Friday, 2015-07-24

*** hrou has joined #openstack-keystone		00:08
*** chlong has joined #openstack-keystone		00:11
*** zzzeek has joined #openstack-keystone		00:12
*** jiaxi has quit IRC		00:24
*** stevemar has joined #openstack-keystone		00:28
*** ChanServ sets mode: +v stevemar		00:28
*** david-lyle has quit IRC		00:40
*** stevemar has quit IRC		00:43
*** jaosorior has quit IRC		00:46
*** sigmavirus24_awa is now known as sigmavirus24		00:47
openstackgerrit	Merged openstack/keystone: Fix test_exception.py for py34 https://review.openstack.org/204807	00:49
openstackgerrit	Merged openstack/keystone: test_base64utils works with py34 https://review.openstack.org/203853	00:52
openstackgerrit	Merged openstack/keystone: Fix s3.core for py34 https://review.openstack.org/204804	00:52
ayoung	flwang, you don't need to put the role in the other policy files; they will ignore it if it is not set.	00:53
*** browne has joined #openstack-keystone		00:55
*** _cjones_ has quit IRC		01:05
*** ankita_wagh has quit IRC		01:06
*** gordc has quit IRC		01:07
*** topol has quit IRC		01:11
openstackgerrit	Ian Cordasco proposed openstack/python-keystoneclient: Set reasonable defaults for TCP Keep-Alive https://review.openstack.org/204741	01:14
*** topol has joined #openstack-keystone		01:16
*** ChanServ sets mode: +v topol		01:16
*** Kennan has quit IRC		01:17
openstackgerrit	Ian Cordasco proposed openstack/keystoneauth: Set reasonable defaults for TCP Keep-Alive https://review.openstack.org/205276	01:18
*** topol has quit IRC		01:19
*** dims has joined #openstack-keystone		01:20
*** davechen has joined #openstack-keystone		01:23
*** Kennan has joined #openstack-keystone		01:24
*** jiaxi has joined #openstack-keystone		01:25
*** markvoelker has joined #openstack-keystone		01:25
flwang	ayoung: cool, i will give it a try, thanks a lot	01:26
jiaxi	Hello,everyone	01:26
*** jsavak has joined #openstack-keystone		01:27
jiaxi	Please help me review my patch set https://review.openstack.org/#/c/204952/	01:28
ayoung	jiaxi, did you end up resubmitting that iwth a differen change ID?	01:32
ayoung	I thought there were reviews on the earlier version?	01:32
*** fangzhou has quit IRC		01:32
*** telemons1er is now known as telemonster		01:33
*** jdandrea has quit IRC		01:34
*** jiaxi has quit IRC		01:34
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	01:34
*** jsavak has quit IRC		01:36
dramakri	ayoung: ping.. can you please re-look at this one - https://review.openstack.org/#/c/190863/ ? You had +2ed it yday. Just removed the comments in one of the code files as suggested by henrynash. Thanks!	01:40
ayoung	dramakri, done	01:41
dramakri	ayoung: thanks a lot!!	01:41
*** topol has joined #openstack-keystone		01:42
*** ChanServ sets mode: +v topol		01:42
*** jiaxi has joined #openstack-keystone		01:44
jiaxi	ayoung: Yes	01:44
ayoung	jiaxi, use the old commit id, please	01:44
jiaxi	ayoung: I run into git merge trouble. So submit in a new changeID	01:44
jiaxi	ayoung: commit id ????? Change ID ???	01:45
jiaxi	ayoung: Why	01:45
*** topol has quit IRC		01:47
jiaxi	ayoung: are you here	01:55
*** lhcheng has quit IRC		01:55
*** zzzeek has quit IRC		01:57
bigjools	ayoung: hey, are you involved at all with https://review.openstack.org/#/c/159910 ?	01:57
*** bknudson has quit IRC		01:58
jiaxi	https://review.openstack.org/#/c/204952/	02:01
*** jiaxi has quit IRC		02:04
*** sigmavirus24 is now known as sigmavirus24_awa		02:05
*** jiaxi has joined #openstack-keystone		02:06
*** dramakri has quit IRC		02:09
*** dramakri has joined #openstack-keystone		02:09
*** gyee has quit IRC		02:17
*** henrynash_ has joined #openstack-keystone		02:18
*** ChanServ sets mode: +v henrynash_		02:18
*** chenhong has joined #openstack-keystone		02:20
*** henrynash has quit IRC		02:20
*** henrynash_ is now known as henrynash		02:20
*** spandhe has quit IRC		02:22
*** jiaxi has quit IRC		02:23
*** btully has quit IRC		02:27
*** dims has quit IRC		02:27
*** ankita_wagh has joined #openstack-keystone		02:30
*** lhcheng has joined #openstack-keystone		02:31
*** ChanServ sets mode: +v lhcheng		02:31
*** dramakri has quit IRC		02:46
*** kiran-r has joined #openstack-keystone		02:47
*** hakimo_ has joined #openstack-keystone		02:52
ayoung	bigjools, nope	02:53
*** hakimo has quit IRC		02:54
*** bradjones has quit IRC		02:59
openstackgerrit	Dave Chen proposed openstack/keystone: test_backend_sql work with python34 https://review.openstack.org/205352	02:59
openstackgerrit	jiaxi proposed openstack/keystone: Suppressing the request when creating endpoint with invalid urls https://review.openstack.org/200512	03:00
*** woodster_ has quit IRC		03:02
*** bradjones has joined #openstack-keystone		03:02
*** bradjones has quit IRC		03:02
*** bradjones has joined #openstack-keystone		03:02
*** kiran-r has quit IRC		03:04
*** dramakri has joined #openstack-keystone		03:05
*** piyanai has quit IRC		03:08
openstackgerrit	ayoung proposed openstack/keystone: Revoke Events in list https://review.openstack.org/205266	03:15
*** david-lyle has joined #openstack-keystone		03:17
*** jiaxi has joined #openstack-keystone		03:17
jiaxi	ayoung:	03:17
ayoung	jiaxi, if you do	03:18
jiaxi	ayoung: https://review.openstack.org/#/c/200512/	03:18
jiaxi	ayoung: Done	03:18
ayoung	jiaxi, cool, thanks	03:18
jiaxi	ayoung: It's my duty.	03:18
jiaxi	ayoung: Please help review my patch set https://review.openstack.org/#/c/200512/	03:19
ayoung	jiaxi, define "suppresed" in this case?	03:19
jiaxi	ayoung: what do you mean ?	03:19
ayoung	suppressed is not the right word...not your fault I see in the origianl bug report.	03:19
ayoung	invalid urls should be "rejected" not suppresed	03:20
jiaxi	ayoung: ok	03:20
ayoung	jiaxi, I'm going to edit your commit comment. PLease do: git review -d 200512 before making any further changes so you pick it up	03:20
*** richm has quit IRC		03:21
jiaxi	ayoung: Look forward to your edit.	03:21
openstackgerrit	ayoung proposed openstack/keystone: Reject create endpoint with invalid urls https://review.openstack.org/200512	03:21
ayoung	jiaxi, you should test this fix agains the openstack common CLI for V3 endpoints	03:22
openstackgerrit	Merged openstack/keystone: Add missing "raise" when throwing exception. https://review.openstack.org/199414	03:22
jiaxi	ayoung: This bug is about v2	03:24
openstackgerrit	Merged openstack/keystone: Imported Translations from Transifex https://review.openstack.org/204903	03:24
jiaxi	ayoung: It I add v3, the other cores may not agree with us.	03:24
ayoung	jiaxi, test it on both.	03:25
ayoung	I bet it fixes the bug on V3 as well, which you can test using the common CLI	03:25
ayoung	jiaxi, anyway, you missed what I said before about iterating...see my comment about what I meant.	03:25
jiaxi	ayoung: 100% fix the bug on v3	03:25
ayoung	otherwise, looks good	03:25
jiaxi	ayoung: Thank you, I will fix v3 , too. I hope the cores agree with us.	03:27
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/204937	03:31
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements https://review.openstack.org/197254	03:31
jiaxi	ayoung :	03:34
jiaxi	ayoung: why you assined my bug to you ????????????????	03:34
ayoung	jiaxi, I didn't	03:34
jiaxi	ayoung: The bug is mine https://bugs.launchpad.net/keystone/+bug/1471034	03:34
openstack	Launchpad bug 1471034 in Keystone "invalid URLs are not suppressed" [Low,In progress] - Assigned to Adam Young (ayoung)	03:34
jiaxi	ayoung: Look by yoursele	03:35
*** miguelgrinberg has quit IRC		03:35
jiaxi	ayoung: Look by yourself. I don't think it's reasonable and good	03:35
ayoung	jiaxi, guessing that launchpad did that automatically when I edited the commit. Braindead	03:36
*** hightall has joined #openstack-keystone		03:36
ayoung	jiaxi, assigned back to you	03:36
jiaxi	ayoung: I can't	03:36
jiaxi	ayoung: have no permission	03:36
ayoung	jiaxi, I just did	03:36
ayoung	jiaxi, refresh. I changed the bug name, too	03:37
*** hightall has quit IRC		03:37
jiaxi	ayoung: Thank you .	03:37
*** markvoelker has quit IRC		03:38
jiaxi	ayoung: I'm sorry to mistake you. Some time ago, a core assigne my bug to him. so I doubt.	03:38
ayoung	没必要道歉	03:39
*** hightall has joined #openstack-keystone		03:39
*** hightall has quit IRC		03:40
dstanek	jiaxi: that how a lot of our tooling works. last person to make certain changes gets it assigned to them	03:41
*** hightall has joined #openstack-keystone		03:41
ayoung	dstanek, to make sure it is not too convenient to make a change.	03:41
dstanek	ayoung: it's a little strange for sure, but in practice it doesn't matter much	03:43
jiaxi	ayoung: It' great that you can use chinese. But my chinese input method is broken. Ubuntu is a shit.,	03:43
dstanek	ayoung: although, i'm not fond of getting all of the extra emails from launchpad because i update a patch	03:43
*** hightall has quit IRC		03:44
jiaxi	dstanek: Hello, david. I'm going to fix v3 as well in my patch set. Is that okay ?	03:44
jiaxi	dstanek: Do you agree with me ? Because use the same logic can fix v3.	03:44
dstanek	jiaxi: i think only v3 needs to be fixed. v2 is nice, but i don't care much about it.	03:46
ayoung	it can't urt...V2 will be around for a while, but I agree, V3 is the important one	03:46
ayoung	jiaxi, I cheated on the chinese	03:47
ayoung	https://translate.google.com/#zh-CN/en/%E6%B2%A1%E5%BF%85%E8%A6%81%E9%81%93%E6%AD%89	03:47
jiaxi	jiaxi, Good , what os do you use ? mac os ? or Ubuntu ?	03:47
ayoung	http://adam.younglogic.com/2012/11/why-i-work-at-red-hat/ jiaxi see if you can guess based on that	03:48
dstanek	ayoung: arch?	03:49
ayoung	slackware	03:49
jiaxi	So geek.	03:50
dstanek	ayoung: i've mostly moved over from ubuntu to fedora :-) been pretty happy so far	03:50
dstanek	the move to dnf has been a little bit of a pain	03:50
ayoung	dstanek, glad to hear it.	03:50
ayoung	the dnf thing ius a little emotional for some people, too. The guy that wrote yum was killed while biking...he was well liked	03:51
ayoung	http://www.wral.com/bicyclist-killed-in-durham-hit-and-run/12639104/	03:51
dstanek	wow. i had no idea.	03:51
ayoung	yeah...it was pretty sad.	03:52
jiaxi	dstanek: david. In morning, I was thinking about use fedora instead of ubuntu. ubuntu is a shit. On night, I will use fedora.	03:52
ayoung	I didn;t know him personally, but many of my coworkers did	03:52
dstanek	my pain has been more elementary. i have to remember to install yum-utils before i can use ansible because i'm too lazy to roll and image with it or to fix ansible	03:52
ayoung	I thougjht all the yum stuff worked fine, it just complains at you....	03:53
ayoung	must be a command line alias, but different at the python levle?	03:53
ayoung	level	03:53
dstanek	the command line complains, but ansible imports yum and does stuff, so you need to yum shim	03:53
dstanek	jiaxi: you'll probably be happy. i find that ubuntu is moving toward being the Windows of the linux world and i'm just not the target audience anymore	03:54
ayoung	I must have had it installed already....getting to like Ansible...now if I could just find a nightly build of RHEL + RH OS that I can automated the install . Last one ...just somehwo breaks syslog	03:54
jiaxi	dstanek: pretty right. It's same with me.	03:55
*** markvoelker has joined #openstack-keystone		04:03
*** markvoelker has quit IRC		04:08
*** spandhe has joined #openstack-keystone		04:17
*** btully has joined #openstack-keystone		04:17
*** spandhe_ has joined #openstack-keystone		04:19
*** spandhe has quit IRC		04:21
*** spandhe_ is now known as spandhe		04:21
*** htruta_ has quit IRC		04:30
*** henrynash has quit IRC		04:36
*** jsavak has joined #openstack-keystone		04:36
*** ankita_wagh has quit IRC		04:36
*** henrynash has joined #openstack-keystone		04:37
*** ChanServ sets mode: +v henrynash		04:37
*** ankita_wagh has joined #openstack-keystone		04:37
*** hightall has joined #openstack-keystone		04:39
*** jsavak has quit IRC		04:41
*** lhcheng has quit IRC		04:53
*** markvoelker has joined #openstack-keystone		05:04
*** henrynash has quit IRC		05:05
*** henrynash has joined #openstack-keystone		05:07
*** ChanServ sets mode: +v henrynash		05:07
*** markvoelker has quit IRC		05:09
*** ankita_wagh has quit IRC		05:11
*** ankita_wagh has joined #openstack-keystone		05:12
dramakri	henrynash: ping.. removed the comments as per your suggestion. Please take a look at it - https://review.openstack.org/#/c/190863/ ? Thanks!	05:18
*** belmoreira has joined #openstack-keystone		05:18
*** chenhong1 has joined #openstack-keystone		05:41
*** chenhong has quit IRC		05:43
*** ajayaa has joined #openstack-keystone		05:44
*** hrou has quit IRC		05:47
*** kiran-r has joined #openstack-keystone		05:51
*** kiran-r has quit IRC		05:52
*** spandhe has quit IRC		05:54
*** spandhe has joined #openstack-keystone		06:00
*** ajayaa has quit IRC		06:00
*** belmoreira has quit IRC		06:08
*** ParsectiX has joined #openstack-keystone		06:13
*** ajayaa has joined #openstack-keystone		06:23
*** dramakri has left #openstack-keystone		06:28
*** lhcheng has joined #openstack-keystone		06:41
*** ChanServ sets mode: +v lhcheng		06:41
*** lhcheng has quit IRC		06:46
*** ankita_wagh has quit IRC		06:55
*** belmoreira has joined #openstack-keystone		06:55
*** jiaxi has quit IRC		06:57
*** markvoelker has joined #openstack-keystone		07:05
*** spandhe has quit IRC		07:08
*** pcaruana has joined #openstack-keystone		07:10
*** markvoelker has quit IRC		07:10
*** belmoreira has quit IRC		07:12
*** pcaruana is now known as centos		07:13
*** centos is now known as Guest59730		07:13
*** Guest59730 is now known as pcaruana		07:13
*** browne has quit IRC		07:18
*** rletrocquer has joined #openstack-keystone		07:22
*** ankita_wagh has joined #openstack-keystone		07:30
openstackgerrit	Yusuke Hayashi proposed openstack/keystone: Missing logging tag _LI https://review.openstack.org/205413	07:31
*** pnavarro has joined #openstack-keystone		07:31
*** chlong has quit IRC		07:33
openstackgerrit	Yusuke Hayashi proposed openstack/keystone: Missing logging tag _LI https://review.openstack.org/205413	07:39
*** jaosorior has joined #openstack-keystone		07:44
openstackgerrit	jiaxi proposed openstack/keystone: Reject create endpoint with invalid urls https://review.openstack.org/200512	07:47
*** ankita_wagh has quit IRC		07:49
*** mkoderer has joined #openstack-keystone		07:50
*** henrynash has quit IRC		07:51
*** fhubik has joined #openstack-keystone		07:56
*** btully has quit IRC		07:56
*** jistr has joined #openstack-keystone		08:04
*** jiaxi has joined #openstack-keystone		08:10
*** jiaxi has quit IRC		08:17
*** henrynash has joined #openstack-keystone		08:17
*** ChanServ sets mode: +v henrynash		08:17
*** belmoreira has joined #openstack-keystone		08:18
*** jsheeren has joined #openstack-keystone		08:19
*** pnavarro has quit IRC		08:25
*** fhubik has quit IRC		08:29
*** lhcheng has joined #openstack-keystone		08:30
*** ChanServ sets mode: +v lhcheng		08:30
*** lhcheng has quit IRC		08:35
*** aix has joined #openstack-keystone		08:38
*** belmoreira has quit IRC		08:44
*** pnavarro has joined #openstack-keystone		08:47
*** jsheeren has quit IRC		08:49
openstackgerrit	Andrey Pavlov proposed openstack/keystonemiddleware: Adding parse of protocol v4 of AWS auth to ec2_token https://review.openstack.org/205440	08:49
*** markvoelker has joined #openstack-keystone		08:51
*** lhcheng has joined #openstack-keystone		08:55
*** ChanServ sets mode: +v lhcheng		08:55
*** markvoelker has quit IRC		08:56
*** davechen has left #openstack-keystone		08:59
*** lhcheng has quit IRC		08:59
*** fhubik has joined #openstack-keystone		09:00
*** marzif has joined #openstack-keystone		09:02
*** btully has joined #openstack-keystone		09:03
openstackgerrit	Marek Denis proposed openstack/keystoneauth-saml2: Depend on keystoneauth https://review.openstack.org/186854	09:04
openstackgerrit	Atsushi SAKAI proposed openstack/keystone: Fix four typos and Add one space on keystone document https://review.openstack.org/205452	09:05
*** btully has quit IRC		09:08
*** marzif has quit IRC		09:08
*** marzif has joined #openstack-keystone		09:09
*** marzif has quit IRC		09:11
*** marzif has joined #openstack-keystone		09:12
*** afazekas has quit IRC		09:20
*** _afazekas has quit IRC		09:20
*** hightall has quit IRC		09:20
*** lsmola has quit IRC		09:21
*** __afazekas has joined #openstack-keystone		09:23
*** afazekas has joined #openstack-keystone		09:25
*** dguerri` is now known as dguerri		09:42
*** e0ne has joined #openstack-keystone		09:42
openstackgerrit	Andrey Pavlov proposed openstack/keystonemiddleware: Adding parse of protocol v4 of AWS auth to ec2_token https://review.openstack.org/205440	09:48
*** fhubik is now known as fhubik_afk		09:50
*** fhubik_afk is now known as fhubik		09:51
*** jiaxi has joined #openstack-keystone		10:01
*** e0ne_ has joined #openstack-keystone		10:02
*** e0ne has quit IRC		10:03
*** fhubik is now known as fhubik_afk		10:05
*** henrynash has quit IRC		10:08
*** henrynash has joined #openstack-keystone		10:13
*** ChanServ sets mode: +v henrynash		10:13
openstackgerrit	Atsushi SAKAI proposed openstack/keystone: Fix four typos and Add one space on keystone document https://review.openstack.org/205452	10:17
*** dims has joined #openstack-keystone		10:36
*** chenhong1 has quit IRC		10:43
*** marzif has quit IRC		10:45
*** henrynash has quit IRC		10:46
*** marzif has joined #openstack-keystone		10:46
*** piyanai has joined #openstack-keystone		10:50
*** markvoelker has joined #openstack-keystone		10:52
*** fhubik_afk is now known as fhubik		10:56
*** markvoelker has quit IRC		10:57
*** openstackgerrit has quit IRC		11:01
*** openstackgerrit has joined #openstack-keystone		11:02
*** yottatsa has joined #openstack-keystone		11:14
*** pnavarro has quit IRC		11:16
*** pnavarro has joined #openstack-keystone		11:21
*** henrynash has joined #openstack-keystone		11:39
*** ChanServ sets mode: +v henrynash		11:39
*** henrynash has quit IRC		11:42
samueldmq	ayoung: morning	11:42
samueldmq	ayoung: see https://etherpad.openstack.org/p/centralized-policy-delivery-operators again	11:42
samueldmq	ayoung: I improved it, I think that is too clear now that it is a step of the dynamic policies	11:42
*** jagter has joined #openstack-keystone		11:45
*** jiaxi has quit IRC		11:53
*** fhubik is now known as fhubik_afk		12:08
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone-specs: Centralized Policies Fetch and Cache https://review.openstack.org/134655	12:09
samueldmq	dolphm: expanded the performance and security impact sections ^	12:09
*** ayoung has quit IRC		12:10
*** jaosorior has quit IRC		12:11
*** jaosorior has joined #openstack-keystone		12:11
*** eandersson has joined #openstack-keystone		12:14
*** raildo has joined #openstack-keystone		12:14
*** cloudull_zzz is now known as cloudnull		12:16
*** wasmum has quit IRC		12:20
marekd	samueldmq: i think the Dynamic/Centralized Policy was supposed to be optional, right?	12:20
*** e0ne_ is now known as e0ne		12:20
samueldmq	marekd: hey, yes, there will be a config switch in the middleware to whether fetch the centralized policy or not	12:21
marekd	samueldmq: i commented on the review.	12:23
eandersson	Hey. I am getting the following error in Horizon/liberty with domain-tokens.	12:23
eandersson	> The resource could not be found. (https://keystone:5000/users/<id>/projects)	12:23
eandersson	I was just wondering if this is a valid request in Kilo :p	12:23
marekd	eandersson: did doc say anything about deprecation ?	12:24
*** markvoelker has joined #openstack-keystone		12:25
eandersson	I haven't found anything at least. :D	12:25
eandersson	I am trying to figure out if this is a misconfiguration, bug or well incomaptibility.	12:26
*** fhubik_afk is now known as fhubik		12:27
eandersson	I'll have to set it up in a local dev environment and see if I can find out what it is trying to do I guess	12:27
*** amakarov_away is now known as amakarov		12:29
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone-specs: Centralized Policies Fetch and Cache https://review.openstack.org/134655	12:30
samueldmq	marekd: ^ done	12:30
*** piyanai has quit IRC		12:34
*** jsavak has joined #openstack-keystone		12:36
*** rletrocquer has quit IRC		12:37
*** rletrocquer has joined #openstack-keystone		12:37
*** jiaxi has joined #openstack-keystone		12:41
jiaxi	hello.everyone	12:43
dstanek	jiaxi: hi	12:46
*** bknudson has joined #openstack-keystone		12:48
*** ChanServ sets mode: +v bknudson		12:48
marekd	samueldmq: thanks	12:48
samueldmq	marekd: np	12:48
samueldmq	some reviews are just .. so funny	12:48
marekd	?	12:48
samueldmq	a review from stevemar in one of the specs : 'this spec doesn't make me want to rage quit keystone-spec, so it's a good thing.'	12:48
samueldmq	hehe I was looking at it now :)	12:49
dstanek	samueldmq: at least you're aiming high	12:49
marekd	i like steve's sense oh humour	12:49
samueldmq	dstanek: :)	12:49
samueldmq	marekd: yes	12:49
jiaxi	dstanek: https://review.openstack.org/#/c/200512/ My patch looks much better now	12:49
jiaxi	dstanek: but no one look...	12:50
dstanek	jiaxi: nice	12:50
samueldmq	and another ... dolphm's review on my patch yesterday : "WTF kind of use case is this?"	12:50
samueldmq	hehehe	12:50
dstanek	samueldmq: that actually made me laugh out load when i read that	12:50
samueldmq	dstanek: me too ahah	12:51
dstanek	jiaxi: yes, sometimes it takes a while. according to next-review i have 208 reviews to reviews and i'm also trying to get some coding done	12:52
samueldmq	dstanek: I took his comment as something funny, and not as he was hating my text at all :p	12:52
*** dims has quit IRC		12:52
marekd	samueldmq: that was not his intention :P	12:53
*** dims has joined #openstack-keystone		12:53
samueldmq	anyway I like when there is space for improvements	12:53
samueldmq	if I am learning I am happy, I apply this to everything I am doing :)	12:54
marekd	...	12:54
samueldmq	marekd: I am not judging that comment, I am just saying something in general :p	12:54
marekd	neither do i!	12:55
samueldmq	marekd: sure I know :)	12:55
samueldmq	marekd: btw the second spec that needs love is the on in keystone side (https://review.openstack.org/#/c/197980/)	12:58
*** jdandrea has joined #openstack-keystone		12:59
samueldmq	marekd: I think that middleware one is almost ready :)	12:59
samueldmq	marekd: were you at the midcycle ? did you see the demo?	12:59
yottatsa	jiaxi, (slow)hi	13:00
samueldmq	dstanek: basically we changed from 'dynamic policies delivery' to somehting like 'centralized policies distribution'	13:01
openstackgerrit	David Stanek proposed openstack/python-keystoneclient: No keystone Endpoint now gives a valid Error Message https://review.openstack.org/155260	13:01
samueldmq	dstanek: the bp name refers to the former, should I create another bp with the latter and update specs ? (to be more consistent)	13:01
samueldmq	dstanek: it currently is 'dynamic-policies-delivery', and I don't think it's possible to update the bp url, for ex	13:02
dstanek	samueldmq: i don't care as much about the bp since that is really for tracking purposes. the spec is the design doc and wording there matters	13:03
*** wasmum has joined #openstack-keystone		13:03
samueldmq	dstanek: makes sense, I will update just the bp title/description, thanks	13:03
*** jsavak has quit IRC		13:03
*** jsavak has joined #openstack-keystone		13:04
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	13:06
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Deprecations fixture support calling deprecated function https://review.openstack.org/205524	13:06
*** hockeynut has quit IRC		13:09
*** browne has joined #openstack-keystone		13:12
marekd	samueldmq: yes, i was, yes i did see it	13:12
openstackgerrit	Andrey Pavlov proposed openstack/keystonemiddleware: Adding parse of protocol v4 of AWS auth to ec2_token https://review.openstack.org/205440	13:12
marekd	samueldmq: let me read it later, ok ?	13:14
marekd	i need to do sth else right now.	13:14
jiaxi	ayoung: are you here	13:15
*** hockeynut has joined #openstack-keystone		13:15
*** hockeynut has quit IRC		13:15
samueldmq	marekd: sure sir, take your time :)	13:16
*** petertr7_away is now known as petertr7		13:17
*** hockeynut_afk has quit IRC		13:24
*** richm has joined #openstack-keystone		13:24
*** hrou has joined #openstack-keystone		13:25
*** jistr is now known as jistr\|mtg		13:29
openstackgerrit	Merged openstack/keystone: Fix four typos and Add one space on keystone document https://review.openstack.org/205452	13:31
*** tristanC has quit IRC		13:31
*** tristanC has joined #openstack-keystone		13:32
*** fhubik has quit IRC		13:32
*** hockeynut has joined #openstack-keystone		13:32
*** fhubik has joined #openstack-keystone		13:32
jiaxi	https://review.openstack.org/#/c/200512/	13:33
*** geoffarnold has joined #openstack-keystone		13:33
*** petertr7 is now known as petertr7_away		13:34
jiaxi	yottatsa: help me to review my patch set https://review.openstack.org/#/c/200512/	13:34
jiaxi	yottatsa: You are so kind.	13:35
*** petertr7_away is now known as petertr7		13:35
*** woodster_ has joined #openstack-keystone		13:36
*** geoffarnold has quit IRC		13:37
*** gordc has joined #openstack-keystone		13:41
*** ayoung has joined #openstack-keystone		13:42
*** ChanServ sets mode: +v ayoung		13:42
*** ajayaa has quit IRC		13:47
marekd	lbragstad:ok, i need your playbooks to quickly deploy keystone env.	13:50
marekd	do you have some sort of newbie intro ?	13:50
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone-specs: Centralized Policies Distribution Mechanism https://review.openstack.org/197980	13:50
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone-specs: Centralized Policies Fetch and Cache https://review.openstack.org/134655	13:51
samueldmq	ayoung: did you have a chance to take a look at the email message?	13:53
samueldmq	ayoung: I am asking because I will have to leave in a bit and will only be back later today	13:53
samueldmq	ayoung: so if you think it is good enough I could send it already :)	13:54
*** edmondsw has joined #openstack-keystone		13:56
breton	Does	13:57
breton	Sam Leong	13:57
breton	ah, dammit.	13:58
breton	*Does Sam Leong hang out here?	13:58
breton	I don't see his nickname on the launchpad page	13:58
*** henrynash has joined #openstack-keystone		13:58
*** ChanServ sets mode: +v henrynash		13:58
*** piyanai has joined #openstack-keystone		14:00
*** topol has joined #openstack-keystone		14:01
*** ChanServ sets mode: +v topol		14:01
samueldmq	ayoung: specs updated.. I am leaving for a bit, will be back this afternoon	14:01
jiaxi	ayoung: are you here	14:03
*** btully has joined #openstack-keystone		14:03
*** ParsectiX has quit IRC		14:04
*** browne has quit IRC		14:05
*** mylu has joined #openstack-keystone		14:06
*** r-daneel has joined #openstack-keystone		14:11
*** jistr\|mtg is now known as jistr		14:12
*** henrynash has quit IRC		14:14
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	14:18
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for AccessInfo region_name parameter https://review.openstack.org/205547	14:18
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for AccessInfo scoped property https://review.openstack.org/205548	14:18
*** jecarey has joined #openstack-keystone		14:19
jiaxi	https://review.openstack.org/#/c/200512/	14:20
*** jaosorior has quit IRC		14:21
*** sigmavirus24_awa is now known as sigmavirus24		14:23
ayoung	jiaxi, sort of. What's up?	14:24
jiaxi	ayoung: https://review.openstack.org/#/c/200512/ my patch set always failure because of tempest , tempest is broken.. recheck for many times	14:26
openstackgerrit	Vladimir Eremin proposed openstack/keystone: Replace 401 to 404 when token is invalid https://review.openstack.org/205554	14:26
openstackgerrit	Merged openstack/keystone: add federation docs for mod_auth_mellon https://review.openstack.org/198083	14:27
*** browne has joined #openstack-keystone		14:27
ayoung	jiaxi, looks good. +2 from me	14:28
ayoung	jiaxi, maybe tempest is setting invalid URLs. Take a look at the failures....I don;t think that to be the case ,but...wouldn't it be cool if you caught that?	14:28
jiaxi	ayoung: Thank you. You are so nice.	14:29
jiaxi	ayoung: I will check the log.	14:29
ayoung	不用谢我	14:29
yottatsa	jiaxi, looking on 200512	14:32
jiaxi	yottatsa: what do you mean ?	14:32
jiaxi	yottatsa: look my patch set ? which part ?	14:33
yottatsa	jiaxi, yup	14:33
jiaxi	yottatsa: which part ? I have look it for so many time.	14:33
*** stevemar has joined #openstack-keystone		14:34
*** ChanServ sets mode: +v stevemar		14:34
*** geoffarnold has joined #openstack-keystone		14:35
*** topol has quit IRC		14:35
*** henrynash has joined #openstack-keystone		14:36
*** ChanServ sets mode: +v henrynash		14:36
*** jiaxi has quit IRC		14:40
*** hockeynut_afk has joined #openstack-keystone		14:42
larsks	Is the change from keystone.token.backends to keystone.token.persistence.backends between Juno and Kilo documented somewhere?	14:43
stevemar	larsks: probably in the release notes	14:44
*** marzif has quit IRC		14:44
larsks	I don't recall seeing deprecation warnings in Juno, so I am susprised to see this go away in Kilo like that.	14:45
stevemar	hey ayoung, i think i remember you asking about oslo.policy adoption, it's going well: https://bugs.launchpad.net/nova/+bug/1458945	14:45
openstack	Launchpad bug 1458945 in Cinder "Use graduated oslo.policy instead of oslo-incubator code" [Medium,In progress] - Assigned to Ivan Kolodyazhny (e0ne)	14:45
*** marzif has joined #openstack-keystone		14:45
ayoung	stevemar, I'm too depressed about the rest of policy to cheer.	14:45
larsks	stevemar: There doesn't appear to be any mention of the change in the keystone source itself. Which release notes were you referring to?	14:45
larsks	Ah, releasenotes/kilo on the wiki, maybe...	14:46
stevemar	larsks: https://wiki.openstack.org/wiki/ReleaseNotes/Kilo#Upgrade_Notes_5	14:46
larsks	Yeah, finding my way there.	14:46
stevemar	larsks: we rarely remove without deprecation...	14:46
larsks	stevemar: I know, that's why I was surprised!	14:46
*** henrynash has quit IRC		14:47
rodrigods	henrynash, ping... we are discussing patches "consistency". In the first patch of the Reseller chain we can create a is_domain Project that won't be actually a domain that follow all rules. Is that ok?	14:47
*** tellesnobrega has quit IRC		14:47
ayoung	larsks, yeah, they couldn't be bothered with fixing PKI, so they rolled back to UUID and wrote fernet instead	14:47
*** tellesnobrega has joined #openstack-keystone		14:47
stevemar	larsks: the message was in the juno code: https://github.com/openstack/keystone/blob/stable/juno/keystone/token/core.py#L36-L40	14:47
stevemar	larsks: are you upgrading from icehouse or earlier?	14:48
larsks	stevemar: Guess I am just blind, or I get so used to seeing deprecation warnings that they fade from awareness.	14:48
larsks	Thanks!	14:48
ayoung	oh...that.	14:48
stevemar	it's actually this one: https://github.com/openstack/keystone/blob/stable/juno/keystone/token/core.py#L104-L108	14:48
*** hockeynut_afk has quit IRC		14:48
*** tellesnobrega has quit IRC		14:48
stevemar	larsks: possible	14:48
*** tellesnobrega has joined #openstack-keystone		14:49
*** hockeynut_afk has joined #openstack-keystone		14:49
stevemar	ayoung: not bad though... just magnetoDB, magnum, nova and cinder, that need to use oslo.policy	14:50
*** ajayaa has joined #openstack-keystone		14:51
*** petertr7 is now known as petertr7_away		14:51
*** ajayaggarwal has joined #openstack-keystone		14:52
*** petertr7_away is now known as petertr7		14:53
*** geoffarnold has quit IRC		14:54
*** tellesnobrega has quit IRC		14:56
*** tellesnobrega has joined #openstack-keystone		14:56
*** tellesnobrega has quit IRC		14:57
*** zzzeek has joined #openstack-keystone		14:58
*** tellesnobrega has joined #openstack-keystone		14:59
*** mylu has quit IRC		15:00
*** pnavarro has quit IRC		15:03
*** mylu has joined #openstack-keystone		15:07
morganfainberg	ayoung: is jamielennox on vacation?	15:10
*** piyanai has quit IRC		15:11
*** piyanai has joined #openstack-keystone		15:11
*** pnavarro has joined #openstack-keystone		15:16
*** arunkant has quit IRC		15:17
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	15:17
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Stop using deprecated AccessInfo.auth_url https://review.openstack.org/205581	15:17
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for AccessInfo auth_url property https://review.openstack.org/205582	15:17
*** geoffarnold has joined #openstack-keystone		15:18
*** piyanai has quit IRC		15:19
*** piyanai has joined #openstack-keystone		15:20
*** piyanai has quit IRC		15:20
dstanek	i was hoping to find an easy way using sphinx/docutils to parse docstrings. looks like it will be harder than i thought	15:21
morganfainberg	:(	15:22
morganfainberg	dstanek: that's unfortunate	15:22
dstanek	morganfainberg: all i want is param types and return types :-( i'll have to try again later	15:23
*** piyanai has joined #openstack-keystone		15:23
marekd	Hm, when nova wants to validate a token it calls GET keystone:5000/v3/auth/tokens ?	15:23
*** mylu has quit IRC		15:24
*** mylu has joined #openstack-keystone		15:24
marekd	lbragstad: i need your help :-)	15:26
*** piyanai has quit IRC		15:26
dolphm	lbragstad: he's on vacation	15:27
dolphm	marekd: ^	15:27
marekd	dolphm: ok	15:27
marekd	dolphm: maybe you've got a minute ?	15:27
dolphm	marekd: he returns home monday morning, not sure if he'll be on monday or tuesday	15:27
dolphm	marekd: sure	15:27
marekd	dolphm: no worries, doens't needto be Lance specifically	15:28
marekd	so, when any service wants to validate a token it hits keystone:5000/v3/auth/tokens	15:29
marekd	dolphm: is that right?	15:29
dolphm	marekd: :5000 or :35357 in the case of v3	15:29
*** piyanai has joined #openstack-keystone		15:29
dolphm	marekd: if it was v2, it'd have to hit GET :35357/v2.0/tokens	15:29
marekd	yeah, i am talking v3 only	15:30
marekd	an fernet	15:30
dolphm	GET :35357/v2.0/tokens/{token_id} *	15:30
dolphm	marekd: ack, then GET /v3/auth/tokens + X-Subject-Token	15:30
marekd	so it comes to calling auth.controllers.Auth.validate_token()	15:30
marekd	anyway, i am trying to get to the spot where actually a token format is distinguished and fernet code is being executed...	15:31
*** diazjf has joined #openstack-keystone		15:31
*** fhubik has quit IRC		15:31
marekd	cause clearly the fernet token must be disassembled	15:31
dolphm	marekd: yep	15:32
*** mylu has quit IRC		15:32
marekd	dolphm: can you point me to that function/method ?	15:33
dolphm	marekd: are you referring to the fernet token format being handled, or the payload inside the fernet token being handled?	15:35
marekd	dolphm: payload.	15:35
*** topol has joined #openstack-keystone		15:36
*** ChanServ sets mode: +v topol		15:36
marekd	dolphm: well, in fact i wanted to say where anything that touches fernet starts...	15:36
*** ankita_wagh has joined #openstack-keystone		15:36
dolphm	marekd: https://github.com/openstack/keystone/blob/master/keystone/token/providers/fernet/token_formatters.py#L174-L176	15:36
marekd	for instance i am using a fernet token with my nova, that fails on token validation, and added rpdb breakpoint in the disassembling method and this seems to not even get there.	15:37
dolphm	marekd: the first method there calls cryptography.io do validate the fernet token and return the messagepacked payload	15:37
dolphm	marekd: oh, well you might not be hitting the breakpoint if there's caching taking place somewhere	15:38
marekd	it's simple devstack, i even restarted apache and can see keystone logs that keystone is doing some work.	15:38
*** piyanai has quit IRC		15:38
dolphm	marekd: devstack runs memcached, iirc	15:39
dolphm	marekd: the caching could be in auth_token in front of nova, even	15:39
marekd	dolphm: i figured, but i generated another token too .	15:39
dolphm	marekd: if you set a breakpoint on L174 there, you should hit it for a fresh token	15:39
marekd	token_formatters.py ?	15:40
*** topol has quit IRC		15:40
*** gyee has joined #openstack-keystone		15:41
*** ChanServ sets mode: +v gyee		15:41
*** piyanai has joined #openstack-keystone		15:41
*** david-lyle has quit IRC		15:44
*** pnavarro has quit IRC		15:46
*** ayoung has quit IRC		15:48
marekd	dolphm: ok, i hit the breakpoints.	15:48
marekd	thanks	15:48
*** topol has joined #openstack-keystone		15:51
*** ChanServ sets mode: +v topol		15:51
dolphm	marekd: was it caching, or were you setting a breakpoint in the wrong spot?	15:54
*** bitblt has joined #openstack-keystone		15:56
marekd	.pyc file i think.	15:57
*** ajayaggarwal has left #openstack-keystone		15:58
marekd	i thoroughly cleaned all .pyc, pyo files, restarted apache and it worked.	15:58
*** mylu has joined #openstack-keystone		15:59
*** yottatsa has quit IRC		16:01
*** yottatsa has joined #openstack-keystone		16:03
*** marzif has quit IRC		16:05
yottatsa	marekd, look at https://review.openstack.org/205554	16:05
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	16:05
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for AccessInfo auth_url property https://review.openstack.org/205582	16:05
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Stop using deprecated AccessInfo.auth_url and management_url https://review.openstack.org/205581	16:05
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for AccessInfo management_url property https://review.openstack.org/205602	16:05
*** marzif has joined #openstack-keystone		16:06
*** kiran-r has joined #openstack-keystone		16:06
marekd	yottatsa: thanks.	16:06
*** mylu has quit IRC		16:07
*** mylu has joined #openstack-keystone		16:07
yottatsa	marekd, here the place where token_provider_api is used for validation https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L448	16:08
yottatsa	there is fernet implementation https://github.com/openstack/keystone/blob/master/keystone/token/providers/fernet/core.py#L152	16:09
yottatsa	there is uuid implementation https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L679	16:09
yottatsa	dolphm, https://review.openstack.org//205130 I've done with bugfix	16:11
yottatsa	please take a look	16:11
*** tsymanczyk has quit IRC		16:12
dolphm	yottatsa: already am!	16:14
dolphm	yottatsa: looks great, but i have a nit i'm writing a rather detailed explanation for - give me one minute	16:14
dolphm	yottatsa: posted https://review.openstack.org/#/c/205554/	16:16
*** _cjones_ has joined #openstack-keystone		16:16
*** _cjones_ has quit IRC		16:17
*** _cjones_ has joined #openstack-keystone		16:17
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	16:17
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations for modules https://review.openstack.org/205610	16:17
dolphm	yottatsa: also, when you go to update https://review.openstack.org/#/c/205130/ with the final, approved patch from master ... i recommend using "git review -X 205554" to produce the patch, which will include the "cherry-picked from commit <sha>" in the commit message, which the stable maintenance team and other folks downstream seem to really appreciate	16:17
*** geoffarn_ has joined #openstack-keystone		16:17
*** geoffarnold has quit IRC		16:18
*** geoffarn_ has quit IRC		16:18
dolphm	yottatsa: thanks for doing the backport though! if i don't do the cherry picking myself, then that means i can +2 it :)	16:18
*** jecarey has quit IRC		16:19
*** geoffarnold has joined #openstack-keystone		16:19
*** tsymancz1k has joined #openstack-keystone		16:19
*** dguerri is now known as dguerri`		16:20
*** david-lyle has joined #openstack-keystone		16:20
openstackgerrit	Vladimir Eremin proposed openstack/keystone: Replace 401 to 404 when token is invalid https://review.openstack.org/205554	16:20
yottatsa	dolphm, thank you for explanation!	16:20
dolphm	yottatsa: +2!	16:22
yottatsa	thanks dolphm!	16:22
dolphm	yottatsa: are you running openstack at yandex?	16:22
yottatsa	yup	16:22
yottatsa	about 2500 nodes setup	16:22
dolphm	yottatsa: nice! is it a production environment?	16:23
yottatsa	dolphm I'm afraid I can't speak on behalf of Yandex, PR department doesn't like it	16:25
*** petertr7 is now known as petertr7_away		16:25
dolphm	yottatsa: i'm just interested in what you're doing with fernet :)	16:27
dolphm	yottatsa: but, understood!	16:27
*** piyanai has quit IRC		16:28
yottatsa	dolphm, we have some business critical tasks in the cloud (like automatic fuctional testing), so API stability and performance is very important for our deployment	16:30
*** diazjf has quit IRC		16:31
yottatsa	fernet tokens allow us to dramatically reduce token issue and token validation time	16:32
breton	yottatsa: 2500 physical nodes or 2500 vms?	16:32
yottatsa	it's mainly because we don't need to store tokens in keystone.token table	16:32
yottatsa	breton, 2500 physical nodes, about 100k cores	16:33
*** diazjf has joined #openstack-keystone		16:34
*** gyee has quit IRC		16:34
*** Protux has quit IRC		16:37
*** browne has quit IRC		16:37
*** piyanai has joined #openstack-keystone		16:37
*** Protux has joined #openstack-keystone		16:37
*** tellesnobrega has quit IRC		16:37
*** geoffarnold has quit IRC		16:38
*** tellesnobrega has joined #openstack-keystone		16:38
*** geoffarnold has joined #openstack-keystone		16:38
*** gyee has joined #openstack-keystone		16:40
*** ChanServ sets mode: +v gyee		16:40
*** arunkant has joined #openstack-keystone		16:43
*** lhcheng has joined #openstack-keystone		16:46
*** ChanServ sets mode: +v lhcheng		16:46
*** nkinder has joined #openstack-keystone		16:48
*** snapdey has joined #openstack-keystone		16:54
*** stevemar has quit IRC		16:55
*** ayoung has joined #openstack-keystone		16:55
*** ChanServ sets mode: +v ayoung		16:55
*** piyanai has quit IRC		16:57
*** kiran-r has quit IRC		16:58
*** ankita_wagh has quit IRC		16:58
*** geoffarn_ has joined #openstack-keystone		16:59
*** piyanai has joined #openstack-keystone		17:00
*** yottatsa has quit IRC		17:00
breton	gyee: hey!	17:00
*** mylu has quit IRC		17:01
*** roxanaghe has joined #openstack-keystone		17:02
breton	gyee: are there any plans to make changes to ksm and ksc for X.509 support?	17:02
*** geoffarnold has quit IRC		17:03
*** mylu has joined #openstack-keystone		17:03
*** ajayaa has quit IRC		17:04
*** dims is now known as dimsum__		17:04
*** petertr7_away is now known as petertr7		17:04
*** yottatsa has joined #openstack-keystone		17:06
*** tqtran has joined #openstack-keystone		17:07
*** tsymancz1k has quit IRC		17:08
*** spandhe has joined #openstack-keystone		17:08
*** snapdey has quit IRC		17:09
*** snapdey has joined #openstack-keystone		17:12
*** piyanai has quit IRC		17:12
yottatsa	Promise I've done https://blueprints.launchpad.net/keystone/+spec/keystone-slaveification on Monday	17:13
*** petertr7 is now known as petertr7_away		17:14
*** ankita_wagh has joined #openstack-keystone		17:17
*** piyanai has joined #openstack-keystone		17:19
*** geoffarnold has joined #openstack-keystone		17:19
*** piyanai has quit IRC		17:20
*** geoffarn_ has quit IRC		17:23
*** piyanai has joined #openstack-keystone		17:23
*** diazjf has left #openstack-keystone		17:27
*** browne has joined #openstack-keystone		17:30
*** petertr7_away is now known as petertr7		17:32
ayoung	dolphm, samueldmq, https://review.openstack.org/#/c/205629/ . let's use that spec as the grounds for further discussion on how to get past the global admin issues.	17:32
*** TheIntern has joined #openstack-keystone		17:32
*** piyanai has quit IRC		17:35
gyee	breton, yes, I think jamielennox have most of the plumbing done already	17:36
gyee	it would be trivial to make it support x.509 since the feature is landed	17:36
*** yottatsa has quit IRC		17:36
*** deep has joined #openstack-keystone		17:38
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	17:38
breton	gyee: he did it in both ksm and ksc? Is there a patch to review?	17:38
gyee	ayoung, for the endpoint constraint patch, I'll remove the py3 stuff once bknudson's patches are landed	17:38
deep	Hello	17:38
*** ankita_wagh has quit IRC		17:39
gyee	breton, its just another auth plugin so it should work for both ksc and ksm	17:39
deep	response = self._adapter.request(path, method, **kwargs)	17:39
ayoung	gyee, works for me	17:40
ayoung	gyee, is that the last issue?	17:40
gyee	ayoung, yes, because test-requirements-py3 was holding up jenkins	17:40
breton	gyee: is the plugin implemented?	17:41
gyee	breton, not yet, but should be fairly trivial	17:41
ayoung	gyee, added you to https://review.openstack.org/#/c/205629/ as I think you might be interested	17:42
deep	in the keystone middleware auth_token, i am trying to understand the code, in _identity.py line 247 response = self._adapter.request(path, method, **kwargs), i am not able to understand where does this request goes and where to look for the code for _adapter.request. I am trying to debug the issue where proxy server is not able to download revoked token from keystone running on ssl	17:42
gyee	ayoung, amend brother!	17:42
ayoung	I think you mean Amen.	17:42
gyee	yes	17:42
gyee	my bad	17:42
*** piyanai has joined #openstack-keystone		17:43
gyee	I was mixing git commands with English	17:43
ayoung	Ame is from the Hebrew "We Speak" meaning to affirm. To amend....I wonder if those are related words...interesting	17:43
gyee	indeed	17:43
bhenderson	I all, anyone recommend a docker container for keystone?	17:44
raildo	gyee: sometimes I do this, with english and my own language :P	17:44
breton	gyee: ok. You won't mind me implementing it, will you?	17:44
gyee	breton, go for it	17:44
gyee	breton, all we need is a plugin which will convey the scope in the request headers	17:45
*** rletrocquer has quit IRC		17:45
gyee	everything else should already be taken care off by the SSL connection itself	17:45
ayoung	gyee, so...they are actually not related words at all. A-M-N is the root word for "faithful" and "Mend" is the Latin root word for fault or error...pretty much the opposite. Neat	17:46
gyee	raildo, at least your language is closer to english :)	17:46
gyee	ayoung, good to know :)	17:46
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/204937	17:47
*** petertr7 is now known as petertr7_away		17:48
*** petertr7_away is now known as petertr7		17:48
*** geoffarnold has quit IRC		17:48
deep	in the keystone middleware auth_token, i am trying to understand the code, in _identity.py line 247 response = self._adapter.request(path, method, **kwargs), i am not able to understand where does this request goes and where to look for the code for _adapter.request. I am trying to debug the issue where proxy server is not able to download revoked token from keystone running on ssl	17:48
*** geoffarnold has joined #openstack-keystone		17:48
gyee	ayoung, ya think we can automate gerrit to strip extra white spaces off instead of having them in red?	17:49
lhcheng	gyee: question on setting up tokenless auth in devstack..	17:49
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	17:49
lhcheng	gyee: updating the apache conf and keystone.conf atm	17:49
ayoung	gyee, that would be stellar	17:49
ayoung	do I have some? I thought tox would have failed	17:49
gyee	ayoung, line 86	17:49
lhcheng	gyee: http://paste.openstack.org/show/405384/ is the value of "trusted_issuer" correct?	17:49
* ayoung has been 86ed!		17:49
gyee	heh	17:50
gyee	lhcheng, looking	17:50
ayoung	gyee, thanks...fixed	17:51
lhcheng	gyee: so I set the SSLCACertificatePath to the same value as SSLCertificateFile.. to make the self-signed cert work	17:51
gyee	lhcheng, yes, that should work	17:51
lhcheng	gyee: for the truster_issuer value, does having the spaces there okay?	17:52
gyee	let me 2x check the code	17:53
dstanek	bhenderson: i have not used one, but i don't see why it wouldn't work	17:53
bhenderson	dstanek: the couple I've tried seem to have lots of other dependencies, but I'm also new to keystone and I don't really know what deps it has	17:54
*** stevemar has joined #openstack-keystone		17:54
*** ChanServ sets mode: +v stevemar		17:54
bhenderson	thanks	17:54
*** e0ne has quit IRC		17:54
gyee	lhcheng, space should be fine	17:55
*** stevemar has quit IRC		17:57
*** e0ne has joined #openstack-keystone		17:57
*** e0ne has quit IRC		17:58
lhcheng	gyee: cool, will bug you more later as I go along setting it up today. :)	17:58
*** marzif has quit IRC		17:58
*** ankita_wagh has joined #openstack-keystone		17:58
*** belmoreira has joined #openstack-keystone		17:58
*** stevemar has joined #openstack-keystone		18:00
*** ChanServ sets mode: +v stevemar		18:00
*** stevemar has quit IRC		18:01
*** stevemar has joined #openstack-keystone		18:01
*** ChanServ sets mode: +v stevemar		18:01
*** stevemar has quit IRC		18:03
*** TheIntern has quit IRC		18:03
*** piyanai has quit IRC		18:04
*** stevemar has joined #openstack-keystone		18:04
*** ChanServ sets mode: +v stevemar		18:04
*** stevemar has quit IRC		18:04
*** stevemar has joined #openstack-keystone		18:04
*** ChanServ sets mode: +v stevemar		18:04
*** stevemar has quit IRC		18:05
ayoung	hey gyee you in a jacket and tie now? http://www.theregister.co.uk/2015/07/24/hp_dress_code?mt=1437760883985	18:05
*** stevemar has joined #openstack-keystone		18:05
*** ChanServ sets mode: +v stevemar		18:05
*** stevemar has quit IRC		18:06
*** belmoreira has quit IRC		18:06
gyee	ayoung, hah, I only wear jacket and tie to either wedding or funeral	18:06
*** geoffarn_ has joined #openstack-keystone		18:07
morganfainberg	ayoung: ahaha. I sure didnt see that memo- sooooo tshirt it is next week! :P	18:07
*** geoffarnold has quit IRC		18:08
morganfainberg	gyee: hey jacket and tie can be cool elsewhere too... Just not all the time.	18:08
gyee	morganfainberg, elsewhere? like getting me free beer? :)	18:08
morganfainberg	gyee: like "cause i feel like weirding put people today" :)	18:09
gyee	hahah	18:09
morganfainberg	If it wasnt so bloody warm i might do the 3-peice suit for this trip to sunnyvale. :P	18:10
morganfainberg	Just to really make people go "wtf"	18:10
gyee	you do that	18:10
*** TheIntern has joined #openstack-keystone		18:10
gyee	reaction would be priceless	18:10
gyee	I am sure there will be a lot of "wtf's Morgan smoking lately" stares	18:11
ayoung	morganfainberg, you don't count./ GIven your druthers, you;'d look like the people in the Piston booth on a daily basis	18:12
morganfainberg	Nah.	18:12
morganfainberg	Too much work cleaning those clothes.	18:12
*** eandersson has quit IRC		18:12
ayoung	"It was Colonel Fainberg, in the meeting room, with a cheese-grater"	18:12
morganfainberg	Newp. No thanks.	18:13
ayoung	morganfainberg, I'm trying to focus things down from Dynamic policy to just solving 968696; https://review.openstack.org/#/c/205629/	18:13
ayoung	maybe that will be a small-enough-to-be-understood amount	18:14
*** jistr has quit IRC		18:14
gyee	idea for tokyo, handing out t-shits with just 968696 on them	18:14
gyee	t-shirts	18:15
ayoung	I think you might have been right the first time	18:15
*** stevemar has joined #openstack-keystone		18:16
*** ChanServ sets mode: +v stevemar		18:16
gyee	heh	18:16
*** ankita_w_ has joined #openstack-keystone		18:18
*** ankita_wagh has quit IRC		18:18
morganfainberg	I ... Nope so not going to ask ...	18:18
*** tsymancz1k has joined #openstack-keystone		18:20
gyee	morganfainberg, plan on spending a few hours in the Huntington Library and Getty Museum next week	18:21
ayoung	gyee, T-Shirt would cost $25. Want one?	18:21
gyee	$25?!!!	18:21
*** snapdey has quit IRC		18:22
gyee	from customlink?	18:22
ayoung	gyee, yep	18:23
ayoung	customink, not link	18:23
gyee	ayoung, yet, lets do this	18:24
*** snapdey has joined #openstack-keystone		18:24
*** gordc has quit IRC		18:25
*** tqtran has quit IRC		18:26
odyssey4me	dstanek dolphm marekd what review was that fernet token patch for federated scoped tokens again?	18:26
odyssey4me	I'd like to give it a try	18:26
morganfainberg	gyee: huntington is nice. Check out the gardens too.	18:28
morganfainberg	The huntington is walking distance (ok a long walk) from my house.	18:28
*** gordc has joined #openstack-keystone		18:29
*** snapdey has quit IRC		18:29
*** snapdey has joined #openstack-keystone		18:32
*** mylu has quit IRC		18:34
*** jistr has joined #openstack-keystone		18:35
*** mylu has joined #openstack-keystone		18:35
*** snapdey has quit IRC		18:35
*** piyanai has joined #openstack-keystone		18:35
*** jistr is now known as jistr\|afk		18:35
dstanek	odyssey4me: this one? https://review.openstack.org/#/c/202176/	18:36
odyssey4me	dstanek yeah, thanks - I actually had just found it	18:37
odyssey4me	it looks like it still needs another revision	18:37
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/204937	18:38
*** ankita_w_ has quit IRC		18:41
*** ankita_wagh has joined #openstack-keystone		18:41
openstackgerrit	Alexander Makarov proposed openstack/keystone-specs: Unified delegation spec https://review.openstack.org/189816	18:41
*** stevemar has quit IRC		18:42
*** iamjarvo has joined #openstack-keystone		18:42
*** stevemar has joined #openstack-keystone		18:42
*** ChanServ sets mode: +v stevemar		18:42
*** topol has quit IRC		18:43
openstackgerrit	Alexey Miroshkin proposed openstack/keystone: Assign different values to public and admin ports https://review.openstack.org/205667	18:43
*** snapdey has joined #openstack-keystone		18:43
*** stevemar has quit IRC		18:47
*** TheIntern has quit IRC		18:47
*** mylu has quit IRC		18:49
*** mylu has joined #openstack-keystone		18:51
*** pnavarro has joined #openstack-keystone		18:55
lhcheng	gyee: in the doc https://review.openstack.org/#/c/156870/43/doc/source/configure_tokenless_x509.rst	18:55
lhcheng	gyee: should "SSLCACertificatePath /etc/apache2/ssl/cacert.crt" point to a directory?	18:55
lhcheng	gyee: I get an error after restarting apache: "SSLCACertificatePath: directory '/opt/stack/data/CA/int-ca/devstack-cert.crt' does not exist"	18:56
gyee	that's weird	18:58
gyee	file perms set correctly?	18:58
*** stevemar has joined #openstack-keystone		18:59
*** ChanServ sets mode: +v stevemar		18:59
*** gyee has quit IRC		18:59
*** snapdey has quit IRC		19:00
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	19:00
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for BaseIdentityPlugin username, password, token_id properties https://review.openstack.org/205676	19:00
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for BaseIdentityPlugin trust_id property https://review.openstack.org/205677	19:00
*** snapdey has joined #openstack-keystone		19:00
lhcheng	gyee: I think so, this is the same cert used by devstack for ssl. permission is 644	19:01
*** ankita_wagh has quit IRC		19:01
*** ankita_wagh has joined #openstack-keystone		19:02
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427	19:10
openstackgerrit	Rodrigo Duarte proposed openstack/keystone: Change project name constraints https://review.openstack.org/158372	19:10
*** tsymancz1k has quit IRC		19:12
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	19:16
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Stop using Manager.api https://review.openstack.org/205681	19:16
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for Manager.api https://review.openstack.org/205682	19:16
*** EmilienM is now known as EmilienM\|brb		19:18
*** bitblt has quit IRC		19:22
*** mylu has quit IRC		19:22
*** mylu has joined #openstack-keystone		19:25
*** mylu has quit IRC		19:27
*** mylu has joined #openstack-keystone		19:28
*** geoffarn_ has quit IRC		19:29
*** geoffarnold has joined #openstack-keystone		19:30
*** piyanai has quit IRC		19:34
*** deep has quit IRC		19:37
*** piyanai has joined #openstack-keystone		19:38
*** topol has joined #openstack-keystone		19:38
*** ChanServ sets mode: +v topol		19:38
*** TheIntern has joined #openstack-keystone		19:40
*** mylu has quit IRC		19:41
*** ankita_wagh has quit IRC		19:43
*** mylu has joined #openstack-keystone		19:44
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	19:46
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for client.HTTPClient https://review.openstack.org/205687	19:46
*** ankita_wagh has joined #openstack-keystone		19:46
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for is_ans1_token https://review.openstack.org/205688	19:46
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for Dicover.available_versions() https://review.openstack.org/205689	19:46
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for Dicover.raw_version_data unstable parameter https://review.openstack.org/205690	19:46
openstackgerrit	Andrey Pavlov proposed openstack/keystonemiddleware: Adding parse of protocol v4 of AWS auth to ec2_token https://review.openstack.org/205440	19:54
*** topol has quit IRC		19:55
*** piyanai has quit IRC		19:56
*** EmilienM\|brb is now known as EmilienM		19:59
*** piyanai has joined #openstack-keystone		19:59
*** henrynash has joined #openstack-keystone		20:01
*** ChanServ sets mode: +v henrynash		20:01
*** geoffarnold has quit IRC		20:01
*** hrou has quit IRC		20:05
*** hrou has joined #openstack-keystone		20:05
*** tsymancz1k has joined #openstack-keystone		20:11
samueldmq	ayoung: you around ?	20:16
samueldmq	ayoung: morganfainberg did you take a look at the message I am planning to send to the operators list?	20:18
ayoung	samueldmq, I'm not very round, but starting to get soft in the belly	20:18
*** snapdey has quit IRC		20:18
raildo	henrynash: ping, the link for the reseller session https://www.openstack.org/summit/tokyo-2015/vote-for-speakers/presentation/6338	20:19
raildo	let's vote :D	20:19
samueldmq	ayoung: not sure I got what you mean ...	20:19
ayoung	samueldmq, I've looked at it, started editing it, stopped, moved over to global admin stuff, and moved back. I'm not quite sure what to tell you; I thjink it is the right idea, but not sure how to communicate it.	20:20
ayoung	rodrigods, you need a photo up, man	20:20
samueldmq	ayoung: so you think I am addressing the feature the wrong way in that message?	20:20
raildo	ayoung: ++	20:21
samueldmq	ayoung: feel free to make any edits on it if you think we could improve that	20:21
*** snapdey has joined #openstack-keystone		20:21
ayoung	samueldmq, so, the reason we want the "fetch frrom Keystone" is so we can do all sorts of better management in the future	20:21
ayoung	row level editingm, etc	20:21
ayoung	and, the driving reason for that is...what would you say?	20:22
samueldmq	ayoung: yes, and I told that in the mesage, the granular management of rules	20:22
samueldmq	ayoung: that will open the door to: i) granular manipulation of policy rules	20:23
samueldmq	ayoung: ii) validation of policy rules	20:23
ayoung	BUT WHY	20:23
ayoung	sorry	20:23
samueldmq	ayoung: iii) hierarchical roles	20:23
ayoung	and those are important becasue we want more fine grained delegation.	20:23
ayoung	and that is for scale.	20:23
*** tsymancz1k has quit IRC		20:24
ayoung	You need to have the "ADMIN" role for fewer and fewer things.	20:24
*** pnavarro has quit IRC		20:24
samueldmq	ayoung: so there is the link to the overview spec (wiki page) already there .. I am not sure how much of details it is necessary to add in there	20:25
ayoung	right....	20:25
samueldmq	ayoung: otherwise we'll end up with a spec insteade of a email message	20:25
ayoung	because the end goal is so far from the feature we are trying to enable	20:25
*** henrynash has quit IRC		20:26
samueldmq	ayoung: I think in the email message that's just a step and is opening the door for other things	20:26
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	20:26
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for httpclient.request() https://review.openstack.org/205699	20:26
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Fix tests passing user, project, and token https://review.openstack.org/205700	20:26
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for HTTPClient tenant_id, tenant_name parameters https://review.openstack.org/205701	20:27
samueldmq	in hte email message I made clear**	20:27
samueldmq	ayoung: get someone else to read that for you, and ask him/her if that is clear the message we want to pass	20:27
samueldmq	ayoung: we are so involved in the subject that sometimes we aren't the right people to evaluate if we pass/understand the message we are supposed to :)	20:28
samueldmq	ayoung: in additio, if they have quaestions, concerns, they will ask	20:29
samueldmq	ayoung: that's why it's an email thread, not an announcement we're doing :p	20:29
*** henrynash has joined #openstack-keystone		20:33
*** ChanServ sets mode: +v henrynash		20:33
*** amakarov is now known as amakarov_away		20:33
*** stevemar has quit IRC		20:33
*** henrynash has quit IRC		20:34
*** henrynash has joined #openstack-keystone		20:34
*** ChanServ sets mode: +v henrynash		20:34
*** mylu has quit IRC		20:40
*** tsymancz1k has joined #openstack-keystone		20:40
*** mylu has joined #openstack-keystone		20:42
*** snapdey has quit IRC		20:45
*** stevemar has joined #openstack-keystone		20:45
*** ChanServ sets mode: +v stevemar		20:45
*** mylu has quit IRC		20:46
*** mylu has joined #openstack-keystone		20:46
*** roxanaghe has quit IRC		20:49
*** stevemar has quit IRC		20:50
*** gyee has joined #openstack-keystone		20:55
*** ChanServ sets mode: +v gyee		20:55
*** iamjarvo has quit IRC		20:57
*** raildo has quit IRC		20:58
*** TheIntern has quit IRC		20:59
*** __afazekas has quit IRC		21:03
*** iamjarvo has joined #openstack-keystone		21:03
*** edmondsw has quit IRC		21:06
*** _afazekas has joined #openstack-keystone		21:07
*** afazekas has quit IRC		21:07
*** afazekas has joined #openstack-keystone		21:08
*** snapdey has joined #openstack-keystone		21:10
*** ankita_w_ has joined #openstack-keystone		21:11
*** petertr7 is now known as petertr7_away		21:11
gyee	lhcheng, I think the doc is wrong, should be SSLCACertificateFile or SSLCACertificatePath	21:11
*** snapdey has quit IRC		21:11
*** piyanai has quit IRC		21:12
*** ankita_wagh has quit IRC		21:14
gyee	lhcheng, I'll update the doc	21:14
lhcheng	gyee: cool, that work!	21:16
lhcheng	*worked	21:16
*** e0ne has joined #openstack-keystone		21:21
openstackgerrit	Merged openstack/python-keystoneclient: Deprecations fixture support calling deprecated function https://review.openstack.org/205524	21:22
*** iamjarvo has quit IRC		21:25
*** piyanai has joined #openstack-keystone		21:27
*** iamjarvo has joined #openstack-keystone		21:27
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecations https://review.openstack.org/191511	21:30
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for HTTPClient tenant_id, tenant_name parameters https://review.openstack.org/205701	21:30
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for HTTPClient.tenant_id\|name https://review.openstack.org/205710	21:30
openstackgerrit	Brant Knudson proposed openstack/python-keystoneclient: Proper deprecation for HTTPClient.request methods https://review.openstack.org/205711	21:30
*** gordc has quit IRC		21:31
*** snapdey has joined #openstack-keystone		21:34
*** iamjarvo has quit IRC		21:36
*** roxanaghe has joined #openstack-keystone		21:41
*** roxanaghe has quit IRC		21:45
*** roxanaghe has joined #openstack-keystone		21:47
*** piyanai has quit IRC		21:50
*** r-daneel has quit IRC		21:53
*** jsavak has quit IRC		21:56
*** mylu has quit IRC		21:58
*** e0ne has quit IRC		22:00
*** snapdey has quit IRC		22:27
*** _hrou_ has joined #openstack-keystone		22:27
*** snapdey has joined #openstack-keystone		22:28
*** hrou has quit IRC		22:29
*** hrou has joined #openstack-keystone		22:29
*** _hrou_ has quit IRC		22:32
*** __afazekas has joined #openstack-keystone		22:34
*** afazekas has quit IRC		22:35
*** snapdey has quit IRC		22:36
*** _afazekas has quit IRC		22:36
*** afazekas has joined #openstack-keystone		22:36
*** snapdey has joined #openstack-keystone		22:43
*** hrou has quit IRC		22:47
*** woodster_ has quit IRC		22:54
*** jsavak has joined #openstack-keystone		22:56
*** jsavak has quit IRC		23:01
*** dimsum__ has quit IRC		23:02
*** ankita_w_ has quit IRC		23:03
*** tsymancz1k has quit IRC		23:03
*** dimsum__ has joined #openstack-keystone		23:05
*** samleon has joined #openstack-keystone		23:08
*** snapdey has quit IRC		23:10
*** tsymanczyk has joined #openstack-keystone		23:13
*** tsymanczyk is now known as Guest28145		23:14
*** markvoelker has quit IRC		23:15
*** dguerri` has quit IRC		23:27
*** jistr\|afk has quit IRC		23:29
*** dguerri` has joined #openstack-keystone		23:29
*** dguerri` is now known as dguerri		23:30
*** dguerri has joined #openstack-keystone		23:30
lhcheng	samleon, gyee: I am done up to line 168 in the tokenless auth setup: https://review.openstack.org/#/c/156870/43/doc/source/configure_tokenless_x509.rst	23:36
lhcheng	do I need to make changes in the middleware to test?	23:37
*** __afazekas has quit IRC		23:37
*** afazekas has quit IRC		23:37
gyee	no changes to middleware needed	23:39
gyee	just curl should do	23:39
*** _afazekas has joined #openstack-keystone		23:40
lhcheng	I tried using "curl -k --cert /opt/stack/data/CA/int-ca/devstack-cert.crt https://10.0.2.15:5000/v3/projects"	23:41
lhcheng	got an error of "curl: (58) unable to set private key file: '/opt/stack/data/CA/int-ca/cacert.pem' type PEM "	23:41
*** zzzeek has quit IRC		23:41
gyee	curl --cert <certfile> --key <keyfile> https://10.0.2.15:5000/v3/projects	23:41
lhcheng	definitely something wrong on my curl command	23:41
gyee	and --cacert	23:42
gyee	since you are using self-signed cert	23:42
*** afazekas has joined #openstack-keystone		23:42
lhcheng	http://paste.openstack.org/show/405524/	23:45
gyee	--key should be corresponding to the SSLCertificateKeyFile in your apache mod_ssl	23:46
lhcheng	gyee: fixed, got a new error	23:48
lhcheng	http://paste.openstack.org/show/405524/	23:48
lhcheng	getting close ... :)	23:48
gyee	that's the same paste	23:49
gyee	you set the key correctly?	23:49
lhcheng	oops sorry	23:50
lhcheng	http://paste.openstack.org/show/405526/	23:50
lhcheng	yeah, key set correctly now	23:50
*** nzeer_ has joined #openstack-keystone		23:51
*** htruta_ has joined #openstack-keystone		23:53
gyee	can you run openssl against it?	23:53
*** dguerri has quit IRC		23:54
*** wasmum has quit IRC		23:54
*** nzeer has quit IRC		23:54
gyee	openssl s_client -CAfile /opt/stack/data/CA/int-ca/devstack-cert.crt -connect 10.0.2.15:5000	23:54
*** dguerri` has joined #openstack-keystone		23:54
*** nzeer_ is now known as nzeer		23:54
*** dguerri` is now known as dguerri		23:54
*** dguerri has joined #openstack-keystone		23:54
*** marzif has joined #openstack-keystone		23:55
lhcheng	http://paste.openstack.org/show/405527/	23:55
gyee	lhcheng, is there a ca cert in /opt/stack/data/CA/int-ca/	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!