#openstack-meeting log

18:00:03 <lbragstad> #startmeeting keystone
18:00:04 <openstack> Meeting started Tue Sep  5 18:00:03 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:04 <lbragstad> ayoung, breton, cmurphy, dstanek, edmondsw, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, notmorgan, rderose, rodrigods, samueldmq, spilla, aselius, dpar
18:00:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:07 <openstack> The meeting name has been set to 'keystone'
18:00:09 <hrybacki> o/
18:00:11 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
18:00:11 <knikolla> o/
18:00:13 <lbragstad> agenda ^
18:00:15 <lbragstad> o/
18:00:18 <gagehugo> o/
18:00:22 <lamt> o/
18:00:24 <edmondsw> o/
18:00:33 <cmurphy> o/
18:01:24 <lbragstad> #topic announcements: ptg planning
18:01:35 <lbragstad> #link https://etherpad.openstack.org/p/keystone-queens-ptg
18:01:49 <lbragstad> PTG is next week already, so the schedule is pretty much set at this point
18:01:56 <lbragstad> i haven't heard of many conflicts
18:02:04 <lbragstad> with out proposed sessions anyway
18:02:10 <lbragstad> i'm also still waiting on room information
18:02:15 <lbragstad> but i'll up that as soon as possible
18:02:24 <hrybacki> lbragstad: my only issue is I won't be there Monday until ~noon
18:02:41 <hrybacki> assuming no plane issues. Irma may decide to alter those plans
18:02:53 <lbragstad> hrybacki: ack
18:03:14 <kmalloc> yeah
18:03:18 <kmalloc> meeting time or something o/
18:03:21 <lbragstad> the etherpads for specific sessions should be good to go
18:03:36 <edmondsw> raildo when is your oslo secret protection session going to be?
18:03:47 <lbragstad> let me know if you see information missing
18:04:01 <lbragstad> otherwise - they should be used to prepare for sessions
18:04:21 <gagehugo> edmondsw https://etherpad.openstack.org/p/oslo-ptg-queens
18:04:22 <raildo> edmondsw, it will be on Monday in the oslo room, at 1:30-2:10pm
18:05:02 <edmondsw> so that's gonna conflict a bit, at least for me
18:05:11 <raildo> edmondsw, and we are gonna to have other session, related to the tripleo/k8s discussion about it, after that session in the tripleo room
18:05:55 <raildo> edmondsw, damn =/
18:06:15 <edmondsw> you and I should talk sometime before that meeting... IBM has already written code you might use
18:06:15 <lbragstad> edmondsw: is there anything the keystone schedule can do to mitigate it?
18:06:24 <edmondsw> I'm trying to pull together more info on that for you
18:06:53 <edmondsw> lbragstad probably not, because in this case the conflict is us meeting with the VM and Baremetal guys, so it's really their schedule
18:06:55 <kmalloc> i might make it to the 2nd half of monday
18:06:58 <raildo> edmondsw, I intend to be in the Keystone policy in code session, before that meeting
18:07:02 <kmalloc> i def. am going to miss-policy-in-code
18:07:12 <kmalloc> i wont be arriving until around noon on monday
18:07:13 <kmalloc> iirc
18:07:22 <lbragstad> edmondsw: ack - is there a set schedule for that group/sig somewhere?
18:07:37 <lbragstad> edmondsw: i've just kinda lumped our related topics into a big block to bring to them
18:07:41 <edmondsw> lbragstad I was just looking at what you had put in https://etherpad.openstack.org/p/keystone-queens-ptg
18:07:43 <lbragstad> and hoping we can discuss them
18:07:46 <lbragstad> ok
18:07:53 <lbragstad> so - we're on the same page
18:08:14 <lbragstad> i've reached out to the baremetal/vm sig a couple times but i haven't seen an actual schedule
18:08:24 <lbragstad> (which kinda makes it tough to schedule the rest of things)
18:08:52 * lbragstad has the feeling he's going to be chasing people down monday and tuesday
18:08:59 <edmondsw> lbragstad if we could firm that up in a way that doesn't conflict with the oslo discussion, that would be great
18:09:14 <lbragstad> edmondsw: i'll see if i can reach out to johnthetubaguy again
18:09:26 <lbragstad> i'd be happy to help them schedule it
18:09:34 <lbragstad> but i don't know if someone else has already started doing that
18:10:08 <lbragstad> #action lbragstad to reach out to baremetal/vm sig about firming up their schedule
18:10:24 <lbragstad> anyone have anything for PTG stuff?
18:10:31 <lbragstad> mostly just wanted to advertise it
18:10:42 <lbragstad> with the etherpads for pre-session reading
18:11:12 <lbragstad> alrighty - moving on
18:11:18 <edmondsw> you're giving us homework? ;)
18:11:18 <lbragstad> #topic project tags character limit
18:11:23 <lbragstad> edmondsw: you know it
18:11:30 <lbragstad> it wouldn't be the PTG without it ;)
18:11:37 <edmondsw> tru dat
18:11:54 <lbragstad> gagehugo: o/
18:11:58 <gagehugo> amrith
18:12:04 * kmalloc has an easy answer here....
18:12:09 * kmalloc waits to hear more though
18:12:19 * edmondsw thinks he knows kmalloc's answer...
18:12:22 <gagehugo> I'd like to avoid having it configurable
18:12:29 <kmalloc> ++
18:12:31 <lbragstad> me too
18:12:33 <amrith> hello
18:12:34 <kmalloc> do not make it configurable
18:12:45 <kmalloc> i would -2 configurable, ftr
18:12:49 <gagehugo> amrith project tags character limit?
18:12:55 <lbragstad> amrith: o/
18:12:55 <amrith> yes
18:12:59 <amrith> hi lance
18:13:19 <lbragstad> amrith: you have a use case for a higher limit of tags, right?
18:13:23 <amrith> kmalloc doesn't want to make it configurable. oK then make the limit large
18:13:34 <amrith> yes, the idea is to have a hierarchy of tags
18:13:40 <kmalloc> each tag is stored as a row in the db?
18:13:48 <lbragstad> kmalloc: yes
18:13:49 <kmalloc> with a project->many tag relationsiop?
18:13:50 <amrith> and for that a longer name would be required
18:13:59 <kmalloc> then 255 varchar is the max i support
18:14:12 <lbragstad> kmalloc: yeah - it'a many-to-many relationship
18:14:13 <kmalloc> i don't mind if you're anywhere under or equal to 255
18:14:20 <kmalloc> for the tag name.
18:14:36 <gagehugo> i'm fine with that
18:14:38 <amrith> Morgan, I think 255 would be OK to start with; is the db field capped at 255?
18:14:40 <lbragstad> amrith: so is the concern the *number* of tags or the lenght of a tag?
18:14:44 <edmondsw> how many levels of hierarchy are we talking here?
18:14:46 <amrith> kmalloc is Morgan, yes?
18:14:46 <kmalloc> for DB reasons in MySQL it is
18:14:50 <kmalloc> yeah.
18:15:17 <kmalloc> don't exceed 255 unless it's really needed... and then we talk about indexes and indexing text fields
18:15:18 <kmalloc> and blobs
18:15:20 <amrith> edmondsw no idea. 2 or 3 at most, I think
18:15:25 <amrith> 255 sounds fine
18:15:27 <kmalloc> in short, 255 is fine.
18:15:40 <amrith> even at 5 levels, 255 allows for 50 character names
18:15:54 <kmalloc> amrith: in the db it shouldn't matter
18:16:05 <kmalloc> because you're many tags to one project
18:16:08 <amrith> yes, can we make the default (in code) larger
18:16:13 <kmalloc> you should store it a relational forms
18:16:18 <edmondsw> I was gonna say we could possibly set a lower limit on tag length, and then support up to 255 for something like "tag:tag:tag"
18:16:37 <amrith> I assumed we'd have tag.tag.tag.tag.tag
18:16:48 <amrith> since the format is tag, value
18:16:57 <amrith> or tag.tag.tag.tag, value
18:17:14 <edmondsw> sure, I don't care what the delimiter is
18:17:16 * kmalloc would push this to more relational.
18:17:20 <amrith> as the case may be
18:17:26 <amrith> kmalloc I agree
18:17:31 <kmalloc> and not tied to text string concat
18:17:44 <amrith> fine by me, happy if we want to make it relational
18:17:50 <kmalloc> it solves the issue
18:17:55 <amrith> but may be overkill
18:18:02 <kmalloc> but i wont argue too much for /against
18:18:08 <amrith> kmalloc ditto
18:18:10 <edmondsw> kmalloc assign a UUID per tag, and then each tag can be associated with a parent?
18:18:14 <kmalloc> just as long as the column(s) in the db are 255 varchar
18:18:16 <amrith> I won't argue too much against/for :)
18:18:22 <kmalloc> make sure PKs are auto-inc int
18:18:24 <amrith> kmalloc +1
18:18:34 <kmalloc> and you can use a uuid if you need externally referenceable
18:18:38 <kmalloc> (just not as PK)
18:18:44 <amrith> and so long as a user doesn't have to change code to get the whole 255
18:18:57 <amrith> asking them to change a config is fine, change code is not
18:19:08 <kmalloc> please do not make this configurable
18:19:09 <kmalloc> at all
18:19:16 <gagehugo> kmalloc I won't heh
18:19:17 <lbragstad> i'm not seeing how we could actually
18:19:26 <amrith> fine, let's remove it from the config in that case
18:19:30 <lbragstad> we're talking about the length of an attribute in the database
18:19:35 <amrith> sorry from that file (whatever it was)
18:19:42 <lbragstad> which is defined by schema, right?
18:19:47 <gagehugo> yeah
18:20:03 <kmalloc> anyway, my requirements are: primary-key is autoinc-int, varchar fields cannot be > 255 (and these need indexes so, please use varchar for the string data)
18:20:10 <lbragstad> i thought this specific concern was around the actual *number* of tags that could be associated to a project
18:20:26 <kmalloc> if it's relational data
18:20:36 <amrith> lbragstad there were two
18:20:41 <amrith> one was to make the overall length greater
18:20:42 <kmalloc> it doesn't matter, unless you want to just say 50 tags. or some such
18:20:43 <lbragstad> ok - i missed the second one then
18:20:47 <kmalloc> make it high but reasonable
18:20:55 <kmalloc> don't make it a config option :)
18:20:57 <amrith> and when I was told that it could be changed, I asked for configurable, and also that max tags be configurable
18:21:06 <kmalloc> start with it not configurable
18:21:16 <kmalloc> and a high/reasonable max
18:21:16 <lbragstad> and reasonably right
18:21:18 <kmalloc> if you set one
18:21:19 <lbragstad> high*
18:21:20 <gagehugo> so 80 -> 255
18:21:44 <lbragstad> gagehugo: for which one, the database column length or the number of tags a project can have?
18:21:57 * kmalloc has to re-read the state of the code
18:22:03 <gagehugo> lbragstad column length
18:22:07 <kmalloc> but it sounds like it is all as i imagine
18:22:42 <lbragstad> ok - sounds like we all agree that the column length should be 255 characters
18:23:34 <lbragstad> do we all agree that the number of tags a project should have is 80 and non-configurable?
18:23:51 <gagehugo> lbragstad it's currently 50 tags per project
18:24:04 <gagehugo> we can up that to 80, idc
18:24:14 <lbragstad> amrith: does 50 work for you?
18:24:33 <amrith> lbragstad i think it is more than enough for me
18:24:58 <ayoung> PLease make it relational
18:24:59 <lbragstad> gagehugo: cool - wanna go to 80 so that we're consistent with what nova does?
18:25:15 <ayoung> and go to 255
18:25:40 <gagehugo> ok
18:25:44 <ayoung> why would you limit the number of tags a project can have?
18:25:57 <lbragstad> #agreed project tag length needs to be increased to 255 characters and be relational
18:26:00 <kmalloc> ayoung: to prevent some malicious "add a billion tags to slow things down"
18:26:24 <lbragstad> #agreed set the number of tags a project can have to 80 to be consistent with nova
18:26:25 <ayoung> who owns the tags?
18:26:33 <ayoung> if I create a tag, do I own it?
18:26:36 <gagehugo> tags is just an attribute of project
18:26:38 <ayoung> can only I set it on a project?
18:26:39 <kmalloc> ayoung: mostly it's a "set something reasonable and high" where if someonone hits the limit... they did something crazy. set it at 100 or 200, just not "unlimited"
18:26:52 <lbragstad> currently - admins can tag projects
18:26:58 <ayoung> gagehugo, watch out for the word "just"
18:27:09 <lbragstad> by modifying the project itself
18:27:13 <kmalloc> RBAC "folks may tag projects, RBAC", admin is default
18:27:27 <ayoung> lbragstad, admins?  We're in 968696 territory with that term...but
18:27:35 <kmalloc> like i said, be defensive, but not insane
18:27:46 <kmalloc> set the limit at 200 or even 100
18:27:54 <kmalloc> if we have complaints that is too low, we can adjust
18:27:55 <ayoung> tags need to be treated as full entities, not just strings in a string table
18:28:14 <gagehugo> ayoung why's that?
18:28:28 <ayoung> gagehugo, IFF they are going to have any non-trivial usage
18:28:39 <ayoung> lets say I have a tag "non-billable"
18:29:09 <ayoung> now, it might be find to have a tag table like kmalloc suggests
18:29:17 <ayoung> but then you are going to have a shared resource
18:29:30 <ayoung> i.e.  if I delete a tag, is it garbage collected?
18:29:31 <ayoung> etc
18:29:38 <ayoung> just need to think through the proposal
18:30:06 <ayoung> is "Admin" and "admin" going to map to the same tag?
18:30:20 <ayoung> Are we going to make Tags URL safe?
18:30:21 <gagehugo> no, they are case-sensitive
18:30:29 <ayoung> are they going to allow spaces?
18:30:34 <gagehugo> yes
18:30:38 <ayoung> full utf-8?
18:30:51 <kmalloc> ayoung: yeah should be.
18:30:56 <gagehugo> yes
18:31:12 <gagehugo> only characters not allowed are "," and "/"
18:31:26 <gagehugo> as per https://specs.openstack.org/openstack/api-wg/guidelines/tags.html
18:31:43 <ayoung> OK.  Go for it.  Just please provide electric shock therapy for anyone that wants to use them for any security purpose, to include billing
18:32:04 <raildo> lol
18:32:15 <gagehugo> heh
18:32:17 <lbragstad> #action gagehugo to implement electric shock therapy in keystone
18:32:28 <lbragstad> anything else on tags?
18:33:18 <lbragstad> #topic open discussion
18:33:57 <ayoung> We've got more people beating us up over Read Only Roles
18:34:25 <ayoung> thats all
18:34:41 <lbragstad> ack - we have nearly an entire day dedicated to it at the ptg
18:35:45 <ayoung> Cool.  The Part of Adam Young will be played by hrybacki
18:35:54 <ayoung> they upgraded the actor
18:36:02 <lbragstad> ;)
18:36:07 <hrybacki> he's not as handsome as the last however
18:36:17 <ayoung> he played much better infront of the studio audience
18:36:28 * ayoung was an Infantryman
18:36:31 * ayoung ugly
18:36:36 <lbragstad> is he allowed mic privileges?
18:37:00 <ayoung> lbragstad, he was a Commo SGT in the Army.  He can fix the mike.
18:37:10 <hrybacki> lol
18:37:11 <lbragstad> perfect
18:37:51 <lbragstad> alright - unless we have other things to discuss it looks like we can get some time back
18:38:13 <knikolla> \o/
18:38:19 <lbragstad> thanks all!
18:38:21 <lbragstad> #endmeeting