Saturday, 2016-09-03

« Friday, 2016-09-02 Index Sunday, 2016-09-04 »
openstackgerritEric Brown proposed openstack/keystone: Add the deprecated_since to deprecate options  https://review.openstack.org/36517400:04
openstackgerritEric Brown proposed openstack/keystone: Add the deprecated_since to deprecated options  https://review.openstack.org/36517400:05
openstackgerritEric Brown proposed openstack/keystone: Add the deprecated_since to deprecated options  https://review.openstack.org/36517400:07
*** dikonoo has joined #openstack-keystone00:07
*** asettle has quit IRC00:10
*** dikonoo has quit IRC00:12
*** gyee has quit IRC00:14
*** sdake has quit IRC00:16
*** ddieterly has joined #openstack-keystone00:19
openstackgerritSean Perry proposed openstack/keystone: Project domain must match role domain for assignment  https://review.openstack.org/36517700:20
*** sdake has joined #openstack-keystone00:21
*** adrian_otto has quit IRC00:29
*** ddieterly has quit IRC00:31
*** su_zhang has joined #openstack-keystone00:34
*** ddieterly has joined #openstack-keystone00:41
*** roxanaghe has quit IRC00:49
*** su_zhang has quit IRC00:51
*** ddieterly has quit IRC00:58
*** su_zhang has joined #openstack-keystone01:00
*** ddieterly has joined #openstack-keystone01:02
*** markvoelker has joined #openstack-keystone01:07
*** su_zhang has quit IRC01:08
*** su_zhang has joined #openstack-keystone01:08
*** su_zhang has quit IRC01:12
*** markvoelker has quit IRC01:13
*** spzala has joined #openstack-keystone01:45
*** spzala has quit IRC01:50
*** ddieterly has quit IRC02:06
*** ddieterly has joined #openstack-keystone02:17
*** spedione|AWAY is now known as spedione02:27
*** ddieterly has quit IRC02:39
*** spzala has joined #openstack-keystone02:40
*** spedione is now known as spedione|AWAY02:43
*** ddieterly has joined #openstack-keystone02:45
*** ddieterly has quit IRC02:59
*** woodster_ has quit IRC02:59
openstackgerritJiWei proposed openstack/keystoneauth: Raise NotImplementedError instead of NotImplemented  https://review.openstack.org/36519403:08
*** markvoelker has joined #openstack-keystone03:09
*** asettle has joined #openstack-keystone03:13
*** spzala has quit IRC03:13
*** markvoelker has quit IRC03:14
openstackgerritJiWei proposed openstack/keystoneauth: Raise NotImplementedError instead of NotImplemented  https://review.openstack.org/36519503:14
*** asettle has quit IRC03:21
openstackgerritJiWei proposed openstack/keystone: Raise NotImplementedError instead of NotImplemented  https://review.openstack.org/36519603:27
*** sdake_ has joined #openstack-keystone03:38
*** sdake has quit IRC03:41
*** sdake_ has quit IRC03:58
*** links has joined #openstack-keystone04:15
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508704:19
*** sdake has joined #openstack-keystone04:55
*** adam_g has quit IRC04:58
*** adam_g has joined #openstack-keystone05:02
*** adam_g has quit IRC05:02
*** adam_g has joined #openstack-keystone05:02
*** markvoelker has joined #openstack-keystone05:10
*** sdake has quit IRC05:14
*** markvoelker has quit IRC05:14
openstackgerritJiWei proposed openstack/keystone: Raise NotImplementedError instead of NotImplemented  https://review.openstack.org/36519605:19
*** su_zhang has joined #openstack-keystone05:38
*** richm has quit IRC05:39
*** maestropandy has joined #openstack-keystone05:39
*** snecklifter has quit IRC05:50
*** sdake has joined #openstack-keystone06:10
*** su_zhang has quit IRC06:16
*** su_zhang has joined #openstack-keystone06:17
*** su_zhang has quit IRC06:21
*** tesseract- has joined #openstack-keystone06:39
*** sdake has quit IRC06:50
*** markvoelker has joined #openstack-keystone07:11
*** markvoelker has quit IRC07:15
*** asettle has joined #openstack-keystone07:19
*** asettle has quit IRC07:27
*** chrichip has quit IRC07:46
*** chrichip has joined #openstack-keystone07:47
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** maestropandy has quit IRC08:01
*** esp has joined #openstack-keystone08:07
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843508:10
*** esp has quit IRC08:11
*** asettle has joined #openstack-keystone08:44
*** sdake has joined #openstack-keystone08:45
*** asettle has quit IRC09:00
*** markvoelker has joined #openstack-keystone09:11
*** markvoelker has quit IRC09:16
*** sdake has quit IRC09:59
*** cnf has joined #openstack-keystone10:02
cnfmorning everyone10:04
*** richm has joined #openstack-keystone10:11
*** ayoung has quit IRC10:40
*** ayoung has joined #openstack-keystone10:50
*** ChanServ sets mode: +v ayoung10:50
*** stian_ has quit IRC11:00
cnfcan anyone help me get keystone working with ldap?11:05
dstanekcnf: go ahead and ask your questions and i'm sure someone that can help will once they come along11:06
cnfnot sure what to ask, I followed http://docs.openstack.org/admin-guide/keystone-integrate-with-ldap.html, and now I have no idea how to proceed11:07
dstanekcnf: what's the issue that you are having?11:08
cnfI have no idea how to talk to keystone, I have no idea if this is because i am missing data in ldap or something11:08
dstanekwhat happens why you try to auth using one of your accounts from ldap?11:09
*** joerch has quit IRC11:10
dstanekcnf: just an fyi, i'll help while i can, but today is a travel day for me11:10
cnfkeystone --os-token <token> user-list gives me deprecation warning, and 500 errors11:10
dstanekcnf: where did the token come from?11:11
cnfit's set in /etc/keystone/keystone.conf11:11
dstanekcnf: also did you look in the keystone log to checkout the 500s?11:11
dstanekcnf: that's not going to be using ldap for auth then....also user list for ldap isn't a great experience. i think we have a hard limit of how many to return11:12
*** markvoelker has joined #openstack-keystone11:12
cnfdstanek:  well, sure, but I don't know how to set up ldap yet11:13
cnfi have no idea what is expected in ldap11:13
cnfi tried horizon first, but that just kept telling me there was no domain "default"11:14
dstanekcnf: so you don't have an existing ldap?11:14
cnfI do11:14
dstanekcnf: did you configure the [ldap] section in your keystone.conf?11:15
cnfoh, I did :P11:15
cnf2016-09-03 11:15:06.758 42 ERROR keystone.auth.plugins.core DomainNotFound: Could not find domain: default11:15
cnfis what I get when I try horizon11:15
cnfi'm guessing i need to set it in ldap, but I have no idea what the format is supposed to be11:16
dstanekthen your next step should be to turn on debugging and try to auth to keystone using an ldap account11:16
cnfdstanek:  well, I did11:17
cnfand the error i get is the one i pasted above11:17
*** markvoelker has quit IRC11:17
dstanekcnf: domains shouldn't be in ldap.11:18
cnfwell, then I don't know how to fix that error11:18
cnfI need to authenticate to add a domain, but I can't authenticate because it doesn't know the domain11:19
cnfhence I was trying the token11:19
dstanekand what is in the log when you use the token?11:19
dstaneka 500 should log a traceback11:19
dstaneki'm not really familiar with those guides so i don't know how they tell you to create the default domain.11:20
dstanekthere are really two ways. one is using the magic admin token, which appears to be what you are doing and the other is 'keystone-manager bootstrap'11:21
cnfthey don't11:21
cnfdefault domain isn't mentioned11:21
dstanekoops....keystone-manage11:21
cnfkeystone-manage bootstrap just gives me loads of tracebacks11:22
dstanekcnf: i think you want to be following an installation guide to install keystone, but i'm not sure11:22
cnfthere are too many installation guides11:23
cnfi followed one of them, I can't even remember which one11:23
dstanekcnf: for example in the install guide for ubuntu http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-users.html11:23
dstanekcnf: pick one :-)11:23
dstanekthat's the old way, but it should work fine11:23
cnfwell, that won't work, because i can't auth11:24
dstanekcnf: i'm not sure why your admin token wouldn't work....do you have the middleware setup?11:24
cnfnot that I know of11:25
cnfoh, hmm11:25
cnfugh, I think the guide I followed for ldap had a setup for a single domain11:25
cnfMultiple domains are not supported (HTTP 400)11:26
cnfhmm, ldap doesn't support multiple domains well, it seems11:30
cnfI think, anyway11:30
cnfI just want to get swift working ^^;11:33
cnfhmm, and turing off domain support isn't that easy, it seems11:36
cnfugh11:38
cnfif I turn off domains, i get errors, if I turn it on i get errors11:38
cnfyeah, I don't understand this11:41
cnfhmm, i cant find a combination of settings that makes this work :(11:48
cnfhmm, so v3 _always_ need a domain11:51
cnfand ldap backend doesn't really do domains11:51
cnfso i'm basically screwed11:51
*** ddieterly has joined #openstack-keystone11:52
dstaneki think both v2 and v3 will both need a domain to function11:59
dstanekv3 calls use the domain explicitly, whereas v2 implicitly use the default domain11:59
dstanekbut i think in both cases you need that domain there11:59
cnfhmz12:03
cnf2016-09-03 12:03:31.924 513 DEBUG keystone.middleware.auth [req-fb716f3d-26ef-42ad-9677-3a980c3767f9 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:7112:04
cnfi get now, from horizon12:04
cnfno, i get it from keystone, trying to log in from horizon12:04
cnfhmz, it keeps stubeling on the domain12:09
cnfI can only assume i'm doing something very stupid, or ldap support doesn't actually work anymore in keystone12:10
*** links has quit IRC12:16
*** chlong has joined #openstack-keystone12:17
*** stian_ has joined #openstack-keystone12:22
*** ddieterly has quit IRC12:42
*** ddieterly has joined #openstack-keystone12:51
*** ddieterly has quit IRC12:57
*** ddieterly has joined #openstack-keystone13:04
*** EinstCrazy has joined #openstack-keystone13:07
*** ddieterly is now known as ddieterly[away]13:10
*** markvoelker has joined #openstack-keystone13:13
*** ddieterly[away] is now known as ddieterly13:14
*** markvoelker has quit IRC13:17
*** ddieterly is now known as ddieterly[away]13:21
*** markvoelker has joined #openstack-keystone13:22
cnfyeah, I can't get this working without some help13:23
*** su_zhang has joined #openstack-keystone13:27
*** ddieterly[away] has quit IRC13:30
*** su_zhang has quit IRC13:48
*** su_zhang has joined #openstack-keystone13:49
*** ddieterly has joined #openstack-keystone13:53
*** su_zhang has quit IRC13:53
*** ddieterly has quit IRC14:01
*** ddieterly has joined #openstack-keystone14:02
*** ddieterly has quit IRC14:02
*** ddieterly has joined #openstack-keystone14:39
*** ddieterly has quit IRC14:44
*** phalmos has joined #openstack-keystone14:59
*** phalmos has quit IRC15:04
*** EinstCrazy has quit IRC15:06
*** ddieterly has joined #openstack-keystone15:11
*** ddieterly has quit IRC15:14
*** tesseract- has quit IRC15:38
*** markvoelker has quit IRC15:39
*** ddieterly has joined #openstack-keystone15:41
*** lamt has quit IRC15:49
*** ddieterly has quit IRC16:30
*** chlong has quit IRC16:35
*** ddieterly has joined #openstack-keystone16:41
*** ddieterly is now known as ddieterly[away]16:43
*** su_zhang has joined #openstack-keystone16:44
*** su_zhang has quit IRC16:45
*** su_zhang has joined #openstack-keystone16:45
*** su_zhang has quit IRC16:50
*** su_zhang has joined #openstack-keystone16:51
cnfanyone that can help me with this domain thing, and ldap for keystone?16:57
*** su_zhang has quit IRC17:34
*** ddieterly[away] is now known as ddieterly17:41
cnf does keystone not query ldap for projects and roles?17:44
*** ddieterly has quit IRC17:45
bretonv2 doesn't accept information about domains at all afaik17:46
bretoni also think that storing projects and roles in LDAP is either deprecated a long time ago or removed17:47
cnfhmz17:47
cnfdammit17:47
cnfi can't get any of this to work17:48
cnfbreton:  and if project / roles in ldap was remove, then why was the tenant_tree_dn renamed to project_tree_dn not so long ago?17:49
cnfremoved*17:49
*** sdake has joined #openstack-keystone17:50
*** wasmum has quit IRC17:50
bretoncnf: no idea, bulk rename maybe17:51
cnfhmm17:51
cnfwonder why that was removed :/17:51
bretonmany reasons. Why do you want to store projects and roles in LDAP?17:52
cnfbecause I want all administration to go through ldap17:54
cnfinstead of needing 2 places to manage things17:55
cnfi can't get either to work, though17:55
cnfi can get as far as seeing my users and groups with openstack user list and openstack group list with the service token17:58
cnfcan't get horizon to log in, at all17:59
cnfnot sure what to do now17:59
cnfif I don't enable multi domain support, I can't add roles or projects18:01
cnfif i enable it, I can't log in with anything18:02
*** wasmum has joined #openstack-keystone18:02
cnfyep, enable multi domain, now horizon just gives me trace backs18:11
cnfo,O18:11
cnfraise exceptions.EmptyCatalog('The service catalog is empty.')18:13
cnfhmz, this is depressing18:16
*** sdake has quit IRC18:18
cnfI can't get auth working in any way against ldap :/18:21
*** markvoelker has joined #openstack-keystone18:40
*** markvoelker has quit IRC18:45
*** joerch has joined #openstack-keystone19:15
*** sdake has joined #openstack-keystone19:21
*** joerch has quit IRC19:22
*** diltram_ has joined #openstack-keystone19:23
*** diltram has quit IRC19:23
*** diltram_ is now known as diltram19:24
*** ddieterly has joined #openstack-keystone19:26
*** ddieterly has quit IRC19:31
*** sdake has quit IRC19:37
*** ddieterly has joined #openstack-keystone19:42
*** ddieterly has quit IRC20:00
*** ddieterly has joined #openstack-keystone20:05
*** ddieterly has quit IRC20:12
*** ddieterly has joined #openstack-keystone20:21
*** ddieterly has quit IRC20:24
*** ddieterly has joined #openstack-keystone20:26
*** sdake has joined #openstack-keystone20:33
*** ddieterly has quit IRC20:40
*** markvoelker has joined #openstack-keystone20:41
*** markvoelker has quit IRC20:46
*** sdake has quit IRC20:50
*** ddieterly has joined #openstack-keystone20:52
*** ddieterly has quit IRC20:56
*** adrian_otto has joined #openstack-keystone21:07
*** ddieterly has joined #openstack-keystone21:08
*** ianw has quit IRC21:13
*** ddieterly has quit IRC21:15
*** ianw has joined #openstack-keystone22:27
dstanekcnf: if you want to just get a test environment setup use devstack. if you set the right env vars it'll setup ldap for you22:32
cnfi just want to get i played with devstack last week22:33
cnfthat was all sorts of hell22:33
cnfand I just want a working swift install22:34
*** ninag has joined #openstack-keystone22:34
*** ninag has quit IRC22:34
*** adrian_otto has quit IRC22:38
*** ianw has quit IRC22:41
*** markvoelker has joined #openstack-keystone22:42
*** markvoelker has quit IRC22:47
*** kragniz has quit IRC22:47
*** kragniz has joined #openstack-keystone22:50
*** EinstCrazy has joined #openstack-keystone22:51
*** ninag has joined #openstack-keystone22:52
*** ninag has quit IRC22:52
*** EinstCrazy has quit IRC22:55
*** bigjools has quit IRC23:05
*** bigjools has joined #openstack-keystone23:09
*** sdake has joined #openstack-keystone23:10
*** roxanaghe has joined #openstack-keystone23:16
*** sdake has quit IRC23:18
*** ianw has joined #openstack-keystone23:20
*** ianw has quit IRC23:28
*** richm has quit IRC23:31
« Friday, 2016-09-02 Index Sunday, 2016-09-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!