#openstack-meeting log

18:02:03 <stevemar> #startmeeting keystone
18:02:04 <openstack> Meeting started Tue Apr 21 18:02:03 2015 UTC and is due to finish in 60 minutes.  The chair is stevemar. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:02:08 <openstack> The meeting name has been set to 'keystone'
18:02:14 <stevemar> linky link: https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting
18:02:28 <bknudson> #link https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting
18:02:38 <stevemar> thanks bknudson :P
18:02:48 <bknudson> meetbot doesn't get linky link yet, I don't think.
18:02:55 <stevemar> #topic Meeting schedule
18:02:59 <ayoung> stevemar, you going to do the vote to see which irc nicks we can cull?
18:03:07 <stevemar> #undo
18:03:07 <openstack> Removing item from minutes: <ircmeeting.items.Topic object at 0xa7a0a50>
18:03:18 <stevemar> #topic Rollcall
18:03:21 <bknudson> don't put me on the roll call list. I've got a meeting invite anyways.
18:03:26 <gyee> #vote yes!
18:03:38 <gyee> oops jump the gun there
18:03:47 <stevemar> #startvote Rollcall? here
18:03:48 <openstack> Begin voting on: Rollcall? Valid vote options are here.
18:03:49 <openstack> Vote using '#vote OPTION'. Only your last vote counts.
18:03:55 <samueldmq> #vote here
18:03:56 <rharwood> #vote here
18:03:57 <bknudson> #vote abstain
18:03:58 <openstack> bknudson: abstain is not a valid option. Valid options are here.
18:03:59 <rodrigods> #vote here
18:04:00 <ayoung> #vote here
18:04:00 <raildo> #vote here
18:04:01 <marekd> #vote here
18:04:04 <davechen> #vote here
18:04:05 <gyee> #vote here
18:04:05 <david8hu> #vote here
18:04:07 <lhcheng> #vote here
18:04:08 <stevemar> #vote here
18:04:09 <morganfainberg> #vote here
18:04:12 <amakarov_> #vote here
18:04:18 <ericksonsantos> #vote here
18:04:34 <stevemar> 10 more seconds....
18:04:39 <jamielennox> hmm
18:04:46 <dstanek> #vote here
18:04:50 <htruta> #vote here
18:04:52 <stevemar> quickly jamielennox !
18:04:54 <dolphm> #vote here
18:04:59 <jamielennox> #vote here
18:04:59 <morganfainberg> #vote hiding-from-stevemar
18:05:00 <openstack> morganfainberg: hiding-from-stevemar is not a valid option. Valid options are here.
18:05:17 <stevemar> #endvote
18:05:18 <openstack> Voted on "Rollcall?" Results are
18:05:19 <openstack> here (18): rodrigods, gyee, dstanek, ayoung, morganfainberg, lhcheng, dolphm, davechen, marekd, david8hu, samueldmq, ericksonsantos, amakarov_, htruta, jamielennox, rharwood, raildo, stevemar
18:05:30 <lbragstad> ahhh. damn
18:05:33 <lbragstad> I missed it
18:05:35 <stevemar> alright, we should have a new rollcall list
18:05:40 <stevemar> don't worry lbragstad i got your back
18:05:50 <lbragstad> thanks stevemar!
18:05:56 <stevemar> #topic Meeting schedule.
18:05:56 <morganfainberg> it's a union of the first three meeitngs of the cycle fwiw
18:05:59 <morganfainberg> so...
18:06:05 <stevemar> is everyone still good with this time?
18:06:18 <morganfainberg> this is the time to change it if we aren't good with this time.
18:06:21 <bknudson> works for me.
18:06:21 <amakarov_> ++
18:06:28 <marekd> stevemar: whos is not essentially us-based now?
18:06:42 <bknudson> I only have to put up with it until dst ends.
18:06:49 <lbragstad> henry-nash?
18:06:51 <morganfainberg> bknudson, lol
18:06:57 <marekd> me, henry, jamielennox
18:07:08 <morganfainberg> rodrigods is not US.
18:07:19 <htruta> neither are me and raildo
18:07:21 <marekd> morganfainberg: he is 'close to US-time zone' i think :-)
18:07:25 <morganfainberg> lol
18:07:26 <htruta> but it's close
18:07:28 <jamielennox> yea, later is always good - but it can't be any earlier for me
18:07:29 <stevemar> marekd, yep
18:07:38 <bknudson> later works for me.
18:07:45 <davechen> mareked: I am not in the US, but I am fine with it.
18:07:47 <dstanek> later would be fine for me too
18:07:50 <bknudson> I guess henrynash would not like later.
18:07:54 <jamielennox> i think later not so good for the EU though
18:07:55 <morganfainberg> we could push this later but it might be bad for marekd  and Henrynash
18:07:56 <bknudson> and marekd
18:07:58 <amakarov_> meeting starts at 9pm for me and breton
18:08:03 <marekd> davechen: what time is it now?
18:08:16 <davechen> marekd: 2 AM here.
18:08:16 <stevemar> 2am for davechen ?
18:08:25 <gyee> I am fine so as long as it is between 9am - 5pm PST
18:08:25 <dolphm> an hour or two later works for me, but i like to have time left in the day after the meeting
18:08:26 <morganfainberg> davechen, wow, serious trooper! :)
18:08:27 <bknudson> several teams have 2 meeting times and switch off.
18:08:29 <jamielennox> davechen: :O - damn
18:08:33 <rodrigods> here is 3 PM, earlier and later is good
18:08:40 <morganfainberg> bknudson, i'd like to avoid that unless we really really benefit from it.
18:08:49 <morganfainberg> bknudson, but if we have a diverse enough group we could do that
18:08:52 <ayoung> Gonna be painful for someone no matter when we hold it
18:08:59 <stevemar> ayoung, yep
18:09:05 <marekd> stevemar: ok, so i think it's impossible to make it 'not to early (jamielennox would suffer)' and 'not too late (davechen will be angry)'
18:09:07 <ayoung> keep it steady if no drive to change
18:09:08 <bknudson> I don't think we know what we're missing since people don't show up if they're asleep.
18:09:18 <morganfainberg> lets keep it where it is for now, and discuss if we want to alternate at the summit
18:09:22 <ayoung> ++
18:09:27 <marekd> morganfainberg:
18:09:27 <jamielennox> i'm ok with where it is now
18:09:39 <marekd> ok
18:09:59 <morganfainberg> and if we want to, we'll find a slot and do alternating times or similar.
18:10:05 <stevemar> yep
18:10:19 <samueldmq> ++
18:10:25 <stevemar> onto next topic...
18:10:36 <stevemar> #topic Liberty Priorities
18:10:51 <stevemar> morganfainberg, i think you have the floor, if you can type on phone fast enough
18:10:57 <morganfainberg> #link https://etherpad.openstack.org/p/keystone-liberty-priority-specs
18:11:01 <morganfainberg> we have this etherpad
18:11:12 <bknudson> morganfainberg is fast on the phone.
18:11:23 <marekd> Apple (R)
18:11:26 <morganfainberg> bknudson, i got back home.
18:11:41 <morganfainberg> bknudson, i was walking back from breakfast. but just sat down.
18:11:52 <morganfainberg> anyway. etherpad, that is the general gist of what we're looking at
18:11:56 <stevemar> i think we want to keep the amount of "new" features fairly small for liberty?
18:11:59 <morganfainberg> yes.
18:12:11 <morganfainberg> our target is 5 "new" (read: api impacting) features
18:12:23 <gyee> quality instead of quantity!
18:12:30 <stevemar> gyee, that's the goal anyway
18:12:31 <morganfainberg> things like "refactor for stable ABIs" while feature-like, is not something i classify as a "new" feature
18:12:45 <samueldmq> morganfainberg, can anyone add ideas in there?
18:12:48 <morganfainberg> samueldmq, yes
18:12:55 <gyee> if your paycheck is depending on statanalytics that might be sad though :)
18:12:55 <marekd> stevemar: morganfainberg: don't worry, i will come up with something federation-related sooner or later :-)
18:13:03 <samueldmq> morganfainberg, nice, thx
18:13:13 <morganfainberg> so, this week please check the list. please put your name with +/- vote for the various things
18:13:22 <ayoung> Federation should be core
18:13:25 <morganfainberg> feel free to use
18:13:32 <morganfainberg> '++' for high priority
18:13:36 <dstanek> gyee: if your paycheck depends on that you may want to find a new place to work :-)
18:13:56 <stevemar> satanalytics hehe
18:13:56 <morganfainberg> next week we will cull this down and look to see what features have Specs proposed/pending for backlog
18:14:08 <morganfainberg> and determine what we're going to focus on
18:14:27 <stevemar> did we want to discuss any of the items here now?
18:14:40 <morganfainberg> stevemar, lets circle up at the end and discuss specifics then
18:14:46 <morganfainberg> stevemar, so we can get through the rest of the schedule
18:14:46 <stevemar> alright
18:14:53 <morganfainberg> also table the summit bits
18:15:12 <stevemar> morgabra, skip to Midcycle update ?
18:15:16 <morganfainberg> stevemar, yep
18:15:20 <stevemar> #topic Midcycle update
18:15:26 <stevemar> that's a while away, but alright
18:15:34 <morganfainberg> Since we had an overwhelming majorty wanting a midcycle
18:15:48 <morganfainberg> we are going to do one. I will send an email to the list this week or next.
18:15:53 <morganfainberg> confirming some details.
18:15:55 <bknudson> let's have it someplace boring then nobody will want a midcycle.
18:15:59 <morganfainberg> ayoung, has some info for us.
18:16:08 <ayoung> OK...so here is my working assumptions
18:16:10 <dstanek> bknudson: you can come to Cleveland then :-)
18:16:16 <bknudson> cleveland rocks!
18:16:18 <morganfainberg> dstanek, i was thinking needles CA
18:16:18 <ayoung> people want to have it in Boston...but not in Westford.
18:16:23 <ayoung> This sound about right?
18:16:40 <morganfainberg> Westford wouldn't be awful either if Boston isn't doable.
18:16:40 <dstanek> i liked the cambridge idea someone had
18:16:52 <ayoung> If we do Westford,  RH can easily host etc.
18:16:59 <bknudson> nova is having midcycle here in rochester.
18:17:12 <morganfainberg> if we have space, anywhere in that area would be good.
18:17:13 <ayoung> Cambridge and Boston are pretty interchagnnable.  i was looking in to Boston University...the MOC folks are willing to help out
18:17:15 <david8hu> Levi's Standium in Santa Clara smells like a brand new car
18:17:19 <dstanek> i would love someplace drivable!
18:17:22 <morganfainberg> ayoung, BU would be awesome.
18:17:22 <lbragstad> bknudson: about time :)
18:17:25 <ayoung> its a good location, and neutral company wise.
18:17:50 <ayoung> There are hotels along the river ,adn with Summer time, the schools should be out, and prices a little lower
18:18:14 <ayoung> I chatted quickly with the HP rep at the Boston OpenStack meetup, as well as Dell, and both are willing to helpout somewhat
18:18:14 <morganfainberg> i will also work to find out if we can do a hotel block.
18:18:49 <ayoung> I'll drive forward with this if I get a thumbs up from the team?
18:18:58 <ayoung> https://www.google.com/maps/place/Boston+University:+Physics+Department/@42.348381,-71.100336,15z/data=!4m2!3m1!1s0x0:0xbbd229e8b6463759?sa=X&ei=f5Q2Vf8pidqwBILWgNgB&ved=0CHcQ_BIwDQ
18:19:00 * morganfainberg likes the BU idea.
18:19:04 <ayoung> roughly the location
18:19:07 <bknudson> I'm not picky.
18:19:12 <stevemar> same
18:19:30 <david8hu> ayoung, you sure you dont want it in the Bahamas?
18:19:39 <ayoung> david8hu, this way I don't have to travel
18:19:45 <dstanek> BU sounds great
18:19:47 <ayoung> I live two towns over
18:20:09 <morganfainberg> anyone against BU as a target?
18:20:20 <morganfainberg> ayoung, we don't have a release schedule yet...
18:20:38 <bknudson> looks like there's some hotels in the vacinity.
18:20:50 <ayoung> right and yes
18:21:03 <ayoung> bknudson, I'd probably target the one right across the river:
18:21:12 <ayoung> Hyatt Regency Cambridge
18:21:14 <bknudson> I need to swim?
18:21:26 <ayoung> but we'll do the due
18:21:35 <ayoung> bknudson, in the Charles?
18:21:40 <bknudson> I'll join the rowing team
18:21:54 <ayoung> Its very walkable.  BU bridge is right there
18:21:55 <stevemar> david8hu, maybe one day: http://www.bahamaslocal.com/showlisting/5965/IBM_Bahamas_Limited.html
18:22:17 <bknudson> it's right near fenway.
18:22:21 <ayoung> yep
18:22:27 <david8hu> stevemar, thinking about taking the disney cruise there ;)
18:22:29 <stevemar> boston is a good call for the summer midcycle
18:22:37 <morganfainberg> anyone have the proposed release schedule yet?
18:22:42 <morganfainberg> erm. thread link
18:22:45 * morganfainberg can't find it.
18:22:52 <stevemar> not so much for the january one
18:23:03 <ayoung> OK...I'll follow up.
18:23:03 <stevemar> didn't even know it was a thread yet
18:23:08 <morganfainberg> aha
18:23:10 <morganfainberg> iberty-1: June 25th
18:23:10 <morganfainberg> liberty-2: July 30th
18:23:11 <morganfainberg> liberty-3: September 3rd
18:23:12 <morganfainberg> final release: October 15th
18:23:30 <morganfainberg> ok so, ayoung, assume that is our schedule [tenative]
18:23:34 <morganfainberg> no one has complained yet about it
18:23:35 <ayoung> If it is the week of 7/20 unfortunatley those are all way games for the Red Sox
18:23:55 <ayoung> prev/next are home games
18:24:10 <gyee> you guys stole the Panda!
18:24:14 <morganfainberg> ayoung, historically we'd do July 10th week
18:24:20 <morganfainberg> ayoung, 2 wks till milestone-2
18:24:27 <david8hu> Poor SF Giant Panda
18:24:28 <morganfainberg> 2wks after midcycle.
18:24:36 <dstanek> i just don't want it to be aug 1-3 (PyOhio and all)
18:24:41 <ayoung> morganfainberg, so look into July 8-10?
18:24:44 <morganfainberg> erm
18:24:45 <morganfainberg> sorry
18:24:55 <morganfainberg> 13-17
18:25:00 <morganfainberg> somewhere in there
18:25:04 <ayoung> its the 4th of July weekedn...people might be taking vacation
18:25:17 <morganfainberg> yeah lets not do jul4-timeframe
18:25:23 <morganfainberg> the week of 13-17
18:25:35 <morganfainberg> if we're aiming for pre-m2
18:25:42 <ayoung> so either 13-15  or 15-17?
18:25:45 <marekd> the sooner the better i think.
18:25:48 <morganfainberg> or we could push to post m2
18:25:57 <dstanek> are we thinking the same deal Mon-Wed of a given week?
18:26:03 <morganfainberg> and use it as a hack-fest to test features and hack-a-way at bugs.
18:26:10 <ayoung> Sunday is the Yankees Game...ticks are already sold out
18:26:10 <morganfainberg> and non-API impacting "new things"
18:26:28 <gyee> post m2 sounds good as we'll be discussing spec for the M release anyway
18:26:32 <gyee> specs
18:26:51 <morganfainberg> if we go beyond m2, we need to commit to being able to land features w/o the midcycle
18:26:53 <morganfainberg> i think we can do it
18:27:02 <stevemar> a few weeks before m2 cuts is ideal in my mind
18:27:08 <stevemar> like a week or two
18:27:31 <morganfainberg> ayoung, so lets aim for wk of july 17, alternate wk of jul 30 [milestone 2 cut week]
18:27:37 <ayoung> Got it
18:28:03 <morganfainberg> wk of 17th is preferable, but if we can't make it work, due to Jul 4, etc, we need to go later
18:28:10 <dstanek> it the week of July 30 try to make it early in the week
18:28:15 <morganfainberg> dstanek, ++
18:28:35 <ayoung> dstanek, 27-29 Jul?
18:28:45 <dstanek> i may be speaking at PyOhio so I'll have to be there on the 31st
18:28:46 <ayoung> I turn 44 on the 18th
18:29:02 <ayoung> But that is a Saturday, so I'm safe
18:29:02 <bknudson> cake!
18:29:06 <ayoung> Cake
18:29:12 <dstanek> 27-29 would probably be fine is the prior week doesn't work out
18:29:14 <morganfainberg> #action ayoung to look into midcycle at BU: week of july 17th (preferable) or week of july 30th (alternate)
18:29:18 <stevemar> this is like the meeting times all over again :P
18:29:25 <david8hu> Free meal at Denny's
18:29:31 <morganfainberg> ok i think we're good
18:29:32 <stevemar> ++
18:29:46 <dstanek> when do you think we'll know for sure? i have until May 15 to submit a proposal; so i could just wait
18:29:51 <ayoung> My brother is a Bartender.  I'll put him on restaurant recommendation duty
18:30:01 <morganfainberg> dstanek, before may if we're doing this.
18:30:08 <dstanek> coolio
18:30:08 <morganfainberg> i want this to be confirmed before the summit
18:30:37 <stevemar> i think we're all good for now
18:30:41 <morganfainberg> next.
18:30:44 <stevemar> #topic "Official Publications for Identity"
18:30:53 <morganfainberg> So infra does something awesome.
18:31:05 <marekd> yeah, what's that actually?
18:31:05 <bknudson> they do everything awesome.
18:31:08 <stevemar> thats not news
18:31:12 <morganfainberg> http://docs.openstack.org/infra/publications/
18:31:13 <lbragstad> bknudson: ++
18:31:15 <morganfainberg> #link http://docs.openstack.org/infra/publications/
18:31:23 <lbragstad> infra is awesome at being infra, duh!
18:31:44 <morganfainberg> well i mean it is infra! (cc jeblair, clarkb, mordred) They are awesome!
18:31:46 <morganfainberg> ok
18:31:47 <morganfainberg> so anyway
18:31:55 <morganfainberg> i like that they have clear official publications
18:32:16 <stevemar> looks like a bunch of ppts
18:32:17 <morganfainberg> so is all of infra ^ (not meaning to exclude people from that list).
18:32:21 <morganfainberg> stevemar, they are not ppts
18:32:22 <morganfainberg> they are html
18:32:38 <morganfainberg> so. we should consider making official publications part of keystone
18:32:44 <bknudson> is the source in git?
18:32:50 <morganfainberg> bknudson, in a git tree
18:33:00 <gyee> isn't ayoung's younglogic the official publication for identity? :)
18:33:05 <ayoung> gyee, yes
18:33:09 <dstanek> that would be a great idea
18:33:22 <bknudson> I wish we'd spend more time on the admin guide.
18:33:31 <morganfainberg> bknudson, all docs need love
18:33:31 <lbragstad> morganfainberg: so what kind of stuff can we put in there?
18:33:34 <clarkb> my only feedback was to be careful to avoid putting things there that should arguably go in keystone's documentation
18:33:35 <marekd> morganfainberg: would it include some whitepaper-like  or publications like ayoung blog or the one we have at cern?
18:33:35 <ayoung> gyee, mine is a programmers notebook...with all that implies
18:33:40 <bknudson> http://docs.openstack.org/admin-guide-cloud/content/ch-identity-mgmt-config.html is really pathetic.
18:33:47 <gyee> lets publish them
18:34:03 <ayoung> I'd think it should be cleaned up post blog...my blog is a decent format, but the info is from "I did it once and it worked" type stuff
18:34:08 <ayoung> or "here is what I think we should do"
18:34:12 <stevemar> marekd, it looks most like... how-tos
18:34:13 <morganfainberg> lbragstad, the point is if you give a talk especially if it's relevant to how keystone is deployed/interesting beyond the basic docs
18:34:15 <morganfainberg> it should go there
18:34:23 <ayoung> so, we could take all of our blog posts as input, but then polish them...for example
18:34:27 <morganfainberg> ayoung, that is the idea, take the focus off "well this one time i did thing x"
18:34:36 <morganfainberg> another good example would be rodrigods' blog on k2k
18:34:43 <ayoung> http://dolphm.com/the-anatomy-of-openstack-keystone-token-formats/
18:34:57 <morganfainberg> or presentations at conferences
18:34:58 <gyee> I really like ayoung's use-case specific blogs, like if you want to do this, here are the steps
18:35:00 <morganfainberg> mull on this.
18:35:00 <ayoung> Or pretty much anything on dolph's blog, to include the food.
18:35:01 <bknudson> I'd rather read a blog than a ppt.
18:35:06 <marekd> stevemar: #link http://openstack-in-production.blogspot.ch/ -it is more like 'sharing our experience', something you don't necesarilly find on official docs
18:35:14 <bknudson> unless the ppt has some really nice slide transitions.
18:35:22 <morganfainberg> bknudson, the idea is they'd be published at HTML, either slide-style or blog-style
18:35:25 <morganfainberg> they are publications
18:35:35 <morganfainberg> it should work in a browser
18:35:50 <morganfainberg> but they would be *our* official publications
18:35:59 <morganfainberg> another good example would be using session auth w/ middleware
18:36:00 <marekd> jamielennox also publishes some nice posts
18:36:13 <ayoung> marekd, we really all should
18:36:15 <morganfainberg> or more in-depth session examples that don't belong in the sphix generated docs.
18:36:17 <morganfainberg> anyway
18:36:20 <ayoung> I've seen goosd things out of most of the team members
18:36:22 <morganfainberg> mull it over.
18:36:30 <morganfainberg> think on how it should look
18:36:36 <ayoung> goosd->gooses->geese?
18:36:45 <lbragstad> marekd: ++ there are a couple nice client-side posts from jamielennox that would be good examples of a publication
18:36:46 <morganfainberg> i'd like to make this a reality in liberty
18:37:07 <gyee> morganfainberg, so this is going to be a repo
18:37:11 <morganfainberg> we can publish it to an official openstack.org location (keystone docs, or work to do like infra does), however it's approached.
18:37:12 <stevemar> i think we need to figure out what to do about the admin guide
18:37:16 <gyee> just like the specs repo?
18:37:17 <morganfainberg> gyee, it would be and reviewed
18:37:22 <gyee> nice
18:37:28 <marekd> morganfainberg: ok, so is there any plan for that? Somebody voluteers to gather publications-proposals and later filter the inappripriate ones?
18:37:31 <samueldmq> btw, I have written one on 'domain specific backends on sql'
18:37:31 <samueldmq> http://www.samueldmq.com/domain-specific-configuration-on-sql/
18:37:34 <samueldmq> :)
18:37:42 <ayoung> Hey, one last thing on the Midcycle,  is the preferred range July 15-17  (Wed-Friday)
18:37:46 <morganfainberg> marekd, you'd propose the publication to the repo where it lives.
18:37:49 <morganfainberg> ayoung, yes.
18:37:53 <ayoung> Cool
18:37:53 <morganfainberg> ayoung, that works.
18:38:04 <morganfainberg> marekd, it would be reviewed. require 2x+2 / +A
18:38:10 <morganfainberg> marekd, just like a spec or code review
18:38:15 <morganfainberg> marekd, then it becomes an official publication
18:38:26 <david8hu> ayoung, I hope we all invited to your bday party :)
18:38:29 <marekd> morganfainberg: makes sense!
18:38:31 <marekd> morganfainberg: repo link ?
18:38:31 <david8hu> on the 18th
18:38:38 <morganfainberg> marekd, no repo exists yet
18:38:43 <marekd> morganfainberg: ok.
18:38:47 <lbragstad> morganfainberg: so what about maintaining them?
18:38:49 <stevemar> morganfainberg, how is infra doing it?
18:38:50 <morganfainberg> marekd, we can either do what infra does: per-branch publication in a seperate repo
18:39:08 <morganfainberg> or we can place them in our tree under sometihng /docs like but handled specifically for publications
18:39:11 <lbragstad> morganfainberg: I imagine they will get out of date, so are we going to maintain them like standard keystone docs too?
18:39:18 <morganfainberg> lbragstad, it is on us to maintain them but look at the infra link
18:39:21 <morganfainberg> they have previous versions
18:39:25 <leonchio_> :101
18:39:29 <morganfainberg> we can cycle things to older versions if they are tagged.
18:39:38 <morganfainberg> to a specific release etc
18:40:00 <morganfainberg> anyway just wanted to seed the idea
18:40:02 <morganfainberg> please think about it
18:40:05 <morganfainberg> lets move on.
18:40:09 <morganfainberg> lots to do
18:40:13 <marekd> morganfainberg: imho, it's a good idea.
18:40:36 <dstanek> i have to bail to pick up my kid; i'll be watching on mobile though
18:40:42 <marekd> there are some 'epic' publications here, floating around and used many times (like rodrigods blogspost about k2k)
18:41:00 <raildo> ++
18:41:02 <gyee> that one's awesome
18:41:19 <morganfainberg> stevemar, next topic plz.
18:41:21 <marekd> or jamielennox post about sessions.
18:41:27 <stevemar> #topic keystoneclient / keystonemiddleware stable releases
18:41:35 <stevemar> #link https://review.openstack.org/#/q/topic:bug/1411063,n,z
18:41:57 <bknudson> not much to it... we've got some security fixes in stable releases of clients / middleware
18:42:03 <bknudson> so was wondering about a release.
18:42:26 <gyee> didn't we just released 1.6.0
18:42:34 <morganfainberg> bknudson, we're waiting for a fix from dhellmann
18:42:39 <morganfainberg> bknudson, so we don't break the world
18:42:41 <bknudson> this would be stable releases (e.g., 1.5.1
18:42:44 <morganfainberg> bknudson, when we release
18:42:46 <jamielennox> morganfainberg: fix for what
18:42:51 <morganfainberg> jamielennox, uncapped libs.
18:42:58 <morganfainberg> jamielennox, or capped.. or something related to stable branches
18:43:01 <bknudson> that's in master, not stable.
18:43:09 <morganfainberg> bknudson, was talking to ttx about it today
18:43:12 <gyee> morganfainberg, I just saw an email about middleware 1.6.0 release
18:43:18 <jamielennox> ok, that saga is ongoing
18:43:21 <gyee> that's the latest right?
18:43:30 <morganfainberg> bknudson, we are waiting until dhellmann for stable releases later this week.
18:43:39 <bknudson> we've got stable branches for clients and keystonemiddleware now
18:43:54 <bknudson> so we can release a fix for 1.5.0
18:43:54 <morganfainberg> bknudson, this was specifically for the stable branches.
18:43:54 <gyee> oh, nevermind, we're talking about stable
18:44:01 <stevemar> gyee, yep
18:44:08 <morganfainberg> bknudson, but we will be doing stable releases this week.
18:44:16 <stevemar> dhellmann is currently spamming everyone :)
18:44:26 <bknudson> keystonemiddleware stable/juno is *almost* working.
18:44:38 <bknudson> I think the rest are working.
18:44:42 <morganfainberg> bknudson, thanks for chasing down all the ick on fixing those
18:44:46 <morganfainberg> bknudson, really appreciate it
18:45:02 <bknudson> having these stable branches should help out my team.
18:45:23 <morganfainberg> ok lets move to the next topic.
18:45:35 <ayoung> We should be producing Stable Branch RDO based RPMS for people than need to test them
18:45:50 <morganfainberg> as a note: we will review no-spec BPs in -keystone after this meeting
18:46:00 <stevemar> #topic Any needs to enfore unique constraint
18:46:08 <stevemar> davechen, dstanek ^
18:46:19 <davechen> I saw some comment from David about this bug (https://bugs.launchpad.net/keystone/+bug/1439928)
18:46:19 <openstack> Launchpad bug 1439928 in Keystone "can create the same type and name of a service with v3 API" [Medium,Won't fix] - Assigned to huanghao (huang1hao)
18:46:35 <ayoung> can
18:46:36 <davechen> and dolphm, so that may not b valid bug.
18:46:38 <morganfainberg> davechen, we can't make service.name unique
18:46:39 <ayoung> can't break it
18:46:44 <morganfainberg> it would break lots of deployments
18:46:45 <ayoung> we don't know how people are using it
18:46:55 <morganfainberg> we *could* make service.name + service.type unique
18:47:09 <morganfainberg> but it still leaves doors open to break people
18:47:13 <davechen> yes, I want to know what you think about this bug
18:47:14 <davechen> https://bugs.launchpad.net/keystone/+bug/1403408
18:47:14 <openstack> Launchpad bug 1403408 in Keystone "Redundant endpoints found in the table "endpoint"" [Medium,Confirmed] - Assigned to Dave Chen (wei-d-chen)
18:47:16 <bknudson> I think this would be against the API stability guideline: https://wiki.openstack.org/wiki/APIChangeGuidelines
18:47:18 <stevemar> morganfainberg, i would think that still breaks people
18:47:28 <morganfainberg> stevemar, less likely, but possible.
18:47:29 <davechen> looks like they are similar
18:47:46 <morganfainberg> this is a case of: sucks but we're stuck with it.
18:47:47 <ayoung> config option, maybe?
18:47:47 <bknudson> so we could change it but that would require opt-in.
18:48:10 <morganfainberg> ayoung, with a config option and enforced at the manager and/or driver layer?
18:48:13 <morganfainberg> sounds icky to me.
18:48:16 <ayoung> yep
18:48:22 <ayoung> ickissimo
18:48:24 <stevemar> ++ on the ickyness
18:48:27 <bknudson> wouldn't be thread-safe.
18:48:32 <bknudson> multiprocess-safe
18:48:33 <jamielennox> your config option would need to detect if it was an upgrade or a new install
18:48:34 <morganfainberg> bknudson, at the driver layer we could do it.
18:48:42 <morganfainberg> bknudson, with optimistic locking style... but still ick
18:48:52 <morganfainberg> we just need to document this limitation i think
18:49:01 <morganfainberg> and say "sorry wont fix" across the board
18:49:11 <morganfainberg> with microversions and/or V4 API we can fix.
18:49:15 <ayoung> is it really a problem?
18:49:15 <morganfainberg> but not until then.
18:49:22 <stevemar> ayoung, not really
18:49:25 <morganfainberg> ayoung, the non-unique name+type is a ux complaint
18:49:26 <ayoung> k
18:49:32 <bknudson> I keep doing this and it hurts.
18:49:51 <jamielennox> yea, it creates weird catalogs too
18:50:12 <gyee> in the real word, adding a new service is a workflow
18:50:12 <stevemar> we can definitely fix it for v4 or microversions
18:50:13 <davechen> document it is good idea. Shall we also document it about the "endponts"?
18:50:52 <morganfainberg> davechen, yeah lets add clear warnings/documentation
18:50:55 <davechen> looks like endpoint_group also miss unique contraint.
18:51:04 <stevemar> ten minutes left, next topic
18:51:08 <morganfainberg> davechen, endpoint_group is a slightly different deal
18:51:11 <morganfainberg> anyway next topic.
18:51:20 <morganfainberg> stevemar, back to liberty priorities
18:51:23 <stevemar> k
18:51:27 <morganfainberg> if any are meant to be discussed
18:51:34 <stevemar> #topic Liberty Priorities part duex
18:51:39 <stevemar> #link https://etherpad.openstack.org/p/keystone-liberty-priority-specs
18:51:59 <morganfainberg> #info please review https://etherpad.openstack.org/p/Keystone-liberty-summit-brainstorm and +/- with name for support of discussion at the summit (fishbowl sessions)
18:52:02 <gyee> I need to catch ayoung about a generic way to do tokenless
18:52:06 <gyee> maybe after lunch
18:52:09 <ayoung> gyee, sure
18:52:15 <ayoung> gyee, I think it is really close
18:52:21 <stevemar> anyone have any strong feelings towards the proposed specs?
18:52:33 <gyee> ayoung, I do want to think about other mechanisms like kerberos
18:52:42 <gyee> kerberos is on a lot of folks mind
18:52:42 <morganfainberg> please propose specs to the backlog for things you'd like to see in liberty.
18:53:02 <stevemar> i don't think domain config improvements counts as a spec?
18:53:11 <marekd> gyee: some bits in the mapping engine were missing to make it happen, remember which ones?
18:53:18 <morganfainberg> stevemar, it's a spec, API impacting, but not one of the 5 features
18:53:19 <tchaypo> :
18:53:26 <morganfainberg> stevemar, it's a need to make domain-sql "stable"
18:53:28 <gyee> marekd, I think we're all good
18:53:30 <bknudson> what are the expectations for approving for backlog? is it the same for approving for L?
18:53:35 <gyee> the mapping has all we needed
18:53:38 <stevemar> morganfainberg, ah okay
18:53:41 <morganfainberg> bknudson, approved to backlog is "good idea and we want it"
18:53:42 <bknudson> or do we not need all the details for a backlog spec?
18:53:51 <morganfainberg> bknudson, approved to L is "full spec, all details hashed out"
18:54:02 <morganfainberg> bknudson, backlog means anyone can pick it up and run with it
18:54:05 <stevemar> morganfainberg, we should sub-divide that list to 'new features' vs 'minor features' ... maybe
18:54:08 <morganfainberg> bknudson, we know we like the idea.
18:54:23 <morganfainberg> stevemar, sounds good, most "minor" things are tagged in the etherpad with (minor)
18:54:35 <stevemar> so they are...
18:54:41 <morganfainberg> bknudson, but it might need more fleshing out before we approve for a specific release.
18:54:48 <stevemar> dual scoped tokens?
18:54:54 <stevemar> whats that about?
18:54:54 <gyee> whahhh?!
18:54:56 <morganfainberg> bknudson, example is the one i just proposed, it has a TBD for the API spec.
18:55:02 <bknudson> ok, I'll use those criteria.
18:55:02 <morganfainberg> stevemar, domain+project = same thing
18:55:04 <gyee> stevemar, dual scope?
18:55:24 <stevemar> hmph, okay...
18:55:34 <jamielennox> can we not call that dual-scoped
18:55:41 <stevemar> yeah
18:55:46 <morganfainberg> bknudson, my goal with the backlog is to flush out bad ideas, and have a store of good ideas for when people say "hey i want to contribute what can i work on"
18:55:57 <stevemar> sounds like it was going to be scoped to two projects or some nonsense
18:56:09 <morganfainberg> jamielennox, yeah dual-scope is bad name
18:56:28 <bknudson> Can I scope one token to 2 keystones?
18:56:42 <stevemar> bknudson, you're welcome to try
18:56:50 <gyee> bknudson, yes, its called federation
18:57:00 <stevemar> reseller, tokenless auth, dynamic policy, already at 3/5 major new features
18:57:13 <morganfainberg> bknudson, with fernet, possible
18:57:15 <marekd> what's about tokenless auth?
18:57:25 <marekd> sounds kickass'y
18:57:27 <morganfainberg> bknudson, but the assignment data would need to be synchronised
18:57:42 <gyee> marekd, kickassess'y
18:57:55 <ayoung> marekd, its for servcie users, so they don't need to go, get a token, and then perform the operation.  Its dumb to get a token to validate a token.
18:58:08 <morganfainberg> ayoung, also for getting a token i would support
18:58:12 <gyee> ayoung, we can do that for horizon too, in theory
18:58:19 <morganfainberg> ayoung, generally supporting client-certs or alternatives for any keystone action.
18:58:34 <ayoung> Horizon shouldn't need it.  But no reason to limit who can use it
18:58:35 <morganfainberg> ayoung, but i don't want to make middleware have to figure all that out for a user.
18:58:35 <stevemar> marekd, it was bumped from L the spec is avail in backlog
18:58:50 <stevemar> MFA / trusted devices would be cool
18:59:28 <stevemar> any last remarks?
18:59:29 <bknudson> trusted devices for what?
18:59:46 <stevemar> bknudson, things to provide you pin numbers for MFA
18:59:47 <bknudson> should be using barbican.
18:59:49 <morganfainberg> bknudson, "trusted browser" don't ask me for MFA token again for 30mins
18:59:50 <stevemar> i assume
19:00:04 <morganfainberg> stevemar, time
19:00:08 <stevemar> #endmeeting