#openstack-meeting log

18:00:02 <lbragstad> #startmeeting keystone
18:00:03 <openstack> Meeting started Tue Aug 15 18:00:02 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:06 <openstack> The meeting name has been set to 'keystone'
18:00:17 <lbragstad> ping ayoung, breton, cmurphy, dstanek, edmondsw, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, notmorgan, rderose, rodrigods, samueldmq, spilla, aselius, dpar
18:00:26 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
18:00:28 <lbragstad> agenda ^
18:00:29 <hrybacki> o/
18:00:37 <lbragstad> o/
18:00:41 <samueldmq> hi o/
18:00:42 <knikolla> o/
18:00:47 <gagehugo> o/
18:00:49 <lamt> o/
18:01:18 <cmurphy> o/
18:01:38 <lbragstad> sweet - we have quite a bit on the agenda today, so let's get started
18:01:44 <lbragstad> #topic announcements: rc2
18:01:56 <lbragstad> we cut rc1 and we're targeting one bug for rc2
18:02:06 <lbragstad> (along with some translation changes that have merged)
18:02:27 <lbragstad> #link https://launchpad.net/bugs/1702211
18:02:29 <openstack> Launchpad bug 1702211 in OpenStack Identity (keystone) "test_password_history_not_enforced_in_admin_reset failed in tempest test" [Medium,In progress] - Assigned to Lance Bragstad (lbragstad)
18:02:36 <lbragstad> thanks kmalloc for all the work there
18:03:09 <lbragstad> we need to get the following reviews merged before cutting rc2
18:03:14 <lbragstad> then we're good to go for Pike
18:03:18 <lbragstad> #link https://review.openstack.org/#/c/493259/
18:03:25 <lbragstad> #link https://review.openstack.org/#/c/493621/
18:03:41 <gagehugo> waiting for devstack to spin up and I'll test the first one
18:04:03 <samueldmq> gagehugo: ++
18:04:06 <lbragstad> gagehugo: thanks
18:04:11 * kmalloc zzzzzzzzz's
18:04:27 <lbragstad> #topic announcements: ptg planning
18:04:37 <raildo> o/
18:04:43 <lbragstad> i'm working through the topics in the etherpad and sifting them into a rough schedule
18:04:50 <lbragstad> which is available on the same etherpad
18:04:51 <hrybacki> looks good lbragstad
18:04:52 <lbragstad> #link https://etherpad.openstack.org/p/keystone-pike-ptg
18:05:07 <lbragstad> I expect to have things pretty set by the end of the week
18:05:25 <gagehugo> s/pike/queens
18:05:25 <lbragstad> and i'd like to reach out to other projects about the topics we have on monday and tuesday
18:05:50 <knikolla> looks busier than the last ptg
18:05:51 <lbragstad> gagehugo: oo- good catch :)
18:05:58 <lbragstad> #link https://etherpad.openstack.org/p/keystone-queens-ptg
18:06:07 <gagehugo> are we going to do the same format then like we did at ATL? I though that worked fine imo
18:06:16 <lbragstad> ^ that's the right link
18:06:28 <knikolla> argh… then less busy :P
18:06:36 <lbragstad> gagehugo: yes - very similar format and process, unless anyone has suggestions
18:06:42 <hrybacki> haha, I was thinking lbragstad did a lot of work in prep for this
18:06:58 <lbragstad> :)
18:07:06 <gagehugo> oh good someone recommended food & drink
18:07:15 <lbragstad> right now everything is a rough schedule
18:07:33 <lbragstad> but there isn't anything stopping us from drilling down into more specific topics
18:07:48 <lbragstad> or if topics need to be spun off into their own section, we can do that, too
18:07:58 <lbragstad> i'm open to any and all feedback
18:08:11 <hrybacki> lbragstad: might it be worth  adding a topic of 'general stabilzation efforts' ?
18:08:29 <lbragstad> hrybacki: like performance?
18:08:31 <hrybacki> pretty broad topic
18:08:43 <knikolla> hrybacki: in terms of?
18:08:51 <hrybacki> like discuss how we are actually driving the # of bugs and holdover RFEs down
18:08:59 <kmalloc> rewrite keystone to have no central system >.>
18:09:00 <kmalloc> <.<
18:09:04 <hrybacki> strategize for queens and beyond (road map)
18:09:34 <lbragstad> seems like a good topic for wednesday morning if we can get a little more detail
18:09:35 <hrybacki> if you can fit something into the calendar I can think of some finer points later (and moderate the session)
18:10:05 <kmalloc> rewrite keystone in Go ... >.> <.< ok ok i'll stop being snarky
18:10:20 <lbragstad> kmalloc: go and containers - fixes all the problems
18:10:34 <hrybacki> also, global role discussion?
18:10:44 <hrybacki> monday or tuesday discussion probably
18:10:49 <lbragstad> hrybacki: yeah - i have all of tuesday morning slated for policy stuff
18:10:59 <raildo> hrybacki, that's a good one :)
18:11:11 <hrybacki> nice
18:11:18 <lbragstad> hrybacki: knikolla and I should probably sync with you after the meeting about a discussion we had on that work
18:11:23 <lbragstad> in -keystone
18:11:27 <knikolla> lbragstad: i'll be missing mon-wed though.
18:11:31 <knikolla> err. tue
18:11:31 <hrybacki> ack
18:11:35 <knikolla> i arrive on tue afternoon
18:11:43 <lbragstad> knikolla: ok - that's fine
18:11:50 <lbragstad> that happen to me in ATL
18:12:04 <lbragstad> we can have a project-specific policy session, since it looks like we'll have time for it
18:12:27 <lbragstad> also - i'm planning on setting aside time monday and tuesday to help other projects move policy into code
18:12:40 <lbragstad> if anyone is interested in helping with that effort, let me know
18:12:41 <samueldmq> lbragstad: that;s awesome
18:12:41 <hrybacki> also, a general discussion about how containers will affect keystone might be nice
18:12:55 <hrybacki> lbragstad: I'll be your shadow in those talks
18:13:05 <lbragstad> #link https://etherpad.openstack.org/p/policy-queens-ptg
18:13:22 <edmondsw> lbragstad I'll be glad to help advise folks on the policy work they need to do
18:13:36 <lbragstad> edmondsw: awesome
18:13:40 <spilla> o/
18:13:44 <lbragstad> i've penciled that in on monday and tuesday
18:13:48 <lbragstad> in the afternoons
18:13:52 <edmondsw> sounds good
18:13:58 <lbragstad> but we can shuffle that around if we have other cross project thing
18:14:16 <lbragstad> things* to talk about (unified limits is a big one, application credentials is another big one,etc... )
18:14:41 <knikolla> oh, i arrive at 2pm. might make it for some late tuesday session.
18:14:42 <lbragstad> i expect the schedule to get a lot more busy
18:15:03 <lbragstad> knikolla: cool - keep me posted and i'll see if we can push policy discussions to later tuesday
18:15:16 <lbragstad> (you know, talk about policy then *immediately* bail to the bar)
18:15:25 <samueldmq> and continue there?
18:15:35 <knikolla> lbragstad: sign me up \o/
18:15:35 <hrybacki> is that the policy?
18:15:41 <cmurphy> lol
18:16:15 <edmondsw> policy and drinking go well together
18:16:22 <gagehugo> ++
18:16:23 <lbragstad> clearly
18:16:33 <samueldmq> we'll probably  find a silver bullet for that subject tehre
18:16:34 <lbragstad> we've learned this in the past i believe
18:16:46 <edmondsw> or at least we can drown our sorrows
18:17:03 <lbragstad> sweet - sounds like everyone wins!
18:17:21 <lbragstad> i'll be working on the schedule the rest of the day - so if you have questions or see a conflict with another project, let me know
18:17:30 <hrybacki> topic: containers and ramifications of them being everywhere wrt keystone -- curious if anyone has done a container based deployment yet
18:17:43 <hrybacki> the first part is a recommendation, second was general ask to the folks in this mtg
18:17:46 <lbragstad> hrybacki: check with the openstack-ansible folks
18:18:03 <lbragstad> they run everything in contains and have it scripted with ansible
18:18:03 <knikolla> hrybacki: yep. ansible uses lxc, kolla also uses kubernetes for deploying
18:18:17 <lbragstad> containers*
18:18:25 <gagehugo> hrybacki https://github.com/openstack/openstack-helm
18:18:30 <hrybacki> do /we/ have anyone looking into how this may require changes on our end down the road?
18:18:51 <lbragstad> hrybacki: i can't recall any changes on our end
18:19:01 <knikolla> we're just a wsgi api with a db.
18:19:03 <knikolla> should be smooth.
18:19:08 <samueldmq> I head anything around federation
18:19:12 <samueldmq> rely state or somehting
18:19:18 <lbragstad> most of the asks coming from the OSA folks are related to testing
18:19:20 <samueldmq> heard*
18:19:30 <hrybacki> ack
18:19:38 <lbragstad> (they want to stand up containers for idps and ldap to test federated and ldap scenarios)
18:19:50 * knikolla should sync up with them
18:20:06 <lbragstad> knikolla: yep - we should have a session with them, we did in ATL and it was helpful
18:20:11 <lbragstad> and productive
18:20:25 <lbragstad> alright moving on
18:20:39 <lbragstad> #topic announcements: knikolla for keystone-core
18:20:46 <samueldmq> \o/
18:20:50 <gagehugo> \o/
18:20:51 <cmurphy> yay \o/
18:20:54 <samueldmq> knikolla: congrats
18:20:59 <hrybacki> woot +100!
18:21:06 <lbragstad> topic says it all - but knikolla has been doing some great work
18:21:12 <knikolla> thank you all \o/
18:21:23 <edmondsw> congrats!
18:21:32 <gagehugo> grats!
18:21:53 <knikolla> will keep doing my best
18:21:57 <spilla> \o/ gratz
18:21:59 <kmalloc> gj knikolla
18:22:11 <rodrigods> o/
18:22:13 <lbragstad> knikolla: thanks for all your hard work and being a great advocate for our project
18:22:17 <kmalloc> welcome... now you don't get to write code anymore, just review it :P like the rest of us
18:22:19 <rodrigods> congratz knikolla
18:22:29 <samueldmq> kmalloc: ++
18:22:31 <lbragstad> kmalloc: :)
18:22:33 <cmurphy> kmalloc: for real >.<
18:22:52 <knikolla> kmalloc: you're not too good at not writing code :P
18:23:27 <kmalloc> i'm terrible at it
18:23:34 <kmalloc> if you haven't figured that out yet.
18:23:37 <lbragstad> #topic docs outreachy internship
18:23:44 <lbragstad> samueldmq: sjain_o/
18:23:50 <sjain_> o/
18:24:07 <samueldmq> as many of you know, sjain_ is our Outreachy intern this round
18:24:08 <samueldmq> for docs
18:24:34 <samueldmq> good thing about it is that she's been able to help a lot with the docs cross-project changes within keystone
18:24:55 <samueldmq> along with lbragstad, she's been submitting a lot of patches and making our docs better and consistent
18:25:13 <lbragstad> ++
18:25:19 <samueldmq> this is the good part. the other side is that her internship is ending soon this month
18:25:28 <samueldmq> by the end of this month to be more accurate
18:25:56 <samueldmq> our plans are to work on the remaining bits for docs
18:26:21 <sjain_> ++
18:26:23 <edmondsw> thanks sjain_ !
18:26:24 <samueldmq> afaict we're done with the docs migration, just need to polish it a bit more
18:26:37 <lbragstad> sjain_: thanks!
18:26:48 <samueldmq> the goal now is to keep looking at polishing the docs, opening bugs and fixing small things
18:27:05 <samueldmq> and the open bugs allow us to keep improving our docs with things she/we might notice in the process
18:27:13 <gagehugo> sjain_ thanks!
18:27:33 <samueldmq> other than making everyone aware of it, I'd like to say thanks to sjain_
18:27:40 <lbragstad> ++
18:27:41 <sjain_> thank you edmondsw lbragstad gagehugo, it would be great if you could point us in the next directions :)
18:27:42 <samueldmq> and if anyone has any specific feedback
18:27:44 <cmurphy> awesome job sjain_
18:27:52 <gagehugo> ++
18:27:56 <samueldmq> feel free to fire it to us :) at anytime
18:27:57 <lbragstad> sjain_: are you going to be at the PTG?
18:28:18 <sjain_> lbragstad: no I haven't planned on that yet
18:28:23 <raildo> thanks sjain_ and samueldmq :)
18:28:25 <lbragstad> sjain_: ok - just curious
18:28:35 <edmondsw> sjain_ is more openstack in your future once the internship ends?
18:28:44 <samueldmq> thanks all who helped me on mentoring sjain_
18:28:51 <samueldmq> I haven't done it alone, we're a community :)
18:29:12 <sjain_> yeah definitely edmondsw, I'm planning for regular contributions :)
18:29:20 <edmondsw> sjain_ excellent!
18:29:22 <lbragstad> awesome
18:29:38 <cmurphy> yay
18:29:46 <sjain_> and thanks to the whole keystone community for helping me out in this journey, it was awesome :)
18:30:00 <samueldmq> \o/
18:30:03 <lbragstad> sjain_: thanks for making sense out of our docs :)
18:30:33 <sjain_> lbragstad: :)
18:30:49 <samueldmq> alright, feel free to reach us with feedback at any time
18:30:56 <sjain_> anything else you think I can target for these remaining days?
18:30:57 <lbragstad> samueldmq: will do
18:31:16 <samueldmq> or sjain_ with job offers (she finished school a few ago, sooo..)
18:31:17 <samueldmq> thanks
18:31:19 <samueldmq> o/
18:31:41 <sjain_> :)
18:31:52 <lbragstad> #topic removing gate-tempest-dsvm-keystone-uwsgi-full-ubuntu-xenial-nv
18:31:55 <lbragstad> knikolla:
18:31:56 <lbragstad> o/
18:31:58 <knikolla> o/
18:32:12 <knikolla> so with devstack moving to uwsgi, this does nothing more than the ordinary job
18:32:16 <knikolla> should we remove it entirely?
18:32:19 <kmalloc> then we should can it
18:32:22 <knikolla> or is there interest for a mod_wsgi job?
18:32:37 <kmalloc> prob not
18:32:43 <lbragstad> yeah - less duplication in jobs the better
18:32:49 <cmurphy> ++
18:32:51 <kmalloc> uwsgi is way better
18:33:00 <kmalloc> don't bother with the mod_wsgi specific job
18:33:11 <knikolla> ack. will put up a patch to remove it and free some resources.
18:33:14 <kmalloc> just drop the gate/check job that duplicates mainline
18:33:33 <knikolla> yep
18:34:26 <knikolla> that's it for this topic.
18:34:34 <lbragstad> #topic LDAP job
18:34:40 <lbragstad> rodrigods: raildo lwanderley o/
18:34:46 <rodrigods> o/
18:35:00 <rodrigods> so we have been making good progress in lwanderley's project
18:35:06 <lwanderley> o/
18:35:12 <raildo> ++
18:35:30 <rodrigods> we already have the ldap plugin, fixed a job defined
18:35:31 <edmondsw> I'm still using mod_wsgi, so please don't break it :)
18:35:45 <rodrigods> and some other stuff under review
18:35:54 <rodrigods> including the addition of the job to keystone check gate
18:36:05 <raildo> #link https://review.openstack.org/#/q/owner:%22Leticia+Wanderley%22+status:open
18:36:08 <rodrigods> (as nv for now)
18:36:11 <kmalloc> edmondsw: it should continue to work, uwsgi/mod_wsgi wsgi files have long been 100% compat in our tests
18:36:20 <edmondsw> cool
18:36:38 <kmalloc> uwsgi usually showed bugs we didn't see under mod_wsgi, not vice-versa
18:37:54 <lbragstad> rodrigods: raildo lwanderley sounds like a request for reviews?
18:38:06 <rodrigods> that too lbragstad :)
18:38:23 <rodrigods> and feedback
18:38:33 <raildo> lbragstad, would be good, but it's more a synchronize moment with the team
18:38:41 <lwanderley> ++
18:38:49 <lbragstad> i can see if i can set aside to tinker with it next week, or late this week, i was messing with an ldap/devstack locally anyway
18:39:21 <rodrigods> cool
18:39:24 <lbragstad> lwanderley: rodrigods raildo the goal is to turn this into a job, right?
18:39:29 <rodrigods> right
18:39:35 <rodrigods> it is already in experimental
18:39:38 <raildo> lbragstad, we already created it as a job
18:39:38 <lbragstad> are the tests written yet?
18:39:50 <rodrigods> since tempest has some identity tests
18:40:01 <rodrigods> it kind "tests" stuff somehow
18:40:10 <rodrigods> but we needed to add a feature flag
18:40:16 <lbragstad> hmm
18:40:17 <lbragstad> ok
18:40:25 <raildo> lbragstad, our goal is to make this job voting in a future and improve the tests coverage on tempest
18:40:25 <rodrigods> but yeah... we also intend to right additional tests
18:40:35 <rodrigods> s/right/write
18:41:00 <lwanderley> the feature flag is also under review
18:41:11 <lbragstad> odyssey4me and andymccr were asking for this in ATL during the PTG
18:41:46 <lbragstad> while they might setup the ldap bits differently (in containers or with ansible) i'm sure they are going to be interested in exercising the same tests
18:42:01 <lbragstad> they might be able to provide some valuable feedback
18:42:03 <rodrigods> ++
18:42:10 <rodrigods> having the job setting up the ldap plugin is a good first step
18:42:20 <raildo> lbragstad, I saw a topic about LDAP tests on the current ptg schedule, so I'll be there and I'll be glad to help on it
18:42:22 <kmalloc> it would be amazing if we could get an ADFS gate too... but i know that is a hard sell since it requires windows server =/
18:42:32 <knikolla> we might need a way to change the state of ldap. our unit tests test a lot of ldap edge cases that we might want to have a functional test also for.
18:42:42 <lbragstad> yea
18:42:48 <rodrigods> knikolla, ++
18:43:00 <rodrigods> would be nice to have a list of tests to be incorporated into tempest
18:43:12 <knikolla> kmalloc: IIRC, there was a way for adfs without windows server. had a discussion with adam loooong ago, so memory is fuzzy.
18:43:35 <kmalloc> not ADFS
18:43:42 <kmalloc> ADFS is windows impl
18:43:42 <lbragstad> rodrigods: raildo lwanderley we should make sure the LDAP tests are in a central place that makes it easy for other deployment projects to pull in and test with how they setup ldap
18:43:50 <kmalloc> you can have SAML/OIDC etc w/o windows
18:44:00 <kmalloc> but ADFS is specifically "active directory federated services"
18:44:18 <knikolla> kmalloc: gotcha. didn't know much about this.
18:44:26 <kmalloc> :)
18:44:35 <kmalloc> i know way more about federated things than I care to admit
18:44:45 <lbragstad> this is good stuff - we need to close gaps like this
18:44:58 <raildo> lbragstad, agreed. I think that next step will be working on the ldap tests on tempest, looks like the better way to improve it and get help for other projects
18:45:33 <lbragstad> raildo: rodrigods lwanderley free after the meeting? we can sync with some of the osa folks
18:45:40 <knikolla> kmalloc: i'm in the process of learning. most of my job is federation nowadays.
18:45:49 <raildo> lbragstad, yeap
18:45:54 <rodrigods> i'm around, eventually
18:45:55 <rodrigods> :)
18:45:59 <lbragstad> cool
18:46:01 <lbragstad> moving on
18:46:05 <lbragstad> #topic open discussion
18:46:06 <lwanderley> lbragstad, yep
18:46:16 <lbragstad> anyone have anything else they'd like to share?
18:46:25 <lbragstad> PTG stuff, RC1 stuff, etc..
18:46:51 * knikolla selling code reviews for booze
18:47:05 <lbragstad> :)
18:47:58 <lbragstad> cool - looks like we can get some time back before office hours
18:48:03 <lbragstad> thanks for coming!
18:48:06 <lbragstad> #endmeeting