Wednesday, 2019-09-18

*** lbragstad has quit IRC		00:19
*** lbragstad has joined #openstack-keystone		00:19
*** jamesmcarthur has joined #openstack-keystone		00:42
*** gyee has quit IRC		00:50
*** jamesmcarthur has quit IRC		01:07
*** markvoelker has quit IRC		01:08
*** markvoelker has joined #openstack-keystone		01:20
*** Ben78 has quit IRC		02:02
*** jamesmcarthur has joined #openstack-keystone		02:22
*** jamesmcarthur has quit IRC		02:38
*** jamesmcarthur has joined #openstack-keystone		02:47
*** markvoelker has quit IRC		03:09
*** jamesmcarthur has quit IRC		03:24
*** jamesmcarthur has joined #openstack-keystone		03:36
openstackgerrit	Colleen Murphy proposed openstack/oslo.policy master: (WIP) Modernize policy checker https://review.opendev.org/682783	03:38
*** jamesmcarthur has quit IRC		03:50
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Allow system/domain scope for assignment tree list https://review.opendev.org/682762	04:03
*** etp has joined #openstack-keystone		04:14
openstackgerrit	Merged openstack/keystone master: Split protection unit tests into its own job https://review.opendev.org/680788	04:22
*** etp has quit IRC		04:28
*** pcaruana has joined #openstack-keystone		04:46
*** jaosorior has quit IRC		04:57
*** jaosorior has joined #openstack-keystone		04:57
*** Luzi has joined #openstack-keystone		04:59
*** markvoelker has joined #openstack-keystone		05:10
*** markvoelker has quit IRC		05:14
openstackgerrit	Colleen Murphy proposed openstack/keystone master: (WIP) Consolidate policy deprecation warnings https://review.opendev.org/682798	06:06
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Fix validation of role assignment subtree list https://review.opendev.org/682750	06:14
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Allow system/domain scope for assignment tree list https://review.opendev.org/682762	06:14
*** xek_ has joined #openstack-keystone		06:22
*** xek_ has quit IRC		06:30
openstackgerrit	Qitao proposed openstack/keystonemiddleware master: Update invalid link for README https://review.opendev.org/682804	06:38
*** jawad_axd has joined #openstack-keystone		06:47
openstackgerrit	Qitao proposed openstack/keystonemiddleware master: Update invalid link for README https://review.opendev.org/682804	06:47
*** rcernin has quit IRC		06:57
*** trident has quit IRC		07:08
*** trident has joined #openstack-keystone		07:19
*** ivve has joined #openstack-keystone		07:32
vishakha	lbragstad: I cant see any policy endpoint API left in https://review.opendev.org/#/c/682266/3/etc/policy.v3cloudsample.json.	07:58
vishakha	*project endpoint	07:59
*** tkajinam has quit IRC		08:04
openstackgerrit	Hiroyuki Jo proposed openstack/oslo.policy master: Fix fault when deleting policy_file https://review.opendev.org/682838	08:56
*** pcaruana has quit IRC		08:57
*** pcaruana has joined #openstack-keystone		09:01
*** tesseract has joined #openstack-keystone		09:44
openstackgerrit	Ralf Haferkamp proposed openstack/keystone master: Fix PostgreSQL specifc issue with credentials encoding https://review.opendev.org/681736	09:46
*** markvoelker has joined #openstack-keystone		09:59
*** markvoelker has quit IRC		10:04
*** openstackgerrit has quit IRC		10:06
*** markvoelker has joined #openstack-keystone		10:16
*** markvoelker has quit IRC		10:20
*** openstackgerrit has joined #openstack-keystone		10:22
openstackgerrit	Merged openstack/keystone master: Make system tokens work with domain-specific drivers https://review.opendev.org/681833	10:22
openstackgerrit	Merged openstack/keystone master: Use correct repo for initial version check https://review.opendev.org/682447	10:46
openstackgerrit	Rajat Dhasmana proposed openstack/keystone master: Fix test case in policy associations https://review.opendev.org/681173	10:48
*** jdwidari has joined #openstack-keystone		11:00
*** pcaruana has quit IRC		11:19
*** dave-mccowan has joined #openstack-keystone		11:22
*** pcaruana has joined #openstack-keystone		11:28
*** raildo has joined #openstack-keystone		11:34
*** Luzi has quit IRC		11:35
openstackgerrit	Chason Chan proposed openstack/keystone master: Fix the 404 page https://review.opendev.org/682871	11:48
*** Luzi has joined #openstack-keystone		11:49
lbragstad	vishakha these are the ones we need to update	12:03
lbragstad	https://opendev.org/openstack/keystone/src/branch/master/keystone/common/policies/project_endpoint.py#L19-L67	12:03
lbragstad	instead of using base.RULE_ADMIN_REQUIRED, we should update them to use base.SYSTEM_ADMIN and base.SYSTEM_READER	12:04
vishakha	lbragstad: thanx. I will work over it of nobody is	12:05
*** markvoelker has joined #openstack-keystone		12:05
lbragstad	vishakha i haven't started on it, yet	12:06
lbragstad	and i'm not sure anyone else has either	12:06
lbragstad	vishakha thanks :)	12:06
vishakha	lbragstad: ok . Thanks for the update	12:06
lbragstad	vishakha also - if it makes it easier for you, just put everything in a single patch	12:06
vishakha	lbragstad: ok	12:07
lbragstad	like this - https://review.opendev.org/#/c/682503/	12:07
*** jamesmcarthur has joined #openstack-keystone		12:09
*** jamesmcarthur has quit IRC		12:16
*** awalende has joined #openstack-keystone		12:19
*** jamesmcarthur has joined #openstack-keystone		12:22
*** redrobot has joined #openstack-keystone		12:26
*** jamesmcarthur has quit IRC		12:31
*** Ben78 has joined #openstack-keystone		12:40
*** jamesmcarthur has joined #openstack-keystone		12:51
*** awalende has quit IRC		13:20
*** Luzi has quit IRC		13:49
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add default roles and scope checking to project tags https://review.opendev.org/682503	14:03
lbragstad	^ that one got quite a bit bigger with the additional test cases	14:04
*** xek_ has joined #openstack-keystone		14:06
*** efried has joined #openstack-keystone		14:09
efried	cmurphy, lbragstad: I seem to remember we only need "password", not "v2password" or "v3password", when building conf opts for genconfig e.g. https://review.opendev.org/#/c/682565/6/cyborg/conf/nova.py -- can you please confirm?	14:10
efried	kmalloc: ^	14:10
lbragstad	looks like it's common to supply all three? http://codesearch.openstack.org/?q=ks_loading.get_auth_plugin_conf_options&i=nope&files=&repos=	14:13
lbragstad	cmurphy do you mind if i update the topic for all remaining policy patches?	14:17
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add default roles and scope checking to project tags https://review.opendev.org/682503	14:20
efried	lbragstad: common, yes, but iirc someone (maybe you, even :P) once told me it wasn't necessary.	14:20
lbragstad	efried lemme go dig	14:20
*** openstackgerrit has quit IRC		14:21
lbragstad	huh - i'm only seeing Password in keystoneauth1/identity/v3/password.py	14:26
lbragstad	i'm not sure if i'm missing something - but i can't seem to find where passwordv2 or passwordv3 would hook in?	14:26
lbragstad	cc mordred ^	14:26
cmurphy	lbragstad: i don't mind	14:29
cmurphy	efried: password should be fine, it should figure out the right thing based on the auth_url and/or version discovery	14:30
efried	cmurphy: this is for list_opts	14:32
efried	so like, what shows up in the config reference, I think.	14:32
efried	but are you saying that the options from 'password' ought to be sufficient to a) list and b) configure because ksa can dtrt with just those?	14:32
*** jawad_axd has quit IRC		14:46
*** jawad_axd has joined #openstack-keystone		14:46
*** jawad_axd has quit IRC		14:46
lbragstad	cmurphy tracking them with https://review.opendev.org/#/q/topic:train-rc1-policy-fixes+(status:open+OR+status:merged)	14:52
lbragstad	i think the only one that isn't tagged is the one for project-endpoint associations	14:53
*** jaosorior has quit IRC		14:57
cmurphy	efried: i'm saying (b), i'm not totally sure about (a), v2password and v3password are valid plugins in keystoneauth so i guess it's valid to list them?	15:00
cmurphy	lbragstad: sweet thank you	15:00
cmurphy	i think vishakha is on it	15:00
lbragstad	mhm	15:01
lbragstad	sounds like she is	15:01
efried	sigh, okay, I guess there's no harm leaving it alone for now	15:01
lbragstad	project tags and role assignments look good	15:01
cmurphy	lbragstad: bnemec kmalloc i started looking at https://bugs.launchpad.net/keystone/+bug/1836568 and trying to address it the way we concluded in http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-08-13-16.00.log.html#l-64	15:03
openstack	Launchpad bug 1836568 in oslo.policy "Logs filled with unnecessary policy deprecation warnings" [High,In progress] - Assigned to Ben Nemec (bnemec)	15:03
cmurphy	which was basically http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-08-13-16.00.log.html#l-114	15:03
cmurphy	oslopolicy-checker is really in no shape to help with deprecated rules	15:04
cmurphy	it doesn't really even work right now https://review.opendev.org/682783	15:04
cmurphy	but the policy generator does work	15:05
bnemec	I noticed that.	15:05
bnemec	I was waiting until after feature freeze to pester you about it. :-)	15:05
cmurphy	heh	15:05
lbragstad	nice	15:06
cmurphy	this is my attempt at making the warnings go away in keystone https://review.opendev.org/682798	15:06
cmurphy	we'd need something like that to address the issue without needing a new oslo.policy release	15:06
cmurphy	but it uses the suppress warnings attribute which was only ever supposed to be for tests	15:06
bnemec	Yeah, so does https://review.opendev.org/#/c/682117/ so I'm not in any position to throw stones. ;-)	15:07
cmurphy	ha	15:07
cmurphy	we're our own worst enemies	15:08
*** gyee has joined #openstack-keystone		15:08
bnemec	Also, this could be a temporary thing just for this release and we could move the warning consolidation into oslo.policy next cycle.	15:09
bnemec	It's a thing every project is going to need as they move to scope-aware policies.	15:09
cmurphy	that's true	15:09
cmurphy	so it's not an entirely terrible idea?	15:09
bnemec	At first glance it seems reasonable to me.	15:10
bnemec	It adds another step to figure out which policies are deprecated, but I suspect operators will prefer that to thousands of lines of deprecation warnings in their logs.	15:11
bnemec	Do we need https://review.opendev.org/#/c/682783/ for this to be viable though? Right now it tells them to run a broken tool. :-/	15:12
*** xek__ has joined #openstack-keystone		15:12
cmurphy	no, it's only oslopolicy-checker that is broken, oslopolicy-policy-generate and oslopolicy-policy-upgrade work fine and actually hook into keystone's registered defaults instead of reading from a policy file	15:13
cmurphy	my other idea is just to resuscitate https://review.opendev.org/674940 but then oslopolicy-policy-generator will use the same short warnings	15:13
*** xek_ has quit IRC		15:14
*** ivve has quit IRC		15:18
bnemec	Ah, okay. I actually think the reasoning behind the shorter deprecation warnings applies anyway, so I would be okay with doing both.	15:18
cmurphy	fair enough	15:19
bnemec	Of course, that's easy for me to say. I don't have to propose or review it. :-)	15:19
*** openstackgerrit has joined #openstack-keystone		15:22
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Allow system/domain scope for assignment tree list https://review.opendev.org/682762	15:22
*** markvoelker has quit IRC		15:35
*** david-lyle has quit IRC		15:35
*** dklyle has joined #openstack-keystone		15:35
*** trident has quit IRC		15:41
openstackgerrit	Colleen Murphy proposed openstack/keystone master: DRY up credential policies https://review.opendev.org/682488	15:42
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Move remaining protection tests https://review.opendev.org/682931	15:42
*** jamesmcarthur has quit IRC		15:45
*** jamesmcarthur has joined #openstack-keystone		15:47
bnemec	I opened a wishlist bug against oslo.policy to track moving the warning consolidation into the library: https://bugs.launchpad.net/oslo.policy/+bug/1844555	15:49
openstack	Launchpad bug 1844555 in oslo.policy "Provide a way to consolidate deprecation warnings in logs" [Wishlist,Confirmed]	15:49
cmurphy	cool	15:49
*** jamesmcarthur has quit IRC		15:49
bnemec	Although now that I think about it, I don't need to mention that here since it will show up in the weekly update email. :-)	15:49
cmurphy	:P	15:50
*** jamesmcarthur has joined #openstack-keystone		15:52
*** trident has joined #openstack-keystone		15:53
*** markvoelker has joined #openstack-keystone		15:53
*** jamesmcarthur has quit IRC		15:57
*** jamesmcarthur has joined #openstack-keystone		15:59
*** jawad_axd has joined #openstack-keystone		16:07
*** jawad_axd has quit IRC		16:11
*** xek__ has quit IRC		16:11
*** efried is now known as efried_pto		16:13
*** jawad_axd has joined #openstack-keystone		16:18
*** jawad_axd has quit IRC		16:22
*** gmann is now known as gmann_afk		16:23
*** ayoung has joined #openstack-keystone		16:24
*** ivve has joined #openstack-keystone		16:32
cmurphy	stepping away for a bit	16:35
*** jmlowe has quit IRC		16:39
*** tesseract has quit IRC		16:53
*** jamesmcarthur_ has joined #openstack-keystone		17:09
*** jamesmcarthur has quit IRC		17:12
*** AJaeger has joined #openstack-keystone		17:22
openstackgerrit	Andreas Jaeger proposed openstack/keystone-specs master: Update docstheme options https://review.opendev.org/682952	17:25
AJaeger	keystone-specs cores, I'm updating the publish jobs for specs repositories and needed a test, hope the change above is acceptable for that and we can use that for testing ^	17:26
kmalloc	@AJaeger Thats a fine test case, let me know if you want / need us to actually merge it	17:27
kmalloc	@AJaeger i have no issues with any changes you are making, especially if it makes anything better (really, let us know what needs to land, we'll land it when you're ready)	17:28
AJaeger	kmalloc: I need you to merge it - to test that publishing works ;)	17:28
kmalloc	wfm. will push that through once zuul passes check	17:28
kmalloc	it's minimal	17:28
AJaeger	kmalloc: thanks. It's ready to land if Zuul is happy ;)	17:28
kmalloc	@AJaeger in all honesty, it might make sense to give you spec-core capability so you don't need to go through us for these types of changes. but i'd obviously need to confirm with other cores and cmurphy	17:29
AJaeger	kmalloc: this is a one time fun - thanks	17:30
kmalloc	:)	17:30
kmalloc	until next time	17:30
kmalloc	that is	17:30
AJaeger	hope that's not too soon ;)	17:30
AJaeger	kmalloc: the change passed tests	17:35
kmalloc	AJaeger: +A	17:36
AJaeger	Mille Grazie, kmalloc !	17:36
kmalloc	anytime!	17:37
*** jmlowe has joined #openstack-keystone		17:44
openstackgerrit	Merged openstack/keystone-specs master: Update docstheme options https://review.opendev.org/682952	17:47
AJaeger	yeah, http://specs.openstack.org/openstack/keystone-specs/ was updated ;). All fine	17:49
* AJaeger is happy and disappears again		17:50
*** jmlowe has quit IRC		17:53
openstackgerrit	Abhishek Mahajan proposed openstack/keystone master: "Unauthorized" error message needs more hints https://review.opendev.org/682955	17:58
*** AJaeger has left #openstack-keystone		17:58
*** openstackgerrit has quit IRC		18:37
*** openstackgerrit has joined #openstack-keystone		18:54
openstackgerrit	Merged openstack/keystone master: Specify keystone is OS user for fernet and credential setup https://review.opendev.org/674725	18:54
cmurphy	the coverage job is still timing out even after splitting out the protection tests :(	18:57
cmurphy	looks like they slow way down during the opportunistic db tests https://zuul.opendev.org/t/openstack/build/7be4ade9f5694cccabc5be6c6c45c3fc/log/job-output.txt#1298-1299	18:57
cmurphy	but still it's strange it's so bad	18:57
*** jmlowe has joined #openstack-keystone		19:03
lbragstad	odd...	19:37
lbragstad	did something change with the opportunistic tests recently?	19:37
cmurphy	not in keystone afaik	19:38
*** jmlowe has quit IRC		19:42
cmurphy	looks like we've been ignoring line length in pep8 since https://review.opendev.org/618954 i don't think that was intentional :/	19:59
*** hoonetorg has quit IRC		20:01
lbragstad	aha!	20:09
lbragstad	i was so confused why line length was getting so long...	20:09
*** pcaruana has quit IRC		20:10
cmurphy	not sure if should fix	20:11
*** jmlowe has joined #openstack-keystone		20:12
*** jamesmcarthur_ has quit IRC		20:12
*** jamesmcarthur has joined #openstack-keystone		20:17
*** jamesmcarthur has quit IRC		20:17
*** jamesmcarthur has joined #openstack-keystone		20:18
*** ayoung has quit IRC		20:21
*** ayoung has joined #openstack-keystone		20:22
bnemec	Didn't you find a problem recently-ish where the opportunistic tests were always being skipped? Maybe fixing that contributed to this problem	20:50
bnemec	12 minutes for a single test seems unreasonably long though.	20:51
cmurphy	lol yes i guess actually running tests takes time	20:51
cmurphy	but still	20:51
bnemec	rm -rf keystone/tests	20:52
bnemec	Problem solved. :-)	20:52
lbragstad	heh - keep the tests and delete keystone	20:52
cmurphy	no more rechecks ever	20:52
cmurphy	lbragstad: but then the tests would fail	20:52
bnemec	I know there have been issues with storage being too slow for etcd. Maybe something similar is happening for the databases.	20:52
cmurphy	hmm could be	20:53
bnemec	I think they worked around that by having etcd run entirely in memory. Maybe there's some tweak that could be done to mysql to do similar?	20:54
kmalloc	ooh	20:54
lbragstad	isn't that sqlite?	20:54
kmalloc	that sounds like an awful idea	20:54
kmalloc	for MySQL	20:54
kmalloc	short of moving to something like NDB.	20:55
kmalloc	i also wonder if we do any mysql tuning, because remember mysql comes out of the box tuned... terribly..or if that tuning somehow changed	20:55
bnemec	It would not surprise me if it's tuned poorly.	20:57
cmurphy	i don't think we do any tuning, if it's mysql itself that is making performance this bad that tuning can fix then we should document that	20:57
cmurphy	i am guessing bnemec is right	20:57
cmurphy	because it's not consistent	20:57
cmurphy	so we just get unlucky on some nodes	20:57
bnemec	\o/ cloud! :-P	20:57
bnemec	I take it back, don't run mysql in memory: "no transaction safety, locking issues, etc"	20:59
bnemec	https://stackoverflow.com/questions/10692398/how-do-i-make-a-mysql-database-run-completely-in-memory	20:59
bnemec	innodb_flush_log_at_trx_commit = 0 might cut down on disk activity and since we don't really care about this data it doesn't matter if we lose some in a crash.	21:08
*** raildo has quit IRC		21:14
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Make policy deprecation reasons less verbose https://review.opendev.org/674940	21:39
*** jamesmcarthur has quit IRC		22:06
*** jamesmcarthur has joined #openstack-keystone		22:09
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Consolidate policy deprecation warnings https://review.opendev.org/682798	22:11
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Consolidate policy deprecation warnings https://review.opendev.org/682798	22:15
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Allow system/domain scope for assignment tree list https://review.opendev.org/682762	22:19
*** markvoelker has quit IRC		22:24
cmurphy	rc1 patches in flight to review https://etherpad.openstack.org/p/keystone-train-rc1-todo	22:28
*** jamesmcarthur has quit IRC		22:33
*** jamesmcarthur has joined #openstack-keystone		22:50
kmalloc	bnemec: oh i could have told you how bad of an idea mysql in memory is.	22:57
kmalloc	bnemec, cmurphy: i'll take a quick stare at mysql, if this is a "why would you ever run mysql this way" issue, we can improve that	22:58
*** tkajinam has joined #openstack-keystone		23:02
*** jamesmcarthur has quit IRC		23:09
*** rcernin has joined #openstack-keystone		23:16
*** jamesmcarthur has joined #openstack-keystone		23:34
*** efried_pto is now known as mriedem1		23:47
*** mriedem1 is now known as efried_pto		23:47
*** ivve has quit IRC		23:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!