15:00:55 #startmeeting keystone 15:00:55 Meeting started Tue Nov 2 15:00:55 2021 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:55 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:55 The meeting name has been set to 'keystone' 15:01:01 #topic Roll Cal 15:01:04 Merged openstack/python-keystoneclient master: Fix doc error to unblock the gate https://review.opendev.org/c/openstack/python-keystoneclient/+/813810 15:01:05 *Call 15:01:31 o/ 15:01:35 Courtesy ping for ayoung, bbobrov, crisloma, d34dh0r53, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, ruan_he, wxy, sonuk, vishakha,Ajay, raildo, rafaelweingartner, xek 15:01:50 o/ 15:02:09 o/ 15:02:39 Hi y'all! 15:02:42 Let's get started 15:02:53 #topic Review Past Meeting Action Items 15:03:10 #link https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-26-15.00.html 15:03:17 We didn't have any action items... 15:03:22 ... moving on 15:03:35 #topic Liaison Updates 15:03:40 knikolla anything you want to sahre today? 15:03:44 *share 15:05:41 no, not really 15:06:10 Cool beans 15:06:12 let's move on 15:06:27 that probably says more about my not devoting a lot of time to doing those liaison roles, than anything, though. 15:08:12 Gotcha ... I'll try to keep an eye out on some of that stuff too 15:09:38 #topic OAuth 2.0 15:09:58 #link https://review.opendev.org/c/openstack/keystone-specs/+/813152 15:10:03 thanks for reviewing knikolla 15:10:11 still looking for gagehugo and lbragstad reviews 15:10:18 ack 15:11:23 Does not look like h_asahina is online so we can move on 15:13:26 #topic Secure RBAC 15:13:31 lbragstad any updates for today? 15:13:48 just one 15:14:00 #link https://review.opendev.org/c/openstack/governance/+/815158/ has been taking most if not all of my time upstream 15:14:09 and it's currently under review and discussion 15:14:20 any additional input is greatly appreciated 15:14:29 we will be having a meeting on it tomorrow - gmann set that up 15:14:41 but - it could affect things in keystone 15:14:47 and it might lead to another default role 15:15:12 Ah yeah, good to know 15:15:24 Do you have the details for the meeting tomorrow for folks interested in listening in? 15:15:37 i don't but let me check the mailing list 15:15:45 gmann sent out a poll last week 15:16:30 http://lists.openstack.org/pipermail/openstack-discuss/2021-October/025569.html 15:16:54 http://lists.openstack.org/pipermail/openstack-discuss/2021-November/025619.html 15:16:59 details ^ 15:17:04 tomorrow @ 15:00 UTC 15:17:04 awesome, thanks lbragstad 15:17:24 that's all i have unless folks have questions 15:20:53 Looks like we're good on questions 15:20:56 moving on 15:21:11 #topic Open Discussion 15:21:17 Anything else y'all want to talk about right now? 15:28:21 I'll take that as a no 15:28:25 let's move on to bugs 15:28:27 #topic Bug Review 15:28:38 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:29:00 No new bugs 15:29:31 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:29:37 and no new client bugs 15:30:17 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:30:22 and no new middleware bugs 15:32:36 Looking at the newest bugs 15:32:50 #link https://bugs.launchpad.net/keystone/+bug/1947870 15:33:04 > Keystone Kerberos auth broken when delegate to HTTP 15:33:32 We talked about this briefly last week. Anyone become a Kerberos expert since last week? 15:33:41 i have not 15:33:52 i'm still looking for that specific matrix card 15:35:43 heh 15:35:57 #link https://bugs.launchpad.net/python-keystoneclient/+bug/1945785 15:36:10 > Can't find project by project_id 15:39:27 This looks fairly easy to try to recreate 15:40:08 I might try to take a look at this one 15:40:17 seems like good low-hanging-fruit 15:40:40 #link https://bugs.launchpad.net/keystonemiddleware/+bug/1946117 15:40:48 > Unify keystone and keystonemiddleware cache 15:44:15 * redrobot realizes he doesn't know anything about Keystone caching 15:45:14 i think the benefit of that it that it would allow a token to get cached immediately, and then as soon as someone goes to nova to use that token and create a server - they would see the performance benefit 15:45:34 the keystone caching implementation is completely separate from ksm i think 15:45:53 It's an intersting bug report. I wonder why keystone and keystonemiddleware have different code for storing tokens to cache? Seems like a good place where common code could be used. 15:46:10 but if the keystone caching implementation for tokens and the caching implementation for ksm could be generalized - they could be shared 15:48:08 Is it typicall that the same cache is used for the keystone service and other services using the middleware? 15:48:27 i don't think so? 15:49:05 I can see where this would improve performance when they do 15:49:15 yeah for sure 15:50:30 What do we user for cache? Memcached? 15:50:40 yeah 15:52:28 So you'd have to have the same authn/authz for memcached in both services for this to work 15:56:58 well - we don't implement authn/authz for memcached yet 15:57:15 i think memcached supports SASL, but we don't support that yet in openstakc 15:57:31 or the python clients we use don't have support for it yet? 15:59:03 real quick - we do need to merge https://review.opendev.org/c/openstack/python-keystoneclient/+/784744 to unblock the python-keystoneclient gate 16:02:51 Looks like it's on its way to the merge gate 16:03:11 Aaaand that's all the time we have. 16:03:16 Thanks for joining, everyone! 16:03:18 #endmeeting