openstackgerrit | Maru Newby proposed a change to openstack/swift: Add support for venv-based test run with tox. https://review.openstack.org/3602 | 00:00 |
---|---|---|
*** dtroyer_ has joined #openstack-dev | 00:03 | |
*** russellb has joined #openstack-dev | 00:04 | |
openstackgerrit | Monsyne Dragon proposed a change to openstack/nova: Capture bandwidth usage data before resize. https://review.openstack.org/3603 | 00:04 |
openstackjenkins | Project nova-docs build #2079: SUCCESS in 3 min 8 sec: https://jenkins.openstack.org/job/nova-docs/2079/ | 00:06 |
openstackjenkins | Kevin L. Mitchell: Allow for auditing of API calls. | 00:06 |
*** troytoman is now known as troytoman-away | 00:07 | |
*** dtroyer has quit IRC | 00:07 | |
*** dtroyer_ has quit IRC | 00:08 | |
openstackgerrit | Maru Newby proposed a change to openstack/swift: Add support for venv-based test run with tox. https://review.openstack.org/3602 | 00:11 |
termie | mtaylor: is gerrit mirroring all the branches in given repos? like i want something that points at the essex-3 tag | 00:12 |
termie | mtaylor: for keystoneclient | 00:12 |
*** novas0x2a|laptop has quit IRC | 00:12 | |
*** novas0x2a|laptop has joined #openstack-dev | 00:12 | |
*** davlap has quit IRC | 00:15 | |
jeblair | termie: they are all in gerrit with the same names as in github | 00:16 |
*** sleepsonthefloo has quit IRC | 00:16 | |
termie | jeblair: kk | 00:17 |
*** crobinso has quit IRC | 00:18 | |
*** bencherian has joined #openstack-dev | 00:19 | |
*** crobinso has joined #openstack-dev | 00:19 | |
jeblair | termie: pip install -e git+https://review.openstack.org/p/openstack/python-keystoneclient@essex-3#egg=python-keystoneclient should work (assuming that's what you're trying to do) | 00:19 |
termie | right | 00:19 |
termie | thanks | 00:19 |
jeblair | np | 00:20 |
*** pixelbeat has quit IRC | 00:21 | |
*** Remco_ has quit IRC | 00:22 | |
gyee | termie, yes I am seeing what you seeing now, 6 errors only, 18 skipped | 00:23 |
termie | gyee: groovy, i am off fixing those errors now but it will be a little while since a lot of things shifted under my feet twoish days ago | 00:24 |
gyee | termie, no worries, it'll take me awhile to read the new code anyway :) | 00:25 |
gyee | btw, in pip-requires*, the line "-e git+https://" is still not working for me because of firewall issue, I had to manually update python-keystoneclient | 00:28 |
termie | there is a patch to fix that | 00:28 |
gyee | cool | 00:28 |
termie | gyee: monty just proposed it | 00:28 |
termie | about to merge it | 00:28 |
openstackgerrit | Gabriel Hurley proposed a change to openstack/horizon: Reworked all the usage implementations into one standard set. https://review.openstack.org/3604 | 00:31 |
openstackgerrit | Gabriel Hurley proposed a change to openstack/horizon: Handle tenant deletion when a tenant isn't empty. Fixes bug 923951. https://review.openstack.org/3554 | 00:31 |
uvirtbot | Launchpad bug 923951 in horizon "Tenant delete fails when there are users attached" [Medium,In progress] https://launchpad.net/bugs/923951 | 00:31 |
openstackgerrit | Ziad Sawalha proposed a change to openstack/python-novaclient: Handle Ambiguous Endpoints Correctly https://review.openstack.org/3605 | 00:34 |
*** andrewsmedina has quit IRC | 00:34 | |
*** dolphm has joined #openstack-dev | 00:35 | |
*** dolphm has quit IRC | 00:36 | |
openstackgerrit | Ziad Sawalha proposed a change to openstack/python-novaclient: Handle Ambiguous Endpoints Correctly https://review.openstack.org/3605 | 00:37 |
*** zns has quit IRC | 00:38 | |
openstackgerrit | James E. Blair proposed a change to openstack/openstack-ci: Abandon devstack vms that launch slowly. https://review.openstack.org/3606 | 00:41 |
openstackgerrit | dan wendlandt proposed a change to openstack/quantum: bug 924603: fix bad ovs_conf file config https://review.openstack.org/3607 | 00:44 |
uvirtbot | Launchpad bug 924603 in quantum "invalid conf_file config for OVS plugin" [Medium,In progress] https://launchpad.net/bugs/924603 | 00:44 |
*** andrewsmedina has joined #openstack-dev | 00:46 | |
openstackgerrit | Verification of a change to openstack/quantum failed: bug 924603: fix bad ovs_conf file config https://review.openstack.org/3607 | 00:46 |
uvirtbot | Launchpad bug 924603 in quantum "invalid conf_file config for OVS plugin" [Medium,In progress] https://launchpad.net/bugs/924603 | 00:46 |
openstackgerrit | Michael Still proposed a change to openstack/nova: Optionally pass a instance uuid to log methods. https://review.openstack.org/3608 | 00:48 |
openstackgerrit | Verification of a change to openstack/nova failed: remove non-supported ec2 admin extensions https://review.openstack.org/3599 | 00:58 |
*** ayoung has joined #openstack-dev | 01:01 | |
*** jakedahn has quit IRC | 01:03 | |
*** ayoung has quit IRC | 01:05 | |
*** jog0 has left #openstack-dev | 01:06 | |
gyee | termie, how do I load sampledata in this new low-calorie KSL? | 01:10 |
gyee | nm, I found it under keystone-stable_diablo | 01:11 |
*** reed has quit IRC | 01:14 | |
termie | hmm? | 01:19 |
termie | the usual way to do it would be via https://github.com/cloudbuilders/devstack/blob/ksl/files/keystone_data.sh | 01:20 |
*** adjohn has quit IRC | 01:21 | |
*** adjohn has joined #openstack-dev | 01:21 | |
gyee | that's script doesn't seem to create the admin token | 01:24 |
*** jdg_ has quit IRC | 01:24 | |
termie | the admin token is defined in etc/keystone.conf | 01:25 |
*** jdg has quit IRC | 01:27 | |
*** russellb has quit IRC | 01:28 | |
*** russellb has joined #openstack-dev | 01:28 | |
gyee | termie, any reason why KSL can't include keystone_data.sh in its repo? | 01:30 |
termie | gyee: not particularly, though those users/tenants are specific to devstack | 01:30 |
termie | gyee: i'd rather have something like django's loaddata | 01:30 |
openstackgerrit | Russell Bryant proposed a change to openstack/nova: Fix VPN ping packet length. https://review.openstack.org/3600 | 01:30 |
termie | gyee: the keystone_data.sh was more to be compatible with devstack with fewest changes | 01:31 |
*** misheska has joined #openstack-dev | 01:32 | |
*** ncode has joined #openstack-dev | 01:34 | |
*** ncode has joined #openstack-dev | 01:34 | |
gyee | I really like sampledata.sh, for development purposes | 01:36 |
termie | gyee: well, the tests use fixtures | 01:39 |
termie | gyee: so assuming you are writing unittests you have the equiv | 01:39 |
termie | tests/default_fixtures.py | 01:39 |
*** ayoung has joined #openstack-dev | 01:40 | |
gyee | the old way, I can quickly clone keystone, run sampledata.sh, then run curl to verify an API | 01:40 |
gyee | now it seems I have to do a bunch of other stuff | 01:41 |
termie | gyee: if that is your testing flow then yes you will want to add a script like that | 01:41 |
termie | this has supported our development practices of writing unittests to test things | 01:41 |
*** maplebed has quit IRC | 01:42 | |
gyee | I am not against unit & functional tests | 01:42 |
termie | gyee: you can see how to add such a script quickly however as there are examples in keystone_data.sh and in default_fixtures.py + keystone/test.py | 01:42 |
termie | i'm not against such a thing, there just hasn't been a dire need yet, i'm sure as more developers hop on to the project all kinds of useful additional tools will be asked for and provided | 01:43 |
gyee | sure, I'll convert keystone_data.sh over and stash it locally | 01:43 |
gyee | well, at least provide the same thing in keystone/bin as in essex | 01:44 |
gyee | for us with old habits :) | 01:44 |
*** andrewbogott has quit IRC | 01:44 | |
*** martine has joined #openstack-dev | 01:44 | |
termie | you're welcome to put it in tools as an initial pass | 01:45 |
termie | as i said, i'd prefer a command that is ./bin/keystone-manage load_data some_file.json | 01:45 |
gyee | I was hoping KSL is at least backward compatible for files in bin and etc | 01:46 |
gyee | anyway, no big deal | 01:46 |
termie | nope, api compatibility is what we are after | 01:47 |
termie | things will change around in bin, and you will most likely have the same interface for running the services | 01:47 |
termie | to the extent where things make sense | 01:48 |
termie | one of the goals was to remove unnecessary stuff | 01:48 |
gyee | understood, but if I have scripts to automatically pull down keystone, they run some sanity tests before putting it into my dev env | 01:48 |
gyee | I would have to update those scripts for KSL | 01:48 |
termie | yup | 01:49 |
gyee | that's all I am saying | 01:49 |
termie | and by all means, whatever issues you run into attempt to mention and fix them | 01:49 |
*** novas0x2a|laptop has quit IRC | 01:51 | |
*** novas0x2a|laptop has joined #openstack-dev | 01:51 | |
*** bhall has quit IRC | 01:55 | |
openstackgerrit | Chuck Short proposed a change to openstack/nova: Add support for LXC volumes. https://review.openstack.org/3609 | 01:56 |
*** dtroyer has joined #openstack-dev | 01:59 | |
*** pmyers has joined #openstack-dev | 02:00 | |
*** heckj has quit IRC | 02:00 | |
*** ohnoimdead has quit IRC | 02:01 | |
gyee | termie, how do I configure KSL to use sqlite in the backend? | 02:04 |
gyee | right now the data only persist in-memory | 02:04 |
gyee | if I restart keystone, the data's gone | 02:04 |
termie | example is in tests/test_backend_sql.conf | 02:04 |
termie | basically just hcange teh identity backend | 02:04 |
termie | in keystone.conf | 02:04 |
gyee | should sql be the default? | 02:05 |
termie | it should probably be the default now | 02:05 |
gyee | cool, thanks | 02:05 |
*** crobinso has quit IRC | 02:10 | |
*** justinsb has quit IRC | 02:11 | |
gyee | termie, I changed the driver for Identity, I can see bla.db got created | 02:12 |
gyee | but no schema | 02:12 |
*** jdurgin has quit IRC | 02:12 | |
gyee | sqlite3 bla.db | 02:13 |
gyee | .schema returns nothings | 02:13 |
*** jog0 has joined #openstack-dev | 02:15 | |
*** jog0 has left #openstack-dev | 02:15 | |
*** jog0 has quit IRC | 02:15 | |
*** gyee has quit IRC | 02:17 | |
*** rods has joined #openstack-dev | 02:20 | |
*** vincentricci has left #openstack-dev | 02:20 | |
*** _adjohn has joined #openstack-dev | 02:22 | |
*** adjohn has quit IRC | 02:26 | |
*** _adjohn is now known as adjohn | 02:26 | |
*** bencherian has quit IRC | 02:26 | |
*** Ryan_Lane has quit IRC | 02:35 | |
*** deshantm_ has joined #openstack-dev | 02:37 | |
*** deshantm has quit IRC | 02:41 | |
*** rods has quit IRC | 02:46 | |
openstackgerrit | MotoKen proposed a change to openstack/nova: Correct checking existence of security group rule https://review.openstack.org/3569 | 02:48 |
*** adjohn has quit IRC | 02:52 | |
*** andrewsmedina has quit IRC | 03:01 | |
openstackgerrit | James E. Blair proposed a change to openstack/openstack-ci-puppet: Add pandoc to slaves. https://review.openstack.org/3610 | 03:09 |
*** rbasak has quit IRC | 03:12 | |
*** rbasak has joined #openstack-dev | 03:18 | |
*** mnewby has joined #openstack-dev | 03:23 | |
openstackgerrit | anotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions https://review.openstack.org/3599 | 03:24 |
*** danwent has quit IRC | 03:29 | |
openstackgerrit | anotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions https://review.openstack.org/3599 | 03:30 |
*** misheska has quit IRC | 03:31 | |
*** mjfork has quit IRC | 03:35 | |
openstackgerrit | anotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions https://review.openstack.org/3599 | 03:38 |
*** aclark_ has quit IRC | 03:40 | |
openstackgerrit | James E. Blair proposed a change to openstack-ci/git-review: Use dirname instead of basename. https://review.openstack.org/3611 | 03:48 |
*** spiffxp has quit IRC | 03:48 | |
*** rajaram has joined #openstack-dev | 03:48 | |
openstackgerrit | anotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions https://review.openstack.org/3599 | 03:49 |
openstackgerrit | anotherjesse proposed a change to openstack/nova: remove unsupported ec2 extensions https://review.openstack.org/3599 | 04:08 |
*** Ryan_Lane has joined #openstack-dev | 04:08 | |
rmk | There is so little code for KSL | 04:10 |
termie | i hope that is a good thing | 04:14 |
*** spiffxp has joined #openstack-dev | 04:14 | |
rmk | It definitely is, I'm just uncertain of the goal :) | 04:14 |
termie | rmk: one of the common goals of having less code is to improve maintainability | 04:14 |
termie | rmk: also, sometimes less code is required to do things | 04:15 |
rmk | I agree with you there | 04:15 |
rmk | So how do endpoints work for example? | 04:16 |
termie | endpoint templates are templated in some random text format at the moment | 04:18 |
rmk | I see it hard coded in keystone_compat.py | 04:19 |
termie | whoa | 04:19 |
termie | there is no keystone_compat | 04:19 |
termie | so you may be looking at very old code | 04:19 |
rmk | I was looking at the cloudbuilders repo | 04:19 |
rmk | I guess https://github.com/termie/keystonelight is the correct one? | 04:19 |
termie | yeah, or the openstack/keystone/redux branch | 04:19 |
*** danwent has joined #openstack-dev | 04:19 | |
termie | though i am making changes to the termie one | 04:19 |
rmk | OK this makes more sense :) | 04:20 |
termie | so it is the most up to date | 04:20 |
termie | anyway, catalog stuff is, by default, loaded from a flat file | 04:20 |
rmk | Ah yes I see it now | 04:20 |
termie | despite all the work required to deal with catalogs nobody really cares about them it turns out | 04:20 |
rmk | OK this looks a lot more complete | 04:20 |
*** yaguang has joined #openstack-dev | 04:24 | |
openstackgerrit | James E. Blair proposed a change to openstack/openstack-ci: Fix permissions docs. https://review.openstack.org/3612 | 04:27 |
*** martine has quit IRC | 04:28 | |
rmk | termie: Looks quite clean. | 04:28 |
termie | rmk: thanks, looks less that way once you look at it all day, but i still like to think it is a pretty well laid-out project | 04:29 |
*** errr has quit IRC | 04:37 | |
*** errr has joined #openstack-dev | 04:37 | |
*** ncode has quit IRC | 04:39 | |
openstackgerrit | Maru Newby proposed a change to openstack/openstack-chef: Add cookbook for Swift All In One. https://review.openstack.org/3613 | 04:44 |
*** ncode has joined #openstack-dev | 04:46 | |
openstackgerrit | Michael Still proposed a change to openstack/nova: Optionally pass a instance uuid to log methods. https://review.openstack.org/3608 | 04:49 |
*** mnewby has quit IRC | 04:50 | |
*** ncode has quit IRC | 04:52 | |
*** jdg has joined #openstack-dev | 04:59 | |
jdg | mikal: Are you still having trouble building venv on Oneiric? | 05:01 |
mikal | Yeah, I had an error message I was going to send to mtaylor, but I haven't managed to catch him on IRC yet | 05:01 |
jdg | He's the expert, but I can try and help. | 05:01 |
jdg | Can you pastebin the error? | 05:02 |
mikal | Yeah, let me see if I can find it again | 05:03 |
mikal | It was a lxml compile error IIRC | 05:03 |
jdg | Hmmm.... so you added the M2Crypto entry to tools/pip-requires, deleted .venv and ran again... still had an install issue? | 05:05 |
mikal | Yep | 05:05 |
mikal | Is there an openstack pastebin somewhere? | 05:05 |
jdg | mikal: sorry stepped away. Yes: http://paste.openstack.org/ | 05:09 |
jdg | So I think I know what you're missing... or at least one thing. | 05:10 |
mikal | http://paste.openstack.org/show/4624/ | 05:10 |
jdg | mikal: Try this: sudo apt-get install libxml2-dev libxslt-dev | 05:12 |
jdg | Or, actually... start from the top: sudo apt-get install python-dev python-all-dev swig libssl-dev python-pip git python-software-properties build-essential libxml2-dev libxslt-dev | 05:12 |
mikal | Is there a list of what I should have installed somewhere? | 05:13 |
jdg | It'll ignore the ones you already have anyway. | 05:13 |
mikal | Yeah, running it now | 05:13 |
jdg | Yes, for the most part. You can follow this page: http://nova.openstack.org/devref/development.environment.html | 05:13 |
jdg | But I had to install some extra c libs/headers as well. | 05:14 |
jdg | That's the "extra" info I listed above. Also I think Brian Waldon put together a doc today that's mo'better, but I can't remember if it's for devstack environments only. | 05:14 |
*** jakedahn has joined #openstack-dev | 05:16 | |
mikal | Ok. Install done. I'll give that another try. | 05:17 |
bcwaldon | jdg: devstack, yes | 05:17 |
jdg | mikal: You mean just the apt-get install? | 05:17 |
jdg | :) | 05:17 |
mikal | Ahhh, yeah | 05:17 |
bcwaldon | btw, here's what I do to get nova up on an ubuntu machine: apt-get update && apt-get install git python-dev libxslt-dev python-m2crypto mysql-server mysql-client python-mysqldb; | 05:18 |
mikal | Is there more you want me to do before trying again? | 05:18 |
jdg | mikal: nope you're good and it looks like bcwaldon does pretty much the same. | 05:18 |
mikal | Ok, let me give venv another try then... | 05:18 |
jdg | Actually he has a couple extras, if mine does't work for you try what he just listed. | 05:19 |
mikal | Sure | 05:19 |
jdg | I already had things like mysql etc for other projects. | 05:19 |
mikal | This will take a while, I live in the middle of nowhere and the downloads are quite slow | 05:19 |
jdg | :) | 05:19 |
jdg | I'm heading out but I think this is going to work for you. If it doesn't, try the apt-get string that bcwaldon showed above. | 05:20 |
mikal | Sure. Thanks for your help. | 05:20 |
jdg | If it comes back with "missing lib...." etc you can always google that lib to find the apt-get package for it. | 05:21 |
jdg | But really between the two strings above I can't imagine what would be missing (famous last words) | 05:21 |
jdg | Good luck, if you're still stuck in the morning I'm happy to help. | 05:22 |
mikal | Cool | 05:22 |
mikal | Thanks man | 05:22 |
jdg | You bet... I went through the same thing. | 05:22 |
jdg | Later | 05:22 |
*** jdg has quit IRC | 05:29 | |
mikal | Hmmm. boto hates me now. I'm sure that used to work. | 05:35 |
mikal | http://paste.openstack.org/show/4625/ | 05:39 |
openstackgerrit | Brian Waldon proposed a change to openstack/nova: Excise M2Crypto! https://review.openstack.org/3614 | 05:40 |
openstackgerrit | MotoKen proposed a change to openstack/nova: Correct checking existence of security group rule https://review.openstack.org/3569 | 05:46 |
*** nati2 has joined #openstack-dev | 05:49 | |
bcwaldon | mikal: it's not just you having problems installing boto | 05:50 |
bcwaldon | mikal: smokestack is hitting that failure too on venv builds | 05:50 |
mikal | I am glad to learn it is not a personal vendetta against me | 05:50 |
mikal | Seems boto is inside a boto directory now? | 05:50 |
bcwaldon | mikal: no idea, we'll have to wait for maintainers to fix that bad package | 05:51 |
bcwaldon | mikal: you can probably peg your pip-requires at a specific version to get over it for now | 05:52 |
mikal | Oh, its not time critical for me | 05:52 |
mikal | I'll just wait | 05:52 |
*** novas0x2a|laptop has quit IRC | 05:52 | |
*** novas0x2a|laptop has joined #openstack-dev | 05:56 | |
*** jakedahn has quit IRC | 05:56 | |
*** nati2 has quit IRC | 06:11 | |
*** HugoKuo_ has joined #openstack-dev | 06:13 | |
openstackgerrit | dan wendlandt proposed a change to openstack/openstack-manuals: Q-Admin: Update for E-3 milestone. https://review.openstack.org/3491 | 06:18 |
*** deshantm_ has quit IRC | 06:21 | |
*** sandywalsh has quit IRC | 06:24 | |
*** danwent has quit IRC | 06:24 | |
openstackgerrit | Joe Heck proposed a change to openstack/keystone: adding keystone packaging from lp:~ubuntu-server-dev/keystone/essex https://review.openstack.org/3615 | 06:27 |
openstackgerrit | Kei Masumoto proposed a change to openstack/python-novaclient: Adding describe-resource subcommand https://review.openstack.org/3457 | 06:34 |
*** mikal has quit IRC | 06:34 | |
*** bepernoot has joined #openstack-dev | 06:37 | |
openstackgerrit | Kei Masumoto proposed a change to openstack/nova: Fix bug #924093 https://review.openstack.org/3570 | 06:40 |
uvirtbot | Launchpad bug 924093 in nova "describe_resource have to return values with better format" [Undecided,In progress] https://launchpad.net/bugs/924093 | 06:40 |
openstackgerrit | Sapan Kona proposed a change to openstack/tempest: Fixes LP Bug#903977 - Boundary tests for list servers https://review.openstack.org/2503 | 06:44 |
openstackgerrit | Sumit Naiksatam proposed a change to openstack/quantum: blueprint quantum-linux-bridge-plugin https://review.openstack.org/3278 | 06:50 |
*** ncode has joined #openstack-dev | 06:52 | |
*** ncode has joined #openstack-dev | 06:52 | |
*** spiffxp has quit IRC | 06:55 | |
*** sandywalsh has joined #openstack-dev | 06:58 | |
*** spiffxp has joined #openstack-dev | 06:58 | |
*** bepernoot has quit IRC | 06:59 | |
openstackgerrit | Brian Waldon proposed a change to openstack/nova: Excise M2Crypto! https://review.openstack.org/3614 | 07:02 |
openstackgerrit | Thorsten Tarrach proposed a change to openstack/nova: fixed bug 920856 https://review.openstack.org/3571 | 07:20 |
uvirtbot | Launchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,In progress] https://launchpad.net/bugs/920856 | 07:20 |
*** spiffxp has quit IRC | 07:22 | |
openstackgerrit | Brian Waldon proposed a change to openstack/nova: Expand policies for admin_actions extension https://review.openstack.org/3617 | 07:32 |
*** yaguang has quit IRC | 07:34 | |
*** yaguang has joined #openstack-dev | 07:47 | |
*** lloydde has quit IRC | 07:50 | |
*** apevec has joined #openstack-dev | 08:11 | |
*** reidrac has joined #openstack-dev | 08:16 | |
*** Ryan_Lane has quit IRC | 08:19 | |
*** eglynn has quit IRC | 08:25 | |
*** Remco_ has joined #openstack-dev | 08:32 | |
*** yaguang has quit IRC | 08:34 | |
*** Mandell_ has quit IRC | 08:36 | |
*** hashar has joined #openstack-dev | 08:49 | |
*** johnpostlethwait has joined #openstack-dev | 08:54 | |
*** eglynn has joined #openstack-dev | 08:57 | |
*** yaguang has joined #openstack-dev | 09:01 | |
*** Remco_ has quit IRC | 09:14 | |
*** Remco_ has joined #openstack-dev | 09:16 | |
*** johnpostlethwait has quit IRC | 09:17 | |
*** kyriakos has joined #openstack-dev | 09:18 | |
*** pixelbeat has joined #openstack-dev | 09:33 | |
*** darraghb has joined #openstack-dev | 09:46 | |
*** eglynn has quit IRC | 09:58 | |
*** ncode has quit IRC | 10:02 | |
*** mikal has joined #openstack-dev | 10:22 | |
*** andrewsmedina has joined #openstack-dev | 10:41 | |
openstackgerrit | Isaku Yamahata proposed a change to openstack/quantum: plugin: introduce ryu plugin https://review.openstack.org/3618 | 10:43 |
*** yaguang has quit IRC | 10:43 | |
*** yamahata has joined #openstack-dev | 10:47 | |
*** eglynn has joined #openstack-dev | 10:49 | |
*** yaguang has joined #openstack-dev | 10:57 | |
*** rajaram has quit IRC | 11:00 | |
*** Remco_ has quit IRC | 11:05 | |
*** Remco__ has joined #openstack-dev | 11:05 | |
*** Remco_ has joined #openstack-dev | 11:06 | |
*** Remco_ has quit IRC | 11:06 | |
*** Remco_ has joined #openstack-dev | 11:07 | |
*** Remco__ has quit IRC | 11:09 | |
*** rajaram has joined #openstack-dev | 11:09 | |
*** Remco_ has quit IRC | 11:11 | |
openstackgerrit | linuxjedi proposed a change to openstack/openstack-ci-puppet: Fix lodgeit used in puppet https://review.openstack.org/3619 | 11:15 |
*** hashar has quit IRC | 11:15 | |
*** andrewsmedina has quit IRC | 11:17 | |
*** derekh has joined #openstack-dev | 11:28 | |
*** andrewsmedina has joined #openstack-dev | 11:39 | |
*** rkukura has joined #openstack-dev | 11:47 | |
*** markmc has joined #openstack-dev | 11:56 | |
*** derekh has quit IRC | 11:56 | |
*** PotHix has joined #openstack-dev | 12:15 | |
*** yaguang has quit IRC | 12:27 | |
openstackgerrit | Armando Migliaccio proposed a change to openstack/nova: bug 924266: connection_type and firewall_driver flags mismatch https://review.openstack.org/3578 | 12:37 |
uvirtbot | Launchpad bug 924266 in nova "connection_type and firewall_driver flags mismatch" [Undecided,In progress] https://launchpad.net/bugs/924266 | 12:37 |
openstackgerrit | reynolds.chin proposed a change to openstack/glance: blueprint progressbar-upload-image https://review.openstack.org/3620 | 12:43 |
openstackgerrit | reynolds.chin proposed a change to openstack/glance: blueprint progressbar-upload-image https://review.openstack.org/2994 | 12:43 |
*** hashar has joined #openstack-dev | 12:48 | |
*** sandywalsh has quit IRC | 12:48 | |
*** bsza has joined #openstack-dev | 12:50 | |
openstackgerrit | linuxjedi proposed a change to openstack/openstack-ci: Add documentation for the puppet lodgeit module https://review.openstack.org/3621 | 12:52 |
*** sandywalsh has joined #openstack-dev | 13:02 | |
*** crobinso has joined #openstack-dev | 13:04 | |
morellon | does anyone know how can I get my contributor's agreement to be added to my gerrit's account? | 13:08 |
*** ncode has joined #openstack-dev | 13:10 | |
*** ncode has joined #openstack-dev | 13:10 | |
*** dprince has joined #openstack-dev | 13:16 | |
*** rajaram has quit IRC | 13:22 | |
LinuxJedi | morellon: it should be automatic when you are approved to join the openstack-cla launchpad group | 13:30 |
morellon | LinuxJedi: thanks! | 13:30 |
*** Remco_ has joined #openstack-dev | 13:30 | |
*** martine has joined #openstack-dev | 13:30 | |
*** lts has joined #openstack-dev | 13:31 | |
*** mjfork has joined #openstack-dev | 13:40 | |
*** mattray has joined #openstack-dev | 13:56 | |
*** dtroyer has quit IRC | 14:03 | |
*** openstack has joined #openstack-dev | 14:08 | |
openstackgerrit | Thiago Morello proposed a change to openstack/python-quantumclient: Log all logs to syslog in addition to any chosen location (as a file or stdout) https://review.openstack.org/3622 | 14:09 |
openstackgerrit | Thorsten Tarrach proposed a change to openstack/nova: fixed bug 920856 https://review.openstack.org/3571 | 14:16 |
uvirtbot | Launchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,In progress] https://launchpad.net/bugs/920856 | 14:16 |
*** deshantm has joined #openstack-dev | 14:18 | |
*** stuntmachine has joined #openstack-dev | 14:20 | |
openstackgerrit | Devdeep Singh proposed a change to openstack/nova: Changes for supporting fast cloning on Xenserver. (Implements https://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver) 1. use_cow_images flag is reused for xenserver to check if copy on write images should be used. 2. image-id is used to https://review.openstack.org/3343 | 14:26 |
*** Remco__ has joined #openstack-dev | 14:32 | |
*** vincentricci has joined #openstack-dev | 14:33 | |
*** Remco_ has quit IRC | 14:35 | |
*** joesavak has joined #openstack-dev | 14:35 | |
*** dtroyer has joined #openstack-dev | 14:46 | |
*** ches has quit IRC | 14:49 | |
*** ches has joined #openstack-dev | 14:49 | |
*** zns has joined #openstack-dev | 14:49 | |
*** rods has joined #openstack-dev | 14:52 | |
*** lloydde has joined #openstack-dev | 14:53 | |
*** dtroyer has quit IRC | 14:57 | |
*** lloydde has quit IRC | 14:58 | |
notmyname | mtaylor: ping | 15:00 |
*** zns1 has joined #openstack-dev | 15:01 | |
openstackgerrit | Thorsten Tarrach proposed a change to openstack/nova: fixed bug 920856 https://review.openstack.org/3571 | 15:01 |
uvirtbot | Launchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,In progress] https://launchpad.net/bugs/920856 | 15:01 |
*** zns has quit IRC | 15:04 | |
*** AlanClark has joined #openstack-dev | 15:06 | |
notmyname | jeblair: ping | 15:06 |
*** bencherian has joined #openstack-dev | 15:13 | |
openstackgerrit | linuxjedi proposed a change to openstack/openstack-ci-puppet: Add backups to lodgeit https://review.openstack.org/3623 | 15:14 |
*** bencherian has quit IRC | 15:15 | |
*** utlemming has quit IRC | 15:19 | |
*** bepernoot has joined #openstack-dev | 15:19 | |
*** dubsquared has joined #openstack-dev | 15:20 | |
*** utlemming has joined #openstack-dev | 15:21 | |
*** dolphm has joined #openstack-dev | 15:22 | |
*** dtroyer has joined #openstack-dev | 15:22 | |
openstackgerrit | Verification of a change to openstack/nova failed: Add support for LXC volumes. https://review.openstack.org/3609 | 15:29 |
openstackgerrit | A change to openstack/nova has been rejected: Excise M2Crypto! https://review.openstack.org/3614 | 15:30 |
vishy | sandywalsh: https://bugs.launchpad.net/nova/+bug/885755 | 15:34 |
uvirtbot | Launchpad bug 885755 in nova "Nova and Keystone don't work in multi-zone mode" [High,In progress] | 15:34 |
ttx | vishy: just sent an email about being careful for reviews. | 15:36 |
ttx | vishy: anotherjesse did approve one a bit lightly | 15:36 |
ttx | https://review.openstack.org/#change,3609 | 15:36 |
ttx | This wasn't reviewed by two core devs, and looks like a feature to me | 15:36 |
vishy | hmm | 15:36 |
vishy | oops | 15:36 |
ttx | jenkins, being a good boy, stopped it | 15:37 |
vishy | yay jenkins | 15:37 |
*** stuntmachine has quit IRC | 15:41 | |
ttx | vishy: apparently microsoft is "committed to hyper-V support in OpenStack" whatever that means | 15:41 |
ttx | I just can't see how they could get near-parity in the time remaining | 15:42 |
*** stuntmachine has joined #openstack-dev | 15:44 | |
*** zzed has joined #openstack-dev | 15:47 | |
blamar | bcwaldon: should we cap boto @ 2.1.1 in pip-requires? | 15:48 |
blamar | vishy: ^^ | 15:48 |
sandywalsh | vishy, on it | 15:50 |
dprince | blamar: Yeah. That boto issue caused a bunch of SmokeStack failures yesterday. I downgraded to 2.1.0 and it is fine. | 15:54 |
openstackgerrit | Brian Lamar proposed a change to openstack/nova: Boto 2.2.x failes. Capping pip-requires at 2.1.1 https://review.openstack.org/3624 | 15:56 |
dprince | blamar: what are the reasons behind capping it... vs. just getting boto fixed? | 15:58 |
dprince | blamar: we'd need to cap it in glance too BTW. | 15:58 |
blamar | dprince: I've always held the belief that it's silly that when other pieces of software release new versions they can break my build process until they can be contacted | 15:59 |
dprince | blamar: I'm Okay working around this... I patch the unit test runner so it uses the backdated version for now. | 15:59 |
dprince | blamar: Then why not nail everything in pip-requires? | 15:59 |
blamar | dprince: If I had my way I would. Most of the stuff in there is nailed already | 16:00 |
*** jdg has joined #openstack-dev | 16:00 | |
blamar | dprince: How'd you patch the unit test runner? | 16:01 |
Daviey | annegentle / markmc / mtaylor / jeblair: It seems to make sense for annegentle to have +2/Approved ACL for project:openstack/openstack-manuals branch:stable/* .. can this be done? | 16:01 |
dprince | blamar: sed -e "s|^boto|boto==2.1.0|" -i ./tools/pip-requires | 16:01 |
markmc | Daviey, yep, it makes sense and I'm sure jeblair can make it happen :) | 16:02 |
Daviey | markmc: 'twas really a heads up that i was proposing it :).. So you +1 it aswell, great | 16:03 |
*** reed has joined #openstack-dev | 16:03 | |
annegentle | yay thanks | 16:06 |
*** derekh has joined #openstack-dev | 16:07 | |
*** danwent has joined #openstack-dev | 16:09 | |
openstackgerrit | Verification of a change to openstack/tempest failed: Fixes LP Bug#903977 - Boundary tests for list servers https://review.openstack.org/2503 | 16:09 |
mtaylor | Daviey, markmc: would you oppose adding her to openstack-stable-maint? | 16:11 |
*** reidrac has quit IRC | 16:12 | |
mtaylor | blamar: I've been having the thought recently as well that we should cap all of the versions, so that if someone wants us to use a newer version, that change would get gated just like anything else | 16:13 |
blamar | mtaylor: ++ love it | 16:13 |
mtaylor | notmyname: pong | 16:13 |
Daviey | mtaylor: I think with just annegentle, she can be trusted to Approve appropriate content. However, if another doc specialist wants that branch access... a seperate group should be formed. | 16:14 |
Daviey | markmc: thoughts? | 16:15 |
markmc | mtaylor, don't really mind, but openstack-stable-maint isn't the right thing | 16:16 |
Daviey | The wannabe OCD in me doesn't like it, but there isn't any point in overegineering it. | 16:16 |
markmc | mtaylor, can we not make openstack-stable-maint the reviewer for specific projects ? | 16:16 |
markmc | mtaylor, at the moment, it's just nova and glance | 16:16 |
markmc | mtaylor, for stable/essex, we'll be doing horizon and keystone too I guess | 16:16 |
Daviey | markmc: erm, i thought it was wildcard stable/* | 16:17 |
markmc | Daviey, it is, but it shouldn't be | 16:17 |
Daviey | markmc: why not? | 16:18 |
markmc | Daviey, because keystone and horizon core teams have been responsible for their own stable/diablo | 16:18 |
markmc | Daviey, given that they weren't core in Diablo | 16:18 |
mtaylor | markmc: it's stable/* | 16:19 |
markmc | mtaylor, yes, I know | 16:19 |
Daviey | markmc: That smells like over complicating it IMO | 16:19 |
markmc | mtaylor, I'm saying it shouldn't be :) | 16:19 |
*** cp16net has joined #openstack-dev | 16:19 | |
*** cp16net has quit IRC | 16:20 | |
*** cp16net has joined #openstack-dev | 16:20 | |
Daviey | markmc: Individual members of ~openstack-stable-maint should filter out projects they shouldn't work on IMO | 16:20 |
Daviey | when i say shouldn't, i mean - not comfortable or interested in | 16:20 |
markmc | Daviey, sure, but I see the stable-maint team is collectively only covering core projects (except swift) | 16:24 |
markmc | Daviey, any -core member of any of the projects not covered by stable-maint needs to be able to +2 on their project | 16:25 |
Daviey | markmc: Hmm, was it agreed that ~*-core had +2 on their project regardless? | 16:26 |
Daviey | I thought it was.. | 16:26 |
mtaylor | no, I believe the opposite was agreed | 16:27 |
Daviey | oh | 16:27 |
mtaylor | nope. I was wrong, you were right | 16:27 |
* Daviey is a pile of fail today it seems | 16:27 | |
Daviey | oh, i'm a pile of win it seems | 16:27 |
openstackgerrit | Brian Lamar proposed a change to openstack/glance: Cap boto version at 2.1.1 https://review.openstack.org/3625 | 16:28 |
markmc | Daviey, no, we decided that stable-maint are the folks who know to apply the criteria for backport suitability | 16:28 |
*** danwent has quit IRC | 16:28 | |
*** bepernoot has quit IRC | 16:28 | |
markmc | Daviey, so, only they should be able to +2 on the projects covered by stable-maint | 16:28 |
markmc | mtaylor, basically, I guess I'm saying that the "stable-maint can +2 on stable/diablo" rules should be moved from All-Projects to nova and glance | 16:30 |
Daviey | markmc: i don't see the benefit to that TBH | 16:31 |
markmc | Daviey, https://review.openstack.org/#admin,projects | 16:32 |
markmc | Daviey, any project should be able to have a stable/diablo branch | 16:32 |
markmc | Daviey, and it should not be necessary for all of the core teams of those projects to be added to stable-maint | 16:32 |
markmc | Daviey, what's your objection to what I'm saying? | 16:33 |
Daviey | markmc: I'm not objecting, but i'm suggesting that changing it doesn't add benefit. | 16:34 |
markmc | Daviey, well, it does | 16:34 |
openstackgerrit | Tihomir Trifonov proposed a change to openstack/horizon: Fixed a tupo in Floating IP table header Fixes bug 923281 https://review.openstack.org/3626 | 16:35 |
uvirtbot | Launchpad bug 923281 in horizon "Floating IPs table header typo" [Undecided,Confirmed] https://launchpad.net/bugs/923281 | 16:35 |
Daviey | markmc: With project mindset, a contributor should be able to speak to ~openstack-stable-maint to land any code in stable/* | 16:35 |
Daviey | We are entrusted if we should go for that, or seek guidance. | 16:36 |
* markmc sighs | 16:36 | |
Daviey | naturally, they could speak to a special group that focusses on one project, and we stay out of the way if that is active. | 16:36 |
openstackjenkins | Project nova-docs build #2080: SUCCESS in 3 min 15 sec: https://jenkins.openstack.org/job/nova-docs/2080/ | 16:37 |
openstackjenkins | brian.lamar: Boto 2.2.x failes. Capping pip-requires at 2.1.1 | 16:37 |
*** gyee has joined #openstack-dev | 16:37 | |
markmc | Daviey, all that does is put stable-maint in the way of projects for no reason | 16:38 |
*** spiffxp has joined #openstack-dev | 16:39 | |
Daviey | hmm | 16:40 |
Daviey | I don't see how it is in the way.. It's an /extra/ level of support for a contributor | 16:40 |
Daviey | As in, stable-maint can be ignored if suitable. | 16:40 |
markmc | uh? | 16:41 |
markmc | how can they be ignored if they have to +2 ? | 16:41 |
openstackgerrit | Verification of a change to openstack/openstack-ci failed: Use bundles instead of relocatable virtualenvs. https://review.openstack.org/3050 | 16:42 |
*** vincentricci has quit IRC | 16:44 | |
*** rnirmal has joined #openstack-dev | 16:44 | |
openstackgerrit | p-draigbrady proposed a change to openstack/nova: optimize libvirt raw image handling. Bug 924970 https://review.openstack.org/3627 | 16:45 |
uvirtbot | Launchpad bug 924970 in nova "test timeouts with libvirt raw images" [Undecided,New] https://launchpad.net/bugs/924970 | 16:45 |
*** maplebed has joined #openstack-dev | 16:46 | |
openstackgerrit | Verification of a change to openstack-ci/git-review failed: Use dirname instead of basename. https://review.openstack.org/3611 | 16:48 |
openstackjenkins | Project nova-docs build #2081: SUCCESS in 3 min 3 sec: https://jenkins.openstack.org/job/nova-docs/2081/ | 16:48 |
openstackjenkins | rbryant: Use "display_name" in "nova-manage vm list". | 16:48 |
*** troytoman-away is now known as troytoman | 16:49 | |
Daviey | markmc: no, i'm sugegsting stablemaint CAN +2, but if a specific project wants to work on stable aswell, their core has +2 aswell | 16:53 |
openstackgerrit | Armando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi https://review.openstack.org/3380 | 16:54 |
uvirtbot | Launchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/921087 | 16:54 |
markmc | Daviey, we had a long discussion previously where we agreed that {nova,glance}-core should not have +2 rights on the stable branch | 16:56 |
Daviey | It seems silly to change it, unless there is a complaint from a *-core team IMO. | 16:56 |
*** zzed_ has joined #openstack-dev | 16:56 | |
Daviey | markmc: I thought we ended that with, they SHOULD have +2? | 16:57 |
Daviey | I'd have to refer to my logs i think | 16:57 |
*** zzed_ has quit IRC | 16:57 | |
markmc | Daviey, nope, we didn't - and the permissions in gerrit reflect that decision | 16:57 |
markmc | Daviey, that's why keystone/horizon etc. core teams haven't been able to +2 on their stable/diablo | 16:57 |
*** zzed has quit IRC | 16:58 | |
*** stuntmachine has quit IRC | 16:59 | |
*** jsavak has joined #openstack-dev | 17:00 | |
Daviey | mtaylor: do you remember what direction we went in? | 17:00 |
*** joesavak has quit IRC | 17:00 | |
ttx | markmc: +1 | 17:00 |
Daviey | mtaylor seemed to just confirm that *-core do have +2 | 17:00 |
markmc | Daviey, well, he's wrong :) | 17:00 |
*** novas0x2a|laptop has quit IRC | 17:00 | |
* mtaylor is probably wrong... we should loop in jeblair when he wakes up | 17:00 | |
Daviey | well, i know he's wrong.. but on this specific issue, i'm not sure. | 17:01 |
Daviey | :) | 17:01 |
ttx | I opposed that +2/core/stable policy and would still oppose it. | 17:01 |
ttx | Daviey: and I even discussed it with you | 17:01 |
Daviey | ttx: can you expand on that? | 17:01 |
Kiall | This suggests core do not have +2 .. https://review.openstack.org/#admin,project,All-Projects,access | 17:01 |
*** jaypipes has quit IRC | 17:01 | |
* markmc filed https://bugs.launchpad.net/openstack-ci/+bug/924974 | 17:01 | |
uvirtbot | Launchpad bug 924974 in openstack-ci "openstack-stable-maint only approves stable/diablo reviews for nova and glance" [Undecided,New] | 17:01 |
Kiall | openstack-stable-maint has exclusive +2 on refs/heads/stable/* | 17:01 |
vishy | dprince: thoughts on this: https://review.openstack.org/#change,3578 | 17:02 |
*** rkukura has quit IRC | 17:02 | |
ttx | Daviey: thou shalt not mix groups. Core devs are about reviewing code for correctness. Stable maint are about checking the change is not disruptive. That's two different ways of reviewing | 17:02 |
ttx | Daviey: some people can and will do both, they should be on both groups | 17:02 |
*** eglynn has quit IRC | 17:02 | |
ttx | but assuming all core reviewers can apply stable rules of reviewing is presomptuous | 17:03 |
ttx | so you should not automatically make core reviewers stable reviewers. | 17:03 |
Daviey | Well i agree with that, but i'd also suggest the burden of being stable-maint or *-core implies you have some self imposed limits. | 17:03 |
Daviey | Is that unreasonable? | 17:03 |
ttx | I see no value in making one group part of the other and lose the granularity. | 17:04 |
ttx | just ask interested core people to join the other group. | 17:05 |
ttx | at least it's a conscious decision.. and they can learn the game rules in the process. | 17:05 |
Daviey | true | 17:05 |
ttx | Daviey: I convinced you before. Check your logs. | 17:06 |
markmc | hehe | 17:06 |
Daviey | ttx: Hmm. | 17:06 |
ttx | The groups are about a task to be done. Not about being an elite group of people. | 17:07 |
Daviey | How does stable-maint team dropping review access for non-core projects fit with your definition ttx ? | 17:07 |
LinuxJedi | FYI guys, paste.openstack.org just got migrated to a new server, they may be fluctuations in content whilst the DNS sorts itself out (the TTL is only 5 minutes so shouldn't be too bad) | 17:07 |
ttx | Daviey: could you expand on that ? What are you talking about ? | 17:07 |
*** cp16net_ has joined #openstack-dev | 17:07 | |
Daviey | TBH, providing the reviews get done - i don't really care who does them :) | 17:07 |
Daviey | 17:02 < ttx> Daviey: thou shalt not mix groups. Core devs are about reviewing code for correctness. Stable maint are about checking the change is not disruptive. That's two different ways of reviewing | 17:08 |
Daviey | and bug 924974, seem at odds | 17:08 |
uvirtbot | Launchpad bug 924974 in openstack-ci "openstack-stable-maint only approves stable/diablo reviews for nova and glance" [Undecided,New] https://launchpad.net/bugs/924974 | 17:08 |
openstackgerrit | Russell Bryant proposed a change to openstack/nova: Don't block forever for rpc.(multi)call response. https://review.openstack.org/3628 | 17:09 |
ttx | reading bug | 17:09 |
markmc | Daviey, dude, this isn't hard - stable-maint has only taken on the responsibility of maintaining the stable branch of core projects (except swift) | 17:09 |
Daviey | markmc: It was never my intention for the stable team to limit their interest to core projects. | 17:09 |
*** cp16net has quit IRC | 17:10 | |
markmc | Daviey, hence, having the rule in All-Projects doesn't make sense | 17:10 |
*** cp16net_ is now known as cp16net | 17:10 | |
openstackgerrit | Verification of a change to openstack/nova failed: Optionally pass a instance uuid to log methods. https://review.openstack.org/3608 | 17:10 |
ttx | Daviey: I guess it depends on the scope of stable-maint. My understanding is that it's just official core projects. | 17:10 |
*** jsavak has quit IRC | 17:10 | |
ttx | Daviey: but expanding the scope could be discussed amongst team members | 17:11 |
ttx | Daviey: personally I think it's a slippery slope, but I'm not part of that group | 17:12 |
Daviey | I don't think it's a discussin of expanding scope, it's a discussion of shrinking the scope :) | 17:12 |
Daviey | I still maintain that branches are as supported as those that have interest in them. | 17:14 |
ttx | Daviey: sure. If all members agree that's the scope of the team, why not | 17:15 |
ttx | Daviey: but there seem to be difference of opinion. | 17:15 |
*** eglynn has joined #openstack-dev | 17:16 | |
openstackgerrit | Verification of a change to openstack/python-novaclient failed: Handle Ambiguous Endpoints Correctly https://review.openstack.org/3605 | 17:22 |
*** bepernoot has joined #openstack-dev | 17:23 | |
*** vincentricci has joined #openstack-dev | 17:24 | |
*** armaan has joined #openstack-dev | 17:26 | |
openstackgerrit | Verification of a change to openstack/python-novaclient failed: Handle Ambiguous Endpoints Correctly https://review.openstack.org/3605 | 17:26 |
jk0 | devstack is at it again | 17:28 |
*** Mandell has joined #openstack-dev | 17:28 | |
*** Mandell has quit IRC | 17:28 | |
*** Mandell has joined #openstack-dev | 17:28 | |
ttx | mtaylor: ^ | 17:30 |
openstackjenkins | Project nova-docs build #2082: SUCCESS in 3 min 30 sec: https://jenkins.openstack.org/job/nova-docs/2082/ | 17:34 |
openstackjenkins | * Brian Waldon: Expand policies for admin_actions extension | 17:34 |
openstackjenkins | * thorsten: fixed bug 920856 | 17:34 |
uvirtbot | Launchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,Fix committed] https://launchpad.net/bugs/920856 | 17:34 |
*** Remco__ has quit IRC | 17:34 | |
*** armaan has left #openstack-dev | 17:34 | |
openstackgerrit | Sandy Walsh proposed a change to openstack/nova: Removed zones from api and distributed scheduler https://review.openstack.org/3629 | 17:36 |
*** bepernoot has quit IRC | 17:38 | |
deshantm | pvo: do you use the devstack xen scripts to build your nova domUs? | 17:38 |
deshantm | (anybody can answer that uses it) | 17:39 |
pvo | deshantm: we do not. | 17:39 |
deshantm | ah ok | 17:39 |
pvo | those are Ubuntu based and we use Debian. | 17:39 |
*** armaan has joined #openstack-dev | 17:39 | |
deshantm | do you know who posted those patches? | 17:39 |
pvo | vishy may know. | 17:40 |
deshantm | i knew at one point | 17:40 |
deshantm | I could look it up probably | 17:40 |
deshantm | we are working on adding kronos support now | 17:41 |
*** Ryan_Lane has joined #openstack-dev | 17:41 | |
*** armaan has left #openstack-dev | 17:44 | |
*** eglynn has quit IRC | 17:45 | |
openstackgerrit | Soren Hansen proposed a change to openstack/nova: Remove Hyper-V support https://review.openstack.org/3630 | 17:46 |
*** eglynn has joined #openstack-dev | 17:46 | |
vishy | deshantm: sleepsonthefloor did those scripts | 17:46 |
vishy | deshantm: they are using XCP 5.6 not kronos | 17:47 |
vishy | deshantm: sorry XS-Free 5.6 | 17:47 |
vishy | deshantm: that said, we would love patches to do it with kronos instead | 17:47 |
deshantm | vishy: mcclurmc will have some patches soon | 17:49 |
deshantm | we are testing now | 17:49 |
openstackgerrit | Armando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi https://review.openstack.org/3380 | 17:51 |
uvirtbot | Launchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/921087 | 17:51 |
*** ipl31_ is now known as ipl31 | 17:52 | |
*** mcclurmc has joined #openstack-dev | 17:52 | |
openstackgerrit | Armando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi https://review.openstack.org/3380 | 17:55 |
uvirtbot | Launchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/921087 | 17:55 |
openstackgerrit | Sandy Walsh proposed a change to openstack/nova: Removed zones from api and distributed scheduler https://review.openstack.org/3629 | 17:56 |
*** maplebed has quit IRC | 17:57 | |
*** andrewbogott has joined #openstack-dev | 17:58 | |
*** andrewbogott has quit IRC | 17:58 | |
*** andrewbogott has joined #openstack-dev | 17:58 | |
*** zns1 has quit IRC | 18:01 | |
*** dolphm has quit IRC | 18:02 | |
*** stuntmachine has joined #openstack-dev | 18:02 | |
*** vincentricci has quit IRC | 18:04 | |
*** eglynn has quit IRC | 18:04 | |
*** vincentricci has joined #openstack-dev | 18:04 | |
*** cp16net has quit IRC | 18:04 | |
*** cp16net has joined #openstack-dev | 18:04 | |
*** zzed has joined #openstack-dev | 18:05 | |
*** dolphm has joined #openstack-dev | 18:05 | |
openstackjenkins | Project nova-docs build #2083: SUCCESS in 5 min 36 sec: https://jenkins.openstack.org/job/nova-docs/2083/ | 18:06 |
openstackjenkins | rbryant: Fix broken devref docs. | 18:06 |
*** dolphm has quit IRC | 18:06 | |
*** vincentricci has quit IRC | 18:08 | |
*** vincentricci has joined #openstack-dev | 18:08 | |
*** vincentricci_ has joined #openstack-dev | 18:09 | |
*** vincentricci has quit IRC | 18:09 | |
*** vincentricci_ is now known as vincentricci | 18:09 | |
*** vincentricci has quit IRC | 18:09 | |
*** vincentricci has joined #openstack-dev | 18:09 | |
openstackgerrit | Armando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi https://review.openstack.org/3380 | 18:10 |
uvirtbot | Launchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/921087 | 18:10 |
zul | mtaylor: ping | 18:10 |
zul | or jeblair: ping | 18:11 |
mtaylor | jk0: on it | 18:11 |
*** vincentricci has quit IRC | 18:11 | |
*** vincentricci has joined #openstack-dev | 18:11 | |
*** vincentricci_ has joined #openstack-dev | 18:13 | |
openstackgerrit | Soren Hansen proposed a change to openstack/nova: Remove Hyper-V support https://review.openstack.org/3630 | 18:13 |
*** hashar has quit IRC | 18:13 | |
*** vincentricci_ has quit IRC | 18:13 | |
*** vincentricci_ has joined #openstack-dev | 18:14 | |
*** nati2 has joined #openstack-dev | 18:15 | |
*** jdurgin has joined #openstack-dev | 18:15 | |
*** vincentricci has quit IRC | 18:16 | |
*** vincentricci_ is now known as vincentricci | 18:16 | |
*** zns has joined #openstack-dev | 18:19 | |
*** derekh has quit IRC | 18:21 | |
openstackgerrit | Johannes Erdfelt proposed a change to openstack/nova: Make sure multiple calls to _get_session() aren't nested https://review.openstack.org/3631 | 18:21 |
*** eglynn has joined #openstack-dev | 18:24 | |
*** dolphm has joined #openstack-dev | 18:25 | |
*** nati2 has quit IRC | 18:27 | |
*** david-kranz has joined #openstack-dev | 18:27 | |
*** nati2 has joined #openstack-dev | 18:28 | |
*** adjohn has joined #openstack-dev | 18:29 | |
openstackgerrit | Verification of a change to openstack/nova failed: Optionally pass a instance uuid to log methods. https://review.openstack.org/3608 | 18:31 |
*** dolphm has quit IRC | 18:31 | |
openstackgerrit | Thiago Morello proposed a change to openstack/python-quantumclient: Log all logs to syslog in addition to any chosen location (as a file or stdout) https://review.openstack.org/3622 | 18:32 |
*** darraghb has quit IRC | 18:36 | |
*** rkukura has joined #openstack-dev | 18:36 | |
morellon | PotHix: https://launchpad.net/~openstack-cla | 18:38 |
PotHix | morellon: tks! | 18:38 |
gyee | termie, ut? | 18:44 |
openstackgerrit | Dan Prince proposed a change to openstack/openstack-chef: Remove EC2 admin API. https://review.openstack.org/3632 | 18:44 |
*** novas0x2a|laptop has joined #openstack-dev | 18:46 | |
deshantm | tip of devstack error: http://paste.openstack.org/show/4631/ (known issue?) | 18:47 |
zns | mtaylor, jeblair: could you resubmit https://review.openstack.org/#change,3605 when the problem is solved? It failed because of "No ready nodes" | 18:48 |
mtaylor | zns: yes | 18:49 |
*** danwent has joined #openstack-dev | 18:50 | |
openstackjenkins | Project nova-docs build #2084: SUCCESS in 5 min 59 sec: https://jenkins.openstack.org/job/nova-docs/2084/ | 18:51 |
openstackjenkins | * mark.washenberger: Add mkswap to rootwrap | 18:51 |
openstackjenkins | * motokentsai: Correct checking existence of security group rule | 18:51 |
*** hashar has joined #openstack-dev | 18:53 | |
*** dolphm has joined #openstack-dev | 18:55 | |
*** adjohn has quit IRC | 18:56 | |
*** bepernoot has joined #openstack-dev | 18:56 | |
*** adjohn has joined #openstack-dev | 18:56 | |
*** dolphm_ has joined #openstack-dev | 18:58 | |
termie | gyee: if by "ut?" you mean "ping" then: pong | 18:59 |
*** dolphm has quit IRC | 18:59 | |
gyee | ut = you there | 19:00 |
gyee | yes | 19:00 |
gyee | termie, I still having problem with the KSL sql backend | 19:00 |
termie | gyee: i know, i'm just trying to keep us acting like civilized geeks | 19:00 |
gyee | :) | 19:00 |
termie | gyee: whatcha running into | 19:00 |
*** bepernoot has quit IRC | 19:00 | |
gyee | I changed the driver for Identity to sql | 19:00 |
gyee | I can see bla.db got created when I do keystone-manage user name=blah password=blah .. | 19:01 |
gyee | but it failed at users table doesn't exist | 19:01 |
gyee | I than ran sqlite3 bla.db and do a .schema | 19:01 |
gyee | no tables exist | 19:01 |
gyee | seems like the schema didn't get created | 19:02 |
termie | gyee keystone-manage db_sync | 19:02 |
gyee | am I missing an important parameter in keystone.conf? | 19:02 |
gyee | oh, I need to do that first? | 19:02 |
gyee | thought that's automatic, don't remember having to do that in essex | 19:03 |
termie | gyee: automatically creating a database is a bad thing to do from a sys admin perspective | 19:04 |
termie | anyway, that info hsould be added here: https://github.com/termie/keystonelight/blob/master/docs/source/developing.rst | 19:04 |
openstackjenkins | Project nova-docs build #2085: SUCCESS in 6 min 28 sec: https://jenkins.openstack.org/job/nova-docs/2085/ | 19:07 |
openstackjenkins | Johannes Erdfelt: Make sure multiple calls to _get_session() aren't nested | 19:07 |
gyee | seems like KSL also stands for DIY :) | 19:07 |
termie | gyee: it isn't keystone essex and it doesn't want to be | 19:08 |
*** sleepsonthefloo has joined #openstack-dev | 19:09 | |
adam_g | any nova cores wish to help get this thru before we upload our weekly nova snapshot into ubuntu? https://review.openstack.org/#change,3479 nova-volume is basically useless without it and i'd prefer not to carry a temporary patch | 19:09 |
*** ohnoimdead has joined #openstack-dev | 19:09 | |
adam_g | +1 to requiring manual database migrations and doing away with broken autocreate nonsense | 19:09 |
*** vincentricci_ has joined #openstack-dev | 19:10 | |
*** vincentricci has quit IRC | 19:10 | |
*** vincentricci_ is now known as vincentricci | 19:10 | |
dolphm_ | gyee: keystone proper is *supposed* to make you create your database (and *did*, for a while), but there's an open bug debating the issue (bug 908296) | 19:10 |
uvirtbot | Launchpad bug 908296 in keystone "keystone-manage database sync fails when executed more than once" [Undecided,Confirmed] https://launchpad.net/bugs/908296 | 19:10 |
gyee | understood the "doesn't want to be" part, I am withholding judgment on the "easier to use than essex" part for now :) | 19:12 |
adam_g | glance bug #824794 is a pretty good one against using migrate/sync + autocreation | 19:12 |
uvirtbot | Launchpad bug 824794 in glance "Tables are generated outside of migration process" [Low,In progress] https://launchpad.net/bugs/824794 | 19:12 |
gyee | dolphm_, thanks for the info | 19:13 |
*** sleepsonthefloo has quit IRC | 19:14 | |
*** sleepsonthefloo has joined #openstack-dev | 19:14 | |
openstackgerrit | Brian Waldon proposed a change to openstack/nova: Excise M2Crypto! https://review.openstack.org/3614 | 19:14 |
dolphm_ | adam_g: thanks for the link | 19:15 |
adam_g | dolphm_: likewise, i wasn't aware there was current discussion going on. the issue in glance has been a bit of a nightmare for ubuntu packaging. | 19:18 |
gyee | dalphm_, keystone-manage database sync can't detect the version on the existing db and act accordingly? | 19:18 |
adam_g | dolphm_: some more juicy reading at bug #779311 | 19:18 |
uvirtbot | Launchpad bug 779311 in glance "Glance update for Ubuntu failing" [High,Confirmed] https://launchpad.net/bugs/779311 | 19:18 |
dolphm_ | gyee: no, it can't, but keystone-manage provides a CLI to get you going if you know the version (and we have docs mapping release milestones to db version #'s) | 19:19 |
*** cp16net_ has joined #openstack-dev | 19:19 | |
dolphm_ | gyee: keystone_manage version_control_database --help | 19:19 |
dolphm_ | gyee: keystone_manage goto_database --help | 19:19 |
gyee | yes, I've used it | 19:19 |
gyee | for the domains prototype, the wiki is very helpful | 19:19 |
*** rnirmal has quit IRC | 19:19 | |
gyee | I just wasn't aware that KSL no longer creates the db on startup, now I know | 19:20 |
openstackjenkins | Project nova-docs build #2086: SUCCESS in 6 min 4 sec: https://jenkins.openstack.org/job/nova-docs/2086/ | 19:21 |
openstackjenkins | Jesse Andrews: remove unsupported ec2 extensions | 19:21 |
*** cp16net has quit IRC | 19:21 | |
*** cp16net_ is now known as cp16net | 19:21 | |
termie | gyee, dolphm_ : well, as ksl is versioned from the beginning that part shouldn't be a problem | 19:22 |
termie | gyee, dolphm_: i hope to generate a nice tutorial for getting started with ksl | 19:23 |
gyee | termie, yes, only one script in migrate_repo/versions right now | 19:23 |
*** bepernoot has joined #openstack-dev | 19:23 | |
termie | gyee: good to start with one version if you can manage it ;) stuff will change in there a little bit once there is a slightly more structured way for extensions to do their own versioning | 19:24 |
gyee | termie, I can be the hamster | 19:24 |
gyee | guinea pig I mean | 19:24 |
termie | hehe | 19:24 |
openstackgerrit | Trey Morris proposed a change to openstack/nova: Ties quantum, melange, and nova network model https://review.openstack.org/3309 | 19:25 |
*** mikeyp has joined #openstack-dev | 19:26 | |
*** zzed has quit IRC | 19:27 | |
openstackgerrit | Trey Morris proposed a change to openstack/nova: Ties quantum, melange, and nova network model https://review.openstack.org/3309 | 19:29 |
*** dwalleck_nova has joined #openstack-dev | 19:38 | |
*** Gordonz has joined #openstack-dev | 19:39 | |
openstackgerrit | Verification of a change to openstack/nova failed: Ties quantum, melange, and nova network model https://review.openstack.org/3309 | 19:39 |
*** lloydde has joined #openstack-dev | 19:42 | |
jeblair | annegentle: updated bug 924507 | 19:44 |
uvirtbot | Launchpad bug 924507 in openstack-ci "Need to install pandoc 1.8.1.1 on Jenkins server to automate markdown docs work" [High,Fix committed] https://launchpad.net/bugs/924507 | 19:44 |
annegentle | jeblair: ah, got it about "manuals" v "oneiric" | 19:45 |
*** lloydde has quit IRC | 19:46 | |
annegentle | jeblair: thanks for the quick work, too! | 19:46 |
*** lloydde_ has joined #openstack-dev | 19:46 | |
*** lloydde_ has quit IRC | 19:46 | |
*** novas0x2a|laptop has quit IRC | 19:47 | |
*** novas0x2a|laptop has joined #openstack-dev | 19:47 | |
jeblair | annegentle: np | 19:48 |
*** dubsquared has quit IRC | 19:49 | |
*** _adjohn has joined #openstack-dev | 19:49 | |
*** adjohn has quit IRC | 19:50 | |
*** _adjohn is now known as adjohn | 19:50 | |
*** vincentricci_ has joined #openstack-dev | 19:50 | |
*** vincentricci has quit IRC | 19:51 | |
*** vincentricci_ is now known as vincentricci | 19:51 | |
openstackjenkins | Project nova-docs build #2087: SUCCESS in 5 min 32 sec: https://jenkins.openstack.org/job/nova-docs/2087/ | 19:52 |
openstackjenkins | pbrady: optimize libvirt raw image handling. Bug 924970 | 19:52 |
uvirtbot | Launchpad bug 924970 in nova "test timeouts with libvirt raw images" [Undecided,Fix committed] https://launchpad.net/bugs/924970 | 19:52 |
Vek | is there a list of granted FFEs somewhere? | 19:58 |
openstackgerrit | eglynn proposed a change to openstack/glance: Respawn glance services on unexpected death. https://review.openstack.org/3550 | 19:59 |
*** stuntmachine has quit IRC | 19:59 | |
openstackgerrit | Devdeep Singh proposed a change to openstack/nova: Changes for supporting fast cloning on Xenserver. (Implements https://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver) 1. use_cow_images flag is reused for xenserver to check if copy on write images should be used. 2. image-id is used to https://review.openstack.org/3343 | 19:59 |
*** deshantm has quit IRC | 20:01 | |
*** zzed has joined #openstack-dev | 20:03 | |
*** hashar has joined #openstack-dev | 20:03 | |
*** stuntmachine has joined #openstack-dev | 20:06 | |
openstackgerrit | Verification of a change to openstack/nova failed: Use name filter in GlanceImageService show_by_name https://review.openstack.org/3534 | 20:06 |
openstackjenkins | Project nova-docs build #2088: SUCCESS in 6 min 27 sec: https://jenkins.openstack.org/job/nova-docs/2088/ | 20:07 |
openstackjenkins | alex.meade: Instances to be created with a bookmark link | 20:07 |
openstackgerrit | Johannes Erdfelt proposed a change to openstack/nova: lockfile.FileLock already appends .lock https://review.openstack.org/3633 | 20:08 |
*** bepernoot has quit IRC | 20:12 | |
*** deshantm has joined #openstack-dev | 20:14 | |
openstackgerrit | Ziad Sawalha proposed a change to openstack/nova: Use Keystone Extension Syntax for EC2 Creds https://review.openstack.org/3365 | 20:15 |
*** vincentricci_ has joined #openstack-dev | 20:19 | |
*** vincentricci has quit IRC | 20:19 | |
*** vincentricci_ is now known as vincentricci | 20:19 | |
*** danwent has quit IRC | 20:20 | |
*** nati2 has quit IRC | 20:21 | |
*** novas0x2a|laptop has quit IRC | 20:22 | |
*** novas0x2a|laptop has joined #openstack-dev | 20:23 | |
openstackgerrit | Russell Bryant proposed a change to openstack/nova: Don't block forever for rpc.(multi)call response. https://review.openstack.org/3628 | 20:23 |
*** sandywalsh has quit IRC | 20:25 | |
*** bencherian has joined #openstack-dev | 20:26 | |
*** adjohn has quit IRC | 20:26 | |
*** bencherian has quit IRC | 20:28 | |
*** maplebed has joined #openstack-dev | 20:34 | |
openstackjenkins | Project nova-docs build #2089: SUCCESS in 5 min 37 sec: https://jenkins.openstack.org/job/nova-docs/2089/ | 20:36 |
openstackjenkins | treyemorris: Ties quantum, melange, and nova network model | 20:36 |
*** bepernoot has joined #openstack-dev | 20:36 | |
*** jakedahn has joined #openstack-dev | 20:37 | |
*** jakedahn has joined #openstack-dev | 20:37 | |
openstackgerrit | Alex Meade proposed a change to openstack/nova: Fix logging to log correct filename and line numbers https://review.openstack.org/3634 | 20:37 |
*** sandywalsh has joined #openstack-dev | 20:38 | |
*** bepernoot has quit IRC | 20:44 | |
openstackgerrit | Jake Dahn proposed a change to openstack/horizon: Window now goes as low as 1024px wide without breaking. https://review.openstack.org/3635 | 20:45 |
markmc | vishy, I haz problemz | 20:46 |
vishy | markmc: uhoh | 20:46 |
openstackgerrit | Verification of a change to openstack/nova failed: Respect availability_zone parameter in nova api https://review.openstack.org/2956 | 20:46 |
markmc | vishy, MultiStrOpt is terminally borked | 20:46 |
markmc | vishy, not sure how I didn't notice | 20:47 |
openstackgerrit | Monsyne Dragon proposed a change to openstack/nova: Make parsing of usage stats from XS more robust. https://review.openstack.org/3595 | 20:47 |
markmc | but e.g. | 20:47 |
markmc | [DEFAULT] | 20:47 |
markmc | foo = bar | 20:47 |
markmc | foo = blaa | 20:47 |
markmc | just doesn't make any sense to ConfigParser | 20:47 |
vishy | markmc: uh oh, termie was having some big issues with cfg the other day | 20:47 |
vishy | i wonder if it is related | 20:47 |
markmc | could be | 20:47 |
markmc | now, we don't have many multistr options | 20:48 |
markmc | 5 in fact | 20:48 |
openstackgerrit | Rick Harris proposed a change to openstack/nova: Support custom routes for extensions. https://review.openstack.org/3502 | 20:49 |
markmc | virt_mkfs is only multistr because its values include a comma | 20:49 |
markmc | then there's ldap_dns_servers and list_notifier_drivers | 20:49 |
markmc | which are both a bit dumb because their name is plural | 20:49 |
markmc | i.e. --list_notifier_drivers=foo --list_notifier_drivers=bar makes not much sense | 20:49 |
markmc | then there's osapi_compute_extension and osapi_volume_extension | 20:50 |
markmc | which could just be lists? | 20:50 |
* markmc is inclined to just kill off multistr | 20:50 | |
openstackjenkins | Project nova-docs build #2090: SUCCESS in 5 min 59 sec: https://jenkins.openstack.org/job/nova-docs/2090/ | 20:52 |
openstackjenkins | Johannes Erdfelt: lockfile.FileLock already appends .lock | 20:52 |
*** sandywalsh has quit IRC | 20:54 | |
*** bepernoot has joined #openstack-dev | 20:57 | |
*** n0ano has quit IRC | 20:58 | |
bcwaldon | Vek: Can you revist this? https://review.openstack.org/#change,3526 | 20:59 |
*** bepernoot has quit IRC | 20:59 | |
bcwaldon | vishy: thoughts on https://review.openstack.org/#change,3533 | 21:00 |
mikal | The Jenkins run for https://review.openstack.org/#change,3608 appears to have failed because of a git fetch error. Is there some way I can kick it until it runs again? | 21:01 |
*** dubsquared has joined #openstack-dev | 21:02 | |
*** zzed has quit IRC | 21:02 | |
vishy | bcwaldon: honestly that is a question for the ec2-api team | 21:02 |
vishy | bcwaldon: I don't really care either way | 21:03 |
*** zzed has joined #openstack-dev | 21:03 | |
bcwaldon | vishy: I'm for removing it no matter what since it isnt a valid piece of *any* api | 21:03 |
vishy | oh | 21:03 |
vishy | bcwaldon: then pull it out | 21:03 |
bcwaldon | vishy: its not that we're implementing forward versions | 21:03 |
vishy | bcwaldon: is there a parameter called name? | 21:03 |
vishy | I wonder how jesse missed it in his patch | 21:03 |
bcwaldon | vishy: he was pulling out major pieces, this is one tiny hidden field | 21:04 |
vishy | bcwaldon: snapshot has displayName though | 21:04 |
bcwaldon | vishy: in the ec2 spec? | 21:04 |
*** cp16net has quit IRC | 21:05 | |
vishy | i don't know | 21:05 |
bcwaldon | vishy: http://docs.amazonwebservices.com/AWSEC2/2011-12-15/APIReference/ApiReference-query-DescribeImages.html | 21:05 |
*** cp16net has joined #openstack-dev | 21:05 | |
bcwaldon | vishy: you can see that 'name' is valid in the latest spec for DescribeImages | 21:05 |
vishy | bcwaldon: then rename it to name? | 21:05 |
bcwaldon | vishy: so I think its clear that we *don't* want displayName | 21:05 |
bcwaldon | vishy: right, the question is whether we change to name or drop | 21:05 |
vishy | so that i could go either way on | 21:06 |
bcwaldon | vishy: I vote we drop because implementing part of a future unsupported version is useless | 21:06 |
bcwaldon | euca2ools isnt going to use it | 21:06 |
vishy | does euca2ools support it? | 21:06 |
bcwaldon | we dont tell euca200ls to use the latest version! | 21:06 |
vishy | then we could pull it i guess | 21:06 |
*** bepernoot has joined #openstack-dev | 21:07 | |
bcwaldon | do you know off-hand who I should ping on ec2-api team? | 21:07 |
openstackgerrit | Alex Meade proposed a change to openstack/nova: Fix logging to log correct filename and line numbers https://review.openstack.org/3634 | 21:07 |
*** PotHix has quit IRC | 21:10 | |
vishy | http://wiki.openstack.org/Teams#Nova_EC2_API_Team | 21:10 |
vishy | zul: ^^ | 21:10 |
*** sandywalsh has joined #openstack-dev | 21:10 | |
bcwaldon | zul: around? | 21:10 |
ayoung | termie, vishy, just checking, but for basic authentication in LDAP, we want to follow the practice of doing a simple bind, right? | 21:13 |
*** Remco_ has joined #openstack-dev | 21:14 | |
bcwaldon | johan_-_: thanks for the DH snippet | 21:15 |
bcwaldon | johan_-_: I'll pull it into m y patch | 21:15 |
*** troytoman is now known as troytoman-away | 21:15 | |
vishy | ayoung: define simple bind? | 21:15 |
ayoung | vishy, the LDAP simple bind command? | 21:15 |
Ryan_Lane | ayoung: you mean as opposed to SASL? | 21:15 |
* vishy goes to refresh his memory | 21:15 | |
Ryan_Lane | you'll have widest support with simple bind, rather than SASL | 21:16 |
ayoung | Ryan_Lane, is SASL supported from Eventlet? | 21:16 |
vishy | ayoung: I know there was a patch proposed to add SASL in nova | 21:16 |
vishy | so i think it would be good to support it | 21:16 |
vishy | the python bindings support it | 21:16 |
ayoung | vishy, I was just getting started on the LDAP code, and looking at the existing authenticate calls. | 21:17 |
mikal | vishy: I'm not clear on if there are more changes you want me to make on https://review.openstack.org/#change,2902 | 21:17 |
vishy | I'm ok with it | 21:17 |
ayoung | Usually when you auth to LDAP, you make a simple bind, let the LDAP server hash or whatever it does, and if the bind is successful, treat it as authenticated | 21:18 |
vishy | mikal: perhaps it should explicitly request an FFe | 21:18 |
mikal | I'm composing an email about that now | 21:18 |
mikal | Would you be supportive? | 21:18 |
vishy | yes | 21:18 |
Ryan_Lane | ayoung: well, it depends, there's a number of ways to do it. the most basic is to do a simple bind with userdn and password | 21:18 |
mikal | Cool | 21:18 |
ayoung | Ryan_Lane, right | 21:19 |
Ryan_Lane | ayoung: but SASL is also supported, and is used for GSSAPI and a few other kinds of SASL auth | 21:19 |
dprince | bcwaldon: regarding EC2 API display name. I've always thought our EC2 API was more about functionality than API correctness. If people want displayName then why not keep it? | 21:19 |
Ryan_Lane | ayoung: you should likely start with simple bind, and add SASL later | 21:19 |
mikal | vishy: any thoughts on how to trick jenkins into trying again for https://review.openstack.org/#change,3608 ? | 21:19 |
ayoung | Ryan_Lane, so I am looking at getting parity between the current Keystone impl and Keystone Light. | 21:19 |
ayoung | yes | 21:19 |
dprince | bcwaldon: I mean there are other oddities in that API where we don't explicitly follow the SPEC right? | 21:19 |
ayoung | so SASL would be a new feature, Fremont timeframe | 21:20 |
Ryan_Lane | the current implementation also allows lookup before bind | 21:20 |
bcwaldon | dprince: we're working on removing the extra stuff (jesse's patch just landed to remove ec2adminapi) | 21:20 |
ayoung | Ryan_Lane, yeah, I noticed that. Why? | 21:20 |
Ryan_Lane | where you use a proxy-agent to find a user's DN based on a search attribute, then bind as the user | 21:20 |
bcwaldon | dprince: and I feel like its useless because no major clients are going to pick it up | 21:20 |
openstackgerrit | Dolph Mathews proposed a change to openstack/python-keystoneclient: Simplified method names to be more self explanatory https://review.openstack.org/3636 | 21:20 |
bcwaldon | dprince: and keep in mind 'displayName' is not a valid attribute for images, it would have to be 'name' | 21:20 |
openstackgerrit | Rick Harris proposed a change to openstack/nova: DRYing up Volume/Compute APIRouters https://review.openstack.org/3637 | 21:21 |
Ryan_Lane | ayoung: not all LDAP servers allow anonymous searches, and not all directory information trees keep users in one part of a tree | 21:21 |
dprince | bcwaldon: Sure. Essentially what Justins ticket is about... Honestly. I'm fine either way. Just saying it seems reasonable to keep it if it is useful. | 21:21 |
Ryan_Lane | so, you can't assume testuser is uid=testuser,ou=people,dc=blah,dc=blah | 21:21 |
openstackjenkins | Project nova-docs build #2091: SUCCESS in 6 min 2 sec: https://jenkins.openstack.org/job/nova-docs/2091/ | 21:21 |
openstackjenkins | * Brian Waldon: Use name filter in GlanceImageService show_by_name | 21:21 |
openstackjenkins | * rbryant: Clear out RPC connection pool before exit. | 21:21 |
openstackjenkins | * rbryant: Empty connection pool after test_kombu. | 21:21 |
bcwaldon | dprince: I'm arguing that it isnt useful | 21:21 |
ayoung | Ryan_Lane, right | 21:21 |
Ryan_Lane | also, it could be using a different naming attribute | 21:21 |
Ryan_Lane | so, it could be cn=testuser,ou=people.... | 21:22 |
Ryan_Lane | but LDAP servers generally require a full DN to bind | 21:22 |
Ryan_Lane | it's slightly less efficient do search before bind, but is usually needed | 21:22 |
Ryan_Lane | (memcache is your friend here ;) ) | 21:23 |
openstackgerrit | Verification of a change to openstack/nova failed: Empty connection pool after test_kombu. https://review.openstack.org/3585 | 21:24 |
ayoung | Ryan_Lane, all that makes sense | 21:25 |
*** adjohn has joined #openstack-dev | 21:25 | |
Ryan_Lane | ayoung: I wrote part of the ldap implementation for nova. let me know if you have any questions | 21:25 |
*** dprince has quit IRC | 21:25 | |
ayoung | Ryan_Lane, OK, so my thought was to start by talking to a real LDAP server (even though the tests will run against fakeldap | 21:26 |
ayoung | and to populate it with a few users | 21:26 |
ayoung | and the to start by getting authenticate to work | 21:26 |
ayoung | authenticate requires being able to find a user, and also to find the tenancy | 21:27 |
*** mcclurmc has quit IRC | 21:27 | |
Ryan_Lane | this is for LDAP support in keystone? | 21:27 |
ayoung | Ryan_Lane, yes | 21:27 |
Ryan_Lane | isn't there already an LDAP driver? | 21:27 |
vishy | ayoung: Ryan_Lane rewrote all of my code to make it more LDAPy :) | 21:27 |
ayoung | Ryan_Lane, with the cut over from Keystone to Keystonelight, we lose the current LDAP code | 21:27 |
Ryan_Lane | ah | 21:28 |
*** mcclurmc has joined #openstack-dev | 21:28 | |
vishy | ayoung: are you basing it off one of those codebases? | 21:28 |
openstackgerrit | Brian Waldon proposed a change to openstack/nova: Excise M2Crypto! https://review.openstack.org/3614 | 21:28 |
vishy | probably easier than rewriting everything from scratch | 21:28 |
ayoung | vishy, I'm looking at both keystone-current and nova | 21:28 |
Ryan_Lane | termie mentioned that this support was going to let us munge lookups to existing schema | 21:28 |
vishy | ayoung: cool | 21:28 |
Ryan_Lane | (I like this idea) | 21:29 |
vishy | Ryan_Lane: that would be awesome but i think we have to support creating schema as well | 21:29 |
Ryan_Lane | role support might be hard, though | 21:29 |
vishy | Ryan_Lane: roles/groups are totally inconsistent across installs, yes? | 21:29 |
*** mcclurmc has left #openstack-dev | 21:29 | |
vishy | as in everyone does it differently? | 21:29 |
Ryan_Lane | yep | 21:29 |
vishy | Ryan_Lane: what about AD, does it have a standard for roles/groups? | 21:29 |
termie | Ryan_Lane: i mentioned that that was my plan, i don't know how far along that path ayoung is | 21:29 |
Ryan_Lane | well, groups are mostly easy | 21:30 |
Ryan_Lane | roles are hard | 21:30 |
ayoung | termie, I've barely crossed the woodline | 21:30 |
Ryan_Lane | especially if we need to consider roles with capabilities | 21:30 |
vishy | Ryan_Lane: because i think that would be the most asked for version | 21:30 |
ayoung | Ryan_Lane, but 'groups' are not a Keystone concept. Tenants and Roles are | 21:30 |
Ryan_Lane | vishy: yeah. likely | 21:30 |
vishy | Ryan_Lane: capabilities I think will be stored outside | 21:30 |
Ryan_Lane | ah. ok | 21:30 |
Ryan_Lane | that's easier, then | 21:30 |
vishy | Ryan_Lane: Ldap seems like a pretty nasty place to do it | 21:30 |
Ryan_Lane | +1 | 21:31 |
Ryan_Lane | I completely agree | 21:31 |
vishy | termie: has a policy engine to match roles / actions / objects | 21:31 |
vishy | == capabilities | 21:31 |
Ryan_Lane | I'd likely map groups to tenants | 21:31 |
Ryan_Lane | then make a schema for roles | 21:31 |
*** bepernoot has quit IRC | 21:32 | |
vishy | Ryan_Lane: maybe a more sane schema than the one I had and you modified | 21:32 |
Ryan_Lane | roles aren't consistently implemented anywhere | 21:32 |
vishy | in nova | 21:32 |
Ryan_Lane | heh. yeah | 21:32 |
vishy | that one was a bit of a cluster as i recall | 21:32 |
Ryan_Lane | roles in nova were awkward | 21:32 |
vishy | although it does work! | 21:32 |
Ryan_Lane | it does, yeah | 21:32 |
Ryan_Lane | a tenant just has a list of users, right? | 21:33 |
ayoung | Ryan_Lane, the thing is, I think that a user can only be in one tenant, right? | 21:33 |
termie | ayoung: no | 21:33 |
Ryan_Lane | every LDAP server has some form of group that easily works for this. | 21:33 |
termie | user >-< tenant | 21:33 |
Ryan_Lane | we used groupofnames, right? | 21:34 |
ayoung | termie, so username have to be globally unique? | 21:34 |
Ryan_Lane | no | 21:34 |
vishy | ayoung: no | 21:35 |
termie | ayoung: user.name and user.id, yes | 21:35 |
ayoung | heh | 21:35 |
Ryan_Lane | you use the full DN in groups. | 21:35 |
ayoung | I'll let you fight it out. | 21:35 |
vishy | ayoung: you can have a default tenant, but you can belong to multiple | 21:35 |
termie | people are answering different questiosn | 21:35 |
Ryan_Lane | true | 21:35 |
termie | users and tenants are many to many in the standard data model | 21:35 |
*** mnewby has joined #openstack-dev | 21:36 | |
termie | that does not have to be true for ldap | 21:36 |
openstackgerrit | Lorin Hochstein proposed a change to openstack/openstack-manuals: Keystone config permission should be 0640, not 0644 https://review.openstack.org/3638 | 21:36 |
openstackjenkins | Project nova-docs build #2092: SUCCESS in 5 min 10 sec: https://jenkins.openstack.org/job/nova-docs/2092/ | 21:36 |
openstackjenkins | armando.migliaccio: bug 921087: i18n-key and local-storage hard-coded in xenapi | 21:36 |
uvirtbot | Launchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,Fix committed] https://launchpad.net/bugs/921087 | 21:36 |
*** kpepple has joined #openstack-dev | 21:37 | |
termie | at the moment an expected use case is somebody who is authenticating without specifying the tenant, which means it may be hard to lookup the ldap record | 21:37 |
Ryan_Lane | however, no one sane has non-unique usernames that can be used | 21:37 |
*** deshantm_ has joined #openstack-dev | 21:37 | |
openstackgerrit | Verification of a change to openstack/nova failed: Don't block forever for rpc.(multi)call response. https://review.openstack.org/3628 | 21:37 |
*** apevec has quit IRC | 21:38 | |
Ryan_Lane | userid -> userdn -> group search -> list of groups (tenants) | 21:38 |
termie | Ryan_Lane: and user names and user ids have to be unique, as there are already calls in use that lookup user by name | 21:39 |
vishy | markmc: don't we use it for extensions also? | 21:39 |
vishy | markmc: oh you mentioned that | 21:39 |
Ryan_Lane | termie: makes sense. that's slightly painful, but doable. | 21:39 |
termie | Ryan_Lane: rather painful for a lot of things, unfortunately, i don't think it is the worlds greatest idea | 21:40 |
Ryan_Lane | that means ldap admins are forced to ensure two attributes are unique. most ldap servers have plugins to enforce that, though | 21:40 |
vishy | markmc: list specifications on the commandline aren't quite as pretty, is it really hard to get multistring working? | 21:40 |
Ryan_Lane | is there any way to kill of that requirement in the future? | 21:40 |
termie | Ryan_Lane: not very likely, i've fought it quite a bit already | 21:41 |
openstackgerrit | Soren Hansen proposed a change to openstack/nova: Remove Hyper-V support https://review.openstack.org/3630 | 21:41 |
*** deshantm has quit IRC | 21:41 | |
openstackgerrit | Rick Harris proposed a change to openstack/nova: Improve dom0 and template VM avoidance. https://review.openstack.org/3639 | 21:41 |
termie | Ryan_Lane: when people design systems with multiple unique identifiers it is pretty hard to get rid of it | 21:41 |
Ryan_Lane | right | 21:41 |
termie | Ryan_Lane: ksl started with just id and name==id | 21:41 |
Ryan_Lane | heh | 21:41 |
termie | Ryan_Lane: but everything using keystone uses those inconsistently, and expects name to be mutable but id to not be | 21:42 |
*** novas0x2a|laptop has quit IRC | 21:42 | |
termie | Ryan_Lane: so name needs to be indexed, mutable, and unique | 21:43 |
* termie rolls his eyes | 21:43 | |
openstackgerrit | Todd Willey proposed a change to openstack/nova: Add SSH Bastion support as alternate cloudpipe. https://review.openstack.org/2593 | 21:43 |
Ryan_Lane | ugh | 21:43 |
termie | now, i think ldap can get away with shortcuts | 21:43 |
termie | because i don't think people are expecting to write to ldap from keystone | 21:44 |
Ryan_Lane | oh. it's going to be read-only? | 21:44 |
Ryan_Lane | that makes things quite a bit easier | 21:44 |
termie | the first two layer of implementations will be | 21:44 |
termie | if people really think they need to write to it they can implement the crud extensions and rip their hair out | 21:45 |
ayoung | termie, Ryan_Lane if LDAP is going to be read only, isn't PAM sufficient? | 21:45 |
Ryan_Lane | ugh | 21:45 |
termie | ayoung: for the first level (auth) yes | 21:45 |
Ryan_Lane | please no | 21:45 |
openstackgerrit | Ziad Sawalha proposed a change to openstack/python-novaclient: Region is empty breaks novaclient https://review.openstack.org/3640 | 21:45 |
*** novas0x2a|laptop has joined #openstack-dev | 21:45 | |
ayoung | Ryan_Lane, PAM is already implemented | 21:45 |
vishy | markmc: also, is there a way to do what I mentioned on this branch? https://review.openstack.org/3578 | 21:45 |
termie | ayoung: but the second level ideally handles roles and tenants | 21:45 |
*** andrewsmedina has quit IRC | 21:46 | |
Ryan_Lane | that means the system needs to be configured as an LDAP client | 21:46 |
ayoung | termie, if those are done as groups, PAM should be able to support them as well | 21:46 |
Ryan_Lane | and that *really* sucks | 21:46 |
ayoung | Ryan_Lane, PAM, not NSSwitch | 21:46 |
Ryan_Lane | still requires PAM to be configured for LDAP | 21:46 |
ayoung | right | 21:46 |
ayoung | that is pretty standard, though | 21:47 |
Ryan_Lane | think of the case where the system is already part of an LDAP domain, and it is serving keystone auth for web services | 21:47 |
Ryan_Lane | the keystone auth may not be the same domain | 21:47 |
termie | anyway, people who want to do that will be able to do that with pam, but most of what i've heard from people is that that isn't what they want | 21:47 |
ayoung | OK | 21:47 |
Ryan_Lane | for web auth, it's usually the case that another domain is being used | 21:48 |
openstackgerrit | Verification of a change to openstack/nova failed: Fix VPN ping packet length. https://review.openstack.org/3600 | 21:50 |
Ryan_Lane | roles are implemented per-tenant, and globally? | 21:51 |
termie | Ryan_Lane: roles are associated with user-tenant pairs | 21:51 |
Ryan_Lane | ah, so it's a triple? (user,tenant,role)? | 21:51 |
termie | Ryan_Lane: in the standard data model it is (user, tenant), (roles) | 21:52 |
termie | it is actually (user, tenant), metadata | 21:52 |
Ryan_Lane | this is where LDAP implementation gets painful | 21:52 |
termie | but the main point is get_roles_for_user_tenant(user, tenant) | 21:53 |
termie | should return a list of roles | 21:53 |
openstackgerrit | Verification of a change to openstack/openstack-manuals failed: Keystone config permission should be 0640, not 0644 https://review.openstack.org/3638 | 21:53 |
*** lorin1 has joined #openstack-dev | 21:54 | |
Ryan_Lane | hm | 21:54 |
Ryan_Lane | might be possible to have it as a key-pair on the user's entry | 21:54 |
Ryan_Lane | a multi-value attribute of key-pairs | 21:54 |
termie | Ryan_Lane: how are you making a user part of multiple teantns in ldap? | 21:55 |
*** hashar has quit IRC | 21:55 | |
Ryan_Lane | a tenant is a group with a list of members (which are userdns) | 21:55 |
termie | can you make a tenant a group with a list of sub groups with a list of members? | 21:56 |
Ryan_Lane | that's how we're doing roles right now | 21:56 |
Ryan_Lane | in nova | 21:56 |
termie | it makes roles immutable | 21:56 |
Ryan_Lane | it's awkward, at best | 21:56 |
termie | but -shrug- | 21:56 |
termie | k | 21:56 |
termie | hmm | 21:56 |
openstackgerrit | A change to openstack/horizon has been rejected: Handle tenant deletion when a tenant isn't empty. Fixes bug 923951. https://review.openstack.org/3554 | 21:56 |
uvirtbot | Launchpad bug 923951 in horizon "Tenant delete fails when there are users attached" [Medium,In progress] https://launchpad.net/bugs/923951 | 21:56 |
termie | just make it so that a user can only belong to one tenant in ldap? | 21:56 |
Ryan_Lane | wouldn't that be problematic for nova? | 21:57 |
termie | no, it is just the user model. | 21:57 |
termie | nova doesn't care who you are | 21:57 |
Ryan_Lane | I have users in up to 10-20 nova projects right now | 21:57 |
termie | okay, so you wouldn't be able to use that, but nova doesn't care | 21:58 |
termie | nova does what your user model tells it it can do | 21:58 |
termie | if your user model allows a user in 10 projects, then nova does | 21:58 |
openstackgerrit | Diane Fleming proposed a change to openstack/compute-api: Updating version to v2 from v1.1 https://review.openstack.org/3641 | 21:58 |
Ryan_Lane | it's also good to allow ldap admins to extend the concept of tenants | 21:58 |
*** Gordonz_ has joined #openstack-dev | 21:58 | |
termie | anyway | 21:59 |
*** Gordonz_ has quit IRC | 21:59 | |
*** lorin1 has left #openstack-dev | 21:59 | |
*** Gordonz has quit IRC | 22:00 | |
termie | can we make teantns groups of users, and users are groups of "tenant roles" which are groups of roles? | 22:00 |
*** Gordonz has joined #openstack-dev | 22:01 | |
ayoung | I'd say that a Tenant should be a group, and a user can belong to multple tenancies. If we want, we can define a default tenancy, as there is the concept of a default group | 22:01 |
termie | ayoung: that's besides the point right now, i think | 22:01 |
Ryan_Lane | there needs to be some way to map tenants, groups and roles | 22:01 |
termie | tenants, users and roles | 22:02 |
Ryan_Lane | that's what we are currently discussing. it's a difficult problem | 22:02 |
termie | groups doesn't exist | 22:02 |
Ryan_Lane | err | 22:02 |
Ryan_Lane | sorry | 22:02 |
Ryan_Lane | meant users | 22:02 |
termie | you have a relatively low number of calls you need to fulfiull | 22:02 |
termie | list tenants for user, get user by id, get user by name, get tenant by id, get tenant by name, get roles for user and tenant | 22:03 |
*** david-kranz has quit IRC | 22:03 | |
Ryan_Lane | the last one is the only difficult one | 22:03 |
markmc | vishy, that SetDefault thing should work for armando | 22:03 |
termie | if you make tenants have a groupo f users, and users have a group of "tenant roles" that are groups of roles | 22:03 |
vishy | markmc: yeah that is what I thought, it should be picking it up immediately if it wasn't set already in a config somewhere right? | 22:04 |
ayoung | can't a role be a group as well, with both the tenant and the users that have that role done as member-of | 22:04 |
Ryan_Lane | right, that's doable via a key-pair on the user's entry | 22:04 |
ttx | Ryan_Lane: when do you arrive in Brussels ? | 22:04 |
ayoung | You can also do it via ACIs.... | 22:04 |
* ayoung ducks | 22:04 | |
Ryan_Lane | ttx: the 3rd | 22:04 |
termie | to satisfy the last one you get the user, then you get the "tenant role" gorup for the given tenant, and return the roles listed in that group | 22:04 |
markmc | vishy, if you look at _get() in cfg - the default from set_default() takes preference over the default= passed to StrOpt | 22:04 |
termie | i'm not familiar with how key lookups in ldap work, can you reference other nodes? | 22:05 |
Ryan_Lane | ayoung: a role can be a group, yes | 22:05 |
*** stuntmachine has quit IRC | 22:05 | |
Ryan_Lane | termie: yes and no | 22:05 |
termie | or is each "user" in a tenant group a different entity | 22:05 |
markmc | vishy, self.flags(firewall_driver=...) will override that, though | 22:05 |
ttx | Ryan_Lane: cool. I'm on site already | 22:05 |
markmc | vishy, maybe that's what he's seeing? | 22:05 |
Ryan_Lane | let me pastbin my idea | 22:06 |
openstackjenkins | Project nova-docs build #2093: SUCCESS in 5 min 53 sec: https://jenkins.openstack.org/job/nova-docs/2093/ | 22:06 |
openstackjenkins | rbryant: Fix VPN ping packet length. | 22:06 |
markmc | vishy, better solution might be to just have --libvirt_firewall_driver and --xenapi_firewall_driver and use one of them based on --connection_type | 22:06 |
*** rkukura has quit IRC | 22:08 | |
vishy | markmc: hmm, I'm trying to not break existing configs | 22:08 |
markmc | vishy, sure, okay | 22:08 |
markmc | vishy, well, it's definitely doable - what you suggested should just work, I think | 22:08 |
vishy | markmc: speaking of which, is it hard to add back =True/1 and =False/0 support to bool | 22:08 |
*** bencherian has joined #openstack-dev | 22:08 | |
vishy | markmc: would you mind posting that self.flags(xxx) will override it on the review? | 22:09 |
Ryan_Lane | termie: http://pastebin.com/KkeH9ZwW | 22:09 |
markmc | vishy, it's there for options in the config file, which most of them will be when I post my patches | 22:09 |
Ryan_Lane | of course, it isn't totally necessary to use a full DN for the tenant, but it's good from a referential integrity POV | 22:09 |
vishy | markmc: (in the interest of supporting old flagfiles) | 22:10 |
ayoung | Ryan_Lane, is that syntax legal? | 22:10 |
*** martine has quit IRC | 22:10 | |
ayoung | cn=tenantA,ou=groups,dc=example,dc=org,sysadmin | 22:10 |
termie | Ryan_Lane: http://pastebin.com/HGLGCrAK | 22:10 |
vishy | markmc: although, maybe we should ship a --flagfile -> config converter? | 22:10 |
Ryan_Lane | ayoung: it's a string, you can put whatever you want there | 22:10 |
* ayoung shudders | 22:10 | |
Ryan_Lane | termie: adding entries under entries in LDAP is awkward | 22:10 |
Ryan_Lane | and LDAP admins will revolt if we do that to user accounts. heh | 22:11 |
termie | well, if you are comfortable just filtering the kslrolepair | 22:11 |
termie | then seems fine | 22:11 |
Ryan_Lane | then when you need to rename users, you need to do a subtree rename | 22:11 |
markmc | vishy, I've got conversion code, and it will take --foo=1 from a flagfile and convert that to foo=1 in the generated .ini file | 22:12 |
openstackgerrit | Verification of a change to openstack/nova failed: Support custom routes for extensions. https://review.openstack.org/3502 | 22:12 |
Ryan_Lane | yeah, we'd need to filter the keypair | 22:12 |
ayoung | Could we add the roles as explicit attributes on the tenancy? | 22:12 |
Ryan_Lane | which I guess could get fairly large | 22:12 |
ayoung | how many different roles do we foresee? | 22:12 |
termie | Ryan_Lane: it won't get that large | 22:12 |
markmc | vishy, nice idea on the conversion thing, would just need to add a nova-cfg-convert script using the code I already have | 22:12 |
termie | Ryan_Lane: it will be less than, say, 1000 | 22:13 |
ayoung | With roles, the members fields is kindof meaningless | 22:13 |
Ryan_Lane | ayoung: you need to have some way of maping users into the roles | 22:13 |
ayoung | Ryan_Lane, right. they would be entries in a multivalue attribute named by the role | 22:14 |
ayoung | so a tenant would have an admins fields and that would have one entry per user | 22:14 |
openstackgerrit | A change to openstack/nova has been rejected: Remove Hyper-V support https://review.openstack.org/3630 | 22:14 |
ayoung | yes, it would make it hard to see the generic "is this user a member of this tenant" | 22:14 |
Ryan_Lane | then you need to have an attribute for every role | 22:14 |
ayoung | Ryan_Lane, right | 22:14 |
markmc | vishy, on multistr - I don't think any of those options would be in the CLI anyway, but for the config file ... | 22:15 |
Ryan_Lane | and you'd have to modify the schema every time | 22:15 |
ayoung | how many roles do we realistically expect? | 22:15 |
Ryan_Lane | LDAP schemas are expected to never change | 22:15 |
markmc | vishy, we could either make them lists and just do osapi_compute_extension = foo,bar | 22:15 |
ayoung | Usually role is either "read only" or "read write" | 22:15 |
ayoung | IE/ | 22:15 |
Ryan_Lane | sorry, I phrased that poorly | 22:15 |
markmc | vishy, or I could try something like osapi_compute_extension_foo = nova.blaa.foo osapi_compute_extension_bar = nova.blaa.bar | 22:15 |
ayoung | if a user is an admin for a tenant they can add other users to that tenant | 22:15 |
Ryan_Lane | ldap objectclasses, one defined, are expected to never change | 22:16 |
vishy | markmc: that looks a little nonintuitive | 22:16 |
vishy | markmc: how do you solve the =, in the mkfs one? | 22:16 |
Ryan_Lane | ayoung: yeah, but it's the roles that are problematic | 22:16 |
markmc | vishy, just not sure multistr is worth that effort | 22:16 |
*** nati2 has joined #openstack-dev | 22:16 | |
ayoung | a tenant owns certain classes of resources (machines and networks for example) and certain members of the tenancy can change some of the them | 22:16 |
* Ryan_Lane nods | 22:17 | |
markmc | vishy, can I not just say that's a bloody awful config option? :) | 22:17 |
*** zns has quit IRC | 22:17 | |
Ryan_Lane | ayoung: but we need a way of mapping a role to a user inside of a tenant | 22:18 |
Ryan_Lane | and all tenants will have roles with the same name | 22:18 |
markmc | vishy, would virt_mkfs_linux = ... virt_mkfs_windows= be so bad? | 22:18 |
markmc | vishy, as just normal stropts | 22:19 |
Ryan_Lane | so, you either need to stick roles underneath other entries, or you need to use key-value pairs in attributes | 22:19 |
*** vincentricci has quit IRC | 22:19 | |
Ryan_Lane | in nova we stuck roles underneath tenants | 22:19 |
Ryan_Lane | we could do the same with KSL | 22:19 |
ayoung | Ryan_Lane, well, if everything were LDAP objects (hosts, networks) it could be done with an ACI. YOu would give a certai user the ability to write on the hosts attribute of that tentant. But I am assuming that the roles will be used primarily outside of the LDAP server, and just that LDAP wil lbe used to report the roles | 22:19 |
*** adjohn has quit IRC | 22:19 | |
Ryan_Lane | do ACIs have an RFC? | 22:19 |
ayoung | Ryan_Lane, so each tenant is a container? | 22:19 |
ayoung | Ryan_Lane, ACIs are, I am fairly sure, not how we want to attack this. I think they are server specific | 22:20 |
ayoung | BUt I can check | 22:20 |
Ryan_Lane | ACIs are usually server specific | 22:20 |
Ryan_Lane | and are usually for access control within a server | 22:20 |
Ryan_Lane | I'm not sure if it'll be very useful for this | 22:20 |
openstackjenkins | Project nova-docs build #2094: SUCCESS in 5 min 24 sec: https://jenkins.openstack.org/job/nova-docs/2094/ | 22:20 |
openstackjenkins | armando.migliaccio: Bug #923865: (xenapi driver)instance creation fails if no guest agent is avaiable for admin password configuration | 22:21 |
uvirtbot | Launchpad bug 923865 in nova "(xenapi driver)instance creation fails if no guest agent is avaiable for admin password configuration" [Undecided,Fix committed] https://launchpad.net/bugs/923865 | 22:21 |
Ryan_Lane | ayoung: yeah, in nova every tenant is a container | 22:21 |
Ryan_Lane | and the implementation has roles as subentries | 22:21 |
ayoung | Ryan_Lane, then each role is an entry in the Tenant, and the user gets a role by being in a multivalue attribute of the Role? | 22:21 |
openstackgerrit | Verification of a change to openstack/python-novaclient failed: Adding live migration subcommand https://review.openstack.org/3456 | 22:21 |
Ryan_Lane | yes | 22:22 |
ayoung | Ryan_Lane, OK, I think that I like that as the simplest approach. | 22:22 |
Ryan_Lane | it's good from a referential integrity POV, but slightly annoying in other ways | 22:22 |
*** zns has joined #openstack-dev | 22:22 | |
ayoung | Well, you have to duplicate a little bit of data | 22:22 |
Ryan_Lane | well, searches are slightly harder | 22:22 |
openstackgerrit | Verification of a change to openstack/nova failed: Fix multinode libvirt volume attachment lp #922232 https://review.openstack.org/3479 | 22:22 |
uvirtbot | Launchpad bug 922232 in nova "Volumes fail to attach without discovery using tgt" [Undecided,In progress] https://launchpad.net/bugs/922232 | 22:22 |
Ryan_Lane | you have to have some way of differentiating tenants and roles | 22:23 |
ayoung | The user should probably be in the tenants member list, as well as in the member list for the roles | 22:23 |
Ryan_Lane | yes, that's how it's currently done | 22:23 |
Ryan_Lane | tenants use groupofnames | 22:23 |
openstackgerrit | Diane Fleming proposed a change to openstack/compute-api: Updating to v2 from v1.1 https://review.openstack.org/3642 | 22:23 |
Ryan_Lane | so do roles | 22:23 |
*** cp16net has quit IRC | 22:23 | |
Ryan_Lane | tenants have an owner, roles do not | 22:24 |
Ryan_Lane | that's how we currently differentiate them | 22:24 |
Ryan_Lane | it's kind of a hack | 22:24 |
Ryan_Lane | but adding objectclasses just to differentiate them is kind of a hack too | 22:24 |
ayoung | we could tag them with different object classes | 22:24 |
*** dwalleck_nova has quit IRC | 22:24 | |
ayoung | yes, unless there is some data that differentiates them | 22:24 |
Ryan_Lane | and having roles underneath tenants is a PITA because it means you need to treat tenants as trees | 22:25 |
*** dwalleck_nova has joined #openstack-dev | 22:25 | |
* ayoung nods | 22:25 | |
Ryan_Lane | this is an alternative approach: http://pastebin.com/KkeH9ZwW | 22:25 |
*** dolphm_ has quit IRC | 22:25 | |
ayoung | kslrolepair | 22:25 |
*** zns1 has joined #openstack-dev | 22:25 | |
openstackgerrit | Verification of a change to openstack/nova failed: Add support for pluggable l3 backends https://review.openstack.org/3273 | 22:26 |
*** dwalleck_nova has quit IRC | 22:26 | |
Ryan_Lane | users can members of tenants, and roles can be applied as key-value pairs on the user's account | 22:26 |
*** zns has quit IRC | 22:26 | |
Ryan_Lane | alternatively, we could have that as a key-value pair on the tenant | 22:26 |
Ryan_Lane | but, the attribute will be *much* larger if it's on the tenant | 22:27 |
chmouel | /quit | 22:27 |
ayoung | how many roles do we expect to have per tenant? | 22:27 |
openstackgerrit | Gabriel Hurley proposed a change to openstack/horizon: Trades out a one-off style tweak for a reusable one from bootstrap. https://review.openstack.org/3564 | 22:28 |
ayoung | Gotta run. Daycare pickup | 22:28 |
Ryan_Lane | ok | 22:28 |
*** ayoung is now known as ayoung-afk | 22:28 | |
Ryan_Lane | ayoung-afk: ping me later about this | 22:28 |
*** rods has quit IRC | 22:31 | |
*** rods has joined #openstack-dev | 22:31 | |
openstackgerrit | Verification of a change to openstack/nova failed: Fixing a rebuild race condition bug. https://review.openstack.org/3367 | 22:37 |
*** dubsquared has quit IRC | 22:38 | |
*** zaitcev has quit IRC | 22:38 | |
*** zaitcev has joined #openstack-dev | 22:39 | |
*** lts has quit IRC | 22:39 | |
openstackgerrit | Anne Gentle proposed a change to openstack/openstack-manuals: Adds a pom to markdown files directory for automation work https://review.openstack.org/3643 | 22:40 |
openstackgerrit | Gabriel Hurley proposed a change to openstack/horizon: Reworked all the usage implementations into one standard set. https://review.openstack.org/3604 | 22:40 |
Vek | so, vish, it might be nice if there was a single place to look to see if some particular blueprint has an FFE :) | 22:47 |
Vek | also, anyone else notice that emails from review.openstack.org are *incredibly* slow today? | 22:47 |
openstackgerrit | Verification of a change to openstack/nova failed: Add 'all_tenants' filter to GET /servers. https://review.openstack.org/3531 | 22:48 |
openstackgerrit | Verification of a change to openstack/python-novaclient failed: Region is empty breaks novaclient https://review.openstack.org/3640 | 22:51 |
*** zzed has quit IRC | 22:58 | |
Vek | so, are mtaylor or jeblair looking into the gerrit/jenkins slowness and other problems? | 22:58 |
Vek | (by which I mean the transient failures we're seeing in jenkins) | 22:58 |
*** ohnoimdead has quit IRC | 22:58 | |
*** Remco_ has quit IRC | 22:59 | |
*** Gordonz_ has joined #openstack-dev | 22:59 | |
*** Gordonz_ has quit IRC | 23:00 | |
mtaylor | jeblair: ^^^ | 23:01 |
*** Gordonz has quit IRC | 23:02 | |
*** dolphm has joined #openstack-dev | 23:02 | |
*** ohnoimdead has joined #openstack-dev | 23:02 | |
mtaylor | Vek: working on it | 23:03 |
Vek | It's really entertaining to receive, at 5:00pm, a change comment that was sent at 2:24pm :) | 23:03 |
Vek | 'k :) | 23:03 |
*** Gordonz has joined #openstack-dev | 23:04 | |
openstackjenkins | Project nova-docs build #2095: SUCCESS in 6 min 8 sec: https://jenkins.openstack.org/job/nova-docs/2095/ | 23:06 |
openstackjenkins | * adamg: Fix multinode libvirt volume attachment lp #922232 | 23:06 |
openstackjenkins | * alex.meade: Fix logging to log correct filename and line numbers | 23:06 |
uvirtbot | Launchpad bug 922232 in nova "Volumes fail to attach without discovery using tgt" [Undecided,Fix committed] https://launchpad.net/bugs/922232 | 23:06 |
*** ohnoimdead has quit IRC | 23:10 | |
jeblair | Vek: spurious rejections should be fixed (stuck git upload processes were filling up gerrit's queue) | 23:12 |
*** adjohn has joined #openstack-dev | 23:13 | |
jeblair | Vek: can you give me details on the slow email? pastebin the headers would be great. | 23:13 |
Vek | jeblair: Sure, a moment... | 23:16 |
*** bsza has quit IRC | 23:17 | |
zul | bcwaldon: not really just leave something and ill get to it | 23:17 |
Vek | http://paste.openstack.org/show/4639/ | 23:18 |
* Vek hrms | 23:21 | |
*** vincentricci has joined #openstack-dev | 23:21 | |
*** kbringard has quit IRC | 23:21 | |
openstackgerrit | Verification of a change to openstack/nova failed: Don't block forever for rpc.(multi)call response. https://review.openstack.org/3628 | 23:24 |
*** Gordonz has quit IRC | 23:25 | |
Vek | jeblair: Looking at those headers, it appears the problem may be at RS's MX's. I just sent myself a test email from outside RS, and it hasn't arrived yet. I'll check with our mail admins. | 23:28 |
jeblair | Vek: sounds reasonable. looks like it made it's way out of gerrit pretty quickly. | 23:29 |
*** Ryan_Lane has quit IRC | 23:37 | |
*** Ryan_Lane has joined #openstack-dev | 23:37 | |
openstackgerrit | Brad Hall proposed a change to openstack/nova: Add support for pluggable l3 backends https://review.openstack.org/3273 | 23:43 |
*** mattray has quit IRC | 23:50 | |
openstackjenkins | Project nova-docs build #2096: SUCCESS in 5 min 23 sec: https://jenkins.openstack.org/job/nova-docs/2096/ | 23:50 |
openstackjenkins | Rick Harris: Improve dom0 and template VM avoidance. | 23:50 |
*** bepernoot has joined #openstack-dev | 23:55 | |
bcwaldon | zul: no worries. I'd like to get your input on https://review.openstack.org/#change,3533 | 23:55 |
bcwaldon | zul: since you are ec2-api-team lead | 23:55 |
*** AlanClark has quit IRC | 23:56 | |
*** dolphm has quit IRC | 23:58 | |
openstackgerrit | Verification of a change to openstack/nova failed: Use Keystone Extension Syntax for EC2 Creds https://review.openstack.org/3365 | 23:58 |
*** dolphm has joined #openstack-dev | 23:59 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!