Monday, 2011-08-15

*** RobertLaptop has quit IRC		00:42
*** RobertLaptop has joined #openstack-dev		00:46
*** RobertLaptop has quit IRC		02:15
*** lts has joined #openstack-dev		02:28
*** RobertLaptop has joined #openstack-dev		02:30
*** lts has quit IRC		02:32
openstackgerrit	Ziad Sawalha proposed a change to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/233	02:41
openstackgerrit	A change was merged to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/233	02:44
openstackgerrit	Verification of a change to openstack/keystone failed: Extension handling and static file content reorganization https://review.openstack.org/234	02:45
openstackgerrit	A change to openstack/keystone has been rejected: Ziads changes and fixes for them. https://review.openstack.org/230	02:45
openstackgerrit	Ziad Sawalha proposed a change to openstack/keystone: Extension handling and static file content reorganization https://review.openstack.org/234	02:54
openstackgerrit	Verification of a change to openstack/keystone failed: Added reponse handling for xsd static file rendering https://review.openstack.org/234	02:54
openstackgerrit	Ziad Sawalha proposed a change to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/234	03:00
openstackgerrit	Verification of a change to openstack/keystone failed: Schema updates. Split WADLs and extensions and got xsds to compile https://review.openstack.org/234	03:01
tr3buchet	vishy: ping	03:39
tr3buchet	i'm about 1000 lines in	03:39
tr3buchet	well it was 8 something last i checked	03:40
tr3buchet	i'm trying to figure out wtf to do with libvirt's refresh security groups	03:40
tr3buchet	i have the libvirt get_network_info() function completely removed now and all functions that used it before and their tests passing	03:41
tr3buchet	there are a few functions which previously optionally accepted network_info left to cleanse	03:41
*** chomping has joined #openstack-dev		03:57
openstackgerrit	Monty Taylor proposed a change to openstack/openstack-ci: Added a version of the rfc script from gluster. https://review.openstack.org/235	04:55
vishy	tr3buchet: i already did it and proposed	05:03
vishy	look at merge queue	05:03
*** nci has quit IRC		07:03
*** reidrac has joined #openstack-dev		07:04
*** nickon has joined #openstack-dev		07:17
*** darraghb has joined #openstack-dev		07:29
*** mnour has joined #openstack-dev		08:06
*** phil121 has quit IRC		08:09
openstackgerrit	Yogeshwar Srikrishnan proposed a change to openstack/keystone: Additional tests and minor changes to support services CRUD. https://review.openstack.org/236	08:26
openstackgerrit	Ziad Sawalha proposed a change to openstack/keystone: Schema updates. Split WADLs and extensions and got xsds to compile https://review.openstack.org/234	10:07
openstackgerrit	Verification of a change to openstack/keystone failed: Added reponse handling for xsd static file rendering https://review.openstack.org/234	10:08
*** rods has joined #openstack-dev		10:44
*** Guest77784 has quit IRC		11:23
*** lorin1 has joined #openstack-dev		11:53
*** mfer has joined #openstack-dev		11:59
*** bsza has joined #openstack-dev		12:35
*** lts has joined #openstack-dev		12:56
*** chuck_ has quit IRC		13:00
*** zul has joined #openstack-dev		13:01
*** kbringard has joined #openstack-dev		13:02
*** Guest77784 has joined #openstack-dev		13:03
*** dprince has joined #openstack-dev		13:13
*** ameade has joined #openstack-dev		13:24
*** amccabe has joined #openstack-dev		13:44
*** Binbin has joined #openstack-dev		14:08
*** dolphm has joined #openstack-dev		14:09
*** dprince has quit IRC		14:10
*** troytoman-away is now known as troytoman		14:15
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Additional tests and minor changes to support services CRUD. https://review.openstack.org/236	14:22
openstackgerrit	A change was merged to openstack/keystone: Additional tests and minor changes to support services CRUD. https://review.openstack.org/236	14:25
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/234	14:33
*** vladimir3p has joined #openstack-dev		14:34
openstackgerrit	A change was merged to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/234	14:36
tr3buchet	vishy: i hate that we did that. :(	14:40
*** vladimir3p has quit IRC		14:46
*** rnirmal has joined #openstack-dev		14:55
*** dragondm has joined #openstack-dev		15:00
smoser	is it expected that uploading a vmdk formated full disk image should be supported?	15:01
jaypipes	dolphm: ping	15:01
dolphm	jaypipes: pong	15:02
jaypipes	smoser: in Glance, sure. Not sure about the VMWare driver though	15:02
*** reidrac has quit IRC		15:03
jaypipes	dolphm: hey, I want to get z's git and gerrit stuff sorted... mtaylor and jeblair have responded to his emails about his trouble with Gerrit this weekend. It seems that he's not using topic branches, and by making chnages in the master local branch he's messing something up.	15:03
jaypipes	dolphm: I noticed you merged in his change on the static file stuff. He mentioned there is "stuff on GitHub to pull in". What is that?	15:03
dolphm	jaypipes: yeah, i got his gerrit change in this morning.. and he just emailed me about github too	15:03
smoser	jaypipes, i'm trying vmdk upload and then running under kvm	15:03
dolphm	jaypipes: he said he "didn't have any way to share his code with Jorge" so he pushed it to github	15:04
dolphm	jaypipes: instead of, i don't know, opening a review	15:04
jaypipes	smoser: let us know if it works! ;)	15:04
smoser	well, it doesn't :)	15:05
smoser	jaypipes, https://bugs.launchpad.net/nova/+bug/826798	15:05
uvirtbot	Launchpad bug 826798 in nova "ubuntu vmdk uploaded does not boot" [Undecided,New]	15:05
jaypipes	dolphm: heh. alright, so he pushed his code by doing a git remote add github.com/rackspace/keystone...	15:05
jaypipes	smoser: ah, well that was a quick answer :)	15:05
*** cp16net has joined #openstack-dev		15:05
smoser	i'm digging info on whether or not glance was involved at all, this is a public openstack on oneiric that i'm not aware of the details of	15:05
*** mnour has quit IRC		15:06
*** mnour has joined #openstack-dev		15:06
jaypipes	dolphm: because I get he tried to git review that code but it kept having merge conflicts. the reason it was having merge conflicts was because he did a git pull in his local master, that pulled in commits, then he made code changes in his master branch then git rebase'd and stuff got messed up....	15:07
*** troytoman is now known as troytoman-away		15:07
jaypipes	smoser: k, lemme know if it's Glance related.	15:07
dolphm	jaypipes: should i setup a how-to-git-gerrit session with him?	15:07
smoser	glance was used, jaypipes but i know nothing else at the moment.	15:08
jaypipes	smoser: k	15:08
jaypipes	dolphm: I think we need to. We need to get him to stop pushing his private history to GitHub...	15:08
smoser	jaypipes, you can easily try to reproduce though	15:08
dolphm	jaypipes: 110% agree	15:09
jaypipes	dolphm: well, he is in training much of today on some new release and code management tool that RAX development teams are now going to be using, so perhaps tomorrow?	15:09
dolphm	jaypipes: he's a little aggressive on +2's, and, umm, passionate about "more commits = better"	15:09
Daviey	smoser: The cloud implementation you are talking about doesn't use glance, it currently uses nova-objectstore.	15:10
Daviey	err, i am a plonker, scrub that	15:10
jaypipes	dolphm: more commits == better is fine for local development. But git's workflow really pushes for rebasing those local commits into a single changeset when you push public history.	15:10
smoser	Daviey, i was told by agy it uses glance just minutes ago	15:10
Daviey	smoser: yes, i am a plonker.	15:11
smoser	you are.	15:11
jaypipes	dolphm: and ack on the +2 stuff. That is a real problem that is going to be an issue with the incubated -> core process, just to let you know...	15:11
dolphm	jaypipes: no no, i mean "more commits in openstack/keystone NOW NOW NOW no matter what they are = better"	15:11
dolphm	jaypipes: i recognize that and i've tried to subtly suggest that to him	15:11
jaypipes	dolphm: the +2 stuff is emblematic of the GitHub "just close and merge it"...	15:12
dolphm	jaypipes: yep	15:12
jaypipes	dolphm: which works fine when you have 2 or 3 people requesting pulls. Not so much once you grow a bit larger...	15:12
dolphm	jaypipes: yeah, he hasn't recognized how much benefit gerrit has provided keystone (yet), and he's only impeding that benefit	15:13
jaypipes	dolphm: anyway, I think the big thing is to a) get Ziad using topic branches and b) walking through the difference between public and private history. notmyname posted an excellent link for an article that I think Z should go through: http://sandofsky.com/blog/git-workflow.html	15:13
dolphm	jaypipes: ha, i love the opening paragraph..	15:14
jaypipes	dolphm: yes, indeed. when I read that article, I tried imagining that creiht was reading it to me, sitting with a pipe in front of a fire in a nice big leather chair.	15:15
jaypipes	dolphm: it helped me consume the content better ;)	15:16
dolphm	dolphm: i'll go find a cigar	15:16
dolphm	jaypipes: ^ lol	15:16
jaypipes	hehe	15:16
notmyname	dolphm: follow -up twitter conversation to that git post http://paste.openstack.org/show/2170/	15:20
*** letterj has joined #openstack-dev		15:24
*** ChanServ sets mode: +v letterj		15:24
dolphm	notmyname: for future reference =) http://i.imgur.com/paTr6.jpg	15:25
* creiht worries about what other fantasies jaypipes has about me		15:25
jaypipes	creiht: lol	15:27
notmyname	dolphm: indeed	15:28
jaypipes	smoser: interesting thought from you on that bug: "disabling a filesystem check has nothing to do with disabling filesystem checks."	15:28
smoser	:)	15:29
smoser	yeah...	15:29
smoser	"injecting a file has nothing to do with disabling filesystem checks"	15:29
*** heckj has joined #openstack-dev		15:32
jaypipes	smoser: :)	15:32
smoser	i fixed that.	15:33
jaypipes	smoser: hehe, no worries.	15:33
smoser	the bug i meant to give to you was https://bugs.launchpad.net/nova/+bug/826798	15:33
uvirtbot	Launchpad bug 826798 in nova "ubuntu vmdk uploaded does not boot" [Undecided,New]	15:33
smoser	thats the vmdk one	15:33
jaypipes	smoser: I pretty much knew what you meant ;) was a good tautology though.	15:33
smoser	yeah.	15:33
smoser	disabling a filesystem check has something to do with disabling filesystem checks, assuming tune2fs works properly	15:34
mtaylor	jaypipes, dolphm ++ on that article	15:34
mtaylor	jaypipes: and +10 on creiht reading it in an armchair	15:34
creiht	how about on a horse?	15:36
mtaylor	creiht: only if you're riding it backwards bare-chested and also holding a bottle of old spice	15:38
*** mnour has quit IRC		15:38
creiht	look at your git workflow, now look at mine	15:38
jaypipes	ooooh, the imagery...	15:40
creiht	look now I am on github...	15:40
mtaylor	now I'm a clam	15:40
*** bsza has quit IRC		15:55
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/237	15:57
dolphm	jaypipes: mtaylor: ^^ these are z's changes from github.com/rackspace/keystone	15:57
*** bsza has joined #openstack-dev		15:58
mtaylor	dolphm: great. now all we've got to do is get him moving forward properly	15:58
openstackgerrit	Kevin L. Mitchell proposed a change to openstack/glance: Add support for shared images https://review.openstack.org/201	15:58
*** martine has joined #openstack-dev		16:04
openstackgerrit	A change was merged to openstack/openstack-ci: Add a script to close Github pull requests. https://review.openstack.org/224	16:04
dolphm	mtaylor: i don't want these changes merged in yet either... there's some terrible slop in there that needs to be fixed... so this is a good chance for him to learn the review process :)	16:04
mtaylor	dolphm: yay!	16:04
openstackgerrit	A change was merged to openstack/openstack-ci-puppet: Add cron job for closing pull requests. https://review.openstack.org/225	16:05
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Added reponse handling for xsd static file rendering https://review.openstack.org/237	16:06
jeblair	dolphm: awesome, thanks!	16:07
dolphm	jeblair: np	16:07
*** zaitcev has joined #openstack-dev		16:13
openstackjenkins	Project nova build #1,248: SUCCESS in 3 min 27 sec: https://jenkins.openstack.org/job/nova/1248/	16:20
openstackjenkins	Tarmac: Add durable flag for rabbit queues.	16:20
*** zul has quit IRC		16:24
openstackgerrit	A change to openstack/keystone has been rejected: Ziad's changes from github.com/rackspace/openstack https://review.openstack.org/237	16:25
dolphm	if i -2, the z-hammer can't just +2 and merge it anyway, right?	16:25
mtaylor	dolphm: I believe that is the case	16:27
mtaylor	jeblair: ^^	16:27
*** markvoelker has joined #openstack-dev		16:28
*** zul has joined #openstack-dev		16:28
jeblair	mtaylor, dolphm: correct	16:29
*** Binbin has quit IRC		16:37
*** Tushar has joined #openstack-dev		16:56
openstackgerrit	A change was merged to openstack/glance: Bug fix lp:824706 https://review.openstack.org/229	16:59
openstackgerrit	A change was merged to openstack/glance: Bug Fix lp:825493 https://review.openstack.org/226	17:00
openstackgerrit	Verification of a change to openstack/glance failed: Add notifications for uploads, updates and deletes https://review.openstack.org/192	17:03
*** mgius has joined #openstack-dev		17:13
*** jhtran has joined #openstack-dev		17:14
*** negronjl has quit IRC		17:19
*** negronjl has joined #openstack-dev		17:19
*** lorin1 has quit IRC		17:27
*** anotherjesse has joined #openstack-dev		17:42
vishy	tr3buchet: I saw you push a branch, was trying to ping you to let you know that I was doing it, but you weren't on irc at the time :(	17:47
vishy	tr3buchet: I assume you made the same set of changes?	17:47
*** dprince has joined #openstack-dev		17:56
dolphm	open question (vishy?): in keystone, does it make more sense for the "default tenant" relationship to be described as "a Tenant is Owned by a User" and therefore be explicitly modeled as an attribute of the tenant referencing it's owner (TenantModel.owner --> UserModel) instead of an attribute of the User (UserModel.default_tenant --> TenantModel)?	18:16
vishy	dolphm: i think that breaks down if you have a user that owns multiple tenants	18:17
dolphm	vishy: then multiple tenants point to a single user, the owner	18:17
dolphm	vishy: the current model breaks down in that scenario (a user can only point to a single tenant)	18:18
vishy	right but then when the user logs in, how do you pick its default tenant?	18:18
*** dprince_ has joined #openstack-dev		18:18
*** dprince has quit IRC		18:18
dolphm	vishy: if they only own a single tenant, it can be looked up, and a scoped token can be immediately provided	18:19
*** dprince_ has quit IRC		18:19
dolphm	vishy: if they own multiple tenants, they must go through the 2.0 process of selecting a tenant to get a token for	18:19
vishy	dolphm: isn't that the alternate solution we came up with?	18:20
vishy	dolphm: I thought that there was a strong feeling that default tenant was preferred	18:20
dolphm	vishy: or their "unscoped" token is naturally "scoped" to their Own tenants, but not to anything they have a Role on	18:20
vishy	I don't really care personally	18:20
dolphm	vishy: we didn't talk about modeling it this way	18:20
vishy	i don't think they should be properties on either object personally	18:20
*** mszilagyi has joined #openstack-dev		18:21
vishy	user, tenant, association seems way simpler to me	18:21
*** anotherjesse_ has joined #openstack-dev		18:21
dolphm	vishy: i personally agree	18:21
*** dprince has joined #openstack-dev		18:22
vishy	I don't understand why this becomes so complicated	18:23
vishy	have users tenants	18:23
vishy	and an association table with role_type	18:23
vishy	user_id, tenant_id, role_type	18:23
vishy	you do a join and you have all of the tenants and roles	18:23
vishy	if you have one, return it...	18:23
*** anotherjesse has quit IRC		18:25
*** anotherjesse_ is now known as anotherjesse		18:25
annegentle	you're all invited - doc team meeting in #openstack-meeting channel in about an hour and 15 minutes from now	18:46
tr3buchet	vishy: they were fairly similar yeah	18:48
tr3buchet	vishy: same goal too, rip out the libvirt get_network_info nonsense	18:48
vishy	yeah sorry about that :(	18:49
vishy	i was fixing a couple of bugs, and it made sense to just go ahead and fix that whole part	18:49
openstackgerrit	Monty Taylor proposed a change to openstack/openstack-ci: Added a version of the rfc script from gluster. https://review.openstack.org/235	18:52
openstackgerrit	Monty Taylor proposed a change to openstack/openstack-ci: Added a version of the rfc script from gluster. https://review.openstack.org/235	18:55
jaypipes	vishy, dolphm: since when did users "own" tenants? I thought a user "belonged to" a tenant (i.e. a tenant is the account/project)	18:55
dolphm	jaypipes: it's just a thought... i'm wondering why it won't work	18:55
vishy	jaypipes: in the current project model there is an 'owner': called the project manager	18:55
jaypipes	vishy: but that's a role, not a user, right?	18:56
vishy	but i think it is way easier to have an association table	18:56
vishy	jaypipes: it is actaully a field in the projects table	18:56
vishy	but it shouldn't be :)	18:56
jaypipes	vishy: I see	18:56
dolphm	vishy: jaypipes: are ya'll referring to nova?	18:57
vishy	yes in nova that is how it is	18:57
jaypipes	yes	18:57
dolphm	so, isn't this "better" for keystone too, if it also satisfies rackspace's business case?	18:58
dprince	vishy: when you have a minute I have a question on instance states in nova. Looking at implementing pvo blueprint.	18:58
vishy	dprince: got a minute	18:58
vishy	dolphm: no, i think it is too limiting, the association table is way simpler and more flexible	18:59
vishy	otherwise you have all sorts of special cases in the logic	18:59
dolphm	vishy: like what?	18:59
vishy	look at the current code checking for default_tenant, it is in way too many places	19:00
dprince	vishy: So instead of adding a new column what are your thoughts on reworking how the current 'state' and 'state_description' columns work.	19:01
dolphm	vishy: my thought is to replace with "unscoped" token with a "default-scope" token... the default scope being tenants the user Owns ... so it simply becomes business logic on the token... "can the token operate on this tenant"	19:01
dprince	vishy: Specifically. We are considering what if we made them 'vm_state' and 'api_state'.	19:01
dprince	vishy: The existing columns seem to map more directly to an EC2 API use case. Just wondering if we could rework things to work better for the transision states and then have the OS and EC2 API's map them according to those SPECs.	19:03
*** jhtran_ has joined #openstack-dev		19:06
*** jhtran has quit IRC		19:06
*** jhtran_ is now known as jhtran		19:06
vishy	dprince: there are some comments in the db models file from ewan	19:06
*** jhtran has quit IRC		19:06
vishy	dprince: talking about how xen models this stuff	19:06
dprince	looking...	19:06
vishy	basically the idea is that there are three states	19:07
vishy	the power state, the vm_state and the current task	19:07
dprince	Comments in nova/db/sqlalchemy/models.py?	19:07
vishy	you could probably get away without powerstate	19:07
vishy	yeah	19:07
vishy	he wrote an email about it to the list long ago	19:08
vishy	powerstate should be able to be introspected from vmstate	19:08
dprince	Sure.	19:08
vishy	dprince: but in general i think you're correct, we should have rich states internally and map them to states that the api knows	19:09
vishy	dprince: I think two states internally is probably best though, where it is, and where it is trying to get to	19:09
vishy	since we don't have the concept of an external task	19:10
dprince	Okay. We weren't thinking about the 'task_state'. I was going to call Ewans power state 'vm_state'.	19:10
dprince	But I could go either way.	19:10
vishy	dolphm: I think ownership is too limiting	19:10
dprince	This would obviously involve changes all over the place (probably not D4 material) but you would be open with a 2 column model?	19:10
dolphm	vishy: but this is less-limiting than a "default_tenant"	19:11
vishy	dolphm: ownership is inherently 1 - many and tenants - users should be many - many	19:11
vishy	dolphm: it just switches the 1 side of the 1 - many	19:11
dolphm	vishy: ... to the side that makes more sense :)	19:12
vishy	dolphm: but why have that limitation at all. It just means you have to jump through hoops to do things like roles, because you've limited one side of the relationship	19:12
vishy	dprince: yes definitely	19:13
dolphm	vishy: you're just arguing against a default_tenant... and i thought we lost that argument on friday... so i'm just trying to fix rackspace's proprietary-ness	19:14
vishy	dolphm: you can do the same thing in my model that you can do in yours	19:15
*** yogirackspace has joined #openstack-dev		19:15
vishy	dolphm: if there is only one association, return it as the default	19:15
dolphm	vishy: i totally agree, but we lost that fight	19:16
vishy	dolphm: I don't really see how the owner thing is any simpler than default tenant	19:16
dolphm	for starters, it'd be more intuitive to newcomers	19:16
vishy	the only difference is you have to do a uniqueness test to make sure you can return it	19:16
vishy	seems more complicated actually	19:16
dolphm	"tenants can be owned by user" vs "users have the concept of default tenantness"	19:16
vishy	dolphm: but the only way that is simpler is if you enforce one owned tenant per user	19:17
vishy	otherwise you are back in my model anyway	19:17
vishy	dolphm: i really don't care which way it is modeled	19:18
vishy	dolphm: i think you are making more work for yourself by changing it without any tangible benefit	19:18
dolphm	the major benefit is the simplicity of an "unscoped token" --> "default-scoped token" or "self-scoped token"	19:18
dprince	vishy: Still. Using Ewan's nomanclature to keep it simple... I would probably advocate that we have just vm_state and power_state. How does keeping track of the 'task_state' help us?	19:19
vishy	self-scoped-token?	19:19
vishy	dprince: it simplifies the number of different states necessary in vm_state	19:19
vishy	dprince: for example, you need to do a reboot for rescue, unrescue, reboot, etc.	19:20
dolphm	vishy: a token that is, by default, scoped to only the Tenant's the User Owns ("scoped to my own stuff"... rather than "scoped to something I only have a Role in")	19:20
vishy	dprince: with only one state you have to add rescuing, unrescuing, rebooting, etc.	19:20
vishy	dprince: and then have some logic that can understand that all of those states really mean that the vm is rebooting	19:21
vishy	dprince: and you can't really know where it is in the process. Is it shutoff, has the ACPI command been sent to the chassis? etc.	19:21
vishy	dprince: if vm_state actually shows the non-transitory state and task_state shows the action that is being performed	19:22
vishy	dprince: it is easy to always know what state the vm is actually in.	19:22
vishy	dprince: but I'm not married to the idea. I just thought ewan made a lot of sense when he described how they do it.	19:23
vishy	dolphm: that doesn't make a whole lot of sense. From the service perspective we want token = 1 tenant and 1 user	19:24
dprince	vishy: Sure. Looking for that email. But it looks like our 'state' column would become 'power_state' and the existing state_description would become 'vm_state'.	19:24
vishy	dprince: that is fine	19:24
vishy	dprince: i think we can do with 2 columns total	19:24
dolphm	vishy: what's the implication i'm missing there?	19:24
vishy	dolphm: when we authenticate a token we need to be told the tenant that the token is for	19:25
dolphm	vishy: ah.... let me check something	19:25
vishy	dolphm: it sounds like you are returning an amorphous list	19:25
dolphm	vishy: yeah, you're right... i'm wondering if i can fix that	19:27
vishy	dolphm: if you have just one owned tenant, it works just like default tenant	19:27
vishy	dolphm: if you have multiple, than it works just like some limited version of roles	19:28
vishy	dolphm: so i don't see what you gain	19:28
vishy	dolphm: if you want multiple just create a role that says owner	19:28
dolphm	vishy: the only way i see to fix that is to return a list of tokens to the user on login, where each token is scoped to one tenant the user owns... and that's not a place i'd want to change the api contract	19:29
vishy	dolphm: i suppose authorize could return a list of tenants, but then roles get kind of confusing	19:29
vishy	dolphm: how is what you're suggesting different than roles?	19:30
*** alekibango has quit IRC		19:30
*** alekibango has joined #openstack-dev		19:30
dolphm	vishy: "ownership" and "default_tenant-ness" are just a proprietary "core" roles	19:31
vishy	well, implement them as roles then. Way easier!	19:31
dolphm	vishy: and by proprietary i mean proprietary to rackspace.	19:31
vishy	so do the general user tenant associations	19:31
vishy	and for rackspace create a "default tenant role"	19:32
vishy	:)	19:32
vishy	gotta grab some lunch	19:32
vishy	continue this later	19:32
dolphm	vishy: "but then the "simplicity" of auth is reduced for rackspace"	19:32
dolphm	vishy: -ziad	19:32
dolphm	reduced = lost	19:32
*** chipc has joined #openstack-dev		19:33
openstackjenkins	Project nova build #1,249: SUCCESS in 3 min 36 sec: https://jenkins.openstack.org/job/nova/1249/	19:35
openstackjenkins	Tarmac: Libvirt has some autogenerated network info that is breaking ha network.	19:35
openstackjenkins	* pases network info from manager wherever it is needed	19:35
openstackjenkins	* fixes libvirt tests	19:35
openstackjenkins	* renames allow_project_net_traffic to allow_same_net_traffic	19:35
openstackjenkins	* makes firewall driver use dhcp_server instead of gateway for dhcp exception.	19:35
openstackgerrit	Kevin L. Mitchell proposed a change to openstack/glance: Add support for shared images https://review.openstack.org/201	19:39
*** darraghb has quit IRC		19:39
*** anotherjesse_ has joined #openstack-dev		19:42
*** anotherjesse has quit IRC		19:44
*** anotherjesse_ is now known as anotherjesse		19:44
*** nickon has quit IRC		19:48
openstackjenkins	Project nova build #1,250: SUCCESS in 3 min 39 sec: https://jenkins.openstack.org/job/nova/1250/	19:48
openstackjenkins	Tarmac: This branch allows the standard inclusion of a body param which most http clients will send along with a POST request.	19:48
*** ameade has quit IRC		19:54
vishy	dolphm: jesse just pointed out that your owner thing doesn't really work	19:57
anotherjesse	vishy: here is the issue:	19:58
anotherjesse	def remove_user_from_tenant(self, tenant_id, user_id):	19:58
anotherjesse	params = {"roleRef": {"tenantId": tenant_id, "roleId": "Member"}}	19:58
anotherjesse	# FIXME(ja): we have to get the roleref? what is 5?	19:58
anotherjesse	return self._delete("/users/%s/roleRefs/5" % user_id)	19:58
vishy	dolphm: what if two users should have the same default tenant	19:58
vishy	dolphm: it isn't possible in your model	19:58
annegentle	Doc team meeting in a few minutes in #openstack-meeting	19:58
anotherjesse	that is how you remove "Member" role from a user in a tenant...	19:58
anotherjesse	maybe	19:58
anotherjesse	the api for adding/removing role-ness in a tenant needs to be cleaned?	19:58
anotherjesse	There are three nouns: user, tenant, role … what is the restifarian way of saying - remove this role from the tenant?	19:59
dolphm	vishy: anotherjesse: yep, proprietary roles are dumb	19:59
openstackgerrit	Johannes Erdfelt proposed a change to openstack/glance: Add notifications for uploads, updates and deletes https://review.openstack.org/192	20:00
openstackgerrit	A change was merged to openstack/glance: Add notifications for uploads, updates and deletes https://review.openstack.org/192	20:02
anotherjesse	dolphm: is there a way to say "delete all roles in user/tenant combo"	20:03
anotherjesse	dolphm: since I removing a user from a tenant needs to remove all roles they have in the tenant	20:03
jaypipes	Vek: https://review.openstack.org/#patch,sidebyside,201,5,glance/tests/__init__.py	20:04
jaypipes	Vek: so... that change is from a commit that is in master, but not related to your patchset 5 for shared image groups.	20:05
jaypipes	Vek: wondering how that got in there...	20:05
dolphm	anotherjesse: i would think the method you pasted should implement taht	20:05
dolphm	should	20:05
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Ziad's changes from github.com/rackspace/openstack https://review.openstack.org/238	20:06
*** dprince has quit IRC		20:06
openstackjenkins	Project nova build #1,251: SUCCESS in 3 min 26 sec: https://jenkins.openstack.org/job/nova/1251/	20:06
openstackjenkins	Tarmac: Make response structure for list floating ips conform with rest of openstack api	20:06
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Ziad's changes from github.com/rackspace/openstack https://review.openstack.org/237	20:08
openstackjenkins	Project nova-tarball-bzr-delta build #478: FAILURE in 12 sec: https://jenkins.openstack.org/job/nova-tarball-bzr-delta/478/	20:10
openstackjenkins	Tarmac: We don't have source for open-wrt in the source tree, so we shouldn't use the images. Since the images are only there for uploading smoketests, They are now replaced with random images.	20:10
zykes-	open-wrt ?	20:10
zykes-	what the hell :p	20:11
anotherjesse	I put that in there over a year ago	20:11
anotherjesse	since it was the smallest thing we had that should launch	20:11
zykes-	ah	20:11
anotherjesse	but since then ami-tiny and openstack occured	20:11
zykes-	ami and what ?	20:11
anotherjesse	I added it back before it was called nova and before we even heard about rackspace&openstack	20:12
vishy	ami-tty	20:12
anotherjesse	the old days of spring 2010	20:12
zykes-	ah	20:13
zykes-	does swift run as a vm at xenserve R?	20:13
anotherjesse	zykes-: citrix currently runs everything inside a VPX (application domU)	20:14
anotherjesse	so - yes for swift & nova	20:15
zykes-	glance as well ?	20:15
*** dolphm has quit IRC		20:19
openstackgerrit	Verification of a change to openstack/glance failed: Add support for shared images https://review.openstack.org/201	20:20
jaypipes	Vek: ignore comment above... looks to be a peculiarity with Gerrit -- it's showing changes to files that were changed in trunk master since the last time you pull master I suppose...	20:20
*** Tushar has quit IRC		20:21
openstackgerrit	Dolph Mathews proposed a change to openstack/keystone: Git-ignore python coverage data https://review.openstack.org/239	20:21
openstackgerrit	A change was merged to openstack/keystone: Git-ignore python coverage data https://review.openstack.org/239	20:24
vishy	soren: ping	20:25
soren	vishy: 'sup?	20:29
vishy	soren: theories on cluster installs for migration. The libvirts need to talk to each other	20:29
vishy	soren: options as I see it are: give one ssh key to the nova user on every compute host in the cluster	20:30
vishy	soren: or have libvirt listen tcp over a management interface	20:30
vishy	soren: is there another option that I haven't considered?	20:30
vishy	soren: I also have some stuff regarding source security group to discuss	20:31
soren	I'd definitely shoot for ssh.	20:32
openstackgerrit	Kevin L. Mitchell proposed a change to openstack/glance: Add support for shared images https://review.openstack.org/201	20:32
vishy	soren: you think it is acceptable to have the nova user have an ssh key that allows them to get to every machine in the cluster?	20:32
soren	The tcp+ssl is much more compllicated and the plain SSL is not going to be acceptable for obvious security reasons.	20:33
openstackgerrit	Verification of a change to openstack/glance failed: Add support for shared images https://review.openstack.org/201	20:33
vishy	soren: well if it is over a private interface, that seems like less of an attack surface then giving logins to all the boxes no?	20:33
soren	vishy: That's assuming noone ever screws up their network config.	20:34
soren	vishy: :)	20:34
vishy	soren: true. I'm not actually thinking of putting this in generally	20:34
soren	vishy: It only takes a minor routing/firewall misconfiguration to accidentally let guests access the hosts.	20:34
soren	vishy: What would you do in the more general case?	20:35
vishy	soren: yes good point	20:35
soren	I'm assuming it's for live migration and such?	20:35
vishy	soren: yes live migration	20:35
vishy	soren: We don't really have a general solution for multimachine installs yet	20:35
openstackjenkins	Project nova build #1,252: SUCCESS in 3 min 33 sec: https://jenkins.openstack.org/job/nova/1252/	20:35
openstackjenkins	* Tarmac: Adding kvm-block-migration feature.	20:35
openstackjenkins	I wrote some description the below URL. I hope it may help for reviewing.	20:35
openstackjenkins	<http://etherpad.openstack.org/kvm-block-migration>	20:35
openstackjenkins	* Tarmac: We don't have source for open-wrt in the source tree, so we shouldn't use the images. Since the images are only there for uploading smoketests, They are now replaced with random images.	20:35
vishy	whoot block migration is in	20:35
zykes-	that's only for kvm vishy ?	20:36
vishy	soren: ok I see your point, ssh is probably the "safer" of the options. Maybe it could be configured to ssh into an especially unpriveleged account	20:36
vishy	that only has a libvirt socket and basically nothing else	20:37
vishy	zykes-: yes	20:37
zykes-	vishy: what about xenserver and so on ?	20:37
vishy	zykes-: block migration doesn't exist in xen yet	20:37
zykes-	:/	20:37
vishy	zykes-: targeted for 2012 i think	20:37
zykes-	xenserver then ?	20:38
vishy	same	20:38
zykes-	so kvm is ahead of it there actually ;p	20:38
vishy	xenserver supports live migration on shared storage but not block migration afaik	20:38
zykes-	what's block storage then ?	20:38
vishy	soren: so security groups, apparently the initial version of ec2 source groups didn't allow for ports to be specified	20:39
soren	Eh?	20:39
vishy	soren: so if you use old boto for example you get a security group rule with a source group and NULL in all of the other fields	20:39
soren	whuh?	20:39
vishy	soren: you didn't experience this?	20:40
openstackgerrit	Verification of a change to openstack/glance failed: Add support for shared images https://review.openstack.org/201	20:40
soren	vishy: I did not.	20:40
vishy	soren: did you try with boto 1.9?	20:40
* soren checks		20:40
* soren twiddles thumbs, waiting for rmadison		20:40
soren	There we go.	20:40
soren	1.9b-1ubuntu5	20:40
soren	So yes, 1.9.	20:40
soren	So what would happen?	20:41
vishy	http://pastie.org/2377042	20:42
vishy	and it worked for you?	20:42
vishy	hmm	20:42
vishy	the new version of boto has a version that passes stuff in differently	20:43
soren	I absolutely tested and verified this.	20:43
vishy	but as far as i could tell with euca-authorize it doesn't pass in the ip_protocol when you specify a source group	20:43
* soren tries to remember if there was anything particular about the testing environment that may have affected the test results..		20:44
soren	It's not entirely impossible that I was using a slightly older (by a few revs) api server, I guess.	20:44
vishy	soren: http://pastie.org/2377052	20:45
jaypipes	Vek: https://jenkins.openstack.org/job/glance/89183/console	20:45
clayg	so... lucid's libvirt is too old? (Version: 0.7.5-5ubuntu27.16)	20:45
soren	vishy: That's with boto 1.9?	20:45
soren	clayg: Good grief, yes.	20:45
vishy	soren: yes	20:46
soren	vishy: 1.9b?	20:46
vishy	yup	20:46
soren	ISTR the letter there being significant.	20:46
vishy	and euca2ools version 1.3 i think? checking	20:46
soren	vishy: Ah, good point. /me checks that too	20:46
soren	1.3.1-0ubuntu7	20:46
vishy	ah i'm using 1.2	20:47
vishy	interesting	20:47
soren	vishy: Tell you what: I'll look at it in the morning to make sure it still works.	20:47
soren	vishy: If not, I'll fix it. If yes, we can debug together tomorrow?	20:47
vishy	soren: for comparison http://pastie.org/2377059	20:47
vishy	that is what happens with no source group	20:47
vishy	soren: the comments in boto makes me think that amazon didn't used to support specifying a port for the rule	20:48
vishy	soren: that you had to allow everything from another group	20:48
soren	?!?	20:48
soren	really?	20:48
soren	I..	20:48
soren	Hm..	20:48
*** Tushar has joined #openstack-dev		20:48
vishy	yeah see the first pastie	20:48
soren	Gosh, you're right.	20:49
soren	I'm trying desperately to remember how I tested this.	20:49
openstackgerrit	Verification of a change to openstack/glance failed: Add support for shared images https://review.openstack.org/201	20:50
vishy	soren: we can deal with it tomorrow. My general thought is to just interpret the null rules as allow everything	20:50
vishy	soren: I'm also undecided if we should have a default allow all from the same group	20:51
vishy	i think that is how it works in amazon, but I kind of like the flexibility of having to specify it...	20:51
soren	vishy: We already have a flag to specify that, don't we?	20:52
soren	(come to think of it)	20:52
vishy	soren: it allows all from the same network	20:52
vishy	soren: which is fine in vlan mode, but is useless in flatdhcp	20:52
vishy	(and even in vlan mode it allows everything for all groups in the same project	20:52
soren	Erk.	20:52
soren	I don't really like the "same network" think. The statically sized subnets are awkward. :-/	20:53
soren	s/think/thing/	20:53
jaypipes	s1rp: getting these failures again on Vek's shared image groups: https://jenkins.openstack.org/job/glance/89184/console. Can't understand why though... what did we do to resolve those earlier and what could have changed in Vek's commit?	20:54
vishy	soren: just tested with euca2ools 1.3 and it works	20:56
vishy	so apparently it was a euca issue?	20:56
s1rp	jaypipes: good question, no idea why scrubber code would be affected at all	20:56
Vek	me either.	20:56
vishy	soren: so the question is do we have an error message or a workaround? Because right now it just happilly accepts the null values and does nothing	20:57
vishy	soren: i will do a bug report	20:57
jaypipes	Vek, s1rp: well, this is clearly repeatable, so we'll need to figure it out, or Vek's patches will remain quarantined. :(	20:57
* jaypipes trying to remember what the fix for this was earlier...		20:57
jaypipes	didn't we see this exact failure before?	20:57
Vek	funny thing is that the tests work fine on my master, just not on the shared images branch	20:57
jaypipes	Vek: wait, you can repeat the failure locally?	20:58
Vek	jaypipes: Yeah, actually, I can.	20:59
jaypipes	Vek: ah, well in that case...	20:59
*** bengrue has quit IRC		21:00
Vek	master is fine, but in my shared-images branch, two test failures.	21:00
jaypipes	very odd..	21:00
Vek	and I didn't touch any of the scrubber code	21:00
jaypipes	of course	21:00
Vek	s1rp: could it be some sort of timing-related change?	21:01
*** bengrue has joined #openstack-dev		21:01
s1rp	Vek: i guess that's possible..	21:03
soren	vishy: Awesome, thanks.	21:03
openstackgerrit	James E. Blair proposed a change to openstack/openstack-ci-puppet: Fix crontab typos for gerrit jobs. https://review.openstack.org/240	21:03
openstackgerrit	James E. Blair proposed a change to openstack/openstack-ci-puppet: Move puppet cron job to global server config. https://review.openstack.org/241	21:03
soren	vishy: phew, thought I was losing it there for a few minutes :)	21:03
vishy	soren: bug 826966	21:04
uvirtbot	Launchpad bug 826966 in nova "authorize source security group fails with euca2ools 1.2" [Undecided,New] https://launchpad.net/bugs/826966	21:04
* Vek hrms...		21:04
*** jakedahn has joined #openstack-dev		21:04
anotherjesse	anyone besides sandy able to push novaclient to pypi?	21:04
Vek	ok, this is weird	21:04
*** martine has quit IRC		21:05
Vek	test_immediate_delete() cleans up, starts servers, adds an image, then does "SELECT * FROM images WHERE status = 'pending_delete'" and expects to get an empty list back	21:05
Vek	and it's not.	21:05
s1rp	Vek: does tests.sqlite need to be deleted first	21:06
Vek	that's what I'm wondering...	21:07
*** anotherjesse_ has joined #openstack-dev		21:07
* Vek does an rm and sees what happens...		21:07
Vek	no, rm wasn't sufficient...	21:08
*** anotherjesse has quit IRC		21:09
*** anotherjesse_ is now known as anotherjesse		21:09
*** lts has quit IRC		21:10
kbringard	upgrade to rm -rf	21:11
kbringard	:-p	21:11
Vek	kbringard: you first :P	21:12
jaypipes	Vek: do a diff between the tests.functional.__init__.py file in master vs. topic branch...	21:13
Vek	jaypipes: I diff a full-up diff between the branch; I don't recall __init__.py being touched.	21:13
Guest77784	hi all, can i ask a quick question about networking in d3?	21:14
Vek	I take that back, it was...	21:14
jaypipes	Vek: yeah, just a little change: https://review.openstack.org/#patch,sidebyside,201,6,glance/tests/functional/__init__.py	21:14
Vek	but I can't see how this change would cause problems.	21:14
Vek	+context_class = glance.registry.context.RequestContext	21:14
jaypipes	Vek: me neither...	21:14
jaypipes	Vek: still digging..	21:15
Vek	I added some debugging prints to that test case, and there are several images already in the database at the point of failure, one in the pending_delete state.	21:16
Vek	best guess is the db is not getting cleaned up properly	21:17
*** chipc has quit IRC		21:17
jaypipes	Vek: got it.	21:17
jaypipes	Vek: line 88 of glance/store/scrubber.py	21:17
jaypipes	Vek: passing in the wrong Context...	21:17
jaypipes	Vek: needs to be the new RegistryContext I believe.	21:18
*** letterj has left #openstack-dev		21:18
Vek	jaypipes: hmmm, could be...	21:19
* Vek tries...		21:19
jaypipes	Vek: the scrubber test failure messages are a bit confusing... they appear that way if something goes wrong with the scrubber daemon in any way. the error doesn't represent what is really wrong...	21:19
Vek	yay, that seemed to fix it.	21:20
openstackgerrit	Kevin L. Mitchell proposed a change to openstack/glance: Add support for shared images https://review.openstack.org/201	21:20
Vek	submitted...	21:21
openstackgerrit	Verification of a change to openstack/glance failed: Add support for shared images https://review.openstack.org/201	21:33
jaypipes	Vek: hehe, yet another failure. different this time, though :) https://jenkins.openstack.org/job/glance/89185/console	21:34
Vek	sigh now what.	21:34
Vek	yeah, and it didn't show up when I ran the tests.	21:34
* Vek restarts		21:35
openstackgerrit	A change was merged to openstack/glance: Add support for shared images https://review.openstack.org/201	21:37
Vek	ok, that's slightly disturbing. I run tests twice and no error; jenkins runs the tests and gets an obscure error the first time, then succeeds the second time...	21:39
* Vek doesn't know what to make of that.		21:39
*** markvoelker has quit IRC		21:42
*** mfer has quit IRC		21:43
*** kbringard has quit IRC		21:55
openstackgerrit	Yogeshwar Srikrishnan proposed a change to openstack/keystone: Additional changes to fix minor service support stuff and increase test coverage. https://review.openstack.org/242	22:07
*** cp16net has quit IRC		22:07
*** anotherjesse has quit IRC		22:10
*** anotherjesse has joined #openstack-dev		22:23
jaypipes	Vek: was a cache problem on the jenkins server...	22:24
jaypipes	Vek: w00t. \o/ merged finally :)	22:29
openstackgerrit	Yogeshwar Srikrishnan proposed a change to openstack/keystone: Additional changes to fix minor service support stuff and increase test coverage. https://review.openstack.org/242	22:30
Guest77784	can someone support me for a minute?	22:33
Guest77784	i need help to setup network in d3	22:33
*** bsza has quit IRC		22:34
Guest77784	ttylinux test vm starts but doesn't recognise eth0	22:34
Guest77784	nor meta-data server	22:34
Guest77784	i don't know where can i find the solution	22:35
Guest77784	i am blocked since this morning	22:35
Guest77784	the error is eth0 is not a recognized interface.	22:38
*** yogirackspace has left #openstack-dev		22:39
*** zorzar has quit IRC		22:54
*** zorzar has joined #openstack-dev		22:56
*** rnirmal has quit IRC		22:58
openstackgerrit	A change was merged to openstack/openstack-ci-puppet: Fix crontab typos for gerrit jobs. https://review.openstack.org/240	22:58
openstackgerrit	A change was merged to openstack/openstack-ci-puppet: Move puppet cron job to global server config. https://review.openstack.org/241	22:59
*** anotherjesse has quit IRC		23:11
*** anotherjesse has joined #openstack-dev		23:11
*** dragondm has quit IRC		23:28
*** bengrue has quit IRC		23:35
*** amccabe has quit IRC		23:40

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!