20:05:47 <dave-mccowan> #startmeeting Barbican 20:05:48 <openstack> Meeting started Mon Aug 31 20:05:47 2015 UTC and is due to finish in 60 minutes. The chair is dave-mccowan. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:05:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 20:05:51 <openstack> The meeting name has been set to 'barbican' 20:06:02 <dave-mccowan> #topic Roll Call 20:06:04 <alee> dave-mccowan, you chairing? 20:06:11 <rellerreller_> o/ 20:06:13 <silos1> \o/ 20:06:17 <arunkant> o/ 20:06:17 <alee> o/ 20:06:18 <jkf> o/ 20:06:21 <woodster_> o/ 20:06:22 <dave-mccowan> i guess so. i just tried to see if it would work. I didn't expect it would. :-) 20:06:22 <diazjf> o/ 20:06:38 <rellerreller_> I smell a coup 20:06:47 <alee> dave-mccowan, congrats -- you have been chaired 20:06:56 <chellygel> sorry guys! 20:06:58 <kfarr> o/ 20:06:59 <dave-mccowan> rellerreller_ quotas. quotas for everyone. 20:06:59 <hockeynut> o/ 20:07:08 <rellerreller_> haha 20:07:14 <alee> rellerreller_, is it a coup when no one else volunteers? 20:07:25 <chellygel> who kicked it off? i apologize 20:07:27 <chellygel> i'm the worst! 20:07:31 <hockeynut> evah 20:07:37 <woodster_> my kingdom for a quota! 20:07:55 <dave-mccowan> #chair chellygel 20:07:56 <openstack> Current chairs: chellygel dave-mccowan 20:08:09 <chellygel> does this mean they bring me a fancy leather seat? 20:08:22 <woodster_> fit for a queen! 20:08:37 <chellygel> dave-mccowan, if you'd like to run the meeting, i'd be happy to let you 20:08:45 <alee> dave-mccowan, interesting -- can you be #de-chaired ? 20:08:58 <dave-mccowan> alee meetingbot wars 20:09:15 <dave-mccowan> #topic action items from last week 20:09:33 <dave-mccowan> <read in the voice of redrobot> 20:09:48 <dave-mccowan> anyone have any update on an action item, or are they all redrobot's? 20:10:26 <jhfeng> o/ 20:10:29 <dave-mccowan> #topic agenda 20:10:44 <dave-mccowan> as usual the agenda for this week can be found here: 20:10:53 <dave-mccowan> #link https://wiki.openstack.org/wiki/Meetings/Barbican#Agenda 20:11:11 <dave-mccowan> any items to add? 20:11:15 <rellerreller_> That is so like redrobot. 20:11:37 <chellygel> did you say, there's a lot of barbicaneers here? thats the critical piece :P 20:11:44 <dave-mccowan> i could just cut and paste last week's transcript. 20:11:55 <dave-mccowan> chellygel haha. i missed that line. 20:12:32 <dave-mccowan> #topic test frameworks 20:12:44 * dave-mccowan can take that one 20:13:18 <dave-mccowan> rellerreller_, hockeynut, and i were talking about some inconsistencies in test tools 20:13:31 * woodster_ Added a note about ACL reviews to the agenda 20:13:37 <rellerreller_> In the unit and functional tests we are using two different libraries. 20:13:50 <rellerreller_> We are using testtools for the unit tests and nose for the functional tests. 20:13:54 <hockeynut> also gate versus desktop dev environment 20:14:01 <dave-mccowan> most of the time we use testrools and testr. in one case were using nosetests. 20:14:23 <dave-mccowan> is there any reason not to remove nosetests from tox -e functional? 20:14:53 <dave-mccowan> git blame says that jvrbanac add nosetests to tox.ini 20:15:39 <dave-mccowan> by using testr exclusively, we can have consistent attribute flags, consistent filtering, and maybe other stuff. 20:16:00 <rellerreller_> All of the attributes in functional tests are applied using testtools.attr, but those attributes are ignored by nose. 20:16:25 <rellerreller_> You can see in the code that they do something similar to our parameterized tests. They add an attribute to the function object. 20:16:39 <rellerreller_> For nose the attribute is inspected at runtime while testtools uses it modify the function name when doing a list operation. Then the developer passes a regex to ignore or invoke tests with an attribute by filtering the test name lists. 20:16:58 <rellerreller_> https://github.com/nose-devs/nose/blob/master/nose/plugins/attrib.py#L114 20:17:05 <rellerreller_> https://github.com/testing-cabal/testtools/blob/master/testtools/testcase.py#L829 20:17:33 <rellerreller_> So basically all the functional test attributes will not work. 20:18:28 <dave-mccowan> without objections, i'll open a bug to convert all things nose to testtools. 20:18:42 <rellerreller_> +1 20:19:07 <dave-mccowan> #action dave-mccowan open bug to cut off our nose 20:19:14 <hockeynut> dave-mccowan yes, gives folks who have a strong opinion one side or the other a place to express it 20:19:54 <dave-mccowan> #topic Merge requirements 20:20:03 <rellerreller_> I added this one 20:20:19 <rellerreller_> I was wondering what the status of this is. 20:20:38 <diazjf> rellerreller, I'll take on that bug, since I have done pervious things with tox 20:20:46 <rellerreller_> Did redrobot talk with other Rackers about this? Can we do only 2 +2s? 20:21:03 <woodster_> what is the merge about again? 20:21:15 <rellerreller_> It's not about a specific merge. 20:21:33 <hockeynut> is it because we basically require three +2s? two for review and 1 for merge? 20:21:36 <rellerreller_> redrobot proposed changing policy to only require 2 +2s before workflowing code. 20:21:41 <woodster_> oh, the +2/workflow policy got it 20:22:02 <rellerreller_> I know that I could use that now. 20:22:14 <diazjf> I like that idea 20:22:21 <woodster_> ...so +2 follwed by a combined +2/workflow, correct? 20:22:27 <rellerreller_> https://review.openstack.org/#/c/212579/ has seen no love for a week now :( 20:22:32 <dave-mccowan> in barbican-main, i rarely have a challenge finding a third approval. it's the first one that's the slowest. :-) 20:22:32 <alee> yup 20:23:11 <hockeynut> + oo 20:23:24 <rellerreller_> Barbican main is not as bad, but KMIP is hard to find reviewers. 20:23:34 <alee> rellerreller_, woodster_ the caveat of course being that three +2's are required for security impact fixes as well as those indicated as Barbican Impact 20:23:43 <diazjf> https://review.openstack.org/#/c/196876/ for a while. :-( 20:23:46 <rellerreller_> Castellan is also slow for reviews. kfarr has patch that needs love as well. 20:24:19 <kfarr> Yes! :( It's a little lonely over on the Castellan review page 20:24:22 <alee> Barbican Impact means that the reviewers or submitter thinks that the patch merits a thrid reviewer 20:24:25 <rellerreller_> alee correct. We had discussed that. 20:24:38 <alee> rellerreller_, yup just summarizing .. 20:24:57 <alee> rellerreller_, so do we have a quorum to vote on this? 20:25:00 <rellerreller_> alee thanks! 20:25:02 <alee> woodster_, ? 20:25:17 <rellerreller_> I say we vote now while the PTL has no say! 20:25:26 <kfarr> This is a coup after all 20:25:30 <woodster_> I'm fine with a two step for non Barbican Impact CRs (vs the usual 3 step) 20:25:40 <alee> I think redrobot is in favor of this .. 20:25:44 <alee> +2 for me 20:25:51 <rellerreller_> alee I agree 20:25:56 <rellerreller_> +2 for me 20:26:10 <diazjf> +1 20:26:16 <woodster_> +2/workflow for me 20:26:27 <hockeynut> workflow does seem to be more of a formality (even though it shouldn't really be). +2 here 20:26:59 <dave-mccowan> #agreed 20:27:05 <alee> I think we're good then -- is the new policy written up somewhere? 20:27:25 <woodster_> so did we discuss when the Barbican Impact flag should be used? :) 20:28:27 <dave-mccowan> i've seen other projects with the process details written up in a file in the repo 20:28:58 <alee> woodster_, I think we can leave that somewhat undefined for now -- and expect folks to use best judgement. If we think something is quite impactful, or quite large, then BarbicanImpact 20:29:11 <alee> if need be, we can tighten up the rules 20:29:48 <rellerreller_> I think members of core should start to identify and -2 until flag is added or debated on IRC if should be there. 20:30:01 <rellerreller_> That way nothing sneaks in 20:30:14 <dave-mccowan> or a core could give a +1 instead of a +2 20:30:40 <alee> yes - thats maybe a little friendlier 20:30:52 <alee> rellerreller_, core giving -2 stops a review I think .. 20:30:52 <rellerreller_> I learned today that Cinder only requires 1 +2 for small patches, like changes to documentation 20:31:25 <alee> rellerreller_, incremental steps :) lete go from 3->2 first :) 20:31:25 <rellerreller_> alee that would be a bummer :( 20:31:52 <rellerreller_> I'm planting the seed now. 20:32:09 <rellerreller_> We can vote again later on that. 20:32:14 <dave-mccowan> any last words before moving on? 20:32:37 <alee> I would request that if a core does suggest Barbican Impact, that they be responsive and provide one of those reviews. 20:32:47 <alee> that would be polite .. 20:33:50 <alee> so - only action I think would be for PTL to decide if we need to write this up 20:33:58 <alee> (and to do it if so) 20:34:16 <dave-mccowan> if we can find a way to speed up the first review, that would help even more i think. maybe each blueprint has a "core sponsor" or each core has an area of ownership that implies an SLA with respect to reviews? 20:34:39 <dave-mccowan> #action redrobot document new streamlined workflow process 20:34:59 * hockeynut is heading over to ACC to pick up kid (mine, not just a random one) 20:35:11 <dave-mccowan> #topic Liberty-3 milestone 20:35:54 <dave-mccowan> I hoping for the Quotas Blueprint to land this week before liberty 3. i have 4 outstanding CRs with code that makes the BP feature complete. 20:36:14 <alee> hey - when is liberty-3? 20:36:19 <dave-mccowan> i appreciate all the reviews to date, and hope to get a few more to land everything before the milestone. 20:36:41 <dave-mccowan> the web pages say Sept 1 to 3. Not sure what that means. I'd like a date and time. :-) 20:36:56 * rellerreller_ quietly leaves the meeting 20:37:19 <dave-mccowan> are there any other patches that need to land before the milestone? 20:37:46 <kfarr> Castellan please :) https://review.openstack.org/#/c/208569/ 20:37:46 <alee> dave-mccowan, well - there is a whol subca's feature 20:37:54 <alee> which I'm working on right now 20:38:12 <dave-mccowan> chellygel what about the modify container patch? 20:38:13 <alee> thought I had a little longer .. 20:38:24 <woodster_> arunkant's ACL stuff would be good to get traction on 20:38:28 <arunkant> there are ACL reviews as well.. 20:38:48 <alee> so yeah, expect a bunch of patches coming tommorow and the next few days 20:38:54 <woodster_> #link https://review.openstack.org/#/c/208343 20:39:12 <woodster_> ^^^ that's the one that settles on the CLI and python client ACL usage 20:39:39 <dave-mccowan> i thought castellan and barbican-client might have a different cycle. does anyone know for sure? 20:39:46 <woodster_> arunkant has been diligently tweaking it since the mid cycle 20:39:57 <alee> woodster_, chellygel - looking to you guys especially for subca reviews 20:40:33 <woodster_> alee: sounds good 20:40:49 <woodster_> dave-mccowan: you are probably right about that 20:42:07 <dave-mccowan> #action everyone spend some time on reviews early this week. 20:42:57 <dave-mccowan> here is the base of the quotas CR chain. first of four. https://review.openstack.org/#/c/216253/ 20:43:13 <dave-mccowan> #topic /v2/orders API 20:43:54 <dave-mccowan> alee, jvrbanac ^^ 20:44:31 <alee> so - there was much discussion at the midcycle about creating a v2 for certificates 20:44:39 <woodster_> Yeah, so we went over /v2/certificates at the midcycle. 20:45:01 <alee> for orders as well -- but the changes for that are much less extensive 20:45:31 <alee> woodster_, I thought jvrbanac was tasked with writing up the initial proposal as a spec or otherwise 20:46:17 <woodster_> It seems like the evolution was /v1/orders --> /v2/certificates for certificate orders, but making them optional/feature-flag configurable, and then long term considering separating the certificate part off into its own project 20:46:18 <alee> (based on what we discussed at the midcycle) 20:47:10 <alee> woodster_, well - I'm not so sure about the splitting off into its own project 20:47:17 <woodster_> we've been heavily involved in the internal deployment process here, so not much traction on that yet. We should try to get that off the ground soon though. I'll bring it up at our planning sessions tomorrow 20:47:53 <woodster_> alee: yeah, this is just something that was discussed as a possibility...i.e. to be discussed at Tokyo for sure 20:48:25 <woodster_> alee: /v2 doesn't require or recommend a separate project for sure 20:48:50 <alee> woodster_, sure - either way, if we want to make traction on this in M, it would be nice at least have a v2 spec to start hammering at by Tokyo. 20:48:59 <alee> as a basis for discussion 20:49:38 <alee> woodster_, as well as separately a spec on migration strategy 20:49:38 <woodster_> alee: agreed 20:50:15 <woodster_> We also talked about /v2 bringing in synchronous generation of asymmetric and symmetric keys 20:50:34 <woodster_> ...so yet another spec perhaps? 20:51:14 <alee> woodster_, well - perhaps there are two v2 specs here -- one for certs and one for v2 secret api 20:51:35 <woodster_> I recall redrobot wanted /v2/certificates to be backwards compatible to /v1/orders, so that would be part of that /v2/certs spec I think 20:51:54 <woodster_> alee: yeah that makes sense 20:52:25 <alee> woodster_, sure - so long as its addressed. It might be easier to iterate on as a separate doc though - as I suspect that will be contentious 20:52:39 <dave-mccowan> the the resource is "certificates", couldn't it be /v1/certificates ? 20:53:06 <alee> dave-mccowan, except that we're deprecating parts of v1/orders 20:53:41 <woodster_> I think the last issue was with certificate containers...right now certs and intermediates are encrypted like any other secret. It was pointed out that this could be wasteful of crypto resources. So we discussed putting cert/intermediate info on the /v2/certificates resource, or else introducing a flag on secrets to indicate they are not stored encrypted in 20:53:41 <woodster_> Barbican 20:53:43 <alee> dave-mccowan, v2 makes sense in that you must use v2/orders with v2/certificates 20:54:25 <woodster_> ...we could just sign them to verify they aren't tampered with 20:54:29 <alee> woodster_, right -all part of the new API 20:55:01 <woodster_> so yeah, quite a bucket list of stuff to bike shed on up thru Tokyo 20:56:00 <dave-mccowan> is there an action item(s) with an owner(s) to start writing these draft specs? 20:56:17 <woodster_> dave-mccowan: you can put me down for now 20:56:32 <woodster_> ...unless someone wants to fight me for it! 20:56:59 <woodster_> yeah, I didn't think so :) 20:57:03 <dave-mccowan> #action woodster_ figure out plan for generating draft specs for tokyo hammering 20:57:39 <dave-mccowan> #topic any other business or beg for reviews for 3 minutes 20:57:43 <rm_work> https://review.openstack.org/#/c/217458/ merged so the experimental job is there now for testing https://review.openstack.org/#/c/167885/ -- just an FYI, not sure if we will be able to get this merged before Lib3 (don't want to break the gate for people on the home stretch) 20:58:30 <kfarr> One last Castellan patch before the next release! woodster_ I updated based on your comments. https://review.openstack.org/#/c/208569/ 20:58:42 <woodster_> kfarr: I'll take a look 20:58:51 <kfarr> thank you!! 20:59:25 <dave-mccowan> time's up. thanks everyone! 20:59:39 <dave-mccowan> #endmeeting