#openstack-keystone log

19:19:41 <lbragstad> #startmeeting keystone-office-hours
19:19:42 <openstack> Meeting started Tue Feb  6 19:19:41 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:19:43 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:19:45 <openstack> The meeting name has been set to 'keystone_office_hours'
19:19:48 <lbragstad> sorry about that
19:19:54 <cmurphy> lol
19:20:09 <gagehugo> :)
19:51:50 <lbragstad> cmurphy: https://review.openstack.org/#/c/529914/ looks ok to me, but it'd be good to get your feedback on it whenever you have a minute
19:52:03 <cmurphy> lbragstad: yeah i'm looking at it now
19:55:07 <lbragstad> wunderbar
19:57:39 <openstackgerrit> Eric Fried proposed openstack/keystoneauth master: DNM: Debug nova-next failure: user headers  https://review.openstack.org/541425
20:02:43 <openstackgerrit> Eric Fried proposed openstack/keystoneauth master: DNM: Debug nova-next failure: invalidate  https://review.openstack.org/541429
20:04:32 <openstackgerrit> Eric Fried proposed openstack/keystoneauth master: DNM: Debug nova-next failure: connection params  https://review.openstack.org/541431
20:08:52 <lbragstad> kmalloc: https://review.openstack.org/#/c/541074/ finishes up the self.<api> refactor in tests
20:10:37 <lbragstad> https://review.openstack.org/#/c/531915/ closes a bug, too
20:53:45 <kmalloc> lbragstad: sorry missed the meeting, was picking up Brie from the airport
20:53:57 <lbragstad> no worries
20:54:20 <cmurphy> lbragstad: +2 but with comments, maybe knikolla could take a look? https://review.openstack.org/#/c/529914/
21:01:21 <kmalloc> lbragstad: +2/+A on both of those 1074 and 1915
21:01:45 <lbragstad> fantastic
21:04:11 <lbragstad> quick question
21:04:31 <lbragstad> our install guide goes through port 35357
21:04:36 <lbragstad> and does the install based on that port
21:05:03 <lbragstad> thoughts on rewriting the install guide to use uwsgi + apache instead?
21:05:42 <lbragstad> and ProxyPass?
21:06:31 <lbragstad> so something like this for uwsgi https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone-uwsgi.ini.j2 and something like this for apache https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone-httpd.conf.j2#L109-L110 ?
21:07:47 <cmurphy> +1 but you might need to coordinate with distros who are shipping default vhost files
21:07:48 <lbragstad> with the removal of v2.0, we don't actually need both ports
21:08:04 <lbragstad> yeah - that's a good point
21:09:42 <gagehugo> so just 5000?
21:10:01 <lbragstad> well - it could be up to the deployers discretion
21:10:24 <lbragstad> because the port would only get used in the ProxyPass statement in apache configuration
21:10:59 <lbragstad> apache would be doing something like `ProxyPass /identity uwsgi://127.0.0.1:5000/`
21:11:11 <lbragstad> or `ProxyPass /identity uwsgi://127.0.0.1:8443/`
21:12:03 <lbragstad> and uwsgi would be running keystone on that port
21:13:30 <lbragstad> but you could also specify that port in apache, too i suppose
21:13:37 <lbragstad> https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone-httpd.conf.j2#L71-L72
21:13:43 <lbragstad> kinda like what osa does ^
21:14:49 <gagehugo> yea
21:15:11 <lbragstad> so you could specify http:$CONTROLLER_IP:5000/identity
21:15:48 <lbragstad> wait - actually
21:15:59 <lbragstad> it would be http://$CONTROLLER_IP/identity
21:16:12 <lbragstad> which would route to uwsgi internally on port 5000
21:16:58 <lbragstad> if i'm understand the apache config correctly
21:20:32 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Update sample configuration file for Queens  https://review.openstack.org/541447
21:30:36 <openstackgerrit> Kristi Nikolla proposed openstack/keystone master: WIP - Add opts --only-invalid and --remove-assignment for mapping_purge  https://review.openstack.org/487579
21:31:15 <openstackgerrit> Kristi Nikolla proposed openstack/keystone master: WIP - Add opts --invalid and --assignments for mapping_purge  https://review.openstack.org/487579
21:42:02 <lbragstad> cmurphy: do you know who maintains the package files for suse?
21:42:41 <cmurphy> lbragstad: yes
21:42:55 <cmurphy> my team
21:43:02 <cmurphy> can def help there
21:43:08 <lbragstad> sweet
21:43:23 <lbragstad> i kinda went down a rabbit hole looking for the debian packagers
21:43:50 <lbragstad> https://github.com/openstack/deb-keystone
21:43:57 <lbragstad> i think that's where they used to be
21:44:28 * lbragstad wonders if hrybacki knows who maintains the redhat package files for keystone
21:44:47 <gagehugo> lol
21:44:48 <cmurphy> i think the debian packages moved off of openstack infra
21:45:01 <cmurphy> but we don't have docs for debian anyways, need to engage the ubuntu people
21:45:28 <gagehugo> think the raspbian package for keystone is icehouse
21:45:35 <cmurphy> lol
21:45:39 <lbragstad> nice
21:45:44 <lbragstad> get it while it's hot
21:46:00 <hrybacki> oh jeez, ayoung might still be in charge of them? I'm sure that falls on my team however
21:47:37 <lbragstad> cmurphy: this looks like the right ubuntu team? https://wiki.openstack.org/wiki/Packaging/Ubuntu
21:47:44 <cmurphy> hrybacki: it's not just using delorean?
21:48:38 <cmurphy> lbragstad: yeah that looks right?
21:48:44 <hrybacki> cmurphy: I know that's involved but I'm not sure what's pushing the last leg of that (RDO->OSP) The pipeline is kind of confusing
21:49:02 <hrybacki> s/kind of//
21:49:33 <cmurphy> lbragstad: btw we're crunching to get a huge release out the door this month so i'm not going to want to propose major changes to the keystone package till march
21:50:01 <lbragstad> ack
21:50:48 <lbragstad> so - even though we don't include v2.0 in Queens, you think we should push of refactoring the entire install guide to include uwsgi + apache on a single port until later/
21:51:23 <cmurphy> ah actually scratch that, our release is based on pike so i can probably do whatever with the queens packages
21:52:10 <lbragstad> ok
21:52:12 <lbragstad> cool
21:54:15 <lbragstad> i was thinking it would be nice to have the install guide reflect the removal of v2.0
21:54:26 <lbragstad> i'm just wondering if it will be too late for that
21:54:49 <lbragstad> i kinda spaced on the whole default package files thing...
21:55:07 <lbragstad> and how that is not controlled in our repository
22:04:29 <hrybacki> lots of moving parts to juggle
22:14:32 <openstackgerrit> Colleen Murphy proposed openstack/keystone master: Remove all v2.0 APIs except the ec2tokens API  https://review.openstack.org/540141
22:19:08 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Remove v2 and v2-admin API documentation  https://review.openstack.org/540529
22:19:18 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Update curl request documentation to remove v2.0  https://review.openstack.org/539342
22:19:28 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Remove v2.0 extension documentation  https://review.openstack.org/540525
22:19:38 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Remove v2.0 from documentation guides  https://review.openstack.org/540499
22:21:24 <cmurphy> oops sorry :(
22:22:18 <lbragstad> cmurphy: you're good - thanks for fixing that
22:24:21 <lbragstad> getting some information on the ubuntu packages http://paste.openstack.org/show/664081/
22:24:35 <lbragstad> ^ because they don't have logging on that channel
22:24:49 <lbragstad> but the TL;DR is that it is here - https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/keystone/tree/debian/keystone.conf
22:28:31 <cmurphy> lbragstad: we still have this in ksm http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/_auth.py#n66 :( we should probably fix that
22:29:31 <lbragstad> yeah... we have a card for all that https://trello.com/c/rP53zMgc/16-remove-v20-api-support-from-libraries
22:33:39 <lbragstad> cmurphy: that can be fixed in rocky, yeah?
22:38:29 <cmurphy> lbragstad: yeah i guess? some people are going to have broken paste configs and it's not going to be clear why
22:38:34 <cmurphy> http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/__init__.py#n889
22:40:46 <cmurphy> i think this is what broke tripleo's CI, someone might think they're all converted to v3 but the weirdness in ksm's auth plugin handler can trick you
22:43:16 <lbragstad> hmm
22:43:33 <lbragstad> if we were go to a single port with package installs, would there be a recommended port to listen on?
22:43:38 <lbragstad> 35357 or 5000?
22:44:24 <cmurphy> 80/443 :)
22:45:06 <lbragstad> ++
22:47:29 <lbragstad> full conversation from #openstack-pkg http://paste.openstack.org/show/664112/
22:47:44 <lbragstad> looks like we'll get some assistance from the ubuntu folks!
23:07:22 <cmurphy> #endmeeting