00:01:02 <thinrichs> #startmeeting CongressTeamMeeting 00:01:03 <openstack> Meeting started Thu Sep 24 00:01:02 2015 UTC and is due to finish in 60 minutes. The chair is thinrichs. Information about MeetBot at http://wiki.debian.org/MeetBot. 00:01:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 00:01:07 <openstack> The meeting name has been set to 'congressteammeeting' 00:01:42 <ramineni> Hi 00:01:53 <thinrichs> Who is here today? 00:01:53 <alexsyip> Hi 00:01:58 <ekao> hi 00:02:19 <pballand> hi 00:02:50 <thinrichs> I've got 7 agenda items today. 00:02:58 <thinrichs> Does anyone have anything they want to discuss? 00:03:29 <alexsyip> I’m redoing the handson, but I’ll send an email with that. 00:03:38 <thinrichs> That's on my list. 00:03:54 <thinrichs> Okay, well if something comes up, let me know. 00:04:11 <thinrichs> #topic Liberty 00:04:23 <thinrichs> I did some more manual testing today and found some bugs. 00:04:32 <thinrichs> Remember these are on the stable/liberty branch 00:04:40 <thinrichs> https://bugs.launchpad.net/congress/+bugs/?field.tag=liberty-rc2 00:05:20 <thinrichs> One of them is especially bad. Seems the data doesn't get sent properly to the policy engine. 00:05:25 <thinrichs> I marked it critical. 00:06:03 <thinrichs> I tried to isolate the bugs at least. 00:06:08 <thinrichs> But didn't get around to solving any of them. 00:06:11 <thinrichs> See the comments. 00:06:23 <thinrichs> I assigned a couple of people to them as they seemed a good fit. 00:06:38 <thinrichs> But if anyone else can pick one up, assign the bug to yourself. 00:07:13 <thinrichs> Hmmm… but then how do you know if someone has already volunteered. 00:07:22 <thinrichs> I'll remove the assignees right now. 00:07:40 <thinrichs> Only sign up if no one else has. 00:07:40 <su_zhang> hello 00:07:50 <su_zhang> has congress discussion already started? 00:08:08 <thinrichs> su_zhang: yep. 00:08:15 <thinrichs> We're discuss the new bugs I found: 00:08:16 <thinrichs> https://bugs.launchpad.net/congress/+bugs/?field.tag=liberty-rc2 00:08:57 <thinrichs> Questions about the bugs? 00:08:58 <su_zhang> looking it now 00:09:27 <ramineni> Thinrichs: when is the final freeze ?? 00:09:43 <thinrichs> ramineni: let me look 00:10:01 <ramineni> By when we can file or resolve bugs for liberty 00:10:05 <thinrichs> We definitely want the bugs fixed ASAP so we can continue testing. 00:10:21 <ramineni> Sure ..ok 00:10:35 <thinrichs> #link https://wiki.openstack.org/wiki/Liberty_Release_Schedule 00:10:48 <thinrichs> Final release is October 15. 00:11:12 <thinrichs> We jumped the gun a little this cycle so that we could continue doing development on the new architecture. 00:11:24 <thinrichs> So the stable/liberty branch will have more commits than we'd like. 00:11:41 <ramineni> Ok :) 00:11:45 <thinrichs> Anything else? 00:12:01 <thinrichs> #topic kilo 00:12:30 <thinrichs> Apparently there was a bug in kilo (the last release) in another project that forced everyone to change their requirements files. 00:12:38 <thinrichs> Here's ours. It's failing tests. 00:12:43 <thinrichs> #link https://review.openstack.org/#/c/222698/ 00:12:54 <thinrichs> I tried some simple fixes but still no luck. 00:13:06 <ekao> I can take this one. https://bugs.launchpad.net/congress/+bug/1499025 00:13:07 <openstack> Launchpad bug 1499025 in congress "Datasource action listings for cinder, glance, etc." [Medium,Triaged] 00:13:14 <thinrichs> #link https://review.openstack.org/#/c/225332/ 00:13:21 <ekao> i’ll assign myself 00:13:30 <thinrichs> ekao: great! 00:13:50 <thinrichs> Can someone look into the kilo issues? 00:15:08 <thinrichs> ramineni: I just looked at your comment. Are you saying we should perhaps bundle those 2 changes together? 00:16:17 <ramineni> Sorry , I couldn't open the bug , is it about Oslo. Lib 00:17:06 <thinrichs> I don't think we want to open a bug against oslo. 00:17:27 <thinrichs> We just want to figure out how to upgrade our code to work with the new requirements. 00:17:49 <ramineni> Thinrichs : ok..I can have a look at kilo issues 00:18:27 <ramineni> But not sure .. About resolution .. Will give it a try 00:18:37 <thinrichs> ramineni: Thanks! It may be enough to combine those 2 changes into 1 so the code and requirements are in sync. 00:18:51 <thinrichs> Let me know what you find and if you want help. 00:19:10 <ramineni> Ok , sure .. Thanks 00:19:17 <thinrichs> #topic HOL for Tokyo 00:19:30 <thinrichs> alexsyip: have you gotten feedback? 00:19:59 <alexsyip> yeah, david from att tried it out. 00:20:05 <alexsyip> but he ran into some problems. 00:20:22 <alexsyip> So I’m creating a new VM that uses a desktop env. 00:20:40 <alexsyip> He tried to run the demo without internet, which didn’t work. 00:20:53 <alexsyip> And he couldn’t talk to horizon from his browser. 00:21:12 <alexsyip> Anyway, I’m created desktop env vm that does not require the network between browser and horizon. 00:21:23 <alexsyip> But for some reason, devstack doesn’t run right without the Internet. 00:22:02 <alexsyip> I haven’t figured out why yet. 00:22:04 <thinrichs> Even once it's downloaded all the project repos? 00:22:10 <alexsyip> yeah 00:22:42 <ramineni> Alexsyip ..did u try with Offline true option 00:22:46 <alexsyip> Yes I did. 00:22:57 <ramineni> Oh 00:23:08 <alexsyip> After I set OFFLINE=True, and I ran ./stack.sh again, congress still couldn’t talk to some services. 00:24:02 <thinrichs> Could the other services talk to each other? 00:24:14 <thinrichs> I'm wondering if its something in how we built the Congress drivers. 00:24:27 <alexsyip> When I tried to use horizon, there were some error messages popping up also. 00:25:55 <thinrichs> But congress could talk to at least 1 of the services? 00:26:12 <alexsyip> I’m not sure. 00:28:16 <thinrichs> Here are the core devstack developers. 00:28:18 <thinrichs> #link https://review.openstack.org/#/admin/groups/50,members 00:28:53 <thinrichs> I see gary kotton on there. He might be good to reach out to. 00:29:13 <thinrichs> alexsyip: let us know if you need help debugging or testing or both. 00:29:23 <thinrichs> We all want that lab to go well! 00:29:50 <alexsyip> I think it’s also ok to expect an Internet connection when running the lab. 00:30:07 <thinrichs> +1 00:30:37 <thinrichs> Next up is some new work from su_zhang on Nova 00:30:41 <thinrichs> #topic Nova integration 00:30:43 <su_zhang> could we also include our implementation for the demo? 00:31:08 <su_zhang> here is the review 00:31:09 <su_zhang> https://review.openstack.org/#/c/224913/ 00:31:10 <thinrichs> su_zhang: first explain to everyone what your code does 00:31:19 <su_zhang> I've already addressed all of the comments 00:32:07 <su_zhang> Basically, it is a proactive enforcement of resource usage quota at domain level 00:32:28 <su_zhang> currently nova does not have a quota policy at domain level 00:33:48 <thinrichs> The new functionality that you've added is: before Nova does something it asks Congress if it's okay. 00:33:54 <thinrichs> Right? 00:34:11 <su_zhang> yes 00:34:15 <su_zhang> exactly 00:35:01 <su_zhang> while booting up a new VM, we intercept the API call and verify if the remaining quota is sufficient for this boot attempt. If so we let it go, otherwise we will return it. 00:35:18 <thinrichs> You integrated Congress into the pipeline, using paste? 00:35:23 <su_zhang> yes 00:35:39 <thinrichs> How general-purpose is that? 00:35:45 <thinrichs> Does it only work for quota? 00:35:46 <su_zhang> congress sits among the execution flow 00:36:05 <su_zhang> this flow can work more than just quota 00:36:11 <su_zhang> we currently only checks quota 00:36:22 <zhenzan> su: one question. If it's a normal user to execute the boot, I read from the code that you will use his token to query congress and nova, I'm not sure if it could all the required info 00:36:32 <su_zhang> we can easily broaden our scope for policy checking 00:38:28 <thinrichs> su_zhang: did you see zhenzan's question? 00:38:44 <su_zhang> yes, it will use the token for authentication 00:39:02 <su_zhang> but it does not need to be an admin token 00:39:36 <thinrichs> zhenzan: good question here. 00:39:52 <thinrichs> If Nova uses the requester's token, it may be have sufficient rights within Congress. 00:40:12 <thinrichs> If Nova uses an admin token, it will have the correct Congress rights, but then it needs to get the token from somewhere. 00:40:56 <thinrichs> I think there are service accounts that one service (like Heat) can use to talk to other services. 00:41:40 <thinrichs> The other thing to think about is how we can generalize the code that is there. 00:41:55 <thinrichs> In particular, we probably don't want to write different code for every one of Nova's API calls. 00:42:12 <su_zhang> makes sense 00:42:23 <su_zhang> I can try to generalize the code 00:42:33 <thinrichs> su_zhang: if you look into the simulate documentation you'll see something about actions. 00:42:42 <zhenzan> My concern is that Congress is normally configured as admin account in datasource drivers. If Nova uses the requester's token which is not admin, and he can still call Congress execution APIs. Is it a security hole? 00:43:06 <thinrichs> and how you can define the update-sequence as a single action, yet have Congress compute the changes in tables that the action will produce. 00:43:14 <zhenzan> or Congress can block it? 00:43:30 <thinrichs> zhenzan: Heat has had to address this problem. 00:43:40 <zhenzan> ok, thanks. I'll take a look 00:43:41 <thinrichs> Whether it's a security hole or not is unclear. 00:44:11 <thinrichs> But I think we want to have end-users have their APIs gated on Congress policies, one way or the other. 00:44:27 <thinrichs> zhenzan: if you look into Heat and service accounts, could you let us all know what you find? 00:44:43 <zhenzan> no problem 00:44:48 <thinrichs> Thanks. 00:44:52 <thinrichs> Next topic. 15 min left. 00:44:53 <alexsyip> In general simluation calls dont need to run actions right? 00:45:07 <thinrichs> alexsyip: right; but they can if we want them to. 00:45:18 <alexsyip> ok 00:45:36 <thinrichs> #topic Python3 00:45:54 <thinrichs> We're supposed to be Python3 compliant in the near term 00:46:02 <thinrichs> Probably was supposed to happen by Liberty. 00:46:05 <thinrichs> But we're not there yet. 00:46:24 <thinrichs> The rationale is that Python2 is officially not supported anymore by the Python community (or that happens soon). 00:46:53 <thinrichs> veena put some time into that, and Victor Stinner has been helping out recently. 00:46:58 <ramineni> I suppose only anrlr3 is pending , otherwise congress code is compliant right 00:47:13 <thinrichs> ramineni: I'm unsure. That would be great if it were the case. 00:47:31 <thinrichs> It would be nice to know how close we are. 00:47:53 <thinrichs> And to figure out if antlr3 is a problem, and if so what to do about it. 00:47:56 <ramineni> Yes , I looked at the logs , only antlr3 is throwing errors afaik 00:48:42 <thinrichs> ramineni: great! I see the latest patches are only concerned with antlr. 00:49:10 <thinrichs> I don't remember if we need antlr3 for its runtime, or just for compilation. 00:49:27 <alexsyip> I think we only need it for compilation. 00:49:33 <thinrichs> If it's only necessary for compilation (of the grammar to the Python code that parses datalog) then we could remove it. 00:49:50 <thinrichs> And have some way of automatically fixing the code it generates to make it Python3 compat 00:50:35 <thinrichs> alexsyip: that'd be nice. 00:51:09 <thinrichs> So if anyone wants to work that out, we could make the Python3 tests voting. 00:51:37 <thinrichs> #topic New architecture 00:51:48 <thinrichs> pballand: how's the new DSE coming? 00:51:50 <thinrichs> #link https://review.openstack.org/#/c/210159/ 00:52:52 <pballand> I’m made some progres, but have been a bit distracted 00:53:09 <pballand> currently trying to determine the best way to set up automated tests 00:53:33 <thinrichs> alexsyip put some together for the high availability work. 00:53:33 <pballand> I’d love for the tests to work without a message bus, but seems like we’ll need to rely heavily on tempest 00:54:04 <thinrichs> I was about to say that it seemed awkward to do it within tempest. 00:54:21 <thinrichs> The Murano team just runs their own tests in the gate. 00:54:35 <thinrichs> So that would be something else to consider. 00:54:44 <thinrichs> If tempest makes things difficult. 00:55:04 <thinrichs> #topic Use cases 00:55:17 <thinrichs> shivharis made some good progress on building a VM that includes our use cases. 00:55:49 <thinrichs> I got him a round of feedback. 00:56:02 <thinrichs> When he asks again, let's help him out. 00:56:23 <thinrichs> Running short on time. 00:56:28 <thinrichs> #topic Open discussion 00:56:33 <thinrichs> ekao: you're new to the meeting. 00:56:44 <thinrichs> Mind introducing yourself and saying why you're interested in Congress? 00:57:59 <ekao> Cool. Yea my name is Eric Kao. New to Congress. Excited to contribute and help build it out. Looking forward to pushing the vision of declarative management. 00:58:19 <ekao> Looking forward to learning a lot from all you guys. 00:58:30 <thinrichs> ekao: Glad to have you. 00:58:35 <su_zhang> welcome 00:58:39 <zhenzan> welcome 00:58:47 <thinrichs> ekao attended the mid-cycle meet-up, so some of you may know him already. 00:59:08 <thinrichs> That's all the time for this week. 00:59:10 <su_zhang> yep 00:59:15 <thinrichs> Sorry the agenda was jam-packed. 00:59:35 <su_zhang> I am sure we talked during the mid-cycle meeting. 01:00:12 <thinrichs> I'll hang out in #congress for a few minutes, in case anyone has anything new. 01:00:14 <ekao> yup, su_zhang 01:00:15 <thinrichs> Final thought: remember to be testing and helping out with the bugs and docs! 01:00:22 <thinrichs> #endmeeting