Starting with an overview of what is now available with the Policy mechanism, discuss initial and early API access to allow application of Policy against existing services (Session lead is Joseph Heck)
Monday April 16, 2012 9:30am - 10:25am PDT
Seacliff C
This crosses boundaries on a lot of topics; the intent is to allow for multiple instances of keystone and/or multiple instances of service endpoints, sharing and/or delegating trust to relevant systems. (Session lead is Joseph Heck)
Monday April 16, 2012 11:00am - 11:55am PDT
Seacliff C
By storing secret keys inside Keystone, other services can use that key to encrypt per-user data. In this way a security breach (e.g. database leak) won't leak any sensitive information. Further, these secret keys can themselves be stored in an encrypted inside Keystone, such that a Keystone database leak won't leak the secure keys either. Right now I have my own version of Keystone that implements this; I'd like to discuss how it works, and see if we can get similar functionality into the official Keystone server. (Session lead is justinsb)
Monday April 16, 2012 12:00pm - 12:25pm PDT
Seacliff C
Andy Smith and/or Joe Heck to provide an overview of the internal components and internal Keystone (python) API for supporting: * Identity * Catalog * Token * EC2 * Service Explaining the code structure and how to extend to add additional backends. (Session lead is Joseph Heck)
Monday April 16, 2012 2:00pm - 2:25pm PDT
Seacliff C
How to allow for/enable multifactor authentication - pluggable backend for multiple authN sources (ex: mobile authN from verisign but SMS done through Telesign) - Potential out-of-box integration with WikiD - an opensrouce MFA provider- allowing MFA for different tenants/users. Ex: Access to tenant A requires 3 authN but tenant B requires 2. User Jane requires 3 authN but user test_service requires 1. (Session lead is Joseph Heck)
Monday April 16, 2012 2:30pm - 2:55pm PDT
Seacliff C
Adam Young: Authentication in OpenStack is a two part mechanism. The first stage is when the user makes the initial authentication to Keystone, which results in the issue of a token. The second is the use of the token to provide single sign on and delegated authentication throughout the OpenStack cluster. PKI can improve the security of the first stage. It can both help security and scalability of the second. (Session lead is Joseph Heck)
Monday April 16, 2012 3:00pm - 3:25pm PDT
Seacliff C
Discussion of middleware - - where to house it - openstack common overlap - additional/optional metadata desired for passing (Session lead is Joseph Heck)
Monday April 16, 2012 3:30pm - 3:55pm PDT
Seacliff C
Workshop to nail down a prioritized list of additional/expanded REST API for Keystone, revising the existing API to cover holes found in implementations between Diablo and Essex, and to expand to allow future federation capabilities, etc - based on brainstorm sessions in earlier sessions. (Session lead is Joseph Heck)
Monday April 16, 2012 4:30pm - 5:25pm PDT
Seacliff C
Brainstorm session to cover: Test strategy,processes, and Quality Metrics. 1) Test Strategy: Test Strategies to improve quality for Folsom release. 2) Test process Definition: Discussion and concurrence on a) Types of tests – Terminology of smoke, unit, functional, integration, and performance testing. b)Bug Severity definition c) Test coverage Test coverage analysis 3) Quality – Key metrics Discussion with community to identify top 5 key metrics to assess release quality (Session lead is Ravikumar Venkatesan)
Tuesday April 17, 2012 9:00am - 9:55am PDT
Seacliff C
The Openstack Ubuntu Testing project has delivered automated testing of OpenStack Essex on Ubuntu Precise on actual hardware during the 12.04/Essex development cycle. 1) Quick overview of Openstack Ubuntu Testing and current activities. 2) Discussion: - How do we integrate this better into the OpenStack development process to make testing a two way process? - Pre-commit testing on merge proposals? - Feedback into gerrit? - Dealing with issues related to packaging, not openstack - Target hardware configurations - Network topologies - Target components - Currently core only - nova, keystone, glance - Expand to cover swift, melange, quatum, horizon? - Virtualization types - kvm and/or lxc - Juju charm management for testing - Reusing this framework for virtualized testing. (Session lead is James Page)
Tuesday April 17, 2012 10:00am - 10:25am PDT
Seacliff C
How can we improve our smoke testing pipeline so that we catch issues in merge proposal *before* they land? A brief overview of SmokeStack. What it is good at... and how the system might be improved. Discussion Questions: -Gating vs. Pre-gating (commenting on merge proposals)? -How to deal with false negatives? -Speed improvements? Get more resources? Better utilize resources? Does speed matter? -What configurations are the most important? (Libvirt, XenServer, MySQL, PostgreSQL, LDAP, etc) -Multi-node vs. Single node. -Using/building real packages? (Fedora/Ubuntu) -How does config management fit in? (Chef/Puppet) (Session lead is Dan Prince)
Tuesday April 17, 2012 11:00am - 11:55am PDT
Seacliff C
1. Demonstrate Performance Testing OpenStack API using Jmeter open source tool. 2. Present key Performance metrics and benchmarks across OpenStack API. 3. Share source repository and ways to contribute for interested test developers. (Session lead is Rohit Karajgi)
Tuesday April 17, 2012 12:00pm - 12:25pm PDT
Seacliff C
A brainstorming session to consider ways for Glance to better leverage the individual capabilities of various backend stores, for example by supporting: - restartable download of partial images - parallel / S3 multi-part image upload - user-driven selection of variable storage QoS, e.g. S3 Reduced Redundancy Storage - propogation of end-user credentials to Swift in order to allow fine-grained storage quotas to be applied - block-level deduplication in Swift to reduce storage footprint of common image data - opportunistic store-specific optimizations, e.g. internal copy between S3 or Swift images (using x-amz-copy-source for S3->S3 or x-copy-from for Swift->Swift) (Session lead is Eoghan Glynn)
Tuesday April 17, 2012 2:00pm - 2:55pm PDT
Seacliff C
Currently, if nova is configured to use a glance instance, it basically assumes it can also write to that glance (at least for snapshots of the instance). This means that public glance servers aren't really feasible. I'd like to be able to run a public glance server, and configure nova installations to offer images presented there as runnable. Some of the things that would need to be covered here: * local caching of remote images * local storage of snapshots of remote image (Session lead is Scott Moser)
Tuesday April 17, 2012 4:30pm - 4:55pm PDT
Seacliff C
Brainstorm on whether Glance needs to protect itself from inadvertent DDoS'ing by throttling eager clients, and also whether fairness should be enforced by rationing resource usage. The obvious approach would be to model this on nova rate-limiting, possibly leveraging the distributed mechanism provided by Turnstile in the case where the Glance API service is horizontally scaled. However Glance may have additional requirements, for example weighting GET calls on the size of the image returned (which can vary by several orders of magnitude). Also the nova quota/quota-classes API extensions could be useful to re-use, though again Glance may have some special requirements, for example weighting resource usage depending on the backend store in use (limited local filesystem space may for example attract a higher weighting than effectively infinite S3 storage). (Session lead is Eoghan Glynn)
Tuesday April 17, 2012 5:00pm - 5:25pm PDT
Seacliff C
A brainstorm session to consider ways for glance to automatically detect and register images on a backend. This goes somewhat hand-in-hand with NFS backed images, because there are use cases for organizations that already handle image management for bare-metal or other virtualization and should not have to manually register each image when they have hundreds. (Session lead is ChristopherMacGown)
Tuesday April 17, 2012 5:30pm - 5:55pm PDT
Seacliff C
A deep-dive working group session where key blueprints for Horizon will be discussed, and implementation/API details can be worked through. Expected topics include "workflows", consistent ajax data handling, and tenant deletion among others. (Session lead is Gabriel Hurley)
Wednesday April 18, 2012 9:00am - 9:55am PDT
Seacliff C
Discuss the best way to integrate eco-system projects such as Red Dwarf, Atlas, and others in a generic and scalable way. (Session lead is Devin Carlen)
Wednesday April 18, 2012 10:00am - 10:25am PDT
Seacliff C
A deep-dive session on how to build your own Dashboards, Panels, DataTables, TabGroups, and more, plus you'll learn how to integrate them all into your Horizon installation. This is the nuts and bolts for anyone who wants their project to work with the OpenStack Dashboard! (Session lead is Gabriel Hurley)
Wednesday April 18, 2012 11:00am - 12:25pm PDT
Seacliff C
This session will begin with an introduction to the currently proposed design process, including a quick overview on the Human Interface Guidelines document. The rest of the time will be used as a working session to dive in and discuss user experience design for the Horizon Dashboard. (Session lead is Paul Tashima)
Wednesday April 18, 2012 2:00pm - 2:55pm PDT
Seacliff C
Develop a plan for making Quantum a first class citizen within Horizon for Folsom with the goal of providing a great user experience for creating and managing virtual networks. (Session lead is Devin Carlen)
Wednesday April 18, 2012 3:00pm - 3:55pm PDT
Seacliff C
Develop a plan for exposing Swift Recon statistics from within the Horizon system administrator panel. We have an opportunity to gather and present a variety of useful metrics and operational health of a Swift deployment. (Session lead is Devin Carlen)
Wednesday April 18, 2012 4:30pm - 5:25pm PDT
Seacliff C
