#openstack-meeting log

00:00:26 <thinrichs> #startmeeting CongressTeamMeeting
00:00:27 <openstack> Meeting started Thu Sep  3 00:00:26 2015 UTC and is due to finish in 60 minutes.  The chair is thinrichs. Information about MeetBot at http://wiki.debian.org/MeetBot.
00:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
00:00:32 <openstack> The meeting name has been set to 'congressteammeeting'
00:00:36 <thinrichs> Who is here today?
00:01:48 <pballand> hi
00:01:58 <pballand> (really nice of Coloquy to crash right as the meeting started)
00:02:13 <alexsyip> hi all
00:02:19 <masahito> hi
00:02:33 <jwy> o/
00:03:06 <thinrichs> Glad you could all make it.
00:03:20 <thinrichs> I was just reviewing our action items from last week.
00:03:32 <thinrichs> Here are mine….
00:03:54 <thinrichs> 1. The 2 talks at the Tokyo summit that were Congress related are no longer overlapping.
00:04:01 <thinrichs> One is Wed and one is Thur, I believe.
00:04:41 <thinrichs> 2. We now have tempest tests gating every checkin.
00:04:52 <alexsyip> woohoo!
00:04:57 <thinrichs> :)
00:05:14 <masahito> I saw the +1 from tempest test!
00:05:24 <thinrichs> There are only a couple of tempest tests actually running, but it's a start.
00:05:59 <thinrichs> 3. I met with the Sentinel team this week.
00:06:22 <mtreinish> thinrichs: are you guys using the tempest plugin interface?
00:06:28 <thinrichs> Sentinel was the policy project covered by the Tokyo talk that happened at the same time as the Congress HOL previously.
00:06:37 <mtreinish> thinrichs: http://docs.openstack.org/developer/tempest/plugin.html
00:06:48 <thinrichs> mtreinish: not that I know of.
00:07:09 <mtreinish> thinrichs: ok, that's something that might be worth looking into then
00:07:19 <mtreinish> you can ping me tomorrow in -qa, and I can give a hand with it
00:08:31 <thinrichs> mtreinish: agreed we should look into it.  I'll do my best to find you tomorrow.  But we've got feature freeze starting this week.
00:08:40 <mtreinish> sure, np
00:09:15 <thinrichs> mtreinish: thanks for the offer!  I'm looking forward to getting that all working more smoothly.
00:09:38 <thinrichs> Back to Sentinel.
00:09:51 <thinrichs> Let me find the link to the schedule…
00:10:30 <thinrichs> #link https://www.openstack.org/summit/tokyo-2015/schedule/design-summit
00:10:41 <thinrichs> Search for congress, and you can find the Sentinel talk.
00:10:58 <thinrichs> Here's what I found out about the project.
00:11:12 <thinrichs> They're focused on security policies, typically enforced at the network layer.
00:11:28 <thinrichs> Though they expect to expand beyond that.
00:11:50 <thinrichs> They are building a standalone policy engine—a source of truth for policies that govern their applications.
00:12:23 <thinrichs> They enforcing those policies in several different clouds, built with differing technologies.
00:12:50 <thinrichs> That's why they saw the need for a *standalone* engine, so that the policy and its interpretation would exist outside of any of the different cloud technologies.
00:13:44 <thinrichs> They're basing it on Amazon technology for IAM.
00:14:36 <thinrichs> #link https://aws.amazon.com/iam/
00:15:12 <thinrichs> The basic policies they are interested in for now seem to be basically: which app can talk to which other app (and in which ways).
00:15:37 <thinrichs> Questions/comments about Sentinel?
00:17:10 <masahito> My first impression of Sentinel is it sounds like a standalone policy-engine only for networks.
00:18:14 <masahito> So, I thought we could co-work with Sentinel as a partner of Deligation.
00:18:40 <thinrichs> masahito: The policies they write talk about apps, but they are focused on networking properties of those apps (or perhaps more precisely policies that can be enforced via the network).
00:18:41 <masahito> oops. not Deligation, but Delegation.
00:19:29 <thinrichs> masahito: I think Delegation is the right way to interact with Sentinel.
00:20:11 <thinrichs> The nice thing is that they'll be making it work at massive scale, and they were happy to talk with us about their experiences.
00:21:10 <thinrichs> If there are no other questions, comments, that was my last action item from last week.
00:21:40 <thinrichs> pballand, alexsyip: have you had a chance to discuss the HOL infrastructure for Tokyo?
00:22:24 <alexsyip> I have not done any legwork on the hol infrastructure.
00:23:06 <alexsyip> Last year we had hosted VMs, but we don’t have to do it that way.
00:23:33 <alexsyip> I went to the GBP handson, and they provided a virtualbox image.
00:23:46 <alexsyip> The attendants each installed virtualbox and then loaded the image on their own machine.
00:24:00 <alexsyip> It worked well, except for the extra time to install virtualbox.
00:24:19 <alexsyip> The attendants didn’t need to setup networking or ssh tunnels.
00:25:05 <thinrichs> The virtualbox approach sounds attractive.
00:25:16 <thinrichs> Especially since we don't need to worry about spinning up 200 VMs
00:25:27 <thinrichs> And then the lab will work after the summit ends.
00:25:36 <alexsyip> yeah, I think it’s a nice way to go.
00:25:37 <masahito> I joined the HOL too.
00:25:54 <thinrichs> masahito: what did you think?
00:26:44 <masahito> thinrichs, alexsyip: I think providing a vitualbox image is a good idea.
00:26:48 <pballand> so long as we can give attendees a heads up that they may want to download and instlal virtualbox ahead of time, that sounds fine to me
00:27:11 <pballand> (virtualbox is an ~80MB download - with common conference wifi speeds, that could be a problem)
00:27:12 <thinrichs> How long does virtualbox take to download?
00:27:46 <thinrichs> pballand: asked and answered simultaneously :)
00:27:51 <masahito> pballand: They gave attendants a USB which includes VM images.
00:27:57 <pballand> :-)
00:28:16 <pballand> masahito: that makes sense
00:28:34 <pballand> were people sharing usb keys, or did they just give them away?
00:29:05 <masahito> but the number of the USB is less than attendans, so it was one of reason to delay starting HOL.
00:29:14 <alexsyip> there were fewer usb keys than attendants
00:29:17 <masahito> pballand: they shared some usb key.
00:29:29 <alexsyip> I think the USB key had the VM image, not virtualbox.
00:29:57 <masahito> alexsyip: I think so.
00:30:18 <thinrichs> Any reason not to put both the virtualbox and images on the USB keys?
00:32:03 <alexsyip> We can do it any way we want.
00:32:27 <thinrichs> I like this line of thought.  I think it's worth trying in Tokyo.
00:32:44 <thinrichs> We can always fall back to hosted VMs if we have to, but I think USB keys are actually safer.
00:33:33 <thinrichs> alexsyip: let us all know what help you want getting the HOL ready.
00:34:38 <thinrichs> The only other thing on my agenda is Liberty3
00:34:47 <thinrichs> That happens this week.
00:35:25 <thinrichs> #link https://wiki.openstack.org/wiki/Liberty_Release_Schedule
00:35:39 <thinrichs> It means we're in feature freeze right now.
00:36:19 <thinrichs> My plan is to take the tip of master tomorrow morning, do some testing, and assuming nothing is horribly broken cut a release candidate and the stable branch tomorrow.
00:37:06 <thinrichs> Once we do that we come out of feature freeze, and in parallel  (i) continue committing to master and (ii) eliminate bugs from our RC (by committing first to master and backporting to the stable branch).
00:37:49 <thinrichs> #link https://wiki.openstack.org/wiki/Branch_Model
00:37:58 <thinrichs> Any questions about feature freeze and branching?
00:38:58 <thinrichs> alexsyip, pballand: Did you catch that we're not merging anything but bug fixes for the next day or two?
00:39:09 <pballand> gotcha
00:39:20 <alexsyip> yeah
00:39:31 <thinrichs> Great.
00:39:41 <thinrichs> Next up is status updates.
00:39:43 <thinrichs> #topic status
00:40:10 <thinrichs> Just 20 minutes left.
00:40:25 <thinrichs> Who has something they need to discuss with the group?
00:41:03 <pballand> I threw up a stub of the methods I’m thinking for DseNode: https://review.openstack.org/#/c/210159/2/congress/dse2/dsenode.py
00:41:24 <pballand> the file is pretty messy, but thought I would put it up so people could comment on the interface
00:42:19 <pballand> basically: the DseNode has start/stop/wait, dse_status, rpc_directory, invoke_rpc, service_directory, subscribe, unsubscribe
00:43:01 <pballand> that’s it for me
00:44:15 <thinrichs> pballand: Great!
00:44:36 <thinrichs> Let's all make it a point to go through that code and make comments on the high-level functionality and interface.
00:44:37 <masahito> pballand: I checked the patch, an thought hb is a so good idea in the architecture.
00:45:06 <thinrichs> Let's hold off on comments about style until we all agree on the functionality.
00:45:15 <pballand> if people want to play around, the file does start up a few nodes on the bus and communicate shared state
00:45:35 <pballand> thinrichs: yes, please - only looking for feedback on the interface for DseNode
00:47:25 <thinrichs> jwy: did I see some progress on the new UI from Yali?
00:47:29 <thinrichs> jwy: how is that going?
00:47:47 <jwy> i did an initial review, had some questions
00:48:08 <jwy> some files are missing, so i haven't tried it out myself yet
00:48:11 <jwy> waiting for a reply
00:49:00 <thinrichs> jwy: thanks for keeping on top of that!
00:49:05 <jwy> sure
00:49:14 <thinrichs> masahito: want to give us an update?
00:50:00 <masahito> I'm working dist-api-*'s patch I'm assigned to.
00:51:00 <masahito> I think I can push a patch for table model today.
00:51:32 <masahito> That's my update.
00:52:16 <thinrichs> masahito: Thanks.
00:52:22 <thinrichs> alexsyip: want to give an update?
00:52:36 <alexsyip> I don’t have much to update.
00:53:45 <alexsyip> I was looking through code reviews
00:54:29 <thinrichs> alexsyip: sounds good.
00:54:47 <thinrichs> Here's my quick update.
00:55:11 <thinrichs> I wrote a spec and the code to make the policy engine flexible enough to handle not knowing the schemas of rules with column references.
00:55:55 <thinrichs> Then Yingxin pointed out a way of avoiding the problem that the code addresses.
00:55:56 <thinrichs> #link https://review.openstack.org/#/c/216474/
00:56:13 <thinrichs> I see masahito left some comments too.
00:56:24 <thinrichs> If you could each take a look, that'd be great.
00:56:30 <thinrichs> Here's the code by the way.
00:56:38 <thinrichs> https://review.openstack.org/#/c/218014/
00:57:11 <thinrichs> Some of the code had been written months ago when we tried to do something similar but then abandoned.
00:57:27 <thinrichs> So this was basically trying to see how much work there would be and what the downsides are.
00:57:57 <thinrichs> The basic idea is that if there's a column reference and we don't know the schema, we'll disable the rule.
00:58:07 <thinrichs> Once the schema shows up, we enable the rule.
00:58:35 <thinrichs> 2 minutes left.
00:58:39 <thinrichs> Any last thoughts?
01:00:30 <thinrichs> Out of time.
01:00:41 <thinrichs> Thanks all!
01:00:44 <thinrichs> #endmeeting