08:05:54 <joehuang> #startmeeting mutlisite 08:05:54 <collabot> Meeting started Thu Jul 23 08:05:54 2015 UTC. The chair is joehuang. Information about MeetBot at http://wiki.debian.org/MeetBot. 08:05:54 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic. 08:05:54 <collabot> The meeting name has been set to 'mutlisite' 08:06:09 <joehuang> #topic 08:06:20 <joehuang> #topic rollcall 08:06:27 <joehuang> #info joehuang 08:06:30 <fzdarsky> #info fzdarsky 08:06:43 <colitd> #info colintd 08:07:38 <fzdarsky> hm, lots of people out 08:07:42 <joehuang> #topic short summary of identity management prototype 08:07:46 <joehuang> yes 08:07:54 <joehuang> so your suggestion? 08:08:00 <colitd> we are a bit thin on the ground to reach any kind of concensus 08:08:10 <fzdarsky> +1 08:08:16 <joehuang> may the weekly meeting closed for next few weeks 08:08:30 <colitd> Probably best +1 08:08:44 <joehuang> yes, so today we only exchange some ideas first 08:09:03 <colitd> fine with me 08:09:13 <fzdarsky> can't help a lot with id mgmt. I'm afraid 08:09:33 <joehuang> #info I have done the prototype of identity management 08:09:45 <joehuang> #info based on hafe's work 08:09:55 <Malla> Hi, sorry for a late. 08:10:04 <joehuang> hi malla 08:10:22 <Malla> Hi Joehuange 08:10:27 <joehuang> #info the asrnc replication between mysql galera cluster works 08:10:33 <colitd> we were just thinging we might close early today due to low numbers, and probably skip the next few meetings due to vacations 08:10:57 <joehuang> yes, we close the meeting earlier than usual 08:11:47 <joehuang> #info that means fully distributed keystone service for fernet token is feasible 08:12:36 <joehuang> #info but I prefer the new idea of the replication, see the candidate solution 3 08:13:46 <joehuang> #link https://etherpad.opnfv.org/p/multisite_identity_management 08:14:06 <joehuang> the cadidate solution 3 is to have a cluster as the master, and all others are independent async replication slave 08:14:25 <joehuang> through this way, better distribution and management 08:14:55 <colitd> I can see the attractions, but does it meet the typical carrier deployments? 08:15:09 <joehuang> I think so 08:15:32 <colitd> I often see people wanting to be able to manage user accounts on a per site basis (where people work), but with the ability to grant global permissions to those people. 08:15:35 <joehuang> I did not found better solution yet 08:15:45 <colitd> This also allows better control in the event of partition 08:15:55 <colitd> So more a federated model rather than a replicated model 08:17:08 <joehuang> in one organization, it's often central management for users 08:17:38 <joehuang> what you mean is how to control the access scope for a user 08:17:53 <joehuang> like endpoint filter 08:18:28 <joehuang> a user/prohject is to access limited resources 08:18:52 <colitd> If you have central management then I can see the attraction to distribution. So the question is does that model fit everywhere, or do there need to be a range of solutions? 08:19:29 <joehuang> I agree in different scenario, different solution fits 08:20:56 <joehuang> For keystone federation, you have do the mapping in each keystone service for new project/domain/role... 08:21:47 <joehuang> if there is a lots of sites, the mapping/configuration itself is a challenge 08:23:10 <colitd> I wouldn't claim to be an expert in this area, I'm just commenting on various different approachs people take to user management. We might also want to think about whether we need to support the "cloudburst" function, meaning that we have a non-homogenous group of clouds. 08:26:21 <joehuang> you mean hybrid clouds scenario? federation is for this scenario 08:28:58 <colitd> Yes, hybrid clouds 08:29:36 <colitd> I guess, as with the HA element, the question is exactly what scenario(s) we are trying to support. Maybe we need to have some firmer examples? 08:29:45 <joehuang> we can include hybrid-clouds scenario into the etherpad 08:30:36 <joehuang> it would be better if we have firmer examples 08:31:21 <joehuang> #info shall we include hybrid cloud scenario in the identity management use case? 08:31:56 <joehuang> #info it would be better if we have firmer examples 08:33:37 <joehuang> do we need to discuss architecture proposal today? we have few peoples here 08:34:28 <joehuang> we have use cases need centralized service, a new candidate proposal also added into the etherpad 08:34:39 <joehuang> New cenralized service + multi-region: 08:35:00 <joehuang> Develop a totaly new centralized service to finish the cross-site function. All VM/Volume/Networking provisioning works like usual multi-region mode. 08:35:49 <colitd> I think this is progress, but perhaps we now continue via email to get input from wider group (I'm sure some will check even if on vacation)? 08:36:11 <joehuang> OK 08:36:55 <joehuang> let's end today's meeting earlier 08:38:07 <joehuang> how about resume the weekly meeting from Aug.20 or Aug. 14? 08:39:29 <colitd> 20th works for me 08:39:58 <joehuang> malla and fzdarsky 08:40:45 <Malla> 20 works for me also 08:40:52 <fzdarsky> back w.o. Aug 24 08:41:05 <joehuang> ok, let's come back on Aug. 20th 08:41:51 <joehuang> sorry to fzdarsky, you will miss one meeting only 08:42:04 <fzdarsky> np 08:42:13 <fzdarsky> will be thinking of you guys with a cocktail :) 08:42:41 <joehuang> #info resume weekly meeting from Aug.20 after summer vacation season. 08:43:00 <joehuang> thank you all. Have a nice summer holiday 08:43:09 <joehuang> thanks. bye 08:43:15 <fzdarsky> thanks, bye 08:43:19 <joehuang> #endmeeting