18:00:13 <SergeyLukjanov> #startmeeting sahara
18:00:14 <openstack> Meeting started Thu Jan  8 18:00:13 2015 UTC and is due to finish in 60 minutes.  The chair is SergeyLukjanov. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:17 <openstack> The meeting name has been set to 'sahara'
18:00:26 <huichun> hello
18:00:39 <SergeyLukjanov> I'm on vacation / holidays, so partially available ;)
18:00:41 <SergeyLukjanov> #help
18:01:02 <SergeyLukjanov> #chair elmiko
18:01:02 <openstack> Current chairs: SergeyLukjanov elmiko
18:01:14 <SergeyLukjanov> #link http://wiki.openstack.org/wiki/Meetings/SaharaAgenda
18:01:20 <elmiko> we appreciate your dedication =)
18:02:08 <elmiko> #topic horizon status
18:02:11 <crobertsrh> Still some reviews lingering in horizon (usual status).
18:02:33 <crobertsrh> I've put some thought and some trial code into a "wizard".
18:02:36 <SergeyLukjanov> crobertsrh, yeah
18:02:47 <SergeyLukjanov> crobertsrh, and how is it going?
18:02:49 <tosky> hi
18:02:50 <crobertsrh> I will be meeting with a couple UX people tomorrow.  Hopefully, they will be able to give some guidance.
18:03:03 <SergeyLukjanov> crobertsrh, do we need completely custom code or could reuse some horizon stuff?
18:03:14 <crobertsrh> Not great so far really.  I've decided to scrap my original approach.....on to new ideas now :)
18:03:28 <crobertsrh> My new idea will hopefully allow us to reuse a lot of what we have.
18:03:43 <SergeyLukjanov> okay
18:03:50 <SergeyLukjanov> anything else re horizon?
18:03:51 <crobertsrh> At least, if we do refactor some of what we have, it will be used both in and outside of wizard
18:04:04 <crobertsrh> Of course, UX people may have other better ideas.
18:04:07 <SergeyLukjanov> crobertsrh, ack, it'll be great
18:04:11 <crobertsrh> Nothing else I can think of.
18:04:22 <SergeyLukjanov> #topic News / updates
18:04:25 <SergeyLukjanov> folks, please
18:04:42 <SergeyLukjanov> (ru holidays are Jan 1-11)
18:04:43 <crobertsrh> Specs for "default templates" and "edit templates" have been merged.
18:05:05 <elmiko> i've been continuing work on the security doc, and researching some options in terms of using barbican. also working on a few bugs and many reviews.
18:05:09 <elmiko> #link https://etherpad.openstack.org/p/sahara-security-guide-notes
18:05:12 <weiting> Cloudera confirm they can hold the cdh image on their website with a EULA.
18:05:13 <SergeyLukjanov> crobertsrh, I hope to propose ACL spec next week
18:05:24 <elmiko> i could use any opinions/adivce/suggestions/criticisms on that etherpad please
18:05:30 <crobertsrh> Great!
18:05:38 <SergeyLukjanov> weiting, so, it means that automation will not work?
18:05:45 <crobertsrh> ack elmiko:  I've been meaning to look at that.
18:06:29 <huichun> current focus on adding more integration test case on CDH plugin https://blueprints.launchpad.net/sahara/+spec/add-more-cdh-integration-tests
18:06:42 <weiting> What do you mean "automation"?
18:07:46 <elmiko> weiting: i think he means automating the download of the image would not be possible with the EULA
18:08:23 <SergeyLukjanov> weiting, wget <image_url>
18:08:29 <weiting> Oh, yes. There is still a EULA that the end user must accept it.
18:08:49 <weiting> So it shouldn't support automation.
18:09:07 <weiting> Any concern about that?
18:09:33 <elmiko> i think the concern is that sahara-image-elements may run in an automated mode, which would not be possible with the EULA
18:10:24 <elmiko> or that the image may be downloaded automatically
18:12:02 <elmiko> SergeyLukjanov: is there further concern about the EULA?
18:12:04 <SergeyLukjanov> but at least we'll be able to publish link in docs to it
18:13:05 <elmiko> any more news or updates?
18:13:24 <weiting> Yes, the image from Cloudera website should be used for publish purpose
18:13:57 <SergeyLukjanov> IMO Bug / doc / spec days should be discussed on the next meeting when ru folks will be available
18:14:18 <crobertsrh> +1
18:14:24 <SergeyLukjanov> and I don't see any more active agenda items
18:14:38 <SergeyLukjanov> #topic Open discussion
18:15:33 <elmiko> #action discuss bug/doc/spec days at Jan. 15 meeting
18:15:34 <kchen> need we manage the cdh versions?
18:16:19 <kchen> I registered a bp on this. I think currently cdh version management is confusing.
18:16:30 <tmckay> hey there, I have an open discussion item
18:16:36 <elmiko> yes, i think that bp looks good
18:16:48 <SergeyLukjanov> kchen, +1
18:16:49 <tmckay> It's been a while since we talked about how to include hadoop-openstack.jar
18:17:01 <tmckay> (or hadoop-swift.jar, however it's named_
18:17:10 <SergeyLukjanov> kchen, AFAIK sreshetniak was planning to add some versions managemens to CDH plugin
18:17:23 <elmiko> tmckay: hadoop-openstack
18:17:35 <tmckay> originally we had our jar injected into hadoop 1 and hadoop 2 from the mirantis site
18:17:39 <SergeyLukjanov> tmckay, job is partially ready, I'll complete it next week (after holidays)
18:18:13 <tmckay> SergeyLukjanov, okay.  To summarize: right now it is injected as an element for hadoop 1, but not for hadoop 2
18:18:17 <SergeyLukjanov> tmckay, and it'll be published on tarballs.o.o/sahara/hadoop-swift/hadoop-swift-latest.jar
18:18:33 <SergeyLukjanov> tmckay, hm
18:18:44 <tmckay> SergeyLukjanov, so will we add it back as an element for hadoop 2?
18:18:57 <elmiko> i think we should
18:18:58 <kchen> so it means the version management for cdh is already ongoing?
18:18:59 <tmckay> dmitryme removed it last April since Hadoop already had a jar included :)
18:19:52 <tmckay> I found this btw because I am working on fixing up DIB for spark to include hadoop-openstack.jar in the image
18:20:01 <tmckay> for swift support
18:20:39 <tmckay> another hurdle, fyi, is that we need to change the CDH version or we need to include a jackson jar somehow to fix an incompatibility
18:20:44 <SergeyLukjanov> kchen, I think you should ping sreshetniak about it, I think he has some ideas about it by not started implementing it
18:21:34 <kchen> ok. I will ping him on this topic.
18:22:05 <elmiko> SergeyLukjanov: kchen has a bp up for it though, maybe sreshetniak could comment as well
18:23:57 <alazarev> sorry, I'm late, thought it is in 11am
18:24:29 <elmiko> alazarev: no problem, any topics?
18:25:34 <alazarev> not from my side, I was busy with SSL stuff and configs clean up
18:26:00 <elmiko> i'd like to just bring up the security guide again
18:26:01 <alazarev> plan - multi workers for API and signals support
18:26:33 <SergeyLukjanov> alazarev, multi workers?
18:26:56 <alazarev> SergeyLukjanov, https://review.openstack.org/#/c/145601/
18:27:42 <alazarev> SergeyLukjanov, if we want signals support - let's do it right ;)
18:28:06 <SergeyLukjanov> alazarev, /me looking
18:28:08 <elmiko> +1 for doing it right
18:28:54 <SergeyLukjanov> alazarev, hm, we're running API in threads
18:29:03 <SergeyLukjanov> alazarev, it's done by flask / eventlet
18:29:15 <SergeyLukjanov> alazarev, and it's not wsgi app
18:29:52 <SergeyLukjanov> alazarev, and your spec is actually talking not about wsgi workers
18:29:56 <alazarev> SergeyLukjanov, no, I tried, hanging of one API request leads to complete API stop
18:30:46 <SergeyLukjanov> alazarev, it was running in green threads some time ago
18:31:35 <alazarev> SergeyLukjanov, green threads is not a production ready solution
18:31:54 <alazarev> SergeyLukjanov, other projects use green threads for debug only
18:32:03 <SergeyLukjanov> alazarev, the whole openstack is based on greenthreads
18:33:53 <alazarev> SergeyLukjanov, we just run wsgi.server without any threads, sleep in any api handler leads to stoping API handling
18:34:32 <SergeyLukjanov> alazarev, we could spawn a set if API processes like it's done in some openstack projects
18:34:43 <SergeyLukjanov> alazarev, but the most correct way is to support wsgi
18:35:13 <alazarev> SergeyLukjanov, I like how it is done in heat
18:35:18 <SergeyLukjanov> alazarev, flask docs re wsgi in apache - http://flask.pocoo.org/docs/0.10/deploying/mod_wsgi/#mod-wsgi-apache
18:35:23 <SergeyLukjanov> alazarev, link?
18:36:29 <alazarev> https://github.com/openstack/heat/blob/master/heat/common/wsgi.py#L248
18:39:02 <elmiko> heat's solution looks interesting
18:39:10 <SergeyLukjanov> alazarev, yeah, it looks nice, but it's not a support for wsgi, it's just an eventlet wsgi server and green threads
18:39:20 <SergeyLukjanov> alazarev, so, as you say it's not production ready :)
18:39:51 <alazarev> they don't use green threads
18:39:57 <alazarev> they fork processes
18:40:23 <alazarev> https://github.com/openstack/heat/blob/master/heat/common/wsgi.py#L328
18:40:34 <alazarev> green threads for debug only
18:40:35 <SergeyLukjanov> alazarev, oops, bad wording, I mean that it's still evenlet's wsgi
18:41:17 <SergeyLukjanov> alazarev, and I think that it's a bad idea to copy-paste their wsgi module
18:41:31 <alazarev> all openstack use eventlet wsgi, we have nothing to do with this
18:42:12 <alazarev> SergeyLukjanov, not all module, just Server class
18:43:02 <SergeyLukjanov> alazarev, some projects supports real wsgi
18:43:05 <SergeyLukjanov> alazarev, keystone at least
18:43:52 <alazarev> SergeyLukjanov, I'll take a look
18:44:10 <SergeyLukjanov> alazarev, I think all services are using https://github.com/openstack/oslo-incubator/blob/master/openstack/common/service.py
18:44:16 <elmiko> ~15 min left
18:44:35 <SergeyLukjanov> alazarev, and it's maintained now - https://github.com/openstack/oslo-incubator/blob/master/MAINTAINERS#L173
18:45:03 <SergeyLukjanov> alazarev, I prefer using https://github.com/openstack/oslo-incubator/blob/master/openstack/common/service.py as common and maintained code
18:45:20 <alazarev> what happened with common.wsgi? They removed it some months ago
18:45:26 <SergeyLukjanov> alazarev, https://github.com/openstack/oslo-incubator/blob/master/openstack/common/service.py#L309
18:46:03 <SergeyLukjanov> alazarev, it was removed about year ago I think, it was depricated and we're using only json serializer from it AFAIK
18:46:12 <alazarev> SergeyLukjanov, yeah, look similar, I agree that using common code is better
18:46:58 <SergeyLukjanov> alazarev, more than that, it looks like oslo's impl is much more flexible and it's used at least in nova
18:48:39 <SergeyLukjanov> alazarev, okay, so, sounds we agreed you to try using oslo-incubator/service
18:48:51 <alazarev> SergeyLukjanov, yeap
18:49:02 <SergeyLukjanov> folks, anything else?
18:49:06 <elmiko> yes
18:49:14 <elmiko> just wanted to bring up sec. guide one more time
18:49:22 <SergeyLukjanov> alazarev, I'll review the spec itself early next week
18:49:23 <alazarev> more reviews for https://review.openstack.org/#/c/133590/, plz ;)
18:49:39 <elmiko> i could use any extra advice or opinions on our position in terms of how we recommend our users to secure their installations
18:49:39 <SergeyLukjanov> elmiko, added to the reading list
18:49:46 <elmiko> SergeyLukjanov: thanks
18:50:06 <SergeyLukjanov> elmiko, only ideas about how insecure it
18:50:17 <elmiko> lol
18:50:20 <elmiko> speaking of that
18:50:35 <elmiko> i want to start investigating if we could use the OSSG Bandit project
18:50:39 <elmiko> #link https://wiki.openstack.org/wiki/Security/Projects/Bandit
18:50:57 <elmiko> it's a static code analysis tool to help identify security weaknesses
18:51:27 <tmckay> elmiko, +!
18:51:43 <crobertsrh> seems kinda interesting
18:52:07 <elmiko> ok, that's it from me
18:54:16 <SergeyLukjanov> elmiko, could you run bandit on sahara code and share results on the next meeting, please?
18:54:30 <elmiko> SergeyLukjanov: if i can get to it, yes =)
18:54:40 <elmiko> #action elmiko to run bandit against codebase
18:56:10 <SergeyLukjanov> elmiko, thx
18:56:15 <SergeyLukjanov> ok, 4 mins left
18:57:59 <crobertsrh> Hopefully, next week, I'll have some sort of proposal for what our wizard/guided mode might look like.  I may have a few options depending on what input I get from UX people.  If anyone has any ideas, please let me know.
18:58:14 <SergeyLukjanov> crobertsrh, cool!
18:58:22 <crobertsrh> Or just feel free to shoot down whatever I come up with :)
18:58:30 <elmiko> lol
18:58:48 <SergeyLukjanov> okay, thanks folks
18:58:52 <SergeyLukjanov> #endmeeting