03:00:08 <hongbin> #startmeeting zun 03:00:09 <openstack> Meeting started Tue Aug 16 03:00:08 2016 UTC and is due to finish in 60 minutes. The chair is hongbin. Information about MeetBot at http://wiki.debian.org/MeetBot. 03:00:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 03:00:12 <openstack> The meeting name has been set to 'zun' 03:00:13 <hongbin> #link https://wiki.openstack.org/wiki/Zun#Agenda_for_2016-08-16_0300_UTC Today's agenda 03:00:16 <sudipto> o/ 03:00:18 <hongbin> #topic Roll Call 03:00:30 <yuanying> OTSUKA, Motohiro 03:00:31 <Wenzhi> Wenzhi 03:01:16 <hongbin> Thanks for joining the meeting sudipto yuanying Wenzhi 03:01:27 <hongbin> Pause a few more seconds for potential attendees 03:02:20 <hongbin> I know Madhuri is not able to join today 03:03:17 <hongbin> OK. Let's start 03:03:22 <hongbin> #topic Announcements 03:03:28 <hongbin> 1. I am proposing Sudipta Biswas and Wenzhi Yu to join the core team. Your feedback on the ML are welcome :). 03:03:34 <hongbin> #link http://lists.openstack.org/pipermail/openstack-dev/2016-August/101344.html 03:03:46 <hongbin> #topic Review Action Items 03:03:50 <eliqiao> hi 03:03:52 <hongbin> 1. hongbin created a BP for multi-tenancy support (DONE) 03:03:55 <hongbin> eliqiao: hey 03:04:01 <hongbin> #link https://blueprints.launchpad.net/zun/+spec/support-multi-tenancy 03:04:15 <hongbin> Thanks Wenzhi for volunteering to take this BP 03:04:19 <Wenzhi> I'll work on that 03:04:21 <yanyanhu> hi, sorry just finished another meeting 03:04:30 <Wenzhi> np :) 03:04:48 <hongbin> yanyanhu: NP. Glad that you are here :) 03:05:28 <eliqiao> does multi-tenancy support mean that we can allow mulitple container running on same host? 03:05:37 <hongbin> Wenzhi: For the multi-tenancy BP, what I normally do is to ask the owner to report status every week at the meeting 03:05:44 <hongbin> Wenzhi: Do you mind to do that? 03:05:48 <Wenzhi> sure thing 03:05:54 <hongbin> Wenzhi: thx :) 03:05:56 <Wenzhi> np 03:06:09 <hongbin> eliqiao: NO, that is different thing 03:06:25 <hongbin> eliqiao: multi-tenancy support simply means hide containers from other tenants 03:06:37 <hongbin> eliqiao: For example, in Nova, you cannot list VMs from other tenants 03:06:44 <eliqiao> okay, seems same as magnum/nova implementation. 03:06:51 <hongbin> yes 03:07:05 <eliqiao> we need to consider more since we are containers not VMs 03:07:20 <hongbin> That is correct 03:07:21 <eliqiao> for the containers' isolation issue etc. 03:07:35 <hongbin> Yes, isolation is another thing we need to solve 03:07:35 <sudipto> from multi-tenancy per say - we would probably want to define quotas too? 03:07:54 <hongbin> sudipto: Yes, possibly 03:08:14 <hongbin> sudipto: Like how many containers a tenant can create ? 03:08:21 <sudipto> hongbin, yeah 03:08:24 <hongbin> sudipto: that would be a cool feature 03:08:42 <hongbin> definitely, it can be implemented 03:08:48 <sudipto> and then i was thinking, if we want to do a COE implementation - we probably have to have that same quota imposed in a different way for a cluster. 03:09:27 <hongbin> same quota imposed across different COEs? 03:09:46 <sudipto> cluster = sum(containers) . so that could mean two impositions, one on the level of clusters - how many clusters can a user provision + how many containers can be within in. 03:10:07 <sudipto> but both can be independent of each other. 03:10:25 <hongbin> interesting idea 03:11:18 <Wenzhi> how about different quota for clusters and containers 03:11:29 <sudipto> and then depends on what level of exposure we have - w.r.t IPs - if we want to have quota imposed at the level of services (like k8s) - then it's a different thing vs having it on crude containers. 03:11:52 <sudipto> so yeah - i guess it deserves a ether pad discussion too IMHO. 03:12:10 <Wenzhi> I'll create that etherpad 03:12:31 <hongbin> Cool. Anything else regarding to the multi-tenancy topic? 03:12:55 <sudipto> are we aiming at segregate the COE implementation completely from the native docker APIs? 03:13:06 <Qiming> -1 to inventing a zun-specific quota management ifra 03:13:20 <sudipto> as in it's an either and or? 03:13:29 <Wenzhi> https://etherpad.openstack.org/p/zun-multi-tenancy 03:14:00 <hongbin> sudipto: My understanding is we are doing the container api now 03:14:04 <sudipto> Qiming, ideally the quota management should be at the level of keystone, however all the projects seems to have implemented their own ways of doing it right? 03:14:24 <Qiming> sudipto, check this: https://review.openstack.org/#/c/284454/ 03:15:01 <sudipto> Qiming, sigh. I was involved in this effort :) 03:15:11 <sudipto> sadly i don't think it's going to fly. 03:15:37 <Qiming> it is not specific to any individual project ... if openstack doesn't provide quota management, fine, it is a cross-project thing, if there is one, it should be a cross-project solution 03:16:04 <sudipto> agreed. 03:16:09 <sudipto> however, there's none at the m moment. 03:16:13 <Qiming> right, cross-project thing is never easy ... sigh 03:16:20 <sudipto> and delimiter is not going anywhere either. 03:16:35 <sudipto> delimiter ideally should have been done as a keystone API. 03:16:46 <sudipto> However, if you want the latest status, i can get back in the next meeting with the same. 03:17:05 <Qiming> great, don't want to hijack the meeting, :) 03:17:15 <sudipto> Qiming, :) sure. 03:17:18 <eliqiao> Seems we can have a new service to deal with quota for all OpenStack service :) 03:17:25 <Wenzhi> hha 03:17:31 <Qiming> eliqiao, +100 03:17:53 <hongbin> OK. Let's advance topic 03:18:01 <hongbin> #topic Runtimes API design (mkrai) 03:18:12 <hongbin> Madhuri is not able to attend today 03:18:22 <hongbin> However, her patches were landed 03:18:35 <hongbin> The basic runtime API was implemented 03:18:56 <hongbin> For everyone, you could try the runtime API now and feedback are welcome 03:19:21 <hongbin> Just pull the lastest server and client project 03:19:34 <sudipto> yeah, i have been trying to use it - however i was busy doing customer travels the last entire week. I am trying to build this thing in a docker container and see how it behaves. 03:20:02 <hongbin> sudipto: great 03:20:13 <hongbin> Ideally, there is a devstack support to set everyone up 03:20:15 <eliqiao> I tried yesterday, work well to create a new container 03:20:18 <hongbin> That might come later 03:20:29 <eliqiao> filed a bug for container naming stuff. 03:20:34 <hongbin> s/everything/everyone/ 03:20:38 <sudipto> eliqiao, great. 03:20:47 <eliqiao> and seems need to improve exception handling later, but we can do it evently. 03:21:27 <hongbin> OK. any other comments for this topic? 03:21:45 <hongbin> #topic Nova integration (Namrata) 03:21:48 <eliqiao> sudipto: FYI, need to run zun-compute as root or docker user because zun-compute uses unix socket to talk with docker daemon 03:21:53 <hongbin> #link https://blueprints.launchpad.net/zun/+spec/nova-integration The BP 03:21:57 <hongbin> #link https://etherpad.openstack.org/p/zun-containers-nova-integration The etherpad 03:22:27 <sudipto> eliqiao, alright, thanks! 03:22:47 <hongbin> It looks Mamrata is not here 03:23:01 <hongbin> However, I saw a spec was uploaded 03:23:19 <hongbin> #link https://review.openstack.org/#/c/354553/ 03:24:29 <hongbin> I looked thought the spec. It looks more details need to be filled at the implementation session 03:25:00 <hongbin> Let's work with Namrata offline in this regards 03:25:14 <hongbin> #topic Container image store 03:25:20 <hongbin> #link https://blueprints.launchpad.net/zun/+spec/glance-integration 03:25:55 <hongbin> This is the BP about a docker image store solution 03:26:34 <hongbin> So far, there is not too much information there 03:26:50 <hongbin> The general idea is to use Glance as contaienr image store 03:27:13 <eliqiao> can flwang provide some advanced information from glance? 03:27:20 <hongbin> The difficulty is that Glance don't support layer of images so far 03:27:51 <hongbin> I and flwang talked to the Glance PTL before 03:28:10 <hongbin> It seems it will take a while to land the image layer support in Glance 03:28:34 <eliqiao> do we need to hard depend on glance? 03:28:51 <hongbin> eliqiao: there are alternatives though 03:29:09 <hongbin> eliqiao: which is using docker registry 03:29:29 <hongbin> eliqiao: The dackback is the multi-tenancy support is week at docker registry 03:30:15 <hongbin> A third soluation is to implement a private docker registry API as a service 03:30:47 <hongbin> Maybe we could brainstorm all the ideas in an etherpad 03:31:16 <eliqiao> +1 03:31:16 <hongbin> #action hongbin creates an etherpad to brainstorm ideas for container image store solution 03:31:29 <sudipto> +1 03:31:45 <hongbin> Any other comments / remarks ? 03:32:20 <hongbin> OK. Then, let's start the open discussion 03:32:25 <hongbin> #topic Open Discussion 03:33:17 <hongbin> sudipto: what do you think about the image store solution? 03:34:13 <sudipto> hongbin, i would think that - we should not invest too much time in dependency resolution for other projects - which in this case is glance. It's easier to go with a private docker registry for starts and build the support around it. 03:34:45 <hongbin> sudipto: I see 03:35:06 <sudipto> because, building this support in glance is a different beast all together. It would also depend on that project's maintainership headache - how comfortable they are with this etc. 03:35:23 <sudipto> and that would slow down our goals. 03:35:31 <hongbin> That is true 03:35:56 <hongbin> If it is not done in Glance, it seems we need to implement one? 03:36:13 <hongbin> and skip Glance? 03:36:24 <Wenzhi> we can build our own first 03:36:51 <sudipto> i believe you had a talk with Nikhil? 03:36:58 <hongbin> Yes, I had 03:37:06 * nikhil lurks 03:37:13 <hongbin> nikhil: hey 03:37:18 <nikhil> o/ 03:37:18 <sudipto> nikhil, glad to see you? 03:37:24 <sudipto> s/?/! 03:37:28 <nikhil> ha :) 03:37:35 <nikhil> right back at'ya 03:37:46 <sudipto> nikhil, your valuable inputs would help us here :) 03:38:08 <nikhil> you guys planning this for newton? 03:38:11 <nikhil> or ocata? 03:38:23 <hongbin> nikhil: there is no specific deadline 03:38:46 <nikhil> hongbin: I would definitely love to see the requirements list for you guys 03:39:22 <nikhil> hongbin: I am not sure atm to advice either way. The depenency mgmt is something that can be handled by glare 03:39:24 <hongbin> nikhil: you want we list hte requirements here or send it in the ML? 03:39:34 <nikhil> hongbin: a spec would be nice 03:39:45 <hongbin> nikhil: ack 03:39:53 <nikhil> (or a BP if you use that) 03:40:06 <hongbin> sure 03:40:38 <hongbin> nikhil: Thanks for the guidance :) 03:40:42 <sudipto> so nikhil, you basically want us to list down - what we need from the image management project right? 03:40:51 <sudipto> (just to be sure) 03:41:11 <nikhil> hongbin: tbh, I wouldn't recommend a separate solution currently .. because there are many cases where it will become difficult. But best to discuss the details of "whys" and "whats" 03:41:16 <nikhil> sudipto: yeah 03:41:41 <sudipto> ok i should re-visit the task - i was supposed to do with you - around 2 months back :) 03:41:49 <nikhil> ++ 03:41:54 <hongbin> nikhil: get that 03:42:04 <nikhil> we can start with an etherpad and then go to spec if that's what you guys prefer 03:42:35 <hongbin> sure 03:43:49 <hongbin> OK. Looks like nobody else has other topics to discuss? 03:44:09 <hongbin> Then, we can end the meeting earlier 03:44:29 <hongbin> All, thanks for joining the meeting today 03:44:32 <hongbin> #endmeeting