Tuesday, 2019-04-16

« Monday, 2019-04-15 Index Wednesday, 2019-04-17 »
*** markvoelker has quit IRC00:00
*** lbragstad has joined #openstack-keystone00:07
*** ChanServ sets mode: +o lbragstad00:07
cmurphykmalloc: do you think https://review.openstack.org/508619 is something we still need now that we have RBACEnforcer?01:17
kmallocthat is done with the Flask stack, RBACEnforcer, and @unauthenticated_api01:18
kmallocthat can be abandoned as we already implemented it01:18
cmurphycool01:19
*** jamesmcarthur has joined #openstack-keystone01:37
*** whoami-rajat has joined #openstack-keystone01:53
*** jamesmcarthur has quit IRC02:08
openstackgerritColleen Murphy proposed openstack/keystone master: Use openstackdocstheme according to guide  https://review.openstack.org/55670402:13
*** lbragstad has quit IRC02:21
*** nicolasbock has quit IRC02:29
*** jamesmcarthur has joined #openstack-keystone02:39
*** jamesmcarthur has quit IRC02:46
openstackgerritColleen Murphy proposed openstack/keystone master: Use openstackdocstheme according to guide  https://review.openstack.org/55670402:48
*** lbragstad has joined #openstack-keystone03:00
*** ChanServ sets mode: +o lbragstad03:00
*** jamesmcarthur has joined #openstack-keystone03:02
openstackgerritColleen Murphy proposed openstack/keystone master: Replace support matrix ext with common library  https://review.openstack.org/52780803:11
*** jamesmcarthur has quit IRC03:39
*** jamesmcarthur has joined #openstack-keystone03:40
*** erus has joined #openstack-keystone03:44
*** jamesmcarthur has quit IRC03:45
*** imacdonn has quit IRC04:06
*** imacdonn has joined #openstack-keystone04:07
openstackgerritColleen Murphy proposed openstack/keystone master: Replace support matrix ext with common library  https://review.openstack.org/52780804:10
*** jamesmcarthur has joined #openstack-keystone04:11
*** jamesmcarthur has quit IRC04:18
*** erus has quit IRC04:46
*** erus has joined #openstack-keystone04:52
*** shyamb has joined #openstack-keystone05:03
*** erus has quit IRC05:07
*** gyee has quit IRC05:08
*** shyamb has quit IRC05:09
*** shyamb has joined #openstack-keystone05:13
*** lbragstad has quit IRC05:55
*** shyamb has quit IRC06:13
*** awestin1 has quit IRC06:26
*** pcaruana has joined #openstack-keystone06:26
*** masayukig has quit IRC06:27
*** kmalloc has quit IRC06:28
*** TheJulia has quit IRC06:29
*** kmalloc has joined #openstack-keystone06:30
*** shyamb has joined #openstack-keystone06:32
*** hogepodge has quit IRC06:32
*** johnsom has quit IRC06:32
*** kmalloc has quit IRC06:40
*** TheJulia has joined #openstack-keystone06:43
*** markvoelker has joined #openstack-keystone06:43
*** TheJulia has quit IRC06:47
*** TheJulia has joined #openstack-keystone06:52
*** kmalloc has joined #openstack-keystone06:53
*** johnsom has joined #openstack-keystone06:55
*** masayukig has joined #openstack-keystone06:55
*** ileixe has quit IRC06:56
*** awestin1 has joined #openstack-keystone06:56
*** hogepodge has joined #openstack-keystone06:56
*** starborn has joined #openstack-keystone06:57
*** ileixe has joined #openstack-keystone06:59
*** awalende has joined #openstack-keystone07:08
*** rcernin has quit IRC07:20
*** shyamb has quit IRC07:30
*** shyamb has joined #openstack-keystone07:37
*** johnsom has quit IRC08:04
*** johnsom has joined #openstack-keystone08:05
*** masayukig_ has joined #openstack-keystone08:05
*** masayukig has quit IRC08:05
*** masayukig_ is now known as masayukig08:05
*** awestin1 has quit IRC08:06
*** awestin1 has joined #openstack-keystone08:06
*** shyamb has quit IRC08:07
*** phasespace has joined #openstack-keystone08:09
openstackgerritJens Harbott (frickler) proposed openstack/keystonemiddleware master: Add a new option to choose the Identity endpoint  https://review.openstack.org/65179008:17
*** tkajinam has quit IRC08:24
*** shyamb has joined #openstack-keystone08:54
*** shyamb has quit IRC09:34
*** shyamb has joined #openstack-keystone09:52
*** rcernin has joined #openstack-keystone10:02
*** shyamb has quit IRC10:19
*** shyamb has joined #openstack-keystone10:19
*** vishakha has joined #openstack-keystone10:22
*** raildo has joined #openstack-keystone10:41
*** shyamb has quit IRC10:48
*** nicolasbock has joined #openstack-keystone10:55
*** shyamb has joined #openstack-keystone10:59
*** pcaruana has quit IRC11:17
*** Zara has joined #openstack-keystone11:21
Zarahi! I'm trying to debug a pike instance where tokens are taking around 0.4secs to POST; seems slow; not found any obvious cause; noticed that backend is set to: `oslo_cache.memcache_pool` which isn't listed in https://docs.openstack.org/keystone/pike/admin/identity-caching-layer.html . wondering if could be related or generally what to look for; am new to keystone. there's a cronjob to flush token11:29
Zaras so I don't think it's that.11:29
Zara(bit of a confused question, sorry. if anyone has any general keystone troubleshooting advice, I'd be grateful. :))11:29
*** phasespace has quit IRC11:35
*** pcaruana has joined #openstack-keystone12:04
*** shyamb has quit IRC12:16
*** jamesmcarthur has joined #openstack-keystone12:21
*** jamesmcarthur has quit IRC12:30
*** shyamb has joined #openstack-keystone12:37
*** ybunker has joined #openstack-keystone12:39
*** erus has joined #openstack-keystone12:47
*** jamesmcarthur has joined #openstack-keystone12:48
*** jamesmcarthur has quit IRC12:58
*** shyamb has quit IRC13:02
*** shyamb has joined #openstack-keystone13:03
*** pcaruana has quit IRC13:07
*** lbragstad has joined #openstack-keystone13:10
*** ChanServ sets mode: +o lbragstad13:10
*** jmlowe has quit IRC13:19
*** pcaruana has joined #openstack-keystone13:33
*** jmlowe has joined #openstack-keystone13:38
*** erus has quit IRC13:46
*** markvoelker has quit IRC14:07
*** awalende has quit IRC14:17
*** awalende has joined #openstack-keystone14:18
*** awalende_ has joined #openstack-keystone14:21
*** awalende has quit IRC14:22
*** awalende_ has quit IRC14:25
*** rcernin has quit IRC14:27
hrybackiZara: do you have a specific question I could help with?14:45
*** dklyle has quit IRC14:49
*** dklyle has joined #openstack-keystone14:50
cmurphyZara: oslo_cache.memcache_pool should be a valid backend, assuming the memcache servers are up and running14:50
cmurphyZara: are you using uuid or fernet tokens?14:50
*** jamesmcarthur has joined #openstack-keystone14:56
Zaracmurphy: uuid14:59
Zarahrybacki: heh, not yet; looks like cmurphy answered the more specific question buried in my ramble. :)15:01
hrybackiZara: ack15:02
hrybackiZara: so the configuration option you are looking for (in  Pike) is here: https://docs.openstack.org/oslo.cache/pike/configuration/index.html15:02
*** erus has joined #openstack-keystone15:06
*** starborn has quit IRC15:13
cmurphyZara: how are you testing it? using curl /v3/auth/tokens or using openstackclient? for me the openstackclient takes 2.127s on devstack15:22
*** pcaruana has quit IRC15:27
*** pcaruana has joined #openstack-keystone15:30
*** pcaruana has quit IRC15:40
*** pcaruana has joined #openstack-keystone15:46
*** ayoung has joined #openstack-keystone15:48
ayoungI thought I had SASL set up, but I;ll double check15:48
openstackgerritColleen Murphy proposed openstack/keystone master: Replace support matrix ext with common library  https://review.openstack.org/52780815:48
*** gyee has joined #openstack-keystone15:50
*** ayoung has quit IRC15:50
*** ayoung has joined #openstack-keystone15:50
ayoungclarkb, thanks.  I was still usin the password server, but ssl.  Not SASL.  THat is a big improvement15:51
vishakhacmurphy: The latest url is not working in here https://review.openstack.org/#/c/652569/1/specs/keystone/rocky/strict-two-level-enforcement-model.rst? . Should I left this as it is?15:54
*** erus has quit IRC15:54
*** erus has joined #openstack-keystone15:54
cmurphyvishakha: https://docs.openstack.org/keystone/latest/admin/unified-limits.html#flat doesn't work for you?15:55
*** pcaruana has quit IRC15:55
cmurphythe file changed names15:55
cmurphymeeting in 4 minutes in #openstack-meeting-alt15:56
vishakhaoops got the issue15:57
vishakhathanks15:57
cmurphynp15:57
openstackgerritVishakha Agarwal proposed openstack/keystone-specs master: NIT : Fix broken link  https://review.openstack.org/65256915:59
* kmalloc whines, BUT I NEED COFFEE FOR THE MEETING... *makes coffee*16:00
cmurphy:)16:00
*** pcaruana has joined #openstack-keystone16:02
Zaracmurphy: using the client, with things like `openstack token issue --timing`.16:02
*** jamesmcarthur has quit IRC16:04
*** ybunker has quit IRC16:07
*** pcaruana has quit IRC16:08
*** erus has quit IRC16:08
*** erus has joined #openstack-keystone16:08
eruso/16:09
*** shyamb has quit IRC16:09
*** jamesmcarthur has joined #openstack-keystone16:13
eanderssonWould it be too crazy to make some uuids deterministic? e..g project_id?16:16
eanderssonWe are looking at alternative to database replication16:16
eanderssonI understand that this wouldn't work in all, if even many deployments, but feel like it could be an option for environments that aren't changing very often.16:17
kmalloceandersson: ayoung has been working on that.16:20
*** erus has quit IRC16:20
eanderssonNice16:21
kmalloceandersson: but it's not uuids then. it's a sha of <data> and <domain_id>16:21
kmallocbut same concept.16:21
eanderssonYea exactly16:21
*** erus has joined #openstack-keystone16:21
eanderssonI created a sha1 and used that to generate a uuid16:21
eanderssonand passed all tests :p16:21
kmallocuuid5 was another option, but we opted for something sha... 256 i think16:21
eandersson> data = '%s_%s' % (ref['domain_id'], ref['name'])16:22
eandersson> hash = sha1(data.encode('utf-8')).digest()16:22
eandersson> ref['id'] = uuid.UUID(bytes=hash[0:16], version=4).hex16:22
eanderssonI was just doing something like that16:22
eanderssonHaving no clue how to actually do deterministic uuids :p16:23
kmallocnote that names *are* mutable16:23
eanderssonah did not know that :p16:25
*** pcaruana has joined #openstack-keystone16:36
kmalloceandersson: https://review.openstack.org/#/c/612099/16:37
kmallocfyi16:37
eanderssonNice + thanks for sharing16:38
*** ybunker has joined #openstack-keystone16:39
*** erus has quit IRC16:39
*** erus has joined #openstack-keystone16:39
*** dtruong has quit IRC16:40
*** problem_v has quit IRC16:40
*** problem_v has joined #openstack-keystone16:41
*** dtruong has joined #openstack-keystone16:41
openstackgerritMerged openstack/keystone-specs master: Repropose unfinished Stein specs to Train  https://review.openstack.org/65012616:42
openstackgerritMerged openstack/keystone-specs master: NIT : Fix broken link  https://review.openstack.org/65256916:45
*** erus has quit IRC16:45
*** erus has joined #openstack-keystone16:46
*** jamesmcarthur_ has joined #openstack-keystone16:48
*** jamesmcarthur has quit IRC16:52
*** markvoelker has joined #openstack-keystone16:52
*** markvoelker has quit IRC16:56
kmalloccmurphy: I'm a slacker, I haven't had breakfast (breffas?) yet.16:57
*** itlinux has joined #openstack-keystone16:59
lbragstadcmurphy re: cleaning up old specifications and cruft17:00
lbragstadhttp://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/python3.html looks obsolete now?17:01
cmurphylbragstad: lol python3.417:01
cmurphyyeah looks like we did that17:01
cmurphyi don't think we ended up needing those library changes17:02
lbragstadlooks pretty stale17:02
lbragstadbut we have 3.7 voting now, so that would have broken i think?17:02
vishakhalbragstad:  i was looking into some methods for public key distribution in jwt. Can we use a trustable third party instead which will be aware of all the public of all nodes instead of putting keys on the disk?17:03
cmurphylbragstad: yeah i think coreycb did a lot of work to get the ldap libs working with py3 so i think we're set now17:03
lbragstadvishakha that's come up a few times in the past, but we've never committed to a solution17:03
cmurphylbragstad: want to propose moving that to implemented?17:03
lbragstadfor stein?17:04
cmurphyi think so?17:04
lbragstadsure17:04
cmurphyi think it makes more sense to call it done than to say we're not gonna do it17:04
vishakhalbragstad: can we add that as a ptg topic to discuss more over it17:05
cmurphybtw a few more reviews to highlight https://review.openstack.org/652520 fixes federation ci again https://review.openstack.org/651430 let's requirements team bump werkzeug https://review.openstack.org/652112 followup for doc bugfix17:07
knikollao/17:08
cmurphyhi knikolla17:08
knikollahey cmurphy17:09
knikollajust finished reading back on the meeting, sorry for missing it.17:10
cmurphyno problem17:10
cmurphyZara: sorry was in a meeting, i would compare with plain curl, and also check if it is consistent for each token request or if it corrects itself after one or a few requests, and also is this sql or ldap users?17:12
lbragstadwut in the world...17:34
lbragstadcmurphy do you see python3.html in http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/ ?17:35
lbragstadthat's not actually in that directory in master17:35
lbragstadhttp://specs.openstack.org/openstack/keystone-specs/ shows the python3.4 stuff in newton17:37
cmurphylbragstad: oh, i think there's an issue with how specs are published and they don't get removed from the old directory when they're moved in git17:42
lbragstadweird...17:42
cmurphyyeah, if we figure out exactly which ones are stale i can ask the infra team to remove them17:42
lbragstadidk how others do this17:43
lbragstadbut i usually just navigate from http://specs.openstack.org/openstack/keystone-specs/17:43
cmurphyyeah, it's just that whatever rsync options they use don't remove the old files and we always move ours around a lot17:44
* lbragstad nods17:44
*** dklyle has quit IRC17:45
bbobrovwow, my 3-years-old patch went in18:10
cmurphy:)18:15
openstackgerritKristi Nikolla proposed openstack/keystone master: Report correct domain in federated user token  https://review.openstack.org/65306818:16
knikollathat was easier than i thought18:17
openstackgerritKristi Nikolla proposed openstack/keystone-specs master: Renewable Application Credentials  https://review.openstack.org/60420118:23
*** jamesmcarthur_ has quit IRC18:25
*** jamesmcarthur has joined #openstack-keystone18:26
*** jamesmcarthur has quit IRC18:35
openstackgerritBen Nemec proposed openstack/oslo.policy master: Follow the new PTI for document build  https://review.openstack.org/54908818:39
*** irclogbot_2 has quit IRC18:39
*** jamesmcarthur has joined #openstack-keystone18:40
*** irclogbot_0 has joined #openstack-keystone18:40
openstackgerritKristi Nikolla proposed openstack/keystone master: Report correct domain in federated user token  https://review.openstack.org/65306818:56
*** vishakha has quit IRC19:22
*** itlinux has quit IRC19:30
*** jmlowe has quit IRC19:33
*** itlinux has joined #openstack-keystone19:34
*** ybunker has quit IRC19:53
*** dklyle has joined #openstack-keystone19:58
*** jamesmcarthur has quit IRC20:00
*** jmlowe has joined #openstack-keystone20:02
*** pcaruana has quit IRC20:19
*** jamesmcarthur has joined #openstack-keystone21:01
*** raildo has quit IRC21:12
*** mchlumsky_ has quit IRC21:23
*** itlinux has quit IRC21:53
*** itlinux has joined #openstack-keystone22:06
openstackgerritMerged openstack/keystone master: Add release note for service token documentation  https://review.openstack.org/65211222:24
openstackgerritColleen Murphy proposed openstack/keystone master: Replace support matrix ext with common library  https://review.openstack.org/52780822:35
openstackgerritColleen Murphy proposed openstack/keystone master: Fix unscoped federated token formatter  https://review.openstack.org/65252022:35
*** rcernin has joined #openstack-keystone22:38
*** tkajinam has joined #openstack-keystone22:54
*** whoami-rajat has quit IRC23:02
*** jamesmcarthur has quit IRC23:06
*** jamesmcarthur has joined #openstack-keystone23:07
*** jamesmcarthur has quit IRC23:11
*** itlinux has quit IRC23:35
« Monday, 2019-04-15 Index Wednesday, 2019-04-17 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!