21:02:22 <ttx> #startmeeting
21:02:23 <openstack> Meeting started Tue Sep 20 21:02:22 2011 UTC.  The chair is ttx. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:02:24 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic.
21:02:28 <medberry> \o
21:02:33 <notmyname> ttx: here
21:02:38 <ttx> Welcome to the last meeting of the Diablo era... Today's agenda is at:
21:02:43 <ttx> #link http://wiki.openstack.org/Meetings/TeamMeeting
21:02:52 <ttx> #topic Actions from previous meeting
21:03:02 <ttx> * jaypipes to send a diablo-focus email for Glance devs: DONE
21:03:10 <ttx> * ttx to rename "Incubation" track to "NetStack" in summit: DONE
21:03:23 <ttx> #topic Focus on release notes
21:03:36 <ttx> Starting today we are in pre-release stasis
21:03:49 <ttx> So only critical showstoppers should be accepted to milestone-proposed
21:04:04 <ttx> It's time to shift focus to documenting known issues, upgrade quirks, features...
21:04:19 <ttx> It's a team effort, and the wiki is at:
21:04:24 <ttx> #link http://wiki.openstack.org/ReleaseNotes/Diablo
21:04:27 <jaypipes> ttx: and documentation...
21:04:44 <ttx> documentation is a bit outside the ReleaseNotes scope, but yes
21:04:58 <ttx> This page needs to be complete and ready by end of day Sep 21, so please contribute...
21:05:08 <ttx> Questions ?
21:05:15 <jaypipes> ttx: will do.
21:05:56 <ttx> #topic Swift status
21:06:02 <ttx> notmyname: o/
21:06:08 <notmyname> yay swift
21:06:26 <notmyname> I don't think I have any news
21:06:48 <ttx> for the ReleaseNotes, I guess you should focus on the difference with the last openstack common release
21:07:09 <ttx> Do I have your final singoff to include Swift 1.4.3 in the common OpenStack 2011.3 release ?
21:07:13 <ttx> signoff
21:07:17 <notmyname> for version in VCS: cat CHANGELOG >>releasenotes.txt
21:07:53 <notmyname> ttx: yes. swift 1.4.3 is good to be used as openstack 2011.3 release
21:07:54 <ttx> notmyname: I was thinking about upgrade notes, like the fact that some patrs of the code now live in separate projects
21:08:21 <ttx> but yes as far as features go, cat will work
21:08:29 <notmyname> ttx: of course ;-)
21:08:30 <ttx> Questions on Swift ?
21:09:08 <ttx> #topic Swift status
21:09:10 <ttx> arh
21:09:15 <ttx> #topic Glance status
21:09:22 <ttx> jaypipes: o/
21:09:28 <jaypipes> ttx: yo.
21:09:30 <jaypipes> ttx: so...
21:09:36 <ttx> Looking at: https://launchpad.net/glance/+milestone/2011.3 you have two RC bugs remaining ?
21:10:32 <jaypipes> ttx: we have two bugs targeted still. one is a documentation thing that I definitely want in the final release. the other clears up a problematic hack that was really just added as a way to do testing, and now needs to be remove as it causes confusion around authentication
21:10:46 <jaypipes> Vek, wwkeyboard: ping
21:10:51 <jaypipes> s1rp: ping
21:11:02 <wwkeyboard> yes?
21:11:13 <ttx> jaypipes: any chance they can be pushed today ?
21:11:34 <jaypipes> wwkeyboard: heya, so I know that Vek has asked you to pick up that bug on removing the authtoken option in glance... not sure you will be able to get that done today?
21:11:44 <jaypipes> wwkeyboard: it's really just removing code, nothing more.
21:11:45 <s1rp> the documentation bug will be pushed today
21:11:52 <jaypipes> s1rp: rock on. ty.
21:12:19 <jaypipes> wwkeyboard: it's OK. I'm going to move that to Essex 1 milestone.. we can discuss offline...
21:12:25 <wwkeyboard> OK
21:12:32 <wwkeyboard> It does not look that simple to me.
21:12:47 <jaypipes> wwkeyboard: :) no probs. we can discuss later.
21:12:58 <Vek> probably isn't, given how intimately the token is tied to the functional tests...
21:13:03 <ttx> jaypipes: so you only keep the doc bug ?
21:13:09 <jaypipes> ttx: yep, moved.
21:13:14 <ttx> cool.
21:13:26 <jaypipes> ttx:  I still need to cherry pick two patches into milestone-proposed, but we look pretty good.
21:13:33 <ttx> so we should be all set today, barring any last minute kitten killer
21:13:46 <jaypipes> ttx: what time exactly?
21:14:14 <ttx> jaypipes: "end of day" ?
21:14:23 <ttx> No strict deadline :)
21:14:33 <jaypipes> ttx: ah, ok... yes, I think so? :)
21:15:10 <ttx> Questions on Glance ?
21:15:44 <ttx> #topic Nova status
21:16:01 <ttx> vishy: o/
21:16:10 <ttx> Looking at: https://launchpad.net/nova/+milestone/2011.3, one bug left:
21:16:13 <vishy> hi
21:16:36 <ttx> but should be in once jenkins restarts
21:16:56 <ttx> mtaylor: working on that ?
21:17:03 <pvo> vishy: we foudn one where xenserver builds don't resize the disk on initial boot.
21:17:05 <jaypipes> ttx: yes, they are.
21:17:10 <jaypipes> ttx: disk filled up...
21:17:11 <pvo> its being worked now.
21:17:20 <ttx> vishy: anything else in the pipe ?
21:17:35 <vishy> ttx: keystone stuff
21:17:43 <vishy> but we have a discussion on that later, yes?
21:17:45 <mtaylor> ttx: yes
21:17:46 <ttx> yes
21:17:51 <ttx> vishy: there is a security bug coming up too
21:17:52 <vishy> otherwise there is nothing pressing that I am aware of
21:18:05 <ttx> hopefully will be filed today
21:18:06 <annegentle> vishy: are we okay with no extension documentation going with the release?
21:18:11 <vishy> pvo, ttx: i will get those in if i can, please backport them
21:18:11 <ttx> johnpur: the sooner the better :)
21:18:12 <johnpur> ttx: asap
21:18:27 <annegentle> I can keep working on extension doc but it's swiss cheese holey.
21:18:28 <johnpur> working on it now
21:18:46 <pvo> vishy: will do.
21:19:09 <ttx> pvo: bug number ?
21:19:16 <pvo> https://bugs.launchpad.net/nova/+bug/845714
21:19:17 <uvirtbot> Launchpad bug 845714 in nova "VDI is not resized to instance_type local_gb on initial boot" [High,New]
21:19:34 <wwkeyboard> ohh… thats me again
21:19:40 <ttx> ok, targeted
21:19:52 <ttx> wwkeyboard: are you the new default assignee ?
21:20:16 <ttx> Questions on Nova ?
21:20:17 <wwkeyboard> Is that the downside of a name that starts with two 'a's
21:20:44 <medberry> which explains the IRC nick
21:20:59 <jaypipes> heh
21:21:11 <ttx> #topic Incubated projects news
21:21:31 <danwent> quantum:  about to release for diablo
21:21:40 <danwent> quantum: proposals for essex in full swing.
21:21:40 <ttx> So there seems to be a problem with Keystone and Diablo. vishy ?
21:21:45 <danwent> not much other than that :)
21:21:57 * ttx reconnects
21:21:59 <ttx> <ttx> So there seems to be a problem with Keystone and Diablo. vishy ?
21:23:08 <danwent> quantum: oh, and we switched from launchpad to github, thanks jeblair!
21:23:30 <vishy> there are many
21:23:51 <ttx> vishy: do we have a known version that works with Diablo taht we could recommend ?
21:23:53 <pvo> ttx: we also should consider this one as well: https://bugs.launchpad.net/bugs/850389
21:23:55 <uvirtbot> Launchpad bug 850389 in glance "snapshots are not private by default" [Undecided,New]
21:24:03 <ttx> (and that we would encourage Ubuntu to package)
21:24:15 <vishy> so the main issue is that we don't have a consistent package for keystone that we can ship in diablo
21:24:20 <ttx> jaypipes: ^
21:24:28 <vishy> apparently the first "release" of keystone is 6 weeks out
21:24:34 <vishy> so we need an interim solution
21:24:53 <ttx> a "recommended for Diablo" version ?
21:25:04 <vishy> ttx: we could use a version from about a week ago
21:25:13 <vishy> which mostly works (I think)
21:25:21 <medberry> with the current Diablo?
21:25:26 <antonym> i've had a few issues with the latest versions of keystone.  i believe some of the changes around tenantid broke some stuff
21:25:27 <medberry> with the current Diablo Nova?
21:25:35 <vishy> but keystone has been in such flux, i don't know if there is a solid point to set it
21:25:42 <rmk> antonym: yes, confirmed, I did as well and commented on the specific commit which changed that
21:25:44 <jaypipes> ttx: yes, this has bitten us as well: https://bugs.launchpad.net/glance/+bug/839559
21:25:44 <ttx> vishy: as far as I'm concerned (Keystone not being core in Diablo) we can go as far as talking abot it in release notes
21:25:47 <uvirtbot> Launchpad bug 839559 in glance "update the glance config files with keystone auth examples" [Low,Fix committed]
21:26:12 <rmk> ttx: The only way to use the dashboard is with keystone
21:26:13 <johnpur> vishy, ttx: is it worth trying to ship an interim that we cannot validate?
21:26:18 <ttx> jaypipes: no I was talking about <pvo> ttx: we also should consider this one as well: https://bugs.launchpad.net/bugs/850389
21:26:18 <uvirtbot> Launchpad bug 850389 in glance "snapshots are not private by default" [Undecided,New]
21:26:26 <rmk> So no keystone, no dashboard
21:26:38 <ttx> johnpur: I don't ship Keystone  in 2011.3
21:26:57 <johnpur> does dash have a version it is tested with?
21:27:10 <vishy> ttx: so we ship diablo with no auth?
21:27:18 <vishy> :(
21:27:20 <jaypipes> ttx: oh, sorry... I guess I'm not sure what you're asking me?
21:27:37 <johnpur> vishy: the old auth still works, correct?
21:27:39 <westmaas> we can find one that works, and document that, I think that's what ttx is saying?
21:27:39 <heckj_> We've (dash) been attempting to track and test on trunk
21:27:53 <vishy> westmaas: I'm all for that
21:28:00 <ttx> vishy: Keystone is separate from core projects atm -- that doesn't mean they shouldn't have a version compatible with Diablo
21:28:10 <vishy> i think we need at least some buy in from keystone guys
21:28:11 <rmk> I'd suggest a branch prior to yesterday's commits
21:28:22 <rmk> and fix whatever is broken against that
21:28:25 <vishy> i.e.  A tagged revision number
21:28:29 <ttx> just that we have more flexibility due to it not being core and released
21:28:36 <vishy> and hopefully we can build packages off of that
21:28:38 <antonym> the most recent commit i had good success on with keystone was https://github.com/openstack/keystone/commit/8a0fcd001f547d7efe3b25e997ba2010111cc839 some of the newer ones past that may work but that's the one i've been running with for now
21:29:03 <westmaas> any keystoners here?
21:29:13 <annegentle> westmaas: heh. just heh.
21:29:14 <dolphm> *raises hand*
21:29:35 <Vek> *cough*
21:31:32 <westmaas> antonym: were you running that version with a nova pretty close to when we did our diablo branch?
21:31:35 <dolphm> our goal right now is to fulfill the contract laid out in our documentation, and as we race toward that goal, we're creating work for the other projects... so if you define diablo-compatible in terms of our API, the implementation is a couple weeks away, but if you define diablo-compatible in terms of compatibility with other projects... i think that was yesterday as rmk pointed out
21:31:38 <zykes-> any meeting now or ?
21:32:15 <westmaas> I think it was broken for ant yesterday
21:32:18 <ttx> I define diablo as compatible with the rest of diablo, personally
21:32:22 <jaypipes> zykes-: 30 minutes until Quantum meeting. this is the weekly project status meeting.
21:32:24 <medberry> zykes-, I think we're still in the middle.
21:32:26 <antonym> westmaas: yeah, i had to roll back to that version
21:32:26 <vishy> ok lets settle on on a revision number
21:32:35 <zykes-> ok
21:32:58 <rmk> 0425fba560e7d68e52f922667972765e64ad17dc mostly seemed to work
21:33:03 <rmk> https://github.com/openstack/keystone/commit/0425fba560e7d68e52f922667972765e64ad17dc
21:34:12 <rmk> Or https://github.com/openstack/keystone/commit/a9132101940ed85e86e44e1cd37cc5bfa07f0713 -- which goes back further and probably had a lot more usage against it
21:34:30 <anotherjesse> sorry if I'm late - is it too late to talk about auth api for diablo?
21:34:43 <jaypipes> anotherjesse: hehe, that's the current topic.
21:35:25 <anotherjesse> the current thought is to ship an old version of keystone?
21:35:38 <ttx> anotherjesse: looks like the only way out ?
21:35:45 <jaypipes> anotherjesse: old == day or two ago...
21:36:00 <dolphm> old == behind it's documentation
21:36:11 <medberry> proposals are for 12d.o, 5d.o and 1d.o
21:36:21 <zykes-> this is for the .3 milestone ?
21:36:27 <anotherjesse> shipping an old version means we are telling people to deploy clouds with auth that isn't done
21:36:34 <anotherjesse> there are 3 calls that need to be correct:
21:36:35 <vishy> zykes-: this is for the diablo final release yes
21:36:37 <anotherjesse> CREATE TOKEN:
21:36:37 <anotherjesse> posting: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/auth_credentials.json TO /v2.0/tokens
21:36:38 <anotherjesse> returns: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/auth.json
21:36:38 <anotherjesse> (if this could return tenant id(/name) then we wouldn't need admin token for user dash)
21:36:38 <anotherjesse> VALIDATE (GET) TOKEN: (admin endpoint)
21:36:39 <anotherjesse> GET /v2.0/tokens/(TOKEN_ID)
21:36:39 <anotherjesse> returns: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/validatetoken.json
21:36:39 <anotherjesse> ^ should have tenant id, tenant name , and user id
21:36:39 <anotherjesse> GET TENANTS FOR TOKEN: (user endpoint)
21:36:39 <uvirtbot> anotherjesse: Error: "should" is not a valid command.
21:36:40 <anotherjesse> GET /v2.0/tenants
21:36:40 <anotherjesse> returns: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/samples/tenants.json
21:37:15 <zykes-> vishy: i thought the final release was .4 ?
21:37:16 <anotherjesse> if keystone implements those correctly, then we don't have to ship a broken auth system
21:37:19 <vishy> dolphm: can we have those modifications in today?
21:37:47 <vishy> zykes-: w'ere talking about the final diablo release that is supposed to ship on the 22nd
21:38:03 <ttx> zykes-: Diablo = 2011.3
21:38:06 <zykes-> ah
21:38:14 <zykes-> so keystone isn't milestoned ?
21:38:18 <anotherjesse> I am concerned about people tooling for apis that kinda worked at some point
21:38:20 <medberry> I don't think there will be a 2011.4
21:38:22 <westmaas> anotherjesse: changes are only required on keystone side?
21:38:23 <ttx> zykes-: stop interrupting please
21:38:32 <dolphm> vishy: looking at what anotherjesse pasted... I also just opened a review for role names & ID's in POST /tokens/{token_id}
21:38:35 <anotherjesse> westmaas - and middleware
21:38:39 <anotherjesse> westmaas - yes
21:38:46 <vishy> anotherjesse: that means patching middleware in all three projects as well
21:38:56 <anotherjesse> vishy - yes - a pita
21:39:01 <vishy> anotherjesse: is the swift middleware still in keystone?
21:39:10 <anotherjesse> not sure - swift guys around?
21:39:27 <vishy> anotherjesse: I'm not worried about the pita.  I'm worried about getting it in by tomorrow and having any confidence that it will actually work
21:39:48 <anotherjesse> vishy - the interace between the mdidleware and projects isn't changing
21:39:59 <anotherjesse> vishy - so I don't worry about cascading failures (that much)
21:40:18 <anotherjesse> who needs sleep ;-/
21:40:19 <ttx> depending on keystone in any way while it was still outside the release process was not such a great idea.
21:40:27 <vishy> jaypipes: thoughts?
21:40:28 <dolphm> anotherjesse: i think we can have those changes done late today / tomorrow
21:40:33 <jaypipes> vishy: reading back..
21:40:38 <dolphm> ttx: agree
21:41:00 <anotherjesse> dolphm: we (sleepsonthefloor, myself and a few others) can help
21:41:19 <anotherjesse> vishy: maybe a solution is that we ship diablo (nova/..) with noauth
21:41:27 <anotherjesse> and then separately have keystone release with the middleware?
21:41:47 <vishy> anotherjesse: we are shipping with noauth by default
21:41:58 <anotherjesse> i REALLY don't want a auth api that we are going to delete in weeks to continue to be what we have to support for years
21:42:13 <pvo> anotherjesse: ++
21:42:24 <ttx> anotherjesse: at this point this would have my preference.
21:42:43 <pvo> dare I ask should we delay?
21:42:43 <jaypipes> OK, so is this something that we want to postpone the Diablo release until Keystone is stabilized on the issues anotherjesse brought up above?
21:42:54 <anotherjesse> so - nova/swift/glance ship without keystone integration - and we work our *** off to make it so we have a keystone release this week that works iwth them?
21:42:54 <jaypipes> pvo: heh, beat me to it :)
21:43:05 <dolphm> anotherjesse: is that a complete list?
21:43:08 <pvo> jaypipes: but you are more eloquent. : )
21:43:11 <vishy> anotherjesse: I'm not opposed to merging changes into nova for keystone middleware, since it isn't the default install
21:43:12 <anotherjesse> dolphm: for the integration yes
21:43:20 <anotherjesse> dolphm: the other apis aren't in use (yet)
21:43:24 <ttx> jaypipes: I don't want to delay because an incubated project is not ready. that's the whole point of having core and noncore projects
21:43:36 <dolphm> what's our ideal deadline to make those changes at this point?
21:43:44 <medberry> EOD
21:43:47 <vishy> dolphm: + more change
21:43:51 <anotherjesse> a week ago
21:43:53 <vishy> 1 more that is
21:44:14 <vishy> ec2tokens needs to stay the same and send back the same stuff as tokens
21:45:00 <anotherjesse> given that we are shipping noauth in nova/swift/glance
21:45:18 <anotherjesse> is it acceptable to say that keystone integration middleware won't be in the core projects --- it will be in keystone for now?
21:45:21 <anotherjesse> (as it has been for nova)
21:45:45 <ttx> anotherjesse: that makes sense to me
21:45:47 <anotherjesse> if so - then we should release diablo and work our *** off to get keystone out the door - since the changes should not require changes in nova/swift/glance
21:46:08 <johnpur> anotherjesse: +1
21:46:12 <vishy> anotherjesse: I don't like it but I don't see much other choice
21:46:15 <jaypipes> ttx: well, if it means anything, we've been bitten by keystone version drift affecting glance, but fixes for those things have gone into essex, not diablo: https://bugs.launchpad.net/glance/+bug/851026
21:46:16 <westmaas> is the middleware in glance and swift right now?
21:46:16 <uvirtbot> Launchpad bug 851026 in glance "Keystone version drift impacting functional tests" [High,Fix committed]
21:46:20 <Daviey> wait, keystone is still optional for diablo?
21:46:35 <anotherjesse> Daviey: if you don't care about auth you don't have to use keytsone
21:46:38 <jaypipes> westmaas: the middleware is actually in the keystone project, but yes...
21:46:43 <vishy> anotherjesse: we're basically saying diablo is broken imo
21:46:48 <rmk> anotherjesse: Or don't care about the dashboard
21:46:55 <vishy> the current middleware for nova is in nova
21:46:57 <vishy> not keystone
21:47:03 <vishy> so we need to move it to keystone
21:47:08 <anotherjesse> rmk: we've been working on the dash integration with keystone,glance,nova - exactly the problem :)
21:47:09 <westmaas> oh i see.
21:47:18 <jaypipes> vishy: westmaas was referring to swift and glance, sorry
21:47:18 <vishy> shall i propose a patch, removing the middleware from nova?
21:47:28 <Daviey> vishy: for Essex, right?
21:47:36 <rmk> anotherjesse: right but all of those can work without keystone except the dashboard
21:47:40 <ttx> vishy: does that plan mean any change on nova's side ? Like doc ?
21:47:40 <ttx> jaypipes: same question for glance
21:47:40 * ttx is a bit lost in the implications
21:47:45 <vishy> Daviey: no we're talking about removing it completely
21:47:49 <Daviey> !!!
21:47:50 <openstack> Daviey: Error: "!!" is not a valid command.
21:47:57 <vishy> I know, I'm not happy either
21:48:08 <Daviey> This is really kinda scary to be doing it moments before release.
21:48:12 * ttx missed a few messages
21:48:26 <vishy> it means anyone who wants auth is forced to used deprecated auth
21:48:27 <anotherjesse> we aren't removing anything -it is that we didn't get keystone integration done
21:48:28 <annegentle> the documentation is behind anyway, as far as integration with Compute
21:48:42 <ttx> Daviey: told you that was the right choice :)
21:48:42 <Daviey> vishy: In Ubuntu, we are defaulting to deprecated auth for diablo.
21:48:44 <vishy> ttx: I don't think there are significant doc changes
21:48:53 <vishy> Daviey, so you got no worries then
21:48:59 <Daviey> ttx: Erm, do you want me to grep my logs? ;)
21:49:22 <anotherjesse> deprecated auth is :(
21:49:25 <anotherjesse> but better than nothing
21:49:45 <vishy> so do we put deprecated auth back to default?
21:49:50 <vishy> or default to noauth?
21:49:52 <anotherjesse> or no-auth?
21:50:01 <annegentle> deprecated auth helps the doc situation.
21:50:01 <Daviey> Well the problem is, the cycle started not knowing that keystone was going to be core midway.
21:50:04 <johnpur> vishy: yes
21:50:11 <rmk> at least people are used to deprecated auth
21:50:11 <dolphm> Daviey: ++
21:50:16 <ttx> Daviey: it's not core midway
21:50:34 <medberry> it's core at Essex?
21:50:34 <ttx> Daviey: it's still incubating for diablo.
21:50:35 <jaypipes> is deprecated auth the original sqlalchemy-based auth manager?
21:50:41 <Daviey> ttx: When did keystone become core?
21:50:45 <vishy> jaypipes: yup
21:50:47 <jaypipes> Daviey: essex
21:50:54 <Daviey> ttx: incubating, but close to mandatory?
21:50:55 <ttx> Daviey: the problem is that Nova grew an overconfident dep on it
21:50:57 <vishy> sqlalchemy + ldap
21:50:58 <jaypipes> Daviey: it was voted into core from incubation about 3 weeks ago.
21:51:14 <anotherjesse> the issue with deprecated auth manager is that it means there is not a good user experience… which is why we've been pushing hard
21:51:16 <jaypipes> vishy: got it, thx
21:51:21 <vishy> ttx: we don't have a dependency on it
21:51:35 <anotherjesse> anyway - so - noauth vs. deprecated - which is less confusing?
21:51:37 <ttx> vishy: dependency is not the right word. Affinity ?
21:51:46 <Daviey> jaypipes: Ah yes, but it looks like the direction of this conversation was to make it pretty much mandatory for diablo?
21:51:48 <vishy> ttx: we just decided to default to noauth with the idea that people could use keystone for real deploys
21:51:50 <anotherjesse> neither works with dashboard?  (or is there a branch it works with?)
21:51:59 <ttx> vishy: ok
21:52:23 <rmk> anotherjesse: I'd love to know if there's a branch which doesn't require keystone - haven't seen one
21:52:24 <ttx> then maybe we should default to noauth... your choice
21:52:26 <johnpur> people are running with the deprecated auth currently
21:52:35 <anotherjesse> then let them eat cake ;)
21:52:36 <vishy> no keystone == no functional openstack system IMO
21:52:40 <johnpur> i vote to make this the default (still)
21:52:42 <jaypipes> Daviey: Glance never took the approach of making it mandatory... Glance has entirely optional integration with keystone.
21:52:43 <anotherjesse> deprecated auth
21:53:08 <vishy> I had no idea keystone wasn't going to release at diablo
21:53:17 <anotherjesse> me either :(
21:53:23 <Daviey> jaypipes: Glance can be smug then :)
21:53:31 <anotherjesse> Daviey: we have optional integration
21:53:33 <anotherjesse> in nova
21:53:34 <jaypipes> ok, brass tacks here... do we delay the release or not?
21:53:45 <jaypipes> Daviey: not being smug... life was easier for Glance. :)
21:53:50 <Daviey> :)
21:53:53 <vishy> guys, it is all well and good to say, hey we're great we don't need keystone
21:53:59 <anotherjesse> the problem is that it is nova/dash/swift each have their own user systems without
21:54:00 <vishy> but fyi, you can't deploy a cloud without it
21:54:08 <vishy> you have a) no dashboard
21:54:13 <vishy> b) no public glance server
21:54:23 <anotherjesse> no private
21:54:28 <jaypipes> vishy: I understand you completely. that's why I'm asking if we should delay.
21:54:31 <pvo> I think we should delay to get it working.
21:54:38 <jk0> +1
21:54:40 <vishy> c) you have to manage users and tenants separately for swift and nova
21:54:40 <Daviey> vishy: Our stance is that for diablo, keystone and dashboard are released - but not offically supported.
21:54:48 <Daviey> Ie, doesn't work OOTB
21:54:58 <vishy> Daviey: that is fine, what are you doing with glance?
21:55:00 <Daviey> Which is why we are using deprecated auth for default install.
21:55:01 <ttx> pvo: if I had *any* visibility on when it will be ready, i could consider a short delay. But I have none
21:55:11 <vishy> Daviey: how do users upload images, using nova-objectstore?
21:55:17 <Daviey> vishy: yes
21:55:25 <pvo> ttx: are any keystone people here that can speak to this?
21:55:37 <vishy> Daviey: so you have a reasonable solution, which is use the ec2 api
21:55:46 <dolphm> pvo: on what issue, exactly
21:55:52 <vishy> Daviey: unfortunately I don't think that solution works for openstack
21:55:55 <westmaas> dolphm said a today or tomorrow for what anotherjesse laid out
21:56:01 <pvo> dolphm: <vishy> Daviey: how do users upload images, using nova-objectstore?
21:56:01 <westmaas> assuming that's all we have
21:56:05 <pvo> er
21:56:08 <pvo> silly scroll
21:56:17 <dolphm> lol
21:56:17 <pvo> dolphm: ttx> pvo: if I had *any* visibility on when it will be ready, i could consider a short delay. But I have none
21:56:26 <Daviey> vishy: ah.
21:56:39 <ttx> vishy: you have a complete cloud with nova + keystone, doesn't mean we need to wait for keystone to release nova, right ?
21:57:12 <vishy> ttx: it all works fine if you are deploying independent chunks
21:57:18 <vishy> ttx: or testing it, etc.
21:57:29 <anotherjesse> so - if we don't think there will be changes to nova/swift/glance
21:57:32 <vishy> ttx: but we have no fully operational production cloud without something like keystone
21:57:35 <anotherjesse> should we release as is
21:57:37 <Daviey> Is it unreasonable for nova to suggest a keystone snapshot, until it is released?
21:57:40 <johnpur> vishy: or have worked around it
21:57:49 <vishy> Daviey: that is what I was proposing
21:57:49 <ttx> vishy: agreed, and wez should definitely have a good keystone released asap
21:57:54 <anotherjesse> and then have a "diablo+" documentation which talks about integration with incubation projects: dash/keystone
21:58:08 <vishy> Daviey: but anotherjesse is pushing to make sure the api is right in the snapshot
21:58:09 <anotherjesse> since it isn't really a step backwards
21:58:15 <vishy> which i agree with
21:58:15 <pvo> anotherjesse: sure, that works.
21:58:22 <vishy> but it might means waiting a few days
21:58:35 <Daviey> vishy: the only problem comes, if nova needs changes for keystone final
21:58:44 <anotherjesse> vishy: we don't have to wait - diablo released without keystone isn't what we want
21:58:48 <anotherjesse> but it isn't worse than cactus
21:58:49 <anotherjesse> :-/
21:58:51 <vishy> Daviey: they will be middleware changes
21:58:54 <ttx> anotherjesse: +1
21:58:56 <Daviey> I can state that Ubuntu will not be upset if nova is delayed BTW.
21:58:57 <vishy> anotherjesse: hilarious
21:59:17 <Daviey> We have a few patches that we need that won't land in time as-is, then we were looking to get into trunk and backporting.
21:59:20 <anotherjesse> I definitely do not want to ship with an auth api that isn't good
21:59:26 <anotherjesse> rather not have auth than auth that we don't want
21:59:33 <ttx> vishy: we still hope that keystone will be released asap
21:59:42 <anotherjesse> what is the cost of a delay to friday?
21:59:55 <anotherjesse> (i'm saying both things I realize - ship now and ship in 3 days)
22:00:00 <ttx> anotherjesse: friday is ok, but I see no reason t othink it would be ready on friday
22:00:20 <ttx> especially since "ready on friday" means released friday morning
22:00:26 <pvo> ttx: doesn't it give time to find the right snapshot?
22:00:27 <medberry> ttx, +1, I've not seen a real blueprint review of what it would take for Keystone to be done.
22:00:29 <anotherjesse> is the diablo+ documentation (where we talk about diablo plus the inclubation projects) a reasonable appraoch?
22:00:39 <dolphm> ttx: i think anotherjesse's short list of issues can certainly be done *well* before friday
22:00:47 <vishy> it seems like we could accomplish the goal of having the api correct
22:00:47 <anotherjesse> pvo - I'm pretty sure that what I posted is good enough
22:01:05 <vishy> we need concurrent changes to all the middlewares
22:01:17 <ttx> ok, we need to make progress. Could all people with an idea sum up their proposal
22:01:21 <anotherjesse> vishy - keysotne would release middleware in that project
22:01:23 <ttx> anotherjesse, vishy
22:01:43 <annegentle> who will write the diablo+ docs?
22:01:45 <pvo> anotherjesse: will re-read when we're done. Had to page out for a sec.
22:02:04 <anotherjesse> release diablo as planned -- then do a seperate preview release of dash/keystone that integrates with diablo asap with the proper auth api
22:02:14 <anotherjesse> diablo as released doesn't have unified auth
22:02:21 <johnpur> and default to deprectaed auth
22:02:39 <SumitNaiksatam> Greetings!
22:02:40 <anotherjesse> the seperate release has updated middleware for each project that it integrates with
22:02:48 <pvo> anotherjesse: hmm. Ok. That works.
22:02:48 <ttx> then Keystone is released and all is great
22:02:51 <edgarmagana> Hi all!
22:02:55 <danwent> sumit:  netstack meeting is delay until nova is finished
22:02:56 <ttx> anotherjesse: that's it ?
22:03:04 <anotherjesse> vishy: thouhts?
22:03:07 <ttx> sorry about that -- but this is pretty critical
22:03:12 <vishy> anotherjesse: do we pull out the existing middleware?
22:03:16 <danwent> ttx: no worries, this is very important.
22:03:31 <anotherjesse> vishy: I think it might be good to remove - or at least put a header in the file saying experimental?
22:03:45 <vishy> ok
22:03:47 <westmaas> the keystone release is going to include the new middleware right
22:03:49 <ttx> vishy: your counter-proposal is ? if any ?
22:03:52 <westmaas> seems like it should just come out
22:03:56 <dolphm> anotherjesse: that would be a very fair statement
22:03:58 <anotherjesse> vishy: yes
22:04:05 <vishy> I'm ok with that.
22:04:12 <ttx> that's what makes sense from a "core" projects pure definition
22:04:17 <vishy> I just really don't like the story that it tells
22:04:22 <anotherjesse> I know
22:04:31 <vishy> but I guess that is my medicine to take
22:04:34 <anotherjesse> not a step back - no one realized it was broken yet ;(
22:04:45 <ttx> any other plan sounds a bit open ended
22:05:02 <vishy> any other opinions on the default auth? Deprecated auth or no auth?
22:05:21 <jaypipes> what about documentation? Specifically about this diablo+ release. annegentle?
22:05:32 <annegentle> ^ yes what jaypipes said
22:05:32 <uvirtbot> annegentle: Error: "yes" is not a valid command.
22:05:36 <ttx> deprecatedauth makes more sense from an update perspective.. but noauth has been default now forever
22:05:38 <anotherjesse> annegentle: yes
22:05:52 <ttx> so any will do
22:05:54 <anotherjesse> annegentle: we will help
22:06:09 <vishy> ttx: yes I'm a little concerned about reverting the changes, but i think i could swing it if it is really important
22:06:15 <annegentle> anotherjesse: okay. I'd prefer generally the incubated project puts doc resources in.
22:06:33 <vishy> i think if we put in the release notes about how to configure each it is probably fine
22:06:39 <ttx> vishy: no, I'd keep noauth and explain in releasenotes
22:06:44 <johnpur> vishy: agree
22:06:59 <vishy> ok, so I will propose a merge removing the keystone middlewares
22:07:01 <ttx> not something we should change on day-1
22:07:07 <ttx> (the default)
22:07:30 <vishy> who can take proposing them into keystone?
22:07:43 <vishy> and I assume all of the other middlewares are still in keystone?
22:07:58 <dolphm> vishy: I can +2 for openstack/keystone, if that's what you're referring to
22:08:13 <ttx> notmyname, jaypipes ^
22:08:15 <vishy> dolphm: I was actually looking for someone else to do the proposal
22:08:23 <vishy> anotherjesse: can you or sleepsonthefloor do that part?
22:08:29 <dolphm> vishy: i guess i'm lost
22:08:47 <anotherjesse> vishy: ya - we will tag on that today
22:08:59 <vishy> dolphm: I need to sleep :at some point
22:09:03 <anotherjesse> dolphm: we'll catch you up
22:09:06 <anotherjesse> :)
22:09:18 <jaypipes> ttx: yes, glance and swift middleware is in keystone already.
22:09:23 <dolphm> appreciated :)
22:09:25 <ttx> ok, can we wrap up ?
22:09:35 <ttx> or are there still hard feelings ?
22:09:46 <ttx> a release without a last-minute crisis is not a release.
22:09:49 <jaypipes> ttx: and actually, Nova's is too apparently... https://github.com/openstack/keystone/tree/master/keystone/middleware
22:10:10 <ttx> is the plan clear to everyone ?
22:10:17 <vishy> jaypipes: that was the old one
22:10:28 <vladimir3p> ttx: can you pls summarize it
22:10:31 <ttx> anotherjesse: can you take the lead on moving middleware back to keystone ?
22:10:34 <vishy> jaypipes: the "shim" version
22:10:35 <jaypipes> vishy: k
22:10:36 <anotherjesse> ttx: yes
22:10:48 <anotherjesse> vishy: not sure if shim will change
22:10:51 <ttx> because it's getting late around here
22:10:53 <anotherjesse> vishy: but will anyway
22:12:31 <annegentle> I wanted to say thanks to all who participated in the Doc Blitz. Over 100 comments on the http://docs.openstack.org/docblitz pages, wow. In the afternoon session we had a comment a minute rate.
22:12:42 <ttx> vladimir3p: do not ship keystone middleware in nova since keystoe is still evolving by release time
22:12:42 <ttx> ok, I'll skip the last topic
22:12:43 <ttx> #action ttx to turn his propose session rant into an email
22:12:44 <ttx> #topic Open discussion
22:12:44 <ttx> anything else ?
22:13:08 * ttx 's network dropped for a second
22:13:38 <ttx> vishy: are we ok ?
22:14:30 <ttx> anyone hears me ?
22:14:40 <jk0> yep
22:14:41 <medberry> yes
22:14:42 * Vek stopped paying attention a half-hour ago
22:14:42 <johnpur> ttx: yes
22:14:47 <ttx> ok :)
22:14:48 <ttx> #endmeeting