#openstack-meeting log

18:00:14 <anteaya> #startmeeting third-party
18:00:15 <openstack> Meeting started Mon Jun 23 18:00:14 2014 UTC and is due to finish in 60 minutes.  The chair is anteaya. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:17 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:19 <openstack> The meeting name has been set to 'third_party'
18:00:31 <fthamura> sarob: yup, still learning how to understand the way all of you work
18:00:32 <anteaya> who is here for the third-party meeting?
18:00:36 <lyxus> I am
18:00:39 <anteaya> great
18:00:45 <krtaylor> o/
18:00:45 <thingee> anteaya: o/
18:00:52 <anteaya> awesome
18:00:57 <sweston> o/
18:00:57 <anteaya> nice to see you thingee
18:01:04 <anteaya> cool
18:01:05 * mestery lurks while grabbing a sandwich for lunch
18:01:09 <anteaya> let's get rolling
18:01:30 <anteaya> a light agenda so far, if you add an item mid-meeting tell me so I can refresh the wikipage and see it
18:01:39 <anteaya> our agenda
18:01:43 <anteaya> #link https://wiki.openstack.org/wiki/Meetings/ThirdParty#Agenda_for_next_meeting
18:01:57 <anteaya> #topic Welcome & Reminder of OpenStack Mission
18:02:13 <anteaya> welcome everyone
18:02:23 <anteaya> here is the openstack mission if you don't already know it
18:02:27 <anteaya> #info The OpenStack Open Source Cloud Mission: to produce the ubiquitous Open Source Cloud Computing platform that will meet the needs of public and private clouds regardless of size, by being simple to implement and massively scalable.
18:02:41 <anteaya> #topic Review of previous week's open action items
18:02:52 <anteaya> #info
18:02:54 <anteaya> ilyashakhat__ to rename driverlog ci tested? to ci exists
18:03:04 <anteaya> ilyashakhat: are you in attendance?
18:03:43 <anteaya> apparently not
18:03:50 <anteaya> #link http://www.stackalytics.com/report/driverlog
18:04:07 <anteaya> so the rename happened, thanks ilyashakhat and driverlog team
18:04:35 <anteaya> there are still a number of questions I have and changes I would like to see, so perhaps another agenda item in future
18:04:50 <anteaya> moving on
18:04:55 <anteaya> #topic Announcements
18:05:03 <anteaya> anyone have any announcements?
18:05:07 <anteaya> I don't have any
18:05:29 <anteaya> next topic then
18:05:35 <anteaya> #topic OpenStack Program items
18:05:49 <anteaya> #info patches up for third_party.rst http://ci.openstack.org/third_party.html (anteaya)
18:06:05 <anteaya> I have two patches up to make changes to third_party.rst
18:06:15 <anteaya> #link https://review.openstack.org/#/c/101013/
18:06:26 <anteaya> #link https://review.openstack.org/#/c/101227/
18:06:42 <anteaya> please take the time to review and comment
18:06:52 <anteaya> anyone have any comments now?
18:06:56 * anteaya waits
18:07:36 <lyxus> looks perfect for me
18:07:41 <anteaya> lyxus: thank you
18:07:49 <anteaya> anyone else with any feedback?
18:07:57 <asselin> anteaya, just got back from vacation so didn't look at them
18:08:03 <anteaya> asselin: welcome back
18:08:12 <anteaya> you can look at them when you have time
18:08:15 <asselin> sure
18:08:16 <anteaya> and thank you
18:08:23 <anteaya> shall we move on?
18:08:25 <krtaylor> they look good, I only had the one super minor nit
18:08:49 <anteaya> krtaylor: I depend on your nits
18:08:52 <anteaya> thanks
18:08:54 <krtaylor> hehheh
18:08:57 <anteaya> :D
18:09:09 <anteaya> anyone else have any other items from openstack programs?
18:09:27 <anteaya> okay next topic
18:09:32 <anteaya> #topic Deadlines & Deprecations
18:09:55 <anteaya> does anyone have any deadlines or deprecations that they haven't communicated in this meeting yet?
18:10:16 <anteaya> thingee: anything from cinder?
18:11:06 <anteaya> okay moving on
18:11:11 <anteaya> #topic Highlighting a Program or Gerrit Account
18:11:28 <anteaya> anyone maintaining a third party ci account with any items this week?
18:11:43 <thingee> anteaya: not at the moment :)
18:11:49 <anteaya> thingee: kk, thanks
18:12:01 <sweston> not from us
18:12:08 <anteaya> sweston: great
18:12:09 <lyxus> nothing here too
18:12:13 <anteaya> okay
18:12:16 <anteaya> I have a question
18:12:30 <anteaya> I don't know if anyone was following the exchange on the infra ml
18:12:39 <anteaya> but the question of hosting logs came up
18:12:41 <lyxus> about the dropbox ?
18:12:49 <anteaya> what are people using to host the logs
18:12:58 <anteaya> yes, the dropbox email discussion
18:13:05 <lyxus> apache web server
18:13:11 <anteaya> lyxus: thanks
18:13:14 <anteaya> sweston: you?
18:13:18 <sweston> anteaya: I have been following it closely.  Your recommendation was a good one, apache over https is a solid solution
18:13:33 <anteaya> sweston: thanks, is that what you are doing now?
18:13:52 <lyxus> https might be a bit overkill though
18:13:55 <sweston> anteaya: I would recommend that people purchase an ssl certificate however
18:14:11 <anteaya> sorry when I said secure I should have choosen a different word
18:14:16 <asselin> I'm just about to start setting that up. I was planning to do http
18:14:20 <anteaya> I didn't requrie https
18:14:28 <akerr> https seems odd for open source logs 😊
18:14:31 <anteaya> I required that the server is not open to hacking
18:14:40 <anteaya> which happened with another ci account
18:14:54 <anteaya> what would should I have used if 'secure' was the wrong one?
18:14:56 <sweston> https has some benefits, including ensurance that the client is actually using your server
18:15:00 <lyxus> anteaya, I never said that you did :) I was refering to sweston message :)
18:15:01 <hemna> anteaya, I'm setting up a vm on hpcloud to host our 3rd party CI logs.  was planning on just using apache to serve them up.
18:15:17 <kevinbenton> what was the reason for https. is there sensitive information in some of these logs?
18:15:23 <anteaya> hemna: thanks
18:15:26 <hemna> I was not planning on using https
18:15:44 <anteaya> no, I didn't mean that https is required
18:15:48 <krtaylor> PowerKVM is using the IBM SoftLayer swift service
18:15:54 <anteaya> I meant prevent someone from hacking your server
18:16:21 <anteaya> how should I have said, set up a server, prevent it from being hacked and put apache on it?
18:16:35 <lyxus> anteaya, maybe says a "hardened server"
18:16:37 <anteaya> krtaylor: interesting
18:16:51 <anteaya> ah a better term thank you, a hardened server
18:16:55 <anteaya> I'll use that
18:17:06 <anteaya> to clear up any confusion I may have cause
18:17:12 <anteaya> https is not a requirement
18:17:22 <sweston> anteaya: maybe as a recommendation, but not a requirement.  and I wouldn't recommend using hardened that really has a different meaning
18:17:25 <anteaya> when serving logs
18:17:40 <anteaya> sweston: hmmmm, what does hardened mean to you?
18:17:54 <anteaya> maybe I should just say 'a server that won't be hacked'
18:17:59 <anteaya> since that is what I mean
18:18:13 <jgriffith> anteaya: sounds a lot like a challenge :)
18:18:19 <anteaya> oh great
18:18:25 <jgriffith> hehe
18:18:28 <anteaya> now I am digging myself holes
18:18:44 <jgriffith> sorry... couldn't resist
18:18:46 <anteaya> I'm open to better wording
18:18:49 <anteaya> ha ha ha
18:18:51 <sweston> anteaya: hardened means that steps have been taken to prevent compromise of the server, this usually means ids and ips and significant customization
18:19:00 <anteaya> oh
18:19:02 <asselin> anteaya, can you be more specific to what happened in the other ci case?
18:19:08 <anteaya> yeah, not neccessary
18:19:11 <anteaya> asselin: sure
18:19:29 <anteaya> trianths set up a server, rendering the logs timed out for me
18:19:39 <anteaya> he assured me he could reach the logs
18:19:55 <anteaya> I told him timeouts were unacceptable, and to review his server logs
18:20:00 <anteaya> he had been hacked
18:20:16 <anteaya> how do I say, don't let that happen to you
18:20:24 <anteaya> to others setting up logs?
18:21:02 <sweston> I would need to think about the wording some more
18:21:24 <anteaya> okay we can leave it until next time, or we can discuss it on the ml thread
18:21:32 <anteaya> others are welcome to contribute
18:21:43 <anteaya> remember I have never set up one of these systems myself
18:22:06 <anteaya> so I am always glad when someone who has is willing to share their experiences
18:22:15 <asselin> yes, I don't think anyone is trying to be hacked....
18:22:26 <anteaya> I would just like to avoid more server logs being hacked in future
18:22:30 <anteaya> right
18:22:49 <asselin> so maybe we need e.g. a predefined image that others can use....for example.
18:22:55 <anteaya> but if this is someone's first time setting up a server, they might not know basic maintenance
18:23:07 <anteaya> ah then we are into maintenance of the image
18:23:15 <anteaya> which I am unwilling to take on
18:23:21 <anteaya> not saying it is a bad idea
18:23:33 <anteaya> saying that tools require maintenance
18:23:48 <asselin> where does infra store their log files? can we upload there?
18:23:51 <sweston> yes, maybe it would be better to make some general recommendations for log servers
18:23:58 <anteaya> asselin: that is a good question
18:24:04 <anteaya> logs.openstack.org
18:24:10 <krtaylor> asselin, no, there is not enough room
18:24:23 <anteaya> krtaylor: is that what it was, space constraints?
18:24:32 <anteaya> sweston: I agree
18:24:43 <sweston> for example, remote syslog, replication, file versioning
18:24:54 <krtaylor> initially, it was discussed, but logs have exploded and with the 3rd party requirements, it is just too much need
18:25:01 <sweston> but be clear that the only requirement is that the logs are available for other to review
18:25:03 <anteaya> anyone willing to open an etherpad so we can work on a draft for general recommendations for log servers?
18:25:16 <sweston> and how long they should be available for
18:25:21 <krtaylor> 1 month
18:25:26 <asselin> perhaps the 'image' used by openstack can be used by third parties?
18:25:29 <krtaylor> we discussed at last summit
18:25:40 <anteaya> asselin: what image are we referring to?
18:25:51 <asselin> the image used by this: logs.openstack.org
18:26:03 <anteaya> I am not following
18:26:13 <sweston> yup, here https://etherpad.openstack.org/p/LogServerGeneralRecommendations
18:26:19 <anteaya> sweston: thank you
18:26:32 <anteaya> #link https://etherpad.openstack.org/p/LogServerGeneralRecommendations
18:26:54 <asselin> someone at openstack setup a server that "cannot be hacked". Perhaps they have an image or a script already defined we can re-use.
18:27:02 <anteaya> asselin: ah
18:27:11 <anteaya> those are our puppet manifests
18:27:16 <anteaya> publicly available
18:28:03 <anteaya> #link http://git.openstack.org/cgit/openstack-infra/config/tree/manifests/site.pp
18:28:17 <anteaya> manifest for all infra servers ^
18:29:43 <anteaya> any one else have anything to say on this?
18:29:47 <asselin> I don't see it "defined" just consumed
18:29:54 <anteaya> some of us have moved to the etherpad
18:31:26 <anteaya> clarkb: tells me it is part of the static.o.o host
18:31:51 <asselin> anteaya, thanks
18:32:06 <clarkb> http://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/manifests/static.pp#n68
18:32:27 <clarkb> though long term plan is still to move to swift
18:32:37 <clarkb> we have hit a speed bump with a jenkins plugin being silly though
18:32:45 <anteaya> clarkb: thanks
18:32:49 <anteaya> which plugin?
18:33:08 <krtaylor> clarkb, are you still interested in how we are pushing to swift?
18:33:13 <sweston> clarkb: I know what you mean, jenkins has been my biggest blocker lately as well
18:33:27 <krtaylor> I wasn't sure if we were switching to zuul approach
18:33:30 <clarkb> krtaylor: yes very interested
18:33:48 <anteaya> clarkb: well it is the third party meeting and you may have the floor
18:33:56 <krtaylor> clarkb, ok, sorry for the delay, I went on vacation
18:33:58 <anteaya> welcome to expand if you wish
18:34:14 <clarkb> uh
18:34:15 <krtaylor> clarkb, always has the floor  :)
18:34:20 <anteaya> ha ha ha
18:34:26 <anteaya> but not if you don't have time
18:34:32 <clarkb> so zuul has learned how to pass swift time bound HMAC urls
18:34:33 <anteaya> sorry I know you aren't prepared
18:34:36 <clarkb> into the jobs
18:34:48 <notmyname> clarkb: that's cool!
18:35:08 <clarkb> so we can pass relatively safe credentials to jobs that we don't trust that only allow them to upload to a specific location for a specified time period
18:35:36 <clarkb> unfortunately the data zuul gives the job is newline delimited and the jenkins envinject plugin thinks newlines should be converted to ?
18:35:39 <clarkb> er >
18:35:53 <clarkb> so we either need to remove that plugin, upgrade that plugin, or go with a different data format
18:35:59 <clarkb> jhesketh has done most of the work around this
18:36:37 <clarkb> we are very excited for the switch but need to sort out what we are going to do with that plugin first
18:36:40 <clarkb> probably remove it completely
18:36:51 <clarkb> but that requires we convert a couple jobs that depend on it first
18:36:57 <clarkb> and I think that is all I have
18:37:05 <anteaya> thanks clarkb
18:37:15 <anteaya> anyone with questions for clarkb?
18:38:16 <anteaya> okay well jhesketh in in au, so if anyone is in that timezone and wants to help with the conversion, you will learn a lot about infra processes
18:38:25 <anteaya> and we are grateful for your help
18:38:40 <clarkb> notmyname: yes very cool and excited to get this working
18:38:52 <clarkb> notmyname: it should allow us to care a lot less about our log server :)
18:39:05 <anteaya> anyone object if we change the topic to open discussion?
18:39:18 <anteaya> here we go
18:39:22 <anteaya> #topic Open Discussion
18:39:24 <notmyname> clarkb: nice. the point of swift is to offload the hard problems of storage so you just worry about your app. perfect use case!
18:39:31 <clarkb> indeed
18:39:54 <anteaya> anyone have any items for open discussion?
18:40:17 <anteaya> in addition to swift being a great option for log storage?
18:40:27 <notmyname> :-)
18:40:36 <notmyname> anteaya: s/log//
18:40:38 <notmyname> ;-
18:40:39 <notmyname> )
18:40:45 <anteaya> true
18:40:53 <anteaya> a great option for storage
18:41:06 <anteaya> anything else on anyone's mind?
18:41:24 <anteaya> I don't want to cut you off but I don't want to drag on if we are done for today
18:41:39 <sweston> I have something
18:41:45 <anteaya> sweston:
18:42:23 <sweston> has there been any effort to create any standards on how long a system has to report their results back to Gerrit?
18:42:34 <anteaya> ah
18:42:42 <anteaya> so length of time for tests to run
18:42:47 <anteaya> not that I am aware
18:42:58 <sweston> I can see that this may take some significant effort and time
18:43:04 <anteaya> sweston: is there a reason you ask?
18:43:17 <anteaya> how long are your test runs taking?
18:43:50 <sweston> not more than about 30 minutes
18:43:58 <anteaya> fabulous
18:44:03 <sweston> but i've seen (and heard of) other systems taking days
18:44:12 <anteaya> really?
18:44:13 <sweston> wondering what sort of problems this may cause
18:44:17 <anteaya> many
18:44:31 * clarkb jumps in again
18:44:37 <anteaya> clarkb:
18:44:41 <sweston> yay, clarkb
18:44:49 <clarkb> delay like that would make me less likely to listen to third party results
18:45:08 <clarkb> which really impacts that particular third party more than anyone else
18:45:19 <krtaylor> I remember discussions centering around ~4 hours
18:45:23 <anteaya> and third party as a whole
18:45:27 <clarkb> ya
18:45:46 <anteaya> since in the eyes of the community third party is a group and is evaluated by the actions of any system
18:46:05 <anteaya> so systems running wild reduce trust in all third party ci
18:46:07 <sweston> so should there be a limit defined, somewhere. that if you don't report back within a certain amount of time, your system has missed it's chance
18:46:11 <anteaya> or running poorly
18:46:39 <anteaya> krtaylor: do you recall where the ~4 hour conversation took place?
18:46:48 <anteaya> I don't remember that one
18:47:08 <anteaya> sweston: yes I think so
18:47:35 <anteaya> sweston: would you like to offer either a thread to the mailing list to kick off that discussion?
18:47:49 <krtaylor> anteaya, I don't remember exactly, if not infra then nova I would think
18:47:54 <anteaya> and then if ~4 hours is the consensue we have a log of it
18:47:57 <sweston> anteaya: absolutely, I will start drafting it now
18:47:59 <anteaya> krtaylor: kk
18:48:02 <anteaya> thanks
18:48:14 <anteaya> sweston: if you draft in an etherpad others can join you
18:48:15 <krtaylor> it would prob be worth discussing again
18:48:20 <anteaya> and offer edits
18:48:25 <anteaya> krtaylor: /me nods
18:49:03 <anteaya> so this one with go to the ml, please weigh in with your thoughts when it does
18:49:03 <sweston> https://etherpad.openstack.org/p/ThirdPartyTimeLimits
18:49:15 <anteaya> #link https://etherpad.openstack.org/p/ThirdPartyTimeLimits
18:49:25 <anteaya> and support sweston's email draft please
18:49:31 <anteaya> anything else for today?
18:49:52 <anteaya> okay
18:50:02 <anteaya> I'd like to thank everyone for attending
18:50:18 <anteaya> our meetings are still small but they are starting to become rather productive
18:50:27 <sweston> :-D
18:50:29 <anteaya> thanks everyone for your contributions
18:50:36 <anteaya> see you next week
18:50:39 <anteaya> #endmeeting