15:02:35 <sgallagh> #startmeeting rolekit (2015-12-15)
15:02:35 <zodbot> Meeting started Tue Dec 15 15:02:35 2015 UTC.  The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:35 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:02:35 <zodbot> The meeting name has been set to 'rolekit_(2015-12-15)'
15:02:35 <sgallagh> #meetingname rolekitweekly
15:02:35 <sgallagh> #chair sgallagh twoerner nilsph
15:02:35 <sgallagh> #topic init process
15:02:35 <zodbot> The meeting name has been set to 'rolekitweekly'
15:02:35 <zodbot> Current chairs: nilsph sgallagh twoerner
15:02:51 <twoerner> .hello twoerner
15:02:52 <zodbot> twoerner: twoerner 'Thomas Woerner' <twoerner@redhat.com>
15:03:24 <sgallagh> .hello sgallagh
15:03:25 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
15:03:29 <sgallagh> nils: ping
15:03:30 <zodbot> sgallagh: Ping with data, please: https://fedoraproject.org/wiki/No_naked_pings
15:03:38 <sgallagh> ... I deserved that
15:03:40 <nils> .hello nphilipp
15:03:41 <zodbot> nils: nphilipp 'Nils Philippsen' <nphilipp@redhat.com>
15:03:54 <sgallagh> OK, all here.
15:03:59 <sgallagh> #topic Status Update
15:04:21 <sgallagh> I've put a lot of time into the Domain Controller Container role this last week.
15:04:39 <sgallagh> I've made a slight refocusing of it after last week's Server SIG meeting.
15:05:33 <sgallagh> Upstream FreeIPA doesn't feel that it's sufficiently ready to be the default in Fedora Server, so I'm currently building it as an experimental role rather than replacing the RPM-based implementation
15:06:07 <sgallagh> It's coming along well; I expect to have it out for review before the end of the week, barring unforseen bugs.
15:06:28 <sgallagh> #info sgallagh has been working on the Containerized Domain Controller.
15:06:36 <sgallagh> nils: What have you been up to?
15:07:44 <nils> I've looked into documenting implementing a role a little better and kinda found myself wanting to redesign some things before I document them, but first I'd want your input on that :)
15:08:11 <sgallagh> #topic Nils' plans for redesigning roles
15:08:14 <sgallagh> Go on :)
15:08:48 <nils> From the first time I've encountered it, I didn't like the way settings/defaults are defined on the role, i.e. the _DEFAULTS dict which you have to manually copy and extend on derived classes of RoleBase
15:09:42 <nils> There are two aspects here:
15:09:45 <nils> 1) copying and extending manually (which could just be done in a metaclass)
15:10:32 <nils> 2) that it is concentrated in one class member (_DEFAULTS) which e.g. doesn't easily let you document a setting (not in a pydoc-consumable way at least)
15:10:56 <sgallagh> OK
15:11:13 <sgallagh> How do you propose to improve upon it?
15:11:13 <nils> then there are minor warts like that you have to specify ports and services on firewall, even if the role only defines one of both
15:11:36 <sgallagh> nils: Ignore the firewall piece. twoerner is redesigning that anyway.
15:11:47 <nils> heh, it was minor anyway :)
15:12:25 <nils> anyhow, I'd address 1) by a metaclass which does the copying and extending
15:13:16 <sgallagh> nils: Any chance that could also fix the part where we have to manually copy the defaults into the values dict in deploy()?
15:13:57 <sgallagh> /me notes that this gets tricky when dealing with how to save the options back to the JSON later.
15:13:59 <nils> I'd need to look at deploy() to make sure.
15:14:13 <sgallagh> particularly with regards to being able to suppress some entries (like passwords)
15:14:27 <nils> let me run my speech and address that then :)
15:14:52 <nils> For 2) I'd like to copy a pattern which I've seen in other frameworks, where you specify parameters/settings by declaring objects of e.g. a Param type.
15:14:56 <nils> E.g.:
15:14:57 <twoerner> nils: maybe we can talk about the issues with ports and services tomorrow
15:15:04 <nils> class FooRole(RoleBase):
15:15:46 <nils> some_setting = Param(default=5)
15:15:57 <nils> password = Param(sensitive=True)
15:16:38 <nils> and we'd have something that converts all the settings/parameters defined on the class into a (JSON) dict
15:17:02 <nils> and the scrubbing function would then unset all parameters that have the sensitive flag set on it
15:17:48 <nils> This would give us a way to set arbitrary metadata for each param (default, help, sensitive, maybe even type constraints) and "do stuff" with it
15:18:31 <sgallagh> nils: As far as the type constraint stuff, maybe we could refactor the type-checking stuff we do into that as well.
15:18:34 <nils> twoerner: ports/services -- it's just something I noticed that you have to set both, but if you redesign this anyway....
15:18:44 <nils> sgallagh: of course, that's why I mentioned it
15:19:13 <sgallagh> nils: I'm generally in favor of this plan. I'm not a fan of how we do it today in any case.
15:19:23 <sgallagh> twoerner: Any reservations?
15:20:15 <nils> Of course I can still document the status quo, but if I can get around that I won't lament it :)
15:20:46 <sgallagh> nils: Well, the original task was "get the role infrastructure in shape to allow third-party roles"
15:20:58 <nils> And people who have worked with frameworks that use a similar pattern (e.g. sqlalchemy, toscawidgets) would instantly feel "at home"
15:21:08 <sgallagh> We reduced it to "document it" because you initially said it didn't need much work. If you are revising that statement, I trust you :)
15:21:21 <nils> ah ok, then my idea is even on topic for it :)
15:22:02 <nils> I guess I initially misunderstood a great deal about that task, but I'm progressing
15:22:09 <nils> or so I think
15:22:18 <twoerner> sgallagh: the only thing that comes into my mind is that it needs to make sure that we still are able to provide information on the role settings in DBusRole
15:22:31 <nils> I don't see why not
15:23:01 <sgallagh> nils: No problem. If we terminate this task in a more maintainable state, I'll call that a victory :)
15:23:47 <nils> twoerner: you know the code better than I do, do you see a stumbling block regarding role setting in DBusRole?
15:26:51 <twoerner> nils: not a stumbling block.. but you will need to adapt RoleBase and DBusRole
15:27:02 <nils> yeah I guess so
15:29:39 <sgallagh> OK, so anything else here?
15:29:48 <twoerner> nope
15:29:58 <sgallagh> #info nils is looking at reworking how default settings works in roles to make it more approachable
15:29:59 <twoerner> I do not think so
15:30:02 <nils> no, I said all I had in mind
15:30:11 <sgallagh> #topic twoerner's magical mystery tour of firewalls
15:30:15 <nils> haha
15:30:28 * twoerner thinks about leaving.. :-)
15:30:43 <nils> http://thedailyorbit.com/wp-content/uploads/2013/11/MysteryMen.jpg
15:30:51 <nils> that's how I picture us now
15:32:52 <sgallagh> nils: Just... don't try to turn invisible
15:32:57 <nils> hahaha
15:33:00 <sgallagh> twoerner: So how is it going?
15:33:07 <nils> sgallagh: pull my finger :P
15:33:29 <sgallagh> How did we get here from a Beatles reference...?
15:33:39 <nils> damn quick
15:33:44 <twoerner> ohh yes
15:33:47 <twoerner> too quick
15:34:25 <twoerner> I only progressed a bit on the firewall pieces for rolekit
15:35:12 <twoerner> the automatic port reshuffle is not planned anymore, right?
15:35:22 <sgallagh> twoerner: "automatic port reshuffle"?
15:35:37 <sgallagh> (That sounds like an awesome Electronica song...)
15:35:39 <twoerner> to move ports to a higher port range
15:36:53 <sgallagh> Oh, you mean by simple offset?
15:36:59 <twoerner> I have to admit that I was working mostly on firewalld again
15:37:07 <twoerner> yes, by simple offset
15:38:36 <sgallagh> Yeah, I don't think that's ever going to be a sane approach
15:38:42 <twoerner> I hope to have time to concentrate on the rolekit firewall stuff in the end of the week, when the new firewalld version is out
15:38:46 <sgallagh> ok
15:39:06 <twoerner> I have done some nice improvements
15:39:29 <twoerner> like for example to be able to add lots of rules (20000) in 1 second
15:40:14 <sgallagh> Nifty
15:40:40 <twoerner> but this required also some selinux adaptions
15:40:44 <sgallagh> OK, so there's not much to report here. That's fine.
15:40:53 <sgallagh> #topic Open Floor
15:40:54 <nils> twoerner: when are you going to fly past netfilter processing the rules? ;)
15:40:55 <twoerner> yes, not much, I am sorry
15:41:19 <sgallagh> Anything for open floor? Otherwise I'll close the meeting. I need a few minutes to prep for the Server SIG meeting :)
15:41:20 <twoerner> with nftables..
15:42:08 <nils> nothing from me
15:42:22 <sgallagh> Alright then
15:42:30 <sgallagh> Talk to you soon
15:42:35 <sgallagh> #endmeeting