Tuesday, 2019-01-22

« Monday, 2019-01-21 Index Wednesday, 2019-01-23 »
*** macza has joined #openstack-meeting-alt00:00
*** tetsuro has joined #openstack-meeting-alt00:10
*** igordc has joined #openstack-meeting-alt00:22
*** macza has quit IRC00:24
*** erlon has joined #openstack-meeting-alt00:42
*** erlon has quit IRC01:05
*** igordc has quit IRC01:05
*** markvoelker has quit IRC01:08
*** slaweq has joined #openstack-meeting-alt01:11
*** slaweq has quit IRC01:15
*** markvoelker has joined #openstack-meeting-alt02:09
*** hongbin has joined #openstack-meeting-alt02:24
*** lbragstad_503 has quit IRC02:38
*** markvoelker has quit IRC02:43
*** hongbin has quit IRC02:58
*** hongbin has joined #openstack-meeting-alt03:01
*** slaweq has joined #openstack-meeting-alt03:11
*** apetrich has quit IRC03:14
*** slaweq has quit IRC03:15
*** hongbin has quit IRC03:16
*** hongbin has joined #openstack-meeting-alt03:17
*** hongbin has quit IRC03:17
*** hongbin has joined #openstack-meeting-alt03:17
*** hongbin has quit IRC03:20
*** hongbin has joined #openstack-meeting-alt03:20
*** hongbin has quit IRC03:21
*** hongbin has joined #openstack-meeting-alt03:21
*** hongbin has quit IRC03:22
*** hongbin has joined #openstack-meeting-alt03:22
*** rcernin has quit IRC03:35
*** markvoelker has joined #openstack-meeting-alt03:41
*** baojg has joined #openstack-meeting-alt03:48
*** rcernin has joined #openstack-meeting-alt03:50
*** lbragstad_503 has joined #openstack-meeting-alt03:54
*** rcernin has quit IRC03:57
*** rcernin has joined #openstack-meeting-alt03:58
*** tetsuro_ has joined #openstack-meeting-alt04:09
*** tetsuro has quit IRC04:11
*** baojg has quit IRC04:12
*** markvoelker has quit IRC04:13
*** baojg has joined #openstack-meeting-alt04:18
*** baojg has quit IRC04:23
*** tetsuro has joined #openstack-meeting-alt04:31
*** tetsuro_ has quit IRC04:31
*** bhavikdbavishi has joined #openstack-meeting-alt04:56
*** whoami-rajat has joined #openstack-meeting-alt05:04
*** hongbin has quit IRC05:10
*** markvoelker has joined #openstack-meeting-alt05:10
*** slaweq has joined #openstack-meeting-alt05:11
*** baojg has joined #openstack-meeting-alt05:11
*** slaweq has quit IRC05:15
*** baojg has quit IRC05:22
*** sridharg has joined #openstack-meeting-alt05:23
*** baojg has joined #openstack-meeting-alt05:23
*** macza has joined #openstack-meeting-alt05:24
*** macza has quit IRC05:29
*** slaweq has joined #openstack-meeting-alt05:35
*** markvoelker has quit IRC05:43
*** igordc has joined #openstack-meeting-alt05:45
*** radeks has joined #openstack-meeting-alt05:51
*** e0ne has joined #openstack-meeting-alt05:52
*** e0ne has quit IRC05:53
*** lbragstad_503 has quit IRC05:57
*** vishakha has joined #openstack-meeting-alt06:06
*** ijw has quit IRC06:21
*** vishalmanchanda has joined #openstack-meeting-alt06:34
*** markvoelker has joined #openstack-meeting-alt06:40
*** lpetrut has joined #openstack-meeting-alt07:12
*** ccamacho has joined #openstack-meeting-alt07:12
*** markvoelker has quit IRC07:14
*** igordc has quit IRC07:27
*** baojg has quit IRC07:36
*** tssurya has joined #openstack-meeting-alt07:41
*** baojg has joined #openstack-meeting-alt08:03
*** macza has joined #openstack-meeting-alt08:05
*** kopecmartin|off is now known as kopecmartin08:08
*** macza has quit IRC08:09
*** apetrich has joined #openstack-meeting-alt08:10
*** jtomasek has joined #openstack-meeting-alt08:10
*** markvoelker has joined #openstack-meeting-alt08:10
*** markvoelker has quit IRC08:43
*** masahito has joined #openstack-meeting-alt08:55
*** rcernin has quit IRC08:56
*** priteau has quit IRC08:56
*** priteau has joined #openstack-meeting-alt08:57
priteau#startmeeting blazar09:00
openstackMeeting started Tue Jan 22 09:00:00 2019 UTC and is due to finish in 60 minutes.  The chair is priteau. Information about MeetBot at http://wiki.debian.org/MeetBot.09:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.09:00
*** openstack changes topic to " (Meeting topic: blazar)"09:00
openstackThe meeting name has been set to 'blazar'09:00
priteau#topic Roll call09:00
*** openstack changes topic to "Roll call (Meeting topic: blazar)"09:00
masahitoo/09:00
priteauHi masahito09:01
tetsuroo/09:02
priteauHi tetsuro09:02
priteauAgenda for today: stein-3 milestone and AOB09:03
priteau#topicstein-3 milestone09:03
priteau#topic stein-3 milestone09:03
*** openstack changes topic to "stein-3 milestone (Meeting topic: blazar)"09:03
priteauWe have several patch series in progress09:04
priteauI have tried to fix the Tempest API tests for resource allocation: https://review.openstack.org/#/c/586859/09:05
priteauThere are still errors that need to be investigated09:05
priteauWhile browsing the logs, I noticed some errors related to placement09:06
priteaue.g. http://logs.openstack.org/59/586859/4/check/blazar-devstack-dsvm/e884936/logs/screen-blazar-m.txt.gz#_Jan_15_07_41_09_08796809:06
priteautetsuro: Do you think you could take a look and check why we're seeing these errors?09:06
tetsuropriteau: got it09:07
priteauThere was also a placement-related bug open: https://bugs.launchpad.net/blazar/+bug/181264209:08
openstackLaunchpad bug 1812642 in Blazar "Host creation failed with the error "Remote error: ResourceProviderCreationFailed Failed to create resource provider blazar_<hostname>" [Undecided,New]09:08
tetsuroOkay. Looks like I should see that.09:08
masahitopriteau: thanks for updating the patch.09:09
priteauWe still have a few weeks to squash bugs but we need stable code near the release09:09
priteauThe new patch set from tetsuro also needs reviews: https://review.openstack.org/#/q/status:open+project:openstack/blazar+branch:master+topic:bp/no-affinity-instance-reservation09:12
masahitoI reviewed few patches in the set.09:14
priteauThanks masahito09:15
priteautetsuro: I just added you to the blazar-core and blazar-release groups :-)09:15
masahitoOne question for all is should blazar accept affinity=True/None before merging the patch series?09:16
masahitoWelcome to the team :-)09:16
tetsuropriteau: Ah, thanks. I work to merge good things.09:16
tetsuromasa: thanks09:16
priteaumasahito: I don't understand your question09:17
masahitoThe first patches removes the constraints for affinity option. But some patches on the first one have some changes for supporting affinity=True/None.09:18
tetsuroI think I understanc your question.09:19
masahitoMy question is should the constraints be removed at end of the patch series?09:19
tetsuroI think you want me to move the constraints check and DB upgrade part from the bottom of the series to top of the series.09:20
tetsurowhich sounds fair to me.09:21
masahitoright.09:21
tetsuroAck, will do.09:21
priteauSounds good. You can also rebase on top of master while you're working on it.09:21
tetsuroroger, captain :)09:22
priteaumasahito: Is this patch dependent on soft delete? https://review.openstack.org/#/c/585698/09:23
masahitoyes09:24
priteauOK, I need to revisit my soft delete patch09:24
*** tssurya has quit IRC09:25
masahitoWe can merge rest of the patch set to support allocation API and revisit it after blazar support soft-delete.09:25
priteauSounds good to me09:25
priteauWe need another +2 for bp/resource-allocation-api, from either Bertrand of Tetsuro09:26
tetsuroWill revisit it tomorrow if possiblw.09:26
priteauAnd also working API tests would be good :)09:27
priteauAnything else to discuss for stein-3 patches?09:29
tetsuronope09:30
masahitonothing09:30
priteau#topic AOB09:31
*** openstack changes topic to "AOB (Meeting topic: blazar)"09:31
priteauAnything else to share?09:31
tetsuronope09:33
masahitonope09:33
priteauNothing special from me either, so we can finish early this week. More time to work on patches :-)09:34
priteauHave a good week everyone, talk to you next Tuesday!09:34
masahitoHave a good week, too!09:35
masahitobye.09:35
priteau#endmeeting09:35
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"09:35
openstackMeeting ended Tue Jan 22 09:35:50 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)09:35
openstackMinutes:        http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-01-22-09.00.html09:35
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-01-22-09.00.txt09:35
openstackLog:            http://eavesdrop.openstack.org/meetings/blazar/2019/blazar.2019-01-22-09.00.log.html09:35
tetsuroThanks!09:36
*** tetsuro has quit IRC09:36
*** iyamahat_ has quit IRC09:40
*** markvoelker has joined #openstack-meeting-alt09:40
*** derekh has joined #openstack-meeting-alt09:41
*** bhavikdbavishi has quit IRC09:51
*** baojg has quit IRC09:57
*** baojg has joined #openstack-meeting-alt09:58
*** masahito has quit IRC10:00
*** iyamahat has joined #openstack-meeting-alt10:01
*** erlon has joined #openstack-meeting-alt10:08
*** baojg has quit IRC10:09
*** markvoelker has quit IRC10:13
*** erlon_ has joined #openstack-meeting-alt10:23
*** e0ne has joined #openstack-meeting-alt10:24
*** erlon has quit IRC10:26
*** tetsuro has joined #openstack-meeting-alt10:34
*** bhavikdbavishi has joined #openstack-meeting-alt10:56
*** markvoelker has joined #openstack-meeting-alt11:10
*** apetrich has quit IRC11:13
*** sridharg has quit IRC11:44
*** markvoelker has quit IRC11:44
*** sridharg has joined #openstack-meeting-alt11:47
*** radeks_ has joined #openstack-meeting-alt11:52
*** radeks has quit IRC11:55
*** apetrich has joined #openstack-meeting-alt11:57
*** bhavikdbavishi has quit IRC12:07
*** macza has joined #openstack-meeting-alt12:21
*** ttsiouts has joined #openstack-meeting-alt12:22
*** e0ne has quit IRC12:25
*** macza has quit IRC12:26
*** e0ne has joined #openstack-meeting-alt12:30
*** bhavikdbavishi has joined #openstack-meeting-alt12:36
*** tssurya has joined #openstack-meeting-alt12:38
*** markvoelker has joined #openstack-meeting-alt12:41
*** tetsuro has quit IRC12:53
*** baojg has joined #openstack-meeting-alt13:00
*** radeks_ has quit IRC13:06
*** radeks_ has joined #openstack-meeting-alt13:06
*** markvoelker has quit IRC13:09
*** bhavikdbavishi has quit IRC13:17
*** bhavikdbavishi has joined #openstack-meeting-alt13:19
*** lpetrut has quit IRC13:20
*** bhavikdbavishi has quit IRC13:28
*** lpetrut has joined #openstack-meeting-alt13:28
*** jcoufal has joined #openstack-meeting-alt13:35
*** priteau has quit IRC13:46
*** bhavikdbavishi has joined #openstack-meeting-alt13:51
*** lbragstad_503 has joined #openstack-meeting-alt13:56
*** lbragstad_503 is now known as lbragstad14:03
*** e0ne has quit IRC14:05
*** e0ne has joined #openstack-meeting-alt14:08
*** TxGirlGeek has joined #openstack-meeting-alt14:18
*** priteau has joined #openstack-meeting-alt14:21
*** lbragstad has quit IRC14:23
*** lbragstad has joined #openstack-meeting-alt14:26
*** ttsiouts has quit IRC14:39
*** TxGirlGeek has quit IRC14:39
*** ttsiouts has joined #openstack-meeting-alt14:39
*** ttsiouts has quit IRC14:41
*** ttsiouts has joined #openstack-meeting-alt14:41
*** efried_mlk is now known as efried14:45
*** eggmaster is now known as eggs14:56
*** efried1 has joined #openstack-meeting-alt15:00
*** wxy| has joined #openstack-meeting-alt15:00
*** efried has quit IRC15:01
*** efried1 is now known as efried15:01
*** hongbin has joined #openstack-meeting-alt15:09
*** liuyulong has joined #openstack-meeting-alt15:13
*** ijw has joined #openstack-meeting-alt15:28
*** ccamacho has quit IRC15:37
*** ccamacho has joined #openstack-meeting-alt15:37
*** sridharg has quit IRC15:43
*** lpetrut has quit IRC15:46
*** gagehugo has joined #openstack-meeting-alt15:51
*** dklyle has joined #openstack-meeting-alt15:53
*** TxGirlGe_ has joined #openstack-meeting-alt15:55
*** ayoung has joined #openstack-meeting-alt15:58
*** efried has quit IRC16:00
lbragstad#startmeeting keystone16:00
openstackMeeting started Tue Jan 22 16:00:42 2019 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
*** openstack changes topic to " (Meeting topic: keystone)"16:00
openstackThe meeting name has been set to 'keystone'16:00
lbragstad#link https://etherpad.openstack.org/p/keystone-weekly-meeting16:00
lbragstadagenda ^16:00
cmurphyo/16:00
* cmurphy in double meetings16:00
lbragstadhola16:00
kmalloco/16:01
wxy|o/16:01
*** TxGirlGe_ has quit IRC16:01
kmallochi wxy| !16:01
kmalloc:)16:01
wxy|kmalloc: welcome back~16:01
gagehugoo/16:01
vishakhao/16:01
kmallocthanks! :)16:01
lbragstadwe have quite a bit to get through today16:02
* ayoung mentally pronounces wxy| as Waxy.16:02
lbragstadso we'll go ahead and get started16:02
lbragstad#topic Announcements16:02
*** openstack changes topic to "Announcements (Meeting topic: keystone)"16:02
lbragstad#info Feature proposal freeze is next week16:02
lbragstadI *think* all features have code in review, which is good16:02
kmallocayoung: so i'm hearing the boston accent with that pronunciation (at least in my head)16:02
lbragstad#info Feature freeze is 6 weeks out16:02
kmalloclbragstad: nice. that is good news16:03
lbragstadso - this one concerns me a bit mroe16:03
lbragstadespecially with gate status over the last release16:03
lbragstadand there are a lot of things that need review16:03
kmallocrealistically we can push things through past the freeze if it's just gate failures16:03
lbragstadwe can - but it takes away from time we spend firming up the release16:04
kmallocwe have plenty of time on that front16:04
ayoungwxy|, https://review.openstack.org/#/c/605235/  is easy except for updating the error message16:04
kmallocreally16:04
lbragstadjust something to be mindful of16:04
kmallocif the code is really just a gate failure, it should not be subjected to feature freeze16:04
lbragstadalso - the PTL self-nomination period starts in 6 weeks16:05
ayounglbragstad, this your last go-round?16:05
lbragstadif you're thinking about running and would like some more information about the role or have questions in general, please don't hesitate to reach out16:05
lbragstadi've always been a proponent that leadership changes are healthy16:06
lbragstadjust something to think about as we get closer to that date16:07
lbragstad#topic Previous action items16:07
*** openstack changes topic to "Previous action items (Meeting topic: keystone)"16:07
kmallocpeople should be encouraged to run even if lance is running again16:07
lbragstadlast week we had an action item to go through the TC vision statement and red line it16:07
lbragstadkmalloc ++16:07
lbragstadcmurphy put together some notes16:08
kmallochowever, i would like to have lance let us know earlier rather than at the wire if he is planning to run (he may of course change his mind)16:08
lbragstad#link https://etherpad.openstack.org/p/keystone-technical-vision-notes16:08
lbragstadkmalloc at this point, i'm not planning on it16:08
kmalloclbragstad: thanks for the clarification16:08
lbragstadso - i'd like for us to go through what is in that etherpad16:09
*** efried has joined #openstack-meeting-alt16:09
lbragstadand treat it like a discussion16:09
*** TxGirlGeek has joined #openstack-meeting-alt16:09
ayoungSelf service is fairly close to non-existant in OpenStack16:09
lbragstadultimately, we'll be putting a version of that into our contributor guide16:10
ayoungI mean, in Keystone16:10
vishakhaI also pasted some points that satisfies the pillars of cloud https://etherpad.openstack.org/p/vision16:10
lbragstadayoung right - keep in mind this is a vision statement16:10
ayoungIf we are going to embrace that, we need to be serious and talk it through16:10
lbragstadand is designed to help us make decisions that enable it16:10
ayoungA user needs to be able to create a project, and needs to be able to delete a project.  And they need to have all their resources cleaned up when they do that.  That is baseline for Azure an AWS, and so far from what we can do in OpenStack16:11
kmallocayoung: with a drive towards a full featured idp, self service is much more important than the early-on design of keystone16:11
* knikolla will read back on the meeting logs. Getting on a plane from ROC to BOS.16:12
lbragstadright - the idea here is to just get agreement on the specifics of keystone's vision (since it's more detailed than what is in the openstack cloud vision)16:12
ayoungI'm not making that connection.  I mean, I agree, but how is that due to IdP?16:12
gagehugoknikolla have a safe flight16:12
lbragstadsafe flight knikolla16:13
kmallocayoung: because we can't rely on an external project to do it for us. a real full-featured service allows for at least grantable self-service in my view16:13
ayoungSo what you are saying is "now it is time to to all the things right.?"16:14
kmallocit may not be the default behavior (to begin with) but it shouldn't be arcane invocations to allow it to happen.16:14
ayoungThe resource cleanup is my nightmare, but OK16:15
kmallocif we're making big changes, don't stop short16:15
*** dims has quit IRC16:15
kmallocnot so much "just do it" or "do it all the things right" (we can aspire to that last one... but we might miss)16:15
lbragstadis there anything in that etherpad that people disagree with from a vision-perspective?16:16
ayoungNope, it is good as far as it goes.16:17
kmallocit looks good to me.16:17
lbragstadeven if there is - i wouldn't be opposed to getting this into review, so we can iterate on it there16:17
lbragstadwe should make it a habit to come back to this every release and keep it in check16:18
lbragstadbut if people don't have anything major here, we can move on16:18
lbragstad#topic Stein Features16:19
*** openstack changes topic to "Stein Features (Meeting topic: keystone)"16:19
lbragstadthis is just a touch point based on what we've committed to for the release16:19
lbragstadI think ayoung has an implementation up for explicit domain ids?16:19
ayoungyeah, there is a problem with error messages so I've had to leave it for a bit16:20
ayoungits dumb and I should have solved it already16:20
ayoungbut...16:20
lbragstadno major blockers?16:20
*** dims has joined #openstack-meeting-alt16:20
ayounghttps://github.com/openstack/keystone/blob/master/keystone/resource/core.py#L22516:20
ayoungif someone wants to swat it, I'd appreciate16:20
lbragstadgood to know16:20
ayoungright now, it gives the wrong error, as wxy| noted16:21
lbragstadack16:21
ayoungBut to fix, I need to know why we got a conflict error, which is more of a rewrite than I wanted to do16:21
kmallocoh. huh16:21
ayoungmaybe I could make one message for both?16:21
ayoung"Now it always says the name is duplicated even using different name but the same id."16:21
kmallocit should be super simple to check why there is a conflict.16:22
kmallocbut if not, feel free to say "name or id is duplicated"16:22
kmallocwe've done similar in the past.16:22
ayoungI think for now I'll do that, and we can fix it after it merges and one of us goes "Duhr...it shouod have benn..."16:23
lbragstadi'll make sure to poke at that when i review it16:23
kmalloci'll look at the conflict exception16:23
kmallocit might already be bubbled up for us.16:23
lbragstadotherwise - no major blockers i assume?16:23
kmallocor the SQL-A bit(s)16:24
lbragstadok - moving on16:25
lbragstadwxy| has reviews up for domain limit support16:25
lbragstadand they are looking pretty good16:25
wxy|lbragstad: have to refresh the patches according to your comments.16:26
*** ianychoi has joined #openstack-meeting-alt16:26
lbragstadafaict, i'm not seeing anything major that should block this, but more eyes would be good16:26
wxy|I'll do that later.16:26
lbragstadawesome - i'll take another look this week then16:26
lbragstadcmurphy has WIP patches up for app creds16:27
lbragstadand capability lists16:27
ayoungW00t!16:27
lbragstadi'm not sure if she's looking for reviews yet16:27
lbragstadbut something to keep tabs on16:27
lbragstador check out and play with locally16:28
lbragstadi have a series of patches up for the JWS token provider16:28
lbragstadand they are ready for review16:28
ayoungcool.  I'll look16:28
lbragstadi spent last week digging into the crypto stuff and checking on some things for jwt based on the PyJWT implementation16:28
lbragstadi've proposed updates to the specification - and rewrote the implementation accordingly16:29
lbragstadfeedback is welcome16:29
lbragstadlast feature we have a specification for is MFA receipts16:29
lbragstadwhich is only waiting on documentation16:29
lbragstad#link https://review.openstack.org/#/c/580535/16:29
lbragstadbut that's it for formal feature work16:30
lbragstadany questions, comments, or concerns here?16:30
lbragstadalright - moving on16:31
lbragstad#topic Reviews that need attention16:31
*** openstack changes topic to "Reviews that need attention (Meeting topic: keystone)"16:31
lbragstaddoes anyone have patches they need eyes on?16:31
lbragstadoutside of what we've already talked about?16:32
ayoungAside from that one that languished....16:32
ayoungI'd like you to remove the -1 from the other id based on...16:33
*** ccamacho has quit IRC16:33
ayounghttps://review.openstack.org/#/c/605169/16:34
lbragstadah - just pulled it up16:34
ayoungThere is nothing wrong with provider-to-provider calls16:34
ayoungProviders are our own abstraction for things we can swap out, and in this case, the  id as a provider is the right abstraction16:34
lbragstadmy concerns wasn't provider to provider16:34
ayoungthat was the comment16:34
lbragstadmy concern was backend to provider16:34
kmallocno it is a driver -> provider16:34
kmallocand this is an exceptional case, imo16:35
vishakhaI need some eyes on https://review.openstack.org/#/c/588211/16:35
lbragstadvishakha cool - i saw that get updated, i can take another look16:35
kmalloclbragstad: we should generally move id generation up higher.16:35
kmallocbut it's a bit of a mess right now.16:36
lbragstadkmalloc what makes this exceptional in your opinion?16:36
vishakhalbragstad: Thanks16:36
kmallocthe nature of how ids are generated in general16:36
kmallocin trying to keep that change as small as possible moving it up is a lot more code16:36
kmalloci'd rather see it as a separate cleanup16:36
kmallocif that makes sense.16:36
ayoungcmurphy, I think that vishakha 's request is really for you, as he addressed you comments mostly in his last commit?16:36
kmallocand cover all id generation, pass ids down to the driver consistently16:36
ayoungkmalloc, yeah, agreed.16:36
lbragstadi need to look at the id generation code16:37
ayoungthe alternative is to change the method signature everywhere to pass in the id16:37
kmallocsure. just in general driver should *never* generate ids16:37
ayoungand...there is not much benefit to that.16:37
kmallocwe should fix that, and the manager should always pass down the id.16:37
kmallocexplicitly everywhere16:37
ayoungExactly, so it is better to get the IDs from the id generator directly.16:37
vishakhaayoung: its she not he :)16:37
kmallocbut that is a bigger change.16:37
ayoungvishakha, my apologies16:38
ayoungand...good to meet yoou!16:38
cmurphyayoung: yes i'll take a look soon16:38
* ayoung has been out of it for too long16:38
vishakhaayoung:  same here16:38
ayoungvishakha, you coming to Denver?16:38
* kmalloc is happy to return with new faces at the meeting16:38
kmallocoh man, that's coming up soon isn't it?16:38
*** e0ne has quit IRC16:38
ayoungayuh16:38
kmalloci need to make sure i have travel funding for that and book it/tickets16:38
vishakhaayoung: I hope a session of mine is selected. Then I will be there for sure16:39
ayoung++16:39
*** e0ne has joined #openstack-meeting-alt16:39
kmallocvishakha: well good luck! hope your session is selected and it makes it easier to join us :)16:39
ayoungkmalloc, ROAD TRIP...Oh Wait, you are on the wrong coast, damnit16:39
vishakhakmalloc: thanks. Nice to meet you too16:39
kmallocayoung: fly to seattle, hope brie will join and we can drive again :P16:39
lbragstadayoung i'll take another look - i need to see the id generation stuff16:40
kmallocbut we only have 1 car now... so if she doesn't join... anyway... talk later.16:40
ayounglbragstad, sounds good.16:40
lbragstadayoung thanks for bringing it up again16:40
lbragstadanyone else have reviews that need attention besides ayoung and vishakha ?16:40
ayounglbragstad, Iguess the other thing is to fix this one16:41
ayounghttps://review.openstack.org/#/c/623117/16:41
* lbragstad nods16:41
ayoungthat was a quick spike to externalize the id generation16:42
lbragstadok - looks like it needs some cleanup, but we're targeting it for stein?16:43
ayounglbragstad, that is the alternative way.  I would rather not16:43
lbragstadoh16:43
ayoungI think some of those test failures are significant16:43
lbragstadi'll keep tabs on it and revisit it if you come back to it16:44
ayoungBut we can do that longer term if we want to externalize ALL of the Id generation like kmalloc suggested16:44
lbragstadgot it16:44
kmallocand we should.16:44
kmallocbut that should be a consistency fix across all of keystone16:44
lbragstadok16:44
ayoungLets put that on the Train then16:44
ayoungnot in the Stein16:44
ayoung:)16:44
kmalloc++16:45
kmallocdamn you beat me to the joke :P16:45
kmalloci was typing the same exact thing.16:45
lbragstadi have some reviews i'd like to get feedback on16:45
lbragstad#link https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:implement-default-roles16:45
ayoung"For all our mutual experience our separate conclusions are the same."16:45
lbragstadmost of those are trying to address #link https://bugs.launchpad.net/keystone/+bugs?field.tag=policy16:45
ayoungWow16:46
lbragstadi'm hesitant to push more until some of those start merging16:46
lbragstadbut the majority of them are strings of 5 - 6 patches16:46
ayounglbragstad, I'll commit to moving them along16:46
*** jaosorior has joined #openstack-meeting-alt16:47
lbragstadif anyone has questions - i'm available to help walk folks through the approach16:47
lbragstadvishakha has been helping on that front, too16:47
ayoungI should be able to help there16:48
lbragstadwe have a few topics left16:48
vishakhalbragstad: I updated the role assignment patch too. https://review.openstack.org/#/c/609210/. You can have a look16:48
lbragstadvishakha will do - thanks!16:48
lbragstadif that's it for reviews, we can move on16:48
lbragstad#topic Launchpad16:48
*** openstack changes topic to "Launchpad (Meeting topic: keystone)"16:48
lbragstadI haven't been doing a good job of keeping launchpad in check this release16:48
lbragstadi'll be trying to get things back in order over the next week or two16:49
lbragstadreally just going through and updating closed bugs with appropriate milestones16:49
lbragstadand doing triage16:49
lbragstadif that's a process that interests you, just ping me16:49
lbragstad#topic Athenz plugin update16:49
*** openstack changes topic to "Athenz plugin update (Meeting topic: keystone)"16:49
ayounglbragstad, why is create_user system admin and not domain admin?16:49
*** aning has joined #openstack-meeting-alt16:50
* ayoung too slow16:50
lbragstadayoung sorry - lets sync after16:50
ayoung++16:50
lbragstadjames, from oath, it currently swamped in other things16:50
lbragstadhe was going to take a stab at drafting a spec for the athenz plugin oath open-sourced16:50
ayoungI got it anyway16:50
lbragstadtoday in the edge call, ildikov suggested that we consider drafting something and having him review it instead16:51
lbragstadi put this on the agenda to see if there are other interested parties16:51
ayoungknikolla has nothing better to do now16:51
lbragstadftr - this would clearly be something we would target for Train16:52
ayoungWhat would be the use case?16:52
ayoungadding Oath to an existing deployment. or making it easier for Yahoo to work with OpenStack?16:52
lbragstadathenz is an identity provider that issues tokens and x.509 certificates16:52
ayoungThat is all Federation, tho16:53
lbragstadright16:53
lbragstadthe general idea is to investigate generalizing the shadow mapping work we have in keystone16:53
lbragstadand instead of only having those properties come from SAML16:53
lbragstadthey could come from something like a certificate16:54
cmurphyi did some investigation and keystone is already capable of this without any changes16:54
lbragstadcmurphy oh - nice!16:54
cmurphyhttps://docs.openstack.org/keystone/latest/admin/external-authentication.html16:54
*** ttsiouts has quit IRC16:55
*** ttsiouts has joined #openstack-meeting-alt16:55
lbragstadcmurphy would we still need a way to send attributes from a cert to the shadow mapping?16:55
cmurphywe need to update our docs because the meat of how it works is in here https://docs.openstack.org/keystone/latest/admin/configure_tokenless_x509.html except that tokenless auth itself doesn't work that well right now16:56
ayoungany attributes in an assertion can show up in Keystone if the module can pass them16:56
cmurphythe mapping picks up the attributes from mod_ssl16:56
cmurphyso this helps for athenz but it doesn't help at all for edge because you still need to auth with keystone16:57
ayoungtokenless was such a good idea16:59
ayoungwe need to use that like, everywhere16:59
cmurphywe can talk about it more after the meeting16:59
lbragstadright now, athenz wraps the shadow mapping work we did, but what we have today with x.509 isn't a drop-in replacement?16:59
ayoungSo...assuming wee fix tokenless, what do we need to do?17:00
cmurphylbragstad: i think it is a drop-in replacement for what they do17:00
cmurphyayoung: https://bugs.launchpad.net/keystone/+bug/1811605 firt17:00
openstackLaunchpad bug 1811605 in OpenStack Identity (keystone) "Tokenless authentication is broken" [Undecided,New]17:00
cmurphyfirst*17:00
*** ttsiouts has quit IRC17:00
lbragstadack - let's move to -keystone17:00
cmurphyand then it seems like the middleware component was never fully working17:00
cmurphyor i couldn't get it to work17:00
lbragstadthanks for the time, everyone!17:00
*** efried has quit IRC17:00
lbragstad#endmeeting17:01
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"17:01
openstackMeeting ended Tue Jan 22 17:01:01 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:01
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-01-22-16.00.html17:01
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-01-22-16.00.txt17:01
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-01-22-16.00.log.html17:01
*** wxy| has quit IRC17:01
*** panda is now known as panda|off17:02
*** macza has joined #openstack-meeting-alt17:02
*** e0ne has quit IRC17:02
*** macza_ has joined #openstack-meeting-alt17:06
*** macza has quit IRC17:07
*** radeks__ has joined #openstack-meeting-alt17:08
*** radeks_ has quit IRC17:10
*** ccamacho has joined #openstack-meeting-alt17:16
*** ayoung has left #openstack-meeting-alt17:20
*** igordc has joined #openstack-meeting-alt17:28
*** radeks__ has quit IRC17:33
*** igordc has quit IRC17:39
*** radeks has joined #openstack-meeting-alt17:47
*** efried has joined #openstack-meeting-alt17:49
*** erlon_ has quit IRC17:49
*** radeks has quit IRC17:50
*** ccamacho has quit IRC17:51
*** bhavikdbavishi has quit IRC17:55
*** derekh has quit IRC18:00
*** priteau has quit IRC18:05
*** rdopiera has quit IRC18:19
*** rdopiera has joined #openstack-meeting-alt18:22
*** yamahata has quit IRC18:22
*** iyamahat has quit IRC18:22
*** iyamahat has joined #openstack-meeting-alt18:36
*** kopecmartin is now known as kopecmartin|off18:38
*** gagehugo has left #openstack-meeting-alt18:47
*** TxGirlGeek has quit IRC18:48
*** yamahata has joined #openstack-meeting-alt18:55
*** baojg has quit IRC18:57
*** baojg has joined #openstack-meeting-alt18:57
*** baojg has quit IRC18:58
*** baojg has joined #openstack-meeting-alt18:58
*** baojg has quit IRC18:58
*** baojg has joined #openstack-meeting-alt18:59
*** jesusaur has quit IRC18:59
*** baojg has quit IRC18:59
*** baojg has joined #openstack-meeting-alt18:59
*** TxGirlGeek has joined #openstack-meeting-alt18:59
*** baojg has quit IRC19:00
*** baojg has joined #openstack-meeting-alt19:00
*** baojg has quit IRC19:01
*** baojg has joined #openstack-meeting-alt19:01
*** baojg has quit IRC19:02
*** ianw_pto is now known as ianw19:02
*** baojg has joined #openstack-meeting-alt19:02
*** baojg has quit IRC19:02
*** baojg has joined #openstack-meeting-alt19:03
*** baojg has quit IRC19:04
*** baojg has joined #openstack-meeting-alt19:04
*** baojg has quit IRC19:05
*** baojg has joined #openstack-meeting-alt19:05
*** baojg has quit IRC19:06
*** iyamahat has quit IRC19:06
*** baojg has joined #openstack-meeting-alt19:06
*** iyamahat has joined #openstack-meeting-alt19:06
*** baojg has quit IRC19:06
*** e0ne has joined #openstack-meeting-alt19:07
*** baojg has joined #openstack-meeting-alt19:07
*** baojg has quit IRC19:08
*** baojg has joined #openstack-meeting-alt19:08
*** baojg has quit IRC19:09
*** baojg has joined #openstack-meeting-alt19:09
*** baojg has quit IRC19:09
*** baojg has joined #openstack-meeting-alt19:10
*** baojg has quit IRC19:10
*** baojg has joined #openstack-meeting-alt19:11
*** baojg has quit IRC19:11
*** TxGirlGeek has quit IRC19:11
*** baojg has joined #openstack-meeting-alt19:11
*** baojg has quit IRC19:12
*** baojg has joined #openstack-meeting-alt19:13
*** baojg has quit IRC19:13
*** TxGirlGeek has joined #openstack-meeting-alt19:14
*** baojg has joined #openstack-meeting-alt19:14
*** baojg has quit IRC19:14
*** baojg has joined #openstack-meeting-alt19:15
*** baojg has quit IRC19:15
*** baojg has joined #openstack-meeting-alt19:15
*** baojg has quit IRC19:16
*** baojg has joined #openstack-meeting-alt19:16
*** baojg has quit IRC19:17
*** baojg has joined #openstack-meeting-alt19:17
*** baojg has quit IRC19:17
*** baojg has joined #openstack-meeting-alt19:19
*** baojg has quit IRC19:20
*** jesusaur has joined #openstack-meeting-alt19:25
*** gryf has left #openstack-meeting-alt19:29
*** tssurya has quit IRC19:36
*** e0ne has quit IRC19:42
*** iyamahat_ has joined #openstack-meeting-alt19:43
*** TxGirlGeek has quit IRC19:46
*** iyamahat has quit IRC19:46
*** iyamahat__ has joined #openstack-meeting-alt19:48
*** iyamahat_ has quit IRC19:51
*** whoami-rajat has quit IRC19:52
*** diablo_rojo has joined #openstack-meeting-alt19:56
*** TxGirlGeek has joined #openstack-meeting-alt19:58
*** diablo_rojo has quit IRC20:05
*** dims has quit IRC20:40
*** dims has joined #openstack-meeting-alt20:42
*** jcoufal has quit IRC20:47
*** dims has quit IRC20:50
*** dave-mccowan has joined #openstack-meeting-alt20:51
*** isq has joined #openstack-meeting-alt20:52
*** dims has joined #openstack-meeting-alt20:52
*** baojg has joined #openstack-meeting-alt21:21
*** baojg has quit IRC21:27
*** efried has quit IRC21:30
*** efried has joined #openstack-meeting-alt21:30
*** dklyle has quit IRC21:39
*** priteau has joined #openstack-meeting-alt21:42
*** priteau has quit IRC22:08
*** rcernin has joined #openstack-meeting-alt22:10
*** slaweq has quit IRC22:12
*** rcernin has quit IRC22:17
*** rcernin has joined #openstack-meeting-alt22:19
*** TxGirlGeek has quit IRC22:24
*** TxGirlGe_ has joined #openstack-meeting-alt22:24
*** slaweq has joined #openstack-meeting-alt22:29
*** TxGirlGe_ has quit IRC22:31
*** slaweq has quit IRC22:33
*** lifeless_ is now known as lifeless22:34
*** TxGirlGeek has joined #openstack-meeting-alt22:40
*** baojg has joined #openstack-meeting-alt22:52
*** efried has quit IRC22:53
*** TxGirlGeek has quit IRC22:59
*** slaweq has joined #openstack-meeting-alt23:00
*** TxGirlGeek has joined #openstack-meeting-alt23:03
*** slaweq has quit IRC23:05
*** TxGirlGeek has quit IRC23:35
« Monday, 2019-01-21 Index Wednesday, 2019-01-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!