Thursday, 2016-09-29

« Wednesday, 2016-09-28 Index Friday, 2016-09-30 »
*** browne has quit IRC00:02
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Specify that unknown arguments can be passed to fetch_token  https://review.openstack.org/37903400:04
*** adrian_otto has joined #openstack-keystone00:08
ayoungjamielennox, the question I had was whether that should be something enforced on the KEystone server, or only in middleware00:17
* ayoung reads up and sees you just discussed this00:17
jamielennoxayoung: that's exactly the question i was asking :)00:17
jamielennoxi had some code that was assuming it would be enforced by keystone server - but am not feeling like we should have to do that00:18
ayoungso, went through that thought process, too.  I figure that it *HAS* to be enforced in middleware, but it *might* be enforced in keystone, too00:18
ayoungnot much to be gained by adding it to the server, though00:19
jamielennoxright, so middleware is going to have to know and do some things00:19
jamielennoxbut taking just the change to keystone, i don't see a problem with an ?allow_expired flag to keystone on its own00:20
jamielennoxi don't see why you would need a service token to fetch that00:20
jamielennoxwhich means enforcing everything from middleware00:20
*** tonytan4ever has joined #openstack-keystone00:24
*** sdake_ has quit IRC00:25
jamielennoxayoung: anyway, basically i want to check that other people who have thought about this have the same ideas00:26
jamielennoxayoung: like maybe we had discussed a reason it had to be enforced on the server00:27
*** adrian_otto has quit IRC00:27
*** jamielennox is now known as jamielennox|away00:29
*** tonytan4ever has quit IRC00:30
*** jamielennox|away is now known as jamielennox00:33
*** roxanaghe has joined #openstack-keystone00:51
*** sdake has joined #openstack-keystone00:52
*** roxanaghe has quit IRC00:53
stevemarjamielennox: eh01:10
stevemarjamielennox: just catching up...01:11
openstackgerritgengchc2 proposed openstack/keystone: Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml  https://review.openstack.org/37905201:11
jamielennoxstevemar: np01:11
*** markvoelker has joined #openstack-keystone01:13
*** davechen has joined #openstack-keystone01:18
*** ddieterly has joined #openstack-keystone01:41
*** jamielennox is now known as jamielennox|away01:42
*** woodster_ has joined #openstack-keystone01:51
openstackgerritDave Chen proposed openstack/keystone: Add foreign key to trust table  https://review.openstack.org/36842202:27
openstackgerritDave Chen proposed openstack/keystone: Invalidate trust when the trustor or trustee is deleted  https://review.openstack.org/36935402:27
*** jorge_munoz has quit IRC02:36
*** jorge_munoz has joined #openstack-keystone02:40
*** sdake has quit IRC02:52
*** gagehugo has quit IRC02:57
*** marekd2 has joined #openstack-keystone03:01
*** gagehugo has joined #openstack-keystone03:02
*** david-lyle has quit IRC03:04
*** gagehugo has quit IRC03:05
*** marekd2 has quit IRC03:05
*** jamielennox|away is now known as jamielennox03:11
*** sdake has joined #openstack-keystone03:16
*** TonyXu has joined #openstack-keystone03:16
*** sdake has quit IRC03:19
openstackgerritGeorge Tian proposed openstack/keystone: remove no use variable  https://review.openstack.org/37910203:21
*** ngupta has joined #openstack-keystone03:27
*** sdake has joined #openstack-keystone03:31
*** links has joined #openstack-keystone03:33
*** ddieterly has quit IRC03:33
*** aswadr_ has joined #openstack-keystone03:42
stevemarjamielennox: ^03:45
stevemarhttps://review.openstack.org/#/c/379102/103:45
*** diltram has quit IRC03:46
*** hoonetorg has quit IRC03:47
*** pcaruana has quit IRC03:47
*** xek__ has quit IRC03:47
openstackgerritMerged openstack/keystone: Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml  https://review.openstack.org/37905203:48
*** d0ugal has quit IRC03:48
*** Dave___ has joined #openstack-keystone03:48
*** diltram has joined #openstack-keystone03:50
*** oomichi has quit IRC03:52
*** Dave has quit IRC03:52
*** hoonetorg has joined #openstack-keystone03:53
*** oomichi has joined #openstack-keystone03:54
*** diltram has quit IRC03:55
*** woodburn has quit IRC03:55
*** woodburn has joined #openstack-keystone03:56
*** diltram has joined #openstack-keystone03:56
*** d0ugal has joined #openstack-keystone03:57
*** pcaruana has joined #openstack-keystone03:59
openstackgerritCao Xuan Hoang proposed openstack/keystone: Add Apache 2.0 license to source file  https://review.openstack.org/37911104:02
*** lifeless has quit IRC04:02
*** lifeless has joined #openstack-keystone04:05
*** TonyXu has quit IRC04:05
*** TonyXu has joined #openstack-keystone04:06
*** ngupta has quit IRC04:08
*** ngupta has joined #openstack-keystone04:08
*** ngupta has quit IRC04:13
*** vaishali has joined #openstack-keystone04:13
stevemarzzzeek: can the following operation be done online: change a column from sql.String(64) to sql.String(255), i.e. not have downtime04:27
openstackgerritlilintan proposed openstack/keystoneauth: Use mockpatch fixtures from fixtures  https://review.openstack.org/37912004:41
openstackgerritGeorge Tian proposed openstack/keystone: Remove no use variable (domain_id)  https://review.openstack.org/37912204:43
*** dikonoo has joined #openstack-keystone04:44
*** GB21 has joined #openstack-keystone04:52
*** sdake has quit IRC05:00
*** vaishali has quit IRC05:12
*** dikonoo has quit IRC05:17
*** marekd2 has joined #openstack-keystone05:21
*** vaishali has joined #openstack-keystone05:25
*** marekd2 has quit IRC05:25
*** dikonoor has joined #openstack-keystone05:28
*** richm has quit IRC05:40
bretono/05:43
*** adriant has quit IRC05:43
*** xek has joined #openstack-keystone05:59
*** woodster_ has quit IRC06:00
stevemarbreton: o/06:03
stevemarjamielennox: are https://review.openstack.org/#/c/379035/1 and https://review.openstack.org/#/c/379034/2 related to the long lived operation / reservation bp?06:16
stevemarjamielennox: if so, change the topic to the same for each ;)06:17
bretonit seems that landing that caching fix lowered keystone performance on token issuing06:18
* breton working on it now06:19
stevemarbreton: bah06:19
*** rcernin has joined #openstack-keystone06:22
*** dikonoor has quit IRC06:23
*** dikonoor has joined #openstack-keystone06:27
*** jaosorior has joined #openstack-keystone06:58
*** amoralej|off is now known as amoralej07:06
openstackgerritMerged openstack/keystone: Updated from global requirements  https://review.openstack.org/37913907:14
openstackgerritNam Nguyen Hoai proposed openstack/keystone: Fix typo in docstring  https://review.openstack.org/37821807:14
*** asettle has joined #openstack-keystone07:39
openstackgerritGeorge Tian proposed openstack/keystone: Remove the no use arg (auth=None)  https://review.openstack.org/37923407:41
openstackgerritMerged openstack/keystoneauth: Use mockpatch fixtures from fixtures  https://review.openstack.org/37912007:59
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** Dave___ is now known as Dave08:07
*** aswadr_ has quit IRC08:12
*** marekd2 has joined #openstack-keystone08:16
*** marekd2 has quit IRC08:20
*** pnavarro has joined #openstack-keystone09:00
*** annakoppad has joined #openstack-keystone09:02
*** jaosorior is now known as jaosorior_lunch09:05
*** jed56 has quit IRC09:05
annakoppadhello all, I am currently working on this bug, https://bugs.launchpad.net/keystone/+bug/1274581. can someone help?09:06
openstackLaunchpad bug 1274581 in OpenStack Identity (keystone) "keystone ldap identity backend will not work without TLS_CACERT path specified in an ldap.conf file" [Low,Confirmed] - Assigned to Annapoornima Koppad (annakoppad)09:06
*** namnh has joined #openstack-keystone09:09
*** haplo37_ has quit IRC09:23
*** haplo37_ has joined #openstack-keystone09:26
openstackgerritMerged openstack/oslo.policy: doc: Add introduction to index page  https://review.openstack.org/37849009:33
*** code-R has joined #openstack-keystone09:39
*** code-R_ has joined #openstack-keystone09:41
*** code-R has quit IRC09:44
openstackgerritGeorge Tian proposed openstack/keystone: Remove the no use arg  https://review.openstack.org/37926609:45
*** sdake has joined #openstack-keystone09:47
*** namnh has quit IRC09:54
*** code-R_ has quit IRC09:54
*** code-R has joined #openstack-keystone09:55
openstackgerritAnnapoornima Koppad proposed openstack/keystone: Updating the document regarding LDAP options Closes-bug : #1274581  https://review.openstack.org/37933409:59
*** richm has joined #openstack-keystone10:10
*** thebloggu has joined #openstack-keystone10:13
openstackgerritAnnapoornima Koppad proposed openstack/keystone: Updating the document regarding LDAP options  https://review.openstack.org/37933410:14
*** ayoung has quit IRC10:27
*** mvk has quit IRC10:29
*** nicolasbock has joined #openstack-keystone10:34
*** annakoppad has quit IRC10:35
*** GB21 has quit IRC10:37
*** TonyXu has quit IRC10:37
*** ayoung has joined #openstack-keystone10:40
*** ChanServ sets mode: +v ayoung10:40
*** GB21 has joined #openstack-keystone10:49
*** davechen has left #openstack-keystone10:51
*** mvk has joined #openstack-keystone10:55
*** jaosorior_lunch is now known as jaosorior11:02
*** dikonoor has quit IRC11:07
*** openstackgerrit has quit IRC11:19
*** openstackgerrit has joined #openstack-keystone11:19
*** cnf has left #openstack-keystone11:23
*** jrist has joined #openstack-keystone11:25
*** dikonoor has joined #openstack-keystone11:26
*** thebloggu has quit IRC11:38
*** haplo37_ has quit IRC11:42
*** haplo37_ has joined #openstack-keystone11:44
*** rodrigods has quit IRC11:51
*** rodrigods has joined #openstack-keystone11:51
*** jrist has quit IRC11:56
*** dikonoor has quit IRC11:56
*** amoralej is now known as amoralej|lunch11:59
openstackgerritAlexander Makarov proposed openstack/keystone: Special 401/403 debug responses with qa disabled  https://review.openstack.org/37779212:06
openstackgerritAlexander Makarov proposed openstack/keystone: Special 401/403 debug responses with qa disabled  https://review.openstack.org/37779212:06
*** artmr has joined #openstack-keystone12:07
*** vaishali has quit IRC12:12
*** raildo has joined #openstack-keystone12:14
*** TonyXu has joined #openstack-keystone12:14
*** edmondsw has joined #openstack-keystone12:15
*** jrist has joined #openstack-keystone12:17
*** catintheroof has joined #openstack-keystone12:18
*** vaishali has joined #openstack-keystone12:24
*** jrist has quit IRC12:28
catintheroofmorning, one quick question, when a service (eg. nova) validates a fernet token against keystone, from where (is allways, or most of the time) does keystone get the info to return the response to the service for the service to get the needed info to continue with the request ?12:30
fricklerkeystone needs oslo.log >= 3.4.0 even for newton, should this get fixed before the release https://bugs.launchpad.net/keystone/+bug/162888312:32
openstackLaunchpad bug 1628883 in keystone (Ubuntu) "Minimum requirements too low on oslo.log for keystone" [Undecided,Triaged] - Assigned to Corey Bryant (corey.bryant)12:32
*** vaishali has quit IRC12:35
*** GB21 has quit IRC12:55
*** ddieterly has joined #openstack-keystone12:56
bretonfrickler: why >= 3.4.0?12:57
*** david-lyle has joined #openstack-keystone12:57
bretonfrickler: it's the first version to define that variable?12:57
*** ddieterly has quit IRC12:59
*** ddieterly has joined #openstack-keystone12:59
bretonlooks like it12:59
*** ddieterly has quit IRC12:59
fricklerbreton: yes, that is what I gather from "git tag -l --contains 7f1973af" in oslo.log13:00
*** lamt has joined #openstack-keystone13:03
openstackgerritMerged openstack/python-keystoneclient: Import module instead of object  https://review.openstack.org/37719813:07
bretonfrickler: https://review.openstack.org/37945113:08
bretonstevemar: ^13:09
bretonmaster already has newer oslo.log13:09
fricklerbreton: I'm not sure whether you can do this so easily for stable branches without matching global-requirements13:12
*** links has quit IRC13:17
openstackgerritMerged openstack/keystone: Add Apache 2.0 license to source file  https://review.openstack.org/37911113:20
openstackgerritMerged openstack/keystone: Make test_v3_auth exercise the whole API  https://review.openstack.org/37868113:21
*** lamt has quit IRC13:21
*** jaosorior has quit IRC13:21
*** jaosorior has joined #openstack-keystone13:22
*** amoralej|lunch is now known as amoralej13:22
*** gagehugo has joined #openstack-keystone13:30
bretonfrickler: well, we probably can't merge it13:34
*** spzala has joined #openstack-keystone13:56
*** ngupta has joined #openstack-keystone14:00
*** haplo37_ has quit IRC14:01
*** pnavarro has quit IRC14:03
*** haplo37_ has joined #openstack-keystone14:04
*** chris_hultin|AWA is now known as chris_hultin14:05
*** jaugustine has joined #openstack-keystone14:05
*** agrebennikov has joined #openstack-keystone14:07
openstackgerritQiming Teng proposed openstack/keystone: Tweak api-ref for v3 groups status codes  https://review.openstack.org/36779314:07
*** ravelar has joined #openstack-keystone14:10
*** ravelar has quit IRC14:11
*** ravelar has joined #openstack-keystone14:12
*** ddieterly has joined #openstack-keystone14:14
*** ngupta has quit IRC14:17
openstackgerritAlexey Yelistratov proposed openstack/keystone: Add DB operations tracing  https://review.openstack.org/29453514:22
*** sdake has quit IRC14:24
*** sdake has joined #openstack-keystone14:26
*** sdake_ has joined #openstack-keystone14:34
*** jorge_munoz_ has joined #openstack-keystone14:35
*** sdake has quit IRC14:36
*** jorge_munoz has quit IRC14:37
*** jorge_munoz_ is now known as jorge_munoz14:37
*** TonyXu has quit IRC14:44
*** nicolasbock has quit IRC14:44
*** chris_hultin is now known as chris_hultin|AWA14:45
*** nicolasbock has joined #openstack-keystone14:52
*** jamielennox is now known as jamielennox|away14:53
*** aswadr_ has joined #openstack-keystone14:53
*** sdake_ is now known as sdake_dnd14:53
*** TonyXu has joined #openstack-keystone14:59
*** sdake has joined #openstack-keystone14:59
*** jamielennox|away is now known as jamielennox15:00
*** sdake_dnd has quit IRC15:00
*** agrebennikov has quit IRC15:00
*** thumpba has joined #openstack-keystone15:01
*** chris_hultin|AWA is now known as chris_hultin15:07
*** thumpba has quit IRC15:11
*** thumpba has joined #openstack-keystone15:12
openstackgerritArthur Miranda proposed openstack/python-keystoneclient: Prevent attempts to "filter" find() calls by globally unique IDs  https://review.openstack.org/37573015:16
knikollarodrigods: had a chance to look at the devstack plugin?15:17
rodrigodsknikolla, not yet, sorry :(15:17
*** ravelar has quit IRC15:19
*** ravelar has joined #openstack-keystone15:19
*** sdake is now known as sdake_dnd15:26
stevemarbreton: it was already discussed here: https://bugs.launchpad.net/cinder/+bug/162316815:26
openstackLaunchpad bug 1623168 in Cinder "referencing versionutils.deprecated.NEWTON in oslo.log <3.4.0" [Undecided,In progress] - Assigned to Eric Harney (eharney)15:26
*** adrian_otto has joined #openstack-keystone15:28
*** arunkant has joined #openstack-keystone15:30
*** thumpba has quit IRC15:34
*** amoralej is now known as amoralej|off15:37
*** tonytan4ever has joined #openstack-keystone15:45
openstackgerritAnnapoornima Koppad proposed openstack/keystone: Updating the document regarding LDAP options  https://review.openstack.org/37933415:46
*** openstackgerrit has quit IRC15:49
*** openstackgerrit has joined #openstack-keystone15:50
*** ddieterly is now known as ddieterly[away]15:52
*** chris_hultin is now known as chris_hultin|AWA16:01
*** ddieterly[away] is now known as ddieterly16:02
*** pcaruana has quit IRC16:03
*** woodster_ has joined #openstack-keystone16:03
*** rcernin has quit IRC16:05
*** lifeless has quit IRC16:25
*** sdake_dnd is now known as sdake16:27
*** scarlisle has joined #openstack-keystone16:31
*** lifeless has joined #openstack-keystone16:33
*** cnf has joined #openstack-keystone16:33
*** gyee has joined #openstack-keystone16:36
openstackgerritArthur Miranda proposed openstack/python-keystoneclient: Prevent attempts to "filter" list() calls by globally unique IDs  https://review.openstack.org/37800116:37
*** ravelar has quit IRC16:38
openstackgerritAlexey Yelistratov proposed openstack/keystone: Add DB operations tracing  https://review.openstack.org/29453516:41
*** adrian_otto has quit IRC16:44
*** browne has joined #openstack-keystone16:54
*** roxanaghe has joined #openstack-keystone16:55
*** haplo37_ has quit IRC16:56
*** haplo37_ has joined #openstack-keystone16:58
*** ravelar has joined #openstack-keystone17:05
*** ddieterly is now known as ddieterly[away]17:07
*** code-R has quit IRC17:07
*** mvk has quit IRC17:08
*** jaosorior has quit IRC17:20
*** aswadr_ has quit IRC17:22
*** asettle has quit IRC17:26
*** roxanaghe has quit IRC17:27
*** roxanaghe has joined #openstack-keystone17:28
*** ddieterly[away] is now known as ddieterly17:31
*** asettle has joined #openstack-keystone17:34
*** TonyXu has quit IRC17:34
*** TonyXu has joined #openstack-keystone17:35
openstackgerritSteve Martinelli proposed openstack/keystone: Remove support for PKI and PKIz tokens  https://review.openstack.org/37447917:36
*** asettle has quit IRC17:36
openstackgerritSteve Martinelli proposed openstack/keystone: Remove support for PKI and PKIz tokens  https://review.openstack.org/37447917:51
*** ravelar has quit IRC17:55
*** ravelar has joined #openstack-keystone17:55
stevemarzzzeek: poke -- not sure if you caught my ping yesterday17:55
zzzeekstevemar: i may have missed it17:55
stevemarzzzeek: it was late at night :) but i had a question about changing the size of a column17:56
stevemarzzzeek: the story starts here: http://lists.openstack.org/pipermail/openstack-dev/2016-September/104743.html17:56
stevemarzzzeek: i wanted to know if doing that can be done online, so we don't have to take keystone offline to do that17:56
zzzeekstevemar: it shouldn't be an issue but jaypipes might be the best expert on if mysql has in the past had issues on that kind of migration17:57
stevemarzzzeek: alright, i can bug him when he's available, i figured it would depend on whatever database we end up using17:58
zzzeekstevemar: well we worry most about mysql.   older versions tend to hvae more of these problems17:59
zzzeekstevemar: also how big is this table17:59
zzzeekstevemar: if you are < 10K rows, do anything you want17:59
stevemarzzzeek: that'll depend on the deployment, it's resizing the project name... so yeah18:00
stevemarits like <10K for 90% of deployments, that dang 10% that makes things difficult18:00
zzzeekstevemar: usually I'll try to consider what reasonable sizes for the table would be...yeah18:00
stevemarlikely*18:01
zzzeekstevemar: googling suggests mysql still has issues w/ column size increases locking the table18:01
stevemarzzzeek: i'm not even sure why we have the name set to 64 anyway, maybe there's a reason there -- ayoung or dolphm may know18:01
stevemarzzzeek: womp womp18:01
stevemarzzzeek: even the newer versions?18:02
zzzeekstevemar: mmmm maybe18:03
morganhistory18:03
morganno reason otherwise18:03
zzzeekstevemar: i had heard they had improved this stuff but looking at 5.7's docs still loaded w/ caveats18:03
zzzeekstevemar: the painful way is, make new table w/ new column, copy all data from old table to new, then rename back.18:04
morganits mostly a keep the table smaller and keeping "name" base requests for auth to not be 255 chars18:04
zzzeekstevemar: alembic has this feature now and it is functional for mysql though you need to be careful w it18:04
morganbut in short, it can be increased18:04
*** ddieterly is now known as ddieterly[away]18:04
stevemarmorgan: thanks for the history lesson :)18:04
stevemarzzzeek: i was hoping it-would-just-work (tm) as of version 5.5 or whatever the default is on ubuntu 12.0418:05
zzzeekstevemar: mysql also has a LOCK clause which can impact this, though that's only in newer vresions and again im not sure what scenarios it takes effect within18:05
zzzeekstevemar: the canonical docs are http://dev.mysql.com/doc/refman/5.7/en/alter-table.html if you want to try to pick apart the discussion under "Storage, Performance, and Concurrency Considerations"18:05
stevemarzzzeek: creating a new table and copying the data, doesn't that mean we'll have to go offline (for the copying portion)18:06
*** mvk has joined #openstack-keystone18:06
stevemarzzzeek: cause race conditions and such, new project could be created with the same name18:06
zzzeekstevemar: well the copy runs in the background.  but yes then you get your race condition18:06
stevemarbah humbug18:07
zzzeekstevemar: you might have to just add a new column w/ new size and use that :)18:07
stevemar"new_name" make it super not helpful18:07
zzzeekstevemar: all you have to do is change the whole application everywhere to refer to both columns for the whole expanse of "O"18:07
zzzeekstevemar: dunno if you followed that convo everyone thought it was "easy" :)18:08
stevemarzzzeek: everything is always easy!18:08
zzzeekstevemar: as long as you never, ever use a trigger18:08
zzzeekthen your whole applcation melts into flames18:08
stevemarzzzeek: duh, triggers are the devil's work18:08
zzzeekstevemar: in this case id agree b.c. id just do the ALTER18:09
stevemar:)18:09
stevemarzzzeek: we'll see about this change, the OP was just poking to see if it's possible, sounds like he's still tinkering with something18:09
zzzeekstevemar: if the table is <10k in 90% of the cases, the other 10% is what, 20K ?  100K?  it's not a big deal til youre in the millions18:09
stevemarzzzeek: i'd be amazed if someone has 1M keystone projects somewhere18:09
stevemarmfisch`: how many projects do y'all have?18:10
stevemarmorgan: do you have any data points here?18:10
stevemardolphm: ?18:10
morganstevemar: nope18:11
ayoungstevemar, name for what ctable?18:19
stevemarayoung: the project name18:19
*** woodster_ has quit IRC18:20
ayoungstevemar, under 255 is indexable,  I've never heard an argument for shorter being better18:20
ayounghowever, I do suspect that the way the strings are stored is wasteful18:21
ayoungI have not looked in to the particulars, but my understanding is this18:21
ayoungfor a varchar > 255 all of the strings go into a single block, and the column itself holds a pointer to the start of the string (niot sure how the length is handled)18:22
ayoungif you do a varchar < 255, the column is a fixed width, and the data is right there in the column, so no additional lookup, and that is required to be able to build an index18:23
ayoungnow, if the column has something like a UUID, then you know that the right size is the length of a UUID;  32 chars, which is what we did to start18:24
*** gyee has quit IRC18:24
ayoungwhen we chose to do the HASH approach for the LDAP id_lookup table, we essentially ensured that most tables with user_ids in them would be half empty18:24
ayoungif we do the same for project name, and most project names are say, 15 characters long, we will have 255-15 characters per row that are blank18:25
ayoungfor the projec_name, however, this is probably OK, as the only table that takes the hit is the project table in keystone. Everything else should only refer to rows in that table by ID.18:26
ayoungstevemar, make sense?18:26
*** asettle has joined #openstack-keystone18:40
*** spzala has quit IRC18:40
*** spzala has joined #openstack-keystone18:41
morganayoung: varchar isn't that inefficient.18:44
morganthere are some issues with page sizes and overflows in some cases.18:44
*** ddieterly[away] is now known as ddieterly18:46
*** spzala has quit IRC18:46
*** ddieterly is now known as ddieterly[away]18:49
*** sdake has quit IRC18:50
*** sdake has joined #openstack-keystone18:50
*** code-R has joined #openstack-keystone18:53
*** ddieterly[away] is now known as ddieterly18:55
*** lamt has joined #openstack-keystone18:55
*** code-R_ has joined #openstack-keystone18:56
ayoungmorgan, stevemar so...policy stored in keystone.  We should either make it work, or kill it.  Preference?  Topic for the summit?18:56
morgani would kill it.18:56
morganhonestly18:56
ayoungmorgan, I'm leaning that way myself18:57
morgani think it hasn't been realized and has weird gaps. i also think the adoption of centralized policy like this is going to be hard.18:58
morganas in there are other priorities for the other projects18:58
*** code-R has quit IRC18:59
ayoungmorgan, and for security reasons, it feels like it should be treated as config, not data.18:59
morgan++18:59
ayoungmorgan, BTW, we just had an internal sprint retrospective.  The two things we demod were Fernet for Tripleo and The Novajoin service.  The Novajoin automatically enorllss a new server booted from nova into a FreeIPA instance using the Metadata extensions19:01
*** chris_hultin|AWA is now known as chris_hultin19:01
morgannice!19:01
ayoungI can work to get this demo'd for Keystone team in Barcelona, but I am wondering what the relationship there shouild be between that code and openstack proper19:02
morgannot sure.19:02
ayoungFreeIPA is an external project, but novajoin feels like it should be under Openstack19:02
ayoungNova would not want it ( I suspect) but it might make sense to have it under the  Keystone project, as it is identity19:03
ayoungThe other choices were Barbican and Tripleo19:03
morgani would make it non-big tent tbh19:03
ayoungIt probably should not be a stand-alone...too much overhead19:03
morganto start19:03
morganyou sure?19:03
morgani mean... it seems optional.19:03
ayoungWell, we want it as a pre-req for Tripleo19:03
morganso make it part of triple-o :)19:04
ayoungMaybe19:04
ayoungbut it also give a story for per-node identity19:04
ayoungAnd people have been asking for that for a long while19:04
ayoungPlus the IPA server is LDAP, and we are already the team that owns that.19:06
ayoungThe code is here for now https://github.com/rcritten/novajoin19:07
morganwell i'm not the PTL so i can't speak to if we want to adopt it19:08
morgan;)19:08
* morgan summons a wild stevemar19:08
* stevemar appears wildly19:09
morgan^19:09
*** asettle has quit IRC19:10
stevemarwell i have no idea what novajoin is, so i'm going to say no to adoption until i read about it :)19:10
morganayoung: you now have stevemar 's attention ;)19:11
stevemarmorgan: ayoung -- not really, in the osc meeting :P19:11
ayoungstevemar, I'll do one better, and walk through a demo at the summit.19:11
ayoungWe should at least be prepared to provide guidance for how to integrate it in with Openstack at large19:12
*** adrian_otto has joined #openstack-keystone19:29
*** yarkot has quit IRC19:39
*** thiagolib has quit IRC19:39
*** thiagolib has joined #openstack-keystone19:41
*** spilla has joined #openstack-keystone19:41
*** yarkot has joined #openstack-keystone19:42
*** flaper87 has quit IRC19:43
*** briancli1e has quit IRC19:43
*** AlexOughton has joined #openstack-keystone19:44
*** jlwhite_ has joined #openstack-keystone19:45
*** code-R_ has quit IRC19:49
*** evrardjp has quit IRC19:50
*** Alex_Oughton has quit IRC19:50
*** jlwhite has quit IRC19:50
*** samueldmq has quit IRC19:50
*** briancline has joined #openstack-keystone19:50
*** jlwhite_ is now known as jlwhite19:50
*** samueldmq has joined #openstack-keystone19:50
*** ChanServ sets mode: +v samueldmq19:50
*** evrardjp has joined #openstack-keystone19:51
*** artmr has quit IRC19:53
*** woodster_ has joined #openstack-keystone19:54
*** spzala_ has joined #openstack-keystone19:57
stevemarayoung: i'll release a new version of ksc for you next week, requirements freeze will be finally over20:01
stevemarayoung: you can do all your implied roles in osc20:01
*** ayoung has quit IRC20:01
*** spzala_ has quit IRC20:01
*** spzala has joined #openstack-keystone20:03
*** code-R has joined #openstack-keystone20:07
*** sdake has quit IRC20:08
*** asettle has joined #openstack-keystone20:11
*** ddieterly is now known as ddieterly[away]20:11
*** lamt has quit IRC20:12
*** asettle has quit IRC20:21
*** ayoung has joined #openstack-keystone20:27
*** ChanServ sets mode: +v ayoung20:27
bretonwow, go Steve20:32
*** catintheroof has quit IRC20:32
*** spilla has quit IRC20:32
openstackgerritMerged openstack/keystone: Fix typo in docstring  https://review.openstack.org/37821820:33
*** cburgess_ has quit IRC20:36
*** browne has quit IRC20:37
*** edmondsw has quit IRC20:37
*** tonytan4ever has quit IRC20:38
*** cburgess has joined #openstack-keystone20:38
*** ayoung has quit IRC20:39
*** ddieterly[away] is now known as ddieterly20:40
*** spzala has quit IRC20:43
*** spzala has joined #openstack-keystone20:43
*** melwitt has quit IRC20:44
*** briancline has quit IRC20:46
*** spzala has quit IRC20:48
*** spzala has joined #openstack-keystone20:49
*** antwash has joined #openstack-keystone20:51
antwashAnyone have any idea what the ResellerAdmin role is for -- and what permission it has in swift?20:51
*** melwitt has joined #openstack-keystone20:51
*** code-R has quit IRC20:51
*** melwitt is now known as Guest9922820:52
stevemarbreton: eh, i've been meaning to do it for a while, just good timing, lots of folks are not re-running, i think i actually have a chance20:52
*** amoralej|off has quit IRC20:53
*** briancline has joined #openstack-keystone20:53
*** spzala has quit IRC20:54
*** amoralej has joined #openstack-keystone20:55
*** lamt has joined #openstack-keystone20:56
*** spzala has joined #openstack-keystone20:57
stevemarrodrigods: do you plan on adding the additional assertions to the implied role tests? https://review.openstack.org/#/c/368498/2/keystoneclient/tests/unit/v3/test_roles.py ?21:00
*** lamt has quit IRC21:02
*** raildo has quit IRC21:02
*** spzala has quit IRC21:02
*** anteaya has quit IRC21:05
*** spzala has joined #openstack-keystone21:07
*** sdake has joined #openstack-keystone21:13
*** briancline has quit IRC21:14
*** briancline has joined #openstack-keystone21:19
*** gyee has joined #openstack-keystone21:22
*** ChanServ sets mode: +v gyee21:22
*** jaugustine has quit IRC21:23
openstackgerritKristi Nikolla proposed openstack/keystone: Devstack plugin for Federation  https://review.openstack.org/32062321:24
*** anteaya has joined #openstack-keystone21:28
*** ravelar has quit IRC21:33
*** adrian_otto has quit IRC21:35
*** haplo37_ has quit IRC21:37
*** tonytan4ever has joined #openstack-keystone21:38
*** haplo37_ has joined #openstack-keystone21:39
openstackgerritLance Bragstad proposed openstack/keystone: Ensure all v2.0 tokens are validated the same way  https://review.openstack.org/37265521:39
openstackgerritLance Bragstad proposed openstack/keystone: Make sure all v3 tokens are validated the same way  https://review.openstack.org/37108321:39
*** cnf has left #openstack-keystone21:40
*** tonytan4ever has quit IRC21:44
*** chris_hultin is now known as chris_hultin|AWA21:45
*** gagehugo has quit IRC21:47
*** adriant has joined #openstack-keystone21:51
*** browne has joined #openstack-keystone21:53
*** woodster_ has quit IRC22:00
*** spzala has quit IRC22:11
*** Guest99228 is now known as melwitt22:23
*** nkinder has quit IRC22:24
*** nicolasbock has quit IRC22:25
*** tonytan4ever has joined #openstack-keystone22:27
*** ayoung has joined #openstack-keystone22:28
*** ChanServ sets mode: +v ayoung22:28
*** iurygregory_ has joined #openstack-keystone22:47
*** ddieterly is now known as ddieterly[away]22:58
*** ayoung has quit IRC23:06
*** jamielennox is now known as jamielennox|away23:11
*** sdake has quit IRC23:12
*** ddieterly[away] is now known as ddieterly23:20
*** roxanaghe has quit IRC23:22
*** asettle has joined #openstack-keystone23:27
stevemarSpamapS: you get my top vote for TC just for that intro23:28
SpamapS:-D23:29
*** asettle has quit IRC23:32
*** tonytan4ever has quit IRC23:35
*** markvoelker has quit IRC23:36
openstackgerritEric Brown proposed openstack/keystone: Use httplib constants for http status codes  https://review.openstack.org/37985523:43
*** TonyXu has quit IRC23:43
openstackgerritEric Brown proposed openstack/keystone: Remove the unused docs makefile  https://review.openstack.org/37985723:48
*** ddieterly is now known as ddieterly[away]23:51
*** ayoung has joined #openstack-keystone23:51
*** ChanServ sets mode: +v ayoung23:51
*** browne has quit IRC23:52
*** jamielennox|away is now known as jamielennox23:52
*** ddieterly[away] has quit IRC23:54
*** sdake has joined #openstack-keystone23:55
« Wednesday, 2016-09-28 Index Friday, 2016-09-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!