Wednesday, 2013-09-11

*** Tross has joined #openstack-dev		00:01
*** alop has quit IRC		00:03
*** ecarlin has joined #openstack-dev		00:04
*** ecarlin has left #openstack-dev		00:05
*** kbrierly has quit IRC		00:06
*** jhesketh has joined #openstack-dev		00:08
*** sushils has quit IRC		00:09
*** freedomhui has joined #openstack-dev		00:10
*** sthaha has joined #openstack-dev		00:10
*** Ryan_Lane has quit IRC		00:11
*** epim has quit IRC		00:15
*** reed has quit IRC		00:19
*** jasdeepH has quit IRC		00:20
*** Tross has quit IRC		00:22
*** colinmcnamara has joined #openstack-dev		00:23
morganfainberg	anteaya, btw, product guy says blog is so far so good.	00:27
morganfainberg	anteaya, thought you'd want to know :)	00:27
anteaya	morganfainberg: thank you	00:28
anteaya	:D	00:28
anteaya	thanks to product guy	00:28
roaet	anteaya: may I see the blog? :D	00:29
anteaya	sure	00:29
morganfainberg	roaet, it's awesome	00:30
roaet	morganfainberg: you're awesome!	00:30
anteaya	roaet: this is the post I believe we are talking about: http://anteaya.info/blog/2013/09/01/installing-devstack-with-vagrant/	00:30
morganfainberg	ayup	00:30
morganfainberg	thats the one anteaya	00:30
*** spzala has joined #openstack-dev		00:31
*** jhesketh__ has joined #openstack-dev		00:31
*** mangelajo has joined #openstack-dev		00:31
*** jhesketh has quit IRC		00:32
*** xarses has quit IRC		00:32
roaet	anteaya: oh that's awesome. I'll forward it to my crew	00:32
*** jhesketh has joined #openstack-dev		00:32
*** Tross has joined #openstack-dev		00:32
anteaya	roaet: thank you, yes do pass it around	00:32
roaet	anteaya: a few folk in my crew use vagrant	00:32
anteaya	it comes in handy	00:33
anteaya	it has limitations but it is an easy jumping off point	00:33
morganfainberg	anteaya, i might owe you a beer for saving me a lot of headache explaining vagrant to the product guy...	00:34
anteaya	morganfainberg: too bad I don't drink	00:34
anteaya	mind if we negotiate for a tea	00:34
morganfainberg	anteaya, s/beer/coffee? ok tea	00:34
anteaya	we will be in hong kong so I can find a fancy one	00:35
morganfainberg	that works	00:35
anteaya	:D	00:35
anteaya	thanks	00:35
* morganfainberg is a tea snob when i can afford to be.		00:35
anteaya	right on	00:35
anteaya	found yellow and red tea in Montreal	00:35
morganfainberg	usually i'm too busy and fall back to coffee.	00:35
anteaya	never had them before	00:35
anteaya	I can't do coffee either	00:35
anteaya	caffinee and I don't do well	00:35
morganfainberg	I used to work w/ a british guy when i worked at blizzard. he always had the best earl grey when he came back from visiting family	00:35
anteaya	nice	00:36
*** nosnos has joined #openstack-dev		00:36
anteaya	I could go for a nice earl grey	00:36
anteaya	there should be a few options in HK	00:36
* morganfainberg loves a good bergamot tea.		00:36
morganfainberg	oh i am sure HK is going to have some very fine teas	00:37
*** colinmcnamara has quit IRC		00:37
*** Tross has quit IRC		00:38
roaet	I love me some earl grey. Man I should make some.	00:38
roaet	All these great ideas in here.	00:38
*** mangelajo has quit IRC		00:41
*** markwash has joined #openstack-dev		00:41
*** xmltok has quit IRC		00:41
*** angdraug has quit IRC		00:41
anteaya	morganfainberg: I have bergamot in my garden	00:41
morganfainberg	anteaya, i am jealous	00:42
anteaya	I always think I should pick the leaves in the fall and save them and I never do	00:42
morganfainberg	you totally should!	00:42
anteaya	do you have any place for a garden	00:42
anteaya	bergamot grows anywhere	00:42
anteaya	sun, shade acidic soil	00:42
morganfainberg	anteaya, unfortunately, no. well, i could try and do it potted on my balcony	00:42
anteaya	I saw a full garden of it under pine trees	00:42
morganfainberg	urban style	00:43
morganfainberg	:P	00:43
morganfainberg	would actually probably be an awesome plant to have.	00:43
morganfainberg	"plant"	00:43
anteaya	nothing grows in soil made acid by pine needles but bergamot does	00:43
anteaya	it is, very tall too	00:43
morganfainberg	maybe i'll plant some at my parent's house (in the mountains)	00:43
anteaya	roaet: always a good time for earl grey	00:43
anteaya	morganfainberg: bet it will grow	00:43
roaet	anteaya: ain't that the truth.	00:43
morganfainberg	anteaya, likely. wonder if it'd grow where the maple (sadly) died.	00:44
morganfainberg	bad soil there.	00:44
anteaya	bet it would	00:44
anteaya	too bad the maple died	00:44
* anteaya goes outside to check the bergamot		00:44
morganfainberg	anteaya, yeah the maple (was a volunteer) just couldn't handle the soil after a year or so.	00:45
*** SumitNaiksatam has quit IRC		00:45
morganfainberg	it's also a cedar forest up there, so, who knows what got the maple… might have even been some kind of bark-beetle	00:46
roaet	I wonder if I can grow bergamot.	00:46
anteaya	roaet: what else grows around there?	00:48
anteaya	morganfainberg: cedar is acidic like pine	00:48
morganfainberg	anteaya, aye	00:48
anteaya	that might have killed the maple, the pH of the soil	00:48
*** pmathews has quit IRC		00:49
morganfainberg	anteaya, and it doesn't help that it was the dumping ground for some "potting" soil w/ extra nitrate / nitrite nutrients	00:49
roaet	anteaya: I'm checking the hardiness level of my area.	00:49
anteaya	all the flower petals are gone but lots of leaves, citrusy and peppery	00:49
anteaya	morganfainberg: hmmmm	00:49
anteaya	roaet: k	00:49
morganfainberg	anteaya, probably a combination of stuff.	00:49
morganfainberg	anteaya, i've decided, going to see if i can find a dwarf bergamot tree :) put it on my balcony	00:50
roaet	anteaya: about 3 hours away there is a part of the state that grows citrus all over, but I think I'm just out of that climate.	00:50
roaet	I guess I could keep it inside every now and then, but we get freezes randomly.	00:50
anteaya	morganfainberg: that would be pretty	00:51
anteaya	roaet: we get frost all winter	00:51
*** MIDENN_ has joined #openstack-dev		00:51
*** branen_ has joined #openstack-dev		00:51
anteaya	bergamot grows back	00:51
anteaya	roaet: I'm in Canada	00:51
*** s00pcan has quit IRC		00:52
anteaya	I'd say I'm zone 4	00:52
anteaya	or 3	00:52
morganfainberg	anteaya, i think i'll just need to make sure to water it more in the summer (>101 for the last week or so)	00:53
anteaya	ah yeah	00:53
anteaya	early morning water or late at night	00:53
anteaya	not during the heat of the day	00:53
*** Tross has joined #openstack-dev		00:54
morganfainberg	anteaya, aye. and don't leave water on the leaves when the sun is hitting it (poor rose bushes at my neighbors house)	00:54
morganfainberg	burnt leaves because of that	00:54
*** fabio_ has joined #openstack-dev		00:54
anteaya	:(	00:54
anteaya	poor roses	00:54
morganfainberg	yeah	00:54
anteaya	I can't grow roses	00:54
*** mdenny has quit IRC		00:54
morganfainberg	too much frost?	00:54
anteaya	no i suck at growing roses	00:54
roaet	anteaya: I'm in texas, and I think we can grow them.	00:55
*** fabio has quit IRC		00:55
*** branen has quit IRC		00:55
morganfainberg	anteaya, hehe	00:55
anteaya	roaet: you are good	00:55
anteaya	I need a plant that thrives on neglect that is so pungent that the deer won't eat it	00:55
roaet	catnip!	00:56
morganfainberg	roaet, bamboo! :P	00:56
anteaya	lavender, day lilies, hyssop, horseradish, thyme, tarragon, mint, oregano	00:56
roaet	bamboo is an evil plant.	00:56
anteaya	is it?	00:56
morganfainberg	anteaya, can't get rid of it	00:56
anteaya	really?	00:56
anteaya	that would be awesome	00:56
roaet	I had a bit in my backyard and spent 4 days digging it up, 2 years later.. right back again	00:56
roaet	It's a curse	00:56
anteaya	I would grow a stand of bamboo and then make a yurt	00:56
roaet	Invasive and cannot be destroyed without salting the earth	00:57
morganfainberg	anteaya really, very hard to remove. keeps growing back. a lot of places prevent the planting of it. it'll destroy cement etc	00:57
morganfainberg	and it grows insanely fast	00:57
anteaya	awesome	00:57
*** matiu has quit IRC		00:57
roaet	morganfainberg: I had this crazy idea to be bamboo-appleseed and just drop random shoots around my neighborhood (when I was a punk kid)	00:57
anteaya	when it gets to be an inch in diameter and 6 feet long cut it off and ship it to me	00:57
morganfainberg	roaet, you're evil ;)	00:57
anteaya	about 72 pieces should do	00:57
*** vipul is now known as vipul-away		00:57
morganfainberg	anteaya, my old place had either bamboo or sugarcane	00:58
morganfainberg	never figured out which	00:58
morganfainberg	it was a pain to deal with	00:58
anteaya	how did it taste?	00:58
morganfainberg	never tried.	00:58
anteaya	shame	00:58
*** pixelb has quit IRC		00:58
roaet	they are both evil	00:59
morganfainberg	i wasn't bold enough with the health of the plant (owners neglected it a lot before i moved in)	00:59
anteaya	oh	00:59
* roaet has some earl grey steeped, mmmm		00:59
*** adjohn has quit IRC		00:59
anteaya	nice	00:59
* morganfainberg is jealous of roaet.		00:59
*** vipul-away is now known as vipul		00:59
morganfainberg	anteaya, lets see how well devstack stands up keystone with an LDAP backend.	01:00
anteaya	yes let's	01:00
morganfainberg	almost done stacking actually.	01:00
roaet	I was working on a devstack alternative, called zenstack, but I have given up on it since devstack is pretty good	01:00
anteaya	isn't there a movement away from LDAP?	01:00
morganfainberg	anteaya, there is, but i'm actually working on a bug	01:01
roaet	It had some features I preferred, I'd like to put them into devstack someday	01:01
anteaya	roaet: can you share your code?	01:01
anteaya	morganfainberg: ah	01:01
roaet	anteaya: https://github.com/roaet/zenstack	01:01
morganfainberg	anteaya, and we're not moving away from LDAP, just possibly looking to deprecate LDAP assignment backend	01:01
morganfainberg	since identity and assignment don't need ot be 1-in-the-same now	01:01
roaet	It uses tmux and runs all services in venvs	01:02
roaet	And instead of making a bazillion screens it splits panes	01:02
morganfainberg	roaet, i've been tempted to try and use anvil to build my dev environment	01:02
morganfainberg	roaet, not a bad idea.	01:02
morganfainberg	the vnenv part would be nice	01:02
roaet	I'd like to help with devstack, no idea how to start though	01:02
morganfainberg	actually… i want to roll out production openstack using venvs personally.	01:02
roaet	i believe we do that, but I probably can't confirm that.	01:03
anteaya	morganfainberg: ah okay	01:03
anteaya	roaet: are you in the #openstack-qa channel	01:03
*** faramir has joined #openstack-dev		01:03
anteaya	many of the devstack devs are in there	01:03
*** Tross has quit IRC		01:03
roaet	I am now :D	01:03
roaet	I gotta figure out how to manage these channels. I have over 50 open now	01:04
morganfainberg	roaet, what OS?	01:04
morganfainberg	linux? windows? mac?	01:04
*** jhesketh has quit IRC		01:04
clarkb	weechat/irssi in screen/tmux and done :)	01:05
morganfainberg	shameless plug I use ZNC bouncer, textual, and store IRC logs on my google drive (so i can search later)	01:05
*** jhesketh has joined #openstack-dev		01:05
roaet	morganfainberg: prety much what clarkb said	01:05
roaet	heh	01:05
morganfainberg	though, i only really reside in ~10 channels at a time now.	01:06
roaet	i have too many things	01:06
*** Tross has joined #openstack-dev		01:07
morganfainberg	roaet, you know the real solution to that is, right? :P	01:07
anteaya	roaet: that's a theme song	01:07
anteaya	we need some music for that	01:07
morganfainberg	anteaya ++	01:08
roaet	morganfainberg: have less? :)	01:08
*** stevemar has joined #openstack-dev		01:08
*** xarses has joined #openstack-dev		01:11
*** erkules_ has joined #openstack-dev		01:12
*** ayoung has joined #openstack-dev		01:13
*** erkules has quit IRC		01:14
*** slagle has joined #openstack-dev		01:16
morganfainberg	anteaya, oh boy i somehow got the memory thing for vmware vboxes wrong.	01:21
morganfainberg	not so successful in starting up a devstack w/ 500MB of ram :P	01:21
anteaya	that would be a feat	01:22
*** SumitNaiksatam has joined #openstack-dev		01:22
anteaya	let me know when you and product guy have that config working	01:22
anteaya	it would be a blog post	01:22
morganfainberg	anteaya, most people don't use the VMWare provider for vagrant	01:22
morganfainberg	don't know if it's something I'd recommend adding as a blog.	01:22
morganfainberg	besides, it costs like an extra $80 for the vagrant plugin, on top of the cost of vmware fusion/workstation	01:23
clarkb	and after the virtualbox relicense there is a lot less funny with using it	01:24
morganfainberg	clarkb, virtualbox relicense?	01:24
clarkb	morganfainberg: oracle GPLd most of it, but prior to oracle it had a funny license for non personal use	01:25
morganfainberg	clarkb oh yes	01:25
*** freedomhui has quit IRC		01:26
anteaya	morganfainberg: I had mis-read what you had typed - you had typed 500MB and I had read 500GB	01:30
anteaya	my mistake	01:30
*** terriyu has quit IRC		01:31
*** freedomhui has joined #openstack-dev		01:32
*** freedomhui has quit IRC		01:32
*** freedomhui has joined #openstack-dev		01:33
*** slagle has quit IRC		01:33
*** danwent has quit IRC		01:34
*** Tross has quit IRC		01:35
*** kushal has joined #openstack-dev		01:36
*** mangelajo has joined #openstack-dev		01:37
*** chenxu has joined #openstack-dev		01:44
*** slagle has joined #openstack-dev		01:44
*** mangelajo has quit IRC		01:47
*** melwitt has quit IRC		01:49
*** freedomhui has quit IRC		01:51
*** medberry is now known as med_		01:52
*** slagle has quit IRC		01:57
*** yaguang has joined #openstack-dev		01:58
*** davi67232 has joined #openstack-dev		01:58
*** d34dh0r53 has joined #openstack-dev		01:59
*** edmund has joined #openstack-dev		02:00
morganfainberg	ayoung / gyee, ping	02:00
*** ljjjustin has joined #openstack-dev		02:00
*** d34dh0r53 has quit IRC		02:01
*** gyee has quit IRC		02:03
*** novas0x2a\|laptop has quit IRC		02:04
*** freedomhui has joined #openstack-dev		02:05
*** gyee has joined #openstack-dev		02:06
*** alexxu has joined #openstack-dev		02:09
*** SergeyLukjanov has joined #openstack-dev		02:13
*** colinmcnamara has joined #openstack-dev		02:15
ayoung	morganfainberg, the person you have reached, ayoung, is no longer in service. PLease check your irc handle and try again.	02:15
*** ayoung is now known as admiyo		02:16
* admiyo hiding from morganfainberg		02:16
morganfainberg	admiyo, hehe	02:18
*** eharney has joined #openstack-dev		02:20
morganfainberg	admiyo, https://bugs.launchpad.net/keystone/+bug/1219739 this looks like it might be simply invalid? I don't see a reference to "tenantId" or even "tenant_id" (or project variants) on the user objects when using the LDAP backend.	02:20
uvirtbot	Launchpad bug 1219739 in keystone "LDAP use 'tenant_id' instead of 'tenantId' in user_ref" [Medium,New]	02:20
morganfainberg	admiyo, am i just mis-understanding where that information is stored?	02:20
morganfainberg	from what i can see, we don't store "tenantId" in ldap on the user object.	02:22
*** galstrom_zzz is now known as galstrom		02:22
*** davi67232 has quit IRC		02:22
morganfainberg	or even extra data really… but i might be missing how that is encoded.	02:23
* morganfainberg keeps looking. I feel like i'm just missing something		02:25
*** xchu has joined #openstack-dev		02:26
*** kbrierly has joined #openstack-dev		02:26
morganfainberg	or are they complaining that we reference tenant_id when updating/creating a user instead of tenantId ?	02:27
*** martine has joined #openstack-dev		02:27
*** martine is now known as Guest73234		02:28
*** Ruetobas has joined #openstack-dev		02:29
*** anteaya_ has joined #openstack-dev		02:31
*** lnxnut has joined #openstack-dev		02:31
*** anteaya has quit IRC		02:32
*** xchu has quit IRC		02:34
*** Ruetobas has quit IRC		02:35
*** Ruetobas has joined #openstack-dev		02:35
*** davi67232 has joined #openstack-dev		02:35
*** anteaya_ has quit IRC		02:37
*** marun has quit IRC		02:39
*** davi67232 has quit IRC		02:41
*** salv-orlando has quit IRC		02:41
*** salv-orlando_ has joined #openstack-dev		02:41
*** xchu has joined #openstack-dev		02:42
*** mangelajo has joined #openstack-dev		02:43
*** Ruetobas has quit IRC		02:43
*** xchu has quit IRC		02:47
*** davi67232 has joined #openstack-dev		02:47
*** stevemar has quit IRC		02:48
*** otherwiseguy has joined #openstack-dev		02:49
*** gyee has quit IRC		02:51
*** mangelajo has quit IRC		02:52
*** salv-orlando_ has quit IRC		02:52
*** salv-orlando has joined #openstack-dev		02:53
*** colinmcnamara has quit IRC		02:53
*** dims has quit IRC		02:54
*** wenjianhn has joined #openstack-dev		02:56
*** colinmcnamara has joined #openstack-dev		02:56
*** radsy has joined #openstack-dev		02:57
*** galstrom is now known as galstrom_zzz		02:58
*** davi67232 has quit IRC		02:58
*** jimfehlig has joined #openstack-dev		03:02
*** salv-orlando has quit IRC		03:05
*** xchu has joined #openstack-dev		03:06
*** salv-orlando has joined #openstack-dev		03:06
*** galstrom_zzz is now known as galstrom		03:07
*** spzala has quit IRC		03:10
*** SergeyLukjanov has quit IRC		03:10
*** salv-orlando_ has joined #openstack-dev		03:11
*** salv-orlando has quit IRC		03:11
*** salv-orlando_ is now known as salv-orlando		03:11
*** vipul has quit IRC		03:11
*** bdpayne has quit IRC		03:11
*** vipul has joined #openstack-dev		03:12
*** chenxu has quit IRC		03:15
*** lnxnut has quit IRC		03:17
*** salv-orlando_ has joined #openstack-dev		03:18
*** salv-orlando has quit IRC		03:18
*** salv-orlando_ is now known as salv-orlando		03:18
*** ljjjustin has quit IRC		03:19
*** paragan has joined #openstack-dev		03:19
*** paragan has joined #openstack-dev		03:19
*** Guest73234 has quit IRC		03:21
*** davi67232 has joined #openstack-dev		03:25
*** bdpayne has joined #openstack-dev		03:28
*** stevemar has joined #openstack-dev		03:28
*** kushal has quit IRC		03:30
*** ljjjustin has joined #openstack-dev		03:32
*** otherwiseguy has quit IRC		03:32
*** galstrom is now known as galstrom_zzz		03:35
*** Tross has joined #openstack-dev		03:36
*** schwicht has quit IRC		03:36
*** salv-orlando has quit IRC		03:38
*** salv-orlando has joined #openstack-dev		03:39
*** herndon_ has joined #openstack-dev		03:40
*** colinmcnamara has quit IRC		03:41
*** shang has joined #openstack-dev		03:43
*** colinmcnamara has joined #openstack-dev		03:46
*** salv-orlando has quit IRC		03:46
*** salv-orlando has joined #openstack-dev		03:46
*** sarob has joined #openstack-dev		03:47
*** Mandell has quit IRC		03:47
*** HenryG has quit IRC		03:49
*** colinmcnamara has quit IRC		03:49
*** mangelajo has joined #openstack-dev		03:50
*** sarob has quit IRC		03:53
*** sarob has joined #openstack-dev		03:54
*** xchu has quit IRC		03:54
*** sridevi has joined #openstack-dev		03:55
*** sarob has quit IRC		03:58
*** mangelajo has quit IRC		03:58
*** salv-orlando has quit IRC		03:59
*** salv-orlando has joined #openstack-dev		03:59
*** eharney has quit IRC		04:00
*** salv-orlando has quit IRC		04:02
*** salv-orlando_ has joined #openstack-dev		04:02
*** herndon_ has quit IRC		04:02
*** salv-orlando has joined #openstack-dev		04:06
*** salv-orlando_ has quit IRC		04:06
*** edmund has quit IRC		04:10
*** jimfehlig has quit IRC		04:11
*** xchu has joined #openstack-dev		04:12
*** salv-orlando_ has joined #openstack-dev		04:14
*** salv-orlando has quit IRC		04:14
*** salv-orlando_ is now known as salv-orlando		04:14
*** gordc has joined #openstack-dev		04:19
*** kushal has joined #openstack-dev		04:19
*** jasdeepH has joined #openstack-dev		04:21
*** kaushikc has joined #openstack-dev		04:21
*** noslzzp has joined #openstack-dev		04:24
*** CaptTofu_ has joined #openstack-dev		04:28
*** salv-orlando_ has joined #openstack-dev		04:29
*** salv-orlando has quit IRC		04:29
*** salv-orlando_ is now known as salv-orlando		04:29
*** shang has quit IRC		04:29
*** CaptTofu has quit IRC		04:30
*** shang has joined #openstack-dev		04:32
*** salv-orlando_ has joined #openstack-dev		04:33
*** salv-orlando has quit IRC		04:33
*** salv-orlando_ is now known as salv-orlando		04:33
*** prekarat has joined #openstack-dev		04:34
*** jasdeepH has quit IRC		04:35
*** freedomhui has quit IRC		04:38
*** garyk has quit IRC		04:39
*** adjohn has joined #openstack-dev		04:42
*** davi67232 has quit IRC		04:43
*** gordc has quit IRC		04:44
*** salv-orlando_ has joined #openstack-dev		04:50
*** salv-orlando has quit IRC		04:50
*** salv-orlando_ is now known as salv-orlando		04:50
*** boris-42 has joined #openstack-dev		04:51
*** noslzzp has quit IRC		04:51
*** adjohn_ has joined #openstack-dev		04:52
*** zaitcev has quit IRC		04:53
*** mangelajo has joined #openstack-dev		04:54
*** adjohn has quit IRC		04:55
*** Ryan_Lane has joined #openstack-dev		05:01
*** adjohn has joined #openstack-dev		05:03
*** adjohn_ has quit IRC		05:04
*** sridevi has quit IRC		05:12
*** freedomhui has joined #openstack-dev		05:13
*** kaushikc has quit IRC		05:21
*** dmakogon_ has joined #openstack-dev		05:22
*** radsy has quit IRC		05:26
*** jasdeepH has joined #openstack-dev		05:28
*** skraynev has quit IRC		05:30
*** aeperezt has quit IRC		05:30
*** mrunge has joined #openstack-dev		05:31
*** skraynev has joined #openstack-dev		05:34
*** neoXsys has quit IRC		05:38
*** Max__ has joined #openstack-dev		05:40
*** Mandell has joined #openstack-dev		05:44
*** stevemar has quit IRC		05:44
*** jasdeepH has quit IRC		05:46
*** Mandell has quit IRC		05:47
*** sridevi has joined #openstack-dev		05:48
*** freedomhui has quit IRC		05:48
*** neoXsys has joined #openstack-dev		05:55
*** vartom9 has joined #openstack-dev		05:56
*** sarob has joined #openstack-dev		05:56
*** nshaikh has joined #openstack-dev		05:58
*** rdopieralski has joined #openstack-dev		05:59
*** prekarat has quit IRC		06:02
*** egallen has joined #openstack-dev		06:03
*** erkules_ is now known as erkules		06:03
*** RajeshMohan has quit IRC		06:05
*** RajeshMohan has joined #openstack-dev		06:05
*** marios has joined #openstack-dev		06:06
*** jhesketh has quit IRC		06:06
*** jhesketh has joined #openstack-dev		06:07
*** bdpayne has quit IRC		06:07
*** egallen has quit IRC		06:07
*** amotoki has quit IRC		06:07
*** rdopieralski has quit IRC		06:08
*** rdopieralski has joined #openstack-dev		06:08
*** rdopieralski has quit IRC		06:09
*** rdopieralski has joined #openstack-dev		06:09
*** rdopieralski has joined #openstack-dev		06:09
*** RajeshMohan has quit IRC		06:10
*** gargya_ has joined #openstack-dev		06:10
*** gargya_ is now known as gargya		06:10
*** RajeshMohan has joined #openstack-dev		06:10
*** sumanthns has joined #openstack-dev		06:11
*** salv-orlando has quit IRC		06:11
*** garyk has joined #openstack-dev		06:11
*** salv-orlando has joined #openstack-dev		06:11
*** bdpayne has joined #openstack-dev		06:12
*** RajeshMohan has quit IRC		06:14
*** RajeshMohan has joined #openstack-dev		06:14
*** afazekas has joined #openstack-dev		06:15
*** _anant has joined #openstack-dev		06:17
*** salv-orlando has quit IRC		06:17
*** salv-orlando has joined #openstack-dev		06:18
*** gargya has quit IRC		06:21
*** RajeshMohan has quit IRC		06:21
*** RajeshMohan has joined #openstack-dev		06:22
*** RajeshMohan has quit IRC		06:22
*** prekarat has joined #openstack-dev		06:22
*** RajeshMohan has joined #openstack-dev		06:22
*** amotoki has joined #openstack-dev		06:23
*** jasdeepH has joined #openstack-dev		06:23
*** iartarisi has joined #openstack-dev		06:24
*** o_petit has joined #openstack-dev		06:24
*** sarob has quit IRC		06:26
lifeless	is the "Member" role that devstack makes needed in real clouds, or is _member_ sufficient ?	06:26
*** sarob has joined #openstack-dev		06:26
*** sridevi has quit IRC		06:27
*** henrynash has joined #openstack-dev		06:28
*** avishay has joined #openstack-dev		06:29
*** Mandell has joined #openstack-dev		06:31
*** Max__ has quit IRC		06:31
*** sarob has quit IRC		06:31
*** mars has quit IRC		06:34
*** mars has joined #openstack-dev		06:35
*** bdpayne has quit IRC		06:36
*** henrynash has quit IRC		06:40
*** doron_afk has joined #openstack-dev		06:47
*** gargya has joined #openstack-dev		06:52
*** mmagr has joined #openstack-dev		06:53
*** athomas has quit IRC		06:54
*** athomas has joined #openstack-dev		06:56
*** reidrac has joined #openstack-dev		06:59
*** rushiagr has joined #openstack-dev		07:02
*** yolanda has joined #openstack-dev		07:03
*** giulivo has quit IRC		07:07
*** networkstatic has joined #openstack-dev		07:09
*** Mandell has quit IRC		07:09
*** tkammer has joined #openstack-dev		07:11
*** marios_ has joined #openstack-dev		07:15
*** arnaud has joined #openstack-dev		07:18
*** salv-orlando has quit IRC		07:18
*** bswrchrd has quit IRC		07:20
*** marios has quit IRC		07:21
*** marios_ has quit IRC		07:21
*** marios has joined #openstack-dev		07:22
*** marios has joined #openstack-dev		07:25
*** vishy has quit IRC		07:26
*** gimps has quit IRC		07:26
*** vishy has joined #openstack-dev		07:29
*** Traktopel has joined #openstack-dev		07:29
*** flaper87\|afk is now known as flaper87		07:29
*** devvesa has joined #openstack-dev		07:30
*** henrynash has joined #openstack-dev		07:31
*** danpb has joined #openstack-dev		07:31
*** dmakogon_ has quit IRC		07:34
*** boris-42 has quit IRC		07:35
*** romcheg has joined #openstack-dev		07:35
*** gargya has quit IRC		07:36
*** JordanP has joined #openstack-dev		07:36
*** sarob has joined #openstack-dev		07:37
*** marios has quit IRC		07:38
*** marios has joined #openstack-dev		07:38
*** xqueralt-afk is now known as xqueralt		07:39
*** sarob has quit IRC		07:41
*** mangelajo_ has joined #openstack-dev		07:46
*** mangelajo has quit IRC		07:46
*** yves has joined #openstack-dev		07:46
*** jistr has joined #openstack-dev		07:47
*** jhesketh has quit IRC		07:48
*** kbrierly has quit IRC		07:48
*** yassine has joined #openstack-dev		07:49
*** fbo_away is now known as fbo		07:50
*** AnilV4 has joined #openstack-dev		07:50
*** corXi has joined #openstack-dev		07:50
*** Max__ has joined #openstack-dev		07:51
*** Max__ has quit IRC		07:52
*** xga has joined #openstack-dev		07:53
*** vartom10 has joined #openstack-dev		07:55
*** vartom9 has quit IRC		07:55
*** pichuang has left #openstack-dev		07:56
*** Max__ has joined #openstack-dev		07:57
*** mangelajo_ has quit IRC		07:57
*** eglynn has joined #openstack-dev		07:57
*** xga_ has quit IRC		07:57
*** mangelajo has joined #openstack-dev		07:57
*** jasdeepH has quit IRC		07:58
*** mangelajo has quit IRC		08:00
*** adjohn has quit IRC		08:00
*** ifarkas has joined #openstack-dev		08:02
*** mattmalesky has quit IRC		08:02
*** markwash has quit IRC		08:02
*** jprovazn has joined #openstack-dev		08:03
*** Ryan_Lane has quit IRC		08:05
*** boden has joined #openstack-dev		08:06
*** fc__ has quit IRC		08:06
*** xga_ has joined #openstack-dev		08:07
*** xga has quit IRC		08:10
*** safchain has joined #openstack-dev		08:13
*** salv-orlando has joined #openstack-dev		08:15
*** safchain has quit IRC		08:17
*** safchain has joined #openstack-dev		08:17
*** lucasagomes has joined #openstack-dev		08:19
*** neeti has joined #openstack-dev		08:19
*** bashok has joined #openstack-dev		08:20
*** rushiagr has quit IRC		08:20
*** salv-orlando has quit IRC		08:24
*** sushils has joined #openstack-dev		08:24
*** Alexei_987 has joined #openstack-dev		08:24
*** pixelb has joined #openstack-dev		08:28
*** sridevi has joined #openstack-dev		08:28
*** gongysh has joined #openstack-dev		08:28
*** jpich has joined #openstack-dev		08:30
*** adjohn has joined #openstack-dev		08:31
*** danpb has quit IRC		08:35
*** lsmola has quit IRC		08:35
*** Ryan_Lane has joined #openstack-dev		08:35
*** Traktopel has quit IRC		08:35
*** alexpilotti has joined #openstack-dev		08:36
*** salv-orlando has joined #openstack-dev		08:36
*** adjohn has quit IRC		08:40
*** giulivo has joined #openstack-dev		08:41
*** rushiagr has joined #openstack-dev		08:41
*** Ryan_Lane has quit IRC		08:42
*** fc__ has joined #openstack-dev		08:43
*** alexpilotti has quit IRC		08:43
*** danpb has joined #openstack-dev		08:47
*** boris-42 has joined #openstack-dev		08:49
*** lsmola has joined #openstack-dev		08:50
*** xchu has quit IRC		08:50
*** ifarkas has quit IRC		08:51
*** johnthetubaguy has joined #openstack-dev		08:51
*** nshaikh has left #openstack-dev		08:52
*** martyntaylor has joined #openstack-dev		08:53
*** rushiagr has quit IRC		08:53
*** e1mer has joined #openstack-dev		08:55
*** ifarkas has joined #openstack-dev		08:55
*** kushal has quit IRC		08:58
*** DeeJay1 has joined #openstack-dev		08:58
*** lsmola has quit IRC		08:59
*** paragan has quit IRC		08:59
*** ndipanov has joined #openstack-dev		08:59
*** neeti has quit IRC		09:00
*** romcheg has left #openstack-dev		09:07
*** adjohn has joined #openstack-dev		09:07
*** xchu has joined #openstack-dev		09:07
*** Ryan_Lane has joined #openstack-dev		09:09
*** adjohn has quit IRC		09:11
*** Ryan_Lane has quit IRC		09:14
*** lsmola has joined #openstack-dev		09:14
*** Max__ has quit IRC		09:15
*** Max__ has joined #openstack-dev		09:16
*** sridevi has quit IRC		09:17
*** sridevi has joined #openstack-dev		09:29
*** ljjjustin has quit IRC		09:33
*** Alexei_987 has quit IRC		09:39
*** paragan has joined #openstack-dev		09:39
*** sushils has quit IRC		09:42
*** wenjianhn has quit IRC		09:43
gongysh	arosen Ping	09:46
*** sushils has joined #openstack-dev		09:46
*** xga_ has quit IRC		09:46
*** ruhe has joined #openstack-dev		09:46
*** xga has joined #openstack-dev		09:47
*** paragan has quit IRC		09:48
*** sushils has quit IRC		09:48
*** kaushikc has joined #openstack-dev		09:53
*** sushils has joined #openstack-dev		09:53
*** paragan has joined #openstack-dev		09:56
*** dguitarbite has joined #openstack-dev		09:56
*** rushiagr has joined #openstack-dev		09:59
*** sergmelikyan has joined #openstack-dev		10:00
*** avishay has quit IRC		10:00
*** ruhe has quit IRC		10:03
*** romcheg1 has joined #openstack-dev		10:04
*** sridevi has quit IRC		10:05
*** networkstatic has quit IRC		10:09
*** VeggieMeat has joined #openstack-dev		10:10
*** apevec has joined #openstack-dev		10:10
*** apevec has joined #openstack-dev		10:10
*** apevec has left #openstack-dev		10:11
*** HenryG has joined #openstack-dev		10:11
*** rushiagr has quit IRC		10:11
*** nshaikh has joined #openstack-dev		10:12
*** kushal has joined #openstack-dev		10:12
*** xchu has quit IRC		10:13
*** swifterdarrell has quit IRC		10:14
*** ruhe has joined #openstack-dev		10:17
*** sridevi has joined #openstack-dev		10:19
*** swifterdarrell has joined #openstack-dev		10:20
*** MIDENN_ has quit IRC		10:20
*** rushiagr has joined #openstack-dev		10:20
*** prekarat has quit IRC		10:20
*** prekarat has joined #openstack-dev		10:22
*** doron_afk has quit IRC		10:24
*** nshaikh has left #openstack-dev		10:28
*** imsurit has joined #openstack-dev		10:28
*** paragan has quit IRC		10:29
*** kaushikc has quit IRC		10:29
*** kaushikc has joined #openstack-dev		10:29
*** sridevi has quit IRC		10:31
*** tonyfy has joined #openstack-dev		10:31
*** schwicht has joined #openstack-dev		10:32
*** Max__ has quit IRC		10:32
*** rushiagr has quit IRC		10:32
*** pcm_ has joined #openstack-dev		10:32
*** sridevi has joined #openstack-dev		10:33
*** pcm_ has quit IRC		10:33
*** pcm_ has joined #openstack-dev		10:34
*** o_petit has quit IRC		10:34
*** adjohn has joined #openstack-dev		10:37
*** CaptTofu_ has quit IRC		10:39
*** CaptTofu has joined #openstack-dev		10:39
*** faramir has quit IRC		10:41
*** adjohn has quit IRC		10:42
*** jamielennox is now known as jamielennox\|away		10:45
*** rushiagr has joined #openstack-dev		10:49
*** sridevi has quit IRC		10:49
*** swann has left #openstack-dev		10:49
*** sridevi has joined #openstack-dev		10:50
*** yaguang has quit IRC		10:52
*** sridevi_ has joined #openstack-dev		10:53
*** lucasagomes has quit IRC		10:54
*** lucasagomes has joined #openstack-dev		10:55
*** sridevi has quit IRC		10:55
*** sridevi_ is now known as sridevi		10:55
*** asavu has joined #openstack-dev		10:56
*** gongysh has quit IRC		10:57
*** alexxu has quit IRC		10:58
*** Max__ has joined #openstack-dev		11:03
*** dims has joined #openstack-dev		11:04
*** imsurit has quit IRC		11:04
*** tonyfy has quit IRC		11:06
*** morazi has quit IRC		11:08
*** Max__ has quit IRC		11:08
*** adjohn has joined #openstack-dev		11:08
*** mkollaro has joined #openstack-dev		11:09
*** nshaikh has joined #openstack-dev		11:09
*** Ryan_Lane has joined #openstack-dev		11:10
*** adjohn has quit IRC		11:13
*** Ryan_Lane has quit IRC		11:14
*** alexpilotti has joined #openstack-dev		11:14
*** rushiagr has quit IRC		11:16
*** sumansn_ has joined #openstack-dev		11:20
*** SergeyLukjanov has joined #openstack-dev		11:20
*** rushiagr has joined #openstack-dev		11:20
*** zbitter is now known as zaneb		11:20
*** sumanthns has quit IRC		11:22
*** Max__ has joined #openstack-dev		11:24
*** doron_afk has joined #openstack-dev		11:25
*** imsurit has joined #openstack-dev		11:28
*** o_petit has joined #openstack-dev		11:29
*** o_petit has quit IRC		11:32
*** romcheg has joined #openstack-dev		11:32
*** o_petit has joined #openstack-dev		11:33
*** neoXsys has quit IRC		11:34
*** henrynash has quit IRC		11:36
*** romcheg1 has quit IRC		11:37
*** jcoufal has joined #openstack-dev		11:38
*** adjohn has joined #openstack-dev		11:39
*** doron_afk is now known as doron		11:40
*** davi67232 has joined #openstack-dev		11:41
*** kaushikc has quit IRC		11:42
*** jistr is now known as jistr\|eng		11:42
*** paragan has joined #openstack-dev		11:42
*** adjohn has quit IRC		11:44
*** FunnyLookinHat has joined #openstack-dev		11:46
*** dkranz has joined #openstack-dev		11:46
*** terryh has joined #openstack-dev		11:49
*** markmcclain has joined #openstack-dev		11:50
*** davi67232 has quit IRC		11:52
*** Alexei_987 has joined #openstack-dev		11:52
*** lucasagomes is now known as lucas-hungry		11:53
*** yongli is now known as yongli_away		11:54
*** ondergetekende_ has joined #openstack-dev		11:54
*** neoXsys has joined #openstack-dev		11:57
*** drewlander has joined #openstack-dev		11:59
*** kushal has quit IRC		12:01
*** ruhe has quit IRC		12:01
*** vkmc has joined #openstack-dev		12:02
*** martine has joined #openstack-dev		12:02
*** _anant has quit IRC		12:02
*** martine is now known as Guest54304		12:02
*** mkollaro1 has joined #openstack-dev		12:03
*** mkollaro has quit IRC		12:03
*** ruhe has joined #openstack-dev		12:04
*** galstrom_zzz is now known as galstrom		12:04
*** morazi has joined #openstack-dev		12:05
*** tkammer has quit IRC		12:05
*** ruhe has quit IRC		12:06
*** afazekas has quit IRC		12:06
*** hartsocks has joined #openstack-dev		12:07
*** tkammer has joined #openstack-dev		12:07
*** o_petit has quit IRC		12:09
*** sridevi has quit IRC		12:09
*** adjohn has joined #openstack-dev		12:10
*** afazekas has joined #openstack-dev		12:10
*** amotoki has quit IRC		12:10
*** kaushikc has joined #openstack-dev		12:11
*** Max__ has quit IRC		12:14
*** adjohn has quit IRC		12:15
*** Max__ has joined #openstack-dev		12:15
*** kaushikc1 has joined #openstack-dev		12:16
*** kaushikc has quit IRC		12:16
*** shang has quit IRC		12:17
*** ruhe has joined #openstack-dev		12:17
*** rfolco has joined #openstack-dev		12:17
*** kaushikc1 has quit IRC		12:18
*** mrunge has quit IRC		12:20
*** asavu has quit IRC		12:22
*** imsurit has quit IRC		12:24
*** noslzzp has joined #openstack-dev		12:24
*** dvarga has joined #openstack-dev		12:25
*** o_petit has joined #openstack-dev		12:26
*** gordc has joined #openstack-dev		12:27
*** slagle has joined #openstack-dev		12:28
*** dprince has joined #openstack-dev		12:31
*** e1mer has quit IRC		12:31
*** afazekas has quit IRC		12:32
*** markmcclain has quit IRC		12:32
*** sandywalsh has quit IRC		12:32
*** Max__ has quit IRC		12:33
*** Guest54304 is now known as martine_		12:35
*** galstrom is now known as galstrom_zzz		12:36
*** rwsu has joined #openstack-dev		12:36
*** boden has quit IRC		12:37
*** jprovazn has quit IRC		12:37
*** jprovazn has joined #openstack-dev		12:38
*** topol has joined #openstack-dev		12:39
*** boden has joined #openstack-dev		12:40
*** jasondotstar has joined #openstack-dev		12:41
*** o_petit has quit IRC		12:43
*** radez_g0n3 is now known as radez		12:43
*** sandywalsh has joined #openstack-dev		12:44
*** davi67232 has joined #openstack-dev		12:45
*** gargya has joined #openstack-dev		12:46
*** eharney has joined #openstack-dev		12:49
*** ifarkas has quit IRC		12:50
*** doron is now known as doron_afk		12:51
*** chenxu has joined #openstack-dev		12:52
*** afazekas has joined #openstack-dev		12:53
*** shang has joined #openstack-dev		12:53
*** cthulhup has quit IRC		12:53
*** afazekas has quit IRC		12:54
*** afazekas has joined #openstack-dev		12:54
*** vartom10 has quit IRC		12:55
*** iartarisi has quit IRC		12:58
*** maheshp has joined #openstack-dev		12:59
*** maheshp1 has joined #openstack-dev		13:00
*** ruhe has quit IRC		13:01
*** davi67232 has quit IRC		13:02
*** ifarkas has joined #openstack-dev		13:02
*** ruhe has joined #openstack-dev		13:03
*** asavu has joined #openstack-dev		13:04
*** tkammer has quit IRC		13:04
*** tkammer has joined #openstack-dev		13:05
*** afazekas has quit IRC		13:05
*** doron_afk has quit IRC		13:06
*** mkollaro1 has quit IRC		13:06
*** anteaya_ has joined #openstack-dev		13:06
*** nshaikh has left #openstack-dev		13:07
*** nshaikh has quit IRC		13:07
*** eglynn has quit IRC		13:08
*** alunduil has quit IRC		13:08
*** jayg\|g0n3 is now known as jayg		13:10
*** imsurit has joined #openstack-dev		13:10
*** lucas-hungry is now known as lucasagomes		13:11
*** adjohn has joined #openstack-dev		13:11
*** anteaya_ is now known as anteaya		13:13
*** galstrom_zzz is now known as galstrom		13:14
*** adjohn has quit IRC		13:16
*** clayb has joined #openstack-dev		13:17
*** galstrom is now known as galstrom_zzz		13:18
*** lucasagomes is now known as lucas-afk		13:19
*** otherwiseguy has joined #openstack-dev		13:20
*** athomas has quit IRC		13:20
*** morazi has quit IRC		13:20
*** mkollaro has joined #openstack-dev		13:21
*** athomas has joined #openstack-dev		13:22
*** kbringard has joined #openstack-dev		13:22
*** davi67232 has joined #openstack-dev		13:23
*** bknudson has joined #openstack-dev		13:24
*** spzala has joined #openstack-dev		13:25
*** jecarey has joined #openstack-dev		13:26
*** lbragstad has joined #openstack-dev		13:28
*** afazekas has joined #openstack-dev		13:28
*** sthaha has quit IRC		13:29
*** yassine has quit IRC		13:30
*** yassine has joined #openstack-dev		13:30
*** ruhe has quit IRC		13:30
*** Tross has left #openstack-dev		13:31
*** bashok has quit IRC		13:31
*** jistr\|eng is now known as jistr		13:31
*** morazi has joined #openstack-dev		13:32
*** freedomhui has joined #openstack-dev		13:32
*** ruhe has joined #openstack-dev		13:33
*** jistr has quit IRC		13:34
*** terriyu has joined #openstack-dev		13:35
*** jistr has joined #openstack-dev		13:36
*** yaguang has joined #openstack-dev		13:36
*** topol has quit IRC		13:38
*** o_petit has joined #openstack-dev		13:38
*** nosnos has quit IRC		13:38
*** dolphm has joined #openstack-dev		13:39
*** davi67232 has quit IRC		13:39
*** neelashah has joined #openstack-dev		13:40
*** Max__ has joined #openstack-dev		13:41
*** burt has joined #openstack-dev		13:41
*** athomas has quit IRC		13:41
*** adalbas has joined #openstack-dev		13:41
*** adjohn has joined #openstack-dev		13:41
*** eglynn has joined #openstack-dev		13:42
*** Ruetobas has joined #openstack-dev		13:45
*** tmclaugh[work] has joined #openstack-dev		13:46
*** adjohn has quit IRC		13:46
*** FunnyLookinHat has quit IRC		13:47
*** gimps has joined #openstack-dev		13:49
*** kushal has joined #openstack-dev		13:49
*** Ruetobas has quit IRC		13:50
*** dolphm has quit IRC		13:53
*** dolphm has joined #openstack-dev		13:54
*** terryh has quit IRC		13:54
*** jimfehlig has joined #openstack-dev		13:55
*** athomas has joined #openstack-dev		13:55
*** dolphm has joined #openstack-dev		13:55
*** terryh has joined #openstack-dev		13:56
*** imsurit has quit IRC		13:58
*** romcheg has left #openstack-dev		13:58
*** Ruetobas has joined #openstack-dev		13:58
*** davi67232 has joined #openstack-dev		14:00
*** dkranz has quit IRC		14:01
*** kevinconway has quit IRC		14:05
*** jistr has quit IRC		14:05
*** morazi has quit IRC		14:05
*** rushiagr has quit IRC		14:06
*** kevinconway has joined #openstack-dev		14:06
*** xga_ has joined #openstack-dev		14:06
*** morazi has joined #openstack-dev		14:06
*** MaxV_ has joined #openstack-dev		14:07
*** waa_ has joined #openstack-dev		14:07
*** markmcclain has joined #openstack-dev		14:08
*** xga has quit IRC		14:09
*** MaxV_ has quit IRC		14:09
*** davi67232 has quit IRC		14:09
*** mrodden has joined #openstack-dev		14:10
*** alunduil has joined #openstack-dev		14:10
*** MaxV_ has joined #openstack-dev		14:10
*** Max__ has quit IRC		14:10
*** carl_baldwin has joined #openstack-dev		14:10
*** adjohn has joined #openstack-dev		14:12
*** topol has joined #openstack-dev		14:13
*** adjohn has quit IRC		14:16
*** ruhe has quit IRC		14:17
*** alexpilotti_ has joined #openstack-dev		14:17
*** SergeyLukjanov has quit IRC		14:17
*** samuelbercovici has quit IRC		14:18
*** jistr has joined #openstack-dev		14:18
*** alexpilotti has quit IRC		14:18
*** alexpilotti_ is now known as alexpilotti		14:18
*** edmund has joined #openstack-dev		14:18
*** Ruetobas has quit IRC		14:21
*** ruhe has joined #openstack-dev		14:22
*** Ruetobas has joined #openstack-dev		14:23
*** FunnyLookinHat has joined #openstack-dev		14:23
*** stevemar has joined #openstack-dev		14:24
*** hartsocks has quit IRC		14:24
*** sumansn_ has quit IRC		14:24
*** hartsocks has joined #openstack-dev		14:25
*** ruhe has quit IRC		14:26
*** afazekas_ has joined #openstack-dev		14:26
*** afazekas_ has quit IRC		14:26
*** matiu has joined #openstack-dev		14:27
*** matiu has quit IRC		14:27
*** matiu has joined #openstack-dev		14:27
*** SergeyLukjanov has joined #openstack-dev		14:28
*** Max__ has joined #openstack-dev		14:29
*** chenxu has quit IRC		14:29
*** kenperkins has quit IRC		14:29
*** jruzicka has joined #openstack-dev		14:30
*** mmagr has quit IRC		14:30
*** o_petit_ has joined #openstack-dev		14:30
*** hartsocks has quit IRC		14:30
*** souvik has joined #openstack-dev		14:30
*** MaxV_ has quit IRC		14:31
*** ruhe has joined #openstack-dev		14:32
*** o_petit has quit IRC		14:33
*** ruhe has quit IRC		14:34
*** Thor has quit IRC		14:34
*** Thor has joined #openstack-dev		14:35
insanidade	devstack question: what user should one use to fire up ./stack.sh in a non-vagrant environment? I have a vm I created on my own, installed CentOs 6 (which perfectly works for me in the vagrant setup with devstack) but I see some permission problems on the logs.	14:37
*** lbragstad has quit IRC		14:37
*** jgriffith has quit IRC		14:37
*** freedomhui has quit IRC		14:37
*** lbragstad has joined #openstack-dev		14:38
*** DeeJay1 has quit IRC		14:38
*** Thor has quit IRC		14:38
*** lbragstad has quit IRC		14:38
*** Thor has joined #openstack-dev		14:39
*** lbragstad has joined #openstack-dev		14:39
*** rdopieralski has quit IRC		14:39
*** danwent has joined #openstack-dev		14:42
*** sandywalsh has quit IRC		14:42
*** adjohn has joined #openstack-dev		14:43
*** asavu has quit IRC		14:43
garyk	arosen: ping - please look at https://review.openstack.org/#/c/33504/	14:44
*** jgriffith has joined #openstack-dev		14:44
*** Alexei_987 has quit IRC		14:45
*** jprovazn has quit IRC		14:46
*** yaguang has quit IRC		14:46
*** the_real_kp has joined #openstack-dev		14:47
*** adjohn has quit IRC		14:48
*** ondergetekende_ has quit IRC		14:48
*** galstrom_zzz is now known as galstrom		14:50
*** mlavalle has joined #openstack-dev		14:52
jgriffith	mkerrin: ping	14:53
mkerrin	jgriffith: pong	14:53
jgriffith	mkerrin: hey... looking at https://review.openstack.org/#/c/45631/	14:53
*** xga has joined #openstack-dev		14:54
jgriffith	mkerrin: looks good, however wanted to make sure you tested this out using the new flag	14:54
jgriffith	mkerrin: I did something like this a long long time ago and it broke nova/ec2	14:54
*** Mandell has joined #openstack-dev		14:55
*** aeperezt has joined #openstack-dev		14:55
*** radez is now known as radez_g0n3		14:55
*** radez_g0n3 is now known as radez		14:55
*** freedomhui has joined #openstack-dev		14:56
*** xga_ has quit IRC		14:56
mkerrin	jgriffith: I have tried it out in devstack, but haven't put it into our test system yet. Nothing in devstack is amiss from what I can see	14:57
jgriffith	mkerrin: well, in devstack though did you use your new flag or let it default back to the old one?	14:58
jgriffith	mkerrin: know what I mean?	14:58
jgriffith	mkerrin: you have a safety in there to revert and devstack by default won't use the new flag so....	14:58
*** flaper87 is now known as flaper87\|afk		14:58
*** noslzzp has quit IRC		14:59
*** yamahata has joined #openstack-dev		14:59
*** sandywalsh has joined #openstack-dev		14:59
*** prekarat has quit IRC		14:59
*** SergeyLukjanov has quit IRC		15:01
*** dubsquared has joined #openstack-dev		15:01
*** reidrac has quit IRC		15:02
*** avishay has joined #openstack-dev		15:02
*** SergeyLukjanov has joined #openstack-dev		15:03
*** davidhadas has quit IRC		15:03
*** lbragstad has left #openstack-dev		15:04
*** ruhe has joined #openstack-dev		15:04
*** sandywalsh has quit IRC		15:05
*** sahid has joined #openstack-dev		15:05
*** danwent has quit IRC		15:06
*** cdub has joined #openstack-dev		15:06
*** maheshp1 has quit IRC		15:06
*** noslzzp has joined #openstack-dev		15:07
*** markwash has joined #openstack-dev		15:07
*** flaper87\|afk is now known as flaper87		15:08
*** mdenny has joined #openstack-dev		15:08
*** mattmalesky has joined #openstack-dev		15:09
*** lbragstad has joined #openstack-dev		15:11
*** mrodden has quit IRC		15:12
*** souvik1 has joined #openstack-dev		15:13
*** souvik1 has quit IRC		15:13
*** jecarey has quit IRC		15:13
*** adjohn has joined #openstack-dev		15:14
*** souvik has quit IRC		15:14
mkerrin	jgriffith: sorry there, I have set the option but I now see that the environment isn't multi az, I will test that now	15:14
*** lbragstad has left #openstack-dev		15:14
jgriffith	mkerrin: thanks! Just want to make sure we don't run into a surprise in a couple months :)	15:15
*** Max__ has quit IRC		15:15
*** jecarey has joined #openstack-dev		15:15
*** Max__ has joined #openstack-dev		15:15
*** davi67232 has joined #openstack-dev		15:18
*** pmathews has joined #openstack-dev		15:18
*** adjohn has quit IRC		15:18
*** Mandell has quit IRC		15:20
*** sandywalsh has joined #openstack-dev		15:21
*** markmcclain has quit IRC		15:21
*** paragan has quit IRC		15:23
*** jvrbanac has joined #openstack-dev		15:23
*** mrodden has joined #openstack-dev		15:23
*** rnirmal has joined #openstack-dev		15:25
*** imsurit has joined #openstack-dev		15:26
*** danwent has joined #openstack-dev		15:29
*** davi67232 has quit IRC		15:32
*** jecarey has quit IRC		15:32
*** yaguang has joined #openstack-dev		15:33
roaet	Is there a separate project for documentation? I'm reading the neutron docs and would like to propose a change, or at least see if a 'bug' has been filed for said change. Would I use the neutron launchpad or is there something else? This is primarily in regards to docs.openstack.org.	15:35
jgriffith	roaet: yes there is	15:35
jgriffith	roaet: depending on what you're looking at specifically: https://github.com/openstack/openstack-manuals	15:36
roaet	jgriffith: thank you. for some reason I didn't consider *-manuals.	15:36
*** thouveng has quit IRC		15:37
*** pmathews has quit IRC		15:38
*** prad has joined #openstack-dev		15:38
*** jprovazn has joined #openstack-dev		15:40
*** xga_ has joined #openstack-dev		15:41
*** sumanthns has joined #openstack-dev		15:41
*** pmathews has joined #openstack-dev		15:42
*** xga has quit IRC		15:42
*** kbrierly has joined #openstack-dev		15:43
*** adjohn has joined #openstack-dev		15:44
*** yassine has quit IRC		15:46
*** chenxu has joined #openstack-dev		15:47
*** romcheg has joined #openstack-dev		15:47
*** romcheg has left #openstack-dev		15:48
*** zaitcev has joined #openstack-dev		15:48
*** gmoro has joined #openstack-dev		15:49
*** adjohn has quit IRC		15:49
*** xarses has quit IRC		15:49
*** gargya has quit IRC		15:49
*** doron_afk has joined #openstack-dev		15:50
*** erfanian has quit IRC		15:50
*** xqueralt is now known as xqueralt-afk		15:51
*** gargya has joined #openstack-dev		15:51
*** kbrierly has quit IRC		15:52
*** colinmcnamara has joined #openstack-dev		15:52
*** eglynn is now known as eglynn-on-a-call		15:53
*** sridevi has joined #openstack-dev		15:54
*** networkstatic has joined #openstack-dev		15:56
*** networkstatic has quit IRC		15:56
*** colinmcnamara has quit IRC		15:57
*** JordanP has quit IRC		15:58
*** dnoll has joined #openstack-dev		15:58
*** bdpayne has joined #openstack-dev		15:59
*** devoid has joined #openstack-dev		16:00
*** sridevi has quit IRC		16:00
*** sridevi has joined #openstack-dev		16:01
*** gargya has quit IRC		16:02
*** ndipanov has quit IRC		16:02
*** giroro_ has joined #openstack-dev		16:03
*** feleouet has quit IRC		16:03
*** Ruetobas has quit IRC		16:03
*** kaushikc has joined #openstack-dev		16:04
*** msmedved has quit IRC		16:04
*** morazi has quit IRC		16:04
*** jcoufal is now known as jcoufal_mtg		16:04
dnoll	#openstack-meeting	16:05
*** xga_ has quit IRC		16:05
*** dolphm has quit IRC		16:05
*** hartsocks has joined #openstack-dev		16:06
*** davi67232 has joined #openstack-dev		16:07
*** reed has joined #openstack-dev		16:07
*** giroro_ has quit IRC		16:08
*** xga has joined #openstack-dev		16:08
*** hartsocks has left #openstack-dev		16:08
*** hemnafk is now known as hemna		16:08
*** jecarey has joined #openstack-dev		16:09
*** kbrierly has joined #openstack-dev		16:09
*** erfanian has joined #openstack-dev		16:09
*** corXi has quit IRC		16:09
*** garyk has quit IRC		16:10
chenxu	is there any (good) documentation on how to use provider networks?	16:11
*** mlavalle has quit IRC		16:12
chenxu	I am a bit confused: the physical network setup seems to be per-agent	16:12
*** mattmalesky has quit IRC		16:12
*** dolphm has joined #openstack-dev		16:12
chenxu	and when I do net-create, that's going against the neutron service, which may not know about the local physical networks	16:12
chenxu	not sure if that's why I got:	16:12
chenxu	neutron net-create --shared --router:external=True --tenant-id=demo --provider:network_type=flat --provider:physical_network=pnet1 outside	16:12
chenxu	Invalid input for operation: Unknown provider:physical_network pnet1.	16:12
*** sahid has quit IRC		16:12
*** gyee has joined #openstack-dev		16:13
*** vartom10 has joined #openstack-dev		16:13
*** angdraug has joined #openstack-dev		16:14
*** Ruetobas has joined #openstack-dev		16:14
*** davi67232 has quit IRC		16:14
*** adjohn has joined #openstack-dev		16:15
*** kaushikc has quit IRC		16:15
*** kaushikc has joined #openstack-dev		16:16
*** jasdeepH has joined #openstack-dev		16:16
*** ndipanov has joined #openstack-dev		16:17
*** morazi has joined #openstack-dev		16:18
*** radez is now known as radez_g0n3		16:18
*** lbragstad has joined #openstack-dev		16:18
*** devvesa has quit IRC		16:19
*** xarses has joined #openstack-dev		16:19
*** jpich has quit IRC		16:19
*** alop has joined #openstack-dev		16:19
*** yaguang has quit IRC		16:19
*** yves has quit IRC		16:20
*** adjohn has quit IRC		16:20
*** reed has quit IRC		16:20
*** sarob has joined #openstack-dev		16:21
*** o_petit_ has quit IRC		16:21
*** cdub has quit IRC		16:21
*** radez_g0n3 is now known as radez		16:22
*** o_petit has joined #openstack-dev		16:22
*** egallen has joined #openstack-dev		16:22
*** doron_afk has quit IRC		16:24
*** alop has quit IRC		16:24
*** sarob has quit IRC		16:26
*** sarob has joined #openstack-dev		16:27
*** afazekas has quit IRC		16:27
*** boris-42 has quit IRC		16:29
*** jistr has quit IRC		16:31
*** ifarkas has quit IRC		16:32
*** Max__ has quit IRC		16:32
*** markwash has quit IRC		16:32
*** comay has quit IRC		16:34
*** comay has joined #openstack-dev		16:34
*** sumanthns has quit IRC		16:34
*** comay has quit IRC		16:34
*** dguitarbite has quit IRC		16:35
mkerrin	jgriffith: I have tested that change in a multi-az devstack's setup and everything is working as I was expecting.	16:35
*** chenxu has quit IRC		16:35
*** devvesa has joined #openstack-dev		16:36
*** leif has joined #openstack-dev		16:36
*** leif is now known as Guest58099		16:36
*** vartom10 has quit IRC		16:37
*** feleouet has joined #openstack-dev		16:37
*** dguitarbite has joined #openstack-dev		16:37
*** SumitNaiksatam has quit IRC		16:38
*** o_petit has quit IRC		16:38
*** safchain has quit IRC		16:38
*** xga_ has joined #openstack-dev		16:40
*** reed has joined #openstack-dev		16:41
*** xga has quit IRC		16:42
*** isd has joined #openstack-dev		16:42
*** vartom10 has joined #openstack-dev		16:43
*** devvesa has quit IRC		16:43
*** ndipanov has quit IRC		16:45
*** marun has joined #openstack-dev		16:46
*** dachary has quit IRC		16:46
*** adjohn has joined #openstack-dev		16:46
ekarlso-	5	16:46
*** dkranz has joined #openstack-dev		16:46
*** sushils has quit IRC		16:47
*** sushils has joined #openstack-dev		16:48
*** yjiang5 has joined #openstack-dev		16:48
*** otherwiseguy has quit IRC		16:48
*** dachary has joined #openstack-dev		16:48
*** adjohn has quit IRC		16:51
*** vuil has joined #openstack-dev		16:51
*** epim has joined #openstack-dev		16:51
*** ndipanov has joined #openstack-dev		16:51
*** sushils has quit IRC		16:52
*** garyk has joined #openstack-dev		16:52
*** bknudson has left #openstack-dev		16:52
*** henrynash has joined #openstack-dev		16:52
*** fbo is now known as fbo_away		16:53
*** cdub has joined #openstack-dev		16:54
henrynash	ayoung: you around?	16:54
*** kaushikc has quit IRC		16:55
*** nati_ueno has joined #openstack-dev		16:57
*** sushils has joined #openstack-dev		16:57
*** imsurit has quit IRC		16:58
*** kbrierly has quit IRC		16:59
*** markmcclain has joined #openstack-dev		16:59
henrynash	ayoung, bknudson, morganfainberg, gyee: looking to move https://review.openstack.org/#/c/45584/ along…	16:59
*** kbrierly has joined #openstack-dev		17:00
*** davi67232 has joined #openstack-dev		17:01
*** athomas has quit IRC		17:01
gyee	henrynash, looking ...	17:02
henrynash	gyee: thx	17:03
*** krtaylor has quit IRC		17:03
*** adalbas has quit IRC		17:04
*** vartom10 has quit IRC		17:04
*** RajeshMohan has quit IRC		17:04
*** RajeshMohan has joined #openstack-dev		17:04
*** mlavalle has joined #openstack-dev		17:04
*** harlowja has joined #openstack-dev		17:05
*** lucas-afk is now known as lucasagomes		17:05
*** asavu has joined #openstack-dev		17:07
*** bknudson has joined #openstack-dev		17:07
*** SergeyLukjanov has quit IRC		17:09
*** sridevi has quit IRC		17:11
*** tkammer has quit IRC		17:11
*** RajeshMohan has quit IRC		17:11
*** dubsquared has quit IRC		17:11
*** RajeshMohan has joined #openstack-dev		17:11
*** ruhe has quit IRC		17:14
*** johnthetubaguy has quit IRC		17:14
*** xga_ has quit IRC		17:15
*** arnaudvm has joined #openstack-dev		17:15
*** xga_ has joined #openstack-dev		17:16
*** adjohn has joined #openstack-dev		17:16
*** Mandell has joined #openstack-dev		17:17
*** adalbas has joined #openstack-dev		17:18
*** SumitNaiksatam has joined #openstack-dev		17:19
*** isd has quit IRC		17:19
*** alop has joined #openstack-dev		17:19
*** markwash has joined #openstack-dev		17:20
*** gimps has quit IRC		17:20
*** networkstatic has joined #openstack-dev		17:20
*** noslzzp has quit IRC		17:20
*** adjohn has quit IRC		17:21
*** xga_ has quit IRC		17:21
*** gimps has joined #openstack-dev		17:22
*** alop_ has joined #openstack-dev		17:22
*** msmedved has joined #openstack-dev		17:23
*** RajeshMohan has quit IRC		17:23
*** alop has quit IRC		17:24
*** RajeshMohan has joined #openstack-dev		17:24
*** alop_ is now known as alop		17:24
*** davi67232 has quit IRC		17:24
*** vartom10 has joined #openstack-dev		17:24
arosen	thank garyk looks good to me.	17:25
*** Ryan_Lane has joined #openstack-dev		17:25
*** ruhe has joined #openstack-dev		17:25
*** comay has joined #openstack-dev		17:26
*** davi67232 has joined #openstack-dev		17:26
*** adalbas has quit IRC		17:27
*** Ryan_Lane1 has joined #openstack-dev		17:27
*** Ryan_Lane has quit IRC		17:27
*** sushils has quit IRC		17:28
*** safchain has joined #openstack-dev		17:28
*** avishay has quit IRC		17:28
*** safchain has quit IRC		17:29
*** MaxV_ has joined #openstack-dev		17:29
*** dubsquared has joined #openstack-dev		17:29
*** alop has quit IRC		17:29
*** wfoster is now known as wfoster_away		17:30
morganfainberg	mornin.	17:31
morganfainberg	dolphm, ping	17:31
dolphm	morganfainberg: o/	17:31
*** chenxu has joined #openstack-dev		17:31
morganfainberg	dolphm, https://bugs.launchpad.net/keystone/+bug/1219739 looks to be at least partially invalid	17:31
uvirtbot	Launchpad bug 1219739 in keystone "LDAP use 'tenant_id' instead of 'tenantId' in user_ref" [Medium,New]	17:31
morganfainberg	dolphm, ldap we don't store "extra" data (e.g. tenantId) on users	17:32
morganfainberg	and by default tenant_id (or should be tenantId) is explicitly in the ignored attributes	17:32
morganfainberg	dolphm, just making sure i'm not crazy before commenting on it.	17:32
*** ndipanov has quit IRC		17:33
dolphm	morganfainberg: those both sound like reasonable assertions, but i really don't know off hand without looking/testing	17:34
morganfainberg	dolphm, yeah, i'll hit up bknudson or ayoung later today and confirm.	17:34
morganfainberg	dolphm, but i should have it wrapped up today (one way or another)	17:35
dolphm	morganfainberg: awesome	17:35
bknudson	morganfainberg: there are a lot of weird config options for LDAP... you can ignore attributes and assign keystone attrs to random LDAP attrs.	17:36
*** Ryan_Lane1 has quit IRC		17:36
*** Ryan_Lane has joined #openstack-dev		17:36
*** jasdeepH has quit IRC		17:36
morganfainberg	bknudson, yeah i know. i don't think we explicitly have a store for tenant_id/tenantId/project_id/projectId though	17:36
*** larsks has joined #openstack-dev		17:37
morganfainberg	it's just a "go add a user to a role in this project" if it exists	17:37
*** davi67232 has quit IRC		17:37
morganfainberg	and if you don't "ignore" tenant_id, and pass it in (or anything like that) you get a nice key error traceback since ldap doesn't know what to do (at least in my testing)	17:37
morganfainberg	gyee, ping	17:37
gyee	yes sir	17:38
*** alop has joined #openstack-dev		17:39
*** adalbas has joined #openstack-dev		17:39
morganfainberg	gyee, regarding your comment on the domain cleanup. Do you have another suggestion on doing the domain_Scope (driver) lookup but not exposing ourselves to referencing an incorrect domain?	17:39
morganfainberg	e.g., domain != user.domain, but the backend ends up being correct (the default driver)	17:39
morganfainberg	maybe an explicit check to see if domain_ref id == user.domain_id instead of the second lookup?	17:40
*** kiall has quit IRC		17:41
*** davi67232 has joined #openstack-dev		17:41
*** chenxu has quit IRC		17:41
gyee	morganfainberg, I don't understand why you need that change in the first place, seems like backing out the changes should be fine	17:41
morganfainberg	gyee, i'd like to correct the double lookup on domain, but not disallow password auth with the per-domain-backends	17:41
morganfainberg	gyee, today, we don't have domain_scope to look up by user_id	17:41
gyee	user_id is globally unique	17:41
*** mlavalle has quit IRC		17:42
morganfainberg	gyee, unfortunately, no it isn't with per-domain backends	17:42
morganfainberg	well. not guaranteed to be	17:42
*** mlavalle has joined #openstack-dev		17:42
gyee	morganfainberg, then we have a much bigger problem	17:42
morganfainberg	and you still don't know what domain the ID driver is coming from when using the per-domain backends.	17:42
gyee	in that case, we'll need API spec changes	17:42
morganfainberg	gyee, this has been discussed a lot. it's an issue with the implementation. the goal is to get this to "expirimental" and finish the cleanup in icehouse	17:43
morganfainberg	gyee, and include the domain with the user ID (int he case of LDAP the full DN as the user_id)	17:44
morganfainberg	gyee, but I didn't want to risk the massive change to format / etc and possible api shifts in havana	17:44
*** krtaylor has joined #openstack-dev		17:44
*** HenryG has quit IRC		17:45
morganfainberg	gyee, and even if user_id was globally unique, right now we don't know the domain backend to use for the lookup (if the per-domain-identity backend is used)	17:45
*** RajeshMohan has quit IRC		17:45
*** RajeshMohan has joined #openstack-dev		17:46
gyee	morganfainberg, user_id needs to be globally unique per API spec, if you want to be creative by encoding it into the user_id that's fine	17:46
gyee	user_id=domain_id:user_id	17:46
*** ndipanov has joined #openstack-dev		17:46
morganfainberg	gyee, right. but i didn't want to try and handle that kind of change this late in the cycle. there are other implications.	17:46
morganfainberg	gyee, and this split-per-domain backend is experimental at best in havana	17:47
*** davi67232 has quit IRC		17:47
*** dhellmann is now known as dhellmann_		17:47
*** adjohn has joined #openstack-dev		17:47
*** blamar has joined #openstack-dev		17:47
morganfainberg	i can instead do a user.domain_id == domain_ref['id'] or raise unauthorized there and get the same effect.	17:47
gyee	morganfainberg, I think we should punt it, this topic need more indepth review	17:47
*** noslzzp has joined #openstack-dev		17:48
*** o_petit has joined #openstack-dev		17:48
*** adjohn has quit IRC		17:48
gyee	this is high risk for havana anyway	17:48
*** adjohn has joined #openstack-dev		17:48
morganfainberg	gyee, i'm not opposed to that. dolphm, bknudson, henrynash, care to weigh in.	17:48
morganfainberg	i know we've discussed this a bunch.	17:48
*** isd has joined #openstack-dev		17:49
bknudson	morganfainberg: I don't see us making major pervasive changes like user-id handling for havana at this point.	17:50
morganfainberg	gyee, i think the other option is to mark this feature as "don't use at all" vs. "expirimental"	17:50
bknudson	I prefer don't use at all rather than experimental if we know there are things that don't work.	17:50
morganfainberg	bknudson, right. the question falls into the cleanup to hit "expirimental" on the per-domain-split.	17:50
bknudson	because I don't want to be getting bug reports	17:50
*** AlanClark has joined #openstack-dev		17:51
morganfainberg	bknudson, i'm perfectly fine with that. I'd like to pull all the referencing docs for it then, and examples out of the keystone.conf.sample	17:51
gyee	morganfainberg, if Keystone is a car, I wonder if an experimental feature will get us lots of lawsuits :)	17:51
*** kiall has joined #openstack-dev		17:51
bknudson	morganfainberg: yes, that sounds like the way to go to make it not usable	17:52
morganfainberg	gyee, i'm not in disagreement (though your use of a car metaphor makes be cringe :P) i was going based upon the previous conversation	17:52
bknudson	we can try again in icehouse, now that we know what (some of) the problems are	17:52
gyee	bknudson, yeah, I agreed	17:52
*** sumanthns has joined #openstack-dev		17:52
morganfainberg	i just want to make sure we have buy-in for pulling the docs and such.	17:52
*** yjiang5 is now known as yjiang_away		17:52
*** yjiang_away has quit IRC		17:52
*** jasdeepH has joined #openstack-dev		17:52
bknudson	morganfainberg: thanks for looking into this and figuring out how much work it is to get it working	17:53
morganfainberg	bknudson, i don't think we need to wedge in extra disable code though, just pulling docs should be sufficient	17:53
*** salv-orlando has quit IRC		17:54
*** admiyo has quit IRC		17:54
henrynash	bknudson, morganfainberg: I felt that our "experimental" description was sufficient for us to go forward….but am happy with the collective view...	17:54
*** ayoung_ has joined #openstack-dev		17:54
*** HenryG has joined #openstack-dev		17:54
morganfainberg	henrynash, i don't see it impacting LDAP identity and SQL assignment configuration	17:55
morganfainberg	henrynash, just simply the split-per-domain-identity backend	17:55
*** ndipanov is now known as ndipanov_gone		17:55
henrynash	disabling is, of course, easy. we just never let the config setting get set	17:55
morganfainberg	henrynash, aye.	17:55
gyee	morganfainberg, I have a feeling this feature will be replace in favor on federation	17:55
gyee	replaced	17:55
morganfainberg	gyee, i think that this feature will be incorporated by the federation stuff (e.g. same net effect)	17:56
ayoung_	sorry guysm forgot I had changed my nick...	17:56
*** sumanthns has quit IRC		17:57
gyee	ayoung_, how do I know you are the real ayoung :)	17:57
bknudson	ayoung_: can you pgp sign something for us?	17:58
*** mlavalle has quit IRC		17:58
henrynash	morganfainberg, gyee: I'd personally still like us to keep it in as experimental….with morganfainberg's changes	17:58
*** david-lyle has quit IRC		17:58
*** yjiang5 has joined #openstack-dev		17:58
morganfainberg	gyee, but yes, i agree, esp. if we end up making SQL/LDAP/etc talk the same mechanism as other federation like sources of identity	17:58
bknudson	I don't have a problem with experimental, but I don't really see the point of it? It doesn't work and we're not going to fix it.	17:58
morganfainberg	bknudson, i haven't trusted ayoung_ 's pgp key, even if he signs it, how do i know it's him :P	17:59
*** ayoung_ is now known as ayoung		17:59
*** RajeshMohan has quit IRC		17:59
ayoung	just /ghost ed some poor soul	17:59
*** RajeshMohan has joined #openstack-dev		17:59
morganfainberg	ayoung, poor poor soul.	17:59
* ayoung reads up		17:59
bknudson	it was probably the real ayoung.	18:00
*** yjiang5 has left #openstack-dev		18:00
ayoung	well, his password was 'password'	18:00
henrynash	bknudson: I think with morganfainberg's changes it will work, with restrictions, no?	18:00
*** boris-42 has joined #openstack-dev		18:00
bknudson	if we know the restrictions and can document then I'm fine with that.	18:00
xarses	at least it wasn't 1234	18:01
*** davi67232 has joined #openstack-dev		18:01
*** spzala has quit IRC		18:01
morganfainberg	xarses, 12345, 12345? amazing, thats the code to my luggage	18:01
ayoung	Patch set 3...wake me when morganfainberg gets to double digits,	18:01
henrynash	bknudson: I think we can….	18:01
ayoung	I hate Yoghurt	18:01
gyee	henrynash, I have a problem with the user_id no longer globally unique part	18:01
ayoung	user_id stays globally unique	18:01
*** alexpilotti has quit IRC		18:02
ayoung	I kaibosh making them non-globally unique	18:02
gyee	that would be contradicting the API spec	18:02
morganfainberg	gyee, it's an edgecase that -could- happen	18:02
morganfainberg	not expected to	18:02
morganfainberg	nor supported	18:02
ayoung	nope	18:02
ayoung	we should not allow it	18:02
morganfainberg	ayoung, that requires the changes to user_id i was hesitant to make this late in havana	18:02
gyee	ayoung, yeah I agreed	18:02
bknudson	I'm worried not handling non-unique IDs probably would raise a security exposure.	18:03
henrynash	gyee: I would agree, but we're saying it must still be globally unique	18:03
ayoung	morganfainberg,then don't make them....we live with an imperfect implementation for a release	18:03
bknudson	if one company could assign an ID that another company has and mask their user	18:03
morganfainberg	bknudson, the explicit domain lookups should prevent that.	18:03
*** melwitt has joined #openstack-dev		18:03
morganfainberg	but, i can't guarantee that without a lot more testing	18:03
ayoung	bknudson that is why we need to order the domains. I had a blueprint that discussed this....one sec	18:04
*** Mandell has quit IRC		18:04
morganfainberg	ayoung, that is my plan, i wasn't going to make those changes this cycle. in fact, i would -2 any attempts to make a change to the user_id handling this late.	18:04
morganfainberg	ayoung, it would be a big risk/potential for lots of bugs.	18:05
*** RajeshMohan has quit IRC		18:05
*** RajeshMohan has joined #openstack-dev		18:05
bknudson	+239, -131 lines changes and only +21, -12 / +7, -4 are tests?	18:05
*** ruhe has quit IRC		18:05
ayoung	https://etherpad.openstack.org/chain-of-domains	18:05
*** lnxnut has joined #openstack-dev		18:06
*** asavu has quit IRC		18:06
morganfainberg	bknudson, i can add in more tests if you would like, but i am looking for feedback on approach as well before diving in to the tests. i am leaning more and more towards your and gyee 's view that expirimental is even possibly too much risk	18:07
ayoung	morganfainberg, so multiple domains in SQL are going to use the UUID approach. Any LDAP based domains should be registered using DNs, and then the IDs will be checked against that apttern. SAML, and ABFAB probably have similar concepts. Bascially, we need to embed the domain in the user_id	18:07
morganfainberg	ayoung, even with UUID you still need to know the domain to lookup from.	18:07
morganfainberg	ayoung, but the id should def. be unique.	18:08
morganfainberg	that way	18:08
*** jasdeepH has quit IRC		18:08
*** xqueralt-afk is now known as xqueralt		18:08
morganfainberg	e.g. it is possible to have 2 domains in separate sql stores… or would that not be supported?	18:08
bknudson	I believe we expected to support multiple SQL stores just like multiple LDAPs	18:09
henrynash	bknudson: true	18:09
*** yolanda has quit IRC		18:10
*** davi67232 has quit IRC		18:10
*** tmclaugh[work] has quit IRC		18:10
morganfainberg	ayoung, if we do the harder split, where ID becomes silo'd off (convo from yesterday) and it talks a standard-ish federation protocol, we could eliminate this problem at the same time.	18:10
*** xqueralt is now known as xqueralt-afk		18:11
*** RajeshMohan has quit IRC		18:11
gyee	bknudson, henrynash, I wonder what's likelihood of multiple SQL deployment, or even multiple LDAP	18:12
*** tmclaugh[work] has joined #openstack-dev		18:12
morganfainberg	gyee, i think HP has a need for multiple LDAP backends (the origin on this bug report)	18:12
gyee	morganfainberg, not my part of HP :)	18:12
morganfainberg	gyee, hehe	18:13
henrynash	morganfainberg: I would think anyone using OS to run a public cloud that supportd enterprises would need this	18:13
gyee	henrynash, that would be federation where IdP maintain the own LDAP	18:13
morganfainberg	henrynash, even in a private cloud, i know I want to use a separate store for the project my company uses to support the cloud	18:14
*** Mandell has joined #openstack-dev		18:14
morganfainberg	s/project/domain	18:14
*** boris-42 has quit IRC		18:15
bknudson	classic example is OpenStack users (nova, etc) in one store and company users in LDAP	18:15
morganfainberg	bknudson ++	18:15
bknudson	OpenStack users in SQL	18:15
morganfainberg	"system"/manager accounts don't need to be in the corporate LDAP/IdP that way.	18:16
*** freedomhui has quit IRC		18:16
*** o_petit has quit IRC		18:16
*** boris-42 has joined #openstack-dev		18:17
*** jvrbanac has quit IRC		18:17
*** vipul is now known as vipul-away		18:17
*** dnoll has quit IRC		18:19
*** jvrbanac has joined #openstack-dev		18:19
*** gimps_ has joined #openstack-dev		18:21
*** dprince has quit IRC		18:22
*** maheshp has joined #openstack-dev		18:22
*** drewlander has quit IRC		18:23
gyee	bknudson, morganfainberg, yeah, that's a legit use case	18:23
*** Mandell has quit IRC		18:24
bknudson	gyee: or did you want a car analogy about employee / customer parking spots?	18:24
gyee	its still one parking lot :)	18:25
bknudson	this gives us separate lots	18:25
*** Mandell has joined #openstack-dev		18:25
morganfainberg	so, real-world use case (literally got this email 10 minutes ago). company wants the users for my company (we manage the cloud) in separate parking lot^H^Hnamspace from their users	18:26
*** vipul-away is now known as vipul		18:26
*** prometheanfire has joined #openstack-dev		18:26
morganfainberg	just asked us to do a split like this, and similarly, for the system users.	18:26
*** dachary has quit IRC		18:26
gyee	but user_id still need to be unique within the context of Keystone	18:27
*** dachary has joined #openstack-dev		18:27
morganfainberg	gyee, agreed. in ldap, ideally it should be the full DN (we can derive the domain from that), and SQL / Federation we would need to know how to derive the right domain.	18:28
*** safchain has joined #openstack-dev		18:28
bknudson	then you need a mapping from DN -> domain, etc	18:28
*** safchain has quit IRC		18:28
morganfainberg	bknudson, correct.	18:28
prometheanfire	does https://bugs.launchpad.net/keystone/+bug/1179955 CVE-2013-4222 effect grizzly/folsom?	18:29
uvirtbot	prometheanfire: RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222)	18:29
uvirtbot	Launchpad bug 1179955 in ossn "Disabling a tenant would not disable a user token" [High,Fix released]	18:29
morganfainberg	bknudson, but that is far easier than "Example_User_Name"	18:29
morganfainberg	which could be cn=	18:29
morganfainberg	"example_user_name",dc=example or dc=example2 etc	18:29
bknudson	makes sense for DN, but what about UUID / SQL?	18:29
morganfainberg	bknudson, UUID:domain ?	18:30
bknudson	like a domain UUID ?	18:30
morganfainberg	yeah.	18:30
morganfainberg	or user_id@domain	18:30
*** SergeyLukjanov has joined #openstack-dev		18:30
*** safchain has joined #openstack-dev		18:31
bknudson	makes sense, just not sure how it fits into keystone code.	18:32
morganfainberg	or, we could make ID speak some kind of federation protocol, and use that to do the domain peice, similar to what ayoung stated above (and in the etherpad)	18:32
*** lefoo77 has joined #openstack-dev		18:32
*** lefoo77 has quit IRC		18:33
morganfainberg	even run ID as a separate process if needed (keystone-id) (**Note I don't advocate this, but, it is an option)	18:34
bknudson	horizon is going to need to talk directly to all these IDs or point to their GUI.	18:35
morganfainberg	bknudson, fair point.	18:36
*** drewlander has joined #openstack-dev		18:37
ayoung	no multiple SQL stores	18:38
ayoung	or , if we do that, we embed the domain in the user id	18:38
*** safchain has quit IRC		18:39
*** luis has joined #openstack-dev		18:39
ayoung	twas IBM that wanted multiple LDAPs, which is why henrynash did it	18:39
prometheanfire	chmouel: ping	18:39
*** marios has quit IRC		18:40
*** bashok has joined #openstack-dev		18:40
ayoung	morganfainberg, bknudson sounds like we are all on the same measure, and playing the same tune.	18:40
*** marios has joined #openstack-dev		18:40
*** amohn9 has joined #openstack-dev		18:40
bknudson	ayoung: I think we're still not sure what to do with existing support in Havana.	18:41
*** davi67232 has joined #openstack-dev		18:41
bknudson	ayoung: full fix, quick fix, experimental, remove ?	18:41
ayoung	bknudson, has anyone even tested if DNs work as is?	18:41
bknudson	ayoung: I haven't heard of anyone testing DNs... not sure how it work work	18:42
bknudson	can I just put DN in for the ID attribute?	18:42
ayoung	bknudson, I was halfway through it last week	18:42
ayoung	bknudson, yep	18:42
bknudson	should be easy to set up with the devstack support	18:42
ayoung	bknudson, yeah, except for creating users...needs to be read only	18:42
bknudson	ayoung: ok, not going to work with devstack then.	18:43
gyee	any plan to do lazy provisioning of LDAP users in Keystone	18:43
ayoung	gyee, why	18:44
ayoung	gyee, what does that mean? Making a duplicate record from LDAP in the SQL backend?	18:44
gyee	I thought someone was asking for it so they can assign roles	18:44
gyee	and suspend/disable users	18:45
*** dmakogon_ has joined #openstack-dev		18:45
morganfainberg	ayoung, we would need a migration script. user_id is varchar(64), 255 is needed for full dn possibvilities	18:45
morganfainberg	iirc	18:45
gyee	ayoung, correct, basically creating a shadow account in SQL	18:45
ayoung	morganfainberg, acha	18:45
*** spzala has joined #openstack-dev		18:46
ayoung	morganfainberg, that should be an acceptable migration, though...	18:46
morganfainberg	ayoung, yes	18:46
*** yolanda has joined #openstack-dev		18:46
morganfainberg	ayoung, the migration of exisiting data is a bit more work, but not a lot.	18:46
ayoung	gyee, I think not. User stay in ldap, assignments are the only "shadow"	18:46
morganfainberg	e.g. from user_id to full dn	18:46
ayoung	morganfainberg, existing data should left alone	18:46
gyee	k, that make sense	18:46
ayoung	morganfainberg, mixed ldap/sql is not going to be migrated	18:47
*** bswrchrd has joined #openstack-dev		18:47
ayoung	and wasn't supported before Havana2/3	18:47
morganfainberg	ayoung, ah yes	18:47
*** novas0x2a\|laptop has joined #openstack-dev		18:47
ayoung	morganfainberg, you only need to migrate the assignments backend	18:47
*** danpb has quit IRC		18:47
ayoung	leave identity as is, or do it in a follow on migration if we really want to be on par	18:48
*** wal99d has joined #openstack-dev		18:48
morganfainberg	i'd say consistent makes sense, but doesn't really matter	18:48
ayoung	follow on migration in Icehouse, though...we don't need for Havana	18:48
morganfainberg	my guess is it'll change in icehouse either way	18:48
*** networkstatic has quit IRC		18:49
gyee	ayoung, so what does it mean? experimental and unsupported?	18:49
ayoung	gyee, I say we fix the assignements backend.	18:50
ayoung	for Havana	18:50
*** thedodd has joined #openstack-dev		18:50
ayoung	tis a minor fix...	18:50
*** networkstatic has joined #openstack-dev		18:50
morganfainberg	ayoung, and we need to fix group to be dn as well	18:50
morganfainberg	but same fix	18:50
morganfainberg	just noticed that	18:50
*** davi67232 has quit IRC		18:51
ayoung	morganfainberg, figured you would get that...all IDs from identity....	18:52
morganfainberg	ayoung, yeah.	18:52
*** david-lyle has joined #openstack-dev		18:53
morganfainberg	ok, so the scope has been increased for the fixup to include migration and making user_id full DNs for ldap backend?	18:53
morganfainberg	in assignment that is	18:53
morganfainberg	user_id/group_id sorry.	18:53
morganfainberg	erm. crud. LDAP identity, sql assignment	18:53
morganfainberg	there.	18:53
*** epim has quit IRC		18:54
*** bknudson has left #openstack-dev		18:55
*** jecarey has quit IRC		18:56
*** lucasagomes has quit IRC		18:57
insanidade	what are the env variables I must set for running admin commands againts keystone ?	18:57
insanidade	OS_* ??	18:57
ayoung	morganfainberg, separate bug, separate review	18:58
dolphm	insanidade: http://pasteraw.com/1zesvx5rhxxtg3vaow05l3tlkonnwcf	18:58
ayoung	insanidade, OS_USERNAME OS_PASSWORD OS_AUTH_URL...or maybe Im lying	18:58
insanidade	dolphm, ayoung: you both are correct. I lost a text file where I recorded those tips. Thanks a lot.	18:59
morganfainberg	ayoung, right, but still in the scope of the fixup for havana. or are we ditching the expirimental support for multiple backends? I'm a little confused now.	18:59
ayoung	morganfainberg, still in scope, separate commit	18:59
*** dhellmann_ is now known as dhellmann		19:00
*** vipul is now known as vipul-away		19:00
*** sheepdog801 has joined #openstack-dev		19:01
*** jecarey has joined #openstack-dev		19:01
*** boris-42 has quit IRC		19:01
*** networkstatic has quit IRC		19:01
*** sheepdog801 has left #openstack-dev		19:01
henrynash	hi	19:02
henrynash	sorry, wrong window	19:03
*** asavu has joined #openstack-dev		19:04
insanidade	another question: according to the logs (screen sessions), all services are up and running. why do I get a 404 error after a 'neutron net-gateway-list' ?	19:05
*** cdub has quit IRC		19:06
*** jasdeepH has joined #openstack-dev		19:07
*** jasdeepH has quit IRC		19:07
*** alop_ has joined #openstack-dev		19:08
*** danwent has quit IRC		19:09
*** alop has quit IRC		19:09
*** alop_ is now known as alop		19:09
ayoung	morganfainberg, do we currently have a way to test if a domain is backend by LDAP or SQL?	19:10
ayoung	henrynash, you are always welcome to say Hi here	19:10
*** david-lyle has quit IRC		19:10
*** danwent has joined #openstack-dev		19:10
*** cdub has joined #openstack-dev		19:13
*** mkollaro has quit IRC		19:14
*** marios has quit IRC		19:14
*** marios has joined #openstack-dev		19:14
*** mlavalle has joined #openstack-dev		19:15
*** stevemar2 has joined #openstack-dev		19:16
*** stevemar has quit IRC		19:16
*** atiwari has joined #openstack-dev		19:16
*** SergeyLukjanov has quit IRC		19:16
*** xga_ has joined #openstack-dev		19:16
*** boris-42 has joined #openstack-dev		19:17
*** markwash has quit IRC		19:18
*** sushils has joined #openstack-dev		19:18
*** lnxnut has quit IRC		19:19
*** maheshp has quit IRC		19:20
*** maheshp has joined #openstack-dev		19:20
notmyname	in keystone, what is dogpile.cache?	19:21
*** xga_ has quit IRC		19:21
dolphm	notmyname: it provides a caching decorator that can utilize memcached, etc	19:21
*** SergeyLukjanov has joined #openstack-dev		19:22
notmyname	dolphm: any known reason it wouldn't be available on a CI devstack instance?	19:23
*** davi67232 has joined #openstack-dev		19:24
dolphm	notmyname: no? it's been in global-requirements for a while https://github.com/openstack/requirements/blob/master/global-requirements.txt#L9	19:24
notmyname	dolphm: perhaps a transient thing then http://logs.openstack.org/05/46105/2/check/gate-swift-devstack-vm-functional/f3b37d6/console.html	19:24
dolphm	notmyname: hmm	19:25
*** benonsoftware has quit IRC		19:25
*** yolanda has quit IRC		19:26
dolphm	notmyname: not a known bug as far as i'm aware	19:27
*** chenxu has joined #openstack-dev		19:27
notmyname	dolphm: k, thanks	19:27
*** otherwiseguy has joined #openstack-dev		19:29
*** epim has joined #openstack-dev		19:30
dolphm	notmyname: appears to be a transient unrelated to dogpile	19:31
dolphm	notmyname: look at the traceback at 2013-09-11 18:38:04.109	19:31
dolphm	notmyname: it fails to install keystone, attempts to run it anyway (?!), and dogpile just happens to be the first missing dependency it runs into	19:31
*** bswartz has quit IRC		19:32
dolphm	notmyname: sounds like a bug against devstack? or maybe pbr?	19:33
notmyname	dolphm: perhaps. maybe just a network hiccup? /me doesn't really know	19:33
*** amohn9 has quit IRC		19:33
dolphm	notmyname: appears to be a network hiccup to me, but devstack is not handling that failure correctly (it's ignoring it, instead of retrying or aborting)	19:34
*** bswartz has joined #openstack-dev		19:34
*** egallen has quit IRC		19:34
*** amohn9 has joined #openstack-dev		19:36
*** davi67232 has quit IRC		19:37
*** ruhe has joined #openstack-dev		19:37
*** fbo_away is now known as fbo		19:38
*** amohn9 has joined #openstack-dev		19:39
ayoung	isd, for planned Identity work, you might want to look at the blueprints: https://blueprints.launchpad.net/keystone	19:39
*** amohn9 has quit IRC		19:39
ayoung	isd, the summit topics are just getting posted now:	19:40
ayoung	http://summit.openstack.org/	19:40
*** ruhe has quit IRC		19:41
*** amohn9 has joined #openstack-dev		19:42
*** cdub has quit IRC		19:42
*** amohn9 has quit IRC		19:42
*** devoid has left #openstack-dev		19:42
*** bashok has left #openstack-dev		19:45
*** waa_ has quit IRC		19:46
*** boris-42 has quit IRC		19:47
*** drewlander has quit IRC		19:47
*** mattmalesky has joined #openstack-dev		19:48
*** david-lyle has joined #openstack-dev		19:49
*** sarob has quit IRC		19:52
*** benonsoftware has joined #openstack-dev		19:52
morganfainberg	ayoung, don't think we have a canonical way to know if a domain is SQL or LDAP or… anything else short of looking at the driver	19:55
*** vipul-away is now known as vipul		19:56
*** mangelajo has joined #openstack-dev		19:58
ayoung	morganfainberg, pattern of the user_id gets regiestered. UUID means sql. But that is not what I was asking....	19:58
ayoung	I want to know when I get a domain id whether the associated domain is ldap or sql	19:59
*** mangelajo has quit IRC		19:59
ayoung	so we can skip all of the delete domain stuff on the LDAP case	19:59
morganfainberg	ayoung, that was what i assumed you meant.	19:59
insanidade	hmm. ok. got it.	19:59
morganfainberg	wouldn't we want to still cleanup the assigment portion?	19:59
*** markwash has joined #openstack-dev		20:00
morganfainberg	ayoung, or you mean just skip anything on ID?	20:00
morganfainberg	e,g, delete user/group	20:00
*** topol has quit IRC		20:00
ayoung	dolphm, so...what if we let Keystone parse the policy config files it is handed. Keystone would then be able to deduce what a give token would be allowed to do. THen, instead of delegating a whole a role, a user could delegate the ability to execute individual api functions. Then, a token could say: only let the bearer execute function X on Nova....	20:02
*** mike has joined #openstack-dev		20:02
*** mike is now known as Guest52516		20:02
ayoung	stevemar2, ^^ how would you like that for oauth?	20:02
stevemar2	ayoung: just reading now... give me a sec	20:03
*** Guest52516 has quit IRC		20:03
*** msmedved has quit IRC		20:04
morganfainberg	ayoung, so keystone would be responsible for part of the enforcement chain? e.g. move all policy stuff into keystone?	20:05
*** msmedved has joined #openstack-dev		20:05
ayoung	morganfainberg, it is already supposed to be distributed from there	20:05
morganfainberg	ah.	20:05
morganfainberg	oh right	20:05
ayoung	policy is uploaded, keystone just treats it as a blob	20:05
morganfainberg	hence policy controllers.	20:05
*** sarob has joined #openstack-dev		20:06
ayoung	so..Keystone really doesn't even need to parse it, just evaluate against it	20:06
*** dolphm has quit IRC		20:06
ayoung	but pasing it would be nice for Horizon. They want to know "user has roles X Y and Z, what should I show them?"	20:06
stevemar2	ayoung: ahh, i get ya	20:07
stevemar2	ayoung: but there are a lot of policies once could delegate	20:08
*** rwsu has quit IRC		20:08
stevemar2	not sure if policy is the right word there	20:08
ayoung	is stevemar2 policy is the word we already use	20:08
ayoung	it is the rules file distribution backend in keystone	20:08
stevemar2	yeah	20:09
*** jecarey has quit IRC		20:09
ayoung	https://github.com/openstack/keystone/tree/master/keystone/policy	20:09
stevemar2	i'm just wondering if it's too fine grained?	20:09
stevemar2	what if i want the bearer to be able to do all network related tasks	20:09
ayoung	stevemar2, not for the actual deleagtion. And it will allow roles to be what they are supposed to be: course grained collections of permissions	20:09
ayoung	stevemar2, we can still deleaget roles. Just add in the individual APIs as an additional way to delegate	20:10
ayoung	either give them all, or just the ones they need	20:10
* stevemar2 nods		20:10
stevemar2	could be done	20:10
*** boden_ has joined #openstack-dev		20:11
sdague	zul: for what's left on the nova-client python3 compat changes, could we get a blueprint up for them? just easier to see all the patches that are related to it, and would probably ease the concerns of folks that want bugs for them.	20:11
ayoung	stevemar2, grew out of a discussion with my boss over this BZ entry I have assigned https://bugzilla.redhat.com/show_bug.cgi?id=905931	20:11
uvirtbot	ayoung: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found	20:11
stevemar2	ayoung: "Keystone would then be able to deduce what a give token would be allowed to do" could you expand on that	20:11
ayoung	stevemar2, sure	20:11
*** msmedved has quit IRC		20:11
ayoung	stevemar2, I get a token as me. I want to create a targetted delegation for you	20:11
ayoung	so I ask keystone: hey, If I send this token to Nova, what functions can I call?	20:12
*** boden has quit IRC		20:12
ayoung	Keystone can return a list based on the roles in my token	20:12
ayoung	stevemar2, Horzon could do the same thing, and build a set of Roles->API mappings for the UI. Wish Gabriel Hurley were here, he'd be Kvelling	20:13
ayoung	and Horzion folks around?	20:13
stevemar2	ayoung: it would take some of the user error parts out of the current impl	20:14
ayoung	stevemar2, yep	20:14
stevemar2	potential user errors*	20:14
ayoung	the data is there, it is just not parsed or used...lets use it	20:14
stevemar2	ayoung: cool cool	20:15
*** wal99d has quit IRC		20:15
ayoung	stevemar2, maybe the oauth session should be trusts, oauth and delegation	20:15
stevemar2	ayoung: i made a session topic about future oauth work... (nvm, you've noticed it)	20:15
ayoung	that way we can lay out a path ahead that deals with this, and clears up the distinctions between them	20:15
*** msmedved has joined #openstack-dev		20:15
ayoung	I think trusts and oauth should be considered two different APIs for getting at a core delegation functionality	20:16
stevemar2	ayoung: yeah, i wanted to have it so people can get informed about the oauth work, and so that we can get new ideas for it.	20:16
stevemar2	yes agreed	20:16
stevemar2	i'll add what you said to the session	20:16
ayoung	stevemar2, cool. It was one of those Aha moments....	20:16
jog0	Any ceilometer people around?	20:17
ayoung	stevemar2, I'd advise looking at the policy file that ships with Nova, too. COmpare it with the Keystone one, and you get a sense of the patterns	20:17
*** boden_ has quit IRC		20:17
stevemar2	also, nice use of the word kvelling, i learned a new word today	20:17
ayoung	stevemar2, Nu?	20:17
jog0	havea big that may be related to celio https://bugs.launchpad.net/nova/+bug/1221987	20:17
uvirtbot	Launchpad bug 1221987 in nova "compute node heartbeat out of sync causing scheduler to fail in devstack: VMs fail to spawn" [Critical,Confirmed]	20:17
*** davi67232 has joined #openstack-dev		20:18
stevemar2	ayoung: yep	20:18
*** maheshp has quit IRC		20:18
ayoung	nunosantos, who's an upstream Horizon dev that would be interested in how to tailor the UI based on what roles the user has?	20:18
jog0	jd__: ^	20:18
dhellmann	jog0: ugh, trying to keep that plugin working in nova is a real pita	20:20
nunosantos	ayoung: hmm, maybe jpichon or mrunge	20:20
ayoung	nunosantos, thanks...that should get their attention.	20:20
ayoung	except they are not here now...oh well	20:20
ayoung	ah well.	20:20
*** anteaya has quit IRC		20:21
jog0	dhellmann: well if the bug above is related to celio then we are in trouble. But I am not sure it is	20:21
zul	sdague: sigh sure	20:21
stevemar2	ayoung: just a quick update as i'm leaving soon: http://summit.openstack.org/	20:22
jog0	was hoping to figure to get a celio dev to see if it smells related or not	20:22
dhellmann	jog0: if it's related to ceilometer, then just disable the plugin -- we know we have to rewrite it again because more internal nova apis changed on us	20:22
*** giulivo has quit IRC		20:22
jog0	dhellmann: we should then just disable celimeter nova plugin in devstack/devstack-gate then right?	20:23
jog0	clarkb ^	20:23
dhellmann	jog0: well, unless some nova devs want to help us fix it	20:23
dhellmann	every time we get it working you guys change APIs on us again :-)	20:23
jog0	dhellmann: sounds like we need a summit session on how to play nice with eachother	20:23
dhellmann	what we're trying to do is collect final usage info for an instance right before it is deleted	20:23
dhellmann	jog0: I'll bring the beer.	20:23
*** davi67232 has quit IRC		20:24
dhellmann	I wonder if we're getting eventlet confused by making an extra rpc call in there	20:24
jog0	I see apparmor freak out too	20:24
jog0	dont know if thats related though	20:25
jog0	that appears unrelated	20:25
*** noorul` has joined #openstack-dev		20:26
dhellmann	I don't run with apparmor, so I have no idea	20:26
*** stevemar2 has quit IRC		20:26
dhellmann	at least I don't think I use that	20:26
*** sarob has quit IRC		20:28
*** noorul`` has joined #openstack-dev		20:28
jog0	dhellmann: http://summit.openstack.org/cfp/details/73	20:28
*** asavu has quit IRC		20:28
*** boden has joined #openstack-dev		20:28
*** noorul has quit IRC		20:28
*** mars has quit IRC		20:29
dhellmann	jog0: cool, just in time for me to share it with jd__ at our meeting in a few minutes	20:29
jog0	dhellmann: awesome, anyway need to step out for a bit	20:29
dhellmann	ok	20:30
jog0	would you be fine with disabling nova celio plugin in devstack gate for now?	20:30
morganfainberg	ayoung, are you (in anyway) opposed to encoding the domain in the user_id within assignment? e.g. dn@domain, UUID@domain, etc. it would make it so we could support multiple SQL domains as well.	20:30
morganfainberg	it means we'd need varchar(319) vs 255 though in assignment	20:31
dhellmann	jog0: I'll bring it up in the meeting. If we can prove that it's the plugin causing the problem, and not eventlet or something else in the notification pipeline, then I'm personally OK with it. But it's not my call alone.	20:31
*** jcoufal_mtg is now known as jcoufal		20:31
*** shinylasers has joined #openstack-dev		20:31
*** adalbas has quit IRC		20:31
*** noorul` has quit IRC		20:32
morganfainberg	ayoung, oh wait nevermind. looking at the data structure, that would make it more costly to look everything up	20:32
*** boden has quit IRC		20:33
jog0	dhellmann: thanks, also celio is stacktracing like crazy even if its not related here	20:34
jog0	thanks	20:34
dhellmann	jog0: I'd love to have bugs for some of those so we can clean them up.	20:34
dhellmann	jog0: https://wiki.openstack.org/wiki/Meetings/MeteringAgenda#Agenda	20:34
*** SergeyLukjanov has quit IRC		20:35
*** bknudson has joined #openstack-dev		20:36
*** larsks has quit IRC		20:36
*** rwsu has joined #openstack-dev		20:37
*** sarob has joined #openstack-dev		20:40
*** noslzzp has quit IRC		20:40
*** mattmalesky has quit IRC		20:44
*** jecarey has joined #openstack-dev		20:44
*** jpeeler1 has joined #openstack-dev		20:45
*** jpeeler has quit IRC		20:46
*** networkstatic has joined #openstack-dev		20:46
*** jpeeler1 is now known as jpeeler		20:46
*** jprovazn has quit IRC		20:47
*** gimps_ has quit IRC		20:49
*** mars has joined #openstack-dev		20:51
*** dubsquared has quit IRC		20:55
*** dubsquared has joined #openstack-dev		20:55
*** eglynn-on-a-call is now known as eglynn		20:57
*** dubsquared has quit IRC		20:59
*** egallen has joined #openstack-dev		21:00
*** tmclaugh[work] has quit IRC		21:00
*** boden has joined #openstack-dev		21:00
*** safchain has joined #openstack-dev		21:01
*** martyntaylor has quit IRC		21:02
*** kushal has quit IRC		21:02
*** vuil has quit IRC		21:03
*** rfolco has quit IRC		21:04
*** pcm_ has quit IRC		21:04
*** dolphm has joined #openstack-dev		21:04
sdague	dtroyer: https://review.openstack.org/#/c/46114/ easy review :)	21:04
*** esheffield has quit IRC		21:05
*** boden has quit IRC		21:05
*** swills has quit IRC		21:05
*** rnirmal has quit IRC		21:06
*** changbl has joined #openstack-dev		21:06
*** davi67232 has joined #openstack-dev		21:06
*** herndon has joined #openstack-dev		21:08
*** vartom10 has quit IRC		21:09
*** martine_ has quit IRC		21:09
*** swills has joined #openstack-dev		21:09
*** swills has quit IRC		21:09
*** swills has joined #openstack-dev		21:09
*** krtaylor has quit IRC		21:09
dtroyer	sdague: +A	21:10
*** sarob has quit IRC		21:11
*** AlanClark has quit IRC		21:14
*** jayg is now known as jayg\|g0n3		21:15
*** mlavalle has quit IRC		21:16
*** dvarga has quit IRC		21:18
*** alunduil has quit IRC		21:18
*** davi67232 has quit IRC		21:18
*** donaldh has joined #openstack-dev		21:22
*** changbl has quit IRC		21:22
*** esheffield has joined #openstack-dev		21:23
*** hashfail has joined #openstack-dev		21:24
*** gimps has quit IRC		21:26
*** dkranz has quit IRC		21:26
*** blamar has quit IRC		21:27
*** Ryan_Lane has quit IRC		21:28
*** Ryan_Lane has joined #openstack-dev		21:28
*** jasondotstar has quit IRC		21:29
*** salv-orlando has joined #openstack-dev		21:29
*** Ryan_Lane has quit IRC		21:30
*** Ryan_Lane1 has joined #openstack-dev		21:30
*** chenxu has quit IRC		21:31
*** sushils has quit IRC		21:34
*** henrynash has quit IRC		21:36
*** sushils has joined #openstack-dev		21:36
*** sarob has joined #openstack-dev		21:36
*** anteaya has joined #openstack-dev		21:39
*** spzala has quit IRC		21:40
bknudson	anybody use keystone with ipv6? trying to figure out how to get it to listen on both v4 and v6 local	21:43
bknudson	(this is using keystone-all)	21:43
dolphm	bknudson: how do you have it configured?	21:43
bknudson	dolphm: just using the default now	21:44
bknudson	default bind_host	21:44
*** doron_afk has joined #openstack-dev		21:44
*** alop has quit IRC		21:44
*** mlavalle has joined #openstack-dev		21:44
*** sarob has quit IRC		21:48
*** sarob has joined #openstack-dev		21:48
*** alop has joined #openstack-dev		21:50
dolphm	bknudson: set bind_host to ::	21:50
dolphm	bknudson: 0.0.0.0 only appears to listen on all ipv4; :: appears to listen on all ipv4 + all ipv6	21:51
*** enikanorov_ has joined #openstack-dev		21:51
bknudson	dolphm: that's it.	21:53
*** alagalah has joined #openstack-dev		21:53
*** enikanorov has quit IRC		21:54
*** shang has quit IRC		21:55
*** angdraug has quit IRC		21:55
*** angdraug has joined #openstack-dev		21:57
*** alop has quit IRC		21:57
*** davi67232 has joined #openstack-dev		21:57
*** luxfx has joined #openstack-dev		21:59
*** luxfx has quit IRC		22:01
*** rwsu has quit IRC		22:01
*** jecarey has quit IRC		22:03
bknudson	I set KEYSTONE_AUTH_HOST=[::1] in localrc to see what happens.	22:03
*** slagle has quit IRC		22:04
*** isd has quit IRC		22:06
*** danwent has quit IRC		22:06
*** erkules has quit IRC		22:07
*** alagalah has left #openstack-dev		22:07
*** burt has quit IRC		22:08
*** erkules has joined #openstack-dev		22:08
*** kbringard has quit IRC		22:09
*** fbo is now known as fbo_away		22:10
*** alop has joined #openstack-dev		22:11
*** gsilvis has quit IRC		22:11
morganfainberg	bknudson, let me know when you have a few, want to just run by this lingering RC1 bug I have make sure I'm not missing anything (LDAP stuffs)	22:12
morganfainberg	same as this morning, but make sure someone else says "yep sounds right"	22:12
morganfainberg	with the "fix" approach	22:12
bknudson	morganfainberg: shoot!	22:12
*** gsilvis has joined #openstack-dev		22:13
morganfainberg	bknudson, ok https://bugs.launchpad.net/keystone/+bug/1219739 I think the fix is to fix "tenant_id" references to "tenandId" to match sql. The other part of the bug, that keystone user-get <id> doesn't show the "default tenant" is invalid	22:14
uvirtbot	Launchpad bug 1219739 in keystone "LDAP use 'tenant_id' instead of 'tenantId' in user_ref" [Medium,New]	22:14
morganfainberg	since.. we don't store "extra data" in LDAP identity	22:14
*** cdub has joined #openstack-dev		22:14
morganfainberg	and we don't have config options to store "tenantId" on the user object (e.g. ldap attribute)	22:14
*** Ryan_Lane1 is now known as Ryan_Lane		22:14
*** Ryan_Lane has joined #openstack-dev		22:14
morganfainberg	and the default behavior (config) is to "ignore" tenant_id attribute	22:15
*** dolphm has quit IRC		22:15
bknudson	this is the user's default tenant ID?	22:16
morganfainberg	yep.	22:16
bknudson	where's references to tenant_id ?	22:16
morganfainberg	in the ldap driver, it pulls "tenant_id" key off the user_ref when doing create/update	22:16
morganfainberg	sql would look at tenandId	22:16
*** shardy is now known as shardy_afk		22:17
*** lbragstad has quit IRC		22:17
morganfainberg	and the behavior is to add a role for the user associated with the project if tenant_id exists in the user_ref	22:17
bknudson	so in create_user we've got tenant_id = user.get('tenant_id')	22:17
morganfainberg	yep.	22:17
*** lifeless has quit IRC		22:17
*** danwent has joined #openstack-dev		22:17
bknudson	but the client sends tenantId?	22:18
*** mrodden has quit IRC		22:18
*** dolphm has joined #openstack-dev		22:18
morganfainberg	checking.	22:18
*** krtaylor has joined #openstack-dev		22:18
morganfainberg	but at least the other driver (SQL) expects tenantId	22:18
bknudson	api spec has "default_project_id": "263fd9", ... maybe it gets converted	22:18
dolphm	morganfainberg: a bit of this review is your code- https://review.openstack.org/#/c/46098/	22:18
*** otherwiseguy has quit IRC		22:19
morganfainberg	dolphm, will review as soon as i'm done with this convo w/ bknudson	22:19
morganfainberg	dolphm, looks straightforward though	22:19
morganfainberg	bknudson, hrm. i think we might have bigger issues then.	22:19
morganfainberg	looking at the client code right now	22:19
morganfainberg	oh.	22:20
morganfainberg	client sends default_project_id	22:20
*** networkstatic has quit IRC		22:20
morganfainberg	looks like the driver(s) might be wrong.	22:20
morganfainberg	maybe controller is doing something	22:20
bknudson	grepping for default_project_id in keystone only turns up tests and auth/controllers.	22:21
morganfainberg	v2.0 user controller uses tenantId	22:22
bknudson	ok, let's focus on v2	22:22
*** davi67232 has quit IRC		22:22
morganfainberg	bknudson, ok lets start there	22:23
morganfainberg	bknudson, ok tenantId is left as an "extra" attribute on the user in the controller, and it does a self.identity_api.add_user_to_project(default_tenant_id, user_id)	22:24
dolphm	v2 xml: <user tenantId="value" />, v2 json: "user": {"tenant_id": "value"}, v3 json: "user": {"default_tenant_id": "value"}	22:24
bknudson	morganfainberg: looking at https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L206	22:25
bknudson	user_ref is going to have tenantId and not tenant	22:25
bknudson	tenant_id	22:25
morganfainberg	bknudson, yep	22:25
bknudson	calls identity_api with that user_ref	22:25
dolphm	morganfainberg: v3 should not call add_user_to_project() on user create / update, but v3 should check default_project_id on auth	22:25
*** alop has quit IRC		22:25
morganfainberg	dolphm, correct, we're looking at v2.0 to start	22:25
morganfainberg	bknudson, it seems like we have a mis-implementation of the spec.	22:26
bknudson	morganfainberg: https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L96	22:26
bknudson	wouldn't expect the user to have tenant_id.	22:26
morganfainberg	where tenantId has been used before (essex and folsom) in the SQL driver.	22:26
bknudson	https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L215	22:27
dolphm	ldap driver shouldn't be calling the assignment_api...	22:27
bknudson	does self.identity_api.add_user_to_project(default_tenant_id, user_id)	22:27
bknudson	https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L98	22:27
dolphm	this looks like manager code that code pasted into the ldap driver	22:27
bknudson	does self.assignment_api.add_user_to_project(tenant_id, user_id)	22:27
bknudson	luckily tenant_id will always be None in ldap.py.	22:28
*** tstevenson has quit IRC		22:28
morganfainberg	bknudson, ok so this is a bit of spaghetti to unravel.	22:28
morganfainberg	bknudson, right.	22:28
morganfainberg	ok, so controller is the only place that should be handling the tenant_id portion?	22:29
*** galstrom is now known as galstrom_zzz		22:29
morganfainberg	not the drivers.	22:29
*** prad has quit IRC		22:29
bknudson	we have to store the default project, right?	22:30
dolphm	morganfainberg: it makes sense for the drivers to store it, but they shouldn't be performing business logic based on the value	22:30
morganfainberg	dolphm, right	22:30
morganfainberg	we leave it as a property	22:30
morganfainberg	not do the assignment work	22:30
morganfainberg	bknudson, well we don't have a mapping to store it in ldap at the moment, so ldap identity drops it on the floor	22:30
morganfainberg	it's by default in the ignore_attributes	22:30
morganfainberg	sql should store it.	22:31
bknudson	what if it's not in ignore_attributes ?	22:31
bknudson	also, is it tenantId, tenant_id, or default_project_id ?	22:31
morganfainberg	bknudson, without a mapping, it raises an exception (400) on a key error?	22:31
morganfainberg	v2, should be tenant_id	22:31
bknudson	what if it's mapped to something like businessCategory?	22:31
morganfainberg	as per the spec.	22:31
morganfainberg	bknudson, we use that for domain, but we could add the mapping	22:32
*** neelashah has quit IRC		22:32
morganfainberg	to something else	22:32
bknudson	it's user specific so doesn't have to be something in both group and user, so have more options for attributes.	22:32
morganfainberg	dolphm, you know this is two "looks simpler than it is" bugs i've stumbled into :P	22:32
*** thedodd has quit IRC		22:33
dolphm	morganfainberg: haha touche	22:33
morganfainberg	bknudson, right. let me look at the inetOrgPerson class and see what we have.	22:33
morganfainberg	bknudson, we could use "departmentNumber"	22:34
morganfainberg	or, if we want to go crazy with the car metaphors, "carLicense"	22:34
morganfainberg	:P	22:34
jog0	dhellmann: ping	22:34
*** FunnyLookinHat has quit IRC		22:35
morganfainberg	though. i wonder if departmentNumber has to be int.	22:35
*** alop has joined #openstack-dev		22:36
dolphm	morganfainberg: it's a string	22:36
*** carl_baldwin has quit IRC		22:36
morganfainberg	dolphm, yep, just found the reference.	22:36
*** sushils has quit IRC		22:36
morganfainberg	so, department number could be the attribute map for tenant_id / default_project_id	22:36
morganfainberg	bknudson, unless there is a good reason not to use that.	22:37
*** SumitNaiksatam has quit IRC		22:37
bknudson	morganfainberg: anything works in your tests.	22:37
bknudson	and in the tests that you add to keystone	22:38
morganfainberg	bknudson, right, this would also be the default behavior if someone stood up keystone w/ a R/W ldap backend	22:38
*** changbl has joined #openstack-dev		22:38
bknudson	morganfainberg: I thought the default is that tenant id is ignored?	22:38
morganfainberg	bknudson, right now, because we don't have an attribute mapping	22:39
morganfainberg	we could remove that ignore if we added this mapping	22:39
*** epim has quit IRC		22:40
*** e1mer has joined #openstack-dev		22:41
*** e1mer has joined #openstack-dev		22:41
dolphm	bknudson: morganfainberg: i suspect the reason it's ignored by default is due to the same uncertainty you're facing... i'd say pick an attribute to hijack and document that default behavior in keystone.conf.sample AND docs	22:41
dolphm	bknudson: morganfainberg: i.e. ensure whatever is chosen is not a surprise	22:41
bknudson	the problem is there is no good mapping.	22:42
morganfainberg	dolphm, sounds good.	22:42
*** flaper87 is now known as flaper87\|afk		22:42
jog0	jd__: ping	22:42
morganfainberg	bknudson, businessCategory is already being hijacked for domain.	22:42
bknudson	morganfainberg: is that only in devstack or in keystone?	22:42
morganfainberg	bknudson, default in keystone	22:42
*** sushils has joined #openstack-dev		22:43
morganfainberg	https://github.com/openstack/keystone/blob/master/keystone/common/config.py#L183	22:43
bknudson	since we've been able to live with it not mapped until now, I suggest continue to leave it not mapped.	22:43
bknudson	we might have had to have businessCategory mapped just to function.	22:44
morganfainberg	bknudson, that means default tenant/project will not be handled by LDAP identity backend?	22:44
dolphm	bknudson: worth noting: last time this came up for discussion, the user's tenant id represented authz, but now it's just a user preference / attribute	22:44
*** sandywalsh has quit IRC		22:44
bknudson	it won't be handled by default	22:44
*** jvrbanac has quit IRC		22:44
morganfainberg	bknudson, i'm ok with that.	22:44
bknudson	but it will be handled if the customer can come up with some way to map it.	22:44
*** danwent_ has joined #openstack-dev		22:44
morganfainberg	bknudson and not ignore it	22:45
bknudson	(which it appears is not working now)	22:45
*** radsy has joined #openstack-dev		22:45
morganfainberg	so, v2.0 of the keystone client passes in tenantId	22:45
morganfainberg	and the api spec says it should be tenant_id	22:45
bknudson	dolphm: btw - I did some experimentation on this one: https://review.openstack.org/#/c/43041/ , and now think it's useful.	22:45
dolphm	morganfainberg: eek, let me check the spec	22:46
morganfainberg	dolphm, at least waht you posted earlier that is	22:46
dolphm	morganfainberg: well.. nvm... the spec only covers xml	22:46
*** danwent has quit IRC		22:46
*** danwent_ is now known as danwent		22:46
morganfainberg	dolphm, wouldn't that translate the same to json though?	22:46
dolphm	morganfainberg: there's no api spec for v2 json -- implementation is the truth there	22:46
morganfainberg	<tenant_id>blah<./..> == tenant_id: blah	22:46
morganfainberg	dolphm, i meant how it gets passed to the controller.	22:47
*** alunduil has joined #openstack-dev		22:47
dolphm	morganfainberg: IIRC, the camelcase in the xml spec is/was translated to use underscores	22:48
morganfainberg	dolphm, ah	22:48
dolphm	morganfainberg: whatever the client sends and the v2 controller expects is the truth though	22:48
morganfainberg	ok so it's tenantId	22:48
bknudson	dolphm: where's the spec? on your whiteboard?	22:48
dolphm	bknudson: in openstack/identity-api	22:48
dolphm	bknudson: https://github.com/openstack/identity-api/tree/master/openstack-identity-api/v2.0/src/docbkx	22:49
morganfainberg	dolphm, i haven't looked at the xml translation stuff.. should see what it actually does	22:49
bknudson	it's a lot different	22:49
bknudson	morganfainberg: you will be amazed and surprised	22:49
morganfainberg	bknudson, should i be scared?	22:50
dolphm	bknudson: what the xml looks like?	22:50
dolphm	bknudson: or what the spec looks like?	22:50
dolphm	bknudson: ... which is more xml	22:50
bknudson	the XML <-> JSON conversion	22:50
dolphm	ah	22:50
bknudson	I meant the v2 spec in docbook is a lot different than the .md for v3.	22:51
*** jimfehlig has quit IRC		22:51
*** networkstatic has joined #openstack-dev		22:51
dolphm	bknudson: someone at HP is working on writing wadl+xsd for v3	22:52
bknudson	dolphm: is our v3 spec supposed to look like the v2 spec (with wadls, etc?)	22:52
bknudson	how did you answer my question before I sent it?	22:52
dolphm	bknudson: magicals	22:52
bknudson	hopefully they document JSON this time.	22:52
dolphm	bknudson: in fact, a bit of it is already in review	22:53
*** alop has quit IRC		22:53
dolphm	bknudson: of course not!	22:53
bknudson	here's the json : https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v2.0/src/docbkx/samples/user.json	22:53
*** colinmcnamara has joined #openstack-dev		22:53
morganfainberg	dolphm, it looks like the from_xml doesn't handle tenant_id -> tenantId	22:53
dolphm	bknudson: it's been on my wishlist for a long time to doc the json in jsonschema	22:53
*** dmakogon_ has quit IRC		22:53
morganfainberg	seems like it should be the special case e.g. "policies" -> "policy" type deal	22:54
morganfainberg	thouhg… i might be just missing something	22:54
bknudson	morganfainberg: what does the client send? when you do keystone user-create	22:55
dolphm	morganfainberg: hmm... the translator probably doesn't handle it because create user is non-core, and the translator was only written against the core api	22:55
morganfainberg	tenantId json.	22:55
morganfainberg	bknudson, that was to you	22:55
bknudson	morganfainberg: and that's what the controller is expecting.	22:55
morganfainberg	dolphm, ah. that means this whole semantic is probably not working via xml :P	22:55
morganfainberg	bknudson, yep.	22:55
bknudson	morganfainberg: I would trust the controller a lot more than I would trust the ldap backend for some reason	22:56
*** MaxV_ has quit IRC		22:56
morganfainberg	bknudson, i don't think we should change that.	22:56
dolphm	morganfainberg: it's not tested == it's broken, in my book	22:56
morganfainberg	i was wondering if we needed to change the from_xml.	22:56
morganfainberg	or just… call it a day and come back to this kind of issue in v3 :P	22:56
morganfainberg	i doubt people are heavily using the XML in this fashion…since it doesn't work :P	22:56
*** sandywalsh has joined #openstack-dev		22:56
bknudson	morganfainberg: still wondering what happens with v3, does it change default_project_id to tenantId ?	22:56
morganfainberg	bknudson, looking at that now. i don't think so.	22:57
bknudson	does the sql backend handle both?	22:57
morganfainberg	there is a FIXME i think by dolph i saw. trying to find it	22:57
*** e1mer has quit IRC		22:57
dolphm	morganfainberg: =(	22:57
*** nrs_ has quit IRC		22:57
*** e1mer has joined #openstack-dev		22:57
*** e1mer has joined #openstack-dev		22:57
morganfainberg	bknudson, SQL doesn't care. they are both jsut arbitrary attributes that are stored in the "extra" (i.e. json blob) field	22:57
morganfainberg	you mean does it do anything with them? thats what i'm looking for	22:58
dolphm	bknudson: i'd actually expect the opposite now... the deprecated controllers should rewrite things in terms of the v3 api's semantics, for persistance	22:58
*** nrs_ has joined #openstack-dev		22:58
dolphm	morganfainberg: sql doesn't care, but a user created on one api will behave unexpectedly on the other api	22:59
bknudson	try create a user with v2 and then get user with v3	22:59
bknudson	should get back default_project_id for v3?	22:59
morganfainberg	well, with ldap and v3 if you pass default_project_id in, you'll get an exception	22:59
dolphm	bknudson: should	22:59
*** shang has joined #openstack-dev		22:59
morganfainberg	it looks like	23:00
*** mlavalle has quit IRC		23:00
morganfainberg	oh .	23:00
morganfainberg	uhm.	23:00
morganfainberg	right 1 domain per ldap server right?	23:01
bknudson	I got "tenantId": "57a08bb4053c43a999bca6a93830cc9d" and no default_project_id	23:01
*** alop has joined #openstack-dev		23:02
morganfainberg	bknudson, did it have tenantId on it?	23:02
*** dhellmann is now known as dhellmann_		23:02
morganfainberg	assuming creation in v2?	23:02
*** dhellmann_ is now known as dhellmann		23:02
bknudson	$ keystone user-create --name blk1 --tenant demo --pass blkpwd	23:02
bknudson	oops, gave away my password	23:02
*** Samos123 has quit IRC		23:02
morganfainberg	lol	23:02
morganfainberg	showed up as ****** herre	23:02
morganfainberg	:P	23:02
dolphm	morganfainberg: ++	23:03
dolphm	bknudson: no need to file a CVE	23:03
bknudson	but with curl -H "X-Auth-Token: blkpwd" "http://\[::1\]:5000/v3/users/97fedfd671aa4798bdde8462f4505f7b"	23:03
bknudson	get back "tenantId": "57a08bb4053c43a999bca6a93830cc9d"	23:03
bknudson	and no default_project_id	23:03
*** Samos123 has joined #openstack-dev		23:03
morganfainberg	yeah, it doesn't translate.	23:03
bknudson	that's going to make it difficult for a gui	23:04
morganfainberg	do we _really_ need to support the default_project_id semantic?	23:04
morganfainberg	(i know i know...spec)	23:04
dolphm	morganfainberg: that question gets asked like once a month lol	23:04
morganfainberg	dolphm, i'd love to see it go away	23:04
dolphm	morganfainberg: v3 is a step in that direction... and as away as we could make it	23:04
bknudson	we've got other options too, like email	23:05
dolphm	morganfainberg: it's at least not magical authz anymore	23:05
bknudson	does openstack really need that?	23:05
dolphm	bknudson: nope	23:05
morganfainberg	dolphm, ok so we need to make the respective get_user do the translation to the "correct" attribute	23:05
*** colinmcnamara has quit IRC		23:05
morganfainberg	and store it the same way on the backend.	23:05
dolphm	morganfainberg: and probably migrate one value to the other	23:06
morganfainberg	i was going to make it go to the v3 one	23:06
dolphm	morganfainberg: and turn it into an first class column in sql	23:06
bknudson	we need to continue to support existing messed up systems.	23:06
morganfainberg	dolphm, yeah	23:06
morganfainberg	and we need to get the tenant_id, tenantId, default_project_id sillyness out of the driver and in the manager/controller	23:07
morganfainberg	ok. i think i have the fix in mind.	23:07
morganfainberg	bknudson, dolphm, thanks for working this one through. more rabbit hole bugs ;)	23:07
*** prad has joined #openstack-dev		23:08
*** edmund has quit IRC		23:08
dolphm	morganfainberg: thank you!	23:08
bknudson	morganfainberg: not sure what this might affect out in the field, but backport to grizzly?	23:09
morganfainberg	reminds me, i have a bug fix i need to get into oslo's logging… something something RFC5424 support is bad in python.	23:09
morganfainberg	bknudson, yeah, this should be backported.	23:09
bknudson	morganfainberg: I don't think we can add a migration in a backport.	23:10
morganfainberg	bknudson, no, but i can do the translation stuff	23:10
morganfainberg	that can just be magic code mucking with the data in-flight	23:10
bknudson	morganfainberg: sounds good	23:10
dolphm	morganfainberg: is this all as a result of that ldap bug?	23:10
*** zbitter has joined #openstack-dev		23:11
morganfainberg	dolphm, i'm going to mark that bug as invalid and open a new one that actually adresses the issue	23:11
*** dhellmann is now known as dhellmann_		23:11
dolphm	morganfainberg: okay, i'd like this issue to be High and RC1	23:11
morganfainberg	that bug is claiming that ldap isn't returning a tenant_id / default_project_id	23:11
dolphm	morganfainberg: which is really "ldap is probably misconfigured"?	23:11
morganfainberg	that is invalid, since it's intentional we drop that on the floor in current impl	23:11
morganfainberg	dolphm, i'd say more so the implementation decided to ignore that field.	23:12
morganfainberg	it is by default in the ignore_attributes	23:12
morganfainberg	and yes, i'll mark it as high against RC1 and see what i can pull together in the next day or so.	23:12
dolphm	morganfainberg: you can't configure which attribute it gets written to?	23:12
*** lifeless has joined #openstack-dev		23:12
morganfainberg	dolphm, nope no option to do that	23:12
dolphm	oh	23:12
*** sushils has quit IRC		23:12
morganfainberg	would require a code change to do it.	23:12
morganfainberg	yeah, dropping it on the floor seems very intentional here	23:13
bknudson	we can have a mapping?	23:13
morganfainberg	yep, i'll add the mapping to departmentNumber	23:13
morganfainberg	as the default.	23:13
bknudson	I don't think we have to change the default config.	23:13
bknudson	as long as there's a config that works, customers can use it.	23:13
morganfainberg	bknudson, we can keep it ignored.	23:13
morganfainberg	but it looks like you need some kind of sane default mapping.	23:14
bknudson	departmentNumber is sane?	23:14
*** zaneb has quit IRC		23:14
morganfainberg	bknudson, inetorgperson has limited options	23:14
morganfainberg	i actually vote carlicense	23:15
morganfainberg	keep with the car metaphors	23:15
bknudson	that's why there's no good default mapping	23:15
*** donaldh has quit IRC		23:15
morganfainberg	and businessCategory is good for domain?	23:15
morganfainberg	besides really just being "needed"	23:15
morganfainberg	actually.	23:15
morganfainberg	wait a sec.	23:15
*** jamielennox\|away is now known as jamielennox		23:15
morganfainberg	we should be stripping the domain out .	23:15
morganfainberg	https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L279	23:16
dolphm	morganfainberg: what's the analogy for car license?	23:16
morganfainberg	ldap driver is not domain aware	23:16
dolphm	domain shouldn't be stored in ldap, anymore	23:16
morganfainberg	so we should be dropping domain info on the floor	23:16
bknudson	yea, that's weird.	23:16
morganfainberg	i'll yank that mapping then	23:16
dolphm	morganfainberg: https://bugs.launchpad.net/keystone/+bug/1209440	23:16
uvirtbot	Launchpad bug 1209440 in keystone "LDAP identity still allows setting domain via attribute" [Medium,Incomplete]	23:16
dolphm	morganfainberg: i think resolving this bug ^ just involves cleaning up any remaining domain stuff for ldap	23:17
morganfainberg	yep.	23:17
dolphm	and i don't think ayoung is working it	23:17
morganfainberg	dolphm, i'll solve that one as a side-effect of the rest of the fixes here.	23:17
*** alop has quit IRC		23:20
*** jcoufal has quit IRC		23:21
*** salv-orlando has quit IRC		23:21
*** gordc has quit IRC		23:22
*** herndon has quit IRC		23:27
*** dolphm has quit IRC		23:28
*** prad has quit IRC		23:29
jamielennox	gyee: ayoung: you here?	23:31
jamielennox	regarding: https://review.openstack.org/#/c/34161 - auth_token with requests library	23:32
*** dolphm has joined #openstack-dev		23:34
*** anteaya_ has joined #openstack-dev		23:35
*** dolphm has quit IRC		23:35
*** huats has quit IRC		23:37
*** huats has joined #openstack-dev		23:37
*** kbrierly has quit IRC		23:37
*** mattmalesky has joined #openstack-dev		23:38
*** anteaya has quit IRC		23:38
gyee	jamielennox, yes	23:38
jamielennox	gyee: so i'm not sure you and ayoung are arguing different points, though he ended up with a +1	23:39
gyee	jamielennox, I think we are arguing over two different topics	23:39
jamielennox	i essentially that you should be able to provide a specific CA for https connections	23:39
jamielennox	essentially agree	23:39
gyee	that's correct	23:39
jamielennox	putting things into system cas seems dodgy	23:40
gyee	we need add a configurable param for auth_token filter, ca_file	23:40
gyee	in the same manner as certfile and keyfile	23:40
*** markwash has quit IRC		23:40
jamielennox	ah, my mistake	23:41
jamielennox	i was under the impression that we already have a config argument for a ca file	23:41
jamielennox	but it's generated from the siging_dir variable	23:41
*** sarob has quit IRC		23:41
gyee	jamielennox, signing_dir is for facilitating token validation	23:42
jamielennox	that's the signing token ca	23:42
gyee	right, which is different than SSL cert CA	23:42
jamielennox	yes and they shouldn't be the same	23:42
jamielennox	shouldn't necessarily be the same	23:43
gyee	agree with your second sentence :)	23:43
jamielennox	gyee: ok, that's easier than i thought - i was thinking i was going to have to have 2 ca's specified in config	23:44
jamielennox	i'll fix that up today	23:44
*** hartsocks has joined #openstack-dev		23:44
gyee	jamielennox, awesome	23:44
*** sarob has joined #openstack-dev		23:45
ayoung	jamielennox, I'm here...reading up	23:45
jamielennox	ayoung: that's ok, i was thinking i was going to have to kludge some config variablse but it's fine	23:45
*** sarob has quit IRC		23:46
ayoung	morganfainberg, if you want to take bug 1209440 go for it. I hadn't started looking at it	23:47
uvirtbot	Launchpad bug 1209440 in keystone "LDAP identity still allows setting domain via attribute" [Medium,Incomplete] https://launchpad.net/bugs/1209440	23:47
morganfainberg	ayoung, yeah i'll grab that as part of this ldap cleanup	23:47
ayoung	morganfainberg, thanks	23:47
bknudson	jamielennox: your https://review.openstack.org/#/c/34161 and https://review.openstack.org/#/c/43041 hit some of the same lines.	23:47
morganfainberg	ran into some inconsistencies that need to be addressed around tenant_id etc	23:47
ayoung	morganfainberg, anything need review?	23:47
jamielennox	bknudson: so it looks like 43041 will pass, so i'll rebase on that	23:48
morganfainberg	ayoung, not yet. unless you have criticism for the domain_cleanup one https://review.openstack.org/#/c/45649/ before the next patchset (which will depend on the changes inc. migration user_id etc fixes talked about this morning)	23:48
gyee	jamielennox, one more thing, https://review.openstack.org/#/c/45997/	23:48
jamielennox	ayoung: if you're looking for things look at keystoneclient	23:48
morganfainberg	ayoung, there is the httpretty one that needs review on client ;)	23:49
gyee	I thought auth plugin is passed in during client instantiation	23:49
ayoung	jamielennox, I have been looking at yours, but wanted to make sure I wasn't blocking anything that morganfainberg was doing that was fixing my bugs for me	23:49
morganfainberg	jamielennox, see that, plugged it for you!	23:49
*** cdub has quit IRC		23:49
*** hartsocks has left #openstack-dev		23:49
jamielennox	gyee: no, the auth plugin will be attached to the session object	23:49
*** jcoufal has joined #openstack-dev		23:49
morganfainberg	ayoung, i'll have some stuff up likely tonight/tomorrow. bunch of work to start working on.	23:50
jamielennox	gyee: the idea is that session will be passed around and shared between multiple clients, thus sharing a token	23:50
gyee	jamielennox, have you look at the novaclient impl	23:50
gyee	I mean the auth plugin	23:50
jamielennox	gyee: it was a couple of weeks ago, but i think that still works	23:50
bknudson	jamielennox: my own analysis of https://review.openstack.org/#/c/43041 is that it's ok but not very useful, but it may be more interesting with https://review.openstack.org/#/c/34161	23:50
jamielennox	bknudson: i passed on 43041, i've not done enough with ipv6 to even understand what it's trying to do	23:51
bknudson	jamielennox: when you build a url with IPv6 literal address, need to put it in []	23:52
bknudson	http://[::1]:5000/v3/auth/tokens	23:52
gyee	bknudson, why can't auth_uri be configured to a IPv6 uri?	23:52
bknudson	an IPv6 address works in auth_host now	23:53
gyee	auth_uri = http://[]...	23:53
*** alop has joined #openstack-dev		23:53
gyee	uri_parse can't handle that?	23:53
jamielennox	bknudson: my preferred approach when this requests thing goes in is to get rid of the url building	23:53
bknudson	gyee: auth_uri can optionally be set, or it gets built from other parts (auth_host for example)	23:53
*** otherwiseguy has joined #openstack-dev		23:54
jamielennox	the seperate handling of auth_protocol, auth_uri, auth_port etc make sense (somewhat) when using httplib, with requests we specify a URI to talk to	23:54
bknudson	jamielennox: your patch https://review.openstack.org/#/c/34161/13/keystoneclient/middleware/auth_token.py doesn't use provided auth_uri	23:54
jamielennox	i'd much prefer to deprecate all those config options in favour of passing a fully qualified url	23:54
bknudson	jamielennox: wouldn't that be auth_uri?	23:54
gyee	I thought we are deprecating host and port in favor of auth_uri, no?	23:54
jamielennox	bknudson: i did originally, but there are some tempest tests that fail that way	23:55
*** anteaya__ has joined #openstack-dev		23:55
bknudson	might need to fix tempest	23:55
jamielennox	auth_uri is used specifically in one place, where you specify a 401 with a auth_url	23:55
*** alop has quit IRC		23:55
jamielennox	there is no requirement that auth_uri therefore be the same as what is provided initially - it's bad and it's wrong but i talked with ayoung about it and it just has the potential to break too many people	23:56
jamielennox	provided initially = auth_protocol + auth_host + auth_port	23:56
bknudson	why can't you use auth_uri if it's given rather than auth_protocol + auth_host + auth_port ?	23:57
gyee	exactly, look for auth_uri first	23:58
*** anteaya_ has quit IRC		23:58
gyee	if its there, ignore the others	23:58
jamielennox	that would be great and that's how i started, what happens in the case both are configured?	23:59
bknudson	gyee was saying to ignore auth_protocol + auth_host + auth_port	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!