Thursday, 2019-01-17

« Wednesday, 2019-01-16 Index Friday, 2019-01-18 »
*** dave-mccowan has quit IRC00:49
*** dave-mccowan has joined #openstack-keystone00:51
*** dave-mccowan has quit IRC01:15
openstackgerritMerged openstack/keystone master: Allow domain users to access the GET domain API  https://review.openstack.org/60585101:30
*** whoami-rajat has joined #openstack-keystone01:32
openstackgerritAdrian Turjak proposed openstack/keystone master: bump Keystone version for Stein  https://review.openstack.org/63136901:43
openstackgerritAdrian Turjak proposed openstack/keystone master: Add documentation for Auth Receipts and MFA  https://review.openstack.org/58053501:43
*** ileixe has joined #openstack-keystone01:53
*** tkajinam has joined #openstack-keystone02:02
*** Dinesh_Bhor has joined #openstack-keystone02:02
*** tkajinam is now known as kajinamit02:04
*** kajinamit is now known as tkajinam02:05
*** adriant has quit IRC02:17
*** etp has quit IRC02:19
*** adriant has joined #openstack-keystone02:20
*** etp has joined #openstack-keystone02:21
*** erus has quit IRC02:34
*** jenglisch has quit IRC02:35
*** chason_ has joined #openstack-keystone02:37
*** lifeless has quit IRC02:40
*** lifeless has joined #openstack-keystone02:41
*** erus has joined #openstack-keystone02:45
*** chason has quit IRC02:46
*** Krenair has quit IRC02:46
*** odyssey4me has quit IRC02:46
*** DinaBelova has quit IRC02:46
*** larsks has quit IRC02:46
*** freerunner has joined #openstack-keystone02:46
*** mhen has quit IRC02:49
*** mhen has joined #openstack-keystone02:51
*** larsks has joined #openstack-keystone02:58
*** Krenair has joined #openstack-keystone03:03
*** itlinux_ has joined #openstack-keystone04:10
*** itlinux has quit IRC04:13
*** lifeless has quit IRC04:30
*** zzzeek has quit IRC04:48
*** zzzeek has joined #openstack-keystone04:48
*** rcernin has quit IRC05:05
*** rcernin has joined #openstack-keystone05:07
*** jaosorior has joined #openstack-keystone05:15
*** tkajinam has quit IRC05:23
*** shyamb has joined #openstack-keystone05:24
*** tkajinam has joined #openstack-keystone05:25
*** shyamb has quit IRC05:34
*** Dinesh_Bhor has quit IRC05:47
*** lifeless has joined #openstack-keystone05:51
*** shyamb has joined #openstack-keystone05:51
*** Dinesh_Bhor has joined #openstack-keystone05:55
*** tkajinam has quit IRC06:00
*** shyamb has quit IRC06:10
*** shyamb has joined #openstack-keystone06:16
*** tkajinam has joined #openstack-keystone06:17
*** tkajinam has quit IRC06:22
*** vishakha has joined #openstack-keystone06:30
*** tkajinam has joined #openstack-keystone06:46
*** tkajinam_ has joined #openstack-keystone06:55
*** tkajinam has quit IRC06:57
*** shyamb has quit IRC07:10
*** shyamb has joined #openstack-keystone07:10
*** threestrands has quit IRC07:17
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add openstack_groups to assertion  https://review.openstack.org/58821107:18
*** rcernin has quit IRC07:20
*** pcaruana has joined #openstack-keystone07:36
*** shyamb has quit IRC07:52
*** yan0s has quit IRC08:19
*** yan0s has joined #openstack-keystone08:20
yan0show do I associate a quota class with a user?08:23
*** jenglisch_ has joined #openstack-keystone08:29
*** xek has joined #openstack-keystone08:39
*** shyamb has joined #openstack-keystone08:52
*** Dinesh_Bhor has quit IRC08:53
*** Dinesh_Bhor has joined #openstack-keystone08:54
*** ileixe has quit IRC08:57
*** david-lyle has joined #openstack-keystone09:16
*** dklyle has quit IRC09:19
*** david-lyle has quit IRC09:29
*** dklyle has joined #openstack-keystone09:32
*** shyamb has quit IRC09:33
*** shyamb has joined #openstack-keystone09:33
*** odyssey4me has joined #openstack-keystone09:44
*** david-lyle has joined #openstack-keystone09:49
*** dklyle has quit IRC09:51
*** david-lyle has quit IRC09:56
*** dklyle has joined #openstack-keystone10:00
*** shyamb has quit IRC10:02
*** shyamb has joined #openstack-keystone10:10
*** shyamb has quit IRC10:22
*** erus has quit IRC10:26
*** erus has joined #openstack-keystone10:26
*** erus has quit IRC10:34
*** niceplace has quit IRC10:40
*** erus has joined #openstack-keystone10:41
*** niceplace has joined #openstack-keystone10:41
*** erus has quit IRC10:49
*** odyssey4me has quit IRC10:49
*** Dinesh_Bhor has quit IRC10:53
*** erus has joined #openstack-keystone11:00
*** shyamb has joined #openstack-keystone11:13
*** shyamb has quit IRC11:30
*** shyamb has joined #openstack-keystone11:31
*** erus has quit IRC12:32
*** erus_ has joined #openstack-keystone12:36
*** erus has joined #openstack-keystone12:37
*** irclogbot_1 has quit IRC12:48
*** irclogbot_1 has joined #openstack-keystone12:58
*** mvkr has quit IRC13:00
*** yan0s has quit IRC13:04
*** irclogbot_1 has quit IRC13:13
*** shyamb has quit IRC13:22
*** edmondsw_ has joined #openstack-keystone13:27
*** irclogbot_1 has joined #openstack-keystone13:29
*** edmondsw has quit IRC13:29
*** edmondsw_ is now known as edmondsw13:29
*** yan0s has joined #openstack-keystone13:30
*** irclogbot_1 has quit IRC13:35
*** GregWaines has joined #openstack-keystone13:40
*** mvkr has joined #openstack-keystone13:42
*** irclogbot_1 has joined #openstack-keystone13:49
*** yan0s has quit IRC14:16
*** yan0s has joined #openstack-keystone14:36
*** efried has quit IRC14:52
aninglbragstad:  A while ago we talked about predictable user IDs. Do we have a clear view of what would be in Stein? nonlocal (ldap) users, sql users, and projects?15:05
lbragstadaning i'm not sure - ayoung was driving that work i believe, but i haven't heard from him in a while15:06
*** GregWaines has quit IRC15:08
aninglbragstad: Will it be eventually covered in release notes? And when will the release note be available (for Stein specifically)?15:08
*** tkajinam__ has joined #openstack-keystone15:11
lbragstadrelease notes for keystone can be found here - https://docs.openstack.org/releasenotes/keystone/ and yeah, features are included in those notes15:11
lbragstadthe official notes for stein will be published once we cut siten15:12
lbragstadstein*15:12
lbragstadunreleased notes (which will be available for stein) are here - https://docs.openstack.org/releasenotes/keystone/unreleased.html15:13
lbragstad^ but that isn't set in stone until we cut the release15:13
*** tkajinam_ has quit IRC15:13
aninglbragstad: ok thx15:16
lbragstadyep15:17
*** erus_ has quit IRC15:29
*** jmlowe has quit IRC15:47
*** mvkr has quit IRC15:53
*** jaosorior has quit IRC15:56
*** tkajinam_ has joined #openstack-keystone15:58
*** tkajinam__ has quit IRC16:01
*** xek has quit IRC16:03
*** xek has joined #openstack-keystone16:03
*** efried has joined #openstack-keystone16:05
*** yan0s has quit IRC16:10
*** erus has quit IRC16:13
*** erus has joined #openstack-keystone16:16
openstackgerritIslam Musleh proposed openstack/keystone master: Converting the API tests to use flask's test_client  https://review.openstack.org/63030116:16
*** itlinux_ has quit IRC16:41
*** erus has quit IRC17:12
*** erus has joined #openstack-keystone17:13
*** erus has quit IRC17:35
*** erus has joined #openstack-keystone17:46
*** jmlowe has joined #openstack-keystone19:22
*** mchlumsky has quit IRC19:41
*** mchlumsky has joined #openstack-keystone19:43
*** ayoung has joined #openstack-keystone19:49
ayoungOK, everyone watch out.   I've been thinking again.19:49
ayoungWhat if we gave everyone their own Auth URL?19:49
ayoungLike,  the users Auth URL was different for everyone, and that way you could completely swap out the whole openstack implementation on them?19:50
ayoungthe impetus is the problems some people have with upgrades, and also the number of small OpenStack deployments I am seeing out there.19:50
ayoungSo...say you are running Rocky and want to move to Stein19:54
ayoungand you have 100 users.  Say you bring up a brand new stein cluster on a subset of your hardward, and want to move people over.  If each of those 100 users had their own Auth URL, you could use DNS to determine whether they were pointing to rocky or stein19:55
ayoungnow, you might say "but all their resources are on rocky, what will they do on stein?"19:56
ayoungYou could migrate those resources for them19:56
ayoungOr, if they are ephemeral, tear them down one night, move them to the new cloud, and let them build them back up.19:57
ayoungYou could externalize the workload so that that the systemn doesn't matter.19:58
clarkbas a user, how would you know your url? And is that any simpler than running new control plane against existing keystone? then upgrade keystone first or last depending on what is easiest for you19:58
ayoungnow...It makes sense to me to split Keystone from Nova/Glance/Cinder/Neutron for this.19:58
ayoungclarkb, that is kindof where I am headed19:58
clarkb(keystone is a straightforward upgrade iirc)19:58
ayoungright, so the reality is you would want to give people a different service catalog instead19:59
ayoungand have the same keystone server while you upgrade Nova, etc19:59
ayoungor rather, migrate people from one catalog set to another19:59
ayoungWith Tripleo, we've turned the microservices into a monolith.  I'd like to reverse that20:00
ayoungclarkb, there is also the need to link Keystones together, in a start/hub type configurations for scale out and distributed deployments.20:01
ayoungyou could give people an AUTH URL on the central hub, and once they pick a region, change DNS so that the Auth URL points to the regional Keystone20:01
ayoungclarkb, as for your first question, I think it would be based on your federated Identity username20:02
ayounglike, for me, I could have an Auth URL of https://ayoung.keystone.provider.net/20:02
ayoungAnd we'd do DNS trickery to convert from doing K2K from the central hub to an optimized call on the remote hub20:03
clarkbgotcha so deterministic (as a user that is important as one of the hardest parts of using the client tooling or sdks (or apis directly) is simply figuring out what your account domain and auth url are20:03
ayoungclarkb, yeah, I think so20:03
ayoungIt also to take Federated Identity into account, so you could have a wildcard DNS for anyone that catches all the non specified ones20:04
ayoungWe could do lots of things...per project Auth URLS, for example20:05
ayoungit would let you link a project to a specific set of endpoints by sending you to the right Keystone server for that project20:05
ayoungWe've seen a lot of cases where a customer runs is 20+ distinct OpenStack deployments20:06
ayoungand before I tell them "that is crazy" I want to have a better approach that I can lay out forthem20:07
*** pcaruana has quit IRC20:09
*** irclogbot_1 has quit IRC20:38
*** irclogbot_1 has joined #openstack-keystone20:52
*** openstackgerrit has quit IRC20:56
*** erus has quit IRC20:59
*** erus has joined #openstack-keystone21:09
*** jmlowe has quit IRC21:19
*** xek has quit IRC21:26
*** efried has quit IRC21:34
*** efried has joined #openstack-keystone21:38
*** itlinux has joined #openstack-keystone21:39
*** jmlowe has joined #openstack-keystone21:41
*** erus has quit IRC21:45
*** erus has joined #openstack-keystone21:45
*** rcernin has joined #openstack-keystone22:02
*** imacdonn has quit IRC22:07
*** imacdonn has joined #openstack-keystone22:07
*** imus has quit IRC22:10
jamielennoxi think you confuse the user experience too much, particularly the way keystone works i'd expect that you want one keystone and then different versions of nova etc throughout the system22:17
jamielennoxalready because of the multiple deployments problem you have to specify where to go to do your initial handshake that makes openstack harder than other clouds - something i always hoped the DNS discover would solve22:17
jamielennoxit also feels like you are now providing your username via path22:20
*** efried has quit IRC22:21
*** mvkr has joined #openstack-keystone22:23
*** mvkr has quit IRC22:36
*** itlinux has quit IRC22:49
*** sapd1_ has joined #openstack-keystone22:57
*** sapd1 has quit IRC23:01
*** erus has quit IRC23:17
*** erus has joined #openstack-keystone23:18
*** openstackgerrit has joined #openstack-keystone23:54
openstackgerritMerged openstack/keystone master: Add tests for project users interacting with registered limits  https://review.openstack.org/62101823:54
openstackgerritMerged openstack/keystone master: Remove registered limit policies from policy.v3cloudsample.json  https://review.openstack.org/62101923:54
*** mchlumsky has quit IRC23:57
« Wednesday, 2019-01-16 Index Friday, 2019-01-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!