#openstack-meeting log

18:02:44 <morganfainberg> #startmeeting keystone
18:02:45 <openstack> Meeting started Tue Apr 14 18:02:44 2015 UTC and is due to finish in 60 minutes.  The chair is morganfainberg. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:46 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:02:48 <openstack> The meeting name has been set to 'keystone'
18:02:52 <morganfainberg> laaaaaaaaaaaaagggggggggggggg
18:03:15 <morganfainberg> Ok going to do a rollcall vote, please respond if you're here for the keystone meeting. after 2-3 meetings will prune the ping list
18:03:21 <ayoung> morganfainberg, I hear they have much faster wireless in the Cafes in NYC
18:03:33 <morganfainberg> #startvote Rollcall? here
18:03:34 <openstack> Begin voting on: Rollcall? Valid vote options are here.
18:03:35 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
18:03:40 <bknudson> #vote here
18:03:41 <ayoung> #vote here
18:03:41 <dstanek> #vote here
18:03:45 <morganfainberg> #vote here
18:03:46 <lbragstad> #vote here
18:03:47 <raildo> #vote here
18:03:50 <gyee> #vote here
18:03:51 <rodrigods> #vote here
18:03:56 <bknudson> this is like the PTL vote where there was only one option
18:03:56 <stevemar> #vote not_here
18:03:56 <openstack> stevemar: not_here is not a valid option. Valid options are here.
18:04:02 <ajayaa> #vote here
18:04:02 <davechen> #vote here
18:04:04 <stevemar> #vote here
18:04:14 <morganfainberg> bknudson, nothing stopped you from running for PTL ;)
18:04:16 <ayoung> #vote no lo contendere
18:04:17 <openstack> ayoung: no lo contendere is not a valid option. Valid options are here.
18:04:21 <henrynash> #vote here
18:04:23 <dolphm> #vote here
18:04:27 <gyee> #vote for Hilary
18:04:28 <openstack> gyee: for Hilary is not a valid option. Valid options are here.
18:04:32 <morganfainberg> LOL
18:04:33 <topol> #vote here
18:04:33 <gyee> sheeet
18:04:47 <amakarov> #vote here
18:04:47 <morganfainberg> 20 more seconds.
18:04:49 <ayoung> #vote for Pedro
18:04:50 <openstack> ayoung: for Pedro is not a valid option. Valid options are here.
18:04:52 <ayoung> #vote here
18:04:54 <henrynash> vote monster-raving-looney-party
18:04:59 <lhcheng> #vote here
18:05:01 <joesavak> #vote here
18:05:16 <ayoung> henrynash, this is Keystone.  That would just be redundant.
18:05:30 <morganfainberg> #endvote
18:05:30 <openstack> Voted on "Rollcall?" Results are
18:05:31 <openstack> here (17): rodrigods, davechen, gyee, lbragstad, ayoung, morganfainberg, lhcheng, bknudson, ajayaa, dstanek, dolphm, topol, joesavak, amakarov, henrynash, raildo, stevemar
18:05:37 <henrynash> (see: http://www.omrlp.com)
18:05:39 <lbragstad> boom, new list!
18:05:45 <morganfainberg> we'll do that the next couple meetings and then prune the list down.
18:06:17 <morganfainberg> #topic RC2 opens for patches tomorrow
18:06:19 <ayoung> morganfainberg, is the new list going to be the union or intersection?
18:06:30 <stevemar> henrynash, theyd get my vote
18:06:36 <morganfainberg> ayoung, new list will be union of all around for all 3 rollcalls
18:06:47 <bknudson> first patches will have to be ones to get it working.
18:06:47 <morganfainberg> anyway, RC2 opens tomorrow
18:06:49 <dolphm> ayoung: must be present to win
18:07:02 <ayoung> w00t!
18:07:04 <morganfainberg> we have ~5-6 bugs
18:07:11 <morganfainberg> i don't think we have a lot more to add.
18:07:13 <morganfainberg> looking good
18:07:24 <ayoung> morganfainberg, is all the web sso stuff in?
18:07:34 <ayoung> Let me check the blacklist one...I thought that made it
18:07:35 <morganfainberg> ayoung, if it isn't we can't backport it.
18:07:49 <morganfainberg> ayoung, i'm 99% sure that landed.
18:07:54 <ayoung> morganfainberg, yeah, I think the issue is other projects, not Keystone server
18:08:01 <lhcheng> ayoung: yeah, that is in master and tagged for rc
18:08:15 <rodrigods> blacklist in mapping rules?
18:08:19 <morganfainberg> rodrigods, yeah
18:08:22 <rodrigods> :(
18:08:23 <ayoung> rodrigods, I'll link
18:08:29 <morganfainberg> it should be in rc
18:08:46 <morganfainberg> anyway
18:08:49 <lhcheng> ayoung: oops nvm, thought it was the remote_id mapping.
18:08:51 <morganfainberg> we can evaluate it if it isn't in rc1
18:09:05 <ayoung> lhcheng, ah, I knew there was one...
18:09:06 <morganfainberg> but i think it had dependency issues
18:09:17 <morganfainberg> or one of them did and needed to push to L
18:09:19 <ayoung> morganfainberg, yeah, remote_id mapping needs backport
18:09:29 <morganfainberg> ayoung, that one was icky iirc
18:09:31 <morganfainberg> anyway
18:09:37 <rodrigods> remote_id mapping hasn't support in OSC
18:09:43 <rodrigods> saw someone complaining about it
18:09:44 <ayoung> 9b11d13856034e3a2cf6ab1f6ca80a6965818d17
18:09:44 <morganfainberg> please tag bugs w/ the kilo-rc-potential flag
18:09:53 <morganfainberg> if it should be in RC [and is a legitimate blocker]
18:10:07 <ayoung> there was also the bug nkinder fixed ...
18:10:10 <morganfainberg> if it is questionable if it should block RC ask me, ask dolphm,
18:10:40 <morganfainberg> dolphm, hah you don't get off the hook! >.>
18:10:46 <ayoung> bug: #1440185
18:10:48 <openstack> bug 1440185 in Keystone "Identity provider create fails if remote_id is not set" [High,Fix released] https://launchpad.net/bugs/1440185 - Assigned to Nathan Kinder (nkinder)
18:10:49 <dolphm> /hugs
18:11:04 <morganfainberg> ayoung, fixed released = in rc
18:11:12 <ayoung> yep...just doing the due dilligence
18:11:16 <morganfainberg> ayoung, would be fix commited otherwise :)
18:11:27 <ayoung> we put too much effort into websso to have it be broken due to an unmerged patch now
18:11:39 <morganfainberg> ok moving on
18:11:45 <morganfainberg> #topic Keystone middleware to "named" release model
18:11:50 <morganfainberg> as much as I like Semver
18:11:59 <morganfainberg> we are locked to the requirements of the process ksm runs in
18:12:04 <morganfainberg> among other things
18:12:15 <morganfainberg> we should move ksm to the named release model
18:12:32 <morganfainberg> i'll put this to a vote though.
18:12:35 <lhcheng> ayoung: doa 1.2.0 released yesterday - that includes the websso patch
18:12:38 <morganfainberg> and/or open for discussion
18:12:38 <bknudson> we could try to expand the supported requirements.
18:12:45 <ayoung> schawing!\
18:13:07 <ayoung> lhcheng, and Horizon had all the fixes in rc 1 as well, right?
18:13:11 <bknudson> although that will be difficult if it depends on keystoneclient features.
18:13:11 <morganfainberg> bknudson, the issue is semver + global-requirements = really really odd mixes of can/does/doesn't work
18:13:25 <lhcheng> ayoung: yes
18:13:28 <ayoung> morganfainberg, so:  https://bugs.launchpad.net/keystone/+bug/1441827  can't be backported?
18:13:29 <openstack> Launchpad bug 1441827 in Keystone "Cannot set per protocol remote_id_attribute" [High,Fix committed] - Assigned to Lin Hua Cheng (lin-hua-cheng)
18:13:30 <morganfainberg> the named release is fine with ksc since it still locks to the version.
18:13:32 <ayoung> It means our docs are wrong
18:13:41 <morganfainberg> ayoung, we will evaluate any bug.
18:14:15 <jamielennox> morganfainberg: switching to named versions would mean we could start deprecating in release + 2 at least
18:14:15 <morganfainberg> ayoung, is it legitimately a release blocker? or is it a "would be nice to have"
18:14:16 <ayoung> morganfainberg, its currently targetted at L1
18:14:21 <morganfainberg> jamielennox, correct.
18:14:36 <dstanek> jamielennox: i like that
18:14:38 <morganfainberg> ayoung, lets look at it tomorrow with the other bugs.
18:14:53 <bknudson> I think we can already deprecate things since we've got stable branches now.
18:15:04 <ayoung> morganfainberg, so I shouldtag ita s rc2 if I think it should be backported?
18:15:04 <bknudson> for keystonemiddleware and keystoneclient
18:15:15 <morganfainberg> ayoung, yes.
18:15:37 <morganfainberg> bknudson, client is a bit different since the CLI and interfaces are used outside of openstack
18:15:45 <morganfainberg> bknudson, but ksm is all private interfaces
18:15:51 <ayoung> OK...it has that
18:15:58 <morganfainberg> bknudson, lets start with KSM since it's easier and attack client separately
18:16:09 <morganfainberg> bknudson, before we deprecate in client i want to do the keystoneauth split anyway
18:16:32 <gyee> split keystoneauth?
18:16:47 <jamielennox> gyee: session and auth plugins into there own library
18:16:49 <morganfainberg> gyee, session, discovery, plugins into their own repo. auth != interfacing with keystone's API
18:17:05 <morganfainberg> and really trim requirements down for it
18:17:06 <gyee> k, make sense
18:17:24 <morganfainberg> so, for KSM, anyone feel strongly against moving it to the named release cycle?
18:17:31 <bknudson> is openstack sdk going to use keystoneauth?
18:17:32 <gyee> I think they would be oslo common right?
18:17:33 <morganfainberg> this would be for Liberty and beyond.
18:17:37 <gyee> since auth is shared
18:17:53 <bknudson> named release cycle makes sense for ksm.
18:17:53 <morganfainberg> kilo will stick with semver cause we're already here.
18:18:21 <morganfainberg> and we have lots of test rekejiggering to do if we do named/milestone releases
18:18:28 <morganfainberg> s/test/gate job/
18:18:57 <morganfainberg> ok quick vote
18:19:29 <morganfainberg> #startvote Move keystonemiddleware to "named" release cycle? yes,no,i-dislike-polls
18:19:30 <openstack> Begin voting on: Move keystonemiddleware to "named" release cycle? Valid vote options are yes, no, i-dislike-polls.
18:19:31 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
18:19:44 <morganfainberg> fair warning, that last option is a yes.
18:19:45 <dstanek> #vote i-dislike-polls
18:19:49 <morganfainberg> #vote yes
18:19:56 <amakarov> #vote yes
18:19:58 <jamielennox> #vote yes
18:20:00 <dolphm> #vote no-strong-opinion
18:20:01 <davechen> #vote yes
18:20:01 <openstack> dolphm: no-strong-opinion is not a valid option. Valid options are yes, no, i-dislike-polls.
18:20:17 <bknudson> #vote yes
18:20:17 <lbragstad> #vote i-dislike-polls
18:20:17 <gyee> #vote yes
18:20:24 <dstanek> tbh, i would be fine either way
18:20:24 <dolphm> #vote i-dislike-polls
18:20:33 <rodrigods> #vote i-dislike-polls
18:20:33 <ayoung> #vote yes
18:20:34 <lbragstad> dstanek: ++
18:20:43 <lbragstad> same here
18:20:43 <lhcheng> #vote yes
18:20:46 <morganfainberg> dolphm, dstanek, no strong opinion = lets go with the easier/less confusing path
18:20:58 <morganfainberg> which i think is named releases
18:20:59 <joesavak> #vote yes
18:21:05 <morganfainberg> 15 more s
18:21:13 <topol> does dolphm mean he is a strong no or no opinion?
18:21:21 <topol> #vote yes
18:21:36 <morganfainberg> topol, eats shoots and leaves or eats, shoots, and leaves?
18:21:42 <morganfainberg> #endvote
18:21:43 <openstack> Voted on "Move keystonemiddleware to "named" release cycle?" Results are
18:21:45 <openstack> i-dislike-polls (4): lbragstad, rodrigods, dstanek, dolphm
18:21:45 <dolphm> topol: strong no opinion
18:21:46 <openstack> yes (10): joesavak, gyee, ayoung, morganfainberg, lhcheng, davechen, jamielennox, amakarov, bknudson, topol
18:21:57 <topol> let's eat grandma
18:22:08 <morganfainberg> #action in liberty keystone middleware moves to "named" release
18:22:18 <dolphm> i kinda wish everything was semver, but <reality>
18:22:29 <morganfainberg> dolphm, yah
18:22:34 <bknudson> yah, what happened to keystone semver?
18:22:45 <rodrigods> sem ver in portuguese: without seeing
18:22:52 <morganfainberg> bknudson, i am worried about a bag of worms that scares the hell out of me at the moment
18:23:02 <morganfainberg> bknudson, waiting for some fallout from big tent to make any proposals
18:23:05 <bknudson> now I'm scared.
18:23:11 <raildo> haha
18:23:27 <morganfainberg> bknudson, it's more how much bikeshedding do i want to deal with over something that has minimal impact at the moment
18:23:40 <morganfainberg> bknudson, shouldn't affect anyone measurably otherwise
18:24:00 <htruta> too late for voting "here" ? :(
18:24:14 <morganfainberg> and right now, my tolerance for that kind of bike shedding is pretty low (after release i'll be more open to dealing with that)
18:24:27 <morganfainberg> htruta, which way would you have voted?
18:24:28 <ayoung> htruta, just make sure you make the poll at the meeting for being on the ping list
18:24:46 <dolphm> morganfainberg: was there more than one choice?
18:24:56 <morganfainberg> dolphm, for rollcall? oh no
18:24:57 <morganfainberg> :)
18:25:07 <joesavak> abstain?
18:25:09 <morganfainberg> htruta, we'll do a few more rollcall votes
18:25:13 * dolphm votes htruta is here
18:25:24 <morganfainberg> before we trim any lists
18:25:27 <htruta> morganfainberg, ayoung: cool
18:25:28 <morganfainberg> and i see you're here
18:25:29 <morganfainberg> :)
18:25:47 <htruta> thanks, dolphm lol
18:25:47 <joesavak> delegated single-factor authentication.
18:25:49 <morganfainberg> the next few topics are related
18:26:01 <morganfainberg> #topic Spec proposal freeze L1, feature freeze L2
18:26:14 <morganfainberg> this is in line with making the summit what our midcycle has been
18:26:20 <morganfainberg> push specs through
18:26:26 <morganfainberg> address design decisions
18:26:38 <morganfainberg> and give ourselves a lot more runway for code to land in Liberty
18:26:41 <ayoung> Our batle cry is "check my spec or I'll wring your neck!"
18:26:45 <morganfainberg> especially being a slightly shorter cycle
18:26:49 <lbragstad> morganfainberg: we don't have hard dates for L1 and L2 yet do we?
18:26:56 <henrynash> ayoung: ha!
18:27:07 <dolphm> lbragstad: not yet
18:27:14 <dolphm> lbragstad: there's some proposed dates on the ML
18:27:15 <morganfainberg> lbragstad, i think we have firm but not confirmed dates
18:27:29 <morganfainberg> most are around the last milestone with question marks iirc
18:27:37 <dolphm> lbragstad: unless someone has a reason to object to the proposed dates
18:27:49 <lbragstad> dolphm: morganfainberg makes sense
18:28:10 <joesavak> proposed sched: ( i looked it up so think  y'all may be too):
18:28:10 <joesavak> liberty-1: June 25th
18:28:10 <joesavak> liberty-2: July 30th
18:28:10 <joesavak> liberty-3: September 3rd
18:28:10 <joesavak> final release: October 15th
18:28:32 <morganfainberg> The goal here is to keep the  "new" API impacting features to a short ~5 item list.
18:28:46 <morganfainberg> so things like Reseller, Policy refactor, tokenless auth
18:28:57 <morganfainberg> all on the proposed list.
18:29:11 <morganfainberg> but i want to keep this list small so we can focus on stability, performance, and testing
18:29:14 <henrynash> and can we lay on this an approximate mid-cyle date (want to make sure I’m not moving house again)?
18:29:24 <henrynash> myabe around 2nd week of July?
18:29:31 <morganfainberg> henrynash, i am hopeing we can avoid a midcycle
18:29:34 <morganfainberg> henrynash, to be honest
18:29:39 <morganfainberg> an in-person one that is
18:29:42 <henrynash> really?
18:29:46 <topol> will we be doing a midcycle meetup (as I make reservations to travel to Austin next week..)
18:29:54 <bknudson> I'll just have to hang out on the riverwalk for no reason.
18:30:17 <gyee> I heard Vegas have better conference rooms
18:30:22 <ayoung> Westford
18:30:23 <morganfainberg> i'd rather people travel to other midcycles and focus on getting initiatives like "openstack working with V2 disabled"
18:30:25 <henrynash> I vote for a midcycle
18:30:30 <lbragstad> there's pretty good saxophone music down there...
18:30:32 <morganfainberg> than travel.
18:30:39 <raildo> gyee, or in Rio, in Brazil :D
18:30:57 <gyee> ++ for Rio
18:31:03 <morganfainberg> but if everyone wants a mid cycle, i'll start doing the legwork to get space
18:31:10 <morganfainberg> because i'd like to start that now
18:31:16 <ayoung> Midcycle at henrynash 's new house!
18:31:30 <joesavak> perhaps midcycle topic for next meeting? We can combine with horizon/oslo groups?
18:31:36 <henrynash> ok,,,,,sure….by the coast…yep, lay it on
18:31:42 <topol> Im scared not to do one in person. Those are quite productive
18:31:48 <ayoung> joesavak, that would be cool
18:31:57 <morganfainberg> joesavak, sure. lets do PDX, SEA, or California though :P
18:32:11 <morganfainberg> joesavak, to be fair i am aiming to *not* do it in SAT if we do it.
18:32:13 <joesavak> good w/me
18:32:15 <ayoung> morganfainberg, let's get you to NYC
18:32:30 <morganfainberg> Boston could also be on the list.
18:32:34 <ayoung> ++
18:32:38 <morganfainberg> so sounds like people like midcycles.
18:32:40 <ayoung> We could certainly host
18:32:45 <morganfainberg> ok i'll start finding a venue
18:32:48 <morganfainberg> i'll put a ML topic out
18:32:48 <mtreinish> morganfainberg: ftr, the hp chelsea office worked out well for us :)
18:32:49 <stevemar> they are very useful
18:32:57 <jamielennox> hawaii is still US
18:33:02 <morganfainberg> we will talk more next week on it
18:33:04 <ayoung> I know that other teams have had midcycyles here
18:33:07 <dstanek> Boston++
18:33:10 <morganfainberg> but we'll confirm it all before the summit if at all possible
18:33:14 <lbragstad> jamielennox: ++
18:33:18 <amolock> + Austin
18:33:29 <morganfainberg> amolock, sorry i veto texas for this one for keystone
18:33:33 <rodrigods> anywhere that I can get sponsored to go :)
18:33:37 <morganfainberg> amolock, we've done texas the last few times.
18:33:47 <amolock> because it's the best
18:33:48 <morganfainberg> rodrigods, and i'll make sure to get the right letters in place for you guys to come up.
18:33:56 <raildo> :D
18:33:58 <morganfainberg> rodrigods, remind me on that though ok?
18:33:58 <ayoung> morganfainberg, as strange as it sounds to say it, I bet we could get space at the Microsoft NERD center in Cambridge
18:34:00 <topol> Boston or Westford? There *is* a difference
18:34:04 <rodrigods> morganfainberg, ++ thanks!
18:34:22 <morganfainberg> topol, next meeting we will go more in detail
18:34:27 <morganfainberg> and line up options.
18:34:32 <morganfainberg> i'll send out some emails this week.
18:34:37 <morganfainberg> so i have some options.
18:34:49 <morganfainberg> anyway.
18:35:00 <morganfainberg> #action morganfainberg schedule midcycle arrangements
18:35:59 <morganfainberg> #link https://etherpad.openstack.org/p/keystone-liberty-priority-specs
18:36:16 <morganfainberg> please fill out this etherpad so we can confirm our ~5ish features for next cycle
18:36:19 <morganfainberg> sow e can get to work on specs
18:36:26 <morganfainberg> this is for "new" API impacting features
18:36:41 <bknudson> REST API?
18:36:42 <morganfainberg> tests, ABI definitions, tech debt paydown, performance, etc
18:36:44 <geoffarnold> drop dead date for this?
18:36:47 <morganfainberg> those are separate
18:36:51 <lbragstad> morganfainberg: what about specs that focus on refactoring and cleanup?
18:36:53 <morganfainberg> bknudson, yes REST API.
18:37:34 <rodrigods> morganfainberg, sometimes there are features that need to be split into more than one spec
18:37:54 <rodrigods> HMT, for example: hmt, improvements and recursive deletion
18:38:10 <morganfainberg> rodrigods, reseller is "new"
18:38:29 <morganfainberg> rodrigods, recursive deletion would be minor or part of reseller
18:38:32 <morganfainberg> for example
18:38:39 <rodrigods> ++
18:39:16 <raildo> morganfainberg, and we intend to create a spec for dual scoped token
18:39:33 <morganfainberg> just keep in mind i really want to keep the feature count low this cycle
18:39:41 <raildo> morganfainberg, so we keep this part of reseller?
18:39:45 <morganfainberg> so we can really really make the rest of the stuff we have solid
18:39:56 <morganfainberg> raildo, i think it's fair to say it's part of the reseller spec or subordinate to reseller
18:40:10 <raildo> morganfainberg, ok
18:40:12 <morganfainberg> raildo, it's primary use would be in a reseller context, right?
18:40:57 <morganfainberg> we will circle up on this next meeting and get some direction
18:41:05 <morganfainberg> please tag "new" features that are small as (minor)
18:41:07 <raildo> morganfainberg, yes, but we need to create a new spec to discuss this (or discuss at the summt and we can create just a BP)
18:41:14 <morganfainberg> as the person with the pink text has done
18:41:50 <geoffarnold> I'm assuming that all the Service Federation will be off in its own Stackforge project, so the focus should be on Keystone features (if any) absolutely needed to enable it.
18:41:59 <morganfainberg> geoffarnold, yeah
18:42:17 <morganfainberg> geoffarnold, it may live under keystone long term, but i'd like that to be outside of the main tree
18:42:23 <ayoung> tempted to move token constraints under dynamic policy
18:42:28 <gyee> geoffarnold, you have a wiki/link for service federation?
18:42:29 <geoffarnold> Me too. For asynchrony
18:42:36 <morganfainberg> geoffarnold, focus on doing that "well" vs in the context of "within keystone's process space"
18:42:42 <ayoung> they are aseparate, but it would be on policy to enforce....that make sense?
18:42:42 <rodrigods> amakarov, add your spec there!
18:42:45 <geoffarnold> Coming in a day or two
18:42:50 <rodrigods> amakarov, maybe in the second session
18:43:01 <amakarov> rodrigods, ok
18:43:09 <geoffarnold> Remind me... is IdP per domain currently in?
18:43:19 <morganfainberg> geoffarnold, uhm..
18:43:28 <morganfainberg> geoffarnold, i think so
18:43:41 <morganfainberg> this will be circled up on next meeting.
18:43:55 <morganfainberg> geoffarnold, we can look to be sure between now and then.
18:43:57 <geoffarnold> If it's not API-settable, I'll be pushing that. Thanks
18:43:57 <ayoung> geoffarnold, what do you mean?  We can do it in the mapping file
18:44:03 <morganfainberg> 2 more topics
18:44:10 <morganfainberg> got to keep it moving :)
18:44:20 <geoffarnold> offline then
18:44:32 <morganfainberg> #topic Summit sessions
18:45:24 <morganfainberg> Keystone       (fishbowl) 4      (hacksessions) 8      (½-day friday meetups) 2
18:45:29 <morganfainberg> this is our current allocation
18:45:43 <dolphm> so, full day friday?
18:45:45 <morganfainberg> i'm asking for 1 more fishbowl...but there is 1 left.. so we probably wont get it
18:45:47 <morganfainberg> dolphm, yes
18:46:01 <morganfainberg> this is why i wanted to push so hard for keystone's summit to be more like our midcycle
18:46:09 <morganfainberg> we have a lot of time for this stuff this time around :)
18:46:20 <ayoung> morganfainberg, we are going to need both
18:46:30 <morganfainberg> i also tried to keep our pre-set allocations light so we can get to other sessions with other projects
18:46:56 <ayoung> especially with the feature freeze, we need the midcycyle to approave essential features
18:47:00 <morganfainberg> making sure other projects don't go off into the weeds with identity/auth/etc is an important part of what we do.
18:47:19 <morganfainberg> ayoung, the other reason to move FF to L-2 is that if something slips, we have all of L3 to catchup
18:47:40 <morganfainberg> ayoung, but we wont be piling every feature in on L-3 like we did with kilo
18:47:45 <ayoung> ++
18:47:49 <morganfainberg> with no extra runway
18:47:51 <topol> which projects moved to using Keystone V3 this cycle?
18:48:35 <morganfainberg> topol, the goal is all projects work with v2 disabled
18:48:57 <morganfainberg> we can worry about other V3 support things after that is achieved
18:49:01 <ayoung> morganfainberg, we need to beat up the puppet and ansible guys on that, too
18:49:01 <topol> cool
18:49:11 <joesavak> remove the requirement for auth in all the projects, and you can run with v2 disabled. ; )
18:49:15 <morganfainberg> ayoung, 1st step: devstack works that way.
18:49:21 <geoffarnold> I'm proposing a Federation session as part of the Cross-project area. We can use some of that to discuss reseller, which may take pressure off our Keystone sessions. If you'd like this, please add to https://docs.google.com/spreadsheets/d/1vCTZBJKCMZ2xBhglnuK3ciKo3E8UMFo5S5lmIAYMCSE/edit#gid=827503418
18:49:37 <raildo> geoffarnold, ++
18:50:01 <morganfainberg> joesavak, i want to move auth endpoints to /auth not /<version>/auth
18:50:11 <morganfainberg> joesavak, there is a lot of detial i disucssed with jamielennox on this already
18:50:29 <morganfainberg> joesavak, and just wire up the auth endpoints in the backend for compat
18:50:30 <morganfainberg> joesavak, anyway
18:50:39 <morganfainberg> joesavak, for later design discussions
18:50:53 <joesavak> ah, interesting - yeah - want to dig in more there
18:50:54 <morganfainberg> last topic
18:51:06 <morganfainberg> #topic NoSql backend
18:51:06 <raildo> geoffarnold, and if you want, we can discuss later the reseller part for this design session
18:51:22 <morganfainberg> ajayaa, o/
18:51:25 <morganfainberg> oh not here
18:51:28 <morganfainberg> #undo
18:51:28 <openstack> Removing item from minutes: <ircmeeting.items.Topic object at 0x95f9dd0>
18:51:31 <ayoung> Didn't we just remove all the nosql backends?
18:51:34 <bknudson> I'm -1 on any new backends.
18:51:42 <bknudson> I assume this is an identity backend.
18:51:45 <amakarov> morganfainberg, what about Redis? :)
18:51:50 <morganfainberg> bknudson, yah was going to ask for more info
18:51:51 <gyee> no swift backend then? :)
18:51:52 <morganfainberg> bknudson, anyway
18:52:10 <morganfainberg> amakarov, i'd like all backend to eventually move out of the main tree
18:52:15 <morganfainberg> so we have clear dependency graphs
18:52:21 <morganfainberg> but different discussion
18:52:24 <ayoung> amakarov, identity-no.  Token-no.  Others---show me the money
18:52:35 <gyee> heh
18:52:35 <morganfainberg> #topic Open Discussion
18:52:39 <morganfainberg> 8mins left
18:52:51 <ayoung> identity should be frozen as is...primarily sql,  LDAP goes awayover time
18:53:00 <ayoung> tokens become ephemeral thanks to fernet
18:53:08 <ayoung> revocations....welll, maybe there...
18:53:13 <gyee> catalog?
18:53:17 <morganfainberg> ayoung, i actually see identity CRUD moving to it's own process with a conductor like interface to direct access.
18:53:30 <ayoung> morganfainberg, and I don't disagree
18:53:37 <morganfainberg> ayoung, that way if someone wants to really double down on the CRUD interfaces for identity we let them.
18:53:43 * topol you'll have to pry LDAP from my cold dead Keystone hands  :-)
18:53:53 <morganfainberg> topol, conductor-like interface would provide that
18:53:54 <ayoung> topol, SSSD is the sournce man!
18:53:57 <ayoung> source
18:53:59 <joesavak> scim the identity crud interfaces and version with scim over time
18:54:01 <morganfainberg> or sssd
18:54:08 <gyee> ayoung, SSSD can be per domain right?
18:54:13 * topol Im just kidding. I know federation will usurp
18:54:18 <ayoung> gyee, sssd handles multiple domains
18:54:37 <morganfainberg> joesavak, something like thart
18:54:52 <joesavak> fart or that? can't tell..
18:55:06 <gyee> shart
18:55:07 <topol> both?
18:55:14 <morganfainberg> joesavak, we have people who want a CRUD interface, i'm happy to oblige, but it doesn't need to be keystone's "openstack" endpoint
18:55:16 <morganfainberg> joesavak, long term
18:55:20 <morganfainberg> joesavak, that*
18:55:49 <morganfainberg> joesavak, also we can eliminate PII leaking into Openstack services that way
18:55:55 <morganfainberg> [another real win]
18:55:56 <gyee> yah!
18:56:02 <stevemar> yay
18:56:04 <bknudson> http://www.simplecloud.info/ ?
18:56:06 <ayoung> Pentium 2?
18:56:10 <joesavak> yup - scim is ietf now https://tools.ietf.org/wg/scim/
18:56:18 <morganfainberg> joesavak, good to know
18:56:32 <topol> wow, I have heard SCIM mentioned for a while
18:56:36 <bknudson> it's a like a rest interface to ldap
18:56:41 <morganfainberg> bknudson, OMG.
18:56:59 <morganfainberg> bknudson, it's like keystone is a rest interface for a key-value-store...that doesnt do it very well.
18:57:01 <morganfainberg> :P
18:57:03 <bknudson> it's even got babs jansen.
18:57:24 * morganfainberg looks around for mordred and jeblair... "can we use toml for everything instead too?"
18:57:33 * morganfainberg runs and hides.
18:57:55 <ayoung> #end meeting
18:57:57 <morganfainberg> ok i think we're done.
18:57:59 <morganfainberg> #endmeeting