33
*** vishalmanchanda has quit IRC		07:39
*** ccamacho has quit IRC		07:40
*** rdopiera has joined #openstack-meeting-alt		07:51
*** lpetrut has joined #openstack-meeting-alt		08:01
*** ttsiouts has quit IRC		08:03
*** ttsiouts has joined #openstack-meeting-alt		08:04
*** e0ne has joined #openstack-meeting-alt		08:06
*** yaawang has quit IRC		08:08
*** yaawang has joined #openstack-meeting-alt		08:09
*** yaawang has quit IRC		08:19
*** yaawang has joined #openstack-meeting-alt		08:21
*** jamesmcarthur has quit IRC		08:35
*** masahito has joined #openstack-meeting-alt		09:08
*** vishalmanchanda has joined #openstack-meeting-alt		09:24
*** ttsiouts has quit IRC		09:25
*** links has quit IRC		09:33
*** ttsiouts has joined #openstack-meeting-alt		09:35
*** ttsiouts has quit IRC		10:10
*** tetsuro_ has quit IRC		10:17
*** derekh has joined #openstack-meeting-alt		10:26
*** ttsiouts has joined #openstack-meeting-alt		10:34
*** jamesmcarthur has joined #openstack-meeting-alt		10:36
*** jamesmcarthur has quit IRC		10:40
*** masahito has quit IRC		10:56
*** rfolco\|rover\|off has joined #openstack-meeting-alt		11:42
*** rfolco\|rover\|off is now known as rfolco\|rover		11:44
*** raildo has joined #openstack-meeting-alt		11:57
*** enriquetaso has joined #openstack-meeting-alt		12:05
*** ccamacho has joined #openstack-meeting-alt		12:18
*** ttsiouts has quit IRC		12:42
*** ttsiouts has joined #openstack-meeting-alt		12:43
*** derekh has quit IRC		13:01
*** derekh has joined #openstack-meeting-alt		13:01
*** ttsiouts has quit IRC		13:06
*** vishalmanchanda has quit IRC		13:09
*** ttsiouts has joined #openstack-meeting-alt		13:10
*** lbragstad_ has joined #openstack-meeting-alt		13:36
*** lbragstad has quit IRC		13:38
*** lpetrut has quit IRC		13:52
*** tetsuro has joined #openstack-meeting-alt		13:52
*** tetsuro has quit IRC		14:04
*** vishakha has quit IRC		14:10
*** andrebeltrami has joined #openstack-meeting-alt		14:31
*** jamesmcarthur has joined #openstack-meeting-alt		14:36
gagehugo	#startmeeting openstack-helm	15:00
openstack	Meeting started Tue May 19 15:00:21 2020 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.	15:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	15:00
*** openstack changes topic to " (Meeting topic: openstack-helm)"		15:00
openstack	The meeting name has been set to 'openstack_helm'	15:00
gagehugo	#link https://etherpad.opendev.org/p/openstack-helm-weekly-meeting agenda	15:00
gagehugo	o/	15:02
lamt	\o	15:02
portdirect	o/	15:02
stevthedev	Hello	15:05
gagehugo	Lets get started	15:05
gagehugo	#topic next week meeting	15:05
*** openstack changes topic to "next week meeting (Meeting topic: openstack-helm)"		15:05
gagehugo	I plan on canceling next week's meeting since I will be out, if anyone wants to host then lemme know	15:05
gagehugo	#topic virtual ptg - june	15:06
*** openstack changes topic to "virtual ptg - june (Meeting topic: openstack-helm)"		15:06
gagehugo	Reminder that the OpenDev PTG is coming up in < 2 weeks	15:06
gagehugo	#link https://etherpad.opendev.org/p/openstack-helm-ptg-victoria	15:06
gagehugo	^ add topics to discuss there, otherwise it might be a quiet conference call	15:06
gagehugo	:)	15:06
gagehugo	#topic TLS	15:06
*** openstack changes topic to "TLS (Meeting topic: openstack-helm)"		15:06
gagehugo	pordirect: I assume this is you	15:07
portdirect	:)	15:07
portdirect	so - it think the planets are alining for internal tls	15:07
portdirect	we have had a few rough starts on this before	15:07
portdirect	but evaluating jetstacks cert manager, it looks to be the missing link in what was attempted before	15:08
portdirect	id therefore like to propose that we use that to get this effort moving again	15:08
portdirect	which we could break down into a couple of steps:	15:08
portdirect	1) Jetstack Cert Manager	15:09
portdirect	a) Chart	15:09
portdirect	b) Deploy in gate with snakeoil ca	15:09
portdirect	2) Chart updates	15:09
portdirect	a) Add in option to create TLS cr, with required hostnames - ideally via htk macro similar to the ingress rule generator	15:09
portdirect	b) Get tls certs generated for all internal services	15:09
portdirect	c) Mount secrets into api pods	15:09
portdirect	d) Enable tls and also set the ingress rule to support secure backends	15:09
gagehugo	jetstack looks interesting	15:10
portdirect	its used by the cluster api and several other projects	15:10
gagehugo	hmm	15:11
portdirect	any thoughts on this approach?	15:12
gagehugo	It's the best one we have so far	15:12
lamt	I need to read up on it	15:12
gagehugo	same	15:12
portdirect	ok - please do	15:12
gagehugo	I assume this means we don't need that sidecar stuff from years ago?	15:13
lamt	I read about kube-lego before	15:13
lamt	but it has been a while	15:13
portdirect	gagehugo: i think thats the next phase following this	15:13
portdirect	lets make it simple	15:13
lamt	I guess they already have a chart	15:13
portdirect	and then optimise	15:13
lamt	I will play around with it	15:13
portdirect	this is a pretty similar approach to what i did on another openstack-on-k8s project	15:14
portdirect	and it worked very well there	15:14
gagehugo	nice	15:14
portdirect	though i was using dogtag/freeipa then ;)	15:14
lamt	if we can load the certs with the correct CN as secret, the rest should follow	15:15
lamt	but lemme play around with jetstack and read up on the docs	15:16
gagehugo	I will read up on it as well	15:16
gagehugo	and look at that chart	15:16
stevthedev	Me too. Would be cool to get mTLS working	15:16
lamt	we just need tls not mtls right?	15:18
gagehugo	I assume just TLS	15:20
stevthedev	Sorry, did I misunderstand? Is this for TLS within the cluster?	15:21
stevthedev	Maybe I a mixing my acronyms :)	15:22
stevthedev	Gotta read up in any case	15:22
gagehugo	portdirect: anything else for TLS? I think the path forward is to read up on jetstack for now	15:24
*** ttsiouts has quit IRC		15:27
gagehugo	thanks everyone, have a good rest of the week	15:29
gagehugo	#endmeeting	15:29
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		15:29
openstack	Meeting ended Tue May 19 15:29:22 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	15:29
openstack	Minutes: http://eavesdrop.openstack.org/meetings/openstack_helm/2020/openstack_helm.2020-05-19-15.00.html	15:29
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/openstack_helm/2020/openstack_helm.2020-05-19-15.00.txt	15:29
openstack	Log: http://eavesdrop.openstack.org/meetings/openstack_helm/2020/openstack_helm.2020-05-19-15.00.log.html	15:29
*** lbragstad_ is now known as lbragstad		15:36
*** gyee has joined #openstack-meeting-alt		15:46
*** lpetrut has joined #openstack-meeting-alt		16:02
*** ttsiouts has joined #openstack-meeting-alt		16:04
*** ttsiouts has quit IRC		16:10
*** rdopiera has quit IRC		16:15
*** lpetrut has quit IRC		16:50
*** ayoung has joined #openstack-meeting-alt		16:50
*** vishakha has joined #openstack-meeting-alt		16:50
*** derekh has quit IRC		16:59
knikolla	#startmeeting keystone	17:00
openstack	Meeting started Tue May 19 17:00:08 2020 UTC and is due to finish in 60 minutes. The chair is knikolla. Information about MeetBot at http://wiki.debian.org/MeetBot.	17:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	17:00
*** openstack changes topic to " (Meeting topic: keystone)"		17:00
openstack	The meeting name has been set to 'keystone'	17:00
lbragstad	o/	17:00
cmurphy	o/	17:00
gagehugo	o/	17:00
knikolla	o/	17:00
bnemec	o/	17:00
knikolla	how's everyone doing?	17:01
vishakha	o/	17:01
cmurphy	hanging in there	17:01
lbragstad	same here	17:01
bnemec	Obligatory: https://i2.wp.com/www.newromantimes.com/wp-content/uploads/2016/11/sales-of-hang-in-there-2.jpg	17:02
cmurphy	lol	17:03
knikolla	that is more like hanging out there though	17:03
bnemec	There's a sloth version! https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQwTynAfWY15vRIBjwfji9b-Qoi04oFzFomjWATBF-txx6H4vUv&usqp=CAU	17:04
*** alistarle has joined #openstack-meeting-alt		17:04
knikolla	adorable!	17:04
bnemec	Google image search, the gift that keeps on giving. :-)	17:04
*** jamesmcarthur has quit IRC		17:04
bnemec	lol, for our Suse folks: https://images.fineartamerica.com/images/artworkimages/mediumlarge/2/hang-in-there-magical-chameleon-john-schwegel.jpg	17:05
* bnemec is done posting memes		17:06
knikolla	no announcement, but make sure everyone registers for the ptg https://virtualptgjune2020.eventbrite.com/	17:06
knikolla	#topic Review Requests	17:06
*** openstack changes topic to "Review Requests (Meeting topic: keystone)"		17:06
vishakha	I have couple of reviews	17:07
vishakha	#link https://review.opendev.org/#/q/topic:update-onboarding+(status:open+OR+status:merged)	17:07
*** ttsiouts has joined #openstack-meeting-alt		17:08
vishakha	Thanks cmurphy for the reviews. I updated these according to your comments	17:08
vishakha	#link https://review.opendev.org/#/c/728387/	17:09
*** ttsiouts has quit IRC		17:09
*** jamesmcarthur has joined #openstack-meeting-alt		17:09
cmurphy	i haven't had a chance to look at the new revisions but wanted to ask the team, what's the consensus on using the terms "controller" and "manager"?	17:09
vishakha	I blocked patching of access_id of EC2 credentials as discussed. Tempest had no problem with it	17:09
cmurphy	i still always use "controller" and "manager" in my head because i'm old but i can see how that would be confusing to someone looking at the code post-flask and post-providerAPI	17:10
lbragstad	++	17:10
lbragstad	i agree	17:10
knikolla	i think since there aren't really references to controller in the code anymore, we should update the docs	17:11
cmurphy	what should it be called then? i suggested things like "API resource" in my reviews	17:11
cmurphy	and is the stuff in core.py still a "manager" or is it something else?	17:12
knikolla	good point	17:12
lbragstad	i always mentally mapped "controller" to "this stuff handles request logic" and "managers" contain "keystone-specific business logic"	17:13
cmurphy	lbragstad: yeah exactly	17:13
cmurphy	it's kind of still the same	17:13
lbragstad	yeah	17:13
cmurphy	it's just the python classes and file names don't match	17:13
lbragstad	would that make core.py (the managers) a model?	17:13
lbragstad	meh... probably not	17:14
cmurphy	in an mvc sense i think the sql backend is the model	17:14
lbragstad	right	17:15
lbragstad	so the managers would really be the controllers	17:15
lbragstad	and the controllers would be the view	17:15
cmurphy	heh yeah kind of	17:15
* lbragstad isn't helping anything		17:15
cmurphy	:P	17:15
knikolla	let's invent new terminology	17:17
cmurphy	knikolla: suggestions?	17:18
vishakha	API resource seemed reasonable	17:18
knikolla	no, i was just reminded of a team at my work who named the view for a project "picasso" and the manager "einstein" and I got PTSD from reviewing their code.	17:19
cmurphy	hahaha	17:19
cmurphy	personally i think i'd be comfortable continuing to call the providerAPI stuff "managers" and the flask stuff "controllers", or renaming the flask stuff "API ... resources/handlers/controllers/something"	17:19
knikolla	i say we go with API <something> since it's part of their name and file path	17:20
knikolla	/file path/package/	17:20
knikolla	manager and controller have the same implication of being in charge, whereas API doesn't have any connotations.	17:22
cmurphy	the class names for the request handler part are {Thing}Resource so "API Resource" fits	17:24
cmurphy	the routes are defined in {Thing}API but i think we should still call them routes	17:24
*** jamesmcarthur has quit IRC		17:24
knikolla	++	17:24
vishakha	okay.	17:26
alistarle	Hi, thanks for your review on oslo.limits : https://review.opendev.org/#/q/owner:%22Victor+Coutellier%22+status:open+project:openstack/oslo.limit	17:28
alistarle	I have updated it with your comments	17:28
cmurphy	thanks alistarle	17:28
* bnemec still has that window open somewhere		17:29
alistarle	But there is still a openstacksdk patch to be merged for mine to work, I don't used to updating dependency workflow	17:29
cmurphy	bnemec: you can open a new window!	17:29
alistarle	Should I wait for it to be merged, then wait a new version of the sdk, and update the lower-constraints of oslo_limit ?	17:30
bnemec	ETOOMANYWINDOWS	17:30
cmurphy	alistarle: you can add "Depends-on: " with a link to the openstacksdk patch in the commit message	17:30
cmurphy	that will prevent it from being merged before the dependency is merged	17:30
knikolla	bnemec: i keep a firefox addon that doesn't let me open more than 7 tabs	17:30
cmurphy	but it will also probably need a new release of openstacksdk before oslo.limit can use it	17:31
alistarle	And a new release of oslo.limit before using it into glance :/	17:31
cmurphy	right	17:31
alistarle	BTW, I have written the full spec for glance about unified limit, if you want to take a look : https://review.opendev.org/#/c/729187/	17:31
bnemec	knikolla: That would never work for me. :-P	17:32
alistarle	Glance guy's already told me to put that in the PTG agenda, do you think it is usefull to synchronize a session with you ?	17:32
bnemec	Did any of the migration tools ever get written?	17:32
cmurphy	not afaik but i haven't kept up with the nova team on that	17:33
alistarle	I don't think so, neither for glance, but as there is no quota yet, maybe there is no migration :p	17:33
bnemec	Oh, glance doesn't have any existing quotas? That would make it easier. :-)	17:34
alistarle	Yes, only hard limit in config file, that's why I think it will be easier than nova	17:34
cmurphy	oh good	17:35
bnemec	Maybe you can just ping us during the Glance discussion?	17:36
alistarle	Sure	17:36
knikolla	#topic Open Floor	17:37
*** openstack changes topic to "Open Floor (Meeting topic: keystone)"		17:37
knikolla	oops, Bug Duty first :)	17:38
knikolla	#topic Bug Duty	17:38
*** openstack changes topic to "Bug Duty (Meeting topic: keystone)"		17:38
knikolla	There were a few reported bugs last week	17:38
* bnemec notes that meetbot has an undo command		17:38
knikolla	ooo, thanks!	17:39
knikolla	#link https://bugs.launchpad.net/keystone/+bug/1878938	17:39
openstack	Launchpad bug 1878938 in OpenStack Identity (keystone) "System role assignments exist after system role delete" [Undecided,New]	17:39
knikolla	a quick check at the code shows that Role_id isn't a foreign key in either normal assignment or role assignments	17:40
knikolla	are we doing the cleanup in code instead of cascading delete?	17:40
knikolla	or is it because we define them as separate backends?	17:40
knikolla	them = role_backend and assignment_backend	17:41
cmurphy	if they're not in the same backend then it is supposed to be handled with notifications	17:41
cmurphy	which are easy to forget	17:41
knikolla	i see.	17:42
* knikolla needs to look at how they're implemented since I haven't played much with them.		17:42
knikolla	cmurphy is covering this week, anyone volunteering for next?	17:44
vishakha	I can take for the next week	17:44
knikolla	thanks vishakha :)	17:45
vishakha	np	17:45
knikolla	#topic Open Floor	17:46
*** openstack changes topic to "Open Floor (Meeting topic: keystone)"		17:46
*** ayoung has quit IRC		17:47
cmurphy	i had a couple more reviews https://review.opendev.org/726727 https://review.opendev.org/726729	17:47
vishakha	I had some more too :)	17:48
* knikolla is failing hard at chairing meetings		17:48
vishakha	#link https://review.opendev.org/#/c/712724	17:48
vishakha	#link https://review.opendev.org/#/c/725634/	17:48
lbragstad	looks like we're having some issues with py35 testing	17:49
lbragstad	i've been noticing a bunch of failures with ksa on master recently	17:49
lbragstad	example: https://review.opendev.org/#/c/727498/3	17:49
*** jamesmcarthur has joined #openstack-meeting-alt		17:50
knikolla	Could not find a version that satisfies the requirement oslotest===4.2.0	17:50
*** ayoung has joined #openstack-meeting-alt		17:51
bnemec	Is py35 even still supported on master branches?	17:51
lbragstad	ksa doesn't have a a tox env for it, but it is part of the zuul jobs	17:51
bnemec	I believe the Victoria unit test jobs are py36 and py38. At least that's what I'm seeing in a project that has been migrated to the victoria template.	17:55
bnemec	But maybe ksa makes broader compatibility guarantees? I know we've done that with pbr at times.	17:55
cmurphy	oh wait i just remembered https://review.opendev.org/721084	17:56
knikolla	https://review.opendev.org/#/c/721093/	17:56
cmurphy	yeah that	17:56
lbragstad	ah	17:57
bnemec	Okay, guess you can't just drop the job then. :-)	17:58
cmurphy	so yes py35 is still supported in ksa master and there is some governance saying that requirements etc should still work for py35 so if it's not we should help fix it	17:58
*** alistarle has quit IRC		17:58
cmurphy	looks like gmann responded on https://review.opendev.org/727498 and there's some ongoing work to fix it	18:00
lbragstad	so we have to maintain our own constraints for ksa?	18:02
*** e0ne has quit IRC		18:02
lbragstad	is what it sounds lik?	18:02
lbragstad	like*	18:03
knikolla	let's continue on #openstack-keystone	18:03
knikolla	#endmeeting	18:03
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		18:03
openstack	Meeting ended Tue May 19 18:03:10 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	18:03
openstack	Minutes: http://eavesdrop.openstack.org/meetings/keystone/2020/keystone.2020-05-19-17.00.html	18:03
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/keystone/2020/keystone.2020-05-19-17.00.txt	18:03
openstack	Log: http://eavesdrop.openstack.org/meetings/keystone/2020/keystone.2020-05-19-17.00.log.html	18:03
gmann	lbragstad: cmurphy discussing on requirement channel if it can be maintained on req side or project side have to maintain	18:04
*** ayoung has quit IRC		18:06
*** e0ne has joined #openstack-meeting-alt		18:07
*** ayoung has joined #openstack-meeting-alt		18:10
*** jamesmcarthur has quit IRC		18:12
*** jamesmcarthur has joined #openstack-meeting-alt		18:14
*** jamesmcarthur has quit IRC		18:17
*** jamesmcarthur has joined #openstack-meeting-alt		18:17
*** jamesmcarthur has quit IRC		18:29
*** jamesmcarthur has joined #openstack-meeting-alt		18:30
*** ayoung has quit IRC		18:31
*** ayoung has joined #openstack-meeting-alt		18:33
*** rcernin has quit IRC		18:34
*** diablo_rojo has joined #openstack-meeting-alt		18:53
*** ralonsoh has quit IRC		18:58
*** raildo has quit IRC		19:04
*** raildo has joined #openstack-meeting-alt		19:19
*** ayoung has quit IRC		19:25
*** ayoung has joined #openstack-meeting-alt		19:29
*** ayoung has quit IRC		19:55
*** enriquetaso has quit IRC		20:10
*** enriquetaso has joined #openstack-meeting-alt		20:13
*** vishakha has quit IRC		20:29
*** ccamacho has quit IRC		21:09
*** jamesmcarthur has quit IRC		21:20
*** jamesmcarthur has joined #openstack-meeting-alt		21:24
*** raildo has quit IRC		21:24
*** jamesmcarthur has quit IRC		21:31
*** jamesmcarthur has joined #openstack-meeting-alt		21:32
*** jamesmcarthur has quit IRC		21:34
*** jamesmcarthur has joined #openstack-meeting-alt		21:34
*** jamesmcarthur has quit IRC		21:37
*** jamesmcarthur has joined #openstack-meeting-alt		21:39
*** slaweq has quit IRC		21:41
*** jamesmcarthur has quit IRC		21:41
*** jamesmcarthur has joined #openstack-meeting-alt		21:41
*** jamesmcarthur has quit IRC		22:33
*** jamesmcarthur has joined #openstack-meeting-alt		22:33
*** jamesmcarthur_ has joined #openstack-meeting-alt		22:40
*** jamesmcarthur has quit IRC		22:44
*** rcernin has joined #openstack-meeting-alt		22:56
*** jamesmcarthur_ has quit IRC		23:05
*** jamesmcarthur has joined #openstack-meeting-alt		23:12
*** andrebeltrami has quit IRC		23:19
*** lbragstad has quit IRC		23:38
*** jamesmcarthur has quit IRC		23:56
*** jamesmcarthur has joined #openstack-meeting-alt		23:57

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!