18:03:54 <zns> #startmeeting Keystone Team Meeting 18:03:55 <openstack> Meeting started Tue Jan 24 18:03:54 2012 UTC. The chair is zns. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:03:56 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic. 18:04:15 <zns> Hi there! Anyone else here for Keystone? 18:04:36 <ayoung> yes 18:05:22 <zns> Quick Update on status: https://launchpad.net/keystone/+milestone/essex-3 18:06:03 <zns> We're tracking well to completing these items today. We'll be ready to bask under the sunlight of ttx's microscope in a few hours. 18:06:30 <zns> Anything you had on your mind, specifically, ayoung? Looks like you're the only one here... 18:06:44 <ayoung> zns, what is the relationship between the Essex release and the Eventlet upstream? 18:07:18 <ayoung> There is a patch for IPv6 which I'm looking at, but that doesn't seem to have generated much interest other than me.\ 18:07:37 <ayoung> If it goes in, it fixes: https://bugs.launchpad.net/bugs/856887 18:07:38 <uvirtbot> Launchpad bug 856887 in keystone "Keystone cannot listen on IPv6" [Medium,In progress] 18:08:05 <zns> IPv6 support is listed as a bug. I think we can add it without breaking or altering existing functionality or configs. So I would vote for including it in Essex as long as it lands before E5 (my vote/guess). 18:08:51 <ayoung> I'm guessing that even if it got checked in right now, there is still a delay in closing it. Is it gated on getting an updated Eventlet in Ubuntu, or is just having it upstream sufficient? 18:08:56 <zns> By 'lands' I mean in a released version of eventlt. Other alternatives would be code we can include in OpenStack projects that patches eventlet. 18:09:53 <ayoung> can we ship a customer version of eventlet? 18:10:01 <zns> I don't know. I wouldn't want to hold back other distros if Ubuntu was the only one not supporting it. 18:10:37 <zns> That sounds like a packaging question. Maybe ask ttx later? Or the team in openstack-dev? 18:10:43 <ayoung> OK. 18:11:18 <zns> Do you think it is something that can be patched at runtime or is it deep in the eventlet code? 18:12:20 <ayoung> zns, it is already monkey patched once. It would make more sense to ship a patched eventlet, and let the monkey patching happen as per normal 18:12:32 <zns> OK. 18:12:44 <zns> Anything else? Anyone else? 18:13:05 <ayoung> zns, I took a quick look at alternative auth methods 18:13:08 <zns> if not, I think we can go back to getting E3 done! 18:13:24 <zns> alternatives like? oauth? basic? 18:13:38 <ayoung> Again, this is an eventlet issue: I am not sure exactly what it supports, but I think it is safe to say the Negotiate and Client certs are not supported 18:13:56 <ayoung> Basic auth is (I am fairly sure) supported by Eventlet 18:14:02 <ayoung> and there is one ticket... 18:14:19 <zns> Same applies to httplib… would be nice if we could plug in our protocol. 18:14:26 <ayoung> https://bugs.launchpad.net/keystone/+bug/773804 18:14:27 <uvirtbot> Launchpad bug 773804 in keystone "Feature: basic auth" [Wishlist,New] 18:15:10 <ayoung> I am not on the hook for anyting other than the IPv6...was wondering what else is high enough priority that I should be looking at it. 18:15:46 <ayoung> this is the only one that has no one assigned https://bugs.launchpad.net/keystone/+bug/843066 18:15:47 <uvirtbot> Launchpad bug 843066 in keystone "Unable to auth against nova with keystone enabled novaclient ..." [High,Fix committed] 18:16:08 <ayoung> that is high priority 18:16:52 <ayoung> there are 3 other of medium or lower: 18:16:57 <zns> From my perspective RBAC is big, but that's probably a big conversation to have in Folsom. Until then, I think we'll all be focusing on stability. So getting bugs closed, improving logging, adding diagnostics, etc... 18:17:11 <ayoung> https://bugs.launchpad.net/bugs/885750 18:17:13 <uvirtbot> Launchpad bug 885750 in keystone "Support CRUD calls for ec2credentials as per contract." [Medium,Confirmed] 18:17:21 <ayoung> https://bugs.launchpad.net/bugs/919397 18:17:22 <uvirtbot> Launchpad bug 919397 in keystone "Tests in MiddlewareTestCase not being executed" [Medium,Confirmed] 18:17:42 <ayoung> those are moth medium. 18:17:48 <ayoung> Undecided: https://bugs.launchpad.net/bugs/904526 18:17:49 <uvirtbot> Launchpad bug 904526 in keystone "ec2tokens passes AWS Access Key ID twice" [Undecided,Confirmed] 18:17:58 <zns> If you can get some of that done before ttx cuts the release that would SUPER. I think anotherjesse put in some code to keystoneclient for that. 18:18:19 <ayoung> zns the nova ticket? 18:19:09 <zns> I think it was here: https://review.openstack.org/#change,3089 18:20:07 <ayoung> zns, also can you confirm the IPv6 fix? I suspect that more voices speaking up the better, and faster into upstream 18:20:30 <ayoung> The patch was posted to the Eventlet DL, I can forward if needs be. 18:20:42 <ayoung> But the repo is https://bitbucket.org/flub/eventlet-ipv6/ 18:21:01 <zns> ayoung: sure, I have the link. Will do later this week. 18:21:23 <zns> Another thing we need to do is make sure ec2 calls also follow the correct spec: 18:21:28 <zns> { 18:21:28 <zns> "auth": { 18:21:28 <zns> "OS-KSEC2:ec2Credentials": { 18:21:28 <zns> "username": "test_user", 18:21:28 <zns> "secret": "aaaaa", 18:21:29 <zns> "signature": "bbb" 18:21:29 <zns> }, 18:21:30 <zns> "tenantId": "77654" 18:21:30 <zns> } 18:21:31 <zns> } 18:21:53 <zns> I think there are different clients making different calls. 18:21:58 <ayoung> zns does that fall under 885750? 18:22:41 <ayoung> If so, I can take that one 18:23:33 <zns> Not quite. I think it is spread about. There are three or four ec2 bugs. 18:24:04 <ayoung> WHat is the scope of 885750? It is't clear from the report 18:24:36 <zns> 843058, 869778, 904526, ... 18:25:18 <gyee> you guys see any performance issues with ec2 signature validation? two round trips to the backend 18:25:19 <ayoung> https://bugs.launchpad.net/keystone/+bug/843058 says "fix commited" 18:25:20 <uvirtbot> Launchpad bug 843058 in keystone "EC2 compatibility middleware" [High,Fix committed] 18:25:44 <zns> 885750's scope was to implement the REST APIs to allow the management of EC2 credentials; and as part of that write a client to test (preferable python-keystoneclient) 18:26:08 <ayoung> zns, I can take https://bugs.launchpad.net/keystone/+bug/869778 18:26:09 <uvirtbot> Launchpad bug 869778 in keystone "2 bugs in ec2_token.py" [Undecided,New] 18:27:34 <zns> Cool. Akira also just posted some S3 code which I merged in last night. I'm about to submit another fix to EC2 so the server listens for the right contract as I posted above. 18:28:09 <ayoung> zns do you think that fixes 869778 or is just something I should be aware of? 18:29:38 <zns> Just to be aware of it. He copied the EC2 code to make the S3 code, so he may have included code that works in S3 that you can reference. Just FYI 18:30:07 <ayoung> zns, OK I'll grab that ticket. Any others? 18:31:00 <zns> 904526 would be great. 18:31:34 <ayoung> OK. I'll see what I can do. 18:33:39 <zns> ayoung: thanks 18:33:44 <zns> #endmeeting