Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

On 05/16/2017 10:20 AM, Doug Hellmann wrote: Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100: On Tue, 16 May 2017, Monty Taylor wrote: FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll with that until someone has a better idea. I'm uncrazy about it for two

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

On 05/16/2017 03:40 PM, Monty Taylor wrote: > On 05/16/2017 10:20 AM, Doug Hellmann wrote: >> Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100: >>> On Tue, 16 May 2017, Monty Taylor wrote: >>> FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll with

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

On 16 May 2017 at 11:27, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 09:46:19 -0700: >> So another consideration. Do you think whole rule of "not building >> binares" should be reconsidered? We are kind of new use case here. We >> aren't

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

We can put warnings all over it and if folks choose to ignore them, then its they who took the risk and get to keep the pieces when it breaks. Some folks are crazy enough to run devstack in production. But does that mean we should just abandon devstack? No. of course not. I don't think we

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

On Tue, May 16, 2017 at 10:17 AM, Sean McGinnis wrote: > If we just use -dev, there is a high chance there will be a lot of cross- > talk during discussions. There would also be a lot of effort to grep > through the full day of activity to find things relevant to TC >

Re: [openstack-dev] [oslo][concurrency] lockutils lock fairness / starvation

On 05/16/2017 10:45 AM, Joshua Harlow wrote: So fyi, If you really want something like this: Just use: http://fasteners.readthedocs.io/en/latest/api/lock.html#fasteners.lock.ReaderWriterLock And always get a write lock. It is a slightly different way of getting those locks (via a context

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

On 16 May 2017 at 12:36, Jeremy Stanley wrote: > On 2017-05-16 11:46:14 -0700 (-0700), Michał Jastrzębski wrote: > [...] >> So CVE tracking might not be required by us. Since we still use >> distro packages under the hood, we can just use these. > [...] > > I think the question

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

Sorry, I'm a bit late to the discussion. Over the time I've maintained openstack clouds, I've seen many times, integration issues pop up between distro packages and openstack packages. The released openstack packages are usually fine. Changes in the distros break kolla builds over time. In

[openstack-dev] [all][release] sphinx 1.6.1 behavior changes triggering job failures

We now have 2 separate bugs related to changes in today's Sphinx 1.6.1 release causing our doc jobs to fail in different ways. https://bugs.launchpad.net/pbr/+bug/1691129 describes a traceback produced when building the developer documentation through pbr.

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

I'm not sure I follow the problem. The containers being built don't pull from infra's mirrors, so they can be secure containers. Once built, during deploy/testing, they don't install anything, so shouldn't have any issues there either. Am I misunderstanding? Thanks, Kevin

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

On 16 May 2017 at 11:33, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 08:20:17 -0700: >> On 16 May 2017 at 08:12, Doug Hellmann wrote: >> > Excerpts from Michał Jastrzębski's message of 2017-05-16 06:52:12 -0700: >>

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

On Tue, May 16, 2017 at 1:02 PM, Jeremy Stanley wrote: > rooters these days). Something like "tc-members" can be used to > address a question specifically to those on the TC who happen to be > around and paying attention and also gives people looking at the > logs a useful

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

Jeremy Stanley wrote: > On 2017-05-16 09:38:34 -0400 (-0400), Davanum Srinivas wrote: >> See $TITLE :) > > Trying not to rehash other points, I'm in favor of using > #openstack-dev for now until we see it's not working out. Creating a > new channel for this purpose before we've even undertaken

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

Security is a spectrum, not a boolean. I know some sites that have instituted super long/complex password requirements. The end result is usually humans just writing pw's down on stickies then since its too hard to remember, making security worse, not better. Humans are always the weakest link

Re: [openstack-dev] [vitrage] [nova] [HA] VM Heartbeat / Healthcheck Monitoring

Afek, Ifat (Nokia - IL/Kfar Sava) wrote: On 16/05/2017, 4:36, "Sam P" wrote: Hi Greg, In Masakari [0] for VMHA, we have already implemented some what similar function in masakri-monitors. Masakari-monitors runs on nova-compute node,

Re: [openstack-dev] [oslo] Can we stop global requirements update?

On Tue, May 16 2017, Andreas Jaeger wrote: > It is needed to generate the translations, but can't we move it for > oslo-i18n into test-requirements? I've pushed this and it seems to work, pretty sure it's safe. https://review.openstack.org/#/c/465014/ If we can merge this today and then

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

On Tue, May 16, 2017 at 11:13:05PM +0200, Thierry Carrez wrote: > Sean Dague wrote: > > On 05/16/2017 03:59 PM, Thierry Carrez wrote: > >> Thierry Carrez wrote: > >>> Here we have a clear topic, and TC members need to pay a certain level > >>> of attention to whatever is said. Mixing it with other

Re: [openstack-dev] [horizon][api][docs] Feedback requested on proposed formatting change to API docs

On Tue, May 16, 2017 at 05:13:16PM -0500, Monty Taylor wrote: > Hey all! > > I read the API docs A LOT. (thank you to all of you who have worked > on writing them) > > As I do, a gotcha I hit up against a non-zero amount is mapping the > descriptions of the response parameters to the form of the

[openstack-dev] [acceleration]Cyborg Team Weekly Meeting 2017.05.17 Agenda

Hi Team, This is a kind reminder for our weekly meeting this week at #openstack-cyborg EST 11:00am (UTC 15:00) on Wed. The agenda for today's meeting is try to finalize and freeze our current specs and get to code development as soon as possible. -- Zhipeng (Howard) Huang Standard Engineer IT

Re: [openstack-dev] [tripleo] Future of the tripleo-quickstart-utils project

Hey Raoul, Thanks for putting this up in the ML. Replying inline: On Tue, May 16, 2017 at 4:59 PM, Raoul Scarazzini wrote: > Hi everybody, > as discussed in today's TripleO meeting [1] here's a brief recap of the > tripleo-quickstart-utils topic. > > ### TL;DR ### > > We are

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

Excerpts from Thierry Carrez's message of 2017-05-16 14:08:07 +0200: > Flavio Percoco wrote: > > From a release perspective, as Doug mentioned, we've avoided releasing > > projects > > in any kind of built form. This was also one of the concerns I raised when > > working on the proposal to

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

Dims, The [tc] was in the subject tag, and the message was represented as indicating some TC directive and has had several tc members comment on the thread. I did nothing wrong. Regards -steve -Original Message- From: Davanum Srinivas Reply-To: "OpenStack

[openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

Folks, See $TITLE :) Thanks, Dims -- Davanum Srinivas :: https://twitter.com/dims __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

This is one of those areas that was shared understanding for a long time, and seems less "shared" now that we've grown and added new projects to the community. I intended to prepare a governance resolution *after* having some public discussion, so that we can restore that common understanding

Re: [openstack-dev] [Heat] Heat template example repository

On 15.05.17 18:10, Steven Hardy wrote: On Mon, May 15, 2017 at 04:46:28PM +0200, Lance Haig wrote: Hi Steve, I am happy to assist in any way to be honest. The backwards compatibility is not always correct as I have seen when developing our library of templates on Liberty and then trying to

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

On 16/05/17 09:38 -0400, Davanum Srinivas wrote: Folks, See $TITLE :) Thanks, Dims Just to give more context to other folks: This came up when we were discussing how we can move forward with the idea of replacing the TC meetings. One concern is that by not having meetings, it might be hard

Re: [openstack-dev] [tempest] Proposing Fanglei Zhu for Tempest core

+1! -- Masayuki Igawa masay...@igawa.me On Tue, May 16, 2017, at 05:22 PM, Andrea Frittoli wrote: > Hello team, > > I'm very pleased to propose Fanglei Zhu (zhufl) for Tempest core. > > Over the past two cycle Fanglei has been steadily contributing to > Tempest and its community.> She's

Re: [openstack-dev] [oslo][concurrency] lockutils lock fairness / starvation

On 05/15/2017 03:42 PM, Clint Byrum wrote: In order to implement fairness you'll need every lock request to happen in a FIFO queue. This is often implemented with a mutex-protected queue of condition variables. Since the mutex for the queue is only held while you append to the queue, you will

Re: [openstack-dev] [nova] [glance] [cinder] [neutron] [keystone] - RFC cross project request id tracking

Excerpts from Chris Dent's message of 2017-05-16 15:28:11 +0100: > On Sun, 14 May 2017, Sean Dague wrote: > > > So, the basic idea is, services will optionally take an inbound > > X-OpenStack-Request-ID which will be strongly validated to the format > > (req-$uuid). They will continue to always

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

Michał, My fear is that anything said on that channel will come down as "TC told us to do / not do such-and-such a thing" -- Dims On Tue, May 16, 2017 at 11:00 AM, Michał Jastrzębski wrote: > On 16 May 2017 at 07:49, Sean Dague wrote: >> On 05/16/2017 09:38

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

On Tue, May 16, 2017 at 11:12 AM, Doug Hellmann wrote: > Excerpts from Flavio Percoco's message of 2017-05-16 10:07:52 -0400: >> On 16/05/17 09:45 -0400, Doug Hellmann wrote: >> >Excerpts from Flavio Percoco's message of 2017-05-15 21:50:23 -0400: >> >> On 15/05/17 11:49

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

Excerpts from Sean McGinnis's message of 2017-05-16 10:17:35 -0500: > On Tue, May 16, 2017 at 09:38:34AM -0400, Davanum Srinivas wrote: > > Folks, > > > > See $TITLE :) > > > > Thanks, > > Dims > > > > My preference would be to have an #openstack-tc channel. > > One thing I like about the

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

On 2017-05-16 23:13:05 +0200 (+0200), Thierry Carrez wrote: [...] > Looking at recent logs from #openstack-dev, I can see it would be a bit > painful to sort out what is actionable TC stuff from what is long > general development discussions and random are-you-around pings. I'm likely

[openstack-dev] [tc] [all] TC Report 20

I'm not fully recovered from summit yet, so this will not cover everything. It will pick back up next week once I'm back in the full flow. # Notes from Summit Elsewhere I'll create a more complete write up of the Foundation board meeting that happened on the Sunday before summit, but some

Re: [openstack-dev] [oslo][concurrency] lockutils lock fairness / starvation

Chris Friesen wrote: On 05/16/2017 10:45 AM, Joshua Harlow wrote: So fyi, If you really want something like this: Just use: http://fasteners.readthedocs.io/en/latest/api/lock.html#fasteners.lock.ReaderWriterLock And always get a write lock. It is a slightly different way of getting those

[openstack-dev] [horizon][api][docs] Feedback requested on proposed formatting change to API docs

Hey all! I read the API docs A LOT. (thank you to all of you who have worked on writing them) As I do, a gotcha I hit up against a non-zero amount is mapping the descriptions of the response parameters to the form of the response itself. Most of the time there is a top level parameter under

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

On 05/16/2017 02:44 PM, Sean Dague wrote: On 05/16/2017 03:40 PM, Monty Taylor wrote: On 05/16/2017 10:20 AM, Doug Hellmann wrote: Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100: On Tue, 16 May 2017, Monty Taylor wrote: FWIW - I'm un-crazy about the term API Key - but I'm

[openstack-dev] [tripleo] Future of the tripleo-quickstart-utils project

Hi everybody, as discussed in today's TripleO meeting [1] here's a brief recap of the tripleo-quickstart-utils topic. ### TL;DR ### We are trying to understand whether is good or not to put the contents of [2] somewhere else for a wider exposure. ### Long version ### tripleo-quickstart-utils

Re: [openstack-dev] [tc][all] Do we need a #openstack-tc IRC channel

Sean Dague wrote: > On 05/16/2017 03:59 PM, Thierry Carrez wrote: >> Thierry Carrez wrote: >>> Here we have a clear topic, and TC members need to pay a certain level >>> of attention to whatever is said. Mixing it with other community >>> discussions (which I have to prioritize lower) just makes

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

On 16/05/17 22:39, Sean Dague wrote: > On 05/15/2017 10:00 PM, Adrian Turjak wrote: >> I'm well aware of the policy work, and it is fantastic to see it >> progressing! I can't wait to actually be able to play with that stuff! >> We've been painstakingly tweaking the json policy files which is a

[openstack-dev] [keystone][nova][cinder][policy] policy meeting tomorrow

Hey folks, Sending out a reminder that we will have the policy meeting tomorrow [0]. The agenda [1] is already pretty full but we are going to need cross-project involvement tomorrow considering the topics and impacts. I'll be reviewing policy things in the morning so if anyone has questions or

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

On 2017-05-16 19:56:31 + (+), Fox, Kevin M wrote: [...] > Lets provide the tools to make it as easy as possible to identify > containers with issues, and allow upgrading the system to newer > ones. > > Which CVE's are on the system is somewhat less important then > being able to get to

Re: [openstack-dev] [vitrage] [nova] [HA] VM Heartbeat / Healthcheck Monitoring

Waines, Greg wrote: thanks for the pointers Sam. I took a quick look. I agree that the VM Heartbeat / Health-check looks like a good fit into Masakari. Currently your instance monitoring looks like it is strictly black-box type monitoring thru libvirt events. Is

Re: [openstack-dev] [vitrage] [nova] [HA] VM Heartbeat / Healthcheck Monitoring

Waines, Greg wrote: Sam, Two other more higher-level points I wanted to discuss with you about Masaraki. First, so I notice that you are doing both monitoring, auto-recovery and even host maintenance type functionality as part of the Masaraki architecture. are

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

On 15/05/17 20:07, Adrian Turjak wrote: On 16/05/17 01:09, Lance Bragstad wrote: On Sun, May 14, 2017 at 11:59 AM, Monty Taylor > wrote: On 05/11/2017 02:32 PM, Lance Bragstad wrote: Hey all, One of the Baremetal/VM

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

On 16/05/17 01:06, Colleen Murphy wrote: Additionally, I think OAuth - either extending the existing OAuth1.0 plugin or implementing OAuth2.0 - should probably be on the table. I believe that OAuth is not a good fit for long-lived things like an application needing to communicate with its own

<    1   2