12:00:38 #startmeeting horizondrivers 12:00:38 Meeting started Wed Sep 23 12:00:38 2015 UTC and is due to finish in 60 minutes. The chair is david-lyle. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:00:39 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:00:41 The meeting name has been set to 'horizondrivers' 12:00:55 anyone around ? 12:01:08 hi 12:02:17 o/ 12:03:20 o/ 12:03:56 that feels like the usual suspects 12:04:55 for reference, the agenda is: https://wiki.openstack.org/wiki/Meetings/HorizonDrivers#Agenda_for_September_23_1200_UTC 12:05:01 Just want to start by thanking everyone for their attention to the FFEs and bugs for Liberty RC-1 12:05:27 mrunge: You forgot the link! tut tut 12:05:39 all the FFEs are merged or bumped and just a handful of bugs left 12:05:39 I did? where robcresswell 12:05:51 with the agenda, the meetingbot command :) 12:06:00 #link https://wiki.openstack.org/wiki/Meetings/HorizonDrivers#Agenda_for_September_23_1200_UTC 12:06:02 robcresswell, gotyou 12:06:28 #action mrunge to remember linking correctly 12:06:35 ;-) 12:06:36 #topic https://blueprints.launchpad.net/horizon/+spec/horizon-glance-large-image-upload 12:07:38 tsufiev: how does this related to the tasks API? 12:07:49 so it was first hold off due to Travis' words, but then it became clear that he meant a different BP, authored by Janet Yu 12:08:24 david-lyle, AFAIK, it is not related 12:08:43 tsufiev, I like that, it addresses a long standing issue 12:09:01 but: you need to take care of keystone tokens 12:09:19 mrunge, yes, that's where I currently stopped 12:09:27 i.e. take care for the fact, that keystone tokens might time out during upload 12:09:34 ah... 12:09:36 https://wiki.openstack.org/wiki/Glance-tasks-import 12:09:50 #link https://wiki.openstack.org/wiki/Glance-tasks-import 12:10:04 not to get to far into the details, but how would the keystone timeout be addressed? 12:10:18 david-lyle, thanks for the link, looks like some new API. I targeted the old one 12:10:22 will read through 12:10:32 doug-fish, I have no idea. this is an issue for cli, too 12:10:37 oh 12:10:43 invention required 12:10:52 tsufiev: the bps are from 2013 12:10:56 doug-fish, keystone trusts? 12:11:13 david-lyle, hm... Anyways, will read through :) 12:11:17 tsufiev: not sure - I don't know enough about that to say 12:11:20 uploading a 20 gigs windows image over a dsl line takes maybe longer than keystone tokens live 12:11:33 I believe this allows you to tell glance the source and not have to relay the data 12:11:46 david-lyle, exactly 12:11:49 new to me too 12:12:05 it seems glance craetes a task resource under a project, so we don't need to take care of token expiration. 12:12:06 but might save you some work 12:12:17 I think that taking care of token timeout should be done at Glance side 12:12:19 "cleverly written JS code" - sounds fantastic 12:12:42 robcresswell, don't say that to Angular team ;) 12:13:17 tsufiev: Agreed on timeout, it is a client issue too, so should not be a concern of ours (but needs to be noted, as it may be a blocker) 12:13:52 if the tasks API won't work you'll have to work on reissuing tokens 12:14:42 david-lyle, I'll elaborate this issue 12:15:45 I'd like to hold on this bp and let tsufiev look into glance tasks, the proposal to be CORS and clientside based seems fairly restrictive at this point 12:16:07 david-lyle, sure, makes sense 12:16:45 #info moved https://blueprints.launchpad.net/horizon/+spec/horizon-glance-large-image-upload to discussion 12:17:08 #topic https://blueprints.launchpad.net/horizon/+spec/horizon-large-ldap-users-browsing 12:17:15 so the next one is also mine 12:18:17 there are some things blocking us at Keystone side, but first I'd like to evaluate how sane does the proposed workflow look to you at Horizon side 12:18:51 it looks very reasonable to me 12:19:13 Keystone limitations for LDAP force us to restrict the amount of table contents by filtering query (no query = no content) 12:19:42 IMO having an unfiltered list with thousands of users seems very close to useless 12:20:00 yeah, that's an exact thing we've been talking internally 12:20:14 doug-fish, esp. since AD gives you all kinds of errors with more than 500(?) users in resultset 12:20:16 in horizon it is 12:20:23 perhaps that pattern should be generalized for other Horizon tables? 12:20:34 I wanted to index it for Searchlight 12:20:46 oh, pop corn! 12:20:49 also I wanted to understand how well this workflow aligns with tables angularization 12:20:58 tsufiev: Out of curiosity, what is the default display, an empty table? 12:20:59 and get much faster queries 12:21:21 david-lyle, there was a concern that nobody is going to allow SearchLight to index LDAP users due to security implications, corporate policies etc 12:21:22 tsufiev, I think it's a bit unexpected, if you don't get results, if no filter selected 12:21:33 yes, tsufiev exactly 12:21:43 Yeah, you won't get much angular input at this meeting time unfortunately 12:21:47 robcresswell, perhaps a table with a message 'Provide a query'? 12:21:50 tsufiev: think is I may be able to indirectly 12:21:57 david-lyle: would searchlight indexing (if you could do it) mean you'd want to show all of the users in an initial table? 12:22:00 tsufiev: Seems sane to me. 12:22:24 pumping users from one database to another just to enable searching is braindead 12:22:47 mrunge: not if you care about performance 12:22:51 tsufiev: I suppose you'd need some call to see what number you're dealing with, then alter behaviour; if you had 100 users, you may as well just show them all 12:23:13 david-lyle, I agree, it's faster. but why don't you upload users then directly to memcached? 12:23:13 doug-fish: I don't see a reason to list them all no 12:23:20 robcresswell, yes, makes sense. I'll add this notion to the bp 12:23:48 maybe the same idea applies of there are more than 100 objects in any table 12:23:56 mrunge, 'One of the hardest programming problems is cache invalidation' :) 12:24:10 tsufiev, sure. applies to searchlight, too 12:24:42 mrunge: definitely applies to searchlight, and ldap doesn't post events to the bus on update 12:25:04 OTOH the list of users is probably reasonably static 12:25:28 well let's ignore searchlight 12:25:34 so, the main issue is, ldap doesn't provide the required api we'd need 12:25:47 I'm just stating why I wanted the exhaustive list 12:25:53 do I understand correctly that a) the proposed workflow seems reasonable to most of us here b) need to ask Angular folks how well is it aligned with table angularization 12:26:14 tsufiev: yes 12:26:41 okay, then I'm going to start the next round of convincing Keystone community which seems to be hardest battle ever 12:26:43 :/ 12:26:43 and that should work with the magicsearch implementation going into the angularized user's table 12:27:06 tsufiev: what are the needs from keystone? 12:27:09 david-lyle, filtering + limit number of pages? 12:27:10 tsufiev: with you proposal, what do you have to convince them of? 12:27:12 it doesn't support filters? 12:28:18 david-lyle, doug-fish: I need to convince them that pagination for LDAP could be supported solely at Keystone side, by taking the whole chunk of users from LDAP and throwing away the ones not needed according to API request parameters 12:28:42 tsufiev, how does that work with AD backend? 12:28:50 I mean, it doesn't 12:28:59 given that we limit the size of this chunk thanks to filters, the overhead should be smaller than it was seen before 12:29:03 and I'm a bit worried with performance 12:29:50 tsufiev: I thought your proposal was: don't show data unless filtered, if too much data, show initial results and instruct to filter more 12:29:51 tsufiev, it looks like you're trying to solve an unsolvable problem 12:30:09 david-lyle, yes, exactly 12:30:18 mrunge: isn't AD pretty much the same as LDAP? your question confuses me 12:30:21 mrunge, it's the only kind of problems that's worth solving 12:30:21 that should work as is 12:30:44 doug-fish, AD returns smaller result sets, like 100 users at max 12:30:56 where ldap gives you 1000 (?) 12:31:18 david-lyle, if too much data, either show initial results, or show no results at all - still have to decide 12:31:18 oh I see 12:31:32 I mean, 100, 1000, that's just numbers 12:31:36 the final choice is affected both by UX considerations and Keystone/LDAP limitations 12:32:19 Maybe it's wise to get UX team input on this? (which would obviously take time) 12:32:25 mrunge, I'm starting to understand Keystone folks' reluctance to give it (cause LDAP implementations are quite different) 12:32:25 tsufiev: What does keystone currently do if your query is too general? Return initial 500, or just return 0? 12:33:15 robcresswell, I'd vote for first option, but we may make this configurable 12:33:32 doug-fish, yes, I'll ask Piet about that 12:33:50 tsufiev: No I mean, what is the *current* behaviour 12:34:05 I'm getting confused over how keystone currently handles requests of this nmature 12:34:08 nature* 12:34:47 I think we target current keystone ldap behavior, whatever it is. question is if that differs from a DB backed keystone 12:34:54 and if we change behavior then 12:34:55 robcresswell, it just handles all the results to Horizon, and if there are too many Horizon is choked 12:35:08 tsufiev: I see 12:35:57 david-lyle, there is no pagination capabilities in Keystone v3 and that's a problem needed to be solved first 12:35:58 no upper limit on the number of results returned from keystone? 12:36:12 (since most likely we're going to use v3) 12:36:55 tsufiev: I know no pagination in v3, my question is if ldap returns first 500 and error like the DB request would 12:37:19 if your API result limit is 500 12:38:58 david-lyle, we're currently investigating its behavior on scale 12:39:42 as an operator perspective, we cannot handle more than 100 users without filtering (e.g. project, role, last updated date, e-mail address or and so on). user name is less helpful unless we no exact user name. 12:40:15 amotoki, so the point here is that we need faceted search at Identity->Users? 12:40:15 i think this is similar to what keystone folks replied in the dev ML. 12:40:45 david-lyle: hi! I'm working on it. I've found few Keystone issues and haven't got feedback about it from keystone team. Looks like sometimes keystone just becomes too slow and Horizon breaks with request time out 12:40:49 tsufiev: one possible option I think 12:41:46 parameterized search 12:41:50 amotoki, IIUC, that's how filtering is implemented on Instances page, but in a generalized form 12:42:17 selecting the filters in the search bar 12:42:27 understood now. 12:42:53 tsufiev: agree. this is what I think. 12:43:08 tsufiev: I think everyone agrees in principle, just need a few more details ironed out 12:43:43 david-lyle, okay, we're continuing our study then :) 12:44:03 thank you tsufiev 12:44:44 #info https://blueprints.launchpad.net/horizon/+spec/horizon-large-ldap-users-browsing moved to drafting and targeting Mitaka 12:44:53 so the summary is a). Contact UX people b). Compare DB storage response and LDAP storage response on large chunks of return data c). Continue working out Keystone API changes 12:44:59 btw the Mitaka target shows up now :) 12:45:35 did I miss anything? 12:45:55 ah, and d) Prefer faceted search for limiting table contents 12:46:16 would be great, if we don't need to care about keystone backend 12:46:28 but maybe that's too unrealistic 12:46:29 I'm afraid we'll have to :) 12:46:57 why do we have keystone in this case? 12:47:07 * tsufiev shrugs 12:47:13 projects and roles 12:47:46 and we don't want AD/LDAP differences to be OUR problem!! 12:48:01 yes doug-fish ! 12:49:20 any other bps to discuss today? 12:50:23 I unfortunately didn't have time to prepare a list this week 12:50:27 sorry :( 12:51:18 no worries 12:52:26 a quick one? https://blueprints.launchpad.net/horizon/+spec/node-management-ui 12:52:39 I believe, that's outdated and nobody is working on that 12:52:54 #topic https://blueprints.launchpad.net/horizon/+spec/node-management-ui 12:53:31 proposed patches are abandoned 12:54:53 I think the baremetal driver provides what horizon needs in this case to just use the instances panel 12:55:01 Yeah, agreed I think mrunge 12:55:04 *nova driver 12:55:35 #info https://blueprints.launchpad.net/horizon/+spec/node-management-ui marked obsolete 12:57:04 https://blueprints.launchpad.net/horizon/+spec/login-workflow-restructure is one I think we should just drop 12:57:29 amotoki: hence our cleanup effort 12:57:36 david-lyle: Agreed 12:57:36 long ways to go 12:57:39 agree 12:57:40 agreed david-lyle 12:58:03 #info https://blueprints.launchpad.net/horizon/+spec/login-workflow-restructure marked obsolete 12:58:58 a last one? https://blueprints.launchpad.net/horizon/+spec/add-container-only-management-panel-for-object-storage 12:59:22 Lol, wow. Yep 12:59:29 still drafting, no movement since 2013 12:59:43 that's a call for UX prototyping 12:59:50 :-) drop it! 13:00:19 The need is real, but no one is looking at container related work, no matter how bad the existing UI is 13:00:25 I'm ok with dropping 13:00:26 if somehow overlaps with the bug zigo filed yesterday: horizon doesn't work without nova installed 13:00:53 dansmith, yes, I agree. there are folks installing only swift, nothing else 13:00:53 mrunge, you mean the people who just install Horizon for Swift? 13:00:55 mrunge: It does, just in *one* screen it doesn't. 13:00:59 mrunge: do you happen to have the link for that bug? 13:01:08 sorry dansmith , I meand david-lyle 13:01:10 I might have an out-of-date patch to address it 13:01:14 Everywhere else, there's just an error message. 13:01:27 zigo, do you have that bug handy? 13:01:40 tsufiev, yes, exactly. 13:01:55 I think the only hard requirement for Horizon is Keystone 13:02:03 #info https://blueprints.launchpad.net/horizon/+spec/add-container-only-management-panel-for-object-storage marked obsolete, still very much needed, but more design work necessary 13:02:12 tsufiev, for swift, you don't need keystone. 13:02:35 mrunge, you've just ruined my picture of the world :o 13:02:47 time's up. thanks everyone 13:02:49 and if you use swift with horizon, your users need to have a special hardcoded role 13:02:57 tsufiev, ^^ 13:02:57 #endmeeting