Given the empty agenda  and the holiday, we will cancel the policy
meeting this week. We'll pick up again next week.
Description: OpenPGP digital signature
On 06/30/2017 04:38 AM, Thierry Carrez wrote:
> Mike Perez wrote:
>> What do people think before we bikeshed on the name? Would having a
>> champion volunteer to each goal to help?
> It feels like most agree that having champions would help. Do we have
> any volunteer for the
Keystone has deprecated the domain configuration upload capability
provided through `keystone-manage`. We discussed it's removal in today's
meeting  and wanted to send a quick note to the operator list. The
ability to upload a domain config into keystone was done as a stop-gap
Keystone has a script to perform some bootstrapping operations . It's
not really tested and its purpose has been superseded by using the
`keystone-manage bootstrap` command. Based on codesearch, only
openstack/rpm-packaging references the script .
Is anyone opposed to the
I've created the etherpads for our sessions and linked them to the wiki
. I've bootstrapped them with basic content and they are ready to be
If you'd like to help flesh out the agendas for any of those sessions, just
to bump up the timeline for this and add Heidi to
the thread. That way she is aware of any feedback we want to give. If we
don't have any feedback by tomorrow, we will default to the mascot we
On Mon, Apr 24, 2017 at 9:13 AM, Lance Bragstad <lbrags...@gmail.com> wrote:
Based on some feedback of the original mascot, the Foundation passed along
another revision that incorporates a keyhole into the turtle shell. There
are two versions  . We can choose to adopt one of the new formats, or
stick with the one we already have.
I have it on our agenda for
>> On Fri, Aug 04, 2017 at 03:35:38PM -0400, William M Edmonds wrote:
>>> Lance Bragstad <lbrags...@gmail.com> wrote on 08/04/2017 02:37:40 PM:
>>>> Properly fixing this would result in a 403 -> 204 status code, which
>>>> requires an AP
I'd like to formally communicate my desire to continue serving as the
keystone PTL for the upcoming Queen’s release. Despite some turbulence
throughout the Pike development cycle, keystone has managed to make
progress on some long standing issues. Even though the pace of
Keystone had a bug reported  recently (that we are targeting to
pike-rc1) that exposes an inconsistency in the API based on
configuration. The happy path is as follows:
- a deployment is configured to store projects (controlled by the
resource backend) and users (controlled by the identity
Today we had good focus on RC1 bugs. We spent most of the keystone
meeting and all of office hours discussing or reviewing fixes. Full logs
can be found at the bottom of the note . Here's a summary of what we
Bug #1674676 in OpenStack Identity (keystone): "The URL
A lot of the team is focused on getting pike-rc1 out the door and
reviews. The agenda is also empty. Let's cancel today and pick up next
week or shortly before the PTG to organize our policy sessions there.
Description: OpenPGP digital signature
I couldn't agree more with what others have already said. It's been
awesome to see positive things come out of close communication between
deployment projects and other project teams. I look forward to seeing
the pattern and precedence continue!
On 07/31/2017 12:59 PM, Amy Marrich wrote:
> On Fri, 4 Aug 2017, Lance Bragstad wrote:
>> On 08/04/2017 03:45 PM, Kristi Nikolla wrote:
>>> Therefore the call which now returns a 403 in master, returned a 2xx in
>>> Ocata. So we would be fixing something which is broken on master rather
Today we realized we're going to need to cut a new release candidate due
to some confusion around release notes. Particularly the ones for Pike.
We spent the majority of office hours fixing and reviewing those
patches. Full logs from office hours can be found here . Thanks for
all the quick
Looking through the schedule of keystone-tagged sessions, it appears we
have a conflict between one of the BM/VM sessions  and keystone's
project on-boarding session .
I wouldn't be opposed to shuffling, but I assume it's too late for that? If
we can get a good idea of who is going to show
During today's keystone meeting we added another member to keystone's core
team. For several releases, Colleen's had a profound impact on keystone.
Her reviews are meticulous and of incredible quality. She has no hesitation
to jump into keystone's most confusing realms and as a result
Just a reminder that we won't have a meeting next week since it will be the
week of the Forum in Boston.
Our next meeting will be on May 16th. See you then!
OpenStack Development Mailing List (not for usage questions)
Next week is the Forum, so we'll forego the the policy meeting in favor of
some face-to-face discussions.
Let's pick back up with policy recaps on the 17th of May.
OpenStack Development Mailing List (not
On Sun, May 14, 2017 at 11:59 AM, Monty Taylor <mord...@inaugust.com> wrote:
> On 05/11/2017 02:32 PM, Lance Bragstad wrote:
>> Hey all,
>> One of the Baremetal/VM sessions at the summit focused on what we need
>> to do to make OpenStack more cons
On Mon, May 15, 2017 at 6:20 AM, Sean Dague wrote:
> On 05/15/2017 05:59 AM, Andrey Volkov wrote:
> >> The last time this came up, some people were concerned that trusting
> >> request-id on the wire was concerning to them because it's coming from
> >> random users.
That sounds good - I'll review the spec before today's meeting . Will
someone be around to answer questions about the spec if there are any?
On Mon, May 15, 2017 at 11:24 PM, Mh Raies wrote:
> Hi Lance,
On Tue, May 16, 2017 at 8:54 AM, Monty Taylor <mord...@inaugust.com> wrote:
> On 05/16/2017 05:39 AM, Sean Dague wrote:
>> On 05/15/2017 10:00 PM, Adrian Turjak wrote:
>>> On 16/05/17 13:29, Lance Bragstad wrote:
On Mon, May 15, 2017 at 7:07 PM, Adrian Turjak <adri...@catalyst.net.nz>
> On 16/05/17 01:09, Lance Bragstad wrote:
> On Sun, May 14, 2017 at 11:59 AM, Monty Taylor <mord...@inaugust.com>
>> On 05/11/2017 02:32 PM, Lance B
One of the Baremetal/VM sessions at the summit focused on what we need to
do to make OpenStack more consumable for application developers . As a
group we recognized the need for application specific passwords or API keys
and nearly everyone (above 85% is my best guess) in the session
Domain support hasn't really been adopted across various OpenStack
projects, yet. Ocata was the first release where we had a v3-only
jenkins job set up for projects to run against (domains are a v3-only
concept in keystone and don't really exist in v2.0).
I think it would be great to push on some
On 06/21/2017 11:55 AM, Matt Riedemann wrote:
> On 6/21/2017 11:17 AM, Shamail Tahir wrote:
>> On Wed, Jun 21, 2017 at 12:02 PM, Thierry Carrez
>> > wrote:
>> Shamail Tahir wrote:
>> > In the past, governance has helped (on
On 06/22/2017 12:57 PM, Mike Perez wrote:
> Hey all,
> In the community wide goals, we started as a group discussing goals at
> the OpenStack Forum. Then we brought those ideas to the mailing list
> to continue the discussion and include those that were not able to be
> at the forum. The
On 06/26/2017 08:58 AM, Chris Dent wrote:
> On Mon, 26 Jun 2017, Flavio Percoco wrote:
>> So, should we let teams to host IRC meetings in their own channels?
> I think the silo-ing concern is, at least recently, not relevant on
> two fronts: IRC was never a good
According to the poll results, office hours will be moved to Tuesday
19:00 - 22:00 UTC. We'll officially start tomorrow after the keystone
Thanks for putting together and advertising the poll, Harry!
On 06/20/2017 02:30 PM, Harry Rybacki wrote:
> Greetings All,
> We would like to
We recently merged the openstack-manuals admin-guide into keystone 
and there is a lot of duplication between the admin-guide and keystone's
"internal" operator-guide . I've started proposing small patches to
consolidate the documentation from the operator-guide to the official
On Thu, May 18, 2017 at 9:39 AM, Lance Bragstad <lbrags...@gmail.com> wrote:
> On Thu, May 18, 2017 at 8:45 AM, Sean Dague <s...@dague.net> wrote:
>> On 05/18/2017 09:27 AM, Doug Hellmann wrote:
>> > Excerpts from Adrian Turjak's message of 2017-05-18
On Thu, May 18, 2017 at 8:45 AM, Sean Dague wrote:
> On 05/18/2017 09:27 AM, Doug Hellmann wrote:
> > Excerpts from Adrian Turjak's message of 2017-05-18 13:34:56 +1200:
> >> Fully agree that expecting users of a particular cloud to understand how
> >> the policy stuff works
I'm in favor of option #1. I think it encourages our developers to become
better writers with guidance from the docs team. While ensuring docs are
proposed prior to merging the implementation cross-repository is totally
possible, I think #1 makes that flow easier.
Thanks for putting together the
To date we have two proposed solutions for tackling the admin-ness issue we
have across the services. One builds on the existing scope concepts by
scoping to an admin project . The other introduces global role
assignments  as a way to denote elevated privileges.
I'd like to get
On Wed, May 24, 2017 at 10:35 AM, Lance Bragstad <lbrags...@gmail.com>
> Hey all,
> To date we have two proposed solutions for tackling the admin-ness issue
> we have acr
On Fri, May 26, 2017 at 5:32 AM, Sean Dague wrote:
> On 05/26/2017 03:44 AM, John Garbutt wrote:
> > +1 on not forcing Operators to transition to something new twice, even
> > if we did go for option 3.
> > Do we have an agreed non-distruptive upgrade path mapped out yet?
On Fri, May 26, 2017 at 9:31 AM, Sean Dague <s...@dague.net> wrote:
> On 05/26/2017 10:05 AM, Lance Bragstad wrote:
> > On Fri, May 26, 2017 at 5:32 AM, Sean Dague <s...@dague.net
> > <mailto:s...@dague.net>> wrote:
At the PTG in Atlanta, we talked about deprecating the policy and
credential APIs. The policy API doesn't do anything and secrets shouldn't
be stored in credential API. Reasoning and outcomes can be found in the
etherpad from the session . There was some progress made on the policy
API , but
igration you're willing to make. This might be a
loaded question and it will vary across deployments, but how long would you
expect that migration to take for you're specific deployment(s)?
> On Thu, 2017-05-25 at 10:42 +1200, Adrian Turjak wrote:
> On 25
Attendees: 12 - 15
We conflicted with one of the Baremetal/VM sessions
I attempted to document most of the session in my recap .
We started out by doing a round-the-room of introductions so that folks
could put IRC nicks to faces (we also didn't have a packed room so this
On Thu, May 18, 2017 at 6:43 PM, Curtis wrote:
> On Thu, May 18, 2017 at 4:13 PM, Adrian Turjak
> > Hello fellow OpenStackers,
> > For the last while I've been looking at options for multi-region
> > multi-master Keystone, as well as
Sending out a reminder that we will have the policy meeting tomorrow .
The agenda  is already pretty full but we are going to need
cross-project involvement tomorrow considering the topics and impacts.
I'll be reviewing policy things in the morning so if anyone has questions
On Mon, May 29, 2017 at 4:08 AM, Matthieu Simonin wrote:
> I'd like to have more insight on OSProfiler support in paste-deploy files
> as it seems not similar across projects.
> As a result, the way you can enable it on Kolla side differs. Here are
On Wed, May 31, 2017 at 9:10 AM, Lance Bragstad <lbrags...@gmail.com> wrote:
> On Fri, May 26, 2017 at 10:21 AM, Sean Dague <s...@dague.net> wrote:
>> On 05/26/2017 10:44 AM, Lance Bragstad wrote:
I've proposed a community-wide goal for Queens to move policy into code and
supply documentation for each policy . I've included references to
existing documentation and specifications completed by various projects and
attempted to lay out the benefits for both developers and
On Thu, Jun 1, 2017 at 3:46 PM, Andrey Grebennikov <
> We had a very similar conversation multiple times with Keystone cores
> (multi-site Keystone).
Geo-rep Galera was suggested first and it was immediately declined (one of
> the reasons was the case of
Thanks for all the feedback and patience.
On Tue, Jun 6, 2017 at 4:39 PM, Marc Heckmann <marc.heckm...@ubisoft.com>
> On Tue, 2017-06-06 at 17:01 -0400, Erik McCormick wrote:
> > On Tue, Jun 6, 2017 at 4:44 PM, Lance B
After digging into etcd a bit, one place this might be help deployer
experience would be the handling of fernet keys for token encryption in
keystone. Currently, all keys used to encrypt and decrypt tokens are kept
on disk for each keystone node in the deployment. While simple, it requires
On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi <emil...@redhat.com> wrote:
> On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad <lbrags...@gmail.com>
> > After digging into etcd a bit, one place this might be help deployer
> > experience would be the han
Happy Stanley-Cup-Playoff-Game-5 Day,
Sending out a quick reminder that tomorrow is specification freeze. I'll be
making a final push for specifications that target Pike work tomorrow. I'd
also like to merge others to backlog as we see fit.
By EOD tomorrow, I'll go through and put procedural
>> On Fri, May 26, 2017 at 2:52 AM, joehuang <joehu...@huawei.com> wrote:
>>> I think a option 2 is better.
>>> Best Regards
>>> Chaoyi Huang (joehuang)
>>> *From:* Lance Bragstad [lb
On Tue, Jun 6, 2017 at 10:01 AM, Lance Bragstad <lbrags...@gmail.com> wrote:
> I replied to John, but directly. I'm sending the responses I sent to him
> but with the intended audience on the thread. Sorry for not catching that
> On Fri, May 26, 2017 at
We have a review in flight to release python-keystoneclient . Thanks for
On Fri, Jun 9, 2017 at 9:39 AM, Doug Hellmann wrote:
> We have several teams with library deliverables that haven't seen
> any releases
Just pushed a release for pycadf as well .
On Fri, Jun 9, 2017 at 9:43 AM, Lance Bragstad <lbrags...@gmail.com> wrote:
> We have a review in flight to release python-keystoneclient . Thanks
> for the reminder!
On Fri, Jun 9, 2017 at 9:57 AM, Mike Bayer <mba...@redhat.com> wrote:
> On 06/08/2017 01:34 PM, Lance Bragstad wrote:
>> After digging into etcd a bit, one place this might be help deployer
>> experience would be the handling of fernet keys for token encryp
On Fri, Jun 9, 2017 at 11:17 AM, Clint Byrum <cl...@fewbar.com> wrote:
> Excerpts from Lance Bragstad's message of 2017-06-08 16:10:00 -0500:
> > On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi <emil...@redhat.com>
> > > On Thu, Jun 8,
On Tue, Jun 13, 2017 at 3:51 PM, Morgan Fainberg
> On Tue, Jun 13, 2017 at 1:04 PM, Boris Pavlovic wrote:
> > Hi stackers,
> > Intro
> > Initially Rally was targeted for developers which means running it from
> > admin was OK.
We have a couple sessions to start off the week and I wanted to send out
the links to the etherpads   .
Let me know if you have any questions. Otherwise feel free to catch up or
pre-populate the etherpads with content if you have any.
I spent some time today summarizing a discussion  about global roles. I
figured it would help build some context for next week as there are a
couple cross project policy/RBAC sessions at the Forum.
The first patch is a very general document trying to nail down our policy
For scheduling purposes, here is a link to the session .
On Sat, May 6, 2017 at 5:36 PM, Matt Riedemann wrote:
> On 5/5/2017 8:23 PM, Sean Dague wrote:
>> On 05/05/2017 05:09
> On Thu, Apr 20, 2017 at 3:46 PM, Lance Bragstad <lbrags...@gmail.com>
>> I wonder if the meeting tooling supports a monthly cadence?
>> On Thu, Apr 20, 2017 at 2:42 PM, Rob Cresswell <
On Fri, May 26, 2017 at 10:21 AM, Sean Dague <s...@dague.net> wrote:
> On 05/26/2017 10:44 AM, Lance Bragstad wrote:
> > Interesting - I guess the way I was thinking about it was on a per-token
> > basis, since today you can't have a single token represent mu
On Tue, Jun 6, 2017 at 3:06 PM, Marc Heckmann <marc.heckm...@ubisoft.com>
> On Tue, 2017-06-06 at 10:09 -0500, Lance Bragstad wrote:
> Also, with all the people involved with this thread, I'm curious what the
> best way is to get consensus. If I've tallie
The upgrade to Gerrit 2.13.9 affected a script I was using to generate
the burndown chart by querying the REST api. I've pushed a fix  and
it should be working again in case you weren't seeing your project being
reflected in the burndown . Let me know if you have any additional
I should have read this thread before starting a new one . The query
bits sound somewhat similar to what I experienced with a script to
generate a burndown chart, but querying a topic instead.
I won't be available to run the policy meeting tomorrow. It doesn't look
like there is anything posted to the agenda yet . If someone feels
like hosting it, please feel free to do so. I'll catch the scroll back
On Sep 22, 2017 07:59, "Matt Riedemann" wrote:
On 9/22/2017 9:50 AM, Rajath Agasthya (rajagast) wrote:
> On 9/21/17, 10:19 PM, "Jeremy Freudberg"
> 3) Delay spin-up of resource-intensive/long-running CI jobs until after
The following was done during office hours this week:
Bug #1698455 in OpenStack Identity (keystone): "Install and configure in
Installation Guide: Populate the Identity service database step fails on
Triaged and tagged
+1,000 to all of what Steve said. It's still tough for me to wrap my
head around all the client/library work you shouldered. Your experience,
perspective, and insight will certainly be missed.
Thanks for being an awesome member of this community and best of luck on
the new gig, they're lucky to
It was mentioned in today's keystone meeting  that it would be useful
to go through AWS IAM (or even GKE) as a group. With all the recent
policy discussions and work, it seems useful to get our eyes on another
system. The idea would be to spend time using a video conference/screen
On 10/16/2017 09:09 AM, Amrith Kumar wrote:
> In a recent conversation on #openstack-tc where we bemoaned the ills
> of Stackalytics and related management-by-objectives to Heisenberg's
> uncertainty principle, the conversation (on 10-03, for example) veered
> towards why people were interested
Sending out a reminder that keystone's specification proposal freeze
deadline is this week. We're still in the process of getting formal
dates merged to the schedule , but this is roughly the same time line
we use every release.
Let me know if you have any questions. Thanks!
Sending out a gentle reminder to vote for time slots that work for you
. We'll keep the poll open for a few more days, or until we reach
On 10/11/2017 01:48 PM, Lance Bragstad wrote:
> Oh - one note about the doodle .
around in the morning, pending the Application
On 09/05/2017 09:15 PM, Lance Bragstad wrote:
> Thanks! That should work. We have a couple things set up with the
> baremetal/VM SIG  during that time, but I don't
Now that Pike is out the door (big thanks to everyone for helping!),
I've create the deprecated-as-of-queen  and removed-as-of-queens 
blueprints. Feel free to use them as needed now that Queens is underway.
you still have conflicts :-)
>  https://etherpad.openstack.org/p/oslo-ptg-queens
> 2017-09-02 6:16 GMT+08:00 Lance Bragstad <lbrags...@gmail.com>:
>> Thanks for the schedule! I should be somewhat available Monday afternoon
>> for the policy deprecation discussion
know it's a bit
late, but I'd like to have the schedule pretty well set by the weekend.
On 08/24/2017 03:34 PM, Lance Bragstad wrote:
> Hi all,
> Keystone has a few cross-project topics we'd like to share with a wider
The schedule  has been updated with room information for the
policy-in-code effort. We'll be in Grays Peak on Level 3 on Monday and
Tuesday to help projects with the Queens goal .
Looks like the Baremetal/VM SIG (#compute) will meet in Ballroom B,
Banquet Level. I've updated the etherpad with the room information .
On 09/07/2017 10:01 AM, Lance Bragstad wrote:
> I spoke with John a bit today in IRC and we h
Looks like we'll be in Telluride B, Atrium Level. I've updated the room
information in the etherpad .
On 08/24/2017 02:25 PM, Lance Bragstad wrote:
> I've worked the topics into a schedule . Monday and Tuesday are
> pretty g
I reused some of Doug's doc-migration tooling to create a burndown chart
specifically for policy work in Queens . As some of you might
know, I've attempted to update projects that are not impacted by the
goal . Another reminder that we will be having two sessions dedicated
I went through the Trello board for all our Queens work and updated all
cards that needed "fleshing out". Each should have an accurate
description of the work, why it's needed, and a checklist if applicable.
If a card still doesn't make sense, please ping me or add the "needs
In the weekly meeting on Tuesday, we talked about possible forum
sessions for Sydney. I proposed the following based on the etherpad .
* Keystone User & Operator Feedback 
* Application Credentials Feedback 
* RBAC/Policy Roadmap Feedback 
We decided to omit the last
++ it'd be great to come up with some sort of pattern here that other
projects can follow if they need to implement the same thing. Some sort
of consistency would be great when/if we start seeing more http_check
On 09/29/2017 07:56 AM, ruan...@orange.com wrote:
> Hi folks,
> We are
On 09/27/2017 06:38 AM, Bhor, Dinesh wrote:
> Hi Team,
> There are four solutions to fix the below bug:
> 1) Carry a copy of mask_password() method to keystoneauth from
> oslo_utils :
> A. keystoneauth
Office hours was a little slow this week. Most people seem to be getting
back in the groove from the PTG. No bugs were closed during this week's
FWIW - I plan to go through and start cleaning up v2.0 bugs there are no
longer relevant now that v2.0 is being removed. This will be a
According to our burndown chart , just over half the projects have
started implementing the goal . I've been proposing patches for some
of the projects in the not-started column. Most patches I've been
working on would benefit from a review from someone more experienced
of the Etherpad as a
champion, moderator, or scribe (see definitions in the main schedule).
Let me know if you see any issues or conflicts.
On 07/27/2017 12:21 PM, Lance Bragstad wrote:
> I've added a section to the etherpad
Keystone has a few cross-project topics we'd like to share with a wider
group, like the Baremetal/VM SIG. As a result, I attempted to dust off
some of the Baremetal/VM sessions  from Boston and port the
popular topics over to the etherpad for the PTG . Maybe it will kick
It looks like the users exist in keystone. Are you able to authenticate
directly against keystone and see if that works?
On 09/01/2017 06:22 AM, A Vamsikrishna wrote:
> Hi All,
> *Setup details: *
> Docker version 1.12.6
> Installed keystone in
Thanks for the schedule! I should be somewhat available Monday afternoon
for the policy deprecation discussion. The only conflict that might come
up for me is with the Baremetal/VM group . Keystone has a few topics
to iron out there, but I'm not exactly sure when that group plans to
anks for your kind response!!
> Can you please help me with the process to authenticate the created
> users directly against keystone ??
> Best regards,
> Vamsi krishna
> *From:*Lance Bragstad [mailto:lbrags...@gmail.com]
On 09/04/2017 11:06 AM, Ronan-Alexandre Cherrueau wrote:
> Hi folks,
> Recently in the Inria's Discovery initiative, we got in touch with
> CockroachLabs guys with an idea: make Keystone supports CockorachDB. So
> we give it a try and you can find a very first result on our GitHub.
On 10/05/2017 02:24 AM, Colleen Murphy wrote:
> On Tue, Oct 3, 2017 at 10:08 PM, Lance Bragstad <lbrags...@gmail.com
> <mailto:lbrags...@gmail.com>> wrot
This sounds like something that was discussed during the PTG. The oslo
team was exploring ways to implement this, which would be consumable to
keystonemiddleware as a library .
On 10/11/2017 07:43 AM, pnkk wrote:
> We have our API
Oh - one note about the doodle . All proposed times are in UTC, so
just keep that in mind when selecting your availability.
On 10/11/2017 01:44 PM, Lance Bragstad wrote:
> In today's policy meeting we went through and started prepp
for upgrading the account.
On 10/09/2017 04:23 PM, Lance Bragstad wrote:
> I've put a scheduling session on the books for the next policy meeting
> . Advertising it here since
10/16/2017 08:45 AM, Lance Bragstad wrote:
> Sending out a gentle reminder to vote for time slots that work for you
> . We'll keep the poll open for a few more days, or until we reach
> quorum. Thanks!
>  https://beta.doodle.com/poll/ntkpzgmcv3k6v5qu
> On 10/11/2017
I messed up the links in the previous note.
Merged implementation: https://review.openstack.org/#/c/509909/
On 11/15/2017 11:34 AM, Lance Bragstad wrote:
201 - 300 of 497 matches
Mail list logo