Friday, 2015-11-20

*** EinstCrazy has joined #openstack-keystone		00:01
*** markvoelker has quit IRC		00:01
*** mylu has quit IRC		00:02
*** roxanaghe has joined #openstack-keystone		00:02
RichardRaseley	OK, so I realize that --os-project-id isn't a valid arg, so I changed to --os-tenant-id and I did get a catalog!	00:02
*** mylu has joined #openstack-keystone		00:02
stevemar_	RichardRaseley: hooray!	00:03
RichardRaseley	BUT! On neutronclient when I pass --os-tenant-id instead of --os-project-id I get a 500 error vs a empty catalog error.	00:03
RichardRaseley	Now to debug that once again.	00:03
*** bapalm has quit IRC		00:03
*** bapalm has joined #openstack-keystone		00:04
openstackgerrit	Deepti Ramakrishna proposed openstack/keystone: Reject user creation using admin token without domain https://review.openstack.org/196942	00:04
*** mylu_ has joined #openstack-keystone		00:04
*** mylu has quit IRC		00:05
gyee	RichardRaseley, 500 usually yield a nice looking traceback in keystone server log	00:06
RichardRaseley	gyee shaleh OK, the behavior is different when using --os-tenant-id vs. --os-project-id. I thought those were treated the same, just new terminology. http://paste.openstack.org/show/479513/	00:06
RichardRaseley	gyee : Let me enable debug and bounce services.	00:07
gyee	RichardRaseley, we need to log a bug, project_id and tenant_id are supposed to be interchangeable	00:07
gyee	RichardRaseley, that 500 is coming from Neutron	00:08
gyee	not Keystone	00:09
gyee	looks like you got the right token from keystone	00:09
RichardRaseley	gyee: That would make sense. But that is so odd that I get different results from passing tenant id vs project id, just validated again.	00:10
gyee	so we have two issues	00:10
RichardRaseley	(500 from neutron vs empty catalog, respectively)	00:10
gyee	1) inconsistency between project_id and tenant_id, that's a bug on neutronclient/keystoneclient	00:10
RichardRaseley	Sure, which is good in part because it reduces the amount of crazy I view myself as being.	00:10
gyee	2) 500 from Neutron	00:10
RichardRaseley	How can I help with #1?	00:10
gyee	for #1, we need to log a bug against neutronclient	00:11
RichardRaseley	These are RDO Kilo packages on CentOS 7. neutronclient 3.1.0 and keystoneclient 1.8.1	00:11
*** EinstCrazy has quit IRC		00:12
gyee	RichardRaseley, looking at the neutronclient code, it seem auth_project_id is being ignored no matter what	00:13
RichardRaseley	gyee: Is that... right?	00:13
RichardRaseley	(guessing no?)	00:13
shaleh	ok, I have one +2 who wants to kick this down the pipe? https://review.openstack.org/#/c/247257	00:14
RichardRaseley	That would explain the behavior as if it were an unscoped token (because it was)	00:14
*** fangxu has quit IRC		00:14
RichardRaseley	gyee shaleh stevemar_ : Really appreciate the help you folks gave me on this issue. Thank you.	00:16
*** aginwala has quit IRC		00:17
shaleh	RichardRaseley: hopefully you learned something	00:17
gyee	RichardRaseley, you're welcome, time to log a bug for neutronclient :)	00:17
RichardRaseley	I learned at least one thing.	00:17
RichardRaseley	Now on to my Neutron 500 errors. Yeeehaw!!!	00:18
* shaleh points RichardRaseley to #openstack-neutron :-)		00:18
* RichardRaseley tips fedora		00:18
*** navid_ has joined #openstack-keystone		00:19
shaleh	bknudson_'s patch could use a kick two. We need to get them over with so we can get the merge conflicts out of the way. https://review.openstack.org/#/c/237205/	00:19
shaleh	s/two/too/	00:19
shaleh	bah	00:19
*** davechen1 has left #openstack-keystone		00:20
*** mylu_ has quit IRC		00:20
*** mylu has joined #openstack-keystone		00:21
*** ninag has joined #openstack-keystone		00:21
*** ninag has quit IRC		00:22
*** navid_ has quit IRC		00:23
*** mylu_ has joined #openstack-keystone		00:24
*** mylu has quit IRC		00:25
*** jamielennox\|away is now known as jamielennox		00:32
openstackgerrit	Merged openstack/oslo.policy: Updated from global requirements https://review.openstack.org/247140	00:38
*** mylu_ has quit IRC		00:40
*** fangxu has joined #openstack-keystone		00:46
jamielennox	mordred notmorgan what would this task manager do?	00:47
samueldmq	lbragstad: ping, you around ?	00:47
notmorgan	jamielennox: i'll have more info next week but it seems like a tracing/profiling and it could do proactive ratelimiting	00:47
notmorgan	but the former is more interesting, but no-op if not provided	00:47
jamielennox	Any reason to not just wrap requests.Session and pass it in?	00:48
jamielennox	What's the interaction with ksa session?	00:48
notmorgan	jamielennox: let me get more info next week and we shall see?	00:49
jamielennox	Alright	00:49
notmorgan	jamielennox: mordred might be able to provide more now, but in either case i'll be looking at it closely when in nyc	00:50
jamielennox	No rush, i was just wondering what you were trying to do and see if i know a way to solve it today	00:50
openstackgerrit	zouyee proposed openstack/keystone: notification.Audit.update needed to be changed from service_id to ref['id'] https://review.openstack.org/247324	00:53
*** zouyee has joined #openstack-keystone		00:54
*** aginwala has joined #openstack-keystone		00:59
*** RichardRaseley has quit IRC		01:01
*** EinstCrazy has joined #openstack-keystone		01:01
openstackgerrit	Sean Perry proposed openstack/keystone: Minor cleanups for usage of group refs https://review.openstack.org/247865	01:04
*** mylu has joined #openstack-keystone		01:09
*** markvoelker has joined #openstack-keystone		01:17
*** shaleh has quit IRC		01:18
*** markvoelker has quit IRC		01:22
*** zqfan is now known as zqfan_AFK		01:27
*** miyagishi_t has joined #openstack-keystone		01:37
*** mylu has quit IRC		01:38
*** daemontool_ has quit IRC		01:41
*** daemontool_ has joined #openstack-keystone		01:42
*** exploreshaifali has quit IRC		01:42
*** mylu has joined #openstack-keystone		01:44
*** markvoelker has joined #openstack-keystone		01:50
openstackgerrit	zouyee proposed openstack/keystone: notification.Audit.update needed to be changed from service_id to ref['id'] https://review.openstack.org/247324	01:51
*** lhcheng has quit IRC		01:54
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Add caching to role assignments https://review.openstack.org/215715	01:55
*** aginwala has quit IRC		01:58
samueldmq	lbragstad: dolphm: ^ I added the missing bits; I see it now as good to go (for improving token creation time) :)	01:58
dolphm	samueldmq: awesome!	01:59
*** davechen has joined #openstack-keystone		02:08
*** aginwala has joined #openstack-keystone		02:08
*** aginwala has quit IRC		02:11
*** mylu has quit IRC		02:12
*** jerrygb has quit IRC		02:14
openstackgerrit	Merged openstack/keystone: Manager support for projects acting as domains https://review.openstack.org/213448	02:15
*** aginwala has joined #openstack-keystone		02:15
*** davechen1 has joined #openstack-keystone		02:18
notmorgan	dolphm: oh hai	02:19
dolphm	notmorgan: o/	02:19
notmorgan	dolphm: how goes?	02:20
* notmorgan is slowly being unburntout		02:20
openstackgerrit	Merged openstack/python-keystoneclient: Swap the order of username deprecation https://review.openstack.org/247574	02:20
notmorgan	very slowly... but def feeling better. also PDX > LA :P	02:21
dolphm	notmorgan: good to hear! i'm getting 4+ keystone devs up to speed!	02:21
dolphm	notmorgan: did you move?!	02:21
notmorgan	dolphm: ooh so you have minions?!	02:21
*** davechen has quit IRC		02:21
dolphm	notmorgan: not really. they're all from intel	02:21
notmorgan	dolphm: yah. last weekend drove up to my new home	02:21
dolphm	notmorgan: not sure if you saw the keynote on OSIC, but they're all working as part of that	02:22
notmorgan	yah I saw it	02:22
notmorgan	cool stuff.	02:22
dolphm	actually, 5 - i haven't met the 5th yet	02:23
*** jerrygb has joined #openstack-keystone		02:24
*** mylu has joined #openstack-keystone		02:31
*** mylu has quit IRC		02:32
*** mylu has joined #openstack-keystone		02:35
*** mylu has quit IRC		02:38
*** mylu has joined #openstack-keystone		02:38
*** dims_ has quit IRC		02:39
*** topol has joined #openstack-keystone		02:42
*** ChanServ sets mode: +v topol		02:42
*** mylu has quit IRC		02:43
*** mylu has joined #openstack-keystone		02:44
*** aginwala has quit IRC		02:45
openstackgerrit	Dave Chen proposed openstack/keystone: Remove core module from the legacy endpoint_filter extension https://review.openstack.org/247885	02:46
*** topol has quit IRC		02:46
*** aginwala has joined #openstack-keystone		02:48
*** aginwala has quit IRC		02:48
stevemar_	gyee: thanks for reviewing specs!	02:52
stevemar_	dolphm: push this patch through? https://review.openstack.org/#/c/237205/	02:54
*** woodster_ has quit IRC		02:59
*** fawadkhaliq has joined #openstack-keystone		03:08
*** jasonsb has joined #openstack-keystone		03:09
*** fangxu has quit IRC		03:10
openstackgerrit	zouyee proposed openstack/keystone: notification.Audit.update needed to be changed from service_id to ref['id'] https://review.openstack.org/247324	03:19
*** edmondsw has quit IRC		03:19
*** dims has joined #openstack-keystone		03:21
*** mylu_ has joined #openstack-keystone		03:22
*** mylu has quit IRC		03:22
gyee	stevemar_, get my reviews in before next week, I'll be take most of next week off	03:28
stevemar_	gyee: slacking as usual!	03:28
stevemar_	gyee: :)	03:28
gyee	hahah	03:28
stevemar_	gyee: thanksgiving is so huge in the states!	03:28
openstackgerrit	Dave Chen proposed openstack/keystone: Update docs for legacy keystone extensions https://review.openstack.org/247900	03:29
stevemar_	it's barely a blip on the radar up north	03:29
gyee	stevemar_, yeah, give us excuse to spend more time with the family	03:29
stevemar_	davechen1: yessssssssssss thanks for that	03:29
gyee	I am not a fan if turkey though	03:29
*** davechen1 is now known as davechen		03:29
davechen	pls review, gentlemen	03:29
gyee	dstanek, that you? http://thebiglead.com/2015/11/06/browns-fan-re-purposes-trent-richardson-jersey-by-removing-four-letters/	03:30
davechen	gyee: what's your for the vacation?	03:30
stevemar_	davechen: i was going to start doing that, but i'm glad you did :)	03:30
davechen	stevemar_: i am not quite sure about the grammer.	03:31
gyee	davechan, house projects	03:31
stevemar_	davechen: that's fine, i appreciate the effort	03:31
davechen	gyee: that must be funny :)	03:31
davechen	stevemar_: i am also just doing my job. :)	03:31
stevemar_	davechen: i was thinking we could wrap all those under configuration.rst http://docs.openstack.org/developer/keystone/configuration.html	03:31
davechen	stevemar_: i agree.	03:32
gyee	if dstanek were that jersey, I would hate to sit in front of him :)	03:32
gyee	s/were/ware/	03:32
*** roxanaghe has quit IRC		03:32
davechen	little info is needed in these docs.	03:32
davechen	gyee: what's the story behind this?	03:34
openstackgerrit	ayoung proposed openstack/keystone-specs: Correct unscoped token request layout https://review.openstack.org/158791	03:34
gyee	davechen, sucks to be a browns fan these days	03:36
davechen	gyee: :)	03:36
gyee	davechen, I live in the bay area now, same thing happen to the Oakland A's fan, they have to re-purpose they jerseys every year	03:37
davechen	how long you live in bay area?	03:37
openstackgerrit	ayoung proposed openstack/keystone-specs: Correct unscoped token request layout https://review.openstack.org/158791	03:38
gyee	davechen, 15 years	03:39
*** gyee has quit IRC		04:00
*** fawadkhaliq has quit IRC		04:01
*** topol has joined #openstack-keystone		04:03
*** ChanServ sets mode: +v topol		04:03
*** dave-mccowan has quit IRC		04:07
*** swebb has quit IRC		04:07
*** telemons1er has quit IRC		04:08
*** telemonster has joined #openstack-keystone		04:08
*** trey has quit IRC		04:08
*** EmilienM has quit IRC		04:08
*** EmilienM has joined #openstack-keystone		04:10
*** trey has joined #openstack-keystone		04:11
*** swebb has joined #openstack-keystone		04:12
*** topol has quit IRC		04:28
*** dims has quit IRC		04:36
*** gildub has quit IRC		04:36
*** richm has quit IRC		04:45
*** fangxu has joined #openstack-keystone		04:47
*** mylu_ has quit IRC		04:47
*** ajaya has joined #openstack-keystone		04:55
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements https://review.openstack.org/247113	04:55
*** daemontool_ has quit IRC		04:58
*** daemontool_ has joined #openstack-keystone		04:58
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/247154	04:59
*** fawadkhaliq has joined #openstack-keystone		04:59
*** fawadkhaliq has quit IRC		05:00
*** fawadk has joined #openstack-keystone		05:00
*** mylu has joined #openstack-keystone		05:24
*** mylu has quit IRC		05:25
*** mylu has joined #openstack-keystone		05:26
*** fangxu has quit IRC		05:26
*** mylu has quit IRC		05:27
*** mylu has joined #openstack-keystone		05:28
*** jerrygb has quit IRC		05:29
*** stevemar_ has quit IRC		05:34
*** stevemar_ has joined #openstack-keystone		05:35
*** ChanServ sets mode: +o stevemar_		05:35
*** stevemar_ has quit IRC		05:38
*** mylu has quit IRC		05:39
*** davechen has left #openstack-keystone		05:44
*** jbell8 has quit IRC		05:49
*** mylu has joined #openstack-keystone		05:57
*** Nirupama has joined #openstack-keystone		06:05
*** aginwala has joined #openstack-keystone		06:07
*** mylu has quit IRC		06:12
*** mylu has joined #openstack-keystone		06:12
*** jasonsb has quit IRC		06:14
*** mylu has quit IRC		06:18
*** roxanaghe has joined #openstack-keystone		06:18
*** jasonsb has joined #openstack-keystone		06:19
*** jasonsb has quit IRC		06:21
openstackgerrit	zouyee proposed openstack/keystone: notification.Audit.update needed to be changed from service_id to ref['id'] https://review.openstack.org/247324	06:29
*** rcernin has joined #openstack-keystone		06:30
*** jerrygb has joined #openstack-keystone		06:30
*** jerrygb has quit IRC		06:36
*** jbell8 has joined #openstack-keystone		07:00
*** jbell8 has quit IRC		07:04
openstackgerrit	Merged openstack/python-keystoneclient: Updated from global requirements https://review.openstack.org/247154	07:06
*** jasonsb has joined #openstack-keystone		07:10
*** jaosorior has joined #openstack-keystone		07:19
*** jbell8 has joined #openstack-keystone		07:24
*** jbell8 has quit IRC		07:37
*** zouyee has quit IRC		07:49
*** _zouyee has joined #openstack-keystone		07:49
*** csoukup has joined #openstack-keystone		07:50
*** lhcheng has joined #openstack-keystone		07:57
*** ChanServ sets mode: +v lhcheng		07:57
*** csoukup has quit IRC		08:00
*** tyagiprince has joined #openstack-keystone		08:05
tyagiprince	hey people.. I am getting an error on running a command "openstack user list"..	08:05
tyagiprince	WARNING: keystoneclient.auth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.	08:05
tyagiprince	ERROR: openstack Internal Server Error (HTTP 500)	08:05
tyagiprince	when I looked inside the logs, it says no module to import in /var/www/cgi-bin/keystone/admin	08:06
*** roxanaghe has quit IRC		08:06
*** roxanaghe has joined #openstack-keystone		08:07
*** roxanaghe has quit IRC		08:11
*** henrynash has joined #openstack-keystone		08:13
*** ChanServ sets mode: +v henrynash		08:13
tyagiprince	Got it right brothers.. Thanks.. :)	08:15
*** spandhe has joined #openstack-keystone		08:18
*** spandhe has left #openstack-keystone		08:18
*** fawadk has quit IRC		08:21
*** fawadkhaliq has joined #openstack-keystone		08:22
openstackgerrit	henry-nash proposed openstack/keystone-specs: Enable retrieval of default values of domain config options https://review.openstack.org/185650	08:26
*** daemontool_ has quit IRC		08:36
*** daemontool_ has joined #openstack-keystone		08:39
openstackgerrit	yangweiwei proposed openstack/oslo.policy: Modified enforce method in oslo.policy to enforce user-defined policy rules. https://review.openstack.org/247975	08:45
*** fawadkhaliq has quit IRC		08:53
*** fawadkhaliq has joined #openstack-keystone		08:53
*** aginwala has quit IRC		08:56
openstackgerrit	Julien Danjou proposed openstack/keystone: wsgi: fix base_url finding https://review.openstack.org/226464	08:56
*** fhubik has joined #openstack-keystone		08:57
xek	morning :)	08:58
tyagiprince	people.. I am working on configuring keystone with ldap.. and I have sourced my credentials like I used to do when it was configured with sql.. the problem is when i run the command "openstack user list" it gives the error messages.. one of them is could not find user admin..	09:03
*** pnavarro\|afk has joined #openstack-keystone		09:03
jamielennox	tyagiprince: any idea what's causing the 500?	09:03
jamielennox	it usually is accompanied by a stacktrace on the server	09:04
jamielennox	though you might have to set debug=True in keystone.conf for that	09:04
jamielennox	the discovering versions from service thing isn't relevant	09:04
tyagiprince	jamielennox: I am not getting 500.. ERROR: openstack The request you have made requires authentication. (HTTP 401) (Request-ID: req-8a988897-7a21-4f7e-9630-164c94222741)	09:04
jamielennox	oh, sorry i was just looking up the scrollback and was confusing earlier	09:05
jamielennox	ok, so couldn't find admin is a fairly generic message, and could come from a number of places	09:06
jamielennox	and i don't have an ldap setup at the moment that i can walk through with	09:06
jamielennox	but is the user being found in ldap?	09:06
*** roxanaghe has joined #openstack-keystone		09:08
tyagiprince	jamielennox: No it is not looking up in ldap.. I am sourcing a file admin-openrc.sh and the user it is talking about is the same present in the same file I am sourcing..	09:09
tyagiprince	jamielennox: I have enabled the logs.. Do you want to take a look at them?	09:09
jamielennox	tyagiprince: sure	09:10
jamielennox	tyagiprince: when you source the accrc file you are loading the client side with user/pass, if you are getting a message "could not find user admin" then that's coming from the server	09:11
jamielennox	saying that it was trying to authenticate with the user/pass you loaded but there was no admin user on the server side for it to auth with	09:11
tyagiprince	jamielennox: http://pastebin.com/SwT34tG3	09:11
*** roxanaghe has quit IRC		09:12
tyagiprince	Yes.. It is going to ldap maybe.. and couldnt find the admin user.. so I replaced the user with my user on ldap ie. prince.tyagi..	09:12
jamielennox	tyagiprince: yea, so its made it through to keystone - do you have an admin user in your ldap?	09:13
tyagiprince	still I am getting the same message that could not find the user prince.tyagi	09:13
jamielennox	so does your ldap query actually return?	09:13
jamielennox	like if you execute the query against the ldap server directly it works?	09:14
tyagiprince	jamielennox: Nope.. I sent you the logs after changing the user from admin to prince.tyagi	09:14
jamielennox	right - but skip keystone, does the ldap return a record for that query	09:14
tyagiprince	Yes.. If you are asking me if the credentials I m putting down there are correct.. I have checked that..	09:15
jamielennox	no, i'm saying if you execute the query against ldap with like ldapsearch it is returning something?	09:15
openstackgerrit	zouyee proposed openstack/keystone: notification.Audit.update needed to be changed from service_id to ref['id'] https://review.openstack.org/247324	09:15
jamielennox	i'm trying to figure out if the ldap filters are correct	09:16
tyagiprince	jamielennox: I have not tried that.. Let me do that and get back to you..	09:16
jamielennox	and this is an area i'm not good at	09:16
openstackgerrit	zouyee proposed openstack/keystone-specs: Update sample value of Policy blob attribute https://review.openstack.org/242827	09:23
*** jaosorior has quit IRC		09:23
*** markvoelker has quit IRC		09:30
tyagiprince	jamielennox: yes.. the ldap filters are correct.. I am able to retrieve the users using ldapsearch	09:31
*** e0ne has joined #openstack-keystone		09:31
jamielennox	tyagiprince: hmm, that's almost always the problem there	09:33
jamielennox	the traceback is telling us that it's tried to query the ldap server and didn't find anythign	09:33
jamielennox	sn=prince.tyagi doesn't look right	09:35
jamielennox	should it be cn	09:35
jamielennox	or uid	09:36
*** mhickey has joined #openstack-keystone		09:37
tyagiprince	jamielennox: I want to connect to active directory.. Should I follow the configuration in keystone doc?	09:38
tyagiprince	[ldap]	09:39
tyagiprince	user_objectclass = person	09:39
tyagiprince	user_id_attribute = cn	09:39
tyagiprince	user_name_attribute = cn	09:39
tyagiprince	user_mail_attribute = mail	09:39
tyagiprince	user_enabled_attribute = userAccountControl	09:39
tyagiprince	user_enabled_mask = 2	09:39
tyagiprince	user_enabled_default = 512	09:39
tyagiprince	user_attribute_ignore = tenant_id,tenants	09:39
tyagiprince	project_objectclass = groupOfNames	09:39
tyagiprince	project_id_attribute = cn	09:39
tyagiprince	project_member_attribute = member	09:39
tyagiprince	do I need to configure these in ldap section?	09:39
jamielennox	i'm not a great person to ask about ldap, i mostly get it but it's not my area	09:39
jamielennox	particularly for AD	09:39
jamielennox	what was the ldapsearch query you executed	09:40
jamielennox	so that doesn't look like what's being used	09:40
tyagiprince	ldapsearch -b "OU=users,OU=Technology,OU=snapdeal_delhi,OU=India,OU=Users,OU=UserId&Rooms,DC=jasperindia,DC=local" -D "CN=Prince Tyagi,OU=users,OU=Technology,OU=snapdeal_delhi,OU=India,OU=Users,OU=UserId&Rooms,DC=jasperindia,DC=local" -h 10.20.49.100 -W -u	09:40
jamielennox	put_filter: "(&(sn=prince.tyagi)(objectClass=inetOrgPerson))"	09:40
*** jaosorior has joined #openstack-keystone		09:41
jamielennox	have you got all your suffix etc configure?	09:42
*** jistr has joined #openstack-keystone		09:44
tyagiprince	jamielennox: I did some changes as suggested in the keystone configuration on http://docs.openstack.org/developer/keystone/configuration.html#configuring-the-ldap-identity-provider	09:47
tyagiprince	http://pastebin.com/LqhAgSAi	09:47
tyagiprince	You can take a look at the new logs I am getting at pastebin	09:47
jamielennox	tyagiprince: can you show me the conf?	09:47
jamielennox	i'm not actually sure how AD configuration is different there	09:49
*** EinstCrazy has quit IRC		09:49
jamielennox	but it looks to me like you're still missing like a bunch of suffix and like user_tree options	09:49
tyagiprince	http://pastebin.com/cTrdEhvF	09:50
tyagiprince	jamielennox: heres the keystone.conf	09:50
tyagiprince	jamielennox: I have changed the password.. since its my company ldap.. :P	09:51
jamielennox	good	09:51
jamielennox	so i'm not sure why but your options don't seem to be coming through	09:56
jamielennox	like it's not picking up person objecttype	09:56
tyagiprince	so should I go with the default ones? inetOrgPerson instead of person	09:57
openstackgerrit	Marian Horban proposed openstack/python-keystoneclient: Remove lock object from BaseIdentityPlugin https://review.openstack.org/246521	09:57
jamielennox	no, from the doc that looks ok for AD, it just doesn't seem to be doing it in keystone	09:58
tyagiprince	jamielennox: Did you find any problem with the configuration?	10:01
jamielennox	can you set the suffix and try it that way	10:01
jamielennox	i'm not sure, it shouldn't matter if you've got user_tree set	10:03
tyagiprince	I think theres some change in the logs.. I'll post them to you.. but the error is still the same.. 401.	10:03
jamielennox	youve got debug set right, there seems to be some logging statements missing	10:04
tyagiprince	jamielennox: http://pastebin.com/pjUh7W33	10:05
*** fawadkhaliq has quit IRC		10:05
tyagiprince	no these are the same logs.. let me get you different one.. sorry	10:06
*** aix has joined #openstack-keystone		10:07
jamielennox	tyagiprince: so i think it's going through this function: https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L1440	10:09
jamielennox	can you put a debug statement in there to show whats actually being requeste	10:09
jamielennox	d	10:09
*** fhubik has quit IRC		10:10
tyagiprince	jamielennox: http://pastebin.com/Fv6ExTaX	10:11
tyagiprince	take a look at this.. it says at the end requires authentication from 10.41.0.122 which is my compute.. and also neutron comes up in the logs..	10:11
jamielennox	yea, that's just the other services trying to auth in for something	10:13
tyagiprince	jamielennox: okay.. yes theres a neutron user.. It might be requesting for authentication.. I am not able to look up anything similar on google.. :P	10:17
tyagiprince	should I go with kerberos protocal and then configure ldap?	10:17
tyagiprince	jamielennox: yesterday I had a chat with ayoung.. He said that he would go with kerberos only but that will be make it difficult..	10:19
openstackgerrit	Grzegorz Grasza (xek) proposed openstack/keystone-specs: Online schema migration https://review.openstack.org/245186	10:19
jamielennox	kerberos is great, but it's going to be harder to configure	10:19
jamielennox	to just test it out i'd stay with straight ldap, it should be easier	10:20
jamielennox	you can always try kerberos later	10:21
*** pnavarro\|afk has quit IRC		10:27
*** fawadkhaliq has joined #openstack-keystone		10:30
*** markvoelker has joined #openstack-keystone		10:31
tyagiprince	jamielennox: how do I know if I have to use cn or sn or uid etc? I guess I am making mistakes in that only..	10:35
*** markvoelker has quit IRC		10:36
*** pnavarro\|afk has joined #openstack-keystone		10:39
*** lhcheng has quit IRC		10:43
*** e0ne has quit IRC		10:43
tyagiprince	jamielennox: what should I do?	10:45
tyagiprince	:P	10:45
tyagiprince	henrynash: hey do you have any idea about ldap (active directory) configuration with keystone?	10:46
*** topol has joined #openstack-keystone		10:46
*** ChanServ sets mode: +v topol		10:46
*** Nirupama has quit IRC		10:49
henrynash	tyagiprince: hi	10:50
*** topol has quit IRC		10:51
*** e0ne has joined #openstack-keystone		10:51
*** EinstCrazy has joined #openstack-keystone		10:54
*** fhubik has joined #openstack-keystone		10:56
openstackgerrit	henry-nash proposed openstack/keystone: Use list_role_assignments to get projects/domains for user https://review.openstack.org/242513	10:58
openstackgerrit	henry-nash proposed openstack/keystone: Show defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242564	10:59
openstackgerrit	henry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242574	11:02
*** henrynash has quit IRC		11:02
*** henrynash has joined #openstack-keystone		11:05
*** ChanServ sets mode: +v henrynash		11:05
samueldmq	henrynash: hi	11:08
*** fawadkhaliq has quit IRC		11:08
*** roxanaghe has joined #openstack-keystone		11:10
henrynash	samueldmq: hi	11:10
samueldmq	henrynash: if by chance you are going to submit another patchset for this chain https://review.openstack.org/#/c/242513/	11:11
henrynash	samueldmq: which i might!	11:11
samueldmq	henrynash: where I am co-author, please fix my email from @lsd (university) to samueldmq at gmail :)	11:12
henrynash	sanueldmq: oops, sorry about that - stole it from an old bp!	11:12
henrynash	samueldmq: so samueldmq@gmail.com ?	11:13
*** tyagiprince has quit IRC		11:14
openstackgerrit	henry-nash proposed openstack/keystone: Create new version of assignment driver interface https://review.openstack.org/242853	11:14
*** roxanaghe has quit IRC		11:14
samueldmq	henrynash: yep	11:14
henrynash	samueldmq: will do	11:14
samueldmq	henrynash: thanks, just noticed	11:15
samueldmq	henrynash: and to finishing reviewing all that chain; I will take still another look at the first one (creating the new driver) and put some wheight there	11:15
samueldmq	weight*	11:16
samueldmq	henrynash: for me it is the most complex :)	11:16
openstackgerrit	henry-nash proposed openstack/keystone: Use list_role_assignments to get projects/domains for user https://review.openstack.org/242513	11:22
henrynash	samueldmq: thanks - most of the “change” is, of course, just copyin thr old driver files (unchanged) to a new location	11:22
*** dims has joined #openstack-keystone		11:24
*** topol has joined #openstack-keystone		11:25
*** ChanServ sets mode: +v topol		11:25
openstackgerrit	henry-nash proposed openstack/keystone: Show defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242564	11:26
openstackgerrit	henry-nash proposed openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments https://review.openstack.org/242574	11:27
*** fawadkhaliq has joined #openstack-keystone		11:30
*** topol has quit IRC		11:30
*** henrynash has quit IRC		11:36
*** tyagiprince has joined #openstack-keystone		11:39
*** doug-fish has quit IRC		11:42
*** doug-fish has joined #openstack-keystone		11:42
*** tyagiprince has quit IRC		11:45
*** doug-fish has quit IRC		11:47
*** fawadkhaliq has quit IRC		11:53
*** daemontool_ has quit IRC		11:58
*** daemontool_ has joined #openstack-keystone		12:01
*** fhubik is now known as fhubik_brb		12:07
*** fhubik_brb is now known as fhubik		12:09
*** roxanaghe has joined #openstack-keystone		12:10
*** roxanaghe has quit IRC		12:15
*** e0ne has quit IRC		12:19
*** e0ne has joined #openstack-keystone		12:19
*** fhubik is now known as fhubik_brb		12:26
*** _zouyee has quit IRC		12:29
*** alejandrito has joined #openstack-keystone		12:30
*** markvoelker has joined #openstack-keystone		12:32
*** henrynash has joined #openstack-keystone		12:32
*** ChanServ sets mode: +v henrynash		12:32
*** aix has quit IRC		12:36
*** markvoelker has quit IRC		12:37
*** raildo-afk is now known as raildo		12:39
openstackgerrit	henry-nash proposed openstack/keystone: Create V9 Role Driver https://review.openstack.org/247805	12:39
*** miyagishi_t has quit IRC		12:43
openstackgerrit	henry-nash proposed openstack/keystone: Create V9 Role Driver https://review.openstack.org/247805	12:44
*** tyagiprince has joined #openstack-keystone		12:47
*** topol has joined #openstack-keystone		12:52
*** ChanServ sets mode: +v topol		12:52
*** tyagiprince1 has joined #openstack-keystone		12:54
*** wuhg has joined #openstack-keystone		12:55
tyagiprince1	do I need to create some specific schema in ldap server for my keystone to configure ldap?	12:55
*** tyagiprince has quit IRC		12:57
*** tyagiprince1 is now known as tyagiprince		12:57
*** fhubik_brb is now known as fhubik		13:00
samueldmq	henrynash: would be nice to get your role assignments expertise on https://review.openstack.org/#/c/215715/	13:03
henrynash	sameuldmq: ok, will take a look bit later, sure!	13:03
*** ajaya has quit IRC		13:05
openstackgerrit	Alexander Makarov proposed openstack/keystone-specs: Unified delegation spec https://review.openstack.org/189816	13:06
openstackgerrit	Alexander Makarov proposed openstack/keystone-specs: Unified delegation spec https://review.openstack.org/189816	13:07
*** tellesnobrega is now known as tellesnobrega_af		13:10
*** pauloewerton has joined #openstack-keystone		13:12
*** roxanaghe has joined #openstack-keystone		13:12
*** jaosorior has quit IRC		13:13
*** roxanaghe has quit IRC		13:16
*** mkoderer has quit IRC		13:18
*** mkoderer has joined #openstack-keystone		13:21
*** thiagop has joined #openstack-keystone		13:29
*** aix has joined #openstack-keystone		13:30
*** dave-mccowan has joined #openstack-keystone		13:30
breton_	jamielennox: in Fuel people ran into https://bugs.launchpad.net/python-openstackclient/+bug/1410364	13:32
openstack	Launchpad bug 1410364 in python-keystoneclient "Version discovery fails with default Keystone config" [Undecided,In progress] - Assigned to Dean Troyer (dtroyer)	13:32
breton_	jamielennox: they have a similar issue -- the address in public_endpoint is not accessible during bootstraping	13:33
*** ayoung has joined #openstack-keystone		13:33
*** ChanServ sets mode: +v ayoung		13:33
breton_	and the address there is not localhost, so tha patch suggested by dtroyer doesn't work for them	13:34
*** markvoelker has joined #openstack-keystone		13:35
*** richm has joined #openstack-keystone		13:39
*** sborkows has joined #openstack-keystone		13:40
openstackgerrit	henry-nash proposed openstack/keystone-specs: Allow url-safe project and domain names to be optionally enforced https://review.openstack.org/248083	13:43
openstackgerrit	henry-nash proposed openstack/keystone-specs: Allow url-safe project and domain names to be optionally enforced https://review.openstack.org/248083	13:47
*** gordc has joined #openstack-keystone		13:52
*** fhubik has quit IRC		13:54
samueldmq	henrynash: reviewed! lgtm	13:59
samueldmq	:)	13:59
henrynash	samulemq: thx	13:59
*** rm_work has quit IRC		14:01
*** tellesnobrega_af has quit IRC		14:02
*** tellesnobrega_af has joined #openstack-keystone		14:02
*** tellesnobrega_af has quit IRC		14:02
*** tellesno` has joined #openstack-keystone		14:02
*** tellesno` is now known as tellesnobrega_af		14:02
tyagiprince	hey... do I need to create some specific schema in ldap server for my keystone to configure ldap?	14:04
*** rm_work has joined #openstack-keystone		14:04
*** roxanaghe has joined #openstack-keystone		14:13
*** stevemar_ has joined #openstack-keystone		14:13
*** ChanServ sets mode: +o stevemar_		14:13
*** roxanaghe has quit IRC		14:17
*** jerrygb has joined #openstack-keystone		14:21
*** doug-fish has joined #openstack-keystone		14:21
*** tellesnobrega_af is now known as tellesnobrega		14:30
*** petertr7_away is now known as petertr7		14:31
*** daemontool has joined #openstack-keystone		14:35
*** daemontool_ has quit IRC		14:37
*** fawadkhaliq has joined #openstack-keystone		14:41
*** petertr7 is now known as petertr7_away		14:46
*** aix has quit IRC		14:47
*** petertr7_away is now known as petertr7		14:48
*** aix has joined #openstack-keystone		14:49
openstackgerrit	Tom Cocozzello proposed openstack/keystone: Pass dict into update() rather than **kwargs https://review.openstack.org/248116	14:50
*** ninag has joined #openstack-keystone		14:50
*** xek has quit IRC		14:55
*** gwei3 has joined #openstack-keystone		14:56
*** pumaranikar has joined #openstack-keystone		14:56
lbragstad	samueldmq thanks for respinning	15:00
*** boris-42 has joined #openstack-keystone		15:01
*** henrynash has quit IRC		15:02
*** breitz has joined #openstack-keystone		15:03
opilotte	dstanek, dolphm: if you have some spare time: https://review.openstack.org/#/c/210581	15:03
*** jasondotstar is now known as jasondotstar_afk		15:08
*** stevemar_ has quit IRC		15:10
*** e0ne has quit IRC		15:11
*** roxanaghe has joined #openstack-keystone		15:13
*** roxanaghe has quit IRC		15:18
*** jerrygb has quit IRC		15:22
*** jerrygb has joined #openstack-keystone		15:23
*** davechen has joined #openstack-keystone		15:26
*** timcline has joined #openstack-keystone		15:26
openstackgerrit	Merged openstack/pycadf: Remove Python 2.6 classifier https://review.openstack.org/246265	15:28
*** tyagiprince has quit IRC		15:29
*** petertr7 is now known as petertr7_away		15:31
*** e0ne has joined #openstack-keystone		15:33
*** rcernin has quit IRC		15:34
*** gwei3 has quit IRC		15:34
*** topol has quit IRC		15:36
*** petertr7_away is now known as petertr7		15:44
*** roxanaghe has joined #openstack-keystone		15:52
*** tellesnobrega is now known as tellesnobrega_af		15:52
*** tellesnobrega_af is now known as tellesnobrega		15:52
*** stevemar_ has joined #openstack-keystone		15:52
*** ChanServ sets mode: +o stevemar_		15:52
*** roxanaghe has quit IRC		15:55
*** e0ne_ has joined #openstack-keystone		15:57
*** e0ne has quit IRC		15:58
*** svasheka has quit IRC		15:58
*** stevemar_ has quit IRC		15:58
*** stevemar_ has joined #openstack-keystone		15:59
*** ChanServ sets mode: +o stevemar_		15:59
*** rcernin has joined #openstack-keystone		16:00
*** rcernin is now known as rcernin\|dinner		16:00
openstackgerrit	Tony Wang proposed openstack/keystone: Add `type' filter for list_credentials_for_user https://review.openstack.org/235214	16:01
*** sborkows has quit IRC		16:03
*** svasheka has joined #openstack-keystone		16:05
*** mhickey has quit IRC		16:14
*** stevemar_ has quit IRC		16:26
*** woodster_ has joined #openstack-keystone		16:29
*** roxanaghe has joined #openstack-keystone		16:30
*** roxanaghe has quit IRC		16:31
*** gordc has quit IRC		16:33
*** gordc has joined #openstack-keystone		16:33
*** mylu has joined #openstack-keystone		16:34
*** gyee has joined #openstack-keystone		16:37
*** ChanServ sets mode: +v gyee		16:37
*** mylu has quit IRC		16:38
*** stevemar_ has joined #openstack-keystone		16:39
*** ChanServ sets mode: +o stevemar_		16:39
*** lhcheng has joined #openstack-keystone		16:40
*** ChanServ sets mode: +v lhcheng		16:40
*** rcernin\|dinner is now known as rcernin		16:42
*** stevemar_ has quit IRC		16:44
*** dims_ has joined #openstack-keystone		16:44
*** dims has quit IRC		16:44
*** mylu has joined #openstack-keystone		16:44
*** stevemar_ has joined #openstack-keystone		16:45
*** ChanServ sets mode: +o stevemar_		16:45
*** pnavarro\|afk has quit IRC		16:45
*** mylu has quit IRC		16:48
*** mylu has joined #openstack-keystone		16:48
*** mylu has quit IRC		16:50
*** mylu_ has joined #openstack-keystone		16:50
*** topol has joined #openstack-keystone		16:50
*** ChanServ sets mode: +v topol		16:50
*** roxanaghe has joined #openstack-keystone		16:55
*** e0ne_ has quit IRC		16:58
*** daemontool has quit IRC		16:59
*** stevemar_ has quit IRC		16:59
*** stevemar_ has joined #openstack-keystone		17:00
*** ChanServ sets mode: +o stevemar_		17:00
*** daemontool has joined #openstack-keystone		17:02
*** toddnni has quit IRC		17:02
*** stevemar_ has quit IRC		17:04
*** mylu_ has quit IRC		17:16
*** mylu has joined #openstack-keystone		17:16
*** wuhg has quit IRC		17:31
*** petertr7 is now known as petertr7_away		17:34
openstackgerrit	Henrique Truta proposed openstack/keystone: API support for project cascade delete https://review.openstack.org/244248	17:35
openstackgerrit	Henrique Truta proposed openstack/keystone: Manager support for project delete cascade https://review.openstack.org/244149	17:35
openstackgerrit	Henrique Truta proposed openstack/keystone: Add backend support for deleting a projects list https://review.openstack.org/245916	17:35
*** petertr7_away is now known as petertr7		17:42
*** jasonsb has quit IRC		17:44
*** mylu has quit IRC		17:46
*** mylu has joined #openstack-keystone		17:46
openstackgerrit	Henrique Truta proposed openstack/keystone: API support for cascade update https://review.openstack.org/243585	17:50
openstackgerrit	Henrique Truta proposed openstack/keystone: Manager support for project cascade update https://review.openstack.org/243584	17:50
*** mylu has quit IRC		17:51
*** jasonsb has joined #openstack-keystone		17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Tests for projects acting as domains https://review.openstack.org/211219	17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Bye Bye Domain Table https://review.openstack.org/161854	17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Remove domain table references https://review.openstack.org/165936	17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Projects acting as domains https://review.openstack.org/231289	17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Removes project.domain_id FK https://review.openstack.org/233274	17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Change project name constraints https://review.openstack.org/158372	17:54
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain parameter to get_project_by_name https://review.openstack.org/210600	17:54
*** RichardRaseley has joined #openstack-keystone		17:56
*** ericksonsantos has quit IRC		17:58
openstackgerrit	Henrique Truta proposed openstack/keystone: Add is_domain filter to list_projects v3 https://review.openstack.org/158398	17:58
*** chrisshattuck has joined #openstack-keystone		17:58
openstackgerrit	Henrique Truta proposed openstack/keystone: Tests for subprojects acting as domains https://review.openstack.org/234907	17:59
*** josecastroleon has quit IRC		17:59
*** mylu has joined #openstack-keystone		18:00
*** mylu has quit IRC		18:01
*** jistr has quit IRC		18:01
*** mylu has joined #openstack-keystone		18:03
*** daemontool has quit IRC		18:05
*** dims has joined #openstack-keystone		18:05
*** dims_ has quit IRC		18:06
*** lhcheng has quit IRC		18:06
*** lhcheng_ has joined #openstack-keystone		18:07
*** daemontool has joined #openstack-keystone		18:07
*** fawadkhaliq has quit IRC		18:07
*** mylu has quit IRC		18:09
*** mylu has joined #openstack-keystone		18:09
*** aix has quit IRC		18:10
*** e0ne has joined #openstack-keystone		18:11
*** mylu has quit IRC		18:11
*** mylu has joined #openstack-keystone		18:12
*** mylu has quit IRC		18:14
*** thiagop has quit IRC		18:15
*** mylu has joined #openstack-keystone		18:15
*** mylu_ has joined #openstack-keystone		18:17
*** mylu has quit IRC		18:18
*** jbell8 has joined #openstack-keystone		18:21
*** e0ne has quit IRC		18:22
*** toddnni has joined #openstack-keystone		18:32
*** petertr7 is now known as petertr7_away		18:34
*** e0ne has joined #openstack-keystone		18:34
samueldmq	lbragstad: sure, np	18:36
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles https://review.openstack.org/242614	18:37
openstackgerrit	ayoung proposed openstack/keystone: Implied Roles https://review.openstack.org/242614	18:37
*** mylu_ has quit IRC		18:39
*** mylu has joined #openstack-keystone		18:39
*** edmondsw has joined #openstack-keystone		18:39
openstackgerrit	Lance Bragstad proposed openstack/keystone: Replace DateTime with BigInteger for Revocation Events https://review.openstack.org/243742	18:40
*** shaleh has joined #openstack-keystone		18:44
*** stevemar_ has joined #openstack-keystone		18:46
*** ChanServ sets mode: +o stevemar_		18:46
*** stevemar_ has quit IRC		18:48
*** stevemar_ has joined #openstack-keystone		18:48
*** ChanServ sets mode: +o stevemar_		18:48
*** aginwala has joined #openstack-keystone		18:51
openstackgerrit	Sean Perry proposed openstack/keystone: Use unit.new_project_ref consistently https://review.openstack.org/244523	18:53
shaleh	wow the bot is fast	18:54
openstackgerrit	Lance Bragstad proposed openstack/keystone: Replace DateTime with BigInteger for Revocation Events https://review.openstack.org/243742	18:54
notmorgan	shaleh: yes	18:56
*** tsymanczyk has quit IRC		18:56
notmorgan	shaleh: it is meant to be	18:56
*** e0ne has quit IRC		18:57
lbragstad	db question	19:06
lbragstad	is it only drop and alter table/column that cause database downtime?	19:08
*** aginwala has quit IRC		19:09
shaleh	lbragstad: unless you are locking and changing a bunch of data that about covers it	19:10
*** tsymanczyk has joined #openstack-keystone		19:11
*** tsymanczyk is now known as Guest66507		19:12
notmorgan	lbragstad: uhm.	19:12
notmorgan	lbragstad: many things can cause db downtime	19:12
notmorgan	lbragstad: it really depends on what you're doing. i can cause downtime with DELETE if I try.	19:12
*** gordc has quit IRC		19:13
*** stevemar_ has quit IRC		19:13
notmorgan	lbragstad: but for the most part alter can cause downtime, drop doesn't have to.	19:13
*** aginwala has joined #openstack-keystone		19:13
*** mylu has quit IRC		19:13
*** pumaranikar has quit IRC		19:15
*** stevemar_ has joined #openstack-keystone		19:16
*** ChanServ sets mode: +o stevemar_		19:16
*** aginwala has quit IRC		19:16
*** mylu has joined #openstack-keystone		19:21
*** lhcheng_ has quit IRC		19:23
*** lhcheng has joined #openstack-keystone		19:23
*** ChanServ sets mode: +v lhcheng		19:23
samueldmq	stevemar_: you around ?	19:24
stevemar_	samueldmq: of course	19:24
*** aginwala has joined #openstack-keystone		19:24
notmorgan	stevemar_: i'm guessing you got a bouncer all setup now? haven't seen you drop off recently	19:25
samueldmq	stevemar_: do we have a pach for removing endpoint_filter - enabled option ?	19:26
samueldmq	stevemar_: https://review.openstack.org/#/c/183377/30/keystone/common/config.py	19:26
notmorgan	stevemar_, dstanek, gyee, jamielennox: https://review.openstack.org/#/c/247699/2 should be a quick/easy review	19:26
notmorgan	would be good to get that rolling in.	19:26
*** Guest66507 is now known as tsymanczyk		19:27
edmondsw	stevemar_, I thought we'd said at the summit that we were deprecating v2.0, period. What's this about only deprecating parts of it?	19:27
samueldmq	stevemar_: found it, no need to approve this sample config update (https://review.openstack.org/#/c/247304/)	19:31
samueldmq	notmorgan: cc ^	19:31
shaleh	edmondsw: as I recall, we agreed to keep enough to auth and we'd drop just about everything else. This allowed people using non-Python tools the ability to catch up.	19:34
edmondsw	I guess I missed that...	19:35
*** pauloewerton has quit IRC		19:36
lbragstad	notmorgan makes sense	19:37
notmorgan	shaleh: auth v2 could actually be done strictly as translation middleware [almost]	19:37
lbragstad	notmorgan I was trying to figure out what how many cycles it would take to rename a column or table without downtim	19:37
notmorgan	edmondsw: and v2 auth, unfortunately, needs to stick around for a bit	19:37
lbragstad	downtime	19:37
shaleh	notmorgan: agreed	19:37
notmorgan	lbragstad: look at how nova does versioned objects... that is how it was solved for nova	19:38
edmondsw	notmorgan why?	19:38
edmondsw	and remembring that deprecated is not removed...	19:38
notmorgan	lbragstad: there will always be a quiesce requirement for writes/reads while a migration is done if data is matierially affected. but that can be handled with a lock	19:38
notmorgan	edmondsw: v2 auth is so heavily used... is the major issue	19:39
notmorgan	edmondsw: but thankfully most people are moving to keystoneauth so it becomes easier to control this	19:39
edmondsw	that's the reason to deprecate it... to finally get people to move off	19:39
notmorgan	edmondsw: well if everything isn't currently working on v3 (gate, etc)	19:39
stevemar_	notmorgan: still don't have it setup, just haven't been traveling recently :)	19:40
edmondsw	isn't it?	19:40
notmorgan	edmondsw: we can't rightfully deprecate	19:40
notmorgan	edmondsw: no.	19:40
notmorgan	stevemar_: dude, weechat in a screen man ;)	19:40
edmondsw	ok... I thought we resolved that in Liberty	19:40
stevemar_	notmorgan: i'm setting that up tonight!	19:40
notmorgan	stevemar_: good!	19:40
notmorgan	edmondsw: we need to have a gate job that effectively runs w/ v2 disabled	19:41
notmorgan	edmondsw: and passes anything that isn't v2 specific	19:42
notmorgan	once that is in place we can say we're ready to deprecate... at least that was the plan last cycle... stevemar_ is the ptl now so defer to him	19:42
*** pumaranikar has joined #openstack-keystone		19:45
*** mylu has quit IRC		19:46
*** mylu has joined #openstack-keystone		19:46
edmondsw	yep, that's why I'd directed to him... but tx for your answer, makes a little more sense	19:47
*** mylu has quit IRC		19:51
dstanek	Hmmm... Looks like ZNC keeps bugging out.	19:56
*** mylu has joined #openstack-keystone		19:57
*** aginwala has quit IRC		19:58
*** aginwala has joined #openstack-keystone		19:58
*** henrynash has joined #openstack-keystone		20:00
*** ChanServ sets mode: +v henrynash		20:00
stevemar_	edmondsw: !	20:02
*** mylu has quit IRC		20:02
edmondsw	hey, steve	20:02
*** slberger has joined #openstack-keystone		20:02
stevemar_	edmondsw: deprecating v2.0	20:02
*** mylu has joined #openstack-keystone		20:02
*** mylu has quit IRC		20:02
stevemar_	edmondsw: we agreed at the summit that we need to keep the authentication parts	20:02
*** mylu has joined #openstack-keystone		20:02
stevemar_	edmondsw: did you miss those parts?	20:02
*** fangxu has joined #openstack-keystone		20:02
edmondsw	yeah... I guess I missed that we were not deprecating it entirely	20:02
edmondsw	if we've still got things using v2.0 in the gate, that is a decent argument for not deprecating it entirely, I guess. I thought we'd already gotten everything in the gate onto v3	20:04
*** mylu has quit IRC		20:05
shaleh	https://review.openstack.org/#/c/247865 <-- 2 +2's but no Workflow....	20:06
*** mylu has joined #openstack-keystone		20:07
shaleh	yay another one down the pipe	20:07
stevemar_	edmondsw: i think it's just a case of not wanting to break folks that only have v2 endpoints in their setup	20:08
stevemar_	and RC files	20:08
*** obedmr_ has joined #openstack-keystone		20:09
edmondsw	deprecating something doesn't break anyone	20:09
*** tsymanczyk has quit IRC		20:17
obedmr_	hi all, I'm having trouble when trying to manage project members from Horizon, it's saying "Error: Could not find default role "_member_" in Keystone ", in order to fix that, I created the _member_ role and added 'admin' user to it	20:20
obedmr_	it doesnt appear on Liberty documentation, so, not sure if it should be there or?	20:20
*** fangxu has quit IRC		20:21
*** dims has quit IRC		20:23
*** obedmr_ is now known as obedmr		20:25
stevemar_	edmondsw: true dat	20:30
*** petertr7_away is now known as petertr7		20:33
*** tsymanczyk has joined #openstack-keystone		20:36
*** tsymanczyk is now known as Guest20434		20:36
*** aginwala has quit IRC		20:40
lbragstad	notmorgan so, if we were to take the versioned objects approach, we'd have to convert entities to be objects prior to online upgrades/	20:43
notmorgan	I think so	20:43
*** toddnni has quit IRC		20:44
*** ninag has quit IRC		20:44
*** aginwala has joined #openstack-keystone		20:47
*** NM has joined #openstack-keystone		20:53
*** NM has quit IRC		20:55
*** gordc has joined #openstack-keystone		20:55
*** jasonsb has quit IRC		20:56
ayoung	lbragstad, so I moved one of my bugs over to you	21:01
ayoung	https://bugs.launchpad.net/keystone/+bug/1268751	21:02
openstack	Launchpad bug 1268751 in OpenStack Identity (keystone) "Potential token revocation abuse via group membership" [High,Triaged] - Assigned to Lance Bragstad (lbragstad)	21:02
ayoung	it assumes we will be moving to Fernet.	21:02
*** shaleh is now known as shaleh\|afk		21:02
*** openstackstatus has quit IRC		21:02
*** openstack has joined #openstack-keystone		21:03
*** openstackstatus has joined #openstack-keystone		21:04
*** ChanServ sets mode: +v openstackstatus		21:04
*** mylu has quit IRC		21:07
*** mylu has joined #openstack-keystone		21:07
lbragstad	ayoung i believe we have another bug open that is very similar to that?	21:08
lbragstad	ayoung similar to - https://bugs.launchpad.net/keystone/+bug/1511775	21:10
openstack	Launchpad bug 1511775 in OpenStack Identity (keystone) "Revoking a role revokes the unscoped token for a user" [Medium,Triaged] - Assigned to Jorge Munoz (jorge-munoz)	21:10
*** mylu has quit IRC		21:11
*** pnavarro\|afk has joined #openstack-keystone		21:12
*** ninag has joined #openstack-keystone		21:15
stevemar_	ayoung: thanks for cleaning up all the bugs	21:15
stevemar_	ayoung: you da you da man	21:15
*** navid_ has joined #openstack-keystone		21:18
*** daemontool has quit IRC		21:19
*** tjcocozz has left #openstack-keystone		21:19
*** tjcocozz has joined #openstack-keystone		21:19
*** daemontool has joined #openstack-keystone		21:19
*** Guest20434 has quit IRC		21:20
*** slberger has left #openstack-keystone		21:24
*** tsymanczyk has joined #openstack-keystone		21:25
*** mylu has joined #openstack-keystone		21:25
*** tsymanczyk is now known as Guest70066		21:26
*** stevemar_zzz has joined #openstack-keystone		21:27
stevemar_zzz	test	21:30
stevemar_	stevemar_zzz: hey	21:30
*** stevemar_ has quit IRC		21:31
*** mylu has quit IRC		21:31
*** mylu has joined #openstack-keystone		21:32
*** mylu_ has joined #openstack-keystone		21:33
*** mylu has quit IRC		21:33
*** lamb has joined #openstack-keystone		21:34
lamb	stevemar_zzz: hello!	21:35
lamb	stevemar_zzz: are you getting this?	21:35
lamb	stevemar_zzz: this is a test. hopefully you can see this on your phone	21:36
lamb	stevemar_zzz: here's another message	21:36
*** toddnni has joined #openstack-keystone		21:37
*** topol has quit IRC		21:38
*** RichardRaseley has quit IRC		21:41
ayoung	stevemar_zzz, just the ones assigned to me	21:45
ayoung	lbragstad, yep...I'd argue that it is a duplicate	21:45
*** fangxu has joined #openstack-keystone		21:47
*** rcernin has quit IRC		21:50
openstackgerrit	Fangzhou Xu proposed openstack/keystone: Make getting token revocation list 9x faster on Mysql https://review.openstack.org/239608	21:54
*** pnavarro\|afk has quit IRC		21:55
openstackgerrit	Fangzhou Xu proposed openstack/keystone: Make getting token revocation list 9x faster on Mysql https://review.openstack.org/239608	21:58
*** ninag has quit IRC		21:58
*** roxanaghe has quit IRC		21:58
*** roxanaghe has joined #openstack-keystone		21:59
*** navid_ has quit IRC		22:01
kfox1111	does the [token] driver= change for fernet tokens too, or just provider=?	22:01
*** dave-mccowan has quit IRC		22:03
*** henrynash has quit IRC		22:03
*** timcline has quit IRC		22:04
*** gordc has quit IRC		22:04
kfox1111	something seems wrong...	22:05
kfox1111	I do:	22:05
kfox1111	keystone-manage fernet_setup --keystone-user keystone --keystone-group apache	22:05
*** mylu_ has quit IRC		22:05
kfox1111	and it made /etc/keystone/fernet-keys but its empty.	22:05
*** mylu has joined #openstack-keystone		22:05
kfox1111	doing a fernet_rotate doesn't create keys either.	22:06
kfox1111	any ideas?	22:06
*** davechen has left #openstack-keystone		22:06
lbragstad	kfox1111 fernet_setup should create keys for you	22:06
*** henrynash has joined #openstack-keystone		22:06
*** ChanServ sets mode: +v henrynash		22:06
*** mylu_ has joined #openstack-keystone		22:07
*** lamb has quit IRC		22:07
*** mylu has quit IRC		22:07
lbragstad	kfox1111 http://cdn.pasteraw.com/exoeh3f081lfeamocyuct8onu9sohmi	22:08
kfox1111	I'm also seeing this: https://ask.openstack.org/en/question/84451/help-no-handlers-oslo_configcfg-installing-keystone/	22:08
kfox1111	lbragstad: yeah, thats what I'd expect, but I'm not seeing that. just a return code of 1.	22:09
*** lhcheng has quit IRC		22:09
*** stevemar_zzz is now known as stevemar		22:09
lbragstad	kfox1111 enable debug = True if you haven't already?	22:09
*** ChanServ sets mode: +o stevemar		22:09
lbragstad	and verbose = True	22:09
kfox1111	ah. yeah. sec...	22:09
lbragstad	could be a permissions thing?	22:09
kfox1111	http://pastebin.com/zL55nR6J	22:10
openstackgerrit	Merged openstack/keystoneauth: Put Session options into an option group https://review.openstack.org/247699	22:10
*** richm has left #openstack-keystone		22:10
kfox1111	still no joy.	22:11
kfox1111	not sure how.	22:11
kfox1111	the command runs as root I think?	22:11
lbragstad	kfox1111 no, it uses the user and group you pass it	22:11
lbragstad	check the permissions on /etc/keystone/	22:12
lbragstad	and ensure the keystone user is a member of the apache group?	22:12
kfox1111	Its being made like:	22:12
kfox1111	drwx------ 2 keystone apache 6 Nov 20 14:11 /etc/keystone/fernet-keys/	22:12
henrynash	dstanek: ping	22:12
kfox1111	in the strace, I'm seeing:	22:13
kfox1111	open("/etc/keystone/fernet-keys/0", O_WRONLY\|O_CREAT\|O_TRUNC, 0666) = -1 EACCES (Permission denied)	22:13
kfox1111	so, yeah, that is a problem.	22:13
lbragstad	kfox1111 yeah	22:13
*** pumaranikar has quit IRC		22:13
lbragstad	kfox1111 just out of curiosity	22:13
lbragstad	what if you use apache as the user and the group?	22:14
*** aginwala has quit IRC		22:14
kfox1111	I'm sticking keystone in apache.	22:14
lbragstad	keystone-manage fernet_setup --keystone-user apache --keystone-group apache	22:14
kfox1111	did I guess wrong?	22:14
lbragstad	ok	22:14
kfox1111	let me try that...	22:14
lbragstad	as long as your keystone user can read from that location, you should be good	22:15
openstackgerrit	Merged openstack/keystone: Minor cleanups for usage of group refs https://review.openstack.org/247865	22:15
lbragstad	which would require it being a member of the apache group	22:15
kfox1111	open("/etc/keystone/fernet-keys/0", O_WRONLY\|O_CREAT\|O_TRUNC, 0666) = -1 EACCES (Permission denied)	22:15
kfox1111	drwx------ 2 apache apache 6 Nov 20 14:15 /etc/keystone/fernet-keys/	22:16
kfox1111	that didn't work either. :/	22:16
*** aginwala has joined #openstack-keystone		22:16
lbragstad	kfox1111 did it create the keys though?	22:16
kfox1111	nope. it creates the dir, then bails after failing to create the 0 key.	22:17
kfox1111	keystone keystone works though.....	22:18
kfox1111	I'll see if apache can use it that way...	22:18
lbragstad	kfox1111 it works when you specify keystone as the user and the group in the `keystone-manage fernet_setup` command?	22:19
stevemar	kfox1111: ping me	22:19
*** ninag has joined #openstack-keystone		22:20
kfox1111	yeah.	22:20
*** ninag has quit IRC		22:20
lbragstad	cool	22:20
stevemar	kfox1111: use my username!	22:20
stevemar	or lbragstad	22:20
stevemar	:)	22:20
lbragstad	stevemar	22:20
lbragstad	steve	22:20
lbragstad	ste	22:20
lbragstad	st	22:20
lbragstad	:)	22:20
stevemar	Hellllo	22:21
stevemar	Finally setup znc	22:21
stevemar	Thanks guys!	22:21
*** tellesnobrega is now known as tellesnobrega_af		22:22
kfox1111	np. :)	22:22
*** tellesnobrega_af is now known as tellesnobrega		22:23
*** henrynash has quit IRC		22:24
lbragstad	kfox1111 can you run keystone and get fernet tokens?	22:24
*** doug-fish has quit IRC		22:25
kfox1111	I'm testing that now...	22:25
*** richm has joined #openstack-keystone		22:27
kfox1111	looking like it. gota try it on the other cluster members now.	22:27
openstackgerrit	Lance Bragstad proposed openstack/keystone: Replace DateTime with BigInteger for Revocation Events https://review.openstack.org/243742	22:27
kfox1111	is it safe to sync with rsync, or do you have to do the ordering more carefully?	22:29
lbragstad	kfox1111 what do you mean by ordering?	22:30
lbragstad	kfox1111 do you always have to sync from the same keystone node?	22:30
kfox1111	I mean, do you need to ensure the new keys get added before the old ones are deleted?	22:31
kfox1111	or does the order not matter?	22:31
lbragstad	kfox1111 yes	22:31
lbragstad	kfox1111 i have a write up	22:31
kfox1111	so, maybe two rsync passes then?	22:31
kfox1111	one to sync new files, then one to clean out old files?	22:31
*** RichardRaseley has joined #openstack-keystone		22:31
*** ninag has joined #openstack-keystone		22:31
*** ninag has quit IRC		22:31
lbragstad	kfox1111 oh, no rsync will do that in one stepl	22:31
lbragstad	s/stepl/step/	22:32
kfox1111	it always adds first, then deletes?	22:32
lbragstad	kfox1111 what you'll what to be mindful of is performing a rotation on one node and ensuring it was successful before attempting the distribution to the other keystone nodes in the cluster	22:32
kfox1111	k.	22:33
kfox1111	I was just scripting up the second part. getting the key dir synced to the other nodes.	22:33
lbragstad	kfox1111 http://superuser.com/questions/156664/what-are-the-differences-between-the-rsync-delete-options	22:35
lbragstad	kfox1111 you could pass rsync something like --delete-after ?	22:35
lbragstad	i tried to put together an FAQ after the summit - https://github.com/lbragstad/notes/blob/master/summits/tokyo/fernet-notes.md	22:36
lbragstad	^ that and other things have been merged to the openstack-manuals projec t	22:36
kfox1111	ah. nice.	22:36
lbragstad	kfox1111 https://github.com/openstack/openstack-manuals/commit/d0003aa13363265fe049c05acfae6f97f4fb98f1	22:36
kfox1111	darn. you can't rsync from a remote host to a remote host... ok. will have to do this two part.	22:36
lbragstad	kfox1111 the openstack-ansible has a pretty slick way to do it with rsync	22:37
*** roxanaghe has quit IRC		22:37
lbragstad	kfox1111 they actually prep scripts on each keystone node that allows any keystone node the ability to sync keys	22:37
kfox1111	k. I'll see if I can find the scripts.	22:38
lbragstad	kfox1111 https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_keystone/templates/keystone-fernet-rotate.sh.j2	22:39
lbragstad	kfox1111 i believe that is the script that is dropped on each keystone node	22:39
lbragstad	kfox1111 https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_keystone/tasks/keystone_fernet_keys_autorotate.yml	22:39
kfox1111	yeah. that's very similar to what I was thinking.	22:40
kfox1111	but I've got a management node I was thinking of running the script out of, so it would be, rotate the keys on one node, scp them to the mgmt node, then push them out from there.	22:40
lbragstad	kfox1111 is your management node a keystone node?	22:41
kfox1111	no.	22:42
kfox1111	otherwise I could just do the key generation there.	22:43
lbragstad	kfox1111 does your management node act as a barrier (network-wise) between your keystone cluster and the rest of the world?	22:43
kfox1111	though once kolla's a little more stable, I can just run a container there.	22:43
kfox1111	no. but it does have ssh keys to the keystone cluster, while the keystone nodes themselves don't to each other.	22:43
lbragstad	ok that makes sense	22:43
kfox1111	I could add ssh keys, but it lessens security slightly.	22:44
dstanek	stevemar: notmorgan: looks like there is some stuff that we have to clarify for dealing with versioned drivers https://review.openstack.org/#/c/242853/	22:44
lbragstad	kfox1111 so something like this? https://github.com/lbragstad/revolver/blob/master/revolve.yaml	22:44
htruta	guys, is there a reason for us still have variables called tenant and tenant_id in files like resource/core.py?	22:45
lbragstad	kfox1111 if you're using ansible, your inventory file would contain all the keystone nodes that you have in your cluster	22:45
lbragstad	and that would copy the key repository from a single location (your management node) to all the keystone nodes	22:46
kfox1111	yeah. something like that might work.	22:46
kfox1111	this seems to work too:	22:46
kfox1111	rsync --delete-after -avz -e ssh --progress /tmp/fernet-keys/ ks1:/etc/keystone/fernet-keys/	22:46
kfox1111	arg... out of order...	22:46
kfox1111	first this:	22:46
kfox1111	rsync --delete-after -avz -e ssh --progress ks0:/etc/keystone/fernet-keys/ /tmp/fernet-keys/	22:46
kfox1111	and iterate over all the ks($x>0) hosts	22:47
stevemar	dstanek, yes that is on my to-do list for Monday	22:48
kfox1111	and that script should work at any time. so if I blow away a cluster node, then run it again, it should put the keys back.	22:48
dstanek	stevemar: i'm thinking of how i want to do this and i'll submit a review that updates the doc to that effect for discussion	22:48
lbragstad	kfox1111 http://cdn.pasteraw.com/cuzua72lz9l1nq098oab5rzfzvvfrwv	22:48
stevemar	dstanek, cool beans s	22:49
lbragstad	kfox1111 only if you keep the master set of keys on your management node	22:49
kfox1111	nice. yeah.	22:49
lbragstad	kfox1111 if that is the case, and always true, then you'll be able to bootstrap any new keystone node with your management node	22:49
kfox1111	once kolla 1.1 gets released, I'll definitely do that. :)	22:49
lbragstad	or if you need to rebuild a keystone node	22:49
*** obedmr has quit IRC		22:50
lbragstad	kfox1111 if you notice any gotchas with how you are doing it, please let me know. i'd like to capture documentation around it	22:50
dstanek	stevemar: in my mind the goal is not to allow or encourage use of our old driver versions - instead to support out-of-tree drivers	22:50
*** simondodsley_ has quit IRC		22:50
kfox1111	use something like docker run -it --rm -v fernet-keys:/etc/keystone/fernet-keys kolla-glue/centos-keystone keystone-manage fernet_rotate	22:51
kfox1111	sure. will do. :)	22:51
*** ninag has joined #openstack-keystone		22:51
kfox1111	then the magement node doesn't have to have anything installed on it but docker.	22:52
*** ninag has quit IRC		22:52
lbragstad	kfox1111 yeah, i assume you have keystone "installed" on your management node so that you can use keystone-manage to rotate, right?	22:52
*** ninag has joined #openstack-keystone		22:52
kfox1111	no. not at present.	22:52
lbragstad	oh, you scp your keys there,	22:52
lbragstad	that's right	22:52
kfox1111	I'm picking one of the controllers to do the rotation on, then rsyncing that nodes keys to the mgmt node, then to all the rest.	22:53
lbragstad	gothca	22:53
kfox1111	should be able to script that all up to a cron job on the mgmt node.	22:53
lbragstad	i was thinking about taking out all the logic to do key setup and rotation into it's own little tool,	22:53
lbragstad	that way if people wanted to run key management from a separate node, they wouldn't have to install keystone to get that stuff	22:54
kfox1111	that might be good. I'd be a little worried the dependencies woudl be almost as bad though.	22:54
lbragstad	kfox1111 nope, fernet just need pyca/cryptography	22:54
lbragstad	and msgpack	22:54
kfox1111	hmm... that wouldn't be too bad.	22:54
lbragstad	actually, no msgpack	22:54
lbragstad	not for key creation and rotation	22:55
kfox1111	nice. yeah, that would be better.	22:55
lbragstad	i think this would be it	22:55
lbragstad	https://github.com/lbragstad/fernet-inspector/blob/master/fernet_inspector/core.py#L13	22:55
kfox1111	ok. after the rsync, the second controller seems to be working.	22:55
stevemar	dstanek, so I agree, and if we have a new version we should clarify that as well as possible le	22:56
*** fangxu has quit IRC		22:56
*** aginwala has quit IRC		22:56
*** ninag has quit IRC		22:56
lbragstad	kfox1111 awesome	22:57
kfox1111	yup. seems to work. :)	22:57
stevemar	Heading home	22:57
kfox1111	ok. I've got a whole ha keystone cluster done. :)	22:58
lbragstad	kfox1111 and all your tokens are still valid!	22:58
lbragstad	\o/	22:58
samueldmq	lbragstad: dolphm: have you seen https://review.openstack.org/#/c/239608 ?	22:58
kfox1111	\o/	22:58
samueldmq	lbragstad: dolphm: it says to "Make getting token revocation list 9x faster on Mysql"	22:59
kfox1111	ok. last test.... delete from tokens; :)	22:59
lbragstad	samueldmq i think i saw it at one point but i never followed up on it :)	22:59
* lbragstad adds it to the queue		23:00
lbragstad	kfox1111 you mean deleting a token or deleting keys?	23:01
kfox1111	deleting all the uuid tokens out of the db.	23:01
kfox1111	since they should be unused in this setup.	23:01
kfox1111	(migrating uuid to fernet and single controller keystone to a keystone cluster)	23:01
lbragstad	kfox1111 right, that would just depend on if your users are still expecting them to be valid?	23:01
samueldmq	lbragstad: looks intriguing... have to have a better look at it later	23:02
kfox1111	We'll do a final migration/outage on the 24th.	23:02
lbragstad	but, that wound't make sense	23:02
lbragstad	samueldmq ++	23:02
samueldmq	lbragstad: jsut would like to give a heads up, and it would affect fernet too :)	23:02
lbragstad	samueldmq absolutely	23:02
kfox1111	we're going to have to take an outage anyway to update all the configs pointing at the old keystone.	23:02
kfox1111	so I don't mind invalidating all the old tokens.	23:03
lbragstad	kfox1111 yeah, once you switch your token.provider to fernet; you won't be able to validate uuid tokens anymore (at least not with the upstream providers)	23:03
*** stevemar_ has joined #openstack-keystone		23:04
*** ChanServ sets mode: +o stevemar_		23:04
*** stevemar_ has quit IRC		23:04
kfox1111	ok. the token table has 0 entries and keystone tenant-list still works! :)	23:04
* lbragstad hands kfox1111 a beer		23:04
lbragstad	nice work sir	23:04
kfox1111	thanks. but I just did the easy part. all the keystone developers did all the hard work. :)	23:05
lbragstad	happy it worked and hopefully it continues to go smoothly for you; let me know if you uncover anything no covered in the merged FAQ doc and i'll propose a follow-up commit	23:06
* lbragstad heads out		23:07
lbragstad	o/	23:07
kfox1111	thanks.	23:07
kfox1111	and thanks for all the help. :)	23:07
kfox1111	have a good one. :)	23:07
lbragstad	no problem!	23:07
lbragstad	you too	23:07
stevemar	kfox1111: nice!	23:07
stevemar	lbragstad: do you not have channel privs?	23:08
*** stevemar sets mode: +v lbragstad		23:08
stevemar	lbragstad: you now have voice	23:08
kfox1111	+1 :)	23:09
kfox1111	wow....	23:09
kfox1111	so, after getting rid of the tokens, and redumping all the production database for the keystone cluster,	23:09
kfox1111	-rw-r--r-- 1 root root 6.5M Nov 20 15:08 keystone-test2.sql	23:09
kfox1111	its really really tiny. :)	23:09
stevemar	nice	23:09
*** aginwala has joined #openstack-keystone		23:09
kfox1111	I think most of the rest are just the ldap mapping stuff.	23:10
*** fangxu has joined #openstack-keystone		23:11
stevemar	Teeeest	23:13
samueldmq	stevemar: 1 test ran - 0 errors	23:16
samueldmq	stevemar: congratualtions :)	23:16
stevemar	samueldmq: indeed!	23:16
stevemar	samueldmq: finally setup my znc bouncer and android client	23:16
samueldmq	stevemar: great, congrats!	23:16
samueldmq	stevemar: what s/w are you using ?	23:17
samueldmq	stevemar: I use weechat; however I don't use any mobile client	23:17
*** petertr7 is now known as petertr7_away		23:19
*** roxanaghe has joined #openstack-keystone		23:21
*** aginwala has quit IRC		23:24
*** fangxu has quit IRC		23:26
stevemar	samueldmq: i use znc on my VM, and "AndChat" is the only android client i could get working	23:27
samueldmq	stevemar: nice, glad you got it working	23:28
stevemar	samueldmq: it was always on the to do list	23:29
*** alejandrito has quit IRC		23:29
stevemar	samueldmq: just ... uh.. the list is getting long these days :)	23:29
*** markvoelker has quit IRC		23:34
*** adelia has joined #openstack-keystone		23:38
*** adelia_ has joined #openstack-keystone		23:38
*** toddnni has quit IRC		23:41
*** adelia has quit IRC		23:43
*** adelia_ has quit IRC		23:43
*** mylu_ has quit IRC		23:43
*** aginwala has joined #openstack-keystone		23:49
*** lhcheng has joined #openstack-keystone		23:50
*** ChanServ sets mode: +v lhcheng		23:50
*** lhcheng_ has joined #openstack-keystone		23:51
jamielennox	stevemar: i have a similar setup except firrre.com runs a hosted znc and AndroIrc worked for me	23:54
jamielennox	saves running my own stuff	23:54
*** lhcheng has quit IRC		23:54
stevemar	I had androirc but I could get it to connwct	23:55
*** fangxu has joined #openstack-keystone		23:56
*** chrisshattuck has quit IRC		23:57
stevemar	Jamielennox, toss me a few more pings	23:57
jamielennox	stevemar: p	23:57
jamielennox	stevemar: i	23:57
jamielennox	stevemar: n	23:57
jamielennox	stevemar: g	23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!