17:03:27 <johngarbutt> #startmeeting XenAPI
17:03:28 <openstack> Meeting started Wed Jan 23 17:03:27 2013 UTC.  The chair is johngarbutt. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:03:29 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:03:31 <openstack> The meeting name has been set to 'xenapi'
17:03:40 <johngarbutt> hello all
17:03:47 <nikhil> hi
17:03:47 <matelakat> hi
17:03:48 <ameade_> hey hey
17:04:03 <Mr_T> hola
17:04:16 <johngarbutt> #topic agenda
17:04:23 <johngarbutt> what do people want to cover?
17:04:29 <johngarbutt> there was the swift upload stuff
17:04:33 <johngarbutt> anything else?
17:05:01 <johngarbutt> ideas: blueprints, docs, QA, Bugs
17:05:24 <matelakat> I would like to have some xenapi lib code pulled to oslo.
17:05:36 <matelakat> But that's far away from being ready.
17:06:18 <johngarbutt> right, Cinder now contacts XenAPi
17:06:22 <johngarbutt> as does Nova
17:06:29 <johngarbutt> lets not get into more cut and paste
17:06:37 <johngarbutt> OK
17:06:41 <nikhil> :)
17:06:46 <johngarbutt> lets move on to swift
17:07:03 <johngarbutt> #topic swift client in dom0
17:07:38 <johngarbutt> let me find the link
17:07:47 <nikhil> should we ans any concerns?
17:08:03 <johngarbutt> #link https://review.openstack.org/#/c/17803/
17:08:19 <johngarbutt> so, what was the issue getting the swift CLI working in Dom0 again?
17:08:28 <BobBall> I haven't been following this properly - what's the current proposal? a python 2.4 compatible client in dom0?
17:08:34 <johngarbutt> nope
17:08:39 <johngarbutt> install python 2.6
17:08:45 <johngarbutt> then use a custom swift client
17:08:51 <johngarbutt> with some chunking code from glance
17:08:55 <johngarbutt> as plugins
17:08:56 <BobBall> good for the first bit! I was a little worried :D
17:08:59 <johngarbutt> I think that is right?
17:09:08 <ameade_> that's what is in the patch atm
17:09:29 * notmyname is lurking because you mentioned swift
17:09:30 <johngarbutt> so I just wondered, why don't we install all of the swift client, unmodified
17:10:04 <ameade_> so I thought maybe packaging swiftclient code into the rpm for dom0 would work
17:10:21 <ameade_> but turns out that it also has a dependency of keystoneclient
17:10:26 <ameade_> when using auth v2
17:10:39 <johngarbutt> OK
17:10:47 <ameade_> which has a few other dependencies
17:10:48 <johngarbutt> is keystone a problem?
17:10:58 <johngarbutt> hmm, true
17:11:26 <johngarbutt> I understand we want to minimize the changes to dom0
17:11:36 <nikhil> do we run yum on dom0, is that something advised?
17:11:38 <johngarbutt> but it seems better to use the standard swift client,
17:11:55 <matelakat> virtualenv?
17:12:03 <johngarbutt> good idea
17:12:24 <nikhil> please just quantify here, why would consider it better john?
17:12:24 <johngarbutt> the only issue is on non python stuff like lxml
17:12:30 <johngarbutt> sure
17:12:41 <johngarbutt> basically we have much less code to maintain
17:12:50 <nikhil> matelakat: how much memory do you think it will take additionally?
17:13:29 <matelakat> nikhil: I don't think a virtualenv would cause memory overhead.
17:13:44 <johngarbutt> so XCP/XenServer doesn't use python 2.6
17:14:01 <johngarbutt> so installing pure python 2.6 dependencies should be no issue right?
17:14:09 <johngarbutt> its the extra bits I fear
17:14:18 <johngarbutt> let me check out the pip requires for keystone client...
17:14:33 <nikhil> johngarbutt: pure python 26 screws up a yum and stuff on dom0
17:14:42 <johngarbutt> ouch, really?
17:14:50 <johngarbutt> what happens?
17:14:57 <nikhil> we could not run yum after installing py26
17:15:15 <johngarbutt> hmm, that sucs, I see your yum question before
17:15:26 <johngarbutt> what package did you use? the one from EPEL?
17:15:38 <nikhil> right
17:15:46 <matelakat> can we compile stuff within dom0?
17:15:50 <johngarbutt> I guess the key thing is not to change the default python to 2.6, leave that at 2.4
17:15:58 <nikhil> yes
17:16:00 <johngarbutt> presumably anyway
17:16:15 <matelakat> So can we compile a python26, and use it separately?
17:16:23 <johngarbutt> I didn't spot they when I tried it
17:16:39 <johngarbutt> I was thinking an extra rpm to switch the default back to python 2.4
17:16:42 <matelakat> without disturbing yum?
17:16:53 <BobBall> The epel packages just sit as new pythons - don't replace the 2.4 at all
17:17:03 <johngarbutt> that is what I remembered
17:17:14 <johngarbutt> maybe something deeper is breaking yum
17:17:31 <johngarbutt> OK, well that is a problem for any of the approaches here
17:17:34 <johngarbutt> doh
17:17:51 <johngarbutt> #action johngarbutt: ask about yum and python 2.6 packages
17:18:11 <nikhil> the minimal py26 works for the swiftclient
17:18:21 <ameade_> yeah, we just need to see if getting keystone client and things is more trouble than it's worth
17:18:33 <nikhil> spot on
17:18:39 <johngarbutt> right, again, better than writing our own keystone client though?
17:18:42 <johngarbutt> #link https://github.com/openstack/python-keystoneclient/blob/master/tools/pip-requires
17:19:06 <johngarbutt> looks quite small
17:19:08 <matelakat> The effort wouldn't be wasted, if anyone would try to run compute in dom0.
17:19:24 <nikhil> all the more, we were advised against having to install a package on dom0
17:19:33 <nikhil> its a big No No from the Ops
17:19:51 <johngarbutt> agreed, because of the risk of Citrix saying its not supported, and security risks I guess
17:20:06 <nikhil> right
17:20:16 <johngarbutt> virtual env could be the answer, and adding permissions and users etc
17:20:31 <johngarbutt> but it seems overkill
17:20:53 <nikhil> matelakat: don't think dom0 could handle running entire compute on it (from the current experience)
17:21:01 <ameade_> yeah seems like a possibility but really heavy handed
17:21:23 <matelakat> These keystoneclient deps does not seem to be too serious.
17:21:24 <nikhil> another dev had mentioned virtualenv
17:21:30 <johngarbutt> I think the security risk of bad code due to copy and paste would be bigger than most of the others
17:21:39 <matelakat> johngarbutt +1
17:21:46 <johngarbutt> but that is just my view, willing to be corrected!
17:21:54 <nikhil> but hw backed from that opinion as some of them were concerned about small memory on dom0
17:22:13 <nikhil> johngarbutt: think keystone is quite fragile
17:22:28 <nikhil> having keystone client would make it worse
17:22:35 <johngarbutt> the process is very short lived, so it should be OK, but testing is the only well to tell I guess
17:22:44 <nikhil> not sure if can expect security changes from swift anytime soon
17:22:55 <johngarbutt> you can increase dom0 memory, but obviously that reduces what is left for VMs
17:22:55 <nikhil> right you are
17:23:02 <nikhil> yes
17:23:13 <johngarbutt> its not just changes right, we have new code that might have its own issues
17:23:30 <nikhil> guess as a Citrix person you would suggest against increasing dom0 memory?
17:24:06 <johngarbutt> I know Citrix recommends it for XenDeskop customers, for certain density reasons. Newer versions actually have higher defaults
17:24:08 <johngarbutt> but not sure
17:24:12 <johngarbutt> for the general case
17:24:12 <BobBall> We're quite happy for dom0 memory to be increased now - in fact it's going to be the default in some scenarios.  The only downside is there is a reduction in some blk performances
17:24:53 <johngarbutt> BobBall: was that only over 2GB of RAM though? or something?
17:25:03 <johngarbutt> anyway
17:25:07 <johngarbutt> we got side tracked
17:25:24 <nikhil> well to have to increase the dom0 memory for 1000s of servers might just do some trick in the deployment, i would guess?
17:25:28 <nikhil> yes yes
17:25:34 <nikhil> swift client
17:26:30 <johngarbutt> can we try and see if that installs OK?
17:26:34 <johngarbutt> using pip is easiest
17:26:47 <johngarbutt> pip-2.6 or something like that I gues
17:27:05 <johngarbutt> if its really bad, then I guess we need to look at something else?
17:27:20 <ameade_> yeah i think this is something to look into
17:27:21 <johngarbutt> we should be able to run it and see how much memory that process uses
17:27:28 <ameade_> is there another option we aren't considering?
17:27:46 <ameade_> currently the glance plugin just does communication through httplib
17:27:51 <johngarbutt> so, there was some code from glance in there for chunking, could the swift client not do that for us now?
17:27:58 <johngarbutt> ah, I guess that answers my question!
17:28:17 <johngarbutt> I don't understand why glance does that? I guess someone will know
17:28:40 <nikhil> dom0 streams images to glance
17:28:54 <nikhil> so there is an open connection for doing that
17:29:00 <johngarbutt> yes, it just uses wget I think
17:29:19 <johngarbutt> I would have to check
17:29:54 <johngarbutt> I think we could look at using the official glance client if this other stuff goes well
17:30:21 <johngarbutt> if Dom0 had python 2.6 by default, I am guessing we would not even worry about this
17:30:42 <johngarbutt> sorry I see httplib
17:30:45 <johngarbutt> for the upload
17:31:00 <nikhil> yes, however at the same time we would like to avoid installing anything on dom0
17:31:26 <ameade_> are we out of time?
17:31:30 <matelakat> versioning would be another pain, I guess.
17:31:31 <johngarbutt> if the swift code could be as simple, I guess I would be OK with it. its the chunking stuff that seems working sharing
17:32:01 <ameade_> yeah it would have to be much simpler for me to feel comfortable too
17:32:02 <johngarbutt> ameade_: we have till 18:00 UTC as normal this week I think
17:32:10 <ameade_> kk
17:32:17 <johngarbutt> but we should wrap this up
17:32:19 <nikhil> yes, glance is flexible to handle that
17:32:34 <ameade_> off the top of my head i'm not sure how much simpler we can make that code
17:32:38 <johngarbutt> is there some vote function on here
17:32:43 <nikhil> what are the next steps we have considered then?
17:32:49 <johngarbutt> #vote
17:32:57 <nikhil> unless a decision has been made, seem unlikely
17:33:01 <ameade_> yeah i dont know how to do it
17:33:09 <ameade_> vote i mean
17:33:28 <johngarbutt> #startvote
17:33:29 <openstack> Unable to parse vote topic and options.
17:34:12 <johngarbutt> what we try to install swift client, and see how bad it is first
17:34:20 <johngarbutt> please +1 or -1 that
17:34:28 <nikhil> +1
17:34:29 <ameade_> yeah i feel like we should look deeper into both options
17:34:35 <ameade_> starting with installing
17:34:40 <matelakat> +1
17:34:42 <ameade_> so +1
17:34:50 <BobBall> +1
17:34:52 <ameade_> +1
17:34:53 <johngarbutt> +1
17:35:04 <johngarbutt> OK
17:35:06 <nikhil> :-)
17:35:19 <johngarbutt> #agreed try install swiftclient (and keystone client) into dom0
17:35:40 <johngarbutt> I think that is best
17:35:46 <johngarbutt> we can then see how bad stuff is
17:35:48 <nikhil> agree
17:35:53 <johngarbutt> cool
17:36:15 <johngarbutt> any other concerns with this stuff? it looks good to me really
17:36:35 <nikhil> well another collegue just pointed out
17:37:03 <nikhil> the httplib connection seems insecure, although not in consideration just wanted to put it on the table
17:37:21 <nikhil> insecure for dom0
17:37:52 <johngarbutt> for glance or swift or both?
17:37:57 <nikhil> anyways, guessing we have our TODOs, do we meet again next Wed?
17:38:07 <johngarbutt> yes, lets meet every wednesday
17:38:08 <nikhil> in general
17:38:16 <johngarbutt> you would like https?
17:38:23 <nikhil> however glance is supposed to be an internal deployment and hidden behind nova
17:38:34 <johngarbutt> I assumed that was internal network
17:38:37 <johngarbutt> at the moment
17:38:40 <nikhil> https would be too slow if you want to upload 30G image
17:38:42 <johngarbutt> glance can be external
17:38:55 <nikhil> you'r right
17:39:04 <nikhil> but that usecase for security hasn't come yet
17:39:05 <johngarbutt> I guess its defence in depth
17:39:11 <nikhil> right
17:39:17 <johngarbutt> the checksums are probably worth checking
17:39:23 <johngarbutt> to make sure it didn't get tampered with
17:39:25 <nikhil> I would just like to rewrite a lot of stuff
17:39:35 <johngarbutt> I can understand that!
17:39:38 <ameade_> story of my life
17:39:39 <nikhil> those are checked in glance and swift
17:39:47 <nikhil> checksums
17:39:52 <johngarbutt> I like the boy scout rule
17:40:06 <johngarbutt> make sure stuff is better after every checkin
17:40:08 <johngarbutt> :-)
17:40:12 <johngarbutt> anyway
17:40:13 <ameade_> me too but people dont like random improvments in merge props
17:40:14 <ameade_> lol
17:40:16 <johngarbutt> I guess we are finished
17:40:24 <ameade_> thanks
17:40:26 <nikhil> thanks!
17:40:26 <johngarbutt> #topic aob
17:40:37 <johngarbutt> anything else?
17:40:48 <notmyname> ameade_: feel free to submit "random improvements" into python-swiftclient :-)
17:40:59 <johngarbutt> ameade_: yes, but you can impove stuff in separate checkins
17:41:03 <johngarbutt> +1
17:41:29 <ameade_> definitely, just find me some time!
17:41:46 <johngarbutt> OK, some extra love for the OVS reviews seems worth bringing up again, I guess
17:41:55 <johngarbutt> but looks like that is getting closer now
17:41:59 <johngarbutt> see you all next week
17:42:02 <johngarbutt> thanks for your time
17:42:06 <johngarbutt> I hope it helped!
17:42:09 <johngarbutt> #endmeeting