Friday, 2015-12-18

« Thursday, 2015-12-17 Index Saturday, 2015-12-19 »
*** ayoung has quit IRC00:03
*** chlong has joined #openstack-keystone00:04
mordredsamueldmq: soon00:06
*** alejandrito has quit IRC00:08
*** gildub has joined #openstack-keystone00:16
*** EinstCrazy has quit IRC00:25
*** agireud has quit IRC00:30
*** agireud has joined #openstack-keystone00:36
*** agireud has quit IRC00:36
*** agireud has joined #openstack-keystone00:36
*** sigmavirus24 is now known as sigmavirus24_awa00:37
*** RichardRaseley has quit IRC00:39
*** markvoelker has quit IRC00:39
*** aginwala has quit IRC00:43
*** nkinder has quit IRC00:45
*** miguelgrinberg has joined #openstack-keystone00:45
*** aginwala has joined #openstack-keystone00:46
*** agireud has quit IRC00:51
*** markvoelker has joined #openstack-keystone00:55
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Disable memory caching of tokens  https://review.openstack.org/21234500:57
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Don't cache signed tokens  https://review.openstack.org/19094100:57
*** EinstCrazy has joined #openstack-keystone01:02
*** dims has quit IRC01:04
*** doug-fish has quit IRC01:05
*** daemontool has quit IRC01:08
*** dims has joined #openstack-keystone01:09
*** aginwala has quit IRC01:13
*** darrenc_afk is now known as darrenc01:13
*** arunkant_ has quit IRC01:14
*** aginwala has joined #openstack-keystone01:28
*** aginwala has quit IRC01:36
*** aginwala has joined #openstack-keystone01:38
*** oomichi is now known as oomichi_away01:48
*** browne has quit IRC01:49
*** agireud has joined #openstack-keystone01:51
*** roxanaghe has quit IRC01:52
*** roxanaghe has joined #openstack-keystone01:54
openstackgerritJamie Lennox proposed openstack/python-keystoneclient: Deprecate adapter  https://review.openstack.org/25874201:55
*** agireud has quit IRC01:59
*** roxanaghe has quit IRC02:00
*** agireud has joined #openstack-keystone02:02
*** _cjones_ has quit IRC02:02
*** _cjones_ has joined #openstack-keystone02:03
*** agireud has quit IRC02:07
*** _cjones_ has quit IRC02:08
*** ayoung has joined #openstack-keystone02:18
*** ChanServ sets mode: +v ayoung02:18
*** agireud has joined #openstack-keystone02:23
openstackgerritJamie Lennox proposed openstack/keystoneauth: Add some documentation about migrating from ksc  https://review.openstack.org/25925602:34
openstackgerritMerged openstack/keystone: Use list_role_assignments to get projects/domains for user  https://review.openstack.org/24251302:39
*** kragniz has quit IRC02:41
jamielennoxmordred: want to do some friday afternoon approving?02:42
jamielennoxor whatever time it is now02:42
jamielennoxdamnit02:42
jamielennoxnotmorgan: ^^02:42
notmorganjamielennox: oh sure.02:42
notmorganwhy not!02:42
jamielennoxjust so you're both aware i am still getting you confused02:42
notmorganahahahhahahahahahahaha02:42
notmorgandude02:42
notmorgani even changed my nick:P02:42
jamielennoxyea, so now mo<tab> just autocompletes without choices02:42
notmorganway better hut?02:43
notmorganhuh?02:43
jamielennoxhttps://review.openstack.org/#/c/117089/02:43
notmorganok looking02:44
jamielennoxhttps://review.openstack.org/#/c/244440/02:44
*** fangxu has quit IRC02:45
notmorganmight take me a bit, watching a movie and about a 1/2 bottle of wine in for the evening02:45
jamielennoxnotmorgan: that's exactly where i want to catch you for reviews!02:45
jamielennoxwhats the movie?02:45
notmorganSecret Life of Walter Mitty02:45
notmorganreally enjoying it02:45
jamielennoxah, haven't seen it i'm not a big fan of what's his face02:46
*** kragniz has joined #openstack-keystone02:46
notmorganben stilleR?02:47
notmorganhis more serious stuff is good02:47
notmorganalmost time to get food.02:48
*** dims has quit IRC02:50
*** aginwala has quit IRC02:51
*** agireud has quit IRC02:57
openstackgerritMerged openstack/keystone: Fix fernet padding for python 3  https://review.openstack.org/23171103:02
*** agireud has joined #openstack-keystone03:02
openstackgerritMerged openstack/keystone: Show defect in list_user_ids that only lists direct user assignments  https://review.openstack.org/24256403:04
openstackgerritMerged openstack/keystone: Fix defect in list_user_ids that only lists direct user assignments  https://review.openstack.org/24257403:04
openstackgerritMerged openstack/keystone: Limiting for fake LDAP  https://review.openstack.org/24774903:05
*** RA has joined #openstack-keystone03:05
*** RA is now known as Guest3966803:06
*** Guest39668 is now known as _RA03:08
*** spandhe has quit IRC03:09
*** aginwala has joined #openstack-keystone03:12
*** aginwala has quit IRC03:13
*** links has joined #openstack-keystone03:14
*** gyee has quit IRC03:40
*** sdake has joined #openstack-keystone03:40
*** markvoelker has quit IRC03:47
*** fangxu has joined #openstack-keystone04:16
*** albertom has quit IRC04:28
*** davechen has joined #openstack-keystone04:28
*** albertom has joined #openstack-keystone04:30
*** markvoelker has joined #openstack-keystone04:47
*** david-lyle has quit IRC04:50
*** markvoelker has quit IRC04:52
*** steveng has joined #openstack-keystone05:04
*** steveng has quit IRC05:04
notmorganjamielennox: just -1'd a couple patches in your deprecate changeset05:09
notmorganjamielennox: mostly because we don't want to report the deprecations to the end users - so we need servers/python-*clients to be mostly KSA first.05:09
notmorganjamielennox: imo05:09
notmorganjamielennox: these are soft -1s but i think we need to hold on this deprecation notice for a bit.05:10
*** davechen has left #openstack-keystone05:14
stevemarnotmorgan: it'll force users and project maintainers to switch over :P05:20
notmorganno it wont05:20
notmorganbecause the clients are using session05:20
notmorganthis is not something the end user has the ability to change05:20
notmorganthis is something we need to land in python-*client05:20
notmorganthis is like urllib3 saying OMG THIS IS INSECURE because requests says "insecure=True"05:21
notmorganand is expected05:21
stevemarnotmorgan: when is the line draw?05:22
*** Nirupama has joined #openstack-keystone05:22
stevemarnotmorgan: the six core projects need to be migrated over? all of them?05:22
stevemar(all meaning ALL python-*client)05:22
notmorgani'd argue the line is drawn when we have the core/starter edition clients moved05:22
stevemarnovaclient is done now05:23
notmorganso, glance, neutron, keystoneclient, nova, cinder, osc, uh i'm forgetting one05:23
notmorgandid ti all land? last i saw it was in flight05:23
stevemarswift05:23
notmorganswift is a special case05:23
stevemari think i saw it +A'ed05:23
notmorganswift wont factor into this.05:23
notmorganswift will go from non-session -> ksa05:23
stevemaryes, migrated: https://review.openstack.org/#/c/256056/05:24
notmorganso, glance neutron, ksc, nova, cinder, heat?05:24
stevemarheat isn't technically core05:24
stevemarhorizon would be05:24
notmorganafter that i'm content to say "seriously you're in the minority and we'll help"05:24
notmorganhorizon is also a special case05:24
notmorganbut getting the majority of actions to not complain to the end user would be ideal05:25
stevemarthese dudes; http://vmiss.net/wp-content/uploads/2015/11/Messages-Image9548435111.png05:25
notmorganok05:25
notmorganheat would be a nice-to-have05:25
notmorganbut then once glance nova cinder neutron and keystone clients are solid i say deprecate05:26
notmorgani'll hold the -1s until then, but they are soft -1s05:26
stevemaryou keep mentioning keystoneclient05:26
notmorganand swift will be worked on separately [i have a plan for this soon] and should not be affected cause they don't do session05:26
notmorganyes05:26
notmorganksc needs to move to use ksa session05:26
notmorganit does not do that yet05:27
stevemaroh i guess this guy: https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v2_0/client.py#L3705:27
notmorganyes05:27
notmorganthe crud actions/client objects need to use KSA05:27
stevemarhttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/client.py#L5005:27
notmorgan:)05:27
* notmorgan maaaaaay be thinking about this stuff atm05:27
notmorgan^_^05:27
stevemarthats the first time i thought ksc would need an update05:28
openstackgerritMerged openstack/keystonemiddleware: Configuration is outdated  https://review.openstack.org/22054505:44
*** markvoelker has joined #openstack-keystone05:49
*** markvoelker has quit IRC05:54
*** serverascode has quit IRC06:05
*** serverascode has joined #openstack-keystone06:13
openstackgerritMerged openstack/python-keystoneclient: Seperate Client base test class  https://review.openstack.org/25823006:18
*** mfedosin has joined #openstack-keystone06:19
jamielennoxit still concerns me in that diagram how more people use nova than keystone06:20
jamielennoxso keystoneclient can be said to be done, because we don't have a CLI06:21
*** david-lyle has joined #openstack-keystone06:21
jamielennoxotherwise yea, my plan was to start emitting warnings so people came to us to migrate06:22
stevemarjamielennox: we gotta migrate over the client instances of the CRUD part no?06:23
openstackgerritMerged openstack/python-keystoneclient: Make tests run against original client and sessions  https://review.openstack.org/11708906:23
*** fangxu has quit IRC06:27
jamielennoxstevemar: i don't think we have to do anything like that, if it used to work with session it should work with ksa session06:46
notmorganjamielennox: we need to default to ksa sessio06:46
notmorgannis all06:47
jamielennox^ my previously oldest open review merged06:47
notmorganwe have the occ things mordred and i have been pushing on06:47
notmorganand as soon as the ksa stuff is default we can say KSC is done, though we should convert CLI if we don't remove it06:47
jamielennoxfirst patch:  Aug 27, 201406:47
notmorganor at least make the CLI say OMG STOP THIS NAO06:47
jamielennoxnot bad06:47
jamielennoxnotmorgan: yea, i did a new version of that spec today06:48
jamielennoxhttps://review.openstack.org/#/c/243348/06:48
jamielennoxnotmorgan, stevemar: also have a read of https://review.openstack.org/#/c/245629/06:48
jamielennoxayoung's admin_project wasn't a thing when i wrote it, but i think it'd still apply06:49
*** gildub has quit IRC06:54
stevemarjamielennox: commented on https://review.openstack.org/#/c/243348/407:18
*** _cjones_ has joined #openstack-keystone07:21
*** gildub has joined #openstack-keystone07:26
*** nfdeswqa has joined #openstack-keystone07:27
*** e0ne has joined #openstack-keystone07:36
*** chlong has quit IRC07:37
nfdeswqaHaha, wow! What a fun time I had tonight. Turns out Kylo Ren is Han and Leia's son, Ben but was seduced to the dark side. He even kills his own dad at the end.. It was really tense. Oh and Rea finds out she has jedi powers and does a mind trick on a storm trooper to escape captivity. She kicks Kylo Ren's ass with a lightsaber too! Luke Skywalker only shows up for 20 seconds at the end though07:40
nfdeswqa which is kind of lame. Oh well.07:40
*** rcernin has joined #openstack-keystone07:41
*** markvoelker has joined #openstack-keystone07:50
openstackgerritMerged openstack/keystone: Handle fernet payload timestamp differences  https://review.openstack.org/23271107:50
openstackgerritMerged openstack/keystone: Fix key_repository_signature method for python3  https://review.openstack.org/23609607:51
*** markvoelker has quit IRC07:55
*** browne has joined #openstack-keystone07:55
*** _RA has quit IRC07:58
*** fangxu has joined #openstack-keystone07:59
*** fangxu has quit IRC08:00
*** jdennis1 has joined #openstack-keystone08:00
*** jdennis has quit IRC08:01
*** jed56 has joined #openstack-keystone08:02
*** _cjones_ has quit IRC08:04
*** nfdeswqa has quit IRC08:11
stevemarbump08:20
stevemarbump08:20
stevemarbump08:20
stevemarbump08:20
stevemarbump08:20
stevemarbump08:20
stevemarbump08:21
stevemarbump08:21
stevemari will spam the channel for the good of everyone08:21
stevemar# A "shared secret" that can be used to bootstrap Keystone. This "token" does08:21
stevemar# not represent a user, and carries no explicit authorization. To disable in08:21
stevemar# production (highly recommended), remove AdminTokenAuthMiddleware from your08:21
stevemar# paste application pipelines (for example, in keystone-paste.ini). (string08:21
stevemar# value)08:21
stevemar#admin_token = ADMIN08:21
stevemar# The base public endpoint URL for Keystone that is advertised to clients08:22
stevemar# (NOTE: this does NOT affect how Keystone listens for connections). Defaults08:22
stevemar# to the base host URL of the request. E.g. a request to08:22
stevemar# http://server:5000/v3/users will default to http://server:5000. You should08:22
stevemar# only need to set this value if the base URL contains a path (e.g. /prefix/v3)08:22
stevemar# or the endpoint should be found on a different server. (string value)08:22
stevemar#public_endpoint = <None>08:22
stevemar# The base admin endpoint URL for Keystone that is advertised to clients (NOTE:08:22
stevemar# this does NOT affect how Keystone listens for connections). Defaults to the08:22
stevemar# base host URL of the request. E.g. a request to http://server:35357/v3/users08:22
stevemar# will default to http://server:35357. You should only need to set this value08:22
stevemar# if the base URL contains a path (e.g. /prefix/v3) or the endpoint should be08:22
stevemar# found on a different server. (string value)08:22
stevemar#admin_endpoint = <None>08:22
stevemar# Maximum depth of the project hierarchy. WARNING: setting it to a large value08:22
stevemar# may adversely impact performance. (integer value)08:22
stevemar#max_project_tree_depth = 508:22
stevemar# Limit the sizes of user & project ID/names. (integer value)08:22
stevemar#max_param_size = 6408:22
stevemar# Similar to max_param_size, but provides an exception for token values.08:22
stevemar# (integer value)08:22
stevemar#max_token_size = 819208:22
stevemar# Similar to the member_role_name option, this represents the default role ID08:22
stevemar# used to associate users with their default projects in the v2 API. This will08:22
stevemar# be used as the explicit role where one is not specified by the v2 API.08:22
stevemar# (string value)08:22
stevemar#member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab08:22
*** oomichi_away is now known as oomichi08:49
*** fhubik has joined #openstack-keystone08:55
*** e0ne has quit IRC09:01
bretonoh09:02
bretonstar wars spoilers above09:03
bretondo not read above stevemar's "bump"09:03
*** browne has quit IRC09:05
*** pnavarro has joined #openstack-keystone09:06
*** Nirupama has quit IRC09:15
*** e0ne has joined #openstack-keystone09:17
*** sdake has quit IRC09:18
*** mhickey has joined #openstack-keystone09:21
*** mfedosin has quit IRC09:24
*** jistr has joined #openstack-keystone09:25
*** openstackgerrit has quit IRC09:32
*** openstackgerrit has joined #openstack-keystone09:32
*** e0ne has quit IRC09:35
*** EinstCrazy has quit IRC09:40
*** alexpro has joined #openstack-keystone09:43
*** markvoelker has joined #openstack-keystone09:51
*** links has quit IRC09:54
*** markvoelker has quit IRC09:55
*** Nirupama has joined #openstack-keystone10:05
*** links has joined #openstack-keystone10:07
*** Nirupama has quit IRC10:28
*** fhubik has quit IRC10:35
*** e0ne has joined #openstack-keystone10:40
*** EinstCrazy has joined #openstack-keystone10:41
*** ekarlso has quit IRC10:51
*** ekarlso has joined #openstack-keystone10:51
*** Nirupama has joined #openstack-keystone10:52
*** dims has joined #openstack-keystone10:57
*** paul-carlton1 has joined #openstack-keystone11:00
paul-carlton1jamielennox, You around?11:00
*** lhcheng has joined #openstack-keystone11:04
*** ChanServ sets mode: +v lhcheng11:04
*** oomichi is now known as oomichi_away11:10
*** urulama has quit IRC11:15
*** urulama has joined #openstack-keystone11:16
*** oomichi_away has quit IRC11:19
*** paul-carlton1 has left #openstack-keystone11:22
*** svasheka has quit IRC11:24
*** lhinds has joined #openstack-keystone11:30
*** lhcheng has quit IRC11:35
*** Nirupama has quit IRC11:40
*** links has quit IRC11:50
*** markvoelker has joined #openstack-keystone11:51
*** gildub has quit IRC11:55
*** markvoelker has quit IRC11:56
*** fhubik has joined #openstack-keystone11:56
*** fhubik is now known as fhubik_brb11:56
*** mfedosin has joined #openstack-keystone12:02
*** fhubik_brb is now known as fhubik12:05
*** links has joined #openstack-keystone12:06
samueldmqmorning keystoners12:08
dimssamueldmq : i remember you were doing some policy related stuff, is this of any interest? https://review.openstack.org/#/c/256431/12:13
samueldmqdims: sure, but oslo.policy is only the engine, and in the case we wre to dd that, it'd be in keystone :)12:14
samueldmqdims: thanks for the heads up12:14
dimssamueldmq : oslo.policy is being moved to keystone in governance :) so its keystone's headache now12:15
*** links has quit IRC12:16
samueldmqdims: yes, we agreed on that in our last meeting, good for everyone I think :)12:16
samueldmqdims: I will leave a review there, also perhaps stevemar wants to take a look ^12:16
dimsthanks samueldmq12:22
dimsktychkova : ^^12:22
dimsktychkova : please follow up with samueldmq bknudson stevemar etc. i'd believe that we may follow the pattern set in say oslo.cache for selecting a specific backend based on configurations12:23
*** lhcheng_ has joined #openstack-keystone12:24
ktychkovadims: ok, I'll take a look12:25
samueldmqktychkova: hi12:25
ktychkovasamueldmq: hi12:25
samueldmqktychkova: so you want to consider already existing assingments in a LDAP storage for authorization within openstack12:26
ktychkovasamueldmq: yes, it is main idea, here is video https://vimeo.com/146109801 - take a look, please12:28
samueldmqktychkova: I believe this should be something that goes in the token12:28
samueldmqktychkova: i.e if we are going to do that, it should be something in keystone, which would put the info in the token, as it does today, and no services would be affected12:29
samueldmqktychkova: sure I will look12:29
samueldmqktychkova: and btw, we already support LDAP Assignment backends in keystone12:29
samueldmqktychkova: but it's deprecated and will be removed12:30
samueldmqktychkova: hmm, actually you want to support the poliy ruels via LDAP right ,12:32
samueldmq?12:32
ktychkovasamueldmq: yes, i want to replace policy.json file12:32
ktychkovasamueldmq: to store rules and permissions in ldap, not in policy.json file12:33
samueldmqktychkova: hmm, we've had a long story on this :) (cc ayoung ^)12:34
samueldmqktychkova: so today we already support users in LDAP12:34
*** lhinds has quit IRC12:34
samueldmqktychkova: we also support roles in LDAP (but deprecated and being removed)12:34
samueldmqktychkova: but we don't support permissions in LDAP12:36
samueldmqktychkova: are you aware of an effort we had to make policy files distributed from keystone to endpoints ?12:36
samueldmqktychkova: so policy changes would be made in keystone and serices would download them automatically12:37
ktychkovasamueldmq: is not dynamics policies abondend? I saw spec, but is this work still relevant?12:39
samueldmqktychkova: so, yes it is stopped12:40
ktychkovasamueldmq: my changes is about "where to store policies"12:41
samueldmqktychkova: but I could see your work on that context, where LDAP would be a backend for storing the policies, which are delivered by keystone12:41
samueldmqktychkova: without dynamic policies, if we put on keystone, we have no way to deliver it12:43
samueldmqktychkova: and if we put it on oslo, we will required every service endpoint to configure the LDAP backend12:43
samueldmqktychkova: I will leave a review, let's see wht others think about it too (cc ayoung)12:44
ktychkovasamueldmq:  yes, thanks12:44
dimssamueldmq : from last oslo meeting, we were told that dynamic policy work was shelved12:44
samueldmqdims: yes12:44
samueldmqdims: but without it I don't see a good solution for what is being proposed by ktychkova12:45
samueldmqdims: but that's my point of view, which may differ from others12:46
samueldmqktychkova: is this a usecase from your organization ? do you need/use this feature?12:46
dimssamueldmq : ktychkova has some prototype code that works just fine. (talk to backend instead of policy.hson)12:46
openstackgerritKseniya Tychkova proposed openstack/keystone-specs: Support RBAC with LDAP in oslo.policy  https://review.openstack.org/25941812:47
dimssamueldmq : not sure why we have to make it more complicated than that12:47
dimsyes, if the dynamic policy work was actually going on then we would have had a place to do a backend, but clearly it's not going to happen anytime soon12:47
openstackgerritMerged openstack/python-keystoneclient-kerberos: Drop py33 support  https://review.openstack.org/25780712:48
ktychkovasamueldmq: this feature was requested from several openstack users12:48
samueldmqdims: sure, but there are some other points like: are LDAP queries slow ? if so that'd affect the whole cloud as authz checks are ran all the time12:48
samueldmqdims: also, each service endpoint will need to configure LDAP backend right ?12:48
dimssamueldmq : those are all valid points to raise on the review under performance and implementation sections12:49
samueldmqktychkova: cool, I didn't know people stored those rules in LDAP12:49
samueldmqdims: ++12:49
samueldmqdims: ktychkova: in the case we store policy rules in LDAP, we also want to get the roles from there too, right ?12:51
*** markvoelker has joined #openstack-keystone12:52
samueldmqdims: ktychkova: and we just deprecated the role backend (https://github.com/openstack/keystone/blob/master/keystone/assignment/role_backends/ldap.py#L32-L35)12:52
ktychkovasamueldmq: ok, I'll take a look12:54
samueldmqktychkova: I am also looking at your patch, let's see what others think about it too12:56
samueldmqktychkova: (notice I am not against your work, I just making sure to ask the right questions so we make the best decision)12:57
*** markvoelker has quit IRC12:57
*** andreykurilin__ has joined #openstack-keystone12:57
ktychkovasamueldmq: you are welcome for any questions!12:58
ktychkovasamueldmq: dims: moved spec to keystone https://review.openstack.org/#/c/259418/12:58
*** fesp has joined #openstack-keystone12:59
*** fhubik is now known as fhubik_brb13:00
*** fesp has quit IRC13:03
samueldmqktychkova: oh, and I had just left a review there :) will put in the new patch13:03
samueldmqktychkova: posted comments, thanks :)13:06
*** zqfan has quit IRC13:11
*** vgridnev has joined #openstack-keystone13:12
samueldmqlooks like any core could easily +2+A https://review.openstack.org/#/c/228109/13:18
samueldmqand https://review.openstack.org/#/c/130669/13:21
samueldmq:)13:21
*** fhubik_brb is now known as fhubik13:23
*** raildo-afk is now known as raildo13:23
*** links has joined #openstack-keystone13:25
*** fhubik is now known as fhubik_brb13:26
*** gordc has joined #openstack-keystone13:27
*** fhubik_brb is now known as fhubik13:30
*** breitz has quit IRC13:33
*** breitz has joined #openstack-keystone13:34
*** fhubik has quit IRC13:42
*** boris-42_ has quit IRC13:43
*** doug-fish has joined #openstack-keystone13:47
*** e0ne has quit IRC13:48
*** e0ne has joined #openstack-keystone13:50
*** fhubik has joined #openstack-keystone13:52
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient-kerberos: Updated from global requirements  https://review.openstack.org/25166413:53
*** urulama has quit IRC13:53
*** urulama has joined #openstack-keystone13:54
*** links has quit IRC13:54
*** richm has joined #openstack-keystone13:57
*** fhubik is now known as fhubik_brb14:22
*** markvoelker has joined #openstack-keystone14:23
*** fhubik_brb is now known as fhubik14:25
*** markvoelker has quit IRC14:27
*** pnavarro has quit IRC14:33
*** dslevin has quit IRC14:36
*** dansmith is now known as superdan14:41
*** jsheeren has joined #openstack-keystone14:45
*** dslev has joined #openstack-keystone14:45
*** sdake has joined #openstack-keystone14:46
*** sdake_ has joined #openstack-keystone14:53
*** sdake has quit IRC14:53
*** simondodsley has joined #openstack-keystone14:59
*** jsheeren has quit IRC14:59
*** fhubik is now known as fhubik_brb15:03
*** fhubik_brb is now known as fhubik15:05
*** david-lyle has quit IRC15:08
*** davechen has joined #openstack-keystone15:11
*** csoukup has joined #openstack-keystone15:15
*** ninag has joined #openstack-keystone15:23
*** timcline has joined #openstack-keystone15:26
*** spotz_zzz is now known as spotz15:32
flaper87Hey folks, just wanted to say thanks for all the feedback provided in the "glance trusts" patch: https://review.openstack.org/#/c/241986/15:37
*** vgridnev has quit IRC15:37
*** dancn has quit IRC15:39
*** dancn has joined #openstack-keystone15:47
*** fhubik is now known as fhubik_brb15:48
*** lhcheng_ has quit IRC15:52
*** ctina has joined #openstack-keystone15:52
*** pumaranikar has joined #openstack-keystone15:53
*** browne has joined #openstack-keystone16:01
*** sdake_ has quit IRC16:02
*** sdake has joined #openstack-keystone16:05
*** mhickey has quit IRC16:06
*** lhcheng has joined #openstack-keystone16:08
*** ChanServ sets mode: +v lhcheng16:08
openstackgerritDave Chen proposed openstack/keystone: Add testcases to check cache invalidation  https://review.openstack.org/25878516:14
*** rcernin has quit IRC16:15
*** diazjf has joined #openstack-keystone16:20
*** markvoelker has joined #openstack-keystone16:24
*** fhubik_brb is now known as fhubik16:26
*** markvoelker has quit IRC16:28
*** timcline has quit IRC16:30
*** timcline has joined #openstack-keystone16:30
*** timcline_ has joined #openstack-keystone16:31
*** andreykurilin__ has quit IRC16:32
*** timcline has quit IRC16:35
*** dims_ has joined #openstack-keystone16:37
*** sdake has quit IRC16:38
*** sdake has joined #openstack-keystone16:39
*** dims has quit IRC16:39
*** petertr7_away is now known as petertr716:42
*** andreykurilin__ has joined #openstack-keystone16:45
*** fhubik has quit IRC16:45
*** sdake has quit IRC16:46
*** sdake has joined #openstack-keystone16:47
*** jistr has quit IRC16:49
*** ctina has quit IRC16:49
*** petertr7 is now known as petertr7_away16:52
*** pumaranikar has quit IRC16:56
*** pumaranikar has joined #openstack-keystone16:56
*** mfedosin has quit IRC16:57
*** jorge_munoz has quit IRC16:58
*** davechen has quit IRC17:00
*** pumaranikar has quit IRC17:00
*** pumaranikar has joined #openstack-keystone17:01
*** davechen has joined #openstack-keystone17:01
*** pwp has joined #openstack-keystone17:02
*** gyee has joined #openstack-keystone17:06
*** ChanServ sets mode: +v gyee17:06
*** arunkant has quit IRC17:06
*** e0ne has quit IRC17:13
*** sdake has quit IRC17:19
*** _cjones_ has joined #openstack-keystone17:20
*** arunkant has joined #openstack-keystone17:23
*** markvoelker has joined #openstack-keystone17:24
*** pwp has quit IRC17:28
*** _cjones_ has quit IRC17:29
*** markvoelker has quit IRC17:29
*** pwp has joined #openstack-keystone17:29
*** sdake has joined #openstack-keystone17:30
openstackgerritHaneef Ali proposed openstack/keystone: Keystone returns internal server error if the the user doesn't send any token. This happens only for fernet token. This review returns 401 for fernet provider similar to other providers  https://review.openstack.org/25956317:35
*** simondodsley has quit IRC17:38
*** _cjones_ has joined #openstack-keystone17:40
*** sdake has quit IRC17:40
*** pwp has quit IRC17:44
openstackgerritFernando Diaz proposed openstack/keystone: Opt-out certain Keystone Notifications  https://review.openstack.org/25378017:51
*** david-lyle has joined #openstack-keystone17:54
bretonhas anybody ever set keystone with mod-shib in HA configuration?17:56
bretonhaneef_:17:56
bretonmarekd:17:56
*** david-lyle has quit IRC17:59
*** e0ne has joined #openstack-keystone18:00
*** david-lyle has joined #openstack-keystone18:00
*** _cjones_ has quit IRC18:02
*** rcernin has joined #openstack-keystone18:06
*** gordc has quit IRC18:06
*** urulama has quit IRC18:09
*** urulama has joined #openstack-keystone18:10
*** fhubik has joined #openstack-keystone18:12
*** fhubik has quit IRC18:14
*** fhubik has joined #openstack-keystone18:15
*** browne has quit IRC18:19
*** e0ne has quit IRC18:22
*** _cjones_ has joined #openstack-keystone18:24
*** spotz is now known as spotz_zzz18:26
*** _cjones_ has quit IRC18:26
*** _cjones_ has joined #openstack-keystone18:27
*** dancn has quit IRC18:28
*** gordc has joined #openstack-keystone18:30
*** e0ne has joined #openstack-keystone18:31
*** sdake has joined #openstack-keystone18:34
*** rcernin has quit IRC18:36
*** dancn has joined #openstack-keystone18:37
*** e0ne has quit IRC18:42
*** pwp has joined #openstack-keystone18:44
*** andreykurilin__ has quit IRC18:52
*** urulama has quit IRC18:54
*** urulama has joined #openstack-keystone18:54
marekdbreton: shibboleth has some options for using db for storing cookies. Then first call can be executed with machine A and another with machine B where state will be shared on both machines.18:54
marekdbreton: i think this is the main concern18:55
openstackgerritHaneef Ali proposed openstack/keystone: Keystone returns internal server error if the the user doesn't send any token. This happens only for fernet token. This review returns 401 for fernet provider similar to other providers  https://review.openstack.org/25956318:56
*** aix has quit IRC18:56
*** fhubik has quit IRC18:59
*** diazjf has quit IRC19:04
*** jbell8 has joined #openstack-keystone19:06
davechenanyone kown the background for this CI (gate-tempest-dsvm-keystone-eventlet-fullNOT_REGISTERED)?19:06
*** _cjones_ has quit IRC19:08
bretonmarekd: yep19:09
bretonbut I fixed it with sticky sessions in haproxy19:10
lhchengdavechen: some ci related changes occurred and it hit a node where the change haven't propagated yet.19:11
marekdbreton: that's also an option19:17
*** openstackgerrit has quit IRC19:17
*** openstackgerrit has joined #openstack-keystone19:17
davechenlhcheng: good to know, which project / team focus on ci related changes?19:18
lhchengdavechen: check in the infra room, I hit the NOT_REGISTERED issue when I just added reno job in horizon. Recheck did the trick for me.19:20
davechenlhcheng: look like recheck didn't work, hope not all of infra team are in holiday mode.19:23
*** markvoelker has joined #openstack-keystone19:25
*** lhcheng has quit IRC19:28
*** markvoelker has quit IRC19:30
*** browne has joined #openstack-keystone19:38
*** aix has joined #openstack-keystone19:38
*** e0ne has joined #openstack-keystone19:39
*** e0ne has quit IRC19:42
*** vgridnev has joined #openstack-keystone19:44
*** diazjf has joined #openstack-keystone19:49
*** aginwala has joined #openstack-keystone19:49
*** aginwala has quit IRC19:55
*** pwp has quit IRC19:58
*** sdake_ has joined #openstack-keystone20:00
*** pwp has joined #openstack-keystone20:00
*** sdake has quit IRC20:00
*** jsavak has joined #openstack-keystone20:02
*** petertr7_away is now known as petertr720:02
*** mhickey has joined #openstack-keystone20:02
*** aginwala has joined #openstack-keystone20:10
*** superdan has quit IRC20:12
*** dansmith has joined #openstack-keystone20:12
*** aginwala has quit IRC20:13
*** aginwala has joined #openstack-keystone20:13
*** jsavak has quit IRC20:20
*** jamielennox is now known as jamielennox|away20:21
*** aginwala has quit IRC20:31
*** gordc has quit IRC20:38
openstackgerritFernando Diaz proposed openstack/keystone: Opt-out certain Keystone Notifications  https://review.openstack.org/25378020:39
*** e0ne has joined #openstack-keystone20:40
*** raildo is now known as raildo-afk20:44
*** petertr7 is now known as petertr7_away20:48
*** jidar has joined #openstack-keystone20:49
*** e0ne has quit IRC20:53
*** petertr7_away is now known as petertr720:56
*** aginwala has joined #openstack-keystone20:58
*** aginwala has quit IRC20:58
*** gyee has quit IRC21:01
*** jbell8 has quit IRC21:06
jidarhey guys, I'm trying to understand why I would get an auth required error when pulling down the project/tenant list from horizon21:06
jidar(and everything else seems to function fine)21:06
*** pwp has quit IRC21:08
*** aginwala has joined #openstack-keystone21:09
*** aginwala has quit IRC21:10
*** pwp has joined #openstack-keystone21:10
*** sdake_ is now known as sdake21:13
openstackgerritDave Chen proposed openstack/keystone: Add testcases to check the invalid endpoints is removed  https://review.openstack.org/25962721:14
*** mfedosin has joined #openstack-keystone21:17
*** aginwala has joined #openstack-keystone21:24
*** mhickey has quit IRC21:25
*** markvoelker has joined #openstack-keystone21:26
*** pumaranikar has quit IRC21:30
*** markvoelker has quit IRC21:31
*** gyee has joined #openstack-keystone21:32
*** ChanServ sets mode: +v gyee21:32
*** timcline_ has quit IRC21:35
*** ninag_ has joined #openstack-keystone21:35
*** ninag has quit IRC21:37
*** ninag_ has quit IRC21:38
*** sdake has quit IRC21:40
*** petertr7 is now known as petertr7_away21:46
stevemardavechen: where are you seeing that21:50
stevemar?21:50
stevemaroh i see it here: https://review.openstack.org/#/c/259563/21:51
stevemardavechen: we added this change recently: https://review.openstack.org/#/c/257999/21:52
davechenstevemar: oh, thanks boss :)21:52
stevemardavechen: np21:52
stevemardavechen: we are trying to create 3 different jobs... the main one being apache based21:53
stevemarthe other 2 are: eventlet based and then uwsgi based21:53
davecheni didn't aware we are enabling uwsgi.21:53
stevemarwe're trying it out21:54
davechenstevemar: yes, this is something i will learn in this weekend.21:54
stevemardavechen: some folks want to run nginx and uwsgi21:54
stevemarinstead of apache and mod_wsgi21:54
*** pwp has quit IRC21:54
davechenstevemar: what's the best advantage of uwsgi?21:55
*** sdake has joined #openstack-keystone21:55
davecheni will do some research anyway21:55
davechenneed run with our team mates, thanks for all of those information.21:56
davechenstevemar: happy holiday!21:56
stevemardavechen: you too! have fun this weekend :)21:56
*** davechen has left #openstack-keystone21:56
*** pwp has joined #openstack-keystone22:01
*** pwp has quit IRC22:03
*** sdake has quit IRC22:03
*** aginwala has quit IRC22:03
*** aginwala has joined #openstack-keystone22:05
*** gyee has quit IRC22:06
*** petertr7_away is now known as petertr722:10
*** alex_xu has quit IRC22:11
*** pwp has joined #openstack-keystone22:12
*** alex_xu has joined #openstack-keystone22:13
*** pwp has quit IRC22:20
*** petertr7 is now known as petertr7_away22:21
*** vgridnev has quit IRC22:25
*** pwp has joined #openstack-keystone22:27
*** pwp has quit IRC22:27
*** alex_xu has quit IRC22:34
*** alex_xu has joined #openstack-keystone22:36
*** aginwala has quit IRC22:36
openstackgerritHaneef Ali proposed openstack/keystone: Keystone returns internal server error if the the user doesn't send any token. This happens only for fernet token. This review returns 401 for fernet provider similar to other providers  https://review.openstack.org/25956322:36
*** aginwala has joined #openstack-keystone22:38
*** aginwala has quit IRC22:39
*** aginwala has joined #openstack-keystone22:47
*** aginwala_ has joined #openstack-keystone22:49
*** aginwala has quit IRC22:49
*** rcernin has joined #openstack-keystone22:52
*** urulama has quit IRC23:02
*** urulama has joined #openstack-keystone23:02
*** rcernin has quit IRC23:08
*** markvoelker has joined #openstack-keystone23:12
*** aginwala_ has quit IRC23:12
*** diazjf has quit IRC23:13
*** jbell8 has joined #openstack-keystone23:15
*** jbell8 has quit IRC23:16
*** markvoelker has quit IRC23:17
jidarcan anyone tell me why the openstack client trys to connect to my AdminURL when asking for a project list?23:21
*** mfedosin has quit IRC23:26
*** alex_xu has quit IRC23:30
*** alex_xu has joined #openstack-keystone23:31
notmorganstevemar: sooooo23:34
notmorganstevemar, ayoung: have a cloud up and running with 2 things missing for "completeness"23:34
notmorganstevemar, ayoung: no floating IPs yet and second no console23:35
ayoungconsole meaning websockify?23:35
*** aginwala has joined #openstack-keystone23:35
notmorganayoung: yeah23:35
notmorganayoung: i actually had it working but needed to tear down the proxys23:35
ayoungnotmorgan, can you get away without doing floating ips?23:35
notmorgannot in my POC23:35
ayoungjust use public, and focus on IPv56?23:35
notmorgansince it's on another openstack cloud23:35
ayoungah23:35
notmorganif it was an actual allocated/routable set of addresses it'd be easier23:36
notmorgani mean... i could *probably* do some hackery to make it work but floating ips will suffice for this POC23:36
notmorganayoung: since i can allocated IPs to myself and then create specific networks for each and then just allow the neutron to config them for the instances... but that seems like a lot of extra work to show sub-url works23:37
notmorganand it's *nice*23:37
ayoungnotmorgan, very nice23:38
notmorgannext step is run shade functional tests against it23:38
notmorganthen document the **** out of it and do a write up23:38
notmorganthere are 3 rather serious bugs to address but the list has gotten smaller23:39
* notmorgan also feels accomplished having hand-configured an entire openstack cloud23:39
notmorganfull multi-node23:39
*** csoukup has quit IRC23:43
*** dims has joined #openstack-keystone23:46
*** dims_ has quit IRC23:48
*** sdake has joined #openstack-keystone23:53
*** dims has quit IRC23:57
« Thursday, 2015-12-17 Index Saturday, 2015-12-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!