Friday, 2017-03-31

« Thursday, 2017-03-30 Index Saturday, 2017-04-01 »
*** niteshnarayanlal has quit IRC00:08
*** jlopezgu_ has quit IRC00:12
*** jamielennox is now known as jamielennox|away00:25
*** adrian_otto has quit IRC00:26
*** dikonoo has joined #openstack-keystone00:26
*** dikonoor has joined #openstack-keystone00:26
*** agrebennikov has quit IRC00:27
*** zhurong has joined #openstack-keystone00:30
*** jamielennox|away is now known as jamielennox00:31
*** MasterOfBugs has quit IRC00:35
*** thorst has joined #openstack-keystone00:38
*** thorst has quit IRC00:39
*** ravelar has quit IRC00:40
*** rmascena has joined #openstack-keystone00:47
*** raildo has quit IRC00:50
*** Shunli has joined #openstack-keystone00:52
*** Dave has quit IRC00:54
*** zsli_ has joined #openstack-keystone00:58
*** zsli_ has quit IRC01:01
*** Shunli has quit IRC01:01
*** Shunli has joined #openstack-keystone01:01
*** Dave has joined #openstack-keystone01:02
*** thorst has joined #openstack-keystone01:10
*** liujiong has joined #openstack-keystone01:10
*** browne has quit IRC01:27
*** thorst has quit IRC01:28
*** dikonoo has quit IRC01:29
*** dikonoor has quit IRC01:29
*** thorst has joined #openstack-keystone01:37
*** thorst has quit IRC01:38
*** lucasxu has joined #openstack-keystone01:45
*** lucasxu has quit IRC02:10
*** lucasxu has joined #openstack-keystone02:11
*** lucasxu has quit IRC02:19
*** agrebennikov has joined #openstack-keystone02:36
*** thorst has joined #openstack-keystone02:39
*** thorst has quit IRC02:56
*** thorst has joined #openstack-keystone02:57
*** thorst has quit IRC03:01
*** namnh has joined #openstack-keystone03:01
*** guoshan has joined #openstack-keystone03:02
*** Shunli has quit IRC03:32
*** knangia has quit IRC03:41
*** lamt has joined #openstack-keystone03:42
openstackgerritTin Lam proposed openstack/keystonemiddleware master: Replace pycrypto with cryptography  https://review.openstack.org/45194103:44
*** rderose has quit IRC03:51
*** thorst has joined #openstack-keystone04:01
*** guoshan has quit IRC04:02
*** thorst has quit IRC04:06
*** edmondsw has joined #openstack-keystone04:08
*** zhurong has quit IRC04:09
*** edmondsw has quit IRC04:12
*** ravelar has joined #openstack-keystone04:13
*** prashkre has joined #openstack-keystone04:18
*** zhurong has joined #openstack-keystone04:30
*** dikonoo has joined #openstack-keystone04:48
*** dikonoor has joined #openstack-keystone04:48
*** agrebennikov has quit IRC04:51
*** prashkre has quit IRC04:57
*** thorst has joined #openstack-keystone05:02
*** thorst has quit IRC05:07
*** frickler has quit IRC05:11
*** frickler has joined #openstack-keystone05:12
*** lamt has quit IRC05:19
*** prashkre has joined #openstack-keystone05:21
*** zhurong has quit IRC05:41
*** lamt has joined #openstack-keystone05:42
*** richm has quit IRC05:43
*** rcernin has joined #openstack-keystone05:44
*** adrian_otto has joined #openstack-keystone05:52
*** belmoreira has joined #openstack-keystone05:55
*** jaosorior has joined #openstack-keystone05:56
*** thorst has joined #openstack-keystone06:03
*** zhurong has joined #openstack-keystone06:05
*** thorst has quit IRC06:08
*** voelzmo has joined #openstack-keystone06:19
*** dikonoo has quit IRC06:19
*** dikonoor has quit IRC06:19
*** voelzmo has quit IRC06:23
*** voelzmo has joined #openstack-keystone06:29
*** prashkre has quit IRC06:32
*** prashkre has joined #openstack-keystone06:32
*** d0ugal has joined #openstack-keystone06:52
*** d0ugal has quit IRC06:52
*** d0ugal has joined #openstack-keystone06:52
*** d0ugal has quit IRC06:54
*** d0ugal has joined #openstack-keystone06:58
*** d0ugal has quit IRC06:58
*** d0ugal has joined #openstack-keystone06:58
*** thorst has joined #openstack-keystone07:04
*** tesseract has joined #openstack-keystone07:08
*** thorst has quit IRC07:09
*** aojea has joined #openstack-keystone07:12
*** lamt has quit IRC07:20
*** d0ugal has quit IRC07:22
*** d0ugal has joined #openstack-keystone07:26
*** d0ugal has quit IRC07:26
*** d0ugal has joined #openstack-keystone07:26
*** pcaruana has joined #openstack-keystone07:27
-openstackstatus- NOTICE: Jobs in gate are failing with POST_FAILURE. Infra roots are investigating07:43
*** ChanServ changes topic to "Jobs in gate are failing with POST_FAILURE. Infra roots are investigating"07:43
*** rcernin has quit IRC07:54
*** tesseract has quit IRC07:54
*** rcernin has joined #openstack-keystone07:55
*** tesseract has joined #openstack-keystone07:55
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:04
*** thorst has joined #openstack-keystone08:05
*** henrynash has joined #openstack-keystone08:10
evrardjphello, is there a way to see more verbosity of the keystone-manage (bootstrap in my case) cli? if it's possible to know why it returns 1 before I dig into its code, that would be great08:10
evrardjpok found it :)08:12
*** romtso has joined #openstack-keystone08:14
*** aojea_ has joined #openstack-keystone08:17
*** aojea has quit IRC08:20
*** prashkre has quit IRC08:21
-openstackstatus- NOTICE: logs.openstack.org has corrupted disks, it's being repaired. Please avoid rechecking until this is fixed08:23
*** ChanServ changes topic to "logs.openstack.org has corrupted disks, it's being repaired. Please avoid rechecking until this is fixed"08:23
*** thorst has quit IRC08:24
*** ma9_1 has quit IRC08:27
*** ma9_ has joined #openstack-keystone08:28
*** pnavarro has joined #openstack-keystone08:29
*** ma9_ has quit IRC08:58
*** ma9_ has joined #openstack-keystone08:59
*** bjornar_ has joined #openstack-keystone09:14
*** edmondsw has joined #openstack-keystone09:32
*** edmondsw has quit IRC09:37
*** adrian_otto has quit IRC09:53
samueldmqmorning keystone09:58
*** BlackDex has joined #openstack-keystone09:58
*** bjornar_ has quit IRC10:00
*** bjornar_ has joined #openstack-keystone10:03
*** pnavarro has quit IRC10:07
*** richm has joined #openstack-keystone10:14
*** zhurong has quit IRC10:18
*** liujiong has quit IRC10:19
*** prashkre has joined #openstack-keystone10:20
*** thorst has joined #openstack-keystone10:21
*** namnh has quit IRC10:24
*** thorst has quit IRC10:26
*** zhurong has joined #openstack-keystone10:41
*** ayoung has joined #openstack-keystone10:53
*** prashkre has quit IRC10:54
*** prashkre has joined #openstack-keystone10:55
*** Aurelgadjo has quit IRC10:57
*** dikonoo has joined #openstack-keystone11:03
*** dikonoor has joined #openstack-keystone11:03
*** henrynash has quit IRC11:13
*** narasimha_SV has joined #openstack-keystone11:20
narasimha_SVhow to integrate LDAP with keystone ?11:20
narasimha_SVstill I need to add this https://review.openstack.org/#/c/395967 code11:21
narasimha_SV??11:21
*** thorst has joined #openstack-keystone11:22
*** thorst has quit IRC11:27
*** knangia has joined #openstack-keystone11:29
*** thorst has joined #openstack-keystone11:32
*** ma9_ has quit IRC11:50
*** zhurong has quit IRC11:59
lbragstado/12:26
*** edmondsw has joined #openstack-keystone12:33
*** pnavarro has joined #openstack-keystone12:33
*** catintheroof has joined #openstack-keystone12:36
*** mlee has left #openstack-keystone12:38
*** chlong has joined #openstack-keystone12:40
*** HW-Peter has joined #openstack-keystone12:55
*** HW-Peter has quit IRC12:56
*** HW-Peter has joined #openstack-keystone12:56
*** Aurelgadjo has joined #openstack-keystone12:57
*** aojea_ has quit IRC13:05
openstackgerritayoung proposed openstack/keystone-specs master: Commit ot RBAC in middleware in Pike release  https://review.openstack.org/45219813:05
*** lamt has joined #openstack-keystone13:17
*** dave-mccowan has joined #openstack-keystone13:18
dstaneknarasimha_SV: that has been abandoned13:20
dstaneknarasimha_SV: you can configure devstack to setup ldap13:20
*** tuan__ has joined #openstack-keystone13:22
tuan__hi keystone folks13:23
dstanekhi tuan__13:23
tuan__this may be a stupid question but do we have docs about admin token, service token13:23
tuan__i would like to use service token in some places when user token is expired13:24
dstanektuan__: what version are you using? admin token isn't recommended anymore - bootstrap instead13:24
dolphmevrardjp: what was the reason?13:25
dstanektuan__: when you say service token you mean a token like what nova would use?13:25
tuan__yeap13:25
tuan__dstanek: now we are still using user token13:25
tuan__and we want a solution for calling other clients like nova client when user token expired13:26
tuan__that is why we would like to go with service token13:26
*** agrebennikov has joined #openstack-keystone13:26
tuan__and as i understand that we can have it through keystone client with context13:26
*** adu has joined #openstack-keystone13:27
Dinesh_Bhordstanek, lbragstad: Hi, may I have your attention on this? https://review.openstack.org/#/c/329913/13:27
evrardjpdolphm: "orchestration" reason, not a keystone issue itself :p13:28
dolphmyay? lol13:28
evrardjphaha :)13:28
dstanekDinesh_Bhor: i honestly don't know what's going to happen with client code yet13:31
Dinesh_Bhordstanek: ohh, you mean to say deprecation?13:34
tuan__dstanek: could you take a look to it13:34
tuan__http://paste.openstack.org/show/605044/13:34
*** mariusv has quit IRC13:34
tuan__this is about the service token what i would like to use if user token expired13:34
dstanektuan__: if you are wanting to use nova with a service token then you'll have to see if you can provide that to nova. the basic idea, iirc, is that we added an extra header to auth middleware x-service-token13:34
dstanektuan__: you still need to provide a valid token in addtion to the expired one13:35
tuan__ahah13:36
dstanektuan__: https://specs.openstack.org/openstack/keystone-specs/specs/keystonemiddleware/implemented/service-tokens.html13:36
tuan__dstanek: thank you13:37
dstanektuan__: np13:37
tuan__what about calling from keystone client with context13:37
dstanektuan__: what do you mean?13:37
tuan__http://paste.openstack.org/show/605044/13:37
tuan__well, i was wrong13:38
dstanektuan__: depends on what is in that dictionary13:38
tuan__yup13:38
dstanektuan__: you probably want to start using keystoneauth13:38
tuan__ah ha, but what if in the context we provide the authentication informations13:38
tuan__password, username, etc.\13:39
dstanektuan__: if you give the client a username/passowrd i assume it will auth and get a token13:39
tuan__for example, in mistral, we would like to call novaclient from mistral13:39
tuan__but somehow user token expired when calling novaclient13:40
tuan__i mean nova user token13:40
tuan__then we try to re-call it by passing context to keystone13:40
openstackgerritayoung proposed openstack/keystone-specs master: Commit to RBAC in middleware in Pike release  https://review.openstack.org/45219813:40
tuan__but in this case, when calling from mistral, all the contexts belong to mistral, not nova13:41
tuan__so it does not work in this case13:41
dstanektuan__: i would expect you to be using a minstral user token as a service token and providing the user's token13:42
*** spilla has joined #openstack-keystone13:42
tuan__dstanek: you mean in this case, we need to implement the service token header to the mistral13:43
tuan__and then pass the service token along with it13:44
*** henrynash has joined #openstack-keystone13:45
dstanektuan__: i don't think you need to implement accepting a service token. i would expect you to provide one13:47
tuan__dstanek: as you see in the snippet that i use context of mistral user to connect to keystone13:52
tuan__and then from keystoneclient i got nova endpoint and auth_token13:52
*** prashkre has quit IRC13:52
tuan__in this case, it does not acquire a new one13:53
tuan__if the nova token expired13:53
tuan__i think i got wrong here13:53
narasimha_SVdstanek: by normal installation is it not possible to do rather than devstack ?13:54
dstaneknarasimha_SV: sure, you can configure keystone to use LDAP without devstack13:54
*** Dinesh_Bhor has quit IRC13:55
*** lucasxu has joined #openstack-keystone14:03
openstackgerritKristi Nikolla proposed openstack/keystone master: URL pattern based RBAC Management Interface  https://review.openstack.org/40180814:03
*** raildo has joined #openstack-keystone14:12
*** dikonoo has quit IRC14:15
*** rmascena has quit IRC14:15
*** dikonoor has quit IRC14:15
narasimha_SVdstanek: is the code related to LDAP is working now why I am asking like this is because keystone newton code was not working with LDAP14:16
*** jamielennox is now known as jamielennox|away14:16
dstaneknarasimha_SV: the ldap identity backend should work fine. as far as i know it should work in newton. what issue were you having?14:17
*** prashkre has joined #openstack-keystone14:19
*** lamt has quit IRC14:23
dstanekldap is read-only now right? or am i crazy?14:25
bretonit is afaik14:26
narasimha_SVwith newton code was trying to create the user14:27
narasimha_SVhttps://review.openstack.org/#/c/39596714:27
narasimha_SVafter adding the code in this patch I was able to work with LDAP14:27
dstaneknarasimha_SV: so we don't allow writes to LDAP anymore14:27
narasimha_SVyes14:28
dstanekbreton: coolio....that means i can kill another bug14:28
narasimha_SVwhen I look at commits I see few LDAP related test cases updated14:28
narasimha_SVso thought of checking here to come to know correctly14:29
dstaneknarasimha_SV: were you trying to create the user or was keystone trying automatically?14:30
*** guoshan has joined #openstack-keystone14:32
*** bjornar_ has quit IRC14:47
*** rderose has joined #openstack-keystone14:48
*** guoshan has quit IRC14:49
openstackgerritRichard Avelar proposed openstack/keystone master: Consolidate duplicate test and code in test_revoke  https://review.openstack.org/45192614:53
*** voelzmo has quit IRC14:57
*** lamt has joined #openstack-keystone14:58
openstackgerritKristi Nikolla proposed openstack/keystone master: URL pattern based RBAC Management Interface  https://review.openstack.org/40180815:00
knikollao/15:03
gagehugoo/15:03
openstackgerritRichard Avelar proposed openstack/keystone master: Consolidate duplicate test and code in test_revoke  https://review.openstack.org/45192615:03
*** henrynash_ has joined #openstack-keystone15:06
*** rcernin has quit IRC15:08
*** henrynash has quit IRC15:10
*** henrynash_ is now known as henrynash15:10
*** belmoreira has quit IRC15:10
*** prashkre has quit IRC15:24
*** adrian_otto has joined #openstack-keystone15:26
openstackgerritKristi Nikolla proposed openstack/keystone master: Differentiate between dpkg and rpm for libssl-dev  https://review.openstack.org/45089115:27
*** jaosorior has quit IRC15:28
*** romtso has quit IRC15:31
*** lucasxu has quit IRC15:31
*** henrynash has quit IRC15:34
openstackgerritAnthony Washington proposed openstack/keystone master: Move trust to DocumentedRuleDefault  https://review.openstack.org/44927815:35
openstackgerritAnthony Washington proposed openstack/keystone master: Move implied role policies to DocumentedRuleDefault  https://review.openstack.org/44924615:37
openstackgerritAnthony Washington proposed openstack/keystone master: Move group policies to DocumentedRuleDefault  https://review.openstack.org/44923715:42
*** prashkre has joined #openstack-keystone15:44
*** pcaruana has quit IRC15:46
*** prashkre has quit IRC15:49
*** lucasxu has joined #openstack-keystone15:55
*** prashkre has joined #openstack-keystone15:59
*** henrynash has joined #openstack-keystone16:11
*** bjornar_ has joined #openstack-keystone16:13
*** voelzmo has joined #openstack-keystone16:20
*** voelzmo has quit IRC16:25
*** voelzmo has joined #openstack-keystone16:26
*** lucasxu has quit IRC16:29
*** voelzmo has quit IRC16:31
*** edmondsw has quit IRC16:32
*** edmondsw has joined #openstack-keystone16:35
openstackgerritRichard Avelar proposed openstack/keystone master: Address comments from Policy in Code 5  https://review.openstack.org/44882616:35
*** edmondsw has quit IRC16:39
*** lucasxu has joined #openstack-keystone16:54
openstackgerritRichard Avelar proposed openstack/keystone master: Consolidate duplicate test and code in test_revoke  https://review.openstack.org/45192616:55
*** gyee has joined #openstack-keystone16:59
lbragstadi think https://review.openstack.org/#/c/440815/6 is looking good - curious for other keystone folks to review it though17:01
rodrigodslbragstad, it is on my list, hopefully i will have chance to take a look prior it merges17:02
*** henrynash has quit IRC17:07
*** narasimha_SV has quit IRC17:19
*** browne has joined #openstack-keystone17:21
*** TravT has joined #openstack-keystone17:22
*** henrynash has joined #openstack-keystone17:34
*** prashkre has quit IRC17:43
*** prashkre has joined #openstack-keystone17:43
*** MasterOfBugs has joined #openstack-keystone17:48
*** toddnni has quit IRC17:50
*** toddnni has joined #openstack-keystone17:55
*** henrynash has quit IRC17:59
*** aojea has joined #openstack-keystone18:10
*** lucasxu has quit IRC18:12
*** tesseract has quit IRC18:21
notmorganlbragstad: poke18:26
notmorganlbragstad: https://review.openstack.org/#/c/428472/ +A? or do we want to scrub it / hold.18:27
lbragstadnotmorgan checking18:29
*** agrebennikov has quit IRC18:36
*** aojea has quit IRC18:40
lbragstadcc dolphm ^18:52
*** jlopezgu_ has joined #openstack-keystone18:58
*** lucasxu has joined #openstack-keystone19:00
dolphmlbragstad: i'll settle for the docstr + reviewers, and just cross my fingers then :P19:01
*** lucasxu has quit IRC19:02
lbragstadFYI - here is a list of proposed keystone sessions we currently have https://etherpad.openstack.org/p/BOS-Keystone-brainstorming19:04
*** HW-Peter has quit IRC19:06
*** tuan__ has quit IRC19:25
*** aojea has joined #openstack-keystone19:31
openstackgerritMerged openstack/keystone master: Removed the deprecated pki_setup command  https://review.openstack.org/43093819:34
-openstackstatus- NOTICE: lists.openstack.org will be offline from 20:00 to 23:00 UTC for planned upgrade maintenance19:58
notmorgandolphm: i can do some metaclass magic, but it is a LOT more restructuring20:04
notmorgandolphm: bascially, we need to eliminate the mixins and make it just parent classes.20:04
notmorgandolphm: i can do that, but the metaclass is super weird20:04
*** stradling has joined #openstack-keystone20:10
openstackgerritMerged openstack/keystone master: Make use of Dict-base including extras explicit  https://review.openstack.org/42847220:11
*** sjain has joined #openstack-keystone20:12
*** spilla has quit IRC20:24
*** prashkre has quit IRC20:28
*** prashkre has joined #openstack-keystone20:28
*** spilla has joined #openstack-keystone20:32
dstaneknotmorgan: rodrigods: should i make changes for https://review.openstack.org/#/c/430938/2 ?20:39
*** stradling has quit IRC20:42
notmorgandstanek: as long as someone does :)20:47
dstaneknotmorgan: how do you think i should change it?20:50
*** henrynash has joined #openstack-keystone20:55
*** sjain has quit IRC20:57
*** prashkre has quit IRC20:59
*** spilla has quit IRC21:12
*** pramodrj07 has joined #openstack-keystone21:15
*** mvk has quit IRC21:18
*** aojea has quit IRC21:21
notmorgandstanek: i meant as long as everything is marked as deprecated for removal21:37
notmorganand there are no doc changes left to do21:37
notmorganthen no issues/updates21:38
notmorganif there are anything lingering... then a followup is fine21:38
notmorgandstanek: sorry, wasn't clear on it. i did +A the patch since it was complete afaict short of maybe a doc change21:38
-openstackstatus- NOTICE: The upgrade maintenance for lists.openstack.org has been completed and it is back online.21:50
dstaneknotmorgan: ah, ok. they are all marked as deprecated. i didn't change the message though which is why rodrigods' grep found the command name21:53
dstanekcode was removed, docs were removed and config options were marked as deprecated21:53
*** henrynash has quit IRC22:06
*** henrynash has joined #openstack-keystone22:08
*** thorst has quit IRC22:10
*** catintheroof has quit IRC22:36
*** adrian_otto has quit IRC22:43
*** adrian_otto has joined #openstack-keystone22:52
*** edmondsw has joined #openstack-keystone23:09
*** thorst has joined #openstack-keystone23:11
*** edmondsw has quit IRC23:14
*** adrian_otto has quit IRC23:15
*** thorst has quit IRC23:15
*** adrian_otto has joined #openstack-keystone23:18
*** adrian_otto has quit IRC23:25
*** browne has quit IRC23:25
*** bjornar_ has quit IRC23:25
*** bjornar_ has joined #openstack-keystone23:29
*** thorst has joined #openstack-keystone23:42
*** jlopezgu_ has quit IRC23:52
« Thursday, 2017-03-30 Index Saturday, 2017-04-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!