Wednesday, 2014-10-08

« Tuesday, 2014-10-07 Index Thursday, 2014-10-09 »
nkinderstevemar: your patch works, but I have some review feedback00:00
*** andreaf has quit IRC00:01
*** andreaf has joined #openstack-keystone00:01
stevemarnkinder, neato! i'll look at it soon00:01
stevemarah nice bug nkinder we do do a domain lookup eh00:03
nkinderstevemar: yep, unfortunately00:05
nkinderstevemar: that's one of the things that should probably be adjusted in your patch too00:05
stevemarnkinder, so group show and project show should probably be update too?00:08
nkinderstevemar: yeah, I think so (for consistency at least)00:08
nkinderstevemar: a cloud admin might want to grant 'admin' to a group from a domain to allow them to be the domain admins00:09
nkinderI'm not really sure that there is a use-case for project, but I can't see why it would be a bad thing00:09
stevemar++ for consistency00:10
stevemarokay, i might get to that in a bit00:10
openstackgerritA change was merged to openstack/keystone: Add an XML code directive to a shibboleth example  https://review.openstack.org/12553500:11
openstackgerritA change was merged to openstack/keystone: Use openstackclient examples in configuration documentation  https://review.openstack.org/12427000:12
nkinderstevemar: doh!  closes-bug vs. resolves-bug bites me again00:15
nkinderwe use resolves-bug internally for some things00:15
openstackgerritA change was merged to openstack/keystone: Remove deprecated TemplatedCatalog class  https://review.openstack.org/12570800:17
openstackgerritA change was merged to openstack/keystone: Update 'Configuring Services' documentation  https://review.openstack.org/12393300:17
bknudsondoes the latest keystone cache the endpoints in the catalog? if not, seems like something we should be doing since it's used to put the catalog in the token00:19
*** gyee has quit IRC00:20
stevemarnkinder, ahh that explains it00:24
*** ncoghlan has joined #openstack-keystone00:27
*** tqtran has quit IRC00:32
*** NM has joined #openstack-keystone00:36
*** ncoghlan is now known as ncoghlan_afk00:37
*** amcrn has quit IRC00:38
*** harlowja_ has quit IRC00:40
*** harlowja has joined #openstack-keystone00:41
*** ncoghlan_afk is now known as ncoghlan00:42
*** Guest69465 is now known as mfisch00:47
*** mfisch is now known as Guest6703900:48
*** ncoghlan is now known as ncoghlan_afk00:56
*** dguitarbite has quit IRC00:56
*** gokrokve has joined #openstack-keystone00:56
*** _cjones_ has quit IRC01:02
*** _cjones_ has joined #openstack-keystone01:03
*** _cjones_ has quit IRC01:07
*** ncoghlan_afk is now known as ncoghlan01:24
*** marcoemorais has quit IRC01:25
*** dimsum_ has quit IRC01:35
*** dimsum_ has joined #openstack-keystone01:36
*** dimsum_ has quit IRC01:40
*** david-lyle has quit IRC01:48
*** andreaf has quit IRC01:50
*** andreaf has joined #openstack-keystone01:50
*** andreaf has quit IRC01:50
*** andreaf has joined #openstack-keystone01:51
*** gokrokve_ has joined #openstack-keystone01:52
*** jamielennox has joined #openstack-keystone01:53
*** gokrokve has quit IRC01:55
*** diegows has quit IRC01:56
*** gokrokve_ has quit IRC01:56
*** NM has quit IRC01:59
nkinderstevemar: what part of the IPA automation were you interested in?  Setting up Keystone to use IPA, setting up IPA itself, or both?02:01
*** jwy has quit IRC02:02
*** lhcheng has quit IRC02:13
*** bknudson has quit IRC02:13
*** lhcheng has joined #openstack-keystone02:13
*** _cjones_ has joined #openstack-keystone02:14
openstackgerritDavid Stanek proposed a change to openstack/keystone: Fixes a spelling error in hacking tests  https://review.openstack.org/11946102:14
*** NM has joined #openstack-keystone02:14
*** _cjones_ has quit IRC02:18
*** lhcheng has quit IRC02:18
*** amerine has quit IRC02:18
*** amerine has joined #openstack-keystone02:19
*** amerine has quit IRC02:21
*** dguitarbite has joined #openstack-keystone02:21
*** amerine has joined #openstack-keystone02:21
openstackgerritgordon chung proposed a change to openstack/keystonemiddleware: Adding audit middleware to keystonemiddleware  https://review.openstack.org/10295802:23
*** alex_xu has joined #openstack-keystone02:27
*** amerine has quit IRC02:28
*** amerine has joined #openstack-keystone02:29
*** NM has quit IRC02:35
*** NM has joined #openstack-keystone02:41
*** harlowja is now known as harlowja_away02:44
morganfainbergnkinder, either tomorrow or thurs night to meetup in person02:47
nkindermorganfainberg: tomorrow works better for me, but I can make either of them work02:48
morganfainbergnkinder, once i sync up w/ gyee and the HP folks I'll let ya know02:48
nkindersounds good02:48
morganfainbergi'm leaning towards tomorrow02:48
morganfainbergif at all possible02:48
*** sunrenjie6 has joined #openstack-keystone02:49
*** NM has quit IRC02:53
*** stevemar has quit IRC02:53
*** stevemar has joined #openstack-keystone02:54
fifieldtok, morganfainberg - let me wake up a bit and get back to you03:09
remote_morgan_Sure. I'm hopping on a plane. Will be at the  hotel in a couple hrs.03:12
remote_morgan_fifieldt: will ping you when I'm there03:12
stevemarnkinder, primarily setting up IPA03:26
stevemarbut i03:26
stevemarbut i'll take both03:26
*** oomichi has joined #openstack-keystone03:28
*** wwriverrat1 has joined #openstack-keystone03:29
*** cjellick has quit IRC03:31
*** oomichi has quit IRC03:38
*** miqui has quit IRC03:44
*** andreaf has quit IRC03:46
*** andreaf has joined #openstack-keystone03:47
*** marcoemorais has joined #openstack-keystone04:14
*** gokrokve has joined #openstack-keystone04:15
*** marcoemorais1 has joined #openstack-keystone04:16
*** gokrokve has quit IRC04:18
*** gokrokve has joined #openstack-keystone04:18
*** marcoemorais has quit IRC04:19
*** dimsum_ has joined #openstack-keystone04:26
*** dimsum_ has quit IRC04:30
*** marcoemorais1 has quit IRC04:38
*** marcoemorais has joined #openstack-keystone04:46
*** ncoghlan is now known as ncoghlan_afk04:53
*** gokrokve_ has joined #openstack-keystone05:01
*** ukalifon1 has joined #openstack-keystone05:01
*** gokrokve has quit IRC05:04
*** gokrokve_ has quit IRC05:06
*** swamireddy has joined #openstack-keystone05:10
*** Kui has quit IRC05:13
*** ajayaa has joined #openstack-keystone05:15
*** gokrokve has joined #openstack-keystone05:15
*** Kui has joined #openstack-keystone05:16
*** andreaf has quit IRC05:20
*** andreaf has joined #openstack-keystone05:20
*** gokrokve has quit IRC05:27
*** gokrokve has joined #openstack-keystone05:27
openstackgerritSergey Kraynev proposed a change to openstack/python-keystoneclient: Using correct keyword for region in v3  https://review.openstack.org/11838305:27
*** jamielennox has quit IRC05:29
*** HenryG_ has joined #openstack-keystone05:29
*** HenryG has quit IRC05:30
*** lhcheng has joined #openstack-keystone05:31
*** gokrokve has quit IRC05:32
*** jamielennox has joined #openstack-keystone05:40
*** afazekas has joined #openstack-keystone05:50
*** lhcheng has quit IRC05:50
*** lhcheng_ has joined #openstack-keystone05:53
*** ncoghlan_afk is now known as ncoghlan06:01
*** lhcheng_ has quit IRC06:05
*** stevemar has quit IRC06:06
*** dimsum_ has joined #openstack-keystone06:15
*** ajayaa has quit IRC06:16
*** dimsum_ has quit IRC06:20
*** ajayaa has joined #openstack-keystone06:29
*** oomichi has joined #openstack-keystone06:34
*** shakamunyi has joined #openstack-keystone06:35
*** r1chardj0n3s is now known as r1chardj0n3s_afk06:37
*** k4n0 has joined #openstack-keystone07:08
*** shakamunyi has quit IRC07:18
*** shakamunyi has joined #openstack-keystone07:19
morganfainbergfifieldt, ping just got to the hotel07:26
morganfainbergfifieldt, if you're around. if not I can talk to you tomorrow sometime.07:26
*** andreaf has quit IRC07:32
*** andreaf has joined #openstack-keystone07:32
*** Krast has joined #openstack-keystone07:38
*** ncoghlan has quit IRC07:42
*** andreaf has quit IRC07:58
*** andreaf has joined #openstack-keystone07:58
*** amdl has left #openstack-keystone08:04
*** henrynash has joined #openstack-keystone08:07
*** jistr has joined #openstack-keystone08:10
*** jistr has quit IRC08:12
*** jistr has joined #openstack-keystone08:20
*** shakamunyi has quit IRC08:24
*** kevinbenton has quit IRC08:28
*** kevinbenton has joined #openstack-keystone08:36
*** marcoemorais has quit IRC08:44
*** shakamunyi has joined #openstack-keystone08:50
*** nellysmitt has joined #openstack-keystone08:52
*** Krast has quit IRC08:52
*** shakamunyi has quit IRC08:55
*** Krast has joined #openstack-keystone09:01
*** Krast has quit IRC09:04
*** Krast has joined #openstack-keystone09:05
*** andreaf has quit IRC09:14
*** andreaf has joined #openstack-keystone09:14
*** alex_xu has quit IRC09:21
fifieldtsorry morganfainberg, I was in a meeting09:35
*** oomichi has quit IRC09:36
*** jaosorior has joined #openstack-keystone09:44
*** shakamunyi has joined #openstack-keystone09:51
*** shakamunyi has quit IRC09:55
*** aix has joined #openstack-keystone10:00
*** jistr has quit IRC10:17
*** Krast has quit IRC10:22
*** jistr has joined #openstack-keystone10:22
*** amakarov_away is now known as amakarov10:28
*** diegows has joined #openstack-keystone10:49
*** dimsum_ has joined #openstack-keystone10:54
*** dimsum_ has quit IRC10:55
*** dimsum_ has joined #openstack-keystone10:55
*** openstack has joined #openstack-keystone14:12
afaranhagood to know, I can test the Rest API without login many times a day14:13
*** openstackstatus has joined #openstack-keystone14:14
*** ChanServ sets mode: +v openstackstatus14:14
ajayaaHi Guys. Just a quick question. If I am installing a fresh keystone manually and I run db_sync ,would it create any roles on the mysql?14:17
ajayaaayoung, ^^14:18
ayoungajayaa, is this a trick question?14:18
ajayaanope.14:18
ayoungOK, I give up.  Wouild it?14:18
ajayaaayoung, I don't know. I just thought I would ask than try it or dig into code.14:19
ayoungajayaa, any emprical?14:19
ayoungempirical...did you try it out?14:19
ajayaaayoung, I didn't try. Just asking.14:20
dstaneki don't think it will create any test data14:21
dstanekajayaa: ^14:21
ajayaaThanks.14:21
dstanekajayaa: that's why in devstack they have scripts to populate the various services with test data14:21
ayoungajayaa, we used to create a _member_ role, but that migration was collapsed, and we do not do so now14:22
ayoungso it depends on what version you are running whether or not you get that role.  Master will not create a role, I believe.14:22
ayoungBut I would have to look to confirm14:22
ayoungcuz we all know:14:22
ajayaadstanek, Even I thought the same. But there is someone in management to whom I should say with 100% surity that keystone does not come with any default role.14:22
ayoungI lie, I make things up14:22
ayoungasking me is certainly not "100% surity"14:23
ayoungits like, 5%.   Maybe 8.14:23
ajayaaayoung, You are a core. You should ne at least 99%14:23
ajayaa;)14:23
ayoungit just droppped to 4.2%14:23
ajayaalol.14:24
dstanekajayaa: well, i'm not 100% sure, but i can say that i've not seen anything that indicates we have test data outside of tests14:25
ajayaadstanek, ayoung, I will verify it. :)14:25
ajayaadstanek, ayoung, Is it a good idea to use domains in a prod setup?14:26
ayoungajayaa, you need Keystone V3 everywhere for domains.  Yes, it is a good idea, but I have no idea how well tested that is...it kindof scares me since we are basically banking on v3 and domains14:27
ajayaaAs of now domains don't provide any functionality other than just containers for projects.14:27
*** henrynash has joined #openstack-keystone14:27
ajayaaayoung, neutron, nova don't work with domains as well.14:27
ajayaaI mean domain-scoped tokens.14:27
bknudsondomain-scoped tokens have no use outside of keystone14:28
ajayaaIf other projects don't understand domains and let you do operations on them, then what's the point of domains?14:28
ajayaaFor e.g. I would like to do quota enforcement on a domain.14:28
ajayaaBut nova does not understand domains.14:29
ajayaaI mean there is no nova api call to do that.14:29
ajayaaPlease correct me If I am wrong or trying to use domains in way that it was not designed to be used.14:30
rodrigodsajayaa, the quota enforcement is being implemented for hierarchical projects14:30
rodrigodsmaybe this concept will address your issues14:30
ajayaarodrigods, I agree. Now we are making a decision on whether to use domains or not.14:31
ajayaaMy opinion to our management is we shouldn't use it because of the above stated reasons.14:31
ajayaaPlease let me know of the benefits of using domains.14:32
rodrigodsajayaa, the biggest one, that i know, is regarding user management14:32
rodrigodsand its implications, like, federation14:33
ajayaaLDAP and sql multi-domain.14:33
rodrigodsanother one =)14:33
ajayaafederation, that's an area I haven't delve into yet.14:33
ajayaarodrigods, anyway when the hierarchical projects comes into place, it would render domains useless. They will be there just for backward compatibility.14:35
rodrigodsajayaa, not so fast =)14:35
rodrigodsdomains will remain as users container14:35
ajayaarodrigods, I know.14:36
rodrigodsbut you will be able to do "domain-like" stuff in other components, i hope14:36
rodrigodsat least, we have this quota part being already implemented14:36
*** wanda_ has joined #openstack-keystone14:36
raildoajayaa, we implement domain quota driver in Nova: https://blueprints.launchpad.net/nova/+spec/domain-quota-driver14:37
ajayaaIf I recall correctly it is being developed as a part of oslo!14:37
raildoBut they are not like the idea about include domains in Nova14:37
ajayaaraildo, Exactly. I have the same concern regarding other components.14:38
raildoajayaa, ++14:38
ajayaaEven if nova accepts domains other projects might not choose to do so.14:38
rodrigodsajayaa, yes, this is the advantage of hierarchical projects in my point of view14:39
ajayaaraildo, We need some consensus on whether it is going to be used by other projects or not.14:39
ajayaaIf not then, we should clearly mention in the docs that domains are just for user management.14:40
*** swamireddy has quit IRC14:40
raildoin other moment, the community decided that domains will just work in Keystone14:41
ajayaaayoung, dstanek ^^14:42
ajayaaI am sure you have better things to do. But please advise on domains.14:42
ajayaaraildo, Can you please give the link to that discussion?14:44
raildoajayaa, hahaha I like the idea of domains, just think it is not being used to  all its potential.14:44
*** shakamunyi has joined #openstack-keystone14:44
dolphmajayaa: domain-based quotas are one of the very, very few places where it makes sense for another core openstack project to be domain-aware14:45
raildoajayaa, this was discussed in #openstack-nova , i believe that don't have log  for this14:45
dolphmajayaa: i only see use cases for domains within the umbrella of AAA (which includes quotas, and auditing, and thus ceilometer)14:46
*** topol has quit IRC14:46
ajayaadolphm, Can those areas be worked on?14:46
dolphmajayaa: i'm not sure what you're asking14:46
ajayaadolphm, Would it be possible to convince other components to operate in domains?14:47
dolphmajayaa: i don't think you're understanding my statement - the only use case where it makes sense to incldue domains are the places where domains have already been introduced. i do not think there is any use case to introduce domains anywhere new at this point, at least not anywhere that i am aware of.14:48
ajayaaIf hierarchical projects is the ultimate goal, why would any project accept to support domains?14:48
dolphmajayaa: do you mean "any service" instead of "any project" in that question?14:49
ajayaadolphm, yes14:49
*** stevemar has joined #openstack-keystone14:49
dolphmajayaa: well, they wouldn't support domains. if they support hierarchical projects, and domains become just a top-level project, then they would support domains / top-level projects implicitly14:50
dolphmthey wouldn't support "domains" *explicitly*, at least. there'd be no reason to do so14:50
*** shakamunyi has quit IRC14:50
*** wwriverrat1 has quit IRC14:51
ajayaadolphm, If we are not doing LDAP integration or federation, Would you recommend keystone v3 without domains?14:53
tellesnobregais anyone here on mountain time?14:53
ajayaakeystone v3, because of roles support.14:53
tellesnobregacan you please tell me what time is it in MST? we have a meeting and we are not sure what time it is because of the time difference14:54
ajayaa7:54 am14:55
ajayaaWednesday, 8 October 201414:55
ajayaaMountain Standard Time (MST)14:55
*** henrynash has quit IRC14:57
*** joesavak has quit IRC15:01
ajayaadolphm, I don't see support for quota in domain level in nova at least. At least this is a rea which needs work.15:02
tellesnobregathanks ajayaa15:02
dolphmtellesnobrega: for future reference https://www.google.com/?gws_rd=ssl#q=current+mst+time15:03
dolphmtellesnobrega: but i also believe we might be in Daylist Time, not Standard Time, so it might actually be MDT that you're looking for? https://www.google.com/?gws_rd=ssl#q=current+mdt+time15:04
dolphmtellesnobrega: if you search for Mountain Time, it matches MDT https://www.google.com/?gws_rd=ssl#q=current+mountain+time15:05
tellesnobregadolphm, thanks.. i looked it up and google showed the wrogn time15:05
tellesnobregai was making sure15:05
tellesnobregagoogle mountain time and it showed 8:5415:05
tellesnobregai guess its summer savings15:06
tellesnobregawell15:06
tellesnobregathanks15:06
dolphmtellesnobrega: i believe 8:54 was correct15:06
dolphmtellesnobrega: it's now 9:06 though15:06
*** pc-m has joined #openstack-keystone15:06
dolphmtellesnobrega: i'm one timezone off, and it's 10:06 here15:06
tellesnobregaajayaa, told me it was 7:5415:06
tellesnobregait is solved15:07
tellesnobregathe meeting started and im confused with timezones now15:07
dolphmtellesnobrega: that was correct for Mountain Standard Time, but most/all of the Mountain timezone is actually on Mountain Daylight Time right now (summer savings, as you said)15:07
tellesnobregalol15:07
dolphmtimezones are dumb15:07
tellesnobregaagreed15:08
ajayaadolphm, As you said in AAA, quota is also included. But I can't enforce quota across domains as of now.15:09
dolphmajayaa: raildo is working on that right?15:09
ajayaadolphm, Looking at the blueprint it seems it is on hold since icehouse.15:12
ajayaaraildo ?15:12
ajayaa^^15:12
*** cjellick has joined #openstack-keystone15:15
*** shakamunyi has joined #openstack-keystone15:15
*** wanda_ has left #openstack-keystone15:22
*** richm has joined #openstack-keystone15:25
*** andreaf has quit IRC15:25
*** joesavak has joined #openstack-keystone15:30
*** thedodd has joined #openstack-keystone15:31
samuelmzajayaa, dolphm raildo is having a meeting right now .15:31
ayoungnkinder, you were talking about trying to wireshark or tcpdump the keystone server...I was just trying that with ssldump15:34
ayounghttps://blogs.oracle.com/jyrivirkki/entry/using_ssldump  worked well enough to get me the key, but then I got:15:34
ayounghmac.c(106): OpenSSL internal error, assertion failed: j <= (int)sizeof(ctx->key)15:34
ajayaasamuelmz, thanks15:36
*** lufix has joined #openstack-keystone15:40
*** gokrokve has quit IRC15:41
*** andreaf has joined #openstack-keystone15:46
*** ajayaa has quit IRC15:51
*** _cjones_ has joined #openstack-keystone15:53
*** mewald has quit IRC15:55
*** andreaf has quit IRC15:57
*** k4n0 has quit IRC16:00
openstackgerritAlexander Makarov proposed a change to openstack/keystone: Trust redelegation  https://review.openstack.org/12689716:00
openstackgerritAlexander Makarov proposed a change to openstack/keystone: Trust redelegation  https://review.openstack.org/12689716:09
*** bdossant has quit IRC16:10
*** ajayaa has joined #openstack-keystone16:10
*** packet has joined #openstack-keystone16:11
*** lhcheng has joined #openstack-keystone16:11
*** gokrokve has joined #openstack-keystone16:14
*** andreaf has joined #openstack-keystone16:14
*** jaosorior has left #openstack-keystone16:15
*** jaosorior has joined #openstack-keystone16:15
dstanekwe've had so many things merge that all of my patches are way out of date16:15
openstackgerritDavid Stanek proposed a change to openstack/keystone: WIP: Force SQLite to properly deal with foreign keys  https://review.openstack.org/12603016:18
openstackgerritDavid Stanek proposed a change to openstack/keystone: Fixes endpoint_filter tests  https://review.openstack.org/12602916:18
openstackgerritDavid Stanek proposed a change to openstack/keystone: Remove database setup duplication  https://review.openstack.org/12673416:18
dstanekanyone got a few seconds to +A me here: https://review.openstack.org/#/c/119461/16:19
dstaneki never feel comfortable doing that on my own stuff16:20
*** andreaf has quit IRC16:21
*** andreaf has joined #openstack-keystone16:22
*** jistr has quit IRC16:22
morganfainbergmorning16:24
morganfainbergdstanek, looking now16:24
morganfainbergdolphm, done16:24
morganfainbergerm dstanek done16:24
dstanekmorganfainberg: thx16:24
*** tqtran has joined #openstack-keystone16:26
*** tqtran has left #openstack-keystone16:26
morganfainbergdstanek, force SQLite to do FKs? is that even possible? :P16:28
*** marcoemorais has joined #openstack-keystone16:28
dstanekmorganfainberg: only in a newer SQLite16:29
morganfainbergah16:29
dstanekmorganfainberg: that's how i found some of the endpoint filter bugs16:29
morganfainbergcan we make SQLite go away instead? (I feel it's largely the same as eventlet)16:29
* morganfainberg is only partly serious16:29
dstanekit would be really awesome if our unit tests didn't actually use SQL at all - then it would go away for day to day development16:30
dstanekwe are a long way off there thought16:30
*** gokrokve has quit IRC16:33
*** gokrokve has joined #openstack-keystone16:33
*** NM has quit IRC16:36
*** amcrn has joined #openstack-keystone16:36
*** lhcheng has quit IRC16:37
*** lhcheng has joined #openstack-keystone16:38
*** thedodd has quit IRC16:39
lbragstadmorganfainberg: re: functional testing/tempest: looks like there is going to be some in depth discussions at the summit around the process/procedure for pull the functional tests out of Tempest16:39
rodrigodsmorganfainberg, I need you =)16:40
morganfainberglbragstad, yeah figured16:40
rodrigods+2 at dolphm patch16:40
morganfainbergrodrigods, link? going to be hit/miss the rest of the week since I'm going to be in meetings16:40
lbragstadmorganfainberg: so, I'll just have to be patient until the summit :)16:40
morganfainbergyeah16:41
rodrigodsmorganfainberg, https://review.openstack.org/#/c/126697/16:41
rodrigods+2 +A, actually16:41
morganfainbergrodrigods, +316:42
rodrigodsmorganfainberg, thanks!16:43
*** lhcheng has quit IRC16:43
*** andreaf has quit IRC16:44
*** shakamunyi has quit IRC16:46
*** lhcheng has joined #openstack-keystone16:48
*** sigmavirus24 is now known as sigmavirus24_awa16:52
*** lhcheng has quit IRC16:56
*** lhcheng_ has joined #openstack-keystone16:58
*** NM has joined #openstack-keystone17:01
*** jraim has joined #openstack-keystone17:03
*** zzzeek has joined #openstack-keystone17:03
*** amakarov is now known as amakarov_away17:08
*** Guest67039 is now known as mfisch17:10
*** mfisch is now known as Guest7259317:11
*** ajayaa has quit IRC17:13
*** marekd is now known as marekd|away17:13
*** aix has quit IRC17:15
*** browne has joined #openstack-keystone17:17
*** andreaf has joined #openstack-keystone17:17
*** HenryG is now known as HenryG_afk17:20
*** lhcheng_ has quit IRC17:23
*** lhcheng has joined #openstack-keystone17:24
*** andreaf has quit IRC17:25
*** andreaf has joined #openstack-keystone17:26
*** wwriverrat has joined #openstack-keystone17:27
*** wwriverrat has left #openstack-keystone17:28
*** lhcheng has quit IRC17:28
*** david-lyle has joined #openstack-keystone17:32
*** andreaf has quit IRC17:34
*** lhcheng has joined #openstack-keystone17:40
*** lhcheng has quit IRC17:44
*** HenryG_afk is now known as HenryG17:44
*** lhcheng has joined #openstack-keystone17:44
*** vhoward has left #openstack-keystone17:45
*** jsavak has joined #openstack-keystone17:46
*** henrynash has joined #openstack-keystone17:47
*** lhcheng has quit IRC17:49
*** joesavak has quit IRC17:49
*** david-lyle has quit IRC17:57
samuelmzlbragstad, ping17:59
*** gokrokve has quit IRC17:59
*** jwy has joined #openstack-keystone17:59
*** gokrokve has joined #openstack-keystone17:59
*** mewald has joined #openstack-keystone18:04
*** browne has quit IRC18:05
*** sigmavirus24_awa is now known as sigmavirus2418:06
*** dimsum_ has quit IRC18:06
*** dimsum_ has joined #openstack-keystone18:06
*** thedodd has joined #openstack-keystone18:10
*** dimsum_ has quit IRC18:11
*** harlowja_away is now known as harlowja18:14
*** _cjones_ has quit IRC18:16
*** _cjones_ has joined #openstack-keystone18:16
*** _cjones_ has quit IRC18:21
*** _cjones_ has joined #openstack-keystone18:21
*** afazekas has quit IRC18:23
*** jaosorior has quit IRC18:23
*** jaosorior has joined #openstack-keystone18:29
*** david-lyle has joined #openstack-keystone18:31
*** jsavak has quit IRC18:31
*** joesavak has joined #openstack-keystone18:32
jwyhi, i have a question about authenticating with a client, from horizon18:34
jwyi'm trying to create an instance of the congress client from horizon, starting on line 65 here: https://review.openstack.org/#/c/123912/4/contrib/horizon/congress.py. the congress client uses keystoneclient.adapter.LegacyJsonAdapter here: https://github.com/stackforge/python-congressclient/blob/master/congressclient/v1/client.py#L52. but i get "ValueError: Circular reference detected". can i change my code to make it work, or does the client need to be w18:34
*** gyee has joined #openstack-keystone18:41
*** dimsum_ has joined #openstack-keystone18:43
*** thedodd has quit IRC18:47
*** mewald has quit IRC18:49
*** aix_ has joined #openstack-keystone18:50
*** cjellick has quit IRC18:56
*** amcrn has quit IRC18:57
*** jistr has joined #openstack-keystone18:59
*** david-lyle has quit IRC19:04
*** mewald has joined #openstack-keystone19:05
*** thedodd has joined #openstack-keystone19:07
dstanekjwy: you should post your traceback somewhere19:17
raildodolphm, sorry I had to go out and just came back now19:19
raildodolphm, i worked with the implementation of domain quota driver and the API19:20
dolphmraildo: do you still have an interest in merging it somewhere?19:20
*** _cjones_ has quit IRC19:21
raildodolphm, sure!19:21
raildodolphm, I have the code ready on github19:21
*** _cjones_ has joined #openstack-keystone19:21
*** _cjones_ has quit IRC19:26
jwydstanek: thanks for the suggestion. i had just updated my devstack and get a different error now, "Recoverable error: The service catalog is empty", with no traceback19:26
htrutaI think tellesnobrega may know something about the domain quota driver code19:28
tellesnobregadolphm, i worked with raildo on the implementation, we have it on our git19:28
tellesnobregawe would love to have it merged19:28
*** mewald has left #openstack-keystone19:35
*** lhcheng has joined #openstack-keystone19:36
openstackgerritA change was merged to openstack/keystone: Fixes a spelling error in hacking tests  https://review.openstack.org/11946119:37
*** jsavak has joined #openstack-keystone19:47
*** joesavak has quit IRC19:49
*** lhcheng has quit IRC19:52
*** _cjones_ has joined #openstack-keystone19:52
*** lhcheng has joined #openstack-keystone19:52
*** Guest72593 is now known as mfisch19:53
*** mfisch is now known as Guest681319:53
openstackgerritDavid Stanek proposed a change to openstack/keystone: Adds missing log hints for level E/I/W  https://review.openstack.org/11888319:54
openstackgerritDavid Stanek proposed a change to openstack/keystone: Extends hacking check for logging to verify i18n hints  https://review.openstack.org/11888419:54
openstackgerritDavid Stanek proposed a change to openstack/keystone: Fixes aggressive use of translation hints  https://review.openstack.org/12523319:54
*** Guest6813 is now known as mfisch19:54
*** mfisch has quit IRC19:54
*** mfisch has joined #openstack-keystone19:55
*** lhcheng has quit IRC19:56
*** topol has joined #openstack-keystone19:59
*** _cjones_ has quit IRC20:03
*** nellysmi_ has quit IRC20:03
*** marcoemorais has quit IRC20:03
*** _cjones_ has joined #openstack-keystone20:03
*** marcoemorais has joined #openstack-keystone20:03
*** marcoemorais has quit IRC20:04
*** marcoemorais has joined #openstack-keystone20:05
*** jistr has quit IRC20:08
*** r1chardj0n3s_afk is now known as r1chardj0n3s20:12
*** lufix has quit IRC20:16
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Refactor extract class for signing directory  https://review.openstack.org/12228120:23
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Refactor auth_token revocation list members to new class  https://review.openstack.org/10240320:23
*** thedodd has quit IRC20:23
*** thedodd has joined #openstack-keystone20:28
*** jaosorior has quit IRC20:33
*** cjellick has joined #openstack-keystone20:37
*** wwriverrat has joined #openstack-keystone20:38
*** wwriverrat has left #openstack-keystone20:39
*** amcrn has joined #openstack-keystone20:40
zzzeekhey morganfainberg : I’ve fleshed out https://review.openstack.org/#/c/125181/.    I’ve identified four distinct advantages to using decorators vs. context managers20:45
*** dimsum_ has quit IRC20:45
*** dimsum_ has joined #openstack-keystone20:45
*** topol has quit IRC20:47
*** dimsum_ has quit IRC20:49
*** lhcheng has joined #openstack-keystone21:08
*** lhcheng has quit IRC21:08
*** marcoemorais has quit IRC21:09
*** marcoemorais has joined #openstack-keystone21:10
*** raildo has quit IRC21:10
*** lhcheng_ has joined #openstack-keystone21:13
*** Kui has joined #openstack-keystone21:15
*** gokrokve has quit IRC21:16
*** richm has quit IRC21:20
*** jsavak has quit IRC21:21
*** cds has joined #openstack-keystone21:25
*** marcoemorais has quit IRC21:25
remote_morgan_zzzeek: cool. Will make sure to read it.21:27
openstackgerritBrant Knudson proposed a change to openstack/keystone: pki/ssl_setup configurable digest  https://review.openstack.org/11736621:27
openstackgerritBrant Knudson proposed a change to openstack/keystone: Change the default digest for pki/ssl_setup to sha256  https://review.openstack.org/11736721:27
*** marcoemorais has joined #openstack-keystone21:27
*** Ugallu has quit IRC21:29
*** cjellick has quit IRC21:29
*** cjellick has joined #openstack-keystone21:32
mgagneI'm having issues with PKI tokens and openstack clients. When passing a pre-authorized token to a client (like neutronclient), it will try to contact keystone (/v2.0/tokens/​{tokenId}​/endpoints) to fetch the endpoints associated to the token. As it happens that a PKI token grows as you add regions/endpoints, the URL becomes too long for keystone to handle properly and I'm getting HTTP Request URI too long errors. How can I address this21:32
*** wwriverrat has joined #openstack-keystone21:33
*** cjellick has quit IRC21:35
*** wwriverrat has quit IRC21:35
*** lhcheng_ has quit IRC21:35
*** cjellick has joined #openstack-keystone21:36
*** gokrokve has joined #openstack-keystone21:36
*** wwriverrat has joined #openstack-keystone21:37
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Delete unused examples/pki/certs/middleware.pem  https://review.openstack.org/12227721:38
*** saipandi has quit IRC21:38
*** gokrokve has quit IRC21:40
*** gokrokve has joined #openstack-keystone21:40
*** thiagop has quit IRC21:40
*** radez is now known as radez_g0n321:42
*** henrynash has quit IRC21:49
*** stevemar has quit IRC21:53
*** packet has quit IRC21:55
nkinderremote_morgan_: any word on meeting up later?21:59
*** sigmavirus24 is now known as sigmavirus24_awa21:59
remote_morgan_nkinder: looks like it's tomorrow.22:00
nkinderremote_morgan_: ok22:00
*** nellysmitt has joined #openstack-keystone22:00
remote_morgan_nkinder: was the time that worked the best for gyee etc as well.22:00
*** thedodd has quit IRC22:00
nkinderremote_morgan_: I'll get the details from you tomorrow22:01
*** wwriverrat has quit IRC22:01
remote_morgan_Need to see if thingiee will be joining as well22:01
remote_morgan_Ok will get details over to you tomorrow morning.22:01
*** marcoemorais1 has joined #openstack-keystone22:03
*** marcoemorais has quit IRC22:03
*** marcoemorais1 has quit IRC22:04
*** rwsu has quit IRC22:05
*** marcoemorais has joined #openstack-keystone22:05
*** nellysmitt has quit IRC22:05
*** packet has joined #openstack-keystone22:07
*** gordc has quit IRC22:08
*** packet has quit IRC22:10
*** nkinder has quit IRC22:10
*** rkofman has quit IRC22:12
*** rkofman has joined #openstack-keystone22:13
*** wwriverrat has joined #openstack-keystone22:14
*** rwsu has joined #openstack-keystone22:17
*** flwang1 has joined #openstack-keystone22:17
flwang1greetings, may I know how to let a user can add new user for current tenant? cheers22:17
flwang1for now, I'm trying to create a new role: "manager" and change the policy file to let the manager role have the permissions for users operations22:20
flwang1but seems it doesn't work, any suggestion will be appreciated22:20
*** wwriverrat has left #openstack-keystone22:20
*** NM has quit IRC22:20
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Refactor auth_token revocation list members to new class  https://review.openstack.org/10240322:21
*** shakamunyi has joined #openstack-keystone22:21
flwang1another question is how to leverage the 'ResellerAdmin' role, I googled but didn't find useful info22:22
*** zzzeek has quit IRC22:25
*** thedodd has joined #openstack-keystone22:25
*** nkinder has joined #openstack-keystone22:27
*** thedodd has quit IRC22:34
*** shakamunyi has quit IRC22:35
*** ayoung has quit IRC22:40
*** amcrn has quit IRC22:54
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Change occurrences of keystone to identity server  https://review.openstack.org/12706222:55
*** lhcheng has joined #openstack-keystone22:57
*** andreaf has joined #openstack-keystone22:57
*** andreaf has quit IRC22:59
openstackgerritDavid Stanek proposed a change to openstack/python-keystoneclient: Removes temporary fix for doc generation  https://review.openstack.org/12166723:00
*** andreaf has joined #openstack-keystone23:00
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Change tenant to project  https://review.openstack.org/12706623:02
*** marcoemorais has quit IRC23:03
*** marcoemorais has joined #openstack-keystone23:03
*** marcoemorais has quit IRC23:04
*** andreaf has quit IRC23:05
*** marcoemorais has joined #openstack-keystone23:05
*** andreaf has joined #openstack-keystone23:05
*** amcrn has joined #openstack-keystone23:07
*** wwriverrat has joined #openstack-keystone23:11
*** wwriverrat has left #openstack-keystone23:12
*** jorge_munoz has quit IRC23:13
*** andreaf has quit IRC23:18
*** andreaf has joined #openstack-keystone23:33
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Change admin user to service user.  https://review.openstack.org/12707523:33
*** gokrokve has quit IRC23:37
openstackgerritBrant Knudson proposed a change to openstack/keystonemiddleware: Fix reference to middleware architecture doc  https://review.openstack.org/12707823:40
*** marcoemorais has quit IRC23:42
*** raildo has joined #openstack-keystone23:48
*** marcoemorais has joined #openstack-keystone23:49
*** dimsum_ has joined #openstack-keystone23:50
*** dimsum_ has quit IRC23:54
*** nkinder has quit IRC23:55
openstackgerritBrant Knudson proposed a change to openstack/python-keystoneclient: Remove middleware architecture doc  https://review.openstack.org/12708123:56
*** marcoemorais has quit IRC23:58
*** marcoemorais1 has joined #openstack-keystone23:58
*** marcoemorais1 has quit IRC23:58
*** marcoemorais has joined #openstack-keystone23:59
*** raildo has quit IRC23:59
« Tuesday, 2014-10-07 Index Thursday, 2014-10-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!