Tuesday, 2016-10-11

*** jdennis has quit IRC00:00
*** jdennis has joined #openstack-keystone00:00
*** bigjools has quit IRC00:09
*** bigjools has joined #openstack-keystone00:11
*** bigjools has quit IRC00:11
*** bigjools has joined #openstack-keystone00:11
*** rderose has quit IRC00:12
*** sdake_ has quit IRC00:13
*** agrebennikov has quit IRC00:21
*** Marcellin__ has quit IRC00:27
*** Zer0Byte__ has quit IRC00:29
*** Zer0Byte__ has joined #openstack-keystone00:29
*** jamielennox is now known as jamielennox|away00:30
*** markvoelker has joined #openstack-keystone00:36
*** hoangcx has joined #openstack-keystone00:39
*** markvoelker has quit IRC00:41
*** sdake has joined #openstack-keystone00:47
*** jamielennox|away is now known as jamielennox00:48
*** gagehugo has quit IRC00:49
*** rderose has joined #openstack-keystone01:00
*** alex_xu has quit IRC01:05
*** alex_xu has joined #openstack-keystone01:08
*** davechen has joined #openstack-keystone01:11
*** markvoelker has joined #openstack-keystone01:12
*** Zer0Byte__ has quit IRC01:12
*** spzala has joined #openstack-keystone01:17
*** adrian_otto has quit IRC01:22
*** sdake has quit IRC01:31
*** browne has quit IRC01:34
*** guoshan has joined #openstack-keystone01:38
*** atod has joined #openstack-keystone01:43
*** guoshan has quit IRC01:43
openstackgerritGeorge Tian proposed openstack/keystone: Optimize remove unused variable  https://review.openstack.org/38436901:51
*** dave-mccowan has quit IRC01:59
*** tqtran has quit IRC02:01
*** yarkot has joined #openstack-keystone02:03
*** sdake has joined #openstack-keystone02:07
*** sdake has quit IRC02:07
*** sdake has joined #openstack-keystone02:07
*** sdake has quit IRC02:09
*** markvoelker has quit IRC02:10
*** markvoelker has joined #openstack-keystone02:10
openstackgerritDave Chen proposed openstack/keystone: Invalidate trust when the related project is deleted  https://review.openstack.org/38444402:12
*** sdake has joined #openstack-keystone02:12
*** rkrum has joined #openstack-keystone02:15
*** woodster_ has quit IRC02:15
ayoungjamielennox, sure02:15
ayoungjamielennox, BTW...first of the is_admin_project changes have been submitted02:16
*** browne has joined #openstack-keystone02:17
jamielennoxayoung: yea, i saw your tweet, nice to see that happen02:18
ayoungjamielennox, that might be my first actual patch for Nova yet.02:18
jamielennoxi hadn't got to actually changing the policy files because that's always dangerous, but yea i think we're probably there now02:18
*** browne has quit IRC02:21
ayoungjamielennox, nice thing about the way we did it is it is backwards compatible.  If no admin project is set, everything just behaves like it does now02:26
openstackgerritDave Chen proposed openstack/keystone: Remove the decorator where it's not applied  https://review.openstack.org/38479402:26
ayoungI only added new tests, didn't have to change the existing ones02:26
jamielennoxayoung: heh - yep, that's the bit that actually took all the work, was trivially easy to enforce it when is_admin_project was enabled in a cloud02:29
*** spzala has quit IRC02:33
*** spzala has joined #openstack-keystone02:33
openstackgerritGeorge Tian proposed openstack/keystone: Optimize code ,remove some redundant variable  https://review.openstack.org/38479802:36
*** spzala has quit IRC02:40
-openstackstatus- NOTICE: Jobs running on osic nodes are failing due to network issues with the mirror. We are temporarily disabling the cloud.02:48
*** spzala has joined #openstack-keystone02:48
*** bigjools has quit IRC02:50
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add wrapper classes for return-request-id-to-caller  https://review.openstack.org/26118802:52
*** bigjools has joined #openstack-keystone02:52
*** bigjools has joined #openstack-keystone02:52
*** sdake_ has joined #openstack-keystone02:56
*** sdake has quit IRC02:59
*** adrian_otto has joined #openstack-keystone03:06
openstackgerritJamie Lennox proposed openstack/keystoneauth: Add a service token wrapper  https://review.openstack.org/38480503:17
*** nicolasbock has quit IRC03:18
*** adriant has quit IRC03:43
*** ravelar has joined #openstack-keystone03:50
*** vern has quit IRC03:57
*** links has joined #openstack-keystone04:01
*** spzala has quit IRC04:13
*** spzala has joined #openstack-keystone04:13
*** lamt has quit IRC04:14
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add return-request-id-to-caller function(v2_0)  https://review.openstack.org/26744904:16
*** vern has joined #openstack-keystone04:17
*** spzala has quit IRC04:18
*** adrian_otto has quit IRC04:19
*** adrian_otto has joined #openstack-keystone04:20
*** robcresswell has quit IRC04:23
*** vern has quit IRC04:24
*** robcresswell has joined #openstack-keystone04:25
*** agireud has quit IRC04:36
*** agireud has joined #openstack-keystone04:43
*** adrian_otto has quit IRC04:50
*** tqtran has joined #openstack-keystone04:57
*** tqtran has quit IRC05:03
openstackgerritJamie Lennox proposed openstack/keystonemiddleware: Add service token to user token plugin  https://review.openstack.org/14161405:03
*** markvoelker has quit IRC05:13
*** markvoelker has joined #openstack-keystone05:15
*** markvoelker has quit IRC05:16
*** markvoelker has joined #openstack-keystone05:18
*** markvoelker has quit IRC05:18
*** ayoung has quit IRC05:18
*** markvoelker has joined #openstack-keystone05:19
*** ayoung has joined #openstack-keystone05:20
*** ChanServ sets mode: +v ayoung05:20
*** markvoelker has quit IRC05:20
*** ayoung has quit IRC05:22
*** markvoelker_ has joined #openstack-keystone05:25
*** markvoelker_ has quit IRC05:25
*** markvoelker has joined #openstack-keystone05:27
*** markvoelker has quit IRC05:28
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add return-request-id-to-caller function(v3)  https://review.openstack.org/26745605:28
*** markvoelker has joined #openstack-keystone05:28
*** rkrum has quit IRC05:31
*** adam_g` has quit IRC05:38
*** d0ugal has quit IRC05:40
*** richm has quit IRC05:40
*** d0ugal has joined #openstack-keystone05:41
*** markvoelker has quit IRC05:44
*** markvoelker has joined #openstack-keystone05:45
openstackgerritGeorge Tian proposed openstack/keystone: remove redundant code  https://review.openstack.org/38482405:54
*** guoshan has joined #openstack-keystone05:56
*** guoshan has quit IRC06:00
*** qwertyco has joined #openstack-keystone06:00
*** qwertyco has quit IRC06:01
*** qwertyco has joined #openstack-keystone06:02
*** rcernin has joined #openstack-keystone06:07
*** spzala has joined #openstack-keystone06:14
*** vern has joined #openstack-keystone06:17
*** adam_g has joined #openstack-keystone06:18
*** adam_g has quit IRC06:18
*** adam_g has joined #openstack-keystone06:18
*** spzala has quit IRC06:19
*** ravelar has quit IRC06:20
*** bjolo_ has joined #openstack-keystone06:21
*** vern has quit IRC06:26
openstackgerritMerged openstack/keystonemiddleware: Enable release notes translation  https://review.openstack.org/38322506:30
openstackgerritMerged openstack/keystonemiddleware: Changed the home-page link  https://review.openstack.org/38318306:35
*** pcaruana has joined #openstack-keystone06:36
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800306:40
openstackgerritMerged openstack/keystoneauth: Enable release notes translation  https://review.openstack.org/38322406:43
*** annp has joined #openstack-keystone06:48
*** vern has joined #openstack-keystone06:52
openstackgerritMerged openstack/keystoneauth: Implement caching for the generic plugins.  https://review.openstack.org/35950606:57
*** atod has quit IRC06:58
*** jaosorior has joined #openstack-keystone07:03
*** AlexeyAbashkin has joined #openstack-keystone07:14
*** Alexey_Abashkin_ has quit IRC07:17
*** flaper87 has quit IRC07:24
*** amoralej|off is now known as amoralej07:39
*** qwertyco has quit IRC07:39
*** hogepodge has quit IRC07:51
openstackgerritMaho Koshiya proposed openstack/python-keystoneclient: Add release notes for return-request-id-to-caller  https://review.openstack.org/27664407:56
*** markvoelker has quit IRC07:57
*** hogepodge has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** aloga has quit IRC08:10
*** hoangcx has quit IRC08:12
*** aloga has joined #openstack-keystone08:13
*** hoangcx has joined #openstack-keystone08:18
*** sdake_ has quit IRC08:21
*** asettle_ has joined #openstack-keystone08:28
*** bjolo__ has joined #openstack-keystone08:32
*** asettle_ has quit IRC08:32
*** asettle_ has joined #openstack-keystone08:32
*** hoangcx has quit IRC08:34
*** hoangcx has joined #openstack-keystone08:35
*** asettle_ is now known as asettle08:35
*** annp has quit IRC08:37
*** sc68cal has joined #openstack-keystone08:38
*** chrome0_ has joined #openstack-keystone08:39
*** oomichi_ has joined #openstack-keystone08:39
*** amoralej_ has joined #openstack-keystone08:40
*** davechen1 has joined #openstack-keystone08:40
*** annp has joined #openstack-keystone08:40
*** jraju has joined #openstack-keystone08:41
*** vern has quit IRC08:41
*** adam_g has quit IRC08:41
*** links has quit IRC08:41
*** yarkot has quit IRC08:41
*** davechen has quit IRC08:41
*** hoonetorg has quit IRC08:41
*** amoralej has quit IRC08:41
*** oomichi has quit IRC08:41
*** sc68cal_ has quit IRC08:41
*** bjolo has quit IRC08:41
*** andrewbogott has quit IRC08:41
*** hrybacki has quit IRC08:41
*** chrome0 has quit IRC08:41
*** vkramskikh has quit IRC08:41
*** wasmum has quit IRC08:41
*** dtroyer has quit IRC08:41
*** knikolla has quit IRC08:41
*** fungi has quit IRC08:41
*** baffle_ has quit IRC08:41
*** rm_work has quit IRC08:41
*** BrAsS_mOnKeY has quit IRC08:41
*** mgagne has quit IRC08:41
*** gus has quit IRC08:41
*** odyssey4me has quit IRC08:41
*** dstanek has quit IRC08:41
*** chris_hultin|AWA has quit IRC08:41
*** mjb` has quit IRC08:41
*** sudorandom has quit IRC08:41
*** charz has quit IRC08:41
*** tsufiev has quit IRC08:41
*** gerhardqux has quit IRC08:41
*** oomichi_ is now known as oomichi08:41
*** amoralej_ is now known as amoralej08:41
*** charz has joined #openstack-keystone08:41
*** yarkot has joined #openstack-keystone08:42
*** atod has joined #openstack-keystone08:43
*** hoangcx has quit IRC08:44
*** tsufiev has joined #openstack-keystone08:44
*** hoonetorg has joined #openstack-keystone08:46
*** atod has quit IRC08:48
*** hoangcx has joined #openstack-keystone08:48
*** gerhardqux has joined #openstack-keystone08:49
*** vern has joined #openstack-keystone08:49
*** adam_g has joined #openstack-keystone08:49
*** andrewbogott has joined #openstack-keystone08:49
*** hrybacki has joined #openstack-keystone08:49
*** vkramskikh has joined #openstack-keystone08:49
*** wasmum has joined #openstack-keystone08:49
*** dtroyer has joined #openstack-keystone08:49
*** knikolla has joined #openstack-keystone08:49
*** fungi has joined #openstack-keystone08:49
*** dstanek has joined #openstack-keystone08:49
*** baffle_ has joined #openstack-keystone08:49
*** rm_work has joined #openstack-keystone08:49
*** mgagne has joined #openstack-keystone08:49
*** gus has joined #openstack-keystone08:49
*** BrAsS_mOnKeY has joined #openstack-keystone08:49
*** odyssey4me has joined #openstack-keystone08:49
*** chris_hultin|AWA has joined #openstack-keystone08:49
*** mjb` has joined #openstack-keystone08:49
*** sudorandom has joined #openstack-keystone08:49
*** tepper.freenode.net sets mode: +v dstanek08:49
*** andrewbogott has quit IRC08:52
*** davechen1 has left #openstack-keystone08:53
*** andrewbogott has joined #openstack-keystone08:53
*** markvoelker has joined #openstack-keystone08:57
*** markvoelker has quit IRC09:03
*** adam_g has quit IRC09:06
openstackgerritTuan Luong-Anh proposed openstack/oslo.policy: Changed the home-page link  https://review.openstack.org/38488809:06
*** adam_g has joined #openstack-keystone09:08
*** adam_g has quit IRC09:08
*** adam_g has joined #openstack-keystone09:08
*** spzala has joined #openstack-keystone09:14
*** spzala has quit IRC09:19
*** vern has quit IRC09:24
*** openstack has joined #openstack-keystone09:29
*** jaosorior has quit IRC09:39
*** jaosorior has joined #openstack-keystone09:39
*** annp has quit IRC09:55
*** markvoelker has joined #openstack-keystone09:59
*** hoangcx has quit IRC10:02
*** markvoelker has quit IRC10:04
*** richm has joined #openstack-keystone10:13
*** jraju has quit IRC10:15
*** bjolo_ has quit IRC10:18
*** tqtran has joined #openstack-keystone10:20
*** sdake has joined #openstack-keystone10:23
*** tqtran has quit IRC10:24
*** mvk has quit IRC10:30
*** nicolasbock has joined #openstack-keystone10:33
*** alex_xu has quit IRC10:36
*** alex_xu has joined #openstack-keystone10:39
*** ravelar has joined #openstack-keystone10:41
*** ravelar has quit IRC10:46
*** markvoelker has joined #openstack-keystone10:59
*** mvk has joined #openstack-keystone11:01
*** markvoelker has quit IRC11:04
*** morgan has quit IRC11:07
*** links has joined #openstack-keystone11:09
*** basilAB has quit IRC11:09
*** basilAB has joined #openstack-keystone11:11
*** qwertyco has joined #openstack-keystone11:12
*** sdake_ has joined #openstack-keystone11:14
*** thebloggu has joined #openstack-keystone11:15
*** qwertyco has quit IRC11:15
*** sdake has quit IRC11:15
*** qwertyco has joined #openstack-keystone11:16
*** guoshan has joined #openstack-keystone11:27
*** guoshan has quit IRC11:31
*** jamielennox is now known as jamielennox|away11:36
*** adam_g has quit IRC11:43
*** openstackgerrit has quit IRC11:48
*** openstackgerrit has joined #openstack-keystone11:48
*** flaper87 has joined #openstack-keystone11:57
*** flaper87 is now known as Guest973811:58
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/37882912:00
*** markvoelker has joined #openstack-keystone12:00
*** amakarov has quit IRC12:00
*** Guest9738 has quit IRC12:01
*** markvoelker has quit IRC12:05
*** dave-mccowan has joined #openstack-keystone12:12
*** edmondsw has joined #openstack-keystone12:14
*** thebloggu has quit IRC12:16
*** openstackgerrit has quit IRC12:18
*** openstackgerrit has joined #openstack-keystone12:18
*** amoralej is now known as amoralej|lunch12:23
*** bjolo_ has joined #openstack-keystone12:27
*** markvoelker has joined #openstack-keystone12:43
*** qwertyco has quit IRC12:50
*** flaper87 has joined #openstack-keystone12:51
*** flaper87 has quit IRC12:51
*** flaper87 has joined #openstack-keystone12:51
*** fmarco76 has joined #openstack-keystone13:00
*** fmarco76 has quit IRC13:01
*** basilAB has quit IRC13:11
*** basilAB has joined #openstack-keystone13:14
*** jperry has joined #openstack-keystone13:14
*** spzala has joined #openstack-keystone13:14
*** Ephur has joined #openstack-keystone13:19
*** adam_g has joined #openstack-keystone13:22
*** adam_g has quit IRC13:22
*** adam_g has joined #openstack-keystone13:22
*** amoralej|lunch is now known as amoralej13:33
*** dave-mccowan has quit IRC13:39
*** haplo37_ has quit IRC13:40
*** lamt has joined #openstack-keystone13:42
*** haplo37_ has joined #openstack-keystone13:42
*** phalmos has joined #openstack-keystone13:54
*** adam_g has quit IRC13:54
*** guoshan has joined #openstack-keystone13:55
*** agrebennikov has joined #openstack-keystone13:56
*** jperry has quit IRC13:58
*** phalmos has quit IRC13:58
*** phalmos has joined #openstack-keystone13:58
*** guoshan has quit IRC13:59
*** medberry is now known as med_13:59
*** dave-mccowan has joined #openstack-keystone14:01
*** ravelar has joined #openstack-keystone14:04
*** rodrigods has quit IRC14:06
*** rodrigods has joined #openstack-keystone14:06
*** rcernin has quit IRC14:07
*** ravelar has quit IRC14:08
lbragstadstevemar jamielennox|away did openstack client get rid of the `credential` subcommand?14:12
*** chris_hultin|AWA is now known as chris_hultin14:12
rodrigodslbragstad, did you set OS_IDENTITY_API_VERSION ?14:13
lbragstadah - nope14:13
lbragstadI *always* forget that14:14
lbragstadthanks rodrigods14:14
bknudsoneveryone should be using clouds.yaml rather than env vars anyways.14:14
rodrigodsme too14:14
stevemar or we should default to v3 :D14:16
lbragstadfrom an osc perspective - these seem like duplicates https://bugs.launchpad.net/horizon/+bug/1236326 and https://bugs.launchpad.net/keystone/+bug/146049214:17
openstackLaunchpad bug 1236326 in python-keystoneclient "AttributeError: 'Client' object has no attribute 'ec2'" [High,Fix released] - Assigned to Jamie Lennox (jamielennox)14:17
openstackLaunchpad bug 1460492 in python-openstackclient "List credentials by type" [Wishlist,Confirmed]14:17
lbragstadI think we can mark https://bugs.launchpad.net/keystone/+bug/1460492 as fix released - but you have to be using v3 in order to use ec2 credentials don't you?14:18
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/37882914:18
openstackgerritSamuel Pilla proposed openstack/keystone: Document OS-SIMPLE-CERT Routes  https://review.openstack.org/38502814:18
lbragstadstevemar do we want to make the `ec2` subcommand behave exactly like the `credential` subcommand? Where it isn't displayed unless OS_IDENTITY_API_VERSION=3?14:21
*** iurygregory_ has joined #openstack-keystone14:22
stevemarlbragstad: no, ec2 cred are fine for v214:22
lbragstadstevemar thanks - i'm going to close out https://bugs.launchpad.net/keystone/+bug/1460492 then14:22
openstackLaunchpad bug 1460492 in python-openstackclient "List credentials by type" [Wishlist,Fix released]14:22
*** diltram has left #openstack-keystone14:22
stevemarlbragstad: what about if i want to list my totp credentials? :)14:24
lbragstadstevemar those aren't stored as `cert`?14:25
*** bjolo_ has quit IRC14:28
stevemarlbragstad: i haven't looked at it in a while, but i imagine that 'credentials list' could use a --filter option to see the ones stored as blobs/cert/totp/ec214:32
lbragstadstevemar yeah - you're right14:32
lbragstadstevemar i left a comment on the bug - saying I shouldn't have closed it14:33
lbragstadstevemar since I'm not a driver in the openstackclient world - can you switch this back to Confirmed for openstackclient https://bugs.launchpad.net/keystone/+bug/146049214:33
openstackLaunchpad bug 1460492 in python-openstackclient "List credentials by type" [Wishlist,Fix released]14:33
stevemarlbragstad: done14:40
lbragstadstevemar thanks14:41
*** sdake_ is now known as sdake14:42
*** gagehugo has joined #openstack-keystone14:46
*** ravelar has joined #openstack-keystone14:47
*** jperry has joined #openstack-keystone14:51
*** phalmos has quit IRC14:55
*** spzala has quit IRC14:55
*** guoshan has joined #openstack-keystone14:55
*** spzala has joined #openstack-keystone14:56
*** guoshan has quit IRC15:00
*** spzala has quit IRC15:00
*** phalmos has joined #openstack-keystone15:03
*** adrian_otto has joined #openstack-keystone15:03
*** slberger has joined #openstack-keystone15:06
*** slberger has left #openstack-keystone15:07
*** slberger1 has joined #openstack-keystone15:15
*** slberger1 has left #openstack-keystone15:15
*** ruoyu has joined #openstack-keystone15:15
*** phalmos has quit IRC15:16
ruoyuHello everyone! I have one openstack controller node and one compute node. When I try to run openstack command in the compute node I got "SSH exception". The error message is: "ERROR (SSLError): SSL exception connecting to https://controller-215-ruoyu.staging.moc.edu:35357/v2.0/tokens: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)" Does anyone know how to fi15:17
ruoyux that? Thank you!15:17
openstackgerritMerged openstack/oslo.policy: Changed the home-page link  https://review.openstack.org/38488815:18
*** gagehugo has quit IRC15:19
*** gagehugo has joined #openstack-keystone15:22
*** nishaYadav has joined #openstack-keystone15:23
nishaYadavhey all!15:23
*** gagehugo has quit IRC15:24
*** jistr is now known as jistr|biab15:25
*** pcaruana has quit IRC15:31
*** slberger has joined #openstack-keystone15:32
*** slberger has left #openstack-keystone15:32
*** atod has joined #openstack-keystone15:43
*** ruoyu has quit IRC15:45
*** spzala has joined #openstack-keystone15:45
nishaYadavhey rodrigods15:54
*** links has quit IRC15:54
nishaYadavhey stevemar, congrats :)15:54
nishaYadavI was going through this documentation, https://github.com/openstack/tripleo-quickstart which says, You will need a host machine (referred to as $VIRTHOST) with at least 16G of RAM, preferably 32G. Is there any other way to setup environment using tripleo-quickstart?16:01
*** Ephur has quit IRC16:03
*** Ephur has joined #openstack-keystone16:07
*** jistr|biab is now known as jistr16:07
*** atod has quit IRC16:08
stevemarthanks nishaYadav :)16:08
nishaYadavOr should I follow this link, http://docs.openstack.org/developer/tripleo-docs/environments/environments.html. It says, I need 3 VM with at least 4 GB of memory and 32 GB free memory in  baremetal machine.16:09
nishaYadavI have 8 GB RAM in my host machine16:09
*** andrewbogott has quit IRC16:13
*** andrewbogott has joined #openstack-keystone16:13
*** ruoyu has joined #openstack-keystone16:19
*** phalmos has joined #openstack-keystone16:19
*** nicolasbock has quit IRC16:26
*** nicolasbock has joined #openstack-keystone16:26
*** morgan has joined #openstack-keystone16:27
stevemarreminder to add to the keystone meeting agenda16:32
*** browne has joined #openstack-keystone16:32
*** jaosorior has quit IRC16:33
*** ruoyu has quit IRC16:33
*** hoonetorg has quit IRC16:35
*** hoonetorg has joined #openstack-keystone16:48
*** haplo37_ has quit IRC16:48
*** haplo37_ has joined #openstack-keystone16:50
*** nishaYadav has quit IRC16:53
*** nishaYadav has joined #openstack-keystone16:56
*** nishaYadav is now known as Guest1525016:56
*** Guest15250 is now known as nishaYadav__16:58
*** nishaYadav__ is now known as nishaYadav_16:58
*** Ephur has quit IRC17:02
*** lamt has quit IRC17:03
*** Ephur has joined #openstack-keystone17:04
*** asettle has quit IRC17:04
*** iurygregory_ has quit IRC17:10
*** ayoung has joined #openstack-keystone17:11
*** ChanServ sets mode: +v ayoung17:11
*** tqtran has joined #openstack-keystone17:11
*** ayoung has quit IRC17:12
*** ayoung has joined #openstack-keystone17:13
*** ChanServ sets mode: +v ayoung17:13
*** ayoung has quit IRC17:14
*** clenimar has quit IRC17:16
*** iurygregory has quit IRC17:16
*** ayoung has joined #openstack-keystone17:17
*** ChanServ sets mode: +v ayoung17:17
knikollastevemar, skipped unit tests on py27 http://paste.openstack.org/show/585363/17:18
*** clenimar has joined #openstack-keystone17:25
*** nishaYadav__ has joined #openstack-keystone17:26
*** nishaYadav__ is now known as nishaYadv_17:27
*** iurygregory has joined #openstack-keystone17:29
*** nishaYadav_ has quit IRC17:29
*** jaugustine has joined #openstack-keystone17:34
stevemarknikolla: interesting17:41
stevemarknikolla: the postgresql and mysql+pymysql ones should be runnable now17:41
knikollastevemar, thats on my setup. i just clonned and ran tox -epy27 without any special configuration.17:42
knikollaubuntu 14.0417:42
stevemarknikolla: bug 1381961 is fixed, that test should be unskipped17:42
openstackbug 1381961 in OpenStack Identity (keystone) "Keystone API GET 5000/v3 returns wrong endpoint URL in response body" [Low,Fix released] https://launchpad.net/bugs/1381961 - Assigned to Steve Martinelli (stevemar)17:42
stevemarknikolla: we should probably de-couple the ldap stuff a bit more17:43
*** gagehugo has joined #openstack-keystone17:49
*** atod has joined #openstack-keystone17:53
lbragstadrderose your pci-dss doc patch looks good - https://review.openstack.org/#/c/374422/717:54
lbragstadI just have a couple minor comments and i'll happily kick it through17:54
lbragstador if a subsequent patch is posted :)17:54
rderosecool, thanks :)17:54
lbragstadrderose thank you for adding the docs!17:54
*** atod has quit IRC17:58
stevemarkeystone meeting time!17:58
*** spilla has joined #openstack-keystone17:58
*** amoralej is now known as amoralej|off17:59
*** lamt has joined #openstack-keystone17:59
*** mvk has quit IRC18:04
*** jamielennox|away is now known as jamielennox18:10
*** bjolo_ has joined #openstack-keystone18:11
*** dikonoor has joined #openstack-keystone18:13
*** Zer0Byte__ has joined #openstack-keystone18:18
lbragstadjamielennox did your token persistence expires at refactor get merged?18:33
jamielennoxlbragstad: so the thing you and i were looking at with moving the validation out of persistence store got merged, but that's all so far18:34
*** hoonetorg has quit IRC18:35
mtreinishstevemar: what are you having me review?18:41
stevemarmtreinish: tempest patches, eventually :P18:44
*** dikonoor has quit IRC18:45
mtreinishah, ok18:45
nishaYadv_mtreinish, I would be start working on the tempest tests. Thanks for support18:48
*** hoonetorg has joined #openstack-keystone18:51
openstackgerritMerged openstack/keystone: Remove the decorator where it's not applied  https://review.openstack.org/38479418:58
*** spzala has quit IRC19:09
*** spzala has joined #openstack-keystone19:09
*** spzala has quit IRC19:14
*** spilla has quit IRC19:17
*** bjolo_ has quit IRC19:22
*** jperry has quit IRC19:23
lbragstadayoung yes - chain starts here https://review.openstack.org/#/c/371083/19:25
ayoungand the last is One validate method to rule them all...19:26
ayoungstevemar, your -1 is due to the comment?  Looks like lbragstad addressed that.  Any reason to leave the -1?19:26
nishaYadv_stevemar, I am thinking of submitting the patches first for the tempest tests. I have noted down the bugs/tasks discussed in the meeting, will work/pick them up after submitting tempest test patches.19:27
ayounglbragstad, https://review.openstack.org/#/c/371083/6/keystone/token/providers/common.py  why is there a change in _populate_roles?19:28
lbragstadayoung that makes it so that we can validate the oauth stuff and pull the oauth roles19:31
ayounglbragstad, was it incorrecly pulling the roles before?19:31
lbragstadwe're essentially rebuilding the oauth roles online - the same way we do with fernet token s19:31
nishaYadv_stevemar, will start work tomorrow, pretty late here. Thanks again, see ya19:31
lbragstadayoung not incorrectly - it was just caching them in the token reference19:31
*** nishaYadv_ has quit IRC19:31
*** spzala has joined #openstack-keystone19:38
ayounglbragstad, https://review.openstack.org/#/c/372655/7/keystone/token/providers/common.py  looks really similar to the last patch.  Why is the code duplicated>19:38
stevemarrderose lbragstad to whom do i assign https://blueprints.launchpad.net/keystone/+spec/shadow-mapping to?19:39
rderosestevemar: both?19:39
lbragstadayoung the way that I worked through it was making it so that all v3 tokens are validated the same way, then i did the same thing with v2.0 tokens19:40
lbragstadayoung so you're right - the logic is duplicated19:40
rderosestevemar: or, I'm okay with lbragstad; but I'd like to contribute :)19:40
lbragstadbut only to consolidate them all into a single method later on19:40
ayounglbragstad, couldn't you have deleted the v2 function at that point and had v2 call the v3 function?19:40
stevemarrderose: i'll leave it as you for now, you two can work it out19:40
ayoungdoes that happen in a later patch?19:40
lbragstadayoung essentially - that happens in a later patch19:40
rderosestevemar: cool19:40
lbragstadayoung the end state is that the token and auth controllers call self.token_provider_api.validate_token(token_id) when they need to validate a token, and they get back a token reference that is formatted like a v3 token19:41
lbragstadayoung in the case of the token controller - it will translate the v3 reference to a v2.0 reference19:42
*** atod has joined #openstack-keystone19:42
ayounglbragstad, I understand where you are going.  Just trying to make sure I track each step along the way.  Looks right thus far19:42
lbragstadayoung cool - yeah it's a lot of patches and a lot of code, so I tried to keep each change as minimal as possible19:43
ayounglbragstad, "validate_token" is the good name,.  Why'd you yank it and leave validate_v3_token?19:44
lbragstadayoung it helped me isolate which areas of the tests were using validate_v3_token and validate_v2_token19:45
lbragstadin a subsequent patch - i name validate_v3_token to validate_token and use that as the master of all validate token calls19:45
*** atod has quit IRC19:46
*** dave-mccowan has quit IRC19:48
*** Ephur has quit IRC19:49
ayoungstevemar, how are stable cherry picvks supposed to look?  https://review.openstack.org/#/c/383846  comment?19:50
*** lamt has quit IRC19:51
openstackgerritSteve Martinelli proposed openstack/keystone: [api] remove `user_id` and `project_id` from policy  https://review.openstack.org/38513419:51
ayounglbragstad, https://review.openstack.org/#/c/380663/3/keystone/tests/unit/token/test_backends.py  don't we rely on unscoped tokens failing validation to keep people from using them on Nova etc?19:52
lbragstadayoung that token will still fail validation19:53
stevemarlbragstad: easy API patch if you want to squash another bug https://review.openstack.org/38513419:53
ayounglbragstad, OK19:53
lbragstadayoung I am just removing calls to validate_v2_token since I am removing it from the interface in preparation for a single validate method19:54
stevemarayoung: typically they include a line (cherry-picked from commit <commit)19:54
stevemarayoung: see https://review.openstack.org/#/c/382135/ for example19:54
ayoungRight, got it...noice19:54
*** haplo37_ has quit IRC19:54
stevemarayoung: i'll fix it quickly19:54
ayoungstevemar, does formatting count?  Need to be in parens, end of comment etc?19:54
*** jperry has joined #openstack-keystone19:54
ayoungstevemar, I have it open19:54
stevemarayoung: okay you fix -- yes it does count19:55
stevemarso it should be19:55
lbragstadayoung  so i think at that point - we only have a validate_non_persistent_token() and validate_v3_token() method, both of which return v3 token references,19:55
stevemarthe last line19:55
ayoungstevemar, so exactly like that one...will fix19:55
stevemar(cherry-picked from commit 432fa4acd6d6297fdfd32de86a043488b87c7c43)19:55
ayoungThere ya go.19:55
*** haplo37_ has joined #openstack-keystone19:57
stevemarayoung: you push the new change?19:58
stevemarah there it is19:59
ayoungstevemar, so learned something horrible about AD this week.  It turns out, it supports nested groups, and people use it heavily.19:59
ayoungAnd it is NASTY19:59
ayoungbascially, you need 2 new filters, one for user->groups and another for group->users20:00
ayounglbragstad, so  I think you should keep going20:04
ayoungI think that you can probably inline the return self.v3_token_data_helper.get_token_data(  at this point, too20:04
ayoungrequesting and validating a token should be 98% the same20:04
lbragstadayoung exactly - that's going to be our next step20:13
lbragstadayoung the issue token path should only have to validate a few pieces of information out of the authentication request and persist them, if necessary20:14
lbragstadafter that it should be able to leverage the same path to construct the token reference as the validate path does20:14
ayounglbragstad, I can get behind it.  Is that work underway?20:14
lbragstadayoung I can start that whenever - i wanted to get feedback on the validate approach first20:15
*** gyee has joined #openstack-keystone20:19
*** ChanServ sets mode: +v gyee20:19
*** adrian_otto has quit IRC20:22
ayounglbragstad, I want the code base to shrink...20:24
ayoungit looks good.  I can +2 what I've seen20:24
lbragstadayoung awesome - thanks for the reviews20:24
lbragstadit's getting better20:24
ayounglbragstad, I think that, once we have this, the code to reduce the number of revocation events will become much simpler, too20:25
*** lamt has joined #openstack-keystone20:26
ayounglbragstad, this one https://review.openstack.org/#/c/285134/20:27
ayoungI had to chop out a bunch of the caching to get it to even come close to running, but the way you are rebuilding the tokens should make that easier to work around20:27
lbragstadayoung ah - yep20:28
lbragstadonce we have everything in place to rebuild the tokens on validate regardless of format it should be easier to drop those20:28
ayoungbknudson was working on the same idea here it seems https://review.openstack.org/#/c/378047/20:28
lbragstadsince it makes revoke by domain id and revoke by project id irrelevant20:28
bknudsonI haven't had time to work on that one.20:29
stevemaranyone want to pick it up?20:30
bknudsonmaybe rderose was willing to.20:30
lbragstadhttps://review.openstack.org/#/c/378047/ might not be needed after https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:cleanup-token-provider20:32
lbragstadbecause that chain should force all tokens to be reconstructed20:32
rderosestevemar bknudson lbragstad: we may not need it with ravelar's latest20:33
bknudsonwe still want to have fewer revocation events20:34
rderosetrue, but it would be less of a priority (I think)20:34
rderosestevemar bknudson: I think ravelar can take over fewer revocation events20:37
rderoseron throws ravelar under the bus20:38
rderoseI know that was something he was looking at20:38
*** sdake_ has joined #openstack-keystone20:39
stevemarrderose: you're learning very fast20:40
*** sdake has quit IRC20:41
rderosestevemar: oh yeah20:41
ravelarbknudson stevemar rderose I am fine with taking it over :)20:43
rderoseravelar: ++20:44
*** adrian_otto has joined #openstack-keystone20:44
openstackgerritMerged openstack/keystone-specs: Allow retrieving an expired token  https://review.openstack.org/38136120:45
stevemarrderose: can you look at https://review.openstack.org/#/c/385134/ quickly :)20:47
*** sdake has joined #openstack-keystone20:51
*** sdake_ has quit IRC20:53
*** ravelar has quit IRC20:55
*** ravelar has joined #openstack-keystone21:01
rderosestevemar: sure21:02
rderosestevemar: done21:05
*** ravelar has quit IRC21:12
*** maliniB has joined #openstack-keystone21:15
*** jperry has quit IRC21:15
*** mvk has joined #openstack-keystone21:22
*** dflorea has joined #openstack-keystone21:33
dfloreaHi. I have a question about the Keystone v3 API. We currently use Jclouds which only supports v2 unfortunately. Is there any way to configure Keystone for both v2 and v3? I searched around but came up empty.21:43
*** atod has joined #openstack-keystone21:45
*** ravelar has joined #openstack-keystone21:48
*** adriant has joined #openstack-keystone21:49
bknudsondflorea: keystone supports both v2 and v3 unless you disable one of them in the paste pipeline.21:51
dflorea@bknudson Thanks. So a user should be able to configure v2 and v3 concurrently?21:53
bknudsondflorea: what do you mean by user? what are they configuring?21:53
*** jaugustine has quit IRC21:54
dfloreabknudson: I mean a user deploying the OpenStack Keystone service. Can they configure Keystone to use either v2 or v3 at the same time? Or is it one or the other?21:55
bknudsondflorea: keystone supports both v2 and v3 by default.21:56
bknudsonat the same time21:56
browneyes, but typically the service catalog is configured with either v2 or v3.  that does affect things21:57
dfloreabknudson: Perfect. If there is any doc link you can point me to, that would be great. My company sells a storage appliance that connects into Keystone. We use Jclouds to connect, which means we can only use v2.21:57
dfloreaCustomers on the other hand want to use the latest v3 API. So if they can configure Keystone to do both, then they get the v3 API they want and we make Jclouds happy with v2 support.21:58
bknudsonI wouldn't say your product supports what customers want if they want v3 and you only use v221:59
bknudsonyour customers probably want v3 so that they can support multiple domains, and v2 doesn't support domains.21:59
bknudsonlooks like jclouds is open source, seems like it would be easy enough to get it to support v3.22:00
dfloreaIt's not perfect for sure. But we use a very small subset of the API to connect into Keystone. My choices are to wait for the Jclouds library to catch up to the v3 API or move to a different library.22:00
bknudsonjclouds says "giving you full control to use cloud-specific features." which is apparently a lie since it only supports v2.22:01
*** agrebennikov has quit IRC22:01
dfloreaThis is where it's at: https://issues.apache.org/jira/browse/JCLOUDS-11422:02
*** zigo has quit IRC22:02
*** dflorea has quit IRC22:02
bknudson"got bogged down in the complexity of the jclouds code and ultimately we ended up using openstack4j instead."22:03
*** zigo has joined #openstack-keystone22:05
*** zigo is now known as Guest5063022:05
*** dflorea has joined #openstack-keystone22:06
*** gagehugo has quit IRC22:07
*** gagehugo has joined #openstack-keystone22:07
*** gagehugo has quit IRC22:08
dfloreaWhat I meant is that link is the latest at jclouds. Option #3 is to go fix jclouds ourselves of course. But concurrent v3/v2 Keystone configuration is a good stopgap. Thanks.22:08
*** gagehugo has joined #openstack-keystone22:08
*** gagehugo has quit IRC22:08
*** spzala has quit IRC22:15
*** spzala has joined #openstack-keystone22:16
*** chris_hultin is now known as chris_hultin|AWA22:18
*** ravelar has quit IRC22:20
*** spzala has quit IRC22:20
*** dflorea has quit IRC22:39
*** dflorea has joined #openstack-keystone22:41
*** lamt has quit IRC22:45
*** lamt has joined #openstack-keystone22:45
*** lamt has quit IRC22:50
*** iurygregory_ has joined #openstack-keystone22:55
*** adrian_otto has quit IRC22:55
*** Zer0Byt__ has joined #openstack-keystone22:59
*** Zer0Byte__ has quit IRC23:01
*** haplo37_ has quit IRC23:03
*** ravelar has joined #openstack-keystone23:05
*** haplo37_ has joined #openstack-keystone23:05
*** dflorea has quit IRC23:09
*** Zer0Byt__ has quit IRC23:10
*** dflorea has joined #openstack-keystone23:14
*** sdake has quit IRC23:16
*** dflorea has quit IRC23:20
*** Zer0Byte__ has joined #openstack-keystone23:25
*** spzala has joined #openstack-keystone23:28
*** iurygregory_ has quit IRC23:30
*** dflorea has joined #openstack-keystone23:30
*** edmondsw has quit IRC23:30
*** david-lyle has joined #openstack-keystone23:31
*** spzala has quit IRC23:33
*** david-lyle has quit IRC23:34
*** david-lyle has joined #openstack-keystone23:35
*** dflorea has quit IRC23:38
*** david-lyle has quit IRC23:38
*** ravelar has quit IRC23:38
*** david-lyle has joined #openstack-keystone23:39
*** lamt has joined #openstack-keystone23:39
*** iurygregory_ has joined #openstack-keystone23:41
openstackgerritAndreas Jaeger proposed openstack/oslo.policy: Enable release notes translation  https://review.openstack.org/38332023:48
*** david-lyle has quit IRC23:49
*** sdake has joined #openstack-keystone23:50
*** sdake_ has joined #openstack-keystone23:51
*** david_cu has joined #openstack-keystone23:54
*** hrybacki has quit IRC23:54
*** hrybacki has joined #openstack-keystone23:55
*** sdake has quit IRC23:55
*** guoshan has joined #openstack-keystone23:56
*** rkrum has joined #openstack-keystone23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!