#heat log

14:00:28 <ricolin> #startmeeting heat
14:00:29 <openstack> Meeting started Wed Mar 28 14:00:28 2018 UTC and is due to finish in 60 minutes.  The chair is ricolin. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:32 <openstack> The meeting name has been set to 'heat'
14:00:34 <ricolin> #topic roll call
14:01:20 <ramishra> hi
14:01:24 <kazsh> o/
14:01:24 <kiennt26> hi o/
14:01:28 <ricolin> o/
14:01:48 <zaneb> o/
14:02:08 <ricolin> kiennt26, we got the rolling upgrade tag now
14:02:29 <kiennt26> ricolin: yeah, hurray!
14:02:31 <kiennt26> cheers
14:02:47 <ricolin> #topic adding items to agenda
14:02:49 <strigazi> o/
14:02:53 <ricolin> #link https://wiki.openstack.org/wiki/Meetings/HeatAgenda#Agenda_.282018-03-28_1400_UTC.29
14:03:01 <ricolin> strigazi, hi
14:04:14 <ricolin> #topic trustor user gone issue
14:04:17 <ricolin> strigazi, ^^^
14:04:21 <ruven> hi all
14:04:34 <ricolin> here is the bug
14:04:36 <ricolin> #link https://bugs.launchpad.net/heat/+bug/1752347
14:04:37 <openstack> Launchpad bug 1752347 in OpenStack Heat "trustor user should be updated on stack update" [Medium,In progress] - Assigned to Rico Lin (rico-lin)
14:05:01 <strigazi> ricolin: I would like some help to start working on it
14:05:14 <strigazi> not sure where I can start
14:05:15 <ruven> i would like to ask something that related to heat dashboard
14:05:29 <ruven> is it the right place and right time?
14:05:45 <ricolin> ruven, we're in meeting now maybe you can add it to agenda and we go to it later?
14:05:58 <ricolin> #link https://wiki.openstack.org/wiki/Meetings/HeatAgenda
14:06:09 <strigazi> ricolin: if you take it, I can help in testing
14:06:46 <ricolin> strigazi, so I try to put a patch for that
14:06:47 <ricolin> #link https://review.openstack.org/#/c/557337/
14:07:50 <ricolin> it getting complicate when it works with reauthentication_auth_method
14:08:32 <strigazi> ricolin: I'll have a look. It is not in working state now, right?
14:08:53 <ricolin> for cases without reauthentication_auth_method it works
14:09:06 <ricolin> current one not work with reauthentication_auth_method
14:09:19 <strigazi> when  reauthentication_auth_method is used?
14:10:38 <ricolin> it's used when we add that flag to config, it will allow load credential directly from DB
14:11:29 <ramishra> strigazi: that's an option to use trusts for long running tasks where the keystone token is expected to expire
14:12:23 <strigazi> ramishra: eg when using the heat agent?
14:12:48 <strigazi> ramishra: and want to update a stack after let's say a week or two?
14:13:35 <zaneb> strigazi: no, for when it takes like 5 hours to deploy a stack
14:13:57 <ricolin> #link https://docs.openstack.org/heat/pike/admin/auth-model.html#authorization-model-configuration
14:14:00 <ricolin> ^^^
14:14:01 <ricolin> strigazi,
14:14:53 <ramishra> strigazi: anything where heat/other services need to re-authenticate with keystone, nothing to do with agents
14:15:53 <ricolin> the issue I'm seeing is when reauthenticate is on, we use stored context, but it's not authorize to use keystone client  when we try to use keystone to operate trust
14:16:12 <ramishra> ricolin: I've not looked at the patch yet, but not sure why it should be an issue though to geneate a new trust_id for update
14:16:37 <ricolin> trust can't create trust
14:16:57 <ricolin> or I'm missing something
14:17:03 <ramishra> ricolin: we should use the new user's credentials to create a new trust and reset it
14:17:03 <zaneb> that's true
14:17:24 <zaneb> but we don't do that for reauthentication now, so I don't see the difference
14:18:04 <ramishra> the truster changes and the trustee remains the same
14:18:12 <ricolin> ramishra, yeah, so we have to figure out a proper way to use two different context(one that stored and the one that provided by user)
14:19:29 <ramishra> anyway, I suppose  we can further discuss that in the review or the bug
14:20:16 <ricolin> ramishra, sure, anyway I just start working on that today, so needs more though about the design
14:20:18 <strigazi> thanks guys, me and slunkad will test it through magnum
14:20:45 <ricolin> strigazi, so I assume magnum don't use reauthentication_auth_method right?
14:21:05 <strigazi> ricolin: no
14:21:06 <ricolin> s/don't/didn't/
14:22:04 <ricolin> btw I change that bug to medium because it seems affect to user
14:22:22 <strigazi> ricolin: wait, is it on by default?
14:22:33 <ricolin> strigazi, off
14:22:53 <strigazi> ok
14:22:57 <ricolin> disable by default
14:24:39 <ricolin> if no more specific topic we can move to open discussion
14:25:30 <ricolin> #topic Open discussion
14:25:54 <ricolin> Anything needs to raise?:)
14:27:21 <ricolin> my Etcd patch is nearly done(still need time to add unit tests)
14:27:35 <ricolin> will push it soon
14:28:20 <ricolin> Since we still needs more work to adopt tooz, my current patch use etcd3gw directly
14:28:40 <strigazi> ricolin: what is it for? is there a bug/bp for it?
14:29:05 <ricolin> strigazi, oh for heat stack lock
14:29:31 <ricolin> https://etherpad.openstack.org/p/heat-rocky-ptg-syncpoint-dlm-backend
14:29:37 <ricolin> #link https://etherpad.openstack.org/p/heat-rocky-ptg-syncpoint-dlm-backend
14:29:49 <strigazi> ricolin: thx
14:29:53 <kazsh> ricolin: for Blazar support patch, now asking Blazar team to review again.  After getting their +1, will ask Heat cores to review it again.
14:30:13 <kazsh> https://review.openstack.org/#/c/534576/
14:30:16 <ricolin> kazsh, cool!
14:30:22 <ricolin> #link https://review.openstack.org/#/c/534576/
14:30:34 <kazsh> yep :) that's one
14:31:16 <ricolin> Anyway that's all from me, rest stuff still WIP
14:31:32 <ricolin> Any others?:)
14:32:39 <ricolin> oops, just drop the line for a while
14:33:10 <ricolin> so let's end this?:)
14:33:19 <kazsh> :)
14:33:51 <ricolin> #endmeeting