12:02:47 <david-lyle> #startmeeting Horizon 12:02:47 <openstack> Meeting started Wed Mar 18 12:02:47 2015 UTC and is due to finish in 60 minutes. The chair is david-lyle. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:02:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:02:51 <openstack> The meeting name has been set to 'horizon' 12:02:56 <david-lyle> Hello everyone 12:02:59 <rdopiera> hi 12:03:03 <robcresswell> Morning 12:03:06 <mrunge> good morning o/ 12:03:20 <wchrisj> Morning all 12:03:24 <doug-fish> greetings 12:03:38 <amotoki> hi 12:04:20 <krykowski> o/ 12:04:31 <Daisy_> Hi, daisy is here for kilo translation. 12:04:43 <sambetts> o/ 12:04:50 <david-lyle> Tomorrow is the deadline for k-3 and we have several blueprints in need of some reviews 12:05:17 <david-lyle> #link https://launchpad.net/horizon/+milestone/kilo-3 12:05:55 <david-lyle> on the plus side the bulk of the new launch instance merged and is in bug fix mode 12:06:20 <david-lyle> it is not enabled by default yet, until the bugs are addressed. 12:06:32 <david-lyle> but feel free to try it out and report more bugs 12:06:38 <robcresswell> Are we still aiming to make it the default for release? 12:06:43 <mrunge> hooray! good job! 12:07:03 <david-lyle> before the RC we'll se if we're comfortable making the switch 12:07:29 <robcresswell> Awesome 12:08:10 <david-lyle> I'd like to see several of the bugs fixed first, but trying to make a change that large perfect all at once was an impossible task 12:09:08 <david-lyle> some blueprints of note that could use reviews: https://blueprints.launchpad.net/horizon/+spec/data-processing-rework-ui 12:09:30 <david-lyle> that code has been up for most of kilo and suffered from a lack of reviews 12:09:55 <david-lyle> there are two guided walkthroughs of the major workflows of Sahara 12:10:29 <david-lyle> it's a vast improvement from figure it out for yourself which was where we were with Juno 12:11:29 <david-lyle> it strays from the standard horizon widgets, but accomplishes its goal 12:12:34 <david-lyle> I think django-1.7 support is a must have and will move that to RC-1 if not merged by tomorrow 12:12:51 <david-lyle> are there others people feel need consideration for RC-1 12:13:07 <david-lyle> assuming the list doesn't magically merge in the next 24 hours 12:13:09 <david-lyle> ? 12:14:14 <david-lyle> another BP of not and late comer, but highly requested is #link https://blueprints.launchpad.net/horizon/+spec/horizon-themes 12:14:27 <david-lyle> This was demoed at the last summit 12:14:52 <david-lyle> and at this point mainly relies on use of the variables.scss 12:15:30 <david-lyle> and styles.scss 12:15:47 <david-lyle> minimally invasive, I do need to test it out 12:16:02 <david-lyle> but operators have long asked for better skinning 12:16:20 <mrunge> yes, sure 12:16:20 <david-lyle> this demonstrates how to do that in bootstrap 12:16:35 <david-lyle> we can improve upon it later 12:16:49 <mattfarina> this will be a nice start to theming 12:17:10 <david-lyle> Once I try it out, if it works as advertised I may move it to a High 12:17:30 <david-lyle> anything not High isn't really eligible for a FFE 12:17:59 <david-lyle> To revisit the timelines 12:18:13 <david-lyle> Feature Freeze will happen tomorrow 12:18:21 <david-lyle> we'll tag the repo with k-3 12:19:05 <david-lyle> at that point only bug fixes and any BPs with a FFE (Feature Freeze Exception) should be merged onto master 12:20:03 <david-lyle> RC-1 will likely be 2 weeks from there. 12:20:38 <david-lyle> once RC-1 is cut, it will be on a branch and trunk will be open for liberty 12:20:58 <david-lyle> at RC-1 we will also have our final string freeze 12:21:32 <mrunge> good to know 12:21:35 <david-lyle> at which point Daisy_ (thanks for joining) will help drive getting our strings translated for RC-2 12:21:59 <david-lyle> which hopefully will be only to pull in translations before release 12:22:27 <david-lyle> if we do find other release critical bugs, we may roll them into RC-2 as well 12:22:55 <david-lyle> Does that work for you Daisy_? I believe you have already talked to amotoki about the timeline 12:23:25 <Daisy_> Yes, I did talk with amotoki 12:23:51 <david-lyle> does RC-1 work for you on the string freeze 12:23:59 <Daisy_> When is RC2, probably? 12:24:14 <david-lyle> 2-3 weeks after RC-1 12:24:19 <Daisy_> You mean, string freeze after RC-1? 12:24:20 <david-lyle> will look for date 12:24:35 <Daisy_> I will ask team to work on Horizon translation tomorrow. 12:24:38 <david-lyle> at RC-1, or a week before it 12:24:41 <amotoki> In our past releases, RC2 was before 1-1.5 weeks before the release. 12:24:50 <Daisy_> I won't wait for string freeze, I think. 12:25:26 <wchrisj> david-lyle: Are dev docs related changes subject to the same freeze timelines as code? 12:25:26 <david-lyle> ok, we shouldn't have too much churn, but we always have a little after milestone 3 12:25:29 <amotoki> Daisy_: we don't need to wait for string freeze :-) After Kilo-3, not so many strings will be changed as you know. 12:25:41 <Daisy_> amotoki: I agree. 12:26:11 <Daisy_> amotoki: we start the translation from tomorrow, and we keep on translating, till RC2, 1-1.5 weeks before the release. 12:26:24 <david-lyle> looks like RC-1 should april 9 -16 and RC-2 will be by April 30 12:26:41 <Daisy_> amotoki: the translations in RC1 will auto imported. and the translations in RC2 will be imported manually, as we did before ? 12:27:12 <david-lyle> April 30 is release day, so a few days before april 30 12:27:15 <amotoki> Daisy_: yes, if the process is not changed in kilo. 12:27:59 <david-lyle> wchrisj: if it's a bug fix it can land before RC-1 12:28:05 <Daisy_> Thanks for the date. Translators might need 1 month to translate. 12:28:47 <david-lyle> Daisy_: thank you, please let me know if you need anything from me 12:29:06 <Daisy_> david-lyle: Thank you. I will work closely with amotoki. 12:29:25 <david-lyle> thank you both 12:30:01 <david-lyle> #topic Open Discussion 12:30:15 <david-lyle> oh, I forgot one topic 12:30:27 <david-lyle> #topic Keystone auth plugins 12:31:14 <david-lyle> There are several semi-related features in keystone that need to slightly change how authentication is done 12:31:56 <david-lyle> jamielennox sent an email to the ML a couple days ago and I've been talking to him on IRC 12:32:35 <mattfarina> david-lyle are you trying to get that in for kilo? 12:32:48 <david-lyle> #link http://lists.openstack.org/pipermail/openstack-dev/2015-March/059139.html 12:33:19 <david-lyle> he's unable to attend the meeting so I said I would bring it up for him to raise awareness and solicit feedback 12:33:58 <david-lyle> Things that people are working on, WebSSO, which is a BP approved in Horizon for Kilo 12:34:10 <tqtran> along similar lines, how important is the websso stuff? we're really close to getting it in 12:34:36 <david-lyle> but does not follow any sort of proper plugin and is going to create swiss cheese in the code, especially if that format is duplicated 12:35:09 <david-lyle> there's K2K federation work (doug-fish) that will change things a bit more 12:35:30 <doug-fish> yeah - I'm not sure k2k benefits as much from what Jamie has proposed 12:35:42 <david-lyle> and there's other plugins desired for say kerberos (jamielennox) 12:36:30 <david-lyle> Our main problem is that D-O-A is built to work with keystone credential based auth and not much else 12:36:43 <david-lyle> and makes a lot of assumptions that you are using credentials 12:37:00 <mattfarina> david-lyle is this the kind of thing that should be external to horizon but horizon has a good plug-in mechanism to support it? 12:37:24 <david-lyle> I would like a cleaner way to do auth plugins in d-o-a 12:37:34 <doug-fish> david-lyle: do you mean it doa is tied to id/pw? because I think there will always be some kind of credentials 12:38:11 <david-lyle> doug-fish: we'll still want to support credentials, but that's just one way keystone now supports to auth 12:38:35 <doug-fish> got it 12:38:40 <david-lyle> tqtran: I think websso is a high priority, but I'm not sure it's ready yet 12:38:58 <david-lyle> we have 3 options as I see it 12:39:23 <amotoki> d-o-a has three interfaces: to hoirzon, to users (view), to keystone or other auth mechanisms. from horizon point of view, the interface to horizon is not chnaged so much (or no change). 12:40:00 <david-lyle> 1) roll in websso and take on some technical debt in Liberty to fix how it ties in 12:40:30 <david-lyle> 2) establish a proper plugin mechanism before merging any other auth types 12:41:14 <david-lyle> 3) restructure/rewrite D-O-A to make more sense 12:41:45 <tqtran> I'm ok with going with option #2 first 12:42:00 <mrunge> option 2 makes sense to me 12:42:19 <david-lyle> 2 and 3 may not be mutually exclusive ;) 12:42:27 <doug-fish> yeah 2+3 is what I was thinking 12:42:29 <tqtran> I think it might be a bit rushed anyhow, websso just barely made kilo. and reviews for it came in rather late. 12:43:41 <david-lyle> we can also discuss how much sense a separate auth package for horizon makes 12:43:56 <doug-fish> david-lyle: can you expand on that? 12:44:02 <david-lyle> but that's a summit discussion I think 12:44:29 <david-lyle> doug-fish: history lesson time 12:44:31 <david-lyle> :) 12:44:35 <doug-fish> :-) 12:44:36 <mattfarina> ooooo 12:45:07 <david-lyle> D-O-A used to be part of horizon, it was rolled out to be an extensible django based auth tool for openstack 12:45:19 <david-lyle> keystone was just one possible backend 12:45:23 * tqtran settles in. Getting the smore ready. 12:45:38 <david-lyle> hence in backend, KeystoneBackend 12:46:26 <david-lyle> since then we've made changes that make the library very tightly coupled to Horizon and Keystone 12:46:59 <david-lyle> so not reusable by anyone other than someone rewriting Horizon in django and auth'ing to keystone 12:47:12 <david-lyle> I'm thinking that's a very small set of projects 12:48:03 <doug-fish> david-lyle: I thought at one time some groups didn't use keystone for the backend - was that ever part of the motivation for DOA? so they could plug in their own auth? 12:48:03 <david-lyle> In the future, I think a lot of what is set up in DOA for the session will be stored on the client side and not in the session 12:48:55 <david-lyle> doug-fish: It probably was 12:49:27 <david-lyle> I used DOA with the keystone backend for a custom IdP 12:49:43 <david-lyle> because so much structure from keystone is expected in Horizon 12:50:10 <doug-fish> yeah, Horizon is really tied to keystone 12:50:38 <david-lyle> any way, massive restructuring is a conversation for another time and gets really complicated 12:51:05 <david-lyle> it could also be potentially disruptive to deployers 12:51:21 <doug-fish> you think they would miss DOA? 12:51:26 <david-lyle> but allowing for auth plugins to D-O-A makes sense 12:51:54 <david-lyle> doug-fish: if they've built a solution that has a customized doa 12:52:16 <doug-fish> BTW, I think the plugin we want is bigger than a keystone auth plugin, but smaller than a django auth backend 12:52:50 <david-lyle> doug-fish: trying to imagine how far apart your hands are 12:52:55 <doug-fish> we need to coordinate a scoped/unscoped keystone auth plugin, its method for getting projects, and messages/ui presentation at the very least 12:53:07 <doug-fish> :-) 12:53:31 <tqtran> could you elaborate on what exactly in session setup by doa will be stored client side? 12:53:51 <mrunge> doug-fish, david-lyle I'm curently counting 37 public forks on github for doa 12:54:00 <doug-fish> :-O 12:54:02 <doug-fish> wow 12:54:29 <david-lyle> tqtran: eventually I would say catalog, authorized project list, role assignments 12:54:41 <mrunge> for reference: https://github.com/openstack/django_openstack_auth/network 12:54:53 <doug-fish> tqtran: maybe tokens too? 12:55:59 <david-lyle> doug-fish: yeah 12:56:00 <doug-fish> david-lyle: while we are thinking about changing DOA .... do you see any future for domain scoped tokens? 12:56:12 <david-lyle> doug-fish: yes and no 12:56:14 <doug-fish> you seemed a bit down on that earlier this week 12:56:31 <david-lyle> only short term 12:57:04 <david-lyle> I think a set of patches that allow using domain scoped tokens is the best path at this point 12:57:28 <david-lyle> not necessarily merging them 12:57:39 <doug-fish> interesting ... 12:57:45 <david-lyle> keystone's direction is changing 12:58:10 <david-lyle> and I see hierarchical projects actually being supported outside of keystone and horizon 12:58:15 <david-lyle> where domains never will be 12:58:26 <doug-fish> yeah - that seemed like a major limitation to me 12:58:30 <david-lyle> 2 years in, no support 12:58:42 * david-lyle check watch 12:58:45 <doug-fish> though heirarchical projects don't get supported for free in the other services do they? 12:58:48 <david-lyle> time of death 6:58 12:58:52 <doug-fish> :-) 12:58:54 <mattfarina> doug-fish they don't 12:58:57 <david-lyle> doug-fish: no 12:59:25 <david-lyle> they need quotas calculation changes at a minimum 12:59:56 * david-lyle sees to many s's not sure which one should go 13:00:07 <david-lyle> *quota 13:00:24 <tqtran> *quotas calculations changes 13:00:31 <david-lyle> +! 13:00:31 <mattfarina> and sharing of resources cross-sub-project (like glance images) 13:00:34 <david-lyle> +1 13:01:05 <mrunge> let's drop quota and make it an external service 13:01:36 <david-lyle> yeah, that's going to be interesting code 13:01:51 <mrunge> just an api call away :D 13:01:54 <mattfarina> at least the api should be easy to consume :) 13:01:55 <david-lyle> alright times up, any parting thoughts? 13:02:03 <david-lyle> questions 13:02:39 <david-lyle> just to close on DOA, I think we should get a plugin model established 13:02:56 <mrunge> +1 david-lyle 13:03:01 <doug-fish> yeah - would be good to have something well underway before the summit 13:03:13 <david-lyle> doug-fish: agreed 13:03:30 <david-lyle> tqtran: ok with that? 13:03:38 <tqtran> yep 13:03:58 * david-lyle easily strays off topic 13:04:15 <david-lyle> alright, thanks everyone 13:04:22 <mrunge> thanks david-lyle 13:04:28 <david-lyle> some reviews of the items in k-3 would be very helpful 13:04:38 <david-lyle> have a great week 13:04:42 <david-lyle> #endmeeting