Monday, 2016-06-13

*** markvoelker has quit IRC		00:01
*** rcernin has quit IRC		00:13
*** rk4n_ has quit IRC		00:14
*** rk4n has joined #openstack-keystone		00:15
*** rk4n has quit IRC		00:19
*** chlong has joined #openstack-keystone		00:36
*** roxanaghe has joined #openstack-keystone		00:38
*** roxanaghe has quit IRC		00:42
*** iurygregory has quit IRC		00:56
*** david-lyle has quit IRC		01:34
*** EinstCrazy has joined #openstack-keystone		01:37
*** jefrite has quit IRC		01:43
*** jefrite has joined #openstack-keystone		01:50
*** markvoelker has joined #openstack-keystone		01:58
*** EinstCrazy has quit IRC		02:01
*** markvoelker has quit IRC		02:02
*** EinstCrazy has joined #openstack-keystone		02:04
*** spandhe has quit IRC		02:07
*** roxanaghe has joined #openstack-keystone		02:32
openstackgerrit	Ryosuke Mizuno proposed openstack/keystone: Add validation rules for create token using a JSON schema https://review.openstack.org/325086	02:43
*** ayoung has quit IRC		02:48
*** wanghua has joined #openstack-keystone		02:51
*** roxanaghe has quit IRC		02:58
*** roxanaghe has joined #openstack-keystone		03:04
openstackgerrit	Andrew Liu proposed openstack/keystone: Added cache for mapping of user to uuid https://review.openstack.org/328820	03:06
openstackgerrit	Andrew Liu proposed openstack/keystone: Added cache for mapping of user to uuid https://review.openstack.org/328820	03:13
*** EinstCrazy has quit IRC		03:36
*** EinstCrazy has joined #openstack-keystone		03:37
*** EinstCrazy has quit IRC		03:57
*** EinstCrazy has joined #openstack-keystone		03:57
*** markvoelker has joined #openstack-keystone		03:59
*** roxanaghe has quit IRC		04:02
*** markvoelker has quit IRC		04:03
*** roxanaghe has joined #openstack-keystone		04:10
*** roxanaghe has quit IRC		04:14
*** roxanaghe has joined #openstack-keystone		04:23
*** roxanaghe has quit IRC		04:23
*** links has joined #openstack-keystone		04:26
*** TxGVNN has joined #openstack-keystone		04:56
*** TxGVNN has quit IRC		04:57
*** jaosorior has joined #openstack-keystone		05:11
*** dave-mccowan has quit IRC		05:27
*** markvoelker has joined #openstack-keystone		05:59
*** chlong has quit IRC		06:03
*** markvoelker has quit IRC		06:04
*** rcernin has joined #openstack-keystone		06:14
*** chlong has joined #openstack-keystone		06:15
*** rcernin has quit IRC		06:18
*** rcernin has joined #openstack-keystone		06:19
*** spandhe has joined #openstack-keystone		06:23
*** yolanda has joined #openstack-keystone		06:24
*** EinstCrazy has quit IRC		06:53
*** EinstCrazy has joined #openstack-keystone		06:56
*** tesseract has joined #openstack-keystone		07:00
*** agireud has quit IRC		07:04
*** agireud has joined #openstack-keystone		07:07
*** yolanda has quit IRC		07:15
*** chlong has quit IRC		07:15
*** spandhe has quit IRC		07:17
*** yolanda has joined #openstack-keystone		07:22
*** henrynash_ has joined #openstack-keystone		07:29
*** ChanServ sets mode: +v henrynash_		07:29
*** yolanda has quit IRC		07:31
*** yolanda has joined #openstack-keystone		07:32
*** jaosorior is now known as jaosorior_brb		07:38
*** jamie_h has joined #openstack-keystone		07:42
*** yolanda has quit IRC		07:48
*** zzzeek has quit IRC		08:00
*** permalac has joined #openstack-keystone		08:00
*** markvoelker has joined #openstack-keystone		08:00
*** zzzeek has joined #openstack-keystone		08:00
*** markvoelker has quit IRC		08:05
openstackgerrit	Maho Koshiya proposed openstack/python-keystoneclient: Add wrapper classes for return-request-id-to-caller https://review.openstack.org/261188	08:07
*** nisha_ has joined #openstack-keystone		08:07
*** nisha__ has joined #openstack-keystone		08:10
*** nisha_ has quit IRC		08:10
*** yolanda has joined #openstack-keystone		08:29
*** nisha__ has quit IRC		08:29
*** nisha__ has joined #openstack-keystone		08:32
*** nisha__ is now known as nisha_		08:33
nisha_	Hey all!	08:33
*** jaosorior_brb has quit IRC		08:39
*** jaosorior_brb has joined #openstack-keystone		08:39
*** dmk0202 has joined #openstack-keystone		08:44
*** jaosorior_brb is now known as jaosorior		08:54
openstackgerrit	Andrew Liu proposed openstack/keystone: Added named argument for assertValidUserResponse https://review.openstack.org/328907	08:54
*** rk4n_ has joined #openstack-keystone		08:55
openstackgerrit	Alfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token https://review.openstack.org/328919	09:13
openstackgerrit	Alfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token https://review.openstack.org/328919	09:15
*** henrynash_ has quit IRC		09:17
*** mvk_ has quit IRC		09:24
*** pcaruana has joined #openstack-keystone		09:27
*** nisha_ has quit IRC		09:46
*** nisha_ has joined #openstack-keystone		09:46
*** mvk_ has joined #openstack-keystone		09:51
danpawlik	Hello, I want to ask about keystonemiddleware and its configuration file. I want to add misssing parameters into keystone_authtoken section, but I don't know which parameters are deprecated which not. So if you have some time, pls check https://review.openstack.org/#/c/328620/1/manifests/resource/authtoken.pp and comment me which are which not ;)	10:14
patchbot	danpawlik: patch 328620 - puppet-keystone - Add misssing parameters to keystone_authtoken	10:14
*** nisha_ has quit IRC		10:29
*** nisha_ has joined #openstack-keystone		10:30
*** nisha_ has quit IRC		10:36
*** nisha_ has joined #openstack-keystone		10:36
*** EinstCrazy has quit IRC		10:49
*** TxGVNN has joined #openstack-keystone		10:55
*** srushti has joined #openstack-keystone		10:58
*** pnavarro has joined #openstack-keystone		10:58
srushti	samueldmq: Hi	11:01
srushti	samueldmq: Could you please have a look at patch https://review.openstack.org/#/c/324320/ and suggest your opinion.	11:09
patchbot	srushti: patch 324320 - keystone - Return BadRequest for 4 byte unicode characters	11:09
*** pnavarro has quit IRC		11:11
*** TxGVNN1 has joined #openstack-keystone		11:37
*** gordc has joined #openstack-keystone		11:38
*** TxGVNN has quit IRC		11:39
*** TxGVNN1 is now known as TxGVNN		11:39
*** TxGVNN1 has joined #openstack-keystone		11:44
*** TxGVNN has quit IRC		11:45
*** TxGVNN1 is now known as TxGVNN		11:45
*** fesp has joined #openstack-keystone		11:52
*** dancn has joined #openstack-keystone		11:58
*** TxGVNN has quit IRC		12:00
*** raildo-afk is now known as raildo		12:01
*** markvoelker has joined #openstack-keystone		12:01
*** mvk_ has quit IRC		12:03
*** markvoelker has quit IRC		12:06
*** iurygregory has joined #openstack-keystone		12:07
*** pauloewerton has joined #openstack-keystone		12:07
*** fesp has quit IRC		12:08
danpawlik	Hello, is somebody here, who can help me with keystonemiddleware?	12:09
*** flaper87 has quit IRC		12:09
*** flaper87 has joined #openstack-keystone		12:15
*** flaper87 has quit IRC		12:15
*** flaper87 has joined #openstack-keystone		12:15
*** markvoelker has joined #openstack-keystone		12:25
*** nisha__ has joined #openstack-keystone		12:31
*** nisha_ has quit IRC		12:34
EmilienM	stevemar: hey, this week-end we found a new bug https://review.openstack.org/#/c/328919/	12:36
patchbot	EmilienM: patch 328919 - keystonemiddleware - Fix circular import in auth_token	12:36
EmilienM	https://launchpad.net/bugs/1591913	12:36
openstack	Launchpad bug 1591913 in keystonemiddleware "circular import between opts and auth_token" [Undecided,In progress] - Assigned to Alfredo Moralejo (amoralej)	12:36
EmilienM	stevemar: it breaks sahara for example but also more	12:36
*** nisha__ is now known as nisha_		12:42
*** julim has joined #openstack-keystone		12:42
*** yolanda has quit IRC		12:49
*** mvk has joined #openstack-keystone		12:49
*** EinstCrazy has joined #openstack-keystone		12:51
*** yolanda has joined #openstack-keystone		12:54
*** EinstCrazy has quit IRC		12:55
*** chlong has joined #openstack-keystone		12:58
*** dancn has quit IRC		12:59
*** dancn has joined #openstack-keystone		13:00
*** dave-mccowan has joined #openstack-keystone		13:03
*** sheel has joined #openstack-keystone		13:05
*** marekd has quit IRC		13:05
*** ayoung has joined #openstack-keystone		13:09
*** ChanServ sets mode: +v ayoung		13:09
*** richm has joined #openstack-keystone		13:11
lbragstad	stevemar notmorgan no problem	13:13
shewless	dstanek: that would be great (about the adfs server).	13:14
lbragstad	i hope to wrap it up a bit more	13:14
*** edmondsw has joined #openstack-keystone		13:15
dstanek	srushti: it looks like there is a lot of feedback there so i didn't take a look already	13:17
*** lucas___ has joined #openstack-keystone		13:17
*** shewless has quit IRC		13:18
*** jdennis has quit IRC		13:22
dstanek	srushti: reviewed	13:24
*** nisha_ has quit IRC		13:30
*** mvk has quit IRC		13:32
raildo	jamielennox: ping, do you have any updates about this contact with TC about this: http://lists.openstack.org/pipermail/openstack-dev/2016-May/095047.html ?	13:35
*** permalac has quit IRC		13:37
*** shewless has joined #openstack-keystone		13:43
*** rodrigods has quit IRC		13:43
*** rodrigods has joined #openstack-keystone		13:43
samueldmq	EmilienM: hi, how may I reproduce that issue ?	13:50
EmilienM	samueldmq: deploy latest keystonemiddleware & sahara	13:50
samueldmq	EmilienM: I have a fresh devstack running (I have ./unstack and ./stack); then I did the imports in a python interpreter and it worked	13:51
jaosorior	EmilienM: Was that issue seen in CentOS?	13:51
samueldmq	EmilienM: so it can't be tested from a python interpreter ? (needs sahara?)	13:51
EmilienM	jaosorior: yes	13:51
EmilienM	jaosorior: using latest RDO trunk	13:52
jaosorior	we had a similar issue in Barbican, where we could only reproduce it in CentOS, yet Fedora didn't have that failure	13:52
jaosorior	that's most likely the reason why samueldmq couldn't reproduce it. I asume you're using Ubuntu or Fedora.	13:52
*** amoralej has joined #openstack-keystone		13:52
samueldmq	jaosorior: you're right, I am using Ubuntu	13:53
samueldmq	jaosorior: why so ?	13:53
jaosorior	samueldmq: circular imports like those ones are not an issue in Ubuntu and Fedora. Seems to be an issue with the interpreter that's shipped in CentOS though	13:54
*** pgbridge has joined #openstack-keystone		13:54
*** links has quit IRC		13:54
samueldmq	jaosorior: that's interesting, looks like the interpreter that is broken	13:55
jaosorior	samueldmq: Wouldn't say broken. That is a legitimate error message	13:55
samueldmq	jaosorior: it's hard to find such errors because we don't have gate on centos (afaik), at least for keystonemiddleware :(	13:55
samueldmq	and such errors will always happen in real life	13:56
*** mvk has joined #openstack-keystone		13:56
samueldmq	jaosorior: EmilienM: I am not saying hte bug isn't legitim, just thinking about some way we can avoid it happening again in the future	13:57
jaosorior	samueldmq: Only way I can think of is having a centos-based CI job	13:57
*** tonytan4ever has joined #openstack-keystone		13:57
samueldmq	jaosorior: ++	13:59
jaosorior	ayoung: know anybody who could help with this? ^^	13:59
samueldmq	jaosorior: just to confirm, we (openstack) offilially support CentOS, right ?	14:02
*** woodster_ has joined #openstack-keystone		14:02
samueldmq	well, that's a dumb quesiton, we support python, systems running python should work :)	14:02
jaosorior	samueldmq: There are centos nodes provided by infra. So yeah	14:03
samueldmq	jaosorior: cool, thanks	14:03
iurygregory	samueldmq, http://docs.openstack.org/mitaka/install-guide-rdo/	14:03
iurygregory	you should try :D	14:04
*** adrian_otto has joined #openstack-keystone		14:05
*** r-daneel has joined #openstack-keystone		14:05
samueldmq	EmilienM: jaosorior: I've put 'High' importance on this bug, as it may cause real systems (running on master) to break	14:05
EmilienM	well, it broke our CI :)	14:05
jaosorior	EmilienM, samueldmq: Currently the proped patch is failing due to cinder needing that import that was moved. I'm tried submitting a patch to cinder so unblock this.	14:06
amoralej	i created a review to fix the circular import	14:06
samueldmq	EmilienM: ++	14:07
samueldmq	jaosorior: nice, is it only cinder breaking because of this ?	14:07
amoralej	the problem jaosorior is that i think my patch affects other projects, so we should look for another approach which doesn't affects	14:07
jaosorior	amoralej: Yeah, https://review.openstack.org/#/c/328919/ needs the fix in cinder	14:07
patchbot	jaosorior: patch 328919 - keystonemiddleware - Fix circular import in auth_token	14:07
jaosorior	amoralej: I commented on your patch with the link to the patch I did for it	14:08
jaosorior	samueldmq: That's the only one I saw from the logs. Could be more O_o	14:08
amoralej	samueldmq, i think it may affect others as ironic	14:08
amoralej	let me check	14:09
*** jdennis has joined #openstack-keystone		14:10
samueldmq	dstanek: hi	14:16
samueldmq	dstanek: it'd be nice to have your feedback in patch 328919	14:16
patchbot	samueldmq: https://review.openstack.org/#/c/328919/ - keystonemiddleware - Fix circular import in auth_token	14:16
samueldmq	dstanek: whether putting the import inside __init__ is appropriate, or if there is a better workaround for that Python circular import issue	14:16
dstanek	samueldmq: sure, i'll take a look in a second. working on a different review now.	14:19
dstanek	samueldmq: without looking at the code i would say the it should be reorganized and lazy importing is a hack	14:19
*** permalac has joined #openstack-keystone		14:21
samueldmq	dstanek: ++ I share your view too, maybe that should just be reorganized	14:21
samueldmq	if we get those imports to be reorganized, perhaps the fix won't even need patching on other projects	14:22
samueldmq	jaosorior: amoralej ^	14:22
amoralej	i agree, we should avoid patching other projects if possible	14:23
*** yolanda has quit IRC		14:23
jaosorior	right...so, mind ellaborating on this reorganization thing?	14:24
*** rk4n has joined #openstack-keystone		14:27
*** rderose has joined #openstack-keystone		14:27
*** yolanda has joined #openstack-keystone		14:27
*** rderose has quit IRC		14:28
samueldmq	jaosorior: proposing a fix ?	14:30
*** rk4n_ has quit IRC		14:31
*** ebalduf_ has joined #openstack-keystone		14:31
*** sigmavirus24_awa is now known as sigmavirus24		14:32
*** nisha_ has joined #openstack-keystone		14:35
rodrigods	lbragstad, thanks for the review, replied at https://review.openstack.org/#/c/303502/15	14:36
patchbot	rodrigods: patch 303502 - keystone - Add service providers integration tests	14:36
*** rderose has joined #openstack-keystone		14:36
lbragstad	rodrigods sweet - I'll take another look	14:37
*** nisha__ has joined #openstack-keystone		14:37
ayoung	jaosorior, fixing the break on Centos or getting Centos based CI up and running?	14:37
jaosorior	ayoung: CI	14:38
openstackgerrit	Kam Nasim proposed openstack/keystone: convert wsgi REST logs to DEBUG verbosity https://review.openstack.org/329028	14:38
ayoung	jaosorior, notmorgan is you man on CI	14:38
*** spandhe has joined #openstack-keystone		14:38
*** EinstCrazy has joined #openstack-keystone		14:39
*** nisha_ has quit IRC		14:40
jaosorior	ayoung: Thanks dude	14:40
ayoung	jaosorior, I think rodrigods is going to get involved in that, too.	14:41
ayoung	I thought Centos base CI should have been set up long since...frustrating	14:42
rodrigods	ayoung, jaosorior, absolutely - i can be the "please add this! please!"	14:42
jaosorior	lol	14:42
ayoung	rodrigods, talk with notmorgan and you two can come up with the necessary steps. I thought it was already run somewhere	14:43
ayoung	let see, that was a keystonemiddleware change that broke things on centos?	14:43
amoralej	jaosorior, rodrigods, about https://review.openstack.org/#/c/328919/, and in order to fix circular, could all options registered in opts.py ?	14:43
patchbot	amoralej: patch 328919 - keystonemiddleware - Fix circular import in auth_token	14:43
dstanek	samueldmq: reviewed :-)	14:44
ayoung	opts import _opts	14:45
notmorgan	zzzzzzzzzzz	14:46
jaosorior	amoralej: So do I drop my fix for cinder? https://review.openstack.org/#/c/328995/ I was already starting to import keystonemiddleware.opts	14:46
patchbot	jaosorior: patch 328995 - cinder - Import auth_uri from different module	14:46
ayoung	_opts imports _base	14:46
ayoung	__init__ imports _base	14:47
ayoung	_base iports nothing	14:47
ayoung	I don't see the cycle	14:47
rodrigods	ayoung, opts imports auth_token	14:47
ayoung	rodrigods, nope	14:47
rodrigods	which imports opts in __init__.py	14:47
amoralej	yeap	14:47
ayoung	rom keystonemiddleware.auth_token import _auth	14:48
ayoung	from keystonemiddleware.auth_token import _base	14:48
ayoung	from keystonemiddleware.auth_token import _opts	14:48
ayoung	that is what opts imports	14:48
rodrigods	ayoung, __init__.py is the entry point	14:48
rodrigods	don't need to import directly	14:48
rodrigods	only in using the module, it is evaluated	14:48
ayoung	ah	14:48
ayoung	that is evil	14:48
ayoung	so move all of the _opts etc out from that module if we want to import them directly	14:49
*** ebalduf_ has quit IRC		14:50
ayoung	which is what _common should be, right?	14:50
* ayoung checks the clock to see how long until the switch from coffee to scotch.		14:50
rodrigods	is 10 AM already?	14:50
dstanek	i don't see why opts.py was split out anyway	14:50
jaosorior	rodrigods: Funny how 10 AM is also my standard for that :P	14:51
amoralej	why don't let all opts registered in opts.py	14:51
amoralej	?	14:51
amoralej	and opts not importing auth_token	14:51
amoralej	but auth_token importing from opts.py, would that be ok?	14:51
notmorgan	more to the point... how did we land a circular import?	14:51
ayoung	jaosorior, you are in Finland. I thought it was Schnapps Ohklok there	14:52
dstanek	amoralej: since all the things in that module are auth_token specific i don't see the point	14:52
notmorgan	also... absolutely no lazy imports	14:52
rodrigods	notmorgan, only breaks in centos interpreter	14:52
jaosorior	ayoung: How do you know I'm not drinking?	14:52
dstanek	notmorgan: ++	14:52
notmorgan	rodrigods: wtf?	14:52
ayoung	jaosorior, I justm meant Schnapps instead of Scotch	14:52
jaosorior	aaaah	14:52
ayoung	I assumed you were drinking	14:52
notmorgan	rodrigods: explain please	14:52
notmorgan	beause... wtf?!	14:52
jaosorior	ayoung: Nah, here we have https://en.wikipedia.org/wiki/Salmiakki_Koskenkorva	14:53
rodrigods	notmorgan, it doesn't break in fedora or ubuntu, looks like a check tied to some version	14:53
ayoung	notmorgan, opts.py should not be imported by auth_token, you are right...	14:53
notmorgan	rodrigods: then i'm -2 on that change until i have a better understanding.	14:53
ayoung	but	14:53
ayoung	https://review.openstack.org/#/c/328919/2/keystonemiddleware/auth_token/__init__.py	14:53
patchbot	ayoung: patch 328919 - keystonemiddleware - Fix circular import in auth_token	14:53
notmorgan	rodrigods: why is it failing on a specificl interpreter?	14:53
*** timcline has joined #openstack-keystone		14:53
jaosorior	notmorgan: We had the same issue in barbican	14:53
rodrigods	notmorgan, lacking info too, don't know even the centos version / interpreter	14:53
jaosorior	it somehow worked in ubuntu and fedora	14:54
jaosorior	but not the cpython shipped by centos	14:54
ayoung	http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/opts.py	14:54
ayoung	one function	14:54
notmorgan	rodrigods, jaosorior: that is insanity.	14:54
ayoung	lets move that function to _opts, have auth_token use that, and have opts.py link to the _opts one	14:54
notmorgan	jaosorior: what version(s)? and what version of centos?	14:54
jaosorior	notmorgan: I don't even know why you're shocked	14:54
* notmorgan wants more details than "centos seems weird"		14:55
amoralej	i'm finding it with centos7, python-2.7.5	14:55
notmorgan	also... is this impacted on the same version of rhel?	14:55
notmorgan	rhel7 (i can check if needed)	14:55
amoralej	probably, i've seen it in fedora23 also	14:56
rodrigods	fedora ships 2.7.11	14:56
*** kodoku has joined #openstack-keystone		14:56
*** phalmos has joined #openstack-keystone		14:56
rodrigods	we can try to reproduce in a venv to confirm it is tied to 2.7.5	14:56
kodoku	Hi, is it possible to list user of group with keystone v3 ?	14:56
kodoku	with python client	14:57
dstanek	it break on ubuntu my just importing keystone middleware.opts	14:57
ayoung	rodrigods, check me on this	14:57
*** permalac has quit IRC		14:58
ayoung	keystonemiddleware.opts. list_auth_token_opts and keystonemiddleware.auth_token._opts do roughly the same thing	14:58
ayoung	the first does	14:58
ayoung	return [(g, copy.deepcopy(o)) for g, o in auth_token_opts]	14:58
dstanek	the issue seems to be the order of imports	14:58
ayoung	the second does	14:58
ayoung	return [(_base.AUTHTOKEN_GROUP, copy.deepcopy(auth_token_opts))]	14:58
*** pgbridge has quit IRC		14:59
dstanek	if you import auth_token first the sub-packages are already loaded by the time the import of opts happens	14:59
*** julim has quit IRC		14:59
ayoung	gi g is _base.AUTHTOKEN_GROUP then they do the same thing	14:59
rodrigods	i get really confused by [()]	14:59
dstanek	if you import opts first it all breaks	14:59
dstanek	notmorgan: ^	14:59
ayoung	auth_token_opts is defined as	15:00
ayoung	(_base.AUTHTOKEN_GROUP,	15:00
ayoung	_opts._OPTS + _auth.OPTS + loading.get_auth_common_conf_options())	15:00
ayoung	for the first one and is defined as	15:00
notmorgan	so it's an order of imprt thing?	15:00
ayoung	auth_token_opts = (_OPTS + loading.get_auth_common_conf_options())	15:00
amoralej	if you import auth_token first, it's already imported when executin opts, that's why doesn't break	15:00
ayoung	for the second one.	15:00
notmorgan	just move the opts to the main opt file(s).	15:00
*** tonytan4ever has quit IRC		15:00
*** julim has joined #openstack-keystone		15:00
ayoung	why should these two not be the same function, and, why should middleware need to use both versions?	15:00
kodoku	join #openstack	15:01
kodoku	arf sorry	15:01
notmorgan	make sure it's highlighted that it is atm opts... also... unrelated... someone needs to make sure we are somehow testing for cases like this...	15:01
ayoung	audit is the only place that calls the _opts version	15:01
ayoung	keystonemiddleware/audit.py:374: _list_opts(),	15:01
ayoung	keystonemiddleware/audit.py:494:def _list_opts():	15:01
notmorgan	make audit not do that.	15:02
notmorgan	alternatively	15:02
ayoung	can we make a single function for both of these?	15:02
*** lucas has joined #openstack-keystone		15:02
ayoung	and put it in _opts or _common/_opts or something	15:02
samueldmq	dstanek: thanks	15:02
notmorgan	probably	15:02
ayoung	and have them both include the same thing in a sane way?	15:02
ayoung	who wrote that...	15:02
notmorgan	unles the config generator explicitly only wants the options from one/the other	15:03
* notmorgan shrugs		15:03
ayoung	62093bfc (Zhi Yan Liu 2014-07-02 22:40:35 +0800 33) def list_auth_token_opts():	15:03
ayoung	f0965c95 (Jamie Lennox 2016-01-14 13:14:32 +1100 187) def list_opts():	15:04
*** lucas___ has quit IRC		15:04
dstanek	notmorgan: i think it may be time for someone to demonstrate an alternate approach to the request_id patch	15:05
bknudson	the only thing I care about for the request ID patch is that it be opt-in	15:06
dstanek	bknudson: yep	15:06
bknudson	which is not hard to do	15:06
dstanek	i'd like to add to that that i'd like it to be opt into a real object for the data and not a hacked one	15:06
notmorgan	dstanek: ++	15:09
notmorgan	dstanek: please do!	15:09
*** nisha__ is now known as nisha_		15:11
*** david-lyle has joined #openstack-keystone		15:12
*** permalac has joined #openstack-keystone		15:13
*** pgbridge has joined #openstack-keystone		15:16
dstanek	that's the plan, but someone shamed me on my review numbers so i'm workin on that now :-(	15:17
samueldmq	hhaha	15:18
samueldmq	dstanek: were you able to identify what's causing the circular import ?	15:18
kodoku	Anyone can see my paste for ldap issue ? http://paste.openstack.org/show/515747/	15:18
samueldmq	dstanek: I can't reproduce it, so I can't really debug it	15:19
samueldmq	:(	15:19
dstanek	samueldmq: yes, the modules import each other :-P	15:22
*** edtubill has joined #openstack-keystone		15:22
samueldmq	dstanek: what modules ?	15:23
dstanek	samueldmq: open a brand new interpreter and 'import keystonemiddleware.opts'	15:23
dstanek	samueldmq: keystonemiddleware.opts and keystonemiddleware.auth_token	15:23
samueldmq	dstanek: that worked well for me on ubuntu	15:23
samueldmq	dstanek: on a vm with fresh devstack	15:24
dstanek	samueldmq: really? it fails for me	15:24
samueldmq	dstanek: yes, wfm	15:24
samueldmq	dstanek: that's very odd, everything should be breaking	15:25
dstanek	if you import auth_token first it works	15:25
samueldmq	dstanek: ah you're correct about the imports, keystonemiddleware.opts imports some things from keystonemiddleware.auth_token, which causes the __init__ to be evaluated :)	15:26
*** pushkaru has joined #openstack-keystone		15:26
dstanek	samueldmq: exactly. and if you import auth_token first the right things exist in sys.modules to opts succeeds	15:27
*** spandhe_ has joined #openstack-keystone		15:27
*** spandhe has quit IRC		15:28
*** spandhe_ is now known as spandhe		15:28
*** danpawlik has quit IRC		15:28
samueldmq	dstanek: (it's working either way for me), I expect to have the current master of middleware (as I did unstck/stack)	15:31
*** welldannit has quit IRC		15:31
*** TxGVNN has joined #openstack-keystone		15:32
dstanek	samueldmq: will in either case the code is broken and needs to be fixed and not hacked	15:32
*** al_loew has joined #openstack-keystone		15:33
*** tonytan4ever has joined #openstack-keystone		15:34
samueldmq	dstanek: ++	15:35
samueldmq	dstanek: do you have a suggesiton?	15:35
*** agireud has quit IRC		15:36
*** ddieterly has joined #openstack-keystone		15:37
*** agireud has joined #openstack-keystone		15:38
samueldmq	dstanek: perhaps revert and look at a better way to do it before merging again ?	15:39
samueldmq	so we have more time to look at the best way to do it	15:39
*** tesseract has quit IRC		15:39
rodrigods	samueldmq, dstanek ^ reproduced by cloning keystonemiddleware master and 'pip install -e' it	15:40
rodrigods	on fedora	15:40
amoralej	samueldmq, i was thinking in adding all options for auth_token in _opts, and from __init__ import _opts instead of opts	15:41
rodrigods	dstanek, confirmed importing auth_token first works	15:41
rodrigods	amoralej, think would be a good approach for now	15:42
amoralej	why there are some options on _auth instead of _opts ?	15:42
notmorgan	dstanek: i didn't shame anyone in particular (but yay, if we get reviews out of it)	15:44
*** lucas has quit IRC		15:49
*** wasmum has quit IRC		15:49
openstackgerrit	Alfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token https://review.openstack.org/328919	15:50
*** dmk0202 has quit IRC		15:51
*** rderose has quit IRC		15:58
*** rcernin has quit IRC		15:59
openstackgerrit	Alfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token https://review.openstack.org/328919	16:01
*** pushkaru has quit IRC		16:02
*** ayoung has quit IRC		16:04
*** pushkaru has joined #openstack-keystone		16:04
*** EinstCrazy has quit IRC		16:04
samueldmq	dstanek: I propose we create list_auth_token_opts() inside auth_token.__init__	16:05
samueldmq	dstanek: and opts.py 's list_auth_token_opts() would just repass the call to it	16:06
samueldmq	dstanek: so that auth_token.__init__ won't need to import opts at all, and the calculation of all options would live there :)	16:07
*** rderose has joined #openstack-keystone		16:07
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements https://review.openstack.org/328447	16:10
*** gyee has joined #openstack-keystone		16:10
*** ChanServ sets mode: +v gyee		16:10
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements https://review.openstack.org/328447	16:12
*** spandhe has quit IRC		16:15
*** roxanaghe has joined #openstack-keystone		16:16
*** timcline_ has joined #openstack-keystone		16:18
*** ayoung has joined #openstack-keystone		16:19
*** ChanServ sets mode: +v ayoung		16:19
*** lamt has quit IRC		16:21
dstanek	samueldmq: i suggested just putting the opts stuff into auth_token since that's really what it's for	16:21
*** timcline has quit IRC		16:22
*** rderose_ has joined #openstack-keystone		16:25
samueldmq	dstanek: I agree, but opts is a public symbol, so we need to maintain it for now ?	16:25
*** rderose has quit IRC		16:26
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Move auth token opts calculation into auth_token https://review.openstack.org/329091	16:27
*** ddieterly is now known as ddieterly[away]		16:27
samueldmq	dstanek: amoralej: ^ this is what I was proposing	16:27
samueldmq	amoralej: I haven't submitted in your patch because it seems like you're on it.. (I added you as co-author)	16:28
samueldmq	take this as an alternative solution, and if it's not what we want, I will abandon it	16:29
amoralej	no prob samueldmq, but i have a doubt	16:30
*** rcernin has joined #openstack-keystone		16:31
samueldmq	amoralej: sure	16:31
dstanek	amoralej: what is it?	16:31
*** ddieterly[away] is now known as ddieterly		16:32
amoralej	i just sent a comment samueldmq	16:33
*** nisha__ has joined #openstack-keystone		16:34
samueldmq	amoralej: you're correct!	16:34
amoralej	other than that, no problem from my side, if it passess ci, i can abandone mine	16:34
*** rcernin has quit IRC		16:35
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Move auth token opts calculation into auth_token https://review.openstack.org/329091	16:35
*** rcernin has joined #openstack-keystone		16:36
samueldmq	amoralej: nice, I want to see dstanek's view on it	16:37
rodrigods	samueldmq, dstanek, amoralej worked here	16:37
*** nisha_ has quit IRC		16:37
rodrigods	think it is good as it is, let's wait for the CI	16:37
samueldmq	rodrigods: which one? patch 329091	16:38
patchbot	samueldmq: https://review.openstack.org/#/c/329091/ - keystonemiddleware - Move auth token opts calculation into auth_token	16:38
samueldmq	?	16:38
rodrigods	samueldmq, patch 328919	16:38
patchbot	rodrigods: https://review.openstack.org/#/c/328919/ - keystonemiddleware - Fix circular import in auth_token	16:38
samueldmq	dstanek: I also left 2 comments in my own patch, would like to get your view on those specific points too :)	16:38
*** pcaruana has quit IRC		16:38
samueldmq	rodrigods: CentOS ?	16:38
rodrigods	samueldmq, fedora, was able to reproduce the error on it previously	16:39
*** jaosorior has quit IRC		16:39
*** jaosorior has joined #openstack-keystone		16:39
samueldmq	rodrigods: k, do you mind to test patch 329091 too ?	16:40
patchbot	samueldmq: https://review.openstack.org/#/c/329091/ - keystonemiddleware - Move auth token opts calculation into auth_token	16:40
dstanek	amoralej: samueldmq: at this point i think either patch is fine	16:40
rodrigods	samueldmq, just a sec	16:40
openstackgerrit	Alfredo Moralejo proposed openstack/keystonemiddleware: Fix circular import in auth_token https://review.openstack.org/328919	16:40
samueldmq	dstanek: cool, I'd like to keep the OPTS definition where they're right now	16:41
samueldmq	because maybe jamielennox has a reasoning for keeping them where they are	16:41
amoralej	i'm adding an improvement but anyway, we can use the one from samueldmq	16:41
rodrigods	samueldmq, it works	16:42
samueldmq	dstanek: and I can't confirm if that's okay since jamielennox is not available :( so I'd rather be more conservative with moving the opts around	16:42
samueldmq	if that makes sense	16:42
samueldmq	rodrigods: perfect, thanks !	16:42
dstanek	samueldmq: there's no benefit to the split that i can see	16:43
*** al_loew has quit IRC		16:43
samueldmq	dstanek: we can still look at it in a followup (as it is a different issue), if you agree	16:44
samueldmq	amoralej: so, afaict ci is testing that against ubuntu nodes	16:51
samueldmq	amoralej: so testing against CentOS will require manual testing :(	16:51
amoralej	but, if i understood it right, it failed in ubuntu also, right?	16:51
samueldmq	amoralej: I wasn't able to reproduce it in ubuntu, not sure what distro dstanek is using	16:53
notmorgan	dstanek: splitting it is silly	16:53
notmorgan	lets just fix this in a more sane model	16:53
samueldmq	amoralej: rodrigods is running fedora, it was failing and now it's passing, so we should be good	16:54
samueldmq	amoralej: he confirmed it worked for him	16:54
amoralej	i reproduced it in fedora also	16:54
samueldmq	cool, we should be good	16:54
*** dobson has quit IRC		16:56
*** jaosorior has quit IRC		17:02
EmilienM	samueldmq: thanks for your really quick help	17:03
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Move auth token opts calculation into auth_token https://review.openstack.org/329091	17:03
*** ayoung has quit IRC		17:04
samueldmq	dstanek: ^ changed list_auth_token_opts to list_opts	17:04
samueldmq	rodrigods: oh, just saw you had +2+A in the meantime, could you re-apply it ?	17:05
openstackgerrit	guang-yee proposed openstack/keystoneauth: Support TOTP auth plugin https://review.openstack.org/281086	17:05
samueldmq	EmilienM: yw, glad to be able to help	17:06
rodrigods	samueldmq, just a renaming, think it is good to +A	17:06
samueldmq	rodrigods: ++	17:07
dstanek	notmorgan: there is fear about many of these things being public attributes	17:08
notmorgan	dstanek: ... why?	17:11
notmorgan	dstanek: oh wait opts or the request thing?	17:11
dstanek	notmorgan: opts	17:16
*** ayoung has joined #openstack-keystone		17:17
*** ChanServ sets mode: +v ayoung		17:17
*** darosale has joined #openstack-keystone		17:18
*** TxGVNN has quit IRC		17:18
notmorgan	dstanek: so, the fear is just that people are consuming the property	17:19
notmorgan	it is a public interface via the list method	17:20
notmorgan	and has to be	17:20
notmorgan	we want to be able to move these things as needed for $reasons$	17:20
*** ddieterly is now known as ddieterly[away]		17:20
notmorgan	as long as the list method is publically available (entry point)	17:20
dstanek	notmorgan: i think so. also samueldmq was worried that jamielennox separated the opts for some reason	17:20
notmorgan	if they end up in the main list	17:21
notmorgan	it doesn't matter	17:21
*** timcline_ has quit IRC		17:26
*** jamie_h has quit IRC		17:27
*** timcline has joined #openstack-keystone		17:27
*** julim has quit IRC		17:28
*** clenimar has joined #openstack-keystone		17:31
gyee	notmorgan, do you recall why we hardcoded InnoDB engine in our SQL scripts?	17:32
gyee	for example, https://github.com/openstack/keystone/blob/master/keystone/common/sql/migrate_repo/versions/067_kilo.py#L47	17:32
dstanek	gyee: probably because isam is crap	17:33
gyee	dstanek, yes, probably	17:35
gyee	dstanek, I was looking for an official version so I have it on record	17:35
dstanek	gyee: did you look back at the commit history?	17:36
gyee	yeah looking ...	17:36
openstackgerrit	Colleen Murphy proposed openstack/keystone: Add 'links' to implied roles response https://review.openstack.org/300195	17:39
*** pcaruana has joined #openstack-keystone		17:39
gyee	dstanek, found it, it was done by bknudson as part of https://bugs.launchpad.net/keystone/+bug/1191110	17:41
openstack	Launchpad bug 1191110 in OpenStack Identity (keystone) "Migrations may create MyISAM tables" [High,Fix released] - Assigned to Brant Knudson (blk-u)	17:41
dstanek	gyee: yeah, just found cd8fa2b0e7ca002b7621fe0e35b921154946e12b	17:42
*** henrynash_ has joined #openstack-keystone		17:42
*** ChanServ sets mode: +v henrynash_		17:42
dstanek	gyee: so i was right. isam is crap	17:42
gyee	dstanek, you da man!	17:42
*** rk4n has quit IRC		17:45
dstanek	gyee: you can quote me in your documenation :-)	17:46
bknudson	part of it is because some operating systems were still defaulting to isam	17:48
*** clenimar has quit IRC		17:49
bknudson	I'm not sure that the way we're doing this is right... maybe keystone-manage db_setup should check the db config and fail if it's incorrect	17:50
bknudson	that way we don't have to remember to put code in to handle it.	17:50
gyee	bknudson, looks like one of the tests pickup MyISAM somewhere from default	17:51
gyee	I am trying to figure out where	17:51
gyee	bknudson, this one https://github.com/openstack/keystone/blob/master/keystone/tests/unit/test_sql_upgrade.py#L1176	17:52
bknudson	it's only mysql that has myisam	17:52
bknudson	you mean there's a test that checks that everything is innodb?	17:53
gyee	I thought we have a global switch or something	17:53
gyee	instead of hardcoding it everywhere	17:54
bknudson	Not sure if there's a way to do that... would be smarter.	17:54
gyee	anyway, pdb time :-)	17:54
bknudson	gyee: what test is failing?	17:55
gyee	bknudson, https://github.com/openstack/keystone/blob/master/keystone/tests/unit/test_sql_upgrade.py#L1176	17:55
gyee	just in our local env	17:55
bknudson	all of them?	17:56
*** raddaoui has joined #openstack-keystone		17:56
gyee	bknudson, all of them	17:57
bknudson	I haven't seen that before... if it can't connect to the db it'll just skip the tests.	17:57
*** dobson has joined #openstack-keystone		17:58
gyee	sorry I need to step out for an hour for a meeting, will let you know what I found later	17:58
openstackgerrit	Colleen Murphy proposed openstack/keystone: Add 'links' to implied roles response https://review.openstack.org/300195	17:59
*** pushkaru has quit IRC		18:04
*** rk4n has joined #openstack-keystone		18:04
openstackgerrit	Ron De Rose proposed openstack/keystone: PCI-DSS Disable inactive users requirements https://review.openstack.org/328447	18:09
*** browne has joined #openstack-keystone		18:12
*** clenimar has joined #openstack-keystone		18:16
*** mwheckmann has joined #openstack-keystone		18:18
*** ddieterly[away] has quit IRC		18:20
*** sdake_ has joined #openstack-keystone		18:23
*** timcline has quit IRC		18:25
*** timcline has joined #openstack-keystone		18:25
*** lucas___ has joined #openstack-keystone		18:27
lbragstad	rderose_ thanks for hammering through the PCI patches - you've been on top of respinning those...	18:27
rderose_	lbragstad: thanks man, appreciate that :)	18:28
lbragstad	rderose_ thank you	18:28
stevemar	gyee: a few small comments here: https://review.openstack.org/#/c/281086/7	18:29
patchbot	stevemar: patch 281086 - keystoneauth - Support TOTP auth plugin	18:29
rderose_	lbragstad: feels like the patches are getting more finalized (I hope) :)	18:30
*** timcline has quit IRC		18:30
lbragstad	rderose_ i've been nit picking them like crazy - i think they are looking good	18:30
rderose_	lbragstad: cool	18:30
stevemar	rderose_: i have the fullest of intentions of looking at the PCI stuff soon!	18:32
rderose_	stevemar: appreciate that, it's good to have you back :)	18:32
*** tqtran has joined #openstack-keystone		18:35
dstanek	rderose_: i dropped some concerns about the last_auth_at patch	18:36
stevemar	rderose_: i had planned on starting at 9am today, that didn't happen	18:36
stevemar	i'll work late instead :)	18:37
rderose_	dstanek: yeah, looking at that now. your federation argument is compelling.	18:37
*** nisha__ has quit IRC		18:37
*** pushkaru has joined #openstack-keystone		18:41
*** kodoku has quit IRC		18:47
*** mvk has quit IRC		18:51
gyee	stevemar, thanks, will push another patch shortly, just got out of a meeting	18:53
*** ddieterly has joined #openstack-keystone		18:54
openstackgerrit	Colleen Murphy proposed openstack/keystoneauth: Document named kerberos plugin https://review.openstack.org/329148	18:58
dstanek	rderose_: i find myself compelling at times	18:58
openstackgerrit	guang-yee proposed openstack/keystoneauth: Support TOTP auth plugin https://review.openstack.org/281086	18:59
rderose_	dstanek: hahaha	18:59
rderose_	dstanek: yeah, stop being so dam compelling and give me some plus 2s	18:59
rderose_	dstanek: :)	18:59
dstanek	rderose_: +2s for everyone!	19:00
rderose_	dstanek: now you are talking :)	19:00
dstanek	i'd love to hear more thoughts on https://review.openstack.org/#/c/328383	19:00
*** amoralej is now known as amoralej\|off		19:01
EmilienM	samueldmq: the patch is failing CI https://review.openstack.org/#/c/329091/	19:04
patchbot	EmilienM: patch 329091 - keystonemiddleware - Move auth token opts calculation into auth_token	19:04
EmilienM	http://logs.openstack.org/91/329091/3/check/gate-tempest-dsvm-neutron-src-keystonemiddleware/8d1148d/console.html#_2016-06-13_18_55_54_769	19:04
EmilienM	samueldmq: doing recheck	19:05
*** rk4n has quit IRC		19:08
*** tqtran has quit IRC		19:11
*** timcline has joined #openstack-keystone		19:17
*** timcline has quit IRC		19:17
*** timcline has joined #openstack-keystone		19:17
*** mwheckmann has quit IRC		19:26
*** sheel has quit IRC		19:35
*** roxanaghe has quit IRC		19:39
*** gagehugo has joined #openstack-keystone		19:45
lbragstad	stevemar how come the proposal bot is being removed? https://review.openstack.org/#/c/327418/2/etc/keystone.conf.sample,unified	19:54
patchbot	lbragstad: patch 327418 - keystone - Use http_proxy_to_wsgi from oslo.middleware	19:54
*** jefrite has quit IRC		19:59
mfisch	liberty to mitaka upgrade has some issues wrt caching	19:59
mfisch	its broken for 5 minutes until stuff expires	19:59
mfisch	this is my work around during the upgrade	19:59
mfisch	while true; do echo 'flush_all' \| nc $(facter -p cirrus_network_primary_ip) 11211; sleep 3; done	19:59
mfisch	which is crappy	19:59
mfisch	will file a bug	20:00
lbragstad	mfisch sweet - thanks	20:00
mfisch	I guess grenade doesnt test with cached tokens?	20:00
lbragstad	that's a good question	20:00
*** roxanaghe has joined #openstack-keystone		20:02
*** mvk has joined #openstack-keystone		20:03
mfisch	I will try to repro again to get a clean bug too	20:03
*** sdake_ is now known as sdake		20:06
*** lucas___ has quit IRC		20:07
*** lucas___ has joined #openstack-keystone		20:07
*** lucas___ has quit IRC		20:08
*** tonytan4ever has quit IRC		20:12
*** chlong has quit IRC		20:12
openstackgerrit	Ron De Rose proposed openstack/keystone: Concrete role assignments for federated users https://review.openstack.org/284943	20:14
samueldmq	EmilienM: yeah, failure seems to be unrelated: Unable to complete operation for network c8896a77-d53b-4ec3-a75f-e67b5d56d702. The IP address 10.100.0.2 is in use.	20:15
samueldmq	EmilienM: thanks for leaving a recheck	20:15
EmilienM	yeah	20:15
EmilienM	I need it :)	20:15
samueldmq	:)	20:17
*** tqtran has joined #openstack-keystone		20:34
*** mwheckmann has joined #openstack-keystone		20:37
samueldmq	dstanek: hi	20:38
samueldmq	dstanek: about patch 328383; in your original patch 307878 , bknudson suggested to set a minversion in tox.ini	20:39
patchbot	samueldmq: https://review.openstack.org/#/c/328383/ - keystone - Add missing testresources build-requirement	20:39
patchbot	samueldmq: https://review.openstack.org/#/c/307878/ - keystone - Explicitly require testresources for tests (ABANDONED)	20:39
samueldmq	dstanek: doesn't that solve the issue ?	20:39
ayoung	gyee, did you ever write a certmonger helper for Anchor?	20:39
*** tonytan4ever has joined #openstack-keystone		20:42
*** aratus has joined #openstack-keystone		20:42
*** timcline_ has joined #openstack-keystone		20:44
openstackgerrit	Ron De Rose proposed openstack/keystone: Concrete role assignments for federated users https://review.openstack.org/284943	20:45
dstanek	samueldmq: yes it solved it for me	20:47
dstanek	samueldmq: the problem is that older distros may not be able to have the latest and greatest python packaging utilities	20:48
*** timcline has quit IRC		20:48
*** edtubill has quit IRC		20:48
*** vgridnev has joined #openstack-keystone		20:48
samueldmq	dstanek: yes, while I understand your comment in that patch, I wonder if we should start adding requirements to solve what looks to be packaging issues :(	20:48
lbragstad	rderose_ was there a fix that went in that got https://review.openstack.org/#/c/284943/53 working with Horizon?	20:49
patchbot	lbragstad: patch 284943 - keystone - Concrete role assignments for federated users	20:49
lbragstad	or was there a patch that made the OS-FEDERATION/projects API the same as /auth/projects ?	20:49
dstanek	samueldmq: sure, we could. the question is whether or not we want to carry that baggage. i have to imagine that a good number of the other openstack projects would have the same issue	20:50
gyee	ayoung, in my test env, yes, it works	20:50
*** julim has joined #openstack-keystone		20:50
gyee	ayoung, haven't had a chance to submit a devstack patch yet	20:50
*** ddieterly is now known as ddieterly[away]		20:50
rderose_	lbragstad: yeah, boris found that websso didn't work because it was using /OS-FEDERATION/projects api instead of auth/projects api	20:53
rderose_	lbragstad: the latest patch fixes /OS-FEDERATION api, so that it matches /auth api	20:55
lbragstad	rderose_ Horizon didn't work because python-keystoneclient was using the deprecated API right? But someone mentioned fixing the deprecated API to make it so that it behaves the same as the auth/projects/ API, do we know if that happened het	20:55
lbragstad	yet*	20:55
lbragstad	oh - sweet	20:55
*** clenimar has quit IRC		20:55
*** vgridnev has quit IRC		20:55
openstackgerrit	Colleen Murphy proposed openstack/keystone: Add 'links' to implied roles response https://review.openstack.org/300195	20:56
rderose_	lbragstad: yeah, I think this fix will fix API and client	20:56
*** pauloewerton has quit IRC		20:57
lbragstad	rderose_ awesome	20:57
ayoung	gyee, can you post the helper code as a standalone repo, or share it somehow?	20:59
*** ericksonsantos has quit IRC		20:59
gyee	ayoung, let me mail it to you, its pretty simple	20:59
ayoung	gyee, thanks	21:00
*** raildo is now known as raildo-afk		21:02
*** rderose has joined #openstack-keystone		21:02
*** rderose_ has quit IRC		21:04
*** rderose_ has joined #openstack-keystone		21:05
*** adrian_otto has quit IRC		21:07
*** rderose has quit IRC		21:08
stevemar	lbragstad: turns out no one liked it, too much churn and we already post a new version after every patch here: http://docs.openstack.org/developer/keystone/sample_config.html	21:09
*** edtubill has joined #openstack-keystone		21:11
dstanek	samueldmq: i'm on the fence with that debug log patch	21:12
dstanek	i see the arguments to keep it as week as the information is already logged by the webserver	21:13
dstanek	maybe a better solution would be taking some of the exsting info messages and make them warning so that it's easier to turn off wsgi logging	21:13
openstackgerrit	Colleen Murphy proposed openstack/keystone: Add 'links' to implied roles response https://review.openstack.org/300195	21:14
dstanek	also i have no skin in this game. it just seems dumb to log the same thing in multple places	21:14
*** ddieterly[away] is now known as ddieterly		21:18
*** gagehugo has quit IRC		21:22
samueldmq	dstanek: yeah I agree. that is a big change in logs, I don't feel confident on saying it's better or worst	21:26
samueldmq	dstanek: would like ot hear from others with operators xp. as you said, I'm on the fence too :)	21:27
*** vgridnev has joined #openstack-keystone		21:28
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone: Add 'links' to implied roles response https://review.openstack.org/300195	21:28
samueldmq	crinkle: ^	21:28
crinkle	samueldmq: ah you beat me	21:29
samueldmq	crinkle: sorry, I couldn't resist, the change was too simple :-)	21:30
openstackgerrit	Lance Bragstad proposed openstack/python-keystoneclient: Use /v3/auth/projects and /v3/auth/domains https://review.openstack.org/329193	21:31
*** edtubill has quit IRC		21:33
*** julim has quit IRC		21:33
mfisch	lbragstad: confirmed: https://bugs.launchpad.net/keystone/+bug/1592169	21:40
openstack	Launchpad bug 1592169 in OpenStack Identity (keystone) "liberty to mitaka upgrade (stable) has broken caching" [Undecided,New]	21:40
*** edtubill has joined #openstack-keystone		21:40
mfisch	retitled	21:40
mfisch	"cached tokens break liberty to Mitaka upgrade Edit"	21:40
dstanek	crinkle: samueldmq: did that link get fixed?	21:42
lbragstad	mfisch i take it this is only applicable to fernet tokens?	21:42
mfisch	unsure	21:42
mfisch	let me note that	21:42
*** adrian_otto has joined #openstack-keystone		21:42
lbragstad	mfisch but you did only recreate this with fernet token yeah?	21:42
mfisch	It takes me about 1 hour to setup	21:42
mfisch	yeah	21:42
mfisch	noted in bug	21:42
mfisch	but I think a cached L token can't be read by M code	21:43
mfisch	I think thats the bug	21:43
dstanek	lbragstad: mfisch: caching often messed up upgrades. you're caching an older version of the data	21:43
mfisch	M code is like "I dont understand this format"	21:43
*** edtubill has quit IRC		21:43
dstanek	s/messed/messes/	21:43
mfisch	dstanek: so invalidate, don't fail to issue tokens	21:43
mfisch	no tokens issue until all the cache is invalidated	21:43
mfisch	I dont expect the caching to work over the upgrade, but I expect it to deal with old data in there	21:43
dstanek	mfisch: in an app i used to work on our deployment process should turn off caching during the upgrade	21:44
mfisch	well let me be clear that this is new	21:44
mfisch	new for M anyway	21:44
dstanek	at AGI I think we were just pretty good about making sure the data was backward and forward compatible	21:44
mfisch	I'm going to just flush the cache every 3 seconds while the deploy	21:44
dstanek	mfisch: just turn off memcached during the deploy	21:45
mfisch	maybe the cache needs to include a keystone version	21:45
crinkle	dstanek: yes i fixed it	21:46
clayton	well, or keystone could just embed a data version in the key, and bump the version when the cache schema changes	21:47
*** dmk0202 has joined #openstack-keystone		21:47
mfisch	while true; flush ftw	21:48
*** rcernin has quit IRC		21:48
clayton	that seems easier than complicating the upgrade for every operator that ever upgrades.	21:48
dstanek	clayton: mfisch: not that easy. you'll have potentially 2 different versions running simultaneously. so changes may not seem to take effect between requests.	21:50
clayton	you can't really have two versions running at the same time due to db schema changes.	21:50
dstanek	clayton: you can. and that's the goal full live upgrades	21:51
clayton	not there yet.	21:51
clayton	whereas we do have memcache problems today	21:51
dstanek	clayton: but a bandaid that won't work isn't a good solution	21:51
*** edtubill has joined #openstack-keystone		21:51
clayton	neither is turning off memcached or flushing it constantly during the upgrade	21:52
mfisch	I wonder if the control node memcache will also need to be flushed out	21:52
mfisch	probably	21:52
clayton	if you want to put versioned objects into memcached, I suppose that's fine, but it seems like a lot of work in the short term	21:52
dstanek	i don't think a version really helps you here	21:53
mfisch	I need to commute but will catch up tonight	21:54
dstanek	imagine a user that hits the old version of keystone an updates a project name. then they see the project in horizon when horizon hits a new instance. they will be left to wonder why their change didn't take	21:55
dstanek	or the token cache	21:55
*** rderose_ has quit IRC		21:59
*** edtubill has quit IRC		22:00
openstackgerrit	Merged openstack/keystonemiddleware: Move auth token opts calculation into auth_token https://review.openstack.org/329091	22:02
*** henrynash_ has quit IRC		22:02
*** hoonetorg has quit IRC		22:05
*** edmondsw has quit IRC		22:07
*** hoonetorg has joined #openstack-keystone		22:08
*** ddieterly has quit IRC		22:10
*** aratus1 has joined #openstack-keystone		22:10
*** henrynash_ has joined #openstack-keystone		22:11
*** ChanServ sets mode: +v henrynash_		22:11
*** aratus has quit IRC		22:11
*** edtubill has joined #openstack-keystone		22:14
rodrigods	lbragstad, ping... re: service providers cache	22:15
lbragstad	rodrigods o/	22:15
rodrigods	lbragstad, something is wrong	22:15
rodrigods	:(	22:15
lbragstad	did it break something?	22:16
rodrigods	http://logs.openstack.org/02/303502/15/gate/gate-keystone-dsvm-functional/1904c01/console.html	22:16
rodrigods	lbragstad, check the test: https://review.openstack.org/#/c/303502/15/keystone_tempest_plugin/tests/api/identity/v3/test_service_providers.py	22:16
patchbot	rodrigods: patch 303502 - keystone - Add service providers integration tests	22:16
rodrigods	line 185	22:16
rodrigods	the service providers are not being returned to the token	22:17
lbragstad	rodrigods https://review.openstack.org/#/c/325417/ wouldn't have anything to do with it would it?	22:17
patchbot	lbragstad: patch 325417 - keystone - Add cache invalidation for service providers	22:17
rodrigods	lbragstad, hmm let me try the tests with that patch	22:17
rodrigods	lbragstad, same error =(	22:19
*** edtubill has quit IRC		22:20
lbragstad	so the service providers that are added aren't being returned in the token response?	22:20
*** edtubill has joined #openstack-keystone		22:20
rodrigods	lbragstad, yeah	22:20
*** chlong has joined #openstack-keystone		22:21
*** darosale has quit IRC		22:22
*** tonytan4ever has quit IRC		22:23
*** edtubill has quit IRC		22:23
*** edtubill has joined #openstack-keystone		22:24
*** gordc has quit IRC		22:24
lbragstad	rodrigods hmm - let me see if i can poke at it a bit	22:25
lbragstad	technically that cache should be getting invalidated	22:25
rodrigods	lbragstad, ooops, my bad	22:25
rodrigods	didn't reinstall keystone after download the patch	22:25
*** edtubill has quit IRC		22:25
lbragstad	lol	22:25
rodrigods	it works actually	22:25
lbragstad	nice	22:25
rodrigods	so we just need to fix the tests	22:25
rodrigods	as per samueldmq comments	22:25
rodrigods	and the service providers tests can land after that	22:26
lbragstad	rodrigods yep - i can work on respinning that patch	22:26
rodrigods	thanks lbragstad	22:26
lbragstad	rodrigods no problem - thanks for adding the functional tests	22:26
rodrigods	np, ping me once you have a new patchset there :)	22:27
*** ayoung has quit IRC		22:27
lbragstad	rodrigods will do	22:27
*** edtubill has joined #openstack-keystone		22:30
openstackgerrit	Merged openstack/keystoneauth: Support TOTP auth plugin https://review.openstack.org/281086	22:38
*** edtubill has quit IRC		22:41
*** rk4n has joined #openstack-keystone		22:42
*** pushkaru has quit IRC		22:42
*** dave-mccowan has quit IRC		22:47
*** timcline_ has quit IRC		22:49
*** timcline has joined #openstack-keystone		22:50
*** dmk0202 has quit IRC		22:52
*** dave-mccowan has joined #openstack-keystone		22:52
*** timcline has quit IRC		22:55
*** adrian_otto has quit IRC		22:59
*** adrian_otto has joined #openstack-keystone		22:59
*** edtubill has joined #openstack-keystone		23:04
*** henrynash_ has quit IRC		23:07
*** edtubill has quit IRC		23:09
*** edtubill has joined #openstack-keystone		23:10
*** mwheckmann has quit IRC		23:18
*** pushkaru has joined #openstack-keystone		23:23
*** iurygregory_ has joined #openstack-keystone		23:25
*** phalmos has quit IRC		23:27
*** edtubill has quit IRC		23:32
*** r-daneel has quit IRC		23:33
*** ayoung has joined #openstack-keystone		23:33
*** ChanServ sets mode: +v ayoung		23:33
*** aratus1 has quit IRC		23:46
*** rk4n has quit IRC		23:46
samueldmq	dstanek: sorry I was afk, yes the link got fixed; now it matches the API spec with GET /roles/{prior_role_id}/implies	23:47
samueldmq	dstanek: for listing the implied roles of a given role	23:47
samueldmq	EmilienM: it got merged :)	23:50
samueldmq	o/	23:50
*** aratus has joined #openstack-keystone		23:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!