Wednesday, 2014-02-12

« Tuesday, 2014-02-11 Index Thursday, 2014-02-13 »
*** noslzzp has joined #openstack-dev00:00
*** anniec has quit IRC00:00
*** tanisdl has quit IRC00:00
*** otherwiseguy has joined #openstack-dev00:01
*** glenng has quit IRC00:01
*** jobewan has quit IRC00:02
*** ayoung has joined #openstack-dev00:02
*** glenng has joined #openstack-dev00:02
*** epim has quit IRC00:03
*** reed has quit IRC00:04
*** ijw_ has quit IRC00:04
*** atiwari has quit IRC00:04
*** rcleere has quit IRC00:05
*** matsuhashi has joined #openstack-dev00:06
*** ijw_ has joined #openstack-dev00:08
*** anniec has joined #openstack-dev00:08
*** jobewan has joined #openstack-dev00:10
*** jobewan has quit IRC00:12
*** ijw_ has quit IRC00:13
*** wchrisj|away is now known as chris_johnson00:13
*** kmartin has quit IRC00:15
*** marcoemorais has quit IRC00:15
*** thomasem has quit IRC00:15
*** kmartin has joined #openstack-dev00:16
*** godara has joined #openstack-dev00:16
*** changbl has quit IRC00:16
*** marcoemorais has joined #openstack-dev00:16
*** ssurana has joined #openstack-dev00:16
*** epim has joined #openstack-dev00:16
*** ijw has joined #openstack-dev00:17
*** sweston has joined #openstack-dev00:19
*** ssurana has quit IRC00:19
*** ssurana has joined #openstack-dev00:20
*** matsuhashi has quit IRC00:21
*** marcoemorais has quit IRC00:21
*** morazi has quit IRC00:21
*** flaper87 is now known as flaper87|afk00:21
*** matsuhashi has joined #openstack-dev00:21
*** noslzzp has quit IRC00:21
*** comay has quit IRC00:23
*** buzztrol_ has joined #openstack-dev00:24
*** clayb has quit IRC00:25
*** matsuhashi has quit IRC00:25
*** matsuhas_ has joined #openstack-dev00:25
*** comay has joined #openstack-dev00:25
*** buzztroll has quit IRC00:25
*** noslzzp has joined #openstack-dev00:27
*** praneshp has quit IRC00:27
*** mkollaro has quit IRC00:28
*** pablosan has joined #openstack-dev00:28
*** mriedem has joined #openstack-dev00:28
*** kevinconway has quit IRC00:29
*** relaxdiego has joined #openstack-dev00:30
*** anniec has quit IRC00:30
*** radez is now known as radez_g0n300:30
*** anniec has joined #openstack-dev00:34
*** relaxdiego has quit IRC00:34
*** noslzzp has quit IRC00:34
*** thuc has joined #openstack-dev00:36
*** thuc has quit IRC00:37
*** noslzzp has joined #openstack-dev00:37
*** newell_ has joined #openstack-dev00:37
*** thuc has joined #openstack-dev00:38
*** pixelb has quit IRC00:39
*** abhirc has quit IRC00:39
*** ssurana has quit IRC00:41
*** noslzzp has quit IRC00:42
morganfainbergbknudson, ooooh look at that00:42
morganfainbergbknudson, kds options are being picked up by the auto-gen tool00:42
roaetanyone familiar with tox asking for a password when attempting to build the environment?00:43
*** ytwu has quit IRC00:45
morganfainbergjamielennox, ping00:45
jamielennoxmorganfainberg: hello00:45
morganfainbergjamielennox, so i am about >.< close to proposing a fix so we can use auto-sample config generation00:45
morganfainbergjamielennox, the only issue left is that kds options are being picked up00:46
jamielennoxmorganfainberg: nice i tried that a while ago00:46
jamielennoxhmmm, yea00:46
morganfainbergdo you mind if i do a minor mangling of these options to work more like keystone's temporarily00:46
jamielennoxoslo config is not designed to have multiple projects like this00:46
morganfainbergjust make it a dict instead of a list00:46
jamielennoxwhat specifically?00:46
morganfainberginstead of API_SERVICE_OPTS = []00:47
morganfainbergjamielennox, API_SERVICE_OPTS = { None: [<opts>] } and have the registration happen based on that00:47
roaetnevermind, figured it out00:47
morganfainbergthe config generator is silly00:47
*** newell_ has quit IRC00:47
morganfainbergjamielennox, it can't parse a dict00:47
morganfainbergjamielennox, it wont change the opts or how they get registered00:48
morganfainbergjamielennox, just changes if the generator can see them00:48
*** newell has quit IRC00:48
morganfainbergauto-config-generator00:48
*** ytwu has joined #openstack-dev00:48
jamielennox.., are you trying to hide KDS or do KDS as well?00:48
*** newell has joined #openstack-dev00:48
morganfainberghide KDS00:48
jamielennoxright, hide00:48
morganfainbergthis is for keystone00:48
morganfainbergwe'll split KDS off into it's own project soon i hope (erm git repo)00:49
*** zhikunliu has joined #openstack-dev00:49
morganfainbergthen this doesn't matter00:49
jamielennoxif that's the only way then ok, i assume you can't just exclude the directory00:49
morganfainbergnope00:50
jamielennoxfix the generator to allow excluding a dir ?00:50
morganfainbergjamielennox, oslo-incubator...00:52
morganfainbergactually... let me just put help strings saying these are KDS and to ignore them.00:52
morganfainbergor00:52
morganfainbergargh00:52
morganfainberg...00:52
morganfainbergasfksd00:52
morganfainbergfjadslkfj00:52
*** sn6i23a has quit IRC00:53
jamielennoxseizure?00:53
*** ramishra has quit IRC00:53
morganfainberglol00:53
*** MaxV has joined #openstack-dev00:53
jamielennoxumm, if you are doing this as a tool can you do a script that just does rm -rf contrib/kds; gen_config; git checkout contrib/kds00:53
*** epim has quit IRC00:53
morganfainbergjamielennox, it looks for all .py files and extracts the OPTs00:54
*** bdpayne has joined #openstack-dev00:54
morganfainbergjamielennox, i'm just adding (KDS) in the front of the help text for your two options00:54
*** praneshp has joined #openstack-dev00:54
morganfainbergjamielennox, just indicates it's KDS specific00:54
jamielennoxmorganfainberg: ok, just trying to exhaust other options00:55
morganfainbergjamielennox, would need to break it out of the repo00:55
*** tzabal has left #openstack-dev00:55
morganfainbergjamielennox, it's really the only option00:55
jamielennoxthat would be good00:55
*** bdpayne_ has quit IRC00:56
*** buzztroll has joined #openstack-dev00:57
*** buzztrol_ has quit IRC00:57
*** MaxV has quit IRC00:58
*** melwitt has quit IRC00:58
*** kgriffs is now known as kgriffs_afk00:59
*** pablosan has quit IRC00:59
*** xarses has quit IRC00:59
*** CaptTofu has joined #openstack-dev01:00
*** browne has quit IRC01:01
*** nosnos has joined #openstack-dev01:01
*** cybojanek has joined #openstack-dev01:02
*** dperaza has quit IRC01:03
*** carl_baldwin has quit IRC01:03
morganfainbergjamielennox, yeah lets see about getting KDS into it's own repo asap :)01:03
jamielennoxmorganfainberg: i don't even know who to go to about that one01:03
morganfainbergjamielennox, i think we just need to go poke infra for a repo01:04
morganfainbergand make sure it lives under the keystone-core etc stuff01:04
morganfainbergoooor01:04
morganfainbergeven have a KDS team group made *shrug* that is managed under 'identity' program01:04
morganfainbergyanno01:04
morganfainbergshould poke dolphm about that again :)01:04
*** sarob has joined #openstack-dev01:05
*** david-lyle has quit IRC01:05
*** IanGovett has quit IRC01:06
*** devlaps has quit IRC01:07
*** stevemar has joined #openstack-dev01:09
*** devoid has quit IRC01:10
*** xmltok has quit IRC01:11
*** noslzzp has joined #openstack-dev01:11
*** jdennis has quit IRC01:11
*** sarob has quit IRC01:12
*** nelsnelson has quit IRC01:12
morganfainbergjamielennox, lol  13 files changed, 1995 insertions(+), 501 deletions(-), amazing what happens when you put a bunch more info in the sample config01:14
jamielennoxwow, that's huge01:14
morganfainbergjamielennox, well the sample configuration now has _every_ option in it01:15
morganfainbergyes, that includes kombu etc01:15
morganfainbergjamielennox, and i had to update a ton of the options to have help texts01:15
*** noslzzp has quit IRC01:15
jamielennoxmorganfainberg: the problem i found with that is that there is a lot of options coming out of openstack.common that we don't actually use01:15
morganfainbergjamielennox, yep, and that isn't something i can really change01:15
morganfainbergjamielennox, so if we aren't using it, we should eliminate it01:16
*** cybojanek has left #openstack-dev01:16
*** godara has quit IRC01:16
*** cybojanek has joined #openstack-dev01:17
*** anniec has quit IRC01:17
jamielennoxthings like notifier though would pull in the whole dir01:17
*** ykhodork has quit IRC01:17
morganfainbergjamielennox, yep01:18
jamielennoxwe would have to start listing common by file01:18
morganfainbergjamielennox, but it properly reflects the options available in keystone01:18
*** ctracey|away is now known as ctracey01:18
jamielennoxyea, it would be a good idea01:19
*** dims has quit IRC01:21
*** unicell has joined #openstack-dev01:23
*** ramishra has joined #openstack-dev01:24
morganfainbergjamielennox, https://review.openstack.org/#/c/72808/01:24
morganfainbergbknudson, https://review.openstack.org/#/c/72808/01:24
*** RajeshMohan has quit IRC01:25
*** Edward-Zhang has joined #openstack-dev01:25
*** RajeshMohan has joined #openstack-dev01:26
*** abhirc_ has joined #openstack-dev01:27
*** jdennis has joined #openstack-dev01:27
*** krtaylor has joined #openstack-dev01:28
*** ramishra has quit IRC01:28
morganfainbergbknudson, now with updated keystone.conf.sample https://review.openstack.org/#/c/72266/201:30
morganfainbergdhellmann_, thanks for the help today!! https://review.openstack.org/#/c/72808/01:30
*** zaitcev has quit IRC01:31
morganfainbergdolphm, stable/havana fix ready for looking at https://review.openstack.org/#/c/66149/01:32
*** cagrev has joined #openstack-dev01:32
ayoungdolphm, https://review.openstack.org/#/c/71181/  is very different now.  Vast majority of that patch is sample data for tests.01:33
*** Edward-Zhang has quit IRC01:34
*** mikeoutland has quit IRC01:35
nkinderayoung: I have a patch just about ready for review for eliminating extra searches for id_to_dn.01:35
ayoungnkinder, nice!01:35
nkinderayoung: I was able to extend it groups and it's passing all of the tests.  I cleaned up some of the user code too.01:35
ayoungno surprise there01:36
ayounghenrynash is going to need that code for the multi LDAP work01:36
nkinderayoung: I'm guessing it's OK to punt on the other objects for assignment since we usually have that in sql?01:36
ayoungnkinder, it would be good to have both of them done, but I think two separate patches is appropriate01:37
ayoungnkinder, I think that was one of the comments in the last code review01:38
*** thuc has quit IRC01:38
*** anniec has joined #openstack-dev01:38
nkinderayoung: ok, I'll double check that everything is working well.  I did hook it up to 389 DS to verify that there is only one search when running some of the client commands01:38
*** thuc has joined #openstack-dev01:38
ayoungnkinder, so unit testing for LDAP is a little wonky, but if you can run the LDAP live tests it would be appreciated01:39
nkinderayoung: somethign with the script to populate sample data wasn't working right when using the LDAP driver though.01:39
ayoungthey might have bit rotted01:39
ayoungit used to be01:39
ayoung./run_test.sh _ldap_livetests01:39
nkinderayoung: well, devstack was broken for LDAP (which I fixed)01:39
ayoungyeah...01:39
ayoungnkinder, the goal when henrynash gets the multi domain backnends is to have the gate run with both SQL and LDAP for identity01:40
nkinderso _ldap_livetests just assumes what about the ldap config?  Will it just use my keystone.conf settings?01:40
ayoungnkinder, it has its own config file01:40
nkinderayoung: so it will set up openldap?01:40
morganfainbergnkinder, i think it uses the live test config in keystone/tests/01:40
ayoungno01:41
ayoungit assumes an ldap server already running01:41
ayoungsee backend_liveldap.conf01:41
ayoungits based on the devstack LDAP setup01:41
nkinderok, which I need to configure in a certain way to match the tests I suppose01:41
ayoungbut feel free to munge that file to run the tests01:41
nkinderayoung: I'll likely just mimic the devstack setup with 389 DS then01:42
ayoung++01:42
nkinderok, well that's work for tomorrow then (not like I had any already) ;)01:42
jamielennoxbknudson: you've been doing the py33 work on client - does this look ok to you? https://review.openstack.org/#/c/72661/1/keystoneclient/middleware/auth_token.py01:43
*** thuc has quit IRC01:43
ayoungnkinder, BTW...I think I have a compressed token solution that should work around the Apache Headersize issues01:44
ayounghttps://review.openstack.org/#/c/71181/01:44
*** tqtran has quit IRC01:44
ayoungand with that...I'm going to go get dinner01:44
nkinderayoung: enjoy01:45
*** _cjones_ has quit IRC01:45
ayoungyeah01:45
*** tris has quit IRC01:48
*** mgagne has quit IRC01:49
*** lbragstad has joined #openstack-dev01:49
*** ayoung has quit IRC01:50
*** chris_johnson is now known as wchrisj|away01:51
*** danielbruno has quit IRC01:51
morganfainbergjamielennox, that is my understanding of the proper py33 way01:53
*** tsekiyam_ has joined #openstack-dev01:53
*** jckasper has joined #openstack-dev01:53
jamielennoxmorganfainberg: yea i thought so01:53
*** muehsi has quit IRC01:53
jamielennoxmorganfainberg: i hate string encoding01:54
morganfainbergjamielennox, ++++++++++++++++++01:54
morganfainbergjamielennox, i loathe it01:54
jamielennoxi don't care if py3 is better or worse i just never want to deal with it01:54
morganfainbergyou need to deal with it some limited cases in py301:55
*** killer_prince has quit IRC01:55
*** jckasper has quit IRC01:55
morganfainbergwhen you are dealing with hashing (needs to be byte_str)01:55
morganfainbergbut it's super limited01:55
*** jckasper has joined #openstack-dev01:55
morganfainbergi think i've run into an issue with it 2 or 3 times total. vs. every time someone uses a unicode text type... utf-801:55
morganfainbergoh yay!01:56
jamielennoxmorganfainberg: i was doing some socket level stuff and it was a right PITA01:56
morganfainbergreview day now guarantees a WIP patchset has a score of 001:56
morganfainbergwoooo :)01:57
*** tsekiyama has quit IRC01:57
morganfainbergso much better01:57
morganfainbergnow it claimes youre review Add cryptographic key storage is the #1 review for keystone01:57
*** tsekiyam_ has quit IRC01:58
morganfainbergs/youre/your01:58
morganfainbergjamielennox, ^01:58
jamielennoxlol, yea, it's been up for ages01:58
jamielennoxbut there are dependants01:58
morganfainbergbut it now is the top of the list01:58
morganfainbergjamielennox, because before ayoung's WIPs were all the top01:58
morganfainbergthe ones.. from like pre-havana release01:59
jamielennoxmorganfainberg: hmm, it really should ignore WIPs01:59
morganfainbergjamielennox, it effectively does now.  i don't think they shouldn't appear01:59
*** devoid has joined #openstack-dev01:59
morganfainbergjamielennox, maybe i should also propose a change that makes any non-wip score+1 value02:00
morganfainbergso WIPs are all at the bottom02:00
morganfainbergactually... i think i might do that.02:00
*** alop has quit IRC02:02
*** xuhanp has joined #openstack-dev02:02
jamielennoxi havene't used reviewday, there was a next-review or something02:02
*** anniec has quit IRC02:03
*** amcrn has quit IRC02:03
morganfainbergjamielennox, as soon as the JSON becomes available i will be making next-review use review-day's json (optionally)02:05
*** dkranz has joined #openstack-dev02:06
morganfainbergjamielennox, http://status.openstack.org/reviews/reviewday.json :(02:07
*** sweston has quit IRC02:07
jamielennoxForbidden02:07
morganfainbergyeah02:07
morganfainbergas soon as that is fixed02:07
morganfainbergnext review can be even coooooooler02:07
*** sarob has joined #openstack-dev02:09
*** tkay has quit IRC02:12
*** sarob has quit IRC02:13
*** yaguang has joined #openstack-dev02:14
*** gongysh has joined #openstack-dev02:18
noorulhello all02:18
*** MaxV has joined #openstack-dev02:19
noorulHow do we write plugins for keystone02:19
noorulIs there any documentations?02:19
nooruls/is/are02:19
*** sweston has joined #openstack-dev02:20
*** muehsi has joined #openstack-dev02:20
noorulI am looking to have separate identity and assignment back-end02:21
*** tdruiva has joined #openstack-dev02:22
*** spzala has quit IRC02:23
*** MaxV has quit IRC02:23
*** ramishra has joined #openstack-dev02:24
*** erkules_ has joined #openstack-dev02:26
*** Brainspackle has quit IRC02:26
*** Brainspackle has joined #openstack-dev02:26
*** zoresvit has joined #openstack-dev02:27
*** erkules has quit IRC02:28
*** ramishra_ has joined #openstack-dev02:28
*** ramishra has quit IRC02:29
jamielennoxnoorul: essentially no, you'll have to have a look at the drivers in keystone and try to emulate them02:30
*** angdraug has quit IRC02:33
*** pradeep has joined #openstack-dev02:35
*** novas0x2a|laptop has quit IRC02:38
*** godara has joined #openstack-dev02:39
*** ramishra_ has quit IRC02:40
nooruljamielennox: Can I have this code in separate repository?02:41
jamielennoxnoorul: yes that's fine02:41
nooruljamielennox: Python should be able to import the package, right?02:41
jamielennoxif you look at the backend config it's of the form driver = keystone.identity.backends.sql.Identity02:41
*** galstrom_zzz is now known as galstrom02:41
jamielennoxif you match that structure then it will load it for you02:42
noorulSo I should have keystone/identity/backends directory02:42
*** godara has quit IRC02:43
*** godara has joined #openstack-dev02:43
*** buzztroll has quit IRC02:43
noorulfor example if i have xx.py then I can just replace config to looke like this02:44
*** erkules_ has quit IRC02:44
*** buzztroll has joined #openstack-dev02:44
nooruldriver = keystone.identity.backends.xx.Identity02:44
*** mwagner_lap has joined #openstack-dev02:45
*** anniec has joined #openstack-dev02:45
*** erkules_ has joined #openstack-dev02:46
*** Tross has joined #openstack-dev02:46
*** godara_ has joined #openstack-dev02:46
*** godara has quit IRC02:48
jamielennoxyes02:48
jamielennoxnoorul: or you can develop it as a package outside of keystone and install it and it will load that to02:49
*** buzztroll has quit IRC02:49
*** stevemar has quit IRC02:51
jamielennoxall hail Steap_ keystoneclient's first pass of the py33 gate: https://review.openstack.org/#/c/72661/02:51
*** dperaza has joined #openstack-dev02:51
jamielennoxbknudson, morganfainberg, gyee, dolphm: ^^02:52
morganfainbergjamielennox, wooooooooo02:52
morganfainbergjamielennox, guess that means we need to make the py33 gate for keystoneclient voting02:53
morganfainbergjamielennox, (once that merges)02:53
jamielennoxmorganfainberg, asap02:53
jamielennoxi'm pretty sure he's on it02:54
*** Mandell has quit IRC02:54
*** cagrev has quit IRC02:54
*** achampion has quit IRC02:56
*** xarses has joined #openstack-dev02:56
morganfainbergjamielennox, looks like changing it here: https://github.com/openstack-infra/config/blob/master/modules/openstack_project/files/zuul/layout.yaml#L441 and adding python-keystonecleint-33 to the gate block https://github.com/openstack-infra/config/blob/master/modules/openstack_project/files/zuul/layout.yaml#L1308 should do it02:56
*** ijw_ has joined #openstack-dev02:57
jamielennoxmorganfainberg: he must be offline, i asked if he said he knows how and so i think we give him the honours02:57
morganfainbergjamielennox, oh totaly fine with him doing so02:58
morganfainbergjamielennox, just was looking to see what would do it :)02:58
jamielennoxmorganfainberg: anyway very excited for that change02:58
morganfainberg:)02:58
jamielennoxsick of having to remember to do six02:58
morganfainberglol02:58
morganfainbergyou'll still need to remember02:58
*** anniec has quit IRC02:58
*** ijw has quit IRC02:59
*** arnaud__ has quit IRC03:00
*** henrynash has joined #openstack-dev03:00
*** anniec has joined #openstack-dev03:03
*** tsekiyama has joined #openstack-dev03:04
*** arnaud__ has joined #openstack-dev03:05
*** godara_ has quit IRC03:07
*** ramishra has joined #openstack-dev03:08
*** tsekiyama has quit IRC03:08
*** sarob has joined #openstack-dev03:09
*** ykhodork has joined #openstack-dev03:09
*** marcoemorais has joined #openstack-dev03:12
*** ramishra has quit IRC03:13
*** gokrokve has joined #openstack-dev03:14
*** marcoemorais1 has joined #openstack-dev03:14
*** sarob has quit IRC03:16
*** marcoemorais has quit IRC03:16
*** annegentleweb has joined #openstack-dev03:17
*** rcleere has joined #openstack-dev03:17
*** sarob has joined #openstack-dev03:19
*** MaxV has joined #openstack-dev03:20
*** galstrom is now known as galstrom_zzz03:21
*** paragan has joined #openstack-dev03:21
*** paragan has quit IRC03:21
*** paragan has joined #openstack-dev03:21
*** achampion has joined #openstack-dev03:22
*** rraja has joined #openstack-dev03:23
*** praneshp has quit IRC03:23
*** sarob has quit IRC03:24
*** MaxV has quit IRC03:24
*** mlegault has joined #openstack-dev03:26
*** wchrisj|away is now known as chris_johnson03:26
*** annegentleweb has quit IRC03:26
*** chris_johnson has quit IRC03:27
*** mlegault_ has joined #openstack-dev03:27
*** CaptTofu has quit IRC03:31
*** mlegault has quit IRC03:31
*** jmontemayor has joined #openstack-dev03:31
*** arnaud__ has quit IRC03:31
*** arnaud has quit IRC03:31
*** galstrom_zzz is now known as galstrom03:32
*** byeager has joined #openstack-dev03:34
*** mlegault_ has quit IRC03:35
*** hdd_ has joined #openstack-dev03:36
*** matsuhas_ has quit IRC03:39
*** amerine_ has joined #openstack-dev03:40
*** amerine has quit IRC03:40
*** aditirav has joined #openstack-dev03:43
*** mgagne has joined #openstack-dev03:43
*** enykeev has joined #openstack-dev03:45
*** mikeoutland has joined #openstack-dev03:50
*** chandan_kumar has joined #openstack-dev03:51
*** baoli has joined #openstack-dev03:53
*** mgagne1 has joined #openstack-dev03:53
*** doug_shelley66 has quit IRC03:54
*** ykhodork has quit IRC03:54
*** buzztroll has joined #openstack-dev03:54
*** mgagne has quit IRC03:56
*** markmcclain has joined #openstack-dev03:56
*** praneshp has joined #openstack-dev03:56
*** ssurana has joined #openstack-dev03:56
*** markmcclain has quit IRC03:57
*** yamahata has quit IRC03:59
*** buzztroll has quit IRC03:59
*** dperaza has quit IRC03:59
*** dkehn__ has joined #openstack-dev04:00
*** rraja has quit IRC04:01
*** mgagne has joined #openstack-dev04:01
*** baoli has quit IRC04:01
*** mgagne1 has quit IRC04:03
*** dkehn_ has quit IRC04:03
*** arborism has joined #openstack-dev04:04
*** changbl has joined #openstack-dev04:04
*** yamahata has joined #openstack-dev04:05
*** amcrn_ has joined #openstack-dev04:05
Steap_jamielennox: thanks for letting me commit the last patch :)04:07
*** byeager has quit IRC04:07
*** galstrom is now known as galstrom_zzz04:07
Steap_https://review.openstack.org/#/c/72831/04:07
jamielennoxSteap_: was nothing, just preventing morganfainberg getting to excited04:08
Steap_hehe04:08
*** byeager has joined #openstack-dev04:08
*** amcrn_ is now known as amcrn04:08
*** tanisdl has joined #openstack-dev04:08
jamielennoxSteap_: i have no idea of how infra works though so i won't vote on it04:08
morganfainbergSteap_. you want to revise that patch, make the "voting" line say true, and then add it like you did on 130804:08
Steap_jamielennox: morganfainberg of the line is removed, isn't it true by default ?04:09
morganfainbergSteap_, afaict you removed the "template" for the python-keystoneclient-py33 gate04:09
morganfainbergSteap_, hm. maybe04:09
*** arborism has quit IRC04:09
morganfainbergSteap_, let me look at that.04:09
Steap_git grep "voting: true"04:09
Steap_returns nothing04:09
morganfainberghehe04:09
morganfainbergok then04:09
morganfainberg:)04:09
morganfainbergyou did more research than i did!04:09
morganfainbergSteap_, but in either case, bravo on the py33 work!!04:09
Steap_morganfainberg: no problem04:09
Steap_morganfainberg: I was asking jamielennox in private earlier, but we might as well talk about this here04:10
Steap_Many clients depend on keystoneclient, so I currently can't make them work with Python304:10
morganfainbergSteap_, oh no, what have i done, i proved i was alive and paying attention >.>04:10
morganfainbergSteap_, sure.04:11
Steap_morganfainberg: do you think keystoneclient could have one more release a bit before IceHouse ?04:11
jamielennoxWTF glanceclient - still using httplib!04:11
jamielennoxsorry, carry on04:11
Steap_that'd leave me enough time to port some of the other clients04:11
morganfainbergSteap_, ideally, yes.  and likely we absolutely want it if revocation events get added into auth_token04:11
Steap_(for instance, the only blocker for the Ceilometerclient is keystoneclient)04:11
Steap_morganfainberg: ok04:12
morganfainbergSteap_, but i wouldn't see an issue (though dolphm may say otherwise) on getting a keystoneclient out now and then one closer to Icehouse landing04:12
Steap_ok04:12
Steap_Should I open a bug report so that everyone has time to discuss this ?04:12
*** dkehn__ is now known as dkehn_04:12
jamielennoxmorganfainberg: i have some patches around auth_plugins i'm not sure would be breaking04:12
morganfainbergjamielennox, merged?04:13
jamielennoxmorganfainberg: no but not far i think04:13
morganfainbergjamielennox, or pending? or... ?04:13
morganfainbergjamielennox, ah, maybe get this released before that work?04:13
jamielennoxi was thinking i had some more time with this release because we just did one04:13
jamielennoxmorganfainberg: yea not sure04:13
jamielennoxmorganfainberg: just have to see what i can support in future04:13
morganfainbergjamielennox, likely we can call this a minor point release since it's really for the py33 stuff04:14
jamielennoxmorganfainberg: i don't think that makes a difference for api04:14
morganfainbergjamielennox, fair enough04:14
*** galstrom_zzz is now known as galstrom04:15
morganfainbergjamielennox, i'd advocate for an extra release wedged in here if this really is the only blocker for some other py33 work getting into icehouse04:15
jamielennoxmorganfainberg: yea i agree py33 is worth messing around with the tree a bit04:15
Steap_morganfainberg: well, maybe not the only one, but it's a blocker for mostclients :)04:15
jamielennoxeven if i have to revert a patch or two then put it back after04:15
morganfainbergSteap_, sure sure. but yes not blocking is good04:16
morganfainbergjamielennox, might be worth it.04:16
morganfainbergjamielennox, prob should poke at dolphm tomorrow and discuss it04:16
*** ssurana has quit IRC04:16
jamielennoxyep04:16
morganfainbergsimilarly see about KDS.04:16
morganfainbergcause i really think we need to split that off04:16
morganfainbergjamielennox, will massively ease up a number of things that way04:17
morganfainbergtesting, etc04:17
*** godara has joined #openstack-dev04:18
*** ssurana has joined #openstack-dev04:19
*** SumitNaiksatam has joined #openstack-dev04:20
*** MaxV has joined #openstack-dev04:21
*** alop has joined #openstack-dev04:22
*** MaxV has quit IRC04:25
*** ssurana has quit IRC04:26
*** ssurana has joined #openstack-dev04:26
*** anniec has quit IRC04:27
*** ssurana has quit IRC04:28
*** byeager has quit IRC04:28
*** ssurana has joined #openstack-dev04:28
*** morazi has joined #openstack-dev04:31
*** jay-lau-513 has joined #openstack-dev04:33
*** killer_prince has joined #openstack-dev04:33
*** aeperezt has quit IRC04:34
*** mikeoutland has quit IRC04:34
*** mikeoutland has joined #openstack-dev04:35
*** schwicht has quit IRC04:35
*** Mandell has joined #openstack-dev04:36
*** jmontemayor has quit IRC04:37
*** lcheng_ has joined #openstack-dev04:38
*** ssurana has left #openstack-dev04:40
lbragstadjamielennox: got rid of ['media-types'] right?04:41
lbragstadjust looking through your new patch04:41
jamielennoxlbragstad: just then04:41
lbragstadok04:41
morganfainberglbragstad, DOH! i can't believe i missed Memcached vs memcached (again)04:41
lbragstad:)04:41
morganfainberglbragstad, thanks for the comment, brains a little fried04:41
morganfainberglbragstad, https://review.openstack.org/#/c/72808/ - that fried my brain quite a bit :(04:41
lbragstadmorganfainberg: it happnes... took me five patch sets to get my commit message right last night04:41
morganfainbergheh04:42
morganfainbergouch04:42
morganfainberg:(04:42
* morganfainberg doesn't envy that04:42
lbragstadmorganfainberg: you got that to work!04:42
*** AlanClark has quit IRC04:42
morganfainbergso i think i have a change, jamielennox that would add the KDS repo and hook in all the relevant stuff04:42
morganfainbergjamielennox, i'll ping dolph tomorrow before submitting it04:42
lbragstadI ended up getting a little swamped this week but I wanted to get back to the, I had a change up for that too.04:43
morganfainberglbragstad, yesh, yesh i did.  was a pain to add all the help lines for it to our config04:43
jamielennoxmorganfainberg: oh? ok - sounds good04:43
lbragstadmorganfainberg: for some reason I couldn't get it to generate the options in keystone/common/config.py but I didn't have much time04:43
morganfainberglbragstad, the hardest part was the stuff dhellmann_ was awesome about and so i got it to work similar to how oslo.messaging does by using pbr and all that04:43
*** harlowja is now known as harlowja_away04:44
morganfainberglbragstad, yeah look at the setup.cfg and the change to keystone.common.config (bottom) to see what i did04:44
morganfainbergoh and the oslo.config.generator.rc in tools/config04:44
lbragstadoh... yeah... that makes sense04:45
lbragstadthis is awesome, Brant and I have been talking about doing this04:45
morganfainbergcould do it differently, but that was the path of least resistance04:45
morganfainbergand.. makes oslo sync much easier to chace options down.  it also shows we might want to trim down the openstack.common modules :P04:45
lbragstadnot that it probably matters, but giving you credit here and pointing to your change: https://review.openstack.org/#/c/67595/04:46
*** jkoelker has quit IRC04:47
*** jkoelker has joined #openstack-dev04:47
morganfainberglbragstad, oh hehe didn't even see it04:48
lbragstadit was WIP for a while04:48
*** tanisdl has quit IRC04:48
morganfainberglbragstad aghh04:48
morganfainbergahh*04:48
morganfainberglbragstad, and i am working on solving the KDS issue ;)04:48
morganfainbergissue being that it should be in it's own repo :)04:49
jamielennoxmorganfainberg, lbragstad: i'm working on some discovery stuff and would like some opinions if you have a sec04:49
lbragstadso, qq on https://review.openstack.org/#/c/72808/3/etc/keystone.conf.sample04:49
lbragstadjamielennox: sure, same patch as the media-types one?04:49
jamielennoxlbragstad: completely unrelated04:50
lbragstadahh04:50
lbragstadmorganfainberg: line 38 from the old sample config, there is a note from dolphm isn't that something that should move to oslo?04:50
morganfainbergjamielennox, i knew i should have stayed quiet.04:50
*** nacim has joined #openstack-dev04:50
jamielennoxgiven what we know about keystone auth, and ignoring the client that we have what does a good auth system look like04:50
jamielennoxi've been thinking on it for a while but i'm stuck on bridging the v2/v3 apis in an obvious way04:51
morganfainberglbragstad, uhm.04:51
* lbragstad digs... 04:51
lbragstadI had this thought out before04:51
lbragstadI can't remember where I put it04:51
morganfainberglbragstad, could add that in the help text.04:51
lbragstad++04:52
lbragstadjust so we don't lose the note for now04:52
morganfainberglbragstad, if you think it's important to capture, please comment (point it out in the config.py stuff)04:52
*** matsuhashi has joined #openstack-dev04:52
morganfainberglbragstad, i am not going to push anothe rpatchset for that tonight, want to circle back w/ bknudson, ayoung, dolphm etc and see if we _Really_ want this now04:52
lbragstadyeah, good idea.04:53
lbragstadmorganfainberg: thinking early J for that?04:53
jamielennoxmorganfainberg: early J might be a good idea04:53
morganfainberglbragstad, i'd like it now, but honestly, it might just be a bit of a bear04:53
*** rraja has joined #openstack-dev04:53
jamielennoxlets us trim down the config options before we do a release04:53
morganfainberglbragstad, it would be really really good to not having to manage the config sample anymore before the release04:54
morganfainberglbragstad, but it might go for J instead.04:54
morganfainbergjamielennox, so. back to auth04:54
jamielennoxmorganfainberg: :)04:54
*** markwash has joined #openstack-dev04:55
jamielennoxSo i'm pretty sure 1 plugin per auth method is the right way to do it04:55
morganfainbergjamielennox, i would say yes04:55
*** henrynash has quit IRC04:55
jamielennoxand there is enough of an overlap between all v2 plugins  and all v3 plugins that i can somewhat group them together04:55
jamielennoxnot that i tthink that's necessarily a good idea04:56
*** armax has joined #openstack-dev04:56
*** armax has quit IRC04:56
morganfainberglbragstad, that option, i think comes from oslo-incubator. and therefore we can't add to the help string. ion keystone04:56
jamielennoxbut there are fundamental differences between v2 and v3 that i've no idea if it's possible to get over that04:56
morganfainbergjamielennox, no, i'd make V2 and V3 plugins separate...04:56
morganfainbergjamielennox, actually, i'd make V2 a single plugin.04:57
morganfainbergjamielennox, and V3 can be split up04:57
morganfainbergjamielennox, v2 is dead in K.04:57
jamielennoxmorganfainberg: well i did v2 anyway because it was trivial04:57
lbragstadmorganfainberg: yep in openstack/common/policy.py04:57
jamielennoxI'm just not sure what the CLI interaction is for example04:57
morganfainbergjamielennox, I'd say keep v2 completly separate, just let V2 live isolated from v3 if at all possible04:57
lbragstadthat is where it's registered, so moving that to [policy] section will break policy.py04:57
jamielennoxi don't think you should have to say v2 or v3 auth04:57
jamielennoxmorganfainberg: ++04:58
*** lcheng_ has quit IRC04:58
morganfainbergjamielennox, i think you should default to the highest supported version and allow the cli to say --version-204:58
morganfainbergjamielennox, you are doing discovery, right?04:58
morganfainbergjamielennox, (that was rhetorical)04:58
morganfainbergjamielennox, so if the client can do V3 and V3 is available, do v3 unless told otherwise04:58
morganfainbergjamielennox, so if you want V2 auth, you would need to specify it, since it is not the highest "Stable" api04:59
jamielennoxok, so maybe another question, how do you ask for a version04:59
morganfainbergjamielennox, rephrase, default to highest stable.04:59
morganfainbergjamielennox, ask keystone, right?04:59
jamielennoxhmm, not really04:59
*** nacim has quit IRC04:59
morganfainbergjamielennox, we say what the highest stable version the server supports is.04:59
morganfainbergjamielennox, on /04:59
jamielennoxmorganfainberg: yea, the problem is the bootstrapping05:00
morganfainbergjamielennox, could you leverage that?05:00
jamielennoxonce i've got a service catalog it's fine05:00
morganfainbergjamielennox, same rules apply05:00
jamielennoxbut what does a good interaction with the initial discover look like05:00
morganfainbergjamielennox, ask the server for versions, ask the same server for catalog/auth/whatever is needed05:00
morganfainbergjamielennox, AUTH_URL would point at like http://keystone:35357/05:01
morganfainbergthat would return "i talk V2, V3, V4, V4.5"05:01
morganfainbergor some such05:01
morganfainbergv4 is not stable, v3 is, v2 is stable05:01
jamielennoxright i've kind of got that alreday05:01
morganfainbergv3 is highest stable, so ask the same server v3 auth05:01
morganfainbergand/or catalog etc05:01
*** edmund has quit IRC05:01
* morganfainberg makes mental note that being able to use srv records in dns would be super cool05:02
morganfainberginstead of AUTH_URL env var, et al05:02
jamielennoxdns has up before05:02
jamielennoxhas come up before05:02
morganfainbergi'd like to support it in general05:02
morganfainbergbut not make it the only way to do it05:02
morganfainbergbut ehh.05:02
morganfainbergmoving on05:02
*** kbrierly has quit IRC05:03
morganfainbergif AUTH_URL is http://keystone:37257/v2.0/....05:03
*** mikeoutland has quit IRC05:03
morganfainbergi mean.. huh05:03
*** galstrom is now known as galstrom_zzz05:03
morganfainbergyou need a way to say don't discover05:04
*** zul has joined #openstack-dev05:04
morganfainbergand you need a way to say "use something besides latest stable"05:04
jamielennoxmorganfainberg: so like https://etherpad.openstack.org/p/version-discover05:04
morganfainbergsure05:04
jamielennoxit just seems a bit too low level05:04
morganfainbergmaybe sec.05:05
*** kushal has joined #openstack-dev05:05
*** morazi has quit IRC05:05
morganfainbergmaybe like that?05:06
morganfainbergor similar?05:06
jamielennoxwhat does newest_stable return though/ a string?05:07
morganfainbergi'd make it a factory05:07
jamielennoxok, so the problem is somewhat that we don't want to make a client05:07
jamielennoxthe discovery that i've implemented kind of does that - it was a partial mistake05:08
*** yuan has quit IRC05:08
*** godara has quit IRC05:08
jamielennoxthe very first thing we need to do is create an auth mechanism05:08
morganfainbergsure05:08
*** zul has quit IRC05:08
morganfainbergit could be a stubby factory that has the V3 or V2 or whatever magic logic is needed to move beyond the auth method05:08
jamielennoxso the factory concept is a bit more difficult in that case because auth mechanisms are a variety of plugins05:08
morganfainbergit's not really a client, it's the auth_object05:09
morganfainbergthe factory could then load/manage the auth_plugin side05:09
*** gokrokve has quit IRC05:09
morganfainbergthe way i see it is auth_object is then applied to the client.05:10
morganfainbergso this first step is getting the auth_object and all stuff along with it.05:10
jamielennoxright that's pretty much what i'm going for05:10
morganfainbergit's then wrapped into the client when you create your client object05:10
jamielennoxbut there are two types of question then05:10
*** ramishra has joined #openstack-dev05:10
morganfainbergthe stubby auth thing (in my semi-fried brain) should handle the auth_plugin stuff05:11
*** galstrom_zzz is now known as galstrom05:11
jamielennoxthree: what is the most recent version, is this version supported, give me the factory to create aut for this05:11
morganfainbergthe client wont care, it knows what the auth entry point is.05:11
morganfainbergjamielennox, sure that seems correct.05:11
jamielennoxmy brain is fried too, concert last night followed by early morning meeting means not at my best05:11
lbragstadjamielennox: nice, good show?05:12
jamielennoxthe national, yea they were good05:12
morganfainbergjamielennox, if the discover object is always responsible for discovery, in all ways, you can ask the first two questions easily05:12
jamielennoxright05:12
jamielennoxI'm not sure to the extent we are supporting this factory method for auth05:13
morganfainbergjamielennox, perhaps discovery and auth are really one thing05:13
*** cadenzajon has joined #openstack-dev05:13
*** sarob has joined #openstack-dev05:13
jamielennoxi've had it there mostly for the CLI and CONF cases05:13
jamielennoxmorganfainberg: i don't think so, because auth can take on so many forms05:14
morganfainbergjamielennox, ok.05:14
jamielennoxbesides i prefer the idea of making primatives and then combining them into higher level interfaces05:14
morganfainbergjamielennox, ++05:14
jamielennoxif you need to use the primatives they are there05:14
*** galstrom is now known as galstrom_zzz05:15
morganfainbergjamielennox, yeah, brain is ... not here05:15
morganfainbergi looked at auto generating config stuff today...and wrote help strings05:15
morganfainbergwell.. copy/pasted/reformatted05:15
morganfainberg:P05:15
jamielennoxthat's not easy, i looked through that conf generation before05:16
jamielennoxactually i filed a bug for it against keystone ages ago05:16
jamielennoxyou might close that one05:16
morganfainbergit would be a lot easier if we did config registering on import05:16
morganfainbergjamielennox, i'll chase it down when i talk w/ brant et al tomorrow05:16
*** gokrokve has joined #openstack-dev05:17
*** morazi has joined #openstack-dev05:17
morganfainbergjamielennox, in either case, i kindof think it's an auth factory... but that sjust the construct i can come up with at this point05:17
jamielennoxyea, v2 can have a factory, v3 can have a factory05:17
jamielennoxi can't come up with a good way to have a v2 or v3 factory05:17
morganfainbergauth_module.<version>_factory()05:18
morganfainbergit's a simple way to know if you support that API version.  the method exists05:18
*** cadenzajon has quit IRC05:18
*** sarob has quit IRC05:19
jamielennoxi meant more something that could take parameters and try v2 and v3 optimistically, there are too many possible plugins05:19
morganfainbergnah05:19
morganfainbergjamielennox, either it's a specified version, or latest stable05:19
*** zaitcev has joined #openstack-dev05:19
jamielennoxmorganfainberg: right but latest_stable is not so easy, there is too much difference between api versions05:19
jamielennoxif you get a v3 when you thought latest was v2 it simply won't work05:20
morganfainbergjamielennox, ok ok, maybe it's latest stable _i_ support05:20
jamielennoxi assume v4 will one day have the same problem05:20
*** buzztroll has joined #openstack-dev05:20
morganfainbergdiscover, get_lastest_stable([my,options,])05:20
jamielennoxmorganfainberg: yea it's options like that i've been circling i just can't see one that feels right05:21
*** MaxV has joined #openstack-dev05:21
morganfainbergjamielennox, i think this is going to be a bite the bullet and go with a passable option05:22
jamielennoxmorganfainberg: yea, build the primitive for now, later something good might come up05:22
morganfainbergjamielennox, ++05:22
morganfainbergjamielennox, worst case, we add a new interface that is way cooler05:22
morganfainbergjamielennox, deprecate the old interface in the client, tell people to move.05:23
morganfainbergjamielennox, or keep the old one and when everyone has moved, it becomes "internal" since it's the primitive05:23
morganfainbergjamielennox, but def. start small, work up05:23
*** sarob has joined #openstack-dev05:23
jamielennoxmorganfainberg: yep05:24
jamielennoxmorganfainberg: cheers - i need to get off the computer for a bit let my head clear05:24
morganfainbergjamielennox, could i purchase a +2/+A on an easy review?05:24
morganfainbergjamielennox, https://review.openstack.org/#/c/70257/05:24
morganfainbergreally easy, just cleanup of files we don't use05:25
morganfainbergdiablo/essex05:25
*** mriedem has quit IRC05:25
morganfainbergjamielennox, :P05:25
morganfainbergjamielennox, if not no worries go clear your head :)05:25
*** MaxV has quit IRC05:27
jamielennoxmorganfainberg: we don't support the migration any longer?05:28
morganfainbergjamielennox, well i was also planning on smushing our migration files down05:28
*** sarob has quit IRC05:28
morganfainbergjamielennox, i don't see anything that references those files05:29
morganfainbergjamielennox, so not sure how they'd be used.05:29
jamielennoxmorganfainberg: although i guess it doesn't matter as you removed them with no impact on tests05:29
morganfainbergjamielennox, i think we stopped supporting the direct upgrade in H05:29
jamielennoxmorganfainberg: done05:29
morganfainbergjamielennox, cool.05:29
jamielennoxreturn the favour05:30
morganfainbergjamielennox, once this feature proposal stuff clears up i'll see if we can collapse down the migrations05:30
jamielennoxmorganfainberg: https://review.openstack.org/#/c/70634/05:30
morganfainbergjamielennox, sure05:30
jamielennoxnot quite as simple - but simple05:30
*** ramishra_ has joined #openstack-dev05:30
morganfainbergah curl debug stuff05:30
*** ramishra has quit IRC05:31
jamielennoxit was added in around the time i did the move to session and it got lost05:31
*** mohits has joined #openstack-dev05:31
*** nshaikh has joined #openstack-dev05:31
morganfainbergyeah05:31
morganfainberglooks good to me05:31
jamielennoxyea, once it passes tests and bk's sharp eyes i figure it's mostly home05:32
morganfainbergjamielennox, heeh05:33
*** otherwiseguy has quit IRC05:33
morganfainbergjamielennox, this one is straightforward05:33
morganfainbergwhen i was sick it look a lot out of me05:33
morganfainbergit's been tough getitng back to the point where i can sit down and review code05:34
morganfainbergjamielennox, anyways good night dude05:34
jamielennoxmorganfainberg: thanks for that, night05:34
*** irenab has joined #openstack-dev05:35
*** mgagne has quit IRC05:35
*** tkay has joined #openstack-dev05:35
*** gordc has quit IRC05:39
*** rohitk has joined #openstack-dev05:40
*** mgagne has joined #openstack-dev05:41
*** kobier has joined #openstack-dev05:41
*** garyk has quit IRC05:41
*** nosnos_ has joined #openstack-dev05:43
*** nosnos_ has quit IRC05:44
*** nosnos_ has joined #openstack-dev05:44
*** marcoemorais1 has quit IRC05:44
*** DinaBelova_ is now known as DinaBelova05:45
*** nosnos has quit IRC05:46
*** doug_shelley66 has joined #openstack-dev05:49
*** yuan has joined #openstack-dev05:52
*** doug_shelley66 has quit IRC05:53
*** jamielennox is now known as jamielennox|away05:55
*** yuan has quit IRC05:56
*** anniec has joined #openstack-dev06:02
*** bhuvan has joined #openstack-dev06:03
*** saju_m has joined #openstack-dev06:03
*** nosnos_ has quit IRC06:04
*** nosnos has joined #openstack-dev06:04
*** gokrokve has quit IRC06:04
*** arosen has joined #openstack-dev06:05
*** anniec_ has joined #openstack-dev06:05
*** anniec has quit IRC06:06
*** anniec_ is now known as anniec06:06
*** sarob has joined #openstack-dev06:07
*** zaitcev has quit IRC06:07
*** e0ne has joined #openstack-dev06:08
*** e0ne has quit IRC06:09
*** morganfainberg is now known as morganfainberg_Z06:12
*** jaypipes has quit IRC06:12
*** dkehn__ has joined #openstack-dev06:14
*** jaypipes has joined #openstack-dev06:15
*** dkehn__ has quit IRC06:16
*** dkehn__ has joined #openstack-dev06:17
*** dkehn_ has quit IRC06:17
*** MaxV has joined #openstack-dev06:24
*** ykhodork has joined #openstack-dev06:26
*** MaxV has quit IRC06:28
*** yolanda has joined #openstack-dev06:32
*** lifeless has quit IRC06:34
*** gokrokve has joined #openstack-dev06:35
*** irenab has quit IRC06:35
*** denis_makogon has joined #openstack-dev06:35
*** dkehn_ has joined #openstack-dev06:36
*** yeylon__ has quit IRC06:36
*** gokrokve_ has joined #openstack-dev06:37
*** dkehn__ has quit IRC06:39
*** rdas has joined #openstack-dev06:40
*** gokrokve has quit IRC06:40
*** max_lobur_afk has quit IRC06:40
*** aditirav has quit IRC06:40
*** max_lobur_afk has joined #openstack-dev06:41
*** neeti has joined #openstack-dev06:41
*** rraja has quit IRC06:41
*** aditirav has joined #openstack-dev06:41
*** diakunchikov has quit IRC06:41
*** diakunchikov has joined #openstack-dev06:41
*** anniec has quit IRC06:41
*** romcheg has quit IRC06:42
*** gokrokve_ has quit IRC06:42
*** markwash has quit IRC06:42
*** romcheg has joined #openstack-dev06:42
*** arosen has quit IRC06:43
*** dshulyak has quit IRC06:44
*** andreykurilin has quit IRC06:44
*** max_lobur_afk has quit IRC06:44
*** bogdando has quit IRC06:44
*** diakunchikov has quit IRC06:44
*** romcheg has quit IRC06:44
*** mikeoutland has joined #openstack-dev06:44
*** max_lobur_afk has joined #openstack-dev06:44
*** max_lobur_afk has quit IRC06:45
*** diakunchikov has joined #openstack-dev06:45
*** bogdando has joined #openstack-dev06:45
*** max_lobur_afk has joined #openstack-dev06:45
*** romcheg has joined #openstack-dev06:45
*** dshulyak has joined #openstack-dev06:45
*** garyk has joined #openstack-dev06:46
*** sarob has quit IRC06:47
*** sarob has joined #openstack-dev06:48
*** vartom1111111111 has joined #openstack-dev06:48
*** zoresvit1 has joined #openstack-dev06:51
*** zoresvit has quit IRC06:52
*** tdruiva has quit IRC06:52
*** sarob has quit IRC06:53
*** aditirav has quit IRC06:53
*** cnesa has joined #openstack-dev06:54
*** aditirav has joined #openstack-dev06:56
*** pradeep1 has joined #openstack-dev06:57
*** erkules_ is now known as erkules06:58
*** pradeep has quit IRC06:58
*** hdd_ has quit IRC06:59
*** rraja has joined #openstack-dev06:59
*** tkammer has joined #openstack-dev07:00
*** gokrokve has joined #openstack-dev07:00
*** eglynn has joined #openstack-dev07:01
*** dkehn__ has joined #openstack-dev07:01
*** andreykurilin has joined #openstack-dev07:01
*** dkehn_ has quit IRC07:04
*** ramishra_ has quit IRC07:04
*** MaxV has joined #openstack-dev07:04
*** nspmangalore has joined #openstack-dev07:05
*** gokrokve has quit IRC07:05
*** jtomasek has joined #openstack-dev07:07
nspmangalorehi.. I'm trying to understand what the client_timeout parameter actually means07:09
nspmangaloreFeb 12 12:30:49 ubuntuvm proxy-server: ERROR Client read timeout (60s) (txn: tx4146422d6b5e4262b8834-0052fb1bcc) (client_ip: 172.16.10.79)07:09
*** eglynn has quit IRC07:09
nspmangalorethis is different from node_timeout parameter, right?07:09
*** ramishra has joined #openstack-dev07:13
*** Drankis has joined #openstack-dev07:13
*** aswadrangnekar has joined #openstack-dev07:13
*** buzztroll has quit IRC07:14
*** buzztroll has joined #openstack-dev07:14
*** mkollaro has joined #openstack-dev07:16
*** athomas has joined #openstack-dev07:17
*** sarob has joined #openstack-dev07:18
*** rmk has joined #openstack-dev07:18
*** garyk has quit IRC07:18
*** buzztroll has quit IRC07:19
*** mikeoutland has quit IRC07:20
*** cfriesen has quit IRC07:20
*** coolsvap has joined #openstack-dev07:21
*** tkay has quit IRC07:21
*** aditirav has quit IRC07:22
*** sarob has quit IRC07:24
*** eglynn has joined #openstack-dev07:25
*** coolsvap1 has joined #openstack-dev07:26
*** tkay has joined #openstack-dev07:26
*** coolsvap has quit IRC07:28
*** tkay has quit IRC07:29
*** cnesa has quit IRC07:30
*** amuller has joined #openstack-dev07:30
*** aditirav has joined #openstack-dev07:30
*** eglynn has quit IRC07:32
*** MaxV has quit IRC07:33
*** tkay has joined #openstack-dev07:33
*** sushil_ has joined #openstack-dev07:33
*** jhesketh__ has quit IRC07:34
*** abhirc_ has quit IRC07:34
*** jhesketh__ has joined #openstack-dev07:34
*** Ursinha is now known as Ursinha-afk07:34
*** AlexF has joined #openstack-dev07:36
*** coolsvap1 has quit IRC07:36
*** coolsvap has joined #openstack-dev07:36
*** gnorth has joined #openstack-dev07:38
*** sushil_ has quit IRC07:38
*** cnesa has joined #openstack-dev07:38
*** sushil_ has joined #openstack-dev07:39
*** geraint2 has joined #openstack-dev07:44
*** gnorth has quit IRC07:45
*** corXi has joined #openstack-dev07:46
*** Ursinha-afk is now known as Ursinha07:46
*** flaper87|afk is now known as flaper8707:47
*** eglynn has joined #openstack-dev07:47
*** e0ne has joined #openstack-dev07:53
*** ykhodork has quit IRC07:53
*** mohits has quit IRC07:53
*** jprovazn has joined #openstack-dev07:55
*** evgenyf has joined #openstack-dev07:55
*** rohitk has quit IRC07:55
*** rohitk_ has joined #openstack-dev07:56
*** bhuvan has quit IRC07:57
*** gokrokve has joined #openstack-dev08:00
*** marekd|away is now known as marekd08:03
*** rohitk_ has quit IRC08:03
*** gokrokve has quit IRC08:05
*** ykhodork has joined #openstack-dev08:06
*** YorikSar has quit IRC08:06
*** YorikSar has joined #openstack-dev08:06
*** amotoki has joined #openstack-dev08:06
*** eglynn has quit IRC08:07
*** YorikSar has quit IRC08:07
*** YorikSar has joined #openstack-dev08:07
*** arosen has joined #openstack-dev08:07
*** YorikSar has quit IRC08:08
*** YorikSar has joined #openstack-dev08:08
*** AlexF has quit IRC08:10
*** avishay has quit IRC08:10
*** tkay has quit IRC08:10
*** bauzas has joined #openstack-dev08:12
*** avishay has joined #openstack-dev08:12
*** nmagnezi has joined #openstack-dev08:12
*** jcoufal has joined #openstack-dev08:13
*** bhuvan has joined #openstack-dev08:14
*** jamieh has joined #openstack-dev08:15
*** devoid has quit IRC08:15
*** romcheg1 has joined #openstack-dev08:16
*** julienvey_ has joined #openstack-dev08:17
*** rohitk_ has joined #openstack-dev08:17
*** xga has joined #openstack-dev08:19
*** sarob has joined #openstack-dev08:19
*** rraja has quit IRC08:21
*** dkehn_ has joined #openstack-dev08:24
*** sarob has quit IRC08:24
*** zoresvit1 has quit IRC08:24
*** buzztroll has joined #openstack-dev08:25
*** dkehn_ has quit IRC08:26
*** dkehn_ has joined #openstack-dev08:26
*** dkehn__ has quit IRC08:27
*** yeylon__ has joined #openstack-dev08:27
*** mrunge has joined #openstack-dev08:28
*** salv-orlando has joined #openstack-dev08:29
*** buzztroll has quit IRC08:29
*** xga_ has joined #openstack-dev08:29
*** boris-42_ has joined #openstack-dev08:30
*** pschaef has joined #openstack-dev08:31
*** xgsa has joined #openstack-dev08:32
*** bhuvan has quit IRC08:32
*** xga has quit IRC08:32
*** praneshp has quit IRC08:33
*** eglynn has joined #openstack-dev08:34
*** viktors has joined #openstack-dev08:34
*** gszasz has joined #openstack-dev08:35
*** sahid has joined #openstack-dev08:36
*** ala has joined #openstack-dev08:36
*** zhikunliu has quit IRC08:36
*** geraint2 has quit IRC08:38
*** ijw_ has quit IRC08:41
*** nmagnezi has quit IRC08:42
*** jordanP has joined #openstack-dev08:43
*** AnilV4 has joined #openstack-dev08:44
*** I159 has joined #openstack-dev08:44
*** AnilV4 has quit IRC08:44
*** AnilV4 has joined #openstack-dev08:45
*** iartarisi has joined #openstack-dev08:47
*** MaxV has joined #openstack-dev08:49
*** nacim has joined #openstack-dev08:50
*** nmagnezi has joined #openstack-dev08:51
*** nacim has quit IRC08:51
*** mmagr has joined #openstack-dev08:51
*** nacim has joined #openstack-dev08:53
*** gimps has quit IRC08:54
LexisHello everyone08:56
LexisI was looking at updating OpenStack vRouter to a commercial one08:57
Lexisto that extend, would you recommend developing a Neutron Plugin08:57
*** bvandenh has joined #openstack-dev08:58
Lexisor update the commercial vRouter to accept calls directly from Neutron ?08:58
*** coolsvap1 has joined #openstack-dev08:59
*** gokrokve has joined #openstack-dev09:00
*** florentflament has joined #openstack-dev09:00
*** coolsvap has quit IRC09:01
*** ifarkas has joined #openstack-dev09:02
*** Clabbe has quit IRC09:03
*** avishayb has joined #openstack-dev09:03
*** jistr has joined #openstack-dev09:04
*** jistr is now known as jistr|sick09:04
*** xchu has joined #openstack-dev09:04
*** ykhodork has quit IRC09:05
*** gokrokve has quit IRC09:05
*** ala has quit IRC09:05
*** ijw has joined #openstack-dev09:06
*** amuller has quit IRC09:06
*** amuller_ has joined #openstack-dev09:06
*** zzelle has joined #openstack-dev09:06
*** dtantsur has joined #openstack-dev09:06
*** ykhodork has joined #openstack-dev09:06
*** jpich has joined #openstack-dev09:06
*** afazekas has joined #openstack-dev09:07
*** gcha has joined #openstack-dev09:07
*** pixelb has joined #openstack-dev09:08
*** afazekas is now known as afazekas|sick09:08
*** ykhodork has quit IRC09:08
*** sarob has joined #openstack-dev09:08
*** jordanP has quit IRC09:09
*** ygbo has joined #openstack-dev09:10
*** ala has joined #openstack-dev09:11
*** Clabbe has joined #openstack-dev09:11
*** ramishra has quit IRC09:13
*** sarob has quit IRC09:13
*** lucasagomes has joined #openstack-dev09:15
*** jordanP has joined #openstack-dev09:15
*** kosi has joined #openstack-dev09:16
*** yassine has joined #openstack-dev09:18
*** sarob has joined #openstack-dev09:19
*** e0ne has quit IRC09:20
*** e0ne has joined #openstack-dev09:21
*** sarob has quit IRC09:24
*** I159_ has joined #openstack-dev09:24
*** safchain has joined #openstack-dev09:25
*** garyk has joined #openstack-dev09:25
*** locke105 has quit IRC09:26
*** rohitk_ has quit IRC09:29
*** rohitk has joined #openstack-dev09:30
*** jcoufal has quit IRC09:30
*** andreaf has quit IRC09:30
*** jcoufal has joined #openstack-dev09:30
*** andreaf has joined #openstack-dev09:31
*** athomas has quit IRC09:36
*** ramishra has joined #openstack-dev09:37
*** mkollaro has quit IRC09:37
*** nagyz has joined #openstack-dev09:38
nagyzmorning09:38
nagyzone of my changes got merged by jenkins into the git repo, yet I don't see myself anywhere - neither in the notes (the commit has 0), nor at the author field in the message09:39
*** jckasper has quit IRC09:39
nagyzand this seems to be the case for the majority of people09:39
nagyzyet, some people's commits show up properly09:39
nagyzam I doing something wrong?09:39
*** DinaBelova is now known as DinaBelova_09:40
*** yaguang has quit IRC09:40
*** Drankis has quit IRC09:42
jpichnagyz: link?09:43
gilliardjust `git log` in any OS repo09:43
gilliardalmost all commits are by Jenkins.09:44
nagyzyes, but there are a lot which aren't09:44
nagyzhow come?09:44
nagyzjpich, this one for example: https://github.com/openstack/nova/commit/4b7401ccc6a1677b698538e1ba4f2a515630ac6709:44
*** jp_at_hp has joined #openstack-dev09:44
nagyzversus this one: https://github.com/openstack/nova/commit/58f5579630176c8b23c528b5c5e22b12e835436309:44
gilliardI have wondered about this too.09:45
*** irenab has joined #openstack-dev09:45
gilliardMy best guess is that the ones which don't have Jenkins as an author did not need merging in the gate.  I.E. the gate queue was empty when they were approved.09:46
gilliardI'd like to know for sure though...09:46
nagyzshall I open an infra bug? :-)09:46
nagyzbut someone here must have some clue09:46
jpichnagyz: The original commit usually shows at the date the patch is set to (e.g. https://github.com/openstack/nova/commit/efbef496dc17adc4e4187985d13bf815d0c254a1 ) for that first example, then Jenkins also creates a merge commit if needed09:47
nagyzhmm09:48
nagyzI see09:48
*** rraja has joined #openstack-dev09:48
*** amuller_ has quit IRC09:48
flaper87viktors: ping09:49
*** qba73 has joined #openstack-dev09:49
*** rpodolyaka has joined #openstack-dev09:51
viktorsflaper87: pong09:52
flaper87viktors: you're involved in oslo.db, aren't you?09:54
viktorsflaper87: yes, you right09:56
*** sushil_ has quit IRC09:56
*** sushil_ has joined #openstack-dev09:57
*** denis_makogon has quit IRC09:57
*** dperaza has joined #openstack-dev10:00
*** gokrokve has joined #openstack-dev10:00
*** sushil_ has quit IRC10:02
*** zzelle has quit IRC10:02
*** Steap_ has quit IRC10:03
*** dperaza has quit IRC10:04
*** Steap_ has joined #openstack-dev10:04
*** gokrokve has quit IRC10:05
*** ijw has quit IRC10:06
*** sweston has quit IRC10:08
*** rohitk_ has joined #openstack-dev10:09
*** markmc has joined #openstack-dev10:10
*** rohitk has quit IRC10:11
*** MaxV has quit IRC10:11
*** MaxV has joined #openstack-dev10:12
*** MaxV has quit IRC10:12
*** rossella_s has joined #openstack-dev10:12
*** ramishra has quit IRC10:14
*** sushil_ has joined #openstack-dev10:14
*** xga_ has quit IRC10:15
*** MaxV has joined #openstack-dev10:15
*** xga has joined #openstack-dev10:18
*** CaptTofu has joined #openstack-dev10:19
*** gszasz has quit IRC10:19
*** sarob has joined #openstack-dev10:19
*** MaxV has quit IRC10:20
*** rohitk_ is now known as rohitk10:21
*** xchu has quit IRC10:22
*** MaxV has joined #openstack-dev10:22
*** xqueralt has joined #openstack-dev10:24
*** danpb has joined #openstack-dev10:24
*** sarob has quit IRC10:24
*** xuhanp has quit IRC10:28
*** paragan has quit IRC10:29
*** MaxV has quit IRC10:31
*** kolesovdv has joined #openstack-dev10:32
*** schwicke has joined #openstack-dev10:32
*** schwicke has joined #openstack-dev10:33
*** schwicke has quit IRC10:33
*** martyntaylor has joined #openstack-dev10:33
*** martyntaylor has quit IRC10:33
*** CaptTofu has quit IRC10:40
*** amuller_ has joined #openstack-dev10:41
*** matsuhashi has quit IRC10:41
*** markmc has quit IRC10:43
*** gongysh has quit IRC10:44
*** evgenyf has quit IRC10:44
*** VINOD has joined #openstack-dev10:45
*** vartom1111111112 has joined #openstack-dev10:46
*** lbragstad_ has quit IRC10:46
*** rodrigods has joined #openstack-dev10:46
*** rodrigods has joined #openstack-dev10:46
*** lbragstad has quit IRC10:46
*** amuller_ has quit IRC10:47
*** markmc has joined #openstack-dev10:48
*** vartom1111111111 has quit IRC10:48
*** lbragstad_ has joined #openstack-dev10:49
*** lbragstad has joined #openstack-dev10:50
*** VINOD has quit IRC10:50
*** martyntaylor has joined #openstack-dev10:52
*** markmc has quit IRC10:53
*** evgenyf has joined #openstack-dev10:54
*** markmc has joined #openstack-dev10:57
*** saju_m has quit IRC10:57
*** jistr|sick has quit IRC10:57
*** gokrokve has joined #openstack-dev11:00
*** max_lobur_afk is now known as max_lobur11:03
*** CaptTofu has joined #openstack-dev11:04
*** gokrokve has quit IRC11:05
*** markmc has quit IRC11:06
*** samuelbercovici has joined #openstack-dev11:07
*** gszasz has joined #openstack-dev11:07
*** lbragstad has quit IRC11:07
*** lifeless has joined #openstack-dev11:07
*** lbragstad_ has quit IRC11:07
*** henrynash has joined #openstack-dev11:08
*** amcrn has quit IRC11:08
*** lbragstad_ has joined #openstack-dev11:09
*** lbragstad has joined #openstack-dev11:10
*** markmc has joined #openstack-dev11:12
*** YorikSar has quit IRC11:14
*** nmagnezi has quit IRC11:15
*** xga has quit IRC11:15
*** dperaza has joined #openstack-dev11:18
*** dkehn__ has joined #openstack-dev11:18
*** sarob has joined #openstack-dev11:19
*** amuller_ has joined #openstack-dev11:20
*** dkehn__ has quit IRC11:20
*** dkehn__ has joined #openstack-dev11:20
*** dkehn_ has quit IRC11:21
*** gcha has quit IRC11:21
*** amuller_ is now known as amuller11:22
*** rohitk has quit IRC11:23
*** bhuvan has joined #openstack-dev11:23
*** ArxCruz has joined #openstack-dev11:23
*** markmc has quit IRC11:23
*** sarob has quit IRC11:24
*** jruzicka has joined #openstack-dev11:24
*** YorikSar has joined #openstack-dev11:24
*** sahid has quit IRC11:24
*** kmartin has quit IRC11:26
*** branen has quit IRC11:26
*** markmc has joined #openstack-dev11:26
*** sahid has joined #openstack-dev11:27
*** YorikSar has quit IRC11:27
*** rohitk has joined #openstack-dev11:27
*** ala has quit IRC11:28
*** nebulta has joined #openstack-dev11:29
*** mdenny has quit IRC11:30
*** ilyashakhat has joined #openstack-dev11:30
*** amuller has quit IRC11:30
*** YorikSar has joined #openstack-dev11:30
*** YorikSar has quit IRC11:31
*** kosi has quit IRC11:32
*** YorikSar has joined #openstack-dev11:32
*** YorikSar has quit IRC11:33
*** YorikSar has joined #openstack-dev11:34
*** YorikSar has quit IRC11:34
*** bhuvan has quit IRC11:34
*** YorikSar has joined #openstack-dev11:34
*** YorikSar has quit IRC11:35
*** YorikSar has joined #openstack-dev11:35
*** markmc has quit IRC11:36
*** aloga has quit IRC11:37
*** schwicht has joined #openstack-dev11:37
*** saju_m has joined #openstack-dev11:40
*** ala has joined #openstack-dev11:40
*** markmc has joined #openstack-dev11:42
*** pcm_ has joined #openstack-dev11:42
*** matsuhashi has joined #openstack-dev11:44
*** topol has joined #openstack-dev11:44
*** pcm_ has quit IRC11:44
*** pcm_ has joined #openstack-dev11:45
*** corXi has quit IRC11:47
*** YorikSar has quit IRC11:48
*** saju_m has quit IRC11:49
*** nmagnezi has joined #openstack-dev11:49
*** markmc has quit IRC11:50
*** kosi has joined #openstack-dev11:50
*** YorikSar has joined #openstack-dev11:51
*** YorikSar has quit IRC11:51
*** YorikSar has joined #openstack-dev11:52
*** pschaef has quit IRC11:52
*** b3nt_pin has joined #openstack-dev11:53
*** bhuvan has joined #openstack-dev11:54
*** kosi has quit IRC11:54
*** markmc has joined #openstack-dev11:55
*** CaptTofu has quit IRC11:55
*** pschaef has joined #openstack-dev11:56
*** julienvey_ has quit IRC11:58
*** kosi has joined #openstack-dev11:58
*** gokrokve has joined #openstack-dev12:00
*** doug_shelley66 has joined #openstack-dev12:00
*** kosi has quit IRC12:00
*** MaxV has joined #openstack-dev12:01
*** rraja has quit IRC12:01
*** DinaBelova_ is now known as DinaBelova12:04
*** julienvey_ has joined #openstack-dev12:04
*** gokrokve has quit IRC12:05
*** amuller has joined #openstack-dev12:05
*** rfolco has joined #openstack-dev12:08
*** julienvey_ has quit IRC12:09
*** jhesketh__ has quit IRC12:12
*** coolsvap_ has joined #openstack-dev12:14
*** samuelbercovici1 has joined #openstack-dev12:15
*** xBsd has joined #openstack-dev12:15
*** samuelbercovici has quit IRC12:17
*** samuelbercovici1 is now known as samuelbercovici12:17
*** coolsvap1 has quit IRC12:17
*** b3nt_pin has quit IRC12:17
*** dkehn_ has joined #openstack-dev12:18
*** julienvey_ has joined #openstack-dev12:18
*** kosi has joined #openstack-dev12:18
*** sarob has joined #openstack-dev12:19
*** aditirav_ has joined #openstack-dev12:21
*** aditirav has quit IRC12:21
*** aditirav_ is now known as aditirav12:21
*** dkehn__ has quit IRC12:21
*** baoli has joined #openstack-dev12:23
*** kosi has quit IRC12:23
*** rohitk has quit IRC12:23
*** baoli has quit IRC12:23
*** sarob has quit IRC12:24
*** baoli has joined #openstack-dev12:25
*** paragan has joined #openstack-dev12:25
*** gcha has joined #openstack-dev12:26
*** xga has joined #openstack-dev12:28
*** raildo has joined #openstack-dev12:28
*** Sumeniac has quit IRC12:31
*** sgordon has joined #openstack-dev12:31
*** sgordon has joined #openstack-dev12:31
*** dperaza has quit IRC12:31
*** IanGovett has joined #openstack-dev12:32
*** YorikSar has quit IRC12:32
*** kosi has joined #openstack-dev12:32
*** YorikSar has joined #openstack-dev12:33
*** eglynn has quit IRC12:33
*** aditirav has quit IRC12:33
*** eharney has quit IRC12:36
*** FunnyLookinHat has joined #openstack-dev12:37
*** Tross has quit IRC12:38
*** rohitk has joined #openstack-dev12:39
*** alex-foo has joined #openstack-dev12:39
alex-foosome of the jenkins tests for git-review are sporadically hanging and I can't get my patch to verify12:39
alex-foohttps://jenkins02.openstack.org/job/gate-git-review-python26/70/12:39
alex-foohttps://review.openstack.org/#/c/7275112:39
alex-fooalso why doesn't jenkins post the job URL to gerrit?12:40
*** lucasagomes is now known as lucas-hungry12:41
YorikSaralex-foo: You have PEP8 failing. It is the only check that is stable in git-review right now.12:43
marekdYorikSar: BTW do you know what's going on with thegerrit?12:44
*** Alexei_987 has joined #openstack-dev12:45
YorikSarmarekd: I doubt it. What's wrong with it?12:45
*** mrunge has quit IRC12:45
*** doug_shelley66 has quit IRC12:45
marekdYorikSar: by saying "it's the only check that is stable in ...[]" did you mean alex-foo patch and his set of tests or gerrit infra in general?12:46
alex-fooYorikSar: i fixed the PEP8 in Patch Set 212:46
YorikSarmarekd: I mean that it's the only check that fails if and only if patch actually fails.12:47
*** bhuvan has quit IRC12:47
marekdYorikSar: okay then, i thought you were talking about the gerrit in general :-) Sorry for the mess.12:47
YorikSarmarekd: nah... Gerrit is fine, git-review is fine. Tests for git-review require about 3 patches to become at least more stable.12:48
alex-fooYorikSar: just looking at the timeline it seems it took 40 minutes for the other real tests to time out12:48
YorikSaralex-foo: Yeah... And that's why I want to push https://review.openstack.org/7122312:49
alex-foobleh12:49
*** dims has joined #openstack-dev12:50
*** aloga has joined #openstack-dev12:50
alex-foo'recheck no bug' is some special comment that jenkins uses?12:50
*** lucas-hungry has quit IRC12:50
*** Sumeniac has joined #openstack-dev12:50
*** thouveng has quit IRC12:50
*** florentflament has quit IRC12:51
YorikSaralex-foo: It signals Zuul to restart checks on this patch12:53
erlonhi guys, Im trying to bring a an openstack install with devstack but the script is stucking with a error:12:53
erlon2014-02-12 07:49:31 [ERROR] /home/steve/devstack/lib/cinder:184 No suitable rootwrap found12:53
alex-fooYorikSar: if i can see a test is hanging can i use it to nudge it into restarting?12:53
erlonany idea??12:53
*** kenperkins has quit IRC12:53
YorikSaralex-foo: You cannot abort test. But you can restart it once it finishes...12:54
alex-fooYorikSar: so i have to wait 40 minutes before i can iterate this test?12:54
alex-foo*patch12:54
*** b3nt_pin has joined #openstack-dev12:55
YorikSaralex-foo: yep...12:55
YorikSaralex-foo: Or you can rebase on top of my patch12:55
*** b3nt_pin is now known as beagles12:55
YorikSaralex-foo: But please don't rebase my patch acidentally (i.e. use "git review -R")12:56
*** nspmangalore has quit IRC12:56
alex-foowho has submit rights on git review?12:57
*** nacim has quit IRC12:57
*** xga_ has joined #openstack-dev12:58
*** schwicht has quit IRC12:58
*** bhuvan has joined #openstack-dev12:58
*** xgsa has quit IRC12:58
*** eglynn has joined #openstack-dev12:58
*** jgallard has joined #openstack-dev12:59
YorikSaralex-foo: I'm currently working with one of core reviewers.13:00
*** mgoddard has quit IRC13:00
*** gokrokve has joined #openstack-dev13:00
YorikSaralex-foo: You can find list of cores of any projects in Gerrit in Admin/Groups13:00
*** vartom1111111113 has joined #openstack-dev13:00
*** henrynash has quit IRC13:00
*** tmclaugh[work] has joined #openstack-dev13:00
*** xgsa has joined #openstack-dev13:01
*** vartom1111111112 has quit IRC13:01
*** xga has quit IRC13:01
*** xga_ has quit IRC13:03
*** noslzzp has joined #openstack-dev13:03
*** lucas-hungry has joined #openstack-dev13:03
*** xga has joined #openstack-dev13:03
*** gokrokve has quit IRC13:05
*** tmclaugh[work] has quit IRC13:05
*** CaptTofu has joined #openstack-dev13:05
*** saju_m has joined #openstack-dev13:05
*** saju_m has quit IRC13:06
*** saju_m has joined #openstack-dev13:07
*** markvoelker1 has joined #openstack-dev13:07
*** Tross has joined #openstack-dev13:09
*** henrynash has joined #openstack-dev13:10
*** jecarey has quit IRC13:10
*** tmclaugh[work] has joined #openstack-dev13:10
*** Tross has quit IRC13:10
*** kosi has left #openstack-dev13:10
*** mwagner_lap has quit IRC13:11
*** nacim has joined #openstack-dev13:12
*** jay-lau-513 has quit IRC13:14
*** jay-lau-513 has joined #openstack-dev13:14
*** mgoddard has joined #openstack-dev13:15
alex-fooYorikSar: i'm on my third run and python 3.3 is now hanging... so frustrating!13:16
*** dkranz has quit IRC13:16
YorikSaralex-foo: Yeah, I've seen it.13:16
alex-foowhy are they hanging?13:16
YorikSaralex-foo: You can rebase your change on top of mine. They won't hang for long then. They'll fail faster.13:17
alex-fooYorikSar: is your change likely to be accepted soon?13:17
YorikSaralex-foo: I really hope so.13:17
*** heyongli has joined #openstack-dev13:18
*** xgsa has quit IRC13:18
*** henrynash has quit IRC13:18
*** lbragstad has quit IRC13:19
*** sarob has joined #openstack-dev13:19
*** mkollaro has joined #openstack-dev13:19
*** yamahata has quit IRC13:19
*** xgsa has joined #openstack-dev13:20
*** dstanek has joined #openstack-dev13:20
*** galstrom_zzz is now known as galstrom13:21
*** eharney has joined #openstack-dev13:22
*** jecarey has joined #openstack-dev13:23
*** sarob has quit IRC13:24
*** henrynash has joined #openstack-dev13:24
*** yamahata has joined #openstack-dev13:25
alex-foointerested to know how the jenkins jobs are secured against arbitrary network access etc. - any pointers?13:25
*** pico-pete has joined #openstack-dev13:27
*** neeti has quit IRC13:28
*** jdob has joined #openstack-dev13:28
*** prad_ has joined #openstack-dev13:29
*** galstrom is now known as galstrom_zzz13:29
*** jhesketh_ has quit IRC13:30
*** henrynash has quit IRC13:30
*** thomasem has joined #openstack-dev13:31
*** galstrom_zzz is now known as galstrom13:31
*** thomasem has left #openstack-dev13:31
*** CaptTofu has quit IRC13:32
*** dprince has joined #openstack-dev13:32
*** thomasem_ has joined #openstack-dev13:32
*** galstrom is now known as galstrom_zzz13:32
*** vladikr has joined #openstack-dev13:32
*** kevinconway has joined #openstack-dev13:33
*** rtheis has joined #openstack-dev13:34
*** doug_shelley66 has joined #openstack-dev13:34
*** thouveng has joined #openstack-dev13:35
*** radez_g0n3 is now known as radez13:38
*** xBsd has quit IRC13:39
*** CaptTofu has joined #openstack-dev13:40
*** julienvey_ has quit IRC13:45
*** yaguang has joined #openstack-dev13:46
*** mfer has joined #openstack-dev13:46
*** julienvey_ has joined #openstack-dev13:47
*** mkollaro has quit IRC13:47
*** henrynash has joined #openstack-dev13:48
*** Tross has joined #openstack-dev13:49
*** lbragstad has joined #openstack-dev13:52
*** rohitk has quit IRC13:53
*** jprovazn has quit IRC13:55
*** jprovazn has joined #openstack-dev13:55
*** lucas-hungry is now known as lucasagomes13:56
*** krtaylor has quit IRC13:56
*** krtaylor has joined #openstack-dev13:57
*** Tross has quit IRC13:57
*** hdd_ has joined #openstack-dev13:58
*** YorikSar_ has joined #openstack-dev13:58
*** mrodden has quit IRC13:59
*** locke105 has joined #openstack-dev14:00
*** gokrokve has joined #openstack-dev14:00
*** heyongli has quit IRC14:00
*** achampion has quit IRC14:01
*** krtaylor has quit IRC14:01
YorikSar_fungi: Hello. Around?14:01
*** krtaylor has joined #openstack-dev14:02
*** nmagnezi has quit IRC14:02
*** coolsvap_ has quit IRC14:02
*** tdruiva has joined #openstack-dev14:02
*** YorikSar has quit IRC14:03
*** YorikSar_ is now known as YorikSar14:03
*** sahid has quit IRC14:04
*** sahid has joined #openstack-dev14:04
*** gokrokve has quit IRC14:05
*** yamahata has quit IRC14:05
*** vartom1111111113 has quit IRC14:05
*** tdruiva has quit IRC14:05
*** zzelle has joined #openstack-dev14:06
*** vartom1111111113 has joined #openstack-dev14:06
dimssaschpe_, ping14:06
saschpe_dims: pong14:06
dimssaschpe_, need your help to unblock this review https://review.openstack.org/#/c/72330/ which is stuck because of a problem with installing data files to /etc/ i've added a rollback review https://review.openstack.org/#/c/72949/ please take a look14:07
*** glenng has quit IRC14:07
*** CaptTofu has quit IRC14:08
fungiYorikSar: yeah, i'm around. what do you need?14:08
YorikSarfungi: I want to try to push 3 changes to git-review that should make test accuracy bearable14:09
*** tdruiva has joined #openstack-dev14:09
*** tdruiva has quit IRC14:09
*** CaptTofu has joined #openstack-dev14:10
saschpe_dims: can you point me to the gate code that installs deps?14:10
*** glenng has joined #openstack-dev14:10
*** sweston has joined #openstack-dev14:10
*** tdruiva has joined #openstack-dev14:10
*** yamahata has joined #openstack-dev14:10
*** thuc has joined #openstack-dev14:10
YorikSarfungi: SergeyLukjanov was looking at https://review.openstack.org/71223 and wants 2 more successes from Jenkins, but I'd suggest pushing it as is. It should at least make Jenkins fail fast.14:10
*** vartom1111111113 has quit IRC14:10
YorikSarfungi: https://review.openstack.org/70685 should fix about half of problems that still appear14:11
*** nmagnezi has joined #openstack-dev14:12
*** cagrev has joined #openstack-dev14:12
YorikSarfungi: and https://review.openstack.org/72910 should provide better logs if something fail so that we can continue investigating what's going wrong.14:12
*** vkmc has joined #openstack-dev14:12
*** mrodden has joined #openstack-dev14:12
*** Tross has joined #openstack-dev14:13
fungiYorikSar: the test completion times on all the rechecks of 71223 are very promising14:13
YorikSarfungi: Yeah... But it looks like we don't see proper Timeout exception because of my addition about known_hosts.14:14
*** sweston has quit IRC14:14
fungiYorikSar: i remember discussing 70685 but hadn't reviewed that latest solution. doing so now14:15
YorikSarfungi: It's a really great suggestion provided by cboylan :)14:16
dimssaschpe_, no clue. looking14:17
*** dkranz has joined #openstack-dev14:17
saschpe_dims: I suspect a pbr issue, I'll look14:17
dimssaschpe_, thanks.14:17
YorikSarOh, it's clarkb, not cboylan :)14:18
fungiYorikSar: yeah, he and i were network engineers in former lives, so we batted the idea of overloading the loopback /8 around for a while14:18
*** pschaef has quit IRC14:18
*** doug-fish has quit IRC14:18
fungii agree it's an elegant workaround for the problem14:18
*** xga has quit IRC14:18
YorikSarclarkb: Hi, can you join us?14:18
*** yamahata has quit IRC14:19
YorikSarfungi: I'd say it's a solution, not workaround. Current implementation limits us with 1k individual tests.14:19
fungiYorikSar: he likely can't. the sun's not up in his timezone yet (he's further west than i am, and i only just started eating breakfast)14:19
*** sarob has joined #openstack-dev14:19
YorikSarfungi: And it can be easily scaled up to 1m by mediating ports as well.14:20
*** hartsocks has joined #openstack-dev14:20
fungiagreed. i meant it's a workaround to the problem of being unable to have gerrit grab an ephemeral port allocation from the kernel (because this is actually an integration test and we don't have low-level control over its port-binding method as a result)14:21
*** saju_m has quit IRC14:21
*** rossella_s has quit IRC14:22
*** yamahata has joined #openstack-dev14:23
*** sarob has quit IRC14:24
fungiYorikSar: i definitely want to merge 70685 as soon as possible, but i'm taking the opportunity of tests being broken to exercise the other two, since we won't be able to see as easily if they're doind what we want once tests consistently succeed14:25
YorikSarfungi: Unfortunatelly that change won't fix all tests.14:26
YorikSarfungi: It still failed couple times by itself.14:26
*** joesavak has joined #openstack-dev14:27
fungipatchset 3 of 70685 doesn't seem to have failed yet14:27
*** tongli has joined #openstack-dev14:27
fungibut i'm rechecking it a few more times to see what else we have going on there14:28
*** gokrokve has joined #openstack-dev14:28
YorikSarfungi: Oh, nice...14:28
*** ayoung has joined #openstack-dev14:29
YorikSarfungi: But I still wonder why would tests timeout.14:29
YorikSarfungi: I think, there's something wrong with Gerrit's gerrit.sh. It waits indefinitelly for Gerrit to get up.14:30
fungiYorikSar: anyway, some time today i'll get clarkb or SergeyLukjanov to look over 71223 and 72910 again (i've already +2'd all three of those patches) and try to get them all in14:30
*** thuc has quit IRC14:30
*** Tross has quit IRC14:30
*** bswartz1 has joined #openstack-dev14:30
fungiYorikSar: we could certainly add a timeout command in that shell script to fail it after a sane amount of time14:30
*** thuc has joined #openstack-dev14:30
*** bswartz has quit IRC14:30
YorikSarfungi: Yeah... But it sounds like duplication of Timeout fixture's work.14:31
SergeyLukjanovfungi, YorikSar, looking on them atm14:31
BobBallfungi: Any chance you can set up the service account for citrix_xenserver_ci?  We're tyring to tie the configuration together ATM and it's a bit of a missing link :)14:31
fungior if the daemon disassociates too soon from the controlling terminal, a loop and kill14:31
*** irenab has quit IRC14:31
fungiBobBall: sure thing--did you request it on the -infra ml or via bug to openstack-ci? i'm a couple days behind on ml reading and bug triage i'm afraid14:32
BobBallML14:32
BobBalland no problem - I know things are hectic and normally we'd be quite happy to wait, but we've got the I-3 deadline looming for XenAPI :)14:32
fungiBobBall: awesome. i'll hunt it down and try to get through new account requests on the whole today. sorry about any delay14:32
BobBallPerfect, thanks! Appreciated!14:33
fungiassuming my electricity stays on, anyway. the national weather service is all doom and gloom for my area14:33
BobBallyeah - its' weird all over the place ATM!14:34
*** gordc has joined #openstack-dev14:34
YorikSarBobBall, fungi: where're you from, guys?14:34
*** henrynash has quit IRC14:34
SergeyLukjanovfungi, YorikSar, https://review.openstack.org/#/c/71223/ works again, so, I'm agreed with merging it to make tests failing faster14:35
*** thuc has quit IRC14:35
BobBallI'm UK - we've had very heavy storms here - but I've heard about the fun weather stateside too14:35
*** cnesa has quit IRC14:37
*** mriedem has joined #openstack-dev14:37
SergeyLukjanovfungi, YorikSar, IMO https://review.openstack.org/#/c/72910/ could be approved after at least one +1 from jenkins :)14:37
YorikSarSergeyLukjanov: I think it'll pass once 70685 will land :)14:38
*** henrynash has joined #openstack-dev14:38
mflobo_Someone to code-review this patch, please? https://review.openstack.org/#/c/68603/14:38
*** saju_m has joined #openstack-dev14:38
*** mflobo_ has quit IRC14:38
YorikSarBut it'll take a lot of time before it fails w/o 71233...14:39
*** mflobo has joined #openstack-dev14:39
SergeyLukjanovYorikSar, 70865 approved due 3x +214:39
*** clayb has joined #openstack-dev14:39
SergeyLukjanovfungi, are you ok with approving 71233? it looks like that it at least help us to push other fixes14:40
YorikSarSergeyLukjanov: Oh... fungi wanted to keep it hanging to let others to be checked with failing gate...14:40
*** jmckind has joined #openstack-dev14:40
*** aditirav has joined #openstack-dev14:40
YorikSarSergeyLukjanov: I mean, 7086514:40
*** rossella_s has joined #openstack-dev14:41
*** bswartz1 has quit IRC14:42
*** pschaef has joined #openstack-dev14:42
SergeyLukjanovYorikSar, heh, I've -2'd it, can't remember actually will it stop zuul or not ;)14:42
*** mgagne has quit IRC14:42
*** bswartz has joined #openstack-dev14:44
*** mgagne has joined #openstack-dev14:44
fungiYorikSar: i'm in the middle of the eastern coast of the usa. we have significant ice storms predicted for later today14:44
YorikSarSergeyLukjanov: Looks like it's going to hang anyway...14:44
*** mgagne has quit IRC14:44
*** aeperezt has joined #openstack-dev14:44
*** galstrom_zzz is now known as galstrom14:44
*** cnesa has joined #openstack-dev14:45
SergeyLukjanovYorikSar, yup14:45
fungiYorikSar: SergeyLukjanov: we've probably already collected enough data on the multiple rechecks of the other two changes at this point. we can always emulate timeouts with a throwaway patch later if we want14:45
*** armax has joined #openstack-dev14:45
YorikSarGood news: 70685 won't cure us entirely :)14:45
fungiheh14:45
*** cfriesen has joined #openstack-dev14:46
SergeyLukjanovYorikSar, bah14:46
*** jamieh has quit IRC14:47
*** mohits has joined #openstack-dev14:47
*** jamieh has joined #openstack-dev14:47
*** peristeri has joined #openstack-dev14:48
SergeyLukjanovso, we have a patch with 1) 2m timeout to prevent 1h hangs for test, 2) gerrit port selection improvements and 3) known_hosts attachment fix14:48
SergeyLukjanov#1 and #3 could help us to debug/land other fix14:48
*** mkollaro has joined #openstack-dev14:48
SergeyLukjanovfungi, YorikSar, ^^14:48
YorikSarSergeyLukjanov, fungi: how about we push 2m timeout change? It looks like the other two will hang for at least 40m now.14:48
saschpe_dims: revert was merged, that should unblock it. i have to discuss the underlying setuptools issue upstream first before reattempting this :-)14:49
*** bhuvan has quit IRC14:49
SergeyLukjanovYorikSar, I'm ok with landing timeout and known_hosts attachment fix14:49
YorikSarAt least I'll be able to reverify them during my evening :)14:49
saschpe_in short, --prefix is added in front of all data_files, which is wrong14:49
*** nermina has joined #openstack-dev14:50
fungiYorikSar: SergeyLukjanov: sounds great14:50
*** stevemar has joined #openstack-dev14:50
*** mriedem has quit IRC14:51
SergeyLukjanovfungi, YorikSar, approving them and let's look on the port selection14:51
*** pschaef has quit IRC14:51
*** mohits has quit IRC14:52
SergeyLukjanovfungi, do you remember, will zull reject change if it'll be -2'd after approving?14:52
*** cnesa has quit IRC14:52
fungiSergeyLukjanov: yes, when it tries to merge it will at that point see the -2 and refuse to do so14:52
stevemardstanek, the first part of your comment on my refactor (soon to be fix) for base_url in trusts had me surprised14:52
SergeyLukjanovfungi, awesome14:52
*** cnesa has joined #openstack-dev14:52
*** dvarga has joined #openstack-dev14:52
*** achampion has joined #openstack-dev14:53
dimssaschpe_, thanks a ton14:53
fungiSergeyLukjanov: on the to do list for zuul is to have it notice -2 cdrv or 0 aprv events in the stream for enqueued changes and abort their jobs immediately instead of waiting until merge time to check14:53
fungiabort their jobs and completely dequeue them14:53
SergeyLukjanovfungi, yup, good idea14:54
*** pschaef has joined #openstack-dev14:54
*** rcleere has quit IRC14:54
*** yamahata has quit IRC14:55
*** zaitcev has joined #openstack-dev14:57
YorikSarSergeyLukjanov: In fact, now you can bring back you +2 and +A since we're agreed that we're ready to land that change.14:57
*** jamieh has quit IRC14:57
*** dims has quit IRC14:57
stevemardstanek, i'm running some of the trust tests in v3 auth on master branch now, and seeing the correct behaviour for trusts self link... i'm wondering if you did anything different?14:58
*** YorikSar_ has joined #openstack-dev14:59
SergeyLukjanovYorikSar, I think that we've agreed on merging timeout and known_hosts14:59
SergeyLukjanovYorikSar, reading scroll back, too many chats in parallel14:59
*** xga has joined #openstack-dev14:59
*** browne has joined #openstack-dev15:00
*** jamieh has joined #openstack-dev15:00
*** andreaf has quit IRC15:00
*** doug-fish has joined #openstack-dev15:00
*** dims has joined #openstack-dev15:00
*** YorikSar has quit IRC15:00
*** YorikSar_ is now known as YorikSar15:01
*** vijendar has joined #openstack-dev15:01
*** otherwiseguy has joined #openstack-dev15:01
*** yamahata has joined #openstack-dev15:02
YorikSarSergeyLukjanov: Ok, gtg now. I'll take a look at changes again from home.15:02
sdagueso is it common for keystone reviews to sit for 2 weeks with a +2 on them without any other core votes?15:02
dolphmsdague: link?15:02
sdaguehttps://review.openstack.org/#/c/69218/ and https://review.openstack.org/#/c/69219/15:03
*** alex_xu has quit IRC15:03
*** byeager has joined #openstack-dev15:03
*** tsekiyama has joined #openstack-dev15:04
*** danielbruno has joined #openstack-dev15:04
*** jnoller has joined #openstack-dev15:05
*** mohits has joined #openstack-dev15:06
*** mgagne has joined #openstack-dev15:06
*** hartsocks has quit IRC15:07
*** edmund has joined #openstack-dev15:07
stevemardstanek, i see the bug now, it's only in list trusts15:08
*** kenperkins has joined #openstack-dev15:09
*** arosen has quit IRC15:09
dolphmgyee: you +2'd this right before a rebase https://review.openstack.org/#/c/68548/15:09
*** kolesovdv has quit IRC15:10
*** dvarga is now known as dvarga|away15:10
*** dvarga|away is now known as dvarga15:10
dstanekhi stevemar15:11
dstanekstevemar: that was a wierd one15:11
*** mdenny has joined #openstack-dev15:11
stevemardstanek, yeah, interesting15:11
stevemardstanek, i don't think any of the extensions do the links properly15:12
stevemardstanek, more work then15:12
*** bhuvan has joined #openstack-dev15:13
*** Tross has joined #openstack-dev15:13
*** eglynn is now known as eglynn-afk15:13
*** max_lobur is now known as max_lobur_afk15:14
*** CaptTofu has quit IRC15:17
*** Gordonz has joined #openstack-dev15:18
*** Gordonz has quit IRC15:18
*** Gordonz has joined #openstack-dev15:18
*** sarob has joined #openstack-dev15:19
*** devoid has joined #openstack-dev15:19
stevemarbknudson, can you review https://review.openstack.org/#/c/72544/ it should get rid of the last errors we were seeing in doc building15:20
*** thouveng has quit IRC15:22
*** MaxV has quit IRC15:23
*** MaxV has joined #openstack-dev15:23
*** kbrierly has joined #openstack-dev15:23
*** sarob has quit IRC15:24
*** rcleere has joined #openstack-dev15:24
*** dbalog has joined #openstack-dev15:24
ayoungjdennis, I'm working on compressing PKI tokens.  In doing so, I want to redo the test for a PKI token.  I want to replace the check for "MII" at the front with a base64 decdoe15:25
ayoungdecode15:25
*** FunnyLookinHat has quit IRC15:25
ayoungjdennis, as you know, we do a non-standard transform to go from base64 standard encoding to an URL safe format (replace /  with -)15:26
*** jpomero has joined #openstack-dev15:26
BLZbubbahow useful is the Baremetal system in Havana?15:26
ayoungI'm trying to determine if I can safely ignore that when testing the token:  both characters show up as valid Base64  if I use pythons base64.urlsafe_b64decode, just in once case the decoded doc would be garbage.15:27
*** MaxV has quit IRC15:28
ayoungHowever, I'm a little reluctant to just blindly assume - should be /  and transform the document.15:28
BLZbubbaand also, is there an easy way to snapshot and redeploy a whole tenant, and give each tenant its own dns subdomain?15:28
*** Shaan7 has joined #openstack-dev15:28
*** Shaan7 has joined #openstack-dev15:28
ayoungjdennis, If, instead of the openssl cms producing PEM,  I could produce DER and encode using base64.urlsafe_b64encode.  If I do that, I assume I will never get a '/'15:29
*** tzabal has joined #openstack-dev15:29
*** Tross has quit IRC15:29
ayoungI'm guessing that what I need to  do is to decode  assuming - means - (urlsafe)  then test if the underlying doc is ASN 1.  If it is not ASN1, do the transform from - to / and decode standard.15:30
ayoungdstanek, stevemar ^^ I was asking jdennis since he has some familiarity here, but if either of you guys know, please chime in15:31
*** carl_baldwin has joined #openstack-dev15:31
jdennisayoung: maybe I'm not following you fully, sounds like you're trying to invent a heuristic that is not robust15:32
*** MaxV has joined #openstack-dev15:32
*** zoresvit has joined #openstack-dev15:33
*** sballe has joined #openstack-dev15:33
jdennisayoung: the absence of a single alphabet character does not tell you anything about the alphabet in use15:33
jdennisayoung: also, not sure what you mean by PEM vs. DER, I don't see how that changes anything15:34
ayoungjdennis, OK, let me start with the PEM vs DER thing15:35
jdennisayoung: maybe you could start with what you're trying to accomplish15:35
*** colinmcnamara has joined #openstack-dev15:35
ayoungCurrent code to create a token signed the docuemnt in PEM format, then strips the header and foorter, and converts the / to the - character15:35
ayoungif I want to test to see if this is a valid token, I don't need to convert all the way back to PEM format (add the headers) I just need to:15:36
*** sergmelikyan has quit IRC15:36
ayoungconvert -  back to / and base64 decode15:36
*** samuelbercovici has quit IRC15:36
*** tkammer has quit IRC15:37
*** dkehn__ has joined #openstack-dev15:37
*** coolsvap has joined #openstack-dev15:37
jdennisayoung: what is your definition of a valid token?15:38
*** dkehn_ has quit IRC15:38
ayoungjdennis, ah, good point, so the check is_asn1_token is used to distinguish between UUID token and a PKI based token15:38
*** atiwari has joined #openstack-dev15:39
ayoungone must be validated via online lookup, the other can be checked in process15:39
*** nelsnelson has joined #openstack-dev15:39
*** chandan_kumar has quit IRC15:39
*** chandan_kumar has joined #openstack-dev15:40
ayoungso I am trying to make changes in the client code to check the validity that will work on top of the patch you saw to replace the server keystone.common.cms with the client keystoneclient.common.cms15:40
jdennisayoung: ok, so are you asking if is_asn1_token implemented correctly or if once you know it's a PKI based token how to validate it?15:40
ayoungjdennis this is a case of stepping into messy code and figuring out the right way to fix it.  I had a big patch that was origianlly for compressing the PKI tokens, but if I make them smaller, the is_asn1_token check for "MII" fails15:42
ayoungsoi I need to clean up that function15:42
*** JoshuaG_AIM has joined #openstack-dev15:42
ayoungMII is the length of the document, but with compression, the tokens will be shorter, and might not start with MII anymore15:42
*** Tross has joined #openstack-dev15:42
ayoungso...first thing is to clean up the check is_asn1_token.  I think the robust-but-expensive approach would be:15:43
*** dkehn_ has joined #openstack-dev15:43
ayoung1.  Do a base64  decode followed by an ASN1 parse.  If that succeeds, it is an asn1 token15:44
jdennisayoung: well right :-) Isn't this what I said earlier? Aren't you trying to invent a hueristic, one that's difficult to implement robustly? Why not tag the data and eliminate fancy guessing?15:44
JoshuaG_AIMDoes anyone know how to attach a software vlan to a hardware vlan in Open Stack?15:44
ayoungjdennis, because I need to deal with existing tokens as well.  We need to be able to transition15:44
bknudsonayoung: existing tokens have MII15:44
bknudsonMII should still work15:44
bknudson"work" in quotes15:45
bknudsonunless a UUID token happens to start with MII15:45
ayoungbknudson, not possible15:45
ayoungUUID is hexadecimal only15:45
ayounguuid.uuid4().hex15:45
ayoungbknudson, there is also an outstanding bug for tokens that are too large they do not start with MII,  but MIJ15:46
bknudsonayoung: that should make picking a prefix easy... pick something outside of the hex digit range15:46
*** rgerganov_ has joined #openstack-dev15:46
ayoungbknudson, I'm trying to avoid that15:46
*** dkehn__ has quit IRC15:47
*** dkehn__ has joined #openstack-dev15:47
*** tsekiyam_ has joined #openstack-dev15:47
jdennisayoung: I think your basic approach is right, try decompressing, then apply the test. But really this is why unknown, unstructured data is always a bad idea15:47
*** rtheis_ has joined #openstack-dev15:47
bknudsonayoung: what's wrong with defining a prefix?15:47
*** cagrev_ has joined #openstack-dev15:47
*** aswadrangnekar1 has joined #openstack-dev15:47
*** mflobo_ has joined #openstack-dev15:47
ayoungbknudson, it takes something that is in a standard file format (base64 encode) and morphs it into a hybrid:  part Base64, part text15:47
*** sweston has joined #openstack-dev15:48
*** CaptTofu has joined #openstack-dev15:48
bknudsonayoung: use a different header15:48
ayoungit means that you can't just take a token and run it through a CLI to get the underlying data...which jdennis found out the hard way15:48
*** iartaris` has joined #openstack-dev15:48
ayoungbknudson, so..I'll do a header if necessary15:48
*** MIDENN_ has joined #openstack-dev15:48
*** MIDENN_ has quit IRC15:48
*** sarob has joined #openstack-dev15:48
*** dstanek_afk has joined #openstack-dev15:48
*** prad_ has quit IRC15:49
*** MIDENN_ has joined #openstack-dev15:49
bknudsonthe token will be like G-{base64-encoded}15:49
*** xarses has quit IRC15:49
ayoungpart of this is that I am trying to break the large patch from last night into smaller, reviewable chunks that will also individually pass the gate15:49
jdennisayoung: I think it's way better to use a header or prefix or whatever you want to call it, common usage is {xxx} fwiw15:49
bknudsonso you run the part after G- through CLI15:49
*** davidlenwell_ has joined #openstack-dev15:49
*** gcha has quit IRC15:49
ayoungBut that doesn't work for existing tokens, and dolphm objected to defining two different file formate15:50
ayoungformas15:50
ayoungugh15:50
ayounganyway15:50
*** cfriesen_ has joined #openstack-dev15:50
*** MaxV_ has joined #openstack-dev15:50
*** galstrom is now known as galstrom_zzz15:50
JoshuaG_AIMDoes anyone know how to attach a software vlan to a hardware vlan in Open Stack?15:51
*** gcha has joined #openstack-dev15:51
*** gcha has quit IRC15:51
*** carlp has joined #openstack-dev15:51
*** jprovazn has quit IRC15:51
*** cdub_ has joined #openstack-dev15:51
*** SpamapS_ has joined #openstack-dev15:51
ayoungThe mistake I made was doing my own base64 url-safe approach as opposed to using a standard one.15:51
*** jmontemayor has joined #openstack-dev15:52
*** yeylon__ has quit IRC15:52
*** gilliard_ has joined #openstack-dev15:52
bknudsonwhy do PKI tokens need to be url safe?15:52
*** jp_at_hp1 has joined #openstack-dev15:52
jdennisayoung: we really should get the base64utils and pemutils patch in15:52
ayoungbknudson, because they are sent over the wire15:52
bknudsonayoung: in a url?15:53
*** atiwari_ has joined #openstack-dev15:53
ayoungjdennis, are they submitted against python-keystoneclient15:53
*** gcha has joined #openstack-dev15:53
ayoungbknudson, in a header15:53
*** sarob has quit IRC15:53
*** yaguang has quit IRC15:53
*** kgriffs_afk is now known as kgriffs15:53
ayoungbknudson, curl etc barfs if they are not url safe15:53
bknudsonseems like they need to be header-safe and not url safe?15:53
ayoungthey get misparsed15:53
ayoungsame diff15:54
ayoungbknudson, the utility is called URL safe15:54
*** jamespag` has joined #openstack-dev15:54
*** jamespag` has joined #openstack-dev15:54
ayoung base64.urlsafe_b64decode  will produce different output than  base64.b64decode(15:54
*** AlanClark has joined #openstack-dev15:54
ayoung>>> print raw215:55
ayoung----------------------------------------15:55
ayoungso that would get15:55
ayoung>>> base64.urlsafe_b64decode(raw2)15:55
ayoung'\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe\xfb\xef\xbe'15:55
ayoungbut15:55
ayoung>>> base64.b64decode(raw2)15:55
ayoung''15:55
jdennisayoung: pemutils and base64utils was submitted to keystone, but now it sounds like were moving the common code to keystone-client15:55
*** thedodd has joined #openstack-dev15:55
*** rgerganov_ has quit IRC15:55
jdennisbknudson: there is a whole write-up on this issue in my patches15:56
*** prad_ has joined #openstack-dev15:56
ayoungboth are considered valid base64.  Just the underlying asn1 would be corrupted if the wrong one were used.  I think that for "is_asn1_token" I can ignore the difference15:56
bknudsonayoung: ok. I don't have any objection to use base64.urlsafe_b64encode ... doesn't seem necessary for a header, though.15:56
*** dkehn_ has quit IRC15:56
*** atiwari has quit IRC15:56
*** MaxV has quit IRC15:56
*** mdenny has quit IRC15:56
*** tsekiyama has quit IRC15:56
*** mkollaro has quit IRC15:56
*** cfriesen has quit IRC15:56
*** mflobo has quit IRC15:56
*** dkranz has quit IRC15:56
*** cagrev has quit IRC15:56
*** rtheis has quit IRC15:56
*** dstanek has quit IRC15:56
*** jay-lau-513 has quit IRC15:56
*** tmclaugh[work] has quit IRC15:56
*** markmc has quit IRC15:56
*** jruzicka has quit IRC15:56
*** martyntaylor has quit IRC15:56
*** qba73 has quit IRC15:56
*** jp_at_hp has quit IRC15:56
*** ygbo has quit IRC15:56
*** bvandenh has quit IRC15:56
*** iartarisi has quit IRC15:56
*** I159 has quit IRC15:56
*** viktors has quit IRC15:56
*** bauzas has quit IRC15:56
*** aswadrangnekar has quit IRC15:56
*** jaypipes has quit IRC15:56
*** alop has quit IRC15:56
*** erkules has quit IRC15:56
*** cdub has quit IRC15:56
*** coasterz has quit IRC15:56
*** nplanel has quit IRC15:56
*** d0ugal has quit IRC15:56
*** jamespage has quit IRC15:56
*** haleyb has quit IRC15:56
*** rgerganov has quit IRC15:56
*** SpamapS has quit IRC15:56
*** ogelbukh has quit IRC15:56
*** davidlenwell has quit IRC15:56
*** mordred has quit IRC15:56
*** gmoro has quit IRC15:56
*** gilliard has quit IRC15:56
ayoungjdennis, can you resubmit them against client15:56
ayoungjdennis, can you resubmit them against client15:56
*** zul has joined #openstack-dev15:56
*** devoid has quit IRC15:56
*** jay-lau-513 has joined #openstack-dev15:57
*** markwash has joined #openstack-dev15:57
ayoungjdennis, BTW, thanks for the review on the "dedupe of CMS"  I'll push that along15:57
*** alop has joined #openstack-dev15:57
*** ifarkas has quit IRC15:58
*** pradeep1 has quit IRC15:58
*** d0ugal has joined #openstack-dev15:58
jdennisbknudson: part of the problem we're trying to correct is that we invented another non-standard base64 alphabet when there was already an RFC defined alphabet with support already present in core python15:58
ayoungjdennis, ++15:58
*** yjiang51 has joined #openstack-dev15:59
ayoungI'm trying to provide a transition strategy15:59
*** chandan_kumar has quit IRC15:59
*** kmartin has joined #openstack-dev15:59
*** chandankumar_ has joined #openstack-dev15:59
*** irenab has joined #openstack-dev15:59
*** _rdas_ has joined #openstack-dev15:59
*** dims has quit IRC15:59
ayoungjdennis, so to use the python library version, I want to do  openssl cms -inform=DER  and then base64.urlsafe_b64encode instead15:59
*** nermina has quit IRC15:59
*** atiwari_ has quit IRC16:00
*** rdas has quit IRC16:00
ayoungOf course, that is a server change, ATM16:00
*** atiwari has joined #openstack-dev16:00
*** carlp has quit IRC16:00
*** markwash_ has joined #openstack-dev16:00
*** tmclaugh[work] has joined #openstack-dev16:01
*** cnesa has quit IRC16:01
*** Ruetobas has quit IRC16:01
*** coolsvap1 has joined #openstack-dev16:01
jdennisayoung: yes you want to use the urlsafe_b64{encode,decode} variants16:01
*** markwash has quit IRC16:01
*** markwash_ is now known as markwash16:01
*** amotoki_ has joined #openstack-dev16:02
*** jckasper has joined #openstack-dev16:02
*** jaypipes has joined #openstack-dev16:02
*** gmoro has joined #openstack-dev16:02
*** ogelbukh has joined #openstack-dev16:02
*** ygbo has joined #openstack-dev16:02
ayoungjdennis, so I'm trying to introduce as small a change at a time to do that.    First is to make the client accept either format16:02
*** markmc has joined #openstack-dev16:02
*** bvandenh has joined #openstack-dev16:02
*** qba73 has joined #openstack-dev16:02
*** jruzicka has joined #openstack-dev16:02
*** paragan has quit IRC16:03
*** erkules has joined #openstack-dev16:03
*** sarob has joined #openstack-dev16:03
*** dkranz has joined #openstack-dev16:03
*** haleyb has joined #openstack-dev16:03
*** Ruetobas has joined #openstack-dev16:03
*** coolsvap has quit IRC16:03
*** nplanel has joined #openstack-dev16:03
*** coasterz has joined #openstack-dev16:03
sdakeapparently something I was doing to get tox and testr rolling broke my env, and now I get http://paste.fedoraproject.org/76582/13922209 when installing a python program via setup16:03
sdakeany tips?16:03
*** martyntaylor has joined #openstack-dev16:04
*** viktors has joined #openstack-dev16:04
sdakegoogle has no answers16:04
*** comay has quit IRC16:04
*** mordred has joined #openstack-dev16:04
*** I159 has joined #openstack-dev16:04
*** dstanek_afk is now known as dstanek16:04
*** iartaris` is now known as iartarisi16:04
jdennisayoung: I could sit down and try to figure out a robust way to determine which alphabet is in use, but I'm in the middle of the utf-8 fixes atm,16:05
ayoungjdennis, NP16:05
*** bauzas has joined #openstack-dev16:05
ayoungjdennis, just writing it out has made the issues clearer for me16:05
jdennisayoung: why not solve the entire problem with a prefix, it makes everything much cleaner and is extensible16:05
jdennisayoung: if you don't see a prefix then you know you're dealing with legacy and you only have 2 options16:06
*** FunnyLookinHat has joined #openstack-dev16:06
jdennisayoung: if you see a prefix then the world is beautiful because you can key off the prefix and all problems go away16:06
roaetAnyone run into TypeError: dist must be a Distribution instance when installing things? (neutron in my case)16:07
ayoungjdennis, except that you now have a custom file format that none of the tools work on without know-how16:07
jdennisayoung: what file format? we're not discussing a file format at all16:08
*** sarob has quit IRC16:08
alex-foothe git-review tests are completely unstable, i've tried 4 times to get them through now but at least 1 of 2.6, 2.7 or 3.3 will fail sporadically and it takes FORTY MINUTES to time out :/16:08
ayoungjdennis, and are the a standard set of {prefxies} or do we just make something up?16:08
*** Ruetobas has quit IRC16:08
jdennisayoung: what I'm talking about is a format for token id's, that's exclusive to openstack and will only ever been seen in protocol exchanges16:09
ayoungjdennis, I'm not certain about that.  I'd like to avoid inventing my own file format if necesary, but I can see your point.16:10
*** gcha has quit IRC16:10
jdennisayoung: the problem is we have a data item, the token_id, and it's a string that has to be interpreted, but there is no information on how to interpret the string16:10
jdenniswhat file format?16:10
*** mrda_away is now known as mrda16:11
*** Ruetobas has joined #openstack-dev16:11
jdenniswhere is the token_id ever stored in a file that is parsed later?16:11
*** anniec has joined #openstack-dev16:11
*** gyee has quit IRC16:11
*** branen has joined #openstack-dev16:12
*** nosnos has quit IRC16:12
cyeohmikal: would you mind having a look at https://review.openstack.org/#/c/63566/ ? Has one +2 already16:13
*** otherwiseguy has quit IRC16:13
*** nshaikh has left #openstack-dev16:14
*** xmltok has joined #openstack-dev16:14
jdennisayoung: if you're looking for an analogy then consider password hashes in ldap attributes, folks wold store raw hash values in the attribute16:14
*** dims has joined #openstack-dev16:14
*** markmcclain has joined #openstack-dev16:14
*** kushal has quit IRC16:14
jdennisayoung: but that only worked if you knew apriori which hash was used and it prevented you from ever using other hashes16:15
*** david-lyle has joined #openstack-dev16:15
*** rodrigods has quit IRC16:15
*** anniec_ has joined #openstack-dev16:16
*** anniec has quit IRC16:16
*** anniec_ is now known as anniec16:16
*** neeti has joined #openstack-dev16:16
*** sushil_ has quit IRC16:17
*** dhellmann_ is now known as dhellmann16:17
jdennisayoung: the solution adopted was to prefix each hash in a password attribute with {xxx} where xxx identifies the hash algorithm, if the hash starts with {*} then you strip off the prefix and use the remainder, and the prefix tells you exactly how to interpret the remainder, if there is no prefix then you're legacy and have to fall back to some default16:17
*** AlexF has joined #openstack-dev16:18
*** mriedem has joined #openstack-dev16:18
ayoungjdennis, then the comparable solution here would be to put the form of base64 encoding used in {}16:18
jdennisayoung: that's the basic idea, but it's more than just base64, all base64 tells you is you've got binary data, not what kind of binary data, right?16:19
*** tjones has joined #openstack-dev16:19
*** gyee has joined #openstack-dev16:19
jdennisayoung: there should be a prefix for UUID format as well16:19
ayoungjdennis, so...I end up putting all of the operations into the prefix16:19
*** hartsocks has joined #openstack-dev16:20
ayoungso what do I do?  go all cobal like?16:20
jdennisayoung: it's really simple, you're presented with a blob of data, you need something to tell you how to interpret that blob, or you have to invent rickity hueristics16:20
*** pablosan has joined #openstack-dev16:21
ayoungjdennis, {md5}  or {sha1} are standard formats16:21
*** pmathews has joined #openstack-dev16:21
*** zoresvit has quit IRC16:21
ayoungthe standard format I want here doesn't quite exist16:21
ayoungsince openssl selected standard base64 instead of URL safe...16:21
jdennisayoung: those are standard for the case of password hashes, but we're in our own domain here, we can define whatever we want16:22
ayoungor  CMS rfs specified16:22
ayoungexcept that all I want is the DER file underneath16:22
ayoungand base64 is the way to make it so I can transprot it across the wire.16:22
*** hartsocks has quit IRC16:22
ayoungtransport16:22
devanandajog0: hacking question - is there a general opinion in interpolating LOG messages vs passing in parameters?16:22
jdennisayoung: I think you're too deep in the details, pop up a level16:23
*** alex_xu has joined #openstack-dev16:24
*** thomasem_ is now known as thomasem16:24
*** Mandell has quit IRC16:24
*** tanisdl has joined #openstack-dev16:25
*** otherwiseguy has joined #openstack-dev16:25
*** beagles is now known as beagles_brb16:25
jdennisayoung: the token id is a blob of data, it has both formatting and content, you need to know it's formatting to interpret it's content16:25
*** buzztroll has joined #openstack-dev16:26
*** tanisdl has joined #openstack-dev16:26
ayoungjdennis, my goal is to get away from that.  I want to be able to say "token is an urlsafe base64 encoded CMS document in DER format"16:26
*** prad__ has joined #openstack-dev16:26
*** sushils has joined #openstack-dev16:27
jdennisayoung: you need something, either a prefix or some other attribute which is bound to it which tells you how to interpret the token id blob16:27
ayoungThen people can use base64 decode and CMS utilities.  It makes the integration with other languages easy, and so forth.  I don;t want to proviude multiple options, I want to atone for the sins of the past16:27
*** thuc has joined #openstack-dev16:27
*** prad_ has quit IRC16:28
*** neelashah has joined #openstack-dev16:28
jog0devananda: passing in is prefered but not a big deal16:29
jog0passing in is the standard logging way16:29
jog0there is a reason why its considered better, but I forgot16:29
jdennisayoung: but what happens when "token is an urlsafe base64 encoded CMS document in DER format" is no longer sufficient? you want to code for extensibility and robustness16:29
ayoungjdennis, at that point I will find a new profession.  I'm thinking hot dog vendor16:30
devanandajog0: i'll take "not a big deal" to mean "not worth enforcing in hacking" :)16:30
*** dvarga is now known as dvarga|away16:30
*** dvarga|away is now known as dvarga16:30
jdennisayoung: do you see the problem that migrating from UUID to PKI in the token id presented? it's the same problem and it's only going to get worse if not addressed16:31
*** spzala has joined #openstack-dev16:31
ayoungjdennis, yeah.  I'll think about it.16:31
*** sushils has quit IRC16:32
*** thuc has quit IRC16:32
*** sushils has joined #openstack-dev16:33
*** markmcclain has quit IRC16:33
*** markmcclain has joined #openstack-dev16:34
*** colinmcnamara has quit IRC16:34
ttxdhellmann: my rootwrapectomy from oslo-incubator fails tests because I removed the rootwrap.conf in etc/ and tox runs generate_sample.sh over a non-existent directory now16:36
*** MaxV_ has quit IRC16:36
ttxdhellmann: should I just remove the call to generate_sample in tox.ini ? and/or remove tools/config/generate_sample.sh from oslo-incubator while I'm at it ?16:37
ttx(context: https://review.openstack.org/#/c/72968/1)16:37
*** hartsocks has joined #openstack-dev16:37
*** sushils has quit IRC16:38
*** sushils has joined #openstack-dev16:38
ttxdhellmann: I suspect it's useless now, but could use your confirmation :)16:39
dhellmannttx: looking16:40
*** MaxV has joined #openstack-dev16:40
*** byeager has quit IRC16:40
*** sweston has quit IRC16:40
dhellmannttx: if the only thing generate_sample.sh was doing was checking the sample config for rootwrap, that should be done in the new oslo.rootwrap repo16:41
ttxdhellmann: except we don't ship configurations there. They are shipped in the consuming projects (nova, cinder, neutron)16:41
*** CaptTofu has quit IRC16:41
dhellmannttx: good point16:41
*** xga has quit IRC16:42
*** xga has joined #openstack-dev16:42
ttxdhellmann: just wondering if oslo-incubator/tools/config/* was resued as the sourcve for all the code copies around16:42
*** nacim has quit IRC16:42
ttxdhellmann: I suspect not16:42
dhellmannttx: tools/config/generate_sample.sh probably needs to move to oslo.config16:42
dhellmannyeah16:42
dhellmannI think it is?16:42
ttxI can keep it in and just remove the call to it in tox16:43
*** mikeoutland has joined #openstack-dev16:43
dhellmannttx: the difference between that file and the one in nova corresponds to changes that would be made by syncing (s/oslo/nova/)16:43
dhellmannttx: what is etc/openstack.conf.sample? is that used by the tests?16:44
*** coolsvap1 has quit IRC16:44
*** sandywalsh has joined #openstack-dev16:44
*** aditirav has quit IRC16:44
*** FunnyLookinHat has quit IRC16:44
dhellmannoh, nevermind, that's the output file16:45
*** amuller has quit IRC16:45
ttxyep, not in repo16:45
ttxcommit e013ac8980755b416f529c9d6b87ecfa61d31b1a says "Adds sample config file generation script, Having this script placed in oslo will let projects avoid implementing their own sample generation script."16:45
ttxdhellmann: I'll just remove the call to generate_sample from tox.ini and keep it in.16:46
dhellmannttx: markmc wanted the generator to go through the incubator before moving to oslo.config16:46
dhellmannttx: yes, I think that's the right approach16:46
ttxright16:46
ttxdhellmann: thanks for your advice!16:46
dhellmannI'm still trying to understand why that missing rootwrap file is causing a problem16:46
ttxit's actually now missing the etc/ directory altogether16:47
ttxsince that was the only file in it16:47
dhellmannah, right16:47
*** colinmcnamara has joined #openstack-dev16:47
dhellmannok, so it can't *write* to that directory16:47
YorikSarfungi, SergeyLukjanov: Looks like one of them finally made it. Can you approve https://review.openstack.org/70685 again?16:47
dhellmannit's not trying to read the file, it's trying to write to the parent directory16:47
dhellmannttx: ok, I'm satisfied, removing the line from tox.ini is the right fix16:48
*** ayoung has quit IRC16:48
*** mflobo_ has quit IRC16:48
ttxdone16:49
*** dtantsur has quit IRC16:50
*** abhirc has joined #openstack-dev16:50
*** _cjones_ has joined #openstack-dev16:51
*** bauzas has quit IRC16:53
*** xarses has joined #openstack-dev16:53
*** CaptTofu has joined #openstack-dev16:54
*** nacim has joined #openstack-dev16:54
*** FunnyLookinHat has joined #openstack-dev16:56
*** tmclaugh[work] has quit IRC16:57
YorikSarfungi: Thank you.16:58
*** pschaef has quit IRC16:59
*** jsavak has joined #openstack-dev16:59
*** coolsvap has joined #openstack-dev17:00
jordanPHi guys. Could a friendly tempest dev  make a review on "Scenario : Start instances using fixed network when possible" : https://review.openstack.org/#/c/68904/   thanks :)17:00
*** tqtran has joined #openstack-dev17:00
SergeyLukjanovYorikSar, heh, it looks like it's quite difficult to push timeout patch :)17:01
*** xga has quit IRC17:01
*** xga has joined #openstack-dev17:02
raildogyee: \o17:02
SergeyLukjanovjordanP, probably, you'd like to go to the #openstack-qa channel17:02
*** networks_ has joined #openstack-dev17:02
*** mohits_ has joined #openstack-dev17:02
jordanPSergeyLukjanov, ok thanks17:02
*** joesavak has quit IRC17:02
gyeeraildo, here17:03
*** devoid has joined #openstack-dev17:03
*** thomasem_ has joined #openstack-dev17:03
raildogyee: tellesnobrega and I have a doubt, in the solution of nested projects at Keystone and we would appreciate if you could help us.17:03
*** avishay is now known as avishay_away17:04
*** thomasem_ has quit IRC17:04
raildoWe added in the table "project" a column "parent_project_id", that is a foreign key that references the table itself the column "id" of the parent project.17:04
raildoHowever the community decided that the project root "OpenStack" would not be a project in itself, is only one variable, so this will not work contraint.17:05
gyeeraildo, that won't work17:05
*** e0ne has quit IRC17:05
raildoDo you have any suggestions for this problem? Remove the constraint, or some other way of upgrading the table.17:05
*** thomasem has quit IRC17:05
gyeeforeign key can't be nullable I think17:06
*** mohits has quit IRC17:06
*** nmagnezi has quit IRC17:06
tellesnobregagyee: they can17:06
*** _rdas_ has quit IRC17:06
tellesnobregagyee: they can't be different from the values of the referenced column, but it can be null17:06
gyeetellesnobrega, so you can set parent_project_id to null to indicate root?17:07
*** kenperkins has quit IRC17:07
*** kenperkins has joined #openstack-dev17:08
jog0devananda: yeah, although I don't remember the reason why its better17:08
jog0if it was significantly better then maybe it is17:08
*** dkehn__ is now known as dkehn_17:08
*** Oneiroi has quit IRC17:08
*** henrynash has quit IRC17:09
raildoI agree, but the idea of ​​putting this foreign key, and the root project, for projects that do not have parents, this column will not be null.17:09
*** jgallard has quit IRC17:09
*** evgenyf has quit IRC17:09
*** dvarga is now known as dvarga|away17:09
*** dvarga|away is now known as dvarga17:09
*** nagyz has quit IRC17:09
tellesnobregagyee: hum. thinking here17:09
tellesnobregagyee: the structure we are using root -> domains -> projectA -> projectB17:10
*** sushils has quit IRC17:10
*** marcoemorais has joined #openstack-dev17:10
tellesnobregaso projectA should have Null to indicate that its the first of the hierarchy?17:10
*** markmc has quit IRC17:11
tellesnobregaor it should have the root project id?17:11
tellesnobregait can't have the domain id17:11
*** neeti has quit IRC17:11
*** kenperkins_ has joined #openstack-dev17:11
*** sushils has joined #openstack-dev17:11
devanandajog0: performance of string interpolation for LOG messages that are below log threshold?17:11
*** abhirc has quit IRC17:12
tellesnobregaall projects in the tree will be contained by a domain, and all of them reference the domain, and the first project of the hierarchy should have a parent_project_id pointing to the root project or we can have Null17:12
jog0devananda: that sounds right17:13
*** hdd_ has quit IRC17:14
*** SumitNaiksatam has quit IRC17:14
tellesnobregai think having the root id is more readable, but in code it doesnt really make any difference. The change would be. if i use root project id i would have to remove the FK constraint, if i use Null that wont be necessary17:14
*** sushils has quit IRC17:14
*** xga has quit IRC17:15
*** beagles_brb is now known as beagles17:15
*** kenperkins has quit IRC17:15
*** xga has joined #openstack-dev17:15
gyeetellesnobrega, raildo, not sure if implementing mix data structure in a tree is a good idea17:16
*** mikeoutland has quit IRC17:16
*** Tross has quit IRC17:17
tellesnobregagyee: do you mean having projects and domains?17:17
*** zul has quit IRC17:17
gyeeunless you want to define a generic data model and have a container type attribute17:17
*** AlexF has quit IRC17:17
*** joesavak has joined #openstack-dev17:17
gyeecontainer type indicates whether it is a project or domain container17:18
gyeecontainer would be implemented as a tree17:18
*** zul has joined #openstack-dev17:18
*** zul has quit IRC17:18
*** zul has joined #openstack-dev17:18
gyeetellesnobrega, root->container->container->container etc17:18
tellesnobregai see17:18
gyeecontainer = {type, id, etc}17:18
*** galstrom_zzz is now known as galstrom17:19
dolphmanyone know Mikhail Durnosvistov<mdurnosvistov@mirantis.com>'s IRC handle?17:19
*** mst89 has joined #openstack-dev17:20
tellesnobregai see that this may be the best solution so far, but how much of a change would this cause in keystone? i guess this would have to be discussed for quite a while17:20
*** jsavak has quit IRC17:20
*** anniec has quit IRC17:20
gyeetellesnobrega, you mean like seismic changes? :)17:21
dolphmgyee: from an implementation perspective, "domain" is just a project where the parent_project_id is null; you don't have to complicate it beyond that17:21
raildodolphm: I believe it is mdurnosvistov17:22
gyeedolphm, right, but implementing mix data structure in a tree is not fun17:22
gyeeLDAP handle it well, not sure about SQL17:22
annegentledolphm: ping17:22
dolphmraildo: ah, just not online right now then. thanks17:22
dolphmannegentle: o/17:22
annegentleheya17:22
*** praneshp has joined #openstack-dev17:22
raildodolphm: you're welcome17:22
annegentleso I'm hearing for deployers testing icehouse that v2 doesn't work nor does v3 api... and wondered what deprecated means for https://etherpad.openstack.org/p/icehouse-keystone-internal-apis? I must have missed the discussion17:23
tellesnobregadolphm: we dont want to remove domains and use only projects17:23
annegentlefor/from17:23
dolphmannegentle: that's alarming lol -- any links?17:23
tellesnobregadomains are important for us17:23
annegentledolphm: I can find out more details but wanted to know the plan the plan :)17:23
dolphmannegentle: one second, that resulted in a bp17:23
*** colinmcnamara has quit IRC17:24
*** gszasz has quit IRC17:24
*** I159 has quit IRC17:24
*** I159_ has quit IRC17:24
dolphmannegentle: https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-icehouse17:24
dolphmannegentle: and to a lesser extent, https://blueprints.launchpad.net/keystone/+spec/list-limiting17:24
annegentledolphm: Sam-I-Am is in the #openstack-doc channel and was asking about it, after testing icehouse Ubuntu packaging17:24
*** praneshp has quit IRC17:25
*** xqueralt has quit IRC17:25
tellesnobregagyee: we only working on a prototype, the hierarchy itself would be only of projects and domains would contain a hierarchy, leaving the root out17:25
*** godara has joined #openstack-dev17:25
annegentledolphm: are you getting input from users on the deprecation? I don't think it sounds like people are ready17:25
annegentledolphm: also does deprecate mean it's available in icehouse but not available in juno?17:25
annegentledolphm: I feel like I'm the canary in the coal mine, croaking with the last breath, that this is a BAD thing :)17:26
dolphmannegentle: everything deprecated in icehouse means it's guaranteed to be available in icehouse, but will alert consumers exactly when it's at risk to be removed (minimum +1 release, usually +2)17:26
dolphmannegentle: deprecations can be reversed, if it becomes clear later that it would be a mistake to drop support, etc17:26
gyeetellesnobrega, have fun, but you can't have a tree with no root :)17:26
annegentledolphm: ok then the real comms will start after April or so, I still think you need a HUGE conversation with your install base because so far I'm not finding v317:27
tellesnobregawe will have a root17:27
annegentledolphm: I would like some ML comms17:27
*** godara_ has joined #openstack-dev17:27
tellesnobregajust a second, i will show it graphically17:27
annegentledolphm: at least (I know it was discussed at a summit and all, but I just don't think deployers know the ramifications)17:27
dolphmannegentle: i figured this would be a dedicated section in the release notes?17:27
annegentledolphm: it's much much more invasive than that17:27
dolphmannegentle: discussion on *what's* being deprecated, or discussion on the process itself?17:28
annegentledolphm: needs more investigation, upgrade notes17:28
*** garyk has quit IRC17:28
annegentledolphm: what's being deprecated isn't clear for starters17:28
*** ykhodork has joined #openstack-dev17:28
annegentledolphm: also what dependencies fall out17:28
*** jdurgin has quit IRC17:28
annegentledolphm: like you don't get heat if you're running v217:28
annegentledolphm: apparently17:28
annegentlethat sort of thing. it's so invasive, install guide, user guides, ops guide17:28
annegentlejust sending up the flag of concern :)17:29
dolphmannegentle: appreciated!17:29
annegentlenow I have to drive to the office dolphm but thanks for "listening!" :)17:29
*** godara has quit IRC17:29
*** godara_ is now known as godara17:29
dolphmannegentle: ping me when you get there - i have a few follow up questions17:29
annegentledolphm: I'll connect Sam-I-Am to ya (Matt Kassawar) for more details on his testing17:29
*** bauzas has joined #openstack-dev17:29
*** carlp has joined #openstack-dev17:29
*** athomas has joined #openstack-dev17:29
*** jordanP has quit IRC17:30
*** carlp has quit IRC17:31
*** gokrokve has quit IRC17:32
*** kenperkins has joined #openstack-dev17:32
*** gokrokve has joined #openstack-dev17:32
*** questionmask_ has joined #openstack-dev17:34
*** Gordonz has quit IRC17:34
tellesnobregagyee: take a look at this http://oi61.tinypic.com/aaxksl.jpg17:35
*** henrynash has joined #openstack-dev17:35
*** kenperkins_ has quit IRC17:36
*** bauzas has quit IRC17:36
gyeetellesnobrega, that looks like an LDAP DIT17:36
*** mmagr has quit IRC17:36
*** gokrokve has quit IRC17:37
*** lucasagomes is now known as lucas-afk17:37
*** bauzas has joined #openstack-dev17:38
*** danielbruno has quit IRC17:38
tellesnobregagyee: i guess so, but for now i think its a good solution. We dont need to eliminate domains, and we have the hierarchy of projects as proposed and the changes to keystone are not so seismic17:39
*** qba73 has quit IRC17:39
*** tkay has joined #openstack-dev17:39
*** bdpayne has quit IRC17:39
*** rossella_s has quit IRC17:39
*** jdurgin has joined #openstack-dev17:40
*** beagles has quit IRC17:40
*** b3nt_pin has joined #openstack-dev17:41
*** b3nt_pin is now known as beagles17:41
*** ygbo has quit IRC17:42
stevemargordc, ping17:42
*** Tross has joined #openstack-dev17:42
*** kris_h has joined #openstack-dev17:43
*** Tross has quit IRC17:43
*** Tross has joined #openstack-dev17:43
gordcstevemar: got it17:44
gyeetellesnobrega, I don't wish to get into an academic debate right now, whatever good for your business is good for you :D17:44
*** jtomasek has quit IRC17:45
tellesnobregagyee: im working with Tiago Martins and we really don't want to give up domains17:45
gyeetellesnobrega, understood17:47
tellesnobregagyee: :D17:47
*** gordc has quit IRC17:48
*** matsuhashi has quit IRC17:48
*** eharney has quit IRC17:49
*** dprince has quit IRC17:50
*** saju_m has quit IRC17:50
*** matsuhashi has joined #openstack-dev17:51
*** saju_m has joined #openstack-dev17:51
*** jsavak has joined #openstack-dev17:53
*** ala has quit IRC17:53
*** angdraug has joined #openstack-dev17:55
*** zz_ctlaugh is now known as ctlaugh17:55
*** matsuhashi has quit IRC17:55
*** mikeoutland has joined #openstack-dev17:56
*** comay has joined #openstack-dev17:56
*** dvarga has quit IRC17:56
*** bdpayne has joined #openstack-dev17:56
*** joesavak has quit IRC17:57
*** saju_m has quit IRC17:58
*** tsekiyam_ has quit IRC17:58
*** cburgess has quit IRC17:58
*** mohits has joined #openstack-dev17:59
*** danpb has quit IRC17:59
*** mandeep has joined #openstack-dev18:00
*** saju_m has joined #openstack-dev18:00
*** mohits has quit IRC18:00
*** mohits_ has quit IRC18:00
*** mohits has joined #openstack-dev18:01
*** AlexF has joined #openstack-dev18:01
*** jckasper has quit IRC18:02
*** pleia2 has quit IRC18:02
*** morganfainberg_Z has quit IRC18:02
shardydolphm: hi, I have a problem related to domains, devstack and the gate if you have a moment?18:03
*** henrique has quit IRC18:03
*** chandankumar_ has quit IRC18:03
*** alexpilotti has joined #openstack-dev18:03
*** pleia2 has joined #openstack-dev18:03
*** rmk has quit IRC18:03
*** cburgess has joined #openstack-dev18:04
*** bvandenh has quit IRC18:05
*** ykhodork has quit IRC18:05
*** rmk has joined #openstack-dev18:06
*** morganfainberg_Z has joined #openstack-dev18:06
*** AlexF has quit IRC18:06
*** radez is now known as radez_g0n318:06
*** morganfainberg_Z is now known as morganfainberg18:06
*** morganfainberg has quit IRC18:07
*** morganfainberg has joined #openstack-dev18:07
*** bauzas has quit IRC18:07
*** eglynn-afk has quit IRC18:07
*** xga has quit IRC18:08
*** AlexF has joined #openstack-dev18:10
*** mandeep has quit IRC18:10
*** kgriffs is now known as kgriffs_afk18:12
*** mdurnosvistov_ has joined #openstack-dev18:13
*** tmclaugh[work] has joined #openstack-dev18:13
*** dperaza has joined #openstack-dev18:15
dolphmshardy: o/18:15
shardydolphm: Hi18:16
*** cadenzajon has joined #openstack-dev18:16
shardydolphm: I have an issue, heat needs to create a domain, and currently I have code in heat creating it as the heat stack user18:16
shardybut that works for local devstack, and not in the gate18:16
*** pmathews has quit IRC18:16
shardyI assume the gate tests are using the v3 policy sample?18:16
*** MaxV has quit IRC18:16
dolphmshardy: both policy files are tested18:17
shardydolphm: Hmm, so can you think of some way we can create a domain in devstack, so I can set the ID in the heat config file?18:17
dolphmshardy: are you doing this in tempest?18:17
shardydolphm: Yeah, it's a tempest test which is failing18:18
dolphmshardy: why does a domain need to be in heat's config file??18:18
dolphmshardy: link?18:18
shardydolphm: heat creates users in a heat-specific domain18:18
shardydolphm: https://review.openstack.org/#/c/72763/18:18
shardydolphm: It's getting tripped up because I lookup a domain by name, and create it if it's missing18:19
shardythis was to avoid deployment pain, because there's no CLI support for domains yet18:19
dolphmshardy: so you're referring to "stack_user_domain" ?18:19
dolphmwhich i assume is intended to be a domain name?18:19
shardydolphm: yes, exactly18:19
*** gokrokve has joined #openstack-dev18:19
shardybut we could move to setting and ID in the config18:20
*** xgsa has quit IRC18:20
shardythat would actually be preferable, but as I said, deployer pain18:20
shardyhttps://github.com/openstack/heat/blob/master/heat/common/heat_keystoneclient.py#L10618:21
dolphmshardy: and it's a production expectation that he should be allowed to create domains?18:21
dolphmthat heat*18:21
shardydolphm: well ideally no, but it seemed a reasonable interim solution, given the lack of any admin tooling to create the domain at deployment time18:22
*** chuck_ has joined #openstack-dev18:22
shardymaybe we should just have a tools/create_heat_domain.py instead18:22
dolphmshardy: lack of tooling in devstack you mean?18:22
*** mohits_ has joined #openstack-dev18:22
shardydolphm: lack of any CLI tool which can create domains18:22
*** zul has quit IRC18:22
shardyand in devstack, yes18:23
dolphmshardy: openstack domain-create18:23
shardyooh, is that new?18:23
dolphmshardy: not at all18:23
dolphmshardy: last i checked it was broken against devstack's default catalog configuration18:23
shardydolphm: Ok, maybe that's my mistake then, last time I looked python-openstackclient didn't handle domains18:24
dolphmshardy: --identity-api-version=318:24
shardyso if we can use that to create the domain in devstack and set the id in heat.conf, the problem is solved18:24
shardyaha!18:24
shardythat's what I was missing :)18:24
shardythanks18:24
dolphmshardy: it needs to be the default :(18:24
shardyI was confused as it was calling v218:25
*** Mandell has joined #openstack-dev18:25
dolphmshardy: but again, i think openstackclient appears broken against devstack's default catalog; ayoung has a workaround that involves mutating catalog entries on the client side18:25
*** iartarisi has quit IRC18:26
shardydolphm: Hmm, can we pass the endpoint explicitly via openstackclient?18:26
*** mohits has quit IRC18:26
*** dprince has joined #openstack-dev18:26
dolphmshardy: --os-endpoint, i believe18:27
dtroyerdolphm: I think the breakage is just that discovery doesn't work properly with the current SC default.  ayoung's hack (or my incarnation of it) will let this work…18:27
shardyMaybe that's a viable immediate solution, so we can create the domain in devstack18:27
*** colinmcnamara has joined #openstack-dev18:27
*** jpich has quit IRC18:27
*** safchain has quit IRC18:27
*** morganfainberg is now known as morganfainberg_Z18:27
*** sweston has joined #openstack-dev18:28
dtroyershardy: I think if you just set OS_IDENTITY_API_VERSION=3 (or use —os-identity-api-version) it should work...18:28
*** harlowja_away is now known as harlowja18:28
shardydtroyer: Ok, thanks, I'll give that a try18:28
*** dvarga has joined #openstack-dev18:28
shardydolphm: thanks for the info, sounds like a devstack patch will get things working for us18:29
*** tsekiyama has joined #openstack-dev18:29
*** mohits has joined #openstack-dev18:30
*** otherwiseguy has quit IRC18:30
*** denis_ has joined #openstack-dev18:31
*** morganfainberg_Z is now known as morganfainberg18:32
morganfainbergdolphm, ping18:32
dolphmmorganfainberg: pong18:32
*** dkehn__ has joined #openstack-dev18:32
morganfainbergdolphm, are we still interested in moving KDS into it's own repo?18:32
*** davidlenwell_ is now known as davidlenwell18:32
morganfainbergdolphm, i think i have an infra changeset ready that would create the repo... think18:32
morganfainbergdolphm, but i wasn't sure what the direction on that was going to be18:33
*** neelashah has quit IRC18:33
*** mohits_ has quit IRC18:33
*** nacim has quit IRC18:34
*** tsekiyama has quit IRC18:34
*** dkehn_ has quit IRC18:35
*** rossella_s has joined #openstack-dev18:35
mdurnosvistov_dolphm: ping :)18:36
dolphmmdurnosvistov_: o/18:36
dolphmmdurnosvistov_: i was just leaving a comment on the bug18:36
dolphmmorganfainberg: and yes!18:36
dolphmthat'd be great18:36
morganfainbergdolphm, will check w/ infra and see if i did it all 100% right.18:36
*** hartsocks has quit IRC18:36
dolphmmorganfainberg: THANK YOU!18:36
morganfainbergi followed the instructions...but well, it isn't clear about some things (since it's mostly directed at stackforge repos)18:37
*** dkehn__ is now known as dkehn_18:37
dolphmmdurnosvistov_: https://bugs.launchpad.net/oslo/+bug/1266962/comments/2618:38
mdurnosvistov_dolphm: Yeah I saw comment =) Thanks!18:38
uvirtbotLaunchpad bug 1266962 in oslo "Remove set_time_override in timeutils" [Low,In progress]18:38
*** sandywalsh has quit IRC18:38
SergeyLukjanovmorganfainberg, I can help you new project creation18:39
SergeyLukjanovmorganfainberg, and note that there are some problems now with manage-projects that blocks creating new projects, so, you'll need to wait for some time before it'll be fixed18:39
dolphmSergeyLukjanov: is there a fix in progress somewhere? or a bug report?18:39
morganfainbergSergeyLukjanov, good to know.18:40
SergeyLukjanovdolphm, issue reportd, let me find the link18:40
*** mlegault has joined #openstack-dev18:40
SergeyLukjanovdolphm, morganfainberg, https://bugs.launchpad.net/openstack-ci/+bug/124256918:40
uvirtbotLaunchpad bug 1242569 in openstack-ci "manage-projects error on new project creation" [Critical,In progress]18:40
*** promulo has joined #openstack-dev18:40
*** xqueralt has joined #openstack-dev18:40
morganfainbergSergeyLukjanov, this also is a bit different as it's not a stackforge project, it's [without changing] under keystone's repo, so it would need to mirror more closely keystone stuff.  so i wanted to run it by infra as well.18:40
dolphmmorganfainberg: good news! https://launchpad.net/kite is available18:41
morganfainbergdolphm, WOOT!18:41
morganfainbergdolphm, are we renaming it kite?18:41
dolphmmorganfainberg: please18:41
SergeyLukjanovmorganfainberg, you'd like to extract a part of existing repo to the separated repo, am I right?18:41
morganfainbergdolphm, done.18:41
morganfainbergSergeyLukjanov, the way i see it is we create openstack/kite repo18:41
promulohi guys, anyone available to help a devstack newbie? :)18:41
morganfainbergSergeyLukjanov, then we extract the code and add it to that new repo18:42
morganfainbergSergeyLukjanov, the code will need some restructuring in either case.18:42
dolphmmorganfainberg: and at any point, i'd be happy to s/kds/kite/g18:42
*** arnaud has joined #openstack-dev18:42
*** arnaud__ has joined #openstack-dev18:42
morganfainbergdolphm, i'll make the repo openstack/kite in my commit no problem18:42
SergeyLukjanovmorganfainberg, you'd probably like to create a repo on github and use git filter-branch to extract needed code with git history18:42
morganfainbergSergeyLukjanov, hum.18:42
SergeyLukjanovmorganfainberg, and then fix some stuff like renaming18:42
*** rossella_s has quit IRC18:42
*** luisbg has joined #openstack-dev18:43
morganfainbergSergeyLukjanov, not sure how well that will work.  the code is very very intertwined with keystone's atm18:43
SergeyLukjanovand import a gerrit project from this repo18:43
*** tjones has quit IRC18:43
morganfainbergSergeyLukjanov, I can try that though18:43
morganfainbergSergeyLukjanov, but in either case, need to do the repo in infra18:43
SergeyLukjanovmorganfainberg, oh, it works good only for separated folders ;(18:43
morganfainbergSergeyLukjanov, yeah some of the code is separated.18:43
*** ijw has joined #openstack-dev18:44
morganfainbergSergeyLukjanov, i'll work on that bit in parallel18:44
SergeyLukjanovmorganfainberg, sure, the only option is too clone it from keystone or from the already prepared project18:44
*** tjones has joined #openstack-dev18:44
morganfainbergdolphm, also https://review.openstack.org/#/c/72808/ ^_^18:44
morganfainbergdolphm, but not sure if we want that during icehouse.18:44
luisbghttps://wiki.openstack.org/wiki/HowToContribute mentions this channel, but not in which network it is. should I edit it so it does?18:44
dolphmmorganfainberg: oh cool18:45
dolphmmorganfainberg: that'd be great!18:45
morganfainbergSergeyLukjanov, ok, so it isn't a good idea to extract the history and then replay it into a current repo?18:45
morganfainbergSergeyLukjanov, better to have a repo that can be used as the base? i'm confused18:45
dolphmluisbg: i'd suggest linking to https://wiki.openstack.org/wiki/IRC18:46
luisbgdolphm, doing so :)18:46
SergeyLukjanovmorganfainberg, when the project in gerrit will be created, you'll have no permissions to push code to repo directly18:46
*** denis_ has quit IRC18:47
SergeyLukjanovto fix history for example18:47
SergeyLukjanovso, it's much easier to add if you will do it in own repo18:47
*** AlexF has quit IRC18:47
morganfainbergSergeyLukjanov, and then have infra fork that repo?18:47
SergeyLukjanovmorganfainberg, yup18:47
alex-foocan someone please check https://review.openstack.org/#/c/72751/ - i can't get it to pass the tests18:48
morganfainbergSergeyLukjanov, ah.18:48
luisbgdolphm, done18:48
*** denis_cavalcante has joined #openstack-dev18:48
SergeyLukjanovmorganfainberg, IMO it'll be just easier ;)18:48
*** jprovazn has joined #openstack-dev18:48
dolphmmorganfainberg: i've been defeated. not sure how to proceed http://i.imgur.com/wnW6WFC.png18:48
dolphmmorganfainberg: there's nothing at that URL...18:48
*** neelashah has joined #openstack-dev18:49
morganfainbergSergeyLukjanov, ok and what is the way to communicate the fork need to infra?18:49
*** Alexei_987 has quit IRC18:49
morganfainbergdolphm, huh.18:49
morganfainbergdolphm, wtf?18:50
morganfainbergdolphm, *goes and looks*18:50
termiedolphm: is justinsb ever online anymore?18:50
SergeyLukjanovmorganfainberg, hm, what do you mean?18:50
dolphmtermie: not active, if he is18:50
dolphmtermie: at least not in this channel18:50
termiedolphm: righto18:50
*** zzelle has quit IRC18:51
*** saju_m has quit IRC18:51
morganfainbergSergeyLukjanov, ok, so if i have a repo on say github, what do i do to communicate that it is the one to be forked from?18:51
*** xqueralt has quit IRC18:51
*** tjones has quit IRC18:51
morganfainbergSergeyLukjanov, because afaict the infra commit just creates the repo and the gerrit stuff, doesn't do anything to populate the repo18:51
morganfainbergSergeyLukjanov, or is that just something that happens side-band?18:52
SergeyLukjanovmorganfainberg, you should create a config update like when creating new stackforge project and here you have an upstream propoerty18:52
morganfainbergSergeyLukjanov, ahhhhhh ok18:52
*** alop has quit IRC18:52
SergeyLukjanovmorganfainberg, it links to the repo that'll be the base for gerrit project18:52
dolphmmorganfainberg: what's the upstream? keystone?18:52
morganfainbergSergeyLukjanov, i see18:52
*** eglynn-afk has joined #openstack-dev18:53
*** kgriffs_afk is now known as kgriffs18:53
SergeyLukjanovdolphm, two options - (upstream==keystone and then cleanup with super large commit => bad history) vs. (upstream==some_prepared_repo with cleanup done => good git history good be done)18:53
morganfainbergdolphm, i think SergeyLukjanov is saying we should create a new repo and clean it up18:53
SergeyLukjanovmorganfainberg, dolphm, that's your choise18:54
morganfainbergdolphm, for clean history18:54
*** Tross has quit IRC18:54
morganfainbergSergeyLukjanov, option 3, lose history, 1 import to clean repo18:54
morganfainbergdolphm, ^18:54
SergeyLukjanovmorganfainberg, exactly18:54
SergeyLukjanovoption 4 is to squash keystone history to one commit ;)18:54
dolphmi vote option 3, starting with the current state18:54
morganfainbergdolphm, that was my thought18:54
SergeyLukjanovand I hope I can generate more crazy ideas :)18:55
dolphmdelete all the keystone stuff though (an intermediary prep commit that is never tracked)18:55
morganfainbergSergeyLukjanov, yeah we'll extract the KDS stuff and squash it into a single commit, commit #1 in the new repo18:55
morganfainbergdolphm, ++18:55
dolphmmorganfainberg: i'm glad that made sense18:55
morganfainbergdolphm that was my initial thought18:55
*** tjones has joined #openstack-dev18:55
morganfainbergSergeyLukjanov, ok, so we do no upstream since this should be an empty repo18:55
*** markmcclain has quit IRC18:55
morganfainbergSergeyLukjanov, based upon how we're trying to split this18:56
morganfainbergdolphm, i was toying with a strange idea....18:56
*** jamespage_ has joined #openstack-dev18:56
SergeyLukjanovmorganfainberg, that's your choice ;)18:57
*** markmcclain has joined #openstack-dev18:57
morganfainbergdolphm, eh, we can talk about my crazy idea later... it has too many broad implications that i don't want to exlpain outside of keystone folks atm ;)18:57
morganfainbergdolphm, nevermind! will bring it up once this is all split out and working happily18:58
dolphmmorganfainberg: what's the one line summary?18:58
dolphmmorganfainberg: 140 chars or less18:58
*** Gordonz has joined #openstack-dev18:58
*** Gordonz has quit IRC18:58
morganfainbergdolphm, Identity Program, 2 projects, able to support separate core teams.18:58
*** yolanda has quit IRC18:58
morganfainbergdolphm, all under Identity program, and identity PTL (you)18:58
*** jay-lau-513 has quit IRC18:59
*** Gordonz has joined #openstack-dev18:59
dolphmmorganfainberg: that's not entirely crazy -- that's sort of been suggested on some mailing list (TC?)18:59
*** jay-lau-513 has joined #openstack-dev18:59
morganfainbergdolphm, hm.. i could make kite this.18:59
morganfainbergdolphm, you know what, i'll go ahead and try and submit that idea with this repo18:59
*** ndipanov has joined #openstack-dev19:00
morganfainbergdolphm, whats the worst thing that happens, i'm told just use the keystone-* stuff we have.19:00
*** saju_m has joined #openstack-dev19:01
morganfainbergdolphm, LP project name: kite-key-distribution?19:01
morganfainbergdolphm, since 'kite' seems to be taken19:01
dolphmmorganfainberg: i was thinking about opening a bug against lp19:01
dolphmmaybe it's a long-inactive project or something19:01
*** jamespage_ has quit IRC19:01
morganfainbergdolphm, ++ that works too19:01
morganfainbergdolphm, :)19:01
dolphmmorganfainberg: do you need a LP link right now?19:01
*** pmathews has joined #openstack-dev19:02
*** joesavak has joined #openstack-dev19:02
*** ykhodork has joined #openstack-dev19:02
*** sahid has quit IRC19:02
*** sn6i23a has joined #openstack-dev19:03
dolphmmorganfainberg: and openstack/keydist-api/ or is that still /identity-api/?19:03
*** kgriffs is now known as kgriffs_afk19:03
*** julienvey_ has quit IRC19:03
morganfainbergdolphm, identity-api imo19:03
dolphmmorganfainberg: p.s. i can never spell distrobution correctly19:04
morganfainbergdolphm, it's "identity program"19:04
morganfainbergso it would still be identity-api19:04
*** chuck_ is now known as zul19:04
*** zul has quit IRC19:04
*** zul has joined #openstack-dev19:04
morganfainbergjust liek if barbican had become part of identity, i'd expect it to be part of identity-api19:04
morganfainbergthough that brings up a bigger issue19:04
dolphmk; then the .md file would top-level against identity-api-v3.md ? keydist-api-v1.md ?19:04
marunewindisch: ping19:04
morganfainbergmaybe it should be kdist-api repo19:04
*** jsavak has quit IRC19:05
morganfainbergdolphm, since the keydist core would control that vs. keystone-core19:05
*** martyntaylor has left #openstack-dev19:05
morganfainbergdolphm, yeah i think we need a separate api repo too19:05
morganfainberg=/19:05
dolphmmorganfainberg: is that a big deal?19:05
*** eglynn-afk has quit IRC19:05
*** e0ne has joined #openstack-dev19:06
morganfainbergdolphm, nah19:06
*** henrynash has quit IRC19:06
*** colinmcnamara has quit IRC19:06
sdaguejd__: so this will be going into all the runs, but it's especially interesting how often ceilometer-collector is the most expensive process on the test nodes - http://logs.openstack.org/86/72786/1/check/check-tempest-dsvm-full/21fbccd/logs/screen-dstat.txt.gz19:07
morganfainbergdolphm, so ok, we need a new keydist-api repo and a kite repo in my commit, nbd, good to know so i can add it all in19:07
*** sarob has joined #openstack-dev19:07
morganfainbergdolphm, description of kds: A service to store and distribute symmetrical keys under the OpenStack Identity program.19:10
morganfainbergdolphm ?19:10
*** zul has quit IRC19:13
*** sarob has quit IRC19:13
*** zul has joined #openstack-dev19:14
*** Tross has joined #openstack-dev19:14
*** jckasper has joined #openstack-dev19:16
dolphmmorganfainberg: https://answers.launchpad.net/launchpad/+question/24383719:16
*** im_not_sure_why has joined #openstack-dev19:16
dolphmmorganfainberg: description sounds good19:16
morganfainbergdolphm, looks good to me19:16
*** im_not_sure_why is now known as jmching19:16
dolphmmorganfainberg: i can propose to openstack/governance too19:16
morganfainbergdolphm, cool19:17
morganfainbergdolphm, ok i'm going to submit 2 reviews, 1 is the main repo, 2 will be keydist-api repo.19:18
morganfainbergdolphm, because i want to make sure i get both 100% correct and the api ones have doc building / publishing considerations i need to understand better19:19
morganfainbergdolphm, maaaaybe annegentle can explain it all to me ;)19:19
dolphmmorganfainberg: openstack/python-kiteclient ?19:19
*** Tross has quit IRC19:19
annegentlemorganfainberg: woahhh backscroll :)19:19
morganfainbergdolphm, ah, ok so client and server, that can be the first patchset. ++19:19
annegentlemorganfainberg: reading19:19
morganfainbergannegentle, mostly concerning adding a new -api repo with publishing19:20
morganfainbergannegentle, we want to splite the KDS service out from the keystone repo19:20
*** rraja has joined #openstack-dev19:20
annegentlemorganfainberg: so, for networking related apis like vpnaas and so on, they use the netconn-api repo19:20
morganfainbergannegentle, still under identity program, but it's ugly to have 2 servers with disparate code (and tests) in one repo... and some things don't play nice e.g. auto-conf generation etc19:21
morganfainbergannegentle, so it might stay under identity-api?19:21
annegentlemorganfainberg: and until about last week we were going to move all api doc specs into the <project>19:21
annegentlemorganfainberg: so ideally no more repos please19:21
morganfainbergannegentle, Ah ok np, wont do another api repo :)19:21
morganfainbergannegentle, see this is why i ask :)19:21
promulohey guys, did any of you ever enable healthnmon on a devstack (havana) installation?19:21
morganfainbergannegentle, answer makes this much simpler19:21
morganfainbergannegentle, thank you :)19:22
annegentlemorganfainberg: good-o19:22
annegentlemorganfainberg: I still think your markdown might let you down eventually as it's not easily cross linked but cross that bridge later19:22
*** Mandell has quit IRC19:22
morganfainbergannegentle, that is a totally different conversation :)19:22
*** yeylon__ has joined #openstack-dev19:23
annegentlemorganfainberg: yep, just write all the things for now19:23
*** jaybuff has joined #openstack-dev19:24
dolphmmorganfainberg: annegentle: openstack/governance proposal https://review.openstack.org/#/c/73022/19:24
*** jmching has quit IRC19:24
YorikSaralex-foo: We're trying to land 2 changes that should make git-review tests more stable: https://review.openstack.org/70685 and https://review.openstack.org/7122319:24
dolphmannegentle: do i need to do anything more than that?19:24
morganfainbergdolphm, :)19:24
*** jaybuff has left #openstack-dev19:24
dolphmannegentle: (for TC impact)19:24
*** MaxV has joined #openstack-dev19:24
annegentledolphm: reading19:24
*** vijendar has left #openstack-dev19:25
*** zzelle has joined #openstack-dev19:25
annegentledolphm: yeah that'll get the conversation going, might still request that ttx add it to the next TC meeting for any discussion, but a review on the /governance repo usually gets people thinking19:25
*** MaxV has quit IRC19:25
dolphmannegentle: that's my goal19:25
YorikSaralex-foo: I think it's easier for you to wait for them so that you won't have to recheck your change again and again.19:26
*** vijendar has joined #openstack-dev19:26
*** kgriffs_afk is now known as kgriffs19:26
annegentledolphm: to me it's intriguing that you're doing kite rather than waiting for barbican?19:26
*** IanGovett1 has joined #openstack-dev19:26
*** rraja has quit IRC19:26
morganfainbergannegentle, lots of discussion and it's about getting secure messaging in sooner19:26
morganfainbergannegentle, and that barbican even in the short term isn't structured to handle the kds symmetrical keys needed in this fashion19:26
morganfainbergannegentle, eventually it should move under barbican, or another program (or barbican moves elsewhere)19:27
morganfainbergdepending on incubation status etc19:27
annegentlemorganfainberg: ok that's super helpful19:27
*** thomasem has joined #openstack-dev19:27
*** IanGovett has quit IRC19:27
morganfainbergbut, afaict, kds is absolutely a form of identity, and core to services identifiying other services for messages on the bus19:28
morganfainbergit can be re-homed when there is a better place for it19:28
*** yolanda has joined #openstack-dev19:28
dstanekmorganfainberg: are you still working on making the tests run in parallel?19:29
morganfainbergdstanek, it's a slow slog, but yes19:29
morganfainbergdstanek, it's blocking on some oslo syncs atm,19:29
dstanekmorganfainberg: are you naming the db files by pid in your patch?19:29
morganfainbergdstanek, i will be19:29
*** Mandell has joined #openstack-dev19:30
morganfainbergdstanek, or.. i can use a tmpfile19:30
morganfainbergdstanek, actually... i might do that19:30
*** dims has quit IRC19:30
dstanekmorganfainberg: hmmmm....checkout https://review.openstack.org/#/c/73024/119:30
dstanekmaybe i should fix that to do it19:30
*** nmagnezi has joined #openstack-dev19:30
*** tsekiyama has joined #openstack-dev19:30
morganfainbergdstanek, i have some of the work for that in https://review.openstack.org/#/c/65870/19:31
ewindischmarun: pong19:31
*** colinmcnamara has joined #openstack-dev19:32
morganfainbergdstanek, https://review.openstack.org/#/c/65870/ does most of it. but becasue we call load_backends multiple times in some tests, setup occurs in odd places and we end up with mixed backend data e.g. some setup data in KVS some in SQL19:32
dolphmannegentle: kite and barbican have slightly different scopes as well; kite can eventually use barbican19:32
morganfainbergdstanek, when we have a single test process we don't suffer test isolation issues.19:32
marunewindisch: I was looking at the patches you have in flight for docker19:33
*** bauzas has joined #openstack-dev19:33
*** pixelb has quit IRC19:33
morganfainbergdstanek, which appear in the form i just described, some setup data in the wrong place... its ugly.19:33
marunewindisch: And wondering whether your patches will ensure a working devstack+docker19:33
ewindischmarun: approaching...19:33
marunewindisch: I've been broken since last week due to that glance issue :(19:33
*** dims has joined #openstack-dev19:34
ewindischmarun: glance issue?19:34
morganfainbergdstanek, feel free to steal what i did in that patch and/or co-opt it if you can resolve the tests.  the bigger issue is that it makes the keystone tests fail in odd ways sometimes / sometimes not. so we'd potentially get transient failures19:34
marunewindisch: https://github.com/dotcloud/docker-registry/issues/23419:34
morganfainbergdstanek, and i think if we can ensure we call load_backends 1 time (raise an exception if we don't, or call it more than once) it'll resolve that transitent failure issue19:34
dstanekmorganfainberg: i'll take a look; would is be better to split that up in to smaller patches to see what causes the breakage?19:35
morganfainbergdstanek, locally that failure case took me 30-40 test runs to duplicate, and then it failed 10 in a row, then not again. no changes.19:35
ewindischmarun: wonderful. I actually didn't see that.19:35
morganfainbergdstanek, i think the best bet is to slog slowly towards clean tests - the config fixture i have up is the latest in the chain (waiting on oslo sync of the new config fixture)19:36
*** danielbruno has joined #openstack-dev19:36
marunewindisch: I swear it was working a couple of weeks ago, and now it's not possible to upload an image to the glance backend19:36
marunewindisch: does your switch to uploading to glance directly bypass that?19:36
*** yjiang51 has quit IRC19:36
morganfainbergdstanek, then we can move to fixing ldap base and restructuring the tests that to load_backends multiple times or explicit reload_backends19:36
ewindischmarun: uploading to glance directly doesn't really work.19:37
morganfainbergdstanek, then i think we can fix load_backends to not be called more than once, then the parallel fix19:37
marunewindisch: :(19:37
ewindischmarun: because glance doesn't know about the tags19:37
morganfainbergdstanek, about 4 patches from being there.19:37
marunewindisch: ah, fair enough19:37
ewindischmarun: but you could upload something to glance and locally tag an image to the same name... that would probably work19:37
morganfainbergdstanek, couple that with Icehouse timelines and it becomes a very slow slog (esp. with new tests being added)19:37
ewindischmarun: (as a really ugly workaround)19:38
marunewindisch: I'm a bit confused as to the relationship between the registry and glance19:38
*** pmathews has quit IRC19:38
marunewindisch: if an image is uploaded directly, is the registry even needed?19:38
ewindischmarun: the registry can use glance as a storage background. It reads and writes to glance as if it were a filesystem storing its images.19:38
marunewindisch: (docker newb, sorry)19:38
*** novas0x2a|laptop has joined #openstack-dev19:39
*** krtaylor has quit IRC19:39
ewindischmarun: but glance doesn't store tags, so the docker registry (currently) needs to store the tags somewhere else19:39
ewindischpotentially we could have glance store the tags and have the registry pull them correctly...19:39
marunewindisch: ah, so uploading an image directly to glance bypasses the need to upload through the registry but tag maintenance by the registry is still required (for now)?19:39
ewindischmarun: well, you can't do tag maintenance in the registry if the image exists in glance.19:40
marunewindisch: clear as mud :)19:40
ewindischmarun: so you basically need to upload the image through the registry (currently)19:40
ewindischOR have an image in glance and a tag in your local docker database (not on the registry)19:40
marunewindisch: ah, that's what I was missing19:41
*** byeager has joined #openstack-dev19:41
marunewindisch: so is the registry unnecessary in the latter scheme?19:41
*** gnorth has joined #openstack-dev19:41
ewindischmarun: you might need a small patch for that to be true, but technically.19:42
ewindischwithout the registry you can't make multiple hosts work.19:42
marunewindisch: ah, ok19:42
marunewindisch: so your patchs for bp/docker-glance-uploads is for single-host devstack then?19:43
*** baoli has quit IRC19:43
ewindischmarun: there is a reason that is a work-in-progress patch :)19:43
marunewindisch: Apologies, just trying to understand19:44
ewindischmarun: but yes, the current state of the patch would probably work in a single-host devstack19:44
marunewindisch: ok19:45
ewindischmarun: btw have you seen dockenstack? https://github.com/ewindisch/dockenstack19:45
marunhuh19:46
marunewindisch: that's pretty neat, though I'm not sure it will be useful for me19:47
ewindischmarun: it's intended for testing and development19:47
marunewindisch: afaik, it's not possible to run ovs in a docker container is it?19:47
*** eglynn-afk has joined #openstack-dev19:47
marunewindisch: (disclusure - my focus is networking/neutron)19:47
ewindischmarun: well, we're using a privileged container there, so it probably would work.19:48
marunewindisch: erm19:48
ewindischmarun: (or could be made to work)19:48
*** saju_m has quit IRC19:48
*** novas0x2a|laptop has quit IRC19:49
marunewindisch: I'd certainly like that to be the case.19:49
marunewindisch: I'll have to find an expert to verify it, though.19:49
ewindischthat is to say, none of the linux capabilities are disabled. You can mknod files and read/write to any device you might like.19:49
*** julienvey_ has joined #openstack-dev19:51
marunewindisch: I think the problem may be that ovs doesn't directly support the concept of containers19:52
bknudsonthings are finally starting to merge in keystone.19:52
ewindischmarun: that doesn't matter.19:52
marunewindisch: It has a database that is per-host and tied into a kernel module19:52
ewindischmarun: well, you might have trouble using ovs inside multiple containers on a single host.19:52
morganfainbergbknudson, i noticed19:52
ewindischmarun: but in a single container, I wouldn't expect troubles19:53
*** julienvey_ has quit IRC19:53
marunewindisch: uh19:53
*** geraint2 has joined #openstack-dev19:53
marunewindisch: a single container + host => 219:53
*** colinmcnamara has quit IRC19:53
ewindischmarun: single container + host = 1 :)19:54
marunewindisch: sure, if you say so.19:54
ewindischmarun: one copy of the user-space tools running in the container. No user-space tools running on the host19:54
*** Alexei_987 has joined #openstack-dev19:54
*** gnorth has quit IRC19:54
lifelessone kernel19:54
marunewindisch: if you say so.19:54
lifelessone ovs :)19:54
ewindischright19:54
marunlifeless: do you have any experience running ovs in a container?19:55
*** moted has quit IRC19:55
lifelessmarun: a little, indirectly19:55
ewindischmarun: it's more about "managing ovs from the container" and letting the userspace tools access any devices or syscalls it might need19:55
lifelessmarun: we didnt fully explore it because block devices were not namespaced and we couldn't use iscsi19:56
lifelessfrom within the container19:56
marunewindisch: right, which implies that we don't really have true isolation19:56
lifelessmarun: but, I'd glue the tools to the kernel via a remote manager, not local.19:56
marunewindisch: the container just happens to be the only client of ovs19:56
ewindischmarun: right, precisely. There is no isolation with a privileged container19:56
*** tjones has quit IRC19:57
lifelessthereis no privilege within an isolated container?19:57
lifeless</humour>19:57
*** rfolco has quit IRC19:57
*** avishay_away is now known as avishay19:57
*** tjones has joined #openstack-dev19:57
ewindischprivileged containers just means that there are no linux capabilities dropped19:57
*** gordc has joined #openstack-dev19:58
marunewindisch: I'm afraid I'm a little fuzzy on the benefits of openstack in a container.  Do you have specific use-cases in mind?19:59
*** markmc has joined #openstack-dev19:59
marunewindisch: I mean, for specific services the benefits of containerization are pretty clear.19:59
ewindischmarun: my use-case is for ease and speed of launching it for dev and testing19:59
*** avishay is now known as avishay_away20:00
ewindischcontainerizing specific services is more practical for production use-cases20:00
ewindischmarun: for instance, dockenstack runs as a CI job: http://openstack-ci.docker.io/job/docker-tempest-full-gerrit-trigger/145/console20:01
*** tjones has quit IRC20:01
*** geraint2 has quit IRC20:01
*** gnorth has joined #openstack-dev20:01
alex-fooYorikSar: is the port determinism thing causing the hanging?20:02
marunewindisch: so it's a way of providing a clean state faster than vm boot?20:02
*** zul has quit IRC20:03
marunewindisch: is there any advantage in how long it takes to deploy?20:03
ewindischmarun: basically, as well as making it easier to define that clean state20:03
*** zul has joined #openstack-dev20:03
marunewindisch: hmmm…  That does sound promising.20:03
ewindischi.e. I can define that environment via a dockerfile instead of some more customized scripts20:03
YorikSaralex-foo: We're not sure. But port determinism should lower probability of error and timeout will ensure you don't need to wait an hour for another try.20:03
*** denis_cavalcante has quit IRC20:04
marunewindisch: well, using vagrant+puppet to create a consistent clean slate works well for me20:04
*** zul has quit IRC20:04
*** otherwiseguy has joined #openstack-dev20:04
marunewindisch: but it takes a couple of minutes vs what would presumably be seconds for docker20:04
YorikSarUnfortunately there's shortage of py26 nodes... So all our changes are waiting for them now.20:04
*** ijw_ has joined #openstack-dev20:04
alex-fooYorikSar: perhaps an admin can debug the hanging test with an strace/gdb and get to the bottom of it20:04
marunewindisch: very interesting stuff20:05
*** joesavak has quit IRC20:05
marunewindisch: Backing up a little, have you seen those issues with the docker registry?20:05
YorikSaralex-foo: Timeout should help with that too. We can collect as much data as we can and analyse it later.20:06
ewindischmarun: true, puppet or chef helps.  I can still run a VM and have it start my docker container, but I'm not tied to starting a VM each time, either.20:06
ewindischmarun: the main issue for me is not being able to upload directly to Glance, or attempting to run with multiple registries.20:06
marunewindisch: so if you do a clean devstack+docker run you end up with a working system?20:07
ewindischthe glance upload issue, I hadn't seen, but I hadn't checked/diagnosed it yet.20:07
*** ijw has quit IRC20:07
*** mlavalle has joined #openstack-dev20:07
marunewindisch: I want to prototype neutron support for the docker driver (so that we can stress-test neutron against containers instead of vm's or the noop virt driver), but I can't get a working deployment :(20:08
ewindischmarun: I don't bring it up and test it manually and try to use it, I have it automated... and that automation isn't yet working.20:08
ewindischthe idea being that once the automation is working, everything should be nearly perfect out of the box.20:08
marunewindisch: if wishes were horses ;)20:09
bknudsonstevemar dolphm: I don't see any warnings generated during doc build now20:10
ewindischmarun: well, I'm certain that devstack+docker will be working out of the box once it passes tempest.20:10
dolphmbknudson: ooh yeah, those two changes should have just merged20:10
dolphmbknudson: rechecking https://review.openstack.org/#/c/72492/20:10
marunewindisch: well, it's non-functional out of the box right now due to that registry problem.20:11
ewindischmarun: but I agree that registry issues are the main issue.20:11
ewindisch*problem20:11
marunewindisch: Is there any priority on fixing that?20:11
bknudsondolphm: the 72492 build has some failures due to kombu and lockfile...20:11
marunewindisch: I'd be happy to help but I didn't want to duplicate effort.20:12
ewindischmarun: that's why I've shifted to having devstack pull the registry the index instead of from a static and infrequently updated S3 download.20:12
bknudsondolphm: I worked around that by  .tox/docs/bin/pip install kombu lockfile20:12
*** yolanda has quit IRC20:13
*** Tross has joined #openstack-dev20:13
ewindischmarun: I have a priority to making docker+devstack work, so that includes any dependencies such as that registry bug.20:15
ewindischmarun: however, I'm not working on that bug at this very moment, so I'd appreciate any help that is offered.20:15
marunewindisch: there is a launchpad bug that somebody marked invalid because it is an upstream issue: https://bugs.launchpad.net/devstack/+bug/127785220:17
uvirtbotLaunchpad bug 1277852 in devstack "Docker images are broken in glance " [Undecided,Invalid]20:17
marunewindisch: Would it make sense to reopen it to ensure it gets tracked for openstack?20:17
marunewindisch: I'm not really clear on how you want openstack+docker bugs managed20:18
ewindischmarun: I'd rather it were all in openstack and we linked to upstream bugs where relevant to getting those openstack bugs closed.20:18
marunewindisch: ok20:19
ewindischmarun: but there are certainly will be edge-case examples...20:19
*** novas0x2a|laptop has joined #openstack-dev20:20
marunewindisch: I'll see if I can make headway.  No promises given my inexperience with the subject matter.20:20
ewindischthanks for bringing it to my attention.20:22
*** pixelb has joined #openstack-dev20:22
*** kamalic2 has joined #openstack-dev20:23
*** mst89 has quit IRC20:24
*** sushils has joined #openstack-dev20:24
gnorthHas anyone here worked on the Cinder TaskFlow stuff?  I have a change that could do with an expert taking a quick look to see if I'm on the right track.20:24
*** eglynn-afk has quit IRC20:28
*** tjones has joined #openstack-dev20:29
*** tjones has quit IRC20:30
*** tjones has joined #openstack-dev20:32
ihrachysI have a patch for havana approved to be merged in the upcoming release: https://review.openstack.org/#/c/72754/ But it fails on the same UT (test_snapshot_pattern.TestSnapshotPattern) on isolated tasks with SSHTimeout. I wonder whether there is some bug in stable tempest (ssh.py?) that was fixed in master but didn't reach stable branch yet that could influence the difference between master neutron and20:32
ihrachysits stable branch? I see there are several patches for ssh.py in tempest master that are not part of tempest havana... Can it be a reason?20:32
*** eharney has joined #openstack-dev20:32
*** promulo has quit IRC20:33
*** SumitNaiksatam has joined #openstack-dev20:33
*** eglynn-afk has joined #openstack-dev20:33
*** joesavak has joined #openstack-dev20:36
bknudsonmorganfainberg: http://status.openstack.org/reviews/reviewday.json20:36
morganfainbergbknudson, woot20:36
*** devoid1 has joined #openstack-dev20:37
morganfainbergbknudson, now just need to wait for https://review.openstack.org/#/c/72815/ to be active20:37
morganfainbergbknudson, and it'll be super awesome20:37
bknudsonmorganfainberg: now if that were integrated with next-review somehow...20:37
morganfainbergbknudson, shouldn't be hard to do that20:37
*** devoid has quit IRC20:38
jgriffithgnorth: what are you looking at?20:38
morganfainbergdstanek, https://review.openstack.org/#/c/71024/ is covered by https://review.openstack.org/#/c/70523 not sure if you want to do both.20:39
*** galstrom is now known as galstrom_zzz20:40
*** abhirc has joined #openstack-dev20:40
dstanekmorganfainberg: i do like my test :-)  maybe i'll base mine on yours20:42
morganfainbergsure!20:42
morganfainbergdstanek, that much i can agree on.20:42
*** krtaylor has joined #openstack-dev20:43
*** markmcclain has quit IRC20:43
morganfainbergactually20:43
morganfainbergdstanek, should probaly just fix the last test down there https://review.openstack.org/#/c/70523/9/keystone/tests/test_kvs.py20:44
morganfainbergdstanek, i do like your test20:44
*** joesavak has quit IRC20:45
*** mohits has quit IRC20:45
lifelessmorganfainberg: we do need to talk about the keystone recommended default setup though20:46
lifelessmorganfainberg: because thats what we'll run20:46
morganfainberglifeless, ++ yes20:46
gnorthjgriffith - it is my volume import stuff at https://review.openstack.org/#/c/72501/20:46
morganfainberglifeless, sure thing :)20:46
lifelessmorganfainberg: and right now, - well that 30GB comment, was real data, not troll20:46
morganfainberglifeless, i know :( i suffer from the same issue in production now20:46
lifelessmorganfainberg: from a 40 node baremetal cloud, so rouhgly 2-3 virt hypervisor cloud size.20:47
morganfainberglifeless, it's painful.20:47
lifelessmorganfainberg: ah ok :)20:47
gnorthjgriffith - adds the new manage volume properties, I think I've done it right, but it seeemed too simple - not sure if I have to do anything else around managing persistence, rollback etc.  I don't think so.20:47
dolphmmorganfainberg: i hear you promising a patch for ephemeral tokens in #openstack-meeting -- link?20:47
morganfainbergdolphm, yes yes20:47
* dolphm waits patiently20:47
*** DinaBelova is now known as DinaBelova_20:47
morganfainbergdolphm, i know...20:47
morganfainbergdolphm, i have my dev environment setup was working on it. doing quick review break for the low hanging fruit then on to that20:47
morganfainbergdolphm :)20:48
*** harlowja is now known as harlowja_away20:48
morganfainberglifeless, we do an hourly cron atm to cleanup expired tokens, and keep the token TTL low(er than 86400)20:48
dolphm</harassment_by_ptl>20:48
morganfainberglifeless, it helps. but if you have too many tokens the flush expired tokens causes massive gap lock prioblems...and hangs up keystone horribly20:48
morganfainberglifeless, can discuss later though.20:48
morganfainbergdolphm, hehe20:49
*** danielbruno has quit IRC20:49
gordcmarkmc: ping20:50
morganfainbergdolphm, -2 https://review.openstack.org/#/c/70656/ no, just no. the whole concept of using something that could be valid data as an identitifier for "None" really rubs me the wrong way.20:51
morganfainbergdolphm, i know you went with -1 but, i think we need to rethink that (and perhaps have something more parse-friendly) before a change goes in.20:52
morganfainbergs/change/change like that/20:52
lifelessmorganfainberg: having an external cron job is a bit of a bug IMO; a periodic task running the background of the server would be better20:53
stevemardolphm, we going ahead with: https://review.openstack.org/#/c/72089 ?20:53
*** samuelqueiroz has joined #openstack-dev20:53
lifelessmorganfainberg: because it could increase its activity as load inreases20:53
morganfainberglifeless, except keystone doesn't reimplement cron (like some projects).20:53
lifelessmorganfainberg: and tune it's batch size to keep commit times low20:53
*** arborism has joined #openstack-dev20:54
lifelessmorganfainberg: you don't need to reimplement cron: running arbitrary commands isn't the problem.20:54
morganfainberglifeless, i know.20:54
morganfainberglifeless, i agree a clean way for batch-size stuff would be good20:54
*** browne has quit IRC20:54
morganfainberglifeless, and worth making part of the real solutionâ„¢20:54
*** boris-42_ has quit IRC20:55
*** dripton has quit IRC20:55
*** browne has joined #openstack-dev20:55
lifelessmorganfainberg: LP has a nice auto tuning loop you could study for inspiration, but the basic idea is to have a batch size and count how long a delete takes. if its higher than (threshold), reduce the size (to some lower limit)20:55
lifelessif its lower than (threashold), increase the size (to some upper limit)20:56
morganfainberglifeless, though, to be fair, i think the real solution is to never store tokens.20:56
morganfainberglifeless, really push to the ephemeral token concept, and not need the persistence20:56
morganfainberglifeless, but that is at least L before we'd be there with a removed persistence store20:56
samuelqueirozHi, I'm using Keystone and I'm creating a customized version of the policy20:57
samuelqueirozI'd like to know if there is a way to verify that an optional filter (e.g. the domain filter when listing users) is being given20:57
morganfainberglifeless assuming we deprecate SQL backend for tokens (and UUID) in J if all goes well.20:57
*** arborism is now known as amcnr20:57
*** amcnr is now known as amcrn20:57
*** jdob has quit IRC20:58
*** d0ugal has quit IRC20:58
morganfainberglifeless, there is also the thought of where to run that thread/process, as keystone is designed to run multiple times under wsgi, or across multiple servers. it's def. worth thinking about.20:58
*** jdob has joined #openstack-dev20:58
*** jamielennox|away is now known as jamielennox20:58
*** dripton has joined #openstack-dev20:58
*** SpamapS_ is now known as SpamapS20:58
*** SpamapS has quit IRC20:58
*** SpamapS has joined #openstack-dev20:58
*** boris-42_ has joined #openstack-dev20:59
*** zul has joined #openstack-dev20:59
*** yjiang51 has joined #openstack-dev21:00
lifelessmorganfainberg: just run it in each process :)21:01
morganfainberglifeless, hehe21:01
*** thomasem has quit IRC21:01
*** eglynn-afk is now known as eglynn21:01
*** asalkeld has quit IRC21:02
*** asalkeld has joined #openstack-dev21:02
morganfainbergdolphm, for the disable notifications, we expect an "updated" and a "disabled" notification if we disable a project?21:02
morganfainbergdolphm, actually... i guess that makes sense.21:02
*** jckasper_ has joined #openstack-dev21:03
*** raildo has quit IRC21:03
*** abhirc has quit IRC21:04
*** kgriffs is now known as kgriffs_afk21:04
*** jckasper has quit IRC21:04
*** kgriffs_afk is now known as kgriffs21:04
jgriffithgnorth: interesting...21:05
*** marekd is now known as marekd|away21:05
gnorthjgriffith: good interesting?21:06
*** jp_at_hp1 has quit IRC21:06
jgriffithgnorth: sure... :)21:06
jgriffithgnorth: tieing in through the create_volume flow was something I hadn't thought about21:06
jgriffithgnorth: I mean... it didn't exist when I looked at this last :)21:07
gnorthYeah, me neither, was one hell of a rebase. :-)21:07
jgriffithgnorth: yeah... sorry about that :)21:08
*** jdob has quit IRC21:08
jgriffithgnorth: especially since it was a moving target the last week or so21:08
*** jruzicka has quit IRC21:08
*** jdob has joined #openstack-dev21:08
*** kamalic2 has quit IRC21:08
jgriffithgnorth: so seems pretty sane, I'll pick at it here lately and run some tests on it21:08
jgriffithgnorth: seems well put together at first glance21:09
*** denis_makogon_ has joined #openstack-dev21:09
*** baoli has joined #openstack-dev21:09
gnorthjgriffith: It feels quite clean, I couldn't find a way to add the manage_volume as an action to the os-hosts API, which might be a little more REST-y.21:10
*** samuelbercovici has joined #openstack-dev21:12
*** baoli has quit IRC21:12
*** hartsocks has joined #openstack-dev21:12
*** tjones has quit IRC21:13
*** topol has quit IRC21:13
*** samuelbercovici has quit IRC21:13
*** baoli has joined #openstack-dev21:13
*** derekh has joined #openstack-dev21:13
*** tjones has joined #openstack-dev21:14
*** rodrigods has joined #openstack-dev21:14
*** rodrigods has joined #openstack-dev21:14
*** pmathews has joined #openstack-dev21:15
*** ndipanov has quit IRC21:15
*** jprovazn has quit IRC21:15
*** mlegault has quit IRC21:16
stevemarbknudson, apparently the patch to fix docs failed again, i took a peek at http://status.openstack.org/zuul/ for 7249221:16
bknudsonstevemar: looks like it doesn't like the missing lockfile package21:16
jamielennoxdolphm, bknudson: am out for a bit but do you want to have a look over: https://wiki.openstack.org/wiki/VersionDiscovery i'll send it to -dev list later today for comments but feel free to polish up the wording or anything you see is missing21:17
bknudsonstevemar: maybe can add it to test-requires.txt?21:17
stevemaror kombu21:17
jamielennoxbknudson, dolphm: this will help: http://paste.openstack.org/show/64770/21:18
stevemarbknudson, why not requirements? it's not used in test, it's part of oslo right21:21
bknudsonstevemar: if you put it in requirements then that implies that it's required to even run the server21:21
bknudsonand packagers will think that they have to include it21:21
stevemarbknudson, ahhh21:21
bknudsonstevemar: actually, bnemec just posted something to the -dev mailing list...21:22
*** tjones has quit IRC21:22
*** denis_makogon_ is now known as denis_makogon21:22
*** hartsocks has left #openstack-dev21:22
*** vartom1111111113 has joined #openstack-dev21:22
*** marcoemorais has quit IRC21:23
stevemarbknudson, our mail servers have been going offline/online all day, very annoying. checking now21:23
bknudsonstevemar: blame the mayor21:23
bnemecOh good, so we're not the only ones running into that issue. :-)21:23
*** yjiang51 has quit IRC21:23
stevemarbknudson, can't blame him for everything21:23
stevemarbnemec, not at all21:23
bknudsonbnemec: well... oslo is the cause of it for us21:24
*** tzabal has left #openstack-dev21:24
*** mriedem has quit IRC21:24
*** martines has quit IRC21:24
bnemecbknudson: Well, hopefully the wiki page Doug just sent to the list will help with that.21:25
jgriffithgnorth: personally I prefer the seperate extensions21:25
*** markwash has quit IRC21:25
jgriffithgnorth: ie the way you did it21:25
bnemecGet some of this stuff out of incubator and into libraries that have their own deps.21:25
*** dprince has quit IRC21:26
*** pmathews has quit IRC21:26
bknudsonbnemec: the one we run into in keystone during doc build is kombu21:26
bknudsonand also lockfile... although that seems like a legit requirement.21:26
bknudsonbut I think kombu is optional, depending on which rpc backend you use21:26
morganfainbergdolphm, yay! name is freed up!21:26
bnemecbknudson: Yeah, that's exactly the issue I'm hitting.21:27
bnemeckombu is included in most project's requirements, even though technically it isn't required.21:27
bnemecBut qpid isn't, and there's understandable pushback to including it21:27
bknudsonbnemec: since oauth is optional for keystone we only have it in test-requires.txt21:27
*** nealph_ has joined #openstack-dev21:28
*** nplanel has quit IRC21:29
bnemecbknudson: Yeah, I'm hoping our Python packaging gurus will chime in with a brilliant solution. :-)21:29
*** markmc has quit IRC21:29
*** csd has joined #openstack-dev21:30
*** devoid1 is now known as devoid21:30
*** ayoung has joined #openstack-dev21:30
dhellmannbnemec, bknudson: I don't think we'll ever reach a state where, for example, oslo.messaging lists an explicit dependency on all of the libraries used by all of the drivers21:31
*** nplanel has joined #openstack-dev21:31
dhellmannbnemec, bknudson: it might make sense to have some separate requirements files for when those drivers are in use, though, so an installer that knows how a configuration is being set up could pick the right file based on a driver or configuration name, and not have to keep up with the details that choice implies21:32
*** colinmcnamara has joined #openstack-dev21:33
*** marcoemorais has joined #openstack-dev21:33
*** eglynn has quit IRC21:33
*** nealph_ has quit IRC21:33
*** nealph has joined #openstack-dev21:34
*** e0ne has quit IRC21:34
stevemarbknudson, https://review.openstack.org/#/c/73072/21:34
bnemecdhellmann: Yeah, that seems reasonable.  I see oslo.messaging doesn't actually require any messaging backend.21:35
dhellmannbnemec: right, because if you're using qpid why should you install zmq?21:36
bnemecdhellmann: Or kombu, which most of the projects require right now.21:37
dhellmannbnemec: right21:38
lifelessdhellmann: so I think long term sure21:38
lifelessdhellmann: but I don't think we should have any default if we split it out21:38
lifelessdhellmann: e.g. if we test both pg and mysql, we should install either neither driver, or both.21:39
lifelessby dfault21:39
lifeless-or-21:39
dhellmannlifeless: that makes sense21:39
lifelesswe should actually make a statement that backend X is *the backend* and everything else is /actually/ second class, not defacto second class21:39
*** martines has joined #openstack-dev21:40
morganfainbergdhellmann, btw, thank you very very much for the help eysterday :)21:41
morganfainberggot it all working21:41
dhellmannmorganfainberg: excellent!21:42
morganfainberglifeless do you know much about new repo creation (project) or should i bug another infra person to see if i have everything "correct21:43
morganfainberg"21:43
*** promulo has joined #openstack-dev21:43
*** promulo has quit IRC21:43
morganfainbergdhellmann, ^ you might have an answer as well, though i am unsure how close you are to infra at this point21:43
*** promulo has joined #openstack-dev21:43
lifelessmorganfainberg: there's a guide21:44
morganfainberglifeless, i followed it21:44
*** tmclaugh[work] has quit IRC21:44
lifelessmorganfainberg: then you're all good ;)21:44
morganfainberglifeless, well it's more along that i'm splitting code out of keystone's repo and about the [pypi] etc sections in zuul21:44
morganfainberglifeless, i'll just poke people to make sure i trim down/modify what is there as needed.  thanks! :)21:45
*** dkehn__ has joined #openstack-dev21:46
dhellmannmorganfainberg: as it happens: https://wiki.openstack.org/wiki/Oslo/CreatingANewLibrary21:46
morganfainbergdhellmann, hehe21:47
dhellmannmorganfainberg: that is a WIP, so let me know if you find issues21:47
dhellmannmorganfainberg: SergeyLukjanov has been helping, and can answer questions, too21:47
morganfainbergdhellmannh, yeah SergeyLukjanov  has been awesome21:47
morganfainberghere is my first pass https://review.openstack.org/#/c/73074/ for the zuul etc bits21:47
morganfainbergthis isn't so much a lib as another project being split out form the keystone repo21:47
morganfainbergKDS21:47
*** dkehn__ has quit IRC21:48
dhellmannmorganfainberg: you might be interested in the graduate.sh script in oslo-incubator -- it knows how to pull files out of git and preserve their history21:48
*** alop has joined #openstack-dev21:48
dhellmanndhellmann: I wrote the script, but markmc worked out the commands21:48
*** dkehn__ has joined #openstack-dev21:48
morganfainbergdhellmann, cool.  i'll check that out21:48
* dhellmann is now talking to himself21:48
ayoungmorganfainberg, https://blueprints.launchpad.net/python-keystoneclient/+spec/validate-service-endpoint21:48
*** MaxV has joined #openstack-dev21:49
*** dkehn_ has quit IRC21:49
ayoungmorganfainberg, the author is working on that....21:49
morganfainbergdhellmann, we might just collapse out the history for the first rev in a new repo.  because of moving target issues21:49
*** cagrev_ has quit IRC21:49
bknudsonstevemar: might as well move the doc change under that one so can see if it helps21:49
morganfainbergdhellmann, i dont want to halt work on kds while we split it out, because there is potentially TC things to be involved as well.21:50
morganfainbergdhellmann, so, lets see how things go. :)21:50
morganfainbergdhellmann, in either case thanks ! I'll def checkout the graduate script21:50
morganfainbergayoung, ooh21:51
*** pmathews has joined #openstack-dev21:51
ayoungthought you would like that21:51
morganfainbergayoung, that has potential...21:51
morganfainbergayoung, esp. w/ the endpoint filter thing21:51
ayoungmorganfainberg, it only made sense once we hade endpoint filtering, but now that we do....21:51
morganfainbergwhen that goes in, i'd advocate graduating endpoint filtering out of being an extension21:51
ayoungmorganfainberg, ++ but it can be done completely in keystoneclient21:52
*** jhesketh_ has joined #openstack-dev21:52
*** jhesketh__ has joined #openstack-dev21:52
morganfainbergayoung, sure21:52
*** bdpayne has quit IRC21:52
dolphmmorganfainberg: o/ we have a problem21:52
morganfainbergdolphm, ?21:52
dolphmmorganfainberg: scroll to the very bottom http://logs.openstack.org/43/70843/1/gate/gate-tempest-dsvm-full/38732a1/logs/screen-key.txt.gz21:52
Apsuahoy21:52
dolphmfor reference- https://bugs.launchpad.net/devstack/+bug/125348221:53
uvirtbotLaunchpad bug 1253482 in devstack "Keystone's IANA-assigned default port in linux local ephemeral port range" [Undecided,In progress]21:53
morganfainbergdolphm, 35357? again.21:53
*** bdpayne has joined #openstack-dev21:53
morganfainbergdolphm, yeah =/21:53
Apsumorganfainberg: tl;dr, binding to 127.0.0.1 with all endpoints on 127.0.0.1 doesn't prevent port overlap, just reduces it21:53
*** dvarga has quit IRC21:53
ayoungooops21:53
morganfainbergdolphm, Apsu, i thought that was the case.21:53
Apsutl;tl;dr, local -> local connections with the client not specifying its source IP will pick the same IP as the destination.21:53
ApsuMeaning with an endpoint of 127.0.0.1, the client source will be 127.0.0.1 with a random ephemeral port21:54
dolphmApsu: logstash queries appear to support the claim that the frequency of this bug has been reduced quite a bit21:54
Apsudolphm: +121:54
ApsuBinding to *:$port means $port is unusable by anyone at any time on any IP21:54
ApsuBinding to 127.0.0.1:$port means 127.0.0.1:$port is unusable.21:54
ApsuIf all connections are localhost -> localhost, the frequency would be the same.21:54
bknudsonon my system devstack sets the system's IP address and not 127.0.0.121:54
morganfainbergis there anyway we can get the devstack gate vms to ... have the proper ephemeral (IANA spec) range?21:54
ApsuIf some aren't, it'd be less.21:55
Apsumorganfainberg: Easier solution is to poke a hole with the ip_local_reserved_ports sysctl.21:55
*** MaxV has quit IRC21:55
morganfainbergApsu, same net challenge21:55
Apsusysctl net.ipv4.ip_local_reserved_ports=3535721:55
clarkbApsu: that isn't a solution21:55
morganfainbergApsu, has to be done before devstack starts, part of the VM creation.21:55
Apsumorganfainberg: Is it? What is the challenge exactly?21:55
Apsuclarkb: Well it's *a* solution. Maybe not the best one :P21:55
*** caleb_ has joined #openstack-dev21:55
clarkbApsu: it doesn't fix the problem there fore not a solution21:56
clarkbit mitigates it21:56
dolphmApsu: how does it not fix it?21:56
dolphmclarkb: *21:56
morganfainbergit would reduce it for devstack to do that, but it's not the right fix for the devstack scripts to "fix" this21:56
ApsuExcuse my ignorance of the processes/infrastructure/politics here, I just understand the networking really well.21:56
clarkbdolphm: Apsu: because you need that in place before boot, devstack happens after boot21:56
ApsuYou don't need it before boot.21:56
bknudsonApsu: do you know why linux has ephemeral port range outside of iana assigned?21:56
dolphmclarkb: right; is that not an option at all?21:56
ApsuIt can change on the fly.21:56
SergeyLukjanovmorganfainberg, I've posted some questions/suggestions to https://review.openstack.org/#/c/73074/21:56
*** ijw_ has quit IRC21:57
dolphmApsu: to be 100% effective, you do though - correct?21:57
clarkbApsu: yes but it won't change existing connections aiui21:57
clarkbApsu: so there is a race21:57
ApsuUnless you're saying "because after boot any process might be using the port"21:57
ApsuFair enough.21:57
clarkbdolphm: no because it needs to happen in devstack21:57
ApsuIt'd need to be in the VM image.21:57
clarkbdolphm: we want to test devstack not the CI vm build scripts21:57
*** ijw has joined #openstack-dev21:57
dolphmFWIW, the last 14 day query i ran for this bug 16 hits; i'm now getting 3 (and one of those occurrences was prior to the fix)21:57
morganfainbergif the VM is configured with the correct ephemeral ports (like keystone documents) then it is a solution.21:57
*** rodrigods has quit IRC21:57
uvirtbotLaunchpad bug 16 in launchpad ""Swedish" and "Swedish (Sweden)" should be the same language" [Medium,Fix released] https://launchpad.net/bugs/1621:57
*** jecarey has quit IRC21:58
Apsumorganfainberg: I see that as an identical challenge with more drawbacks than the reserved port approach.21:58
morganfainbergbut i can see why that is a lot more overhead than having keystone do something different.21:58
morganfainberge.g. httpd21:58
ApsuI.e., reducing the ephemeral range is always worse, due to restricting control plane headroom.21:58
morganfainbergbut when linux and IANA are in conflict, there really is only so much we can do.21:59
*** kevinconway has quit IRC21:59
ApsuBut poking a single hole has no practical impact.21:59
dolphmclarkb: i'd still argue that setting a ip_local_reserved_ports for 35357 would be a best practice for keystone deployments; so even if it happens in devstack and reduces the transient frequency further, that would be great21:59
*** rmk has quit IRC21:59
clarkbdolphm: I thought it was best to apache + wsgi?21:59
dolphmclarkb: ++ but you run into the same issue with apache starting up21:59
ApsuOther alternatives are much much uglier. By default on Linux, on all kernel versions, if you make a connection from a local process to another local process, on a local IP, the connecting process will choose the destination IP as its source IP, and an ephemeral port to bind to.21:59
clarkbdolphm: why? apache listens on 44322:00
ApsuSo no matter what IP you bind/connect to, you'll always be using the same one to connect from.22:00
clarkband communication via wsgi isn't over a tcp socket is it?22:00
dolphmclarkb: fair enough! :)22:00
ApsuThere are ways to 'hack' around that22:00
*** mlegault has joined #openstack-dev22:00
ApsuBut I'm not sure you'll like any of them :P22:00
*** yeylon__ has quit IRC22:00
clarkbApsu: right, the solution is to not use 35357 :)22:00
dolphmso i'm hearing that the next step is to stop running keystone outside of apache, period?22:00
ApsuThat's one possibility.22:01
dolphmrun apache by default in devstack, etc22:01
clarkbdolphm: that is what I was told by ayoung22:01
ApsuWhat image is the VM that's being used to test with?22:01
dolphmclarkb: i know he's an advocate, and i don't disagree22:01
clarkbdolphm: as apache is already the defacto default for keystone we just don't test it22:01
ayoungLIES!22:01
clarkbwhich is ugh22:01
dolphmayoung: ?22:01
ApsuAs in what distro/kernel version22:01
ayoungWhat22:01
ayoungHeh22:01
*** pleia2 has quit IRC22:01
clarkbApsu: currently precise with latest 3.2 kernel22:01
ayoungI just heard my name22:01
dolphmayoung: i'm taking words out of your mouth and passing them out22:01
clarkbwill by trusty in when that happens22:01
*** CrackerJackMack has quit IRC22:01
ayoungDon't yuse 3535722:01
dolphmayoung: but correcting the spelling22:02
dolphmyour welcome22:02
dolphm;)22:02
Apsuclarkb: So... something fun you can do on newer kernels (meaning 3.x+) is replace the local route for the bind IP (ip r sh table local, to see them), exchanging the "src" hint with a different IP that's also on the box22:02
*** ijw has quit IRC22:02
ApsuAnd now when you make a local -> local connection to that target IP, it'll use the src hint IP as the source for the connection22:02
ayoungclarkb, yooose fower fower three22:03
clarkbApsu: right but we don't want to do that22:03
ayoungdolphm, heh22:03
ayoungI need to finish token compression, I belive, in order to make Apache vialble long run22:03
ayoungguess what I am working on right now22:03
ApsuBit hacky, but relatively easy and can happen after the boot22:03
*** xingchao has quit IRC22:03
clarkbApsu: because silly work arounds are silly22:03
clarkbshould be able to just run the service :)22:03
*** ijw has joined #openstack-dev22:03
*** cburgess has quit IRC22:03
devoidasking here because #openstack-nova never replied: do the libvirt driver maintainers meet at the general nova meting times?22:03
dolphmclarkb: implemented your suggestions on https://review.openstack.org/#/c/69997/2/queries/1253482.yaml to better track this bug22:03
Apsuclarkb: I figured. And yes. But if changing the VM is difficult... I find that a little silly too. Linux ephemerals may not be IANA, but Linux is super non-standard in hundreds of ways.22:03
*** mlegault_ has joined #openstack-dev22:03
*** xingchao has joined #openstack-dev22:03
ayoungclarkb, yeah, we should not have requeste a port in the ephemeral range....and IANAL should not be issuing them, either22:04
Apsuclarkb: So I find it a bit silly to insist on working around Linux ephemerals when Linux is, y'know, the de facto standard :P22:04
dolphmayoung: good point22:04
ayoungore Linux should change the range of hte ephemeral to match the standard22:04
ayoungor I should learn to type22:04
Apsuayoung: That's very doubtful.22:04
clarkbdolphm: thanks, +222:04
ayoungdolphm, , https://blueprints.launchpad.net/python-keystoneclient/+spec/validate-service-endpoint  that can happen at any point, since it is client only, right?22:04
clarkbApsu: it isn't difficult to change the VM, it is the wrong thing to do22:05
*** morganfainberg has quit IRC22:05
clarkbApsu: because $person is going to run devstack and if fails for them that is a fail22:05
clarkbsame story for $person running a production keystone22:05
*** CrackerJackMack has joined #openstack-dev22:05
ApsuSure. And that's fair.22:06
*** vijendar has quit IRC22:06
ApsuSo, +1 for not using a port in the default Linux ephemeral.22:06
*** cburgess has joined #openstack-dev22:06
*** pleia2 has joined #openstack-dev22:06
*** morganfainberg has joined #openstack-dev22:07
ApsuKind of why it exists, to avoid the local -> local port clobbering.22:07
*** mlegault has quit IRC22:07
*** gokrokve has quit IRC22:07
*** ykhodork has quit IRC22:07
ApsuServices are < ephem always :D22:07
*** gokrokve has joined #openstack-dev22:08
*** rmk has joined #openstack-dev22:08
*** rmk has quit IRC22:08
*** rmk has joined #openstack-dev22:08
*** MaxV has joined #openstack-dev22:08
*** gokrokve_ has joined #openstack-dev22:08
*** rodrigods has joined #openstack-dev22:08
*** rodrigods has quit IRC22:08
dolphmayoung: yes, but i think that represents a misunderstanding of the catalog itself22:09
*** doug_shelley66 has quit IRC22:09
*** xarses has quit IRC22:10
ayoungdolphm, I think it more reflects a different use of it22:10
ayoungdolphm, with endpoint filtering, you can then say "only these endpoints can interoperate"22:11
*** lucas-afk is now known as lucasagomes22:11
ayoungdolphm, so you disagree?22:11
dolphmayoung: ah, i forgot about endpoint filtering as this was the missing piece to make that even remotely useful22:11
ayoung;022:11
dolphmayoung: so yeah, that's viable then22:12
*** jecarey has joined #openstack-dev22:12
* dolphm afk22:12
*** gokrokve has quit IRC22:12
*** mfer has quit IRC22:13
*** jamieh has quit IRC22:14
*** kbrierly has quit IRC22:14
morganfainbergdolphm, https://review.openstack.org/#/c/73074/22:14
*** markmcclain has joined #openstack-dev22:14
*** ayoung is now known as ayoung-afk22:15
*** ayoung-afk is now known as ayoung-away22:15
*** nmagnezi has quit IRC22:21
*** ArxCruz has quit IRC22:24
*** xarses has joined #openstack-dev22:24
*** kbrierly has joined #openstack-dev22:25
*** zul has quit IRC22:26
*** tkay has quit IRC22:27
*** dsirrine is now known as dsirrine|afk22:29
*** athomas has quit IRC22:29
*** tkay has joined #openstack-dev22:29
*** tongli has quit IRC22:29
*** mdurnosvistov_ has quit IRC22:30
*** jnoller has quit IRC22:31
stevemarbknudson, looks like docs is building now22:34
bknudsonstevemar: how do you know?22:36
*** jdob has quit IRC22:37
*** jay-lau-513 has quit IRC22:41
*** zzelle has quit IRC22:42
*** jmckind has quit IRC22:43
morganfainbergbknudson, stevemar, dolphm, ayoung-away, jamielennox, lbragstad, dstanek, - OS Atlanta Summit, looks like I'm in the Omni (hotel).  Not sure if you guys are looking at that yet or not, but - figured i'd let yall know22:43
*** shardy is now known as shardy_afk22:43
lbragstadmorganfainberg: good to know, thanks!22:44
morganfainberglbragstad, omni is also across the street from the conf basically22:44
lbragstadcool, so walking distance22:44
*** e0ne has joined #openstack-dev22:46
*** e0ne has quit IRC22:48
*** sweston has quit IRC22:48
*** bhuvan has quit IRC22:49
*** mfer has joined #openstack-dev22:49
*** promulo has quit IRC22:50
morganfainberglbragstad, westin is a few bvlocks, so also walking distance22:50
*** promulo has joined #openstack-dev22:50
morganfainberglbragstad, but the omni is def a lot closer22:50
*** bhuvan has joined #openstack-dev22:50
* lbragstad takes notes22:51
*** Gordonz has quit IRC22:51
morganfainberglbragstad, westin price is $133/night, omni is $189/night - but afaict you can't go wrong with either22:51
*** CaptTofu has quit IRC22:52
*** harlowja_away is now known as harlowja22:54
*** doug_shelley66 has joined #openstack-dev22:54
*** alop has quit IRC22:55
jamielennoxayoung-away, morganfainberg: that blueprint you were tlking about: https://blueprints.launchpad.net/python-keystoneclient/+spec/validate-service-endpoint22:56
jamielennoxdo you know who Ian is (irc nick), because some of the changes i've got coming will make it more or less trivial22:57
*** dims has quit IRC22:57
*** baoli has quit IRC22:58
*** novas0x2a|laptop has quit IRC22:59
*** mfer has quit IRC22:59
*** abhirc has joined #openstack-dev22:59
ayoung-awayjamielennox, yeah, he's in #moc23:00
ayoung-awayjamielennox, yeha, it should be trivial23:00
*** carl_baldwin has quit IRC23:01
jamielennoxmoc?23:01
*** stevemar has quit IRC23:01
*** abhirc has quit IRC23:02
*** abhirc has joined #openstack-dev23:02
*** SumitNaiksatam has quit IRC23:02
*** networks_ has quit IRC23:04
*** JoshuaG_AIM has quit IRC23:04
*** vartom1111111113 has quit IRC23:05
ayoung-awayMassachusetts Open Cloud.23:05
*** xarses has quit IRC23:05
*** peristeri has quit IRC23:05
ayoung-awayjamielennox, but he's gone now23:05
*** AlanClark has quit IRC23:05
jamielennoxok, i'd like to have a chat with him about it at some point because session is changing how that works23:06
*** rwsu has quit IRC23:06
morganfainbergdolphm, https://launchpad.net/python-kiteclient ?23:07
*** rwsu has joined #openstack-dev23:08
jamielennoxmorganfainberg: i do like the name kite23:08
morganfainbergayoung-away, ping when you have a sec23:08
*** ayoung-away is now known as ayoung23:08
*** bhuvan has quit IRC23:08
ayoungI'm here23:08
morganfainbergjamielennox, https://review.openstack.org/#/c/73022/1 https://review.openstack.org/#/c/73074/23:09
morganfainbergayoung, so. i am trying to resolve how to get to the point where revocation events and dogpile are in place23:09
morganfainbergayoung, since i need both for ephemeral keys i think...23:09
jamielennoxmorganfainberg: kite-core?23:09
ayoungyep23:10
morganfainbergbe back in a sec, need to take a call23:10
morganfainberggive me ~30min23:10
dolphmmorganfainberg: will do23:10
morganfainbergcan discuss that then23:10
dolphmjamielennox: probably23:10
*** dims has joined #openstack-dev23:10
ayoungjamielennox, I think that the endpoint enforcement is trivial.  The endpoint needs to know its own Identifier23:10
ayoungis there any way to deduce that, or should it just go in the config file23:10
jamielennoxayoung: if we get session in then the only way to talk to an endpoint will be via the catalog so enforcement by default23:11
*** marcoemorais has quit IRC23:11
*** marcoemorais has joined #openstack-dev23:11
*** yamahata has quit IRC23:11
*** alop has joined #openstack-dev23:11
ayoungjamielennox, still want to enforce it on the server side (auth_token)23:12
jamielennoxSUMMIT APPROVED!! aww yea23:12
ayoungSchweeet!23:12
jamielennoxayoung: is auth_token a problem though? we don't have auth_token talking to the identity endpoint from a tokne23:13
jamielennoxfrom a service catalog23:13
jamielennoxdo we want it to?23:13
jamielennoxthat makes it difficult in terms of we have to fetch the right certs for that identity endpoint23:14
dolphmmorganfainberg: done https://launchpad.net/python-kiteclient23:15
*** yamahata has joined #openstack-dev23:15
ayoungjamielennox, no, but say a user is doing direct curl, they send a token along, and auth token can enforce that the endpouint is specified in the service catalog of the token23:16
*** flaper87 is now known as flaper87|afk23:16
*** otherwiseguy has quit IRC23:17
jamielennoxdolphm: i get to create a client from scratch? can't tell if i'm excited or the pressure is getting to me23:17
*** xarses has joined #openstack-dev23:17
dolphmjamielennox: lol i was just about to tell you that lol23:18
jamielennoxayoung: so just that the endpoint in the service catalog matches the one that auth_token is set up to use?23:18
*** krtaylor has quit IRC23:19
*** avishay_away has quit IRC23:21
ayoungjamielennox, each endpoint that enforces this would have a config vale "endpoint_id"  and then the check is just that "endpoint_id" matches one of the endpoints in the service catalog of the token23:21
*** avishay_away has joined #openstack-dev23:21
*** dstanek has quit IRC23:21
*** kgriffs has quit IRC23:21
ayoungno cert fetch23:21
*** tkay has quit IRC23:21
ayoungalthough I do have a solution to figuring out which cert was used to sign a token, too23:21
*** lbragstad has quit IRC23:22
jamielennoxayoung: i'm interested in the second - but what's this talk of an endpoint_id23:22
ayoungjamielennox, right now an endpoint, say nova, does not know what its endpoint id is.23:23
*** lucasagomes has quit IRC23:23
*** tkay has joined #openstack-dev23:23
*** mhu has quit IRC23:23
ayoungSo say I have a token with one nova endpoint in the service catalog, and I want to make sure it is only use on that endpoint, when I pass the token to any endpoint, auth_token on that endpoint needs to look at the service catalog and see "am I in there"23:24
ayoungIt has to be enforced by auth_token23:24
ayoungits another form of token validity...23:24
jamielennoxoh, ok23:24
jamielennox hmmm23:24
*** armax has quit IRC23:25
*** markmcclain has quit IRC23:25
*** kgriffs has joined #openstack-dev23:25
ayounghttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L842  jamielennox right after token bind...think "end point bind"23:25
jamielennoxyea, that's what i was thinking23:26
jamielennoxso it means having auth_token know its own endpoint_id23:26
jamielennoxand it means having the endpoint_id exposed in the service catalog which we don't do at the moment23:27
*** mhu has joined #openstack-dev23:27
jamielennoxthe second one is more my concern there23:27
*** mriedem has joined #openstack-dev23:27
dolphmjamielennox: one auth_token configuration currently protects multiple endpoints23:27
*** dstanek has joined #openstack-dev23:27
ayoungah...I thought it was23:27
ayoungit is in the smaple code in the identity-api23:27
jamielennoxdolphm: protects?23:27
dolphmjamielennox: sits in front of?23:27
jamielennoxoh, right public/internal urls are generally the same actual endpoint23:28
dolphmjamielennox: other services only have one auth_token filter configuration in their paste configs, and deploy that configured instance into multiple pipelines (public / admin / whatever)23:28
*** hdd is now known as hdd_23:28
dolphmjamielennox: endpoint_id's should have *never* been exposed to the token23:28
*** tkay has quit IRC23:28
ayoungjamielennox, https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md#authentication-responses  scroll down abit23:28
*** byeager has quit IRC23:28
dolphmthat was just an oversight23:29
ayoungdolphm, but, but...they are useful23:29
ayoungcan we keep them, please?23:29
dolphmayoung: we don't have much choice, unless we're replacing the entire catalog... which we should also do23:29
dolphmbut that's a bumpy road23:29
ayoungheh...so it is going to have to be "one of the endpoint ids" or are we ok with keeping it as one per?23:30
*** Shaan7 has quit IRC23:30
dolphmwith minimal gains give ?nocatalog + GET /v3/catalog is a better approach23:30
dolphmayoung: a list of endpoint id's gives the deployer flexibility23:30
dolphmayoung: you could also just do it by actual endpoint value, which is what i would prefer23:31
dolphm(by URL)23:31
*** thedodd has quit IRC23:31
ayoungdolphm, can you add that to the BP, and your rationale?23:31
dolphmayoung: link?23:31
ayoungdolphm, , https://blueprints.launchpad.net/python-keystoneclient/+spec/validate-service-endpoint23:33
*** bauzas has quit IRC23:35
*** amerine_ is now known as amerine23:36
*** aeperezt has quit IRC23:36
*** aeperezt has joined #openstack-dev23:37
*** mlegault_ has quit IRC23:37
jamielennoxdolphm: i'm good with a new service catalog, the one we have is too big but i think that is best part of a new token format23:39
jamielennoxayoung: i don't see the need for exposing endpoint_id - other than the one just raised23:39
*** achampion has quit IRC23:41
*** sarob has joined #openstack-dev23:41
*** yassine has quit IRC23:41
*** aeperezt has quit IRC23:42
*** devoid has quit IRC23:42
*** yamahata has quit IRC23:42
*** pixelb has quit IRC23:43
*** david-lyle has quit IRC23:43
*** derekh has quit IRC23:44
*** jmontemayor has quit IRC23:44
*** jmontemayor has joined #openstack-dev23:45
dolphmayoung: done23:45
*** byeager has joined #openstack-dev23:46
*** jcoufal has quit IRC23:46
*** baoli has joined #openstack-dev23:46
*** byeager has quit IRC23:49
*** jmontemayor has quit IRC23:49
*** carl_baldwin has joined #openstack-dev23:50
*** baoli has quit IRC23:51
dolphmayoung: jamielennox: p.s. i'm not caught up on the mailing list thread yet, but i'm very much leaning towards the endpoint mutation hack, as long as it lands with clear documentation about how much of a hack it is lol23:51
* ayoung hasn't read mail all day..kindof afraid to now23:51
*** cnesa has joined #openstack-dev23:52
ayoungjamielennox, as far as the token<->cert thing23:52
ayoungit looks like poyasn is alrady in my venv.  I tried using that tore read atoken, and I can find the signer info in it.23:52
jamielennoxdolphm: mailing list thread?23:52
ayoungthe Asn1 format is a little wonky23:52
* jamielennox looking23:53
dolphmjamielennox: ayoung's hack thread -- forgot the name23:53
jamielennoxdolphm: oh that one23:53
*** jckasper__ has joined #openstack-dev23:53
ayoungah...the whole "hack the version off the endpoint in the catalog" hack?23:53
jamielennoxdolphm: i think the thread is going against you23:54
dolphmayoung: yes23:54
jamielennoxthough i found something distressing yesterday23:54
dolphmjamielennox: probably -- i'm like a week behind on it (and all my email)23:54
jamielennoxwhilst GET / is unprotected by all servers, they pretty much unanimously need a token to access GET /vX23:54
ayoungoops23:55
*** aeperezt has joined #openstack-dev23:55
ayoungjamielennox, we don't23:55
ayoungare we unique in that?23:55
jamielennoxayoung: no and we can't23:55
dolphmjamielennox: p.s. i want better logging in the client :(23:55
dolphmjamielennox: wtf, really?23:55
jamielennoxdolphm: patches welcome :)23:55
dolphmjamielennox: oh i guess so -- thanks auth_token!23:55
*** CaptTofu has joined #openstack-dev23:56
* dolphm faceplam -- we should make an exception for that?23:56
jamielennoxdolphm: yea i get why it happened23:56
jamielennoxbut it's a problem23:56
dolphmdefinitely23:56
jamielennoxit's workable if we start with the service catalog23:56
jamielennoxbecause if you have a service catalog then you have a token and can just query with that23:57
jamielennoxbut it is definetly wrong and i'm not sure how it will affect us23:57
*** jckasper_ has quit IRC23:57
dolphmjamielennox: ++23:57
jamielennoxayoung: do you want to have a pass at https://wiki.openstack.org/wiki/VersionDiscovery as well, i'll put it to -dev later today23:57
*** gaelL has quit IRC23:58
dolphmjamielennox: an authenticated request to GET /vX/ could return different results than an unauthenticated request, but you should be able to make both23:58
* dolphm afk23:58
*** denis_makogon has quit IRC23:59
jamielennoxdolphm: right, that was the only thing i was thinknig that made it ok, if we are saying that the service catalog should contain unversioned endpoints maybe they want to customize the GET / requests per token instead23:59
*** jckasper__ has quit IRC23:59
« Tuesday, 2014-02-11 Index Thursday, 2014-02-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!