15:02:00 <apuimedo> #startmeeting kuryr 15:02:01 <openstack> Meeting started Mon Sep 28 15:02:00 2015 UTC and is due to finish in 60 minutes. The chair is apuimedo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:02:02 <salv-orlando> aloha. Finally a monday without conflicts at 5PM my time. 15:02:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:02:05 <openstack> The meeting name has been set to 'kuryr' 15:02:23 <apuimedo> Hello and welcome to another Kuryr meeting! 15:02:31 <apuimedo> who is here? 15:02:38 <diga> o/ 15:02:42 <tfukushima> o/ 15:02:49 <banix> I/ 15:03:19 <apuimedo> salv-orlando: so you are here for the meeting? 15:04:15 <salv-orlando> apuimedo: yeah, for what else? 15:04:38 <salv-orlando> surely you don't want me here to tell jokes ;) 15:05:13 <apuimedo> salv-orlando: jokes are nice to put the meeting in a nicer mood 15:05:14 <apuimedo> :-) 15:05:38 <apuimedo> #info salv-orlando banix tfukushima diga and apuimedo present in the meeting 15:05:53 <apuimedo> #topic virtual sprint 15:06:27 <apuimedo> Last week tfukushima was working on a demo 15:06:32 <apuimedo> tfukushima: please update us 15:06:54 <tfukushima> Sorry, I had some urgent issues and I couldn't have the complete demo. 15:07:18 <tfukushima> However, I have the incomplete one used somewhere. 15:07:20 <tfukushima> https://drive.google.com/file/d/0BwURaz1ic-5tUFlIQklJRnBQc2s/view?usp=sharing 15:07:24 <apuimedo> tfukushima: Did you find any bugs while getting it to work? 15:07:32 <apuimedo> that we should discuss? 15:07:40 <banix_> tfukushima: apuimedo is the demo using the master or a different branch? 15:08:18 <apuimedo> #link https://drive.google.com/file/d/0BwURaz1ic-5tUFlIQklJRnBQc2s/view?usp=sharing 15:08:19 <tfukushima> It's my local branch. But basically I put everything on GerritHub. 15:08:37 <tfukushima> Actually patches on GerritHub are better. :-p 15:08:39 <apuimedo> banix_: it's the work tfukushima had to do on top of master to get it to work 15:08:56 <apuimedo> there was some stuff we had wrong about ip address setting 15:09:03 <apuimedo> some other stuff about mac address 15:09:05 <banix_> tfukushima: what you need to do, you have submitted as patches? 15:09:09 <salv-orlando> tfukushima: gerrit or github? Probably you're taling about the former as I see your patches to fix interactions wiht libnetwork 15:09:15 <apuimedo> and other things 15:09:23 <tfukushima> I made a shortkit for the default subnetpool because I could only get Juno stack. 15:09:24 <apuimedo> I think he means gerrit 15:10:01 <apuimedo> salv-orlando: salv-orlando he has been on a coding marathon since yesterday ;-) 15:10:05 <tfukushima> Sorry I meant Gerrit. There's a service called GerritHub. I'm confused. 15:10:20 <tfukushima> That's similar to Gerrit hosted by OpenStack community. 15:10:31 <salv-orlando> tfukushima. apuimedo: no worries I just wanted to make sure I was looking at the right patches 15:10:44 <apuimedo> #action tfukushima to address the reviews made on his latest patches 15:10:51 <banix_> tfukushima: so you have all your changes submitted to gerrit? 15:11:14 <tfukushima> Yes, basically. 15:11:29 <apuimedo> #info tfukushima's demo was done over Juno and he posted his changes to gerrit 15:11:47 <banix_> I found a few minor issues preventing the code from working at all, I submitted three tiny patches for those 15:11:53 <tfukushima> I had bad workarounds in my local and I clean them up. The patches on Gerrit are nicer. 15:12:00 <apuimedo> #info apuimedo prepared a kilo image to port the demo to it, since juno required some hacks 15:12:06 <apuimedo> tfukushima: thanks tfukushima 15:12:13 <apuimedo> :-) 15:12:28 <tfukushima> banix_: Yes, I tested with Docker 1.8.0 experimental. 15:12:35 <apuimedo> banix_: thanks for that. Di dyou add us as reviewers? 15:12:43 <tfukushima> libnetwork APIs are changed a little bit in Docker 1.9.0 experimental. 15:13:06 <apuimedo> the new image I made for tfukushima is with midonet+kilo+docker1.9 experimental 15:13:28 <apuimedo> banix_: salv-orlando: I wonder if you would like access to the image 15:13:41 <tfukushima> Yes, I'll run Kuryr against that env from now on. 15:13:51 <apuimedo> good 15:14:18 <banix_> banix: thanks but no as it uses midonet 15:14:50 <banix_> i will using the rference implementation: ml2, ovs for testing 15:14:55 <apuimedo> banix_: ok, It should be easy enough to reconfigure neutron, but I guess you have your own ;-) 15:15:02 <tfukushima> s/shortkit/short circuit/ 15:15:03 <apuimedo> banix_: great 15:15:26 <apuimedo> ok, moving to another virtual sprint topic 15:15:33 <salv-orlando> apuimedo: I actually wonder if we should ensure it's publicly accessible, assuming it might be useful to all contributors 15:16:08 <apuimedo> salv-orlando: is there some place we can put qcow2 images in OSt infra? 15:16:24 <apuimedo> or should we just put Puppet modules somewhere? 15:16:28 <tfukushima> Yes, I want the reference stack with OVS publicly accessible. 15:16:57 <apuimedo> my goal would be that we'd have it with Puppet so that infra can use it for the "tempest" testing 15:17:16 <salv-orlando> apuimedo: the latter approach is probably more feasible. Maybe in kuryr itself, pending a more suitable place. 15:17:16 <apuimedo> and then we could have sample manifests for OVS and midonet 15:17:26 <apuimedo> salv-orlando: cool 15:17:32 <salv-orlando> I'm not sure if we have an "openstack place" where images can be uploaded 15:18:07 <apuimedo> so for the moment puppet it is ;-) and in the meantime maybe I can put the image in some server 15:18:42 <apuimedo> I was investigating about the cap_net_admin approach to running kuryr so it would not need root 15:19:42 <apuimedo> We (me and Peter Saveliev from pyroute2) were able to drop privileges until only CAP_NET_ADMIN was remaining 15:19:42 <banix_> I will have a colleague work on the Kolla image for Kuryr 15:19:59 <apuimedo> #info banix's team will work on the kolla image 15:20:03 <apuimedo> banix_: that's great! 15:20:22 <sdake> ya for mitaka we are going full on capabilities dropping and running as specific users for kolla 15:20:30 <apuimedo> Originally I wanted to have a kuryr user that got CAP_NET_ADMIN only instead of starting as root and dropping privileges 15:20:36 <sdake> for improved security 15:20:46 <apuimedo> sdake: nice to see you here 15:20:57 <sdake> just random luck i guess ;-) 15:21:10 <apuimedo> sdake: so are your service files starting the daemon as root and then dropping and changing? 15:21:34 <sdake> we want to run as a user and drop prior to entering the container (have docker do the priviledge management early on) 15:21:49 <apuimedo> makes sense 15:22:05 <sdake> atm everythign runs as root 15:22:12 <apuimedo> for the non containerized run I considered doing a small executable that did that for me 15:22:12 <sdake> only some containers run with all capabiltieis 15:22:17 <sdake> (--privieleged option) 15:22:50 <apuimedo> #info: both kolla and kuryr will run with dropped privileges and user switching in Mitaka 15:23:12 <apuimedo> I want to talk to the systemd guys to see if I can avoid having the executable somehow 15:23:50 <apuimedo> sdake: yes, that's how I saw it last time 15:24:03 <apuimedo> sdake: who is leading this effort in kolla? 15:24:20 <sdake> the privilege dropping? 15:24:25 <sdake> undefined at this point, we typically all chip in 15:24:37 <sdake> i generally do most of the facilitating 15:24:55 <apuimedo> ok 15:25:11 <sdake> i expct it will happen in mitaka-1 15:25:17 <apuimedo> nice 15:25:32 <apuimedo> #topic testing 15:26:12 <apuimedo> salv-orlando: do you have any news from talking with infra people about running functional tests in there? 15:26:23 <apuimedo> I expect that having puppet modules will be a requirement 15:29:27 <banix> salv-orlando is at the small pub again 15:29:50 <apuimedo> :-) 15:29:53 <sdake> running functional tests is a big job 15:29:56 <sdake> be prepared for some pain :) 15:32:05 <apuimedo> sdake: :-) Thanks 15:32:27 <apuimedo> I didn't expect it easy, but it's good to go prepared into it 15:32:39 <apuimedo> #topic: open floor 15:32:55 <apuimedo> Does anybody else have some topic to bring up? 15:32:57 <sdake> so quick q 15:33:07 <sdake> what type of containers do you intend to create exactly? 15:33:10 <sdake> a whoel bunch or just one? 15:33:12 <banix> apuimedo: so one piece missing is the libnetwork support for labels 15:33:25 <salv-orlando> apuimedo: I had to answer another call. No I did not chat yet to infra people, thanks for the reminder. I'll make a note of doing that. 15:33:48 <banix> sdake: just one is what I had in mind 15:33:52 <apuimedo> #action salv-orlando to chat with the infra people about running func tests there 15:34:07 <sdake> banix cool - we definately are willing to host the code inside kolla 15:34:08 <apuimedo> sdake: there should be just one 15:34:12 <sdake> so feel free to submit the patches there 15:34:26 <apuimedo> for midonet there'll be two, one for midonet agent and one for kuryr 15:34:37 <apuimedo> I expect other vendors to do similarly 15:34:52 <banix> sdake: thanks, yes, working on getting kuryr in a decent shape 15:35:07 <sdake> one thing we want to tackle in kolla is plugins for cinder/neutron/nova 15:35:18 <sdake> there are about 50 plugins per cinder/neutron 15:35:22 <sdake> and 10 in nova 15:35:33 <banix> so using wget to get kuryr rather that installing through yum or apt-get is acceptable as a start point? 15:35:35 <sdake> so we dont want to create 50 containers, but just 1 container that is plugin selectable 15:35:47 <sdake> banix we have a system for source building 15:35:55 <tfukushima> banix: Regarding label, I'm not sure if libnetwork guys make it happen in Docker 1.9.0. 15:36:07 <sdake> banix you basically point it at a git repo or a tarball.gz and it builds the image properly 15:36:19 <tfukushima> #link Labels support for Network, Endpoint Create, Join #222 https://github.com/docker/libnetwork/pull/222 15:36:36 <banix> tfukushima: i am told it is in 1.9 plan and ready to be added but a few more high priority stuff remains for them 15:37:07 <banix> tfukushima: yeah I talked to them, hopefully we will see it this week. How do you plan to use them? 15:37:13 <banix> sdake: thanks 15:37:18 <tfukushima> Ok, let's see... 15:37:51 <banix> tfukushima: any particular use case for labels you have in mind? 15:38:25 <tfukushima> Giving names of the networks and the endpoints to Kuryr. 15:38:51 <sdake> banix when your ready to get started, join #kolla and one of the core reviewers can help walk you through how to create a container for from source building 15:38:55 <tfukushima> Now we'll see Docker IDs as the names in Neutron. 15:39:02 <apuimedo> #info kuryr will be a single container 15:39:22 <banix> sdake: sounds good. Thank you. 15:39:25 <apuimedo> #info kuryr will be a single kolla container for now 15:39:58 <apuimedo> banix: IIRC the contact sdake gave us is SamYapple 15:40:07 <sdake> Yaple 15:40:17 <sdake> but feel free to contact anyone in #kolla that is a core reviewer 15:40:27 <sdake> or anyone else for that matter 15:40:32 <apuimedo> :-) 15:40:34 <sdake> but the crs are the best folks to giveoyu wa lkthrough of the code 15:40:36 <apuimedo> thanks sdake 15:41:07 <banix> sure 15:41:09 <apuimedo> sdake: what's the shape now of the ansible based orchestration of Kolla? 15:41:20 <sdake> fantastically good? :) 15:41:36 <sdake> if you could be more precise in oyur question i could give a more precise answer :) 15:41:43 <apuimedo> if we were to base our functional tests on it, could we do so now, or should we wait for liberty release? 15:41:58 <sdake> we are releasing rc1 tomorrow at 10am pst 15:42:03 <sdake> (hopefully) 15:42:07 <sdake> that is what i'd work against 15:42:15 <sdake> (the liberty branch will happen at this time as well) 15:42:27 <sdake> butreally I'd submit patches against master 15:42:36 <sdake> we aren't backporting features into liberty 15:43:25 <apuimedo> sdake: thanks 15:43:45 <banix> tfukushima: apuimedo can we make sure all corrections you make on your local branch get to master? 15:44:19 <apuimedo> banix: we'll re-run the demo on kilo with master plus what's on gerrit to make sure we didn't miss anything 15:44:27 <apuimedo> otherwise we'll go crazy :P 15:44:43 <banix> yes exactly 15:44:45 <banix> :) 15:45:43 <apuimedo> #action tfukushima apuimedo to run the demo again on kilo + master + tfukushima's under review patches 15:45:51 <apuimedo> anything else? 15:46:47 <tfukushima> #link patches https://review.openstack.org/#/q/status:open+project:openstack/kuryr,n,z 15:48:00 <apuimedo> thanks tfukushima 15:48:09 <banix> thanks tfukushima 15:48:21 <banix> by the way diga do you plan to update your patch? 15:48:42 <apuimedo> banix: he had to take off 15:48:56 <apuimedo> let's sync tomorrow with him on #openstack-neutron 15:49:03 <apuimedo> banix: tfukushima: sdake: salv-orl_: diga: thanks for joining! 15:49:07 <banix> apuimedo: ok 15:49:14 <apuimedo> #endmeeting