OpenStack Developer Mailing List Digest January 14-20

SuccessBot Says

stevemar 1 : number of open keystone bugs < 100!
morgan 2 : Good policy meeting, provided history and background that cleared up a lot of confusion
Tell us yours via OpenStack IRC channels with message “ <message>”
All

FIPS Compliance

Previous threads 3 have been discussing enabling Federal Information Processing Standards (FIPS).
Various OpenStack projects make md5 calls. Not for security purposes, just hash generation, but even that blocks enabling FIPS.
A patch has been proposed for newest versions of Python for users to set if these are used for security or not 4 .

Won’t land until next versions of Python, but in place for current RHEL and CentOS versions.
We will create a wrapper around md5 with a useforsecurity=False parameter to check the signature of hashlib.md5.

Steps forward:

Create the wrapper
Replace all md5 calls in OpenStack projects with the wrapper.

Unfortunately the patch 4 has stopped having progress since 2013. We should get that merged first.

Even if this did land, it would be a while before it was adopted, since it would land in Python 3.7.

Full thread

Refreshing and Revalidating API Compatibility Guidelines

In the last TC meeting 5 , a tag was in review for supporting API compatibility 6 .
The tag evaluates projects by using the API guideline which is out of date 7.

A review has been posted to refresh these guidelines 8 .
API compatibility of overtime is a fundamental aspect of OpenStack interoperability. Not only do we need to get it it right, we need to make sure we understand it.

Full thread

Base Services

in open stack all components can assume that a number of external services won&;t be present and available (e.g. A message queue, database).
The Architecture working group has started this effort 9 .
This proposal 10 is a prerequisite in order for us to have more strategic discussions with adding base services.
Review the proposal and/or join the Architecture working group meeting 11
Once solidified the technical committee will have a final discussion and approval.
Full thread

Improving Vendor Discoverability

In previous Technical Committee meetings, it was agreed that vendor discoverability needs to be improved.
This is done today with the OpenStack Foundation marketplace 12 .

This is powered by the community driven project call driver log which is a big JSON file 13.

Various people in the community did not know the marketplace worked and we&8217;re unhappy that the projects themselves weren&8217;t owning it.
The goal of this discussion is to have this process be more community driven than it is today.
Suggestion: Split driver log into smaller JSON files that are inside each project to maintain.

Projects will set how they validate vendors into this list.
There’s a trend today for third party CI’s being a choice of validation 14.

Full thread

Nominations for OpenStack PTLs Are Now Open!

Will remain open until January 29, 2017 23:45 UTC.
Candidates must submit a text file openstack/election repository 15

Filename convention is $cyclename/$projectname/$ircname.txt.
To be eligible, you need to have contributed an accepted patch to one of the corresponding program’s projects 16 during the Neutron-Ocata timeframe (April 11, 2016 00:00 UTC to January 23, 2017 23:59 UTC).

Additional information about the nomination process 17
Approved candidates will be listed 18.
Electorate should confirm their email address in Gerrit 19 in Settings ←Contact Information ←Preferred Email prior to Jan 25, 2017 23:59 UTC.
Full thread

The Process of Creating stable/ocata branches

As previously mentioned 20, it’s possible for teams to setup stable branches when ready.
The release team will not be automatically setting up branches this cycle.

The release liaison within teams will need to inform when ready.
The PTL or release liaison may request a new branch by submitting a patch to the openstack/releases repository specifying the tagged version to be used as the base of the branch.

Guidelines for when projects should branch:

Projects using the cycle-with-milestone release model should include the request for their stable branch along with the RC1 tag request (target week is R-3 week, so use Feb 2 as the deadline)
Library projects should be branched with, or shortly after, their final release this week (use Jan 19 as the deadline)
I will branch the requirements repository shortly after all of the cycle-with-milestone projects have branched. After the   requirements repository is branched and the master requirements list is opened, projects that have not branched will be tested with requirements as the requirements master branch advances and stable/ocata stays stable. Waiting too long to create the stable/ocata branch may result in broken CI jobs in either stable/ocata or master. Don&8217;t delay any further than necessary.
Projects using the cycle-trailing release model should branch by R-0 (23 Feb). The remaining two weeks before the trailing deadline should be used for last-minute fixes, which will need to be backported into the branch to create the final release.
Other projects, including cycle-with-intermediary and independent  projects that create branches, should request their stable branch when they are ready to declare a final version and start working on Pike-related changes. This must be completed before the final release week, use 16 Feb as the deadline.

See the README.rst file in openstack/releases for more details about how to format branch specifications.
Full thread

Why Are Projects Trying To Avoid Barbican, Still?

Some projects are wanting to implement their own secret storage to avoid Barbican or avoid adding a dependency on it.

Some developers are doing this to make the operator’s lives simpler.

Barbican Positives:

Barbican has been around for a few years and deployed by several companies that have probably been audited for security purposes.
Most of the technology involved in Barbican is proven to be secure. This has been analyzed by the OpenStack’s own security group.
Doesn’t have a requirement on hardware TPM, so no hardware cost.
Several services provide the option of using Barbican, but not a hard requirement.

Feedback of problems with Barbican:

Relying on something that cannot be guaranteed will be present in a deployment.

The base service 9 proposal could help with this.

OpenStack specific solution. Some companies are using solutions that integrate with other things:

Keywhiz 21 to work with Kubernetes and their existing systems.

Devstack plugin just sets up Barbican. It’s not actually configuring any existing services to use it.
No fixed key manager for testing. The Barbican team pushed back on maintaining this because it’s not secure.
API stability with version 2 ←3 changes were made without a deprecation path or guarantees.
Tokens are open ended for users. Keystone and Barbican need to be much closer.

Castellan provides an abstraction for key management, but today only Barbican.
Rackspace recently made Barbican available. Maybe it’s easier now to perform an HA deployment.
Full thread

POST /api-wg/news

New guidelines:

Accurate status code vs backwards compatibility 22
Fix no sample file in browser 23

Guidelines proposed for freeze:

Add guidelines on usage of state vs. status 24
Clarify the status values in versions 25
Add guideline for invalid query parameters 26

Under review:

Add guidelines for boolean names 27
Define pagination guidelines 28
Add API capabilities discovery guideline 29

Full thread

Release Countdown for Week R-4 Jan 23-27

Focus:

This week begins feature freeze for all milestone-based projects.
No feature patches should be landed after this point.
PTLs may grant exceptions
Soft string freeze begins.

Review teams should reject any modifications to user-facing strings.

Requirement freeze begins.

Only critical requirements and constraints changes will be allowed.

Release Tasks:

Prepare final release and branch requests for all client libraries.
Review stable branches for unreleased changes and prepare those releases.
Milestone based projects should ensure that membership of $project-release gerri groups is up to date with the team who will finalize the project release.

General Notes:

RC1 target week in R-3 is only one week after freeze.

Important Dates:

Ocata 3 Milestone, with Feature and Requirements Freezes: 26 Jan
Ocata RC1 target: 2 Feb
Ocata Final Release candidate deadline: 16 Feb
Ocata release schedule 30

Full thread

 
[1] &; http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2017-01-18.log.html
[2] &8211; http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2017-01-18.log.html
[3] &8211; http://lists.openstack.org/pipermail/openstack-dev/2016-November/107035.html
[4] &8211; http://bugs.python.org/issue9216
[5] &8211; http://eavesdrop.openstack.org/meetings/tc/2017/tc.2017-01-17-20.00.log.html
[6] &8211; https://review.openstack.org/#/c/418010/
[7] &8211; http://specs.openstack.org/openstack/api-wg/guidelines/evaluating_api_changes.html
[8] &8211; https://review.openstack.org/#/c/421846/
[9] &8211; https://review.openstack.org/421956
[10] &8211; https://review.openstack.org/421957
[11] &8211; http://eavesdrop.openstack.org/
[12] &8211; https://www.openstack.org/marketplace/drivers/
[13] &8211; http://git.openstack.org/cgit/openstack/driverlog/tree/etc/default_data.json
[14] &8211; https://etherpad.openstack.org/p/driverlog-validation
[15] &8211; http://governance.openstack.org/election/how-to-submit-your-candidacy
[16] &8211; http://git.openstack.org/cgit/openstack/governance/tree/reference/projects.yaml
[17] &8211; https://governance.openstack.org/election/
[18] &8211; https://governance.openstack.org/election/pike-ptl-candidates
[19] &8211; https://review.openstack.org
[20] &8211; http://lists.openstack.org/pipermail/openstack-dev/2016-December/108923.html
[21] &8211; https://github.com/square/keywhiz
[22] &8211; https://review.openstack.org/#/c/422264/
[23] &8211; https://review.openstack.org/#/c/421084/
[24] &8211; https://review.openstack.org/#/c/411528/
[25] &8211; https://review.openstack.org/#/c/411849/
[26] &8211; https://review.openstack.org/417441
[27] &8211; https://review.openstack.org/#/c/411529/
[28] &8211; https://review.openstack.org/#/c/390973/
[29] &8211; https://review.openstack.org/#/c/386555/
[30] &8211; http://releases.openstack.org/ocata/schedule.html
Quelle: openstack.org

OpenStack Developer Mailing List Digest September 24-30

Candidate Proposals for TC are now open

Candidate proposals for the Technical committee (9 positions) are open and will remain open until 2016-10-01, 23:45 UTC.
Candidacies must submit a text file to the openstack/election repository [1].
Candidates for the Technical Committee can be any foundation individual member, except the seven TC members who were elected for a one year seat in April [2].
The election will be held from October 3rd through to 23:45 October 8th.
The electorate are foundation individual members that are committers to one of the official programs projects [3] over the Mitaka-Newton timeframe (September 5, 2015 00:00 UTC to September 4, 2016 23:59 UTC).
Current accepted candidates [4]
Full thread

Release countdown for week R-0, 3-7 October

Focus: Final release week. Most project teams should be preparing for the summit in Barcelona.
General notes:

Release management team will tag the final Newton release on October 6th.

Project teams don&;t have to do anything. The release management team will re-tag the commit used in the most recent release candidate listed in openstack/releases.

Projects not following the milestone model will not be re-tagged.
Cycle-trailing projects will be skipped until the trailing deadline.

Release actions

Projects not follow the milestone-based release model who want stable/newton branches created should talk to the release team about their needs. Unbranched projects include:

cloudkitty
fuel
monasca
openstackansible
senlin
solum
tripleo

Important dates:

Newton final release: October 6th
Newton cycle-trailing deadline: October 20th
Ocata Design Summit: October 24-28

Full thread

Removal of Security and OpenStackSalt Project Teams From the Big Tent (cont.)

The change to remove Astara from the big tent was approval by the TC [4].
The TC has appointed Piet Kruithof as PTL of the UX team [5].
Based on the thread discussion [6] and engagements of the team, the Security project team will be kept as is and Rob Clark continuing as PTL [7].
The OpenStackSalt team did not produce any deliverable within the Newton cycle. The removal was approved by the current Salt team PTL and the TC [8].
Full thread

 
[1] &; http://governance.openstack.org/election/-to-submit-your-candidacy
[2] &8211; https://wiki.openstack.org/wiki/TC_Elections_April_2016#
[3] &8211; http://git.openstack.org/cgit/openstack/governance/tree/reference/projects.yaml?id=sept-2016-elections
[4] &8211; https://review.openstack.org/#/c/376609/
[5] &8211; http://eavesdrop.openstack.org/meetings/tc/2016/tc.2016-09-27-20.01.html
[6] &8211; http://lists.openstack.org/pipermail/openstack-dev/2016-September/thread.html#
[7] &8211; http://eavesdrop.openstack.org/meetings/tc/2016/tc.2016-09-27-20.01.html
[8] &8211; https://review.openstack.org/#/c/377906/
Quelle: openstack.org

OpenStack Developer Mailing List Digest September 10-16

Nominations for OpenStack PTLs Are Now Open

Will remain open until September 18 23:45 UTC
Submit a text file to the openstack/election repository [1].

File name convention: $cycle_name/$project_name/$ircname.txt

In order to be an elgible candidate (and be allowed to vote) you need to have contributed an accepted patch to one of the program projects during the Mitaka-Newton timeframe.
Additional information [2].
Approved candidates [3]
Elections will start at September 19, 2016 00:00 UTC until September 25 23:45 UTC
Full thread

Design Summit – Proposed Slot Allocation

Proposed slot allocation for project teams at the Ocata design summit in Barcelona [4] based on requests current PTLs have made and adjusted for limit space available.
Kendall Nelson and Thierry will start laying out those sessions over the available rooms and time slots.
Communicated constraints (e.g. Manila not wanting to overlap with Cinder) should be communicated to Thierry asap.
If you don&;t plan to use all of your slots, let Thierry know so they can be given to a team that needs them.
Start working with your team on content you&8217;d like to cover at the summit and warm up those etherpads!
Full thread

OpenStack Principles

A set of OpenStack principles is proposed [5] to accurately capture existing tribal knowledge as a prerequisite for being able to have an open and productive discussions about changing it.
Last time majority of the Technical Committee were together, it was realized that there were a set of unspoken assumptions carried and used to judge things.

These are being captured to empower everyone to actually be able challenge and discuss them.

The principles were started by various TC members who have governance history and know these principles. This was in attempt to document this history to commonly asked questions. These are not by any means final, and the community should participate in discussing them.
Full thread

API Working Group News

Recently merged guidelines

URIs [6]
Links [7]
Version string being parsable [8]

Guidelines Under review

Add a warning about JSON expectations. [9]

Full thread

 
[1] &; http://governance.openstack.org/election/-to-submit-your-candidacy
[2] &8211; https://governance.openstack.org/election/
[3] &8211; http://governance.openstack.org/election/ocata-ptl-candidates
[4] &8211; http://lists.openstack.org/pipermail/openstack-dev/2016-September/103560.html
[5] &8211; https://review.openstack.org/#/c/357260/5
[6] &8211; https://review.openstack.org/322194
[7] &8211; https://review.openstack.org/354266
[8] &8211; https://review.openstack.org/346846
[9] &8211; https://review.openstack.org/#/c/364460/
 
Quelle: openstack.org