Tuesday, 2020-07-21

*** openstack has joined #openstack-meeting-alt		07:30
*** ChanServ sets mode: +o openstack		07:30
ttx	eavesdrop is up for me	07:30
ianw	yeah, it should be back .. i don't know the host had just stopped accepting connections	07:31
*** geguileo has quit IRC		07:32
*** geguileo has joined #openstack-meeting-alt		07:33
*** rcernin_ has quit IRC		07:34
ricolin	yeah, is up now	07:35
*** rcernin_ has joined #openstack-meeting-alt		08:17
*** priteau has joined #openstack-meeting-alt		08:25
*** derekh has joined #openstack-meeting-alt		08:25
*** rcernin_ has quit IRC		08:26
*** e0ne has joined #openstack-meeting-alt		08:31
*** rcernin_ has joined #openstack-meeting-alt		08:47
*** baojg has quit IRC		08:56
*** baojg has joined #openstack-meeting-alt		08:57
*** tetsuro has joined #openstack-meeting-alt		08:58
*** tetsuro has quit IRC		09:00
priteau	#startmeeting blazar	09:01
openstack	Meeting started Tue Jul 21 09:01:07 2020 UTC and is due to finish in 60 minutes. The chair is priteau. Information about MeetBot at http://wiki.debian.org/MeetBot.	09:01
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	09:01
*** openstack changes topic to " (Meeting topic: blazar)"		09:01
openstack	The meeting name has been set to 'blazar'	09:01
priteau	#topic Roll call	09:01
*** openstack changes topic to "Roll call (Meeting topic: blazar)"		09:01
*** tetsuro has joined #openstack-meeting-alt		09:03
priteau	Hi tetsuro	09:03
tetsuro	Hi	09:03
priteau	Agenda for today:	09:06
priteau	Specs update	09:06
priteau	Code review priorities	09:06
priteau	AOB	09:06
priteau	#topic Specs update	09:06
*** openstack changes topic to "Specs update (Meeting topic: blazar)"		09:06
*** rcernin_ has quit IRC		09:07
priteau	At the last meeting we discussed your spec draft for GPU support	09:07
priteau	#link http://eavesdrop.openstack.org/meetings/blazar/2020/blazar.2020-07-07-09.00.log.html	09:07
priteau	We agreed to create a new draft spec for PCI passthrough	09:08
priteau	Were you able to make any progress on this?	09:09
tetsuro	No, I don't have any progress	09:10
tetsuro	I'm not sure how we can extend the feature to any PCI devices	09:11
priteau	I've worked a bit with PCI passthrough so I take over the PCI passthrough spec	09:12
tetsuro	That would be nice, thanks priteau	09:13
priteau	#action priteau create new draft spec for PCI passthrough	09:13
priteau	#topic Code review priorities	09:15
*** openstack changes topic to "Code review priorities (Meeting topic: blazar)"		09:15
priteau	We have a few code maintenance patches that we can merge, related to ubuntu focal testing	09:16
priteau	https://review.opendev.org/#/c/740358/	09:16
priteau	https://review.opendev.org/#/c/740359/	09:16
priteau	https://review.opendev.org/#/c/740357/	09:16
*** markvoelker has joined #openstack-meeting-alt		09:16
priteau	Otherwise the review priority is still https://review.opendev.org/#/c/731586/	09:18
priteau	I started reviewing it but I am not very familiar with the way context objects are used	09:18
priteau	#topic AOB	09:21
*** openstack changes topic to "AOB (Meeting topic: blazar)"		09:21
priteau	Anything else to share today?	09:21
*** markvoelker has quit IRC		09:21
*** tetsuro has quit IRC		09:22
*** tetsuro has joined #openstack-meeting-alt		09:25
tetsuro	sorry, my network is not stable	09:25
tetsuro	I don't have any other business	09:25
priteau	Thanks tetsuro, let's wrap up for today.	09:26
priteau	#endmeeting	09:27
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		09:27
openstack	Meeting ended Tue Jul 21 09:27:23 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	09:27
openstack	Minutes: http://eavesdrop.openstack.org/meetings/blazar/2020/blazar.2020-07-21-09.01.html	09:27
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/blazar/2020/blazar.2020-07-21-09.01.txt	09:27
openstack	Log: http://eavesdrop.openstack.org/meetings/blazar/2020/blazar.2020-07-21-09.01.log.html	09:27
*** tetsuro has quit IRC		09:29
*** rcernin_ has joined #openstack-meeting-alt		09:42
*** baojg has quit IRC		09:52
*** baojg has joined #openstack-meeting-alt		09:53
*** rcernin_ has quit IRC		09:55
*** ricolin has quit IRC		10:18
*** Liang__ has quit IRC		10:26
*** markvoelker has joined #openstack-meeting-alt		10:27
*** rcernin_ has joined #openstack-meeting-alt		10:29
*** markvoelker has quit IRC		10:31
*** baojg has quit IRC		11:13
*** baojg has joined #openstack-meeting-alt		11:14
*** markvoelker has joined #openstack-meeting-alt		11:18
*** markvoelker has quit IRC		11:22
*** baojg has quit IRC		11:54
*** baojg has joined #openstack-meeting-alt		11:54
*** raildo has joined #openstack-meeting-alt		12:01
*** vishakha has joined #openstack-meeting-alt		12:05
*** rfolco has joined #openstack-meeting-alt		12:08
*** ricolin has joined #openstack-meeting-alt		12:15
*** dave-mccowan has joined #openstack-meeting-alt		12:27
*** diurnalist has joined #openstack-meeting-alt		12:33
*** diurnalist has quit IRC		12:37
*** baojg has quit IRC		12:44
*** baojg has joined #openstack-meeting-alt		12:45
*** rcernin_ has quit IRC		12:54
*** ricolin has quit IRC		12:56
*** bnemec has joined #openstack-meeting-alt		13:38
*** baojg has quit IRC		13:46
*** baojg has joined #openstack-meeting-alt		13:47
*** yaawang has quit IRC		14:05
*** yaawang has joined #openstack-meeting-alt		14:05
*** ricolin has joined #openstack-meeting-alt		14:21
*** markmcclain has quit IRC		14:23
*** markmcclain has joined #openstack-meeting-alt		14:24
*** diurnalist has joined #openstack-meeting-alt		14:32
gagehugo	#startmeeting openstack-helm	15:00
openstack	Meeting started Tue Jul 21 15:00:08 2020 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.	15:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	15:00
*** openstack changes topic to " (Meeting topic: openstack-helm)"		15:00
*** andrii_ostapenko has joined #openstack-meeting-alt		15:00
openstack	The meeting name has been set to 'openstack_helm'	15:00
gagehugo	#link https://etherpad.opendev.org/p/openstack-helm-weekly-meeting agenda	15:00
lamt	\o	15:00
*** sangeet has joined #openstack-meeting-alt		15:00
gagehugo	o/	15:01
sangeet	o/	15:01
andrii_ostapenko	o/	15:01
megheisler	\o	15:04
gagehugo	#topic Remove opensuse support	15:05
*** openstack changes topic to "Remove opensuse support (Meeting topic: openstack-helm)"		15:05
gagehugo	andrii o/	15:05
andrii_ostapenko	so I was working on introducing testing for images in osh-images and faced lots of failures with build of leap related failures. Tin suggested we should disable opensuse builds since there's no support of them for almost a year	15:07
andrii_ostapenko	https://review.opendev.org/#/c/741824	15:08
gagehugo	That's fine	15:08
gagehugo	Can always be re-enabled	15:08
gagehugo	thanks andrii	15:10
gagehugo	#topic open discussion	15:10
*** openstack changes topic to "open discussion (Meeting topic: openstack-helm)"		15:10
gagehugo	Anyone have anything else for this week? The floor is open	15:10
andrii_ostapenko	also related to images testing changes to review https://review.opendev.org/#/c/741855 and https://review.opendev.org/#/c/741823	15:11
andrii_ostapenko	I also spent some time to reverse engineer buildset registry thing - ephemeral registry that is spinned up for particular set of builds for one change to have a pre-review images testing - https://review.opendev.org/#/c/741551	15:12
andrii_ostapenko	basically we have this ability now	15:13
andrii_ostapenko	though I think it's enough to have it on post-review only	15:13
gagehugo	Thanks everyone, have a good week	15:17
gagehugo	#endmeeting	15:17
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		15:17
openstack	Meeting ended Tue Jul 21 15:17:36 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	15:17
openstack	Minutes: http://eavesdrop.openstack.org/meetings/openstack_helm/2020/openstack_helm.2020-07-21-15.00.html	15:17
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/openstack_helm/2020/openstack_helm.2020-07-21-15.00.txt	15:17
openstack	Log: http://eavesdrop.openstack.org/meetings/openstack_helm/2020/openstack_helm.2020-07-21-15.00.log.html	15:17
*** baojg has quit IRC		15:20
*** baojg has joined #openstack-meeting-alt		15:21
*** gyee has joined #openstack-meeting-alt		15:41
*** ricolin has quit IRC		16:02
*** strigazi has joined #openstack-meeting-alt		16:06
*** diurnalist has quit IRC		16:10
*** sangeet has quit IRC		16:16
*** sangeet has joined #openstack-meeting-alt		16:19
*** sangeet has quit IRC		16:24
*** priteau has quit IRC		16:28
*** diurnalist has joined #openstack-meeting-alt		16:38
*** ralonsoh_ has joined #openstack-meeting-alt		16:41
*** ralonsoh has quit IRC		16:43
knikolla	#startmeeting keystone	16:59
openstack	Meeting started Tue Jul 21 16:59:23 2020 UTC and is due to finish in 60 minutes. The chair is knikolla. Information about MeetBot at http://wiki.debian.org/MeetBot.	16:59
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	16:59
*** openstack changes topic to " (Meeting topic: keystone)"		16:59
openstack	The meeting name has been set to 'keystone'	16:59
knikolla	o/	16:59
vishakha	o/	16:59
whoami-rajat__	Hi	17:00
*** derekh has quit IRC		17:01
*** priteau has joined #openstack-meeting-alt		17:01
knikolla	i'll give it a few more minutes in hope of having some form of quorum.	17:03
gagehugo	o/	17:06
lbragstad	o/o/	17:09
knikolla	seems like we have enough attendance to proceed :)	17:09
knikolla	#topic Review Requests	17:10
*** openstack changes topic to "Review Requests (Meeting topic: keystone)"		17:10
vishakha	#link https://review.opendev.org/#/c/737225/ This patch closes bug targeted for victoria miltstone 2	17:11
vishakha	#link https://review.opendev.org/#/c/739784/ , that closes-bug #link https://bugs.launchpad.net/keystone/+bug/1886017 need one more approval	17:12
openstack	Launchpad bug 1886017 in OpenStack Identity (keystone) ""allow expired" feature is broken against json web token" [Medium,In progress] - Assigned to Vishakha Agarwal (vishakha.agarwal)	17:12
vishakha	and a small one #link https://review.opendev.org/#/c/742233/	17:13
knikolla	thanks, added to my to-do list. i had somehow missed the first one.	17:13
knikolla	#topic Bugs	17:16
*** openstack changes topic to "Bugs (Meeting topic: keystone)"		17:16
knikolla	last week we talked about https://review.opendev.org/#/c/731087/	17:16
vishakha	#link https://review.opendev.org/#/c/731087/, we discussed this in the last meeting but did not come to any conclusion. There were two approaches for this one, to update the operators about deleting stale role in release note or to go for upgrade check	17:16
knikolla	i think the upgrade check method was problematic in not working within the same release, but requiring an upgrade.	17:17
knikolla	so i thought we were okay with a release note.	17:17
knikolla	and apparently there was a precedent.	17:18
vishakha	Yes there was. Since all are okay to update release notes with a SQL query to remove stale role assignments	17:19
vishakha	I will update the patch set.	17:19
vishakha	Thanks knikolla	17:20
*** priteau has quit IRC		17:21
knikolla	#topic Keystone project hierarchy manual validation	17:22
*** openstack changes topic to "Keystone project hierarchy manual validation (Meeting topic: keystone)"		17:22
knikolla	whoami-rajat__: o/	17:22
whoami-rajat__	Hi everyone	17:22
whoami-rajat__	I've some doubts regarding the hierarchical multi tenancy spec	17:23
whoami-rajat__	So currently cinder quotas validate the project in the following manner	17:23
whoami-rajat__	1) if context project is immediate parent of the target project	17:23
whoami-rajat__	2) context project is the root of the subtree for which the target project is a part of	17:24
whoami-rajat__	#link https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L91-L110	17:24
whoami-rajat__	so my questions are, is the sub project part of keystone still promoted/used or replaced by a better solution	17:25
whoami-rajat__	second, if it's still used, is our method of validation mentioned above right?	17:25
knikolla	looking at the code	17:26
whoami-rajat__	also (if my question doesn't sound too dumb), what does is_admin_project signify? I've seen that being true in all the combinations of project and users	17:28
knikolla	is_admin_project was a previous attempt to solve the issue with admin on a project being admin everywhere, but we've deprecated that approach in favor of system scope for admin operations.	17:30
whoami-rajat__	ack. would be great to know if any project has used that feature for authorization	17:31
knikolla	whoami-rajat__: you mean the admin project or the new system scoping?	17:31
whoami-rajat__	system scoping	17:32
knikolla	nova has implemented it, but it's not enabled by default. keystone as well, but likewise, it's not enabled by default.	17:32
whoami-rajat__	ok. would refer nova for the same.	17:33
knikolla	in https://github.com/openstack/cinder/blob/be4a682890e6c5aeee0f34891a80bfbe2aab7c6a/cinder/api/contrib/quotas.py#L95 i'm not sure why you're checking if the scoped project has a parent (first half of the conditional)	17:33
*** ralonsoh_ has quit IRC		17:33
whoami-rajat__	knikolla: if it has a parent means it's not the root of the tree, and it should be the immediate parent of the target project	17:34
knikolla	ah, got it.	17:34
knikolla	if it is the root it doesn't matter if it's not the immediate parent of the target.	17:34
whoami-rajat__	yep, that's my understanding of this validation check	17:35
knikolla	i don't think any other project has validation checks in place to allow operations only on the immediate parent (or root)	17:35
knikolla	so this is something new to me.	17:36
whoami-rajat__	oh	17:36
whoami-rajat__	i thought this was the purpose of hierarchical projects	17:36
knikolla	i think we envisioned these sort of operations to be performed by the domain admin.	17:36
knikolla	lbragstad, gagehugo: correct me if i'm wrong on ^	17:37
whoami-rajat__	just for some more context, we're developing a new feature which will enable default types for each project. so this is the only validation in place in cinder	17:38
whoami-rajat__	to set, get or delete default types for a project	17:38
whoami-rajat__	If there's a better way to authorize this, would be great to know that	17:39
*** alistarle has joined #openstack-meeting-alt		17:39
knikolla	https://docs.openstack.org/keystone/latest/admin/service-api-protection.html	17:39
knikolla	this is how we envisioned the different permission levels that people may require	17:40
knikolla	in particular Domain Administrators	17:40
*** ralonsoh has joined #openstack-meeting-alt		17:41
whoami-rajat__	all this info exists in the context right?	17:41
lbragstad	oslo.context knows how to represent systme-scoped tokens, yes	17:42
knikolla	yes, a project has a domain_id, and the token would have either system-scope (for global admin) or domain-scope on that domain (for domain admin)	17:42
whoami-rajat__	I've one context dict that i took out while debugging the code	17:44
whoami-rajat__	http://paste.openstack.org/show/796184/	17:44
*** alistarle has quit IRC		17:44
knikolla	'project_domain_id': 'default'	17:44
knikolla	but ideally, you should use oslo.policy for the policy checking and not really need to do this in code manually	17:45
whoami-rajat__	yes, we use context.authorize but i guess it just authorizes the user is an admin or owner or ... depending on the policy in code	17:45
whoami-rajat__	https://github.com/openstack/cinder/blob/master/cinder/api/contrib/quotas.py#L171-L172	17:46
*** alistarle has joined #openstack-meeting-alt		17:46
whoami-rajat__	or maybe I've some limited understanding of the policies	17:48
knikolla	there is a popup team to help address this openstack-wide https://wiki.openstack.org/wiki/Consistent_and_Secure_Default_Policies_Popup_Team	17:49
knikolla	not sure if raildo is around	17:50
raildo	knikolla, o/	17:50
alistarle	Hi, about these oslo.limit review : https://review.opendev.org/#/c/733881/ then https://review.opendev.org/#/c/726929/, do we have any status ?	17:51
whoami-rajat__	knikolla: yeah Brian is the cinder liaison but has the same doubts as me :D	17:51
whoami-rajat__	knikolla: anyway, thanks a lot for all the information	17:51
whoami-rajat__	i will go through it and let you know if i have more doubts?	17:52
knikolla	whoami-rajat__: of course, this is definitely a longer discussion than just this meeting and should be tracked in an etherpad.	17:52
raildo	whoami-rajat__, we can talk about that on #openstack-keystone after the meeting, if you want to	17:52
whoami-rajat__	knikolla: raildo Thanks but it is very late here in India, 23:23 , can we discuss this tomorrow?	17:53
raildo	whoami-rajat__, for sure, just ping me whenever you see me online :)	17:54
whoami-rajat__	raildo: sure, thanks a lot :)	17:54
knikolla	alistarle: i can have a look at them, but they're not my area of expertise. I'd defer to either lbragstad or cmurphy on them.	17:56
alistarle	Good, I think at least the first one is pretty staightforward, and it is a requirement for the second, which is a requirement for glance integration :D	17:56
lbragstad	whoami-rajat__ if you need help with the policy work or understanding it, just let me know	17:58
whoami-rajat__	thanks lbragstad , sure :)	17:58
lbragstad	whoami-rajat__ i'd be happy to set aside some time and organize a high-bandwidth meeting if necessary	17:58
whoami-rajat__	i think Brian would be interested in that as well	17:59
knikolla	we used to have a weekly meeting just for policy stuff around 2 years ago.	17:59
knikolla	alright, we're out of time, off to #openstack-keystone.	18:00
knikolla	thanks all	18:00
knikolla	#endmeeting	18:00
whoami-rajat__	thanks everyone!	18:00
*** openstack changes topic to "OpenStack Meetings \|\| https://wiki.openstack.org/wiki/Meetings/"		18:00
openstack	Meeting ended Tue Jul 21 18:00:19 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	18:00
openstack	Minutes: http://eavesdrop.openstack.org/meetings/keystone/2020/keystone.2020-07-21-16.59.html	18:00
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/keystone/2020/keystone.2020-07-21-16.59.txt	18:00
openstack	Log: http://eavesdrop.openstack.org/meetings/keystone/2020/keystone.2020-07-21-16.59.log.html	18:00
*** ralonsoh has quit IRC		18:08
*** alistarle has quit IRC		18:14
*** diurnalist has quit IRC		18:24
*** vishalmanchanda has quit IRC		18:26
*** diurnalist has joined #openstack-meeting-alt		18:35
*** diurnalist has quit IRC		18:39
*** diurnalist has joined #openstack-meeting-alt		18:49
*** sangeet has joined #openstack-meeting-alt		19:35
*** sangeet has left #openstack-meeting-alt		19:35
*** vishakha has quit IRC		20:27
*** e0ne has quit IRC		20:27
*** ircuser-1 has joined #openstack-meeting-alt		20:40
*** raildo has quit IRC		21:08
*** rcernin_ has joined #openstack-meeting-alt		22:22
*** rcernin has joined #openstack-meeting-alt		22:34
*** bnemec has quit IRC		22:47
*** rdopiera has quit IRC		22:50

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!