Tuesday, 2015-09-29

*** EinstCrazy has joined #openstack-keystone00:01
*** geoffarnold has joined #openstack-keystone00:08
*** akanksha_ has quit IRC00:08
*** EinstCrazy has quit IRC00:09
*** zzzeek has quit IRC00:17
*** shadower has quit IRC00:23
*** su_zhang has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
*** dims has joined #openstack-keystone00:24
*** diazjf has joined #openstack-keystone00:27
*** diazjf has left #openstack-keystone00:27
*** diegows has quit IRC00:30
*** mhu has quit IRC00:37
*** aix has quit IRC00:39
*** aix has joined #openstack-keystone00:40
*** lhcheng has quit IRC00:42
*** mhu has joined #openstack-keystone00:43
*** amit213 has quit IRC00:45
*** _hrou_ has joined #openstack-keystone00:47
*** edmondsw has quit IRC00:47
*** jmccrory has joined #openstack-keystone00:49
*** hrou has quit IRC00:51
*** aix has quit IRC00:52
*** btully has joined #openstack-keystone00:52
*** geoffarnold has quit IRC00:54
*** aix has joined #openstack-keystone00:55
*** marzif has joined #openstack-keystone00:56
*** btully has quit IRC00:57
*** _cjones_ has quit IRC01:00
*** EinstCrazy has joined #openstack-keystone01:01
*** browne has quit IRC01:02
*** r-daneel has quit IRC01:04
*** davechen has joined #openstack-keystone01:23
*** mylu has joined #openstack-keystone01:26
davechenbknudson: ping?01:28
davechenbknudson: still here?01:28
davechenfine, i will leave my explanation in that patch (https://review.openstack.org/#/c/134124).01:39
*** mylu has quit IRC01:43
*** mylu has joined #openstack-keystone01:43
*** mylu_ has joined #openstack-keystone01:47
*** mylu has quit IRC01:48
*** dsirrine|call has quit IRC01:54
*** ankita_wagh has joined #openstack-keystone02:04
*** ngupta has joined #openstack-keystone02:06
*** richm has quit IRC02:06
*** dims has quit IRC02:09
*** dsirrine|call has joined #openstack-keystone02:09
*** ayoung has quit IRC02:18
*** stevemar has joined #openstack-keystone02:19
*** ChanServ sets mode: +v stevemar02:19
*** doug-fish has joined #openstack-keystone02:27
morganstevemar: ping, you around?02:29
stevemarmorgan: yo02:29
morganstevemar: hey. Hows day one of the new job? ;)02:30
stevemarmorgan: i was a scatterbrain02:30
stevemari tried to do everything and got nothing done \o/02:30
morganWelcome to the land of PTL!02:30
morganEvery time i sat down to do something someone would ask me a question. Like I am doing to you right now! ;)02:31
stevemari need to make a list of things to do, and for you to look over it to make sure i'm not missing anything :P02:31
*** ChanServ sets mode: +o stevemar02:33
stevemarmorgan: what else is up02:33
morganFixed my bike today.02:33
morganFiguring out all the stuff for getting to tokyo02:34
stevemarmorgan: i'm doing that now02:34
*** roxanaghe has quit IRC02:34
*** browne has joined #openstack-keystone02:35
*** lhcheng has joined #openstack-keystone02:36
*** ChanServ sets mode: +v lhcheng02:36
*** lhcheng has quit IRC02:36
*** lhcheng has joined #openstack-keystone02:37
*** ChanServ sets mode: +v lhcheng02:37
*** phalmos has joined #openstack-keystone02:46
openstackgerritMasaki Matsushita proposed openstack/keystone: Use IPOpt to validate IP addresses  https://review.openstack.org/22869702:47
*** wwwjfy has quit IRC02:47
*** wwwjfy has joined #openstack-keystone02:49
openstackgerritDave Chen proposed openstack/keystone: Using the right format to render the docstring correctly  https://review.openstack.org/22622502:52
*** mylu_ has quit IRC02:52
*** mylu has joined #openstack-keystone02:53
*** phalmos has quit IRC02:55
*** mylu has quit IRC02:56
*** mylu has joined #openstack-keystone02:57
*** dims has joined #openstack-keystone03:09
*** ngupta has quit IRC03:12
*** doug-fish has quit IRC03:14
*** dims has quit IRC03:16
*** _hrou_ has quit IRC03:19
*** boris-42 has quit IRC03:19
*** boris-42 has joined #openstack-keystone03:29
*** panbalag has quit IRC03:31
*** links has joined #openstack-keystone03:36
*** Nirupama has joined #openstack-keystone03:38
*** mylu has quit IRC03:41
*** markvoelker has quit IRC03:56
openstackgerritMasaki Matsushita proposed openstack/keystone: Use IPOpt to validate IP addresses  https://review.openstack.org/22869704:01
*** btully has joined #openstack-keystone04:15
*** topol has joined #openstack-keystone04:25
*** ChanServ sets mode: +v topol04:25
*** sdake_ has joined #openstack-keystone04:28
*** wwwjfy has quit IRC04:29
*** sdake has quit IRC04:31
*** woodster_ has quit IRC04:49
*** geoffarnold has joined #openstack-keystone04:50
*** geoffarn_ has joined #openstack-keystone04:51
*** su_zhang has joined #openstack-keystone04:51
*** roxanaghe has joined #openstack-keystone04:54
*** geoffarnold has quit IRC04:55
*** geoffarn_ is now known as geoffarnoldX04:56
*** markvoelker has joined #openstack-keystone04:57
*** Nirupama has quit IRC04:58
*** markvoelker has quit IRC05:01
*** stevemar has quit IRC05:03
*** yottatsa has joined #openstack-keystone05:05
*** yottatsa has quit IRC05:08
*** yottatsa has joined #openstack-keystone05:08
*** geoffarnold has joined #openstack-keystone05:12
*** dims has joined #openstack-keystone05:13
*** geoffarnoldX has quit IRC05:16
*** dims has quit IRC05:18
*** phalmos has joined #openstack-keystone05:23
*** doug-fish has joined #openstack-keystone05:25
*** phalmos has quit IRC05:27
*** doug-fish has quit IRC05:30
*** sileht has quit IRC05:33
*** geoffarnold has quit IRC05:33
*** geoffarnold has joined #openstack-keystone05:34
*** stevemar has joined #openstack-keystone05:36
*** ChanServ sets mode: +o stevemar05:36
*** roxanaghe has quit IRC05:37
*** lhcheng has quit IRC05:37
*** lhcheng has joined #openstack-keystone05:38
*** ChanServ sets mode: +v lhcheng05:38
*** topol has quit IRC05:40
*** stevemar_ has joined #openstack-keystone05:42
*** ChanServ sets mode: +o stevemar_05:42
*** stevema__ has joined #openstack-keystone05:43
*** ChanServ sets mode: +o stevema__05:43
*** wwwjfy has joined #openstack-keystone05:43
*** lhcheng has quit IRC05:44
*** stevemar has quit IRC05:45
*** lhcheng has joined #openstack-keystone05:46
*** ChanServ sets mode: +v lhcheng05:46
*** stevemar_ has quit IRC05:46
*** yottatsa has quit IRC05:52
*** nisha_ has joined #openstack-keystone05:55
*** geoffarn_ has joined #openstack-keystone05:55
*** geoffarnold has quit IRC05:55
*** sdake_ is now known as sdake05:56
*** lsmola has joined #openstack-keystone05:58
*** lhcheng has quit IRC05:58
*** henrynash has joined #openstack-keystone06:01
*** ChanServ sets mode: +v henrynash06:01
*** browne has quit IRC06:03
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Zanata  https://review.openstack.org/22811906:10
*** jaosorior has joined #openstack-keystone06:11
*** jamielennox is now known as jamielennox|away06:12
*** su_zhang has quit IRC06:15
*** openstackgerrit has quit IRC06:16
*** geoffarn_ has quit IRC06:16
*** geoffarnold has joined #openstack-keystone06:17
*** openstackgerrit has joined #openstack-keystone06:17
*** topol has joined #openstack-keystone06:20
*** ChanServ sets mode: +v topol06:20
*** fawadkhaliq has joined #openstack-keystone06:21
*** yottatsa has joined #openstack-keystone06:22
fawadkhaliqHello Keystone cores, can you please review this: https://review.openstack.org/#/c/211598/ It has been in reasonable state for quite sommetime. Thank you!06:22
stevema__fawadkhaliq: i dont see what a neutron related devstack change has to do with keystone?06:24
*** topol has quit IRC06:25
fawadkhaliqOh my bad. I am really tired. I was seeing Keystone and DevStack as same. Apologies. I should hit bed :)06:25
fawadkhaliqMoving this to DevStack DevStack..06:25
stevema__fawadkhaliq: np06:27
*** e0ne has joined #openstack-keystone06:27
stevema__i'm going to do the same06:28
*** stevema__ has quit IRC06:28
*** stevemar has joined #openstack-keystone06:28
*** ChanServ sets mode: +o stevemar06:28
*** fawadkhaliq has quit IRC06:30
*** sdake_ has joined #openstack-keystone06:33
*** stevemar has quit IRC06:33
*** e0ne has quit IRC06:34
*** davechen1 has joined #openstack-keystone06:35
*** sdake has quit IRC06:36
*** geoffarnold has quit IRC06:38
*** geoffarnold has joined #openstack-keystone06:38
*** davechen has quit IRC06:38
*** davechen has joined #openstack-keystone06:41
*** davechen1 has quit IRC06:44
*** markvoelker has joined #openstack-keystone06:45
*** ankita_wagh has quit IRC06:48
*** markvoelker has quit IRC06:50
*** btully has quit IRC06:52
*** geoffarn_ has joined #openstack-keystone06:59
*** geoffarnold has quit IRC06:59
*** e0ne has joined #openstack-keystone07:07
*** nisha_ has quit IRC07:08
*** e0ne has quit IRC07:09
*** sdake_ is now known as sdake07:10
*** nisha_ has joined #openstack-keystone07:13
*** geoffarnold has joined #openstack-keystone07:20
*** e0ne has joined #openstack-keystone07:21
*** geoffarn_ has quit IRC07:21
*** yottatsa has quit IRC07:24
*** nisha_ has quit IRC07:33
*** ParsectiX has joined #openstack-keystone07:34
*** exploreshaifali has joined #openstack-keystone07:40
*** yottatsa has joined #openstack-keystone07:42
*** yottatsa has quit IRC07:45
*** jsheeren has joined #openstack-keystone07:47
*** dsirrine|call has quit IRC07:48
*** nisha_ has joined #openstack-keystone07:49
*** fhubik has joined #openstack-keystone07:51
*** urulama has quit IRC07:54
*** urulama has joined #openstack-keystone07:55
*** yottatsa has joined #openstack-keystone07:58
*** nisha__ has joined #openstack-keystone08:01
*** nisha_ has quit IRC08:04
*** ParsectiX has quit IRC08:08
*** ParsectiX has joined #openstack-keystone08:08
*** nisha_ has joined #openstack-keystone08:09
*** ParsectiX has quit IRC08:10
*** ParsectiX has joined #openstack-keystone08:11
*** nisha__ has quit IRC08:12
*** jistr has joined #openstack-keystone08:16
*** marzif has quit IRC08:18
*** geoffarnold has quit IRC08:23
*** geoffarnold has joined #openstack-keystone08:24
*** amakarov_away is now known as amakarov08:34
*** geoffarnold has quit IRC08:45
*** exploreshaifali has quit IRC08:45
*** geoffarnold has joined #openstack-keystone08:45
*** markvoelker has joined #openstack-keystone08:46
*** davechen1 has joined #openstack-keystone08:49
*** jvarlamova has joined #openstack-keystone08:50
*** markvoelker has quit IRC08:51
*** davechen has quit IRC08:51
*** davechen has joined #openstack-keystone08:56
*** davechen1 has quit IRC08:59
*** fhubik is now known as fhubik_brb09:02
*** nisha__ has joined #openstack-keystone09:02
*** nisha_ has quit IRC09:05
*** jorge_munoz_ has joined #openstack-keystone09:06
*** geoffarnold has quit IRC09:06
*** geoffarnold has joined #openstack-keystone09:06
*** jorge_munoz has quit IRC09:08
*** jorge_munoz_ is now known as jorge_munoz09:08
*** urulama has quit IRC09:08
*** urulama has joined #openstack-keystone09:09
*** dims has joined #openstack-keystone09:16
*** davechen has left #openstack-keystone09:19
*** yottatsa has quit IRC09:20
*** dims has quit IRC09:22
*** geoffarnold has quit IRC09:27
*** geoffarnold has joined #openstack-keystone09:28
*** ParsectiX has quit IRC09:30
*** jsheeren has quit IRC09:36
*** henrynash has quit IRC09:36
*** fhubik_brb is now known as fhubik09:37
*** wwwjfy_ has joined #openstack-keystone09:40
*** wwwjfy has quit IRC09:41
openstackgerritMarek Denis proposed openstack/keystoneauth-saml2: Depend on keystoneauth  https://review.openstack.org/18685409:44
*** dims has joined #openstack-keystone09:47
*** geoffarnold has quit IRC09:49
*** geoffarnold has joined #openstack-keystone09:49
*** yottatsa has joined #openstack-keystone09:53
*** fhubik is now known as fhubik_brb10:02
*** ParsectiX has joined #openstack-keystone10:07
*** yottatsa has quit IRC10:07
*** geoffarnold has quit IRC10:13
*** nisha__ has quit IRC10:13
*** geoffarnold has joined #openstack-keystone10:20
*** nisha__ has joined #openstack-keystone10:32
*** nisha__ has quit IRC10:33
*** nisha has joined #openstack-keystone10:33
*** EinstCrazy has quit IRC10:42
*** markvoelker has joined #openstack-keystone10:47
*** jamielennox|away is now known as jamielennox10:49
*** sdake_ has joined #openstack-keystone10:50
*** markvoelker has quit IRC10:52
*** pnavarro has joined #openstack-keystone10:52
*** doug-fish has joined #openstack-keystone10:53
*** sdake has quit IRC10:54
*** doug-fish has quit IRC10:57
*** fhubik_brb is now known as fhubik10:58
*** fhubik is now known as fhubik_brb10:58
*** wwwjfy_ has quit IRC10:59
*** exploreshaifali has joined #openstack-keystone11:03
*** EinstCrazy has joined #openstack-keystone11:04
*** jecarey has joined #openstack-keystone11:05
samueldmqmorning keystoners11:11
*** nisha_ has joined #openstack-keystone11:17
*** nisha_ has quit IRC11:18
*** svasheka has quit IRC11:19
nishaMorning :)11:19
*** wwwjfy_ has joined #openstack-keystone11:20
*** nisha_ has joined #openstack-keystone11:23
*** nisha has quit IRC11:24
*** marzif has joined #openstack-keystone11:28
*** kiran-r has joined #openstack-keystone11:29
*** jecarey has quit IRC11:31
*** svasheka has joined #openstack-keystone11:32
*** exploreshaifali has quit IRC11:32
*** doug-fish has joined #openstack-keystone11:33
*** geoffarn_ has joined #openstack-keystone11:35
*** geoffarnold has quit IRC11:35
*** stevemar has joined #openstack-keystone11:40
*** ChanServ sets mode: +o stevemar11:40
*** fhubik_brb is now known as fhubik11:41
*** stevemar has quit IRC11:45
*** nisha_ has quit IRC11:47
*** gordc has joined #openstack-keystone11:48
samueldmqnisha_: hey, I am glad you got it working11:49
samueldmqoh, she left :(11:49
*** jaosorior has quit IRC11:53
*** jaosorior has joined #openstack-keystone11:54
*** jaosorior has quit IRC11:55
*** jaosorior has joined #openstack-keystone11:55
*** geoffarn_ has quit IRC11:56
*** geoffarnold has joined #openstack-keystone11:56
*** pnavarro has quit IRC11:57
*** nisha has joined #openstack-keystone12:02
*** markvoelker has joined #openstack-keystone12:03
*** nisha has quit IRC12:03
*** nisha has joined #openstack-keystone12:05
*** nisha has quit IRC12:06
*** nisha has joined #openstack-keystone12:06
*** nicodemos has joined #openstack-keystone12:07
*** markvoelker has quit IRC12:07
*** exploreshaifali has joined #openstack-keystone12:07
*** pnavarro has joined #openstack-keystone12:11
*** geoffarnold has quit IRC12:17
*** geoffarnold has joined #openstack-keystone12:18
jvarlamovaHello, Keystone team! Could you please take a look at patch https://review.openstack.org/#/c/207906/? Stable/kilo branch of Manila client is broken due to bug https://bugs.launchpad.net/python-keystoneclient/+bug/148031412:18
openstackLaunchpad bug 1480314 in python-keystoneclient "Branch "stable/kilo" is broken" [Undecided,In progress] - Assigned to Julia Varlamova (jvarlamova)12:18
*** raildo-afk is now known as raildo12:21
*** edmondsw has joined #openstack-keystone12:31
*** Ephur has quit IRC12:31
*** kiran-r has quit IRC12:32
*** markvoelker has joined #openstack-keystone12:32
*** EinstCrazy has quit IRC12:34
*** dims_ has joined #openstack-keystone12:36
*** aix has quit IRC12:37
*** geoffarnold has quit IRC12:38
*** geoffarnold has joined #openstack-keystone12:39
*** EinstCrazy has joined #openstack-keystone12:40
*** dims has quit IRC12:40
*** exploreshaifali has quit IRC12:40
*** alejandrito has joined #openstack-keystone12:52
*** dims_ has quit IRC12:53
*** fhubik is now known as fhubik_brb12:55
*** Ephur has joined #openstack-keystone13:00
*** geoffarnold has quit IRC13:00
*** geoffarnold has joined #openstack-keystone13:00
*** Ephur_ has joined #openstack-keystone13:01
*** dims has joined #openstack-keystone13:01
*** Ephur has quit IRC13:05
*** hrou has joined #openstack-keystone13:07
*** thiagop has joined #openstack-keystone13:09
*** daemontool_ has joined #openstack-keystone13:10
*** btully has joined #openstack-keystone13:13
*** nisha_ has joined #openstack-keystone13:13
*** nisha has quit IRC13:16
*** links has quit IRC13:22
*** jsavak has joined #openstack-keystone13:25
*** doug-fish has quit IRC13:27
*** doug-fish has joined #openstack-keystone13:28
*** alejandrito has quit IRC13:28
*** jsavak has quit IRC13:29
*** richm has joined #openstack-keystone13:33
*** jsavak has joined #openstack-keystone13:33
*** ngupta has joined #openstack-keystone13:34
*** stevemar has joined #openstack-keystone13:34
*** ChanServ sets mode: +o stevemar13:34
*** stevemar_ has joined #openstack-keystone13:36
*** ChanServ sets mode: +o stevemar_13:36
*** stevemar_ has quit IRC13:37
*** stevemar_ has joined #openstack-keystone13:38
*** ChanServ sets mode: +o stevemar_13:38
*** stevemar has quit IRC13:39
*** alejandrito has joined #openstack-keystone13:40
*** aix has joined #openstack-keystone13:40
*** iurygregory_ has joined #openstack-keystone13:43
*** iurygregory_ has quit IRC13:43
*** doug-fish has quit IRC13:43
*** geoffarnold has quit IRC13:44
dstanekdolphm: +1 on https://review.openstack.org/#/c/210365/1 ?13:49
*** marzif has quit IRC13:49
dolphmdstanek: sure, i was hoping it would grow a dependency13:50
dstanekdolphm: what dependency?13:51
dolphmdstanek: on your patch13:51
dstanekah, ok13:51
dstanekhmmm.... "Ran: 5695 tests... Failed: 4190" - good times!13:52
dstanekbknudson: we were deprecating the functionality since it could break existing config files re: https://review.openstack.org/#/c/134124/13:52
*** stevemar_ is now known as stevemar13:54
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799513:55
bknudsondstanek: but apparently it didn't work due to the bug.13:56
dstanekbknudson: the values just had no effect right?13:57
bknudsondstanek: according to the bug report the server fails to start with a backtrace13:57
bknudson"So, if we configure paste.deploy config files like what the method docs says,  ..."13:57
marekdstevemar: hi, do you know if anybody in the openstack family by default can consume  cadf events?13:58
bknudson"it will always fails as:"13:58
stevemarmarekd: ceilometer?13:58
bknudsondstanek: so I don't get the point of deprecating since it's been broken for so long.13:59
*** phalmos has joined #openstack-keystone14:00
marekdstevemar: i am thinking about it as I see lots of people see federated users ephemerality as a problem cause they cannot track them and I am wondering whether we should somehow solve it for them.14:00
*** nisha_ has quit IRC14:02
openstackgerritTony Wang proposed openstack/keystone: Show v3 endpoints in v2 endpoint list  https://review.openstack.org/21587014:03
dstanekbknudson: i thought at one point we had middleware that allowed it, but didn't use it, but i can't find any evidence of it so i agree that we should just delete14:03
*** ParsectiX has quit IRC14:03
bknudsondstanek: ok, I'm not crazy14:04
dstanekbknudson: no i am :-)14:04
*** ayoung has joined #openstack-keystone14:05
*** ChanServ sets mode: +v ayoung14:05
dstanekbknudson: it was the Xml middleware that was deleted in L14:05
bknudsonyou could configure the XML middleware?14:06
dstanekbknudson: nope14:06
dstanekbknudson: it was that awesome! http://git.openstack.org/cgit/openstack/keystone/commit/?id=8b742b5f29f0b40cd9cfead28d45acc65e61b49114:07
bknudsonI'm just glad we don't have to support the broken XML translator anyways14:08
dstanekwe should get rid of all the broken14:08
bknudsonwe don't use the local conf in the app factories -- https://review.openstack.org/#/c/134124/22/keystone/service.py14:09
*** sigmavirus24_awa is now known as sigmavirus2414:10
bknudsonmaybe could change the logs there to say that it's ignored and to update your config file rather than say something is deprecated.14:10
dstanekbknudson: if you do that we can't remove the unused params in the future14:21
bknudsondstanek: is it safe to remove the unused params or is it part of the paste spec?14:22
bknudsondoes paste say you're supposed to have the kwargs?14:22
*** urulama has quit IRC14:22
dstanekbknudson: i don't know it it's explicit. paste just bundles the stuff from the config and sends it in as kwargs14:22
*** urulama has joined #openstack-keystone14:23
bknudsonright, so we can't stop paste from doing that... it's just how does keystone handle it... either failing or ignoring14:23
dstanekthis is the first project i've been a part of that receives them as kwargs too. generally i would used named kwargs14:23
*** nisha has joined #openstack-keystone14:24
bknudsonpaste might decide that since they told everyone to accept **kwargs they're going to always specify a kwarg just for fun.14:25
*** geoffarnold has joined #openstack-keystone14:26
dstanekbknudson: what a pile of crap :-(14:27
bknudsondstanek: here's some docs -- http://pythonpaste.org/deploy/#paste-app-factory14:29
bknudsonthey use **local_conf14:29
dstanekyeah, but no actual spec that's just the example14:29
bknudsondstanek: the other examples seem to use positional args as the config options, see http://pythonpaste.org/deploy/#paste-filter-factory14:31
*** phalmos has quit IRC14:33
dstanekbknudson: consistent right? i would use defaults, but not **14:33
*** topol has joined #openstack-keystone14:34
*** ChanServ sets mode: +v topol14:34
bknudsondstanek: you'd prefer to not have the **kwargs config params in our factories? If so maybe this is the right way to go.14:34
bknudsonI mean maybe https://review.openstack.org/#/c/134124/ is the right way to go.14:34
dstanekbknudson: except for the middleware part. that is broken and shouldn't deprecated14:36
bknudsonmaybe it's not necessary to deprecate in https://review.openstack.org/#/c/134124/22/keystone/common/wsgi.py since the server just failed to start before, but in https://review.openstack.org/#/c/134124/22/keystone/service.py the args were ignored before so I suppose we could deprecate first.14:36
dstanekbknudson: 2015-09-29 14:34:38.921 31516 CRITICAL keystone.service [-] admin_version_app_factory() got an unexpected keyword argument 'arg'14:36
dstanek^that's what happens why you have config values in the ini and remove them from the app factory14:36
bknudsonreally? def admin_version_app_factory(global_conf, **local_conf) -- it's got kwargs.14:36
bknudsonoh, you removed it14:36
dstanekbknudson: y14:37
*** slberger has joined #openstack-keystone14:37
bknudsonif you think the kwargs should be removed from admin_version_app_factory then I'm fine with printing the deprecation message there.14:37
*** geoffarnold has quit IRC14:38
dstaneki want to find out who is maintaining the lib and ask14:38
bknudsonI don't think we have to wait 2 releases.14:38
*** jorge_munoz has quit IRC14:39
*** su_zhang has joined #openstack-keystone14:43
*** dsirrine has joined #openstack-keystone14:47
*** dsirrine has quit IRC14:53
bknudsonpaste could have a nicer message when the config is incorrect, rather than just saying unexpected kwarg.14:53
*** ayoung has quit IRC14:54
*** dsirrine has joined #openstack-keystone14:54
*** dsirrine has quit IRC14:55
dstanekbknudson: i was thinking something more like this http://paste.openstack.org/show/474693/14:58
bknudsondstanek: so no need to deprecate?14:58
bknudsondid any of our middleware support extra args?14:59
dstaneknot for middleware. like you said if they have config in the INI then they'll get a traceback because the middleware's init doesn't allow kwargs14:59
dstaneknot that i can see, the Xml middleware was the only one14:59
dstanektests are running now15:00
dstaneki need to push some of my wsgi rework today before this gets out of hand15:00
bknudsonthings are getting out of hand.15:01
dstanek"rm -rf keystone/*; git commit -a -m 'starting over'"15:02
*** dims has quit IRC15:04
*** akanksha_ has joined #openstack-keystone15:09
*** ayoung has joined #openstack-keystone15:09
*** ChanServ sets mode: +v ayoung15:09
*** csoukup has joined #openstack-keystone15:10
*** zzzeek has joined #openstack-keystone15:10
*** jorge_munoz has joined #openstack-keystone15:13
*** fhubik_brb is now known as fhubik15:14
*** nisha has quit IRC15:14
*** diazjf has joined #openstack-keystone15:15
*** dims__ has joined #openstack-keystone15:16
*** nicodemos has quit IRC15:16
*** browne has joined #openstack-keystone15:17
*** henrynash has joined #openstack-keystone15:19
*** ChanServ sets mode: +v henrynash15:19
*** phalmos has joined #openstack-keystone15:19
*** EinstCrazy has quit IRC15:21
openstackgerritMerged openstack/keystonemiddleware: only make token invalid when it really is  https://review.openstack.org/21737315:21
*** doug-fish has joined #openstack-keystone15:24
*** jorge_munoz has quit IRC15:24
*** stevemar has quit IRC15:27
*** stevemar has joined #openstack-keystone15:27
*** ChanServ sets mode: +o stevemar15:27
*** stevemar_ has joined #openstack-keystone15:29
*** ChanServ sets mode: +o stevemar_15:29
*** stevemar has quit IRC15:32
*** stevemar_ has quit IRC15:34
*** ayoung has quit IRC15:38
*** fhubik has quit IRC15:38
*** jorge_munoz has joined #openstack-keystone15:39
openstackgerritDolph Mathews proposed openstack/keystone: Test revocation race conditions  https://review.openstack.org/22799515:39
*** nisha has joined #openstack-keystone15:40
*** nisha has quit IRC15:40
*** nisha has joined #openstack-keystone15:40
*** jdennis1 has joined #openstack-keystone15:41
*** jdennis has quit IRC15:43
*** henrynash has quit IRC15:48
*** nisha_ has joined #openstack-keystone15:51
*** nisha has quit IRC15:51
*** ayoung has joined #openstack-keystone15:51
*** ChanServ sets mode: +v ayoung15:51
*** ayoung has quit IRC15:51
*** ayoung has joined #openstack-keystone15:51
*** ChanServ sets mode: +v ayoung15:51
*** roxanaghe has joined #openstack-keystone15:53
*** marzif has joined #openstack-keystone15:54
*** woodster_ has joined #openstack-keystone15:57
*** fawadkhaliq has joined #openstack-keystone15:59
*** su_zhang has quit IRC16:00
*** Ephur_ has quit IRC16:04
*** urulama has quit IRC16:04
*** gyee has joined #openstack-keystone16:04
*** ChanServ sets mode: +v gyee16:04
*** marzif has quit IRC16:05
*** urulama has joined #openstack-keystone16:05
*** raildo is now known as raildo-afk16:08
*** kiran-r has joined #openstack-keystone16:08
openstackgerritTom Cocozzello proposed openstack/keystone: Deprecate httpd/keystone.py  https://review.openstack.org/22197516:09
*** EinstCrazy has joined #openstack-keystone16:10
*** GB21 has joined #openstack-keystone16:14
*** ankita_wagh has joined #openstack-keystone16:18
*** gyee has quit IRC16:19
*** EinstCrazy has quit IRC16:21
*** raildo-afk is now known as raildo16:22
*** nisha has joined #openstack-keystone16:23
*** _cjones_ has joined #openstack-keystone16:23
*** nisha_ has quit IRC16:25
*** jistr has quit IRC16:26
*** jorge_munoz has quit IRC16:27
*** gyee has joined #openstack-keystone16:29
*** ChanServ sets mode: +v gyee16:29
*** nisha_ has joined #openstack-keystone16:29
*** nisha_ has quit IRC16:30
*** lhcheng has joined #openstack-keystone16:31
*** ChanServ sets mode: +v lhcheng16:31
*** doug-fis_ has joined #openstack-keystone16:32
*** doug-fish has quit IRC16:35
*** dims__ has quit IRC16:38
*** dims__ has joined #openstack-keystone16:39
*** stevemar has joined #openstack-keystone16:42
*** ChanServ sets mode: +o stevemar16:42
*** geoffarnold has joined #openstack-keystone16:43
*** kiranr has joined #openstack-keystone16:43
stevemarfun times!16:45
morganstevemar: join #openstack-relmgr-office16:46
*** topol has quit IRC16:50
*** kiran-r has quit IRC16:52
dstanekyeah, that channel is not fun times16:54
*** ayoung has quit IRC16:55
*** ayoung has joined #openstack-keystone16:55
*** ChanServ sets mode: +v ayoung16:55
*** pnavarro has quit IRC16:55
*** mylu has joined #openstack-keystone16:57
lbragstaddolphm: good call on the self.time_delta move17:00
*** su_zhang has joined #openstack-keystone17:01
*** ankita_wagh has quit IRC17:02
*** su_zhang has quit IRC17:03
*** su_zhang has joined #openstack-keystone17:03
*** tonytan4ever has joined #openstack-keystone17:05
*** pgbridge has quit IRC17:09
*** lsmola has quit IRC17:14
*** nisha_ has joined #openstack-keystone17:15
*** nisha_ has quit IRC17:15
*** nisha_ has joined #openstack-keystone17:16
*** phalmos_ has joined #openstack-keystone17:16
*** nisha has quit IRC17:19
*** marzif has joined #openstack-keystone17:19
*** phalmos has quit IRC17:19
*** ankita_wagh has joined #openstack-keystone17:23
*** dsirrine has joined #openstack-keystone17:26
*** david8hu has quit IRC17:27
*** david8hu has joined #openstack-keystone17:28
*** fawadkhaliq has quit IRC17:30
*** jaosorior has quit IRC17:30
*** phalmos_ has quit IRC17:35
*** mylu has quit IRC17:39
*** exploreshaifali has joined #openstack-keystone17:40
*** exploreshaifali has quit IRC17:41
*** sileht_ has joined #openstack-keystone17:44
gyeejamielennox, I guess there's no way to avoid version discovery? https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/client.py#L6217:44
*** sileht_ is now known as sileht17:45
*** sileht has quit IRC17:45
*** sileht has joined #openstack-keystone17:46
*** tsymancz5k is now known as tsymanczyk17:51
ayounggyee, why do you want to?17:52
gyeeayoung, I am trying to figure out how to make discovery play nices with the VIPs17:54
gyeeI think I may've found something that works17:54
*** urulama has quit IRC17:55
*** urulama has joined #openstack-keystone17:55
amakarovayoung, hi! Shall we have implied roles? I have a vision about delegation and role hierarchy is included: https://docs.google.com/drawings/d/1GJ1i4RwPpZLsbc_LBPy8r1k-FvQj_yAIHjwq8gDgNXg/view17:59
amakarovand do you plan to include materialized path in roles?18:00
*** dims has joined #openstack-keystone18:00
amakarovit will significantly simplify usage18:00
*** dims__ has quit IRC18:02
*** marzif has quit IRC18:09
*** phalmos has joined #openstack-keystone18:10
dstanekgyee: why does it not work with your vips?18:10
gyeedstanek, long story, the way it set up right now, out internal nodes don't have access to public VIP18:12
dstanekgyee: so your seeing the verisons when accessed through an internal name return the public name?18:13
dstanek...or you're18:13
gyeeright version discovery returns the public_endpoint configured in keystone.conf18:14
jamielennoxand if you don't hardcode public_endpoint and let it figure it out from the request ?18:23
gyeejamielennox, actually, passing "endpoint" param may do the trick18:25
gyeepointing it to internal VIP18:25
jamielennoxgyee: interface?18:26
gyeeno, interface hasn't come into the picture yet18:27
gyeefor this particular setup, there's an public/external VIP and internal VIP18:28
*** akanksha_ has quit IRC18:28
gyeeeach VIP have multiple interfaces18:28
gyeepublic, admin, and internal18:28
*** boris-42 has quit IRC18:29
gyeebut they are served by the same keystone instances18:29
gyeefor keystone version discovery, it takes the public_endpoint or admin_endpoint configured in keystone.conf, depending on the port the request is coming in18:30
gyeesay  GET *:5000/, Keystone always returns the public_endpoint, regardless whether its coming from public or internal VIP18:32
*** urulama has quit IRC18:34
*** urulama has joined #openstack-keystone18:34
*** su_zhang has quit IRC18:36
*** aix has quit IRC18:38
*** flwang has quit IRC18:38
*** flwang has joined #openstack-keystone18:38
*** topol has joined #openstack-keystone18:40
*** ChanServ sets mode: +v topol18:40
*** ngupta_ has joined #openstack-keystone18:44
*** yottatsa has joined #openstack-keystone18:46
*** jasondotstar is now known as jasondotstar_afk18:47
*** ngupta has quit IRC18:48
*** mylu has joined #openstack-keystone18:49
*** ankita_wagh has quit IRC18:51
*** kiranr has quit IRC18:52
*** GB21 has quit IRC18:53
*** e0ne has quit IRC18:54
*** mylu has quit IRC18:57
mordredjamielennox: Error fetching server list: 'module' object has no attribute 'UnknownConnectionError'18:58
mordredjamielennox: that's from:18:58
mordred  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 443, in _send_request18:58
mordred    raise exceptions.UnknownConnectionError(msg, e)18:58
*** ankita_wagh has joined #openstack-keystone18:59
mordredAttributeError: 'module' object has no attribute 'UnknownConnectionError'18:59
jamielennoxmordred: i have never seen that - but that's not good19:00
mordredjamielennox: I thoughtyou might find that displeasing19:00
ayoungmordred, could it be a case where we are mixing exceptions from two different modules19:00
ayoungkeystoneclient.exception.UnknownConnectionError versos some other library19:01
amakarovayoung, so roles will be targeted to endpoints too?19:01
*** stevemar has quit IRC19:01
ayoungamakarov, sort of...I'd say it slightly differently19:01
ayoungamakarov, I would say instead that roles could be assigned to a user for an endpoint as well as a project19:02
ayoungamakarov, it  makes the endpoints (or regions or serivces) things that people can have different roles in managing....19:02
ayoungjust like they do projects19:02
jamielennoxayoung, mordred: it looks like it's a catch all exception because i didn't want RequestsExceptions escaping - why it defined something new rather than raise the base class i've no idea19:03
amakarovayoung, understood19:03
ayoungamakarov, I think the normal case would be to assign a user a role on the whole catalog, but then the user only requests a token scoped to a specific endpoint to perform an administrative action19:04
amakarovayoung, humbly reminding about this: https://review.openstack.org/#/c/198418/19:04
*** yottatsa has quit IRC19:04
ayoungamakarov, Ah, yes...19:04
amakarovamakarov, if we manage to use it in roles it can ease searching/validation19:04
ayoungamakarov, I'm going to edit the commit message to remove the "conflicts" but that should not invalidate gyees +219:04
ayoungoh, never mind19:05
amakarovayoung, I was thinking about delegation for some time and the scheme is an intermediate result19:05
ayoungamakarov, what does 'materialized' mean here19:06
amakarovI assume hierarchies are in projects and roles19:06
ayoungok...I get the concept...19:06
amakarovayoung, it means all ancestry chain is stored in the special field19:06
amakarovayoung, which allows to avoid recursion in a search19:07
ayoungamakarov, on a related note, with the implied roles, I did it as a set, and avoided cycles that way;  once an element was in the set, it was not reachecked...19:07
jamielennoxmordred: easiest thing to do is just add the exception to keystoneauth - you or me?19:08
amakarovayoung, set doesn't preserve order19:08
morganoh stevemar dropped19:08
*** yottatsa has joined #openstack-keystone19:08
morganthat guy needs to get a ZNC bounder19:08
*** yottatsa has quit IRC19:08
ayoungamakarov, and for roles, we don't care about order.  But we do for HMT.19:08
*** stevemar has joined #openstack-keystone19:08
*** ChanServ sets mode: +o stevemar19:08
jamielennoxmorgan: i can understand liking it that way19:08
morganstevemar: you need a znc bouncer man19:08
amakarovayoung, it's just a mix-in to be used when it needed )19:09
ayoungamakarov, all that is recorded in the databse is "parent" right?  Or did you add an new field?19:09
morganstevemar: who is complaining about eventlet disappearing?19:09
amakarovayoung, it adds 'path'19:09
amakarovayoung, with btree index on it19:09
ayoungamakarov, and that is there to avoid cycles?19:09
amakarovayoung, explicit check19:10
samueldmqwell.. and it looks like I have missed the meeting this week :(19:10
ayoungamakarov, this is assuming the hierarchies are immutable, right?19:10
amakarovayoung, see def test_cyclic_reference(self) in tests19:10
dstanekmorgan: stevemar: what's the news about eventlet?19:11
ayoungamakarov, so...what does this buy us beyond the cycle check?19:11
amakarovayoung, it's mutable19:11
morgandstanek: I'm lining up the fix for devstack for mitaka so it can land as soon as they branch tomorrow19:11
morgandstanek: and then shredding the stuff in keystone's tree is next19:11
ayoungamakarov, then you need to morph the path field in multiple records, right?19:11
mordredjamielennox: about to take off ... it's all you :)19:11
amakarovayoung, yes, it's done in a single update19:12
dstanekmorgan: ah, ok. i thought you were saying that we'd have to keep it for another cycle19:12
ayoungamakarov, testing that will be tricky19:12
morgandstanek: no, stevemar was saying someone didn't want it to disappear19:12
bknudsonmorgan: you'll probably need to mess with grenade too19:14
amakarovayoung, can you please review the CR and tell what tests are needed there besides those already present?19:14
morganbknudson: likely19:14
morganbknudson: or maybe not19:14
ayoungamakarov, so, the implied roles thing...think you can build the unified delegation spec on that?19:14
morganwe will see19:15
*** doug-fis_ is now known as doug-fish19:15
bknudsonI'm going to have to figure out how to debug keystone in apache19:16
*** nisha_ has quit IRC19:16
morganbknudson: you can run the wsgi files directly19:16
morganas wsgiref19:16
amakarovayoung, I want it on bleeding edge, so yes - I will present at least some pictures :) With a spec, of course19:16
ayoungbknudson, rpdb works fine for that19:16
morganand I plan on making uwsgi versions part of devstack base19:16
ayoungbknudson, http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/19:16
morganwhich you can run isolated.19:16
bknudsonI will try all these methods19:17
morganbknudson: ^_^19:17
ayoungamakarov, when determining what role a user can delegate, it should look first at the explicit set of roles, and then walk the implicit19:17
amakarovayoung, it looks like a big change though, I want it fast to be capable of handling workflow with short living tokens19:17
bknudsonayoung: when you run with rpdb do you set up apache differently? (so that it only runs one thread?)19:17
ayoungamakarov, this is upon assignment19:18
gyeebknudson, ayoung's rpdb setup was super helpful, works nicely with Apache19:18
ayoungbknudson, nope19:18
ayoungbknudson, only the first thread to hit the breakpoint succeeds19:18
morganayoung: rpdb is also fantastic19:18
amakarovayoung, with MP it can be done in a single request19:19
ayoungyou need to free up the socket in order for some other breakpoint to trigger it.  You can have rpdb listen on multiple sockets, if you really want19:19
ayoungamakarov, only problem is that roles are not a strict hierarchy19:19
ayoungits a dag19:20
ayoungalthough , tbh, acyclic is not realy a constraint.19:20
openstackgerritJamie Lennox proposed openstack/keystoneauth: Add UnknownConnectionError to __all__  https://review.openstack.org/22911419:20
amakarovayoung, afaik there is no effective way to traverse generic web...19:21
amakarovayoung, ok, I'll double-check the spec and think what can be done with it, thanks for update19:23
*** amakarov is now known as amakarov_away19:23
ayoungamakarov, I guess we could make it a straight hierarchy and use MP if performance was an issue.  I was not aware of the MP code when I got the Implied roles code working19:23
ayoungamakarov_away, https://github.com/admiyo/keystone/tree/implied_roles19:24
*** wwwjfy_ has quit IRC19:24
morganrichm: ping - re puppet things19:27
amakarov_awayayoung, I'll work with what is implemented already19:27
amakarov_awayayoung, I'm brewing a concept - not implementation yet )19:28
*** diegows has joined #openstack-keystone19:31
richmmorgan: pong19:34
morganrichm: so i wanted to just quickly voice the concern re the delimiter/composite bits in puppet discussion19:35
morganrichm: since all the values/names could contain them at any point/anywhere19:35
richmmorgan: ok19:35
morganrichm: but before trying to bring it up on the ML, I wanted to see if I was missing some key bit19:36
morganbut a domain name can be hi::my::name::is::joe as could a user's name19:36
morganso joe::user@company::otherthing19:36
morganthat could be a username19:36
richmWe are trying to work out a way that we can use puppet without relying on any delimiters19:36
* morgan nods19:36
richmbut note that puppet-keystone already uses "@" as a delimiter in some cases19:37
morganjust wanted to make sure that there was a clear "this is really important"19:37
richmand has been doing that for quite some time19:37
morganthat is horrible and should be fixed.. @ is one of the worse choices, :: less bad19:37
richmYes, understood.  Any delimiter is going to be problematic19:37
morganrichm: cool. just wanted to check to make sure you were aware19:37
morganbecause i am concerned the puppet modules are writing themselves into a corner where they wont be useful in a number (not majority, but still enough places)19:38
richmmorgan: Yes, that is one of the primary motivations for the current openstack-dev email thread about this subject19:38
morganrichm: cool!19:38
morganrichm: yay~19:38
morganrichm: :) :)19:38
morganok thats all19:38
* morgan lets the convo continue then.19:38
crinklepuppet needs to use a name as an identifier, so we've just gone ahead and said "if you're using puppet and you're using keystone then we're imposing extra naming restrictions that keystone doesn't care about, sorry"19:38
richmmorgan: Ok.  Let me know if you have any more questions about it.19:38
*** gyee has quit IRC19:38
*** sileht has quit IRC19:39
richmSo if the user is "writing themselves into a corner" they won't be able to use puppet19:39
morgancrinkle: i think thats fine. just as long as the real info that is used is not subjected in the same manner19:39
morgancrinkle: or wait.19:39
morgancrinkle: eh19:39
morgancrinkle: sure.19:40
*** pgbridge has joined #openstack-keystone19:40
morganrichm: more concern is if a user already wrote themselves into a corner and is trying to automate with puppet afterwards19:41
morgannot an uncommon scenario19:41
morganbut eh.19:42
morganif I had to pick a delimiter, it would be '::' not '@' fwiw19:42
richmNo matter what we do with puppet, there may be situations where it will be difficult if not impossible to satisfy certain deployments19:42
richmI'm trying to figure out a way so that we don't have to rely on delimiters19:42
richmor at least, to not rely on delimiters so much19:43
morganrichm: i think :: is less problematic if a delimiter is needed... *or* at least let them specify a delemiter override19:43
morganbut yeah no delimiter would be best19:43
morganbut i get that sometimes you can't make that happen19:43
richmwith puppet, you _must_ uniquely name things - sometimes using a delimiter is the only way to do that19:44
morganrichm: so simple order of preference 1) No delim, 2) :: with the ability to provide a delim override, 3) ::, 4) anything else19:44
morganand yeah most CMS needs unique names19:45
*** sileht has joined #openstack-keystone19:45
richmpuppet-keystone must support "@" for keystone_user_role for at least a couple more releases19:45
morgani just typically name them something "interesting" when I built things and require all the real meat of values to come under the name19:45
richmthere's really no way around that in order to preserve backwards compatibility/sanity19:45
morganso the name is unique but otherwise un-used19:45
morganrichm: oh i wouldn't suggest breaking anyone, just providing a better solution forward looking :)19:46
richmmorgan: Yeah, that's what I'm trying to do19:46
morganrichm: awesome. anyway sounds like we're on the same page.19:46
richmI mean, allow the operator to give an object an "interesting" unique name, and rely on the actual real properties of the object to ensure its uniqueness19:47
morganbest approach19:47
*** nisha_ has joined #openstack-keystone19:47
*** sileht has quit IRC19:47
morganbut if the general community wants a delim used, you've seen my recommendations to make life as easy/least painful19:48
*** sileht has joined #openstack-keystone19:48
*** ngupta has joined #openstack-keystone19:48
richmmorgan: ok19:48
morgan[if I could fix keystone instead I'd also aim to do that and carve out explicitly banned characters from the "names"]19:48
*** nisha_ has quit IRC19:48
morganexplicitly defined delimiters would have been useful19:49
richmyeah, but quite difficult to accommodate all those identity sources in practice19:49
morgani might make a push to make it so anything in a fixed set of delims is escaped19:49
richmyeah, that could work19:50
morganso if "@" appears in the username, it becomes "name\@"19:50
morganor make the delims explicitly escaped19:50
*** tonytan4ever has quit IRC19:50
*** wwwjfy_ has joined #openstack-keystone19:50
morganif someone names their project name\@thing\@stuff@\@ i'm going to facepalm19:51
*** tonytan4ever has joined #openstack-keystone19:51
morganooh i know19:51
morganI am totally going to use the ANSI bell character for a delimiter19:51
lbragstadstevemar: marekd around?19:52
* richm hands morgan a <BLINK> tag19:52
lbragstadI have a question on federation token responses.19:53
morganrichm: the perfect delimiter: ಠ_ಠ19:53
richmmorgan: +119:54
morgancrinkle: ^19:54
lbragstadstevemar: when we get an unscoped token using a username and password in keystone, the methods returned in that unscoped response is ['password']19:54
morgancan we just go with that. I thnk it'd be safe to say ಠ_ಠ can't be used in project names or domains or user names (not the individual characters, the combination)19:54
lbragstadwhen we rescope that token to a project, the methods returned in the project scoped response are ['password', 'token']19:54
lbragstadfor federation, when we get an unscoped token, the method list is ['saml2'], but when we rescope that unscoped token to a project, the project response only contains ['saml2'] as the method19:55
lbragstadI'm wondering if that is by design or if that is an inconsistency in the federation API19:55
*** geoffarnold has quit IRC19:55
*** topol has quit IRC19:56
bknudsonlbragstad: I don't think that's working correctly19:57
openstackgerritLance Bragstad proposed openstack/keystone: Expose method list inconsistency in federation api  https://review.openstack.org/22912519:57
lbragstadbknudson: I amended a test to expose it..19:57
lbragstadbknudson: ^19:57
*** su_zhang has joined #openstack-keystone20:00
*** csoukup has quit IRC20:00
lbragstadstevemar: marekd documented here - https://bugs.launchpad.net/keystone/+bug/150103220:07
openstackLaunchpad bug 1501032 in Keystone "incorrect method list is returned when scoping tokens with federation" [Undecided,New]20:07
*** ayoung has quit IRC20:09
*** diegows has quit IRC20:09
*** e0ne has joined #openstack-keystone20:14
openstackgerritLance Bragstad proposed openstack/keystone-specs: Clarify documentation about scope  https://review.openstack.org/22479220:15
*** diegows has joined #openstack-keystone20:22
*** stevemar has quit IRC20:25
*** ayoung has joined #openstack-keystone20:25
*** ChanServ sets mode: +v ayoung20:25
lbragstaddstanek: for https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:fix-endpoint-filtering-docs,n,z if https://review.openstack.org/#/c/167675/30 gets in, does it even make sense to improve those docs?20:28
*** dims has quit IRC20:28
*** stevemar has joined #openstack-keystone20:29
*** ChanServ sets mode: +o stevemar20:29
*** dims has joined #openstack-keystone20:29
dstaneklbragstad: probably not, but the fact that filtering can still happen should be documented somewhere20:29
lbragstaddstanek: the endpoint filtering extension will then be in the default sql driver, so you shouldn't have to worry about adding it to the pipeline20:29
*** svasheka has quit IRC20:30
lbragstaddstanek: ++ agreed, the endpoint filtering docs should be collapsed somewhere? or should we just document the behavior in the current endpoint filtering docs and remove the references to the pipeline. Instead, point to the config file changes required?20:30
dstanekoh, wow. yeah i thought that would have said how to use filtering :-)20:30
stevemarbknudson: use rpdb?20:32
stevemardstanek: morgan yeah, someone from bluebox was telling me "oh god no!" when i said we were going to remove eventlet in favor of apache20:33
dstanekstevemar: really, why?20:33
stevemardstanek: something about containerizing services and how it's better performance with eventlet20:34
*** mylu has joined #openstack-keystone20:34
*** diegows has quit IRC20:34
*** svasheka has joined #openstack-keystone20:34
stevemardstanek: and apache being harder to configure within a container service20:34
dstaneki don't buy harder to configure. but i can see the perf arg.20:35
dstanekthey should use uwsgi then20:35
lbragstaddstanek:  I updated https://review.openstack.org/#/c/167675/ with a comment20:37
lbragstaddstanek: make sense if I abandon my patches to the docs20:37
*** mylu has quit IRC20:42
morganstevemar: uh. no.20:42
*** mylu has joined #openstack-keystone20:43
morganstevemar: this is why uwsgi would be my choice there20:43
morganstevemar: there are alternatives... eventlet is a trainwreck and needs to die20:43
morganso i stand by the "lets kill eventlet"20:43
morganif they need a multi-process-like non-web-server backed (meaning no federation) thing20:43
morganuwsgi will do it better than eventlet20:44
morganand be about as hard to configure/run as eventlet20:44
bknudson.tox/py27/bin/uwsgi --http :5000 --wsgi-file .tox/py27/bin/keystone-wsgi-admin20:46
morganbknudson: pretty much20:46
morganwill even do SSL if you want20:46
morganand multi processor20:46
*** mylu has quit IRC20:47
morganbknudson: there is one other option to make it do standalone HTTP20:47
morganbknudson: but exactly that20:48
*** su_zhang has quit IRC20:48
bknudsonI wonder what thunder lock is.20:50
bknudsonsounds cool20:50
*** su_zhang has joined #openstack-keystone20:50
bknudsonmule farms, emperors, vassals.20:55
morganbknudson: yeah I had to go look to see wtf Thunder Lock was20:56
morganit's basically a way to prevent thundering herd20:57
morganbut.. amuuuuuuuzing20:57
morganuWSGI docs sucks: –thunder-lock20:58
morganMichael Hood (you will find his name in the comments of David’s post, too) signalled the problem in the uWSGI mailing-list/issue tracker some time ago, he even came out with an initial patch that ended with the --thunder-lock option (this is why open-source is better ;)20:58
morgan--thunder-lock is available since uWSGI 1.4.6 but never got documentation (of any kind)20:58
morganOnly the people following the mailing-list (or facing the specific problem) know about it.20:58
bknudsonit's mentioned when you start the binary20:58
*** woodster_ has quit IRC20:59
*** diazjf has left #openstack-keystone21:02
morganstevemar: come to #openstack-meetingh21:03
morganstevemar (no h)21:03
morganstevemar: it's meeting time21:03
stevemarmorgan: yep, its in my calendar now21:03
*** jsavak has quit IRC21:08
*** raildo is now known as raildo-afk21:10
*** spandhe has joined #openstack-keystone21:15
*** geoffarnold has joined #openstack-keystone21:15
*** henrynash has joined #openstack-keystone21:17
*** ChanServ sets mode: +v henrynash21:17
*** lhcheng has quit IRC21:22
openstackgerritMerged openstack/keystoneauth: Add UnknownConnectionError to __all__  https://review.openstack.org/22911421:28
*** henrynash has quit IRC21:28
*** ayoung has quit IRC21:29
*** phalmos has quit IRC21:30
*** e0ne has quit IRC21:38
*** harlowja has quit IRC21:40
*** harlowja has joined #openstack-keystone21:40
samueldmqdstanek: ping - about https://review.openstack.org/#/c/21200621:42
*** urulama has quit IRC21:49
*** urulama has joined #openstack-keystone21:49
*** jsavak has joined #openstack-keystone21:52
*** devlaps has joined #openstack-keystone21:52
*** geoffarnold has quit IRC21:52
*** zzzeek has quit IRC21:52
*** geoffarnold has joined #openstack-keystone21:55
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Use request helpers for token_info/token_auth  https://review.openstack.org/22916121:58
*** gyee has joined #openstack-keystone21:59
*** ChanServ sets mode: +v gyee21:59
*** hrou has quit IRC22:00
*** zzzeek has joined #openstack-keystone22:01
*** mylu has joined #openstack-keystone22:01
*** gordc has quit IRC22:05
*** tonytan_brb has joined #openstack-keystone22:10
*** boris-42 has joined #openstack-keystone22:12
*** lhcheng has joined #openstack-keystone22:13
*** ChanServ sets mode: +v lhcheng22:13
*** tonytan4ever has quit IRC22:14
stevemarbknudson: you gonna bail this one: https://review.openstack.org/#/c/224888/ documenting token format?22:17
*** sigmavirus24 is now known as sigmavirus24_awa22:19
*** jsavak has quit IRC22:21
*** ankita_wagh has quit IRC22:25
*** tonytan_brb has quit IRC22:27
*** slberger has left #openstack-keystone22:31
*** tonytan4ever has joined #openstack-keystone22:33
*** stevephone has joined #openstack-keystone22:38
*** stevemar has quit IRC22:38
*** stevephone is now known as stevemar22:38
*** stevemar is now known as stevephone22:39
*** stevephone has quit IRC22:41
*** ankita_wagh has joined #openstack-keystone22:41
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Fixes query.one() return usage in endpoint-policy  https://review.openstack.org/20860922:44
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for endpoint policy SQL driver  https://review.openstack.org/21200622:44
samueldmqdstanek: ^ concerns addressed, thanks for the reviews22:45
*** zzzeek has quit IRC22:46
*** ayoung has joined #openstack-keystone22:49
*** ChanServ sets mode: +v ayoung22:49
*** alejandrito has quit IRC22:56
*** ngupta has quit IRC22:57
*** ngupta_ has quit IRC22:57
*** su_zhang has quit IRC22:58
*** geoffarnold is now known as geoffarnoldX23:00
*** spandhe has quit IRC23:01
*** browne has quit IRC23:05
*** browne has joined #openstack-keystone23:05
dstaneksamueldmq: oh, nice. thx23:06
*** su_zhang has joined #openstack-keystone23:06
*** geoffarnoldX is now known as geoffarnold23:06
*** tonytan4ever has quit IRC23:16
*** dims_ has joined #openstack-keystone23:19
*** dims has quit IRC23:22
*** su_zhang has quit IRC23:24
*** su_zhang has joined #openstack-keystone23:24
*** spandhe has joined #openstack-keystone23:25
*** geoffarnold has quit IRC23:26
*** geoffarnold has joined #openstack-keystone23:27
*** hrou has joined #openstack-keystone23:29
*** sdake_ has quit IRC23:30
*** sdake has joined #openstack-keystone23:30
*** dims_ has quit IRC23:31
*** dims_ has joined #openstack-keystone23:32
*** flaper87 has quit IRC23:32
*** esp has quit IRC23:32
*** charz has quit IRC23:32
*** htruta has quit IRC23:32
*** tjcocozz has quit IRC23:32
*** tristanC has quit IRC23:32
*** htruta` has joined #openstack-keystone23:32
*** flaper87 has joined #openstack-keystone23:32
*** tristanC has joined #openstack-keystone23:33
*** _cjones_ has quit IRC23:33
*** marekd has quit IRC23:33
*** albertom has quit IRC23:33
*** brad[] has quit IRC23:33
*** marekd has joined #openstack-keystone23:33
*** albertom has joined #openstack-keystone23:33
*** tjcocozz has joined #openstack-keystone23:33
*** charz has joined #openstack-keystone23:34
*** _cjones_ has joined #openstack-keystone23:35
*** esp has joined #openstack-keystone23:38
*** edmondsw has quit IRC23:41
*** sdake has quit IRC23:44
*** sdake_ has joined #openstack-keystone23:44
*** sdake_ is now known as sdake23:45
*** mylu has quit IRC23:52
*** mylu has joined #openstack-keystone23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!