18:00:19 <dolphm> #startmeeting keystone
18:00:20 <openstack> Meeting started Tue Apr  9 18:00:19 2013 UTC.  The chair is dolphm. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:21 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:23 <openstack> The meeting name has been set to 'keystone'
18:00:27 <topol> Hello, anyone have plans for next week?
18:00:39 <dolphm> i was thinking about staying home and watching tv
18:00:55 <stevemar> yeah, i was thinking the same
18:00:57 <dolphm> #topic OpenStack summit!
18:01:01 <stevemar> heard something about a summit
18:01:23 <spzala> Hi all!
18:01:27 <joesavak> o/ hi
18:01:31 <dolphm> something something yelling at each other in tiny conference rooms on the west coast something something
18:01:41 <dolphm> #link https://wiki.openstack.org/wiki/Summit/Havana/Etherpads#Keystone
18:01:48 <gyee> and bad beer breath
18:01:56 <dolphm> I created etherpads for all of our summit sessions
18:02:07 <topol> dolphm, cool
18:02:10 <dolphm> In a couple cases there were existing etherpads so I ensured those were used - if there's an existing etherpad that I didn't link, please crosslink them and move the aggregate the content into one place as appropriate
18:02:21 <topol> I need to fill mine out
18:02:30 <dolphm> i just stubbed all the new ones
18:02:56 <dolphm> at minimum, each etherpad needs to have a list of topics that need to be discussed, and a question to be answered / goal to be reached / etc
18:03:23 <topol> will do
18:03:28 <dolphm> #topic Bad beer breath arguments
18:03:56 <dolphm> so, for officially unofficial unconferencing purposes, i guess twitter?
18:04:17 <stevemar> sounds easy enough
18:04:23 <gyee> +1
18:04:27 <dolphm> I'll be arriving in Portland around 3p on Sunday, and i'll start tweetering wherever i wander thereafter if anyone wants to follow/join/stalk do some pub-based arguing
18:04:36 <dolphm> #link https://twitter.com/dolphm
18:04:51 <dolphm> (this is where everyone posts links to their twitter account or runs off to twitter to sign up)
18:05:27 <joesavak> #link twitter.com/joesavak
18:05:33 <stevemar> #link https://twitter.com/stevebot
18:05:44 <dolphm> joesavak: fully formed uri's please
18:05:47 <dwaite> #link https://twitter.com/dwaite
18:06:06 <joesavak> #link https://twitter.com/joesavak
18:06:15 <topol> #link https://twitter.com/bradtopol
18:06:53 <dolphm> ayoung: ?
18:07:02 <dolphm> gyee: ?
18:07:12 <gyee> I need to sign up first :)
18:07:21 <dolphm> #link https://twitter.com/heckj
18:07:48 <dwaite> oh interesting, what is this twitter thing that I've never heard about?
18:08:22 <joesavak> lol
18:08:23 <dolphm> it's where you regurgitate unoriginal truncated quotes from more creative sources than yourself
18:08:43 <joesavak> garbage data replicator
18:08:45 <dolphm> #topic Grizzly docs
18:08:48 <dolphm> #link http://docs.openstack.org/
18:08:57 <dolphm> docs need some updating now that grizzly has shipped
18:09:17 <dolphm> i believe we have a short window before the docs open up for havana-related things
18:09:29 <dwaite> dolphm: https://twitter.com/dwaite/status/321686249624719360
18:09:38 <dolphm> so please get to reviewing, testing, revising & amending as appropriate :)
18:10:16 <topol> dolphm, do you have a list of known doc issues you want to hand out to folks?
18:10:28 <dolphm> dwaite: i hope it's not awkward if i retweet your unattributed quote
18:10:51 <dolphm> topol: i haven't taken a pass through the doc bug list myself, yet
18:10:53 <dolphm> #link https://bugs.launchpad.net/openstack-manuals
18:10:54 <topol> or do we just read an look for glaring errors
18:11:01 <dolphm> there's lots of stuff in there for us to tackle though
18:11:12 <topol> OK. figured you would say that
18:11:16 <dolphm> there's several major new things in grizzly that are undocumented afaik
18:11:20 <ayoung> I'm here.
18:11:23 <dolphm> source-
18:11:24 <dolphm> #link https://github.com/openstack/openstack-manuals/tree/master/doc/src/docbkx
18:11:41 <dolphm> things that come to mind: pki_setup, policy.json enforcement/customization
18:11:59 <dolphm> making DEFAULT_DOMAIN_ID go on non-sql based identity drivers *cough*ldap*cough*
18:12:04 <dolphm> ldap schema changes
18:12:17 <ayoung> Ugh...twitter.  DO I need to set up an account?  Someone already squatted on admiyo
18:12:54 <dolphm> ayoung: https://twitter.com/ayoungerest
18:13:19 <dwaite> dolphm: I prefer thinking twitter is so that the next generations can still know what it feels like to compose a classified ad
18:13:27 <dolphm> lol
18:14:04 <dolphm> hmm
18:14:07 <dolphm> #topic High priority bugs or immediate issues?
18:14:07 <topol> 4 sale Buick Skylark 76K Mint
18:15:50 <dolphm> (i'm not really aware of anything)
18:16:29 <dolphm> there's a few unanswered queries on the mailing list regarding PKI and LDAP if anyone wants to take a stab at forming a coherent semi-useful response :)
18:16:59 <topol> K, I remember seeing an LDAP one
18:17:00 <dolphm> #link http://www.mail-archive.com/openstack@lists.launchpad.net/msg21954.html
18:17:11 <topol> I can take that
18:17:27 <dolphm> #link http://www.mail-archive.com/openstack@lists.launchpad.net/msg21806.html
18:17:32 <dolphm> PKI ^
18:17:43 <dolphm> i think i'm qualified to answer the PKI one, but i don't want to get security details wrong
18:17:47 <dolphm> so, ayoung?
18:18:01 <gyee> dolphm, I took care of that already
18:18:07 <gyee> Mark is good to go
18:18:22 <ayoung> #link https://twitter.com/admiyoung
18:18:22 <dolphm> gyee: hmm, alright -- was it off-list then?
18:18:36 <gyee> dolphm, yeah, I forgot to reply to the whole list
18:18:48 <ayoung> dolphm, -dev or just openstack?  I
18:18:58 <dolphm> gyee: it'd be nice if you resent it to the list :)
18:18:59 <ayoung> 'm about 3500 messages behind on the main list
18:19:05 <gyee> dolphm, sure
18:19:17 <ayoung> and 4600 behind on -dev
18:19:34 <dolphm> ayoung: the two i linked above are the only ones i'm aware of
18:19:36 <topol> ayoung, better do like the postman and start burying them in your basement
18:19:48 <gyee> ayoung, try to use your round folder more often
18:20:10 <dolphm> i'm also working on v3 auth in keystoneclient when i have time, but it's been a really slow process and there's way more changes required than expected
18:20:27 <henrynash> joined, sorry to be late
18:20:29 <dolphm> i'd like to do a v0.3.0 release of keystoneclient by the end of the week with v3 auth and any relevant bug fixes we can squeeze in
18:20:41 <ayoung> Mark asked me off list and I told him to ask here.  But I did answer him directly.
18:21:32 <dolphm> #topic Open discussion
18:21:37 <gyee> #link https://twitter.com/gyeeeeee
18:21:39 <ayoung> LDAP one ... guessing that the pre-existing values don't have default domain set
18:21:49 <henrynash> dolphm: feel free to pull me in to work on the client of you need help
18:22:01 <dwaite> re: session next week, I thought about it and will probably drop SCIM from slides in favor of OpenID (Connect). Not sure if I have a recourse to update schedules.
18:22:25 <dolphm> henrynash: thanks
18:22:25 <dwaite> was hoping to have draft slides to share, but still need to pull out more content for time :)
18:22:25 <henrynash> dwaite: I think OpenID connect would be a great thing to cover
18:22:45 <dolphm> henrynash: p.s. we exchanged links to twitter accounts earlier if you have one to add
18:22:46 <topol> +1 on OpenID connect
18:23:10 <ayoung> -2 on OpenID and any web only SSO
18:23:15 <dolphm> dwaite: if you email me a new description, i can revise sched.org
18:23:19 <dwaite> ok!
18:23:22 <ayoung> the more I read about them, the more scared I get
18:23:39 <henrynash> dolphm: @henrynash
18:23:39 <dolphm> web-only is a definite non-starter
18:23:48 <henrynash> (shockingly)
18:23:54 <dolphm> #link https://twitter.com/henrynash
18:25:33 <ayoung> Redirect based SSO is a non starter in my book
18:27:10 <ayoung> dwaite, you are not going to talk about Kerberos or Client Side X509, are you?
18:27:24 <dwaite> very briefly
18:27:52 <topol> dwaite, I believe you are not supposed to put a slide deck together, just FYI
18:28:11 <ayoung> I'm going to cover Kerberos in depth.  I think that my talk is just going to eat into the first Keystone session.
18:28:18 <topol> so the OS design summit gurus tell me
18:28:24 <dwaite> hmm, will there be a projector for shadow puppetry?
18:28:47 <ayoung> it got scheduled as a main conference talk, but they decided to schedule it on the only day that it conflicted with things I needed to do.
18:29:09 <dolphm> slides should be incredibly short so we can get to the discussion stuff
18:29:20 <dolphm> 3 slides in a design summit session is a lot
18:29:33 <dolphm> and if you have an intro slide something is wrong
18:29:40 <ayoung> http://openstacksummitapril2013.sched.org/event/02841e3d64620e15b861db63628735bd#.UWReAaquI94  is the same time as the first Keystone slot.  dolphm what is going in there?
18:29:56 <dolphm> i didn't schedule that
18:29:58 <ayoung> SAML, OAuth 2, and SCIM - Overview and Application:
18:30:17 <ayoung> dolphm, I know...that was the confusion last week.  Now I am committed, though
18:30:27 <topol> just curiously why do the other projects get like 4 days of design summit and we get 1?
18:30:32 <dolphm> ask if you can have that session moved to wednesday morning?
18:30:39 <ayoung> So I am going to miss dwaite 's session
18:30:46 <ayoung> I'll try
18:30:55 <dolphm> topol: nova is the only one that gets a *lot* of time
18:31:07 <topol> OK
18:31:08 <dolphm> oslo, glance, swift and keystone are all about the same
18:31:12 <ayoung> dolphm, any idea who to ask?  This whole thing is kindog a mystery to me
18:31:15 <dwaite> hmm. thats no good. I get the feeling that we will be pushing strongly opposing technologies
18:31:16 <topol> primadonnas :-)
18:31:22 <dolphm> ayoung: ttx would know
18:31:30 <dwaite> if we conflict - where will the fight be, where will the entertainment be?
18:31:31 <ayoung> dwaite, nah, we need to support a range of options
18:31:34 <dwaite> :D
18:31:36 <ayoung> and not dictate
18:32:02 <dolphm> dwaite: that's the discussion we want to have at the summit :)
18:32:16 <dolphm> design summit = coming to an agreement & making a decision
18:32:34 <ayoung> http://www.swordsofmight.com/larp-weapons-latex-swords.aspx  in the middle of the lunch room, I think
18:32:38 <dolphm> dwaite: i scheduled your talk first on thurs because i imagine the outcome will affect the discussions for the rest of the day
18:32:50 <dwaite> ooh, no pressure
18:32:57 <dwaite> wow those swords are great
18:33:15 <topol> dwaite, I just wanted to let you know, we are all counting on you
18:33:15 <dwaite> need one on the class divider of my cubicle, over my head
18:34:27 <dwaite> hmm, I'm going to try to crush things down. any other points will be in my notes to bring up in discussion :D
18:35:35 <topol> those larp throwing knives are surprisingly affordable
18:36:06 <ayoung> should we plan on having a face-to-face meeting on Monday morning and plan out the rest of the week then?
18:36:33 <topol> ayoung +1
18:36:56 <stevemar> +1, that would help out
18:37:00 <henrynash> ayoung: +1 count me in
18:37:20 <dolphm> immediately after design summit kickoff?
18:37:27 <gyee> sounds good
18:38:00 <ayoung> yes
18:38:00 <ayoung> I need to make sure I get to this one at 11 http://openstacksummitapril2013.sched.org/event/66519fa2fd27cfc6b1428b62aac3fba2#.UWRf5aquI94
18:38:13 <ayoung> and I suggest we have a decent number of Keystone folks there.  That is Trust/Oauth stuff.
18:38:40 <dolphm> ooh, anyone aware of any other non-keystone track sessions that we should be crashing?
18:38:40 <ayoung> But I don't think we have anything pressing at the 9 AM session
18:39:03 <dolphm> 9am is the intro
18:39:17 <gyee> dolphm, is Key Manager part of Keystone?
18:39:21 <dolphm> yes
18:39:25 <gyee> cool
18:39:28 <ayoung> Sorry, 9:50.  First session.
18:39:37 <dolphm> there's definitely some debate about that
18:39:48 <dolphm> but it's on our track, regardless of whether the feature ends up in keystone
18:40:04 <gyee> looking forward to that one as well
18:40:35 <dolphm> i was wondering if the /v3/credentials api could somehow back an external key manager service?
18:40:38 <chmouel> it would be nice if somebody from keystone can come over to this one http://openstacksummitapril2013.sched.org/event/79780b828202669f572483884dcbf3b1 to talk about v3+ swift
18:40:50 <ayoung> Oh, hey, look, another Federation project
18:40:52 <dolphm> chmouel: thanks
18:41:00 <ayoung> I really should look at the other tracks more closely
18:41:02 <gyee> dolphm, yeah, I was thinking the same thing
18:41:16 <dolphm> gyee: awesome, i didn't know if i was crazy or not
18:41:34 <topol> I could use a talking points cheat sheet: if interested in keystone stuff make sure you attendy x, y, z
18:41:38 <ayoung> dolphm, we've already established that you are crazy.  The rest is details
18:41:47 <dolphm> ayoung: +1
18:41:49 <ayoung> I mean, you took the PTL position.
18:41:53 <chmouel> heh
18:42:04 <dolphm> +2
18:42:05 <topol> q.e.d. :-)
18:42:55 <ayoung> Cloud Keep is at the same time http://openstacksummitapril2013.sched.org/event/886118ad75e16dae1da91d9ca9866ca7#.UWRhKKquI94
18:43:05 <ayoung> Key management as a service
18:43:38 <gyee> you trust you key to the cloud?!
18:43:51 <ayoung> we should have someone (or several someones)  here http://openstacksummitapril2013.sched.org/event/40c9f9db30ba96480d094aca32d94f5e#.UWRhUqquI94
18:43:56 <ayoung> 0 downtime upgrades
18:44:38 <henrynash> ayoung: count me in for that
18:45:11 <ayoung> I think there are a few sessions on Upgrade.  We got burnt on that this release, and we should be the smartest team about it from here on out
18:45:34 <ayoung> People should be able to do Keystone upgrades and have the rest of the cloud keep running, and lets make sure we know what that really means.
18:45:53 <dolphm> ayoung: +1
18:46:07 <nachi> Is there a live webcast for keystone sessions. Where will be the slides uploaded for keystone sessions
18:46:31 <topol> ayoung, a failover keystone?
18:46:32 <chmouel> from experience I think the evernotes are the most reliable sources
18:46:38 <dolphm> nachi: my understanding is that there won't be a webcast
18:46:40 <chmouel> etherpad
18:46:44 <ayoung> topol, that is a different issue
18:46:58 <nachi> ok. thanks
18:46:59 <dolphm> nachi: and there generally aren't slides for design summit sessions, but notes will be taken here https://wiki.openstack.org/wiki/Summit/Grizzly/Etherpads
18:47:13 <ayoung> topol, for now, lets absorb from the other projects, but keep in mind the peculiarities of keystone
18:47:13 <gyee> how about a self-healing keystone? :)
18:47:25 <gyee> fixes its own bug
18:47:30 <ayoung> gyee, you know what happens when you remove the keystone?
18:47:32 <dolphm> nachi: sorry, that was the old link, for havana: https://wiki.openstack.org/wiki/Summit/Havana/Etherpads
18:47:32 <nachi> dophm: ok thanks. i will look at the etherpad for notes
18:48:25 <dolphm> ayoung: everything collapses!
18:48:45 <ayoung> I don't think that metaphor is accidental, either
18:48:46 <gyee> ayoung, a hole in the wall?
18:49:07 <topol> dolphm, yes, thats why I said the need for a failover keystone.  all roads typically go thru us
18:49:25 <ayoung> gyee more likely that there is no wall anymore
18:49:49 <dolphm> topol: definitely, but we're not doing anything to block that
18:50:14 <topol> I was just probing on whether there was a lighter weight option. I can think of one
18:50:23 <topol> s/can/cant
18:51:30 <ayoung> topol, so the issue is with Database upgrades.  From here on out, we should think "what would happen if I ran this upgrade with the existing Keystone code?"  COuld I have Grizzz GA and Havana 1 running against the same back end?
18:52:00 <topol> that'd be nice.  I'd buy one of those
18:52:03 <ayoung> It might not be achievable
18:52:10 <ayoung> but we should try
18:52:27 <dolphm> we definitely don't code that way
18:52:54 <ayoung> it means that we have to deal with holes in the data, either by defaulting values put in by the old code, or by assuming that there can be blanks
18:52:57 <ayoung> dolphm, not yet we don't.
18:53:09 <ayoung> That is why we need to think about it long and hard before we start accepting patches
18:53:15 <bknudson> and missing columns?
18:53:17 <topol> ayoung +1
18:53:33 <gyee> we did v2 v3 token data intermix, that was fun :)
18:53:45 <dolphm> ayoung: i imagine it's really, really difficult to take that approach in an open source project
18:54:03 <bknudson> how about a data service?
18:54:07 <bknudson> a REST API on top of sql.
18:54:56 <topol> bknudson, how would you use that to mitigate the issue?
18:55:20 <bknudson> keystone is talking to this data service instead of making sqlalchemy calls directly
18:55:27 <bknudson> so it can handle the translation
18:55:39 <topol> a proxy layer
18:56:29 <bknudson> or, it's more like how keystone-client works with older versions of keystone.
18:56:40 <bknudson> keystone would be a client of this data service
18:56:44 <ayoung> bknudson, how about an AMQP api on top of SQL instead
18:57:06 <bknudson> it doesn't have to be rest.
18:57:08 <ayoung> that way we can do asyn IO
18:57:32 <topol> ayoung, you still need a piece to be the proxy layer, correct
18:57:34 <ayoung> async
18:57:37 <dolphm> alright, i'm going to endmeeting a few minutes early and leave ya'll to keep dreaming ;)
18:57:41 <dolphm> #endmeeting