17:03:27 <johngarbutt> #startmeeting XenAPI 17:03:28 <openstack> Meeting started Wed Jan 23 17:03:27 2013 UTC. The chair is johngarbutt. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:03:29 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:03:31 <openstack> The meeting name has been set to 'xenapi' 17:03:40 <johngarbutt> hello all 17:03:47 <nikhil> hi 17:03:47 <matelakat> hi 17:03:48 <ameade_> hey hey 17:04:03 <Mr_T> hola 17:04:16 <johngarbutt> #topic agenda 17:04:23 <johngarbutt> what do people want to cover? 17:04:29 <johngarbutt> there was the swift upload stuff 17:04:33 <johngarbutt> anything else? 17:05:01 <johngarbutt> ideas: blueprints, docs, QA, Bugs 17:05:24 <matelakat> I would like to have some xenapi lib code pulled to oslo. 17:05:36 <matelakat> But that's far away from being ready. 17:06:18 <johngarbutt> right, Cinder now contacts XenAPi 17:06:22 <johngarbutt> as does Nova 17:06:29 <johngarbutt> lets not get into more cut and paste 17:06:37 <johngarbutt> OK 17:06:41 <nikhil> :) 17:06:46 <johngarbutt> lets move on to swift 17:07:03 <johngarbutt> #topic swift client in dom0 17:07:38 <johngarbutt> let me find the link 17:07:47 <nikhil> should we ans any concerns? 17:08:03 <johngarbutt> #link https://review.openstack.org/#/c/17803/ 17:08:19 <johngarbutt> so, what was the issue getting the swift CLI working in Dom0 again? 17:08:28 <BobBall> I haven't been following this properly - what's the current proposal? a python 2.4 compatible client in dom0? 17:08:34 <johngarbutt> nope 17:08:39 <johngarbutt> install python 2.6 17:08:45 <johngarbutt> then use a custom swift client 17:08:51 <johngarbutt> with some chunking code from glance 17:08:55 <johngarbutt> as plugins 17:08:56 <BobBall> good for the first bit! I was a little worried :D 17:08:59 <johngarbutt> I think that is right? 17:09:08 <ameade_> that's what is in the patch atm 17:09:29 * notmyname is lurking because you mentioned swift 17:09:30 <johngarbutt> so I just wondered, why don't we install all of the swift client, unmodified 17:10:04 <ameade_> so I thought maybe packaging swiftclient code into the rpm for dom0 would work 17:10:21 <ameade_> but turns out that it also has a dependency of keystoneclient 17:10:26 <ameade_> when using auth v2 17:10:39 <johngarbutt> OK 17:10:47 <ameade_> which has a few other dependencies 17:10:48 <johngarbutt> is keystone a problem? 17:10:58 <johngarbutt> hmm, true 17:11:26 <johngarbutt> I understand we want to minimize the changes to dom0 17:11:36 <nikhil> do we run yum on dom0, is that something advised? 17:11:38 <johngarbutt> but it seems better to use the standard swift client, 17:11:55 <matelakat> virtualenv? 17:12:03 <johngarbutt> good idea 17:12:24 <nikhil> please just quantify here, why would consider it better john? 17:12:24 <johngarbutt> the only issue is on non python stuff like lxml 17:12:30 <johngarbutt> sure 17:12:41 <johngarbutt> basically we have much less code to maintain 17:12:50 <nikhil> matelakat: how much memory do you think it will take additionally? 17:13:29 <matelakat> nikhil: I don't think a virtualenv would cause memory overhead. 17:13:44 <johngarbutt> so XCP/XenServer doesn't use python 2.6 17:14:01 <johngarbutt> so installing pure python 2.6 dependencies should be no issue right? 17:14:09 <johngarbutt> its the extra bits I fear 17:14:18 <johngarbutt> let me check out the pip requires for keystone client... 17:14:33 <nikhil> johngarbutt: pure python 26 screws up a yum and stuff on dom0 17:14:42 <johngarbutt> ouch, really? 17:14:50 <johngarbutt> what happens? 17:14:57 <nikhil> we could not run yum after installing py26 17:15:15 <johngarbutt> hmm, that sucs, I see your yum question before 17:15:26 <johngarbutt> what package did you use? the one from EPEL? 17:15:38 <nikhil> right 17:15:46 <matelakat> can we compile stuff within dom0? 17:15:50 <johngarbutt> I guess the key thing is not to change the default python to 2.6, leave that at 2.4 17:15:58 <nikhil> yes 17:16:00 <johngarbutt> presumably anyway 17:16:15 <matelakat> So can we compile a python26, and use it separately? 17:16:23 <johngarbutt> I didn't spot they when I tried it 17:16:39 <johngarbutt> I was thinking an extra rpm to switch the default back to python 2.4 17:16:42 <matelakat> without disturbing yum? 17:16:53 <BobBall> The epel packages just sit as new pythons - don't replace the 2.4 at all 17:17:03 <johngarbutt> that is what I remembered 17:17:14 <johngarbutt> maybe something deeper is breaking yum 17:17:31 <johngarbutt> OK, well that is a problem for any of the approaches here 17:17:34 <johngarbutt> doh 17:17:51 <johngarbutt> #action johngarbutt: ask about yum and python 2.6 packages 17:18:11 <nikhil> the minimal py26 works for the swiftclient 17:18:21 <ameade_> yeah, we just need to see if getting keystone client and things is more trouble than it's worth 17:18:33 <nikhil> spot on 17:18:39 <johngarbutt> right, again, better than writing our own keystone client though? 17:18:42 <johngarbutt> #link https://github.com/openstack/python-keystoneclient/blob/master/tools/pip-requires 17:19:06 <johngarbutt> looks quite small 17:19:08 <matelakat> The effort wouldn't be wasted, if anyone would try to run compute in dom0. 17:19:24 <nikhil> all the more, we were advised against having to install a package on dom0 17:19:33 <nikhil> its a big No No from the Ops 17:19:51 <johngarbutt> agreed, because of the risk of Citrix saying its not supported, and security risks I guess 17:20:06 <nikhil> right 17:20:16 <johngarbutt> virtual env could be the answer, and adding permissions and users etc 17:20:31 <johngarbutt> but it seems overkill 17:20:53 <nikhil> matelakat: don't think dom0 could handle running entire compute on it (from the current experience) 17:21:01 <ameade_> yeah seems like a possibility but really heavy handed 17:21:23 <matelakat> These keystoneclient deps does not seem to be too serious. 17:21:24 <nikhil> another dev had mentioned virtualenv 17:21:30 <johngarbutt> I think the security risk of bad code due to copy and paste would be bigger than most of the others 17:21:39 <matelakat> johngarbutt +1 17:21:46 <johngarbutt> but that is just my view, willing to be corrected! 17:21:54 <nikhil> but hw backed from that opinion as some of them were concerned about small memory on dom0 17:22:13 <nikhil> johngarbutt: think keystone is quite fragile 17:22:28 <nikhil> having keystone client would make it worse 17:22:35 <johngarbutt> the process is very short lived, so it should be OK, but testing is the only well to tell I guess 17:22:44 <nikhil> not sure if can expect security changes from swift anytime soon 17:22:55 <johngarbutt> you can increase dom0 memory, but obviously that reduces what is left for VMs 17:22:55 <nikhil> right you are 17:23:02 <nikhil> yes 17:23:13 <johngarbutt> its not just changes right, we have new code that might have its own issues 17:23:30 <nikhil> guess as a Citrix person you would suggest against increasing dom0 memory? 17:24:06 <johngarbutt> I know Citrix recommends it for XenDeskop customers, for certain density reasons. Newer versions actually have higher defaults 17:24:08 <johngarbutt> but not sure 17:24:12 <johngarbutt> for the general case 17:24:12 <BobBall> We're quite happy for dom0 memory to be increased now - in fact it's going to be the default in some scenarios. The only downside is there is a reduction in some blk performances 17:24:53 <johngarbutt> BobBall: was that only over 2GB of RAM though? or something? 17:25:03 <johngarbutt> anyway 17:25:07 <johngarbutt> we got side tracked 17:25:24 <nikhil> well to have to increase the dom0 memory for 1000s of servers might just do some trick in the deployment, i would guess? 17:25:28 <nikhil> yes yes 17:25:34 <nikhil> swift client 17:26:30 <johngarbutt> can we try and see if that installs OK? 17:26:34 <johngarbutt> using pip is easiest 17:26:47 <johngarbutt> pip-2.6 or something like that I gues 17:27:05 <johngarbutt> if its really bad, then I guess we need to look at something else? 17:27:20 <ameade_> yeah i think this is something to look into 17:27:21 <johngarbutt> we should be able to run it and see how much memory that process uses 17:27:28 <ameade_> is there another option we aren't considering? 17:27:46 <ameade_> currently the glance plugin just does communication through httplib 17:27:51 <johngarbutt> so, there was some code from glance in there for chunking, could the swift client not do that for us now? 17:27:58 <johngarbutt> ah, I guess that answers my question! 17:28:17 <johngarbutt> I don't understand why glance does that? I guess someone will know 17:28:40 <nikhil> dom0 streams images to glance 17:28:54 <nikhil> so there is an open connection for doing that 17:29:00 <johngarbutt> yes, it just uses wget I think 17:29:19 <johngarbutt> I would have to check 17:29:54 <johngarbutt> I think we could look at using the official glance client if this other stuff goes well 17:30:21 <johngarbutt> if Dom0 had python 2.6 by default, I am guessing we would not even worry about this 17:30:42 <johngarbutt> sorry I see httplib 17:30:45 <johngarbutt> for the upload 17:31:00 <nikhil> yes, however at the same time we would like to avoid installing anything on dom0 17:31:26 <ameade_> are we out of time? 17:31:30 <matelakat> versioning would be another pain, I guess. 17:31:31 <johngarbutt> if the swift code could be as simple, I guess I would be OK with it. its the chunking stuff that seems working sharing 17:32:01 <ameade_> yeah it would have to be much simpler for me to feel comfortable too 17:32:02 <johngarbutt> ameade_: we have till 18:00 UTC as normal this week I think 17:32:10 <ameade_> kk 17:32:17 <johngarbutt> but we should wrap this up 17:32:19 <nikhil> yes, glance is flexible to handle that 17:32:34 <ameade_> off the top of my head i'm not sure how much simpler we can make that code 17:32:38 <johngarbutt> is there some vote function on here 17:32:43 <nikhil> what are the next steps we have considered then? 17:32:49 <johngarbutt> #vote 17:32:57 <nikhil> unless a decision has been made, seem unlikely 17:33:01 <ameade_> yeah i dont know how to do it 17:33:09 <ameade_> vote i mean 17:33:28 <johngarbutt> #startvote 17:33:29 <openstack> Unable to parse vote topic and options. 17:34:12 <johngarbutt> what we try to install swift client, and see how bad it is first 17:34:20 <johngarbutt> please +1 or -1 that 17:34:28 <nikhil> +1 17:34:29 <ameade_> yeah i feel like we should look deeper into both options 17:34:35 <ameade_> starting with installing 17:34:40 <matelakat> +1 17:34:42 <ameade_> so +1 17:34:50 <BobBall> +1 17:34:52 <ameade_> +1 17:34:53 <johngarbutt> +1 17:35:04 <johngarbutt> OK 17:35:06 <nikhil> :-) 17:35:19 <johngarbutt> #agreed try install swiftclient (and keystone client) into dom0 17:35:40 <johngarbutt> I think that is best 17:35:46 <johngarbutt> we can then see how bad stuff is 17:35:48 <nikhil> agree 17:35:53 <johngarbutt> cool 17:36:15 <johngarbutt> any other concerns with this stuff? it looks good to me really 17:36:35 <nikhil> well another collegue just pointed out 17:37:03 <nikhil> the httplib connection seems insecure, although not in consideration just wanted to put it on the table 17:37:21 <nikhil> insecure for dom0 17:37:52 <johngarbutt> for glance or swift or both? 17:37:57 <nikhil> anyways, guessing we have our TODOs, do we meet again next Wed? 17:38:07 <johngarbutt> yes, lets meet every wednesday 17:38:08 <nikhil> in general 17:38:16 <johngarbutt> you would like https? 17:38:23 <nikhil> however glance is supposed to be an internal deployment and hidden behind nova 17:38:34 <johngarbutt> I assumed that was internal network 17:38:37 <johngarbutt> at the moment 17:38:40 <nikhil> https would be too slow if you want to upload 30G image 17:38:42 <johngarbutt> glance can be external 17:38:55 <nikhil> you'r right 17:39:04 <nikhil> but that usecase for security hasn't come yet 17:39:05 <johngarbutt> I guess its defence in depth 17:39:11 <nikhil> right 17:39:17 <johngarbutt> the checksums are probably worth checking 17:39:23 <johngarbutt> to make sure it didn't get tampered with 17:39:25 <nikhil> I would just like to rewrite a lot of stuff 17:39:35 <johngarbutt> I can understand that! 17:39:38 <ameade_> story of my life 17:39:39 <nikhil> those are checked in glance and swift 17:39:47 <nikhil> checksums 17:39:52 <johngarbutt> I like the boy scout rule 17:40:06 <johngarbutt> make sure stuff is better after every checkin 17:40:08 <johngarbutt> :-) 17:40:12 <johngarbutt> anyway 17:40:13 <ameade_> me too but people dont like random improvments in merge props 17:40:14 <ameade_> lol 17:40:16 <johngarbutt> I guess we are finished 17:40:24 <ameade_> thanks 17:40:26 <nikhil> thanks! 17:40:26 <johngarbutt> #topic aob 17:40:37 <johngarbutt> anything else? 17:40:48 <notmyname> ameade_: feel free to submit "random improvements" into python-swiftclient :-) 17:40:59 <johngarbutt> ameade_: yes, but you can impove stuff in separate checkins 17:41:03 <johngarbutt> +1 17:41:29 <ameade_> definitely, just find me some time! 17:41:46 <johngarbutt> OK, some extra love for the OVS reviews seems worth bringing up again, I guess 17:41:55 <johngarbutt> but looks like that is getting closer now 17:41:59 <johngarbutt> see you all next week 17:42:02 <johngarbutt> thanks for your time 17:42:06 <johngarbutt> I hope it helped! 17:42:09 <johngarbutt> #endmeeting