14:00:28 <ricolin> #startmeeting heat 14:00:29 <openstack> Meeting started Wed Mar 28 14:00:28 2018 UTC and is due to finish in 60 minutes. The chair is ricolin. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:32 <openstack> The meeting name has been set to 'heat' 14:00:34 <ricolin> #topic roll call 14:01:20 <ramishra> hi 14:01:24 <kazsh> o/ 14:01:24 <kiennt26> hi o/ 14:01:28 <ricolin> o/ 14:01:48 <zaneb> o/ 14:02:08 <ricolin> kiennt26, we got the rolling upgrade tag now 14:02:29 <kiennt26> ricolin: yeah, hurray! 14:02:31 <kiennt26> cheers 14:02:47 <ricolin> #topic adding items to agenda 14:02:49 <strigazi> o/ 14:02:53 <ricolin> #link https://wiki.openstack.org/wiki/Meetings/HeatAgenda#Agenda_.282018-03-28_1400_UTC.29 14:03:01 <ricolin> strigazi, hi 14:04:14 <ricolin> #topic trustor user gone issue 14:04:17 <ricolin> strigazi, ^^^ 14:04:21 <ruven> hi all 14:04:34 <ricolin> here is the bug 14:04:36 <ricolin> #link https://bugs.launchpad.net/heat/+bug/1752347 14:04:37 <openstack> Launchpad bug 1752347 in OpenStack Heat "trustor user should be updated on stack update" [Medium,In progress] - Assigned to Rico Lin (rico-lin) 14:05:01 <strigazi> ricolin: I would like some help to start working on it 14:05:14 <strigazi> not sure where I can start 14:05:15 <ruven> i would like to ask something that related to heat dashboard 14:05:29 <ruven> is it the right place and right time? 14:05:45 <ricolin> ruven, we're in meeting now maybe you can add it to agenda and we go to it later? 14:05:58 <ricolin> #link https://wiki.openstack.org/wiki/Meetings/HeatAgenda 14:06:09 <strigazi> ricolin: if you take it, I can help in testing 14:06:46 <ricolin> strigazi, so I try to put a patch for that 14:06:47 <ricolin> #link https://review.openstack.org/#/c/557337/ 14:07:50 <ricolin> it getting complicate when it works with reauthentication_auth_method 14:08:32 <strigazi> ricolin: I'll have a look. It is not in working state now, right? 14:08:53 <ricolin> for cases without reauthentication_auth_method it works 14:09:06 <ricolin> current one not work with reauthentication_auth_method 14:09:19 <strigazi> when reauthentication_auth_method is used? 14:10:38 <ricolin> it's used when we add that flag to config, it will allow load credential directly from DB 14:11:29 <ramishra> strigazi: that's an option to use trusts for long running tasks where the keystone token is expected to expire 14:12:23 <strigazi> ramishra: eg when using the heat agent? 14:12:48 <strigazi> ramishra: and want to update a stack after let's say a week or two? 14:13:35 <zaneb> strigazi: no, for when it takes like 5 hours to deploy a stack 14:13:57 <ricolin> #link https://docs.openstack.org/heat/pike/admin/auth-model.html#authorization-model-configuration 14:14:00 <ricolin> ^^^ 14:14:01 <ricolin> strigazi, 14:14:53 <ramishra> strigazi: anything where heat/other services need to re-authenticate with keystone, nothing to do with agents 14:15:53 <ricolin> the issue I'm seeing is when reauthenticate is on, we use stored context, but it's not authorize to use keystone client when we try to use keystone to operate trust 14:16:12 <ramishra> ricolin: I've not looked at the patch yet, but not sure why it should be an issue though to geneate a new trust_id for update 14:16:37 <ricolin> trust can't create trust 14:16:57 <ricolin> or I'm missing something 14:17:03 <ramishra> ricolin: we should use the new user's credentials to create a new trust and reset it 14:17:03 <zaneb> that's true 14:17:24 <zaneb> but we don't do that for reauthentication now, so I don't see the difference 14:18:04 <ramishra> the truster changes and the trustee remains the same 14:18:12 <ricolin> ramishra, yeah, so we have to figure out a proper way to use two different context(one that stored and the one that provided by user) 14:19:29 <ramishra> anyway, I suppose we can further discuss that in the review or the bug 14:20:16 <ricolin> ramishra, sure, anyway I just start working on that today, so needs more though about the design 14:20:18 <strigazi> thanks guys, me and slunkad will test it through magnum 14:20:45 <ricolin> strigazi, so I assume magnum don't use reauthentication_auth_method right? 14:21:05 <strigazi> ricolin: no 14:21:06 <ricolin> s/don't/didn't/ 14:22:04 <ricolin> btw I change that bug to medium because it seems affect to user 14:22:22 <strigazi> ricolin: wait, is it on by default? 14:22:33 <ricolin> strigazi, off 14:22:53 <strigazi> ok 14:22:57 <ricolin> disable by default 14:24:39 <ricolin> if no more specific topic we can move to open discussion 14:25:30 <ricolin> #topic Open discussion 14:25:54 <ricolin> Anything needs to raise?:) 14:27:21 <ricolin> my Etcd patch is nearly done(still need time to add unit tests) 14:27:35 <ricolin> will push it soon 14:28:20 <ricolin> Since we still needs more work to adopt tooz, my current patch use etcd3gw directly 14:28:40 <strigazi> ricolin: what is it for? is there a bug/bp for it? 14:29:05 <ricolin> strigazi, oh for heat stack lock 14:29:31 <ricolin> https://etherpad.openstack.org/p/heat-rocky-ptg-syncpoint-dlm-backend 14:29:37 <ricolin> #link https://etherpad.openstack.org/p/heat-rocky-ptg-syncpoint-dlm-backend 14:29:49 <strigazi> ricolin: thx 14:29:53 <kazsh> ricolin: for Blazar support patch, now asking Blazar team to review again. After getting their +1, will ask Heat cores to review it again. 14:30:13 <kazsh> https://review.openstack.org/#/c/534576/ 14:30:16 <ricolin> kazsh, cool! 14:30:22 <ricolin> #link https://review.openstack.org/#/c/534576/ 14:30:34 <kazsh> yep :) that's one 14:31:16 <ricolin> Anyway that's all from me, rest stuff still WIP 14:31:32 <ricolin> Any others?:) 14:32:39 <ricolin> oops, just drop the line for a while 14:33:10 <ricolin> so let's end this?:) 14:33:19 <kazsh> :) 14:33:51 <ricolin> #endmeeting