*** EinstCrazy has joined #openstack-keystone | 00:01 | |
*** geoffarnold has joined #openstack-keystone | 00:08 | |
*** akanksha_ has quit IRC | 00:08 | |
*** EinstCrazy has quit IRC | 00:09 | |
*** zzzeek has quit IRC | 00:17 | |
*** shadower has quit IRC | 00:23 | |
*** su_zhang has quit IRC | 00:23 | |
*** shadower has joined #openstack-keystone | 00:23 | |
*** dims has joined #openstack-keystone | 00:24 | |
*** diazjf has joined #openstack-keystone | 00:27 | |
*** diazjf has left #openstack-keystone | 00:27 | |
*** diegows has quit IRC | 00:30 | |
*** mhu has quit IRC | 00:37 | |
*** aix has quit IRC | 00:39 | |
*** aix has joined #openstack-keystone | 00:40 | |
*** lhcheng has quit IRC | 00:42 | |
*** mhu has joined #openstack-keystone | 00:43 | |
*** amit213 has quit IRC | 00:45 | |
*** _hrou_ has joined #openstack-keystone | 00:47 | |
*** edmondsw has quit IRC | 00:47 | |
*** jmccrory has joined #openstack-keystone | 00:49 | |
*** hrou has quit IRC | 00:51 | |
*** aix has quit IRC | 00:52 | |
*** btully has joined #openstack-keystone | 00:52 | |
*** geoffarnold has quit IRC | 00:54 | |
*** aix has joined #openstack-keystone | 00:55 | |
*** marzif has joined #openstack-keystone | 00:56 | |
*** btully has quit IRC | 00:57 | |
*** _cjones_ has quit IRC | 01:00 | |
*** EinstCrazy has joined #openstack-keystone | 01:01 | |
*** browne has quit IRC | 01:02 | |
*** r-daneel has quit IRC | 01:04 | |
*** davechen has joined #openstack-keystone | 01:23 | |
*** mylu has joined #openstack-keystone | 01:26 | |
davechen | bknudson: ping? | 01:28 |
---|---|---|
davechen | bknudson: still here? | 01:28 |
davechen | fine, i will leave my explanation in that patch (https://review.openstack.org/#/c/134124). | 01:39 |
*** mylu has quit IRC | 01:43 | |
*** mylu has joined #openstack-keystone | 01:43 | |
*** mylu_ has joined #openstack-keystone | 01:47 | |
*** mylu has quit IRC | 01:48 | |
*** dsirrine|call has quit IRC | 01:54 | |
*** ankita_wagh has joined #openstack-keystone | 02:04 | |
*** ngupta has joined #openstack-keystone | 02:06 | |
*** richm has quit IRC | 02:06 | |
*** dims has quit IRC | 02:09 | |
*** dsirrine|call has joined #openstack-keystone | 02:09 | |
*** ayoung has quit IRC | 02:18 | |
*** stevemar has joined #openstack-keystone | 02:19 | |
*** ChanServ sets mode: +v stevemar | 02:19 | |
*** doug-fish has joined #openstack-keystone | 02:27 | |
morgan | Zzzzzzzzzzzzzzzz | 02:29 |
morgan | stevemar: ping, you around? | 02:29 |
stevemar | morgan: yo | 02:29 |
morgan | stevemar: hey. Hows day one of the new job? ;) | 02:30 |
stevemar | morgan: i was a scatterbrain | 02:30 |
morgan | Hehehe | 02:30 |
stevemar | i tried to do everything and got nothing done \o/ | 02:30 |
morgan | Welcome to the land of PTL! | 02:30 |
morgan | Every time i sat down to do something someone would ask me a question. Like I am doing to you right now! ;) | 02:31 |
stevemar | i need to make a list of things to do, and for you to look over it to make sure i'm not missing anything :P | 02:31 |
*** ChanServ sets mode: +o stevemar | 02:33 | |
morgan | Sure | 02:33 |
stevemar | morgan: what else is up | 02:33 |
morgan | Fixed my bike today. | 02:33 |
morgan | :P | 02:33 |
morgan | Figuring out all the stuff for getting to tokyo | 02:34 |
stevemar | morgan: i'm doing that now | 02:34 |
*** roxanaghe has quit IRC | 02:34 | |
*** browne has joined #openstack-keystone | 02:35 | |
*** lhcheng has joined #openstack-keystone | 02:36 | |
*** ChanServ sets mode: +v lhcheng | 02:36 | |
*** lhcheng has quit IRC | 02:36 | |
*** lhcheng has joined #openstack-keystone | 02:37 | |
*** ChanServ sets mode: +v lhcheng | 02:37 | |
*** phalmos has joined #openstack-keystone | 02:46 | |
openstackgerrit | Masaki Matsushita proposed openstack/keystone: Use IPOpt to validate IP addresses https://review.openstack.org/228697 | 02:47 |
*** wwwjfy has quit IRC | 02:47 | |
*** wwwjfy has joined #openstack-keystone | 02:49 | |
openstackgerrit | Dave Chen proposed openstack/keystone: Using the right format to render the docstring correctly https://review.openstack.org/226225 | 02:52 |
*** mylu_ has quit IRC | 02:52 | |
*** mylu has joined #openstack-keystone | 02:53 | |
*** phalmos has quit IRC | 02:55 | |
*** mylu has quit IRC | 02:56 | |
*** mylu has joined #openstack-keystone | 02:57 | |
*** dims has joined #openstack-keystone | 03:09 | |
*** ngupta has quit IRC | 03:12 | |
*** doug-fish has quit IRC | 03:14 | |
*** dims has quit IRC | 03:16 | |
*** _hrou_ has quit IRC | 03:19 | |
*** boris-42 has quit IRC | 03:19 | |
*** boris-42 has joined #openstack-keystone | 03:29 | |
*** panbalag has quit IRC | 03:31 | |
*** links has joined #openstack-keystone | 03:36 | |
*** Nirupama has joined #openstack-keystone | 03:38 | |
*** mylu has quit IRC | 03:41 | |
*** markvoelker has quit IRC | 03:56 | |
openstackgerrit | Masaki Matsushita proposed openstack/keystone: Use IPOpt to validate IP addresses https://review.openstack.org/228697 | 04:01 |
*** btully has joined #openstack-keystone | 04:15 | |
*** topol has joined #openstack-keystone | 04:25 | |
*** ChanServ sets mode: +v topol | 04:25 | |
*** sdake_ has joined #openstack-keystone | 04:28 | |
*** wwwjfy has quit IRC | 04:29 | |
*** sdake has quit IRC | 04:31 | |
*** woodster_ has quit IRC | 04:49 | |
*** geoffarnold has joined #openstack-keystone | 04:50 | |
*** geoffarn_ has joined #openstack-keystone | 04:51 | |
*** su_zhang has joined #openstack-keystone | 04:51 | |
*** roxanaghe has joined #openstack-keystone | 04:54 | |
*** geoffarnold has quit IRC | 04:55 | |
*** geoffarn_ is now known as geoffarnoldX | 04:56 | |
*** markvoelker has joined #openstack-keystone | 04:57 | |
*** Nirupama has quit IRC | 04:58 | |
*** markvoelker has quit IRC | 05:01 | |
*** stevemar has quit IRC | 05:03 | |
*** yottatsa has joined #openstack-keystone | 05:05 | |
*** yottatsa has quit IRC | 05:08 | |
*** yottatsa has joined #openstack-keystone | 05:08 | |
*** geoffarnold has joined #openstack-keystone | 05:12 | |
*** dims has joined #openstack-keystone | 05:13 | |
*** geoffarnoldX has quit IRC | 05:16 | |
*** dims has quit IRC | 05:18 | |
*** phalmos has joined #openstack-keystone | 05:23 | |
*** doug-fish has joined #openstack-keystone | 05:25 | |
*** phalmos has quit IRC | 05:27 | |
*** doug-fish has quit IRC | 05:30 | |
*** sileht has quit IRC | 05:33 | |
*** geoffarnold has quit IRC | 05:33 | |
*** geoffarnold has joined #openstack-keystone | 05:34 | |
*** stevemar has joined #openstack-keystone | 05:36 | |
*** ChanServ sets mode: +o stevemar | 05:36 | |
*** roxanaghe has quit IRC | 05:37 | |
*** lhcheng has quit IRC | 05:37 | |
*** lhcheng has joined #openstack-keystone | 05:38 | |
*** ChanServ sets mode: +v lhcheng | 05:38 | |
*** topol has quit IRC | 05:40 | |
*** stevemar_ has joined #openstack-keystone | 05:42 | |
*** ChanServ sets mode: +o stevemar_ | 05:42 | |
*** stevema__ has joined #openstack-keystone | 05:43 | |
*** ChanServ sets mode: +o stevema__ | 05:43 | |
*** wwwjfy has joined #openstack-keystone | 05:43 | |
*** lhcheng has quit IRC | 05:44 | |
*** stevemar has quit IRC | 05:45 | |
*** lhcheng has joined #openstack-keystone | 05:46 | |
*** ChanServ sets mode: +v lhcheng | 05:46 | |
*** stevemar_ has quit IRC | 05:46 | |
*** yottatsa has quit IRC | 05:52 | |
*** nisha_ has joined #openstack-keystone | 05:55 | |
*** geoffarn_ has joined #openstack-keystone | 05:55 | |
*** geoffarnold has quit IRC | 05:55 | |
*** sdake_ is now known as sdake | 05:56 | |
*** lsmola has joined #openstack-keystone | 05:58 | |
*** lhcheng has quit IRC | 05:58 | |
*** henrynash has joined #openstack-keystone | 06:01 | |
*** ChanServ sets mode: +v henrynash | 06:01 | |
*** browne has quit IRC | 06:03 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Zanata https://review.openstack.org/228119 | 06:10 |
*** jaosorior has joined #openstack-keystone | 06:11 | |
*** jamielennox is now known as jamielennox|away | 06:12 | |
*** su_zhang has quit IRC | 06:15 | |
*** openstackgerrit has quit IRC | 06:16 | |
*** geoffarn_ has quit IRC | 06:16 | |
*** geoffarnold has joined #openstack-keystone | 06:17 | |
*** openstackgerrit has joined #openstack-keystone | 06:17 | |
*** topol has joined #openstack-keystone | 06:20 | |
*** ChanServ sets mode: +v topol | 06:20 | |
*** fawadkhaliq has joined #openstack-keystone | 06:21 | |
*** yottatsa has joined #openstack-keystone | 06:22 | |
fawadkhaliq | Hello Keystone cores, can you please review this: https://review.openstack.org/#/c/211598/ It has been in reasonable state for quite sommetime. Thank you! | 06:22 |
stevema__ | fawadkhaliq: i dont see what a neutron related devstack change has to do with keystone? | 06:24 |
*** topol has quit IRC | 06:25 | |
fawadkhaliq | Oh my bad. I am really tired. I was seeing Keystone and DevStack as same. Apologies. I should hit bed :) | 06:25 |
fawadkhaliq | Moving this to DevStack DevStack.. | 06:25 |
stevema__ | fawadkhaliq: np | 06:27 |
*** e0ne has joined #openstack-keystone | 06:27 | |
stevema__ | i'm going to do the same | 06:28 |
*** stevema__ has quit IRC | 06:28 | |
*** stevemar has joined #openstack-keystone | 06:28 | |
*** ChanServ sets mode: +o stevemar | 06:28 | |
*** fawadkhaliq has quit IRC | 06:30 | |
*** sdake_ has joined #openstack-keystone | 06:33 | |
*** stevemar has quit IRC | 06:33 | |
*** e0ne has quit IRC | 06:34 | |
*** davechen1 has joined #openstack-keystone | 06:35 | |
*** sdake has quit IRC | 06:36 | |
*** geoffarnold has quit IRC | 06:38 | |
*** geoffarnold has joined #openstack-keystone | 06:38 | |
*** davechen has quit IRC | 06:38 | |
*** davechen has joined #openstack-keystone | 06:41 | |
*** davechen1 has quit IRC | 06:44 | |
*** markvoelker has joined #openstack-keystone | 06:45 | |
*** ankita_wagh has quit IRC | 06:48 | |
*** markvoelker has quit IRC | 06:50 | |
*** btully has quit IRC | 06:52 | |
*** geoffarn_ has joined #openstack-keystone | 06:59 | |
*** geoffarnold has quit IRC | 06:59 | |
*** e0ne has joined #openstack-keystone | 07:07 | |
*** nisha_ has quit IRC | 07:08 | |
*** e0ne has quit IRC | 07:09 | |
*** sdake_ is now known as sdake | 07:10 | |
*** nisha_ has joined #openstack-keystone | 07:13 | |
*** geoffarnold has joined #openstack-keystone | 07:20 | |
*** e0ne has joined #openstack-keystone | 07:21 | |
*** geoffarn_ has quit IRC | 07:21 | |
*** yottatsa has quit IRC | 07:24 | |
*** nisha_ has quit IRC | 07:33 | |
*** ParsectiX has joined #openstack-keystone | 07:34 | |
*** exploreshaifali has joined #openstack-keystone | 07:40 | |
*** yottatsa has joined #openstack-keystone | 07:42 | |
*** yottatsa has quit IRC | 07:45 | |
*** jsheeren has joined #openstack-keystone | 07:47 | |
*** dsirrine|call has quit IRC | 07:48 | |
*** nisha_ has joined #openstack-keystone | 07:49 | |
*** fhubik has joined #openstack-keystone | 07:51 | |
*** urulama has quit IRC | 07:54 | |
*** urulama has joined #openstack-keystone | 07:55 | |
*** yottatsa has joined #openstack-keystone | 07:58 | |
*** nisha__ has joined #openstack-keystone | 08:01 | |
*** nisha_ has quit IRC | 08:04 | |
*** ParsectiX has quit IRC | 08:08 | |
*** ParsectiX has joined #openstack-keystone | 08:08 | |
*** nisha_ has joined #openstack-keystone | 08:09 | |
*** ParsectiX has quit IRC | 08:10 | |
*** ParsectiX has joined #openstack-keystone | 08:11 | |
*** nisha__ has quit IRC | 08:12 | |
*** jistr has joined #openstack-keystone | 08:16 | |
*** marzif has quit IRC | 08:18 | |
*** geoffarnold has quit IRC | 08:23 | |
*** geoffarnold has joined #openstack-keystone | 08:24 | |
*** amakarov_away is now known as amakarov | 08:34 | |
*** geoffarnold has quit IRC | 08:45 | |
*** exploreshaifali has quit IRC | 08:45 | |
*** geoffarnold has joined #openstack-keystone | 08:45 | |
*** markvoelker has joined #openstack-keystone | 08:46 | |
*** davechen1 has joined #openstack-keystone | 08:49 | |
*** jvarlamova has joined #openstack-keystone | 08:50 | |
*** markvoelker has quit IRC | 08:51 | |
*** davechen has quit IRC | 08:51 | |
*** davechen has joined #openstack-keystone | 08:56 | |
*** davechen1 has quit IRC | 08:59 | |
*** fhubik is now known as fhubik_brb | 09:02 | |
*** nisha__ has joined #openstack-keystone | 09:02 | |
*** nisha_ has quit IRC | 09:05 | |
*** jorge_munoz_ has joined #openstack-keystone | 09:06 | |
*** geoffarnold has quit IRC | 09:06 | |
*** geoffarnold has joined #openstack-keystone | 09:06 | |
*** jorge_munoz has quit IRC | 09:08 | |
*** jorge_munoz_ is now known as jorge_munoz | 09:08 | |
*** urulama has quit IRC | 09:08 | |
*** urulama has joined #openstack-keystone | 09:09 | |
*** dims has joined #openstack-keystone | 09:16 | |
*** davechen has left #openstack-keystone | 09:19 | |
*** yottatsa has quit IRC | 09:20 | |
*** dims has quit IRC | 09:22 | |
*** geoffarnold has quit IRC | 09:27 | |
*** geoffarnold has joined #openstack-keystone | 09:28 | |
*** ParsectiX has quit IRC | 09:30 | |
*** jsheeren has quit IRC | 09:36 | |
*** henrynash has quit IRC | 09:36 | |
*** fhubik_brb is now known as fhubik | 09:37 | |
*** wwwjfy_ has joined #openstack-keystone | 09:40 | |
*** wwwjfy has quit IRC | 09:41 | |
openstackgerrit | Marek Denis proposed openstack/keystoneauth-saml2: Depend on keystoneauth https://review.openstack.org/186854 | 09:44 |
*** dims has joined #openstack-keystone | 09:47 | |
*** geoffarnold has quit IRC | 09:49 | |
*** geoffarnold has joined #openstack-keystone | 09:49 | |
*** yottatsa has joined #openstack-keystone | 09:53 | |
*** fhubik is now known as fhubik_brb | 10:02 | |
*** ParsectiX has joined #openstack-keystone | 10:07 | |
*** yottatsa has quit IRC | 10:07 | |
*** geoffarnold has quit IRC | 10:13 | |
*** nisha__ has quit IRC | 10:13 | |
*** geoffarnold has joined #openstack-keystone | 10:20 | |
*** nisha__ has joined #openstack-keystone | 10:32 | |
*** nisha__ has quit IRC | 10:33 | |
*** nisha has joined #openstack-keystone | 10:33 | |
*** EinstCrazy has quit IRC | 10:42 | |
*** markvoelker has joined #openstack-keystone | 10:47 | |
*** jamielennox|away is now known as jamielennox | 10:49 | |
*** sdake_ has joined #openstack-keystone | 10:50 | |
*** markvoelker has quit IRC | 10:52 | |
*** pnavarro has joined #openstack-keystone | 10:52 | |
*** doug-fish has joined #openstack-keystone | 10:53 | |
*** sdake has quit IRC | 10:54 | |
*** doug-fish has quit IRC | 10:57 | |
*** fhubik_brb is now known as fhubik | 10:58 | |
*** fhubik is now known as fhubik_brb | 10:58 | |
*** wwwjfy_ has quit IRC | 10:59 | |
*** exploreshaifali has joined #openstack-keystone | 11:03 | |
*** EinstCrazy has joined #openstack-keystone | 11:04 | |
*** jecarey has joined #openstack-keystone | 11:05 | |
samueldmq | morning keystoners | 11:11 |
*** nisha_ has joined #openstack-keystone | 11:17 | |
*** nisha_ has quit IRC | 11:18 | |
*** svasheka has quit IRC | 11:19 | |
nisha | Morning :) | 11:19 |
*** wwwjfy_ has joined #openstack-keystone | 11:20 | |
*** nisha_ has joined #openstack-keystone | 11:23 | |
*** nisha has quit IRC | 11:24 | |
*** marzif has joined #openstack-keystone | 11:28 | |
*** kiran-r has joined #openstack-keystone | 11:29 | |
*** jecarey has quit IRC | 11:31 | |
*** svasheka has joined #openstack-keystone | 11:32 | |
*** exploreshaifali has quit IRC | 11:32 | |
*** doug-fish has joined #openstack-keystone | 11:33 | |
*** geoffarn_ has joined #openstack-keystone | 11:35 | |
*** geoffarnold has quit IRC | 11:35 | |
*** stevemar has joined #openstack-keystone | 11:40 | |
*** ChanServ sets mode: +o stevemar | 11:40 | |
*** fhubik_brb is now known as fhubik | 11:41 | |
*** stevemar has quit IRC | 11:45 | |
*** nisha_ has quit IRC | 11:47 | |
*** gordc has joined #openstack-keystone | 11:48 | |
samueldmq | nisha_: hey, I am glad you got it working | 11:49 |
samueldmq | oh, she left :( | 11:49 |
*** jaosorior has quit IRC | 11:53 | |
*** jaosorior has joined #openstack-keystone | 11:54 | |
*** jaosorior has quit IRC | 11:55 | |
*** jaosorior has joined #openstack-keystone | 11:55 | |
*** geoffarn_ has quit IRC | 11:56 | |
*** geoffarnold has joined #openstack-keystone | 11:56 | |
*** pnavarro has quit IRC | 11:57 | |
*** nisha has joined #openstack-keystone | 12:02 | |
*** markvoelker has joined #openstack-keystone | 12:03 | |
*** nisha has quit IRC | 12:03 | |
*** nisha has joined #openstack-keystone | 12:05 | |
*** nisha has quit IRC | 12:06 | |
*** nisha has joined #openstack-keystone | 12:06 | |
*** nicodemos has joined #openstack-keystone | 12:07 | |
*** markvoelker has quit IRC | 12:07 | |
*** exploreshaifali has joined #openstack-keystone | 12:07 | |
*** pnavarro has joined #openstack-keystone | 12:11 | |
*** geoffarnold has quit IRC | 12:17 | |
*** geoffarnold has joined #openstack-keystone | 12:18 | |
jvarlamova | Hello, Keystone team! Could you please take a look at patch https://review.openstack.org/#/c/207906/? Stable/kilo branch of Manila client is broken due to bug https://bugs.launchpad.net/python-keystoneclient/+bug/1480314 | 12:18 |
openstack | Launchpad bug 1480314 in python-keystoneclient "Branch "stable/kilo" is broken" [Undecided,In progress] - Assigned to Julia Varlamova (jvarlamova) | 12:18 |
*** raildo-afk is now known as raildo | 12:21 | |
*** edmondsw has joined #openstack-keystone | 12:31 | |
*** Ephur has quit IRC | 12:31 | |
*** kiran-r has quit IRC | 12:32 | |
*** markvoelker has joined #openstack-keystone | 12:32 | |
*** EinstCrazy has quit IRC | 12:34 | |
*** dims_ has joined #openstack-keystone | 12:36 | |
*** aix has quit IRC | 12:37 | |
*** geoffarnold has quit IRC | 12:38 | |
*** geoffarnold has joined #openstack-keystone | 12:39 | |
*** EinstCrazy has joined #openstack-keystone | 12:40 | |
*** dims has quit IRC | 12:40 | |
*** exploreshaifali has quit IRC | 12:40 | |
*** alejandrito has joined #openstack-keystone | 12:52 | |
*** dims_ has quit IRC | 12:53 | |
*** fhubik is now known as fhubik_brb | 12:55 | |
*** Ephur has joined #openstack-keystone | 13:00 | |
*** geoffarnold has quit IRC | 13:00 | |
*** geoffarnold has joined #openstack-keystone | 13:00 | |
*** Ephur_ has joined #openstack-keystone | 13:01 | |
*** dims has joined #openstack-keystone | 13:01 | |
*** Ephur has quit IRC | 13:05 | |
*** hrou has joined #openstack-keystone | 13:07 | |
*** thiagop has joined #openstack-keystone | 13:09 | |
*** daemontool_ has joined #openstack-keystone | 13:10 | |
*** btully has joined #openstack-keystone | 13:13 | |
*** nisha_ has joined #openstack-keystone | 13:13 | |
*** nisha has quit IRC | 13:16 | |
*** links has quit IRC | 13:22 | |
*** jsavak has joined #openstack-keystone | 13:25 | |
*** doug-fish has quit IRC | 13:27 | |
*** doug-fish has joined #openstack-keystone | 13:28 | |
*** alejandrito has quit IRC | 13:28 | |
*** jsavak has quit IRC | 13:29 | |
*** richm has joined #openstack-keystone | 13:33 | |
*** jsavak has joined #openstack-keystone | 13:33 | |
*** ngupta has joined #openstack-keystone | 13:34 | |
*** stevemar has joined #openstack-keystone | 13:34 | |
*** ChanServ sets mode: +o stevemar | 13:34 | |
*** stevemar_ has joined #openstack-keystone | 13:36 | |
*** ChanServ sets mode: +o stevemar_ | 13:36 | |
*** stevemar_ has quit IRC | 13:37 | |
*** stevemar_ has joined #openstack-keystone | 13:38 | |
*** ChanServ sets mode: +o stevemar_ | 13:38 | |
*** stevemar has quit IRC | 13:39 | |
*** alejandrito has joined #openstack-keystone | 13:40 | |
*** aix has joined #openstack-keystone | 13:40 | |
*** iurygregory_ has joined #openstack-keystone | 13:43 | |
*** iurygregory_ has quit IRC | 13:43 | |
*** doug-fish has quit IRC | 13:43 | |
*** geoffarnold has quit IRC | 13:44 | |
dstanek | dolphm: +1 on https://review.openstack.org/#/c/210365/1 ? | 13:49 |
*** marzif has quit IRC | 13:49 | |
dolphm | dstanek: sure, i was hoping it would grow a dependency | 13:50 |
dstanek | dolphm: what dependency? | 13:51 |
dolphm | dstanek: on your patch | 13:51 |
dstanek | ah, ok | 13:51 |
dstanek | hmmm.... "Ran: 5695 tests... Failed: 4190" - good times! | 13:52 |
dstanek | bknudson: we were deprecating the functionality since it could break existing config files re: https://review.openstack.org/#/c/134124/ | 13:52 |
*** stevemar_ is now known as stevemar | 13:54 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Test revocation race conditions https://review.openstack.org/227995 | 13:55 |
bknudson | dstanek: but apparently it didn't work due to the bug. | 13:56 |
dstanek | bknudson: the values just had no effect right? | 13:57 |
bknudson | dstanek: according to the bug report the server fails to start with a backtrace | 13:57 |
bknudson | "So, if we configure paste.deploy config files like what the method docs says, ..." | 13:57 |
marekd | stevemar: hi, do you know if anybody in the openstack family by default can consume cadf events? | 13:58 |
bknudson | "it will always fails as:" | 13:58 |
stevemar | marekd: ceilometer? | 13:58 |
bknudson | dstanek: so I don't get the point of deprecating since it's been broken for so long. | 13:59 |
*** phalmos has joined #openstack-keystone | 14:00 | |
marekd | stevemar: i am thinking about it as I see lots of people see federated users ephemerality as a problem cause they cannot track them and I am wondering whether we should somehow solve it for them. | 14:00 |
*** nisha_ has quit IRC | 14:02 | |
openstackgerrit | Tony Wang proposed openstack/keystone: Show v3 endpoints in v2 endpoint list https://review.openstack.org/215870 | 14:03 |
dstanek | bknudson: i thought at one point we had middleware that allowed it, but didn't use it, but i can't find any evidence of it so i agree that we should just delete | 14:03 |
*** ParsectiX has quit IRC | 14:03 | |
bknudson | dstanek: ok, I'm not crazy | 14:04 |
dstanek | bknudson: no i am :-) | 14:04 |
*** ayoung has joined #openstack-keystone | 14:05 | |
*** ChanServ sets mode: +v ayoung | 14:05 | |
dstanek | bknudson: it was the Xml middleware that was deleted in L | 14:05 |
bknudson | you could configure the XML middleware? | 14:06 |
dstanek | bknudson: nope | 14:06 |
dstanek | bknudson: it was that awesome! http://git.openstack.org/cgit/openstack/keystone/commit/?id=8b742b5f29f0b40cd9cfead28d45acc65e61b491 | 14:07 |
bknudson | I'm just glad we don't have to support the broken XML translator anyways | 14:08 |
dstanek | we should get rid of all the broken | 14:08 |
bknudson | we don't use the local conf in the app factories -- https://review.openstack.org/#/c/134124/22/keystone/service.py | 14:09 |
*** sigmavirus24_awa is now known as sigmavirus24 | 14:10 | |
bknudson | maybe could change the logs there to say that it's ignored and to update your config file rather than say something is deprecated. | 14:10 |
dstanek | bknudson: if you do that we can't remove the unused params in the future | 14:21 |
bknudson | dstanek: is it safe to remove the unused params or is it part of the paste spec? | 14:22 |
bknudson | does paste say you're supposed to have the kwargs? | 14:22 |
*** urulama has quit IRC | 14:22 | |
dstanek | bknudson: i don't know it it's explicit. paste just bundles the stuff from the config and sends it in as kwargs | 14:22 |
*** urulama has joined #openstack-keystone | 14:23 | |
bknudson | right, so we can't stop paste from doing that... it's just how does keystone handle it... either failing or ignoring | 14:23 |
dstanek | this is the first project i've been a part of that receives them as kwargs too. generally i would used named kwargs | 14:23 |
*** nisha has joined #openstack-keystone | 14:24 | |
bknudson | paste might decide that since they told everyone to accept **kwargs they're going to always specify a kwarg just for fun. | 14:25 |
*** geoffarnold has joined #openstack-keystone | 14:26 | |
dstanek | bknudson: what a pile of crap :-( | 14:27 |
bknudson | dstanek: here's some docs -- http://pythonpaste.org/deploy/#paste-app-factory | 14:29 |
bknudson | they use **local_conf | 14:29 |
dstanek | yeah, but no actual spec that's just the example | 14:29 |
bknudson | dstanek: the other examples seem to use positional args as the config options, see http://pythonpaste.org/deploy/#paste-filter-factory | 14:31 |
*** phalmos has quit IRC | 14:33 | |
dstanek | bknudson: consistent right? i would use defaults, but not ** | 14:33 |
*** topol has joined #openstack-keystone | 14:34 | |
*** ChanServ sets mode: +v topol | 14:34 | |
bknudson | dstanek: you'd prefer to not have the **kwargs config params in our factories? If so maybe this is the right way to go. | 14:34 |
bknudson | I mean maybe https://review.openstack.org/#/c/134124/ is the right way to go. | 14:34 |
dstanek | bknudson: except for the middleware part. that is broken and shouldn't deprecated | 14:36 |
bknudson | maybe it's not necessary to deprecate in https://review.openstack.org/#/c/134124/22/keystone/common/wsgi.py since the server just failed to start before, but in https://review.openstack.org/#/c/134124/22/keystone/service.py the args were ignored before so I suppose we could deprecate first. | 14:36 |
dstanek | bknudson: 2015-09-29 14:34:38.921 31516 CRITICAL keystone.service [-] admin_version_app_factory() got an unexpected keyword argument 'arg' | 14:36 |
dstanek | ^that's what happens why you have config values in the ini and remove them from the app factory | 14:36 |
bknudson | really? def admin_version_app_factory(global_conf, **local_conf) -- it's got kwargs. | 14:36 |
bknudson | oh, you removed it | 14:36 |
dstanek | bknudson: y | 14:37 |
*** slberger has joined #openstack-keystone | 14:37 | |
bknudson | if you think the kwargs should be removed from admin_version_app_factory then I'm fine with printing the deprecation message there. | 14:37 |
*** geoffarnold has quit IRC | 14:38 | |
dstanek | i want to find out who is maintaining the lib and ask | 14:38 |
bknudson | I don't think we have to wait 2 releases. | 14:38 |
*** jorge_munoz has quit IRC | 14:39 | |
*** su_zhang has joined #openstack-keystone | 14:43 | |
*** dsirrine has joined #openstack-keystone | 14:47 | |
*** dsirrine has quit IRC | 14:53 | |
bknudson | paste could have a nicer message when the config is incorrect, rather than just saying unexpected kwarg. | 14:53 |
*** ayoung has quit IRC | 14:54 | |
*** dsirrine has joined #openstack-keystone | 14:54 | |
*** dsirrine has quit IRC | 14:55 | |
dstanek | bknudson: i was thinking something more like this http://paste.openstack.org/show/474693/ | 14:58 |
bknudson | dstanek: so no need to deprecate? | 14:58 |
bknudson | did any of our middleware support extra args? | 14:59 |
dstanek | not for middleware. like you said if they have config in the INI then they'll get a traceback because the middleware's init doesn't allow kwargs | 14:59 |
dstanek | not that i can see, the Xml middleware was the only one | 14:59 |
dstanek | tests are running now | 15:00 |
dstanek | i need to push some of my wsgi rework today before this gets out of hand | 15:00 |
bknudson | things are getting out of hand. | 15:01 |
dstanek | "rm -rf keystone/*; git commit -a -m 'starting over'" | 15:02 |
*** dims has quit IRC | 15:04 | |
*** akanksha_ has joined #openstack-keystone | 15:09 | |
*** ayoung has joined #openstack-keystone | 15:09 | |
*** ChanServ sets mode: +v ayoung | 15:09 | |
*** csoukup has joined #openstack-keystone | 15:10 | |
*** zzzeek has joined #openstack-keystone | 15:10 | |
*** jorge_munoz has joined #openstack-keystone | 15:13 | |
*** fhubik_brb is now known as fhubik | 15:14 | |
*** nisha has quit IRC | 15:14 | |
*** diazjf has joined #openstack-keystone | 15:15 | |
*** dims__ has joined #openstack-keystone | 15:16 | |
*** nicodemos has quit IRC | 15:16 | |
*** browne has joined #openstack-keystone | 15:17 | |
*** henrynash has joined #openstack-keystone | 15:19 | |
*** ChanServ sets mode: +v henrynash | 15:19 | |
*** phalmos has joined #openstack-keystone | 15:19 | |
*** EinstCrazy has quit IRC | 15:21 | |
openstackgerrit | Merged openstack/keystonemiddleware: only make token invalid when it really is https://review.openstack.org/217373 | 15:21 |
*** doug-fish has joined #openstack-keystone | 15:24 | |
*** jorge_munoz has quit IRC | 15:24 | |
*** stevemar has quit IRC | 15:27 | |
*** stevemar has joined #openstack-keystone | 15:27 | |
*** ChanServ sets mode: +o stevemar | 15:27 | |
*** stevemar_ has joined #openstack-keystone | 15:29 | |
*** ChanServ sets mode: +o stevemar_ | 15:29 | |
*** stevemar has quit IRC | 15:32 | |
*** stevemar_ has quit IRC | 15:34 | |
*** ayoung has quit IRC | 15:38 | |
*** fhubik has quit IRC | 15:38 | |
*** jorge_munoz has joined #openstack-keystone | 15:39 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Test revocation race conditions https://review.openstack.org/227995 | 15:39 |
*** nisha has joined #openstack-keystone | 15:40 | |
*** nisha has quit IRC | 15:40 | |
*** nisha has joined #openstack-keystone | 15:40 | |
*** jdennis1 has joined #openstack-keystone | 15:41 | |
*** jdennis has quit IRC | 15:43 | |
*** henrynash has quit IRC | 15:48 | |
*** nisha_ has joined #openstack-keystone | 15:51 | |
*** nisha has quit IRC | 15:51 | |
*** ayoung has joined #openstack-keystone | 15:51 | |
*** ChanServ sets mode: +v ayoung | 15:51 | |
*** ayoung has quit IRC | 15:51 | |
*** ayoung has joined #openstack-keystone | 15:51 | |
*** ChanServ sets mode: +v ayoung | 15:51 | |
*** roxanaghe has joined #openstack-keystone | 15:53 | |
*** marzif has joined #openstack-keystone | 15:54 | |
*** woodster_ has joined #openstack-keystone | 15:57 | |
*** fawadkhaliq has joined #openstack-keystone | 15:59 | |
*** su_zhang has quit IRC | 16:00 | |
*** Ephur_ has quit IRC | 16:04 | |
*** urulama has quit IRC | 16:04 | |
*** gyee has joined #openstack-keystone | 16:04 | |
*** ChanServ sets mode: +v gyee | 16:04 | |
*** marzif has quit IRC | 16:05 | |
*** urulama has joined #openstack-keystone | 16:05 | |
*** raildo is now known as raildo-afk | 16:08 | |
*** kiran-r has joined #openstack-keystone | 16:08 | |
openstackgerrit | Tom Cocozzello proposed openstack/keystone: Deprecate httpd/keystone.py https://review.openstack.org/221975 | 16:09 |
*** EinstCrazy has joined #openstack-keystone | 16:10 | |
*** GB21 has joined #openstack-keystone | 16:14 | |
*** ankita_wagh has joined #openstack-keystone | 16:18 | |
*** gyee has quit IRC | 16:19 | |
*** EinstCrazy has quit IRC | 16:21 | |
*** raildo-afk is now known as raildo | 16:22 | |
*** nisha has joined #openstack-keystone | 16:23 | |
*** _cjones_ has joined #openstack-keystone | 16:23 | |
*** nisha_ has quit IRC | 16:25 | |
*** jistr has quit IRC | 16:26 | |
*** jorge_munoz has quit IRC | 16:27 | |
*** gyee has joined #openstack-keystone | 16:29 | |
*** ChanServ sets mode: +v gyee | 16:29 | |
*** nisha_ has joined #openstack-keystone | 16:29 | |
*** nisha_ has quit IRC | 16:30 | |
*** lhcheng has joined #openstack-keystone | 16:31 | |
*** ChanServ sets mode: +v lhcheng | 16:31 | |
*** doug-fis_ has joined #openstack-keystone | 16:32 | |
*** doug-fish has quit IRC | 16:35 | |
*** dims__ has quit IRC | 16:38 | |
*** dims__ has joined #openstack-keystone | 16:39 | |
*** stevemar has joined #openstack-keystone | 16:42 | |
*** ChanServ sets mode: +o stevemar | 16:42 | |
*** geoffarnold has joined #openstack-keystone | 16:43 | |
*** kiranr has joined #openstack-keystone | 16:43 | |
stevemar | fun times! | 16:45 |
morgan | stevemar: join #openstack-relmgr-office | 16:46 |
*** topol has quit IRC | 16:50 | |
*** kiran-r has quit IRC | 16:52 | |
dstanek | yeah, that channel is not fun times | 16:54 |
*** ayoung has quit IRC | 16:55 | |
*** ayoung has joined #openstack-keystone | 16:55 | |
*** ChanServ sets mode: +v ayoung | 16:55 | |
*** pnavarro has quit IRC | 16:55 | |
*** mylu has joined #openstack-keystone | 16:57 | |
lbragstad | dolphm: good call on the self.time_delta move | 17:00 |
*** su_zhang has joined #openstack-keystone | 17:01 | |
*** ankita_wagh has quit IRC | 17:02 | |
*** su_zhang has quit IRC | 17:03 | |
*** su_zhang has joined #openstack-keystone | 17:03 | |
*** tonytan4ever has joined #openstack-keystone | 17:05 | |
*** pgbridge has quit IRC | 17:09 | |
*** lsmola has quit IRC | 17:14 | |
*** nisha_ has joined #openstack-keystone | 17:15 | |
*** nisha_ has quit IRC | 17:15 | |
*** nisha_ has joined #openstack-keystone | 17:16 | |
*** phalmos_ has joined #openstack-keystone | 17:16 | |
*** nisha has quit IRC | 17:19 | |
*** marzif has joined #openstack-keystone | 17:19 | |
*** phalmos has quit IRC | 17:19 | |
*** ankita_wagh has joined #openstack-keystone | 17:23 | |
*** dsirrine has joined #openstack-keystone | 17:26 | |
*** david8hu has quit IRC | 17:27 | |
*** david8hu has joined #openstack-keystone | 17:28 | |
*** fawadkhaliq has quit IRC | 17:30 | |
*** jaosorior has quit IRC | 17:30 | |
*** phalmos_ has quit IRC | 17:35 | |
*** mylu has quit IRC | 17:39 | |
*** exploreshaifali has joined #openstack-keystone | 17:40 | |
*** exploreshaifali has quit IRC | 17:41 | |
*** sileht_ has joined #openstack-keystone | 17:44 | |
gyee | jamielennox, I guess there's no way to avoid version discovery? https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/client.py#L62 | 17:44 |
*** sileht_ is now known as sileht | 17:45 | |
*** sileht has quit IRC | 17:45 | |
*** sileht has joined #openstack-keystone | 17:46 | |
*** tsymancz5k is now known as tsymanczyk | 17:51 | |
ayoung | gyee, why do you want to? | 17:52 |
gyee | ayoung, I am trying to figure out how to make discovery play nices with the VIPs | 17:54 |
gyee | I think I may've found something that works | 17:54 |
*** urulama has quit IRC | 17:55 | |
*** urulama has joined #openstack-keystone | 17:55 | |
amakarov | ayoung, hi! Shall we have implied roles? I have a vision about delegation and role hierarchy is included: https://docs.google.com/drawings/d/1GJ1i4RwPpZLsbc_LBPy8r1k-FvQj_yAIHjwq8gDgNXg/view | 17:59 |
amakarov | and do you plan to include materialized path in roles? | 18:00 |
*** dims has joined #openstack-keystone | 18:00 | |
amakarov | it will significantly simplify usage | 18:00 |
*** dims__ has quit IRC | 18:02 | |
*** marzif has quit IRC | 18:09 | |
*** phalmos has joined #openstack-keystone | 18:10 | |
dstanek | gyee: why does it not work with your vips? | 18:10 |
gyee | dstanek, long story, the way it set up right now, out internal nodes don't have access to public VIP | 18:12 |
gyee | s/out/our | 18:12 |
dstanek | gyee: so your seeing the verisons when accessed through an internal name return the public name? | 18:13 |
dstanek | ...or you're | 18:13 |
gyee | right version discovery returns the public_endpoint configured in keystone.conf | 18:14 |
jamielennox | and if you don't hardcode public_endpoint and let it figure it out from the request ? | 18:23 |
gyee | jamielennox, actually, passing "endpoint" param may do the trick | 18:25 |
gyee | pointing it to internal VIP | 18:25 |
jamielennox | gyee: interface? | 18:26 |
gyee | no, interface hasn't come into the picture yet | 18:27 |
gyee | for this particular setup, there's an public/external VIP and internal VIP | 18:28 |
*** akanksha_ has quit IRC | 18:28 | |
gyee | each VIP have multiple interfaces | 18:28 |
gyee | public, admin, and internal | 18:28 |
*** boris-42 has quit IRC | 18:29 | |
gyee | but they are served by the same keystone instances | 18:29 |
gyee | for keystone version discovery, it takes the public_endpoint or admin_endpoint configured in keystone.conf, depending on the port the request is coming in | 18:30 |
gyee | say GET *:5000/, Keystone always returns the public_endpoint, regardless whether its coming from public or internal VIP | 18:32 |
*** urulama has quit IRC | 18:34 | |
*** urulama has joined #openstack-keystone | 18:34 | |
*** su_zhang has quit IRC | 18:36 | |
*** aix has quit IRC | 18:38 | |
*** flwang has quit IRC | 18:38 | |
*** flwang has joined #openstack-keystone | 18:38 | |
*** topol has joined #openstack-keystone | 18:40 | |
*** ChanServ sets mode: +v topol | 18:40 | |
*** ngupta_ has joined #openstack-keystone | 18:44 | |
*** yottatsa has joined #openstack-keystone | 18:46 | |
*** jasondotstar is now known as jasondotstar_afk | 18:47 | |
*** ngupta has quit IRC | 18:48 | |
*** mylu has joined #openstack-keystone | 18:49 | |
*** ankita_wagh has quit IRC | 18:51 | |
*** kiranr has quit IRC | 18:52 | |
*** GB21 has quit IRC | 18:53 | |
*** e0ne has quit IRC | 18:54 | |
*** mylu has quit IRC | 18:57 | |
mordred | jamielennox: Error fetching server list: 'module' object has no attribute 'UnknownConnectionError' | 18:58 |
mordred | jamielennox: that's from: | 18:58 |
mordred | File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py", line 443, in _send_request | 18:58 |
mordred | raise exceptions.UnknownConnectionError(msg, e) | 18:58 |
*** ankita_wagh has joined #openstack-keystone | 18:59 | |
mordred | AttributeError: 'module' object has no attribute 'UnknownConnectionError' | 18:59 |
jamielennox | mordred: i have never seen that - but that's not good | 19:00 |
mordred | jamielennox: I thoughtyou might find that displeasing | 19:00 |
ayoung | mordred, could it be a case where we are mixing exceptions from two different modules | 19:00 |
ayoung | keystoneclient.exception.UnknownConnectionError versos some other library | 19:01 |
amakarov | ayoung, so roles will be targeted to endpoints too? | 19:01 |
*** stevemar has quit IRC | 19:01 | |
ayoung | amakarov, sort of...I'd say it slightly differently | 19:01 |
ayoung | amakarov, I would say instead that roles could be assigned to a user for an endpoint as well as a project | 19:02 |
ayoung | amakarov, it makes the endpoints (or regions or serivces) things that people can have different roles in managing.... | 19:02 |
ayoung | just like they do projects | 19:02 |
jamielennox | ayoung, mordred: it looks like it's a catch all exception because i didn't want RequestsExceptions escaping - why it defined something new rather than raise the base class i've no idea | 19:03 |
amakarov | ayoung, understood | 19:03 |
ayoung | amakarov, I think the normal case would be to assign a user a role on the whole catalog, but then the user only requests a token scoped to a specific endpoint to perform an administrative action | 19:04 |
amakarov | ayoung, humbly reminding about this: https://review.openstack.org/#/c/198418/ | 19:04 |
*** yottatsa has quit IRC | 19:04 | |
ayoung | amakarov, Ah, yes... | 19:04 |
amakarov | amakarov, if we manage to use it in roles it can ease searching/validation | 19:04 |
ayoung | amakarov, I'm going to edit the commit message to remove the "conflicts" but that should not invalidate gyees +2 | 19:04 |
ayoung | oh, never mind | 19:05 |
amakarov | ayoung, I was thinking about delegation for some time and the scheme is an intermediate result | 19:05 |
ayoung | amakarov, what does 'materialized' mean here | 19:06 |
amakarov | I assume hierarchies are in projects and roles | 19:06 |
ayoung | ok...I get the concept... | 19:06 |
amakarov | ayoung, it means all ancestry chain is stored in the special field | 19:06 |
amakarov | ayoung, which allows to avoid recursion in a search | 19:07 |
ayoung | amakarov, on a related note, with the implied roles, I did it as a set, and avoided cycles that way; once an element was in the set, it was not reachecked... | 19:07 |
jamielennox | mordred: easiest thing to do is just add the exception to keystoneauth - you or me? | 19:08 |
amakarov | ayoung, set doesn't preserve order | 19:08 |
morgan | oh stevemar dropped | 19:08 |
*** yottatsa has joined #openstack-keystone | 19:08 | |
morgan | that guy needs to get a ZNC bounder | 19:08 |
*** yottatsa has quit IRC | 19:08 | |
morgan | bouncer* | 19:08 |
ayoung | amakarov, and for roles, we don't care about order. But we do for HMT. | 19:08 |
*** stevemar has joined #openstack-keystone | 19:08 | |
*** ChanServ sets mode: +o stevemar | 19:08 | |
jamielennox | morgan: i can understand liking it that way | 19:08 |
morgan | stevemar: you need a znc bouncer man | 19:08 |
amakarov | ayoung, it's just a mix-in to be used when it needed ) | 19:09 |
ayoung | amakarov, all that is recorded in the databse is "parent" right? Or did you add an new field? | 19:09 |
morgan | stevemar: who is complaining about eventlet disappearing? | 19:09 |
amakarov | ayoung, it adds 'path' | 19:09 |
amakarov | ayoung, with btree index on it | 19:09 |
ayoung | amakarov, and that is there to avoid cycles? | 19:09 |
amakarov | ayoung, explicit check | 19:10 |
samueldmq | well.. and it looks like I have missed the meeting this week :( | 19:10 |
ayoung | amakarov, this is assuming the hierarchies are immutable, right? | 19:10 |
amakarov | ayoung, see def test_cyclic_reference(self) in tests | 19:10 |
dstanek | morgan: stevemar: what's the news about eventlet? | 19:11 |
ayoung | amakarov, so...what does this buy us beyond the cycle check? | 19:11 |
amakarov | ayoung, it's mutable | 19:11 |
morgan | dstanek: I'm lining up the fix for devstack for mitaka so it can land as soon as they branch tomorrow | 19:11 |
morgan | dstanek: and then shredding the stuff in keystone's tree is next | 19:11 |
ayoung | amakarov, then you need to morph the path field in multiple records, right? | 19:11 |
mordred | jamielennox: about to take off ... it's all you :) | 19:11 |
amakarov | ayoung, yes, it's done in a single update | 19:12 |
dstanek | morgan: ah, ok. i thought you were saying that we'd have to keep it for another cycle | 19:12 |
ayoung | amakarov, testing that will be tricky | 19:12 |
morgan | dstanek: no, stevemar was saying someone didn't want it to disappear | 19:12 |
bknudson | morgan: you'll probably need to mess with grenade too | 19:14 |
amakarov | ayoung, can you please review the CR and tell what tests are needed there besides those already present? | 19:14 |
morgan | bknudson: likely | 19:14 |
morgan | bknudson: or maybe not | 19:14 |
ayoung | amakarov, so, the implied roles thing...think you can build the unified delegation spec on that? | 19:14 |
morgan | we will see | 19:15 |
morgan | https://review.openstack.org/#/c/229112/ | 19:15 |
*** doug-fis_ is now known as doug-fish | 19:15 | |
bknudson | I'm going to have to figure out how to debug keystone in apache | 19:16 |
*** nisha_ has quit IRC | 19:16 | |
morgan | bknudson: you can run the wsgi files directly | 19:16 |
morgan | as wsgiref | 19:16 |
amakarov | ayoung, I want it on bleeding edge, so yes - I will present at least some pictures :) With a spec, of course | 19:16 |
ayoung | bknudson, rpdb works fine for that | 19:16 |
morgan | and I plan on making uwsgi versions part of devstack base | 19:16 |
ayoung | bknudson, http://adam.younglogic.com/2015/02/debugging-openstack-with-rpdb/ | 19:16 |
morgan | which you can run isolated. | 19:16 |
bknudson | I will try all these methods | 19:17 |
morgan | bknudson: ^_^ | 19:17 |
ayoung | amakarov, when determining what role a user can delegate, it should look first at the explicit set of roles, and then walk the implicit | 19:17 |
amakarov | ayoung, it looks like a big change though, I want it fast to be capable of handling workflow with short living tokens | 19:17 |
bknudson | ayoung: when you run with rpdb do you set up apache differently? (so that it only runs one thread?) | 19:17 |
ayoung | amakarov, this is upon assignment | 19:18 |
gyee | bknudson, ayoung's rpdb setup was super helpful, works nicely with Apache | 19:18 |
ayoung | bknudson, nope | 19:18 |
ayoung | bknudson, only the first thread to hit the breakpoint succeeds | 19:18 |
morgan | ayoung: rpdb is also fantastic | 19:18 |
amakarov | ayoung, with MP it can be done in a single request | 19:19 |
ayoung | you need to free up the socket in order for some other breakpoint to trigger it. You can have rpdb listen on multiple sockets, if you really want | 19:19 |
ayoung | amakarov, only problem is that roles are not a strict hierarchy | 19:19 |
ayoung | its a dag | 19:20 |
ayoung | although , tbh, acyclic is not realy a constraint. | 19:20 |
openstackgerrit | Jamie Lennox proposed openstack/keystoneauth: Add UnknownConnectionError to __all__ https://review.openstack.org/229114 | 19:20 |
amakarov | ayoung, afaik there is no effective way to traverse generic web... | 19:21 |
amakarov | ayoung, ok, I'll double-check the spec and think what can be done with it, thanks for update | 19:23 |
*** amakarov is now known as amakarov_away | 19:23 | |
ayoung | amakarov, I guess we could make it a straight hierarchy and use MP if performance was an issue. I was not aware of the MP code when I got the Implied roles code working | 19:23 |
ayoung | amakarov_away, https://github.com/admiyo/keystone/tree/implied_roles | 19:24 |
*** wwwjfy_ has quit IRC | 19:24 | |
morgan | richm: ping - re puppet things | 19:27 |
amakarov_away | ayoung, I'll work with what is implemented already | 19:27 |
amakarov_away | ayoung, I'm brewing a concept - not implementation yet ) | 19:28 |
*** diegows has joined #openstack-keystone | 19:31 | |
richm | morgan: pong | 19:34 |
morgan | richm: so i wanted to just quickly voice the concern re the delimiter/composite bits in puppet discussion | 19:35 |
morgan | richm: since all the values/names could contain them at any point/anywhere | 19:35 |
richm | morgan: ok | 19:35 |
morgan | richm: but before trying to bring it up on the ML, I wanted to see if I was missing some key bit | 19:36 |
morgan | but a domain name can be hi::my::name::is::joe as could a user's name | 19:36 |
richm | right | 19:36 |
morgan | so joe::user@company::otherthing | 19:36 |
morgan | that could be a username | 19:36 |
richm | We are trying to work out a way that we can use puppet without relying on any delimiters | 19:36 |
* morgan nods | 19:36 | |
richm | but note that puppet-keystone already uses "@" as a delimiter in some cases | 19:37 |
morgan | just wanted to make sure that there was a clear "this is really important" | 19:37 |
richm | and has been doing that for quite some time | 19:37 |
morgan | that is horrible and should be fixed.. @ is one of the worse choices, :: less bad | 19:37 |
richm | Yes, understood. Any delimiter is going to be problematic | 19:37 |
morgan | richm: cool. just wanted to check to make sure you were aware | 19:37 |
morgan | because i am concerned the puppet modules are writing themselves into a corner where they wont be useful in a number (not majority, but still enough places) | 19:38 |
richm | morgan: Yes, that is one of the primary motivations for the current openstack-dev email thread about this subject | 19:38 |
morgan | richm: cool! | 19:38 |
morgan | richm: yay~ | 19:38 |
morgan | richm: :) :) | 19:38 |
morgan | ok thats all | 19:38 |
* morgan lets the convo continue then. | 19:38 | |
crinkle | puppet needs to use a name as an identifier, so we've just gone ahead and said "if you're using puppet and you're using keystone then we're imposing extra naming restrictions that keystone doesn't care about, sorry" | 19:38 |
richm | morgan: Ok. Let me know if you have any more questions about it. | 19:38 |
*** gyee has quit IRC | 19:38 | |
*** sileht has quit IRC | 19:39 | |
richm | So if the user is "writing themselves into a corner" they won't be able to use puppet | 19:39 |
morgan | crinkle: i think thats fine. just as long as the real info that is used is not subjected in the same manner | 19:39 |
morgan | crinkle: or wait. | 19:39 |
morgan | crinkle: eh | 19:39 |
morgan | crinkle: sure. | 19:40 |
*** pgbridge has joined #openstack-keystone | 19:40 | |
morgan | richm: more concern is if a user already wrote themselves into a corner and is trying to automate with puppet afterwards | 19:41 |
morgan | not an uncommon scenario | 19:41 |
morgan | but eh. | 19:42 |
morgan | if I had to pick a delimiter, it would be '::' not '@' fwiw | 19:42 |
richm | No matter what we do with puppet, there may be situations where it will be difficult if not impossible to satisfy certain deployments | 19:42 |
richm | I'm trying to figure out a way so that we don't have to rely on delimiters | 19:42 |
richm | or at least, to not rely on delimiters so much | 19:43 |
morgan | richm: i think :: is less problematic if a delimiter is needed... *or* at least let them specify a delemiter override | 19:43 |
richm | ok | 19:43 |
morgan | but yeah no delimiter would be best | 19:43 |
morgan | but i get that sometimes you can't make that happen | 19:43 |
richm | with puppet, you _must_ uniquely name things - sometimes using a delimiter is the only way to do that | 19:44 |
morgan | richm: so simple order of preference 1) No delim, 2) :: with the ability to provide a delim override, 3) ::, 4) anything else | 19:44 |
richm | ok | 19:44 |
morgan | and yeah most CMS needs unique names | 19:45 |
*** sileht has joined #openstack-keystone | 19:45 | |
richm | puppet-keystone must support "@" for keystone_user_role for at least a couple more releases | 19:45 |
morgan | i just typically name them something "interesting" when I built things and require all the real meat of values to come under the name | 19:45 |
richm | there's really no way around that in order to preserve backwards compatibility/sanity | 19:45 |
morgan | so the name is unique but otherwise un-used | 19:45 |
morgan | richm: oh i wouldn't suggest breaking anyone, just providing a better solution forward looking :) | 19:46 |
richm | morgan: Yeah, that's what I'm trying to do | 19:46 |
morgan | richm: awesome. anyway sounds like we're on the same page. | 19:46 |
richm | I mean, allow the operator to give an object an "interesting" unique name, and rely on the actual real properties of the object to ensure its uniqueness | 19:47 |
morgan | ++ | 19:47 |
morgan | yes | 19:47 |
morgan | best approach | 19:47 |
*** nisha_ has joined #openstack-keystone | 19:47 | |
*** sileht has quit IRC | 19:47 | |
morgan | but if the general community wants a delim used, you've seen my recommendations to make life as easy/least painful | 19:48 |
*** sileht has joined #openstack-keystone | 19:48 | |
*** ngupta has joined #openstack-keystone | 19:48 | |
richm | morgan: ok | 19:48 |
morgan | [if I could fix keystone instead I'd also aim to do that and carve out explicitly banned characters from the "names"] | 19:48 |
*** nisha_ has quit IRC | 19:48 | |
morgan | explicitly defined delimiters would have been useful | 19:49 |
richm | yeah, but quite difficult to accommodate all those identity sources in practice | 19:49 |
morgan | i might make a push to make it so anything in a fixed set of delims is escaped | 19:49 |
richm | yeah, that could work | 19:50 |
morgan | so if "@" appears in the username, it becomes "name\@" | 19:50 |
morgan | or make the delims explicitly escaped | 19:50 |
*** tonytan4ever has quit IRC | 19:50 | |
*** wwwjfy_ has joined #openstack-keystone | 19:50 | |
morgan | if someone names their project name\@thing\@stuff@\@ i'm going to facepalm | 19:51 |
morgan | fwiw | 19:51 |
*** tonytan4ever has joined #openstack-keystone | 19:51 | |
morgan | ooh i know | 19:51 |
morgan | I am totally going to use the ANSI bell character for a delimiter | 19:51 |
morgan | *shiftyeyes* | 19:51 |
crinkle | ha | 19:52 |
lbragstad | stevemar: marekd around? | 19:52 |
* richm hands morgan a <BLINK> tag | 19:52 | |
lbragstad | I have a question on federation token responses. | 19:53 |
morgan | richm: the perfect delimiter: ಠ_ಠ | 19:53 |
richm | morgan: +1 | 19:54 |
morgan | crinkle: ^ | 19:54 |
lbragstad | stevemar: when we get an unscoped token using a username and password in keystone, the methods returned in that unscoped response is ['password'] | 19:54 |
morgan | can we just go with that. I thnk it'd be safe to say ಠ_ಠ can't be used in project names or domains or user names (not the individual characters, the combination) | 19:54 |
lbragstad | when we rescope that token to a project, the methods returned in the project scoped response are ['password', 'token'] | 19:54 |
lbragstad | for federation, when we get an unscoped token, the method list is ['saml2'], but when we rescope that unscoped token to a project, the project response only contains ['saml2'] as the method | 19:55 |
lbragstad | I'm wondering if that is by design or if that is an inconsistency in the federation API | 19:55 |
*** geoffarnold has quit IRC | 19:55 | |
*** topol has quit IRC | 19:56 | |
bknudson | lbragstad: I don't think that's working correctly | 19:57 |
openstackgerrit | Lance Bragstad proposed openstack/keystone: Expose method list inconsistency in federation api https://review.openstack.org/229125 | 19:57 |
lbragstad | bknudson: I amended a test to expose it.. | 19:57 |
lbragstad | bknudson: ^ | 19:57 |
*** su_zhang has joined #openstack-keystone | 20:00 | |
*** csoukup has quit IRC | 20:00 | |
lbragstad | stevemar: marekd documented here - https://bugs.launchpad.net/keystone/+bug/1501032 | 20:07 |
openstack | Launchpad bug 1501032 in Keystone "incorrect method list is returned when scoping tokens with federation" [Undecided,New] | 20:07 |
*** ayoung has quit IRC | 20:09 | |
*** diegows has quit IRC | 20:09 | |
*** e0ne has joined #openstack-keystone | 20:14 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone-specs: Clarify documentation about scope https://review.openstack.org/224792 | 20:15 |
*** diegows has joined #openstack-keystone | 20:22 | |
*** stevemar has quit IRC | 20:25 | |
*** ayoung has joined #openstack-keystone | 20:25 | |
*** ChanServ sets mode: +v ayoung | 20:25 | |
lbragstad | dstanek: for https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:fix-endpoint-filtering-docs,n,z if https://review.openstack.org/#/c/167675/30 gets in, does it even make sense to improve those docs? | 20:28 |
*** dims has quit IRC | 20:28 | |
*** stevemar has joined #openstack-keystone | 20:29 | |
*** ChanServ sets mode: +o stevemar | 20:29 | |
*** dims has joined #openstack-keystone | 20:29 | |
dstanek | lbragstad: probably not, but the fact that filtering can still happen should be documented somewhere | 20:29 |
lbragstad | dstanek: the endpoint filtering extension will then be in the default sql driver, so you shouldn't have to worry about adding it to the pipeline | 20:29 |
*** svasheka has quit IRC | 20:30 | |
lbragstad | dstanek: ++ agreed, the endpoint filtering docs should be collapsed somewhere? or should we just document the behavior in the current endpoint filtering docs and remove the references to the pipeline. Instead, point to the config file changes required? | 20:30 |
dstanek | oh, wow. yeah i thought that would have said how to use filtering :-) | 20:30 |
stevemar | bknudson: use rpdb? | 20:32 |
stevemar | dstanek: morgan yeah, someone from bluebox was telling me "oh god no!" when i said we were going to remove eventlet in favor of apache | 20:33 |
dstanek | stevemar: really, why? | 20:33 |
stevemar | dstanek: something about containerizing services and how it's better performance with eventlet | 20:34 |
*** mylu has joined #openstack-keystone | 20:34 | |
*** diegows has quit IRC | 20:34 | |
*** svasheka has joined #openstack-keystone | 20:34 | |
stevemar | dstanek: and apache being harder to configure within a container service | 20:34 |
dstanek | i don't buy harder to configure. but i can see the perf arg. | 20:35 |
dstanek | they should use uwsgi then | 20:35 |
lbragstad | dstanek: I updated https://review.openstack.org/#/c/167675/ with a comment | 20:37 |
lbragstad | dstanek: make sense if I abandon my patches to the docs | 20:37 |
lbragstad | ? | 20:37 |
*** mylu has quit IRC | 20:42 | |
morgan | stevemar: uh. no. | 20:42 |
*** mylu has joined #openstack-keystone | 20:43 | |
morgan | stevemar: this is why uwsgi would be my choice there | 20:43 |
morgan | stevemar: there are alternatives... eventlet is a trainwreck and needs to die | 20:43 |
morgan | so i stand by the "lets kill eventlet" | 20:43 |
morgan | if they need a multi-process-like non-web-server backed (meaning no federation) thing | 20:43 |
morgan | uwsgi will do it better than eventlet | 20:44 |
morgan | and be about as hard to configure/run as eventlet | 20:44 |
bknudson | .tox/py27/bin/uwsgi --http :5000 --wsgi-file .tox/py27/bin/keystone-wsgi-admin | 20:46 |
morgan | bknudson: pretty much | 20:46 |
morgan | will even do SSL if you want | 20:46 |
morgan | and multi processor | 20:46 |
*** mylu has quit IRC | 20:47 | |
morgan | bknudson: there is one other option to make it do standalone HTTP | 20:47 |
morgan | bknudson: but exactly that | 20:48 |
*** su_zhang has quit IRC | 20:48 | |
bknudson | I wonder what thunder lock is. | 20:50 |
bknudson | sounds cool | 20:50 |
*** su_zhang has joined #openstack-keystone | 20:50 | |
bknudson | mule farms, emperors, vassals. | 20:55 |
morgan | bknudson: yeah I had to go look to see wtf Thunder Lock was | 20:56 |
morgan | it's basically a way to prevent thundering herd | 20:57 |
morgan | but.. amuuuuuuuzing | 20:57 |
morgan | :) | 20:57 |
morgan | also: | 20:58 |
morgan | uWSGI docs sucks: –thunder-lock | 20:58 |
morgan | Michael Hood (you will find his name in the comments of David’s post, too) signalled the problem in the uWSGI mailing-list/issue tracker some time ago, he even came out with an initial patch that ended with the --thunder-lock option (this is why open-source is better ;) | 20:58 |
morgan | --thunder-lock is available since uWSGI 1.4.6 but never got documentation (of any kind) | 20:58 |
morgan | Only the people following the mailing-list (or facing the specific problem) know about it. | 20:58 |
bknudson | it's mentioned when you start the binary | 20:58 |
*** woodster_ has quit IRC | 20:59 | |
*** diazjf has left #openstack-keystone | 21:02 | |
morgan | stevemar: come to #openstack-meetingh | 21:03 |
morgan | stevemar (no h) | 21:03 |
morgan | stevemar: it's meeting time | 21:03 |
stevemar | morgan: yep, its in my calendar now | 21:03 |
*** jsavak has quit IRC | 21:08 | |
*** raildo is now known as raildo-afk | 21:10 | |
*** spandhe has joined #openstack-keystone | 21:15 | |
*** geoffarnold has joined #openstack-keystone | 21:15 | |
*** henrynash has joined #openstack-keystone | 21:17 | |
*** ChanServ sets mode: +v henrynash | 21:17 | |
*** lhcheng has quit IRC | 21:22 | |
openstackgerrit | Merged openstack/keystoneauth: Add UnknownConnectionError to __all__ https://review.openstack.org/229114 | 21:28 |
*** henrynash has quit IRC | 21:28 | |
*** ayoung has quit IRC | 21:29 | |
*** phalmos has quit IRC | 21:30 | |
*** e0ne has quit IRC | 21:38 | |
*** harlowja has quit IRC | 21:40 | |
*** harlowja has joined #openstack-keystone | 21:40 | |
samueldmq | dstanek: ping - about https://review.openstack.org/#/c/212006 | 21:42 |
*** urulama has quit IRC | 21:49 | |
*** urulama has joined #openstack-keystone | 21:49 | |
*** jsavak has joined #openstack-keystone | 21:52 | |
*** devlaps has joined #openstack-keystone | 21:52 | |
*** geoffarnold has quit IRC | 21:52 | |
*** zzzeek has quit IRC | 21:52 | |
*** geoffarnold has joined #openstack-keystone | 21:55 | |
openstackgerrit | Jamie Lennox proposed openstack/keystonemiddleware: Use request helpers for token_info/token_auth https://review.openstack.org/229161 | 21:58 |
*** gyee has joined #openstack-keystone | 21:59 | |
*** ChanServ sets mode: +v gyee | 21:59 | |
*** hrou has quit IRC | 22:00 | |
*** zzzeek has joined #openstack-keystone | 22:01 | |
*** mylu has joined #openstack-keystone | 22:01 | |
*** gordc has quit IRC | 22:05 | |
*** tonytan_brb has joined #openstack-keystone | 22:10 | |
*** boris-42 has joined #openstack-keystone | 22:12 | |
*** lhcheng has joined #openstack-keystone | 22:13 | |
*** ChanServ sets mode: +v lhcheng | 22:13 | |
*** tonytan4ever has quit IRC | 22:14 | |
stevemar | bknudson: you gonna bail this one: https://review.openstack.org/#/c/224888/ documenting token format? | 22:17 |
*** sigmavirus24 is now known as sigmavirus24_awa | 22:19 | |
*** jsavak has quit IRC | 22:21 | |
*** ankita_wagh has quit IRC | 22:25 | |
*** tonytan_brb has quit IRC | 22:27 | |
*** slberger has left #openstack-keystone | 22:31 | |
*** tonytan4ever has joined #openstack-keystone | 22:33 | |
*** stevephone has joined #openstack-keystone | 22:38 | |
*** stevemar has quit IRC | 22:38 | |
*** stevephone is now known as stevemar | 22:38 | |
stevemar | Test | 22:39 |
*** stevemar is now known as stevephone | 22:39 | |
*** stevephone has quit IRC | 22:41 | |
*** ankita_wagh has joined #openstack-keystone | 22:41 | |
openstackgerrit | Samuel de Medeiros Queiroz proposed openstack/keystone: Fixes query.one() return usage in endpoint-policy https://review.openstack.org/208609 | 22:44 |
openstackgerrit | Samuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for endpoint policy SQL driver https://review.openstack.org/212006 | 22:44 |
samueldmq | dstanek: ^ concerns addressed, thanks for the reviews | 22:45 |
*** zzzeek has quit IRC | 22:46 | |
*** ayoung has joined #openstack-keystone | 22:49 | |
*** ChanServ sets mode: +v ayoung | 22:49 | |
*** alejandrito has quit IRC | 22:56 | |
*** ngupta has quit IRC | 22:57 | |
*** ngupta_ has quit IRC | 22:57 | |
*** su_zhang has quit IRC | 22:58 | |
*** geoffarnold is now known as geoffarnoldX | 23:00 | |
*** spandhe has quit IRC | 23:01 | |
*** browne has quit IRC | 23:05 | |
*** browne has joined #openstack-keystone | 23:05 | |
dstanek | samueldmq: oh, nice. thx | 23:06 |
*** su_zhang has joined #openstack-keystone | 23:06 | |
*** geoffarnoldX is now known as geoffarnold | 23:06 | |
*** tonytan4ever has quit IRC | 23:16 | |
*** dims_ has joined #openstack-keystone | 23:19 | |
*** dims has quit IRC | 23:22 | |
*** su_zhang has quit IRC | 23:24 | |
*** su_zhang has joined #openstack-keystone | 23:24 | |
*** spandhe has joined #openstack-keystone | 23:25 | |
*** geoffarnold has quit IRC | 23:26 | |
*** geoffarnold has joined #openstack-keystone | 23:27 | |
*** hrou has joined #openstack-keystone | 23:29 | |
*** sdake_ has quit IRC | 23:30 | |
*** sdake has joined #openstack-keystone | 23:30 | |
*** dims_ has quit IRC | 23:31 | |
*** dims_ has joined #openstack-keystone | 23:32 | |
*** flaper87 has quit IRC | 23:32 | |
*** esp has quit IRC | 23:32 | |
*** charz has quit IRC | 23:32 | |
*** htruta has quit IRC | 23:32 | |
*** tjcocozz has quit IRC | 23:32 | |
*** tristanC has quit IRC | 23:32 | |
*** htruta` has joined #openstack-keystone | 23:32 | |
*** flaper87 has joined #openstack-keystone | 23:32 | |
*** tristanC has joined #openstack-keystone | 23:33 | |
*** _cjones_ has quit IRC | 23:33 | |
*** marekd has quit IRC | 23:33 | |
*** albertom has quit IRC | 23:33 | |
*** brad[] has quit IRC | 23:33 | |
*** marekd has joined #openstack-keystone | 23:33 | |
*** albertom has joined #openstack-keystone | 23:33 | |
*** tjcocozz has joined #openstack-keystone | 23:33 | |
*** charz has joined #openstack-keystone | 23:34 | |
*** _cjones_ has joined #openstack-keystone | 23:35 | |
*** esp has joined #openstack-keystone | 23:38 | |
*** edmondsw has quit IRC | 23:41 | |
*** sdake has quit IRC | 23:44 | |
*** sdake_ has joined #openstack-keystone | 23:44 | |
*** sdake_ is now known as sdake | 23:45 | |
*** mylu has quit IRC | 23:52 | |
*** mylu has joined #openstack-keystone | 23:57 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!