18:00:51 <SlickNik> #startmeeting trove 18:00:52 <openstack> Meeting started Wed Jan 21 18:00:51 2015 UTC and is due to finish in 60 minutes. The chair is SlickNik. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:53 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:00:56 <openstack> The meeting name has been set to 'trove' 18:01:26 <SlickNik> Short agenda today — should be a quick meeting. 18:01:27 <dougshelley66> o/ 18:01:29 <sgotliv_> o/ 18:01:31 <vkmc> o/ 18:01:32 <georgelorch> o/ 18:01:35 <esmute> o/ 18:01:40 <edmondk> o/ 18:01:44 <dougshelley66> SlickNik, I think we said that last week :) 18:01:44 <SlickNik> Agenda at https://wiki.openstack.org/wiki/Meetings/TroveMeeting 18:01:49 <SlickNik> #link https://wiki.openstack.org/wiki/Meetings/TroveMeeting 18:02:04 <SlickNik> dougshelley66: I'm always hoping :) 18:02:25 <SlickNik> giving folks a few minutes to trickle in. 18:02:58 <danritchie> o/ 18:03:00 <SlickNik> #topic Review #131610 18:03:25 <SlickNik> #link https://review.openstack.org/#/c/131610/ 18:03:59 <annashen> o/ 18:04:26 <SlickNik> We had a discussion about this the last week as well. 18:05:26 <SlickNik> A few folks had some security concerns, but I think Anna updated the BP to cater to that. 18:05:30 <denis_makogon> o/ 18:06:22 <sgotliv_> it doesn't address security concerns yet, I think 18:06:27 <vkmc> IIRC last time we discussed about having a switch that would enable or disable the functionality 18:07:00 <vkmc> something that I still don't understand clearly is, what happens when that functionality is enabled 18:07:18 <denis_makogon> vkmc, seems like you are talking about capabilities 18:07:19 <vkmc> is accesing to the logs available for every user in the tenant, admins or not? 18:07:22 <SlickNik> vkmc / sgotliv_: from the last comments I have on the BP: "We did have a discussion regarding this at the Trove meeting on Jan 7th. Although I don't think that an admin would maliciously steal/compromise the customers' data -- and there's really no good way to protect a customer from a malicious admin -- I think a good compromise would be to enable this feature based on a configuration option, or implement this as an extension as opposed to 18:07:55 <sgotliv_> SlickNik, I don't see it in the blueprint :-) 18:08:27 <SlickNik> sgotliv_: Just going through it, I don't see it either. 18:08:31 <SlickNik> vkmc: Only the tenant who owns the instance would be able to access the logs. 18:08:42 <denis_makogon> SlickNik, configuration group is something that should be taken into account by by the defaul while working with logs 18:09:16 <SlickNik> denis_makogon: Can you elaborate on that comment? I'm not sure I follow. 18:10:07 <SlickNik> sgotliv_ / vkmc: I think once the BP is updated to address that concern we should be okay. 18:10:09 <denis_makogon> i mean that log accessibility should be based upon configuration group assigned to instance 18:10:30 <vkmc> ok, I understand tenant as tenant-admin 18:10:41 <denis_makogon> also there are couple things that i'd like to highlight in BP, i will put comments on the review 18:10:48 <sgotliv_> SlickNik, I agree 18:11:11 <sgotliv_> SlickNik, but its late here so tomorrow I can change my mind :-) 18:11:30 <sgotliv_> s/can/may 18:11:42 <SlickNik> sgotliv_: if you find a valid reason, that sounds reasonable :) 18:12:16 <edmondk> Is this still accurate for this feature? From BP: "The tenant might want to prevent an admin from accessing the logs, one way of going about this would be to have a switch as a parameter for trove create (admin_log_access)" 18:12:20 <SlickNik> denis_makogon: I'm not so sure about that — config values directly correspond to datastore config values (eg. my.cnf values) In this case, this feature isn't a my.cnf value. 18:13:18 * peterstac sneaks in late 18:13:21 <peterstac> o/ 18:13:26 <schang> o/ 18:13:30 <bartash> o/ 18:13:45 <vgnbkr> o/ 18:13:57 <SlickNik> edmondk: I don't think the tenant can ever do anything that completely prevents the admin from looking at the logs / data 18:14:34 <edmondk> SlickNik: Shouldn't this be taken out of the BP then if it can't be done? 18:16:03 <SlickNik> edmondk: We could chose to implement a switch, but there are other ways a cloud admin can get a the logs since they own the image / instance. 18:16:19 <SlickNik> edmondk: That part does probably need to be cleaned up. 18:17:20 <SlickNik> So wrt this, it looks like the BP just needs a couple more updates related to this. 18:17:44 <SlickNik> I don't see Anna around, so will talk to her after the meeting. 18:18:01 <SlickNik> Anything else regarding this? 18:18:32 <SlickNik> . 18:18:38 <SlickNik> #topic Open Discussion 18:18:58 <denis_makogon> i've got one 18:19:29 <denis_makogon> i've made big progress with clustering for Cassandra and MongoDB 18:19:43 <denis_makogon> so, now anyone can try it out 18:20:13 <denis_makogon> also, pachesets are including integration tests for both datastores 18:20:47 <SlickNik> denis_makogon: I just saw the patches this morning. 18:20:50 <SlickNik> will take a look. 18:20:56 <denis_makogon> sure, thanks 18:21:09 <vkmc> denis_makogon, +1 18:21:27 <vkmc> denis_makogon, will take a look as well 18:21:28 <sgotliv_> SlickNik, dod you know what happened to gates in the last week? 18:21:44 <denis_makogon> it was fixed, so nothing to worry about 18:21:48 <SlickNik> There was an issue with a documentation test. 18:22:07 <SlickNik> It's fixed now. 18:22:39 <SlickNik> It was caused by one of the maven resources hosted on rax moving from http to https 18:22:49 <sgotliv_> denis_makogon, I worry that doc test created a delay :-) 18:23:16 <SlickNik> the old resource issued a 304, but maven wasn't handling that correctly. 18:23:17 <peterstac> here's the #link https://review.openstack.org/#/c/148728/ 18:23:30 <SlickNik> Thanks peterstac 18:23:37 <peterstac> np 18:24:13 <sgotliv_> thanks Peter 18:25:21 <SlickNik> Anything else? 18:25:30 <johnma> I have one 18:25:35 <johnma> This is regarding the DB2 discussion we had last week. Regarding the licensing part there are still some internal discussions going on, so I will wait till next week's meeting to bring that part up again. But I wanted to talk about the third party CI's. Is there a deadline for the Kilo release by when we need these third party CI's setup? 18:26:34 <johnma> or did we just start discussing setting these third part CI's for Trove last week and therefore need more discussions around this before we decide 18:26:58 <SlickNik> johnma: I don't think that there's any deadline. As part of getting the new datastore merged into trove, it would be good to have the 3rd party CI up and testing the new datastore to make sure things are working and keep continuing to work. 18:27:42 <johnma> sure, I understand. would we require a similart third party CI setup for couchDB as well 18:28:45 <SlickNik> johnma: I think that's the case, although it could be the same system that runs both sets of tests. 18:29:07 <SlickNik> johnma: So that we don't underuse resources. 18:30:00 <SlickNik> johnma: The important part is that the int-tests for the datastore in question does run to make sure that the datastore code is always working. 18:30:54 <johnma> thats right. My only concern is regarding the amount of time it will take to setup these third party CI's. Do the existing datastores we have all use third-party CI's for their testing we well? 18:31:43 <SlickNik> johnma: No — we had a 3rd party CI setup for mysql before the functional tests ran under OpenStack CI (rdjenkins). 18:32:23 <johnma> Does anyone here have any expertise setting up similar third party CI's for Trove? Just to get an idea of how long it will take to setup such a system and how many people 18:32:45 <SlickNik> johnma: We will have to provide some guidance on how to set this up, and how to keep it running. 18:33:27 <X019> o/ 18:33:43 <X019> sorry I'm late :/ 18:34:04 <johnma> we have some third party CI's setup within IBM but one of the estimates from one of the team was 3-4 months which got me a little worried about making the Kilo deadlines 18:34:27 <johnma> but I will keep working on this 18:34:37 <SlickNik> johnma: I don't think it will take 3-4 months. 18:34:53 <SlickNik> Setting up rdjenkins took a couple of weeks IIRC. 18:35:10 <SlickNik> I think we need to provide some guidance (perhaps docs / wiki page) on how to do this. 18:35:17 <johnma> ok, thats promising. 18:35:28 <shayneburgess> I’m guessing the majority of the effort is around hardware availability but that’s just a guess 18:35:39 <SlickNik> There's also an openstack team that does best practices for 3rd party CI. 18:35:48 <johnma> yes documentation would be great. 18:36:35 <johnma> yes, I know about that. I am planning to join their meetings as well. I do have some links regarding setting up these CI's. 18:37:48 <johnma> ok, thanks SlickNik. Thats all I had regarding this topic for today. Another question I had is regarding the mid-cycle meetup. Is there going to be a way for remote people to connect to some part of the discussions? 18:37:50 <SlickNik> johnma: Okay, I'll follow up with you separately regarding this. Would be awesome to put what you learn through your interactions as part of the guidance docs / wiki page as well. 18:38:16 <SlickNik> johnma: Yes — I'm trying to figure out a way that remote folks can participate. 18:38:18 <johnma> absolutely. I can help put together a doc for Trove as I work on that 18:38:30 <SlickNik> denis_makogon was also asking about that. 18:38:37 <johnma> awesome. Thats great. Thanks SlickNik. appreciate it 18:38:43 <SlickNik> johnma: I will send you more details once I have them. 18:38:52 <johnma> sure, thank you. 18:38:53 <SlickNik> johnma: Not a problem, you're welcome! 18:39:00 <johnma> thats all I had for today 18:39:11 <SlickNik> Anything other items for open discussion? 18:39:47 <SlickNik> . 18:39:51 <SlickNik> #endmeeting