| *** dasm is now known as dasm|off | 02:00 | |
| opendevreview | Yusuke Niimi proposed openstack/keystoneauth master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystoneauth/+/830734 | 06:31 |
|---|---|---|
| *** dviroel|out is now known as dviroel | 11:30 | |
| opendevreview | Bence Romsics proposed openstack/keystone master: Fix host:port handling https://review.opendev.org/c/openstack/keystone/+/855198 | 12:31 |
| *** dasm|off is now known as dasm | 13:46 | |
| *** dviroel is now known as dviroel|mtg | 14:43 | |
| dmendiza[m] | #startmeeting keystone | 15:00 |
| opendevmeet | Meeting started Tue Aug 30 15:00:53 2022 UTC and is due to finish in 60 minutes. The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:00 |
| dmendiza[m] | #topic Roll Call | 15:01 |
| dmendiza[m] | Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek | 15:01 |
| knikolla | o/ | 15:02 |
| h_asahina | o/ | 15:02 |
| d34dh0r53 | o/ | 15:02 |
| dmendiza[m] | Hi y'all! | 15:02 |
| dmendiza[m] | Let's get started | 15:02 |
| dmendiza[m] | #topic Review Past Meeting Action Items | 15:03 |
| dmendiza[m] | #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-23-15.01.html | 15:04 |
| dmendiza[m] | we didn't have any | 15:04 |
| dmendiza[m] | #topic Liaison Updates | 15:04 |
| dmendiza[m] | This week is Zed-3 milestone | 15:04 |
| dmendiza[m] | and Feature Freeze | 15:04 |
| dmendiza[m] | we should try to merge anything we need this week to try to avoid Feature Freeze Exceptions | 15:04 |
| dmendiza[m] | Any questions/comments about Zed-3 or FF? | 15:06 |
| dmendiza[m] | OK, moving on | 15:09 |
| dmendiza[m] | #topic OAuth 2.0 | 15:09 |
| dmendiza[m] | We merged a couple of patches last week | 15:09 |
| dmendiza[m] | We also asked the release team for a new middleware release to include the patch we merged | 15:09 |
| knikolla | the keystoneauth patch needs to merge by sept 1 | 15:10 |
| h_asahina | I confirmed it. thank you for reviwing those patches. | 15:10 |
| dmendiza[m] | knikolla: ack, I'll try to get a review in today | 15:10 |
| knikolla | thanks, i think things are looking in good shape, so we shouldn't have problems | 15:11 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/releases/+/854843 | 15:11 |
| dmendiza[m] | looks like the release request was approved and merged | 15:11 |
| h_asahina | regarding keystoneauth, we've updated based on knikolla's comments. | 15:12 |
| h_asahina | https://review.opendev.org/c/openstack/keystoneauth/+/830734 | 15:12 |
| dmendiza[m] | great | 15:16 |
| dmendiza[m] | we'll hopefully get that merged today or tomorrow | 15:17 |
| dmendiza[m] | Anything else on this topic h_asahina ? | 15:17 |
| *** dviroel|mtg is now known as dviroel | 15:18 | |
| h_asahina | should we wait merging the spec until the next release? | 15:19 |
| dmendiza[m] | h_asahina: we don't need to stop working on it, but we will likely need to change it to target the next release | 15:19 |
| knikolla | yeah, just need to target it for A / 2023.1 | 15:20 |
| h_asahina | okey. | 15:20 |
| knikolla | thanks for all your work :) | 15:21 |
| h_asahina | thanks too. I really appreciate it. | 15:21 |
| h_asahina | regareding spec | 15:21 |
| h_asahina | let me confirm the uasage of mapping API | 15:21 |
| h_asahina | in the last meeting, you mentioned we can define multiple rules for multiple CAs | 15:22 |
| knikolla | i've started work on a demo, but I've not finished yet. my apologies. | 15:22 |
| h_asahina | it's okey. | 15:23 |
| h_asahina | I just looking for an example of that to get an idea of it. | 15:24 |
| h_asahina | and I think this: https://docs.openstack.org/keystone/pike/advanced-topics/federation/mapping_combinations.html#multiple-rules can be an example | 15:24 |
| h_asahina | does this match your thought | 15:24 |
| h_asahina | ? | 15:24 |
| h_asahina | I think we do have to add codes to this purpose | 15:24 |
| h_asahina | s/to this/for this/ | 15:25 |
| knikolla | each CA can be its own identity provider. | 15:25 |
| knikolla | Keystone looks in a specific field for the issuer and looks for an identity provider with that id | 15:25 |
| knikolla | i'll make a note to have two CAs in the demo | 15:27 |
| h_asahina | thanks. | 15:28 |
| dmendiza[m] | cool, let's move on. | 15:28 |
| dmendiza[m] | #topic Secure RBAC | 15:28 |
| dmendiza[m] | I didn't see any patches come in from gmann | 15:28 |
| dmendiza[m] | I'll keep an eye out or maybe try to get the patches up myself | 15:29 |
| gmann | working on that but some difficulties in my dev env. | 15:29 |
| dmendiza[m] | oh hey! | 15:29 |
| gmann | I will ping once I will have it up and ready | 15:29 |
| dmendiza[m] | sounds good gmann thanks | 15:29 |
| dmendiza[m] | OK, moving on ... | 15:31 |
| dmendiza[m] | #topic Open Discussion | 15:32 |
| dmendiza[m] | Anything y'all want to talk about before we look at the bug reports? | 15:32 |
| gmann | dmendiza[m]: knikolla can you check this review, it has been open for long https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/838070 | 15:32 |
| knikolla | gmann: +2-ed, thanks. | 15:32 |
| gmann | thanks | 15:33 |
| drencrom | Hi, I have a bug report that would like to check with you | 15:33 |
| dmendiza[m] | gmann: merged | 15:33 |
| dmendiza[m] | drencrom: hi! sure, which one? | 15:33 |
| gmann | thanks | 15:34 |
| drencrom | this one: https://bugs.launchpad.net/keystonemiddleware/+bug/1987355 | 15:34 |
| drencrom | I'm not sure if the bug is in keystone or elsewhere but things do not work as I expect | 15:34 |
| dmendiza[m] | hmm... interesting scenario | 15:36 |
| dmendiza[m] | lots of stuff happening | 15:36 |
| drencrom | Yes, it is a race condition that sometimes leave volumes in reserved or attaching state | 15:38 |
| drencrom | In this case the client is talking to nova to attach or dettach volumes | 15:39 |
| *** dviroel is now known as dviroel|lunch | 15:40 | |
| dmendiza[m] | I'll try to take a look and see what I can find | 15:45 |
| dmendiza[m] | unless knikolla has an idea | 15:45 |
| knikolla | i'll take a look when i have some time this week | 15:46 |
| dmendiza[m] | cool | 15:46 |
| dmendiza[m] | thanks drencrom | 15:46 |
| drencrom | Ok, thanks. I have a go code that just attaches and detaches a volume taht can be used to reproduce this | 15:46 |
| dmendiza[m] | that might be useful if you can share it | 15:47 |
| drencrom | The code just copies parts of this: Kubernetes CSI Attacher v3.4.0: https://github.com/kubernetes-csi/external-attacher/tree/v3.4.0 that is the one causing the problems in production | 15:48 |
| drencrom | I'll upload it and share the link | 15:48 |
| knikolla | that would be helpful, thanks :) | 15:49 |
| drencrom | Here it is: https://people.canonical.com/~jorge.merlino/test.go | 15:52 |
| drencrom | The openstack auth is inside the code. It requieres the id of a volume and two instances in the command line and moves the volume endlessly between the two | 15:54 |
| drencrom | I changed the token duration to 10 minutes to test in order to get it to fail faster | 15:55 |
| dmendiza[m] | Awesome, thanks for sharing drencrom | 15:56 |
| dmendiza[m] | We don't have enough time to go through all the bug lists | 15:57 |
| dmendiza[m] | but do take a look at this one if y'all get a chance | 15:57 |
| dmendiza[m] | https://bugs.launchpad.net/keystone/+bug/1988168 | 15:57 |
| dmendiza[m] | theres' a patch with it also | 15:57 |
| dmendiza[m] | https://review.opendev.org/c/openstack/keystone/+/855198 | 15:58 |
| dmendiza[m] | And that's all we have time for today. | 15:59 |
| dmendiza[m] | Thanks for joining, y'all! | 15:59 |
| dmendiza[m] | #endmeeting | 15:59 |
| opendevmeet | Meeting ended Tue Aug 30 15:59:21 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:59 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-30-15.00.html | 15:59 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-30-15.00.txt | 15:59 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-30-15.00.log.html | 15:59 |
| *** dviroel|lunch is now known as dviroel | 16:33 | |
| opendevreview | Merged openstack/keystone-tempest-plugin master: Update stable branches jobs on master gate https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/838070 | 17:03 |
| *** dasm is now known as dasm|off | 19:21 | |
| *** dviroel is now known as dviroel|out | 22:37 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!