Monday, 2019-03-11

« Sunday, 2019-03-10 Index Tuesday, 2019-03-12 »
*** erus has quit IRC00:17
*** jamesmcarthur has joined #openstack-keystone01:41
*** jamesmcarthur has quit IRC01:48
*** whoami-rajat has joined #openstack-keystone03:07
*** jamesmcarthur has joined #openstack-keystone03:39
*** jamesmcarthur has quit IRC04:32
openstackgerritMerged openstack/keystone master: Add manager for access rules config  https://review.openstack.org/63743605:37
openstackgerritMerged openstack/keystone master: Add a permissive mode for access rules config  https://review.openstack.org/63743805:39
*** jaosorior has joined #openstack-keystone05:52
openstackgerritMerged openstack/keystone master: Add SQL migrations for app cred access rules  https://review.openstack.org/63193606:00
openstackgerritMerged openstack/keystone master: Add driver support for app cred access rules  https://review.openstack.org/63193706:00
*** phasespace has quit IRC06:57
*** pcaruana has joined #openstack-keystone07:00
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement domain reader for role_assignments  https://review.openstack.org/63858707:02
*** rcernin has quit IRC07:03
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement domain reader for role_assignments  https://review.openstack.org/63858707:30
*** xek has joined #openstack-keystone08:14
*** tkajinam has quit IRC08:17
*** dmellado has quit IRC08:20
*** needssleep has quit IRC09:01
*** awalende has joined #openstack-keystone09:23
*** dmellado_ has joined #openstack-keystone11:04
*** dmellado_ is now known as dmellado11:05
openstackgerritVishakha Agarwal proposed openstack/keystone master: WIP : Implement system reader for grant API  https://review.openstack.org/64242111:21
*** dave-mccowan has joined #openstack-keystone11:22
*** dave-mccowan has quit IRC11:42
*** edmondsw has joined #openstack-keystone11:47
*** raildo has joined #openstack-keystone11:48
*** markvoelker has quit IRC12:14
*** mchlumsky has quit IRC12:40
*** mchlumsky has joined #openstack-keystone12:42
*** mpasserini has joined #openstack-keystone12:44
mpasseriniHi, I tried activating policy.v3cloudsample.json but it does not seem to work for me… I noticied that if I run "oslopolicy-policy-generator --namespace keystone" as root I see the new policy…  but if I run it as a normal user I see the default policy12:45
mpasseriniany idea why this happens?12:45
*** jamesmcarthur has joined #openstack-keystone12:48
*** efried has joined #openstack-keystone13:16
efriedo/13:16
efriedCan I please get a consult on https://review.openstack.org/#/c/642410/ ?13:16
efriedI want to make sure it makes semantic sense before I start quibbling with the grammar.13:16
openstackgerritPavlo Shchelokovskyy proposed openstack/keystone master: Add hint for order of keys during distribution  https://review.openstack.org/63839713:18
mpasseriniI'm reading https://bugs.launchpad.net/keystone/+bug/1783659 , are domains in Keystone working at all? It looks like we can't delegate domain_admin roles to somebody13:25
openstackLaunchpad bug 968696 in OpenStack Identity (keystone) "duplicate for #1783659 "admin"-ness not properly scoped" [High,In progress] - Assigned to Lance Bragstad (lbragstad)13:25
*** jamesmcarthur has quit IRC13:30
*** jamesmcarthur has joined #openstack-keystone13:31
*** lbragstad has joined #openstack-keystone13:35
*** ChanServ sets mode: +o lbragstad13:35
*** jamesmcarthur has quit IRC13:36
*** beekneemech is now known as bnemec13:43
*** jamesmcarthur has joined #openstack-keystone13:45
*** jamesmcarthur_ has joined #openstack-keystone13:49
*** jamesmcarthur has quit IRC13:53
*** efried has quit IRC13:57
*** erus has joined #openstack-keystone14:08
eruso/14:09
cmurphympasserini: depends on what you mean by working, the bug of admin-ness-everywhere still applies with the default policies but you can customize your policies to avoid it14:19
cmurphyhmm efried disappeared14:19
*** dave-mccowan has joined #openstack-keystone14:20
mpasserinicmurphy, by default policy do you mean policy.v3cloudsample.json ?14:23
cmurphympasserini: no, that policy is not the default, it's an example of a way to customize it14:24
mpasseriniok, so I tried using policy.v3cloudsample.json and admin could see everything..14:25
mpasseriniboth in his domain, but also in domains he didn't belong to14:25
knikollao/14:34
gagehugoo/14:35
eruso/14:37
lbragstadmpasserini unfortunately, the policy.v3cloudsample.json file isn't officially supported and isn't tested as extensively as the default policies in code14:40
*** awalende has quit IRC14:49
*** FlorianFa has joined #openstack-keystone14:50
*** FlorianFa has quit IRC14:52
*** FlorianFa has joined #openstack-keystone14:52
mpasseriniok :(14:53
lbragstadmpasserini what release are you using?14:55
mpasseriniQueens14:55
lbragstadok14:55
lbragstadwell, for what it's worth, we're working on efforts, starting in Stein, to improve the defaults, increase testing, and remove policies from policy.v3cloudsample.json14:56
lbragstadhttp://lists.openstack.org/pipermail/openstack-discuss/2019-March/003552.html is a summary of that work14:58
*** vishakha has quit IRC15:25
kmalloco/15:29
knikolladst got me needing more coffee15:30
*** vishakha has joined #openstack-keystone15:33
vishakhalbragstad: Hello. For https://review.openstack.org/#/c/638587/ I added a patch in tempest https://review.openstack.org/#/c/641959/. pl have a look.15:36
lbragstadvishakha awesome - i'll take a look today15:36
vishakhalbragstad: thanks a lot15:37
lbragstadno problem - thanks for writing the patches15:37
*** jamesmcarthur_ has quit IRC15:38
*** jamesmcarthur has joined #openstack-keystone15:38
openstackgerritColleen Murphy proposed openstack/keystone master: Remove publish-loci post job  https://review.openstack.org/64250215:48
cmurphywould appreciate quick reviews on that ^ we need it so that we can update our rpms15:48
lbragstaddone - i'll watch for zuul and +W15:55
vishakhalbragstad:  Also I started over grant API but facing some issues writing the test cases https://review.openstack.org/#/c/642421/1/keystone/tests/unit/protection/v3/test_grant.py.  I  was taking the reference of Api-ref document for the rest api calls . https://developer.openstack.org/api-ref/identity/v3/?expanded=check-user-for-a-system-role-assignment-detail#check-user-for-a-system-role-assignment.  But when15:55
vishakhausing head getting some strange error.15:55
cmurphylbragstad: you know you can +W and if zuul doesn't like it it won't merge it?15:56
lbragstadcmurphy yeah - i got my hand slapped for doing that a long time ago, but that was also a long time ago15:56
*** jamesmcarthur has quit IRC15:57
*** jamesmcarthur has joined #openstack-keystone15:57
lbragstadvishakha i assume https://review.openstack.org/#/c/642421/1/keystone/tests/unit/protection/v3/test_grant.py@56 makes the error repeatable?15:57
lbragstadcmurphy my hesitation/FUD probably isn't relevant anymore15:58
cmurphyi think zuul was always designed to prevent merging if it didn't pass ci15:58
lbragstadtrue - when i was advised to not do that was when we were still using Jenkins15:59
cmurphyah15:59
vishakhalbragstad: it is showing assertion error - I AM A TEAPOT (418)15:59
lbragstadlol15:59
*** jamesmcarthur has quit IRC16:00
vishakha:)16:00
lbragstadvishakha commented16:01
*** jamesmcarthur has joined #openstack-keystone16:01
vishakhathanks for the quick comment16:01
vishakhalbragstad:  it worked16:02
lbragstadno more 418?16:03
vishakhayes16:03
lbragstad++16:03
*** erus has quit IRC16:15
*** erus has joined #openstack-keystone16:18
*** pcaruana has quit IRC16:23
*** pcaruana has joined #openstack-keystone16:23
kmallocHmm16:36
kmallocThe teapot error saves us again from a broken test!16:37
lbragstadbroken teapots are the worst16:42
*** nsmeds has left #openstack-keystone16:45
*** gyee has joined #openstack-keystone16:46
*** kklimonda_ has quit IRC17:14
*** kklimonda has joined #openstack-keystone17:14
hrybackikmalloc: o/17:35
hrybackiwhat happens in KSM if a memcached instance disappears?17:35
hrybacki(assuming you have caching enabled and using memcached per norm)17:36
kmallocin theory, the memcache instance is failed out and causes a minimal amount of slow down.17:38
kmallocand the caching is always a cache miss17:38
kmallocif you have multiple servers, then the cache is rebalanced via a hash17:38
kmallocand the previously cached data is a miss, new data is placed in the current servers. if the server comes back in, the hash rebalance probably causes some misses17:39
hrybackilet's say we only have a single memcached server running, it goes down, and is taking minutes (for whatever reason) to come back up17:40
hrybackiis this going to hold everything up or is ksm going to ignore it after X failed set/gets?17:40
*** jamesmcarthur has quit IRC17:40
kmallocshould ignore if memcache(d) interface is written correctly17:40
kmallocafter a nominal timeout17:41
*** jamesmcarthur has joined #openstack-keystone17:41
kmallocin  the past we had a big delay.17:41
kmallocbut that was bug related.17:41
hrybackihmm. it's a good thing tripleo doesn't make this more complicated /s17:42
*** jamesmcarthur has quit IRC17:45
lbragstadi'm not sure if people here have a strong preference for gathering around tables with food - but i added some ideas to the etherpad https://etherpad.openstack.org/p/DEN-keystone-forum-sessions17:50
*** jamesmcarthur has joined #openstack-keystone18:20
*** jamesmcarthur has quit IRC18:26
*** jamesmcarthur has joined #openstack-keystone18:47
*** raildo has quit IRC19:16
*** raildo has joined #openstack-keystone19:16
*** raildo_ has joined #openstack-keystone19:18
*** raildo has quit IRC19:21
*** xek has quit IRC19:23
*** xek has joined #openstack-keystone19:23
*** xek has quit IRC19:43
*** xek has joined #openstack-keystone19:43
*** itlinux has joined #openstack-keystone20:30
*** itlinux has quit IRC20:34
*** vishakha has quit IRC20:45
*** phasespace has joined #openstack-keystone20:55
*** jamesmcarthur has quit IRC20:56
*** itlinux has joined #openstack-keystone20:56
*** erus has quit IRC21:14
*** raildo_ has quit IRC21:17
*** xek has quit IRC21:18
*** whoami-rajat has quit IRC21:25
*** dave-mccowan has quit IRC21:36
*** pcaruana has quit IRC21:45
*** itlinux has quit IRC21:55
*** lbragstad has quit IRC22:40
*** lbragstad has joined #openstack-keystone22:43
*** ChanServ sets mode: +o lbragstad22:43
*** threestrands has joined #openstack-keystone22:50
*** tkajinam has joined #openstack-keystone22:56
*** TheJulia has joined #openstack-keystone23:00
openstackgerritMerged openstack/keystone master: Remove publish-loci post job  https://review.openstack.org/64250223:22
*** threestrands has quit IRC23:45
« Sunday, 2019-03-10 Index Tuesday, 2019-03-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!