Thursday, 2014-02-06

grapex	See everyone tomorrow	00:00
*** grapex has quit IRC		00:01
*** jcru has quit IRC		00:08
*** yogesh has joined #openstack-trove		00:11
*** cweid has quit IRC		00:18
*** demorris has joined #openstack-trove		00:19
*** matsuhashi has joined #openstack-trove		00:20
*** jmontemayor has quit IRC		00:22
*** yogesh has quit IRC		00:34
openstackgerrit	A change was merged to openstack/trove: Fixes resizes for volumes attached to active Nova servers https://review.openstack.org/65365	00:45
*** demorris has quit IRC		00:47
*** esp has left #openstack-trove		00:52
*** grapex has joined #openstack-trove		00:53
*** nosnos has joined #openstack-trove		00:56
*** grapex has quit IRC		01:09
*** igor has joined #openstack-trove		01:15
*** igor____ has quit IRC		01:16
*** esmute has quit IRC		01:22
*** tanisdl has quit IRC		01:23
*** saurabhs has quit IRC		01:33
*** freyes has joined #openstack-trove		01:33
*** amcrn has quit IRC		01:43
*** saurabhs has joined #openstack-trove		01:43
*** michael-yu has quit IRC		01:49
*** grapex has joined #openstack-trove		01:57
*** grapex has quit IRC		02:02
*** amytron has joined #openstack-trove		02:03
*** saurabhs has quit IRC		02:12
*** michael-yu has joined #openstack-trove		02:12
*** amrith has quit IRC		02:14
*** amrith has joined #openstack-trove		02:15
*** michael-yu has quit IRC		02:30
*** erkules has quit IRC		02:34
*** esp has joined #openstack-trove		02:35
*** harlowja has quit IRC		02:44
*** erkules has joined #openstack-trove		02:48
*** SushilKM has quit IRC		02:52
*** grapex has joined #openstack-trove		02:53
*** harlowja has joined #openstack-trove		02:55
*** freyes has quit IRC		02:57
*** doug_shelley66 has quit IRC		03:00
*** yogesh has joined #openstack-trove		03:20
*** yogesh has quit IRC		03:25
openstackgerrit	Craig Vyvial proposed a change to openstack/trove: adding configuration group support https://review.openstack.org/53168	03:28
*** amrith has quit IRC		04:03
openstackgerrit	Mat Lowery proposed a change to openstack/trove: Get service endpoints from catalog https://review.openstack.org/68015	04:14
*** jcooley_ has quit IRC		04:43
openstackgerrit	Craig Vyvial proposed a change to openstack/trove: adding configuration group support https://review.openstack.org/53168	04:47
*** michael-yu has joined #openstack-trove		04:49
*** doug_shelley66 has joined #openstack-trove		04:57
*** doug_shelley66 has quit IRC		05:01
*** nosnos_ has joined #openstack-trove		05:02
*** harlowja has quit IRC		05:05
*** nosnos has quit IRC		05:06
*** harlowja has joined #openstack-trove		05:14
*** ViswaV has quit IRC		05:26
*** edmund1 has quit IRC		05:29
*** jcooley_ has joined #openstack-trove		05:49
*** denis_makogon has joined #openstack-trove		06:00
*** amytron has quit IRC		06:03
*** matsuhashi has quit IRC		06:07
*** matsuhashi has joined #openstack-trove		06:07
*** matsuhas_ has joined #openstack-trove		06:09
*** matsuhashi has quit IRC		06:09
*** jcooley_ has quit IRC		06:11
*** igor has quit IRC		06:18
*** igor has joined #openstack-trove		06:18
*** grapex has quit IRC		06:24
*** jcooley_ has joined #openstack-trove		06:24
*** denis_makogon_ has joined #openstack-trove		06:24
*** denis_makogon has quit IRC		06:26
*** krow has quit IRC		06:39
*** nosnos has joined #openstack-trove		06:40
*** yogesh has joined #openstack-trove		06:42
*** nosnos_ has quit IRC		06:42
*** krow has joined #openstack-trove		06:50
*** krow has quit IRC		06:54
*** michael-yu_ has joined #openstack-trove		06:56
*** krow has joined #openstack-trove		06:56
*** michael-yu has quit IRC		06:57
*** michael-yu_ is now known as michael-yu		06:57
*** grapex has joined #openstack-trove		06:59
*** krow has quit IRC		07:00
*** krow has joined #openstack-trove		07:01
*** yogesh has quit IRC		07:03
*** krow1 has joined #openstack-trove		07:03
*** grapex has quit IRC		07:04
*** esmute has joined #openstack-trove		07:04
*** krow has quit IRC		07:06
*** PradeepChandani_ has quit IRC		07:17
*** PradeepChandani_ has joined #openstack-trove		07:17
*** harlowja is now known as harlowja_away		07:23
*** flaper87\|afk is now known as flaper87		07:39
*** denis_makogon_ has quit IRC		07:55
*** grapex has joined #openstack-trove		08:00
*** grapex has quit IRC		08:04
*** grapex has joined #openstack-trove		09:00
*** grapex has quit IRC		09:05
*** igor_ has joined #openstack-trove		09:30
*** igor has quit IRC		09:32
*** jcooley_ has quit IRC		09:32
*** michael-yu has quit IRC		09:42
*** michael-yu has joined #openstack-trove		09:47
*** michael-yu has quit IRC		09:48
*** grapex has joined #openstack-trove		10:01
*** krow1 has quit IRC		10:03
*** grapex has quit IRC		10:05
*** krow has joined #openstack-trove		10:14
*** krow has quit IRC		10:19
*** krow has joined #openstack-trove		10:20
*** krow1 has joined #openstack-trove		10:24
*** krow has quit IRC		10:24
*** denis_makogon has joined #openstack-trove		10:46
*** PradeepChandani_ has quit IRC		11:01
*** grapex has joined #openstack-trove		11:01
*** grapex has quit IRC		11:06
*** krow1 has quit IRC		11:10
*** AndroUser has joined #openstack-trove		11:21
*** AndroUser has quit IRC		11:55
*** AndroUser has joined #openstack-trove		11:56
*** AndroUser has quit IRC		11:56
*** SnowDust has joined #openstack-trove		11:57
*** AndroUser has joined #openstack-trove		12:01
*** grapex has joined #openstack-trove		12:02
*** doug_shelley66 has joined #openstack-trove		12:04
*** grapex has quit IRC		12:06
*** amrith has joined #openstack-trove		12:08
*** AndroUser has quit IRC		12:20
*** AndroUser has joined #openstack-trove		12:21
openstackgerrit	Denis M. proposed a change to openstack/trove: Security groups workflow update https://review.openstack.org/50944	12:25
*** robertmy_ has joined #openstack-trove		12:25
*** robertmyers has quit IRC		12:25
*** jcooley_ has joined #openstack-trove		12:26
*** SnowDust has quit IRC		12:28
openstackgerrit	Denis M. proposed a change to openstack/trove: Security groups workflow update https://review.openstack.org/50944	12:29
openstackgerrit	Denis M. proposed a change to openstack/trove-integration: Add support for minimal MongoDB testing https://review.openstack.org/53378	12:30
*** jcooley_ has quit IRC		12:31
*** AndroUser has quit IRC		12:40
*** AndroUser has joined #openstack-trove		12:40
*** jcru has joined #openstack-trove		12:44
*** igor has joined #openstack-trove		12:45
*** igor_ has quit IRC		12:46
*** SnowDust has joined #openstack-trove		12:52
openstackgerrit	Denis M. proposed a change to openstack/trove: Allow db instance conditional logging https://review.openstack.org/63789	13:01
*** grapex has joined #openstack-trove		13:03
*** pdmars has joined #openstack-trove		13:04
*** freyes has joined #openstack-trove		13:06
*** grapex has quit IRC		13:07
denis_makogon	http://vk.com/makphotos?w=wall-36488060_237	13:08
*** AndroUser has quit IRC		13:09
*** jimbobhickville has joined #openstack-trove		13:10
*** amrith has quit IRC		13:15
*** freyes has quit IRC		13:16
openstackgerrit	shivam shukla proposed a change to openstack/trove: Tests for heat based instance workflow https://review.openstack.org/66499	13:29
openstackgerrit	Denis M. proposed a change to openstack/trove: Security groups workflow update https://review.openstack.org/50944	13:46
openstackgerrit	Denis M. proposed a change to openstack/trove: Track security group provisioned by heat https://review.openstack.org/71040	13:47
*** SnowDust has quit IRC		13:50
*** doug_shelley66 has quit IRC		13:50
*** yidclare has quit IRC		13:54
denis_makogon	sorry for link above, wrong chat	13:55
*** jcooley_ has joined #openstack-trove		13:57
*** jcooley_ has quit IRC		14:03
*** grapex has joined #openstack-trove		14:03
*** robertmy_ has quit IRC		14:03
*** grapex has quit IRC		14:08
*** SnowDust has joined #openstack-trove		14:08
*** edmund has joined #openstack-trove		14:12
*** demorris has joined #openstack-trove		14:15
openstackgerrit	Denis M. proposed a change to openstack/trove: Allow db instance conditional logging https://review.openstack.org/63789	14:16
*** michael-yu has joined #openstack-trove		14:29
*** Barker has joined #openstack-trove		14:29
*** robertmyers has joined #openstack-trove		14:31
*** edmund has quit IRC		14:32
*** edmund has joined #openstack-trove		14:35
*** doug_shelley66 has joined #openstack-trove		14:52
*** amrith has joined #openstack-trove		14:58
*** amrith has quit IRC		15:02
*** Barker has quit IRC		15:03
*** amrith has joined #openstack-trove		15:03
*** grapex has joined #openstack-trove		15:04
*** SnowDust has quit IRC		15:08
*** ViswaV has joined #openstack-trove		15:15
*** matsuhas_ has quit IRC		15:17
*** nosnos has quit IRC		15:21
*** kevinconway has joined #openstack-trove		15:22
*** ViswaV has quit IRC		15:24
*** datsun180b has joined #openstack-trove		15:33
*** Barker has joined #openstack-trove		15:38
*** tanisdl has joined #openstack-trove		15:40
*** jcooley_ has joined #openstack-trove		15:46
*** jcooley_ has quit IRC		15:53
*** michael-yu has quit IRC		15:54
*** shakayumi has joined #openstack-trove		15:54
*** michael-yu has joined #openstack-trove		15:59
*** doug_shelley66 has quit IRC		16:04
*** plodronio_ has joined #openstack-trove		16:05
*** ViswaV has joined #openstack-trove		16:05
*** doug_shelley66 has joined #openstack-trove		16:06
*** plodronio has quit IRC		16:06
*** plodronio_ is now known as plodronio		16:06
*** ViswaV has quit IRC		16:06
*** ViswaV has joined #openstack-trove		16:06
*** ViswaV has quit IRC		16:09
*** ViswaV_ has joined #openstack-trove		16:09
*** ViswaV_ has quit IRC		16:10
*** ViswaV has joined #openstack-trove		16:10
*** jmontemayor has joined #openstack-trove		16:13
*** jmontemayor has quit IRC		16:14
*** shakayumi has quit IRC		16:14
*** jmontemayor has joined #openstack-trove		16:15
*** jcooley_ has joined #openstack-trove		16:30
*** jasonb365 has joined #openstack-trove		16:30
*** amrith has quit IRC		16:42
*** michael-yu has quit IRC		16:48
openstackgerrit	Denis M. proposed a change to openstack/trove: Security groups workflow update https://review.openstack.org/50944	16:50
*** jcooley_ has quit IRC		16:56
denis_makogon	mat-lowery, ping	16:56
mat-lowery	hello denis_makogon	16:57
denis_makogon	mat-lowery, hi	16:57
*** jcooley_ has joined #openstack-trove		16:57
denis_makogon	last patch landed, and i suppose, that this one is the last	16:57
denis_makogon	mat-lowery, btw, just letting you know TroveError object doesn't contain status code attribute	16:58
denis_makogon	mat-lowery, there's a policy for exceptions, dictated by oslo-incubator(OpenStackException)	16:59
*** jmontemayor has quit IRC		17:00
*** jmontemayor has joined #openstack-trove		17:00
*** michael-yu has joined #openstack-trove		17:01
*** freyes has joined #openstack-trove		17:03
mat-lowery	denis_makogon: Just saw your comments. I was proposing a status code in the new MalformedSecurityGroupRuleError as a compromise between two extremes: one MalformedSecurityGroupRuleError class everywhere with different error messages vs. Error class per fine-grained problem (in the case of above patch set: 3 Error classes). This compromise keeps the class count down while avoiding the parsing of error messages in tests. If	17:04
mat-lowery	OpenStackException forbids status codes, then that's another story.	17:04
denis_makogon	mat-lowery, as i said not so long ago, populating error classes - bad idea	17:06
denis_makogon	we need to keep everything simple and fast	17:07
denis_makogon	mat-lowery, its tests only, you run it once, no big deal	17:07
*** kiall has quit IRC		17:08
mat-lowery	denis_makogon: My point is only that ideally, changing an error message shouldn't break tests. And if by "populating error classes" you mean an explosion in the number of exception classes, then that is precisely what a status code is meant to address. My two cents. Thanks for the feedback!	17:11
denis_makogon	mat-lowery, ideally, we need to have separate class for taskmanager exception, api exception, guest exceptions	17:12
denis_makogon	Error message are what we need	17:13
mat-lowery	denis_makogon: gotcha. thanks	17:15
*** krow has joined #openstack-trove		17:15
denis_makogon	mat-lowery, thanks for keeping eye on patches	17:16
*** michael-yu has quit IRC		17:17
*** Barker has quit IRC		17:26
*** doug_shelley66 has quit IRC		17:27
*** krow has quit IRC		17:28
*** doug_shelley66 has joined #openstack-trove		17:37
*** krow has joined #openstack-trove		17:38
*** jcooley_ has quit IRC		17:41
*** jcooley_ has joined #openstack-trove		17:42
*** krow1 has joined #openstack-trove		17:43
*** krow has quit IRC		17:44
*** jmontemayor has quit IRC		17:57
*** harlowja_away is now known as harlowja		17:59
*** jasonb365 has quit IRC		17:59
*** jmontemayor has joined #openstack-trove		18:02
*** jasonb365 has joined #openstack-trove		18:03
openstackgerrit	Denis M. proposed a change to openstack/trove: Security groups workflow update https://review.openstack.org/50944	18:05
*** amcrn has joined #openstack-trove		18:06
*** Barker has joined #openstack-trove		18:08
juice	eh hem (https://review.openstack.org/#/c/66063/)	18:17
juice	hub_cap, grapex ^ ^	18:17
hub_cap	hey juice i need to spend a day focused on fixing my email client	18:18
hub_cap	so im layin low on reviews till this evernin	18:18
hub_cap	denis_makogon: hey dude	18:18
juice	okie doke	18:18
juice	this patch may need to be rebased based on pdmars recently merged patch	18:18
hub_cap	i coudlnt get the trove-integration code to publish the glance image last night, i rebased your trove-integration c* review too	18:19
hub_cap	can u look into it?	18:19
hub_cap	ill try again this afternoon denis_makogon	18:19
*** amrith has joined #openstack-trove		18:20
*** jcooley_ has quit IRC		18:21
openstackgerrit	Denis M. proposed a change to openstack/trove-integration: Initial support for single instance Cassandra Database https://review.openstack.org/52666	18:24
denis_makogon	hub_cap, ok, i changed commit description	18:24
openstackgerrit	Denis M. proposed a change to openstack/trove-integration: Initial support for single instance Cassandra Database https://review.openstack.org/52666	18:25
*** yogesh has joined #openstack-trove		18:32
*** igor has quit IRC		18:40
*** yidclare has joined #openstack-trove		18:41
*** igor has joined #openstack-trove		18:44
*** Ranjitha has joined #openstack-trove		18:53
*** tanisdl has quit IRC		18:55
*** jcooley_ has joined #openstack-trove		18:58
*** kiall has joined #openstack-trove		19:24
openstackgerrit	Craig Vyvial proposed a change to openstack/trove: adding configuration group support https://review.openstack.org/53168	19:29
*** tanisdl has joined #openstack-trove		19:31
*** jcooley_ has quit IRC		19:35
*** jcooley_ has joined #openstack-trove		19:36
*** jcooley_ has quit IRC		19:40
*** jcooley_ has joined #openstack-trove		19:41
*** SushilKM has joined #openstack-trove		19:42
SushilKM	hey	19:43
SushilKM	was luking into root-show api and ..... I think that though it says that is_root_enabled but it means actually checking any historical root enablements ....	19:44
*** jcooley_ has quit IRC		19:45
SushilKM	also guestagent_api.is_root_enabled is not called anywhere to decide root enable status	19:47
SushilKM	so wisely, would we like to add a date to confirm that historical root enabled, hw do we see that ....	19:49
*** jcooley_ has joined #openstack-trove		19:50
hub_cap	SushilKM: im not sure what you are proposing, but it cannot break the current api :)	19:54
* hub_cap goes back to setting up gnus		19:54
SushilKM	let me expalin a bit	19:54
*** jcooley_ has quit IRC		19:56
SushilKM	root-show api uses https://github.com/openstack/trove/blob/master/trove/extensions/mysql/models.py#L189 to find root has been enabled or not	19:56
SushilKM	this checks basically in the root-history if root was ever enabled	19:57
*** jcooley_ has joined #openstack-trove		19:57
SushilKM	because if someone enables it and then deletes the root user from system, root-show wud still show as true, I agree that behind the scens before deleting the root user the user must have done something to make his way	19:58
SushilKM	so it seems we want to show using root-show api is if root was ever enabled on this instance	20:00
SushilKM	in history	20:00
*** jasonb365 has quit IRC		20:02
denis_makogon	hub_cap, i hope, cassandra and mongo would reach codebase soon	20:04
*** jmontemayor has quit IRC		20:04
*** jasonb365 has joined #openstack-trove		20:05
*** Barker has quit IRC		20:05
denis_makogon	guys, i'm out, gonna be reachable soon, in 1-2h	20:05
*** demorris has quit IRC		20:07
*** jasonb365 has quit IRC		20:09
*** jmontemayor has joined #openstack-trove		20:12
*** jcooley_ has quit IRC		20:12
*** michael-yu has joined #openstack-trove		20:12
*** jcooley_ has joined #openstack-trove		20:12
SushilKM	how do u see that hub_cap	20:14
*** Barker has joined #openstack-trove		20:15
hub_cap	denis_makogon: once i get things working well it will be merged :)	20:15
datsun180b	is_root_enabled is did_i_find_at_least_one_instance_of_the_user_enabling_root	20:16
*** grapex_ has joined #openstack-trove		20:17
SushilKM	so, how do u see if we show a date to when was it enabled last	20:17
hub_cap	im not sure it matters	20:18
datsun180b	i forget but i thought the mgmt api gave it in higher detail	20:18
hub_cap	it does datsun180b	20:18
hub_cap	it gives the date as well	20:18
datsun180b	so there you go	20:18
SushilKM	oh really	20:18
hub_cap	i dont think weve had any users who have asked when they had it enabled tho	20:18
datsun180b	the purpose was to function like a tamper-proof seal for support purposes	20:19
SushilKM	yeah, but i was doing it the way that i enabled root then dropped root user back in database, and whn i used root-show it was still showing me root is enabled	20:19
SushilKM	and i was complaininng for that	20:19
*** demorris has joined #openstack-trove		20:19
datsun180b	right, if you open a jar of pickles once you can't hermetically seal the jar again unless you own a pickle factory	20:19
SushilKM	then i found it was to show my historical root enable ....	20:19
*** grapex has quit IRC		20:20
datsun180b	if you enable root and then erase all trace of ever having enabled root it makes it difficult to support an instance	20:20
SushilKM	so, wat i wanted to was to add a date for last enable so that i do not complain it ....	20:20
datsun180b	iirc "Never" was the default	20:21
datsun180b	and "Nobody" to go with it	20:21
datsun180b	sorry, would you explain what you meant with that last bit?	20:21
SushilKM	i meant when we use show-root it shows is_root_enable = true	20:22
datsun180b	oh so you just want to muck with the return type for that method?	20:23
datsun180b	weeeeell i wonder if it doesn't count as violating the contract if you return _more_ than what is stated	20:24
datsun180b	so if you returned {enabled: True, when=<some date>} i can't see any client exploding for that	20:24
SushilKM	cool, so shall i make that	20:25
datsun180b	i'm working on a similar change to user access/grant/revoke	20:25
*** grapex_ has quit IRC		20:25
datsun180b	and you probably want core to lean in on that to make sure before you start	20:25
SushilKM	so cores, how do u see that	20:25
*** grapex has joined #openstack-trove		20:26
SushilKM	http://paste.openstack.org/show/62872/ is what i wanna do	20:29
SushilKM	please suggest, if that looks good to go ahead	20:29
*** krast has quit IRC		20:30
*** freyes has quit IRC		20:31
datsun180b	how would that look in json? do we have any other examples of cli output in three columns?	20:32
SushilKM	did not checked that	20:33
SushilKM	but research cud be mad	20:33
hub_cap	yea cli output is generally not what i want to see when talking about api changes	20:33
hub_cap	fwiw, i think we all know yer talking about adding a field to the root call	20:34
SushilKM	huh	20:34
datsun180b	it's really the api's schema we have the contract with	20:34
hub_cap	to show the enabled date	20:34
datsun180b	the cli can do whatever we like	20:34
hub_cap	exactly	20:34
SushilKM	or if column does not works with then we can think to add in form of a row, my first idea is to have a date	20:35
datsun180b	so when do we start talking about the next version of the api so i can take a chainsaw to the users methods	20:35
hub_cap	datsun180b: :D	20:35
datsun180b	SushilKM: how about {'enabled': True, 'when': <ten minutes ago>}	20:35
hub_cap	SushilKM: http://docs.rackspace.com/cdb/api/v1.0/cdb-devguide/content/GET_isRootEnabled__version___accountId__instances__instanceId__root_Database_Instances.html	20:36
hub_cap	look at the examples there	20:36
hub_cap	we do not discuss thigns in terms of how the cli outputs it	20:36
hub_cap	we show like how datsun180b is displaying it	20:36
hub_cap	i guess i dont see any harm in adding the date	20:36
hub_cap	and calling it, say, 'enabled'	20:37
hub_cap	but we shoudl get buyin from other people as well :)	20:37
datsun180b	well if the date's there then clearly it's been enabled	20:37
datsun180b	similar to 'created' fields elsewhere	20:37
hub_cap	sure but lets say for audit purposes	20:37
hub_cap	like if a user wants to know when his admin enabled it...?	20:37
hub_cap	i dunno	20:37
datsun180b	well in that case we better add a "by" field	20:38
datsun180b	even if it was done on behalf of another user	20:38
datsun180b	and on that note why not slide all the way down the slippery slope and keep the user-agent, and i'm being serious btw	20:38
hub_cap	datsun180b: we already have the date yo, we can display that :)	20:39
datsun180b	well if you want to go full audit	20:39
hub_cap	and we dont allow trusts / impersonation	20:39
hub_cap	so we cant do 'by'	20:39
datsun180b	_yet_	20:39
hub_cap	i think keystone v3 can	20:39
SushilKM	we have the dates in the tables	20:39
datsun180b	that's true	20:39
hub_cap	but i dont kjnwo fo sure	20:39
hub_cap	i tend to not kjnwo things, in general	20:39
datsun180b	one must first unkjnwo everying before one can truly begin to kjnwo oneself	20:40
datsun180b	typos abound	20:40
datsun180b	well unless i'm mistaken SushilKM the rule i've seen so far is you can't remove anything from a response or add new requirements to a request	20:41
SushilKM	hey hub_cap r u playing with ur kjnwoledge :P	20:41
datsun180b	compatibility is the concern	20:43
ViswaV	SushilKM: the data is there in the table, the mgmt api returns it, are you only asking whether to enhance to cli output to also show an extra column with the date information (to know when it was enabled on? ) ?	20:44
ViswaV	for examples of CLI showing more than two columns look at "nova list" output.	20:44
ViswaV	It shows 6 columns	20:44
openstackgerrit	Paul Lodronio proposed a change to openstack/trove: Adding additional datastore tests https://review.openstack.org/70296	20:45
datsun180b	cool, there you go	20:46
SushilKM	i wud say yes @VishwaV, it could be column or a row but wanted to see the date as a user ....	20:47
ViswaV	SushilKM: The second part of your concern (which is why you want to show this 'enabled on' information) is because you wiped out the root user by logging into DB in the background….and the trove root-show does not reflect that. Not sure if that is a valid thing to 'sync' up to trove DB. We do report back service status…. but root user status… probably not. The same thing probably applies for DB … you can "trove database-create" and	20:49
ViswaV	then in the background go behind the scenes and delete the db from mysql. I don't think "trove database-list" will probably still show you that db which no longer exists in the mysql now. Should it reflect the accurate state for operations done outside the context of Trove? I donno...	20:49
ViswaV	SushilKM: It should be a column since it is 'peer' field to the others coming from the same table.	20:50
datsun180b	dbs and users and grants are all pulled from the instance, we don't store them in a second place	20:50
datsun180b	if you delete a user or db you delete it	20:50
SushilKM	ur point about databases create-delete-list is fine ... but with root what happens is i can do anything in background and do a cleanup, but the provider needs to ensure and suggest that root was enabled	20:51
SushilKM	which currently show root api does	20:51
datsun180b	the root history is kept as a table on the host specifically to prevent someone from enabling root, mucking about, and then 'disabling' root	20:51
SushilKM	wanted it to show the date also about when was it enabled	20:52
ViswaV	datsun180b: makes sense about the databases, users.	20:52
*** demorris has quit IRC		20:52
*** Barker has quit IRC		20:54
*** mattgriffin has quit IRC		20:54
ViswaV	On contrary example to SushilKM's situation…… if someone accidentally (or purposefully) enabled root user after directly logged into DB instance and not using trove… the trove root-show I am guessing would not reflect that fact and give out false info (that it is not enabled) , thusly not giving a key insight to DB admins on a critical hole that was left open (accidentally or willfully) on their DB instance.	20:55
*** jimbobhickville has quit IRC		20:55
datsun180b	sorry, got to take off. you guys sound like you've got a handle on things	20:56
*** datsun180b has quit IRC		20:56
ViswaV	Should the guest agent status monitoring , actively monitor all root users and report them back on a periodic basis?	20:56
amcrn	there's already been discussions on having a true root enabled history (multiple rows vs. updating a single), and there's also been discussion on unifying created/updated/deleted_at across the tables to provide a consistent experience	20:56
amcrn	not sure if they made it into bps/issues though	20:56
*** Ranjitha has quit IRC		20:57
SushilKM	one cannot enable directly the root user	20:57
SushilKM	i suppose that	20:57
*** ViswaV has quit IRC		20:57
*** ViswaV has joined #openstack-trove		20:58
ViswaV	amcrn: what about active monitoring of root users (by the guest agents) to monitor/detect root (or other) user creations not done via trove… is there any value in such a feature?	20:58
*** demorris has joined #openstack-trove		20:58
amcrn	ViswaV: i don't see any, but i haven't heard anyone ask for it	20:59
ViswaV	ok	20:59
*** amytron has joined #openstack-trove		20:59
*** denis_makogon_ has joined #openstack-trove		21:00
*** ViswaV has quit IRC		21:00
*** denis_makogon has quit IRC		21:01
*** denis_makogon_ is now known as denis_makogon		21:01
denis_makogon	i'm in	21:01
*** ViswaV has joined #openstack-trove		21:01
*** dmakogon_ has joined #openstack-trove		21:01
*** ViswaV has quit IRC		21:02
*** amrith has quit IRC		21:02
*** ViswaV has joined #openstack-trove		21:03
*** amrith has joined #openstack-trove		21:03
denis_makogon	vipul, SlickNik , ping, i'd like to talk about https://review.openstack.org/#/c/70773/	21:04
*** Barker has joined #openstack-trove		21:05
denis_makogon	imsplitbit, ping	21:06
vipul	denis_makogon	21:06
vipul	denis_makogon: what's up	21:06
denis_makogon	goodday	21:06
denis_makogon	nice 2 see you here	21:06
vipul	likewise denis_makogon :)	21:06
denis_makogon	vipul, i hope you read last comments	21:06
SlickNik	denis_makogon: Sure, let me check the review.	21:07
denis_makogon	yes, sure	21:07
SlickNik	So denis_makogon: I'm trying to understand what's driving the requirement for these validators.	21:08
*** mattgriffin has joined #openstack-trove		21:09
denis_makogon	SlickNik, basicaly validation based upon mysql models	21:09
denis_makogon	like User	21:10
denis_makogon	Schema	21:10
SlickNik	You're adding validators for redis; but then they're not really needed or implemented for redis. (All they are doing is returning None).	21:10
denis_makogon	Yes	21:11
*** amytron has quit IRC		21:11
SlickNik	So then I'm not entirely sure what the point of the change is.	21:11
vipul	I still feel like this sort of datastore specific validation should not be a concern of the Trove API -- leaving it further down at the guest allows a deployer to override what is considered valid	21:11
denis_makogon	redis doesnt support users/schemes	21:11
*** mattgriffin has quit IRC		21:11
denis_makogon	vipul, as i remember we decided to keep guest simple	21:11
SlickNik	denis_makogon: If redis doesn't support it, why add an artificial construct (validators) for it?	21:12
denis_makogon	SlickNik, before capabilities, users are allowed to pass any data to API service	21:12
vipul	sure but the sort of validation that we do at the API layer should be json schema based.. nothing more	21:12
*** ViswaV has quit IRC		21:12
vipul	if you want to make a change to the json schema, then i might be ok with that	21:13
denis_makogon	and without pluggablity create call would fail	21:13
*** ViswaV has joined #openstack-trove		21:13
vipul	but we need to provide an easy way to extend what is considered valid	21:13
denis_makogon	if there's incorrect format for users/schemes	21:13
SlickNik	Sure, and the datastore can decide to honor the extension args or not depending on whether it supports it or not.	21:13
denis_makogon	that is why i made such change, basicaly redis validation will pass in any way, even if data is malformed'	21:14
denis_makogon	SlickNik, unfortunately, capabilities is far-far away from now	21:14
denis_makogon	not even in I release	21:15
SlickNik	denis_makogon: How would you consider this malformed data. It would be an extra, unsupported argument, but that hardly constitutes malformed data.	21:15
*** jasonb365 has joined #openstack-trove		21:15
SlickNik	Vipul, I tend to agree with you in that I think the datastore should decide whether it needs to do anything with this information or not. It's probably overkill to have a separate extension decide which arguments are supported for which datastores.	21:18
denis_makogon	SlickNik, each datastore will have a set of validators for ingress data	21:18
SlickNik	denis_makogon: Why?	21:19
denis_makogon	SlickNik, because mysql already have them	21:19
denis_makogon	SlickNik, mysql validators will be the problem for mongo, postgressql users/schemes	21:21
denis_makogon	SlickNik, in general this topic came from unflexible extenstions	21:21
denis_makogon	users/schemes	21:21
denis_makogon	how is that possible to work with mongo users through mysql service	21:22
denis_makogon	same problem with mysql validation/population on prepare call	21:23
denis_makogon	i mean create call	21:23
SlickNik	We can cross that when we need to do mongo validation. I don't see a mongo validator in that changeset.	21:23
vipul	how about refactoring this code to not validate at the API layer	21:23
SlickNik	Right now, redis doesn't _need_ validation, so this doesn't buy us anything.	21:23
denis_makogon	vipul, how ?	21:24
vipul	it's actually pretty bad right now.. the extensions.mysql.common.populate_validated_databases() uses the guest agent models to validate user name	21:24
vipul	which means that once guest is split out.. this code will need to be duplicated	21:24
vipul	so let's not validate the username at the API layer.. and let's defer the validation to the Guest..	21:24
SlickNik	Yeah, I agree vipul. I think we need to think about how to support this per datastore and not as extensions (common across datastores).	21:25
SlickNik	And the easiest way to support this per datastore is to actually have the datastore (guestagent) pieces do the validation.	21:25
denis_makogon	SlickNik, so, you mean to pass data from cli through api, taskmanager to guest without any validations ?	21:26
vipul	SlickNik, denis_makogon: the only side effect is on the create all-in-one call where we might fail to create due to invalid names	21:26
vipul	should that be an error or just partially provisioned	21:27
hub_cap	this is why we should just remove users	21:27
hub_cap	:)	21:27
denis_makogon	seems like it should be partially provisioned	21:27
*** jcooley_ has quit IRC		21:28
denis_makogon	hub_cap, and schemes =)	21:28
hub_cap	:)	21:28
hub_cap	but that cant happen for a while	21:28
hub_cap	we just wont put em in the v2 api i think heh	21:28
denis_makogon	yeah	21:28
denis_makogon	al least 2 release cycles	21:28
denis_makogon	hub_cap, i agree	21:29
*** jcooley_ has joined #openstack-trove		21:29
denis_makogon	it would be easier to drop them from guest	21:29
denis_makogon	i know we talked about this topic in general, but what do you think about this one https://review.openstack.org/#/c/70742/ ?	21:30
denis_makogon	without taking into account future capabilities	21:31
denis_makogon	this two reviews are related to heat stuff in trove - https://review.openstack.org/#/c/67873/ \|\|\|\| https://review.openstack.org/#/c/71040/	21:32
hub_cap	well denis_makogon i wonder, why should we continue to develop on the extensions if we all know we are removing it?	21:32
hub_cap	aka, shoudl we ever have a c* /users or a mongo /users	21:32
hub_cap	especially if we are going to remove future functionality	21:32
denis_makogon	hub_cap, c* would never have users =)	21:33
denis_makogon	hub_cap, but it's in future	21:33
kevinconway	denis_makogon: cassandra has user/pass auth	21:33
denis_makogon	but now it would cause error	21:33
denis_makogon	kevinconway, have you tried to register a user in cassandra ?	21:33
kevinconway	you mean edit YAML?	21:33
hub_cap	denis_makogon: thats why im saying to u, if nothing else has users, why make it pluggable?	21:34
*** Ranjitha has joined #openstack-trove		21:34
hub_cap	thats just more code to make something we will never use	21:34
denis_makogon	kevinconway, not yaml, access.properties, security.properties	21:34
kevinconway	its a flat file with USER=PASS	21:34
kevinconway	just curious why you don't use it is all	21:35
denis_makogon	kevinconway, after each addition server _must_ be restarted	21:35
kevinconway	so it's not that cassandra doesn't have users. you just don't want to use them?	21:35
denis_makogon	kevinconway, in production cassandra ACL organized with LDAP, EC2, Trusts	21:35
*** amrith has quit IRC		21:36
denis_makogon	kevinconway, have you ever seen production cassandra cluster deployment ? downtime is not acceptable	21:36
denis_makogon	and access.properties should be updated on each node	21:36
denis_makogon	suppose you have 1k nodes	21:37
kevinconway	denis_makogon: easy, restart them all at once	21:37
denis_makogon	Gossip protocol works only with data	21:37
kevinconway	like removing a bandage	21:37
denis_makogon	kevinconway, lol, this is not production way at all	21:37
denis_makogon	downtime is huge, data migration, version management will take a lot time	21:38
*** amrith has joined #openstack-trove		21:38
kevinconway	so it's that the user/pass auth is not used for cassandra except for testing	21:38
denis_makogon	yes	21:38
denis_makogon	simple auth never used in production	21:39
kevinconway	what is the default auth system then?	21:39
kevinconway	if i created a trove cassandra, how would i get in?	21:39
denis_makogon	it accepts all connections	21:39
kevinconway	wow, so no auth	21:39
denis_makogon	use LDAP	21:40
denis_makogon	thats all	21:40
kevinconway	so is it fair to say that cassandra can't have users at all?	21:40
kevinconway	what if i really wanted it and made the user calls pull from and save to LDAP?	21:40
denis_makogon	anyway, production grade cluster deployment doesn't use cassandra ACL, because it bad	21:43
denis_makogon	production also accepts firewall based access	21:44
denis_makogon	hub_cap, so, you say leave it as it is before it dropped ?	21:45
hub_cap	denis_makogon: the extensions stuff?	21:45
denis_makogon	hub_cap, yeag	21:45
denis_makogon	yeah	21:45
hub_cap	id rather it _fixed_ to be like other extensions	21:45
hub_cap	aka	21:45
hub_cap	fix the common code	21:45
hub_cap	that runs / exposes / turns on/off extensions	21:46
hub_cap	nova/cinder/etc.. have a good plugin model	21:46
hub_cap	but i dont want to really tackle that before other teams have tackled wsme	21:46
kevinconway	are db calls an extension like users?	21:46
denis_makogon	yes	21:47
hub_cap	ya	21:47
kevinconway	and our plan is to keep users and db extensions?	21:47
kevinconway	not make them part of the core api?	21:47
denis_makogon	kevinconway, yes, until API v2	21:47
denis_makogon	kevinconway, no, they are extensions	21:47
denis_makogon	kevinconway, DBaaS should not deal with users/schemes	21:48
denis_makogon	kevinconway, take a look at RDS	21:48
denis_makogon	and take a look at DynamoDB	21:48
kevinconway	hub_cap: i'm trying really hard not to talk about this	21:48
hub_cap	kevinconway: i know :)	21:48
hub_cap	lets go w/ dont toucn anything till v	21:48
hub_cap	v2	21:48
hub_cap	we can discuss it all in the future :)	21:48
kevinconway	yeah i've got no complain with extensions in v1	21:49
denis_makogon	but the future is far away =)	21:49
denis_makogon	it means that i need to abandon this patches, sad =(	21:49
denis_makogon	hub_cap, any luck with mongo/cassandra testing ?	21:51
amcrn	denis_makogon: i'm seeing prepare() finish, but it's still flipping to error for Cassandra	21:51
denis_makogon	and how about enabling gating for test group	21:51
denis_makogon	amcrn, link ?	21:51
denis_makogon	amcrn, could you please post a log file	21:52
denis_makogon	amcrn, which flavor did you used ?	21:53
amcrn	https://gist.github.com/anonymous/f49a27fc75adfb682d29	21:55
amcrn	my first hunch is the timeout is the problem	21:55
denis_makogon	amcrn, no	21:55
denis_makogon	please post /var/log/cassandra/system	21:56
denis_makogon	/var/log/cassandra/system.log	21:56
*** demorris has quit IRC		21:57
*** doug_shelley66 has quit IRC		21:57
denis_makogon	amcrn, so ?	21:59
denis_makogon	due to slow env, cassandra service getting up slowly	21:59
denis_makogon	how many RAM did you reserve for redstack VM ?	22:00
amcrn	see my truncated reply to the original gist, cassandra came up just fine	22:00
denis_makogon	instance should be ACTIVE	22:00
denis_makogon	there's no stacktraces, guest didn't marked instance with ERROR	22:01
denis_makogon	exec timeout doesn't causes exceptions, it's only timeout	22:02
denis_makogon	i'd suggest to reserv for redstack VM at leat 8GB RAM or above	22:03
denis_makogon	with 2 CPU cores	22:03
hub_cap	http://developer.rackspace.com/blog/welcome-to-performance-cloud-servers-have-some-benchmarks.html	22:04
hub_cap	i use Performance1-8 denis_makogon	22:04
hub_cap	thas good eh? 8gb, 8 vcpu	22:04
vgnbkr	Sorry, just catching up, but thought I'd throw in my $0.02 about the user thing.	22:05
*** shakayumi has joined #openstack-trove		22:05
hub_cap	vgnbkr: shoot :)	22:05
vgnbkr	Seems like a lot of the friction is because the issue isn't really about users. Users can be managed by third party tools.	22:05
* hub_cap runs, arms flailing		22:05
kevinconway	...	22:05
hub_cap	for sure vgnbkr	22:05
vgnbkr	The real issue is about access control. For mysql, access may be controlled by users, but for other databases, other access methods are required.	22:06
denis_makogon	vgnbkr, agreed	22:06
hub_cap	so the bigger issue	22:06
hub_cap	is	22:06
hub_cap	how do we allow a managed service by just giving out _root_ users	22:06
hub_cap	aka its hard to provide a SLA	22:06
hub_cap	now im on you guy's side, but that will be the arguement to overcome	22:07
vgnbkr	Trove would need a mechanism to prevent a Cassandra db from being "open to the public" upon creation.	22:07
hub_cap	thats the higest level arguement, aka, how do we provide a sla and a managed datastore giving root access	22:07
hub_cap	sure but if i give u root mysql, u can screw things up and make, say, automated backup stop working	22:07
*** michael-yu has quit IRC		22:07
hub_cap	so u end up having a hard to support sla	22:07
hub_cap	again, im w/ you but im arguing the _other_ side ;)	22:07
vgnbkr	Could it be that for mysql, trove just manages root and leaves it to the dba to manage users. For some dbs, trove might manage by controlling security group access?	22:09
*** pdmars has quit IRC		22:09
denis_makogon	vgnbkr, security groups already managed by trove	22:10
hub_cap	vgnbkr: sure, thats what ive proposed before	22:11
hub_cap	and some agree w me, and some dont :)	22:11
vgnbkr	denis_makogon: trove "manages" security groups, or allows one to be attached to the nova instance?	22:11
vgnbkr	(and I'm not saying one is right, just asking)	22:11
denis_makogon	vgnbkr, it creates and attaches to instances	22:11
*** shakayumi has quit IRC		22:11
denis_makogon	vgnbkr, we call it association	22:12
kevinconway	(-_-)	22:12
vgnbkr	denis_makogon: so how does trove know (at present) who to restrict access to?	22:12
denis_makogon	vgnbkr, cidr and ports	22:13
vgnbkr	But, anyways, it sounds like I'm rehashing something that was covered before. Didn't mean to do that. Sorry all.	22:13
*** jcru has quit IRC		22:15
denis_makogon	hub_cap, let me know with the results of testing, please	22:15
hub_cap	yup ill test again tonight denis_makogon	22:18
vgnbkr	Was just chatting with the guys around the office. When is the last time that anyone ever saw a database with more than one user (i.e., the one that the web server connects to)?	22:27
vgnbkr	For DBaaS as databases are used in modern deployments (ORM typically), are users even relevant any more?	22:29
hub_cap	vgnbkr: a TON	22:31
hub_cap	read only users for reportin	22:31
hub_cap	or access to only certian tables for non priv'd users	22:31
vgnbkr	I couldn't remember seeing users used for many years. Asked around the office - all our customers just had one account.	22:32
*** Ranjitha has quit IRC		22:32
vgnbkr	For access to certain tables, is it in the trove plan to add access controls by table?	22:33
denis_makogon	vgnbkr, no, this is not DBaaS functionality	22:33
*** doug_shelley66 has joined #openstack-trove		22:34
denis_makogon	vgnbkr, maybe you need to search for OpenStack MangetoDB	22:34
denis_makogon	it's NoSQL key-value storage	22:34
denis_makogon	with HTTP interface	22:35
denis_makogon	its almost the same as Amazon DynamoDB	22:35
vgnbkr	The point that I was getting at is that if the objective is to offer a certain SLA, there must be a path. Does support for multiple users need to be on that path?	22:36
kevinconway	denis_makogon: there you go the the "A" word again	22:36
*** Ranjitha has joined #openstack-trove		22:36
denis_makogon	kevinconway, yes, i could use kumu logic example	22:36
vgnbkr	Aren't most people using a cloud DBaaS just going to point their Apache/PHP at it? Are multiple users necessary for that use case?	22:38
denis_makogon	kevinconway, AWS is the greates stack of cloud services, we need to keep an eye on it, all the time	22:38
denis_makogon	vgnbkr, it depens on how application interracts with DB	22:38
vgnbkr	Absolutely.	22:39
denis_makogon	vgnbkr, but mostly, no	22:39
*** michael-yu has joined #openstack-trove		22:39
vgnbkr	But if we're not going to provide access to access controls, what would people do with separate users?	22:39
denis_makogon	vgnbkr, twitter is a good example	22:40
*** Barker has quit IRC		22:40
vgnbkr	denis_makogon: can you provide a short description of why twitter is a good example (I don't know what you're getting at).	22:41
kevinconway	twitter uses a database	22:41
denis_makogon	i mean single user access	22:41
kevinconway	QED	22:41
vgnbkr	Ah, sorry, I thought you meant twitter used multiple users.	22:42
*** jasonb365 has quit IRC		22:42
denis_makogon	backend is driver driven	22:42
kevinconway	vgnbkr: multiple users is common in reporting/analytics databases	22:42
*** jasonb365 has joined #openstack-trove		22:43
vgnbkr	kevinconway: is that because the reporting apps are given read only access?	22:44
vipul	even for mysql I think that multiple users with potentially different grants is totally valid	22:44
kevinconway	well a lot of analytics that leverage RDBMs don't start with an app	22:44
kevinconway	you test/discover in sql	22:45
kevinconway	then move your findings over into a reporting app	22:45
vipul	you may have a read-only slave you want to grant access to to a different app potentially	22:45
kevinconway	depending on the scope of the db you may have multiple reporting groups that need access to different subsets of data	22:45
vgnbkr	kevinconway: sure, but at that point wouldn't the dba have to open root access and go in and muck with grants anyways?	22:46
vipul	are we talking about reasons to keep user management in Trove or to remove it	22:46
kevinconway	vipul: neither. just talking about use cases	22:46
kevinconway	vgnbkr: you may also have multiple writers to the db that need write to only their portion	22:46
kevinconway	like using a trove instance to run an openstack deploy	22:47
kevinconway	nova writes to nova schema while keystone writes to keystone schema	22:47
vgnbkr	kevinconway: agreed, but is that something that trove would ever be able to configure?	22:47
kevinconway	same db instance	22:47
kevinconway	it does now	22:47
vipul	also i would hesistate to go with 'let the DBA do it' type of cases, because the value add of a managed service like DBaaS is that you don't necessarily need DBAs to figure this stuff out	22:47
openstackgerrit	A change was merged to openstack/python-troveclient: adds support for configurations management https://review.openstack.org/53169	22:48
kevinconway	oh neat, config mgmt is in	22:48
vgnbkr	I was just thinking about hub_cap's SLA comment, which is solid. What if trove gave you just a write connect string and a read connect string by default with a high SLA.	22:54
vgnbkr	You could click "Allow Root Access" and do whatever you needed, but the SLA dropped accordingly.	22:55
hub_cap	vgnbkr: i think scenarios like that are worth exploring	22:56
hub_cap	when we start gettin into v2	22:56
vgnbkr	Would that unify the appearance of disparate dbs from a management perspective?	22:56
*** mattgriffin has joined #openstack-trove		22:57
vgnbkr	OK, np.	22:58
*** amrith has quit IRC		22:59
cp16net	hub_cap: btw i see that trove config group is approved it will require the trove-integration as well	23:01
cp16net	client is merged already :)	23:01
*** amrith has joined #openstack-trove		23:02
*** amcrn has quit IRC		23:03
*** amcrn has joined #openstack-trove		23:06
hub_cap	cp16net: link	23:16
hub_cap	vgnbkr: fwiw, i think thats a decent idea	23:16
cp16net	hub_cap: tim just approved	23:18
cp16net	i got +11	23:18
cp16net	i think thats a record	23:18
SlickNik	cp16net: nice	23:19
SlickNik	Are all pieces merged?	23:19
SlickNik	Just making sure rdjenkins doesn't keel over.	23:19
cp16net	SlickNik: they are about to be merged	23:21
SlickNik	sweet.	23:22
openstackgerrit	A change was merged to openstack/trove-integration: changes to support configuration groups https://review.openstack.org/58445	23:22
cp16net	OMG	23:22
cp16net	there it is	23:22
hub_cap	:P	23:22
hub_cap	woop	23:22
cp16net	that was fast	23:22
cp16net	i thought the merge took a while	23:22
*** robertmyers has quit IRC		23:25
*** jasonb365 has quit IRC		23:25
SlickNik	cp16net: trove-integration merges are super fast.	23:32
SlickNik	You'll probably have to wait a little longer for the other patch. :)	23:33
hub_cap	yea there is only a no-op gate for t-i	23:33
hub_cap	lets just call it t-i	23:33
hub_cap	or ti	23:33
openstackgerrit	A change was merged to openstack/trove: adding configuration group support https://review.openstack.org/53168	23:33
hub_cap	t-i i think works	23:33
*** kevinconway has quit IRC		23:34
hub_cap	thoughts?	23:34
SlickNik	I'm down with that.	23:34
*** jmontemayor has quit IRC		23:35
*** plodronio has quit IRC		23:35
*** jmontemayor has joined #openstack-trove		23:35
*** yogesh has quit IRC		23:36
*** jmontemayor has quit IRC		23:39
hub_cap	word	23:41
hub_cap	lets do it	23:41
hub_cap	lets make it a thing	23:41
*** denis_makogon has quit IRC		23:41
hub_cap	t-i is how we refer to trove-integration from now on	23:41
hub_cap	yeesh, another fresh sync of offlineimap... /me crys	23:42
hub_cap	and leaves for ~6 hrs	23:42
hub_cap	heh	23:42
SlickNik	heh, I know that feeling	23:42
*** tanisdl has quit IRC		23:47
*** amrith has quit IRC		23:48
*** Barker has joined #openstack-trove		23:49
*** Barker has quit IRC		23:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!