Wednesday, 2016-10-19

« Tuesday, 2016-10-18 Index Thursday, 2016-10-20 »
jlkFun question, is db_sync --expand / --migrate / --contract idempotent? Lets say I run our upgrade playbook twice, will it fail horribly if it tries to --expand a db that's already been --contract ed?00:01
stevemarjlk: nope! it's still experimental so we haven't enforced that yet00:05
jlkcraaaaaap00:05
stevemarjlk: refer to bugs: https://bugs.launchpad.net/keystone/+bug/1615024 and https://bugs.launchpad.net/keystone/+bug/161501400:06
openstackstevemar: Error: Could not gather data from Launchpad for bug #1615024 (https://launchpad.net/bugs/1615024). The error has been logged00:06
jlkI have to bake something int our stuff then to work around that00:06
openstackLaunchpad bug 1615014 in OpenStack Identity (keystone) "Prevent --expand, --migrate, --contract from being run out of order" [Low,Triaged] - Assigned to Henry Nash (henry-nash)00:06
stevemaraaaand https://bugs.launchpad.net/keystone/+bug/162311700:06
openstackLaunchpad bug 1623117 in OpenStack Identity (keystone) "Prevent keystone from serving requests when schema or data migrations are not up to date" [Medium,New]00:06
stevemarjlk: you upgrading like that now? not sticking to the minimal downtime approach?00:07
jlkGoing to give it a try for Mitaka -> Newton00:07
jlkfor keystone, nova, and neutron00:07
stevemarjlk: okay, we're eager to hear feedback00:08
jlkMostly I'm worried that if our upgrade fails and we start over, we would attempt another round of expand, migrate, and contract.00:08
jlkI'd hope they'd noop and return 000:08
stevemarjlk: do you store any credentials in keystone? using the /v3/credentials or ec2 API?00:08
jlkno, I don't believe we're storing any credentials00:08
stevemarjlk: then you'll be fine00:08
jlkbut for the sake of argument...00:08
stevemarjlk: the only tricky part of the migrate this time around is that we encrypt credentials while the --migrate is run, so in the case of a new credential being created it's weird00:09
stevemarbut if you don't have any, you'll be safe00:09
jlkI don't _think_ we do00:09
*** mserngawy_ has quit IRC00:10
*** guoshan has quit IRC00:10
jlkoh, neutron isn't live yet. Still have to coordinate and shut down all neutron-server to do the contract.00:11
*** guoshan has joined #openstack-keystone00:11
jlkI'm doing this now so that I have something to talk about at Summit next week :)00:14
jamielennoxstevemar: we forceably encrypt credentials? i thought you had to set that up yourself00:14
jamielennoxopt-in like00:14
*** guoshan_ has joined #openstack-keystone00:15
*** guoshan has quit IRC00:15
jamielennoxthe problem for credential storage keys is the same as fernet keys, what jlk is looking at doesn't have a key distribution story00:17
stevemarjlk: we would love all kinds of feedback00:17
stevemarjamielennox: we do enforce credential encryption as of newton00:18
stevemarjamielennox: you have to run keystone-manage credential_setup before upgrading (or on a fresh install)00:19
jamielennoxstevemar: thats quite a barrier, as you need the same keys on all your keystone nodes00:21
stevemarjamielennox: yes, but this was a gaping hole for far too long and folks who setup fernet can re-use the same approach00:21
stevemarjamielennox: actually....00:21
stevemarjamielennox: we supported the null key encryption right, so you don't have to actually setup any proper keys, just run the stinkin command00:22
jamielennoxstevemar: the command will generate keys, if we support null why would i need to run the command at all?00:23
jamielennoxit seems to work without it, but i don't do much credential work00:24
stevemaryou don't have to run the command actually, we'll support it with a null key00:24
stevemarthats how rdo was fixed00:24
stevemarthey don't run the command00:24
stevemargrenade does00:24
jamielennoxexcellent - so nothing to do here :)00:25
*** LamT__ has quit IRC00:32
*** adrian_otto has joined #openstack-keystone00:37
*** adrian_otto has quit IRC00:42
*** guoshan_ has quit IRC00:45
*** adrian_otto has joined #openstack-keystone00:46
*** adrian_otto has quit IRC00:52
openstackgerritRon De Rose proposed openstack/keystone: Validate mapping exists when creating/updating a protocol  https://review.openstack.org/36239700:55
*** tqtran has quit IRC01:00
*** hoangcx has joined #openstack-keystone01:02
*** Zer0Byte__ has quit IRC01:15
*** davechen has joined #openstack-keystone01:21
*** guoshan has joined #openstack-keystone01:30
*** adrian_otto has joined #openstack-keystone01:40
*** markvoelker has joined #openstack-keystone01:43
*** asettle has joined #openstack-keystone01:47
*** browne has quit IRC01:49
*** markvoelker has quit IRC01:49
*** iurygregory_ has quit IRC01:49
*** asettle has quit IRC01:51
*** jperry has joined #openstack-keystone01:56
openstackgerritliujunpeng proposed openstack/keystone: Fix LOG.warn to LOG.warning  https://review.openstack.org/38827901:57
*** wangqun has joined #openstack-keystone02:01
*** phalmos has quit IRC02:02
*** chlong has joined #openstack-keystone02:16
*** kiran-r has quit IRC02:20
*** agrebennikov has quit IRC02:23
*** flwang1 has quit IRC02:27
*** kiran-r has joined #openstack-keystone02:27
*** dave-mccowan has quit IRC02:29
*** kiran-r has quit IRC02:47
*** guoshan has quit IRC02:55
*** nicolasbock has quit IRC02:56
*** guoshan has joined #openstack-keystone02:58
stevemardavechen: thanks for the quick -2 there ^03:06
openstackgerritMerged openstack/keystone: Tweak api-ref for v3 groups status codes  https://review.openstack.org/36779303:11
davechenstevemar: np, looks like the change is attractive, I saw it was tried many time before. :)03:14
openstackgerritRichard Avelar proposed openstack/keystone: Remove unused statements in matches  https://review.openstack.org/38754803:14
stevemardavechen: yeah, i've seen it three times now :(03:15
*** gagehugo has quit IRC03:17
*** code-R has joined #openstack-keystone03:41
*** code-R_ has joined #openstack-keystone03:43
*** tqtran has joined #openstack-keystone03:45
*** code-R has quit IRC03:45
*** links has joined #openstack-keystone03:46
*** tqtran has quit IRC03:50
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/38831703:51
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/38831803:51
openstackgerritJamie Lennox proposed openstack/keystone: Allow fetching an expired token  https://review.openstack.org/38209803:52
*** guoshan has quit IRC03:57
stevemarjamielennox: release note that dude ^04:05
jamielennoxstevemar: damnit, i always forget thta04:07
openstackgerritJamie Lennox proposed openstack/keystone: Allow fetching an expired token  https://review.openstack.org/38209804:11
*** code-R has joined #openstack-keystone04:11
*** code-R_ has quit IRC04:11
*** adrian_otto1 has joined #openstack-keystone04:14
*** davechen has quit IRC04:16
*** adrian_otto has quit IRC04:17
*** trananhkma has joined #openstack-keystone04:19
*** code-R_ has joined #openstack-keystone04:22
*** code-R has quit IRC04:25
*** adriant has quit IRC04:25
*** GB21 has joined #openstack-keystone04:29
stevemarjamielennox: old age finally catching up to you04:31
*** dikonoor has joined #openstack-keystone04:33
openstackgerritSteve Martinelli proposed openstack/keystone: Allow fetching an expired token  https://review.openstack.org/38209804:34
*** kiran-r has joined #openstack-keystone04:38
*** kiran-r has quit IRC04:43
jamielennoxwhat are we up to now - api version wise?04:48
*** jperry has quit IRC04:53
stevemarjamielennox: 3.8... i think04:54
stevemarlet me check04:54
stevemarhttps://github.com/openstack/keystone/blob/master/keystone/version/controllers.py#L142-L16004:54
stevemarjamielennox: yeah, 3.8 will be ocata04:55
*** kiran-r has joined #openstack-keystone04:55
*** guoshan has joined #openstack-keystone04:58
openstackgerritJamie Lennox proposed openstack/keystone: Allow fetching an expired token  https://review.openstack.org/38209805:00
jamielennoxstevemar: thanks, what's your opinion on the ?allow_expired vs ?allow_expired=105:00
stevemarjamielennox: we typically use ==true don't we?05:01
stevemariirc, with role-assignments --inherited and --effective05:01
jamielennoxstevemar: hmm? this is an api05:02
jamielennoxso GET /v3/auth/token?allow_expired05:02
jamielennoxvs05:02
jamielennoxso GET /v3/auth/token?allow_expired=105:02
stevemaryeah, sorry i wasn't clear05:03
*** guoshan has quit IRC05:03
jamielennoxi know nocatalog works without a value05:03
stevemarjamielennox: dammit http://imgur.com/a/3aTID05:04
stevemarjamielennox: so effective works with no value05:04
stevemarjamielennox: but include_names and include_subtree work with booleans05:05
jamielennoxstevemar: lol, but include_subtree doesn't05:05
stevemari thought we had asked the API working group about this?05:05
jamielennoxwe had a conversation on this once looking for precendence - i thought we decided to have the =1, but i don't remember what the api wg said05:05
openstackgerritMerged openstack/keystone: Follow-on of memcache token persistence removal  https://review.openstack.org/38773005:05
stevemarsurely stackoverflow has something on this :P05:06
stevemarhttp://stackoverflow.com/questions/4557387/is-a-url-query-parameter-valid-if-it-has-no-value05:07
jamielennoxIMO  i like the =105:07
jamielennoxyou can make both work05:07
stevemarjamielennox: i definitely think key-value makes more sense05:08
stevemarjamielennox: just a question of allow_expired=True or allow_expired=105:08
jamielennoxstevemar: i just passed it into the oslo str_to_bool05:09
stevemarbut theres an oslo utils forthat05:09
stevemar\o/05:09
jamielennoxit's been -1ed a few times05:09
stevemarwhat has?05:10
jamielennoxdolphm: and others on the spec asking to have the =1 removed05:10
*** raginbaj- has joined #openstack-keystone05:11
stevemarin favor of no key? or true?05:11
stevemaralso the spec is merged so meh05:12
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/38831805:14
jamielennoxstevemar: yea, but ayoung probably pulled the trigger on that one a bit fast05:14
stevemarmeh impl. details05:16
*** jaosorior has joined #openstack-keystone05:21
*** kiran-r has quit IRC05:22
*** adrian_otto1 has quit IRC05:32
*** qwertyco has joined #openstack-keystone05:34
r1chardj0n3shey, folks, I'm getting an SSO login failure and all that's logged is this:05:39
r1chardj0n3s2016-10-19 05:38:15.481 32565 WARNING keystone.common.wsgi [req-3024ad07-3234-4160-b2b3-9fa6d3e9a502 - - - - -] An unexpected error prevented the server from fulfilling your request.05:39
r1chardj0n3sis there some way to get more detail than that?05:39
*** richm has quit IRC05:41
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/38831705:51
*** GB21 has quit IRC05:52
*** guoshan has joined #openstack-keystone05:59
*** kiran-r has joined #openstack-keystone05:59
bretonr1chardj0n3s: maybe there is traceback in some other keystone log06:03
bretonmorning, keystone06:03
*** guoshan has quit IRC06:03
*** GB21 has joined #openstack-keystone06:04
*** trananhkma has quit IRC06:07
*** code-R_ has quit IRC06:07
*** trananhkma has joined #openstack-keystone06:07
*** trananhkma has left #openstack-keystone06:07
*** trananhkma has joined #openstack-keystone06:08
*** rcernin has joined #openstack-keystone06:11
*** clayton has quit IRC06:12
*** markvoelker has joined #openstack-keystone06:14
*** markvoelker has quit IRC06:19
*** voelzmo has joined #openstack-keystone06:21
*** belmoreira has joined #openstack-keystone06:26
*** guoshan has joined #openstack-keystone06:27
*** kiran-r has quit IRC06:32
bretonoh those oslo releases06:32
*** markvoelker has joined #openstack-keystone06:33
openstackgerritQiming Teng proposed openstack/keystone: Reorder APIs in api-ref for v3 groups  https://review.openstack.org/37457706:34
*** markvoelker has quit IRC06:38
*** markvoelker has joined #openstack-keystone06:38
*** jaosorior has quit IRC06:47
*** voelzmo has quit IRC06:51
*** voelzmo has joined #openstack-keystone06:52
*** clayton has joined #openstack-keystone06:56
*** jaosorior has joined #openstack-keystone07:00
*** voelzmo has quit IRC07:06
*** tesseract has joined #openstack-keystone07:08
*** tesseract is now known as Guest9021107:09
*** qwertyco has quit IRC07:11
*** ganeshk_ has joined #openstack-keystone07:14
*** voelzmo has joined #openstack-keystone07:14
*** oomichi has quit IRC07:16
ganeshk_Hi all, repeatedly I am getting this error "DEBUG:keystoneclient.session:RESP: DEBUG:keystoneclient.session:Request returned failure status: 500 ERROR: Internal Server Error (HTTP 500) (Request-ID: req-ff9e7f95-a364-48b5-b6ef-6ff9c676a935)"07:16
*** oomichi has joined #openstack-keystone07:17
ganeshk_Can someone conform this error http://paste.openstack.org/show/586329/ about keystone or not?07:34
*** trananhkma has quit IRC07:37
openstackgerrithuyupeng proposed openstack/keystone: Use assertTrue instead of assertEqual(True, arg)  https://review.openstack.org/38850707:40
*** clayton has quit IRC07:41
*** markvoelker has quit IRC07:41
*** haplo37_ has quit IRC07:42
*** haplo37_ has joined #openstack-keystone07:45
*** clayton has joined #openstack-keystone07:45
*** tqtran has joined #openstack-keystone07:49
openstackgerrithuyupeng proposed openstack/keystone: Use assertTrue or assertFalse instead of assertEqual  https://review.openstack.org/38850707:52
*** amoralej|off is now known as amoralej07:52
*** tqtran has quit IRC07:53
*** markvoelker has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:01
bretonganeshk_: this is probably keystone error. You need to check your keystone log.08:03
*** rcernin has quit IRC08:16
*** rcernin has joined #openstack-keystone08:16
*** rcernin has quit IRC08:18
*** rcernin has joined #openstack-keystone08:19
*** rcernin has quit IRC08:19
*** rcernin has joined #openstack-keystone08:19
*** jaosorior is now known as jaosorior_lunch08:20
*** oomichi has quit IRC08:23
openstackgerritNITIN GUPTA proposed openstack/keystone: added test cases for verifying the fix regarding bug #1614154  https://review.openstack.org/38854108:25
openstackbug 1614154 in OpenStack Identity (keystone) "Hints with values of None seem to be broken" [Medium,Confirmed] https://launchpad.net/bugs/1614154 - Assigned to NITIN GUPTA (nitin-29-gupta)08:25
*** oomichi has joined #openstack-keystone08:25
ganeshk_breton: can you understand this http://paste.openstack.org/show/586332/08:30
*** code-R has joined #openstack-keystone08:30
bretonganeshk_: not relly. There should be keystone.log or a traceback in apache log08:32
*** code-R_ has joined #openstack-keystone08:33
*** code-R has quit IRC08:36
*** andreykurilin has joined #openstack-keystone08:38
ganeshk_breton: Under apache2 logs, I can see only keystone-error.log and keystone-access.log08:40
ganeshk_breton: I can see keystone.log under /var/log/keystone08:40
ganeshk_breton: /var/log/keystone/keystone.log showing older logs08:41
bretonganeshk_: try keystone-error.log08:57
*** jgrassle1 is now known as jgrassler08:57
ganeshk_breton: Ok08:58
ganeshk_breton: keystone-error.log http://paste.openstack.org/show/586335/09:02
*** jaosorior_lunch is now known as jaosorior09:05
*** links has quit IRC09:09
*** asettle has joined #openstack-keystone09:22
bretonganeshk_: is there anything with word "Traceback"?09:25
*** pnavarro has joined #openstack-keystone09:25
*** alex_xu has quit IRC09:29
*** alex_xu has joined #openstack-keystone09:31
*** markvoelker has quit IRC09:36
ganeshk_breton: No09:38
*** jaosorior has quit IRC09:43
*** jaosorior has joined #openstack-keystone09:43
openstackgerritNITIN GUPTA proposed openstack/keystone: added test cases for verifying the fix regarding bug #1614154  https://review.openstack.org/38854109:43
openstackbug 1614154 in OpenStack Identity (keystone) "Hints with values of None seem to be broken" [Medium,Confirmed] https://launchpad.net/bugs/1614154 - Assigned to NITIN GUPTA (nitin-29-gupta)09:43
*** jperry has joined #openstack-keystone09:49
*** TonyXu has quit IRC09:53
bretonganeshk_: anythin with word ERROR or WARNING?10:01
ganeshk_breton: No10:01
ganeshk_breton: I have reboot the machine. Now, It looks fine for now10:01
*** TonyXu has joined #openstack-keystone10:05
*** code-R_ has quit IRC10:06
*** richm has joined #openstack-keystone10:11
*** mvk has quit IRC10:14
*** guoshan has quit IRC10:20
*** code-R has joined #openstack-keystone10:20
*** hoangcx has quit IRC10:23
*** nicolasbock has joined #openstack-keystone10:27
*** code-R_ has joined #openstack-keystone10:29
*** code-R__ has joined #openstack-keystone10:31
*** code-R has quit IRC10:33
*** code-R_ has quit IRC10:34
*** guoshan has joined #openstack-keystone10:37
*** wangqun has quit IRC10:38
*** mvk has joined #openstack-keystone10:43
ganeshk_breton: Can you check this http://paste.openstack.org/show/586347/10:53
*** haplo37_ has quit IRC10:54
*** haplo37_ has joined #openstack-keystone10:56
*** voelzmo has quit IRC10:59
*** voelzmo_ has joined #openstack-keystone11:02
*** voelzmo_ has quit IRC11:05
openstackgerritpawnesh kumar proposed openstack/python-keystoneclient: Updated coverage configuration file  https://review.openstack.org/38861811:09
*** edmondsw has joined #openstack-keystone11:10
*** robcresswell has quit IRC11:12
openstackgerritNITIN GUPTA proposed openstack/keystone: added test cases for verifying the fix regarding bug #1614154  https://review.openstack.org/38854111:12
openstackbug 1614154 in OpenStack Identity (keystone) "Hints with values of None seem to be broken" [Medium,Confirmed] https://launchpad.net/bugs/1614154 - Assigned to NITIN GUPTA (nitin-29-gupta)11:12
*** Zer0Byte__ has joined #openstack-keystone11:13
*** voelzmo has joined #openstack-keystone11:14
*** dave-mccowan has joined #openstack-keystone11:17
*** voelzmo has quit IRC11:19
*** Zer0Byte__ has quit IRC11:21
*** markvoelker has joined #openstack-keystone11:21
*** adrian_otto has joined #openstack-keystone11:26
openstackgerritpawnesh kumar proposed openstack/python-keystoneclient: Enable code coverage report in console output  https://review.openstack.org/38862511:26
*** voelzmo has joined #openstack-keystone11:31
bretonganeshk_: can't comment anything on this :)11:33
*** adrian_otto has quit IRC11:42
stevemarbreton: ALL the releases!11:50
*** tqtran has joined #openstack-keystone11:50
*** adrian_otto has joined #openstack-keystone11:51
*** tqtran has quit IRC11:55
*** adrian_otto has quit IRC11:57
*** belmorei_ has joined #openstack-keystone12:00
*** belmoreira has quit IRC12:01
openstackgerritNITIN GUPTA proposed openstack/keystone: added test cases for verifying the fix regarding bug #1614154  https://review.openstack.org/38854112:03
openstackbug 1614154 in OpenStack Identity (keystone) "Hints with values of None seem to be broken" [Medium,Confirmed] https://launchpad.net/bugs/1614154 - Assigned to NITIN GUPTA (nitin-29-gupta)12:03
*** maticue has joined #openstack-keystone12:11
openstackgerritChangBo Guo(gcb) proposed openstack/oslo.policy: Remove wrong paramter type for class NotCheck  https://review.openstack.org/38865612:12
*** raildo has joined #openstack-keystone12:16
*** lamt has joined #openstack-keystone12:20
*** links has joined #openstack-keystone12:20
openstackgerritSteve Martinelli proposed openstack/keystone: Tweak api-ref doc for v3 roles status codes  https://review.openstack.org/36779412:29
openstackgerritSteve Martinelli proposed openstack/keystone: Tweak api-ref doc for v3 roles  https://review.openstack.org/37616912:29
openstackgerritSteve Martinelli proposed openstack/python-keystoneclient: Updated coverage configuration file  https://review.openstack.org/38861812:38
*** mnaser has quit IRC12:40
*** bjolo_ has joined #openstack-keystone12:40
*** afazekas has quit IRC12:41
*** voelzmo has quit IRC12:41
*** afazekas has joined #openstack-keystone12:42
*** bjolo__ has quit IRC12:43
*** GB21 has quit IRC12:43
*** rakhmerov has quit IRC12:44
*** jaosorior has quit IRC12:44
*** mnaser has joined #openstack-keystone12:44
*** jaosorior has joined #openstack-keystone12:44
*** woodster_ has joined #openstack-keystone12:45
*** rakhmerov has joined #openstack-keystone12:45
*** voelzmo has joined #openstack-keystone12:45
*** amoralej is now known as amoralej|lunch12:52
*** gagehugo has joined #openstack-keystone12:53
*** belmorei_ has quit IRC12:53
*** jperry has quit IRC12:54
openstackgerritChangBo Guo(gcb) proposed openstack/oslo.policy: Make exception PolicyNotAuthorized more readable  https://review.openstack.org/38868312:56
*** belmoreira has joined #openstack-keystone12:57
*** links has quit IRC12:59
openstackgerritNITIN GUPTA proposed openstack/keystone: added test cases for verifying the fix regarding bug #1614154  https://review.openstack.org/38854113:01
openstackbug 1614154 in OpenStack Identity (keystone) "Hints with values of None seem to be broken" [Medium,Confirmed] https://launchpad.net/bugs/1614154 - Assigned to NITIN GUPTA (nitin-29-gupta)13:01
*** asettle has quit IRC13:12
*** asettle has joined #openstack-keystone13:13
*** jperry has joined #openstack-keystone13:14
openstackgerritMerged openstack/keystone: Reorder APIs in api-ref for v3 groups  https://review.openstack.org/37457713:14
*** mugsie has joined #openstack-keystone13:17
*** jaosorior is now known as jaosorior_brb13:17
*** spzala has joined #openstack-keystone13:27
*** ganeshk_ has quit IRC13:30
*** sfilatov has joined #openstack-keystone13:36
*** mvk has quit IRC13:50
openstackgerritSamuel Pilla proposed openstack/keystone: Domain included for role in list_role_assignment  https://review.openstack.org/37351613:51
*** agrebennikov has joined #openstack-keystone13:52
*** mvk has joined #openstack-keystone13:53
*** amoralej|lunch is now known as amoralej13:57
*** belmoreira has quit IRC13:59
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/38831714:00
*** belmoreira has joined #openstack-keystone14:05
*** gagehugo_ has joined #openstack-keystone14:07
*** gagehugo has quit IRC14:08
*** belmoreira has quit IRC14:13
*** ayoung has quit IRC14:15
*** knikolla has joined #openstack-keystone14:15
*** edtubill has joined #openstack-keystone14:16
*** edtubill has joined #openstack-keystone14:17
openstackgerritLance Bragstad proposed openstack/keystone: Add release note for fernet tokens  https://review.openstack.org/37652614:24
openstackgerritLance Bragstad proposed openstack/keystone: Switch fernet to be the default token provider.  https://review.openstack.org/34568814:24
lbragstadrderose thanks for the reviews! ^14:24
*** jaosorior_brb is now known as jaosorior14:25
*** jistr is now known as jistr|call14:28
*** chris_hultin|AWA is now known as chris_hultin14:29
*** sfilatov has quit IRC14:30
*** markvoelker has quit IRC14:33
rderoselbragstad: you bet! thanks for the patches. noticed you've updated. I'll take another look this morning.14:41
lbragstadrderose thanks!14:42
*** voelzmo has quit IRC14:42
*** sfilatov has joined #openstack-keystone14:44
*** guoshan has quit IRC14:44
*** code-R__ has quit IRC14:45
*** voelzmo has joined #openstack-keystone14:45
*** code-R has joined #openstack-keystone14:45
*** sfilatov has quit IRC14:46
openstackgerritLance Bragstad proposed openstack/keystone: Switch fernet to be the default token provider.  https://review.openstack.org/34568814:50
*** sfilatov has joined #openstack-keystone14:50
*** jaosorior has quit IRC14:50
*** pnavarro has quit IRC14:53
*** ravelar has joined #openstack-keystone14:54
*** phalmos has joined #openstack-keystone15:04
*** simondodsley has joined #openstack-keystone15:07
*** jistr|call is now known as jistr15:12
*** Guest90211 has quit IRC15:13
*** itisha has joined #openstack-keystone15:13
*** jaugustine has joined #openstack-keystone15:14
*** pcaruana has quit IRC15:14
*** ayoung has joined #openstack-keystone15:15
*** ChanServ sets mode: +v ayoung15:15
*** rcernin has quit IRC15:16
*** spilla has joined #openstack-keystone15:17
*** nk2527 has joined #openstack-keystone15:20
openstackgerritmelissaml proposed openstack/keystoneauth: TrivialFix: Remove default=None when set value in Config  https://review.openstack.org/38876215:25
*** hoonetorg has quit IRC15:29
openstackgerritMerged openstack/keystone: Tweak api-ref doc for v3 roles status codes  https://review.openstack.org/36779415:35
openstackgerritMerged openstack/keystone: Tweak api-ref doc for v3 roles  https://review.openstack.org/37616915:35
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/38831715:36
*** jistr is now known as jistr|biab15:39
openstackgerritLance Bragstad proposed openstack/keystone: Remove issue_v2_token  https://review.openstack.org/38676215:42
*** links has joined #openstack-keystone15:46
openstackgerritLance Bragstad proposed openstack/keystone: refactor the token controller  https://review.openstack.org/38672615:47
*** tqtran has joined #openstack-keystone15:51
*** phalmos has quit IRC15:56
*** tqtran has quit IRC15:56
bretonhttp://lists.openstack.org/pipermail/openstack-dev/2016-October/106083.html might be interesting. It has not [keystone], so it might be not in your inbox.15:59
*** code-R has quit IRC16:03
dstanekbreton: briancurtin: that seems unfortunate. why do we have to parse the URL anyway. should the response to that URL have the desired info?16:04
*** code-R has joined #openstack-keystone16:05
*** jistr|biab is now known as jistr16:05
*** ayoung has quit IRC16:06
*** voelzmo has quit IRC16:08
briancurtindstanek: this started with identity only having v2 in (at least) the devstack service catalog, so there was once a suggestion to go above it to the root to figure out all the versions it offers (since we needed to be able to provide v3 endpoints even if you auth to v2). i can’t remember what other services had multi-versions installed but only one listed,16:12
briancurtinbut that’s also come up16:12
openstackgerritLance Bragstad proposed openstack/keystone: refactor the token controller  https://review.openstack.org/38672616:12
dstanekbriancurtin: keystone not having a link to root in the /v2.0 or /v3 is dump and broken16:16
dstanekif you need to do URL parsing then we've failed as an API16:16
dstanek(the exception *maybe* is uri templates and that's not what this is:)16:16
briancurtindstanek: i’ll go back through the services i can and see if any of them offer root in their version-specific responses. i’d love to have solved it this way from the start but that doesn’t sound familiar, or at least widespread enough to have tried it16:18
briancurtinthough maybe i was just looking at said documentation for those responses, which is usually wrong/incomplete16:18
briancurtindstanek: yeah i just tried again going to what comes back in the SC (versioned endpoints) and identity and compute just give me details about themselves, with no reference to the root or anything else. most documentation shows that if you call /vX it’ll give you that version’s details, and if you go to / it’ll give you all, but no one seems to give me16:26
briancurtinroot directly16:26
*** sfilatov has quit IRC16:29
*** links has quit IRC16:31
*** Zer0Byte__ has joined #openstack-keystone16:39
dstanekbriancurtin: yeah, that's super short sighted16:46
*** nk2527 has quit IRC16:47
briancurtindstanek: i don’t love what we have right now, but it’s at least serviceable until something better comes along, though the latter situation in that email still seems impossible16:48
dstanekbriancurtin: the nested services thing?16:49
briancurtinyep16:49
dstanekthat services provided a link to their root then that would solve that for you right?16:49
briancurtindstanek: yep, if everyone told me where root was, probably all of this path manipulation and guesswork and potential extra GET calls could be removed16:50
*** pcaruana has joined #openstack-keystone16:51
*** Guest41366 is now known as redrobot16:56
*** mugsie has quit IRC16:56
*** mugsie has joined #openstack-keystone16:58
*** spzala has quit IRC17:02
*** spzala has joined #openstack-keystone17:02
*** amoralej is now known as amoralej|off17:04
*** dikonoor has quit IRC17:05
jlkstevemar: hey, I know you've been paying a lot of attention to openstack client lately. Have you seen a bug where it is reading config from a clouds.yaml file, and is trying to figure out an API version, by doing a "startswith" action on it, but the value from the config is a int rather than a string, causing a traceback?17:06
*** spzala has quit IRC17:07
*** tqtran has joined #openstack-keystone17:09
*** edtubill has quit IRC17:18
*** simondodsley has quit IRC17:24
*** spzala has joined #openstack-keystone17:29
stevemarjlk: hmmm, haven't seen that bug, but it sounds entirely possible17:31
*** mvk has quit IRC17:31
jlkalright. I'll file it.17:31
stevemarjlk: its probably os-client-config related -- https://github.com/openstack/os-client-config/blob/master/os_client_config/cloud_config.py looks like it always assumes the version is a string17:33
stevemarmordred: ^17:33
jlkoh maybe that's where it goes, yes17:33
jlkthat's in the traceback17:33
jlkwell sort of17:33
jlkosc_lib/cli/client_config.py17:34
*** code-R has quit IRC17:34
stevemarjlk: back when we handled this all in OSC proper, we stringified all the values coming from environment vars17:34
stevemarah osc-lib client_config is a super class of occ client config, should be fixed in occ i think17:34
stevemarjlk: either way, report the bug17:34
stevemarjlk: i imagine that wrapping the version in quotes fixes the problem, yeah?17:35
jlkhttps://github.com/openstack/osc-lib/blob/master/osc_lib/cli/client_config.py#L8517:35
jlkYea, I "fixed" it in the yaml by making it a string17:35
jlkbecause pyyaml "helpfully" translates things in yaml to matching python objects.17:35
stevemarjlk: :)17:36
mordredjlk, stevemar: the intent inside of occ is to strigify stuff - this seems missed17:36
stevemarjlk: hehe, dammit pyyaml!17:36
mordredI know we had a "stringify a bunch of things" patch a while back17:36
stevemarmordred: this is actually osc-lib only17:36
jlkstevemar: I discovered that fun one because it translates what it thinks is a time stamp into a datetime object, but it does it poorly, so it loses the timezone info when it does it17:36
jlkproper timestamp as string -> timestamp object without zone data -> back out to invalid time string :(17:37
openstackgerritRon De Rose proposed openstack/keystone: refactor the token controller  https://review.openstack.org/38672617:37
jlkmaybe I'll just send up a patch for osc-lib17:37
mordredstevemar: oh - it is?17:37
jlkbecause it looks pretty easy to stringify it here17:37
jlkunless17:37
jlkno it's here.17:38
stevemarmordred: yeah, the offending line is: https://github.com/openstack/osc-lib/blob/master/osc_lib/cli/client_config.py#L8517:38
stevemarjust add str() around config.get('identity_api_version', '') i think17:38
mordredstevemar: config.get('auth_type', None).endswith('password')): that's going to break too17:38
mordredstevemar: if there is no value17:38
mordredthat said - occ should never have an empty value in auth_type ...17:39
stevemarmordred: oh you're assuming a password where it's just numbers?17:39
stevemaroh wait, auth type!17:39
mordredstevemar: no - I'm saying if the fallthrough of the get happens17:39
mordredstevemar: the endswith will be unhappy17:39
*** sfilatov has joined #openstack-keystone17:39
stevemarah17:39
mordredbut I think you can take out the , None - because the default value of auth_type from occ is "password"17:39
stevemarseparate bug, but yeah17:39
mordredyah17:39
stevemaryeah17:39
stevemarshould just get nixed17:39
stevemareh, i'll fix it now17:40
jlkBug filed, patch incoming17:41
jlkhttps://bugs.launchpad.net/python-openstackclient/+bug/163498617:41
openstackLaunchpad bug 1634986 in python-openstackclient "osc_lib attempts string actions on int objects when determining auth API version" [Undecided,New]17:41
*** spzala has quit IRC17:42
jlkstevemar: I'll fix that endswith('password') bit too in my patch17:42
jlk(otherwise we'll have conflicts)17:44
stevemarjlk: sounds bueno to me17:46
stevemarjlk: i have a test you can add17:50
jlkjust added two17:50
jlkwell, I added two for testing with int versions17:50
jlkDo you have one for testing the password None thing?17:50
stevemarjlk: http://paste.openstack.org/show/586448/17:51
stevemarjlk: nah, that ones a bit funky to test17:51
jlkokay my tests are slightly different17:52
jlkhttps://review.openstack.org/38883217:53
*** spzala has joined #openstack-keystone17:54
*** spzala has quit IRC17:59
*** mvk has joined #openstack-keystone18:02
stevemarjlk: how you got omgjlk as your email address is anyone's guess :P18:04
jlkstevemar: haha, there was a guy at Blue Box who was stationed for a week to help with on-boarding. He had 0 effs to give, so he'd make any change like that if our manager approved it.18:05
jlkOur manager also had 0 effs to give.18:05
stevemarjlk: had a comment on the patch, i think the placement of the bracket is off?18:08
jlkoh let me look again18:09
jlkyeah I see it18:09
jlkpatch set 2 uploaded.18:10
openstackgerritRichard Avelar proposed openstack/keystone: WIP validate consumer_id exists directly  https://review.openstack.org/38884218:16
stevemarjlk: looks like we have to link up osc-lib patches to close python-openstackclient bugs in launchpad, womp womp (cc dtroyer)18:18
*** itisha has quit IRC18:19
stevemargagehugo_: you gonna toss up another patch for https://review.openstack.org/#/c/361435/ ?18:21
stevemargagehugo_: i want to push that one through while dstanek and i are around, it's gone through enough bikeshedding ;P18:22
openstackgerritSteve Martinelli proposed openstack/keystone: Doctor check for LDAP domain specific configs  https://review.openstack.org/36143518:25
openstackgerritSteve Martinelli proposed openstack/keystone: Doctor check for LDAP domain specific configs  https://review.openstack.org/36143518:26
stevemardstanek: ^18:26
openstackgerritLance Bragstad proposed openstack/keystone: Add release note for fernet tokens  https://review.openstack.org/37652618:28
openstackgerritLance Bragstad proposed openstack/keystone: Switch fernet to be the default token provider.  https://review.openstack.org/34568818:28
*** sfilatov has quit IRC18:30
*** sfilatov has joined #openstack-keystone18:31
*** phalmos has joined #openstack-keystone18:32
jlkstevemar: re keystone live upgrade, my first attempt has a failure.  "Credential migration in progress. Cannot perform writes to credential table."18:33
*** voelzmo has joined #openstack-keystone18:33
jlkthis was doing the db_sync --expand   while the old code (mitaka) was running18:33
rderoselbragstad: ^18:34
lbragstadjlk what steps did you take?18:35
*** sfilatov has quit IRC18:35
jlkold keystone is running, config files updated to newton level, and new code on the machine for newton18:35
jlk(code is in a venv)18:35
lbragstadok18:36
*** phalmos_ has joined #openstack-keystone18:36
jlkjust doing new keystone-manage db_sync --expand18:36
jlkand... now18:36
jlklovely18:36
jlk[SQL: u'\nALTER TABLE credential ADD key_hash VARCHAR(64)']18:36
jlk(trying --expand again)18:36
jlkoh crap18:37
openstackgerritSamuel Pilla proposed openstack/keystone: Document OS-SIMPLE-CERT Routes  https://review.openstack.org/38502818:37
lbragstadso the expand step should add the new columns to the credential table and put triggers in place18:37
jlkso --expand failed, but the automation tried --migrate after that18:37
jlkwhich completed18:37
lbragstad?!18:37
lbragstadjlk do you have any credentials in your backend?18:38
lbragstador do you use the credentail backend at all?18:38
jlkI think there's a bug in the automation. It's doing these actions in a loop, and it's not stopping the loop if one of the items failed.18:38
jlklbragstad: I think it's on, but there shouldn't be any credentials there. This is a test cloud I just built on mitaka18:39
lbragstadjlk what's doing the automation?18:39
*** phalmos has quit IRC18:39
jlkI can dig in the db18:39
jlklbragstad: it's Ansible.18:39
openstackgerritRichard Avelar proposed openstack/keystone: WIP validate consumer_id exists directly  https://review.openstack.org/38884218:39
jlkI can easily work around this by making these distinct tasks instead of one task with a loop18:39
rderoselbragstad jlk: "Credential migration in progress. Cannot perform writes to credential table." is expected, right?18:39
lbragstadessentially - yes18:39
lbragstadafter doing the --expand18:39
lbragstadif anything tries to write to the credential table outside of the --migrate process that error will be thrown18:40
jlkhrm18:40
rderosejlk: so you shouldn't run expand twice :)18:40
jlkwell, sure18:40
jlkthat's a bit of a problem with idempotency18:41
lbragstadjlk I tested this migration here - https://gist.github.com/lbragstad/ddfb10f9f9048414d1f781ba006e95d1#upgrade18:41
jlklike, the --expand should notice "I've already done this"18:41
*** edtubill has joined #openstack-keystone18:41
rderosejlk: I'm not sure if it does...18:41
lbragstadrderose jlk wouldn't that be up to sqlalchemy to recognize the db version?18:41
lbragstader - migrate_version?18:42
jlk¯\_(ツ)_/¯18:42
rderoselbragstad: oh, right18:42
rderoseit should18:42
lbragstaddstanek or dolphm might have a better answer than I though18:42
dolphmooh, rolliing upgrades...18:43
lbragstaddolphm yep18:43
rderoseSELECT * FROM keystone.migrate_version;18:43
lbragstaddolphm jlk has an interesting scenario18:43
dolphmjlk: you should be able to run --expand repeatedly18:44
dolphmjlk: there should be no reason to do so, but you can18:44
jlkYeah, i think my problem si that after --expand failed, it went ahead and did --migrate18:44
rderosejlk: did it really fail though?18:45
jlkdolphm: Repeated upgrade automation runs, if it fails somewhere else.18:45
dolphmjlk: but you're getting that error message from keystone-manage --expand itself?18:45
rderoseor, did it just log the error18:45
jlkrderose: it returned non-zero18:45
dolphmkeystone-manage db_sync --expand *18:45
jlkher'es the error from --expand18:45
gagehugo_stevermar: sounds good18:47
*** gagehugo_ has quit IRC18:47
stevemargagehugo_: i submitted a new version :P18:47
*** gagehugo has joined #openstack-keystone18:47
jlkdolphm: http://paste.openstack.org/show/586463/18:50
lbragstadhuh - looks like it's failing to create the trigger18:51
stevemarlbragstad: gah18:51
jlkoh wait I think I misread the error18:51
jlk"'You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)'" looks like the relevant bit18:52
stevemarit failed because we wrote to log?!18:52
dolphmjlk: is that an unrelated error, or the one you're asking about?18:52
jlkdolphm: well, this seemingly killed the --expand call18:53
jlkso it's the one I'm asking about18:53
dolphmstevemar: binary logging is the sql server's statement history18:53
dolphmjlk: it looks like your SQL user does not have the appropriate grant to create triggers18:54
dolphmstevemar: i.e. http://dev.mysql.com/doc/refman/5.7/en/binary-log.html18:55
openstackgerritLance Bragstad proposed openstack/keystone: Remove issue_v2_token  https://review.openstack.org/38676218:58
openstackgerritLance Bragstad proposed openstack/keystone: Remove issue_v2_token  https://review.openstack.org/38676218:58
jlkThat'd be the user that's defined in keystone.conf, right?19:01
*** phalmos_ has quit IRC19:01
lbragstadjlk yep - the one defined in the sql connection string19:01
jlkremind me again how I'd show the grants?19:01
jlk| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%'19:02
dolphmjlk: SHOW GRANTS19:03
dolphmjlk: GRANT ALL would probably "fix" the issue though. i imagine you have the minimal grants setup that keystone normally needs19:03
jlkI just pasted the grant19:04
*** asettle has quit IRC19:04
dolphmjlk: ah, i should have suspected from the leading pipe :P19:05
dolphmjlk: what is your sql server, exactly?19:06
jlkit's a percona xtradb cluster19:06
jlk5.6.32-25.17-1.trusty19:07
*** markvoelker has joined #openstack-keystone19:08
*** charz has quit IRC19:08
*** hugokuo has quit IRC19:09
dolphmjlk: this is the pertinent doc ... http://dev.mysql.com/doc/refman/5.7/en/stored-programs-logging.html19:09
*** phalmos has joined #openstack-keystone19:10
dolphmjlk: We need to enable the variable log_bin_trust_function_creators. Enabling it is like saying to the server: “I trust regular users’ triggers and functions, and that they won’t cause problems, so allow my users to create them.” - https://www.percona.com/blog/2016/07/01/pt-online-schema-change-amazon-rds/19:11
dolphm(that whole bit is a quote)19:11
jlkso what you're saying is that I can fix this with a change to my sql server config19:11
*** charz has joined #openstack-keystone19:12
dolphmjlk: SET GLOBAL log_bin_trust_function_creators = 1; # from that second link19:12
*** hugokuo has joined #openstack-keystone19:12
jlkalright, I'm in a meeting now, but when that's over I'll rebuild from snapshot and try that.19:13
dolphmjlk: you probably need to run it against each node in your cluster19:13
jlkyeah, Ansible takes care of that for me :D19:13
*** timburke has quit IRC19:14
dolphmjlk: i assume you're going to be in barcelona?19:15
jlkI am19:16
jlkI'm attempting to get this sorted out so I have feedback to talk about at barcelona19:16
jlkboth keystone and nova I'm attempting "live" upgrades for Mitaka -> Newton19:16
*** charz has quit IRC19:17
dolphmjlk: awesome19:18
dolphmlbragstad: it'd probably be worth documenting for developers that triggers need to be deterministic in order to be applied correctly in a cluster19:21
dolphmlbragstad: so even if we could implement fernet in a trigger somehow for credential encryption... fernet is non-deterministic and would break replication19:22
*** timburke has joined #openstack-keystone19:22
*** charz has joined #openstack-keystone19:23
*** nk2527 has joined #openstack-keystone19:27
openstackgerritDavid Stanek proposed openstack/keystone: Adds warning when no domain configs were uploaded  https://review.openstack.org/21428719:40
lbragstaddolphm ah - got it.. i think that makes sense19:44
lbragstaddolphm what do you mean by non-deterministic?19:45
*** ayoung has joined #openstack-keystone19:48
*** ChanServ sets mode: +v ayoung19:48
*** pcaruana has quit IRC19:50
openstackgerritSteve Martinelli proposed openstack/python-keystoneclient: [doc] remove auth plugin docs  https://review.openstack.org/38888219:54
*** kiran-r has joined #openstack-keystone19:57
*** pnavarro has joined #openstack-keystone19:58
stevemardolphm: dstanek easy one ^19:58
*** edtubill has quit IRC20:01
dstanekstevemar: nothing is ever easy it seems :-)20:03
dstanekstraight up removal! love it20:04
openstackgerritGage Hugo proposed openstack/keystone-specs: PCI-DSS Expired Password Users  https://review.openstack.org/38383220:04
*** lamt has quit IRC20:06
*** erhudy has joined #openstack-keystone20:07
*** gagehugo_ has joined #openstack-keystone20:07
*** gagehugo_ has quit IRC20:07
*** gagehugo has quit IRC20:07
*** gagehugo has joined #openstack-keystone20:07
openstackgerritJeffrey Augustine proposed openstack/keystone-specs: Add keystone project metadata  https://review.openstack.org/38888620:08
stevemari have SO MANY TABS OPEN!20:11
stevemarso much to review20:11
gagehugolol20:12
stevemaryou people are developing code too fast!20:12
*** ravelar has quit IRC20:14
stevemari have a laughable amount of keystone reviews20:15
openstackgerritGage Hugo proposed openstack/keystone-specs: PCI-DSS Expired Password Users  https://review.openstack.org/38383220:15
jaugustine<320:15
lbragstaddo the needful stevemar, do the needful20:16
*** hoonetorg has joined #openstack-keystone20:19
*** phalmos has quit IRC20:22
*** gagehugo has quit IRC20:24
openstackgerritLance Bragstad proposed openstack/keystone: Remove issue_v2_token  https://review.openstack.org/38676220:34
*** ravelar has joined #openstack-keystone20:34
openstackgerritSamuel Pilla proposed openstack/keystone: Document OS-SIMPLE-CERT Routes  https://review.openstack.org/38502820:35
*** spilla has quit IRC20:36
*** ravelar has quit IRC20:39
*** voelzmo has quit IRC20:40
*** nicolasbock has quit IRC20:44
openstackgerritLance Bragstad proposed openstack/keystone: Remove issue_v2_token  https://review.openstack.org/38676220:45
*** jperry has quit IRC20:46
*** asettle has joined #openstack-keystone20:56
*** asettle has quit IRC20:57
*** markvoelker_ has joined #openstack-keystone20:57
*** markvoelker has quit IRC21:00
*** maticue has quit IRC21:01
*** spilla has joined #openstack-keystone21:01
*** phalmos has joined #openstack-keystone21:02
*** code-R has joined #openstack-keystone21:09
*** lamt has joined #openstack-keystone21:11
*** gagehugo has joined #openstack-keystone21:11
openstackgerritTin Lam proposed openstack/keystone-specs: PCI-DSS Expired Password Users  https://review.openstack.org/38383221:11
*** r-daneel has joined #openstack-keystone21:11
jlkAttempt #2 coming up21:14
*** code-R_ has joined #openstack-keystone21:16
*** agrebennikov has quit IRC21:16
*** phalmos has quit IRC21:16
*** jaugustine has quit IRC21:16
*** sfilatov has joined #openstack-keystone21:18
*** code-R has quit IRC21:18
*** pnavarro has quit IRC21:23
stevemarjlk: good luck21:23
bretonbtw nice stuff regarding metadata21:26
*** chris_hultin is now known as chris_hultin|AWA21:30
*** spilla has quit IRC21:31
jlkstevemar: MUCH SUCCESS21:32
stevemarjlk: \o/21:32
jlkdolphm: thanks for the tip, that seems to have solved it21:32
stevemarwe should doc that tip in our docs21:32
stevemarhint hint jlk :P21:33
jlkyeah21:33
jlkuh..21:33
jlktotes.21:33
stevemar:P21:33
stevemari'll submit a patch if you dont21:33
jlkNova is attempting live upgrade now, so I'm a tad distracted :D21:33
stevemarSET GLOBAL log_bin_trust_function_creators = 1; #21:33
stevemarthats the change right?21:34
jlkI ended up setting that in a config file, but yes.21:34
stevemaryah21:34
jlkI think it has to be ran on all members of a cluster21:34
stevemarjlk: did you try using keystone while it was upgrading?21:34
jlkI did not21:34
jlkI should have21:34
jlkthat'll come later21:35
stevemarhehe yeah :P21:35
jlkI was going to set up a continuous rally or something to test uptime during upgrade21:36
jlkfirst part of nova went good. Restarted control services to new code, computes on old code, db migrated.  Can still build a server!21:37
breton> For example, if you work on Keystone and decide that "safe" and "smart" are its two key attributes, a German Shepherd dog might be a great animal to express those characteristics21:47
bretonbtw was our mascot done?21:48
*** code-R_ has quit IRC21:50
*** code-R has joined #openstack-keystone21:50
openstackgerritLance Bragstad proposed openstack/keystone: Remove issue_v3_token in favor of issue_token  https://review.openstack.org/38683721:51
lbragstadbreton ++21:51
lbragstadbreton for some reason I think the turtle was our mascot21:51
lbragstadbreton but I would have been in favor of a german shepherd had it been an option :)21:52
*** code-R has quit IRC21:53
*** lamt has quit IRC22:01
*** sfilatov has quit IRC22:08
openstackgerritJamie Lennox proposed openstack/keystone: Allow fetching an expired token  https://review.openstack.org/38209822:15
jamielennoxsomeone want to push https://review.openstack.org/#/c/387733/ and https://review.openstack.org/#/c/387734/ into ksa - stevemar already has a +2 on them22:17
*** phalmos has joined #openstack-keystone22:22
*** harlowja has quit IRC22:33
*** agrebennikov has joined #openstack-keystone22:33
*** harlowja has joined #openstack-keystone22:48
*** phalmos has quit IRC22:50
stevemarbreton: waiting for the foundation to send me a draft version22:53
stevemarbreton: where's that from? the bit about the german sheppard?22:53
*** gyee has joined #openstack-keystone22:57
*** ChanServ sets mode: +v gyee22:57
*** Zer0Byte__ has quit IRC23:05
*** agrebennikov_ has joined #openstack-keystone23:06
*** phalmos has joined #openstack-keystone23:13
*** erhudy has quit IRC23:21
jlkGood news!  --expand, --migrate, --contract appear to be idempotent.23:23
*** scarlisle has joined #openstack-keystone23:49
openstackgerritGage Hugo proposed openstack/keystone: Doctor check for LDAP domain specific configs  https://review.openstack.org/36143523:49
*** spzala has joined #openstack-keystone23:51
*** agrebennikov_ has quit IRC23:51
*** kiran-r has quit IRC23:54
*** LiYuenan has quit IRC23:54
*** spzala has quit IRC23:56
« Tuesday, 2016-10-18 Index Thursday, 2016-10-20 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!