21:02:22 <ttx> #startmeeting 21:02:23 <openstack> Meeting started Tue Sep 20 21:02:22 2011 UTC. The chair is ttx. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:02:24 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic. 21:02:28 <medberry> \o 21:02:33 <notmyname> ttx: here 21:02:38 <ttx> Welcome to the last meeting of the Diablo era... Today's agenda is at: 21:02:43 <ttx> #link http://wiki.openstack.org/Meetings/TeamMeeting 21:02:52 <ttx> #topic Actions from previous meeting 21:03:02 <ttx> * jaypipes to send a diablo-focus email for Glance devs: DONE 21:03:10 <ttx> * ttx to rename "Incubation" track to "NetStack" in summit: DONE 21:03:23 <ttx> #topic Focus on release notes 21:03:36 <ttx> Starting today we are in pre-release stasis 21:03:49 <ttx> So only critical showstoppers should be accepted to milestone-proposed 21:04:04 <ttx> It's time to shift focus to documenting known issues, upgrade quirks, features... 21:04:19 <ttx> It's a team effort, and the wiki is at: 21:04:24 <ttx> #link http://wiki.openstack.org/ReleaseNotes/Diablo 21:04:27 <jaypipes> ttx: and documentation... 21:04:44 <ttx> documentation is a bit outside the ReleaseNotes scope, but yes 21:04:58 <ttx> This page needs to be complete and ready by end of day Sep 21, so please contribute... 21:05:08 <ttx> Questions ? 21:05:15 <jaypipes> ttx: will do. 21:05:56 <ttx> #topic Swift status 21:06:02 <ttx> notmyname: o/ 21:06:08 <notmyname> yay swift 21:06:26 <notmyname> I don't think I have any news 21:06:48 <ttx> for the ReleaseNotes, I guess you should focus on the difference with the last openstack common release 21:07:09 <ttx> Do I have your final singoff to include Swift 1.4.3 in the common OpenStack 2011.3 release ? 21:07:13 <ttx> signoff 21:07:17 <notmyname> for version in VCS: cat CHANGELOG >>releasenotes.txt 21:07:53 <notmyname> ttx: yes. swift 1.4.3 is good to be used as openstack 2011.3 release 21:07:54 <ttx> notmyname: I was thinking about upgrade notes, like the fact that some patrs of the code now live in separate projects 21:08:21 <ttx> but yes as far as features go, cat will work 21:08:29 <notmyname> ttx: of course ;-) 21:08:30 <ttx> Questions on Swift ? 21:09:08 <ttx> #topic Swift status 21:09:10 <ttx> arh 21:09:15 <ttx> #topic Glance status 21:09:22 <ttx> jaypipes: o/ 21:09:28 <jaypipes> ttx: yo. 21:09:30 <jaypipes> ttx: so... 21:09:36 <ttx> Looking at: https://launchpad.net/glance/+milestone/2011.3 you have two RC bugs remaining ? 21:10:32 <jaypipes> ttx: we have two bugs targeted still. one is a documentation thing that I definitely want in the final release. the other clears up a problematic hack that was really just added as a way to do testing, and now needs to be remove as it causes confusion around authentication 21:10:46 <jaypipes> Vek, wwkeyboard: ping 21:10:51 <jaypipes> s1rp: ping 21:11:02 <wwkeyboard> yes? 21:11:13 <ttx> jaypipes: any chance they can be pushed today ? 21:11:34 <jaypipes> wwkeyboard: heya, so I know that Vek has asked you to pick up that bug on removing the authtoken option in glance... not sure you will be able to get that done today? 21:11:44 <jaypipes> wwkeyboard: it's really just removing code, nothing more. 21:11:45 <s1rp> the documentation bug will be pushed today 21:11:52 <jaypipes> s1rp: rock on. ty. 21:12:19 <jaypipes> wwkeyboard: it's OK. I'm going to move that to Essex 1 milestone.. we can discuss offline... 21:12:25 <wwkeyboard> OK 21:12:32 <wwkeyboard> It does not look that simple to me. 21:12:47 <jaypipes> wwkeyboard: :) no probs. we can discuss later. 21:12:58 <Vek> probably isn't, given how intimately the token is tied to the functional tests... 21:13:03 <ttx> jaypipes: so you only keep the doc bug ? 21:13:09 <jaypipes> ttx: yep, moved. 21:13:14 <ttx> cool. 21:13:26 <jaypipes> ttx: I still need to cherry pick two patches into milestone-proposed, but we look pretty good. 21:13:33 <ttx> so we should be all set today, barring any last minute kitten killer 21:13:46 <jaypipes> ttx: what time exactly? 21:14:14 <ttx> jaypipes: "end of day" ? 21:14:23 <ttx> No strict deadline :) 21:14:33 <jaypipes> ttx: ah, ok... yes, I think so? :) 21:15:10 <ttx> Questions on Glance ? 21:15:44 <ttx> #topic Nova status 21:16:01 <ttx> vishy: o/ 21:16:10 <ttx> Looking at: https://launchpad.net/nova/+milestone/2011.3, one bug left: 21:16:13 <vishy> hi 21:16:36 <ttx> but should be in once jenkins restarts 21:16:56 <ttx> mtaylor: working on that ? 21:17:03 <pvo> vishy: we foudn one where xenserver builds don't resize the disk on initial boot. 21:17:05 <jaypipes> ttx: yes, they are. 21:17:10 <jaypipes> ttx: disk filled up... 21:17:11 <pvo> its being worked now. 21:17:20 <ttx> vishy: anything else in the pipe ? 21:17:35 <vishy> ttx: keystone stuff 21:17:43 <vishy> but we have a discussion on that later, yes? 21:17:45 <mtaylor> ttx: yes 21:17:46 <ttx> yes 21:17:51 <ttx> vishy: there is a security bug coming up too 21:17:52 <vishy> otherwise there is nothing pressing that I am aware of 21:18:05 <ttx> hopefully will be filed today 21:18:06 <annegentle> vishy: are we okay with no extension documentation going with the release? 21:18:11 <vishy> pvo, ttx: i will get those in if i can, please backport them 21:18:11 <ttx> johnpur: the sooner the better :) 21:18:12 <johnpur> ttx: asap 21:18:27 <annegentle> I can keep working on extension doc but it's swiss cheese holey. 21:18:28 <johnpur> working on it now 21:18:46 <pvo> vishy: will do. 21:19:09 <ttx> pvo: bug number ? 21:19:16 <pvo> https://bugs.launchpad.net/nova/+bug/845714 21:19:17 <uvirtbot> Launchpad bug 845714 in nova "VDI is not resized to instance_type local_gb on initial boot" [High,New] 21:19:34 <wwkeyboard> ohh… thats me again 21:19:40 <ttx> ok, targeted 21:19:52 <ttx> wwkeyboard: are you the new default assignee ? 21:20:16 <ttx> Questions on Nova ? 21:20:17 <wwkeyboard> Is that the downside of a name that starts with two 'a's 21:20:44 <medberry> which explains the IRC nick 21:20:59 <jaypipes> heh 21:21:11 <ttx> #topic Incubated projects news 21:21:31 <danwent> quantum: about to release for diablo 21:21:40 <danwent> quantum: proposals for essex in full swing. 21:21:40 <ttx> So there seems to be a problem with Keystone and Diablo. vishy ? 21:21:45 <danwent> not much other than that :) 21:21:57 * ttx reconnects 21:21:59 <ttx> <ttx> So there seems to be a problem with Keystone and Diablo. vishy ? 21:23:08 <danwent> quantum: oh, and we switched from launchpad to github, thanks jeblair! 21:23:30 <vishy> there are many 21:23:51 <ttx> vishy: do we have a known version that works with Diablo taht we could recommend ? 21:23:53 <pvo> ttx: we also should consider this one as well: https://bugs.launchpad.net/bugs/850389 21:23:55 <uvirtbot> Launchpad bug 850389 in glance "snapshots are not private by default" [Undecided,New] 21:24:03 <ttx> (and that we would encourage Ubuntu to package) 21:24:15 <vishy> so the main issue is that we don't have a consistent package for keystone that we can ship in diablo 21:24:20 <ttx> jaypipes: ^ 21:24:28 <vishy> apparently the first "release" of keystone is 6 weeks out 21:24:34 <vishy> so we need an interim solution 21:24:53 <ttx> a "recommended for Diablo" version ? 21:25:04 <vishy> ttx: we could use a version from about a week ago 21:25:13 <vishy> which mostly works (I think) 21:25:21 <medberry> with the current Diablo? 21:25:26 <antonym> i've had a few issues with the latest versions of keystone. i believe some of the changes around tenantid broke some stuff 21:25:27 <medberry> with the current Diablo Nova? 21:25:35 <vishy> but keystone has been in such flux, i don't know if there is a solid point to set it 21:25:42 <rmk> antonym: yes, confirmed, I did as well and commented on the specific commit which changed that 21:25:44 <jaypipes> ttx: yes, this has bitten us as well: https://bugs.launchpad.net/glance/+bug/839559 21:25:44 <ttx> vishy: as far as I'm concerned (Keystone not being core in Diablo) we can go as far as talking abot it in release notes 21:25:47 <uvirtbot> Launchpad bug 839559 in glance "update the glance config files with keystone auth examples" [Low,Fix committed] 21:26:12 <rmk> ttx: The only way to use the dashboard is with keystone 21:26:13 <johnpur> vishy, ttx: is it worth trying to ship an interim that we cannot validate? 21:26:18 <ttx> jaypipes: no I was talking about <pvo> ttx: we also should consider this one as well: https://bugs.launchpad.net/bugs/850389 21:26:18 <uvirtbot> Launchpad bug 850389 in glance "snapshots are not private by default" [Undecided,New] 21:26:26 <rmk> So no keystone, no dashboard 21:26:38 <ttx> johnpur: I don't ship Keystone in 2011.3 21:26:57 <johnpur> does dash have a version it is tested with? 21:27:10 <vishy> ttx: so we ship diablo with no auth? 21:27:18 <vishy> :( 21:27:20 <jaypipes> ttx: oh, sorry... I guess I'm not sure what you're asking me? 21:27:37 <johnpur> vishy: the old auth still works, correct? 21:27:39 <westmaas> we can find one that works, and document that, I think that's what ttx is saying? 21:27:39 <heckj_> We've (dash) been attempting to track and test on trunk 21:27:53 <vishy> westmaas: I'm all for that 21:28:00 <ttx> vishy: Keystone is separate from core projects atm -- that doesn't mean they shouldn't have a version compatible with Diablo 21:28:10 <vishy> i think we need at least some buy in from keystone guys 21:28:11 <rmk> I'd suggest a branch prior to yesterday's commits 21:28:22 <rmk> and fix whatever is broken against that 21:28:25 <vishy> i.e. A tagged revision number 21:28:29 <ttx> just that we have more flexibility due to it not being core and released 21:28:36 <vishy> and hopefully we can build packages off of that 21:28:38 <antonym> the most recent commit i had good success on with keystone was https://github.com/openstack/keystone/commit/8a0fcd001f547d7efe3b25e997ba2010111cc839 some of the newer ones past that may work but that's the one i've been running with for now 21:29:03 <westmaas> any keystoners here? 21:29:13 <annegentle> westmaas: heh. just heh. 21:29:14 <dolphm> *raises hand* 21:29:35 <Vek> *cough* 21:31:32 <westmaas> antonym: were you running that version with a nova pretty close to when we did our diablo branch? 21:31:35 <dolphm> our goal right now is to fulfill the contract laid out in our documentation, and as we race toward that goal, we're creating work for the other projects... so if you define diablo-compatible in terms of our API, the implementation is a couple weeks away, but if you define diablo-compatible in terms of compatibility with other projects... i think that was yesterday as rmk pointed out 21:31:38 <zykes-> any meeting now or ? 21:32:15 <westmaas> I think it was broken for ant yesterday 21:32:18 <ttx> I define diablo as compatible with the rest of diablo, personally 21:32:22 <jaypipes> zykes-: 30 minutes until Quantum meeting. this is the weekly project status meeting. 21:32:24 <medberry> zykes-, I think we're still in the middle. 21:32:26 <antonym> westmaas: yeah, i had to roll back to that version 21:32:26 <vishy> ok lets settle on on a revision number 21:32:35 <zykes-> ok 21:32:58 <rmk> 0425fba560e7d68e52f922667972765e64ad17dc mostly seemed to work 21:33:03 <rmk> https://github.com/openstack/keystone/commit/0425fba560e7d68e52f922667972765e64ad17dc 21:34:12 <rmk> Or https://github.com/openstack/keystone/commit/a9132101940ed85e86e44e1cd37cc5bfa07f0713 -- which goes back further and probably had a lot more usage against it 21:34:30 <anotherjesse> sorry if I'm late - is it too late to talk about auth api for diablo? 21:34:43 <jaypipes> anotherjesse: hehe, that's the current topic. 21:35:25 <anotherjesse> the current thought is to ship an old version of keystone? 21:35:38 <ttx> anotherjesse: looks like the only way out ? 21:35:45 <jaypipes> anotherjesse: old == day or two ago... 21:36:00 <dolphm> old == behind it's documentation 21:36:11 <medberry> proposals are for 12d.o, 5d.o and 1d.o 21:36:21 <zykes-> this is for the .3 milestone ? 21:36:27 <anotherjesse> shipping an old version means we are telling people to deploy clouds with auth that isn't done 21:36:34 <anotherjesse> there are 3 calls that need to be correct: 21:36:35 <vishy> zykes-: this is for the diablo final release yes 21:36:37 <anotherjesse> CREATE TOKEN: 21:36:37 <anotherjesse> posting: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/auth_credentials.json TO /v2.0/tokens 21:36:38 <anotherjesse> returns: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/auth.json 21:36:38 <anotherjesse> (if this could return tenant id(/name) then we wouldn't need admin token for user dash) 21:36:38 <anotherjesse> VALIDATE (GET) TOKEN: (admin endpoint) 21:36:39 <anotherjesse> GET /v2.0/tokens/(TOKEN_ID) 21:36:39 <anotherjesse> returns: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/validatetoken.json 21:36:39 <anotherjesse> ^ should have tenant id, tenant name , and user id 21:36:39 <anotherjesse> GET TENANTS FOR TOKEN: (user endpoint) 21:36:39 <uvirtbot> anotherjesse: Error: "should" is not a valid command. 21:36:40 <anotherjesse> GET /v2.0/tenants 21:36:40 <anotherjesse> returns: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/tenants.json 21:37:15 <zykes-> vishy: i thought the final release was .4 ? 21:37:16 <anotherjesse> if keystone implements those correctly, then we don't have to ship a broken auth system 21:37:19 <vishy> dolphm: can we have those modifications in today? 21:37:47 <vishy> zykes-: w'ere talking about the final diablo release that is supposed to ship on the 22nd 21:38:03 <ttx> zykes-: Diablo = 2011.3 21:38:06 <zykes-> ah 21:38:14 <zykes-> so keystone isn't milestoned ? 21:38:18 <anotherjesse> I am concerned about people tooling for apis that kinda worked at some point 21:38:20 <medberry> I don't think there will be a 2011.4 21:38:22 <westmaas> anotherjesse: changes are only required on keystone side? 21:38:23 <ttx> zykes-: stop interrupting please 21:38:32 <dolphm> vishy: looking at what anotherjesse pasted... I also just opened a review for role names & ID's in POST /tokens/{token_id} 21:38:35 <anotherjesse> westmaas - and middleware 21:38:39 <anotherjesse> westmaas - yes 21:38:46 <vishy> anotherjesse: that means patching middleware in all three projects as well 21:38:56 <anotherjesse> vishy - yes - a pita 21:39:01 <vishy> anotherjesse: is the swift middleware still in keystone? 21:39:10 <anotherjesse> not sure - swift guys around? 21:39:27 <vishy> anotherjesse: I'm not worried about the pita. I'm worried about getting it in by tomorrow and having any confidence that it will actually work 21:39:48 <anotherjesse> vishy - the interace between the mdidleware and projects isn't changing 21:39:59 <anotherjesse> vishy - so I don't worry about cascading failures (that much) 21:40:18 <anotherjesse> who needs sleep ;-/ 21:40:19 <ttx> depending on keystone in any way while it was still outside the release process was not such a great idea. 21:40:27 <vishy> jaypipes: thoughts? 21:40:28 <dolphm> anotherjesse: i think we can have those changes done late today / tomorrow 21:40:33 <jaypipes> vishy: reading back.. 21:40:38 <dolphm> ttx: agree 21:41:00 <anotherjesse> dolphm: we (sleepsonthefloor, myself and a few others) can help 21:41:19 <anotherjesse> vishy: maybe a solution is that we ship diablo (nova/..) with noauth 21:41:27 <anotherjesse> and then separately have keystone release with the middleware? 21:41:47 <vishy> anotherjesse: we are shipping with noauth by default 21:41:58 <anotherjesse> i REALLY don't want a auth api that we are going to delete in weeks to continue to be what we have to support for years 21:42:13 <pvo> anotherjesse: ++ 21:42:24 <ttx> anotherjesse: at this point this would have my preference. 21:42:43 <pvo> dare I ask should we delay? 21:42:43 <jaypipes> OK, so is this something that we want to postpone the Diablo release until Keystone is stabilized on the issues anotherjesse brought up above? 21:42:54 <anotherjesse> so - nova/swift/glance ship without keystone integration - and we work our *** off to make it so we have a keystone release this week that works iwth them? 21:42:54 <jaypipes> pvo: heh, beat me to it :) 21:43:05 <dolphm> anotherjesse: is that a complete list? 21:43:08 <pvo> jaypipes: but you are more eloquent. : ) 21:43:11 <vishy> anotherjesse: I'm not opposed to merging changes into nova for keystone middleware, since it isn't the default install 21:43:12 <anotherjesse> dolphm: for the integration yes 21:43:20 <anotherjesse> dolphm: the other apis aren't in use (yet) 21:43:24 <ttx> jaypipes: I don't want to delay because an incubated project is not ready. that's the whole point of having core and noncore projects 21:43:36 <dolphm> what's our ideal deadline to make those changes at this point? 21:43:44 <medberry> EOD 21:43:47 <vishy> dolphm: + more change 21:43:51 <anotherjesse> a week ago 21:43:53 <vishy> 1 more that is 21:44:14 <vishy> ec2tokens needs to stay the same and send back the same stuff as tokens 21:45:00 <anotherjesse> given that we are shipping noauth in nova/swift/glance 21:45:18 <anotherjesse> is it acceptable to say that keystone integration middleware won't be in the core projects --- it will be in keystone for now? 21:45:21 <anotherjesse> (as it has been for nova) 21:45:45 <ttx> anotherjesse: that makes sense to me 21:45:47 <anotherjesse> if so - then we should release diablo and work our *** off to get keystone out the door - since the changes should not require changes in nova/swift/glance 21:46:08 <johnpur> anotherjesse: +1 21:46:12 <vishy> anotherjesse: I don't like it but I don't see much other choice 21:46:15 <jaypipes> ttx: well, if it means anything, we've been bitten by keystone version drift affecting glance, but fixes for those things have gone into essex, not diablo: https://bugs.launchpad.net/glance/+bug/851026 21:46:16 <westmaas> is the middleware in glance and swift right now? 21:46:16 <uvirtbot> Launchpad bug 851026 in glance "Keystone version drift impacting functional tests" [High,Fix committed] 21:46:20 <Daviey> wait, keystone is still optional for diablo? 21:46:35 <anotherjesse> Daviey: if you don't care about auth you don't have to use keytsone 21:46:38 <jaypipes> westmaas: the middleware is actually in the keystone project, but yes... 21:46:43 <vishy> anotherjesse: we're basically saying diablo is broken imo 21:46:48 <rmk> anotherjesse: Or don't care about the dashboard 21:46:55 <vishy> the current middleware for nova is in nova 21:46:57 <vishy> not keystone 21:47:03 <vishy> so we need to move it to keystone 21:47:08 <anotherjesse> rmk: we've been working on the dash integration with keystone,glance,nova - exactly the problem :) 21:47:09 <westmaas> oh i see. 21:47:18 <jaypipes> vishy: westmaas was referring to swift and glance, sorry 21:47:18 <vishy> shall i propose a patch, removing the middleware from nova? 21:47:28 <Daviey> vishy: for Essex, right? 21:47:36 <rmk> anotherjesse: right but all of those can work without keystone except the dashboard 21:47:40 <ttx> vishy: does that plan mean any change on nova's side ? Like doc ? 21:47:40 <ttx> jaypipes: same question for glance 21:47:40 * ttx is a bit lost in the implications 21:47:45 <vishy> Daviey: no we're talking about removing it completely 21:47:49 <Daviey> !!! 21:47:50 <openstack> Daviey: Error: "!!" is not a valid command. 21:47:57 <vishy> I know, I'm not happy either 21:48:08 <Daviey> This is really kinda scary to be doing it moments before release. 21:48:12 * ttx missed a few messages 21:48:26 <vishy> it means anyone who wants auth is forced to used deprecated auth 21:48:27 <anotherjesse> we aren't removing anything -it is that we didn't get keystone integration done 21:48:28 <annegentle> the documentation is behind anyway, as far as integration with Compute 21:48:42 <ttx> Daviey: told you that was the right choice :) 21:48:42 <Daviey> vishy: In Ubuntu, we are defaulting to deprecated auth for diablo. 21:48:44 <vishy> ttx: I don't think there are significant doc changes 21:48:53 <vishy> Daviey, so you got no worries then 21:48:59 <Daviey> ttx: Erm, do you want me to grep my logs? ;) 21:49:22 <anotherjesse> deprecated auth is :( 21:49:25 <anotherjesse> but better than nothing 21:49:45 <vishy> so do we put deprecated auth back to default? 21:49:50 <vishy> or default to noauth? 21:49:52 <anotherjesse> or no-auth? 21:50:01 <annegentle> deprecated auth helps the doc situation. 21:50:01 <Daviey> Well the problem is, the cycle started not knowing that keystone was going to be core midway. 21:50:04 <johnpur> vishy: yes 21:50:11 <rmk> at least people are used to deprecated auth 21:50:11 <dolphm> Daviey: ++ 21:50:16 <ttx> Daviey: it's not core midway 21:50:34 <medberry> it's core at Essex? 21:50:34 <ttx> Daviey: it's still incubating for diablo. 21:50:35 <jaypipes> is deprecated auth the original sqlalchemy-based auth manager? 21:50:41 <Daviey> ttx: When did keystone become core? 21:50:45 <vishy> jaypipes: yup 21:50:47 <jaypipes> Daviey: essex 21:50:54 <Daviey> ttx: incubating, but close to mandatory? 21:50:55 <ttx> Daviey: the problem is that Nova grew an overconfident dep on it 21:50:57 <vishy> sqlalchemy + ldap 21:50:58 <jaypipes> Daviey: it was voted into core from incubation about 3 weeks ago. 21:51:14 <anotherjesse> the issue with deprecated auth manager is that it means there is not a good user experience… which is why we've been pushing hard 21:51:16 <jaypipes> vishy: got it, thx 21:51:21 <vishy> ttx: we don't have a dependency on it 21:51:35 <anotherjesse> anyway - so - noauth vs. deprecated - which is less confusing? 21:51:37 <ttx> vishy: dependency is not the right word. Affinity ? 21:51:46 <Daviey> jaypipes: Ah yes, but it looks like the direction of this conversation was to make it pretty much mandatory for diablo? 21:51:48 <vishy> ttx: we just decided to default to noauth with the idea that people could use keystone for real deploys 21:51:50 <anotherjesse> neither works with dashboard? (or is there a branch it works with?) 21:51:59 <ttx> vishy: ok 21:52:23 <rmk> anotherjesse: I'd love to know if there's a branch which doesn't require keystone - haven't seen one 21:52:24 <ttx> then maybe we should default to noauth... your choice 21:52:26 <johnpur> people are running with the deprecated auth currently 21:52:35 <anotherjesse> then let them eat cake ;) 21:52:36 <vishy> no keystone == no functional openstack system IMO 21:52:40 <johnpur> i vote to make this the default (still) 21:52:42 <jaypipes> Daviey: Glance never took the approach of making it mandatory... Glance has entirely optional integration with keystone. 21:52:43 <anotherjesse> deprecated auth 21:53:08 <vishy> I had no idea keystone wasn't going to release at diablo 21:53:17 <anotherjesse> me either :( 21:53:23 <Daviey> jaypipes: Glance can be smug then :) 21:53:31 <anotherjesse> Daviey: we have optional integration 21:53:33 <anotherjesse> in nova 21:53:34 <jaypipes> ok, brass tacks here... do we delay the release or not? 21:53:45 <jaypipes> Daviey: not being smug... life was easier for Glance. :) 21:53:50 <Daviey> :) 21:53:53 <vishy> guys, it is all well and good to say, hey we're great we don't need keystone 21:53:59 <anotherjesse> the problem is that it is nova/dash/swift each have their own user systems without 21:54:00 <vishy> but fyi, you can't deploy a cloud without it 21:54:08 <vishy> you have a) no dashboard 21:54:13 <vishy> b) no public glance server 21:54:23 <anotherjesse> no private 21:54:28 <jaypipes> vishy: I understand you completely. that's why I'm asking if we should delay. 21:54:31 <pvo> I think we should delay to get it working. 21:54:38 <jk0> +1 21:54:40 <vishy> c) you have to manage users and tenants separately for swift and nova 21:54:40 <Daviey> vishy: Our stance is that for diablo, keystone and dashboard are released - but not offically supported. 21:54:48 <Daviey> Ie, doesn't work OOTB 21:54:58 <vishy> Daviey: that is fine, what are you doing with glance? 21:55:00 <Daviey> Which is why we are using deprecated auth for default install. 21:55:01 <ttx> pvo: if I had *any* visibility on when it will be ready, i could consider a short delay. But I have none 21:55:11 <vishy> Daviey: how do users upload images, using nova-objectstore? 21:55:17 <Daviey> vishy: yes 21:55:25 <pvo> ttx: are any keystone people here that can speak to this? 21:55:37 <vishy> Daviey: so you have a reasonable solution, which is use the ec2 api 21:55:46 <dolphm> pvo: on what issue, exactly 21:55:52 <vishy> Daviey: unfortunately I don't think that solution works for openstack 21:55:55 <westmaas> dolphm said a today or tomorrow for what anotherjesse laid out 21:56:01 <pvo> dolphm: <vishy> Daviey: how do users upload images, using nova-objectstore? 21:56:01 <westmaas> assuming that's all we have 21:56:05 <pvo> er 21:56:08 <pvo> silly scroll 21:56:17 <dolphm> lol 21:56:17 <pvo> dolphm: ttx> pvo: if I had *any* visibility on when it will be ready, i could consider a short delay. But I have none 21:56:26 <Daviey> vishy: ah. 21:56:39 <ttx> vishy: you have a complete cloud with nova + keystone, doesn't mean we need to wait for keystone to release nova, right ? 21:57:12 <vishy> ttx: it all works fine if you are deploying independent chunks 21:57:18 <vishy> ttx: or testing it, etc. 21:57:29 <anotherjesse> so - if we don't think there will be changes to nova/swift/glance 21:57:32 <vishy> ttx: but we have no fully operational production cloud without something like keystone 21:57:35 <anotherjesse> should we release as is 21:57:37 <Daviey> Is it unreasonable for nova to suggest a keystone snapshot, until it is released? 21:57:40 <johnpur> vishy: or have worked around it 21:57:49 <vishy> Daviey: that is what I was proposing 21:57:49 <ttx> vishy: agreed, and wez should definitely have a good keystone released asap 21:57:54 <anotherjesse> and then have a "diablo+" documentation which talks about integration with incubation projects: dash/keystone 21:58:08 <vishy> Daviey: but anotherjesse is pushing to make sure the api is right in the snapshot 21:58:09 <anotherjesse> since it isn't really a step backwards 21:58:15 <vishy> which i agree with 21:58:15 <pvo> anotherjesse: sure, that works. 21:58:22 <vishy> but it might means waiting a few days 21:58:35 <Daviey> vishy: the only problem comes, if nova needs changes for keystone final 21:58:44 <anotherjesse> vishy: we don't have to wait - diablo released without keystone isn't what we want 21:58:48 <anotherjesse> but it isn't worse than cactus 21:58:49 <anotherjesse> :-/ 21:58:51 <vishy> Daviey: they will be middleware changes 21:58:54 <ttx> anotherjesse: +1 21:58:56 <Daviey> I can state that Ubuntu will not be upset if nova is delayed BTW. 21:58:57 <vishy> anotherjesse: hilarious 21:59:17 <Daviey> We have a few patches that we need that won't land in time as-is, then we were looking to get into trunk and backporting. 21:59:20 <anotherjesse> I definitely do not want to ship with an auth api that isn't good 21:59:26 <anotherjesse> rather not have auth than auth that we don't want 21:59:33 <ttx> vishy: we still hope that keystone will be released asap 21:59:42 <anotherjesse> what is the cost of a delay to friday? 21:59:55 <anotherjesse> (i'm saying both things I realize - ship now and ship in 3 days) 22:00:00 <ttx> anotherjesse: friday is ok, but I see no reason t othink it would be ready on friday 22:00:20 <ttx> especially since "ready on friday" means released friday morning 22:00:26 <pvo> ttx: doesn't it give time to find the right snapshot? 22:00:27 <medberry> ttx, +1, I've not seen a real blueprint review of what it would take for Keystone to be done. 22:00:29 <anotherjesse> is the diablo+ documentation (where we talk about diablo plus the inclubation projects) a reasonable appraoch? 22:00:39 <dolphm> ttx: i think anotherjesse's short list of issues can certainly be done *well* before friday 22:00:47 <vishy> it seems like we could accomplish the goal of having the api correct 22:00:47 <anotherjesse> pvo - I'm pretty sure that what I posted is good enough 22:01:05 <vishy> we need concurrent changes to all the middlewares 22:01:17 <ttx> ok, we need to make progress. Could all people with an idea sum up their proposal 22:01:21 <anotherjesse> vishy - keysotne would release middleware in that project 22:01:23 <ttx> anotherjesse, vishy 22:01:43 <annegentle> who will write the diablo+ docs? 22:01:45 <pvo> anotherjesse: will re-read when we're done. Had to page out for a sec. 22:02:04 <anotherjesse> release diablo as planned -- then do a seperate preview release of dash/keystone that integrates with diablo asap with the proper auth api 22:02:14 <anotherjesse> diablo as released doesn't have unified auth 22:02:21 <johnpur> and default to deprectaed auth 22:02:39 <SumitNaiksatam> Greetings! 22:02:40 <anotherjesse> the seperate release has updated middleware for each project that it integrates with 22:02:48 <pvo> anotherjesse: hmm. Ok. That works. 22:02:48 <ttx> then Keystone is released and all is great 22:02:51 <edgarmagana> Hi all! 22:02:55 <danwent> sumit: netstack meeting is delay until nova is finished 22:02:56 <ttx> anotherjesse: that's it ? 22:03:04 <anotherjesse> vishy: thouhts? 22:03:07 <ttx> sorry about that -- but this is pretty critical 22:03:12 <vishy> anotherjesse: do we pull out the existing middleware? 22:03:16 <danwent> ttx: no worries, this is very important. 22:03:31 <anotherjesse> vishy: I think it might be good to remove - or at least put a header in the file saying experimental? 22:03:45 <vishy> ok 22:03:47 <westmaas> the keystone release is going to include the new middleware right 22:03:49 <ttx> vishy: your counter-proposal is ? if any ? 22:03:52 <westmaas> seems like it should just come out 22:03:56 <dolphm> anotherjesse: that would be a very fair statement 22:03:58 <anotherjesse> vishy: yes 22:04:05 <vishy> I'm ok with that. 22:04:12 <ttx> that's what makes sense from a "core" projects pure definition 22:04:17 <vishy> I just really don't like the story that it tells 22:04:22 <anotherjesse> I know 22:04:31 <vishy> but I guess that is my medicine to take 22:04:34 <anotherjesse> not a step back - no one realized it was broken yet ;( 22:04:45 <ttx> any other plan sounds a bit open ended 22:05:02 <vishy> any other opinions on the default auth? Deprecated auth or no auth? 22:05:21 <jaypipes> what about documentation? Specifically about this diablo+ release. annegentle? 22:05:32 <annegentle> ^ yes what jaypipes said 22:05:32 <uvirtbot> annegentle: Error: "yes" is not a valid command. 22:05:36 <ttx> deprecatedauth makes more sense from an update perspective.. but noauth has been default now forever 22:05:38 <anotherjesse> annegentle: yes 22:05:52 <ttx> so any will do 22:05:54 <anotherjesse> annegentle: we will help 22:06:09 <vishy> ttx: yes I'm a little concerned about reverting the changes, but i think i could swing it if it is really important 22:06:15 <annegentle> anotherjesse: okay. I'd prefer generally the incubated project puts doc resources in. 22:06:33 <vishy> i think if we put in the release notes about how to configure each it is probably fine 22:06:39 <ttx> vishy: no, I'd keep noauth and explain in releasenotes 22:06:44 <johnpur> vishy: agree 22:06:59 <vishy> ok, so I will propose a merge removing the keystone middlewares 22:07:01 <ttx> not something we should change on day-1 22:07:07 <ttx> (the default) 22:07:30 <vishy> who can take proposing them into keystone? 22:07:43 <vishy> and I assume all of the other middlewares are still in keystone? 22:07:58 <dolphm> vishy: I can +2 for openstack/keystone, if that's what you're referring to 22:08:13 <ttx> notmyname, jaypipes ^ 22:08:15 <vishy> dolphm: I was actually looking for someone else to do the proposal 22:08:23 <vishy> anotherjesse: can you or sleepsonthefloor do that part? 22:08:29 <dolphm> vishy: i guess i'm lost 22:08:47 <anotherjesse> vishy: ya - we will tag on that today 22:08:59 <vishy> dolphm: I need to sleep :at some point 22:09:03 <anotherjesse> dolphm: we'll catch you up 22:09:06 <anotherjesse> :) 22:09:18 <jaypipes> ttx: yes, glance and swift middleware is in keystone already. 22:09:23 <dolphm> appreciated :) 22:09:25 <ttx> ok, can we wrap up ? 22:09:35 <ttx> or are there still hard feelings ? 22:09:46 <ttx> a release without a last-minute crisis is not a release. 22:09:49 <jaypipes> ttx: and actually, Nova's is too apparently... https://github.com/openstack/keystone/tree/master/keystone/middleware 22:10:10 <ttx> is the plan clear to everyone ? 22:10:17 <vishy> jaypipes: that was the old one 22:10:28 <vladimir3p> ttx: can you pls summarize it 22:10:31 <ttx> anotherjesse: can you take the lead on moving middleware back to keystone ? 22:10:34 <vishy> jaypipes: the "shim" version 22:10:35 <jaypipes> vishy: k 22:10:36 <anotherjesse> ttx: yes 22:10:48 <anotherjesse> vishy: not sure if shim will change 22:10:51 <ttx> because it's getting late around here 22:10:53 <anotherjesse> vishy: but will anyway 22:12:31 <annegentle> I wanted to say thanks to all who participated in the Doc Blitz. Over 100 comments on the http://docs.openstack.org/docblitz pages, wow. In the afternoon session we had a comment a minute rate. 22:12:42 <ttx> vladimir3p: do not ship keystone middleware in nova since keystoe is still evolving by release time 22:12:42 <ttx> ok, I'll skip the last topic 22:12:43 <ttx> #action ttx to turn his propose session rant into an email 22:12:44 <ttx> #topic Open discussion 22:12:44 <ttx> anything else ? 22:13:08 * ttx 's network dropped for a second 22:13:38 <ttx> vishy: are we ok ? 22:14:30 <ttx> anyone hears me ? 22:14:40 <jk0> yep 22:14:41 <medberry> yes 22:14:42 * Vek stopped paying attention a half-hour ago 22:14:42 <johnpur> ttx: yes 22:14:47 <ttx> ok :) 22:14:48 <ttx> #endmeeting