Thursday, 2017-04-20

« Wednesday, 2017-04-19 Index Friday, 2017-04-21 »
*** edmondsw has joined #openstack-keystone00:23
*** edmondsw has quit IRC00:28
*** ngupta has joined #openstack-keystone00:30
openstackgerritMerged openstack/keystoneauth master: Add bindep.txt file  https://review.openstack.org/45824200:34
*** thorst has joined #openstack-keystone00:37
*** thorst has quit IRC00:42
*** jerrygb has joined #openstack-keystone00:50
*** catintheroof has quit IRC00:52
*** mpjetta has joined #openstack-keystone00:55
*** jerrygb has quit IRC00:56
*** gyee has quit IRC01:03
*** MasterOfBugs has quit IRC01:07
*** topol has joined #openstack-keystone01:12
*** thorst has joined #openstack-keystone01:13
openstackgerritJamie Lennox proposed openstack/keystoneauth master: Port the missing version data discovery tests from ksc  https://review.openstack.org/45828601:20
openstackgerritJamie Lennox proposed openstack/keystoneauth master: Allow passing a LATEST sentinel to discover version  https://review.openstack.org/45828701:20
jamielennoxmordred, samueldmq: ok, so ^ is part of what you are doing (cleaned up and tests)01:21
jamielennoxbut the more i think of it the less likely i think you really want a LATEST at all01:21
*** thorst has quit IRC01:25
*** MasterOfBugs has joined #openstack-keystone01:25
*** shuyingya has joined #openstack-keystone01:26
jamielennoxmordred: so version=(2,1) will match anything 2.1 and above, 2.1, 2.2, etc because they are deemed backwards compatible with 2.101:29
jamielennoxthere is almost no way you really want to say get_endpoint('identity', LATEST)01:29
jamielennoxbecause v2 and v3 are completely different01:30
jamielennoxso 2, 0 and 3, 0 should be sufficient there01:30
*** thorst has joined #openstack-keystone01:33
*** guoshan has joined #openstack-keystone01:35
*** david-lyle has quit IRC01:35
*** thorst has quit IRC01:36
*** liujiong has joined #openstack-keystone01:42
*** jerrygb has joined #openstack-keystone01:43
*** xuhaigang has quit IRC01:45
*** shuyingya has quit IRC01:45
*** shuyingya has joined #openstack-keystone01:47
*** david-lyle has joined #openstack-keystone01:50
*** dave-mcc_ has joined #openstack-keystone01:51
*** dave-mccowan has quit IRC01:53
*** xuhaigang has joined #openstack-keystone01:58
*** thorst has joined #openstack-keystone02:07
*** dave-mccowan has joined #openstack-keystone02:11
*** zhurong has joined #openstack-keystone02:11
*** Shunli has joined #openstack-keystone02:11
*** dave-mcc_ has quit IRC02:13
*** clayton has joined #openstack-keystone02:17
*** xuhaigang has quit IRC02:22
*** thorst has quit IRC02:23
*** shuyingy_ has joined #openstack-keystone02:26
*** shuying__ has joined #openstack-keystone02:29
*** shuyingy_ has quit IRC02:29
*** shuyingya has quit IRC02:30
*** topol has quit IRC02:33
*** ngupta has quit IRC02:38
*** ngupta has joined #openstack-keystone02:38
*** xuhaigang has joined #openstack-keystone02:42
openstackgerritzhengliuyang proposed openstack/keystone master: Add filter explain in api ref about parents_as_list and subtree_as_list I create a project and its child, then show the project with subtree_as_list, but the subtree list in response is null. I can not find problem via api ref about this parameter, until   https://review.openstack.org/45830702:51
*** thorst has joined #openstack-keystone02:54
*** ngupta has quit IRC02:54
*** jerrygb has quit IRC02:55
*** topol has joined #openstack-keystone03:05
*** topol has quit IRC03:10
*** zhurong has quit IRC03:21
*** thorst has joined #openstack-keystone03:26
*** zhurong has joined #openstack-keystone03:28
*** balan has joined #openstack-keystone03:30
*** zhurong has quit IRC03:31
*** nicolasbock has quit IRC03:31
balanany help much appriciated03:31
*** thorst has quit IRC03:44
*** balan has quit IRC03:50
*** ngupta has joined #openstack-keystone03:55
*** edmondsw has joined #openstack-keystone04:00
*** guoshan has quit IRC04:01
*** edmondsw has quit IRC04:04
*** dave-mccowan has quit IRC04:07
*** jerrygb has joined #openstack-keystone04:15
*** MasterOfBugs has quit IRC04:20
*** zhurong has joined #openstack-keystone04:31
*** jerrygb has quit IRC04:32
*** jerrygb has joined #openstack-keystone04:32
*** stingaci has joined #openstack-keystone04:33
*** stingaci has quit IRC04:38
*** thorst has joined #openstack-keystone04:41
*** thorst has quit IRC04:46
*** jerrygb has quit IRC04:47
*** dikonoor has joined #openstack-keystone05:18
*** lamt has joined #openstack-keystone05:19
*** aojea has joined #openstack-keystone05:21
*** aojea has quit IRC05:39
*** thorst has joined #openstack-keystone05:42
*** richm has quit IRC05:44
*** xuhaigang has left #openstack-keystone05:45
*** xuhaigang has joined #openstack-keystone05:46
*** thorst has quit IRC05:46
*** xuhaigang has joined #openstack-keystone05:47
*** adriant has quit IRC05:50
*** edmondsw has joined #openstack-keystone06:00
*** edmondsw has quit IRC06:05
*** zhurong has quit IRC06:12
*** arturb has joined #openstack-keystone06:14
*** lamt has quit IRC06:14
*** liujiong has quit IRC06:20
*** liujiong_lj has joined #openstack-keystone06:20
*** lamt has joined #openstack-keystone06:22
*** david-lyle has quit IRC06:23
*** voelzmo has joined #openstack-keystone06:27
*** lamt has quit IRC06:27
*** rcernin has joined #openstack-keystone06:28
*** david-lyle has joined #openstack-keystone06:37
*** pcaruana has joined #openstack-keystone06:40
*** Aqsam has joined #openstack-keystone06:43
*** topol has joined #openstack-keystone06:46
*** topol has quit IRC06:50
*** tesseract has joined #openstack-keystone06:56
*** d0ugal has quit IRC06:56
*** david-lyle has quit IRC07:02
*** david-lyle has joined #openstack-keystone07:03
*** jaosorior_away is now known as jaosorior07:11
*** zhurong has joined #openstack-keystone07:12
*** jhesketh has quit IRC07:14
*** aojea has joined #openstack-keystone07:16
*** aojea has quit IRC07:18
*** aojea has joined #openstack-keystone07:18
*** jamielennox has quit IRC07:28
*** odyssey4me has joined #openstack-keystone07:41
*** jamielennox has joined #openstack-keystone07:42
*** thorst has joined #openstack-keystone07:44
*** jhesketh has joined #openstack-keystone07:44
*** MasterOfBugs has joined #openstack-keystone07:44
*** liujiong has joined #openstack-keystone07:51
*** liujiong_lj has quit IRC07:52
*** shuying__ has quit IRC07:55
*** zzzeek has quit IRC08:00
*** shuyingya has joined #openstack-keystone08:00
*** zzzeek has joined #openstack-keystone08:00
*** thorst has quit IRC08:03
*** xuhaigang has quit IRC08:09
*** stingaci has joined #openstack-keystone08:35
*** stingaci has quit IRC08:39
*** MasterOfBugs has quit IRC08:42
*** david-lyle has quit IRC08:47
*** shuyingy_ has joined #openstack-keystone08:53
*** shuyingya has quit IRC08:56
*** faizy_ has joined #openstack-keystone09:08
*** faizy_ has quit IRC09:09
*** faizy_ has joined #openstack-keystone09:09
*** faizy_ has quit IRC09:11
*** faizy has quit IRC09:11
openstackgerritAnton Studenov proposed openstack/keystoneauth master: Fix version parser for IdentityPlugin  https://review.openstack.org/45841109:21
*** thorst has joined #openstack-keystone10:00
*** nicolasbock has joined #openstack-keystone10:02
*** thorst has quit IRC10:04
openstackgerritShan Guo proposed openstack/keystone master: Trivial Fix: fix typo in test comments  https://review.openstack.org/45842710:08
*** topol has joined #openstack-keystone10:08
*** aojea has quit IRC10:08
*** topol has quit IRC10:13
*** richm has joined #openstack-keystone10:13
*** liujiong has quit IRC10:16
*** zhurong has quit IRC10:19
*** goutham has joined #openstack-keystone10:19
gouthamHi all10:20
gouthami need your help in setting up multiregion in devstack10:20
gouthamcan anyone help?10:20
*** aojea has joined #openstack-keystone10:22
gouthamI have two devstack setups and i want to create multi-region setup10:33
gouthamthings done--10:33
goutham1- Create endpoints of regiontwo services in Region110:33
goutham2- modify keystone_authtoken section of conf files of regiontwo's services like nova and cinder to regionone's keystone.10:34
goutham   but still i am getting this error "cannot discover suitable url for plugin"10:35
gouthamI have done the same steps in mitaka & newton it worked then but, its not working     in ocata did i miss anything?10:35
*** stingaci has joined #openstack-keystone10:36
*** aojea has quit IRC10:39
*** stingaci has quit IRC10:41
*** aojea has joined #openstack-keystone10:47
*** thorst has joined #openstack-keystone11:01
*** thorst has quit IRC11:06
*** markvoelker has quit IRC11:06
*** markvoelker has joined #openstack-keystone11:06
*** raildo has joined #openstack-keystone11:06
*** mvk has quit IRC11:06
*** jaosorior has quit IRC11:09
*** markvoelker has quit IRC11:11
*** topol has joined #openstack-keystone11:16
*** zhurong has joined #openstack-keystone11:18
*** jaosorior has joined #openstack-keystone11:20
*** thorst has joined #openstack-keystone11:26
*** lennyb has quit IRC11:29
*** lennyb has joined #openstack-keystone11:30
*** openstackgerrit has quit IRC11:32
*** Shunli has quit IRC11:46
*** jerrygb has joined #openstack-keystone11:49
*** jerrygb has quit IRC11:54
*** jerrygb has joined #openstack-keystone12:09
*** edmondsw has joined #openstack-keystone12:12
*** jerrygb has quit IRC12:14
*** mvk has joined #openstack-keystone12:15
mordredjamielennox: well - I mean, in shade we definitely do want "latest either 2 or 3" - but also want to know what version we got back so that we know which versions of our code to use12:24
mordredjamielennox: but let me read more scrollback12:25
*** guoshan has joined #openstack-keystone12:26
mordredunless a user has requested a specific version - which is more of an escape hatch for if a cloud advertises a version but it's broken12:26
*** dave-mccowan has joined #openstack-keystone12:26
*** catintheroof has joined #openstack-keystone12:27
mordredan example of this is glance, which some clouds have both v1 and v2 deployed, but for some reason have image upload blocked on v2 but not on v1 - so a user of those clouds wants to tell shade to not use v2, even though it finds it can12:27
*** catintheroof has quit IRC12:30
*** catintheroof has joined #openstack-keystone12:30
*** markvoelker has joined #openstack-keystone12:39
*** catintheroof has quit IRC12:40
*** catintheroof has joined #openstack-keystone12:41
*** catintheroof has quit IRC12:41
*** catintheroof has joined #openstack-keystone12:41
*** catintheroof has quit IRC12:43
*** catintheroof has joined #openstack-keystone12:43
*** openstackgerrit has joined #openstack-keystone12:45
openstackgerritRodrigo Duarte proposed openstack/keystone master: Writing API & Scenario Tests docs  https://review.openstack.org/45820712:45
*** jerrygb has joined #openstack-keystone12:56
*** guoshan has quit IRC12:58
*** guoshan has joined #openstack-keystone12:58
*** guoshan has quit IRC13:00
*** guoshan_ has joined #openstack-keystone13:00
*** lamt has joined #openstack-keystone13:03
*** shuyingy_ has quit IRC13:05
*** shuyingya has joined #openstack-keystone13:05
andreykurilinhi folks! Recently, small we found incompatibility of several checks in keystoneauth with latest format of auth_url . Can someone look at proposed fix ? https://review.openstack.org/#/c/458411/13:13
*** mpjetta has quit IRC13:14
jamielennoxgoutham: ^ could be your problem13:14
gouthamyea13:14
gouthami saw that i felt the same13:14
jamielennoxandreykurilin: but that /v2 in url is a fallback for when discovery fails - and in devstack discovery should not fail13:15
jamielennoxbut i need to go to bed, i'll have a look tomorrow13:15
jamielennoxnight13:15
*** guoshan_ has quit IRC13:16
andreykurilinjamielennox: I did not say that it failed at devstack :P13:16
openstackgerritRodrigo Duarte proposed openstack/keystone master: Writing API & Scenario Tests docs  https://review.openstack.org/45820713:16
*** Aurelgad1o has quit IRC13:19
*** Aurelgadjo has joined #openstack-keystone13:19
*** lamt has quit IRC13:23
*** prashkre has joined #openstack-keystone13:25
*** ig0r_ has joined #openstack-keystone13:34
*** shuyingya has quit IRC13:38
*** david-lyle has joined #openstack-keystone13:46
prashkrelbragstad: Hi Lance. I found an issue with v3/role_assignments?effective&include_names API.13:49
*** goutham has quit IRC13:50
prashkrelbragstad: I have configured ldap server as identity backend in my env, then added a role to user1 and removed user1 from ldap identity server.13:51
*** chlong has joined #openstack-keystone13:51
prashkresince role assingment still exits in assignment table, /v3/role_assignments?effective&include_names&scope.project.id=076a023e1e394b2c8adf6035cfacba4e will get all role assingments from db and include_names request param will try to get username from identity backend based on user_id in roles, so it is failing whole API with "Could not find user: user1."13:51
*** lamt has joined #openstack-keystone13:55
*** shuyingya has joined #openstack-keystone13:56
prashkrelbragstad: https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L941 here it is trying to get the user from identity backend and failing. I guess we should handle the user not found13:56
*** shuyingya has quit IRC13:57
*** shuyingya has joined #openstack-keystone13:57
bretonprashkre: you should file a bugreport13:58
prashkrebreton: sure. will open a bug for this.14:01
lbragstadprashkre ++14:01
lbragstadprashkre let me know when you open the report14:02
prashkrelbragstad: sure.14:02
*** topol has quit IRC14:04
*** lamt has quit IRC14:09
*** david-lyle has quit IRC14:14
*** ngupta has quit IRC14:17
*** ngupta has joined #openstack-keystone14:17
*** mpjetta has joined #openstack-keystone14:18
*** guoshan has joined #openstack-keystone14:19
*** lucasxu has joined #openstack-keystone14:26
*** dikonoor has quit IRC14:26
prashkrelbragstad: raised a bug https://bugs.launchpad.net/keystone/+bug/1684820 for issue reported above14:29
openstackLaunchpad bug 1684820 in OpenStack Identity (keystone) "GET /role_assignments?include_names API is blocked with 404 error when a user doesn't exists in identity backend" [Undecided,New]14:29
kencjohnstonWhat is the status of the v2 service in Pike?14:32
knikollakencjohnston: you mean the identity v2 api?14:34
kencjohnstonknikolla yes.14:35
*** shuyingya has quit IRC14:35
knikollakencjohnston: deprecated14:35
kencjohnstonknikolla Got it. Thanks.14:35
knikollakencjohnston: will be removed in mitaka+4.14:35
knikollathat means queen, if i'm not wrong.14:36
knikollaqueens*14:36
knikollav2 auth though, will stay for a while longer.14:37
*** spzala has joined #openstack-keystone14:37
*** topol has joined #openstack-keystone14:46
*** guoshan has quit IRC14:47
*** lamt has joined #openstack-keystone14:49
*** stephen_m has joined #openstack-keystone14:50
*** guoshan_ has joined #openstack-keystone14:51
*** guoshan_ has quit IRC14:53
*** rcernin has quit IRC15:01
*** chris_hultin|AWA is now known as chris_hultin15:01
openstackgerritRodrigo Duarte proposed openstack/keystone master: Writing API & Scenario Tests docs  https://review.openstack.org/45820715:02
*** lamt has quit IRC15:03
*** yingwei has joined #openstack-keystone15:07
*** chris_hultin is now known as chris_hultin|AWA15:12
*** spzala has quit IRC15:12
*** david-lyle has joined #openstack-keystone15:13
*** spzala has joined #openstack-keystone15:13
*** pcaruana has quit IRC15:14
*** lucasxu has quit IRC15:16
*** lucasxu has joined #openstack-keystone15:17
*** spzala has quit IRC15:17
*** blake has joined #openstack-keystone15:21
*** lamt has joined #openstack-keystone15:24
*** voelzmo has quit IRC15:29
*** lamt has quit IRC15:35
*** lucasxu has quit IRC15:39
*** Aqsam has quit IRC15:40
*** lucasxu has joined #openstack-keystone15:41
*** lucasxu has quit IRC15:42
*** lucasxu has joined #openstack-keystone15:43
*** lamt has joined #openstack-keystone15:44
*** spzala has joined #openstack-keystone15:44
blakejamielennox: I noticed the ADFSPassword plugin in keystoneauth1 does not have a registered entry point in setup.cfg. Is this just an oversight?15:45
*** rderose has joined #openstack-keystone15:45
*** aojea has quit IRC15:52
*** david-lyle has quit IRC15:59
*** afazekas_ is now known as afazekas16:00
*** ig0r_ has quit IRC16:01
*** dave-mccowan has quit IRC16:06
*** david-lyle has joined #openstack-keystone16:07
*** zhurong has quit IRC16:11
*** dikonoor has joined #openstack-keystone16:12
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth master: Updated from global requirements  https://review.openstack.org/45592616:18
openstackgerritOpenStack Proposal Bot proposed openstack/ldappool master: Updated from global requirements  https://review.openstack.org/45858016:18
*** dave-mccowan has joined #openstack-keystone16:21
bretonhttps://www.openstack.org/assets/survey/April2017SurveyReport.pdf16:22
bretonso, people use Keystone more than Nova!16:22
*** dave-mcc_ has joined #openstack-keystone16:23
lbragstadnice - i need to read that16:23
bretoneither we are great16:23
bretonor we are just tied to other openstack and people suffer16:23
lbragstad:)16:24
*** dave-mccowan has quit IRC16:26
*** ngupta has quit IRC16:27
*** spzala has quit IRC16:29
*** tesseract has quit IRC16:34
breton> Which OpenStack identity service (Keystone) drivers are in use?16:35
bretoni think we should drop the question from the next survey16:35
bretonand ask about source for authentication16:35
lbragstadbreton as in SQL, LDAP, federation, etc.. ?16:36
bretonlbragstad: yep16:38
breton> performance improvements: 39%16:39
bretonso... what issues with performance do we have?16:39
lbragstadbreton well - unless you have caching enabled, we do a lot of weird things16:39
lbragstadlike fetching a user multiple times in a single request for example16:40
bretoni suggested it some time ago16:40
bretonand gonna suggest it again16:40
bretonlets make memcache a hard requirement for keystone and make caching enabled by default16:40
lbragstadbreton well - we can't exactly do that because of python-memcached16:41
bretonwe have a hard requirement of the database. Lets have the same hard requirement of cache16:41
bretonlbragstad: why not?16:41
lbragstadpython-memcached has some py3 issues16:42
lbragstadwhich morgan is more familiar with than i am16:42
* breton sighs16:42
lbragstadbut it sounded like those wouldn't be an issue if we moved to pymemcached16:43
*** rderose has quit IRC16:43
morganpython-memcached is inconsistent and seems to have some py3 issues still16:44
*** lucasxu has quit IRC16:44
morganpymemcached is much more actively maintained, is better designed, etc16:44
morganit is not a drop-in replacement though16:44
lbragstadbut pymemcached doesn't, at least i don't think16:44
morganpymemcache has no issues with py316:44
morganand is a good library16:45
lbragstadyeah - i'm sure we'd have to rework some stuff16:45
lbragstadbut we'll have to do it anyway for py3 things16:45
morganso, my answer is... i don't want to make caching  ahard reuirement with python-memcached16:45
lbragstadso - it seems like a relatively small price to pay for what we'd get16:45
morganit is not a ton of code to write a pymemcached dogpile backend16:45
morganand pymemcached is already in G-R16:45
lbragstadyeah16:46
lbragstadbut - i don't see a reason why we couldn't make that a hard requirement after that work is done16:46
morganlbragstad: i know this is a beastly patch... https://review.openstack.org/#/c/438701/ but that should get eyes16:46
morganagain16:46
lbragstadaha - yes16:46
lbragstadi will look today16:47
morganlbragstad: agreed. i'd say: pymemcached used by default, then caching a hard requirement16:47
morgankeystone assumes caching (in the R release, no disabling it?)16:47
lbragstadyeah16:47
bretonmorgan: why pymemcache is not a drop-in replacement? What is different?16:49
*** jaosorior has quit IRC16:49
morganbreton: the interface is not the same as pythong-memcache16:50
morgansimply it isn't .get/.set/.delete/.delete_multi...etc16:50
morganit is something slightly different. so you can't just say import pymemcache, instantiate client16:51
morganit needs different code paths16:51
*** yingwei has quit IRC16:52
bretonok. I just recently migrated from pymemcache to python-mecached and it took to just re-init the client16:52
*** lucasxu has joined #openstack-keystone16:55
*** mvk has quit IRC17:03
morganit's set_multi vs set_many17:04
morganand some few other minor semantic changes17:04
*** stingaci has joined #openstack-keystone17:05
morganadd, replace17:05
morganetc17:05
morganpymemcache more accurately maps to actual memcache commands17:05
*** spzala has joined #openstack-keystone17:06
bretonmorgan: https://github.com/pinterest/pymemcache/blob/master/pymemcache/client/base.py#L320 :)17:08
*** spzala has quit IRC17:10
morgancool they added it then17:10
morganwhen we originally looked at pymemcache it didn't have the compat stuff17:11
*** david-lyle_ has joined #openstack-keystone17:17
*** david-lyle has quit IRC17:17
*** aojea has joined #openstack-keystone17:17
*** spzala has joined #openstack-keystone17:18
*** aojea has quit IRC17:22
*** spzala has quit IRC17:22
*** david-lyle_ has quit IRC17:23
*** ig0r_ has joined #openstack-keystone17:25
*** mvk has joined #openstack-keystone17:25
*** spzala has joined #openstack-keystone17:29
bretoni see that pymemcache has pool of clients. What is this for? Same thing as our memcachepool?17:30
*** aojea has joined #openstack-keystone17:37
*** aojea has quit IRC17:42
*** lamt has quit IRC17:49
*** raildo has quit IRC18:03
*** raildo has joined #openstack-keystone18:11
*** voelzmo has joined #openstack-keystone18:12
*** stingaci has quit IRC18:14
*** rmascena has joined #openstack-keystone18:14
*** raildo has quit IRC18:16
*** stingaci has joined #openstack-keystone18:18
*** rmascena has quit IRC18:21
*** MasterOfBugs has joined #openstack-keystone18:21
*** voelzmo has quit IRC18:21
*** raildo has joined #openstack-keystone18:21
openstackgerritRodrigo Duarte proposed openstack/keystone master: Writing API & Scenario Tests docs  https://review.openstack.org/45820718:29
*** lamt has joined #openstack-keystone18:31
*** Aqsa has joined #openstack-keystone18:37
prashkrelbragstad: raised another bug https://bugs.launchpad.net/keystone/+bug/1684994. pls take a look.18:38
openstackLaunchpad bug 1684994 in OpenStack Identity (keystone) "POST v3/auth/tokens API is returning unexpected 500 error when ldap credentials are incorrect" [Undecided,New]18:38
*** jerrygb has quit IRC18:39
*** lucasxu has quit IRC18:44
*** lucasxu has joined #openstack-keystone18:44
*** dikonoor has quit IRC18:45
prashkrelbragstad: On https://bugs.launchpad.net/keystone/+bug/1684820, shall we catch user not found exception at https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L941 and skip adding role to role_assign_list or just skip adding username to new_assign dict before adding to role_assign_list18:48
openstackLaunchpad bug 1684820 in OpenStack Identity (keystone) "GET /role_assignments?include_names API is blocked with 404 error when a user doesn't exists in identity backend" [Undecided,New]18:48
lbragstadprashkre ack - i plan on doing some bug triage later today, i can take a look then18:48
lbragstadprashkre thanks for the heads up18:49
prashkrelbragstad: sure. will catch you tomorrow. thank you18:49
lbragstadprashkre no problem18:49
*** jerrygb has joined #openstack-keystone18:51
*** prashkre_ has joined #openstack-keystone18:55
*** prashkre has quit IRC18:58
*** lucasxu has quit IRC19:00
*** lucasxu has joined #openstack-keystone19:01
*** lucasxu has quit IRC19:04
*** jerrygb has quit IRC19:07
*** prashkre__ has joined #openstack-keystone19:26
*** prashkre_ has quit IRC19:28
*** david-lyle has joined #openstack-keystone19:33
*** jerrygb has joined #openstack-keystone19:36
*** voelzmo has joined #openstack-keystone19:42
openstackgerritKristi Nikolla proposed openstack/keystone master: Remove LDAP delete logic and associated tests  https://review.openstack.org/42434419:50
*** spzala has quit IRC19:54
*** spzala has joined #openstack-keystone19:55
*** voelzmo has quit IRC19:59
*** spzala has quit IRC20:00
*** aojea has joined #openstack-keystone20:06
openstackgerritRodrigo Duarte proposed openstack/keystone master: Writing API & Scenario Tests docs  https://review.openstack.org/45820720:09
*** prashkre__ has quit IRC20:09
*** aojea has quit IRC20:10
openstackgerritMerged openstack/ldappool master: Updated from global requirements  https://review.openstack.org/45858020:11
openstackgerritMerged openstack/keystoneauth master: Updated from global requirements  https://review.openstack.org/45592620:11
*** spotz is now known as spotz_zzz20:15
*** spotz_zzz is now known as spotz20:17
*** raildo has quit IRC20:22
*** aojea_ has joined #openstack-keystone20:27
openstackgerritLance Bragstad proposed openstack/keystone master: Move user policies to DocumentedRuleDefault  https://review.openstack.org/44924020:31
*** aojea_ has quit IRC20:31
openstackgerritLance Bragstad proposed openstack/keystone master: Move token revocation to DocumentedRuleDefault  https://review.openstack.org/44925520:34
*** aojea has joined #openstack-keystone20:46
*** edmondsw has quit IRC20:51
*** aojea has quit IRC20:51
*** edmondsw has joined #openstack-keystone20:51
*** stephen_m has quit IRC20:55
*** edmondsw has quit IRC20:56
*** Aqsa has quit IRC20:56
*** david-lyle has quit IRC20:57
*** thorst has quit IRC21:11
cmurphyknikolla: not sure how far you got with mod_proxy_uwsgi and federation but I think I got it working with shibboleth https://github.com/cmurphy/federated-devstack/blob/dc70023c4078281a7398c8b7ad160b68581ab6f4/playbooks/configure-shibboleth.yml#L35-L5821:19
*** edmondsw has joined #openstack-keystone21:20
*** edmondsw has quit IRC21:25
knikollacmurphy: Awesome! I'll test it and update the devstack plugin21:25
*** catintheroof has quit IRC21:34
openstackgerritKristi Nikolla proposed openstack/keystone master: Update Devstack plugin for uwsgi and mod_proxy_uwsgi  https://review.openstack.org/45866521:44
openstackgerritLance Bragstad proposed openstack/keystone master: Cleanup policy generation  https://review.openstack.org/45866621:45
*** blake has quit IRC21:45
openstackgerritKristi Nikolla proposed openstack/keystone master: Update Devstack plugin for uwsgi and mod_proxy_uwsgi  https://review.openstack.org/45866521:47
lbragstadstevemar around?22:01
*** thorst has joined #openstack-keystone22:06
*** thorst has quit IRC22:07
lbragstadstevemar do you know what generates https://docs.openstack.org/developer/keystone/sample_config.html when the docs build?22:14
lbragstadstevemar i'd like to use that tooling to do the same for sample policy files22:14
*** spzala has joined #openstack-keystone22:17
*** spzala has quit IRC22:17
*** topol has quit IRC22:20
*** Yash_ has joined #openstack-keystone22:22
Yash_Hi people22:22
Yash_I need help with an issue22:23
Yash_http://paste.openstack.org/show/607409/22:23
lbragstadstevemar nevermind - i figured it out22:24
Yash_I am getting "The service catalog is empty." error when trying to create new identity service22:24
lbragstadYash_ looks like the client can't find the identity service22:25
lbragstadYash_ do you have access to the host that keystone is running on?22:25
*** jamielennox is now known as jamielennox|away22:25
Yash_@lbragstad : Yes22:26
Yash_@lbragstad : But like if I issue token issue command, that works22:26
lbragstadYash_ `keystone-manage boostrap` is intended to bootstrap your keystone host with an identity endpoint - https://docs.openstack.org/developer/keystone/man/keystone-manage.html22:27
lbragstadwhich should populate in the service catalog22:27
Yash_@lbragstad : so that means it didn't get bootstrapped properly22:28
lbragstadYash_ i don't think its that it was boostrapped wrong22:28
lbragstadYash_ it just looks like keystone doesn't have any endpoints yet22:28
lbragstadwhich is causing the empty catalog22:28
Yash_@lbragstad: Thanks for the information, I will look into this :)22:29
*** jamielennox|away is now known as jamielennox22:29
lbragstadYash_ i'm digging around for a link that might help22:30
lbragstadYash_ but you can generate the help text using `keystone-manage help bootstrap`22:30
Yash_@lbragstad : Sure....thanks again22:30
lbragstadYash_ here are some docs - https://github.com/openstack/openstack-manuals/blob/5774575e6b97fd25a439aed096137413acba8d44/doc/install-guide/source/keystone-install.rst22:31
lbragstadfor example `# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \22:31
lbragstad  --bootstrap-admin-url http://controller:35357/v3/ \22:31
lbragstad  --bootstrap-internal-url http://controller:5000/v3/ \22:31
lbragstad  --bootstrap-public-url http://controller:5000/v3/ \22:31
lbragstad  --bootstrap-region-id RegionOne`22:31
Yash_@lbragstad : Got it22:33
openstackgerritLance Bragstad proposed openstack/keystone master: Include sample policy file in documentation  https://review.openstack.org/45867722:38
lbragstadcc stevemar ^22:38
*** thorst has joined #openstack-keystone22:39
lbragstadYash_ hopefully that helps, come ask questions if you need more help22:39
Yash_@lbragstad :  I got rid of service catalog error, I have a new issue Forbidden: You are not authorized to perform the requested action: identity:list_endpoints. (HTTP 403)22:47
*** stingaci has quit IRC22:52
*** thorst has quit IRC22:56
*** Yash_ has quit IRC23:02
*** Yash_ has joined #openstack-keystone23:28
Yash_Hi people23:33
Yash_I am getting Forbidden: You are not authorized to perform the requested action: identity:create_domain. (HTTP 403) error23:33
Yash_On looking into documentation it says : 403 Forbidden  This status code is returned when the request is successfully authenticated but not authorized to perform the requested action.23:33
Yash_I followed instructions on https://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html23:34
Yash_I bootstrapped the keystone23:34
Yash_But still I am getting this error23:34
Yash_Can anyone please help me with this?23:34
*** markvoelker has quit IRC23:39
*** topol has joined #openstack-keystone23:40
*** lamt has quit IRC23:41
*** jerrygb has quit IRC23:45
*** thorst has joined #openstack-keystone23:53
*** topol has quit IRC23:55
*** topol has joined #openstack-keystone23:55
« Wednesday, 2017-04-19 Index Friday, 2017-04-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!