Tuesday, 2012-02-28

dtroyer	jaypipes, heckj: the logic problem seems to be an assumption that the admin_token can be obtained via the API. This particular usage doesn't allow that as there is no username/password available for _get_admin_auth_token() to do its thing.	00:00
*** Mandell has quit IRC		00:01
dtroyer	looks like this commit that introduced the behavior: https://github.com/openstack/keystone/commit/08a3060bade8f14c2f81d4d502d27f097b016b93	00:01
dtroyer	I'm not sure the right way to allow both to work...	00:02
*** deshantm_ has joined #openstack-dev		00:04
termie	jeblair: i think one of my patches added -L to the screen, which is supposed to log it i think	00:04
jeblair	termie: sweet, where do those logs go?	00:04
*** anotherjesse has quit IRC		00:05
*** deshantm has quit IRC		00:05
*** deshantm_ is now known as deshantm		00:05
jeblair	dolphm: i think the failure of build 1876 is due to my devstack launch script not cleaning up the repo correctly (i'll improve that), but 1877 is probably a real merge conflict.	00:06
*** bencherian has quit IRC		00:08
heckj	dtroyer: the logic that leads there already looks to see if the middleware was configured with an admin token, and uses that if it is.	00:08
*** mfer has joined #openstack-dev		00:08
*** andrewsben has joined #openstack-dev		00:08
*** dtroyer has quit IRC		00:09
*** torgomatic has quit IRC		00:10
heckj	dtroyer: so short path to workaround the issue for Nati and Jay might be to configure the middleware with ADMIN_TOKEN=…, but longer term looks like we need to support getting an admin token through the API - or more appropriately a token with sufficient privs so that glance can be configured with a username/password instead of an admin token.	00:10
*** Mandell has joined #openstack-dev		00:11
jeblair	termie: I don't see a -L option in stack.sh	00:12
*** dolphm has quit IRC		00:12
*** torgomatic has joined #openstack-dev		00:12
*** kbringard has quit IRC		00:15
*** jakedahn has joined #openstack-dev		00:16
*** gabrielhurley has quit IRC		00:16
*** Yak-n-Yeti has joined #openstack-dev		00:17
*** heckj has quit IRC		00:17
termie	jeblair: possibly somebody took it out, used to be in here: https://github.com/cloudbuilders/devstack/blob/master/stack.sh#L1305	00:19
*** andrewsmedina_ has joined #openstack-dev		00:20
termie	i never made use of it, but screen docs say it turns on automatic logging	00:20
termie	jeblair: never figured out where it logged to, however	00:21
comstud	vishy: thnx	00:21
*** andrewsmedina has quit IRC		00:23
*** andrewsmedina_ is now known as andrewsmedina		00:23
*** heckj has joined #openstack-dev		00:25
*** andrewsben has quit IRC		00:25
*** andrewsben has joined #openstack-dev		00:26
*** anotherjesse has joined #openstack-dev		00:30
*** anotherjesse has quit IRC		00:31
termie	hmm, i wonder why role tests started failing	00:32
*** aweiss has joined #openstack-dev		00:33
heckj	termie: on master? mine are working OK (only expected skips, etc)	00:35
*** aweiss has left #openstack-dev		00:36
*** Ryan_Lane has quit IRC		00:37
openstackgerrit	Verification of a change to openstack-dev/devstack failed: Add a helper method to volumes test to get fields https://review.openstack.org/4600	00:37
*** andrewsben has quit IRC		00:46
*** Mandell has quit IRC		00:46
termie	heckj: no in the ldap branch	00:48
termie	heckj: the delete role test wasn't failing on work computer, but did on jenkins and this computer	00:49
termie	oh, totally my fault, 2.7 vs 2.6 thing	00:50
*** mfer has quit IRC		00:51
*** hub_cap has joined #openstack-dev		00:52
*** bencherian has joined #openstack-dev		00:52
*** mfer has joined #openstack-dev		00:53
jaypipes	heckj, dtroyer: but I thought the whole point of a service token was to allow a service to have a non-username/password way of communicating with another service?	00:55
jaypipes	heckj: how does it make sense to have a service token value AND a username/password for the admin?	00:55
*** Mandell has joined #openstack-dev		00:55
*** dolphm has joined #openstack-dev		00:56
heckj	jaypipes: Not entirely sure myself - I think the intention was an "either/or" scenario, which with poor test coverage on that middle we broke.	00:56
heckj	jaypipes: I'm cleaning a VM and re-devstacking it right now to jump in there. dtroyer is offline, although grue seems to have picked up the bug on LP	00:57
heckj	jaypipes: there's a if/then logic in the middleware that I'm surprised it getting invoked since you have admin_token defined in glance, so I want to track down why it's happening.	00:58
heckj	s/it/is/	00:58
jaypipes	heckj: k, thx. I'll keep at it as well...	00:58
*** gabrielhurley has joined #openstack-dev		01:00
termie	jaypipes: the "service token" is roughly the same as it was before, it is just a free pass to being an admin, for whatever reason somebody wanted to make an admin user and use their username and password also	01:02
termie	jaypipes: the admin token isn't as well tested for things that are contextual based on the token because it isn't expected to be used for things like "what tenants are available for me	01:02
*** davidkranz has quit IRC		01:02
jaypipes	termie: all I know is that the service token stopped workin' :)	01:05
*** Ryan_Lane has joined #openstack-dev		01:05
*** jdg has quit IRC		01:08
termie	jaypipes: one would assume that the devstack tests would be catching that	01:08
heckj	termie: yeah - apparently not :-/ Surprised the hell outa me. Can't wait until we get tempest fully online and in the mix as well.	01:10
jaypipes	termie: yeah, I know :) that's what nati found earlier... that you could call the same commands in devstack that use glance (the calls that add a ramdisk/kernel/disk image at the end), then as soon as you call glance without the -A option, from then on, all commands trigger a stacktrace from keystone. very bizarre...	01:10
jaypipes	termie: in fact, what's really odd is that I used the token generated from my latest stack.sh run and that didn't work... right after the script completed successfully. :(	01:12
termie	jaypipes: i do somewhat suspect that this might fix it, not sure how to generate a test-case though	01:12
termie	jaypipes: the tokens are not persisted in the default setup, there is a backend now but it hasn;t been made the default	01:12
termie	https://review.openstack.org/#change,4438 (is what may fix it)	01:13
*** dolphm has quit IRC		01:13
termie	do you think you can generate a test-case or walk somebody like dtroyer though it enough that he can help write one?	01:13
termie	it would be an exercise in devstack, i believe	01:13
jaypipes	termie: I'll see what I can do, yes :)	01:14
termie	and just re-approved that patch, so you may be able to check shortly	01:15
adam_g	termie: https://review.openstack.org/#change,4464 replied there, gutting the OS-KSADM stuff now.	01:17
*** Ryan_Lane has quit IRC		01:18
*** pixelbeat has quit IRC		01:22
openstackgerrit	Verification of a change to openstack/keystone failed: Set tenantName to 'admin' in get_admin_auth_token. https://review.openstack.org/4438	01:22
*** andrewbogott has quit IRC		01:22
*** andrewbogott has joined #openstack-dev		01:22
*** bengrue has quit IRC		01:25
heckj	termie: failed unit tests, but oddly - looks like something leftover in the venv: https://jenkins.openstack.org/job/gate-keystone-unittests/543/console	01:25
openstackgerrit	Verification of a change to openstack/keystone failed: Set tenantName to 'admin' in get_admin_auth_token. https://review.openstack.org/4438	01:27
heckj	or not… dunno. trying to replicate now.	01:30
*** vladimir3p has quit IRC		01:32
termie	heckj: yeah, duno either, rebased on master just to be safe, and tests pass locally for me	01:33
termie	adam_g: awesome thanks	01:33
termie	this might be a job for jeblair or mtaylor to look at :/	01:36
openstackgerrit	Verification of a change to openstack/keystone failed: Set tenantName to 'admin' in get_admin_auth_token. https://review.openstack.org/4438	01:36
termie	jeblair, mtaylor: looks like https://jenkins.openstack.org/job/gate-keystone-unittests/545/ is missing a library in the venv or something	01:37
*** mfer has quit IRC		01:37
*** emmasteimann has joined #openstack-dev		01:38
termie	jeblair, mtaylor: doesn't appear to be getting it from pip-requires(-test)	01:38
*** mikeyp has left #openstack-dev		01:39
termie	in other news, i think my housemate is asleep on my couch so i can't play video games in there :(	01:40
termie	attempts at slacking off: shattered	01:40
*** dillon-w has joined #openstack-dev		01:42
*** reed has quit IRC		01:53
*** rods has quit IRC		01:55
*** stuntmachine has joined #openstack-dev		01:56
*** Yak-n-Yeti has quit IRC		01:59
*** dtroyer has joined #openstack-dev		02:01
*** PotHix has quit IRC		02:01
*** Yak-n-Yeti has joined #openstack-dev		02:06
*** shevek__ has quit IRC		02:08
*** maplebed has quit IRC		02:10
mtaylor	termie: looking	02:11
heckj	mtaylor: thank you	02:12
mtaylor	did ldap get recently added to pip-requires?	02:12
heckj	mtaylor: yeah, today	02:13
mtaylor	hrm. ok. lemme look at the venv job then	02:13
heckj	termie: do both need to be nailed to that specific version? (2.3.13)?	02:13
mtaylor	well, that would be that ...	02:13
heckj	mtaylor: did we miss something>?	02:14
mtaylor	its url trigger is not configured properly	02:14
mtaylor	nope. it's on my	02:14
mtaylor	me	02:14
*** cp16net has joined #openstack-dev		02:14
heckj	termie: nm, just saw your inline comment	02:15
mtaylor	heckj: okie. https://jenkins.openstack.org/view/Keystone/job/keystone-venv/32/	02:15
*** danwent has quit IRC		02:15
mtaylor	heckj: when that's finished, your other patch should go in properly	02:15
mtaylor	heckj: and I fixed the bit where it wasn't building	02:16
heckj	cool - I'll keep an eye and retrigger when complete	02:16
*** vladimir3p has joined #openstack-dev		02:16
*** vizsla has joined #openstack-dev		02:18
*** mfer has joined #openstack-dev		02:18
*** mszilagyi has quit IRC		02:22
*** bencherian has quit IRC		02:24
*** jakedahn has quit IRC		02:27
*** dolphm has joined #openstack-dev		02:28
adam_g	termie: done and done. https://review.openstack.org/#change,4464	02:29
*** jdurgin has quit IRC		02:29
*** nati has quit IRC		02:42
*** hub_cap has quit IRC		02:43
*** hub-cap has joined #openstack-dev		02:43
*** mattray has joined #openstack-dev		02:44
termie	adam_g: thanks, looking again now	02:44
heckj	jaypipes, nati: https://review.openstack.org/#change,4438 merged in now - will hopefully resolve that issue	02:45
*** hub-cap has quit IRC		02:45
*** hub_cap has joined #openstack-dev		02:46
*** mnewby has quit IRC		02:47
*** dolphm has quit IRC		02:47
*** vincentricci has quit IRC		02:50
*** danwent has joined #openstack-dev		02:54
*** ncode has joined #openstack-dev		02:59
*** ncode has joined #openstack-dev		02:59
*** novas0x2a\|laptop has quit IRC		03:05
*** gabrielhurley has quit IRC		03:07
*** danwent has quit IRC		03:14
*** jog0 has quit IRC		03:17
*** adjohn has quit IRC		03:18
*** stuntmachine has quit IRC		03:19
*** bencherian has joined #openstack-dev		03:22
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	03:23
*** blamar_ has joined #openstack-dev		03:25
*** mszilagyi_ has joined #openstack-dev		03:25
*** lzyeval has joined #openstack-dev		03:30
jeblair	i'm shutting down jenkins to upgrade it, several plugins, and to install a new version of the gerrit-trigger plugin	03:31
*** openstackjenkins has quit IRC		03:33
*** emmasteimann has quit IRC		03:33
*** openstackjenkins has joined #openstack-dev		03:34
*** dtroyer has quit IRC		03:34
*** andrewsmedina_ has joined #openstack-dev		03:37
*** andrewsmedina has quit IRC		03:37
*** andrewsmedina_ is now known as andrewsmedina		03:37
*** nati has joined #openstack-dev		03:37
*** openstackjenkins has quit IRC		03:40
*** andrewsmedina has quit IRC		03:41
*** openstackjenkins has joined #openstack-dev		03:41
*** vladimir3p has quit IRC		03:42
*** dtroyer has joined #openstack-dev		03:42
*** mfer has quit IRC		03:44
*** asdfasdf has joined #openstack-dev		03:46
*** lzyeval has quit IRC		03:48
*** nati has quit IRC		03:48
*** blamar_ has quit IRC		03:48
*** heckj has quit IRC		03:53
*** openstackjenkins has quit IRC		03:56
*** openstackjenkins has joined #openstack-dev		03:57
*** openstackjenkins has quit IRC		03:58
*** openstackjenkins has joined #openstack-dev		04:00
*** reed has joined #openstack-dev		04:01
*** jakedahn has joined #openstack-dev		04:03
*** hub_cap has quit IRC		04:03
*** openstackjenkins has joined #openstack-dev		04:05
*** mjfork has quit IRC		04:05
*** deshantm has quit IRC		04:05
termie	jeblair: do you think the jenkins restart thingee will fix our issues with https://review.openstack.org/#change,4608 ?	04:06
jeblair	termie: i don't think so; i haven't looked at that, but we're not upgrading to fix any issues	04:07
*** openstackjenkins has quit IRC		04:12
*** sandywalsh has quit IRC		04:13
*** dolphm has joined #openstack-dev		04:13
*** nati has joined #openstack-dev		04:13
*** openstackjenkins has joined #openstack-dev		04:13
*** mdomsch has quit IRC		04:14
*** openstackjenkins has quit IRC		04:14
*** asdfasdf has quit IRC		04:15
*** openstackjenkins has joined #openstack-dev		04:16
*** mdomsch has joined #openstack-dev		04:17
*** danwent has joined #openstack-dev		04:19
termie	ah	04:22
jeblair	okay, i'm done with jenkins tonight. everything is upgraded except the gerrit-trigger plugin; i got an error that didn't show up in my testing	04:24
*** andrewsmedina has joined #openstack-dev		04:25
dolphm	jeblair: thanks, from way earlier	04:25
*** sandywalsh has joined #openstack-dev		04:26
jeblair	dolphm: you're welcome; i changed the devstack git merge code so hopefully we won't see that particular false negative again	04:27
dolphm	jeblair: awesome	04:27
*** gyee has quit IRC		04:33
*** asdfasdf has joined #openstack-dev		04:33
*** nati has quit IRC		04:35
termie	jeblair: "except the gerrit trigger" so i can't make builds happen by approving things?	04:39
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	04:40
jeblair	termie: no, i mean i rolled it back to the previous version, everything should be as it was before	04:44
*** nati has joined #openstack-dev		04:54
*** asdfasdf has quit IRC		04:56
*** ncode has quit IRC		04:57
*** mattray has quit IRC		04:58
*** dayou has joined #openstack-dev		05:01
*** Yak-n-Yeti has quit IRC		05:02
termie	jeblair: did the change to test-requires get reflected somehow in jenkins?	05:03
termie	https://jenkins.openstack.org/job/gate-keystone-unittests/551/console	05:03
termie	this would appear to me to be dying instantly of an import error	05:04
termie	i would expect the tox changes to cover it	05:09
*** vincentricci has joined #openstack-dev		05:10
*** andrewsmedina has quit IRC		05:11
*** vincentricci has quit IRC		05:15
openstackgerrit	Verification of a change to openstack/python-keystoneclient failed: Fix ec2-credentials-list to print 'access'. https://review.openstack.org/4567	05:27
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	05:31
*** nati has quit IRC		05:32
*** nati has joined #openstack-dev		05:33
*** anotherjesse has joined #openstack-dev		05:49
*** Ryan_Lane has joined #openstack-dev		05:54
*** nati has quit IRC		05:59
*** nati has joined #openstack-dev		06:00
*** danwent has quit IRC		06:03
openstackgerrit	Verification of a change to openstack/python-quantumclient failed: Adds client side functions for quantum 'detail' actions. https://review.openstack.org/4580	06:04
*** ches has quit IRC		06:12
*** ches has joined #openstack-dev		06:12
*** nati has quit IRC		06:15
*** dtroyer has quit IRC		06:17
*** dayou has quit IRC		06:31
*** dayou has joined #openstack-dev		06:31
*** zigo has joined #openstack-dev		06:33
*** bepernoot has joined #openstack-dev		06:38
*** cp16net has quit IRC		06:42
*** lory_yang has joined #openstack-dev		06:56
*** bepernoot has quit IRC		06:57
*** lory_yang has quit IRC		06:57
*** anotherjesse has quit IRC		07:01
*** anotherjesse has joined #openstack-dev		07:01
*** dayou has quit IRC		07:03
*** dayou has joined #openstack-dev		07:05
*** anotherjesse1 has joined #openstack-dev		07:15
openstackgerrit	Verification of a change to openstack/nova failed: Add utils.tempdir() context manager for easy temp dirs https://review.openstack.org/4615	07:16
*** anotherjesse has quit IRC		07:18
*** sleepsonthefloo has joined #openstack-dev		07:20
*** jakedahn has quit IRC		07:21
*** littleidea has quit IRC		07:34
mtaylor	termie: looking	07:41
*** Mkenneth has joined #openstack-dev		07:41
*** jeroenhn has joined #openstack-dev		07:42
*** Mkenneth has quit IRC		07:44
*** Mkenneth1 has joined #openstack-dev		07:44
*** Mkenneth1 has quit IRC		07:47
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	07:50
*** adjohn has joined #openstack-dev		07:53
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	07:58
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	07:59
*** jeroenhn has quit IRC		08:00
*** eglynn has quit IRC		08:06
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	08:11
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	08:12
*** dolphm has quit IRC		08:13
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	08:14
*** bepernoot has joined #openstack-dev		08:16
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires * (per request from jeblair) * version of python-ldap match between test and requires * pinned to 2.3.13 to let tests work in macosx * separating dependencies between deps and test https://review.openstack.org/4608	08:20
*** dillon-w has quit IRC		08:23
*** anotherjesse1 has quit IRC		08:26
openstackgerrit	Verification of a change to openstack/nova failed: Fixes cloudpipe extension to work with keystone https://review.openstack.org/4526	08:26
comstud	doh	08:26
*** jaypipes has quit IRC		08:27
*** Ryan_Lane has quit IRC		08:28
comstud	+ '[' -f tools/test-requires ']'	08:28
comstud	+ TEST_REQUIRES='-r tools/test-requires'	08:28
comstud	/tmp/hudson6712158871250064430.sh: line 8: syntax error near unexpected token `-f'	08:28
comstud	huh	08:28
*** bepernoot has quit IRC		08:28
comstud	https://jenkins.openstack.org/job/gate-nova-unittests/1216/console	08:28
*** ss7pro has joined #openstack-dev		08:31
ss7pro	Hi, can anyone could tell me how can I download latestes e4 keystone code ?	08:31
openstackgerrit	Verification of a change to openstack/keystone failed: renaming pip-requires-test to test-requires https://review.openstack.org/4608	08:33
comstud	git clone git@github.com:openstack/keystone.git	08:34
comstud	e4 isn't quite out	08:34
ss7pro	yes	08:35
ss7pro	But I'am trying to find manage2 source code	08:35
ss7pro	in keystone	08:35
ss7pro	I can't find tree where it's present	08:35
ss7pro	https://github.com/openstack/keystone/commit/8b3df32298953e4906d1471430cb794ffb575ce9	08:36
ss7pro	I'am looking for a tree where I can download those files	08:36
*** dillon-w has joined #openstack-dev		08:36
*** tomoe_ has quit IRC		08:37
comstud	that commit is in master	08:37
ss7pro	But those files are not present in master ;(	08:38
comstud	yeah	08:38
comstud	things have changed a lot since 2 months ago :)	08:38
*** bepernoot has joined #openstack-dev		08:38
openstackgerrit	Verification of a change to openstack/nova failed: Fixes cloudpipe extension to work with keystone https://review.openstack.org/4526	08:38
ss7pro	But ubuntu is shipping those files in latest packages for precise	08:39
comstud	ah	08:39
ss7pro	And I can't find any logs where those files where droped	08:39
ss7pro	in master	08:39
comstud	this might have split into python-keystoneclient	08:40
comstud	i don't know enough to say	08:40
comstud	trying to look	08:40
*** jaypipes has joined #openstack-dev		08:41
comstud	ah	08:42
comstud	things were refactored into keystone/cli.py	08:42
ss7pro	thanks :-)	08:43
ss7pro	so ubuntu is shipping old code J	08:43
comstud	but i'm not sure everything is there you're looking for	08:43
ss7pro	in their precise release J	08:43
ss7pro	that's all :-)	08:43
comstud	well, keystone was essentially completely rewritten	08:43
comstud	and replaced recently	08:43
ss7pro	I'am building own openstack packages	08:43
ss7pro	based on ubuntu sources	08:43
ss7pro	and I was wondering why there's a difference	08:43
ss7pro	in code :-)	08:43
ss7pro	now everything is clear for me :-)	08:44
comstud	yeah... a re-write was merged very recently	08:44
ttx	ss7pro: they are working on updating that	08:44
comstud	to hit essex-4	08:44
ttx	(ubuntu)	08:44
ss7pro	sure but that's strange that they are shipping in precise code which is older than in oneiric	08:45
ttx	ss7pro: they are not	08:45
comstud	ttx: know anything about the nova-unittests gate being broken?	08:45
ss7pro	ttx: keystone in precise is older then that one in oneiric	08:45
ss7pro	:-)	08:45
ss7pro	ofcourse in ppa	08:45
ttx	ss7pro: I doubt that	08:45
ttx	keystone \| 1.0~d4~20110909.1108-0ubuntu3.1 \| oneiric-updates/universe \| source, all	08:45
ttx	keystone \| 2012.1~e4~20120203.1574-0ubuntu3 \| precise/universe \| source, all	08:46
comstud	mtaylor: gate-nova-unittests issues? https://jenkins.openstack.org/job/gate-nova-unittests/1217/console	08:46
*** shevek__ has joined #openstack-dev		08:46
comstud	jeblair: ^^	08:47
ss7pro	keystone (2012.1~e4~20120224.2023-0ubuntu0ppa1~oneiric1) oneiric; urgency=low	08:47
*** hashar has joined #openstack-dev		08:47
*** bepernoot has quit IRC		08:47
ttx	ss7pro: this one is not official "ubuntu"...	08:47
*** bepernoot has joined #openstack-dev		08:48
ttx	ss7pro: and that same PPA ships a precise package	08:48
ttx	so it's not "precise ships older than oneiric", it's "ppa ships newer than official"	08:49
ttx	which is quite understandable.	08:49
ss7pro	ttx you're right	08:50
ss7pro	:-)	08:50
ttx	ss7pro: that said... they should definitely update their "official" precise package :)	08:50
ttx	ss7pro: if they haven't, it's probably because that pckage in PPA is not nearly as usable as it seems to be	08:51
mtaylor	comstud: looking	09:03
comstud	mtaylor: thnx	09:03
openstackgerrit	Verification of a change to openstack/nova failed: Fixes cloudpipe extension to work with keystone https://review.openstack.org/4526	09:06
*** ghe_rivero has quit IRC		09:07
comstud	that's not actually the review i care about	09:07
comstud	i happened to paste the link from the wrong review, but.. same error	09:07
mtaylor	comstud: yup. should be fixed now - retriggered. sorry bout that - collateral damage from a keystone thing	09:07
*** ghe_ has joined #openstack-dev		09:07
comstud	ok	09:08
mtaylor	comstud: ok. I'll re-kick the other one too	09:08
*** dillon-w has quit IRC		09:08
comstud	thanks	09:08
mtaylor	comstud: can you paste me the one you do care about?	09:08
comstud	https://jenkins.openstack.org/job/gate-nova-unittests/1216/	09:08
comstud	whoops	09:08
comstud	lol	09:09
comstud	https://jenkins.openstack.org/job/gate-nova-unittests/1217/	09:09
comstud	sorry, too many emails and i'm not paying attention	09:09
comstud	argh	09:09
comstud	that's still not it	09:09
comstud	oh wait	09:09
comstud	all of those were it	09:09
comstud	i guess vish has a pep8 error too	09:09
comstud	ah, same error on the pep8 gate	09:10
* comstud thinks he should go to bed		09:10
mtaylor	yup. both re-kicked	09:10
comstud	anyways, thanks :)	09:10
vishy	i don't seem to get pep8 running locally	09:11
*** darraghb has joined #openstack-dev		09:11
comstud	vishy: yeah, it's the gate	09:11
vishy	builder just having trouble?	09:11
vishy	ah ok	09:11
comstud	i didn't know that gate was broken also	09:11
comstud	should go thru soon	09:11
comstud	then I can rebase my fix	09:11
comstud	you won the race ;(	09:12
comstud	vishy: hopefully you're cool with this too: https://review.openstack.org/#change,4624	09:12
vishy	comstud: does that actually work?	09:13
comstud	the renames?	09:13
vishy	comstud: no need to do fancy stuff for sqlite?	09:13
comstud	the migration test passes	09:14
vishy	cool	09:14
comstud	and i tested with mysql also	09:14
comstud	(up and down)	09:14
*** ss7pro has quit IRC		09:15
comstud	thnx	09:15
*** paulormg has joined #openstack-dev		09:20
*** anotherjesse has joined #openstack-dev		09:24
*** anotherjesse has quit IRC		09:25
*** eglynn has joined #openstack-dev		09:30
*** derekh has joined #openstack-dev		09:34
* mtaylor is happy to see that he is not the only crazy person still awake		09:35
mtaylor	comstud, vishy: gate should be fixed	09:35
vishy	gratzi	09:35
comstud	mtaylor: yep.. it is.. thnx!	09:37
comstud	i'm out.. later dudes	09:37
*** adjohn has quit IRC		09:37
*** rbasak has joined #openstack-dev		09:38
*** vizsla has quit IRC		09:43
*** zigo has quit IRC		09:47
*** hashar_ has joined #openstack-dev		09:57
*** hashar_ has joined #openstack-dev		09:57
*** hashar has quit IRC		09:59
*** hashar_ is now known as hashar		09:59
*** Mandell has quit IRC		09:59
*** bencherian has quit IRC		10:04
*** Mandell has joined #openstack-dev		10:08
*** adrian17od has joined #openstack-dev		10:28
*** hashar has left #openstack-dev		10:29
*** kbringard has joined #openstack-dev		10:42
*** armaan has joined #openstack-dev		10:42
*** sleepsonthefloo has quit IRC		10:46
*** oneiroi has joined #openstack-dev		10:49
*** Mandell has quit IRC		11:02
*** kbringard has quit IRC		11:10
*** kbringard has joined #openstack-dev		11:10
*** rods has joined #openstack-dev		11:20
*** rods_ has joined #openstack-dev		11:22
*** rods has quit IRC		11:25
*** CatKiller has joined #openstack-dev		11:28
*** pixelbeat has joined #openstack-dev		11:40
*** maploin has joined #openstack-dev		11:41
*** maploin has quit IRC		11:41
*** maploin has joined #openstack-dev		11:41
*** bsza has joined #openstack-dev		11:47
*** mjfork has joined #openstack-dev		11:47
*** pixelbeat has quit IRC		11:49
*** pixelbeat has joined #openstack-dev		11:50
*** apevec has joined #openstack-dev		11:51
*** rkukura has left #openstack-dev		11:52
*** bepernoot has quit IRC		12:01
*** bepernoot has joined #openstack-dev		12:03
*** bepernoot has quit IRC		12:04
*** zigo has joined #openstack-dev		12:09
*** rods_ has quit IRC		12:10
*** adrian17od has quit IRC		12:15
*** armaan has left #openstack-dev		12:20
*** paulormg has quit IRC		12:22
*** zigo has quit IRC		12:25
*** markvoelker has joined #openstack-dev		12:39
*** sandywalsh has quit IRC		12:55
*** bepernoot has joined #openstack-dev		12:58
*** dprince has joined #openstack-dev		13:01
*** zigo has joined #openstack-dev		13:03
*** bepernoot has joined #openstack-dev		13:05
*** bepernoot has quit IRC		13:06
*** vizsla has joined #openstack-dev		13:11
*** bepernoot has joined #openstack-dev		13:11
*** andrewsmedina has joined #openstack-dev		13:13
*** stuntmachine has joined #openstack-dev		13:16
*** stuntmachine has quit IRC		13:21
*** ayoung has quit IRC		13:23
*** ches has quit IRC		13:26
*** ches has joined #openstack-dev		13:27
*** mdomsch has quit IRC		13:34
*** stuntmachine has joined #openstack-dev		13:44
*** mattray has joined #openstack-dev		13:51
*** zigo has quit IRC		13:53
*** davidkranz has joined #openstack-dev		13:54
*** littleidea has joined #openstack-dev		13:57
*** bepernoot has joined #openstack-dev		13:59
*** lts has joined #openstack-dev		14:06
*** ayoung has joined #openstack-dev		14:24
*** dtroyer has joined #openstack-dev		14:27
*** mikemowgli has joined #openstack-dev		14:28
*** paulormg has joined #openstack-dev		14:32
*** dneary has joined #openstack-dev		14:35
*** hashar has joined #openstack-dev		14:39
*** rkukura has joined #openstack-dev		14:40
jaypipes	eglynn: https://review.openstack.org/#change,4350	14:44
jaypipes	eglynn: if you could give that a quick once-over?	14:44
eglynn	jaypipes: yep, will do now	14:44
jaypipes	bcwaldon: ^^ u too :)	14:44
jaypipes	eglynn: ah, cheers mate	14:44
*** mdomsch has joined #openstack-dev		14:57
*** dayou has quit IRC		15:02
openstackgerrit	Verification of a change to openstack/glance failed: Allow region selection when using V2 keystone https://review.openstack.org/4350	15:03
*** bepernoot has quit IRC		15:03
openstackgerrit	A change was merged to openstack/nova: Handle case where instance['info_cache'] is None https://review.openstack.org/4623	15:04
*** popux has joined #openstack-dev		15:09
*** zzed has joined #openstack-dev		15:13
*** danwent has joined #openstack-dev		15:18
*** emmasteimann has joined #openstack-dev		15:18
*** bepernoot has joined #openstack-dev		15:20
*** andrewbogott has quit IRC		15:21
*** andrewbogott has joined #openstack-dev		15:21
*** emmasteimann has quit IRC		15:22
*** popux has quit IRC		15:23
*** mdomsch has quit IRC		15:23
*** andrewsmedina has quit IRC		15:23
*** dprince has quit IRC		15:23
*** tryggvil has quit IRC		15:23
*** TREllis has quit IRC		15:23
*** tserong has quit IRC		15:23
*** Vek has quit IRC		15:23
*** ttx has quit IRC		15:23
*** ogelbukh has quit IRC		15:23
*** aa has quit IRC		15:23
*** ttx has joined #openstack-dev		15:23
*** ttx has quit IRC		15:23
*** ttx has joined #openstack-dev		15:23
*** dprince has joined #openstack-dev		15:23
*** popux has joined #openstack-dev		15:23
*** TREllis has joined #openstack-dev		15:23
*** tserong has joined #openstack-dev		15:23
*** Vek has joined #openstack-dev		15:23
*** ogelbukh has joined #openstack-dev		15:24
*** mdomsch has joined #openstack-dev		15:24
*** Yak-n-Yeti has joined #openstack-dev		15:25
*** davidkranz has quit IRC		15:26
*** bepernoot has quit IRC		15:26
*** Yak-n-Yeti has quit IRC		15:27
*** nati has joined #openstack-dev		15:29
*** dtroyer has quit IRC		15:29
*** dolphm has joined #openstack-dev		15:29
*** danwent has quit IRC		15:30
jaypipes	nati: so, I figured out the glance index problem...	15:34
nati	jaypipes: Cool. What's the matter?	15:34
jaypipes	nati: it's a perfect storm of issues: devstack's keystone_data.sh removed the call to add a servicetoken in a recent commit and the keystone-manage CLI command to add a token (token add) was removed from that tool, and there is no way to add a service token now other than manually inserting a record into MySQL :(	15:35
jaypipes	This is absolutely NOT a good thing the day before E4 is supposed to be rolled out. :(	15:35
nati	Let's me confirmed, is this devstack issue or keystone cli change issue?	15:36
nati	It sounds there is no add service token cli in current keystone	15:37
jaypipes	it is both.	15:37
jaypipes	nati: https://github.com/openstack-dev/devstack/commit/d1f5243d91de2756fecd52c3b3a15a4f0a488fdf	15:38
jaypipes	nati: notice that removed the call to keystone-manage token add (near end of commit)	15:38
jaypipes	nati: well, unfortunately, around the time of this commit, the ability to add a long-lived token was just entirely removed from the keystone-manage utility and not replaced with any other functionality in keystoneclient! :(	15:39
nati	Ahhh, so glance it self use long-lived token	15:40
nati	Some changes also needed for essex glance?	15:40
jaypipes	nati: nope, Glance isn't the problem (and neither is the auth_token middleware)	15:41
nati	I have one more puzzle. glance client can take username and password option	15:41
nati	It sounds, keystone changes the design	15:41
jaypipes	nati: the problem is that one cannot add a long-lived token anymore :( and glance uses that (-A <TOKEN> is the service token.	15:41
nati	Yes. so keystone changes the design to remove long-lived token function	15:42
jaypipes	yes, glance can still take user/password. In that case, the auth_token middlware uses that user/pass to request a SHORT-lived token from keystone to use	15:42
jaypipes	dolphm: is that true? no more long-lived service tokens?!	15:42
nati	jaypipes: Do glance-api use long-time token?	15:43
jaypipes	nati: absolutely.	15:44
jaypipes	nati: to talk with glance-registry	15:44
jaypipes	nati: sorry, no, that's not the case... I meant Nova talking with Glance API	15:44
nati	SO that's why the nova image-list stops after I issue glance command.	15:45
nati	May be token is updated	15:45
nati	If keystone remove longtime token function, many changes needed for each project	15:46
*** berendt has quit IRC		15:47
jaypipes	nati: yes, exactly, which is why I've labeled both related bugs Critical...	15:48
jaypipes	nati: it's essentially stopped my Essex upgrade testing in its tracks :(	15:48
nati	Dejavu...	15:52
* ttx tries to stay calm		15:52
*** Gordonz has joined #openstack-dev		15:52
*** sandywalsh has joined #openstack-dev		15:52
*** bepernoot has joined #openstack-dev		15:54
*** aweiss has joined #openstack-dev		15:56
*** bepernoot has joined #openstack-dev		16:00
*** hhoover has joined #openstack-dev		16:08
*** hub_cap has joined #openstack-dev		16:08
*** vladimir3p has joined #openstack-dev		16:11
*** danwent has joined #openstack-dev		16:11
*** griff has joined #openstack-dev		16:13
*** griff is now known as jdg		16:13
*** Yak-n-Yeti has joined #openstack-dev		16:15
andrewbogott	Can EC2 metadata be used to communicate with an instance while its running? Or can it only be set on startup?	16:16
*** vladimir3p has quit IRC		16:17
*** aweiss has quit IRC		16:19
*** cp16net has joined #openstack-dev		16:19
*** aweiss has joined #openstack-dev		16:20
*** reed has quit IRC		16:21
*** popux has quit IRC		16:21
YorikSar	Why is IPv6 verified even if it is not supported py the system?	16:24
apevec	jaypipes,	16:24
apevec	jaypipes, sorry for asking, but could you check admin_token is set in glance config?	16:24
jaypipes	apevec: set to servicetoken.	16:25
apevec	dprince, are you watching bug 942247 - that's your code in backtrace :)	16:25
uvirtbot`	Launchpad bug 942247 in keystone "Admin token auth completely broken" [Critical,Confirmed] https://launchpad.net/bugs/942247	16:25
jaypipes	apevec: the problem is that keystone no longer has any way to add a long-lived token :(	16:25
apevec	yeah, that needs to be fixed	16:25
jaypipes	apevec: yeah, like right now :)	16:26
apevec	I just don't see why you get into this codepath shown in backtrace	16:26
apevec	that's what dprince added, when you don't want to set admin_token	16:26
jaypipes	apevec: no idea. should return a 404.	16:27
YorikSar	And one more question - is there any SQLAlchemy guru around?	16:27
jaypipes	apevec: for the Not Found token...	16:27
* dprince dprince feels blamed		16:27
dprince	apevec: looking now! :)	16:27
jaypipes	dprince: it's not your fault at all, dude	16:27
*** bencherian has joined #openstack-dev		16:28
andrewbogott	smoser (or, really, anyone): I'm confused by this doc page: http://docs.openstack.org/api/openstack-compute/2/content/MetadataSection.html <- that implies that metadata can be changed after an instance is running. But I have the impression from reading elsewhere that metadata is fixed as of instance startup. Am I confusing two kinds of metadata?	16:29
*** andrewsmedina has joined #openstack-dev		16:30
annegentle	andrewbogott: hm. Possibly that is a spec document, as in, it should work that way (you should be able to change instance metadata) but it's not implemented yet? bcwaldon may know.	16:30
*** bsza has quit IRC		16:31
*** PotHix has joined #openstack-dev		16:32
jaypipes	jeblair: many thanks for those two stable branches. w00t.	16:33
jeblair	jaypipes: no problem!	16:35
dprince	apevec/jaypipes: just read over the ticket. Doesn't look like the root cause was the admin_pass middleware change... but as was pointed out we should handle the error case a bit better. Not throwing a KeyError if the JSON doesn't exist or match what we think it should.	16:35
jaypipes	dprince: right.. not the root cause, but would be helpful..	16:35
dprince	dprince: I can at least do that... Let me see if ben is working on it.	16:35
jaypipes	jeblair: FYI, all devstack-vm jobs are going to fail until the above bug 942247 bug is fixed (and the related bug 942684) :( You will see crap like this: https://jenkins.openstack.org/job/gate-integration-tests-devstack-vm/1905/console	16:36
uvirtbot`	Launchpad bug 942247 in keystone "Admin token auth completely broken" [Critical,Confirmed] https://launchpad.net/bugs/942247	16:36
uvirtbot`	Launchpad bug 942684 in keystone "keystone_data.sh no longer adding service token - No CLI command to add a token" [Critical,Confirmed] https://launchpad.net/bugs/942684	16:36
*** nati has quit IRC		16:36
jaypipes	dprince: talkin' to yo'self agin'? ;P	16:36
dprince	jaypipes: apparently so!	16:37
* dprince dprince gets lonely		16:37
jaypipes	dprince: I'll update the description of 942247 to talk about the KeyError...	16:37
jaypipes	done..	16:38
dprince	grue: are you working on this? ^^^ I'm going to jump in and fix this KeyError....	16:38
*** aweiss has quit IRC		16:39
*** kbringard has quit IRC		16:39
*** heckj has joined #openstack-dev		16:40
*** tryggvil_ has joined #openstack-dev		16:42
*** kbringard has joined #openstack-dev		16:43
*** maplebed has joined #openstack-dev		16:43
*** maplebed_ has joined #openstack-dev		16:44
*** apevec has quit IRC		16:45
jaypipes	heckj: time to talk, my friend :)	16:46
heckj	jaypipes: word	16:46
*** maplebed is now known as Guest27612		16:47
*** maplebed_ has quit IRC		16:48
*** maplebed_ has joined #openstack-dev		16:48
*** Guest27612 has quit IRC		16:48
*** maplebed_ is now known as maplebed		16:48
*** kbringard has quit IRC		16:48
*** kbringard has joined #openstack-dev		16:51
*** andrewbogott is now known as andrewbogott_afk		16:52
*** jdg has quit IRC		16:53
*** oneiroi has quit IRC		16:53
*** jdg has joined #openstack-dev		16:54
ayoung	heckj, I want to default a boolean value out of the Keystone config file. Is there a clean way to do that?	16:56
ayoung	Most places do something like	16:57
ayoung	self.object_class = (getattr(conf.ldap, objclass)	16:57
ayoung	or self.DEFAULT_OBJECTCLASS)	16:57
ayoung	But I don't think that works with Boolean values, as they get defaulted to False	16:57
eglynn	bcwaldon: if you get a chance, could you cast your eye over the latest patch set on https://review.openstack.org/#change,4602 ?	16:58
* eglynn would like to get the fix merged before the E4 proposed-milestone branch is cut ...		16:59
dprince	jaypipes/apevec: https://review.openstack.org/#change,4634	16:59
dprince	apevec: Thanks for pointing that out to me.	17:00
*** maploin has quit IRC		17:00
*** pixelbeat has quit IRC		17:01
*** cdub has quit IRC		17:07
*** derekh has quit IRC		17:08
*** cdub has joined #openstack-dev		17:09
*** Mandell has joined #openstack-dev		17:09
*** andrewsben has joined #openstack-dev		17:10
*** reed has joined #openstack-dev		17:10
*** dalang has joined #openstack-dev		17:14
*** eglynn has quit IRC		17:14
heckj	dprince: question for you - if the admin_token is specified in the config, doesn't it route entirely around that code (i.e. https://github.com/openstack/keystone/blob/master/keystone/middleware/auth_token.py#L270)?	17:16
heckj	dprince: from what I've heard from jaypipes, it's routing into that code, even though it's defined. Haven't tracked that down myself, but found it confusing.	17:17
dprince	heckj: yes.	17:17
dprince	heckj: the root cause of the devstack failure is that it isn't setting admin_token to begin with.	17:18
dprince	heckj: since it wasn't getting set the get_admin_token method is getting called... causing the KeyError.	17:18
*** crobinso has joined #openstack-dev		17:18
heckj	dprince: in the config file, or on the command line? jay indicated that when he invoked glance with the "-a" option (which I'm assuming sets the admin_token) it's getting set. Digging in there make sense?	17:19
heckj	dprince: reviewed https://review.openstack.org/#change,4634 - want another set of eyes, but looks good	17:19
dprince	heckj: Not sure if it is the config file or command line.	17:21
dprince	heckj: Thanks.	17:21
heckj	dprince: wrong way - thank you!	17:22
*** dtroyer has joined #openstack-dev		17:24
*** hashar has quit IRC		17:29
*** bepernoot has joined #openstack-dev		17:30
*** bepernoot has quit IRC		17:36
*** dneary has quit IRC		17:48
*** jdurgin has joined #openstack-dev		17:53
*** zns has joined #openstack-dev		17:56
*** Ryan_Lane has joined #openstack-dev		17:58
andrewbogott_afk	bcwaldon, do you know the answer to my metadata question? (In the backscroll)	17:59
*** bepernoot has joined #openstack-dev		18:01
* YorikSar waiting for nova ipv6 or SQLAlchemy guru to appear		18:01
*** HugoKuo_ has joined #openstack-dev		18:01
*** andrewbogott_afk is now known as andrewbogott		18:02
*** shevek__ has quit IRC		18:04
*** hugokuo has quit IRC		18:05
heckj	ttx: ping - you around?	18:05
*** jdg has quit IRC		18:06
westmaas	andrewbogott: you can change metadata after the instance is started	18:06
westmaas	via os api, that is	18:06
andrewbogott	westmaas: And the instance has access to those changes?	18:06
westmaas	this metadata is different than the data available in the ec2 metadata service	18:07
andrewbogott	Ahah! That is my confusion.	18:07
westmaas	so yes, but you need an api key, etc to access it.	18:07
*** dalang has quit IRC		18:07
YorikSar	vishy, bcwaldon, clayg and anyone interested: Volume API and Volumes extension unification here: https://review.openstack.org/4633	18:07
*** gyee has joined #openstack-dev		18:07
*** jdg has joined #openstack-dev		18:08
andrewbogott	westmaas: Hang on, not sure I understand. 1) ec2 metadata is can only be set at startup, correct?	18:08
zns	ttx?	18:09
westmaas	andrewbogott: I believe so, but honestly I'm not sure.	18:09
andrewbogott	2) There's another kind of data ('nova metadata'?) That can be changed at runtime. But to access that data the instance needs to communicate with the nova server via the nova api <- ?	18:09
westmaas	yes on 2	18:10
westmaas	nova meta data is a bit more outward facing than ec2 metadata, I would say, at least in its current implementation.	18:10
andrewbogott	Having an instance talk to the nova api is unusual isn't it? Or are there services/established patters for setting that access up automatically?	18:11
*** RobertLaptop has joined #openstack-dev		18:12
*** RobertLaptop has left #openstack-dev		18:12
*** jakedahn has joined #openstack-dev		18:13
westmaas	andrewbogott: yeah, its not an ideal method for getting that data to the server, as it would mean giving full access to the account to anything on that server.	18:13
andrewbogott	ok.	18:13
andrewbogott	Mostly, knowing that the 'metadata' in that doc is different from ec2 metadata is what I needed. Thanks, westmaas.	18:13
westmaas	depends what you are trying to do exactly, but if you only want to use the OS API, you might try doing file injection to get the data that you need on the server.	18:14
andrewbogott	Isn't file injection also only at startup?	18:15
westmaas	yes, that is only at startup, heh	18:16
*** davidkranz has joined #openstack-dev		18:17
*** bengrue has joined #openstack-dev		18:18
*** bepernoot has quit IRC		18:18
*** zns1 has joined #openstack-dev		18:22
*** zns has quit IRC		18:23
*** dalang has joined #openstack-dev		18:25
*** joesavak has joined #openstack-dev		18:25
jaypipes	heckj: narrowing things down... almost there I think with the auth_token stuff	18:25
*** AlanClark has joined #openstack-dev		18:28
*** eglynn has joined #openstack-dev		18:29
*** mjfork has quit IRC		18:29
jaypipes	dprince, heckj: OK, yeah, so here's why the _get_admin_auth_token() was a bit confusing... what is happening is that the admin token is indeed set to the correct admin_token from the config file during __init__(). However, because no such token was ever added to Keystone (the call to add a service token was removed from keystone_data.sh), that means that the initial call to GET /v2.0/tokens/<SERVICE_TOKEN> (line 285 i	18:31
jaypipes	n auth_token middleware) returns a 404 Not Found, which then goes to line 293, where the middleware then sets self.admin_token = None and retries _validate_claims(), which then hits the get_admin_auth_token() routine and bombs out on the KeyError...	18:31
dprince	jaypipes: Sure. That should be better with my branch right? I mean you will now just get a 404 right?	18:32
jaypipes	dprince: well, I'm actually not sure what else to do at this point, since the root of the issue is that there are no longer any long-lived tokens	18:33
dprince	jaypipes: use admin_password and admin_username?	18:33
dprince	jaypipes: If we switch devstack over to take advantage of that feature it should run fine.	18:33
dprince	jaypipes: Want me to throw up a changeset to do that?	18:34
jaypipes	dprince: one sec	18:34
*** armaan has joined #openstack-dev		18:34
jaypipes	dprince: running one more experiment...	18:36
*** mnewby has joined #openstack-dev		18:36
*** mjfork has joined #openstack-dev		18:38
*** zul has quit IRC		18:38
*** zns1 is now known as zns		18:38
bengrue	.	18:39
*** novas0x2a\|laptop has joined #openstack-dev		18:39
*** bepernoot has joined #openstack-dev		18:41
*** darraghb has quit IRC		18:42
*** jakedahn has quit IRC		18:48
*** jakedahn has joined #openstack-dev		18:48
*** zul has joined #openstack-dev		18:50
*** bencherian has quit IRC		18:50
*** ncode has joined #openstack-dev		18:52
*** jakedahn has quit IRC		18:53
*** bepernoot has quit IRC		18:53
*** anotherjesse has joined #openstack-dev		18:54
*** anotherjesse has left #openstack-dev		18:54
*** jakedahn has joined #openstack-dev		18:54
*** anotherjesse has joined #openstack-dev		18:54
*** jakedahn has quit IRC		18:57
jaypipes	dprince: ugh, I'm at the end of my rope with this auth_token middleware... I added admin_user and admin_password to the glance-api-paste.ini filter:authtoken section. Then, when I did a glance index -A servicetoken, now instead of the KeyError I get an Unauthorized, yet if I issue a call to POST /v2.0/tokens with the admin user and pass, get a token, and do glance index -A THATTOKENID, it works fine. Very frustrating,	18:59
jaypipes	as there's no insight inside the middleware what's happening. Just have to add random raise Exception()s in there to try and glean what is going on.	18:59
jaypipes	history \| grep mysql	19:00
dprince	Hmm.. Can you paste your config file?	19:00
jaypipes	gah, wrong computer...	19:00
dprince	jaypipes: paste your config file?	19:00
jaypipes	dprince: config file or paste ini for glance?	19:00
dprince	dprince: paste ini	19:00
jaypipes	k, one sec.	19:00
jaypipes	dprince: http://paste.openstack.org/show/5343	19:01
*** hub-cap has joined #openstack-dev		19:01
dprince	jaypipes: Looks fine. When did it start failing for you? Today?	19:02
dprince	Or last night?	19:02
jaypipes	dprince: not quite sure... been a while since I had run tempest, and then I pulled new devstack couple days ago and nothing's worked since..	19:03
*** joesavak has quit IRC		19:04
jaypipes	especially weird is there's no tokens in the keystone database at all now... and I just used one successfully...	19:04
anotherjesse	jaypipes: in old keystone the "service token" was a hack	19:05
anotherjesse	it was a regular token that was treated special by users	19:05
*** joesavak has joined #openstack-dev		19:05
dprince	jaypipes: is your keystone installation using a 'sql' (database) backend. Or a key value store?	19:05
jaypipes	anotherjesse: hey, I just need stuff to work. Right now, nova image-list and anything glance-related is entirely broken.	19:05
*** hub_cap has quit IRC		19:05
*** hub-cap is now known as hub_cap		19:05
jaypipes	dprince: hmm, lemme double check...	19:05
dolphm	jaypipes: in the current keystone, i don't think the admin token is stored in a backend	19:06
anotherjesse	right - the service token is specified in a config	19:06
termie	it isn't, it isn't a real token in that it isn't attached to any users	19:06
dprince	dolphm: right. Its in the config.	19:06
termie	it is just admin rights to perform aftions	19:06
termie	such as make a user	19:06
*** vizsla has quit IRC		19:07
jaypipes	well, what used to be working is now not working at all...	19:07
termie	which, i think, was one reason why people wanted to switch to user/pass for an admin user	19:07
termie	jaypipes: those statements aren't the most helpful, do you know what it used to be doing?	19:08
termie	jaypipes: or what the code isi trying to do with it?	19:08
jaypipes	https://bugs.launchpad.net/devstack/+bug/942684	19:08
termie	jaypipes: does it work with a username and password?	19:08
anotherjesse	jaypipes: it used to do a hack, which was treat the service token as a user token just because it didn't exist yet	19:08
uvirtbot`	Launchpad bug 942684 in keystone "keystone_data.sh no longer adding service token - No CLI command to add a token" [Critical,Confirmed]	19:08
jaypipes	https://bugs.launchpad.net/keystone/+bug/942247	19:09
uvirtbot`	Launchpad bug 942247 in keystone "auth_token middleware should properly handle KeyError" [Critical,In progress]	19:09
termie	jaypipes: while those bugs may seem related, i don't think they are	19:09
*** hub_cap has quit IRC		19:09
*** jakedahn has joined #openstack-dev		19:09
*** hub_cap has joined #openstack-dev		19:10
*** ncode has quit IRC		19:10
termie	or rather "handling of keyerror"	19:10
anotherjesse	jaypipes: keystone wasn't supposed to have the nova service validate as if it was the keystone admin user	19:10
anotherjesse	jaypipes: it was supposed to have service tokens - but it wasn't implemented until redux	19:10
jaypipes	termie, anotherjesse: bottom line is I used to be able to do: glance index -A SERVICETOKEN, and now I can't.	19:11
anotherjesse	jaypipes: what is expected if you use servicetoken to communicate to glance?	19:11
termie	jaypipes: what does glance index do?	19:11
anotherjesse	as a user why would you use the service token?	19:11
jaypipes	anotherjesse: and nova image-list is broken, which means every devstack-vm test run in Jenkins is borked.	19:11
anotherjesse	jaypipes: the tests all run as a user - not with the service token	19:11
anotherjesse	jaypipes: so they get a user token	19:11
jaypipes	anotherjesse: how does nova communicate with glance (as an admin?)	19:12
anotherjesse	it doesn't	19:12
anotherjesse	it uses the calling user's token	19:12
jaypipes	anotherjesse: then how do I communicate with glance as an admin (i.e. do admin things... see all imaghes, etc)	19:12
anotherjesse	use an admin user?	19:13
jaypipes	ugh	19:13
anotherjesse	service tokens are for services to validate tokens	19:13
anotherjesse	they weren't meant to do anything else	19:13
anotherjesse	in legacy the fact that they were attacked to a user was a hack	19:13
anotherjesse	jaypipes: what is the ugh?	19:13
anotherjesse	trying to help here	19:14
jaypipes	anotherjesse: the ugh is the fact that right now no code can get into any of the trunks because nova image-list and glance index -A <SERVICETOKEN> doesn't work.	19:14
*** jakedahn has quit IRC		19:14
jaypipes	anotherjesse: and it was working until recently.	19:14
anotherjesse	jaypipes: they work for me with a user token	19:14
*** jakedahn has joined #openstack-dev		19:14
*** Gordonz has quit IRC		19:15
termie	and our code (keystone) uses the same gates, right?	19:15
jaypipes	termie: I don't understand what you're asking.	19:16
jaypipes	https://jenkins.openstack.org/job/gate-integration-tests-devstack-vm/1905/console	19:16
*** Gordonz has joined #openstack-dev		19:16
jaypipes	the above is what is being hjit...	19:16
anotherjesse	jaypipes: http://paste.openstack.org/show/5346/	19:16
jaypipes	because KeyError stacktraces are being dumped by the auth_token middleware.	19:16
termie	jaypipes: i think keystone uses that same test, but i feel like our code has been going in	19:16
anotherjesse	jaypipes: if you send the service token to glance as a user, then it will fail becauase there is no user/tenant associated with the service token (there is a bug that there is a stacktrace)	19:17
*** sandywalsh has quit IRC		19:18
anotherjesse	jaypipes: I think I see the bug with glance -A token	19:20
jaypipes	anotherjesse, termie: I think I am understanding better now...	19:21
anotherjesse	jaypipes: there is an issue with token based auth when you send in a tenant	19:21
anotherjesse	I'm updating the bug with it	19:22
jaypipes	anotherjesse: I'm just frustrated because there was no communication (at least as far as I can tell) that the functionality of the service token was going away or changing... there are docs, etc, in glance that need to change because of these changes	19:22
anotherjesse	jaypipes: the service token was never doc'd to be a user token	19:22
anotherjesse	it was supposed to be different	19:22
termie	jaypipes: in our defense, as far as we knew we were implementing what the docs said	19:22
anotherjesse	it was another example of docs and reality not being at the same place	19:22
jaypipes	anotherjesse: http://glance.openstack.org/authentication.html	19:23
jaypipes	anotherjesse: that was what I was going from... clearly I think you can tell that at a minimum the "how to set up authh in the server" won't work now that you also need admin_user/admin_pass in the authtoken filter section	19:24
anotherjesse	jaypipes: you don't	19:24
jaypipes	"The admin_token variable specifies the administrative token that Glance uses in its query to the Keystone Admin service."	19:24
anotherjesse	the admin_user/pass shouldn't be needed - I'm uncertain of why it should even exist	19:25
anotherjesse	but let's take this 1 step at a time	19:25
anotherjesse	we have 2 bugs:	19:25
anotherjesse	1) tracebacks!	19:25
anotherjesse	2) the flow of sending a token doesn't work	19:25
dprince	anotherjesse: I think my branch fixes the traceback.	19:26
termie	jaypipes: for my own sanity, when you say all projects can't commit code because of this test: https://jenkins.openstack.org/job/gate-integration-tests-devstack-vm/	19:27
termie	jaypipes: were you refering to something else? it appears to be passing most of the time so i am little confused	19:28
*** bencherian has joined #openstack-dev		19:28
jaypipes	termie: my apologies.	19:28
*** jog0 has joined #openstack-dev		19:28
jaypipes	termie: I'm confusing clearly not being able to get passed this in my testing with blocking trunk gates	19:29
jaypipes	s/passed/past	19:29
*** shevek__ has joined #openstack-dev		19:29
termie	jaypipes: okies, was worried that there was some other factor at play that i wasn't aware of	19:29
anotherjesse	termie/jaypipes/dprince for those who want to follow along I think this is the steps? https://bugs.launchpad.net/keystone/+bug/942838	19:29
uvirtbot`	Launchpad bug 942838 in keystone "using glance with token auth doesn't work" [Undecided,New]	19:29
jaypipes	termie: no... just that nati and I have been completely dead in the water in our Essex upgrade testing of TryStack because we can't figure this stuff out.	19:30
*** adjohn has joined #openstack-dev		19:32
termie	jaypipes: got it, well hopefully we can get it resolved quickly then	19:32
dprince	anotherjesse: Are you taking that ticket then?	19:32
YorikSar	bcwaldon: around?	19:32
dprince	anotherjesse: Or should someone else jump in?	19:33
bcwaldon	YorikSar: yep	19:33
jaypipes	dprince: I think it's a different ticket now :)	19:33
anotherjesse	dprince: I think we can get it - just want to make sure we have the correct repo steps	19:33
dprince	jaypipes: gotcha. I meant the one Jesse just filed.	19:33
anotherjesse	jaypipes: I think you found 2 or 3 issues all at once - so once we get this resolved I need to look at your tickets	19:33
anotherjesse	since there will be other issues	19:34
YorikSar	bcwaldon: Which community did you suggest? This channel, today meeting or Thursday's meeting?	19:34
jaypipes	anotherjesse: so... looks like the issue it that the tenant returned in keystone token-get is incorrect?	19:34
bcwaldon	YorikSar: I was just going to let that comment sit for a little bit and poke a few people	19:35
bcwaldon	YorikSar: specifically the volumes community and vish	19:35
anotherjesse	jaypipes: it is the tenant-id not the tenant-name :(	19:35
anotherjesse	which is pretty ugly	19:35
jaypipes	anotherjesse: ah, doh. sorry.	19:35
anotherjesse	names are mutable - so shouldn't be used for reference	19:36
YorikSar	bcwaldon: Ok, I'll send my thoughts on this to Gerrit then	19:36
*** hashar has joined #openstack-dev		19:36
bcwaldon	YorikSar: go for it	19:36
jaypipes	anotherjesse: did you see that the request body is wrong?	19:37
anotherjesse	yep	19:37
jaypipes	anotherjesse: k...	19:37
anotherjesse	jaypipes: looking into that now	19:37
anotherjesse	I'll look to resolve this - regarding the traceback issue - dprince is there a review open?	19:37
jaypipes	anotherjesse: yes, there is.	19:38
jaypipes	https://review.openstack.org/#change,4634	19:38
*** jsavak has joined #openstack-dev		19:38
jaypipes	dprince: I think what I was saying in that review comment was that instead of returning None, could we raise the error that is returned (in Jesse's new bug, shows as Invalid user/password 401.	19:39
*** sandywalsh has joined #openstack-dev		19:39
*** joesavak has quit IRC		19:40
dprince	jaypipes: sure. I'd be fine with that.	19:40
jaypipes	anotherjesse, dprince, termie, heckj: and sorry to make such a kurfuffle about this...	19:40
jaypipes	dprince: cool, ty!	19:40
anotherjesse	jaypipes: it is frsutrating :)	19:40
anotherjesse	understand	19:40
jaypipes	yeah, but I've made it more frustrating by getting on everyone's case... apologies.	19:41
ttx	zns: the E4 branch is not cut yet. It's EOB today (read: very early tomorrow)	19:41
*** jsavak has quit IRC		19:43
bcwaldon	jeblair: could use some help debugging this failure: https://jenkins.openstack.org/job/gate-nova-unittests/1220/console	19:43
*** joesavak has joined #openstack-dev		19:44
jeblair	bcwaldon: ack	19:44
*** bepernoot has joined #openstack-dev		19:44
bcwaldon	jeblair: the change doesn't seem to be related to the failure	19:44
anotherjesse	termie: oddness - so now my glance index / nova list is doing the same thing	19:45
bcwaldon	jeblair: and this code has already make it into master, this is just a backport to diablo	19:46
termie	anotherjesse: i'm not following along at home	19:46
termie	anotherjesse: you seemed to have it under control	19:46
termie	anotherjesse: should i switch tracks?	19:46
anotherjesse	termie: ooh, so nova list was failing - and then when I restarted nova it started working again	19:46
anotherjesse	nah	19:46
anotherjesse	I'm just rambling as I figure out	19:46
jeblair	mtaylor: ^	19:46
jaypipes	anotherjesse: did you figure out why it was failing?	19:46
anotherjesse	not yet - but I feel close	19:46
anotherjesse	jaypipes: can you ctrl-c your glance-api and restart it	19:47
anotherjesse	it made it start working for me	19:47
openstackgerrit	Verification of a change to openstack/keystone failed: Handle KeyError in _get_admin_auth_token. https://review.openstack.org/4634	19:48
*** sandywalsh has quit IRC		19:48
jaypipes	anotherjesse: yeah, one sec	19:48
*** sandywalsh has joined #openstack-dev		19:49
anotherjesse	dprince: your verification failed due to python26/27 jobs	19:50
*** jsavak has joined #openstack-dev		19:51
jaypipes	anotherjesse: everything seemingly working fine now... weird.	19:51
dprince	anotherjesse: whatever does that mean?	19:51
jaypipes	anotherjesse: I'm thinking perhaps there is something to do with env variables being a bit wrong -- I know that we've gone through some renames of those variables...	19:52
anotherjesse	jaypipes: I think it I know the issue	19:52
jaypipes	anotherjesse: please do tell :)	19:52
anotherjesse	jaypipes: something causes an exception/validation to fail, which leads the auth_token middleware to try the admin user/pass to get a new token (it thinks it should try that)	19:52
anotherjesse	(which was added recently iirc)	19:52
anotherjesse	which fails leaving it in an odd state	19:53
jaypipes	anotherjesse: yes, that's precisely the behaviour I've noticed.	19:53
anotherjesse	still investigating...	19:53
jaypipes	anotherjesse: but now that I've sourced openrc I can't seem to kill it again :)	19:53
anotherjesse	dprince: what is the reasoning behind wanting admin_user/pass in the auth_middleware	19:53
jaypipes	gonna try from scratch and re-run stack.sh in a clean env	19:53
anotherjesse	jaypipes: perhaps try sending an invalid token	19:53
*** joesavak has quit IRC		19:53
jaypipes	anotherjesse: yeah...	19:54
anotherjesse	or invalid password	19:54
*** jdg has quit IRC		19:54
jaypipes	anotherjesse: LOL. if I do glance index -A ASSBAG, it works still ;)	19:54
jaypipes	how nice :)	19:54
* annegentle snorts		19:54
anotherjesse	jaypipes: my ASSBAG causes a stack exception	19:55
jaypipes	must be picking up the user/pass in environs and ignoring the -A	19:55
kbringard	lol	19:55
jaypipes	anotherjesse: lol	19:55
dprince	anotherjesse: well. When tokens expire this would just provide a way to refresh them.	19:55
kbringard	you guys crack me up	19:55
anotherjesse	jay started it!	19:55
jaypipes	hehe	19:55
*** nati has joined #openstack-dev		19:56
dprince	anotherjesse: That code has been sort of hanging around but not entirely implemented in auth_token for awhile. Do you you dislike?	19:56
jaypipes	anotherjesse: well, trying other (non -A) authentication options with various curse words seems to correctly spit back Not authorized errors, which is good...	19:56
anotherjesse	dprince: I think it is the root of the issue is a mis-understanding of what the servicetoken/auth token is	19:56
anotherjesse	dprince: in legacy keystone the "service token" (token used by auth_middleware in other services) was attached to a user and a regular token	19:57
jeblair	bcwaldon: so that's using novaclient 2.6.0	19:57
bcwaldon	jeblair: oh, wow	19:58
jeblair	bcwaldon: because that's what's in pip-requires in nova's stable/diablo	19:58
jeblair	bcwaldon: it's worth noting that 2.6.0 appears to have a bug:	19:58
jeblair	bcwaldon: Sorry: IndentationError: ('unindent does not match any outer indentation level', ('/home/jenkins/workspace/gate-nova-unittests/.venv/lib/python2.7/site-packages/novaclient/v1_1/servers.py', 152, 49, ' def create_image(self, image_name, metadata):\n'))	19:58
*** gyee has quit IRC		19:58
anotherjesse	dprince: it was always meant to eventually be different than a regular token (so you can attach additional information to it)	19:58
bcwaldon	jeblair: nice, well I think we can use latest novaclient	19:59
bcwaldon	jeblair: let me ask vishvananda	19:59
anotherjesse	dprince: in keystone redux we followed the docs and made it a service token	19:59
openstackgerrit	Verification of a change to openstack/glance failed: Disallow file:// sources on location or copy-from. https://review.openstack.org/4602	19:59
jeblair	bcwaldon: but based on everything else that's been going on, maybe ... yes what you just said. :)	19:59
anotherjesse	dprince: which doesn't timeout in the normal way - so getting a new token via admin user/pass isn't the same thing	19:59
mtaylor	bcwaldon: ok. good. I thought I'd broken something	19:59
anotherjesse	dprince: given that service tokens now persist until the configuration is manually changed, should we roll back the admin user/pass thing?	19:59
dprince	anotherjesse: Okay. So using a user/password for a service is now undesirable then? Seems like user/pass could just get back the special token and it would be fine?	19:59
bcwaldon	mtaylor: well you're not off the hoook yet, why did that keystone review fail?	19:59
jaypipes	anotherjesse: but there's no longer any need to keep track of the admin_token (in conf files), right? Just admin user and pass?	20:00
*** dolphm has quit IRC		20:00
anotherjesse	jaypipes: actually the goal is the oposite - not to put user/pass in the conf	20:00
jaypipes	anotherjesse: hmm...	20:00
anotherjesse	to put a service token - and eventually a different service token per service deploy	20:00
dprince	jaypipes: I think you are talking about keystone. In which case yes.	20:01
*** jmckenty has joined #openstack-dev		20:01
openstackgerrit	Verification of a change to openstack/glance failed: Disallow file:// sources on location or copy-from. https://review.openstack.org/4602	20:01
anotherjesse	dprince / jaypipes - do either of you have a preference for user/pass instead of a token?	20:01
anotherjesse	in the auth_middleware	20:01
bcwaldon	mtaylor: unittest jobs are blowing up with 'too many links'	20:02
jaypipes	anotherjesse: I think user/pass would make the whole thing more consistent.	20:02
jaypipes	anotherjesse: in other words, not storing the admin_token in conf files -- instead, using an admin user/pass (or service user/pass) in the conf files that retrieves a long-lived (24+ hours) token in the middleware and stores it in memory only.	20:03
jaypipes	anotherjesse: which is almost what is currently happening (only there is still the admin_token in conf files)	20:03
jaypipes	dprince: would the above meet your expectations as well?	20:04
dprince	anotherjesse: long lived tokens seem problematic for same auth backends. That was the initial driver for user/password.	20:04
dprince	jaypipes: I think so.	20:04
anotherjesse	dprince / jaypipes - our goal was to meet the spec and move away from the user/password hack	20:05
anotherjesse	dprince / jaypipes: what if there was an api/... for listing service tokens	20:05
*** rbasak has quit IRC		20:05
dprince	anotherjesse: does this mean I implemented a hack?	20:05
anotherjesse	dprince: ya	20:06
jaypipes	anotherjesse: heh, that would be fine, too... but we're supposed to release E4 tomorrow ;)	20:06
* dprince hangs head		20:06
anotherjesse	overriding the user model with "service" validation abilities is "ugly"	20:06
mtaylor	bcwaldon: ok. jkeystone is me	20:06
*** rkukura has quit IRC		20:06
bcwaldon	dprince: it'll be okay little guy	20:06
anotherjesse	dprince: only you can save mankind!	20:06
*** adjohn has quit IRC		20:06
* heckj reads scrollback		20:06
jaypipes	anotherjesse: I think getting rid of the admin_token hack and keeping admin_user/admin_pass in the conf files only for Essex is a good goal, and adding API features to Identity in Folsom that would allow services to query for special service tokens	20:06
dprince	bcwaldon: I'm your senior. Please address me as sir!	20:07
mtaylor	bcwaldon: shold be fixed and re-triggered	20:07
bcwaldon	dprince: you're not my real dad!	20:07
*** troytoman-away is now known as troytoman		20:07
anotherjesse	jaypipes: keeping in conf files is something new - it wasn't in diablo	20:07
anotherjesse	jaypipes: keeping user/pass	20:07
jaypipes	anotherjesse: let's not discuss identity in Diablo :)	20:07
anotherjesse	jaypipes: removing the admin user/pass is the cleanest thing for getting E4 done	20:08
dprince	anotherjesse/jaypipes: I'm more concerned with the end user API not changing than I am with the service configs.	20:08
anotherjesse	and post E4 (either in an RC or folsom) we can add the ability to have multiple tokens	20:08
jaypipes	anotherjesse: honestly, I could go either way... as long as it's consistent -- in the conf files for all projects in the same way -- and it works, I think I'm good :)	20:08
dprince	anotherjesse/jaypipes: But I could go either way as well. Don't want people to be unhappy on account of me.	20:09
anotherjesse	dprince: I don't think having or not having the user/pass in service config changes the user API	20:09
dprince	anotherjesse: Correct.	20:09
dprince	anotherjesse: Which is why I wouldn't mind keeping it.	20:10
dprince	anotherjesse: Sorry. Misworded that.	20:10
anotherjesse	dprince: can you propose removing it (and write a patch)	20:10
jaypipes	anotherjesse: then I think removing the admin user/pass and using service_token ONLY in conf files is a good choice. (obviously refactoring the auth_token middleware in the process to remove the user/pass stuff in _get_admin_auth_token()?	20:10
*** dwalleck has joined #openstack-dev		20:11
jaypipes	anotherjesse: PPB...	20:11
anotherjesse	jaypipes: k - for folsom we will flesh out the service token stuff to have more	20:11
jaypipes	anotherjesse: ++	20:11
anotherjesse	jaypipes: ya, tripple tasking :(	20:11
jaypipes	anotherjesse: ya, me too :)	20:12
dprince	westmass: Please see ^^^^	20:13
dprince	westmaas:	20:13
dprince	anotherjesse: yes. I'll do it.	20:13
anotherjesse	dprince: thanks!	20:13
termie	i'm going to walk to some coffee	20:14
westmaas	dprince: user/pass getting removed?	20:14
termie	IN CASE ANYBODY WAS WONDERING	20:14
westmaas	termie: thx	20:14
dprince	westmaas: yes	20:14
westmaas	how do I get a new token?	20:15
westmaas	read this conversation?	20:15
westmaas	:)	20:15
anotherjesse	westmaas: why do you need a new token	20:16
anotherjesse	westmaas: the token is set in a config file and used until you restart	20:16
anotherjesse	with a new config	20:16
termie	... actually, it's cold out side, walk retracted	20:16
westmaas	how about when the token expires?	20:16
openstackgerrit	Verification of a change to openstack/glance failed: Disallow file:// sources on location or copy-from. https://review.openstack.org/4602	20:16
anotherjesse	westmaas: the service token doesn't expire	20:16
anotherjesse	westmaas: in keystone legacy the service token was a repurposed user token	20:17
anotherjesse	westmaas: in redux it is a service token that lives until the operator decides to change it	20:17
westmaas	ok.	20:17
anotherjesse	westmaas: we need to add the ability to have multiple service tokens (and an api for generating/...)	20:17
* heckj finally catches up		20:19
bcwaldon	jeblair: are you looking into the 'too many links' issues w/ glance tests? https://jenkins.openstack.org/job/gate-glance-python27/50/console	20:19
bcwaldon	jeblair: can't remember	20:19
heckj	anotherjesse: thanks for helping drive out the details	20:20
*** nati has quit IRC		20:20
termie	heckj: i'll vote for you if you vote for me :-*	20:22
termie	heckj: (just got the email to vote)	20:22
heckj	termie: sounds good!	20:22
heckj	ah, not yet - but I'm backlogged a bit	20:22
termie	better karma for both of us that way	20:22
termie	dizzone	20:23
termie	devcamcar: did you really not do a candidate page?	20:23
jakedahn	lulz, i voted for devcamcar	20:23
heckj	termie: he totally slacked on it	20:23
heckj	anotherjesse, jaypipes, termie, dprince - I create a blueprint to capture some of this scrollback related to service tokens and where we want to go for folsom.	20:24
heckj	anotherjesse: I "assigned" it to you, since you mediated this out - and as a placeholder so that I keep it around. :-)	20:24
jaypipes	heckj: cheers	20:25
anotherjesse	dprince: if you haven't started yet	20:28
vishy	johan_-_: saw that you assigned yourself the memory leak	20:28
dprince	anotherjesse: I have... but whats up?	20:28
openstackgerrit	Verification of a change to openstack/glance failed: Allow region selection when using V2 keystone https://review.openstack.org/4350	20:28
*** nati has joined #openstack-dev		20:29
vishy	johan_-_: it occurred to me the other day that we could probably just monkeypatch the DummyThread in eventlet while we wait for an upstream patch.	20:29
ttx	heckj: about your keystone meeting question -- E4 milestone-proposed branch will be cut EOB today (i.e. very early tomorrow US time)	20:29
ttx	heckj: so you still have a few hours for features :) Then it's only targeted bugfixes.	20:30
heckj	ttx: thanks - caught that in the scrollback.	20:30
jeblair	bcwaldon: i can fix that	20:30
nati	Woooot. I could run Essex on precise with nested_kvm option. I could test OpenStack on OpenStack.	20:30
termie	i am going to add so many features	20:31
termie	you guys don't even know	20:31
bcwaldon	termie: noooooo!	20:31
termie	it's going to be like featurepalooza up in this	20:31
termie	api "colors"	20:31
termie	content "personality types"	20:31
*** statik has quit IRC		20:31
bcwaldon	termie: ooh ooh do horoscopes!	20:32
termie	token "astrology"	20:32
bcwaldon	termie: yeaaaaah	20:32
termie	"We're sorry, your token is Oraclean and doesn't work well with Stallmanian services"	20:33
termie	"why am i getting this error?" "where was the moon in teh sky for you when you got it?"	20:33
jakedahn	http://stsh.me/1JE	20:33
termie	jakedahn: nice!	20:34
*** x86brandon has joined #openstack-dev		20:34
annegentle	jakedahn: that is awesome!	20:34
*** adjohn has joined #openstack-dev		20:37
termie	i don't even know where i could display that	20:37
termie	damnit	20:37
jeblair	bcwaldon: "too many links" should be fixed	20:37
*** rods has joined #openstack-dev		20:38
eglynn	mtaylor: any lightbulbs flash with you on this apparently TOX-related glance build failure?	20:38
eglynn	mtaylor: https://jenkins.openstack.org/job/gate-glance-python27/50/console	20:38
*** bencherian has quit IRC		20:39
mtaylor	eglynn: looking	20:40
jeblair	eglynn: try it again, i just fixed that	20:40
mtaylor	jeblair: was it tox related?	20:40
jeblair	mtaylor: no, tmp filled	20:40
eglynn	jeblair, mtaylor: thanks!	20:40
eglynn	bcwaldon: can you re-approve https://review.openstack.org/#change,4602 ?	20:41
bcwaldon	eglynn: done. Just had to retrigger the jenkins job	20:41
*** fesnel has joined #openstack-dev		20:42
eglynn	bcwaldon: thx!	20:42
*** johngarbutt has joined #openstack-dev		20:45
*** adjohn has quit IRC		20:46
mtaylor	jeblair: eek. well, I guess jclouds-plugin solves that for us long term	20:48
*** sandywalsh has quit IRC		20:48
*** johngarbutt has quit IRC		20:51
*** apevec has joined #openstack-dev		20:51
*** johngarbutt has joined #openstack-dev		20:55
*** dolphm has joined #openstack-dev		20:56
openstackgerrit	Verification of a change to openstack/glance failed: Disallow file:// sources on location or copy-from. https://review.openstack.org/4602	20:58
*** jdg has joined #openstack-dev		20:59
*** kbringard1 has joined #openstack-dev		20:59
*** lloydde has joined #openstack-dev		20:59
*** Kiall has quit IRC		21:00
*** kbringard has quit IRC		21:00
jeblair	mtaylor: we don't have to wait that long. we can run tmpwatch. bug 925774	21:00
uvirtbot`	Launchpad bug 925774 in openstack-ci "jenkins slaves should run tmpwatch" [High,Confirmed] https://launchpad.net/bugs/925774	21:00
mtaylor	jeblair: awesome	21:01
*** rkukura has joined #openstack-dev		21:01
jeblair	mtaylor: that bug is unassigned. :/	21:01
*** bepernoot has quit IRC		21:02
*** Kiall has joined #openstack-dev		21:04
anotherjesse	dolphm: https://bugs.launchpad.net/keystone/+bug/930321	21:12
uvirtbot`	Launchpad bug 930321 in keystone "ksl: GET /v2.0/ returns {}" [High,Confirmed]	21:12
anotherjesse	any ideas on that	21:12
dolphm	looking	21:13
*** armaan has left #openstack-dev		21:13
dolphm	i don't think there was a spec for what to return, but i would assume a single entry from the GET / multiple choice list would be most appopriate	21:14
*** mjfork has quit IRC		21:16
*** bengrue has quit IRC		21:16
*** cdub has quit IRC		21:16
*** tryggvil_ has quit IRC		21:16
*** mdomsch has quit IRC		21:16
*** Vek has quit IRC		21:16
*** openstackjenkins has quit IRC		21:16
*** pmyers has quit IRC		21:16
*** justinsb has quit IRC		21:16
*** bodepd_ has quit IRC		21:16
*** nikhil__ has quit IRC		21:16
*** 13WAAGXMU has quit IRC		21:16
*** fesnel has quit IRC		21:16
*** comstud has quit IRC		21:16
*** jsavak has quit IRC		21:16
*** novas0x2a\|laptop has quit IRC		21:16
*** mnewby has quit IRC		21:16
*** mancdaz1203 has quit IRC		21:16
*** LinuxJedi has quit IRC		21:16
*** jmckenty has quit IRC		21:16
*** AlanClark has quit IRC		21:16
*** lts has quit IRC		21:16
*** mattray has quit IRC		21:16
*** dubsquared has quit IRC		21:16
*** pknouff_ has quit IRC		21:16
*** _cerberus_ has quit IRC		21:16
*** root____1 has quit IRC		21:16
*** zns has quit IRC		21:16
*** heckj has quit IRC		21:16
*** utlemming has quit IRC		21:16
*** winston-d has quit IRC		21:16
*** michaelchapman has quit IRC		21:16
*** kaz___ has quit IRC		21:16
*** pquerna has quit IRC		21:16
*** hyakuhei has quit IRC		21:16
*** rha has quit IRC		21:16
*** retr0h has quit IRC		21:16
*** dwalleck has quit IRC		21:16
*** jog0 has quit IRC		21:16
*** crobinso has quit IRC		21:16
*** andrewsben has quit IRC		21:16
*** Mandell has quit IRC		21:16
*** maplebed has quit IRC		21:16
*** CatKiller has quit IRC		21:16
*** jeremy has quit IRC		21:16
*** cweidenkeller has quit IRC		21:16
*** YorikSar has quit IRC		21:16
*** westmaas has quit IRC		21:16
*** bourke has quit IRC		21:16
*** hashar has quit IRC		21:16
*** Gordonz has quit IRC		21:16
*** andrewsmedina has quit IRC		21:16
*** Yak-n-Yeti has quit IRC		21:16
*** xtoddx has quit IRC		21:16
*** jeremyb has quit IRC		21:16
*** Drakiz has quit IRC		21:16
*** markwash_ has quit IRC		21:16
*** benner has quit IRC		21:16
*** hazmat has quit IRC		21:16
*** jdurgin has quit IRC		21:16
*** PotHix has quit IRC		21:16
*** TREllis has quit IRC		21:16
*** ghe_ has quit IRC		21:16
*** andrewbogott has quit IRC		21:16
*** zykes- has quit IRC		21:16
*** zaitcev has quit IRC		21:16
*** akscram has quit IRC		21:16
*** seats has quit IRC		21:16
*** thrawn01 has quit IRC		21:16
*** agy has quit IRC		21:16
*** clayg has quit IRC		21:16
*** ohnoimdead has quit IRC		21:16
*** mattstep has quit IRC		21:16
*** stokachu has quit IRC		21:16
*** Kiall has quit IRC		21:16
*** mikemowgli has quit IRC		21:16
*** ayoung has quit IRC		21:16
*** mortman has quit IRC		21:16
*** medberry has quit IRC		21:16
*** n0ano has quit IRC		21:16
*** wwkeyboard has quit IRC		21:16
*** guaqua has quit IRC		21:16
*** nikhil_ has quit IRC		21:16
*** Daviey has quit IRC		21:16
*** yamahata__ has quit IRC		21:16
*** yamahata_ has quit IRC		21:16
*** jkoelker has quit IRC		21:16
*** pvo has quit IRC		21:16
*** russellb has quit IRC		21:16
*** Adri2000 has quit IRC		21:16
*** pasik has quit IRC		21:16
*** tr3buchet has quit IRC		21:16
*** johan_-_ has quit IRC		21:16
*** negronjl has quit IRC		21:16
*** kbringard1 has quit IRC		21:16
*** apevec has quit IRC		21:16
*** paulormg has quit IRC		21:16
*** mikal has quit IRC		21:16
*** soren has quit IRC		21:16
*** jeblair has quit IRC		21:16
*** blamar has quit IRC		21:16
*** bcwaldon has quit IRC		21:16
*** jcapel has quit IRC		21:16
*** jakedahn has quit IRC		21:16
*** ahale has quit IRC		21:16
*** kpepple_ has quit IRC		21:16
*** ipl31 has quit IRC		21:16
*** mtaylor has quit IRC		21:16
*** villep_ has quit IRC		21:16
*** openstackgerrit has quit IRC		21:16
*** glenc has quit IRC		21:16
*** termie has quit IRC		21:16
*** jaypipes has quit IRC		21:16
*** ohnoimdead has joined #openstack-dev		21:18
*** jpipes has joined #openstack-dev		21:18
*** Kiall has joined #openstack-dev		21:18
*** kbringard1 has joined #openstack-dev		21:18
*** apevec has joined #openstack-dev		21:18
*** fesnel has joined #openstack-dev		21:18
*** dwalleck has joined #openstack-dev		21:18
*** 52AAAJ562 has joined #openstack-dev		21:18
*** jsavak has joined #openstack-dev		21:18
*** hashar has joined #openstack-dev		21:18
*** jog0 has joined #openstack-dev		21:18
*** Gordonz has joined #openstack-dev		21:18
*** jakedahn has joined #openstack-dev		21:18
*** novas0x2a\|laptop has joined #openstack-dev		21:18
*** mjfork has joined #openstack-dev		21:18
*** mnewby has joined #openstack-dev		21:18
*** AlanClark has joined #openstack-dev		21:18
*** bengrue has joined #openstack-dev		21:18
*** jdurgin has joined #openstack-dev		21:18
*** crobinso has joined #openstack-dev		21:18
*** andrewsben has joined #openstack-dev		21:18
*** Mandell has joined #openstack-dev		21:18
*** cdub has joined #openstack-dev		21:18
*** maplebed has joined #openstack-dev		21:18
*** tryggvil_ has joined #openstack-dev		21:18
*** PotHix has joined #openstack-dev		21:18
*** andrewsmedina has joined #openstack-dev		21:18
*** Yak-n-Yeti has joined #openstack-dev		21:18
*** Vek has joined #openstack-dev		21:18
*** TREllis has joined #openstack-dev		21:18
*** paulormg has joined #openstack-dev		21:18
*** mikemowgli has joined #openstack-dev		21:18
*** ayoung has joined #openstack-dev		21:18
*** lts has joined #openstack-dev		21:18
*** mattray has joined #openstack-dev		21:18
*** CatKiller has joined #openstack-dev		21:18
*** ghe_ has joined #openstack-dev		21:18
*** openstackjenkins has joined #openstack-dev		21:18
*** andrewbogott has joined #openstack-dev		21:18
*** zykes- has joined #openstack-dev		21:18
*** utlemming has joined #openstack-dev		21:18
*** dubsquared has joined #openstack-dev		21:18
*** zaitcev has joined #openstack-dev		21:18
*** mancdaz1203 has joined #openstack-dev		21:18
*** winston-d has joined #openstack-dev		21:18
*** LinuxJedi has joined #openstack-dev		21:18
*** michaelchapman has joined #openstack-dev		21:18
*** mikal has joined #openstack-dev		21:18
*** xtoddx has joined #openstack-dev		21:18
*** jeremy has joined #openstack-dev		21:18
*** benner has joined #openstack-dev		21:18
*** markwash_ has joined #openstack-dev		21:18
*** Drakiz has joined #openstack-dev		21:18
*** hazmat has joined #openstack-dev		21:18
*** jeremyb has joined #openstack-dev		21:18
*** cweidenkeller has joined #openstack-dev		21:18
*** pmyers has joined #openstack-dev		21:18
*** mortman has joined #openstack-dev		21:18
*** YorikSar has joined #openstack-dev		21:18
*** medberry has joined #openstack-dev		21:18
*** n0ano has joined #openstack-dev		21:18
*** wwkeyboard has joined #openstack-dev		21:18
*** justinsb has joined #openstack-dev		21:18
*** akscram has joined #openstack-dev		21:18
*** comstud has joined #openstack-dev		21:18
*** 13WAAGXMU has joined #openstack-dev		21:18
*** nikhil__ has joined #openstack-dev		21:18
*** bodepd_ has joined #openstack-dev		21:18
*** soren has joined #openstack-dev		21:18
*** jeblair has joined #openstack-dev		21:18
*** guaqua has joined #openstack-dev		21:18
*** kaz___ has joined #openstack-dev		21:18
*** mattstep has joined #openstack-dev		21:18
*** blamar has joined #openstack-dev		21:18
*** Daviey has joined #openstack-dev		21:18
*** nikhil_ has joined #openstack-dev		21:18
*** negronjl has joined #openstack-dev		21:18
*** stokachu has joined #openstack-dev		21:18
*** yamahata__ has joined #openstack-dev		21:18
*** yamahata_ has joined #openstack-dev		21:18
*** bcwaldon has joined #openstack-dev		21:18
*** pquerna has joined #openstack-dev		21:18
*** pknouff_ has joined #openstack-dev		21:18
*** agy has joined #openstack-dev		21:18
*** jkoelker has joined #openstack-dev		21:18
*** seats has joined #openstack-dev		21:18
*** jcapel has joined #openstack-dev		21:18
*** root____1 has joined #openstack-dev		21:18
*** _cerberus_ has joined #openstack-dev		21:18
*** westmaas has joined #openstack-dev		21:18
*** pvo has joined #openstack-dev		21:18
*** ahale has joined #openstack-dev		21:18
*** hyakuhei has joined #openstack-dev		21:18
*** niven.freenode.net sets mode: +vv soren _cerberus_		21:18
*** russellb has joined #openstack-dev		21:18
*** Adri2000 has joined #openstack-dev		21:18
*** rha has joined #openstack-dev		21:18
*** bourke has joined #openstack-dev		21:18
*** thrawn01 has joined #openstack-dev		21:18
*** retr0h has joined #openstack-dev		21:18
*** pasik has joined #openstack-dev		21:18
*** clayg has joined #openstack-dev		21:18
*** kpepple_ has joined #openstack-dev		21:18
*** tr3buchet has joined #openstack-dev		21:18
*** ipl31 has joined #openstack-dev		21:18
*** mtaylor has joined #openstack-dev		21:18
*** villep_ has joined #openstack-dev		21:18
*** johan_-_ has joined #openstack-dev		21:18
*** openstackgerrit has joined #openstack-dev		21:18
*** glenc has joined #openstack-dev		21:18
*** termie has joined #openstack-dev		21:18
*** niven.freenode.net sets mode: +v mtaylor		21:18
*** jog0 has quit IRC		21:18
*** jog0 has joined #openstack-dev		21:18
*** heckj has joined #openstack-dev		21:18
*** mikal has quit IRC		21:20
comstud	bah	21:20
comstud	you guys are too fast	21:20
comstud	lamar's branch needed work	21:20
comstud	:)	21:21
*** dprince has quit IRC		21:21
bcwaldon	comstud: I unapproved it	21:21
bcwaldon	comstud: don't you worry	21:21
*** mikal has joined #openstack-dev		21:22
*** johngarbutt has quit IRC		21:22
comstud	cools thnx..	21:23
comstud	i think i'll head in tomorrow	21:23
comstud	fyi	21:23
comstud	it's been a while	21:23
*** markvoelker has quit IRC		21:25
Kiall	jeblair: ping	21:26
*** zykes- has quit IRC		21:27
jeblair	Kiall: pong	21:27
Kiall	Just gave a build of the latest gerrit-trigger jenkins plugin a go, failed at first as you mentioned in -meeting.. wiping the plugin completely from the plugins dir, and dropping it back in someone did the trick	21:27
Kiall	somehow*	21:28
jeblair	Kiall: awesome!	21:28
Kiall	Don't ask me why it worked.. All I know is, it did ;)	21:28
jeblair	Kiall: i had begun to suspect (based on the problems i had rolling it back) that there could be something in that directory causing it	21:28
Kiall	trigger on ref changed was an interesting enough feature for me to at least try and update it ;)	21:29
jeblair	Kiall: I've just about finished setting up a dev server to try to dig deeper into this	21:29
notmyname	anotherjesse: getting the cli args taken care of	21:29
jeblair	Kiall: knowing the answer (so to speak) ahead of time will help.	21:29
Kiall	(we use submodules, and gerrits built in auto-update superproject submodule pointer stuff.. Hopefully it triggers a ref-changed event ;)	21:30
*** jeremy has quit IRC		21:31
*** mikal has quit IRC		21:32
jeblair	Kiall: let me know what you see; we're going to experimentally start using submodules in the openstack-ci-puppet module soon, that'll be the first time most of our setup has been exposed to submodules	21:32
*** adjohn has joined #openstack-dev		21:32
Kiall	Hah - right so, be prepared for developer lashback and confusion ;)	21:32
Kiall	Submodules are probably the 1 part of git most people just dont seem to get..	21:33
*** mikal has joined #openstack-dev		21:34
Kiall	Anyway - cyas	21:35
jeblair	thanks!	21:35
*** rods has quit IRC		21:37
anotherjesse	notmyname: thx!	21:37
anotherjesse	dolphm: is https://bugs.launchpad.net/keystone/+bug/930321 something that needs addressed before e4?	21:38
uvirtbot`	Launchpad bug 930321 in keystone "ksl: GET /v2.0/ returns {}" [High,Confirmed]	21:38
*** bhall has joined #openstack-dev		21:39
*** bhall has quit IRC		21:39
*** bhall has joined #openstack-dev		21:39
dolphm	anotherjesse: need, no. but we can, easily	21:40
anotherjesse	dolphm: I'm working through this "admin" token issue	21:40
dolphm	want me to implement that call?	21:41
*** rods has joined #openstack-dev		21:41
anotherjesse	yes if it need added before essex release	21:41
*** stuntmachine has quit IRC		21:42
*** rods has quit IRC		21:48
*** jsavak has quit IRC		21:52
*** paulormg has quit IRC		21:54
*** Yak-n-Yeti has left #openstack-dev		21:55
*** davlap has joined #openstack-dev		21:55
*** asdfasdf has joined #openstack-dev		21:56
*** asdfasdf has quit IRC		21:58
*** nati has quit IRC		21:58
*** aweiss has joined #openstack-dev		21:58
*** nati has joined #openstack-dev		21:58
*** novas0x2a\|laptop has quit IRC		22:00
*** hub_cap has quit IRC		22:02
*** vincentricci has joined #openstack-dev		22:02
*** jdg has quit IRC		22:03
*** vincentricci has left #openstack-dev		22:03
*** andrewsmedina has quit IRC		22:04
*** vincentricci has joined #openstack-dev		22:04
*** vincentricci has left #openstack-dev		22:05
ohnoimdead	anotherjesse/termie/joe: want to talk about https://blueprints.launchpad.net/horizon/+spec/ext-roles for a minute?	22:05
*** andrewsben has quit IRC		22:06
termie	ohnoimdead: sure, i am magic multitasker	22:06
termie	ohnoimdead: here is the answers	22:07
ohnoimdead	termie: hehe, sorry, just saw the etherpad on admin config	22:07
termie	ohnoimdead: roles are assigned to user-tenant combos, you can configure them mostly however you'd like for the purposes of the dashboard	22:07
termie	ohnoimdead: but you mention things like "granting users access to the project"	22:07
termie	ohnoimdead: which is actually something controlled by keystone, not by horizon	22:08
ohnoimdead	termie: cool. as long as we have the ability to assign a role to a user-tenant combo we can close out this blueprint pretty quickly	22:08
termie	ohnoimdead: so you are asking _keystone_ to change specific semantics	22:08
anotherjesse	ohnoimdead: I think the issue would be making sure those roles are interpretted by nova/glance/...	22:09
termie	ohnoimdead: in horizon land you may decide to block access to something because it is in "hardware" but realistically that is probably a nova option	22:09
ohnoimdead	termie: not for this specific blueprint. this is just about extending the roles (which is statically configured it sounds like) and the ability to assign a role to a use in a tenant.	22:09
termie	ohnoimdead: an admin in the keystone system can change roles, if the user you are logged in as in horizon is considered an admin by keystone you will be able to change the roles on any user-tenant anywhere	22:10
*** jdg has joined #openstack-dev		22:10
heckj	s/use in a tenant/users assocaited with a tenant/ ?	22:10
termie	ohnoimdead: there will likely not be anything more granular than that for some time, and what the roles allow in different projects will also be defined by those projects for the time being	22:10
termie	ohnoimdead: so until there is a full "rbac" api to keystone most of these thigns are just you deciding which parts of teh dashboard somebody can access	22:11
termie	ohnoimdead: and you'll probably need to keep those in sync with the defaults in nova, and that may not be worth it	22:11
ohnoimdead	termie: that works for the purposes of this blueprint and is something we can probably implement quickly	22:11
termie	ohnoimdead: once the rbac stuff lands and rules for which rules can perform which things are configured in keystone then you can do the things in this blueprint	22:12
termie	ohnoimdead: i don't know about that, i think almost all of your use cases in this blueprint are things you have no control over	22:12
termie	ohnoimdead: you are just the frontend to other services, you are not doing the authz on your side	22:12
*** novas0x2a\|laptop has joined #openstack-dev		22:13
termie	ohnoimdead: so unless you have a portion of your stuff that is only authz'd to certain roles it doesn't seem to be much use	22:14
termie	ohnoimdead: if you want to try to just match what orles the defaults are in a given service you could conceivably hide parts of the ui	22:14
*** nati has quit IRC		22:14
termie	ohnoimdead: but you wouldn't really know until you tried to make the request whether something was not authz'd	22:14
ohnoimdead	termie: i think we can call this case done if an admin user is able to assign a role to a user for a tenant, even if those roles/rules are statically defined. there's another conversation and probably several blueprints involved in actually providing ui for rbac and doing things like enabling/disabling functionality based on rules.	22:14
termie	ohnoimdead: alright, well you can do that now, i guess ia m just saying don't get your hopes up because i don't think this blueprint has a lot of bearing on reality	22:15
ohnoimdead	termie: yeah, for now horizon will allow you to attempt anything then surface the authz error	22:15
*** kbringard1 has quit IRC		22:17
ohnoimdead	termie: do you have any idea of what policy.py in keystone will look like?	22:17
*** mfer has joined #openstack-dev		22:18
termie	ohnoimdead: exactly like the one in nova	22:19
termie	ohnoimdead: the policy.json will look like "rule:is_admin -> role:admin"	22:19
*** mfer has quit IRC		22:19
termie	ohnoimdead: for the moment keystone only cares whether you are an admin (can do anything in the system) or not an admin (can't do admin stuff)	22:20
termie	ohnoimdead: that will rapidly blossom into more, but that is what is going on today	22:20
ohnoimdead	termie: so no "project admin" then...	22:21
termie	ohnoimdead: correct, binary permission	22:21
termie	ohnoimdead: admin or not admin	22:22
ohnoimdead	termie: hm, maybe you are right then and we just need to punt this one into folsom.	22:22
termie	ohnoimdead: obviously we all want more stuff, but the point is that is not what is happening right now	22:22
termie	ohnoimdead: the groundwork will be there to do it, and we can get wild and crazy and take our shirts off and drink beers two at a time	22:22
termie	ohnoimdead: but today we are wearing business suits and grudgingly waiting for 5pm	22:23
ohnoimdead	termie: it's my damn birthday and what do i get? bupkis, that's what.	22:23
termie	ohnoimdead: is it your birthday?	22:23
termie	ohnoimdead: added you on facebook	22:24
termie	ohnoimdead: we are going to be best friends	22:24
*** lts has quit IRC		22:24
ohnoimdead	termie: O_o	22:25
termie	ohnoimdead: o_0	22:26
* eglynn is stumped by https://jenkins.openstack.org/job/gate-glance-python26/49/console		22:27
eglynn	despite mutiple attempts, can't repro failures on oneiric with python 2.6 or 2.7	22:27
anotherjesse	heckj: getting lunch but I think we've determined the 4 issues that cause the problem with tokens from earlier)	22:28
eglynn	bcwaldon: ^^^ smell to you like a transient failure, or?	22:28
termie	ohnoimdead: sorry, we were already best friends	22:28
* eglynn is grasping at straws ....		22:28
bcwaldon	eglynn: yes, retriggered	22:29
ohnoimdead	termie: facebook is full of lies.	22:29
termie	i am going to move this conversation to a cafe	22:30
termie	SEE Y'ALL NEVER	22:30
ayoung	termie, before you go hog wild, can you approve https://review.openstack.org/#change,4639	22:31
heckj	anotherjesse: yep - are these tracked in bugs now? Need openin'?	22:31
heckj	I managed to snag lunch earlier - hence my need to real the scrollback while you were dissecting with termie, jaypipes, dprince, etc/	22:32
*** tomoe_ has joined #openstack-dev		22:34
jeblair	Kiall: the problem is that jenkins has started calling its plugins with a .jpi extension, but there are still .hpi files in the directory, so if you have an old gerrit-trigger.hpi and upload a new one (uplodaing through the web renames it on the fly), you'll have both in that directory, and jenkins doesn't seem to like that. so the .hpi file should be removed before installing a .jpi	22:34
*** hashar has quit IRC		22:36
openstackgerrit	Verification of a change to openstack/glance failed: Disallow file:// sources on location or copy-from. https://review.openstack.org/4602	22:37
*** andrewsmedina has joined #openstack-dev		22:37
*** 52AAAJ562 has quit IRC		22:38
*** cp16net has quit IRC		22:40
aweiss	was wondering if someone could quickly explain why I would receive a "tenant_usages" error when using keystone and python-novaclient?	22:40
*** aweiss has quit IRC		22:44
*** apevec has quit IRC		22:48
*** dtroyer has quit IRC		22:48
*** apevec has joined #openstack-dev		22:53
apevec	heckj, what's the conclusion re. auth_token bug 942895 ? I see dprince revoked his fix saying "still discussing this offline"	22:54
uvirtbot`	Launchpad bug 942895 in keystone "remove auth_token middleware support for admin_user/password" [Undecided,In progress] https://launchpad.net/bugs/942895	22:54
openstackgerrit	Verification of a change to openstack/keystone failed: LDAP member defaults https://review.openstack.org/4639	22:54
*** ayoung is now known as ayoung-goinhome		22:55
heckj	apevec: it's a collection of issues all at once, with a plan of attack to resolve. key elements:	22:56
heckj	*) auth_token should NOT be configured with the service token, it should use the tenant/user	22:56
heckj	*) the service should send 503 "service unavailable" when the service can't get a token via admin user/pass to validate with	22:56
heckj	*) the service tries to get a new admin token when the user's token fails to validated (should return 401 unauth)	22:57
*** markvoelker has joined #openstack-dev		22:57
*** markvoelker has left #openstack-dev		22:57
heckj	apevec: resolution for E4 will be to create users for each opestack service (nova, glance, quantum, etc), and update auth_token to behave appropriately.	22:58
apevec	sounds good	22:58
heckj	apevec: another part of the issue is auth_token is cleared after an attempt to validate any token fails under the (outdated) assumption that admin_token has expired and a new one is needed	22:58
heckj	hence the need for the service unavailable that also logs an error in keystone logs (when it happens) so that it's clear what's failing. It was previously all muddled together	22:59
*** hub_cap has joined #openstack-dev		22:59
*** Gordonz has quit IRC		23:01
*** bhall has quit IRC		23:02
Kiall	jeblair, ah.. I saw the jpi and was wondering what it was...	23:05
*** zzed has quit IRC		23:06
*** Mandell has quit IRC		23:08
*** dtroyer has joined #openstack-dev		23:11
*** hashar has joined #openstack-dev		23:18
*** mfer has joined #openstack-dev		23:18
*** Mandell has joined #openstack-dev		23:22
*** hub_cap has quit IRC		23:23
*** hub_cap has joined #openstack-dev		23:23
*** nati has joined #openstack-dev		23:38
*** AlanClark has quit IRC		23:40
PotHix	Someone working with quantum-client?	23:42
*** shang has joined #openstack-dev		23:43
anotherjesse	heckj: thanks for answering apevec - … need to create bugs and target E4 - some of them are devstack, some are keystone	23:43
anotherjesse	heckj: I'm going to driving home and continue working from there - have you have a chance to create/update bugs related to the doc, plz do - (update the etherpad) and I'll work at home soon	23:44
*** danwent has quit IRC		23:45
*** anotherjesse has quit IRC		23:49
heckj	anotherjesse: will do	23:50
*** jakedahn has quit IRC		23:52
*** mattray has quit IRC		23:52
*** johngarbutt has joined #openstack-dev		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!