Tuesday, 2019-04-02

« Monday, 2019-04-01 Index Wednesday, 2019-04-03 »
*** timburke has joined #openstack-keystone00:00
*** jamesmcarthur has joined #openstack-keystone00:01
*** erus has quit IRC00:07
*** erus has joined #openstack-keystone00:08
*** erus has quit IRC00:13
*** erus has joined #openstack-keystone00:14
*** jamesmcarthur has quit IRC00:31
*** jamesmcarthur has joined #openstack-keystone00:54
*** markvoelker has joined #openstack-keystone00:55
*** jamesmcarthur has quit IRC00:58
*** jamesmcarthur has joined #openstack-keystone01:27
*** erus has quit IRC01:27
*** erus has joined #openstack-keystone01:28
*** whoami-rajat has joined #openstack-keystone01:31
*** jamesmcarthur has quit IRC01:34
*** lbragstad has joined #openstack-keystone02:02
*** ChanServ sets mode: +o lbragstad02:02
*** rcernin_ has joined #openstack-keystone02:05
*** rcernin has quit IRC02:06
*** rcernin_ has quit IRC02:12
*** rcernin has joined #openstack-keystone02:15
*** jamesmcarthur has joined #openstack-keystone02:44
*** prometheanfire has joined #openstack-keystone02:58
prometheanfireWerkzeug===0.15.1 breaks keystone it looks like02:58
gagehugouh oh02:59
prometheanfiremaster03:01
prometheanfireand reqs caught it, just an fyi03:01
*** jamesmcarthur has quit IRC03:04
*** phasespace has quit IRC03:14
*** samueldmq has quit IRC03:15
*** openstackgerrit has joined #openstack-keystone03:22
openstackgerritayoung proposed openstack/keystone master: Allow an explicit_domain_id parameter when creating a domain  https://review.openstack.org/60523503:22
*** spsurya has joined #openstack-keystone03:31
*** jamesmcarthur has joined #openstack-keystone03:56
*** jamesmcarthur has quit IRC03:59
*** jamesmcarthur has joined #openstack-keystone04:01
*** jamesmcarthur has quit IRC04:05
*** jamesmcarthur has joined #openstack-keystone04:08
*** jamesmcarthur has quit IRC04:08
*** jamesmcarthur has joined #openstack-keystone04:08
*** jamesmcarthur has quit IRC04:17
*** jamesmcarthur has joined #openstack-keystone04:18
*** jamesmcarthur has quit IRC04:25
*** jamesmcarthur_ has joined #openstack-keystone04:26
*** jamesmcarthur_ has quit IRC04:39
*** jamesmcarthur has joined #openstack-keystone04:40
*** erus has quit IRC04:40
*** erus has joined #openstack-keystone04:41
*** jamesmcarthur has quit IRC04:46
*** ileixe has joined #openstack-keystone04:55
*** adriant has quit IRC05:07
*** adriant has joined #openstack-keystone05:08
*** shyamb has joined #openstack-keystone05:16
*** lbragstad has quit IRC05:33
*** pcaruana has joined #openstack-keystone05:35
*** shyamb has quit IRC05:38
*** jamesmcarthur has joined #openstack-keystone05:41
*** jamesmcarthur has quit IRC05:46
*** jamesmcarthur has joined #openstack-keystone05:57
*** markvoelker has quit IRC05:58
*** jamesmcarthur has quit IRC06:01
*** shyamb has joined #openstack-keystone06:07
*** openstackgerrit has quit IRC06:09
*** jamesmcarthur has joined #openstack-keystone06:28
*** markvoelker has joined #openstack-keystone06:29
*** awalende has joined #openstack-keystone07:11
*** erus has quit IRC07:13
*** erus has joined #openstack-keystone07:14
ileixeHello, guys.07:19
ileixeIt's quite old bp though, anyone know the current status of the bp 'https://specs.openstack.org/openstack/keystone-specs/specs/juno/hierarchical_multitenancy.html'?07:20
*** yan0s has joined #openstack-keystone07:34
*** shyamb has quit IRC07:48
*** shyamb has joined #openstack-keystone07:48
*** tkajinam has quit IRC08:21
*** xek has joined #openstack-keystone08:30
*** shyamb has quit IRC08:33
*** erus has quit IRC08:33
*** erus has joined #openstack-keystone08:34
*** erus has quit IRC09:05
*** erus has joined #openstack-keystone09:05
*** rcernin has quit IRC09:11
*** erus has quit IRC09:20
*** erus has joined #openstack-keystone09:21
*** erus has quit IRC09:36
*** erus has joined #openstack-keystone09:36
*** erus has quit IRC09:43
*** erus has joined #openstack-keystone09:44
*** shyamb has joined #openstack-keystone09:50
*** erus has quit IRC09:55
*** erus has joined #openstack-keystone09:56
*** zigo has joined #openstack-keystone09:59
*** erus has quit IRC10:21
*** erus has joined #openstack-keystone10:21
*** shyamb has quit IRC11:50
*** shyamb has joined #openstack-keystone11:50
*** phasespace has joined #openstack-keystone11:54
*** jamesmcarthur has quit IRC12:23
*** jamesmcarthur has joined #openstack-keystone12:23
*** markvoelker has quit IRC12:25
*** markvoelker has joined #openstack-keystone12:25
*** shyamb has quit IRC12:27
*** shyamb has joined #openstack-keystone12:28
cmurphymorning o/12:28
cmurphyileixe: that's implemented in keystone, but other projects don't really take advantage of it yet. we're working on managing quota for hierarchical projects.12:29
*** jamesmcarthur has quit IRC12:33
*** jmlowe has quit IRC12:34
*** jamesmcarthur has joined #openstack-keystone12:35
*** jamesmcarthur has quit IRC12:40
*** jamesmcarthur has joined #openstack-keystone12:44
*** shyamb has quit IRC12:46
*** raildo has joined #openstack-keystone12:59
*** StefanPaetowJisc has joined #openstack-keystone13:00
*** StefanPaetowJisc has quit IRC13:04
*** StefanPaetowJisc has joined #openstack-keystone13:05
*** erus has quit IRC13:05
*** erus has joined #openstack-keystone13:06
*** StefanPaetowJisc has quit IRC13:07
*** StefanPaetowJisc has joined #openstack-keystone13:12
*** StefanPaetowJisc is now known as StefanPaetow213:12
*** StefanPaetow2 is now known as StefanPaetowJisc13:12
gagehugoo/13:14
*** StefanPaetowJisc has joined #openstack-keystone13:14
*** lbragstad has joined #openstack-keystone13:22
*** ChanServ sets mode: +o lbragstad13:22
*** trident has quit IRC13:30
*** trident has joined #openstack-keystone13:33
*** awalende has quit IRC13:37
*** awalende has joined #openstack-keystone13:37
*** erus has quit IRC13:37
*** erus has joined #openstack-keystone13:38
*** awalende has quit IRC13:42
*** openstackgerrit has joined #openstack-keystone13:44
openstackgerritStephen Finucane proposed openstack/oslo.policy master: Follow the new PTI for document build  https://review.openstack.org/54908813:44
lbragstadhttps://etherpad.openstack.org/p/keystone-stein-rc2-tracking is getting pretty short13:54
cmurphysomeone help me with my timezone/dst math, meeting is in two hours?14:08
lbragstadcorrect14:10
*** erus has quit IRC14:10
lbragstad0900 - 1000 PT iirc14:10
*** erus has joined #openstack-keystone14:11
*** StefanPaetowJisc has quit IRC14:12
cmurphycool14:12
*** StefanPaetowJisc has joined #openstack-keystone14:13
*** StefanPaetowJisc has quit IRC14:16
*** erus has quit IRC14:16
*** erus has joined #openstack-keystone14:17
*** shyamb has joined #openstack-keystone14:20
openstackgerritRaildo Mascena proposed openstack/keystone master: [WIP]Fixing dn_to_id function for cases were id it's not in the DN  https://review.openstack.org/64917714:24
lbragstadi back ported the last patch we were hoping to land for stein14:32
lbragstadhttps://etherpad.openstack.org/p/keystone-stein-rc2-tracking should be up-to-date14:32
gagehugoack14:33
*** shyamb has quit IRC14:34
*** shyamb has joined #openstack-keystone14:34
lbragstadwe have to merge 622589 (master) -> 649297 (stable/stein) -> 649344 (stable/stein)14:35
*** erus has quit IRC14:35
*** shyamb has quit IRC14:35
cmurphylbragstad: do all of the policies removed in 622589 have corresponding system/domain-scope/reader role updates?14:35
lbragstad622589 and 649297 could be gated in parallel though14:35
*** erus has joined #openstack-keystone14:35
lbragstadno - they are just redundant with the current defaults in code14:35
cmurphyoh because they are all just "rule:admin_required"14:36
lbragstadany remaining scope type work or default role work should be tracked in bug report for the resource14:36
lbragstadyep - exactly14:36
cmurphyhrm but some of them are actually rule:cloud_admin14:37
lbragstadfwiw - we could have landed a patch to the policy.v3cloudsample.json file back in pike when we implemented policy in code to clean up all of those duplicate policies, but we never did14:37
cmurphy"identity:create_policy_association_for_endpoint": "rule:cloud_admin",14:37
lbragstadhm14:38
lbragstadweird - https://pasted.tech/pastes/9da2ae9475d9d03bd5f8e461702db59ff44b9989.raw14:40
cmurphythat doesn't match up with what's in https://review.openstack.org/#/c/622589/5/etc/policy.v3cloudsample.json14:41
lbragstadnope - it doesn't14:41
lbragstadi wonder if i had a bad copy/paste?14:41
gagehugohmm14:43
*** shyamb has joined #openstack-keystone14:43
*** ileixe has quit IRC14:57
*** yan0s has quit IRC15:04
*** shyamb has quit IRC15:06
*** erus has quit IRC15:06
*** shyamb has joined #openstack-keystone15:07
*** erus has joined #openstack-keystone15:07
*** vishakha has joined #openstack-keystone15:16
openstackgerritLance Bragstad proposed openstack/keystone master: DRY: Remove redundant policies from policy.v3cloudsample.json  https://review.openstack.org/62258915:17
*** jamesmcarthur has quit IRC15:24
*** jamesmcarthur has joined #openstack-keystone15:25
openstackgerritLance Bragstad proposed openstack/keystone master: DRY: Remove redundant policies from policy.v3cloudsample.json  https://review.openstack.org/62258915:38
*** erus has quit IRC15:38
*** erus has joined #openstack-keystone15:39
*** jamesmcarthur has quit IRC15:44
*** shyamb has quit IRC15:47
*** wxy| has joined #openstack-keystone15:48
knikollao/15:49
lbragstadcmurphy gagehugo ok - updated ^15:51
*** shyamb has joined #openstack-keystone15:51
lbragstadthat should be ready to go15:51
cmurphylbragstad: comment on the release note15:52
openstackgerritLance Bragstad proposed openstack/keystone master: DRY: Remove redundant policies from policy.v3cloudsample.json  https://review.openstack.org/62258915:53
lbragstadoh - good call15:53
lbragstadthanks :)15:53
cmurphylgtm15:53
gagehugolbragstad the cloud_admin ones weren't redundant correct?15:54
lbragstadcorrect - cloud_admin is specific to the policy.v3cloudsample.json file15:55
lbragstadit's just a more opinionated version of rule:admin_required15:55
lbragstadiiuc15:55
lbragstadrule:cloud_admin should eventually be replaced with system scope functionality15:56
gagehugoyeah16:00
cmurphymeeting now in #openstack-meeting-alt16:00
gagehugolbragstad: should those get/list/create policy entries still be in https://review.openstack.org/#/c/622589/8/keystone/tests/unit/test_policy.py ?16:03
*** jamesmcarthur has joined #openstack-keystone16:04
*** erus has quit IRC16:06
*** erus has joined #openstack-keystone16:07
gagehugonvm16:13
*** eandersson has joined #openstack-keystone16:16
eanderssonAnyone know a common cause for "This is not a recognized Fernet token"? We have a single site seeing this quite often with mostly internal traffic16:21
*** jamesmcarthur has quit IRC16:21
eanderssonIt looks like only our monitoring software is having issues with this so far, but difficult to say.16:21
eanderssonPretty sure it started happening with the introduction of caching (memcached) in that site (was disabled by mistake before that)16:24
gagehugoeandersson: https://bugs.launchpad.net/keystone/+bug/1702230/comments/516:26
openstackLaunchpad bug 1702230 in OpenStack Identity (keystone) "fernet token fails with keystone HA" [Undecided,Invalid] - Assigned to PRAVIN (jarvisopenstack)16:26
gagehugobut also I saw a comment somewhere saying they saw the same issue before with memcache16:26
*** jamesmcarthur has joined #openstack-keystone16:27
eanderssonThe keys do look like they are replicating fine.16:28
lbragstadeandersson is the issue intermittent or consistent?16:28
eanderssonintermittent16:28
lbragstadhttps://bugs.launchpad.net/keystone/+bug/181692716:29
openstackLaunchpad bug 1816927 in openstack-ansible "Deployments with high churn are susceptible to false positives with token validation" [Undecided,Fix committed]16:29
lbragstad^ that was a crazy edge case pas-ha brought to us regarding high churn deployments16:29
lbragstadif you get a 401, and you attempt to valid the token again, does it work?16:30
eanderssonIt looks like we are getting a 404.16:30
eanderssonIt's just odd as we have many keystone deployments and this is the first one to have experienced this problem.16:31
eanderssonUnfortunately I noticed that this instance is still running Mitaka.16:31
kmallocdo you have in-memory cache enabled?16:31
kmallocalso tokens have 1 second resolution16:32
kmallocso if there is a delete/invalidate it can invalidate a larger swath16:32
kmalloci ... think this was only fixed or somewhat fixed in rocky+16:33
eanderssonin-memory cache should be disabled everywhere, everything should be powered by memcached now16:33
eandersson(which is also when we started seeing this issue)16:33
eanderssonWe basically swapped out the current config and introduced containers16:34
kmallocshared memcache?16:34
eanderssonYes16:34
kmallocok.16:34
kmallocif it wasn't shared it's as bad as in-memory16:34
eanderssonThe only difference in this env is that swift is sharing the same memcached16:34
kmallocshouldn't impact anything16:34
kmallocadding swift*16:34
eanderssonbtw we are seeing this in nova/neutron/swift, but only swift api calls are failing16:35
kmallocweird.16:35
kmallocwonder if swift is caching negative responses.16:36
eanderssonIn fact I think the calls that are failing are sharing token.16:36
kmallocodd question is there an explicit delete of the token?16:37
eanderssonnope16:37
timburkeiirc, swift lets keystonemiddleware be in charge of deciding what to cache and when, fwiw, though i can help dig into that some more16:37
kmalloctimburke: i thought so, but we also have some odd "pass a cache into ksm" logic16:37
kmallocso swift could be totally changing how the caching works.16:37
kmallocand i just am not familiar if it does.16:38
kmallocit used to be more opinionated way back when16:38
eanderssonActually it does not use the same token. Let me change that.16:39
kmalloceandersson: what is the "high churn" part, just a lot of token issuance?16:39
eanderssonSorry, we don't really have high churn in this deployment.16:40
eanderssonWe have a couple of monitor services that hit the apis every 5 minutes16:40
eanderssonand a synth monitor that creates a vm every ~10 minutes16:40
eanderssontimes 316:41
kmallocah16:41
eanderssonThat is pretty much all that happens on this deployment16:41
eanderssonIn fact this is our deployment with the lowest number of api calls16:42
*** erus has quit IRC16:42
*** shyamb has quit IRC16:43
eanderssonIn the last ~18 hours I see 228 calls to swift from one of the monitors and 91 failed.16:43
*** erus has joined #openstack-keystone16:43
kmallochow odd.16:44
kmallocmakes me wonder if something somewhere is encoding the data from the token badloy16:44
kmallocbadly*16:44
eanderssonYea - it's just odd as we have like 300 of these monitors globally, and only this one site ever has this lol16:45
kmallocthis is the only one on mitaka?16:47
*** erus has quit IRC16:49
*** erus has joined #openstack-keystone16:49
eanderssonYea, but we only recently upgraded Keystone everywhere else.16:50
kmallocsuper weird.16:51
*** jamesmcarthur_ has joined #openstack-keystone16:53
*** erus has quit IRC16:56
*** jamesmcarthur has quit IRC16:57
*** erus has joined #openstack-keystone16:57
kmallocyou might need to add some extra debugging in to see what is happening with swift and why it's different16:58
kmallocunfortunately, i just don't know what is coming out broken.16:58
*** wxy| has quit IRC17:01
*** erus has quit IRC17:02
*** erus has joined #openstack-keystone17:03
openstackgerritayoung proposed openstack/keystone master: Allow an explicit_domain_id parameter when creating a domain  https://review.openstack.org/60523517:04
ayoungcmurphy, lbragstad I had started the spec a while back https://review.openstack.org/#/c/612099/4/specs/keystone/ongoing/predictable-ids.rst17:08
*** erus has quit IRC17:10
*** erus has joined #openstack-keystone17:10
cmurphyoh good17:13
ayounglbragstad, https://refactoring.guru/pull-up-method  see how the common method exists in all the sub classes to start, and then ends up in the baseclass?  That is the geenral pattern we are going to have to do here.  But the end state is the removal of duplicated cod17:21
ayounge17:21
*** jmlowe has joined #openstack-keystone17:28
*** jamesmcarthur_ has quit IRC17:28
*** jmlowe has quit IRC17:37
*** shyamb has joined #openstack-keystone17:44
lbragstadayoung sure - i'll be nit picky here - but that pattern doesn't apply to this specific case because the functionality we're debating isn't actually implemented yet18:00
lbragstadi have a preference for hanging features off of technical debt refactors because it places a precedence on keeping code clean over implementing functionality18:01
lbragstadonce a feature is implemented, there is less of a carrot to clean things up IMO18:03
lbragstads/IMO/IME/18:06
cmurphyi think we do want to end up making this consistent across all user backends, is why i'm okay with this for now18:08
*** jmlowe has joined #openstack-keystone18:11
*** shyam89 has joined #openstack-keystone18:27
*** shyamb has quit IRC18:30
*** erus has quit IRC18:30
*** shyam89 has quit IRC18:31
*** erus has joined #openstack-keystone18:31
*** spsurya has quit IRC18:32
eanderssonkmalloc, we were using some old method to handle keystone auth with swift. I updated it to use a keystone session.18:40
eanderssonIf that does not solve it we will just enabled debug output and see what da heck is going on.18:40
eanderssonbtw for the Keystone PTG wcould we add something about managing trusts and the ops pains of trusts?18:45
kmalloccmurphy: ^18:45
kmalloci may not be at the PTG/summit18:46
kmallocbut it isn't a bad thought18:46
kmallocthough, honestly, i am going to say i hope app creds supplant trusts18:46
kmallocthey solve most of the problems18:46
eanderssonWe are heavy users of Trusts and... well they are probably our biggest pain point with Keystone at this time.18:46
kmallocright. and app creds smooth a lot of that over and largely replicate the functionality18:47
kmallocit might (if they meet the needs) be worth helping you head that direction18:47
*** prometheanfire has left #openstack-keystone18:49
eanderssonOur primary concerns are for Senlin and Magnum18:49
eanderssonWe have 3 Core Reviewers for Senlin so if that actually solves the issues we have, we can probably work on getting that implemented in Senlin at least.18:49
eanderssonThis is one of the short terms patterns we implemented... https://github.com/openstack/senlin/commit/3132c9df499c6f4bcdce19d6a2805351512d297618:50
eanderssonOr rather carried over from the Magnum project.18:50
eanderssonBut yea would be interesting to discuss the path forward from a perspective of Magnum/Senlin18:52
lbragstadgagehugo i don't think that test is failing because we do set(policy_key).difference(set(expected_policy_keys))18:52
lbragstadgagehugo which only returns the keys in policy_keys that *aren't* in expected_policy_keys18:53
lbragstadit doesn't include keys that are present in expected_policy_keys that are not in policy_keys18:54
cmurphyeandersson: kmalloc we can talk about trusts18:59
cmurphywould it be better to hash it out during the ops feedback session at the forum, or talk about it in relation to app creds at ptg, or give it its own session at the ptg?19:00
eanderssonSo we can talk from both the ops perspective, as well from the perspective as maintainers of multiple projects19:00
eanderssonSo any of those venues are fine for me19:01
*** gmann is now known as gmann_afk19:04
gagehugolbragstad hmm ok19:09
openstackgerritLance Bragstad proposed openstack/keystone master: DRY: Remove redundant policies from policy.v3cloudsample.json  https://review.openstack.org/62258919:10
lbragstadgagehugo ^19:10
lbragstadthat passes for me, but removed_policies should only include policies that have been removed from policy.v3cloudsample.json19:10
gagehugook, that's what I was expecting19:12
lbragstadbut having said that policy.v3cloudsample.json includes other policies that are not default policies at all, which is fine i think19:13
cmurphywhat's the reason it wasn't failing before?19:18
*** erus has quit IRC19:20
lbragstadbecause the test is using set(default_policy_keys).difference(set(v3_policy_keys))19:20
lbragstadi think19:20
*** erus has joined #openstack-keystone19:21
lbragstadwhich only gives the keys in default_policy_keys that aren't included in v3_policy_keys (or expected_policy_keys in the actual test)19:21
lbragstadso - i think if i were to put this more clearly..19:22
lbragstadthe test is really only testing that policy.v3cloudsample.json includes the defaults19:22
gagehugonot matching?19:23
lbragstadit doesn't make an assertion about equal sets, no19:23
lbragstadso - if a key exists in default_policy_keys but not in policy.v3cloudsample.json - the assertion will fail19:24
lbragstadbecause the test things we forgot to add a policy to protect an endpoint to policy.v3cloudsample.json19:24
lbragstadthinks*19:25
*** vishakha has quit IRC19:25
lbragstadeven though it doesn't necessarily make sense now that the policies are in code, but prior to that this test would have been more applicable19:25
lbragstadconversely, it is ok to have extra keys in policy.v3cloudsample.json - since those won't be returned in the diff used in the assertion19:27
*** erus has quit IRC19:27
lbragstadhttps://www.programiz.com/python-programming/methods/set/difference19:27
*** erus has joined #openstack-keystone19:28
*** bbobrov has quit IRC19:30
*** bbobrov has joined #openstack-keystone19:31
lbragstadi updated the backport to match19:42
lbragstadboth *should* be ready to go19:42
*** jmlowe has quit IRC19:47
lbragstadfyi - not sure if others have seen this yet19:51
lbragstadhttps://www.openstack.org/summit/denver-2019/summit-schedule/events/23673/leveraging-openstack-keystone-for-multi-tenancy-support-in-kubernetes19:51
gagehugoyeah, there's a keystone-kubernetes webhook19:55
gagehugolbragstad: https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-keystone-webhook-authenticator-and-authorizer.md19:59
lbragstadcmurphy did we ever come to consensus on sessions slots for rbac and unified limits?20:02
lbragstadhttps://www.openstack.org/summit/denver-2019/summit-schedule/events/23642/increasing-api-accessibility-with-granular-policy-and-default-roles20:03
lbragstadhttps://www.openstack.org/summit/denver-2019/summit-schedule/events/23641/unified-limits-update-and-migration20:03
lbragstadhttps://www.openstack.org/summit/denver-2019/summit-schedule/events/23712/migrating-nova-apis-to-keystone-scope-types20:03
lbragstadhttps://www.openstack.org/summit/denver-2019/summit-schedule/events/23715/feedback-gathering-for-unified-limits-proposal20:03
*** jmlowe has joined #openstack-keystone20:03
lbragstadiirc we were going to keep two forum sessions for RBAC but consolidate down to one for unified limits?20:03
lbragstadmelwitt might be able to correct me, though20:04
cmurphyi thought we decided something on the mailing list20:05
cmurphybut now it looks like we left it open ended20:05
lbragstadyeah - i seem to remember a conclusion somewhere...20:06
cmurphyin any case i support that plan20:07
*** xek has quit IRC20:08
melwittlbragstad: oh, I thought we were consolidating both20:15
lbragstadi can't remember if we had that conversation solely in irc or what, but it doesn't look like the ML thread was updated20:17
melwittlet me find a link20:19
melwitthmm. I have a reply I sent in my email but I don't see it in the openstack-discuss archive20:20
lbragstado.020:21
melwittand you replied to me20:21
*** blake has joined #openstack-keystone20:21
melwittoh wait sorry20:21
melwittI don't understand how these things are ordered20:21
melwittlbragstad: this is where I said roll both into your sessions http://lists.openstack.org/pipermail/openstack-discuss/2019-March/004063.html20:21
lbragstadah - http://lists.openstack.org/pipermail/openstack-discuss/2019-March/004064.html20:22
*** markvoelker has quit IRC20:23
*** erus has quit IRC20:23
*** erus has joined #openstack-keystone20:24
lbragstadso - are we still ok with that plan?20:24
cmurphywfm20:25
* lbragstad heads over to -dev20:26
*** pcaruana has quit IRC20:30
*** whoami-rajat has quit IRC20:30
melwittyeah? I haven't changed my mind since I wrote that :P20:32
*** jamesmcarthur has joined #openstack-keystone20:47
*** jamesmcarthur has quit IRC20:47
*** jamesmcarthur has joined #openstack-keystone20:47
ayoungcmurphy, I'm trying to getmy head around how the uuid change could break federation20:57
ayoungIt looks like it was way down in the cadf code?20:57
ayoungApr 02 19:05:44.695807 opensuse-150-ovh-bhs1-0004648810 devstack@keystone.service[10059]: ERROR keystone   File "/opt/stack/keystone/keystone/notifications.py", line 723, in send_saml_audit_notification20:58
cmurphyit could be unrelated, it's the first time i've seen that though20:59
ayoungif the sha256 hash generated something that the cadf code thought was not a uuid, it might be catching a real error20:59
ayoungIt did pass at least once, though, we earlier versions of the patch21:00
ayoungand the federation tests seem to be not consistant in what is failing21:00
openstackgerritColleen Murphy proposed openstack/keystone master: DNM check if federation tests are broken  https://review.openstack.org/64945321:02
*** erus has quit IRC21:02
*** erus has joined #openstack-keystone21:02
*** blake has quit IRC21:03
*** jamesmcarthur has quit IRC21:19
*** jamesmcarthur has joined #openstack-keystone21:45
*** jamesmcarthur has quit IRC21:50
*** blake has joined #openstack-keystone22:01
*** blake has quit IRC22:01
cmurphywe still need one more approval for https://review.openstack.org/62258922:20
*** rcernin has joined #openstack-keystone22:25
*** jamesmcarthur has joined #openstack-keystone22:25
*** jamesmcarthur has quit IRC22:50
lbragstadthanks cmurphy and gagehugo22:54
*** tkajinam has joined #openstack-keystone22:55
*** gmann_afk is now known as gmann23:11
*** jamesmcarthur has joined #openstack-keystone23:14
*** jamesmcarthur has quit IRC23:43
*** jamesmcarthur has joined #openstack-keystone23:43
« Monday, 2019-04-01 Index Wednesday, 2019-04-03 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!