Tuesday, 2018-11-27

« Monday, 2018-11-26 Index Wednesday, 2018-11-28 »
openstackgerritMerged openstack/keystone master: Add tempest-full-py3 job to zuul file  https://review.openstack.org/61782800:07
*** erus has quit IRC01:29
*** erus has joined #openstack-keystone01:36
*** Dinesh_Bhor has joined #openstack-keystone01:50
*** bzhao__ has joined #openstack-keystone02:20
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain_id column for limit  https://review.openstack.org/62020202:23
*** bzhao__ has quit IRC02:27
*** bzhao__ has joined #openstack-keystone02:34
*** Dinesh_Bhor has quit IRC03:02
*** Dinesh_Bhor has joined #openstack-keystone03:13
*** mvkr has quit IRC03:47
*** Dinesh_Bhor has quit IRC04:10
*** Dinesh_Bhor has joined #openstack-keystone04:31
vishakhaknikolla: Thanks  for the response. Other than metadata tag, entity id is to be removed from SSO and do we need to add any discovery protocol too?05:50
*** rcernin has quit IRC06:58
*** pcaruana has joined #openstack-keystone07:23
*** artem_vasilyev has joined #openstack-keystone07:29
artem_vasilyevhey guys, if anyone has time could you pls review these changes: https://review.openstack.org/#/c/618095/ and https://review.openstack.org/#/c/618712/07:32
*** irclogbot_1 has quit IRC08:44
*** irclogbot_1 has joined #openstack-keystone08:46
*** irclogbot_1 has quit IRC08:53
*** irclogbot_1 has joined #openstack-keystone08:56
*** amoralej|off is now known as amoralej09:01
*** xek has joined #openstack-keystone09:01
lbragstadif anyone would like to take a gander at https://review.openstack.org/#/c/605539/09:11
lbragstadmerging that would make it easier to rebase a whole bunch of bug fixes09:12
*** jackivanov has joined #openstack-keystone09:16
*** shrasool has joined #openstack-keystone09:17
wxy-xiyuanlbragstad: for https://review.openstack.org/#/c/605539/24/keystone/common/context.py seems some key-values are missing? https://github.com/openstack/keystone/blob/master/keystone/server/flask/request_processing/middleware/auth_context.py#L422-L43009:31
lbragstadwe might be able to add those in09:33
lbragstadgood catch09:33
openstackgerritJuan Antonio Osorio Robles proposed openstack/oslo.policy master: oslopolicy-checker: iterate through rules in sorted order  https://review.openstack.org/61972409:36
openstackgerritJuan Antonio Osorio Robles proposed openstack/oslo.policy master: Add ability for policy-checker to read configuration  https://review.openstack.org/61665909:37
*** xek has quit IRC09:44
*** xek has joined #openstack-keystone09:48
*** artem_vasilyev has quit IRC09:57
*** artem_vasilyev has joined #openstack-keystone10:04
*** xek has quit IRC10:18
*** xek has joined #openstack-keystone10:23
*** jlvillal has joined #openstack-keystone10:59
lbragstadthe policy API in keystone is deprecated11:29
lbragstadi'm opening bugs for all applicable APIs that aren't using default roles11:29
lbragstadbut since policy is deprecated, would anyone be opposed to not opening one for that?11:29
lbragstadotherwise, I can and just mark it as Low?11:30
lbragstadif i'm doing all this for other APIs, I want to be consistent, but also don't want to make it a priority if we have other things to do11:30
*** raildo has joined #openstack-keystone11:37
*** xek has quit IRC11:40
*** erus has quit IRC12:00
lbragstadhrybacki https://bugs.launchpad.net/keystone/+bugs?field.tag=default-roles should be a list of nearly all keystone policies that aren't taking default roles into account12:02
*** erus has joined #openstack-keystone12:02
*** rafaelweingartne has joined #openstack-keystone12:04
rafaelweingartneIs it possible to use OpenStack with more than one IdP via OIDC?12:04
*** amoralej is now known as amoralej|lunch12:04
*** xek has joined #openstack-keystone12:11
*** Dinesh_Bhor has quit IRC12:13
kmalloclbragstad: make it a wishlist bug12:16
kmalloclbragstad: policy API is holdover, we can close the bug as won't fix when we get further down the line12:17
kmallocBut if someone provides an clean fix we can accept it.12:17
kmallocDon't put effort into it beyond that.12:17
lbragstadmakes sense12:20
*** shrasool has quit IRC12:27
*** erus has quit IRC12:35
*** erus has joined #openstack-keystone12:36
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Make upgrades more robust with policy overrides  https://review.openstack.org/61419512:42
openstackgerritMerged openstack/oslo.policy master: Correct typo in docs  https://review.openstack.org/62014812:50
*** takamatsu has quit IRC12:58
*** dave-mccowan has joined #openstack-keystone13:01
*** amoralej|lunch is now known as amoralej13:06
*** dave-mccowan has quit IRC13:06
*** rafaelweingartne has quit IRC13:09
*** shrasool has joined #openstack-keystone13:14
*** takamatsu has joined #openstack-keystone13:21
fricklerkeystoneclient-devstack-functional seems to be constantly failing for some weeks now, is anybody working on that? e.g. http://logs.openstack.org/39/605539/24/check/keystoneclient-devstack-functional/9fff540/job-output.txt.gz#_2018-11-27_04_39_26_93904113:32
*** takamatsu has quit IRC13:37
lbragstadfrickler i can take a look13:38
lbragstadthrowing it on the meeting agenda for today to socialize it a bit13:38
lbragstadfrickler you brought another failure to use recently, too13:39
lbragstadis this related to that?13:39
* lbragstad can't remember13:39
*** takamatsu has joined #openstack-keystone13:43
*** jhesketh_ has joined #openstack-keystone13:44
fricklerlbragstad: the other failure is with federation testing on bionic, I don't think that that's related13:49
lbragstadok - there was a bug reported for that i think?13:49
fricklerhttps://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/177648913:49
openstackLaunchpad bug 1776489 in xmltooling (Ubuntu) "libxmltooling7 depends on libcurl3, which has been replaced by libcurl4 in Bionic" [Undecided,Confirmed]13:49
fricklerand https://bugs.launchpad.net/keystone/+bug/180290113:50
openstackLaunchpad bug 1802901 in OpenStack Identity (keystone) "Federation functional job failing on Bionic" [Undecided,New]13:50
*** jhesketh has quit IRC13:50
lbragstadcool13:50
fricklerworkaround for the latter currently would be to keep the federation job on xenial when we switch everything else to bionic https://review.openstack.org/#/c/611563/4/.zuul.yaml13:51
lbragstadok - good to know13:52
lbragstadfrickler are you familiar with the test-setup.sh script? specifically how it is invoked?14:00
lbragstadlooks like the same script is copied across multiple repositories, without much difference14:01
fricklerlbragstad: there's a generic zuul role that does this: http://git.openstack.org/cgit/openstack-infra/zuul-jobs/tree/roles/test-setup/README.rst14:03
fricklerlbragstad: but I didn't look at the script itself yet in detail14:03
lbragstadgotcha - well the script is failing early on14:03
lbragstadhere I think https://git.openstack.org/cgit/openstack/keystone/tree/tools/test-setup.sh#n1814:04
*** Dinesh_Bhor has joined #openstack-keystone14:04
lbragstadwhich doesn't seem a whole lot different from https://git.openstack.org/cgit/openstack/nova/tree/tools/test-setup.sh#n1814:05
*** Dinesh_Bhor has quit IRC14:05
lbragstadbut i'm not sure how nova relies on that for testing (like we do with the ksc functional tests)14:05
lbragstadmaybe they ksc functional tests are missing a step prior to calling that script14:06
fricklerlbragstad: nova seems to still be using the old legacy job novaclient-dsvm-functional , most likely the devstack-gate environment is different than what the new zuul v3 setup does14:10
fricklerlbragstad: but it may indeed be an issue not related to keystone directly, so if you don't have any obvious idea, I'll check with other infra folks14:10
lbragstadhmmm14:12
hrybackisuch organization lbragstad :D14:14
hrybackiman after my own heart14:14
*** mchlumsky has joined #openstack-keystone14:23
lbragstadlol14:26
* lbragstad hopes it'll be easier for people to pick up 14:27
*** xek has quit IRC14:30
*** xek has joined #openstack-keystone14:34
*** mordred has joined #openstack-keystone14:36
*** xek_ has joined #openstack-keystone14:43
*** artem_vasilyev has quit IRC14:44
*** xek has quit IRC14:46
knikollavishakha: correct.14:53
*** erus has quit IRC14:55
*** erus has joined #openstack-keystone14:56
*** edmondsw has joined #openstack-keystone14:59
ildikovlbragstad: hi15:03
ildikovlbragstad: are you joining the edge call?15:03
lbragstadildikov o/15:03
lbragstadjoining15:03
ildikovtnx :)15:03
ildikovhttps://zoom.us/j/87967893815:03
ildikovif anyone else is interested15:03
*** wxy| has joined #openstack-keystone15:36
*** ayoung has joined #openstack-keystone15:48
*** dansmith has quit IRC16:02
*** dansmith has joined #openstack-keystone16:02
*** shrasool has quit IRC16:42
hrybackiugh, when is the next DST shift, I keep missing the Tuesday meetings...16:54
gagehugolol16:55
gagehugojust a few more months16:56
lbragstadhrybacki  you need to adjust your calendar to use UTC ;)16:56
*** gyee has joined #openstack-keystone16:59
* kmalloc runs off17:00
lbragstadcurious if anyone would be willing to look at https://review.openstack.org/#/c/605539/17:00
lbragstadI can rebase a bunch of patches after that mergeds17:00
lbragstadmerges*17:00
* knikolla runs to lunch17:01
kmalloclbragstad: uh17:01
kmalloclbragstad: are you still putting a fully rendered token in the policy (target) dict?17:01
kmalloclbragstad: because *not* doing that will potentially break people.17:01
kmalloclbragstad: it is a real concern.17:02
lbragstadyeah - it's still in there https://review.openstack.org/#/c/605539/24/keystone/common/context.py@6517:02
lbragstadvalues is the target dict17:02
lbragstadas is your comment17:02
kmalloccool17:03
kmallocthat was the only previous sticking point i had17:03
lbragstadcool17:03
kmalloclbragstad: +217:03
kmalloclbragstad: https://review.openstack.org/#/c/619260/ that needs eyes17:03
kmallocit's just about equally important17:04
*** wxy| has quit IRC17:04
lbragstadaha - will review17:04
kmalloci know it is failing17:04
kmallocbut i want eyes on the content17:04
gagehugolbragstad: what are you meaning by "these" here: https://review.openstack.org/#/c/617829/1/.zuul.yaml@a195 ?17:04
kmallocso we can fix all at once.17:04
kmalloclbragstad: note that with full-IDP a lot of our policy stuff will be *changed* again17:05
lbragstadgagehugo we're not defining anything under line 195 like we were17:05
kmallocsince we wont be extracting from a token in all cases.17:05
kmallocbut i think it'll be good to support more normalized session-like use17:05
kmallocanyway i need to run, dr appt.17:05
kmallocbe back later17:05
lbragstadack17:05
lbragstadgagehugo irrelevant-files is empty?17:05
gagehugothe old one?17:06
* gagehugo is confused17:06
lbragstadshould it be pointing to something? like on line 13617:06
lbragstadhttps://review.openstack.org/#/c/617829/1/.zuul.yaml@13817:07
gagehugoIt's pointing to "*tempest-irrelevant-files", unless I'm mistaken?17:09
ayoungkmalloc, when you get back, I'd like to get your setup for Docker based Keystone Dev.  Make it easier than doing from first principals17:09
gagehugohttps://review.openstack.org/#/c/617829/1/.zuul.yaml@14817:10
lbragstadbah - my diff was garbage17:11
lbragstadapparently unified didn't show that properly?17:11
lbragstadit's clearer using side-by-side17:11
*** erus has quit IRC17:21
*** erus has joined #openstack-keystone17:21
*** jmlowe has quit IRC17:32
*** jmlowe has joined #openstack-keystone17:33
*** jmlowe has quit IRC17:34
*** imacdonn has quit IRC17:54
*** imacdonn has joined #openstack-keystone17:55
openstackgerritMerged openstack/keystone master: Update api-ref to include user options  https://review.openstack.org/60331917:58
gagehugolbragstad: oh lol18:00
gagehugoI typically use side-by-side18:00
*** jmlowe has joined #openstack-keystone18:05
*** bnemec has quit IRC18:06
*** bnemec has joined #openstack-keystone18:06
kmallocayoung: right now i just have a unit test docker story handy18:17
kmallocayoung: https://gist.github.com/morganfainberg/ab9fd86abfbced49fdb14ea15736aafc18:19
fricklerlbragstad: cmurphy: https://review.openstack.org/613385 is broken. the job works when running against python-keystoneclient, but fails when run against keystone18:19
kmallocayoung: i am working on a more generic standup keystone thing18:19
lbragstadfrickler do we need to revert that?18:21
fricklerlbragstad: maybe revert as a short term solution, or come up with a proper fix. I can take a closer look tomorrow, maybe since it isn't voting and was broken for 3 weeks it isn't 100% urgent18:22
lbragstadtrue18:23
lbragstadi might be able to give you a hand tomorrow if you want to ping me then18:23
fricklerlbragstad: sure, thx18:23
lbragstadno problem - thanks for digging into it18:23
*** amoralej is now known as amoralej|off18:34
openstackgerritMerged openstack/keystone master: Move irrelevant-files to project definition  https://review.openstack.org/61782918:48
*** shrasool has joined #openstack-keystone18:53
openstackgerritGage Hugo proposed openstack/keystone master: Don't emit a notification for the root domain  https://review.openstack.org/61784618:58
lbragstadsummary for those interested in it https://www.lbragstad.com/blog/openstack-summit-berlin-recap19:10
*** jlvillal has left #openstack-keystone19:10
ayoungkmalloc, thanks.  running the docker build now.  What does that do for database?19:12
ayoungkmalloc, BTW, I am running from /opt/stack/keystone, so I removed the 3 lines that pull in files from /opt like /opt/bindep.txt  Is there any reason to maintain those?19:24
kmallocJust for unit tests now19:26
ayoungkmalloc, something not quite right:19:26
kmallocThe bindep is so the binary bits are installed in the container19:26
ayoungI changed them to ./bindep.txt etc and now19:26
ayoungStep 8/13 : ADD ./${OS_PROJECT:-keystone}/bindep.txt ./bindep.txt19:26
ayounglstat keystone/bindep.txt: no such file or directory19:26
kmallocIt is Ubuntu specific for now19:26
kmallocHmm19:26
ayoungshould it be full path?19:27
kmallocRight. So I always work from outside the keystone directory19:27
kmallocYou have an extra ./ Maybe19:27
ayoungwhich order is ADD19:28
ayoungAh...that is it19:28
kmallocYeah ././ Won't work19:28
kmallocIt should...but doesn't.19:28
kmallocI have a docker compose with a DB setup etc, but I haven't published it19:29
ayoungI was running in /opt/stack/keystone19:29
kmallocIt wasn't kept up like my unit test one.19:29
ayoungI have a running mariadb instance19:29
kmallocIn the container?19:29
ayoungin a separate container19:29
kmallocThe /opt/stack19:29
kmallocPart19:29
ayounghttp://adam.younglogic.com/2017/01/connecting-net-maria-docker/19:29
kmallocRight.19:29
ayoungMy old setup was:19:30
ayounghttp://adam.younglogic.com/2017/01/functional-keystone-docker/19:30
kmallocI can't read it right now easily19:30
kmallocOn mobile. Looking though.19:30
ayoungI appreciate the "right now" as it implies that at some point you could read my stuff easily.  You are too kind19:30
kmallocHaha just hard to read mobile blogy things19:31
ayoungI use the mobile plugin and everything!19:31
kmallocSo, the goal is a docker compose and a published loci or otherwise setup container19:32
kmallocNah, it is this phone19:32
kmallocHaving slow loading.19:32
ayoungand I just filled up my root fs19:33
kmallocUltimately, I want the default unit test cases for folks to use is a docker setup like this. (officially recommended)19:33
kmallocSo we can easily test diff distros19:34
kmallocI also want a docker compose to standup a clean keystone consistently19:34
ayoungWhat is your plan for Database?  External container, or spun up with Keystone?19:35
*** jmlowe has quit IRC19:48
ayoungkmalloc, so Fedora installer decided I needed 400GiB for /home and only 50 for /  and guess where I am running out of disk space on a 1/2 T Drive?19:48
* ayoung looks into shrinking a partition. again19:48
*** jmlowe has joined #openstack-keystone19:50
*** ayoung has quit IRC19:51
lbragstadthanks for the review on context objects gagehugo20:01
gagehugolbragstad: :) I'll try to go up the chain20:02
lbragstadthey are all pretty cookie cutter20:02
lbragstadbut ping me if you have questions20:02
gagehugowill do20:02
*** jrist has quit IRC20:22
gagehugolbragstad: dumb question, but in https://review.openstack.org/#/c/620156/1 we are deprecating RULE_ADMIN_REQUIRED for role:reader correct?20:30
gagehugonot the actual policy mapping, only the check_str20:32
*** imacdonn has quit IRC20:37
*** imacdonn has joined #openstack-keystone20:37
*** jmlowe has quit IRC20:45
openstackgerritMerged openstack/keystone master: Pass context objects to policy enforcement  https://review.openstack.org/60553920:52
openstackgerritGage Hugo proposed openstack/keystone master: Move to password validation schema  https://review.openstack.org/61429420:58
*** erus has quit IRC21:14
*** raildo has quit IRC21:14
*** jrist has joined #openstack-keystone21:15
*** erus has joined #openstack-keystone21:15
nsmedsHey guys, is there any known differences in performance comparing Domains w/ projects vs Projects w/ subprojects? Say when you're getting into the thousands of each. Or should it be similar?21:18
nsmedsI'm imaging it makes no difference and is just decision about how you want things organised21:18
*** imacdonn has quit IRC21:20
*** imacdonn has joined #openstack-keystone21:24
openstackgerritGage Hugo proposed openstack/keystone master: Clarify docstrings for domain flask refactor  https://review.openstack.org/62040921:26
*** jmlowe has joined #openstack-keystone21:33
*** xek_ has quit IRC21:35
*** pcaruana has quit IRC21:46
*** shrasool has quit IRC21:55
openstackgerritMerged openstack/keystone master: Bump sqlalchemy minimum version to 1.1.0  https://review.openstack.org/61383021:56
*** erus has quit IRC22:06
*** erus has joined #openstack-keystone22:12
*** erus has quit IRC22:15
*** shrasool has joined #openstack-keystone22:28
*** erus has joined #openstack-keystone22:37
*** shrasool has quit IRC22:39
*** erus has quit IRC22:39
*** shrasool has joined #openstack-keystone22:46
*** shrasool has quit IRC22:46
openstackgerritMerged openstack/keystonemiddleware master: Add py36 tox environment  https://review.openstack.org/61584322:55
*** rcernin has joined #openstack-keystone22:57
*** adriant has quit IRC23:07
*** adriant has joined #openstack-keystone23:15
openstackgerritGage Hugo proposed openstack/keystone master: [WIP] Add functional testing gate  https://review.openstack.org/53101423:27
openstackgerritGage Hugo proposed openstack/keystone master: [WIP] Add functional testing gate  https://review.openstack.org/53101423:32
openstackgerritGage Hugo proposed openstack/keystone master: [WIP] Add functional testing gate  https://review.openstack.org/53101423:41
*** jhesketh_ is now known as jhesketh23:51
« Monday, 2018-11-26 Index Wednesday, 2018-11-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!