Tuesday, 2019-04-09

« Monday, 2019-04-08 Index Wednesday, 2019-04-10 »
*** gyee has quit IRC00:09
*** lbragstad has joined #openstack-keystone00:55
*** ChanServ sets mode: +o lbragstad00:55
*** jamesmcarthur has quit IRC01:09
*** whoami-rajat has joined #openstack-keystone02:37
*** lbragstad has quit IRC03:51
*** markvoelker has quit IRC04:31
*** vishakha has joined #openstack-keystone05:43
*** ileixe has quit IRC06:01
*** ileixe has joined #openstack-keystone06:05
*** pcaruana has joined #openstack-keystone06:30
*** markvoelker has joined #openstack-keystone06:32
*** markvoelker has quit IRC07:06
*** phasespace has quit IRC07:08
*** awalende has joined #openstack-keystone07:13
*** chrome0 has quit IRC07:14
*** ileixe has quit IRC07:32
*** ileixe has joined #openstack-keystone07:35
*** ileixe has quit IRC07:35
*** jonher_ has joined #openstack-keystone07:57
*** jonher has quit IRC07:58
*** frickler has quit IRC07:58
*** jonher_ is now known as jonher07:58
*** frickler has joined #openstack-keystone07:59
*** rcernin has quit IRC08:01
*** markvoelker has joined #openstack-keystone08:03
*** ileixe has joined #openstack-keystone08:05
*** phasespace has joined #openstack-keystone08:08
*** johanssone has quit IRC08:18
*** johanssone has joined #openstack-keystone08:24
*** markvoelker has quit IRC08:36
*** tkajinam has quit IRC08:43
openstackgerritVishakha Agarwal proposed openstack/keystone master: Update the min version of tox  https://review.openstack.org/65114409:03
*** jaosorior has quit IRC09:24
openstackgerritVishakha Agarwal proposed openstack/keystonemiddleware master: Update the min version of tox  https://review.openstack.org/65114709:27
openstackgerritVishakha Agarwal proposed openstack/keystoneauth master: Update the min version of tox  https://review.openstack.org/65114909:30
*** jaosorior has joined #openstack-keystone09:31
openstackgerritVishakha Agarwal proposed openstack/python-keystoneclient master: Update the min version of tox  https://review.openstack.org/65115209:33
openstackgerritVishakha Agarwal proposed openstack/ldappool master: Update the min version of tox  https://review.openstack.org/65116909:41
openstackgerritVishakha Agarwal proposed openstack/pycadf master: Update the min version of tox  https://review.openstack.org/65117309:44
openstackgerritVishakha Agarwal proposed openstack/oslo.limit master: Update the min version of tox  https://review.openstack.org/65117609:50
*** gary_perkins_ has quit IRC10:11
*** gary_perkins has joined #openstack-keystone10:11
openstackgerritStephen Finucane proposed openstack/oslo.policy master: Follow the new PTI for document build  https://review.openstack.org/54908810:27
openstackgerritStephen Finucane proposed openstack/oslo.policy master: Follow the new PTI for document build  https://review.openstack.org/54908810:33
*** markvoelker has joined #openstack-keystone10:33
*** markvoelker has quit IRC11:07
*** mvkr has joined #openstack-keystone11:30
*** jmlowe has quit IRC12:01
*** jmlowe has joined #openstack-keystone12:03
*** jamesmcarthur has joined #openstack-keystone12:17
*** jamesmcarthur has quit IRC12:34
*** starborn has joined #openstack-keystone12:35
*** openstackgerrit has quit IRC12:44
*** lbragstad has joined #openstack-keystone12:49
*** ChanServ sets mode: +o lbragstad12:49
*** jamesmcarthur has joined #openstack-keystone12:50
*** jroll has quit IRC12:55
*** jroll has joined #openstack-keystone12:59
*** mchlumsky has joined #openstack-keystone13:00
*** jamesmcarthur has quit IRC13:04
*** raildo has joined #openstack-keystone13:12
knikollao/13:43
*** phasespace has quit IRC13:48
*** awalende has quit IRC13:58
*** awalende has joined #openstack-keystone13:59
*** awalende has quit IRC14:03
gagehugoo/14:15
*** raildo has quit IRC14:22
*** raildo has joined #openstack-keystone14:22
cmurphyo/14:43
*** jamesmcarthur has joined #openstack-keystone14:47
*** jistr is now known as jistr|call14:51
*** lbragstad has quit IRC14:56
*** lbragstad has joined #openstack-keystone14:56
*** ChanServ sets mode: +o lbragstad14:56
cmurphyanyone want to volunteer topics for the meeting agenda? https://etherpad.openstack.org/p/keystone-weekly-meeting I don't have much for today15:14
* lbragstad doesn't have anything15:18
* gagehugo doesn't have anything either15:18
*** awalende has joined #openstack-keystone15:33
*** wxy| has joined #openstack-keystone15:35
*** gyee has joined #openstack-keystone15:35
*** awalende has quit IRC15:37
*** erus has joined #openstack-keystone15:39
*** dave-mccowan has joined #openstack-keystone15:40
*** jamesmcarthur has quit IRC15:42
* vishakha got some reviews15:43
*** openstackgerrit has joined #openstack-keystone15:54
openstackgerritMerged openstack/keystone master: Convert user_id back to string  https://review.openstack.org/65061515:54
*** jistr|call is now known as jistr16:00
cmurphymeeting now in #openstack-meeting-alt16:01
*** jamesmcarthur has joined #openstack-keystone16:05
cmurphy(if anyone is looking for us there, we ended the meeting early)16:16
*** jamesmcarthur has quit IRC16:23
ayoungcmurphy, gah16:24
ayoungI just realized. Anything to discuss?16:24
*** phasespace has joined #openstack-keystone16:25
cmurphyayoung: i didn't have anything16:25
ayoungcmurphy, cool.  I wanted to point a couple things at you16:25
ayoungI repuprosed one of my specs from rbac in middleware to app creds16:26
ayounghttps://review.openstack.org/#/c/456974/  and I saw you and Lance responded.16:27
ayoungIs that a hard "bad idea" or a "we are not sure?"  from you two?16:28
cmurphyfor me it's I'm not sure, I don't like the idea of keystonemiddleware inspecting the contents of a request, especially since this seems like it's just special-casing one of nova's APIs16:29
openstackgerritayoung proposed openstack/keystone master: Allow an explicit_domain_id parameter when creating a domain  https://review.openstack.org/60523516:30
cmurphyI could be convinced if we find some generic way to do it16:30
lbragstadi know that nova is planning on doing a bunch of policy work in train, so i'd be curious to see if the current problems are mitigated slightly after they start consuming what we've already done16:30
cmurphybut I don't think we can really predict all the ways that a service is going to want to enforce policy, that's why we have it in a consumable oslo library instead of doing it all keystone side16:31
ayoungcmurphy, so my comparison other is the JSON RPC format we used in FreeIPA, where the method was inside the posted request body16:32
ayoungJSON or YAML would work the same way.  I could see making it work for HTML form posting, too16:32
ayoungIt would not cover all cases, but I think it would be a generally useful way to implement policy.16:33
ayoungNot that I see us putting IPA behind Keystone....16:33
cmurphyayoung: have a link i could look at for how it's done in freeipa?16:34
ayounglets see...16:34
cmurphyayoung: if nova got rid of this problematic API, would you still want to implement this?16:35
*** erus has quit IRC16:35
ayounghttps://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/  but that does not show payload16:35
*** erus has joined #openstack-keystone16:36
*** wxy| has quit IRC16:37
* lbragstad is curious if microversions actually allow nova to fix that API16:37
lbragstadbut gmann or melwitt  might know16:37
ayoungcmurphy, I can get some pasted....there is a demo IPA server16:38
cmurphymy complaint with microversions has always been that you can't just drop old microversions right away so you're still stuck with the old api for ages16:38
lbragstadi want to saw i remember there being constrains on some of the API changes you could make with microversions16:39
lbragstadsay*16:39
cmurphyhmm i don't know what those are16:39
lbragstadi'm not sure if rev'ing the path itself is possible16:39
cmurphyapp cred access rules don't take microversions into account at all16:40
lbragstadshould they?16:40
cmurphyyeah probably16:40
cmurphyright now someone could allow GET /foobar but maybe that means something different for microversion 1.1  vs 1.3516:40
cmurphyprobably something to bring up at the forum session16:41
lbragstad++16:42
lbragstadi just made a note16:42
lbragstadhttps://etherpad.openstack.org/p/keystone-train-ptg16:42
cmurphyty16:42
lbragstaddo you have an etherpad for that specific topic, yet?16:42
ayoungcmurphy, http://paste.openstack.org/show/749062/    is one example16:42
cmurphyayoung: there will be a forum session on app creds where we can talk to other teams about the body key check16:42
gmannlbragstad: cmurphy you mean for overall policy improvement things or any particular API in problem  ?16:42
ayoungthe method is user_mod,  which is roughly comparable to the URL+VERB.16:42
cmurphylbragstad: no i haven't made etherpads for forum sessions yet16:42
cmurphyit's on my list for today16:42
lbragstadgmann can nova use microversions to get rid of the actions API?16:43
lbragstad(where the action is actually in the request body)16:43
cmurphyayoung: "manager" is like a role?16:43
lbragstadcmurphy sweet - thanks16:43
gmannwe can introduce the alternate new API with microversion but cannot get rid of current action API due to what cmurphy mentioned. for older version they stay till min version is bump which seems almost not possible16:44
*** erus has quit IRC16:44
*** erus has joined #openstack-keystone16:45
*** jamesmcarthur has joined #openstack-keystone16:45
lbragstadok16:45
eruso/16:46
*** gmann is now known as gmann_afk17:40
openstackgerritKristi Nikolla proposed openstack/keystone-specs master: Renewable Application Credentials  https://review.openstack.org/60420117:54
knikollareproposed ^^ for train17:54
cmurphy\o/17:55
*** erus has quit IRC17:57
*** erus has joined #openstack-keystone17:58
openstackgerritMerged openstack/keystoneauth master: Update the min version of tox  https://review.openstack.org/65114918:05
*** erus has quit IRC18:20
*** gmann_afk is now known as gmann18:21
*** erus has joined #openstack-keystone18:21
cmurphylbragstad: i created etherpads for ops feedback and app creds and added them to https://etherpad.openstack.org/p/DEN-keystone-forum-sessions , i'll email jimmy/speakersupport to see if we can get them added to the schedule abstract18:37
cmurphylbragstad: you're moderating the other two sessions, can you do the etherpad creation for those?18:38
*** adriant has quit IRC18:38
lbragstadyeah - melwitt and i were going to tag team those18:38
cmurphycool18:39
lbragstadcmurphy done18:50
lbragstadhttps://etherpad.openstack.org/p/DEN-unified-limits and https://etherpad.openstack.org/p/DEN-granular-policy-and-default-roles18:50
lbragstadi'll work on fleshing them out a bit more18:50
lbragstadi know melwitt has things to add to that, too18:51
cmurphysweet18:52
*** vishakha has quit IRC18:55
*** jamesmcarthur has quit IRC18:55
melwittlbragstad: thanks for starting those!19:00
lbragstadno problem - feel free to add whatever you'd like19:01
melwittk19:01
lbragstadi'm just brain-dumping right now19:01
melwittit's a good way to start IMHO19:04
*** whoami-rajat has quit IRC19:17
* cmurphy schedules team photo for thursday afternoon19:18
*** jamesmcarthur has joined #openstack-keystone19:21
openstackgerritMerged openstack/ldappool master: Update the min version of tox  https://review.openstack.org/65116919:21
openstackgerritRaildo Mascena proposed openstack/keystone master: Fixing dn_to_id function for cases were id is not in the DN  https://review.openstack.org/64917719:44
*** starborn has quit IRC20:03
*** jamesmcarthur has quit IRC20:17
*** jamesmcarthur has joined #openstack-keystone20:18
*** aning_ has quit IRC20:19
*** erus has quit IRC20:19
*** erus has joined #openstack-keystone20:20
*** aning has joined #openstack-keystone20:21
*** pcaruana has quit IRC20:31
*** pcaruana has joined #openstack-keystone20:33
*** pcaruana has quit IRC20:36
*** pcaruana has joined #openstack-keystone20:39
*** erus has quit IRC20:39
*** erus has joined #openstack-keystone20:39
*** jamesmcarthur has quit IRC20:44
*** jamesmcarthur has joined #openstack-keystone20:45
*** pcaruana has quit IRC20:47
openstackgerritMerged openstack/oslo.limit master: Update the min version of tox  https://review.openstack.org/65117620:54
*** jamesmcarthur has quit IRC21:11
openstackgerritMerged openstack/python-keystoneclient master: Update the min version of tox  https://review.openstack.org/65115221:17
openstackgerritMerged openstack/keystone master: Update the min version of tox  https://review.openstack.org/65114421:20
openstackgerritMerged openstack/keystonemiddleware master: Update the min version of tox  https://review.openstack.org/65114721:25
*** erus has quit IRC21:31
*** erus has joined #openstack-keystone21:31
*** mchlumsky has quit IRC21:44
*** awalende has joined #openstack-keystone22:00
*** erus has quit IRC22:02
*** jamesmcarthur has joined #openstack-keystone22:03
*** awalende has quit IRC22:04
*** thomasmckay has joined #openstack-keystone22:11
thomasmckaylooking for a keystone python client dev/expert that i could email intro to another (non-irc using) dev. we are having an issue with integration in quay22:12
thomasmckayfeel free to email me at redhat.com (email same as nick)22:13
openstackgerritSean McGinnis proposed openstack/keystonemiddleware master: Fix string format error  https://review.openstack.org/65139922:17
thomasmckay"we're trying to determine if there are any users in a project, but when we connect using the admin credentials, we get various errors about incorrect project domain. When we set it to `default`, we get that the service catalog is empty."22:21
thomasmckayis the tl;dr from coworker22:21
mordredhi thomasmckay - are you using python-keystoneclient or openstacksdk? also - feel free to email me at redhat (also email same as nick) - and it might not be terrible to loop in kmalloc (mfainber)22:25
mordredbut also- smart people will likely say smarter things here in response to the above - so we can figure out how to loop in your colleague as needed22:25
*** rcernin has joined #openstack-keystone22:28
openstackgerritMerged openstack/keystone master: Allow an explicit_domain_id parameter when creating a domain  https://review.openstack.org/60523522:36
*** erus has joined #openstack-keystone22:42
*** jamesmcarthur has quit IRC22:42
kmalloc++ i'll check email in a bit and maybe can help.22:51
*** jamesmcarthur has joined #openstack-keystone22:52
*** tkajinam has joined #openstack-keystone22:53
kmalloceven on PTO i can toss some brain at the thing :)22:53
*** jamesmcarthur has quit IRC23:03
*** raildo has quit IRC23:05
*** jamesmcarthur has joined #openstack-keystone23:06
*** prometheanfire has joined #openstack-keystone23:10
prometheanfirehttps://review.openstack.org/650505 werkzug incompat (new thing)23:11
prometheanfiremaster, not stein23:11
prometheanfirenot sure if I should hold it back or another quick fix can be done23:13
openstackgerritRodrigo Duarte proposed openstack/keystone master: Fixing dn_to_id function for cases where id is not in the DN  https://review.openstack.org/64917723:13
*** jamesmcarthur has quit IRC23:14
cmurphyprometheanfire: this broke our lower constraints job a few weeks ago too, we punted on fixing it properly at the time but i think it's a relatively easy fix23:16
cmurphywill look later tonight23:17
*** jamesmcarthur has joined #openstack-keystone23:30
*** jamesmcarthur has quit IRC23:30
hogepodgeHas anyone experienced performance issues with recent builds? Using uwsgi I'm getting 503 errors on light loads23:33
hogepodgeI'll revert to stable Rocky and see if I'm getting the same issues, but I can't even populate the service catalog and users serially without 503 errors. This is fairly new with builds from master23:38
prometheanfirecmurphy: ok, I'll hold it back this time then23:51
*** dklyle has quit IRC23:52
« Monday, 2019-04-08 Index Wednesday, 2019-04-10 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!