Monday, 2017-10-30

« Sunday, 2017-10-29 Index Tuesday, 2017-10-31 »
*** markvoelker has quit IRC00:08
*** thorst has joined #openstack-keystone00:18
*** thorst has quit IRC00:20
*** rmcallis has quit IRC00:35
*** markvoelker has joined #openstack-keystone01:05
*** catintheroof has joined #openstack-keystone01:08
*** daidv has joined #openstack-keystone01:15
*** Shunli has joined #openstack-keystone01:15
*** catintheroof has quit IRC01:22
*** markvoelker has quit IRC01:38
*** namnh has joined #openstack-keystone01:38
*** zzzeek has quit IRC01:40
*** zhangjl has joined #openstack-keystone01:50
*** daidv has quit IRC01:50
*** daidv has joined #openstack-keystone01:51
*** itlinux has quit IRC02:10
*** thorst has joined #openstack-keystone02:21
*** namnh has quit IRC02:23
*** daidv has quit IRC02:23
*** daidv has joined #openstack-keystone02:24
*** namnh has joined #openstack-keystone02:24
*** thorst has quit IRC02:25
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013702:28
*** markvoelker has joined #openstack-keystone02:35
*** annp has joined #openstack-keystone02:53
*** zsli_ has joined #openstack-keystone02:57
*** Shunli has quit IRC03:00
*** markvoelker has quit IRC03:09
*** namnh has quit IRC03:18
*** daidv has quit IRC03:18
*** daidv has joined #openstack-keystone03:19
*** namnh has joined #openstack-keystone03:19
*** daidv has quit IRC03:40
*** daidv has joined #openstack-keystone03:41
*** rcernin has quit IRC03:47
*** rcernin_ has joined #openstack-keystone03:47
*** dave-mccowan has quit IRC03:48
*** Chealion has joined #openstack-keystone03:53
*** markvoelker has joined #openstack-keystone04:06
*** namnh has quit IRC04:13
*** daidv has quit IRC04:13
*** daidv has joined #openstack-keystone04:14
*** namnh has joined #openstack-keystone04:14
*** Dinesh_Bhor has joined #openstack-keystone04:14
*** thorst has joined #openstack-keystone04:22
*** thorst has quit IRC04:27
*** markvoelker has quit IRC04:39
*** nkinder has joined #openstack-keystone04:45
*** jaosorior has joined #openstack-keystone04:54
*** markvoelker has joined #openstack-keystone05:37
*** zhurong has joined #openstack-keystone05:48
*** hoonetorg has quit IRC06:05
*** markvoelker has quit IRC06:10
*** thorst has joined #openstack-keystone06:23
*** hoonetorg has joined #openstack-keystone06:23
*** prashkre has joined #openstack-keystone06:26
*** thorst has quit IRC06:27
*** spectr has joined #openstack-keystone07:02
*** markvoelker has joined #openstack-keystone07:07
*** magicboiz has joined #openstack-keystone07:13
*** zehfpuohuq has joined #openstack-keystone07:15
*** rcernin_ has quit IRC07:17
*** prashkre has quit IRC07:17
*** AlexeyAbashkin has joined #openstack-keystone07:23
*** magicboiz has quit IRC07:26
*** tesseract has joined #openstack-keystone07:33
*** markvoelker has quit IRC07:40
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Imported Translations from Zanata  https://review.openstack.org/51452907:46
SamYaplewhat does keystone do with rabbitmq? specifically, where does transport_url get consumed? is it just for notifications?07:51
cmurphySamYaple: afaik yes, just for notifications. it will continue to work just fine if you don't configure rabbit07:54
*** rcernin has joined #openstack-keystone08:22
*** thorst has joined #openstack-keystone08:24
*** thorst has quit IRC08:28
*** arxcruz|pto is now known as arxcruz08:30
*** magicboiz has joined #openstack-keystone08:32
*** d0ugal has quit IRC08:34
*** d0ugal has joined #openstack-keystone08:35
*** d0ugal has quit IRC08:35
*** d0ugal has joined #openstack-keystone08:35
*** d0ugal has quit IRC08:35
*** markvoelker has joined #openstack-keystone08:37
*** magicboiz has quit IRC08:37
*** d0ugal has joined #openstack-keystone08:40
*** d0ugal has quit IRC08:40
*** d0ugal has joined #openstack-keystone08:40
*** d0ugal has quit IRC08:40
*** evrardjp has quit IRC08:40
*** evrardjp has joined #openstack-keystone08:41
SamYaplecmurphy: yea thats why i was asking, i dont use notifications and havent configured rabbitmq for keystone or glance for years. was just curious. thanks!08:41
*** magicboiz has joined #openstack-keystone08:45
*** d0ugal has joined #openstack-keystone08:48
*** d0ugal has quit IRC08:48
*** d0ugal has joined #openstack-keystone08:48
*** zhangjl has quit IRC09:04
*** markvoelker has quit IRC09:10
*** magicboiz has quit IRC09:20
*** evrardjp has quit IRC09:22
*** evrardjp has joined #openstack-keystone09:23
*** d0ugal has quit IRC09:28
*** magicboiz has joined #openstack-keystone09:29
*** zsli_ has quit IRC09:29
*** gmann is now known as gmann_afk09:29
*** magicboiz has quit IRC09:34
*** d0ugal has joined #openstack-keystone09:38
*** magicboiz has joined #openstack-keystone09:41
*** prashkre has joined #openstack-keystone09:43
*** edmondsw has joined #openstack-keystone09:47
*** edmondsw has quit IRC09:52
*** zhurong has quit IRC10:05
*** magicboiz has quit IRC10:06
*** markvoelker has joined #openstack-keystone10:07
*** annp has quit IRC10:17
*** zhurong has joined #openstack-keystone10:19
*** thorst has joined #openstack-keystone10:25
*** thorst has quit IRC10:30
*** markvoelker has quit IRC10:41
-openstackstatus- NOTICE: Zuul has been restarted due to an unexpected issue. Please recheck any jobs that were in progress10:46
*** aloga has quit IRC10:55
*** mvk has quit IRC10:55
*** aloga has joined #openstack-keystone10:55
*** pcaruana has joined #openstack-keystone10:56
*** nicolasbock has joined #openstack-keystone11:07
*** namnh has quit IRC11:17
*** mvk has joined #openstack-keystone11:29
*** dave-mccowan has joined #openstack-keystone11:35
*** markvoelker has joined #openstack-keystone11:38
*** spectr has quit IRC11:59
*** raildo has joined #openstack-keystone11:59
*** spectr has joined #openstack-keystone12:00
*** raildo has quit IRC12:04
*** raildo has joined #openstack-keystone12:05
*** thorst has joined #openstack-keystone12:09
*** edmondsw has joined #openstack-keystone12:09
*** markvoelker has quit IRC12:11
*** thorst_ has joined #openstack-keystone12:19
*** thorst__ has joined #openstack-keystone12:20
*** thorst has quit IRC12:23
*** thorst_ has quit IRC12:24
*** markvoelker has joined #openstack-keystone12:29
*** magicboiz has joined #openstack-keystone12:32
*** catintheroof has joined #openstack-keystone12:33
*** catintheroof has quit IRC12:47
*** catintheroof has joined #openstack-keystone12:49
*** magicboiz has quit IRC12:50
*** magicboiz has joined #openstack-keystone12:50
*** zhurong has quit IRC12:50
*** magicboiz has quit IRC12:52
*** panbalag has joined #openstack-keystone12:52
*** panbalag has left #openstack-keystone12:53
*** magicboiz has joined #openstack-keystone12:53
*** magicboiz has quit IRC12:58
*** rcernin has quit IRC12:58
*** mvk has quit IRC13:01
*** magicboiz has joined #openstack-keystone13:05
*** mvk has joined #openstack-keystone13:16
*** magicboiz has quit IRC13:25
*** lbragstad has quit IRC13:25
*** superdan is now known as dansmith13:28
*** lbragstad has joined #openstack-keystone13:33
*** ChanServ sets mode: +o lbragstad13:33
*** efried is now known as efried_brb13:36
*** thorst__ has quit IRC13:40
lbragstado/13:40
*** jdennis has quit IRC13:43
*** jdennis has joined #openstack-keystone13:46
*** efried_brb is now known as efried13:46
*** wes_dillingham has joined #openstack-keystone13:56
*** jmlowe has joined #openstack-keystone13:59
prashkrelbragstad: Hi! Gud morning.14:02
prashkrelbragstad: could you please take a look at https://review.openstack.org/#/c/515409/14:02
*** spilla has joined #openstack-keystone14:07
lbragstadprashkre: sure14:13
*** lbragstad has quit IRC14:13
*** lbragstad has joined #openstack-keystone14:13
*** ChanServ sets mode: +o lbragstad14:13
*** lbragstad has quit IRC14:18
*** lbragstad has joined #openstack-keystone14:22
*** ChanServ sets mode: +o lbragstad14:22
*** thorst has joined #openstack-keystone14:30
*** thorst has quit IRC14:31
*** thorst has joined #openstack-keystone14:31
*** zzzeek has joined #openstack-keystone14:47
*** dikonoor has joined #openstack-keystone14:50
*** mvk has quit IRC14:51
*** LobsterRoll has joined #openstack-keystone15:00
*** wes_dillingham has quit IRC15:02
*** LobsterRoll is now known as wes_dillingham15:02
openstackgerritMerged openstack/keystone master: Consolidate V2Controller functionality  https://review.openstack.org/51481415:06
openstackgerritMerged openstack/keystone master: Update API reference link in README  https://review.openstack.org/50419615:06
openstackgerritMerged openstack/keystone master: Fix endpoint examples in api-ref  https://review.openstack.org/49914115:06
*** mvk has joined #openstack-keystone15:13
*** itlinux has joined #openstack-keystone15:19
*** phalmos has joined #openstack-keystone15:19
*** wes_dillingham has quit IRC15:21
*** wes_dillingham has joined #openstack-keystone15:23
*** magicboiz has joined #openstack-keystone15:27
*** phalmos has quit IRC15:28
*** AlexeyAbashkin has quit IRC15:30
*** AlexeyAbashkin has joined #openstack-keystone15:31
*** magicboiz has quit IRC15:35
*** AlexeyAbashkin has quit IRC15:35
*** phalmos has joined #openstack-keystone15:35
*** catintheroof has quit IRC15:37
*** gyee has joined #openstack-keystone15:38
knikollao/15:41
*** magicboiz has joined #openstack-keystone15:41
lbragstado/15:42
*** spectr has quit IRC16:02
*** phalmos_ has joined #openstack-keystone16:06
*** catintheroof has joined #openstack-keystone16:07
*** phalmos has quit IRC16:09
*** itlinux has quit IRC16:12
*** catintheroof has quit IRC16:12
lbragstadsamueldmq: cmurphy i reworked the documentation organization card into an Epic (sorry for the spam!)16:16
lbragstadmost of that work is for the Outreachy program, so feel free to remove yourselves from some of those cards if you need to16:17
*** panbalag has joined #openstack-keystone16:17
lbragstadi kept you both on the cards since you were interested in the original effort16:17
*** prashkre has quit IRC16:22
*** rmcallis has joined #openstack-keystone16:28
kmalloco/16:29
kmallocmornin16:29
cmurphylbragstad: i can definitely help with mentorship/reviews if not the actual work itself16:29
lbragstadcmurphy: that'd be perfect16:30
lbragstado/ kmalloc16:30
*** phalmos has joined #openstack-keystone16:36
lbragstadFYI - http://lists.openstack.org/pipermail/openstack-dev/2017-October/124093.html16:38
*** phalmos_ has quit IRC16:39
*** efried is now known as efried_rollin16:43
kmalloc:)16:43
*** markvoelker_ has joined #openstack-keystone16:47
*** markvoelker has quit IRC16:49
*** rmcallis has quit IRC16:49
*** MaxPC has joined #openstack-keystone16:50
MaxPChi everyone16:50
MaxPCI have a question, not sure this is the best place but figured I might as well try here.16:51
MaxPCIs there an operation guide for setting up RBAC ? like a list of recommendations (do's and dont's)16:51
*** markvoelker_ has quit IRC16:51
*** catintheroof has joined #openstack-keystone16:52
*** rmcallis has joined #openstack-keystone16:53
*** tesseract has quit IRC16:55
*** catintheroof has quit IRC16:56
lbragstadMaxPC: unfortunately, I don't think there is16:56
lbragstadMaxPC: I think that's partially because there are *so* many things you can do with it today (since it's pretty much just configuration)16:57
MaxPCThat's what I thought thanks :-)16:57
lbragstadMaxPC: is there somethings you're specifically trying to do?16:58
MaxPCno, I am working with a cloud operator16:58
lbragstadah16:58
MaxPCand they were wondering about that. I suspected there wasn't an easy answer to dos and donts in RBAC16:58
MaxPCI was just making sure I didn't miss anything.16:59
lbragstadMaxPC: no - not yet... we're working on a bunch of things this release that should make it easier to understand though16:59
MaxPCit's always up to the use case but for enterprise things like only giving service or application accounts API access to production environments16:59
MaxPCgood chance is you don't want devs hitting those, but some companies might :-)17:00
*** markvoelker has joined #openstack-keystone17:00
lbragstadyeah17:01
*** markvoelker has quit IRC17:05
*** harlowja has joined #openstack-keystone17:19
*** mvk has quit IRC17:20
*** markvoelker has joined #openstack-keystone17:23
*** magicboiz has quit IRC17:25
*** catintheroof has joined #openstack-keystone17:27
*** markvoelker has quit IRC17:28
*** markvoelker has joined #openstack-keystone17:30
*** AlexeyAbashkin has joined #openstack-keystone17:30
*** itlinux has joined #openstack-keystone17:31
*** catintheroof has quit IRC17:32
*** panbalag has left #openstack-keystone17:32
*** markvoelker has quit IRC17:34
*** AlexeyAbashkin has quit IRC17:35
*** phalmos_ has joined #openstack-keystone17:36
*** catintheroof has joined #openstack-keystone17:37
*** phalmos has quit IRC17:39
*** magicboiz has joined #openstack-keystone17:40
*** diablo_rojo_phon has left #openstack-keystone17:41
*** catintheroof has quit IRC17:42
*** panbalag has joined #openstack-keystone17:42
*** magicboiz has quit IRC17:45
*** panbalag has left #openstack-keystone17:46
*** jmlowe has quit IRC17:47
*** magicboiz has joined #openstack-keystone17:51
*** prashkre has joined #openstack-keystone18:02
*** dikonoor has quit IRC18:02
*** jmlowe has joined #openstack-keystone18:04
*** markvoelker has joined #openstack-keystone18:05
*** nicolasbock has quit IRC18:05
*** markvoelker has quit IRC18:09
*** markvoelker has joined #openstack-keystone18:10
*** markvoelker has quit IRC18:19
*** markvoelker has joined #openstack-keystone18:19
*** markvoelker_ has joined #openstack-keystone18:20
samueldmqlbragstad: nice thanks18:20
samueldmqre docs reorganisation18:20
*** wes_dillingham has quit IRC18:22
*** markvoelker has quit IRC18:23
*** markvoelker has joined #openstack-keystone18:32
*** markvoelker_ has quit IRC18:33
*** prashkre has quit IRC18:35
*** markvoelker has quit IRC18:37
*** efried_rollin is now known as efried18:37
*** aselius has joined #openstack-keystone18:40
*** markvoelker has joined #openstack-keystone18:41
*** catintheroof has joined #openstack-keystone18:43
*** catintheroof has quit IRC18:48
*** catintheroof has joined #openstack-keystone18:49
*** mvk has joined #openstack-keystone18:53
*** MaxPC has quit IRC18:55
*** phalmos has joined #openstack-keystone19:06
*** phalmos_ has quit IRC19:09
*** AlexeyAbashkin has joined #openstack-keystone19:10
*** wes_dillingham has joined #openstack-keystone19:18
*** wes_dillingham has quit IRC19:33
*** markvoelker has quit IRC19:34
*** markvoelker has joined #openstack-keystone19:34
*** rmcallis has quit IRC19:42
itlinuxhello do we have any steps tips on how to convert from UUID to Fernet? Thanks19:50
lbragstaditlinux: what do you mean? like, without downtime?19:51
itlinuxmigrating yes possible without downtime.. of if it's short it's ok.. too19:51
itlinuxthanks lbragstad:19:51
lbragstadclients should try reauthenticating if they get a 401 with a token19:52
lbragstadso, if you make the switch and start issuing fernet tokens, all uuid tokens in the deployment will become invalid immediately, regardless of their actual expiration19:52
lbragstadin that case, you should have clients attempting to reauthenticate and the new token they get will be a fernet token19:53
lbragstadwe don't offer a way to migrate more gracefully than that upstream19:53
lbragstadbut - it is possible https://www.lbragstad.com/blog/migrating-token-formats-without-downtime19:53
*** jmlowe has quit IRC19:57
itlinuxok..19:58
itlinuxno that's ok.. reauth if fine..19:58
lbragstaditlinux: cool - should be a pretty easy switch then, just make sure the key repository matches on all keystone nodes and make the configuration switch20:01
itlinuxlbragstad: I have this issue.. trying to figure out.. I have two deployments.. one LAB and one POC both have the same LDAP server and AD server.. the POC has a valid cert the LAB self signed.. I can query users on both domains, but the groups only work on the POC for both.. in the LAB the group works for AD but not for LDAP.. so I am trying to figure out..since the LAB is using fernet the other UUID.. but I see a in20:02
itlinux both.. Could not find domain: xxxx.com. but I see the resutls..20:02
itlinuxwhat will you suggest I enabled verbose..20:03
itlinuxon one of server..20:03
itlinuxhttp://paste.openstack.org/show/625004/20:06
itlinuxthis is ocata20:06
itlinuxthis is the logs when I query the groups http://paste.openstack.org/show/625005/20:08
*** phalmos has quit IRC20:16
*** markvoelker has quit IRC20:35
*** AlexeyAbashkin has quit IRC20:37
lbragstaditlinux: both keystone nodes are pointing to ldap and ad for identity information/20:38
lbragstad?20:38
lbragstadare you using domain configs?20:39
itlinuxboth keystone are using the same LDAP and AD.. but the AD is not a problem..20:39
itlinuxyes20:39
itlinuxso now I am deploying with UUID and see.. Using OOO20:39
lbragstadso AD points to a domain and LDAP points to a different domain?20:39
itlinuxand check if there is something else..20:39
itlinuxyes..20:39
itlinuxcorrect20:39
itlinuxAD to Dom1 and LDAP to Dom220:39
itlinuxthe only other diff is cert.. one is valid the other is self signed..20:40
lbragstadso the LAB keystone deployment has self signed certs for talking to both AD and LDAP?20:41
lbragstadbut the POC keystone node has valid certs?20:41
itlinuxyes20:41
itlinuxAD groups and users ok.. users on LDAP ok but no groups.. that's what's strange..20:42
lbragstadso both POC and LAB keystone nodes allow you to do `openstack user list --domain Dom1` and `openstack group list --domain Dom1` ?20:42
lbragstadand that works fine?20:43
itlinuxfor AD yes..20:43
lbragstadDom1 is mapped to AD, right?20:43
itlinuxfor LDAP does not..20:43
itlinuxyes..20:43
*** spilla has quit IRC20:43
itlinuxI have some logs..20:43
itlinuxhttp://pastebin.mattei.co/index.php/view/68537ebb20:44
itlinuxhttp://pastebin.mattei.co/index.php/view/1b6e162620:44
lbragstadso avast.com is pointing to AD and wavemarket.com is pointing to LDAP20:45
itlinuxyes20:45
*** markvoelker has joined #openstack-keystone20:45
lbragstadCould not find domain: wavemarket.com.20:46
itlinuxI get the same on the POC..20:47
itlinuxbut the output is correct..20:47
lbragstadis ^ that true for both the POC and LAB keystone nodes?20:47
itlinuxyes20:47
lbragstadhmm20:47
itlinuxI also get some strange things on the POC let me share this with you!20:47
lbragstadcmurphy: would be good to ask about this20:47
lbragstadthe problem is consistent across both keystone deployments, then...20:49
lbragstadyeah?20:49
*** markvoelker has quit IRC20:49
*** markvoelker has joined #openstack-keystone20:49
itlinuxhttps://pasteboard.co/GRnow52.png20:50
itlinuxsee it says maybe.. never seen it before.. :)20:50
itlinuxbut works..20:50
* cmurphy reads20:50
lbragstadweird... that's a UI thing i bet, i've never noticed that20:51
itlinuxok..20:51
lbragstadkeystone doesn't emit "maybe"20:51
itlinuxif I invert it it fails..20:51
lbragstadwhen it comes to user enablement20:51
lbragstadand if we do, it should be a bug20:51
itlinuxahh..20:52
itlinuxthat's a pretty good one then.. the code has maybe ..20:52
itlinuxI looked at them while back..20:52
itlinuxbut not sure how to enable that to show enabled20:53
itlinuxinstead of Maybe20:53
lbragstadthat would likely have to come from LDAP20:53
lbragstador your domain configuration for LDAP20:53
itlinuxlet me check the AD one sec20:53
lbragstadkeystone has configuration options that let you specify an attribute to use for 'enabled'20:53
lbragstadif an 'enabled'  attribute doesn't exist in LDAP20:54
lbragstadthere is also a bitmask keystone can apply to a property for enabled, too20:54
cmurphy"Could not find domain: wavemarket.com." is a totally normal message that happens when you use openstackclient, because it doesn't know whether it's getting an ID or a name and it first tries to GET /domains/wavemarket.com20:54
lbragstadhttps://github.com/openstack/keystone/blob/master/keystone/conf/ldap.py#L159-L16620:55
lbragstadhttps://github.com/openstack/keystone/blob/master/keystone/conf/ldap.py#L168-L19120:55
*** jmlowe has joined #openstack-keystone20:55
lbragstadcmurphy: osc should ask for a list of domains then, right?20:56
*** phalmos has joined #openstack-keystone20:57
cmurphylbragstad: nope, it first does GET /domains/wavemarket.com and then failing that it does GET /domains?name=wavemarket.com20:57
itlinuxso the AD show Enabled ok..20:57
cmurphylbragstad: well i guess that is requesting a list but filtering on name will only result in one item20:58
itlinuxI can share the filter I use..20:58
*** rmcallis has joined #openstack-keystone20:58
lbragstadcmurphy: aha - that makes sense20:58
itlinuxmaybe you can suggest the right one..20:59
lbragstaditlinux: it could be that your ldap configuration needs to be tweaked20:59
itlinuxok what should I look for?20:59
lbragstadbecause the same keystone configuration that works for AD might not work for LDAP20:59
itlinuxand I can ask the LDAP guy to make the changes..20:59
itlinux25 min and I will have UUID completed..21:00
lbragstadcmurphy: will have to keep me honest here because she's way more familiar with this than I am21:00
itlinuxshal see then..21:00
lbragstaditlinux: but - do the users you have in LDAP have an enabled attribute?21:00
lbragstadlike, consistently?21:01
cmurphyi sort of thought enabled was a boolean so i'm confused where "maybe" would come from21:01
lbragstadcmurphy: me too, i've never seen that before21:01
itlinuxnot sure.. I can ask..what options should I ask for?21:01
itlinuxnot an LDAP guy..21:01
lbragstaditlinux: it depends on your ldap deployment21:02
*** markvoelker_ has joined #openstack-keystone21:02
lbragstadif there is an attribute that is guaranteed to be on every user and is a boolean - then you can use https://github.com/openstack/keystone/blob/master/keystone/conf/ldap.py#L159-L166 to map it to keystone's enabled property21:02
itlinuxok I will pass this to the LDAP guy..21:03
lbragstadif it's not a boolean, but a numerical value (e.g. enabled = 0 or enabled = 1) then you might be able to use the mask21:03
lbragstadhttps://github.com/openstack/keystone/blob/master/keystone/conf/ldap.py#L180-L19121:03
itlinuxok21:03
lbragstad*or* you might have to invert the enabled logic - https://github.com/openstack/keystone/blob/master/keystone/conf/ldap.py#L168-L17821:03
cmurphyyou should be able to configure this all in keystone without changing your ldap21:04
*** markvoelker has quit IRC21:04
lbragstad++21:04
lbragstadwhich is reason why there are a bunch of different configuration options for this in keystone21:04
lbragstaditlinux: you need to map keystone to understanding your ldap21:04
itlinuxwell Iworked with the lDAP guy to map it..21:05
lbragstadit might be worth double checking that mapping21:06
lbragstadjust to be sure21:06
itlinuxok..here is the filter I use..21:07
itlinux filter  user_filter :  "(&(objectclass=inetOrgPerson)(!(|(ou:dn:=Inactive)(ou:dn:=Service Keys)(ou:dn:=Service Accounts))))"21:07
lbragstadand what does that give you?21:09
itlinuxusers that are enabled and takes off the one inactive..21:10
lbragstadhuh21:13
itlinuxdo you have a filter I can test ?21:14
lbragstadwasn't what you just pasted the filter that works?21:14
itlinuxthat filter is the one that shows maybe21:15
*** pcaruana has quit IRC21:15
lbragstadthat might be a good question for whoever manages LDAP, since each deployment can vary21:19
itlinuxok21:20
itlinuxI may take it off.. and see.. if that does something..21:20
itlinuxwithout filter..21:20
*** dave-mccowan has quit IRC21:20
*** jmlowe has quit IRC21:35
*** thorst has quit IRC21:38
*** raildo has quit IRC21:39
*** jmlowe has joined #openstack-keystone21:42
*** rodrigods has quit IRC21:45
*** rodrigods has joined #openstack-keystone21:45
*** rodrigods has quit IRC21:45
*** rodrigods has joined #openstack-keystone21:45
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013721:48
*** rcernin has joined #openstack-keystone21:51
*** jmlowe has quit IRC21:56
itlinuxlbragstad: I added a section for groups and now it works.. :)21:57
itlinuxwill redeploy with Fernet now...21:57
*** thorst has joined #openstack-keystone21:58
lbragstaditlinux: sweet!22:02
*** thorst has quit IRC22:02
itlinuxyea strange though ;)22:02
itlinuxLOL!22:02
*** phalmos has quit IRC22:05
*** jmlowe has joined #openstack-keystone22:06
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013722:13
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013722:17
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013722:17
*** wes_dillingham has joined #openstack-keystone22:20
*** rmcallis has quit IRC22:25
*** AlexeyAbashkin has joined #openstack-keystone22:29
*** wes_dillingham has quit IRC22:29
SamYapleis db_sync safe to do in parallel (is there locking place)? and would that answer hold true across all services?22:32
SamYapleor is this an oslo.db question22:32
*** AlexeyAbashkin has quit IRC22:33
lbragstadSamYaple: parallel?22:36
lbragstadlike - running db_sync from two separate keystone nodes at the same time?22:36
SamYapleyes22:42
*** wes_dillingham has joined #openstack-keystone22:43
SamYaplelbragstad: im trying to remove potential races in a deploy where all services start/restart at the same time and db_sync22:43
*** wes_dillingham has quit IRC22:43
SamYaplethe less locking logic i have to do, the better22:43
*** catintheroof has quit IRC22:48
lbragstadyeah - i don't think i'd do that, i think db_sync is written to assume only being run from a single place22:56
lbragstador a single node22:56
SamYapleit *seems* to work fine, but ill wrap it in an etcd lock to be safe23:00
SamYaplethanks!23:00
SamYaplei do have one other question... i cant seem to specify the region with keystone-manage bootstraping without it complaining about foriegn keys https://github.com/SamYaple/home-salt/blob/master/salt/openstack/keystone/container.sls#L1723:02
SamYaplethe idea behind that is i shouuld be able to set a specific regionwhen bootstraping right?23:02
SamYapleand by complaining i mean stacktracing and crashing23:02
*** wes_dillingham has joined #openstack-keystone23:07
*** panbalag has joined #openstack-keystone23:20
*** panbalag has left #openstack-keystone23:21
*** dave-mccowan has joined #openstack-keystone23:29
*** AlexeyAbashkin has joined #openstack-keystone23:29
*** lbragstad has quit IRC23:32
*** AlexeyAbashkin has quit IRC23:33
*** gyee has quit IRC23:33
*** thorst has joined #openstack-keystone23:39
*** jmlowe has quit IRC23:45
*** jmlowe has joined #openstack-keystone23:59
*** aloga has quit IRC23:59
*** aloga has joined #openstack-keystone23:59
« Sunday, 2017-10-29 Index Tuesday, 2017-10-31 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!