Tuesday, 2013-02-19

« Monday, 2013-02-18 Index Wednesday, 2013-02-20 »
*** troytoman is now known as troytoman-away00:01
*** flaper87 has quit IRC00:01
*** colinmcnamara has quit IRC00:07
*** stevebaker has quit IRC00:11
*** rpedde is now known as rpedde_away00:11
*** stevebaker has joined #openstack-dev00:12
*** tomoe_ has quit IRC00:14
*** datsun180b has quit IRC00:16
*** stevebaker has quit IRC00:19
*** cloudchimp has quit IRC00:23
topolayoung, so I am debugging the devstack ldap integration.  I noticed something nasty with the existing code that adds tenants to projects.  Objectclass groupOfNames requires a member and a desc. When I run from devstack, description (which maps to desc is None) and member isn't a listed attribute.  How did this work before with mapping tenants to something with an ObjectClass groupofNames.  I...00:27
topol...was hoping to get this working by just changing values in the keystone.conf file but I fear I may need to update the mappings in the ldap/core.py file.  Am I missing something?00:27
*** stevebaker has joined #openstack-dev00:27
*** dontalton has quit IRC00:27
Ryan_Lanedescription isn't a required attribute of groupofnames00:28
*** donaldh has quit IRC00:28
Ryan_Lanemember also isn't required00:28
Ryan_Laneonly cn is00:28
topolRyan_Lane here is the error I get when I run:  OBJECT_CLASS_VIOLATION: {'info': "object class 'groupOfNames' requires attribute 'member'", 'desc': 'Object class violation'}00:29
*** pabelanger has quit IRC00:30
Ryan_Lanewhat directory server are you using?00:30
Ryan_Lanethat makes no sense. how would you have empty groups?00:30
*** alszar has quit IRC00:30
topolopenldap00:31
Ryan_Lanewell, holy crap, the rfc says its required00:31
topol:-)00:31
*** roampune1 has joined #openstack-dev00:33
Ryan_LaneI definitely have groups with no member, though00:33
*** eharney has quit IRC00:33
*** roampune has quit IRC00:35
*** bencherian has joined #openstack-dev00:36
Ryan_Lanehah. opendj's directory schema only defines cn as must. that seems non-rfc standard to me :D00:42
*** jcmartin has joined #openstack-dev00:42
*** anteaya has quit IRC00:43
Ryan_Lanehttp://lists.forgerock.org/pipermail/opendj/2012-November/002354.html \o/00:43
openstackgerritA change was merged to openstack/keystone: Workaround Migration issue with PostgreSQL  https://review.openstack.org/2221500:46
openstackgerritA change was merged to openstack/keystone: Add pysqlite as explicit test dep  https://review.openstack.org/2206600:46
openstackgerritA change was merged to openstack/keystone: project membership to role conversion  https://review.openstack.org/2132700:47
*** digitalsanctum has quit IRC00:49
*** rnirmal has quit IRC00:50
*** sacharya has joined #openstack-dev00:52
*** jergerber has quit IRC00:53
*** roampune1 has quit IRC00:53
*** yamahata has quit IRC00:56
*** apmelton has quit IRC01:00
adam_gis the glance_api_servers flag in nova.conf still relevant, or can that be set to resolve via the keystone catalog?01:01
openstackgerritA change was merged to openstack/keystone: Remove usage of UserRoleAssociation.id in LDAP  https://review.openstack.org/1981501:01
*** sthaha has joined #openstack-dev01:02
openstackgerritA change was merged to openstack/nova: remove intermediate libvirt downloaded images  https://review.openstack.org/2195501:02
*** winston-d_ has joined #openstack-dev01:02
openstackgerritA change was merged to openstack/nova: Add libvirt XML schema support for resource tuning parameters  https://review.openstack.org/2210301:02
*** jaybuff1 has joined #openstack-dev01:03
*** jaybuff has quit IRC01:05
*** jaybuff1 has quit IRC01:07
*** mrodden has quit IRC01:09
*** shang has joined #openstack-dev01:09
*** yamahata has joined #openstack-dev01:09
*** bknudson has quit IRC01:11
*** darjeeling has quit IRC01:12
*** stevebaker has quit IRC01:12
*** stevebaker has joined #openstack-dev01:12
*** imsplitbit has quit IRC01:15
*** yaguang has joined #openstack-dev01:18
*** jog0_ has joined #openstack-dev01:19
*** jog0_ has quit IRC01:19
*** pixelbeat has quit IRC01:19
*** adalbas has quit IRC01:22
*** hemna has joined #openstack-dev01:22
*** jog0 has quit IRC01:23
*** markwash has quit IRC01:23
*** pixelbeat has joined #openstack-dev01:24
*** bdpayne has quit IRC01:26
ayoungtopol, so, we can drop that aspect anyway.01:31
ayoungwe won;'t have users as memberOf anymore01:31
ayounginstead, it will all be done via roles01:31
ayoungtopol just merged https://review.openstack.org/#/c/21327/01:32
*** devoid has quit IRC01:33
*** thingee is now known as thingee_zzz01:33
ayoungtopol,  Ryan_Lane  So we can stop using groupOfNames, even, but it seems to me that memberOf can be empty, no?01:33
*** otherwiseguy has quit IRC01:39
openstackgerritA change was merged to openstack/oslo-incubator: blueprint amqp-rpc-fast-reply-queue  https://review.openstack.org/1972101:40
*** mrodden has joined #openstack-dev01:40
*** Tross has quit IRC01:40
*** Tross has joined #openstack-dev01:42
*** danwent has joined #openstack-dev01:47
*** ek6 has quit IRC01:47
openstackgerritA change was merged to openstack/oslo-config: Make sure to install the oslo package as well.  https://review.openstack.org/2225001:51
*** dprince has joined #openstack-dev01:51
*** zyluo has joined #openstack-dev01:52
*** jcmartin has quit IRC01:53
*** sthaha has quit IRC01:55
*** salv-orlando has quit IRC01:56
*** alexxu has joined #openstack-dev01:58
*** doude has quit IRC01:58
*** jcmartin has joined #openstack-dev01:58
zyluogongysh, ping01:58
gongyshzyluo: hi01:59
zyluogongysh, do you have spare time after lunch for a patch review02:00
gongyshzyluo: what is it?02:00
*** bing_bu has joined #openstack-dev02:00
gongyshzyluo: wadl?02:00
zyluoyes that one02:00
gongyshzuluo: sure, I will contact u then.02:01
zyluogongysh, https://review.openstack.org/#/c/21038/4..6/tools/wadl/extract_attrs.py02:01
zyluogongysh, this will help you to see the history thanks!02:01
*** pixelbeat has quit IRC02:02
openstackgerritA change was merged to openstack/nova: Add image to request_spec during resize  https://review.openstack.org/2202002:02
*** njoy1__ has joined #openstack-dev02:06
*** njoy_ has quit IRC02:06
*** cloudchimp has joined #openstack-dev02:07
*** darjeeling has joined #openstack-dev02:11
*** cloudchimp has quit IRC02:12
*** pcm_ has joined #openstack-dev02:12
*** sthaha has joined #openstack-dev02:12
*** hemna has quit IRC02:14
*** sacharya1 has joined #openstack-dev02:19
*** johnpur has joined #openstack-dev02:19
*** sacharya has quit IRC02:22
*** dprince has quit IRC02:25
*** pcm_ has quit IRC02:25
*** jcmartin has quit IRC02:26
*** cloudchimp has joined #openstack-dev02:27
topolayoung, Im back from dinner :-).  So if we drop groupOfNames then do we need to use something else?  Can you fpaste what you thought the ldap structures would look like?02:29
topolayoung, I will download the new code02:31
topollooks like a big change in structure02:31
*** thickskin has joined #openstack-dev02:32
*** gary has joined #openstack-dev02:33
*** gary is now known as Guest8712802:33
*** markmcclain has quit IRC02:34
*** shang_ has joined #openstack-dev02:35
*** Guest87128 has left #openstack-dev02:36
*** shang has quit IRC02:37
*** ajia_afk is now known as ajia02:40
*** baba has quit IRC02:41
*** bdpayne has joined #openstack-dev02:42
openstackgerritA change was merged to openstack/nova: Add and check data functions for test_migrations 141  https://review.openstack.org/2154802:43
*** Mandell has quit IRC02:49
*** imsplitbit has joined #openstack-dev02:50
*** johnpur has quit IRC02:51
*** espen__ has quit IRC02:52
*** espen__ has joined #openstack-dev02:52
*** vipul is now known as vipul|away02:52
*** hemna has joined #openstack-dev02:55
ayoungtopol, hold on, fighting other fires02:55
topolayoung, no worries.  I can wait.  I will put something on tomorrow's keystone mtg agenda.   I will go back and do some more reviews until you get some of the fires out02:58
*** shang_ has quit IRC02:59
*** soody has joined #openstack-dev02:59
*** psedlak has joined #openstack-dev03:00
*** novas0x2a|laptop has quit IRC03:01
*** bdpayne has quit IRC03:02
*** ladquin has quit IRC03:06
*** thickskin has left #openstack-dev03:06
*** jcmartin has joined #openstack-dev03:07
*** vipul|away is now known as vipul03:08
*** nati_ueno has joined #openstack-dev03:08
*** Tross has quit IRC03:11
*** pabelanger has joined #openstack-dev03:12
*** darjeeling has quit IRC03:15
*** olaph_ has quit IRC03:18
*** olaph has joined #openstack-dev03:19
*** markmcclain has joined #openstack-dev03:22
*** nati_ueno_2 has joined #openstack-dev03:24
*** martine has joined #openstack-dev03:25
*** nati_ueno has quit IRC03:25
*** mohits has quit IRC03:32
openstackgerritA change was merged to openstack/python-keystoneclient: Added missing unit tests for shell.py  https://review.openstack.org/2122703:37
*** amotoki has joined #openstack-dev03:37
openstackgerritA change was merged to openstack/keystone: Add an update option to run_tests.sh  https://review.openstack.org/2205703:38
openstackgerritA change was merged to openstack/nova: Fix hacking tests on osx  https://review.openstack.org/2209803:38
*** READ10 has quit IRC03:39
*** cloudchimp has quit IRC03:43
*** Tross has joined #openstack-dev03:44
*** asalkeld has quit IRC03:47
*** yamahata_ has joined #openstack-dev03:48
*** imsplitbit has quit IRC03:49
*** thingee_zzz is now known as thingee03:50
*** soody has quit IRC03:53
*** lbragstad has joined #openstack-dev03:53
*** fifieldt has quit IRC03:58
*** Tross has quit IRC03:58
*** hemna_ has joined #openstack-dev04:00
*** espen__ has quit IRC04:04
*** hemna has quit IRC04:04
*** espen__ has joined #openstack-dev04:04
*** topol has quit IRC04:05
*** topol has joined #openstack-dev04:06
*** networkstatic_ has joined #openstack-dev04:06
*** portante` has joined #openstack-dev04:07
*** dabo has quit IRC04:07
*** sgran has quit IRC04:07
*** networkstatic has quit IRC04:07
*** networkstatic_ is now known as networkstatic04:07
*** dabo has joined #openstack-dev04:07
*** jbr_ has quit IRC04:07
*** jbr_ has joined #openstack-dev04:08
*** sgran has joined #openstack-dev04:08
*** portante has quit IRC04:11
*** soody has joined #openstack-dev04:11
*** jcmartin has quit IRC04:11
*** nati_ueno has joined #openstack-dev04:12
*** Mathnerd314 has quit IRC04:13
*** Tross has joined #openstack-dev04:13
*** nati_ueno has quit IRC04:14
*** bdpayne has joined #openstack-dev04:14
*** nati_ueno has joined #openstack-dev04:15
*** nati_ueno_2 has quit IRC04:15
*** networkstatic has quit IRC04:16
*** pfreund has joined #openstack-dev04:21
*** adjohn has quit IRC04:21
*** kmartin has quit IRC04:23
*** Mandell has joined #openstack-dev04:25
*** pabelanger has quit IRC04:26
*** danwent has quit IRC04:28
*** sandywalsh has quit IRC04:31
*** tomoe_ has joined #openstack-dev04:34
*** soody has quit IRC04:36
*** soody has joined #openstack-dev04:37
*** bdpayne has quit IRC04:46
*** maurosr has quit IRC04:46
*** utlemming has joined #openstack-dev04:48
*** martine has quit IRC04:50
*** soody has quit IRC04:53
*** saschpe has quit IRC04:54
*** saschpe has joined #openstack-dev04:54
*** soody has joined #openstack-dev04:55
*** bencherian has quit IRC04:58
*** nati_ueno_2 has joined #openstack-dev05:04
*** dims has quit IRC05:05
openstackgerritA change was merged to openstack/nova: Fixes a race condition on updating security group rules  https://review.openstack.org/2152905:05
*** nati_ueno has quit IRC05:06
*** jab416171 has quit IRC05:09
*** nunosantos has quit IRC05:10
*** rha has quit IRC05:11
*** Tross has quit IRC05:12
*** mlavalle has left #openstack-dev05:12
*** rcloran has quit IRC05:12
*** maoy has quit IRC05:13
*** maoy has joined #openstack-dev05:14
*** navid_ has joined #openstack-dev05:14
*** maoy has quit IRC05:15
*** rha has joined #openstack-dev05:16
*** Tross has joined #openstack-dev05:17
*** ivoks has quit IRC05:18
*** tomoe_ has quit IRC05:18
*** tomoe_ has joined #openstack-dev05:19
*** aeperezt has quit IRC05:20
*** ivoks has joined #openstack-dev05:22
*** tomoe_ has quit IRC05:23
*** rcloran has joined #openstack-dev05:24
*** kmartin has joined #openstack-dev05:25
*** jab416171 has joined #openstack-dev05:30
*** bdpayne has joined #openstack-dev05:30
*** adjohn has joined #openstack-dev05:32
*** avishay has joined #openstack-dev05:32
*** adjohn has quit IRC05:36
*** soody has quit IRC05:38
*** rushiagr has joined #openstack-dev05:43
*** markmcclain has quit IRC05:44
*** shang has joined #openstack-dev05:46
*** sacharya1 has quit IRC05:46
*** garyk has quit IRC05:47
*** adjohn has joined #openstack-dev05:51
*** nati_ueno has joined #openstack-dev05:52
*** almaisan-away is now known as al-maisan05:54
*** nati_ueno_2 has quit IRC05:55
*** darjeeling has joined #openstack-dev05:58
*** morganfainberg has quit IRC06:04
*** bdpayne has quit IRC06:08
*** tkammer has joined #openstack-dev06:09
*** hattwick has quit IRC06:17
*** tomoe_ has joined #openstack-dev06:19
*** zodiak has joined #openstack-dev06:23
*** bdpayne has joined #openstack-dev06:26
zyluoamotoki, ping06:27
amotokizyluo: pong06:27
amotokizyluo: WADL one?06:28
zyluoamotoki, yup06:28
amotokizyluo: sure.06:29
zyluoamotoki, thanks06:29
*** al-maisan is now known as almaisan-away06:31
*** almaisan-away is now known as al-maisan06:34
*** navid_ has quit IRC06:36
*** brucer_afk has quit IRC06:38
*** navid_ has joined #openstack-dev06:38
*** topol has quit IRC06:41
*** kbrierly has quit IRC06:42
*** garyk has joined #openstack-dev06:51
*** kmartin has quit IRC06:51
*** hemna_ has quit IRC06:52
*** jdurgin has left #openstack-dev06:56
*** jdurgin has joined #openstack-dev06:57
*** armaan has joined #openstack-dev06:58
*** morganfainberg has joined #openstack-dev06:59
*** nmagnezi_ has joined #openstack-dev06:59
*** morganfainberg has quit IRC07:02
*** nmagnezi_ has quit IRC07:05
*** hemna_ has joined #openstack-dev07:05
*** tkammer has quit IRC07:05
openstackgerritA change was merged to openstack/nova: Small spelling fix in sqlalchemy utils.  https://review.openstack.org/2224707:08
*** b1rkh0ff has quit IRC07:08
openstackgerritA change was merged to openstack/nova: Do not use abbreviated config group names (zookeeper)  https://review.openstack.org/2222907:08
openstackgerritA change was merged to openstack/glance: Use install_venv_common.py from oslo.  https://review.openstack.org/2091407:09
*** dachary has joined #openstack-dev07:10
openstackgerritA change was merged to openstack/glance: Add an update option to run_tests.sh  https://review.openstack.org/2207007:11
*** doude has joined #openstack-dev07:12
*** obondarev has joined #openstack-dev07:13
openstackgerritA change was merged to openstack/nova: Add select_hosts to scheduler manager rpc  https://review.openstack.org/2197707:13
openstackgerritA change was merged to openstack/nova: Live migration with an auto selection of dest  https://review.openstack.org/2219307:14
*** nati_ueno has quit IRC07:14
openstackgerritA change was merged to openstack/nova: Add support for instance vif traffic control.  https://review.openstack.org/2210407:14
*** pfreund has quit IRC07:14
*** nati_ueno has joined #openstack-dev07:14
*** mrunge has joined #openstack-dev07:16
*** jpich has joined #openstack-dev07:16
*** dachary has quit IRC07:17
*** bdpayne has quit IRC07:18
*** nati_ueno has quit IRC07:19
*** doude has quit IRC07:19
*** b1rkh0ff has joined #openstack-dev07:21
*** doude has joined #openstack-dev07:21
*** shang has quit IRC07:24
*** yolanda has joined #openstack-dev07:29
*** shang has joined #openstack-dev07:31
*** romcheg has quit IRC07:32
*** amerine has quit IRC07:36
*** xgauvrit has joined #openstack-dev07:40
*** xga_ has joined #openstack-dev07:40
*** nati_ueno has joined #openstack-dev07:41
*** mindpixel has joined #openstack-dev07:42
*** asalkeld has joined #openstack-dev07:47
*** salv-orlando has joined #openstack-dev07:47
*** koolhead17 has joined #openstack-dev07:51
*** eglynn has joined #openstack-dev07:53
*** reidrac has joined #openstack-dev07:55
*** rafaduran has joined #openstack-dev08:02
*** nati_ueno has quit IRC08:06
*** nati_ueno has joined #openstack-dev08:06
*** flaper87 has joined #openstack-dev08:07
*** mohits has joined #openstack-dev08:09
*** nati_ueno has quit IRC08:11
*** dachary has joined #openstack-dev08:11
*** thouveng has joined #openstack-dev08:13
*** jprovazn has joined #openstack-dev08:15
*** dachary has quit IRC08:15
openstackgerritA change was merged to openstack/nova: create new cidr type for data storage  https://review.openstack.org/2223808:17
*** ondergetekende has joined #openstack-dev08:22
*** bing_bu has quit IRC08:22
ondergetekendehttps://review.openstack.org/2195808:22
ondergetekendeoops, wrong channel08:22
*** egallen has joined #openstack-dev08:24
*** giulivo has joined #openstack-dev08:25
*** gael__ has joined #openstack-dev08:25
*** jgallard has joined #openstack-dev08:27
*** zaneb has quit IRC08:29
garykamotoki: ping08:31
*** dachary has joined #openstack-dev08:33
*** thingee is now known as thingee_zzz08:36
*** zoresvit has joined #openstack-dev08:37
*** kbrierly has joined #openstack-dev08:41
*** tomoe_ has quit IRC08:42
*** tomoe_ has joined #openstack-dev08:42
*** egallen has quit IRC08:42
openstackgerritA change was merged to openstack/nova: Fix a typo in two comments.  networksa -> networks  https://review.openstack.org/2227008:43
openstackgerritA change was merged to openstack/nova: Remove unused db calls  https://review.openstack.org/2225508:44
*** aloga has quit IRC08:44
*** aloga has joined #openstack-dev08:44
ttxayoung: yeah, end of the day hawaii time08:46
*** zoresvit has quit IRC08:46
*** tomoe_ has quit IRC08:47
*** shardy_afk is now known as shardy08:48
amotokigaryk: hi08:51
*** mmagr has joined #openstack-dev08:55
garykamotoki: hi. i think i made a mistake - when i reviewed https://review.openstack.org/#/c/20574/i approved by mistake. can you please take a look if possible08:55
*** winston-d_ has quit IRC08:56
amotokisure. This patch looks almost ok last time I looked08:56
amotokigaryk: I checked and approved. Just the commit message was corrected :-)08:57
garykamotoki: thanks!08:57
*** zing has joined #openstack-dev08:58
*** dosaboy has joined #openstack-dev09:00
*** zoresvit has joined #openstack-dev09:00
*** dave_mcn has joined #openstack-dev09:00
*** egallen has joined #openstack-dev09:01
*** zing_ has joined #openstack-dev09:02
*** zing has quit IRC09:02
*** zing_ is now known as zing09:02
*** zoresvit has quit IRC09:05
*** pixelbeat has joined #openstack-dev09:08
*** Ryan_Lane has quit IRC09:09
*** egallen_ has joined #openstack-dev09:09
*** egallen has quit IRC09:09
*** egallen_ is now known as egallen09:09
*** zoresvit has joined #openstack-dev09:10
*** alobbs has joined #openstack-dev09:12
*** Mandell has quit IRC09:13
*** egallen has quit IRC09:13
*** darjeeling has quit IRC09:16
*** zoresvit has quit IRC09:16
*** tkammer has joined #openstack-dev09:16
*** nmagnezi_ has joined #openstack-dev09:17
*** egallen has joined #openstack-dev09:20
*** derekh has joined #openstack-dev09:22
*** egallen has quit IRC09:23
*** corXi has joined #openstack-dev09:23
*** iartarisi has joined #openstack-dev09:23
*** xga_ has quit IRC09:24
*** xgauvrit has quit IRC09:24
*** giulivo has quit IRC09:25
*** zoresvit has joined #openstack-dev09:27
*** mkollaro has joined #openstack-dev09:28
*** NobodyCam has quit IRC09:31
*** FlorianOtel has joined #openstack-dev09:38
*** gongysh has quit IRC09:42
*** darjeeling has joined #openstack-dev09:43
*** jruzicka has joined #openstack-dev09:43
*** afazekas has joined #openstack-dev09:43
*** egallen has joined #openstack-dev09:44
*** gongysh has joined #openstack-dev09:45
*** salv-orlando_ has joined #openstack-dev09:45
*** salv-orlando has quit IRC09:45
*** salv-orlando_ is now known as salv-orlando09:45
*** xchu has joined #openstack-dev09:45
*** egallen has quit IRC09:45
*** tkammer has quit IRC09:46
*** tkammer has joined #openstack-dev09:46
*** alexxu has quit IRC09:48
*** nmagnezi_ has quit IRC09:54
*** boris-42 has quit IRC09:59
*** xchu has quit IRC09:59
*** salv-orlando has quit IRC10:00
*** nmagnezi has joined #openstack-dev10:01
*** adjohn has quit IRC10:08
*** BobBall has quit IRC10:09
*** Yada has joined #openstack-dev10:10
*** tomoe_ has joined #openstack-dev10:12
openstackgerritA change was merged to openstack/nova: Remove unused db calls from nova.db.sqlalchemy.api  https://review.openstack.org/2226210:12
*** mkollaro has quit IRC10:12
openstackgerritA change was merged to openstack/nova: Fix _get_instance_volume_block_device_info call parameter  https://review.openstack.org/2223510:13
openstackgerritA change was merged to openstack/nova: Remove unused nova.db.api:network_get_by_instance  https://review.openstack.org/2226810:13
openstackgerritA change was merged to openstack/nova: Delete baremetal interfaces when their parent node is deleted  https://review.openstack.org/2201310:14
openstackgerritA change was merged to openstack/quantum: Imported Translations from Transifex  https://review.openstack.org/2226110:14
*** tkammer has quit IRC10:17
*** markmc has joined #openstack-dev10:18
*** danpb has joined #openstack-dev10:18
*** zoresvit has quit IRC10:20
*** salv-orlando has joined #openstack-dev10:25
*** megha has joined #openstack-dev10:28
*** dave_mcn has quit IRC10:32
*** hattwick has joined #openstack-dev10:36
*** zoresvit has joined #openstack-dev10:36
*** milez has quit IRC10:38
*** vkmc has joined #openstack-dev10:41
*** darjeeling has quit IRC10:41
*** adjohn has joined #openstack-dev10:42
*** psedlak has quit IRC10:46
*** darjeeling has joined #openstack-dev10:46
*** egallen has joined #openstack-dev10:51
*** trapni has joined #openstack-dev10:52
*** trapni has joined #openstack-dev10:52
*** adjohn has quit IRC10:52
*** lucasagomes has joined #openstack-dev11:02
*** milez has joined #openstack-dev11:03
*** egallen has quit IRC11:09
al-maisanis there a glance specific irc channel?11:09
al-maisanI am trying to figure out why this is failing:11:10
al-maisan$ glance image-list11:10
al-maisanRequest returned failure status.11:10
al-maisanNone11:10
al-maisanHTTPInternalServerError (HTTP 500)11:10
vkmc#openstack-glance11:10
al-maisanok .. thanks vkmc!11:10
vkmc:) Make sure to paste the error trace in http://paste.openstack.org11:10
vkmcal-maisan, And... if you are receiving a server error please check Apache's logs and screen logs to have a much better idea of what's going on11:11
openstackgerritA change was merged to openstack/quantum: Metadata support for NVP plugin  https://review.openstack.org/2193411:12
*** xgauvrit has joined #openstack-dev11:13
*** xga has joined #openstack-dev11:13
al-maisanvkmc: checked all except for apache .. will look at the latter now11:13
vkmcal-maisan, Ok, good luck with it :)11:14
jpichal-maisan: I think vkmc meant the glance logs, Apache logs are only relevant to Horizon really :)11:14
danpbrussellb: pixelbeat if either of you have time to review these it'd be appreciated given grizzly freeze rsn  https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:bp/compute-driver-events,n,z11:14
jpichal-maisan: Adding the --debug switch can help when using the CLI tools11:14
al-maisanjpich: checked the glance logs, here's what I see: http://pastebin.ubuntu.com/1681029/11:14
al-maisanwill try that as well11:15
pixelbeatdanpb, OK swapsies :) https://review.openstack.org/#/q/topic:bp/preallocated-images,n,z11:15
vkmcjpich, Thanks for fixing it!11:15
vkmcal-maisan, Sorry for the mistake11:15
al-maisanjpich: http://paste.ubuntu.com/1681410/11:16
al-maisanIs there any way to turn off glance caching>11:16
al-maisan?11:16
jpichal-maisan: The Glance folks on the channel vkmc directed you to will probably better be able to help you than I am, sorry, I'm not very familiar with glance11:17
danpbpixelbeat: sure11:18
*** adjohn has joined #openstack-dev11:18
*** adjohn has quit IRC11:23
*** anniec has joined #openstack-dev11:28
*** anniec has quit IRC11:28
*** anniec has joined #openstack-dev11:28
openstackgerritA change was merged to openstack/python-cinderclient: adding v2 support to cinderclient  https://review.openstack.org/2118911:29
zyluosalv-orlando, ping11:29
salv-orlandozyluo: I am looking at the wadl code now11:29
salv-orlandoah you pushed another patch...11:30
*** adalbas has joined #openstack-dev11:30
*** tkammer has joined #openstack-dev11:30
zyluosalv-orlando, I just made some changes. Basically changed all singular attrs to xsd:int or xsd:string11:30
salv-orlandook, thanks for telling me about the differences11:30
*** pcm_ has joined #openstack-dev11:30
*** pcm_ has quit IRC11:31
*** pcm_ has joined #openstack-dev11:32
zyluosalv-orlando, I'll be around for another two hours.11:34
salv-orlandok11:34
*** dhellmann has joined #openstack-dev11:34
*** mohits has quit IRC11:40
*** jbr_1 has joined #openstack-dev11:44
*** armaan has quit IRC11:47
openstackgerritA change was merged to openstack/cinder: Install rtslib when installing cinder  https://review.openstack.org/2219411:47
*** adjohn has joined #openstack-dev11:49
*** adjohn has quit IRC11:54
*** psedlak has joined #openstack-dev11:57
*** maurosr has joined #openstack-dev12:00
*** maurosr has quit IRC12:00
*** maurosr has joined #openstack-dev12:01
*** baseggio has left #openstack-dev12:02
*** rkukura has quit IRC12:03
*** timello_ has quit IRC12:04
*** radez is now known as radez_g0n312:05
*** maurosr has quit IRC12:07
*** mkollaro has joined #openstack-dev12:13
*** timello_ has joined #openstack-dev12:14
*** giulivo has joined #openstack-dev12:15
*** mkollaro has quit IRC12:18
*** maurosr has joined #openstack-dev12:18
*** adjohn has joined #openstack-dev12:19
*** yamahata has quit IRC12:20
*** yamahata has joined #openstack-dev12:23
*** adjohn has quit IRC12:24
*** johnthetubaguy has joined #openstack-dev12:25
*** sandywalsh has joined #openstack-dev12:30
*** martine has joined #openstack-dev12:31
*** al-maisan is now known as almaisan-away12:34
*** megha is now known as unix12:34
*** cabral has joined #openstack-dev12:36
*** digitalsanctum has joined #openstack-dev12:38
*** darjeeling has quit IRC12:39
*** digitalsanctum has quit IRC12:40
*** martine has quit IRC12:41
*** martine has joined #openstack-dev12:42
*** lucasagomes has quit IRC12:43
*** digitalsanctum has joined #openstack-dev12:44
*** sthaha has quit IRC12:47
*** timello_ has quit IRC12:48
*** timello_ has joined #openstack-dev12:50
*** adjohn has joined #openstack-dev12:50
*** krtaylor has quit IRC12:52
*** timello_ has quit IRC12:54
*** adjohn has quit IRC12:55
*** armaan has joined #openstack-dev12:55
*** egallen has joined #openstack-dev12:56
*** sthaha has joined #openstack-dev12:58
garykmarkmc: ping12:59
markmcgaryk, yep?12:59
garykmarkmc: hi, question. can you please look at http://paste.openstack.org/show/31929/12:59
garykmarkmc: any idea what i am missing?12:59
markmcgaryk, pip-python install http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b3.tar.gz13:00
garykmarkmc: great, thanks. i'll try13:01
*** timello_ has joined #openstack-dev13:07
*** lbragstad has left #openstack-dev13:08
*** markvoelker has joined #openstack-dev13:08
*** tkammer has quit IRC13:08
garykmarkmc: for some reason i still have the same problem after running the above command.13:09
*** mrunge has quit IRC13:10
markmcgaryk, do 'pip-python uninstall oslo-config' and try again13:10
markmcgaryk, also, there's an rpm here: http://koji.fedoraproject.org/koji/buildinfo?buildID=39579813:10
garykmarkmc: ok, will do13:10
garykmarkmc: ok, thanks. i'll try13:10
*** egallen has quit IRC13:11
*** dave_mcn has joined #openstack-dev13:12
*** unix has quit IRC13:13
amotokigongysh: ping13:13
openstackgerritA change was merged to openstack/keystone: make fakeldap._match_query work for an arbitrary number of groups  https://review.openstack.org/2219613:15
openstackgerritA change was merged to openstack/quantum: Add unit test for ryu-agent  https://review.openstack.org/2141913:15
openstackgerritA change was merged to openstack/python-quantumclient: Match other python-*client prettytable dependency  https://review.openstack.org/2215113:15
*** kbringard has joined #openstack-dev13:16
*** rods has quit IRC13:16
*** rods has joined #openstack-dev13:16
*** unix has joined #openstack-dev13:18
*** zyluo has quit IRC13:20
*** dolphm has joined #openstack-dev13:20
*** adjohn has joined #openstack-dev13:21
*** rods has quit IRC13:22
*** ladquin has joined #openstack-dev13:22
*** yaguang has left #openstack-dev13:22
*** rods has joined #openstack-dev13:22
*** vishy has quit IRC13:22
*** saschpe has quit IRC13:23
*** saschpe has joined #openstack-dev13:23
*** jerdfelt has quit IRC13:24
*** jerdfelt has joined #openstack-dev13:25
*** adjohn has quit IRC13:25
*** timello_ has quit IRC13:27
*** zyluo has joined #openstack-dev13:28
*** krtaylor has joined #openstack-dev13:28
zyluosalv-orlando gongysh amotoki: I'm on the road. Response could be slow13:29
salv-orlandook13:29
amotokigaryk: ping13:29
garykamotoki: hi13:29
*** vishy has joined #openstack-dev13:30
amotokigaryk: when i tested with yong's patch 2, i see several times OVS agent is down in agent-list.13:30
garykamotoki: by doing the agent-list?13:31
amotokigaryk: yes13:31
amotokiwatch -n 1 quantum agent-list13:31
amotokido you see the similar situation?13:31
*** rods has quit IRC13:31
garykno. i always see the alive as :)13:32
garyk:-)13:32
*** rods has joined #openstack-dev13:32
amotokigaryk: my env is KVM on KVM. It may be the reason of it.13:32
garykamotoki: i am running on a baremetal host (when i was running with nested virtualization i ran into problems a few months ago)13:33
garyki can try on a nested setup.13:33
amotokigaryk: thanks. anyway yong's patch looks great. I tested dhcp-agent with/without notification and it worked well.13:34
salv-orlandogaryk, amotoki: I have a nested env (KVM  on KVM), not seeing ovs-agent going down13:34
garyksalv-orlando amotoki : thanks for the input. the patch looks good to me and i like the new generic notification treatment13:35
amotokisalv-orlando: : What I saw is ovs-agent is down just for a second or two and back to active.13:35
salv-orlandoamotoki: will do further checks.13:35
amotokiwe needs to check such things after G-3 release..13:36
salv-orlandoamotoki: indeed. It won't be a blocker for me13:37
*** timello_ has joined #openstack-dev13:37
*** alexxu has joined #openstack-dev13:37
amotokisalv-orlando: agree.13:38
*** spzala has joined #openstack-dev13:38
salv-orlandoamotoki: if you are happy with it, we can start approving patch #2 - https://review.openstack.org/#/c/21069/13:39
*** aeperezt has joined #openstack-dev13:39
*** rods is now known as Guest8618713:40
amotokisalv-orlando: thanks, I already give +2. from now approve it.13:40
salv-orlandoamotoki: thanks13:41
*** darraghb has joined #openstack-dev13:45
*** rods has joined #openstack-dev13:46
*** cabral has quit IRC13:47
*** adjohn has joined #openstack-dev13:52
*** zeriouz has joined #openstack-dev13:53
*** adjohn has quit IRC13:55
*** dhellmann has quit IRC13:55
*** eharney has joined #openstack-dev13:56
*** dprince has joined #openstack-dev13:56
*** gongysh has quit IRC13:58
*** Clabbe has joined #openstack-dev14:02
*** jergerber has joined #openstack-dev14:03
*** rkukura has joined #openstack-dev14:04
*** topol has joined #openstack-dev14:04
*** anteaya has joined #openstack-dev14:06
*** fesp has joined #openstack-dev14:07
*** romcheg has joined #openstack-dev14:07
*** flaper87 has quit IRC14:08
*** troytoman-away is now known as troytoman14:09
*** romcheg has quit IRC14:09
*** romcheg has joined #openstack-dev14:10
*** romcheg has left #openstack-dev14:12
*** henrynash has joined #openstack-dev14:12
anteayakoolhead17, ping14:15
*** mtreinish has joined #openstack-dev14:15
*** armaan has quit IRC14:17
koolhead17anteaya: hi14:18
anteayahello, I am taking a look at this bug you filed: https://bugs.launchpad.net/openstack-ci/+bug/109381214:18
uvirtbotLaunchpad bug 1093812 in openstack-ci "nova API version doc should point to Nova developer doc" [High,Confirmed]14:18
koolhead17anteaya: yes14:18
anteayaI am unable to discern what links should lead to the Nova developer doc14:18
anteayaI have gone through the source code of the API version doc and can find the link you reference14:19
anteayais is a redirect do you know?14:19
anteayasorry, I can't find the link you reference14:20
anteayacould you give me an example of /versionnumber sites14:21
maroharosen : hi14:21
koolhead17anteaya: seems like things got fixed in over month and half time :)14:21
*** zoresvit has quit IRC14:21
*** amotoki has quit IRC14:22
*** zoresvit has joined #openstack-dev14:23
anteayakoolhead17, so this bug can be closed? or marked invalid?14:23
koolhead17yes please close it14:23
*** tomoe_ has quit IRC14:23
anteayakoolhead17, thank you14:23
koolhead17np14:24
*** tomoe_ has joined #openstack-dev14:24
*** esheffield has joined #openstack-dev14:24
*** woodspa has joined #openstack-dev14:25
*** dims has joined #openstack-dev14:25
*** tomoe_ has quit IRC14:27
*** tomoe_ has joined #openstack-dev14:27
*** Clabbe has quit IRC14:28
*** READ10 has joined #openstack-dev14:30
dolphmayoung: +2 on this from me https://review.openstack.org/#/c/22109/14:30
*** kmartin has joined #openstack-dev14:30
henrynashayoung: can you post the link of your trusts implementation, can only seem to find the API change….14:31
*** bnemec has joined #openstack-dev14:32
*** mindpixel has quit IRC14:32
*** bknudson has joined #openstack-dev14:33
*** henrynash has quit IRC14:34
*** gongysh has joined #openstack-dev14:34
*** zoresvit has quit IRC14:35
*** imsplitbit has joined #openstack-dev14:35
*** darjeeling has joined #openstack-dev14:42
*** zoresvit has joined #openstack-dev14:42
dolphmhenrynash: https://review.openstack.org/#/c/20289/14:43
*** b1rkh0ff has quit IRC14:44
*** b1rkh0ff has joined #openstack-dev14:45
openstackgerritA change was merged to openstack/quantum: Modify dhcp agent for agent management extension  https://review.openstack.org/2106914:47
ayoungdolphm, so, on Guangs, my only concern is /auth14:52
*** dontalton has joined #openstack-dev14:52
ayoungI'm really thinking about proposing X509s as an alternative to Tokens in Havana, and I would want them to be under /auth as well14:53
*** adjohn has joined #openstack-dev14:53
dolphmayoung: i'm not sure you ever answered my questions about Accept on your identity-api review?14:53
ayoungdolphm, I don't think accepts headers provides a fine enough granularity14:54
ayoungfor example14:54
*** almaisan-away is now known as al-maisan14:54
ayoungif a browser hits Keystone to get a cert, it is going to have HTTP as an accept header14:54
ayoungbut we also want to be able to display information about tokens14:54
ayoungand which also might be relevant in an HTTP view14:55
ayoungso I think tokens and X509s are going to be fundamentally different entities, and not just two different views of the same entities14:55
ayoungdolphm, the thing is, the X509 support is in some ways antique and in some ways a moving target14:57
*** adalbas has quit IRC14:57
ayoungthere are old, old apis which will allow a browser to import a certificate directly, and then the mozilla team is also working on a new scheme for short term certs, I'll see if I can find the link14:57
*** adjohn has quit IRC14:57
*** radez_g0n3 is now known as radez14:58
*** gargya has joined #openstack-dev14:58
*** jimfehlig has joined #openstack-dev14:59
*** navid_ has left #openstack-dev14:59
ayoungdolphm, it is also likely that X509 certs will have different information that we will have to track from tokens, which means that they can't be considered as different views of the same data.15:00
*** maoy has joined #openstack-dev15:00
*** AlanClark has joined #openstack-dev15:00
ayoungdolphm, also, when it comes to revocation lists, we will want to keep tokens and certs separate.  No need to put tokens in a CRL and vice versa if only for size15:00
*** koolhead17 has quit IRC15:02
*** henrynash has joined #openstack-dev15:02
*** markmcclain has joined #openstack-dev15:03
*** dhellmann has joined #openstack-dev15:04
ayounghenrynash, I added you as a reviewer to the trusts review15:04
henrynashayoung: thx15:05
ayounghttps://review.openstack.org/#/c/20289/15:05
*** cloudchimp has joined #openstack-dev15:05
ayounghenrynash, BTW, I've started using this view for open reviews:  https://review.openstack.org/#/q/status:open+project:openstack/keystone,n,z15:05
*** ek6 has joined #openstack-dev15:05
*** edmund has joined #openstack-dev15:05
henrynashayoung: ahh, nice...15:06
*** bencherian has joined #openstack-dev15:06
*** armaan has joined #openstack-dev15:07
*** ctracey has quit IRC15:08
ayounghenrynash, and, not to distract you, the view for keystone client.   https://review.openstack.org/#/q/status:open+project:openstack/python-keystoneclient,n,z15:08
henrynashayoung: np….thanks15:09
*** dontalton has quit IRC15:09
*** ctracey has joined #openstack-dev15:09
*** ndipanov has quit IRC15:10
*** JonnyNomad has joined #openstack-dev15:12
*** fesp is now known as flaper8715:15
*** beagles has quit IRC15:18
*** beagles has joined #openstack-dev15:19
*** pabelanger has joined #openstack-dev15:19
henrynashanyone know anything about openstack client failing in gate vm quantum (version mismatch on pretty table)?15:21
*** sacharya has joined #openstack-dev15:23
*** zykes- has quit IRC15:23
sdaguedanpb: threw some comments on the libvirt events patch series, how keen are you to land the work in grizzly?15:24
*** adjohn has joined #openstack-dev15:24
sdaguelifeless: you still awake?15:24
*** nati_ueno has joined #openstack-dev15:24
*** ndipanov has joined #openstack-dev15:25
*** kmartin has quit IRC15:26
*** armaan has quit IRC15:26
*** darjeeling has quit IRC15:27
*** darjeeling has joined #openstack-dev15:28
*** troytoman is now known as troytoman-away15:28
*** adjohn has quit IRC15:28
danpbsdague: well guess it is really a question of how much people care about the bug it is addressing15:28
danpbsdague: ie if a guest admin does 'shutdown -h now' in their guest, Nova won't change to RUNNING -> SHUTOFF for upto 10 minutes15:29
danpbthis behaviour has existed for folsom/essex and presumably earlier without huge complaints15:29
danpbso while it is important to fix, I can't claim it is a release blocker15:29
*** zykes- has joined #openstack-dev15:32
*** cp16net is now known as cp16net|away15:32
*** cp16net|away is now known as cp16net15:32
*** TerryH has joined #openstack-dev15:33
*** sacharya has quit IRC15:33
sdagueyeh, my only concern is whether we expose new issues with the native thread changes. it's good stuff to go in, wondering how risky you think that is15:33
*** rnirmal has joined #openstack-dev15:33
*** otherwiseguy has joined #openstack-dev15:34
*** john5223 has joined #openstack-dev15:34
*** alexxu has quit IRC15:34
russellbsdague: i'd like to see it go in, i've heard many complaints around the behavior this addresses15:34
russellbsdague: i think the benefit is enough for the risk15:34
ayounghenrynash, link?15:36
ayounghenrynash, I think that might be non-voting.15:36
danpbsdague: the main risk is whether the compute/manager.py will correctly handle events wrt other operations going on in parallel15:36
danpbsdague: there is already a parallelization race in there with the periodic task which can be trying to update a VM state at the same time as some other API call is trying todo the same15:37
henrynashayoung: doesn't seem to be: the name space one just failed on it: https://review.openstack.org/#/c/21951/15:37
danpbsdague: this change makes the race more likely - so if there was an existing flaw, we'd be more likely to hit it15:37
ayounghenrynash, reverify.  Probably a bad node.15:38
*** garyTh has joined #openstack-dev15:38
ayounghenrynash, hm..lets see if a change went in elsewhere that changes which version of pretty table?15:39
*** portante` is now known as portante15:41
ayounghenrynash, https://etherpad.openstack.org/trusts_api15:42
*** troytoman-away is now known as troytoman15:42
ayoungtrying to word smith this15:42
*** AlanClark__ has joined #openstack-dev15:42
ayounghttps://review.openstack.org/#/c/22063/8/openstack-identity-api/src/markdown/identity-api-v3.md15:42
*** winston-d_ has joined #openstack-dev15:44
*** jprovazn has quit IRC15:44
*** cp16net is now known as cp16net|away15:45
*** AlanClark has quit IRC15:46
sdaguedanpb: ok, I think I can live with that15:46
*** lglenden has joined #openstack-dev15:47
*** digitalsanctum has quit IRC15:47
*** sthaha has quit IRC15:48
*** zaneb has joined #openstack-dev15:49
*** esp has joined #openstack-dev15:49
*** esp has quit IRC15:50
*** digitalsanctum has joined #openstack-dev15:50
dave_mcnHey all, I keep seeing failures from Jenkins but they don't seem to be related to my change. I've rechecked it a few times now and the failures have happened each time but not always from the same jobs. Is anyone else experiencing problems?15:51
*** radez is now known as radez_g0n315:51
*** hugokuo has joined #openstack-dev15:51
*** al-maisan is now known as almaisan-away15:52
henrynashatyoung: will be back with you wordsmithing in a sec15:52
henrynashayoung: will be back with you wordsmithing in a sec15:52
pcm_anyone: I updated my dev branch with latest from master, and I'm getting an import error for oslo.config when doing "run_tests.sh -f" for quantum. Any ideas?15:52
*** devoid has joined #openstack-dev15:52
*** yaguang has joined #openstack-dev15:52
*** adjohn has joined #openstack-dev15:54
*** nmagnezi has quit IRC15:57
*** zoresvit has quit IRC15:57
*** zoresvit has joined #openstack-dev15:57
*** danwent has joined #openstack-dev15:58
*** mkollaro has joined #openstack-dev15:59
garykbcwaldon: ping15:59
*** dave_mcn has quit IRC15:59
*** olaph has quit IRC15:59
*** adjohn has quit IRC15:59
*** olaph has joined #openstack-dev16:00
*** datsun180b has joined #openstack-dev16:01
*** dachary has quit IRC16:02
*** reidrac has quit IRC16:02
*** anniec has quit IRC16:03
*** gargya has quit IRC16:03
*** nati_ueno_2 has joined #openstack-dev16:04
*** nati_ueno has quit IRC16:07
*** amotoki has joined #openstack-dev16:08
*** ndipanov has quit IRC16:08
*** egallen has joined #openstack-dev16:10
*** pabelanger has quit IRC16:10
*** dave_mcn has joined #openstack-dev16:12
*** cp16net|away is now known as cp16net16:12
*** bdpayne has joined #openstack-dev16:12
*** zyluo has quit IRC16:12
*** zyluo has joined #openstack-dev16:12
*** kmartin has joined #openstack-dev16:13
*** zyluo has quit IRC16:14
*** zyluo has joined #openstack-dev16:15
*** armaan has joined #openstack-dev16:17
*** sacharya has joined #openstack-dev16:18
*** gyee has joined #openstack-dev16:19
*** zaneb has quit IRC16:21
*** digitals_ has joined #openstack-dev16:21
*** ndipanov has joined #openstack-dev16:22
*** pabelanger has joined #openstack-dev16:22
*** gongysh has quit IRC16:23
*** mjfork has joined #openstack-dev16:24
*** mmagr has quit IRC16:24
*** digitalsanctum has quit IRC16:25
*** koolhead17 has joined #openstack-dev16:25
*** adjohn has joined #openstack-dev16:25
*** rpedde_away is now known as rpedde16:25
*** adalbas has joined #openstack-dev16:26
*** digitals_ is now known as digitalsanctum16:28
*** egallen has quit IRC16:28
*** rkukura has quit IRC16:28
*** njoy has joined #openstack-dev16:28
*** njoy1__ has quit IRC16:29
*** njoy_ has joined #openstack-dev16:30
*** adjohn has quit IRC16:30
*** jcmartin has joined #openstack-dev16:32
*** adjohn has joined #openstack-dev16:32
*** mrodden1 has joined #openstack-dev16:33
*** njoy has quit IRC16:33
*** Gordonz has joined #openstack-dev16:34
*** garyk has quit IRC16:35
*** Gordonz has quit IRC16:35
*** mrodden has quit IRC16:35
*** Gordonz has joined #openstack-dev16:36
*** alunduil has joined #openstack-dev16:36
*** mrodden1 has quit IRC16:37
*** nati_ueno_2 has quit IRC16:38
*** nati_ueno has joined #openstack-dev16:38
*** egallen has joined #openstack-dev16:38
*** yidclare has joined #openstack-dev16:40
*** dave_mcn has quit IRC16:41
*** rkukura has joined #openstack-dev16:41
*** anniec has joined #openstack-dev16:41
*** torandu has quit IRC16:41
*** anniec has quit IRC16:42
*** adjohn has quit IRC16:43
*** salgado is now known as salgado-lunch16:44
*** mrodden has joined #openstack-dev16:45
*** andrewbogott_afk is now known as andrewbogott16:45
*** mrodden has quit IRC16:46
*** mrodden has joined #openstack-dev16:46
*** markmc has quit IRC16:46
*** xgauvrit has quit IRC16:47
*** xga has quit IRC16:47
*** torandu has joined #openstack-dev16:47
openstackgerritA change was merged to openstack/oslo-incubator: Add ConfigFilter wrapper class  https://review.openstack.org/2124316:48
*** AlanClark__ has quit IRC16:49
*** AlanClark__ has joined #openstack-dev16:50
*** garyk has joined #openstack-dev16:50
*** ondergetekende has quit IRC16:50
*** roampune has joined #openstack-dev16:51
*** diogogmt has joined #openstack-dev16:51
*** xga has joined #openstack-dev16:52
bcwaldongaryk: hey16:53
garykbcwaldon: hi. seems like we have a problem with the quantum client after the dependency change today. you aware of it?16:54
*** torandu has quit IRC16:54
*** torandu has joined #openstack-dev16:55
garykbcwaldon: maybe i am wrong but i see the following: error: Installed16:56
garykdistribution prettytable 0.7 conflicts with requirement16:56
garykprettytable>=0.6,<0.716:56
*** xga has quit IRC16:56
*** zoresvit has quit IRC16:57
garykbcwaldon: i guess that it could be related to the pypi => https change.16:57
bcwaldongaryk: hrm - I'd bet it was my fault16:58
*** reed has joined #openstack-dev16:58
bcwaldongaryk: so I was seeing similar issues when installing all of the clients at once, coming out at the end with the wrong version of pretty table16:58
*** Ryan_Lane has joined #openstack-dev16:58
bcwaldongaryk: I ended up fixing the problem temporarily a different way, by installing prettytable<0.7 explicitly before any of the clients16:58
garykbcwaldon: nah, i do not think it was your fault. guess we have a ci hiccup at the moment.16:59
bcwaldongaryk: I am seeing general pypi issues at the moment, if that helps16:59
danpbyep, the pypi website seems to be fubar16:59
danpbit is randomly failing requests16:59
bcwaldonyep, thats what I see trying to install anything in pip16:59
*** esp has joined #openstack-dev16:59
bcwaldonthe primary python mirror has an avg response time a magnitude higher than normal17:00
*** radez_g0n3 is now known as radez17:00
*** pmyers has quit IRC17:00
*** egallen has quit IRC17:00
*** jcmartin has quit IRC17:01
*** colinmcnamara has joined #openstack-dev17:03
*** ctracey has quit IRC17:04
*** ctracey has joined #openstack-dev17:05
*** jcmartin has joined #openstack-dev17:05
*** zoresvit has joined #openstack-dev17:05
*** jcmartin has quit IRC17:06
*** yaguang has quit IRC17:06
*** egallen has joined #openstack-dev17:07
*** yidclare has quit IRC17:08
*** heckj has joined #openstack-dev17:15
*** jcmartin has joined #openstack-dev17:16
ayoungdolphm, does the API doc have to be approved before trusts can go in?  I don't mean semantics, just formatting and the like?17:16
*** jruzicka has quit IRC17:16
ayoungI want to prioritize.  I assume docs are tweakable up until the release17:17
openstackgerritA change was merged to openstack/python-quantumclient: Client for agent extension  https://review.openstack.org/2106417:19
*** david-lyle has joined #openstack-dev17:19
*** zoresvit has quit IRC17:20
openstackgerritA change was merged to openstack/python-quantumclient: Allow known options after unknown ones in list and update command  https://review.openstack.org/2057417:20
*** bencherian has quit IRC17:21
dolphmayoung: anything that merges after feature freeze i'd like to start tagging with something like *New in version 3.1*, and every other API-level feature change we've blocked on the api review, so i'd say definitely yes17:21
*** Ryan_Lane has quit IRC17:21
*** jcmartin has quit IRC17:22
ayoungdolphm, OK17:23
*** jcmartin has joined #openstack-dev17:24
ayoungdolphm, we are wordsmithing here17:24
ayounghttps://etherpad.openstack.org/trusts_api17:24
*** pmyers has joined #openstack-dev17:24
dolphmayoung: in part17:25
heckjayoung, dolphm: should be tweakable in wording, but not in sematics17:25
*** egallen has quit IRC17:25
dolphmayoung: we're also asking for hard changes to the API17:25
dolphmayoung: i really like henrynash's suggestion of filtering GET /trusts instead of returning two separate collections in the same response to GET /users/{user_id}/trusts17:26
*** nati_ueno_2 has joined #openstack-dev17:26
*** troytoman is now known as troytoman-away17:26
*** annegentle has joined #openstack-dev17:28
ayoungdolphm, I'm find with that17:28
*** rafaduran has quit IRC17:30
*** nati_ueno has quit IRC17:30
*** hugokuo has quit IRC17:30
*** nunosantos has joined #openstack-dev17:31
*** bswartz has quit IRC17:32
*** jcmartin has quit IRC17:32
*** jcmartin has joined #openstack-dev17:32
*** alszar has joined #openstack-dev17:33
*** dachary has joined #openstack-dev17:33
*** jcmartin has left #openstack-dev17:33
*** ctracey has quit IRC17:34
*** ctracey has joined #openstack-dev17:34
*** gyee has quit IRC17:35
*** alszar_ has joined #openstack-dev17:35
ayoungdolphm, how about I leave get /user/trusts as is if no param, and then accept as_trustee and as_trustor as additional filters?17:35
*** alszar has quit IRC17:37
*** alszar_ is now known as alszar17:37
*** avishay has quit IRC17:37
*** zoresvit has joined #openstack-dev17:39
*** nati_ueno_2 has quit IRC17:39
*** avishay has joined #openstack-dev17:39
*** hemnafk is now known as hemna17:39
*** nati_ueno has joined #openstack-dev17:39
*** pabelanger has quit IRC17:39
*** gael__ has quit IRC17:40
*** lloydde has joined #openstack-dev17:40
*** dachary has quit IRC17:40
*** winston-d_ has quit IRC17:41
*** doude has quit IRC17:41
dolphmayoung: you get the same functionality out of GET /trusts with filters17:41
ayoungdolphm, I'm also going to yank the LIST Trustors and list trustees APIs as I won';t have time to impl, and they are nice to have, not need to have17:41
ayoungdolphm, yes,  just what do I return if no filter?17:42
*** salgado-lunch is now known as salgado17:42
dolphmayoung: all trusts, regardless of enabled/disabled17:42
ayoungdolphm, ah, yeah, I am yanking that17:43
dolphmayoung: you can achieve the old functionality with GET /trusts?enabled&trustor_user_id={my_user_id}17:43
ayoungfilters can go in later17:43
ayoungnot needed for first round17:43
dolphmayoung: it's a one line in the docs for GET /trusts (see the examples on GET /projects and GET /domains)17:43
ayoungdolphm, I meant for user/id/trusts17:43
ayoungdolphm, lets cut scope for now17:44
*** thingee_zzz is now known as thingee17:44
*** dhellmann is now known as dhellmann-afk17:46
*** dachary has joined #openstack-dev17:46
*** gyee has joined #openstack-dev17:46
*** diogogmt has quit IRC17:48
*** pmyers has quit IRC17:49
*** trapni has quit IRC17:49
*** pmyers has joined #openstack-dev17:49
*** diogogmt has joined #openstack-dev17:50
*** doude has joined #openstack-dev17:52
*** ondergetekende has joined #openstack-dev17:52
henrynashI have a git rebasing question when someone has a moment17:52
ayounghenrynash, fire away17:53
*** annegentle has quit IRC17:53
henrynashayoung: thx.  So i have a patch that is dependent on the v3auth patch from guang17:53
*** iartarisi has quit IRC17:54
henrynashI made it dependant by: doing the fetch of gang's patch, checkouk FETCH_Head….17:54
gyees/gang/guang/17:55
gyee:)17:55
*** nachi has joined #openstack-dev17:55
henrynash…and putting that into a branch on my git…and then rebasing my change of it….seemed fine, have submit that for review, shows dependancy on "Guang" (!) change etc.17:55
henrynash..now I want to update to rebase on his latest version17:56
henrynashi tried the simple web rebase button - says can't do it due to conflicts17:56
henrynashhow do I do this via git on the cmd line….I tried a few things…that didn't work :-)17:57
henrynashI think what I need to do is refresh the branch that Ihave with Guang's change in it…and then I rebase of it again17:57
gyeehenrynash, I am pushing another patch shortly17:57
*** reed has quit IRC17:57
henrynashgyee: (once you've done that :-) )17:58
*** markwash has joined #openstack-dev17:59
gyeehenrynash, one of us will be busy rebasing all today today, with all these merges coming in :)17:59
henrynashgyee….err, both us maybe!18:00
gyeeyeah18:00
*** garyTh has quit IRC18:00
*** giulivo has quit IRC18:00
* heckj nods18:01
*** bencherian has joined #openstack-dev18:01
henrynashmeeting time!18:01
*** rushiagr has quit IRC18:01
*** garyTh has joined #openstack-dev18:03
*** Mandell has joined #openstack-dev18:03
*** dachary has quit IRC18:03
*** jog0 has joined #openstack-dev18:05
*** jog0 has quit IRC18:05
*** njoy_ has quit IRC18:05
*** njoy_ has joined #openstack-dev18:05
*** derekh has quit IRC18:05
*** jog0 has joined #openstack-dev18:05
*** yidclare has joined #openstack-dev18:05
*** nati_ueno has quit IRC18:06
*** roampune has left #openstack-dev18:06
*** nati_ueno has joined #openstack-dev18:06
*** roampune has joined #openstack-dev18:07
*** Ryan_Lane has joined #openstack-dev18:08
*** amerine has joined #openstack-dev18:10
*** ondergetekende has quit IRC18:10
*** nati_ueno has quit IRC18:11
*** darraghb has quit IRC18:12
openstackgerritA change was merged to openstack/quantum: Exit if DHCP agent interface_driver is not defined  https://review.openstack.org/2229018:13
*** zing has quit IRC18:16
*** mohits has joined #openstack-dev18:17
*** adjohn has joined #openstack-dev18:17
*** xga has joined #openstack-dev18:17
*** jgallard has quit IRC18:18
*** buzztroll_ has quit IRC18:18
*** bswartz has joined #openstack-dev18:24
*** ndipanov has quit IRC18:25
heckjayoung: you going to appear today? keystone meeting18:26
*** nati_ueno has joined #openstack-dev18:28
cloudchimpHi All, still building multi-node grizzly cluster for early system integration work.  But just noticed that glance had a failure because warlock 0.7 or greater is required.  Is warlock 0.1 still supported?18:29
*** xga has quit IRC18:31
*** egallen has joined #openstack-dev18:31
openstackgerritA change was merged to openstack/keystone: Update sample_data.sh to match docs  https://review.openstack.org/2223718:33
openstackgerritA change was merged to openstack/horizon: Adding network-topology view for quantum  https://review.openstack.org/2191618:34
openstackgerritA change was merged to openstack/python-keystoneclient: Implements token expiration handling  https://review.openstack.org/2081718:34
openstackgerritA change was merged to openstack/keystone: Use oslo-config-2013.1b3  https://review.openstack.org/2208018:34
cloudchimpEven better question.  What is python-warlock 0.7?  I thought it was at version 0.3.118:35
*** avishay has quit IRC18:36
openstackgerritA change was merged to openstack/keystone: Remove old, outdated keystone devref docs  https://review.openstack.org/2230118:36
*** yolanda has quit IRC18:37
openstackgerritA change was merged to openstack/python-keystoneclient: Use oslo-config-2013.1b3  https://review.openstack.org/2212618:38
*** rushiagr has joined #openstack-dev18:39
openstackgerritA change was merged to openstack/nova: Add a safe_minidom_parse_string function.  https://review.openstack.org/2230918:39
*** rushiagr1 has joined #openstack-dev18:40
*** rushiagr2 has joined #openstack-dev18:41
*** egallen has quit IRC18:43
*** rushiagr has quit IRC18:44
*** rushiagr1 has quit IRC18:45
*** lcheng has joined #openstack-dev18:45
*** psedlak has quit IRC18:46
*** corXi has quit IRC18:46
*** johnthetubaguy has left #openstack-dev18:50
*** AnilV4 has quit IRC18:50
lifelesssdague: that was 0430, so no :)18:52
*** mrodden has quit IRC18:55
*** Yada has quit IRC18:55
*** cp16net is now known as cp16net|away18:56
*** cp16net|away is now known as cp16net18:56
*** cdub_ has joined #openstack-dev18:57
*** YorikSar has joined #openstack-dev18:57
*** zoresvit has quit IRC18:57
sdaguelifeless: still digging on it :)18:58
*** morganfainberg has joined #openstack-dev18:58
sdaguelifeless: you see the bug?18:58
*** roampune1 has joined #openstack-dev18:58
*** roampune has quit IRC18:58
sdaguebasically we had to revert a patch because it managed to fail testr in such a spectacular way that it wiped out hundreds of other tests from running, and yet reported no fails18:59
*** radez is now known as radez_g0n318:59
*** lloydde has quit IRC19:00
*** rushiagr has joined #openstack-dev19:00
dolphmayoung: instead of exposing enabled/disabled at the API level and overloading the term (it's use is different here), how about an attribute in the backend called 'deleted' which defaults to false19:01
*** pabelanger has joined #openstack-dev19:02
dolphmayoung: trusts that have been DELETE'd through the API have deleted=True, and are not returned through GET /trusts19:02
dolphmayoung: but their still available for auditing19:02
*** spzala has quit IRC19:02
lifelesssdague: thats pretty special; is it what clarkb pinged me on when he was going to sleep last night?19:02
ayoungdolphm, OK.  And audit will have to go direct to backend to start19:02
*** thingee is now known as thingee_zzz19:03
*** alunduil has quit IRC19:03
sdaguelifeless: this is something new I think19:03
ayoungwe can provide audit and admin apis for cleanup later?19:03
*** thingee_zzz is now known as thingee19:03
lifelesswhat bug 3 ?19:03
uvirtbotLaunchpad bug 3 in launchpad "Custom information for each translation team" [Low,Fix released] https://launchpad.net/bugs/319:03
lifelesss/3/#/19:03
sdaguelifeless: so I've tracked it into the XMLmatcher19:03
*** rushiagr2 has quit IRC19:03
sdaguelifeless: https://bugs.launchpad.net/nova/+bug/113014619:03
uvirtbotLaunchpad bug 1130146 in testrepository "Unit tests broke with recent commit" [Critical,Confirmed]19:03
dolphmayoung: i'd want to include listing expired tokens in that conversation as well19:03
*** AnilV4 has joined #openstack-dev19:04
ayoungdolphm, so expired trusts are considered deleted?19:04
dolphmayoung: is there a difference in utility between an expired trust and a DELETE'd trust?19:05
dolphmayoung: i'm thinking it's the same lack of difference as between an expired token and a revoked token19:05
ayoungdolphm, notreally19:05
ayoungagreed19:05
*** AlanClark__ has quit IRC19:05
*** zing has joined #openstack-dev19:06
*** AlanClark__ has joined #openstack-dev19:06
*** imsplitbit has quit IRC19:06
sdaguelifeless: so nova.tests.matchers.XMLMatcher() is the culprit, something about how it interacts with assertThat is causing the bork19:06
dolphmayoung: are you supporting expiration time defined by the api-user? or is that a deployment configuration19:06
ayoungdolphm, for trusts, expiry is optional19:07
ayoungif it is not specified, they don't time out19:07
ayoungIn the original use case, we didn't need them19:07
*** danwent has quit IRC19:07
lifelesssdague: lets see19:07
clarkblifeless: it is the same thing. I submitted a bug against subunit19:07
gyeeayoung, dolphm, https://review.openstack.org/#/c/2148719:08
*** sacharya has quit IRC19:08
ayoungbut yes, it will be supported.  I have an update that supports it19:08
sdagueclarkb: I'm not sure it's a subunit bug19:08
lifelesssdague: that looks fine by eyeball19:08
gyeeI changed /auth to /auth/tokens19:08
lifelesssdague: can I ask how you pinpointed it ?19:08
ayounggyee, w00t19:08
clarkbsdague: not directly but subunit should fail appropriately19:08
clarkblifeless: see the bug19:08
ayounggyee, I assume you had to change tests too, right?19:08
lifelessclarkb: kk19:08
sdaguelifeless: yeh, the bug documents this pretty well19:08
lifelessclarkb: whats the # ?19:08
clarkbhttps://bugs.launchpad.net/nova/+bug/113014619:09
uvirtbotLaunchpad bug 1130146 in testrepository "Unit tests broke with recent commit" [Critical,Confirmed]19:09
gyeeayoung, yes, tests are updated19:09
lifelessoh right same one19:09
lifelesslets see19:09
clarkbsdague: in my tracing the matcher in nova/tests/matchers.py is returning a non boolean19:09
ayounggyee, I'll +119:09
sdagueclarkb: yep, I see that as well19:09
clarkbsdague: I am willing to bet that asserThat expects more specific True False type values19:09
sdagueclarkb: yes, it's true19:10
sdaguethere is a lot of odd inverted logic as well19:10
dolphmgyee: from keystone.auth.core import AuthMethodHandler ?19:10
ayounggyee, this is the one time diff to previous patch worked really well for me19:11
*** doude has left #openstack-dev19:11
ayoungthe only other change I saw was the common config change19:11
ayoungAH!19:11
*** pabelanger has quit IRC19:12
gyeedolphm, yes, heckj wanted the import to be specific19:12
heckjpreference towards it, but I can be argued out of it19:12
dolphmheckj: ^ we don't do that for other packages19:12
heckjI get a rash when I see from … import *19:13
gyeeheckj, yeah, same here19:13
dolphmheckj: we do from ...core import * in catalog, identity, token and policy -- but *only* from core19:13
lifelessthe bug is on line 38719:13
lifelesssdague: ^19:13
heckjgyee: but don't block this, its the pattern we're already using, even if I don't care for it :-)19:13
lifelessof mactchers.py19:13
*** jaypipes has quit IRC19:14
dolphmgyee: i'm fine with an explicit import, but everything from core should be explicitly imported then19:14
*** sacharya has joined #openstack-dev19:14
gyeedolphm, there's only one thing in core19:14
gyeeso we should be fine19:14
dolphmgyee: then i'm cool with it19:14
sdaguelifeless: what should that be?19:15
lifelesssdague: the match() method must return either a mismatch or None19:15
lifelesssdague: its returning a string on that branch19:15
dolphmgyee: GET /auth/tokens/revoked isn't in the spec, i don't think19:16
gyeedolphm, no, that's for PKI tokens only19:17
sdaguelifeless: ok, sorry, not seeing that in the density of the code, the only returns I see seem to be objects, or True, which filters to the top19:18
gyeeI suspect that API will go away once we have short-live PKI tokens19:18
*** jimfehlig has quit IRC19:18
sdaguelifeless: also, why is assertThat exploding19:18
sdaguein a weird way19:18
dolphmgyee: i'm confused19:18
gyeedolphm, /auth/tokens/revoked is basically returning a CRL in CMS19:19
ayoungA TRL as it were19:19
gyeeI don't think keystoneclient is even checking it19:19
dolphmgyee: then why expose it?19:19
ayounggyee, it was19:19
*** buzztroll_ has joined #openstack-dev19:19
ayoungdolphm, no it is used, it has been there for a long while19:20
gyeedolphm, I was replicating what we have in /v219:20
ayoungif the client can;t get to  /auth/tokens/revoked the token validation fails19:20
dolphmayoung: gyee: show me? https://github.com/openstack/identity-api/19:20
*** adjohn has quit IRC19:20
gyeedolphm, that API is not there right now19:20
gyeeayoung, can you amend it to your /auth/tokens changes?19:21
*** rushiagr has left #openstack-dev19:21
dolphmGET /v3/auth/tokens/revocation ?19:23
gyeeyes19:24
gyeesorry GET /v3/auth/tokens/revoked19:24
dolphmor GET /v3/auth/tokens?deleted or GET /v3/auth/tokens?revoked19:24
gyeedolphm, its not returning tokens, just a TRL19:25
*** annegentle has joined #openstack-dev19:26
*** aeperezt has quit IRC19:26
ayounggyee, yes, I can ammend19:26
*** annegentle has quit IRC19:27
gyeedolphm, we're good?19:27
*** annegentle has joined #openstack-dev19:27
dolphmgyee: ayoung: i'd rather see it as a seperate change rather than hijack a change that's only partially related19:27
sdaguelifeless: so the testr bug here appears to be the fact that when _run_test runs, the finally block puts the test on the queue19:27
*** FlorianOtel has quit IRC19:28
dolphmgyee: i'm suggesting that r'19:28
sdaguebut because it didn't process, some time later it gets rejected and dropped silently19:28
sdagueso it seems that in these cases it needs to add an explicit fail19:28
eafonichevhi guys! I need some help with horizon(stable/folsom). Trying to customize logo I got error like this 'OfflineGenerationError: You have offline compression enabled but key "1056718f92f8d4204721bac759b3871a" is missing from offline manifest. You may need to run "python manage.py compress"'. Invoking collectstatic and compress doesn't work.19:28
*** jaypipes has joined #openstack-dev19:29
gyeedolphm, without that, it'll be hard to check for revoked tokens without calling back to Keystone19:29
*** pabelanger has joined #openstack-dev19:29
lifelesssdague: yes, something like that will be the fix.19:29
*** melwitt has joined #openstack-dev19:29
lifelesssdague: I'll make a SCCE and fix later19:29
*** romcheg has joined #openstack-dev19:29
dolphmgyee: so, what's the structure of the response?19:29
lifelesssdague: assertThat is exploding because19:29
lifelesssdague: the match object is returning "something"19:30
dolphmgyee: i thought the token revocation list was a cache maintained by middleware in a file19:30
gyeedolphm bas64(CMS)19:30
lifelesssdague: rather than a Mismatch object19:30
*** aeperezt has joined #openstack-dev19:30
jpicheafonichev: Unfortunately the compress errors tend to hide real issues. If this is a dev or test environment (not production) you could try setting DEBUG to True in the local_settings to see what's the real problem19:30
gyeedolphm, token revocation list is fetched via /v3/auth/tokens/revoked19:31
eafonichevjpick, ok, thanks, will try19:31
dolphmgyee: is that call applicable to uuid tokens?19:31
sdaguelifeless: ok, well I just keep dumping my findings into the bug. I think I'm at about the extent of things here19:31
sdagueso I'll let you run with it now that it's morning there :)19:31
dolphmgyee: if it's not, then the call should certainly appear as an API extension /v3/auth/tokens/OS:PKI/revoked19:32
lifelesssdague: a mismatch can return multiple attached errors for one failure19:32
gyeedolphm, https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L93919:32
gyeeno it is only used for PKI tokens I think19:32
dolphm*facepalm*19:32
lifelesssdague: so yeah its just that line 'return result' is the bug.19:32
gyeeha19:32
eafonichevjpich: you were so right! indeed, there is some another problem, thanks a lot19:33
*** cp16net is now known as cp16net|away19:33
dolphmthis needs to be independently documented as an extension then, not part of identity-api-v3.md19:33
jpicheafonichev: Cool! Good luck with it :)19:33
dolphmidentity-api-v3-os-pki.md or something?19:34
gyeedolphm, fine with me19:34
gyeeayoung, we're good?19:34
gyeeso GET /v3/auth/tokens/OS:PKI/revoked then?19:35
dolphmgyee: sure19:35
dolphmor GET /v3/auth/tokens/OS:PKI/trl if that's more broadly appropriate? (is it even json?)19:36
gyeenot json19:37
gyeeCMS is ASN.119:37
ayoungASN.1 which is then encoded...19:37
gyeedolphm, I think we should stick with revoked as it is useful for x.509 as well19:38
dolphmi'm pretty sure we require the client to specify Accept: application/json somewhere in middleware (json_body?)19:38
sdaguelifeless: ok, I'm not seeing how it would be anything other than an XMLMismatch or True gets returned to that point19:38
gyeetrl is too implementation-specific19:38
dolphmgyee: sure, whatevers more appropriate19:38
*** romcheg has left #openstack-dev19:38
lifelesssdague: '19:39
*** n0ano has quit IRC19:39
lifelesselif result is not True:19:39
lifeless    return result'19:39
lifelesssdague: doesn't that return result when it is *not* True ?19:39
lifelesssdague: if you put a pdb statement in there and run it, I would be interested in the value of result :)19:40
clarkb<nova.tests.matchers.XMLTagMismatch object at 0x4387710>19:40
lifelesssdague: if result is True at that point, I'll be amazed.19:40
*** nachi has quit IRC19:40
lifelessclarkb: oh, its recursive?19:40
clarkb_compare* is recursive19:40
gyeedolphm, ayoung, https://review.openstack.org/#/c/2148719:41
ayounggyee, BTW,  foreign keys are out as Id might be in a different backend.   I started out with FK but had to remove them19:41
clarkbI did it the lazy way and just put a print statement before return resutl :)19:41
gyeeayoung, I was worrying about unusable data19:41
gyeesay a role definition is deleted, how does it triggered a data cleanup in trust?19:42
ayounggyee, I agree, but the thing is, if the trut is bad, no token....19:42
ayoungwe can do all of the the test work we want....make it nice.  right now I just need it to be capable of working19:42
sdaguelifeless: yeh, it has to be recursive, xml is nested :)19:42
*** cp16net|away is now known as cp16net19:42
gyeeayoung, I am fine with a FIXME right now19:43
ayounggyee, +2 from me.19:43
ayounggyee, OK19:43
gyeeayoung, with so many backend, I would even argue that we generally have a data cleanup problem19:44
*** yidclare has quit IRC19:46
*** novas0x2a|laptop has joined #openstack-dev19:46
ayounggyee, can you git commit amend with a friendly title?  Say token v3?19:48
ayoungblueprint pluggable-identity-authentication-handlers blueprint stop-ids-in-uris blueprint multi-factor-authn (just the plumbing) v3 authentication and token APIs19:48
ayoungkind of rolls off the tongue, I know19:48
*** adjohn has joined #openstack-dev19:48
gyeeayoung, sure, give a sec19:49
dolphmgyee: you're passing token='ADMIN' in an auth request (get_scoped_token)19:50
ewindischrussellb: I'd love to get your feedback on my kombu-fast-serialization patch.19:50
dolphmgyee: i assume you don't actually need an X-Auth-Token to authenticate..19:50
gyeedolphm, you do19:50
* dolphm *brainsplode*19:50
dolphmgyee: what?19:51
gyeeauthentication is a privilege operation :(19:51
dolphmgyee: wtf19:51
gyeeyeah, same here :)19:51
dolphmgyee: so, keystone doesn't support authentication, period...19:51
gyeeauthentication need to either accompany by a ADMIN token in the header or SSL19:52
dimsdo we need this quick for the pypi issue? - https://bugs.launchpad.net/tempest/+bug/113027319:53
dolphmgyee: that's completely unusable by anyone -- why?19:53
uvirtbotLaunchpad bug 1130273 in tempest "install_venv_common.py is not robust to pypi instability" [Undecided,New]19:53
ayounggyee, merging your changes to get ahead of the curve and I get19:53
ayoung     from oslo.config import cfg19:53
ayoungImportError: No module named oslo.config19:53
gyeewth? I didn't touch oslo19:53
dolphmgyee: authenticate isn't wrapped by @protected... where's the requirement coming from? i'm not clear if you did this intentionally or not19:53
ayoungdolphm, only an admin user can verify a token19:53
ayoungwait...19:54
sdaguelifeless: the XMLTagMismatch is what's returned when things go funny19:54
dolphmayoung: this is authentication19:54
ayoungyou don't need an X-Auth-Token to authenticate19:54
ayoungyou can use it token-to-token19:54
dolphmayoung: like "hi my name is ayoung, here's my password, and here's the admin_token; can i please have a token?"19:55
*** gabrielhurley has joined #openstack-dev19:55
ayoungdolphm, heh19:55
ayoungget_scoped_token needs an unscoped19:55
ayoungunscoped doesn't need to be admin19:55
gyeeayoung, now I am getting the oslo error19:56
gyeewhat the hell's going on here19:56
gyeeit was working 30 mins ago19:56
ayoungdolphm, gyee I think it comes from19:57
dolphmgyee: if i remove token from that call test_v3_identity passes just fine19:57
dolphmayoung: gyee: ... install oslo?19:57
gyeedolphm, yeah, I have @controller.protected in my v3 authenticate call19:57
gyeeremoving it now19:57
dolphmgyee: ayoung: http://paste.openstack.org/raw/31968/19:58
ayounghttps://review.openstack.org/#/c/21487/11..12/keystone/cli.py19:58
*** yidclare has joined #openstack-dev19:59
dolphmgyee: which method is that? keystone.auth.controllers ... authenticate() ?19:59
gyeeauthenticate_for_token19:59
dolphmgyee: ah, i had misread that as "authenticate with token"20:00
dolphmgiven that it was protected20:00
*** mrodden has joined #openstack-dev20:00
dolphmgyee: while your at is, is all the is_admin stuff going away in the tests?20:01
dolphmgyee: i assume that's all fallout from protecting authentication lol20:01
gyeedolphm, no, is_admin is still needed20:01
gyeeuser_foo is not an admin user20:01
dolphmgyee: okay?20:02
*** danwent has joined #openstack-dev20:02
lifelesssdague: FYI I have a protocol revision I'm working on for subunit that will offer much better recovery in this sort of situation20:05
*** koolhead17 has quit IRC20:05
lifelesssdague: its weekends and evenings stuff though, unless mordred decides to offer HP time on it :)20:05
mordredlifeless: you're a high-level tech guy - do you think it's important for you to work on? :)20:06
lifelesssdague: oh - so self.expected and self.actual are the next candidates for the issue20:06
ayoungdolphm, OK, so merging in the oslo config broke things20:06
ayoungNo virtual environment found...create one? (Y/n) y20:06
ayoungImportError: No module named oslo.config20:06
ayoungit doesn't get fetched automagically20:07
lifelessmordred: I think protocol design is hard and has far reaching implications; so yeah :> But there are many other things I need to work on too.20:07
dolphmayoung: http://paste.openstack.org/raw/31968/20:07
*** sandywalsh has quit IRC20:07
ayoungchicken egg thing20:07
gyeeayoung, I am aving the same problem here20:07
ayounggyee, I understand20:07
ayounggyee, I htink we need to install so the venv set up runs20:07
mordredlifeless: I know - but I trust you to prioritize your time appropriately20:07
openstackgerritA change was merged to openstack/keystone: Implement name space for domains  https://review.openstack.org/2195120:07
ayounggyee, I think it needs to be20:08
ayoungsudo easy_install http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b3.tar.gz#egg=oslo-config20:08
ayoungbut that didn't do it either20:08
*** AnilV4 has quit IRC20:08
gyeeayoung, we need it inside venv20:08
lifelessmordred: yeah; the tough thing for me in this context is that its close to being a conflict of interest; subunit&testr are personal projects, *and* projects HP/Openstack depend on.20:08
* dolphm wonders if i'm the only one that manages my own venv20:09
ayoung/usr/lib/python2.7/site-packages/oslo_config-2013.1b3-py2.7.egg/20:09
lifelesssdague: state = XMLMatchState(self.expected_xml, actual_xml)20:09
ayoungdolphm, somehow mine just got wiped and I needed to rebuild it20:09
lifelesssdague: I think thats the bug20:09
lifelesssdague: the details object should contain Content objects, not strings20:09
lifelesssdague: but self.expected_xml is a string (possibly unicode?)20:09
lifelesssdague: that will flow into the Mismatch20:10
lifelesssdague: and get_details() will then find a string where it expects a Content object, which will trigger the 'str object has no attribute content_type' error we see.20:10
mordredlifeless: fair20:12
*** imsplitbit has joined #openstack-dev20:12
ayoungdolphm, how do I manage my own venv20:12
lifelessmordred: in nearly any other context I would do first and tell you later :)20:13
topolayoung, so I added in the use_dumb_member = True  and I think everything is happy now20:13
dolphmayoung: virtualenv --help :)20:13
gyeedolphm, launch a VM off nova?20:13
*** adalbas has quit IRC20:13
dolphmgyee: lol20:13
*** AlanClark__ has quit IRC20:13
topoldolphm, that is so wrong on code freeze day20:13
dolphmtopol: lol20:14
*** AlanClark__ has joined #openstack-dev20:14
topol:-)20:14
dolphmayoung: do you know where your venv is?20:14
dolphmif you do, source it's bin/activate, and then pip install the oslo tarball (no sudo)20:14
ayoungdolphm, it is gone20:15
lifelessmordred: you might find the three top posts on http://rbtcollins.wordpress.com/ interesting20:15
ayoungdolphm, this is show stopper20:15
ayoungat least for dev20:15
gyeeayoung, just manually extract the oslo tarball somewhere for now20:16
*** tiamar has quit IRC20:17
ayounggyee, I have it in site-packages20:17
gyeethen do env PYTHONPATH=oslo_path ./run_tests.sh to recreate your .venv20:17
dolphmayoung: virtualenv ~/somedir && source ~/somedir/bin/activate && pip install -r tools/pip-requires && pip install -r tools/test-requires && sh run_tests.sh -N20:18
gyeedolphm, now I got this20:19
gyeeCould not find any downloads that satisfy the requirement oslo-config from http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b3.tar.gz20:19
dolphmgyee: damn, i thought by "i got this" you meant "... under control"20:19
gyeetranslates into "shit just hit the fan" in Chinese :)20:20
*** sandywalsh has joined #openstack-dev20:20
openstackgerritA change was merged to openstack/oslo-config: Add missing files to the tarball.  https://review.openstack.org/2234420:20
dolphmgyee: pip install http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b3.tar.gz#egg=oslo-config20:21
dolphmgyee: what's that do?20:21
ayoungdolphm, here's the deal. At 5 I have to get my kid.  We're going to drive to my folks place, which is 2 hours away.  After that, I will be back on line.  So I have about 1.5 hours now, and then....20:21
*** Gomes has joined #openstack-dev20:21
lifelessclarkb: do you have enough to address the issue ?20:22
*** Yada has joined #openstack-dev20:22
dolphmayoung: i have about the same amount of time, and then food -> coffee -> and ready to stay up all night with you :P20:22
dolphmayoung: does pip installing oslo-config directly work for you? ^^20:23
clarkblifeless: uh I wasn't really following along20:23
*** voliveirajr has joined #openstack-dev20:23
ayoungdolphm, so long as Freeze doesn't happen at COB tonight, I'm cool20:23
ayoungdolphm, venv is building20:23
dolphmayoung: awesome20:23
openstackgerritA change was merged to openstack/nova: Assign unique names with os-multiple-create.  https://review.openstack.org/2138620:23
clarkblifeless: XMLMatchState should be passed a COntent object instead of a string?20:23
ayoungdolphm, I did it the way that gyee suggested20:23
openstackgerritA change was merged to openstack/nova: Stub additional FloatingIP methods in FlatManager  https://review.openstack.org/2064220:23
clarkblifeless: yeah I think I should be able to correct the problem wit hthat info20:23
ayoungPYTHONPATH=20:23
*** dhellmann-afk is now known as dhellmann20:23
ayoungI'm going to undo the osl install and try the one that dprince just merged20:23
gyeeayoung, install_venv still choked on me20:24
ewindischayoung: yeah, the oslo-config thing has been a bit of a pain to come this late. I had to rebase and fix merge conflicts on a  changes that just needed a +2…20:24
lifelessclarkb: well, there are clearly several routes to fix it.20:24
lifelessclarkb: the Mismatch object's details dict needs to be str->Content though20:24
clarkbok20:24
lifelessclarkb: its currently str->str AFAICT20:25
lifelessat least in this failure mode20:25
danpblifeless: i've already posted exactly that fix20:25
lifelessdanpb: oh cool20:25
clarkbwoot20:25
lifelessdanpb: I missed that while I took Cynthia to school20:25
lifelessdanpb: linky link ?20:25
danpbhttps://review.openstack.org/#/c/22350/20:26
*** radez_g0n3 is now known as radez20:26
danpbpresume this is a new API requirement by latest testtools ?  since i swear this xml matcher did the right thing in the past20:27
*** yolanda has joined #openstack-dev20:30
*** dachary has joined #openstack-dev20:30
*** pabelanger has joined #openstack-dev20:31
lifelessdevananda: https://review.openstack.org/#/c/21481/ needs a rebase20:32
lifelessdanpb: I don't believe so20:33
lifelessdanpb: last changed may 201020:34
lifelessdanpb: sorry, june 2010.20:34
danpboh, wierd20:34
danpbmaybe we were just lucky that it didn't previously trip up the test harness20:35
lifelessYeah, I think you had no failures there until now20:35
devanandalifeless: yes, and needed a fix as well. about to do push it again20:35
lifelessdevananda: ah cool20:36
ayoungdolphm, OK,  after I did a pip instll and reran the tests, building the venv continued to the point that I got and an error, but the tests seem to be running.20:38
dolphmayoung: what was the error?20:38
ayoungdolphm, could not apply redhat-greelet patch?20:38
ayounggreenlet20:38
*** jimfehlig has joined #openstack-dev20:38
*** digitalsanctum has quit IRC20:39
ayounggyee, File "/opt/stack/keystone/tests/test_v3_auth.py", line 276, in test_revoke_token20:39
ayoungfailed after rebase.20:39
ayoungI think that was the only failure20:40
ayoung{"error": {"message": "revocation_list() got an unexpected keyword argument 'PKI'", "code": 400, "title": "Bad Request"}}20:40
ewindischdhellmann: re:redis-driver -- thoughts to agreeing to the tests and letting me add mock-outs later?20:40
ayoungI wonder if something is parsing the OS:PKI url?20:40
gyeeayoung, yeah, we need to change it to OS-PKI instead20:40
*** lglenden_ has joined #openstack-dev20:41
dhellmannewindisch: yeah, that makes sense20:41
dhellmannewindisch: I'll post on the changeset after this meeting ends20:41
ayounggyee, coo20:42
ewindischthanks20:42
dolphmgyee: my bad20:42
*** pixelbeat has quit IRC20:42
*** armaan has quit IRC20:43
*** lglenden has quit IRC20:44
ayounggyee, when you post for review, clean up the commit message20:44
gyeeayoung, you want me to remove the bp/s in the commit?20:45
ayounggyee, nah20:45
ayounggyee, just put a top level description20:45
ayoungv3 auth api20:45
gyeeI did20:45
ayounghttps://review.openstack.org/#/c/21487  doesn't show it20:46
*** sulrich has joined #openstack-dev20:46
devanandalifeless: 21481 is up, with a vastly different test_migrations file20:46
lifelessdevananda: want eyeballs?20:46
devanandalifeless: please20:47
devanandalifeless: this is holding up the whole stack :(20:47
ayounggyee, do you have  new one to post?20:47
ayoungIf not, I can fix and repost20:47
gyeeayoung, yeah, in a min20:47
*** annegentle has quit IRC20:47
*** agentle_ has joined #openstack-dev20:47
ayounggyee, you figure out your venv issues?20:49
gyeeayoung, yeah, I had to manually do a few things20:53
*** yolanda has quit IRC20:53
gyeethe tests are running now20:53
*** Gomes has quit IRC20:54
*** digitalsanctum has joined #openstack-dev20:55
*** stevebaker has quit IRC20:57
gyeeayoung, dolphm, https://review.openstack.org/#/c/2148720:58
*** dprince has quit IRC20:59
*** digitalsanctum has quit IRC21:01
*** epim has joined #openstack-dev21:01
*** digitalsanctum has joined #openstack-dev21:02
hemnagate-tempest-devstack-vm-full is failing now due to missing nova.networks table not existing.21:02
*** timello_ has quit IRC21:02
dolphmgyee: you modified pip-requries21:05
*** olaph has quit IRC21:05
*** maurosr has quit IRC21:06
*** olaph has joined #openstack-dev21:06
devanandalifeless: also, care to remove your -1 on 21605 since there is now a bug tracking the issue you raised?21:06
gyeedolphm, yeah, sorry, corrected it21:08
ayoungdolphm, how do filters show up in the controllers?21:08
openstackgerritA change was merged to openstack/quantum: Improve error handling when nvp and quantum are out of sync  https://review.openstack.org/2212821:08
dolphmgyee: trying to use v3 auth and it's not going well21:08
*** johnpur has joined #openstack-dev21:09
gyeedolphm, what's the issue?21:09
dolphmgyee: keystone.common.controller.protected doesn't work with v3 tokens21:09
lifelessdevananda: there is?21:10
dolphmgyee: i'd like to see the v3 tests actually using v3 auth instead of bypassing it with 'ADMIN'21:10
devanandalifeless: https://bugs.launchpad.net/nova/+bug/112951921:10
uvirtbotLaunchpad bug 1129519 in nova "ComputeManager running_deleted_instances doesn't support instance uuids" [Undecided,New]21:10
gyeecontroller.protected works with that authenticate call21:11
lifelessdevananda: ah. Is that the only method that needs us to cache the instance name ?21:11
*** matiu_ has joined #openstack-dev21:11
*** matiu_ has quit IRC21:11
*** matiu_ has joined #openstack-dev21:11
lifelessdevananda: and did you look at just doing a try:except: within it ?21:11
lifelessin the same way as _get_instances_on_driver ?21:12
devanandalifeless: based on a chat with vishy, it's generally a good thing if baremetal acts like other hypervisors and supports the (legacy) list_instances() method, which is supposed to return names, not uuids21:12
devanandalifeless: naturally, baremetal also needs to support list_instance_uuids(). but the solution is not to change the list_instances() interface on all the other drivers....21:12
ayounggyee, OK, my review now official depends on yours21:13
lifelessdevananda: I thought the general idea with legacy things was to move all the generic code to avoid it21:13
*** johnpur has left #openstack-dev21:13
lifelessdevananda: so that it becomes ... legacy21:13
gyeeayoung, which one?21:13
lifelessdevananda: this sounds like we're not doing that?21:13
dolphmgyee: i'm looking at changing the keystone_admin role in default_fixtures to just be 'admin', which matches policy.json21:13
devanandalifeless: instead of trying to wedge in a patch to nova at the last minute, i'd rather add support for a common (if old) interface to baremetal that it was sorely lacking21:13
dolphmgyee: then user_foo is admin for free21:14
lifelessdevananda: I don't quite follow the last minute thing21:14
lifelessdevananda: is there some special time pressure here?21:14
dolphmgyee: but of course the produced tokens won't work with @protected21:14
devanandalifeless: uh, yes... today is the cutoff ...21:14
*** matiu_ has quit IRC21:14
lifelessdevananda: for what?21:14
gyeedolphm, that's still not going to work21:14
lifelessdevananda: I mean, I know about g3.21:15
gyeeuser_foo don't not have admin role by default21:15
*** timello_ has joined #openstack-dev21:15
gyeedoes not21:15
lifelessdevananda: but - baremetal is not going to be prod ready in G21:15
dolphmgyee: a lot of the setUp methods grant keystone_admin to user_foo21:15
lifelessdevananda: so, I'm worried about caching the name only because I don't understand the semantics21:16
lifelessdevananda: because other drivers are so varied in their implementations.21:16
*** yidclare has quit IRC21:16
*** donaldh has joined #openstack-dev21:16
lifelessdevananda: at the moment we depend on the manager layer's mapping of uuid->name , which means we dont' need to care, with one exception21:16
devanandalifeless: fwiw, we already have folks trying to use it. no, it's not prod ready at scale, but it _should_ be usable in small environments, and this is one of the bugs which prevents that right now21:16
lifelessand that is dangling instances21:17
gyeedolphm, I don't we'll need to change all our tests to grant admin role21:17
gyeeseems like a separate review to me21:17
dolphmgyee: no you don't -- 1 min21:18
gyees/don't/think21:18
lifelessso it seems to me that the conservative - less risky thing - is to fix the one code path that remains that calls list_instances, rather than adding an implementation that might not really match.21:18
*** kmartin has quit IRC21:18
dolphmgyee: the v3 tokens coming out of hte token backend don't look anything like v2 tokens21:18
dolphmgyee: you created a container called token_data?21:19
*** unix has quit IRC21:19
*** nerd has joined #openstack-dev21:19
*** Mr_T has joined #openstack-dev21:19
gyeedolphm, should be the same as in the spec21:19
dolphmgyee: i'm talking about the backend, ignoring the API layer21:19
cp16netdoes there exist a way to migrate/resize an instance to a specific host with admin priv?21:19
cp16netunless i am missing something this doesnt seem possible21:20
lifelessdevananda: I've removed my minus 121:20
lifelessdevananda: but I still think its a mistake; just don't want to have a long conversation, other opinions are still valid :)21:20
*** yidclare has joined #openstack-dev21:20
lifelessdevananda: so the decision is up to you.21:20
cp16neti see the create allows you to do scheduler_hints to force_hosts=['host1']21:20
gyeedolphm, where do you see the token_data container?21:21
dolphmgyee: this is what i'm getting out of token_api.get_token() http://paste.openstack.org/raw/31975/21:21
lifelessdevananda: I don't see anything incorrect in the details of the change, its all conceptual.21:21
dolphmgyee: there was another expires in there which was actually a datetime object, and not json serializable, so i pulled that out so i could use json.dumps()21:22
gyeedolphm, yeah, that's for storing the token21:23
dolphmayoung: #openstack-meeting21:23
gyeewe don't need to store bits and pieces21:23
dolphmgyee: what you store in the backend for v2 should be identical for what you store in the backend for v321:23
gyeedolphm no need to21:24
gyeev2 and v3 token data are not interchangeable21:24
dolphmgyee: YES, you need to -- otherwise you run into the exact failure i'm seeing21:24
dolphmgyee: the data is NOT compatible21:24
gyeethey are not supposed to21:24
*** aeperezt has quit IRC21:24
devanandalifeless: thanks :) from an idealistic POV, I agree that it would be great if everything used UUIDs, but looking at other drivers, I'd also like to have parity with them. Having a non-functional list_instances() just doesn't make sense, even if nothing calls it right now.21:24
dolphmgyee: so a token generated on v3 is unusable on v2 and vice versa?21:25
gyeeno21:25
gyeecan't validate a v2 token with v3 auth api21:26
dolphmgyee: ... why not21:26
dolphmheckj: ^^21:26
gyeev3 token data format is competely different21:26
gyeedomains, auth methods, etc21:26
dolphmgyee: it should still validate, they both have id's21:26
dolphmgyee: v2 tokens have a domain as well, it's just default'21:27
gyeeif we have use cases that mixes v2 and v3 APIs we have a serious problem21:27
*** aeperezt has joined #openstack-dev21:28
openstackgerritA change was merged to openstack/cinder: XenAPINFS: fix capacity reporting  https://review.openstack.org/2218721:28
dolphmgyee: we're supporting a mixed deployment for the next two releases21:28
openstackgerritA change was merged to openstack/cinder: Skip tests if cinder is not installed  https://review.openstack.org/2219521:29
*** kmartin has joined #openstack-dev21:29
gyeedolphm, that's going to suck21:29
heckjgyee: yes, it does21:29
gyeecan you imagine validating a v3 token with v2 api?21:29
dolphmgyee: uh huh, but that's sort of our promise of backwards compatibility21:29
dolphmgyee: yes i can21:29
heckjgyee: even if the V3 auth can't handle a V2 token, we need to ahve the V2 API avialable to do so21:29
gyeev2 clients are going to choke on the v3 token data21:29
heckjso the back-end data *must* support both at the same time21:29
dolphmgyee: v2 clients should be able to receive a v3 token **ID** and work with it21:30
*** adjohn has quit IRC21:30
gyeedolphm, how does v2 client handle v3 token data returned from token validation?21:30
heckjThere's not going to be a hard cut/swtich to this - we need to handle it gracefully21:30
dolphmgyee: keystone needs to return v2 token data for a v3 token ID21:31
gyeethe format is completely different21:31
dolphmgyee: the format is a superficial issue at the controller level, it's not something that should have leaked to the driver21:31
*** pabelanger has quit IRC21:31
gyeedolphm, what if domain is involved?21:31
dolphmgyee: that's where default domain comes in21:31
gyeecatalog is completely different as well21:32
dolphmgyee: v2 controllers assume 'default' domain when calling drivers, so if the token is not applicable to the 'default' domain, it raises 40121:32
gyeedolphm, then we are inconsistent in backward compatible21:32
lifelessdevananda: I don't think we have to change other drivers though21:32
dolphmgyee: the v2 catalog controllers are currently transalating v2 requests to a v3-"aware driver21:32
dolphm"aware"21:32
lifelessdevananda: as long as the core doesn't call list_instances without trying list_instance_uuids, why should we care?21:33
dolphmgyee: the whole goal of the 'default' domain was to make it an opt-in to start using v3 and multi-domain deployments21:33
devanandalifeless: cause an incomplete or broken API is just generally a bad thing?21:33
lifelessdevananda: and list_instances is not broken ?21:34
dolphmgyee: you should be able to start using a v3 aware client intermixed with v2 aware clients as long as you don't go multi-domain (or you understand that v2 clients are limited to default domain resources)21:34
lifelessdevananda: by comparison, look at the legacy/new nwinfo stuff21:34
lifelessdevananda: the legacy is something to eliminate wherever possible; I see this the same way.21:35
*** voliveirajr has quit IRC21:35
lifelessdevananda: its a defective API whose use is a mistake, and implementations are only needed to support us while we migrate the calling code.21:35
devanandasdague: got a moment to re+2 21855? I changed the comment in it yesterday...21:35
gyeedolphm, so we are saying v3 client will take to one instance of keystone to get a v3 token then turn around and use it to take to a service which is running a v2 instance of keystone?21:35
devanandalifeless: except that several other drivers don't implement list_instance_uuids at all, afaict21:36
dolphmgyee: all of this to say that the data in/out of the token driver should be identical regardless of the API/controller it's being utilized from21:36
devanandalifeless: so it's not really a legacy api21:36
gyees/take/talk/21:36
dolphmgyee: sure21:36
devanandas/it/list_instances/21:36
openstackgerritA change was merged to openstack/oslo-config: Add AUTHORS and ChangeLog to .gitignore.  https://review.openstack.org/2234621:36
dolphmgyee: although i assume that by 'v2 instance of keystone' you mean 'v2-aware version of auth_token'21:37
*** pabelanger has joined #openstack-dev21:37
dolphmgyee: (we're not mixing folsom and grizzly installs of keystone in the same deployment)21:37
gyeedolphm, only way we can get into this scenario is that we have v2 and v3 instances in the same env21:37
*** rkukura has quit IRC21:38
dolphmgyee: right now, today, at this moment, auth_token is hardcoded on v2 and openstackclient is being written against v3 ... so we will have tokens produced on v3 being validated against v2 for all of grizzly21:38
sdaguelifeless: hey, so syncing up about where the matcher stuff stands21:38
dolphmgyee: (considering a few steps away from v3-aware auth_token at the moment, even if it lands soon, i doubt it'll make it into grizzly docs)21:39
*** johnpur has joined #openstack-dev21:39
*** adjohn has joined #openstack-dev21:40
lifelesssdague: danpb has a patch just needs +2's.21:40
lifelesssdague: see backscroll21:40
openstackgerritA change was merged to openstack/oslo-config: Refactor _cparser_get_with_deprecated()  https://review.openstack.org/2207421:40
gyeedolphm, that fine, so I presume domain-scoped is not going to work as well21:40
openstackgerritA change was merged to openstack/oslo-config: Allow MultiConfigParser get from mutliple sections  https://review.openstack.org/2207521:40
lifelessdevananda: network stuff is the same21:40
*** stevebaker has joined #openstack-dev21:40
dolphmgyee: right, a domain scoped token has no authz on v221:40
*** eglynn_ has joined #openstack-dev21:41
lifelessdevananda: some drivers do the old, some do the new, as the code base is mid-migration21:41
lifelessdevananda: but that doesn't make the old code non-legacy.21:41
dolphmgyee: i'd be fine if it returned an unscoped token on v2?21:41
lifelessdevananda: I don't see whats different here.21:41
dolphmvalidated* as an unscoped token21:41
sdaguelifeless: ok, so that fixes that Matcher, but it still means it's trivially easy to sneak broken tests past testr21:41
gyeeif we are going to store the same data as v2, we really don't have much of a choice21:42
gyeeit will be treated as unscoped21:42
*** eglynn has quit IRC21:42
*** cp16net is now known as cp16net|away21:45
*** rnirmal has quit IRC21:47
lifelesssdague: otp, one minute21:47
openstackgerritA change was merged to openstack/glance: Create connection for each qpid notification.  https://review.openstack.org/2220621:49
openstackgerritA change was merged to openstack/cinder: Update Storwize/SVC driver for Grizzly.  https://review.openstack.org/2145721:50
openstackgerritA change was merged to openstack/quantum: Support Port Binding Extension in BigSwitch plugin  https://review.openstack.org/2223921:50
*** dolphm has quit IRC21:50
*** gray--_ has joined #openstack-dev21:51
*** martine has quit IRC21:53
*** esp has left #openstack-dev21:54
*** zyluo has quit IRC21:55
lifelesssdague: hi21:57
lifelesssdague: yes, the existing subunit stream can be corrupted; thats why - http://rbtcollins.wordpress.com/21:57
lifelesssdague: new subunit protocol with much better handling of test runners that go boom21:58
lifelesssdague: or tests that hang21:58
*** pcm_ has quit IRC21:58
*** markvoelker has quit IRC21:58
*** esp has joined #openstack-dev21:58
lifelesssdague: I'll get a fix for the ConcurrentTestSuite in place in testtools shortly as well, we clearly don't want to fail to record failures :)21:59
*** cp16net|away is now known as cp16net22:00
*** kagan has joined #openstack-dev22:00
sdaguelifeless: ok cool :)22:00
*** danpb has quit IRC22:01
lifelesssdague: this is a particularly egregious foot-gun22:01
lifelesssdague: because we have a result object that is streaming potentially GB's of stuff out but its all one protocol unit22:02
ttxvishy: around ?22:02
*** hugokuo has joined #openstack-dev22:02
gray--_hi chaps, i've run into this issue on ubuntu 12.10, https://bugs.launchpad.net/nova/+bug/993663, with this ver: 2012.2.1+stable-20121212-a99a802e-0ubuntu1.122:02
ttxclarkb, jeblair: around ?22:02
uvirtbotLaunchpad bug 993663 in nova "[SRU] dns_domains table mysql charset is 'latin1'. Should be 'utf8'" [Medium,Fix released]22:02
clarkbttx: yes22:02
jeblairttx: o/22:02
lifelesssdague: I'm inclined to paper over it and focus on the new codebase which is nearly at the point we could start consuming it [though the python API wouldn't be stable until at least after pycon when I hope to corner voidspace on it :)]22:03
ttxclarkb, jeblair: so it was suggested to turn off some tests in order to have the gate process all the stuff22:03
*** gary_th has joined #openstack-dev22:03
*** zing has quit IRC22:03
sdaguelifeless: well as long as we don't run into this situation again22:03
ttxin time for a feature freeze pushed back on e day, ending tomorrow EOD22:03
clarkbttx: jeblair in particular the tempest tests because they take an hour and a half often22:04
ttxI'm not a big fan of it, but I guess that risk is limited if we use the check results as a pre-approval test22:04
jeblairttx: nobody does that22:04
lifelesssdague: paper over -- not ignore :).22:04
gray--_was this expected to have been backported into ubuntu's nova-common22:04
gray--_?22:04
*** mlavalle has joined #openstack-dev22:05
jeblairttx: i'm not a fan of it either.22:05
lifelesssdague: I'll put an appropriate error thingy into the except clause, and we'll say no more about it22:05
sdaguelifeless: great, appreciate it22:05
lifelesssdague: vs fixing the generator to handle details blowing up...22:05
gray--_seems a pretty fundamental issue on a vanilla ubuntu install22:05
jeblairttx: are people ignoring flakey tests?22:05
clarkbttx: jeblair neither am I. a couple problems with it are check tests can be ignored and check tests don't check in the order thigns are merged22:05
sdagueonce that's in, and we're past queue full, I'll bump all the projects22:05
sorenI haven't followed this closely... Do we really have so many patches landing right now that 1½ to merge one is a big problem?22:05
sdaguejeblair: the issue is raw volume22:05
ttxsoren: yes22:06
jeblairsdague: i'm not sure i agree with that22:06
clarkbsoren: http://status.openstack.org/zuul/ gives you the current queues22:06
soren1½ hours, I mean.22:06
*** garyTh has quit IRC22:06
jeblairsdague: volume only matters if patches fail tests22:06
sdaguejeblair: well pypi breaking all to hell blew everything out of the water this morning22:06
jeblairlet's be clear what we're saying:  "Testing OpenStack doesn't work very well and takes so long that we don't want to do it any more."22:06
*** eglynn_ has quit IRC22:06
jeblairsdague: indeed, not arguing there, and we were poised to take drastic action to fix that, but it is not necessary because pypi is working now22:07
sdaguejeblair: I agree with you, I'm trying to bring balanced perspective22:07
sorenOh, there isnt a per-project queue, but rather a global one?22:07
ttxunfortunately the ones pushing for that are not around22:07
ttxsoren:  yes22:07
sdaguesoren: yes, it's a global queue22:07
jeblairsoren: OpenStack is one project.22:07
clarkbsoren: yes because the integration tests check that one project doesn't break another22:07
ttxvishy: ping22:07
sdaguettx: where's vishy ?22:07
vishyhi22:08
ttxhah, here he comes22:08
ttxprepare the rotten tomatoes22:08
sdaguejeblair: is there an easy way to see what keeps failing in the gate?22:08
* vishy puts on his helmet22:08
sorenclarkb: Yeah, makes sense, just hadn't really thought about that.22:08
sdaguelike a list of all the rejected jobs? maybe there is a pattern22:08
*** stevebaker has quit IRC22:08
clarkbsdague: we can get a list.22:09
*** zaneb has joined #openstack-dev22:09
jeblairsdague: i imagine the tempest jobs cause most of the failures, because they are the ones common to multiple projects22:09
vishyso looking at the current nova queue of things that have to go in for ffe22:09
vishywe may be able to squeak by22:09
jeblairsdague: though the actual _causes_ are more interesting, and ideally listed here: http://status.openstack.org/rechecks/22:09
ttxvishy: we could also limit the number of OTHER reviews being approved22:09
jeblairsdague: (but that relies on people)22:09
vishybut time to merge is getting pretty frustrating :)22:09
sdaguejeblair: right, and it's not time boxed22:09
ttxi.e. stop approving random patches, concentrate on prio stuff22:09
sdaguewhat I really want to know is how many queue resets did we have today22:09
sdagueand what caused them22:10
ttxthere aren't that many changes tat are feature-related in queue22:10
buzztroll_Are any glance folks around?  I am wondering if the location of images which are stored outside of glance should be returned in the metadata22:10
jeblairsdague: what _job_ caused them or what _bug_ caused them?22:10
openstackgerritA change was merged to openstack/oslo-incubator: Support RPC envelopes in impl_zmq  https://review.openstack.org/2179022:10
buzztroll_they currently are not, and i am wondering if this is a bug or a feature22:10
ttxvishy: I hate the idea of disabling tests just because everyone wants to push their change at the very end22:10
sdaguettx: yeh, well telling everyone to put down the +A would solve it from that side as well22:10
*** dontalton has joined #openstack-dev22:11
ttxwe could ask all -core to stop approving non blueprint-stuff for a day or two22:11
*** winston-d has quit IRC22:11
ttxonly approve targeted blueprints code22:11
clarkboff the top of my head there are a couple problems that have been slowing down the gate lately22:11
ttxso that the queue prioritizes correctly22:11
ttxvishy: would that work for you ?22:12
ttxvishy: + 24/7 support from Infra team watching the queue when it chokes ?22:12
clarkbhttps://bugs.launchpad.net/glance/+bug/1108985 happens fairly frequently. The quantum tests fail a bit due to instances not becoming active. volume tests fail for the same reason. and when Jenkins gets overloaded it loses connectivity to its slaves22:12
uvirtbotLaunchpad bug 1108985 in glance "Spurious ECONNREFUSED errors during Glance unit tests" [Undecided,New]22:12
vishywe could try22:12
russellbfwiw it's not just this week, people have been annoyed for the last few weeks with how long stuff takes to get merged22:12
dansmith+122:12
rainyai know it was a point of annoyance for the last two status projects at least22:12
ttxrussellb: the problem is only in the number of false negatives in tests22:12
ttxwithout false negatives, you can consider merging is instant22:13
jeblairrussellb: is anyone annoyed enough to fix the bugs?22:13
jeblairhttps://bugs.launchpad.net/glance/+bug/110898522:13
ttx(i.e. merging n+1 is not longer than merging n)22:13
*** winston-d has joined #openstack-dev22:13
jeblair^ that one clarkb pointed out is huge and according to lp, no one is working on it.22:13
uvirtbotjeblair: Error: "that" is not a valid command.22:13
ttxOK, so here is my proposal...22:14
clarkbit affects devstack and glance unittests. each time it fails in the gate everything behind it must restart22:14
ttx* Ask core to only approve targeted blueprints for a day22:14
*** vuntz has quit IRC22:14
ttx* Sped extra cycles fixing test false negatives causing rechecks22:14
ttxSpend22:14
*** gabrielhurley has quit IRC22:14
jeblairfwiw, clarkb and mordred are trying very hard to get hpcloud to increase our cloud account quota there22:15
ttx* Infra does not sleep and fix new issues if any come along22:15
*** zyluo has joined #openstack-dev22:15
*** vuntz has joined #openstack-dev22:15
clarkbalso, merge conflicts stop everything22:15
ttxvishy: would that work for you ? Should we try ?22:15
jeblairhpcloud is running tempest in 40 minutes or less there, as opposed to 90 minutes or more on rackspace.  :(22:15
clarkbif you want to be careful you can try and check that the code you are approving can actually merge22:15
sdagueclarkb: that's non solvable with more resources22:16
vishylets try it22:16
vishyif we need to reevaluate tomorrow we can22:16
ttxI can announce the FF extension and the temporary approval rule22:16
clarkbsdague: in theory you can click the rebase button in gerrit and don't approve if it cannot rebase22:16
ttxand reevaluate early tomorrow22:16
lifelessjeblair: do we need more hp instances ?22:16
jeblairttx, vishy: ^ clarkb's 'rebase' suggestion is pretty good22:16
sdagueclarkb: yeh, though the collisions that we most often get wouldn't be solved by that22:16
jeblairlifeless: we've needed them for a week but getting them hasn't been going well.22:16
lifelessjeblair: oh, I see you are on that in backscroll...22:16
sdagueapi samples is the fun one there22:17
clarkblifeless: yeah I think I derped the request on friday22:17
lifelessclarkb: doh!22:17
vishyinteresting idea on rebase22:17
jeblairwe _are_ seeing a lot of merge conflicts22:17
*** stevebaker has joined #openstack-dev22:17
sdaguejeblair: any chance the rebase check could happen first automatically?22:18
*** lcheng has quit IRC22:18
*** Mr_T has left #openstack-dev22:18
sdagueI keep trying to think of ways we can throw things out early22:18
jeblairsdague: clarkb has been working on speeding that up, but it's...complicated22:19
sdagueyeh, understood22:19
jeblairsdague: enough so that even if we had a patch in hand for it, i don't think we'd merge it this week due to potential disruption.22:19
sdagueyep, fair22:19
jeblairsdague: (since we already reverted a first attempt at that because of unanticipated consequences)22:20
jeblairit's possible, though conterintuitive, that we might speed things up by reducing rackspace's contribution to the node pool22:20
*** salv-orlando_ has joined #openstack-dev22:21
jeblairwe don't have enough hpcloud machines to meet demand, but since they turn over faster, it may be a net win22:21
*** njoy1__ has joined #openstack-dev22:21
openstackgerritA change was merged to openstack/quantum: Update latest OSLO files  https://review.openstack.org/2230222:21
sdagueyeh it's too bad you can't place them first in the queue22:21
sdagueor what about dedicating all the hp nodes to the gate instead of the check?22:22
*** anteaya has left #openstack-dev22:22
*** woodspa has quit IRC22:22
clarkbthats a possibility. we would need to update a bunch of jenkins jobs but that mostly automagic22:22
jeblairttx: i'm surveying the recheck bugs, and they mostly seem to be getting ignored22:22
lifelessjeblair: ttx: recheck bugs should be critical, no ?22:23
clarkbjeblair: what do you think about changing the label on hpcloud instances and devoting them to the gate?22:23
jeblairclarkb: we'd have to make new jobs22:23
clarkbhmm that would require a zuul restart too22:23
clarkbyeah22:23
sdaguezuul will be empty in the morning22:23
sdaguethere were only 5 jobs in zuul at 7:30am EST today22:24
*** brucer has joined #openstack-dev22:24
jeblairclarkb: actually, not new jobs, i think...22:24
*** salv-orlando has quit IRC22:24
*** salv-orlando_ is now known as salv-orlando22:24
jeblairclarkb: i believe the node is already a parameter, so we could update the parameter function to add that info22:24
*** njoy_ has quit IRC22:25
jeblairon the plus side, we'd have finer control over which resources we give to which pipeline...22:25
jeblairon the other hand, we would be partitioning our resources22:25
clarkbit opens us to catastrophic failure like pypi this mornign (eg hpcloud goes down)22:26
jeblairclarkb: (but that's still a zuul config change, so a bit disruptive)22:26
sdaguejeblair: I think right now that's ok, the real constraint is on the gate side22:26
ttxlifeless: yes, as well as security bugs. Use common sense :)22:26
sdagueclarkb: sure, but if the gate queue crashes, no one will care if you have to restart zuul to flip it to the other cloud22:26
jeblairsdague: hopefully we'll get new test resources soon too, enough so that that matters less.22:26
ttxYou have reached your quota for directly contacting other Launchpad users. You can try again in 23 hours.22:26
ttxpfff22:26
clarkbttx: nice22:27
lifelessttx: I don't have triage acls on most projects; I was curious about policy :)22:27
sdaguettx: man, even with your karma?22:27
lifelessits not karma based22:27
lifelessvery simple code22:27
*** kmansel has joined #openstack-dev22:27
openstackgerritA change was merged to openstack/oslo-incubator: Add function for listing native threads to eventlet backdoor  https://review.openstack.org/2219722:27
ttxok, so I need someone to warn quantum/cinder reviewerzs22:28
*** rods has quit IRC22:28
*** stevebaker has quit IRC22:29
*** AlanClark__ has quit IRC22:29
ttxdanwent, jgriffith: please relay http://lists.openstack.org/pipermail/openstack-dev/2013-February/005841.html to your core reviewers22:30
*** AlanClark__ has joined #openstack-dev22:30
jgriffithttx: check22:30
*** nati_ueno has quit IRC22:30
ttxor someone can run https://launchpad.net/~quantum-core/+contactuser :)22:30
danwentttx: but you're ok with quantum not doing the extension, correct?22:31
danwentits just that we should also hold off on bug fixes?22:31
ttxdanwent: not doing the extension ?22:32
ttxdanwent: ideally bugfixes would get in Thursday, in time for G322:32
*** Yada has left #openstack-dev22:33
danwentttx: yes, my plan was to still hold the requirement that quantum blueprints are done by tonight.22:33
*** jbr_1 has quit IRC22:33
ttxdanwent: oh, you mean not extending Feature Freeze for you22:33
danwentttx: yes22:33
danwentno22:33
danwentor maybe yes, depending on what you mean :)22:33
danwentas in, if something is not in by tonight for quantum, it needs an FFE22:34
danwentrather than allowing people to push any blueprint in past the deadline tonight22:34
jeblairsdague, ttx: i've changed the pool config so we shouldn't get any more precise nodes from rax.  we'll see if hpcloud only will speed things up.22:34
ttxdanwent: your call22:34
danwentttx: k22:34
ttxdanwent: if you want, I can cut milestone-proposed for quantum g3 tomorrow morning22:34
*** nati_ueno has joined #openstack-dev22:34
ttxeffectively declaring feature freeze for quantum22:35
danwentttx: no need to break the routine, i will just enforce it with reviews.22:35
*** pabelanger has quit IRC22:35
sdaguejeblair: can you pull them out of the check queue?22:36
sdagueso they will only be on the gate22:36
sdagueand checks can't eat them up22:36
*** epim has quit IRC22:37
*** nati_ueno_2 has joined #openstack-dev22:37
*** stevebaker has joined #openstack-dev22:38
SpamapSlifeless: how hard would you estimate it might be to have the ec2 metadata service implement SSL?22:39
gyeedolphm, heckj, for PKI tokens, token data is baked into the token itself22:40
jeblairsdague: that's what clarkb and i were discussing; it would require a few changes and a bit of time to do, but it's possible.  i'm thinking it is probably worth it, but realistically, i'm not sure it could be in place before tomorrow.22:40
gyeeso we can't really expect data compatibility in that case22:41
sdaguejeblair: ok22:41
*** bswartz has quit IRC22:42
*** gray--_ is now known as gray--22:42
henrynashdolphm, gyee: in regards to the protected wrapper in the controllers not understanding the token format, I have that change in my query filter patch: https://review.openstack.org/#/c/22223/22:42
*** jpich has quit IRC22:43
lifelessSpamapS: if the API server is running SSL it probably already does22:44
lifelessSpamapS: try having that setup, an iptables rule for port 443 on 169.254.169.254 as well as port 8022:44
*** shardy is now known as shardy_afk22:44
lifelessSpamapS: and see what happens22:44
gyeehenrynash, for v3, roles are no longer stashed under the user container22:45
gyeethe are part of root container22:45
SpamapSlifeless: thats what I think too. So perhaps just making it possible to have multiple metadata ports would be enough. Hm22:45
henrynashgyee: err, you mean in the token?22:46
gyeehenrynash, correct, it will be token['roles'] instead of token['user']['roles']22:47
henrynashgyee: have we updated the spec on that?  Doesn't seem to be what it says right now...22:47
*** buzztroll_ has quit IRC22:47
*** afazekas has quit IRC22:48
*** jergerber has quit IRC22:48
gyeehenrynash, yes, https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md22:49
*** dolphm has joined #openstack-dev22:50
henrynashgyee: damn….somehow I didn't sync that change…ok, I'll fix that in my patch22:50
*** dolphm has quit IRC22:50
henrynashgyee: thx22:50
*** gray-- has quit IRC22:50
*** dolphm has joined #openstack-dev22:50
zykes-ttx: ping; when does the summit talk registration close ?22:51
SpamapSlifeless: darn, don't think I can fake it with stunnel because it changes the source IP.22:51
dolphmgyee: ayoung: heckj: henrynash: did i miss anything in the past hour?22:53
zykes-or does anyone else know ?22:53
henrynashdolphm: only just back on myself22:53
dolphmzykes-: i heard it was supposed to have already closed, but was briefly extended -- not even sure if it's still open22:53
*** Ryan_Lane has quit IRC22:53
gyeedolphm, I just submitted another patch22:54
*** Ryan_Lane has joined #openstack-dev22:54
gyeeand added a test for v2-v3 intermix22:54
*** johnpur has quit IRC22:55
henrynashgyee: do we need to clone oslo now for your patch?22:55
gyeehenrynash, no22:55
henrynashgyee: where does olso.config come from?22:56
*** Ryan_Lane has quit IRC22:56
gyeehenryhash, see tools/pip-requires22:56
gyeeyou need to install it over http22:56
dolphmgyee: i meant to send this to you earlier http://paste.openstack.org/raw/31993/22:56
zykes-dolphm: seems it just opened :p22:56
zykes-6 days ago that is22:56
zykes-http://summit.openstack.org/22:56
dolphmgyee: i think this is based on your patch 1222:57
dolphmzykes-: ooh, i was thinking of the other half of the conference i suppose22:57
*** pixelbeat has joined #openstack-dev22:58
gyeedolphm, thanks, lemme check22:58
zykes-dolphm: which one you mean then ?22:58
russellbheh, it appears an improperly dated post will be on top of planet.openstack.org for a while ...22:59
dolphmzykes-: the talks that developers don't care about22:59
zykes-dolphm: I was wanting to do dev stuff yes :p22:59
zykes-dolphm: as in Billing or network stuff maybe22:59
dolphmzykes-: cool, yeah design summit stuff definitely just opened :)23:00
*** openstackgerrit has quit IRC23:00
Kiallzykes-, you going to make it?23:00
dolphmzykes-: "The call for speakers for the  OpenStack Summit Spring 2013 is now open. The deadline for speaker submissions is February 15, 2013. We will again be making the submissions public for community vote starting February 18, with the goal of locking the "Conference" portion of the agenda by March 11."23:00
zykes-Kiall: uncertain yet23:00
dolphmzykes-: from http://www.openstack.org/summit/portland-2013/23:00
*** esp has quit IRC23:00
*** soren has quit IRC23:00
*** esp has joined #openstack-dev23:00
*** soren has joined #openstack-dev23:01
*** Ryan_Lane has joined #openstack-dev23:01
dolphmhenrynash: i had no trouble running pip install -r tools/pip-requires23:01
henrynashdolphm: just about to do the smae23:01
henrynashsame23:01
*** john5223 has quit IRC23:03
*** lglenden_ has quit IRC23:04
*** tiamar has joined #openstack-dev23:06
*** metral_ has quit IRC23:06
*** dosaboy has quit IRC23:07
dolphmgyee: can you explain why PKI tokens generated on v3 don't work on v2?23:07
dolphmgyee: you should also have a test in the opposite direction -- a token generated on v2 should work on v323:07
*** Ryan_Lane has quit IRC23:09
*** digitalsanctum has quit IRC23:09
*** digitalsanctum has joined #openstack-dev23:10
*** mtreinish has quit IRC23:11
gyeedolphm, is v2 to v3 a valid use case?23:11
gyeeI thought we only need to worry about v3 to v223:11
*** zaneb has quit IRC23:12
ayoungdolphm, gyee BTW I just submitted http://summit.openstack.org/cfp/edit/2223:12
*** Ryan_Lane has joined #openstack-dev23:12
*** flaper87 has quit IRC23:12
dolphmgyee: compatibility goes both ways23:12
ayounggyee, do you need help with the is_admin thing?  I had to deal with it in test_v3_trusts23:13
dolphmgyee: so, technically we didn't document PKI support in folsom, I'm wondering if we can get away with saying that PKI tokens *only* work on v3 -- but we need to update client support correspondingly...23:13
gyeeayoung, I need help translating a v3 PKI token into a v2 PKI token23:13
dolphmheckj: ^ thoughts?23:13
gyeedolphm, +2 :)23:13
ayounggyee, ok, once you run the CMS verify call, you have the raw data.23:14
dolphmis keystoneclient the only codebase that can introspect a PKI token?23:14
ayoungfrom there you should be able to tell the format.  Is there a version field or something?23:14
ayoungdolphm, conditional yes23:15
dolphmayoung: conditional?23:15
ayoungdolphm, we used to, but not any more/23:16
ayoungso, for Grizzly, yeah, only keystone client23:16
*** kbringard has quit IRC23:16
*** bodepd has joined #openstack-dev23:17
*** dachary has quit IRC23:17
dolphmayoung: gyee: so, i'm not super familiar with the client-side validation logic... but if a v3 PKI token is given a v2 client that attempts to perform offline validation, if the token is in an unrecognizable format, will it fall back to online validation?23:17
ayoungyes it will23:18
*** dachary has joined #openstack-dev23:18
dolphmayoung: gyee: or does it only fall back if it's obviously not encrypted23:18
ayoungdolphm, it would have failed by then.,... not sure23:18
*** mjfork has quit IRC23:18
*** Ryan_Lane has quit IRC23:19
ayoungverified = self.verify_signed_token(user_token)23:20
ayoung23:20
ayoung data = json.loads(verified)23:20
*** buzztroll_ has joined #openstack-dev23:20
ayoungso all the CMS is going to do is confirm the signature23:20
*** Ryan_Lane has joined #openstack-dev23:20
ayoungthen the JSON data gets loaded.23:20
*** imsplitbit has quit IRC23:20
ayounghttps://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L88223:21
ayoungthen line https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L57523:23
gyeeright, v3 and v2 token data are incompatible23:23
gyeeso you can have an environment with mixture of v2 and v3 middleware23:23
*** maoy has quit IRC23:23
ayounggyee, but from the auth_token middleware, you get the token data as JSON23:23
ayoungcan you test a token to seeif it is v2 or v3?23:24
*** jergerber has joined #openstack-dev23:24
bodepdI get a few tempest errors about quotas when I run --smoke23:24
bodepdis there some initial config required to set up quatas properly for the smoke tests to work?23:24
ayounggyee, dolphm OK,  I have to disappear here for a few hours.23:24
ayoungI'm headed to my folks place, and I'll get back on line to check in once I am there.23:24
*** diogogmt has quit IRC23:25
henrynashdolphm: minor question, given the other subjects being discussed, but installing the oslo.config should end up creating such in keystone/Keystone, yes?23:25
*** agentle_ has quit IRC23:26
*** sacharya has quit IRC23:26
dolphmayoung: gyee: if PKI tokens can't be used in an intermixed environment, i'm not sure that PKI should be enabled by default23:27
*** digitalsanctum has quit IRC23:27
dolphmhenrynash: no, it should install into your python site-packages23:28
henrynashdolphm: hmm, ok, it complete ok, but tests still can't find it...23:29
*** ayoung has quit IRC23:29
heckjback23:29
dolphmhenrynash: when you use run_tests.sh, do you let it build a venv?23:29
dolphmheckj: o/23:29
heckjyeah - reading back23:30
*** buzztroll_ has quit IRC23:30
henrynashdolphm: only when I force it to….23:30
henrynashdolphm: I activate the .venv and did the pp install in there….23:30
heckjdolphm: henrynash, gyee : markmc has a patch going into install_venv_… for that ick, should be up shortly23:30
henrynashhoping to avoid rebuilding the whole venv23:30
dolphmheckj: so, a PKI-aware v2 client attempting to validate a v3 PKI token will decrypt it and find a structure it doesn't understand23:30
gyeedolphm, for PKI tokens, services running v2 middleware won't be able to parse a v3 PKI token23:30
heckj(at least if you use the ./run-tests.sh)23:30
dolphmheckj: that same client might not be smart enough to fall back to online validation23:31
*** buzztroll_ has joined #openstack-dev23:31
dolphmhenrynash: i don't really know how the install_venv stuff works, i manage my own virtualenv manually and always use ./run_tests.sh --no-virtual-env (-N for short)23:32
henrynashdolphm: ok, I'll fix it...thx23:33
*** soody has joined #openstack-dev23:33
heckjdolphm: henrynash: FYI: https://review.openstack.org/#/c/22368/23:33
SpamapSlifeless: so, interesting .. the way nova wants to run, you can only have metadata be SSL, or not SSL23:33
SpamapSlifeless: so to run both, we'd have to run two copies of nova-api (or fix that... ;)23:33
*** cloudchimp has quit IRC23:34
*** almaisan-away is now known as al-maisan23:34
heckjdolphm: going to run all the way over to play devil's advocate here for a sec...23:34
dolphmheckj: lol k23:34
heckjthe token format should be set by API and deployment, and while we need to support both at once, do we absolutely need to support V2 API interfaces accepting and understanding V3 tokens (and vice versa)? I think we need the client to be able to support both, but perhaps each on their own API endpoint23:35
dolphmhenrynash: missed your message earlier about activating the venv and pip installing... that should have worked :-/23:35
*** al-maisan is now known as almaisan-away23:35
*** openstackgerrit has joined #openstack-dev23:36
henrynashdolphm: indeed23:36
heckjI think the only issue with this stance would be in multiple keystone's coordinating together, but we don't have federation support at all in V2, and only the first parts of it in V323:36
dolphmheckj: so, with UUID's, there's no issue -- everyone understands them23:36
dolphmheckj: so it's not an API issue -- it's an issue with our implementation23:36
heckjso it's getting a PKI token at the client, and not knowing which version you asked from? I missing it...23:37
*** yamahata has quit IRC23:37
dolphmheckj: end user with v3 API client trying to use a service protected by v2 auth_token, for example23:37
zykes-problems with grizzly features ?23:37
*** AlanClark__ has quit IRC23:38
dolphmzykes-: yes, they aren't going23:38
*** AlanClark__ has joined #openstack-dev23:38
*** kagan has quit IRC23:38
heckjdolphm: how about I rephrase that23:38
zykes-dolphm: domain etc?23:38
dolphmzykes-: v3 auth, full stop23:38
zykes-dolphm: that is .... sad...23:39
heckjdolphm: end-user with a client that knows both V2 and V3 API, requests a V2 token - the client had the token, can now pass it in23:39
dolphmzykes-: we're all working on it :P23:39
heckjIsn't it safe to assume that the deployment will be understanding of V2 tokens since the keystone that was deployed with it generated such?23:40
SpamapShrm, has anyone used/tested the enabled_ssl_apis option in nova.conf ?23:40
dolphmheckj: absolutely23:40
dolphmheckj: there's not an issue within the scope of v2 alone23:40
SpamapSI think I have it working, openssl s_client sets up SSL properly, but then the connection is immediately shut down23:40
dolphmheckj: but then you're saying that you can't use v3 for auth?23:40
heckjdolphm: I guess I'm asserting that when you deploy an environment, all the services have to effectively agree (at least at this point) on either using V2 or V3 .23:41
heckjGod, I'm taking gyee's side now23:41
dolphmheckj: =)23:41
heckjalright, let me try and noodle my way out of this noose23:41
dolphmheckj: so then, it's sort of pointless to say that grizzly support v3 auth, because nothing else will consume it (as of this moment)23:42
heckjdolphm: yeah - that's pretty true23:42
dolphmheckj: there's another issue with the current review worth discussing, and the issue is limited in scope to keystone23:42
heckjNot surprising for when we have V3 auth available though - just at feature freeze would make me expect nothing would be supporting it yet23:42
*** jkyle has joined #openstack-dev23:43
heckjdolphm: I think the key for supporting both will be the auth_token middleware (once again) - knowing how to identify and pull apart and use both tokens23:43
*** metral has joined #openstack-dev23:43
*** zyluo has quit IRC23:44
*** roampune1 has quit IRC23:44
*** zyluo has joined #openstack-dev23:44
heckjI think the two API's and their respective formats can stand alone, as long as they can be easily identified from each other and the services accept either23:44
jkyleI ran across this in the keystone wiki23:44
jkyle"support proxying external services and AuthN/AuthZ mechanisms such as oAuth, SAML and openID in future versions."23:44
*** mjfork has joined #openstack-dev23:44
heckjdolphm: what's the other topic?23:44
heckjjkyle: what's the question?23:45
jkyledoes that mean it does not currently support using an external authentication system for user accounts? like oauth23:45
jkylethat's exactly what we'd like to do.23:45
heckjjkyle: right now, that means creating a custom back-end for the identity component in keystone to proxy23:45
dolphmheckj: before we move on -- i sort of took that position in my client support of v3 auth (still WIP)23:45
gyeeheckj, dolphm, so do we still need to worry about v2-v3 interchangeability for PKI tokens at this point?23:45
dolphmheckj: Access has a sort of factory method that takes a v2 or v3 token and returns an object that knows how to read values from it23:46
jkyleheckj: ok, thanks. I thought it was something like that. I'm digging through the documentation, does a "writing an identity backend" example project exist?23:46
heckjjkyle: check out keystone, and look at keystone/identity/core.py and the backends/ examples of them, and it should be pretty clear what the internal API is that you need to support23:46
dolphmheckj: https://review.openstack.org/#/c/21942/23:46
jkyleexcellent, thanks!23:46
*** buzztroll_ has quit IRC23:46
heckjdolphm: sounds like a generally good plan for attacking just that23:47
heckjreading through the PR now23:47
heckjer, review23:47
heckj(sorry, too used to github for my day-to-day)23:47
*** fifieldt has joined #openstack-dev23:47
heckjjkyle: an example of someone who's done a keystone backend entirely outside of keystone is https://github.com/icgood/keystone-redis, and there's another (although not public) that I know at - OSU's SSO system23:49
*** edmund has quit IRC23:49
*** jimfehlig has quit IRC23:50
*** digitalsanctum has joined #openstack-dev23:50
heckjdolphm: I think with https://review.openstack.org/#/c/21942/ (which I just +2'd), we can work to support dual token formats in auth_token middleware.23:51
bodepd figured out the differences that are causing that test to fail. I have these extra default quotas that are not expected by the test: {'gigabytes': 1000, 'volumes': 10}23:52
heckjIt can't see us getting that fully out the door before feature freeze, but the clients aren't under the same timelines...23:52
gyeedolphm, the patch you give me doesn't work23:52
gyeedolphm, http://paste.openstack.org/raw/31993/23:52
dolphmgyee: i know, it reveals lots of test failures that are hidden by bypassing v3 auth in the v3 tests23:53
gyeeuser_foo doesn't exist23:53
openstackgerritA change was merged to openstack/keystone: Update the Keystone policy engine to the latest openstack common  https://review.openstack.org/2210923:54
*** pabelanger has joined #openstack-dev23:55
dolphmgyee: exactly, none of the tests are actually using get_scoped_token23:55
dolphmgyee: they're all bypassing it with is_admin=True23:55
heckjurg23:55
heckj*facepalm*23:55
jkyleheckj: looks straight forward enough, good stuff.23:55
gyeedolphm, still getting a 403, even with admin role23:56
heckjjkyle: if you get stuck, holler - although we're a touch distracted right now with the grizzly release feature freeze and the usual chaos leading into it23:56
dolphmgyee: policy.json needs to be updated to include the new controller-level methods you introduced23:56
heckjjkyle: we also have keystone-general meetings weekly - you're welcome to pop in and pester: https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting23:57
*** bswartz has joined #openstack-dev23:57
jkyleyeah, I'm subscribed to the calendars. I'll keep an eye on it next time it dings me :)23:57
*** rpedde is now known as rpedde_away23:58
gyeedolphm, I am not testing my controller, just test_v3_identity23:58
*** alszar has quit IRC23:58
gyeethose tests all failed with a 403, even with user_foo, which has the admin role23:58
dolphmtest_v3_identity wants to authenticate with get_scoped_token() and run it's tests with a real user account, and it's failing23:59
« Monday, 2013-02-18 Index Wednesday, 2013-02-20 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!