16:00:07 <lbragstad> #startmeeting keystone 16:00:10 <openstack> Meeting started Tue Mar 13 16:00:07 2018 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:12 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:12 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting 16:00:15 <openstack> The meeting name has been set to 'keystone' 16:00:16 <lbragstad> agenda ^ 16:00:22 <lbragstad> ping ayoung, breton, cmurphy, dstanek, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rderose, rodrigods, samueldmq, spilla, aselius, dpar, jdennis, ruan_he, wxy 16:00:37 <raildo> o/ 16:00:40 <hrybacki> o/ 16:00:43 <jgr> Hello 16:00:46 <hrybacki> we got moved out of #openstack-meeting ? 16:00:51 <wxy|> o/ 16:00:53 <lbragstad> hrybacki: there was a conflict 16:00:59 <hrybacki> ack 16:01:00 <lbragstad> wxy|: o/ nice to see you in the meeting :) 16:01:06 <wxy|> lbragstad: :) 16:01:11 <hrybacki> wxy|++ 16:01:12 <knikolla> o/ 16:01:34 <knikolla> thanks for the ping on -keystone, wasn't in the -meeting-alt channel. 16:01:57 <lbragstad> yeah - i wasn't either until about 2 minutes ago 16:02:14 <cmurphy> o/ 16:02:38 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting 16:02:45 <lbragstad> agenda in case folks missed it 16:03:05 <spilla> o/ 16:03:21 <lbragstad> cool - let's go ahead and get started 16:03:29 <lbragstad> #topic announcements: new meeting time 16:03:38 <lbragstad> so - the big one is that the meeting time has changed 16:03:47 <lbragstad> unfortunately during the same time as american dst 16:03:47 <hrybacki> +1 for inclusion 16:03:50 <lbragstad> (sorry about that) 16:04:11 <lbragstad> as a result, we've had to move meeting channels to avoid a conflict in #openstack-meeting 16:04:35 * hrybacki updated the agenda to reflect as much 16:05:01 <lbragstad> if you rely on calendars like I do, there is an updated .ics file you can import into your calendar with the new time and location 16:05:02 <lbragstad> http://eavesdrop.openstack.org/#Keystone_Team_Meeting 16:05:04 <lbragstad> #link http://eavesdrop.openstack.org/#Keystone_Team_Meeting 16:05:32 <lbragstad> #topic office hours topics 16:05:34 <hrybacki> would it help if there was a calendar invite that we maintained? 16:06:03 <lbragstad> hrybacki: i believe that .ics is generated automatically 16:06:10 <hrybacki> ack, disregard :) 16:06:37 <lbragstad> http://git.openstack.org/cgit/openstack-infra/yaml2ical/ 16:06:56 <lbragstad> anytime there is a change to the meetings repo, new icals are generated 16:07:57 <lbragstad> any other questions or comments about meetings or icals? 16:09:08 <lbragstad> ok - moving on 16:09:29 <lbragstad> if you haven't noticed, things in Trello have shuffled around quite a bit 16:09:49 <lbragstad> but - over the past week or so, we've got the Rocky roadmap in pretty good shape 16:09:56 <lbragstad> #link v 16:10:00 <lbragstad> #link https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap 16:10:32 <lbragstad> thanks to hrybacki for making sense of that board 16:10:52 <hrybacki> teamwerk makes the dreamwerk 16:10:54 <wxy|> hrybacki: really cool 16:11:25 <lbragstad> hrybacki: is there anything about that board you want to talk about? structure? process? 16:12:07 <hrybacki> lbragstad: so it is very similar to the Queens board 16:12:33 <hrybacki> The biggest thing to note is that items in the Next and In Progress column should be scoped to the closest milestone 16:12:50 <hrybacki> e.g. any items in those two columns are things we 'think we'll accomplish NLT 20-April-2018' 16:12:55 <lbragstad> that's something we didn't do for queens 16:12:56 <hrybacki> we can go over the specific items during office hours 16:13:02 <hrybacki> yeah 16:13:18 <hrybacki> we don't need to be dead on, but this will give us a baseline for sprint planning of M2/M3 and subsequent releases 16:13:32 * lbragstad hopes that helps make the Next list more reasonable 16:13:36 <hrybacki> tl;dr let's do some basic things and figure out where we need to improve without putting a lot of work on anyone 16:14:11 <hrybacki> also, if anyone has thoughts for improvements in the board/process please let us know 16:14:33 <hrybacki> I can write up docs for 'formalize' a process if folks would like to see/reference that 16:15:10 <hrybacki> my only ask is that everyone error on the side of being /too verbose/ in their cards as they work 16:15:24 <hrybacki> err* on 16:15:39 <cmurphy> how can I add a keystone team member? 16:15:57 <hrybacki> good question cmurphy -- I can find out before office hours 16:16:03 <cmurphy> I tried to add jgr to the board but it shows him as a lonely "non-team member" 16:16:39 <hrybacki> lbragstad: did you create the keystone team originally? 16:16:46 <lbragstad> i think i did 16:16:55 <lbragstad> cmurphy: jgr do you have an email? 16:16:59 <hrybacki> I'm not sure where/how 'teams' are managed 16:17:12 <lbragstad> it's literally the same as keystone groups :) 16:17:22 <hrybacki> #link keystone team page on Trello: https://trello.com/keystone42 16:17:36 <jgr> lbragstad: yes, let me quickly check which one I used for Trello... 16:17:39 <hrybacki> perhaps we just make the group public so folks can join at will? 16:17:46 <cmurphy> ++ 16:17:49 <hrybacki> it is private presently 16:17:58 <hrybacki> lbragstad: I think you have to do that 16:18:13 <lbragstad> yep - i can do that quick 16:18:22 <hrybacki> cmurphy: did you ever get public access to the retro? Sorry I was kind of in a fog over the past couple of weeks =/ 16:18:26 <jgr> lbragstad: I used johannes.grassler@suse.com for Trello. 16:18:30 <lbragstad> done 16:18:36 <cmurphy> hrybacki: yes you fixed it 16:18:40 <lbragstad> jgr: are you able to join the board now that it is public 16:18:55 <hrybacki> cmurphy++ 16:19:16 <jgr> lbragstad: I think I have joined it... 16:19:45 <jgr> lbragstad: as far as I remember that "non-team member" thing is only a flag that doesn't impact board use. 16:19:48 <lbragstad> sweet - i think i still had to add you 16:19:58 <hrybacki> jgr: I see you on the team member list now: https://trello.com/keystone42/members 16:19:59 <lbragstad> but you were able to invite yourself 16:20:06 <cmurphy> i added him to the board 16:20:28 <lbragstad> good deal 16:20:41 <jgr> Ah, now I'm in the member list, too. Thanks :-) 16:21:05 <lbragstad> jgr: no problem - thank you! 16:21:53 <lbragstad> hrybacki: anything else on the board specifically, or do we want to get into office hours stuff? 16:22:14 <hrybacki> no, I can brief everything else on the video conference 16:22:20 <lbragstad> ok - cool 16:22:24 <lbragstad> #topic open discussion 16:22:30 <lbragstad> floor is open if anyone has topics 16:22:31 <knikolla> what's the schedule for that? 16:22:51 <lbragstad> knikolla: we're going to keep office hours immediately after the meeting, so the format should be the same 16:23:06 <lbragstad> unless we come up with a reason to change it 16:23:16 <knikolla> ack! so we're jumping on the conference call right after this? 16:23:17 <hrybacki> aim in the first hour is to review the board and agree upon things for M1 ('sprint planning') 16:26:23 <lbragstad> i do have a couple things to propose for office hours, but only after sprint planning 16:26:39 <lbragstad> wxy|: i assume you'll drop after the meeting? 16:26:59 <lbragstad> given it's going on 1:00 AM where you are? 16:27:16 <wxy|> lbragstad: i'll try to attend the online meeting. not sure the internet is Ok or not. 16:28:55 <kmalloc> ugh. 16:28:57 <lbragstad> wxy|: i just want to make sure we cover whatever you need while we have you on the line, in case you decide to drop after the meeting 16:29:57 <kmalloc> lbragstad: we moved to meeting-alt? 16:30:26 <ayoung> kmalloc, no 16:30:29 <lbragstad> kmalloc: yeah - there was a conflict in #openstack-meeting at 1600 16:30:29 <ayoung> kmalloc, this is not happening 16:30:33 <ayoung> its all a dream. 16:30:36 <ayoung> wake up. 16:30:38 <kmalloc> oh, ok 16:30:41 <ayoung> Heh 16:30:45 <lbragstad> lol 16:31:00 <kmalloc> >.> 16:31:06 <ayoung> Heh 16:31:23 <ayoung> so, since we are in open discussion: multi-site 16:31:35 <ayoung> I started chatting about this in #openstack-keystone 16:31:53 <ayoung> Let me suggest that people read the edge-stuff from PTG: 16:32:09 <ayoung> http://markvoelker.github.io/blog/dublin-ptg-edge-sessions/ 16:32:23 <ayoung> And I know a few people have stumbled over stuff like this before. 16:33:18 <lbragstad> ayoung: correct me if i'm wrong, but the tl;dr is that there are a bunch of small deployments that need to act as a single cloud, right? 16:33:27 <ayoung> lbragstad, yeah 16:33:40 <ayoung> that is the driving story, IIUC 16:34:04 <ayoung> How do you sync? How do you upgrade? How do you keep the music playing? 16:34:51 <ayoung> K2K federation provides an insulatin layer between them, but it is useless if the First K is down. 16:35:14 <ayoung> I think a lot of people have gone Hub-and-Spoke and made Keystone at the spoke read only 16:35:39 <ayoung> but that messes up things like application credentials. You have to write them centrally, not at the Keystone server that shows up in your Service catalog 16:36:06 <ayoung> also, a use case that has come up a lot is "I have a region that is for special customers. How do I keep out the riff raff?" 16:37:15 <ayoung> K2K is OK if the people in the gold tier don't want to reuse anything from the regular tier, but they are the ones paying the most. They want their resources. 16:37:51 <ayoung> That last seems mostly like a policy thing; add an additional role to all operations on a specific endpoint. 16:38:39 <ayoung> I was thinking in terms of "This region can write values for this domain" 16:38:56 <ayoung> and then eventually-consistent semantics for syncing to the other keystones. 16:40:11 <ayoung> So if we have Boston and Berlin as Regions, and each region had a keystone, and each keystone has two domains, Named DomBoston and DomBerlin, the Keystone in Boston can write to DomBoston and will push its changes to DomBerlin. 16:40:33 <ayoung> Keystone in Berlin would ignore any changes for DomBerlin unless it wrote them 16:41:08 <ayoung> You would need a central arbiter to make sure that regions to domains was set up in a consistant manner. But assume changes to that are infrequent 16:41:26 <lbragstad> hmm - so would on the domain be sync'd? 16:41:31 <lbragstad> what about the user tables? 16:42:06 <ayoung> right...so the synced data would be all tables in identity, assignement and the project table in Resource 16:42:43 <ayoung> but only the values tagged with DomBoston would be acceptable to the Berlin Keystone 16:42:49 <ayoung> and the reverse 16:45:11 <ayoung> So...let me throw that out there as a starting point. We should participate in the Edge computing discussions, as Keystone is going to be a nexus for that use case to work 16:45:20 * ayoung surrenders the conch 16:45:31 <lbragstad> yeah... 16:45:39 <cmurphy> agreed that we need to be thinking about this more seriously 16:45:43 <lbragstad> ++ 16:46:06 <lbragstad> and that's apparent in how many requests we've gotten for various things (like project IDs over the API) 16:46:38 <lbragstad> i'll re-read the edge etherpad from dublin 16:46:55 <ayoung> lbragstad, yeah, and there is second one called Alan'S Problems 16:46:58 <lbragstad> #link http://markvoelker.github.io/blog/dublin-ptg-edge-sessions/ 16:47:10 <ayoung> https://etherpad.openstack.org/p/edge-alans-problems 16:47:16 <ayoung> #lionk https://etherpad.openstack.org/p/edge-alans-problems 16:47:19 <ayoung> #link https://etherpad.openstack.org/p/edge-alans-problems 16:47:28 <ayoung> #lionk is short for Lion King 16:47:45 <knikolla> i'll do some background reading. 16:48:01 <lbragstad> nice - i'll dig into those 16:48:23 <lbragstad> i have some context on the problem, but i feel like i should at least step back and read everything first 16:48:35 <lbragstad> thanks ayoung 16:49:35 <lbragstad> anything else for open discussion? 16:49:46 <lbragstad> otherwise we can end 15 minutes early and prepare for sprint planning 16:49:52 <lbragstad> er 11 minutes early 16:50:49 <lbragstad> alright - thanks for coming 16:50:54 <lbragstad> see everyone in a few minutes 16:50:57 <lbragstad> #endmeeting