21:02:51 <ttx> #startmeeting crossproject 21:02:52 <stevebaker> \o 21:02:52 <david-lyle> o/ 21:02:52 <openstack> Meeting started Tue Jun 16 21:02:51 2015 UTC and is due to finish in 60 minutes. The chair is ttx. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:02:52 <pshige> o/ 21:02:53 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 21:02:56 <openstack> The meeting name has been set to 'crossproject' 21:02:56 <ttx> Today's agenda: 21:03:00 <ttx> #link http://wiki.openstack.org/Meetings/CrossProjectMeeting 21:03:06 <bknudson> hi 21:03:10 <etoews> o/ 21:03:10 <morganfainberg> stevemar: ^^ 21:03:12 <ttx> #topic Horizontal teams announcements 21:03:14 <johnthetubaguy> o/ 21:03:16 <nikhil_k> o/ 21:03:21 <ttx> On the release management front, liberty-1 is next week 21:03:22 <dhellmann> o/ 21:03:33 <ttx> #info for projects we manage that are using development milestones, we expect the PTL (or release liaison) to show up next Tuesday to sync with us during office hours 21:03:40 <ttx> 0800-1000 UTC or 1800-2000 UTC in #openstack-relmgt-office 21:03:51 <ttx> That will let us double-check implemented blueprints and discuss when to tag 21:03:58 <ttx> Questions on that ? 21:04:10 <dims> o/ 21:04:26 <redrobot> o/ 21:04:30 <j^2> nope 21:04:30 <sdague> #info QA: grenade external plugins open for business in the big tent - http://lists.openstack.org/pipermail/openstack-dev/2015-June/066583.html 21:04:58 <sdague> I brought that up previously in this meeting, just wanted to make sure teams saw the information was out there in how to get started 21:05:49 <SlickNik> sdague: very cool — thanks for the info. 21:05:57 * jroll arrives a bit late 21:06:04 <boris-42> ttx: hi=) 21:06:18 <sdague> if there are any questions, no is good, or put on the list 21:06:23 <sdague> </end> 21:06:25 <SlickNik> I know at least a couple of people on trove who were previously working on a grenade job — will pass the info along to make sure they see it. 21:06:34 <sdague> s/no/now/ 21:06:45 <dims> #info Oslo: Request from Oslo team for Liberty Cycle - http://lists.openstack.org/pipermail/openstack-dev/2015-June/067131.html 21:07:11 <dims> A handful of items for projects who use oslo, please take a look 21:08:24 <ttx> Other horizontal teams announcements ? 21:08:24 * dims not sure if this was vertical or horizontal :) 21:08:31 <ttx> It is HORIZONTAL 21:08:38 <dims> :) 21:08:48 <Rockyg> o/ 21:08:50 <johnthetubaguy> dims: thats a good tick list, appreciated! 21:08:52 <ttx> I think I may merge the two sections for clarity :) 21:09:05 <fungi> dims: oslo is a diagonal effort 21:09:35 <dims> haha 21:09:37 <fungi> (i have no idea what that means, but it sounds cool) 21:09:42 <ttx> Rockyg: is that a "I have announcement" or "I'm here" sort of o/ ? 21:09:44 <edleafe> o/ 21:09:47 <dims> thanks johnthetubaguy 21:09:59 <SlickNik> dims: ++ will follow up. 21:10:05 <dims> thanks SlickNik 21:10:08 * edleafe is just saying hi 21:10:13 * Rockyg is lurking but here for in support of API standards 21:10:23 <ttx> #topic Server versioning changes (dhellmann) 21:10:28 <ttx> #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/067006.html 21:10:33 <ttx> dhellmann: ohai 21:10:49 <dhellmann> here! 21:10:57 <dhellmann> As we have discussed a couple of times, we’re switching the server projects to semver versioning. 21:11:01 <dhellmann> #link http://lists.openstack.org/pipermail/openstack-dev/2015-May/065211.html 21:11:05 <dhellmann> #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/thread.html#65278 21:11:13 <dhellmann> I have submitted patches to all of the projects managed by the release team: 21:11:15 <dhellmann> #link https://review.openstack.org/#/q/topic:semver-releases,n,z 21:11:16 <dhellmann> If you agree with the numbering scheme, we need those to land before the L-1 milestone next week. 21:11:17 <dhellmann> They’re failing right now because the versions go backwards. I’ll be pushing alpha tags to correct that tomorrow. 21:11:34 <dhellmann> Does anyone have questions about the versions proposed, or anything else related to this change? 21:11:53 <bknudson> what is a non-backwards compat change (requires major version bump) for server projects? The interface to keystone is, for example, keystone-manage. 21:12:01 <bknudson> The REST API has its own versioning (V2.0, V3) 21:12:10 <dhellmann> yeah, some of that is still up for discussions 21:12:31 <dhellmann> some proposals have been when migrations are squashed, meaning that upgrades have to pass through that version 21:12:40 <lifeless> bknudson: indeed; I'd argue any of: removing something from the API; changing the contract of the CLI, including adding new required config options or removing config options 21:12:44 <dhellmann> also we've discussed tagging a new major version each cycle, just because 21:13:12 <lifeless> bknudson: or more broadly 'if users or deployers need to care, then its incompatible and we should signal that' 21:13:20 <SpamapS> config file changes would be backward compatability concerned 21:13:26 <ttx> note that for projects under the development-milestone regime, they will just use X.0.0 like they used YYYY.Z.0 21:13:40 <johnthetubaguy> dhellmann: upgrade is the big one for me with my Nova hat on, we have lots of compat code for live-upgrades we want to keep dropping each release 21:13:43 <ttx> they would not switch to semver 21:14:05 <ttx> that is more for projects that would do intermediary releases 21:14:06 <dhellmann> johnthetubaguy: yes, right 21:14:09 <notmyname> we bumped the major version in swift when we made a major change that would cause data unavaialbility if you downgraded 21:14:13 <johnthetubaguy> dhellmann: but we have a few months to answer that question, luckly 21:14:21 <dhellmann> notmyname: another good one 21:15:09 <ttx> dhellmann: anything else on that topic ? 21:15:14 <dhellmann> so we'll figure those things out when the time comes, and I'll keep notes from all of these ideas 21:15:18 <dhellmann> nope, that's it unless there are more questions 21:15:32 <fungi> one item which has come up is that we've got recent-ish security advisories mentioning upcoming scheduled releases explicitly. we'll need errata to correct all those if the renumbering implementation is not delated to after the next scheduled releases 21:15:47 <fungi> s/delated/delayed/ 21:16:09 <fungi> mainly wanting to confirm how soon this is planned for the api server projects so that we can plan accordingly 21:16:10 <ttx> fungi: our plan is to have those in place to tag X.0.0b1 instead of 2015.2.0b1 at liberty-1 21:16:46 <fungi> okay, so we're not changing tag sequence on any existing stable branches 21:16:53 <ttx> not at all 21:16:54 <dhellmann> no, this is just for liberty and forward 21:17:10 <fungi> that covers my concerns. thanks! 21:17:13 <ttx> kilo would likely still generate 2015.1.Z 21:17:27 <lifeless> has to 21:17:31 <ttx> doing otherwise would be even more confusing 21:17:43 <fungi> yep, that makes sense. thanks 21:17:43 <dims> ++ 21:17:47 <ttx> alright, moving on then 21:17:50 <dhellmann> oh, I did also post about this to the operators list 21:17:50 <ttx> #topic Clarification on the return code when a server has a hard coded length limit 21:17:52 <dhellmann> #link http://lists.openstack.org/pipermail/openstack-operators/2015-June/007390.html 21:17:57 <ttx> oops 21:18:04 <ttx> The API working group has one new guidelines that is entering the freeze period: 21:18:07 <dhellmann> sorry about that 21:18:08 <ttx> #link https://review.openstack.org/#/c/181784/ 21:18:19 <ttx> They would like PTLs/CPLs, and other interested parties, to take a look at these reviews. 21:18:27 <ttx> They will use lazy consensus at the end of the freeze to merge them if there are no objections. 21:18:38 * nikhil_k giving one review 21:18:43 <ttx> We can use a bit of time in this meeting to discuss it, if you have comments 21:18:51 <ttx> etoews: you there ? 21:18:52 <etoews> i'm all ears 21:19:33 <nikhil_k> shouldnt it be 413? 21:20:34 <morganfainberg> nikhil_k: that is if the request entity is too large, not the response 21:20:37 <bknudson> might want to differentiate from 413 Request Entity Too Large and 414 Request-URI Too Long 21:21:16 <ttx> morganfainberg: ++ 21:21:18 <morganfainberg> nikhil_k: the advisory for the WG proposal is saying if the response is too large - you're getting a400 back, not a request or uri too long 21:21:21 <krotscheck> Hrm. And 416 is bytes only. 21:21:24 <morganfainberg> krotscheck: yep 21:21:35 <morganfainberg> krotscheck: only on a range request 21:21:50 <morganfainberg> this is either a 500 (bad idea) or a 400 (more correct) 21:21:59 <ttx> right 400 is fine 21:22:01 <krotscheck> morganfainberg: Well, it's technically a range request, it's just not a range of bytes #semantics 21:22:05 <krotscheck> indeed 21:22:21 <nikhil_k> spec says: If API limits the length of collection type property, the return code 49 should be **400 Bad Request** when request exceeding limited length. 21:22:22 <jroll> wait, where are we seeing this is about range requests 21:22:23 <SlickNik> Doesn't this imply that the request is too large: "If API limits the length of collection type property, the return code 21:22:23 <SlickNik> should be **400 Bad Request** when the request exceeds the length limit." 21:22:25 <lifeless> there's very little benefit in some of these fine-grained codes 21:22:29 <jroll> looks to me like... what nikhil_k said. 21:22:44 <bknudson> just wondering - do we only care about the response code and not about any extra info that should be returned? 21:23:04 <bknudson> so we return 400 but seems like there should also be some info that allows the client to recover 21:23:08 <jroll> (ignore me, I'm misreading things) 21:23:14 <bknudson> they don't know which field was too long otherwise 21:23:31 <bknudson> or maybe you don't want to tell them for security reasons 21:23:45 <etoews> bknudson: this guideline only covers the status code 21:23:54 <lifeless> all HTTP errors are mean to come witha body that describes in as much detail as the server wants to 21:24:06 <etoews> there's another guideline for errors 21:24:09 <lifeless> the status code is purely for programmatic flow control on the client 21:24:16 <morganfainberg> bknudson: i want to say we need to address that second part independenty of the status code. what hsould the extra data returned be? it could be combined or be separate 21:24:17 <lifeless> this is an error 21:24:19 <Rockyg> lifeless: ++ 21:24:22 <lifeless> its not a 500 21:24:27 <etoews> i should say the error format in a response body 21:24:39 <johnthetubaguy> 400 is less confusing than overloading some special value wrongly, which seemed to be the general idea we are heading towards, with more details in the body of the response 21:24:42 <morganfainberg> so, we've specified the status code, now we need to handle the other data (lifeless ++) 21:24:51 <lifeless> right; my point is just that 413 and 414 won't help a client go 'oh too many tags' 21:24:55 <johnthetubaguy> 500 = server error, so lets rule that out, its a client based error 21:24:58 <etoews> johnthetubaguy: ++ 21:24:59 <SlickNik> johnthetubaguy: I agree ++ 21:25:01 <lifeless> and so 400 is entirely appropriate 21:25:01 <johnthetubaguy> lifeless: +1 21:25:47 <ttx> Anyway, feels like you can comment (or +1) on the review 21:25:56 <lifeless> So this API guideline tweak is entirely correct AFAICT. It might not go far enough, but as etoews says there are guidelines already for the body in this case. 21:25:59 <bknudson> this is talking about the # of elements in a collection? 21:26:01 <etoews> for reference, here's the guideline of errors #link https://review.openstack.org/#/c/167793/ 21:26:04 <bknudson> and not the length of a string or something? 21:26:16 <etoews> s/of/for/ 21:26:26 <lifeless> bknudson: correct; https://review.openstack.org/#/c/181784/8/guidelines/tags.rst - expand the upper context 21:26:36 <lifeless> the specific context here is a PUT 21:26:42 <lifeless> I think the prose could be clearer 21:26:52 <lifeless> but its reasonably sane if you read more context 21:26:54 <bknudson> I assume you also don't want a tag that's 50 MB ? 21:27:11 <lifeless> that might trigger a 413 :) 21:27:55 <ttx> alright, I think we are back to where we started, so now is as good as any time to move on 21:28:07 <nikhil_k> :) 21:28:08 <notmyname> I was reading that one wrong 21:28:09 <ttx> go on the review and comment if you find anything 21:28:26 <ttx> #topic Library release ACL changes 21:28:34 <ttx> #link https://review.openstack.org/189856 21:28:40 <ttx> dhellmann: you again 21:29:19 <morganfainberg> ttx: should that include KeystoneAuth once that is a thing? 21:29:28 <morganfainberg> dhellmann: ^ cc 21:29:35 <ttx> morganfainberg: likely 21:29:40 <dhellmann> We have a patch up to change the tagging permissions for projects that look like libraries: 21:29:40 <dhellmann> #link https://review.openstack.org/189856 21:29:40 <dhellmann> I will be submitting another for the projects managed by the release team but not part of the old “integrated release”. 21:29:40 <dhellmann> And then I plan to encourage the -infra team to prioritize those reviews so we can make the cut-over. 21:29:40 <dhellmann> There is also a spec up discussing automation for reviews for tags. 21:29:41 <dhellmann> #link https://review.openstack.org/191193 21:29:42 <dhellmann> Please take a few minutes to read through that and comment. 21:29:49 <morganfainberg> ttx: sounds good, will put that on the backburner for as soon as we're ready for a 1.0 21:30:04 <dhellmann> morganfainberg: yeah, we can add that 21:30:24 <morganfainberg> dhellmann: yeah nothing to do yet, we're not ready for it to roll under tighter release mngmnt 21:30:33 <morganfainberg> dhellmann: but i'll keep it in mind 21:31:20 <dhellmann> morganfainberg: ok, there are a couple of steps, including marking it release:managed in governance and updating the ACLs file 21:31:26 <ttx> also for reference and rationale: 21:31:27 <ttx> #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/066346.html 21:31:47 <morganfainberg> dhellmann: i'll also run our rational by you agian when we're ready on how the project works (a little different than some of the other libs) 21:31:53 <morganfainberg> dhellmann: but this can all be delayed. 21:31:54 <dhellmann> morganfainberg: sounds good 21:32:04 <morganfainberg> dhellmann: i want to move middleware under this model for sure sooner vs later though 21:32:08 <morganfainberg> dhellmann: keystonemiddleware* 21:32:22 <morganfainberg> dhellmann: i can ping you to get that added here / what else we need to do offline though 21:32:34 <dhellmann> morganfainberg: let's chat tomorrow 21:32:39 <morganfainberg> dhellmann: sounds good 21:32:58 <anteaya> dhellmann: I'm fine on all the oslo libs moving over to library-release, as I assume dims and you talk regularly 21:32:58 <ttx> other comments on that ? 21:33:14 <dhellmann> anteaya: dims is on the release team, too, so he'll be handling those releases 21:33:14 <anteaya> dhellmann: how can I see that all the other projects agree to this change? 21:33:19 <anteaya> great 21:33:24 <dhellmann> anteaya: this is their chance to disagree :-) 21:33:28 <anteaya> so +1 on all oslo projects 21:33:33 * anteaya listens 21:34:06 <ttx> fwiw nobody objected on the ML thread nor on the review so far. 21:34:17 <dhellmann> anteaya: but we're doing this for all projects managed by the release team, and those project teams have all agreed to that already, so it shouldn't be too big of an issue for anyone 21:34:19 <johnthetubaguy> dhellmann: I commented on that review to say I am good with this for python-novaclient 21:34:26 <dhellmann> johnthetubaguy: nice, thank you 21:34:52 <johnthetubaguy> a team owning the constancy checks sounds good to me, helps us to not screw up 21:34:53 <ttx> also easy to fix if some PTL ends up disagreeing next week 21:35:02 <anteaya> johnthetubaguy: thanks 21:35:07 <anteaya> dhellmann: okey dokey 21:35:12 * anteaya +2's the patch 21:35:15 <fungi> yep, acls are far from being etched in stone 21:35:33 <ttx> ok, I guess we can move on 21:35:38 <ttx> #topic Vertical teams announcements 21:35:39 <dhellmann> also keep in mind that as we get more of this automated, it'll feel a bit more natural 21:35:42 <fungi> just as long as we can point confused people at the announcement, i'm good 21:35:44 <notmyname> #info Swift has slightly changed its core team structure. There is now a separate swiftclient-core in addition to swift-core - http://lists.openstack.org/pipermail/openstack-dev/2015-June/066982.html 21:35:47 <dhellmann> fungi: ++ 21:35:59 <dhellmann> SlickNik: you had something to bring up, didn't you? 21:36:21 <SlickNik> dhellmann: yes 21:36:24 <SlickNik> I just wanted to follow up on one of the recent email threads on the mailing list that affects Trove in specific, and possibly other OpenStack services. 21:36:26 <ttx> notmyname: any time window for the next swift release ? 21:36:34 <ttx> (yet ?) 21:36:35 <SlickNik> Referring to http://lists.openstack.org/pipermail/openstack-dev/2015-June/065731.html (Protected openstack resources) 21:36:57 <SlickNik> I think dhellmann and some others made some good points about deploying instances into a special tenant, and isolating them -- which seems to make sense to me, and we're going with this approach with Trove for now. 21:37:04 <notmyname> ttx: I wish it would have happened already. there's one patch that needs to get in. I'll let you/dhellmann know as soon as I know something 21:37:14 <ttx> notmyname: sounds good 21:37:19 <SlickNik> However, even with this approach there were a few concerns that some of us had and so wanted to bring them up to see what other folks thought of them (not sure if some of these are unfounded): 21:37:38 <ttx> dhellmann: if we come up with tag automation we could actually apply it to intermediary-released projects like swift too 21:37:53 <SlickNik> 1. Deploying into a different tenant prevents sharing of resources across tenants -- for instance if I need to share a keypair, or security group with my instance I need to duplicate it in the other tenant. (Neutron) Ports are a common resource here that come to mind, but neutron has a way of attaching ports defined in one tenant to instances in another (admin / advanced-service role). 21:38:02 <dhellmann> ttx: yes, I plan to rename release_library.sh to release_project.sh or something similar 21:38:08 <ttx> that would streamline the release communication (currently a mix of IRC pings/emails) 21:38:26 <dhellmann> ttx: yep, one step at a time :-) 21:39:02 <dhellmann> SlickNik: is this a situation where being explicit about what is shared/visible could be considered a feature, though? 21:39:22 <dhellmann> "I have 5 keys, but only 1 should be used for trove, so I only need to install that one in the second tenant" 21:40:25 <SlickNik> dhellmann: We've got the use case for sec-groups in Trove, and the approach we're planning to take is similar — i.e. have an API to install that particular sec-group rule in Trove. 21:40:29 <johnthetubaguy> I keep wondering about hierarchical tenants and things, but it feels overcomplicated 21:40:43 <SlickNik> johnthetubaguy: Agree, me too. 21:40:57 <johnthetubaguy> so we have done this already, in a way, with swift and glance and how nova uses glance to store images 21:40:59 <SlickNik> Don't have a clearcut solution yet. 21:41:02 <fungi> part of the concern is to be able to consistently mitigate situations like bug 1445295 21:41:03 <openstack> bug 1445295 in Trove "Guestagent config leaks rabbit password" [Undecided,New] https://launchpad.net/bugs/1445295 - Assigned to Amrith (amrith) 21:41:32 <stevebaker> SlickNik: I still wonder if switching to multi-tenant messaging would be less effort 21:41:59 <fungi> trove has "secrets" in its instance boot images. if those are in a customer-controlled tenant, then the tenant has access to download that image and get at the gooey goodness therein 21:42:17 <morganfainberg> fungi: that is frightening 21:42:27 <johnthetubaguy> fungi: yeah, they can't have access to this 21:42:32 <stevebaker> locking all this down would be whack-a-mole 21:42:34 <fungi> and i'm sure we have plenty of similar situations with other service platforms which rely on nova instances 21:42:41 <SlickNik> stevebaker: unfortunatly switching to multi-tenant messaging for the guest still wouldn't solve this issue — you'd still have to deploy in a special trove tenant. 21:42:47 <johnthetubaguy> nikhil_k: the glance and swift idea where you need both a service token and a user token to access something, how is that going? 21:42:58 <johnthetubaguy> fungi: +1 21:43:22 <notmyname> johnthetubaguy: done on the swift side 21:43:40 <notmyname> johnthetubaguy: was in the kilo release 21:43:43 <nikhil_k> johnthetubaguy: the work has some proof of concept impl 21:43:44 <dhellmann> fungi: yeah, we solved it in akanda by having no secrets in the service vm and restricting access to the agent with a private network. Apparently that won't work for all of trove's use cases. 21:43:57 <nikhil_k> demonstrated during the previous mid-cycle 21:43:57 <johnthetubaguy> notmyname: ah, OK, so how does that model work, would it work here for trove? 21:44:49 <notmyname> johnthetubaguy: not sure I understand the question. the model is simply "you need 2 tokens and they must both be valid (client and service tokens)" 21:45:08 <SlickNik> dhellmann: I think we're gravitating towards at akanda like solution at the moment — although I would love to know more about the swift / glance dual token implementation. 21:45:26 <dhellmann> SlickNik: yes, it sounds like there might be another option to consider 21:45:27 <johnthetubaguy> notmyname: I was meaning what tenant has the resource? given the tokens are different teants I guess? 21:45:29 <nikhil_k> SlickNik: let's sync offline on that 21:45:42 <SlickNik> notmyname / nikhil_k: Will chat with you guys offline about that. 21:45:54 <SlickNik> nikhil_k: Sounds good, thanks! 21:45:59 <johnthetubaguy> so nova has a lock instance method 21:46:17 <johnthetubaguy> I am thinking a service could create a VM in some "locked" state with a dual token system 21:46:26 <notmyname> johnthetubaguy: http://docs.openstack.org/developer/swift/overview_backing_store.html 21:46:58 <SlickNik> notmyname: thanks for the link 21:47:02 <johnthetubaguy> I guess the main thing I worry about is, what is wrong with just having all the VMs live in another tenant, to make sure we do fix the limitations with that model in anything else that gets planned 21:47:51 <SlickNik> johnthetubaguy: Yes so a couple of other concerns that came up with having a special tenant were around rate-limits for it, and scale. 21:48:03 <fungi> the other supporting use case which seems reasonable is that it's convenient for billing/quota purposes to have them technically count toward the customer's tenant 21:48:22 <SlickNik> fungi: yes that too. 21:48:43 <ttx> SlickNik: have enough to follow-up off-meeting ? 21:48:46 <SlickNik> So, I think I have some good direction here — don't want to rat hole on this too much. 21:48:52 <SlickNik> ttx: yes 21:48:53 <ttx> cool 21:48:55 <ttx> hogepodge: I think you had something to mention ? 21:49:01 <hogepodge> Yes, 21:49:13 <johnthetubaguy> SlickNik: I did comment on that in the spec I think, lets follow up later, I am half asleep right now I am afraid 21:49:17 <hogepodge> I've been working on Defcore and Interoperability. 21:49:34 <dhellmann> fungi: billing and quota can be handled if the app creating the instance has some other object that can be counted and that corresponds to the instance(s) 21:49:34 <ttx> and doing some awesome work at it 21:49:46 <hogepodge> We've run into Glance API version issues with testing. 21:49:49 <johnthetubaguy> dhellmann: I think thats the gist of my comment in the spec 21:49:55 <fungi> dhellmann: agreed, but that does mean additional complication on the billing side 21:50:02 <hogepodge> A lot of the issues are captured in this review 21:50:05 <hogepodge> #link https://review.openstack.org/#/c/189867/ 21:50:12 * nikhil_k clicks 21:50:23 <dhellmann> fungi: it's more complicated, but it's also explicit that you're charging for or applying a quota to a special thing, so we found it to pay off at dreamhost 21:50:30 <ttx> hogepodge: mostly around nova not support glance v2, right ? 21:50:37 <hogepodge> V1 is more widely deployed in testing (particularly with Nova) and the client. 21:50:42 <hogepodge> Yes. 21:51:01 <ttx> johnthetubaguy: where are we standing on this ? Glance v2 support in Nova ? 21:51:05 <johnthetubaguy> OK, so nova only has a image API thats glance v1 compatible right? 21:51:22 <johnthetubaguy> ttx: I think jaypipes has offered to add support for glance v2 21:51:22 <fungi> dhellmann: though i think the "locked" instances idea also can be used to interpret the specialness and report it distinctly to the customer as such 21:51:23 <hogepodge> johnthetubaguy: that's correct. There's an open blueprint that was too late for Kilo 21:51:26 <nikhil_k> v2 support in Nova, coming up in L1 21:51:30 <nikhil_k> hope to get more reviews 21:51:31 <hogepodge> But is supposed to be worked on in Liberty 21:51:43 <hogepodge> #link https://blueprints.launchpad.net/nova/+spec/use-glance-v2-api 21:51:44 <dhellmann> fungi: that could be true 21:51:50 <ttx> nikhil says L1, which means one week 21:51:51 <nikhil_k> johnthetubaguy: flwang is working on it atm 21:52:08 <hogepodge> nikhil_k: excellent 21:52:11 <johnthetubaguy> nikhil_k: OK, we need to get that approved for liberty, its not approved right now, and the deadline is next week sometime 21:52:15 <nikhil_k> ttx: I just meant code sorry. The functionality may not be merged that soon 21:52:18 <thingee> johnthetubaguy: we'll need to talk about nova defaulting v2 cinder as well. v2 support already exists. 21:52:28 <ttx> nikhil_k: ah 21:52:32 <hogepodge> nikhil_k: flwang: Is there anything I can help out with? 21:52:35 <johnthetubaguy> nikhil_k: I think jaypipes said he would drive that, I should follow up with him 21:52:37 <nikhil_k> johnthetubaguy: gotcha, on my list of TODOS now 21:52:47 <johnthetubaguy> hogepodge: so I am still confused about the interop question and nova 21:52:54 <nikhil_k> hogepodge: I will add you to the email loop going for us all working on it 21:53:14 <johnthetubaguy> we have an image v1 compatible APi we have zero planns of adding an image v2 API in nova 21:53:21 <nikhil_k> johnthetubaguy: sounds good. me too then, review helps would be much appreciated! 21:53:27 <johnthetubaguy> what the issue with the tests here? 21:53:34 <hogepodge> johnthetubaguy: we're using Tempest to drive interoperability testing. Right now we don't test image apis because there are vendors who object to v1 being required in the Tempest tests. 21:53:51 <hogepodge> johnthetubaguy: which is a side effect of Nova only supporting v1 21:54:11 <johnthetubaguy> hogepodge: erm, not sure I get the implication there 21:54:22 * nikhil_k wants to clarify that email is only to track blokers for people already assigned and not for some secret communication 21:54:32 <fungi> some vendors implement only the glance v2 api customer-facing 21:54:49 <fungi> by doing things like setting the v1 api rate limit to an impossibly low value like 0 21:55:02 <johnthetubaguy> fungi: agreed, due to the security issues in glance v1, if you expose glance v1 directly 21:55:11 <fungi> yet tempest tests using v1 because that's what nova needs 21:55:34 <johnthetubaguy> nova only needs that intnernally exposed 21:55:45 <fungi> and then there are other vendors who have not implemented glance v2 support yet 21:55:47 <ttx> shouldn't tempest tests use v2 when testing glance external APIs ? 21:55:59 <nikhil_k> they should 21:56:10 <hogepodge> ttx glance isn't a required component of defcore 21:56:12 <nikhil_k> but glance v1 is exposed in some cases 21:56:18 <hogepodge> ttx: so we use the nova proxy 21:56:26 <ttx> hmm, ok 21:56:53 * ttx has trouble context-switching at midnight 21:56:55 <hogepodge> ttx: we could consider image as a required component. keystone was out until just a couple of months ago 21:57:19 <hogepodge> I can add this to the topics for next week if we want more time. 21:57:26 <johnthetubaguy> hogepodge: so the other issue is the tests require the upload of an image, which is another issue I guess? 21:57:31 <johnthetubaguy> hogepodge: can we do this async 21:57:38 <ttx> I think it's a complex discussion and yes, more time can't hurt 21:57:40 <johnthetubaguy> hogepodge: I can't think straight this late 21:57:46 <hogepodge> johnthetubaguy: that's an important capability imo 21:57:59 <ttx> hogepodge: maybe engage with John during the week 21:58:13 <johnthetubaguy> so I support nova supporting glance v2, as we had planned for kilo 21:58:19 <hogepodge> defcore meeting tomorrow too if anyone wants to participate. 21:58:21 <ttx> and we can put it back on agenda next week 21:58:29 <johnthetubaguy> the bigger issue is working out how to support some of the glance v1 APIs that don't work in glance v2 21:58:29 <hogepodge> johnthetubaguy: +1 to that 21:58:40 <johnthetubaguy> as nova has to have a glance v1 API exposed 21:58:40 <fungi> ahh, yep i guess that was the meat of the problem is that defcore (via tempest) was expecting the nova image subcommands to work, which they presumably won't without glance v2 support in nova 21:58:42 <johnthetubaguy> long story 21:58:52 <hogepodge> fungi: +1 yes 21:59:09 <johnthetubaguy> fungi: the nova image API should always work, otherwise you can't download an images in nova 21:59:13 <fungi> at least in providers who have actually disabled glance v1 21:59:43 <fungi> so sounds like it's more nuanced in that case 21:59:53 <johnthetubaguy> fungi: so if glance v1 is disabled, I don't think you can launch an VM, although its possible thats hypervisor dependent, I can't remember right now 22:00:05 <fungi> got it. anyway, out of time 22:00:13 <ttx> #topic Open discussion 22:00:19 <ttx> last word ? 22:00:43 <ttx> "fnord" 22:00:43 <ttx> #endmeeting