Tuesday, 2016-01-05

« Monday, 2016-01-04 Index Wednesday, 2016-01-06 »
openstackgerritBrant Knudson proposed openstack/keystone: Remove the default driver logic for resource and assignment  https://review.openstack.org/26347000:03
*** jrist has joined #openstack-keystone00:04
*** gordc has quit IRC00:10
openstackgerritBrant Knudson proposed openstack/keystone: Remove the default driver logic for resource and assignment  https://review.openstack.org/26347000:18
*** browne has quit IRC00:24
*** thetrav has joined #openstack-keystone00:26
*** jasonsb has joined #openstack-keystone00:28
*** dims has joined #openstack-keystone00:33
openstackgerritguang-yee proposed openstack/keystone: wsgi: fix base_url finding  https://review.openstack.org/22646400:34
*** dims_ has quit IRC00:34
*** lhcheng_ has quit IRC00:35
openstackgerritBrant Knudson proposed openstack/keystone: Remove the default driver logic for resource and assignment  https://review.openstack.org/26347000:43
*** spandhe has joined #openstack-keystone00:45
*** richm has quit IRC00:59
*** browne has joined #openstack-keystone01:08
*** zqfan has joined #openstack-keystone01:09
*** _zouyee has joined #openstack-keystone01:10
*** fawadkhaliq has quit IRC01:18
*** shaleh has quit IRC01:23
*** _cjones_ has quit IRC01:24
openstackgerritzhangguoqing proposed openstack/keystone: Change LOG.warn to LOG.warning  https://review.openstack.org/26311301:27
*** _zouyee has quit IRC01:30
*** dave-mccowan has quit IRC01:48
*** fawadkhaliq has joined #openstack-keystone02:00
*** davechen has joined #openstack-keystone02:00
*** diazjf has joined #openstack-keystone02:03
*** _zouyee has joined #openstack-keystone02:22
*** dims has quit IRC02:25
davechenstevemar: we need to make the decision - https://review.openstack.org/#/c/261205/ vs. https://review.openstack.org/#/c/262364/.02:25
davechenstevemar: each one got a sponsor. :)02:26
*** henrynash has joined #openstack-keystone02:28
*** ChanServ sets mode: +v henrynash02:28
*** spandhe has quit IRC02:29
*** dims has joined #openstack-keystone02:46
*** Nirupama has joined #openstack-keystone03:02
*** diazjf has quit IRC03:05
*** diazjf has joined #openstack-keystone03:12
*** diazjf has quit IRC03:13
*** dims has quit IRC03:14
*** topol has joined #openstack-keystone03:31
*** ChanServ sets mode: +v topol03:31
*** ccard__ has joined #openstack-keystone03:31
*** ccard_ has quit IRC03:35
*** topol has quit IRC03:35
openstackgerrithenry-nash proposed openstack/keystone: Modify rules for domain specific role assignments  https://review.openstack.org/26354903:39
stevemardavechen: i'm in favor of pushing the fix through :)03:40
*** EinstCrazy has joined #openstack-keystone03:44
*** david-lyle_ has joined #openstack-keystone03:49
*** links has joined #openstack-keystone03:52
davechenstevemar: i'd like to see you to push it through. :-D03:55
openstackgerritDave Chen proposed openstack/keystone: Add schema for federation protocol  https://review.openstack.org/26316103:55
*** browne1 has joined #openstack-keystone04:08
*** browne has quit IRC04:10
*** magesh has joined #openstack-keystone04:18
*** fangxu has quit IRC04:23
*** magesh has quit IRC04:29
stevemarbknudson_: i'm not clear on what you are asking about regarding deprecation here: https://review.openstack.org/#/c/263470/04:48
stevemarthe method "default_resource_driver" and similar?04:48
*** fawadkhaliq has quit IRC04:54
*** fawadkhaliq has joined #openstack-keystone04:55
*** spandhe has joined #openstack-keystone05:01
*** PsionTheory has quit IRC05:03
*** spandhe_ has joined #openstack-keystone05:08
*** david-lyle_ has quit IRC05:09
*** spandhe has quit IRC05:10
*** spandhe_ is now known as spandhe05:10
openstackgerritDave Chen proposed openstack/keystone: Remove redundant check after enforcing schema validation  https://review.openstack.org/26276805:13
openstackgerritSteve Martinelli proposed openstack/keystone: WIP - remove ldap backends for assignment and resource  https://review.openstack.org/26355905:15
*** Nirupama has quit IRC05:16
*** _cjones_ has joined #openstack-keystone05:26
*** jaosorior has joined #openstack-keystone05:37
openstackgerritMerged openstack/keystone: Test: make enforce_type=True in CONF.set_override  https://review.openstack.org/26303105:39
*** ChanServ changes topic to ""In Vino Veritas" | Mitaka 2 soon! (check schedule) - see blueprints and bugs at: https://launchpad.net/keystone/+milestone/mitaka-2"05:40
notmorganstevemar: convince topol to get a bouncer05:44
*** gyee has quit IRC06:01
*** jaosorior has quit IRC06:05
*** jaosorior has joined #openstack-keystone06:26
*** spandhe has quit IRC06:33
*** fangxu has joined #openstack-keystone06:36
*** spandhe has joined #openstack-keystone06:36
*** Nirupama has joined #openstack-keystone06:37
*** Magesh has joined #openstack-keystone06:42
MageshHi06:42
MageshDuring keystone configuration i am getting error06:43
Mageshi runed below command06:43
Mageshsu -s /bin/sh -c "keystone-manage db_sync" keystone06:43
Mageshgetting below error06:44
MageshNo handlers could be found for logger "oslo_config.cfg"06:44
*** shoutm has quit IRC06:45
Mageshplease me06:46
openstackgerrithenry-nash proposed openstack/keystone: Modify rules for domain specific role assignments  https://review.openstack.org/26354906:48
openstackgerritlei zhang proposed openstack/keystone: Define paste entrypoints  https://review.openstack.org/26315506:51
notmorganMagesh: that's a  new one06:53
notmorganMagesh: what version of openstack (kilo? Liberty? master?)06:53
notmorganalso the logger error should be a non-issue.06:53
notmorganbut you should have more output06:53
Mageshhi06:54
MageshLiberty06:54
notmorganok06:54
notmorganhm.06:54
Mageshthis output only i am getting06:55
MageshNo handlers could be found for logger "oslo_config.cfg"06:55
*** urulama has left #openstack-keystone06:55
notmorganso if you run keystone-manage db_versioin06:55
notmorganwhat do you get?06:55
notmorganthe logging error should be a non-issue06:55
notmorganand somethingyou vcould avoid06:55
notmorgans/avoid/ignore06:55
*** EinstCrazy has quit IRC06:56
*** EinstCrazy has joined #openstack-keystone06:56
*** EinstCrazy has quit IRC06:56
*** thetrav has quit IRC06:56
Magesh[root@controller ~]# keystone-manage db_version No handlers could be found for logger "oslo_config.cfg" 7506:56
notmorganthat should be fine06:57
notmorganignore the "no handlers bit"06:57
notmorganversion 75 is fine06:57
notmorgani think06:57
* notmorgan 2xchecks liberty06:58
notmorganMagesh: yeah that is a non-issue06:58
notmorgan75 is correct version for liberty06:58
notmorganthe 'No handlers could be found for logger "oslo_config.cfg"' is erroneous06:59
Mageshshall i proceed next steps06:59
notmorganyep06:59
notmorganyou should be ok06:59
MageshThank you07:00
notmorgannp07:00
openstackgerritYatin Kumbhare proposed openstack/python-keystoneclient: Fix for the deprecated library function  https://review.openstack.org/26359407:02
*** _cjones_ has quit IRC07:17
*** oomichi has quit IRC07:24
*** belmoreira has joined #openstack-keystone07:30
*** e0ne has joined #openstack-keystone07:43
*** martinus__ has joined #openstack-keystone07:47
davechenmarekd: thanks you for the review!07:50
marekddavechen: no problem. i am getting back to the business.07:51
marekdstarting from tomorrow :P07:51
davechenmarekd: great to hear that.07:52
davechenmarked: looks like it's a long vacation. :)07:53
*** browne1 has quit IRC08:18
*** spandhe has quit IRC08:26
*** fhubik has joined #openstack-keystone08:37
*** tobe has joined #openstack-keystone08:41
*** tobe has quit IRC08:41
*** fhubik is now known as fhubik_brb08:44
*** jsheeren has joined #openstack-keystone08:45
*** lhcheng has joined #openstack-keystone08:48
*** ChanServ sets mode: +v lhcheng08:48
*** fawadkhaliq has quit IRC08:56
*** yangyape_ has joined #openstack-keystone08:56
*** fawadkhaliq has joined #openstack-keystone08:59
*** Magesh has quit IRC09:04
*** thiagop has quit IRC09:09
*** iurygregory has quit IRC09:09
*** fhubik_brb is now known as fhubik09:16
openstackgerritzhangguoqing proposed openstack/keystone: Change LOG.warn to LOG.warning  https://review.openstack.org/26311309:17
*** jistr has joined #openstack-keystone09:21
openstackgerritRavi Shekhar Jethani proposed openstack/keystone: Do not use __builtin__ in python3  https://review.openstack.org/26277309:31
*** fhubik is now known as fhubik_brb09:42
*** jaosorior has quit IRC09:44
*** jaosorior has joined #openstack-keystone09:44
*** davechen has left #openstack-keystone09:47
*** jaosorior has quit IRC09:56
*** jaosorior has joined #openstack-keystone09:56
*** fhubik_brb is now known as fhubik09:56
openstackgerritAnkit Agrawal proposed openstack/keystone: Fix users in group and groups for user exact filters  https://review.openstack.org/26315809:56
*** mhickey has joined #openstack-keystone09:58
*** lhcheng has quit IRC10:00
*** yangyape_ has quit IRC10:02
*** boris-42 has quit IRC10:03
*** fhubik is now known as fhubik_brb10:31
*** fhubik_brb is now known as fhubik10:44
*** dims has joined #openstack-keystone10:47
*** jsheeren has quit IRC10:58
*** DeliangFan has joined #openstack-keystone11:12
DeliangFanHi, I meet some questions about federation.  Does a keystone service provider support both OpenID and SAML protocol? If it does, how should I configure the keystone and apache plugin?11:18
DeliangFanThank you very much!11:18
*** fhubik is now known as fhubik_brb11:22
*** aix has quit IRC11:25
openstackgerritMerged openstack/keystone: Fix the incompatible issue in response header  https://review.openstack.org/26120511:25
*** daemontool has joined #openstack-keystone11:35
*** ericksonsantos has joined #openstack-keystone11:43
*** bradjones has joined #openstack-keystone11:44
*** bradjones has quit IRC11:44
*** bradjones has joined #openstack-keystone11:44
*** ccard has quit IRC12:11
*** mhickey has quit IRC12:12
*** mhickey has joined #openstack-keystone12:13
*** fhubik_brb is now known as fhubik12:13
*** mhickey has quit IRC12:15
*** fawadkhaliq has quit IRC12:15
*** mhickey has joined #openstack-keystone12:15
*** fawadkhaliq has joined #openstack-keystone12:16
*** pauloewerton has joined #openstack-keystone12:18
*** iurygregory has joined #openstack-keystone12:19
*** mhickey is now known as mhickey_12:20
*** fhubik has quit IRC12:21
*** mhickey_ has quit IRC12:23
*** mhickey has joined #openstack-keystone12:24
*** belmoreira has quit IRC12:42
*** raildo-afk is now known as raildo12:47
*** fawadkhaliq has quit IRC12:47
*** fawadkhaliq has joined #openstack-keystone12:48
*** fangxu has quit IRC12:54
*** fangxu has joined #openstack-keystone12:55
*** links has quit IRC13:10
*** gordc has joined #openstack-keystone13:12
*** aix has joined #openstack-keystone13:14
*** edmondsw has joined #openstack-keystone13:27
*** topol has joined #openstack-keystone13:42
*** ChanServ sets mode: +v topol13:42
*** dslevin has quit IRC13:45
openstackgerritMerged openstack/keystone: Add schema for identity provider  https://review.openstack.org/26266313:48
*** topol has quit IRC13:49
*** iurygregory has quit IRC13:55
openstackgerritMerged openstack/keystone: Add schema for federation protocol  https://review.openstack.org/26316113:55
*** DeliangFan has quit IRC13:57
*** _zouyee has quit IRC13:58
*** dslev has joined #openstack-keystone14:02
*** fawadkhaliq has quit IRC14:04
*** Nirupama has quit IRC14:08
*** petertr7_away is now known as petertr714:13
dolphmdstanek: you will be happy to learn that the next version of gerrit (not what we have deployed) supports "commentby:self" to find reviews where you've previously commented14:15
lbragstaddolphm do you happen to know what davechen is referencing here - in his comment about https://review.openstack.org/#/c/215212/14/keystone/contrib/endpoint_filter/core.py on https://review.openstack.org/#/c/215715/14 ?14:17
dolphmlbragstad: yes...14:19
*** woodster_ has joined #openstack-keystone14:19
*** ericksonsantos has quit IRC14:22
dolphmlbragstad: see ayoung's comment in 215212? "remove_endpoint_to_project" should have been "remove_endpoint_from_project". that mistake wasn't caught by automated testing, which is what he's saying he wants to add in 215715. he wants to avoid that same type of mistake again.14:23
dolphmlbragstad: tl;dr i broke endpoint filtering when caching was enabled (the cache wasn't properly utilized) because i overrode the wrong method. davechen learned from my mistake :P14:24
*** links has joined #openstack-keystone14:24
*** jsavak has joined #openstack-keystone14:25
lbragstaddolphm ah, ok14:27
lbragstadlooks like someone went in and fixed that14:27
dolphmlbragstad: yes14:27
dolphmlbragstad: might have been davechen?14:27
*** jsavak has quit IRC14:33
*** iurygregory has joined #openstack-keystone14:33
*** jsavak has joined #openstack-keystone14:34
*** _zouyee has joined #openstack-keystone14:43
bknudson_stevemar: we never deprecated using the default driver for the backends.14:46
*** links has quit IRC14:49
openstackgerritPaulo Ewerton Gomes Fragoso proposed openstack/keystone: Add backend support for deleting a projects list  https://review.openstack.org/24591614:53
*** richm has joined #openstack-keystone14:54
*** slberger has joined #openstack-keystone14:54
*** jsavak has quit IRC15:00
openstackgerritDave Chen proposed openstack/keystone: Remove useless entrypoints  https://review.openstack.org/26375615:01
*** jsavak has joined #openstack-keystone15:01
*** sigmavirus24_awa is now known as sigmavirus2415:02
*** jsavak has quit IRC15:06
*** slberger has left #openstack-keystone15:06
*** fawadkhaliq has joined #openstack-keystone15:07
*** slberger has joined #openstack-keystone15:08
*** breitz has quit IRC15:12
*** breitz has joined #openstack-keystone15:12
*** timcline has joined #openstack-keystone15:19
*** jsavak has joined #openstack-keystone15:23
openstackgerritBrant Knudson proposed openstack/keystone: Revert "Test: make enforce_type=True in CONF.set_override"  https://review.openstack.org/26376715:23
*** breitz has quit IRC15:29
*** topol has joined #openstack-keystone15:29
*** ChanServ sets mode: +v topol15:29
*** topol has quit IRC15:29
*** breitz has joined #openstack-keystone15:30
*** jsavak has quit IRC15:31
*** jsavak has joined #openstack-keystone15:32
*** dslev has quit IRC15:35
*** ayoung has quit IRC15:41
*** csoukup has joined #openstack-keystone15:49
*** petertr7 is now known as petertr7_away15:51
*** dslevin has joined #openstack-keystone15:54
*** aix has quit IRC15:55
*** petertr7_away is now known as petertr715:58
*** dslevin has quit IRC16:06
*** tonytan4ever has joined #openstack-keystone16:09
*** topol has joined #openstack-keystone16:12
*** ChanServ sets mode: +v topol16:12
*** dave-mccowan has joined #openstack-keystone16:15
*** _zouyee has quit IRC16:15
*** dslev has joined #openstack-keystone16:17
*** diazjf has joined #openstack-keystone16:21
*** jbell8 has joined #openstack-keystone16:24
*** zeus has quit IRC16:24
*** PsionTheory has joined #openstack-keystone16:25
openstackgerritwerner mendizabal proposed openstack/keystone-specs: Multifactor Authentication  https://review.openstack.org/13037616:26
*** woodster_ has quit IRC16:26
*** vgridnev has joined #openstack-keystone16:27
*** zeus has joined #openstack-keystone16:29
*** zeus is now known as Guest5433216:30
*** vgridnev_ has joined #openstack-keystone16:32
openstackgerritLance Bragstad proposed openstack/keystone: Add caching to role assignments  https://review.openstack.org/21571516:32
*** vgridnev has quit IRC16:32
*** ayoung has joined #openstack-keystone16:35
*** ChanServ sets mode: +v ayoung16:35
*** phalmos has joined #openstack-keystone16:42
openstackgerritTom Cocozzello proposed openstack/keystone: List assignments with names  https://review.openstack.org/24995816:42
*** aix has joined #openstack-keystone16:43
openstackgerritYatin Kumbhare proposed openstack/python-keystoneclient: Fix for the deprecated library function  https://review.openstack.org/26359416:47
*** _cjones_ has joined #openstack-keystone16:53
*** ericksonsantos has joined #openstack-keystone16:55
*** diazjf has quit IRC16:56
*** ninag has joined #openstack-keystone16:58
*** browne has joined #openstack-keystone16:59
*** diazjf has joined #openstack-keystone16:59
*** Guest54332 is now known as zeus17:01
*** zeus has quit IRC17:01
*** zeus has joined #openstack-keystone17:01
*** ayoung has quit IRC17:03
*** rderose has joined #openstack-keystone17:06
*** gyee has joined #openstack-keystone17:08
*** ChanServ sets mode: +v gyee17:08
*** mhickey has quit IRC17:10
*** e0ne has quit IRC17:11
*** jsavak has quit IRC17:11
*** jsavak has joined #openstack-keystone17:12
*** shaleh has joined #openstack-keystone17:17
*** jistr has quit IRC17:19
*** petertr7 is now known as petertr7_away17:23
*** vgridnev_ has quit IRC17:24
*** fawadkhaliq has quit IRC17:25
*** spandhe has joined #openstack-keystone17:27
*** dims has quit IRC17:29
*** petertr7_away is now known as petertr717:29
openstackgerritYatin Kumbhare proposed openstack/python-keystoneclient: Fix for the deprecated library function  https://review.openstack.org/26359417:30
*** spandhe has quit IRC17:32
*** haneef_ has quit IRC17:33
*** lhcheng has joined #openstack-keystone17:33
*** ChanServ sets mode: +v lhcheng17:33
stevemarbknudson_: why revert https://review.openstack.org/#/c/263767/ ?17:34
openstackgerritTom Cocozzello proposed openstack/keystone: List assignments with names  https://review.openstack.org/24995817:36
*** dims has joined #openstack-keystone17:36
bknudson_stevemar: why was it merged? the commit message says it's a test.17:37
*** aix has quit IRC17:38
*** jaosorior has quit IRC17:44
*** fawadkhaliq has joined #openstack-keystone17:44
*** jaosorior has joined #openstack-keystone17:44
*** haneef has joined #openstack-keystone17:44
*** jaosorior has quit IRC17:45
*** jaosorior has joined #openstack-keystone17:45
samueldmqyeah, finally finished my reservations for the midcycle o/17:46
shalehsamueldmq: it was a struggle for us yesterday. The booking system kept failing.17:47
stevemarbknudson_: i think the author meant that the code only affects tests17:49
bknudson_stevemar: oh... weird way to word the commit message17:50
samueldmqshaleh: about the same here, long time to book (7 hours ?) and bad UX to find good and cheap) flights17:50
samueldmqshaleh: still worst from where I am (Brazil) at this point, lots of people travelling17:50
samueldmqshaleh: but yeah, I got it :)17:51
shalehsamueldmq: why is it a busy travel time?17:51
samueldmqshaleh: school vacancies ? lots of people travelling to the US17:51
shalehsamueldmq: ah. Classes are back in session then here in the States.17:52
*** phalmos has quit IRC17:53
shalehsamueldmq: for Guang and me the corp booking site would timeout and drrrraaagggg on forever. I ended up calling the agency when it half booked me for a flight + hotel.17:53
samueldmqshaleh: yeah sometimes much easier17:54
samueldmqshaleh: where are you based at the US ?17:54
shalehSilicon Valley, near San Francisco and Oakland.17:54
samueldmqstevemar: weird you don't have any privileged mode in this channel17:55
*** ChanServ sets mode: +o stevemar17:56
samueldmqshaleh: cool, for me the worst part is that I will go to Sao Paulo (2k kilometers towards the south), then back (more 2k) to then go to US17:56
stevemarsamueldmq: there we go17:57
dstanekMeeting today?17:57
samueldmqstevemar: I was hesitating to talk to that stevemar :)17:58
shalehsamueldmq: yeah, plane routing can be fun. My wife's home town does not have direct flights. You always end up taking a short hour or so flight after the longer cross country jump.17:58
stevemarsamueldmq: i wouldn't have trusted him either17:58
stevemardstanek: yep17:58
samueldmqdstanek: good question :) and hey o/17:58
samueldmqstevemar: :-)17:58
dstanekTechnically today is my last vacation day, but i thought I'd join the meeting17:59
samueldmqshaleh: hey I know that feeling :-)17:59
stevemarcourtesy ping for ajayaa, amakarov, ayoung, breton, browne, davechen, david8hu, dolphm, dstanek, ericksonsantos, geoffarnold, gyee, henrynash, hogepodge, htruta, jamielennox, joesavak, lbragstad, lhcheng, marekd, morganfainberg, nkinder, raildo, rodrigods, roxanaghe, samueldmq, shaleh, stevemar, tsymanczyk, topol, vivekd, wanghong, claudiub, rderose, samleon, xek, MaxPC, tjcocozz  head on over to -meeting18:00
hogepodgeo/18:00
*** lhcheng_ has joined #openstack-keystone18:03
*** e0ne has joined #openstack-keystone18:05
*** lhcheng has quit IRC18:06
*** dprince has joined #openstack-keystone18:10
*** fangxu has quit IRC18:10
dprincejamielennox: hi, quick question on keystone defaults. Should we set our auth_uri to /v3? or just go versionless? https://review.openstack.org/#/c/248500/18:11
*** tonytan4ever has quit IRC18:11
*** rderose has quit IRC18:15
jamielennoxdprince: versionless should work, it'd really depend on where all those values are going in the puppet manifests (and i'm not sure)18:17
*** rderose has joined #openstack-keystone18:19
dprincejamielennox: mostly it gets used directly in the keystone_authtoken sections for the auth_uri settings18:19
dprincejamielennox: will go with versionless then which should prefer v3 now right?18:20
jamielennoxdprince: the recommended at the moment is to set auth_type=password and use versionless18:20
jamielennoxi know the puppet team was working on that but i don't know how far they got18:21
dprincejamielennox: cool, yeah we still have v2 hard coded in many places18:21
jamielennoxdprince: i'd love to remove that, there's nothing i know of that still won't work with v218:22
jamielennoxah, still wont work with v318:22
*** tonytan4ever has joined #openstack-keystone18:24
odyssey4mejamielennox dprince if you're still using ceilometer/aodh, then v3 doesn't work all the way yet for Liberty and below... :(18:26
*** dslev has quit IRC18:26
dprinceodyssey4me: okay, good to know18:27
jamielennoxodyssey4me: really? that's a shame, i didn't know ceilometer used keystone directly at all18:27
dprinceyeah, I think we have an issue w/ v3 in TripleO related to the Ironic inspector too. I need to look more closely at it as well18:27
odyssey4mejamielennox https://review.openstack.org/237537 is in ceilometer master, so it'll be in Mitaka - but the team won't backport it to Liberty (I tried)18:28
odyssey4meAodh has https://review.openstack.org/250218 in review to get v3 API support18:29
jamielennoxi'll have a look at those18:31
*** timcline has quit IRC18:33
odyssey4medprince if you're interested, we have full v3 configs for nova, cinder, glance, heat, horizon, neutron, swift set out in our liberty branch in the role templates: https://github.com/openstack/openstack-ansible/tree/liberty/playbooks/roles - feel free to use them as a reference :)18:33
*** spandhe has joined #openstack-keystone18:36
*** dslev has joined #openstack-keystone18:36
*** jsavak has quit IRC18:39
*** fangxu has joined #openstack-keystone18:40
*** fawadkhaliq has quit IRC18:40
*** jaosorior has quit IRC18:43
*** ayoung has joined #openstack-keystone18:47
*** ChanServ sets mode: +v ayoung18:47
openstackgerritMerged openstack/keystoneauth: Wrong usage of "a"  https://review.openstack.org/26238218:49
*** ninag has quit IRC18:56
*** tonytan_brb has joined #openstack-keystone18:57
*** ninag has joined #openstack-keystone18:57
*** tonytan4ever has quit IRC18:59
*** ninag_ has joined #openstack-keystone18:59
stevemarjamielennox: how is DOA-kerb broken?18:59
*** jsavak has joined #openstack-keystone19:00
stevemarwe didn't remove ksc-kerb19:00
jamielennoxstevemar: i would need to double check, but if DOA-kerb is still using ksc plugins and DOA is using ksa it's wrong19:00
stevemarohhh19:00
stevemarshould DOA-kerb even exist any longer?19:01
jamielennoxfrom memory we don't use the setuptools entrypoints so it may still work for now19:01
stevemaris it used out in the wild?19:01
*** ninag__ has joined #openstack-keystone19:01
openstackgerritPaulo Ewerton Gomes Fragoso proposed openstack/python-keystoneclient: Handle EmptyCatalog exception in list federated projects  https://review.openstack.org/24315319:01
jamielennoxstevemar: if we can get DOA to do a similar extras thing as KSA then we can roll it in19:01
*** ninag has quit IRC19:01
lhcheng_jamielennox: Latest DOA is now using ksa19:02
jamielennoxstevemar: red hat had intentions for it and it was being packaged19:02
jamielennoxstevemar: as for actual usage i'm not sure19:02
*** tonytan_brb has quit IRC19:02
*** tonytan4ever has joined #openstack-keystone19:03
gyeenotmorgan, I'll add some language in the spec to address secret key management19:04
*** ninag_ has quit IRC19:04
stevemarlhcheng_: jamielennox so how's it work for DOA to pull in the logic from DOA-kerb...19:04
gyeerotation is part of it19:04
notmorgangyee: if this is just adding the totp auth method - this isn't MFA and i stand by that19:04
gyeeits really part of enterprise security workflow19:04
stevemarlhcheng_: jamielennox how do you specify keystoneauth[kerberos] in the requirements file along with keystoneauth?19:05
gyeenotmorgan, you're right, the spec by itself is not MFA, its getting us there19:05
notmorgangyee: or look at working at the other bits.19:05
notmorgani will maintain a -1 at just adding totp19:05
stevemaror just handle the imports if they fail19:05
notmorganbecause it's not really a benefit and adds a false sense of security19:05
gyeetotp even by itself is better than password19:06
notmorgangyee: only sortof19:06
notmorgannot measurably really.19:06
samueldmqping19:07
samueldmqoops19:07
gyeeup to you guys, I can only take it so far, if we don't want it, less work for me :)19:07
*** jsavak has quit IRC19:07
*** jsavak has joined #openstack-keystone19:07
jamielennoxstevemar: i would need to look again but i don't think you have to19:08
notmorgani am for MFA but the other parts of the MFA work would be where i'd put the effort in.19:08
jamielennoxstevemar: you had to have doa-kerberos installed, and then from DOA setup you specified the plugin in doa-kerberos to be used for auth19:09
jamielennoxstevemar: so doa-kerberos had a dep on doa and ksc-kerberos, but not the other way around19:09
jamielennoxif having ksa[kerberos] as a dependency in doa-kerberos is a problem then we need to fix something19:10
gyeethe other part require schema additions, which is kinda late for Mitaka, it would be for N19:10
gyeestevemar, what say you, should I even bother to touch up that spec?19:11
gyeedstanek, looks like the browns clean house19:14
*** ninag__ has quit IRC19:14
*** ninag has joined #openstack-keystone19:15
*** ninag has quit IRC19:15
*** ninag has joined #openstack-keystone19:15
*** thiagop has joined #openstack-keystone19:17
dstanekgyee: it was full of garbage anyway :-)19:18
gyeedstanek, yeah, can't wait for the draft already19:19
ayoungbknudson_, please review https://review.openstack.org/#/c/242614/  "Implement Implied Roles"19:20
bknudson_ayoung: I'll add it to my list19:20
ayoungbknudson_, thanks.  Ask me if there are any questions19:21
bknudson_I'm sure I'll have questions19:21
dstanekgyee: yeah, i'm not feeling all that great yet. http://www.sbnation.com/lookit/2015/12/23/10661252/cleveland-browns-vs-barnyard-chickens19:22
gyeehah, funny, but sad19:23
*** ninag has quit IRC19:26
*** ninag has joined #openstack-keystone19:26
*** ninag has quit IRC19:27
*** ninag has joined #openstack-keystone19:28
stevemargyee: i don't know if it's worth pursuing19:28
stevemarour plate is pretty full19:28
*** timcline has joined #openstack-keystone19:34
ayoungMFA to me still means Museum if Fine Art .19:34
*** phalmos has joined #openstack-keystone19:36
*** timcline has quit IRC19:38
*** daemontool has quit IRC19:39
gyeeayoung FTW!19:40
*** daemontool has joined #openstack-keystone19:41
notmorganayoung: "if Fine Art"?19:41
ayoungi and o are right next to each other on the keyboard19:41
*** dslev has quit IRC19:42
gyeethe man has a rather large middle finger19:42
gyeestevemar, notmorgan, alrighty then, lets kill that spec and start a new one on the framework changes for N then19:43
notmorgangyee: sounds good19:43
openstackgerritRon De Rose proposed openstack/keystone: Shadow users: unified identity  https://review.openstack.org/26204519:45
*** daemontool has quit IRC19:47
*** daemontool has joined #openstack-keystone19:48
*** daemontool has quit IRC19:51
*** ninag has quit IRC19:56
*** ayoung has quit IRC19:59
*** ninag has joined #openstack-keystone20:00
*** ninag_ has joined #openstack-keystone20:01
*** jbell8 has quit IRC20:01
*** jsavak has quit IRC20:01
*** jsavak has joined #openstack-keystone20:02
*** ninag has quit IRC20:04
*** ninag_ has quit IRC20:05
*** timcline has joined #openstack-keystone20:06
*** ayoung has joined #openstack-keystone20:10
*** ChanServ sets mode: +v ayoung20:10
*** jsavak has quit IRC20:11
*** jsavak has joined #openstack-keystone20:11
*** KarthikB has joined #openstack-keystone20:13
*** jsavak has quit IRC20:17
*** gyee has quit IRC20:25
*** e0ne has quit IRC20:28
*** rderose has quit IRC20:37
*** phalmos has quit IRC20:40
*** ninag has joined #openstack-keystone20:49
*** jsavak has joined #openstack-keystone20:49
*** fangxu has quit IRC20:53
lbragstadnonameentername looks like there was a bunch of discussion around MFA in the meeting today - http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2016-01-05.log.html#t2016-01-05T18:22:0820:55
lbragstadnonameentername incase you want to review it20:55
shalehnonameentername: essentially the MFA has been scuttled for Mitaka. gyee will work with you on preparing something for N that addresses the concerns raised.20:56
*** sripriya has joined #openstack-keystone20:59
*** ayoung has quit IRC21:02
*** pauloewerton has quit IRC21:14
*** chlong has quit IRC21:22
*** zzzeek has quit IRC21:22
*** zzzeek has joined #openstack-keystone21:22
*** phalmos has joined #openstack-keystone21:28
*** spandhe is now known as spandhe_121:29
*** petertr7 is now known as petertr7_away21:29
bknudson_I'm not having much luck getting otp to work... I tried otpauth and the FreeOTP app but not getting the same code.21:29
*** gyee has joined #openstack-keystone21:30
*** ChanServ sets mode: +v gyee21:30
*** timcline has quit IRC21:30
*** topol has quit IRC21:32
*** gyee has quit IRC21:34
*** gyee has joined #openstack-keystone21:41
*** ChanServ sets mode: +v gyee21:41
*** petertr7_away is now known as petertr721:50
*** jorge_munoz has quit IRC21:53
*** timcline has joined #openstack-keystone21:55
*** ninag has quit IRC22:00
*** ninag has joined #openstack-keystone22:01
*** jsavak has quit IRC22:05
*** ninag has quit IRC22:05
*** jsavak has joined #openstack-keystone22:05
*** harlowja has quit IRC22:09
*** harlowja has joined #openstack-keystone22:10
*** jorge_munoz has joined #openstack-keystone22:10
*** thiagop has quit IRC22:11
*** dslev has joined #openstack-keystone22:12
openstackgerritJorge Munoz proposed openstack/keystone: Reduce revoke events for disabled domains and projects.  https://review.openstack.org/25327322:16
*** dslev_ has joined #openstack-keystone22:17
*** spandhe_1 has quit IRC22:19
*** boris-42 has joined #openstack-keystone22:20
*** dims has quit IRC22:20
*** dslev has quit IRC22:20
*** spandhe has joined #openstack-keystone22:22
*** fangxu has joined #openstack-keystone22:22
stevemartjcocozz: can i review the list w/ names stuff now?22:23
stevemaris it no longer WIP WIP WIP22:23
*** dims has joined #openstack-keystone22:25
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: WIP: Add cache layer on the top of manager  https://review.openstack.org/26393322:31
samueldmqdstanek: dolphm: this is a poc for introducing a separate cache layer for the sake of code clarity22:31
samueldmqdstanek: dolphm: ^ pinging you both because I remember to have talked to you last year about it22:32
samueldmqstill wip but would be great to get some feedback on22:32
samueldmqstevemar: cc ^22:33
*** edmondsw has quit IRC22:33
*** edmondsw has joined #openstack-keystone22:37
*** dave-mccowan has quit IRC22:37
*** petertr7 is now known as petertr7_away22:37
*** edmondsw has quit IRC22:37
*** dprince has quit IRC22:40
*** timcline has quit IRC22:40
*** KarthikB has quit IRC22:43
notmorgansamueldmq: that doesn't seem to mirror the functionality22:47
notmorgansamueldmq: but...22:48
notmorgansamueldmq: oh i see you made the resource_api = memoizer22:48
samueldmqnotmorgan: yes, it basically put the memoizer on the top of the api, and then we separate the business logic from caching things22:49
samueldmqnotmorgan: which makes the code cleaner (that's what I think, at least)22:49
notmorgansamueldmq: sure. I would however not make the memoizer a required argument22:50
notmorgani would make it something you can apply to any manager22:50
notmorganand i would consider hacking .__getattribute__ in the manager to look at the memoizer first and call in that way instead22:50
samueldmqnotmorgan: hm, tried it, but got conflicts because it looks like __getattr__ isn't called if we implement __getattribute__22:51
samueldmqnotmorgan: but sure that's an option too, and is doable22:51
notmorganyou have to be very careful22:51
notmorgani don't particularly like adding in extra layers of abstraction tbh22:52
notmorganjust because it makes it harder to see.22:53
notmorganbut *shrug* i kindof avoid working on keystone server atm.22:53
samueldmqnotmorgan: I see, I am considering that option too (using __getatribute__, let's see what others think too)22:54
samueldmqnotmorgan: thanks for stepping in and giving feedback22:54
*** KarthikB has joined #openstack-keystone22:58
*** daemontool has joined #openstack-keystone23:00
*** zqfan has quit IRC23:01
*** jsavak has quit IRC23:04
*** woodster_ has joined #openstack-keystone23:07
*** slberger has left #openstack-keystone23:07
*** phalmos has quit IRC23:09
*** csoukup has quit IRC23:12
*** chlong has joined #openstack-keystone23:12
*** diazjf has quit IRC23:12
*** chlong has quit IRC23:14
*** doug-fis_ has joined #openstack-keystone23:15
*** doug-fish has quit IRC23:17
*** dims has quit IRC23:20
*** spandhe has quit IRC23:23
*** dims has joined #openstack-keystone23:25
*** doug-fis_ has quit IRC23:25
*** KarthikB has quit IRC23:25
*** chlong has joined #openstack-keystone23:30
*** gordc has quit IRC23:33
*** sigmavirus24 is now known as sigmavirus24_awa23:35
*** oomichi has joined #openstack-keystone23:37
*** tonytan4ever has quit IRC23:39
*** daemontool has quit IRC23:40
openstackgerrithenry-nash proposed openstack/keystone-specs: Clarify project hierarchy and parent usage within the API  https://review.openstack.org/20062423:41
*** dslev_ has quit IRC23:46
*** ninag has joined #openstack-keystone23:47
*** ninag has quit IRC23:47
*** lhcheng_ has quit IRC23:50
*** shoutm has joined #openstack-keystone23:56
openstackgerrithenry-nash proposed openstack/keystone-specs: Be consistent in how we give error codes in the Identity spec  https://review.openstack.org/26396023:58
« Monday, 2016-01-04 Index Wednesday, 2016-01-06 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!