15:00:00 <EmilienM> #startmeeting puppet-openstack 15:00:01 <openstack> Meeting started Tue Oct 13 15:00:00 2015 UTC and is due to finish in 60 minutes. The chair is EmilienM. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:04 <openstack> The meeting name has been set to 'puppet_openstack' 15:00:07 <sbadia> hello 15:00:08 <EmilienM> hello 15:00:09 <mwhahaha> hi 15:00:15 <iberezovskiy> hi 15:00:19 <skolekonov> hi 15:00:22 <iurygregory> hello =D 15:00:24 <aglarendil> hi 15:00:25 <mkarpin> hi 15:00:28 <aderyugin> hi 15:00:33 <mfisch> hey 15:00:33 <degorenko> hey o/ 15:00:46 <_ody> o. 15:00:52 <_ody> o/ 15:00:53 <clayton> o/ 15:01:06 <EmilienM> #topic Review past action items 15:01:14 <EmilienM> sbadia and jasondotstar signed up to help with kilo release (done, we're synced) 15:01:18 <spredzy> o/ 15:01:22 <EmilienM> continue globals topic on mailing list 15:01:36 <EmilienM> mwhahaha: ^ did you continue the discussion ? 15:01:49 <jasondotstar> o/ 15:01:58 <yottatsa> hi 15:02:01 <mwhahaha> no i don't think so 15:02:15 <EmilienM> mwhahaha: do you think we need to postpone it? 15:02:33 <iberezovskiy> looks like topic has stalled 15:02:50 <mwhahaha> i think there was an updated review, but i haven't had time to look at it. 15:03:02 <EmilienM> same here 15:03:10 <richm> hello 15:03:18 <mwhahaha> let's review it next week 15:03:22 <mwhahaha> i'll spend some time today to look at it 15:03:27 <vinsh> o/ 15:03:38 <EmilienM> #action continue "global topic" on ML 15:03:42 <EmilienM> reviewers review 226862 and 229548 (not done by core reviewers, needs to be postpone) 15:03:44 <EmilienM> #action reviewers review 226862 and 229548 15:03:54 <EmilienM> aglarendil to bring up openstackclient vs aviator on mailing list (done) 15:03:56 <EmilienM> #link osclient vs aviator new thread http://permalink.gmane.org/gmane.comp.cloud.openstack.devel/66423 15:04:12 <EmilienM> let's start the agenda 15:04:27 <EmilienM> #topic puppet-keystone non backward compatible change 15:04:33 <EmilienM> #link https://review.openstack.org/#/c/226624/ 15:04:38 <EmilienM> mfisch, richm: hey 15:04:41 <mfisch> hey 15:04:46 <EmilienM> today I would like to find a consensus 15:05:22 <EmilienM> we really need to go ahead about that patch, because it's blocking many others, that block our future 7.0.0 release 15:05:52 <EmilienM> afik, until now, only mfisch disagreed on this change 15:06:06 <mfisch> I'm willing to go change our code to support the domain stuff 15:06:14 <mfisch> but I'm annoyed that this was done by fiat 15:06:27 <mfisch> I guess we can close the topic since I'm the only one who objected 15:07:01 <EmilienM> mfisch: we are aware this is annoying though 15:07:43 <EmilienM> richm: what would be the alternative? 15:08:09 <richm> leaving in the existing code, which no one wants to maintain 15:08:15 <EmilienM> also, I would like to note that we're breaking backward compatibility only when a domain is not specified and the resources is unique among all domains 15:08:24 <EmilienM> richm: fair enough 15:08:42 <EmilienM> I'll let our team to vote in Gerrit for https://review.openstack.org/#/c/226624/ 15:08:47 <richm> right - we are breaking backward compatibility only in a special case 15:09:25 <EmilienM> mfisch, richm: anything else we need to discuss about that? 15:09:33 <mfisch> I dont think so 15:09:36 <richm> nack 15:09:38 <EmilienM> great 15:09:42 <mfisch> as soon as we merge up to master I'll add domains to everything 15:09:48 <mfisch> can't stop V3 forever I guess 15:09:57 <EmilienM> #topic Tokyo topics grooming 15:10:04 <EmilienM> #link https://etherpad.openstack.org/p/HND-puppet 15:10:31 <EmilienM> I created a "tag" for each topic, so we can try to organize the sessions by tags 15:10:47 * _ody totally just added another because he got annoyed trying to review changes again last night 15:10:49 <EmilienM> for eath topic, there is an abstract, a leader and votes 15:11:47 <EmilienM> note: the "votes" is here to get statistics about topics attraction 15:11:59 <EmilienM> we have a few slots, we need to be effective I guess 15:12:44 <clayton> maybe we should have a time goal for some of these? For example, the one I proposed I can't see taking very long. I suspect some of the others would be much longer 15:12:44 <EmilienM> #action the group to look at https://etherpad.openstack.org/p/HND-puppet and vote for topics 15:12:46 <mfisch> You'll need to use some judgement too 15:13:01 <EmilienM> clayton: good idea 15:13:06 <mfisch> more cores/faster reviews should be a major topic 15:13:26 <mfisch> my healthcheck one is also 15 min 15:13:27 <EmilienM> mfisch: yes, it's a community thing 15:13:48 <EmilienM> mfisch: so we need to estimate timing for each topic 15:14:03 <clayton> I think estimates and time limits are different things 15:14:22 <mfisch> time limit is to prevent people from arguing about it for 3 hours 15:14:34 <clayton> I'd estimate 5 minutes for mine, but to guarantee to move on after 15 15:14:36 <EmilienM> right, but before time limiting, we need to know the estimates, isn't? 15:14:58 <EmilienM> ok, so maybe we can ask people to set both 15:15:06 <clayton> I put both on mine, others can do the same if they like 15:15:16 <EmilienM> #action tokyo topics leaders to add "estimate" and "limit" timing 15:15:20 <EmilienM> clayton: awesome 15:15:24 <clayton> the concept I want to discuss is pretty simple, I suspect people will either think it's a good idea, or want to move on 15:15:51 <EmilienM> ok, so I'll let a few more days to let our team work on the etherpad 15:15:59 <spredzy> We can probably reserve one of the slot for a bucket of topics to talk 15:16:03 <EmilienM> and I think by the next week we can come up with an agenda 15:16:25 <EmilienM> spredzy: ? 15:16:38 <EmilienM> spredzy: a bucket of topics that are not in etherpad? 15:16:49 <spredzy> what I mean is I see 5 slot of 40min 15:17:06 <spredzy> let's keep one of those slot where we could prob. address several of the topics listed 15:17:08 <mfisch> lots of those topics can be 2 per slot 15:17:12 <mfisch> or 3 15:17:24 <spredzy> not a 1:1 mapping 15:17:29 <EmilienM> spredzy: of course not 15:17:30 <mfisch> my topic and clayton's can share a slot for sure 15:17:44 <EmilienM> spredzy: a slot will contain different topics, that's why we're talking about timing here 15:18:07 <spredzy> EmilienM, ack. Sounds good to me. 15:18:09 <EmilienM> anything else about summit? (please have a look this week) 15:18:58 <EmilienM> great, let's continue the work on etherpad and we will define our agenda next week or so 15:19:11 <EmilienM> #topic puppet-murano: murano module in liberty 15:19:15 <EmilienM> aderyugin: yo 15:19:17 <aderyugin> Hi! There was a thread in ML that murano module may not be released in liberty. So i'd like to know, what should be done to have a murano module in liberty. 15:19:25 * mfisch perks up too 15:19:26 <aderyugin> I've added some acceptance tests https://review.openstack.org/#/c/233591/, but I don't know how to enable acceptance job for murano module. 15:19:29 <EmilienM> is it beaker-tested? 15:19:39 <mfisch> not yet I dont think 15:19:44 <EmilienM> aderyugin: you need to patch openstack-infra/project-config 15:19:56 <EmilienM> aderyugin: from where do you install packages? 15:20:00 <EmilienM> to install murano? 15:20:21 <mfisch> I poked Canonical and they're in UCA now 15:20:25 <EmilienM> wow 15:20:27 <mfisch> as of Monday 15:20:36 <EmilienM> is it in RDO? 15:20:42 <mfisch> I think so 15:21:01 <EmilienM> no: http://trunk.rdoproject.org/f21/current/ 15:21:11 <EmilienM> I'll poke RDO folks 15:21:15 <angdraug> https://trello.com/c/we5K0deF/60-add-murano-and-ec2-api-in-rdo 15:21:23 <angdraug> marked as blocked, asking for volunteers 15:21:42 <EmilienM> oh nice 15:21:55 <EmilienM> angdraug: not a blocker for us 15:22:00 <mfisch> I think aderyugin needs help with acceptance based on what he said above 15:22:00 <EmilienM> if we test at least on UCA, that's okay 15:22:19 <EmilienM> mfisch: he needs to patch infra 15:22:26 <EmilienM> aderyugin: I can help with that 15:22:42 <angdraug> thanks! 15:22:43 <aderyugin> EmilienM: it will be great 15:22:43 <EmilienM> #action EmilienM & aderyugin patch infra to enable beaker jobs on murano module 15:22:50 <degorenko> i think we can also find volunteers for package building 15:23:16 <EmilienM> anything else about murano? 15:23:18 <mfisch> I started playing with Murano last night and also have a few comments if we have time 15:23:31 <mfisch> mainly, the parameter names don't match what we use in other modules 15:23:32 <EmilienM> we do have time 15:23:35 <mfisch> especially all the rabbit stuff 15:23:42 <EmilienM> that's a big deal 15:23:46 <mfisch> since nobody is really using this module yet I'd like to get it fixed 15:23:51 <EmilienM> +1 15:23:55 <mfisch> but maybe fuel is using it? 15:24:11 <mwhahaha> yes we use it 15:24:22 <mfisch> for example: "rabbit_os_user", "rabbit_own_host" etc 15:24:30 <EmilienM> that's not compliant 15:24:39 <mfisch> mwhahaha: how much of an issue is it to change these to match everything else? 15:24:40 <_ody> parameters need to match. 15:24:46 <EmilienM> aderyugin: can you make sure the module is using the right param names? 15:24:49 <mwhahaha> it operates differently 15:25:01 <mwhahaha> supporting two rabbitmq instances 15:25:04 <mfisch> yeah that 15:25:07 <mwhahaha> one for openstack and one for murano 15:25:09 <aglarendil> yep, we need to make it compliant 15:25:27 <mfisch> lets just look and see what can be improved and made compliant 15:25:31 <mfisch> there are some special things in here for sure 15:25:33 <mwhahaha> we can fix variable names, that's not too bad but we need to figure out how to fix it correctly 15:25:37 <aderyugin> EmilienM: parameters names can be changed, and it will not cause dificulties 15:25:51 <mfisch> thanks aderyugin I also sent you a few small patches yesterday 15:26:00 <angdraug> agreed, as long as we keep the ability to have a dedicated rabbitmq instance for murano 15:26:04 <mfisch> I will be using it over the next few weeks when I have time and may have some more fixes 15:26:31 <EmilienM> #action aderyugin to make sure puppet-murano has compliant parameters 15:26:45 <EmilienM> mfisch: thanks for having looked at it 15:27:04 <EmilienM> anything else about murano? last call 15:27:14 <mfisch> im done 15:27:28 <EmilienM> #topic nova_admin_* options deprecation in Neutron 15:27:33 <EmilienM> skolekonov: hola 15:27:36 <skolekonov> So currently we have nova_admin_* options in neutron.conf. They are deprecated since Kilo, so I propose to replace them. 15:27:41 <skolekonov> The only problem is that we will have to use Keystone auth plugins, which differ from each other. So I propose not to just replace deprecated options 15:27:48 <skolekonov> but let a user pass a hash with all parameters and use a provider to set them in a configuration file. 15:27:54 <skolekonov> What do you think? 15:28:12 <EmilienM> hum, we don't do that anywhere else 15:28:24 <skolekonov> It will probably let us to avoid adding a bunch of new parameters which will not cover all possible auth plugins. 15:28:50 <skolekonov> Something a bit similar was in Heat https://github.com/openstack/puppet-heat/blob/0e850373a8196b06e4387abb5f2fe81727dce1fb/lib/puppet/provider/heat_domain_id_setter/ruby.rb#L183 15:28:51 <EmilienM> skolekonov: where go the parameters now? in a keystone authtoken section or? 15:29:35 <skolekonov> They are in DEFAULT if I'm not mistaken 15:29:40 <EmilienM> https://github.com/openstack/puppet-neutron/blob/master/lib/puppet/provider/nova_admin_tenant_id_setter/ini_setting.rb#L191 15:29:59 <EmilienM> why not just updating the section, 15:30:16 <EmilienM> does the parameter name also change? 15:30:48 <skolekonov> Yes, they've changed and also we can't cover all possible combinations of them 15:31:05 <EmilienM> skolekonov: do you have some doc about it? 15:31:08 <skolekonov> We can just switch to the 'password' plugin, but it's not universal I guess 15:31:37 <skolekonov> For example here http://docs.openstack.org/developer/python-keystoneclient/authentication-plugins.html 15:31:56 <skolekonov> It's possible to create a custom plugin 15:32:20 <EmilienM> oh I see, ok 15:33:19 <EmilienM> the password looks fine, isn't? 15:33:37 <skolekonov> Yep. Should we support others? 15:33:43 <EmilienM> richm: do you have thoughts? 15:34:04 <EmilienM> skolekonov: I think one should be fine 15:34:39 <skolekonov> EmilienM, ok, than we can just switch to it 15:35:01 <EmilienM> skolekonov: yes but I don't like the hash thing, it's a bit overkill, isn't? 15:35:06 <aglarendil> skolekonov: EmilienM: why should we disregard token authentication here ? 15:35:27 <EmilienM> it would be great to keep our interface backward compatible 15:35:44 <richm> looking 15:35:46 <EmilienM> if possible, keep the same parameters, and puppet-neutron would deal itself to configure the right section 15:35:57 <skolekonov> aglarendil, we don't support it now, do we? 15:36:23 <aglarendil> skolekonov: but if we want to remove those deprecated options - it is better to support both password and token types, I think 15:36:35 <aglarendil> some people will still have only v2 keystone functioning for a while 15:36:45 <aglarendil> and password seems to work only v3 according to this link 15:36:58 <skolekonov> aglarendil, no, it should work 15:37:10 <skolekonov> and of course we will keep compatibility 15:37:22 <richm> can nova use keystone_authtoken section, and keystone authtokenmiddleware? 15:37:33 <EmilienM> richm: we're talking about neutron-server 15:37:51 <EmilienM> (neutron.conf) 15:37:53 <richm> EmilienM: ok, sorry 15:37:58 <richm> same question applies 15:38:06 <richm> s/nova/neutron/ 15:38:38 <richm> and yes, v2 password auth is still supported for at least another release, afaik, but the keystone guys can confirm that 15:39:09 <lazy_prince> jroll: regarding the ci for network-provider, you wanted to check the possibility of testing network flip using two networks... Would that not be a problem when the VM is connected to the bridge and two networks will be serving ip address to the vm..? 15:39:11 <skolekonov> This is how it works now (this section is only for interacting between neutron and nova). Other auth way will require some changes in Neutron, I guess 15:39:44 <EmilienM> lazy_prince: wrong chan I guess :) 15:39:54 <aglarendil> skolekonov: richm I think we will need to implement some better way than password auth. This is like an important part of inter-service communication in OpenStack 15:39:55 <lazy_prince> just realized.. 15:40:33 <skolekonov> aglarendil, we can support v2/v3 auth and token without using things like hashes with parameters 15:40:45 <skolekonov> not too many new parameters I think 15:41:03 <richm> aglarendil: skolekonov: How is this different than the problem which [keystone_authtoken] and keystonemiddleware solves? 15:41:15 <EmilienM> skolekonov: you can come up with a proposal (code or blueprint) (if code, don't write tests) so we can see which solution would be better 15:41:40 <skolekonov> EmilienM, yes, I'm going to propose a patch 15:41:45 <EmilienM> richm: I think that's 2 different things 15:42:18 <skolekonov> Just wanted to clarify the first steps 15:42:25 <EmilienM> richm: keystone_authtoken is used by neutron to identify against keystone and manage network resources, while we need an auth to connect with nova 15:42:46 <EmilienM> but I'm prob wrong 15:42:59 <richm> keystone_authtoken is used to authenticate to Keystone and get a token to use with other OpenStack services 15:43:11 <richm> afaik 15:43:22 <richm> but again, we can get someone from Keystone to answer questions 15:43:58 <richm> that is, nova doesn't have a username/password database of its own that it uses to authenticate uses separately from Keystone 15:43:58 <EmilienM> skolekonov: can you run the discussion on the ML 15:44:12 <EmilienM> with [keystone] [puppet] [neutron] tags 15:44:13 <skolekonov> EmilienM, I will 15:44:16 <EmilienM> thank you 15:44:21 <skolekonov> np 15:44:30 <EmilienM> #action skolekonov to continue nova_admin_* options deprecation topic on ML 15:44:45 <EmilienM> #topic Open Discussion, Bug and Review triage 15:44:58 <EmilienM> I would like to talk about the ruby library 15:45:24 <EmilienM> while I see a lot of advantages of using a ruby library, I'm still concerned by who is going to make it 15:46:08 <EmilienM> as a long term solution, I would like to see first a real ruby library that would be usable by anyone (not only us) 15:46:17 <aglarendil> EmilienM: we have a set of guys working at Mirantis here who are intersted in it 15:46:25 <degorenko> i've already prepared patches for nova with new auth based on Openstacklib and client, i can also help with this activity 15:46:43 <EmilienM> so if someone wants to work on a ruby SDK for openstack go ahead, but it will have to be in OpenStack, documented, tested, etc 15:46:46 <richm> can we also have a complete oslo.config implementation in ruby so we can get rid of the "hacky" inifile? 15:47:02 <aglarendil> EmilienM: not a problem - we have big contribution into OpenStack anyway 15:47:06 <EmilienM> richm: what is the problem with inifile? 15:47:26 <richm> it doesn't handle some of the weird cases that oslo.config supports 15:47:37 <aglarendil> richm: which use cases? 15:47:38 <richm> so you end up having to hack around 15:47:40 <EmilienM> it's very brave to think we're going to support a ruby SDK and follow openstack features 15:47:46 <richm> e.g. you have to strip() values 15:47:48 <EmilienM> all API changes, etc 15:47:58 <aglarendil> EmilienM: we can have this client lagging a bit, but we can provide users with choice 15:48:08 <aglarendil> 1) OpenStackClient which is slower 15:48:14 <richm> I think there were some problems with sections with special characters in them e.g. [foo:bar] 15:48:16 <aglarendil> 2) Ruby library with less features but faster 15:48:32 <aglarendil> richm: oh, you are talking about multiparams 15:48:37 <richm> yes 15:48:38 <chem> EmilienM: true values 15:49:06 <richm> maybe it would be easier to just call python directly from ruby . . . 15:49:07 <chem> EmilienM: there are a lot broader in the oslo.config (y, n, 1, 0, ...) 15:49:09 <EmilienM> openstack is hard to catch-up, and now we're going to write a new library? go ahead if you like, but good luck 15:49:12 <chem> EmilienM: for instance 15:49:34 <aglarendil> folks, can we bring up oslo.config vs inifile in ML ? 15:49:42 <aglarendil> please? 15:49:46 <EmilienM> ++ 15:49:48 <aglarendil> we are mixing the discussion 15:49:51 <richm> +1 15:49:58 <clayton> EmilienM: it doesn't support the syntax needed for neutron service providers 15:49:58 <chem> ok, I can do this 15:50:15 <EmilienM> #action chem to run ML thread about oslo.config vs inifile 15:50:33 <aglarendil> so, for ruby library - I propose we come up with library and provide users with a choice 15:50:39 <aglarendil> and let the best man win 15:51:07 <EmilienM> I'm not sure I understand the expression but anyway 15:51:14 <richm> IMO the biggest problem with openstackclient is that the distros lag so far behind 15:51:21 <aglarendil> I mean let people decide which one they love the best 15:51:23 <richm> will this new ruby library have the same problem? 15:51:42 <mfisch> how would it get deployed? 15:51:46 <EmilienM> richm: I -1 your statement 15:51:52 <aglarendil> richm: it depends on who well the package with this library is maintained 15:52:11 <EmilienM> because we are developping liberty now, and osclient is up to date AFIK 15:52:34 <EmilienM> the valid statement would be: we can't backport some patches because of osclient lag 15:52:42 <EmilienM> but we could have the same issue with the library 15:52:56 <EmilienM> we will have to bump up the library in our stable branches 15:53:07 <EmilienM> which will increase the need of backward compatibility code between API changes 15:53:12 <mfisch> how does the library get pulled in? its not packaged right? 15:53:14 <mfisch> gem? 15:53:18 <richm> EmilienM: ok - but who knows what weird problem we will run into with trying to implement federation that can only be solved by another osc update . . . 15:53:22 <EmilienM> I think it would be a gem 15:54:02 <aglarendil> EmilienM: could you please come up with these points in the ML? It is easier to read such long arguments in one place 15:54:10 <mfisch> +1 15:54:12 <EmilienM> sure 15:54:21 <EmilienM> I saw you guys took time to write during the meeting, I could not 15:54:27 <EmilienM> I'll write my thoughts today 15:54:32 <mfisch> is Vladimir here? 15:54:35 <crinkle> the way we were doing it with aviator was the whole gem was vendored into its own module 15:54:46 <aglarendil> Vladimir is me, btw 15:54:52 <crinkle> we can't depend on a gem, for the same reason we can't depend on pip libraries 15:55:24 <aglarendil> crinkle: there are good ways of continuous delivery of ruby gem packages 15:55:27 <aglarendil> as well as pip libraries 15:55:59 <EmilienM> crinkle: why can't we? 15:56:09 <angdraug> why can't we package it? 15:56:28 <aglarendil> Folks, could I bring up another theme on openstacklib exception handling? 15:56:32 <crinkle> EmilienM: you would be fine with depending on pip libraries? then why are we trying to use the openstackclient distro packages? 15:56:51 <richm> I think using gems is a non-starter for RDO, for example 15:56:52 <EmilienM> aglarendil: it was not on the agenda, and meeting is almost done.. but go ahead.. 15:57:15 <aglarendil> I wrinte an email, please look into it - it has spent several days without an answer 15:57:21 <EmilienM> crinkle: no I would not be fine using pip libraries 15:57:33 <aglarendil> #link http://permalink.gmane.org/gmane.comp.cloud.openstack.devel/65977 15:57:34 <crinkle> EmilienM: gems are the same thing 15:57:58 <EmilienM> richm: such a change would indeed require some packaging work for RDO 15:58:15 <aglarendil> crinkle: could you please follow up this issue into ML ? I will provide my thoughts on it in response 15:58:25 <crinkle> aglarendil: sure 15:59:23 <EmilienM> #action the group to take care of openstacklib exception handling http://permalink.gmane.org/gmane.comp.cloud.openstack.devel/65977 15:59:34 <EmilienM> thanks everyone, a lot of topics today 15:59:49 <EmilienM> #endmeeting