Tuesday, 2013-12-17

« Monday, 2013-12-16 Index Wednesday, 2013-12-18 »
*** jorgem has quit IRC00:00
*** jmcbride has joined #openstack-dns00:05
*** nosnos has joined #openstack-dns00:54
*** jmcbride has quit IRC01:03
*** nosnos has quit IRC01:06
*** nosnos has joined #openstack-dns01:06
*** shakayumi has joined #openstack-dns01:51
*** jmcbride has joined #openstack-dns02:22
*** jmcbride has quit IRC02:33
*** ctracey is now known as ctracey|away03:01
*** hyperlowerlayer has joined #openstack-dns03:18
*** jmcbride has joined #openstack-dns03:24
*** shakayumi has quit IRC03:24
*** jmcbride has quit IRC03:43
*** hyperlowerlayer has quit IRC05:24
*** HenryG has quit IRC06:43
*** HenryG has joined #openstack-dns07:10
*** HenryG has quit IRC08:43
*** HenryG has joined #openstack-dns08:44
*** nosnos has quit IRC09:07
*** nosnos has joined #openstack-dns09:07
*** jmcbride has joined #openstack-dns10:55
*** jmcbride has quit IRC11:24
*** HenryG has quit IRC11:50
*** jmcbride has joined #openstack-dns11:57
*** CaptTofu has quit IRC12:02
*** CaptTofu has joined #openstack-dns12:03
*** shakayumi has joined #openstack-dns12:06
*** jmcbride1 has joined #openstack-dns12:07
*** jmcbride has quit IRC12:08
*** CaptTofu has quit IRC12:14
*** CaptTofu has joined #openstack-dns12:14
*** jmcbride1 has quit IRC12:23
*** jmcbride has joined #openstack-dns12:23
openstackgerritA change was merged to stackforge/python-designateclient: Fix and enable gating on H306  https://review.openstack.org/6237912:26
*** nosnos has quit IRC12:51
*** shakayumi has quit IRC13:10
*** shakayumi has joined #openstack-dns13:11
*** shakayumi has quit IRC13:15
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: Provide support for "All Tenants" access  https://review.openstack.org/5978513:47
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: WIP: RRSets  https://review.openstack.org/5940913:47
kiallNo idea how I ended up adding plies of new code onto a old revision of that PS :( Hopefully sorted -_-13:47
*** shakayumi has joined #openstack-dns13:54
*** HenryG has joined #openstack-dns14:00
*** eankutse has joined #openstack-dns14:22
*** eankutse1 has joined #openstack-dns14:22
*** eankutse has quit IRC14:22
*** shakayumi has quit IRC14:31
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: WIP: RRSets  https://review.openstack.org/5940914:48
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: Introduce RecordSets concept to core, and add initial RRSet API to v2  https://review.openstack.org/5940914:51
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: Introduce RecordSets concept to core, and add initial RRSet API to v2  https://review.openstack.org/5940915:14
openstackgerritKiall Mac Innes proposed a change to stackforge/designate: Introduce RecordSets concept to core, and add initial RRSet API to v2  https://review.openstack.org/5940915:17
*** jmcbride has quit IRC15:21
*** jmcbride1 has joined #openstack-dns15:21
*** msisk has joined #openstack-dns15:26
openstackgerritEndre Karlson proposed a change to stackforge/designate: Part 1 of FloatingIP PTR record functionality  https://review.openstack.org/5831615:27
*** betsy has quit IRC15:35
*** CaptTofu has quit IRC15:44
*** HenryG has quit IRC16:14
*** HenryG has joined #openstack-dns16:14
*** jmcbride1 has quit IRC16:15
*** betsy has joined #openstack-dns16:15
*** jmcbride has joined #openstack-dns16:17
*** jmcbride has quit IRC16:30
*** CaptTofu has joined #openstack-dns16:35
*** CaptTofu has quit IRC16:37
*** CaptTofu has joined #openstack-dns16:37
*** CaptTofu has quit IRC16:38
*** CaptTofu has joined #openstack-dns16:38
*** jmcbride has joined #openstack-dns16:49
*** jmcbride has quit IRC16:56
*** eankutse1 has quit IRC17:06
*** eankutse has joined #openstack-dns17:07
*** rjrjr has joined #openstack-dns17:15
*** jorgem has joined #openstack-dns17:22
*** jmcbride has joined #openstack-dns17:27
*** jmcbride has quit IRC17:32
*** simonmcc has quit IRC17:51
*** simonmcc has joined #openstack-dns17:57
*** simonmcc has quit IRC17:57
*** simonmcc has joined #openstack-dns17:58
*** simonmcc has quit IRC17:58
*** simonmcc has joined #openstack-dns17:58
*** jmcbride has joined #openstack-dns18:00
eankutseKiall: Heya18:04
kialleankutse: heya18:05
eankutseregarding Filtering API, what do you think about the ff highlevel logic?:18:06
eankutse1. User uses the regular search request with appropriate filters specified and indication of whether to do exact match or substring match. Also sets, a header X-ALL-TENANTS to true or false to indicate intent to search all tenants18:07
eankutseFor example:18:07
eankutseGET /v2/zones?name=example.com&match-type=exact HTTP/1.118:07
eankutse Host: http://dns.provider.com18:07
eankutse Accept: application/json18:07
eankutse X-Auth-Token: KeyStoneAuth_*****18:07
eankutse X-All-Tenants: true18:07
eankutse2. In middleware.py:KeystoneMiddleware::process_request(), during the construction of DesignateContext18:07
*** jmcbride has quit IRC18:07
kiallSo, re setting all-tenants, I think mugsie made a good point to me the other day .. all_tenants is only ever used on a GET request, so placing it in the query string as ?all_tenants=true actually makes sense18:08
eankutse- we determined that X-ALL-TENANTS is set to True signaling intent to perform this operation on all tenants18:08
eankutse- we perform policy check (in the API before we pass on to Central)18:08
eankutse- if we confirm the user has this right to perform the operation across all tenants,18:08
eankutse- we set context.all_tenants=True18:08
eankutse- we let the request proceed to Central18:08
eankutse- if we cannot confirm the user has this right to perform the operation across all tenants, we reject the request with appropriate message18:08
eankutse3. In Central:18:08
eankutse- issue the correct SQL query against the storage database using the request query parameter as WHERE clause value18:08
kiallFreenode is moments away from kicking you for flooding BTW - they rate limit all users :)18:09
kiallBut, yes, that looks like it makes sense and is along the lines I was thinking of.18:10
eankutseok. So make it query param rather than header?18:10
eankutse;-)18:10
eankutse:-(18:10
eankutseso do you see everything so far?18:10
eankutsemaybe I'll use pastie18:10
eankutsek.18:11
eankutseAlso18:11
kiallYea - I got it all I think..18:12
eankutseWhat changes would be necessary, if any, in policy files to allow for a user to have this privilege but not be and admin?18:12
eankutseI.e, be able to use all-tenants but not be admin18:12
kiallno changes to the core policy code, we'd just need a new entry in the policy file18:12
kiallOut of the box, that should restrict to admins.. But the policy file is a configuration file, so it can be customized to allow, say, both admin and support access to the ferature18:13
kiallfeature*18:13
eankutsek18:13
eankutseSo what next steps would you like me to help with?18:13
eankutseDo we need updates to blueprints etc?18:13
eankutsek18:14
*** jmcbride has joined #openstack-dns18:14
kiallI think the all-tenants piece can just be doc'd in the V2 spec, rather than a blueprint on it's own (it's a TODO in spec as is..)18:15
kiallFiltering probably needs a bp/wiki page with examples of how the various types of filtering would work..18:16
eankutseI have description of about 18 use cases/test cases specified that would help test this.18:18
eankutseSo let me know what I can help with so we don't duplicate efforts. I'd be glad to work on this if you have other stuff going right now :-)18:18
eankutseinfact, i have time allocated for this in our current development sprint18:18
kiallGreat :) I'm at the point where I think https://review.openstack.org/59409 needs to be merged, The V1 API parts of it should be pretty stable.. and V2 is still marked as "experimental".. So, bigfixes can come over the next while.18:19
eankutseok. I'll tackle Filtering bp/wiki page with examples of how the various types of filtering would work..18:19
kiallThat then leaves the door for getting all_tenants, filtering and pagination started ;)18:20
kiallWe also have a possible (but somewhat radical) proposal to fix some of the issues brought up during the BP planning meet last week :)18:21
*** eankutse has quit IRC18:23
*** eankutse has joined #openstack-dns18:24
eankutsegot disconnected for a sec18:24
kiall18:09 <eankutse> ok. I'll tackle Filtering bp/wiki page with examples of how the various types of filtering would work..18:25
kiall18:09 <kiall> That then leaves the door for getting all_tenants, filtering and pagination started ;)18:25
kiall18:11 <kiall> We also have a possible (but somewhat radical) proposal to fix some of the issues brought up during the BP planning meet last week :)18:25
kialllast few messages..18:25
*** vipul is now known as vipul-away18:26
eankutseyes. I got those two18:26
eankutseWhich specific issues are these?18:26
eankutsemaybe details in meeting IRC tomorrow?18:27
kiallBIND9 support, RFC Dynamic DNS, Transnational Zone Updates, simplification of DNSSEC (I think) etc18:27
eankutseok. The whole 9 yards!18:28
kiallYea - It has *lots of implications* but .. tis pretty radical ;)18:28
*** jorgem has quit IRC18:28
*** jorgem has joined #openstack-dns18:29
eankutseCool. Looking forward to details when available :-)18:29
kiallStill trying to understand the whole thing myself ;)18:30
eankutse:-)18:30
eankutseMaybe you introduce the "radical" ideas and we chime in to make it clearer18:30
eankutseIn the mean time18:31
kiallThat's the plan :)18:31
eankutseI'll get to work on the Filtering bp18:31
kiallCool :)18:32
*** jmcbride has quit IRC18:38
*** vipul-away is now known as vipul18:46
*** vipul is now known as vipul-away19:01
*** jmcbride has joined #openstack-dns19:05
*** eankutse has quit IRC19:10
*** msisk has quit IRC19:10
*** eankutse has joined #openstack-dns19:11
*** betsy has quit IRC19:38
*** jmcbride has quit IRC19:42
*** CaptTofu has quit IRC19:45
*** CaptTofu has joined #openstack-dns19:46
*** vipul-away is now known as vipul19:51
*** vipul-away has joined #openstack-dns19:52
*** jmcbride has joined #openstack-dns20:00
*** jmcbride has quit IRC20:06
*** jmcbride has joined #openstack-dns20:11
*** jmcbride has quit IRC20:13
*** jmcbride has joined #openstack-dns20:15
*** vipul-away is now known as vipul20:19
eankutseKiall/Mugsie: In Designate v1, is there a way to retrieve NS records for a domain?20:19
eankutseGET /domains/89acac79-38e7-497d-807c-a011e1310438/records does not seem to return them?20:20
eankutseUnless it is an NS that you created explicitly. The "default" ones don't seem to be returned20:22
kiallGET /domains/89acac79-38e7-497d-807c-a011e1310438/servers returns the list of nameservers to delegate the domain to20:24
eankutseyes20:24
eankutsebut the NS records seems to be hidden then?20:24
eankutseNot displayed to user on request for records on the domain?20:25
kiallYea, they don't get shown as part of the record list to the user..20:26
*** zane has joined #openstack-dns20:26
kiall(There was a reason for that originally, but, I'm not convinced myself anymore, and can't remember exactly what the reason was.. )20:26
eankutsek :-)20:27
rjrjrthe NS record is not in the records table maybe?20:28
eankutserjrjr: The NS records exist in Central/Storage in this case tho20:29
eankutseso like Kiall mentioned above20:29
eankutsethere was a design decision made at some point to justify not displaying then on list records20:29
eankutsebut maybe that needs to be revisited.20:30
rjrjrCentral/Storage = Designate database, correct?20:31
*** vipul is now known as vipul-away20:31
eankutseyes20:32
kiallYea, the NS records don't exist in the designate DB, but do exist in the backend .. e.g. bind/powerdns..20:34
kiallI frankly don't remember the exact reasoning, something to do with A) there immutable by the end user, and B) there "generated" records rather than user-created20:34
kiallBut .. That doesn't really hold up anymore, and should probably be revisited20:35
rjrjrfrom what i'm seeing in the database, the first NS record is not stored in the records table, but instead is in the servers table.  that record is not shown when you list the records for a zone.20:37
rjrjrif you add another NS record, it is listed with the other records.20:37
kiallrjrjr: exactly..20:37
kiallbrb20:39
eankutseohh :-)20:39
rjrjrand now that i'm reading what eankutse wrote, i'm just repeating what was already said. :)20:40
*** vipul-away is now known as vipul20:43
*** msisk has joined #openstack-dns20:49
*** vipul is now known as vipul-away20:52
*** msisk has quit IRC21:01
*** vipul-away is now known as vipul21:12
*** jmcbride has quit IRC21:17
*** uggenstroy has joined #openstack-dns21:30
*** briancline has quit IRC21:39
*** uggenstroy has quit IRC21:42
*** briancline has joined #openstack-dns21:52
*** betsy has joined #openstack-dns22:08
*** jmcbride has joined #openstack-dns22:16
*** eankutse has quit IRC22:18
*** jmcbride has quit IRC22:19
*** zane has quit IRC23:37
*** jorgem has quit IRC23:58
« Monday, 2013-12-16 Index Wednesday, 2013-12-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!