Thursday, 2013-08-08

*** vipul is now known as vipul-away		00:01
*** danwent has quit IRC		00:02
*** alunch has joined #openstack-dev		00:05
*** hemna is now known as hemnafk		00:05
*** cthulhup has quit IRC		00:07
*** sarob has quit IRC		00:12
*** sarob has joined #openstack-dev		00:12
*** arosen1 has quit IRC		00:13
*** krtaylor has joined #openstack-dev		00:14
*** sarob has quit IRC		00:15
*** adjohn has joined #openstack-dev		00:15
*** adjohn has quit IRC		00:17
*** adjohn has joined #openstack-dev		00:17
*** adjohn_ has joined #openstack-dev		00:18
*** woodspa has joined #openstack-dev		00:18
*** arosen1 has joined #openstack-dev		00:19
*** adjohn has quit IRC		00:22
*** woodspa has quit IRC		00:22
*** adjohn_ has quit IRC		00:23
*** woodspa has joined #openstack-dev		00:23
*** diogogmt has quit IRC		00:23
*** wu_wenxiang has quit IRC		00:24
*** adjohn has joined #openstack-dev		00:25
*** adjohn has quit IRC		00:25
*** lexinator has quit IRC		00:25
*** sarob has joined #openstack-dev		00:26
openstackgerrit	A change was merged to openstack/swift: Use /var/run/syslog on macosx for syslog tests. https://review.openstack.org/39325	00:27
*** danwent has joined #openstack-dev		00:28
*** nijaba has quit IRC		00:28
*** kenperkins has joined #openstack-dev		00:29
*** adjohn has joined #openstack-dev		00:29
*** nijaba has joined #openstack-dev		00:29
*** lbragstad_ has joined #openstack-dev		00:31
*** nachi has joined #openstack-dev		00:32
*** nachi_ has joined #openstack-dev		00:32
*** adjohn has quit IRC		00:32
*** sarob_ has joined #openstack-dev		00:33
*** nachi_ has quit IRC		00:34
*** arosen2 has joined #openstack-dev		00:34
*** lexinator has joined #openstack-dev		00:35
*** adjohn has joined #openstack-dev		00:36
*** sarob has quit IRC		00:37
*** adjohn has quit IRC		00:37
*** sarob_ has quit IRC		00:37
*** arosen1 has quit IRC		00:37
*** epim has quit IRC		00:38
SpamapS	mordred: https://review.openstack.org/#/c/40330 .. wondering.. what is OpenStack's take on relicensing things from other projects (MIT license so it is allowed)?	00:38
clarkb	SpamapS: good question. I have heard rumblings the CLA may make it more complicated than that...	00:40
ayoung	nachi, yeah...just putting the kids to bed. A task that is quite possible NP Complete	00:40
*** bdpayne has quit IRC		00:42
*** vipul-away is now known as vipul		00:43
*** rwsu is now known as rwsu-away		00:44
nachi	ayoung: thanks for getting back..	00:45
*** gmurphy has joined #openstack-dev		00:46
*** gmurphy_ has quit IRC		00:46
nachi	i have a question on the following test http://paste.openstack.org/show/M77aoPWajXHmL3iUBmpU/	00:46
nachi	i get the error as "IntegrityError: (IntegrityError) (1452, 'Cannot add or update a child row: a foreign key constraint fails (`keystone`.`#sql-46b_84`, CONSTRAINT `credential_project_id_fkey` FOREIGN KEY (`project_id`) REFERENCES `project` (`id`))') 'ALTER TABLE credential ADD CONSTRAINT credential_project_id_fkey FOREIGN KEY(project_id) REFERENCES project (id)' ()"	00:46
*** adjohn has joined #openstack-dev		00:46
nachi	the migration script 23 should have removed the foreign key constraint right?	00:47
nachi	ayoung: I just tried to reproduce the error which bknudson gave as review comment	00:48
nachi	ayoung: i am running the test against mysql	00:50
*** mmoya has quit IRC		00:54
*** markwash has quit IRC		00:57
*** xmltok has quit IRC		00:59
*** jbresnah has quit IRC		01:00
*** wenjianhn has joined #openstack-dev		01:01
*** adjohn has quit IRC		01:02
*** Ryan_Lane has joined #openstack-dev		01:08
*** alunch has quit IRC		01:08
*** adjohn has joined #openstack-dev		01:11
*** kenperkins has quit IRC		01:12
*** rcleere has joined #openstack-dev		01:12
*** arosen1 has joined #openstack-dev		01:12
*** arosen2 has quit IRC		01:13
*** svarnau has quit IRC		01:16
*** stevemar has joined #openstack-dev		01:17
*** adjohn has quit IRC		01:17
*** jecarey has joined #openstack-dev		01:18
ayoung	nachi, It might be innodb madness again or something.	01:19
ayoung	which review nachi ?	01:19
nachi	ayoung: https://review.openstack.org/#/c/38367/	01:19
ayoung	do the migration in one script and the drop in another.	01:20
*** stevemar has quit IRC		01:20
*** xchu has joined #openstack-dev		01:21
*** stevemar has joined #openstack-dev		01:21
nachi	ayoung, are you talking about the test	01:21
ayoung	jamielennox, org unit is no longer used	01:21
ayoung	nachi, no the migration	01:22
jamielennox	ayoung: that's nice in theory but the code disagrees	01:22
*** simonluo has joined #openstack-dev		01:22
openstackgerrit	A change was merged to openstack/oslo.messaging: Use testtools.TestCase assertion methods https://review.openstack.org/40552	01:22
jamielennox	or am i inheritting bad LDAP querys?	01:23
ayoung	jamielennox, no, I mean that should not be used. IfIt is it is a bug	01:23
*** adjohn has joined #openstack-dev		01:25
openstackgerrit	A change was merged to openstack/oslo-incubator: Add common part of test-related tools to oslo https://review.openstack.org/32120	01:25
ayoung	jamielennox, the Org Unit stuff was a stop gap for the multi domain support in LDAP, but I thought we got rid of all of that	01:25
openstackgerrit	A change was merged to openstack/oslo-incubator: Move sqlalchemy migration from Nova https://review.openstack.org/31930	01:26
*** woodspa_ has joined #openstack-dev		01:26
jamielennox	ayoung: ok, so keystone/identity/backends/ldap.py:230 - lets you set which attribute to use for domain_id	01:27
openstackgerrit	A change was merged to openstack/oslo-incubator: Helper function to sanitize db url credentials https://review.openstack.org/39436	01:27
*** woodspa_ has quit IRC		01:27
*** zaitcev has quit IRC		01:28
jamielennox	so i still have that set to ou, i can't remember where i got these LDAP config strings - i think it was probably you	01:28
*** nijaba has quit IRC		01:29
jamielennox	ayoung: so should we even be supporting that as an option?	01:29
*** nijaba has joined #openstack-dev		01:30
*** terriyu has quit IRC		01:30
*** freedomhui has joined #openstack-dev		01:30
*** adjohn has quit IRC		01:30
*** woodspa has quit IRC		01:30
*** adjohn has joined #openstack-dev		01:30
*** danwent has quit IRC		01:32
openstackgerrit	A change was merged to openstack/oslo-incubator: Fix missing argument bug in oslo common policy https://review.openstack.org/39692	01:32
*** nati_ueno has quit IRC		01:34
*** epim has joined #openstack-dev		01:34
ayoung	jamielennox, no, that should be gone	01:36
openstackgerrit	A change was merged to openstack/neutron: Fix BigSwitch plugin to handle device_id re-use in porttracker code https://review.openstack.org/40502	01:36
jamielennox	ayoung: can i leave it with you to bug & fix, i'm not up to speed enough on the ldap side of things	01:37
*** gongysh has joined #openstack-dev		01:37
ayoung	jamielennox, yes, please file the bug and assign to me	01:38
ayoung	nachi, no, I was saying that do the migration from one table to another in one migration, and do the drop table in the next migration	01:39
*** ljjjustin has joined #openstack-dev		01:39
nachi	ayoung, ok.	01:39
nachi	ayoung, i am getting the same error when i run the test against postgresql	01:39
ayoung	nachi, that doesn't solve your problem, though	01:39
ayoung	nachi, paste the error, please?	01:39
*** Ryan_Lane has quit IRC		01:41
*** adjohn has quit IRC		01:41
nachi	ayoung, http://paste.openstack.org/show/DoSRHnxd2T9RgSla3Pjn/	01:42
*** lexinator1 has joined #openstack-dev		01:43
nachi	ayoung, the test i am running is http://paste.openstack.org/show/M77aoPWajXHmL3iUBmpU/	01:43
*** lexinator has quit IRC		01:43
*** briancurtin has joined #openstack-dev		01:44
*** Madkiss has quit IRC		01:44
jamielennox	ayoung: https://bugs.launchpad.net/keystone/+bug/1209440 - i don't have privileges to assign it to you	01:44
uvirtbot	Launchpad bug 1209440 in keystone "LDAP identity still allows setting domain via attribute" [Undecided,New]	01:44
openstackgerrit	A change was merged to openstack/python-keystoneclient: Merge from Oslo-Incubator https://review.openstack.org/38024	01:45
openstackgerrit	A change was merged to openstack/python-novaclient: Do not restrict flavor to only ID and integers https://review.openstack.org/40610	01:46
*** adjohn has joined #openstack-dev		01:46
*** erkules has quit IRC		01:47
*** erkules has joined #openstack-dev		01:48
*** lexinator1 has quit IRC		01:50
*** jbresnah has joined #openstack-dev		01:50
*** adjohn has quit IRC		01:50
*** SumitNaiksatam has quit IRC		01:53
*** andrewbogott_afk is now known as andrewbogott		01:54
*** armax has quit IRC		01:56
*** noslzzp has quit IRC		01:56
*** erkules_ has joined #openstack-dev		01:56
*** adjohn has joined #openstack-dev		01:56
*** erkules has quit IRC		01:59
*** tonix has quit IRC		02:00
ayoung	nachi, yes that is explicitly what migration 23 is supposed to remove	02:00
*** erkules_ is now known as erkules		02:00
ayoung	nachi, it may well be that the mysql code is wrong for finding the constraints	02:01
*** epim has quit IRC		02:01
*** mfer has joined #openstack-dev		02:01
nachi	ayoung, how about postgresql	02:01
*** wenjianhn has quit IRC		02:01
nachi	ayoung, i am getting the same error on that.	02:02
ayoung	nachi, I tested this on both, so I am not sure	02:02
ayoung	I tested both mysql and postgres back when this was up for review	02:02
*** mfer has quit IRC		02:02
ayoung	nachi, can you step through this? Can you see the list of constraints getting generated>	02:02
nachi	ayoung, ok. i will debug. I was trying to login to postgresql database and look at the schema for the tables after the migration is completed.	02:03
nachi	i am new to using postgresql	02:03
ayoung	nachi, there I can help	02:04
nachi	i was not sure about the sql commands and how to use postgresql client	02:04
* yuan is away: I'm away		02:04
ayoung	nachi psql	02:04
nachi	psql -d keystone -U keystone -W	02:04
*** malini1 has quit IRC		02:05
ayoung	nachi, I need to make sure mine is working, as I upgrade my machine recently	02:05
nachi	psql: FATAL: Peer authentication failed for user "keystone"	02:05
*** yaguang has joined #openstack-dev		02:05
ayoung	nachi, I was using -H I think,m but I have notes	02:05
ayoung	nachi, how did you set up postgres?	02:06
jamielennox	ayoung: when you're finished i would be interested in your opinion on the validating UUIDs with v3 i posted to -dev last night	02:06
nachi	ayoung, i followed the jamielennox http://paste.openstack.org/show/39892/	02:07
ayoung	nachi, http://adam.younglogic.com/2013/02/puppet-postgresql-keystone/	02:07
ayoung	that is what I did, but let me re-execute it	02:08
nachi	ayoung, can you check the credential table schema after the migration	02:08
nachi	ayoung, i will read your blog	02:08
ayoung	nachi, of course, when I run it now, I get a stack trace in Ruby	02:09
ayoung	jamielennox, link?	02:10
jamielennox	ayoung: http://lists.openstack.org/pipermail/openstack-dev/2013-August/013225.html	02:11
*** pixelbeat has quit IRC		02:11
*** adjohn has quit IRC		02:12
ayoung	jamielennox, wanna see something pretty? http://fpaste.org/30737/13759279/ yum failure installing a ruby dependency	02:12
*** alunch has joined #openstack-dev		02:12
jamielennox	nachi, that might be failing to connect to postgres because it will try to use the socket rather than the host connection	02:13
nachi	yeah i am able to connect now.	02:13
ayoung	jamielennox, so, I think that anyone should be able to validate a token.	02:13
*** zul has quit IRC		02:14
jamielennox	ayoung: Failed and Complete? nice	02:14
ayoung	jamielennox, it really is just the verification of data with a public key...and the data is public	02:14
ayoung	yeah...bad mirror?	02:14
jamielennox	no idea, i try not to use the rpm packages if i can avoid it	02:14
jamielennox	so in the past we have always said that validating a token is a priviledge api, and the policy says you need is_admin	02:15
ayoung	jamielennox, aah, directory was in the way...gem probably did that	02:15
ayoung	worked once I rm ed it	02:15
jamielennox	but i guess my question is what does admin mean in the case of domains? How do we have one auth_token user that can validate tokens across all domains?	02:17
ayoung	jamielennox, is this UUID access to the Keystone server?	02:18
*** medberry_ has quit IRC		02:18
jamielennox	mm, not access	02:18
ayoung	jamielennox, I mean, access for validating a UUID token	02:18
jamielennox	it's POST /auth/token so X-Auth-Token is me and i'm validating X-Subjec-Token	02:18
*** SumitNaiksatam has joined #openstack-dev		02:19
jamielennox	so the auth_token user should have a valid token to present	02:19
jamielennox	i hate this scoped vs unscoped	02:20
ayoung	jamielennox, ignore that for now	02:20
ayoung	the question is should everyone have access to that function?	02:20
ayoung	and really, why not	02:20
ayoung	the real damage is done when they got your token	02:20
jamielennox	I'm really not sure what damage they could do given that if you use PKI you can validate someone elses	02:21
ayoung	not asking Keystone : what roles does this guy have	02:21
*** sarob has joined #openstack-dev		02:21
*** emagana has quit IRC		02:21
ayoung	nachi, my machine is a mess.	02:21
ayoung	jamielennox, so, I would say that any authenticated user should be able to validate a token under some circumstances. Now, unscoped don't have roles, so youare saying "how to we limite access for servcies"	02:23
*** Ryan_Lane has joined #openstack-dev		02:24
ayoung	good question, and we don't have an answer yet	02:24
*** wenjianhn has joined #openstack-dev		02:24
ayoung	in other words, sure a domain scoped token could have a role that we use to validate tokens for that domain	02:24
ayoung	but unscoped...really means keystone scoped, or service scoped	02:24
jamielennox	right, so i guess we need the concept of putting roles on an unscoped token	02:25
jamielennox	these are your roles within keystone	02:26
*** melwitt has quit IRC		02:26
nachi	ayoung, ok. i ran the migration script on master branch. I checked the schema for credential table in postgresql. there is no foriegn key constraint	02:26
*** epim has joined #openstack-dev		02:26
*** neelashah has joined #openstack-dev		02:27
*** bswartz1 has joined #openstack-dev		02:27
*** jimjiang_ has joined #openstack-dev		02:28
ayoung	nachi, so it is something from your code?	02:29
ayoung	hmmm	02:29
*** nijaba has quit IRC		02:29
*** nijaba has joined #openstack-dev		02:30
*** nijaba has joined #openstack-dev		02:30
*** bswartz has quit IRC		02:30
nachi	ayoung, i have to debug. but the error says, there is a foreign key constraint. In the test i am upgrade to version 30 and then insert values into the credential table	02:30
ayoung	jamielennox, so the way they did this in the past is there was an admin project (tenant)	02:30
*** bswartz1 is now known as bswartz		02:30
ayoung	jamielennox, not sure if that is a viable solution	02:31
jamielennox	ayoung: so i think i mentioned a solution like that in my email	02:31
jamielennox	hmm, maybe not, but i was thinking it	02:31
ayoung	jamielennox, I think for most cases it would be fine. With multi domain, I think it would work around and LDAP read only issues	02:31
ayoung	so you could put all of the service users in a service domain outside of LDAP and inside an admin project	02:32
jamielennox	how do you manage the users of the admin domain then?	02:32
ayoung	jamielennox, direct sql access?	02:32
jamielennox	ahh, admin project - i can't remember do projects span domains	02:32
jamielennox	?	02:32
ayoung	no	02:32
ayoung	admin domain is also a good approach	02:33
*** jecarey has quit IRC		02:33
ayoung	no need for an admin project as well...but either way	02:33
jamielennox	only in the situation where you then have a backend for your admin users	02:33
jamielennox	which is going to rely on something like the discussed identity backend per domain	02:34
ayoung	nachi, there are weird aspects of migrations. It might be that some transaction has not committed and is holding on to old meta data.	02:34
*** wenjianhn has quit IRC		02:34
ayoung	jamielennox, yes, that is what I meant	02:34
ayoung	multi-domain	02:34
ayoung	short hand for the cool work that Henrynash is doing	02:34
nachi	ayoung, ok. I will continue debugging after dinner.	02:35
jamielennox	yea, i saw a bit of it, but i still get a little lost about what is scoped to what	02:35
*** sarob has quit IRC		02:35
*** sarob has joined #openstack-dev		02:36
jamielennox	so what it means though in terms of authenticating a user with V3 we don't really have a means of using that user to do UUID token validation as things are	02:36
ayoung	nachi, so everything works except the drop, right?	02:36
ayoung	jamielennox, not today, short of saying they need admin on the default domain or something	02:37
ayoung	but that won't be in an unscoped token...they would need to get a token scoped to the default domain, which should be OK	02:37
jamielennox	which means (whilst not useless) all this stuff i've been doing to get auth_token to use a v3 client is just not going to work	02:37
ayoung	jamielennox, I think that 'admin on default domain' is what we discussed before.	02:39
ayoung	It is a policy rule, and we just need to come up with a reasonable default, but something that people could modify in deployment	02:40
jamielennox	is that what will be scoped by using a V2 token anyway?	02:40
*** sarob has quit IRC		02:40
ayoung	jamielennox, V2...no, as there are no global roles, and the v2 api doesn't know about domains. It would have to be a v3 token	02:41
jamielennox	right, but if i use a V2 token against a V3 api as auth_token currently does then technically that token should be scoped to the default domain	02:42
jamielennox	though i'm going to assume that the policy check isn't smart enough to realize, and just gives it admin all over	02:42
nachi	ayoung, test to check conflicting credentials during migration fails against postgresql and mysql . All other tests as part of the review are fine.	02:42
openstackgerrit	A change was merged to openstack/swift: Assignment to reserved built-in symbol https://review.openstack.org/40084	02:43
*** maheshp has joined #openstack-dev		02:44
*** galstrom_zzz is now known as galstrom		02:45
openstackgerrit	A change was merged to openstack/neutron: Enable localizable REST API responses via the Accept-Language header https://review.openstack.org/39590	02:46
openstackgerrit	A change was merged to openstack/swift: Add missing copyright license headers https://review.openstack.org/40120	02:46
openstackgerrit	A change was merged to openstack/nova: Fix instance actions testing https://review.openstack.org/40648	02:46
*** zul has joined #openstack-dev		02:47
*** alexxu has joined #openstack-dev		02:47
*** martine has joined #openstack-dev		02:50
*** martine is now known as Guest64032		02:50
*** eharney has quit IRC		02:51
*** Guest64032 is now known as martine_		02:51
*** epim has quit IRC		02:53
*** galstrom is now known as galstrom_zzz		02:55
*** lexinator has joined #openstack-dev		03:01
*** galstrom_zzz is now known as galstrom		03:02
*** SergeyLukjanov has joined #openstack-dev		03:03
*** adjohn has joined #openstack-dev		03:07
*** jimfehlig has joined #openstack-dev		03:07
*** mdomsch has joined #openstack-dev		03:07
*** mdomsch has quit IRC		03:08
*** mdomsch has joined #openstack-dev		03:11
*** troytoman is now known as troytoman-away		03:11
ayoung	jamielennox, I think there is something about V2 only being default domain	03:12
ayoung	ask gyee as he knows this stuff cold, but look in the token factory/provider	03:13
*** jimjiang_ has quit IRC		03:13
*** yaguang has quit IRC		03:14
ayoung	jamielennox, the controller does the lookup before it gets to the provider	03:16
ayoung	https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L241 looks up name using the default domain	03:18
ayoung	https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L241 goes to identity API without domain specified	03:18
*** kenperkins has joined #openstack-dev		03:18
*** sthaha has joined #openstack-dev		03:19
ayoung	user ID is assumed to be global, so domain id is not checked.'	03:20
*** melwitt has joined #openstack-dev		03:21
*** wenjianhn has joined #openstack-dev		03:21
*** ayoung is now known as ayoung-zZzZzZz		03:21
*** HenryG has quit IRC		03:22
*** arosen1 has quit IRC		03:24
*** mdomsch has quit IRC		03:25
*** yaguang has joined #openstack-dev		03:26
*** mdomsch has joined #openstack-dev		03:26
*** turul_ has joined #openstack-dev		03:27
*** radsy has quit IRC		03:27
*** turul_ is now known as afazekas		03:28
*** nijaba has quit IRC		03:29
*** martine_ has quit IRC		03:29
*** nijaba has joined #openstack-dev		03:30
openstackgerrit	A change was merged to openstack/neutron: Fix two typos in routing table configuration https://review.openstack.org/40727	03:31
*** novas0x2a\|laptop has quit IRC		03:31
openstackgerrit	A change was merged to openstack/horizon: Allow translators to control the word order https://review.openstack.org/40390	03:32
*** sandywalsh has quit IRC		03:32
*** maheshp has quit IRC		03:33
*** jimfehlig has quit IRC		03:33
*** zul has quit IRC		03:33
*** Ryan_Lane has quit IRC		03:38
*** galstrom is now known as galstrom_zzz		03:38
*** neelashah has quit IRC		03:38
*** adjohn_ has joined #openstack-dev		03:39
*** Ryan_Lane has joined #openstack-dev		03:39
*** adjohn has quit IRC		03:42
openstackgerrit	A change was merged to openstack/horizon: Updates Topology to correctly handle resources in the INIT state. https://review.openstack.org/38534	03:43
*** sarob has joined #openstack-dev		03:46
*** maheshp has joined #openstack-dev		03:48
*** mdomsch has quit IRC		03:48
*** mdomsch has joined #openstack-dev		03:49
*** sarob has quit IRC		03:51
*** galstrom_zzz is now known as galstrom		03:51
*** mdomsch has quit IRC		03:52
*** wenjianhn has quit IRC		03:52
*** aditirav has joined #openstack-dev		03:56
*** jhesketh__ has quit IRC		03:56
*** aditirav has quit IRC		03:57
*** aditirav has joined #openstack-dev		03:58
*** danwent has joined #openstack-dev		03:58
*** galstrom is now known as galstrom_zzz		03:58
*** gmurphy has quit IRC		04:00
*** sthaha has quit IRC		04:00
*** sthaha has joined #openstack-dev		04:00
*** gmurphy has joined #openstack-dev		04:02
*** sandywalsh has joined #openstack-dev		04:06
*** gmurphy has quit IRC		04:06
*** andrewbogott is now known as andrewbogott_afk		04:17
*** Ryan_Lane has quit IRC		04:21
*** gmurphy has joined #openstack-dev		04:24
*** galstrom_zzz is now known as galstrom		04:26
*** gmurphy has quit IRC		04:26
*** maheshp has quit IRC		04:26
openstackgerrit	A change was merged to openstack/horizon: Ensure the user monkey patching is done for the API tests https://review.openstack.org/40656	04:26
*** sthaha has quit IRC		04:28
*** Ryan_Lane has joined #openstack-dev		04:30
openstackgerrit	A change was merged to openstack/nova: xenapi: Adding BitTorrent download handler https://review.openstack.org/37148	04:30
*** nijaba has quit IRC		04:30
*** nijaba has joined #openstack-dev		04:30
*** Ryan_Lane has quit IRC		04:31
*** Ryan_Lane1 has joined #openstack-dev		04:31
*** afazekas has quit IRC		04:31
*** galstrom is now known as galstrom_zzz		04:31
*** jhesketh_ has joined #openstack-dev		04:31
*** SergeyLukjanov has quit IRC		04:33
*** kenperkins has quit IRC		04:37
*** kenperkins_ has joined #openstack-dev		04:37
*** rcleere has quit IRC		04:37
openstackgerrit	A change was merged to openstack/nova: Raise 404 when instance not found in admin_actions API https://review.openstack.org/40070	04:38
openstackgerrit	A change was merged to openstack/nova: remove improper usage of 'assert' https://review.openstack.org/40094	04:39
*** rcleere has joined #openstack-dev		04:39
openstackgerrit	A change was merged to openstack/nova: Add expected_errors for extension Console v3 https://review.openstack.org/39038	04:40
*** ifarkas has quit IRC		04:41
*** briancurtin has quit IRC		04:41
openstackgerrit	A change was merged to openstack/glance: Raise jsonschema requirement https://review.openstack.org/40560	04:41
openstackgerrit	A change was merged to openstack/tempest: Remove duplicate image tests for tenant authZ https://review.openstack.org/39641	04:41
openstackgerrit	A change was merged to openstack/tempest: Flag InstanceCfnInitTestJSON as the first slow heat test https://review.openstack.org/40738	04:41
*** aditirav has quit IRC		04:42
*** aditirav has joined #openstack-dev		04:42
*** Ryan_Lane has joined #openstack-dev		04:43
*** boris-42 has joined #openstack-dev		04:43
*** Ryan_Lane1 has quit IRC		04:45
openstackgerrit	A change was merged to openstack/swift: Ensure http_connect is mocked out in tests https://review.openstack.org/40309	04:45
*** simonluo has quit IRC		04:48
*** nayward has joined #openstack-dev		04:49
*** iscsi has quit IRC		04:51
*** afazekas has joined #openstack-dev		04:52
*** alexxu has quit IRC		04:54
*** rcrit has quit IRC		04:55
*** maheshp has joined #openstack-dev		04:57
*** wenjianhn has joined #openstack-dev		04:57
*** sridevi has joined #openstack-dev		04:59
*** maheshp has quit IRC		05:05
*** rcleere has quit IRC		05:07
*** rcrit has joined #openstack-dev		05:07
*** kenperkins_ has quit IRC		05:09
*** cmark has joined #openstack-dev		05:10
openstackgerrit	A change was merged to openstack/nova: Make fake_instance handle security groups https://review.openstack.org/38209	05:11
openstackgerrit	A change was merged to openstack/nova: Pull out instance object handling for use by create also https://review.openstack.org/38892	05:11
*** gmurphy has joined #openstack-dev		05:11
*** alexxu has joined #openstack-dev		05:14
*** henrynash has joined #openstack-dev		05:15
*** Madkiss has joined #openstack-dev		05:19
*** Madkiss has joined #openstack-dev		05:19
*** alexxu has quit IRC		05:20
morganfainberg	jamielennox: hey man. i wanted to bounce something off you	05:20
jamielennox	morganfainberg: it's gotta be getting late for you	05:21
morganfainberg	jamielennox: phsaw, you should know better. i don't sleep ;)	05:21
*** maheshp has joined #openstack-dev		05:21
jamielennox	i normally give up on people being around at this time, i'll check on you from now on	05:21
jamielennox	but shoot	05:21
morganfainberg	jamielennox: (maybe i'd be better off living +10 GMT :P	05:22
*** networkstatic has quit IRC		05:22
morganfainberg	>.>	05:22
*** epim has joined #openstack-dev		05:22
jamielennox	that doesn't stop you going to bed later, it just puts you out of sync with a bunch of different people	05:22
*** lukego has joined #openstack-dev		05:23
morganfainberg	yeah so i saw you +1'd my code for the token interface within the providers, and thoughts on the splitting issue_<version>_token into separate provider functions such as issue_project_scoped (as dolph commented on the previous patchset)	05:23
morganfainberg	i'm seeing the need to duplicate code or.. put a rather hasty shim in above issue_v3_token to make everything work	05:23
morganfainberg	i wanted to see what you thought about that kind of change, e.g. if it was going to muck things up on the back end in the provider more than it was worth.	05:24
jamielennox	honestly that whole thing is a mess	05:24
morganfainberg	yeah. thats the problem	05:24
jamielennox	i'm not sure adding a issue_*_scoped will make any difference	05:25
jamielennox	any more than having optional domain=None and project=None	05:25
*** nayward has quit IRC		05:25
morganfainberg	i think the right fix is the one we're dodging around (and i'll propose for icehouse) - moving to a builder system	05:25
*** nayward has joined #openstack-dev		05:25
jamielennox	i think the right fix is moving to an object model based system, but that's a lot of work	05:26
morganfainberg	not to mention other cleanup (e.g. what you and ayoung talked about earlier scoped/unscoped/etc)	05:26
morganfainberg	yep.	05:26
morganfainberg	ok, cool. i think you and i are on the same page, i wanted to get a second brain to weigh in (outside of gerrit)	05:27
*** jackmccann has quit IRC		05:27
jamielennox	i think if you put in functions like issue_project_scoped then you will have to check whether project is set or not	05:27
morganfainberg	it makes the controller easier to understand… way easier, it doesn't solve the "mess"	05:27
jamielennox	so if project: issue_project_scoped elif domain issue_domain_scoped else: issue_unscoped	05:27
morganfainberg	in fact, it makes the provider worse imo	05:27
*** coolsvap has joined #openstack-dev		05:27
morganfainberg	yep	05:27
morganfainberg	if/elif/elif/else or some crummy dict lookup mechanism	05:28
morganfainberg	thanks. :) appreciate the insight	05:29
jamielennox	is it possible to split a v2 / v3 provider?	05:29
morganfainberg	jamielennox: there is no reason we cant. it's just another manager	05:30
jamielennox	no you would end up with v2UUID v3UUID and they would all provide the same thing	05:30
*** nijaba has quit IRC		05:30
morganfainberg	it wouldn't be hard to do something like provider.V2.<blah>	05:30
morganfainberg	but you'd still end up with dupe'd code	05:30
morganfainberg	or worse	05:30
jamielennox	but you need interoperability between v2 and v3, if you did that you might end up with v2 provider different from v3	05:30
morganfainberg	ah true.	05:31
jamielennox	not worth it	05:31
*** nijaba has joined #openstack-dev		05:31
*** nijaba has joined #openstack-dev		05:31
morganfainberg	ideally, it shouldn't matter what token data format, keystone should be able to extract the relevant information based upon it and reissue any other format	05:31
jamielennox	ideally to my mind we shouldn't have versioned token formats, so long as the provider can specify all the required data	05:32
morganfainberg	but it becomes a real nightmare when dealing with the auth_token middleware and third-party (e.g. nothing that would be submitted upstream) changes to the providers	05:32
morganfainberg	versioned token formats is fine. but only insomuch as to let the middleware or other interface know if it has the full dataset or if it needs to ask upstream for what is missing.	05:33
morganfainberg	(reverse compat)	05:33
jamielennox	yea, i've about had my fill of auth_token	05:33
*** alexxu has joined #openstack-dev		05:34
*** jswarren has quit IRC		05:34
morganfainberg	not surprising. it's the part that is the hardest (for me) to get my head wrapped around	05:34
morganfainberg	the rest of the client is surprisingly straightforward.	05:35
morganfainberg	(i say surprising because a lot of people shy away from all of the python-*client libs)	05:36
*** dina_belova has joined #openstack-dev		05:36
jamielennox	yea, if not overly helpful in some places. but i've only ever written test stuff with keystoneclient i've never had to actually work with it	05:36
jamielennox	the clients are generally not so glamorous and prone to get you in trouble for breaking the rest of the world	05:37
*** epim has quit IRC		05:37
*** garyk has joined #openstack-dev		05:37
morganfainberg	yeah. exactly	05:38
*** garyk has quit IRC		05:38
*** gkotton has joined #openstack-dev		05:38
*** gkotton is now known as garyk		05:38
*** dina_belova has quit IRC		05:38
*** andrewbogott_afk is now known as andrewbogott		05:40
*** giroro_ has quit IRC		05:41
*** Ruetobas has joined #openstack-dev		05:43
jamielennox	mordred: when you have a minute can you have a look at/rebase your https://review.openstack.org/#/c/40284/3 review, there will be a merge conflict in test-requirements.txt due to another patch that went through	05:46
*** jhesketh_ has quit IRC		05:46
*** jhesketh has quit IRC		05:46
*** obondarev_ has joined #openstack-dev		05:48
openstackgerrit	A change was merged to openstack/neutron: Change decorator to webob as doesn't need to be wsgi https://review.openstack.org/40291	05:50
*** ytwu has joined #openstack-dev		05:52
*** nachi has quit IRC		05:53
*** andrewbogott is now known as andrewbogott_afk		05:54
*** mikal has quit IRC		05:54
morganfainberg	jamielennox: have a great day. I think i'm going to wind down for the evening	05:55
jamielennox	morganfainberg: alright, i'll talk to you later	05:55
*** mikal has joined #openstack-dev		05:55
*** ytwu1 has joined #openstack-dev		05:56
*** ytwu has quit IRC		05:56
*** lukego has quit IRC		05:57
*** Ruetobas has quit IRC		05:57
*** Ruetobas has joined #openstack-dev		05:58
*** jhesketh_ has joined #openstack-dev		05:59
*** jhesketh has joined #openstack-dev		05:59
*** sshturm_ has quit IRC		05:59
*** ytwu has joined #openstack-dev		06:02
*** ytwu2 has joined #openstack-dev		06:05
*** ytwu1 has quit IRC		06:05
*** Ryan_Lane has quit IRC		06:06
*** ytwu has quit IRC		06:07
*** Ryan_Lane has joined #openstack-dev		06:10
*** ytwu has joined #openstack-dev		06:10
*** Ruetobas has quit IRC		06:11
*** ytwu2 has quit IRC		06:12
*** lukego has joined #openstack-dev		06:12
*** Ruetobas has joined #openstack-dev		06:13
*** lukego has quit IRC		06:16
*** ytwu1 has joined #openstack-dev		06:16
*** mmagr has joined #openstack-dev		06:17
*** ytwu has quit IRC		06:17
*** giroro_ has joined #openstack-dev		06:18
*** markmcclain has quit IRC		06:19
*** ytwu has joined #openstack-dev		06:20
*** Ruetobas has quit IRC		06:20
*** ytwu1 has quit IRC		06:20
*** bashok has joined #openstack-dev		06:23
*** ytwu1 has joined #openstack-dev		06:24
*** ytwu has quit IRC		06:24
openstackgerrit	A change was merged to openstack/keystone: Fix select n+1 issue in keystone catalog https://review.openstack.org/39386	06:25
*** ytwu has joined #openstack-dev		06:28
openstackgerrit	A change was merged to openstack/nova: Fix Instance objects with empty security groups https://review.openstack.org/39996	06:29
*** nijaba has quit IRC		06:30
*** ytwu1 has quit IRC		06:31
*** eglynn has joined #openstack-dev		06:31
*** nijaba has joined #openstack-dev		06:31
*** ytwu1 has joined #openstack-dev		06:31
*** tkammer has joined #openstack-dev		06:33
*** ytwu has quit IRC		06:33
*** ytwu has joined #openstack-dev		06:33
*** mrunge has joined #openstack-dev		06:34
*** alexxu has quit IRC		06:35
*** ytwu1 has quit IRC		06:36
*** ytwu1 has joined #openstack-dev		06:36
*** epim has joined #openstack-dev		06:37
*** ytwu has quit IRC		06:37
*** maheshp has quit IRC		06:39
*** ytwu has joined #openstack-dev		06:40
*** ytwu1 has quit IRC		06:41
*** alexxu has joined #openstack-dev		06:44
*** ytwu1 has joined #openstack-dev		06:44
*** ytwu has quit IRC		06:44
*** jprovazn has joined #openstack-dev		06:45
*** ytwu has joined #openstack-dev		06:47
*** aditirav_ has joined #openstack-dev		06:48
*** sthaha has joined #openstack-dev		06:48
*** ytwu1 has quit IRC		06:48
*** aditirav has quit IRC		06:50
*** aditirav_ is now known as aditirav		06:50
*** pabelanger has quit IRC		06:50
*** avishay has joined #openstack-dev		06:51
*** ytwu has quit IRC		06:52
*** ytwu has joined #openstack-dev		06:52
*** ytwu1 has joined #openstack-dev		06:55
*** aeperezt has quit IRC		06:56
*** ytwu has quit IRC		06:57
*** ema has joined #openstack-dev		06:59
*** ema has joined #openstack-dev		06:59
*** alexxu has quit IRC		06:59
jamielennox	henrynash: you here?	06:59
*** ytwu has joined #openstack-dev		07:00
*** xga has joined #openstack-dev		07:00
*** pnavarro has joined #openstack-dev		07:00
*** berendt has joined #openstack-dev		07:02
*** ytwu1 has quit IRC		07:02
henrynash	jamielennox: hi	07:02
*** ytwu1 has joined #openstack-dev		07:03
jamielennox	so i was talking to ayoung earlier about how we handle auth_token with v3 tokens	07:03
jamielennox	i did see your email overnight as well	07:03
henrynash	jamielennox: ok	07:03
*** ytwu has quit IRC		07:04
jamielennox	is it sufficient to have auth_token only work on the default domain	07:05
jamielennox	i would like to say no, but my understanding is that is what should happen currently as by default anything that uses a v2 token in a v3 context is being scoped that way	07:05
openstackgerrit	A change was merged to openstack/neutron: Fix path for the linuxbridge plugin in folsom initial DB structure https://review.openstack.org/40720	07:06
henrynash	this is, as you have discovered, a complex subject….I'd like to discuss this some more with you…but have to go offline for 30-45 mins…will you be around then?	07:06
jamielennox	ah, probably not,	07:06
jamielennox	i'm probably out soon, i should have tried earlier but only just noticed you approved the n+1 review	07:07
henrynash	so let me give it some thought…and we'll try and hook up when you are back on	07:07
*** Alexei_987 has joined #openstack-dev		07:08
jamielennox	yea, i'll see if i can get back on in a couple of hours and try again	07:08
jamielennox	i'll ping you if it happens	07:08
*** markvoelker has quit IRC		07:08
*** markvoelker has joined #openstack-dev		07:10
*** ytwu has joined #openstack-dev		07:11
*** eglynn has quit IRC		07:12
jamielennox	henrynash: so in things to think about, first there is the problem of a global admin permission or somehow domain scoping auth_token. Second is that the flow is currently do version discovery on keystone, choose api version, get token from keystone which we use to authenticate.	07:12
*** alexxu has joined #openstack-dev		07:12
jamielennox	Ideally what i would like to do is receive a catalog when authenticating so that i can communicate with the correct identity service, however AFAIK this is only possible with a scoped token (and in my tests domain scoping is failing - but i think that's an ldap thing)	07:12
*** pabelanger has joined #openstack-dev		07:13
*** ytwu1 has quit IRC		07:13
jamielennox	because unless you receive a catalog the management_url of the client is not set and you technically have no way to communicate via the client (which is as much a failing of the client, imo)	07:14
*** wfoster_away is now known as wfoster		07:15
*** ytwu1 has joined #openstack-dev		07:17
*** mestery_ has joined #openstack-dev		07:17
jamielennox	so what i really need(/want) i guess is a way of scoping an admin user to something that will still allow me to use the token for validation. I understand projects are domain scoped and so no help.	07:17
*** epim has quit IRC		07:18
jamielennox	so my best guess is some sort of fake(?) domain and a way of rigging policy such that only if you auth with a token scoped to it can you validate	07:18
jamielennox	not hard at all :)	07:18
*** ytwu has quit IRC		07:19
*** lexinator has quit IRC		07:19
*** mestery has quit IRC		07:19
*** jpich has joined #openstack-dev		07:21
*** SergeyLukjanov has joined #openstack-dev		07:21
jamielennox	ayoung's opinion was to go the other way, if you have a PKI token then everyone can validate and see your roles etc by decrypting the token so this should not be a highly privileged operation and that therefore any valid token should be allowed to validate any other token which would mean you could scope the auth token however you like	07:22
*** xga_ has joined #openstack-dev		07:22
jamielennox	henrynash: anyway, food for thought - i'll let you know if i get back on tonight	07:22
*** dina_belova has joined #openstack-dev		07:23
*** Ryan_Lane has quit IRC		07:23
*** nachi has joined #openstack-dev		07:25
*** xga has quit IRC		07:25
*** nachi_ has joined #openstack-dev		07:25
*** stevemar has quit IRC		07:25
*** nachi_ has quit IRC		07:26
*** ytwu1 has quit IRC		07:28
*** ytwu has joined #openstack-dev		07:29
*** yolanda has joined #openstack-dev		07:29
*** ema has quit IRC		07:30
*** nijaba has quit IRC		07:31
*** Ryan_Lane has joined #openstack-dev		07:31
*** nijaba has joined #openstack-dev		07:32
*** romcheg has joined #openstack-dev		07:35
*** safchain has joined #openstack-dev		07:36
*** ytwu1 has joined #openstack-dev		07:36
*** nachi has quit IRC		07:37
*** ytwu has quit IRC		07:37
*** ytwu has joined #openstack-dev		07:38
*** ifarkas has joined #openstack-dev		07:40
*** eglynn has joined #openstack-dev		07:40
*** ytwu2 has joined #openstack-dev		07:40
*** ytwu1 has quit IRC		07:40
*** giulivo has joined #openstack-dev		07:42
*** ytwu has quit IRC		07:43
*** ytwu has joined #openstack-dev		07:43
*** emagana has joined #openstack-dev		07:44
*** ytwu2 has quit IRC		07:45
*** wfoster is now known as wfoster_away		07:45
*** jistr has joined #openstack-dev		07:47
*** ytwu1 has joined #openstack-dev		07:47
*** ytwu has quit IRC		07:47
*** xqueralt-afk is now known as xqueralt		07:47
*** alexxu has quit IRC		07:50
*** jaimegil has joined #openstack-dev		07:50
*** ytwu has joined #openstack-dev		07:50
*** ytwu1 has quit IRC		07:51
*** kpavel has quit IRC		07:52
openstackgerrit	A change was merged to openstack/tempest: Adds tests covering Swift's Account Quota middleware https://review.openstack.org/39659	07:53
openstackgerrit	A change was merged to openstack/neutron: Separate packet filter activation from port operation in NEC Plugin https://review.openstack.org/40775	07:53
openstackgerrit	A change was merged to openstack/neutron: Sync oslo gettextutils https://review.openstack.org/40521	07:53
*** MaxV has joined #openstack-dev		07:53
openstackgerrit	A change was merged to openstack/neutron: Fix lbaas_pool_scheduler db migration https://review.openstack.org/40635	07:53
*** ytwu1 has joined #openstack-dev		07:53
*** mmagr has quit IRC		07:54
*** mrunge has quit IRC		07:54
*** cmark has quit IRC		07:54
*** dina_belova has quit IRC		07:55
*** ytwu has quit IRC		07:55
*** adjohn_ has quit IRC		07:56
*** ema has joined #openstack-dev		07:57
*** ema has joined #openstack-dev		07:57
*** mmagr has joined #openstack-dev		07:58
*** mrunge has joined #openstack-dev		07:58
*** ytwu1 has quit IRC		07:59
*** ytwu has joined #openstack-dev		08:00
*** ifarkas has quit IRC		08:02
*** sushils has joined #openstack-dev		08:03
*** ytwu1 has joined #openstack-dev		08:03
*** yaguang has quit IRC		08:03
*** ytwu has quit IRC		08:04
*** kpavel has joined #openstack-dev		08:05
*** boden has joined #openstack-dev		08:05
*** xga has joined #openstack-dev		08:05
*** ifarkas has joined #openstack-dev		08:05
*** xga_ has quit IRC		08:06
*** ytwu has joined #openstack-dev		08:07
*** ytwu1 has quit IRC		08:07
*** derekh has joined #openstack-dev		08:07
*** ljjjustin is now known as xingchao		08:08
*** sandeepr_ltp has joined #openstack-dev		08:11
*** ytwu1 has joined #openstack-dev		08:13
*** zoresvit has quit IRC		08:13
*** xingchao has quit IRC		08:13
*** ifarkas has quit IRC		08:13
*** ytwu has quit IRC		08:14
*** zoresvit has joined #openstack-dev		08:14
*** ljjjustin has joined #openstack-dev		08:14
*** dina_belova has joined #openstack-dev		08:14
*** odyssey4me has joined #openstack-dev		08:14
*** ifarkas has joined #openstack-dev		08:14
*** andrewbogott_afk is now known as andrewbogott		08:15
*** ytwu has joined #openstack-dev		08:19
*** avishay has quit IRC		08:20
*** ytwu1 has quit IRC		08:20
*** cmark has joined #openstack-dev		08:22
*** fbo_away is now known as fbo		08:22
*** avishay has joined #openstack-dev		08:22
*** boris-42 has quit IRC		08:23
*** bismigalis has joined #openstack-dev		08:24
*** lukego has joined #openstack-dev		08:25
*** yannovitch has joined #openstack-dev		08:26
*** wfoster_away is now known as wfoster		08:26
openstackgerrit	A change was merged to openstack/tempest: Add test for swift ACLs https://review.openstack.org/38823	08:27
*** yaguang has joined #openstack-dev		08:28
*** sudorandom has joined #openstack-dev		08:28
*** nijaba has quit IRC		08:31
*** psedlak has joined #openstack-dev		08:31
*** nijaba has joined #openstack-dev		08:32
*** xchu has quit IRC		08:32
bismigalis	there are "extensions" and "plugins" dirs in quantum, what is the difference, where to find info	08:32
*** pschaef has joined #openstack-dev		08:32
*** ytwu has quit IRC		08:33
*** ytwu has joined #openstack-dev		08:33
*** ytwu1 has joined #openstack-dev		08:35
*** jcoufal has joined #openstack-dev		08:35
*** yannovitch has quit IRC		08:37
*** ytwu2 has joined #openstack-dev		08:37
*** ytwu has quit IRC		08:38
*** ytwu1 has quit IRC		08:40
*** YorikSar has joined #openstack-dev		08:41
*** ytwu has joined #openstack-dev		08:42
*** ytwu2 has quit IRC		08:44
*** xchu has joined #openstack-dev		08:44
*** ruhe has joined #openstack-dev		08:45
*** ytwu1 has joined #openstack-dev		08:45
*** xBsd has joined #openstack-dev		08:46
*** ytwu has quit IRC		08:47
*** Ryan_Lane has quit IRC		08:49
*** ytwu has joined #openstack-dev		08:50
*** andrewbogott is now known as andrewbogott_afk		08:51
*** yannovitch has joined #openstack-dev		08:52
*** sandeepr_ltp has quit IRC		08:52
*** ytwu1 has quit IRC		08:52
*** sandeepr_ltp has joined #openstack-dev		08:53
*** ytwu1 has joined #openstack-dev		08:53
*** radsy has joined #openstack-dev		08:53
*** ytwu has quit IRC		08:55
*** ytwu has joined #openstack-dev		08:56
*** yannovitch has quit IRC		08:56
*** zoresvit has quit IRC		08:56
*** zoresvit has joined #openstack-dev		08:57
*** yannovitch has joined #openstack-dev		08:57
*** mkollaro has joined #openstack-dev		08:57
*** ytwu1 has quit IRC		08:58
*** ytwu1 has joined #openstack-dev		09:01
*** lucasagomes has joined #openstack-dev		09:01
*** dkehn has quit IRC		09:01
*** e1mer has joined #openstack-dev		09:03
*** xqueralt is now known as xqueralt-afk		09:03
*** ytwu has quit IRC		09:03
*** ytwu has joined #openstack-dev		09:04
*** utlemming has joined #openstack-dev		09:05
*** ytwu1 has quit IRC		09:06
*** adjohn has joined #openstack-dev		09:06
*** ytwu1 has joined #openstack-dev		09:07
*** ytwu has quit IRC		09:08
*** ytwu has joined #openstack-dev		09:09
*** adjohn has quit IRC		09:11
*** oNeToWn has joined #openstack-dev		09:11
openstackgerrit	A change was merged to openstack/tempest: Skip more security group tests until bug 1182384 is fixed https://review.openstack.org/40669	09:11
uvirtbot	Launchpad bug 1182384 in tempest "SecurityGroups Tests : invalid id must be valid uuid " [Medium,In progress] https://launchpad.net/bugs/1182384	09:11
*** ytwu1 has quit IRC		09:11
*** radsy has quit IRC		09:12
*** xga_ has joined #openstack-dev		09:12
*** isviridov_ has quit IRC		09:12
*** yaguang has quit IRC		09:13
*** yaguang has joined #openstack-dev		09:14
holms	dtroyer: just wanna ask so what's the solution regarding that bug..? why those mirrors are usefull if they not even exists anymore..	09:14
*** xga has quit IRC		09:15
*** yannovitch has quit IRC		09:16
*** aditirav has quit IRC		09:16
*** aditirav has joined #openstack-dev		09:16
*** lukego has quit IRC		09:16
*** aditirav has left #openstack-dev		09:17
*** yannovitch has joined #openstack-dev		09:17
*** ytwu1 has joined #openstack-dev		09:17
*** xchu has quit IRC		09:19
*** ytwu has quit IRC		09:19
*** lukego has joined #openstack-dev		09:20
*** ytwu has joined #openstack-dev		09:21
*** Ryan_Lane has joined #openstack-dev		09:21
*** ytwu1 has quit IRC		09:22
*** yaguang has quit IRC		09:22
*** ytwu1 has joined #openstack-dev		09:23
*** yaguang has joined #openstack-dev		09:23
openstackgerrit	A change was merged to openstack/glance: Using unicode() convert non-English exception message https://review.openstack.org/37421	09:24
*** yannovitch has quit IRC		09:24
*** ytwu has quit IRC		09:25
*** dina_belova has quit IRC		09:27
*** ytwu has joined #openstack-dev		09:27
*** ytwu1 has quit IRC		09:27
*** dina_belova has joined #openstack-dev		09:27
*** dina_belova has quit IRC		09:28
*** ytwu1 has joined #openstack-dev		09:31
*** nijaba has quit IRC		09:31
*** ytwu has quit IRC		09:32
*** xchu has joined #openstack-dev		09:32
*** nijaba has joined #openstack-dev		09:32
*** nijaba has joined #openstack-dev		09:32
*** sudorandom has quit IRC		09:33
*** giroro_ has quit IRC		09:35
*** jab416171 has quit IRC		09:35
*** adepti37 has quit IRC		09:36
*** ytwu has joined #openstack-dev		09:36
*** Ryan_Lane has quit IRC		09:36
*** ytwu1 has quit IRC		09:37
*** adepti37 has joined #openstack-dev		09:37
*** yaguang_ has joined #openstack-dev		09:38
*** yaguang has quit IRC		09:38
*** xqueralt-afk is now known as xqueralt		09:39
*** dkehn has joined #openstack-dev		09:40
*** Ruetobas has joined #openstack-dev		09:40
*** hailiang has quit IRC		09:40
*** boris-42 has joined #openstack-dev		09:40
*** pixelbeat has joined #openstack-dev		09:44
*** ytwu1 has joined #openstack-dev		09:44
*** ytwu has quit IRC		09:45
*** wenjianhn has quit IRC		09:47
*** xBsd has quit IRC		09:50
*** ruhe has quit IRC		09:50
*** ytwu has joined #openstack-dev		09:51
*** ytwu1 has quit IRC		09:52
*** xBsd has joined #openstack-dev		09:53
*** xBsd has quit IRC		09:53
*** pschaef has quit IRC		09:54
*** Mikhail has joined #openstack-dev		09:56
*** mdurnosvistov has quit IRC		09:56
*** Mikhail is now known as Guest65861		09:56
*** pschaef has joined #openstack-dev		09:59
*** ytwu1 has joined #openstack-dev		09:59
*** jruzicka has quit IRC		10:00
*** jruzicka has joined #openstack-dev		10:00
*** ytwu has quit IRC		10:01
*** ytwu has joined #openstack-dev		10:05
*** utlemming has quit IRC		10:05
*** erkules has quit IRC		10:07
*** ytwu1 has quit IRC		10:07
*** ifarkas has quit IRC		10:07
*** krphop has quit IRC		10:07
*** ytwu1 has joined #openstack-dev		10:09
*** ytwu has quit IRC		10:10
*** dina_belova has joined #openstack-dev		10:10
*** erkules has joined #openstack-dev		10:11
*** ifarkas has joined #openstack-dev		10:11
*** xchu has quit IRC		10:11
jamielennox	henrynash, ping	10:12
*** amotoki has quit IRC		10:12
*** ytwu has joined #openstack-dev		10:13
*** emagana_ has joined #openstack-dev		10:14
*** henrynash_ has joined #openstack-dev		10:15
*** ytwu1 has quit IRC		10:16
*** henrynash has quit IRC		10:17
*** henrynash_ is now known as henrynash		10:17
*** mikal has quit IRC		10:17
*** ytwu1 has joined #openstack-dev		10:18
*** emagana has quit IRC		10:18
*** mikal has joined #openstack-dev		10:19
*** ytwu has quit IRC		10:20
*** Thor^^ is now known as Thor		10:22
*** ytwu has joined #openstack-dev		10:23
*** ytwu1 has quit IRC		10:24
*** krphop has joined #openstack-dev		10:24
*** ytwu1 has joined #openstack-dev		10:25
*** martyntaylor has joined #openstack-dev		10:25
*** dina_belova has quit IRC		10:27
*** ytwu has quit IRC		10:28
*** dina_belova has joined #openstack-dev		10:28
*** nijaba has quit IRC		10:28
*** ytwu has joined #openstack-dev		10:28
*** ytwu1 has quit IRC		10:30
*** obondarev_ has quit IRC		10:32
*** ytwu1 has joined #openstack-dev		10:32
*** nijaba has joined #openstack-dev		10:32
*** nijaba has joined #openstack-dev		10:32
*** ytwu has quit IRC		10:33
*** Shaan7 has quit IRC		10:34
*** martyntaylor has quit IRC		10:35
*** martyntaylor has joined #openstack-dev		10:36
*** ytwu has joined #openstack-dev		10:37
*** ytwu1 has quit IRC		10:39
*** gongysh has quit IRC		10:40
*** Shaan7 has joined #openstack-dev		10:42
*** sandeepr_ltp has quit IRC		10:42
*** ytwu1 has joined #openstack-dev		10:43
*** ytwu has quit IRC		10:45
*** ytwu has joined #openstack-dev		10:46
*** ytwu1 has quit IRC		10:47
*** ema has quit IRC		10:48
*** zul has joined #openstack-dev		10:50
*** adjohn has joined #openstack-dev		10:51
*** adjohn has quit IRC		10:51
*** jswarren has joined #openstack-dev		10:51
*** ytwu1 has joined #openstack-dev		10:52
*** ytwu has quit IRC		10:53
*** ytwu has joined #openstack-dev		10:55
*** ytwu1 has quit IRC		10:56
jamielennox	henrynash, still around	10:57
*** ytwu1 has joined #openstack-dev		10:58
*** ruhe has joined #openstack-dev		10:58
*** yaguang_ has quit IRC		10:59
*** ytwu has quit IRC		11:00
*** pschaef has quit IRC		11:01
*** tonix has joined #openstack-dev		11:01
*** bourke has quit IRC		11:01
*** pschaef has joined #openstack-dev		11:02
*** martine_ has joined #openstack-dev		11:02
*** lexinator has joined #openstack-dev		11:02
*** bourke has joined #openstack-dev		11:03
*** jprovazn has quit IRC		11:04
*** ytwu has joined #openstack-dev		11:05
*** lexinator has quit IRC		11:07
*** ytwu1 has quit IRC		11:07
*** ruhe has quit IRC		11:08
*** ytwu1 has joined #openstack-dev		11:09
*** nijaba has quit IRC		11:09
*** ytwu has quit IRC		11:10
*** ruhe has joined #openstack-dev		11:10
*** e1mer has quit IRC		11:11
*** jimjiang has quit IRC		11:11
*** CaptTofu has quit IRC		11:13
*** ytwu has joined #openstack-dev		11:14
*** CaptTofu has joined #openstack-dev		11:14
*** jprovazn has joined #openstack-dev		11:15
*** ytwu1 has quit IRC		11:15
*** nijaba has joined #openstack-dev		11:16
henrynash	jamielennox: hi	11:18
jamielennox	henrynash, hi, still here	11:18
*** ytwu1 has joined #openstack-dev		11:18
*** CaptTofu has quit IRC		11:19
henrynash	OK, so, if you can stand it, let's go back to basics (to make sure I fully understand the problem)	11:19
jamielennox	sure	11:19
*** CaptTofu has joined #openstack-dev		11:19
*** lukego has quit IRC		11:19
jamielennox	so what i want to do is write auth_token middleware in a way that it uses keystoneclient rather than the hacked up mess it is now	11:19
henrynash	+100	11:20
*** dkehn has quit IRC		11:20
jamielennox	so there are a number of assumptions that keystoneclient makes that tend to have it work in most situations	11:20
*** ytwu has quit IRC		11:21
jamielennox	things like the url you provide to auth_token is never really checked, instead if you want v3 it just appends /v3 to the end, same for /v2.0	11:21
jamielennox	gyee filed a bug the other day i've no about for a while, namely that even if you tell auth_token to use v3 auth (which you can force) it still gets it's own auth token as a v2 toen	11:22
jamielennox	so i have a bunch of reviews to keystoneclient that gets us a lot of the way there	11:22
*** melwitt has quit IRC		11:22
jamielennox	so there are a number of issues	11:23
jamielennox	first, if you start a keystoneclient with an auth_url without scoping information it returns an unscoped token	11:23
jamielennox	there is no way i can see to easily exchange an unscoped token to a scoped token within the client	11:23
jprovazn	lifeless: ping	11:24
henrynash	so, the client doesn't support that upgrading?	11:24
jamielennox	however the client reads the token info and extracts the identity service from the catalog	11:24
henrynash	of an uncsoped token to a scoped one?	11:24
jamielennox	no, but that's not the biggest issue	11:24
henrynash	(sorry thinking)	11:24
jamielennox	we can probably add that	11:24
*** dkehn has joined #openstack-dev		11:24
jamielennox	the first problem is that unless you specify token scoping information you don't get a catalog returned	11:25
*** e1mer has joined #openstack-dev		11:25
jamielennox	so the client doesn't get a 'management_url' and it doesn't know where to send subsequent queries	11:25
henrynash	in v2 or v3?	11:25
jamielennox	both	11:25
*** woodspa has joined #openstack-dev		11:25
henrynash	hmm, though it was different in v3, but could easily be wrong :-)	11:26
*** ndipanov has quit IRC		11:26
jamielennox	at the API layer? i'm pretty sure you only get a catalog if you scope it	11:26
henrynash	Ok, but now see the issue…you can't use the results of an unstopped token to tell you where to go next	11:26
jamielennox	i'm not sure if you can request one from an unscoped token	11:26
jamielennox	so that's part of it	11:26
jamielennox	the next part is assuming we do v3 auth of auth_token then we have to specify a domain for the user	11:27
jamielennox	as projects, roles etc are all scoped to domain, how do we have this one all powerful auth_token user who has permission to validate tokens for everyone in the system?	11:28
jamielennox	regardless of the domain they are being authenticated for	11:28
*** mikal has quit IRC		11:28
henrynash	hmm	11:28
*** dina_belova has quit IRC		11:28
*** ndipanov has joined #openstack-dev		11:28
*** ljjjustin has quit IRC		11:29
jamielennox	(this bit is more important, the catalog thing would be nice to have in the solution)	11:29
*** pcm_ has joined #openstack-dev		11:29
henrynash	and (forgive me bing dumb), but what is the problem with using a v2 token for that….don't we allow validation of a v3 token in that case?	11:29
henrynash	what are we losing by doing it that way?	11:30
jamielennox	yes we do, we currently use a v2 auth token to validate a v3 token	11:30
*** mikal has joined #openstack-dev		11:30
jamielennox	so i guess a few things. Firstly we should be trying to transition things off the v2 api	11:30
henrynash	ahh, ok, fair comment	11:30
jamielennox	it is supposed to be a replacement and not coexist	11:30
henrynash	also, true	11:31
jamielennox	secondly with the addition of domains in v3 the way i understand it is v2 tokens are valid for the user in some predefined default domain	11:31
henrynash	yes, that's correct	11:31
jamielennox	i haven't tested it, but the way that policy should work to my mind is that the role that policy is checking against will be inherited from the domain	11:32
jamielennox	hmmm, shouldn't say role and inheritted together as i stayed right out of that debate	11:32
henrynash	:-)	11:32
jamielennox	however a role is granted to a user based on either a project or a domain	11:32
jamielennox	so i'm not sure how/if a user can cross domains but if they can i imagine there roles would be completely reset	11:33
*** pcm__ has joined #openstack-dev		11:34
henrynash	well, to be exact, roles don't change, but role-assignments do	11:34
jamielennox	i'm not fully caught up on the details here, i'm looking forward to your essay :) but it has the same end effect right?	11:34
henrynash	so yes, if I get a domain-scoped token for domain A I'll get one set of role-assignments and if I get one for Domain B, I'll likel have a different set of role-assignments	11:34
*** dina_belova has joined #openstack-dev		11:34
jamielennox	right and can roles exist on an unscoped token?	11:35
henrynash	no	11:35
jamielennox	ok	11:35
*** HenryG has joined #openstack-dev		11:35
jamielennox	so if the auth_token middleware gets a token (because validation is a admin operation)	11:35
henrynash	a token is filled in with the role-assignements the authenticating user has with the target of the scope	11:35
jamielennox	and it has the admin role in the domain A	11:36
*** jab416171 has joined #openstack-dev		11:36
jamielennox	if someone comes along and asks it to validate a token for domain B then it won't have permission	11:36
*** emagana_ has quit IRC		11:36
*** melwitt has joined #openstack-dev		11:36
*** rscottcoyle has quit IRC		11:37
*** pcm_ has quit IRC		11:37
henrynash	so it would really depend how the policy file had been set up	11:37
jamielennox	and i don't have much experience with that	11:37
henrynash	(nor does anyone really….:-) ) I must admit, I haven't thought much about how policy might be used for token validation	11:38
henrynash	I'm about to do that in the next day or two	11:38
jamielennox	so i wrote a few things earlier that you might or might not have seen	11:38
jamielennox	one of ayoungs suggestions was that we might be able to cut back the admin requirement to validate a token	11:38
henrynash	I saw the bit about having some kind of special domain	11:39
jamielennox	that was an idea, i'm not sure though because then you would need some sort of backend to handle that domain	11:39
*** melwitt has quit IRC		11:40
jamielennox	more likely i guess is changing the policy requirements around validation, possibly you need the admin or a validation role within the default domain	11:40
henrynash	maybe, or that (as I suspect young is thinking) we re-consider what is needed to validate	11:41
jamielennox	right, so he was saying that particularly with PKI tokens, the entire structure of a tokens content is already out there and available	11:42
jamielennox	and that is acceptable, so why do you need the admin role to validate a token	11:42
jamielennox	if you have lost control of the token you're stuffed anyway	11:42
henrynash	agreed	11:42
henrynash	remember that with v2 most of keystone APIs needed admin anyway (there was no RBAC)	11:43
jamielennox	right, and with no PKI tokens i can see that it would seem like an admin operation to validate	11:43
*** martyntaylor has quit IRC		11:43
henrynash	so part of this may we just never spent time thinking about what the move to RBAC meant for the "non-user-facing APIs"	11:44
*** rfolco has joined #openstack-dev		11:44
jamielennox	however now, this is generally an eg nova account that is sitting there with admin permissions on a bunch of machines	11:44
jamielennox	i would guess so, having a services role that can only do validation or other things required of the system rather than a user is probably a good idea	11:45
henrynash	ok, so indeed now get the problem :-)	11:45
*** ruhe has quit IRC		11:45
henrynash	keystone account for system requests?	11:46
jamielennox	i would suggest people still would like one user per service as now, but some way of specifying those as limited accounts that don't have admin privileges	11:47
*** FunnyLookinHat has joined #openstack-dev		11:48
henrynash	the alternative is that validate is available without autnetiaction on the public port, in the same was as getting versions is (I think)	11:48
jamielennox	as far as i've ever seen it there is no real practical difference between the public and private ports	11:48
jamielennox	i've never really investigated though	11:48
henrynash	not sure how much of a security issue that would be….I guess people could troll for valid tokens…but that seems unlikely	11:49
jamielennox	i don't know if we would want to do it completely without authentication	11:49
*** dina_belova has quit IRC		11:49
jamielennox	just allowing any login would probably do it	11:49
openstackgerrit	A change was merged to openstack/horizon: Revert "Fix selector syntax" https://review.openstack.org/40628	11:49
henrynash	maybe, yes	11:50
jamielennox	or as i said if anyone really knows how to tune that policy file all we need to do is say that the user has some role in some domain	11:50
henrynash	OK…so I'm going to try an re-look at some the code later today and try and come up with suggestions...	11:50
*** ruhe has joined #openstack-dev		11:51
*** oNeToWn has quit IRC		11:51
*** morazi has quit IRC		11:52
jamielennox	we just say instead of requiring this role in this current domain that the user have the 'service' role in the 'services' domain which could contain nothing but the 'cinder', 'nova', 'glance' etc users	11:52
jamielennox	nice and secure, if they want to use the default domain and any other role no big deal - user tunable	11:52
jamielennox	the two problems are - i've no idea how to write policy files (though apparently that's big on my list for Icehouse), and how could we role it out in a way that works for existing installations	11:53
henrynash	…which is a point…where do those service users go in v3 anyway, I guess they'll al lturn up in the default domain	11:53
jamielennox	i guess by default they go into the default domain	11:54
jamielennox	if you're only running one domain no point setting up another	11:54
jamielennox	if you're running a lot of domains then we advise you to create one for service users	11:54
jamielennox	that's somewhat elegant :)	11:55
henrynash	I think there is a bit if a general aversion to ore-defining domains, although as you say making it confgirabke would drake sure you cold drive it how you want	11:55
henrynash	(pre-defining domains)	11:55
*** obondarev_ has joined #openstack-dev		11:56
jamielennox	we don't need to pre-configure, so long as what's in keystone's policy and what's in auth_tokens config.ini line up	11:56
jamielennox	and as it is now if you say nothing then you end up in default	11:56
henrynash	on policy files, I'm about to try and write a sample policy file for v3 with domain segregation….something nobody has done yet! I thikn that will tell me quite a lot	11:57
henrynash	(well, at least nobody has published)	11:58
jamielennox	right, so i wanted to run this stuff by you as to my understanding you are the domain & roles and probably therefore policy expert	11:58
henrynash	I'm going to recommend that gets included in Havana as a sample	11:58
henrynash	sure	11:58
henrynash	err, expert? maybe not, but sure, run it by me!	11:58
jamielennox	well no-one else seems to want to touch it with a stick	11:59
*** rscottcoyle has joined #openstack-dev		12:00
*** rscottcoyle has quit IRC		12:00
jamielennox	out of interest do you know if this would work for v2?	12:00
jamielennox	1 to keep the policy the same across versions, but 2 the only thing i am aware of in the v2 api that you can scope a token to is a project	12:01
jamielennox	(and remember i want scoping so that i can get the catalog)	12:01
*** noslzzp has joined #openstack-dev		12:01
*** rscottcoyle has joined #openstack-dev		12:01
*** rscottcoyle has quit IRC		12:02
*** rscottcoyle has joined #openstack-dev		12:03
*** lexinator has joined #openstack-dev		12:03
*** ytwu has joined #openstack-dev		12:04
*** dvarga has joined #openstack-dev		12:04
*** rscottcoyle has quit IRC		12:04
*** rscottcoyle has joined #openstack-dev		12:05
*** ruhe has quit IRC		12:06
*** ytwu1 has quit IRC		12:06
*** ytwu1 has joined #openstack-dev		12:07
*** lexinator has quit IRC		12:08
*** ytwu has quit IRC		12:08
*** vkmc has joined #openstack-dev		12:08
*** vkmc has quit IRC		12:08
*** vkmc has joined #openstack-dev		12:08
openstackgerrit	A change was merged to openstack/cinder: Imported Translations from Transifex https://review.openstack.org/40691	12:09
*** gongysh has joined #openstack-dev		12:09
jamielennox	anyway, i'll write some of this stufff up in a more sensible way and hopefully get it talked about at the next meeting	12:10
jamielennox	henrynash, thanks, i'm tuning out for the night	12:11
*** dina_belova has joined #openstack-dev		12:11
henrynash	ok, np, thanks for taking the time to talk me though it	12:11
jamielennox	no worries, thanks for your help	12:12
ayoung-zZzZzZz	jamielennox, so I think the old aporach, and what is still valid, is admin project. That comes from pre-domains	12:13
*** oNeToWn has joined #openstack-dev		12:13
ayoung-zZzZzZz	so it would be	12:13
ayoung-zZzZzZz	user has admin role in the admin project of the default domain	12:13
ayoung-zZzZzZz	that jack built	12:13
jamielennox	ahh, you're here too - i'm going to need to find the power cord for this laptop	12:14
*** lukego has joined #openstack-dev		12:15
*** chuckieb has joined #openstack-dev		12:16
*** pschaef has quit IRC		12:16
*** noslzzp has quit IRC		12:16
ayoung-zZzZzZz	go to bed	12:16
jamielennox	ayoung-zZzZzZz, so are we using admin projects now?	12:16
ayoung-zZzZzZz	I'm getting breakfast	12:16
*** ayoung-zZzZzZz is now known as ayoung		12:16
jamielennox	the wrap around	12:17
ayoung	jamielennox, devstack creates one...we used to do more with that, I think	12:17
*** marcos-sb has joined #openstack-dev		12:17
jamielennox	but i don't think that's checked in any way	12:17
jamielennox	and not enforced	12:17
ayoung	but if we are going to do something that doesn't exist right now, it will break people on upgrades, so we need to have a migration plan	12:17
jamielennox	and projects don't span domains so it doesn't help there	12:18
*** dina_belova has quit IRC		12:18
jamielennox	i like the idea of setting policy on validate to be fixed to a domain, or a role within that domain	12:19
jamielennox	it's good isolation because you can jail all your services accounts	12:20
jamielennox	and in the event that you don't specify a domain then default is used so it's the same as now	12:20
*** dprince has joined #openstack-dev		12:21
jamielennox	and if you don't specify a role then any user in the default domain can validate a token - i imagine people would change that but its not a bad default	12:21
*** dvarga is now known as dvarga\|away		12:21
*** ytwu1 has quit IRC		12:21
*** ytwu has joined #openstack-dev		12:22
*** sandywalsh has quit IRC		12:22
*** mikal has quit IRC		12:22
ayoung	no, the admin project in the default domain gets permission to check all tokens	12:23
*** markmc has joined #openstack-dev		12:23
ayoung	not just tokens in the default domain	12:23
ayoung	policy isn't written yet that can support that, I think	12:24
*** mikal has joined #openstack-dev		12:24
*** mrunge has quit IRC		12:24
jamielennox	what difference does user has role in domain vs user in project make?	12:24
jamielennox	so i'll have a proper going through of policy tomorrow	12:25
*** dvarga\|away is now known as dvarga		12:26
*** yongli has joined #openstack-dev		12:26
*** ytwu1 has joined #openstack-dev		12:27
*** alunduil has quit IRC		12:28
*** iartarisi has joined #openstack-dev		12:29
*** ytwu has quit IRC		12:29
*** kenperkins has joined #openstack-dev		12:30
*** galstrom_zzz is now known as galstrom		12:31
*** alunch has quit IRC		12:31
*** ytwu has joined #openstack-dev		12:32
jamielennox	answering my own question, a project is a v2 concept as well as a v3 concept so the policy would be the same if you assume domain is always default	12:33
*** SergeyLukjanov has quit IRC		12:34
*** ytwu1 has quit IRC		12:34
*** sandywalsh has joined #openstack-dev		12:35
*** emagana has joined #openstack-dev		12:37
ayoung	jamielennox, yep. Now off with you. And I need to make some coffee. Damn this round world nonsense.	12:37
*** huats has quit IRC		12:37
*** ytwu1 has joined #openstack-dev		12:38
*** huats has joined #openstack-dev		12:38
*** huats has quit IRC		12:38
*** huats has joined #openstack-dev		12:38
*** ytwu has quit IRC		12:39
*** morazi has joined #openstack-dev		12:40
*** ytwu has joined #openstack-dev		12:40
jamielennox	ayoung, alright, i'll talk yo you tomorrow	12:41
jamielennox	adjusted for timezone	12:42
*** ruhe has joined #openstack-dev		12:42
*** radez_g0n3 is now known as radez		12:42
*** ytwu1 has quit IRC		12:43
*** SergeyLukjanov has joined #openstack-dev		12:43
*** zbitter has joined #openstack-dev		12:43
*** ytwu1 has joined #openstack-dev		12:44
*** emagana has quit IRC		12:45
*** ytwu has quit IRC		12:45
holms	is there's a nice frontend for mailing ilist.. or some forum where I can ask questions about openstack-dev?	12:45
*** redbeard2 has quit IRC		12:46
holms	devstack install failed=/ 2013-08-08 08:44:23 An unexpected error prevented the server from fulfilling your request. (Operationa	12:47
*** zaneb has quit IRC		12:47
holms	lError) (1045, "Access denied for user 'root'@'localhost' (using password: YES)") None None (HTTP 500)	12:47
*** kbringard has joined #openstack-dev		12:47
*** ytwu has joined #openstack-dev		12:47
mordred	markmc: morning! I just posted thoughts on https://review.openstack.org/#/c/34601/	12:48
*** galstrom is now known as galstrom_zzz		12:48
*** dina_belova has joined #openstack-dev		12:48
*** zbitter is now known as zaneb		12:48
*** briancurtin has joined #openstack-dev		12:48
*** ytwu1 has quit IRC		12:48
*** ruhe has quit IRC		12:49
*** lbragstad_ has quit IRC		12:50
*** tonyfy has joined #openstack-dev		12:50
*** jaimegil has quit IRC		12:50
*** kenperkins has quit IRC		12:51
*** briancurtin has quit IRC		12:51
*** mmagr has quit IRC		12:53
*** ytwu1 has joined #openstack-dev		12:57
*** anteaya has joined #openstack-dev		12:57
*** ytwu has quit IRC		12:58
*** athomas has quit IRC		12:59
*** ruhe has joined #openstack-dev		12:59
*** mfer has joined #openstack-dev		12:59
*** athomas has joined #openstack-dev		13:00
*** ruhe has quit IRC		13:00
*** jprovazn has quit IRC		13:01
*** ifarkas has quit IRC		13:03
*** marcos-sb has quit IRC		13:03
*** ifarkas has joined #openstack-dev		13:03
*** bknudson has joined #openstack-dev		13:08
*** xga__ has joined #openstack-dev		13:10
*** anniec has joined #openstack-dev		13:10
openstackgerrit	A change was merged to openstack/oslo.messaging: Implement wait_for_reply timeout in rabbit driver https://review.openstack.org/39804	13:10
*** xga_ has quit IRC		13:11
openstackgerrit	A change was merged to openstack/oslo.messaging: Remove unused IncomingMessage.done() https://review.openstack.org/39809	13:11
openstackgerrit	A change was merged to openstack/oslo.messaging: Remove some FIXMEs and debug logging https://review.openstack.org/39822	13:11
*** litong has joined #openstack-dev		13:13
*** jsgotangco has joined #openstack-dev		13:13
*** freedomhui has quit IRC		13:14
*** freedomhui has joined #openstack-dev		13:14
openstackgerrit	A change was merged to openstack/nova: Move tests test_update_* to separate class https://review.openstack.org/39883	13:15
*** Ryan_Lane has joined #openstack-dev		13:16
openstackgerrit	A change was merged to openstack/oslo-incubator: Add a fixture for dealing with config https://review.openstack.org/39910	13:16
*** Shaan7 has quit IRC		13:16
openstackgerrit	A change was merged to openstack/nova: Code dedup in test_update_* https://review.openstack.org/39900	13:16
*** topol has joined #openstack-dev		13:17
*** freedomhui has quit IRC		13:17
*** Shaan7 has joined #openstack-dev		13:17
*** adalbas has joined #openstack-dev		13:17
*** oNeToWn has quit IRC		13:20
*** rharwood has joined #openstack-dev		13:20
*** Ryan_Lane has quit IRC		13:20
*** lbragstad has joined #openstack-dev		13:21
*** alunduil has joined #openstack-dev		13:21
*** topol has quit IRC		13:23
*** topol has joined #openstack-dev		13:23
*** jprovazn has joined #openstack-dev		13:23
*** ytwu has joined #openstack-dev		13:24
*** prad has joined #openstack-dev		13:24
*** sridevi has quit IRC		13:25
openstackgerrit	A change was merged to openstack/nova: Add Instance.create() https://review.openstack.org/38210	13:26
*** ytwu1 has quit IRC		13:26
*** leif has joined #openstack-dev		13:26
*** sridevi has joined #openstack-dev		13:26
*** leif is now known as Guest8464		13:26
*** e1mer has quit IRC		13:27
*** ytwu1 has joined #openstack-dev		13:27
*** ytwu has quit IRC		13:28
*** topol has quit IRC		13:28
*** dolphm has joined #openstack-dev		13:29
*** krtaylor has quit IRC		13:29
*** neelashah has joined #openstack-dev		13:29
*** jecarey has joined #openstack-dev		13:30
*** changbl has quit IRC		13:30
*** tmclaugh[work] has joined #openstack-dev		13:31
*** lsmola has quit IRC		13:31
*** wu_wenxiang has joined #openstack-dev		13:32
*** lsmola has joined #openstack-dev		13:32
*** Guest8464 has quit IRC		13:32
*** _TheDodd_ has joined #openstack-dev		13:32
holms	where can i get help regarding devstack?	13:33
*** leif_ has joined #openstack-dev		13:34
*** alunch has joined #openstack-dev		13:34
openstackgerrit	A change was merged to openstack/neutron: Imported Translations from Transifex https://review.openstack.org/40807	13:35
openstackgerrit	A change was merged to openstack/ceilometer: Use MongoDB aggregate to get resources list https://review.openstack.org/35297	13:37
*** ytwu has joined #openstack-dev		13:37
*** mfer has quit IRC		13:39
*** ytwu1 has quit IRC		13:39
*** ytwu1 has joined #openstack-dev		13:40
jpich	holms: Here is usually not a bad place for devstack related questions	13:41
holms	2013-08-08 09:37:47 An unexpected error prevented the server from fulfilling your request. (OperationalError) (10	13:42
holms	45, "Access denied for user 'root'@'localhost' (using password: YES)") None None (HTTP 500)	13:42
*** ytwu has quit IRC		13:42
holms	this beast can't connect to database..?	13:42
holms	i've set all passwords in localrc	13:42
*** Thor^^ has joined #openstack-dev		13:44
*** Thor has quit IRC		13:44
*** tonyfy has quit IRC		13:45
*** ruhe has joined #openstack-dev		13:45
*** ruhe has quit IRC		13:45
holms	anybody?	13:46
bugsduggan	holms: I've run into something similar in the past, setting the mysql root password fixed it for me	13:46
holms	this could be registered as a bug or smtng	13:46
holms	ok let's try	13:46
holms	https://bugs.launchpad.net/devstack/+bug/1118502	13:47
*** afazekas has quit IRC		13:47
uvirtbot	Launchpad bug 1118502 in devstack "MySQL is accessed as Root" [Undecided,New]	13:47
adalbas	avishay, hi	13:49
avishay	adalbas: hi	13:49
*** lukego has quit IRC		13:49
adalbas	avishay, you work with the cinder driver for svc right?	13:49
*** redbeard2 has joined #openstack-dev		13:49
*** ruhe has joined #openstack-dev		13:50
*** mfer has joined #openstack-dev		13:50
avishay	adalbas: yes	13:50
adalbas	avishay, configuring it in my env, i found a bug when deleting volumes there: https://bugs.launchpad.net/cinder/+bug/1209367	13:51
uvirtbot	Launchpad bug 1209367 in cinder "volume is not deleted in cinder db with svc/storwize" [Undecided,New]	13:51
adalbas	avishay, if you have any points there that could help me debug that further, that will be great	13:52
*** briancurtin has joined #openstack-dev		13:52
holms	s'rsly devstack could use puppet..	13:53
avishay	adalbas: i already replied to the bug report	13:53
avishay	adalbas: i'm not sure there is a storwize issue - please check if the volume actually exists. if not, there is only a bug in the generic deletion code.	13:53
*** FunnyLookinHat has quit IRC		13:54
adalbas	avishay, the volume was deleted the first time i asked it in the storwize, but not in the database, so yes, you are right	13:54
*** jruzicka has quit IRC		13:55
avishay	adalbas: OK cool. It could be something that was fixed later but not backported to Grizzly...that's bad...do you have the time to track it down or should i?	13:55
*** jruzicka has joined #openstack-dev		13:56
*** kevinconway has quit IRC		13:57
adalbas	avishay, i can take a look. you suggest me to look at the logs of what could be added since grizzly?	13:57
avishay	adalbas: i would first rename the bug report and change the description - maybe someone will have an idea and the storwize bit can throw them off	13:58
avishay	adalbas: most will ignore the bug report because it's now driver-specific	13:58
*** lukego has joined #openstack-dev		13:59
adalbas	avishay, sure	13:59
holms	ook next problem with devstack	13:59
holms	2013-08-08 09:52:35 + timeout 60 sh -c 'while ! http_proxy= https_proxy= curl -s http://192.168.1.6:8774 >/dev/null; do sleep 1; done'	13:59
holms	2013-08-08 09:53:35 + die 698 'nova-api did not start'	13:59
*** medberry_ has joined #openstack-dev		13:59
*** medberry_ is now known as med_		13:59
*** med_ has joined #openstack-dev		13:59
avishay	adalbas: maybe check what changed in volume_glance_metadata_delete_by_volume ?	13:59
*** dkranz has quit IRC		14:00
adalbas	avishay, ok!	14:00
avishay	adalbas: thanks!	14:00
avishay	adalbas: you can assign the bug to yourself, and ping me if you need help	14:00
adalbas	avishay, alright! tks!	14:01
*** xga__ has quit IRC		14:01
*** freedomhui has joined #openstack-dev		14:01
*** jruzicka has quit IRC		14:02
*** briancurtin has quit IRC		14:04
*** armax has joined #openstack-dev		14:06
*** mrodden has joined #openstack-dev		14:06
*** topol has joined #openstack-dev		14:08
*** stevemar has joined #openstack-dev		14:09
*** jruzicka has joined #openstack-dev		14:09
*** ruhe has quit IRC		14:09
*** leif_ has quit IRC		14:09
*** avishay has quit IRC		14:10
*** Rafael_Gomes has joined #openstack-dev		14:10
*** kenperkins has joined #openstack-dev		14:11
*** lukego has quit IRC		14:11
*** henrynash_ has joined #openstack-dev		14:12
*** xga has joined #openstack-dev		14:13
*** terriyu has joined #openstack-dev		14:13
*** henrynash has quit IRC		14:13
*** henrynash_ is now known as henrynash		14:13
Rafael_Gomes	Hi all... I´m using the latest devstack and the Keystone-client V3 is not working by CLI... I found the issue and the solution.. Basically by default the keystone endpoint is set for v2.0 .. also there aren´t shell for keystone v3 "cli" ... Basically I created a new shell for keytone v3 , on python-kestoneclient/v3 . So maybe its not necessary to do .. anybody else have problem to use keystoneclient v3 by cli? Any s	14:14
*** datsun180b has joined #openstack-dev		14:14
*** afazekas has joined #openstack-dev		14:14
*** sthaha has quit IRC		14:15
*** krtaylor has joined #openstack-dev		14:15
*** markmcclain has joined #openstack-dev		14:15
*** markmcclain has quit IRC		14:15
openstackgerrit	A change was merged to openstack/ceilometer: Add first and last sample timestamp https://review.openstack.org/36107	14:16
holms	devstack problem, =/ 2013-08-08 09:52:35 + timeout 60 sh -c 'while ! http_proxy= https_proxy= curl -s http://192.168.1.6:8774 >/dev/null; do sleep 1; done'	14:16
holms	2013-08-08 09:53:35 + die 698 'nova-api did not start'	14:16
*** jruzicka has quit IRC		14:17
*** kenperkins_ has joined #openstack-dev		14:17
openstackgerrit	A change was merged to openstack/ceilometer: Remove MongoDB TTL support for MongoDB < 2.2 https://review.openstack.org/38634	14:19
*** kenperkins has quit IRC		14:19
*** xga_ has joined #openstack-dev		14:21
*** mmagr has joined #openstack-dev		14:21
*** xga has quit IRC		14:22
dolphm	stevemar: thoughts? http://pasteraw.com/adyrco6zfj0ikja4s45hoax1edrczow	14:22
dolphm	stevemar: it was obviously redundant, except in the authorizations response, where there's also and access_key and the context doesn't necessarily represent a consumer	14:23
*** mfer has quit IRC		14:23
*** mugsie has quit IRC		14:24
*** burt has joined #openstack-dev		14:24
stevemar	dolphm: i remember someone making an inline comment about how they didn't like the ambiguity in the list authorizations	14:24
stevemar	dolphm: where there is also an access_key	14:25
dolphm	stevemar: well, i also think the `consumer_key` in the authorizations response should be `consumer_id`	14:25
stevemar	true	14:25
dolphm	stevemar: if it's not technically a consumer ID, it's impossible to go manipulate the consumer (with any guarantee of success)	14:26
*** mugsie has joined #openstack-dev		14:26
*** mugsie has joined #openstack-dev		14:26
*** changbl has joined #openstack-dev		14:26
dolphm	stevemar: so, i'm making this change too then: http://pasteraw.com/owpvaevpzwg2a7vapmhlj0hga4qjutq	14:26
stevemar	dolphm: you sure you don't wanna make that consumer_id? :O	14:27
*** adalbas has quit IRC		14:28
*** ytwu has joined #openstack-dev		14:29
*** lukego has joined #openstack-dev		14:29
stevemar	dolphm: btw - i make most of the changes to the impl, i wanted to chat with you about adding to /auth/token	14:29
*** diogogmt has joined #openstack-dev		14:30
*** ytwu1 has quit IRC		14:30
*** jang1 has quit IRC		14:31
dolphm	stevemar: did i not make it consumer_id?	14:31
stevemar	dolphm: whoops, you did, it's early, i'm still eating breakfast	14:32
dolphm	stevemar: uploaded- https://review.openstack.org/#/c/36613/24/openstack-identity-api/v3/src/markdown/identity-api-v3-os-oauth10a-ext.md	14:32
*** jruzicka has joined #openstack-dev		14:32
*** networkstatic has joined #openstack-dev		14:33
*** xBsd has joined #openstack-dev		14:33
*** danwent has quit IRC		14:33
dolphm	stevemar: on the "OS-OAUTH10A" object added to the token object...	14:33
dolphm	stevemar: the roles will be 100% redundant with the roles included in the token, right? can we cut those?	14:34
*** xchu has joined #openstack-dev		14:34
*** jang1 has joined #openstack-dev		14:34
stevemar	hmm, yes, i do specify the ones in the token	14:35
stevemar	so yes	14:35
stevemar	dolphm ^	14:35
*** pschaef has joined #openstack-dev		14:36
dolphm	stevemar: i'll do that now	14:36
*** otherwiseguy has joined #openstack-dev		14:36
*** eharney has joined #openstack-dev		14:37
*** eharney has quit IRC		14:37
*** eharney has joined #openstack-dev		14:37
*** FunnyLookinHat has joined #openstack-dev		14:37
*** devoid has joined #openstack-dev		14:38
*** ifarkas has quit IRC		14:38
dolphm	stevemar: related issue (i'm trying to reduce token bloat here...) all you need in the "consumer" object there is the "id" and a link to the entity... unless there's an immediate use case for including description or the redundant key element there... i say we cut those too	14:38
*** danwent has joined #openstack-dev		14:38
*** devoid has quit IRC		14:39
*** markmcclain has joined #openstack-dev		14:40
*** jsgotangco has quit IRC		14:40
*** danwent has quit IRC		14:44
*** adalbas has joined #openstack-dev		14:44
*** pabelanger_ has joined #openstack-dev		14:45
*** pabelanger_ has joined #openstack-dev		14:45
*** pabelanger has quit IRC		14:45
*** pabelanger_ is now known as pabelanger		14:45
*** networkstatic has quit IRC		14:46
*** pabelanger_ has joined #openstack-dev		14:46
*** cppcabrera has joined #openstack-dev		14:46
*** ytwu1 has joined #openstack-dev		14:46
*** ytwu has quit IRC		14:47
*** pycabrera has joined #openstack-dev		14:47
*** tkammer has quit IRC		14:47
*** pycabrera has quit IRC		14:48
stevemar	dolphm: well, redundant from whos p.o.v.?	14:48
stevemar	dolphm: from the consumers pov, it's all redundant, he already knows his consumer id and access key, nor does he care about it	14:48
mordred	markmc: if you've got a sec, could you join -infra ?	14:48
*** rcleere has joined #openstack-dev		14:48
*** lexinator has joined #openstack-dev		14:49
dolphm	stevemar: so, cut that stuff too?	14:49
dolphm	stevemar: all we need is consumer ID for traceability	14:49
dolphm	stevemar: what about access key?	14:49
*** pycabrera has joined #openstack-dev		14:49
stevemar	dolph: hmm, we should keep access key for traceability too	14:50
*** networkstatic has joined #openstack-dev		14:50
stevemar	dolphm^	14:50
*** pabelanger has quit IRC		14:50
dolphm	stevemar: k	14:50
*** spzala has joined #openstack-dev		14:50
*** pabelanger has joined #openstack-dev		14:50
*** cppcabrera has quit IRC		14:50
*** pycabrera is now known as cppcabrera		14:51
dolphm	stevemar: so just removing key and description there then http://pasteraw.com/dxmak9ea2fbmw9zrlfhhg0xov3oqwrq	14:51
*** apevec has joined #openstack-dev		14:51
*** apevec has joined #openstack-dev		14:51
dolphm	stevemar: i also wanted suggest dropping the 0A from the extension name	14:52
dolphm	stevemar: if there's a revision B, we shouldn't have to change the endpoint, and if there's ever a 1.1, i suspect it'll either be compatible with 1.0 or it'd be logical to call it oauth11 or whatever	14:53
dolphm	stevemar: (i know i suggested 0A in the first place)	14:54
stevemar	dolphm: hmm, yes, you did... :) but it looks cleaner that way	14:54
*** dina_belova has quit IRC		14:54
*** ytwu1 has quit IRC		14:55
*** ytwu has joined #openstack-dev		14:55
*** yaguang has joined #openstack-dev		14:57
*** msbrown has joined #openstack-dev		14:57
*** drewlander has joined #openstack-dev		14:58
*** gargya has joined #openstack-dev		14:58
dolphm	stevemar: revised- https://review.openstack.org/#/c/36613/26/openstack-identity-api/v3/src/markdown/identity-api-v3-os-oauth1-ext.md	14:59
yaguang	comstud,ping	14:59
dolphm	stevemar: so, the authorizations list response...	15:00
dolphm	"id" == "access_key" by convention, correct?	15:00
stevemar	yes	15:01
*** networkstatic has quit IRC		15:02
stevemar	dolphm: http://paste.openstack.org/show/43586/	15:02
dolphm	stevemar: so, good? http://pasteraw.com/5lep7biis9zkyoxd6a0swcke9j02gid	15:03
*** pmathews has joined #openstack-dev		15:03
*** redbeard2 has quit IRC		15:03
dolphm	stevemar: could/should the method could be the name of the extension? "oauth" -> "OS-OAUTH1" ? or at least "oauth1" ?	15:03
stevemar	dolphm: but we've never mentioned authorization id before	15:03
stevemar	definitely	15:04
dolphm	stevemar: you're returning a list of "authorization" which have "id"s ... by convention in the rest of the API, i can work with objects based on their ID	15:04
wu_wenxiang	dolphm: Could you help to re-check https://review.openstack.org/#/c/38963/ ? I add a testcase to reproduce bug.	15:04
*** jimjiang has joined #openstack-dev		15:04
*** topol_ has joined #openstack-dev		15:05
dolphm	wu_wenxiang: it's already on my list for later today	15:05
stevemar	dolphm: okay, i'm not picky on that one	15:05
wu_wenxiang	dolphm: Thanks, and https://review.openstack.org/#/c/39317/	15:05
dolphm	stevemar: not sure what you mean by branch out	15:06
*** bashok has quit IRC		15:06
stevemar	dolphm: put all the code in another function	15:06
dolphm	wu_wenxiang: work with ayoung to unblock first	15:06
dolphm	stevemar: what code	15:06
*** topol has quit IRC		15:06
dolphm	stevemar: what can't go into a plugin?	15:06
*** topol_ is now known as topol		15:06
wu_wenxiang	ayoung: https://review.openstack.org/#/c/39317/, I update my commit, could you help to re-check?	15:06
stevemar	dolphm: we'll i'd have to verify the oauth request	15:07
*** iartarisi has quit IRC		15:07
stevemar	dolphm: let me look at plugins	15:07
stevemar	dolphm: told you yesterday this part would be the tricky part :)	15:08
*** redbeard2 has joined #openstack-dev		15:08
*** sushils has quit IRC		15:08
*** boris-42 has quit IRC		15:08
ayoung	wu_wenxiang, will do. I'm in the middle of a review right now, yours will be next	15:09
stevemar	dolphm: hmm, so all the plugins just have authenticate calls :O	15:09
dolphm	stevemar: i know... i figure you might need some extra info passed down the wsgi pipeline or something	15:09
stevemar	dolphm: i can make this work	15:09
*** danwent has joined #openstack-dev		15:09
stevemar	dolphm: i think so anyway...	15:09
dolphm	maybe auth in middleware and the pass down via remote user?	15:09
dolphm	REMOTE_USER	15:09
*** lukego has quit IRC		15:09
*** mrodden has quit IRC		15:10
*** dkranz has joined #openstack-dev		15:11
*** rnirmal has joined #openstack-dev		15:11
*** sushils has joined #openstack-dev		15:11
*** mestery_ is now known as mestery		15:12
*** lukego has joined #openstack-dev		15:12
*** lexinator has quit IRC		15:12
*** krtaylor has quit IRC		15:15
*** gargya has quit IRC		15:15
*** aelkikhia has joined #openstack-dev		15:16
*** danjared has quit IRC		15:17
*** cppcabrera is now known as cppcabrera_afk		15:17
*** dhellmann_ has quit IRC		15:18
*** pasquier-s_ has quit IRC		15:19
*** mrodden has joined #openstack-dev		15:19
*** dhellmann has joined #openstack-dev		15:19
*** SergeyLukjanov has quit IRC		15:20
*** dina_belova has joined #openstack-dev		15:20
*** dina_belova has quit IRC		15:20
*** mmagr has quit IRC		15:21
*** hartsocks has quit IRC		15:22
*** hartsocks has joined #openstack-dev		15:23
*** ifarkas has joined #openstack-dev		15:24
*** SergeyLukjanov has joined #openstack-dev		15:25
*** danjared has joined #openstack-dev		15:27
*** dina_belova has joined #openstack-dev		15:27
*** kenperkins_ has quit IRC		15:28
*** lukego has quit IRC		15:28
openstackgerrit	A change was merged to openstack/swift: Clarify staticweb configuration with keystone. https://review.openstack.org/40223	15:30
*** pabelanger has quit IRC		15:30
*** lukego has joined #openstack-dev		15:31
*** kbrierly has joined #openstack-dev		15:31
*** rpodolyaka has joined #openstack-dev		15:32
*** ruhe has joined #openstack-dev		15:32
* Alexei_987 sigh		15:33
*** stackKid has quit IRC		15:33
*** briancurtin has joined #openstack-dev		15:35
*** topol has quit IRC		15:35
*** yaguang has quit IRC		15:36
*** yolanda has quit IRC		15:36
*** topol has joined #openstack-dev		15:36
*** ajyounge has quit IRC		15:39
*** msmedved has quit IRC		15:39
*** pnavarro has quit IRC		15:40
*** pnavarro has joined #openstack-dev		15:40
*** ajyounge has joined #openstack-dev		15:41
*** markmcclain has quit IRC		15:41
*** topol has quit IRC		15:41
*** kenperkins has joined #openstack-dev		15:43
*** Alexei_987 has quit IRC		15:43
*** jmontemayor has joined #openstack-dev		15:44
*** pabelanger has joined #openstack-dev		15:44
openstackgerrit	A change was merged to openstack/python-keystoneclient: Make TestResponse properly inherit Response. https://review.openstack.org/40363	15:45
*** dina_belova has quit IRC		15:45
openstackgerrit	A change was merged to openstack-dev/devstack: Add call trace in error message https://review.openstack.org/39887	15:45
*** krtaylor has joined #openstack-dev		15:45
ayoung	wu_wenxiang, review is done	15:45
*** jonesld has quit IRC		15:46
*** topol has joined #openstack-dev		15:46
*** briancurtin has quit IRC		15:46
*** martyntaylor has joined #openstack-dev		15:47
*** dina_belova has joined #openstack-dev		15:47
*** aeperezt has joined #openstack-dev		15:47
*** hemna has joined #openstack-dev		15:48
*** aelkikhia1 has joined #openstack-dev		15:49
*** aelkikhia has quit IRC		15:49
*** cppcabrera_afk is now known as cppcabrera		15:49
*** yaguang has joined #openstack-dev		15:49
*** cppcabrera has left #openstack-dev		15:49
*** gongysh has quit IRC		15:50
*** garyk has quit IRC		15:50
*** odyssey4me has quit IRC		15:52
*** jmontemayor has quit IRC		15:52
ayoung	stevemar, we started having a conversation about access tokens as keystone tokens, but I don't think we got very far.	15:53
*** nachi has joined #openstack-dev		15:53
*** nachi_ has joined #openstack-dev		15:53
*** nachi_ has quit IRC		15:53
dolphm	ayoung: i had initially had a similar thought... but when i thought through it, they're really discrete concepts that can't be merged	15:54
dolphm	ayoung: keystone token's can't stand in for either oauth keys or secrets	15:54
*** anniec has quit IRC		15:54
dolphm	ayoung: the keys are basically public identifiers, and the secrets shouldn't be passed around... at all	15:55
*** mkollaro has quit IRC		15:57
*** martine_ has quit IRC		15:57
*** lucasagomes has quit IRC		15:57
*** hemanth has quit IRC		15:57
*** jpich has quit IRC		15:57
*** derekh has quit IRC		15:57
*** eglynn has quit IRC		15:57
*** hemanth has joined #openstack-dev		15:57
*** markmc has quit IRC		15:58
ayoung	dolphm, I don't think that matters. All that stuff is on the consumer, right?	15:58
*** lexinator has joined #openstack-dev		15:58
*** rpodolyaka has left #openstack-dev		15:59
ayoung	so the access token is what you get when you pass in a request token	15:59
*** dina_belova has quit IRC		15:59
ayoung	I don't see why you need to then convert a request token into a keystone token	15:59
ayoung	it is a one for one exchange	15:59
*** galstrom_zzz is now known as galstrom		15:59
*** jistr has quit IRC		16:00
*** xchu has quit IRC		16:00
dolphm	ayoung: because access keys are basically public	16:00
dolphm	ayoung: you could theoretically list them for another user, for example	16:01
dolphm	ayoung: stevemar had a more significant blocker... but i'm failing to remember it off hand	16:01
*** anteaya has quit IRC		16:01
*** xga__ has joined #openstack-dev		16:02
*** markwash has joined #openstack-dev		16:02
openstackgerrit	A change was merged to openstack/nova: Remove unsafe XML parsing https://review.openstack.org/40879	16:02
openstackgerrit	A change was merged to openstack/nova: Remove dead capabilities code https://review.openstack.org/40044	16:02
openstackgerrit	A change was merged to openstack/nova: xenapi: no image upload retry on certain errors https://review.openstack.org/39060	16:02
*** dina_belova has joined #openstack-dev		16:03
ayoung	dolphm, was the oauth api change abandonded?	16:03
dolphm	ayoung: no?	16:03
dolphm	ayoung: https://review.openstack.org/#/c/36613/	16:03
ayoung	I'm looking for it, not seeing it...	16:03
ayoung	thanks	16:03
*** lukego has quit IRC		16:04
*** datsun180b has quit IRC		16:04
*** stevemar has quit IRC		16:04
*** dina_belova has quit IRC		16:04
*** xga_ has quit IRC		16:04
*** jtomasek has quit IRC		16:07
*** nijaba has quit IRC		16:07
*** xga__ has quit IRC		16:07
*** emagana has joined #openstack-dev		16:07
openstackgerrit	A change was merged to openstack/cinder: Use utils.safe_minidom_parse_string in extensions https://review.openstack.org/40881	16:07
openstackgerrit	A change was merged to openstack/nova: Update BareMetal driver to current nova.network.model https://review.openstack.org/38297	16:08
*** lucasagomes_ has joined #openstack-dev		16:08
*** qba73 has joined #openstack-dev		16:08
*** ruhe has quit IRC		16:09
*** gordc has quit IRC		16:09
*** qba73 has quit IRC		16:09
ayoung	dolphm, http://oauth.net/core/1.0a/#auth_step3 the consumer needs to sign the request to get the access token. Assuming that there is some validation of this key from the earlier step, I think that this is better than "give me a token and I'll give you a token."	16:09
*** alop has joined #openstack-dev		16:10
*** SergeyLukjanov has quit IRC		16:11
dolphm	ayoung: it's not "give me a token and i'll give you a token", it's "give me an authorized token and a signing key, and i'll make a signed request for an identity token to both identify myself and receive my delegated authorization"	16:12
dolphm	e.g. POST /v3/auth/tokens becomes a signed oauth request	16:12
*** ytwu1 has joined #openstack-dev		16:13
*** ytwu has quit IRC		16:13
dolphm	ayoung: body = {'auth': {'identity': {'methods': ['oauth1']}}} + standard oauth authorization header	16:13
*** mkollaro has joined #openstack-dev		16:13
*** lexinator has quit IRC		16:14
*** litong has quit IRC		16:14
*** lexinator has joined #openstack-dev		16:14
*** fbo is now known as fbo_away		16:14
ayoung	dolphm, maybe I am missing something. If a consumer has a request token, and they exchange that for an access token, they sign that request.	16:15
dolphm	ayoung: yes	16:15
ayoung	and only the consumer can sign that request, so why not just give them a keystone token at that point?	16:16
*** SumitNaiksatam has quit IRC		16:16
dolphm	ayoung: because the resulting access token is not a secret	16:16
*** wu_wenxiang has quit IRC		16:16
ayoung	dolphm, it probably should be	16:16
ayoung	why would it be public?	16:17
dolphm	ayoung: because it's just an identifier	16:17
*** lucasagomes_ has quit IRC		16:17
dolphm	ayoung: it's like a randomly generated name	16:17
ayoung	dolphm, I'm not sure that the Oauth spec determines that. let me look	16:18
dolphm	ayoung: thanks; if there's room in the spec for it to be private, i'd be interested (i'd love to find a clever way to merge this with our existing tokens as well)	16:19
*** tiamar has joined #openstack-dev		16:19
*** bismigalis has left #openstack-dev		16:19
*** aelkikhia has joined #openstack-dev		16:20
dolphm	ayoung: "The Consumer Secret and Token Secret function the same way passwords do in traditional authentication systems." <-- the fact that keys are not considered in that statement is a red flag to me	16:20
*** safchain has quit IRC		16:20
*** pmathews has quit IRC		16:21
ayoung	dolphm, aside from the fact that our tokens a gigantic, I think that they would fit in fine as the access token. The final step, http://oauth.net/core/1.0a/#anchor12 accessing protected resources, is really what Keystone tokens are doing now anyway. So, with oauth, we link our tokens with a signature mechanism. Not much different than the token binding jamielennox was working on	16:21
*** reed has joined #openstack-dev		16:21
*** pschaef has quit IRC		16:21
*** jcoufal has quit IRC		16:22
*** kenperkins has quit IRC		16:22
dolphm	ayoung: i understand the idea :) literally the exact same line of thinking i had	16:22
*** aelkikhia1 has quit IRC		16:23
ayoung	dolphm, I would guess because access tokens are ephemeral, and not expected to be persisted at all	16:23
*** comay has quit IRC		16:23
*** MaxV has quit IRC		16:23
ayoung	dolphm, since there is no secret passed in step 7, it must be the access token that acts as the secret.	16:24
*** garyk has joined #openstack-dev		16:24
dolphm	ayoung: what's step 7?	16:24
ayoung	http://oauth.net/core/1.0a/#anchor12 dolphm	16:24
*** bswartz has quit IRC		16:25
dolphm	ayoung: oh no, the access token secret from 6.3.2 applies there	16:25
*** gordc has joined #openstack-dev		16:25
dolphm	ayoung: that's how step 7 requests are signed	16:25
*** epim_ has joined #openstack-dev		16:25
dolphm	ayoung: (the secret is never passed back to anyone, ever)	16:26
*** gordc has left #openstack-dev		16:26
dolphm	it's just transmitted ocne	16:26
dolphm	from service provider to consumer	16:26
*** jistr has joined #openstack-dev		16:26
dolphm	ayoung: maybe section 11.3 helps explain that a bit better?	16:26
dolphm	ayoung: the secret ensures integrity, but the access key is passed without any confidentiality	16:27
*** svarnau has joined #openstack-dev		16:27
dolphm	ayoung: logging for a bit to relocate	16:27
dolphm	ayoung: bbl	16:27
*** dolphm has quit IRC		16:27
*** gordc has joined #openstack-dev		16:27
*** jimfehlig has joined #openstack-dev		16:27
*** xBsd has quit IRC		16:28
*** martyntaylor has quit IRC		16:28
*** __cyril__ has joined #openstack-dev		16:30
*** ydacheville_ has joined #openstack-dev		16:31
*** yaguang has quit IRC		16:31
*** yaguang has joined #openstack-dev		16:31
*** moted has quit IRC		16:31
*** ytwu has joined #openstack-dev		16:31
*** moted has joined #openstack-dev		16:32
*** lexinator has quit IRC		16:32
*** ydacheville has quit IRC		16:32
openstackgerrit	A change was merged to openstack/oslo-incubator: Don't attempt to patch eventlet without the patch https://review.openstack.org/40899	16:32
*** pmathews has joined #openstack-dev		16:33
*** lexinator has joined #openstack-dev		16:33
*** ytwu1 has quit IRC		16:33
*** Ryan_Lane has joined #openstack-dev		16:35
*** kpavel_ has joined #openstack-dev		16:38
*** yaguang has quit IRC		16:38
*** jimjiang has quit IRC		16:38
*** jimjiang has joined #openstack-dev		16:39
*** bdpayne has joined #openstack-dev		16:40
*** kpavel has quit IRC		16:40
* __cyril__ could definitely use some reviews on trivial patches (https://review.openstack.org/#/c/37030/ , https://review.openstack.org/#/c/39705/ , https://review.openstack.org/#/c/39944/ )		16:41
*** markmcclain has joined #openstack-dev		16:42
*** xqueralt is now known as xqueralt-afk		16:42
*** kpavel_ has quit IRC		16:43
*** SumitNaiksatam has joined #openstack-dev		16:43
*** stevemar has joined #openstack-dev		16:44
mordred	markwash, iccha: most important, https://review.openstack.org/#/c/40300/ and a new release - but also https://review.openstack.org/#/c/27222/ and https://review.openstack.org/#/c/40274/ please?	16:45
markwash	mordred: thanks for the heads up!	16:45
mordred	markwash: sure thing! it's my week to chase down finishing this crud up :)	16:46
*** Thor^^ is now known as Thor		16:47
*** anteaya has joined #openstack-dev		16:47
*** emagana has quit IRC		16:48
hartsocks	mordred: I gave my 2-bits on a the last two… they were small enough.	16:49
mordred	flaper87: ^^ also perhaps you on the three reviews above? if you're around?	16:50
*** ruhe has joined #openstack-dev		16:51
*** lucasagomes has joined #openstack-dev		16:53
*** otherwiseguy has quit IRC		16:53
*** ytwu1 has joined #openstack-dev		16:54
*** mrodden has quit IRC		16:55
*** ytwu has quit IRC		16:55
*** mrodden has joined #openstack-dev		16:56
*** jgriffith has quit IRC		16:57
*** ytwu has joined #openstack-dev		16:57
*** eglynn has joined #openstack-dev		16:58
*** pabelanger has quit IRC		16:58
*** ytwu1 has quit IRC		16:58
*** SumitNaiksatam has quit IRC		16:58
*** jgriffith has joined #openstack-dev		16:58
*** dolphm has joined #openstack-dev		17:01
*** lexinator has quit IRC		17:01
*** pabelanger has joined #openstack-dev		17:01
*** ifarkas has quit IRC		17:03
apevec	ttx, adam_g, draft relnotes, please review https://wiki.openstack.org/wiki/ReleaseNotes/2013.1.3	17:04
*** lexinator has joined #openstack-dev		17:04
*** SumitNaiksatam has joined #openstack-dev		17:05
*** dina_belova has joined #openstack-dev		17:05
*** obondarev_ has quit IRC		17:07
*** comay has joined #openstack-dev		17:07
*** dina_belova has quit IRC		17:08
*** alop_ has joined #openstack-dev		17:08
*** alop has quit IRC		17:09
*** gkotton has joined #openstack-dev		17:09
*** rwsu-away is now known as rwsu		17:12
*** garyk has quit IRC		17:12
*** gkotton is now known as garyk		17:12
stevemar	ayoung: I had ISP troubles :( did dolphm answer you questions?	17:12
dolphm	ayoung: stevemar: o/	17:12
ayoung	stevemar, we were not there yet	17:12
ayoung	stevemar, I think that 1) access tokens stay secret and 2) access tokens are Keystone tokens	17:13
ayoung	I think the whole system will work better. THe killer argument is this	17:13
ayoung	we can then use the step 7 signing apporach for requests throughout openstack	17:13
ayoung	http://oauth.net/core/1.0a/#anchor12	17:14
ayoung	right now, a keystone token is not associated with a pkey	17:14
*** alop_ has quit IRC		17:14
morganfainberg	dolphm: if you don't mind, i'm going to upload a fix to your configurable password length path to address both bknudson's and my issues	17:14
morganfainberg	s/path/patch	17:14
ayoung	now, I am not a huge fan of reimplementing TLS at the application layer	17:14
ayoung	but since Oauth seems to be the most sensible way to do that for HTTP, we should be able to take advantage of it	17:15
*** wfoster is now known as wfoster_away		17:15
ayoung	and yes, IU realize it is not really TLS	17:15
*** dina_belova has joined #openstack-dev		17:15
ayoung	just that it does the signing, which provides a degree of proof that the the token is held by someone that is authorized to hold it	17:15
stevemar	ayoung: reading step7, 1 sec	17:16
ayoung	stevemar, I would suspect that a reasonable extension to Keystone tokens in support of OAuth would be to embed the publivc key inside the CMS token body.	17:16
openstackgerrit	A change was merged to openstack/nova: xenapi: remove propagate xenapi_use_agent key https://review.openstack.org/38637	17:17
*** fbo_away is now known as fbo		17:17
ayoung	stevemar, otherwise, we require an additional round trip to keystone, and I don't see the value.	17:18
*** xmltok has joined #openstack-dev		17:19
dolphm	ayoung: i'd like to have some oauth_token middleware to support step 7 across OS as well :)	17:19
dolphm	ayoung: thoughts for icehouse!	17:19
ayoung	dolphm, +1	17:19
stevemar	ayoung: yeah, this all seems a bit too late for H :)	17:19
dolphm	morganfainberg: please do	17:19
*** nati_ueno has joined #openstack-dev		17:19
morganfainberg	dolphm: sounds good.	17:19
stevemar	ayoung: I'm not sure I like access tokens being keystone tokens	17:19
ayoung	dolphm, that is what we are trying to do with the binding stuff: both oauth and SSL make use of PKI, and that makes tokens more secure, but it means we need to deal with delegations	17:20
*** emagana has joined #openstack-dev		17:20
*** dina_belova has quit IRC		17:20
*** alexb_ has joined #openstack-dev		17:20
*** bswartz has joined #openstack-dev		17:20
ayoung	stevemar, another argument is that with 3 types of tokens, we have 3 things we could lose and we need to control. We can keep that down to two.	17:21
dolphm	ayoung: a user can "delegate" to themselves (make themselves a consumer)	17:21
dolphm	ayoung: i see that as an argument for keeping them seperated	17:21
openstackgerrit	A change was merged to openstack/python-glanceclient: Show a pretty progressbar when uploading and downloading an image. https://review.openstack.org/26955	17:21
dolphm	ayoung: if you start mixing them up, compromising one compromises them all	17:21
ayoung	dolphm, yep, and I can see value of that. I was referring to the fact that a token is right now carried along with a long workflow	17:21
ayoung	dolphm, no, I don't think that is the case	17:22
morganfainberg	dolphm: oh yes, oauth middleware +1!	17:22
ayoung	dolphm, if I make myself a consumer, I need to use my consumer id etc to get another token	17:22
dolphm	ayoung: well, by keeping them separate, you increase security by some margin... by combining them you just maintain the status quo	17:22
dolphm	(at the very least)	17:22
ayoung	I would state that oauth tokens should be hed to the same rule as turst tokens: you can;t use one to get another keystone token.	17:23
ayoung	added complexity often decreses security, not increases it. I think that might be the case here	17:23
dolphm	ayoung: consumer_id is our thing; you'd really be using consumer_key + consumer_token, which any oauth lib is already equipped to handle	17:23
dolphm	consumer_key + consumer_secret **	17:23
dolphm	and access_key + access_secret, if you have them	17:24
*** HenryG has quit IRC		17:25
*** spzala_ has joined #openstack-dev		17:26
*** Ryan_Lane has quit IRC		17:26
*** ifarkas has joined #openstack-dev		17:27
ayoung	dolphm, assume for a momenth that step 7 refers not just to Keystone, but to any system in openstack. That system would then need to call back to keystone to confiurm the token Id. THis is just like UUID tokens. Now, we can optimie that with PKI...which leads us to PKI tokens. I think they are the same thing, the same level of abstraction	17:28
*** gkotton has joined #openstack-dev		17:28
*** networkstatic has joined #openstack-dev		17:28
*** ruhe has quit IRC		17:28
*** cmark has quit IRC		17:29
ayoung	stevemar, think about it. It makes Oauth more of a first class citizen in the OpenStack world, which is what we are driving for.	17:29
*** garyk has quit IRC		17:30
*** gkotton is now known as garyk		17:30
*** spzala has quit IRC		17:30
dolphm	ayoung: you can sign access keys too, and get the existing offline validation benefits of PKI	17:31
ayoung	dolphm, absolutely.	17:31
ayoung	dolphm, the thing is, this is really what Keystone tokens should have been all along	17:32
dolphm	ayoung: yep	17:32
*** spzala_ has quit IRC		17:32
ayoung	but we still need to carry a token along on workflow from machine to machine	17:32
dolphm	ayoung: the current API proposal doesn't prevent any of this: correct?	17:32
ayoung	dolphm, correct. It just adds the step where you exchange an access token for a Keystone token	17:32
ayoung	and I actually don't like that	17:32
ayoung	well	17:33
dolphm	ayoung: the spec doesn't block you from implementing that differently	17:33
ayoung	I want to make sure that you can only get a keystone token scoped to the oauth consumer as based on the access token	17:33
ayoung	I don't want an elevation of proivs	17:33
dolphm	ayoung: i don't follow?	17:33
*** gkotton has joined #openstack-dev		17:33
dolphm	ayoung: the keystone token is scoped to the project as requested by the consumer and explicitly authorized by the identity user	17:34
ayoung	dolphm, if I can turn a token into another token, with different roles, it violates the delegation setup of the consumer/access key	17:34
ayoung	right, this is the same thing as trust tokens, and I think his mechanism is fine.	17:34
ayoung	Sorry to lead off on a tangent	17:34
dolphm	ayoung: definitely cannot, unless you start the process over (a consumer could have many access tokens with different authz)	17:34
simo	dolphm: with delegations you drop a number of privileges so that the app you deleate can do only what it is supposed to do	17:35
dolphm	ayoung: not at all	17:35
dolphm	ayoung: tear this apart! let's get it right	17:35
simo	if you return a ful token the application has all the privileges back	17:35
dolphm	simo: correct	17:35
ayoung	dolphm, so, the real question is "does splitting access tokens and keystone tokens provide any value" and so far I see none. And, with that, it isjust added complexity	17:35
*** gkotton_ has joined #openstack-dev		17:35
*** datsun180b has joined #openstack-dev		17:36
ayoung	simo, we guard against that. It was addressed ion an earlier review	17:36
*** mrodden1 has joined #openstack-dev		17:36
*** garyk has quit IRC		17:36
*** mrodden has quit IRC		17:36
*** gkotton_ is now known as garyk		17:36
dolphm	stevemar: i swear you had a really good point about why keystone tokens couldn't serve as access token keys... remember it?	17:37
stevemar	dolphm: totally breaks any oauth library from the client point of view?	17:37
*** crazed has quit IRC		17:37
ayoung	stevemar, nope	17:37
dolphm	stevemar: my argument is just based on paranoia (access token id's could be publicly readable, depending on policy impl)	17:37
ayoung	stevemar, a keystone token is just a blob	17:37
ayoung	an oauth token is as well	17:37
dolphm	stevemar: how?	17:37
dolphm	ayoung: agree there, for sure	17:37
*** Hien has quit IRC		17:38
*** dprince has quit IRC		17:38
*** gkotton has quit IRC		17:38
stevemar	in most oauth libraries an oauth access token is just a key/secret that is supplied, and it's used during signing.	17:39
*** SergeyLukjanov has joined #openstack-dev		17:39
ayoung	dolphm, and, actually, even that paranoia goes away with PKI. So what if it is world readable, if it needs to be used in conjunction with a private key that signs the request?	17:39
dolphm	ayoung: but existing keystone tokens are NOT	17:40
*** xmltok has quit IRC		17:40
*** xmltok has joined #openstack-dev		17:40
ayoung	dolphm, I know. and I contemplated putting one in there...I was half way to reimplementing this and I stopped	17:40
*** gkotton has joined #openstack-dev		17:40
dolphm	ayoung: i mean they're not public... they're secrets that grant authz... and we'll need to support both methods side by side for quite a while	17:41
ayoung	dolphm, the better solution is to tie to the certificate used to set up TLS. THen you get security. on MIM attacks, etc	17:41
dolphm	ayoung: oauth + existing tokens, etc	17:41
ayoung	yep.	17:41
*** malini1 has joined #openstack-dev		17:41
stevemar	dolphm: ayoung: if we start returning keystone token at /access_token, then we run the risk of not following the spec	17:41
dolphm	ayoung: oauth already protects against mim -- not sure what you're suggesting on adding?	17:42
ttx	apevec: lookign at rel notes	17:42
*** sarob has joined #openstack-dev		17:42
ayoung	dolphm, I'm going to let this settle for a bit. T his is pretty much where we ended up with trusts.	17:42
dolphm	(protects against mim after consumer creation, at least)	17:42
dolphm	(... which is out of scope for oauth actually)	17:42
ttx	apevec: looks good at first glance	17:42
apevec	ttx, thanks for the review	17:43
ayoung	dolphm, sorry, should have been more specific. I merely meant that it protects against a broader class of attacks than just MIM. No snooping, and also short term tokens provide authorization suport, not just authentication. You rally need both together, and TLS provides the best basis for it	17:43
*** garyk has quit IRC		17:43
*** gkotton is now known as garyk		17:43
ayoung	as the Oauth spec states outright	17:43
dolphm	ayoung: right	17:43
dolphm	ayoung: still, oauth is better than where we're at today	17:44
ayoung	dolphm, well, trusts and token binding are both there, but oauth is a good tool in the toolbox as well	17:44
radez	Could anyone lend a hand with Trove? I'm working through setting it up outside of devstack and having some trouble with figuring out how it's doing authentication	17:44
ayoung	none of this means jack without client support	17:44
*** xmltok_ has joined #openstack-dev		17:44
stevemar	ayoung: i've been updating keystone client too :O	17:45
markwash	mordred: ttx: I will release a new python glanceclient this afternoon. . no more excuses from me!	17:45
ayoung	dolphm, I took a first stab at dealing with the "carry the token along the workflow" problem here: https://blueprints.launchpad.net/keystone/+spec/delegation-workplans	17:46
ttx	markwash: awesome!	17:46
ayoung	stevemar, we really would want a middleware comparable to auth_token. If oauth tokens are keystone tokens, we can just add the signing support into that	17:46
*** xmltok has quit IRC		17:47
mordred	markwash: yay! thanks!	17:47
ayoung	stevemar, otherwise, when we go to use a keystone token, and it comes from oauth, we lose the chain of the pki signing	17:47
ayoung	or we need to include the oauth key anyway	17:47
dolphm	ayoung: client support is actually really easy	17:47
dolphm	ayoung: it's this stuff that's complicated :)	17:47
*** avishay has joined #openstack-dev		17:48
dolphm	food time! bbl	17:48
*** dolphm has quit IRC		17:48
*** ayoung is now known as ayoung-afk		17:48
stevemar	gah, i was just going to ask dolphm something!	17:49
stevemar	no food for him	17:49
*** lucasagomes has left #openstack-dev		17:50
stevemar	morganfainberg: congrats (hope i'm not jinxing it) on your impending core level of excellence	17:50
*** freedomhui has quit IRC		17:50
*** annegentle is now known as annegentle_vacay		17:53
*** eglynn has quit IRC		17:54
*** _TheDodd_ has quit IRC		17:55
*** jprovazn has quit IRC		17:56
*** bashok has joined #openstack-dev		17:56
*** nachi has quit IRC		17:57
*** mrodden has joined #openstack-dev		17:57
*** mdomsch has joined #openstack-dev		17:59
*** ytwu1 has joined #openstack-dev		17:59
*** mrodden1 has quit IRC		18:01
*** ytwu has quit IRC		18:02
*** xqueralt-afk is now known as xqueralt		18:02
*** _TheDodd_ has joined #openstack-dev		18:02
morganfainberg	stevemar: i am sure you're not jinxing it :P	18:03
*** xqueralt is now known as xqueralt-afk		18:03
stevemar	didn't think so either :P	18:03
*** kevinconway has joined #openstack-dev		18:04
*** krtaylor has quit IRC		18:04
*** kpavel has joined #openstack-dev		18:04
*** matel has joined #openstack-dev		18:04
morganfainberg	dolphm: the configurable length password changeset went to abandoned, I don't think I can revive it from the dead. in these cases, it's just easier to make a new changeid, right?	18:04
openstackgerrit	A change was merged to openstack/nova: Fix typo in compute.rpcapi comments https://review.openstack.org/40506	18:05
*** matel has quit IRC		18:05
*** eglynn has joined #openstack-dev		18:07
*** ndipanov is now known as ndipanov_gone		18:07
*** crazed has joined #openstack-dev		18:08
morganfainberg	i did a new-changeset, least path of resistence i think.	18:08
*** jbresnah has quit IRC		18:08
*** xqueralt-afk is now known as xqueralt		18:10
*** ayoung-afk has quit IRC		18:13
*** alexb_ has quit IRC		18:14
openstackgerrit	A change was merged to openstack/tempest: Change logging in stress test https://review.openstack.org/40566	18:15
*** stevemar has quit IRC		18:15
*** stevemar has joined #openstack-dev		18:15
*** jpich has joined #openstack-dev		18:15
*** dina_belova has joined #openstack-dev		18:15
*** Rafael_Gomes has quit IRC		18:16
*** dina_belova has quit IRC		18:20
*** alexb_ has joined #openstack-dev		18:20
*** otherwiseguy has joined #openstack-dev		18:20
*** aelkikhia has quit IRC		18:20
*** mikal has quit IRC		18:22
*** mikal has joined #openstack-dev		18:23
*** zaitcev has joined #openstack-dev		18:25
*** sushils has quit IRC		18:27
*** zul has quit IRC		18:28
*** sarob has quit IRC		18:29
*** sarob has joined #openstack-dev		18:29
*** aelkikhia has joined #openstack-dev		18:33
*** portante\|afk is now known as portante		18:33
*** ytwu has joined #openstack-dev		18:34
*** nachi has joined #openstack-dev		18:34
*** sarob has quit IRC		18:34
*** ytwu1 has quit IRC		18:35
*** alop has joined #openstack-dev		18:37
*** danwent has quit IRC		18:38
*** berendt has quit IRC		18:40
*** jruzicka has quit IRC		18:42
*** ytwu1 has joined #openstack-dev		18:43
*** pabelanger has quit IRC		18:43
*** markwash has quit IRC		18:44
*** dolphm has joined #openstack-dev		18:45
*** ytwu has quit IRC		18:45
*** ytwu has joined #openstack-dev		18:45
*** mfer has joined #openstack-dev		18:45
openstackgerrit	A change was merged to openstack/cinder: Set lock_path in tests https://review.openstack.org/40662	18:45
*** alexb_ has quit IRC		18:46
*** pabelanger has joined #openstack-dev		18:47
cburgess	jgriffith: ping	18:47
*** ytwu1 has quit IRC		18:48
*** psedlak has quit IRC		18:48
*** ytwu1 has joined #openstack-dev		18:49
*** novas0x2a\|laptop has joined #openstack-dev		18:49
*** garyk has quit IRC		18:49
*** ytwu has quit IRC		18:49
jgriffith	cburgess: pong	18:52
*** garyk has joined #openstack-dev		18:53
*** malini1 has left #openstack-dev		18:54
openstackgerrit	A change was merged to openstack/cinder: Refactoring of create_volume to use taskflow. https://review.openstack.org/29862	18:54
*** bdpayne has quit IRC		18:54
cburgess	jgriffith: Can I pm you?	18:54
jgriffith	cburgess: sure	18:54
stevemar	gordc: test ping	18:54
*** epim_ has quit IRC		18:55
stevemar	gordc: test ping number 2!	18:56
*** wolfdreamer has joined #openstack-dev		18:57
*** mkollaro has quit IRC		18:57
*** morazi has quit IRC		18:58
*** jcoufal has joined #openstack-dev		18:58
*** mdomsch has quit IRC		18:58
*** jonesld has joined #openstack-dev		18:59
*** aloga has quit IRC		19:00
*** melwitt has joined #openstack-dev		19:02
*** ruhe_ has joined #openstack-dev		19:02
*** mdomsch has joined #openstack-dev		19:03
*** lcheng has joined #openstack-dev		19:03
*** mdomsch has quit IRC		19:04
*** _TheDodd_ has quit IRC		19:04
*** dina_belova has joined #openstack-dev		19:04
*** alexb_ has joined #openstack-dev		19:05
roaet	Good day. Is anyone available to explain SampleAPI tests and how to properly create one?	19:05
roaet	Maybe it's a nova specific thing.	19:05
*** sarob has joined #openstack-dev		19:06
*** sarob has quit IRC		19:07
*** sarob has joined #openstack-dev		19:08
*** martine_ has joined #openstack-dev		19:09
*** qba73 has joined #openstack-dev		19:09
*** kenperkins has joined #openstack-dev		19:09
*** _TheDodd_ has joined #openstack-dev		19:11
*** bashok has quit IRC		19:11
*** ytwu has joined #openstack-dev		19:11
*** bashok has joined #openstack-dev		19:11
*** ytwu1 has quit IRC		19:11
*** FunnyLookinHat has quit IRC		19:12
*** sarob has quit IRC		19:12
*** alexb_ has quit IRC		19:13
*** numero8 has joined #openstack-dev		19:13
*** jmontemayor has joined #openstack-dev		19:14
*** ruhe_ has quit IRC		19:14
*** radez is now known as radez_g0n3		19:15
*** alexb_ has joined #openstack-dev		19:17
*** briancurtin has joined #openstack-dev		19:17
*** jcoufal has quit IRC		19:18
*** radez_g0n3 is now known as radez		19:18
*** jbresnah has joined #openstack-dev		19:19
*** briancurtin has quit IRC		19:19
stevemar	dolphm ping	19:20
dolphm	stevemar: pong	19:20
stevemar	dolphm: moving the keystone token generation to /auth/tokens is causing all sorts of crazy	19:21
dolphm	stevemar: how so	19:21
stevemar	err, moving the 'getting an oauth based token... "	19:21
stevemar	the 'scope' seems to be an issue	19:21
lifeless	jprovazn: pong	19:21
dolphm	stevemar: can you post broken code or something?	19:22
stevemar	dolphm: done lunch right?	19:22
stevemar	yeah	19:22
*** ruhe has joined #openstack-dev		19:22
*** bdpayne has joined #openstack-dev		19:22
*** dina_belova has quit IRC		19:23
stevemar	dolphm: changes i've been tinkering with	19:26
stevemar	http://paste.openstack.org/show/43626/	19:26
*** ytwu1 has joined #openstack-dev		19:26
*** ytwu has quit IRC		19:27
*** msmedved has joined #openstack-dev		19:27
*** FunnyLookinHat has joined #openstack-dev		19:28
*** adalbas has quit IRC		19:29
*** romcheg has quit IRC		19:31
*** mfer has quit IRC		19:33
*** mrodden1 has joined #openstack-dev		19:35
*** mrodden has quit IRC		19:36
*** sarob has joined #openstack-dev		19:36
*** dina_belova has joined #openstack-dev		19:37
*** sarob has quit IRC		19:39
*** _TheDodd_ has quit IRC		19:39
*** sarob has joined #openstack-dev		19:39
*** nayward has quit IRC		19:40
*** portante is now known as portante\|afk		19:40
*** dina_belova has quit IRC		19:41
*** sarob has quit IRC		19:43
*** adalbas has joined #openstack-dev		19:44
*** ytwu has joined #openstack-dev		19:44
*** ifarkas has quit IRC		19:45
*** ytwu1 has quit IRC		19:45
openstackgerrit	A change was merged to openstack/nova: Catch ldap ImportError https://review.openstack.org/40261	19:45
*** kenperkins has quit IRC		19:46
*** vipul is now known as vipul-away		19:46
*** kenperkins has joined #openstack-dev		19:46
dolphm	stevemar: cool, will play with it in a minute	19:47
*** gyee has joined #openstack-dev		19:47
*** changbl has quit IRC		19:48
*** _TheDodd_ has joined #openstack-dev		19:48
*** jistr has quit IRC		19:50
*** changbl has joined #openstack-dev		19:50
stevemar	dolphm: did you want the delegated auth core.py file split into routers/controllers?	19:51
*** safchain has joined #openstack-dev		19:52
*** safchain has quit IRC		19:52
*** annegentle_vacay has quit IRC		19:53
*** bdpayne has quit IRC		19:53
*** ytwu1 has joined #openstack-dev		19:55
*** bdpayne has joined #openstack-dev		19:55
*** pcm__ has quit IRC		19:55
*** ytwu has quit IRC		19:56
*** markwash has joined #openstack-dev		19:57
*** drewlander has quit IRC		19:58
*** sandywalsh has quit IRC		19:59
*** kenperkins has quit IRC		20:00
*** vipul-away is now known as vipul		20:02
*** bashok has quit IRC		20:02
*** dvarga has quit IRC		20:02
*** pixelbeat has quit IRC		20:03
*** mfer has joined #openstack-dev		20:05
*** mfer has quit IRC		20:05
*** pabelanger has quit IRC		20:06
*** diogogmt has quit IRC		20:06
*** aelkikhia1 has joined #openstack-dev		20:07
*** networkstatic has quit IRC		20:10
*** briancurtin has joined #openstack-dev		20:10
*** vkmc has quit IRC		20:10
*** jkyle has quit IRC		20:10
*** emagana has quit IRC		20:10
*** aelkikhia has quit IRC		20:10
*** sandywalsh has joined #openstack-dev		20:10
*** emagana has joined #openstack-dev		20:11
*** radez is now known as radez_g0n3		20:12
*** noslzzp has joined #openstack-dev		20:13
*** locke105 has quit IRC		20:13
*** morazi has joined #openstack-dev		20:14
*** briancurtin has quit IRC		20:15
*** radix has left #openstack-dev		20:15
*** alop has quit IRC		20:17
*** FunnyLookinHat has quit IRC		20:17
*** mrodden has joined #openstack-dev		20:17
*** alexpilotti has joined #openstack-dev		20:19
*** locke105 has joined #openstack-dev		20:19
*** mrodden1 has quit IRC		20:20
*** vipul is now known as vipul-away		20:22
*** dkranz has quit IRC		20:23
*** READ10 has quit IRC		20:23
*** aelkikhia1 has quit IRC		20:24
*** topol has quit IRC		20:25
*** READ10 has joined #openstack-dev		20:26
*** FunnyLookinHat has joined #openstack-dev		20:33
*** tmclaugh[work] has quit IRC		20:33
*** alop has joined #openstack-dev		20:36
*** sarob has joined #openstack-dev		20:39
*** ytwu has joined #openstack-dev		20:40
*** ruhe has quit IRC		20:41
*** ytwu1 has quit IRC		20:41
*** dina_belova has joined #openstack-dev		20:42
*** vipul-away is now known as vipul		20:43
*** READ10 has quit IRC		20:43
*** READ10 has joined #openstack-dev		20:45
*** danwent has joined #openstack-dev		20:45
*** dina_belova has quit IRC		20:46
*** woodspa has quit IRC		20:47
openstackgerrit	A change was merged to openstack/glance: BaseException.message is deprecated since Python 2.6 https://review.openstack.org/38532	20:48
*** dani4571 has joined #openstack-dev		20:49
*** xqueralt is now known as xqueralt-afk		20:49
*** alunduil has quit IRC		20:50
*** mfer has joined #openstack-dev		20:51
*** noslzzp has quit IRC		20:51
openstackgerrit	A change was merged to openstack/neutron: Imported Translations from Transifex https://review.openstack.org/40950	20:51
*** dina_belova has joined #openstack-dev		20:52
*** ayoung_ has joined #openstack-dev		20:52
*** noslzzp has joined #openstack-dev		20:52
*** jpich has quit IRC		20:52
*** SergeyLukjanov has quit IRC		20:54
*** SergeyLukjanov has joined #openstack-dev		20:54
*** jmontemayor has quit IRC		20:56
*** markwash has quit IRC		20:56
*** dina_belova has quit IRC		20:56
*** svarnau has quit IRC		21:01
*** dolphm has quit IRC		21:01
*** sarob has quit IRC		21:01
*** sarob has joined #openstack-dev		21:02
*** mfer has quit IRC		21:03
*** briancurtin has joined #openstack-dev		21:03
*** Hien has joined #openstack-dev		21:03
*** redbeard2 has quit IRC		21:04
*** rfolco has quit IRC		21:06
*** pnavarro has quit IRC		21:06
*** topol has joined #openstack-dev		21:07
*** sarob has quit IRC		21:07
*** galstrom is now known as galstrom_zzz		21:07
*** msbrown has quit IRC		21:08
*** apevec has quit IRC		21:09
*** bswartz has quit IRC		21:10
*** redbeard2 has joined #openstack-dev		21:11
*** numero8 has quit IRC		21:12
*** krtaylor has joined #openstack-dev		21:13
*** qba73 has quit IRC		21:13
*** briancurtin has quit IRC		21:15
*** hellome has quit IRC		21:17
*** hartsocks has quit IRC		21:17
*** jf-jenni has quit IRC		21:17
*** hartsocks has joined #openstack-dev		21:17
*** litong has joined #openstack-dev		21:18
*** martine_ has quit IRC		21:18
*** hellome has joined #openstack-dev		21:19
*** mfer has joined #openstack-dev		21:23
openstackgerrit	A change was merged to openstack-dev/devstack: Add tools/install_pip.sh https://review.openstack.org/39827	21:23
*** henrynash has quit IRC		21:24
*** sarob has joined #openstack-dev		21:25
*** dansmith has quit IRC		21:28
openstackgerrit	A change was merged to openstack/nova: Fix instance_usage_audit_log v3 follow REST principles https://review.openstack.org/39041	21:31
*** vipul is now known as vipul-away		21:31
stevemar	dolphm: ping	21:32
*** bugsduggan has quit IRC		21:32
*** jayg is now known as jayg\|g0n3		21:33
*** boden has quit IRC		21:33
*** bugsduggan has joined #openstack-dev		21:33
*** dansmith_ has joined #openstack-dev		21:34
*** dansmith_ is now known as dansmith		21:35
*** alunch has quit IRC		21:35
*** nayward has joined #openstack-dev		21:36
*** neelashah has quit IRC		21:39
*** annegentle has joined #openstack-dev		21:40
*** nayward has quit IRC		21:40
*** kbringard has quit IRC		21:42
*** pixelbeat has joined #openstack-dev		21:42
*** litong has quit IRC		21:45
*** beagles is now known as beagles_biab		21:48
*** numero8 has joined #openstack-dev		21:48
*** numero8 has quit IRC		21:49
*** nachi has quit IRC		21:49
*** __cyril__ has quit IRC		21:50
*** topol has quit IRC		21:52
*** dina_belova has joined #openstack-dev		21:52
*** redbeard2 has quit IRC		21:52
*** nachi has joined #openstack-dev		21:53
*** nachi_ has joined #openstack-dev		21:53
*** rharwood has quit IRC		21:54
*** markmcclain has quit IRC		21:54
openstackgerrit	A change was merged to openstack/cinder: Add minimum features in HDS driver (for Havana & Icehouse) https://review.openstack.org/39841	21:56
*** dina_belova has quit IRC		21:57
*** mfer has quit IRC		21:59
*** SergeyLukjanov has quit IRC		21:59
*** romcheg has joined #openstack-dev		22:00
*** vipul-away is now known as vipul		22:01
*** hellome has quit IRC		22:02
*** dani4571 has quit IRC		22:03
*** kenperkins has joined #openstack-dev		22:04
*** nachi_ has quit IRC		22:04
*** nachi has quit IRC		22:04
*** burt has quit IRC		22:07
*** jecarey has quit IRC		22:07
*** gordc_ has joined #openstack-dev		22:09
*** hellome has joined #openstack-dev		22:09
*** gordc_ has quit IRC		22:09
*** gordc_ has joined #openstack-dev		22:09
openstackgerrit	A change was merged to openstack/glance: Fixes Opt types in glance/notifier/notify_kombu.py https://review.openstack.org/37178	22:09
openstackgerrit	A change was merged to openstack/nova: Spelling correction in test_glance.py https://review.openstack.org/40737	22:09
*** briancurtin has joined #openstack-dev		22:11
*** lbragstad has quit IRC		22:14
*** gordc_ has quit IRC		22:14
*** noslzzp has quit IRC		22:15
*** romcheg has quit IRC		22:15
*** markmcclain has joined #openstack-dev		22:16
*** jmontemayor has joined #openstack-dev		22:16
*** esheffield1 has quit IRC		22:16
*** changbl has quit IRC		22:18
*** briancurtin has quit IRC		22:18
*** jmontemayor has quit IRC		22:20
*** cdub_ has quit IRC		22:22
*** ytwu1 has joined #openstack-dev		22:24
*** otherwiseguy has quit IRC		22:25
*** ytwu has quit IRC		22:26
openstackgerrit	A change was merged to openstack/nova: Enhance object inheritance https://review.openstack.org/39965	22:26
openstackgerrit	A change was merged to openstack/neutron: Externalize error messages in the API https://review.openstack.org/39591	22:26
openstackgerrit	A change was merged to openstack/tempest: Added negative tests for server https://review.openstack.org/40813	22:26
*** FunnyLookinHat has quit IRC		22:27
*** fbo is now known as fbo_away		22:29
*** mrda has joined #openstack-dev		22:29
*** ytwu has joined #openstack-dev		22:32
*** ayoung_ has quit IRC		22:32
*** utlemming has joined #openstack-dev		22:33
*** ytwu1 has quit IRC		22:34
*** ytwu1 has joined #openstack-dev		22:35
*** ytwu has quit IRC		22:36
*** sushils has joined #openstack-dev		22:36
openstackgerrit	A change was merged to openstack/ceilometer: Doc: measurements: add doc on Cinder/Swift config https://review.openstack.org/39676	22:37
*** ytwu has joined #openstack-dev		22:37
*** kenperkins has quit IRC		22:38
*** gmurphy has quit IRC		22:38
*** ytwu1 has quit IRC		22:40
*** afazekas has quit IRC		22:41
*** adalbas has quit IRC		22:43
*** afazekas has joined #openstack-dev		22:44
*** ytwu1 has joined #openstack-dev		22:44
*** ytwu has quit IRC		22:44
*** gordc has quit IRC		22:44
*** morazi has quit IRC		22:44
*** networkstatic has joined #openstack-dev		22:45
*** sarob has quit IRC		22:45
*** datsun180b has quit IRC		22:45
*** sarob has joined #openstack-dev		22:46
*** dolphm has joined #openstack-dev		22:46
*** _TheDodd_ has quit IRC		22:47
*** alunduil has joined #openstack-dev		22:47
*** prad has quit IRC		22:47
*** sarob has quit IRC		22:49
*** ytwu has joined #openstack-dev		22:51
*** ayoung_ has joined #openstack-dev		22:51
*** itzikb has joined #openstack-dev		22:53
*** dina_belova has joined #openstack-dev		22:53
*** ytwu1 has quit IRC		22:54
itzikb	Hi, suppose I want to test a patch submitted by someone else to gerrit - How do I do it?	22:54
*** rcleere has quit IRC		22:54
*** branen__ has quit IRC		22:55
*** vipul is now known as vipul-away		22:55
*** vipul-away is now known as vipul		22:55
clarkb	itzikb: jenkins will test it. If you want to do testing on your end you can `git review -d $CHANGE_NUMBER` to fetch the change or copy and paste the fetch string provided by gerrit in the change on the web ui	22:56
clarkb	itzikb: the other potential route if you want to automate it is to set up a gerrit event stream listener to listen to the gerrit event stream and test things as necessary	22:57
*** henrynash has joined #openstack-dev		22:57
*** dina_belova has quit IRC		22:58
itzikb	I'll try the git review	22:59
itzikb	Thanks	22:59
*** leif has joined #openstack-dev		22:59
*** leif is now known as Guest56547		22:59
mrodden	so i'm pretty sure this (https://github.com/openstack/neutron/commit/a9560a9cc03c2d00ba5db4f28eb9405aa854b5a6) is causing zero output on test failure on my tox runs for neutron tests	23:00
clarkb	mrodden: you should get the test failure output with traceback	23:01
mrodden	i get nothing... its very odd	23:01
clarkb	mrodden: check in .testrepository/$ID	23:01
mrodden	its probably because the test case leads to some manager.py calling sys.exit(1)	23:01
clarkb	oh that is bad	23:02
mrodden	yea	23:02
mrodden	i dont know how that is acceptable	23:02
*** electrichead has quit IRC		23:02
clarkb	sys.exit has caused problems in neutron tests before (and recently too)	23:02
clarkb	it shouldn't be acceptable imo. Using sys.exit liberally makes things not unittest able	23:03
mrodden	this is what i'm running into	23:03
mrodden	https://bugs.launchpad.net/neutron/+bug/1197094	23:03
uvirtbot	Launchpad bug 1197094 in neutron "unit tests consistently fail against master in test_network_add_to_dhcp_agent" [Undecided,Invalid]	23:03
*** branen has joined #openstack-dev		23:03
mrodden	first comment for details of where the sys.exit call is	23:03
*** redbeard2 has joined #openstack-dev		23:03
clarkb	enikanorov: ^ is that the same thing you were looking at the other day?	23:03
mrodden	yeah apparently the mix between sys.exit and the FakeLogger fixture doesnt let any output get printed	23:06
clarkb	The fake logger should still be logging into the subunit capture stream though	23:07
*** sarob has joined #openstack-dev		23:07
clarkb	mrodden: I would look in .testrepository/$ID where $ID is the test run ID reported by testr	23:07
mrodden	k	23:07
mrodden	is it just a text file	23:07
mrodden	?	23:07
clarkb	they are sequentially numbered so you can pick the highest number for the most recent test run	23:07
clarkb	mrodden: yup	23:07
mrodden	yeah not much	23:08
mrodden	let me pastebin	23:09
mrodden	http://paste.openstack.org/show/43635/	23:10
lifeless	mrodden: it is a subunit file; v1 atm still, but upgrading to v2 soonish - so interrogating with subunit tools is probably best.	23:10
*** alop has quit IRC		23:11
mrodden	k	23:11
*** alop_ has joined #openstack-dev		23:11
*** ayoung_ has quit IRC		23:11
lifeless	(future reference, what you did is fine :))	23:11
*** jgriffit_ has joined #openstack-dev		23:11
*** ayoung_ has joined #openstack-dev		23:11
mrodden	what i did?	23:11
lifeless	just pastebining the file :)	23:11
mrodden	ok	23:11
clarkb	looks like it is bombing out early...	23:11
mrodden	yeah idk	23:11
*** ytwu has quit IRC		23:12
mrodden	yeah if i take out the sys.exit() or comment out the line in base.py wehre it sets up the FakeLogger fixture	23:12
mrodden	i get output like normal	23:12
clarkb	mrodden: where is the sys.exit?	23:12
mrodden	let me get a link	23:13
*** ytwu has joined #openstack-dev		23:13
*** rnirmal has quit IRC		23:13
lifeless	you're calling sys.exit in a test? That blows through everything immediately :)	23:13
lifeless	not entirely surprising that its exiting	23:13
clarkb	lifeless: ya, I am 99.99% sure it is a bug	23:13
mrodden	https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/managers.py#L73	23:13
clarkb	neutron has had a couple of these where sys.exit has found its way deep in a emthod that is then unittested which caused the whole thing to bail out early	23:13
mrodden	yeah i'm sure thats it	23:14
mrodden	i have no idea why its there...	23:14
lifeless	finally clauses should still run; if we're not capturing the output of that test to the stream, there is a bug there. Possibly we don't flush the stream on every write (which is good from a perf perspective)	23:14
mrodden	if you can't handle a case raise an exception	23:14
mrodden	thats what they are for	23:14
mrodden	don't bomb out the python runtime	23:14
clarkb	mrodden: ++	23:14
lifeless	mrodden: 100% agreement	23:14
lifeless	I'd go as far as to say that outside of entrypoint code - the code generating entrypoints - nothing we write should have sys.exit, or SystemExit, in it.	23:15
lifeless	that could be a hacking check. IMNSHO.	23:15
*** alop_ has quit IRC		23:15
mrodden	upon further inspection, with the log output i have now its because stevedore is having issues with a requests version conflict on this system	23:15
*** armax has quit IRC		23:15
mrodden	but still	23:16
mrodden	that took way too much effort to find....	23:16
*** alop has joined #openstack-dev		23:16
itzikb	clarkb: Thamks for the help - I used git review -d changeid	23:16
mrodden	think i should open up a neutron bug for this?	23:16
clarkb	itzikb: no proble,	23:16
clarkb	mrodden: definitely	23:17
mrda	lifeless: +1 great idea	23:17
mrodden	oh nvm	23:18
mrodden	found this https://review.openstack.org/#/c/40873/	23:18
*** vuntz has quit IRC		23:20
*** ayoung_ has quit IRC		23:22
*** galstrom_zzz is now known as galstrom		23:22
*** pabelanger_ has quit IRC		23:23
*** pabelanger has joined #openstack-dev		23:23
*** huats has quit IRC		23:24
*** hartsocks has quit IRC		23:24
*** hartsocks has joined #openstack-dev		23:25
*** bswartz has joined #openstack-dev		23:25
*** hartsocks1 has joined #openstack-dev		23:26
mrodden	how long are things on lodgeit (paste.openstack.org)	23:27
*** hartsocks1 has quit IRC		23:27
*** ayoung_ has joined #openstack-dev		23:27
*** hartsocks1 has joined #openstack-dev		23:28
lifeless	mrodden: for ever AFAIK	23:28
*** hartsocks1 has quit IRC		23:28
*** ytwu1 has joined #openstack-dev		23:28
*** alop has quit IRC		23:28
mrodden	oh... whops	23:28
mrodden	oh well	23:28
*** hartsocks1 has joined #openstack-dev		23:28
lifeless	infra might be able to delete something for you	23:28
*** hartsocks1 has quit IRC		23:28
lifeless	no guarantee it's not cached somewhere else (e.g. google, wayback machine etc)	23:28
*** huats has joined #openstack-dev		23:29
*** huats has joined #openstack-dev		23:29
lifeless	NSA	23:29
*** kbrierly has quit IRC		23:29
*** alop has joined #openstack-dev		23:29
*** vuntz has joined #openstack-dev		23:29
*** sdake_ has quit IRC		23:29
*** ytwu has quit IRC		23:29
*** hartsocks has quit IRC		23:30
*** utlemming has quit IRC		23:31
*** hartsocks has joined #openstack-dev		23:31
*** venkatesh has joined #openstack-dev		23:32
*** vipul is now known as vipul-away		23:33
*** ytwu has joined #openstack-dev		23:35
openstackgerrit	A change was merged to openstack/nova: Fix deferred delete use of objects https://review.openstack.org/40858	23:36
*** pmathews has quit IRC		23:36
*** ytwu1 has quit IRC		23:36
*** changbl has joined #openstack-dev		23:36
*** nayward has joined #openstack-dev		23:37
*** galstrom is now known as galstrom_zzz		23:38
*** markwash has joined #openstack-dev		23:38
*** ytwu1 has joined #openstack-dev		23:39
*** ytwu has quit IRC		23:39
*** fifieldt has joined #openstack-dev		23:40
*** nayward has quit IRC		23:41
*** Guest56547 has quit IRC		23:42
*** ayoung_ has quit IRC		23:42
*** ayoung_ has joined #openstack-dev		23:42
*** galstrom_zzz is now known as galstrom		23:43
*** ytwu1 has quit IRC		23:43
*** ytwu has joined #openstack-dev		23:43
*** vipul-away is now known as vipul		23:44
*** branen_ has joined #openstack-dev		23:45
*** itzikb has quit IRC		23:46
ayoung_	henrynash, I just read Markmc's comment. I am scared how closely I came to the same conclusions separately.	23:47
henrynash	ayoung: hi, have not seen it…let me check	23:48
jamielennox	ayoung_: regarding?	23:48
ayoung_	jamielennox, config setup for his recent domain specific backends	23:48
*** henrynash has quit IRC		23:50
*** Ryan_Lane has joined #openstack-dev		23:51
*** jpeeler has quit IRC		23:52
*** zul has joined #openstack-dev		23:53
*** dina_belova has joined #openstack-dev		23:53
*** ytwu1 has joined #openstack-dev		23:54
*** ytwu has quit IRC		23:55
*** hellome has quit IRC		23:56
*** gongysh has joined #openstack-dev		23:56
*** dina_belova has quit IRC		23:57
*** ytwu has joined #openstack-dev		23:57
*** ayoung_ has quit IRC		23:58
*** ytwu1 has quit IRC		23:58
*** hellome has joined #openstack-dev		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!