Tuesday, 2018-10-16

« Monday, 2018-10-15 Index Wednesday, 2018-10-17 »
*** Dinesh_Bhor has joined #openstack-keystone00:34
*** Dinesh_Bhor has quit IRC01:27
*** Dinesh_Bhor has joined #openstack-keystone01:35
*** Dinesh_Bhor has quit IRC02:02
*** annp has joined #openstack-keystone02:26
wxy-xiyuanping vishakha02:36
wxy-xiyuanRe https://review.openstack.org/#/c/61000502:36
*** openstackgerrit has joined #openstack-keystone02:41
openstackgerritMerged openstack/keystone master: Clarify group-mapping example in docs  https://review.openstack.org/60796702:41
*** felipemonteiro has joined #openstack-keystone02:42
vishakhawxy-xiyuan: hello02:49
wxy-xiyuanvishakha: hi, for this patch, you want to test a case that the `region_id` could not be '', right?02:50
openstackgerritVishakha Agarwal proposed openstack/keystone master: Default and resource limit should not be '-ve'  https://review.openstack.org/61047902:51
*** Dinesh_Bhor has joined #openstack-keystone02:55
vishakhawxy-xiyuan: yes if user passed empty region-id03:07
*** dave-mccowan has quit IRC03:08
gagehugovishakha: left some comments on https://review.openstack.org/#/c/610479/ once those are addressed it should be good :)03:08
gagehugowxy-xiyuan: o/03:08
vishakhagagehugo: Thanks for the comments.  Working on those03:09
wxy-xiyuangagehugo: :)03:09
wxy-xiyuanvishakha: Thanks, it makes sense.03:11
vishakhawxy-xiyuan: your welcome :)03:12
*** Dinesh_Bhor has quit IRC03:36
*** felipemonteiro has quit IRC04:04
*** Dinesh_Bhor has joined #openstack-keystone04:30
*** viks__ has joined #openstack-keystone04:34
openstackgerritVishakha Agarwal proposed openstack/keystone master: Default and resource limit should not be '-ve'  https://review.openstack.org/61047904:58
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove incorrect copyright notice.  https://review.openstack.org/61087905:14
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove incorrect copyright notice.  https://review.openstack.org/61087905:15
kmallocwxy-xiyuan: ^05:15
openstackgerritVishakha Agarwal proposed openstack/keystone master: Added test case update registered limit with region  https://review.openstack.org/61000505:34
openstackgerritVishakha Agarwal proposed openstack/keystone master: [WIP] Implement scope_type checking for role_assignments  https://review.openstack.org/60921005:49
*** Dinesh_Bhor has quit IRC06:16
wxy-xiyuankmalloc: cool. Thanks for the quick update. Leaving +W to other non-huawei reviewer :)06:24
*** rdopiera has joined #openstack-keystone06:36
openstackgerritwangxiyuan proposed openstack/keystone master: Allow registered limit's region_id to be None  https://review.openstack.org/61088706:42
*** rcernin has quit IRC07:01
openstackgerritVishakha Agarwal proposed openstack/keystone master: [WIP] Implement scope_type checking for role_assignments  https://review.openstack.org/60921007:24
*** markvoelker has quit IRC07:29
*** markvoelker has joined #openstack-keystone07:29
*** Dinesh_Bhor has joined #openstack-keystone07:33
*** mvkr has quit IRC07:34
*** markvoelker has quit IRC07:34
*** mvkr has joined #openstack-keystone08:14
*** markvoelker has joined #openstack-keystone08:30
*** mvkr has quit IRC08:35
*** mvkr has joined #openstack-keystone08:48
*** markvoelker has quit IRC09:03
lbragstadayoung interesting09:13
lbragstadthanks for the heads up - i'll take another look today09:13
*** mvkr has quit IRC09:40
*** mvkr has joined #openstack-keystone09:41
BlackDexHello there. Is it possible to have multiple local storage disks per instance?09:51
BlackDexso, a separate boot/os disk and a separate data disk both living on the local storage, no volumes/cinder09:52
*** imacdonn has quit IRC09:54
*** imacdonn has joined #openstack-keystone09:55
lbragstadBlackDex that might be a good question for the operator ML or #openstack-dev09:55
BlackDexlbragstad: Ill try #openstack-dev :)09:56
lbragstadit does sound cinder specific; someone in #openstack-cinder might have an answer, too09:56
BlackDexthx09:56
BlackDex:)09:56
BlackDexSorry, i see i'm in keystone09:56
BlackDexhaha09:56
BlackDexwanted to ask in @openstack09:56
lbragstad:)09:57
BlackDexAll those channels09:57
lbragstadtell me about it09:57
*** markvoelker has joined #openstack-keystone10:00
openstackgerritVishakha Agarwal proposed openstack/keystone master: Fixing update registered limit api-ref  https://review.openstack.org/61000010:07
*** jamielennox has quit IRC10:11
openstackgerritVishakha Agarwal proposed openstack/keystone master: Fixing update registered limit api-ref  https://review.openstack.org/61000010:12
*** jamielennox has joined #openstack-keystone10:13
openstackgerritVishakha Agarwal proposed openstack/keystone master: Fixing update unified limit api-ref  https://review.openstack.org/61000010:16
*** Dinesh_Bhor has quit IRC10:20
*** felipemonteiro has joined #openstack-keystone10:27
*** markvoelker has quit IRC10:34
*** Dinesh_Bhor has joined #openstack-keystone10:54
lbragstadwxy-xiyuan do you remember if we ever decided on if we were going to allow negative values for limits?10:59
lbragstade.g., if a resource has a negative value, it's not limited?10:59
lbragstadhttps://bugs.launchpad.net/keystone/+bug/179787610:59
openstackLaunchpad bug 1797876 in OpenStack Identity (keystone) "Default values for registered limit allows to set negative value" [Undecided,In progress] - Assigned to Vishakha Agarwal (vishakha.agarwal)10:59
*** Dinesh_Bhor has quit IRC11:06
*** dave-mccowan has joined #openstack-keystone11:09
*** felipemonteiro has quit IRC11:20
wxy-xiyuanlbragstad: I think we didn't have the related discussion.11:25
wxy-xiyuanlbragstad: We should keep the behavior the same with what most services do now.11:26
openstackgerritMerged openstack/oslo.policy master: Clean up .gitignore references to personal tools  https://review.openstack.org/61041411:27
wxy-xiyuanlbragstad: for example, currently, set volume's quota to -1 in cinder means no limit IIRC11:28
wxy-xiyuanlbragstad: different service may have different behavior. But I guess most of them use -1 for unlimited.11:29
*** markvoelker has joined #openstack-keystone11:31
wxy-xiyuanlbragstad: glance now uses config options for limit which treat negative values for unlimited as well.11:31
lbragstadi think nova does, too11:32
lbragstadhttps://github.com/openstack/nova/blob/master/nova/conf/quota.py#L2911:33
lbragstadadriant does adjutant have a weekly meeting?11:34
wxy-xiyuanlbragstad: ++, so we should allow negative values.11:34
lbragstadso - how does that work with a hierarchy?11:36
lbragstadnegative values in flat enforcement don't seem to be an issue11:36
wxy-xiyuanlbragstad: I think we have a bug in our code for hierarchy model if we treat negative value as unlimited.11:37
lbragstadso - using negative values for limits will be conditional based on the enforcement model?11:37
wxy-xiyuanNo, we should always allow negative values for limits, no matter what model is chosen.11:38
lbragstadoh, got it. i missed that part then11:38
wxy-xiyuanI mean in hierarchy model, if parent is a negative values, its child can have a positive value, but currently in our code, we just check child <= parent which is wrong.11:39
lbragstadif a parent project has a limit of 10 cores and someone tries to set the child limit to negative, that should error, right?11:39
wxy-xiyuanlbragstad: I think so.11:40
lbragstadok - i agree11:40
lbragstadif a parent project has a limit of -1 on cores then a child project can have a limit of -1 on cores11:40
lbragstadsince child.limit <= parent.limit, which is what we do today i think11:41
wxy-xiyuanyes.11:41
lbragstadcool - that makes sense11:41
*** jistr is now known as jistr|afk11:47
openstackgerritMerged openstack/oslo.limit master: Clean up .gitignore references to personal tools  https://review.openstack.org/61041811:53
openstackgerritMerged openstack/keystone master: Loosen the assertion for logging scope type warnings  https://review.openstack.org/59718611:58
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials  https://review.openstack.org/59454712:01
openstackgerritLance Bragstad proposed openstack/keystone master: Remove obsolete credential policies  https://review.openstack.org/59718712:01
*** markvoelker has quit IRC12:04
openstackgerritwangxiyuan proposed openstack/keystone master: Allow registered limit's region_id to be None  https://review.openstack.org/61088712:05
*** shyamb has joined #openstack-keystone12:09
*** Emine has joined #openstack-keystone12:30
*** felipemonteiro has joined #openstack-keystone12:32
*** raildo has joined #openstack-keystone12:35
*** Emine has quit IRC13:09
*** mchlumsky has joined #openstack-keystone13:13
*** shyamb has quit IRC13:14
openstackgerritayoung proposed openstack/oslo.policy master: namespaced flag on checker CLI  https://review.openstack.org/61040213:19
*** jistr|afk is now known as jistr13:20
*** felipemonteiro has quit IRC13:27
openstackgerritayoung proposed openstack/keystone master: WIP Catalog for Unscoped Tokens  https://review.openstack.org/61097513:51
hrybackilbragstad: I can't maske it to Berlin -- Ozz and Adam have taken over the talk. I know they were working to move some things around due to conflicts though14:19
lbragstadhrybacki sounds good - thanks for the update!14:20
cmurphyhrybacki: :'(14:24
hrybackiI'll be at PTS(ummit)!14:24
hrybackiMy Fall kinda blew apart =/14:25
openstackgerritColleen Murphy proposed openstack/keystone master: Update API version to 3.11  https://review.openstack.org/60821614:32
openstackgerritJose Castro Leon proposed openstack/keystone master: Add caching on trust role validation to improve performance  https://review.openstack.org/60896314:35
openstackgerritMerged openstack/oslo.policy master: Add guidelines for naming policies  https://review.openstack.org/60621414:39
hrybackilbragstad: wooooooooo^^14:54
lbragstaddamn...14:54
hrybackiThey said it couldn't be done..14:55
hrybackiDid we get much operator feedback?14:55
*** felipemonteiro has joined #openstack-keystone14:55
lbragstad"make all policy names the same they said... it'll be easy they said"14:55
lbragstad:'(14:55
*** Emine has joined #openstack-keystone14:56
hrybackionly 7 patchsets. Seems to be missing a zero14:57
lbragstadikr14:58
ayoungcan someone explain to me how https://review.openstack.org/#/c/608963/4  adds caching?15:14
ayounghrybacki, I'm sorry to be missing you there.  I might need to force a trip to some customer in the RDU area to compensate15:17
*** wxy| has joined #openstack-keystone15:19
lbragstadayoung it uses an API that is cache15:30
lbragstadcached*15:30
lbragstadayoung https://review.openstack.org/#/c/608963/4/keystone/assignment/core.py@11315:31
hrybackiayoung: you are welcome down anytime :)15:35
ayounglbragstad, ah...the old code was calling a similarly named but different API?15:36
ayounglist_role_assignments is not cached?15:36
lbragstadno15:40
lbragstadi think that's because it's got a million kwargs15:40
lbragstadand methods with kwargs aren't cachable?15:40
lbragstadthat said, the new method signature has a kwarg in it...15:41
lbragstadkmalloc might have to take a gander at that ^ but I'm pretty sure caching doesn't work on methods with kwargs15:45
lbragstadwhich is strange because i validated that patch locally and noticed a 77% performance increase15:46
*** felipemonteiro has quit IRC15:49
openstackgerritMerged openstack/oslo.policy master: Add docs for developers testing APIs  https://review.openstack.org/60419215:56
kmalloclbragstad: caching can now work with kwargs16:02
kmallocwe fixed that in doghpile16:02
kmallocwe can do that witha change to our coce16:02
hrybackio/16:02
lbragstadkmalloc oh - awesome16:05
lbragstadi was wondering why performance was so good when i noticed the kwargs16:05
lbragstadglad we fixed that16:06
lbragstadi'll retract my -116:06
kmalloclbragstad: noooowww we need a cache region we invalidate with any change that impacts that API call16:08
*** d0ugal has quit IRC16:21
*** d0ugal has joined #openstack-keystone16:23
openstackgerritwangxiyuan proposed openstack/keystone master: Allow registered limit's region_id to be None  https://review.openstack.org/61088716:43
lbragstadkmalloc yeah - exactly17:04
lbragstadthat's the way it is in other APIs and that's probably fine17:04
lbragstadnot sure if we should be validating invalid query parameters better, but...17:04
kmallocok let me dig up that key generator code for ayoung17:04
kmallocso we can use kwargs17:05
kmallocand eliminate all the self._update_user bs17:05
kmallocayoung, lbragstad: we need to use https://dogpilecache.readthedocs.io/en/latest/api.html#dogpile.cache.util.function_key_generator17:05
kmallocsorry https://dogpilecache.readthedocs.io/en/latest/api.html#dogpile.cache.util.kwarg_function_key_generator17:06
kmallocwhich i think is just setting a value on the region(s)17:06
*** wxy| has quit IRC17:07
kmallochttps://github.com/openstack/oslo.cache/blob/master/oslo_cache/core.py#L17517:08
kmallocyep, just needs to be passed there17:08
kmallocwew can change that in oslo.cache17:09
*** mvkr has quit IRC17:13
openstackgerritMerged openstack/keystone master: Increment versioning with pbr instruction  https://review.openstack.org/61055717:30
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Add minor nits in testing documentation  https://review.openstack.org/61111117:39
kmalloclbragstad: where was the oslo.cache bug?17:39
lbragstadfor?17:39
kmallocthere was something ... and i can't remember what we chased down the real bug was17:39
lbragstader - which one?17:39
kmallocthe config dict thing17:39
lbragstadoh17:39
lbragstadsec17:40
kmalloci'm trying to dig up the actual issue17:40
kmalloci found the bug17:40
kmallocbut it's missing some context of why multistr opt can't work.17:40
kmallocor... some such17:40
lbragstadhttps://bugs.launchpad.net/oslo.cache/+bug/174303617:40
openstackLaunchpad bug 1743036 in oslo.cache "Multiple memcached back-end instances breaks caching" [Undecided,Confirmed] - Assigned to Morgan Fainberg (mdrnstm)17:40
lbragstad^17:40
kmallocright17:40
lbragstadthat one?17:40
kmallocand i'm missing the context of what the real root cause of the bug is/was17:40
kmallochmm.17:41
kmallocsomething about how url is processed by dogpile, i guess?17:41
kmallocbecause i'm not seeing issues in the oslo.cache code17:41
kmallocit looks... sane?17:41
lbragstadoslo.cache doesn't deal with backend_argument properly17:41
kmallochmm.17:41
lbragstadbut it does with memcache_servers17:42
kmallocmultistropt is a list17:42
kmallocso, we end up with url:127.0.0.1,127.0.0.2:112117:42
kmalloc1121117:42
kmallocwhich splits to url, 127.0.0.1,127.0.0.2:1121117:42
kmallocand that is... incorrect somehow17:43
lbragstadyeah - it's weird17:43
lbragstadi thought it had something to do with how those connections were getting established?17:43
kmallocit might be17:44
kmalloci wish i hadn't lost the context on this17:44
kmalloci know where the bug is17:44
kmalloci have no idea what the bug is though17:44
kmallocooh wait a sec.17:45
kmallocah.17:45
kmallocmemcache_servers is a list17:46
kmallocbackend_argument url is a string.17:46
kmallocok this is fixable17:46
kmallocLet me propose a fix and if you have a quick env to test withj, that would be great17:46
kmallocalso... wtf. someone mangled something17:47
kmallocit looks like we override the backend_url with... memcache_servers regardless17:48
kmallocyeah someone mangled this badly17:49
kmallocoh wait nvm.17:49
*** rdopiera has quit IRC17:50
hrybackianyone recall when v2 was originally deprecated by chance?18:05
lbragstadlike mitaka18:06
hrybacki++ I knew it was quite a ways back18:06
kmallocwell.18:07
kmallocofficially deprecated18:07
kmallocor like "seriously folks, lets not do things in v2"18:07
kmallocbecause that latter bit was like grizzly18:08
hrybackikmalloc: officially -- trying to correct some confused support personnel18:09
kmalloclong enough ago ;)18:09
kmallocoi18:12
kmallocfinding cache bugs =/18:12
lbragstadyeah - mitaka is when we had to officially deprecate it18:13
*** mvkr has joined #openstack-keystone18:14
*** Emine has quit IRC18:15
*** gyee has joined #openstack-keystone18:19
openstackgerritMorgan Fainberg proposed openstack/keystone master: Support KWARGS in the cache key generating function(s).  https://review.openstack.org/61112018:21
openstackgerritMorgan Fainberg proposed openstack/keystone master: Invalidate app cred AFTER deletion  https://review.openstack.org/61112118:21
kmalloclbragstad: ^ those are somewhat interesting.18:21
kmalloclets see if they pass18:21
kmallocthe second one is somewhat important :(18:21
kmalloclbragstad: trying to think what else is in the pipeline that needs cleanup besides KSM/AuthContext now18:22
kmallocpymemcached.18:22
openstackgerritMorgan Fainberg proposed openstack/keystone master: Invalidate app cred AFTER deletion  https://review.openstack.org/61112118:29
*** dave-mccowan has quit IRC19:07
*** dave-mccowan has joined #openstack-keystone19:08
lbragstadkmalloc are you getting this locally when you run docs? http://paste.openstack.org/raw/732271/19:10
openstackgerritLance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks  https://review.openstack.org/60878519:10
*** aning has quit IRC19:15
kmallochm.19:15
kmalloci wasn't19:15
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553919:15
kmalloclbragstad: that looks like something doing stupid introspection on the docstring19:16
lbragstaddoesn't happen in the gate from what i can tell19:16
lbragstadcurious if anyone else was hitting it though19:16
kmalloci think it's something in docs looking at the introspection and saying OMG functools.partial is not a thing19:16
kmallocsooooooo *shrug*19:17
*** aning has joined #openstack-keystone19:18
openstackgerritSean McGinnis proposed openstack/keystoneauth master: Update sphinx extension logging  https://review.openstack.org/61113519:21
openstackgerritSean McGinnis proposed openstack/oslo.policy master: Update sphinx extension logging  https://review.openstack.org/61114319:35
openstackgerritLance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553919:40
*** raildo has quit IRC19:46
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system reader role in domains API  https://review.openstack.org/60548519:55
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system member role in domains API  https://review.openstack.org/60584919:55
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system admin role in domains API  https://review.openstack.org/60585019:55
*** mchlumsky has quit IRC21:25
openstackgerritLance Bragstad proposed openstack/keystone master: Implement system reader role in users API  https://review.openstack.org/61117921:41
* lbragstad steps away 21:41
*** lbragstad is now known as lbragstad-50321:42
kmallocthe lbragstad service is temporarily unavailable.21:49
openstackgerritCorey Bryant proposed openstack/keystone master: py3 ldap does not allow bytes for DN/RDN/field names  https://review.openstack.org/61119022:43
*** rcernin has joined #openstack-keystone22:49
*** dave-mccowan has quit IRC23:24
« Monday, 2018-10-15 Index Wednesday, 2018-10-17 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!