15:09:39 #startmeeting storyboard 15:09:40 Meeting started Mon Mar 31 15:09:39 2014 UTC and is due to finish in 60 minutes. The chair is jeblair. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:09:41 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:09:43 The meeting name has been set to 'storyboard' 15:10:06 it looks like we have enough folks to have a meeting 15:10:26 yep 15:10:47 though we do not have the person needed for agenda item 1 15:10:51 #topic agenda 15:10:58 #link https://wiki.openstack.org/wiki/StoryBoard 15:11:22 the wiki page with the agenda has just been updated; any other last minute items to add? 15:12:00 nothing from me 15:12:46 then i'll reorder the topics in case krotscheck shows up later 15:12:52 #topic Easier access to logs (cody-somerville) 15:12:58 cody-somerville: what's up? 15:13:34 Hi. I was wondering if it would be possible to somehow get easier access to logs for storyboard.o.o? I understand it currently requires a member of openstack-infra core with ssh access to retrieve. 15:14:57 those logs wold help to solve a 'random 500' issue 15:15:30 this one https://storyboard.openstack.org/#!/story/40 15:15:44 cody-somerville: in principle we try to make as much information about infra systems operation as possible public 15:16:29 cody-somerville: to that end, all our monitoring is unrestricted, puppet logs are public, and in some cases (nodepool image builds) entire logs are public 15:17:14 cody-somerville: i think there would be two things to consider in making storyboard logs public -- a) the security of account credentials, and b) user privacy 15:18:04 a) i'm not sure if we can guarantee than storyboard is never going to dump the password into the logs (courtesy of, say sqlalchemy?) 15:18:18 jeblair: at this point we do not store any private information in our database 15:18:34 the password goes to Launchpad only 15:19:02 and b) some people might consider their ip address private information and want to avoid being associated with it publicly 15:19:35 i don't know if that's a widely held belief in this community, but i do know some communities/organizations feel that way 15:20:34 oh, tokens show up in the logs 15:21:38 jeblair: agree, tokens should stay private 15:21:46 so storyboard auth tokens themselves might be accessible in the logs... it's possibly that it's only intermediary tokens; i'm not certain 15:22:56 so on the other side of this, we have the thought that it should be easy for devs to run a test instance, and so most problems should be able to be debugged locally 15:23:11 authorization codes are single-use, so nothing bad will happen if those leak 15:23:27 I would suggest that maybe we can more lenient with log access until MVP 15:23:27 that leaves only bugs that are unique to our production instance as the ones needing support from logs 15:24:21 but would be happy with restricted mechanism (maybe shared username and password coupled with scouts honour). 15:25:07 one class of those bugs are the ones where we screw up the database because we're not actually testing it. i firmly believe we need to fix that with testing. 15:25:42 that leaves things like this random 500 error, which, one assumes is not a pervasive db problem (we don't know yet because no one has looked) 15:26:38 there are four people who can check the production server logs, and are happy to do it in these cases 15:26:57 Note that the recommended dev setup may be fairly different than the current production setup, so there may be a set of associated issues (e.g. mod_wsgi vs. other means of running it) 15:29:08 persia: good point; i think they should be as close as possible. mod_wsgi may be a big thing to ask of a developer. i don't think we should require it, but i do think it's reasonable for a serious developer to use it on occasion (i've certainly done that for similar projects in the past). 15:29:10 and then after MVP, we can go back to requiring member of infra core with ssh access 15:29:59 jeblair: Just updating the storyboard docs to explain *how* would be a big step. The current prod setup says "pip install storyboard ... mod_wsgi is recommended". 15:30:26 cody-somerville: so far, i've only been asked to look at logs once, and i was happy to do so and provided the information within about a minute; to my knowledge, no one has asked for us to look at the most recent 500 errors 15:31:07 cody-somerville: so for the moment, i'd like to stick with "if you need a log entry, ask in #openstack-infra" 15:31:17 and let's see if that doesn't scale 15:31:37 ttx: right 15:31:50 persia: i could take AI to update docs about prod deployment 15:31:55 Are there timezone concerns here? Is there good infra coverage for folk in +2 or +3? 15:31:58 jeblair, ++ 15:32:23 ruhe: If you did, I'd be very pleased to do the review, including validating the docs by performing such a setup and running the test suite against it. 15:32:23 persia: Sergey is at... +5? 15:32:58 though SergeyLukjanov is infra-core, not infra-root. we still need to expand infra-root coverage 15:32:59 it was re -- [19:31:07] cody-somerville: so for the moment, i'd like to stick with "if you need a log entry, ask in #openstack-infra" 15:33:07 ttx: Then even moreso. From a +9 perspective, infra coverage is good because of overlap with -7, but I doubt that to be the case for +5. 15:33:49 my tz is +4, so, probably we could expand access for me in this case 15:33:55 * persia suddenly understands and is shamed 15:34:13 SergeyLukjanov: Apologies: I just don't see you chattering a lot on IRC in the "quiet time" :) 15:34:55 persia, my bad, I'm mostly accessible on-highlight 15:34:57 anyway, if this doesn't scale, we can look into something like password restricted logs, or a shared production-test environment 15:35:44 jeblair, openstack-dev with some fake auth could be an option 15:35:51 storyboard-dev* 15:36:08 but production is always going to be tightly restricted, so as we learn how to develop and run a cd system like this, i think it's good to know what the parameters are and to start designing around them early 15:36:09 Even if the logs contain authentication tokens? 15:37:11 A shared production test environment sounds the most flexible: it also allows deployment of stuff for verification that the infra changes won't break the commits. 15:37:25 How much effort is it to set up such an environment? 15:37:33 persia: yes. the main reason i'd be resistent to that is because that's the job of the test system. 15:37:48 persia: and production is going to be continuously deployed anyway 15:38:00 persia: so you'd just end up with two broken systems. 15:38:05 Ah, so the tests should include testing mod_wsgi, etc.? 15:39:03 persia: if mod_wsgi is critical to the operation of it, yes. however, i don't think it is, so i don't think its necessary. 15:39:32 i think we're getting a bit off topic; this is starting to feel like open discussion... 15:39:46 I'm just using that as an example of where the recommended config differs, with the idea that any point of variance can be a source of unexpected issues. 15:39:55 so before we go there, maybe we can spend a few minutes on the other item 15:40:01 #topic MVP status (krotscheck) 15:40:19 krotscheck isn't here, but i bet we can figure out what's going on 15:41:01 the last thing missing was comments and pagination, I guess 15:41:11 so both of them are merged 15:42:01 wasn't there a problem with pagination? i think it was disabled because of that? 15:42:15 https://review.openstack.org/#/c/83847/ is reputedly important for firefox users. 15:42:54 it looks like we can update status as well 15:43:00 * ttx looks 15:43:37 https://storyboard.openstack.org/#!/story/11 says it has 'landed' 15:44:35 i'm pretty sure we said that should be "change merged" rather than landed... 15:44:45 but hey, it's there :) 15:44:55 I think it may be useful now 15:45:19 ttx: i think i would agree (well, for me, once that ff patch lands) 15:46:11 the thing behaves more than weirdly when you click on description but then not on save 15:46:18 It won't scale much yet: no searching, no tagging. But that won't matter until there are hundreds of stories. 15:46:19 places "undefined" stuff everywhere 15:46:32 ttx: yeah, that's the ff patch 15:46:32 ttx: Thats the FF patch. 15:46:36 oh. 15:46:36 Someone using FF needs to review it. 15:46:45 that would be me 15:46:58 I'll review it 15:47:20 speaking of which, i thought we had docs-draft copies of the webclient configured to use the production api server, but it doesn't seem to be working for me 15:47:30 if we did, that would make reviewing those a little easier 15:47:41 as soon as I find 2 min 15:47:48 jeblair: `tox -e grunt server:prod` doesn't work? 15:48:02 persia: that's beside the point 15:48:54 anyway, back to topic -- i think we should continue to poke at it for a bit, but i think we're getting close to a point where we should discuss how to use it for more infra-related tasks and really start dogfooding it. 15:49:14 I thought that was the webclient configured to use the production server. krotscheck told me that there is no current support for running the client and API server on different hosts. 15:51:03 persia: hrm, that seems unecessary; i think it's important that the client be able to be run anywhere, including docs-draft and developer workstations (a dev should be able to test out changes against the production server) 15:51:21 Yes, but there needs to be a local proxy on the dev workstation 15:51:39 krotscheck says we need CORS support to do it the other way. 15:51:46 persia: ah that makes sense 15:52:23 tox -e grunt server:prod sets up the local proxy to point at production API server, so very good for quick testing of UI stuff if you don't have your own API server environment running somewhere. 15:52:39 #topic open discussion 15:53:42 i have not had time to make headway on the 'test on mysql' change since last week, but my plan is to continue work in that direction 15:54:54 jeblair: I've been running tests on both mysql and postgres installed locally 15:55:06 and they are running fine so far 15:55:21 NikitaKonovalov: i mean _all_ the tests; they definitely don't all pass right now 15:55:56 jeblair: this one https://review.openstack.org/#/c/82872/ ? 15:56:04 ruhe: yes, that 15:56:12 NikitaKonovalov: you can see a list of issues in the comments on that change 15:56:57 the next step for that is to either fix the sqlalchemy model to specify the engine, or switch to alembic for creating the model for the tests; i'm going to explore using alembic 15:57:15 it might end up being crazy and slow, but i'd like to at least see what that looks like 15:57:56 anyway, once the tables are being created correctly for the unit tests on jenkins, the other issues will be visible 15:58:11 jeblair: with the current number number of tests running alembic on each test might be fine; but i'd expect a lot more tests in near future 15:58:37 but we always can re-use old code which runs migrations only once and captures DB DDL and applies it in each tests 15:58:53 ruhe: yes, it might be a problem then. openstack compresses upgrades periodically though, we could adopt something similar... 15:59:01 ruhe: or that ^ could work too 15:59:20 anyway, i think time is up 15:59:32 thanks everyone! hopefully we'll have a few more people next week. :) 15:59:47 It helps to have had a meeting to get used to the new day/time :) 15:59:48 #endmeeting