Thursday, 2013-03-21

« Wednesday, 2013-03-20 Index Friday, 2013-03-22 »
*** ladquin1 has joined #openstack-dev00:00
dolphmttx: https://review.openstack.org/#/c/24944/00:01
*** jaybuff has left #openstack-dev00:01
*** ladquin has quit IRC00:01
termiedolphm: emailed you about trusts00:01
dolphmtermie: rip it for grizzly?00:02
*** alop has quit IRC00:02
*** ladquin2 has joined #openstack-dev00:02
*** amerine has joined #openstack-dev00:03
termiedolphm: out of core, yeah00:04
*** ladquin2 has quit IRC00:04
dolphmtermie: are you opposed to the api, impl, or both?00:04
*** capnkooc has joined #openstack-dev00:04
termiedolphm: both00:04
termiedolphm: the api i feel should not touch core because it doesn't need to00:04
*** Nachi has joined #openstack-dev00:05
*** nati_ueno has quit IRC00:05
termiedolphm: the impl would be better served by oauth IMO, i'm at this point willing to implement that as a counter example extension00:05
*** ladquin1 has quit IRC00:05
*** markmcclain has joined #openstack-dev00:06
termiedolphm: gotta go graba  snack so i don't die00:07
dolphmtermie: erm, grizzly version bump is gating at this moment -- should i stop it? do you already have a rip-it-out patch?00:07
termiedolphm: can paste you a bunch of scrollback after i get back00:07
termiedolphm: i do not, originally ayoung was going to do it but then he waffeld on his decision :p00:07
*** zbitter has joined #openstack-dev00:07
dolphmtermie: yeah, that's a massive change very late in the game00:07
termiedolphm: it is going to be technical debt forever if it goes into core00:08
dolphmtermie: it's certainly possible -- but wish we could have had this discussion like a month ago00:08
*** ladquin has joined #openstack-dev00:08
*** colinmcnamara has joined #openstack-dev00:08
termiedolphm: well it started a week or more ago00:08
*** kikonio has joined #openstack-dev00:08
termiedolphm: somebody is waiting on me for sandwich getting00:08
*** colinmcnamara has quit IRC00:08
dolphmtermie: gate is stopped, i'll be around00:08
termiedolphm: i will return shortly however if that long can be waited00:08
*** egallen has quit IRC00:09
*** zaneb has quit IRC00:10
*** sthaha has joined #openstack-dev00:11
*** mestery has quit IRC00:11
*** ladquin has quit IRC00:12
*** ladquin has joined #openstack-dev00:13
*** ladquin has quit IRC00:15
*** tomoe_ has joined #openstack-dev00:16
*** gyee has quit IRC00:16
*** matiu has joined #openstack-dev00:17
*** ladquin has joined #openstack-dev00:19
*** colinmcnamara has joined #openstack-dev00:19
*** kikonio has quit IRC00:21
*** yamahata_ has quit IRC00:21
*** Gordonz has quit IRC00:21
*** jhesketh has quit IRC00:22
*** colinmcnamara has quit IRC00:22
*** gyee has joined #openstack-dev00:22
dolphmtermie: https://review.openstack.org/#/c/24952/00:22
*** ladquin has quit IRC00:23
*** gyee has quit IRC00:23
*** kikonio has joined #openstack-dev00:23
*** ladquin has joined #openstack-dev00:23
*** kikonio has quit IRC00:25
*** kikonio has joined #openstack-dev00:25
*** ladquin has quit IRC00:27
*** ladquin has joined #openstack-dev00:29
*** lmatter has joined #openstack-dev00:30
*** AlanClark has quit IRC00:30
*** AlanClark has joined #openstack-dev00:30
*** kikonio has quit IRC00:30
*** jcmartin has quit IRC00:32
openstackgerritA change was merged to openstack/quantum: Fix typo in policy.json and checks in nicira plugin  https://review.openstack.org/2449400:33
*** ladquin has left #openstack-dev00:33
*** jhesketh has joined #openstack-dev00:35
*** markwash has quit IRC00:36
openstackgerritA change was merged to openstack/keystone: Enable emulation for domains  https://review.openstack.org/2493600:38
*** jcmartin has joined #openstack-dev00:39
*** vipul is now known as vipul|away00:40
*** anteaya has left #openstack-dev00:45
*** esp has quit IRC00:45
*** AlanClark has quit IRC00:45
*** dolphm has quit IRC00:46
*** dolphm has joined #openstack-dev00:51
dolphmtermie: o/00:51
ayoungdolphm, termie I never waffled.  I was waiting to be pursuaded00:53
dolphmayoung: lol, i opened a patch to make trusts optional if we want to be noncommittal about it00:54
ayoungdolphm, we had a pretty full discussion here.00:54
ayoungdolphm,  is it part of the V3 API or isn't it?  Is it something we are going to support or not?00:55
ayoungDisabling it is probably fine, especially as it is a new feature, and that gives us a kill switch if there is a problem00:55
termiehola00:55
ayoungBut that is not what he is saying.00:55
*** soody has quit IRC00:56
termieayoung: the conversation we had before had seemed to end with "okay, i'll make it an extension after i submit this patch"00:56
termieayoung: is where the "waffled" came in ;)00:56
ayoungtermie, no, I never meant that,  sorry if I gave that imporession.00:56
ayoungI said that I had to deal with the patch before I could even think clearly about it00:56
*** maoy has joined #openstack-dev00:57
ayoungSo,  three things00:57
*** vipul|away is now known as vipul00:57
ayoung1.  should Trust CRUD be in core or extensions.00:57
*** mrodden has quit IRC00:57
termieayoung, dolphm: i think makign it disabled in the current code would be the minimal step so that people don't use it before it gets modified00:57
termieayoung, dolphm: and would scare ttx significantly less00:57
dolphmayoung: it should either all stay or go together00:57
ayoung2.  Should Creating a token from a trust be in /tokens or under extensions00:57
ayoungand 3 should the default delegation mechanism be oauth00:57
dolphmtermie: +1 that's my goal00:58
dolphmnever scare ttx00:58
*** Nachi has quit IRC00:58
dolphmdisabling it out of the box means we can say its a tech preview type thing, and then we can pull the API out of identity-api and doc it separately, and revise it ground up if need be00:58
termiedolphm: that would be enough to keep me happy and from having to stay up for the next two days00:58
dolphmtermie: awesome00:59
termiedolphm: i'll then be able to produce an oauth'd example and convince ayoung to help pull the trusts stuff out00:59
ayoungdolphm, so can people then use it?00:59
*** lmatter has quit IRC00:59
ayoungdolphm, oauth won'00:59
dolphmayoung: sure, you just have to manually set keystone.conf [trust] enabled = True00:59
ayoungt be there until Havana00:59
termieif we want to decide to pull things out at this time (pulling them out after release or whatever, but decide to do it) i am okay with that htough00:59
ayoungdolphm, but we are telling them that we are planning on yanking it01:00
ayoungmaybe01:00
dolphmayoung: yes01:00
ayoungThere are people counting on delegation01:00
dolphmayoung: it's a "this is a beta feature and may significantly change before it's stable" type thing01:00
dolphmayoung: they'll just have to understand that the api & behavior may change radically between grizzly and havana01:01
*** ewindisch has quit IRC01:01
*** salv-orlando has quit IRC01:01
ayoungdolphm, how about this01:01
ayoungwe move the URL to /extensions for the CRUD01:01
ayoungindicating that the contract for that may change01:02
dolphm /extensions is for listing extensions01:02
dolphmayoung: a proper extension is just as stable and supported as core01:02
ayoungdolphm, so isn't this what we have the API versioning for, then?01:03
ayoungIf it changes in Havana. it is no longer /v301:03
*** nati_ueno has joined #openstack-dev01:04
ayoungdolphm, so termie makes some good points.  However, either we are going to support it or we are not. I am OK with the Kill switch as a safety override, but I am not OK with saying no supported delegation mechanism01:04
ayoungI am OK with oauth support coming in Havana and deprecating trusts01:04
ayoungAlthough I don't know that it really is an improvement, I'll defer to people that have more vested in it, so long as we have the same functionality01:05
*** CaptTofu has joined #openstack-dev01:06
*** roampune_ has quit IRC01:07
ayoungdolphm, it is my understanding of oauth that it is a superset of the functionality of trusts.  It would need a persistence layer, and thus the CRUD API would still apply01:07
*** jamielennox has joined #openstack-dev01:08
*** stevemar has joined #openstack-dev01:08
ayoungalbeit, the normal approach to creating a delegation agreement in oauth seems to be initiated by the service requesting the trust as opposed to the user.  Both approaches would fit in the same data model.01:08
dolphmayoung: unless we find a huge problem with v3.0, havana should be v3.1, be backwards compatible with v3.0, and live on the same endpoint /v3/01:08
ayoungdolphm, and the trusts mechanism would be deprecated01:09
ayoungif we decided to do so01:09
dolphmayoung: i'm not sure we have precedence for deprecating a portion of an api -- that would require a major version bump as you're introducing a major backwards incompatibility01:09
ayoungEither we are going to support it in Grizzly or not.  We can, of course, provide a mechnism for the users to discover if it is enabled.01:09
ayoungdolphm, It would get removed in 4, then01:10
ayoungWhenver we decide to to that01:10
ayoungdeprecating in a minor version is OK, so long as it is not removed01:10
*** sirushti has joined #openstack-dev01:11
dolphmayoung: i disagree completely, as the minor version is not exposed to the end user01:11
ayoungI suspect, though, the there would be no reason to do so, as the oauth API and the trust API would be complementary.  Perhaps there would be some overlap, but I am not sure that is the case for the most part01:12
ayoungdolphm, deprecating is an indicator to the integrator that there is a different API they should be using01:12
ayoungIt does not remove the function01:12
ayoungI'm OK with the kill switch, but it should default to 'On'01:13
*** tomoe_ has quit IRC01:14
openstackgerritA change was merged to openstack/python-quantumclient: add  2.2.0 release note in index.rst file  https://review.openstack.org/2463301:14
openstackgerritA change was merged to openstack/quantum: Imported Translations from Transifex  https://review.openstack.org/2495101:14
*** lloydde has quit IRC01:14
*** networkstatic has quit IRC01:15
*** winston-d has joined #openstack-dev01:15
ayoungtermie, question for you.  DOes oauth provide a standard way for a user to query the agreements they have set up with a remote service?01:15
*** dsanders1 has quit IRC01:16
ayounghttp://tools.ietf.org/html/rfc584901:16
termieayoung: nope, usually the service provides a list of outstanding authorizations, but that isn't part of the spec01:16
ayoungOK, so that is the CRUD API01:16
ayoungcan we accept that, oauth or no, we will need something like that?01:17
termieayoung: why?01:17
ayoungtermie, so the user can see what they have set up, and potentially cancel it later?01:17
termieayoung: i think we should have something like that but i don't like your arguments to keep things not in an extension01:17
*** tomoe_ has joined #openstack-dev01:17
*** jamielennox has quit IRC01:18
ayoungtermie, extension or core for that is irrelevant.  It is whether we support it or not.01:18
ayoungI'm OK with moving it to an extension, just not dropping it01:18
termieayoung: i think you are arguing with the air at this point01:18
ayoungtermie, as I said, there are 3 things.  that was one of them01:19
ayoungthe second isoauth, which is not happening in grizzly01:19
ayoungis oauth01:19
termieayoung: there will be crud in the extension i would assume01:19
termieayoung: i don't know what youa re getting at, i was never arguing abotu whether crud exists01:20
termieayoung: and nobody else was either01:20
ayoungtermie, so the next is whether we have oauth or the current mechanism for getting a delegated token01:20
termieayoung: oauth01:20
termieayoung: or your extension01:20
termieayoung: i'll do my best to show that oauth is the better option01:21
*** nati_ueno has quit IRC01:21
ayoungtermie, perhaps it is better in an absolute sense01:21
ayoungI don';t know it well enought01:21
ayoungbut01:21
*** mrodden has joined #openstack-dev01:21
ayoungthere is the question of doing an oath implementation now for Grizzly01:21
termieayoung: when is grizzly?01:22
ayoungFeature freeze was about three weeks ago01:22
*** terry7 has quit IRC01:22
termieayoung: so how is it an option to do an oauth impl tonight?01:22
ayoungtermie, I don't think it is.  THat is my point01:23
ayoungso if we rip out trusts01:23
ayoungwe have no delegation01:23
dolphmtermie: your two nits on spaces are actually just horrible rendering by gerrit :( it's not a monospace font when it tries to make things bold01:23
termieayoung: we will have a delegation extension people can add01:23
termiedolphm: oh really, okies01:23
dolphmtermie: regardless, tests were failing -- i posted another patch while i run the full suite again myself01:23
termieayoung: extension != on the same schedule01:24
ayoungtermie, I don't think that is for you or I to decide01:24
*** amerine has quit IRC01:24
ayoungyou or me...01:24
termieayoung: sure thing01:24
* ayoung tired01:24
dolphmtermie: the implementation would have be to external to keystone to abide by it's own schedule, correct?01:24
termiedolphm: yup01:24
termiedolphm: or a separate package at least01:25
termiedoesn't make it hard to do in the least01:25
termiein fact that is usually what an extension is01:25
termiethey aren't all "contrib"01:25
dolphmtermie: without monkey patching, we don't have a way for an external package to legitimately add it's own api01:26
termiedolphm: yeah we do, it is in the paste conf01:26
dolphmtermie: to add its own router and everything?01:26
termiedolphm: it is a middleware, those route fine01:27
dolphmtermie: ah, i assumed that wasn't what you meant01:27
termiedolphm: i mean, i don't know how much you ahve changed, but that was the whole point01:27
termiedolphm: https://github.com/openstack/keystone/blob/master/keystone/routers.py#L3101:27
termiedolphm: erm that is not the right one01:28
dolphmtermie: wsgi.Middleware or something01:28
termiedolphm: https://github.com/openstack/keystone/blob/master/keystone/common/wsgi.py#L49901:28
ayoungSo do oauth as an extension.  But we've committed to delegation in Grizzly.01:29
termieayoung: if it is an extension it is available whenever you'd like it01:29
harlowjahas anyone been running the oslo-incubator tests successfully, like from nosetests?01:29
harlowjaall sorts of odd errors when i run it, ha01:29
ayoungtermie, I don't think so.  Remember, this isn't just doing a web app for a single company.  We are going to do a cut for Grizzly.  That is going to start the grizzly-stable branch, and that is what people will be using.  An extension would not be part of that no matter when it is cut.  It would have to be ported, and I don't think a new extension would meet the criteria for being ported to stable.01:32
ayoungWhich effectively bumps it to the next major release01:32
*** anniec has quit IRC01:32
termieayoung: what? totally opposite01:32
termieayoung: if grizzly is stable, you now have a perfect target to provide your extension for01:32
ayoungBut it isn't in the release.  Which means that people cannot plan on it being available.01:33
termieayoung: they can plan on it being available if you write it right now01:33
termieayoung: or just tell them when it will bne available, this is the whole point of extensions01:33
ayoungWhich is why I spent this release writing it, getting it reviewed, and fixing it.  So it would be ready on Day 1.01:34
termieayoung: day 2 ain't bad and you'll have more freedom with an extension anyway01:34
*** capnkooc has quit IRC01:35
ayoungoauth may be a better standard, but then again, there are better standards for SSO than the bearer tokens in Keystone.  Trusts is designed to work with the current auth mechanism in as simple a manner possible.  Before I chose to go oauth, I would look at a range of options.  I have yet to hear, on its technical merits, a reason that justifies delaying this feature.01:36
ayoung"It is wrong" is not a reason01:36
ayoungoauth is better is not a reason.  It is a reason to do oauth in Havana, or as an extension01:37
ayoungIf oauth is somehow compromised by Trusts, then we can choose to deprecate trusts01:37
dolphmayoung: to be fair, you spent this release writing it, and a FFE having it reviewed01:38
ayoungdolphm, it was backed up behind V3 Auth....01:38
dolphmabsolutely01:39
ayoungI originally wrote it in October and first posted it for review in December01:39
*** dims has quit IRC01:39
*** dolphm has quit IRC01:41
*** oubiwann has quit IRC01:41
*** dolphm has joined #openstack-dev01:42
termiewelcome back01:42
dolphmo/01:43
*** pabelanger has joined #openstack-dev01:43
*** jcmartin has quit IRC01:43
termiefor the record i do think "it is wrong" is a valid reaosn01:43
*** yaguang has joined #openstack-dev01:43
termiewhen you have established there is a better way to do it01:43
dolphmayoung: i don't find it acceptable to release an api-level feature that you have no intention of supporting next release01:44
*** markmcclain has quit IRC01:44
dolphmayoung: if our goal is to get it out there and have people try it out while we work out kinks and improve upon it, putting it out there and letting those users enable it is the right way to go01:46
ayoungdolphm, I am not the one claiming I have no intention of supporting it01:46
ayoungdolphm, I stated that I was willing to accept that oauth might supplant it01:46
ayoungbut right now, I have no plans to implement oauth. termie states he is willing to implement it01:47
crazedif i could get some feedback on https://bugs.launchpad.net/keystone/+bug/1158077 i wouldn't mind taking a stab at implementing the fix01:47
uvirtbotLaunchpad bug 1158077 in keystone "user crud in ldap backend breaks when changing user_name_attribute and user_id_attribute" [Undecided,New]01:47
dolphmayoung: acknowledging that there may be a better solution is a huuuuuuge argument toward "this should be a non-core extension and be released as a beta"01:47
termiedolphm, ayoung: implementing oauth falls well into my "spite coding" sweet spot01:48
termieor at least "angry coding"01:48
ayoungdolphm, I would feel more comfortable saying tokens was wrong01:48
dolphmtermie: you have 7 hours, go01:48
termieayoung: tokens was wrong, we're on bored for that01:48
ayoungheh01:48
termies/bored/board/01:48
*** yaguang has quit IRC01:49
*** gongysh has quit IRC01:49
ayoungdolphm, so, until we have oauth, we use the implementation in the code base to use a token to get a token.  I don't see anything wrong with that implementation01:49
ayoungdavid chadwich would be here arguing for mapping as you recall01:49
dolphm+1 i'd like to see tokens replaced but i don't know what the best solution is -- we have a summit talk on that though01:49
ayoungthey actually submitted a patch for that, even01:49
dolphmyep, i'm not opposed to the concept, but the api and implementation both needed considerable work01:50
termieturns out oauth would probably handle most of that too ;)01:50
ayoungI'm all for being a purist during design.  I am willing to include oauth as one, potential, standard for doing delegation.  That is afar way from saying it is better for our needs thant what we have01:50
ayoungdolphm, agreed.01:50
termieayoung: it is better for our needs than what we have01:51
dolphmlol01:51
ayoungdolphm, if you are going to do that with trusts, you should do it for the whole V3 api.01:52
*** maoy has quit IRC01:52
ayoungThe arguments are the same.01:52
ayoungShould we disable V3 by default?01:53
termiethat would be rad :)01:53
*** Ryan_Lane has quit IRC01:53
termienot changing things are the easiest things to support01:53
termiei suspect that will be too large a battle to win, however01:54
ayoungcrazed, as you can see, we are in a bit of a discussion here, but looking at the bug...01:55
*** xchu has joined #openstack-dev01:55
*** soody has joined #openstack-dev01:55
*** anniec has joined #openstack-dev01:59
*** ayoung has quit IRC02:02
*** ayoung has joined #openstack-dev02:02
dolphmayoung: "trusts need to be enabled by default" -- you haven't said anything to justify "need" other than suggesting that a proprietary product at red hat is crippled without trusts; if it's proprietary, red hat can ensure trusts are enabled in their own deployments02:02
*** pabelanger has quit IRC02:03
ayoungIt is not a proprietary red hat product that is crippled02:03
ayoungThis feature request came from another team on openstack.02:03
termiedolphm: i am kinda thinking 7 hours might be enough, will see how long it takes to duplicate the appropriate tests02:03
dolphmtermie: i was sort of joking and was worried you take up the challenge02:04
*** danwent has quit IRC02:04
ayoungdolphm, plus, talk to gyee, as his company stated that they need the feature as well.02:05
ayoungWe need a mechanism to allow us to get away from bearer tokens02:05
ayoungif trusts or a comparable other feature that we can count on is not there, we cannot make use of a better auth mechanism02:06
crazedayoung: it's all good, it's an interesting discussion, i wouldn't be able to work on it until tomorrow anyway02:06
termiedolphm: i am strangely manipulable :p02:06
*** jsindy has joined #openstack-dev02:06
ayoungtermie, where were you when this could have resulted in something productive?02:06
dolphmayoung: yes, the community has use cases for delegation and impersonation, but not if we can't stand behind the implementation for 18 months02:06
*** jaybuff has joined #openstack-dev02:07
*** mrodden has quit IRC02:07
ayoungdolphm, I can stand behind trusts for 18 months.  If it gets pulled, it will be because it was replaced by something superior that did everything trusts can do and more, but that something does not exist right now.02:07
dolphmtermie: i'm still wondering what about breaking your face made you run_tests on keystone02:07
ayoungI would not bother implementing oauth.02:07
termiedolphm: new outlook on life?02:08
ayoungBut termie is welcome to02:08
ayoungand if he does02:08
ayoungAND it is accepted and used02:08
ayoungthen we mark trusts as deprecated02:08
ayounguntil that exists, we have a mechanism.02:08
ayoungAnd, to be honest, there is no reason that trusts and oauth can't co-exist.02:09
ayoungSo, yes, 18 months on trusts.02:09
dolphmayoung: competing solutions for the same use case is what defines non-core02:11
dolphmtermie: how familiar are you with the v3 spec?02:11
*** darjeeling has joined #openstack-dev02:13
termiedolphm: low familiarity, won't need much to write a spec02:13
termies/spec/extension/02:13
termiedolphm: did we change response formats to something more standardized?02:13
dolphmtermie: a bit, yes02:13
dolphmtermie: scroll down a bit from here https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md#authenticate-post-authtokens02:14
termiedolphm: oh the famed "methods"02:15
*** jaybuff has quit IRC02:15
termiedolphm: most of what i have to return is a token02:15
dolphmtermie: the token itself is returned in a header, not in the body02:16
termiedolphm: looking at this: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md#authentication-responses02:16
termiedolphm: the hard part i expect is that you guys probably normalized the tokens02:16
*** jsindy has quit IRC02:17
termiedolphm: which results in get-token mkaing a bunch of calls02:17
termiedolphm: instead of 102:17
*** anniec has quit IRC02:17
termiedolphm: (checking)02:17
*** mohits has joined #openstack-dev02:17
*** mohits has joined #openstack-dev02:17
dolphmtermie: in the driver?02:17
*** pixelbeat has quit IRC02:18
termiedolphm: in validate_token i suppose02:18
termiedolphm: actually looks doable as is02:18
dolphmtermie: are you looking at keystone.auth or keystone.token02:19
termiedolphm: roles are pulled from metadata02:19
termieoh right, two copies of the same code02:19
termiewill check the other too02:19
dolphmyeah...02:19
termiecurrently .token02:19
openstackgerritA change was merged to openstack/swift: Fix misspelled variable.  https://review.openstack.org/2494802:19
*** yaguang has joined #openstack-dev02:20
ayoungdolphm, I have to turn in, I'm on east coast time, and have two little boys whose internal alarm clocks are set way too early.  Lets discuss this tomorrow?02:20
dolphm*sigh* validate_token is calling get_token at least twice02:20
termiedolphm: yeah, normalized in there02:20
*** AlanClark has joined #openstack-dev02:21
termiedolphm: it does a _populate_roles in the token_factory.TokenDataHelper02:21
termiei think this token_factory is pretty much altogether a bad idea02:21
*** nunosantos has quit IRC02:21
termieyou should be building the token at creation time not fetch time02:21
dolphmtermie: the only catch there is that the token structure is different on each api, and ideally a token from one api can be used and validated on the other02:23
termiedolphm: by "each api" do you just mean between v2 and v3?02:23
dolphmtermie: yes02:23
termiedolphm: or do you mean different calls?02:23
dolphmtermie: create token on v2 -> validate on v3, etc02:23
termiedolphm: i think that probably wasn't necessary02:24
*** ewindisch has joined #openstack-dev02:24
termiedolphm: these tokens barely even get cached anywhere as it is02:24
termiedolphm: they are going to use a library02:24
termiedolphm: and just get a new one02:24
dolphmayoung: termie: was anyone else involved in ya'll conversation from earlier / this past week?02:25
termiedolphm: anyway, the stuff in token_factory doesn't let you give it the data it needs, it always looks up stuff02:26
dolphmtermie: auth_token itself has the best caching probably, for it's own token02:26
dolphmnotsomuch a factory02:26
termiehttps://github.com/openstack/keystone/blob/master/keystone/auth/token_factory.py#L13002:26
ayoungdolphm, I don't think so.  There might have been a fair number of lurkers, but no one contributed AFAICR02:26
termiedolphm: it calls all that stuff on validate_token :(02:27
termiedolphm: in effect "validate_token" the call that should be the fastest02:27
termieis actually the slowest02:27
termieit builds teh catalog in there too02:27
*** aeperezt has joined #openstack-dev02:28
dolphm:(02:29
openstackgerritA change was merged to openstack/ceilometer: enable xml error message response  https://review.openstack.org/2445502:30
dolphmfeature freeze needs to be like 12 weeks02:30
*** SlickNik has joined #openstack-dev02:31
termieor just review stuff beforei t goes in02:31
termieand be like, "holy shit this is making 30+ calls"02:31
termietoken response should be "fetch token by key, is this still valid? return it"02:32
dolphmtermie: the auth and trusts reviews both came really late in the v3 cycle; i basically wrote tests against them instead of reviewing as thoroughly02:33
dolphmtermie: on the basis that performance and nits can be quickly improved, broken api behaviors can't :(02:33
*** jog0 has quit IRC02:34
termiedolphm: this token_factory makes a lot of api behavior assumptions, unfortunately02:34
termiedolphm: but i think it can be fixed02:34
termiedolphm: i'd of course just sshred it all :p02:34
*** darjeeling has quit IRC02:34
termiedolphm: but i think some checks for "is this data already in the returned token"02:34
*** ayoung is now known as ayoung_zzz02:38
*** jamielennox has joined #openstack-dev02:39
*** vkmc has quit IRC02:40
dolphmtermie: ayoung_zzz: i think ayoung is gone for the night, but i'm going to split my patch up -- one to make trusts optional, which i think is valuable at least for security reasons (disable feature you're not using), and maintain the second patch as disabling them by default (which ayoung is currently blocking)02:42
*** adjohn has quit IRC02:42
*** jsindy has joined #openstack-dev02:43
*** ayoung_zzz has quit IRC02:43
dolphmtermie: ayoung_zzz: asking ttx to let us change the default after rc1 will be a simple swap of booleans02:43
*** jcmartin has joined #openstack-dev02:44
termiesorry, makerbot emergency to deal with02:46
termiegah, so many things are already built into this big ugly piece of code02:46
dolphmlol02:48
dolphmtermie: glad to have you back!02:48
termie...02:48
*** andrewbogott is now known as andrewbogott_afk02:49
termiei think this calls for a run to the corner store02:49
*** jaybuff has joined #openstack-dev02:49
termiedolphm: did you ever move out to sf?02:49
termiedolphm: or was that even an option?02:49
dolphmtermie: no, and it was a longshot02:49
*** jaybuff has quit IRC02:49
*** jaybuff has joined #openstack-dev02:49
termiedolphm: too bad, would be so much easier to do backroom dealings02:49
termiedolphm: in person02:49
termie;)02:49
dolphmlol02:50
openstackgerritA change was merged to openstack/cinder: Speedup solidfire unit tests  https://review.openstack.org/2492002:50
*** jsindy has quit IRC02:52
*** ayoung has joined #openstack-dev02:53
*** jamielennox has quit IRC02:56
*** jamielennox has joined #openstack-dev02:56
ayoungdolphm, on the kill switch, the if blocks are wrong, and actually dangerous as written.02:58
ayoungIf a token comes in with a trust_id, but trusts are disabled, then we need to return exception.Forbidden02:59
ayoungAs written, the processing will continue and the user will still get a valid token.02:59
termieayoung: he'd never have given a trust in teh first place02:59
dolphmayoung: it'll be an unscoped token, though -- as if the server doesn't understand trusts03:00
ayoungtermie, what if it was enabled and then disabled?03:00
termieayoung: you are making up stuff03:00
dolphmayoung: i'm about to post a split review you'll like03:00
termieayoung: go to sleep so we can talk behind your back03:00
ayoungdolphm, the check just needs to be in the first line:  like this03:00
ayoung if 'trust_id' in auth:03:01
ayoungif !CONF.trust.enabled  :03:01
ayoung raise exception.Forbidden()03:01
*** jaybuff has left #openstack-dev03:01
ayoungdoesn't need to be in every block, just the first one.  Depends on how paranoid you want to code it03:01
*** dmner has joined #openstack-dev03:02
ayoungdolphm, same is true for the delete tokens logic.  If the trusts were disabled, we can't confirm that the admins know to delete all the tokens in the database03:03
ayoungthere may still be outstand trust tokens03:03
termiedid we get rid of the openssl check?03:04
termie'cause i am on a different computer and just ran into that again :p03:04
termiewould have worked juuuust fine in the run_tests.sh03:04
*** stevemar has quit IRC03:05
dolphmtermie: isn't openssl in test-requires or pip-requires?03:05
dolphmor pyopenssl03:05
dolphmgrr, it's not03:05
termienot that03:06
termiethe version of openssal has to be abouve 103:07
ayoungtermie, if you want to do some valuable angry coding, get a decent set of openssl bindings for eventlet03:07
termieos x ships with 0.9.8 or something03:07
termieayoung: this is making me much happeier03:07
ayoungOr just adecent set of openssl bindings that don't run afowl of the GIL03:07
dolphmtermie: i think i brew installed 1.0.103:08
termieyeah sames03:09
termiedolphm: it just dies with a ton of cryptic errors without that03:09
termiedolphm: so i wrote some stuff in run_tests.sh03:09
dolphmtermie: i think you abandoned that review03:09
termiedolphm: then got asked ot move it to init.py, but that broke you all for some reason03:09
termiedolphm: so you reverted it03:09
dolphmtermie: that broke everyone but me03:09
termiedolphm: didn't break me either03:10
termiehmmm03:10
termiemaybe we have some secret powers03:10
dolphmtermie: do you manage your own venv or let run_tests build it for you?03:10
termiemanage my own03:10
dolphmsame03:10
termieINTERESTING03:10
termiei bet something about how run_tests.sh does the venving03:10
termiemakes with the hurty times for others03:10
termieoh weird i get a bunch of "too many open files"03:11
dolphmopenssl says hi03:11
termieopenssl also?03:11
dolphmi think so03:11
termieoh yeah, it didn't get moved iunto my path yet03:12
dolphmi had to increase my ulimit after we added openssl, and again after auth_token started caching stuff on disk in files03:12
*** krtaylor has joined #openstack-dev03:12
termieoh wait, still happening even after getting proper version03:13
dolphmgranted os x defaults to something really low (256?)03:13
termiedidn't seem to be a problem on my macbook air last week03:13
termieand this fucker is beefy03:13
dolphmnew one?03:14
termiewell, it is my work one but i brought it home03:14
termiei figured if i am going to be doing heavy lifting03:14
termie(actually i was working on docker earlier today, did you see that?03:14
termiedolphm: http://docker.io/03:14
termiepretty rad03:14
termiedolphm: but i needed a bunch of vagrants to test my stuff03:15
* dolphm reading03:15
*** jamielennox has quit IRC03:15
termieit's a dotcloud project03:16
termiei have a poc i want to write with it / around it so i asked for early access so that i can get it done for their launch and ride their publicity :)03:16
*** jamielennox has joined #openstack-dev03:16
dolphmhmm this seems really cool03:17
termiedolphm: hmm, increased ulimit to 1000 and still get errors03:17
termiedolphm: it is basically an lxc for a process wiht the output piped back to you03:17
dolphmtermie: mine has been at 1024 for at least a few months without issue03:17
termieoh, you know i think it was beause i have a "watch" running in the backgorund03:18
termiei guess it must be somehow keeping all the file descriptors that ack was using open03:18
*** jsindy has joined #openstack-dev03:18
*** esp has joined #openstack-dev03:19
termie(watch ack trrrt is a really good way to find and remove all teh references to trrrt)03:19
dolphmi use ack, but not watch03:20
termieit is like a countdown to no more mentions03:20
termieevery time you delete some lines the stuff gets smaller03:21
termiestill too many open files wtf world03:21
termiei'm at 1024s03:21
dolphmbrew install watch?03:21
termieyeah03:22
termiethe files open errors start once it gets to the checkouts03:22
*** stevemar has joined #openstack-dev03:22
termieerm the Kc11TestCase and such03:22
ayounggnight, all03:23
*** ayoung has quit IRC03:23
*** martine has quit IRC03:25
*** martine has joined #openstack-dev03:25
*** susanne-balle has quit IRC03:25
*** susanne-balle has joined #openstack-dev03:26
openstackgerritA change was merged to openstack/cinder: Add missing processutils for impl_zmq in oslo rpc  https://review.openstack.org/2494003:26
openstackgerritA change was merged to openstack/cinder: Update Cinder's latest copy of OSLO grizzly stable  https://review.openstack.org/2493303:26
termieseems to do fine without running the integration tests except for an oslo test that dies03:27
*** jasdeepH has quit IRC03:27
*** jsindy has quit IRC03:28
*** AlanClark has quit IRC03:28
*** AlanClark has joined #openstack-dev03:29
*** mohits has quit IRC03:31
*** jamielennox has quit IRC03:34
*** jamielennox has joined #openstack-dev03:34
*** danwent has joined #openstack-dev03:35
*** Ryan_Lane has joined #openstack-dev03:36
*** Mandell has quit IRC03:39
dolphmtermie: i resolved ayoung's comments, and he seemed to approve otherwise (and i'm not sure how thoroughly gyee reviewed?), but if you +1 i'll merge and cut rc103:40
dolphmhttps://review.openstack.org/#/c/24959/03:40
dolphmit's enabled by default there, and there's a subsequent review that ayoung -2'd to make it disabled by default03:40
*** ewindisch has quit IRC03:41
*** soody has quit IRC03:42
*** martine has quit IRC03:43
*** SergeyLukjanov has joined #openstack-dev03:44
*** AnilV4 has joined #openstack-dev03:48
*** jamielennox has quit IRC03:52
termiehrm, seems like the trust sql migrations changed more than trust03:52
*** jamielennox has joined #openstack-dev03:52
*** adjohn has joined #openstack-dev03:53
termieor i am crazy or something03:53
dolphmtermie: link?03:54
*** alexxu has joined #openstack-dev03:54
*** mohits has joined #openstack-dev03:54
*** mohits has quit IRC03:54
*** mohits has joined #openstack-dev03:54
*** jsindy has joined #openstack-dev03:54
*** stevemar has quit IRC03:57
*** adjohn has quit IRC03:57
termiedolphm: lookings03:57
termiedolphm: i already removed the line in my copy03:57
dolphmhttps://github.com/openstack/keystone/tree/master/keystone/common/sql/migrate_repo/versions03:58
termiedolphm: https://github.com/openstack/keystone/commit/eb4dd4afbffaa15be0af70a317da7034ae28dfd6#L3R6803:59
termiewas there no user_id table before?03:59
termielooks like no03:59
termies/table/column03:59
termiei guess i'll add that part back to the mgiration04:00
dolphmno, there wasn't -- it was buried in json04:00
termieyou don't get a weird oslo error, do you?04:03
termieit comes from the _test_auth_token_import.py04:03
*** ayoung has joined #openstack-dev04:03
termiecan't sleep?04:03
*** ewindisch has joined #openstack-dev04:03
ayoungdolphm, let me give it a thourough test before you merge04:04
ayoungtermie, nope.  For some reason I am a little wired04:04
dolphmayoung: thank you!04:04
*** jsindy has quit IRC04:04
dolphmayoung: i have the version bump pre-approved behind it, so they'll merge together04:04
ayoung test_auth_with_scope_in_trust_403  is a good idea04:06
*** esp has quit IRC04:06
*** novas0x2a|laptop has quit IRC04:06
termiei forget what i have to do to make gerrit work on a new computer04:06
termies/gerrit/git-review/04:06
termieis my gerrit name termie or termie@openstack.org04:06
termiedo i need keys somewhere?04:07
termieoh found it04:07
ayoungdolphm, this seems a little hard to parse:04:07
ayoungelif not CONF.trust.enabled and 'trust' in self.auth['scope']:04:07
ayoung186            raise exception.Forbidden('Trusts are disabled.')04:07
ayoung187        elif CONF.trust.enabled and 'trust' in self.auth['scope']:04:07
ayoungany reason you did the double if?04:08
dolphmayoung: i thought it was more clear, actually04:08
termie+49,-185404:08
termiehttps://review.openstack.org/#/c/24963/04:08
dolphmthat was a fast -204:09
ayoungIt needs to depend on a corresponding patch that implements an alternative04:09
*** aditirav has joined #openstack-dev04:09
*** jamielennox has quit IRC04:10
termieayoung: easier to write that patch when there aren't 1850 extra lines of code ;)04:10
dolphmif the alternative is an extension, it would be in a different repo and we couldn't create a dependency anyway04:10
ayoungtermie, it should be completely orthoganal.  Your implementation of oauth should not care that there are trusts.04:10
*** jamielennox has joined #openstack-dev04:10
*** zeriouz has joined #openstack-dev04:11
termieayoung: i'll let myself decide what i "should" do04:11
ayoungand I'll let myself decide what I should approve04:11
termieayoung: yup, just laying groundwork04:11
*** adjohn has joined #openstack-dev04:12
*** adjohn has quit IRC04:12
termieayoung: (makes it easier if you want to write an extension, too)04:15
*** avishay has joined #openstack-dev04:17
openstackgerritA change was merged to openstack/cinder: Remove the log spam generated by the NetApp driver unit tests.  https://review.openstack.org/2492204:21
openstackgerritA change was merged to openstack/quantum: NVP metadata access - create elevated context once  https://review.openstack.org/2441304:21
termiethis token_factory stuff sure is a tangle04:21
termieit calls quite a lot of 6 parameter methods on itself04:22
*** aditirav_ has joined #openstack-dev04:22
termiethen just dumps everything in extras anyway04:22
termiein fact, i wouldn't be surprised if the tokens somehow grew extra subtokens in themselves somehow04:23
dolphmayoung: did you want me to change something in that patch?04:23
ayoungdolphm, still looking, but yes.  Review in a minute.04:23
dolphmtermie: thanks04:23
termietoken_data = token_ref['token']04:24
termie'token' is sttored in the extras field04:24
termieso the token in the db looks like extras['token']04:25
dolphm(i actually think you wrote that)04:25
termieTHEN04:25
termiedolphm: not at all, watch ina we04:25
termieso it gets returned from the db, extras gets expanded to token.extra['token'] is now token['token']04:26
termieso token_data = token_ref['token']04:26
*** aditirav has quit IRC04:26
*** aditirav_ is now known as aditirav04:26
termiethen token_data['extras'] = token_ref['extras'] is set04:26
*** kagan has joined #openstack-dev04:26
termieso in the db we actually have token.extras['token']['extras']04:26
termieit should only be one extra level and there is probably nothing in it04:27
*** amotoki has joined #openstack-dev04:27
termiebut yeah, not how that is supposed to work04:28
termieso everything is doing two unroll / rerolls04:28
termieand it makes it very hard to read04:28
*** jamielennox has quit IRC04:28
termiei'm just trying to optimize the call so it doesn't look up things it already know04:29
termiebut damn if i can find where it even knows what it knows04:29
*** jamielennox has joined #openstack-dev04:29
termie(because it never looks for the data it has stored)04:29
*** lloydde has joined #openstack-dev04:29
*** jsindy has joined #openstack-dev04:30
termieluckily it still appears to be storing everything even if it ignores is04:30
ayoungtermie, see, this is why I wanted you engaged....04:30
ayoungjust your timing sucks04:31
*** melwitt1 has quit IRC04:31
*** ayoung is now known as ayoung_zzz04:32
harlowjadolphm: yt04:32
dolphmharlowja: o/04:32
harlowjayo, just some ideas if u have some time :-p04:33
harlowjarun 'em by (not oveR) u04:33
harlowjaha04:33
dolphmharlowja: go for it04:33
harlowjasome of the guys at y! were thinking that keystone could be split into a 'catalog' and the authentication and authorizon parts, the catalog especially seems like an odd  duck in keystone04:34
*** aeperezt has quit IRC04:34
termieharlowja: HAH04:34
harlowja:)04:34
harlowjawhatttt04:34
termieoh the lulz04:34
termieeverything old is new again04:34
harlowjathe circle of life04:34
harlowjaakoona matta04:34
harlowjalol04:34
termiethis project is one big i told ya so04:35
harlowja*hakuna matata04:35
termieharlowja: godspeed04:35
harlowjajust wondering why its joined04:35
*** esp has joined #openstack-dev04:36
harlowjakeystone redux304:36
harlowja:-p04:36
harlowjaother things that might just be interesting questions, users can exist without roles, whats up with that :-p04:36
termiehah it's even worse, token.extras['token_data']['token']['extras']04:38
termieharlowja: that is a feature04:38
*** vipul is now known as vipul|away04:38
termieharlowja: you don't need a role to be a user04:38
harlowjawhere is it useful? admin stuff?04:38
termieharlowja: you only need roles to do thing that require roles to do stuff (so probably in most cases, but read-only stuff in nova or whatnot might easily have no roles)04:39
termieanyway, i need to code04:39
harlowjano code allowed04:39
harlowjaha04:39
termieso i am not going to engage in discourse04:39
*** jsindy has quit IRC04:39
harlowjaso there is almost a 'NoRole' (role) :-p04:40
*** esp has quit IRC04:40
*** adjohn has joined #openstack-dev04:40
harlowjawhich is interesting since then the lack of roles has semantics04:40
harlowjaso meta04:40
harlowjaha04:40
*** boris-42 has joined #openstack-dev04:42
*** dmner has quit IRC04:43
dolphmharlowja: sorry, i was responding to ayoung_zzz's review comments -- did termie answer your question? lol04:44
harlowja:-p04:44
harlowjaeh, its more of a discussion, rather than an answer04:44
harlowjathe answer may not exist, idk04:44
dolphmi'm not sure i have a great answer, other than it seems like some decisions were made out of convenience, not ideals04:45
harlowjawe were just fixing some issues here since we put users in tenants with no roles, and there was some bugs that happened there (fixed in grizzly), and it was odd that users could exist without roles04:45
harlowjadolphm: sure sure04:45
dolphmharlowja: users in tenants with no roles?04:45
harlowjaright, or thats what i believe happened04:46
harlowja*running folsom*04:46
dolphmah, that was sort of an unintended feature that we dropped during grizzly (thanks ayoung!)04:46
*** jamielennox has quit IRC04:46
harlowjaah, thats cool04:47
harlowjagood to know04:47
*** jamielennox has joined #openstack-dev04:47
dolphmharlowja: if you migrate that data forward, we create a generic role and assign it to such user-tenant pairs, then go about enforcing the fact that you need a role to have a relationship with a tenant04:47
*** kaushikc has joined #openstack-dev04:48
harlowjaawesome, i think our ops are cleaning up it anyway in the DB04:48
dolphmharlowja: so, users can exist by themselves, and tenants can exist by themselves, but you must use roles to create relationships between them04:48
harlowjarighto04:48
harlowjathx04:48
dolphmharlowja: https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly#Upgrade_Notes_6 see Member role04:48
harlowjawoot, thx04:49
harlowjaand the other thing, the odd duckling, is just a thought, but has there been any thoughts about moving said 'catalog' out of keystone, i'm not sure if it makes sense, or maybe it was done before, or ….04:50
harlowja*u've probably been asked this alot04:50
harlowjaha04:50
*** vipul|away is now known as vipul04:50
dolphmi think it was included with keystone for convenience -- it simply made sense to return the catalog in a response from keystone04:51
*** olaph has quit IRC04:51
harlowjaunderstandable04:51
harlowjaohhhh, and the other one, i know in the v2 api, there wasn't a good way to say, get me all the roles a user is in, (without iterating over there tenant), does something like that seem useful, at least for something i am doing it could be, haha, but maybe v3 is better04:52
*** olaph has joined #openstack-dev04:52
dolphmharlowja: i'd be happy to see it split off if there was some complicated use case that warranted a division in labor/expertise04:53
harlowjasure04:53
harlowjai'm gonna get the guy who thinks it should be to describe it more :-p04:53
dolphmlooking for similar calls...04:54
dolphmList users with a role: GET /v3/roles/{role_id}/users04:54
harlowjaah04:54
dolphmList user's roles on domain: GET /v3/domains/{domain_id}/users/{user_id}/roles04:54
harlowjabasically the reason for that api, is that we have a sync process which goes and makes sure the users in our other system are synced with the ones in keystone, and extracting what keystone has for 'roles/tenants/roles' and what we want it to have for roles/tenants/users04:54
dolphmList user's roles on project: GET /v3/projects/{project_id}/users/{user_id}/roles04:54
harlowjacool, that might help04:55
*** jamielennox has quit IRC04:55
harlowjaand yes i know we shouldn't have to do said sync in the first place (just the backend should be better, haha)04:55
harlowja*our backend*04:55
*** jamielennox has joined #openstack-dev04:55
dolphmi think both solutions make sense for different reasons04:56
*** jbresnah has joined #openstack-dev04:56
*** jbresnah_ has joined #openstack-dev04:56
harlowjayup04:57
harlowjai'll mess around with those apis, just the iterating part is the PITA part, ha04:58
harlowjabasically to create a local view of what is in keystone, and then compare it against what the sync script belives should be the correct 'view' and then make keystone have that 'correct' view by applying various ws calls04:58
harlowjalike say, we have a system to know if new y! employees come onboard, daily adding there users, deleting peopel who left, and such (and interacting with nova to automatically do stuff with there vms)04:59
dolphmharlowja: that should be relatively efficient on v3 because it's all PUT / HEAD / DELETE calls without request/response bodies04:59
harlowjaall not so fun but needed stuff, ha04:59
dolphmdefinition of keystone ^04:59
harlowja:)05:00
termiedolphm: i think i mapped out this object05:00
termiehttps://gist.github.com/termie/521080305:00
*** noslzzp has joined #openstack-dev05:00
harlowjaack, extras fields05:00
harlowjaackkk05:00
harlowjaahhh05:00
harlowjajust say no to extras fields05:00
harlowja:-p05:01
*** BalleS_ has joined #openstack-dev05:01
dolphmtermie: ... now do it again for keystone.token :(05:01
dolphmwhy is domain in there twice05:01
dolphmwith no distinction05:01
*** aditirav has quit IRC05:02
termiesorry indented wrong05:02
termiethere are many things there twice05:02
termieharlowja: the extras field should have been called the "data" field or something05:02
dolphmoh that lines a dupe then05:02
*** aditirav has joined #openstack-dev05:02
termieharlowja: obviously nobody understood it and just proceeded anyway05:02
*** avishay has quit IRC05:02
harlowjatermie: the 'kitchen sink' field05:02
harlowja:-p05:02
harlowjaor the 'cubbard'05:03
termieharlowja: not the "kitchen sink" field, the "really, the token is this blob"05:03
harlowja:)05:03
termiethe other fields are only indexes for lookups05:03
dolphmare you saying the token is not a kitchen sink?05:03
termie_this_ token is05:03
harlowjaha05:03
*** susanne-balle has quit IRC05:03
harlowjatermie: i think our ops people at y! have a dart board with the extras field on it05:04
termienow to figure out what whackjob security considerations were put in05:04
termieharlowja: worst idea ever letting anybody touch this without taking a test first05:04
harlowjawhat kind of test05:04
termie"what is your data model"05:05
harlowjaah, good test05:05
termie"explain to me how an index works"05:05
*** winston-d has quit IRC05:05
termie"what does the database have to do to answer this question?"05:05
harlowja:)05:05
dolphmstart every code review with an interview05:05
*** jsindy has joined #openstack-dev05:05
harlowjau do know that nova also is similarily odd in lots of places :-p05:05
termiedolphm: i basically have to, which is why i stopped working on this05:05
termieharlowja: oh yes i do, that's why i stopped working on it first05:06
harlowjaha05:06
termienova-light will come around eventually05:06
termiesuper-nova05:06
harlowjai'm hoping to get some traction around state-management for it05:06
dolphmsunlight05:06
harlowjaits just so much is awkward05:06
termiewhole thing needs to be switched to a task queue05:07
harlowjafind a for loop in nova, say in run_instance, ask yourself what happens if the for loop breaks in the middle with an exception05:07
termieand people need to learn about idempotency05:07
termieANYWAY05:07
termieback to writing code05:07
harlowjatermie: yes, i'm gonna make it my mission in life to get there05:07
harlowjasomeday i tell u05:07
termieharlowja: you can have free beer from me as long as you keep trying05:08
harlowjaha05:08
dolphmtermie: i'm going to bed so i can talk to ttx as early as possible, if need be05:08
harlowjatermie: not just me, i've got peps involved05:08
harlowjamore than 1 :-p05:08
*** SergeyLukjanov has quit IRC05:08
harlowjajust its like a battle to the death05:08
harlowjaha05:08
harlowjabeat nova with stick05:09
harlowjaget beaten back by nova05:09
termiedolphm: aighty05:09
dolphmo/05:09
termiedolphm: i'll probably submit some patches that change the security profile of tokens05:09
*** BalleS_ has quit IRC05:09
*** dolphm has quit IRC05:09
*** garyk has quit IRC05:10
*** Mandell has joined #openstack-dev05:10
*** hattwick has quit IRC05:12
harlowjatermie: https://etherpad.openstack.org/the-future-of-orch if u get bored, ha05:13
*** jsindy has quit IRC05:15
*** Mandell has quit IRC05:17
*** ewindisch has quit IRC05:18
*** winston-d has joined #openstack-dev05:22
*** reed has quit IRC05:24
termiehrmph i'm getting all kinds of weird oslo errors :/05:25
termiewhat's the deal with all these tests failing in weird ways05:26
harlowjai had the same issue05:26
harlowjahahah05:26
harlowjaand the deeper question is how does CI pass :-p05:27
*** dolphm has joined #openstack-dev05:27
*** dolphm has quit IRC05:27
termieya mang05:27
harlowjai've sent markmc some questions, not really sure i know how it passes anywhere, maybe its my fault though, haha05:27
termiethere's got to be a leak in here05:28
harlowjaKeyError: 'AvailabilityZoneFilter' happens alot05:28
harlowjaand stuff like that05:28
*** jamielennox has quit IRC05:28
termieand i don't want to spend a week finding it05:28
harlowjasimilar errors for u?05:28
termieno05:28
termiei get too many files open05:28
*** sirushti_ has joined #openstack-dev05:28
harlowjaodd05:28
harlowjalol05:28
termiedolphm said he had it too05:28
termiei've already raised my ulimit05:28
harlowjai didn't hit that one :-/05:29
termiebut obviously something is leaking file descriptors somewhere05:29
*** jamielennox has joined #openstack-dev05:29
termierestarting computer just in case05:29
harlowjascan /proc and see which pid is doing it?05:30
harlowjafor example, for x in `ps -ef| awk '{ print $2 }'`;do ls /proc/$x/fd|wc -l;done05:32
*** navid_ has joined #openstack-dev05:34
*** olaph_ has joined #openstack-dev05:34
*** nati_ueno has joined #openstack-dev05:35
termiehrm rebooting didn't fix05:36
*** sirushti_ has quit IRC05:37
*** sirushti_ has joined #openstack-dev05:37
*** olaph has quit IRC05:37
harlowjakill all the processes, ha05:37
*** sirushti_ has quit IRC05:38
*** sirushti_ has joined #openstack-dev05:38
*** boris-42 has quit IRC05:39
*** jsindy has joined #openstack-dev05:41
*** sandeepr has quit IRC05:42
*** sandeepr has joined #openstack-dev05:43
*** kaushikc has quit IRC05:43
*** rushiagr has joined #openstack-dev05:44
*** gongysh has joined #openstack-dev05:45
*** AlanClark has quit IRC05:45
*** AlanClark has joined #openstack-dev05:45
*** koolhead17 has joined #openstack-dev05:46
*** garyk has joined #openstack-dev05:46
*** jamielennox has quit IRC05:47
*** jamielennox has joined #openstack-dev05:48
termiethis is frustrating05:49
openstackgerritA change was merged to openstack/keystone: Allow trusts to be optional  https://review.openstack.org/2495905:49
*** nati_ueno has quit IRC05:49
termiekind of making the rest of the coding diffficuly05:49
*** xchu has quit IRC05:49
termieupdating oslo05:49
termiemaybe that'll help05:49
*** yamahata has quit IRC05:50
*** jsindy has quit IRC05:50
termiefucking damnit05:52
termiei hate flaky tests05:52
*** jcmartin has quit IRC05:53
*** jbresnah has quit IRC05:54
termieseems to be some sort of failed cleanup when a test fails05:54
*** jbresnah_ has left #openstack-dev05:54
*** jbresnah has joined #openstack-dev05:54
termieor not05:55
*** koolhead17 has quit IRC05:56
*** Mandell has joined #openstack-dev05:56
*** AlanClark has quit IRC06:00
*** zaitcev has quit IRC06:01
*** jamielennox has quit IRC06:05
*** jamielennox has joined #openstack-dev06:06
*** yamahata has joined #openstack-dev06:06
*** dolphm has joined #openstack-dev06:09
*** arosen1 has quit IRC06:09
termiehalf of these errors are now "failed to read some config files"06:11
termiebut i assume those are part of the too many files thing06:11
*** dolphm has quit IRC06:14
termiethe tests run fine individually06:14
termietime to push it all and let jenkins sort it out06:16
*** jsindy has joined #openstack-dev06:17
termiesince apparently it is the only thing that can run these tests06:19
*** Mandell has quit IRC06:22
*** yaguang has left #openstack-dev06:25
*** aditirav has quit IRC06:26
*** lloydde has quit IRC06:26
*** jamielennox has quit IRC06:26
*** aditirav has joined #openstack-dev06:26
*** rohitk has joined #openstack-dev06:26
*** jamielennox has joined #openstack-dev06:27
*** jsindy has quit IRC06:28
*** winston-d has quit IRC06:29
*** jasdeepH has joined #openstack-dev06:30
*** tonyha has joined #openstack-dev06:30
*** kaushikc has joined #openstack-dev06:32
*** danwent has quit IRC06:32
*** nati_ueno has joined #openstack-dev06:33
*** markwash has joined #openstack-dev06:34
*** kaushikc has quit IRC06:35
*** baba has quit IRC06:36
*** nati_ueno has quit IRC06:38
*** Mandell has joined #openstack-dev06:44
*** winston-d has joined #openstack-dev06:44
*** jamielennox has quit IRC06:44
*** jamielennox has joined #openstack-dev06:45
*** noslzzp has quit IRC06:46
*** boris-42 has joined #openstack-dev06:49
*** baba has joined #openstack-dev06:52
*** jsindy has joined #openstack-dev06:54
*** AlanClark has joined #openstack-dev06:54
termiei wonder what these random non-public methods on the V2 and V3 keystone controllers are there fore06:59
termies/fore/for/06:59
*** jasdeepH has quit IRC07:00
*** AlanClark has quit IRC07:00
*** manas has joined #openstack-dev07:00
termiewow, these have the weirdest call sigs07:01
*** yaguang has joined #openstack-dev07:01
*** jamielennox has quit IRC07:02
*** jamielennox has joined #openstack-dev07:03
*** jsindy has quit IRC07:03
termielord almighty07:05
termiei suspect i would have done domains much differently as well07:06
*** winston-d has quit IRC07:06
*** kpavel has joined #openstack-dev07:08
*** BobBall has quit IRC07:08
openstackgerritA change was merged to openstack/nova: nova-manage: remove redundant 'dest' args  https://review.openstack.org/2390607:13
*** lmatter has joined #openstack-dev07:21
*** psedlak has joined #openstack-dev07:21
*** jamielennox has quit IRC07:22
*** jamielennox has joined #openstack-dev07:22
*** adjohn has quit IRC07:24
*** winston-d has joined #openstack-dev07:25
*** alobbs has joined #openstack-dev07:26
*** morganfainberg has quit IRC07:28
*** jsindy has joined #openstack-dev07:30
garykarosen: thanks07:30
*** lmatter has quit IRC07:32
*** salv-orlando has joined #openstack-dev07:32
*** noslzzp has joined #openstack-dev07:34
*** sirushti_ has quit IRC07:36
*** adjohn has joined #openstack-dev07:36
*** avishay has joined #openstack-dev07:37
*** adjohn has quit IRC07:37
*** adjohn has joined #openstack-dev07:38
*** henrynash has joined #openstack-dev07:38
*** AnilV4 has quit IRC07:39
*** giulivo has joined #openstack-dev07:40
*** jsindy has quit IRC07:40
*** jamielennox has quit IRC07:40
*** kagan has quit IRC07:41
*** jamielennox has joined #openstack-dev07:41
*** alunduil has quit IRC07:44
matiuanyone know about sqlite and adding / creating columns ?07:47
matiuspecifically if this looks good or not:07:47
matiuhttps://review.openstack.org/#/c/24418/6/nova/db/sqlalchemy/migrate_repo/versions/162_add_compute_node_spare_flag.py07:47
matiuthe two comments07:47
openstackgerritA change was merged to openstack/python-quantumclient: Improve unit tests for python-quantumclient  https://review.openstack.org/2327707:49
*** henrynash has quit IRC07:50
*** gongysh has quit IRC07:51
*** afazekas has joined #openstack-dev07:51
*** thouveng has joined #openstack-dev07:53
*** dolphm has joined #openstack-dev07:54
*** davidha has joined #openstack-dev07:54
*** rushiagr has quit IRC07:54
*** mohits has quit IRC07:55
*** alobbs has quit IRC07:57
*** dolphm has quit IRC07:58
*** AnilV4 has joined #openstack-dev08:00
*** flaper87 has joined #openstack-dev08:00
*** SergeyLukjanov has joined #openstack-dev08:02
*** jamielennox has quit IRC08:03
*** jamielennox has joined #openstack-dev08:03
ttxdolphm, termie, ayoung: I'm not exactly thrilled to make a change of this magnitude one day before RC1 and two weeks before final release -- Keystone is a pretty central piece of code and I don't want to do another Diablo08:05
*** rafaduran has joined #openstack-dev08:05
*** amerine has joined #openstack-dev08:06
ttxI'm ok with making small changes to make sure the future looks good though.08:06
*** jsindy has joined #openstack-dev08:06
*** shang has joined #openstack-dev08:07
*** egallen has joined #openstack-dev08:08
*** iartarisi has joined #openstack-dev08:08
*** reidrac has joined #openstack-dev08:11
*** jamielennox has quit IRC08:11
*** romcheg1 has joined #openstack-dev08:12
*** alobbs has joined #openstack-dev08:12
*** romcheg1 has quit IRC08:12
*** alobbs has quit IRC08:13
*** romcheg1 has joined #openstack-dev08:13
*** romcheg1 has left #openstack-dev08:13
*** egallen_ has joined #openstack-dev08:14
*** jamielennox has joined #openstack-dev08:14
*** mrunge has joined #openstack-dev08:14
*** egallen has quit IRC08:15
*** egallen_ is now known as egallen08:15
*** jsindy has quit IRC08:16
*** zyluo has quit IRC08:21
*** jamielennox has quit IRC08:21
*** eglynn has quit IRC08:22
*** zyluo has joined #openstack-dev08:22
*** gongysh has joined #openstack-dev08:25
*** Mandell has quit IRC08:25
*** johnthetubaguy has joined #openstack-dev08:26
*** markwash_ has joined #openstack-dev08:27
*** markwash has quit IRC08:28
*** markwash_ is now known as markwash08:28
*** zbitter is now known as zaneb08:29
*** pleia2 has quit IRC08:30
*** kagan has joined #openstack-dev08:31
*** fbo has joined #openstack-dev08:33
*** fbo_ has joined #openstack-dev08:33
*** fbo has quit IRC08:34
*** fbo has joined #openstack-dev08:34
*** corXi has joined #openstack-dev08:36
*** zeriouz has quit IRC08:38
*** jsindy has joined #openstack-dev08:42
*** koolhead17 has joined #openstack-dev08:44
*** Yada has joined #openstack-dev08:45
*** mindpixel has joined #openstack-dev08:46
*** marun has quit IRC08:46
*** salgado has quit IRC08:46
*** eglynn has joined #openstack-dev08:51
openstackgerritA change was merged to openstack-dev/devstack: Accept Quantums rootwrap.conf in etc/quantum/rootwrap.conf  https://review.openstack.org/2465908:51
*** dosaboy has joined #openstack-dev08:52
eglynnttx: quick questoin about the summit proposal system ...08:52
eglynnttx: is there any way to re-assign a proposed summit session from one track to another?08:52
*** jsindy has quit IRC08:53
eglynnttx: (the topic field doesn't appear to be editable ...)08:53
*** adjohn has quit IRC08:53
*** pixelbeat has joined #openstack-dev08:54
eglynnttx: context ... after discussion with markwash & russellb, we decided that http://summit.openstack.org/cfp/details/107 is more appropriate for the nova track than glance08:54
eglynnttx: could just delete and re-propose I guess ...08:54
*** dolphm has joined #openstack-dev08:54
ttxeglynn: you can ask the topic lead for the one you selected, or I can do it for you08:55
ttxthey have the power to reassign08:55
ttxFor that one i'll dot it for you08:55
eglynnttx: great, thanks!08:55
*** zyluo has quit IRC08:56
ttxeglynn: done, please doublecheck08:56
*** jaypipes has quit IRC08:56
*** winston-d has quit IRC08:56
eglynnttx: that's perfect, thank you sir!08:56
*** darraghb has joined #openstack-dev08:58
*** salgado has joined #openstack-dev08:58
*** dolphm has quit IRC08:59
*** markwash has quit IRC08:59
*** markwash has joined #openstack-dev08:59
*** ndipanov has joined #openstack-dev09:00
*** sulo_ has joined #openstack-dev09:01
*** ndipanov has quit IRC09:01
*** salv-orlando has quit IRC09:01
*** tomoe_ has quit IRC09:01
*** ndipanov has joined #openstack-dev09:01
*** henrynash has joined #openstack-dev09:02
*** eglynn has quit IRC09:03
*** jpich has joined #openstack-dev09:05
*** doude has joined #openstack-dev09:08
*** rushiagr has joined #openstack-dev09:08
*** AlanClark has joined #openstack-dev09:09
*** jpich has quit IRC09:11
*** markwash has quit IRC09:12
*** koert has joined #openstack-dev09:12
*** jpich has joined #openstack-dev09:13
*** tryggvil_ has quit IRC09:13
*** tomoe_ has joined #openstack-dev09:14
openstackgerritA change was merged to openstack/quantum: Ensure that lockfile are defined in a common place  https://review.openstack.org/2496809:15
*** dosaboy has quit IRC09:16
*** jsindy has joined #openstack-dev09:19
*** romcheg1 has joined #openstack-dev09:20
*** alobbs has joined #openstack-dev09:20
*** henrynash has quit IRC09:21
*** derekh has joined #openstack-dev09:21
*** Guest60252 has joined #openstack-dev09:23
*** adjohn has joined #openstack-dev09:23
*** pleia2 has joined #openstack-dev09:27
*** eglynn has joined #openstack-dev09:29
*** sirushti has quit IRC09:29
*** jsindy has quit IRC09:30
*** dosaboy has joined #openstack-dev09:33
*** k4n0 has joined #openstack-dev09:33
*** adjohn has quit IRC09:33
*** hattwick has joined #openstack-dev09:35
*** tomoe_ has quit IRC09:35
*** henrynash has joined #openstack-dev09:39
*** amotoki has quit IRC09:40
termieayoung_zzz: about all i'm going to get to tonight, wrestled with failign tests far too long and still can't run them: https://github.com/termie/keystone/compare/termie:trust_no_one...termie:oauth09:41
termieayoung_zzz: (and my 7 hours is up)09:42
*** janisg has quit IRC09:43
*** sirushti has joined #openstack-dev09:43
*** markmc has joined #openstack-dev09:44
*** janisg has joined #openstack-dev09:48
*** kagan has quit IRC09:49
*** danpb has joined #openstack-dev09:50
*** trapni has joined #openstack-dev09:50
*** trapni has joined #openstack-dev09:50
*** trapnii has joined #openstack-dev09:51
*** trapni has quit IRC09:54
*** dolphm has joined #openstack-dev09:55
*** jsindy has joined #openstack-dev09:56
*** jbr_1 has joined #openstack-dev09:58
*** dolphm has quit IRC09:59
*** jsindy has quit IRC10:06
*** johndescs has joined #openstack-dev10:09
*** mikal has quit IRC10:11
johndescshi, there is a missing ':' in stack.sh from devstack that breaks networking from within the VMs for me, should I submit such a small patch (and where) or is there anyone with push rights here?10:12
*** mikal has joined #openstack-dev10:13
*** Qten has joined #openstack-dev10:14
*** kmartin has quit IRC10:16
jpichjohndescs: You can report the bug here: https://bugs.launchpad.net/devstack and if you're interested in fixing it yourself, devstack follows the same patch submission and review process as the other projects (https://wiki.openstack.org/wiki/HowToContribute)10:16
*** AlanClark has quit IRC10:17
*** AlanClark has joined #openstack-dev10:17
*** dosaboy has quit IRC10:21
johndescsjpich: okay, will do even if it sounds too much for a colon to add ;)10:23
*** dosaboy has joined #openstack-dev10:23
*** zoresvit has joined #openstack-dev10:25
*** egallen has quit IRC10:30
*** jsindy has joined #openstack-dev10:32
jpichjohndescs: I hear you :)10:32
*** dims has joined #openstack-dev10:35
*** sirushti_ has joined #openstack-dev10:38
*** alobbs has quit IRC10:39
*** rkukura has quit IRC10:39
*** jsindy has quit IRC10:44
*** anniec has joined #openstack-dev10:44
*** anniec_ has joined #openstack-dev10:47
*** sulo_ has quit IRC10:48
*** beagles has quit IRC10:49
*** anniec has quit IRC10:49
*** anniec_ is now known as anniec10:49
*** beagles has joined #openstack-dev10:49
*** mindpixel has quit IRC10:50
*** sulo_ has joined #openstack-dev10:51
*** rkukura has joined #openstack-dev10:53
*** alobbs has joined #openstack-dev10:53
*** sulo__ has joined #openstack-dev10:54
*** adjohn has joined #openstack-dev10:54
*** dolphm has joined #openstack-dev10:55
*** sulo_ has quit IRC10:56
*** sulo__ is now known as sulo_10:56
*** adjohn has quit IRC10:59
*** salv-orlando has joined #openstack-dev10:59
*** dolphm has quit IRC11:00
*** yamahata_ has joined #openstack-dev11:01
zykes-markmc: / mordred you guys got any eta on oslo.package ?11:02
*** susanne-balle has joined #openstack-dev11:03
*** dosaboy has quit IRC11:03
*** afazekas has quit IRC11:04
*** metral has quit IRC11:05
*** jsindy has joined #openstack-dev11:09
*** metral has joined #openstack-dev11:10
openstackgerritA change was merged to openstack/python-swiftclient: Allow user to specify headers at the command line.  https://review.openstack.org/2447411:11
*** romcheg1 has left #openstack-dev11:14
*** zyluo has joined #openstack-dev11:15
*** jsindy has quit IRC11:20
*** adjohn has joined #openstack-dev11:25
*** trapnii has quit IRC11:33
*** kagan has joined #openstack-dev11:34
*** rkukura has quit IRC11:36
*** AnilV4 has quit IRC11:37
*** trapni has joined #openstack-dev11:38
*** trapni has joined #openstack-dev11:39
*** darjeeling has joined #openstack-dev11:40
*** BobBall has joined #openstack-dev11:42
*** sride has joined #openstack-dev11:43
*** darjeeling has quit IRC11:44
*** darjeeling has joined #openstack-dev11:44
*** Yada has quit IRC11:44
*** sirushti_ has quit IRC11:46
*** jsindy has joined #openstack-dev11:46
*** doude has quit IRC11:49
*** almaisan-away is now known as al-maisan11:52
*** ttx has quit IRC11:53
*** ttx has joined #openstack-dev11:53
*** ttx has quit IRC11:53
*** ttx has joined #openstack-dev11:53
*** kagan has quit IRC11:54
*** dolphm has joined #openstack-dev11:55
*** jsindy has quit IRC11:58
*** zyluo has quit IRC11:58
*** romcheg1 has joined #openstack-dev11:58
*** j303 has joined #openstack-dev11:58
*** dolphm has quit IRC12:00
*** yolanda has quit IRC12:00
*** zoresvit1 has joined #openstack-dev12:01
*** mkollaro has joined #openstack-dev12:01
*** lloydde has joined #openstack-dev12:02
*** yolanda has joined #openstack-dev12:03
*** doude has joined #openstack-dev12:04
*** zoresvit has quit IRC12:04
*** zoresvit1 has quit IRC12:05
*** stevemar has joined #openstack-dev12:12
*** AlanClark has quit IRC12:17
*** soody has joined #openstack-dev12:18
openstackgerritA change was merged to openstack/nova: Bring back sexy colorized test results.  https://review.openstack.org/2426012:22
*** sulo_ has quit IRC12:23
*** sulo_ has joined #openstack-dev12:23
*** jsindy has joined #openstack-dev12:24
*** pabelanger has joined #openstack-dev12:25
*** manas has quit IRC12:27
*** adjohn has quit IRC12:27
*** zoresvit has joined #openstack-dev12:28
*** digitalsanctum has joined #openstack-dev12:32
*** sulo_ has quit IRC12:32
*** sulo_ has joined #openstack-dev12:32
*** AlanClark has joined #openstack-dev12:33
*** jsindy has quit IRC12:36
garykHenryG: ping12:37
HenryGgaryk, hi!12:37
garykHenryG: hi, thanks for the review. did you see my last comment12:37
garykHenryG: i do not think that what you suggest will work - this is due to the fact the the lockutils internals will catch the exception12:38
HenryGgaryk, looking now...12:38
garykthanks12:38
*** Kharec has quit IRC12:39
*** pabelanger has quit IRC12:39
HenryGgaryk, Ah, I looked for retries but did not find them.12:40
HenryGSo the problem now is that the user won't know what's happening.12:40
HenryGif an agent blocks12:40
*** soody has quit IRC12:41
garykHenryG: agreed. If they look in the log they will know. I do not think that this suffices. Maybe a patch to oslo with exit if used will sort it out12:41
HenryGHow about augmenting InterprocessLock with a flag to not retry?12:43
*** Kharec has joined #openstack-dev12:43
garykHenryG: that is what I was thinking12:44
*** anteaya has joined #openstack-dev12:44
*** sgordon has quit IRC12:45
*** yaguang has quit IRC12:46
*** bogdando has quit IRC12:49
*** bogdando has joined #openstack-dev12:54
*** ewindisch has joined #openstack-dev12:56
*** dolphm has joined #openstack-dev12:56
*** mestery has joined #openstack-dev12:57
*** mestery has quit IRC12:57
*** mestery has joined #openstack-dev12:57
*** bogdando has quit IRC12:58
*** dolphm has quit IRC13:00
*** noslzzp has quit IRC13:00
openstackgerritA change was merged to openstack/nova: nova-manage: remove unused import  https://review.openstack.org/2391013:02
*** jsindy has joined #openstack-dev13:02
*** noslzzp has joined #openstack-dev13:03
*** lloydde has quit IRC13:04
*** vkmc has joined #openstack-dev13:07
openstackgerritA change was merged to openstack/nova: Don't actually connect to libvirtd in unit tests.  https://review.openstack.org/2494613:08
*** zyluo has joined #openstack-dev13:09
*** jruzicka has joined #openstack-dev13:09
*** yamahata_ has quit IRC13:10
*** mjfork has quit IRC13:10
*** zoresvit has quit IRC13:12
*** aditirav has quit IRC13:12
*** jsindy has quit IRC13:13
*** aditirav has joined #openstack-dev13:13
*** alobbs has quit IRC13:16
*** aditirav has quit IRC13:18
*** bogdando has joined #openstack-dev13:19
*** jergerber has joined #openstack-dev13:20
*** olaph_ has quit IRC13:22
*** egallen has joined #openstack-dev13:23
*** bogdando has quit IRC13:24
*** woodspa has joined #openstack-dev13:25
*** zoresvit has joined #openstack-dev13:27
*** tomoe_ has joined #openstack-dev13:28
*** kpavel has quit IRC13:29
*** bknudson has joined #openstack-dev13:30
*** rushiagr has left #openstack-dev13:30
*** kbringard has joined #openstack-dev13:30
*** olaph has joined #openstack-dev13:30
*** mikor has joined #openstack-dev13:31
*** mikor has left #openstack-dev13:32
*** k4n0 has left #openstack-dev13:32
*** negronjl has quit IRC13:36
*** bogdando has joined #openstack-dev13:37
johndescsjpich: https://bugs.launchpad.net/devstack/+bug/115830813:38
*** mestery has quit IRC13:38
uvirtbotLaunchpad bug 1158308 in devstack "FLAT_INTERFACE not working" [Undecided,New]13:38
*** mestery has joined #openstack-dev13:39
johndescsshould I really join the foundation etc. for that ? or is it enough like that ?13:39
johndescsnice bot :)13:39
*** jsindy has joined #openstack-dev13:39
*** olaph has quit IRC13:39
*** ewindisch has quit IRC13:41
*** ijw has quit IRC13:41
*** AlanClark has quit IRC13:41
*** ijw has joined #openstack-dev13:41
*** ewindisch has joined #openstack-dev13:41
*** AlanClark has joined #openstack-dev13:41
jpichjohndescs: I guess we'll see what the devstack people think, certainly thank you for reporting a bug + providing a patch/hint for resolution :)13:41
*** ewindisch has quit IRC13:42
jpichjohndescs: Until a patch is up on http://review.openstack.org though, it can't get in13:42
vkmcCool johndescs, I was having problems with that too, thanks!13:44
*** ladquin1 has joined #openstack-dev13:44
*** berendt has joined #openstack-dev13:45
berendtcan somebody have a look at http://logs.openstack.org/24986/1/check/gate-quantum-python27/5567/console.html. the build failed with a OOM and a kernel stack trace. I already triggered a recheck with the same result.13:45
*** kpavel has joined #openstack-dev13:48
crazedbknudson: hey, about https://review.openstack.org/24139 are you okay with the way the default test scenario is handled?13:48
*** mtreinish has joined #openstack-dev13:48
*** ladquin1 has quit IRC13:48
bknudsoncrazed: yes, it looks ok to me.13:49
bknudsonso just fix the order of the imports and I'll +1 it.13:49
crazedawesome, thanks i'll do that now13:49
*** sride has quit IRC13:49
bknudsoncrazed: obviously, I wasn't looking very closely at the code, just thinking about what might be wrong... it was getting late.13:50
*** openstackgerrit has quit IRC13:50
*** openstackgerrit has joined #openstack-dev13:50
*** rcj has joined #openstack-dev13:51
*** jsindy has quit IRC13:51
*** jimfehlig has joined #openstack-dev13:51
*** mestery has quit IRC13:51
johndescsokay let's wait a little :)13:51
*** cloudchimp has joined #openstack-dev13:52
*** mestery has joined #openstack-dev13:52
*** AlanClark has quit IRC13:52
*** radez_g0n3 is now known as radez13:52
*** doude has quit IRC13:53
*** manas has joined #openstack-dev13:53
*** nunosantos has joined #openstack-dev13:53
*** al-maisan is now known as almaisan-away13:54
*** adjohn has joined #openstack-dev13:54
*** ladquin has joined #openstack-dev13:55
crazedbknudson: it's all good, it was late for me too13:55
*** mindpixel has joined #openstack-dev13:56
*** jhesketh has quit IRC13:58
*** adjohn has quit IRC13:59
crazedi'm glad we have some tests on the actual ldap connection now though14:00
*** markmcclain has joined #openstack-dev14:02
*** rnirmal has joined #openstack-dev14:03
*** sulo_ has quit IRC14:04
*** avishay has quit IRC14:05
*** sulo_ has joined #openstack-dev14:05
*** voliveirajr has joined #openstack-dev14:05
*** mjfork has joined #openstack-dev14:06
*** romcheg2 has joined #openstack-dev14:06
*** doude has joined #openstack-dev14:07
*** rohitk has quit IRC14:08
*** mestery has quit IRC14:08
*** romcheg1 has quit IRC14:09
*** ladquin has quit IRC14:11
*** ladquin has joined #openstack-dev14:11
openstackgerritA change was merged to openstack/cinder: Switch all uses of 422 response code to 400.  https://review.openstack.org/2412514:11
*** Guest60252 has quit IRC14:13
*** alobbs has joined #openstack-dev14:13
*** ewindisch has joined #openstack-dev14:15
johndescshas any dev from devstack here an idea why I can find no info about DNS? it's not working out of the box for me, but I may setup a server in the dashboard afterwards14:16
*** maksimov has joined #openstack-dev14:16
*** ladquin has quit IRC14:16
johndescswould be nice to get it/them from resolv.conf14:16
*** ladquin has joined #openstack-dev14:16
*** jsindy has joined #openstack-dev14:17
*** sthaha has quit IRC14:18
*** negronjl has joined #openstack-dev14:18
*** ladquin1 has joined #openstack-dev14:18
*** ladquin has quit IRC14:18
*** ladquin1 is now known as ladquin14:20
*** egallen has quit IRC14:20
*** datsun180b has joined #openstack-dev14:20
*** aeperezt has joined #openstack-dev14:22
*** dolphm has joined #openstack-dev14:22
*** jsindy has quit IRC14:23
*** jsindy has joined #openstack-dev14:23
*** martine has joined #openstack-dev14:23
*** chuck_ has joined #openstack-dev14:24
*** egallen has joined #openstack-dev14:24
*** chuck_ has quit IRC14:24
kenperkinshello from rackspace via Seattle :P14:25
*** adjohn has joined #openstack-dev14:25
*** chuck_ has joined #openstack-dev14:26
*** jbresnah has quit IRC14:26
*** zul has quit IRC14:26
*** yidclare has joined #openstack-dev14:26
*** jbresnah has joined #openstack-dev14:27
*** adjohn has quit IRC14:30
*** alexxu has quit IRC14:31
*** chuck_ is now known as zul14:31
*** mestery has joined #openstack-dev14:32
*** sagar_nikam has joined #openstack-dev14:34
*** rcj has quit IRC14:34
*** david-lyle has joined #openstack-dev14:37
*** megha has joined #openstack-dev14:37
*** baba has quit IRC14:37
*** primeministerp has joined #openstack-dev14:38
*** john5223 has joined #openstack-dev14:39
*** eharney has joined #openstack-dev14:42
*** mestery has quit IRC14:42
*** rkukura has joined #openstack-dev14:45
*** romcheg1 has joined #openstack-dev14:51
*** zyluo has quit IRC14:51
*** topol has joined #openstack-dev14:52
*** annegentle has joined #openstack-dev14:52
*** romcheg2 has quit IRC14:53
*** jab416171 has quit IRC14:55
*** adjohn has joined #openstack-dev14:56
*** sgordon has joined #openstack-dev14:57
*** devoid has joined #openstack-dev14:58
openstackgerritA change was merged to openstack/keystone: Version bump to 2013.2  https://review.openstack.org/2494414:58
dolphmayoung_zzz: henrynash: ttx: ^14:59
*** Yada has joined #openstack-dev14:59
*** ayoung has joined #openstack-dev14:59
*** boris-42 has quit IRC14:59
*** ayoung has quit IRC14:59
*** ayoung_zzz is now known as ayoung14:59
*** marun has joined #openstack-dev15:00
*** gargya has joined #openstack-dev15:00
ayoungdolphm, and with that, rc1 is complete15:00
dolphmWOO15:00
ttxdolphm: hmm, what about the trustocalypse ?15:00
dolphmayoung: thanks for approving that change last night15:00
*** adjohn has quit IRC15:01
dolphmttx: we merged a patch to let us disable trusts with a config variable (it's enabled by default)15:01
openstackgerritA change was merged to openstack/swift: Fix for attempted COPY of objects gt MAX_FILE_SIZE  https://review.openstack.org/2499015:01
ayoungdolphm, NP.  I was thinking that a kill switch would be a decent feature even before that discussion.15:01
ttxdolphm: but still make it part of the v3 main api ?15:01
ayoungdolphm, I am writing up a comparison of auth and trusts.  I'll do it as a blog post.  Let me check splelling and the like and I'll send you the link when I'm done.15:02
*** ndipanov has quit IRC15:02
ayoungttx, yes15:02
ayoungttx, the kill switch is a panic button15:02
ttxdolphm: is termie on board with that solution for grizzly ? I don't really want him to come back today and talk you into dropping it to an extension after all, post-rc1.15:02
ayoungttx, doesn't matter15:02
ayoungthe rest of the core are aligned in the approach15:03
ttxi'm fine with a number of changes pre-rc1, not so much post-rc115:03
dolphmttx: at the moment yes, termie implemented oauth last night as an alternative to consider15:03
*** zoresvit has quit IRC15:03
henrynashdolphm: ..and given we want to have a much larger discussion on Oauth etc. at the summit, I don't think pushing it now quickly is right15:04
ttxdolphm: so if oauth comes in havana as a replacement for the current impl for trusts, that would make a 3.1 or 4.0 api, right ?15:04
dolphmttx: pretty sure he's not on board with trusts at all; if we changed trusts in grizzly at this point, i'd only want to change the URL to indicate it's an extension, and nothing more15:04
ayoungttx, probably not15:04
*** spzala has joined #openstack-dev15:04
ayounger15:04
ayoungprobably not 415:04
dolphmttx: that's my thinking, yes15:04
dolphmttx: i expect at least 3.1 in havana, but on the same endpoint /v3/15:05
dolphmhenrynash: +115:05
*** megha has quit IRC15:06
ttxdolphm: my point is... dropping it to an extension post-rc1 would be bad. So the call you're making now should be the call for Grizzly release15:06
ttxi'm totally fine with your decision -- that was really too late to come up with an objection. Just making sure you understand the consequences :)15:06
*** cp16net is now known as cp16net|away15:06
*** ndipanov has joined #openstack-dev15:06
ayoungttx thanks15:07
*** gongysh has quit IRC15:07
dolphmttx: agree & understand -- it's not something i want to do15:07
ayoungttx, the thing is, delegation, regardless of implementation, cannot help but touch core.15:07
dolphmttx: i want to understand termie's perspective at this point15:07
*** cp16net|away is now known as cp16net15:07
dolphmayoung: i'd disagree on that point15:07
ayoungdolphm, no, you wouldn't15:08
ladquinmaurosr, around?15:08
*** jasdeepH has joined #openstack-dev15:08
ayoungbecause some of the change we made were at your request15:08
ayoungand those were changes for example15:08
ayoungto revoking tokens from trusts15:08
ayoungthat logic, the ability to chain tokens, and revoke on those chains had to happen in the core controller code15:09
ayoungit was even refactored out of the identity controller and into the common code15:09
*** cp16net is now known as cp16net|away15:10
*** cp16net|away is now known as cp16net15:10
*** egallen has quit IRC15:10
*** kmartin has joined #openstack-dev15:10
*** mindpixel has quit IRC15:11
*** megha has joined #openstack-dev15:11
jamespagenijaba, hey - has ceilometer been tested with mongodb 2.4 (just released)?  just pondering a late upgrade for raring.15:12
*** gyee has joined #openstack-dev15:12
chmoueljd__: ^15:15
*** fesp has joined #openstack-dev15:15
chmoueljamespage: nijaba is traveling today i believe15:15
jd__jamespage: I don't think so15:15
*** edmund1 has joined #openstack-dev15:15
ttxdolphm: cutting grizzly release branch from 4b8cab7b3753ba3de9f93175636858555d575be615:16
dolphmttx: +115:16
*** flaper87 has quit IRC15:16
*** fesp is now known as flaper8715:16
*** flaper87 has joined #openstack-dev15:17
*** cp16net is now known as cp16net|away15:18
*** cp16net|away is now known as cp16net15:19
*** andrewbogott_afk is now known as andrewbogott15:20
jamespagejd__, OK - thanks - I think we will defer until next release15:22
jamespagetbh the python driver upgrade is not even release yet :-)15:22
*** zoresvit has joined #openstack-dev15:22
*** annegentle has quit IRC15:23
ttxdolphm: keystone master now opened for havana development15:23
*** koolhead17 has quit IRC15:24
dolphmttx: woot, thanks!15:24
ttxdolphm: will tag rc1 in a few if you don't waive any red flag15:24
*** diogogmt has joined #openstack-dev15:24
*** annegentle has joined #openstack-dev15:24
crazedttx: dolphm, any chance we could get https://review.openstack.org/#/c/24139/ in there15:25
*** n0ano has quit IRC15:27
*** adjohn has joined #openstack-dev15:27
*** agentle_ has joined #openstack-dev15:27
*** utlemming has quit IRC15:27
dolphmcrazed: i'm good with the patch if bknudson's concers are resolved, which looks to be the case15:28
*** imsplitbit has joined #openstack-dev15:28
bknudsondolphm: I looked at it and am happy with it.15:28
*** hemna has joined #openstack-dev15:29
*** annegentle has quit IRC15:30
*** agentle_ is now known as annegentle15:30
*** mkerrin has joined #openstack-dev15:30
ttxdolphm: if you want it in grizzly you should backport it to MP once it hits master15:30
dolphmttx: will do15:31
*** adjohn has quit IRC15:31
jgriffithsdague: sadly at this point it seems the prudent thing to do is just remove support altogether15:31
*** sacharya has joined #openstack-dev15:31
ttxdolphm: adding bug 1153786 to rc1 to track that15:32
uvirtbotLaunchpad bug 1153786 in keystone "ldap dereferencing is broken in the ldap backend" [Medium,In progress] https://launchpad.net/bugs/115378615:32
sdaguejgriffith: yeh, let's see what Bradley says first (give him till the end of the day)15:32
jgriffithsdague: sure15:32
*** reed has joined #openstack-dev15:33
*** kaushikc has joined #openstack-dev15:34
crazedttx: dolphm, sorry if i'm late/new to the development cycle, but any chance https://bugs.launchpad.net/keystone/+bug/1158077 can be handled in grizzly as well? the ability to change ldap name/id attributes is sort of broken without a way to ensure all necessary attributes are defined for say inetOrgPerson15:34
uvirtbotLaunchpad bug 1158077 in keystone "user crud in ldap backend breaks when changing user_name_attribute and user_id_attribute" [Undecided,New]15:34
bknudsondolphm: keystone master now open for H development means that anything checked in now will go into H release and not G unless backported?15:34
ttxbknudson: yes15:35
dolphmcrazed: i'd need to see a patch and assess it's impact15:35
*** adjohn has joined #openstack-dev15:35
crazeddolphm: okay, i wanted to get feedback on the proposed config option before attempting a patch15:35
SpamapSheh.. does this make any sense at all:     # Log all queries (any query taking longer than 0 seconds)15:37
*** digitalsanctum has quit IRC15:38
*** flaper87 has quit IRC15:38
*** utlemming has joined #openstack-dev15:39
*** digitalsanctum has joined #openstack-dev15:40
*** flaper87 has joined #openstack-dev15:42
maurosrladquin: hey, hi!15:43
*** fbo has quit IRC15:44
*** danwent has joined #openstack-dev15:44
dolphmcrazed: reviewing the bug, it seems like a valuable feature, but i think it would need to stay in havana due to complexity/impact15:44
ladquinhi, maurosr! sorry to bother so much15:45
dolphmcrazed: but again, can be hard to tell without a patch15:46
maurosrladquin: you are not =)... so what's up?15:46
ladquinmaurosr, yesterday I was working on documenting the os-services ext api, and I got a few doubts, perhaps you can help me with that15:46
maurosrsure15:46
*** jcmartin has joined #openstack-dev15:47
*** doude has quit IRC15:47
ladquinmaurosr, as I could see, there were some patches around to fix it, as it had some inconsistencies15:47
maurosrindeed, few days agora15:48
maurosr*ago15:48
*** alexisT has joined #openstack-dev15:48
ladquinmaurosr,  I was testing it on my devstack and couldn't really make it work the enable/disable requests15:48
ladquinlet me get a pastebin15:48
vishyjgriffith: fyi policy.py had a couple of important changes regarding getting is_admin via policy15:49
vishyjgriffith: you might want to grab those if you don't have them15:49
*** devoid1 has joined #openstack-dev15:50
*** devoid has quit IRC15:50
crazeddolphm: okay, i'll work on a patch, seems the oslo.config stuff doens't have a good way to parse the values currently though15:50
crazeddolphm: worse case scenario i live hack the changes i need when i upgrade to grizzly15:50
*** iartarisi has quit IRC15:50
dolphmcrazed: register_list() and .split(':') each result?15:52
dimscrazed, i'd appreciate if you could open a bug against oslo for the problem you see parsing values15:52
dims(pretty please)15:52
openstackgerritA change was merged to openstack/nova: Change type of ssh_port option from Str to Int  https://review.openstack.org/2491315:52
*** gargya has quit IRC15:52
*** gargya_ has joined #openstack-dev15:52
*** gargya_ is now known as gargya15:52
ladquinmaurosr, http://paste.openstack.org/show/34228/  tried that and many other combinations, but I always get a 404 (it works ok with the nova client)15:53
*** adam_g has quit IRC15:53
maurosrlet me see15:53
*** adam_g has joined #openstack-dev15:53
jgriffithvishy: Yeah, but policy borked all the unit tests so we passed on it15:53
crazeddolphm: yeah i could do the split, but would be kind of cool if that was in oslo.config15:53
dolphmmarkmc: when are dicts coming to oslo.config? :D15:54
jgriffithvishy: That's the only one that was really significant15:54
jgriffithvishy: I'll take another look15:54
markmcdolphm, what's that mean?15:54
maurosrladquin: I'll try here first... will ping you back in minutes15:54
jgriffithvishy: thanks for the heads up15:54
markmcdolphm, CONF['debug'] ?15:54
dolphmmarkmc: see the proposed config syntax in this bug https://bugs.launchpad.net/keystone/+bug/115807715:54
uvirtbotLaunchpad bug 1158077 in keystone "user crud in ldap backend breaks when changing user_name_attribute and user_id_attribute" [Medium,Triaged]15:54
dolphmmarkmc: user_additional_attribute_mappings = sn:name, description:email15:54
markmcdolphm, when someone sends a patch :)15:55
dimscrazed, i can fix oslo.config15:55
dimsor at least help markmc fix it :)15:55
ladquinmaurosr, sure, thank you!15:55
dolphmi wouldn't mind writing that as well, if the proposed syntax is agreeable15:56
crazeddims: cool, yeah i think if we supported something like option = key1:value, key2:value, etc which turned into a dict15:56
crazedi think the quantum ovs plugin uses a syntax similar to that15:56
markmcdoesn't seem crazy15:56
markmcconsider doing it as multistropt variant tho15:57
markmci.e.15:57
markmcoption = key1:value15:57
markmcoption = key2:value15:57
*** navid_ has quit IRC15:57
markmcgiving the same result15:57
*** AlanClark has joined #openstack-dev15:57
crazedah yeah that would be nice15:57
markmcmaybe you want both variants15:57
dimsagree, both would be good15:57
*** mrodden has joined #openstack-dev15:58
crazedhow should we proceed15:58
dimscrazed, bug against oslo, will take a stab when i get a chance15:59
crazedsure15:59
*** jdurgin1 has joined #openstack-dev15:59
*** Ryan_Lane has quit IRC15:59
*** jaybuff has joined #openstack-dev15:59
*** beagles is now known as beagles|lunch16:01
*** salgado is now known as salgado-lunch16:04
*** yidclare has quit IRC16:04
*** rohara has quit IRC16:05
*** blamar has joined #openstack-dev16:06
*** rcj has joined #openstack-dev16:07
*** colinmcnamara has joined #openstack-dev16:07
*** jcmartin_ has joined #openstack-dev16:08
*** jcmartin has quit IRC16:08
*** jcmartin_ is now known as jcmartin16:08
*** jaybuff has quit IRC16:09
*** lloydde has joined #openstack-dev16:10
*** roampune has joined #openstack-dev16:10
*** rushiagr has joined #openstack-dev16:10
*** reidrac has quit IRC16:10
*** mestery has joined #openstack-dev16:11
jgriffithvishy: booo... our policy file is VERY old, we're still using enforce everywehre16:11
*** yamahata has quit IRC16:11
*** koolhead17 has joined #openstack-dev16:12
*** colinmcnamara has quit IRC16:13
crazeddims: https://bugs.launchpad.net/oslo/+bug/115838016:13
uvirtbotLaunchpad bug 1158380 in oslo "oslo.config should support a means of doing options that result in dicts" [Undecided,New]16:13
dimscrazed, thanks16:13
*** devoid1 has quit IRC16:14
crazedfor the keystone changes i'd like, i'll go with a list + spit until oslo.config is ready16:15
*** devoid has joined #openstack-dev16:16
*** jaybuff has joined #openstack-dev16:16
*** colinmcnamara has joined #openstack-dev16:17
*** heckj has joined #openstack-dev16:18
heckjttx, dolphm : morning - sorry, bad bus day getting into work today16:19
*** noslzzp has quit IRC16:19
heckjI heard I was "requested"?16:19
ttxheckj: about to cut rc116:19
*** boris-42 has joined #openstack-dev16:20
*** anniec has quit IRC16:21
dolphmheckj: o/16:21
dolphmcrazed: +116:21
*** AlanClark has quit IRC16:21
ayoungcrazed, I meant to ask you on https://bugs.launchpad.net/keystone/+bug/1158077  if changing user_id actually makes sense16:21
uvirtbotLaunchpad bug 1158077 in keystone "user crud in ldap backend breaks when changing user_name_attribute and user_id_attribute" [Medium,Triaged]16:21
dolphmcrazed: when you've proposed a patch, open a bug that the config syntax needs to be revised16:22
crazedayoung: what do you mean?16:22
crazeddolphm: sure thing16:22
ayoungcrazed, typically user_id can't be changed after the user is created.  At least, that is the Keystone approach16:23
ayoungI'll link you to the code16:23
*** koert has quit IRC16:23
dolphmcrazed: ah yeah, you shouldn't be able to change user id -- name is mutable though16:23
ayounghttps://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L21316:24
crazedah yeah, i agree, which is why my dn for users is uid=blah,ou=users,dc=example,dc=net,16:24
ayoungand then enforced in the backend16:24
*** jab416171 has joined #openstack-dev16:24
ayounghttps://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L68616:25
ayoungcrazed, so what is the problem that you are seeing?16:25
ttxdolphm: could you summarize your call on trusts to heckj, so that we are all on the same page ?16:25
crazedi'm not trying to allow user id changes, just telling keystone to check a different attribute in ldap16:25
*** alop has joined #openstack-dev16:25
*** trapni has quit IRC16:25
crazedthe problem is when searching for a user by id, it does something like %(user_id_attribute)s=%(user_id),%(user_tree_dn)16:26
dolphmttx: sure...16:26
crazedso to work with existing schemas you need to be able to change the user_id_attribute16:27
dolphmtermie isn't a fan of the trusts api or implementation, and wants to see them moved to an extension so that he can propose an alternative extension based on oauth16:27
*** yamahata has joined #openstack-dev16:27
ayoungheckj, it was an interesting night....16:27
heckjsounds like it16:27
ttxa loong one.16:27
dolphmi proposed (and ayoung merged) a patch to add a feature flag for trusts16:28
heckjI caught some of termie's "feedback" when I was in mountainview last week before PyCon16:28
dolphmwe discussed defaulting that feature flag to 'off' so that we could say the feature was beta, and would either be reworked in v3.1 or moved to an extension16:28
dolphmayoung is quite opposed to that, and i'll certainly admit it's VERY late to have that discussion16:29
*** jaybuff has quit IRC16:29
ttxi'm fine with whatever option as long as the call is made before rc1 and sticks (and does not involve completely ripping the work that was done out)16:29
heckjsince I'm blessed (or cursed myself with) a fairly external perspective on this work, here's what I'm seeing:16:29
dolphmttx: i'm definitely opposed to ripping out the work, if only because of the massive code change and impact on stability16:29
*** alobbs has quit IRC16:30
heckjWe rushed an API that didn't get a lot of review into the release, requesting a FFE for it. We got it in, and it's tentacles reach fairly deep. We have a lot of competing opinions on how we could do this, and while trusts was on the books for months, we didn't see anything concrete on it until the few weeks prior to RC freeze. We don't have much feedback or idea on how this API will work in practice, only in tests and bare documentation.16:31
dolphmthis is beside the point, but i'll share anyway: my opinion on the trust api is that it could be simplified drastically, but that would also mean cutting the fact that trusts automatically expire, and the fact that trusts have unique identifiers -- ayoung argued against both awhile back and i gave up16:31
dolphmheckj: that's an accurate perspective, imo16:32
heckjAt any other time, I'd say we should switch and make it an extension, but it's not clear that doing so will A) be easy and B) no introduce a bunch of instability issies. Dolph's added the feature_flag mechanism to enable/disable- which means I fucked up asking for a FFE earlier in the process, and we should have deferred this work entirely since it was so late16:32
heckjMy primary goal is not to screw up the stability of the current release,16:33
dolphmheckj: the patch to make it an extension could be as simply as changing the url it operates on ... the rest is docs16:33
ttxagree that the FFE was borderline and is biting us now16:34
heckjIt's pretty clear we're going to want to rev the v3 API as well - at least tweak here and there - and we want to make sure we have teh core totally forwards compatible16:34
kbringardwould someone on the stable core team mind taking a peek at: https://review.openstack.org/#/c/24170/ ?16:34
heckjttx: my bad on the FFE16:35
ayoungWould it make sense to mark the V3 API as Beta?16:35
*** shang has quit IRC16:35
*** jcmartin has quit IRC16:35
heckjayoung: marking it as such wouldn't help or hurt this - it's just a label, and I think we're all considering it beta until it's well proven as a default in the system16:35
kbringardfor favor :-)16:35
kbringardmarkmc: ^^ :-D16:35
*** jcmartin has joined #openstack-dev16:35
ayoungThe reason we got the FFE in the first place was due to the late submission of the V3 api.  V3 is pretty new.16:35
*** alobbs has joined #openstack-dev16:36
dolphmv3 auth specifically16:36
heckjayoung: yeah, and we piled a lot into that very late in the game. Bad game plan16:36
heckjayoung: I think we'd be better shifting this URL (if that's really that easy) and calling this an extension, with the knowledge that we'll likely want to rev all of V3 to a V3.1 based on all the feedback we've seen recently.16:37
*** sagar_nikam has quit IRC16:37
ayoungV3 across the board has not been deeply adopted16:37
dolphmadopted, no16:37
ttxbetter move it to an extension before it's actually used by anybody.16:37
heckjMy perception is that it was because we delayed in defining V3 Auth and getting that out the door16:37
dolphmheckj: on a v3.1 rev -- it should be backwards compatible with v3, else it's v416:38
ayoungWe saw what happened in auth_token middleware when we tried to switch over to it16:38
heckjdolphm: yes, 100%16:38
dolphmheckj: that's accurate16:38
*** mrodden has quit IRC16:38
ayoungI don't know if things are using V3 policy or Catalog yet or not16:39
*** mrodden has joined #openstack-dev16:39
heckjayoung: I'm not 100% sure what you mean with the "we saw what happened", but my perception is that these changes are nessecarily slow - and having trusts as core, seems unnescarily risky when we could get the 100% benefit from that code and system the same as an extension16:39
ayoungI'm OK with the trust implementation changing in the future.  What I don't think we want to do is leave ourselves without any delegation mechanism at all.16:39
heckjnothing is using the policy mechanims yet - that requires changes to all the other projects to both register and retrieve policy (although they do have autoloading in most of the projects)16:40
heckjayoung: I agree - which is why I don't want to rip out the code, but I do want to see it as an "extension"16:40
ayoungTo be honest, it would have been better to have written it as an extension back in October.  I still think it would have required changes to the core token API, but those would have been limited.16:40
heckjsounds like we're on the same page16:40
ayoungPeople could have begun developing against trusts in parallel, and then it would have gotten promoted.16:41
ayoungNot quite16:41
maurosrladquin: I'm still trying, so far one problem is the url is /os-services not /services16:41
*** sandeepr has quit IRC16:41
ayoungwe have to state that the feature is there.  People need to be able to reliably build on it16:41
*** shang has joined #openstack-dev16:41
*** sandeepr has joined #openstack-dev16:42
ladquinmaurosr, yeah, sorry that was one of my tries, os-services did not work neither16:42
ayoungif we state is an extension, are we stating merely that the API might change, or that we reserve the right to remove the feature all together?16:42
maurosrok.. let me try few more things16:42
ayoungWe have a kill switch if the feature proves to be horribly broken16:42
*** zoresvit has quit IRC16:42
ttxayoung: not really. We can't pass a default change in a stable release update16:43
ayoungI actually was wondering if we needed that before dolph proposed it16:43
ttxso the default (disabled or enabled) will stick16:43
ayoungttx, so is there really any difference to saying it is part of V3 versus /extensions?16:43
ttxit's just giving us a workaround16:43
heckjayoung: extension doesn't mean we'll be ripping it out entirely, extension effectively means that as we rev the API we can potentially make significant (non-backwards compatible) changes to the extnesion APIs. In practice, that's rarely i ever done (see Nova's almost-critically-needed extensions) as an example16:43
*** devoid has quit IRC16:44
*** jaybuff has joined #openstack-dev16:44
ttx"it's broken! please all settrusts_enable=False now !16:44
*** hemna has quit IRC16:44
*** hemna has joined #openstack-dev16:44
ayoungttx, understood.16:45
ttxextension is giving us lower API compatibility constraints16:45
dolphmheckj: ayoung: ttx: haven't tested this at all, but something like https://review.openstack.org/#/c/25019/16:45
heckjttx: yes, exactly16:45
ttxi.e. leaves more options open for havana16:45
*** imsplitbit has quit IRC16:45
heckjdolphm: yeah - with appropriate trusts updated and such16:46
heckjer, tests - that was fruedian, wasn't it16:46
dolphmprobably16:46
ayoungHa16:46
dolphmthere's some test changes included, i'm not sure what else would be required16:46
ayoungdolphm, the API doc16:46
dolphmayoung: i'll tackle that as well16:46
ttxayoung: I feel a bit bad given how much work you poured into this... the later your work goes in, the more vulnerable you are to this kind of... last-minute change16:46
ayoungttx, so, here 's why I think that this is so important16:47
ayoungand I am ok with having some wiggle room16:47
ayoungwe need to commit to getting rid of bearer tokens16:47
ayoungright now, there is no way around that16:47
ttx(if it had been in at an early milestone we wouldn't even have that discussion)16:47
ayoungwe need some delegation mechanism to do that16:47
ayoungbut the work to get rid of them is Havana stuff16:48
dolphmmy philosophy is that i write disposable code; it will inevitably be refactored, deprecated or fixed :)16:48
ayoungthat is beyond the HEAT use case16:48
ayoungand the other people that need it now16:48
ttxdolphm: rarely two weeks after you write it, though ;)16:48
dolphmttx: i'd argue that it's most likely within two weeks :P16:48
ayoungthat was why I wanted it for V2 tokens, because I want people to be able to use it in existing systems unchanged16:48
ayoungIf the API changes in Havana, that will have minimal impact16:49
ayoungIf the base concepts change (like the unique ID thing) that probably will have more impact16:49
ayoungusing Oauth as the mechanism should be deployable along side16:49
ayoungSo, changing the  URL, no big deal at all.  Personally, I want more discoverability in how we organize URLs anywya16:50
* ayoung tired...it was later for me than the people on the West Coast when this was discussed16:50
ayoungbut not committing to the base concept now hamstrings us16:50
*** shang has quit IRC16:51
*** swaT30 has quit IRC16:52
ayoungttx, probably the biggest follow on to this work will be adding support for delegation into the Python Keystone client16:52
ayoungTHat has not even started.16:52
*** beagles|lunch is now known as beagles16:52
*** rushiagr has quit IRC16:52
*** Mandell has joined #openstack-dev16:53
ayoungThe unfortunate side effect of that is that we don;'t have control over what the consumers of delegation will do,  they will have to consume it directly from the Web API for now16:53
ttxayoung: I don't think anyone doesn't agree that the base concept is worth it16:53
heckjayoung: you're absolutely right, we should have put this in as an extension way back in october to get the new concepts available for immediate use. We didn't, that was poor on our end. Let's keep this in as an extension, enabling the ability to move beyond bearer tokens in fact as well as concept, and get some more implementations in that can leverage and use it forward16:53
*** alobbs has quit IRC16:53
*** tomoe_ has quit IRC16:53
*** tomoe_ has joined #openstack-dev16:53
ayoungheckj, lesson learned.16:54
*** alobbs has joined #openstack-dev16:54
ttxheckj: Given our current time constraints it sounds like a good trade-off16:54
*** yidclare has joined #openstack-dev16:54
*** andreaf has joined #openstack-dev16:55
ayoungttx, that said, we should rethink our versioning strategy.  There are other approaches that putting /v3 in the URL, and I think that this feature here shows exactly why.16:55
zulttx: it would make people nag you less ;)16:55
heckjdolphm: you've got one patch in flight, ayoung would you review and see if that's missing anything? I'll lurk and try and stay available today to help usher it through so we don't keep ttx up until his 2am16:55
ayoungThat would be a good summit session16:55
*** swaT30 has joined #openstack-dev16:55
ayoungheckj, link?16:55
heckjayoung: yeah, it would16:56
heckjayoung: https://review.openstack.org/#/c/25019/16:56
heckjdolphm: you can to run through and update the API docs as well?16:56
openstackgerritA change was merged to openstack/oslo.config: Improve test cases for boolean values  https://review.openstack.org/2485116:56
*** shang has joined #openstack-dev16:56
*** cp16net is now known as cp16net|away16:56
dolphmheckj: almost doen with that16:57
henrynashdolphm: RH-TRUSTS..what does the RH stand for?16:57
heckjttx: so it sounds like we'll shift the URL on this, update the docs, and then I think we'll be ready for an RC1 cut16:57
ayoungdolphm, gonna see if Jenkins likes it.  No surprise in the coding.  Not sure if I should object to the RH-  or consider it a marketing ploy.16:57
ayoungREaly Handy16:57
heckjheh16:58
ayoungRound Here16:58
henrynashayoung: ha!16:58
ayoungRadical Harmony!16:58
ttxheckj: I'll be back in ~4 hours to check if you're ready by then, otherwise we can cut early tomorrow16:58
henrynashayoung: Roughly Harmonious16:58
dolphmayoung: the convention is to use your company, especially when there could be competing impls16:58
*** xga has joined #openstack-dev16:58
ayoungdolphm, advertising it !16:58
ttxheckj, dolphm: note that since the grizzly branch was cut you'll need to backport everything to milestone-proposed16:58
ttxbad timing16:58
henrynashdolphm: ah, didn't know that16:59
heckjhenrynash: started w/ the RAX- extensions...16:59
dolphmheckj: ayoung: ttx: identity-api WIP https://review.openstack.org/2502216:59
*** sandeepr has quit IRC17:00
gyeedolphm, you may want to move the trust scoping to RH as well17:00
ttxdolphm: i don't care that much about identity-api, can land post-rc117:00
ayoungYou know, if this had just been done earlier, I would actually be thrilled with it.17:00
dolphmgyee: i was going to ask about that17:00
dolphmgyee: i think changing the request body is *really* ugly but i see the value17:00
*** mlavalle has joined #openstack-dev17:01
*** terry7 has joined #openstack-dev17:01
adam_gvishy, ping17:01
gyeedolphm, unless you want a RH auth api17:01
vishyadam_g: sup?17:01
*** markmc has quit IRC17:01
*** yidclare has quit IRC17:01
dolphmgyee: i'd rather not lol17:01
adam_gvishy, just stumbled on this, https://review.openstack.org/#/c/15791/  do you know if there were any similar changes in nova that would have triggered https://bugs.launchpad.net/python-glanceclient/+bug/1157864 ?17:02
uvirtbotLaunchpad bug 1157864 in python-glanceclient "Requests to https server can yield WantReadError" [Undecided,In progress]17:02
*** cp16net|away is now known as cp16net17:02
*** esp has joined #openstack-dev17:02
*** adjohn has quit IRC17:03
vishyadam_g: no that one is new to me17:03
*** yidclare has joined #openstack-dev17:03
*** annegentle has quit IRC17:04
vishyit should have been monkeypatched form the beginning17:04
*** yidclare has quit IRC17:04
vishyI think the ssl support was added recently so that might be what triggered it17:04
*** adjohn has joined #openstack-dev17:04
*** thouveng has quit IRC17:05
adam_gvishy, ah17:05
*** yidclare has joined #openstack-dev17:05
ayoungdolphm, gyee would it be possible to do what gyee suggested?17:05
ayoungIE17:05
ayoungsomething like  /RH-TRUSTS/auth17:05
*** jsindy has quit IRC17:06
dolphmayoung: that would require way more than just adding to a few paths17:07
ayoungand then reuse the auth controller, but add a parameter in init that allows trusts for /RH-TRUST and does not for /v3/auth?17:07
*** romcheg1 has left #openstack-dev17:07
gyeeayoung, I know you wanted that, PKI token? wink wink17:07
*** mestery has quit IRC17:07
ayoungheh17:07
ayoungdolphm, yeah...but even if we just duplicated it with no change17:08
dolphmayoung: a copy/paste of the entire code path?17:08
ayoungbut in the documentation stated "use RH-TRUST" for getting a trust token17:08
*** jog0 has joined #openstack-dev17:08
ayoungdolphm, just add the auth router entries to the trust router17:08
*** gargya has quit IRC17:09
dolphmgyee: diff patchset 3 and 2 https://review.openstack.org/#/c/25022/17:09
*** SergeyLukjanov has quit IRC17:09
*** colinmcnamara has quit IRC17:10
ayoungdolphm, since this really is a "what we are committing to" issue, we can state that , while getting a trust based token from /auth will work, it is not expected to be supported in the future.  We can even open a bug for it.17:10
*** jruzicka has quit IRC17:10
ayoungperhaps disabling between RC1 and RC2 if permitted?17:11
*** lmatter has joined #openstack-dev17:11
ayounghenrynash, heckj, gyee does ^^ agree with you guys?  duplicate /auth into /RH-TRUSTS and document only the second URL is supported for getting tokens from trusts?17:12
gyeeayoung, sure17:13
*** garyk has quit IRC17:14
maurosrladquin: hey take a look http://paste.openstack.org/show/34236/17:14
maurosrladquin: it's a PUT method =)17:14
*** Yada has quit IRC17:14
*** mkerrin has quit IRC17:15
ladquinmaurosr, right!17:15
ladquinmaurosr, never thought of specifying that... !17:15
*** jruzicka has joined #openstack-dev17:16
maurosrladquin: yeah.. I was trying it using post... just realized when I checked the api_samples.py. and couldn't find it lokking for _post('os-services')17:16
*** jaybuff has left #openstack-dev17:16
*** mkerrin has joined #openstack-dev17:16
ladquinmaurosr, sorry for wasting your time on this, I thank you a ton17:17
ladquinthe doc patch is ok then17:17
maurosrladquin: np.. I'm glad to help =)17:18
ladquinobrigada!17:19
ayoungdolphm, you must be tired, too. you are spilling our dev conversation over to #openstack17:20
ayoungdolphm, so, do you want to duplicate the auth urls?  I defer to you on that one17:21
*** cp16net is now known as cp16net|away17:21
*** markmcclain has quit IRC17:22
*** jdurgin1 has quit IRC17:22
*** cp16net|away is now known as cp16net17:23
*** mestery has joined #openstack-dev17:24
*** salgado-lunch is now known as salgado17:24
*** colinmcnamara has joined #openstack-dev17:25
*** yidclare has quit IRC17:27
dolphmand ideally in middleware17:27
*** dolphm has quit IRC17:27
*** yidclare has joined #openstack-dev17:29
*** bdpayne has quit IRC17:30
*** Ryan_Lane has joined #openstack-dev17:31
*** mohits has joined #openstack-dev17:31
*** bdpayne has joined #openstack-dev17:31
gyeedolphm, ayoung, I missed most of the conversation about trust is broken17:31
gyeewhat's actually broken? its not solving the use cases we have? it have a security hole or what?17:31
*** rmohan has quit IRC17:31
*** rmohan has joined #openstack-dev17:33
*** rmohan has quit IRC17:34
*** rmohan has joined #openstack-dev17:35
*** rmohan has quit IRC17:35
*** rmohan has joined #openstack-dev17:35
*** rushiagr has joined #openstack-dev17:36
*** andrewbogott is now known as andrewbogott_afk17:36
ayounggyee, nothing is broken.  The concern is that is a very new feature, and it might need some more trial and error to get 100% correct, so they want to move the API out of /v3 and into /RH-TRUSTS.17:37
*** olaph has joined #openstack-dev17:37
*** retr0h has quit IRC17:38
ayoungThe good news there is that it means trusts can change without breaking the V3 contract.  The bad news is that Trusts itself has no versioning yet.  But it is a trade off17:38
*** retr0h has joined #openstack-dev17:38
*** retr0h has joined #openstack-dev17:38
*** romcheg1 has joined #openstack-dev17:39
ayounggyee, so I'll just have to do something like this: http://stackoverflow.com/questions/12037476/versioning-a-restful-api-with-both-xml-and-json-content-type17:39
*** rmohan has quit IRC17:40
*** rmohan has joined #openstack-dev17:40
gyeeayoung, yeah, sounds good17:40
*** torandu has quit IRC17:40
*** rmohan has quit IRC17:40
*** rmohan has joined #openstack-dev17:41
*** torandu has joined #openstack-dev17:41
*** berendt has quit IRC17:41
gyeeayoung, or you can version the trust itself17:42
ayounggyee, heh...I guess I can always add a version field on there, but I think that might be a bit overkill17:42
*** dontalton has joined #openstack-dev17:42
gyeeayoung, actually not overkill17:43
ayoungI'd be more likely to do a migration for trusts and then to either remove old ones or upgrade them17:43
ayoungright now they are all in a single system17:43
gyeeif you version the trust, you are free to make major changes17:43
*** mrunge has quit IRC17:43
ayoungUntil we do trusts with crypto signatures, they won't be usable outside a single keystone system17:43
dimsayoung, adding version to Accept or new content-type?17:44
gyee{"trust": {"id":"blah", "version":"1", "data":"whatever"}}17:44
ayoungdims, I don't know.  I'll burn that particual barn when I decide I've freed all the livestock over the bridge?17:44
dimslol17:45
dims:)17:45
* dims is just being curious and nosy17:45
ayoungdims, want to see something that should pique your curiostiy even more?17:45
dimsayoung, sure17:46
*** SergeyLukjanov has joined #openstack-dev17:46
*** manas has quit IRC17:46
ayoungdims, https://review.openstack.org/#/c/24443/17:46
*** garyk has joined #openstack-dev17:46
openstackgerritA change was merged to openstack/swift: instruction command was not documented in right format.  https://review.openstack.org/2499617:46
*** jbresnah has quit IRC17:47
dimsayoung, what no use of xsl? :)17:48
*** jbresnah has joined #openstack-dev17:48
ayoungdims, oh no17:48
ayoungnot for baseline17:48
dimsayoung, kidding :)17:48
ayoungthat is a deployment decision17:48
*** hemna has quit IRC17:48
*** jpich has quit IRC17:48
*** hemna has joined #openstack-dev17:48
ayoungdims, the idea is that we provide a place holder for CSS and Javascript files, and then it is up to the deployer how to render it17:48
dimsayoung, this would be very handy17:49
ayoungI know17:49
ayoungdims, I've walked down this road a time or two before17:49
ayoungAdd in CORS support and bam17:49
dimswhat i like is the auto-discovery aspects of it17:49
ayoungdims, yeah, I think this whole REST HATEOAS thing might just have some legs to it17:50
*** lglenden has joined #openstack-dev17:50
*** romcheg1 has left #openstack-dev17:51
sdaguedtroyer: you about? was hoping you'd submit a Grenade session into the QA track at summit, as would really like to figure out how to get that into the QA normal workflow17:52
*** Brad_K has joined #openstack-dev17:52
*** Brad_K has joined #openstack-dev17:52
*** Brad_K has quit IRC17:52
*** eglynn has quit IRC17:53
*** Brad_K has joined #openstack-dev17:53
*** Brad_K has joined #openstack-dev17:53
*** andrewbogott_afk is now known as andrewbogott17:54
dimsayoung, we had a system where the inital GET would throw a WWW-Authenticate challenge and would respond back with a list of available services and you could then turn around and call each service to poke around (all json, no html rendering)17:54
*** lmatter has quit IRC17:55
*** zzs has joined #openstack-dev17:56
*** Ryan_Lane has quit IRC17:56
ayoungdims, I think that technically that is the letter of the HTTP spec17:56
dimsayoung, thanks for sharing17:56
ayoungdims, feel free to contribute.  Input, code, snide comments, beer....17:57
*** mrodden1 has joined #openstack-dev17:57
* gyee love to do beer review17:58
dimswell, i can promise the last one :) at portland17:58
*** derekh has quit IRC17:58
*** mrodden has quit IRC17:59
dimsgyee, sounds good :) will find you too17:59
*** sulo_ has quit IRC17:59
*** rushiagr has quit IRC18:00
davidkranzttx: Any chance we could beg another slot for QA?18:00
ayoungheckj, you still around?18:01
*** woodspa_ has joined #openstack-dev18:01
heckjyep - lurking while I'm in meetings at the office18:02
*** edmund2 has joined #openstack-dev18:02
*** morganfainberg has joined #openstack-dev18:02
ayoungheckj, do you think we should duplicate the /auth URLS under /RH-TRUSTS?  I wasn't clear on doph's response, and don't want to pull the trigger on his patch yet18:02
*** shardy is now known as shardy_afk18:03
*** mrodden1 has quit IRC18:03
*** mrodden has joined #openstack-dev18:03
heckjI need to read deeper to have a sense18:03
*** lmatter has joined #openstack-dev18:03
*** Mandell has quit IRC18:04
ayoungheckj, basically, to use trusts, even with the CRUD moving to /RH-TRUSTS means a change to POST /auth/tokens18:04
ayoungAs an interim change we can18:04
*** andreaf has quit IRC18:04
ayoungduplciate all of /v3/auth  urls into /RH-TRUSTS18:04
ayoungand state only those will be supported for creating tokens from trusts18:04
*** woodspa has quit IRC18:05
*** kpavel has quit IRC18:05
ayoungThen, in RC2 if allowed, we can explicitly disallow using /auth/tokens to create a token from a trust18:05
*** danwent_ has joined #openstack-dev18:05
*** devoid has joined #openstack-dev18:06
*** edmund1 has quit IRC18:06
*** danwent has quit IRC18:06
*** danwent_ is now known as danwent18:06
openstackgerritA change was merged to openstack/oslo-incubator: Remove detailed-errors from setup.cfg.  https://review.openstack.org/2501518:07
*** dolphm has joined #openstack-dev18:08
*** jbresnah has quit IRC18:08
gyeeayoung, its a conspiracy, you actually want trust tokens to be kerberos :)18:08
*** mestery has quit IRC18:08
ayounggyee, yeah, right, sure.18:09
ayoungI just want bearer tokens to go away18:09
ayoungthe rest is commentary18:09
*** rushiagr has joined #openstack-dev18:09
*** xga_ has joined #openstack-dev18:10
*** imsplitbit has joined #openstack-dev18:10
*** mestery has joined #openstack-dev18:10
heckjayoung: sorry for the delays - running a meeting elsewhere at the same time, hard to split attention18:11
*** eglynn has joined #openstack-dev18:11
*** xga has quit IRC18:11
heckjayoung: seems reasonable to move them, but I get all itchy/scratchy about just replicating the code, and I haven't read through /auth and what happens under it right now18:11
ayoungheckj, so it wouldn't be replicating code, just dding additional entries into the routers18:12
ayoungheckj, I'll just add it to the patch...easy enough to rip out again later18:12
heckjayoung: cool18:12
*** branen has quit IRC18:13
*** alobbs has quit IRC18:13
dolphmayoung: updated patch -- don't know how i missed those failures18:13
ayoungdolphm, do you want the /auth routes duplicated?  Wasn't clear from your last if you agree18:14
*** alobbs has joined #openstack-dev18:14
dolphmayoung: i wrapped the scope request and response in RH-TRUST instead which is a bit more low impact and simpler to implement at this point18:15
ayoungdolphm, looking18:15
*** rushiagr has quit IRC18:16
ayoungdolphm, OK, I see.  did termie really get an oauth impl completed last night?18:16
dolphmayoung: havent tested but yes lol18:17
ayoungdolphm, posted?18:17
dolphmon his github18:17
ayoungcool. I'll take a look18:17
*** Mandell has joined #openstack-dev18:17
*** digitalsanctum has quit IRC18:18
*** rmohan has quit IRC18:19
heckjwouldn't surprise me18:20
ayoungdolphm, so the body of tests pass. Ran them locally18:20
dolphmsame18:20
ayoungdolphm, for your patch...18:20
*** rmohan has joined #openstack-dev18:21
crazeddolphm: ayoung, https://review.openstack.org/25038 i set up a basic patch that allows arbitrary ldap attribute mapping18:22
*** eglynn has quit IRC18:22
ayoungcrazed, the whole LDAP  config is becoming its own domain specific language. But nice work18:23
*** mrodden has quit IRC18:23
ayoungcrazed, any reason you only test user in the live tests?  Any reason that test can't be in the bas LDAP tests?18:24
ayoungbase18:24
*** mrodden has joined #openstack-dev18:24
crazedayoung: they could possibly be in ldap base, didn't check if it worked with fakeldap though18:25
*** jbresnah has joined #openstack-dev18:25
crazedayoung: i just wanted to get something basic, i can add more tests for more than just user18:25
ayoungcrazed, please do so.  If now, It should be annotated18:25
ayoungyeah, user is the most important18:26
ayoungjust asking...18:26
*** johnthetubaguy has quit IRC18:26
*** heckj has quit IRC18:26
*** heckj has joined #openstack-dev18:26
crazedit is funny that the config is becoming a dsl, but ldap is complicated18:27
*** digitalsanctum has joined #openstack-dev18:28
ayoungcrazed, yeah, and this even supports only a subset of what people want from it.18:28
*** psedlak has quit IRC18:29
crazedthere isn't tls support yet right?18:29
crazedi think that's the last piece that would be necessary for full integration for my personal use case at least18:29
topolcrazed not yet18:29
crazedi can use ldaps in the meantime though18:29
dolphmheckj: ayoung: approve? https://review.openstack.org/#/c/25019/18:30
topolcrazed Im starting it today but if I am too slow you can take the work item18:30
ayoungdolphm, lets let jenkins confirm first18:30
ayoungI mean, I ran the unit tests.18:31
dolphmayoung: jenkins will still gate18:31
ayoungtrue18:31
*** dims has quit IRC18:31
ayoungI'm ok with it. Pull the trigger if you feel comfortable18:32
*** mrodden has quit IRC18:32
crazedtopol: cool yeah, if you need some help i can probably find some time, but have some other things i need to take care of18:32
*** anniec has joined #openstack-dev18:32
*** mrodden has joined #openstack-dev18:33
dolphm+1 from smokestack18:33
*** esp has quit IRC18:33
*** gyee has quit IRC18:33
*** mestery has quit IRC18:33
*** dims has joined #openstack-dev18:34
openstackgerritA change was merged to openstack/keystone: Add a dereference option for ldap  https://review.openstack.org/2413918:34
*** lmatter has quit IRC18:35
crazedwoot18:35
*** mestery has joined #openstack-dev18:36
*** kpavel has joined #openstack-dev18:36
*** yidclare has quit IRC18:36
*** spzala has quit IRC18:40
*** danwent has quit IRC18:40
*** lglenden has quit IRC18:41
*** mestery has quit IRC18:42
*** kmartin has quit IRC18:43
*** dspano has joined #openstack-dev18:43
*** ruhe has joined #openstack-dev18:44
russellbttx: will there be a BoF room or something at the design summit?  I've got a proposal to discuss an unofficial project, probably because he wasn't sure where to propose it.18:45
dolphmayoung: grr, accidentally rebased the patch on master instead of uploading the backport ... you can review now, but don't approve until master is merged https://review.openstack.org/#/c/25040/18:45
*** roampune has quit IRC18:46
ayoungdolphm, ha!  Why new change ID?18:46
*** cp16net is now known as cp16net|away18:46
*** adjohn has quit IRC18:46
dolphmayoung: they're both on the same change id https://review.openstack.org/#/q/I32b32fc5df8d8483ae8e99067f0655c13c6f520b,n,z18:46
dolphmdifferent branches18:47
ayoungah18:47
ayoungOK...be nice to be able to diff them, and confirm they are the same....let me do that18:47
*** danpb has quit IRC18:47
*** melwitt has joined #openstack-dev18:48
*** Ryan_Lane has joined #openstack-dev18:49
*** krtaylor has quit IRC18:49
*** corXi has quit IRC18:49
*** yidclare has joined #openstack-dev18:49
ayoungdolphm, +2ed18:50
topolcrazed, I will give you daily status updates.  I got swamped this week and feeling guily about being the bottleneck on this18:50
*** markmcclain has joined #openstack-dev18:50
dolphmayoung: agree18:51
openstackgerritA change was merged to openstack/horizon: Tiny Mistake in Document  https://review.openstack.org/2477918:51
*** sulo_ has joined #openstack-dev18:51
openstackgerritA change was merged to openstack/swift: Fix bugs in bulk and slo and small doc change.  https://review.openstack.org/2500418:53
*** alobbs has quit IRC18:53
*** mohits_ has joined #openstack-dev18:53
*** ruhe has left #openstack-dev18:53
*** mohits has quit IRC18:54
*** bdpayne has quit IRC18:55
*** Yada has joined #openstack-dev18:56
*** bdpayne has joined #openstack-dev18:56
*** annegentle has joined #openstack-dev18:57
*** n0ano has joined #openstack-dev18:57
ayoungcrazed, something I just realized.  Before you post a new version of a patch, rebase the old version, so that you can do "diff to previous version" and seee only your changes.  It would be nice if Gerrit did that for you.  If you don't then the diffebetween Patch sets 1 and 2 show all of the difference pulled in by the rebase.  Rebasing is done with a button on the gerrit panel at the bottom of the PAtchset.  It is only visible18:57
ayoungwhen something has been committed on top of the parent.18:57
*** vipul is now known as vipul|away18:58
*** rmohan has quit IRC18:59
henrynashayoung, heck, dolphm: so we are good for the trust move to extensions…looks ok to me?18:59
dolphmhenrynash: the change is gating now i think18:59
dolphmhenrynash: https://review.openstack.org/#/c/25019/19:00
dolphmayoung: how did you confirm that it was identical by the way? i've cherry-picked on top of the patch to master, but that doesn't always work lol19:00
henrynashdolphm: ah, looking at the wrong one!  ok19:00
*** xga_ has quit IRC19:01
crazedayoung: ah! okay, thanks for the pointer, i'll be sure to run that in the future19:01
ayoungdolphm, I checked both out into my tree and ran git diff19:01
dolphmhenrynash: waiting to approve the backport until the change to master goes through19:01
*** lloydde has quit IRC19:01
ayounggit diff trusts-to-extension-master trusts-to-extension-milestone19:01
*** rmohan has joined #openstack-dev19:01
ayoungmaybe I flubbed the checkout calls and they are identical...let me look19:02
*** cp16net|away is now known as cp16net19:02
*** cp16net is now known as cp16net|away19:02
*** mrodden1 has joined #openstack-dev19:03
ayoungnope, different commits19:03
*** cp16net|away is now known as cp16net19:03
*** datsun180b_ has joined #openstack-dev19:04
*** datsun180b has quit IRC19:04
*** datsun180b_ is now known as datsun180b19:04
*** darraghb has quit IRC19:05
*** mrodden has quit IRC19:05
*** dolphm has quit IRC19:05
*** alobbs has joined #openstack-dev19:08
*** rnirmal has quit IRC19:08
*** dolphm has joined #openstack-dev19:08
*** rmohan has quit IRC19:09
*** digitals_ has joined #openstack-dev19:09
*** rmohan has joined #openstack-dev19:09
*** dolphm has quit IRC19:10
*** colinmcnamara has quit IRC19:10
*** colinmcnamara has joined #openstack-dev19:11
*** digitalsanctum has quit IRC19:12
*** dolphm has joined #openstack-dev19:12
*** adjohn has joined #openstack-dev19:15
*** colinmcnamara has quit IRC19:15
*** danwent has joined #openstack-dev19:16
*** rushiagr has joined #openstack-dev19:18
openstackgerritA change was merged to openstack/keystone: Move trusts to extension  https://review.openstack.org/2501919:20
*** rushiagr1 has joined #openstack-dev19:21
*** eglynn has joined #openstack-dev19:22
*** annegentle has quit IRC19:23
*** alobbs has quit IRC19:23
*** rushiagr has quit IRC19:25
*** Brad_K has quit IRC19:25
*** lloydde has joined #openstack-dev19:26
*** soody has joined #openstack-dev19:26
*** olaph has quit IRC19:27
*** adjohn has quit IRC19:29
*** annegentle has joined #openstack-dev19:29
*** olaph has joined #openstack-dev19:29
*** olaph_ has joined #openstack-dev19:33
*** edmund2 has quit IRC19:33
*** alop has quit IRC19:34
*** lmatter has joined #openstack-dev19:35
*** olaph has quit IRC19:36
*** olaph__ has joined #openstack-dev19:36
*** olaph_ has quit IRC19:38
*** roampune has joined #openstack-dev19:39
*** rushiagr1 has quit IRC19:39
openstackgerritA change was merged to openstack-infra/devstack-gate: Rename SCREEN_DEV to USE_SCREEN  https://review.openstack.org/2492519:39
*** vipul|away is now known as vipul19:42
*** hemna has quit IRC19:42
*** olaph has joined #openstack-dev19:44
*** olaph__ has quit IRC19:45
*** burris has quit IRC19:45
*** hemna has joined #openstack-dev19:52
*** mrodden1 has quit IRC19:55
*** ametts-atl has joined #openstack-dev19:55
ametts-atlttx: ping19:57
*** gyee has joined #openstack-dev19:57
*** zaitcev has joined #openstack-dev19:57
*** jbresnah has quit IRC19:58
*** woodspa__ has joined #openstack-dev19:58
*** edmund1 has joined #openstack-dev19:58
*** dolphm has quit IRC19:58
*** rkukura has quit IRC19:59
ametts-atlWant to propose Maconi sessions at summit.openstack.org, but there doesn't seem to be a suitable option in the "Topics" drop-down.  (https://wiki.openstack.org/wiki/Marconi)19:59
*** dolphm has joined #openstack-dev20:00
*** datsun180b_ has joined #openstack-dev20:01
*** woodspa_ has quit IRC20:02
*** jbresnah has joined #openstack-dev20:04
*** Guest60252 has joined #openstack-dev20:04
*** Yada has quit IRC20:04
*** datsun180b has quit IRC20:04
*** datsun180b_ is now known as datsun180b20:04
*** pmyers has quit IRC20:04
*** noslzzp has joined #openstack-dev20:04
*** primeministerp has quit IRC20:07
*** tonyha has quit IRC20:07
*** vipul is now known as vipul|away20:09
*** lmatter has quit IRC20:09
openstackgerritA change was merged to openstack/tempest: Remove skips in volume types tests.  https://review.openstack.org/2491720:10
openstackgerritA change was merged to openstack/tempest: Updating the try/except blocks to assertRaises.  https://review.openstack.org/2450320:10
*** vipul|away is now known as vipul20:11
openstackgerritA change was merged to openstack/tempest: Add service cleanup handler for test_list_services.  https://review.openstack.org/2464220:15
*** cp16net is now known as cp16net|away20:15
*** digitals_ has quit IRC20:16
*** lmatter has joined #openstack-dev20:16
*** stevemar has quit IRC20:17
*** dolphm has quit IRC20:17
*** kmartin has joined #openstack-dev20:17
*** dolphm has joined #openstack-dev20:18
*** manas has joined #openstack-dev20:19
*** cp16net|away is now known as cp16net20:20
*** stackKick has joined #openstack-dev20:20
*** noslzzp has quit IRC20:21
*** ametts-atl1 has joined #openstack-dev20:21
*** lmatter has quit IRC20:22
*** ametts-atl has quit IRC20:23
*** noslzzp has joined #openstack-dev20:25
*** jruzicka has quit IRC20:25
*** eglynn has quit IRC20:26
*** janisg has quit IRC20:27
termie.... and awake again20:28
*** mrodden has joined #openstack-dev20:29
dolphmtermie: good morning20:29
*** manas has quit IRC20:29
termieayoung: not a full implementation, no, just all the groundwork (with working oauth), needs a bunch of cleanup and database access calls20:29
kbringardtermie lives20:29
*** pixelbeat has quit IRC20:29
dolphmheckj: ayoung: gyee: henrynash: i believe we wanted to backport this ldap fix? https://review.openstack.org/#/c/25050/20:30
ayoungtermie, I';ve already cherry-picked20:30
ayoungtermie, I plan on using this to fill in my gaps on oauth among other things20:30
ayoungdolphm, chatted a bit about it with crazed thought he was still working on it.20:31
*** cloudchimp has quit IRC20:31
dolphmayoung: about the dereference option? he's working on a different fix i thought20:31
ayoungah...right, yeah this is the one for backport...please!20:32
termieayoung: cherry-picked as in you are looking at the code?20:32
termiedid anybody have any info on how i stop not being able ot run any tests20:32
termiei think it is a fairly bad sign that we are leaking file descriptors20:32
ayoungtermie, meaning I have your git repo as one of my remotes and I cherry-picked the two patches and viewed a diff of them together to see the net state.20:33
ayoungtermie, to be honest, the last I had heard about leaked file descriptors was last night...are you running on a Mac?20:33
*** jog0 has quit IRC20:33
ayoungI've not seen that on Fedora or RHEL20:33
dolphmayoung: what's their ulimit?20:34
dolphmby default20:34
ayoungdolphm, one sec20:34
termieayoung: i am running on a mac, yea20:34
termieayoung: but things don't generally run into the ulimit20:34
ayoungopen files                      (-n) 102420:34
dolphmno, they shouldn't20:34
termieayoung: as in, nothing else ever20:34
termiemine is at 1024 too20:34
ayoungtermie, my guess is it is popen20:34
ayoungspecifcially the monkeypatch thing20:34
*** radez is now known as radez_g0n320:34
ayoungI think that openssl is not being run correctly via popen from the mac.  The question is,  why?20:36
ayoungtermie, does lsof show you anything?20:36
dolphmayoung: too many open tcp ports ...20:38
dolphmfrom python20:38
ayoungthat isn't ssl20:38
ayoungdolphm, pythonkeystone client tests?20:38
dolphmtest_v3_*20:38
*** adjohn has joined #openstack-dev20:39
openstackgerritA change was merged to openstack/python-openstackclient: Add extra-specs support for volume-type  https://review.openstack.org/2398120:39
dolphmayoung: termie: from test_v3_auth running for a few seconds http://paste.openstack.org/raw/34249/20:40
termieyeah20:41
termiegetting that also20:41
*** colinmcnamara has joined #openstack-dev20:41
ayoungsomething is not closing database connections20:42
termieayoung: the tests ;)20:42
dolphmsee keystone.common.sql.util20:42
ayoungonly in v3?20:42
dolphmayoung: that just happened to be where the suite failed for me when i set the limit to 6420:42
ayoungAh, ok, probably all sql based tests20:43
termieyay morning when the brain starts working again20:43
*** adjohn has quit IRC20:44
ayoungMorning?  Last I checked, even SF was on DST so unless you are in Hawaii...20:44
termieayoung: morning == 8 - 12 hours after i go to sleep20:44
dolphm+120:44
ayoungtermie, after I went to bed last night I had a 3yo with a nightmare and then a 6 year old that likes to get up at 5.  8-10 hours is a thing of the past for me20:45
ayoungActually, 5 is exagerating20:45
ayoungMOre like 6:3020:45
*** alobbs has joined #openstack-dev20:46
*** beagles is now known as beagles|kids_mus20:47
*** KurtMartin has joined #openstack-dev20:47
*** colinmcnamara has quit IRC20:48
dolphm630 is sleeping in20:48
termiedayumn dolphm bringing the hammer20:48
termie"i get up two days ahead of time, every day"20:49
*** digitalsanctum has joined #openstack-dev20:50
mikalHand up if you understand moniker...20:50
ayoungdolphm, yeah, he has started sleeping later on school days.  But he's up with the sun on weekends.20:53
ayoungdolphm, we have two different things doing DB connectson.  The migrations and the tests themselves.20:53
*** voliveirajr has quit IRC20:54
ayoungdolphm, what was the way that we set up the tests to run prior to using the migrations?  The SQL alchemy thing that uses the code to establish the schema?20:54
termieit sort of seems like these tests should be a lot faster to begin with :p20:54
dolphmayoung: and the application itself20:54
dolphmtermie: they've gotten a lot slower since december or so20:54
termiei added some code to clean up the connection in the teardown, no effect yet20:55
dolphmtermie: i made a bunch of test performance improvements and had the entire suite running in < 1 min on my air20:55
ayoungtermie, yeah.  Part of the problem is that we are running through the whole migration process for each one.  With sqlite that isn;t necessary but it is for mysql/postgres.20:55
termieayoung: are youd oing it for sqlite as well?20:55
*** kmartin has quit IRC20:55
termieayoung: even though it isn't necessary20:55
termiebecause as far as i know i am not running mysql on this machine?20:56
termiei wouldn't be surprised if migrations never expected to be run in process and as such don't close properly20:56
ayoungtermie, we had logic to bypass it at one point, but we were running the unit tests against a different layout than the migrations, and we unified them...it means the tests run slower.  I'd like to find a better middle ground20:57
termiebecause to hit 1024 descriptors in just a few tests it has to do a lot of connections20:57
ayounglet me pull up the commit, should be easy to bypass20:57
*** hemna has quit IRC20:57
dolphmOOH ya'll just reminded me of a patch i've been waiting until havana to write20:57
*** hemna has joined #openstack-dev20:58
*** ametts-atl has joined #openstack-dev20:58
*** lmatter has joined #openstack-dev20:58
termiehmm, i dropped the removal of the pristine db, seemed like a slight speedup but still too many filesing20:59
*** Ryan_Lane has quit IRC20:59
*** rkukura has joined #openstack-dev21:00
*** rafaduran has left #openstack-dev21:01
*** ametts-atl1 has quit IRC21:01
*** esp has joined #openstack-dev21:01
ayoungtermie, so one hack I do is mount the /tests directory on a ramdisk21:02
ayoung sudo mount -t tmpfs -o size=256M tmpfs /opt/stack/keystone/tests21:02
ayoungsqlite to memory much faster21:02
ayoungtermie, dolphm  git show ed252e0f21:03
ayoungargh21:04
ayoungwrong highlight...1 sec21:04
termieis this not happening for anybody else?21:04
dolphmayoung: https://review.openstack.org/#/c/25055/21:04
*** mestery has joined #openstack-dev21:06
termiedolphm: (running with those changes)21:06
*** gasbakid has joined #openstack-dev21:06
termiedolphm: (or rather, testing)21:06
termiedolphm: still too many files21:06
dolphmtermie: that shouldn't affect file limits21:06
dolphmtermie: this is just fixing a pet peeve that has propogated21:06
*** gasbakid has quit IRC21:07
termieah21:07
*** Ryan_Lane has joined #openstack-dev21:07
*** jog0 has joined #openstack-dev21:08
ayoungdolphm, have you run that against mysql or just sqlite?21:09
*** giulivo has quit IRC21:09
*** rcj has quit IRC21:09
*** flaper87 has quit IRC21:10
dolphmayoung: just sqlite, was hoping you'd do sql21:10
*** mestery has quit IRC21:11
dolphmayoung: i figure now is a good time to make this fix since no one is writing migrations (hopefully)21:11
*** adjohn has joined #openstack-dev21:13
termieso21:13
*** BLZbubba has quit IRC21:13
termiei switched the sqlite pool to "NullPool"21:13
gyeedolphm, sure, backporting dereferencing sound good21:13
*** BLZbubba has joined #openstack-dev21:13
termiewhich will open and close a connection every time it is accessed21:13
termieand the problem goes away21:13
termieseems like the problem is that we must be leaking the pools, we're using a static pool by default21:14
termiewhich means 1 connection and it gets re-used21:14
termiebut somehow it must not be getting fully cleaned up after tests21:14
termieat the moment we are making a new engine something like 20 times per call21:15
*** dolphm has quit IRC21:16
*** janisg has joined #openstack-dev21:20
*** CaptTofu has quit IRC21:20
*** CaptTofu_ has joined #openstack-dev21:20
*** topol has quit IRC21:20
termieah, found the culprit21:23
termiewe're never setting a global engine21:23
*** john5223 has quit IRC21:24
ttxdavidkranz: depends on your neighbors on the schedule21:24
ayoungtermie, if I remember correctly, that was due to trying to get this to run with in memory sqlite.21:24
ayoungtermie, where'd you find that...I am too tired-stupid to remember21:24
ttxrussellb: we have an "unconference room"21:25
termieayoung: yeah, that is the reason given in the code, i'll just have to check how to enable it for more use cases21:25
ttxall 4 days21:25
termieayoung: keysone.conmmon.sql.core:Base21:25
ayoungtermie, there is something in the migrate code, outside of Keystone that destroys the engine21:25
ttxametts-atl: yes, htat's by design. Summit is limited to official projects. There is an unconference room for everything else21:25
ayoungwith in memory sqlite, it means the whole DB goes away.  Very unfriendly21:26
ayoungtermie, BTW, did you get the status from what was decided about trusts?  It is an extension, although part of the grizzly release.21:27
termieyeah, heckj fileld me in21:27
*** aeperezt has quit IRC21:27
*** CaptTofu_ has quit IRC21:27
heckjfileld? I think you meant "filed"21:27
*** CaptTofu has joined #openstack-dev21:28
termiewell, there is still _something_ wrong, even after switching to the start a new connection per call thing, domains just stop being created21:28
*** zbitter has joined #openstack-dev21:28
termieso it seems we're doing migrations in some cases and not in others21:28
termieheckj: i meant flied21:28
heckjbuzzzz21:29
termieheckj: defile21:29
openstackgerritA change was merged to openstack/keystone: Make versions aware of enabled pipelines.  https://review.openstack.org/2504521:29
ayoungOK, I'm out.  termie I assume you are more than capable of straightening out the sql mess.21:29
*** ayoung is now known as ayoung-afk21:29
termiei'm out too, thanks for taking care of this all henrynash21:29
*** CaptTofu has quit IRC21:30
*** zaneb has quit IRC21:31
*** yidclare has quit IRC21:31
*** CaptTofu has joined #openstack-dev21:31
russellbttx: thanks21:31
*** kaushikc has quit IRC21:32
*** yidclare has joined #openstack-dev21:33
ttxheckj: approved the backport, anything else we need in rc1 ?21:33
heckjttx: there's a LDAP dereference/bugfix that was also queue'd21:34
ttxheckj: I think that's what I just approved21:34
heckjah21:34
ttx"Add a dereference option for ldap"21:34
* heckj looks21:34
heckjthat's it21:34
ttxis the extension-ization in ?21:34
*** Guest60252 has quit IRC21:35
ttxlooks like it is21:35
heckjlooking - thought we'd pushed it through, but not seeing that in the search yet21:35
ttxOK, so when the ldap thing lands, i can cut rc121:35
heckjyep21:35
ttxprobably tomorrow morning21:35
heckjsounds good, thank you21:35
*** jcmartin has quit IRC21:36
*** CaptTofu_ has joined #openstack-dev21:36
ttxjust waive a red flag if I shouldn't21:36
*** CaptTofu has quit IRC21:37
*** mestery has joined #openstack-dev21:37
*** techlife has quit IRC21:38
*** eharney has quit IRC21:38
*** j303 has quit IRC21:42
*** jbresnah has quit IRC21:42
*** jbresnah has joined #openstack-dev21:43
*** olaph has quit IRC21:44
*** techlife has joined #openstack-dev21:44
*** olaph has joined #openstack-dev21:45
*** mestery has quit IRC21:47
*** list has joined #openstack-dev21:47
*** alop has joined #openstack-dev21:47
listHi21:47
ayoung-afkheckj, ttx, https://review.openstack.org/#/c/25040/21:48
ayoung-afkits in21:48
heckjyep, ttx found it - I was slow21:48
heckjayoung-afk: thnks21:48
ttxheckj: want me to cut now, or give you a chance to backport something else in the next hours ?21:49
ayoung-afkCut now please.21:49
heckjttx: if you're game to cut now, go ahead and do it21:49
ttxok let's do this21:49
*** burris has joined #openstack-dev21:51
ttxheckj, ayoung: still waiting on https://review.openstack.org/#/c/25050/21:52
*** jcmartin has joined #openstack-dev21:53
heckjnot long now - top of the list21:53
heckj(http://status.openstack.org/zuul/)21:54
ttxyep, I'm waiting21:54
*** annegentle has quit IRC21:57
*** noslzzp has quit IRC21:58
*** koolhead17 has quit IRC22:00
*** anniec has quit IRC22:02
*** diogogmt has quit IRC22:02
*** jergerber has quit IRC22:02
*** alop has quit IRC22:03
*** kbringard has quit IRC22:03
*** hemna has quit IRC22:03
*** spn has quit IRC22:03
*** hemna has joined #openstack-dev22:03
*** spn has joined #openstack-dev22:04
*** harlowja has quit IRC22:04
*** list has left #openstack-dev22:06
*** boris-42 has quit IRC22:06
*** mtreinish has quit IRC22:07
*** ivoks has quit IRC22:08
heckjttx: looks like it just finished through zuul22:08
ttxyep, onit22:10
ttxheckj: err. fail22:10
heckj:-(22:10
ttxlooks like it needs a reverify22:11
*** markmcclain has quit IRC22:11
ttxI'll let you push it and go to bed22:11
*** alobbs has quit IRC22:12
ttxheckj: ^22:12
*** eglynn has joined #openstack-dev22:12
heckjttx: thanks22:12
*** alobbs has joined #openstack-dev22:12
*** anniec has joined #openstack-dev22:14
*** mkollaro has quit IRC22:14
heckjdolphm: https://review.openstack.org/#/c/25050/ is failing out jenkins22:16
*** ametts-atl has left #openstack-dev22:18
*** digitalsanctum has quit IRC22:18
*** hattwick has quit IRC22:19
*** heckj has quit IRC22:19
*** soody has quit IRC22:21
*** hattwick has joined #openstack-dev22:22
*** lloydde has quit IRC22:23
*** kaushikc has joined #openstack-dev22:23
*** novas0x2a|laptop has joined #openstack-dev22:24
*** eglynn has quit IRC22:26
*** lloydde has joined #openstack-dev22:26
*** colinmcnamara has joined #openstack-dev22:28
*** dspano has quit IRC22:29
*** soody has joined #openstack-dev22:29
*** colinmcnamara1 has joined #openstack-dev22:29
*** colinmcnamara has quit IRC22:29
*** alunduil has joined #openstack-dev22:32
*** henrynash_ has joined #openstack-dev22:32
*** sacharya has quit IRC22:34
*** sulo__ has joined #openstack-dev22:34
*** colinmcnamara1 has quit IRC22:34
*** bknudson has quit IRC22:34
*** gongysh has joined #openstack-dev22:35
*** henrynash_ has quit IRC22:35
*** henrynash has quit IRC22:35
*** cloudchimp has joined #openstack-dev22:36
*** sulo_ has quit IRC22:37
*** sulo__ is now known as sulo_22:37
*** eglynn has joined #openstack-dev22:38
*** kaushikc has quit IRC22:39
*** andrewbogott is now known as andrewbogott_afk22:39
*** danjared has quit IRC22:40
*** olaph_ has joined #openstack-dev22:40
*** olaph has quit IRC22:41
*** jcmartin has quit IRC22:43
*** yidclare has quit IRC22:44
*** blamar has quit IRC22:44
*** olaph has joined #openstack-dev22:45
openstackgerritA change was merged to openstack/nova: nova-manage vm list fails looking 'instance_type'  https://review.openstack.org/2501022:48
openstackgerritA change was merged to openstack/swift: Fix for unicode issues in staticweb  https://review.openstack.org/2496022:48
*** olaph_ has quit IRC22:48
openstackgerritA change was merged to openstack/python-glanceclient: Trapping KeyboardInterrupt sooner.  https://review.openstack.org/2492322:48
openstackgerritA change was merged to openstack/python-glanceclient: Allow for prettytable 0.7.x as well  https://review.openstack.org/2269122:48
*** yidclare has joined #openstack-dev22:48
*** olaph has joined #openstack-dev22:48
*** SergeyLukjanov has quit IRC22:49
*** lloydde has quit IRC22:50
*** datsun180b has quit IRC22:50
*** lloydde has joined #openstack-dev22:50
*** Ryan_Lane has quit IRC22:50
*** anniec has quit IRC22:51
*** dolphm has joined #openstack-dev22:52
*** dolphm has quit IRC22:52
jog0sdague: ping22:53
*** dolphm has joined #openstack-dev22:53
*** lloydde has quit IRC22:56
*** annegentle_ has joined #openstack-dev22:58
*** lloydde has joined #openstack-dev22:58
*** lloydde has quit IRC22:59
*** 31NAC00I3 has joined #openstack-dev23:00
*** lloydde_ has joined #openstack-dev23:00
*** Tross has quit IRC23:00
*** digitalsanctum has joined #openstack-dev23:04
*** edmund1 has quit IRC23:04
*** lloydde has joined #openstack-dev23:05
*** hemna has quit IRC23:06
*** lloydde has quit IRC23:06
*** hemna has joined #openstack-dev23:06
*** danjared has joined #openstack-dev23:06
*** lloydde has joined #openstack-dev23:06
*** susanne-balle has quit IRC23:06
*** cloudchimp has quit IRC23:07
*** torgomatic has quit IRC23:08
*** lloydde_ has quit IRC23:08
*** harlowja has joined #openstack-dev23:09
*** eglynn has quit IRC23:10
*** torgomatic has joined #openstack-dev23:11
*** security has joined #openstack-dev23:11
*** megha has quit IRC23:12
*** jog0 has quit IRC23:16
cyeohdolphm: hi23:16
dolphmcyeoh: what's up?23:17
cyeohhey just wondering if you have a moment to talk about https://review.openstack.org/#/c/25065/23:17
*** tomoe_ has quit IRC23:17
*** zzs has left #openstack-dev23:19
cyeohdolphm: this is the test which picked up the issue with session.close() https://review.openstack.org/#/c/23660/ (it started failing after 022 was added)23:20
*** 31NAC00I3 is now known as jhesketh23:20
*** zzs has joined #openstack-dev23:20
*** woodspa__ has quit IRC23:21
dolphmcyeoh: what's special about 22?23:21
cyeoh022 was the first db migration to not either close or commit a session23:21
cyeohtest_migrations.py attempts to drop the database on tearDown, which fails because there is still a user of the db around23:22
cyeohif the session is closed its fine (I'm guessing its ok if the process with the session just exits as well which would be why it hasn't been picked up before)23:23
dolphmcyeoh: i don't believe that's true; most migrations don't commit or close anything23:23
dolphmcyeoh: random example from nova- https://github.com/openstack/nova/blob/master/nova/db/sqlalchemy/migrate_repo/versions/146_aggregate_zones.py23:23
*** zzs has quit IRC23:23
cyeohdolphm: hrm I think they do for keystone. I'm not sure what the difference between keystone and nova could be...23:24
*** zzs has joined #openstack-dev23:24
dolphmcyeoh: this commit removes every .commit() and .close() in every migration -- the migrations that did so were in the minority https://review.openstack.org/#/c/25055/23:24
cyeohdolphm: oh 146 doesn't create the orm.sessionmaker23:24
*** zzs has left #openstack-dev23:25
cyeohdolphm: yea I saw 25055 - it also creates causes users of the db to hang around for postgres. The session.close is only requied where there is a session = orm.sessionmaker(...) line23:26
dolphmcyeoh: so if migration 20 was the last migration, then it would fail?23:27
cyeohdolphm: with 25055 applied, yes23:29
dolphmhow do i reproduce this with db_sync on a real postgres server -- what do i look for to verify?23:29
*** anniec has joined #openstack-dev23:31
*** lloydde has quit IRC23:31
cyeohdolphm: hrm well test_migrations.py does use a real postgres server (https://review.openstack.org/#/c/23660/)23:32
dolphmcyeoh: yes, but users are using db_sync, not test_migrations or test_sql_upgrade23:32
dolphmcyeoh: i've got to run, but i'll keep your review open -- if you find a way to reproduce, will you leave a comment?23:33
cyeohdolphm: sure, will do23:33
dolphmcyeoh: thanks!23:33
*** alobbs has quit IRC23:33
*** dolphm is now known as dolphm_food23:34
*** kaushikc has joined #openstack-dev23:34
*** yidclare has quit IRC23:35
*** zb has joined #openstack-dev23:39
*** utlemming has quit IRC23:40
*** dims has quit IRC23:40
*** utlemming has joined #openstack-dev23:41
*** utlemming has quit IRC23:41
*** zbitter has quit IRC23:41
openstackgerritA change was merged to openstack/nova: Add caching for ec2 mapping ids.  https://review.openstack.org/2486323:42
*** hemna has quit IRC23:43
*** utlemming has joined #openstack-dev23:46
*** sulo__ has joined #openstack-dev23:52
*** sulo_ has quit IRC23:52
*** sulo__ is now known as sulo_23:52
openstackgerritA change was merged to openstack/nova: Make nova.virt.fake.FakeDriver useable in integration testing  https://review.openstack.org/2493823:53
*** jcmartin has joined #openstack-dev23:53
*** jcmartin__ has joined #openstack-dev23:54
*** kaushikc has quit IRC23:55
*** dims has joined #openstack-dev23:55
*** burris has quit IRC23:56
*** digitalsanctum has quit IRC23:57
*** jcmartin has quit IRC23:57
*** jcmartin__ is now known as jcmartin23:57
« Wednesday, 2013-03-20 Index Friday, 2013-03-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!