Friday, 2013-04-26

« Thursday, 2013-04-25 Index Saturday, 2013-04-27 »
*** danwent has joined #openstack-dev00:00
*** halj has joined #openstack-dev00:02
*** salv-orlando has quit IRC00:02
*** salv-orlando_ has joined #openstack-dev00:02
*** halj has quit IRC00:03
*** gyee has quit IRC00:03
*** hartsocks has quit IRC00:04
*** dontalton has quit IRC00:05
*** bswartz has joined #openstack-dev00:05
*** jsindy has quit IRC00:05
*** markmcclain has joined #openstack-dev00:06
*** timjr has quit IRC00:07
*** PaulM has joined #openstack-dev00:08
*** jasdeepH has quit IRC00:08
*** sudorandom has joined #openstack-dev00:08
*** henrynash has quit IRC00:13
*** ewindisch has joined #openstack-dev00:17
*** markwash has joined #openstack-dev00:18
*** jclift has quit IRC00:19
*** sarob_ has quit IRC00:19
*** sarob has joined #openstack-dev00:19
*** jog0 has quit IRC00:21
*** reed has quit IRC00:22
*** redbeard2 has joined #openstack-dev00:22
*** sarob has quit IRC00:24
*** markmcclain has quit IRC00:25
*** sarob has joined #openstack-dev00:29
*** salgado has joined #openstack-dev00:31
openstackgerritA change was merged to openstack-dev/devstack: Modify RPM lists for RHEL6  https://review.openstack.org/2670800:32
*** raycloud has joined #openstack-dev00:33
*** markmcclain has joined #openstack-dev00:33
*** bdpayne has quit IRC00:35
*** bdpayne has joined #openstack-dev00:37
*** hartsocks has joined #openstack-dev00:38
*** stevebaker has quit IRC00:39
*** plemahieu has quit IRC00:40
*** stevebaker has joined #openstack-dev00:41
*** danwent has quit IRC00:42
*** alunduil has quit IRC00:46
*** topol has joined #openstack-dev00:47
*** hartsocks has quit IRC00:48
*** bdpayne has quit IRC00:49
*** sarob has quit IRC00:49
*** e1mer has quit IRC00:50
*** sarob has joined #openstack-dev00:50
*** adjohn has quit IRC00:52
*** sarob has quit IRC00:54
*** alexxu has joined #openstack-dev00:57
*** winston-d has joined #openstack-dev00:57
*** CaptTofu has quit IRC00:59
*** slong has quit IRC01:01
*** anniec has joined #openstack-dev01:02
*** anniec has quit IRC01:02
*** NobodyCam_ has quit IRC01:02
*** anniec has joined #openstack-dev01:02
*** lloydde has joined #openstack-dev01:03
*** jakedahn has quit IRC01:08
*** ewindisch has quit IRC01:10
*** NobodyCam has joined #openstack-dev01:13
*** epim has quit IRC01:14
*** ladquin has quit IRC01:15
*** arbrandes has quit IRC01:16
*** crandquist has quit IRC01:18
*** ewindisch has joined #openstack-dev01:18
*** ewindisch has quit IRC01:20
*** darjeeling has quit IRC01:21
*** jimfehlig has quit IRC01:33
*** gongysh has quit IRC01:39
*** jasondotstar has joined #openstack-dev01:42
*** jakedahn has joined #openstack-dev01:45
*** dims has quit IRC01:48
*** Ryan_Lane has quit IRC01:48
*** bknudson has quit IRC01:50
*** PaulM has left #openstack-dev01:51
*** pixelbeat has quit IRC01:53
*** rcleere has joined #openstack-dev01:56
*** stevemar has joined #openstack-dev01:56
*** crandquist has joined #openstack-dev01:57
*** anteaya has left #openstack-dev01:58
*** mgiles has quit IRC01:59
*** anniec has quit IRC02:02
*** dims has joined #openstack-dev02:03
*** matiu has quit IRC02:03
*** hartsocks has joined #openstack-dev02:03
openstackgerritA change was merged to openstack/nova: Allow listing fixed_ips for a given compute host.  https://review.openstack.org/2597902:03
*** hartsocks has quit IRC02:04
*** bing_bu has joined #openstack-dev02:04
*** hartsocks has joined #openstack-dev02:05
*** yguang has joined #openstack-dev02:07
*** matiu has joined #openstack-dev02:07
*** ijw has joined #openstack-dev02:10
*** gordc has joined #openstack-dev02:11
*** yguang is now known as yaguang02:14
*** alunduil has joined #openstack-dev02:16
*** alunduil has quit IRC02:21
*** tzumainn has quit IRC02:24
*** galstrom_zzz is now known as galstrom02:24
*** brunnhilde is now known as nothung02:25
*** jbresnah has quit IRC02:25
*** hugokuo has joined #openstack-dev02:26
*** hartsocks has quit IRC02:27
*** alunduil has joined #openstack-dev02:33
openstackgerritA change was merged to openstack/swift: Add auth_version to dispersion.conf.5  https://review.openstack.org/2728202:40
openstackgerritA change was merged to openstack/swift: Fixing /etc/swift.conf-sample to include swift_hash_path_prefix  https://review.openstack.org/2727302:40
openstackgerritA change was merged to openstack/keystone: Allow additional attribute mappings in ldap  https://review.openstack.org/2503802:40
*** ijw has quit IRC02:40
*** ijw has joined #openstack-dev02:42
*** zul has joined #openstack-dev02:58
*** Mandell has joined #openstack-dev03:02
*** WormMan_ is now known as WormMan03:02
*** melwitt has quit IRC03:02
*** galstrom is now known as galstrom_zzz03:06
*** erfanian has quit IRC03:09
*** salv-orlando has joined #openstack-dev03:12
*** salv-orlando_ has quit IRC03:12
*** crandquist has quit IRC03:15
*** redbeard2 has quit IRC03:16
*** topol has quit IRC03:17
*** Mandell has quit IRC03:22
*** Ryan_Lane has joined #openstack-dev03:22
openstackgerritA change was merged to openstack/quantum: Create veth peer in namespace.  https://review.openstack.org/2739503:27
*** jrclouda has joined #openstack-dev03:28
*** dims has quit IRC03:32
*** koolhead17 has quit IRC03:33
*** jsindy has joined #openstack-dev03:34
*** jrclouda is now known as zackf03:36
*** rmohan has quit IRC03:37
*** rmohan has joined #openstack-dev03:37
*** darjeeling has joined #openstack-dev03:37
*** darjeeling has quit IRC03:38
*** nothung has quit IRC03:40
*** Mandell has joined #openstack-dev03:42
*** asalkeld has quit IRC03:46
*** rmohan has quit IRC03:48
*** rmohan has joined #openstack-dev03:49
*** salv-orlando_ has joined #openstack-dev03:50
*** salv-orlando has quit IRC03:50
*** salv-orlando_ is now known as salv-orlando03:50
*** nothung has joined #openstack-dev03:54
*** nothung is now known as brunnhilde03:54
*** novas0x2a|laptop has quit IRC03:56
*** johnthetubaguy has joined #openstack-dev03:57
*** martine has joined #openstack-dev03:58
*** koolhead17 has joined #openstack-dev04:08
*** rushiagr has joined #openstack-dev04:09
*** asalkeld has joined #openstack-dev04:10
*** lloydde has quit IRC04:10
openstackgerritA change was merged to openstack/quantum: Imported Translations from Transifex  https://review.openstack.org/2753004:13
*** kenperkins has quit IRC04:15
*** oubiwann has quit IRC04:17
*** yaguang has quit IRC04:21
*** oubiwann has joined #openstack-dev04:23
*** markmcclain has quit IRC04:24
*** dguitarbite has joined #openstack-dev04:26
*** sride has joined #openstack-dev04:28
*** shang has quit IRC04:28
*** sride has quit IRC04:30
*** sride has joined #openstack-dev04:30
*** dguitarbite has joined #openstack-dev04:32
*** jasdeepH has joined #openstack-dev04:32
*** PaulM has joined #openstack-dev04:33
*** dguitarbite has quit IRC04:33
*** nunosantos_ has quit IRC04:33
*** dguitarbite has joined #openstack-dev04:33
*** nunosantos has quit IRC04:34
*** dguitarbite has quit IRC04:34
*** CaptTofu has joined #openstack-dev04:35
openstackgerritA change was merged to openstack/quantum: Simplify delete_health_monitor() using cascades  https://review.openstack.org/2695904:35
*** koolhead17 has quit IRC04:35
*** xchu has joined #openstack-dev04:37
*** sride has quit IRC04:43
*** sride has joined #openstack-dev04:44
*** jsindy is now known as monst_04:46
*** dguitarbite has joined #openstack-dev04:48
*** dguitarbite has joined #openstack-dev04:50
*** monst_ has quit IRC04:51
*** dguitarbite has quit IRC04:51
*** dguitarbite has joined #openstack-dev04:52
*** yguang has joined #openstack-dev04:53
*** CaptTofu has quit IRC04:55
openstackgerritA change was merged to openstack/nova: Imported Translations from Transifex  https://review.openstack.org/2745404:56
*** stevemar has quit IRC04:57
*** dguitarbite has quit IRC04:58
*** dguitarbite has joined #openstack-dev04:59
*** navid_ has joined #openstack-dev05:00
*** dguitarbite has quit IRC05:00
*** johnthetubaguy has quit IRC05:07
*** sacharya has quit IRC05:13
*** lloydde has joined #openstack-dev05:16
*** lloydde has quit IRC05:16
*** lloydde has joined #openstack-dev05:16
*** matiu has quit IRC05:17
*** blamar has quit IRC05:21
*** monst_ has joined #openstack-dev05:21
*** rmk has quit IRC05:21
*** PaulM has left #openstack-dev05:23
*** monst_ has quit IRC05:25
*** vartom119 has joined #openstack-dev05:26
*** SergeyLukjanov has joined #openstack-dev05:27
*** rmk has joined #openstack-dev05:27
*** alexxu has quit IRC05:31
*** rmohan has quit IRC05:34
*** darjeeling has joined #openstack-dev05:34
*** rmohan has joined #openstack-dev05:34
*** kaushikc1 has joined #openstack-dev05:37
*** martine has quit IRC05:37
*** gongysh has joined #openstack-dev05:39
*** salv-orlando_ has joined #openstack-dev05:44
*** salv-orlando has quit IRC05:44
*** salv-orlando_ is now known as salv-orlando05:44
*** yguang is now known as yaguang05:46
*** sudorandom has quit IRC05:46
openstackgerritA change was merged to openstack/quantum: Update latest OSLO code  https://review.openstack.org/2720805:47
*** yaguang has quit IRC05:47
*** egallen has joined #openstack-dev05:49
*** monst_ has joined #openstack-dev05:51
*** jbresnah has joined #openstack-dev05:54
*** egallen has quit IRC05:56
*** kaushikc1 has quit IRC05:58
*** monst_ has quit IRC05:59
*** amerine has quit IRC06:00
*** Mandell has quit IRC06:03
*** zackf has quit IRC06:05
*** vartom119 has quit IRC06:06
*** yguang has joined #openstack-dev06:06
*** jasdeepH has quit IRC06:07
*** timello has quit IRC06:07
*** gongysh has quit IRC06:07
*** amerine has joined #openstack-dev06:08
*** lloydde has quit IRC06:11
*** brunnhilde has quit IRC06:13
*** mindpixel has joined #openstack-dev06:17
*** almaisan-away has quit IRC06:17
*** vartom119 has joined #openstack-dev06:23
*** mrunge has joined #openstack-dev06:27
*** jbresnah has quit IRC06:31
*** Mandell has joined #openstack-dev06:31
*** shang has joined #openstack-dev06:33
*** shang has quit IRC06:33
*** shang has joined #openstack-dev06:34
*** aloga has joined #openstack-dev06:36
*** henrynash has joined #openstack-dev06:39
*** gongysh has joined #openstack-dev06:40
*** henrynash has quit IRC06:41
*** lloydde has joined #openstack-dev06:42
*** jtomasek has joined #openstack-dev06:42
*** giroro_ has quit IRC06:45
*** brunnhilde has joined #openstack-dev06:45
*** Ruetobas has joined #openstack-dev06:46
*** al-maisan has joined #openstack-dev06:46
*** lloydde has quit IRC06:46
*** egallen has joined #openstack-dev06:47
*** amerine has quit IRC06:50
*** Ruetobas has quit IRC06:50
*** flaper87 has joined #openstack-dev06:50
*** Ruetobas has joined #openstack-dev06:50
*** monst_ has joined #openstack-dev06:52
*** amerine has joined #openstack-dev06:53
*** Ruetobas has quit IRC06:55
*** Ruetobas has joined #openstack-dev06:56
*** monst_ has quit IRC06:56
*** brunnhilde has quit IRC06:57
*** shang_ has joined #openstack-dev06:57
*** reidrac has joined #openstack-dev06:57
*** vartom119 has quit IRC06:58
*** shang has quit IRC06:58
*** Ryan_Lane has quit IRC06:59
*** zaitcev has quit IRC07:01
*** ianw has quit IRC07:01
*** mmagr has joined #openstack-dev07:02
*** jasdeepH has joined #openstack-dev07:05
*** jasdeepH has quit IRC07:09
*** ianw has joined #openstack-dev07:09
*** davidha has quit IRC07:15
*** rmohan has quit IRC07:15
*** SergeyLukjanov has quit IRC07:15
*** davidha has joined #openstack-dev07:15
*** davidha is now known as davidhadas07:15
*** rmohan has joined #openstack-dev07:16
*** CaptTofu has joined #openstack-dev07:16
*** xga has joined #openstack-dev07:17
*** amerine has quit IRC07:24
*** fbo_ has joined #openstack-dev07:26
*** al-maisan has quit IRC07:26
*** al-maisan has joined #openstack-dev07:27
*** psedlak has joined #openstack-dev07:28
*** jgallard has joined #openstack-dev07:30
*** kaushikc has joined #openstack-dev07:34
*** amerine has joined #openstack-dev07:36
*** alexisT has joined #openstack-dev07:37
*** mrunge has quit IRC07:39
*** CaptTofu has quit IRC07:41
*** CaptTofu has joined #openstack-dev07:41
*** lloydde has joined #openstack-dev07:42
*** afazekas has joined #openstack-dev07:43
*** romcheg has joined #openstack-dev07:43
*** mindpixel has quit IRC07:45
*** romcheg has left #openstack-dev07:46
*** lloydde has quit IRC07:47
*** al-maisan has quit IRC07:48
*** al-maisan has joined #openstack-dev07:48
*** cod3r has joined #openstack-dev07:48
*** monst_ has joined #openstack-dev07:52
*** Yada has joined #openstack-dev07:53
*** xga_ has joined #openstack-dev07:54
*** zoresvit has joined #openstack-dev07:55
*** jakedahn has quit IRC07:55
*** vartom119 has joined #openstack-dev07:55
*** mindpixel has joined #openstack-dev07:56
*** monst_ has quit IRC07:56
*** xga has quit IRC07:57
*** kaushikc has quit IRC07:59
*** SergeyLukjanov has joined #openstack-dev08:00
*** ijw has quit IRC08:05
*** al-maisan is now known as almaisan-away08:08
*** mkerrin has joined #openstack-dev08:08
*** almaisan-away has quit IRC08:08
*** fbo_ has quit IRC08:10
*** fbo has joined #openstack-dev08:11
*** gongysh has quit IRC08:11
*** lucasagomes has joined #openstack-dev08:11
*** almaisan-away has joined #openstack-dev08:13
*** bing_bu has quit IRC08:14
*** marun has quit IRC08:14
*** CaptTofu has quit IRC08:14
*** danpb has joined #openstack-dev08:16
flaper87Does the license need to be added to empty files as well?08:17
*** bing_bu has joined #openstack-dev08:18
*** almaisan-away is now known as al-maisan08:18
*** giroro_ has joined #openstack-dev08:19
*** aloga has quit IRC08:19
*** Ruetobas has quit IRC08:19
*** al-maisan has quit IRC08:20
*** al-maisan has joined #openstack-dev08:20
*** Ruetobas has joined #openstack-dev08:20
*** yolanda has quit IRC08:23
*** gongysh has joined #openstack-dev08:24
*** giroro_ has quit IRC08:24
*** al-maisan has quit IRC08:24
*** yolanda has joined #openstack-dev08:25
*** al-maisan has joined #openstack-dev08:25
*** mmagr has quit IRC08:30
*** romcheg has joined #openstack-dev08:31
*** mmagr has joined #openstack-dev08:31
*** derekh has joined #openstack-dev08:31
*** romcheg has left #openstack-dev08:31
*** jgallard has quit IRC08:33
*** jgallard has joined #openstack-dev08:33
*** iartarisi has joined #openstack-dev08:34
*** henrynash has joined #openstack-dev08:35
*** jpich has joined #openstack-dev08:35
*** eglynn has joined #openstack-dev08:39
*** Mandell has quit IRC08:42
*** lloydde has joined #openstack-dev08:43
*** xga_ has quit IRC08:46
*** darraghb has joined #openstack-dev08:47
*** lloydde has quit IRC08:47
*** monst_ has joined #openstack-dev08:53
*** afazekas_ has joined #openstack-dev08:56
*** monst_ has quit IRC08:57
*** souvik has joined #openstack-dev09:00
*** winston-d has quit IRC09:05
*** andrea_ has quit IRC09:05
*** xga has joined #openstack-dev09:09
*** souvik_ has joined #openstack-dev09:09
*** souvik has quit IRC09:10
*** souvik_ is now known as souvik09:10
*** jgallard has quit IRC09:15
*** jgallard has joined #openstack-dev09:16
*** athomas has joined #openstack-dev09:19
*** edehde has joined #openstack-dev09:24
*** gongysh has quit IRC09:26
*** yamahata_ has joined #openstack-dev09:30
openstackgerritA change was merged to openstack/oslo-incubator: oslo logging tries to run chmod on file  https://review.openstack.org/2741909:32
*** rushiagr has quit IRC09:33
*** SergeyLukjanov has quit IRC09:33
*** vartom119 has quit IRC09:35
*** SergeyLukjanov has joined #openstack-dev09:35
*** vartom119 has joined #openstack-dev09:36
*** darjeeling has quit IRC09:38
*** vartom1110 has joined #openstack-dev09:42
*** vartom119 has quit IRC09:42
*** lloydde has joined #openstack-dev09:43
*** lloydde has quit IRC09:48
*** monst_ has joined #openstack-dev09:53
*** nati_ueno has joined #openstack-dev09:53
*** corXi has joined #openstack-dev09:54
*** monst_ has quit IRC09:58
*** egallen has quit IRC09:59
*** pixelbeat has joined #openstack-dev10:00
*** nijaba has quit IRC10:09
*** nijaba has joined #openstack-dev10:11
*** nijaba has joined #openstack-dev10:11
*** xga has quit IRC10:11
*** djangobot has joined #openstack-dev10:11
djangobotHI EVERYONE10:11
djangobotIS ANYBODY HERE COULD HELP ME ABOUT INSTALLING NOVA BILLING?10:12
djangobotIS ANYBODY HERE COULD HELP ME ABOUT INSTALLING NOVA BILLING?10:12
*** xchu has quit IRC10:13
*** nati_ueno has quit IRC10:19
*** shang_ has quit IRC10:23
*** pcm_ has joined #openstack-dev10:24
*** pcm_ has joined #openstack-dev10:25
*** souvik_ has joined #openstack-dev10:28
*** souvik has quit IRC10:28
*** souvik_ is now known as souvik10:28
ekarlsodjangobot: is nova-billing not outdated ?10:34
djangobotno10:34
ekarlsoit's 1 year old djangobot10:34
djangobotis just the yum install nova-billing either the rpmbuilding to install does not work10:35
djangoboti am even the rpmbuild install does not work10:35
djangoboti have also tried the new one10:35
ekarlsonew one ?10:35
*** mrunge has joined #openstack-dev10:35
djangobothttps://github.com/altai/nova-billing10:35
*** wiliam_ has quit IRC10:36
*** salv-orlando has quit IRC10:38
*** zb has joined #openstack-dev10:40
ekarlsodjangobot: not to brag but: www.github.com/billingstack < WIP10:41
*** zaneb has quit IRC10:43
*** lloydde has joined #openstack-dev10:44
djangobotthanks ekarlso i will try that'10:44
ekarlsodjangobot: it's not prod ready yet10:45
djangoboti have tried billingstack last day10:45
ekarlsook ?10:46
djangoboti think it wasn't ready for openstack yet10:46
ekarlsoit is not "ready" no10:46
ekarlsobut it will bring lots of functionality once done10:46
*** bing_bu has quit IRC10:46
djangobotam i able to integrate in to openstack?10:46
*** zb is now known as zaneb10:47
*** rnirmal has joined #openstack-dev10:47
ekarlsodjangobot: it will be yes10:47
djangobotok let me review it then10:48
*** lloydde has quit IRC10:48
*** anteaya has joined #openstack-dev10:52
*** djangobot has quit IRC10:53
*** egallen has joined #openstack-dev10:53
*** monst_ has joined #openstack-dev10:54
*** vkmc has joined #openstack-dev10:56
*** vkmc has quit IRC10:56
*** vkmc has joined #openstack-dev10:56
*** aloga has joined #openstack-dev10:59
*** monst_ has quit IRC10:59
*** zb has joined #openstack-dev10:59
*** salv-orlando has joined #openstack-dev10:59
*** zaneb has quit IRC11:01
*** SergeyLukjanov has quit IRC11:02
openstackgerritA change was merged to openstack/oslo-incubator: Proposing Flavio Percoco as maintainer for strutils.py  https://review.openstack.org/2750211:07
*** SergeyLukjanov has joined #openstack-dev11:07
*** zbitter has joined #openstack-dev11:13
*** zb has quit IRC11:16
*** slagle has quit IRC11:18
*** zbitter has quit IRC11:18
*** xga has joined #openstack-dev11:21
*** zz_sirushti is now known as sirushti11:22
*** navid_ has quit IRC11:37
*** dims has joined #openstack-dev11:37
*** tzumainn has joined #openstack-dev11:38
*** aswadrangnekar has joined #openstack-dev11:41
*** lloydde has joined #openstack-dev11:44
*** jasondotstar has quit IRC11:49
*** lloydde has quit IRC11:50
*** nijaba has quit IRC11:51
*** nijaba has joined #openstack-dev11:52
*** nijaba has joined #openstack-dev11:52
*** monst_ has joined #openstack-dev11:54
*** abhishekkr has joined #openstack-dev11:55
*** mkollaro has joined #openstack-dev11:55
*** jruzicka has joined #openstack-dev11:55
*** baba has joined #openstack-dev11:56
*** cod3r has quit IRC11:56
*** monst_ has quit IRC11:58
*** eglynn is now known as hungry-eglynn12:07
*** yguang has quit IRC12:08
*** jgallard has quit IRC12:10
*** jgallard has joined #openstack-dev12:10
*** beagles has joined #openstack-dev12:14
*** giulivo has quit IRC12:21
*** giulivo has joined #openstack-dev12:24
*** morazi has quit IRC12:26
*** dims has quit IRC12:27
*** dims has joined #openstack-dev12:29
*** troytoman-away is now known as troytoman12:33
*** martine has joined #openstack-dev12:33
openstackgerritA change was merged to openstack/nova: Wrong proxy port in nova.conf for Spice proxy  https://review.openstack.org/2752412:38
openstackgerritA change was merged to openstack-dev/devstack: fix support for VMware vCenter Driver  https://review.openstack.org/2744012:38
*** salv-orlando has quit IRC12:38
openstackgerritA change was merged to openstack/tempest: Clean up servers created in test_multiple_create.py  https://review.openstack.org/2731512:38
*** salv-orlando has joined #openstack-dev12:39
*** martitia_ has quit IRC12:41
*** alunduil has quit IRC12:42
*** lloydde has joined #openstack-dev12:45
openstackgerritA change was merged to openstack/tempest: Missing image-del func in test_create_delete_image  https://review.openstack.org/2743812:48
*** lloydde has quit IRC12:49
*** adalbas has joined #openstack-dev12:50
*** dprince has joined #openstack-dev12:52
*** beagles is now known as seagulls12:53
*** martine has quit IRC12:54
*** monst_ has joined #openstack-dev12:55
*** hungry-eglynn is now known as \eglynn12:56
*** \eglynn is now known as eglynn12:56
*** bknudson has joined #openstack-dev12:56
*** xga_ has joined #openstack-dev12:57
*** monst_ has quit IRC12:59
*** jgallard has quit IRC12:59
*** jgallard has joined #openstack-dev13:00
*** zaneb has joined #openstack-dev13:02
*** markmc has joined #openstack-dev13:02
*** edehde has quit IRC13:03
*** rushiagr has joined #openstack-dev13:06
*** jprovazn has joined #openstack-dev13:08
*** kbringard has joined #openstack-dev13:10
*** zb has joined #openstack-dev13:12
*** zaneb has quit IRC13:15
*** eharney has joined #openstack-dev13:16
*** pmyers has quit IRC13:16
*** souvik has quit IRC13:17
*** slagle has joined #openstack-dev13:17
*** edehde has joined #openstack-dev13:18
*** edehde has quit IRC13:18
*** pmyers has joined #openstack-dev13:18
*** jayg|g0n3 is now known as jayg13:18
*** otherwiseguy has quit IRC13:20
*** primeministerp has quit IRC13:22
*** riskable has quit IRC13:22
*** boris-42 has joined #openstack-dev13:22
*** primeministerp has joined #openstack-dev13:23
*** vartom1110 has quit IRC13:24
*** bmclaughlin has joined #openstack-dev13:27
*** sandywalsh has quit IRC13:27
*** brunnhilde has joined #openstack-dev13:28
*** aelkikhia has joined #openstack-dev13:29
*** breed has quit IRC13:29
*** raycloud has quit IRC13:33
*** mindpixel has quit IRC13:33
*** raycloud has joined #openstack-dev13:36
*** souvik has joined #openstack-dev13:37
*** souvik has left #openstack-dev13:37
*** rnirmal has quit IRC13:38
*** woodspa has joined #openstack-dev13:38
*** rnirmal has joined #openstack-dev13:39
*** rushiagr has left #openstack-dev13:39
*** aswadrangnekar has left #openstack-dev13:39
*** enikanorov_ has joined #openstack-dev13:39
*** hartsocks has joined #openstack-dev13:40
*** hartsocks has quit IRC13:40
*** sride has quit IRC13:40
*** sandywalsh has joined #openstack-dev13:40
*** cloudchimp has joined #openstack-dev13:40
mordredmarkmc: could I trouble you for a review on: https://review.openstack.org/#/c/26969/ ?13:41
*** dhellmann-away is now known as dhellmann13:41
*** enikanorov has quit IRC13:41
*** morazi has joined #openstack-dev13:42
*** jclift_ has joined #openstack-dev13:44
*** baba is now known as megha13:45
*** lloydde has joined #openstack-dev13:45
*** jclift_ has quit IRC13:46
*** jclift has joined #openstack-dev13:46
*** lloydde has quit IRC13:50
*** redbeard2 has joined #openstack-dev13:50
*** nunosantos has joined #openstack-dev13:51
*** nunosantos_ has joined #openstack-dev13:51
*** salv-orlando_ has joined #openstack-dev13:53
*** salv-orlando has quit IRC13:53
*** salv-orlando_ is now known as salv-orlando13:53
*** monst_ has joined #openstack-dev13:55
*** rcleere has quit IRC13:56
*** monst_ has quit IRC13:58
*** monst_ has joined #openstack-dev13:58
*** jasondotstar has joined #openstack-dev13:58
*** stevemar has joined #openstack-dev14:00
*** derekh has quit IRC14:00
*** zb has quit IRC14:00
*** derekh has joined #openstack-dev14:01
*** monst_ has quit IRC14:02
*** wiliam_ has joined #openstack-dev14:03
*** mrodden has joined #openstack-dev14:05
*** mrunge has quit IRC14:05
*** yidclare has joined #openstack-dev14:06
*** topol has joined #openstack-dev14:07
*** lorin1 has joined #openstack-dev14:08
*** jrclouda has joined #openstack-dev14:12
*** monst_ has joined #openstack-dev14:12
*** rahmu has joined #openstack-dev14:13
*** zb has joined #openstack-dev14:13
vkmchey all! I'm having some trouble with last DevStack version in a Ubuntu 12.04 environment, do you know a workaround for this? http://paste.openstack.org/show/36631/14:18
*** sudorandom has joined #openstack-dev14:18
*** al-maisan has quit IRC14:19
*** mrunge has joined #openstack-dev14:20
*** markwash has quit IRC14:22
*** rcleere has joined #openstack-dev14:23
*** wiliam_ has quit IRC14:23
*** Tankado has joined #openstack-dev14:24
*** wiliam_ has joined #openstack-dev14:24
*** al-maisan has joined #openstack-dev14:25
*** jrclouda is now known as zackf14:25
*** xga__ has joined #openstack-dev14:26
*** andrew_plunk has joined #openstack-dev14:27
*** xga has quit IRC14:28
*** kenperkins has joined #openstack-dev14:28
*** xga has joined #openstack-dev14:28
*** xga_ has quit IRC14:28
topoldtroyer, so I figured out what was causing my devstack hell.  devstack upgraded me to ubuntu 12.04 (precise) which on my machine now installs qpid and puts it in the startup script.  qpid grabs the same port that rabbitmq wants and so my devstack was always failing to start rabbit.   I would expect as folks upgrade they will run into this and it was annoying to debug.  Is there a good place...14:30
topol...we can documents this?  Perhaps add a message to check for this should rabbit fail to start ?14:30
*** cloudchimp has quit IRC14:31
topolvkmc, I think I hit the same issue.   I think what fixed it was I blew my previous devstack away and did a git clone and then restarted my vm.   you may also want to try running clean.sh  I think a combination of those  got me past that.14:31
vkmctopol, I will try that, thanks :)14:32
*** portante|ltp has joined #openstack-dev14:32
*** jprovazn has quit IRC14:33
*** Tankado has left #openstack-dev14:34
*** jimfehlig has joined #openstack-dev14:34
*** FunnyLookinHat has joined #openstack-dev14:34
dtroyertopol: were you not on precise before?  all devstack ever does wrt package upgrades os an 'apt-get update' and then 'apt-get install ' on the list of dependencies.14:34
*** wiliam_ has quit IRC14:35
*** dripton has quit IRC14:35
*** wiliam_ has joined #openstack-dev14:36
*** corXi has quit IRC14:36
*** pabelanger has joined #openstack-dev14:37
topoldtroyer, for some reason on my vm running devstack will cause a kernel update. I know this because when it happens on virtual box my guest additions get wiped out when the kernel update is applied and I have to reapply them.  This kernel update seems to happen when I start devstack.  I don't understand the voodoo that causes this relationship.  But in anycase after getting upgraded to 12.04...14:38
topol...precise qpid was now being started and grabbing the port bugs bunny wanted14:38
*** dripton has joined #openstack-dev14:39
dtroyerugh…I have to go out of my way to do kernel upgrades, even the usual 'apt-get upgrade' doesn't do it.14:40
dtroyerwhat release did you start with?14:40
*** corXi has joined #openstack-dev14:40
*** breed has joined #openstack-dev14:42
*** sacharya has joined #openstack-dev14:42
*** datsun180b has joined #openstack-dev14:42
*** garyTh has joined #openstack-dev14:43
topoldtroyer, don't remember but I have been upgraded about 10 times. It was a 12.x14:44
*** jvrbanac has joined #openstack-dev14:45
*** lloydde has joined #openstack-dev14:46
*** otherwiseguy has joined #openstack-dev14:48
*** sacharya has quit IRC14:48
*** wiliam_ has quit IRC14:50
*** lloydde has quit IRC14:51
*** wiliam_ has joined #openstack-dev14:51
*** monst_ has quit IRC14:51
*** johnthetubaguy has joined #openstack-dev14:52
*** yaguang has joined #openstack-dev14:53
*** kreddy has joined #openstack-dev14:54
*** xga_ has joined #openstack-dev14:55
*** abhishekkr has quit IRC14:55
*** katylava has joined #openstack-dev14:55
*** litong01 has joined #openstack-dev14:56
*** jcoufal has joined #openstack-dev14:57
*** alunduil has joined #openstack-dev14:57
*** david-lyle has joined #openstack-dev14:58
*** xga__ has quit IRC14:59
*** koolhead17 has joined #openstack-dev14:59
*** xga has quit IRC14:59
*** aeperezt has joined #openstack-dev15:00
*** mrunge has quit IRC15:00
*** reidrac has quit IRC15:01
*** xga has joined #openstack-dev15:01
*** xga__ has joined #openstack-dev15:01
*** xga_ has quit IRC15:01
*** wiliam_ has quit IRC15:01
*** wiliam_ has joined #openstack-dev15:03
*** mrodden has quit IRC15:03
*** crandquist has joined #openstack-dev15:09
*** wiliam_ has quit IRC15:10
*** wiliam_ has joined #openstack-dev15:12
*** SergeyLukjanov has quit IRC15:13
*** terryh has joined #openstack-dev15:13
*** cloudchimp has joined #openstack-dev15:14
*** monst_ has joined #openstack-dev15:15
cloudchimpAll, I am looking for the developer(s) working on the Hyper-V compute node development.  Could someone send me a contact?15:15
*** dansmith is now known as Steely_Dan15:15
*** sarob has joined #openstack-dev15:16
*** SergeyLukjanov has joined #openstack-dev15:16
*** markmcclain has joined #openstack-dev15:17
*** mrodden has joined #openstack-dev15:18
*** zaitcev has joined #openstack-dev15:18
ayoungjd__, care to explain https://review.openstack.org/#/c/20231/4 to me?15:20
*** sarob has quit IRC15:20
jd__ayoung: in general or a point specifically?15:20
*** sarob has joined #openstack-dev15:21
ayoungjd__, in general...what are you trying to acheive?  Is this just a case of removing code duplication, or is there some other side effect?15:21
jd__ayoung: no side effect, just code cleanup indeed15:22
*** hemna has quit IRC15:22
ayoungjd__, why the "management" change in https://review.openstack.org/#/c/20231/4/keystoneclient/base.py15:22
jd__ayoung: that's why I didn't had to even change the tests actually :)15:22
jd__ayoung: let me check, it was 3 months ago… :)15:23
*** slagle has quit IRC15:23
*** bdpayne has joined #openstack-dev15:24
*** monst__ has joined #openstack-dev15:24
jd__ayoung: IIRC that's because you don't have to use the management URL to create a token as https://review.openstack.org/#/c/20231/4/keystoneclient/v2_0/client.py did correctly15:25
*** alunduil has quit IRC15:25
*** garyk has quit IRC15:25
ayoungjd__, that is right...the create token call is available from both 5000 and 3535715:26
*** mmagr has quit IRC15:26
ayoungwe were forcing to 35357?15:26
openstackgerritA change was merged to openstack/cinder: Encode username and password in config file  https://review.openstack.org/2709315:26
jd__ayoung: in some code path, yes15:27
ayoungSo this looks more correct as well.15:27
ayoungjd__, did you look at the origianl comits?  Is there any explanation for what is obviously more difficult code to write?15:28
*** monst_ has quit IRC15:28
*** pberis has joined #openstack-dev15:28
ayounglet me git blame...15:29
jd__ayoung: I did use git blame at the time, but I don't recall what I concluded -- but that brought me to this patch :-)15:29
*** rerngvit_ has joined #openstack-dev15:29
jd__ayoung: and I'm pretty confident of this considering I didn't change the unit tests and devstack & co passed :)15:30
*** jaypipes has joined #openstack-dev15:30
ayoungjd__, add to that the fact that the lines you changed were writtend by heckj back in December, and he approved this patch.15:30
*** alexisT has quit IRC15:31
jd__:-)15:31
openstackgerritA change was merged to openstack/python-cinderclient: Add support for volume backups  https://review.openstack.org/2683415:31
*** galstrom_zzz is now known as galstrom15:31
ayoungjd__, so you reverted to what it was before:  return self._create('/tokens', params, "access", return_raw=return_raw)15:32
ayoung    * replacing authenticate call to a pure method, not overloading the15:32
ayoung      resource/manager path that confuses base URL concepts.15:32
*** galstrom is now known as galstrom_zzz15:32
*** garyk has joined #openstack-dev15:33
ayoungjd__, approved. Thanks15:36
*** phschwartz has joined #openstack-dev15:36
*** johnthetubaguy has quit IRC15:36
*** wiliam_ has quit IRC15:38
*** mlavalle has joined #openstack-dev15:38
*** gyee has joined #openstack-dev15:38
jd__ayoung: thanks \o/ :)15:38
jd__ayoung: care to check https://review.openstack.org/#/c/20404/ while you're at it?15:40
*** epim has joined #openstack-dev15:41
*** wiliam_ has joined #openstack-dev15:41
*** psedlak has quit IRC15:43
*** troytoman is now known as troytoman-away15:46
*** CaptTofu has joined #openstack-dev15:48
*** wiliam_ has quit IRC15:50
*** xga__ has quit IRC15:52
*** xga has quit IRC15:52
*** pasquier-s has quit IRC15:53
*** zb is now known as zaneb15:53
*** wiliam_ has joined #openstack-dev15:53
*** stevemar has quit IRC15:54
*** jgallard has quit IRC15:55
*** rerngvit_ has quit IRC15:56
*** rerngvit_ has joined #openstack-dev15:58
*** mkollaro has quit IRC15:59
*** wiliam_ has quit IRC16:00
*** e_steve has joined #openstack-dev16:01
*** wiliam_ has joined #openstack-dev16:01
*** jbresnah has joined #openstack-dev16:02
e_steveHey everyone, i have a quick question.. Does anyone know why keystoneclient  v3 still uses the 'v2.0' management url? Is this a bug? I checked master branch and it was still like this..16:02
e_steveIn [30]: type(keystone)16:02
e_steveOut[30]: keystoneclient.v3.client.Client16:02
e_steveIn [31]: keystone.management_url16:02
e_steveOut[31]: u'http://128.196.172.227:35357/v2.0'16:02
e_stevekeystone.version also shows 'v2.0'16:03
*** rerngvit_ has quit IRC16:04
gyeee_steve, are you using the default_catalog.template?16:06
HenryGI am having trouble with running unit tests for quantum. The setting up of the virtual environment never completes, it always times out while trying to setup nosehtmloutput. help?16:06
e_steveyes i am gyee16:07
*** pcm_ has quit IRC16:07
*** wiliam_ has quit IRC16:07
e_steveshould they all be v316:07
e_steveinstead of v2.0?16:07
*** darjeeling has joined #openstack-dev16:07
*** devoid has joined #openstack-dev16:07
openstackgerritA change was merged to openstack/ceilometer: instances: fix counter unit  https://review.openstack.org/2646216:07
gyeee_steve, you can change them to v3, unless you have requirement to support both at the same time16:08
*** wiliam_ has joined #openstack-dev16:09
e_steveonce I make the change, will keystone restart do the job?16:09
*** mlavalle has quit IRC16:10
*** markwash has joined #openstack-dev16:10
gyeeshould16:11
clarkbmarkmc: are you still around?16:13
markmcclarkb, hey, for a little bit16:13
clarkbmarkmc: I am hoping that you can explain the various log formats in oslo's logging16:13
markmcclarkb, that might be hoping too much :)16:13
clarkbI am trying to normalize the openstack service log formats during the tempest gates as much as possible16:13
* markmc looks at git blame to see who touched them last16:13
*** wiliam_ has quit IRC16:14
clarkband nova, cinder, quantum all use the same default format, glance does too but glance looks different than the rest of them16:14
*** datsun180b has quit IRC16:14
clarkbso trying to figure out if this is a config thing or a bug in either nova or glance etc16:14
*** datsun180b has joined #openstack-dev16:14
markmcclarkb, don't have any great insights, really16:15
*** wiliam_ has joined #openstack-dev16:15
*** sacharya has joined #openstack-dev16:15
markmcclarkb, I know there's e.g. log.set_defaults(logging_context_format_string=...) because it's a format which formats a context object, which is project specific16:15
markmcclarkb, I've some recollection of dims poking at oslo logging stuff16:16
*** sacharya has quit IRC16:16
clarkbmarkmc: great. I will see if dims knows what is going on16:16
clarkbif nothing else I could actually read the code >_>16:16
*** sacharya has joined #openstack-dev16:16
openstackgerritA change was merged to openstack/python-keystoneclient: Use TokenManager to get token  https://review.openstack.org/2023116:20
*** fbo has quit IRC16:20
*** rerngvit has joined #openstack-dev16:23
*** wiliam_ has quit IRC16:24
*** rerngvit has quit IRC16:25
*** wiliam_ has joined #openstack-dev16:26
*** terry7 has joined #openstack-dev16:26
*** megha has quit IRC16:26
*** hemnafk is now known as hemna16:26
openstackgerritA change was merged to openstack/cinder: Fixes 3PAR FC driver synchronization  https://review.openstack.org/2745816:28
openstackgerritA change was merged to openstack/cinder: Update to latest copy of OSLO incubator  https://review.openstack.org/2707516:28
*** zb has joined #openstack-dev16:28
*** markmcclain has quit IRC16:29
*** e_steve has quit IRC16:30
*** zaneb has quit IRC16:31
*** egallen has quit IRC16:31
*** iartarisi has quit IRC16:32
openstackgerritA change was merged to openstack-dev/devstack: Remove unused post-prereq phase  https://review.openstack.org/2754416:32
*** wiliam_ has quit IRC16:33
lchengttx: hello16:33
*** timjr has joined #openstack-dev16:34
*** wiliam_ has joined #openstack-dev16:34
*** alop has joined #openstack-dev16:35
*** SergeyLukjanov has quit IRC16:35
*** andrewbogott_afk is now known as andrewbogott16:37
lchengmarkmc: hello16:37
markmclcheng, hi, what's up? I need to leave in a minute16:37
lchengI'm just wondering if anyone in release team can review: https://review.openstack.org/#/c/27407/16:38
lchengThis is blocking the patch to make horizon compatible with django 1.5.16:38
openstackgerritA change was merged to openstack/cinder: Clear volumes stuck in 'downloading'  https://review.openstack.org/2747216:38
*** wiliam_ has quit IRC16:39
*** wiliam_ has joined #openstack-dev16:40
openstackgerritA change was merged to openstack/oslo-incubator: Add support to clear DB  https://review.openstack.org/2732216:41
*** jcannava is now known as adisthedevil16:41
*** galstrom_zzz is now known as galstrom16:42
*** radez_g0n3 is now known as radez16:43
*** CaptTofu has quit IRC16:48
*** CaptTofu has joined #openstack-dev16:48
*** wiliam_ has quit IRC16:49
*** wiliam_ has joined #openstack-dev16:50
*** russellb is now known as rustlebee16:52
*** markmc has quit IRC16:52
*** portante|ltp has quit IRC16:53
anteayaI would like to confirm that the keystone tokens on folsom are UUID not PKI, is that accurate?16:53
*** derekh has quit IRC16:54
openstackgerritA change was merged to openstack-dev/devstack: Removes "RPC not enabled" error message when no backend is needed  https://review.openstack.org/2695616:55
openstackgerritA change was merged to openstack/cinder: Remove _path_exists method.  https://review.openstack.org/2749916:55
*** wiliam_ has quit IRC16:56
*** wiliam_ has joined #openstack-dev16:57
*** zoresvit has quit IRC16:59
*** dguitarbite has joined #openstack-dev17:00
*** plemahieu has joined #openstack-dev17:00
*** timjr has quit IRC17:00
*** timjr_ has joined #openstack-dev17:00
*** mkerrin has quit IRC17:00
openstackgerritA change was merged to openstack/cinder: Cinder wasn't filtering the backups returned to backup list API  https://review.openstack.org/2698917:00
*** harlowja has quit IRC17:00
*** harlowja has joined #openstack-dev17:01
*** wiliam_ has quit IRC17:02
*** CaptTofu has quit IRC17:02
*** lloydde has joined #openstack-dev17:02
*** armax has joined #openstack-dev17:03
*** CaptTofu has joined #openstack-dev17:03
*** jpeeler has quit IRC17:05
*** colinmcnamara has joined #openstack-dev17:05
*** koolhead17 has quit IRC17:06
*** dontalton has joined #openstack-dev17:07
*** stevemar has joined #openstack-dev17:08
*** ijw has joined #openstack-dev17:10
*** alexpilotti has joined #openstack-dev17:10
*** jcoufal has quit IRC17:11
*** zackf has quit IRC17:14
*** wiliam_ has joined #openstack-dev17:15
*** Mandell has joined #openstack-dev17:16
stevemartermie: ping17:16
*** vipul is now known as vipul|away17:17
*** jpich has quit IRC17:17
*** slagle has joined #openstack-dev17:19
*** jog0 has joined #openstack-dev17:20
*** koolhead17 has joined #openstack-dev17:20
*** danpb has quit IRC17:21
*** vipul|away is now known as vipul17:22
*** SergeyLukjanov has joined #openstack-dev17:24
*** bdpayne has quit IRC17:25
*** jcoufal has joined #openstack-dev17:25
*** wiliam_ has quit IRC17:25
*** bdpayne has joined #openstack-dev17:27
ayoungtopol, henrynash   https://etherpad.openstack.org/chain-of-domains17:28
ayoungbrainstorming17:28
*** arbrandes has joined #openstack-dev17:28
*** comstud is now known as bearhands17:29
*** jasondotstar has quit IRC17:29
*** galstrom is now known as galstrom_zzz17:30
*** jasondotstar has joined #openstack-dev17:30
*** minoz has joined #openstack-dev17:30
*** sarob has quit IRC17:31
*** minoz has left #openstack-dev17:31
*** rch has joined #openstack-dev17:33
*** ladquin has joined #openstack-dev17:35
ayoungWell there are 4 people in the etherpad, and I only pinged you, nash and topol...nash and I have names, the other two don't.  Is one of them you>17:35
henrynashayoungL one is me17:35
topolayoung, what is the problem you are trying to address?  I am missing some context. What problem/use case is driving distributed token signing?17:35
topolyeah Im in17:35
*** Aarti has joined #openstack-dev17:36
*** westmaas is now known as westmau517:36
Aartiatnamji456!17:36
Aartioops sorry wrong window!17:36
ayoungtopol this is like, General Relativity replaceing Classical Mechanics and you ask me what problem I'm trying to solve?  I'm trying to get rig of Luminiferous Ether.17:36
henrynashanteaya: you can use both in Folsom, but UUID is the default17:36
ayoungtopol, let me link to the distributed signing BP17:37
anteayahenrynash: thank you, yes the default was what I wanted to confirm17:37
ayounghttps://blueprints.launchpad.net/keystone/+spec/distributed-signing17:37
anteayaworking on revoking a token using the admin token, do you know if there is a method for this already henrynash?17:37
*** devoid has quit IRC17:38
henrynashanteaya: pretty sure there is a token api call that revokes them…along as you know the id17:38
ayoungtopol, this was kicked off by two things.  One, I want to be able to have multiple servers sign tokens, and be able to distinguish between them when the time comes to verify17:39
anteayaohhh, any documentation on said api call?17:39
ayoungso each should have a distinct set of certificates17:39
ayoungAnd the dividing line will be per domain.17:39
*** SergeyLukjanov has quit IRC17:40
ayoungtopol, add to that our recent discussions about the LDAP driver and domains, and the two kind of fall together17:40
*** lucasagomes has quit IRC17:40
topolayoung, so right now each keystone server does the signing and serves as the trusted 3rd party, correct?17:40
ayoungtopol, I didn't want to break the existing Identity back ends, and, indeed, there is no reason to do so17:40
ayoungtopol, yes17:40
ayoungtopol, so a cross domain trust between two keystone servers should involve not only a certificate exchange, but also an agreement that a given certificate can only sign for a certain subset of domains17:41
anteayahenrynash: so far I have found this: http://docs.openstack.org/api/openstack-compute/programmer/content/getting-the-keys-to-the-kingdom.html which confirms what you said but doesn't tell me what command to run to do it17:41
* anteaya continues to look17:42
topoland now you are trying to expand the model so that you have two different keystones each representing a different domain but working together in the same environment?17:42
*** monst__ has quit IRC17:42
ayoungtopol, yep17:42
*** esp1 has joined #openstack-dev17:43
*** esp1 has left #openstack-dev17:43
ayoungtopol, if by "now" you mean "back before grizzly when you originally wrote this"17:43
termiestevemar: holla17:43
henrynashanteaya: so in v3 you do DELETE /auth/tokens17:44
stevemartermie: yay, i wanted to bug you about oauth stuff again17:44
topolso supporting multiple keystones I can see when wanting to provide high availability.  But Im guessing that is not your primary use case17:44
anteayahenrynash: I need to make it work with v217:44
anteayapart of my story requirement17:44
termiestevemar: not here right now17:44
termiestevemar: whatchoo need?17:44
henrynashanteaya: in v2 it would be something like DELTE /token/{token_id}17:45
ayoungtopol, o, this is more for the case where two different orgs have stood up keystones and need to interoperate17:45
anteayahenrynash: great, thank you17:45
topoltermie, I'll get him17:45
termieaka not a case17:45
termietopol: he's already talkin17:45
topoloh good17:45
henrynashanteaya: i just can't find a published version of the v2 identity api spec right now17:45
*** zbitter has joined #openstack-dev17:45
anteayahenrynash: no worries, chmouel left a blog post for me: http://blog.chmouel.com/2013/04/22/howto-revoke-a-token-with-keystone-and-pki-v2-0-api/ which is getting me started17:46
*** darraghb has quit IRC17:46
anteayamostly just wanted to confirm folsom default is UUID, the rest is lovely too17:46
openstackgerritA change was merged to openstack/cinder: cinder volume service keeps retrying even code exception  https://review.openstack.org/2704017:46
stevemartermie: was wondering how i can invoke the code under create_request_token?17:46
anteayaif you happen to trip over anything official feel free to ping me, in the meantime I have enough to keep working17:47
anteayaand thanks henrynash17:47
stevemartermie: normally I just do curl and point it to the right endpoint,17:47
henrynashanteaya: no problem17:47
topolayoung, the reason Im asking is just to make sure this wasnt for supporting two separate LDAPs for authentication.   As I mentioned in my latest email, apache shows that can be handled by a single service location17:47
termiestevemar: http://term.ie/oauth/example/client.php :)17:47
termiestevemar: that endpoint can be localhost, btw17:47
termiestevemar: you'll probably want to "dump request" and then use that url in curl17:48
ayoungtopol, wasn't the reason I was suggesting that and I would deny it if it was.17:48
termiestevemar: if you are going to do it a bunch17:48
*** zb has quit IRC17:48
stevemartermie: ah i see the ticky box for that17:48
topolayoung, K, so your use case is a scenario where two orgs somehow are sharing an openstack environment and each has there own keystone?17:49
stevemartermie: so the endpoint should be: http://localhost:5000//oauth/request_token17:49
*** raycloud_ has joined #openstack-dev17:49
stevemartermie: http://localhost:5000/oauth/request_token17:49
termiestevemar: sure17:50
termiestevemar: the keys are in the DummyOauthDriver17:51
*** zb has joined #openstack-dev17:51
*** lglenden has joined #openstack-dev17:51
stevemartermie: yep, i noticed that, foo-key and foo-secret17:51
*** galstrom_zzz is now known as galstrom17:52
*** brich1 has joined #openstack-dev17:52
*** raycloud has quit IRC17:52
*** crank has quit IRC17:52
*** crank has joined #openstack-dev17:53
*** zbitter has quit IRC17:54
*** kagan has joined #openstack-dev17:54
*** corXi has quit IRC17:54
termiestevemar: i'll probably be working on this stuff today, btw, need to go back over code reviews17:56
*** Ryan_Lane has joined #openstack-dev17:57
*** blamar has joined #openstack-dev17:58
stevemartermie: cool; i wanted to start looking at the backend code, but i might be getting ahead of myself17:58
stevemartermie: the consumer table at least should be easier17:59
ayoungtopol, that was the idea, yes.  Say public cloud, where the customer has their own Keystone, running behind a firewall, and wants to manage their own identities.18:00
termiestevemar: is good practice anyway, if you want to write the crud stuff go ahead and pull request or whatever18:00
*** kmartin has quit IRC18:00
*** dguitarbite has quit IRC18:00
stevemartermie: yep! i copied the code you had in your keystone git repo and have been trying to build on top of it, and figure out what exactly needs to be done18:01
ayoungtopol, it wouldn't solve the HA keystone thing, as I think there you would want to share certificates between them, or you would have to indicate on the token which Keystone signed it in order to have separate certs18:01
*** SergeyLukjanov has joined #openstack-dev18:01
ayoungI was trying to group by domain18:01
stevemartermie: and trying to figure out how it all works, of course18:02
*** galstrom is now known as galstrom_zzz18:03
*** marun has joined #openstack-dev18:03
openstackstatusNOTICE: We just added AAAA records (IPv6 addresses) to review.openstack.org and jenkins.openstack.org.18:04
topolayoung, do we have concrete stakeholders that want to implement a public cloud by giving different customers their own keystone???18:04
*** timjr_ has quit IRC18:04
ayoungtopol, nope18:04
*** torgomatic has quit IRC18:05
ayoungtopol, that wasn't the idea18:05
ayoungtopol, it was more "openstack is a standard way of accessing clouds, and keystone is the IdM portal into that"18:05
*** bkero has quit IRC18:05
termieayoung: we don't use the word "IdM" here18:05
topolayoung, still trying to associate this concept with a concrete use case/stakeholder need.18:05
ayoungtermie, its not a word.  It is an acronym. It is technically two words18:06
ayoungtermie, you are like Newspeak, removing words from usage18:06
termieayoung: https://www.google.com/search?q=define%3A+word18:06
topoltermie, I heard a rumor that when you make core you are rewriting keystone in a combination of java and pl118:06
termietopol: all java, actually18:07
*** torgomatic has joined #openstack-dev18:07
termietopol: but rot13d18:07
topolonly in week1, then expanding18:07
*** colinmcnamara has quit IRC18:07
termieheading out to breakfast, but i'll be back to harass y'all later18:08
topolso ayuong we can look at the distributed signing and Im trying to grab bruce rich (my local security guru to look as well).  But as a general rule on something like this I get nervous if I cant point to a stakeholder that says they need this...18:09
*** bkero has joined #openstack-dev18:09
*** eafonichev has joined #openstack-dev18:09
garykmarun: ping18:09
*** marun has quit IRC18:09
*** marun has joined #openstack-dev18:10
*** jdurgin1 has quit IRC18:10
*** stevemar has quit IRC18:10
brich1topol: looking at etherpad, wondering why the certificates are not in a traditional hierarchy, signed by common CA, then trust builds on "normal" mechanisms18:11
ayoungtopol OK, forget about the distributed signing aspect of it for a moment.  The idea of the domain backend being separate from the ID back end came up during the LDAP talk18:11
ayoungbrich1, you mean the https://etherpad.openstack.org/chain-of-domains  ?18:11
brich1ayoung: yes18:11
*** stevemar has joined #openstack-dev18:11
topolayoung, I sent him the link18:11
ayoungbrich1, because they are peers, not necessarily signing each others certs18:12
*** CaptTofu has quit IRC18:12
ayoungbrich1, say I have a private keystone18:12
ayoungand I need to talk to both rackspace and ... HP18:12
ayoungbrich1, which one gets to sign my certs and tokens?18:12
brich1ayoung: but if their certs came from a common root, then trust would be natural and not forced via external mechanism18:13
*** ewindisch has joined #openstack-dev18:13
*** jecarey has joined #openstack-dev18:13
ayoungbrich1, and you just addresses the main problem with X50918:13
ayoungThere is no common root18:13
marungaryk: ping18:13
ayoungbrich1, I might be payuing verisign and you are paying mom-and-pos-ca-shop18:14
ayoungboth are CAs in the browser cache....18:14
ayoungbrich1, and besides, the CA mechanism doesn't link to the domain.18:14
*** mlavalle has joined #openstack-dev18:15
brich1ayoung: agree that trust shouldn't be a casual affair...mom and pop probably isn't a good thing18:15
ayoungYou don't want a cert to sign every token18:15
ayoungjust the ones from the domain that is trusted18:15
*** vartom1110 has joined #openstack-dev18:15
ayoungbrich1, the fact is that there is no hierarchy.  We want this far more controlled18:15
*** dguitarbite has joined #openstack-dev18:15
ayoungnow, you could say that if I share my certs with your Keystone, then you replace my certs with your own, you own all my resources.  But none of my people would be able to do anything there, and it would be abeach of contract, and...it would get sorted out, probably in the courts18:16
*** henrynash_ has joined #openstack-dev18:16
ayoungBut there is nothing in the X509 world that would really solve this, is there?18:17
*** morganfainberg is now known as needscoffee18:17
brich1ayoung: sharing certs is not the same as sharing private keys, which is the part that signs the tokens, so I don't see the validity of the problem you were describing18:17
ayoungbrich1,  I am aware the differences between sharing keys and certs18:18
*** PaulM has joined #openstack-dev18:19
ayoungbrich1, do you understand the token signing mechanism?  Do you know see how we are currently fetching the Cert explicitly from Keystone to avoid making the tokens huge?18:19
*** Yada has quit IRC18:19
ayoungWe are not going to be putting a whole Cert chain into each signed token.18:19
*** henrynash has quit IRC18:19
*** henrynash_ is now known as henrynash18:19
ayoungThe goal instead is to be able to bind a signed token to a client cert or some other secure authentication mechanism and get rid of bearer tokens18:20
ayoungI think client certs are the simplest way forward18:20
ayoungbut then individual organizations need to sign their own certs18:20
*** mlavalle has quit IRC18:20
*** monst_ has joined #openstack-dev18:21
topolayoung, so lets say I am a customer and I am using both a rackspace and an HP cloud.   Why do I need to share at all? If the app components need to communicate/collaborate I would assume they would use std  webservices methods and the communication would be out of band from a keystone point of view18:21
ayoungtopol, how does Rackspace assigne the btopol@ibm.com user to a project in a different domain?  What "standard web services" apply there?18:22
*** jdurgin1 has joined #openstack-dev18:23
*** rmohan has quit IRC18:24
ayoungAnd why would you assume it to be "out of band"18:24
ayoungaside, maybe from setting up the cross domain trust relationship in the first place18:24
*** otherwiseguy has quit IRC18:25
*** yamahata_ has quit IRC18:25
*** rmohan has joined #openstack-dev18:26
brich1ayoung: TLS sessions exchange certs in both directions, so that handshake would communicate certs.  Having trust via the cert chain would be one level of standard practice.  A secondary mechanism may be necessary for some environments.  (BTW...the token may have a hash of the public key from the signer cert, which would make it a manageable size).18:27
ayoungbrich1, that is the approach I am pursuing18:28
ayoungbrich1, there are a couple things to keep in mind18:28
ayoung1.  most people do not have client certs.   If we introduce them, we need to provide a means to distribute them18:28
topolayoung, so lets say I have a big data crunching problem that is so big I need to leverage two separate clouds to get the horsepower I need.   I would have a piece that would allow me to kick off work items in both clouds.  I would send the work items out using a "bag of tasks"  approach and each item when done probably send s there results to some collection hub.  Thus I use both clouds...18:29
topol...without keystone distributed signing18:29
ayoung2.  certs used for signing tokens are a different type (SMIME) than client certs so we need to support both18:29
*** monst_ has quit IRC18:29
brich1ayoung: what SMIME types are we talking here?18:30
ayoungbrich1, no...I mean SMIME signing certs.  CMS.  The PKI token impl?18:30
ayoungbrich1, have you looked at it?18:31
brich1ayoung: yes, just trying to make sure we're talking about the same things with these terms18:31
*** vipul is now known as vipul|away18:34
ayoungbrich1, ok, so we still want to map which CA cna signi tokens for a specific domain18:34
ayoung"can"18:34
ayoungand that is more than just the certificates having the appropriate attributes set18:34
ayoungit is an agreement by the Keystone server as well18:34
*** bknudson has quit IRC18:35
ayoungSo while you might have a valid signing server, I can say "yes,. you can sign for the ibm domain, but not the redhat domain18:35
*** kagan has quit IRC18:35
ayoungit might be that they share a common CA cert, I am just not enforceing that, as I don;'t think it will be the case in practice18:36
brich1ayoung: is it necessary but not sufficient for the signing certificate to be locked to a domain?  that we need config as well?18:36
brich1ayoung: or "policy" instead of "config"?18:37
*** crandquist has quit IRC18:38
ayoungtopol, so my brainstorming was origianlly based on the distributed signing idea, but does not require that to be valid.  It is, instead, a mechanism for allowing us to divide up the configuration of domains in general, so solve the general problem that we have been discussing around LDAP etc.18:39
topolayoung, feels like using an elephant gun to shoot a mouse18:39
*** bkero has quit IRC18:39
ayoungbrich1, My goal this release is to deal with the bearer-ness aspect of the tokens.  To do that, I want to be able to bind them to a client cert.  TO do client certs, we need to be able to distrbitue client certs to everyone.  So, I suspect that Keystone is going to have to hand out client certs.  But people might have them from elsewhere, assuming they come from an org that already has a CA.  Say, the DoD, which has its owen CA,18:41
ayoung and it is not in yourbrowser cache unless you put it there, so you would have to explicitly enable that CA.18:41
ayoungtopol, there is no "overkill" there is only "open fire" and "reload"18:41
ayounghttps://en.wikipedia.org/wiki/Schlock_Mercenary#The_Seventy_Maxims_of_Maximally_Effective_Mercenaries18:41
ayoung#3718:42
topolayoung, I think LDAP issue in many cases can be solved using a simpler approach if you agree that the multiple LDAPs are just used for authentication and then each maps to a separate domain in the SQL identity driver18:42
*** galstrom_zzz is now known as galstrom18:42
Ryan_Lane-_-18:42
Ryan_Lanedon't assume people only want to use ldap for authentication18:42
Ryan_Laneit's a bad assumption18:42
Ryan_Lanea really bad one18:42
ayoungtopol, that won't work without a mapping mechanism.  And if we have a mapping mechanism, we don't need the SQL ID driver18:42
ayoungRyan_Lane, agreed18:43
ayoungRyan_Lane, did you see https://etherpad.openstack.org/chain-of-domains18:43
*** rmohan has quit IRC18:43
topolRyan_Lane, I know you are a LDAP superuser and you have the freedom to do whatever you want with your LDAP, but most customers that simply isnt true.  and ayoung already convinced me that you didnt need multiple domains in a single LDAP anyway18:43
topolayoung, I thought your json cinfig stuff would give us a mapping mechanism18:44
ayoungSo multiple domains in a single LDAP is a separate issue.  What I'm writing above doesn't address it.18:44
*** ijw has quit IRC18:44
topolayoung, I know, but Ryan_Lane threw the grenade18:45
Ryan_Laneit really seems like these conversations are taking the worst part of everyone's suggestions and using that to make a compromise that no one will be happy with18:45
*** rmohan has joined #openstack-dev18:45
*** alexpilotti has quit IRC18:45
*** salv-orlando has quit IRC18:45
ayoungRyan_Lane, nope.18:45
*** torgomatic has quit IRC18:45
*** vipul|away is now known as vipul18:45
*** salv-orlando has joined #openstack-dev18:45
Ryan_Laneunless we're going to move the configuration into the API, I don't see how any of this is going to work18:46
topolRyan_Lane, not sure I agree with that. Its still not clear to me why ayoung is taking this approach for the LDAP use case.  I would understand it if it was for HA but that is not his focus18:46
Ryan_Laneayoung: https://etherpad.openstack.org/chain-of-domains <— this seems incredibly complicated18:46
*** v7 has joined #openstack-dev18:47
Ryan_LaneI don't want to imagine the code for most of the suggestions I've seen so far18:47
ayoungRyan_Lane, So we have the "default domain" in SQL cuz we squeezed it in there, but that means we need to do that for every single backend we write, as we've seen with LDAP and potentially others18:47
Ryan_Laneit's approaching "you must be an identity wizard to touch this code" in complexity level18:47
*** devoid has joined #openstack-dev18:47
*** markmcclain has joined #openstack-dev18:48
v7Hi there, I installed Devstack on RHEL6.4. Im getting the following error when trying to view the Dashboard: FilterError at / /bin/sh: /opt/stack/horizon/bin/less/lessc: Permission denied18:48
v7Anyone know how to fix this?18:48
topolayoung, Ryan, the use case presented at the summit as high priority was a simpler one.   Stakeholder has 1 or more LDAPs they use for authentication.   They want to pull users lazily in to the identity driver with a read/write (probably SQL) backend and then manage the authorization (mapping of users to rules) there...18:48
topols/rule/roles18:48
Ryan_Lanein which way would this work, though?18:49
Ryan_Lanehow does keystone know which ldap is being used for auth?18:49
topolRyan_Lane, I agree with your complexity conerns on chain-of-domains18:49
topolRyan_Lane, configure like apache does18:49
topolhttp://httpd.apache.org/docs/2.2/mod/mod_authn_alias.html18:50
*** gordc has quit IRC18:50
*** jrclouda has joined #openstack-dev18:50
*** jrclouda is now known as zackf18:51
topolWe are frankly not the first ones to this rodeo. Apache handle multiple LDAPs and also filters for mapping groups as well18:51
ayoungtopol, yep.  Keystone is a big pile of NIH18:51
*** minoz has joined #openstack-dev18:51
Ryan_Laneyes, yes, and my mediawiki extension also handles multuple domains18:51
Ryan_Laneand can handle group filtering, and can do kerberos, ssl client auth, etc, etc18:52
Ryan_Laneand I can tell you from experience it's a bad idea18:52
*** bknudson has joined #openstack-dev18:52
topolSo I look at the apache code and nowhere does it mention distributed token signing18:52
*** eharney has quit IRC18:52
ayoungRyan_Lane, can you explain what you mean by " my mediawiki extension?"  Extension to Keystone, to apache, or to LDAP?  To something else?18:52
Ryan_Lanehttp://www.mediawiki.org/wiki/Extension:LDAP_Authentication18:52
*** alop has quit IRC18:53
ayoungtopol, the thing is, the Apache mechanism doesn't have the domains concept in it18:53
ayoungwith domains, we start taking about multi-tenancy, and that is missing from the Apache approach18:53
topolbut the sql identity driver has domains18:54
*** novas0x2a|laptop has joined #openstack-dev18:54
ayoungSo, yes, you can check multiple LDAPs, but they all get lumped together18:54
ayoungtopol, I never wanted all this in the first place18:54
*** minoz has left #openstack-dev18:54
ayoungI wanted to be  a lumberjack.18:54
ayoungRyan_Lane, yeah, you pointed me to that before. Is that in your LDAP server?18:54
topolwe can control that though.  Im just missing something.  The SQl identity driver *has* domain support.  Im just advocating we use it!18:55
Ryan_Laneno. it's LDAP support for mediawiki18:55
Ryan_Laneit supports a lot of what you guys are talking about adding to keystone18:55
ayoungAh, right18:55
Ryan_Laneand from experience, I'm telling you it's a nightmare18:55
topolall I think I am missing is a config piece that maps each ldap to its own domain18:55
ayoungtopol, so, I didn't want to say this, but, that is what the json file is for18:56
Ryan_Lanehttp://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Configuration_Options#Domain.2C_server_and_connection_configuration_options18:56
topolIf my logic is wrong plz explain.18:56
Ryan_Lanethis is going to make the code impossible to manage18:56
topolryan_lane, whih part???18:56
Ryan_Laneand it's going to make the configuration of keystone mostly impossible to manage18:56
*** bknudson has quit IRC18:56
*** afazekas_ has quit IRC18:56
topolchain-of-domains or what I am suggesting?18:57
*** stevebaker is now known as stevebaker_gone18:57
*** timjr has joined #openstack-dev18:57
ayoungRyan_Lane, what I suggested in the chain-of-domains is a framework for linking multiple domain sources together, but in a limited and non-surprising way18:58
anteayageneral announcement, gnome opw internship applicants only have until this Tuesday to submit an openstack patch for their application to be considered, I am encouraging them to ask in here for help with devstack and patch submissions18:58
anteayathanks for your kind understanding and support18:58
Ryan_Laneayoung: good luck with that being "non-surprising"18:58
topolayoung, yeah but the minor boat anchor of distributed signing...18:59
topolRyan_Lane, I enjoy your feedback.  But I cant tell how much is hating chain of domains and how much is hating what I am suggesting18:59
ayoungtopol, no, I am trying to show how that would fit in as well.  It is a separate but realted concern I've been trying to solve cleany for a while and have punted on it.  I don't want certs to be something that can be updated via the web interface, because I am paranoid18:59
*** lloydde has quit IRC18:59
ayoungmultipl LDAP vbackends is a config choice, and shouldn't be in the database19:00
ayoungbut there are providers that do need to be able to create domains on the fly, like Rackspace and joe savak19:00
Ryan_Lanetopol: anything past supporting a single ldap directory per keystone I'm going to dislike19:00
ayoungI don't want to support multiple domains in a single LDAP19:00
ayoungRyan_Lane, So there are two options then19:01
Ryan_Lanebecause I know the nightmare situation that comes that way19:01
ayoungone have one Keystone per LDAP19:01
topolIm so missing something. I agree multiple LDAPs should be a config choice.  Now how does that prevent domain creation on the fly?19:01
ayoungand have them talk via the sitributed signing19:01
ayoungor we write something that you are going to dislike19:01
ayoungwhich puts them into a single Keystone19:01
ayoungor punt and mke the LDAP admins life miserable19:01
topolOne Keystone per LDAP will make us look silly19:01
Ryan_Laneit'll make us look sane19:02
topolthat will make an admins life hell19:02
ayoungtopol, I think that one Keystone per LDAP should be the first approach, as it provide total isolation. Multiple per can be supported later as well if so demanded19:02
*** torgomatic has joined #openstack-dev19:03
topolagain I fully agree with one domain per LDAP.  I dont understand how we slip from that to one keystone per ldap.  I think many folks will benefit from having multiple LDAPs they control being suck in and handled by one keystone19:04
ayoungRyan_Lane, I was origianlly going to suggest splitting the Domain code out of the identity backend, but I realize that it wouldn't work.  I think the chain of responsibility pattern is the best implementation here.  We could make it completely free-form, but I think that would be hard to understand. We can extend the pattern, or drop a link of the chain, if it turns out that they do not make sense19:04
topoland again, I still don't understand where my approach blows up given we agree the SQL identy driver supports multiple domains. What is the anvil about to drop on my head you arent mentioning???19:05
*** dguitarbite has quit IRC19:06
topoland again, we agreed to let henrynash investigate and we are short circuiting that with doing diligence19:06
*** litong01 has quit IRC19:06
ayoungtopol, the reason we support one keystone per ldap is because it is the more general solution. When I pressed the people looking for multiple backends, they admitted that they would want the token backend to be split as well.  Splitting into two distince keystone gives them complete control over their domains, and isolation between them19:06
topoler without doing diligence19:06
Ryan_Laneback in a bit. interviewing someont...19:07
ayoungtopol, I posted it as a brainstorming session.  We can think things through whilst being duly dilligent.19:07
topolayoung, I think it depends on the customer set.   If I am a bank, and I bought another bank, and I have two LDAPs of users.  and I know apache was able to handle this with a single point of authentication and keystone cant then keystone looks silly19:08
ayoungtopol, you are forcing me to make my assumptions explicit, which is exactly what I hoped would happen in a discussion like this. I realize that I've been stewing on this for a while.19:08
ayoungtopol, I think that there are going to be demands for all of the above.19:08
ayoungMultiple LDAPs in a single server included19:09
ayoungwe don';t have to do them all19:09
ayoungbut lets dream for now...19:09
ayoungit is the beginning of the release cycle, and we should spend more time planning and less time coding right now....19:09
*** galstrom is now known as galstrom_zzz19:09
ayoungI think that domains are the the proper place to split things19:09
ayoungfor people that are using one domain per customer, they need a backend that will support that19:10
*** kagan has joined #openstack-dev19:10
ayoungbut then the whoe infrastructure is like a different domain, right?  In my talk, I had them coming from separate IDPs19:10
ayoungdomains are the dividing lines for IDPs19:10
ayoungso, Keystone can also be an IDP, but really it is not, it is an authorization portal19:11
ayoungin the LDAP case, Authentication comes from elsewhere19:11
ayoungthe simple bind approach not-withstanding,19:11
ayoungas I agree it is a mistake19:11
ayoungideally, you would front with apache19:11
termieayoung: if you had to guess, what ratio of the messages on this channel would you say are by you?19:12
topolayoung, so you will end up finding me annoying.  Cause I firmly believe in having stakeholders/and use cases before desiging.   I know I have use cases for the simpler scenario I described.   All the more complex ones we will only hit the mark if stakeholder participate in the design and iterations19:12
ayoungtermie, 169.2% give or take19:12
termietopol: agreed19:12
termieayoung: what's an IDP that sounds like a bad word also19:12
ayoungtermie, Identity Provider.  Where you go to authenticate19:12
*** bknudson has joined #openstack-dev19:12
termieayoung: cool, yeah, let's not use that word19:13
ayoungtermie, would it be correct to say that, in a strict oauth implementation, we wouldn't have domains, we would just have consumers?19:13
termieayoung: no19:13
*** aelkikhia has quit IRC19:16
*** cloudchimp has quit IRC19:17
topoland I could not imagine telling my customers that used apache that if they need to integrate with an LDAP that they would need one apache server per LDAP.   They would laugh me out of the room as not being enterprise strength code.  and when we advocate one keystone per LDAP its saying the same thing19:17
termiehundreds of keystones19:19
termiethousands19:19
*** dolphm_ has joined #openstack-dev19:19
termiedolphm_: x_x19:19
dolphm_termie: o/19:19
*** athomas has quit IRC19:19
ayoungtopol, look them in the eye and say "You have two LDAP servers for a reason.  We are looking to support that reason, not undermine it."19:20
ayoungTHen they hem and haw and tell you how hard it is due to organization issues and politics19:20
termieayoung: i think we should just let mathrock design this19:21
ayoungtermie, he's welcome to it.19:21
termieayoung: because he has a specific use case of something along these lines and they've already solved it to some degree19:21
*** monst_ has joined #openstack-dev19:21
*** brich1 has left #openstack-dev19:22
*** stevebaker_gone is now known as stevebaker19:22
ayoungtermie, yes, but we have people coming at this from all over the place.  We have people screamin "we need LDAP support, but we can't write to the LDAP server" and we have Rackspace saying "we need to be able to give each customer their own domain" and I am trying to find a clean solution that pisses off everyone equally19:23
*** adisthedevil is now known as jcannava19:23
* ayoung resorts to vulgarity to underline frustration19:23
*** sarob has joined #openstack-dev19:23
*** bdpayne has quit IRC19:24
*** bdpayne has joined #openstack-dev19:25
termieayoung: sure sure, i am just saying that guy probably has a really good idea about what that is19:25
topoleach keystone is gonna need to be fronted with ssl.  Each keystone needs configured.  Honestly we need to be flexible and pragmatic.   I already am having to visit customers that want to know how they can run OpenStack without keystone.  so lets be very careful what we choose to mandate as have to be done.19:25
*** monst_ has quit IRC19:26
ayoungtopol, with autoprovisiong and HTTPD, you can use the LDAP mechanism you just pointed to in the HTTPD config to handle that use case. Why do we need to write anything for it here?19:27
ayoungOh, because each LDAP server is going to be different19:27
ayoungso you need the AttributeMapping stuff from dchadwick19:27
topoland still noone has told me why the multiple backend ldaps for authentication then provisioning the users and mapping them to a separate domain in the SQL identity driver wouldnt just work for many uses cases19:27
ayoungtopol, I just told you it would19:28
topolyes each ldap server is different and yes I need attribute mapping.  But then Im done and customer happy19:28
ayoungso you don't have a dog in this fight19:28
topolwhy no dog?19:28
ayoungtermie, when you said "thousands of keystones" I assume you were being serious?19:29
ayoungtopol, because you have a path to your solution.19:29
ayoungtopol, no LDAP backend needed for you19:29
topolas long as my desired use case is handled by a single keystone then I am happy and will be quiet.19:29
ayoungtopol, happy I belive. quiet, not so much19:30
*** eharney has joined #openstack-dev19:30
*** eharney has quit IRC19:30
*** eharney has joined #openstack-dev19:30
topolBut I will be leveragin multiple ldap backends. what do you mean by no LDAP backend needed?19:30
ayoungtermie, if we have thousands of keystones, then they allow cross authentication via oauth, right?19:31
termieayoung: no19:31
termieayoung: oauth isn't the answer to everything19:31
termiehammernail19:31
ayoungtopol, I mean no Keystone LDAP backend needed.  You will use the SQL backend.19:31
*** monst_ has joined #openstack-dev19:32
kbringardis anyone familiar with the namespace permission issues in grizzly quantum and ubuntu?19:32
kbringardspecifically where the L3 agent can't perform ip netns exec actions?19:33
*** jruzicka has quit IRC19:33
topolayoung, I thought you told me yesterday Joe Savak could use SQL Identity Driver as well.  So who are you designing this for???19:33
termiekbringard: sorry, this is keystone only channel19:34
termiekbringard: ;)19:34
kbringardtermie: I thought we were ditching keystone :-p19:34
termiekbringard: oh right, SHHHH19:34
termiekbringard: don't tell ayoung19:34
ayoungtopol, he hasn't confirmed that.  I stated it meaning I thought that he could, but he was involved in the LDAP discussions, so I took that to mean he wanted an LDAP solution, and wish he would chime in19:34
*** AnilV4 has quit IRC19:34
kbringard:-x19:34
ayoungkbringard, ask rkukura or one of the quantum devs19:35
kbringardayoung: will do, thanks :-)19:35
topolthought he could????  you could be setting us up for an ambush Sarge19:35
kbringardrkukura: ping19:35
ayoungkbringard, I'd suggest gkotten but I think he is asleep19:35
*** radez is now known as radez_g0n319:35
*** alop has joined #openstack-dev19:36
openstackgerritA change was merged to openstack/nova: Fix fixed_ip_count_by_project in DB API  https://review.openstack.org/2722519:38
*** litong01 has joined #openstack-dev19:39
*** prekarat has joined #openstack-dev19:39
prekarathenrynash: ping, have a quick question on Keystone19:41
prekarathenrynash: regarding this bp https://blueprints.launchpad.net/keystone/+spec/create-user-validation19:41
*** litong01 has quit IRC19:42
*** litong has joined #openstack-dev19:42
prekaratayoung: ^^^19:42
ayoungprekarat, looking19:43
ayoungprekarat, did you write that?19:44
ayoung2012-05-23  old19:44
prekaratayoung: no i didn't create the bp, but since it wasnt' touched for a long time, i hit a but in tempest today regarding this and i implemented a patch today. https://review.openstack.org/#/c/27593/19:44
prekaratayoung: which implements this bp. but i have a question regarding the passwd criteria19:45
ayoungprekarat, please please please don't implement your own email parser19:45
ayoungjust check for existance19:45
prekaratayoung: ok, thats prcisely what i wanted to discuss.19:45
prekaratayoung: there isn't one that I coudl find after a long search. the one that exists lpel is retired.19:46
prekaratayoung: the existing email.utils.parseaddr is not very robust.19:46
v7Anyone getting the following Horizon error after installing devstack? FilterError at / /bin/sh: /opt/stack/horizon/bin/less/lessc: Permission denied19:47
ayoungprekarat, so, check that the values are not null and leave it at that.  In the case of an LDAP backend (assumig it is readable) you are probably goign to be bucking up against someone elses rules for a valid address, username, etc19:47
openstackgerritA change was merged to openstack/horizon: Add help text for some fields of Load Balancer forms  https://review.openstack.org/2741719:47
*** ayoung is now known as ayoung-afk19:48
prekaratayoung: checking for null is an issue, becuase --email is an optional value and if not passed will be null.19:48
prekaratayoung-afk: ^^19:48
v7I set permissions for lessc to 777. But I still get FilterError at / /bin/sh: /opt/stack/horizon/bin/less/lessc: Permission denied19:49
v7in Horizon19:49
*** otherwiseguy has joined #openstack-dev19:52
*** alunduil has joined #openstack-dev19:52
*** gordc has joined #openstack-dev19:53
v7Full error here: http://paste.openstack.org/show/36641/19:54
*** cloudchimp has joined #openstack-dev19:55
kbringardtermie, ayoung-afk: I think I sorted it out: https://bugs.launchpad.net/quantum/+bug/103416119:58
uvirtbotLaunchpad bug 1034161 in quantum "some platforms do not support namespaces" [Medium,Confirmed]19:58
kbringardI'm on a platform which supports it, but it doesn't looks like #define __NR_setns 268 is set in my ipnetns.c19:58
*** kagan has quit IRC19:59
*** dprince has quit IRC20:00
*** pcm__ has joined #openstack-dev20:00
topolso ayoung, regarding your federated keystone identity, I going to try and find some use cases and stakeholders. Its a good topic. I just want it on more solid footing20:01
*** lloydde has joined #openstack-dev20:03
*** joesavak has joined #openstack-dev20:04
*** v7_ has joined #openstack-dev20:05
*** v7 has quit IRC20:06
*** minoz has joined #openstack-dev20:06
*** lglenden has quit IRC20:07
*** cp16net|away is now known as cp16net20:07
*** vipul is now known as vipul|away20:08
*** lglenden has joined #openstack-dev20:08
*** jvrbanac has quit IRC20:08
*** jvrbanac has joined #openstack-dev20:09
*** vipul|away is now known as vipul20:09
v7_Can someone help me to debug an issue with Horizon?20:12
v7_Error is here: http://paste.openstack.org/show/36641/20:12
*** boris-42 has quit IRC20:13
*** cp16net is now known as cp16net|away20:14
*** erfanian has joined #openstack-dev20:16
*** otherwiseguy has quit IRC20:16
*** galstrom_zzz is now known as galstrom20:16
*** jvrbanac has quit IRC20:16
david-lylev7: are you using RHEL selinux?  if so you'll need to do off-line compression20:17
*** kagan has joined #openstack-dev20:18
*** jvrbanac has joined #openstack-dev20:20
*** topol has quit IRC20:22
*** alop has quit IRC20:26
*** minoz has left #openstack-dev20:27
*** vartom1110 has quit IRC20:27
*** ayoung-afk is now known as ayoung20:27
*** pabelanger has quit IRC20:28
*** pabelanger has joined #openstack-dev20:29
dolphm_bknudson: ayoung: curious about ya'll thoughts on https://review.openstack.org/#/c/27595/20:29
bknudsondolphm_: standard answer is needs test case20:30
*** CaptTofu has joined #openstack-dev20:30
dolphm_bknudson: i don't know what i'd be writing a test for, so i would just be deleting the feature20:31
*** terryh has quit IRC20:31
*** terryh has joined #openstack-dev20:31
bknudsondolphm_: there's a testcase that sets it to 51220:31
*** henrynash has quit IRC20:32
*** melwitt has joined #openstack-dev20:32
bknudsondolphm_: for some reason I think this is related to some kind of active directory support20:33
bknudsonjust remembering some code I looked at one day.20:33
*** stevemar has quit IRC20:34
ayoungdolphm_, ugh...  bknudson that isnot the full story20:35
*** zb has quit IRC20:35
ayoung'user_enabled_default'  is, I think, part of dealing with the whole mess for AD20:35
*** litong has quit IRC20:36
ayoungI'd have to check the logs to see if this is part of the fix, but in AD, "enabled" is a bit field20:36
*** romcheg has joined #openstack-dev20:36
ayoungand this was part of setting that whole field, so it can't be a boolean, but 'True' works for the OpenLDAP case, and most sane Directory Servers20:36
bknudsonSo I would guess you don't want it to limit it to boolean.20:37
*** romcheg has left #openstack-dev20:37
bknudsonmuch as that would make a lot more sense20:37
ayoungbknudson, I'd have to look at the code to confirm...doing that now20:38
*** bkero has joined #openstack-dev20:38
dolphm_ayoung: if it supports "True", does it support 'False'? or what's the opposite of "True"?20:38
dolphm_bknudson: but if you're performing bitwise operations on it, then it can't be a string20:38
dolphm_bknudson: '512' & var # is not the same thing as # 512 & var20:39
dolphm_maybe make it an int that defaults to 1 then?20:40
ayoungbknudson, the thing is, atest would probably be useless against the FakeLDAP.  THis would really need to be run against the live LDAP20:40
dolphm_(AD)20:40
*** kagan has quit IRC20:40
ayoungdolphm_, I think that the fact it is "True" here is defined by LDAP and not Pytho, they just happen to agree on the string representation.  However, looking at the Code, it might be OK to switch to a boolean, but I wouldn't bank on it20:41
dolphm_ayoung: boolean won't work if it needs to support an int20:42
ayoungdolphm_, unless you want to confirm it against an AD backend, I would leave it alone.  I think it was Jose Castro that wrote this code and he can tell you his rationale20:42
ayoungIt might be perfectly fine to do it as a Boolean, I don't know.20:43
dolphm_boo, i don't think he's on20:43
dolphm_ayoung: you're right though, he did write it as i recall20:43
*** eafonichev has quit IRC20:43
*** mrodden has quit IRC20:44
ayoungdolphm_, bug1067516 commit 001f708e7d9ffc69c80f823e7ab5f79325cc8a4020:44
ayoung Change-Id: I1ee9a1e2505cdd8c9ee8acba5c0e89a4f25c726220:44
ayoungdolphm_, OK, so in general, True is probably fine, as if we are talking to an RFC schema user object it will map correctly, but it is possible that for a user some some other schema, enabled might be 'enabled' versus some other enumerated value20:46
dolphm_ayoung: thanks20:46
ayoung'disabled' 'inactive' etc20:47
*** vipul is now known as vipul|away20:47
dolphm_ugh, so basically this option is being overloaded as both an int and a string... so we need a whole new config option20:47
termiehahah20:47
termieconfig polymorphism20:48
needscoffeetermie: i'm scared by that statement.20:48
openstackgerritA change was merged to openstack/glance: scrubber: dont print URI of image to be deleted  https://review.openstack.org/2734120:48
*** vipul|away is now known as vipul20:48
*** kmartin has joined #openstack-dev20:48
termieneedscoffee: use the fear, channel it20:48
needscoffeetermie: LOL ;)20:48
dolphm_or cast the string to an int so we can do bitwise operations on it, which will fail with the default value20:49
termiedolphm_: just remove all teh code20:49
bknudsonI'm worried about this ldap backend... might not last very long.20:49
dolphm_termie: tempting20:49
dolphm_bknudson: +120:50
ayoungdolphm_, I don't think this value is used for the bitwise stuff, if I understand it.  Enabled is not supported in the default schema, so this is just a very flexible way to support enabled for people that have it in a non-custom way.20:50
dolphm_maybe we should follow the way of the bare metal driver, etc, and make it it's own project20:50
*** jcoufal has quit IRC20:50
termiewell there is already an ldap project spinning up, right ayoung?20:50
ayoungtermie, hell no20:50
termieayoung: you said you were making a mapper thing20:51
termieayoung: and then using that for ldap20:51
ayoungtermie, nope20:51
termieayoung: do you have a memory issue?20:51
ayoungthat is the thing that dchadwick is coding20:51
termieayoung: so it _does_ exist20:51
termiefunny that20:51
bknudsonactive directory bitmask stuff: http://support.microsoft.com/kb/30514420:51
ayoungI just thought it would be useful for ldap20:51
ayoungit is not an LDAP specific tool20:51
termienewLDAP can be based on it20:51
termieLDAPlite20:52
bknudsonLDAPv320:52
*** portante|ltp has joined #openstack-dev20:52
ayoungtermie, say you get attributes in one format, the attribute mapper would say "oh, that means he gets the 'ugly' role in the 'pagent' project.20:52
termieayoung: yup, now just put ou= in front of one of those statements20:52
termieayoung: thanks for taking on LDAP-lite20:52
ayoungtermie, LDAP is just the current topic of conversation, but it would work for any of the variosu formate that people throw around20:53
bknudsonwhat other formats?20:53
termiedolphm_: alright guys, looks like ayoung has ldap-lite on his plate now20:53
*** prekarat has quit IRC20:53
termieso we just sprinkle deprecation warnings everywhere and punt on fixing this config polymorphism20:53
ayoungdolphm_, what problem were you trying to solve?20:54
termiedolphm_: also, i've noticed i can't yet -2 things20:54
termiedolphm_: who do i have to prod to resolve that20:54
dolphm_termie: umm, start with heckj20:55
termieweird, he is not at work today20:55
ayoungtermie, he works down the street from you, go knock his desk over20:55
termieayoung: actually he works about a 1000 miles from me20:56
ayoungtermie, I thought you were both in SF?  Oh, he's in Seattle, isn;t he?20:56
termieayoung: oue20:57
ayoungOK, knocking over his desk might be difficult20:57
termieayoung: i'll get an intern to do it20:57
dolphm_ayoung: termie: sounds like a challenge20:57
dolphm_and a new tradition20:57
termiedolphm_: deprecating things instead of fixing them?20:58
termiedolphm_: i like it20:58
ayoungdolphm_, so why are you looking to change the config type either to int or boolean?20:58
ayoungIS there a bug?20:58
ayoungOr is it just cleanup?20:58
*** rnirmal has quit IRC20:58
dhellmannmordred: ping?20:59
ayounghttps://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L412 right?20:59
*** markmcclain has quit IRC21:00
termieis there, like, a way we can tell people submitting patches for keystone to check their goddamn newlines and docstrings?21:00
termiewhere is justinsb21:00
termiei need termiebot back21:00
bknudsonayoung: it looks like that's only called if enabled_mask was not 0. It's 0 by default in the config21:01
dolphm_ayoung: i just open code reviews as a means of conversation21:02
ayoungbknudson, OK, so  enabled_mask is the indication that we are talking AD21:02
ayounganything in that mask means "yes, we are using a mask"21:02
ayoungbut the bitmask is applied to21:03
ayoungvalues['enabled_nomask']21:03
ayoungnot to value21:03
*** alop has joined #openstack-dev21:03
*** nati_ueno has joined #openstack-dev21:03
ayoungwhich looks like it will evaluate to a boolean expression21:03
dolphm_termie: write a gating job21:04
*** lmatter has joined #openstack-dev21:04
*** sandywalsh has quit IRC21:04
ayoungdolphm_, my guess is that Boolean is correct, not int.  And there will be one case in 1one million where they will need a value that is no True or False.21:04
termiedolphm_: how difficult is it to add that to specific projects?21:04
bknudsontermie: nova has all sorts of extra pep8 checks.21:04
ayoungBut, unlike the SQL backend, we can't control the schema, so we have the lowest common denominator here, which is a string21:05
bknudsonhttps://github.com/openstack/nova/blob/master/tools/hacking.py21:06
*** SergeyLukjanov has quit IRC21:06
*** pcm__ has quit IRC21:09
*** galstrom is now known as galstrom_zzz21:09
*** joesavak has quit IRC21:10
termieanybody know who Morgan Fainberg is? is he/she in this channel?21:11
needscoffeetermie: thats me21:11
*** needscoffee is now known as morganfainberg21:11
*** bdpayne has quit IRC21:12
morganfainbergneedscoffee was a nick for the openstack-nova "casual friday nick" entertainment.21:12
termiemorganfainberg: cool, i'm going to walk to another spot to work, but i have questions about your memcache thingee21:12
termiemorganfainberg: bonus points though for best commit message21:12
morganfainbergsure.  happy to discuss it with you.21:12
morganfainberghaha, thanks.  i figured it was ready for some discussion (hence the tossing it up to gerrit).21:13
termiecoolio, will be probably 15 minutes, the hill i am walking up is big :p21:13
dolphm_termie: morganfainberg: link?21:13
termiedolphm_: https://review.openstack.org/#/c/27597/21:13
morganfainberghehe sounds good, switching back to needscoffee nick:P21:13
*** morganfainberg is now known as needscoffee21:13
*** jeblair is now known as corvus21:14
termiedolphm_: also, heckj says he added me to the thingee or tried to on shitty airport wifi21:14
termiedolphm_: ~keystone-core or whatnot21:14
termiedolphm_: said you also had access to it21:14
dolphm_hmm, i did keystone-drivers21:14
thingeetermie: hrm?!21:14
termiei'm not sure what has to happen for launchpad to accept me as its master21:14
termiethingee: did i mention you?21:14
thingeetermie: no. no I guess not.21:15
*** harlowja_ has joined #openstack-dev21:15
*** sandywalsh has joined #openstack-dev21:15
*** eglynn has quit IRC21:15
v7_@david-lyle: Sorry, I was away and  Thanks !!! Enabling offline compressed did the job. Appreciate your help21:16
*** raycloud__ has joined #openstack-dev21:16
*** esp has joined #openstack-dev21:16
*** woodspa has quit IRC21:16
*** monst__ has joined #openstack-dev21:16
*** woodspa has joined #openstack-dev21:16
*** salv-orlando_ has joined #openstack-dev21:17
*** salv-orlando has quit IRC21:17
*** cyeoh has quit IRC21:17
needscoffeebe back in 5-10 mins, i need more coffee :P21:17
needscoffeefigure termie should be ready to talk around then.21:17
*** salv-orlando_ is now known as salv-orlando21:17
termiethingee: because i was thinking about you <321:17
termiebbiab21:17
*** bswartz has quit IRC21:17
*** PaulM has left #openstack-dev21:17
*** bswartz has joined #openstack-dev21:17
*** cyeoh has joined #openstack-dev21:18
*** galstrom_zzz is now known as galstrom21:18
*** harlowja has quit IRC21:18
*** harlowja_ is now known as harlowja21:18
*** monst_ has quit IRC21:18
*** raycloud_ has quit IRC21:19
*** monst__ has quit IRC21:19
*** kagan has joined #openstack-dev21:20
*** cp16net|away is now known as cp16net21:21
*** bswartz has quit IRC21:21
*** JonnyNomad has quit IRC21:22
*** JonnyNomad_ has joined #openstack-dev21:22
thingeetermie: 'steada treated21:22
*** bswartz has joined #openstack-dev21:23
*** lorin1 has quit IRC21:23
*** sandywalsh has quit IRC21:24
*** galstrom is now known as galstrom_zzz21:26
*** bdpayne has joined #openstack-dev21:27
*** jduhamel has joined #openstack-dev21:27
*** rmohan has quit IRC21:31
*** alop_ has joined #openstack-dev21:31
*** rmohan has joined #openstack-dev21:31
*** gordc has quit IRC21:32
*** alop has quit IRC21:33
*** alop_ is now known as alop21:33
*** seagulls has quit IRC21:34
*** jasondotstar has quit IRC21:34
*** dolphm_ has quit IRC21:35
*** redbeard2 has quit IRC21:36
*** cp16net is now known as cp16net|away21:36
*** sandywalsh has joined #openstack-dev21:37
*** stevemar has joined #openstack-dev21:37
*** dhellmann is now known as dhellmann-away21:38
*** woodspa has quit IRC21:39
termieI RETURN21:40
simowelcome back!21:40
*** Aarti has quit IRC21:40
termieneedscoffee: so, the main goal of this patch is to fix a bug related to trying to revoke too many tokens for a user?21:42
needscoffeetermie: the main goal of the patch is to address a problem that occurs (can occur with either user-record of tokens, which is more likely, or the revocation-list)21:43
termieneedscoffee: and this is due to us keeping our own index of user tokens?21:43
needscoffeebasically the memcache token driver doesn't know how to expire anything form those lists.  if you keep a list active and continually issue/revoke tokens, you will eventually fill a memcache page21:43
needscoffeeand yes, it is stemming from that21:44
termieneedscoffee: looks like this goes back to that ill-advised "list_tokens" call21:44
needscoffeea token list is needed if we can't programatically determine tokens if we want to expire them all on passwd change (etc)21:44
termieneedscoffee: there are other methods to accomplish that goal, for example,21:45
termieneedscoffee: a common way is to keep a user "version"21:45
*** kreddy1 has joined #openstack-dev21:45
termieand associate that version with tokens, so that if the user version is higher than the token the token is invalid21:45
*** CaptTofu has quit IRC21:45
termieneedscoffee: anyway, that that didn't come to mind is due to an sql-centric world view21:46
termieneedscoffee: that sort of bubbled up while i wasn't looking21:46
*** kreddy has quit IRC21:46
*** dolphm has joined #openstack-dev21:46
*** esheffield has quit IRC21:46
needscoffeetermie: but with PKI tokens, do we refer to keystone enough to enforce that? [i'll be honest, i was looking at the problem in context of what we have now]21:46
termieneedscoffee: well i don't know how well we can change the current way, if the actual api hasn't gained anything and these are just backend functions we have a chance21:47
needscoffeetermie: i'd much rather have a mechanism that just handles this as a side effect of the user changing.21:47
needscoffeee.g. what you described as a versioned user.21:47
termieaye, i'd like that as well21:47
termiedo you want to possibly look into that?21:47
termiesee whether the api calls somehow gained a list_tokens call as well21:48
termiebecause if they did we're somewhat screwed21:48
termieand are going to have to maintain an index anyway which is dumbbbb21:48
needscoffeetermie: sure.  I am pretty sure the only place that calls token_list is the part of keystone that invaildates the tokens when you make a user change.21:48
termieneedscoffee: that'd be lovely and would let us implement it in an easier way on the kvs side of the world21:49
dolphmneedscoffee: +121:49
termieneedscoffee: now, memcache is still weird to me21:49
termieneedscoffee: because if we are legitimately expecting things in there to last a long time i think we have a problem21:49
needscoffeein either case, due to compat we might need something like what i've proposed for grizzly, you will eventually (with any real consistent use) overflow a memcache page21:49
termieneedscoffee: is this a backport for grizzly?21:49
termiei don't honestly think most people running anything real want to use _just_ memcache for this stuff21:50
*** rmohan has quit IRC21:50
needscoffeeneedscoffee: this is fully compatible with grizzly provided i didn't mess anything up.21:50
*** rmohan has joined #openstack-dev21:50
needscoffeeerm.21:50
termie:)21:50
needscoffees/needscoffee/termie21:50
needscoffeewe ran into this in production with a client doing memcache tokens21:50
*** CaptTofu has joined #openstack-dev21:50
needscoffeebecause SQL was just bogging down the DB too much21:50
termieyeah, it doesn't look like it makes any db changes, eh21:50
*** jayg is now known as jayg|g0n321:50
*** kagan has quit IRC21:50
termiei am not against it as a stopgap for grizzly if that needs a bugfix or whatnot21:51
termiebut i think we can do much better21:51
needscoffeetermie: aye, especially being this early in the cycle.21:51
termieif we flip to a nosql way of thinking21:51
needscoffeewhcih for tokens, is completly valid21:51
* termie waits for some buzzer to go off and summon justinsb21:51
openstackgerritA change was merged to openstack/swift: copy X-Delete-At unless X-Fresh-Metadata: true is supplied on an object copy  https://review.openstack.org/2402221:52
needscoffeei'll dig into keystone here and see if we can do this with versioned user data instead.21:52
termieanyway, i'd much rather see the patch for versioned users and a check against that before saying a token is valid21:52
needscoffeeand i'll be honest, a CRL has other issues21:52
termieespecially in volatile memory ;)21:53
needscoffeeyeah21:53
needscoffeeexactly21:53
termieso, an old idea we had21:53
termiewas that the driver impls would be degradable21:53
*** kbringard has quit IRC21:53
termieso you could implement level 1, 2, or 3 of the api, for example21:53
termiemaybe one is read-only for tokens and just expects to pass on to another backend, maybe another one supports CRL or something, maybe you can mixin impls of different kinds to provide for example, memcache that backs on to sql afterwards21:54
needscoffeeoh. interesting21:54
termiethe idea being that memcache isn't really approrpriate for lots of stuff, but is not bad for some stuff21:55
termieif you need CRLs you want to use the drivers that support CRLs21:55
termiethat sort of idea21:55
termiei think PKI probably could have been done in a more encapsulated way21:55
needscoffeethat makes a lot of sense.21:55
termieso that it feels more separate21:55
termiewhich would make it easier to say "i don't need this, don't make me support it with my backend"21:56
needscoffeeyeah, that is a good approach21:56
termiefor example, i have a cassandra backend floating around, it would be great to be able to propose a level 1 implementation21:56
*** alop has quit IRC21:56
termieand then add to it later as required21:56
termiebecause all my stakeholders need is a subset of functionality21:57
termieanyway, something to think about for all you people out there21:57
needscoffeeyeah.  and just be smart about handling not-impl aspects of level2/321:57
needscoffeefor a given driver.21:57
termiecomposability++21:57
*** cp16net|away is now known as cp16net21:58
needscoffeei'll do some digging into what we _actually_ have to support here and stew on this convo some21:58
needscoffeesounds like there will need to be a couple blueprints added21:58
needscoffee(regardless of full implementation of the solution)21:58
termieblueprints are mostly busy work21:58
termieftr21:58
openstackgerritA change was merged to openstack-dev/devstack: Move ec2authtoken config from paste.ini to conf  https://review.openstack.org/2751721:58
openstackgerritA change was merged to openstack-dev/devstack: Install api-paste.ini and policy.json  https://review.openstack.org/2751821:58
needscoffeei wasn't sure how keystone views them overall.21:59
termiebut a design doc for stuff can help you from explaining things repeatedl21:59
needscoffeei know nova is a bit tighter about it.21:59
termiei am okay with requiring blueprints, but people tend to think writing a blueprint means their idea is accepted21:59
needscoffeebut i mean from a design doc standpoint more than functially what a blueprint in LP is21:59
*** stevemar has quit IRC21:59
termieand i'd rather think of a world in terms of design docs21:59
*** ewindisch has quit IRC22:00
needscoffeewell i'll come up with a design doc of some implementation of this stuff and toss that in a BP.22:00
needscoffeeso it's easy to reference22:00
termieanyway, if you want to do the research i'd be happy to collaborate on it22:00
dolphmtermie: launchpad actually provides a distinction between "the general direction of this bp is approved" vs "the details of this blueprint are approved"22:00
*** eharney has quit IRC22:00
needscoffeeyeah, i'll get some research done here and we'll see what is expected.22:00
*** CaptTofu has quit IRC22:00
termiedolphm: its a bureaucrats too22:01
termietool22:01
needscoffeeat the very least i'll get this fix proposed for grizzly to fix the immidiate bug, and aim to work with you on the better design for Havana22:01
*** bknudson has quit IRC22:01
dolphmi'd rather spend time in gerrit personally22:02
needscoffeedolphm: it's how we work internally here at metacloud.22:02
termiedolphm: ditto22:02
needscoffeewe have bugs/tickets just for tracking (e.g. this is on a roadmap) and the real work is in our gerrit.22:02
termiedolphm: heckj says i'm in the core and the drivers now22:02
dolphmtermie: i got an email that you are22:03
termiedolphm: but i still don't have any magic powers22:03
termiedolphm: i logged out and back in22:03
needscoffeetermie: you always had magic powers.22:03
*** armax has quit IRC22:03
termieneedscoffee: it comes from talking loudly22:03
rustlebeeCore has to be updated in gerrit itself now, not just launchpad22:03
needscoffeetermie: hehe.22:04
rustlebeeFYI in case that is the issue22:04
termierustlebee: aha22:04
termierustlebee: are you russel b ?22:04
rustlebeeI am22:04
rustlebeeThis is my Friday nick22:04
rustlebeeCasual nick Friday.22:04
needscoffeeSteely_Dan convinced me to join them on the Friday nick thing ;)22:05
termieah, i'm in too many channels for that to work :/22:05
needscoffeetermie: i think i almost confused some of the saltstack people.22:06
needscoffeewhen i changed nicks.22:06
rustlebeePart of the fun22:06
*** katylava has quit IRC22:07
*** jvrbanac has quit IRC22:08
*** termie is now known as termeye22:08
termeyefuck it22:08
*** tzumainn has quit IRC22:09
*** alop has joined #openstack-dev22:09
needscoffeeLOL nice.22:12
*** portante|ltp has quit IRC22:12
*** jecarey has quit IRC22:12
*** alop_ has joined #openstack-dev22:13
*** alop has quit IRC22:14
*** alop_ is now known as alop22:14
*** sandywalsh has quit IRC22:15
*** nati_ueno has quit IRC22:15
*** galstrom_zzz is now known as galstrom22:15
termeyeoooo i just found out where i _am_ core22:16
termeyegonna go -2 some devstack stuff22:16
*** kreddy1 has quit IRC22:16
termeyedolphm: i wonder how you update the groups in gerrit...22:17
*** datsun180b has quit IRC22:18
dolphmtermeye: ooh, i can do that!22:18
termeyebooms22:18
termeye-2 COMING UP22:18
needscoffeetermeye: suddenly i'm glad i stay out of devstack development :P22:19
termeyetake that moving tests around patch22:19
*** andrew_plunk has quit IRC22:19
dolphmlol22:21
needscoffee*snicker*22:21
*** epim has quit IRC22:21
*** cloudchimp has quit IRC22:21
termeyedolphm: nice work having jenkins hate all your patches22:22
needscoffeeis it really work to make jenkins hate your patches?  I mean… jenkins is just ornery to begin with.22:23
termeyewow, am i finally done looking at code reviews for the day? time to look at my ownn code22:23
needscoffeelol22:23
*** galstrom is now known as galstrom_zzz22:23
termeyedolphm: where's your casual friday nick?22:23
*** dolphm is now known as dolphin22:24
*** jasdeepH has joined #openstack-dev22:24
termeyeYES22:24
termeyedolphin: <322:24
*** rmohan has quit IRC22:24
*** erfanian has quit IRC22:25
dolphini can't tell the difference between people saying "Dolph M." and "dolphin" anyway22:25
*** rmohan has joined #openstack-dev22:25
openstackgerritA change was merged to openstack/nova: Refactor _run_instance() to unify control flow  https://review.openstack.org/2737322:25
*** jclift has quit IRC22:27
*** PaulM has joined #openstack-dev22:28
*** PaulM has left #openstack-dev22:28
openstackgerritA change was merged to openstack/nova: Send a instance create error notification  https://review.openstack.org/2756122:31
*** garyTh has quit IRC22:32
*** giulivo has quit IRC22:32
*** ek6 has joined #openstack-dev22:32
termeyeso, i get an error on test_create_trust_400 but then the whole test runner seems to think nothing failed22:33
*** sandywalsh has joined #openstack-dev22:34
termeyelooking forward to none of that code existing22:34
*** markmcclain has joined #openstack-dev22:34
*** mgiles has joined #openstack-dev22:34
*** hemna is now known as hemnafk22:34
*** ek6_ has quit IRC22:36
dolphintermeye: a bunch of the nose.exc.SkipTests are shown as errors with the --openstack-whatever option for nose22:36
dolphinsome are SKIP some are ERROR22:36
termeyedolphin: hmm, i only see one22:36
termeyedolphin: the rest are all skip22:36
termeyedolphin: and everything else in that file passes22:37
dolphintermeye: all the skips in test_keystoneclient[_sql] are shown as ERROR's for me22:37
termeyenot a huge issue at current since it doesn't affect my code but disturbing22:37
dolphineverything in test_backend shows as SKIP22:37
dolphinsame here22:38
*** andrewbogott is now known as andrewbogott_afk22:38
*** sacharya has quit IRC22:38
*** kagan has joined #openstack-dev22:39
termeyeweeeeirddd22:41
termeyeoh, got a failure22:41
termeye(i asn't running integration tests)s22:41
termeyethis feels new to me22:41
*** lglenden has quit IRC22:41
termeyedid this start happening recently?22:41
termeyei feel like i would have noticed big red ERRORs before22:41
termeyewee, a variety of weird stuff fails that way22:43
*** andrewbogott_afk is now known as andrewbogott22:43
termeyewell, that's always a fun time22:43
*** rcleere has quit IRC22:44
*** giulivo has joined #openstack-dev22:44
*** dims has quit IRC22:47
*** lmatter has quit IRC22:48
*** zaneb has joined #openstack-dev22:49
mordredany oslo.config folks around?22:49
*** vipul is now known as vipul|away22:49
*** rerngvit_ has joined #openstack-dev22:49
*** vipul|away is now known as vipul22:50
mordredI'm looking for a way to do this: https://review.openstack.org/#/c/24582/10/ceilometer/central/manager.py that actually works22:50
mordredapparently import_opt doesn't work because it's a cli option?22:50
clarkbwhere is it defined? if your import that was removed defines the options you still need to import that code I think22:52
mordredclarkb: so, import_opt does the import under the covers22:52
clarkbthis is a common problem for why a lot of unittests often can't be run in isolation. they depend on options that are defined in code that is never imported22:52
clarkbmagic22:52
mordredclarkb: but it seems in this case that the cli opts become unhappy22:52
*** zb has joined #openstack-dev22:53
mordredclarkb: which means we wind up with magical modules that have to be imported for things to work but which are not actually used other than the import22:53
mordredwhich is batshit22:53
mordredbut other than judging that choice - I'd like to figure out how to sort it out22:53
*** zaneb has quit IRC22:54
clarkbmordred: does it work if you manually import the source module?22:55
clarkbmaybe the magic can't find the source module in the case of cli modules?22:55
mordredclarkb: yeah. that's the line I was trying to get rid of22:56
clarkber cli options22:56
clarkbI know22:56
mordredclarkb: but looking at the code, it seems that it _should_ work regardless of cli-ness22:56
*** v7_ has quit IRC22:56
*** nati_ueno has joined #openstack-dev22:58
*** zbitter has joined #openstack-dev22:59
*** dims has joined #openstack-dev23:00
*** zb has quit IRC23:00
*** zb has joined #openstack-dev23:01
*** rmohan has quit IRC23:02
*** zbitter has quit IRC23:02
*** rmohan has joined #openstack-dev23:02
*** FunnyLookinHat has quit IRC23:03
*** aloga has quit IRC23:03
*** rerngvit_ is now known as rerngvit23:04
*** plemahieu has quit IRC23:09
*** zb has quit IRC23:10
*** lloydde has quit IRC23:11
*** rerngvit has quit IRC23:13
openstackgerritA change was merged to openstack/nova: set bdm['volume_id'] to None rather than delete it  https://review.openstack.org/2705623:15
*** vipul is now known as vipul|away23:15
*** vipul|away is now known as vipul23:16
*** afazekas has quit IRC23:17
*** llirkaz has quit IRC23:18
*** esp has left #openstack-dev23:18
*** rmohan has quit IRC23:19
*** alop has quit IRC23:19
*** david-lyle has quit IRC23:19
*** thariman has joined #openstack-dev23:23
*** mgiles has quit IRC23:23
*** lmatter has joined #openstack-dev23:25
*** devoid has quit IRC23:26
*** thariman has quit IRC23:30
*** kreddy has joined #openstack-dev23:30
*** terryh has quit IRC23:30
*** zaneb has joined #openstack-dev23:30
*** markwash has quit IRC23:34
*** zb has joined #openstack-dev23:34
*** ewindisch has joined #openstack-dev23:36
termeyei wonder how stevemar was testing this, because it looks to me like the last line i wrote never got terminated23:36
*** zaneb has quit IRC23:37
*** zaneb has joined #openstack-dev23:37
*** bdpayne has quit IRC23:39
*** zb has quit IRC23:40
*** lloydde has joined #openstack-dev23:41
*** bmclaughlin has quit IRC23:41
*** timello has joined #openstack-dev23:42
*** zaneb has quit IRC23:42
*** yjiang5 has joined #openstack-dev23:43
termeyeactually now i am wondering whether i never pushed a bunch of changes23:43
termeyebecause _i_ tested this and there is code that never would have worked23:44
*** kreddy has quit IRC23:44
*** galstrom_zzz is now known as galstrom23:48
*** sudorandom has quit IRC23:50
*** lmatter has quit IRC23:50
*** enikanorov-w has quit IRC23:52
*** timello has quit IRC23:52
*** enikanorov-w has joined #openstack-dev23:53
*** pixelbeat has quit IRC23:55
*** Mandell has quit IRC23:56
*** READ10 has quit IRC23:58
*** matiu has joined #openstack-dev23:59
*** matiu has quit IRC23:59
*** matiu has joined #openstack-dev23:59
« Thursday, 2013-04-25 Index Saturday, 2013-04-27 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!