17:02:09 <thinrichs> #startmeeting CongressTeamMeeting 17:02:09 <openstack> Meeting started Tue Oct 7 17:02:09 2014 UTC and is due to finish in 60 minutes. The chair is thinrichs. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:02:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:02:12 <openstack> The meeting name has been set to 'congressteammeeting' 17:02:17 <rajdeep> hi 17:02:19 <jasonsb> hi 17:03:01 <thinrichs> sarob and arosen1 actually put up an agenda this week 17:03:06 <thinrichs> https://wiki.openstack.org/wiki/Meetings/Congress 17:03:11 <arosen1> I can go first if you want. 17:03:17 <thinrichs> arosen1: ok 17:03:33 <arosen1> cool, So I've been working on the CI stuff. We now have a job that is voting running a few basic functional tempest tests. 17:03:39 <thinrichs> #topic status 17:03:50 <arosen1> Right now we're lacking tempest tests for the datasource drivers (neutron, keystone, ceilometer) this would be awesome if someone wants to help out with this. 17:03:57 <arosen1> I added coverage for nova here which might be a good example to follow: https://review.openstack.org/#/c/125501/ 17:04:29 <thinrichs> This is definitely a huge step forward! 17:04:45 <thinrichs> I'll volunteer to write a tempest test or two this week. 17:05:07 <arosen1> i think after we add this coverage we can also add a few scenario tests to give us even more coverage testing rules over multiple tables etc 17:05:38 <arosen1> I've also written a datasource driver for glance which also includes functional tests: https://review.openstack.org/#/c/126377/ would be nice to get some reviews on this if anyone has cycles. 17:05:39 <thinrichs> Pretty soon tempest tests will be part of the expected tests we write for new features. 17:05:57 <arosen1> thinrichs: i think that would be a good requirement to add 17:06:25 <arosen1> that's all from me though unless there are any questions 17:06:25 <thinrichs> Great! So we're seeing more people having fulfilled their datasource driver obligation. 17:06:51 <thinrichs> alexsyip: want to go next? 17:07:19 <alexsyip> I wrote the new datasource superclass, and I’m converting the keystone driver to use the new superclass (fixing bugs along the way). 17:08:03 <thinrichs> Good stuff! Want to give people an idea of why the new superclass will make it easier to write new drivers? 17:08:41 <alexsyip> In the past, each datasource driver needed to convert the API reponse data from the data source to congress columns explicitly. 17:08:45 <rajdeep> arosen1 noticed a version v2 in the glance driver name 17:09:14 <arosen1> rajdeep: right; glance has a v1 and v2 api. So v2 means it talks to the glance_v2 api 17:09:34 <rajdeep> that is true for nova too 17:09:40 * arosen1 that's why i did that. 17:09:43 <rajdeep> and most other apis 17:09:45 <alexsyip> The new superclass will allow the programmer to write a data descriptor. 17:10:01 <arosen1> rajdeep: well i think we are only talking to nova's 1_1 api right now and not nova's v2 17:10:07 <alexsyip> To give an idea of what I”m talking about, take a look at this preliminary version: https://review.openstack.org/#/c/125845/1/congress/datasources/datasource_driver.py 17:10:08 <arosen1> the nova v2 is still a wip 17:10:20 <alexsyip> There’s a comment at the top describing the descriptor format. 17:10:30 <arosen1> alexsyip: sounds good, i'll try and also review this later today. 17:10:38 <alexsyip> It’s not ready for review. 17:10:46 <arosen1> okay i'll wait then :) 17:11:01 <alexsyip> But it would be valuable to look it over and see if the descriptors make sense. 17:11:08 <alexsyip> Just the comment part. 17:11:16 <alexsyip> Although it’s out of date.. 17:11:29 <alexsyip> I’ll upload a newer version today. 17:12:14 <thinrichs> Sounds good! 17:12:42 <thinrichs> rajdeep: want to go next? 17:12:49 <rajdeep> sure 17:13:21 <rajdeep> i have started implementing horizon panel for datasource APIs 17:13:43 <rajdeep> will take some time to get it completed 17:14:07 <arosen1> rajdeep: are you in sync with janet? have you seen this one: https://review.openstack.org/#/c/123912/ ? 17:14:22 <rajdeep> noticed that congress returns data source driver list for neutron even when neutron is disabled in devstack 17:14:56 <arosen1> rajdeep: right, that happens because neutron is in the datasource.conf 17:15:09 <thinrichs> rajdeep: the status reflects whether Neutron is enabled in Congress. Not whether it is enabled in devstack. 17:15:17 <arosen1> once datasource registration occurs via the api that won't be the case as someone will explicitly have to register it. 17:15:26 <thinrichs> Ideally we could do both. 17:15:30 <arosen1> thinrichs: we have a status now? 17:15:38 <thinrichs> But once we get the datasource statuses in place, we should get that info. 17:15:39 <rajdeep> ok makes sense but i got a little confused 17:15:47 <arosen1> ah yea.. 17:15:53 <arosen1> nvm 17:16:18 <rajdeep> will we expose enabling drivers via horizon too? 17:16:30 <thinrichs> rajdeep: did you see the link arosen1 linked to? 17:16:41 <arosen1> rajdeep: i would think so. 17:16:42 <rajdeep> arosen1 i took the initial patch from janet and worked on top of it 17:16:51 <arosen1> rajdeep: great 17:17:09 <thinrichs> rajdeep: eventually we'll let people control drivers via the API and horizon. But that's low priority right now. 17:17:16 <rajdeep> ok.. 17:18:11 <rajdeep> that completes the status from my side 17:18:20 <thinrichs> sarob: you want to do your stuff? 17:19:01 <sarob> sooo, we almost have our space allocated for the summit 17:19:23 <rajdeep> another thing i forgot to mention 17:19:35 <sarob> go for it rajdeep 17:19:51 <rajdeep> horizon needs an id for each row else it is not able to render properly 17:20:09 <rajdeep> datasource row doesn't have an id 17:20:21 <rajdeep> janet also mentioned this in her comments 17:21:56 <thinrichs> Giving rows IDs is hard. 17:22:04 <thinrichs> Not all rows are stored explicitly—they are computed on the fly. 17:22:20 <thinrichs> So giving IDs doesn't always work, which means we don't give IDs to rows. 17:22:49 <thinrichs> Why can't we render rows without IDs? 17:23:14 <rajdeep> well we can generate on the horizon side as a work around .. 17:23:37 <thinrichs> I'll ask again: why can't we render rows without IDs? 17:23:45 <rajdeep> not sure about the horizon behaviour but i struggled with this 17:24:03 <rajdeep> janet's comment : # Policy table rows currently don't have ids. However, the DataTable object 128 # requires an id for the table to get rendered properly. Otherwise, the 129 # same contents are displayed for every row in the table. Assign the rows 130 # ids here 17:24:43 <thinrichs> That sounds like a limitation of Horizon. I'd agree with your suggestion rajdeep and gen them within horizon. 17:24:52 <pballand> thinrichs: +1 17:25:03 <rajdeep> ok thinrichs 17:25:49 <thinrichs> sarob: want to pick up again? 17:26:02 <pballand> longer term, I think we need to think more about the row strategy that congress exposes, but that shouldn’t block the UI work 17:26:44 <sarob> etherpad for the kilo design summit is here #link https://etherpad.openstack.org/p/par-kilo-congress-design-session 17:27:03 <sarob> im working out our space(s) at the summit 17:28:40 <sarob> im going to update the wiki to reference both new specs and minimum features 17:29:12 <glebo> Hey all, Gregory Lebovitz here. First time in the wkly mtg 17:29:13 <sarob> thats it other than y'all can start updating the wiki at will 17:29:38 <glebo> question, once we done talking about summit 17:29:39 <sarob> morning glebo 17:29:43 <thinrichs> glebo: Hi! We'll ask you to give a brief intro near the end of the meeting. 17:29:54 <glebo> grt 17:30:56 <thinrichs> sarob: thanks! 17:31:08 <thinrichs> madhumohan: want to go next? 17:31:48 <madhumohan> been working on tempest tests for ceilometer driver.... 17:32:59 <madhumohan> thinrichs: I am reviewing your code... half way now. will let you know if i find something interesting... 17:33:21 <thinrichs> madhumohan: great! We'd love feedback on writing tempest tests. 17:33:33 <thinrichs> And having you review is really helpful. 17:34:13 <thinrichs> Anything else madhumohan? 17:34:43 <madhumohan> I had a policy where i needed a count of records in a table 17:35:50 <madhumohan> For eg: "A specific host can host utmost 6 VMs" OR "The subnet x can take utmost 10 ports"... any thoughts on supporting such constructs on datalog 17:35:52 <madhumohan> ? 17:36:14 <thinrichs> madhumohan: that would require aggregates, which we don't yet support. 17:36:33 <thinrichs> madhumohan: want to add a spec for it? 17:37:16 <madhumohan> yes.. I would like to take it up 17:38:27 <thinrichs> Sounds good. I'll help. That's a good suggestion. 17:38:52 <thinrichs> Starting to run short on time it seems. 17:38:54 <thinrichs> I'll go. 17:39:06 <thinrichs> I've been adding column-references to datalog, 17:39:27 <thinrichs> So we can write something like p(x) :- nova:servers(id=x, name=y) 17:39:44 <thinrichs> I've also been reactivating a simple form of enforcement that a customer asked for. 17:40:15 <thinrichs> So we can guard API calls using Congress. e.g. before Nova executes a createVM API call, it can ask Congress if doing so would violate policy. 17:40:26 <thinrichs> The code is already in there but we deactivated it for the alpha release. 17:40:49 <thinrichs> I've also been asked to add some datetime functionality into the builtins that we support 17:40:57 <thinrichs> That's about it from me. 17:41:18 <thinrichs> Radu_: we're finishing up status reports. Want to go? 17:41:51 <Radu_> I wanted to give the column referances a test today but was running into some other driver errors with my driver, not sure if it has to do with the patch or something unrelated. 17:42:25 <Radu_> Since last week I have made the code and demo/audio publically visable 17:42:34 <thinrichs> Radu_: okay. Let us know if we can help or if you find a bug. 17:42:42 <Radu_> https://www.youtube.com/watch?v=ZAEydTlIW64 17:43:07 <Radu_> Thats my demo video I made using my driver with congress to use congress as a reactionary tool for networks 17:43:56 <Radu_> Code repo is in the description. I also submitted a blueprint and a specs request to have the driver merged into the main repo 17:44:12 <thinrichs> It's great now that there's audio! 17:44:33 <thinrichs> Did you push your driver to review? 17:44:48 <Radu_> just the specs doc and blueprint 17:45:26 <thinrichs> If your driver is ready, go ahead and push it for review. 17:45:36 <thinrichs> We can go over both the specs and the driver at the same time. 17:46:21 <thinrichs> One other thing that I almost forgot. 17:46:37 <Radu_> Cool, I want to do a bit more testing and see If it is just an error that is occuring with the column referance patch or something else that was released in another patch I hadn't tested with that the column patch is based off of 17:47:00 <thinrichs> We talked to the Graffiti team this week. 17:47:03 <thinrichs> https://wiki.openstack.org/wiki/Graffiti 17:47:12 <thinrichs> Radu_: sounds good. 17:47:37 <thinrichs> Graffiti is project geared toward adding metadata to the objects in OS. 17:47:57 <Radu_> We also may move to using congress on an full openstack deployment, but that is still in the works and Im still on devstack for now. 17:48:15 <thinrichs> For example, they are making it possible to say that Apache is installed on some particular Glance image. 17:48:40 <pballand> that’s fantastic 17:48:46 <thinrichs> We were in complete agreement that the projects are complementary. 17:48:57 <thinrichs> Congress policies can be richer if we utilize Graffiti metadata. 17:49:30 <thinrichs> So we can say something like, "every VM that has Apache installed must have port 80 open" 17:49:46 <thinrichs> Is there anyone else that has a status report to give? 17:49:58 <thinrichs> We have a couple of new people this week and I want to ensure they have time to introduce themselves. 17:50:28 <thinrichs> #topic New members 17:50:49 <thinrichs> glebo: would you care to introduce yourself and say a little about why you're interested in Congress? 17:51:06 <glebo> Hey. It's Gregory from vArmour. Recall I was at the Silicon Valley 2-day session. This is just my first time in the wkly mtg. 17:51:16 <glebo> Repeat from the 2-day mtg, 17:51:37 <glebo> our interest is in being able to take security policies 17:51:41 <pballand> hi glebo, thanks for joining the meeting 17:51:44 <Radu_> Cool,that definately sounds like it could have a lot of use. 17:51:45 <glebo> regarding access control, 17:51:53 <glebo> reachability, 17:51:57 <glebo> microsegmentation 17:52:27 <glebo> etc from congress and be able to actually enforce those policies for each of the VMs 17:53:02 <thinrichs> glebo: sounds cool! 17:53:07 <glebo> I'd see us as a consumer of Congress, 17:53:38 <glebo> but willing and able to contribute to ensure that the structures and registries and interfaces are there for the security enforcement side of policy declaration 17:54:11 <glebo> Thx for the warm welcome. <hands off to others> 17:54:12 <jasonsb> glebo: that sounds really neat 17:54:13 <thinrichs> Makes sense. We'd love to understand what your requirements are, so feel free to ping us anytime. 17:54:24 <thinrichs> jasonsb: want to take a turn? 17:54:26 <glebo> ack 17:54:52 <glebo> actually, I had a question… 17:55:00 <jasonsb> sure. Im mostly lurking at the moment, trying to wrap my head around QoS 17:55:34 <thinrichs> You're certainly welcome to lurk anytime. 17:55:44 <jasonsb> and if congress can be used to express policies around quality of service as it relates to network and storage 17:55:50 <glebo> has there been any bp's or specs written around the interaction between congress and neutron GBP? 17:55:59 <thinrichs> But most of the weekly IRC are like what you're seeing—status updates. 17:56:04 <LouisF> thinrichs: may have been mentioned before but I am adding a spec and bp on translation from congress to gbp 17:56:16 <thinrichs> jasonsb: I'd suggest we communicate outside of this meeting to look into QoS policies. 17:56:24 <jasonsb> oh, and i've just started couple weeks back at HDS 17:56:42 <glebo> LouisF: well, there we have it then. Timely answer. 17:56:50 <glebo> ;-) 17:57:00 <jasonsb> thinrichs: sounds good. i'm still early stages of wrapping my head around both congress and the problem domain 17:57:42 <thinrichs> jasonsb: let us know if you want pointers to intro material or want to chat on the phone. 17:58:00 <thinrichs> glebo: same for you, of course, though you've seen much of the intro material we have. 17:58:01 <jasonsb> LouisF: if you could point me to what you are working on i would like to see 17:58:31 <LouisF> jasonsb: i will post soon 17:58:37 <jasonsb> thinrichs: thank you for warm welcome 17:59:01 <jasonsb> i'll be in paris so would like to participate on your discussions as well 17:59:21 <thinrichs> sarob: can you post to the ML our Paris schedule? 17:59:28 <glebo> thinrichs: ack. thx. 17:59:37 <sarob> sure, when i get it locked down 17:59:42 <thinrichs> Sounds good. 17:59:57 <thinrichs> One last thing before we end. 18:00:15 <thinrichs> All the outstanding specs currently in the juno folder will be moved to the kilo folder. 18:00:26 <thinrichs> We can debate them all in Paris to prioritize. 18:00:31 <thinrichs> And with that we're out of time. 18:00:34 <thinrichs> Thanks all! 18:00:43 <LouisF> i am adding the gbp translation spec to the kilo folder 18:00:50 <thinrichs> #endmeeting