#openstack-mistral log

08:04:13 <d0ugal> #startmeeting mistral
08:04:14 <openstack> Meeting started Fri Jul 20 08:04:13 2018 UTC and is due to finish in 60 minutes.  The chair is d0ugal. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:04:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
08:04:17 <openstack> The meeting name has been set to 'mistral'
08:04:28 <d0ugal> Friday office hour!
08:04:30 <d0ugal> https://etherpad.openstack.org/p/mistral-office-hours
08:04:39 <d0ugal> rakhmerov, apetrich, bobh, mcdoker181818 ^
08:04:51 <d0ugal> Add your nick to line 16 for future pings!
08:09:14 <d0ugal> I don't have any agenda for today
08:09:50 <d0ugal> Oh, actually, I do. mistral-lib was released for Rocky today
08:10:01 <d0ugal> There were very little changes really
08:10:15 <d0ugal> Other than that, no news from me :)
08:10:19 <d0ugal> https://bugs.launchpad.net/mistral/+bugs?search=Search&field.status=New&orderby=id&start=0
08:10:23 <d0ugal> We do have three new bugs!
08:11:20 <akovi> Regarding #1782076 this is a documented (in code) limitation
08:11:44 <akovi> We could not transfer the cert file to the server to be used
08:12:04 <d0ugal> akovi: Do you have a link to the code comment?
08:12:08 <akovi> Especially because it would have to be present for the executor
08:13:39 <d0ugal> So the problem is that mistral server doesn't have the cert file? Is there a way to workaround this or is it not possible?
08:22:47 <rakhmerov> hey
08:22:49 <mcdoker181818> As I know we get a cert as parameter and cache it
08:23:40 <mcdoker181818> I mean a my company openstack actions
08:24:05 <mcdoker181818> rakhmerov: Hi! How "Transitions with expressions" must work with the join policy?
08:24:06 <rakhmerov> https://bugs.launchpad.net/mistral/+bug/1782305 was filed by one of my colleagues
08:24:06 <openstack> Launchpad bug 1782305 in Mistral "unable to alter env variable" [Undecided,New]
08:24:15 <rakhmerov> hi
08:24:32 <rakhmerov> mcdoker181818: not sure I understand your question
08:24:44 <d0ugal> rakhmerov: I am actually surprised there isn't a bug for that already - we (tripleo) wanted to do that for a while and I have tried to do it previously too :)
08:24:49 <akovi> sorry, I had to get out for a little while
08:24:55 <d0ugal> akovi: np
08:25:01 <rakhmerov> d0ugal: yeah, it's rather a BP though IMO
08:25:12 <mcdoker181818> https://thepasteb.in/p/O7h5jv9KgjOSq
08:25:21 <rakhmerov> d0ugal: should be easy to implement a YAQL function to do that
08:25:40 <d0ugal> rakhmerov: Agreed, a bp function would be better. I also thought a YAQL function made sense :)
08:25:51 <rakhmerov> yep
08:25:58 <rakhmerov> it's a low hanging fruit actually
08:26:09 <d0ugal> Yeah, so I am happy to treat it as a bug for that reason.
08:26:09 <rakhmerov> we can give it to someone who wants to learn
08:26:14 <rakhmerov> :)
08:26:33 <akovi> hmm, seems like we lost the target_cacert somewhere in the history or refactoring
08:26:35 <d0ugal> Good idea. I might have somebody in mind.
08:26:45 <rakhmerov> mcdoker181818: ok, so in this case there's no difference for "tj" if the transition is conditional or not
08:27:00 <rakhmerov> both edges are considered preconditions for "tj"
08:27:53 <rakhmerov> "tj" will be in WAITING state as long as both transitions are still possible and not evaluated yet
08:28:20 <rakhmerov> and "tj" will be in ERROR state if at least one of those routes will become impossible
08:28:35 <rakhmerov> mcdoker181818: makes sense?
08:30:39 <mcdoker181818> then this workflow will be failed, yes? Yep, make sense
08:39:49 <akovi> I took #1782076, it is a real bug
08:40:19 <akovi> but the target cacert works only on the client side
08:40:59 <akovi> the mistral server still needs to be able to communicate with the target cloud with SSL as the cert is not transferred from the client
08:42:25 <akovi> Can we talk about these patches: https://review.openstack.org/#/q/topic:service-catalog-issue+(status:open+OR+status:merged)
08:42:28 <mcdoker181818> rakhmerov: I think we need to update docs for this case
08:43:32 <mcdoker181818> If anybody has time, please review https://review.openstack.org/#/c/583030/
08:43:39 <rakhmerov> mcdoker181818: ok
08:45:55 <akovi> mcdoker181818: what is idp?
08:46:34 <mcdoker181818> identity provider
08:47:10 <akovi> can we write it out? I like self-descriptive names :)
08:48:16 <d0ugal> +1
08:49:55 <mcdoker181818> problemo. I think it is a common abbreviation :)
08:50:42 <rakhmerov> IDP yes, in the context of security it's usually a known thing )
08:50:43 <akovi> yes, TLWs are common everywhere, meaning everything haha
08:52:06 <d0ugal> Does that change mean keycloak is enabled by default in the container or it is just an option?
08:52:27 * d0ugal reads the README change :)
08:54:54 <mcdoker181818> Noop, it's disabled by default
08:55:21 <mcdoker181818> Also, I answered on the comment https://review.openstack.org/#/c/499790/14
08:57:02 <d0ugal> mcdoker181818: Are you going to change idp? I'm trying to decide if I should merge it or not :)
08:57:03 <rakhmerov> mcdoker181818: ok
08:57:06 <rakhmerov> +2ed
08:57:29 <mcdoker181818> identity-provider?
08:57:33 <mcdoker181818> Wait a moment
08:57:37 <d0ugal> Thanks
08:58:08 <d0ugal> I really wish docker compose had a way to mark services as disabled by default
08:59:06 <mcdoker181818> +++
09:00:12 <d0ugal> I only started learning how to write a docker-compose file 2 weeks ago. I was surprised how limiting it is
09:00:18 <d0ugal> I kinda expected more from it.
09:00:42 <d0ugal> but anyway, it is also quite useful at times
09:01:12 <d0ugal> Oh, we are at the end of the hour. I am not going anywhere, but I'll stop the meeting bot
09:01:13 <d0ugal> #endmeeting