#openstack-meeting log

18:00:15 <lbragstad> #startmeeting keystone
18:00:16 <openstack> Meeting started Tue Jul 11 18:00:15 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:17 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:19 <openstack> The meeting name has been set to 'keystone'
18:00:20 <samueldmq> o/
18:00:21 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
18:00:24 <lbragstad> o/
18:00:30 <lbragstad> welcome back!
18:00:43 <samueldmq> hey lbragstad
18:00:46 <gagehugo> o/
18:00:54 <raildo> o/
18:01:02 <spilla_> o/
18:01:39 <lbragstad> we'll give it another minute for folks to trickle in
18:01:44 <edmondsw> o/
18:02:22 <bknudson> hi
18:03:08 <lbragstad> #topic Announcements
18:03:26 <lbragstad> #info let's start planning for the PTG in september
18:03:30 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119299.html
18:03:50 <lbragstad> i've started an etherpad and bootstrapped it with the usual topics
18:03:55 <lbragstad> #link https://etherpad.openstack.org/p/keystone-queens-ptg
18:04:15 <samueldmq> lbragstad: just added to the etherpad, we will have somethign interesting for Queens
18:04:16 <lbragstad> please feel free to start adding to it
18:04:18 <samueldmq> #link https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L36-L45
18:04:39 <lbragstad> samueldmq: yeah - that'd be a good one to finally get rid of
18:04:48 <samueldmq> removal of v2.0 CRUD APIs
18:05:02 <lbragstad> in a few weeks we will start grouping like topics together much like we did for the PTG in atlanta
18:05:23 <samueldmq> that will help on being productive at the PTG
18:05:28 <lbragstad> start thinking of cross project items - i'd like to start coordinating those topics sooner rather than later
18:05:59 <lbragstad> #topic Removing sample_data.sh
18:06:05 <lbragstad> i sent a thread about this
18:06:10 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119309.html
18:06:16 <lbragstad> cmurphy: thanks for your reply there
18:06:32 <lbragstad> i'd appreciate opinions or ideas on what we should do with that
18:06:51 <lbragstad> right now - i think we either need to formally test it somehow or remove it
18:06:57 <samueldmq> what does devstack use to set up the sample data?
18:07:07 <lbragstad> bootstrap
18:07:09 <samueldmq> that data seems pretty similar to some of what devstack sets up
18:07:12 <lbragstad> `keystone-manage bootstrap`
18:07:39 <samueldmq> lbragstad: but that smaple_data also includes adding other services, other users and projects (like demo, admin)
18:07:40 <bknudson> what sample data?
18:07:49 <samueldmq> bknudson: ^
18:07:50 <bknudson> right, like a demo user
18:08:29 <samueldmq> and our script also does that https://github.com/openstack/keystone/blob/82f60fe22c405829f8e5f6576f25cf3663b10f73/tools/sample_data.sh#L31-L38
18:08:30 <lbragstad> it'd be nice to have the backstory on that
18:08:55 <lbragstad> i'm not sure where that script came from - but if it's useful and if we want to keep it, we should find a way to test it
18:08:59 <hrybacki> o/
18:09:04 <samueldmq> I wonder if ours isnt somehting that is replaced by what they have, then there is no reason to keep ours
18:09:20 <bknudson> the history is in git.
18:10:00 <lbragstad> #link https://github.com/openstack/keystone/commit/09a64dd862463fe116c4ddb8aee538e4bc7f56e0
18:10:20 <samueldmq> https://github.com/openstack/keystone/commit/09a64dd862463fe116c4ddb8aee538e4bc7f56e0
18:10:33 <samueldmq> lbragstad: exactly. and I guess it isnt used by devstack anymore
18:12:00 <samueldmq> #link https://github.com/openstack-dev/devstack/blob/66109302ab51ce89c5d2e9fe0e01cbdca8963fbf/lib/keystone#L309
18:12:16 <samueldmq> this should replace what we have ^ since it's what devstack uses
18:12:49 <bknudson> we don't need to do what devstack does.
18:13:03 <bknudson> devstack is for testing
18:13:16 <lbragstad> devstack already does it - so if anything i would think we could remove it
18:13:22 <samueldmq> and that means we dont need what that script does
18:13:33 <samueldmq> keystone goes standalone, keystone-manage bootstrap is enough
18:13:54 <lbragstad> ok - sounds like i need to follow up on my ML thread then
18:14:11 <samueldmq> if one wants to get more things in keystone for testing, get a devstack
18:14:23 <samueldmq> cmurphy: does that make sense to you too ?
18:14:25 <samueldmq> lbragstad: ++
18:14:42 <lbragstad> ok
18:14:44 <lbragstad> moving on
18:14:48 <lbragstad> #topic VMT Coverage
18:14:50 <lbragstad> gagehugo: o/
18:14:55 <gagehugo> o/
18:14:59 <gagehugo> #link https://review.openstack.org/#/c/447139/
18:15:18 <gagehugo> we had talked about getting VMT coverage for multiple keystone services at the Atlanta PTG
18:15:31 <samueldmq> gagehugo: can we get an overview what VMT is about again?
18:15:35 <samueldmq> so we're all in the same page
18:15:46 <gagehugo> samueldmq uh sure one sec it's been awhile
18:16:06 <gagehugo> there was an etherpad on it from the ATL PTG
18:16:07 <lbragstad> #link https://security.openstack.org/vmt-process.html
18:16:19 <gagehugo> lbragstad thanks
18:16:50 <lbragstad> notes from the session
18:16:54 <lbragstad> #link https://etherpad.openstack.org/p/pike-ptg-keystone-vmt-coverage
18:17:04 <lbragstad> last i remember is that we were waiting on reviews from the security team
18:17:35 <gagehugo> yeah, the middleware doc was written right before the osic thing happened
18:17:48 <lbragstad> things kinda fizzled out after that
18:17:58 <gagehugo> we had a couple people to review it, but I think they were no longer full-time security after that
18:18:17 <lbragstad> gagehugo: maybe reach back out to the security team and see where things stand?
18:18:29 <gagehugo> lbragstad will do
18:18:40 <lbragstad> #action gagehugo to reach back out to the security team about keystonemiddleware VMT coverage
18:18:42 <lbragstad> gagehugo: thanks!
18:18:45 <gagehugo> wasn't sure if there was anything else we should do?
18:19:01 <lbragstad> gagehugo: i don't think so - we were waiting on feedback
18:19:33 <lbragstad> gagehugo: anything else VMT related besides that?
18:19:37 <gagehugo> nope
18:19:41 <lbragstad> #topic Configuration guides from openstack-manuals
18:19:47 <lbragstad> sjain_: o/
18:19:54 <sjain_> Hi
18:20:13 <sjain_> https://review.openstack.org/#/c/474543/
18:20:32 <sjain_> the configuration references docs have been migrated as per the specs
18:20:37 <lbragstad> #link https://review.openstack.org/#/c/474543/
18:20:38 <lbragstad> awesome
18:20:46 <sjain_> https://review.openstack.org/#/c/479631/
18:20:50 <lbragstad> looks like it's all being generated automatically from the code, too
18:20:52 <lbragstad> which is great
18:20:55 <sjain_> just need someone to review those :D
18:21:00 <sjain_> yeah
18:21:02 <lbragstad> #link https://review.openstack.org/#/c/479631/
18:21:09 <sjain_> thanks for the review lbragstad
18:21:13 <lbragstad> sjain_: no problem
18:21:26 <lbragstad> sjain_: that should be the last few patches for the doc-migration work for keystone, right?
18:21:37 <sjain_> samueldmq: can you also review these pls
18:21:42 <sjain_> yes I think
18:21:46 <samueldmq> sjain_: sure
18:21:50 <lbragstad> then we have to go through all the other identity project docs - but that shouldn't be too bad
18:21:54 <sjain_> these were all we needed to migrate
18:22:05 <sjain_> I have one thing to discuss
18:22:06 <sjain_> https://review.openstack.org/#/c/482139/
18:22:16 <sjain_> thanks gagehugo for the review here
18:22:42 <gagehugo> sjain_ np!
18:22:55 <sjain_> should this change from policy.json to policy.yaml be done on all other docs too?
18:22:56 <samueldmq> sjain_: lbragstad: all approved.
18:23:05 <sjain_> thanks :)
18:23:09 <lbragstad> sjain_: i would make it consistent for sure
18:23:14 <lbragstad> otherwise it could be confusing
18:23:18 <samueldmq> sjain_: there were a couple of comments from gagehugo, make sure to addresss them in a follow up
18:23:34 <samueldmq> lbragstad: ++
18:23:36 <lbragstad> we should also try to include a statement explaining the difference between a policy.yaml and policy.json
18:23:43 <sjain_> samueldmq: yes I'm working on those
18:23:47 <gagehugo> lbragstad ++
18:23:48 <samueldmq> lbragstad: agreed
18:23:49 <lbragstad> or if that's already done in oslo.policy, we can just link to it
18:23:56 <samueldmq> otherwise people will find htey have different intents
18:24:16 <lbragstad> i wouldn't be opposed to doing that in a follow on patch
18:24:42 * lbragstad has a ton of documentation patches to rebase
18:25:01 <sjain_> okay a new patch explaining the difference
18:25:18 <lbragstad> sjain_: chances are that's already documented somewhere
18:25:23 <lbragstad> probably in oslo.policy
18:25:40 <lbragstad> #link https://docs.openstack.org/oslo.policy/latest/admin/index.html
18:25:42 <lbragstad> yep
18:25:46 <sjain_> okay I'll search there
18:25:57 <sjain_> thanks!
18:26:17 <lbragstad> we can tastefully incorporate a link to that document somewhere in our docs though
18:26:47 <sjain_> okay
18:27:29 <lbragstad> sjain_: do you have anything else doc-migration wise?
18:28:12 <sjain_> no, once this is migrated I'll be making new directories as per the spec
18:28:20 <lbragstad> ok
18:28:26 <sjain_> I have one thing docs related
18:28:50 <sjain_> I was earlier working on improving devdocs
18:29:09 <sjain_> this patch is failing tests after several rechecks, https://review.openstack.org/#/c/476541/
18:29:28 <sjain_> all other changes have been made
18:29:55 <sjain_> and it should be easy to review
18:29:56 <lbragstad> hmm
18:29:57 <lbragstad> Details: {'created': '2017-07-11T10:31:28Z', 'code': 500, 'message': 'Build of instance 6b4db404-333d-4e98-b4f9-6158486b6687 aborted: Block Device Mapping is Invalid.'}
18:30:51 <gagehugo> jenkins was super unstable yesterday it seems, maybe also early this morning
18:31:08 <lbragstad> at first glance - it looks unrelated
18:31:23 <samueldmq> yes, definitely unrelated
18:31:25 <sjain_> yes it seems so
18:31:37 <samueldmq> our docs should not cause Block Device Mapping to be invalid :-)
18:31:51 <sjain_> the two patches after that are already complete
18:32:03 <sjain_> so I'm just waiting for these tests to pass
18:32:11 <lbragstad> sjain_: sounds good
18:32:38 <lbragstad> we also need to migrate each of our libraries
18:32:46 <lbragstad> #link https://etherpad.openstack.org/p/doc-migration-tracking
18:32:56 <lbragstad> line 210
18:32:56 <bknudson> there should be a way to skip tests if only the docs are changing.
18:33:17 <lbragstad> bknudson: yeah - that'd quicken up the queue for sure
18:33:33 <sjain_> oh is there any?
18:34:03 <bknudson> I think other projects have something set up like that…
18:34:14 <bknudson> but I've never looked into it myself.
18:34:14 <lbragstad> i'm not sure we do for keystone specifically
18:34:27 <sjain_> oh okay
18:34:29 <gagehugo> I think we just run everything
18:34:51 <gagehugo> could probably do that, would need to change the gates
18:34:59 <lbragstad> yeah
18:35:48 <lbragstad> for the identity related libraries - i'll take a stab at keystoneauth and keystonemiddleware
18:35:53 <sjain_> lbragstad: I'll look into migration of some libraries too
18:36:18 <lbragstad> sjain_: do you want to take ldappool and pycadf?
18:36:25 <sjain_> yup sure
18:36:38 <lbragstad> awesome
18:36:41 <lbragstad> sjain_: thank you
18:36:47 <sjain_> no prob :)
18:36:56 <lbragstad> i'll get that on my schedule or thursday
18:37:05 <lbragstad> they should hopefully go quick
18:37:29 <sjain_> yeah
18:37:35 <lbragstad> sjain_: anything else doc related?
18:37:53 <sjain_> no that would be all :)
18:37:57 <lbragstad> #topic Office Hours
18:38:06 <lbragstad> just a reminder that we have office hours today after the keystone meeting
18:38:12 <lbragstad> for those interested in attending
18:38:53 <lbragstad> is anyone else planning on being available for it?
18:39:08 <hrybacki> lbragstad: it's almost 9 here and I need to go eat dinner =/
18:39:16 <gagehugo> I'll be available
18:39:38 <lbragstad> hrybacki: no worries
18:39:43 <lbragstad> gagehugo: ++
18:40:14 <lbragstad> that's all for the agenda
18:40:18 <lbragstad> #topic open discussion
18:40:24 <lbragstad> the floor is open
18:40:24 <samueldmq> lbragstad: I am around for reviews
18:40:31 <lbragstad> samueldmq: ++ good deal
18:40:32 <samueldmq> for the office hours
18:40:48 <samueldmq> so anyone needing reviews for bug-related stuff, please feel free to ping me
18:40:54 <eandersson> How about the deprecation of templated?
18:40:59 <eandersson> *templated catalog
18:41:17 <eandersson> Was that discussed already?
18:41:32 <bknudson> For some reason I thought the templated catalog was deprecated a while ago.
18:41:44 <lbragstad> i thought so too
18:41:44 <bknudson> It was never updated for v3 even.
18:41:53 <lbragstad> #link https://github.com/openstack/keystone/blob/0731dab01a5d2da9650b67ebe8b91e825795c0ba/keystone/catalog/backends/templated.py
18:42:12 <eandersson> The v3 catalog code was in the base class for some reason
18:42:24 <eandersson> I moved it into the templated class in this https://review.openstack.org/#/c/482364/
18:42:29 <samueldmq> I wouldnt expect many people to use it in production, a quick note in the operators list + deprecation would be nice
18:42:53 <bknudson> sure, but it's still broken for v3 since there's info missing.
18:43:28 <eandersson> Yea - for sure
18:43:50 <bknudson> endpoint IDs, I think.
18:44:08 <lbragstad> we should keep the interfaces in base.py, push sql stuff to sql.py and remove template.py all together
18:44:26 <bknudson> people liked the templated backend since it should be faster.
18:44:46 <eandersson> It's easiest to manage as well imo
18:44:48 <bknudson> (maybe caching makes the sql backend as fast)
18:44:52 <lbragstad> eandersson: are you opposed to fixing it versus removing it?
18:45:11 <lbragstad> bknudson: that's certainly a possibility if configured properly
18:45:21 <eandersson> Either one is fine for me
18:45:35 <eandersson> We use it, it works
18:45:57 <bknudson> might be a good idea to bring it up to date for v3 (maybe use yaml)
18:45:57 <lbragstad> ok - that makes me lean towards keeping it and fixing it
18:46:11 <eandersson> but yea - I like the yaml idea
18:46:18 <lbragstad> i agree
18:46:43 <eandersson> Would be nice to backport a fix though
18:46:48 <bknudson> really just need someone willing to do the work
18:47:15 <lbragstad> eandersson: backport https://review.openstack.org/#/c/482364/ ?
18:47:25 <eandersson> Yea
18:47:37 <eandersson> That is the major issue with catalog templates
18:47:49 <eandersson> Breaks basic services like Horizon
18:48:03 <lbragstad> eandersson: would you be able to open a bug for that?
18:48:07 <eandersson> Sure
18:48:31 <lbragstad> then we can discuss the possibility of a backport based on the proposed solution and document it there
18:49:02 <eandersson> Sounds good
18:49:09 <lbragstad> eandersson: awesome - thank you
18:49:36 <lbragstad> does anyone have anything else?
18:49:48 <gagehugo> feature freeze is july 28th right?
18:50:06 <lbragstad> yep
18:50:20 <lbragstad> #link https://releases.openstack.org/pike/schedule.html
18:50:49 <gagehugo> ok
18:51:01 <lbragstad> gagehugo: how's the project tag implementation coming along?
18:51:06 <lbragstad> gagehugo: i need to review it soon
18:51:40 <gagehugo> making progress, still needs more unit tests
18:51:46 <lbragstad> ack
18:51:53 <gagehugo> I know ksc and osc work is going as well
18:52:01 <lbragstad> good deal
18:52:28 <lbragstad> the final release for client libraries is going to be that same week
18:52:35 <gagehugo> good to know
18:52:53 <lbragstad> also - for those interested
18:52:57 <bknudson> I think oslo is next week.
18:53:02 <bknudson> e.g. oslo.policy
18:53:40 <lbragstad> #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119465.html
18:53:46 * morgan is lurking
18:54:07 <lbragstad> fwiw - i have a PoC of global roles implemented locally
18:54:15 <lbragstad> i'll be pushing that for review soon
18:54:20 <samueldmq> lbragstad: nice
18:54:39 <samueldmq> already integrated with policy? used in other services?
18:54:45 <samueldmq> or just keystone crud for now?
18:54:47 <lbragstad> no - it's just the assignment bits
18:54:59 * samueldmq nods
18:55:03 <lbragstad> i need to write another patch to implement the scoping parts
18:55:04 <samueldmq> that's a lot already :)
18:55:21 <samueldmq> will be nice to have a complete poc for the ptg
18:55:23 <lbragstad> then it should be consumable
18:55:29 <lbragstad> yeah - that's the goal
18:55:34 <samueldmq> nice
18:56:06 <lbragstad> alrighty - anything else?
18:57:06 <lbragstad> thanks for coming!
18:57:09 <samueldmq> thanks
18:57:09 <lbragstad> #endmeeting