18:00:15 #startmeeting keystone 18:00:16 Meeting started Tue Jul 11 18:00:15 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:17 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:19 The meeting name has been set to 'keystone' 18:00:20 o/ 18:00:21 #link https://etherpad.openstack.org/p/keystone-weekly-meeting 18:00:24 o/ 18:00:30 welcome back! 18:00:43 hey lbragstad 18:00:46 o/ 18:00:54 o/ 18:01:02 o/ 18:01:39 we'll give it another minute for folks to trickle in 18:01:44 o/ 18:02:22 hi 18:03:08 #topic Announcements 18:03:26 #info let's start planning for the PTG in september 18:03:30 #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119299.html 18:03:50 i've started an etherpad and bootstrapped it with the usual topics 18:03:55 #link https://etherpad.openstack.org/p/keystone-queens-ptg 18:04:15 lbragstad: just added to the etherpad, we will have somethign interesting for Queens 18:04:16 please feel free to start adding to it 18:04:18 #link https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L36-L45 18:04:39 samueldmq: yeah - that'd be a good one to finally get rid of 18:04:48 removal of v2.0 CRUD APIs 18:05:02 in a few weeks we will start grouping like topics together much like we did for the PTG in atlanta 18:05:23 that will help on being productive at the PTG 18:05:28 start thinking of cross project items - i'd like to start coordinating those topics sooner rather than later 18:05:59 #topic Removing sample_data.sh 18:06:05 i sent a thread about this 18:06:10 #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119309.html 18:06:16 cmurphy: thanks for your reply there 18:06:32 i'd appreciate opinions or ideas on what we should do with that 18:06:51 right now - i think we either need to formally test it somehow or remove it 18:06:57 what does devstack use to set up the sample data? 18:07:07 bootstrap 18:07:09 that data seems pretty similar to some of what devstack sets up 18:07:12 `keystone-manage bootstrap` 18:07:39 lbragstad: but that smaple_data also includes adding other services, other users and projects (like demo, admin) 18:07:40 what sample data? 18:07:49 bknudson: ^ 18:07:50 right, like a demo user 18:08:29 and our script also does that https://github.com/openstack/keystone/blob/82f60fe22c405829f8e5f6576f25cf3663b10f73/tools/sample_data.sh#L31-L38 18:08:30 it'd be nice to have the backstory on that 18:08:55 i'm not sure where that script came from - but if it's useful and if we want to keep it, we should find a way to test it 18:08:59 o/ 18:09:04 I wonder if ours isnt somehting that is replaced by what they have, then there is no reason to keep ours 18:09:20 the history is in git. 18:10:00 #link https://github.com/openstack/keystone/commit/09a64dd862463fe116c4ddb8aee538e4bc7f56e0 18:10:20 https://github.com/openstack/keystone/commit/09a64dd862463fe116c4ddb8aee538e4bc7f56e0 18:10:33 lbragstad: exactly. and I guess it isnt used by devstack anymore 18:12:00 #link https://github.com/openstack-dev/devstack/blob/66109302ab51ce89c5d2e9fe0e01cbdca8963fbf/lib/keystone#L309 18:12:16 this should replace what we have ^ since it's what devstack uses 18:12:49 we don't need to do what devstack does. 18:13:03 devstack is for testing 18:13:16 devstack already does it - so if anything i would think we could remove it 18:13:22 and that means we dont need what that script does 18:13:33 keystone goes standalone, keystone-manage bootstrap is enough 18:13:54 ok - sounds like i need to follow up on my ML thread then 18:14:11 if one wants to get more things in keystone for testing, get a devstack 18:14:23 cmurphy: does that make sense to you too ? 18:14:25 lbragstad: ++ 18:14:42 ok 18:14:44 moving on 18:14:48 #topic VMT Coverage 18:14:50 gagehugo: o/ 18:14:55 o/ 18:14:59 #link https://review.openstack.org/#/c/447139/ 18:15:18 we had talked about getting VMT coverage for multiple keystone services at the Atlanta PTG 18:15:31 gagehugo: can we get an overview what VMT is about again? 18:15:35 so we're all in the same page 18:15:46 samueldmq uh sure one sec it's been awhile 18:16:06 there was an etherpad on it from the ATL PTG 18:16:07 #link https://security.openstack.org/vmt-process.html 18:16:19 lbragstad thanks 18:16:50 notes from the session 18:16:54 #link https://etherpad.openstack.org/p/pike-ptg-keystone-vmt-coverage 18:17:04 last i remember is that we were waiting on reviews from the security team 18:17:35 yeah, the middleware doc was written right before the osic thing happened 18:17:48 things kinda fizzled out after that 18:17:58 we had a couple people to review it, but I think they were no longer full-time security after that 18:18:17 gagehugo: maybe reach back out to the security team and see where things stand? 18:18:29 lbragstad will do 18:18:40 #action gagehugo to reach back out to the security team about keystonemiddleware VMT coverage 18:18:42 gagehugo: thanks! 18:18:45 wasn't sure if there was anything else we should do? 18:19:01 gagehugo: i don't think so - we were waiting on feedback 18:19:33 gagehugo: anything else VMT related besides that? 18:19:37 nope 18:19:41 #topic Configuration guides from openstack-manuals 18:19:47 sjain_: o/ 18:19:54 Hi 18:20:13 https://review.openstack.org/#/c/474543/ 18:20:32 the configuration references docs have been migrated as per the specs 18:20:37 #link https://review.openstack.org/#/c/474543/ 18:20:38 awesome 18:20:46 https://review.openstack.org/#/c/479631/ 18:20:50 looks like it's all being generated automatically from the code, too 18:20:52 which is great 18:20:55 just need someone to review those :D 18:21:00 yeah 18:21:02 #link https://review.openstack.org/#/c/479631/ 18:21:09 thanks for the review lbragstad 18:21:13 sjain_: no problem 18:21:26 sjain_: that should be the last few patches for the doc-migration work for keystone, right? 18:21:37 samueldmq: can you also review these pls 18:21:42 yes I think 18:21:46 sjain_: sure 18:21:50 then we have to go through all the other identity project docs - but that shouldn't be too bad 18:21:54 these were all we needed to migrate 18:22:05 I have one thing to discuss 18:22:06 https://review.openstack.org/#/c/482139/ 18:22:16 thanks gagehugo for the review here 18:22:42 sjain_ np! 18:22:55 should this change from policy.json to policy.yaml be done on all other docs too? 18:22:56 sjain_: lbragstad: all approved. 18:23:05 thanks :) 18:23:09 sjain_: i would make it consistent for sure 18:23:14 otherwise it could be confusing 18:23:18 sjain_: there were a couple of comments from gagehugo, make sure to addresss them in a follow up 18:23:34 lbragstad: ++ 18:23:36 we should also try to include a statement explaining the difference between a policy.yaml and policy.json 18:23:43 samueldmq: yes I'm working on those 18:23:47 lbragstad ++ 18:23:48 lbragstad: agreed 18:23:49 or if that's already done in oslo.policy, we can just link to it 18:23:56 otherwise people will find htey have different intents 18:24:16 i wouldn't be opposed to doing that in a follow on patch 18:24:42 * lbragstad has a ton of documentation patches to rebase 18:25:01 okay a new patch explaining the difference 18:25:18 sjain_: chances are that's already documented somewhere 18:25:23 probably in oslo.policy 18:25:40 #link https://docs.openstack.org/oslo.policy/latest/admin/index.html 18:25:42 yep 18:25:46 okay I'll search there 18:25:57 thanks! 18:26:17 we can tastefully incorporate a link to that document somewhere in our docs though 18:26:47 okay 18:27:29 sjain_: do you have anything else doc-migration wise? 18:28:12 no, once this is migrated I'll be making new directories as per the spec 18:28:20 ok 18:28:26 I have one thing docs related 18:28:50 I was earlier working on improving devdocs 18:29:09 this patch is failing tests after several rechecks, https://review.openstack.org/#/c/476541/ 18:29:28 all other changes have been made 18:29:55 and it should be easy to review 18:29:56 hmm 18:29:57 Details: {'created': '2017-07-11T10:31:28Z', 'code': 500, 'message': 'Build of instance 6b4db404-333d-4e98-b4f9-6158486b6687 aborted: Block Device Mapping is Invalid.'} 18:30:51 jenkins was super unstable yesterday it seems, maybe also early this morning 18:31:08 at first glance - it looks unrelated 18:31:23 yes, definitely unrelated 18:31:25 yes it seems so 18:31:37 our docs should not cause Block Device Mapping to be invalid :-) 18:31:51 the two patches after that are already complete 18:32:03 so I'm just waiting for these tests to pass 18:32:11 sjain_: sounds good 18:32:38 we also need to migrate each of our libraries 18:32:46 #link https://etherpad.openstack.org/p/doc-migration-tracking 18:32:56 line 210 18:32:56 there should be a way to skip tests if only the docs are changing. 18:33:17 bknudson: yeah - that'd quicken up the queue for sure 18:33:33 oh is there any? 18:34:03 I think other projects have something set up like that… 18:34:14 but I've never looked into it myself. 18:34:14 i'm not sure we do for keystone specifically 18:34:27 oh okay 18:34:29 I think we just run everything 18:34:51 could probably do that, would need to change the gates 18:34:59 yeah 18:35:48 for the identity related libraries - i'll take a stab at keystoneauth and keystonemiddleware 18:35:53 lbragstad: I'll look into migration of some libraries too 18:36:18 sjain_: do you want to take ldappool and pycadf? 18:36:25 yup sure 18:36:38 awesome 18:36:41 sjain_: thank you 18:36:47 no prob :) 18:36:56 i'll get that on my schedule or thursday 18:37:05 they should hopefully go quick 18:37:29 yeah 18:37:35 sjain_: anything else doc related? 18:37:53 no that would be all :) 18:37:57 #topic Office Hours 18:38:06 just a reminder that we have office hours today after the keystone meeting 18:38:12 for those interested in attending 18:38:53 is anyone else planning on being available for it? 18:39:08 lbragstad: it's almost 9 here and I need to go eat dinner =/ 18:39:16 I'll be available 18:39:38 hrybacki: no worries 18:39:43 gagehugo: ++ 18:40:14 that's all for the agenda 18:40:18 #topic open discussion 18:40:24 the floor is open 18:40:24 lbragstad: I am around for reviews 18:40:31 samueldmq: ++ good deal 18:40:32 for the office hours 18:40:48 so anyone needing reviews for bug-related stuff, please feel free to ping me 18:40:54 How about the deprecation of templated? 18:40:59 *templated catalog 18:41:17 Was that discussed already? 18:41:32 For some reason I thought the templated catalog was deprecated a while ago. 18:41:44 i thought so too 18:41:44 It was never updated for v3 even. 18:41:53 #link https://github.com/openstack/keystone/blob/0731dab01a5d2da9650b67ebe8b91e825795c0ba/keystone/catalog/backends/templated.py 18:42:12 The v3 catalog code was in the base class for some reason 18:42:24 I moved it into the templated class in this https://review.openstack.org/#/c/482364/ 18:42:29 I wouldnt expect many people to use it in production, a quick note in the operators list + deprecation would be nice 18:42:53 sure, but it's still broken for v3 since there's info missing. 18:43:28 Yea - for sure 18:43:50 endpoint IDs, I think. 18:44:08 we should keep the interfaces in base.py, push sql stuff to sql.py and remove template.py all together 18:44:26 people liked the templated backend since it should be faster. 18:44:46 It's easiest to manage as well imo 18:44:48 (maybe caching makes the sql backend as fast) 18:44:52 eandersson: are you opposed to fixing it versus removing it? 18:45:11 bknudson: that's certainly a possibility if configured properly 18:45:21 Either one is fine for me 18:45:35 We use it, it works 18:45:57 might be a good idea to bring it up to date for v3 (maybe use yaml) 18:45:57 ok - that makes me lean towards keeping it and fixing it 18:46:11 but yea - I like the yaml idea 18:46:18 i agree 18:46:43 Would be nice to backport a fix though 18:46:48 really just need someone willing to do the work 18:47:15 eandersson: backport https://review.openstack.org/#/c/482364/ ? 18:47:25 Yea 18:47:37 That is the major issue with catalog templates 18:47:49 Breaks basic services like Horizon 18:48:03 eandersson: would you be able to open a bug for that? 18:48:07 Sure 18:48:31 then we can discuss the possibility of a backport based on the proposed solution and document it there 18:49:02 Sounds good 18:49:09 eandersson: awesome - thank you 18:49:36 does anyone have anything else? 18:49:48 feature freeze is july 28th right? 18:50:06 yep 18:50:20 #link https://releases.openstack.org/pike/schedule.html 18:50:49 ok 18:51:01 gagehugo: how's the project tag implementation coming along? 18:51:06 gagehugo: i need to review it soon 18:51:40 making progress, still needs more unit tests 18:51:46 ack 18:51:53 I know ksc and osc work is going as well 18:52:01 good deal 18:52:28 the final release for client libraries is going to be that same week 18:52:35 good to know 18:52:53 also - for those interested 18:52:57 I think oslo is next week. 18:53:02 e.g. oslo.policy 18:53:40 #link http://lists.openstack.org/pipermail/openstack-dev/2017-July/119465.html 18:53:46 * morgan is lurking 18:54:07 fwiw - i have a PoC of global roles implemented locally 18:54:15 i'll be pushing that for review soon 18:54:20 lbragstad: nice 18:54:39 already integrated with policy? used in other services? 18:54:45 or just keystone crud for now? 18:54:47 no - it's just the assignment bits 18:54:59 * samueldmq nods 18:55:03 i need to write another patch to implement the scoping parts 18:55:04 that's a lot already :) 18:55:21 will be nice to have a complete poc for the ptg 18:55:23 then it should be consumable 18:55:29 yeah - that's the goal 18:55:34 nice 18:56:06 alrighty - anything else? 18:57:06 thanks for coming! 18:57:09 thanks 18:57:09 #endmeeting