08:05:54 <joehuang> #startmeeting mutlisite
08:05:54 <collabot> Meeting started Thu Jul 23 08:05:54 2015 UTC.  The chair is joehuang. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:05:54 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
08:05:54 <collabot> The meeting name has been set to 'mutlisite'
08:06:09 <joehuang> #topic
08:06:20 <joehuang> #topic rollcall
08:06:27 <joehuang> #info joehuang
08:06:30 <fzdarsky> #info fzdarsky
08:06:43 <colitd> #info colintd
08:07:38 <fzdarsky> hm, lots of people out
08:07:42 <joehuang> #topic short summary of identity management prototype
08:07:46 <joehuang> yes
08:07:54 <joehuang> so your suggestion?
08:08:00 <colitd> we are a bit thin on the ground to reach any kind of concensus
08:08:10 <fzdarsky> +1
08:08:16 <joehuang> may the weekly meeting closed for next few weeks
08:08:30 <colitd> Probably best +1
08:08:44 <joehuang> yes, so today we only exchange some ideas first
08:09:03 <colitd> fine with me
08:09:13 <fzdarsky> can't help a lot with id mgmt. I'm afraid
08:09:33 <joehuang> #info I have done the prototype of identity management
08:09:45 <joehuang> #info based on hafe's work
08:09:55 <Malla> Hi, sorry for a late.
08:10:04 <joehuang> hi malla
08:10:22 <Malla> Hi Joehuange
08:10:27 <joehuang> #info the asrnc replication between mysql galera cluster works
08:10:33 <colitd> we were just thinging we might close early today due to low numbers, and probably skip the next few meetings due to vacations
08:10:57 <joehuang> yes, we close the meeting earlier than usual
08:11:47 <joehuang> #info that means fully distributed keystone service for fernet token is feasible
08:12:36 <joehuang> #info but I prefer the new idea of the replication, see the candidate solution 3
08:13:46 <joehuang> #link https://etherpad.opnfv.org/p/multisite_identity_management
08:14:06 <joehuang> the cadidate solution 3 is to have a cluster as the master, and all others are independent async replication slave
08:14:25 <joehuang> through this way, better distribution and management
08:14:55 <colitd> I can see the attractions, but does it meet the typical carrier deployments?
08:15:09 <joehuang> I think so
08:15:32 <colitd> I often see people wanting to be able to manage user accounts on a per site basis (where people work), but with the ability to grant global permissions to those people.
08:15:35 <joehuang> I did not found better solution yet
08:15:45 <colitd> This also allows better control in the event of partition
08:15:55 <colitd> So more a federated model rather than a replicated model
08:17:08 <joehuang> in one organization, it's often central management for users
08:17:38 <joehuang> what you mean is how to control the access scope for a user
08:17:53 <joehuang> like endpoint filter
08:18:28 <joehuang> a user/prohject is to access limited resources
08:18:52 <colitd> If you have central management then I can see the attraction to distribution.  So the question is does that model fit everywhere, or do there need to be a range of solutions?
08:19:29 <joehuang> I agree in different scenario, different solution fits
08:20:56 <joehuang> For keystone federation, you have do the mapping in each keystone service for new project/domain/role...
08:21:47 <joehuang> if there is a lots of sites, the mapping/configuration itself is a challenge
08:23:10 <colitd> I wouldn't claim to be an expert in this area, I'm just commenting on various different approachs people take to user management.  We might also want to think about whether we need to support the "cloudburst" function, meaning that we have a non-homogenous group of clouds.
08:26:21 <joehuang> you mean hybrid clouds scenario? federation is for this scenario
08:28:58 <colitd> Yes, hybrid clouds
08:29:36 <colitd> I guess, as with the HA element, the question is exactly what scenario(s) we are trying to support.  Maybe we need to have some firmer examples?
08:29:45 <joehuang> we can include hybrid-clouds scenario into the etherpad
08:30:36 <joehuang> it would be better if we have firmer examples
08:31:21 <joehuang> #info shall we include hybrid cloud scenario in the identity management use case?
08:31:56 <joehuang> #info it would be better if we have firmer examples
08:33:37 <joehuang> do we need to discuss architecture proposal today? we have few peoples here
08:34:28 <joehuang> we have use cases need centralized service, a new candidate proposal also added into the etherpad
08:34:39 <joehuang> New cenralized service + multi-region:
08:35:00 <joehuang> Develop a totaly new centralized service to finish the cross-site function. All VM/Volume/Networking provisioning works like usual multi-region mode.
08:35:49 <colitd> I think this is progress, but perhaps we now continue via email to get input from wider group (I'm sure some will check even if on vacation)?
08:36:11 <joehuang> OK
08:36:55 <joehuang> let's end today's meeting earlier
08:38:07 <joehuang> how about resume the weekly meeting from Aug.20 or Aug. 14?
08:39:29 <colitd> 20th works for me
08:39:58 <joehuang> malla and fzdarsky
08:40:45 <Malla> 20 works for me also
08:40:52 <fzdarsky> back w.o. Aug 24
08:41:05 <joehuang> ok, let's come back on Aug. 20th
08:41:51 <joehuang> sorry to fzdarsky, you will miss one meeting only
08:42:04 <fzdarsky> np
08:42:13 <fzdarsky> will be thinking of you guys with a cocktail :)
08:42:41 <joehuang> #info resume weekly meeting from Aug.20 after summer vacation season.
08:43:00 <joehuang> thank you all. Have a nice summer holiday
08:43:09 <joehuang> thanks. bye
08:43:15 <fzdarsky> thanks, bye
08:43:19 <joehuang> #endmeeting