Thursday, 2013-12-05

« Wednesday, 2013-12-04 Index Friday, 2013-12-06 »
jamielennoxalso i don't think we want to use POST for creating a group - that should stay as a PUT00:00
*** rfolco_ has quit IRC00:00
jamielennoxat least partially because we already use POST /group to retrieve a group key00:01
nkinderjamielennox: Yeah, I meant the PUT request for group creation.00:01
jamielennoxdamn, although i can see the argument that maybe the correct format is POST /group/name which would give us the POST /group/name/generation for retrieving a gen00:02
nkinderPOST is used for getting tickets or group keys only00:02
nkinderAlso, should 'PUT /v1/keys/{name}' return 201?00:02
jamielennoxnkinder: no it won't work00:02
*** rongze has quit IRC00:02
jamielennoxit's better in a restful theory kind of way - but all of this information has to be within the signed body of the request - if it's in the URI i have to ignore it anyway00:03
*** xarses has quit IRC00:03
jamielennoxnkinder: sure00:03
jamielennoxnkinder: should keys in that URI be hosts? PUT /v1/host/{name} ?00:03
*** rcleere has quit IRC00:03
nkinderjamielennox: yes00:04
*** rnirmal has joined #openstack-dev00:04
*** xarses has joined #openstack-dev00:04
nkinderjamielennox: sorry, i meant {name} refers to a host/service00:04
*** jmontemayor has quit IRC00:04
nkinderjamielennox: but PUT /v1/host/{name} does make sense00:05
*** nelsnelson is now known as nelsnelson_away00:05
jamielennoxyea, the use of the 'key' resource makes sense for hosts because you are setting a key, not creating a host - but particularly when compared to the /group semantics /host looks better00:05
nkinderjamielennox: that creates a host, or updates it's key.00:05
jamielennoxnkinder: yep, i'm ok with that00:05
*** lbragstad1 has quit IRC00:06
*** noslzzp has quit IRC00:06
*** rfolco_ has joined #openstack-dev00:06
nkinderjamielennox: we don't need to use a POST to create a host and PUT to update it's key?  We can use PUT for both?00:06
jamielennoxnkinder: we only need to create a group because the KDS is generating keys for us, i think it's ok that setting a key is the same as creating a host00:07
jamielennoxbecause a host without a key doesn't make sense00:07
*** lbragstad has joined #openstack-dev00:07
*** alexpilotti has joined #openstack-dev00:07
*** morazi has quit IRC00:07
nkinderjamielennox: ok, makes sense to me.  It's more simple too.00:07
nkinderotherwise PUT would have to fail if the host wasn't already defined, etc.00:08
*** dubsquared has quit IRC00:08
nkindertoo much hassle for no benefit00:08
*** herndon_ has quit IRC00:08
*** buzztroll has quit IRC00:08
*** thomasem has joined #openstack-dev00:08
*** loq_mac has quit IRC00:08
jamielennoxPOST is supposed to assume that the server generates the ID for us as well, given that we are using name as ID that doesn't really work00:08
nkindertrue00:09
*** nelsnelson_away has quit IRC00:09
*** sarob has quit IRC00:11
*** nelsnelson has joined #openstack-dev00:11
*** sarob has joined #openstack-dev00:11
*** rfolco_ has quit IRC00:12
*** AZBob has quit IRC00:12
nkinderjamielennox: I'm not so sure we should use /v1/host00:12
nkinderjamielennox: you might have multiple services on a single host, right?00:12
nkinderjamielennox: using /v1/keys keeps things generic, as a key could be assigned to anything (an application, a service, a person, etc.)00:13
*** rfolco_ has joined #openstack-dev00:13
jamielennoxnkinder: mmm, i've no idea - but yea that makes sense00:14
*** nelsnelson has quit IRC00:14
nkinderjamielennox: I'll leave it as keys.  It's less tied to the secure messaging case that way.00:14
jamielennoxnkinder: i don't know enough about how messaging works because you subscribe to a bus, though i'm using host i don't know if that ties to an actual hostname00:15
nkinderjamielennox: and group creation will return 201, but the rest will stay as 20000:15
nkinderjamielennox: yes, but the point is KDS might be useful for something other than messaging00:15
*** rnirmal has quit IRC00:15
jamielennoxcurrently if you create a group that already exists it just passes it through00:15
*** thomasem has quit IRC00:15
jamielennoxdo you think that should be a conflict? or at least a 200 OK rather than 201 Created?00:16
*** sarob has quit IRC00:16
jamielennoxsame thing with deleting a group that doesn't exist - though i guess that should be a 40400:16
*** lbragstad has quit IRC00:16
*** lbragstad has joined #openstack-dev00:18
*** pete5 has quit IRC00:18
*** mriedem has joined #openstack-dev00:18
*** dstufft has quit IRC00:18
*** mlavalle has quit IRC00:19
*** rfolco_ has quit IRC00:20
*** CaptTofu has joined #openstack-dev00:20
nkinderjamielennox: delete of a non-existent group should return 40400:20
*** dstufft has joined #openstack-dev00:21
*** matsuhashi has joined #openstack-dev00:21
*** mfer has joined #openstack-dev00:24
nkinderjamielennox: if you try to create a group that already exists, what about 409 Conflict?00:24
jamielennoxnkinder: i wasn't sure - it's not really a problem because the group create doesn't do anything really00:25
nkinderjamielennox: so maybe we just allow it00:25
jamielennoxnkinder: but i guess it's a better way of showing that it already exists00:25
*** shinylasers has joined #openstack-dev00:25
jamielennoxnkinder: that's why i had it as always a 200, but i guess it is better to say 409, the user just has to know that that doesn't mean a problem00:26
*** epim has quit IRC00:26
*** jp_at_hp has quit IRC00:26
*** SumitNaiksatam has joined #openstack-dev00:27
*** lbragstad has quit IRC00:27
nkinderjamielennox: what about getting a group?  I guess there's no purpose since members are defined by the group name itself.00:27
*** lbragstad has joined #openstack-dev00:27
nkinderjamielennox: the thing with 201 and 409 is that you usually return a link to the created resource (or the conflict) in the Location header AFAIK.00:28
jamielennoxnkinder: i see later on that there might be group membership controls in KDS00:28
*** alexpilotti has quit IRC00:28
*** gordc has joined #openstack-dev00:29
jamielennoxso enrol a host and all that sort of thing - i've tried not to block the routes for that sort of thing but haven't done anything about it00:29
*** tris has joined #openstack-dev00:29
jamielennoxnkinder: let's just go 409, i think that's what keystone does in this situation00:29
nkinderjamielennox: it seems a bit odd to require the member name to start with the group name00:29
jamielennoxnkinder: yea - i think that should be an impl detail and not in the API00:29
nkinderjamielennox: ok, but we have no URL to use in the location header to get the group right now.00:29
nkinderIf we want to add the ability to manage group membership, we'll need to be able to GET a group to see the members anyway.00:30
*** Farooque has joined #openstack-dev00:30
*** andreaf has quit IRC00:30
nkinderWe can deal with that later.  We'll just use 201 and 409 for now and leave the Location header empty00:30
*** andreaf has joined #openstack-dev00:31
jamielennoxnkinder: right so /group/{group_name} is the obvious place but let's leave that out00:31
*** rfolco_ has joined #openstack-dev00:31
*** buzztroll has joined #openstack-dev00:31
jamielennoxi don't even know what i could put into a GET /group/{name} route anyway00:31
*** pmathews has quit IRC00:32
*** martyntaylor has quit IRC00:32
jamielennoxother than a check if it exists00:32
nkinderjamielennox: nothing until we can add members00:32
nkinderjamielennox: I need to step away for a while.  If you figure anything out on the base64 side of things, send me an e-mail.00:34
*** kbrierly has quit IRC00:34
jamielennoxnkinder: let's put it in as a straight json encoded string for now i guess - i can't think of anything it can hurt00:35
*** Farooque has left #openstack-dev00:35
*** mohits has joined #openstack-dev00:35
nkinderjamielennox: you mean just take out the base64?00:36
*** buzztroll has quit IRC00:37
*** lbragstad1 has joined #openstack-dev00:37
nkinderjamielennox: like this? http://ur1.ca/g59we00:37
*** mfer has quit IRC00:38
*** fifieldt_ has joined #openstack-dev00:38
*** gordc has quit IRC00:38
*** mfer has joined #openstack-dev00:38
*** mfer has quit IRC00:39
*** lbragstad has quit IRC00:39
*** alop has quit IRC00:39
*** reed has quit IRC00:43
*** dims has joined #openstack-dev00:44
*** dripton has quit IRC00:44
*** dims has quit IRC00:45
*** reed has joined #openstack-dev00:45
*** reed has quit IRC00:45
*** reed has joined #openstack-dev00:45
jamielennoxnkinder: it will still need to be a JSON encoded string within the JSON document00:46
*** danielbruno has quit IRC00:47
*** dripton has joined #openstack-dev00:47
*** lbragstad has joined #openstack-dev00:49
*** lbragstad1 has quit IRC00:49
nkinderjamielennox: ok, got it.  Just need to think of the best way to show that in the API doc.00:50
*** angdraug has quit IRC00:50
jamielennoxnkinder: no idea how to make that obvious :)00:50
*** shinylasers has quit IRC00:51
nkinderjamielennox: I guess it's taking the metadata JSON, putting it all on one line, escaping the quotes, and adding quotes around it.00:51
nkinderjamielennox: sounds ugly :)00:51
jamielennoxnkinder: what i tested out in python didn't seem to escape quotes00:52
jamielennoxnkinder: oh, my bad00:52
jamielennoxIn [2]: json.dumps({'metadata': json.dumps({'a': 1, 'b': 2}), 'signature': 'xxxxx'})00:52
jamielennoxOut[2]: '{"signature": "xxxxx", "metadata": "{\\"a\\": 1, \\"b\\": 2}"}'00:52
nkinderjamielennox: yeah.  I'll describe the metadata separate from the request in JSON I think, then show the request with an encoded string.00:53
*** jgrimm has quit IRC00:55
*** lbragstad1 has joined #openstack-dev00:58
*** lbragstad has quit IRC00:59
*** shinylasers has joined #openstack-dev00:59
*** colinmcnamara has quit IRC01:00
*** colinmcn_ has quit IRC01:00
morganfainbergevenin.01:02
morganfainbergdstanek, i expect to post another KVS changeset up tomorrow.  i'm going to split out the memcache_crypto part into it's own patchset so we can get more security focus looking at that specifically...it should also make reading the real patchset easier.01:03
*** markwash has quit IRC01:03
*** faramir1 has quit IRC01:03
*** faramir1 has joined #openstack-dev01:05
dstanekmorganfainberg: cool, looking forward to it01:05
bknudsonis KVS like KDS?01:05
morganfainbergbknudson, key-value-store refactor01:05
*** stevemar has quit IRC01:05
bknudsonthis is going to get confusing01:05
morganfainbergbknudson, the 1200-some-line patchset i have up that is super dense initial implementation01:05
morganfainbergbknudson, talked with ayoung, we agreed, not calling it KVS is a good plan, KeyValueStore is the "right" name01:06
morganfainbergso, i'll start referencing it as such :)01:06
morganfainbergbknudson, but yes.  it could get confusing.01:07
*** Abhishe__ has quit IRC01:07
*** tmclaugh[work] has joined #openstack-dev01:08
*** willingc has joined #openstack-dev01:09
*** pablosan has quit IRC01:09
*** lbragstad1 has quit IRC01:10
*** lbragstad has joined #openstack-dev01:11
*** kbrierly has joined #openstack-dev01:12
*** pablosan has joined #openstack-dev01:13
*** singhs has quit IRC01:13
*** singhs has joined #openstack-dev01:13
*** pablosan has quit IRC01:14
*** hemna is now known as hemnafk01:18
*** singhs has quit IRC01:18
*** krotscheck has quit IRC01:21
*** lbragstad1 has joined #openstack-dev01:21
*** lbragstad has quit IRC01:21
*** flaper87 is now known as flaper87|afk01:22
jamielennoxmorganfainberg: it's not too bad until we back the KDS onto the KVS01:23
morganfainbergjamielennox, can we then use the KDS to store the KVS keys for the KDS backed by KVS using the KVS encrypt semantics?01:24
*** sballe has quit IRC01:24
jamielennoxmorganfainberg: i've read it 3 times now - and i still can't tell if it's a real sentence01:24
*** twoputt__ has quit IRC01:24
*** twoputt_ has quit IRC01:24
jamielennoxi'll go with no01:25
morganfainbergjamielennox, oh it's real! *challenge accepted*01:25
*** mfer has joined #openstack-dev01:26
morganfainbergjamielennox, interesting thought though, using a stable key-value-store for KDS backing instead of say SQL01:26
morganfainbergjamielennox, (e.g. Redis?)01:27
morganfainbergjamielennox, not sure if that would be too much of a hinderance, losing the relational overhead01:27
jamielennoxmorganfainberg: i wrote a KVS (the style we used for testing with to a dictionary) pretty simply01:27
morganfainbergjamielennox, i'll be replacing it w/ dogpile backed eventually this cycle then.01:27
*** prad has quit IRC01:28
nkinderjamielennox: should the ticket be an encoded JSON string too?  Might as well be consistent, right?01:28
jamielennoxit's a really simple 1:M, name -> keys01:28
morganfainbergjamielennox, provided i get this refactor in01:28
morganfainbergjamielennox, oh, nice. that really is easy, SQL relational is a bit over the top for something like that01:28
*** rongze has joined #openstack-dev01:28
nkinderjamielennox: esek too for that matter (before it's encrypted)01:29
morganfainbergjamielennox, when you have the code mostly stable, let me know (unless you want to take a crack at it) so I can layer the caching over the top of it (memoization)01:29
*** amcrn has quit IRC01:29
jamielennoxnkinder: .... i dont know something feels wrong about it01:29
jamielennoxbut i can't say what01:29
nkinderjamielennox: I know...01:29
* morganfainberg makes mental note to build a HMAC/encryption capable backend for dogpile and submit it upstream01:29
nkinderjamielennox: I can leave those as is and we can argue it :)01:30
morganfainbergnkinder, huh, so encrypted envelop of json?01:30
jamielennoxmorganfainberg: it would be really interesting to see if KDS could be used to encrypt to backend storages01:30
morganfainbergjamielennox, if you look at my Key-value-store refactor, it could be.01:30
jamielennoxmorganfainberg: i'll fill you in as you might have a good opinino on it01:30
*** rfolco_ has quit IRC01:31
nkindermorganfainberg: we have a few JSON objects/maps in KDS that are base64 encoded to ensure ordering01:31
morganfainbergjamielennox, the memcache_crypt stuff in auth_token is fully supported at the top-layer of the KVS01:31
morganfainbergnkinder, Ah, that makes sense.01:31
*** lbragstad1 has quit IRC01:31
jamielennoxthe problem is that we take a signature over a payload, but we can't guarantee that the json->dict will be stable - which would affect the sig01:31
nkindermorganfainberg: talking about changing those to JSON encoded strings containing the maps01:31
*** matsuhashi has quit IRC01:31
jamielennoxnkinder is way better at this stuff than me01:31
morganfainbergnkinder, that actually makes sense.01:31
morganfainbergjamielennox, we're lucky nkinder is working on this stuff then! cause... it's not like you're bad at it.01:32
nkinderjamielennox: I'm new to JSON... Still swimming a bit ;)01:32
morganfainbergnkinder, phsaw, json is easy.  until you layer in schemas.01:32
morganfainbergnkinder, then its... still easier than XML01:32
jamielennoxnkinder: ha, JSON will be fine01:32
*** lbragstad has joined #openstack-dev01:32
*** rongze has quit IRC01:33
*** matsuhas_ has joined #openstack-dev01:33
morganfainbergjamielennox, so yes, we could use KDS to encrypt backends easily... as long as the KDS store is stable.  We might need a mechanism to support key-rotation though ... now that i think about it.01:33
jamielennoxnkinder: can we leave the whole thing as base64 until we've at least had a chance to ask simo about it01:33
jamielennoxnkinder: i know he'll say it's a bad idea - but i'd be interested to know if he has a real reason for it01:34
jamielennoxmorganfainberg: KDS gives source -> target encryption, not retrievable keys01:34
nkinderjamielennox: sure, I expect that to be his answer too :)01:34
jamielennoxmorganfainberg: at least not yet01:35
nkinderjamielennox, morganfainberg: I have this right now in my working copy - http://ur1.ca/g5a4p01:35
*** tanisdl has quit IRC01:35
morganfainbergjamielennox, oh wait what i'm looking for is more barbican's domain01:35
morganfainberg*facepalm*01:35
jamielennoxmorganfainberg: yea, barbican will give you that - they call it orders, and i've no idea why01:36
morganfainbergjamielennox, in theory you could make encryption a callback instead _i_ guess so kds could do the lifting, but i'm not sure if that is the right approach01:36
*** nosnos has joined #openstack-dev01:36
morganfainbergs/you/I01:36
*** xarses has quit IRC01:37
simojamielennox: whatsup ?01:37
jamielennoxsimo: ok, so we are discussing the base64 encoding of the metadata and the ticket01:38
simoI did reply on the review :)01:38
jamielennoxbknudson has suggested it should just be a json encoded string01:38
jamielennoxsimo: oh, haven't seen that yet01:38
*** prad_ has joined #openstack-dev01:38
simono it contains a dict01:38
nkindersimo, jamielennox: My babysitter just showed up and it's date night with my wife, so I'll let you two hash it out.01:39
simoalso different json libraries can produce slightly different results01:39
jamielennoxsimo: yea, JSON the dict into a string, then put the string into the response01:39
simoand you absolutely want to verify signatures before any code touches the packet01:39
nkindersimo: see these links for the proposal - http://ur1.ca/g5a4p  http://ur1.ca/g5a5e01:39
jamielennoxnkinder: yea, i'd pick that option too01:39
*** dims has joined #openstack-dev01:39
simoso by using base64 you force the right order of operations too01:39
simoI am against01:40
*** bingbu has joined #openstack-dev01:40
morganfainbergbknudson, does internal_api deprecation warrant a docimpact?01:40
jamielennoxsimo: so long as the signature is done before decoding the string it shouldn't matter - it's not pretty, but it hasn't ever been pretty01:40
nkinderyeah, technically it's fine I think, but it's ugly01:40
simojamielennox: code will end up accessing that data before it is checked01:40
morganfainbergbknudson, realized i forgot to put that on the token_list review.  before i resubmitted, was curious if it really was warranted01:40
simoit will just happen01:40
jamielennoxsimo: you would still need to json.loads() it, you could say the same about that as before but just json.loads(base64.b64decode(...))01:41
*** lbragstad has quit IRC01:41
*** herndon_ has joined #openstack-dev01:41
morganfainbergdstanek, ^ question i proposed to bknudson01:42
*** nkinder is now known as nkinder|away01:42
simojamielennox: you can swear it will not happen, then joe-brogrammer will come along, will se the data is just a json string and wiull json.load() on his own in some pipeline01:42
jamielennoxsimo: i don't really have a strong opinion here, i'm used to the base64 at this point01:42
*** lbragstad has joined #openstack-dev01:43
morganfainbergsimo, i think that is the first legitimate use of 'brogrammer' i've seen.01:43
simomorganfainberg: :)01:43
jamielennoxsimo: right, but joe-brogrammer is probably going to ignore the signature as well01:43
jamielennoxsimo: we can't protect people from misusing apis01:44
simojamielennox: perhaps01:44
simojamielennox: but you can discourage bad behavior01:44
simojamielennox: the thing is also that IIRC the code automatically parses json strings01:45
jamielennoxsimo: so for metadata i am fine either way - but the same argument holds for returning the ticket01:45
*** prad_ has quit IRC01:45
simoor at least I encountered something like that at some point01:45
jamielennoxsimo: i tried it earlier in python, json escapes quotes so it shouldn't01:45
simonot entirely sure the code in the final state suffered from it though01:45
jamielennoxIn [2]: json.dumps({'metadata': json.dumps({'a': 1, 'b': 2}), 'signature': 'xxxxx'})01:45
jamielennoxOut[2]: '{"signature": "xxxxx", "metadata": "{\\"a\\": 1, \\"b\\": 2}"}'01:45
morganfainbergoh oh i know  and base64 encode it then ROT13 it! that way someone would need to ... do something extra to ignore the signature and not use our api /s01:46
morganfainbergsorry, i'm feeling a little snarky today01:46
jamielennoxmorganfainberg: lol01:46
simomorganfainberg: if you feel strongly about not doing base64, then go ahead01:46
morganfainbergsimo, i don't01:46
morganfainbergsimo, i was commenting on the discouraging mis-use and skipping the signature part01:47
*** gmurphy has left #openstack-dev01:47
simoit certainly has no security property per se01:47
jamielennoxsimo: it was bknudson initially and i'm not sure how strong the opinions were01:47
simoit was exclusively defensive coding on my part01:47
morganfainbergsimo, i think either b64 or json opens different avenues.  b ut likely, if the API si just easier to use, joe-brogrammer will use that (I hope)01:47
simomorganfainberg: I've seen things ... :)01:48
jamielennoxmorganfainberg: joe-brogrammer can use python-kdsclient01:48
*** buzztroll has joined #openstack-dev01:48
jamielennox... god, i'm going to have to write that01:48
morganfainbergjamielennox, now you're asking too much01:48
simojamielennox: joe-brogrammer should never use the KDS tbh01:48
simohe should not need to01:48
morganfainbergsimo, ++01:48
simoit is all deep infrastructure code well beneath the API level a novice should even think of touching01:49
morganfainbergsimo, he is above it... i mean, it adds a dependancy that he doesn't actually need.01:49
jamielennoxsimo: ok, so there is nothing i missed that required base64-ing whether we do JSON or base64 is just style01:49
morganfainbergactually, after seeing the example ^ of json w/ json, i don't like it as much01:50
*** willingc has quit IRC01:50
simojamielennox: so bottom line, I have a preference for leaving base64 there, but I can't say no to json strings as long as it all works01:50
morganfainbergjamielennox, i think it would be more clear w/ b6401:50
morganfainbergthat it's separate data that is01:50
nkinder|awaymorganfainberg: ++01:50
*** mikeoutland has quit IRC01:50
jamielennoxnkinder|away: go on your date01:50
morganfainbergjamielennox, ++01:50
jamielennoxok, i agree - stick with the bas6401:51
simomorganfainberg: yes, that was another consideration, as I said: defensive programming trained compelled me to do base6401:51
simo*training01:51
morganfainbergsimo, seeing the data convinced me it's the right approach, conceptually it doesn't matter a whole lot.01:51
simono as I said it makes 0 difference from a security perspective01:51
*** prad_ has joined #openstack-dev01:52
morganfainbergsimo, but makeing it _clearly_ separate data is a better approach.01:52
*** lbragstad1 has joined #openstack-dev01:52
morganfainbergis it base64.encode(json.dumps) ?01:53
*** buzztroll has quit IRC01:53
*** lbragstad has quit IRC01:53
morganfainbergi appologize, i haven't read up on the implementation yet.01:53
morganfainbergi... have been running errands all day =/01:53
*** reed has quit IRC01:53
jamielennoxmorganfainberg: yes01:55
morganfainbergjamielennox, ok.01:55
morganfainbergcool01:55
jamielennoxmorganfainberg: it has to be a string to base64 encode something01:55
morganfainbergjamielennox, i don't know someone might have done something silly... like pickle01:55
morganfainbergor some such01:56
*** fifieldt_ has quit IRC01:56
*** fifieldt_ has joined #openstack-dev01:56
morganfainbergsimo, i'm going to add you to a review tomorrow about the impl. of key-value-store encrypt/HMAC stuff.  it's leveraging already written code, but i want some more eyes on this type of stuff on the code, if you don't mind01:57
morganfainbergmake sure i'm not leaving a gaping hole in the security feature using the tried-and-tested code01:57
*** netavenger-jr has joined #openstack-dev01:58
simomorganfainberg: ack01:58
morganfainbergsimo, cool thanks01:59
*** rods has quit IRC01:59
*** carl_baldwin has quit IRC01:59
*** guohliu has joined #openstack-dev02:00
*** mohits has quit IRC02:01
*** boris-42 has quit IRC02:02
*** lbragstad has joined #openstack-dev02:03
*** lbragstad1 has quit IRC02:04
*** prad_ has quit IRC02:05
*** bdpayne has quit IRC02:05
*** melwitt has left #openstack-dev02:05
*** glenng has joined #openstack-dev02:05
*** mrodden has joined #openstack-dev02:06
*** renlt has joined #openstack-dev02:09
*** markwash has joined #openstack-dev02:10
*** MaxV has joined #openstack-dev02:11
*** tmclaugh[work] has quit IRC02:11
*** tmclaugh[work] has joined #openstack-dev02:11
*** xarg has quit IRC02:14
*** xarg_ is now known as xarg02:14
*** stevemar has joined #openstack-dev02:15
*** MaxV has quit IRC02:16
*** openstack has joined #openstack-dev02:17
-hobana.freenode.net- [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp02:17
*** tmclaugh[work] has quit IRC02:19
*** faramir1 has quit IRC02:20
*** xarg_ has joined #openstack-dev02:21
*** glenng1 has joined #openstack-dev02:21
*** herndon_ has quit IRC02:21
*** glenng has quit IRC02:23
*** jayg is now known as jayg|g0n302:30
*** isd has joined #openstack-dev02:30
*** isd has left #openstack-dev02:31
*** jasdeepH has joined #openstack-dev02:31
*** jasdeepH has left #openstack-dev02:31
*** mengxd has joined #openstack-dev02:33
*** xingchao has joined #openstack-dev02:33
*** bingbu has quit IRC02:34
*** jcooley_ has joined #openstack-dev02:35
*** matsuhas_ has quit IRC02:35
*** dims has quit IRC02:37
*** Mandell has quit IRC02:37
*** llu_linux is now known as llu02:41
*** neelashah has joined #openstack-dev02:41
*** sandy__ has quit IRC02:43
*** Ryan_Lane has joined #openstack-dev02:44
*** DennyZhang has joined #openstack-dev02:46
*** xdmeng has joined #openstack-dev02:47
*** erkules_ has joined #openstack-dev02:48
*** Ryan_Lane has quit IRC02:49
*** erkules has quit IRC02:49
*** mengxd has quit IRC02:49
*** haomaiwang has joined #openstack-dev02:50
*** mfer has quit IRC02:50
*** xingchao has quit IRC02:50
*** rongze has joined #openstack-dev02:53
*** mfer has joined #openstack-dev02:55
*** rongze_ has joined #openstack-dev02:55
*** claxton has joined #openstack-dev02:56
*** stevemar has quit IRC02:56
*** mrodden has quit IRC02:57
*** rongze has quit IRC02:58
*** sandy__ has joined #openstack-dev02:59
*** litong has quit IRC03:03
*** Braxton_ has joined #openstack-dev03:10
*** Chicago has quit IRC03:10
*** aveiga has joined #openstack-dev03:11
*** HenryG has quit IRC03:11
*** MaxV has joined #openstack-dev03:12
*** shinylasers has quit IRC03:14
*** mfer has quit IRC03:15
*** MaxV has quit IRC03:16
*** chandankumar has joined #openstack-dev03:17
*** jcooley_ has quit IRC03:17
*** mohits has joined #openstack-dev03:17
*** Chicago has joined #openstack-dev03:17
*** markwash has quit IRC03:18
*** mfer has joined #openstack-dev03:20
*** sdake_ has quit IRC03:21
*** dripton has quit IRC03:21
*** noorul has joined #openstack-dev03:21
*** CaptTofu has quit IRC03:24
*** paragan_ has joined #openstack-dev03:24
*** claxton has quit IRC03:27
*** shinylasers has joined #openstack-dev03:30
*** Braxton_ has quit IRC03:34
*** CaptTofu has joined #openstack-dev03:36
*** mfer has quit IRC03:38
*** mfer has joined #openstack-dev03:39
*** mfer has quit IRC03:41
*** DennyZhang has quit IRC03:42
*** DennyZha` has joined #openstack-dev03:42
*** sarob has joined #openstack-dev03:45
*** Ryan_Lane has joined #openstack-dev03:45
*** mriedem has quit IRC03:47
*** Ryan_Lane has quit IRC03:50
*** shinylasers has quit IRC03:52
*** sumanth has joined #openstack-dev03:54
*** shinylasers has joined #openstack-dev03:55
*** tzumainn has quit IRC03:59
*** matiu has joined #openstack-dev04:00
*** topol has joined #openstack-dev04:04
*** mohits has quit IRC04:05
*** mohits has joined #openstack-dev04:06
*** mohits has quit IRC04:06
*** aveiga has quit IRC04:07
*** matsuhashi has joined #openstack-dev04:14
*** Mandell has joined #openstack-dev04:20
*** ayoung has quit IRC04:20
*** epopt37 has quit IRC04:21
*** kushal has joined #openstack-dev04:22
*** michchap_ has joined #openstack-dev04:24
*** novas0x2a|laptop has quit IRC04:24
*** michchap has quit IRC04:26
*** sdake_ has joined #openstack-dev04:29
*** mikeoutland has joined #openstack-dev04:32
*** shinylasers has quit IRC04:33
*** epopt37 has joined #openstack-dev04:34
*** rongze_ has quit IRC04:35
*** michchap has joined #openstack-dev04:35
*** rraja has joined #openstack-dev04:36
*** CaptTofu has quit IRC04:36
*** CaptTofu has joined #openstack-dev04:36
*** michchap_ has quit IRC04:38
*** otherwiseguy has quit IRC04:40
*** aditirav has joined #openstack-dev04:41
*** mfer has joined #openstack-dev04:44
*** sumanthns has joined #openstack-dev04:44
*** markwash has joined #openstack-dev04:45
*** Ryan_Lane has joined #openstack-dev04:46
*** mfer has quit IRC04:48
*** aditirav has quit IRC04:48
*** mikeoutland has quit IRC04:49
*** aditirav has joined #openstack-dev04:49
*** Shaan7 has joined #openstack-dev04:50
*** Shaan7 has quit IRC04:50
*** Shaan7 has joined #openstack-dev04:50
*** Ryan_Lane has quit IRC04:51
*** rraja has quit IRC04:51
*** otherwiseguy has joined #openstack-dev04:52
*** aditirav_ has joined #openstack-dev04:53
*** amotoki has joined #openstack-dev04:53
*** willingc has joined #openstack-dev04:53
*** willingc has quit IRC04:55
*** nshaikh has joined #openstack-dev04:55
*** bauzas has quit IRC04:55
*** aditirav has quit IRC04:55
*** aditirav_ is now known as aditirav04:56
*** jrh2064 has joined #openstack-dev04:57
*** aeperezt has quit IRC04:59
*** sarob has quit IRC04:59
*** jrh2064 has left #openstack-dev04:59
*** jamespage has quit IRC05:00
*** nkinder|away is now known as nkinder05:01
*** basha has joined #openstack-dev05:02
*** marun has joined #openstack-dev05:03
nkindermorganfainberg: I'd be happy to look over your key-value-store work tomorrow too.05:03
*** noorul` has joined #openstack-dev05:05
*** noorul has quit IRC05:09
*** noorul`` has joined #openstack-dev05:09
*** noorul` has quit IRC05:12
*** mgagne1 has joined #openstack-dev05:15
*** mgagne1 has joined #openstack-dev05:15
*** mgagne has quit IRC05:17
*** noorul`` is now known as noorul05:19
*** noorul has joined #openstack-dev05:19
*** fifieldt_ has quit IRC05:21
*** stevemar has joined #openstack-dev05:21
*** xarses has joined #openstack-dev05:22
*** DennyZha` has quit IRC05:24
*** changbl has joined #openstack-dev05:25
*** shinylasers has joined #openstack-dev05:25
*** sarob has joined #openstack-dev05:27
*** rushiagr has joined #openstack-dev05:27
StevenKlifeless: Is there a way to have python -m subunit.run discover print out the tests as they're being run? -v does not help -- and in fact, seems to have no effect.05:27
lifelessStevenK: subunit.run prints them out as subunit packets05:28
*** sarob has quit IRC05:28
lifelessStevenK: it's how it works :). Perhaps though you're talking about some UI layer ?05:28
*** sarob has joined #openstack-dev05:28
StevenKlifeless: Trying to think of some way to address the review comments in https://review.openstack.org/#/c/59699/3/.testr.conf05:29
*** sarob has quit IRC05:30
lifelessStevenK: replied there05:30
*** netavenger-jr has quit IRC05:31
*** thelorax123 has joined #openstack-dev05:31
StevenKlifeless: Thanks05:31
*** sarob has joined #openstack-dev05:32
*** sarob has quit IRC05:33
*** matiu has quit IRC05:34
*** sarob has joined #openstack-dev05:34
*** sarob has quit IRC05:39
*** topol has quit IRC05:44
*** Ryan_Lane has joined #openstack-dev05:47
*** Shaan7 has quit IRC05:48
*** sdake_ has quit IRC05:49
*** xingchao has joined #openstack-dev05:49
*** matiu has joined #openstack-dev05:50
*** Ryan_Lane has quit IRC05:51
*** mrodden has joined #openstack-dev05:52
*** paragan_ has quit IRC05:52
*** paragan has joined #openstack-dev05:53
*** paragan has quit IRC05:53
*** paragan has joined #openstack-dev05:53
*** claxton has joined #openstack-dev05:54
*** mikeoutland has joined #openstack-dev05:54
*** xingchao has quit IRC05:55
*** yamahata_ has quit IRC05:55
*** xingchao has joined #openstack-dev05:57
*** DennyZha` has joined #openstack-dev05:57
*** toabctl has quit IRC05:57
*** toabctl has joined #openstack-dev05:58
*** e0ne has joined #openstack-dev06:01
*** DennyZha` has quit IRC06:01
*** toabctl has quit IRC06:01
*** toabctl has joined #openstack-dev06:02
*** toabctl has joined #openstack-dev06:02
*** e0ne has quit IRC06:02
*** xingchao has quit IRC06:02
*** toabctl has quit IRC06:02
*** toabctl has joined #openstack-dev06:02
*** toabctl has joined #openstack-dev06:02
*** rraja has joined #openstack-dev06:05
*** Chicago has quit IRC06:05
*** yeylon__ has joined #openstack-dev06:06
*** neeti has joined #openstack-dev06:09
*** noslzzp has joined #openstack-dev06:09
*** thelorax123 has quit IRC06:13
*** matsuhashi has quit IRC06:14
*** rushiagr2 has joined #openstack-dev06:14
*** matsuhashi has joined #openstack-dev06:14
*** thelorax123 has joined #openstack-dev06:14
*** rushiagr has quit IRC06:15
*** rohitk has joined #openstack-dev06:15
*** rcleere has joined #openstack-dev06:19
*** csaba|afk is now known as csaba06:20
*** rushiagr2 is now known as rushiagr06:24
*** bdpayne has joined #openstack-dev06:26
*** guohliu has quit IRC06:29
*** guohliu has joined #openstack-dev06:30
*** alex_klimov has joined #openstack-dev06:33
*** Abhishek has joined #openstack-dev06:34
*** guohliu has quit IRC06:35
*** rdas has joined #openstack-dev06:35
*** kbrierly has quit IRC06:36
*** guohliu has joined #openstack-dev06:36
*** e0ne has joined #openstack-dev06:36
*** jkyle has quit IRC06:37
*** e0ne has quit IRC06:37
*** Shaan7 has joined #openstack-dev06:38
*** basha has quit IRC06:40
*** rcleere has quit IRC06:41
*** alex_klimov has quit IRC06:41
*** Ryan_Lane has joined #openstack-dev06:44
*** jkyle has joined #openstack-dev06:44
*** sushils has quit IRC06:44
*** prekarat has joined #openstack-dev06:50
*** ArcTanSusan has joined #openstack-dev06:50
*** Ryan_Lane has quit IRC06:50
*** ngoracke has joined #openstack-dev06:51
*** noslzzp has quit IRC06:52
*** rongze has joined #openstack-dev06:54
*** Abhishek has quit IRC06:56
*** shinylasers has quit IRC06:57
*** kbrierly has joined #openstack-dev06:58
*** neelashah has quit IRC06:59
*** vartom11119 has joined #openstack-dev06:59
*** jpich has joined #openstack-dev07:00
*** bdpayne has quit IRC07:02
*** vuntz has quit IRC07:03
*** vartom111110 has joined #openstack-dev07:05
*** vartom11119 has quit IRC07:06
*** gyee has quit IRC07:06
*** alex_klimov has joined #openstack-dev07:06
*** alex_klimov has quit IRC07:08
*** alex_klimov has joined #openstack-dev07:08
*** jamespage has joined #openstack-dev07:09
*** Ryan_Lane has joined #openstack-dev07:09
*** alex_klimov has quit IRC07:09
*** alex_klimov1 has joined #openstack-dev07:10
*** SergeyLukjanov has joined #openstack-dev07:12
*** denis_makogon has joined #openstack-dev07:15
*** urulama has joined #openstack-dev07:17
*** ngoracke has quit IRC07:17
*** kmsWork_ has joined #openstack-dev07:17
*** matsuhashi has quit IRC07:17
*** sthaha has joined #openstack-dev07:17
*** Ryan_Lane has quit IRC07:19
*** kmsWork has quit IRC07:19
*** mrunge_ has joined #openstack-dev07:20
*** avishay has joined #openstack-dev07:20
*** vuntz has joined #openstack-dev07:21
*** nati_ueno has quit IRC07:24
*** irenab has joined #openstack-dev07:25
*** paragan has quit IRC07:25
*** jcoufal has joined #openstack-dev07:30
*** basha has joined #openstack-dev07:31
*** pierou has joined #openstack-dev07:32
*** stevemar has quit IRC07:32
*** pierou has quit IRC07:33
*** boris-42 has joined #openstack-dev07:35
*** basha has quit IRC07:35
*** rraja has quit IRC07:36
*** mikeoutland has quit IRC07:37
*** mikeoutland has joined #openstack-dev07:37
*** paragan has joined #openstack-dev07:37
*** paragan has quit IRC07:37
*** paragan has joined #openstack-dev07:37
*** SergeyLukjanov has quit IRC07:41
*** mikeoutland has quit IRC07:42
*** belmoreira has joined #openstack-dev07:44
*** belmoreira has quit IRC07:44
*** belmoreira has joined #openstack-dev07:44
*** SergeyLukjanov has joined #openstack-dev07:48
*** MaxV has joined #openstack-dev07:49
*** ifarkas has joined #openstack-dev07:50
*** shinylasers has joined #openstack-dev07:51
*** jpich has quit IRC07:56
*** xdmeng has quit IRC07:57
*** mengxd has joined #openstack-dev07:57
*** lsmola has joined #openstack-dev07:57
*** DeeJay1 has joined #openstack-dev07:58
*** e0ne has joined #openstack-dev07:58
*** mrunge has quit IRC07:58
*** mrunge_ is now known as mrunge07:59
*** sushils has joined #openstack-dev08:00
*** basha has joined #openstack-dev08:01
*** basha has quit IRC08:03
*** reidrac has joined #openstack-dev08:04
*** k4n0 has joined #openstack-dev08:07
*** e0ne_ has joined #openstack-dev08:08
*** harlowja has quit IRC08:08
*** mindpixel has joined #openstack-dev08:09
*** flaper87|afk is now known as flaper8708:09
*** corXi has joined #openstack-dev08:09
*** ig has joined #openstack-dev08:09
*** DinaBelova has joined #openstack-dev08:10
*** e0ne has quit IRC08:11
*** che-arne has quit IRC08:12
*** basha has joined #openstack-dev08:15
*** nati_ueno has joined #openstack-dev08:15
*** jprovazn has joined #openstack-dev08:16
*** mohits has joined #openstack-dev08:16
*** jamielennox is now known as jamielennox|away08:17
*** dsantos_ has quit IRC08:20
*** ifarkas has quit IRC08:21
ekarlsosandy__: around ? or Apsu08:21
ekarlsoapl08:21
ekarlsodammit ! :)08:21
*** ArcTanSusan has quit IRC08:22
*** xqueralt has joined #openstack-dev08:24
*** tkammer has joined #openstack-dev08:24
*** giulivo has joined #openstack-dev08:25
*** dsantos_ has joined #openstack-dev08:26
*** vipul is now known as vipul-away08:27
*** mdbooth has joined #openstack-dev08:27
*** ifarkas has joined #openstack-dev08:27
*** DinaBelova has quit IRC08:27
*** Ryan_Lane has joined #openstack-dev08:29
*** bauzas has joined #openstack-dev08:30
*** salv-orlando has joined #openstack-dev08:34
*** SergeyLukjanov has quit IRC08:36
*** Ryan_Lane has quit IRC08:37
*** vipul-away is now known as vipul08:37
k4n0Hey guys, i have odd situation here, for my review https://review.openstack.org/#/c/59860/, all python 2.6 unit tests are failing, but all python 2.7 pass. Seems to be some bug on the CI side08:39
*** SlickNik has quit IRC08:39
*** SlickNik has joined #openstack-dev08:40
*** neeti has quit IRC08:40
*** akrivoka has joined #openstack-dev08:41
*** Ryan_Lane has joined #openstack-dev08:42
*** neeti has joined #openstack-dev08:44
*** jp_at_hp has joined #openstack-dev08:46
*** pixelb has joined #openstack-dev08:46
*** thelorax123 has quit IRC08:46
*** denis_makogon has quit IRC08:47
*** mancdaz_away is now known as mancdaz08:47
*** omachace has joined #openstack-dev08:47
*** thelorax123 has joined #openstack-dev08:47
*** Shaan7 has quit IRC08:48
*** shinylasers has quit IRC08:51
*** teran has quit IRC08:52
ndipanovk4n0, https://wiki.openstack.org/wiki/GerritJenkinsGit#Test_Failures08:52
ndipanovk4n0, but in short - you need to "recheck"08:52
*** shinylasers has joined #openstack-dev08:53
*** mmagr has joined #openstack-dev08:53
*** e0ne_ has quit IRC08:55
*** xga has joined #openstack-dev08:57
*** boris-42 has quit IRC08:57
*** nati_ueno has quit IRC08:57
*** jistr has joined #openstack-dev08:58
k4n0ndipanov:  yes, "recheck" will help, but this issue has occured on 3 different patch sets09:00
*** vuil has joined #openstack-dev09:00
k4n0ndipanov: I will try recheck no bug once09:00
ndipanovk4n0, in that case maybe report the bug?09:00
*** vuil has quit IRC09:01
*** e0ne has joined #openstack-dev09:01
ndipanovk4n0, it seems like a dependancy issue09:01
ndipanovit might be legit09:01
k4n0ndipanov: Sure, i will try recheck once , if issue persists, i will report the bug09:01
ndipanovImportError: cannot import name consoles09:01
ndipanovI'd report it immediately09:01
ndipanovhmmm09:02
k4n0ndipanov: ok, i report the bug in openstack-infra?09:02
*** boden has joined #openstack-dev09:02
ndipanovk4n0, wait a sec09:02
*** eglynn-afk has joined #openstack-dev09:03
ndipanovk4n0, can you show me the other patches that had the same09:04
ndipanovthis looks like a circular import problem09:04
ndipanovinteresting09:05
k4n0ndipanov: it has happened in the sam review for all the patch sets, no other review of mine has this issue09:06
k4n0*same09:06
ndipanovk4n0, interesting that it only happens in 2.609:07
k4n0ndipanov: yes, should i report bug in nova?09:07
ndipanovk4n0, not sure - it is very likely your patch - but it may have triggered the bug in nova09:08
ndipanovdid you run 2.6 tests on your machine?09:08
*** xga_ has joined #openstack-dev09:10
*** xga has quit IRC09:10
*** giulivo has quit IRC09:10
*** athomas has joined #openstack-dev09:10
BobBallekarlso: nope!09:13
ekarlsoBobBall: any new packages out for XS?09:14
BobBallekarlso: trying to get the auto-refreshing packages up09:14
*** giulivo has joined #openstack-dev09:14
BobBallekarlso: maybe will have that next week - then it'll be always following trunk09:15
*** boris-42 has joined #openstack-dev09:16
*** yamahata_ has joined #openstack-dev09:16
*** iartarisi has joined #openstack-dev09:17
ndipanovk4n0, but that db call in the view builder in your patch is hacky anyway. you shouldn't do that there09:18
ndipanovtry moving it in the actual controller09:18
ndipanovand remove the exceptions import09:18
ndipanovI'd personally -1 that patch... k4n0 actually... :)09:19
*** rraja has joined #openstack-dev09:19
k4n0ndipanov: I havent ran the 2.6 tests, i will do that, Yes the patch is hacky, will try to refactor it :)09:21
*** nati_ueno has joined #openstack-dev09:22
*** jpich has joined #openstack-dev09:24
*** xga_ has quit IRC09:24
*** xga has joined #openstack-dev09:24
*** mdbooth has quit IRC09:24
*** lucasagomes has joined #openstack-dev09:25
*** jtomasek has joined #openstack-dev09:27
*** renlt has quit IRC09:27
*** marekd|away is now known as marekd09:28
*** rraja has quit IRC09:29
*** jcoufal has quit IRC09:30
*** mdbooth has joined #openstack-dev09:31
*** Ryan_Lane has quit IRC09:32
*** fbo_away is now known as fbo09:33
*** avishayb has joined #openstack-dev09:35
*** yeylon__ has quit IRC09:35
*** e0ne_ has joined #openstack-dev09:36
*** claxton has quit IRC09:36
*** jtomasek has quit IRC09:36
*** claxton has joined #openstack-dev09:37
*** xdmeng has joined #openstack-dev09:38
*** mengxd has quit IRC09:39
*** xdmeng has quit IRC09:39
*** e0ne has quit IRC09:39
*** mengxd has joined #openstack-dev09:39
*** rossella_s has joined #openstack-dev09:40
*** mengxd has quit IRC09:41
*** danpb has joined #openstack-dev09:41
*** Alexei_987 has joined #openstack-dev09:43
*** max_lobur_afk is now known as max_lobur09:45
*** amuller has joined #openstack-dev09:45
*** rraja has joined #openstack-dev09:46
*** gongysh has joined #openstack-dev09:49
*** yeylon__ has joined #openstack-dev09:50
*** jtomasek has joined #openstack-dev09:50
*** irenab has quit IRC09:52
*** Ryan_Lane has joined #openstack-dev09:53
*** garyk has joined #openstack-dev09:54
*** teran has joined #openstack-dev09:54
*** markmcclain has joined #openstack-dev09:54
*** abk has joined #openstack-dev09:55
*** gongysh has quit IRC09:55
*** johnthetubaguy has joined #openstack-dev09:56
*** jcoufal has joined #openstack-dev09:58
*** yamahata_ has quit IRC09:58
*** markmcclain has quit IRC09:59
*** Ryan_Lane has quit IRC09:59
*** johnthetubaguy1 has joined #openstack-dev09:59
*** johnthetubaguy has quit IRC10:00
*** athomas has quit IRC10:00
*** mdbooth has quit IRC10:00
*** Ryan_Lane has joined #openstack-dev10:00
*** abk has quit IRC10:00
*** akrivoka has quit IRC10:01
*** Ryan_Lane has quit IRC10:01
*** xga_ has joined #openstack-dev10:01
*** xga has quit IRC10:02
*** akrivoka has joined #openstack-dev10:02
*** Ryan_Lane has joined #openstack-dev10:03
*** Ryan_Lane has quit IRC10:03
*** erkules_ is now known as erkules10:04
*** jtomasek has quit IRC10:04
*** neoXsys has joined #openstack-dev10:04
*** lsmola has quit IRC10:05
*** nati_ueno has quit IRC10:06
*** mancdaz is now known as mancdaz_away10:07
*** aloga has joined #openstack-dev10:07
*** martyntaylor has joined #openstack-dev10:09
*** jlabocki1 has joined #openstack-dev10:10
*** abk has joined #openstack-dev10:12
*** mancdaz_away is now known as mancdaz10:12
*** derekh has joined #openstack-dev10:13
*** jlabocki has quit IRC10:14
*** bvandenh has joined #openstack-dev10:14
*** omachace has quit IRC10:15
*** eglynn-afk is now known as eglynn10:16
garyklifeless: ping10:16
*** lsmola has joined #openstack-dev10:18
*** omachace has joined #openstack-dev10:18
*** exed has joined #openstack-dev10:19
*** jtomasek has joined #openstack-dev10:20
*** thelorax123 has quit IRC10:24
*** che-arne has joined #openstack-dev10:25
*** thelorax123 has joined #openstack-dev10:25
*** paragan has quit IRC10:29
*** michchap has quit IRC10:30
*** fc__ has quit IRC10:31
*** michchap has joined #openstack-dev10:31
*** che-arne has quit IRC10:31
*** xga_ has quit IRC10:31
*** fc__ has joined #openstack-dev10:31
*** teran has quit IRC10:32
*** gszasz has joined #openstack-dev10:32
*** xga has joined #openstack-dev10:32
*** teran has joined #openstack-dev10:33
*** ig has quit IRC10:37
*** teran has quit IRC10:37
*** ig has joined #openstack-dev10:37
*** jprovazn has quit IRC10:41
*** sridevi has joined #openstack-dev10:43
*** ig has quit IRC10:43
*** ig has joined #openstack-dev10:43
*** rraja has quit IRC10:45
*** rfolco has joined #openstack-dev10:45
*** Ryan_Lane has joined #openstack-dev10:45
*** sumanth has quit IRC10:45
*** akrivoka has quit IRC10:46
*** akrivoka has joined #openstack-dev10:47
*** boris-42 has quit IRC10:47
*** lsmola has quit IRC10:49
*** romcheg has joined #openstack-dev10:50
*** mirrorbox has quit IRC10:55
*** athomas has joined #openstack-dev10:55
*** mirrorbox has joined #openstack-dev10:55
*** sudorandom has quit IRC10:55
*** markmc has joined #openstack-dev10:55
*** sudorandom has joined #openstack-dev10:56
*** rraja has joined #openstack-dev10:57
*** xga has quit IRC10:57
*** thelorax123 has quit IRC10:57
*** amuller has quit IRC10:58
*** thelorax123 has joined #openstack-dev10:58
*** tkammer has quit IRC10:59
ttxjd__: tagging i1 for ceilometer now unless you scream10:59
*** dsantos_ has quit IRC10:59
*** sumanth has joined #openstack-dev10:59
*** yamahata_ has joined #openstack-dev11:01
*** boris-42 has joined #openstack-dev11:02
*** lsmola has joined #openstack-dev11:02
*** neeti_ has joined #openstack-dev11:06
*** neeti has quit IRC11:07
tristanCttx: fyi there may be some latencies, jd__ is currently at openstack in action, in paris11:08
*** Ryan_Lane has quit IRC11:09
ttxtristanC: yeah, he is in the same room I am in11:09
*** rongze has quit IRC11:12
*** jprovazn has joined #openstack-dev11:15
*** mdenny has quit IRC11:15
*** yamahata_ has quit IRC11:15
*** akrivoka has quit IRC11:18
ttxmarkmc: hey! was transport-aliases completed ?11:20
*** claxton has quit IRC11:21
*** tkammer has joined #openstack-dev11:21
*** guohliu has quit IRC11:22
*** tkammer has quit IRC11:22
markmcttx, yes!11:22
*** tkammer has joined #openstack-dev11:22
markmcttx, but no-one approved it!11:23
markmcttx, :-P11:23
markmcttx, oh, did I not bump it to i-2?11:23
markmcttx, oh, that's right - sorry, I thought I'd closed out the icehouse-1 milestone11:23
ttxno, it's still in i111:23
ttxshould I move it to i2 ?11:24
markmcI just moved it11:24
*** lbragstad has quit IRC11:24
markmcyou're going to make the milestone released?11:24
*** lbragstad has joined #openstack-dev11:25
ttxmarkmc: i can do that11:25
markmcttx, thanks11:25
ttxmarkmc: will close bugs and all11:25
markmcttx, super11:25
markmcttx, you're not doing a live demo of release management on stage or something, are you? :)11:26
markmcttx, how did your talk go?11:26
*** urulama has quit IRC11:27
ttxmarkmc: looks like it went well11:27
EmilienMmarkmc: ttx : i confirm :)11:28
markmcttx, cool11:29
*** teran has joined #openstack-dev11:29
*** thelorax123 has quit IRC11:30
*** Ryan_Lane has joined #openstack-dev11:31
*** thelorax123 has joined #openstack-dev11:32
*** HenryG has joined #openstack-dev11:32
*** VeggieMeat_ is now known as VeggieMeat11:32
*** akrivoka has joined #openstack-dev11:33
*** jcoufal has quit IRC11:36
*** pcm_ has joined #openstack-dev11:37
*** pcm_ has quit IRC11:38
*** pcm_ has joined #openstack-dev11:39
*** teran has quit IRC11:41
*** matiu has quit IRC11:41
*** amuller has joined #openstack-dev11:45
*** urulama has joined #openstack-dev11:47
*** morazi has joined #openstack-dev11:48
*** ArxCruz has joined #openstack-dev11:48
*** morazi has quit IRC11:53
*** fbo is now known as fbo_away11:54
*** matiu has joined #openstack-dev11:54
*** rongze has joined #openstack-dev11:57
*** aditirav has quit IRC11:57
*** aditirav has joined #openstack-dev11:58
*** rkukura has quit IRC11:58
*** sumanth has quit IRC12:01
*** amuller has quit IRC12:03
*** amuller_ has joined #openstack-dev12:03
*** Ryan_Lane has quit IRC12:04
*** aditirav_ has joined #openstack-dev12:05
*** paragan has joined #openstack-dev12:05
*** paragan has quit IRC12:05
*** paragan has joined #openstack-dev12:05
*** morazi has joined #openstack-dev12:06
*** tdruiva has joined #openstack-dev12:07
*** aditirav has quit IRC12:08
*** aditirav_ is now known as aditirav12:08
*** tdruiva has quit IRC12:08
*** tdruiva has joined #openstack-dev12:09
*** amuller_ has quit IRC12:09
*** sumanth has joined #openstack-dev12:13
*** basha has quit IRC12:14
*** teran has joined #openstack-dev12:17
*** irenab has joined #openstack-dev12:17
*** rongze has quit IRC12:17
*** dsantos_ has joined #openstack-dev12:18
*** irenab has quit IRC12:18
*** irenab has joined #openstack-dev12:19
irenab#msg sadasu hi12:20
*** mkollaro has joined #openstack-dev12:21
*** amuller_ has joined #openstack-dev12:25
*** sumanthns has quit IRC12:26
*** vkmc has joined #openstack-dev12:27
*** rods has joined #openstack-dev12:29
*** sridevi has quit IRC12:31
*** xingchao has joined #openstack-dev12:33
*** sadasu has joined #openstack-dev12:33
sadasuHello irenab12:34
*** rongze has joined #openstack-dev12:35
*** dsantos_ has quit IRC12:36
*** tellesnobrega has quit IRC12:37
*** thomasem has joined #openstack-dev12:37
*** aditirav has quit IRC12:38
*** samuelqueiroz has quit IRC12:39
irenabhi sadasu12:41
*** rongze_ has joined #openstack-dev12:41
sadasuirenab: Good morning! Lets get started!12:41
*** rongze has quit IRC12:42
irenabsadasu: there is an option to do one to one chat. Do you see my message?12:43
*** samuelqueiroz has joined #openstack-dev12:44
*** nosnos has quit IRC12:45
*** dsantos_ has joined #openstack-dev12:45
*** tellesnobrega has joined #openstack-dev12:46
*** k4n0 has left #openstack-dev12:50
*** dims has joined #openstack-dev12:51
*** CaptTofu has quit IRC12:51
*** CaptTofu has joined #openstack-dev12:51
*** FunnyLookinHat has joined #openstack-dev12:55
*** athomas has quit IRC12:57
*** galstrom_zzz is now known as galstrom12:57
*** xchu has joined #openstack-dev12:59
*** galstrom is now known as galstrom_zzz13:00
*** xingchao has quit IRC13:00
*** avishay has quit IRC13:01
*** mdbooth has joined #openstack-dev13:02
*** dubsquared has joined #openstack-dev13:03
*** neeti_ has quit IRC13:05
*** gordc has joined #openstack-dev13:06
*** salv-orlando_ has joined #openstack-dev13:06
*** freyes has joined #openstack-dev13:06
*** avishayb has quit IRC13:07
*** bvandenh has quit IRC13:07
*** dkranz has quit IRC13:08
*** avishayb has joined #openstack-dev13:08
*** dolphm has joined #openstack-dev13:08
*** _crobertsrh is now known as crobertsrh13:09
*** salv-orlando has quit IRC13:09
*** salv-orlando_ is now known as salv-orlando13:09
*** thelorax123 has quit IRC13:09
*** amuller_ has quit IRC13:09
*** thelorax123 has joined #openstack-dev13:10
*** sgordon has joined #openstack-dev13:11
*** sgordon has joined #openstack-dev13:11
*** prad has joined #openstack-dev13:13
*** prekarat has quit IRC13:14
*** Ryan_Lane has joined #openstack-dev13:14
*** loq_mac has joined #openstack-dev13:14
*** e0ne_ has quit IRC13:15
*** e0ne has joined #openstack-dev13:15
*** DinaBelova has joined #openstack-dev13:15
*** dubsquared has quit IRC13:17
*** prad has quit IRC13:18
ttxdolphm: I'll tag keystone icehouse-1 as soon as you get up and confirm13:18
dolphmttx: ++13:18
ttxdolphm: is that a yes ?13:18
dolphmttx: yes!13:19
ttxok, processing13:19
dolphmttx: all my bug activity is you marking stuff fix released13:19
*** e0ne has quit IRC13:20
*** lsmola has quit IRC13:22
*** CaptTofu has quit IRC13:25
*** yamahata_ has joined #openstack-dev13:25
*** glenng1 has quit IRC13:25
*** CaptTofu has joined #openstack-dev13:25
*** yamahata_ has quit IRC13:26
*** yamahata_ has joined #openstack-dev13:26
*** loq_mac has quit IRC13:26
*** SergeyLukjanov has joined #openstack-dev13:26
*** glenng has joined #openstack-dev13:26
*** gordc has quit IRC13:26
ttxjgriffith: same for you, will tag icehouse-1 once you get up and give me your confirmation13:26
*** rdas has quit IRC13:27
*** avishayb has quit IRC13:28
*** fbo_away is now known as fbo13:29
*** neelashah has joined #openstack-dev13:30
*** amuller_ has joined #openstack-dev13:30
*** amuller_ is now known as amuller13:31
*** KeithSharp has joined #openstack-dev13:31
*** matrohon has quit IRC13:33
*** vkmc has quit IRC13:34
*** CaptTofu has quit IRC13:35
*** jdob has joined #openstack-dev13:35
*** CaptTofu has joined #openstack-dev13:35
*** changbl has quit IRC13:35
*** rohitk has quit IRC13:36
*** rohitk has joined #openstack-dev13:36
*** stevemar has joined #openstack-dev13:37
*** pafuent has joined #openstack-dev13:37
*** pafuent has left #openstack-dev13:38
*** aron28 has joined #openstack-dev13:38
aron28hello13:38
*** vladikr has joined #openstack-dev13:38
*** tkammer has quit IRC13:39
aron28Can anyone give me a hint how can i figure out the code for "nova hypervisor-stats" command13:39
*** avishayb has joined #openstack-dev13:39
*** aburaschi has joined #openstack-dev13:40
*** noslzzp has joined #openstack-dev13:40
*** dkranz has joined #openstack-dev13:44
*** fbo is now known as fbo_away13:45
*** matrohon has joined #openstack-dev13:47
*** athomas has joined #openstack-dev13:48
*** dkranz has quit IRC13:50
*** thelorax123 has quit IRC13:52
*** thelorax123 has joined #openstack-dev13:54
*** fbo_away is now known as fbo13:54
*** dubsquared has joined #openstack-dev13:57
*** jistr has quit IRC13:57
*** jistr has joined #openstack-dev13:58
*** Ryan_Lane has quit IRC13:58
*** dprince has joined #openstack-dev13:59
*** kbringard has joined #openstack-dev13:59
*** jasondotstar has joined #openstack-dev13:59
*** jecarey has joined #openstack-dev14:00
*** buzztroll has joined #openstack-dev14:00
*** drewlander has joined #openstack-dev14:00
*** bswartz has quit IRC14:01
*** burt has joined #openstack-dev14:01
*** morazi has quit IRC14:01
*** alunduil has quit IRC14:03
*** e0ne has joined #openstack-dev14:03
*** thelorax123 has quit IRC14:03
*** evgeny_fedoruk_ has joined #openstack-dev14:03
*** jcoufal has joined #openstack-dev14:03
*** thelorax123 has joined #openstack-dev14:06
*** Ruetobas has quit IRC14:12
*** ondergetekende has quit IRC14:12
*** e0ne has quit IRC14:12
*** e0ne has joined #openstack-dev14:12
*** yamahata_ has quit IRC14:12
*** yamahata_ has joined #openstack-dev14:12
*** dims has quit IRC14:12
*** morazi has joined #openstack-dev14:12
*** fbo is now known as fbo_away14:12
*** aeperezt has joined #openstack-dev14:12
*** dbalog has joined #openstack-dev14:12
*** Ryan_Lane has joined #openstack-dev14:12
*** e0ne has quit IRC14:12
*** dims has joined #openstack-dev14:12
*** joesavak has joined #openstack-dev14:12
*** mohits has quit IRC14:12
*** mriedem has joined #openstack-dev14:12
*** heyongli has joined #openstack-dev14:12
*** carl_baldwin has joined #openstack-dev14:12
*** ruhe has joined #openstack-dev14:12
*** giroro_ has joined #openstack-dev14:12
*** ondergetekende has joined #openstack-dev14:12
*** samuelbercovici has joined #openstack-dev14:12
*** fbo_away is now known as fbo14:15
*** dolphm has quit IRC14:16
*** irenab has quit IRC14:16
*** vartom111110 has quit IRC14:17
*** basha has joined #openstack-dev14:17
*** rraja has quit IRC14:18
*** dubsquared has quit IRC14:18
*** afazekas has quit IRC14:20
*** eharney has quit IRC14:20
*** nermina has joined #openstack-dev14:21
*** peristeri has joined #openstack-dev14:21
*** loq_mac has joined #openstack-dev14:21
ttxdavid-lyle: will tag horizon icehouse-1 when you get up and confirm14:21
tellesnobregamorganfainberg: ping14:22
*** venkatesh has joined #openstack-dev14:22
*** prad has joined #openstack-dev14:23
*** dolphm has joined #openstack-dev14:25
*** litong has joined #openstack-dev14:25
*** lbragstad has quit IRC14:25
*** jayg|g0n3 is now known as jayg14:28
*** dvarga has joined #openstack-dev14:29
*** tkammer has joined #openstack-dev14:30
*** rraja has joined #openstack-dev14:31
*** otherwiseguy has quit IRC14:31
*** otherwiseguy has joined #openstack-dev14:31
*** byeager has joined #openstack-dev14:31
*** aditirav has joined #openstack-dev14:31
*** markmcclain has joined #openstack-dev14:32
*** pabelanger has quit IRC14:32
*** tmclaugh[work] has joined #openstack-dev14:33
*** loquacities has joined #openstack-dev14:33
*** loquacities has quit IRC14:34
*** loquacities has joined #openstack-dev14:34
*** carl_baldwin has quit IRC14:34
*** loq_mac has quit IRC14:35
*** mancdaz is now known as mancdaz_away14:35
*** gszasz has quit IRC14:35
*** rkukura has joined #openstack-dev14:35
*** johnthetubaguy1 is now known as johnthetubaguy14:35
*** jobewan has joined #openstack-dev14:35
*** dkranz has joined #openstack-dev14:36
*** ngoracke has joined #openstack-dev14:36
*** sumanth has quit IRC14:37
*** jdob has quit IRC14:38
*** stevemar has quit IRC14:42
*** radez_g0n3 is now known as radez14:43
*** mjbright_ has joined #openstack-dev14:43
*** stevemar has joined #openstack-dev14:44
*** amotoki_ has joined #openstack-dev14:44
*** carl_baldwin has joined #openstack-dev14:45
*** neeti has joined #openstack-dev14:47
*** jruzicka has joined #openstack-dev14:47
*** omachace has left #openstack-dev14:47
*** dolphm has quit IRC14:48
*** dolphm has joined #openstack-dev14:48
*** yaguang has joined #openstack-dev14:48
*** claytonc has joined #openstack-dev14:48
*** clayb has joined #openstack-dev14:48
*** loquacities has quit IRC14:49
*** sballe has joined #openstack-dev14:49
*** markmcclain has quit IRC14:49
*** mjbright_ has quit IRC14:49
*** loq_mac has joined #openstack-dev14:50
*** jruzicka is now known as jruzicka_wfh14:50
*** jdob has joined #openstack-dev14:51
*** basha has quit IRC14:52
*** dolphm has quit IRC14:53
*** mfer has joined #openstack-dev14:53
*** ayoung has joined #openstack-dev14:54
*** loq_mac has quit IRC14:56
*** fbo is now known as fbo_away14:56
*** jcoufal has quit IRC14:56
*** troytoman is now known as troytoman-away14:56
*** abramley has quit IRC14:56
*** aditirav has quit IRC14:57
*** lbragstad has joined #openstack-dev14:58
*** belmoreira has quit IRC14:58
*** basha has joined #openstack-dev14:58
*** nshaikh has left #openstack-dev14:59
*** loq_mac has joined #openstack-dev14:59
*** bswartz has joined #openstack-dev15:00
*** gargya has joined #openstack-dev15:00
*** dripton has joined #openstack-dev15:01
*** loq_mac has quit IRC15:02
*** sdake has quit IRC15:02
*** loq_mac has joined #openstack-dev15:03
*** sdake has joined #openstack-dev15:03
*** neeti has quit IRC15:04
*** e0ne has joined #openstack-dev15:04
*** dubsquared has joined #openstack-dev15:04
jpicheglynn: Hello! We're chatting about https://bugs.launchpad.net/horizon/+bug/1249279 as a havana-backport-potential with amotoki_15:05
uvirtbotLaunchpad bug 1249279 in horizon "Resource Usage Page table views shows statistics in a wrong way" [Medium,Fix released]15:05
*** samuelbercovici has quit IRC15:06
jpicheglynn: It's about the removal of the misleading tables in the Horizon resource usage panel15:06
*** rohitk has quit IRC15:06
*** aditirav has joined #openstack-dev15:06
jpicheglynn: We believe it's a worthwhile backport, for reasons you're probably aware of (the data is wrong) however the patch is quite big15:07
eglynnjpich: yeah, l remember discussing with lsmola a while back15:07
*** xqueralt has quit IRC15:07
jpicheglynn: Do you foresee any issue with submitting it as backport it, with your stable-maint hat on?15:07
*** loq_mac has quit IRC15:07
*** mjbright_ has joined #openstack-dev15:07
*** heyongli has quit IRC15:07
eglynnjpich: looking at the patch now ...15:07
*** e0ne has quit IRC15:09
eglynnjpich: so it wouldn't be the largeness of the patch that's the potential issue here, as it's pretty much all deletions15:09
*** Ryan_Lane has quit IRC15:09
eglynnjpich: more the principal of removing a pre-existing "feature" on stable, right?15:09
*** aron28 has quit IRC15:10
eglynnjpich: that would be unconventional all right, but IIUC this "feature" is irretrievably broken15:10
jpicheglynn: The data is wrong, yeah...15:10
eglynnjpich: so in that sense, I would think removing something broken to that extent from stable would be valid15:11
eglynnjpich: ... as it does more damage that good in terms of confusing users, IIUC15:11
jpicheglynn: Ok! That makes sense. So we should submit it, and include this explanation in the comments15:12
jpicheglynn: That is my understanding15:12
eglynnjpich: cool, sounds like a plan :)15:12
jpicheglynn: Cheers!15:13
*** alunduil has joined #openstack-dev15:13
*** afazekas has joined #openstack-dev15:13
*** diakunchikov_ has joined #openstack-dev15:13
*** Ryan_Lane has joined #openstack-dev15:14
*** Ryan_Lane has quit IRC15:15
*** yamahata_ has quit IRC15:17
*** yamahata_ has joined #openstack-dev15:17
*** topol has joined #openstack-dev15:17
*** xchu has quit IRC15:17
*** eharney has joined #openstack-dev15:18
*** FunnyLookinHat has quit IRC15:19
*** wwallnrr__ has quit IRC15:19
*** yolanda has quit IRC15:19
*** abramley has joined #openstack-dev15:20
*** avishayb has quit IRC15:20
*** Ryan_Lane has joined #openstack-dev15:21
*** xqueralt has joined #openstack-dev15:22
*** fbo_away is now known as fbo15:22
*** gargya has quit IRC15:22
*** carl_baldwin has quit IRC15:22
*** DeeJay1 has quit IRC15:23
*** sandy__ has quit IRC15:23
*** marun has quit IRC15:23
*** datsun180b has joined #openstack-dev15:23
*** aditirav_ has joined #openstack-dev15:24
*** aditirav has quit IRC15:25
*** aditirav_ is now known as aditirav15:25
*** devlaps has joined #openstack-dev15:26
*** tkammer has quit IRC15:26
*** e0ne has joined #openstack-dev15:27
*** jergerber has joined #openstack-dev15:27
*** avishayb has joined #openstack-dev15:27
*** shinylasers has quit IRC15:28
*** Ryan_Lane has quit IRC15:29
*** sridevi has joined #openstack-dev15:30
*** bvandenh has joined #openstack-dev15:30
*** mikeoutland has joined #openstack-dev15:30
*** xarg_ has quit IRC15:31
*** jgrimm has joined #openstack-dev15:31
*** xarg_ has joined #openstack-dev15:33
*** Shaan7 has joined #openstack-dev15:35
*** Shaan7 has quit IRC15:35
*** Shaan7 has joined #openstack-dev15:35
*** anniec has joined #openstack-dev15:35
*** sandy__ has joined #openstack-dev15:35
*** aditirav has quit IRC15:36
*** xqueralt has quit IRC15:37
*** anniec has quit IRC15:37
*** xqueralt has joined #openstack-dev15:38
*** rohitk has joined #openstack-dev15:38
*** sadasu has quit IRC15:38
*** yeylon__ has quit IRC15:39
*** carlp has joined #openstack-dev15:39
*** xarg_ has quit IRC15:39
*** haomaiwang has quit IRC15:43
*** sarob has joined #openstack-dev15:43
*** gordc has joined #openstack-dev15:44
*** KeithSharp has quit IRC15:47
*** nelsnelson has joined #openstack-dev15:47
*** samuelbercovici has joined #openstack-dev15:47
*** stevemar has quit IRC15:48
*** mancdaz_away is now known as mancdaz15:50
*** xarg_ has joined #openstack-dev15:51
*** jpomero has joined #openstack-dev15:51
*** KeithSharp has joined #openstack-dev15:51
*** stevemar has joined #openstack-dev15:53
*** yeylon__ has joined #openstack-dev15:53
*** SergeyLukjanov has quit IRC15:54
*** DinaBelova has quit IRC15:54
*** ctracey|away is now known as ctracey15:55
*** xarg__ has joined #openstack-dev15:57
*** xarg_ has quit IRC15:57
*** yaguang has quit IRC15:57
*** sridevi has quit IRC15:57
*** rcleere has joined #openstack-dev15:57
*** jcooley_ has joined #openstack-dev15:58
*** jprovazn has quit IRC15:58
*** willingc has joined #openstack-dev15:59
*** jcooley_ has quit IRC15:59
*** mikeoutland has quit IRC16:00
*** giroro_ has quit IRC16:01
*** rraja is now known as rraja|afk16:01
*** sthaha has quit IRC16:02
*** topol has quit IRC16:02
*** topol_ has joined #openstack-dev16:02
*** topol_ is now known as topol16:02
*** Ruetobas has joined #openstack-dev16:03
*** basha has quit IRC16:03
*** pabelanger has joined #openstack-dev16:03
*** amuller has quit IRC16:04
*** reidrac has quit IRC16:05
*** mlavalle has joined #openstack-dev16:05
*** mrodden has quit IRC16:05
*** AZBob has joined #openstack-dev16:05
*** jcooley_ has joined #openstack-dev16:06
sandy__markmc, any idea when oslo-incubator is cutting over to messaging?16:06
*** rraja|afk has quit IRC16:06
markmcsandy__, hmm, it won't16:06
*** yamahata_ has quit IRC16:06
markmcsandy__, it'll just be deleted from incubator16:06
*** rnirmal has joined #openstack-dev16:06
sandy__markmc, but what about any notification calls that occur in incubator?16:07
*** sergmelikyan has joined #openstack-dev16:07
*** carl_baldwin has joined #openstack-dev16:07
markmcsandy__, like ?16:07
sandy__markmc, I'm working on that request_id linkage branch we discussed at the summit. This will be a utility function in incubator. So incubator will need to call notifier.16:08
*** Ruetobas has quit IRC16:08
sandy__markmc, arguably, I could pass in the notifier as a parameter16:08
markmcsandy__, ok, so something new then16:08
markmcsandy__, yeah, unclear how best to handle it ... but I suspect it's not a big deal16:09
sandy__markmc, I'll have a look and see if any other code in incubator calls the notifier16:09
markmcsandy__, either support both methods or just oslo.messaging, maybe16:09
*** rudrarugge has joined #openstack-dev16:09
*** FunnyLookinHat has joined #openstack-dev16:09
markmcsandy__, the only other thing is the notifier middleware16:09
sandy__markmc, middleware?16:09
markmcsandy__, openstack/common/middleware/notifier.py16:09
markmcsandy__, I don't know what it does, honestly, or whether anyone uses it16:10
flaper87garyk: ping16:10
jgriffithttx: for sure on tagging16:10
*** AZBob has quit IRC16:10
flaper87sdague: ping16:11
sandy__markmc, <looking>16:11
*** boris-42 has quit IRC16:11
sandy__markmc, hmm, yeah, not sure about that one. Can't imagine wanting to turn it on in production.16:12
*** jprovazn has joined #openstack-dev16:12
sandy__markmc, how about I pass in the notifier as a parameter?16:12
*** herndon has joined #openstack-dev16:12
*** jcooley_ has quit IRC16:12
sandy__markmc, I think the notify() signature is the same across libraries16:13
markmcsandy__, there is no notify() in oslo.messaging16:13
*** jcooley_ has joined #openstack-dev16:13
markmcsandy__, there is a _notify() :)16:13
*** Ruetobas has joined #openstack-dev16:13
*** ifarkas has quit IRC16:14
markmcsandy__, i.e. it's warn(), info(), error(), etc.16:14
*** paragan has quit IRC16:14
sandy__markmc, ah, crap ... right.16:14
*** thelorax123 has quit IRC16:14
*** rossella_s has quit IRC16:15
*** max_lobur is now known as max_lobur_afk16:15
sandy__markmc, perhaps that's the change I should make to incubator to make the transition easier?16:15
*** pabelanger has quit IRC16:15
sandy__markmc, add those helper methods to notifier.api16:15
*** thelorax123 has joined #openstack-dev16:16
*** csaba is now known as csaba|afk16:16
*** basha has joined #openstack-dev16:16
*** e0ne_ has joined #openstack-dev16:17
*** e0ne has quit IRC16:17
*** mdenny has joined #openstack-dev16:17
markmcsandy__, I did this for the RPC side: https://review.openstack.org/#/c/39929/69/nova/rpcclient.py16:17
sdagueflaper87: pong16:17
markmcsandy__, i.e. added an oslo.messaging shim over the incubator code to Nova and ported everything to do that first16:17
*** changbl has joined #openstack-dev16:17
markmcsandy__, then the final port to oslo.messaging just removes that16:17
markmcsandy__, maybe worthwhile here, but I found the notifications call trivial to port so maybe not worth it16:18
*** jcooley_ has quit IRC16:18
*** mgagne1 is now known as mgagne16:18
*** gordc has quit IRC16:18
flaper87sdague: hey, I hate to do this but, when you get a chance, could you take a look here? https://review.openstack.org/#/c/47999/16:18
flaper87sdague: Dean already blessed it16:18
flaper87thing is we need it for marconi, tempest and gate16:18
flaper87thanks in advance16:19
sdagueflaper87: sure, lgtm16:19
sdaguethough 8888 seems like an odd port choice16:19
flaper87sdague: awesome, thanks a lot!16:20
shardyayoung: Hi16:20
flaper87sdague: yeah, I was considering chaning it16:20
flaper87sdague: I'll update devstack as soon as we do that16:20
flaper87sdague: thanks again!16:20
*** mrodden has joined #openstack-dev16:20
giulivoflaper87, I noticed this in the rpms deps "selinux-policy-targeted" ?16:21
sandy__markmc, I could pass in the notifier and be clever about calling .error/.info()/etc vs .notify() with getattr() check? Seems clunky though.16:21
sandy__markmc, once we have messaging adoption we can remove that check.16:22
*** galstrom_zzz is now known as galstrom16:22
sandy__markmc, I'm assuming the plan is that there is no messaging library usage in incubator at all?16:22
markmcsandy__, if code in incubator needs to do messaging, it should use oslo.messaging16:23
*** akrivoka has quit IRC16:23
*** samuelqueiroz has quit IRC16:23
markmcsandy__, how about this ... provide a base API which takes a notify callable16:23
*** alex_klimov1 has quit IRC16:23
markmcsandy__, and provide an implementation which supplies a callable that uses oslo.messaging16:23
markmcsandy__, if projects need to use the base API with the incubator notifier code, they can pass an alternative callable16:24
markmcsandy__, or do it the other way around, I don't really mind16:24
*** ndipanov has quit IRC16:24
markmcsandy__, later, we just refactor away the old stuff and just have the oslo.messaging version16:24
sandy__markmc, yeah, essentially the same thing. K ... will do. Thanks for the feedback.16:25
markmcsandy__, np16:25
*** AZBob has joined #openstack-dev16:25
*** stevemar has quit IRC16:26
*** xarg__ has quit IRC16:27
sdaguebnemec: https://review.openstack.org/#/c/60274/1 - I'm sure there are plenty of problems there, but it's at least a start of talking about this in code instead of ML english16:27
*** matiu has quit IRC16:27
*** pabelanger has joined #openstack-dev16:28
*** xarg_ has joined #openstack-dev16:29
*** yeylon__ has quit IRC16:30
*** che-arne has joined #openstack-dev16:30
*** SergeyLukjanov has joined #openstack-dev16:30
*** tdruiva has quit IRC16:31
*** colinmcnamara has joined #openstack-dev16:31
*** colinmcn_ has joined #openstack-dev16:31
*** SergeyLukjanov is now known as _SergeyLukjanov16:31
*** _SergeyLukjanov is now known as SergeyLukjanov16:31
*** basha has quit IRC16:31
*** mdbooth has quit IRC16:31
*** tdruiva has joined #openstack-dev16:31
*** bdpayne has joined #openstack-dev16:32
*** basha has joined #openstack-dev16:32
*** SergeyLukjanov is now known as _SergeyLukjanov16:32
*** _SergeyLukjanov is now known as SergeyLukjanov16:33
*** gordc has joined #openstack-dev16:33
*** dolphm has joined #openstack-dev16:34
*** basha has quit IRC16:34
*** colinmcn_ is now known as colinmcnamara_16:35
bnemecsdague: Cool.  I think we have some logging test cases elsewhere in Oslo that could be modified for this.16:35
*** tdruiva has quit IRC16:35
*** bswartz has quit IRC16:35
*** rohitk has quit IRC16:35
*** mindpixeler has joined #openstack-dev16:36
*** basha has joined #openstack-dev16:36
sdaguebnemec: cool16:37
*** basha has quit IRC16:37
*** rongze_ has quit IRC16:37
*** mindpixel has quit IRC16:38
sdagueok, my pep8 screw up is fixed as well. so review comments / flames appreciated16:39
*** alunduil has quit IRC16:41
*** pete5 has joined #openstack-dev16:43
*** SumitNaiksatam has quit IRC16:43
*** litong has quit IRC16:44
garykdims: ping16:44
*** venkatesh has quit IRC16:44
*** litong has joined #openstack-dev16:44
*** bauzas has quit IRC16:45
AZBobHi, question... I have a need to add attributes to hosts in nova for linking to some other stuff (basically, can be thought of as a foreign key) for the purpose of displaying some extra information in horizon... I was wondering what's the best way to add the attribute to the host... add a column to compute_nodes in the nova database, possibly add a key/value pair to the compute_node_stats table (less intrusive), or something else poss16:45
AZBobibly?16:45
*** litong has quit IRC16:46
*** litong has joined #openstack-dev16:46
*** JonnyNomad has quit IRC16:47
*** Alexei_987 has quit IRC16:47
sdagueSpamapS: actually -  https://review.openstack.org/#/c/60274/ would be good for your feedback as well (not sure if you usually watch olso patches) as you had some of the most concrete commentary on the ML thread16:48
*** ndipanov has joined #openstack-dev16:49
*** rohitk has joined #openstack-dev16:49
*** corXi has quit IRC16:51
*** Shaan7 has quit IRC16:51
*** jcooley_ has joined #openstack-dev16:51
SpamapSsdague: I dont' watch them so will take a peek now, thanks for the heads up.16:51
*** rossella_s has joined #openstack-dev16:52
*** Shaan7 has joined #openstack-dev16:52
*** xqueralt has quit IRC16:52
*** devoid has joined #openstack-dev16:52
*** nelsnelson has quit IRC16:53
*** abk has quit IRC16:53
*** jcooley_ has quit IRC16:54
*** jcooley_ has joined #openstack-dev16:55
dimsgaryk, pong16:55
*** devoid has left #openstack-dev16:55
*** dolphm has quit IRC16:55
*** mjbright_ has quit IRC16:56
*** jcooley_ has quit IRC16:57
*** athomas has quit IRC16:57
*** jcooley_ has joined #openstack-dev16:57
*** avishayb has quit IRC16:58
*** marekd-mobile has joined #openstack-dev16:58
*** iartarisi has quit IRC16:59
*** samuelbercovici has quit IRC17:00
*** andreaf has quit IRC17:00
*** stevemar has joined #openstack-dev17:00
*** andreaf has joined #openstack-dev17:01
*** fbo is now known as fbo_away17:01
*** jcooley_ has quit IRC17:02
*** gyee has joined #openstack-dev17:03
*** evgeny_fedoruk_ has quit IRC17:03
*** SumitNaiksatam has joined #openstack-dev17:04
*** athomas has joined #openstack-dev17:04
*** rnirmal has quit IRC17:05
*** marekd-mobile has quit IRC17:05
*** rnirmal has joined #openstack-dev17:05
*** jcooley_ has joined #openstack-dev17:06
*** markmc has quit IRC17:06
*** ngoracke has quit IRC17:07
ayoungshardy, hey...17:07
ayoungBeebn in design discussions all morning, just sat down17:07
shardyayoung: Hi, wanted to ask some questions re bug 124559017:08
uvirtbotLaunchpad bug 1245590 in keystone "List Trusts generates HTTP Error 500 " [Medium,Confirmed] https://launchpad.net/bugs/124559017:08
*** rraja|afk has joined #openstack-dev17:08
*** dolphm has joined #openstack-dev17:08
ayoungshardy, on my short list....let me pull it up17:08
shardyayoung: Been digging a little while trying to revive the trusts tempest tests17:08
*** rudrarugge has quit IRC17:08
shardyayoung: I have a patch which just removes the roles from the list_trusts reponse, which makes it align with the docs17:09
ayoungshardy, that is probably sufficient17:09
shardyayoung: But I then noticed we return expires_at in all GET's, but not the docs17:09
*** krtaylor has quit IRC17:09
ayoungexpires_at was added later, IIRC17:09
ayoungso that should be a doc bug17:09
ayoungshardy, post your patch.17:10
*** CaptTofu has quit IRC17:10
shardyOk, so remove roles from the summary list to align with docs, then align docs with expires elsewhere17:10
ayoungshardy, I'm going to have to fix some Heat bugs in a quid-pro-quo, aren't I?17:10
ayoungthansk for yo7ur work17:10
*** CaptTofu has joined #openstack-dev17:10
shardyayoung: Haha, yeah! :D17:10
ayoungshardy, +117:10
*** jswarren has joined #openstack-dev17:10
*** mindpixeler has quit IRC17:10
*** jswarren has quit IRC17:11
*** jmontemayor has joined #openstack-dev17:11
*** angdraug has joined #openstack-dev17:11
*** dolphm has quit IRC17:11
*** CaptTofu has quit IRC17:12
*** CaptTofu has joined #openstack-dev17:12
*** jswarren has joined #openstack-dev17:12
*** danpb has quit IRC17:14
*** rohitk has quit IRC17:14
*** shinylasers has joined #openstack-dev17:15
*** pmcg has quit IRC17:15
*** shinylasers has quit IRC17:15
*** pmcg has joined #openstack-dev17:16
*** bswartz has joined #openstack-dev17:18
*** martyntaylor has quit IRC17:18
*** ndipanov has quit IRC17:18
*** dolphm has joined #openstack-dev17:19
*** zaitcev has joined #openstack-dev17:20
*** exed has quit IRC17:20
*** mrunge has quit IRC17:20
*** mikeoutland has joined #openstack-dev17:21
*** teran has quit IRC17:22
*** ngoracke has joined #openstack-dev17:23
*** gradFuss has joined #openstack-dev17:24
*** armax has joined #openstack-dev17:24
*** armax has quit IRC17:25
*** johnthetubaguy has quit IRC17:26
*** garyk has quit IRC17:26
*** e0ne_ has quit IRC17:26
*** chandankumar has quit IRC17:26
*** rohitk has joined #openstack-dev17:27
*** armax has joined #openstack-dev17:27
*** neelashah has quit IRC17:27
*** twoputt_ has joined #openstack-dev17:27
*** twoputt__ has joined #openstack-dev17:27
*** armax has quit IRC17:28
*** armax has joined #openstack-dev17:28
*** Mandell has quit IRC17:28
*** Mandell has joined #openstack-dev17:29
*** aburaschi has left #openstack-dev17:29
*** nelsnelson has joined #openstack-dev17:30
SpamapSsdague: I shared my bah-humbug on https://review.openstack.org/#/c/60274/ .. I hope my position isn't too scroogey. ;)17:30
*** e0ne_ has joined #openstack-dev17:31
*** jtomasek has quit IRC17:31
*** armax has quit IRC17:32
*** jmontemayor has quit IRC17:32
*** jruzicka_wfh has quit IRC17:32
*** rcleere has quit IRC17:32
*** neelashah has joined #openstack-dev17:33
*** rcleere has joined #openstack-dev17:33
*** Mandell has quit IRC17:33
*** xarses has quit IRC17:33
*** armax has joined #openstack-dev17:34
*** dolphm has quit IRC17:34
*** armax has quit IRC17:34
*** armax has joined #openstack-dev17:34
sdagueSpamapS: appreciated17:34
sdagueit seems like there are lots of other DOS problems17:34
*** gradFuss has left #openstack-dev17:35
sdagueif there are malicious users on your box17:35
morganfainbergtellesnobrega, pong17:35
*** mikeoutland has quit IRC17:35
morganfainbergnkinder, i'll add you as well :)17:35
*** mancdaz is now known as mancdaz_away17:35
tellesnobregamorganfainberg: hi, i was talking yesterday with ayoung and dolphm about domain-specific-backend using ldap17:36
morganfainbergtellesnobrega, yes17:36
ayoungmorganfainberg, I told him he needed to help you17:36
morganfainbergtellesnobrega, sorry for the delay in response, US West Coast here so it's just now 0930.17:36
ayoungyour dom specific backend fix would need to be rebased, and it should be done after your KVS swork17:36
ayoungrework17:36
morganfainbergayoung, tellesnobrega, awesome.  i am sure i can use the help.  the patchset has been languishing.17:36
morganfainbergayoung, yeah.  it needs a lot of work to be rebased now i think.17:37
*** raildo has joined #openstack-dev17:37
tellesnobregamorganfainberg: i need now to write a document to state the status of this, can you help me out on this?17:38
*** exed has joined #openstack-dev17:38
morganfainbergtellesnobrega, sure what information do you need?17:38
*** markwash has quit IRC17:38
SpamapSsdague: totally agree! However, we should not make them trivial.17:38
sdaguewhile(fork())17:39
sdague:)17:39
SpamapSsdague: look at how both apparmor and SELinux have to treat /tmp .. its like "f that, its the wild west". :-(17:39
SpamapSsdague: strict ulimits handle that nicely17:39
*** sarob has quit IRC17:39
tellesnobregamorganfainberg: i hope that i can help with implementation, but for now i need to write this down. I would like to know, how much is left to implement, how complicated it is, how long would it take to get this working17:39
sdagueSpamapS: io attacks?17:40
SpamapSdon't even need a KSM for forkbomb prevention17:40
*** sarob has joined #openstack-dev17:40
morganfainbergtellesnobrega, https://review.openstack.org/#/c/45649/ this is the review I was working on17:40
*** marekd is now known as marekd|away17:41
SpamapSsdague: anything that shows up as high load is less of a problem because systems will be out of tolerances.17:41
tellesnobregamorganfainberg: thanks17:41
morganfainbergtellesnobrega, basically, there are a lot of cases that don't take into account the multiple-domain backends.  Basically, we need to make it all 100% aware17:41
morganfainbergthere are some edge cases still to address even with that patchset, notably issues with non-unique user_ids.17:41
*** jistr has quit IRC17:41
sdagueSpamapS: ok, fair. We could also reduce the exposure if we did a lock file check on permissions, that would still be a race, but a little one17:42
SpamapSsdague: also the idea is to isolate users and processes so that automation and/or operations can react efficiently, not necessarily to prevent all problems.17:42
*** armax has quit IRC17:42
morganfainbergbasically, we have no way to 100% guarantee that we know what domain a user_id comes from by looking up the user (in all cases)17:42
SpamapSsdague: If these locks are never meant to be used by two different _users_ then ownership checks would be 100% sufficient.17:42
morganfainbergtellesnobrega, it is _mostly_ solved with that patchset, but it still doesn't allow for assignment to cross domains cleanly outside of the default domain17:42
tellesnobregamorganfainberg: i see17:43
*** armax has joined #openstack-dev17:43
SpamapSsdague: heck, if this is single user, just use semaphore locking.17:43
sdagueSpamapS: yeh, I don't know17:43
morganfainbergtellesnobrega, likely that patchset needs to be split up into a couple distinct fixes: 1) consistent use of domain lookup for user reference, 2) implement mechanism to always know domain from user info (usernames are not globally unique, and user_ids should be, but it isn't enforced in that patchset)17:43
morganfainbergtellesnobrega, 3) general cleanup to make the multiple domain stuff easier to understand from a code perspective17:44
*** sarob has quit IRC17:44
morganfainbergtellesnobrega, also that patchset was prior to identity / assignment proxy cleanup.17:45
SpamapSsdague: http://docs.python.org/2/library/multiprocessing.html would work as a default no-filesystem-necessary method for single user locks.17:45
tellesnobregamorganfainberg: looks like there is quite a bit of work to get it working17:45
sdagueSpamapS: I wonder why that wasn't pursued before17:46
sdaguehonestly, it was the reason for the ML thread, because I didn't have all the context17:46
*** devoid has joined #openstack-dev17:46
morganfainbergtellesnobrega, yes, and it needs much more testing.  the testing has some gaps at the moment.17:46
SpamapSsdague: perhaps there are multi-user concerns17:47
*** jcooley_ has quit IRC17:47
sdagueSpamapS: yeh, there might be17:47
*** anniec has joined #openstack-dev17:47
*** pmathews has joined #openstack-dev17:48
*** jcooley_ has joined #openstack-dev17:48
SpamapSsdague: the library should just expose all the methods. "Filesystem allows multi-user. Semaphore is single-user. Windows is f***ed anyway so why would you even care?...." and let users choose17:48
SpamapSoh whoops did I forget the filter again?17:48
sdagueheh17:49
*** armax has quit IRC17:49
*** sarob has joined #openstack-dev17:49
*** armax has joined #openstack-dev17:49
*** holms has joined #openstack-dev17:50
*** krtaylor has joined #openstack-dev17:50
holmsguys and ladies, is there's a page for openstack images like this? http://www.vagrantbox.es/17:50
*** galstrom is now known as galstrom_zzz17:50
holmsbecause I'll  probably gonna start one.. every instruction ive found for debian or centos just doesn't work out of th ebox17:51
*** jcooley_ has quit IRC17:52
*** abk has joined #openstack-dev17:53
*** garyk has joined #openstack-dev17:54
*** isd has joined #openstack-dev17:54
*** rudrarugge has joined #openstack-dev17:55
*** pmathews has quit IRC17:56
morganfainbergtellesnobrega, let me know if you need any more detailed information17:56
*** jcooley_ has joined #openstack-dev17:56
tellesnobregamorganfainberg: i will, im just writing some of this conversation down17:56
morganfainbergtellesnobrega, sure thing17:56
SpamapSsdague: I left some feedback there. I think users should be allowed to weigh in.17:57
sdagueyep17:57
*** sarob has quit IRC17:57
*** sarob has joined #openstack-dev17:58
*** ArxCruz has quit IRC17:59
*** xarses has joined #openstack-dev18:00
*** hemnafk is now known as hemna18:00
*** pablosan has joined #openstack-dev18:00
*** teran has joined #openstack-dev18:00
*** pmathews has joined #openstack-dev18:01
*** mlavalle has quit IRC18:02
*** nati_ueno has joined #openstack-dev18:02
*** sarob has quit IRC18:02
shardyayoung: https://review.openstack.org/#/c/60301/18:02
*** rossella_s has quit IRC18:03
*** reed has joined #openstack-dev18:03
*** mlavalle has joined #openstack-dev18:04
*** basha has joined #openstack-dev18:05
*** byeager has quit IRC18:06
*** lbragstad has quit IRC18:06
dsantos_hi I'm trying to run glance with ssl but I'm getting an error. I found this bug https://bugs.launchpad.net/python-glanceclient/+bug/1160520 but it doesn't seems to be fixed. The error that I got is "not all arguments converted during string formatting". Does someone know how can I fix this?18:07
uvirtbotLaunchpad bug 1160520 in python-glanceclient "Misleading error message when OS_CACERT is set incorrectly" [Undecided,In progress]18:07
*** basha has quit IRC18:08
*** jobewan has quit IRC18:09
*** colinmcnamara has quit IRC18:10
*** colinmcnamara_ has quit IRC18:10
morganfainbergayoung, posting an update to the keyvaluestore refactor shortly, split out the security-strategy stuff into it's own patchset since we can then get more security minded folks to look at that specifically (and it reduces line count by a couple hundred making the review a little easier to swallow)18:10
ayoungmorganfainberg, ++18:10
morganfainbergayoung, hopefully i'll have the example token backend stuff up today as well18:10
*** derekh has quit IRC18:10
ayounggood18:11
*** ArxCruz has joined #openstack-dev18:11
*** mmagr has quit IRC18:11
*** markwash has joined #openstack-dev18:12
*** bashok has joined #openstack-dev18:12
*** harlowja has joined #openstack-dev18:14
*** sushils has quit IRC18:15
arosennati_ueno:  can you checkout https://review.openstack.org/#/c/57670/ again.  I had replied to your comments.18:15
nati_uenoarosen: sure18:15
tellesnobregamorganfainberg: about domain management using LDAP, how will it work, the idea is to have one ldap server for each domain right?18:16
morganfainbergtellesnobrega, that is acceptable to do.  though you still will need a "default domain"18:16
*** colinmcnamara has joined #openstack-dev18:16
*** rraja|afk has quit IRC18:17
*** colinmcn_ has joined #openstack-dev18:17
tellesnobregamorganfainberg: i see18:17
*** lbragstad has joined #openstack-dev18:17
morganfainbergtellesnobrega, in the current implementation that is.  perhaps the pre-step is to remove the "Default domain" concept [except the V2-isms that need it] but use it as a compatibility not a core feature of V3 (this might break API compat though, so it might be a non-starter)18:18
morganfainbergayoung, ^18:18
ayoungtellesnobrega, morganfainberg Henrynash explained it like this:18:18
ayoungyou will install Keystone, and put all of the service users in SQL18:18
ayoungthen you will mount each of the LDAP domain explicitly on top of that18:19
*** shardy is now known as shardy_afk18:19
ayoungdo default should likely be SQL18:19
*** pablosan has quit IRC18:19
ayoungand LDAP is used read only on explicitly named domains18:19
*** rohitk has quit IRC18:20
morganfainbergayoung, that has always been my plan.  ideally i'd like multiple SQL stores (strictly internal usecase) but same net effect18:21
morganfainbergayoung, but if it is possible to be rid (in v3) of the 'default domain', that could make it easier to enforce the user/domain link everywhere18:22
*** yolanda has joined #openstack-dev18:22
*** galstrom_zzz is now known as galstrom18:22
morganfainbergayoung, but i get the feeling that default domain removal would break api compat and require a V4, which i _really_ don't want.18:22
ayoungmorganfainberg, lets just get to multiple LDAPs working with explicit domains, asnd keep default for a while18:23
morganfainbergayoung, fair enough.18:23
ayoungI think unuique userids is possible with a little magic in the ID backend18:23
*** rdas has joined #openstack-dev18:23
ayoungwe make it possible to prepend a namespace on the userid18:24
morganfainbergayoung, so we need to enforce the unique id separately.  yes, some magic would be good on that front18:24
ayoungso dom1:ayoung vs dom2:ayoung18:24
ayoungthen LDAP just uses the part after the :18:24
morganfainbergayoung, uuids all the way down! /s18:24
morganfainbergi mean turtles18:24
*** neelashah has quit IRC18:24
morganfainbergyeah i think that is fine, we will need to increase the SQL column sizes in assignment, but that is no big deal18:25
ayoungmorganfainberg, well, uids in LDAP might be smaller than uuids18:25
ayoungmorganfainberg, say uid is the users numeric posix id, it could be  d1:560018:26
morganfainbergayoung, right now, i _think_ we have an artificially small user_id column in assignment... i might be wrong18:26
ayoungmorganfainberg, the question is not "what domain is this in" but rather "what store do I look for this in ... minor difference18:26
morganfainbergjust to support <dom>:<uid> we might need to increase that18:26
ayoungbut it means that everything without a prefex can assume to be in SQL18:27
morganfainbergayoung, yep.18:27
*** bashok has quit IRC18:27
morganfainbergayoung, sounds good18:28
*** bswartz has quit IRC18:28
morganfainbergayoung, so that means user_id would need to be domain pre-pended if used to auth18:28
morganfainberg?18:28
morganfainbergor would we go with the user_id@domain mechanism18:28
ayoungmorganfainberg, howabout we don't call it domain...IdP18:28
*** sarob has joined #openstack-dev18:28
morganfainbergayoung, haha, fine.18:28
ayoungidpid:uid18:28
ayoungmorganfainberg, well, keystone is an IdP18:28
morganfainbergayoung, same issue with usernames18:28
ayoungso the default IdP is SQL18:29
ayoungand then we say:  no : in userids18:29
morganfainbergayoung, since usernames are not globally unique18:29
*** devoid has left #openstack-dev18:29
ayoungusername with no domain name or id implies it is in the default domain.18:30
*** nelsnels_ has joined #openstack-dev18:30
morganfainbergand which mechanism for specifying idp do you think is right?  idpid:username? idpname:username username@idpid, username@idpname?18:30
ayoungso for authenticate, I think we are good.  We might need to explicitly clarify some cases in the identity docs18:30
morganfainbergayoung, just rely on passing the domain field in?18:31
ayoungmorganfainberg, for authenticate etc, yes18:31
morganfainbergayoung, ok18:31
morganfainbergayoung, i am on board with that.18:31
ayoungget user_id from user_name type uses18:31
morganfainbergmakes it easy, and we already have prior art for that.18:31
morganfainbergtellesnobrega, ^ (if you weren't tracking this conversation)18:32
*** sarob has quit IRC18:33
*** nelsnelson has quit IRC18:33
isdIs there a way to get devstack to launch multiple instances of the same service? (e.g. two cinders)18:33
morganfainbergok, so simple: username -> user_id requires domain specification (unless default domain), user_id non-prefixed with IdPid is a default idp/domain user, otherwise use the correct idp to lookup the user.18:33
morganfainbergayoung, i think that will make things a lot easier to chase down/fix.18:33
ayoungmorganfainberg, ++18:33
ayoungmorganfainberg, and we add an addtional configt option:  idp_prefix18:34
ayoungit will go in the domain specific file18:34
tellesnobregamorganfainberg: im following,18:34
*** melwitt has joined #openstack-dev18:34
morganfainbergayoung, actually, i am thinking we should move away from the specific on-disk configs18:34
morganfainbergayoung, move it into something that can be configured via API18:35
*** dkranz has quit IRC18:35
ayoungmorganfainberg, well, we have them into a half-assed state.  Lets get them to work first18:35
morganfainbergsince we're already making some sizable changes.18:35
*** willingc has quit IRC18:35
ayoungI think we are going to want to keep them for LDAP, but not necessarily for Federation18:35
*** belmoreira has joined #openstack-dev18:35
morganfainbergayoung, i meant once we have it working, make that step 4?18:35
*** e0ne has joined #openstack-dev18:35
ayoungright after profit.18:35
*** belmoreira has left #openstack-dev18:35
morganfainbergayoung, hm. reasoning for using on-disk for LDAP vs something internally stored with keystone?  security?18:36
ayoungyeah..plus the complexity of the configuration information compared with SAML type stuff18:36
*** dkranz has joined #openstack-dev18:36
morganfainbergah. true18:36
ayoungwith SAML, you get the attributes as a fait-accompli, but with LDAP we need to provide guidance "here is how you find what you need"18:36
*** e0ne has quit IRC18:37
morganfainbergalso, thinking about it, there are some alligators/landmines with consistent ids if you run multiple keystones (not httpd, truely multiple ones say on separate hosts)18:37
morganfainbergand portability.18:37
*** e0ne has joined #openstack-dev18:37
*** byeager has joined #openstack-dev18:37
ayoungyep.18:37
*** athomas has quit IRC18:38
morganfainbergayoung, i was thinking that it might-be doable with some schema magic, but ... it gets a bit ugly18:38
morganfainbergs/schema/json schema or similar18:38
morganfainbergxml <shudder>18:38
ayoungum...lets talk about that at the next design summit.  I'm not there yet18:38
*** e0ne__ has joined #openstack-dev18:38
*** byeager has quit IRC18:38
*** byeager has joined #openstack-dev18:38
morganfainbergayoung, lol no no, i'm convinced on-disk configuration.18:38
*** e0ne has quit IRC18:39
morganfainbergayoung, i am going to try and hard-break the need to pre-configure the domain in assignment to load it in identity though.18:39
*** krotscheck has joined #openstack-dev18:39
morganfainbergsomething a bit more friendly to the deployer18:39
*** e0ne_ has quit IRC18:39
ayoungmorganfainberg, just keep the critical path clear on the multidomain stuff.  We don't have a lot of time.18:40
ayoungI2 will be here fast.18:40
morganfainbergayoung, i was thinking a config option that says "load these configs"18:40
*** pmathews1 has joined #openstack-dev18:40
morganfainbergayoung, super easy/trivial18:40
morganfainbergand way friendlier to the deployer than go make an assignment domain just to load a config for users.18:41
morganfainbergnothing complex.18:42
ayoungwe might need that for the IdP blueprint anyway18:42
*** che-arne has quit IRC18:42
*** pmathews has quit IRC18:43
*** rudrarugge has quit IRC18:43
*** sdake has quit IRC18:44
*** pmathews1 has quit IRC18:44
*** sdake has joined #openstack-dev18:45
*** rudra has joined #openstack-dev18:45
*** amcrn has joined #openstack-dev18:46
*** dkranz has quit IRC18:48
*** willingc has joined #openstack-dev18:49
*** Shaan7 has quit IRC18:49
*** Shaan7 has joined #openstack-dev18:49
*** pmathews has joined #openstack-dev18:50
zulis there an icehouse-1 version of heat?18:50
*** Abhishe__ has joined #openstack-dev18:51
*** lucasagomes has quit IRC18:51
*** exed has quit IRC18:53
*** jmontemayor has joined #openstack-dev18:54
*** asselin has joined #openstack-dev18:55
*** pmathews has quit IRC18:55
*** comay has quit IRC18:55
*** mlavalle has quit IRC18:55
*** comay has joined #openstack-dev18:55
*** comay has quit IRC18:55
*** ihrachyska has joined #openstack-dev18:56
*** sarob has joined #openstack-dev18:58
*** yolanda has quit IRC18:58
*** Loquacity has quit IRC18:59
*** tdruiva has joined #openstack-dev18:59
*** gimpswork has joined #openstack-dev18:59
*** e0ne__ has quit IRC19:00
*** Loquacity has joined #openstack-dev19:00
*** joesavak has quit IRC19:00
*** e0ne has joined #openstack-dev19:00
*** dkranz has joined #openstack-dev19:02
morganfainbergayoung, is there any reason why we'd create a token with no user_id?19:02
*** byeager_ has joined #openstack-dev19:02
morganfainbergbecause... it seems like we have an explcit if-clause in the memcache (token) backend to support that scenario: https://github.com/openstack/keystone/blob/master/keystone/token/backends/memcache.py#L8519:03
ayoungmorganfainberg, this sounds like a loaded question.  I would say, no, as we want to maintain audit trail, but I could see a potential use with trust tokens to have no user_id so long as there was a trustor specified19:03
*** sarob has quit IRC19:03
*** sarob has joined #openstack-dev19:03
ayoungI think that we can safely say that is not something we need to cover19:03
morganfainbergayoung, nah, just making sure i'm not crazy... it might be something i introduced with the cas stuff.19:03
morganfainberg*checks*19:04
morganfainbergnope, it's been around for longer.  huh.19:04
morganfainbergi'm going to not worry about that case in this refactor...it seems incorrect to have a token w/o a user_id19:05
*** e0ne has quit IRC19:05
*** byeager has quit IRC19:06
ayoungyes, it is incorrect, and see if removing that breaks a unit test.19:07
morganfainbergayoung, always. :)19:07
*** sdake_ has joined #openstack-dev19:07
*** exed has joined #openstack-dev19:07
morganfainbergand i'll then have at least an idea of the scenario (if it breaks a unit test) we were expecting19:07
*** derekh has joined #openstack-dev19:08
*** noslzzp has quit IRC19:08
*** sarob has quit IRC19:08
*** noslzzp has joined #openstack-dev19:09
*** armax has quit IRC19:11
lifelessrussellb: did you have thoughts on my q in https://review.openstack.org/#/c/60115/ ?19:12
*** rushiagr has quit IRC19:13
russellblifeless: that's a fair request, i'll do it19:13
lifelessok19:13
*** armax has joined #openstack-dev19:13
*** thomasm_ has joined #openstack-dev19:13
*** armax has quit IRC19:14
*** noslzzp has quit IRC19:14
*** thomasem has quit IRC19:14
*** neelashah has joined #openstack-dev19:14
*** neelashah has joined #openstack-dev19:14
*** neelashah has quit IRC19:16
*** yolanda has joined #openstack-dev19:16
*** armax has joined #openstack-dev19:16
*** neelashah has joined #openstack-dev19:17
*** tdruiva has quit IRC19:17
stevemarayoung: ping19:17
*** tdruiva has joined #openstack-dev19:17
*** pmathews has joined #openstack-dev19:18
*** jtomasek has joined #openstack-dev19:18
*** ywu has quit IRC19:19
*** pmathews has quit IRC19:19
*** armax has quit IRC19:19
*** armax has joined #openstack-dev19:20
*** armax has quit IRC19:20
*** armax has joined #openstack-dev19:21
*** urulama has quit IRC19:21
*** devoid has joined #openstack-dev19:24
devoidany glance devs in the house?19:24
*** pabelanger has quit IRC19:25
*** derekh has quit IRC19:25
*** mindpixel has joined #openstack-dev19:26
*** pabelanger has joined #openstack-dev19:26
*** yolanda has quit IRC19:28
*** galstrom is now known as galstrom_zzz19:29
*** rm_work|away is now known as rm_work19:29
*** pmathews has joined #openstack-dev19:30
*** comay has joined #openstack-dev19:31
simomorganfainberg: hey I discover memchache_crypt in keystone client19:34
simofrom your review19:34
morganfainbergsimo, hehe :)19:34
simowhen was that added?19:34
holmsmaybe anybody have clue why virt-manager shows vm's and virsh list --all   is not?19:34
morganfainbergsimo, not sure.  i'd need to look at the git log19:34
simomorganfainberg: I am asking becaiuse I added a comprehensive crypto faciloity in oslo-incubator19:35
simomorganfainberg: and we should really not duplicate this kind of stuff of all things19:35
morganfainbergsimo, agreed.  I was planning on pulling memcache_crypt and the KVS stuff into oslo once it's accepted into keystone19:36
lifelessjog0: is there a way to whitelist non-module imports for all of testtools.matchers?19:36
morganfainbergsimo, if we have a better alternative, i'm totally game19:36
*** bauzas has joined #openstack-dev19:36
lifelessjog0: e.g. in hacking itself?19:36
morganfainbergsimo: https://github.com/openstack/python-keystoneclient/commit/3dfb8437fc9135465f2b66b2c420bf20899fcf10 looks like when it went in19:36
simomorganfainberg: please make it use oslo-incubator crypto engine then19:36
ayoungstevemar, heh..internal bug triage meeting...I'm free now.  What's up19:37
*** nermina has quit IRC19:37
stevemarayoung, np, wanted to chat about mapping19:37
ayoungstevemar, fire away19:37
morganfainbergsimo, sounds good.  please comment that there so i can come back to it once i have the base token backend working.19:37
stevemarayoung: on the last patch, you mentioned being able to tie in userid?19:37
dstaneklifeless: i'd like to see that apply for all matchers if possible19:38
simomorganfainberg: espcially for key derivation19:38
stevemarwas wondering how that would work, don't we normally assign our own?19:38
simomorganfainberg: (which means you'll have to keep around but deprecate current derive_keys()19:38
devoidglance: Where do things stand with this review: https://review.openstack.org/#/c/46555/19:38
morganfainbergsimo, in keystoneclient we'll worry about that.  but thats separate from this review :)19:38
simomorganfainberg: the stuff I contirbuted to oslo uses HKDF as definied in the RFC19:39
*** yolanda has joined #openstack-dev19:39
morganfainbergsimo, nice! i'll check it out shortly.19:39
simomorganfainberg: what I am saying is that you should probbaly not make your code depend on derive_keys() as implemented in memcache_crypto19:39
morganfainbergsimo, i'll leverage your mechanism to do so.19:40
SpamapSwow.. I am reading https://blueprints.launchpad.net/keystone/+spec/revocation-events and .. I'm really confused19:40
*** jpich has quit IRC19:40
morganfainbergsimo, memcache_crypto in keystoneclient will likely be removed as a dep. for this patchset if i'm using stuff from oslo-incubator19:40
simomorganfainberg: still reading memcache_crypto19:40
morganfainbergsimo, since eventually i want memcache_crypto to not be in keystoneclient... and if possible replace the memcache stuff in keystoneclient w/ this keyvaluestore (to-be-submitted-to-oslo)19:41
*** yolanda has quit IRC19:41
*** eglynn has quit IRC19:41
ayoungstevemar, heh, I clicked on the link above thinking it was from you, and trying to figure out what mapping had to do with image-create19:41
SpamapSOCSP like, solves this.. token presenters can present a signed "I checked with the authority and they gave me this signed note that says my token is still valid until Y"..19:41
ayoungstevemar, "asign our own"  no, in the case of Federation19:42
ayoungany IdP needs to manage its own user ids, we just need a way to make sure they are not in conflict19:42
*** tanisdl has joined #openstack-dev19:43
simomorganfainberg: ok, also I find it odd that protect_data base64 encrypts the data before applying authentication, but that's a matter of taste19:43
*** Shaan7 has quit IRC19:43
stevemarhaha, no link; okay so userid would be valid eh19:43
*** Shaan7 has joined #openstack-dev19:43
*** jtomasek has quit IRC19:43
stevemaryou neglected to add email too ;) i imagine that if we're doing name, email would be a gimmie19:44
stevemarayoung ^19:44
*** jcooley_ has quit IRC19:44
simomorganfainberg: any reason why you may want to ever authenticate but not encrypt the data ? IE is there value in allowinf the flexibility there ?19:45
ayoungstevemar, nope.  email is probably not going to be something we can assume is available...19:45
morganfainbergsimo, I think it's simply to allow flexability, e.g. data integrity vs. full heavy encryption (at least that is how i read the implemnetation)19:45
morganfainbergsimo, might be for better debugging or easier sideband access to the data itself, but preventing mucking with the data w/o invalidating it19:46
*** jcoufal has joined #openstack-dev19:46
simomorganfainberg: I would at least use a default and not force the user to choose :)19:46
simobtw is there a way to tell python to securely get rid of a variable ?19:47
stevemarayoung: but availability wouldn't matter? if it's not there, when we go through the mapping rules, if it's not a match, it'll just go on to the next rule?19:47
simothat is one thing that keeps bothering me with python19:47
morganfainbergsimo, don't think so.19:47
morganfainbergsimo, well... you could use ctypes and muck with the underlying datastructure19:48
ayoungstevemar, I'm not sure how to use email address.  It shows up in the user-show api, but that is about it.  Assuming that someone comes in with a SAML assertion, there is going to be no record of email address.  Unless something other than use-show needs it, I think it has to be out.  Another way to think of it is "is this something that would be recorded in the current request"19:48
simowe get these keys in a python variable and we have no way to make sure they are erased from memory once they are out of scope :(19:48
ayoungemail is a vialbe incoming env var, yes19:48
ayoungviable19:48
stevemarayoung: it's about what we can put into the token?19:48
stevemaror scope the token to19:48
ayoungstevemar, so, yes, people should be able to map email address to username or userid.19:49
morganfainbergsimo, i worked with using ctypes to in-place change values (so even rebound to another var they'd be corrupt) but there are a lot of potentials to segfault...and it's not always portable19:49
stevemari agree that email is probably useless, i'm taking a step back and trying to figure out what we should/can work with19:49
morganfainbergsimo, i think it would make sense to build a c module in python to do that, make the datatype non-deepcopy-able and a .secure_erase() method19:49
simomorganfainberg: yeah this is something I just wanted to ask, but I have no time to dig in now19:50
simomorganfainberg: yes I think that would make a lot of sense19:50
morganfainbergsimo, i'll think about it, shouldn't be hard to implement. :)19:50
simolast famous words :)19:51
morganfainbergsimo, and i could totally see a use-case for it in a number of places in python... maybe it already exists *will do research this weekend*19:51
simomorganfainberg: sounds like the ability to have a "key" type that can be securely erased would be a great value19:52
morganfainbergsimo, ++19:52
simoof course it would also require to be able to sue it with the functions that generate it19:52
simoso it is not that easy to do it in a way that can be retrofitted to something like python crypto I am afraid19:52
jog0lifeless: sure, we don't havea  mechanism for that right now but it should be easy and straight forward to add19:54
*** armax has quit IRC19:55
morganfainbergsimo, true.  but if it exists, maaaybe a patch to pycrypto will occur/can occur19:55
*** armax has joined #openstack-dev19:55
*** byeager has joined #openstack-dev19:56
*** byeager_ has quit IRC19:56
*** dubsquared has quit IRC19:57
simomorganfainberg: I am all for trying, for sure19:58
*** neelashah has quit IRC19:59
*** ihrachyska has quit IRC19:59
*** jcooley_ has joined #openstack-dev20:01
*** e0ne has joined #openstack-dev20:01
*** neelashah has joined #openstack-dev20:03
*** zz_ewindisch is now known as ewindisch20:03
devoidcan someone here help me understand this glance database query:20:06
devoidhttp://paste.openstack.org/show/54544/20:06
*** galstrom_zzz is now known as galstrom20:07
*** xqueralt has joined #openstack-dev20:08
*** melwitt has quit IRC20:08
*** melwitt1 has joined #openstack-dev20:08
*** bvandenh has quit IRC20:09
*** adalbas has quit IRC20:09
*** rfolco has quit IRC20:09
*** atiwari has joined #openstack-dev20:10
*** dolphm has joined #openstack-dev20:10
*** mindpixel has quit IRC20:10
*** dstanek_afk has joined #openstack-dev20:10
*** dstanek_afk has quit IRC20:10
*** jcannava has left #openstack-dev20:11
*** sarob has joined #openstack-dev20:14
*** stevemar has quit IRC20:14
*** denis_makogon has joined #openstack-dev20:16
*** buzztroll has quit IRC20:16
*** kushal has left #openstack-dev20:17
*** rkukura has quit IRC20:17
*** anniec has quit IRC20:18
*** sarob has quit IRC20:19
*** gyee has quit IRC20:19
*** eglynn has joined #openstack-dev20:20
tellesnobregamorganfainberg: im reading the whole conversation again to make sure i get what was decided, so i get that you are going to use something like IdPid:user_id to authenticate and this tells me where to look for the user and if there is no IdPid we can assume that the user belongs in default domain right?20:22
morganfainbergtellesnobrega, yes, that is correct20:22
morganfainbergwell, no20:22
morganfainbergtellesnobrega, for authentication we will demand the 'domain' field in the authentication json blob20:23
morganfainbergtellesnobrega, if that doesn't exist, we will assume default domain20:23
*** adalbas has joined #openstack-dev20:23
morganfainbergtellesnobrega, since that can/is already accepted for auth, we'll just leverage it (and stay api compatible)20:23
*** dvarga has quit IRC20:25
*** Abhishe__ has quit IRC20:25
tellesnobregamorganfainberg: ok20:27
tellesnobregamorganfainberg: is there something else there that you find worth mentioning on a document about the status and future of domain specific backend?20:28
*** Alexei_987 has joined #openstack-dev20:29
devoidayoung, dolphm, can either of you explain why keystone-manage pki_setup and ssl_setup leaves so many files in the ssl/certs directory?20:31
ayoungdevoid, they are necessary20:31
ayoungdevoid, specifically, you need a private key, and public certificates for SSL and for token signing.  These are and should be separate keys20:31
devoidayoung: yes, but what about index.txt, index.txt.attr.old, serial.old, 01.pem, 02.pem, etc.20:32
*** armax has left #openstack-dev20:32
ayoungdevoid, however, I want to replace the custom code that generates the certs with a call to certmonger20:32
morganfainbergtellesnobrega, not that i can think of at the moment.20:32
morganfainbergtellesnobrega, i think the convo covered most everything.20:32
ayoungdevoid, ah,yeah,  serial number management20:32
devoid?20:33
ayoungdevoid, you cannot reissue a certificate with the same serial number that was used in the past20:33
ayoungdevoid, however, I suspect that most of those files are interim files that should be cleaned up. I hadn;'t looked at them in a while....20:33
devoiddoes it default to using /etc/ssl/openssl.cnf ?20:34
*** jmontemayor has quit IRC20:34
devoidand / or is there a way of changing that?20:34
*** jcooley_ has quit IRC20:35
ayoungdevoid, I'd have to look at the code to confirm, it has been that long.  It grew out of the code used for setting up the tests.  I never thought it should be part of the base product, but without Certmonger, we didn't really have a better default20:35
ayoungdevoid, use a real CA, and don't rely on those calls.20:35
*** e0ne_ has joined #openstack-dev20:36
devoidayoung, the docs for setting up pki are pretty confusing. I haven't been able to get any other services working with keystone with pki.20:36
*** anniec has joined #openstack-dev20:36
devoidspecifically, how to do it when each service is behind a load-balancer, so it's hostname is not as-advertised.20:37
ayoungdevoid, are you asking about pki tokens, or SSL?20:37
devoidwell, 1. it sounds like you cant do pki without ssl.20:37
*** e0ne has quit IRC20:38
ayoungdevoid, that is not correct20:38
ayoungthey are two separate certificates20:38
ayoungPKI is a CMS signed document, encryption at the application level, not at transport20:38
*** n0ano has quit IRC20:38
ayoungthat would be cleared as "PKI tokens are...."20:38
*** jcooley_ has joined #openstack-dev20:41
tellesnobregamorganfainberg: i get from that the most important change that is needed now is to make the system Ip aware (give it a way to find where the user is) is this right or i missed something?20:41
devoidayoung. so clearly I have no idea what I'm doing. :) When I tried pki tokens, I could talk to keystone with the glance user and a normal user, but whenever I tried talking to glance with a normal user I got openssl errors.20:41
*** dprince has quit IRC20:41
ayoungopenssl errors are not PKI token errors.20:41
devoidSpecifically CalledProcessError: Command 'openssl' returned non-zero exit status 4.20:41
ayoungah...20:41
ayoungthat is a PKI token error20:41
ayoungdevoid one sec, I have a link for you20:41
ayounghttp://adam.younglogic.com/2013/07/troubleshooting-pki-middleware/20:42
morganfainbergtellesnobrega, correct. it's partially IdP aware, but not everything that did user lookups was20:42
sdaguebnemec: so the approach in log tests wasn't going to work, but I just added the stubs fixture and that's fine now20:44
devoidayoung: yea I was reading that last night. :) I added the signing_dir directive and restarted glance. the cacert and signing_cert are in my cache, but not a revoked.pem file20:45
*** eglynn has quit IRC20:45
ayoungdevoid, revoked might be empty...20:46
*** tmclaugh[work] has quit IRC20:46
ayoungdevoid, openssl errors may be permissions20:47
devoidpermissions to what files?20:47
ayoungdevoid, openssl reading the cert files20:48
ayoungrevoked.pem is not processed by openssl,20:48
ayoungso the question is why is openssl failing20:48
*** drewlander has quit IRC20:48
*** willingc has quit IRC20:48
*** adalbas has quit IRC20:49
devoidmy only thought is that the CN doesn't match keystone's host20:49
devoid(because it's autogenerated by the pki_setup)20:49
ayoungdevoid, shouldn't matter20:49
*** vuil has joined #openstack-dev20:49
*** jprovazn has quit IRC20:50
*** mlavalle has joined #openstack-dev20:50
devoidas an aside, it would be nice if the DEBUG logging in keystoneclient spat out what command-line things were being called.20:50
*** buzztroll has joined #openstack-dev20:51
*** ywu has joined #openstack-dev20:51
ayoungdevoid, I wonder if the problem is header truncation20:51
dolphmdevoid: on the aside -- i don't understand... you mean simply echoing the command line input back?20:52
ayoungdevoid, look at the error report here https://bugs.launchpad.net/keystone/+bug/117619020:52
uvirtbotLaunchpad bug 1176190 in keystone "'openssl' returned non-zero exit status 4 w/ SSL enabled" [Medium,Expired]20:52
ayoungdolphm, I purposly avoided answering that question to stay on target.20:52
dolphmayoung: i haven't been following the rest of the conversation so i'm butting in :)20:52
*** pberis has quit IRC20:52
ayoungdolphm, I think he is hitting the same problem as https://bugs.launchpad.net/keystone/+bug/117619020:53
*** JonnyNomad has joined #openstack-dev20:53
devoidin my case ssl is disabled.20:53
devoidat least for now.20:53
pcm_Anyone: Is there an alternate repo that can be used for devstack? For me, right now, I'm seeing errors accessing git.openstack.org20:54
ayoungdevoid, the token in that bug report does not look truncated, as it ends in ==\20:54
bnemecsdague: Okay, that looks good to me.  I guess I'd still like to hear from a security expert though...20:56
devoidayoung, dolphm, what's funny is that the keystone.conf there has uuid as the signing format.20:56
devoid*token_format20:56
ayoungdevoid, that does not matter20:56
ayoungkeystone.conf on the glance machine is ignored20:57
*** mikeoutland has joined #openstack-dev20:57
devoidoh I see, thats what "fixes" the issue.20:57
*** dubsquared has joined #openstack-dev20:57
ayoungonly optins in the glance config file are honored20:57
ayoungKeystone server is probably still doing PKI, right?20:57
*** Abhishek_ has joined #openstack-dev20:57
*** willingc has joined #openstack-dev20:58
dolphmpcm_: https://github.com/openstack-dev/devstack20:58
*** joesavak has joined #openstack-dev20:58
*** noslzzp has joined #openstack-dev20:59
*** pixelb has quit IRC20:59
*** n0ano has joined #openstack-dev20:59
*** jcooley_ has quit IRC20:59
devoidayoung: flipping keystone's provider back to pki now.21:00
ayoungdevoid, from the cli run keystone token-get and confirm that the token is the big long one, and not a uuid21:00
pcm_dolphm: thanks!21:00
*** kenperkins has joined #openstack-dev21:01
*** datsun180b has quit IRC21:01
pcm_dolphm: Acutally, I was looking for how to get devstack to use a different repo as git.openstack.org is timing out. I found GIT_BASE and am trying that in mylocalrc.21:01
devoidayoung: confirmed21:02
ayoungdevoid, now try the glance command21:02
*** cpallares has joined #openstack-dev21:02
*** f13o has joined #openstack-dev21:02
*** tmclaugh[work] has joined #openstack-dev21:02
*** pcm_ has quit IRC21:03
*** melwitt1 is now known as melwitt21:03
*** belmoreira has joined #openstack-dev21:04
*** anniec has quit IRC21:04
devoidyea still openssl error21:05
devoidI'll create a paste.21:05
*** belmoreira has quit IRC21:06
devoidhttp://paste.openstack.org/show/54548/ these are the glance logs21:06
*** samuelbercovici has joined #openstack-dev21:07
*** samuelbercovici has quit IRC21:07
*** stevemar has joined #openstack-dev21:07
*** dkranz has quit IRC21:08
*** tdruiva has quit IRC21:08
*** topol has quit IRC21:09
ayoungdevoid, it looks like the token might be corrupted21:09
devoidperhaps21:10
devoidwhen I run the command that cms_verify does, it hangs21:11
devoidopenssl cms -verify -certfile /var/cache/glance/api/signing_cert.pem -CAfile /var/cache/glance/api/cacert.pem -inform PEM -nosmimecap -nodetach -nocerts -noattr21:11
*** krtaylor has quit IRC21:11
nkinderbknudson: ping - re: KDS21:11
bknudsonnkinder: what's up?21:12
*** negronjl_ is now known as negronjl21:12
nkinderbknudson: I've got all of your comments addressed aside from the base64 vs. encoded JSON issue.21:12
nkinderbknudson: I just removed the term "service" and used "party" to be consistent.21:12
nkinderbknudson: we need to come to a consensus on the base64 issue21:13
bknudsonnkinder: party seems like an appropriate term21:13
nkinderbknudson: yes, a party might be a service, a person, an application, etc.  It's more generic and applicable to different use-cases this way.21:13
*** eglynn has joined #openstack-dev21:14
bknudsonnkinder: I'm fine with it being base-64 encoded. Just wanted to discuss whether it was appropriate.21:14
nkinderbknudson: Ok, I wanted to get a sense of how stong your feelings are on the matter.21:14
bknudsonI mean you base-64 encode binary data when it's going to be put into something that only supports text21:14
devoidayoung: what's the process for fixing the token?21:14
bknudsonwhy base64 when it's not binary?21:14
nkinderbknudson: simo and jamielennox|away were discussing this yesterday.21:15
bknudsonunless we could say that it could potentially be binary, so might as well base64 it.21:15
*** garyk has quit IRC21:15
nkinderbknudson: It is really just an attempt to encourage one to check the signature.21:15
nkinderbknudson: If a programmer sees encoded JSON, they might be tempted to start looking into the object.21:16
ayoungdevoid, just checked the token,  it is valid21:16
ayoungmake that "well formed"21:16
nkinderbknudson: the signature really should be verified before you even look into the object though.21:16
ayoungnkinder, he needs to conver -  to / firrst21:17
ayoungfirst21:17
nkinderbknudson: base64 or encoded JSON could be accessed without checking the signature either way, but this was an attempt to discourage that.21:17
ayoungnkinder, I was a bad engineer and didn;t do my homework.  The cms to token algorithm is a bit of a one-off....21:17
bknudsonnkinder: and there's no concern about extra overhead?21:18
bknudsonnow you have to base64-decode/json-unencode, etc.21:18
ayoungdevoid, look at the code here: https://github.com/openstack/keystone/blob/master/keystone/common/cms.py#L4821:18
*** asselin_ has joined #openstack-dev21:19
nkinderbknudson: we HMAC over the object on the server side and the client side.  We need to ensure that it doesn't change (order of keys, etc.)21:19
*** dkranz has joined #openstack-dev21:19
ayoungdevoid, so I'm guessing the the openssl cms command on your machine failed due to not being able to read the certificate files21:19
nkinderbknudson: if anything is different, the signature check will fail.21:19
*** kenperkins has quit IRC21:20
nkinderbknudson: so it needs to be a format that will not change at all21:20
bknudsonnkinder: this was just the difference between a string that's a JSON string and one that's a base-64 string. the JSON string isn't going to change either.21:20
simobknudson: we are doing crypto over these fields, any performance issue base64 may add there would be lost in the noise21:20
devoidthat glance directory is owned by glance:glance21:20
devoid /var/cache/glance21:20
bknudsonit didn't look like they were very big strings being base64.21:21
ayoungbknudson, this is for key exchange, it is going to happen once in a while, In contrast with actually consuming the keys for symmetric encryption.  I wouldn't worry too much about the overhead of this process in general.21:21
bknudsonso if you're not concerned with the performance.21:21
bknudsoni'm ok with it21:21
nkinderayoung: actually, I believe it's with each message (right simo?)21:21
*** asselin__ has joined #openstack-dev21:21
*** dolphm has quit IRC21:22
bknudsonI hope you don't have to talk to keystone with every message.21:22
simonkinder: define what "it" is in this case ?21:22
nkindersimo: sending of the keys from source->dest21:22
*** asselin has quit IRC21:22
ayoungdevoid, from the cms man page21:22
*** xqueralt has quit IRC21:22
*** kenperkins has joined #openstack-dev21:22
ayoungexit status      4   an error occurred decrypting or verifying the message.21:23
nkindersimo: ayoung was saying key exchange happens once in a while.  It happens with every message.21:23
ayoungnkinder, no way21:23
simonkinder: key excahnge with the KDS happns only once in a while21:23
nkindersimo: yes, with the KDS.21:23
*** gyee has joined #openstack-dev21:23
simowith the defaults I set at most once every 15 minutes for each client/targt pair21:23
*** anniec has joined #openstack-dev21:23
nkindersimo: but we're sending esek to the destination with every message, aren't we?21:23
*** asselin_ has quit IRC21:24
ayoungnkinder, key exchange is to facilitate geting symmetric keys between message producesr and message consumers.  It is explicitly a performance optimization, as we could do asymmetric crypto  without all this overhead.21:24
simonkinder: then if messages re signed yes each message will carry the esek, and the metadata will be signed21:24
*** nermina has joined #openstack-dev21:24
bknudsonhow does the receiver tell the sender that it needs to do key exchange?21:25
simoayoung: we still would not be able to do group encryption21:25
nkinderI know that KDS is only used when we get a ticket (keys), and when a group member needs to fetch a group key.21:25
ayoungsimo, yep, yep...I know21:25
simobknudson: the receiver doen't need to21:25
ayoungjust trying to focus the conversation, *not* derail...21:25
bknudsonI guess it would just get the message and then use the key21:25
simobknudson: you guess right21:25
bknudsonunless their clocks were way off.21:25
nkinderbknudson: IF it hasn't expired21:25
bknudsonor it took a long time for the message to arrive21:26
simoif the keys are expired the message is discarded21:26
devoidayoung: I don't think I have any selinux settings that are interfering, per your blog. Running in ubuntu.21:26
ayoungdevoid, app armor?21:26
devoidayoung: I don't think so, checking...21:28
ayoungdevoid, probably not.21:28
ayoungdevoid, try wiping out the cert files21:28
nkinderbknudson: so the "metadata" when requesting/receiving a ticket doesn't happen often.  Base64 shouldn't be a concern there.21:29
bknudsonnkinder: ok, I'm fine with base64. It looks better anyways.21:29
*** exed has quit IRC21:29
nkinderbknudson: yes, escapes are ugly :)21:29
devoidayoung: keystone's or glance's?21:29
ayoungdevoid, on the glance server21:29
nkinderbknudson: ok, I'll post up a new review.21:29
devoidwiped out /var/cache/glance/api and restarted the services21:30
*** colinmcn_ has quit IRC21:30
*** colinmcnamara has quit IRC21:30
devoidstill getting the openssl error21:30
*** ssurana has quit IRC21:30
*** ssurana has joined #openstack-dev21:31
*** pabelanger has quit IRC21:34
*** dkranz has quit IRC21:35
*** exed has joined #openstack-dev21:35
ayoungare the certificate in /var/cache/glance/api21:36
ayoungdevoid, ^^?21:37
*** galstrom is now known as galstrom_zzz21:37
*** yamahata_ has joined #openstack-dev21:37
*** jswarren has quit IRC21:38
*** e0ne_ has quit IRC21:38
*** e0ne has joined #openstack-dev21:39
*** sdake has quit IRC21:40
devoidyea, here's the error from openssl:21:40
*** e0ne has quit IRC21:40
devoid140161979975328:error:2E099064:CMS routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify error:cms_smime.c:304:Verify error:unable to get local issuer certificate21:40
*** sdake has joined #openstack-dev21:40
*** sdake has quit IRC21:40
*** sdake has joined #openstack-dev21:40
*** e0ne has joined #openstack-dev21:41
*** twoputt_ has quit IRC21:43
*** arosen has quit IRC21:43
*** twoputt__ has quit IRC21:43
*** vuil has quit IRC21:43
*** twoputt_ has joined #openstack-dev21:43
*** twoputt__ has joined #openstack-dev21:43
*** vuil has joined #openstack-dev21:43
*** arosen has joined #openstack-dev21:44
*** buzztroll has quit IRC21:46
*** dkranz has joined #openstack-dev21:47
*** buzztroll has joined #openstack-dev21:47
*** nkinder has quit IRC21:47
*** nkinder has joined #openstack-dev21:47
*** mikeoutland has quit IRC21:48
devoidayoung: ^^21:49
*** copeland has quit IRC21:49
ayoungdevoid, I see...was researching that error21:49
devoidcool :)21:49
*** dubsquared has quit IRC21:51
ayoungdevoid, if I understand the error correctly, it is a problem reading the CA cert21:52
ayoung"local issuer"21:52
*** ngoracke has quit IRC21:52
*** gyee has quit IRC21:52
*** sushils has joined #openstack-dev21:53
ayoungdevoid, the command line to run openssl in auth_token middleware should have access to the ca cert21:54
devoidayoung: ran strace -etrace=open,close and no open calls are failing.21:54
devoidincluding the cacert.pem file.21:54
ayoungI'm assuming that cert showed up in the var/cache subdir21:54
devoidyes21:54
*** rdas has quit IRC21:54
*** epim has joined #openstack-dev21:54
devoidI'm guessing this is an ssl key issue.21:54
*** gimpswork has quit IRC21:55
*** amcrn_ has joined #openstack-dev21:55
ayoungdevoid not so sure21:55
*** amcrn has quit IRC21:55
*** gyee has joined #openstack-dev21:55
*** isd has quit IRC21:55
ayoungdevoid, you only see this problem when the glance server is behind SSL?21:55
devoidayoung: let me sit down with the guys here who understand our ssl and see if we can't cook up a working cafile.21:55
devoidayoung: there's no ssl for keystone or glance21:55
ayoungdevoid, ok21:55
ayoungso just PKI tokens21:55
devoidyup21:56
*** pabelanger has joined #openstack-dev21:56
ayoungand you generated the signing cert on the keystone server using pki_setup21:56
*** atiwari has quit IRC21:56
devoidyea21:56
*** mfer has quit IRC21:56
*** galstrom_zzz is now known as galstrom21:56
ayoungand the ca cert on the glance server is a valid cert?21:56
*** amcrn_ is now known as amcrn21:57
devoidhow can I verify the cacert?21:57
ayoungdevoid, just cat it to start21:57
*** anniec has quit IRC21:58
*** ssurana has quit IRC21:58
ayoungcacert.pem is a pem file, so21:58
*** SergeyLukjanov has quit IRC21:58
*** ssurana has joined #openstack-dev21:59
*** SergeyLukjanov has joined #openstack-dev21:59
ayoungdevoid, http://www.madboa.com/geek/openssl/#verify-standard21:59
*** nermina has quit IRC22:00
*** willingc has quit IRC22:00
devoidayoung: here's what I get for openssl verify cacert.pem:22:00
devoid /var/cache/glance/api/cacert.pem: C = US, ST = Unset, L = Unset, O = Unset, CN = www.example.com22:00
devoiderror 18 at 0 depth lookup:self signed certificate22:00
devoidOK22:00
ayoungdevoid, read that section on the link22:00
devoidreading! ;)22:01
ayoungdevoid,  here is the code that does the verify.  From there you should be able to figure out the parameters. I am wondering if the Ubuntu version of OpenSSL does not honor the -CAfile flag  https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/common/cms.py#L10822:02
devoidI think it's rejecting the cert because it's self-signed22:02
*** kenperkins has quit IRC22:03
ayoungif that is the case, you could try the modification that he suggests22:03
ayoungtry verifying the signing cert, but with the -CAFile flag22:03
*** melwitt has quit IRC22:04
*** melwitt1 has joined #openstack-dev22:04
ayoungopenssl verify -CAfile /var/cache.... /ca.pem  /var/cache.../signing.pem22:04
*** jasondotstar has quit IRC22:04
*** melwitt has joined #openstack-dev22:05
*** melwitt1 has quit IRC22:05
*** geekinutah has joined #openstack-dev22:06
ayoungdevoid, I need to run.  Please update the bug with what you find22:06
devoidthanks for your help: :)22:06
geekinutahhow do you express a cross-project dependency to gerrit?22:06
geekinutahFor examples, https://review.openstack.org/#/c/59875/ depends on https://review.openstack.org/#/c/59868/22:06
*** abramley has quit IRC22:07
*** boden has quit IRC22:07
geekinutahis there a way cross-tree like that or should you just keep the patch that has dependency as WIP until the other merges or something?22:08
ayoungdevoid, https://bugs.launchpad.net/keystone/+bug/1176190  I reopened and grabbed the bug.  If there is something we can do in keystoneclient to fix we'll address there22:08
uvirtbotLaunchpad bug 1176190 in keystone "'openssl' returned non-zero exit status 4 w/ SSL enabled" [Medium,Confirmed]22:08
*** DennyZhang has joined #openstack-dev22:10
*** denis_makogon has quit IRC22:10
lbragstadmorganfainberg: ping?22:10
*** denis_makogon has joined #openstack-dev22:10
*** ngoracke has joined #openstack-dev22:11
*** jcooley_ has joined #openstack-dev22:12
*** vuil has quit IRC22:12
*** ayoung has quit IRC22:13
*** pablosan has joined #openstack-dev22:14
*** mikeoutland has joined #openstack-dev22:14
*** jdob has quit IRC22:14
Abhishek_hey guys, I'm trying to figure out if it'd make sense to move print_list and print_dict in novaclient.utils to a standalone library22:15
Abhishek_say oslo.print_utils22:16
Abhishek_a lot of clients use similar code to print resulting in duplication22:16
*** kenperkins has joined #openstack-dev22:16
Abhishek_any feedback?22:16
*** litong has quit IRC22:17
*** ruhe has quit IRC22:17
*** jcoufal has quit IRC22:17
*** jgrimm has quit IRC22:18
*** Chicago has joined #openstack-dev22:18
*** vladikr has quit IRC22:18
*** kenperkins has quit IRC22:19
*** nermina has joined #openstack-dev22:19
*** ssurana has quit IRC22:22
*** ssurana has joined #openstack-dev22:23
*** tmclaugh[work] has quit IRC22:25
stevemarayoung: ping?22:26
stevemarlbragstad, i like our questionable pings22:26
lbragstad:)22:26
*** DennyZhang has quit IRC22:27
*** buzztroll has quit IRC22:28
*** byeager has quit IRC22:28
*** thomasm_ has quit IRC22:29
*** byeager has joined #openstack-dev22:30
*** sarob has joined #openstack-dev22:31
*** byeager has joined #openstack-dev22:31
*** arosen has quit IRC22:32
*** twoputt_ has quit IRC22:32
*** twoputt__ has quit IRC22:32
*** twoputt_ has joined #openstack-dev22:32
*** twoputt__ has joined #openstack-dev22:32
*** arosen has joined #openstack-dev22:32
*** changbl has quit IRC22:32
*** anniec has joined #openstack-dev22:35
*** nermina has quit IRC22:35
*** byeager has quit IRC22:36
*** e0ne has quit IRC22:36
*** buzztroll has joined #openstack-dev22:37
*** SergeyLukjanov has quit IRC22:37
*** nermina has joined #openstack-dev22:38
*** mriedem has quit IRC22:38
*** SergeyLukjanov has joined #openstack-dev22:38
*** rnirmal has quit IRC22:38
*** Anticimex has quit IRC22:38
*** adalbas has joined #openstack-dev22:39
*** ewindisch is now known as zz_ewindisch22:41
*** noslzzp has quit IRC22:41
*** SergeyLukjanov has quit IRC22:42
*** zz_ewindisch is now known as ewindisch22:43
*** kenperkins has joined #openstack-dev22:43
*** adalbas has quit IRC22:44
*** radez is now known as radez_g0n322:44
*** joesavak has quit IRC22:45
*** yamahata_ has quit IRC22:45
*** rkukura has joined #openstack-dev22:46
*** abk has quit IRC22:46
*** lbragstad has quit IRC22:47
*** utlemming has quit IRC22:47
*** utlemming has joined #openstack-dev22:49
*** asselin_ has joined #openstack-dev22:50
*** epim has quit IRC22:51
*** asselin__ has quit IRC22:52
*** anniec has quit IRC22:53
*** novas0x2a|laptop has joined #openstack-dev22:54
*** eglynn has quit IRC22:54
*** susheel has joined #openstack-dev22:55
claytoncis there an easy way to link a gerrit change (via the git commit) to another in another repository, as a "related to / spawned by" relation?  the other change is going to be abandoned, this is moving a commit from one project into oslo-incubator with some context as to the history22:56
claytonca "gerrit" way vs. simply embedding a link to the review22:56
*** kenperkins has quit IRC22:56
*** adalbas has joined #openstack-dev22:56
*** Mandell has joined #openstack-dev22:57
*** sarob has quit IRC22:57
*** epim has joined #openstack-dev22:58
*** sarob has joined #openstack-dev22:58
*** sandy__ has quit IRC22:59
*** thelorax123 has quit IRC22:59
*** thelorax123 has joined #openstack-dev23:00
*** ayoung has joined #openstack-dev23:01
*** buzztrol_ has joined #openstack-dev23:01
*** sarob_ has joined #openstack-dev23:01
*** sarob has quit IRC23:01
*** nermina has quit IRC23:01
*** gmurphy_ has joined #openstack-dev23:02
*** buzztroll has quit IRC23:02
*** gmurphy_ has quit IRC23:02
clarkbclaytonc: just drop a link to the other change or put the other change's change id in the comments soewhere23:03
clarkbclaytonc: there is no formal way of doing that though23:03
*** rkukura has quit IRC23:04
*** nati_uen_ has joined #openstack-dev23:04
claytoncclarkb: thanks23:05
*** buzztrol_ has quit IRC23:05
*** nati_ueno has quit IRC23:07
*** anniec has joined #openstack-dev23:07
*** e0ne has joined #openstack-dev23:07
*** rcleere has quit IRC23:07
*** burt has quit IRC23:08
*** termie_ is now known as termie23:08
*** termie has quit IRC23:08
*** termie has joined #openstack-dev23:08
*** e0ne has quit IRC23:08
*** e0ne has joined #openstack-dev23:09
*** e0ne has quit IRC23:10
*** SergeyLukjanov has joined #openstack-dev23:11
*** e0ne has joined #openstack-dev23:11
*** kbringard has quit IRC23:12
*** sandy__ has joined #openstack-dev23:12
*** jamielennox|away is now known as jamielennox23:12
*** utlemming has quit IRC23:13
SpamapSHrm, I was trying to add py33 to os-apply-config and I got this:23:13
SpamapShttp://paste.openstack.org/show/5455623:13
SpamapSanybody know what the problem is?23:13
*** mriedem has joined #openstack-dev23:13
*** jcooley_ has quit IRC23:14
*** e0ne has quit IRC23:15
*** buzztroll has joined #openstack-dev23:16
*** jcoufal-mob has joined #openstack-dev23:16
clarkbSpamapS: source the .tox venv then do `python setup.py egg_info` and see if you get a better stacktrace23:16
*** susheel has left #openstack-dev23:16
*** utlemming has joined #openstack-dev23:16
*** bauzas has quit IRC23:17
SpamapSclarkb: I get a successful run23:17
clarkbSpamapS: does the py33-4.log file have any better info in it?23:18
SpamapShttp://paste.openstack.org/show/5455723:18
*** SergeyLukjanov has quit IRC23:18
SpamapSclarkb: http://paste.openstack.org/show/54558 <-- py33-4.log23:19
*** mattymo has quit IRC23:19
SpamapSclarkb: looks identical23:19
clarkbSpamapS: about a pip install?23:20
clarkbdoes that work too?23:20
SpamapSclarkb: no23:20
*** dolphm has joined #openstack-dev23:20
SpamapShttp://paste.openstack.org/show/5455923:20
SpamapSthere's pip install .23:20
*** mattymo has joined #openstack-dev23:20
clarkbpip install . not working is a known problem iirc. what if you change your cwd and pip install path_to_repo23:21
SpamapSdoh ok23:21
*** utlemming has quit IRC23:21
clarkbpip bug iirc23:21
SpamapSidentical bug23:22
*** jecarey has quit IRC23:22
SpamapSclarkb: let me upgrade tox/virtualenv23:22
SpamapScurrently on tox 1.6.1 and venv 1.10.123:22
*** neelashah has quit IRC23:23
*** melwitt has quit IRC23:23
*** jcooley_ has joined #openstack-dev23:23
clarkbSpamapS: I am stumped, maybe you have old pbr?23:24
*** melwitt has joined #openstack-dev23:24
*** jcoufal-mob has quit IRC23:24
SpamapSclarkb: the venv has pbr 0.5.2323:25
*** prad has quit IRC23:25
*** dolphm has quit IRC23:25
*** dkranz has quit IRC23:25
*** exed has quit IRC23:25
*** buzztroll has quit IRC23:26
*** utlemming has joined #openstack-dev23:28
amcrncan someone provide me the link that shows the code-review statistics for each project? (it lists reviewers, percentages, etc.)23:28
amcrnit was a site that served up a flat-file for each project, and it had ascii tables of all reviewers, percentage of reviews to code submissions, plus statistics about -1's, etc.23:28
*** dolphm has joined #openstack-dev23:29
SpamapSpbr is all 0.5.23 ...23:29
SpamapSclarkb: got newest tox, latest pbr.. no love :-P23:29
clarkbSpamapS: we should hunt down mordred23:29
clarkbhmm I wonder if zul has seen that23:29
clarkbzul: ^23:29
*** sgordon has quit IRC23:30
clarkbamcrn: http://russellbryant.net/openstack-stats/23:30
amcrnthanks clarkb23:30
*** sarob_ has quit IRC23:31
*** sarob has joined #openstack-dev23:31
*** krtaylor has joined #openstack-dev23:31
*** anniec has quit IRC23:33
*** nati_uen_ has quit IRC23:34
*** nati_ueno has joined #openstack-dev23:34
*** sarob_ has joined #openstack-dev23:34
*** sarob_ has quit IRC23:34
*** sarob_ has joined #openstack-dev23:35
*** sarob has quit IRC23:35
*** denis_makogon has quit IRC23:38
*** eharney has quit IRC23:40
*** geekinutah has left #openstack-dev23:40
*** dbalog has left #openstack-dev23:40
pmathewsHow do I make two reviews in Gerit inter-dependent that span two projects?23:41
jamielennoxdolphm: ping?23:42
*** jcooley_ has quit IRC23:42
dolphmjamielennox: pong23:42
jamielennoxdolphm: do you still have any objections to the extension discovery API?23:42
dolphmjamielennox: all of it :)23:43
jamielennoxdolphm: yea, i didn't expect a change of opinion23:43
clarkbpmathews: you can't23:43
*** jcooley_ has joined #openstack-dev23:43
jamielennoxdolphm: do you have any idea what we can do immediate term to replace it23:43
clarkbpmathews: usually document the dependency in the comments or git commit message23:43
dolphmjamielennox: provide {"links": {"users": "/v3/users", etc} from GET /v3/23:44
*** nermina has joined #openstack-dev23:44
*** anniec has joined #openstack-dev23:44
*** cpallares has quit IRC23:45
jamielennoxdolphm: so essentially we don't provide any differential between what is extension vs core resource23:45
dolphmjamielennox: well you do, but it can all be presented from relevant link objects23:45
dolphmjamielennox: for example, an extension might inject things like {"links": {"OS-TRUSTS:trusts": "/v3/OS-TRUSTS/trusts"}}23:45
jamielennoxdolphm: unrelated - also have a look at my comment to https://review.openstack.org/#/c/55405/ and see if i'm off base23:46
pmathewsclarkb: Something to the effect of "this is dependant upon [review] in [project]"23:46
dolphm(just like all other extended attributes, they need to be namespaced to avoid collisions)23:46
dolphmjamielennox: looking23:46
clarkbpmathews: right23:47
clarkbpmathews: so that reviewers are aware of it23:47
dolphmjamielennox: i have the same fuzzy feeling as you, i just neglected to comment on it because i hadn't made up my mind23:47
*** alunduil has joined #openstack-dev23:47
jamielennoxdolphm: ok, so we need to revert the change to identity-api before m2 and have something to replace it23:47
dolphmjamielennox: there's also mark nottingham's RFC on the topic, which at least one other project is already using (there's a recent discussion about it on list)23:48
*** peristeri has quit IRC23:49
jamielennoxdolphm: i'm looking at you as dictator here for some reason rather than waiting for the next meeting cause i have a couple of people who are looking to do extension stuff in keystoneclient23:49
dolphmjamielennox: it does links like v3 does, but with much more verbose metadata about them23:49
jamielennoxdolphm: yea i saw that, i didn't see if they were able to co-exist23:49
hemnaIs there a reason why we changed devstack stackrc's GIT_BASE from https:// to git:// ?23:49
jamielennoxdolphm: but it's seriously stupid that nova and keystone somehow ended up with a different format23:49
dolphmjamielennox: ha. what kind of extension stuff?23:49
jamielennoxdolphm: registering extension code into keystoneclient23:50
dolphmjamielennox: they used to be the same :( i don't think ours has changed23:50
jamielennoxours somehow got a "values" namespace23:50
jamielennoxi think that might be all23:50
dolphmjamielennox: hmm... that actually sounds familiar (as a bug against keystone)23:51
*** f13o has quit IRC23:51
jamielennoxdolphm: they were looking at doing the same sort of version discovery and i asked them to hold off until mine landed in keystoneclient and then re-use that23:51
*** herndon has quit IRC23:52
*** mlavalle has quit IRC23:54
dolphmjamielennox: okay, so doing this requires ZERO structural changes to the existing GET /v3/ API response. it's just adding more elements to the list of "links" https://gist.github.com/dolph/781630823:54
*** jcooley_ has quit IRC23:55
dolphmjamielennox: so, it's conceptually identical to how links are done in the rest of keystone, there's just room for metadata here23:55
jamielennoxis that json-home or whatever compatible?23:55
dolphmjamielennox: i don't know for sure -- I suspect it might be but didn't dig in23:55
dolphmjamielennox: that's literally our current response though23:56
jamielennoxdolphm: it doesn't really matter for now anyway i guess23:56
dolphmjamielennox: i have to run at the moment, i'll try and propose something to make this "official" in identity-api tomorrow (there's actually a placeholder for this call already)23:56
jamielennoxdolphm: so it works for extensions that add a new controller - do we still need to load a user to find that they have an oauth extension23:56
dolphmjamielennox: yes23:57
dolphmjamielennox: well, oauth also adds root attributes that would appear here, like access_keys23:57
dolphmunless those are on a user23:57
dolphmwhich now i think they are23:57
jamielennoxdolphm: i swear i knew the outcome of this conversation  before i came in23:57
jamielennoxstill had to check23:57
dolphmjamielennox: lol any concerns?23:57
jamielennoxdolphm: not really, just glad i hadn't done much on this impl23:58
dolphmjamielennox: =) comment on the gist or point people to it in the mean time23:58
dolphmjamielennox: i'm out! ttyl23:59
*** carl_baldwin has quit IRC23:59
jamielennoxdolphm: cya23:59
« Wednesday, 2013-12-04 Index Friday, 2013-12-06 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!