Wednesday, 2016-08-10

« Tuesday, 2016-08-09 Index Thursday, 2016-08-11 »
*** shaleh has quit IRC00:00
*** jistr has quit IRC00:00
*** jistr has joined #openstack-keystone00:01
*** spzala has quit IRC00:02
*** spzala has joined #openstack-keystone00:02
*** spzala has quit IRC00:02
*** spzala has joined #openstack-keystone00:03
*** spzala has quit IRC00:03
*** tonytan4ever has quit IRC00:22
*** mrhillsman is now known as mrhillsman_00:24
*** mrhillsman_ is now known as mrhillsman_Away00:24
*** iurygregory_ has joined #openstack-keystone00:26
*** spzala has joined #openstack-keystone00:33
*** guoshan has joined #openstack-keystone00:36
*** esp has quit IRC00:37
*** tonytan4ever has joined #openstack-keystone00:48
*** code-R has quit IRC00:57
openstackgerritMerged openstack/keystone: Updated from global requirements  https://review.openstack.org/35198800:58
*** sdake has joined #openstack-keystone00:59
*** code-R has joined #openstack-keystone01:01
*** guoshan has quit IRC01:04
*** guoshan has joined #openstack-keystone01:24
*** richm has quit IRC01:28
*** spzala has quit IRC01:42
*** EinstCrazy has joined #openstack-keystone01:45
*** davechen has joined #openstack-keystone01:46
*** mrhillsman_Away is now known as mrhillsman01:50
*** Gorian has joined #openstack-keystone01:50
openstackgerritLi Yingjun proposed openstack/keystone: Document get auth/catalog,projects,domains  https://review.openstack.org/35268901:59
*** ravelar has joined #openstack-keystone02:08
*** ayoung has quit IRC02:11
*** ravelar has quit IRC02:13
*** rreimberg has joined #openstack-keystone02:14
*** rreimberg has quit IRC02:16
*** rreimberg has joined #openstack-keystone02:17
*** guoshan has quit IRC02:25
*** guoshan has joined #openstack-keystone02:25
*** jorge_munoz has quit IRC02:28
openstackgerritMerged openstack/keystone: api-ref: Add missing parameter tables to tenant  https://review.openstack.org/35298002:29
*** guoshan has quit IRC02:29
openstackgerritMerged openstack/keystone: api-ref: Add "nocatalog" option to GET /v3/auth/tokens  https://review.openstack.org/35271802:29
*** guoshan has joined #openstack-keystone02:33
openstackgerritTin Lam proposed openstack/keystone: api-ref: Add query options to GET /projects API documentation  https://review.openstack.org/35270802:38
*** jorge_munoz has joined #openstack-keystone02:54
*** gyee has quit IRC02:57
*** woodster_ has quit IRC03:09
*** tonytan4ever has quit IRC03:14
*** sdake has quit IRC03:17
*** browne has quit IRC03:27
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 Domain config APIs  https://review.openstack.org/35226003:28
*** iurygregory_ has quit IRC03:30
*** code-R has quit IRC03:30
*** julim has quit IRC03:30
*** code-R has joined #openstack-keystone03:31
*** spzala has joined #openstack-keystone03:43
*** spzala has quit IRC03:48
*** links has joined #openstack-keystone04:01
*** dikonoor has joined #openstack-keystone04:02
*** jlk has quit IRC04:04
*** jlk has joined #openstack-keystone04:04
*** jlk has joined #openstack-keystone04:04
*** guoshan has quit IRC04:11
*** rkrum has joined #openstack-keystone04:13
*** tonytan4ever has joined #openstack-keystone04:15
*** tsufiev has quit IRC04:18
*** tsufiev has joined #openstack-keystone04:18
*** tonytan4ever has quit IRC04:20
*** permalac has quit IRC04:25
*** permalac has joined #openstack-keystone04:26
*** roxanaghe has joined #openstack-keystone04:27
*** EinstCrazy has quit IRC04:33
*** EinstCrazy has joined #openstack-keystone04:34
*** roxanaghe has quit IRC04:51
*** jaosorior has joined #openstack-keystone04:55
*** guoshan has joined #openstack-keystone04:58
*** adrian_otto has joined #openstack-keystone04:59
*** pcaruana has quit IRC05:01
*** emccormickva has joined #openstack-keystone05:01
*** guoshan has quit IRC05:02
*** emccormick has quit IRC05:04
*** rreimberg has quit IRC05:06
*** jorge_munoz_ has joined #openstack-keystone05:09
*** ravelar has joined #openstack-keystone05:10
*** jorge_munoz has quit IRC05:10
*** jorge_munoz_ is now known as jorge_munoz05:10
*** ravelar has quit IRC05:15
*** roxanaghe has joined #openstack-keystone05:17
-openstackstatus- NOTICE: zuul is being restarted to reload configuration. Jobs should be re-enqueued but if you're missing anything (and it's not on http://status.openstack.org/zuul/) please issue a recheck in 30min.05:24
*** Trident has quit IRC05:25
*** roxanaghe has quit IRC05:35
*** code-R has quit IRC05:35
*** code-R has joined #openstack-keystone05:36
*** guoshan has joined #openstack-keystone05:52
*** guoshan has quit IRC05:57
bretonrodrigods: morning! Nope.06:02
*** rcernin has joined #openstack-keystone06:04
*** code-R has quit IRC06:08
*** code-R has joined #openstack-keystone06:12
*** guoshan has joined #openstack-keystone06:18
*** agireud has quit IRC06:34
*** jorge_munoz has quit IRC06:34
*** pgbridge has quit IRC06:36
*** adriant has quit IRC06:39
*** agireud has joined #openstack-keystone06:40
*** spzala has joined #openstack-keystone06:43
*** agireud has quit IRC06:44
*** code-R_ has joined #openstack-keystone06:44
*** tesseract- has joined #openstack-keystone06:44
*** code-R has quit IRC06:46
*** spzala has quit IRC06:47
*** agireud has joined #openstack-keystone06:48
stevemarbreton: morning06:52
*** adrian_otto has quit IRC06:54
*** adrian_otto has joined #openstack-keystone06:57
openstackgerrityuyafei proposed openstack/python-keystoneclient: Add __ne__ built-in function  https://review.openstack.org/33743507:01
*** agireud has quit IRC07:06
*** rkrum has quit IRC07:06
*** adrian_otto has quit IRC07:11
*** jpena|off is now known as jpena07:16
*** jistr has quit IRC07:18
*** crinkle has quit IRC07:19
*** crinkle has joined #openstack-keystone07:21
*** code-R has joined #openstack-keystone07:23
*** code-R_ has quit IRC07:23
*** pcaruana has joined #openstack-keystone07:24
*** agireud has joined #openstack-keystone07:24
*** jistr has joined #openstack-keystone07:25
*** ktychkova has joined #openstack-keystone07:27
*** danpawlik has joined #openstack-keystone07:27
jaosoriorIs there support already for changing a domain's configuration via the OpenStack CLI? http://developer.openstack.org/api-ref/identity/v3/index.html#domain-configuration07:35
jaosoriorHey stevemar, still awake? how's it going?07:36
openstackgerritDave Chen proposed openstack/keystone: POC: This is the POC to support rolling upgrade without status  https://review.openstack.org/35328907:41
*** jorge_munoz has joined #openstack-keystone07:42
*** agireud has quit IRC07:46
*** jorge_munoz has quit IRC07:50
*** agireud has joined #openstack-keystone07:50
*** Trident has joined #openstack-keystone07:52
*** Trident has quit IRC07:54
*** agireud has quit IRC07:55
*** Trident has joined #openstack-keystone07:55
*** agireud has joined #openstack-keystone07:57
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** agireud has quit IRC08:02
*** guoshan has quit IRC08:05
*** agireud has joined #openstack-keystone08:09
*** EinstCrazy has quit IRC08:09
*** guoshan has joined #openstack-keystone08:10
*** Trident has quit IRC08:11
*** EinstCrazy has joined #openstack-keystone08:11
*** agireud has quit IRC08:13
*** agireud has joined #openstack-keystone08:16
*** openstackgerrit has quit IRC08:18
*** openstackgerrit has joined #openstack-keystone08:18
*** agireud has quit IRC08:19
*** Trident has joined #openstack-keystone08:23
*** amoralej|off is now known as amoralej08:26
*** agireud has joined #openstack-keystone08:28
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 Domain config APIs  https://review.openstack.org/35226008:37
*** guoshan has quit IRC08:39
*** agireud has quit IRC08:39
*** permalac has quit IRC08:40
*** guoshan has joined #openstack-keystone08:42
*** davechen has left #openstack-keystone08:42
*** agireud has joined #openstack-keystone08:42
*** NishaYadav has joined #openstack-keystone08:48
*** NishaYadav is now known as Guest7063508:48
*** ntpttr has quit IRC08:51
openstackgerritAlexander Makarov proposed openstack/keystone: Pre-cache new tokens  https://review.openstack.org/30914608:57
*** ntpttr has joined #openstack-keystone08:58
*** agireud has quit IRC09:01
*** jed56 has joined #openstack-keystone09:03
*** agireud has joined #openstack-keystone09:05
* breton took eu-tz shift09:09
*** ravelar has joined #openstack-keystone09:12
*** ravelar has quit IRC09:16
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331409:21
*** agireud has quit IRC09:25
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 Authentication APIs  https://review.openstack.org/35229109:26
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331409:31
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 Authentication APIs  https://review.openstack.org/35229109:32
*** agireud has joined #openstack-keystone09:37
*** dkehn_ has quit IRC09:38
*** wangqun has joined #openstack-keystone09:42
*** agireud has quit IRC09:42
wangqunHi all, I have a question about keystone_paste.int . Can it have the parameter like the following in order to make it more flexible?09:44
wangqun{% if not disable_admin_token_auth%}09:44
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 Policies APIs  https://review.openstack.org/35163609:44
wangqun[filter:admin_token_auth]09:44
wangqunpaste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory09:44
wangqun{% endif %}09:45
wangqunCan any one expain this issue?09:45
wangqunIs is OK?09:46
*** Trident has quit IRC09:46
*** Trident has joined #openstack-keystone09:47
*** sdake has joined #openstack-keystone09:47
wangqunping stevemar09:47
*** agireud has joined #openstack-keystone09:49
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 Credentials APIs  https://review.openstack.org/35268309:50
*** dkehn_ has joined #openstack-keystone09:51
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting V3 OS-INHERIT APIs  https://review.openstack.org/35269009:56
*** guoshan has quit IRC10:02
*** guoshan has joined #openstack-keystone10:02
amakarovdolphm, hi! Are you here?10:04
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
*** mnikolaenko_ has joined #openstack-keystone10:12
*** guoshan has quit IRC10:16
*** rkrum has joined #openstack-keystone10:23
*** EinstCrazy has quit IRC10:30
*** Trident has quit IRC10:30
*** spzala has joined #openstack-keystone10:44
bretonwangqun: i think it's not possible10:44
bretonwangqun: you need to do it in your ansible/puppet10:44
*** spzala has quit IRC10:48
*** permalac has joined #openstack-keystone10:53
*** guoshan has joined #openstack-keystone11:07
*** Anticime1 is now known as Anticimex11:10
*** guoshan has quit IRC11:11
*** dkehn_ has quit IRC11:22
*** jaosorior has quit IRC11:28
*** jaosorior has joined #openstack-keystone11:29
*** mvk has quit IRC11:30
*** jaosorior has quit IRC11:33
*** jaosorior has joined #openstack-keystone11:33
*** wangqun has quit IRC11:34
*** dkehn_ has joined #openstack-keystone11:35
*** rkrum has quit IRC11:43
*** sdake has quit IRC11:51
*** sdake has joined #openstack-keystone11:51
*** BlackDex has quit IRC11:56
*** sdake_ has joined #openstack-keystone11:56
*** jpena is now known as jpena|lunch11:57
*** NishaYadav has joined #openstack-keystone11:57
*** NishaYadav has quit IRC11:57
*** sdake has quit IRC11:59
*** guoshan has joined #openstack-keystone12:00
*** links has quit IRC12:01
*** mvk has joined #openstack-keystone12:05
openstackgerritMerged openstack/keystone: api-ref: Correcting V3 Services APIs  https://review.openstack.org/35159812:20
samueldmqmorning keystone12:20
henrynashmornin'12:20
*** pauloewerton has joined #openstack-keystone12:21
jaosoriorsamueldmq, henrynash: Do you guys know if there is support already for changing a domain's configuration via the OpenStack CLI? http://developer.openstack.org/api-ref/identity/v3/index.html#domain-configuration12:22
samueldmqjaosorior: I don't think we support it yet.. I can't find it in http://docs.openstack.org/developer/python-openstackclient/command-list.html12:23
bretonjaosorior: looks like it's not yet supported12:24
jaosorioralright, thanks12:24
henrynashjaosorior: hi...I have some patches I am working on for this...but they aer not in yet12:31
jaosoriorI see12:35
*** richm has joined #openstack-keystone12:35
*** woodster_ has joined #openstack-keystone12:36
*** guoshan has quit IRC12:38
*** gordc has joined #openstack-keystone12:41
*** amoralej is now known as amoralej|lunch12:51
*** edmondsw has joined #openstack-keystone13:00
*** Ephur has joined #openstack-keystone13:00
*** bill_az has joined #openstack-keystone13:00
*** spzala_ has joined #openstack-keystone13:08
*** andreykurilin has joined #openstack-keystone13:09
andreykurilinhi everyone! Can someone from keystone-cores look at change to global-requirements related to keystoneclient?13:10
andreykurilinhttps://review.openstack.org/35346113:11
samueldmqandreykurilin: what change?13:11
andreykurilinsamueldmq: https://review.openstack.org/35346113:11
samueldmqandreykurilin: done, I've also added stevemar to that so we can get his feedback13:15
*** jpena|lunch is now known as jpena13:15
andreykurilinsamueldmq: thanks13:15
samueldmqnp13:16
andreykurilinsamueldmq: btw, if you have a bit free time, I'll be very happy if you review patch related to novaclient+keystone session https://review.openstack.org/#/c/304035/13:16
patchbotandreykurilin: patch 304035 - python-novaclient - Create keystone session instance if possible13:16
*** sdake_ is now known as sdake13:18
samueldmqandreykurilin: will do later today13:18
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Create unit tests for endpoint policy drivers  https://review.openstack.org/21200613:18
openstackgerritJiong Liu proposed openstack/keystone: Use international logging message  https://review.openstack.org/35346813:18
andreykurilinsamueldmq: thanks. If I have + from keystone cores, it will be easier to get final +2 from nova folks:)13:20
*** tonytan4ever has joined #openstack-keystone13:21
openstackgerritJiong Liu proposed openstack/keystone: Use international logging message  https://review.openstack.org/35346813:22
*** harlowja has quit IRC13:23
*** julim has joined #openstack-keystone13:24
*** woodburn has quit IRC13:26
samueldmqandreykurilin: ok. I think stevemar and jamielennox|away  are more familiar with the session code than I do13:26
samueldmqandreykurilin: but I can take a look13:26
samueldmqthanks13:26
*** dikonoor has quit IRC13:33
*** ametts has joined #openstack-keystone13:36
*** amoralej|lunch is now known as amoralej13:44
*** woodburn has joined #openstack-keystone13:45
*** rkrum has joined #openstack-keystone13:47
*** ayoung has joined #openstack-keystone13:53
*** ChanServ sets mode: +v ayoung13:54
*** rodrigods has quit IRC13:56
*** rodrigods has joined #openstack-keystone13:56
*** Ephur has quit IRC13:57
*** asettle has joined #openstack-keystone14:06
*** catintheroof has joined #openstack-keystone14:09
*** edtubill has joined #openstack-keystone14:12
*** rkrum has quit IRC14:15
*** emccormickva has left #openstack-keystone14:15
*** ravelar has joined #openstack-keystone14:18
*** asettle has quit IRC14:19
*** asettle has joined #openstack-keystone14:20
bknudsonoslo.config added support for tagging options as "advanced" -- someone should look into use in keystone.14:23
*** ravelar has quit IRC14:24
bknudsonhttp://docs.openstack.org/developer/oslo.config/cfg.html#advanced-option14:25
bretonbknudson: cool14:32
*** ravelar has joined #openstack-keystone14:37
*** adrian_otto has joined #openstack-keystone14:38
*** dkehn_ has quit IRC14:43
dolphmhenrynash: o/ morning14:49
dolphmamakarov: o/14:49
*** d34dh0r531234123 is now known as d34dh0r5314:51
*** martinus__ has joined #openstack-keystone14:51
*** code-R_ has joined #openstack-keystone14:52
amakarovdolphm, looks like I've run into cache invalidation problem: if token was validated, all tests with disabling/deleting users are failing. I assume, it's a trade-off people agree with, so will it be fair if I change tests so that token caching will be disabled for them?14:52
amakarovdolphm, https://review.openstack.org/#/c/309146/14:52
patchbotamakarov: patch 309146 - keystone - Pre-cache new tokens14:52
dolphmdstanek: lbragstad: sounds like what you're working on? ^14:52
lbragstadamakarov yeah - that sounds familiar14:53
lbragstadamakarov what test are you seeing that with?14:53
amakarovlbragstad, right now I focus on test_v3_auth14:53
*** code-R has quit IRC14:54
amakarovlbragstad, problems are with trust tests - those with deleting/disabling users14:54
*** dkehn_ has joined #openstack-keystone14:55
*** adrian_otto has quit IRC14:57
*** ezpz has joined #openstack-keystone14:58
*** spedione|AWAY is now known as spedione14:58
*** Gorian_ has joined #openstack-keystone15:00
*** adrian_otto has joined #openstack-keystone15:00
*** thebloggu has joined #openstack-keystone15:00
dolphmamakarov: we're in the middle of a meeting - but that sounds like an issue we were just talking about. let us get back to you in a bit.15:01
*** ayoung has quit IRC15:01
*** d0ugal has quit IRC15:01
amakarovdolphm, I'll be here15:01
bknudsonamakarov: please don't disable token caching in the tests since this is how real deployments run.15:02
bknudsonif the test needs the token to be uncached, then there should be a way to simulate flushing a token from the cache.15:02
amakarovbknudson, then we need to capture user operation and invalidate token cache region15:03
amakarovbknudson, it's a hack too. I'd say even more dirty then just disable caching for test :)15:04
*** sdake_ has joined #openstack-keystone15:04
bknudsonit's possible the test is incorrect, or that the keystone behavior is incorrect.15:04
*** LamT_ has joined #openstack-keystone15:05
*** Gorian_ has quit IRC15:05
*** Gorian_ has joined #openstack-keystone15:05
amakarovbknudson, current tests are incorrect then. We can issue a token, validate it, disable user, validate token and it will be valid15:06
amakaroveven with it's user disabled15:06
bknudsonI thought disabling a user would invalidate the user tokens15:06
bknudsonwe're not even dealing with multi-process cache in the unit tests, so this isn't even the hard case.15:07
*** sdake has quit IRC15:07
theblogguI have an openstack keystone server with the v2 and v3 API. I want to create a role that can list endpoints and I configured the policy.json accordingly but found out that the identity:list_endpoints target only maps to v3. if I make a request to the v2 API the keystone client tries to use the v2 Admin API (v2.0/endpoints). What's the policy target for those?15:07
bknudsondisabling user should flush all user info from the cache, and validate token should always check the user.15:08
amakarovthebloggu, v2 api doesn't support policies15:08
theblogguamakarov: so, if I'm currently using v2 what are my options to allow a specific role to list endpoints? do I have to migrate to v3?15:09
*** Gorian_ has quit IRC15:09
amakarovbknudson, yes, if token validation result wasn't memoized right before that15:09
*** Gorian_ has joined #openstack-keystone15:09
bknudsonamakarov: right... was looking at this not too long ago and I think the token is checked right away... complicated.15:10
amakarovthebloggu, v3 is currently the recommended api version for keystone. v2.0 is passing away15:10
amakarovbknudson, we can do that using notifications15:11
*** Gorian_ has quit IRC15:11
bknudsonamakarov: mock it up and let's see what it looks like!15:11
*** Gorian_ has joined #openstack-keystone15:11
* amakarov thinks about code and spaghetti...15:11
*** david-lyle has quit IRC15:12
amakarovbknudson, what exactly do you want me to mock up?15:12
bknudsonamakarov: you were saying that notifications could be used ...15:12
*** ayoung has joined #openstack-keystone15:12
*** ChanServ sets mode: +v ayoung15:12
*** david-lyle has joined #openstack-keystone15:12
amakarovbknudson, ... provided we add them to identity api operations15:13
amakarovcurrently update_user is silent15:14
*** Gorian_ has quit IRC15:14
bknudsonwhat would the update_user notification do/15:14
bknudson?15:14
*** Gorian_ has joined #openstack-keystone15:14
amakarovbknudson, it will notify user is changed. disabled, for instance15:15
bknudsonwhat would listen to the update_user notification and what would it do?15:15
theblogguamakarov: I know and we use v3 for the most part but we still support v2 for now and I would like to allow some type of users to list endpoints. is this possible (without policies for example)?15:16
*** Gorian_ has quit IRC15:16
*** Gorian_ has joined #openstack-keystone15:16
*** Gorian_ has quit IRC15:17
*** Gorian_ has joined #openstack-keystone15:17
amakarovthebloggu, v2.0 code check roles this way: "is it an admin?" And it's hard-coded15:18
bknudsonalso, this is a little strange because we really only want to check the user status if the token ID hits. If the token ID misses then no need to check the user.15:18
amakarovbknudson, listener in token module. The simplest action - invalidate token cache region15:19
bknudsonshould be like @MEMOIZE(on_hit=validate_user) -- where validate_user is a function that validates the user of the token.15:19
bknudsonamakarov: so invalidate all tokens when a user is disabled?15:20
*** pgbridge has joined #openstack-keystone15:20
*** Gorian_ has quit IRC15:21
amakarovbknudson, no - just cache region, so that old tokens vill be actually validated and cached anew on the next validation attempt15:21
*** Gorian_ has joined #openstack-keystone15:21
amakarovso tokens are valid15:21
amakarovjust the cache is purged15:21
bknudsonsorry, "invalidate" has different meanings.15:21
bknudsonamakarov: I'm fine with flushing token cache region on user update, since it's fixing a bug.15:22
*** jrist has quit IRC15:22
theblogguamakarov: ok, thank you for your help. I guess we'll need to use v3 for those cases then15:22
amakarovbknudson, got it. I think it should be a separate patch...15:22
bknudsonamakarov: yes, please.15:23
amakarovand a bug15:23
*** jrist has joined #openstack-keystone15:23
*** Gorian_ has quit IRC15:25
*** haplo37__ has joined #openstack-keystone15:29
*** adrian_otto has quit IRC15:31
*** pgbridge has quit IRC15:31
*** itisha has joined #openstack-keystone15:32
amakarovbknudson, lbragstad would you mind give this fix a push? https://review.openstack.org/#/c/352343/15:34
patchbotamakarov: patch 352343 - keystoneauth - add status code 308 to _REDIRECT_STATUSES15:34
bknudsonamakarov: lgtm.15:36
theblogguamakarov: I'm developing a service that uses openstack swift and openstack keystone for auth. I would like to use the http swift endpoint for some requests and the https for others. I initially thought the service catalog from keystone would help but I couldn't get more than 1 endpoint from it for each service (at least with the python libraries). So I started using the API in keystone to list endpoints and filter those I needed. But as you tol15:36
thebloggud me I can't use v2 to list endpoints (I'll have multiple users in keystone that my service will use and I can't obviously use the admin user). I now need to now what my options are: was my first choice (using the list endpoints API from keystone) the best choice? should I use v3 only? and what's the most common way of dealing with multiple endpoints for a service?15:36
bknudsonamakarov: do you need this in a release? If so, I've already got a release request: https://review.openstack.org/#/c/353548/ .15:37
patchbotbknudson: patch 353548 - releases - keystoneauth 2.11.115:37
bknudsonso if this merges, go ahead and update https://review.openstack.org/#/c/353548/15:37
patchbotbknudson: patch 353548 - releases - keystoneauth 2.11.115:37
*** code-R_ has quit IRC15:38
amakarovbknudson, ok, will keep in mind15:38
*** gyee has joined #openstack-keystone15:41
*** diazjf has joined #openstack-keystone15:41
*** sdake has joined #openstack-keystone15:45
*** pgbridge has joined #openstack-keystone15:46
*** sdake_ has quit IRC15:48
*** code-R has joined #openstack-keystone15:49
*** danpawlik has quit IRC15:50
*** dikonoor has joined #openstack-keystone15:53
*** jpena is now known as jpena|away15:56
*** code-R has quit IRC16:00
*** rcernin has quit IRC16:01
*** KevinE has joined #openstack-keystone16:04
amakarovbknudson, hmm, on the current master my case is no longer valid - cached tokens handled correctly16:05
bknudsonamakarov: wow.16:05
bknudsonhow's that? It checks the user after validating the token?16:06
amakarovbknudson, I'll rebase my patch and try it out too16:07
openstackgerritAlexander Makarov proposed openstack/keystone: Pre-cache new tokens  https://review.openstack.org/30914616:07
*** roxanaghe has joined #openstack-keystone16:08
stevemarjaosorior: definitely not in yet16:14
jaosoriorstevemar: thanks, I just checked :(16:15
jaosoriorstevemar: Wanted to add support for it in puppet16:15
*** code-R has joined #openstack-keystone16:17
stevemarjaosorior: https://review.openstack.org/#/c/168089/16:17
patchbotstevemar: patch 168089 - python-keystoneclient - Support domain-specific configuration management16:17
stevemarneeds to land in KSC before it can land in OSC16:17
*** code-R has quit IRC16:17
jaosoriorthat looks quite red16:17
*** code-R has joined #openstack-keystone16:17
*** tonytan_brb has joined #openstack-keystone16:21
openstackgerritDavid Stanek proposed openstack/keystone: WIP: region namespace POC for cache invalidation  https://review.openstack.org/34970416:22
stevemarjaosorior: it hasn't been picked up in a while :(16:23
dstanekamakarov: our caching is problematic16:23
*** tonytan4ever has quit IRC16:24
*** raildo has joined #openstack-keystone16:25
*** pcaruana has quit IRC16:29
*** jaosorior has quit IRC16:29
*** esp has joined #openstack-keystone16:30
dstanekbknudson: it turns out that once i fixed region invalidation that a few of our tests failed ^16:33
*** Ephur has joined #openstack-keystone16:35
*** amoralej is now known as amoralej|off16:35
*** tonytan_brb is now known as tonytan4ever16:36
*** diazjf has quit IRC16:38
*** ametts has quit IRC16:38
*** jaugustine_ has joined #openstack-keystone16:39
*** jaugustine has quit IRC16:40
*** jaugustine_ is now known as jaugustine16:40
*** asettle has quit IRC16:43
*** asettle has joined #openstack-keystone16:43
*** diazjf has joined #openstack-keystone16:54
*** asettle has quit IRC17:00
*** jaugustine has quit IRC17:03
*** ayoung has quit IRC17:06
openstackgerritAlexander Makarov proposed openstack/keystone: Pre-cache new tokens  https://review.openstack.org/30914617:06
*** code-R has quit IRC17:07
amakarovbknudson, shame on me: all notifications are there :)17:08
amakarovbknudson, the problem that token cache is invalidated only for persistent tokens and only if revoke_by_id is set. So added region invalidation everywhere17:09
*** diazjf1 has joined #openstack-keystone17:13
*** diazjf1 has quit IRC17:15
*** code-R has joined #openstack-keystone17:16
*** diazjf has quit IRC17:16
*** ayoung has joined #openstack-keystone17:20
*** ChanServ sets mode: +v ayoung17:20
*** nishaYadav has joined #openstack-keystone17:21
*** mrhillsman is now known as mrhillsman_away17:22
*** mvk has quit IRC17:23
*** jpena|away is now known as jpena|off17:23
nishaYadavo/17:26
*** harlowja has joined #openstack-keystone17:27
*** ametts has joined #openstack-keystone17:28
openstackgerritAlexander Makarov proposed openstack/keystone: Pre-cache new tokens  https://review.openstack.org/30914617:31
*** tonytan4ever has quit IRC17:35
bknudsonamakarov: ok. Wonder why we thought it was ok only for persistent tokens & revoke_by_id.17:36
amakarovbknudson, ^ I had to remove anonymous decorator due to v2/v3 intermix problems and fix fernet test in the process.17:36
*** amakarov is now known as amakarov_away17:38
amakarov_awaybknudson, sorry, I have to go17:38
*** woodster_ has quit IRC17:39
jlkHas anybody seen a problem with client auth when both OS_PROJECT_NAME=admin OS_DOMAIN_ID=default are set?17:44
jlkI'm getting "Authentication cannot be scoped to multiple targets. Pick one of: project, domain, trust or unscoped"17:44
*** Gorian_ has joined #openstack-keystone17:49
*** Gorian_ has quit IRC17:49
*** asettle has joined #openstack-keystone17:52
*** ravelar has quit IRC17:56
*** nisha_ has joined #openstack-keystone18:02
*** jaugustine has joined #openstack-keystone18:02
*** nisha__ has joined #openstack-keystone18:04
*** nisha__ has quit IRC18:04
*** nishaYadav has quit IRC18:04
*** nishaYadav has joined #openstack-keystone18:05
*** nisha_ has quit IRC18:07
*** jaugustine has quit IRC18:09
*** mvk has joined #openstack-keystone18:12
*** tesseract- has quit IRC18:13
*** Trident has joined #openstack-keystone18:14
*** Gorian_ has joined #openstack-keystone18:17
*** diazjf has joined #openstack-keystone18:22
*** thebloggu has quit IRC18:28
henrynashlbragstad: trying to get to grips with your proposal....can you talk me through the "tiggers" bit?18:30
*** jaugustine has joined #openstack-keystone18:31
*** ayoung has quit IRC18:31
*** catintheroof has quit IRC18:34
stevemarhenrynash: can you double check my changes in https://review.openstack.org/#/c/283554/ ?18:34
patchbotstevemar: patch 283554 - python-openstackclient - Add support for domain specific roles18:34
stevemarhenrynash: it's the last bit before we release 3.0.0!18:34
henrynashstevemar: sure...thanks for those....have got bogged down with the rolling upgrade stuff! I'll look now18:34
*** tonytan4ever has joined #openstack-keystone18:35
*** tonytan4ever has quit IRC18:40
henrynashstevemar: what about all this stuff that adam added...I assume this for his follow on patch?18:41
*** dikonoor has quit IRC18:41
*** nisha_ has joined #openstack-keystone18:41
*** ametts has quit IRC18:42
henrynashayoung: did you mean to add addional stuff into https://review.openstack.org/#/c/283554/?18:42
patchbothenrynash: patch 283554 - python-openstackclient - Add support for domain specific roles18:42
*** ametts has joined #openstack-keystone18:43
*** nisha_ has quit IRC18:43
*** nisha_ has joined #openstack-keystone18:44
*** nishaYadav has quit IRC18:45
*** spzala_ has quit IRC18:49
*** spzala has joined #openstack-keystone18:50
*** fifieldt has quit IRC19:02
*** tonytan4ever has joined #openstack-keystone19:05
*** asettle has quit IRC19:12
*** woodster_ has joined #openstack-keystone19:13
*** Trident has quit IRC19:14
*** fifieldt has joined #openstack-keystone19:18
*** jaugustine has quit IRC19:22
*** ravelar has joined #openstack-keystone19:25
*** ravelar has quit IRC19:26
*** diazjf has quit IRC19:26
*** roxanaghe has quit IRC19:29
*** roxanaghe has joined #openstack-keystone19:34
lbragstadhenrynash sure19:34
lbragstaddstanek dolphm rderose_ and i were thinking about the r/w case19:34
lbragstadand started experimenting with the idea of using triggers in the expand and contract phases to handle the copy of data from the old schema to the new one19:35
lbragstadhenrynash it's very similar to what you've proposed - but using triggers (performing the data copy in the data layer)19:35
lbragstadso the flow would be19:36
lbragstad1.) Take the first keystone node out of the rotation19:36
lbragstad2.) upgrade the first keystone node to the next release (to get the latest schema and migrations)19:36
lbragstad3.) peform a db_sync --expand on the first node which updates the database with all the additive changes19:37
lbragstadthe expand phase will also create database triggers using sqlalchemy to copy data written to the old schema over to the new schema19:37
lbragstad4.) from the first keystone node - issue a db_sync --migrate which will copy over all data manually19:38
lbragstad(note that there are two database triggers in effect here - one to copy data from the old schema to the new schema and one to copy data from the new schema to the old schema)19:39
*** diazjf has joined #openstack-keystone19:39
lbragstadat this point - we also only have the old application code running - so the application only understands the old schema (which is fine because we have two-way triggers in place)19:40
lbragstad5.) take each node out of rotation and upgrade it to the next release19:40
lbragstadand place it back into rotation19:40
lbragstad(this is where you'll have a mix of different application versions in your deployment (but that's fine because the triggers make it so that they don't need to understand each others schemas)19:41
lbragstad6.) after you do a rolling restart on your entire cluster - all application nodes will be running the latest application code (which only understand the new schema)19:42
lbragstadso you can do a db_sync --contract to remove all the old schema changes19:42
lbragstadhenrynash theoretically - that will allow you to do a r/w rolling upgrade without having to make a release aware of two separate schema19:43
*** mrhillsman_away is now known as mrhillsman19:43
*** ayoung has joined #openstack-keystone19:43
*** ChanServ sets mode: +v ayoung19:43
lbragstadhenrynash the final db_sync --contract will remove the database triggers before removing the old schema19:44
bknudsondoes sqlalchemy support creating triggers?19:44
lbragstadbknudson yes - something like this http://stackoverflow.com/questions/7888846/trigger-in-sqlachemy19:45
lbragstadbknudson dolphm and dstanek dug that up19:46
bknudsonso are we talking about actual database triggers or sqlalchemy listener interface?19:46
openstackgerritLance Bragstad proposed openstack/keystone: Move fernet utils into keystone/common/  https://review.openstack.org/35370719:47
lbragstadbknudson sqlalchemy can create an actual database trigger19:47
bknudsonsure it can but you have to write the ddl for each supported DB.19:47
lbragstadbknudson so the data layer will handle the copying of data (not the application - which is probably a good thing?)19:47
lbragstadbknudson yeah - we would have to work that in if we wanted to make the data layer handle the copy19:48
dstanekbknudson: right, that's what we need to proof out i think.19:48
*** diazjf has quit IRC19:48
*** roxanaghe has quit IRC19:49
*** jaugustine has joined #openstack-keystone19:53
*** roxanaghe has joined #openstack-keystone19:56
*** d0ugal has joined #openstack-keystone20:01
*** nisha_ has quit IRC20:03
*** roxanaghe has quit IRC20:04
*** roxanaghe has joined #openstack-keystone20:07
*** haplo37__ has quit IRC20:07
*** jlk has left #openstack-keystone20:07
*** asettle has joined #openstack-keystone20:09
*** jaugustine has quit IRC20:17
*** BlackDex has joined #openstack-keystone20:18
*** jaugustine has joined #openstack-keystone20:19
*** jaugustine has quit IRC20:24
*** diazjf has joined #openstack-keystone20:27
*** julim has quit IRC20:30
*** roxanaghe has quit IRC20:33
*** ametts has quit IRC20:34
openstackgerritSteve Martinelli proposed openstack/keystone: Updates Development Environment Docs  https://review.openstack.org/24640020:36
*** diazjf has quit IRC20:37
*** roxanaghe has joined #openstack-keystone20:38
*** diazjf has joined #openstack-keystone20:39
*** michauds has joined #openstack-keystone20:40
*** mnikolaenko_ has quit IRC20:40
*** roxanaghe has quit IRC20:46
*** roxanaghe has joined #openstack-keystone20:47
*** messy has joined #openstack-keystone20:52
*** roxanaghe has quit IRC20:56
*** esp has quit IRC20:59
*** esp has joined #openstack-keystone21:02
henrynashlbragstad: (back): ok, thanks for explanation, I understand it now...off to mull it over....interesting idea....21:03
*** roxanaghe has joined #openstack-keystone21:03
lbragstadhenrynash cool - ping us if you have any more questions21:06
*** pauloewerton has quit IRC21:22
openstackgerritDolph Mathews proposed openstack/keystone: Add debug logging to revocation event checking  https://review.openstack.org/35374221:27
openstackgerritMerged openstack/keystone: api-ref: Add query options to GET /projects API documentation  https://review.openstack.org/35270821:37
*** adriant has joined #openstack-keystone21:39
openstackgerritSteve Martinelli proposed openstack/keystoneauth: add status code 308 to _REDIRECT_STATUSES  https://review.openstack.org/35234321:40
*** Ephur has quit IRC21:49
*** edtubill has quit IRC21:49
openstackgerrithenry-nash proposed openstack/keystone: Add support for rolling upgrades to keystone-manage  https://review.openstack.org/34971621:52
openstackgerrithenry-nash proposed openstack/keystone: Add migration helper logic for rolling upgrades  https://review.openstack.org/35375321:57
*** tonytan4ever has quit IRC21:58
openstackgerrithenry-nash proposed openstack/keystone: Add contract migrations to keystone-manage  https://review.openstack.org/34993921:59
*** messy has quit IRC21:59
*** gordc has quit IRC22:00
*** LamT_ has quit IRC22:01
henrynashlbragstad: hi22:07
*** bill_az has quit IRC22:08
openstackgerritLance Bragstad proposed openstack/keystone: Move fernet utils into keystone/common/  https://review.openstack.org/35370722:08
openstackgerritLance Bragstad proposed openstack/keystone: Make a FernetUtils class  https://review.openstack.org/35376122:08
openstackgerritLance Bragstad proposed openstack/keystone: Pass key_repository and max_active_keys to FernetUtils  https://review.openstack.org/35376222:08
lbragstadhenrynash hello22:08
henrynashlbragstad: so....22:09
* dstanek ducks22:09
stevemari'm free from conference nonsense, whats up with rolling upgrades22:09
henrynashlbragstad: there is no real RO mode in what you are proposing? This is just (!) a better way than have versioned objects?22:09
dstanekhenrynash: ++ with the triggers, yes22:09
dolphmhenrynash: no versioned objects required  - each release (or commit to master) only knows about one schema22:10
lbragstadhenrynash technically you could achieve RO with the model but...22:10
lbragstadwith triggers we can do the copy part during R/W without having to keep that logic in the application22:10
lbragstadwhich I think would be really nice22:10
dolphmhenrynash: i'm going to propose another spec revision and new documentation for operators to illustrate the experience, flow, etc22:10
henrynashlbragstad: sure, you could if we wanted....but the real interesting thing is there is NO data migration required for Newton!22:11
lbragstadhenrynash what do you mean?22:11
henrynashlbragstad: so none of the migrations actual need us to copy data in Newton22:11
lbragstadhenrynash meaning we only have additive schema changes in newton?22:11
dolphmhenrynash: just by coincidence this release?22:11
henrynashlbragstad: yes (by coincidnece)22:11
lbragstadah22:12
lbragstadright22:12
breton1am22:12
henrynashlbragdstad, dolphm: so if we are confident we can make the trigger solution work in Ocata, then we can allow the RW pattern in Newton22:12
bretonsleep or cide?22:12
breton*code22:12
*** michauds has quit IRC22:13
henrynashlbragstad: we just make sure we have the right keystone-manager cmmands, states etc. so that the operators experience remains the same22:13
dolphmhenrynash: that is the hope - no confidence until we can demo it :P22:13
dolphmand test it :D22:13
dstanekbreton: isn't beer an option?22:13
dolphmhenrynash: ++22:13
dolphmhenrynash: but we'd only need the 3 new arguments22:14
henrynashdolphm: yep, agreed22:14
dolphmhenrynash: --expand, --migrate, --contract, i believe (plus the original, vanilla db_sync for backwards compat22:14
openstackgerritMerged openstack/keystone: api-ref: Correcting V3 Endpoints APIs  https://review.openstack.org/35160022:14
dolphm)22:14
henrynashdolphm: yep22:14
dstanekmy only concern is that we have to prove how it will work for mysql, postgres, etc...22:14
dolphmhenrynash: and no new config options22:14
dolphmdstanek: +++22:14
dolphmand db222:14
dstanekbut we can't do that without some codes22:14
dolphmand ideally sqlite22:14
bretondstanek: nope, i don't drink22:14
henrynashdolphm: agreed22:14
rderose_breton: whats wrong with you!22:15
stevemardolphm: we dont support db222:15
dolphmstevemar: we?22:15
dolphmstevemar: keystone has code for db222:15
stevemardolphm: and even we (IBM) don't care about it22:15
dolphmstevemar: one sec proposing a patch22:15
stevemardolphm: i don't think so...22:15
stevemark22:15
*** diazjf has quit IRC22:15
stevemardolphm: i think those were old migrations when IBM actually cared about db2, but i firmly believe we don't care if openstack runs on it now22:16
henrynashdolphm: it would be trivial for me to modify my current implementation to match the Newton implementation of this, if we decide it is the way to go22:17
lbragstaddstanek https://review.openstack.org/#/q/topic:bp/credential-encryption22:18
henrynashdolphm: I just refactored it so that it is a better squence and you can see how we would change it (as well as didtch one of the patches altogther)22:18
*** diazjf has joined #openstack-keystone22:19
*** diazjf1 has joined #openstack-keystone22:19
openstackgerritDolph Mathews proposed openstack/keystone: Drop support for IBM DB2  https://review.openstack.org/35376722:19
dolphmhenrynash: bknudson: stevemar: fixed ^22:20
stevemardolphm: thanks22:20
henrynashdolphm: nice!22:20
bknudsonwe used to have a requirement for DB2, but that's gone away.22:20
stevemardolphm: last mention of it: https://github.com/openstack/keystone/blob/3a266929cf42a63ab39c6963c72506e7425df709/keystone/common/sql/migrate_repo/versions/073_insert_assignment_inherited_pk.py#L87-L10822:21
stevemarbut can't remove that :(22:21
dolphmstevemar: yeah, i figured the migration would eventually just go away22:21
*** diazjf1 has quit IRC22:21
stevemaryeah22:21
stevemarit's the next one up22:21
*** KevinE has quit IRC22:22
henrynashdolphm, lbragstad, dstanek: is someone attempting a POC of the tiggers? Do you want me to?22:22
dolphmhenrynash: we only talked about the need for one - that'd be awesome22:23
*** diazjf has quit IRC22:23
stevemardolphm: can you review https://review.openstack.org/#/c/351749/22:23
patchbotstevemar: patch 351749 - keystone - Password expires ignore user list22:23
henrynashdolphm: if we could show it is viable, then I think we would have confidence to push ahead with the Newton RW flow (which wouldn't actually need the triggers of course)22:24
stevemarclose to closing out PCI22:24
stevemarwhich would be a huge load off my mind :D22:24
dolphmhenrynash: any idea if we have anything proposed in gerrit that might need them?22:25
henrynashdolphm: not yet22:25
stevemarare all the rackers together in SA?22:25
dstanekstevemar: yerp22:25
stevemardstanek: what about rderose_?22:25
henrynashdolphm: I'd create a dummy migration to tets22:25
dstanekyep22:25
dolphmstevemar: yes, including rderose_22:25
stevemarnice22:25
dolphmstevemar: openstack-ansible midcycle22:25
stevemarjelly22:25
stevemaryeah22:25
dstanekme, rderose_, lbragstad and dolphm are sitting in the same room22:26
lbragstadwe're peer programming22:26
henrynashdstanek: now that sounds dangerous22:26
stevemarrderose_: is https://review.openstack.org/#/c/343314/ an outcome of the ibm requirement for not too many password changes per day?22:26
patchbotstevemar: patch 343314 - keystone - PCI-DSS Minimum password age requirements22:26
lbragstadwhich consists of me watching dstanek debug revocation caching problems22:26
stevemarlbragstad: "I'm helping!"22:26
dolphmlbragstad: i'm not your peer, pal22:26
dstanektranslation: watching dstanek huddle in the corner crying22:26
henrynashpeer, earl, lord...whatever22:27
rderose_stevemar: yes and no22:27
lbragstadthe room is quiet for about 45 minutes.. then dstanek belts out some four letter word randomly22:27
lbragstadthis is the process of debugging revocation events22:27
rderose_stevemar: it naturally goes with password history requirements22:27
dolphmlbragstad: commits* some four letter words22:27
rderose_stevemar: but both options are for the same purpose, right?  to prevent users from reusing old passwords.22:28
henrynashok, off to sleep and dream of sql triggers (I really should get out more)22:28
rderose_stevemar: min password age seemed like a more common way of dealing with that22:28
dolphmhenrynash: ++22:29
dolphmhenrynash: also ++22:29
dstanekhenrynash: good night, sir22:29
dolphmhenrynash: spec tomorrow!22:29
lbragstadhenrynash o/22:29
stevemarrderose_: yeah, totally22:31
stevemarjust didn't want you doing it solely for us22:31
rderose_stevemar: ah, I see22:31
rderose_stevemar: last of the PCI btw, thank goodness!!22:31
stevemarrderose_: measured in days eh22:32
stevemarso i can only change my password once per day?22:32
rderose_stevemar: exactly22:32
stevemarrderose_: shouldn't that be measured in seconds or minutes?22:33
stevemarrderose_: IIRC the old requirement was "a user shouldn't be able to change their password more than 5 times a day"22:33
stevemarthe minimum of 1 day would bust that22:33
stevemarconsider the case where i ask the admin to reset my password, thats 1 change, and then i want to change it again (now i can't)22:34
rderose_stevemar: typically minimum password age is set in days22:34
rderose_stevemar: I ignore admin password resets22:34
rderose_stevemar: colleen brought that up22:34
stevemarmmm yeah she did22:35
rderose_stevemar: so only counting self service password changes22:35
*** edmondsw has quit IRC22:36
stevemarrderose_: i guess my argument is that having it in minutes makes it more open22:37
rderose_stevemar: why not seconds?22:38
stevemarrderose_: even better22:38
stevemarrderose_: ugh https://technet.microsoft.com/en-us/library/hh994570(v=ws.11).aspx22:38
*** sdake has quit IRC22:38
stevemari guess that's the norm22:39
stevemarthat's silly22:39
*** ezpz has quit IRC22:39
rderose_stevemar: yeah, days seemed to be the norm22:39
stevemarrderose_: ok22:40
stevemarrderose_: i'll concede for now :D22:40
rderose_stevemar: :)22:40
stevemarrderose_: we should rename password_expires_days to maximum_password_age to better match up with minimum_password_age :P22:41
rderose_stevemar: what, are we microsoft now?22:41
rderose_stevemar: but yeah, I did think that too :)22:42
stevemarrderose_: i'd be down for it :P22:42
stevemarrderose_: was "change_password" missing from the base? :\22:43
rderose_stevemar: yeah, manager would just call update_user for all password changes22:43
rderose_stevemar: implementation was cleaner creating a separate method in the backend for self service password changes22:47
*** asettle has quit IRC22:47
lbragstadnonameentername I pulled a few of your changes into their own reviews - https://review.openstack.org/#/q/topic:bp/credential-encryption22:49
*** spedione is now known as spedione|AWAY22:49
stevemarlbragstad: thanks for working on that too22:50
* stevemar will be back in 5 minutes as he's getting kicked out22:50
lbragstadstevemar no problem22:51
*** tonytan4ever has joined #openstack-keystone22:59
*** code-R has quit IRC23:01
openstackgerritLance Bragstad proposed openstack/keystone: Pass key_repository and max_active_keys to FernetUtils  https://review.openstack.org/35376223:02
openstackgerritLance Bragstad proposed openstack/keystone: Make a FernetUtils class  https://review.openstack.org/35376123:02
*** tonytan4ever has quit IRC23:03
openstackgerritDolph Mathews proposed openstack/keystone: Add debug logging to revocation event checking  https://review.openstack.org/35374223:04
*** tonytan4ever has joined #openstack-keystone23:07
stevemaro/23:19
stevemardolphm: the rackers all go home?23:19
*** Ephur has joined #openstack-keystone23:25
*** sdake has joined #openstack-keystone23:26
*** ayoung has quit IRC23:30
*** chlong|mtg has quit IRC23:31
*** Gorian_ has quit IRC23:41
openstackgerritJiong Liu proposed openstack/keystone: Use international logging message  https://review.openstack.org/35346823:43
*** woodster_ has quit IRC23:49
*** rkrum has joined #openstack-keystone23:50
« Tuesday, 2016-08-09 Index Thursday, 2016-08-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!