Tuesday, 2014-01-14

« Monday, 2014-01-13 Index Wednesday, 2014-01-15 »
*** krotscheck has quit IRC02:59
*** SergeyLukjanov has joined #storyboard04:52
*** SergeyLukjanov has quit IRC06:12
*** SergeyLukjanov has joined #storyboard07:35
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Introducing basic REST API  https://review.openstack.org/6311808:42
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Introducing basic REST API  https://review.openstack.org/6311808:43
*** ruhe has joined #storyboard08:49
*** _ruhe has joined #storyboard08:53
*** ruhe has quit IRC08:53
*** _ruhe is now known as ruhe08:54
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Introducing basic REST API  https://review.openstack.org/6311809:07
*** NikitaKonovalov has joined #storyboard09:07
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Introducing basic REST API  https://review.openstack.org/6311809:39
*** ruhe is now known as ruhe_away09:41
*** ruhe_away is now known as ruhe09:41
*** ruhe is now known as ruhe_away09:42
*** ruhe_away is now known as ruhe09:49
ttxwe'll have our meetings on #openstack-meeting, I grabbed our time slot09:59
*** ruhe is now known as ruhe_away10:00
*** ruhe_away is now known as ruhe10:01
SergeyLukjanovttx, cool10:02
ruhettx: the more eyes, the better10:02
*** NikitaKonovalov has quit IRC10:24
*** NikitaKonovalov has joined #storyboard10:27
*** ruhe is now known as ruhe_away10:31
*** ruhe_away is now known as _ruhe10:41
*** _ruhe is now known as ruhe11:11
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Load projects from yaml file  https://review.openstack.org/6628011:55
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: Get rid of Django  https://review.openstack.org/6601611:59
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: [WIP] Add tests for Alembic migrations  https://review.openstack.org/6641412:00
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Load projects from yaml file  https://review.openstack.org/6628012:07
*** SergeyLukjanov has quit IRC12:18
*** SergeyLukjanov has joined #storyboard12:19
*** ruhe is now known as ruhe_away12:42
*** ruhe_away is now known as ruhe12:51
*** SergeyLukjanov has quit IRC12:53
*** SergeyLukjanov has joined #storyboard12:54
openstackgerritNikita Konovalov proposed a change to openstack-infra/storyboard: Introducing basic REST API  https://review.openstack.org/6311813:20
*** ruhe is now known as ruhe_away13:23
*** ruhe_away is now known as _ruhe13:31
*** _ruhe is now known as ruhe13:32
*** SergeyLukjanov is now known as _SergeyLukjanov13:40
*** _SergeyLukjanov has quit IRC13:40
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: Add tests for Alembic migrations  https://review.openstack.org/6641413:41
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: Add tests for Alembic migrations  https://review.openstack.org/6641413:46
*** miqui has joined #storyboard13:53
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: [Don not review] Add tests for Alembic migrations  https://review.openstack.org/6641414:03
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: [Don not review] Add tests for Alembic migrations  https://review.openstack.org/6641414:04
*** SergeyLukjanov has joined #storyboard14:06
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: Add tests for Alembic migrations  https://review.openstack.org/6641414:17
*** ruhe is now known as ruhe_away15:05
*** ruhe_away is now known as _ruhe15:11
*** _ruhe is now known as ruhe15:12
*** krotscheck has joined #storyboard15:31
krotscheckHey everyone!15:31
krotscheckSo, given that I'm not a huge python expert, can someone give me a technical summary of the steps necessary to migrate from our current django app to a lighter-weight pecan/wsme app?15:33
krotscheckI've managed to get to a small hello world API using pecan/wsme, so that's good, however I haven't gotten to the point of going all the way from the database to a client yet.15:34
krotscheck(most of my work right now is on github/kroscheck/storyboard-api if you're curious)15:34
NikitaKonovalovhi15:34
NikitaKonovalovthere is a patch on review right now with a pecan app15:35
NikitaKonovalovhttps://review.openstack.org/#/c/63118/15:35
krotscheckNikitaKonovalov: Oh, nice,15:35
NikitaKonovalovit depends no a database patch form mordred15:35
mordredmorning all15:36
ruhehi15:36
krotscheckNikitaKonovalov: Actually, that's perfect.15:36
mordredkrotscheck: the steps in my head are these:15:36
mordred1) add sqlalchemy backend (almost done)15:37
krotscheckkk15:37
mordred2) migrate existing django view code to use sqlalchemy instead of django orm aps15:37
mordred3) delete django orm code15:37
mordred4) add pecan/wsme app to code base to run alongside django15:37
mordred5) spin up the js frontend to talk to pecan/wsme app15:38
krotscheckSeems like 2 and 4 can happen simultaneously15:38
mordred6) delete django html poo (patch already exists for this)15:38
mordredkrotscheck: yes. you are right. 2 and 4 can happen in parallel15:38
krotscheckAnd with NikitaKonovalov's patch I can do 5.15:38
mordredyup15:38
ruhelooks like almost everything is already on review15:39
ruheexcept #515:39
krotscheckRight, but 5 is dependent on actually getting the webclient in.15:39
mordredwell, 2 isn't anywhere15:39
krotscheckSince infra doesn' tknow about it yet.15:39
krotscheckmordred: If 5 happens faster we can skip 215:39
mordredI keep harping on 2 because as soon as 2 is up, we can deploy the current code without screwing anything else15:40
mordredbut krotscheck is right - we might just get 5 done before we actually get 2 done15:40
krotscheck...mostly because 2 has to go through the full gerrit review process while I can monkeypatch 5 into my github before someone +2's the build change.15:40
ruheand i wouldn't hurry with migration of view code since object model could be significantly changed after sprint in brussels15:41
krotscheckmordred, did you let everyone know about our like-to-have milestone this week?15:42
krotscheck(As a side note, I have two technical requests if someone else has time, the first is CORS support, the second is trying to figure out how to handle authentication)15:44
krotscheck(Mostly because once CORS hits, we can't rely on sessions anymore because of browser sandboxing)15:44
NikitaKonovalovkrotscheck, I was trying to find a kind of an authentication framework for pecan15:45
krotscheckNikitaKonovalov: Any luck?15:46
NikitaKonovalovand it seem there is nothing ready-to-use right now15:46
NikitaKonovalovthere are common advice, like "setup a session middleware and do what you want" but I havent tryed it yet15:46
ruhedhellman might help with auth question15:47
krotscheckNikitaKonovalov: If all else fails, we could use the OpenID server to act as an authorization endpoint to get a trust relationship, and then use Storyboard to issue an OAuth2 token.15:48
krotscheckNikitaKonovalov: It'd be sortof like RFC6749 section 4.3, except we use the OpenID response as the password.15:48
ruhekrotscheck: i'd say OpenID is the only option for us15:49
ruhesince everything in OS is based on OpenID15:49
krotscheckruhe: How does OpenID work in the case where you don't have session control? (say, a CLI client)15:49
ruhe* in OS infrastructure (Jenkins, Gerrit, etc)15:49
krotscheckruhe: (Just point me at a section in the spec, I'm having trouble finding it...)15:51
ruhekrotscheck: sorry, i don't have experience in this area. i'm googling it now :)15:52
krotscheckruhe: Great, I don't feel like so much of an idiot now :D15:52
*** NikitaKonovalov has quit IRC15:53
*** SergeyLukjanov has quit IRC15:53
krotscheckWhat I alluded to earlier was that jeblair's on vacation this week, and he'll be back monday. He's been... well, let's just say that he really hates launchpad and wants to have _something_ we can iterate on sooner rather than later.15:54
krotscheckSo the question is, assuming we can have gothicmindfood sit on mordred's head to get our reviews through, do you guys think it's possible to get the pecan/wsme thing paired with the web client and onto a server by monday morning?15:55
* krotscheck thinks it's very ambitious.15:55
* mordred thinks it's doable in theory15:56
*** drdee has joined #storyboard15:56
*** ruhe is now known as ruhe_away16:00
krotscheck...I hear silence.16:01
*** ruhe_away is now known as _ruhe16:09
cody-somervillekrotscheck: re: OpenID for CLI Client, the way Launchpad does it is that the client launches browser to url to get OAuth token. If you're not already logged in, you then authenticate via OpenID  in browser and are then delivered to page to authorize the token.16:23
*** SergeyLukjanov has joined #storyboard16:41
*** _ruhe is now known as ruhe16:51
*** gothicmindfood has joined #storyboard16:54
*** krotscheck has quit IRC16:55
*** gothicmindfood_ has joined #storyboard17:01
*** gothicmindfood has quit IRC17:02
ruhettx: maybe we should change url in channel topic to canonical http://git.openstack.org/cgit/openstack-infra/storyboard/ ?17:06
ruheand info about weekly meeting17:06
*** ruhe is now known as ruhe_away17:07
ttxLet me see if I can17:07
ttxnope I can't17:08
ttxcody-somerville: you should be able to fix that ^17:09
ttxMeeting is now 1600 UTC in #openstack-meeting17:09
cody-somervillehmm... I thought I had made it so you didn't need to be op to change topic17:09
cody-somervilleone sec17:09
ttxyou have KEEPTOPIC GUARD set17:09
cody-somervilleneither should prohibit topic changes by non-ops. It's TOPICLOCK that does that. IIRC.17:11
cody-somervillehmm17:12
ttxcody-somerville: +t is set17:13
cody-somervilleYea, that'll do it.17:13
*** ChanServ sets mode: +o cody-somerville17:13
*** cody-somerville sets mode: -t 17:14
*** cody-somerville sets mode: -o cody-somerville17:14
* ttx tries again17:14
*** ttx changes topic to "Storyboard | http://git.openstack.org/cgit/openstack-infra/storyboard/ | Weekly Meeting: Thursdays at 16:00 UTC in #openstack-meeting"17:14
ttxwoohoo17:14
*** ruhe_away is now known as _ruhe17:17
*** NikitaKonovalov has joined #storyboard17:47
miquiwhats a decent+ OpenID server?17:50
*** NikitaKonovalov has quit IRC17:51
*** NikitaKonovalov has joined #storyboard17:52
*** NikitaKonovalov has quit IRC17:57
*** NikitaKonovalov has joined #storyboard17:57
*** drdee has quit IRC17:59
*** NikitaKonovalov has quit IRC18:01
*** drdee has joined #storyboard18:05
*** NikitaKonovalov has joined #storyboard18:07
cody-somervillemiqui: Most Open Stack web properties authenticate against the Launchpad OpenID server.18:08
*** NikitaKonovalov has quit IRC18:10
*** NikitaKonovalov has joined #storyboard18:15
*** krotscheck has joined #storyboard18:19
*** NikitaKonovalov has quit IRC18:28
*** _ruhe is now known as ruhe18:30
ruhemorded might correct me, but afaik there is a work to migrate from Launchpad OpenID to OpenStack OpenID service - https://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/manifests/openid_dev.pp18:33
*** NikitaKonovalov has joined #storyboard18:33
miquihi cody-summerwille... yeah i know about the launchpad id , but i was referring to storyboard and what is the strategy for it?18:37
miquisorry...for typo...somerville...18:37
*** NikitaKonovalov has quit IRC18:37
miquiif launchpad id is to be avoided alltogether then what is going to be used to generate the OpenIDs ?18:38
*** NikitaKonovalov has joined #storyboard18:38
ruhemiqui: we're bound to Launchpad OpenID as long as other OpenStack projects (gerrit for instance) use it18:40
miquiok thanks ruhe18:40
ruhemiqui: that's just my imho. cody-somerville might have a different point of view :)18:41
*** krotscheck has quit IRC18:42
* miqui waiting for cody-sumerville18:42
*** krotscheck has joined #storyboard18:47
*** NikitaKonovalov has quit IRC18:47
cody-somervilleAgreed. We're bound to continue to use Launchpad OpenID until we're able to migrate people to an OpenStack OpenID service.18:51
*** NikitaKonovalov has joined #storyboard18:52
krotscheckNikitaKonovalov: Just spun up your API layer, looking good so far.18:56
*** NikitaKonovalov has quit IRC18:57
*** SergeyLukjanov has quit IRC18:58
krotscheckWhich openID provider we use is relatively irrelevant - the thing cody-somerville pointed out is that once we've established a trust relationship (i.e. once OpenID has said: Yes, this is a person) we need to grant that user some method of authenticating against our API. Usually, when everything happens on one domain, you can do that via the browser session. In multi-domain situations though you have to work around the browser sandbox.18:58
*** NikitaKonovalov has joined #storyboard18:58
*** SergeyLukjanov_ has joined #storyboard18:59
krotscheckApparently, launchpad does this by issuing an OAuth token to that particular user.18:59
krotscheckThe outstanding question is whether the OpenID spec allows for something similar, so we don't have to use two protocols.19:00
*** SergeyLukjanov_ has quit IRC19:03
krotscheckI'm currently reading the spec to figure that out.19:03
*** NikitaKonovalov has quit IRC19:03
*** SergeyLukjanov has joined #storyboard19:03
cody-somervilleOpenID has a pretty different use case. OAuth allows you to do things like only allow a subset of resources to be accessed with the token.19:05
cody-somervillehttp://softwareas.com/oauth-openid-youre-barking-up-the-wrong-tree-if-you-think-theyre-the-same-thing might be a good blog post describing the similarities and differences.19:08
krotscheckcody-somerville: Yeah, one's strictly identification, the other's more scope authorization.19:09
krotscheckThankfully the oauth2 spec finalized last october.19:09
krotscheckAnd I _think_ one of those authorization patterns will work for us. Have you taken a look at the different approaches (Section 4)19:09
*** NikitaKonovalov has joined #storyboard19:10
*** NikitaKonovalov has quit IRC19:14
cody-somervillekrotscheck: Right. The OpenID service would be used to handle the authentication bit in all those scenarios.19:17
krotscheckcody-somerville: Alright, let me throw a flowchart together. Do we have any diagramming tools available?19:19
*** NikitaKonovalov has joined #storyboard19:19
mordredso - another thing to consider ... (or it might be what you're considering already)19:19
cody-somervillekrotscheck: Google docs works for me. The text diagrams in the spec are also pretty good.19:20
gothicmindfood_krotscheck: did someone say flowchart? ;-)19:20
ruhekrotscheck: most people i know doodling diagrams in google documents19:20
mordredif we make storyboard an oauth provider, that can be what you use to do api things - and you can get your oauth token by logging in via openid19:20
mordredhowever, we may also want non-human accounts19:21
mordredgerrit handles that by allowing the creation of a user by an admin outside of the openid flow19:21
krotscheckmordred: We absolutely want non-human accounts- gothicmindfood_ , do we have room in any of the upcoming sprints?19:22
krotscheckWhat flavor of OpenID do we currently use? There's a deprecated v1 and a v2 out there19:24
gothicmindfood_krotscheck: room for sliding in OAuth/OpenID work?19:24
cody-somervillemordred: It also isn't difficult to create a role account on OpenID server for that purpose FWIW.19:24
krotscheckgothicmindfood_: We need to do the OAuth/OpenID work for this week, I'm more curious about figuring out how to handle non-human accounts.19:25
mordredcody-somerville: indeed - and we do that as well ... but the gerrit model of not needing to touch launchpad for a gerrit service accoutn is nice19:25
mordredhowever, I could go with either19:25
cody-somervilleI'm sure it's not difficult to do either or.19:25
* cody-somerville wonders why keystone doesn't do OpenID auth.19:26
krotscheck mordred cody-somerville - Github and Bitbucket handle that by attaching an SSH pub key to an account. How that account is generated can be done via admin.19:26
cody-somervillekrotscheck: Launchpad supports both OpenID 2.0 and 1.1.19:26
gothicmindfood_cody-somerville: why does keystone do anything it does? (or doesn't do?) ;-)19:26
krotscheckcody-somerville: Thanks19:26
*** ruhe is now known as ruhe_away19:30
*** ruhe_away is now known as ruhe19:33
mordredI think this auth question may be the last thing we don't understand19:33
*** NikitaKonovalov has quit IRC19:34
krotscheckmordred: Give me 15 minutes on that....19:35
mordredkrotscheck: NO! YOU KNOW NOW!!!19:36
* mordred kids19:36
krotscheckmordred: I do know now, I just have to write it down.19:36
gothicmindfood_krotscheck is going to write the flowchart to end all OAuth/OpenID flowcharts19:37
* mordred really wants direct brain merging19:37
*** NikitaKonovalov has joined #storyboard19:38
krotscheckmordred, gothicmindfood_: First draft http://paste.openstack.org/show/61211/19:40
mordredkrotscheck: I'd like to both simplify and complicate, if I may19:44
mordredfor OpenStack, I believe we can assume that there will always be one and only one valid openid provider19:44
mordredfor not-OpenStack - we should also talk about how to deploy a storyboard that auths against something like, say, ldap19:45
SergeyLukjanovmordred, it's a good idea19:45
gothicmindfood_mordred: is that what optional #6 comes in?19:45
gothicmindfood_on krotscheck's list19:46
gothicmindfood_?19:46
SergeyLukjanovmordred, so, we'll need some glue and auth framework19:46
gothicmindfood_mordred: sorry, optional #419:46
gothicmindfood_not 619:46
*** NikitaKonovalov has quit IRC19:46
mordredgothicmindfood_: yes. I was mainly just saying we might not need to implement optional #419:46
mordredSergeyLukjanov: yay! pluggable auth frameworks!19:47
SergeyLukjanovmordred, the ony one that I know and that really works is a spring security (java)19:47
gothicmindfood_mordred: Ok. Just making sure I'm following correctly. ;-)19:47
mordredrepoze seems to have some pluggable wsgi middleware19:48
mordredbut I don't know if that's a thing we want to get in to19:49
mordredthere's another option - which is that we could punt in storyboard and expect the containing apache to handle it19:51
*** NikitaKonovalov has joined #storyboard19:51
mordredor...19:52
mordredeven better19:52
mordredI could stop giving options and feedback19:52
* gothicmindfood_ thinks no more mordred feedback = no fun19:52
gothicmindfood_krotscheck: I started a reply to the paste but stopped because I thought you might be updating simultaneously.19:54
ruheetherpad.openstack.org might be a better place for collaborative editing19:54
* gothicmindfood_ <3 etherpad19:55
ttxoh backlog19:57
mordredhey ttx19:58
mordredwe're doing things19:58
mordredand by we, I mean people who are not me19:58
ttxmordred: I think you can use "they" in that case, but then, i'm not a native speaker20:00
mordredttx: bah. silly french influence20:02
krotscheckSorry everyone, was answering the call o fnature20:06
*** NikitaKonovalov has quit IRC20:06
krotscheckhttps://etherpad.openstack.org/p/M6G4iKRZZX20:08
krotscheckPluggable auth is great and wonderful and is going to take a long long time.20:11
krotscheckmordred: How's that +2 for the webclient coming along?20:11
mordredkrotscheck: I'll be working on that today20:12
ruhekrotscheck: yeah, i agree. we might end up in a situation similar to ceilometer and a bunch of backend storages, most of them aren't tested in jenkins and only one of them is recommended for production20:13
*** NikitaKonovalov has joined #storyboard20:13
ruhemordred: i'd appreciate some input on https://review.openstack.org/#/c/65017/ too20:14
krotscheckruhe: Right- perhaps taking the approach of "We'll let you use anything you want for login, but once we know who you are we give you an oauth token" approach.20:14
krotscheckI speak good engrish20:14
mordredkrotscheck: YES20:15
krotscheck.....alllrightey then!20:16
krotscheckThat was enthusiastic20:16
*** gothicmindfood_ has left #storyboard20:20
*** gothicmindfood has joined #storyboard20:21
*** NikitaKonovalov has quit IRC20:25
krotscheckhttp://openid.net/connect/20:27
krotscheck...exactly what we're looking for re OpenID and OAuth20:27
krotscheckI just need to see if it's compatible with OpenID 2...20:30
krotscheck...maybe not :/20:31
*** NikitaKonovalov has joined #storyboard20:33
*** NikitaKonovalov has quit IRC20:35
*** gothicmindfood has left #storyboard20:46
*** miqui has quit IRC20:46
*** gothicmindfood has joined #storyboard20:53
mordredkrotscheck: o hai. can you rebase https://review.openstack.org/#/c/62956/ on top of current master21:06
mordredkrotscheck: and I'll land it21:06
ruhemordred: didn't community agree that editor-specific gitignores shouldn't be in git?21:08
ruhethere was a long thread and this is what i get from it21:08
mordredruhe: I actually think the last thing we agreed on was to put a common file somewhere like oslo and start syncing it when we synced other things - it was the patch churn that was concerning to people21:12
mordredin this case, we have a small enough group working on this that it really doesn't bother me if it's helpful to one of them21:13
ttxI agreed not to care anout it21:13
mordredttx: ++21:13
ruheok, just asked :)21:13
mordredruhe: :)21:14
mordredruhe: speaking of - I'd love to land this: https://review.openstack.org/#/c/66414/721:14
mordredruhe: but I'd like to not delete django until we've got the new webclient up and running - any chance you could rebase it to not depend on django removal patch?21:14
ruhemordred: sure21:15
mordredruhe: thanks!21:15
krotscheckmordred: Willdo, as soon as I'm done with the etherpad.21:15
* mordred has +2 access back - is trying to work through the queue21:15
ttxI'll review things tomorrow21:19
ttxexcept the blocking one that mordred asked me to review now21:20
*** gothicmindfood has quit IRC21:21
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: Add tests for Alembic migrations  https://review.openstack.org/6641421:28
ruhemordred: done and have a green ball in jenkins21:31
mordredruhe: woot21:31
ruhei like that we chose to stick with frameworks adopted by openstack projects - pecan,alembic,etc. it helps to better understand how core projects work21:36
* krotscheck is generally annoyed at the not-helpful-to-implementors way that the OpenID specification is written.21:48
*** david-lyle has joined #storyboard21:49
ttxOK, just approved the SQLAlchemy patch21:51
ttxwill review the rest tomorrow21:51
*** drdee has quit IRC21:51
*** gothicmindfood has joined #storyboard21:58
openstackgerritRuslan Kamaldinov proposed a change to openstack-infra/storyboard: Add tests for Alembic migrations  https://review.openstack.org/6641422:04
*** ruhe is now known as _ruhe22:21
*** SergeyLukjanov has quit IRC22:36
krotscheckOk, done with the etherpad : https://etherpad.openstack.org/p/M6G4iKRZZX22:37
krotscheck(for now)22:37
openstackgerritA change was merged to openstack-infra/storyboard: Add SQLalchemy database model  https://review.openstack.org/6223922:47
openstackgerritMichael Krotscheck proposed a change to openstack-infra/storyboard: Added .gitignore for IntelliJ specific configuration files  https://review.openstack.org/6295622:54
krotscheckmordred: Rebased. Jenkins hasn't picked it up yet though23:05
« Monday, 2014-01-13 Index Wednesday, 2014-01-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!