Wednesday, 2013-10-02

« Tuesday, 2013-10-01 Index Thursday, 2013-10-03 »
*** vipul is now known as vipul-away00:00
*** sarob has joined #openstack-dev00:01
*** thingee is now known as thingee_zzz00:01
*** alop has quit IRC00:02
mroddenbnemec: looks like the ceilometer one failed too00:02
bnemecSigh00:02
mroddensimilar issue actually00:03
*** emagana has joined #openstack-dev00:03
bnemecThat one failed all kinds of tests. :-(00:03
*** emagana has quit IRC00:03
mroddennova failed as well00:03
mroddensadness00:03
mroddensame issue00:03
bnemecOh, that's the test_stamp_pattern one that's like #1 on rechecks.00:03
*** emagana has joined #openstack-dev00:04
bnemecI think anyway.00:04
*** joshuamckenty has joined #openstack-dev00:04
mroddeno00:04
*** DennyZhang has quit IRC00:04
*** vipul-away is now known as vipul00:04
bnemecOkay, maybe it wasn't quite that high.  Still a bunch of rechecks against it.00:05
bnemecLOL, there's a vacation message auto-reply on that bug.00:05
mroddenbnemec: yeah i just saw that...00:06
dimsbnemec, there's a bunch from folks in china who are on vacation in various bugs00:07
mroddenthey can set their notes to not send auto responses00:07
mroddento internet mail00:07
*** sarob has quit IRC00:07
*** jpipes has quit IRC00:08
*** sarob has joined #openstack-dev00:08
*** READ10 has joined #openstack-dev00:08
*** adjohn has quit IRC00:09
*** joshuamckenty has quit IRC00:09
*** sarob has quit IRC00:10
bnemecOkay, Neutron passed and the others are rechecking.  I'm out before any more fail. :-)00:10
*** sarob has joined #openstack-dev00:10
mroddenbnemec: lol cya00:10
*** danwent has quit IRC00:12
*** AlexF has quit IRC00:15
*** samuelbercovici has joined #openstack-dev00:21
*** xqueralt has quit IRC00:23
*** cdub has quit IRC00:25
*** matsuhashi has joined #openstack-dev00:25
*** adjohn has joined #openstack-dev00:28
*** dperaza has quit IRC00:29
*** cjellick has quit IRC00:29
*** danwent has joined #openstack-dev00:29
*** adjohn has quit IRC00:35
*** Tross has quit IRC00:35
*** Tross has joined #openstack-dev00:38
*** emagana_ has joined #openstack-dev00:39
*** Tross has quit IRC00:41
*** egallen has quit IRC00:42
*** emagana has quit IRC00:43
*** adjohn has joined #openstack-dev00:44
*** Tross has joined #openstack-dev00:45
*** topol has joined #openstack-dev00:45
*** briancurtin has joined #openstack-dev00:47
*** nosnos has joined #openstack-dev00:49
*** Mandell has quit IRC00:49
*** aeperezt has quit IRC00:49
*** adjohn has quit IRC00:52
*** adjohn has joined #openstack-dev00:54
*** gabrielhurley has quit IRC00:57
*** jvrbanac has joined #openstack-dev00:57
*** adalbas has quit IRC00:58
*** giulivo has quit IRC00:58
*** schwicht has quit IRC01:03
*** angdraug has quit IRC01:03
*** anniec has quit IRC01:03
*** anniec has joined #openstack-dev01:04
*** melwitt has quit IRC01:05
*** f13o_ has quit IRC01:07
*** DennyZhang has joined #openstack-dev01:12
*** changbl has joined #openstack-dev01:14
*** samuelbercovici has quit IRC01:22
*** spzala has quit IRC01:25
*** comay has quit IRC01:27
*** sarob has quit IRC01:28
*** sarob has joined #openstack-dev01:29
*** erkules_ has joined #openstack-dev01:29
*** erkules has quit IRC01:32
*** FatDarrel_ has joined #openstack-dev01:32
*** sarob has quit IRC01:32
*** FatDarrel has quit IRC01:32
*** FatDarrel_ is now known as FatDarrel01:32
*** bknudson has joined #openstack-dev01:32
*** amcrn[a] has quit IRC01:33
*** gabrielhurley has joined #openstack-dev01:36
*** gabrielhurley has quit IRC01:37
*** jasondot_ has joined #openstack-dev01:37
*** shinylasers has joined #openstack-dev01:39
*** dims has quit IRC01:40
*** shinylasers has joined #openstack-dev01:41
mroddendhellmann: i'm still around if you have anything else01:42
mroddenbut i think we have everything under control now01:42
dhellmannmrodden: yeah, I think things are looking good for the time being01:43
mroddenthat patch for the logging adapter change was merged too01:43
dhellmannmrodden: I saw, nice work on that01:43
mroddenwhat do you think about pushing that up as a sync from oslo to other projects?01:44
mroddenluisg, jswarren and i can do that tomorrow pretty quick i think01:44
dhellmannI was talking with luisg about that earlier. I'm on the fence. I'd like to keep things stable, but it's a relatively small change. I was going to wait and let markmc weigh in.01:44
mroddenok01:45
mroddeni'd be interested in his take on it as well01:45
dhellmannso maybe prepare the patches, but hold off on submitting them?01:45
mroddensure01:45
mroddensounds good01:45
dhellmannif they don't go into the havana rc, they'll go in very very early in icehouse01:45
mroddenyeah01:45
*** danwent has quit IRC01:46
dhellmannoh, and nice work finding those keystone changes that were needed, too -- I missed those01:46
mroddennp01:46
mroddenbknudson did the work on that, but i was familiar with it01:47
bknudsondhellmann: keystone has a couple of entry points :(01:47
mroddenkeystone-all and uh01:47
bknudsonalso the tests?01:47
mroddenwhat was the other one01:47
bknudsonthere's one for running in http01:47
mroddenhttpd/keystone01:48
mroddenyeah01:48
mroddenwe left the test ones in01:48
dhellmannbknudson: we're leaving the tests alone01:48
mroddento catch any failures01:48
dhellmannhttps://etherpad.openstack.org/disable-lazy-translation01:48
dhellmannand tracking our work on this ^^01:48
mroddendo you know what time mark usually hops on?01:49
*** dtyarnell has joined #openstack-dev01:51
dhellmannI'm not sure; I think he's still traveling so he may not even be on at the usual time.01:51
mroddenah01:51
*** emagana_ has quit IRC01:52
dhellmannwell, things are calm, so I'm going to sign off for the evening01:52
dhellmannthanks again for your help today, mrodden!01:52
*** sandywalsh has joined #openstack-dev01:53
mroddendhellmann: np, thank you for being around and providing feedback on the reviews01:54
*** sarob has joined #openstack-dev01:55
*** jsgotangco has joined #openstack-dev01:56
*** FatDarrel has quit IRC01:56
*** ctracey has quit IRC02:00
*** zhiyan has joined #openstack-dev02:03
*** ctracey has joined #openstack-dev02:07
*** anniec has quit IRC02:10
*** DennyZhang has quit IRC02:10
*** jayg is now known as jayg|g0n302:11
*** jsgotangco has quit IRC02:13
*** otherwiseguy has joined #openstack-dev02:14
*** sarob_ has joined #openstack-dev02:15
*** sarob has quit IRC02:18
*** sarob_ has quit IRC02:20
*** arborism has joined #openstack-dev02:21
*** READ10 has quit IRC02:26
*** edmund has joined #openstack-dev02:29
*** asalkeld is now known as asalkeld_zombie02:36
*** asalkeld_zombie is now known as asalkeld02:36
*** AlexF has joined #openstack-dev02:36
*** dkehn_ has joined #openstack-dev02:37
*** arborism has quit IRC02:39
*** arborism has joined #openstack-dev02:39
*** dkehn has quit IRC02:41
*** markmcclain has joined #openstack-dev02:42
*** carl_baldwin has joined #openstack-dev02:42
*** Tross has quit IRC02:44
*** Tross has joined #openstack-dev02:47
*** Mandell has joined #openstack-dev02:49
*** gyee has quit IRC02:52
*** mjb_ has joined #openstack-dev02:54
*** AlexF has quit IRC02:59
*** metral_ has joined #openstack-dev03:03
*** prekarat has joined #openstack-dev03:05
*** metral has quit IRC03:05
*** metral_ is now known as metral03:05
*** prekarat has quit IRC03:05
*** prekarat has joined #openstack-dev03:05
*** eharney has quit IRC03:07
*** metral_ has joined #openstack-dev03:09
*** metral has quit IRC03:10
*** metral_ is now known as metral03:10
*** kbrierly has joined #openstack-dev03:12
*** jasondot_ has quit IRC03:14
*** kdbrierly has joined #openstack-dev03:20
*** adjohn has quit IRC03:21
*** arborism is now known as amcrn03:21
*** adjohn has joined #openstack-dev03:21
*** kdbrierly has quit IRC03:22
*** kbrierly has quit IRC03:22
*** neelashah has joined #openstack-dev03:23
*** adjohn_ has joined #openstack-dev03:24
*** adjohn has quit IRC03:24
*** shakayumi has joined #openstack-dev03:25
*** faramir has quit IRC03:26
*** briancurtin has quit IRC03:29
*** carl_baldwin has quit IRC03:39
*** faramir has joined #openstack-dev03:40
*** gmurphy has quit IRC03:40
*** gmurphy has joined #openstack-dev03:42
*** adjohn_ has quit IRC03:43
*** Ryan_Lane has joined #openstack-dev03:44
*** kbrierly has joined #openstack-dev03:45
*** Khaja has joined #openstack-dev03:46
*** Khaja has quit IRC03:50
*** Ryan_Lane has quit IRC03:50
*** markwash has joined #openstack-dev04:02
*** zhiyan has quit IRC04:03
*** tkammer has joined #openstack-dev04:04
*** jamespage has quit IRC04:06
*** jamespage has joined #openstack-dev04:06
*** danwent has joined #openstack-dev04:08
*** harlowja has quit IRC04:08
*** Shaan7 has quit IRC04:10
*** edmund has quit IRC04:11
*** neelashah has quit IRC04:13
*** adjohn has joined #openstack-dev04:13
*** markmcclain1 has joined #openstack-dev04:15
*** markmcclain has quit IRC04:15
*** Shaan7 has joined #openstack-dev04:16
*** faramir has quit IRC04:16
*** markmcclain1 has quit IRC04:19
*** Ryan_Lane has joined #openstack-dev04:19
*** markmcclain has joined #openstack-dev04:19
*** emagana has joined #openstack-dev04:20
*** adjohn has quit IRC04:21
*** Ryan_Lane has quit IRC04:23
*** tkammer has quit IRC04:28
*** tkammer has joined #openstack-dev04:29
*** adjohn has joined #openstack-dev04:32
*** vartom15 has joined #openstack-dev04:35
*** ArcTanSusan has joined #openstack-dev04:39
*** vartom16 has joined #openstack-dev04:40
*** vartom17 has joined #openstack-dev04:41
*** vartom15 has quit IRC04:42
*** vartom18 has joined #openstack-dev04:42
*** alunch has quit IRC04:42
*** enikanorov has quit IRC04:42
*** vartom16 has quit IRC04:44
*** vartom17 has quit IRC04:45
*** garyk has quit IRC04:45
*** adjohn has quit IRC04:46
*** Ryan_Lane has joined #openstack-dev04:49
*** Ruetobas has quit IRC04:52
*** hemna has quit IRC04:52
*** Ryan_Lane has quit IRC04:54
*** Ruetobas has joined #openstack-dev04:57
*** SergeyLukjanov has joined #openstack-dev04:58
*** boris-42 has joined #openstack-dev04:59
*** giroro_ has joined #openstack-dev05:00
*** Ruetobas has quit IRC05:01
*** erkules_ is now known as erkules05:06
*** AndreyGrebenniko has quit IRC05:07
*** AndreyGrebenniko has joined #openstack-dev05:07
*** hemna has joined #openstack-dev05:08
*** otherwiseguy has quit IRC05:18
*** shinylasers has quit IRC05:18
*** Ryan_Lane has joined #openstack-dev05:20
*** aditirav has joined #openstack-dev05:21
*** vartom18 has quit IRC05:22
*** markwash has quit IRC05:22
*** zaitcev has quit IRC05:23
*** Ryan_Lane has quit IRC05:24
*** tvb|afk has joined #openstack-dev05:25
*** salv-orlando has quit IRC05:29
*** tvb|afk has quit IRC05:30
*** bdpayne has quit IRC05:37
*** bdpayne has joined #openstack-dev05:38
*** topol has quit IRC05:40
*** amerine has joined #openstack-dev05:41
*** egallen has joined #openstack-dev05:41
*** egallen has quit IRC05:45
*** jaypipes has joined #openstack-dev05:46
*** adjohn has joined #openstack-dev05:46
*** prekarat has quit IRC05:49
*** Ryan_Lane has joined #openstack-dev05:50
*** odyssey4me has joined #openstack-dev05:50
*** faramir has joined #openstack-dev05:51
*** adjohn has quit IRC05:51
*** avishay has joined #openstack-dev05:53
*** tvb|afk has joined #openstack-dev05:54
*** Ryan_Lane has quit IRC05:54
*** egallen has joined #openstack-dev05:55
*** SergeyLukjanov has quit IRC05:55
*** vartom18 has joined #openstack-dev05:57
*** odyssey4me has quit IRC05:59
*** garyk has joined #openstack-dev05:59
*** eglynn has joined #openstack-dev06:00
*** Nikolay_1t has joined #openstack-dev06:01
*** bdpayne has quit IRC06:02
*** novas0x2a|laptop has quit IRC06:04
*** faramir has quit IRC06:07
*** egallen has quit IRC06:07
*** odyssey4me has joined #openstack-dev06:08
*** o_petit has joined #openstack-dev06:14
*** zbitter has joined #openstack-dev06:15
*** shakayumi has quit IRC06:15
*** tvb|afk_ has joined #openstack-dev06:16
*** zaneb has quit IRC06:18
*** adjohn has joined #openstack-dev06:20
*** shinylasers has joined #openstack-dev06:20
*** tvb|afk has quit IRC06:20
*** Ryan_Lane has joined #openstack-dev06:20
*** yolanda has joined #openstack-dev06:23
*** shardy_afk is now known as shardy06:23
*** MaxV has joined #openstack-dev06:23
*** odyssey4me2 has joined #openstack-dev06:25
*** kbrierly has quit IRC06:25
*** odyssey4me has quit IRC06:28
*** Ryan_Lane has quit IRC06:29
*** odyssey4me2 has quit IRC06:29
*** tvb|afk_ is now known as tvb06:31
*** tvb has quit IRC06:31
*** tvb has joined #openstack-dev06:31
*** mrunge has joined #openstack-dev06:33
*** martyntaylor has joined #openstack-dev06:34
mjb_I've posted a comment on https://bugs.launchpad.net/nova/+bug/1224453.  Anyone concerned by nova quotas care to take a look to see if it makes sense? Thx06:34
uvirtbotLaunchpad bug 1224453 in nova "min_count ignored for instance create" [Undecided,Incomplete]06:34
*** adjohn has quit IRC06:35
*** MaxV has quit IRC06:35
*** neoXsys has joined #openstack-dev06:36
*** FatDarrel has joined #openstack-dev06:38
*** amuller has joined #openstack-dev06:38
*** danwent_ has joined #openstack-dev06:39
*** eglynn has quit IRC06:39
*** romcheg has joined #openstack-dev06:40
*** emagana has quit IRC06:40
*** danwent has quit IRC06:41
*** danwent_ is now known as danwent06:41
*** amuller has quit IRC06:47
*** xga has joined #openstack-dev06:49
*** henrynash has joined #openstack-dev06:54
*** afazekas_no_irq has joined #openstack-dev06:55
*** Ryan_Lane has joined #openstack-dev06:55
*** uvirtbot has quit IRC06:56
*** odyssey4me has joined #openstack-dev06:56
*** uvirtbot has joined #openstack-dev06:56
*** reidrac has joined #openstack-dev06:59
*** Ryan_Lane has quit IRC06:59
*** odyssey4me2 has joined #openstack-dev07:00
*** vipul is now known as vipul-away07:02
*** odyssey4me has quit IRC07:02
*** boris-42 has quit IRC07:06
*** eglynn has joined #openstack-dev07:07
*** jistr has joined #openstack-dev07:11
*** gargya has joined #openstack-dev07:12
*** egallen has joined #openstack-dev07:13
*** jprovazn has joined #openstack-dev07:15
*** alexxu has quit IRC07:19
*** SergeyLukjanov has joined #openstack-dev07:19
*** flaper87|afk is now known as flaper8707:20
*** anteaya has quit IRC07:21
*** xga has quit IRC07:23
*** davidhadas has quit IRC07:23
*** romcheg has quit IRC07:23
*** Ryan_Lane has joined #openstack-dev07:26
*** AlexF has joined #openstack-dev07:29
*** Ryan_Lane has quit IRC07:30
*** vipul-away is now known as vipul07:30
*** mmagr has joined #openstack-dev07:31
*** faramir has joined #openstack-dev07:32
*** odyssey4me2 has quit IRC07:32
*** adjohn has joined #openstack-dev07:33
*** athomas has joined #openstack-dev07:33
*** JordanP has joined #openstack-dev07:34
*** MaxV has joined #openstack-dev07:34
*** jcoufal has joined #openstack-dev07:34
*** arezmerita has joined #openstack-dev07:36
*** amuller has joined #openstack-dev07:38
*** xqueralt has joined #openstack-dev07:40
*** DinaBelova has joined #openstack-dev07:41
*** danwent has quit IRC07:41
alogahenrynash: ping?07:42
*** adjohn has quit IRC07:42
*** adjohn has joined #openstack-dev07:42
*** flaper87 is now known as flaper87|afk07:43
*** ifarkas has joined #openstack-dev07:44
*** ArcTanSusan has quit IRC07:45
*** odyssey4me has joined #openstack-dev07:47
*** ifarkas has quit IRC07:48
*** danpb has joined #openstack-dev07:48
*** yassine has joined #openstack-dev07:48
*** aditirav has quit IRC07:49
*** ifarkas has joined #openstack-dev07:51
*** Ryan_Lane has joined #openstack-dev07:56
*** flaper87|afk is now known as flaper8707:59
*** jcoufal_ has joined #openstack-dev07:59
*** Ryan_Lane has quit IRC08:01
*** jpich has joined #openstack-dev08:01
*** jcoufal has quit IRC08:02
*** davidhadas has joined #openstack-dev08:03
*** boden has joined #openstack-dev08:04
*** xga has joined #openstack-dev08:05
*** jtomasek has quit IRC08:05
*** pixelb has joined #openstack-dev08:06
henrynashaloga: hi08:08
*** safchain_ has joined #openstack-dev08:09
*** feleouet has quit IRC08:09
*** flaper87 is now known as flaper87|afk08:09
*** safchain_ has quit IRC08:09
*** amcrn has quit IRC08:10
*** safchain has joined #openstack-dev08:11
*** giulivo has joined #openstack-dev08:11
*** flaper87|afk is now known as flaper8708:12
*** FatDarrel has quit IRC08:12
*** corXi has joined #openstack-dev08:12
*** davidhadas has quit IRC08:13
*** boris-42 has joined #openstack-dev08:15
*** derekh has joined #openstack-dev08:16
*** djoreilly has joined #openstack-dev08:17
*** AlexF has quit IRC08:17
*** davidhadas has joined #openstack-dev08:19
*** jtomasek has joined #openstack-dev08:20
*** basha has joined #openstack-dev08:23
*** djoreilly has quit IRC08:24
*** djoreilly has joined #openstack-dev08:25
*** tvb has quit IRC08:26
*** aloga has quit IRC08:26
*** Ryan_Lane has joined #openstack-dev08:27
*** s2r2 has left #openstack-dev08:28
*** matsuhashi has quit IRC08:28
*** flaper87 is now known as flaper87|afk08:28
*** lucasagomes has joined #openstack-dev08:28
*** matsuhashi has joined #openstack-dev08:28
*** Ryan_Lane has quit IRC08:31
*** DeeJay1 has joined #openstack-dev08:32
*** AlexF has joined #openstack-dev08:32
*** djoreilly has quit IRC08:32
DeeJay1hi, quick question: how can I override rabbit_host and rabbit_password in my custom service (using rpc from openstack.common)08:32
*** jprovazn has quit IRC08:32
*** sld has quit IRC08:33
*** aloga has joined #openstack-dev08:33
*** jistr has quit IRC08:33
*** jasondot_ has joined #openstack-dev08:35
*** jistr has joined #openstack-dev08:35
alogahenrynash: sorry, lost connection08:38
alogahenrynash: I was having a look at https://bugs.launchpad.net/keystone/+bug/121123308:38
uvirtbotLaunchpad bug 1211233 in keystone "REMOTE_USER support should be more flexible in how domain is specified" [Wishlist,New]08:38
alogasince heavily using the external authentication08:39
alogas/since/since we're/08:39
*** bnemec has quit IRC08:39
*** flaper87|afk is now known as flaper8708:39
*** Alexei_987 has joined #openstack-dev08:39
*** johnthetubaguy has joined #openstack-dev08:41
BobBallbigmstone: What error message?08:42
*** AlexF has quit IRC08:42
henrynashaloga: yes08:43
henrynashaloga: we have made some improvements to that domain handling code anyway08:44
*** DinaBelova has quit IRC08:44
henrynashaloga: so not sure how important this one is now08:44
alogafor us it is a problem that keystone splits the username in the "@"08:44
*** ndipanov_gone is now known as ndipanov08:44
henrynashaloga: yes, that was my thought….for some that won't be  good answer08:44
alogafor example, using X.509 auth some usernames (the DNs) can contain a "@"08:45
alogaso the final username is wrong :-(08:45
henrynashaloga: well that's OK, since won't the domain name ALWAYS be appended…..and we only take the right most @ ?08:45
henrynashaloga: or is it that you want the default domain to be used08:46
*** ivoks_ is now known as ivoks08:46
*** basha has quit IRC08:46
*** sc68cal has quit IRC08:46
*** ivoks has quit IRC08:46
*** ivoks has joined #openstack-dev08:46
*** sc68cal has joined #openstack-dev08:46
alogahenrynash: yeah, but what if there's no domain08:46
*** rohitk has joined #openstack-dev08:47
*** qba73 has joined #openstack-dev08:47
alogaif the external auth appends an "@" and the domain, it is OK (the rightmost @ will be used)08:47
*** davidhadas_ has joined #openstack-dev08:47
henrynashaloga: I agree, in the case where you don't want to specify the domain, that's an issue….although you could just tack on 'default'08:47
alogabut if there's no domain at all, the code still splits the username https://github.com/openstack/keystone/blob/master/keystone/auth/plugins/external.py#L3908:48
henrynashaloga: yep, I know08:48
*** johnthetubaguy1 has joined #openstack-dev08:48
henrynashaloga: what kind of external auth are u using?08:48
*** faramir has quit IRC08:48
alogahenrynash: we are using some WSGI middleware08:49
alogai mean, for us it is not a real problem08:49
henrynashaloga: yep, me too08:49
alogasince we can set whatever we want :-]08:49
*** johnthetubaguy has quit IRC08:50
henrynashaloga: when I wrote the defect, I had imagined the case when a wsgi plugin would pass the fully formed auth structure to identify the user….08:50
*** davidhadas has quit IRC08:50
alogahenrynash: you mean in the request body, right?08:50
henrynashaloga: something you can't really do with apache-http, but you can witha awsgi plugin08:51
henrynashaloga: right08:51
alogahenrynash: yeah, my concern was about using apache directly08:51
alogahenrynash: for example, somebody using X509 auth directly with apache08:51
alogahenrynash: like this example http://docs.openstack.org/developer/keystone/external-auth.html#x-509-example08:52
henrynashaloga: so I'm open to suggestions on how to improve….08:52
alogahenrynash: I think that if we're using a wsgi middleware we can enforce to set the domain part in the request body08:53
henrynashaloga: agreed08:53
alogahenrynash: the problem for me is if we're not using a middleware at all08:53
aloga:-/08:53
alogahenrynash: for example the x509 authentication using mod_ssl in Apache08:54
*** vartom18 has quit IRC08:55
*** vartom19 has joined #openstack-dev08:55
henrynashaloga: so aren't there two remote_user backends you can select - one that expects a domain and one that doesn't?08:55
henrynashaloga: item later will assume the default domain08:55
henrynashaloga: I think it's a config file option08:55
alogahenrynash: yeah, but what if we're mixing them?08:55
alogalets say I have a WSGI middleware and x509 auth08:56
alogahow will the backend be selected?08:56
henrynashaloga: now you're just shooting for the moon :-)08:57
henrynashaloga: fair point, yep that won't work...08:57
alogahenrynash: hehe08:57
*** Ryan_Lane has joined #openstack-dev08:57
alogahenrynash: it seems a complicated scenario, I know08:58
*** prekarat has joined #openstack-dev08:58
henrynashaloga: you could define the domain separator in a config file?08:58
*** DinaBelova has joined #openstack-dev08:59
*** davidhadas has joined #openstack-dev08:59
alogahenrynash: that could do the trick, but I'm not sure08:59
alogahenrynash: for example, using x509 certs the DN can contain a lot of characters09:00
*** Ryan_Lane has quit IRC09:01
*** davidhadas_ has quit IRC09:01
*** tkammer has quit IRC09:01
*** markmc has joined #openstack-dev09:01
*** Nikolay_1t has quit IRC09:03
alogahenrynash: the only thing that comes to my mind is setting an env var that will be passed down09:06
alogahenrynash: so as to discriminate between domain and domainless09:06
alogahenrynash: I do not know if this is the best idea, though09:06
alogahenrynash: (and I guess it is not)09:06
henrynashaloga: could work….09:06
henrynashaloga: but feels a bit of overkill…maybe..lety's mull on it for a bit09:07
alogahenrynash: what I am not sure is if we should split the username by an "@" in the ExternalDefault plugin09:08
alogasince we're using the default domain, shouldn't we use the username as it is provided?09:08
*** DinaBelova has quit IRC09:08
alogahenrynash: or at least behave the same way as the ExternalDomain (i.e. thake the rightmost one)09:09
henrynashaloga: hmm…i need to look at that…need to go off line for a bit, but I'll take a look later….09:09
alogahenrynash: if you can I can have a look and submit a review and discuss things there09:10
alogas/can/want/09:10
henrynashaloga: good topic09:10
henrynashaloga: sure….that would be great09:10
alogahenrynash: then count on it during this morning ;-)09:10
henrynashaloga: excellent! :-)09:11
alogagreat, I'll let you know09:12
*** romcheg has joined #openstack-dev09:12
*** amerine has quit IRC09:13
*** henrynash has quit IRC09:14
ttxmarkmc: last bug in oslo rc1 is fixcommitted. Let me know if we should cut stable/havana from there09:15
markmcttx, yep, please do ... and thanks09:15
ttxmarkmc: shall we tag something ?09:16
* ttx will look at how we did it for grizzly09:16
markmcttx, heh :)09:16
markmcttx, whatever tags your using for rc1 would make sense to me09:16
markmcttx, fwiw, I've found the tags useful ... even if they don't correspond to a tarball release09:17
markmcttx, e.g. looking at we did in a milestone period09:17
*** o_petit has quit IRC09:17
ttxwe did a 2013.1.rc1 back then. Trying to see how it related to stable/grizzly cut09:18
ttxok, will tag 2013.2.rc1 and cut a stable/havana branch from HEAD09:20
*** s2r2 has joined #openstack-dev09:25
*** jtomasek has quit IRC09:25
*** michchap_ has joined #openstack-dev09:26
*** tkammer has joined #openstack-dev09:27
*** tvb has joined #openstack-dev09:27
*** Ryan_Lane has joined #openstack-dev09:27
markmcttx, cool09:28
*** adjohn has quit IRC09:29
markmcttx, since we've now disabled lazy translation, we should probably unmark the blueprints as translated e.g. https://blueprints.launchpad.net/nova/+spec/user-locale-api09:29
markmcttx, I'll just go ahead and do that?09:29
*** adjohn has joined #openstack-dev09:29
*** michchap has quit IRC09:29
ttxstable/havana is up09:30
ttx(for oslo-incubator)09:30
ttxmarkmc: yes, I suppose we have to...09:30
markmcttx, ok09:30
*** ema has joined #openstack-dev09:30
*** ema has joined #openstack-dev09:30
*** flaper87 is now known as flaper87|afk09:31
*** tvb has quit IRC09:31
*** Ryan_Lane has quit IRC09:32
*** AlexF has joined #openstack-dev09:32
markmcttx, unset series and set milestone to next, right?09:32
ttxmarkmc: and probably mark unimplemented09:32
markmcttx, yeah, moved it back to Good Progress09:33
*** faramir has joined #openstack-dev09:33
*** xga has quit IRC09:35
*** xga has joined #openstack-dev09:35
*** jtomasek has joined #openstack-dev09:38
*** aspiers has joined #openstack-dev09:41
*** flaper87|afk is now known as flaper8709:42
*** bashok has joined #openstack-dev09:42
*** egallen has quit IRC09:44
*** djoreilly has joined #openstack-dev09:45
openstackstatusNOTICE: One of our Jenkins masters is failing to return results, so the gate is currently stuck.09:46
*** rohitk has quit IRC09:46
*** egallen has joined #openstack-dev09:49
*** fandikurnia01 has joined #openstack-dev09:50
openstackstatusNOTICE: Jenkins01 is not failing, it's just very slow at the moment... so the gate is not completely stuck.09:54
*** jab416171 has quit IRC09:54
*** ygbo has joined #openstack-dev09:55
*** faramir has quit IRC09:57
*** Ryan_Lane has joined #openstack-dev09:58
*** bashok has quit IRC09:58
*** bashok has joined #openstack-dev09:58
*** DinaBelova has joined #openstack-dev10:00
*** Ryan_Lane has quit IRC10:02
*** avishay has quit IRC10:02
*** tkammer has quit IRC10:04
*** hugokuo has quit IRC10:04
*** hugokuo has joined #openstack-dev10:05
*** jasondot_ has quit IRC10:06
*** mrunge has quit IRC10:07
*** davidhadas_ has joined #openstack-dev10:09
*** davidhadas has quit IRC10:12
*** anniec has joined #openstack-dev10:12
*** anniec_ has joined #openstack-dev10:15
*** matsuhashi has quit IRC10:16
*** anniec has quit IRC10:16
*** anniec_ is now known as anniec10:17
*** tkammer has joined #openstack-dev10:17
*** xqueralt is now known as xqueralt-afk10:19
*** avishay has joined #openstack-dev10:21
*** SergeyLukjanov has quit IRC10:27
*** schwicht has joined #openstack-dev10:27
*** tvb has joined #openstack-dev10:28
*** henrynash has joined #openstack-dev10:28
*** Ryan_Lane has joined #openstack-dev10:28
*** corXi has quit IRC10:28
*** AlexF has quit IRC10:30
*** dims has joined #openstack-dev10:30
*** amuller_ has joined #openstack-dev10:31
*** amuller has quit IRC10:31
*** tvb has quit IRC10:32
*** Ryan_Lane has quit IRC10:32
*** jvrbanac has quit IRC10:33
*** SergeyLukjanov has joined #openstack-dev10:33
*** jvrbanac has joined #openstack-dev10:33
*** pcm_ has joined #openstack-dev10:33
*** Shaan7 has quit IRC10:33
*** Shaan7 has joined #openstack-dev10:33
*** pcm_ has quit IRC10:34
*** pcm_ has joined #openstack-dev10:34
*** yaguang has joined #openstack-dev10:35
*** AlexF has joined #openstack-dev10:37
*** faramir has joined #openstack-dev10:39
*** sdake_ has quit IRC10:40
*** sdake has quit IRC10:41
*** sdake_ has joined #openstack-dev10:41
*** sdake_ has quit IRC10:41
*** sdake_ has joined #openstack-dev10:41
*** sdake has joined #openstack-dev10:41
*** adjohn has quit IRC10:45
*** venkatesh has joined #openstack-dev10:46
*** jeblair has quit IRC10:47
*** jeblair has joined #openstack-dev10:48
*** adjohn has joined #openstack-dev10:49
*** AlexF has quit IRC10:50
*** adjohn has quit IRC10:53
*** adjohn has joined #openstack-dev10:54
*** AlexF has joined #openstack-dev10:55
*** amuller_ has quit IRC10:58
*** Ryan_Lane has joined #openstack-dev10:58
*** amuller__ has joined #openstack-dev10:59
*** fbo is now known as fbo_away10:59
*** amuller has joined #openstack-dev10:59
*** faramir has quit IRC11:00
*** johnthetubaguy1 is now known as johnthetubaguy11:01
*** alexpilotti has joined #openstack-dev11:02
*** Ryan_Lane has quit IRC11:03
*** sdake_ has quit IRC11:03
*** jtomasek has quit IRC11:03
*** sdake_ has joined #openstack-dev11:03
*** sdake_ has quit IRC11:03
*** sdake_ has joined #openstack-dev11:03
*** markmc has quit IRC11:04
*** adjohn has quit IRC11:05
*** raies has quit IRC11:06
*** adjohn has joined #openstack-dev11:07
*** avishay has quit IRC11:07
*** SergeyLukjanov has quit IRC11:08
*** jruzicka has joined #openstack-dev11:08
*** dims has quit IRC11:09
*** SergeyLukjanov has joined #openstack-dev11:10
*** yaguang has quit IRC11:12
*** morazi has quit IRC11:13
*** adalbas has joined #openstack-dev11:15
*** nosnos has quit IRC11:16
*** egallen has quit IRC11:17
*** jtomasek has joined #openstack-dev11:19
ttxand the winner is.. keystone11:19
*** afazekas_no_irq has quit IRC11:20
*** venkatesh has quit IRC11:20
*** egallen has joined #openstack-dev11:20
*** egallen has quit IRC11:20
*** exed has joined #openstack-dev11:21
*** tvb has joined #openstack-dev11:23
*** CaptTofu has quit IRC11:25
*** CaptTofu has joined #openstack-dev11:26
*** venkatesh has joined #openstack-dev11:28
*** Ryan_Lane has joined #openstack-dev11:29
sdaguefirst to RC?11:31
*** corXi has joined #openstack-dev11:33
*** Ryan_Lane has quit IRC11:33
ttxsdague: yes11:34
ttxsdague: it's been a fun retry race between Glance and keystone over the last two days11:34
jd__:(11:36
jd__that's the fault of gettext, otherwise Ceilometer would have win! :)11:36
*** dims has joined #openstack-dev11:36
*** venkatesh has quit IRC11:38
*** FunnyLookinHat has joined #openstack-dev11:38
*** dims has quit IRC11:41
*** dims has joined #openstack-dev11:42
ttxjd__: you could push the icehouse version bump as depending on 49278 and shove it on queue11:44
jd__ttx: ack11:44
ttxjd__: model commit @ https://review.openstack.org/#/c/49029/11:45
*** zbitter is now known as zaneb11:46
*** jistr is now known as jistr|afk11:46
*** sandywalsh has quit IRC11:49
jd__ttx: https://review.openstack.org/#/c/4935311:49
*** dstanek has joined #openstack-dev11:50
*** tellesnobrega has joined #openstack-dev11:52
*** jistr|afk is now known as jistr|english11:52
*** adjohn has quit IRC11:52
*** flaper87 is now known as flaper87|afk11:53
tellesnobregahi, how can i print something while running the run_tests.sh, im trying to learn more about the code, but i cant see any output from print11:53
ttxjd__: feel free to self-approve it11:54
*** CaptTofu has quit IRC11:54
jd__ttx: done :)11:54
*** CaptTofu has joined #openstack-dev11:54
ttxjd__: it might need a +2 too :)11:56
ttxnot sure that's still necessary though11:56
jd__not sure too but added anyway11:56
*** o_petit has joined #openstack-dev11:57
*** sgordon has joined #openstack-dev11:57
*** sgordon has joined #openstack-dev11:57
*** Ryan_Lane has joined #openstack-dev11:59
*** derekh has quit IRC11:59
*** topol has joined #openstack-dev11:59
*** fbo_away is now known as fbo12:01
*** galstrom_zzz is now known as galstrom12:03
*** Ryan_Lane has quit IRC12:03
*** salv-orlando has joined #openstack-dev12:06
*** galstrom is now known as galstrom_zzz12:06
*** viraptor has joined #openstack-dev12:07
*** AlexF has quit IRC12:08
*** dprince has joined #openstack-dev12:09
*** DinaBelova has quit IRC12:09
*** mkollaro has joined #openstack-dev12:10
*** xyander has joined #openstack-dev12:10
*** djoreilly_ has joined #openstack-dev12:10
viraptorhi all, could someone tell me if there's any relation between the rpc pool size and the possible concurrent handling of incoming messages in services? (scheduler specifically) or is the connection pool only used for specific channels / outgoing messages?12:11
*** morazi has joined #openstack-dev12:11
*** kbringard has joined #openstack-dev12:12
*** danpb has quit IRC12:13
*** jab416171 has joined #openstack-dev12:13
*** gordc has joined #openstack-dev12:16
*** flaper87|afk is now known as flaper8712:17
*** sthaha has quit IRC12:17
*** lucasagomes is now known as lucas-hungry12:20
*** bashok has quit IRC12:20
*** bashok has joined #openstack-dev12:21
*** jvrbanac has quit IRC12:24
*** shakayumi has joined #openstack-dev12:25
*** imsurit has joined #openstack-dev12:25
bigmstoneBobBall: Exact virtlib error as before. I can rearrange the statements to get rid of that error but others just pop up. Once I get to work I can give you the trace of the latest one.12:25
*** xyander has quit IRC12:26
BobBallbigmstone: that'd be great, thanks :)12:27
bigmstoneBobBall: Is the master github branch the latest working havana repo?12:27
BobBallbigmstone: yup - that's right.  We have a number of Citrix fixes too that aren't in master yet, but they don't affect aggregates AFAIK12:28
bigmstoneBecause I'm working off the havana ubuntu archive. Which I think is 2013.2.b3?12:28
BobBallb3 is recent enough12:28
BobBallI'm also trying to set up a test for aggregates12:28
BobBallbut it'll take a bit of time cuz I'm doing it automated12:29
clouded_tuxI am able to make it run with yesterdays havana repo12:29
bigmstoneOkay. I'll get you that trace. I fixed as much as I could up to the point I'm currently at. Then moved to havana with same results. Haven't done much past that.12:29
BobBallclouded_tux: aggregates with Xen?12:29
clouded_tuxno..12:29
BobBallokay :)12:29
BobBallshame :)12:29
bigmstoneclouded_tux: everything works great with xen?..except pooling. :(12:29
bigmstoneonce pooled things break.12:30
*** thomasm has joined #openstack-dev12:30
*** Ryan_Lane has joined #openstack-dev12:30
tellesnobrega hi, how can i print something while running the run_tests.sh, im trying to learn more about the code, but i cant see any output from print12:30
clouded_tuxoh.. sorry12:30
bigmstonenot your fault. I'm willing to do what I can in the area as it directly affects my business. :)12:30
*** jtomasek has quit IRC12:30
*** exed has quit IRC12:31
*** lucas-hungry is now known as lucasagomes12:32
*** danpb has joined #openstack-dev12:33
*** gargya has quit IRC12:33
*** xqueralt-afk is now known as xqueralt12:34
*** Ryan_Lane has quit IRC12:34
*** markmcclain1 has joined #openstack-dev12:38
*** markmcclain has quit IRC12:38
*** egallen has joined #openstack-dev12:40
*** tellesnobrega has quit IRC12:41
*** dkranz has joined #openstack-dev12:42
*** dtyarnell has quit IRC12:43
*** vladikr has joined #openstack-dev12:43
*** bashok has quit IRC12:44
*** bashok has joined #openstack-dev12:45
*** dolphm has joined #openstack-dev12:48
*** samuelbercovici has joined #openstack-dev12:49
*** bpokorny has joined #openstack-dev12:50
*** dnoll has joined #openstack-dev12:50
*** aditirav has joined #openstack-dev12:50
*** lucasagomes is now known as lucas-hungry12:51
*** salv-orlando_ has joined #openstack-dev12:52
*** bvandenh has joined #openstack-dev12:52
*** salv-orlando_ has quit IRC12:54
*** salv-orlando has quit IRC12:54
*** mjfork has joined #openstack-dev12:55
*** vartom19 has quit IRC12:55
*** jruzicka has quit IRC12:56
*** shakayumi has quit IRC12:59
*** spzala has joined #openstack-dev13:00
*** Ryan_Lane has joined #openstack-dev13:00
*** jayg|g0n3 is now known as jayg13:01
sorenDoes this look familiar to anyone? (Neutron unit test failure) http://paste.openstack.org/show/47830/13:02
*** xqueralt has quit IRC13:02
ttxsoren: not really in the "familiar" category: http://logstash.openstack.org/#eyJzZWFyY2giOiJcIkZBSUw6IG5ldXRyb24udGVzdHMudW5pdC5jaXNjby50ZXN0X25leHVzX3BsdWdpbi5UZXN0Q2lzY29OZXh1c1BsdWdpbi50ZXN0X25leHVzX2FkZF9yZW1vdmVfcm91dGVyX2ludGVyZmFjZVwiIiwiZmllbGRzIjpbXSwib2Zmc2V0IjowLCJ0aW1lZnJhbWUiOiI2MDQ4MDAiLCJncmFwaG1vZGUiOiJjb3VudCIsInRpbWUiOnsidXNlcl9pbnRlcnZhbCI6MH0sInN0YW1wIjoxMzgwNzE5MDIyNzAzfQ==13:04
*** radez_g0n3 is now known as radez13:05
*** Ryan_Lane has quit IRC13:05
*** iartarisi has joined #openstack-dev13:06
dimsttx, there are hits for "is not JSON serializable"13:06
*** xga_ has joined #openstack-dev13:06
*** venkatesh has joined #openstack-dev13:07
*** jtomasek has joined #openstack-dev13:07
sorenhttps://bugs.launchpad.net/neutron/+bug/1234012 looks related, too.13:08
uvirtbotLaunchpad bug 1234012 in neutron "test_nexus_plugin.py duplicate values causes tests to fail." [Undecided,In progress]13:08
sorenOk, so it's not just me.13:08
sorenCool.13:08
*** jcoufal_ is now known as jcoufal13:08
sorenI wonder how it passed through CI, though.13:08
*** xga has quit IRC13:09
*** bashok has quit IRC13:10
*** bashok has joined #openstack-dev13:11
*** markmcclain1 has quit IRC13:11
*** markmcclain has joined #openstack-dev13:12
*** jruzicka has joined #openstack-dev13:12
*** dtyarnell has joined #openstack-dev13:13
*** sandywalsh has joined #openstack-dev13:14
*** eharney has joined #openstack-dev13:15
*** o_petit has quit IRC13:15
*** ayoung has joined #openstack-dev13:16
*** xqueralt has joined #openstack-dev13:17
*** Medha_B has joined #openstack-dev13:18
*** dolphm has quit IRC13:19
*** dperaza has joined #openstack-dev13:19
*** nermina has joined #openstack-dev13:20
*** giroro_ has quit IRC13:20
Medha_B hi all..13:20
Medha_BI am looking to contribute to OpenStack as a part of my application for OPW13:20
Medha_BCould anyone help me!?13:20
Medha_Bthanks! :)13:20
ayoungMedha_B, OPW?13:20
timelloMedha_B: http://www.openstack.org/community/ is a good start.13:22
*** xga_ has quit IRC13:22
*** changbl has quit IRC13:22
*** xga_ has joined #openstack-dev13:22
*** Ruetobas has joined #openstack-dev13:23
*** bswartz has quit IRC13:24
Medha_Bopw- outreach program for women :)13:24
Medha_B@timello: yeah, going through the link..13:25
*** edmund has joined #openstack-dev13:25
*** dkehn_ is now known as dkehn13:26
ayoungMedha_B, Are you a coder?13:26
*** michchap_ has quit IRC13:27
Medha_Byes..13:28
*** bnemec has joined #openstack-dev13:28
Medha_Bc/c++/java mainly..13:29
Medha_B@ayoung: any help? :)13:30
*** Ryan_Lane has joined #openstack-dev13:31
bnemecDeeJay1: They're conf opts, so you would override them in the conf object.13:31
bnemecSee here: https://github.com/openstack/oslo-incubator/blob/master/openstack/common/rpc/impl_kombu.py#L5613:31
*** lucas-hungry is now known as lucasagomes13:32
*** jistr|english is now known as jistr13:32
*** neelashah has joined #openstack-dev13:34
*** michchap has joined #openstack-dev13:34
*** yassine has quit IRC13:34
*** yassine has joined #openstack-dev13:35
*** Ryan_Lane has quit IRC13:35
*** Ruetobas has quit IRC13:35
*** rfolco has joined #openstack-dev13:35
*** READ10 has joined #openstack-dev13:38
*** rosmaita_ is now known as rosmaita13:39
*** tboerger has joined #openstack-dev13:41
*** DinaBelova has joined #openstack-dev13:41
*** Ruetobas has joined #openstack-dev13:41
*** Medha_B has left #openstack-dev13:41
*** burt has joined #openstack-dev13:41
*** dvarga_ has joined #openstack-dev13:44
*** tboerger has left #openstack-dev13:45
*** otherwiseguy has joined #openstack-dev13:46
*** marios has quit IRC13:48
*** dvarga_ is now known as dvarga13:49
*** salv-orlando has joined #openstack-dev13:51
*** marios has joined #openstack-dev13:52
*** jecarey has joined #openstack-dev13:54
*** imsurit has quit IRC13:54
*** thedodd has joined #openstack-dev13:59
*** bswartz has joined #openstack-dev13:59
*** DennyZhang has joined #openstack-dev13:59
*** yassine has quit IRC14:00
*** troytoman-away is now known as troytoman14:00
*** gimps_ has joined #openstack-dev14:01
*** yassine has joined #openstack-dev14:01
*** Ryan_Lane has joined #openstack-dev14:01
*** xqueralt has quit IRC14:01
DeeJay1bnemec: thx, although I ended up doing a config file anyway14:01
*** DeeJay1 has quit IRC14:01
*** avishay has joined #openstack-dev14:02
bnemecSounds good.14:02
*** bashok has quit IRC14:02
*** bashok has joined #openstack-dev14:02
*** egallen has quit IRC14:03
*** markwash has joined #openstack-dev14:04
bigmstoneBobBall: http://pastebin.com/qcNF4pYQ is the latest trace. I'm trying to run down the problem on my end as well, but you know more about this code than I. https://www.github.com/bigmstone/nova is all the changes I've made to get it this far (total of two line changes.)14:04
*** dstanek has quit IRC14:06
*** Ryan_Lane has quit IRC14:06
*** AlexF has joined #openstack-dev14:07
*** demontiesantos has joined #openstack-dev14:07
*** dsantos_ has joined #openstack-dev14:08
*** topol has quit IRC14:08
*** dsantos_ has quit IRC14:08
*** zaitcev has joined #openstack-dev14:08
*** demontiesantos has joined #openstack-dev14:09
*** Dr_Who has joined #openstack-dev14:09
*** Dr_Who has joined #openstack-dev14:09
*** egallen has joined #openstack-dev14:10
*** FunnyLookinHat has quit IRC14:11
BobBallbigmstone: So that sounds like the problem we've seen at https://bugs.launchpad.net/nova/+bug/123217914:12
uvirtbotLaunchpad bug 1232179 in nova "Aggregate metadata is not correctly handled by compute" [Medium,Triaged]14:12
BobBallbigmstone: the aggregate should have this metadata but it's not there for some reason14:13
*** bashok has quit IRC14:13
BobBallShould be a simple fix14:13
BobBallreplace "metadetails" with "metadata"14:13
BobBallin both places14:13
*** bashok has joined #openstack-dev14:14
*** xqueralt has joined #openstack-dev14:14
*** imsurit has joined #openstack-dev14:16
*** Ruetobas has quit IRC14:17
*** dolphm has joined #openstack-dev14:18
*** tmclaugh[work] has joined #openstack-dev14:18
*** jimfehlig has joined #openstack-dev14:18
bigmstoneBobBall: so aggr is populated by running _virtapi.aggregate_get_by_host()14:19
bknudsonhaving a problem running tox on ubuntu -- ERROR: tox version is 1.4.3, required is at least 1.614:20
bigmstoneand aggregate_get_by_host is a function that includes "raise NotImplementedError()"14:20
bigmstoneheh14:20
*** dtyarnell has quit IRC14:20
*** venkatesh has quit IRC14:20
bknudsonnever mind. sudo pip install tox --upgrade14:20
*** Ruetobas has joined #openstack-dev14:20
*** tvb has quit IRC14:22
*** edmund has quit IRC14:23
*** lbragstad has quit IRC14:23
*** dtyarnell has joined #openstack-dev14:23
*** markmc has joined #openstack-dev14:24
*** venkatesh has joined #openstack-dev14:25
*** aeperezt has joined #openstack-dev14:25
*** briancurtin has joined #openstack-dev14:26
*** markwash has quit IRC14:28
*** litong has joined #openstack-dev14:29
*** jistr has quit IRC14:30
*** jistr has joined #openstack-dev14:30
*** jmontemayor has joined #openstack-dev14:30
*** avishay has quit IRC14:30
*** Ryan_Lane has joined #openstack-dev14:32
*** Guest49600 is now known as oubiwann_14:32
*** Ruetobas has quit IRC14:33
*** ruhe has joined #openstack-dev14:33
*** exed has joined #openstack-dev14:34
*** dtyarnell has quit IRC14:35
*** Ryan_Lane has quit IRC14:36
*** o_petit has joined #openstack-dev14:37
*** rcleere has joined #openstack-dev14:37
*** topol has joined #openstack-dev14:38
*** matiu has joined #openstack-dev14:38
*** Ruetobas has joined #openstack-dev14:40
*** DinaBelova has quit IRC14:41
*** salv-orlando has quit IRC14:42
*** salv-orlando has joined #openstack-dev14:42
*** dkehn_ has joined #openstack-dev14:42
*** xga has joined #openstack-dev14:43
*** anteaya has joined #openstack-dev14:43
*** dtyarnell has joined #openstack-dev14:43
*** changbl has joined #openstack-dev14:44
*** prekarat1 has joined #openstack-dev14:44
*** Ruetobas has quit IRC14:45
*** prekarat has quit IRC14:45
*** dkehn has quit IRC14:45
*** avishay has joined #openstack-dev14:45
*** xga_ has quit IRC14:46
*** lbragstad has joined #openstack-dev14:47
*** changbl has quit IRC14:48
*** Ruetobas has joined #openstack-dev14:49
*** JordanP has quit IRC14:50
*** rnirmal has joined #openstack-dev14:50
*** dolphm has quit IRC14:51
*** datsun180b has joined #openstack-dev14:51
*** AlexF has quit IRC14:51
*** FunnyLookinHat has joined #openstack-dev14:53
*** dolphm has joined #openstack-dev14:54
*** dolphm has quit IRC14:54
*** bashok has quit IRC14:55
*** toabctl has quit IRC14:55
*** odyssey4me has quit IRC14:56
*** bashok has joined #openstack-dev14:56
*** xga_ has joined #openstack-dev14:56
*** Ruetobas has quit IRC14:58
BobBallbigmstone: I think the impl is in sqlalchemy/api.py14:59
*** xga has quit IRC15:00
*** reidrac has quit IRC15:00
*** tkammer has quit IRC15:00
*** changbl has joined #openstack-dev15:00
*** dnoll has quit IRC15:01
*** dolphm has joined #openstack-dev15:01
*** changbl has quit IRC15:01
BobBallbigmstone: but I'm not sure about the proposed-fix... it looks like it should still be metadetails according to sqlalchemy/models.py15:01
*** JordanP has joined #openstack-dev15:01
*** Ryan_Lane has joined #openstack-dev15:02
*** jvrbanac has joined #openstack-dev15:02
*** lyncos has joined #openstack-dev15:03
bigmstoneBobBall: out of curiosity and based on that bug report it seems like xen support is falling off? Would I be better suited running KVM?15:04
BobBallno! :)15:04
BobBallXen support is definitely not falling off15:05
bigmstoneOkay, just got that vibe from the comments.15:05
BobBallJohn's view is that we should continue with XenAPI support but possibly pull the aggregate support (i.e. individual hosts can be put in the cloud, but not as a XenServer pool)15:05
BobBallthat'd work fine for everything except shared storage15:05
BobBallnow that we've got xen storage motion, the reasons for shared storage are reduced in any case15:06
BobBallAFAIK KVM doesn't have an equivalent to the XenServer pool support? so it'd just be dropping a feature that KVM doesn't have anyway15:06
BobBallbut no, Xen support is not going anywhere15:06
*** Ryan_Lane has quit IRC15:06
bigmstoneOkay, that makes sense. It's just for my use case I /need/ pool support >:X15:07
BobBallI mean it is not decreasing - we are actively working on improving it15:07
*** adalbas has quit IRC15:07
BobBallCould you explain a little more on why?15:07
*** egallen has quit IRC15:07
BobBalljust so that I've got more details to counter John's suggestion15:07
*** briancurtin has quit IRC15:07
*** Mandell has quit IRC15:07
bigmstoneSure. We're offer VDI to customers as well as hosted services. VDI is conducted with XenDesktop which interacts with the pools.15:07
BobBallGood reason ;)15:08
*** changbl has joined #openstack-dev15:08
*** sushils has joined #openstack-dev15:08
*** Mandell has joined #openstack-dev15:08
*** garyk has quit IRC15:08
bigmstoneThe hosted servers are done through OpenStack, or would be.15:08
bigmstoneTo give customers their own pane through which to manage resources.15:08
*** Ryan_Lane has joined #openstack-dev15:09
BobBallunderstood15:09
BobBallI'm planning to increase the support for pools btw15:09
BobBallrather than deprecate them15:09
BobBall:)15:09
bigmstoneThat would be awesome. And I would like to contribute as much as I can. Just will take time for me to get used to how things are done in OS.15:10
BobBallthat's why I want to help you fix things here15:10
*** Ruetobas has joined #openstack-dev15:10
*** egallen has joined #openstack-dev15:10
bigmstoneHopefully as my team grows I can add more developers and support it and test it.15:11
bigmstoneI am just trying to find a happy stable ground for a new arch. launch in December.15:11
*** bashok has quit IRC15:11
BobBallSounds good15:12
BobBallI'm/we're more than happy to help you work through the aggregate stuff and get fixes committed - feel free to email openstack@citrix.com too with questions15:12
*** Mandell has quit IRC15:12
*** bashok has joined #openstack-dev15:12
ekarlsodtroyer: here mate ?15:12
*** sandywalsh has quit IRC15:12
bigmstoneBobBall: do you work with Citrix?15:13
bigmstoneor for them rather.15:13
BobBallI do15:13
BobBallI'm on the XenAPI OpenStack integration team ;)15:13
ekarlsoBobBall: does citrix actually have folks working on openstack still ? :p15:13
*** wink_ is now known as wink15:13
bigmstoneAh. Well this all makes more sense then.15:13
ekarlsothought they all left or where put to other tasks :o15:13
*** wink has quit IRC15:13
*** wink has joined #openstack-dev15:13
BobBall*grin* ekarlso15:13
BobBallnah - I've been doing OpenStack for over a year myself15:14
ekarlsoBobBall: one man army or ? :p15:14
BobBalland no chance I'm stopping!15:14
*** sandywalsh has joined #openstack-dev15:14
bigmstoneBobBall: do you work with cloudstack too or that other teams?15:14
BobBallActually i'm the OpenStack/XenServer integration team lead15:14
BobBallI don't touch cloudstack15:14
ekarlsoBobBall: how many guys are you ?15:15
BobBallhttp://www.stackalytics.com/?release=havana&metric=commits&project_type=openstack&module=&company=citrix&user_id=15:15
BobBallAll open15:15
danpbekarlso: stackalytics can answer that kind of contribution question .... http://stackalytics.com/?release=havana&metric=commits&project_type=openstack&module=&company=citrix&user_id=15:15
BobBalljust three have committed code to OpenStack15:15
danpbBobBall: snap !15:15
BobBallhaha15:15
*** jtomasek has quit IRC15:15
*** mrodden has quit IRC15:15
BobBallbut Euan's been working on something that I think is very important to OpenStack too15:15
BobBallxenserver-core - the ability to run xenserver-like system from a base CentOS or Ubuntu install rather than needing to install XenServer on a raw system15:16
*** otherwiseguy has quit IRC15:16
BobBallHe'll be making more contributions for IceHouse that's for sure15:16
*** o_petit has quit IRC15:16
ekarlsoBobBall: like running stuff directly on dom015:16
ekarlsowould be mega cool15:16
ekarlsoinstead of having vm's ...15:16
BobBallthat's right ekarlso15:17
ekarlsowhich makes it suck :p15:17
BobBallin fact we're only one devstack patch away from that working fully15:17
BobBallit works for nova but devstack tries to remove python-lxml which in turn removes Xen which puts a bit of a dampner on running VMs...15:17
*** devoid has joined #openstack-dev15:17
BobBallunfortunately the fix for devstack is to put _everything_ in a global venv so we don't get conflicts between python-lxml and the pip installed version, so it's a big change15:18
*** viraptor has quit IRC15:18
ekarlsoBobBall: so, you can do xenserver on ubuntu basically or ?15:18
BobBallyup ekarlso15:18
*** corXi has quit IRC15:18
*** devoid has quit IRC15:18
ekarlsoBobBall: and how will that be in terms of support etc? :p15:18
*** devoid has joined #openstack-dev15:18
BobBallekarlso: http://www.xenserver.org/discuss-virtualization/virtualization-blog/entry/building-xenserver-core.html15:18
*** danwent has joined #openstack-dev15:19
BobBallI know it says ubuntu might "surprise you" but unofficially it works - just some minor niggles being ironed out at the moment15:19
*** devoid has quit IRC15:19
BobBallwe've had demos of VMs being live migrated under openstack from a CentOS xenserver-core host to a Ubuntu xenserver-core host15:19
ekarlsoBobBall: eta ? :p15:19
*** venkatesh has quit IRC15:19
BobBallweeks I imagine15:19
ekarlsooooh15:19
*** briancurtin has joined #openstack-dev15:19
ekarlsoI know some people here locally that would be interested in that :p15:20
BobBallwell - weeks before we have RPMs/debs hosted that you can install and play with15:20
BobBallyou can already play with xenserver-core on centos - but the released version doesn't quite work with openstack15:20
BobBallyou need some extra hacks15:20
*** diogogmt has joined #openstack-dev15:20
ekarlso:/15:20
ekarlsobut BobBall how's the support with that ?15:21
BobBallThat's what I'm working on removing :)15:21
BobBallThis is all preview stuff - it doesn't have an official Citrix support story yet15:21
BobBallbut it will all be built from the same code15:21
BobBallso it goes through the same QA etc15:21
*** dstanek has joined #openstack-dev15:22
BobBallin fact, we're targeting the next release of XenServer to fully include the xenserver-core binaries rather than building the two seperately from the same sources15:22
BobBall(they aren't currently the same sources - working through some merging efforts ATM too)15:22
dtroyerekarlso: yo15:23
BobBallhttp://xenserver.org/blog/entry/tech-preview-of-xenserver-libvirt-ceph.html is the preview that I mentioned - but instead of the 0.3 packages use "latest" from http://xenbits.xen.org/djs/xenserver-core-latest-snapshot.x86_64.rpm (referenced from the mailing list message https://lists.xenserver.org/sympa/arc/xs-devel/2013-08/msg00027.html)15:23
*** tvb has joined #openstack-dev15:23
*** tvb has quit IRC15:23
*** tvb has joined #openstack-dev15:23
ekarlsodammit BobBall15:24
*** cjellick has joined #openstack-dev15:24
BobBallI've got some even newer code internally - with one annoying bug which means I can't start VMs - but when that's fixed I'll be trying to get some more RPMs published at which point it'll be way more complete and I'll be putting a blog post15:24
ekarlsoyou cause me to use more time on stuff I shouldn't :p15:24
BobBall*grin* I would apologise, but I'm not sorry!15:24
BobBallI know I have to say it cuz I work for Citrix but I think the xenserver-core stuff is a very cool development for us15:25
*** oubiwann_ is now known as oubiwann15:26
*** ifarkas has quit IRC15:26
*** jmontemayor has quit IRC15:28
ekarlsoBobBall: does it include all the "xe" utility niceness as well ?15:28
*** pmathews has joined #openstack-dev15:29
BobBallyup15:29
BobBallDon't think it could be xenserver without xe!15:30
*** aditirav has quit IRC15:30
BobBallanyway - gotta brb15:30
*** bashok has quit IRC15:30
BobBallmeeting to go to!15:30
*** tvb has quit IRC15:30
ekarlsodtroyer: wondering15:30
*** bashok has joined #openstack-dev15:30
*** Ryan_Lane has quit IRC15:31
ekarlsoi'm wanting to setup docker as a HV for nova15:31
ekarlsowould one then setup the docker registry running inside of docker or o nthe outside for production ?15:31
dstanekdolphm: i was reading the deprecate-v2-api blueprint this morning - is it really to just log deprecation warnings?15:32
*** xga_ has quit IRC15:33
*** flaper87 is now known as flaper87|afk15:33
*** xga has joined #openstack-dev15:33
dolphmdstanek: for now, i think15:33
*** ruhe has quit IRC15:33
dtroyerekarlso: samalba is the one to ask there ^^^^^    my only experience with it is what we did in DevStack and Sam guided most of that15:34
ayoungdstanek, it is to tell people to stop coding the V2 api..I get questions about that all the time "is V3 ready?"15:34
dolphmdstanek: i'd like to have a v2<->v3 auth translation middleware soon, as that's the call we'll likely have to support for the longest time15:34
lyncosHi, Here we have a real big unique domain .. and when I instruct keystone to connect to one of my local DC .. keystone try to get the list of DC for my whole domain and take a random one in that list .. the problem is we have Dc all around the world and not all the firewall are open ... My question is there any way to make keystone aware of Active Directory Sites ?15:34
ekarlsosamalba: ping :D15:34
dolphmayoung: bknudson: ^ ?15:34
*** ruhe has joined #openstack-dev15:34
*** jvrbanac has quit IRC15:35
ayoungdolphm, write up a spec.  Sounds reasonable, but the devil is in the details15:35
dstanekdolphm: that sounds interesting - so that would keep the v2 auth calls, but just route them though v3?15:36
bknudsondolphm: we'd deprecate large part of v2 api, but leave auth part?15:37
*** edmund has joined #openstack-dev15:37
dolphmdstanek: yes15:37
*** msmedved has quit IRC15:37
dolphmdstanek: the v2 auth interface is a subset of v3's functionality, so it should be do-able15:38
dolphmbknudson: deprecate and kill the current code15:38
dstanekdolphm: why do you think that has to be around longer?15:38
dolphmdstanek: we have more clients that want to authenticate in the wild speaking v2 than we do administrative tools that need to use the rest of the v2 api15:38
*** jmontemayor has joined #openstack-dev15:38
dolphmdstanek: the core v2 api is tiny15:39
*** msmedved has joined #openstack-dev15:39
bknudsondolphm: it's the core v2 api that should not be deprecated and would be handled with middleware?15:39
*** egallen has quit IRC15:39
*** wink has left #openstack-dev15:39
dstanekdolphm: so first step is to deprecate and leave functional - then would we need a separate blueprint to actually remove the code?15:40
bknudsonthe calls would be translated to v3 calls15:40
dolphmbknudson: it would still be deprecated, i just think we'll need to have a longer deprecation cycle for the three calls on the public api15:40
lyncosAnyone can confirm my question about LDAP/AD15:40
lyncos?15:40
*** venkatesh has joined #openstack-dev15:40
dolphmdstanek: yes15:40
*** flaper87|afk is now known as flaper8715:41
bknudsonlyncos: the only thing in keystone LDAP behavior that I know of that's AD specific is the handling of user enabled mask.15:41
*** bdpayne has joined #openstack-dev15:41
dolphmdstanek: we have to release it as deprecated for two releases, so that'll be 7 months from now15:41
dolphmbefore we can delete it15:41
*** otherwiseguy has joined #openstack-dev15:41
bknudsonwe should refactor so that the v3 controllers aren't derived from v2 controllers15:42
lyncosbknudson hmm ok it find it wierd that when I connect to our proxy it's not getting the list of all DC and connect directly15:42
dolphmdstanek: err, that's a lie... i was thinking if we deprecated it at the end of a release cycle. it'll be 12 months from now15:42
bknudsonit's not an is-a relationship15:42
lyncosit's little strange15:42
dolphmbknudson: ++15:42
dstanekbknudson: absolutely15:42
dstanekbknudson: i'll probably have to do that anyway to deprecate the v2 controller methods15:43
bknudsondstanek: right, that's why I was thinking of it.15:44
*** athomas has quit IRC15:44
* dolphm p.s. if ya'll didn't notice... KEYSTONE IS OPEN FOR ICEHOUSE! w00t15:44
*** shinylasers has joined #openstack-dev15:44
*** iartarisi has quit IRC15:46
dimsdolphm, congrats! :)15:47
*** AlexF has joined #openstack-dev15:48
*** imsurit has quit IRC15:48
ttxdolphm: Glance too now. Publishing RC1 as we speak15:48
*** egallen has joined #openstack-dev15:48
lbragstaddolphm: ++15:48
*** oubiwann has quit IRC15:49
*** zhiyan has joined #openstack-dev15:49
bknudsondolphm: there's no stable/icehouse?15:49
*** jcoufal has quit IRC15:49
*** AlexF has quit IRC15:50
*** marun has quit IRC15:50
dolphmbknudson: not yet, we don't have anything to backport yet anyway :P15:50
bknudsontrying to figure out how to track backport of https://review.openstack.org/#/c/49272/15:50
*** Ryan_Lane has joined #openstack-dev15:50
dolphmbknudson: stable/havana will be branched from here https://github.com/openstack/keystone/commit/b6b1e30d3b8d8d89ddb6d26b201a2f767ef8366315:50
*** Javin has joined #openstack-dev15:50
*** ruhe has quit IRC15:50
*** thingee_zzz is now known as thingee15:51
*** jvrbanac has joined #openstack-dev15:51
*** bashok has quit IRC15:51
*** bashok has joined #openstack-dev15:52
dolphmbknudson: isn't some of this already in oslo.db?15:52
*** yassine has quit IRC15:52
bknudsondolphm: looks like oslo.db has a similar part.15:52
*** boris-42 has quit IRC15:54
*** mrodden has joined #openstack-dev15:55
*** jistr has quit IRC15:55
*** prad has joined #openstack-dev15:56
*** ema has quit IRC15:56
*** bashok has quit IRC15:56
*** bashok has joined #openstack-dev15:56
jaypipeshere comes the ttx email storm :)15:57
ttxjaypipes: still following glance bugs I see15:57
bknudsonhttps://github.com/openstack/oslo-incubator/blob/master/openstack/common/db/sqlalchemy/session.py#L604 vs https://github.com/openstack/keystone/blob/master/keystone/common/sql/core.py#L18815:57
jaypipesttx: yup :)15:57
*** martyntaylor has quit IRC15:58
BobBallbigmstone: Did you try replacing "metadetails" with "metadata"?  Inspection suggests it should work and https://github.com/openstack/nova/blob/master/nova/tests/objects/test_aggregate.py#L34 suggests that this translation is being performed elsewhere as well, vlaidating it.  I haven't tracked down _why_ the translation was added yet though...15:58
*** Ryan_Lane has quit IRC15:59
BobBalldansmith: ping!15:59
*** anniec has quit IRC15:59
bigmstoneBobBall: Will check and let you know what happens.15:59
bknudsondolphm: maybe could change keystone/common/sql/core.py into more of a wrapper around oslo.db until can get rid of it.15:59
dansmithBobBall: ack16:00
dolphmbknudson: git blame the author that brought in oslo.db during havana-3... there was more WIP around that already16:00
dolphmbknudson: probably something i held for icehouse16:00
*** jmontemayor has quit IRC16:00
BobBalldansmith: https://review.openstack.org/#/c/44966/ added some tests for aggregates which included a translation between "metadetails" and "metadata" - do you know why that translation was needed?16:00
dolphmbknudson: i'm poking through oslo for the mysql keep alive16:00
*** Ruetobas has quit IRC16:01
*** venkatesh has quit IRC16:01
*** jvrbanac has quit IRC16:01
dolphmbknudson: https://github.com/openstack/oslo-incubator/blob/master/openstack/common/db/sqlalchemy/session.py#L604-L61716:01
dansmithBobBall: because the sqlalchemy object uses metadetails, but we expose it as metadata in the new object16:01
BobBallI found the sqlalchemy bit - but where is the translation to the object?16:02
BobBallI'm clearly being blind because metadetails doesn't show up many times16:02
BobBall:D16:02
bknudsondolphm: the same fix I have in Keystone is proposed to oslo.db, but it uses oslo.db's _ENGINE rather than our GLOBAL_ENGINE.16:02
BobBalloh16:02
BobBallyes, I saw that bit, but I got confused16:02
BobBallin nova/objects/instance_group ?16:02
*** gyee has joined #openstack-dev16:03
*** Ruetobas has joined #openstack-dev16:03
bknudsondolphm: here's the fix in oslo-incubator16:03
bknudsonhttps://review.openstack.org/#/c/48733/4/openstack/common/db/sqlalchemy/session.py16:03
dansmithBobBall: that's where it's done for instance_group, but nova/objects/aggregate.py should be it16:03
* dansmith looks16:03
*** devoid has joined #openstack-dev16:04
dansmithhttps://github.com/openstack/nova/blob/master/nova/objects/aggregate.py16:04
dansmithBobBall: ^16:04
*** hemnafk is now known as hemna_16:04
BobBallhow the heck did I miss metadetails in that file?!?!16:04
BobBallthanks16:04
BobBallclearly my grep skills are rusty16:04
bknudsonwe could change keystone GLOBAL_ENGINE to be a ref to common.db.sqlalchemy.session._ENGINE16:04
dansmithBobBall: :)16:05
*** jasdeepH has joined #openstack-dev16:05
BobBall*shakes his head in dismay*16:05
*** portante is now known as portante|afk16:06
exedhi, i know it is not a 100% related dev question, but i think i could get the best answer here ;)  I'm trying to debug the ovs network, because it is currently really slow 20mbs. how do you debug the network layer in openstack especially ovs? i have checked all ports/interfaces for any kind of rate limiting and it is not set. also I'm sure that it is not related to the network setup at all(switches, bare metal, …). any idea16:07
exedplease :)16:07
*** AlexF has joined #openstack-dev16:07
*** Ruetobas has quit IRC16:07
BobBallbigmstone: dansmith just pointed me to the evidence as to why renaming metadetails to metadata in the xenapi driver is the right fix: https://review.openstack.org/#/c/43157/16:07
lyncosexed we only got 2gbit/sec on OVS with virtio drivers16:08
lyncosOn a 20Gbit/s network16:08
lyncosthat number is per VM16:08
bigmstoneBobBall: Cool. Here's hoping it doesn't just uncover a new trace.16:08
* bigmstone is not hopeful.16:08
lyncosIf you not using virtio you it's will probably be slow16:08
*** cjellick has quit IRC16:09
*** prad has left #openstack-dev16:09
exedlyncos: i will double check this but I'm pretty sure, that the images we use make use of virtio drivers.16:09
*** prekarat1 has quit IRC16:10
*** markmc has quit IRC16:10
lyncosthat's the only thing I see right now... you can also check in the kvm command line if you see it's using virtio16:12
*** prekarat has joined #openstack-dev16:12
lyncosI mean on your compute node16:12
*** colinmcnamara has joined #openstack-dev16:12
*** jpich has quit IRC16:12
exedlyncos: sure.16:12
*** bashok_ has joined #openstack-dev16:12
*** changbl has quit IRC16:12
*** jvrbanac has joined #openstack-dev16:13
*** egallen has quit IRC16:13
*** AlexF has quit IRC16:13
*** Ruetobas has joined #openstack-dev16:13
*** Dr_Who has quit IRC16:13
*** Dr_Who has joined #openstack-dev16:16
*** nermina has quit IRC16:16
exedlyncos: you really made me think to fucked up the virtio part but i double checked that, it works fine. thanks for your help i tried another compute node and can now say it is only one compute node. thanks a los16:16
*** bashok has quit IRC16:16
exeds/los/lot/16:16
*** cjellick has joined #openstack-dev16:16
*** salv-orlando has quit IRC16:17
*** salv-orlando has joined #openstack-dev16:17
*** xqueralt has quit IRC16:17
*** Ruetobas has quit IRC16:18
*** jvrbanac has quit IRC16:19
*** SergeyLukjanov has quit IRC16:20
*** egallen has joined #openstack-dev16:20
*** bashok_ has quit IRC16:21
*** bashok_ has joined #openstack-dev16:21
lyncos:-)16:21
lyncosI'm glad this helps16:21
*** ArcTanSusan has joined #openstack-dev16:22
*** alunduil has joined #openstack-dev16:22
*** safchain has quit IRC16:23
*** Ruetobas has joined #openstack-dev16:23
*** galstrom_zzz is now known as galstrom16:23
*** Dr_Who has quit IRC16:25
*** prekarat has quit IRC16:25
*** angdraug has joined #openstack-dev16:25
ayoungdansmith, so..yesterday you pointed me at nova.compute.manager  as the place to inject  some logic done on host create.  I assume that is run in the nova-compute server.  The methods on it are called via the RPC from the scheduler?16:27
*** o_petit has joined #openstack-dev16:27
dansmithayoung: yeah16:27
ayoungdansmith is "host" in there the VM?16:27
mroddeninstance == VM16:28
*** sandywalsh has quit IRC16:28
dansmithayoung: no, that's referring to the compute host16:28
ayoungdansmith, and lifecycle_events?16:28
ayoungah..so init_host starts up the compuet instance, and then calls _init_instance on each instance it knows about.16:29
dansmithayoung: no, init_host and init_instance are only called during compute startup (like when you boot the physical host)16:29
*** qba73 has quit IRC16:30
ayoungdansmith, right...so I wonder if this is not the right place to do work that needs to be done on initializing a new VM.16:30
*** dtyarnell has quit IRC16:30
ayoungSeems like it is more start or stop existing definitions, but does not build one from the image.16:31
*** ausxxh has joined #openstack-dev16:31
*** o_petit has quit IRC16:31
ayoungoh..wait...16:31
* ayoung still learning this code base16:31
*** exed has quit IRC16:32
*** dmakogon_ipod has joined #openstack-dev16:32
ayoung_run_instance16:32
*** mmagr has quit IRC16:33
dansmithayoung: yeah, something in/around run_instance is what you're looking for16:33
ayoungdansmith, so what happens here in manager, is it handles a long running task on one (green)thread?16:34
ayoungand then sends back "ok, what's next?"16:35
*** bvandenh has quit IRC16:36
*** dmakogon_ has joined #openstack-dev16:36
*** JordanP has quit IRC16:36
dansmithayoung: yes, manager is a bunch of greenthreads16:36
*** alop has joined #openstack-dev16:36
ayoungdansmith, so build_and_run_instance is tagged as syncronized.  I assume that means all of that is in one new greenthread?16:37
*** prekarat has joined #openstack-dev16:37
*** bashok_ has quit IRC16:37
*** bashok_ has joined #openstack-dev16:38
*** dmakogon_ipod has quit IRC16:38
dansmithayoung: AFAIK, the threads are created by the RPC layer, so every incoming request over RPC is a new thread16:38
*** marun has joined #openstack-dev16:39
*** decede has quit IRC16:39
*** emagana has joined #openstack-dev16:39
mroddensyncronized is a decorator that acquires a lock name before the function can run16:39
ayoungmrodden, thanks.16:39
mroddenbuild_and_run_instance should be a lock per instance name16:39
mroddenand i believe they run in python threads... but that is all controlled at the RPC level as dansmith pointed out16:40
ayoungmrodden, I'm bascially trying to register a new VM with LDAP/enroll it in Kerberos as part of the spawn process16:40
ayoungso I need to make an additional RPC type call to create the entry in LDAP16:40
mroddensorry16:40
mroddengreenthreads16:40
ayoungmrodden, so I am trying to figure out if I should be doing this in the compute manager, or external to is16:41
ayoungto is16:41
ayoungah16:41
mroddenuh16:41
ayoungto *it*16:41
*** tvb has joined #openstack-dev16:41
mroddencan't you just poll at the API level until its spawned and then do the logic externally to nova?16:41
dansmithmrodden: +116:42
*** dmakogon_ has quit IRC16:42
mroddenseems easier...16:42
ayoungmrodden, I need to inject instance specific data into the VM and I don't want the user doing that...want it managed by the system16:42
*** MaxV has quit IRC16:42
*** dmakogon_ipod has joined #openstack-dev16:42
*** exed has joined #openstack-dev16:42
ayoungmrodden, it seems easier to you, but the devil is in the details.16:42
mroddenif your application is doing the spawn, you can control the user-data input with teh spawn request16:43
ayoungmy "application" is Horizon16:43
mroddenok16:43
ayoungmrodden, I want to syncronize the VM name with DNS16:44
ayoungso when I create a new VM, I need custom user-data.  Very ugly16:44
*** adalbas has joined #openstack-dev16:45
ayounginstead, I want to generate an event that converts the VM name to the host name, registers it with LDAP, and generates a One Time password to register the host once it is up and running16:45
*** dtyarnell has joined #openstack-dev16:45
ayoungI need the hook16:45
*** xga has quit IRC16:45
lyncosHey guys .. I wan to change keystone code .. the ldap part .. where I should start (i'm not a great coder)16:45
ayoungI suspect that custom workflow upon VM creation is pretty common16:45
mroddenyeah its not meant to be "user" facing TBH, its just the name of the data that gets handed to the VM16:45
*** Ryan_Lane has joined #openstack-dev16:45
ayounglyncos, you start by telling me what you want to do...16:45
*** tvb has quit IRC16:46
lyncosayoung .. keystone with Activedirectory seems to ask to DNS server the liste of all DC available on my domain.. even if I specify  ldap://someserver  it's using server from the DNS list...16:46
ayoungmrodden, understood, but the horizon UI and the CLI need to be unified in their approach.  I'd rather not tell people "no web ui, and you have to use a custom UI tool"16:46
lyncosthe problem is .. It's binding to one server and do the ldapsearch on another server16:46
*** bashok_ has quit IRC16:46
lyncosso the ldapsearch fail because it see no binding16:46
lyncosI want to get rid of that 'dns' lookup function16:46
mroddenayoung: but you could write a horizon plugin that generates the user-data part16:47
ayounglyncos, DNS server?  That is not Keystone...16:47
lyncosand always connect to the server specified in ldap:// line16:47
*** FatDarrel has joined #openstack-dev16:47
*** bashok_ has joined #openstack-dev16:47
lyncosKeysone do a DNS request16:47
ayoungmrodden, nope, cuz I need it from the CLI too16:47
dansmithayoung: the CLI and horizon are completely different layers in the stack16:47
mroddenthey both operate through the REST API and accept user-data16:47
ayoungdansmith, yes, which is why I am trying to unify the approach16:47
dansmithayoung: and this belongs in horizon or whatever your high-level application is, IMHO16:47
lyncosit ask   DomainDnsZones.my.domain16:47
*** alop_ has joined #openstack-dev16:47
ayoungdansmith, no.  This is more fundamental than that16:47
lyncosthen it use an ip from that list16:48
*** SumitNaiksatam has quit IRC16:48
lyncosI did strace + tcpdump to figure this out16:48
*** afazekas_no_irq has joined #openstack-dev16:48
*** egallen has quit IRC16:48
ayounglyncos, wierd16:49
*** SergeyLukjanov has joined #openstack-dev16:49
*** ArcTanSusan has quit IRC16:49
mroddenyeah i dont really understand why you would want to bind all this stuff into the compute manager16:49
ayoungthe ldap server is specified in the config file and passed through verbatium to keystone/common/ldap/core.py16:49
lyncosayoung it's doing it for user-list  but not for role-list or tenant-list16:49
mroddennova just spins up VMs and injects the data you pass on the API to it16:49
*** alop has quit IRC16:50
*** alop_ is now known as alop16:50
ayoungmrodden, I want it done whenever a vm is kicked off, anywhere in a cloud deployment.  DNSaaS and Single sign on16:50
ayounglyncos, hmmm...what version of Keystone are you running?16:50
lyncosii  python-keystone                  1:2013.1.3-0ubuntu1~cloud0           OpenStack identity service - Python library16:51
ayoungmrodden, and injects ssh keys into them, doesn't it?  THat is SSO, just hardcoded to a very specific scheme16:51
lyncosI used the deb pack16:51
mroddenyeah thats kind of legacy stuff, used for compat. with the way amazon does stuff16:51
mroddenhmm16:51
ayounglyncos, hmmm...role-list and tenant-list are all handled by the same code16:52
lyncosSo this is strange16:52
ayounglyncos, it sounds like DNS might be screwy for your set up16:52
lyncoswhen i'm using an ldap proxy ... it dosen't do that DNS request16:52
lyncosI really don't know why16:52
*** tmclaugh[work] has quit IRC16:53
*** sarob has joined #openstack-dev16:53
lyncosand now.. I really don't know how to do it.. we have a pretty big AD (6000 users)16:53
lyncosand many sites16:53
*** sandywalsh has joined #openstack-dev16:54
ayounglyncos, so  you are saying it is the code running in the Keystone server that does the DNS lookup and gets the wrong server.  YOu are sure it is not happening from the proxy instead?16:54
*** Mandell has joined #openstack-dev16:54
lyncosI'm sure of nothing ... but when I do a user-list connected to an windows DC .. I see a DNS request from my 'keystone' server  only keystone running on that server16:54
*** tstevenson has joined #openstack-dev16:55
*** alexrudenko has joined #openstack-dev16:55
lyncosI'm also not a windows guy at all16:55
*** bashok_ has quit IRC16:55
*** emagana has quit IRC16:55
*** vkmc has joined #openstack-dev16:55
*** vkmc has quit IRC16:55
*** vkmc has joined #openstack-dev16:55
lbragstaddolphm: updated the description for unified logging in the keystone release notes. Let me know if you want anything changed... https://wiki.openstack.org/wiki/ReleaseNotes/Havana#Key_New_Features_516:55
ayoungmrodden, yeah, so instead of depending on SSH keys, I want the machine in the LDAP server.  There is a registration handshake.  If I need a Horizon plugin to do it, fine, but I would also need a comparable CLI plugin.  And, it means I have to take over the User-data for this.  I'd rather leave the server data alone or just add the OTP into it.16:56
lyncosayoung maybe it's the ldap lib that does that ?16:56
ayounglyncos, well, the keystone server needs to resolve the ldap hostname16:56
ayoungthe url is ldap://hostname/16:56
ayoungyou could probably put an IP address in there16:57
lyncosI did try that16:57
lyncosI did put the logging here16:57
lyncoshttp://paste.openstack.org/show/47844/16:57
ayoungbut it looks like your DNS server is set up to respond maybe round robin or something, with one of the IP addesses being bogus?16:57
ayounglyncos, so, lets take Keystone out of the equasion.  Try an LDAP search from the command line instead16:57
lyncosok will try let me figure out how to do it16:58
mroddenayoung: yeah thinking about it, not sure what the best solution would be, although i think something like a python-novaclient plugin would work16:58
ayounglyncos, OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece', 'desc': 'Operations error'}16:58
*** Alexei_987 has quit IRC16:59
lyncosYeah16:59
ayoungmrodden, but then that needs to be distributed to everyone16:59
ayoungmrodden, I want it server side16:59
lyncosbit seems to be successfuly binded to another server .. let me test the ldapsearch16:59
ayounglyncos, are you doing anonymous?16:59
*** vuil has joined #openstack-dev16:59
lyncosWhat you mean anonymous ?16:59
lyncoswithout a user ?16:59
lyncosto bind17:00
ayounglyncos there is a manager DN used to talk to the server17:00
ayoungthe LDAP config options are...17:00
lyncosyou mean that line ?  user =17:00
ayounghttps://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L32017:00
ayounguser = ...17:00
ayoungpassword = ...17:01
lyncosyeah i'm using a specific user . . that works on the ldap proxy17:01
*** danwent has quit IRC17:01
*** fbo is now known as fbo_away17:01
ayoungyou can leave the password off, and then it will attempt to do everything without a bind.  LDAP is usally usable that way17:01
ayounglyncos, do you have Read/Write privs on the AD server?  I'd be surprised if you did17:01
lyncosI won't be able to write ?17:01
lyncosI have write privs to my 'cloud' OU17:02
lyncosand should be able to get the user list17:02
ayounglyncos ok, you should be good17:02
lyncosit works on the proxy17:02
ayounglyncos, the LDAP user that executes the commands get validated by a bind based on the [LDAP] values there17:02
*** carl_baldwin has joined #openstack-dev17:03
ayoungif you left off password, it is anonymous17:03
*** amerine has joined #openstack-dev17:03
lyncosbut anonymous I'll be unable to write to ldap right ?17:03
ayounglyncos, https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L23217:03
*** davidhadas_ has quit IRC17:04
ayounglyncos, I should hope so.  Anonymous writes to LDAP are a frightening thought17:04
*** tstevenson has quit IRC17:04
lyncosyeah17:04
lyncosok let me try anoymus reads17:04
*** kmartin has quit IRC17:05
*** yjiang5 has quit IRC17:05
lyncosI got same error17:05
lyncosIn order to perform this operation a successful bind must be completed on the connection.17:05
lyncoswith user and password lines commented out in keystone.conf17:05
lyncosstrange it's not trying the 23 other dc now17:06
lyncosonly when I uncomment   user and password line17:06
*** sarob has quit IRC17:07
*** sarob has joined #openstack-dev17:07
ayounglyncos, if user and password are both set, it attempts to bind when creating the connection.  I think you need to use a valid DC for the user and a valid password in order to connect.  What you have had so far has been anonymous, which is failing when you try to write17:08
lyncosI didn't try to write yet17:08
*** tmclaugh[work] has joined #openstack-dev17:08
*** DinaBelova has joined #openstack-dev17:09
lyncosWhen I'm doing role-list .. it's also doing the 'DNS' Request17:10
*** harlowja has joined #openstack-dev17:10
lyncosbut I get different stuff17:10
lyncosI get error17:10
lyncoswoah it's fucked up17:10
*** Qu310 has quit IRC17:10
lyncosit's asking for    dc01.mydomain.com.mydomain.com17:10
*** Qu310 has joined #openstack-dev17:11
lyncosbut it try mydomain.org after17:12
lyncosthen I get the full list17:12
lyncosof my dc17:12
*** dkranz has quit IRC17:12
*** sarob has quit IRC17:12
*** xqueralt has joined #openstack-dev17:13
*** venkatesh has joined #openstack-dev17:16
*** exed has quit IRC17:16
*** ygbo has quit IRC17:17
*** SumitNaiksatam has joined #openstack-dev17:18
*** bashok has joined #openstack-dev17:18
*** diogogmt has quit IRC17:20
*** emagana has joined #openstack-dev17:22
*** AlanClark has joined #openstack-dev17:23
*** yjiang5 has joined #openstack-dev17:27
*** diogogmt has joined #openstack-dev17:28
*** dkranz has joined #openstack-dev17:29
*** kmartin has joined #openstack-dev17:29
*** tvb has joined #openstack-dev17:30
*** nermina has joined #openstack-dev17:31
lyncosayoung: OK i did the ldapsearch command .. and it works with it17:32
lyncoswith same credentials17:32
*** emagana has quit IRC17:32
*** sarob has joined #openstack-dev17:32
lyncosand I don't see that DNS request17:32
*** exed has joined #openstack-dev17:32
lyncosOk let's try to do the ldapsearch to another DC17:33
*** DennyZhang has quit IRC17:34
*** dkehn_ is now known as dkehn17:35
*** kbrierly has joined #openstack-dev17:35
*** sarob has quit IRC17:36
*** fbo_away is now known as fbo17:37
*** comay has joined #openstack-dev17:38
*** Javin has quit IRC17:39
*** melwitt has joined #openstack-dev17:39
lyncosayoung :  do you think this could be related:    https://projects.xivo.fr/issues/379517:41
*** venkatesh has quit IRC17:41
ayounglyncos, looking17:41
lyncosnot for keystone but seems to be with python-ldap17:41
ayounglyncos, quite possible.  Can you open a bug to track this issue?17:42
lyncosat keystone level ?17:42
*** davidhadas has joined #openstack-dev17:42
ayoungeven if it proves to be a config problem, having it in the system of record will help people diagnose17:43
ayounglyncos, yes, please17:43
lyncosOk will do it17:43
*** Dr_Who has joined #openstack-dev17:44
*** yolanda has quit IRC17:44
*** DennyZhang has joined #openstack-dev17:44
*** cdub has joined #openstack-dev17:45
ayounglyncos, so you can try his approach listed in the patches there.  If the first patch does the trcik, we can add that as a config option in keystone/common/config.py17:45
ayoungI'm not quite certain where we would apply his second patch, but somewhere in keystone/common/ldap/core.py ...probably the get function on the BaseLdap object I'm guessing17:46
*** lucasagomes has quit IRC17:47
*** flaper87 is now known as flaper87|afk17:48
*** cjellick has quit IRC17:52
*** boris-42 has joined #openstack-dev17:52
*** trey_h has joined #openstack-dev17:52
lyncoshttps://bugs.launchpad.net/keystone/+bug/123431917:55
uvirtbotLaunchpad bug 1234319 in keystone "Keystone with LDAP/AD backend problem" [Undecided,New]17:55
*** carl_baldwin has quit IRC17:55
lyncosayoung are you willing to help me test that patch ? as I'm a really poor coder17:57
ayounglyncos, well, I don't have AD17:58
ayoungso I can't reprodcue, but I can help you out17:58
*** danpb has quit IRC17:58
*** changbl has joined #openstack-dev17:58
ayounglyncos, my advice to you would be to spin up a VM and run devstack in it17:59
ayoungyou can disable all services but keystone and mysql, and add in ldap17:59
*** danwent has joined #openstack-dev17:59
lyncosdevstack and then connect to my AD ?17:59
ayoungthen change the ldap config to match what you have on your live server17:59
ayoungyep17:59
lyncoswould you need access to that devstack vm ? (sorry I don't know how this works)18:00
ayounglyncos, when you run devstack, if you tell it to do ldap, it will spin up openldap bey defualt18:00
ayoungme?  nah, you can do this yourself18:00
ayoungjust ask me questions18:00
*** devoid has quit IRC18:00
lyncosok devstack uses openldap instead of python-ldap right ?18:00
ayoungget the vm up, clone devstack and then ping me18:00
*** devoid has joined #openstack-dev18:00
ayoungno, it uses openldap as the server18:01
dolphmlyncos: python-ldap is a client lib18:01
*** flaper87|afk is now known as flaper8718:01
ayoungpython-ldap is still the client lib18:01
lyncosok instead of connecting to openldap I would put my ldap config  for ad18:01
lyncosright ?18:01
ayounglyncos, yeah18:01
lyncosok got it18:01
ayoungyou can copy the values over from your live server18:01
lyncosOk will grab food then I'll star that process18:02
ayounglyncos, devstack has a filethat you can modify the install:  localrc18:02
ayoungyou want to have the following line in there18:02
*** cjellick has joined #openstack-dev18:02
ayoungENABLED_SERVICES=key,mysql,qpid18:02
ayoungwell, you don't *need* qpid but that surpresses an errormessage18:03
ayoungENABLED_SERVICES=key,mysql,ldap18:03
ayoungand also18:03
ayoungLDAP_PASSWORD=test18:03
ayoungKEYSTONE_IDENTITY_BACKEND=ldap18:03
ayounglyncos, with those values, if you run devstack, you will be able to test LDAP capabilities first off.  TO include running the unit tests against a live server18:04
*** sarob has joined #openstack-dev18:05
*** venkatesh has joined #openstack-dev18:05
lyncosDo I really need devstack .. the thing is that my live server is not 'prod' yet so we can do the changes directly on it.. but if you need stuff included in devstack I will do it18:06
ayounglyncos, you need a git repo and the keystone source.18:09
ayoungYou can do it without devstack if you want.  devstack just makes it a little easier.18:09
ayoungI'd leave the live server there to compare against18:09
*** sarob has quit IRC18:09
ayoungdevstack will do all sorts of pip installs which might conflict with other stuff you are doing on your laptop.18:10
ayoungtypically not a great idea....I should know, I do it all the time18:10
lyncosok np installing devstack in virtualbox right now18:10
lyncosat the same time it will give me an introduction into reporting bugs and testing stuff ... (I told you I'm not a good coder)18:11
ayounglyncos, <yoda>you will be...you will be</yoda>18:15
*** nermina has quit IRC18:16
lyncos;-)18:17
lyncosby the way thanks for helping with that issue.. I'm on it for 2 days right now18:17
lyncosAnd the windows team here is not that helpful18:17
lyncosIf there is no checkbox they cannot help :-)18:18
*** venkatesh has quit IRC18:18
ayounglyncos, this is where I look down at the T-Shirt I am wearing, which is a simulated BSD and the text "The fatal exception 0E has occurred (again!) at 0000:0110 in Windows MAIN(01), it may be possible (however unlikely) to continue."18:19
*** chenxu has joined #openstack-dev18:21
lyncosI'm almost done with my vm.. will just need to install devstack...18:21
*** Mandell has quit IRC18:21
*** Mandell has joined #openstack-dev18:22
*** alexrudenko has quit IRC18:22
*** armax has joined #openstack-dev18:23
*** martine has joined #openstack-dev18:23
*** martine is now known as Guest5262818:23
*** RajeshMohan has quit IRC18:24
ayoungmrodden, so, it seems to me that there is a need for custom operations in the VM creation pipeline.  Something that can be done at the deployment site that is done out of tree, but that gets all of the context send to Nova.  Something like we have in the paste config pipelines:  here is a list of components that get a swing at the VM creation, call each one in turn.18:24
ayoungwith the default being the computer manager18:25
mroddenthe problem is that isn't really a VM config problem18:25
mroddenits an application (where the application is the OS on the VM) configuration problem18:25
*** ekolve has joined #openstack-dev18:25
*** tmclaugh[work] has quit IRC18:25
mroddenfor example the savana(sp?) project is a horizon plugin that allows one to spin up a hadoop cluster18:26
ayoungmrodden, well, sort of.  It really is a trust problem, and the system needs to be managed by trusted components18:26
mroddenthey don't have any changes to nova18:26
*** Mandell has quit IRC18:27
ayoungmrodden, that is because they are not doing general purpose VMs18:27
ayoungthey are usering Nova18:27
mroddenif its a trust problem i dont think a modifiable pipeline will help the issue18:27
*** ekolve has left #openstack-dev18:27
ayoungmrodden, really, I need a notification that a new VM creation event has come in.18:28
*** Mandell has joined #openstack-dev18:28
ayoungand then I need to inject a custom file based on that event18:28
mroddenon every VM?18:28
ayoungmrodden, I would probably scope it to projects, but yes18:29
ayoungmrodden, I would want to know the vm name and the project for that vm for any vms created in my cloud18:29
*** mlavalle has joined #openstack-dev18:29
ayoungmrodden, I'm setting up Single Sign On.18:29
mroddenyes i get that18:29
ayoungSo,  I might do different logic based on, say windows versus linux18:30
*** carl_baldwin has joined #openstack-dev18:30
ayoungbut Nova doesn't need to know that18:30
*** johnthetubaguy has quit IRC18:30
*** sdake has quit IRC18:30
mroddenif i had to do it i would have an image i would deploy with a chef-client that could check the user-data for private validation info and handshake with LDAP18:30
mroddenthen do all the other necessary setup18:30
*** sdake has joined #openstack-dev18:30
ayoungmrodden, I would need one image per vm then18:31
ayoungcuz each has a different OTP18:31
ayoungand chef / puppet is just kicking the problem down the raod18:31
ayoungroad18:31
lyncosok im ready to deploy devstack :-)18:31
*** Guest52628 has quit IRC18:31
mroddenshouldn't that be passed in the user data18:31
mroddenthe OTP18:31
lyncoslocalrc file should be in the devstack folder right ?18:31
ayounglyncos, See my above comment18:31
ayoungmrodden, but then there is no link between the host name and the OTP18:32
ayoungmrodden, when I create the LDAP entry for the host, I generate the OTP and link it to the hostname18:32
*** jmontemayor has joined #openstack-dev18:33
mroddenyes... the VM has control over its own hostname does it not?18:33
lyncosayoung which comment sorry I missed one18:33
ayoungmrodden, yes, but in order for it to be able to update DNS, the LDAP server needs to trust that VM18:33
ayounglyncos, one sec...18:33
mroddenthe OTP is your private info that the VM has to auth to the LDAP18:33
ayounglyncos, devstack has a file that you can modify the install:  localrc18:33
*** alunduil has quit IRC18:33
ayoungENABLED_SERVICES=key,mysql,ldap18:34
ayoungKEYSTONE_IDENTITY_BACKEND=ldap18:34
lyncosyeah I did move it from samples to devstack root and added these lines18:34
*** chenxu has quit IRC18:34
ayounglyncos, cool18:34
ayoung./stack.sh18:34
lyncosdoing it right now18:34
*** nermina has joined #openstack-dev18:34
*** devoid has quit IRC18:34
*** tmclaugh[work] has joined #openstack-dev18:35
ayoungmrodden, yeah.  it is really One Time Password:  if a second host attempts to use it, it is invalid18:35
lyncosby the way it's ubuntu server 12.0418:35
ayounglyncos, should be good.  I think18:35
*** colinmcnamara has quit IRC18:35
lbragstadlyncos: might have issues with using qpid versus rabbit18:35
*** devoid1 has joined #openstack-dev18:35
lyncosI did not enable qpid18:35
lbragstadok18:35
ayounglbragstad, yeah, he can leave that line off.  devstack complains, but continues18:36
lyncosI guess no queue involved in my tests as I test keystone only18:36
*** dkranz has quit IRC18:36
ayounglyncos, that is correct18:36
*** zhiyan has quit IRC18:36
mroddenso 1) generate OTP/hostname pair in ldap 2) spin up nova VM with OTP/hostname in the user-data 3) agent on VM checks for user-data info and auths to LDAP18:36
lyncosbrb will leave stack.sh do it's job18:36
ayoungmrodden, that is basically the workflow.  What I want to do is automate it so that I don't need to distribute custom Horizon or Nova CLI applications to use it18:37
ayoungmrodden, I mean, I have it working from the command line.18:37
mroddenyes you could bypass the python-novaclient and use the REST API directly18:37
ayounghttp://adam.younglogic.com/2013/09/register-vm-freeipa/18:37
mroddenor extend novaclient18:38
ayoungmrodden, or extend nova server18:38
ayoungwhich is the right thing to do for policy that you want applied to all machines18:38
mroddenyes thats possible18:38
ayoungso I am trying to figure out A) how and B) can this be abstracted18:38
mroddenbut i think that when it comes to separation of concerns this is more at the application level18:38
mroddenits not applied to all machines18:38
ayoungyes, all vms18:39
mroddeni dont care about LDAP auth for any of my VMs18:39
ayoungmrodden, all VMs in a single cloud deployment18:39
mroddenyes18:39
ayoungmrodden, you should, but that is neither here nor there  :)18:39
mroddenexactly how one might consider a hadoop cluster a single cloud deployment18:39
*** cfriesen has joined #openstack-dev18:39
ayounga hadoop cluster is a subset of a single cloud deployment18:40
ayoungbut ... semantics18:40
*** briancurtin has quit IRC18:40
ayounghadoop needs to be able to log in to the VMs after they are spun up.  It can use the SSH key from nova, or it could use something else18:41
cfriesenlooking at the "evacuate" command, does it really make sense to have the admin be forced to specify whether instance files are located on shared storage?  This seems like something that should be represented within the instance itself so that the system can just do the right thing automatically.18:41
ayoungso, I see this as parallel to the "keypair" mechanism18:41
mroddenthats possible18:41
*** portante|afk is now known as portante18:41
mroddenSSH is less setup and more or less the simplest way to do secure auth to a VM18:41
mroddenthe "least common denominator" in a way18:42
bknudsonkeep your vms simple and just provide a web admin interface.18:43
*** DinaBelova has quit IRC18:44
*** sarob has joined #openstack-dev18:46
mroddeni'm not really the person that you would have to convince that its a good idea anyways :)18:46
ayoungbknudson, um...no.  Webadmin...not simple18:46
ayoungmrodden, I'm just trying to figure out where it would logically fit into the nova architecture18:46
bknudsondon't provide an admin interface, just respin the vm when need to reconfigure18:47
ayoungI would not want to couple Nova to FreeIPA, but I should be able to deploy the two together securely18:47
mroddenyou could ask more nova people, but i think that they will likely have the same response18:47
mroddennova is pretty complex already18:47
ayoungmrodden, I don't want to increase that complexity.  I suspect that some of it could be simplified into a pipeline, but I am not working heads down in Nova to really say18:48
*** dolphm has quit IRC18:48
*** pmcg_ is now known as pmcg18:48
ayoungmrodden, but it is the same kind of eventing as we are being asked for in Keystone:  tell me when a new VM is created is a lot like tell me when a new user is created18:49
ayoungcan I register for events?18:49
mroddennova does notifications18:49
lbragstadthe keystone notification I wrote is based off the same framework provided in nova18:49
mroddenbut you don't have any ability to alter the deployment process of the VM18:49
mroddenthats correct its essentially the same thing18:50
ekarlsoBobBall: here rstill ?18:50
ayoungmrodden, becasue by the time the event is fired, the user-data would have already been written....that may be OK18:50
mroddenlifecycle events for VMs are fed through the notifications18:50
mroddenwhich can be plugged into with a custom driver, or just fed out into an AMQP topic18:51
*** dkranz has joined #openstack-dev18:51
*** mjfork has quit IRC18:53
ayoungmrodden, so, really it comes down to the OTP.  If I get the notification that a new VM is generated, I need a way to get the OTP to that VM forthe general use case18:55
ekarlsosamalba: here ?18:56
lyncosOk devstack installed :-)18:57
lyncosI just don't know how to start up everything18:57
lyncoswhat are my credentials etc18:57
ayounglyncos, it is started18:57
ayoung. openrc18:57
ayoungkeystone token-get18:57
*** vipul is now known as vipul-away18:57
lyncosok works18:58
lyncosbut user-list dosen't18:58
ayoungnope18:58
ayounglyncos, echo $OS_USERNAME18:58
ayoungdem right?18:58
ayoungdemo18:58
lyncosoright18:58
lyncosright18:58
ayoungexport OS_USERNAME=admin18:58
ayoungkeystone user-list should now work18:58
lyncosworks !18:59
lyncosok cool now configuring ldap stuff18:59
ayoungthose values are set based on what you have in localrc18:59
lyncosah ok so if I want to know I can check that file18:59
ayounglyncos, you can start and stop keystone withoug redoing all of devstack18:59
ayoungscreen -x18:59
ayoungkeystone is usually screen 1 or 218:59
lyncosok cool19:00
ayounghttps://www.gnu.org/software/screen/manual/screen.html#Default-Key-Bindings19:00
*** sarob has quit IRC19:00
lyncosyeah I know how screen works :-)19:00
ayounghttp://aperiodic.net/screen/quick_reference19:00
ayoungI didn't19:00
lyncos:-)19:00
*** sarob has joined #openstack-dev19:00
ayoungI have to look at those every time19:00
lyncosyeah it's not easy19:00
ayounganyway, ctrl-C in the keystone screen will kill the server19:00
ayoungthe command used to kick it off is in history19:01
ayoungkeystone-all ....19:01
lyncosShould I thrash all the [ldap] section and replace it with mine ?19:01
*** danwent has quit IRC19:01
ayoungwell, back up the old one, but yes19:01
ayounglyncos, now, you might not have an admin user19:01
*** sarob has quit IRC19:01
*** venkatesh has joined #openstack-dev19:01
lyncosmy admin user will be in ldap right ?19:02
ayoungif you don't you can use the ADMIN_TOKEN value in the config file19:02
ayoungyep19:02
ayoungif you re-enable ADMIN_TOKEN you have to set a couple envvars to talk to keystone19:02
samalbaekarlso: here but going to leave in 2 minutes19:03
ayounglyncos, see https://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17#Initial_Keystone_setup19:03
ayounguse SERVICE_ENDPOINT and SERVICE_TOKEN19:03
ayounglyncos, that will bypass the ldap authorization, which might simplify troubleshooting for you19:04
lyncosright now ... I get the same error19:04
lyncoswith ldap .. which is good It hink19:04
ayoungyes19:04
lyncosI keep in mind the  SERVICE_? thing19:04
ayoungsounds good19:04
ayounglyncos, you know git?19:05
lyncosnot a lot19:05
lyncosim more used to svn19:05
ayounglyncos, well, your code is all in /opt/stack/keystone if you kept the defaults19:05
ekarlsosamalba: darn!19:05
lyncosok cool19:05
lyncosI see it nopw19:05
ayounglyncos, have you signed the CLA and all that?19:05
ekarlsoquestion: does one run docker-registry inside docker when doing nova and docker in production ?19:05
lyncosayoung I guess not19:06
lyncosCLA ?19:06
*** romcheg1 has joined #openstack-dev19:06
dkranzayoung: Can you give a +1, or not, to https://review.openstack.org/#/c/49017/1  ?19:06
ayounglyncos, you'll need to do that in order ofr us to accept any patches you write19:06
*** venkatesh has quit IRC19:06
ayoungdkranz, looking19:06
lyncosayoung any url I should start with ?19:06
ayounglyncos, yeah...one sec19:07
ayoungdkranz, is that true? There is no ID?19:07
*** cjellick has quit IRC19:08
dkranzayoung: I was hoping you could tell me that :)19:08
dkranzayoung: Because I was suspicious19:08
*** troytoman is now known as troytoman-away19:08
*** DinaBelova has joined #openstack-dev19:08
ayoungdkranz, well, the  tempest checks that are in patch are good additions.19:08
ayoungid seems to be silly to check19:09
*** alunduil has joined #openstack-dev19:09
dkranzayoung: Yes, but they are also a subtraction19:09
dkranzayoung: OK, if that is your opinion I will +2 it19:09
ayoungdkranz, hold on19:09
ayoungdkranz, "everything " uses Ids...this is suspect19:10
*** changbl has quit IRC19:10
*** novas0x2a|laptop has joined #openstack-dev19:10
dkranzayoung: No need to investigate right now. I will add you as a reviewer19:10
ayoungdkranz, please do.  Probably more correct to open a bug about missing Ids on the catalog backends than to remove it from the unit tests19:11
ayounger, functional tests19:11
ekarlsosamalba: ?19:11
ekarlsodarn it19:11
*** mlavalle has left #openstack-dev19:11
ayounglyncos, https://wiki.openstack.org/wiki/HowToContribute#If_you.27re_a_developer19:12
gyeeayoung, jamielennox, see if this make sense? https://review.openstack.org/#/c/47661/19:12
ayounggyee, no.  I told you that yesterday.  Heh19:12
ayounggyee, it is probably fine if you did what we said19:13
ayoungbut the commit message would need to change19:13
ayounggyee, looking at the details of the patch now19:13
lyncosI joined OS foundation + II have my launchpad account19:13
gyeeayoung, I did exactly  :)19:13
lyncosnow need to know how to sign that CLA19:13
gyeedown to the 'n'19:13
lyncosok found it19:14
*** otherwiseguy has quit IRC19:15
*** mlavalle_ has joined #openstack-dev19:15
*** Dr_Who has quit IRC19:15
*** bvandenh has joined #openstack-dev19:15
ayounggyee, you are still coding for your own organization/. "external" means use X509 or other auth to fetch a token, not to skip fetching a token19:16
ayoungwithout your middleware, this won't fly19:16
*** amohn9 has joined #openstack-dev19:16
ayounggyee, so...19:16
gyeeayoung, that's my next move19:17
ayounggyee, if set to external,  it should still request a token.19:17
gyeecontribute the keystone ssl token token filter19:17
lyncosayoung   ICLA signed19:17
gyeeno, external will not request token19:17
lyncosany other step needed ?19:17
ayounggyee, yes, external will stil request token...what you want is out of scope19:17
ayounglyncos, once you have your patch ready, you will need to set up git review19:18
ayoungall that is linked in the wiki page19:18
lyncosOk let's try to patch this up no :-)19:18
lyncoss/no/now19:18
ayounggyee, so fetch a token and bind it to the X50919:18
ayoungwe are not making changes to auth_token middleware that are specific to code built outside of the tree.19:19
*** thingee is now known as thingee_zzz19:19
*** dtyarnell has quit IRC19:20
gyeeayoung, no need to fetch the token if you are using x.50919:20
ayounggyee, ...why didn't you bring this up way back when?19:20
ayounggyee, BECAUSE YOU HAVE CUSTOME MIDDLEWARE19:20
ayounggrrr19:20
gyeeI mentioned it in the bug19:20
ayounggyee, you is dooin stuff backwards like19:21
gyeebug 122830919:21
uvirtbotLaunchpad bug 1228309 in python-keystoneclient "Admin token request should be optional in auth_token middleware" [Wishlist,New] https://launchpad.net/bugs/122830919:21
ayounggyee, sooo I am willing to meet you in the middle.  MOdify auth_token middleware so it can get atoken using X509 and use that19:21
ayoungbecasue that will work for everyone19:21
gyeeayoung, a bit of history, way back when Liem made the change to tied 2-way SSL with the ADMIN token19:21
gyeethat change got lost in translation when we switched over to KSL19:22
ayounggyee, I totally understand.19:22
*** nermina has quit IRC19:22
*** demontiesantos has quit IRC19:22
ayounggyee, and I think this is a good approach.  But without the corresponding Keystone change, it is a no-go19:22
ayounggyee, but...you can still get what you need19:22
gyeeayoung, we don't need to fetch the token19:23
ayounguse X509 to fetch the admin token.  You can even use the binding mechanism19:23
gyeex.509 IS the token, when we do the mapping at the server side19:23
gyeeno need for another round-trip19:23
ayounggyee, *you* don't need to.  But that only works for *you*.19:23
ayounggyee, I get it....and we should have built keystone that way from the get go19:24
gyeeayoung, I am more than happy to put up the keystone middleware19:24
ayounguserid and password should not be in the token request, and admin operatiojns on keystone should not need to have a token passed in19:24
ayoungI get all of that19:24
gyeefor the x.509 to token translation19:24
*** sushils has quit IRC19:24
ayoungIf I log in to keystone with a valid X509, I should be authenticated.19:25
ayoungAnd, once you submit your middleware to do jut that,  the whole world can benefit19:25
gyeeayoung, yes19:25
gyeeayoung, no disagreement here19:25
gyeenow I need to figure I need a bp or just a bug to get that done19:26
gyeefigure out19:26
ayoungbut until then we are not putting the change into the keystoneclient specific to code that is not in keystone proper.  I won't approve it19:26
*** troytoman-away is now known as troytoman19:26
ayounggyee, so...the middleware could probably live in keystone client19:26
gyeeayoung, but that's server-side middleware19:26
ayoungand...if you did that, you could then deploy that middleware with your keystone server19:26
ayoungso what19:26
gyeedude19:26
ayounggyee, Keystone is RC119:27
gyeeserver-side middleware lives with the server19:27
ayounggyee, I'm giving you a path forward.19:27
ayoungif you could make the middleware general enough to be used by other servers as well....19:27
gyeeyou mean x.509 to token translation?19:28
ayoung:)19:28
*** shinylasers has quit IRC19:28
lyncosayoung .. i'm trying to disable the refferal system in ldap..19:28
lyncosI found that variable   LDAP_DEREF  is it related ?19:28
gyeewell I will have to make it configurable, like which header/environ have the SSL properties19:28
ayounggyee, think about it...I'm not certain it is do-able, but it could be really really cool19:29
ayounglyncos, I have no idea19:29
ayoungthat was what he did in patch 1 lyncos right?19:29
*** jmontemayor has quit IRC19:30
gyeeayoung, problem is if I park this middleware in keystoneclient, I can't really test it without the server19:30
lyncosI will try      set_option(ldap.OPT_REFERRALS,0)19:30
lyncosargh .. I lost the command line to re-start keystone19:30
ayounglyncos, you probably want to do a setopt in the get_connection code19:31
ayounglyncos, cd /opt/stack/keystone19:31
*** shinylasers has joined #openstack-dev19:31
ayoungbin/keystone-all19:31
ayoungthat should do it19:31
gyeeI suppose I can just put a "Trust me, it works" disclaimer in there :)19:31
*** sarob has joined #openstack-dev19:31
lyncosI did add        self.conn.set_option(ldap.OPT_REFERALS,0)   to line 52519:31
*** nermina has joined #openstack-dev19:31
ayounglyncos, it should pick up the config file in /etc/keystone19:31
ayounglyncos, so, something else to try.19:32
ayoungcd /opt/stack/keystone19:32
ayoung./run_tests keystone.tests._ldap_livetests19:32
*** bashok_ has joined #openstack-dev19:32
*** sarob has quit IRC19:32
ayoungI should have had you try that before doing any coding or config file changes19:32
*** sarob has joined #openstack-dev19:33
lyncosok doing it19:33
lyncoslyncos@devstack:/opt/stack/keystone$ ./run_tests.sh keystone.tests._ldap_livetests19:34
lyncosNo virtual environment found...create one? (Y/n)19:34
*** tanisdl has joined #openstack-dev19:34
lyncosit's ok I guess ?19:34
lyncossorry Im totally new at python coding :-)19:35
*** bashok has quit IRC19:35
lyncosfail19:36
*** sarob has quit IRC19:37
lyncoslibxml-dev was missing19:37
lyncos:-)19:37
*** danwent has joined #openstack-dev19:37
lyncossame prob19:38
gyeelyncos, yes, you'll have to install a bunch of -dev19:38
*** alexrudenko has joined #openstack-dev19:38
*** sarob has joined #openstack-dev19:39
lyncosok will try to figure out19:39
lyncoserror:  /opt/stack/keystone/.venv/build/lxml/src/lxml/includes/etree_defs.h:9:31: fatal error: libxml/xmlversion.h: No such file or directory19:40
ayounglyncos, ah19:40
lyncosI installed python-libxml2 and libxml2-dev19:40
ayoungprobably need to update the venv19:40
lyncosI got that error in the update process19:40
ayounglibxml2-dev doesn't have the header in it?19:40
*** ekolve has joined #openstack-dev19:41
ayounglyncos, on Fedora it is libxml2-devel-2.9.1-1.fc19.x86_6419:41
lyncoslibxml2-dev                       2.7.8.dfsg-5.1ubuntu4.619:41
lyncosfile exist19:42
lyncos: /usr/include/libxml2/libxml/xmlversion.h19:42
ekolveI am trying to run keystone within apache/HTTPD - the docs mention two script aliases /keystone/main and /keystone/admin, by default the auth url endpoint is something like http://127.0.0.1:5000/v2.0, when you request a token with the command: keystone token-get, it POSTs to the auth url + '/tokens', which doesn't exist when running under HTTPD19:43
ekolveam i missing a path?19:43
*** DinaBelova has quit IRC19:43
ayoungekolve, they should be there19:43
ayoungv2.0 shoud be under /main and /admin19:44
*** dkranz has quit IRC19:44
ayoungyou need to change the auth url to drop the port and pick up main19:44
*** chenxu has joined #openstack-dev19:44
ayounghttp://127.0.0.1/main/v2.0,19:44
ekolvey, that seems to be working better, thank you19:45
ayoungekarlso, I should hope so.  I wrote that doc you were reading19:45
lyncosI think something failed badly..  when I do run_test... I get : tools/with_venv.sh: line 7: nosetests: command not found19:45
lbragstadlyncos: I think you might be missing a couple dependencies19:46
bknudsonekolve: you can configure httpd to use whatever path to keystone you want, so could tell it to point :5000 to admin19:46
ayounglyncos, hrm...you should get that in the venv19:46
ayoung./run_tests.sh -U19:46
ayounger -u19:46
lyncosok thanks19:46
ayoungbknudson, shhh19:46
*** jasdeepH has quit IRC19:46
lyncosstill fail at the same place19:47
ayoungbknudson, that is crazy talk.  We all know that web is supposed to be over 80 for clear text and 443 for ssl19:47
ayounglyncos, you might need to install the deb outside your venv19:47
ayoungthat seems strange19:47
lyncoshttp://paste.openstack.org/show/47861/19:47
morganfainbergayoung, phsaw, I run secure traffic on 80 and plaintext on 443, i'm a rebel19:47
ayoungmorganfainberg, that brought forth a cackle that would scare anyone in my house if they heard it19:48
*** Birk_ has joined #openstack-dev19:48
lbragstadlyncos: missing xmlversion.h19:48
morganfainbergayoung, my work here is done.19:48
bknudsonayoung: need to run everything over 80/443 to subvert firewall rules19:48
ayounglbragstad, yeah, but he has that file19:48
ayoungit is in libxml-dev19:48
lyncosyeah the file is here19:49
Birk_The server can support keystone v2 and v3 ath the same time?19:49
ayoungbknudson, and to be SELinux compliant.19:49
ayoungBirk_, yep19:49
morganfainbergBirk_, yes it can.19:49
bknudsonayoung: ok, you can subvert selinux, too. can't block 80/443.19:49
ayoungBirk_, those are just versions of the API. Served out of different routes19:49
morganfainbergBirk_, what ayoung said.19:49
ayoungbknudson, actually, I meant that running on 80/443 was supported by standard SELinux policy already.  No subversion necessary19:50
lyncosfile exist at that location: /usr/include/libxml2/libxml/xmlversion.h19:50
lyncosand the error is libxml/xmlversion.h   I guess it's looking in the wrong path19:50
morganfainbergayoung, out of curiosity how complete is the SELinux policy for openstack? (if at all) I haven't actually looked, but figured you might have some insight.  I'm building a case for use of differing distros.19:51
lyncosdoes it should be  libxml2/libxml/xmlversion instead ?19:51
*** mjb_ has quit IRC19:52
*** dtyarnell has joined #openstack-dev19:52
*** radez is now known as radez_g0n319:53
*** amohn9 has quit IRC19:54
*** dolphm has joined #openstack-dev19:55
*** vipul-away is now known as vipul19:55
lyncosNow I understand why I'm not a code19:56
lyncoss/code/coder19:56
*** chenxu has quit IRC19:56
*** bashok_ has quit IRC19:57
*** MaxV has joined #openstack-dev19:57
lyncosseems to works better with libxslt1-dev19:58
lyncos:-)19:58
Birk_ayoung: so I must have both endpoints registered for keystone. V2 and V3 ?19:58
*** adalbas has quit IRC19:58
*** dolphm has quit IRC19:59
*** djoreilly has quit IRC19:59
*** exed has quit IRC20:00
ekarlsosamalba: ?20:00
*** dolphm has joined #openstack-dev20:00
ayoungBirk_, in order to do what?20:00
ayounglyncos, I think, just maybe, there is a coder inside struggling to come out20:01
*** dmakogon_ipod has left #openstack-dev20:04
*** tvb has quit IRC20:06
lyncoslol20:06
lyncosok now running run_tests -u20:06
*** dprince has quit IRC20:07
*** chenxu has joined #openstack-dev20:08
*** briancurtin has joined #openstack-dev20:08
*** shinylasers has quit IRC20:09
Birk_ayoung: I'm trying to run some cinder commands. When I run the commands the authentication is being made using v3 (--os-auth-url http://localhost:35357/v3) but the auth_token.py (keystoneclient) is trying to use the v2 url to validate the token20:09
ayoungBirk_, yep20:10
Birk_because when he executes http://localhost:35357/ bothe versions are supported. Then he chooses v2 because is the first option20:10
ayoungBirk_, but Keystone should support both,20:10
lyncosayoung looks better now .. I see a bunch of OK and SKIP in the tests20:11
ayoungBirk_, well, you would think so, but actuyally, the client always goes V2...I think20:11
ayounglyncos, schweet!20:11
ayounglyncos, is that against the AD server?20:11
lyncosno no it's the run_server.sh -u20:11
lyncos    test_move_project_between_domains                            SKIP20:11
lyncosthings like that .. its' going on20:12
Birk_actually the client asks the server the supported versions and then compare them with the LIST_OF_VERSIONS_TO_ATTEMPT = ['v2.0', 'v3.0']20:12
Birk_so even if I'm using v3 the client will assume always v220:13
*** xqueralt has quit IRC20:13
*** xqueralt has joined #openstack-dev20:13
lyncosayoung what would be the next step after  run_server -u ?20:14
Birk_unless I declare the auth_version option in the conf file :)20:14
ayoungBirk_, I was thinking auth_token middleware...but we've flip flopped on a few things, I might be out of date20:15
ayounglyncos, the tests run?20:15
ayoungaside from the skips?20:15
Birk_ayoung: it's auth_token middleware :)20:15
lyncosthe tests run is going on .. with couple of skips .. it seems to take some time to run20:15
lyncosok done now but it failed because of the line I changed... removed it and starting over20:18
lyncosayoung In the mean time is there any way to change ldap version .. I think V2 doesn't support recursion at all.. I would like to try20:19
*** topol has quit IRC20:19
*** otherwiseguy has joined #openstack-dev20:21
*** shinylasers has joined #openstack-dev20:22
ayounglyncos, you can set up subtree searches yes20:22
*** shinylasers has quit IRC20:22
lyncosIt's already set to   sub20:23
*** cjellick has joined #openstack-dev20:23
cburgessanyone know how to configure the number of parralel tests that tox will run?20:23
ayounglyncos, then what do you mean by recursion>20:24
*** chenxu has quit IRC20:24
ayoung?20:24
lyncosayoung the problem I have that recurse on different DC20:24
bknudsonlooking at oslo.db sqlalchemy/session.py, what's a slave database?20:24
bknudsonhttps://github.com/openstack/oslo-incubator/blob/master/openstack/common/db/sqlalchemy/session.py#L28320:24
ayounglyncos, DC?20:24
lyncosDC = domain controller20:25
ayounglyncos, do you mean forests?20:25
ayoungso that users are in one LDAP server and Projects are in another?20:25
lyncosayoung I mean the  Windows Domain controller server.. the one where ldap is running20:25
lyncosno everything is on all servers at same time20:25
lyncosbut the code is still fetching the list of DC and connecting to a random one20:25
ayoungah...ok, so same issue we've been fighting.20:26
lyncosyeah20:26
*** briancurtin_ has joined #openstack-dev20:26
lyncosTheses test are so long20:26
*** chenxu has joined #openstack-dev20:26
ayoungyeah...live ldap is slow20:26
lyncosok run_server -u done20:26
ayoungyou should run the tests against the fake server first for most things20:26
*** briancurtin has quit IRC20:27
*** briancurtin_ is now known as briancurtin20:27
ayoungand you don't need -u every time20:27
lyncoswhat I need to do ?20:27
ayoungbut fakeserver will do you no good20:27
*** dvarga has quit IRC20:27
ayoungyou can run just a single test if you know it exercises your line of code20:27
lyncoscan I only run the ldap tests ?20:27
lyncosok did it20:28
lyncos./run_tests.sh keystone.tests._ldap_livetests20:28
lyncoskeystone.common.environment: INFO: Environment configured as: eventlet20:29
*** alunduil has quit IRC20:29
ayoung./run_test.sh keystone.tests._ldap_livetests:LiveLDAPIdentity.test_20:29
ayoungso for example20:29
ayoung./run_test.sh keystone.tests._ldap_livetests:LiveLDAPIdentity.test_list_groups_for_user_filtered20:29
*** jbresnah has quit IRC20:29
lyncosI always get  AttributeError: 'module' object has no attribute '_ldap_livetests'20:29
ayoungah... no s20:30
ayoung./run_test.sh keystone.tests._ldap_livetest:LiveLDAPIdentity.test_list_groups_for_user_filtered20:30
ayounglyncos, it is the file under keystone/tests/20:30
ayoung_ldap_livetest.py20:30
lyncosok lets'try to run full ldap tests20:30
ayoungand do -x20:30
ayoung./run_test.sh  -x keystone.tests._ldap_livetest:LiveLDAPIdentity.test_list_groups_for_user_filtered20:31
ayoungthat will stop after the first err20:31
ayoungor20:31
*** jbresnah has joined #openstack-dev20:31
lyncosok cool20:31
lyncosHow can I be sure it's actually using my ldap server?20:31
lyncosis it hitting ldap at that time ?20:32
lyncosor it's just tests against the code ?20:32
*** cjellick has quit IRC20:32
*** gimps_ has quit IRC20:32
lyncosall the tests did run correctly .. (33 skips)20:33
*** cjellick has joined #openstack-dev20:33
*** DennyZhang has quit IRC20:34
*** FunnyLookinHat has quit IRC20:34
*** boden has quit IRC20:34
ekolvehas anyone set kerberos authentication with keystone and horizon?  Should horizon delegate its Negotiate token to keystone when a user authenticates to the KPN for horizon?20:35
*** sandywalsh_ has joined #openstack-dev20:39
*** sandywalsh has quit IRC20:39
*** Birk_ has quit IRC20:40
*** FunnyLookinHat has joined #openstack-dev20:40
*** dkranz has joined #openstack-dev20:41
*** galstrom is now known as galstrom_zzz20:41
ayoungekolve, oh...I like how you are thinking20:41
ayoungekolve, ideally, no, you would use S4U2Proxy20:41
ayoungbut you can probably prototype with delegation to start20:42
*** AlexF has joined #openstack-dev20:42
ayounglyncos, ah...um,,,so20:42
*** chenxu has quit IRC20:42
ayoungit was probably running against the openldap server20:42
ayoungbut...that is goo20:42
ayoungd20:42
ayoungyou have a positive thread test to go against20:43
ayoungthe _ldap_livetests have their own config file...I guess to really test this you need to modify that20:43
lyncosThe request you have made requires authentication. (HTTP 401)20:43
*** zul has quit IRC20:44
*** mlavalle_ has quit IRC20:44
*** sandywalsh_ has quit IRC20:44
ayoungyou can probably do so by copying /etc/keystone/keystone.conf to keystone/tests/backend_liveldap.conf20:44
lyncosok did it20:44
*** bvandenh has quit IRC20:45
lyncos    test_add_duplicate_role_grant                                ERROR20:45
ekolvewhat about just authenticating to using an external authenticator in keystone from horizon? Throwing out the kerberos part, if keystone uses an external authenticator, how can horizon authenticate a user, is the pattern to pass credentials it receives on?20:45
ayoungrcrit, can you talk with ekolve ?  He's doing all of the Kerberos Horizon type stuff we talked about20:45
*** jecarey has quit IRC20:45
lyncosnice it fail right away20:45
ayoungekolve, if you do REMOTE_USER in Horizon, you don't have credentials to pass on to Keystone and you can do nothing20:45
*** SergeyLukjanov has quit IRC20:48
lyncosayoung any idea why it's failing ?20:48
ayounglyncos, did you get a stack trace?20:48
lyncosyeah20:48
lyncoshttp://paste.openstack.org/show/47869/20:49
*** jmontemayor has joined #openstack-dev20:49
*** sarob has quit IRC20:50
ayounglyncos, you probably needto change the attribute from desc to whatever you have on your server...tis an AD specific thing I think20:50
lyncosah description20:50
*** sarob has joined #openstack-dev20:50
lyncosinstead of desc20:51
lyncosbut where ?20:51
ayounghttps://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L38120:51
ayounglyncos, that is mapped in the role object...link in a moment20:52
*** buzztroll has joined #openstack-dev20:52
lyncosit's the same config file that is working on live server20:52
*** jbresnah has quit IRC20:52
ayounghrm...20:53
ayounglyncos, becasue it is actually trying to create objects20:53
lyncosahhh I may have no rights20:53
lyncoslet me check20:53
ayounghttps://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L38120:53
lyncosI should be able to write..20:53
ayounghttps://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L38120:54
ayoungargh20:54
ayoung  File "/opt/stack/keystone/keystone/tests/_ldap_livetest.py", line 37, in create_object20:54
*** chenxu has joined #openstack-dev20:54
*** sarob has quit IRC20:55
ayoung  File "/opt/stack/keystone/keystone/tests/_ldap_livetest.py", line 60, in clear_database20:55
lyncosFor now Can I skip the 'writes' to ldap ?20:55
ayounglyncos, hmmm.this might be a bad idea to run against a live LDAP server20:55
ayoungnah, it needs sample data.   No sample data, no unit tests20:55
lyncosmy user only has access to a specific OU that I don't care to loose everything20:56
*** chenxu has quit IRC20:56
lyncosis there any way to log what the tests are doing ?20:56
*** buzztroll has quit IRC20:56
lyncoslike .. see ldap requests20:56
lyncosSo i  can test with command line tools20:57
ayounglyncos, I suspect that the tree_dn_attrs must have a desc field for your db20:57
lyncosOk another way around... Can I only use ldap for authentication and DB for managing the roles/tenants etc?20:58
*** vuil has quit IRC20:58
ayounglyncos, https://github.com/openstack/keystone/blob/master/keystone/tests/_ldap_livetest.py#L6020:58
ayounglyncos, you can in Havana....its at RC1 at the moment20:58
*** FatDarrel has quit IRC20:59
lyncosI think this will be easier20:59
*** alexpilotti has quit IRC20:59
*** Farooque has joined #openstack-dev20:59
lyncossorry I don't understand the tree_dn_attrs21:00
*** datsun180b has quit IRC21:01
*** alexrudenko has quit IRC21:01
*** tmclaugh[work] has quit IRC21:01
lyncosI did not configure groups .. maybe that's the problem21:03
*** bvandenh has joined #openstack-dev21:03
lyncosnop same thing21:04
*** fandikurnia01 has quit IRC21:06
*** jruzicka has quit IRC21:06
*** alexpilotti has joined #openstack-dev21:07
*** buzztroll has joined #openstack-dev21:07
BobBalldansmith: ping if you're still here?21:08
*** burt has quit IRC21:08
dansmithBobBall: yeah21:08
BobBallw00t.21:08
BobBallI'm struggling trying to get my head round metadata / metadetails...21:08
BobBallI figured since there is a rename in the instance object from metadetails to metadata then getting it would give me my dict back21:09
lbragstadbknudson: ping https://review.openstack.org/#/c/49273/ https://review.openstack.org/#/c/49272/21:09
BobBallbut noooo... I get an sqlalchemy.MetaData back21:09
BobBallwhich appears to be a table definition?21:09
*** litong has quit IRC21:09
lyncosayoung .. I will have to leave soon .. I'll take a decision tomorrow as if I'm trying to fix or .. wait for havana to use the 'dual' backend thing21:09
BobBalland I really have no clue how to work with that or what I should be expecting from there21:09
BobBalldoes the change mean that things stored in metadetails now get translated into a "table" with rows ratherthan a python dict?21:09
dansmithBobBall: well, it depends on where you're calling from and what you're doing exactly.. is there some code I can look up?21:10
bknudsonlbragstad: pong21:10
ayounglyncos, lets see if this change works with devstack.  THat is using git master, which maps to Havan right now anyway21:10
lyncoshow21:10
BobBallSure - this is XenAPI pools which is trying to access the metadetails - see https://github.com/openstack/nova/blob/2013.1.3/nova/virt/xenapi/pool.py#L7621:10
ayounglyncos, we can pick this up tomorrow.  I need to run now, too21:11
lyncosok let see tomorrow21:11
lbragstadbknudson: quick question on those two, since you're fixing the case for db2 and then redoing that work for postgres, would it make sense to do it all in the same patch?21:11
BobBalldansmith: we get the metadetails then check for a key - assuming that it's a dict - but metadetails doesn't exist and metadata is a MetaData :)21:11
lyncoshave a good evening21:11
lyncosthanks for your help ayoung21:11
*** bvandenh has quit IRC21:12
BobBalldansmith: the real problem I have is that I'm trying to fix up the tests - renaming to metadata rather than metadetails makes the unit tests fail showing I clearly do not understand what's going on here :)21:12
dansmithBobBall: so, something is calling this method and passing you what? a new-world object or a sqlalchemy Aggregate model?21:12
*** burt has joined #openstack-dev21:12
*** FatDarrel has joined #openstack-dev21:12
bknudsonlbragstad: not redoing anything. Supporting postgres is a new feature and it wasn't mentioned in the bug being fixed.21:12
*** sarob has joined #openstack-dev21:12
dansmithBobBall: well, the unit tests are probably not in sync with something else :)21:12
BobBallthe tests are definitely using the Aggregate model21:12
*** changbl has joined #openstack-dev21:12
bknudsonlbragstad: the bug was for db221:12
BobBallperhaps that's the problem and they need a new-world object...21:13
dansmithBobBall: if the real caller is passing you an object, then yeah21:13
*** vladikr has quit IRC21:14
BobBallhmmmm...21:14
lbragstadbknudson: ok, the renaming of mysql_db2_on_checkout threw me off. But the check remains the same21:14
bknudsonlbragstad: the function was renamed to match what it does.21:15
bknudsonlbragstad: well, not what it does but how it's used.21:15
lbragstadright, since it fits cases for mysql, db2, and postgres21:15
*** noslzzp has quit IRC21:15
cfriesenhi guys,  I'm running into issues when testing out the "evacuate" behaviour.  If I start with an instance on compute1, then kill compute1 and evacuate to compute2, then kill compute2 and evacuate back to compute1 it seems to be failing a check in rebuild_instance() because it finds the old instance file on the disk at/var/lib/nova/instances/.   Is this a bug?  If not, what's the intended behaviour in this case?  Surely the admin isn't supposed to21:15
cfriesenmanually wipe a compute node before reconnecting it to the network...21:15
*** galstrom_zzz is now known as galstrom21:16
*** dolphm has quit IRC21:16
*** prad has joined #openstack-dev21:17
lbragstadbknudson: so you're keeping those two commits separate since adding db2 fixes a bug and adding postgres is a function?21:17
bknudsonlbragstad: yes21:17
lbragstadgotcha..21:17
lbragstadbknudson: thanks21:17
bknudsonlbragstad: this all might go away if I can use the oslo-incubator db stuff.21:18
lbragstadbknudson: ++21:18
*** devoid1 has quit IRC21:19
*** devoid has joined #openstack-dev21:19
*** devoid has left #openstack-dev21:19
rcritekolve, still around to talk about Kerberos?21:20
*** jecarey has joined #openstack-dev21:20
*** sgordon has quit IRC21:21
BobBalldansmith:perhaps a generic question- what's the recommended way to get an instance from the db object?  using the _from_db_object class method?21:22
BobBalldansmith: or to create one to use in a test perhaps... since that's what I care about tonight :)21:22
dansmithBobBall: yeah, you can _from_db_object() it21:22
dansmithBobBall: eventually, nobody will have raw db objects anywhere and we won't be using that method directly, but for now it's a stopgap21:23
*** shinylasers has joined #openstack-dev21:31
*** thomasm has quit IRC21:34
*** nermina has quit IRC21:38
*** bswartz has quit IRC21:39
*** thingee_zzz is now known as thingee21:39
*** donaldh has joined #openstack-dev21:41
*** mlavalle has joined #openstack-dev21:42
*** pcm_ has quit IRC21:45
*** CaptTofu has quit IRC21:46
*** CaptTofu has joined #openstack-dev21:47
*** zul has joined #openstack-dev21:49
*** rfolco has quit IRC21:49
*** zul has quit IRC21:49
*** amerine has quit IRC21:49
*** zul has joined #openstack-dev21:50
*** dtyarnell has quit IRC21:51
*** nati_ueno has joined #openstack-dev21:53
*** danwent has quit IRC21:54
*** amerine has joined #openstack-dev21:55
*** CaptTofu has quit IRC21:57
*** afazekas_no_irq has quit IRC21:57
*** ekolve has left #openstack-dev21:57
*** CaptTofu has joined #openstack-dev21:58
*** kbringard has quit IRC21:58
*** eglynn has quit IRC21:59
*** burt has quit IRC22:03
*** burt has joined #openstack-dev22:04
*** neelashah has quit IRC22:10
*** lbragstad has quit IRC22:11
*** bpokorny has quit IRC22:12
*** diogogmt has quit IRC22:12
*** eglynn has joined #openstack-dev22:16
*** mrodden has quit IRC22:17
*** galstrom is now known as galstrom_zzz22:18
*** briancurtin has quit IRC22:18
*** FunnyLookinHat has quit IRC22:20
*** morazi has quit IRC22:22
*** xqueralt has quit IRC22:23
*** flaper87 is now known as flaper87|afk22:24
*** READ10 has quit IRC22:28
*** vuil has joined #openstack-dev22:29
*** henrynash has quit IRC22:30
*** jvrbanac has joined #openstack-dev22:33
*** radsy has joined #openstack-dev22:34
*** prad has quit IRC22:35
*** dropped has joined #openstack-dev22:37
*** eharney has quit IRC22:37
*** dperaza has quit IRC22:37
*** MaxV has quit IRC22:38
*** Max_ has joined #openstack-dev22:38
*** dperaza has joined #openstack-dev22:38
*** rnirmal has quit IRC22:40
*** lbragstad has joined #openstack-dev22:40
*** thedodd has quit IRC22:47
*** anteaya has quit IRC22:47
*** diogogmt has joined #openstack-dev22:51
*** thingee is now known as thingee_zzz22:51
*** alexpilotti has quit IRC22:52
*** Mandell has quit IRC22:52
jamielennoxgyee: still here?22:53
*** Mandell has joined #openstack-dev22:53
*** lsmola has quit IRC22:57
*** eglynn has quit IRC22:57
*** Mandell has quit IRC22:57
*** fbo is now known as fbo_away22:58
*** pmathews has quit IRC22:58
*** Max_ has quit IRC22:59
*** dstanek has quit IRC23:00
*** anteaya has joined #openstack-dev23:01
*** dstanek has joined #openstack-dev23:01
*** MaxV has joined #openstack-dev23:01
gyeejamielennox, yes23:03
gyeeworking on a BP to contribute the X.509 to token middleware23:03
*** jvrbanac has quit IRC23:03
*** sarob_ has joined #openstack-dev23:03
*** donaldh has quit IRC23:05
*** sarob_ has quit IRC23:05
*** sarob_ has joined #openstack-dev23:05
*** sheeprine has quit IRC23:06
jamielennoxgyee: i was just going to talk about the auth_method review, i ended up just putting it in as comments23:06
*** grapsus has joined #openstack-dev23:06
*** sarob has quit IRC23:06
gyeejamielennox, thanks, I'll take a look23:06
gyeeayoung also wants x.509 to token middleware before giving his blessing23:07
gyeeso I am working on a BP to do just that23:07
jamielennoxit's a good thing to have supported i guess23:07
gyeemay take awhile though23:07
*** cdub has quit IRC23:07
*** romcheg1 has quit IRC23:08
gyeeside-effect of working for a for-profit corporation :)23:08
*** sarob_ has quit IRC23:08
jamielennoxwell, we've all got those23:08
*** sheeprine has joined #openstack-dev23:10
*** lsmola has joined #openstack-dev23:13
gyeejamielennox, I like the second suggestion of passing the headers into get_admin_token()23:13
gyeebut if we are going to this, lets do this all the way by supporting pluggable auth23:13
jamielennoxgyee: yea, a lot of this will go away when we can do proper pluggable auth23:14
*** jecarey has quit IRC23:14
*** AlexF has quit IRC23:14
jamielennoxi guess given the current state of auth_token it isn't a problem to check for external it's just not ideal23:15
*** carl_baldwin has quit IRC23:15
gyeejamielennox, well for external auth, we can do this in two ways23:16
gyee1) request a bind token using 2-way SSL23:16
gyee2) trade in x.509 client cert for a token at the server side23:16
*** mlavalle has quit IRC23:17
gyeethe second option gain us performance as we will be saving a roundtrip23:17
jamielennoxgyee: i don't think that they are seperate options23:18
gyeethey are23:18
jamielennoxgyee: or at least on a scale bigger than keystone23:18
gyeeone is done at the client side and the other is on the server side23:18
*** boris-42 has quit IRC23:19
jamielennoxso for keystone i guess it's ok because it's going to know your permissions/roles anyway - but it's not going to help with connecting to nova with just client certs23:19
jamielennoxah, although we are talking about auth_token not the user, so it's only talking to keystone anyway23:20
gyeejamielennox, that's correct23:20
jamielennoxdon't mind me23:20
jamielennoxi'm just confusing concepts23:20
*** mdenny has quit IRC23:20
gyeewell, technically it can be done at Nova23:20
gyeejust have a middleware to convert the X.509 cert into user context23:21
gyeebypassing keystone :)23:21
gyeebut that's not cool23:21
jamielennoxlol, don't say that out loud around here23:21
*** rcleere has quit IRC23:22
jamielennoxso how do you handle roles etc, for client certs in keystone23:23
jamielennoxi'm hoping we get an x509 auth soon anyway, but that would still be expected to issue tokens23:23
gyeejamielennox, use mappings and persona approach23:24
*** jmontemayor has quit IRC23:24
jamielennoxgyee: that's held in middleware then23:24
*** MaxV has quit IRC23:25
*** MaxV has joined #openstack-dev23:25
*** mkollaro has quit IRC23:26
gyeejamielennox, combination of middleware, auth plugin, and token provider plugin23:26
gyeesame way to are going to enable federation23:26
*** jimfehlig has quit IRC23:27
jamielennoxok, makes sense - i was trying to think if there was a simple way it could be shimmed in, but you've done it 'properly'23:28
*** kbrierly has left #openstack-dev23:28
*** MaxV has quit IRC23:30
*** rfolco has joined #openstack-dev23:30
*** giulivo has quit IRC23:31
*** jergerber has quit IRC23:31
*** gordc has quit IRC23:31
*** sheeprine has quit IRC23:32
*** yjiang5 has quit IRC23:34
*** dstanek has quit IRC23:37
*** chenxu has joined #openstack-dev23:41
*** sheeprine has joined #openstack-dev23:43
*** Ryan_Lane has quit IRC23:44
*** diogogmt has quit IRC23:45
*** diogogmt has joined #openstack-dev23:46
*** gyee has quit IRC23:46
*** MaxV has joined #openstack-dev23:56
*** dstanek has joined #openstack-dev23:56
*** rfolco has quit IRC23:58
*** sheeprine has quit IRC23:58
« Tuesday, 2013-10-01 Index Thursday, 2013-10-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!