Wednesday, 2012-02-01

« Tuesday, 2012-01-31 Index Thursday, 2012-02-02 »
openstackgerritMaru Newby proposed a change to openstack/swift: Add support for venv-based test run with tox.  https://review.openstack.org/360200:00
*** dtroyer_ has joined #openstack-dev00:03
*** russellb has joined #openstack-dev00:04
openstackgerritMonsyne Dragon proposed a change to openstack/nova: Capture bandwidth usage data before resize.  https://review.openstack.org/360300:04
openstackjenkinsProject nova-docs build #2079: SUCCESS in 3 min 8 sec: https://jenkins.openstack.org/job/nova-docs/2079/00:06
openstackjenkinsKevin L. Mitchell: Allow for auditing of API calls.00:06
*** troytoman is now known as troytoman-away00:07
*** dtroyer has quit IRC00:07
*** dtroyer_ has quit IRC00:08
openstackgerritMaru Newby proposed a change to openstack/swift: Add support for venv-based test run with tox.  https://review.openstack.org/360200:11
termiemtaylor: is gerrit mirroring all the branches in given repos? like i want something that points at the essex-3 tag00:12
termiemtaylor: for keystoneclient00:12
*** novas0x2a|laptop has quit IRC00:12
*** novas0x2a|laptop has joined #openstack-dev00:12
*** davlap has quit IRC00:15
jeblairtermie: they are all in gerrit with the same names as in github00:16
*** sleepsonthefloo has quit IRC00:16
termiejeblair: kk00:17
*** crobinso has quit IRC00:18
*** bencherian has joined #openstack-dev00:19
*** crobinso has joined #openstack-dev00:19
jeblairtermie: pip install -e git+https://review.openstack.org/p/openstack/python-keystoneclient@essex-3#egg=python-keystoneclient should work (assuming that's what you're trying to do)00:19
termieright00:19
termiethanks00:19
jeblairnp00:20
*** pixelbeat has quit IRC00:21
*** Remco_ has quit IRC00:22
gyee termie, yes I am seeing what you seeing now, 6 errors only, 18 skipped00:23
termiegyee: groovy, i am off fixing those errors now but it will be a little while since a lot of things shifted under my feet twoish days ago00:24
gyeetermie, no worries, it'll take me awhile to read the new code anyway :)00:25
gyeebtw, in pip-requires*, the line "-e git+https://" is still not working for me because of firewall issue, I had to manually update python-keystoneclient00:28
termiethere is a patch to fix that00:28
gyeecool00:28
termiegyee: monty just proposed it00:28
termieabout to merge it00:28
openstackgerritGabriel Hurley proposed a change to openstack/horizon: Reworked all the usage implementations into one standard set.  https://review.openstack.org/360400:31
openstackgerritGabriel Hurley proposed a change to openstack/horizon: Handle tenant deletion when a tenant isn't empty. Fixes bug 923951.  https://review.openstack.org/355400:31
uvirtbotLaunchpad bug 923951 in horizon "Tenant delete fails when there are users attached" [Medium,In progress] https://launchpad.net/bugs/92395100:31
openstackgerritZiad Sawalha proposed a change to openstack/python-novaclient: Handle Ambiguous Endpoints Correctly  https://review.openstack.org/360500:34
*** andrewsmedina has quit IRC00:34
*** dolphm has joined #openstack-dev00:35
*** dolphm has quit IRC00:36
openstackgerritZiad Sawalha proposed a change to openstack/python-novaclient: Handle Ambiguous Endpoints Correctly  https://review.openstack.org/360500:37
*** zns has quit IRC00:38
openstackgerritJames E. Blair proposed a change to openstack/openstack-ci: Abandon devstack vms that launch slowly.  https://review.openstack.org/360600:41
openstackgerritdan wendlandt proposed a change to openstack/quantum: bug 924603: fix bad ovs_conf file config  https://review.openstack.org/360700:44
uvirtbotLaunchpad bug 924603 in quantum "invalid conf_file config for OVS plugin" [Medium,In progress] https://launchpad.net/bugs/92460300:44
*** andrewsmedina has joined #openstack-dev00:46
openstackgerritVerification of a change to openstack/quantum failed: bug 924603: fix bad ovs_conf file config  https://review.openstack.org/360700:46
uvirtbotLaunchpad bug 924603 in quantum "invalid conf_file config for OVS plugin" [Medium,In progress] https://launchpad.net/bugs/92460300:46
openstackgerritMichael Still proposed a change to openstack/nova: Optionally pass a instance uuid to log methods.  https://review.openstack.org/360800:48
openstackgerritVerification of a change to openstack/nova failed: remove non-supported ec2 admin extensions  https://review.openstack.org/359900:58
*** ayoung has joined #openstack-dev01:01
*** jakedahn has quit IRC01:03
*** ayoung has quit IRC01:05
*** jog0 has left #openstack-dev01:06
gyeetermie, how do I load sampledata in this new low-calorie KSL?01:10
gyeenm, I found it under keystone-stable_diablo01:11
*** reed has quit IRC01:14
termiehmm?01:19
termiethe usual way to do it would be via https://github.com/cloudbuilders/devstack/blob/ksl/files/keystone_data.sh01:20
*** adjohn has quit IRC01:21
*** adjohn has joined #openstack-dev01:21
gyeethat's script doesn't seem to create the admin token01:24
*** jdg_ has quit IRC01:24
termiethe admin token is defined in etc/keystone.conf01:25
*** jdg has quit IRC01:27
*** russellb has quit IRC01:28
*** russellb has joined #openstack-dev01:28
gyeetermie, any reason why KSL can't include keystone_data.sh in its repo?01:30
termiegyee: not particularly, though those users/tenants are specific to devstack01:30
termiegyee: i'd rather have something like django's loaddata01:30
openstackgerritRussell Bryant proposed a change to openstack/nova: Fix VPN ping packet length.  https://review.openstack.org/360001:30
termiegyee: the keystone_data.sh was more to be compatible with devstack with fewest changes01:31
*** misheska has joined #openstack-dev01:32
*** ncode has joined #openstack-dev01:34
*** ncode has joined #openstack-dev01:34
gyeeI really like sampledata.sh, for development purposes01:36
termiegyee: well, the tests use fixtures01:39
termiegyee: so assuming you are writing unittests you have the equiv01:39
termietests/default_fixtures.py01:39
*** ayoung has joined #openstack-dev01:40
gyeethe old way, I can quickly clone keystone, run sampledata.sh, then run curl to verify an API01:40
gyeenow it seems I have to do a bunch of other stuff01:41
termiegyee: if that is your testing flow then yes you will want to add a script like that01:41
termiethis has supported our development practices of writing unittests to test things01:41
*** maplebed has quit IRC01:42
gyeeI am not against unit & functional tests01:42
termiegyee: you can see how to add such a script quickly however as there are examples in keystone_data.sh and in default_fixtures.py + keystone/test.py01:42
termiei'm not against such a thing, there just hasn't been a dire need yet, i'm sure as more developers hop on to the project all kinds of useful additional tools will be asked for and provided01:43
gyeesure, I'll convert keystone_data.sh over and stash it locally01:43
gyeewell, at least provide the same thing in keystone/bin as in essex01:44
gyeefor us with old habits :)01:44
*** andrewbogott has quit IRC01:44
*** martine has joined #openstack-dev01:44
termieyou're welcome to put it in tools as an initial pass01:45
termieas i said, i'd prefer a command that is ./bin/keystone-manage load_data some_file.json01:45
gyeeI was hoping KSL is at least backward compatible for files in bin and etc01:46
gyeeanyway, no big deal01:46
termienope, api compatibility is what we are after01:47
termiethings will change around in bin, and you will most likely have the same interface for running the services01:47
termieto the extent where things make sense01:48
termieone of the goals was to remove unnecessary stuff01:48
gyeeunderstood, but if I have scripts to automatically pull down keystone, they run some sanity tests before putting it into my dev env01:48
gyeeI would have to update those scripts for KSL01:48
termieyup01:49
gyeethat's all I am saying01:49
termieand by all means, whatever issues you run into attempt to mention and fix them01:49
*** novas0x2a|laptop has quit IRC01:51
*** novas0x2a|laptop has joined #openstack-dev01:51
*** bhall has quit IRC01:55
openstackgerritChuck Short proposed a change to openstack/nova: Add support for LXC volumes.  https://review.openstack.org/360901:56
*** dtroyer has joined #openstack-dev01:59
*** pmyers has joined #openstack-dev02:00
*** heckj has quit IRC02:00
*** ohnoimdead has quit IRC02:01
gyeetermie, how do I configure KSL to use sqlite in the backend?02:04
gyeeright now the data only persist in-memory02:04
gyeeif I restart keystone, the data's gone02:04
termieexample is in tests/test_backend_sql.conf02:04
termiebasically just hcange teh identity backend02:04
termiein keystone.conf02:04
gyeeshould sql be the default?02:05
termieit should probably be the default now02:05
gyeecool, thanks02:05
*** crobinso has quit IRC02:10
*** justinsb has quit IRC02:11
gyeetermie, I changed the driver for Identity, I can see bla.db got created02:12
gyeebut no schema02:12
*** jdurgin has quit IRC02:12
gyeesqlite3 bla.db02:13
gyee.schema returns nothings02:13
*** jog0 has joined #openstack-dev02:15
*** jog0 has left #openstack-dev02:15
*** jog0 has quit IRC02:15
*** gyee has quit IRC02:17
*** rods has joined #openstack-dev02:20
*** vincentricci has left #openstack-dev02:20
*** _adjohn has joined #openstack-dev02:22
*** adjohn has quit IRC02:26
*** _adjohn is now known as adjohn02:26
*** bencherian has quit IRC02:26
*** Ryan_Lane has quit IRC02:35
*** deshantm_ has joined #openstack-dev02:37
*** deshantm has quit IRC02:41
*** rods has quit IRC02:46
openstackgerritMotoKen proposed a change to openstack/nova: Correct checking existence of security group rule  https://review.openstack.org/356902:48
*** adjohn has quit IRC02:52
*** andrewsmedina has quit IRC03:01
openstackgerritJames E. Blair proposed a change to openstack/openstack-ci-puppet: Add pandoc to slaves.  https://review.openstack.org/361003:09
*** rbasak has quit IRC03:12
*** rbasak has joined #openstack-dev03:18
*** mnewby has joined #openstack-dev03:23
openstackgerritanotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions  https://review.openstack.org/359903:24
*** danwent has quit IRC03:29
openstackgerritanotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions  https://review.openstack.org/359903:30
*** misheska has quit IRC03:31
*** mjfork has quit IRC03:35
openstackgerritanotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions  https://review.openstack.org/359903:38
*** aclark_ has quit IRC03:40
openstackgerritJames E. Blair proposed a change to openstack-ci/git-review: Use dirname instead of basename.  https://review.openstack.org/361103:48
*** spiffxp has quit IRC03:48
*** rajaram has joined #openstack-dev03:48
openstackgerritanotherjesse proposed a change to openstack/nova: remove non-supported ec2 admin extensions  https://review.openstack.org/359903:49
openstackgerritanotherjesse proposed a change to openstack/nova: remove unsupported ec2 extensions  https://review.openstack.org/359904:08
*** Ryan_Lane has joined #openstack-dev04:08
rmkThere is so little code for KSL04:10
termiei hope that is a good thing04:14
*** spiffxp has joined #openstack-dev04:14
rmkIt definitely is, I'm just uncertain of the goal :)04:14
termiermk: one of the common goals of having less code is to improve maintainability04:14
termiermk: also, sometimes less code is required to do things04:15
rmkI agree with you there04:15
rmkSo how do endpoints work for example?04:16
termieendpoint templates are templated in some random text format at the moment04:18
rmkI see it hard coded in keystone_compat.py04:19
termiewhoa04:19
termiethere is no keystone_compat04:19
termieso you may be looking at very old code04:19
rmkI was looking at the cloudbuilders repo04:19
rmkI guess https://github.com/termie/keystonelight is the correct one?04:19
termieyeah, or the openstack/keystone/redux branch04:19
*** danwent has joined #openstack-dev04:19
termiethough i am making changes to the termie one04:19
rmkOK this makes more sense :)04:20
termieso it is the most up to date04:20
termieanyway, catalog stuff is, by default, loaded from a flat file04:20
rmkAh yes I see it now04:20
termiedespite all the work required to deal with catalogs nobody really cares about them it turns out04:20
rmkOK this looks a lot more complete04:20
*** yaguang has joined #openstack-dev04:24
openstackgerritJames E. Blair proposed a change to openstack/openstack-ci: Fix permissions docs.  https://review.openstack.org/361204:27
*** martine has quit IRC04:28
rmktermie: Looks quite clean.04:28
termiermk: thanks, looks less that way once you look at it all day, but i still like to think it is a pretty well laid-out project04:29
*** errr has quit IRC04:37
*** errr has joined #openstack-dev04:37
*** ncode has quit IRC04:39
openstackgerritMaru Newby proposed a change to openstack/openstack-chef: Add cookbook for Swift All In One.  https://review.openstack.org/361304:44
*** ncode has joined #openstack-dev04:46
openstackgerritMichael Still proposed a change to openstack/nova: Optionally pass a instance uuid to log methods.  https://review.openstack.org/360804:49
*** mnewby has quit IRC04:50
*** ncode has quit IRC04:52
*** jdg has joined #openstack-dev04:59
jdgmikal:  Are you still having trouble building venv on Oneiric?05:01
mikalYeah, I had an error message I was going to send to mtaylor, but I haven't managed to catch him on IRC yet05:01
jdgHe's the expert, but I can try and help.05:01
jdgCan you pastebin the error?05:02
mikalYeah, let me see if I can find it again05:03
mikalIt was a lxml compile error IIRC05:03
jdgHmmm.... so you added the M2Crypto entry to tools/pip-requires, deleted .venv and ran again... still had an install issue?05:05
mikalYep05:05
mikalIs there an openstack pastebin somewhere?05:05
jdgmikal:  sorry stepped away.  Yes: http://paste.openstack.org/05:09
jdgSo I think I know what you're missing... or at least one thing.05:10
mikalhttp://paste.openstack.org/show/4624/05:10
jdgmikal:  Try this: sudo apt-get install libxml2-dev libxslt-dev05:12
jdgOr, actually... start from the top:  sudo apt-get install python-dev python-all-dev swig libssl-dev python-pip git python-software-properties build-essential libxml2-dev libxslt-dev05:12
mikalIs there a list of what I should have installed somewhere?05:13
jdgIt'll ignore the ones you already have anyway.05:13
mikalYeah, running it now05:13
jdgYes, for the most part.  You can follow this page: http://nova.openstack.org/devref/development.environment.html05:13
jdgBut I had to install some extra c libs/headers as well.05:14
jdgThat's the "extra" info I listed above.  Also I think Brian Waldon put together a doc today that's mo'better, but I can't remember if it's for devstack environments only.05:14
*** jakedahn has joined #openstack-dev05:16
mikalOk. Install done. I'll give that another try.05:17
bcwaldonjdg: devstack, yes05:17
jdgmikal:  You mean just the apt-get install?05:17
jdg:)05:17
mikalAhhh, yeah05:17
bcwaldonbtw, here's what I do to get nova up on an ubuntu machine: apt-get update && apt-get install git python-dev libxslt-dev python-m2crypto mysql-server  mysql-client python-mysqldb;05:18
mikalIs there more you want me to do before trying again?05:18
jdgmikal:  nope you're good and it looks like bcwaldon does pretty much the same.05:18
mikalOk, let me give venv another try then...05:18
jdgActually he has a couple extras, if mine does't work for you try what he just listed.05:19
mikalSure05:19
jdgI already had things like mysql etc for other projects.05:19
mikalThis will take a while, I live in the middle of nowhere and the downloads are quite slow05:19
jdg:)05:19
jdgI'm heading out but I think this is going to work for you.  If it doesn't, try the apt-get string that bcwaldon showed above.05:20
mikalSure. Thanks for your help.05:20
jdgIf it comes back with "missing lib...." etc you can always google that lib to find the apt-get package for it.05:21
jdgBut really between the two strings above I can't imagine what would be missing (famous last words)05:21
jdgGood luck, if you're still stuck in the morning I'm happy to help.05:22
mikalCool05:22
mikalThanks man05:22
jdgYou bet... I went through the same thing.05:22
jdgLater05:22
*** jdg has quit IRC05:29
mikalHmmm. boto hates me now. I'm sure that used to work.05:35
mikalhttp://paste.openstack.org/show/4625/05:39
openstackgerritBrian Waldon proposed a change to openstack/nova: Excise M2Crypto!  https://review.openstack.org/361405:40
openstackgerritMotoKen proposed a change to openstack/nova: Correct checking existence of security group rule  https://review.openstack.org/356905:46
*** nati2 has joined #openstack-dev05:49
bcwaldonmikal: it's not just you having problems installing boto05:50
bcwaldonmikal: smokestack is hitting that failure too on venv builds05:50
mikalI am glad to learn it is not a personal vendetta against me05:50
mikalSeems boto is inside a boto directory now?05:50
bcwaldonmikal: no idea, we'll have to wait for maintainers to fix that bad package05:51
bcwaldonmikal: you can probably peg your pip-requires at a specific version to get over it for now05:52
mikalOh, its not time critical for me05:52
mikalI'll just wait05:52
*** novas0x2a|laptop has quit IRC05:52
*** novas0x2a|laptop has joined #openstack-dev05:56
*** jakedahn has quit IRC05:56
*** nati2 has quit IRC06:11
*** HugoKuo_ has joined #openstack-dev06:13
openstackgerritdan wendlandt proposed a change to openstack/openstack-manuals: Q-Admin:  Update for E-3 milestone.  https://review.openstack.org/349106:18
*** deshantm_ has quit IRC06:21
*** sandywalsh has quit IRC06:24
*** danwent has quit IRC06:24
openstackgerritJoe Heck proposed a change to openstack/keystone: adding keystone packaging from lp:~ubuntu-server-dev/keystone/essex  https://review.openstack.org/361506:27
openstackgerritKei Masumoto proposed a change to openstack/python-novaclient: Adding describe-resource subcommand  https://review.openstack.org/345706:34
*** mikal has quit IRC06:34
*** bepernoot has joined #openstack-dev06:37
openstackgerritKei Masumoto proposed a change to openstack/nova: Fix bug #924093  https://review.openstack.org/357006:40
uvirtbotLaunchpad bug 924093 in nova "describe_resource have to return values with better  format" [Undecided,In progress] https://launchpad.net/bugs/92409306:40
openstackgerritSapan Kona proposed a change to openstack/tempest: Fixes LP Bug#903977 - Boundary tests for list servers  https://review.openstack.org/250306:44
openstackgerritSumit Naiksatam proposed a change to openstack/quantum: blueprint quantum-linux-bridge-plugin  https://review.openstack.org/327806:50
*** ncode has joined #openstack-dev06:52
*** ncode has joined #openstack-dev06:52
*** spiffxp has quit IRC06:55
*** sandywalsh has joined #openstack-dev06:58
*** spiffxp has joined #openstack-dev06:58
*** bepernoot has quit IRC06:59
openstackgerritBrian Waldon proposed a change to openstack/nova: Excise M2Crypto!  https://review.openstack.org/361407:02
openstackgerritThorsten Tarrach proposed a change to openstack/nova: fixed bug 920856  https://review.openstack.org/357107:20
uvirtbotLaunchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,In progress] https://launchpad.net/bugs/92085607:20
*** spiffxp has quit IRC07:22
openstackgerritBrian Waldon proposed a change to openstack/nova: Expand policies for admin_actions extension  https://review.openstack.org/361707:32
*** yaguang has quit IRC07:34
*** yaguang has joined #openstack-dev07:47
*** lloydde has quit IRC07:50
*** apevec has joined #openstack-dev08:11
*** reidrac has joined #openstack-dev08:16
*** Ryan_Lane has quit IRC08:19
*** eglynn has quit IRC08:25
*** Remco_ has joined #openstack-dev08:32
*** yaguang has quit IRC08:34
*** Mandell_ has quit IRC08:36
*** hashar has joined #openstack-dev08:49
*** johnpostlethwait has joined #openstack-dev08:54
*** eglynn has joined #openstack-dev08:57
*** yaguang has joined #openstack-dev09:01
*** Remco_ has quit IRC09:14
*** Remco_ has joined #openstack-dev09:16
*** johnpostlethwait has quit IRC09:17
*** kyriakos has joined #openstack-dev09:18
*** pixelbeat has joined #openstack-dev09:33
*** darraghb has joined #openstack-dev09:46
*** eglynn has quit IRC09:58
*** ncode has quit IRC10:02
*** mikal has joined #openstack-dev10:22
*** andrewsmedina has joined #openstack-dev10:41
openstackgerritIsaku Yamahata proposed a change to openstack/quantum: plugin: introduce ryu plugin  https://review.openstack.org/361810:43
*** yaguang has quit IRC10:43
*** yamahata has joined #openstack-dev10:47
*** eglynn has joined #openstack-dev10:49
*** yaguang has joined #openstack-dev10:57
*** rajaram has quit IRC11:00
*** Remco_ has quit IRC11:05
*** Remco__ has joined #openstack-dev11:05
*** Remco_ has joined #openstack-dev11:06
*** Remco_ has quit IRC11:06
*** Remco_ has joined #openstack-dev11:07
*** Remco__ has quit IRC11:09
*** rajaram has joined #openstack-dev11:09
*** Remco_ has quit IRC11:11
openstackgerritlinuxjedi proposed a change to openstack/openstack-ci-puppet: Fix lodgeit used in puppet  https://review.openstack.org/361911:15
*** hashar has quit IRC11:15
*** andrewsmedina has quit IRC11:17
*** derekh has joined #openstack-dev11:28
*** andrewsmedina has joined #openstack-dev11:39
*** rkukura has joined #openstack-dev11:47
*** markmc has joined #openstack-dev11:56
*** derekh has quit IRC11:56
*** PotHix has joined #openstack-dev12:15
*** yaguang has quit IRC12:27
openstackgerritArmando Migliaccio proposed a change to openstack/nova: bug 924266: connection_type and firewall_driver flags mismatch  https://review.openstack.org/357812:37
uvirtbotLaunchpad bug 924266 in nova "connection_type and firewall_driver flags mismatch" [Undecided,In progress] https://launchpad.net/bugs/92426612:37
openstackgerritreynolds.chin proposed a change to openstack/glance: blueprint progressbar-upload-image  https://review.openstack.org/362012:43
openstackgerritreynolds.chin proposed a change to openstack/glance: blueprint progressbar-upload-image  https://review.openstack.org/299412:43
*** hashar has joined #openstack-dev12:48
*** sandywalsh has quit IRC12:48
*** bsza has joined #openstack-dev12:50
openstackgerritlinuxjedi proposed a change to openstack/openstack-ci: Add documentation for the puppet lodgeit module  https://review.openstack.org/362112:52
*** sandywalsh has joined #openstack-dev13:02
*** crobinso has joined #openstack-dev13:04
morellondoes anyone know how can I get my contributor's agreement to be added to my gerrit's account?13:08
*** ncode has joined #openstack-dev13:10
*** ncode has joined #openstack-dev13:10
*** dprince has joined #openstack-dev13:16
*** rajaram has quit IRC13:22
LinuxJedimorellon: it should be automatic when you are approved to join the openstack-cla launchpad group13:30
morellonLinuxJedi: thanks!13:30
*** Remco_ has joined #openstack-dev13:30
*** martine has joined #openstack-dev13:30
*** lts has joined #openstack-dev13:31
*** mjfork has joined #openstack-dev13:40
*** mattray has joined #openstack-dev13:56
*** dtroyer has quit IRC14:03
*** openstack has joined #openstack-dev14:08
openstackgerritThiago Morello proposed a change to openstack/python-quantumclient: Log all logs to syslog in addition to any chosen location (as a file or stdout)  https://review.openstack.org/362214:09
openstackgerritThorsten Tarrach proposed a change to openstack/nova: fixed bug 920856  https://review.openstack.org/357114:16
uvirtbotLaunchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,In progress] https://launchpad.net/bugs/92085614:16
*** deshantm has joined #openstack-dev14:18
*** stuntmachine has joined #openstack-dev14:20
openstackgerritDevdeep Singh proposed a change to openstack/nova: Changes for supporting fast cloning on Xenserver. (Implements https://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver) 1. use_cow_images flag is reused for xenserver to check if copy on write images should be used. 2. image-id is used to   https://review.openstack.org/334314:26
*** Remco__ has joined #openstack-dev14:32
*** vincentricci has joined #openstack-dev14:33
*** Remco_ has quit IRC14:35
*** joesavak has joined #openstack-dev14:35
*** dtroyer has joined #openstack-dev14:46
*** ches has quit IRC14:49
*** ches has joined #openstack-dev14:49
*** zns has joined #openstack-dev14:49
*** rods has joined #openstack-dev14:52
*** lloydde has joined #openstack-dev14:53
*** dtroyer has quit IRC14:57
*** lloydde has quit IRC14:58
notmynamemtaylor: ping15:00
*** zns1 has joined #openstack-dev15:01
openstackgerritThorsten Tarrach proposed a change to openstack/nova: fixed bug 920856  https://review.openstack.org/357115:01
uvirtbotLaunchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,In progress] https://launchpad.net/bugs/92085615:01
*** zns has quit IRC15:04
*** AlanClark has joined #openstack-dev15:06
notmynamejeblair: ping15:06
*** bencherian has joined #openstack-dev15:13
openstackgerritlinuxjedi proposed a change to openstack/openstack-ci-puppet: Add backups to lodgeit  https://review.openstack.org/362315:14
*** bencherian has quit IRC15:15
*** utlemming has quit IRC15:19
*** bepernoot has joined #openstack-dev15:19
*** dubsquared has joined #openstack-dev15:20
*** utlemming has joined #openstack-dev15:21
*** dolphm has joined #openstack-dev15:22
*** dtroyer has joined #openstack-dev15:22
openstackgerritVerification of a change to openstack/nova failed: Add support for LXC volumes.  https://review.openstack.org/360915:29
openstackgerritA change to openstack/nova has been rejected: Excise M2Crypto!  https://review.openstack.org/361415:30
vishysandywalsh: https://bugs.launchpad.net/nova/+bug/88575515:34
uvirtbotLaunchpad bug 885755 in nova "Nova and Keystone don't work in multi-zone mode" [High,In progress]15:34
ttxvishy: just sent an email about being careful for reviews.15:36
ttxvishy: anotherjesse did approve one a bit lightly15:36
ttxhttps://review.openstack.org/#change,360915:36
ttxThis wasn't reviewed by two core devs, and looks like a feature to me15:36
vishyhmm15:36
vishyoops15:36
ttxjenkins, being a good boy, stopped it15:37
vishyyay jenkins15:37
*** stuntmachine has quit IRC15:41
ttxvishy: apparently microsoft is "committed to hyper-V support in OpenStack" whatever that means15:41
ttxI just can't see how they could get near-parity in the time remaining15:42
*** stuntmachine has joined #openstack-dev15:44
*** zzed has joined #openstack-dev15:47
blamarbcwaldon: should we cap boto @ 2.1.1 in pip-requires?15:48
blamarvishy: ^^15:48
sandywalshvishy, on it15:50
dprinceblamar: Yeah. That boto issue caused a bunch of SmokeStack failures yesterday. I downgraded to 2.1.0 and it is fine.15:54
openstackgerritBrian Lamar proposed a change to openstack/nova: Boto 2.2.x failes. Capping pip-requires at 2.1.1  https://review.openstack.org/362415:56
dprinceblamar: what are the reasons behind capping it... vs. just getting boto fixed?15:58
dprinceblamar: we'd need to cap it in glance too BTW.15:58
blamardprince: I've always held the belief that it's silly  that when other pieces of software release new versions they can break my build process until they can be contacted15:59
dprinceblamar: I'm Okay working around this... I patch the unit test runner so it uses the backdated version for now.15:59
dprinceblamar: Then why not nail everything in pip-requires?15:59
blamardprince: If I had my way I would. Most of the stuff in there is nailed already16:00
*** jdg has joined #openstack-dev16:00
blamardprince: How'd you patch the unit test runner?16:01
Davieyannegentle / markmc / mtaylor / jeblair: It seems to make sense for annegentle to have +2/Approved ACL for project:openstack/openstack-manuals branch:stable/* .. can this be done?16:01
dprinceblamar: sed -e "s|^boto|boto==2.1.0|" -i ./tools/pip-requires16:01
markmcDaviey, yep, it makes sense and I'm sure jeblair can make it happen :)16:02
Davieymarkmc: 'twas really a heads up that i was proposing it :).. So you +1 it aswell, great16:03
*** reed has joined #openstack-dev16:03
annegentleyay thanks16:06
*** derekh has joined #openstack-dev16:07
*** danwent has joined #openstack-dev16:09
openstackgerritVerification of a change to openstack/tempest failed: Fixes LP Bug#903977 - Boundary tests for list servers  https://review.openstack.org/250316:09
mtaylorDaviey, markmc: would you oppose adding  her to openstack-stable-maint?16:11
*** reidrac has quit IRC16:12
mtaylorblamar: I've been having the thought recently as well that we should cap all of the versions, so that if someone wants us to use a newer version, that change would get gated just like anything else16:13
blamarmtaylor: ++ love it16:13
mtaylornotmyname: pong16:13
Davieymtaylor: I think with just annegentle, she can be trusted to Approve appropriate content.  However, if another doc specialist wants that branch access... a seperate group should be formed.16:14
Davieymarkmc: thoughts?16:15
markmcmtaylor, don't really mind, but openstack-stable-maint isn't the right thing16:16
DavieyThe wannabe OCD in me doesn't like it, but there isn't any point in overegineering it.16:16
markmcmtaylor, can we not make openstack-stable-maint the reviewer for specific projects ?16:16
markmcmtaylor, at the moment, it's just nova and glance16:16
markmcmtaylor, for stable/essex, we'll be doing horizon and keystone too I guess16:16
Davieymarkmc: erm, i thought it was wildcard stable/*16:17
markmcDaviey, it is, but it shouldn't be16:17
Davieymarkmc: why not?16:18
markmcDaviey, because keystone and horizon core teams have been responsible for their own stable/diablo16:18
markmcDaviey, given that they weren't core in Diablo16:18
mtaylormarkmc: it's stable/*16:19
markmcmtaylor, yes, I know16:19
Davieymarkmc: That smells like over complicating it IMO16:19
markmcmtaylor, I'm saying it shouldn't be :)16:19
*** cp16net has joined #openstack-dev16:19
*** cp16net has quit IRC16:20
*** cp16net has joined #openstack-dev16:20
Davieymarkmc: Individual members of ~openstack-stable-maint should filter out projects they shouldn't work on IMO16:20
Davieywhen i say shouldn't, i mean - not comfortable or interested in16:20
markmcDaviey, sure, but I see the stable-maint team is collectively only covering core projects (except swift)16:24
markmcDaviey, any -core member of any of the projects not covered by stable-maint needs to be able to +2 on their project16:25
Davieymarkmc: Hmm, was it agreed that ~*-core had +2 on their project regardless?16:26
DavieyI thought it was..16:26
mtaylorno, I believe the opposite was agreed16:27
Davieyoh16:27
mtaylornope. I was wrong, you were right16:27
* Daviey is a pile of fail today it seems16:27
Davieyoh, i'm a pile of win it seems16:27
openstackgerritBrian Lamar proposed a change to openstack/glance: Cap boto version at 2.1.1  https://review.openstack.org/362516:28
markmcDaviey, no, we decided that stable-maint are the folks who know to apply the criteria for backport suitability16:28
*** danwent has quit IRC16:28
*** bepernoot has quit IRC16:28
markmcDaviey, so, only they should be able to +2 on the projects covered by stable-maint16:28
markmcmtaylor, basically, I guess I'm saying that the "stable-maint can +2 on stable/diablo" rules should be moved from All-Projects to nova and glance16:30
Davieymarkmc: i don't see the benefit to that TBH16:31
markmcDaviey, https://review.openstack.org/#admin,projects16:32
markmcDaviey, any project should be able to have a stable/diablo branch16:32
markmcDaviey, and it should not be necessary for all of the core teams of those projects to be added to stable-maint16:32
markmcDaviey, what's your objection to what I'm saying?16:33
Davieymarkmc: I'm not objecting, but i'm suggesting that changing it doesn't add benefit.16:34
markmcDaviey, well, it does16:34
openstackgerritTihomir Trifonov proposed a change to openstack/horizon: Fixed a tupo in Floating IP table header Fixes bug 923281  https://review.openstack.org/362616:35
uvirtbotLaunchpad bug 923281 in horizon "Floating IPs table header typo" [Undecided,Confirmed] https://launchpad.net/bugs/92328116:35
Davieymarkmc: With project mindset, a contributor should be able to speak to ~openstack-stable-maint to land any code in stable/*16:35
DavieyWe are entrusted if we should go for that, or seek guidance.16:36
* markmc sighs16:36
Davieynaturally, they could speak to a special group that focusses on one project, and we stay out of the way if that is active.16:36
openstackjenkinsProject nova-docs build #2080: SUCCESS in 3 min 15 sec: https://jenkins.openstack.org/job/nova-docs/2080/16:37
openstackjenkinsbrian.lamar: Boto 2.2.x failes. Capping pip-requires at 2.1.116:37
*** gyee has joined #openstack-dev16:37
markmcDaviey, all that does is put stable-maint in the way of projects for no reason16:38
*** spiffxp has joined #openstack-dev16:39
Davieyhmm16:40
DavieyI don't see how it is in the way.. It's an /extra/ level of support for a contributor16:40
DavieyAs in, stable-maint can be ignored if suitable.16:40
markmcuh?16:41
markmchow can they be ignored if they have to +2 ?16:41
openstackgerritVerification of a change to openstack/openstack-ci failed: Use bundles instead of relocatable virtualenvs.  https://review.openstack.org/305016:42
*** vincentricci has quit IRC16:44
*** rnirmal has joined #openstack-dev16:44
openstackgerritp-draigbrady proposed a change to openstack/nova: optimize libvirt raw image handling. Bug 924970  https://review.openstack.org/362716:45
uvirtbotLaunchpad bug 924970 in nova "test timeouts with libvirt raw images" [Undecided,New] https://launchpad.net/bugs/92497016:45
*** maplebed has joined #openstack-dev16:46
openstackgerritVerification of a change to openstack-ci/git-review failed: Use dirname instead of basename.  https://review.openstack.org/361116:48
openstackjenkinsProject nova-docs build #2081: SUCCESS in 3 min 3 sec: https://jenkins.openstack.org/job/nova-docs/2081/16:48
openstackjenkinsrbryant: Use "display_name" in "nova-manage vm list".16:48
*** troytoman-away is now known as troytoman16:49
Davieymarkmc: no, i'm sugegsting stablemaint CAN +2, but if a specific project wants to work on stable aswell, their core has +2 aswell16:53
openstackgerritArmando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi  https://review.openstack.org/338016:54
uvirtbotLaunchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/92108716:54
markmcDaviey, we had a long discussion previously where we agreed that {nova,glance}-core should not have +2 rights on the stable branch16:56
DavieyIt seems silly to change it, unless there is a complaint from a *-core team IMO.16:56
*** zzed_ has joined #openstack-dev16:56
Davieymarkmc: I thought we ended that with, they SHOULD have +2?16:57
DavieyI'd have to refer to my logs i think16:57
*** zzed_ has quit IRC16:57
markmcDaviey, nope, we didn't - and the permissions in gerrit reflect that decision16:57
markmcDaviey, that's why keystone/horizon etc. core teams haven't been able to +2 on their stable/diablo16:57
*** zzed has quit IRC16:58
*** stuntmachine has quit IRC16:59
*** jsavak has joined #openstack-dev17:00
Davieymtaylor: do you remember what direction we went in?17:00
*** joesavak has quit IRC17:00
ttxmarkmc: +117:00
Davieymtaylor seemed to just confirm that *-core do have +217:00
markmcDaviey, well, he's wrong :)17:00
*** novas0x2a|laptop has quit IRC17:00
* mtaylor is probably wrong... we should loop in jeblair when he wakes up17:00
Davieywell, i know he's wrong.. but on this specific issue, i'm not sure.17:01
Daviey:)17:01
ttxI opposed that +2/core/stable policy and would still oppose it.17:01
ttxDaviey: and I even discussed it with you17:01
Davieyttx: can you expand on that?17:01
KiallThis suggests core do not have +2 .. https://review.openstack.org/#admin,project,All-Projects,access17:01
*** jaypipes has quit IRC17:01
* markmc filed https://bugs.launchpad.net/openstack-ci/+bug/92497417:01
uvirtbotLaunchpad bug 924974 in openstack-ci "openstack-stable-maint only approves stable/diablo reviews for nova and glance" [Undecided,New]17:01
Kiallopenstack-stable-maint has exclusive +2 on refs/heads/stable/*17:01
vishydprince: thoughts on this: https://review.openstack.org/#change,357817:02
*** rkukura has quit IRC17:02
ttxDaviey: thou shalt not mix groups. Core devs are about reviewing code for correctness. Stable maint are about checking the change is not disruptive. That's two different ways of reviewing17:02
ttxDaviey: some people can and will do both, they should be on both groups17:02
*** eglynn has quit IRC17:02
ttxbut assuming all core reviewers can apply stable rules of reviewing is presomptuous17:03
ttxso you should not automatically make core reviewers stable reviewers.17:03
DavieyWell i agree with that, but i'd also suggest the burden of being stable-maint or *-core implies you have some self imposed limits.17:03
DavieyIs that unreasonable?17:03
ttxI see no value in making one group part of the other and lose the granularity.17:04
ttxjust ask interested core people to join the other group.17:05
ttxat least it's a conscious decision.. and they can learn the game rules in the process.17:05
Davieytrue17:05
ttxDaviey: I convinced you before. Check your logs.17:06
markmchehe17:06
Davieyttx: Hmm.17:06
ttxThe groups are about a task to be done. Not about being an elite group of people.17:07
DavieyHow does stable-maint team dropping review access for non-core projects fit with your definition ttx ?17:07
LinuxJediFYI guys, paste.openstack.org just got migrated to a new server, they may be fluctuations in content whilst the DNS sorts itself out (the TTL is only 5 minutes so shouldn't be too bad)17:07
ttxDaviey: could you expand on that ? What are you talking about ?17:07
*** cp16net_ has joined #openstack-dev17:07
DavieyTBH, providing the reviews get done - i don't really care who does them :)17:07
Daviey17:02 < ttx> Daviey: thou shalt not mix groups. Core devs are about reviewing code  for correctness. Stable maint are about checking the change is not  disruptive. That's two different ways of reviewing17:08
Davieyand bug 924974, seem at odds17:08
uvirtbotLaunchpad bug 924974 in openstack-ci "openstack-stable-maint only approves stable/diablo reviews for nova and glance" [Undecided,New] https://launchpad.net/bugs/92497417:08
openstackgerritRussell Bryant proposed a change to openstack/nova: Don't block forever for rpc.(multi)call response.  https://review.openstack.org/362817:09
ttxreading bug17:09
markmcDaviey, dude, this isn't hard - stable-maint has only taken on the responsibility of maintaining the stable branch of core projects (except swift)17:09
Davieymarkmc: It was never my intention for the stable team to limit their interest to core projects.17:09
*** cp16net has quit IRC17:10
markmcDaviey, hence, having the rule in All-Projects doesn't make sense17:10
*** cp16net_ is now known as cp16net17:10
openstackgerritVerification of a change to openstack/nova failed: Optionally pass a instance uuid to log methods.  https://review.openstack.org/360817:10
ttxDaviey: I guess it depends on the scope of stable-maint. My understanding is that it's just official core projects.17:10
*** jsavak has quit IRC17:10
ttxDaviey: but expanding the scope could be discussed amongst team members17:11
ttxDaviey: personally I think it's a slippery slope, but I'm not part of that group17:12
DavieyI don't think it's a discussin of expanding scope, it's a discussion of shrinking the scope :)17:12
DavieyI still maintain that branches are as supported as those that have interest in them.17:14
ttxDaviey: sure. If all members agree that's the scope of the team, why not17:15
ttxDaviey: but there seem to be difference of opinion.17:15
*** eglynn has joined #openstack-dev17:16
openstackgerritVerification of a change to openstack/python-novaclient failed: Handle Ambiguous Endpoints Correctly  https://review.openstack.org/360517:22
*** bepernoot has joined #openstack-dev17:23
*** vincentricci has joined #openstack-dev17:24
*** armaan has joined #openstack-dev17:26
openstackgerritVerification of a change to openstack/python-novaclient failed: Handle Ambiguous Endpoints Correctly  https://review.openstack.org/360517:26
jk0devstack is at it again17:28
*** Mandell has joined #openstack-dev17:28
*** Mandell has quit IRC17:28
*** Mandell has joined #openstack-dev17:28
ttxmtaylor: ^17:30
openstackjenkinsProject nova-docs build #2082: SUCCESS in 3 min 30 sec: https://jenkins.openstack.org/job/nova-docs/2082/17:34
openstackjenkins* Brian Waldon: Expand policies for admin_actions extension17:34
openstackjenkins* thorsten: fixed bug 92085617:34
uvirtbotLaunchpad bug 920856 in nova "API responses do not conform tho Amazon EC2 specifications" [Medium,Fix committed] https://launchpad.net/bugs/92085617:34
*** Remco__ has quit IRC17:34
*** armaan has left #openstack-dev17:34
openstackgerritSandy Walsh proposed a change to openstack/nova: Removed zones from api and distributed scheduler  https://review.openstack.org/362917:36
*** bepernoot has quit IRC17:38
deshantmpvo: do you use the devstack xen scripts to build your nova domUs?17:38
deshantm(anybody can answer that uses it)17:39
pvodeshantm: we do not.17:39
deshantmah ok17:39
pvothose are Ubuntu based and we use Debian.17:39
*** armaan has joined #openstack-dev17:39
deshantmdo you know who posted those patches?17:39
pvovishy may know.17:40
deshantmi knew at one point17:40
deshantmI could look it up probably17:40
deshantmwe are working on adding kronos support now17:41
*** Ryan_Lane has joined #openstack-dev17:41
*** armaan has left #openstack-dev17:44
*** eglynn has quit IRC17:45
openstackgerritSoren Hansen proposed a change to openstack/nova: Remove Hyper-V support  https://review.openstack.org/363017:46
*** eglynn has joined #openstack-dev17:46
vishydeshantm: sleepsonthefloor did those scripts17:46
vishydeshantm: they are using XCP 5.6 not kronos17:47
vishydeshantm: sorry XS-Free 5.617:47
vishydeshantm: that said, we would love patches to do it with kronos instead17:47
deshantmvishy: mcclurmc will have some patches soon17:49
deshantmwe are testing now17:49
openstackgerritArmando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi  https://review.openstack.org/338017:51
uvirtbotLaunchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/92108717:51
*** ipl31_ is now known as ipl3117:52
*** mcclurmc has joined #openstack-dev17:52
openstackgerritArmando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi  https://review.openstack.org/338017:55
uvirtbotLaunchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/92108717:55
openstackgerritSandy Walsh proposed a change to openstack/nova: Removed zones from api and distributed scheduler  https://review.openstack.org/362917:56
*** maplebed has quit IRC17:57
*** andrewbogott has joined #openstack-dev17:58
*** andrewbogott has quit IRC17:58
*** andrewbogott has joined #openstack-dev17:58
*** zns1 has quit IRC18:01
*** dolphm has quit IRC18:02
*** stuntmachine has joined #openstack-dev18:02
*** vincentricci has quit IRC18:04
*** eglynn has quit IRC18:04
*** vincentricci has joined #openstack-dev18:04
*** cp16net has quit IRC18:04
*** cp16net has joined #openstack-dev18:04
*** zzed has joined #openstack-dev18:05
*** dolphm has joined #openstack-dev18:05
openstackjenkinsProject nova-docs build #2083: SUCCESS in 5 min 36 sec: https://jenkins.openstack.org/job/nova-docs/2083/18:06
openstackjenkinsrbryant: Fix broken devref docs.18:06
*** dolphm has quit IRC18:06
*** vincentricci has quit IRC18:08
*** vincentricci has joined #openstack-dev18:08
*** vincentricci_ has joined #openstack-dev18:09
*** vincentricci has quit IRC18:09
*** vincentricci_ is now known as vincentricci18:09
*** vincentricci has quit IRC18:09
*** vincentricci has joined #openstack-dev18:09
openstackgerritArmando Migliaccio proposed a change to openstack/nova: bug 921087: i18n-key and local-storage hard-coded in xenapi  https://review.openstack.org/338018:10
uvirtbotLaunchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,In progress] https://launchpad.net/bugs/92108718:10
zulmtaylor: ping18:10
zulor jeblair: ping18:11
mtaylorjk0: on it18:11
*** vincentricci has quit IRC18:11
*** vincentricci has joined #openstack-dev18:11
*** vincentricci_ has joined #openstack-dev18:13
openstackgerritSoren Hansen proposed a change to openstack/nova: Remove Hyper-V support  https://review.openstack.org/363018:13
*** hashar has quit IRC18:13
*** vincentricci_ has quit IRC18:13
*** vincentricci_ has joined #openstack-dev18:14
*** nati2 has joined #openstack-dev18:15
*** jdurgin has joined #openstack-dev18:15
*** vincentricci has quit IRC18:16
*** vincentricci_ is now known as vincentricci18:16
*** zns has joined #openstack-dev18:19
*** derekh has quit IRC18:21
openstackgerritJohannes Erdfelt proposed a change to openstack/nova: Make sure multiple calls to _get_session() aren't nested  https://review.openstack.org/363118:21
*** eglynn has joined #openstack-dev18:24
*** dolphm has joined #openstack-dev18:25
*** nati2 has quit IRC18:27
*** david-kranz has joined #openstack-dev18:27
*** nati2 has joined #openstack-dev18:28
*** adjohn has joined #openstack-dev18:29
openstackgerritVerification of a change to openstack/nova failed: Optionally pass a instance uuid to log methods.  https://review.openstack.org/360818:31
*** dolphm has quit IRC18:31
openstackgerritThiago Morello proposed a change to openstack/python-quantumclient: Log all logs to syslog in addition to any chosen location (as a file or stdout)  https://review.openstack.org/362218:32
*** darraghb has quit IRC18:36
*** rkukura has joined #openstack-dev18:36
morellonPotHix: https://launchpad.net/~openstack-cla18:38
PotHixmorellon: tks!18:38
gyeetermie, ut?18:44
openstackgerritDan Prince proposed a change to openstack/openstack-chef: Remove EC2 admin API.  https://review.openstack.org/363218:44
*** novas0x2a|laptop has joined #openstack-dev18:46
deshantmtip of devstack error: http://paste.openstack.org/show/4631/ (known issue?)18:47
znsmtaylor, jeblair: could you resubmit https://review.openstack.org/#change,3605 when the problem is solved? It failed because of "No ready nodes"18:48
mtaylorzns: yes18:49
*** danwent has joined #openstack-dev18:50
openstackjenkinsProject nova-docs build #2084: SUCCESS in 5 min 59 sec: https://jenkins.openstack.org/job/nova-docs/2084/18:51
openstackjenkins* mark.washenberger: Add mkswap to rootwrap18:51
openstackjenkins* motokentsai: Correct checking existence of security group rule18:51
*** hashar has joined #openstack-dev18:53
*** dolphm has joined #openstack-dev18:55
*** adjohn has quit IRC18:56
*** bepernoot has joined #openstack-dev18:56
*** adjohn has joined #openstack-dev18:56
*** dolphm_ has joined #openstack-dev18:58
termiegyee: if by "ut?" you mean "ping" then: pong18:59
*** dolphm has quit IRC18:59
gyeeut = you there19:00
gyeeyes19:00
gyeetermie, I still having problem with the KSL sql backend19:00
termiegyee: i know, i'm just trying to keep us acting like civilized geeks19:00
gyee:)19:00
termiegyee: whatcha running into19:00
*** bepernoot has quit IRC19:00
gyeeI changed the driver for Identity to sql19:00
gyeeI can see bla.db got created when I do keystone-manage user name=blah password=blah ..19:01
gyeebut it failed at users table doesn't exist19:01
gyeeI than ran sqlite3 bla.db and do a .schema19:01
gyeeno tables exist19:01
gyeeseems like the schema didn't get created19:02
termiegyee keystone-manage db_sync19:02
gyeeam I missing an important parameter in keystone.conf?19:02
gyeeoh, I need to do that first?19:02
gyeethought that's automatic, don't remember having to do that in essex19:03
termiegyee: automatically creating a database is a bad thing to do from a sys admin perspective19:04
termieanyway, that info hsould be added here: https://github.com/termie/keystonelight/blob/master/docs/source/developing.rst19:04
openstackjenkinsProject nova-docs build #2085: SUCCESS in 6 min 28 sec: https://jenkins.openstack.org/job/nova-docs/2085/19:07
openstackjenkinsJohannes Erdfelt: Make sure multiple calls to _get_session() aren't nested19:07
gyeeseems like KSL also stands for DIY :)19:07
termiegyee: it isn't keystone essex and it doesn't want to be19:08
*** sleepsonthefloo has joined #openstack-dev19:09
adam_gany nova cores wish to help get this thru before we upload our weekly nova snapshot into ubuntu? https://review.openstack.org/#change,3479  nova-volume is basically useless without it and i'd prefer not to carry a temporary patch19:09
*** ohnoimdead has joined #openstack-dev19:09
adam_g+1 to requiring manual database migrations and doing away with broken autocreate nonsense19:09
*** vincentricci_ has joined #openstack-dev19:10
*** vincentricci has quit IRC19:10
*** vincentricci_ is now known as vincentricci19:10
dolphm_gyee: keystone proper is *supposed* to make you create your database (and *did*, for a while), but there's an open bug debating the issue (bug 908296)19:10
uvirtbotLaunchpad bug 908296 in keystone "keystone-manage database sync fails when executed more than once" [Undecided,Confirmed] https://launchpad.net/bugs/90829619:10
gyeeunderstood the "doesn't want to be" part, I am withholding judgment on the "easier to use than essex" part for now :)19:12
adam_gglance bug #824794 is a pretty good one against using migrate/sync + autocreation19:12
uvirtbotLaunchpad bug 824794 in glance "Tables are generated outside of migration process" [Low,In progress] https://launchpad.net/bugs/82479419:12
gyeedolphm_, thanks for the info19:13
*** sleepsonthefloo has quit IRC19:14
*** sleepsonthefloo has joined #openstack-dev19:14
openstackgerritBrian Waldon proposed a change to openstack/nova: Excise M2Crypto!  https://review.openstack.org/361419:14
dolphm_adam_g: thanks for the link19:15
adam_gdolphm_: likewise, i wasn't aware there was current discussion going on. the issue in glance has been a bit of a nightmare for ubuntu packaging.19:18
gyeedalphm_, keystone-manage database sync can't detect the version on the existing db and act accordingly?19:18
adam_gdolphm_: some more juicy reading at bug #77931119:18
uvirtbotLaunchpad bug 779311 in glance "Glance update for Ubuntu failing" [High,Confirmed] https://launchpad.net/bugs/77931119:18
dolphm_gyee: no, it can't, but keystone-manage provides a CLI to get you going if you know the version (and we have docs mapping release milestones to db version #'s)19:19
*** cp16net_ has joined #openstack-dev19:19
dolphm_gyee: keystone_manage version_control_database --help19:19
dolphm_gyee: keystone_manage goto_database --help19:19
gyeeyes, I've used it19:19
gyeefor the domains prototype, the wiki is very helpful19:19
*** rnirmal has quit IRC19:19
gyeeI just wasn't aware that KSL no longer creates the db on startup, now I know19:20
openstackjenkinsProject nova-docs build #2086: SUCCESS in 6 min 4 sec: https://jenkins.openstack.org/job/nova-docs/2086/19:21
openstackjenkinsJesse Andrews: remove unsupported ec2 extensions19:21
*** cp16net has quit IRC19:21
*** cp16net_ is now known as cp16net19:21
termiegyee, dolphm_ : well, as ksl is versioned from the beginning that part shouldn't be a problem19:22
termiegyee, dolphm_: i hope to generate a nice tutorial for getting started with ksl19:23
gyeetermie, yes, only one script in migrate_repo/versions right now19:23
*** bepernoot has joined #openstack-dev19:23
termiegyee: good to start with one version if you can manage it ;) stuff will change in there a little bit once there is a slightly more structured way for extensions to do their own versioning19:24
gyeetermie, I can be the hamster19:24
gyeeguinea pig I mean19:24
termiehehe19:24
openstackgerritTrey Morris proposed a change to openstack/nova: Ties quantum, melange, and nova network model  https://review.openstack.org/330919:25
*** mikeyp has joined #openstack-dev19:26
*** zzed has quit IRC19:27
openstackgerritTrey Morris proposed a change to openstack/nova: Ties quantum, melange, and nova network model  https://review.openstack.org/330919:29
*** dwalleck_nova has joined #openstack-dev19:38
*** Gordonz has joined #openstack-dev19:39
openstackgerritVerification of a change to openstack/nova failed: Ties quantum, melange, and nova network model  https://review.openstack.org/330919:39
*** lloydde has joined #openstack-dev19:42
jeblairannegentle: updated bug 92450719:44
uvirtbotLaunchpad bug 924507 in openstack-ci "Need to install pandoc 1.8.1.1 on Jenkins server to automate markdown docs work" [High,Fix committed] https://launchpad.net/bugs/92450719:44
annegentlejeblair: ah, got it about "manuals" v "oneiric"19:45
*** lloydde has quit IRC19:46
annegentlejeblair: thanks for the quick work, too!19:46
*** lloydde_ has joined #openstack-dev19:46
*** lloydde_ has quit IRC19:46
*** novas0x2a|laptop has quit IRC19:47
*** novas0x2a|laptop has joined #openstack-dev19:47
jeblairannegentle: np19:48
*** dubsquared has quit IRC19:49
*** _adjohn has joined #openstack-dev19:49
*** adjohn has quit IRC19:50
*** _adjohn is now known as adjohn19:50
*** vincentricci_ has joined #openstack-dev19:50
*** vincentricci has quit IRC19:51
*** vincentricci_ is now known as vincentricci19:51
openstackjenkinsProject nova-docs build #2087: SUCCESS in 5 min 32 sec: https://jenkins.openstack.org/job/nova-docs/2087/19:52
openstackjenkinspbrady: optimize libvirt raw image handling. Bug 92497019:52
uvirtbotLaunchpad bug 924970 in nova "test timeouts with libvirt raw images" [Undecided,Fix committed] https://launchpad.net/bugs/92497019:52
Vekis there a list of granted FFEs somewhere?19:58
openstackgerriteglynn proposed a change to openstack/glance: Respawn glance services on unexpected death.  https://review.openstack.org/355019:59
*** stuntmachine has quit IRC19:59
openstackgerritDevdeep Singh proposed a change to openstack/nova: Changes for supporting fast cloning on Xenserver. (Implements https://blueprints.launchpad.net/nova/+spec/fast-cloning-for-xenserver) 1. use_cow_images flag is reused for xenserver to check if copy on write images should be used. 2. image-id is used to   https://review.openstack.org/334319:59
*** deshantm has quit IRC20:01
*** zzed has joined #openstack-dev20:03
*** hashar has joined #openstack-dev20:03
*** stuntmachine has joined #openstack-dev20:06
openstackgerritVerification of a change to openstack/nova failed: Use name filter in GlanceImageService show_by_name  https://review.openstack.org/353420:06
openstackjenkinsProject nova-docs build #2088: SUCCESS in 6 min 27 sec: https://jenkins.openstack.org/job/nova-docs/2088/20:07
openstackjenkinsalex.meade: Instances to be created with a bookmark link20:07
openstackgerritJohannes Erdfelt proposed a change to openstack/nova: lockfile.FileLock already appends .lock  https://review.openstack.org/363320:08
*** bepernoot has quit IRC20:12
*** deshantm has joined #openstack-dev20:14
openstackgerritZiad Sawalha proposed a change to openstack/nova: Use Keystone Extension Syntax for EC2 Creds  https://review.openstack.org/336520:15
*** vincentricci_ has joined #openstack-dev20:19
*** vincentricci has quit IRC20:19
*** vincentricci_ is now known as vincentricci20:19
*** danwent has quit IRC20:20
*** nati2 has quit IRC20:21
*** novas0x2a|laptop has quit IRC20:22
*** novas0x2a|laptop has joined #openstack-dev20:23
openstackgerritRussell Bryant proposed a change to openstack/nova: Don't block forever for rpc.(multi)call response.  https://review.openstack.org/362820:23
*** sandywalsh has quit IRC20:25
*** bencherian has joined #openstack-dev20:26
*** adjohn has quit IRC20:26
*** bencherian has quit IRC20:28
*** maplebed has joined #openstack-dev20:34
openstackjenkinsProject nova-docs build #2089: SUCCESS in 5 min 37 sec: https://jenkins.openstack.org/job/nova-docs/2089/20:36
openstackjenkinstreyemorris: Ties quantum, melange, and nova network model20:36
*** bepernoot has joined #openstack-dev20:36
*** jakedahn has joined #openstack-dev20:37
*** jakedahn has joined #openstack-dev20:37
openstackgerritAlex Meade proposed a change to openstack/nova: Fix logging to log correct filename and line numbers  https://review.openstack.org/363420:37
*** sandywalsh has joined #openstack-dev20:38
*** bepernoot has quit IRC20:44
openstackgerritJake Dahn proposed a change to openstack/horizon: Window now goes as low as 1024px wide without breaking.  https://review.openstack.org/363520:45
markmcvishy, I haz problemz20:46
vishymarkmc: uhoh20:46
openstackgerritVerification of a change to openstack/nova failed: Respect availability_zone parameter in nova api  https://review.openstack.org/295620:46
markmcvishy, MultiStrOpt is terminally borked20:46
markmcvishy, not sure how I didn't notice20:47
openstackgerritMonsyne Dragon proposed a change to openstack/nova: Make parsing of usage stats from XS more robust.  https://review.openstack.org/359520:47
markmcbut e.g.20:47
markmc[DEFAULT]20:47
markmcfoo = bar20:47
markmcfoo = blaa20:47
markmcjust doesn't make any sense to ConfigParser20:47
vishymarkmc: uh oh, termie was having some big issues with cfg the other day20:47
vishyi wonder if it is related20:47
markmccould be20:47
markmcnow, we don't have many multistr options20:48
markmc5 in fact20:48
openstackgerritRick Harris proposed a change to openstack/nova: Support custom routes for extensions.  https://review.openstack.org/350220:49
markmcvirt_mkfs is only multistr because its values include a comma20:49
markmcthen there's ldap_dns_servers and list_notifier_drivers20:49
markmcwhich are both a bit dumb because their name is plural20:49
markmci.e. --list_notifier_drivers=foo --list_notifier_drivers=bar makes not much sense20:49
markmcthen there's osapi_compute_extension and osapi_volume_extension20:50
markmcwhich could just be lists?20:50
* markmc is inclined to just kill off multistr20:50
openstackjenkinsProject nova-docs build #2090: SUCCESS in 5 min 59 sec: https://jenkins.openstack.org/job/nova-docs/2090/20:52
openstackjenkinsJohannes Erdfelt: lockfile.FileLock already appends .lock20:52
*** sandywalsh has quit IRC20:54
*** bepernoot has joined #openstack-dev20:57
*** n0ano has quit IRC20:58
bcwaldonVek: Can you revist this? https://review.openstack.org/#change,352620:59
*** bepernoot has quit IRC20:59
bcwaldonvishy: thoughts on https://review.openstack.org/#change,353321:00
mikalThe Jenkins run for https://review.openstack.org/#change,3608 appears to have failed because of a git fetch error. Is there some way I can kick it until it runs again?21:01
*** dubsquared has joined #openstack-dev21:02
*** zzed has quit IRC21:02
vishybcwaldon: honestly that is a question for the ec2-api team21:02
vishybcwaldon: I don't really care either way21:03
*** zzed has joined #openstack-dev21:03
bcwaldonvishy: I'm for removing it no matter what since it isnt a valid piece of *any* api21:03
vishyoh21:03
vishybcwaldon: then pull it out21:03
bcwaldonvishy: its not that we're implementing forward versions21:03
vishybcwaldon: is there a parameter called name?21:03
vishyI wonder how jesse missed it in his patch21:03
bcwaldonvishy: he was pulling out major pieces, this is one tiny hidden field21:04
vishybcwaldon: snapshot has displayName though21:04
bcwaldonvishy: in the ec2 spec?21:04
*** cp16net has quit IRC21:05
vishyi don't know21:05
bcwaldonvishy: http://docs.amazonwebservices.com/AWSEC2/2011-12-15/APIReference/ApiReference-query-DescribeImages.html21:05
*** cp16net has joined #openstack-dev21:05
bcwaldonvishy: you can see that 'name' is valid in the latest spec for DescribeImages21:05
vishybcwaldon: then rename it to name?21:05
bcwaldonvishy: so I think its clear that we *don't* want displayName21:05
bcwaldonvishy: right, the question is whether we change to name or drop21:05
vishyso that i could go either way on21:06
bcwaldonvishy: I vote we drop because implementing part of a future unsupported version is useless21:06
bcwaldoneuca2ools isnt going to use it21:06
vishydoes euca2ools support it?21:06
bcwaldonwe dont tell euca200ls to use the latest version!21:06
vishythen we could pull it i guess21:06
*** bepernoot has joined #openstack-dev21:07
bcwaldondo you know off-hand who I should ping on ec2-api team?21:07
openstackgerritAlex Meade proposed a change to openstack/nova: Fix logging to log correct filename and line numbers  https://review.openstack.org/363421:07
*** PotHix has quit IRC21:10
vishyhttp://wiki.openstack.org/Teams#Nova_EC2_API_Team21:10
vishyzul: ^^21:10
*** sandywalsh has joined #openstack-dev21:10
bcwaldonzul: around?21:10
ayoungtermie, vishy, just checking,  but for basic authentication in LDAP,  we want to follow the practice of doing a simple bind, right?21:13
*** Remco_ has joined #openstack-dev21:14
bcwaldonjohan_-_: thanks for the DH snippet21:15
bcwaldonjohan_-_: I'll pull it into m y patch21:15
*** troytoman is now known as troytoman-away21:15
vishyayoung: define simple bind?21:15
ayoungvishy, the LDAP simple bind command?21:15
Ryan_Laneayoung: you mean as opposed to SASL?21:15
* vishy goes to refresh his memory21:15
Ryan_Laneyou'll have widest support with simple bind, rather than SASL21:16
ayoungRyan_Lane, is SASL supported from Eventlet?21:16
vishyayoung: I know there was a patch proposed to add SASL in nova21:16
vishyso i think it would be good to support it21:16
vishythe python bindings support it21:16
ayoungvishy, I was just getting started on the LDAP code, and looking at the existing authenticate calls.21:17
mikalvishy: I'm not clear on if there are more changes you want me to make on https://review.openstack.org/#change,290221:17
vishyI'm ok with it21:17
ayoungUsually when you auth to LDAP,  you make a simple bind,  let the LDAP server hash or whatever it does,  and if the bind is successful, treat it as authenticated21:18
vishymikal: perhaps it should explicitly request an FFe21:18
mikalI'm composing an email about that now21:18
mikalWould you be supportive?21:18
vishyyes21:18
Ryan_Laneayoung: well, it depends, there's a number of ways to do it. the most basic is to do a simple bind with userdn and password21:18
mikalCool21:18
ayoungRyan_Lane, right21:19
Ryan_Laneayoung: but SASL is also supported, and is used for GSSAPI and a few other kinds of SASL auth21:19
dprincebcwaldon: regarding EC2 API display name. I've always thought our EC2 API was more about functionality than API correctness. If people want displayName then why not keep it?21:19
Ryan_Laneayoung: you should likely start with simple bind, and add SASL later21:19
mikalvishy: any thoughts on how to trick jenkins into trying again for https://review.openstack.org/#change,3608 ?21:19
ayoungRyan_Lane, so  I am looking at getting parity between the current Keystone impl and Keystone Light.21:19
ayoungyes21:19
dprincebcwaldon: I mean there are other oddities in that API where we don't explicitly follow the SPEC right?21:19
ayoungso SASL would be a new feature,  Fremont timeframe21:20
Ryan_Lanethe current implementation also allows lookup before bind21:20
bcwaldondprince: we're working on removing the extra stuff (jesse's patch just landed to remove ec2adminapi)21:20
ayoungRyan_Lane, yeah, I noticed that.  Why?21:20
Ryan_Lanewhere you use a proxy-agent to find a user's DN based on a search attribute, then bind as the user21:20
bcwaldondprince: and I feel like its useless because no major clients are going to pick it up21:20
openstackgerritDolph Mathews proposed a change to openstack/python-keystoneclient: Simplified method names to be more self explanatory  https://review.openstack.org/363621:20
bcwaldondprince: and keep in mind 'displayName' is not a valid attribute for images, it would have to be 'name'21:20
openstackgerritRick Harris proposed a change to openstack/nova: DRYing up Volume/Compute APIRouters  https://review.openstack.org/363721:21
Ryan_Laneayoung: not all LDAP servers allow anonymous searches, and not all directory information trees keep users in one part of a tree21:21
dprincebcwaldon: Sure. Essentially what Justins ticket is about... Honestly. I'm fine either way. Just saying it seems reasonable to keep it if it is useful.21:21
Ryan_Laneso, you can't assume testuser is uid=testuser,ou=people,dc=blah,dc=blah21:21
openstackjenkinsProject nova-docs build #2091: SUCCESS in 6 min 2 sec: https://jenkins.openstack.org/job/nova-docs/2091/21:21
openstackjenkins* Brian Waldon: Use name filter in GlanceImageService show_by_name21:21
openstackjenkins* rbryant: Clear out RPC connection pool before exit.21:21
openstackjenkins* rbryant: Empty connection pool after test_kombu.21:21
bcwaldondprince: I'm arguing that it isnt useful21:21
ayoungRyan_Lane, right21:21
Ryan_Lanealso, it could be using a different naming attribute21:21
Ryan_Laneso, it could be cn=testuser,ou=people....21:22
Ryan_Lanebut LDAP servers generally require a full DN to bind21:22
Ryan_Laneit's slightly less efficient do search before bind, but is usually needed21:22
Ryan_Lane(memcache is your friend here ;) )21:23
openstackgerritVerification of a change to openstack/nova failed: Empty connection pool after test_kombu.  https://review.openstack.org/358521:24
ayoungRyan_Lane, all that makes sense21:25
*** adjohn has joined #openstack-dev21:25
Ryan_Laneayoung: I wrote part of the ldap implementation for nova. let me know if you have any questions21:25
*** dprince has quit IRC21:25
ayoungRyan_Lane, OK,  so my thought was to start by talking to a real LDAP server (even though the tests will run against fakeldap21:26
ayoungand to populate it with a few users21:26
ayoungand the to start by getting authenticate to work21:26
ayoungauthenticate requires being able to find a user,  and also to find the tenancy21:27
*** mcclurmc has quit IRC21:27
Ryan_Lanethis is for LDAP support in keystone?21:27
ayoungRyan_Lane, yes21:27
Ryan_Laneisn't there already an LDAP driver?21:27
vishyayoung: Ryan_Lane rewrote all of my code to make it more LDAPy :)21:27
ayoungRyan_Lane, with the cut over from Keystone  to Keystonelight,  we lose the current LDAP code21:27
Ryan_Laneah21:28
*** mcclurmc has joined #openstack-dev21:28
vishyayoung: are you basing it off one of those codebases?21:28
openstackgerritBrian Waldon proposed a change to openstack/nova: Excise M2Crypto!  https://review.openstack.org/361421:28
vishyprobably easier than rewriting everything from scratch21:28
ayoungvishy, I'm looking at both keystone-current and nova21:28
Ryan_Lanetermie mentioned that this support was going to let us munge lookups to existing schema21:28
vishyayoung: cool21:28
Ryan_Lane(I like this idea)21:29
vishyRyan_Lane: that would be awesome but i think we have to support creating schema as well21:29
Ryan_Lanerole support might be hard, though21:29
vishyRyan_Lane: roles/groups are totally inconsistent across installs, yes?21:29
*** mcclurmc has left #openstack-dev21:29
vishyas in everyone does it differently?21:29
Ryan_Laneyep21:29
vishyRyan_Lane: what about AD, does it have a standard for roles/groups?21:29
termieRyan_Lane: i mentioned that that was my plan, i don't know how far along that path ayoung is21:29
Ryan_Lanewell, groups are mostly easy21:30
Ryan_Laneroles are hard21:30
ayoungtermie, I've barely  crossed the woodline21:30
Ryan_Laneespecially if we need to consider roles with capabilities21:30
vishyRyan_Lane: because i think that would be the most asked for version21:30
ayoungRyan_Lane, but 'groups' are not a Keystone concept. Tenants and Roles are21:30
Ryan_Lanevishy: yeah. likely21:30
vishyRyan_Lane: capabilities I think will be stored outside21:30
Ryan_Laneah. ok21:30
Ryan_Lanethat's easier, then21:30
vishyRyan_Lane: Ldap seems like a pretty nasty place to do it21:30
Ryan_Lane+121:31
Ryan_LaneI completely agree21:31
vishytermie: has a policy engine to match roles / actions / objects21:31
vishy== capabilities21:31
Ryan_LaneI'd likely map groups to tenants21:31
Ryan_Lanethen make a schema for roles21:31
*** bepernoot has quit IRC21:32
vishyRyan_Lane: maybe a more sane schema than the one I had and you modified21:32
Ryan_Laneroles aren't consistently implemented anywhere21:32
vishyin nova21:32
Ryan_Laneheh. yeah21:32
vishythat one was a bit of a cluster as i recall21:32
Ryan_Laneroles in nova were awkward21:32
vishyalthough it does work!21:32
Ryan_Laneit does, yeah21:32
Ryan_Lanea tenant just has a list of users, right?21:33
ayoungRyan_Lane, the thing is,  I think that a user can only be in one tenant, right?21:33
termieayoung: no21:33
Ryan_Laneevery LDAP server has some form of group that easily works for this.21:33
termieuser >-< tenant21:33
Ryan_Lanewe used groupofnames, right?21:34
ayoungtermie, so username have to be globally unique?21:34
Ryan_Laneno21:34
vishyayoung: no21:35
termieayoung: user.name and user.id, yes21:35
ayoungheh21:35
Ryan_Laneyou use the full DN in groups.21:35
ayoungI'll let you fight it out.21:35
vishyayoung: you can have a default tenant, but you can belong to multiple21:35
termiepeople are answering different questiosn21:35
Ryan_Lanetrue21:35
termieusers and tenants are many to many in the standard data model21:35
*** mnewby has joined #openstack-dev21:36
termiethat does not have to be true for ldap21:36
openstackgerritLorin Hochstein proposed a change to openstack/openstack-manuals: Keystone config permission should be 0640, not 0644  https://review.openstack.org/363821:36
openstackjenkinsProject nova-docs build #2092: SUCCESS in 5 min 10 sec: https://jenkins.openstack.org/job/nova-docs/2092/21:36
openstackjenkinsarmando.migliaccio: bug 921087: i18n-key and local-storage hard-coded in xenapi21:36
uvirtbotLaunchpad bug 921087 in nova "i18n-key and local-storage hard-coded in xenapi" [Undecided,Fix committed] https://launchpad.net/bugs/92108721:36
*** kpepple has joined #openstack-dev21:37
termieat the moment an expected use case is somebody who is authenticating without specifying the tenant, which means it may be hard to lookup the ldap record21:37
Ryan_Lanehowever, no one sane has non-unique usernames that can be used21:37
*** deshantm_ has joined #openstack-dev21:37
openstackgerritVerification of a change to openstack/nova failed: Don't block forever for rpc.(multi)call response.  https://review.openstack.org/362821:37
*** apevec has quit IRC21:38
Ryan_Laneuserid -> userdn -> group search -> list of groups (tenants)21:38
termieRyan_Lane: and user names and user ids have to be unique, as there are already calls in use that lookup user by name21:39
vishymarkmc: don't we use it for extensions also?21:39
vishymarkmc: oh you mentioned that21:39
Ryan_Lanetermie: makes sense. that's slightly painful, but doable.21:39
termieRyan_Lane: rather painful for a lot of things, unfortunately, i don't think it is the worlds greatest idea21:40
Ryan_Lanethat means ldap admins are forced to ensure two attributes are unique. most ldap servers have plugins to enforce that, though21:40
vishymarkmc: list specifications on the commandline aren't quite as pretty, is it really hard to get multistring working?21:40
Ryan_Laneis there any way to kill of that requirement in the future?21:40
termieRyan_Lane: not very likely, i've fought it quite a bit already21:41
openstackgerritSoren Hansen proposed a change to openstack/nova: Remove Hyper-V support  https://review.openstack.org/363021:41
*** deshantm has quit IRC21:41
openstackgerritRick Harris proposed a change to openstack/nova: Improve dom0 and template VM avoidance.  https://review.openstack.org/363921:41
termieRyan_Lane: when people design systems with multiple unique identifiers it is pretty hard to get rid of it21:41
Ryan_Laneright21:41
termieRyan_Lane: ksl started with just id and name==id21:41
Ryan_Laneheh21:41
termieRyan_Lane: but everything using keystone uses those inconsistently, and expects name to be mutable but id to not be21:42
*** novas0x2a|laptop has quit IRC21:42
termieRyan_Lane: so name needs to be indexed, mutable, and unique21:43
* termie rolls his eyes21:43
openstackgerritTodd Willey proposed a change to openstack/nova: Add SSH Bastion support as alternate cloudpipe.  https://review.openstack.org/259321:43
Ryan_Laneugh21:43
termienow, i think ldap can get away with shortcuts21:43
termiebecause i don't think people are expecting to write to ldap from keystone21:44
Ryan_Laneoh. it's going to be read-only?21:44
Ryan_Lanethat makes things quite a bit easier21:44
termiethe first two layer of implementations will be21:44
termieif people really think they need to write to it they can implement the crud extensions and rip their hair out21:45
ayoungtermie, Ryan_Lane if LDAP is going to be read only,  isn't PAM sufficient?21:45
Ryan_Laneugh21:45
termieayoung: for the first level (auth) yes21:45
Ryan_Laneplease no21:45
openstackgerritZiad Sawalha proposed a change to openstack/python-novaclient: Region is empty breaks novaclient  https://review.openstack.org/364021:45
*** novas0x2a|laptop has joined #openstack-dev21:45
ayoungRyan_Lane, PAM is already implemented21:45
vishymarkmc: also, is there a way to do what I mentioned on this branch? https://review.openstack.org/357821:45
termieayoung: but the second level ideally handles roles and tenants21:45
*** andrewsmedina has quit IRC21:46
Ryan_Lanethat means the system needs to be configured as an LDAP client21:46
ayoungtermie, if those are done as groups,  PAM should be able to support them as well21:46
Ryan_Laneand that *really* sucks21:46
ayoungRyan_Lane, PAM, not NSSwitch21:46
Ryan_Lanestill requires PAM to be configured for LDAP21:46
ayoungright21:46
ayoungthat is pretty standard, though21:47
Ryan_Lanethink of the case where the system is already part of an LDAP domain, and it is serving keystone auth for web services21:47
Ryan_Lanethe keystone auth may not be the same domain21:47
termieanyway, people who want to do that will be able to do that with pam, but most of what i've heard from people is that that isn't what they want21:47
ayoungOK21:47
Ryan_Lanefor web auth, it's usually the case that another domain is being used21:48
openstackgerritVerification of a change to openstack/nova failed: Fix VPN ping packet length.  https://review.openstack.org/360021:50
Ryan_Laneroles are implemented per-tenant, and globally?21:51
termieRyan_Lane: roles are associated with user-tenant pairs21:51
Ryan_Laneah, so it's a triple? (user,tenant,role)?21:51
termieRyan_Lane: in the standard data model it is (user, tenant), (roles)21:52
termieit is actually (user, tenant), metadata21:52
Ryan_Lanethis is where LDAP implementation gets painful21:52
termiebut the main point is get_roles_for_user_tenant(user, tenant)21:53
termieshould return a list of roles21:53
openstackgerritVerification of a change to openstack/openstack-manuals failed: Keystone config permission should be 0640, not 0644  https://review.openstack.org/363821:53
*** lorin1 has joined #openstack-dev21:54
Ryan_Lanehm21:54
Ryan_Lanemight be possible to have it as a key-pair on the user's entry21:54
Ryan_Lanea multi-value attribute of key-pairs21:54
termieRyan_Lane: how are you making a user part of multiple teantns in ldap?21:55
*** hashar has quit IRC21:55
Ryan_Lanea tenant is a group with a list of members (which are userdns)21:55
termiecan you make a tenant a group with a list of sub groups with a list of members?21:56
Ryan_Lanethat's how we're doing roles right now21:56
Ryan_Lanein nova21:56
termieit makes roles immutable21:56
Ryan_Laneit's awkward, at best21:56
termiebut -shrug-21:56
termiek21:56
termiehmm21:56
openstackgerritA change to openstack/horizon has been rejected: Handle tenant deletion when a tenant isn't empty. Fixes bug 923951.  https://review.openstack.org/355421:56
uvirtbotLaunchpad bug 923951 in horizon "Tenant delete fails when there are users attached" [Medium,In progress] https://launchpad.net/bugs/92395121:56
termiejust make it so that a user can only belong to one tenant in ldap?21:56
Ryan_Lanewouldn't that be problematic for nova?21:57
termieno, it is just the user model.21:57
termienova doesn't care who you are21:57
Ryan_LaneI have users in up to 10-20 nova projects right now21:57
termieokay, so you wouldn't be able to use that, but nova doesn't care21:58
termienova does what your user model tells it it can do21:58
termieif your user model allows a user in 10 projects, then nova does21:58
openstackgerritDiane Fleming proposed a change to openstack/compute-api: Updating version to v2 from v1.1  https://review.openstack.org/364121:58
Ryan_Laneit's also good to allow ldap admins to extend the concept of tenants21:58
*** Gordonz_ has joined #openstack-dev21:58
termieanyway21:59
*** Gordonz_ has quit IRC21:59
*** lorin1 has left #openstack-dev21:59
*** Gordonz has quit IRC22:00
termiecan we make teantns groups of users, and users are groups of "tenant roles" which are groups of roles?22:00
*** Gordonz has joined #openstack-dev22:01
ayoungI'd say that a Tenant should be a group,  and a user can belong to multple tenancies.  If we want, we can define a default tenancy, as there is the concept of a default group22:01
termieayoung: that's besides the point right now, i think22:01
Ryan_Lanethere needs to be some way to map tenants, groups and roles22:01
termietenants, users and roles22:02
Ryan_Lanethat's what we are currently discussing. it's a difficult problem22:02
termiegroups doesn't exist22:02
Ryan_Laneerr22:02
Ryan_Lanesorry22:02
Ryan_Lanemeant users22:02
termieyou have a relatively low number of calls you need to fulfiull22:02
termielist tenants for user, get user by id, get user by name, get tenant by id, get tenant by name, get roles for user and tenant22:03
*** david-kranz has quit IRC22:03
Ryan_Lanethe last one is the only difficult one22:03
markmcvishy, that SetDefault thing should work for armando22:03
termieif you make tenants have a groupo f users, and users have a group of "tenant roles" that are groups of roles22:03
vishymarkmc: yeah that is what I thought, it should be picking it up immediately if it wasn't set already in a config somewhere right?22:04
ayoungcan't a role be a group as well, with both the tenant and the users that have that role done as member-of22:04
Ryan_Laneright, that's doable via a key-pair on the user's entry22:04
ttxRyan_Lane: when do you arrive in Brussels ?22:04
ayoungYou can also do it via ACIs....22:04
* ayoung ducks22:04
Ryan_Lanettx: the 3rd22:04
termieto satisfy the last one you get the user, then you get the "tenant role" gorup for the given tenant, and return the roles listed in that group22:04
markmcvishy, if you look at _get() in cfg - the default from set_default() takes preference over the default= passed to StrOpt22:04
termiei'm not familiar with how key lookups in ldap work, can you reference other nodes?22:05
Ryan_Laneayoung: a role can be a group, yes22:05
*** stuntmachine has quit IRC22:05
Ryan_Lanetermie: yes and no22:05
termieor is each "user" in a tenant group a different entity22:05
markmcvishy, self.flags(firewall_driver=...) will override that, though22:05
ttxRyan_Lane: cool. I'm on site already22:05
markmcvishy, maybe that's what he's seeing?22:05
Ryan_Lanelet me pastbin my idea22:06
openstackjenkinsProject nova-docs build #2093: SUCCESS in 5 min 53 sec: https://jenkins.openstack.org/job/nova-docs/2093/22:06
openstackjenkinsrbryant: Fix VPN ping packet length.22:06
markmcvishy, better solution might be to just have --libvirt_firewall_driver and --xenapi_firewall_driver and use one of them based on --connection_type22:06
*** rkukura has quit IRC22:08
vishymarkmc: hmm, I'm trying to not break existing configs22:08
markmcvishy, sure, okay22:08
markmcvishy, well, it's definitely doable - what you suggested should just work, I think22:08
vishymarkmc: speaking of which, is it hard to add back =True/1 and =False/0 support to bool22:08
*** bencherian has joined #openstack-dev22:08
vishymarkmc: would you mind posting that self.flags(xxx) will override it on the review?22:09
Ryan_Lanetermie: http://pastebin.com/KkeH9ZwW22:09
markmcvishy, it's there for options in the config file, which most of them will be when I post my patches22:09
Ryan_Laneof course, it isn't totally necessary to use a full DN for the tenant, but it's good from a referential integrity POV22:09
vishymarkmc: (in the interest of supporting old flagfiles)22:10
ayoungRyan_Lane, is that syntax legal?22:10
*** martine has quit IRC22:10
ayoungcn=tenantA,ou=groups,dc=example,dc=org,sysadmin22:10
termieRyan_Lane: http://pastebin.com/HGLGCrAK22:10
vishymarkmc: although, maybe we should ship a --flagfile -> config converter?22:10
Ryan_Laneayoung: it's a string, you can put whatever you want there22:10
* ayoung shudders22:10
Ryan_Lanetermie: adding entries under entries in LDAP is awkward22:10
Ryan_Laneand LDAP admins will revolt if we do that to user accounts. heh22:11
termiewell, if you are comfortable just filtering the kslrolepair22:11
termiethen seems fine22:11
Ryan_Lanethen when you need to rename users, you need to do a subtree rename22:11
markmcvishy, I've got conversion code, and it will take --foo=1 from a flagfile and convert that to foo=1 in the generated .ini file22:12
openstackgerritVerification of a change to openstack/nova failed: Support custom routes for extensions.  https://review.openstack.org/350222:12
Ryan_Laneyeah, we'd need to filter the keypair22:12
ayoungCould we add the roles as explicit attributes on the tenancy?22:12
Ryan_Lanewhich I guess could get fairly large22:12
ayounghow many different roles do we foresee?22:12
termieRyan_Lane: it won't get that large22:12
markmcvishy, nice idea on the conversion thing, would just need to add a nova-cfg-convert script using the code I already have22:12
termieRyan_Lane: it will be less than, say, 100022:13
ayoungWith roles,  the members fields is kindof meaningless22:13
Ryan_Laneayoung: you need to have some way of maping users into the roles22:13
ayoungRyan_Lane, right.  they would be entries in a multivalue attribute named by the role22:14
ayoungso  a tenant  would have an admins fields and that would have one entry per user22:14
openstackgerritA change to openstack/nova has been rejected: Remove Hyper-V support  https://review.openstack.org/363022:14
ayoungyes,  it would make it hard to see the generic "is this user a member of this tenant"22:14
Ryan_Lanethen you need to have an attribute for every role22:14
ayoungRyan_Lane, right22:14
markmcvishy, on multistr - I don't think any of those options would be in the CLI anyway, but for the config file ...22:15
Ryan_Laneand you'd have to modify the schema every time22:15
ayounghow many roles do we realistically expect?22:15
Ryan_LaneLDAP schemas are expected to never change22:15
markmcvishy, we could either make them lists and just do osapi_compute_extension = foo,bar22:15
ayoungUsually role is either "read only"  or "read write"22:15
ayoungIE/22:15
Ryan_Lanesorry, I phrased that poorly22:15
markmcvishy, or I could try something like osapi_compute_extension_foo = nova.blaa.foo osapi_compute_extension_bar = nova.blaa.bar22:15
ayoungif a user is an admin for a tenant they can add other users to that tenant22:15
Ryan_Laneldap objectclasses, one defined, are expected to never change22:16
vishymarkmc: that looks a little nonintuitive22:16
vishymarkmc: how do you solve the =, in the mkfs one?22:16
Ryan_Laneayoung: yeah, but it's the roles that are problematic22:16
markmcvishy, just not sure multistr is worth that effort22:16
*** nati2 has joined #openstack-dev22:16
ayounga tenant owns certain classes of resources (machines and networks for example) and certain members of the tenancy  can change some of the them22:16
* Ryan_Lane nods22:17
markmcvishy, can I not just say that's a bloody awful config option? :)22:17
*** zns has quit IRC22:17
Ryan_Laneayoung: but we need a way of mapping a role to a user inside of a tenant22:18
Ryan_Laneand all tenants will have roles with the same name22:18
markmcvishy, would virt_mkfs_linux = ... virt_mkfs_windows= be so bad?22:18
markmcvishy, as just normal stropts22:19
Ryan_Laneso, you either need to stick roles underneath other entries, or you need to use key-value pairs in attributes22:19
*** vincentricci has quit IRC22:19
Ryan_Lanein nova we stuck roles underneath tenants22:19
Ryan_Lanewe could do the same with KSL22:19
ayoungRyan_Lane, well, if everything were LDAP objects (hosts, networks)  it could be done with an ACI.  YOu would give a certai user  the ability to write on the hosts attribute of that tentant. But I am assuming that the roles will be used primarily outside of the LDAP server,  and just that LDAP wil lbe used to report the roles22:19
*** adjohn has quit IRC22:19
Ryan_Lanedo ACIs have an RFC?22:19
ayoungRyan_Lane, so each tenant is a container?22:19
ayoungRyan_Lane, ACIs are, I am fairly sure, not how we want to attack this.  I think they are server specific22:20
ayoungBUt I can check22:20
Ryan_LaneACIs are usually server specific22:20
Ryan_Laneand are usually for access control within a server22:20
Ryan_LaneI'm not sure if it'll be very useful for this22:20
openstackjenkinsProject nova-docs build #2094: SUCCESS in 5 min 24 sec: https://jenkins.openstack.org/job/nova-docs/2094/22:20
openstackjenkinsarmando.migliaccio: Bug #923865: (xenapi driver)instance creation fails if no guest agent is avaiable for admin password configuration22:21
uvirtbotLaunchpad bug 923865 in nova "(xenapi driver)instance creation fails if no guest agent is avaiable for admin password configuration" [Undecided,Fix committed] https://launchpad.net/bugs/92386522:21
Ryan_Laneayoung: yeah, in nova every tenant is a container22:21
Ryan_Laneand the implementation has roles as subentries22:21
ayoungRyan_Lane, then each role is an entry in the Tenant,  and the user gets a role by being in a multivalue attribute of the Role?22:21
openstackgerritVerification of a change to openstack/python-novaclient failed: Adding live migration subcommand  https://review.openstack.org/345622:21
Ryan_Laneyes22:22
ayoungRyan_Lane, OK,  I think that I like that as the simplest approach.22:22
Ryan_Laneit's good from a referential integrity POV, but slightly annoying in other ways22:22
*** zns has joined #openstack-dev22:22
ayoungWell, you have to duplicate a little bit of data22:22
Ryan_Lanewell, searches are slightly harder22:22
openstackgerritVerification of a change to openstack/nova failed: Fix multinode libvirt volume attachment lp #922232  https://review.openstack.org/347922:22
uvirtbotLaunchpad bug 922232 in nova "Volumes fail to attach without discovery using tgt" [Undecided,In progress] https://launchpad.net/bugs/92223222:22
Ryan_Laneyou have to have some way of differentiating tenants and roles22:23
ayoungThe user should probably be in the tenants member list,  as well as in the member list for the roles22:23
Ryan_Laneyes, that's how it's currently done22:23
Ryan_Lanetenants use groupofnames22:23
openstackgerritDiane Fleming proposed a change to openstack/compute-api: Updating to v2 from v1.1  https://review.openstack.org/364222:23
Ryan_Laneso do roles22:23
*** cp16net has quit IRC22:23
Ryan_Lanetenants have an owner, roles do not22:24
Ryan_Lanethat's how we currently differentiate them22:24
Ryan_Laneit's kind of a hack22:24
Ryan_Lanebut adding objectclasses just to differentiate them is kind of a hack too22:24
ayoungwe could tag them with different object classes22:24
*** dwalleck_nova has quit IRC22:24
ayoungyes,  unless there is some data that differentiates them22:24
Ryan_Laneand having roles underneath tenants is a PITA because it means you need to treat tenants as trees22:25
*** dwalleck_nova has joined #openstack-dev22:25
* ayoung nods22:25
Ryan_Lanethis is an alternative approach: http://pastebin.com/KkeH9ZwW22:25
*** dolphm_ has quit IRC22:25
ayoungkslrolepair22:25
*** zns1 has joined #openstack-dev22:25
openstackgerritVerification of a change to openstack/nova failed: Add support for pluggable l3 backends  https://review.openstack.org/327322:26
*** dwalleck_nova has quit IRC22:26
Ryan_Laneusers can members of tenants, and roles can be applied as key-value pairs on the user's account22:26
*** zns has quit IRC22:26
Ryan_Lanealternatively, we could have that as a key-value pair on the tenant22:26
Ryan_Lanebut, the attribute will be *much* larger if it's on the tenant22:27
chmouel /quit22:27
ayounghow many roles do we expect to have per tenant?22:27
openstackgerritGabriel Hurley proposed a change to openstack/horizon: Trades out a one-off style tweak for a reusable one from bootstrap.  https://review.openstack.org/356422:28
ayoungGotta run.  Daycare pickup22:28
Ryan_Laneok22:28
*** ayoung is now known as ayoung-afk22:28
Ryan_Laneayoung-afk: ping me later about this22:28
*** rods has quit IRC22:31
*** rods has joined #openstack-dev22:31
openstackgerritVerification of a change to openstack/nova failed: Fixing a rebuild race condition bug.  https://review.openstack.org/336722:37
*** dubsquared has quit IRC22:38
*** zaitcev has quit IRC22:38
*** zaitcev has joined #openstack-dev22:39
*** lts has quit IRC22:39
openstackgerritAnne Gentle proposed a change to openstack/openstack-manuals: Adds a pom to markdown files directory for automation work  https://review.openstack.org/364322:40
openstackgerritGabriel Hurley proposed a change to openstack/horizon: Reworked all the usage implementations into one standard set.  https://review.openstack.org/360422:40
Vekso, vish, it might be nice if there was a single place to look to see if some particular blueprint has an FFE :)22:47
Vekalso, anyone else notice that emails from review.openstack.org are *incredibly* slow today?22:47
openstackgerritVerification of a change to openstack/nova failed: Add 'all_tenants' filter to GET /servers.  https://review.openstack.org/353122:48
openstackgerritVerification of a change to openstack/python-novaclient failed: Region is empty breaks novaclient  https://review.openstack.org/364022:51
*** zzed has quit IRC22:58
Vekso, are mtaylor or jeblair looking into the gerrit/jenkins slowness and other problems?22:58
Vek(by which I mean the transient failures we're seeing in jenkins)22:58
*** ohnoimdead has quit IRC22:58
*** Remco_ has quit IRC22:59
*** Gordonz_ has joined #openstack-dev22:59
*** Gordonz_ has quit IRC23:00
mtaylorjeblair: ^^^23:01
*** Gordonz has quit IRC23:02
*** dolphm has joined #openstack-dev23:02
*** ohnoimdead has joined #openstack-dev23:02
mtaylorVek: working on it23:03
VekIt's really entertaining to receive, at 5:00pm, a change comment that was sent at 2:24pm :)23:03
Vek'k :)23:03
*** Gordonz has joined #openstack-dev23:04
openstackjenkinsProject nova-docs build #2095: SUCCESS in 6 min 8 sec: https://jenkins.openstack.org/job/nova-docs/2095/23:06
openstackjenkins* adamg: Fix multinode libvirt volume attachment lp #92223223:06
openstackjenkins* alex.meade: Fix logging to log correct filename and line numbers23:06
uvirtbotLaunchpad bug 922232 in nova "Volumes fail to attach without discovery using tgt" [Undecided,Fix committed] https://launchpad.net/bugs/92223223:06
*** ohnoimdead has quit IRC23:10
jeblairVek: spurious rejections should be fixed (stuck git upload processes were filling up gerrit's queue)23:12
*** adjohn has joined #openstack-dev23:13
jeblairVek: can you give me details on the slow email?  pastebin the headers would be great.23:13
Vekjeblair: Sure, a moment...23:16
*** bsza has quit IRC23:17
zulbcwaldon: not really just leave something and ill get to it23:17
Vekhttp://paste.openstack.org/show/4639/23:18
* Vek hrms23:21
*** vincentricci has joined #openstack-dev23:21
*** kbringard has quit IRC23:21
openstackgerritVerification of a change to openstack/nova failed: Don't block forever for rpc.(multi)call response.  https://review.openstack.org/362823:24
*** Gordonz has quit IRC23:25
Vekjeblair: Looking at those headers, it appears the problem may be at RS's MX's.  I just sent myself a test email from outside RS, and it hasn't arrived yet.  I'll check with our mail admins.23:28
jeblairVek: sounds reasonable.  looks like it made it's way out of gerrit pretty quickly.23:29
*** Ryan_Lane has quit IRC23:37
*** Ryan_Lane has joined #openstack-dev23:37
openstackgerritBrad Hall proposed a change to openstack/nova: Add support for pluggable l3 backends  https://review.openstack.org/327323:43
*** mattray has quit IRC23:50
openstackjenkinsProject nova-docs build #2096: SUCCESS in 5 min 23 sec: https://jenkins.openstack.org/job/nova-docs/2096/23:50
openstackjenkinsRick Harris: Improve dom0 and template VM avoidance.23:50
*** bepernoot has joined #openstack-dev23:55
bcwaldonzul: no worries. I'd like to get your input on https://review.openstack.org/#change,353323:55
bcwaldonzul: since you are ec2-api-team lead23:55
*** AlanClark has quit IRC23:56
*** dolphm has quit IRC23:58
openstackgerritVerification of a change to openstack/nova failed: Use Keystone Extension Syntax for EC2 Creds  https://review.openstack.org/336523:58
*** dolphm has joined #openstack-dev23:59
« Tuesday, 2012-01-31 Index Thursday, 2012-02-02 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!