| *** priteau has joined #openstack-blazar | 00:24 | |
| *** priteau has quit IRC | 00:29 | |
| *** hiro-kobayashi has joined #openstack-blazar | 01:08 | |
| *** hiro-kobayashi has quit IRC | 03:04 | |
| *** masahito has quit IRC | 03:15 | |
| *** priteau has joined #openstack-blazar | 04:26 | |
| *** priteau has quit IRC | 04:30 | |
| *** priteau has joined #openstack-blazar | 06:27 | |
| *** priteau has quit IRC | 06:32 | |
| *** masahito has joined #openstack-blazar | 08:15 | |
| *** priteau has joined #openstack-blazar | 08:27 | |
| *** priteau has quit IRC | 08:32 | |
| *** priteau has joined #openstack-blazar | 09:12 | |
| *** bertys_ has joined #openstack-blazar | 09:38 | |
| openstackgerrit | Masahito Muroi proposed openstack/blazar master: Add spec directory in blazar repo https://review.openstack.org/443552 | 10:22 |
|---|---|---|
| *** masahito has quit IRC | 10:50 | |
| *** bertys__ has joined #openstack-blazar | 12:33 | |
| *** bertys__ has quit IRC | 12:38 | |
| *** chlong_ has joined #openstack-blazar | 13:33 | |
| *** bertys_ has quit IRC | 14:37 | |
| *** chlong_ has quit IRC | 15:17 | |
| bauzas | priteau: I have some concerns with https://review.openstack.org/#/c/438293/ | 15:26 |
| bauzas | priteau: we used trusts for the exact reason we wanted to avoid 401s when the least was starting | 15:26 |
| bauzas | because the token could have been wrong | 15:27 |
| priteau | I see that using trusts can have benefits, but it requires users to have some admin-by-default privileges (unless there is another workaround) | 15:29 |
| bauzas | you can raise the context to be admin | 15:29 |
| priteau | while still using the trust-scoped token? | 15:30 |
| bauzas | good point | 15:30 |
| priteau | I can see how it would have worked well for instance reservation, because Nova operations were not requiring special privileges (create instance, shelve, unshelve) | 15:31 |
| bauzas | as an user, you delegate a trust if you wanna duplicate the call for some long-lived API | 15:31 |
| bauzas | but yeah, I agree, creating the infrastructure for managing pools should be a service user | 15:32 |
| bauzas | maybe something is unclear with that logic | 15:32 |
| bauzas | yeah, maybe removing trusts for physical hosts is a good idea, if we say that we use a service user for calling nova | 15:33 |
| priteau | this brings us to the discussion over this latest patch: originally, Climate was using the 'climate' service user to do that. You added an additional admin user (configured separately in climate.conf) in https://review.openstack.org/#/c/67801/ | 15:33 |
| priteau | It's clear to me why (on Chameleon we have been using the climate service user to call Nova and haven't seen any issues) | 15:34 |
| priteau | Sorry, it's *not* clear to me why | 15:34 |
| priteau | And the other reviewers don't see why either | 15:35 |
| bauzas | priteau: that's where my memory tricks me | 15:44 |
| priteau | heh, it was a while ago | 15:45 |
| priteau | Unfortunately there are no IRC logs from back then | 15:45 |
| bauzas | I don't remember the rationale behind that | 15:45 |
| bauzas | from a design perspective, there are things to consider | 15:45 |
| bauzas | 1/ quotas are user-based | 15:46 |
| bauzas | so things moving instances or other quota-related things should use same rights that the user calling those | 15:46 |
| bauzas | 2/ Blazar does extra things for managing leases, and those can't necessarly be user-facing | 15:47 |
| bauzas | for that, we need to hide that | 15:47 |
| priteau | Yes, quota is a concern | 15:48 |
| priteau | Even though for 0.2.0 we only have physical host reservation, it would still allow a user to reserve many more hosts than their equivalent instance quota | 15:48 |
| bauzas | it's semantically like ironic | 15:49 |
| priteau | But we're really aiming for a release with minimum working functionality, so we'll ignore the quotas for this one, and leave more radical changes to the next release and further | 15:49 |
| bauzas | ironic has the concept of the "first-takes-all" | 15:49 |
| bauzas | priteau: honestly, context switching in my mind is an hard cost, so I defer those design decisions to you and the Blazar team | 15:50 |
| bauzas | priteau: if you feel more confident with cleaning all that mess and use regular service users, I'm fine | 15:50 |
| bauzas | because you played with Blazar far more than me in the last 3 years | 15:51 |
| priteau | I understand. I just thought you might remember the rationale behind it. Thanks! | 15:51 |
| bauzas | priteau: so, I'm officially blessing you to cut all my dirty code and do what you want :D | 15:51 |
| bauzas | also keep in mind I was far less seasoned on OpenStack when I started writing Blazar than now | 15:52 |
| priteau | That's nice to know :-) | 15:52 |
| bauzas | so I could have made big misinterpretations that would scare me now | 15:52 |
| priteau | I will open a blueprint to keep track of the quota issue you just raised | 15:52 |
| bauzas | I usually provide this pic http://static.squarespace.com/static/518f5d62e4b075248d6a3f90/t/529265dee4b03e7a0729af8a/1385326056122/git-blame2.jpg?format=1500w | 15:52 |
| bauzas | to explain that I do recognize I can do crap :) | 15:53 |
| priteau | heh | 15:53 |
| priteau | Thanks a lot for your time! | 15:53 |
| priteau | I'll see you at the summit I suppose | 15:54 |
| bauzas | priteau: unfortunately, not sure yet | 16:51 |
| *** chlong_ has joined #openstack-blazar | 20:47 | |
| *** priteau has quit IRC | 20:54 | |
| *** priteau has joined #openstack-blazar | 22:55 | |
| *** priteau has quit IRC | 23:00 | |
| *** chlong_ has quit IRC | 23:21 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!
