Wednesday, 2018-04-18

« Tuesday, 2018-04-17 Index Thursday, 2018-04-19 »
*** r-daneel has joined #openstack-keystone00:05
*** r-daneel has quit IRC00:05
*** fiddletwix has joined #openstack-keystone00:07
*** eschwartz is now known as anyone00:39
*** chenyb4 has joined #openstack-keystone00:51
*** harlowja has quit IRC01:16
*** AlexeyAbashkin has joined #openstack-keystone01:39
*** AlexeyAbashkin has quit IRC01:43
*** panbalag has joined #openstack-keystone01:56
*** panbalag has left #openstack-keystone01:56
*** nicolasbock has quit IRC02:06
*** jmlowe_ has quit IRC02:15
*** oikiki has joined #openstack-keystone02:28
*** dklyle has joined #openstack-keystone02:31
*** jmlowe has joined #openstack-keystone02:41
*** oikiki has quit IRC02:44
*** dave-mccowan has quit IRC03:02
*** sonuk has joined #openstack-keystone03:19
*** prashkre_ has quit IRC03:25
*** harlowja has joined #openstack-keystone03:43
*** chenyb4 has quit IRC03:47
*** chenyb4 has joined #openstack-keystone03:48
*** harlowja has quit IRC04:12
*** gyee has quit IRC04:20
*** pcaruana has joined #openstack-keystone05:05
*** pcichy has joined #openstack-keystone05:11
*** pcaruana has quit IRC05:19
*** zhurong has joined #openstack-keystone05:36
*** oikiki has joined #openstack-keystone05:37
*** oikiki has quit IRC06:06
*** oikiki has joined #openstack-keystone06:10
*** gmann has quit IRC06:21
openstackgerritwangxiyuan proposed openstack/keystone master: Invalidate the shadow user cache when deleting a user  https://review.openstack.org/56190806:29
*** jmlowe_ has joined #openstack-keystone06:31
*** dklyle has quit IRC06:32
*** dklyle has joined #openstack-keystone06:32
*** jmlowe has quit IRC06:33
*** yikun_ has joined #openstack-keystone06:34
*** yikun has quit IRC06:36
*** ildikov has joined #openstack-keystone06:43
*** mordred has quit IRC06:45
*** links has joined #openstack-keystone06:46
*** dklyle has quit IRC06:47
*** oikiki has quit IRC06:48
*** mordred has joined #openstack-keystone06:49
*** pcaruana has joined #openstack-keystone06:50
*** rcernin has quit IRC07:00
*** zigo has quit IRC07:11
*** gmann has joined #openstack-keystone07:13
*** zigo has joined #openstack-keystone07:14
*** oikiki has joined #openstack-keystone07:14
*** sonuk_ has joined #openstack-keystone07:22
*** sonuk has quit IRC07:25
*** sonuk has joined #openstack-keystone07:28
*** links has quit IRC07:29
*** tesseract has joined #openstack-keystone07:29
*** sonuk_ has quit IRC07:29
*** AlexeyAbashkin has joined #openstack-keystone07:30
*** zhurong has quit IRC07:30
*** oikiki has quit IRC07:31
*** pooja-jadhav has quit IRC07:43
*** links has joined #openstack-keystone07:47
*** yikun__ has joined #openstack-keystone07:48
*** yikun_ has quit IRC07:51
*** links has quit IRC07:52
*** mugsie has quit IRC08:09
*** mugsie has joined #openstack-keystone08:21
*** mugsie has quit IRC08:21
*** mugsie has joined #openstack-keystone08:21
*** pcichy has quit IRC08:30
*** zhurong has joined #openstack-keystone08:39
*** links has joined #openstack-keystone08:48
*** pooja_jadhav has joined #openstack-keystone08:50
*** yikun__ has quit IRC09:02
*** yikun__ has joined #openstack-keystone09:03
*** annp has quit IRC09:04
*** annp has joined #openstack-keystone09:05
*** HW_Peter has quit IRC09:13
*** itlinux has joined #openstack-keystone09:40
itlinuxhello keystone guys, I have a question, I have a Ctl which is in London, using AD, but the login is slow since the AD is located in CZ zone. Any tips09:41
*** yikun_ has joined #openstack-keystone09:42
*** yikun__ has quit IRC09:45
*** itlinux has quit IRC09:49
*** bhagyashris is now known as neha_alhat09:51
*** neha_alhat is now known as bhagyashris09:52
*** zhurong has quit IRC09:57
*** itlinux has joined #openstack-keystone10:01
*** chenyb4 has quit IRC10:17
*** pcaruana has quit IRC10:27
*** nicolasbock has joined #openstack-keystone10:31
*** mvk has quit IRC11:08
*** sonuk has quit IRC11:31
*** sonuk has joined #openstack-keystone11:31
*** bhagyashris has quit IRC11:32
*** itlinux has quit IRC11:34
*** gmann has quit IRC11:51
*** itlinux has joined #openstack-keystone11:58
*** raildo has joined #openstack-keystone12:01
*** pcichy has joined #openstack-keystone12:10
*** anyone is now known as eschwartz12:12
*** sonuk has quit IRC12:14
*** gmann has joined #openstack-keystone12:15
*** edmondsw has joined #openstack-keystone12:15
*** pcaruana has joined #openstack-keystone12:19
*** mvk has joined #openstack-keystone12:20
*** panbalag has joined #openstack-keystone12:30
*** Alexey_Abashkin has joined #openstack-keystone12:31
*** AlexeyAbashkin has quit IRC12:33
*** Alexey_Abashkin is now known as AlexeyAbashkin12:33
*** jmlowe has joined #openstack-keystone12:35
*** jmlowe_ has quit IRC12:35
*** itlinux has quit IRC12:51
*** bhagyashris has joined #openstack-keystone12:52
*** dave-mccowan has joined #openstack-keystone13:07
lbragstadgagehugo: good question13:07
lbragstadpending the decision we make about encryption, i was just going to look into using whatever is already in gr13:07
*** dave-mccowan has quit IRC13:11
*** pcichy has quit IRC13:13
*** dave-mccowan has joined #openstack-keystone13:17
openstackgerritmelissaml proposed openstack/keystone master: Update auth_uri option to www_authenticate_uri  https://review.openstack.org/56227913:29
*** germs has joined #openstack-keystone13:31
*** germs has quit IRC13:31
*** germs has joined #openstack-keystone13:31
*** itlinux has joined #openstack-keystone13:32
*** fabian_ has joined #openstack-keystone13:33
openstackgerritRussell Tweed proposed openstack/keystone master: Add prerequisite package note to Keystone install guide  https://review.openstack.org/55256813:37
*** itlinux has quit IRC13:40
*** fabian_ is now known as chenyb413:46
*** pcichy has joined #openstack-keystone13:48
lbragstadhrybacki: http://lists.openstack.org/pipermail/openstack-dev/2018-April/129474.html13:49
hrybackinice. thank you lbragstad :)13:51
hrybackistrange that it isn't really clear how/where that vote happens13:51
*** m3m0 has joined #openstack-keystone13:52
m3m0Hello, Is it possible to query projects (tenants) directly from my ldap domain? openstack project list --domain ldap?13:52
m3m0my ldap.conf looks like this http://paste.openstack.org/show/719473/13:54
*** itlinux has joined #openstack-keystone13:54
m3m0and I do have a test cn (tenant) in my backend, but keystone does not show anything13:54
m3m0and I don't even see a query in my ldap logs when I query projects13:55
lbragstadm3m0: python-openstackclient does pass some of that information along to keystone14:03
lbragstadis there a specific query you're looking to make?14:03
lbragstadhrybacki: i thought so too, but i might not be looking in the right place14:03
m3m0lbragstad: yes, to retrieve the list of projects in my backend, so far I can only retreive users14:04
lbragstadm3m0: the resource backend, which is responsible for projects doesn't back to ldap14:05
lbragstadit used to, but i don't think that is the case anymore14:06
hrybacki\_0_/14:06
*** pcichy has quit IRC14:07
lbragstadm3m0: https://docs.openstack.org/keystone/latest/configuration/config-options.html#resource14:07
m3m0mmm so, no longer the option to have a centralized way to manage projects, users and roles is possible? I have to inject the projects directly to keystone?14:08
lbragstadm3m0: you can create projects in sql and manage role assignments in keystone for users in ldap14:10
m3m0no no, my projects, roles and users are in ldap14:10
m3m0I can query the users, but not the projects14:10
lbragstadright14:10
m3m0well in fairness, the roles are not there yet, still working on the projects14:11
*** panbalag has left #openstack-keystone14:11
*** dave-mccowan has quit IRC14:13
*** dklyle has joined #openstack-keystone14:15
*** chenyb4 has quit IRC14:15
lbragstadfound this - http://lists.openstack.org/pipermail/openstack-dev/2015-January/055459.html14:15
*** itlinux has quit IRC14:15
m3m0lbragstad: thanks let me take a look14:19
lbragstadm3m0: there is a bunch of context in there that might help14:19
lbragstadkmalloc: originally wrote it14:19
*** itlinux has joined #openstack-keystone14:19
*** spilla has joined #openstack-keystone14:20
m3m0lbragstad: it makes sense, then I will find a workaround on our side, maybe a cron job that add/remove projects into the sql backend14:22
lbragstadyeha14:22
lbragstadassignments might be a bit easier to manage if you use ldap groups and sql groups14:22
lbragstadthen just have the assignment on the sql groups14:22
m3m0lbragstad: but as far as I know you cannot combine users intro groups from different backends, is it the same behaviour for assignments?14:23
m3m0into*14:24
lbragstadif you have a group, it can hold users from which ever domain you like14:24
m3m0aaa that's perfect, thanks a lot :)14:25
lbragstadso if you have multiple ldaps backed to keystone, using domain specific configurations for each, you should be able to give them role assignments on projects throughout the deployment14:25
lbragstador you can keep them totally isolated within the domain you set up for them14:25
*** m3m0 has quit IRC14:49
*** felipemonteiro has joined #openstack-keystone14:54
*** mchlumsky has quit IRC15:05
*** mchlumsky has joined #openstack-keystone15:08
*** itlinux has quit IRC15:31
*** dklyle has quit IRC15:38
*** links has quit IRC15:55
*** itlinux has joined #openstack-keystone15:58
*** harlowja has joined #openstack-keystone16:06
*** r-daneel has joined #openstack-keystone16:07
*** r-daneel has quit IRC16:08
*** AlexeyAbashkin has quit IRC16:23
*** gyee has joined #openstack-keystone16:30
*** szaher has quit IRC16:53
*** szaher has joined #openstack-keystone17:04
*** gyee has quit IRC17:12
openstackgerritMerged openstack/keystone master: Add prerequisite package note to Keystone install guide  https://review.openstack.org/55256817:18
*** spilla has quit IRC17:22
kmalloclbragstad: ++17:23
*** mvk has quit IRC17:25
*** spilla has joined #openstack-keystone17:27
*** raildo has quit IRC17:28
openstackgerritMerged openstack/pycadf master: Updated from global requirements  https://review.openstack.org/55161517:34
*** raildo has joined #openstack-keystone17:37
*** harlowja has quit IRC17:44
*** AlexeyAbashkin has joined #openstack-keystone17:46
*** itlinux has quit IRC17:48
*** AlexeyAbashkin has quit IRC17:51
*** mvk has joined #openstack-keystone17:52
*** itlinux has joined #openstack-keystone17:54
*** oikiki has joined #openstack-keystone17:57
*** raildo has quit IRC17:58
*** dave-mccowan has joined #openstack-keystone17:59
*** spilla has quit IRC18:08
*** raildo has joined #openstack-keystone18:10
*** pcaruana has quit IRC18:12
*** spilla has joined #openstack-keystone18:13
*** harlowja has joined #openstack-keystone18:18
*** harlowja_ has joined #openstack-keystone18:23
*** harlowja has quit IRC18:24
*** itlinux has quit IRC18:35
*** itlinux has joined #openstack-keystone18:40
*** felipemonteiro_ has joined #openstack-keystone19:01
*** raildo has quit IRC19:05
*** felipemonteiro has quit IRC19:05
*** spilla has quit IRC19:08
*** pcaruana has joined #openstack-keystone19:13
openstackgerritMorgan Fainberg proposed openstack/keystone master: Allow blocking users from self-service password change  https://review.openstack.org/55943819:15
*** tesseract has quit IRC19:15
*** felipemonteiro__ has joined #openstack-keystone19:16
*** raildo has joined #openstack-keystone19:17
*** felipemonteiro_ has quit IRC19:20
*** pcaruana has quit IRC19:20
kmallocmordred: re https://review.openstack.org/#/c/462218/4 -- i think.... that changes behavior (possibly) for a given catalog19:26
kmallocmordred: and we will need it to be opt-in for the new filtering.19:26
kmallocmordred: but i wanted to confirm/make sure I am not missing some key bit here instead of scoring it incorrectly19:26
kmallocmordred: but I *really* like the direction and that we're leaning on an external set of aliases19:27
*** ayoung has joined #openstack-keystone19:29
openstackgerritGage Hugo proposed openstack/keystone master: [Do Not Merge] Adding debugging task  https://review.openstack.org/56175119:36
*** felipemonteiro__ has quit IRC19:39
*** felipemonteiro__ has joined #openstack-keystone19:40
openstackgerritLance Bragstad proposed openstack/keystone master: Remove the sample .conf file  https://review.openstack.org/52124919:40
*** spilla has joined #openstack-keystone19:40
lbragstadodyssey4me: d34dh0r53 ^ that should pass this time19:40
lbragstadi'm done mucking around with the tests19:40
openstackgerritLance Bragstad proposed openstack/keystone master: Remove the sample .conf file  https://review.openstack.org/52124919:41
*** ayoung has quit IRC19:50
*** oikiki has quit IRC19:52
*** blake has joined #openstack-keystone19:58
*** oikiki has joined #openstack-keystone20:08
openstackgerritGage Hugo proposed openstack/keystone master: Add LDAP user-backed functional testing gate  https://review.openstack.org/55894020:14
*** blake has quit IRC20:20
openstackgerritGage Hugo proposed openstack/keystone master: Handle LDAP Server Down in Pool  https://review.openstack.org/56072420:26
openstackgerritMerged openstack/keystoneauth master: Fix W503 line-break-before-binary-operator  https://review.openstack.org/56125920:42
*** sonuk has joined #openstack-keystone20:43
*** oikiki has quit IRC20:45
*** dmellado has quit IRC20:45
*** blake has joined #openstack-keystone20:52
openstackgerritMerged openstack/keystone master: Fix json schema nullable to add None to ENUM  https://review.openstack.org/56134820:55
*** oikiki has joined #openstack-keystone20:56
*** blake has quit IRC20:57
*** dave-mccowan has quit IRC20:59
*** spilla has quit IRC20:59
openstackgerritGage Hugo proposed openstack/keystone master: Update keystone functional tests  https://review.openstack.org/56012921:04
*** eandersson has quit IRC21:10
*** eandersson has joined #openstack-keystone21:13
*** spilla has joined #openstack-keystone21:19
*** sonuk has quit IRC21:27
*** mchlumsky has quit IRC21:32
*** timburke_ is now known as timburke21:33
*** oikiki has quit IRC21:43
*** tobberydberg has quit IRC21:43
*** oikiki has joined #openstack-keystone21:45
*** tobberydberg has joined #openstack-keystone21:51
*** oikiki has quit IRC22:05
*** felipemonteiro_ has joined #openstack-keystone22:06
*** afred312 has joined #openstack-keystone22:09
*** felipemonteiro__ has quit IRC22:10
kmalloclbragstad: can you +1 the backports for ENUM fix22:11
kmalloclbragstad: then i feel ok pushing them through22:11
*** afred312 has quit IRC22:19
*** blake has joined #openstack-keystone22:21
*** blake has quit IRC22:21
*** felipemonteiro_ has quit IRC22:29
*** felipemonteiro_ has joined #openstack-keystone22:29
*** rcernin has joined #openstack-keystone22:31
*** itlinux has quit IRC22:32
*** edmondsw has quit IRC22:41
*** mvk has quit IRC22:44
*** AlexeyAbashkin has joined #openstack-keystone22:45
*** mvk has joined #openstack-keystone22:49
*** AlexeyAbashkin has quit IRC22:50
*** raildo has quit IRC23:11
*** andreaf has quit IRC23:18
*** andreaf has joined #openstack-keystone23:18
*** vegarl has quit IRC23:20
*** vegarl has joined #openstack-keystone23:20
*** spilla has quit IRC23:27
*** felipemonteiro_ has quit IRC23:35
« Tuesday, 2018-04-17 Index Thursday, 2018-04-19 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!