Thursday, 2016-11-17

« Wednesday, 2016-11-16 Index Friday, 2016-11-18 »
*** rainya has quit IRC00:27
*** david-lyle_ is now known as david-lyle00:35
*** mdorman has quit IRC00:57
*** mdorman has joined #craton00:59
*** Dusty has joined #craton01:23
*** Dusty has quit IRC03:04
*** rainya has joined #craton03:50
*** rainya has quit IRC04:25
*** rainya has joined #craton04:32
*** rainya has quit IRC04:41
*** tojuvone has joined #craton04:42
*** tojuvone_ has joined #craton04:42
*** valw has joined #craton05:00
*** valw has quit IRC06:52
*** jovon has quit IRC06:57
*** mhayden has quit IRC13:24
*** mhayden has joined #craton13:37
*** Dusty has joined #craton13:38
*** Mudpuppy has joined #craton14:21
*** Dusty has quit IRC14:35
*** valw has joined #craton14:46
*** valw has quit IRC14:48
*** valw has joined #craton14:49
*** syed__ has joined #craton14:50
*** Dusty has joined #craton14:51
*** Dusty has quit IRC14:57
*** Dusty has joined #craton15:01
*** Dusty has quit IRC15:01
*** Dusty has joined #craton15:36
*** valw has quit IRC15:53
*** valw has joined #craton15:57
*** valw has quit IRC16:00
*** valw has joined #craton16:05
*** Dusty has quit IRC16:05
*** Dusty has joined #craton16:09
*** jovon has joined #craton16:10
*** valw has quit IRC16:44
*** valw has joined #craton16:47
*** valw has quit IRC16:47
*** rainya has joined #craton16:50
jimbakergit-harry, jovon, sulo, syed__, and others interested - meeting on craton core in 2 min16:57
palendaejimbaker: RPC meeting going on16:58
*** valw has joined #craton17:00
syed__Joining17:03
syed__Having some connection issues, restarting laptop jimbaker17:03
*** valw has quit IRC17:04
syed__jimbaker: that vidyo has already a conference going for some other team17:11
syed__Do you have the link jimbaker17:11
*** rainya has quit IRC17:14
*** rainya has joined #craton17:17
*** valw has joined #craton17:28
*** valw has quit IRC17:32
sigmavirusjimbaker: you're flapping17:41
*** valw has joined #craton17:42
*** valw has quit IRC17:43
Mudpuppyhttp://womenof1920s.wikispaces.com/file/view/flappers.gif/202602686/flappers.gif17:46
*** valw has joined #craton17:48
sigmavirusMudpuppy: that's what usually jumps in my head too17:49
sigmavirussyed__: stick around for tox trouble-shooting?18:03
*** Mudpuppy_ has joined #craton18:03
*** valw_ has joined #craton18:03
*** Mudpuppy has quit IRC18:05
*** valw has quit IRC18:06
sigmavirussyed__: hop back onto vidyo?18:06
syed__sigmavirus: brb18:09
*** rainya has quit IRC18:16
syed__sigmavirus: you around18:22
syed__should i come to the same vidyo18:22
sigmavirusYes and yes18:22
*** rainya has joined #craton18:25
syed__An error occurred while trying to log in (28).18:26
syed__sigmavirus: its not connecting18:26
sigmavirusthat's weird18:26
*** rainya has quit IRC18:29
*** rainya has joined #craton18:32
*** valw_ has quit IRC18:54
*** Mudpuppy_ has quit IRC18:54
*** Mudpuppy has joined #craton18:55
*** Mudpuppy has quit IRC18:59
*** valw has joined #craton19:01
*** Mudpuppy has joined #craton19:01
*** valw has quit IRC19:05
*** Mudpuppy has quit IRC19:05
*** valw has joined #craton19:14
*** Mudpuppy has joined #craton19:15
*** Mudpuppy has quit IRC19:19
*** valw has quit IRC19:19
*** Mudpuppy has joined #craton19:30
*** Mudpuppy has quit IRC19:32
*** Mudpuppy has joined #craton19:32
sulowhats the best way to fake a sqlalchemy response object ? Is there anything that does that already.19:36
suloI basically want to construct the same object thats equivalent to the response from say query.one()19:36
suloanyone know before i go searching on the interwebs19:37
palendaeNot familiar enough to know if it provides fake/doubles in tree, sorry19:52
*** valw has joined #craton20:01
jimbakersulo, in the simplest case, isn't this just a python object? how much fakery do you need here? example: if you are testing notifications, i think we need full sqlalchemy20:07
sigmavirussulo: mock.create_autospec(model)?20:08
sulojimbaker: yes, in general its just a object, which is how we do our unit test ..fakes are all just some object20:08
sigmavirushttps://docs.python.org/3/library/unittest.mock.html#unittest.mock.create_autospec20:08
suloiam looking for pure sqlalchemy impl20:08
sulosigmavirus: looking20:09
sigmavirusah20:09
sigmaviruscreate_autospec will make it behave as much like the model as mock can determine20:09
sigmaviruswhich can be a bit limited at times20:09
jimbakersulo, sqlite seems to make sense then for such things20:09
jimbakeras we already do in our testing of course20:09
sigmavirusjimbaker: that's not really unit testing though and then you're constrained by the limitations of sqlite20:10
jimbakersigmavirus, i'm aware it's a slippery slope :)20:11
sigmavirusjimbaker: I think we also need to talk about the scope of RBAC in Craton20:23
sigmavirusBecause everything I heard today exists in Keystone already20:23
sigmavirusI have to wonder if we're not better off trying to rely on LDAP for this stuff because it's not easy or fun to do20:24
sigmavirusAlso implementing anything even remotely robust might take us quite a bit of time20:26
jimbakersigmavirus, agreed with keystone has an important integration point for craton rbac; i'm not aware of keystone providing sufficient support for this purpose20:27
jimbakeron its own20:27
jimbakeri could be mistaken20:27
jimbakerand it would be awesome if we could just push this functionality into a project that has already done all of the hard work20:28
sigmavirusjimbaker: so keystone has implemented hierarchical rbac via domains, projects, and roles20:29
sigmavirusthe keystonemiddleware request object throws all of this into the request context20:29
jimbakersigmavirus, exactly20:30
sigmaviruswe can expose it to oslo.policy, have specific roles for different actions (host_create, etc.)20:30
sigmavirusand allow users to use what they're already familiar with20:30
sigmavirusBut as I understand it, relying on Keystone for this would probably not work well20:30
jimbakerso all good. but this would only only get to the detail of a project, with corresponding roles; i believe we have been looking at finer grained control20:31
jimbakerso the answer seems to "both"20:32
jimbakerto be "both"20:32
sigmavirusjimbaker: yeah, if you could write up what exactly we're looking for, that would be helpful20:32
jimbakersigmavirus, very much agreed20:33
sigmaviruspeople are doing some rather fine-grained control of things with Keystone (like having project-scoped admins, etc.)20:33
jimbakersigmavirus, my expectation is that we can join together keystone roles, with the specific scope; with any level of grain we want inside a project20:34
jimbakerso we can do rbac at the level of a cell for example20:34
jimbakermaybe overkill?20:34
jimbakeror for configuring workflows, and specific config variables; vs running them20:35
sigmavirusso you want, say, a cell to have its own set of roles?20:35
jimbakerthe combination will be specified through the oslo policy20:35
sulosigmavirus: mock.create_autospec although not what i was looking for is totally what we should be doing now ..instead of creating fakes like we do now .. ill try to see if i can chage that20:36
sigmavirussulo: glad to have accidentally convinced you of that without even trying20:36
sigmavirus:D20:36
sigmavirusjimbaker: so, oslo.policy reads a file that contains rules20:37
sigmavirusthe rules map to a little DSL it invented20:37
sigmavirusthe DSL is evaluated by the policy enforce that looks to a dictionary passed in by the service20:37
sigmavirusso it resolves the variables in that dictionary context20:37
jimbakersigmavirus, correct20:37
sigmavirusOkay, just making sure we're on the same page20:38
jimbakersigmavirus, iirc, oslo.policy gives us the ability to construct our own checks. these checks can take in account additional info we store in the db20:39
jimbakerthey should be similar to the remote (http) check that oslo.policy has by default20:39
sigmavirusjimbaker: sure20:40
* sigmavirus wonders if anyone uses the remote check in oslo.policy20:40
jimbakerno idea20:40
sigmavirusIt's tested, but I've never seen bugs around it, and that seems impossible to me (that a bit of oslo code has no bugs)20:40
jimbakerbut this means we can have a project that includes a very large cloud (say 10K physical hosts), and still subdivide responsibility20:41
jimbakermaybe overkill? but if we can do it readily in the context of oslo.policy, seems to make sense20:41
sigmavirusSo we could still do that with Keystone and what you're talking about20:41
jimbakeralso we do want to provide some basic rbac to people not using keystone20:41
sigmavirusBut you don't need full on RBAC system implemented in craton20:41
sigmavirusJust fields to determine what domains/projects/roles can access that resource20:42
sigmavirusAnd then you can look at a request context and what comes from cell and see if they match20:42
jimbakersigmavirus, we are probably discussing the same thing :)20:42
sigmavirusjimbaker: I suspect so :)20:42
jimbakerlet me finalize my rbac proposal. i had put it aside end of summer for the very good reason i was busy, and it's now time to truly revisit20:43
jimbakerseems reasonable to discuss tues, which should discuss both ecosystem + core, given thanksgiving next week20:44
syed__+1 jimbaker20:44
*** valw has quit IRC20:50
*** valw has joined #craton20:55
*** jovon has quit IRC21:47
*** valw has quit IRC21:49
*** valw has joined #craton21:57
*** valw has quit IRC22:01
sulohttps://review.openstack.org/#/c/39926722:17
*** Mudpuppy_ has joined #craton22:41
*** Mudpuppy has quit IRC22:44
*** Mudpuppy_ has quit IRC22:46
jimbakersigmavirus, ^^^ we will want to coordinate on this change we agreed upon on tues22:49
jimbakerre /data -> /variables22:50
jimbakerin the client22:50
*** rainya has quit IRC22:53
*** rainya has joined #craton23:00
jimbakersulo, for me the current Dockerfile is not building. changing to FROM ubuntu:16.10 works. also some other possible updates, although this diff takes forever to build23:03
jimbakerhttps://gist.github.com/jimbaker/636ca00740493e976c660698502aab9323:05
sulohuh23:05
suloi didnt make any dockerfile change ?!!23:05
sulojimbaker: that is very weird .. how did you get that chage .. i havent comitted that23:07
jimbakerno, it's a Dockerfile change i made to work around missing archives23:07
jimbakerusing 16.10 also works around23:07
jimbakersulo, first observation on https://review.openstack.org/#/c/399267 - we need to update tools/generate_fake_data.py23:08
jimbakerstill trying to use /data23:08
sulojimbaker: what problem are you seeing with the dockerfile ? ... seems to work fine for me23:14
jimbakersulo, hmmm, interesting. it's just failing on getting the archives23:15
jimbakerfor mariadb23:15
jimbakerand it has nothing to do with this specific change - i'm just seeing it as i attempt to test it23:15
*** rainya has quit IRC23:17
jimbakermay still be worthwhile going to 16.10 for this testing - seems to speed up builds. but need to robustly verify23:18
jimbakersulo, in any event, doing the rename of /data -> /variables in generate_fake_data.py seems to be the only missing piece in that change23:21
suloso it looks like they f'ed the image .. and probably fixing/release new one soon ... we shouldnt use 16.10 atleast not officially thought the file 16.04->latest-lts23:21
sulobut the 16.04 image was updated yesterday and probably got jacked23:22
jimbakersulo, makes sense23:22
suloill fix the data generation23:22
jimbakeri don't see why not 16.10 for testing in the Dockerfile, we really don't care about LTS i think for this aspect23:23
jimbakerso right now, i cannot try 16.10 against 16.04 (because failures), but from what i recall, the docker build for 16.10 seems much faster. do try out23:24
jimbakeryourself23:24
suloyeah maybe, i guess if its just testing, its probalby no big deal23:24
suloyeah, if its faster then it might make sense to do it anyway23:25
suloill try it tomorrow .... afk for now ... laters23:26
jimbakersulo, have a great rest of your day!23:26
*** Mudpuppy has joined #craton23:39
*** Dusty has quit IRC23:49
« Wednesday, 2016-11-16 Index Friday, 2016-11-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!