#openstack-meeting-alt log

16:05:46 <devkulkarni> #startmeeting Solum Team Meeting
16:05:47 <openstack> Meeting started Tue Nov 18 16:05:46 2014 UTC and is due to finish in 60 minutes.  The chair is devkulkarni. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:05:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:05:50 <openstack> The meeting name has been set to 'solum_team_meeting'
16:06:10 <dimtruck> Dimitry Ushakov
16:06:14 <adrian_otto> Adrian Otto
16:06:15 <datsun180b> Ed Cranford
16:06:21 <devkulkarni> adrian_otto: I just started the meeting
16:06:26 <adrian_otto> sorry I am behind schedule today.
16:06:29 <devkulkarni> devdatta kulkarni
16:06:34 <adrian_otto> thanks devkulkarni
16:06:35 <muralia> murali allada
16:06:46 <devkulkarni> we are in #topic roll call
16:07:00 <mkam> Melissa Kam
16:07:35 <adrian_otto> I will edit the agenda real quick, stand by
16:07:46 <devkulkarni> thanks adrian_otto
16:09:15 <adrian_otto> #link https://wiki.openstack.org/wiki/Meetings/Solum#Agenda_for_2014-11-18_1600_UTC Our Agenda
16:09:34 <adrian_otto> devkulkarni: I'm happy to have you lead this meeting if you like
16:09:57 <devkulkarni> adrian_otto: no worries. you can take over now that you are here :)
16:10:05 <adrian_otto> #topic Announcements
16:10:19 <adrian_otto> 1) Juno's final release will be tagged today or tomorrow
16:10:24 <datsun180b> i think you need to convince the bot that you're the chair
16:10:43 <adrian_otto> datsun180b: aah
16:10:45 <devkulkarni> oh! adrian_otto should I endmeeting then?
16:11:09 <adrian_otto> no, let's just have you repeat the channel commands for the sake of the minutes
16:11:16 <adrian_otto> or I can just prompt you
16:11:18 <devkulkarni> ok, sounds good
16:11:22 <adrian_otto> let's enter Announcements
16:11:27 <devkulkarni> irc://chat.freenode.net:6667/#topic Announcements
16:11:43 <adrian_otto> you are using Adium with that goofy cut/paste quirk
16:11:54 <devkulkarni> #topic Announcements
16:11:58 <adrian_otto> perfect
16:12:11 <adrian_otto> so watch for the release coming today or Wed.
16:12:19 <devkulkarni> great. thanks adrian_otto
16:12:22 <adrian_otto> any other announements?
16:12:28 <devkulkarni> is that process documented somewhere?
16:12:49 <devkulkarni> if not it will be great to have it documented on our wiki somewhere
16:12:50 <adrian_otto> devkulkarni: yes, in fact it's.
16:12:56 <devkulkarni> oh cool.
16:13:00 <adrian_otto> I can dig that up and share it
16:13:09 <devkulkarni> that will be awesome
16:13:16 <adrian_otto> I do have one other announcement
16:13:19 <adrian_otto> one sec
16:13:54 <adrian_otto> 2) An article featuring application ecosystem for OpenStack
16:14:07 <adrian_otto> #link http://blogs.cisco.com/datacenter/going-native-with-openstack-centric-applications-overview Going Native with OpenStack Centric Applications: Overview
16:14:36 <devkulkarni> cool.
16:14:40 <adrian_otto> If you have not already seen this, take a look. It's one of the most comprehensive works of its type
16:14:51 <adrian_otto> ok, devkulkarni let's proceed to action items
16:15:01 <devkulkarni> were cisco folks there at solum session at the summit?
16:15:07 <adrian_otto> unless we have other announcements from the team
16:15:23 <adrian_otto> yes, the author of this article Lee Calcote was present
16:15:42 <devkulkarni> I see
16:15:49 <devkulkarni> #topic Review action items
16:15:58 <adrian_otto> we also had representation from a few groups in Oracle
16:16:14 <adrian_otto> including an R&D team that works on Solaris
16:16:26 <devkulkarni> nice. is there a video recording of the session?
16:16:33 <devkulkarni> oh cool
16:16:55 <adrian_otto> I don't think there was a camera there
16:17:04 <adrian_otto> but I can't be certain
16:17:10 <adrian_otto> it was a long week in Paris
16:17:16 <dimtruck> :)
16:17:29 <adrian_otto> ok, so action items, thanks devkulkarni
16:17:44 * adrian_otto dimtruck to follow up on bugs 1359516 and investigate for any specific issues in replacing simple_server with mod_wsgi
16:17:45 <uvirtbot> Launchpad bug 1359516 in solum "Needs to handle http header 'X-Forwarded-Proto'" [Undecided,Confirmed] https://launchpad.net/bugs/1359516
16:17:48 <adrian_otto> status on this?
16:18:07 <dimtruck> yes - research has been completed
16:18:17 <dimtruck> i spoke to a number of other teams who implemented the same feature
16:18:18 <adrian_otto> what did we learn from that pursuit?
16:18:27 <dimtruck> i'll put in a patch request this week
16:18:40 <dimtruck> basically, same thing as we though "simple_server should not be used in prod"
16:18:47 <dimtruck> thought*
16:19:10 <adrian_otto> makes sense
16:19:14 <devkulkarni> makes sense. thanks for the research on this dimtruck
16:19:26 <adrian_otto> ok, and further input needed from the team or beyond in order to act?
16:19:32 <dimtruck> if you want to, we can review where the patch is next tuesday...hopefully it'll be merged by then but in case the group has questions..
16:19:44 <dimtruck> i'll write up the findings in launchpad
16:20:04 <adrian_otto> dimtruck: if you have progress to share you can present it in the BP/Task Review section next Tues.
16:20:09 <dimtruck> sounds great!
16:20:11 <dimtruck> i'll do that
16:20:16 <adrian_otto> but I think we can drop the AI now, agreed?
16:20:28 <dimtruck> yes sir
16:20:32 <adrian_otto> ok, super
16:20:33 * adrian_otto dimtruck to report back results of multi-node devstack with solum setup
16:20:33 <devkulkarni> yes
16:20:48 <dimtruck> we've discussed this last week after we set this action item
16:21:05 <dimtruck> i think the consensus here is that barbican will work for us, pending finalization of their api
16:21:18 <adrian_otto> ok, so no need to carry this AI forward?
16:21:22 <dimtruck> and that's the only thing stopping us from multi-node devstack
16:21:28 <dimtruck> adrian_otto: correct
16:21:30 <adrian_otto> I do have input on this subject
16:21:41 <adrian_otto> I engaged the Barbican team on the subject of the API
16:21:46 <dimtruck> oh nice!
16:22:05 <adrian_otto> and they assured me that the current version of the API (to be known from this point as v1) will be a supported, stable API
16:22:15 <adrian_otto> and there shall be no contract breaking changes
16:22:31 <adrian_otto> if they adjust the API, it will be subsequent to a version bump
16:22:40 <adrian_otto> so this is the appropriate time to take dependencies on the API
16:22:44 * adrian_otto applause
16:22:46 <dimtruck> awesome!
16:23:25 <adrian_otto> ok, and our last AI was about the release cut, which I covered in the Announcements section
16:23:42 <devkulkarni> cool
16:23:50 <adrian_otto> since that needs completion, please carry it for us
16:23:56 <adrian_otto> devkulkarni: #action adrian_otto to cut the final Juno release
16:24:11 <devkulkarni> #action adrian_otto to cut the final Juno release
16:24:19 <devkulkarni> #topic Blueprint/Task review
16:24:21 <adrian_otto> and once we record that, let's proceed to BP/Task Review
16:24:51 <adrian_otto> ok, any work items for the team to consider/discuss today?
16:25:13 <devkulkarni> I have one discussion point.
16:25:29 <adrian_otto> yes?
16:25:30 <datsun180b> i've got one
16:25:41 <adrian_otto> ok, devkulkarni then datsun180b
16:25:41 <devkulkarni> there was an email today on the mailing list about what will be easy place to get started to contributing to solum.
16:26:04 <devkulkarni> I suggest that we mark our bugs as 'low hanging fruit' if they are relatively easy to fix
16:26:12 <adrian_otto> we probably have no bugs labeled as low-hanging-fruit?
16:26:19 <devkulkarni> that way folks who want to join and contribute can start there
16:26:21 <adrian_otto> excellent suggestion
16:26:27 <datsun180b> how about that one about assemblies freezing in BUILD when deploy fails
16:26:32 <adrian_otto> does anyone have some bugs in mind we should mark accordingly?
16:26:38 <devkulkarni> I have added several bugs last week. I think some of them are low hanging fruits
16:26:39 <datsun180b> detect it, scream ERROR, git review
16:26:42 <devkulkarni> I will mark them as such
16:27:02 <adrian_otto> devkulkarni: tx!
16:27:15 <adrian_otto> datsun180b: that's actually a Docker problem, I think
16:27:29 <datsun180b> well we can listen
16:27:38 <mkam> there are also some usability bugs that could be taken care of
16:27:40 <datsun180b> worth investigating anyway
16:27:40 <devkulkarni> I will do that today
16:27:41 <adrian_otto> I have run into that myself, and what I find is that the network bridge that docker brings up is not passing network traffic from the host to the comtainer, or back
16:27:42 <mkam> like improving error messages
16:27:50 <dimtruck> mkam: +1
16:27:54 <adrian_otto> so any task that tries to use the network fails to resolve names
16:28:09 <datsun180b> oh cool so there's some notes
16:28:24 <adrian_otto> once docker gets in that state, the container needs to be killed, removed, docker daemon restarted, and container run again
16:28:41 <adrian_otto> it's actually a bug in docker that is solved in about version 1.2
16:28:53 <adrian_otto> so upgrading Docker will cause that symptom to be avoided
16:28:56 <datsun180b> guess this one was hanging too low then
16:30:11 <adrian_otto> datsun180b: was that the one you wanted to raise for discussion, or did you have another topic to touch on?
16:30:17 <datsun180b> #link https://github.com/stackforge/solum/blob/master/contrib/devstack/lib/solum#L73
16:30:24 <datsun180b> whyfor does demo get to have a service role
16:30:52 <devkulkarni> datsun180b: good point. we should remove it.
16:31:09 <datsun180b> i'm currently working on filtering resources by project and am already working on this and some related troubles
16:31:26 <devkulkarni> +1 datsun180b
16:31:41 <adrian_otto> sounds like this should have a bug filed against it
16:31:53 <datsun180b> removing that line on its own means that demo can't create the trust to let solum work on his behalf
16:32:12 <datsun180b> filing it now then
16:32:17 <adrian_otto> datsun180b: tx!
16:32:50 <devkulkarni> datsun180b: so what change is required in addition to make the trust get created properly?
16:33:06 <devkulkarni> let me rephrase that —
16:33:09 <datsun180b> #link https://bugs.launchpad.net/solum/+bug/1393853
16:33:12 <uvirtbot> Launchpad bug 1393853 in solum "Demo has the service user role for its own project" [Undecided,New]
16:33:15 <datsun180b> devkulkarni: still working on that
16:33:23 <devkulkarni> okay
16:33:41 <devkulkarni> thanks datsun180b for catching this
16:33:43 <datsun180b> looks like i'm missing a role either on solum's part or demo (substitute any other non-priv user)'s
16:34:07 <james_li> datsun180b: a service role is required for creating a trust, right?
16:34:10 <datsun180b> bottom line is demo is not a non-privileged user at present
16:34:22 <datsun180b> james_li: seems that's the case
16:34:49 <adrian_otto> james_li: yes, that's my understanding
16:35:08 <devkulkarni> james_li: but who needs that trust? is it the service user or the trustor, which in this case will be demo user?
16:35:44 <devkulkarni> we might have to define additional roles then
16:36:13 <devkulkarni> the roles required to create trust should not be same as more powerful admin roles
16:36:22 <datsun180b> on my env currently i've created a user role, three users, and their separate tenant/projects for testing resource exclusion
16:36:23 <james_li> devkulkarni: I guess service user needs to load the context for the trustor from the trust created before
16:37:11 <devkulkarni> james_li: makes sense. but for creation of trust, we are saying that the trustor (user demo) needs to have the same service role as the service user.
16:37:44 <devkulkarni> can we add a new role which whose permission will be only to create trusts and no more?
16:38:37 <devkulkarni> I guess we will have to dig into this more.. datsun180b you are on it already I suppose?
16:38:40 <adrian_otto> sounds like we could use some guidance from the keystone team on this
16:38:48 <datsun180b> like glue on stamps i am
16:38:57 <james_li> devkulkarni: that makes sense to me
16:39:12 <james_li> devkulkarni: about creating a new role for trusts
16:39:18 <adrian_otto> the idea of making a role to create trusts sounds insecure
16:39:40 <datsun180b> especially if we hand it to every user
16:40:01 <devkulkarni> but giving every user the admin role is equally bad
16:40:06 <datsun180b> right
16:40:08 <adrian_otto> I think the intent for trusts is to have a service account for each user account to delegate trusts accordingly
16:40:28 <adrian_otto> or per role, that's the part I am not clear about
16:40:42 <adrian_otto> or if that matters for us at all
16:41:28 <datsun180b> i'm content to keep digging
16:41:40 <devkulkarni> datsun180b: +1
16:42:02 <adrian_otto> ok, thanks datsun180b Morgan Fainberg has been a good resource for these matters before
16:42:34 <adrian_otto> and Adam Young was also talking about this when I saw him in Paris
16:43:01 <adrian_otto> he has some really neat integrations with keystone and kerberos that he was showing
16:43:36 <adrian_otto> for effective SSO. The subject of trusts came up when the need for unattended access was mentioned.
16:44:29 <adrian_otto> so instead of using a bearer token to authorize and action in an unattended (no suer present) mode, the trust token and service account are used
16:44:39 <adrian_otto> anyway, sounds like datsun180b is set for now
16:44:50 <adrian_otto> shall we proceed to Open Discussion?
16:44:55 <devkulkarni> +1
16:45:02 <devkulkarni> #topic Open Discussion
16:45:58 <adrian_otto> crickets :-)
16:46:10 <adrian_otto> any objections to wrapping up for today?
16:46:21 <devkulkarni> none
16:46:32 <adrian_otto> ok, let's adjourn
16:46:38 <devkulkarni> #endmeeting