16:01:33 <adrian_otto> #startmeeting containers
16:01:33 <openstack> Meeting started Tue Feb 23 16:01:33 2016 UTC and is due to finish in 60 minutes.  The chair is adrian_otto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:34 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:01:37 <openstack> The meeting name has been set to 'containers'
16:01:41 <adrian_otto> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2016-02-23_1600_UTC Our Agenda
16:01:50 <adrian_otto> #topic Roll Call
16:01:53 <adrian_otto> Adrian Otto
16:01:55 <coreyob> o/
16:01:57 <muralia1> murali allada
16:01:58 <juggler> Perry Rivera o/
16:01:59 <thomasem> Thomas Maddox
16:01:59 <Tango> Ton Ngo
16:02:03 <strigazi> o/
16:02:11 <rpothier> o/
16:02:19 <dimtruck> o/
16:02:31 <sew1> o/
16:02:55 <dane_leblanc> o/
16:03:31 <eghobo> o/
16:03:42 <madhuri> o/
16:04:20 <Kennan> o/
16:04:46 <adrian_otto> hello coreyb muralia1 juggler thomasem Tango strigazi rpothier dimtruck sew1 dane_leblanc eghobo madhuri Kennan
16:04:52 <adrian_otto> let's begin
16:04:53 <wanghua> o/
16:05:00 <adrian_otto> #topic Announcements
16:05:22 <adrian_otto> 1) Introducing Spyridon Trigazis from CERN who has joined us as a full time contributor.
16:05:39 <adrian_otto> strigazi: would you like to say a few words?
16:06:05 <strigazi> Hello all,
16:06:20 <Kennan> Glad to know you strigazi:
16:06:28 <muralia1> welcome.
16:06:35 <madhuri> welcome strigazi
16:06:36 <strigazi> I'm Spyros Trigazis and I'm a fellow at Cern in the resource provisioning team
16:06:56 <strigazi> I'll mostly work on Magnum upstream
16:07:11 <strigazi> Some bio notes:
16:07:14 <juggler> hello strigazi! we're glad you're here.
16:07:34 <adrian_otto> strigazi: we are really happy to have you as part of the team, and we look forward to working with you.
16:07:42 <strigazi> Bsc and Msc in CS on Information Sysystem from www.csd.auth.gr
16:07:57 <strigazi> Information Systems
16:08:15 <adrian_otto> please let us know if there is anything we can do to help you
16:08:17 <strigazi> I have previously contributed in www.ganeti.org
16:08:46 <strigazi> I stared to feel comfortable with Devstack
16:09:19 <strigazi> And I'm currently work on adding docker storage drivers in baymodel
16:09:26 <hongbin> o/
16:09:39 <strigazi> I'll send tomorrow a WIP patch
16:09:54 <adrian_otto> Thanks strigazi. We look forward to that!
16:09:57 <Tango> Welcome strigazi !
16:09:59 <suro-patz> o/
16:10:38 <adrian_otto> 2) We had a very productive midcycle meetup at HPE in Sunnyvale last week. I will be putting together a summary of the outcomes there to share with the team.
16:11:06 <adrian_otto> the largest of which has to do with our decision to handle COE specific code in drivers.
16:11:32 <adrian_otto> so we will be planning some refactoring work to make that possible.
16:11:38 <adrian_otto> That concludes our prepared announcements. Are there announcements from team members today?
16:12:12 <adrian_otto> ok, let's continue
16:12:18 <adrian_otto> #topic Review Action Items
16:12:28 <adrian_otto> 1) hongbin create a BP for creating an installation guide
16:12:58 <hongbin> #link https://blueprints.launchpad.net/magnum/+spec/magnum-installation-guide
16:12:58 <adrian_otto> hongbin, do we have a link to this we can share?
16:13:01 <adrian_otto> thanks!!
16:13:08 <adrian_otto> Status: COMPLETE
16:13:30 <adrian_otto> #topic Blueprint Review
16:13:40 <adrian_otto> Essential Blueprint Review
16:14:32 <Kennan> hi adrian_otto
16:14:40 <Kennan> there is another review item
16:14:41 <adrian_otto> #link https://blueprints.launchpad.net/magnum/+spec/magnum-troubleshooting-guide (Tango)
16:15:04 <Tango> We have 2 patches under review
16:15:08 <adrian_otto> #link https://blueprints.launchpad.net/magnum/+spec/user-guide (Tango)
16:15:19 <adrian_otto> I noticed further progress on those BPs
16:15:38 <Kennan> https://review.openstack.org/#/c/275034/
16:16:12 <Tango> we still have 11 sections that  needs to start from scratch with no author assigned for the troubleshooting guide
16:16:26 <adrian_otto> Kennan: I'd be happy to address that one in just a moment.
16:16:35 <Tango> For the user guide, I am writing the section on image management
16:16:50 <Tango> will be coordinating with the new COE driver refactoring
16:17:24 <Tango> I am using the discussion from the midcycle to write about image
16:18:07 <Tango> For the user guide, there are 6 sections that need to start from scratch with no author assigned
16:18:22 <Tango> 8 sections are done, have existing doc, author assigned, or in progress
16:18:54 <Tango> So overall, we are about half way on both the user guide and troubleshooting guide
16:19:18 <Tango> That's all I have
16:19:42 <adrian_otto> ok, what's the best way to get contributors to adopt each of the remaining sections?
16:19:56 <adrian_otto> perhaps pull them into an etherpad during today's meeting?
16:20:02 <Tango> The BP's have a list of section as TODO
16:20:18 <Tango> Anyone can pick up any section
16:20:27 <Tango> just put your name on the TODO
16:21:03 <dimtruck> Tango: so just a PR with your name there or in the blueprint?
16:21:07 <dimtruck> ugh, never mind
16:21:13 <adrian_otto> ok, so that's at https://blueprints.launchpad.net/magnum/+spec/user-guide and https://blueprints.launchpad.net/magnum/+spec/magnum-troubleshooting-guide
16:21:15 <dimtruck> you just said "BP's have a list..."
16:21:26 <adrian_otto> it would be great if we could each find one to help with
16:21:40 <Tango> At the bottom of the BP, there is a list of work items, some of them are in TODO state
16:22:02 <dimtruck> Tango: yup, sorry about that.  understood
16:22:42 <Tango> So if you know about a topic, please feel free to pick it up
16:23:55 <adrian_otto> Blueprints, Bugs, Specs, and other work items to be discussed as a team
16:24:04 <adrian_otto> back the Kennan
16:24:10 <adrian_otto> … (getting the link)
16:24:26 <adrian_otto> #link https://review.openstack.org/#/c/275034/
16:24:59 <adrian_otto> so this one one I placed a -2 vote on a while back because it disabled selinux
16:25:27 <Kennan> hi adrian_otto: I have added comments for you concern. In short
16:25:57 <adrian_otto> ok, I'm happy to revisit this because there are new patchsets.
16:26:03 <Kennan> volume driver is optional fearure, 1) we add todo to track that in upstream (docker) side in issue
16:26:18 <Kennan> 2) if user not enable such volume driver
16:26:23 <Kennan> selinux is still enabled
16:26:31 <Kennan> so not impact any components
16:26:41 <Kennan> docker is still working on that
16:26:47 <adrian_otto> can't we implemnet the storage driver in a way that allows selinux to remain enabled?
16:26:55 <Kennan> and we are working with them
16:27:17 <coreyob> I generally don't like the idea of having insecure features in magnum. I think we shoudl wait until it works securely before implementing it
16:27:30 <Kennan> right now, volume driver plugin can not work because of docker issue
16:27:45 <Kennan> it is not means magnum like to be insecure
16:27:54 <Kennan> but as experimental feature
16:27:58 <coreyob> but disabling selinux makes magnum less secure
16:28:01 <Kennan> it is OK for such volume dirver
16:28:07 <adrian_otto> you are telling me that docker has a feature that requires selinux to be disabled in order to use it?
16:28:09 <Kennan> no coreyob:
16:28:24 <Kennan> let me give you link
16:28:37 <adrian_otto> I doubt it. I think this is rather a matter that requires a new selinux policy to be created
16:28:47 <Kennan> https://github.com/docker/docker/issues/18005
16:28:56 <Kennan> it is known issue
16:29:42 <coreyob> specifically with the rexray driver right?
16:29:51 <Kennan> coreyob, experimental feature not means perfect. as we are working with docker, but it not means becasue docker issue, we can not experimental volume feature in swarm
16:29:54 <coreyob> so can we implement the feature in magnum with something other than rexray?
16:29:57 <Kennan> no coreyob
16:30:20 <coreyob> right, I'm advocating that we don't have experimental features in magnum that reduce the overall security of the system
16:30:42 <coreyob> i like adrian_otto's idea of having a custom selinux policy that allows rexray to function without compromising the rest of the bay (if that is possible)
16:30:48 <Kennan> coreyob: I did not think right now it is all production ready for magnum
16:31:05 <coreyob> we're trying really hard to make magnum production ready
16:31:43 <Kennan> yes coreyob: as we know, even docker itself can be say secure, like user namespace just enabled in 1.10.0
16:31:52 <Kennan> so all is progress
16:32:02 <adrian_otto> ok, I'm willing to review the individual docker bug, but if there is a fundamental security problem in a docker feature, it needs to be solved there.
16:32:16 <Kennan> yes adrian_otto
16:32:24 <Kennan> we are pushing docker
16:32:25 <adrian_otto> I'm not comfortable poking a huge security hole in Magnum to add a buggy feature.
16:32:44 <adrian_otto> I hear your argument that the feature is optional.
16:33:04 <adrian_otto> but I'm not fully persuaded
16:33:08 <Kennan> adrian_otto: I understood that. you know, if user not like to use volume feaure management in COE
16:33:19 <adrian_otto> my preference is to wait until this is settled upstream
16:33:19 <Kennan> he not need to use volume_driver
16:33:22 <adrian_otto> then integrate it.
16:33:42 <Kennan> so volume_driver is optional feature.
16:33:50 <adrian_otto> or to come up with another workaround that allows selinux to remain enabled
16:34:22 <Kennan> right now, because docker side issue, seems volume plugin can not work if enable selinux
16:34:41 <hongbin> Kennan: the issue is on Atomic only or not?
16:34:52 <hongbin> Kennan: If not, you could use the CoreOS template
16:34:54 <Kennan> I tried on Atomic, it exist
16:34:58 <Kennan> not sure other OS
16:35:19 <hongbin> Kennan: maybe you can try CoreOS
16:35:30 <Tango> Maybe we can do some more investigation
16:35:47 <hongbin> Kennan: you can merge the feature back to Atomic later
16:36:10 <Kennan> sure hongbin: but that would means a new work on that templates. Anyway, I will work with docker upstream and at same time check coreos
16:36:23 <Kennan> seems coreos have just raw implemented
16:36:29 <Kennan> TLS seems not ready
16:36:42 <Kennan> so still it is not secure :0
16:37:03 <hongbin> It will be soon. The TLS patch is up for review
16:37:50 <hongbin> Kennan: Alternatively, you could try the feature in other COE first
16:37:55 <Kennan> ok hongbin: two ways for me 1) still track upstream docker 2) check coreos
16:38:47 <hongbin> Kennan: sure
16:38:48 <Kennan> I will push related docker commmunity to solve that general issue
16:39:22 <adrian_otto> Kennan, as soon as we can add the feature in Magnum without disabling selinux, I will be happy to remove my -2 vote.
16:39:50 <Kennan> adrian_otto: I will track that. aslo I learnt Atomic 23 is working in progress
16:39:59 <Kennan> I need to check if that new images ok for that
16:40:18 <Kennan> seems that work in still in review
16:40:58 <coreyob> yeah i keep running into gate issues so I haven't been able to get it though
16:42:53 <adrian_otto> hongbin: I saw your email yesterday about the recent Heat commit you called out
16:43:10 <adrian_otto> was there any confirmation that Hat was the source of the gate trouble, or was that ruled out?
16:43:31 <hongbin> adrian_otto: Yes, they seems to confirm that, and proposed a revert
16:43:56 <hongbin> adrian_otto: Unfortunely, the reverted patch is not merged yet, since the Heat gate is also broken
16:44:46 <Kennan> hongbin: ceilometer working on that, so heat would soon ready for ceilometer issue
16:44:58 <adrian_otto> what's wrong with the Heat gate?
16:45:11 <adrian_otto> is it related to the same issue, or something different?
16:45:15 <coreyob> different
16:45:58 <hongbin> #link https://review.openstack.org/#/c/283297/
16:47:26 <coreyob> we may run into #link https://bugs.launchpad.net/ceilometer/+bug/1548634 after heat is working too
16:47:26 <openstack> Launchpad bug 1548634 in Aodh ""openstack role add" command failure in devstack installation" [Undecided,In progress] - Assigned to Liusheng (liusheng)
16:48:01 <Kennan> coreyob: ceilometer had work-around for that.
16:48:50 <coreyob> yep
16:49:43 <suro-patz> as part of the open discussion - my sincere request to the team to draw conclusion for  https://review.openstack.org/#/c/275003/ , https://review.openstack.org/#/c/267134/
16:49:50 <adrian_otto> ok, any other work items for team discussion before we proceed to open discussion?
16:49:54 <suro-patz> adrian_otto: ^^
16:49:57 <adrian_otto> thanks suro-patz
16:50:33 <strigazi> there is the bp I'm working on
16:50:47 <strigazi> https://blueprints.launchpad.net/magnum/+spec/support-for-different-docker-storage-driver
16:51:30 <strigazi> It says that we must have: 1) A user seeking this, and 2) A developer willing to add it
16:51:44 <vilobhmm11> adrain_otto : regarding the quota work ; would be great if i can get some help from the team just for next month or so
16:52:31 <vilobhmm11> https://review.openstack.org/#/c/259201/10
16:52:57 <vilobhmm11> i was planning to submit the controller logic changes so need help specifically there
16:53:13 <vilobhmm11> adrian_otto : ^^
16:53:14 <adrian_otto> ok, suro-patz we can vote on those spec patches to allow that to move forward
16:53:29 <suro-patz> thanks adrian_otto
16:54:29 <suro-patz> adrian_otto: additionally I will register a BP/spec for the asynchronous mode of operation for bay updates
16:55:25 <adrian_otto> vilobhmm11: thanks for the callout on that. To be clear you have some downstream work you will be focused on for a month, so you are seeking team assistance to continue your upstream work in the mean time.
16:55:39 <adrian_otto> #topic Open Dicsuccion
16:55:41 <vilobhmm11> adrian_otto : thats correct
16:55:49 <vilobhmm11> and thats only for a month or so
16:55:58 <adrian_otto> #topic Open Discussion
16:56:09 <adrian_otto> vilobhmm11: understood
16:57:10 <vilobhmm11> adrian_otto: thanks!
16:57:17 <adrian_otto> if anyone is interested in working on quotas, please let vilobhmm11 or me know. Otherwise, I can ask around and see what's possible.
16:57:53 <strigazi> adrian_otto: is it ok to proceed with the bp that I mentioned?
16:58:53 <adrian_otto> strigazi: you are welcome to pick up any approved blueprint. We have some really critical work that came from the midcycle that I'd like you to consider as well.
16:59:37 <strigazi> adrian_otto: ok
16:59:45 <adrian_otto> I'll get my write-up done to convey the decisions, and how those impact our next steps, and where we will need to focus attention to succeed with them.
17:00:04 <adrian_otto> Our next team meeting is 2016-03-01 at 1600 UTC.
17:00:19 <adrian_otto> thanks everyone for attending today. I look forward to seeing you next week.
17:00:20 <juggler> thanks for presiding, and thanks all
17:00:22 <adrian_otto> #endmeeting