#opnfv-meeting log

08:03:26 <joehuang> #startmeeting multisite
08:03:26 <collabot> Meeting started Thu Jan  5 08:03:26 2017 UTC.  The chair is joehuang. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:03:26 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
08:03:26 <collabot> The meeting name has been set to 'multisite'
08:03:49 <goutham_pratapa> we have to discuss about the keypair syncing part..
08:03:49 <joehuang> #topic rollcall
08:03:57 <joehuang> #info joehuang
08:03:58 <goutham_pratapa> #info goutham
08:04:07 <joehuang> #topic keypari sync
08:04:47 <goutham_pratapa> as per your comments even i think user-id must not be exposed in the curl-request
08:05:10 <goutham_pratapa> i have gone through "nova keypairs" in this regard..
08:05:32 <goutham_pratapa> there he is not exposing the user-id in the curl request
08:05:33 <joehuang> user-id is in the context, I think
08:05:42 <goutham_pratapa> REQ: curl -g -i -X POST http://172.16.73.55:8774/v2.1/os-keypairs
08:05:48 <joehuang> or extract from the header
08:06:04 <joehuang> which could be get from the token
08:06:35 <goutham_pratapa> i took "nova keypair-list --user " as  reference and i noticed that user-id in the body
08:06:48 <joehuang> in body?
08:07:09 <joehuang> this is list command, how about keypair creation command
08:07:20 <goutham_pratapa> in keypair creation as well
08:07:54 <joehuang> so user id is part of the body
08:08:01 <joehuang> let me check
08:08:14 <goutham_pratapa> https://hastebin.com/utoseyodih.py
08:08:18 <goutham_pratapa> see i have sent the code
08:08:53 <goutham_pratapa> if admin is creating keypair for other user
08:09:21 <goutham_pratapa> if user wants to create a keypair for himself  he is getting from context
08:09:37 <joehuang> yes
08:09:48 <joehuang> user-id is only for admin to specify
08:09:55 <goutham_pratapa> yes.
08:09:56 <joehuang> The user_id for a keypair. This allows administrative users to upload keys for other users than themselves
08:10:18 <joehuang> so user-id either from context or from body
08:10:37 <goutham_pratapa> yes we have to change it in that way..
08:10:43 <goutham_pratapa> i guess in our kingbird.
08:11:12 <joehuang> great, this is one important improvement
08:11:40 <joehuang> #info user-id for keypaire obtained from context or from the body
08:12:07 <goutham_pratapa> so i have been working in the above fashion
08:12:18 <joehuang> thanks a lot
08:12:22 <goutham_pratapa> and i found something interesting
08:12:39 <goutham_pratapa> in quota-management
08:13:04 <goutham_pratapa> i will show an example just a second.
08:13:10 <joehuang> please
08:14:07 <goutham_pratapa> http://$kb_ip_addr:8118/v1.0/$admin_tenant_id/os-quota-sets/defaults  -- this is our curl request for getting the default limits and i tried replacing that with some random value and even then it worked.
08:14:35 <joehuang> random value for which one?
08:14:45 <goutham_pratapa> like example http://$kb_ip_addr:8118/v1.0/quota/os-quota-sets/defaults
08:15:29 <joehuang> the $admin_tenant_id should be verified uuid_like
08:15:43 <joehuang> there is one function to test whether it's a uuid or not
08:16:12 <goutham_pratapa> yes, it has to be a uuid this is a negative test -- you replace quota with "goutham" it worked.. and i have gone through the code as well i think we are validating anything as such
08:16:45 <joehuang> no uuid like validation, I think
08:16:54 <goutham_pratapa> to verify as we have "kingbird quota defaults" working i changed the curl request in the kbclient
08:16:59 <goutham_pratapa> even then it worked..
08:17:39 <joehuang> how do you change the request
08:17:57 <goutham_pratapa> yes we are checking whether it is admin or not which inturn is decided in token-request.json -- while using the CURL requests manually..
08:18:46 <goutham_pratapa> i have hardcoded the url in this fashionn https://hastebin.com/iqasuxovuv.py
08:19:15 <goutham_pratapa> in "/usr/local/lib/python2.7/dist-packages/kingbirdclient/api/v1/quota_manager.py"
08:20:02 <joehuang> the kingbird service url is discoverd from keystone
08:20:11 <joehuang> i.e endpoint
08:20:14 <goutham_pratapa> i mean the curl request
08:20:25 <goutham_pratapa> i am sorry i should not use url
08:20:39 <goutham_pratapa> the curl request i mean..
08:20:51 <joehuang> if it's https://hastebin.com/iqasuxovuv.py, kingbird should return resource not find if the command can go to kb-api
08:21:37 <goutham_pratapa> "/$admin_tenant_id/os-quota-sets/defaults" this is replaced with  'keypair/os-quota-sets/defaults' in kb client
08:21:56 <goutham_pratapa> it reached kb-api and i got the output.
08:23:02 <goutham_pratapa> we have to have a proper validation for that as well ..
08:23:48 <goutham_pratapa> i hope we are clear with the issue. if u want i will explain again :)
08:25:05 <joehuang> it shuold abort for invalid path
08:25:10 <joehuang> for example
08:25:14 <joehuang> @index.when(method='POST')
08:25:15 <joehuang> @index.when(method='PUT')
08:25:15 <joehuang> @index.when(method='DELETE')
08:25:15 <joehuang> @index.when(method='HEAD')
08:25:15 <joehuang> @index.when(method='PATCH')
08:25:17 <joehuang> def not_supported(self):
08:25:19 <joehuang> pecan.abort(405)
08:26:37 <goutham_pratapa> But it didnt happen
08:26:43 <joehuang> ok
08:27:04 <goutham_pratapa> i will verify and provide a commit. if required..
08:27:46 <joehuang> please, it's need strict process for invalid request
08:28:20 <goutham_pratapa> even verifying whether it is UUID is also not good it should be the same as context.project
08:29:09 <goutham_pratapa> only then the request must process . otherwise it is not a good sign
08:29:33 <joehuang> yes
08:30:21 <goutham_pratapa> ok and coming to keypair syncing lets finalize on the curl request. I mean how it should be??
08:31:11 <goutham_pratapa> curl -g -i -X POST http://172.16.73.55:8774/v2.1/os-sync and further details must be in the Body..
08:31:44 <goutham_pratapa> i mean the resource-details, source, target regions must be in the body..
08:31:51 <joehuang> sure
08:32:30 <goutham_pratapa> fine then i will update the doc and we may have to do some change in kingbird/api/controller/root.py to acheive this..
08:32:43 <goutham_pratapa> i will work on this and submit.
08:33:00 <goutham_pratapa> a commit..
08:33:21 <joehuang> ok, I'll review that
08:33:32 <goutham_pratapa> once i am done i will commit..
08:34:09 <goutham_pratapa> and talking about the commits in review..
08:34:23 <joehuang> fine
08:34:41 <goutham_pratapa> i want to discuss about this https://review.openstack.org/#/c/416507/1//COMMIT_MSG
08:35:04 <goutham_pratapa> the comment you posted.. I agree with it.
08:36:11 <goutham_pratapa> But i still have to search to answer your question.. :P
08:36:17 <joehuang> yes, currently kingbird is not able to be installed through pip
08:36:47 <joehuang> not able to list it in the requirements
08:37:26 <goutham_pratapa> ok
08:37:43 <goutham_pratapa> i will look into that..
08:38:00 <goutham_pratapa> https://review.openstack.org/#/c/416186/ -- have you gone through this commit..
08:38:30 <joehuang> yes
08:39:01 <joehuang> look good to me.
08:39:19 <goutham_pratapa> tq
08:39:36 <goutham_pratapa> Please provide comments if any.. :)
08:39:49 <joehuang> will do
08:40:30 <goutham_pratapa> in the agenda there is another topic.. OPNFV D release plan.
08:41:15 <joehuang> maybe we can discuss that when dimitri is back
08:41:33 <goutham_pratapa> i am sorry to ask but because i have joined a bit late what is the dead line to complete keypair syncing and the kb-cli.
08:42:03 <goutham_pratapa> i mean our kingbird goals to be specific..
08:42:27 <joehuang> keep it aligned with OpenStack ocata release schedule
08:42:54 <joehuang> The relesae date for Ocata is around Feb.20
08:43:20 <joehuang> stable branch mainly around Jan 25
08:43:39 <joehuang> but for Kingbird is not cycle based release plan
08:43:51 <joehuang> so the stable branch could be a bit later
08:44:06 <joehuang> and also we need to align with OPNFV D release
08:44:47 <joehuang> which is listed in https://wiki.opnfv.org/display/multisite/Multisite+Release+D+Planning
08:44:55 <goutham_pratapa> we do have things like code-freeze  right?? most likely what will be the date.
08:45:07 <joehuang> stable branch is Jan 26
08:45:55 <goutham_pratapa> ohhh then we have to work faster and harder..  :)
08:47:09 <joehuang> yes
08:48:00 <goutham_pratapa> is there any way to contact you if i have any doubts..
08:48:28 <joehuang> mail-list
08:48:31 <joehuang> or irc
08:48:39 <joehuang> my irc handle is joehuang
08:48:58 <goutham_pratapa> in channel opnfv-meeting ?
08:49:39 <goutham_pratapa> yesterday i tried in opnfv-meeting i couldnot find u .. :(
08:49:50 <joehuang> I mainly stay at #openstack-tricircle, but I can stay at #opnfv-multisite from tomorrow
08:50:18 <goutham_pratapa> ok fine i will ping you in #opnfv-multisite
08:50:20 <joehuang> and at the same time #opnfv-meeting
08:51:00 <goutham_pratapa> ok thanq :)
08:51:03 <joehuang> I am not good at using irssi
08:51:17 <joehuang> sometimes the message will be missed
08:51:22 <joehuang> :(
08:51:32 <joehuang> great
08:51:35 <goutham_pratapa> ok i understand. i will mail you if needed.. thanks for the
08:51:46 <goutham_pratapa> guidance..
08:51:56 <goutham_pratapa> i have nothing more to discuss.. :)
08:52:02 <joehuang> in opnfv mail-list is also good
08:52:06 <joehuang> ok
08:52:15 <joehuang> thank you for attending the meeting
08:52:21 <joehuang> #endmeeting