Monday, 2017-01-02

« Sunday, 2017-01-01 Index Tuesday, 2017-01-03 »
*** markvoelker has joined #openstack-keystone00:46
*** markvoelker has quit IRC00:51
*** markvoelker has joined #openstack-keystone01:47
*** markvoelker has quit IRC01:51
*** david-lyle has joined #openstack-keystone02:35
*** david-lyle has quit IRC02:39
*** markvoelker has joined #openstack-keystone02:48
*** markvoelker has quit IRC02:52
*** stingaci has joined #openstack-keystone03:01
*** stingaci has quit IRC03:05
*** links has joined #openstack-keystone03:36
*** markvoelker has joined #openstack-keystone03:48
*** markvoelker has quit IRC03:53
*** g2 is now known as trump04:22
*** trump is now known as trump104:23
*** trump1 is now known as trumpinanus04:28
*** trumpinanus is now known as g2204:31
*** david-lyle has joined #openstack-keystone04:36
*** david-lyle has quit IRC04:41
*** sheel has joined #openstack-keystone04:43
*** markvoelker has joined #openstack-keystone04:49
*** markvoelker has quit IRC04:53
openstackgerritMerged openstack/keystone: Federated authentication via ECP functional tests  https://review.openstack.org/32476905:00
openstackgerritSteve Martinelli proposed openstack/keystone: Fix import ordering in tempest plugins  https://review.openstack.org/41324405:02
*** gus has quit IRC05:05
*** guoshan has joined #openstack-keystone05:07
*** udesale has joined #openstack-keystone05:36
*** markvoelker has joined #openstack-keystone05:50
*** markvoelker has quit IRC05:54
*** Dinesh_Bhor has joined #openstack-keystone06:11
*** stingaci has joined #openstack-keystone07:03
*** stingaci has quit IRC07:08
*** pcaruana has joined #openstack-keystone07:23
*** rcernin has joined #openstack-keystone07:37
*** martinus__ has joined #openstack-keystone07:37
*** rcernin has quit IRC07:39
*** rcernin has joined #openstack-keystone07:41
*** rcernin has quit IRC07:51
*** rcernin has joined #openstack-keystone07:52
*** guoshan has quit IRC08:08
*** guoshan has joined #openstack-keystone08:09
*** xek has joined #openstack-keystone08:40
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** haplo37 has quit IRC09:10
*** d0ugal has joined #openstack-keystone09:14
*** haplo37_ has joined #openstack-keystone09:14
*** guoshan has quit IRC09:20
*** guoshan has joined #openstack-keystone09:20
*** guoshan has quit IRC09:28
*** guoshan has joined #openstack-keystone09:34
*** d0ugal has quit IRC10:06
*** mvk has joined #openstack-keystone10:08
*** JoeStack has joined #openstack-keystone10:12
JoeStackI try to use the OpenStack CLI remotely on my local terminal. I've installed the python-openstackclient 2.3 and I've written and sourced some environment variables. I can use "nova list" but I cannot use any "openstack service <foo>" requesting the keystone API. When I use some debugging flags with that command, I always see the private keystone URL in the last CURL command instead of the public URL. Anyone any idea to guide me on t10:23
openstackgerritSami Makki proposed openstack/oslo.policy: Remove dead code and use default value of argparse.  https://review.openstack.org/41198610:23
Anticimexhappy federated new years10:48
Anticimexis it ever possible with federated login to set/get the domain part of a user?10:49
Anticimexwe're running keystone liberty with federation and have a horizon plugin that depends on domainnames10:50
Anticimexdo the shadow user features include the domain setting?10:50
*** guoshan has quit IRC10:51
*** udesale has quit IRC11:01
*** haplo37_ has quit IRC11:02
*** haplo37_ has joined #openstack-keystone11:05
*** guoshan has joined #openstack-keystone11:12
*** guoshan has quit IRC11:57
*** guoshan has joined #openstack-keystone12:04
*** asettle has joined #openstack-keystone12:07
openstackgerritSami Makki proposed openstack/oslo.policy: Remove dead code and use default value of argparse.  https://review.openstack.org/41604012:14
*** asettle has quit IRC12:17
*** asettle has joined #openstack-keystone12:21
*** guoshan has quit IRC12:32
*** catintheroof has joined #openstack-keystone12:40
samueldmqmorning, happy new year keystoners12:50
*** markvoelker has joined #openstack-keystone12:55
*** guoshan has joined #openstack-keystone13:00
*** markvoelker has quit IRC13:00
*** pcaruana has quit IRC13:00
*** pcaruana has joined #openstack-keystone13:04
*** oomichi has quit IRC13:07
*** oomichi has joined #openstack-keystone13:08
*** oomichi has quit IRC13:13
*** oomichi has joined #openstack-keystone13:14
*** oomichi has quit IRC13:19
*** oomichi has joined #openstack-keystone13:20
*** oomichi has quit IRC13:22
*** oomichi has joined #openstack-keystone13:25
*** oomichi has quit IRC13:27
*** oomichi has joined #openstack-keystone13:30
*** david-lyle has joined #openstack-keystone13:43
*** david-lyle has quit IRC13:47
*** markvoelker has joined #openstack-keystone13:56
*** markvoelker has quit IRC14:00
dstanekgood morning14:07
*** links has quit IRC14:09
*** rcernin has quit IRC14:09
*** rcernin has joined #openstack-keystone14:11
dstanekJoeStack: are you using the private URL in the environment vars?14:21
dstanekAnticimex: our domain support with federation is pretty weak right now  and probably doesn't exist in Liberty14:22
openstackgerritMerged openstack/keystone: Fix cloud_admin rule and ensure only project tokens can be cloud admin  https://review.openstack.org/41156314:24
Anticimexdstanek: ack14:27
Anticimexi'm close to figuring out how to patch our code now14:28
Anticimexwe want to use the project's domain (we were using the users domain and that's a nogo it seems with federated), so fix is depending on whether a project scoped token as available in horizon (mitaka) shows the project's domain14:29
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5  https://review.openstack.org/41250014:33
*** markvoelker has joined #openstack-keystone14:57
*** catinthe_ has joined #openstack-keystone15:00
*** markvoelker has quit IRC15:01
*** catintheroof has quit IRC15:04
*** asettle has quit IRC15:06
Anticimexseems the openstack_auth token carried in the horizon middleware request.session object doesn't have directly what i need; domain = {id: None, name: None} , user_domain_id = Federated.15:09
Anticimexwhich i guess makes sense15:09
*** guoshan has quit IRC15:14
*** links has joined #openstack-keystone15:16
*** catintheroof has joined #openstack-keystone15:19
*** catinthe_ has quit IRC15:23
*** catinthe_ has joined #openstack-keystone15:30
*** catintheroof has quit IRC15:31
JoeStackdstanek: I'm using the public URL in the environment vars.15:32
*** links has quit IRC15:44
*** david-lyle has joined #openstack-keystone15:45
*** david-lyle has quit IRC15:49
*** nolwenn has joined #openstack-keystone15:49
*** mvk has quit IRC15:50
*** markvoelker has joined #openstack-keystone15:58
dstanekJoeStack: v2 or v3?15:59
nolwennhello, I just upgrade keystone in mitaka, and since I have a problem with autoscaling. When I send a signal with the scale up / scale down urls, I get "AWS authentication failure". Do you see where it comes from?16:00
*** markvoelker has quit IRC16:02
JoeStackdstanek: v216:05
*** sheel has quit IRC16:07
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/41596516:10
*** asettle has joined #openstack-keystone16:13
*** rcernin has quit IRC16:16
dstanekJoeStack: v2 limits the things that can be done on the public endpoint. are you able to use v3 instead?16:35
dstaneknolwenn: i'm not sure if that has anything to do with keystone. have you looked in the keystone logs?16:37
nolwenndstanek : yes, I have {"name":"keystone.common.wsgi","request_id":"req-08b69ec1-459a-445b-afb9-1b9f94b78fcd","user_identity":"- - - - -","instance":"","message":"Authorization failed. The request you have made requires authentication}16:38
*** rcernin has joined #openstack-keystone16:39
dstaneknolwenn: where are you getting that AWS message from?16:39
nolwenndstanek : from heat-cfn-api16:40
nolwenndstanek : heat-cfn-api_1  | {"name":"heat.api.aws.ec2token","instance":"","message":"AWS authentication failure."}16:44
*** dave-mccowan has joined #openstack-keystone16:53
dstaneknolwenn: i'm guessing that something is wrong with the token being used. do you have debug logging on?16:54
*** catintheroof has joined #openstack-keystone16:56
*** markvoelker has joined #openstack-keystone16:58
*** catinthe_ has quit IRC17:00
*** markvoelker has quit IRC17:03
nolwenndstanek : It is during recovery of the token from ec2 credentials i think17:05
dstaneknolwenn: if you have debugging on you may be more information about why the token is being rejected or even if a token is being provided17:07
nolwenni have already debugging, but not more information17:09
dstaneknolwenn: there is no debug entries in the keystone log near that time?17:15
nolwenndstanek: just {"name":"keystone.common.wsgi","request_id":"req-9fbf1447-fe42-40ae-b5b5-a3e4cef66f39","user_identity":"- - - - -","instance":"","message":"Authorization failed. The request you have made requires authentication. from 172.18.0.10"}17:18
nolwenndstanek : I don't  know if this is a good track but check_signature in https://github.com/openstack/keystone/blob/stable/mitaka/keystone/contrib/ec2/controllers.py#L58 return false17:28
*** d0ugal has joined #openstack-keystone17:40
*** d0ugal has joined #openstack-keystone17:40
*** d0ugal has quit IRC17:49
*** andrewbogott has quit IRC17:51
*** briancurtin has quit IRC17:51
*** jraim has quit IRC17:52
*** pkoraca has quit IRC17:53
*** boris-42 has quit IRC17:53
*** nikhil has quit IRC17:53
*** samueldmq has quit IRC17:54
*** andrewbogott has joined #openstack-keystone17:55
JoeStackdstanek: does it mean still to use the keystone URI/v2.0 and set environment var: OS_IDENTITY_API_VERSION=3?17:55
*** pkoraca has joined #openstack-keystone17:56
*** boris-42 has joined #openstack-keystone17:57
*** nikhil has joined #openstack-keystone17:57
*** samueldmq has joined #openstack-keystone17:57
*** ChanServ sets mode: +v samueldmq17:57
*** dave-mccowan has quit IRC17:57
*** markvoelker has joined #openstack-keystone17:59
*** jraim has joined #openstack-keystone18:00
*** markvoelker has quit IRC18:04
*** briancurtin has joined #openstack-keystone18:07
rodrigodshey all, happy new year! :)18:17
*** asettle has quit IRC18:28
*** asettle has joined #openstack-keystone18:28
*** asettle has quit IRC18:33
dstanekJoeStack: if you switch the identity api version you will be using v318:49
dstanekrodrigods: happy new year!18:49
*** dave-mccowan has joined #openstack-keystone18:51
*** haplo37_ has quit IRC18:51
*** haplo37_ has joined #openstack-keystone18:54
*** markvoelker has joined #openstack-keystone19:00
*** markvoelker has quit IRC19:05
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Just a test with python3.5  https://review.openstack.org/41250019:28
*** mvk has joined #openstack-keystone19:46
*** dave-mccowan has quit IRC19:58
*** pcaruana has quit IRC20:00
*** markvoelker has joined #openstack-keystone20:01
*** markvoelker has quit IRC20:06
*** asettle has joined #openstack-keystone20:14
*** asettle has quit IRC20:14
*** asettle has joined #openstack-keystone20:15
*** asettle has joined #openstack-keystone20:15
*** asettle has joined #openstack-keystone20:16
*** asettle has joined #openstack-keystone20:17
*** david-lyle has joined #openstack-keystone20:48
*** david-lyle has quit IRC20:52
*** asettle has joined #openstack-keystone20:54
*** pcaruana has joined #openstack-keystone21:00
*** asettle has quit IRC21:01
*** markvoelker has joined #openstack-keystone21:01
*** rcernin has quit IRC21:02
*** markvoelker has quit IRC21:06
*** asettle has joined #openstack-keystone21:09
*** asettle has quit IRC21:10
*** pcaruana has quit IRC21:20
*** pcaruana has joined #openstack-keystone21:42
*** markvoelker has joined #openstack-keystone22:02
*** markvoelker has quit IRC22:07
*** pcaruana has quit IRC22:13
jamielennoxAnticimex: what do you need the project_domain_id for? Typically it's sufficient to use the project_id for anything like that22:38
*** david-lyle has joined #openstack-keystone22:49
*** david-lyle has quit IRC22:54
*** markvoelker has joined #openstack-keystone23:03
*** markvoelker has quit IRC23:08
*** JoeStack has left #openstack-keystone23:29
« Sunday, 2017-01-01 Index Tuesday, 2017-01-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!