Monday, 2018-01-15

« Sunday, 2018-01-14 Index Tuesday, 2018-01-16 »
*** bigdogstl has quit IRC00:06
*** superdan is now known as dansmith00:11
*** bigdogstl has joined #openstack-keystone00:18
*** markvoelker has joined #openstack-keystone00:20
*** edmondsw has joined #openstack-keystone00:24
*** markvoelker has quit IRC00:24
*** edmondsw has quit IRC00:28
*** Dinesh_Bhor has joined #openstack-keystone00:42
*** Dinesh_Bhor has quit IRC00:44
*** Dinesh_Bhor has joined #openstack-keystone00:44
*** Dinesh_Bhor has quit IRC00:45
*** Dinesh_Bhor has joined #openstack-keystone00:57
*** daidv has joined #openstack-keystone01:27
*** Dinesh_Bhor has quit IRC01:28
*** Dinesh_Bhor has joined #openstack-keystone01:30
*** Dinesh_Bhor has quit IRC01:34
*** Dinesh_Bhor has joined #openstack-keystone01:40
*** threestrands_ has joined #openstack-keystone01:40
*** threestrands has quit IRC01:43
*** Dinesh_Bhor has quit IRC01:52
*** Dinesh_Bhor has joined #openstack-keystone01:52
*** namnh has joined #openstack-keystone01:56
*** Dinesh_Bhor has quit IRC02:03
*** itlinux has joined #openstack-keystone02:07
*** Dinesh_Bhor has joined #openstack-keystone02:14
*** Dinesh_Bhor has quit IRC02:23
*** zhurong has joined #openstack-keystone02:27
*** itlinux has quit IRC02:34
*** Dinesh_Bhor has joined #openstack-keystone02:36
*** bigdogstl has quit IRC02:40
*** itlinux has joined #openstack-keystone02:48
openstackgerritlei zhang proposed openstack/keystone master: Remove the deprecated "giturl" option  https://review.openstack.org/53346602:51
*** markvoelker has joined #openstack-keystone02:51
*** annp has joined #openstack-keystone02:54
*** Dinesh_Bhor has quit IRC03:04
*** bigdogstl has joined #openstack-keystone03:06
*** jappleii__ has joined #openstack-keystone03:12
*** jappleii__ has quit IRC03:13
*** jappleii__ has joined #openstack-keystone03:13
*** threestrands_ has quit IRC03:15
*** bigdogstl has quit IRC03:18
*** markvoelker has quit IRC03:25
*** bigdogstl has joined #openstack-keystone03:27
*** bigdogstl has quit IRC03:32
*** namnh has quit IRC03:34
*** namnh has joined #openstack-keystone03:35
openstackgerritlei zhang proposed openstack/keystone master: Remove the deprecated "giturl" option  https://review.openstack.org/53346603:43
*** bigdogstl has joined #openstack-keystone03:55
*** edmondsw has joined #openstack-keystone04:00
*** bigdogstl has quit IRC04:03
*** Dinesh_Bhor has joined #openstack-keystone04:04
*** edmondsw has quit IRC04:05
*** bigdogstl has joined #openstack-keystone04:08
*** Dinesh_Bhor has quit IRC04:13
*** itlinux has quit IRC04:17
*** bigdogstl has quit IRC04:18
*** Dinesh_Bhor has joined #openstack-keystone04:36
*** zhurong has quit IRC04:39
-openstackstatus- NOTICE: The logs.openstack.org filesystem has been restored to full health. We are attempting to keep logs uploaded between the prior alert and this one, however if your job logs are missing please issue a recheck.04:48
*** ChanServ changes topic to "The logs.openstack.org filesystem has been restored to full health. We are attempting to keep logs uploaded between the prior alert and this one, however if your job logs are missing please issue a recheck."04:48
*** bigdogstl has joined #openstack-keystone04:51
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"04:53
*** Dinesh_Bhor has quit IRC04:59
*** Dinesh_Bhor has joined #openstack-keystone05:00
*** bigdogstl has quit IRC05:10
*** links has joined #openstack-keystone05:11
*** bigdogstl has joined #openstack-keystone05:17
*** markvoelker has joined #openstack-keystone05:22
*** pcaruana has joined #openstack-keystone05:23
*** zhurong has joined #openstack-keystone05:24
*** bigdogstl has quit IRC05:26
*** pcaruana has quit IRC05:32
*** edmondsw has joined #openstack-keystone05:48
*** edmondsw has quit IRC05:53
*** markvoelker has quit IRC05:55
*** bigdogstl has joined #openstack-keystone05:56
*** bigdogstl has quit IRC06:00
*** Dinesh_Bhor has quit IRC06:07
*** bigdogstl has joined #openstack-keystone06:12
*** Dinesh_Bhor has joined #openstack-keystone06:12
*** bigdogstl has quit IRC06:22
*** abhishek has joined #openstack-keystone06:24
*** abhi89 has quit IRC06:28
*** bigdogstl has joined #openstack-keystone06:34
*** bigdogstl has quit IRC06:39
*** jappleii__ has quit IRC07:02
*** bigdogstl has joined #openstack-keystone07:03
*** bigdogstl has quit IRC07:07
*** sapd_ has quit IRC07:16
*** r-daneel has quit IRC07:17
*** r-daneel has joined #openstack-keystone07:17
*** sapd_ has joined #openstack-keystone07:20
*** Dinesh_Bhor has quit IRC07:31
*** Dinesh_Bhor has joined #openstack-keystone07:33
*** Dinesh_Bhor has quit IRC07:33
*** edmondsw has joined #openstack-keystone07:36
*** bigdogstl has joined #openstack-keystone07:39
*** edmondsw has quit IRC07:41
*** bigdogstl has quit IRC07:48
*** markvoelker has joined #openstack-keystone07:53
*** AlexeyAbashkin has joined #openstack-keystone07:54
*** hoonetorg has quit IRC07:58
*** rcernin has quit IRC07:59
openstackgerritShuo Liu proposed openstack/keystone master: adjust response code order in 'regions-v3.inc'  https://review.openstack.org/53354208:01
*** hoonetorg has joined #openstack-keystone08:11
*** bigdogstl has joined #openstack-keystone08:17
*** zhurong has quit IRC08:18
*** zhurong has joined #openstack-keystone08:21
openstackgerritDinesh Bhor proposed openstack/keystoneauth master: Split request logging into four different loggers  https://review.openstack.org/50576408:21
*** bigdogstl has quit IRC08:26
*** markvoelker has quit IRC08:26
openstackgerritShuo Liu proposed openstack/keystone master: adjust response code order in 'authenticate-v3.inc'  https://review.openstack.org/53355908:27
*** aojea has joined #openstack-keystone09:11
openstackgerritwangxiyuan proposed openstack/keystone master: Add limit provider  https://review.openstack.org/52410909:17
openstackgerritwangxiyuan proposed openstack/keystone master: Implement policies for limits  https://review.openstack.org/53014309:17
openstackgerritwangxiyuan proposed openstack/keystone master: Expose unified limit APIs  https://review.openstack.org/52411009:17
*** bigdogstl has joined #openstack-keystone09:22
openstackgerritShuo Liu proposed openstack/keystone master: Fix wrong url in config-options.rst  https://review.openstack.org/53357909:24
*** edmondsw has joined #openstack-keystone09:25
*** edmondsw has quit IRC09:29
*** bigdogstl has quit IRC09:29
openstackgerritShuo Liu proposed openstack/keystone master: adjust response code order in 'regions-v3.inc'  https://review.openstack.org/53354209:46
*** zhurong has quit IRC09:46
*** jaosorior has joined #openstack-keystone10:03
*** daidv has quit IRC10:06
*** bigdogstl has joined #openstack-keystone10:08
*** namnh has quit IRC10:11
*** mvk has joined #openstack-keystone10:13
*** bigdogstl has quit IRC10:19
*** markvoelker has joined #openstack-keystone10:24
*** sambetts|afk is now known as sambetts10:26
*** aojea has quit IRC10:39
*** aojea has joined #openstack-keystone10:44
*** aojea_ has joined #openstack-keystone10:44
openstackgerritColleen Murphy proposed openstack/keystone master: Allow overriding app cred restrictions  https://review.openstack.org/53343110:46
*** aojea has quit IRC10:49
*** annp has quit IRC10:51
*** markvoelker has quit IRC10:57
openstackgerritColleen Murphy proposed openstack/keystone master: Add caching options for application credentials  https://review.openstack.org/53360910:57
*** bigdogstl has joined #openstack-keystone11:03
*** bigdogstl has quit IRC11:07
*** bigdogstl has joined #openstack-keystone11:12
*** edmondsw has joined #openstack-keystone11:13
*** edmondsw has quit IRC11:17
*** bigdogstl has quit IRC11:17
*** bigdogstl has joined #openstack-keystone11:33
*** bigdogstl has quit IRC11:41
*** bigdogstl has joined #openstack-keystone11:42
*** nicolasbock has joined #openstack-keystone11:44
*** pcaruana has joined #openstack-keystone11:44
*** bigdogstl has quit IRC11:46
openstackgerritwangxiyuan proposed openstack/keystone master: Expose unified limit APIs  https://review.openstack.org/52411012:03
*** bigdogstl has joined #openstack-keystone12:06
*** bigdogstl has quit IRC12:11
*** tesseract has joined #openstack-keystone12:15
*** mvk has quit IRC12:16
*** raildo has joined #openstack-keystone12:20
*** bigdogstl has joined #openstack-keystone12:33
*** bigdogstl has quit IRC12:40
*** bigdogstl has joined #openstack-keystone12:41
*** r-daneel_ has joined #openstack-keystone12:42
*** r-daneel has quit IRC12:43
*** r-daneel_ is now known as r-daneel12:43
*** bigdogstl has quit IRC12:46
*** bigdogstl has joined #openstack-keystone12:50
*** andreaf has quit IRC12:53
*** andreaf has joined #openstack-keystone12:53
*** markvoelker has joined #openstack-keystone12:54
*** edmondsw has joined #openstack-keystone12:55
*** bigdogstl has quit IRC13:01
*** dikonoor has joined #openstack-keystone13:03
*** raildo has quit IRC13:04
*** mvk has joined #openstack-keystone13:13
*** bigdogstl has joined #openstack-keystone13:13
*** bigdogstl has quit IRC13:17
*** openstackgerrit has quit IRC13:18
*** raildo has joined #openstack-keystone13:20
*** r-daneel has quit IRC13:21
*** bigdogstl has joined #openstack-keystone13:27
*** raildo has quit IRC13:28
*** markvoelker has quit IRC13:28
*** bigdogstl has quit IRC13:32
*** r-daneel has joined #openstack-keystone13:38
*** raildo has joined #openstack-keystone13:43
*** bigdogstl has joined #openstack-keystone13:44
*** bigdogstl has quit IRC13:49
*** bigdogstl has joined #openstack-keystone14:05
*** bigdogstl has quit IRC14:15
*** r-daneel has quit IRC14:23
*** openstackgerrit has joined #openstack-keystone14:49
openstackgerritColleen Murphy proposed openstack/keystone master: Add Application Credentials controller  https://review.openstack.org/52442314:49
openstackgerritColleen Murphy proposed openstack/keystone master: Add application credential auth plugin  https://review.openstack.org/52534614:49
openstackgerritColleen Murphy proposed openstack/keystone master: Allow overriding app cred restrictions  https://review.openstack.org/53343114:49
openstackgerritColleen Murphy proposed openstack/keystone master: Add caching options for application credentials  https://review.openstack.org/53360914:49
mordredcmurphy: I have done a TERRIBLE job at helping with Application Credentials :(14:54
*** tbh_ has joined #openstack-keystone14:55
*** spilla has joined #openstack-keystone14:57
cmurphymordred: haha it's okay :)14:57
mordredcmurphy: does dinesh bhor hang out in channel with a name I can't figure out?14:59
cmurphymordred: I think they are Dinesh_Bhor so they must not be online15:01
mordredcmurphy: kk. cool. they're helping with a patch I wrote and I wanted to say thanks :)15:02
cmurphymordred: do you need https://review.openstack.org/#/c/500385/ for anything or could you abandon?15:03
mordredcmurphy: abandoned15:06
cmurphytyty15:07
*** sxc731 has joined #openstack-keystone15:10
*** afred312 has quit IRC15:11
*** afred312 has joined #openstack-keystone15:11
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: Use openstackdocstheme for docs and release notes  https://review.openstack.org/53109715:11
*** afred312 has quit IRC15:12
*** r-daneel has joined #openstack-keystone15:17
*** links has quit IRC15:20
*** bigdogstl has joined #openstack-keystone15:24
*** markvoelker has joined #openstack-keystone15:25
*** phalmos has joined #openstack-keystone15:32
*** r-daneel has quit IRC15:34
*** r-daneel has joined #openstack-keystone15:35
lbragstadsxc731: without the caching issue, are you seeing the performance you were hoping for?15:35
sxc731lbragstad: it's *markedly* better, thank you!15:35
lbragstadyou don't have to wait 10 seconds for a page to load? :)15:36
sxc731lbragstad: but I've been wondering about smth else we discussed last wek, namely the potential for individual OS components to do their own validation through keysteonmiddleware...15:36
lbragstadyeah15:36
lbragstadyou can have keystonemiddleware cache token responses15:37
lbragstad(avoiding the roundtrip validation back to keystone)15:37
sxc731lbragstad: so just looking at Horizon for a moment, it doesn't even seem to have a dependency on oslo.cache, unless I'm missing smth??15:37
lbragstadthe dependency would be from ksm -> oslo.cache15:37
sxc731to be honest, I've only looked at my deployed instance15:37
lbragstadhttps://github.com/openstack/keystonemiddleware/blob/master/requirements.txt#L615:38
sxc731Sure, but if I look at an OSA-deployed Horizon, I find ksm but no oslo.cache...15:38
sxc731That seems suspicious, no?15:38
lbragstadif you have keystonemiddleware configured to cache tokens, it should be using oslo.cache to do that15:39
lbragstadjust like you would for caching things in keyston15:39
lbragstadkeystone*15:39
lbragstadso when the middleware is run in front of the service, you should see some performance improvements by caching before you even have to ask keystone for anything15:40
sxc731Hmmm... also, assuming there are components that leverage this ability to hit the ache in process using ksm (which definitely seems a neat idea!) I would epxect they'd need the same config workaround you cooked on Fri, right?15:40
lbragstadi would assume so, since the issue appears to be in oslo.cache/pymemcached15:41
sxc731K15:41
*** bigdogstl has quit IRC15:41
sxc731So I grepped a little around the OSA roles and couldn't find any role (beside KS itself of course) that references either 'keystone_memcached_servers' (workaround) or 'keystone_cache_backend_argument' (broken version)15:43
lbragstadi need to fix up that patch, it's failing a test i assume15:44
sxc731lbragstad: sure, sorry for moving on to the next set of tricky q's so quickly!15:49
sxc731So I just looked again; looks like OSA's os_nova and os_swift roles do have some config that assigns "memcache_servers".  So they would both benefit from ksm in-bound caching validation but presumably the potential for other components (particularly Horizon) to do the same is quite significant?15:50
sxc731Suppose that's more a q for the OSA folks again... but still, assuming I'm right, this is another rather baffling discovery!?15:51
odyssey4meIt is very possible that the configs we're using are a bit dated. A lot of that stuff is not well understood by most consumers, so I know we'd welcome someone who's been paying attention and figuring out the right things. :)15:52
*** sxc731_ has joined #openstack-keystone15:52
sxc731odyssey4me: kool.  Wil lbragstad's help I'm sure we can figure it out rather expediently and the perf boost might be pretty significant!15:53
odyssey4methat would be really great :)15:53
odyssey4methank you guys for taking the time to dig into it15:53
sxc731I assume pretty much _every_ OS component validates tokens (presumably through KSM), right?  So pretty much every one of them needs the reference to memcache_servers so they can hit the cache rather than require the slow DB roundtrip?15:55
*** sxc731_ has quit IRC15:56
sxc731odyssey4me: no, thank _you_ (& lbragstad of course!) for all the help and support!!15:56
*** markvoelker has quit IRC15:59
*** sxc731_ has joined #openstack-keystone15:59
lbragstadodyssey4me: yeah - i'm not sure if you saw - https://bugs.launchpad.net/oslo.cache/+bug/174303615:59
openstackLaunchpad bug 1743036 in oslo.cache "Multiple memcached back-end instances breaks caching" [Undecided,Confirmed] - Assigned to Morgan Fainberg (mdrnstm)15:59
*** aojea_ has quit IRC16:04
*** aojea has joined #openstack-keystone16:04
*** sxc731 has quit IRC16:05
*** sxc731 has joined #openstack-keystone16:07
sxc731osyssey4mw, lbragstad: actually to be fair in the case of that bug 1743036, OSA's config template was almost "too correct" (ie: it was using a new-style config which turned out to be broken if I understood correctly)16:07
openstackbug 1743036 in oslo.cache "Multiple memcached back-end instances breaks caching" [Undecided,Confirmed] https://launchpad.net/bugs/1743036 - Assigned to Morgan Fainberg (mdrnstm)16:07
sxc731What I'm talking about now is a different kind of fish: missing memcached config that would enable KS-middleware to hit the cache directly for token validation, from components like Horizon.  I'm assuming the perf. benefit might also be quite substantial...16:08
odyssey4methat's a really good bug report - @evrardjp see https://bugs.launchpad.net/oslo.cache/+bug/174303616:08
openstackLaunchpad bug 1743036 in oslo.cache "Multiple memcached back-end instances breaks caching" [Undecided,Confirmed] - Assigned to Morgan Fainberg (mdrnstm)16:08
odyssey4meI think this relates to another old bug report we have.16:09
*** hoonetorg has quit IRC16:09
lbragstadsxc731: yeah - it would, but there wouldn't be any revocations in that case16:10
sxc731lbragstad: I thought revocations were also cached? Though I have to admit I don't fully understand how this works...16:10
odyssey4meI expect that we'll need to implement a workaround for the stable branches to make it work right as we'll not be able to make newton/ocata use a newer lib I guess.16:11
lbragstadsxc731: revocations are cached in keystone, yep. but when the token is validated in keystonemiddleware and keystonemiddleware uses a cached response, revocations won't come into play16:11
*** itlinux has joined #openstack-keystone16:12
lbragstad(e.g. if i get a token, cache it at the service, invalidate the token, then go do something at the service, the cache isn't invalidated based on the revocation event being stored in keystone)16:12
sxc731lbragstad: meaning it would be possible for a component that uses ksm-caching to bypass revoked tokens?16:12
lbragstadsxc731: exactly16:12
lbragstadit's a fine line16:12
sxc731Whoa... that's quite the tradeoff!16:12
lbragstad(i personally recommend super short ksm cache lifetimes)16:13
sxc731You understand this way better than I do of course but why couldn't ksm also hit the revoked tokens cache?16:13
evrardjpodyssey4me: lbragstad I think I had something pending, will check the whole conversation and bug, see how I can help.16:13
sxc731^short cache lifetimes might still work reasonably well in Horizon use-cases, where - I assume - a large number of services are hit16:14
lbragstadwe could build that in, but it would require keystone and keystonemiddleware to share the same cache (which might not be the case)16:14
lbragstadi don't think we've made it that far yet16:14
sxc731So if I understand correctly, you're suggesting that pushing ksm-caching across many components isn't necessarily advisable in current state of play?16:15
lbragstadsxc731: you can totally do it, but it is just worth knowing that ksm won't honor keystone revocation events for the case i just described16:16
*** sxc731_ has quit IRC16:16
*** sxc731_ has joined #openstack-keystone16:16
lbragstadso if you set cache life time to something short on the keystonemiddleware bit, and cache in keystone, too.. then you might only get a negligible hit if you do have to make the roundtrip16:16
lbragstadbest case: ksm validates a valid token16:17
lbragstadworst case: ksm validates a token but putting it on the wire to keystone, which results in a cache miss, keystone validates the token, resulting in a cache set on the way out16:17
lbragstads/but/by/16:18
sxc731lbragstad: just so I understand, a typical token revocation is someone logging out of Horizon?16:18
*** bigdogstl has joined #openstack-keystone16:18
lbragstadsxc731: not any more - that used to be the case, but we've been working to make revocation events a smaller and smaller set16:19
lbragstad(before, we used to store revocation events for *everything*; like removing a user from a project/domain, etc...)16:19
lbragstadbut we found that resulted in a *lot* of revocation events being written (and read) from keystone16:20
*** sxc731_ has quit IRC16:20
evrardjplbragstad: ok just read the bug details16:20
lbragstadsxc731: so we reworked our validation strategy to rebuild the entire authentication context at validation time (instead of relying on values that were true at authentication time)16:21
lbragstadsxc731: long story short - revocation events happen when a user explicitly revokes a token or changes a password16:21
lbragstad(I think those are the only two cases we use revocation events for)16:22
lbragstadevrardjp: o/ afternoon, sir!16:22
evrardjpI think my far memory updated that connection string, but got issues, and read the dogpile docs. if I recall correctly, we should probably use another backend for dogpile memcached to have proper clustering, but I might be wrong :)16:23
*** bigdogstl has quit IRC16:23
*** sxc731_ has joined #openstack-keystone16:23
evrardjphappy new year lbragstad :D16:23
evrardjpyeah I worked on that https://review.openstack.org/#/c/458029/16:24
lbragstadi was able to get clustering once i did this - https://review.openstack.org/#/c/533314/16:24
lbragstadbut i had absolutely no luck with the format described in your commit message :)16:24
lbragstadur:<cache-1>,<cache-2>,<cache-3>:11211 or ur:<cache-1>:11211,<cache-2>:11211,<cache-3>:1121116:25
sxc731lbragstad: cool, I think I get it; so sounds like revocations are now a fairly infrequent occurrence in a normal system's lifecycle... Maybe such an event could simply invalidate all the caches for example?  Then you'd be rid of the annoying edge case... Anyway that's a different discussion...16:25
*** bigdogstl has joined #openstack-keystone16:25
lbragstadsxc731: right - we do some cache invalidation based on some operations in keystone (e.g. we cache a user's role assignments, but we revoke that if assignments are mucked with)16:26
lbragstadevrardjp: once i did memcache_servers = {{ keystone_memcached_servers }} i was able to see cache traffic routed to the entire ring i had setup16:27
evrardjplbragstad: I think it's important to know which one is which, IIRC, we were supposed to drop memcached_servers because it was only used for token cache in UUID tokens, and those servers were colocated within keystone container, IIRC. But that's far in my memory, so I have to double check16:28
evrardjplbragstad: will adapt to your settings then16:28
evrardjpfor me your patch is good, we just need proper wiring of keystone_memcached_servers then.16:28
lbragstadevrardjp: yeah - we have some digging left to do in oslo.cache and python-memcached16:29
*** dave-mcc_ has joined #openstack-keystone16:29
lbragstadbecause something there isn't working properly with the backend_argument16:29
evrardjpmy concern is proper clustering and easy configuration16:29
lbragstad++16:30
*** sxc731 has quit IRC16:30
evrardjpyeah, I will accept your patch in the meantime, but let's keep in touch, and thanks!16:30
lbragstadevrardjp: sounds good - if kmalloc and i get to the bottom of the oslo.cache issues reasonably soon, i'll come find you guys :)16:30
sxc731_Lbrag16:32
sxc731_sorry16:32
sxc731_If KSM can’t hit the cache in-process presumably it just delegates to KS proper?16:33
*** itlinux has quit IRC16:34
lbragstadsxc731_: and just validates the token online?16:35
openstackgerritMerged openstack/keystonemiddleware master: Imported Translations from Zanata  https://review.openstack.org/53311416:38
*** AlexeyAbashkin has quit IRC16:39
*** AlexeyAbashkin has joined #openstack-keystone16:39
*** tesseract has quit IRC16:40
lbragstadgagehugo: nice work on https://review.openstack.org/#/c/527527/2 - one question inline16:41
*** gyee has joined #openstack-keystone16:43
openstackgerritGage Hugo proposed openstack/keystone master: Add functional testing gate  https://review.openstack.org/53101416:43
gagehugolbragstad o/16:44
gagehugoI assume doctor checks for the credentials API would be good to have?16:44
*** itlinux has joined #openstack-keystone16:46
*** bigdogstl has quit IRC16:46
*** sxc731 has joined #openstack-keystone16:47
*** markvoelker has joined #openstack-keystone16:47
*** AlexeyAbashkin has quit IRC16:47
*** nicolasbock has quit IRC16:48
*** nicolasbock has joined #openstack-keystone16:50
*** itlinux has quit IRC16:55
*** itlinux has joined #openstack-keystone16:56
gagehugolbragstad are you talking about having the token keys and credential keys checks in the same category?16:58
lbragstadgagehugo: well - i was thinking about it... but i guess the first thing we'd need to answer is "is there a reason to have doctor checks for the credential APIs usage of fernet?"16:59
*** sxc731_ has quit IRC17:02
*** itlinux has quit IRC17:03
gagehugofor now I'd say yes, for the future I'm not sure17:05
*** tbh_ has quit IRC17:05
gagehugoI don't see a reason to change them at this time is what I mean17:06
*** bigdogstl has joined #openstack-keystone17:06
gagehugounless I'm missing something17:07
*** dave-mcc_ has quit IRC17:08
*** itlinux has joined #openstack-keystone17:12
*** bigdogstl has quit IRC17:12
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Application credentials api-ref  https://review.openstack.org/53374417:12
*** hoonetorg has joined #openstack-keystone17:14
*** efried is now known as efried_rollin17:19
*** links has joined #openstack-keystone17:21
lbragstadgagehugo: but we do handle keys differently for the credentail api17:38
lbragstadso - maybe that's something17:38
*** bigdogstl has joined #openstack-keystone17:39
gagehugothen maybe keep them separate I'd say17:42
*** bigdogstl has quit IRC17:44
lbragstadi know for the credential api we work in the concept of a null key17:49
lbragstadand that was for upgrade purposes17:50
*** links has quit IRC17:50
*** dikonoor has quit IRC17:52
*** bigdogstl has joined #openstack-keystone17:52
*** bigdogstl has quit IRC17:58
*** abhishek has quit IRC18:04
*** sxc731 has quit IRC18:06
*** bigdogstl has joined #openstack-keystone18:09
*** mvk has quit IRC18:10
*** sambetts is now known as sambetts|afk18:14
*** bigdogstl has quit IRC18:16
*** kmalloc has joined #openstack-keystone18:19
* kmalloc yawns.18:19
-openstackstatus- NOTICE: Zuul has been restarted and has lost queue contents; changes in progress will need to be rechecked.18:23
*** aojea has quit IRC18:36
*** AlexeyAbashkin has joined #openstack-keystone18:50
*** aojea has joined #openstack-keystone18:51
*** AlexeyAbashkin has quit IRC18:55
*** aojea_ has joined #openstack-keystone18:57
*** sxc731 has joined #openstack-keystone18:58
*** aojea has quit IRC18:59
*** aojea has joined #openstack-keystone19:02
lbragstadrunning an errand over lunch quick, biab19:03
*** aojea_ has quit IRC19:05
*** aojea_ has joined #openstack-keystone19:08
*** aojea has quit IRC19:11
*** aojea has joined #openstack-keystone19:12
*** aojea_ has quit IRC19:15
*** aojea_ has joined #openstack-keystone19:18
*** bigdogstl has joined #openstack-keystone19:20
*** aojea has quit IRC19:20
*** aojea has joined #openstack-keystone19:23
*** aojea_ has quit IRC19:26
*** bigdogstl has quit IRC19:28
*** aojea_ has joined #openstack-keystone19:29
*** aojea has quit IRC19:31
*** aojea has joined #openstack-keystone19:34
*** aojea_ has quit IRC19:36
*** aojea_ has joined #openstack-keystone19:39
openstackgerritDirk Mueller proposed openstack/keystone master: msgpack-python has been renamed to msgpack  https://review.openstack.org/53376819:41
*** aojea has quit IRC19:42
*** aojea has joined #openstack-keystone19:46
*** aojea_ has quit IRC19:47
*** AlexeyAbashkin has joined #openstack-keystone19:51
*** aojea has quit IRC19:53
*** efried_rollin is now known as efried19:55
*** AlexeyAbashkin has quit IRC19:55
*** aojea has joined #openstack-keystone20:04
*** aojea_ has joined #openstack-keystone20:09
*** aojea has quit IRC20:12
*** aojea__ has joined #openstack-keystone20:15
*** sxc731 has left #openstack-keystone20:16
*** aojea_ has quit IRC20:18
*** rmascena has joined #openstack-keystone20:19
*** bigdogstl has joined #openstack-keystone20:20
*** raildo has quit IRC20:21
*** dansmith has quit IRC20:22
*** markvoelker has quit IRC20:22
*** aojea__ has quit IRC20:23
*** bigdogstl has quit IRC20:28
*** Guest49522 has joined #openstack-keystone20:35
*** Guest49522 is now known as dansmith20:40
*** AlexeyAbashkin has joined #openstack-keystone20:50
*** AlexeyAbashkin has quit IRC20:54
*** bigdogstl has joined #openstack-keystone20:58
*** bigdogstl has quit IRC21:10
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Split request logging into four different loggers  https://review.openstack.org/50576421:13
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Remove PYTHONHASHSEED setting  https://review.openstack.org/53379821:13
*** aojea has joined #openstack-keystone21:13
*** aojea_ has joined #openstack-keystone21:18
*** aojea has quit IRC21:21
*** aojea has joined #openstack-keystone21:23
lbragstadi gotta step away for a bit but i'll back back online in a couple hours and working through tonight21:25
*** aojea_ has quit IRC21:26
*** nicolasbock has quit IRC21:26
*** aojea_ has joined #openstack-keystone21:28
gagehugook21:29
*** aojea has quit IRC21:30
*** pcaruana has quit IRC21:30
gagehugojobs are not very stable today :(21:30
*** dave-mccowan has joined #openstack-keystone21:31
*** jappleii__ has joined #openstack-keystone21:32
*** aojea__ has joined #openstack-keystone21:33
*** dgonzalez has quit IRC21:33
*** bigdogstl has joined #openstack-keystone21:33
*** aojea_ has quit IRC21:36
*** aojea_ has joined #openstack-keystone21:38
*** bigdogstl has quit IRC21:38
*** aojea__ has quit IRC21:41
*** dgonzalez has joined #openstack-keystone21:42
*** aojea__ has joined #openstack-keystone21:43
*** lbragstad has quit IRC21:44
*** aojea_ has quit IRC21:46
*** lbragstad has joined #openstack-keystone21:47
*** ChanServ sets mode: +o lbragstad21:47
*** aojea_ has joined #openstack-keystone21:48
lbragstadnope :(21:49
*** AlexeyAbashkin has joined #openstack-keystone21:50
*** aojea__ has quit IRC21:51
*** aojea__ has joined #openstack-keystone21:53
*** AlexeyAbashkin has quit IRC21:54
*** aojea_ has quit IRC21:57
*** bigdogstl has joined #openstack-keystone21:58
*** aojea has joined #openstack-keystone21:58
cmurphyTIL parameters.yaml in api-ref is enforced alphabetical21:59
cmurphydid not expect21:59
*** aojea__ has quit IRC22:01
*** bigdogstl has quit IRC22:03
*** aojea has quit IRC22:07
cmurphyoh and also grouped by where the parameter is22:07
*** aojea has joined #openstack-keystone22:07
cmurphythis is so hard to get right22:07
*** bigdogstl has joined #openstack-keystone22:09
*** lbragstad has quit IRC22:10
*** mvk has joined #openstack-keystone22:11
*** aojea_ has joined #openstack-keystone22:12
*** aojea has quit IRC22:15
openstackgerritColleen Murphy proposed openstack/keystone master: Add Application Credentials controller  https://review.openstack.org/52442322:16
openstackgerritColleen Murphy proposed openstack/keystone master: Add application credential auth plugin  https://review.openstack.org/52534622:16
openstackgerritColleen Murphy proposed openstack/keystone master: Allow overriding app cred restrictions  https://review.openstack.org/53343122:16
openstackgerritColleen Murphy proposed openstack/keystone master: Add caching options for application credentials  https://review.openstack.org/53360922:16
openstackgerritColleen Murphy proposed openstack/keystone master: WIP Application credentials api-ref  https://review.openstack.org/53374422:16
*** aojea__ has joined #openstack-keystone22:18
*** lbragstad has joined #openstack-keystone22:19
*** ChanServ sets mode: +o lbragstad22:19
*** aojea_ has quit IRC22:20
*** rcernin has joined #openstack-keystone22:21
*** aojea has joined #openstack-keystone22:22
kmalloccmurphy: i wouldn't have expected that either22:23
lbragstadcmurphy: yeah - totally fun to debug22:23
* lbragstad 's been bitten by that before22:23
*** bigdogstl has quit IRC22:23
*** aojea__ has quit IRC22:25
kmallocmordred, lbragstad: re https://review.openstack.org/#/c/505764/6 it's going to have to be opt-in for the split loggers22:27
kmallocwe can't break behavior that someone might be relying on22:27
kmallocchanging the logging output does22:27
kmalloc*sorry* =/22:27
kmallocnow... that said, lbragstad can tell me he believes it's ok, and i'll +2 it as is. [provided a clean test run]22:28
*** aojea_ has joined #openstack-keystone22:28
*** spilla has quit IRC22:28
lbragstadkmalloc: i'll add it to my review queue22:30
kmalloclbragstad: it should be quick to review. it's a good concept22:30
*** bigdogstl has joined #openstack-keystone22:30
* kmalloc is going to build some microphones... ^_^22:30
*** aojea has quit IRC22:30
kmalloccause you cvan totally make awesome vintage mics for cheap if you're willing to solder things22:31
kmalloccmurphy: ^ yesssssssss soldering fun.22:31
kmallocmordred: https://review.openstack.org/#/c/533798/1 if that passes tests, feel free to self-approve. PLEASE approve that one as soon as it is possible to make that a thing.22:31
kmalloc^ any keystoneauth core (the 533798 one)22:32
cmurphykmalloc: :D22:32
*** aojea has joined #openstack-keystone22:32
*** aojea_ has quit IRC22:35
*** aojea_ has joined #openstack-keystone22:38
*** rmascena has quit IRC22:38
*** bigdogstl has quit IRC22:39
*** aojea has quit IRC22:40
*** aojea__ has joined #openstack-keystone22:43
*** aojea_ has quit IRC22:45
*** aojea__ has quit IRC22:48
*** phalmos has quit IRC22:49
*** bigdogstl has joined #openstack-keystone22:51
*** markvoelker has joined #openstack-keystone22:53
*** markvoelker has quit IRC22:58
*** lbragstad has quit IRC23:00
*** bigdogstl has quit IRC23:01
openstackgerritColleen Murphy proposed openstack/keystone master: Add api-ref for application credentials  https://review.openstack.org/53374423:03
*** bigdogstl has joined #openstack-keystone23:17
*** bigdogstl has quit IRC23:25
*** itlinux has quit IRC23:33
*** r-daneel has quit IRC23:33
*** bigdogstl has joined #openstack-keystone23:40
*** nicolasbock has joined #openstack-keystone23:47
*** lbragstad has joined #openstack-keystone23:53
*** ChanServ sets mode: +o lbragstad23:53
*** bigdogstl has quit IRC23:54
« Sunday, 2018-01-14 Index Tuesday, 2018-01-16 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!