Friday, 2016-12-30

« Thursday, 2016-12-29 Index Saturday, 2016-12-31 »
*** guoshan has joined #openstack-keystone00:07
*** guoshan has quit IRC00:11
*** markvoelker has joined #openstack-keystone00:36
*** hoangcx has joined #openstack-keystone00:54
*** guoshan has joined #openstack-keystone01:07
*** guoshan has quit IRC01:12
*** rcernin has quit IRC01:17
*** guoshan has joined #openstack-keystone01:25
*** liujiong has joined #openstack-keystone01:30
*** harlowja has quit IRC01:39
*** stingaci has joined #openstack-keystone01:41
*** stingaci has quit IRC01:41
*** stingaci has joined #openstack-keystone01:42
*** stingaci has quit IRC01:46
*** stingaci has joined #openstack-keystone01:52
*** hogepodge has joined #openstack-keystone02:03
*** dave-mccowan has joined #openstack-keystone02:56
*** guoshan has quit IRC03:37
*** kiran-r has joined #openstack-keystone03:37
*** guoshan has joined #openstack-keystone03:38
*** links has joined #openstack-keystone04:09
*** chris_hultin|AWA is now known as chris_hultin04:20
*** david-lyle has joined #openstack-keystone04:23
*** nicolasbock has joined #openstack-keystone04:26
*** david-lyle has quit IRC04:28
*** chris_hultin is now known as chris_hultin|AWA04:30
*** nicolasbock has quit IRC04:34
*** udesale has joined #openstack-keystone04:46
*** udesale is now known as udesale_wfh04:47
*** nicolasbock has joined #openstack-keystone04:47
*** guoshan has quit IRC04:51
*** guoshan has joined #openstack-keystone04:56
*** markvoelker has quit IRC04:58
*** guoshan has quit IRC05:14
*** dave-mccowan has quit IRC05:35
*** r1chardj0n3s is now known as r1chardj0n3s_afk05:54
*** guoshan has joined #openstack-keystone05:58
*** stingaci has quit IRC06:06
*** links has quit IRC06:32
*** links has joined #openstack-keystone06:44
*** guoshan has quit IRC06:52
*** markvoelker has joined #openstack-keystone06:58
*** markvoelker has quit IRC07:03
*** rcernin has joined #openstack-keystone07:05
*** tesseract has joined #openstack-keystone07:11
*** links has quit IRC07:28
*** kiran-r has quit IRC07:43
*** guoshan has joined #openstack-keystone07:47
*** links has joined #openstack-keystone07:52
*** hoangcx has quit IRC08:00
*** asettle has joined #openstack-keystone08:08
*** asettle has quit IRC08:12
*** guoshan has quit IRC08:30
*** guoshan has joined #openstack-keystone08:43
*** pcaruana has joined #openstack-keystone08:48
*** udesale_wfh has quit IRC08:50
*** liujiong has quit IRC08:51
*** liujiong has joined #openstack-keystone08:53
*** markvoelker has joined #openstack-keystone08:59
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:01
*** udesale_wfh has joined #openstack-keystone09:02
*** markvoelker has quit IRC09:04
*** david-lyle has joined #openstack-keystone09:27
*** david-lyle has quit IRC09:31
*** liujiong has quit IRC09:33
*** chrome0_ has joined #openstack-keystone09:53
*** chrome0_ has quit IRC09:54
openstackgerritKevin Benton proposed openstack/keystonemiddleware: Revert "Pass ?allow_expired"  https://review.openstack.org/41584809:56
*** asettle has joined #openstack-keystone09:59
bretonkevinbenton: where can i have a look at the warning in the logs?10:00
kevinbentonbreton: http://logs.openstack.org/00/382100/9/check/gate-tempest-dsvm-neutron-src-keystonemiddleware-ubuntu-xenial/bedb6fe/logs/screen-q-svc.txt.gz?level=TRACE10:00
kevinbentonbreton: i traced the request IDs and they are generated when nova communicates with neutron10:01
kevinbentonbreton: so the problem must be how nova is using credentials to communicate with neutron, but i'm not sure what the way to fix it is10:01
kevinbentonbreton: if it depends on this blueprint that's still in process, it would be great if we could only warn once. because right now a warning on every API call is making logs really difficult to deal with looking for issues10:02
*** guoshan has quit IRC10:12
bretoni wonder why neutron sends service token instead of a usual token10:27
*** david-lyle has joined #openstack-keystone10:27
kevinbentonbreton: isn't the issue that it's using a usual token when it should be using a service token?10:31
kevinbentonbreton: (also, the issue is on the nova side since the request is generated from there)10:31
*** david-lyle has quit IRC10:32
openstackgerritKevin Benton proposed openstack/keystonemiddleware: Limit deprecated token message to single warning  https://review.openstack.org/41585610:33
bretonkevinbenton: either this or service token should not be used at all10:34
kevinbentonbreton: the interaction between nova and neutron is tricky because nova needs to do some admin-only things (binding ports to hosts) and then things using the users privilege level (listing visible networks, floating ips, etc)10:36
kevinbentonbreton: so i think in these cases that a warning is emitted, it's passing the user token through for the latter non-admin things10:36
bretonkevinbenton: service token have a specific use case, i don't think it's the one here. But i am checking now.10:37
kevinbentonbreton: but i know johnthetubaguy was working on this interaction over the last cycle, so that may not be correct anymore10:37
kevinbentonbreton: actually, the service token use case is what we need for neutron as well IIRC10:38
kevinbentonbreton: if it will allow us to still use user credentials, but then distinguish that the request came through nova so allow port binding as well10:39
bretonkevinbenton: it is, but is it already implemeted? My grep can't find any mentions of this in neutron or nova10:44
kevinbentonbreton: no, it's not implemented yet. it was just something we discussed at the last mid-cycle10:45
kevinbentonbreton: IIRC we were waiting on keystone at the time10:45
*** pcaruana has quit IRC10:58
*** markvoelker has joined #openstack-keystone11:00
bretoni don't understand what it has to do with service token. I can't find where it is set.11:03
*** markvoelker has quit IRC11:05
bretonok, i figured it out.11:09
bretonit happens because keystonemiddleware tells nova to use UserAuthPlugin for interaction with nova. UserAuthPlugin includes novas token as service token11:11
breton*for interaction with neutron11:12
bretoni'll go have lunch and then think what to do about it11:13
*** nicolasbock has quit IRC11:17
*** sheel has quit IRC12:47
*** AlexeyAbashkin has quit IRC12:57
*** markvoelker has joined #openstack-keystone13:01
*** sakthi has quit IRC13:02
*** markvoelker has quit IRC13:06
*** guoshan has joined #openstack-keystone13:09
*** links has quit IRC13:24
bretoni think we should just remove this warning at all.13:29
bretonor make it a debugging message13:30
*** guoshan has quit IRC13:42
*** guoshan has joined #openstack-keystone13:43
*** Dinesh_Bhor has quit IRC13:49
*** catintheroof has joined #openstack-keystone14:03
*** catintheroof has quit IRC14:08
*** catintheroof has joined #openstack-keystone14:08
*** udesale_wfh has quit IRC14:28
*** david-lyle has joined #openstack-keystone14:30
*** david-lyle has quit IRC14:35
lbragstado/14:51
*** nklenke has quit IRC14:52
*** nklenke has joined #openstack-keystone15:00
*** markvoelker has joined #openstack-keystone15:02
*** markvoelker has quit IRC15:06
openstackgerritBoris Bobrov proposed openstack/keystonemiddleware: Do not warn about service token without correct roles  https://review.openstack.org/41588615:08
bretonlbragstad: o/15:08
lbragstadbreton good evening!15:09
*** asettle has quit IRC15:21
*** catintheroof has quit IRC15:29
*** guoshan has quit IRC15:57
*** rcernin has quit IRC16:01
*** markvoelker has joined #openstack-keystone16:03
*** tesseract has quit IRC16:05
*** markvoelker has quit IRC16:07
*** harlowja has joined #openstack-keystone16:31
*** david-lyle has joined #openstack-keystone16:32
*** david-lyle has quit IRC16:37
*** dave-mccowan has joined #openstack-keystone16:38
openstackgerritLance Bragstad proposed openstack/keystone: Implement shadow mapping  https://review.openstack.org/41589516:51
*** dave-mccowan has quit IRC16:54
*** itisha has joined #openstack-keystone16:59
*** markvoelker has joined #openstack-keystone17:03
*** markvoelker has quit IRC17:08
*** catintheroof has joined #openstack-keystone17:44
*** dave-mccowan has joined #openstack-keystone17:49
*** catinthe_ has joined #openstack-keystone17:49
*** catintheroof has quit IRC17:50
*** dave-mcc_ has joined #openstack-keystone17:51
*** dave-mccowan has quit IRC17:54
*** harlowja has quit IRC17:56
*** chris_hultin|AWA is now known as chris_hultin17:56
*** markvoelker has joined #openstack-keystone18:04
*** chris_hultin is now known as chris_hultin|AWA18:05
*** dave-mcc_ has quit IRC18:06
*** markvoelker has quit IRC18:09
*** catinthe_ has quit IRC18:15
*** asettle has joined #openstack-keystone18:24
*** asettle has quit IRC18:28
*** chris_hultin|AWA is now known as chris_hultin18:30
*** david-lyle has joined #openstack-keystone18:33
*** pece has joined #openstack-keystone18:35
*** david-lyle has quit IRC18:38
*** chris_hultin is now known as chris_hultin|AWA18:43
*** pece has quit IRC18:59
*** markvoelker has joined #openstack-keystone19:05
*** markvoelker has quit IRC19:09
*** itisha has quit IRC19:12
*** catintheroof has joined #openstack-keystone19:21
*** jose-phillips has joined #openstack-keystone19:22
*** d0ugal has quit IRC19:32
*** catintheroof has quit IRC19:52
*** dave-mccowan has joined #openstack-keystone20:04
*** markvoelker has joined #openstack-keystone20:06
*** markvoelker has quit IRC20:10
*** d0ugal has joined #openstack-keystone20:11
*** dave-mccowan has quit IRC20:24
openstackgerritMerged openstack/keystone: [api] Inconsistency between v3 API and keystone token timestamps  https://review.openstack.org/41387820:55
*** nicolasbock has joined #openstack-keystone20:58
*** chris_hultin|AWA is now known as chris_hultin21:00
openstackgerritRodrigo Duarte proposed openstack/keystone: Federated authentication via ECP functional tests  https://review.openstack.org/32476921:03
openstackgerritRodrigo Duarte proposed openstack/keystone: WIP: Cascade delete federated_user fk  https://review.openstack.org/41590621:03
*** markvoelker has joined #openstack-keystone21:06
*** harlowja has joined #openstack-keystone21:07
openstackgerritRodrigo Duarte proposed openstack/keystone: WIP: Cascade delete federated_user fk  https://review.openstack.org/41590621:08
*** markvoelker has quit IRC21:11
*** harlowja has quit IRC21:15
*** chris_hultin is now known as chris_hultin|AWA21:15
*** david-lyle has joined #openstack-keystone21:36
*** david-lyle has quit IRC21:40
*** jose-phillips has quit IRC21:43
*** jose-phillips has joined #openstack-keystone21:54
*** jose-phillips has quit IRC21:58
*** jose-phillips has joined #openstack-keystone22:05
*** d0ugal has quit IRC22:07
*** markvoelker has joined #openstack-keystone22:07
*** markvoelker has quit IRC22:12
*** jose-phillips has quit IRC22:17
*** nicolasbock has quit IRC22:25
*** catintheroof has joined #openstack-keystone23:07
*** markvoelker has joined #openstack-keystone23:08
*** markvoelker has quit IRC23:13
*** david-lyle has joined #openstack-keystone23:37
*** david-lyle has quit IRC23:42
« Thursday, 2016-12-29 Index Saturday, 2016-12-31 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!