Wednesday, 2013-12-11

« Tuesday, 2013-12-10 Index Thursday, 2013-12-12 »
*** rdo has joined #openstack-dev00:00
*** jcooley_ has quit IRC00:02
*** jcooley_ has joined #openstack-dev00:02
*** yamahata_ has quit IRC00:04
*** fbo is now known as fbo_away00:04
*** pablosan has quit IRC00:05
*** jcooley_ has quit IRC00:07
*** epim has quit IRC00:07
*** epim has joined #openstack-dev00:12
*** jcooley_ has joined #openstack-dev00:13
*** jcooley_ has quit IRC00:13
*** jcooley_ has joined #openstack-dev00:13
*** faramir1 has joined #openstack-dev00:14
*** rudrarugge has joined #openstack-dev00:15
*** jcooley_ has quit IRC00:18
*** soody has joined #openstack-dev00:18
*** jergerber has quit IRC00:18
*** MaxV has joined #openstack-dev00:19
*** herndon has quit IRC00:21
*** rudrarug_ has joined #openstack-dev00:24
*** rudrarugge has quit IRC00:24
*** otherwiseguy has quit IRC00:25
*** pmathews has quit IRC00:25
holms./spice_auto.html:                var host, port, password, scheme = "ws://", uri;00:27
holmsshould be wss:// ? :D00:27
*** carl_baldwin has quit IRC00:28
*** vkmc has quit IRC00:28
*** jhesketh_ has joined #openstack-dev00:29
*** bdpayne has quit IRC00:30
*** salv-orlando has joined #openstack-dev00:30
*** MaxV has quit IRC00:31
*** bdpayne has joined #openstack-dev00:31
*** rudrarug_ has quit IRC00:33
*** jhesketh_ is now known as jhesketh00:33
*** jhesketh_ has joined #openstack-dev00:33
*** stevemar has joined #openstack-dev00:34
*** sarob has joined #openstack-dev00:34
*** hemna has quit IRC00:37
holmshttps://bugs.launchpad.net/nova/+bug/125976000:39
holmsnice00:39
uvirtbotLaunchpad bug 1259760 in nova "Spice console isn't working when ssl_only=True is set" [Undecided,New]00:39
*** soody has quit IRC00:39
*** soody has joined #openstack-dev00:40
*** xingchao has joined #openstack-dev00:41
*** hemna has joined #openstack-dev00:41
*** lbragstad has joined #openstack-dev00:42
*** hemna has quit IRC00:42
*** bswartz has joined #openstack-dev00:43
*** datsun180b has quit IRC00:44
*** tonix has quit IRC00:44
*** cyeoh_ has joined #openstack-dev00:46
*** cyeoh_ is now known as cyeoh00:46
*** epim has quit IRC00:46
*** dims has joined #openstack-dev00:46
*** salv-orlando has quit IRC00:46
*** hemna has joined #openstack-dev00:47
*** sarob has quit IRC00:48
*** sarob has joined #openstack-dev00:49
*** lbragstad has quit IRC00:49
*** ozialien_ has joined #openstack-dev00:50
*** sarob has quit IRC00:53
*** mikeoutland has quit IRC00:54
*** lbragstad has joined #openstack-dev00:54
*** joesavak has joined #openstack-dev00:54
*** ozialien_ has quit IRC00:55
*** yamahata_ has joined #openstack-dev00:55
*** lbragstad has quit IRC00:55
*** yamahata_ has quit IRC00:55
*** yamahata_ has joined #openstack-dev00:56
*** jhesketh_ has quit IRC00:58
*** arnaud__ has quit IRC00:58
*** anniec has quit IRC01:03
*** jhesketh_ has joined #openstack-dev01:03
*** venkatesh has joined #openstack-dev01:04
*** bdpayne has quit IRC01:05
*** hemna is now known as hemnafk01:05
*** mrodden has joined #openstack-dev01:05
*** xarses has quit IRC01:08
*** sandywalsh_ has quit IRC01:09
*** zz_ewindisch is now known as ewindisch01:12
*** eharney has quit IRC01:15
*** alop has quit IRC01:17
*** joesavak has quit IRC01:19
*** sandywalsh_ has joined #openstack-dev01:21
*** dims has quit IRC01:21
*** SumitNaiksatam has quit IRC01:21
*** sarob has joined #openstack-dev01:23
dstanekmorganfainberg: you around?01:24
dstanekmorganfainberg: looking at https://review.openstack.org/#/c/60741 now and i have a question when you have a second01:24
*** xarses has joined #openstack-dev01:24
*** salv-orlando has joined #openstack-dev01:25
*** s0mik has quit IRC01:26
*** tiantian has joined #openstack-dev01:27
*** s0mik has joined #openstack-dev01:28
morganfainbergdstanek, hi01:28
morganfainbergdstanek, ask away01:28
*** sarob has quit IRC01:28
*** salv-orlando has quit IRC01:28
dstanekmorganfainberg: are you using self.client.driver.set* because the default timeout is 0?01:29
*** nosnos has joined #openstack-dev01:29
morganfainbergcorrect01:29
*** salv-orlando has joined #openstack-dev01:29
morganfainbergdogpile adds extra arguments into the .set() value01:29
morganfainbergbased upon the backend configuration that is01:30
dstanekso you can override that default?01:30
morganfainbergyes.01:30
dstanekshould you be explicity with a timeout=0?01:30
morganfainbergwell, you provide that option, and then all sets have that extra arg in that case01:30
morganfainbergdefault for the memcache driver(s) is explicitly 001:30
morganfainbergthe memcache libs sorry, not drivers01:31
dstanekbut if you override that in your config then you may not actually have keys that don't expire right?01:31
morganfainbergdstanek, ok hold up01:31
morganfainbergdstanek, the base behavior is, do not set an expire time in the cache01:32
morganfainbergdstanek, you can pass memcache_expires to the backend, which will specify the TTL in the backend01:32
*** otherwiseguy has joined #openstack-dev01:32
morganfainbergif you use this mechanism to specify keys, those keys will not have the TTL of the memcache_expires value01:32
morganfainbergdstanek, i guess it would be more straightforward if I lifted that logic up into the proxy memcached backend01:33
dstanekso that config is for the backend layer, leaving the driver default at 0?01:33
morganfainberg(keystone/common/kvs/backends/memcached)01:33
*** yaguang has joined #openstack-dev01:33
morganfainbergdstanek, the memcached_expires option is set in the dogpile memcache implementation (dogpile.memcached)  it doesn't affect the basic memcached lib used as "driver.client")01:34
dstanekhaving worked with memcached before i know the libraries default to never expiring, but i see how it can be confusing for others01:34
*** vladikr has quit IRC01:35
morganfainbergdstanek, maybe we should lift the magic "make the TTL" arg addition to https://review.openstack.org/#/c/60741/7/keystone/common/kvs/backends/memcached.py instead of the logic i have01:35
dstanekmorganfainberg: can the backend take a timeout value?01:35
morganfainbergdstanek, by backend, you mean which part?  :P01:36
morganfainbergdstanek, there is... uhm... a lot of things named backend here01:36
*** s0mik has quit IRC01:36
*** dims has joined #openstack-dev01:36
dstanekthe dogpile backend so that you don't have to reach into self.driver.client01:37
morganfainbergdstanek, this is where the "TTL" set is implemneted https://bitbucket.org/zzzeek/dogpile.cache/src/4cc0af95d626fa89bfc903a6a454191ae0b7a104/dogpile/cache/backends/memcached.py?at=master#cl-17601:37
morganfainbergdstanek, it is a global option, no way to override it when it is set, https://bitbucket.org/zzzeek/dogpile.cache/src/4cc0af95d626fa89bfc903a6a454191ae0b7a104/dogpile/cache/backends/memcached.py?at=master#cl-16201:38
dstanekmorganfainberg: well it looks like what i want to do is impossible :-)01:38
*** praneshp__ has quit IRC01:38
morganfainbergdstanek, the answer to what you want to do is lift that MemcachedArgs logic up to my memcached.py at keystone.common.kvs.backends.memcached01:38
morganfainbergdstanek, and i would agree that would be more clear (so I'm happy to do it)01:39
morganfainbergit would, however, require all "set" logic to call driver.client instead of the dogpile interface =/01:40
morganfainbergnow that i think about it.01:40
morganfainbergat that point, perhaps it's easier to just lift some version of the dogpile.cache.backends.memcached file up into that backend (basically) and not rely on a "proxy-ish" thing01:41
dstanekmorganfainberg: also is set_multi correct in there? it looks like it is passing a set instead of a dict01:41
morganfainbergdstanek, aha, good catch!01:42
morganfainbergand it's showing a gap in test coverage.01:42
dstanekmorganfainberg: looks like there are some tests missing :-)01:42
morganfainbergdstanek, this is why we get things peer reviewed!01:43
dstanekmorganfainberg: btw, thanks for splitting this up!01:43
morganfainbergdstanek, oh of course, dude, 1000 lines is bad enough.  when i started having other "requirements" I figured time to split it up.01:44
morganfainbergit is... total about +1700 -700 lines for the whole chain so far.01:44
*** dguitarbite has joined #openstack-dev01:44
morganfainbergi didn't want to make it completely un-reviewable.01:44
*** SumitNaiksatam has joined #openstack-dev01:45
morganfainbergdstanek, ok i think the right answer is to stop proxying to _actual_ dogpile backends here.  Just implement the same-ish logic within keystone with the added no-cache-keys etc01:46
*** michchap_ has quit IRC01:46
*** sarob has joined #openstack-dev01:47
morganfainbergdstanek, and that way it'll be easier to write tests for.01:47
*** nermina has joined #openstack-dev01:47
morganfainbergi can make a contrived "test" backend that can be used to validate the extra code-paths.01:47
*** michchap has joined #openstack-dev01:47
dstanekmorganfainberg: that sounds interesting01:48
*** amcrn has quit IRC01:48
*** singhs_ has joined #openstack-dev01:48
morganfainbergbasically, we'd semi-duplicate the dogpile memcache backends  so we can get the same benefit, just with out own set logic, and i'd still use a manager to do the pivot i think.01:50
*** kushal has quit IRC01:50
*** SumitNaiksatam has quit IRC01:55
*** angdraug has quit IRC01:58
*** reed has quit IRC01:58
*** devoid has quit IRC01:58
*** jasdeepH has quit IRC01:59
*** herndon has joined #openstack-dev02:00
*** rongze has joined #openstack-dev02:01
*** guohliu has joined #openstack-dev02:02
*** soody has left #openstack-dev02:02
*** zyluo has joined #openstack-dev02:03
*** ewindisch is now known as zz_ewindisch02:03
*** bingbu has joined #openstack-dev02:03
*** jcooley_ has joined #openstack-dev02:04
*** mriedem has joined #openstack-dev02:04
zyluobnemec, ping02:05
*** mriedem has joined #openstack-dev02:06
*** zhikunliu has joined #openstack-dev02:07
*** arnaud__ has joined #openstack-dev02:09
*** nermina has quit IRC02:09
*** xchu has joined #openstack-dev02:10
*** achampion has joined #openstack-dev02:12
*** carl_baldwin has joined #openstack-dev02:16
*** arnaud__ has quit IRC02:16
*** wenjianhn has joined #openstack-dev02:16
*** colinmcnamara has quit IRC02:20
*** colinmcn_ has quit IRC02:20
*** chandankumar_ has joined #openstack-dev02:20
*** herndon has quit IRC02:20
*** Mandell has quit IRC02:24
*** erkules has quit IRC02:24
*** erkules_ has joined #openstack-dev02:25
*** comay has quit IRC02:26
*** topshare has joined #openstack-dev02:27
*** sarob has quit IRC02:29
*** sarob has joined #openstack-dev02:30
*** nermina has joined #openstack-dev02:31
*** rongze has quit IRC02:31
*** radsy has quit IRC02:33
*** radix_ has quit IRC02:33
*** chandankumar_ has quit IRC02:34
*** sarob_ has joined #openstack-dev02:34
*** sarob has quit IRC02:35
*** krotscheck has quit IRC02:37
*** venkatesh has quit IRC02:40
*** shinylasers has quit IRC02:43
*** jcooley_ has quit IRC02:43
*** teran has quit IRC02:43
*** nermina has quit IRC02:45
*** vladikr has joined #openstack-dev02:45
*** carl_baldwin has quit IRC02:46
*** rongze has joined #openstack-dev02:46
*** jamielennox is now known as jamielennox|away02:47
*** paragan has joined #openstack-dev02:47
*** SumitNaiksatam has joined #openstack-dev02:49
*** jasdeepH has joined #openstack-dev02:49
*** lbragstad has joined #openstack-dev02:49
*** sarob_ is now known as sarob02:51
*** Ryan_Lane has quit IRC02:52
*** Ryan_Lane has joined #openstack-dev02:53
*** nati_ueno has quit IRC02:54
*** pixelb has quit IRC02:58
*** Ryan_Lane has quit IRC02:58
*** marun has joined #openstack-dev03:00
*** noorul has joined #openstack-dev03:04
*** zhikunliu has quit IRC03:05
*** sarob has quit IRC03:06
*** galstrom_zzz is now known as galstrom03:06
*** sarob has joined #openstack-dev03:06
*** sballe has quit IRC03:06
*** sballe has joined #openstack-dev03:07
*** zhikunliu has joined #openstack-dev03:07
*** buzztroll has joined #openstack-dev03:08
*** topshare has quit IRC03:10
*** sarob has quit IRC03:11
*** zz_ewindisch is now known as ewindisch03:14
*** prekarat has joined #openstack-dev03:14
*** shinylasers has joined #openstack-dev03:18
*** shinylasers has quit IRC03:18
*** arnaud__ has joined #openstack-dev03:20
*** markwash has quit IRC03:21
*** Ryan_Lane has joined #openstack-dev03:25
*** Ryan_Lane has quit IRC03:30
*** rm_work is now known as rm_work|away03:30
*** rushiagr has quit IRC03:35
*** sridevi has joined #openstack-dev03:36
*** singhs_ has quit IRC03:38
*** radsy has joined #openstack-dev03:38
*** wputra has joined #openstack-dev03:38
*** archon1st has joined #openstack-dev03:39
*** pcm_ has quit IRC03:43
*** teran has joined #openstack-dev03:44
*** aditirav has joined #openstack-dev03:44
*** mikeoutland has joined #openstack-dev03:44
*** galstrom is now known as galstrom_zzz03:45
*** aditirav has quit IRC03:46
*** aditirav has joined #openstack-dev03:46
*** hill has joined #openstack-dev03:48
*** hill is now known as Guest9562003:49
*** neelashah has joined #openstack-dev03:49
*** gordc has joined #openstack-dev03:49
*** hcc has joined #openstack-dev03:50
*** teran has quit IRC03:51
*** haomaiwang has joined #openstack-dev03:52
*** markvoelker_ has joined #openstack-dev03:52
*** gordc has quit IRC03:54
*** gyee has quit IRC03:55
*** alunduil has joined #openstack-dev03:56
*** stevemar2 has joined #openstack-dev03:58
*** teran has joined #openstack-dev04:01
*** stevemar has quit IRC04:01
*** alex_klimov has joined #openstack-dev04:01
*** prekarat has quit IRC04:02
*** mdomsch has joined #openstack-dev04:04
*** alex_klimov has quit IRC04:05
*** Guest95620 has quit IRC04:05
*** zhikunliu has quit IRC04:14
*** haomaiwa_ has joined #openstack-dev04:20
*** haomaiwang has quit IRC04:20
*** dstanek_afk has joined #openstack-dev04:22
*** ArxCruz has quit IRC04:22
*** skraynev_ has joined #openstack-dev04:24
*** ArxCruz has joined #openstack-dev04:24
*** markwash has joined #openstack-dev04:24
*** hemna_ has joined #openstack-dev04:24
*** skraynev has quit IRC04:24
*** yamahata_ has quit IRC04:24
*** hemnafk has quit IRC04:24
*** dstanek has quit IRC04:24
*** dsirrine has quit IRC04:24
*** hemna_ has quit IRC04:24
*** hemna_ has joined #openstack-dev04:24
*** mikeoutland has quit IRC04:24
*** dsirrine has joined #openstack-dev04:25
*** lari has quit IRC04:25
*** lari has joined #openstack-dev04:25
*** hcc is now known as hdd_04:25
*** dguitarbite has quit IRC04:27
*** SergeyLukjanov has joined #openstack-dev04:27
*** yamahata_ has joined #openstack-dev04:28
*** ssurana has joined #openstack-dev04:28
*** anniec has joined #openstack-dev04:28
*** benonsoftware has quit IRC04:29
*** ArxCruz has quit IRC04:29
*** devoX has joined #openstack-dev04:29
*** wbill has quit IRC04:30
*** dstanek_afk has quit IRC04:31
*** mriedem has quit IRC04:31
*** ArxCruz has joined #openstack-dev04:32
*** changbl has quit IRC04:33
*** haomaiwa_ has quit IRC04:33
*** haomaiwang has joined #openstack-dev04:34
*** epopt37 has quit IRC04:34
*** anniec_ has joined #openstack-dev04:35
*** anniec has quit IRC04:35
*** anniec_ is now known as anniec04:35
*** kenperkins has quit IRC04:35
*** changbl has joined #openstack-dev04:36
*** toanster has joined #openstack-dev04:36
*** alex_klimov has joined #openstack-dev04:36
*** dstanek_afk has joined #openstack-dev04:36
*** devoX has quit IRC04:38
*** haomaiwa_ has joined #openstack-dev04:39
*** haomaiwang has quit IRC04:39
*** teran has quit IRC04:43
*** cdub has quit IRC04:47
*** blamar has quit IRC04:47
*** teran has joined #openstack-dev04:47
*** epopt37 has joined #openstack-dev04:48
*** zhikunliu has joined #openstack-dev04:49
*** benonsoftware has joined #openstack-dev04:49
*** rongze has quit IRC04:50
morganfainbergdstanek_afk, i think I solved your concern with the backends04:51
*** buzztroll has quit IRC04:51
morganfainbergdstanek_afk, ended up using a mixin and overrode the set/set_multi functionality so that it all exists in the MemcacheBackend manager and a lightweight wrapper instead of passing those calls down to the actual dogpile backend.04:51
*** nshaikh has joined #openstack-dev04:52
*** dstanek_afk is now known as dstanek04:52
dstanekmorganfainberg: nice, good idea04:52
morganfainbergdstanek, https://review.openstack.org/#/c/60741/8/keystone/common/kvs/backends/memcached.py04:53
*** cdub has joined #openstack-dev04:54
morganfainbergoh crud.  dict comprehension... thats not py26 friendly04:55
morganfainberg*goes and fixes*04:55
*** rushiagr has joined #openstack-dev04:55
*** jamielennox|away is now known as jamielennox04:56
*** mikeoutland has joined #openstack-dev04:56
*** wenjianhn is now known as _wenjianhn_04:59
*** mikeoutland has quit IRC04:59
morganfainbergdstanek, anyway.  thanks for the feedback :)05:00
dstanekmorganfainberg: np, that's what i'm here for05:00
*** rraja has joined #openstack-dev05:00
*** SergeyLukjanov is now known as _SergeyLukjanov05:09
*** _SergeyLukjanov has quit IRC05:10
*** arnaud__ has quit IRC05:10
*** prekarat has joined #openstack-dev05:12
*** zaitcev has quit IRC05:12
*** prekarat1 has joined #openstack-dev05:13
*** arnaud__ has joined #openstack-dev05:13
*** SergeyLukjanov has joined #openstack-dev05:14
*** ngoracke has quit IRC05:15
*** teran has quit IRC05:15
*** jab416171 has quit IRC05:15
*** dolphm has quit IRC05:16
*** prekarat has quit IRC05:16
*** jab416171 has joined #openstack-dev05:17
*** dolphm_ has joined #openstack-dev05:18
*** boris-42 has joined #openstack-dev05:18
*** arnaud__ has quit IRC05:18
*** sc68cal has quit IRC05:18
*** sc68cal has joined #openstack-dev05:18
*** alunduil has quit IRC05:19
*** rongze has joined #openstack-dev05:20
*** cfriesen_ has quit IRC05:23
*** alunduil has joined #openstack-dev05:24
*** nosnos_ has joined #openstack-dev05:31
*** jcooley_ has joined #openstack-dev05:33
*** nosnos has quit IRC05:34
*** rongze has quit IRC05:35
*** anniec has quit IRC05:36
*** Nikolay_St has joined #openstack-dev05:36
*** tdruiva_ has quit IRC05:36
*** tdruiva has joined #openstack-dev05:37
*** neelashah has quit IRC05:38
*** jhesketh has quit IRC05:38
*** rohitk has joined #openstack-dev05:40
*** pixelb has joined #openstack-dev05:41
*** tdruiva has quit IRC05:41
*** jasdeepH has quit IRC05:44
*** jasdeepH has joined #openstack-dev05:44
*** xchu has quit IRC05:45
*** sridevi has quit IRC05:46
*** jasdeepH has quit IRC05:50
*** sridevi has joined #openstack-dev05:52
*** nelsnelson has quit IRC05:56
*** kbrierly has quit IRC05:56
*** nelsnelson has joined #openstack-dev05:56
*** venkatesh has joined #openstack-dev05:56
*** kbrierly has joined #openstack-dev05:57
*** juice has quit IRC05:57
*** devananda has quit IRC05:57
*** davidlenwell_ has joined #openstack-dev05:57
*** devananda has joined #openstack-dev05:57
*** nelsnelson has quit IRC05:57
*** Ghe_HPDiscover has quit IRC05:57
*** vipuls has quit IRC05:58
*** nelsnelson has joined #openstack-dev05:58
*** nelsnelson has quit IRC05:58
*** davidlenwell has quit IRC05:58
*** echohead has quit IRC05:58
*** LinuxJedi has quit IRC05:58
*** NobodyCam has quit IRC05:58
*** xchu has joined #openstack-dev05:59
*** echohead has joined #openstack-dev05:59
*** LinuxJedi has joined #openstack-dev06:00
*** buzztroll has joined #openstack-dev06:02
*** rongze has joined #openstack-dev06:03
*** pixelb has quit IRC06:03
*** tiantian has quit IRC06:03
*** juice has joined #openstack-dev06:03
*** nosnos_ has quit IRC06:04
*** nosnos has joined #openstack-dev06:05
*** xchu has quit IRC06:06
*** mdomsch has quit IRC06:06
*** buzztroll has quit IRC06:06
*** vipul has joined #openstack-dev06:07
*** rongze has quit IRC06:07
*** venkatesh_ has joined #openstack-dev06:07
*** vkozhukalov has quit IRC06:09
*** venkatesh has quit IRC06:10
*** avishay has joined #openstack-dev06:10
*** yeylon__ has joined #openstack-dev06:11
*** ig has joined #openstack-dev06:11
*** carlp has quit IRC06:12
*** rdas has joined #openstack-dev06:13
*** tonyfy has joined #openstack-dev06:14
*** NobodyCam has joined #openstack-dev06:14
*** otherwiseguy has quit IRC06:15
*** rongze has joined #openstack-dev06:15
*** radsy has quit IRC06:18
*** odyssey4me has joined #openstack-dev06:19
*** hdd_ has quit IRC06:20
*** SergeyLukjanov has quit IRC06:21
*** xchu has joined #openstack-dev06:25
*** gongysh has joined #openstack-dev06:28
*** topol has joined #openstack-dev06:29
*** ArcTanSusan has joined #openstack-dev06:30
*** echohead has quit IRC06:31
*** ArcTanSusan has quit IRC06:31
*** rushiagr has quit IRC06:32
*** Ghe_HPDiscover has joined #openstack-dev06:35
*** novas0x2a|laptop has quit IRC06:36
*** jcooley_ has quit IRC06:39
*** denis_makogon has joined #openstack-dev06:42
*** topol has quit IRC06:44
*** markvoelker_ has quit IRC06:48
*** ig1 has joined #openstack-dev06:52
*** ig has quit IRC06:53
*** ArcTanSusan has joined #openstack-dev07:00
*** vartom111112 has joined #openstack-dev07:02
*** dstanek has quit IRC07:02
*** sushils has quit IRC07:02
*** lifeless has quit IRC07:05
*** jhesketh_ has quit IRC07:09
*** jcooley_ has joined #openstack-dev07:09
*** mrunge has joined #openstack-dev07:13
*** topshare has joined #openstack-dev07:13
*** rraja has quit IRC07:13
*** ifarkas has joined #openstack-dev07:13
*** sdake_ has quit IRC07:13
*** jcooley_ has quit IRC07:15
*** guohliu has quit IRC07:18
*** ilukyanenkov has quit IRC07:18
*** vartom11116 has joined #openstack-dev07:19
*** stevemar2 has quit IRC07:20
*** jtomasek has joined #openstack-dev07:20
*** vartom111112 has quit IRC07:20
*** erkules_ is now known as erkules07:21
*** belmoreira has joined #openstack-dev07:22
*** boris-42 has quit IRC07:22
*** venkatesh_ has quit IRC07:23
*** MaxV has joined #openstack-dev07:23
*** guohliu has joined #openstack-dev07:25
*** jtomasek has quit IRC07:26
*** garyk has joined #openstack-dev07:26
*** jtomasek has joined #openstack-dev07:27
*** arnaud__ has joined #openstack-dev07:27
*** doron_afk has joined #openstack-dev07:30
*** rraja has joined #openstack-dev07:30
*** urulama has joined #openstack-dev07:31
*** rushiagr has joined #openstack-dev07:33
*** arnaud__ has quit IRC07:35
*** nati_ueno has joined #openstack-dev07:36
*** MaxV has quit IRC07:36
*** MaxV has joined #openstack-dev07:37
*** yolanda has joined #openstack-dev07:37
*** teran has joined #openstack-dev07:41
*** MaxV has quit IRC07:41
*** archon1st has quit IRC07:47
*** xga has joined #openstack-dev07:48
*** shri has joined #openstack-dev07:49
*** SergeyLukjanov has joined #openstack-dev07:49
*** sarob has joined #openstack-dev07:51
*** xchu has quit IRC07:52
*** DinaBelova has joined #openstack-dev07:54
*** jprovazn has joined #openstack-dev07:54
*** Abhishek_ has joined #openstack-dev07:57
*** vkozhukalov has joined #openstack-dev07:57
*** gimps has quit IRC07:59
*** gimps has joined #openstack-dev07:59
*** arozumenko has joined #openstack-dev08:00
*** alunduil has quit IRC08:02
*** jcoufal has joined #openstack-dev08:04
*** jcooley_ has joined #openstack-dev08:05
*** bingbu has quit IRC08:05
*** jcoufal has joined #openstack-dev08:05
*** xchu has joined #openstack-dev08:05
rohitkDoes anybody have experience of using zeromq with openstack?08:06
*** alunduil has joined #openstack-dev08:07
*** jcooley_ has quit IRC08:09
*** sridevi has quit IRC08:11
*** pschaef has joined #openstack-dev08:12
*** ilukyanenkov has joined #openstack-dev08:13
*** flaper87|afk is now known as flaper8708:13
*** ruhe has joined #openstack-dev08:16
*** rraja has quit IRC08:16
*** gargya has joined #openstack-dev08:16
*** shri has left #openstack-dev08:17
*** pschaef has quit IRC08:17
*** sahid has joined #openstack-dev08:17
*** corXi has joined #openstack-dev08:18
*** fbo_away is now known as fbo08:18
kbrierlySince there's such a big group here i have a quick question. Has anyone been able to get over 3gigabit vm to vm over a bridge in ubuntu 12.04 kernel 3.2???08:19
*** markwash has quit IRC08:21
*** ruhe has quit IRC08:21
*** pschaef has joined #openstack-dev08:21
*** ruhe has joined #openstack-dev08:22
*** rushiagr has quit IRC08:22
*** zyluo has quit IRC08:23
*** nshaikh has left #openstack-dev08:23
*** bingbu has joined #openstack-dev08:25
*** ruhe has quit IRC08:25
*** haomaiwa_ has quit IRC08:27
*** haomaiwang has joined #openstack-dev08:27
*** xga has quit IRC08:28
*** bauzas has joined #openstack-dev08:29
*** xga has joined #openstack-dev08:29
*** henrynash has joined #openstack-dev08:29
*** _wenjianhn_ has quit IRC08:29
*** rdas has quit IRC08:30
*** markwash has joined #openstack-dev08:32
*** sergmelikyan has joined #openstack-dev08:32
*** topshare has quit IRC08:32
*** topshare has joined #openstack-dev08:34
*** rdas has joined #openstack-dev08:34
*** MaxV has joined #openstack-dev08:34
*** guohliu has quit IRC08:35
*** guohliu has joined #openstack-dev08:35
*** radix_ has joined #openstack-dev08:36
*** nati_ueno has quit IRC08:38
*** reidrac has joined #openstack-dev08:38
*** rushiagr has joined #openstack-dev08:39
*** iartarisi has joined #openstack-dev08:40
*** vartom11116 has quit IRC08:41
*** yongli is now known as yongli_away08:41
*** sridevi has joined #openstack-dev08:41
*** vartom11116 has joined #openstack-dev08:42
*** xqueralt has joined #openstack-dev08:42
*** JordanP has joined #openstack-dev08:42
*** Drankis has joined #openstack-dev08:44
*** sergmelikyan has quit IRC08:45
*** yassine has joined #openstack-dev08:46
*** rongze has quit IRC08:46
*** rongze has joined #openstack-dev08:47
*** sushils has joined #openstack-dev08:52
*** kbrierly has quit IRC08:52
*** roeyc has joined #openstack-dev08:56
*** jistr has joined #openstack-dev08:57
*** ArcTanSusan has quit IRC08:59
*** e0ne has joined #openstack-dev08:59
*** jcooley_ has joined #openstack-dev09:00
*** gszasz has joined #openstack-dev09:01
*** afazekas has joined #openstack-dev09:02
*** boden has joined #openstack-dev09:03
*** gargya has quit IRC09:03
*** romcheg has joined #openstack-dev09:04
*** jcooley_ has quit IRC09:04
*** lbragstad has quit IRC09:05
*** yolanda has quit IRC09:06
*** sridevi has quit IRC09:06
*** boris-42 has joined #openstack-dev09:06
*** yolanda has joined #openstack-dev09:07
*** Abhishek_ has quit IRC09:08
d0ugalHi, I'm trying to figure out a devstack issue I've got. The syncdb for horizon its hanging. This is part of the log and the postgres activity (at the bottom) which seems to be stuck on "COMMIT" https://gist.github.com/d0ugal/790714209:08
d0ugalAny ideas?09:08
*** lbragstad has joined #openstack-dev09:10
*** sridevi has joined #openstack-dev09:11
*** ace has joined #openstack-dev09:11
*** arezmerita has quit IRC09:12
acewhat is the best way to get started making a new service?09:13
*** jpich has joined #openstack-dev09:14
*** lucasagomes has joined #openstack-dev09:14
*** bingbu has quit IRC09:14
*** Abhishek_ has joined #openstack-dev09:17
*** locke105 has quit IRC09:17
*** avishayb has joined #openstack-dev09:18
*** e0ne_ has joined #openstack-dev09:19
*** markwash has quit IRC09:20
*** venkatesh has joined #openstack-dev09:21
*** max_lobur_afk is now known as max_lobur09:21
*** e0ne has quit IRC09:23
*** sridevi has quit IRC09:23
*** derekh has joined #openstack-dev09:23
*** arezmerita has joined #openstack-dev09:25
*** henrynash has quit IRC09:25
*** Teju has joined #openstack-dev09:26
*** sergmelikyan has joined #openstack-dev09:26
*** doron_afk is now known as doron09:27
Tejuhi doron...can u help me with a issue with keystone?09:28
*** marekd|away is now known as marekd09:31
*** guohliu has quit IRC09:33
*** henrynash has joined #openstack-dev09:35
*** arnaud__ has joined #openstack-dev09:35
*** nosnos_ has joined #openstack-dev09:36
TejuHi all....i have an issue with keystone....can anyone help?09:37
acejust ask the question09:38
Tejui have registered services(identity and cinder) with keystone using keystone service-create and I was able to see the services using service-list.But,after few days/changes/reboots,the service-list command is not listing any services09:39
*** doron is now known as doron_afk09:39
*** arnaud__ has quit IRC09:40
*** nosnos has quit IRC09:40
*** rraja has joined #openstack-dev09:41
*** denis_makogon has quit IRC09:42
*** lifeless has joined #openstack-dev09:43
Tejuhi ace...I asked the q...do u know how to fix the issue?09:43
acei have not seen that happen.09:45
*** mmagr has joined #openstack-dev09:48
Tejuthanks ace...one more q: the service-list does not list any services,but i am able to log into dashboard and keystone is able to generate tokens...So,keystone is working right?09:52
*** devvesa has joined #openstack-dev09:53
*** johnthetubaguy has joined #openstack-dev09:56
aceyes, have you checked the service list in dashboard?09:58
*** jcoufal has quit IRC09:58
*** matiu has quit IRC09:58
*** xga has quit IRC09:59
*** xga_ has joined #openstack-dev09:59
*** gongysh has quit IRC10:00
*** shardy_afk is now known as shardy10:01
*** matiu has joined #openstack-dev10:02
*** matiu has quit IRC10:02
*** matiu has joined #openstack-dev10:02
*** safchain has joined #openstack-dev10:03
*** xchu has quit IRC10:04
*** danpb has joined #openstack-dev10:07
*** gszasz has quit IRC10:08
*** rdas has quit IRC10:09
*** heyongli has joined #openstack-dev10:10
*** jaimegil has joined #openstack-dev10:11
*** doron_afk is now known as doron10:12
*** dguitarbite has joined #openstack-dev10:12
*** rossella_s has joined #openstack-dev10:14
*** markmc has joined #openstack-dev10:14
*** ohadlevy has quit IRC10:15
*** lbragstad has quit IRC10:16
Tejuace...yes...the services are listed in the dashboard10:17
*** rdas has joined #openstack-dev10:17
*** prekarat1 has quit IRC10:18
*** doron is now known as doron_afk10:19
*** DinaBelova has quit IRC10:20
*** pixelb has joined #openstack-dev10:21
*** SergeyLukjanov is now known as _SergeyLukjanov10:23
*** aditirav_ has joined #openstack-dev10:23
*** venkatesh has quit IRC10:25
*** topshare has quit IRC10:25
*** doron_afk is now known as doron10:25
*** sarob has quit IRC10:26
*** aditirav has quit IRC10:26
*** aditirav_ is now known as aditirav10:26
*** xingchao has quit IRC10:31
*** sushils has quit IRC10:33
*** paragan has quit IRC10:34
*** venkatesh has joined #openstack-dev10:37
*** sushils has joined #openstack-dev10:37
*** che-arne has joined #openstack-dev10:43
*** jd__ has quit IRC10:48
*** jd__ has joined #openstack-dev10:48
*** Teju has quit IRC10:50
*** bogdando has quit IRC10:51
*** mgagne has quit IRC10:52
*** nosnos_ has quit IRC10:57
*** nosnos has joined #openstack-dev10:57
*** tonyfy has quit IRC10:58
*** yaguang has quit IRC10:59
*** arozumenko1 has joined #openstack-dev11:02
*** arozumenko has quit IRC11:02
*** anniec has joined #openstack-dev11:03
*** ifarkas has quit IRC11:03
*** yhe_ has joined #openstack-dev11:04
*** mgagne has joined #openstack-dev11:06
*** mgagne has joined #openstack-dev11:06
*** noorul has quit IRC11:06
*** heyongli has quit IRC11:06
*** jp_at_hp has joined #openstack-dev11:08
*** mflobo has joined #openstack-dev11:09
mfloboHi all11:10
mfloboAnyone knows something about this bug https://bugs.launchpad.net/python-cinderclient/+bug/1240497 ?11:10
uvirtbotLaunchpad bug 1240497 in python-cinderclient "Module backports was already imported when runnin cli commands" [Undecided,New]11:10
mfloboI have the same problem https://ask.openstack.org/en/question/8396/keystonclient-upgrade-problems-with-babel/11:11
*** faramir1 has quit IRC11:12
*** sarob has joined #openstack-dev11:16
*** akrivoka has joined #openstack-dev11:17
*** pcm_ has joined #openstack-dev11:18
*** mdenny has quit IRC11:20
*** venkatesh has quit IRC11:20
*** rongze has quit IRC11:21
*** nati_ueno has joined #openstack-dev11:21
*** rfolco has joined #openstack-dev11:22
*** pcm_ has quit IRC11:22
*** arozumenko1 has quit IRC11:22
*** pcm_ has joined #openstack-dev11:22
*** Abhishek_ has quit IRC11:23
*** MaxV has quit IRC11:24
*** jcoufal has joined #openstack-dev11:24
*** MaxV has joined #openstack-dev11:24
*** roeyc has quit IRC11:24
*** zhikunliu has quit IRC11:28
*** arozumenko has joined #openstack-dev11:29
*** MaxV has quit IRC11:29
*** nshaikh has joined #openstack-dev11:31
*** yhe_ is now known as heyongli11:33
*** bogdando has joined #openstack-dev11:33
*** yamahata_ has quit IRC11:33
*** rushiagr has quit IRC11:33
*** bauzas has quit IRC11:34
*** bauzas has joined #openstack-dev11:34
*** nermina has joined #openstack-dev11:35
*** doron is now known as doron_afk11:36
*** doron_afk is now known as doron11:36
*** arnaud__ has joined #openstack-dev11:36
*** arnaud__ has quit IRC11:41
*** kmartin has quit IRC11:42
*** jcooley_ has joined #openstack-dev11:43
*** anniec_ has joined #openstack-dev11:43
*** ohadlevy has joined #openstack-dev11:44
*** rongze has joined #openstack-dev11:44
*** anniec has quit IRC11:45
*** anniec_ is now known as anniec11:45
*** nermina has quit IRC11:46
*** rushiagr has joined #openstack-dev11:47
*** jcooley_ has quit IRC11:47
*** sarob has quit IRC11:48
*** arozumenko has quit IRC11:51
*** tdruiva has joined #openstack-dev11:51
*** viktors has joined #openstack-dev11:52
*** tdruiva has quit IRC11:52
*** tdruiva has joined #openstack-dev11:53
*** ifarkas has joined #openstack-dev11:53
*** teran has quit IRC11:53
*** arozumenko has joined #openstack-dev11:54
*** tonix has joined #openstack-dev11:55
*** e0ne_ has quit IRC11:56
*** MaxV has joined #openstack-dev11:57
*** DinaBelova has joined #openstack-dev11:57
*** morazi has quit IRC11:58
*** Sumeniac has quit IRC11:58
*** Sumeniac has joined #openstack-dev11:58
*** e0ne has joined #openstack-dev12:00
*** MaxV has quit IRC12:01
*** iartarisi has quit IRC12:02
*** MaxV has joined #openstack-dev12:03
*** MaxV has quit IRC12:05
*** MaxV has joined #openstack-dev12:05
*** mkollaro has joined #openstack-dev12:06
*** lucasagomes is now known as lucas-hungry12:06
*** viktors has quit IRC12:08
*** vkmc has joined #openstack-dev12:08
*** stevemar has joined #openstack-dev12:09
*** doron is now known as doron_afk12:09
*** SergeyLukjanov has joined #openstack-dev12:10
*** iartarisi has joined #openstack-dev12:10
*** [1]avishayb has joined #openstack-dev12:11
*** adalbas has joined #openstack-dev12:12
*** [2]avishayb has joined #openstack-dev12:12
*** sarob has joined #openstack-dev12:13
*** avishayb has quit IRC12:13
*** [2]avishayb is now known as avishayb12:13
*** bvandenh has joined #openstack-dev12:14
*** [1]avishayb has quit IRC12:15
*** aditirav has quit IRC12:19
*** rushiagr has quit IRC12:27
*** doron_afk is now known as doron12:27
*** paragan has joined #openstack-dev12:27
*** paragan has quit IRC12:28
*** paragan has joined #openstack-dev12:28
*** FunnyLookinHat has joined #openstack-dev12:30
*** jcoufal has quit IRC12:31
*** markvoelker1 has joined #openstack-dev12:32
*** achampion has quit IRC12:32
*** rraja has quit IRC12:34
*** faramir1 has joined #openstack-dev12:37
*** doron is now known as doron_afk12:38
*** henrynash has quit IRC12:41
*** vladikr has quit IRC12:42
*** gszasz has joined #openstack-dev12:44
*** beagles has quit IRC12:44
*** sarob has quit IRC12:45
*** doron_afk is now known as doron12:47
*** rraja has joined #openstack-dev12:47
*** Alexei_987 has joined #openstack-dev12:49
*** jruzicka has joined #openstack-dev12:49
*** henrynash has joined #openstack-dev12:50
*** Sumeniac has quit IRC12:51
*** Sumeniac has joined #openstack-dev12:52
*** urulama has quit IRC12:53
*** sgordon has joined #openstack-dev12:53
*** odyssey4me has quit IRC12:56
*** jcoufal-mob has joined #openstack-dev12:56
*** yeylon__ has quit IRC12:56
*** tonyha has joined #openstack-dev12:57
*** rraja has quit IRC12:57
*** arnaud__ has joined #openstack-dev12:58
*** eharney has joined #openstack-dev12:58
*** [1]avishayb has joined #openstack-dev12:59
*** vkozhukalov has quit IRC13:00
*** [2]avishayb has joined #openstack-dev13:00
*** arnaud__ has quit IRC13:01
*** avishayb has quit IRC13:02
*** [2]avishayb is now known as avishayb13:02
*** arnaud__ has joined #openstack-dev13:02
*** wputra has quit IRC13:03
*** [1]avishayb has quit IRC13:03
*** arezmerita has quit IRC13:03
*** henrynash has quit IRC13:04
*** [1]avishayb has joined #openstack-dev13:06
*** morazi has joined #openstack-dev13:07
*** sandywalsh_ has quit IRC13:07
*** tonyha has quit IRC13:07
*** xga__ has joined #openstack-dev13:08
*** slagle has quit IRC13:08
*** jcoufal-mob_ has joined #openstack-dev13:08
*** xga_ has quit IRC13:08
*** avishayb has quit IRC13:09
*** [1]avishayb is now known as avishayb13:09
*** b3nt_pin has joined #openstack-dev13:10
*** rraja has joined #openstack-dev13:10
*** sarob has joined #openstack-dev13:10
*** dprince has joined #openstack-dev13:11
*** jcoufal-mob has quit IRC13:11
*** b3nt_pin has quit IRC13:12
*** b3nt_pin has joined #openstack-dev13:12
*** ygbo has joined #openstack-dev13:12
*** urulama has joined #openstack-dev13:13
*** sballe has quit IRC13:14
*** yeylon__ has joined #openstack-dev13:14
*** arezmerita has joined #openstack-dev13:18
*** b3nt_pin is now known as beagles13:19
*** yaguang has joined #openstack-dev13:20
*** sandywalsh_ has joined #openstack-dev13:20
*** buzztroll has joined #openstack-dev13:21
*** b3nt_pin has joined #openstack-dev13:22
*** tdruiva has quit IRC13:23
*** prad has joined #openstack-dev13:23
*** tdruiva has joined #openstack-dev13:23
*** lbragstad has joined #openstack-dev13:24
*** b3nt_pin has quit IRC13:26
*** tdruiva has quit IRC13:28
*** topshare has joined #openstack-dev13:29
*** vladikr has joined #openstack-dev13:29
*** vartom11116 has quit IRC13:30
*** max_lobur is now known as max_lobur_afk13:30
*** jcooley_ has joined #openstack-dev13:30
*** aveiga has quit IRC13:31
*** jruzicka has quit IRC13:34
*** dstanek has joined #openstack-dev13:35
*** sarob has quit IRC13:35
*** jdob has joined #openstack-dev13:35
*** jcooley_ has quit IRC13:35
*** xingchao has joined #openstack-dev13:35
*** topshare has quit IRC13:37
*** prekarat has joined #openstack-dev13:38
*** safchain has quit IRC13:38
*** achampion has joined #openstack-dev13:39
*** jorisroovers has joined #openstack-dev13:39
*** doron is now known as doron_afk13:39
*** rohitk has quit IRC13:40
*** kbringard has joined #openstack-dev13:40
*** xingchao has quit IRC13:41
*** gongysh has joined #openstack-dev13:43
*** doron_afk is now known as doron13:43
*** bswartz has quit IRC13:44
*** doron has quit IRC13:44
*** faramir1 has quit IRC13:45
*** dkranz has joined #openstack-dev13:48
*** freyes has joined #openstack-dev13:51
*** tdruiva has joined #openstack-dev13:53
*** bpokorny has joined #openstack-dev13:54
*** viktors has joined #openstack-dev13:54
*** safchain has joined #openstack-dev13:54
*** jaimegil has quit IRC13:56
*** rkukura has quit IRC13:57
*** rkukura has joined #openstack-dev13:57
*** buzztroll has quit IRC13:58
*** xga has joined #openstack-dev13:59
*** xga__ has quit IRC14:00
*** lucas-hungry is now known as lucasagomes14:01
*** galstrom_zzz is now known as galstrom14:01
*** mfer has joined #openstack-dev14:04
*** cpallares has joined #openstack-dev14:05
*** slagle has joined #openstack-dev14:05
*** prad has quit IRC14:06
*** clayb has joined #openstack-dev14:06
*** sarob has joined #openstack-dev14:06
*** clayb has quit IRC14:06
*** athomas has quit IRC14:06
*** nosnos has quit IRC14:06
*** clayb has joined #openstack-dev14:07
*** galstrom is now known as galstrom_zzz14:08
*** morazi has quit IRC14:10
*** dguitarbite has quit IRC14:11
*** thomasem has joined #openstack-dev14:11
*** aeperezt has joined #openstack-dev14:12
*** prad has joined #openstack-dev14:12
*** sarob has quit IRC14:14
*** gongysh has quit IRC14:16
*** mriedem has joined #openstack-dev14:16
*** aveiga has joined #openstack-dev14:17
*** jasondotstar has joined #openstack-dev14:17
*** jcoufal has joined #openstack-dev14:17
*** ngoracke has joined #openstack-dev14:18
*** bknudson has joined #openstack-dev14:18
*** aeperezt has quit IRC14:18
*** riskable has joined #openstack-dev14:19
*** jayg|g0n3 is now known as jayg14:20
*** morazi has joined #openstack-dev14:23
*** michchap has quit IRC14:24
*** gordc has joined #openstack-dev14:24
*** bswartz has joined #openstack-dev14:24
*** jcooley_ has joined #openstack-dev14:25
*** bauzas has quit IRC14:26
*** buzztroll has joined #openstack-dev14:27
*** jgrimm has joined #openstack-dev14:27
*** jergerber has joined #openstack-dev14:27
*** jcoufal-mob_ has quit IRC14:27
*** sarob has joined #openstack-dev14:27
*** joesavak has joined #openstack-dev14:29
*** jcooley_ has quit IRC14:29
*** eharney has quit IRC14:30
*** aeperezt has joined #openstack-dev14:30
*** xingchao has joined #openstack-dev14:31
*** sarob has quit IRC14:32
*** vartom11116 has joined #openstack-dev14:32
*** nati_ueno has quit IRC14:33
*** [1]avishayb has joined #openstack-dev14:34
*** iartarisi has quit IRC14:34
*** rnirmal has joined #openstack-dev14:34
*** neelashah has joined #openstack-dev14:34
*** exed has joined #openstack-dev14:35
*** iartarisi has joined #openstack-dev14:36
*** HenryG has quit IRC14:36
*** cfriesen_ has joined #openstack-dev14:36
*** avishayb has quit IRC14:37
*** [1]avishayb is now known as avishayb14:37
*** tmclaugh[work] has joined #openstack-dev14:38
*** iartarisi has quit IRC14:38
*** mrodden has quit IRC14:39
*** terriyu has joined #openstack-dev14:40
*** paragan has quit IRC14:40
*** vartom11117 has joined #openstack-dev14:41
*** marekd has left #openstack-dev14:41
*** marekd has joined #openstack-dev14:41
*** odyssey4me has joined #openstack-dev14:41
*** vartom11116 has quit IRC14:42
*** iartarisi has joined #openstack-dev14:42
*** kevinconway has joined #openstack-dev14:42
*** prekarat has quit IRC14:42
*** arnaud__ has quit IRC14:43
*** nkinder has quit IRC14:44
*** eglynn has joined #openstack-dev14:45
*** max_lobur_afk is now known as max_lobur14:45
*** buzztroll has quit IRC14:45
*** jergerber has quit IRC14:47
*** buzztrol_ has joined #openstack-dev14:47
*** jergerber has joined #openstack-dev14:48
*** jorisroovers has quit IRC14:49
*** mrodden has joined #openstack-dev14:50
*** haomaiwang has quit IRC14:50
*** haomaiwang has joined #openstack-dev14:51
*** yaguang has quit IRC14:51
*** marun has quit IRC14:53
*** dhellmann has joined #openstack-dev14:53
*** carl_baldwin has joined #openstack-dev14:53
*** jnoller has joined #openstack-dev14:54
*** jp_at_hp has quit IRC14:54
*** athomas has joined #openstack-dev14:54
*** zaitcev has joined #openstack-dev14:59
*** jcoufal-mob has joined #openstack-dev14:59
*** EvgenyFedoruk has joined #openstack-dev15:00
*** jdob has quit IRC15:00
*** matiu has quit IRC15:01
*** burt has joined #openstack-dev15:03
*** SergeyLukjanov_ has joined #openstack-dev15:03
*** yaguang has joined #openstack-dev15:04
*** jdennis1 has joined #openstack-dev15:04
*** jecarey has joined #openstack-dev15:04
*** FunnyLookinHat has quit IRC15:05
*** jdob has joined #openstack-dev15:06
*** SergeyLukjanov has quit IRC15:06
*** jdennis has quit IRC15:06
*** vartom11118 has joined #openstack-dev15:07
*** buzztrol_ has quit IRC15:07
*** vkozhukalov has joined #openstack-dev15:07
*** boris-42 has quit IRC15:08
*** vartom11117 has quit IRC15:08
*** jcoufal has quit IRC15:08
*** eharney has joined #openstack-dev15:09
Alexei_987dhellmann: ping15:09
JordanPHi, in devstack, i'd like to change the default path for Tempest configuration file (tempest.conf). IMO it should be in /etc/tempest like the other conf files. It seems my patch doesn't integrate well with openstack infrastructure and Q&A (https://review.openstack.org/#/c/61434/) Can someone help me ? I'dont understand the reason of this buildfailure15:10
*** jcoufal-mob has quit IRC15:10
*** SergeyLukjanov has joined #openstack-dev15:10
*** MadDog31 has joined #openstack-dev15:11
*** HenryG has joined #openstack-dev15:12
*** SergeyLukjanov_ has quit IRC15:12
*** safchain has quit IRC15:14
*** jcoufal has joined #openstack-dev15:15
*** msmedved has quit IRC15:16
*** msmedved has joined #openstack-dev15:16
*** tmclaugh[work] has quit IRC15:17
*** jcooley_ has joined #openstack-dev15:18
*** odyssey4me has quit IRC15:19
*** msmedved has quit IRC15:19
*** otherwiseguy has joined #openstack-dev15:20
*** litong has joined #openstack-dev15:20
*** msmedved has joined #openstack-dev15:21
*** sarob has joined #openstack-dev15:21
*** nshaikh has left #openstack-dev15:22
*** jcooley_ has quit IRC15:23
*** topol has joined #openstack-dev15:25
*** EvgenyFedoruk has quit IRC15:25
viktorsdhellmann: hi15:25
*** sarob has quit IRC15:26
*** jobewan has joined #openstack-dev15:27
*** tdruiva has quit IRC15:27
*** sarob has joined #openstack-dev15:27
*** tdruiva has joined #openstack-dev15:28
*** carlp has joined #openstack-dev15:28
*** corXi has quit IRC15:28
*** jdennis1 has quit IRC15:28
*** nermina has joined #openstack-dev15:29
*** jdennis has joined #openstack-dev15:30
*** corXi has joined #openstack-dev15:30
*** tmclaugh[work] has joined #openstack-dev15:31
*** sarob has quit IRC15:32
*** FunnyLookinHat has joined #openstack-dev15:33
*** alunduil has quit IRC15:33
*** jdennis has quit IRC15:34
*** datsun180b has joined #openstack-dev15:35
*** rcleere has joined #openstack-dev15:36
*** nkinder has joined #openstack-dev15:38
*** alex_klimov has quit IRC15:39
*** xingchao_ has joined #openstack-dev15:40
*** jorisroovers has joined #openstack-dev15:40
*** xingchao has quit IRC15:41
*** heyongli has quit IRC15:41
*** jprovazn has quit IRC15:43
*** carl_baldwin has quit IRC15:44
*** Mandell has joined #openstack-dev15:45
*** jorisroovers has quit IRC15:46
*** jroovers has joined #openstack-dev15:46
*** changbl has quit IRC15:46
*** dims has quit IRC15:46
*** vartom11118 has quit IRC15:47
*** ndipanov has quit IRC15:48
*** xingchao_ has quit IRC15:49
dhellmannAlexei_987: pong15:49
dhellmannviktors: hi!15:50
*** jdennis has joined #openstack-dev15:50
dolphm_is the gate protecting against non-whitelisted ERROR output already?15:50
*** rdas has quit IRC15:50
Alexei_987dhellmann: Hi we are discussing my patch with models in ceilometer15:50
*** dolphm_ is now known as dolphm15:50
Alexei_987could you join the ceilometer chat as well?15:50
*** yuriyz has joined #openstack-dev15:50
Alexei_987dhellmann: I'm trying to convince jd__ that we need it :)15:51
Alexei_987dhellmann: https://review.openstack.org/#/c/60885/15:51
dhellmannAlexei_987: looking15:51
*** jp_at_hp has joined #openstack-dev15:52
stevemardolphm, marekd, ping15:52
dolphmstevemar: marekd: what's the consensus on domains?15:52
stevemarjust realized, it would suck if your nickname was ping15:52
stevemarmarekd has some good comments about domains15:53
*** mdenny has joined #openstack-dev15:53
*** kenperkins has joined #openstack-dev15:53
stevemartheres 2 issues here, domains being used in idps, and domains being used in mappings15:53
stevemarthough idps and mappigns are related, the issues are different, i think15:54
*** neeti has joined #openstack-dev15:54
dolphmyeah... my impression from the summit was that idp's were going to be peers to domains, sort of15:54
dolphmnot have a parent/child relationship with them15:54
*** ifarkas has quit IRC15:54
*** urulama has quit IRC15:54
dolphmwhich i figured would set us up nicely for Domain Users != Ephemeral IdP Users15:54
*** rcleere has quit IRC15:55
stevemardolphm, yeah, but guang is saying that we need to account for public cloud use cases15:55
dolphmwhich is different how15:55
stevemarspecifically: 1. Domain admin needs to be able to manage IdPs for his domain. 2. Need the ability to restrict IdPs for a given domain.15:55
marekdok, but what problem would adding domain_id to IdP solve? that I may have multiple independent IdPs managing different domains, MY domains?15:55
dolphmstevemar: "restrict IdPs for a given domain" -- restrict how?15:56
stevemarmarekd, it would solve #1 mentioned15:56
dolphmmarekd: ++15:56
stevemardolphm, yeah, restrict is a loose term15:56
stevemardolphm: i wasn't sure15:56
dolphmstevemar: we're so far from the "virtual" idp thing, that I don't think we can seriously delegate any sort of idp administration to anyone yet -- beyond *perhaps* mapping15:56
stevemardolphm, not my comments, gyee's15:56
marekdmy question is whether it's common for companies to have many LDAPs for their users..i don't personally know.15:57
dolphmstevemar: but he's not online so i'm asking the messenger :P15:57
*** anniec has quit IRC15:57
stevemartopol, ping?15:58
topolstevemar, hi15:59
*** yolanda has quit IRC15:59
topolotp15:59
stevemartopol: big generic question -> do most companies have multiple ldaps?15:59
stevemardoh15:59
topolYES!!15:59
stevemarmarekd, see above15:59
*** jorisroovers has joined #openstack-dev15:59
viktorsdhellmann: as for oslo.db - there is a patch, that removes eventlet tpool form oslo - https://review.openstack.org/#/c/60031/ . Can you please look at it15:59
*** changbl has joined #openstack-dev15:59
dolphmmarekd: i don't know about "many" but i could see two quite easily (one for employees, one for customers? that16:00
*** mestery has quit IRC16:00
stevemardolphm++16:00
marekdstevemar: dolphm : OK.16:01
*** rdas has joined #openstack-dev16:01
dolphm... is i think how rackspace does it, actually)16:01
*** Ruetobas has quit IRC16:01
dolphmbut i would treat those as separate federations16:01
*** nermina has quit IRC16:01
*** rraja has quit IRC16:01
dolphmand probably wouldn't have any interest in making them part of the same domain or anything16:01
*** rcleere has joined #openstack-dev16:01
*** dims has joined #openstack-dev16:01
marekdi was not fighting against domains, rather wondering.16:01
stevemardolphm: you think "Domain admin needs to be able to manage IdPs for his domain" is an invaid argument... since we're not managing idps at this stage?16:02
stevemarbeyong the mapping part...16:02
*** garyk has quit IRC16:02
dolphmstevemar: i think it's a valid use case, but i don't think we can address it in icehouse16:02
marekdi think 'having a one IdP for everyone' is a subset of 'having multiple IdPs' so the use-cases would not collide? :-)16:02
*** nkinder has quit IRC16:02
dolphmstevemar: we have to start with deployers managing idp's first16:02
*** jsavak has joined #openstack-dev16:02
*** jroovers has quit IRC16:03
*** Ruetobas has joined #openstack-dev16:03
stevemardoplhm, okay, i'm reading it as: valid comments, but for next iteration?16:03
*** Drankis has quit IRC16:03
*** haomaiwa_ has joined #openstack-dev16:04
dolphmstevemar: ++16:04
dolphmstevemar: it's not the simplest use case to solve, let's not get hung up on solving it!16:04
*** haomaiwang has quit IRC16:04
*** otherwiseguy has quit IRC16:05
*** SergeyLukjanov has quit IRC16:05
stevemarokay with me16:05
stevemardolphm, marekd, still on idps..16:05
stevemarhttps://review.openstack.org/#/c/59846/4/openstack-identity-api/v3/src/markdown/identity-api-v3-os-idp-ext.md16:05
stevemarline 33516:05
*** joesavak has quit IRC16:05
*** afrittoli has quit IRC16:06
stevemarthoughts?16:06
*** DinaBelova has quit IRC16:06
*** andreaf has joined #openstack-dev16:06
dolphmstevemar: is the mapping extension useful without the idp extension, or vice versa? are either of these extensions at risk to be replaced without affecting the other?16:06
stevemardolphm, i think they are useless without each other, marekd?16:07
*** carl_baldwin has joined #openstack-dev16:07
stevemardolphm, i think mapping is meant to be generic16:07
*** reidrac has quit IRC16:07
*** kmartin has joined #openstack-dev16:07
marekdstevemar: i think we must match the saml assertion with the IdP instance and then go directly to mapping that is tied to it.16:07
*** BLZbubba has quit IRC16:08
*** Ruetobas has quit IRC16:08
*** BLZbubba has joined #openstack-dev16:08
marekdotherwise, you would have to merge IdP entities with mapings.16:08
dolphmstevemar: commented16:08
stevemardolphm, marekd, the comments on line 39 are useful16:09
dolphmmarekd: which chadwick did not want at the conference, given his 100 IdP's sharing one standard mapping argument <-- which sounds awesome, btw16:09
*** galstrom_zzz is now known as galstrom16:10
stevemaragreed16:10
marekddolphm: and that's why i agree the mapping and idp should be separated.16:10
*** dstanek has quit IRC16:11
dolphmstevemar: commented on 3916:11
*** lbragstad has quit IRC16:11
*** jorisroovers has quit IRC16:11
dolphmmarekd: separated, but i'm just thinking that after IdP extension lands, we should reconsider adding all the mapping functionality to that same extension16:11
dolphma plethora of tightly coupled extensions provides no benefit beyond a single extension16:12
stevemaryeah16:12
dolphmand these are so tightly coupled that we're already referencing the mapping extension from the IdP extension, and vice versa16:12
stevemarswitch gears to mapping?16:12
*** kushal has joined #openstack-dev16:12
*** iartarisi has quit IRC16:13
*** yuriyz has left #openstack-dev16:13
dolphmstevemar: stop trying to get ahead :P16:13
stevemarjust trying to keep the train going16:13
*** hemna has joined #openstack-dev16:13
dolphmstevemar: well, i guess i'd like to talk about domains from the mapping side as well...16:14
*** safchain has joined #openstack-dev16:14
marekddolphm: stevemar: not sure i got it - you want to invert relations between mapping and IdP ?16:14
*** Ruetobas has joined #openstack-dev16:14
stevemarmarekd, no, keep as it16:14
stevemaris16:14
dolphmat the summit, jose and i agreed that the *only* attribute you needed to assign users in a mapping was groups16:14
*** dstanek has joined #openstack-dev16:14
dolphmthe only *authorization* attribute16:14
marekddolphm: ++16:14
dolphmstevemar: ++16:14
dolphmthe question we didn't answer is this -- which domain's groups?16:15
stevemarand any authN attributes.. ?, and yes that one16:15
viktorsdhellmann: ping?16:15
dolphmor is the answer just group_id's, so domains don't matter (which i kind of like)16:15
dolphmstevemar: ignore authN attributes for now16:15
*** jcooley_ has joined #openstack-dev16:15
*** nkinder has joined #openstack-dev16:15
*** mdomsch has joined #openstack-dev16:16
*** rushiagr has joined #openstack-dev16:17
stevemardolphm, so drop domain/user_id and user_name?16:17
dolphmstevemar: i just mean i don't want to talk about them right now16:17
stevemarha16:17
*** mrunge has quit IRC16:18
*** radez_g0n3 is now known as radez16:19
stevemardolphm, okay, so the assertion will get mapped to a group16:20
*** otherwiseguy has joined #openstack-dev16:20
*** jcooley_ has quit IRC16:20
dolphmstevemar: ++ group_id?16:20
stevemardolphm, but groups are domains or projects specific right?16:21
dolphmstevemar: what?16:21
stevemarerr, Domains -> a high-level container for projects, users and groups16:21
*** xqueralt has quit IRC16:22
dolphmstevemar: yes, that's the definition of a domain (what's your question?)16:22
stevemardolphm, oh, group_ids are still globally unique16:23
*** Mandell has quit IRC16:24
dolphmstevemar: yeah, which means you can grant ephemeral users authorization into any openstack resource16:24
*** alop has joined #openstack-dev16:24
*** rm_work|away is now known as rm_work16:24
dolphmstevemar: i wouldn't mind taking a more conservative approach, and then expand on it later... but i don't know what that would be16:24
*** e0ne has quit IRC16:25
*** e0ne has joined #openstack-dev16:26
*** reed has joined #openstack-dev16:26
stevemardolphm, kent folk uploaded a new api spec for which attributes an idp should trust16:27
*** aveiga has quit IRC16:27
stevemardolphm, and it follows the structure we agreed on, and would land perfectly with our propsed apis16:28
dolphmstevemar: link?16:28
stevemarhttps://review.openstack.org/#/c/60489/16:28
*** boris-42 has joined #openstack-dev16:28
stevemardolphm: i'm so pumped that everyone is mostly on the same page16:28
*** jcoufal has quit IRC16:28
dolphmstevemar: ++16:29
dolphmstevemar: this is another one that should just be merged into the same doc lol16:29
stevemaryeah, for sure16:29
*** aveiga has joined #openstack-dev16:30
dolphmstevemar: anyway -- i don't recall what the use case for this is16:30
dolphmand there's no bp16:30
*** e0ne has quit IRC16:30
stevemarbecause an idp can't blindly trust any assertions coming in16:31
*** nelsnelson has joined #openstack-dev16:31
dolphmstevemar: you mean the other way around?16:31
*** venkatesh has joined #openstack-dev16:31
*** prad_ has joined #openstack-dev16:31
marekdstevemar: can't you constraint it in the mapping?16:31
stevemaroops, yeah16:31
dolphmstevemar: keystone as a SP can't blindly trust any assertions coming in from an IdP16:31
*** prad has quit IRC16:31
*** prad_ is now known as prad16:31
marekddolphm: ++16:31
stevemarmarekd, probably16:31
dolphmmarekd: ++ this seems ever so slightly redundant with mapping16:31
marekddolphm: exactly.16:32
*** mlavalle has joined #openstack-dev16:32
stevemardolphm: <dolphm>stevemar: i just mean i don't want to talk about them right now16:32
marekddolphm: oups, i read that SP can blindly trus assertion - in fact i feel it can, because it TRUSTS this IdP and it validates that assertion comes from that IdP.16:32
dolphmyou're doing the same restriction with mapping... the difference in use case must be one is deployer defined (this thing) and the other is idp-defined (mapping)16:32
*** jnoller has quit IRC16:32
*** lbragstad has joined #openstack-dev16:33
stevemardolphm++16:33
*** hemna has quit IRC16:33
marekddolphm: stevemar if the use-case for this markdown is specyfing what params (and possible values) and IdP will trust and use -> it looks like simpler mapping.16:33
dolphmthis smells like something else to pursue in jeorgia16:33
*** jcooley_ has joined #openstack-dev16:33
*** yaguang has quit IRC16:34
dolphmhughsaunders: i'm still determined to make this happen ^16:34
stevemarit doesn't do the full mapping, just specifies what we can trust16:34
*** mkollaro has quit IRC16:34
dolphmstevemar: right. but if it's not in the mapping, then it's not trusted and ignored anyway :P16:34
*** Ryan_Lane has joined #openstack-dev16:34
marekddolphm: ++ plus we have nice logic expressed with 'any_value_of', 'not_any_of' etc16:35
stevemarbut, like you said, different use cases16:35
stevemardolph, marekd -> back to the big questioN: no mapping any authN attributes?16:36
*** devvesa has quit IRC16:36
stevemarno one gets lunch until we decide on that one16:36
stevemar(or dinner, in mareks case)16:36
*** s0mik has joined #openstack-dev16:36
marekdstevemar: haha16:37
dolphmalright fine -- why do we need authn attributes in mapping16:37
*** haomaiwa_ has quit IRC16:37
*** hemna has joined #openstack-dev16:37
*** haomaiwang has joined #openstack-dev16:37
*** venkatesh has quit IRC16:38
*** colinmcnamara has joined #openstack-dev16:38
*** colinmcn_ has joined #openstack-dev16:38
stevemarmore info is always good, why don't we want authn in mapping?16:39
topolstevemar, dolphm did you get what you needed from me?16:39
topolmorganfainberg, you around?16:40
*** haomaiwang has quit IRC16:42
dolphmstevemar: more info is usually bad -- it creates expectations for unintended use cases and then we get bugs and more work to do16:42
dolphmand initial constraints can be relaxed later16:43
stevemartopol, yes we did16:43
stevemardolphm, we're really just talking about domain16:43
hughsaundersdolphm: Jeorgia FTW16:44
stevemardolphm, to be clear, i don't care if domain goes in or not, but gyee is insistent :)16:44
marekdstevemar: ++ me too :D16:45
*** bvandenh has quit IRC16:45
*** rcleere has quit IRC16:45
marekddolphm: you are trying to use just small set of authn attributes, right? and make 'generic' rules for mappings.16:45
*** rcleere has joined #openstack-dev16:46
*** xingchao has joined #openstack-dev16:46
dolphmstevemar: maybe he was in a conversation i was not, but as a result of the whole realms vs domains thing -- we decided on complete separation between IdP's and domains, where IdP's handle authN, domains sort of handle authZ, and mappings create a bridge between the two16:46
*** afazekas has quit IRC16:46
dolphmmarekd: frankly, i'd rather not have any authN attributes in mappings, i'd rather not have ephemeral users, and i'd like to remove identity information from tokens16:47
*** teran has joined #openstack-dev16:47
dolphmthe only argument against all of that i've heard is for the sake of auditing, but that's solvable by emitting some sort of auditing log that token X was issued as a result of federated assertions Y16:48
*** max_lobur has quit IRC16:48
dolphmno matter what, it seems like you have to trace back to the IdP to get the true identity of a user anyway, in the case of auditing16:48
marekddolphm: so how do you want to map assertion -> keystone group? i am probably missing something.16:48
dolphmmarekd: like, mappings can only assign to group_id's16:49
*** mikeoutland has joined #openstack-dev16:49
marekdyes.16:49
*** mikeoutland has quit IRC16:50
stevemari think there is still a disconnect16:50
*** teran_ has joined #openstack-dev16:50
dolphmstevemar: probably -- where?16:50
*** xingchao_ has joined #openstack-dev16:50
*** rongze_ has joined #openstack-dev16:51
*** xarses has quit IRC16:51
stevemaror maybe not16:51
*** mmagr has quit IRC16:51
*** mikeoutland has joined #openstack-dev16:51
*** teran has quit IRC16:52
*** rongze__ has joined #openstack-dev16:52
*** rongze has quit IRC16:52
*** garyk has joined #openstack-dev16:53
*** gothicmindfood has joined #openstack-dev16:54
stevemardolphm, marekd, i think we're done?16:54
*** xingchao has quit IRC16:54
*** comay has joined #openstack-dev16:55
*** mestery has joined #openstack-dev16:56
*** rongze_ has quit IRC16:56
*** buzztroll has joined #openstack-dev16:57
*** mdenny has quit IRC16:57
*** mdenny has joined #openstack-dev16:58
ayoungdolphm, jamielennox made the suggestion that instead of doing ,   `POST /OS_REVOKE/domain/4bf3d9`  and    `POST /OS_REVOKE/project/abcdef`  I just make a single  `POST /OS_REVOKE/abcdef`  and pass in the scope-type in the body of the message.  I'm not sure I like that either, but I can see the argument that we should not have to have a separate URL for each type we are revoking16:58
*** max_lobur has joined #openstack-dev16:58
dolphmstevemar: i'll respond to a couple of comments in the idp review regarding domains16:58
*** ccorrigan has joined #openstack-dev16:58
*** mlavalle has quit IRC16:58
*** buzztroll has quit IRC16:58
dolphmayoung: what the hell is that an API for??16:59
ayoungwhat is the most consistent URL scheme for revocations with the other API docs?16:59
*** jnoller has joined #openstack-dev16:59
ayoungdolphm, revoking something directly16:59
dolphmayoung: i thought we decided it made zero sense to expose this to the API16:59
marekdstevemar: for now yes, can i now go and eat my dinner? :-)16:59
stevemarhave fun :)16:59
dolphmayoung: all we need to expose is a GET request16:59
dolphmmarekd: yes17:00
ayoungdolphm, let me check the etherpad17:00
*** andymccr has quit IRC17:00
dolphmayoung: either way, it's waaaaaaaaaaaaaaaaay out of scope for icehouse17:00
*** buzztroll has joined #openstack-dev17:00
ayoungdolphm, having a way to revoke externally actually makes the API easier to test stand along17:01
ayoungalone17:01
dolphmayoung: you want to expose an API to *TEST* shit?! wtf17:01
*** avishay has quit IRC17:01
ayoungdolphm, more than that, as I suspect we will want to be able to remotely trigger events based on IdP etc operations17:02
dolphmayoung: which we don't have yet, so it's not a valid use case17:02
*** herndon has joined #openstack-dev17:02
*** nkinder has quit IRC17:02
ayoungdolphm, ok, time for you to cut back on the Coffee.17:02
dolphmayoung: you're trying to get way ahead of yourself!17:03
ayoungdolphm, the idea is that I want to put the revocation API in stand alone, before I tie it in to other backends, as the tie in is the tough thing to get right17:03
ayoungI want a simple way to say "revoke this"17:03
dolphmayoung: stand alone != crud17:03
*** andymccr has joined #openstack-dev17:03
*** greghill has joined #openstack-dev17:03
*** n0ano has joined #openstack-dev17:03
dolphmayoung: do that through a driver interface, not through HTTP17:03
*** mdenny has quit IRC17:04
*** mdenny has joined #openstack-dev17:04
*** herndon has quit IRC17:04
*** pmathews has joined #openstack-dev17:04
*** HenryG has quit IRC17:04
*** markwash has joined #openstack-dev17:05
*** HenryG has joined #openstack-dev17:05
*** andymccr has quit IRC17:07
ayoungdolphm, I agree that Update or Delete do not make sense, but create does.17:07
*** gszasz has quit IRC17:08
dolphmayoung: not today17:08
ayoungdolphm, are you hard set against it?  If so, I'll remove, just kindof surprised.17:08
*** buzztroll has quit IRC17:08
*** ifarkas has joined #openstack-dev17:09
*** slagle has quit IRC17:09
dolphmayoung: yeah, i'm hard set against it because i talked about it with someone (apologies if it wasn't you -- i thought it was?) but that's part of the reason it's not mentioned in the bp17:09
mriedemlooks like a new glance gate failure: https://bugs.launchpad.net/openstack-ci/+bug/125990717:10
uvirtbotLaunchpad bug 1259907 in openstack-ci "check-grenade-dsvm marked as FAILED - "Failed to upload testbucket/bundle.img.manifest.xml" in n-api" [Undecided,New]17:10
*** rongze__ has quit IRC17:11
*** freyes has quit IRC17:11
*** pschaef has quit IRC17:11
*** safchain has quit IRC17:11
mriedemmarkwash: fyi https://bugs.launchpad.net/openstack-ci/+bug/125990717:11
uvirtbotLaunchpad bug 1259907 in openstack-ci "check-grenade-dsvm marked as FAILED - "Failed to upload testbucket/bundle.img.manifest.xml" in n-api" [Undecided,New]17:11
*** mdenny has quit IRC17:12
*** MIDENN_ has joined #openstack-dev17:12
*** xingchao_ has quit IRC17:12
ayoungdolphm, OK...I guess we can always add it later if we decide we do want it.  Easy to remove.17:13
*** mflobo has quit IRC17:13
*** andymccr has joined #openstack-dev17:14
*** bswartz has quit IRC17:15
*** MadDog31 has quit IRC17:16
*** bswartz has joined #openstack-dev17:16
*** rongze has joined #openstack-dev17:17
*** nkinder has joined #openstack-dev17:17
*** vuil has joined #openstack-dev17:17
ayoungdolphm, how do we do time windows on a request? Like this?   GET /OS_REVOKE/events?since=2013-02-27T18:30:59.999999Z17:18
*** johnthetubaguy has quit IRC17:18
*** thomasem has quit IRC17:20
*** SergeyLukjanov has joined #openstack-dev17:20
*** Guest87427 is now known as crackerjackmack17:20
dolphmayoung: i think that needs to be URL encoded, but sure -- maybe just make it slightly more specific, e.g. revoked_since ?17:21
*** andymccr has quit IRC17:21
ayoungdolphm, sure...it was the date portion I was concerned with...we specify ISO 8601 in the responses, but I don't know if that works for requests.  Was wondering if we had any prior art?17:22
dolphmayoung: not in keystone that i'm aware of17:22
*** angdraug has joined #openstack-dev17:23
*** rohitk has joined #openstack-dev17:23
*** MaxV has quit IRC17:24
*** devoid has joined #openstack-dev17:25
*** MaxV has joined #openstack-dev17:25
ayoungdolphm, http://stackoverflow.com/questions/9581692/recommended-date-format-for-rest-get-api17:25
*** SumitNaiksatam has quit IRC17:25
*** marekd is now known as marekd|away17:25
*** Drankis has joined #openstack-dev17:25
*** digambar has joined #openstack-dev17:25
*** buzztroll has joined #openstack-dev17:26
*** jnoller has quit IRC17:28
*** JordanP has quit IRC17:28
dolphmayoung: cool17:29
dolphmayoung: i'd rather not make clients handle more than one format anyway17:29
*** MaxV has quit IRC17:29
ayoungdolphm, so ISO 8601 URL encoded?17:30
*** sushils has quit IRC17:30
*** blamar has joined #openstack-dev17:30
*** andymccr has joined #openstack-dev17:30
dolphmayoung: ++ your example, just encoded17:30
*** gyee has joined #openstack-dev17:30
*** devoid has left #openstack-dev17:30
dolphmayoung: also, ++ for a query string as that follows the rest of the v3 API17:30
dolphm(i.e. it's just a filter)17:30
dolphmayoung: btw, you'll love this one https://bugs.launchpad.net/openstack-ci/+bug/1260015 (and it's already marked as won't fix!)17:31
uvirtbotLaunchpad bug 1260015 in openstack-ci "PKI token contains the string "ERROR"" [Undecided,New]17:31
*** reed has quit IRC17:32
*** dims has quit IRC17:33
ayoungdolphm, wow....wonder what else we'll find encoded that way17:33
*** digambar has quit IRC17:34
*** jsavak has quit IRC17:35
*** ilukyanenkov has quit IRC17:36
ayoungdolphm, it will look like this revoked_since=2013-02-27T18%3A30%3A59.999999Z17:36
dolphmayoung: looks right to me17:36
ayoungdata = {'revoked_since':'2013-02-27T18:30:59.999999Z'}17:36
ayoungurllib.urlencode(data)17:36
*** joesavak has joined #openstack-dev17:37
*** andymccr has quit IRC17:37
*** ngoracke has quit IRC17:37
*** nelsnelson is now known as nelsnelson_away17:38
*** dims has joined #openstack-dev17:39
*** andymccr has joined #openstack-dev17:39
*** digambar has joined #openstack-dev17:39
ayoungdolphm, so just this https://review.openstack.org/#/c/59546/5/openstack-identity-api/v3/src/markdown/identity-api-v3-os-revoke-ext.md17:40
*** ygbo has quit IRC17:41
*** ArcTanSusan has joined #openstack-dev17:41
*** chandankumar has quit IRC17:41
*** ArcTanSusan has quit IRC17:41
*** rraja has joined #openstack-dev17:42
*** ArcTanSusan has joined #openstack-dev17:42
*** nelsnelson_away has quit IRC17:43
*** thomasem has joined #openstack-dev17:43
*** neeti has quit IRC17:43
*** xarses has joined #openstack-dev17:44
*** thomasem has quit IRC17:44
*** thomasem has joined #openstack-dev17:44
*** andymccr has quit IRC17:45
*** Shaan7 has joined #openstack-dev17:46
*** Shaan7 has quit IRC17:46
*** Shaan7 has joined #openstack-dev17:46
*** sahid has quit IRC17:46
*** SumitNaiksatam has joined #openstack-dev17:47
*** dstanek has quit IRC17:47
*** dstanek has joined #openstack-dev17:47
*** exed has quit IRC17:48
*** corXi_ has joined #openstack-dev17:50
*** dkuffner has joined #openstack-dev17:50
*** corXi has quit IRC17:50
*** dkuffner has left #openstack-dev17:51
*** andymccr has joined #openstack-dev17:51
*** dkuffner has joined #openstack-dev17:51
*** MadDog31 has joined #openstack-dev17:52
*** xga has quit IRC17:52
*** pablosan has joined #openstack-dev17:53
*** vkmc has quit IRC17:54
*** corXi_ has quit IRC17:56
*** andymccr has quit IRC17:56
*** derekh has quit IRC17:57
*** buzztroll has quit IRC17:57
*** ArcTanSusan has quit IRC17:57
*** corXi has joined #openstack-dev17:58
*** andymccr has joined #openstack-dev17:59
*** buzztroll has joined #openstack-dev18:00
*** athomas has quit IRC18:00
*** exed has joined #openstack-dev18:02
*** sdake_ has joined #openstack-dev18:02
nkindermarkwash: When you get a chance, let me know if my latest changes to the OSSN about image sharing look good to you.18:02
nkindergyee: ping18:02
nkindergyee: thanks for your reviews on the KDS API doc18:03
openstackstatusNOTICE: Grenade gate infra issues: use "reverify bug 1259911"18:03
uvirtbotLaunchpad bug 1259911 in openstack-ci "apt.puppetlabs.com connectivity problem from rax breaks grenade job" [Undecided,In progress] https://launchpad.net/bugs/125991118:03
*** ChanServ changes topic to "Grenade gate infra issues: use "reverify bug 1259911""18:03
nkindergyee: I've added some responses there, but it might help to discuss some of them here to prevent the back and forth.18:03
*** danpb has quit IRC18:03
*** andymccr has quit IRC18:04
nkindergyee: I've been trying to keep the API generic so it can be applicable to various use-cases.18:04
nkindergyee: This is why some of the specifics of AMQP messaging have been intentionally left out of the API document.18:04
nkindergyee: There is a separate document about the implementation of KDS and how it is used to secure messages.18:05
*** devlaps has joined #openstack-dev18:06
*** che-arne has quit IRC18:06
*** reed has joined #openstack-dev18:06
*** Alexei_987 has quit IRC18:07
*** rdas has quit IRC18:07
*** arozumenko has quit IRC18:07
*** hemna has quit IRC18:08
*** jasdeepH has joined #openstack-dev18:09
*** max_lobur is now known as max_lobur_afk18:09
*** andymccr has joined #openstack-dev18:11
*** terryw has joined #openstack-dev18:12
*** jistr has quit IRC18:13
notmynamettx: note that I backported the sphinx patch that was borking the gate for everyone to milestone-proposed18:13
gyeenkinder, understood, as a reviewer, I need to understand the spec so I can review the code more effectively18:13
gyeethanks for the clarifications18:14
nkindergyee: I've struggled with how much to put in the API document as well.18:14
*** corXi has quit IRC18:14
*** otherwiseguy has quit IRC18:15
*** slagle has joined #openstack-dev18:15
gyeenkinder, my main concern is code review as this is  a lot of code18:15
nkindergyee: I think adding something about authorization for the API around long term keys and groups is a very good thing that you pointed out.18:15
gyeewe need to have a good understanding of the spec18:15
nkindergyee: I think the "MessageSecurity" document will likely need a cleanup pass too.18:16
gyeenkinder, yes, that helps a lot18:16
nkindergyee: I'm trying to get the API nailed down so the implementation can be changed to match, then we can clean up the implementation document to help reviewers understand it.18:17
gyeenkinder, yeah I agreed, if the reviewer understand the think behind the spec, code review will be much easier18:18
*** andymccr has quit IRC18:18
gyeethinking18:18
gyeethis is a lot code :)18:18
*** belmoreira has quit IRC18:18
*** aeperezt has quit IRC18:18
*** belmoreira has joined #openstack-dev18:19
*** rohitk has quit IRC18:19
*** radez is now known as radez_g0n318:21
*** andymccr has joined #openstack-dev18:21
*** nermina has joined #openstack-dev18:22
*** pixelb has quit IRC18:22
*** aelkikhia has joined #openstack-dev18:23
*** dkuffner has quit IRC18:23
*** belmoreira has quit IRC18:23
*** Mandell has joined #openstack-dev18:25
*** andymccr has quit IRC18:26
*** athomas has joined #openstack-dev18:26
*** athomas has quit IRC18:26
*** digambar has quit IRC18:26
*** buzztroll has quit IRC18:26
*** s2r2 has quit IRC18:27
*** aelkikhia has quit IRC18:28
*** kbringard has quit IRC18:28
*** amcrn has joined #openstack-dev18:28
*** akrivoka has quit IRC18:32
*** mmagr has joined #openstack-dev18:33
*** mikeoutland has quit IRC18:33
*** pablosan has quit IRC18:34
*** d0ugal has quit IRC18:34
*** jnoller has joined #openstack-dev18:34
*** Shaan7 has quit IRC18:35
*** markmc has quit IRC18:36
*** mikeoutland has joined #openstack-dev18:36
*** krotscheck has joined #openstack-dev18:36
*** radez_g0n3 is now known as radez18:37
luis_dhellmann, let me know if you have more comments on these, i'd like to start trying to syncronize with some of the projects, i have done the testing in devstack locally as you requested, and everythig looks good18:37
luis_https://review.openstack.org/#/q/status:open+project:openstack/oslo-incubator+branch:master+topic:bp/i18n-messages,n,z18:37
*** colinmcn_ has quit IRC18:38
*** colinmcnamara has quit IRC18:38
*** pablosan has joined #openstack-dev18:38
*** nati_ueno has joined #openstack-dev18:40
*** bynaryshef has joined #openstack-dev18:40
*** d0ugal has joined #openstack-dev18:41
*** d0ugal has joined #openstack-dev18:41
*** blamar has quit IRC18:41
*** blamar has joined #openstack-dev18:41
*** s2r2 has joined #openstack-dev18:44
*** jsavak has joined #openstack-dev18:45
*** rossella_s has quit IRC18:45
*** rushiagr has quit IRC18:45
*** mdomsch has quit IRC18:46
*** jpich has quit IRC18:47
*** joesavak has quit IRC18:48
*** sushils has joined #openstack-dev18:50
*** nelsnelson has joined #openstack-dev18:50
*** anniec has joined #openstack-dev18:50
*** colinmcnamara has joined #openstack-dev18:51
*** colinmcn_ has joined #openstack-dev18:51
*** colinmcn_ has quit IRC18:52
*** colinmcnamara has quit IRC18:52
*** colinmcnamara has joined #openstack-dev18:53
*** colinmcn_ has joined #openstack-dev18:53
*** thomasem has quit IRC18:54
*** gordc has quit IRC18:55
*** gordc has joined #openstack-dev18:56
*** prad has quit IRC18:59
*** ngoracke has joined #openstack-dev18:59
*** asselin has joined #openstack-dev19:00
morganfainbergayoung, what is your view on uwsgi or gunicorn vs mod_wsgi?19:01
morganfainbergayoung, if you have an opinion19:01
ayoungmorganfainberg, I'm not familiar with those.19:01
ayoungmorganfainberg, links?19:01
morganfainbergayoung, i'm slowly working on fixing devstack to deploy keystone (and ceilometer) under httpd as default now.19:01
morganfainbergayoung, sec.19:02
morganfainbergayoung, http://projects.unbit.it/uwsgi/ and http://gunicorn.org/19:02
morganfainbergwas looking at this article and it was making me think it would be nice to have multiple wsgi-managers http://blog.kgriffs.com/2012/12/18/uwsgi-vs-gunicorn-vs-node-benchmarks.html19:03
*** jdob has quit IRC19:03
morganfainbergayoung, my target (after talking with infra folks) is to work on this over the holidays.19:03
*** bswartz has quit IRC19:03
morganfainbergayoung, it would be ncie to gate on httpd running keystone instead of eventlet keystone19:03
ayoungmorganfainberg, in theory, yes, but time is a valuable resource, and right now (until I2) it should be focused on API affecting changes19:03
*** jdob has joined #openstack-dev19:03
*** mrodden has quit IRC19:04
*** joesavak has joined #openstack-dev19:04
morganfainbergayoung, this was a going to spend a weekend doing it when i am burnt out on api changes ;)19:04
morganfainbergayoung, because that will happen.19:04
ayoungmod_wsgi is the sensible approach for that.19:04
morganfainbergayoung, and mod_wsgi is target #1, i might try and add the others post i-219:04
*** jsavak has quit IRC19:04
morganfainbergdepending on the workload19:04
morganfainbergmaybe even post i319:04
morganfainberg:P19:04
*** jsavak has joined #openstack-dev19:05
*** nati_uen_ has joined #openstack-dev19:05
*** exed has quit IRC19:05
ayoungmorganfainberg, I'm not certain that the 2 links you posted there have enough behind them to justify the effort, relative to where you could spend your time.19:05
morganfainbergjust figured i'd bound the thoughts off you now...so when i do look at circling back, we might have another conversation19:05
ayoungI'm not super concerned with clean-wsgi compliance19:05
ayoungI'm more interested in getting certmonger and certmaster part of devstack19:06
ayoungand getting a good X509 strategy in place for all of Open Stack19:06
morganfainbergayoung, right, don't we need to get a maintainer for the deb pacakge?19:06
*** prad has joined #openstack-dev19:06
ayoungmorganfainberg, yes, got someone19:06
morganfainbergayoung, w00t :)19:06
morganfainbergayoung, good deal.19:06
ayoung Timo Aaltonen is working on FreeIPA on the Ubuntu side, and is moving the Certmaster piece on.19:07
*** bswartz has joined #openstack-dev19:07
morganfainbergayoung, in either case, i expect to burn a weekend somewhere when i need a break from mucking around in API land get mod_wsgi working for devstack cleanly for keystone.19:07
*** terryw has quit IRC19:08
*** nati_ueno has quit IRC19:08
morganfainbergbut thats not today or tomorrow19:08
ayoungmorganfainberg, that would be awesome19:08
*** joesavak has quit IRC19:08
morganfainbergyes, and i think i also want to make enabling the keystone caching layer an option in devstack as well.19:08
*** kmartin has quit IRC19:09
morganfainbergbug thats more of a side project once we add more caching post-api cleanup19:09
morganfainberganyway, testing a bug now to see if i need to report it, then off to domain cleanup land for the rest of the week.19:09
*** rcleere_ has joined #openstack-dev19:09
morganfainbergunless massive kvs feedback occurs.19:09
morganfainbergayoung, passing thoughts, neural misfires...worth posing questions to sit on the back burner for future conversations19:10
ayoungmorganfainberg, caching in devstack doubleplusgood19:10
*** rcleere has quit IRC19:10
*** rcleere_ is now known as rcleere19:10
*** lucasagomes has quit IRC19:11
ayoungbknudson, gyee dolphm https://review.openstack.org/#/c/59126/13  is critical path for a lot of code.  I think we should expedite it in the review process.19:12
gyeeayoung, yes, reviewing it now19:13
ayounggyee, thanks19:13
*** rongze has quit IRC19:13
*** mrodden has joined #openstack-dev19:13
*** reed has quit IRC19:14
ayoungmorganfainberg, I'm going to stay on the KVS stuff until it is in.  KVS and Federtion are the 2 killer features for this release, although KVS needs the revocation rework to really be useful.19:14
morganfainbergayoung, sounds good.19:14
morganfainbergayoung, i'm watching those reviews closely to address things going on19:14
*** bynaryshef has quit IRC19:15
ayoung++19:15
morganfainbergayoung, but right now it needs more feedback.19:15
morganfainbergor approvals :)19:15
*** colinmcn_ has quit IRC19:15
*** colinmcnamara has quit IRC19:15
morganfainbergayoung, there was some reworking of the non-expiry keys last night to address an issue dstanek found.19:15
*** vuil has quit IRC19:15
morganfainbergayoung, i think it's a much better implementation now.19:15
ayoungmorganfainberg, let me look19:15
*** rongze has joined #openstack-dev19:15
*** colinmcnamara has joined #openstack-dev19:15
*** colinmcn_ has joined #openstack-dev19:15
*** vkmc has joined #openstack-dev19:16
ayoungmorganfainberg, I dropped a lot of the API in revocation, too19:16
morganfainbergayoung, nod.  i saw the earlier conversation in the backscroll19:16
morganfainbergshould make it easier to hi the target19:16
dstanekmorganfainberg: cool, i have so many "review this code" emails that i didn't see it fly by19:16
gyeeayoung, morganfainberg, may take an hour or so as this is a lot of code19:16
gyeebare with me19:16
*** jorisroovers has joined #openstack-dev19:17
morganfainberggyee, i apologize, but i strripped it down as much as i could to make it the base implementation19:17
morganfainbergit's a lot of logic to add.19:17
*** kbrierly has joined #openstack-dev19:17
morganfainbergayoung, also, with the non-expiry key change, we can break the need for the memcache client even for testing19:17
gyeeunderstood, just letting you guys know it may take an hour or so before I post the comments19:17
morganfainbergayoung, so it becomes truely optional.19:17
ayoungmorganfainberg, very good19:18
morganfainbergayoung, once i2 rolls i might do some treatment on the other "optional" stuff19:18
morganfainbergsee if we can trim down hard-dependancies19:18
ayounggyee, no no...bear with me.  Bare means to go without clothes.19:18
morganfainbergayoung, bear with bareing with me?19:18
morganfainbergno no lets not do that19:19
ayoungI haint baring nothing19:19
gyeeayoung, my bad :)19:19
ayounggyee, just glad I didn't subject you to my attempts at Cantonese.19:19
gyeeI barely pass ESL19:19
morganfainberggyee, english idioms... yeah, always fun.19:19
morganfainberggyee, whats the equivalent in cantonese? if there is one.19:19
gyeebare?19:20
morganfainberg"bear with me"?19:20
morganfainbergor is that so idiomatic...it's non translatable19:20
gyeethat I am not sure19:20
ayoung包涵19:20
*** crank_ has joined #openstack-dev19:20
ayoungBut that is Mandarin19:20
gyeebear hug19:21
morganfainberghehe19:21
*** crank_ has quit IRC19:21
*** bvandenh has joined #openstack-dev19:22
*** rongze has quit IRC19:22
*** nelsnelson has quit IRC19:23
*** nelsnelson has joined #openstack-dev19:24
*** Mandell has quit IRC19:25
*** john5223 has joined #openstack-dev19:27
morganfainbergdolphm, ayoung, gyee, bknudson, https://review.openstack.org/#/c/61419/19:28
ayoungdolphm, on your "follow the BP" comment, is that just for specifying user_id, project id etc, or is it something else?19:28
morganfainbergec2token fix19:28
morganfainbergjenkins just said +119:28
gyeemorganfainberg, is the global key mangler override the local one in kvs section?19:28
ayoungmorganfainberg, +219:28
gyeethere are two key mangler options19:28
morganfainberggyee, the KVS global key mangler option disables all keymangling in all kvs backends19:29
*** e0ne has joined #openstack-dev19:29
*** CaptTofu has quit IRC19:29
morganfainberggyee, if the backend has a hard requirement for a specific key mangler, it can be specified (think some crazy backend that can't handle keys outside of a specific format)19:29
gyeemorganfainberg, k, just want to make sure the doc is clear on that19:29
morganfainberggyee, and the last option is passing the keymangler to the configure option, which will be used unless either of the other two scenarios are active19:30
*** CaptTofu has joined #openstack-dev19:30
*** nati_uen_ has quit IRC19:30
gyeemorganfainberg, so if the global one is false, the others will be ignored?19:30
morganfainbergso, 1) global toggle, backend forced, passed in configured, default19:30
morganfainberggyee, ^ is the order of resolution19:30
morganfainberggyee, correct, no key_mangling will occur if the global is toggled off.  it's usefule for debugging.19:31
gyeek, sounds good19:31
*** yolanda has joined #openstack-dev19:31
*** ifarkas has quit IRC19:33
*** colinmcn_ has quit IRC19:33
*** colinmcnamara has quit IRC19:33
*** 21WABWJ1B has joined #openstack-dev19:33
*** colinmcnamara has joined #openstack-dev19:33
*** CaptTofu has quit IRC19:34
ayoungdolphm, gyee morganfainberg https://wiki.openstack.org/wiki/KeystonePerformance19:34
morganfainbergayoung, i saw an email thread on this ... last night? this morning?19:35
ayoungmorganfainberg, yeah, it is our internal Perf team learning how not to be so internal19:35
gyeenice!19:36
morganfainbergayoung, good to know.  i had a talk with one of the rackspace guys at the summit regarding some perf testing he did on keystone19:36
morganfainbergdolphm, ^ should get what insight form that perf testing where possible added19:36
*** rnirmal has quit IRC19:36
gyeeperf will be different for different backends19:36
morganfainberggyee, correct.19:36
gyeewould be nice we can *trace* a call, like when it hit the router, how much time it spend in controller, how much time it spend on backend, etc19:37
morganfainbergayoung, i was thinking... does it make sense to not even do a parse_isotime and normalize on datestamps in the kvs backend?  just do string comparisons of the isotime_str?  eg str > str?19:38
morganfainbergayoung, not sure if that would work as well19:38
gyeetypically, I've seen implementations adding timestamps in the headers19:38
ayoungmorganfainberg, if you are going to compare them, compare them as dates, not strings19:38
gyeethey aggregate them to produce a graph19:38
morganfainbergayoung, ok fair enough. i'll continue with the parse_isotime and normalize calls19:38
morganfainbergayoung, since i haven't added the smash token datestamps down code yet (will implement with encrypt/hmac since that needs to json dumps everything anyway)19:39
*** nati_ueno has joined #openstack-dev19:40
*** prad has quit IRC19:40
*** herndon has joined #openstack-dev19:41
dolphmgalstrom: i swear i bookmarked it -- but do you have a public link to the performance job you're running? (cc- morganfainberg ayoung)19:42
*** Mandell has joined #openstack-dev19:42
*** troytoman-away is now known as troytoman19:42
*** prad has joined #openstack-dev19:43
*** spzala has joined #openstack-dev19:43
*** joesavak has joined #openstack-dev19:45
*** reed has joined #openstack-dev19:46
*** jsavak has quit IRC19:47
*** insanidade has joined #openstack-dev19:48
galstromdolphm: let me see if i can find it.. not sure i had a public link19:48
*** marekd|away is now known as marekd19:48
*** e0ne has quit IRC19:49
*** carl_baldwin has quit IRC19:50
*** vuil has joined #openstack-dev19:50
*** troytoman is now known as troytoman-away19:50
*** e0ne has joined #openstack-dev19:50
*** troytoman-away is now known as troytoman19:51
*** novas0x2a|laptop has joined #openstack-dev19:51
*** eglynn is now known as eglynn-afk19:52
*** thomasem has joined #openstack-dev19:58
*** sdake_ has quit IRC19:58
*** sdake_ has joined #openstack-dev19:59
*** buzztroll has joined #openstack-dev19:59
*** pshchelo has joined #openstack-dev20:00
*** pshchelo has left #openstack-dev20:00
*** MadDog31 has quit IRC20:00
*** MadDog31 has joined #openstack-dev20:00
*** jecarey has quit IRC20:00
topolmorganfainberg,  quick question for you.  So MemcachedBackend does not need to subclass api.CacheBackend and dogpile.cache does not care if your new registered backend subclasses api.CacheBackend or not?20:01
*** jecarey has joined #openstack-dev20:02
morganfainbergtopol, no, it doesn't it's a pivot manager since we have extra logic we're applying.  instead of re-implementing the manager code, i figured i'd just leverage what we had.  dogpile.cache does care somewhat, but20:02
*** SergeyLukjanov has quit IRC20:02
*** openstackstatus has quit IRC20:02
*** openstackstatus_ has joined #openstack-dev20:02
*** openstackstatus_ is now known as openstackstatus20:02
morganfainbergtopol, the manager passes all method calls to the driver, which is a CacheBackend20:02
morganfainbergtopol, it doesn't do isinstance() checks.  it just cares the interfaces are sane20:02
*** 21WABWJ1B has quit IRC20:03
*** colinmcnamara has quit IRC20:03
*** openstackstatus has quit IRC20:03
*** openstackstatus_ has joined #openstack-dev20:03
*** openstackstatus_ is now known as openstackstatus20:03
*** mikeoutland has quit IRC20:03
*** colinmcnamara has joined #openstack-dev20:03
*** colinmcn_ has joined #openstack-dev20:03
*** openstackstatus has quit IRC20:04
*** openstackstatus_ has joined #openstack-dev20:04
*** openstackstatus_ is now known as openstackstatus20:04
topolmorganfainberg, so as long as you implement the expected functions all is well correct?  Do most classes not do isinstance() checks.  As a former Java guy I need to get more comfortable with this relaxed approach20:05
*** balar has quit IRC20:05
*** openstackstatus has quit IRC20:05
*** openstackstatus_ has joined #openstack-dev20:05
*** openstackstatus_ is now known as openstackstatus20:05
*** asselin has quit IRC20:06
*** openstackstatus has quit IRC20:06
*** openstackstatus_ has joined #openstack-dev20:06
*** openstackstatus_ is now known as openstackstatus20:06
morganfainbergtopol, i use isinstance a lot more, but this is a ducktype'd language20:07
*** herndon has quit IRC20:07
morganfainbergtopol, if it looks like a duck, quacks like a duck, it might as well be a duck20:07
morganfainbergtopol, even if it isn't.20:07
*** ozialien_ has joined #openstack-dev20:07
*** openstackstatus_ has joined #openstack-dev20:07
morganfainbergtopol, afaict we care more about interfaces than actual classes.20:07
*** openstackstatus has quit IRC20:08
*** openstackstatus_ is now known as openstackstatus20:08
topolK, this swan will learn to live with the ducks.  :-) Thanks!20:08
*** jistr has joined #openstack-dev20:08
*** jistr has quit IRC20:08
topolYes, I just have to get more comfortable with that. My problem :-)20:08
*** openstackstatus has quit IRC20:08
morganfainbergtopol, but you'll notice i tend to write a bit more strictly because isinstance can at least guarantee my interfaces are sane.20:08
*** openstackstatus has joined #openstack-dev20:08
*** jistr_ has joined #openstack-dev20:09
morganfainbergtopol, it's a fine line to balance on, my take is be as flexible as you can... until you can't be ;)20:09
*** jistr_ has quit IRC20:09
topolmorganfainberg, excellent.  Thanks for the clarifications20:09
*** jistr has joined #openstack-dev20:10
*** jistr has quit IRC20:11
*** jistr has joined #openstack-dev20:11
*** jroovers has joined #openstack-dev20:12
*** jorisroovers has quit IRC20:12
*** arnaud__ has joined #openstack-dev20:13
*** thedodd has joined #openstack-dev20:13
*** teran_ has quit IRC20:13
gyeemorganfainberg, got a bunch of questions and comments for https://review.openstack.org/#/c/59126/20:13
gyeenothing major20:13
morganfainberggyee, cool i'll look at them in a moment, thanks!20:13
*** teran has joined #openstack-dev20:13
gyeemorganfainberg, food time here, be back in 30 mins20:13
*** freyes has joined #openstack-dev20:14
morganfainberggyee, cool.  have good lunchj20:14
*** pberis has joined #openstack-dev20:14
topolgyee, take 45. you earned it20:16
*** alex_klimov has joined #openstack-dev20:16
*** ozialien_ has quit IRC20:16
*** hartsocks has joined #openstack-dev20:17
*** ChanServ changes topic to "OpenStack development || Support is in #openstack"20:17
hartsocksayoung: ping20:17
ayounghartsocks, there are a few people working on Federation20:17
*** pberis has quit IRC20:17
ayounghartsocks, have you seen the API reviews?20:18
*** teran has quit IRC20:18
hartsocksnope. I've been out of it for a bit.20:18
hartsocksI'm back full time now.20:18
ayounghttps://review.openstack.org/#/c/59848/20:18
*** terryw has joined #openstack-dev20:18
*** mdomsch has joined #openstack-dev20:18
ayounghartsocks, also https://review.openstack.org/#/c/59846/20:18
*** terryw is now known as otherwiseguy20:18
ayounghartsocks, and then SAML is here https://review.openstack.org/#/c/59849/20:19
*** bknudson has quit IRC20:19
hartsocksWe have this: https://blueprints.launchpad.net/nova/+spec/vmware-sso-support20:19
hartsocksWhich has 3 ways to go as I see it.20:20
hartsocks1. do something smart with SAML and keystone and vCenter SSO...20:20
hartsocks2. do something hacky with SAML and the driver20:20
hartsocks3. do something dumb with some kind of password storage off-line that then generates SAML tokens then does one of the first two things.20:21
ayounghartsocks, is the VMWare SSO anything vaguelt resembling an open standard?20:21
*** shinylasers has joined #openstack-dev20:21
hartsocksit's SAML20:21
ayoungOk, what makes it special?20:21
*** buzztroll has quit IRC20:21
*** vipul is now known as vipul-away20:21
*** vipul-away is now known as vipul20:21
hartsocksnothing much other than the tokens are a pain to parse.20:22
dolphmhartsocks: 1 or 2?20:22
* hartsocks I didn't say that.20:22
*** buzztroll has joined #openstack-dev20:22
*** bvandenh has quit IRC20:22
* hartsocks looks up link to make sure20:22
pcm_Anyone: Have a question on the convention for handling REST requests that timeout...20:22
hartsocks#link http://blogs.vmware.com/vsphere/tag/vcenter-sso20:22
hartsocksSAML v2 based on that material20:23
ayounghartsocks, you are giving me PTSD flashbacks to my time working on vSphere20:24
hartsocksalso WS-TRUST20:24
hartsocksheh.20:24
*** arozumenko has joined #openstack-dev20:24
ayounghttp://thinkvirt.com/?q=node/5720:24
hartsockswell, it's my job to deal with this stuff… I just want to make there's some code to do the right things.20:25
*** romcheg has left #openstack-dev20:25
hartsocksayoung: nice.20:25
*** arnaud__ is now known as arnaud|afk|flu20:25
ayounghartsocks, but that was another lifetime20:26
*** buzztroll has quit IRC20:26
*** buzztroll has joined #openstack-dev20:26
ayounghartsocks, is there anything in the SAML documents from vsphere that is interesting? YOu guys carry any authorization data in there beyond "users and groups?20:26
hartsocksI helped write the SSO samples for the new API… and we *didn't* write anything demonstrating that. It doesn't mean there isn't anything there though.20:27
*** insanidade has quit IRC20:28
*** mlavalle has joined #openstack-dev20:28
*** romcheg1 has joined #openstack-dev20:28
ayounghartsocks, OK, if that is the case, then I would say the the vSphere SAML document is just another SAML integration point.20:28
*** vuil has quit IRC20:29
*** vkozhukalov has quit IRC20:29
ayoungWork with stevemar on getting the SAML and related BPs into order and you'll have what you need20:29
*** henrynash has joined #openstack-dev20:29
hartsocksMy dream use case is for something like this…20:29
hartsocks* Nova/Cinder drivers pull a SAML token magically from the security context20:30
hartsocks* No passwords in any conf20:30
*** mrodden has quit IRC20:30
hartsocks… if we can do that, I think I'll meet my objectives.20:30
*** gothicmindfood has quit IRC20:31
hartsocksokay, stevemar … https://blueprints.launchpad.net/~stevemar20:31
*** mrodden has joined #openstack-dev20:32
hartsocksdo I have the dependency tree on https://blueprints.launchpad.net/nova/+spec/vmware-sso-support set up right?20:32
dolphmayoung: keystone would have reason to expose SAML responses to other services though... normally20:32
dolphmayoung: what do you expect from stevemar?20:32
dolphmkeystone wouldn't*20:32
ayoungdolphm, he's working on the SAML/Federation BPs.  I expect the world from stevemar, and I know he is capable of producing.20:33
*** vartom11118 has joined #openstack-dev20:33
ayoungdolphm, I would not expect keystone to produce saml20:33
ayoungat least, not in the Icehouse timeframe20:33
dolphmayoung: yeah, but what exactly? keystone to persist SAML responses and expose them?20:33
ayoungdolphm, and I think hartsocks doesn't quite get that yet20:34
dolphmhartsocks: i'm trying to make the jump from keystone abstracting federation away from the rest of the stack to keystone exposing federation responses to nova/cinder20:34
ayoungdolphm, the vsphere use case is SAML -> Keystone Token just like everyother SAML provider20:34
*** devlaps has quit IRC20:35
ayounghartsocks, unless there is enough information in the SAML token to tell Nova what roles the user should have on a specific project, you can't do SAML direct to Nova20:35
dolphmayoung: i'm hearing the opposite from hartsocks -- nova/cinder want raw SAML to talk to vsphere20:35
*** exed has joined #openstack-dev20:35
hartsocksayoung: Well, this is why I felt we should discuss this… that's not what I'm after.20:35
hartsocksSo, what I see is...20:36
hartsocks… let me back up ...20:36
hartsocksLet's start at the CLI.20:36
dolphmhartsocks: ++ thanks20:36
hartsocksSo from $ nova list20:36
hartsocksin an env like devstack...20:37
hartsocksI've got a username and password stuck up in my shell env.20:37
*** vipul is now known as vipul-away20:37
hartsocksThat username and password are presumably sent as credentials to Keystone.20:37
hartsockskeystone authenticates me (and I presume authorizes me)20:37
hartsocksNext I issue a message of some kind down to the rest of the stack...20:38
hartsocksIf I do some kind of ...20:38
hartsocks$ nova boot … blah b.ah20:38
hartsocksthen I'm doing that authentication dance again.20:38
*** dprince has quit IRC20:38
*** romcheg has joined #openstack-dev20:38
hartsocksThis time, however, at some point the Nova Driver for VMware kicks in.20:39
hartsocksAt the start of the Driver's operations...20:39
hartsocksit pulls in *another* username and password from another source...20:39
hartsockswhich it uses to authenticate again against vCenter.20:39
*** john5223 has quit IRC20:39
*** nkinder has quit IRC20:39
hartsocksThis new credential set is another identity all together.20:39
ayounghartsocks, is vCenter going to authenticate as the end user, or as a service user?20:39
hartsocksSo… why?20:40
*** romcheg1 has quit IRC20:40
hartsocksMy thought was that it should authenticate against the CLI user… because the "right thing" to do is that the tenant...20:40
hartsocksshould have a credential for vSphere anyway.20:40
*** MadDog31 has quit IRC20:41
*** MadDog31 has joined #openstack-dev20:41
hartsocksBasically the idea here is that a vSphere user and a Nova tenant should be the same thing.20:41
dolphmhartsocks: the problem keystone is working to solve right now is to make those the same user... in other words, the end user authenticates with vcenter, and openstack/keystone trusts vcenter that the user has been authenticated. keystone then provides authorization within openstack and the SAML response from vcenter is basically discarded.20:41
*** sandywalsh_ has quit IRC20:42
hartsocksdolphm: so, how do I make sure I use the CLI -> Keystone authentication token or whatever for the Nova -> vSphere "re-authentication" that has to happen when the Driver opens it's *shudder* SOAP *shudder* connection.20:43
hartsocks?20:43
dolphmhartsocks: so, nova/cinder wouldn't know the difference between a vcenter user and any other (i.e. a password-based user originating from keystone); nova/cinder also wouldn't have access to any information useful to go talk to vcenter itself20:43
*** bknudson has joined #openstack-dev20:43
*** jecarey has quit IRC20:43
hartsocksI'd like to hide any work that needs to happen to do that… yes. I *think* if I'm getting this right.20:43
*** nermina has quit IRC20:43
*** yolanda has quit IRC20:44
ayounghartsocks, then the CLI user needs to pass the SAML document that it has to Nova, and nova needs to pass that on to vSphere20:44
* hartsocks rereads things20:44
*** radez is now known as radez_g0n320:44
ayoungThat, of course, assumes that no PKI is done to ensure that the CLI user actually has a private key associated with the SAML document, and that the request is not signed20:44
hartsocksayoung: yes, that's pretty much it… this is essentially an "acts as" or "proxy granting token" situation.20:45
dolphmayoung: IF that SAML doc is useful for more than just federation -- and i'm not sure it would be?20:45
*** jecarey has joined #openstack-dev20:45
ayoungdolphm, in this case, I suspect that it is essential20:45
ayoungdolphm, the SAML document is specific to vSphere, and implements their authorization model directly20:45
morganfainberggyee, posted responses, will get a new review up shortly, do have 1 question for you though before i publish the next version (when you're back from lunch)20:45
*** carl_baldwin has joined #openstack-dev20:45
dolphmayoung: sure, but would it not be different than the SAML document that keystone would receive?20:46
ayoungdolphm, it could be identical, no reason to use multiple SAML docs for this20:46
*** krotscheck has quit IRC20:47
ayoungdolphm, the ideal for his use case would be to by pass Keystone, and have Nova consume the SAML directly, but then he loses the role/project abstraction20:47
dolphmhartsocks: if that's true ^ then the client merely needs to provide the entire SAML doc in (certain?) requests to nova, and nova/cinder just needs to try to use it (validation will presumably be performed by vsphere)20:48
* hartsocks reads carefully20:48
dolphmayoung: i don't think nova needs to "consume" the SAML doc at that point, just pass it along20:48
*** asselin has joined #openstack-dev20:48
*** krotscheck has joined #openstack-dev20:49
hartsocksayoung, dolphm: I've not dug far enough on this yet but I was hoping from Nova we could write code that was essentially… context.getToken(node_name) … or something like that. Which hopefully conceals most of this and preserves roles between Keystone->Nova->vSphere20:49
ayounghartsocks, one potential approach would be for you to write a SAML emitter from Keystone, that takes the same data that is in the Keystone tokens, and puts it into a SAML document.  THen, on the nova side, modify auth_token middleware to accept a SAML document instead of a token.  The SAML assertion would be the superset of Keystone and vSPhere attributes20:49
*** armax has joined #openstack-dev20:50
dolphmayoung: vsphere wouldn't trust that20:50
dolphmthat's literally forging assertions20:51
*** bknudson has quit IRC20:51
ayoungdolphm, no, you just need to tell vSphere that Keystone assertions are to be trusted20:51
ayoungdolphm, It might even be possible to embed the original SAML assertion inside the Keystone one20:51
*** teran has joined #openstack-dev20:52
*** nermina has joined #openstack-dev20:52
ayoungthe assertion would be pretty big,  though.  THink we are already hitting header max size limits as it is.20:52
gyeemorganfainberg, back20:53
hartsockshmm… I wrote some samples with vCenter's SSO that cached a token on the file system for multiple uses from the CLI… does that help?20:53
*** armax has left #openstack-dev20:53
*** gordc has quit IRC20:53
gyeetopol, you are so generous, if you are my manager, I'd ask for a mini vacation right now :)20:53
ayounghartsocks, I don't see how.20:54
*** byeager has joined #openstack-dev20:54
*** lucasagomes has joined #openstack-dev20:54
*** sandywalsh_ has joined #openstack-dev20:54
*** mikeoutland has joined #openstack-dev20:54
morganfainberggyee, on the _register_backends, should the logic be in _register_backends to do nothing or a simple if logic around the call to register_backends?20:54
hartsocksheh. well, this goes with one of the "less smart" approaches20:54
morganfainberggyee, https://review.openstack.org/#/c/59126/13/keystone/common/kvs/core.py20:55
gyeemorganfainberg, the backends are statically configured in keystone.conf right20:55
hartsocksayoung, I definitely need to refresh my memory on how these tokens work then.20:55
*** anniec has quit IRC20:55
gyeecan do do the registration on import?20:55
gyeecan we20:55
ayounghartsocks, they are analogues to SAML assertions.  They are a CMS signed JSON document that contains user role assignments20:56
dolphmhartsocks: did you say earlier that you were storing user's vcenter passwords in conf?20:56
*** nkinder has joined #openstack-dev20:56
morganfainberggyee, ... maybe... i have concerns about that because config isn't always in a perfect state on import (note: testing)20:56
dolphmhartsocks: in nova conf?20:56
gyeemorganfainberg, up to you, not a showstopper20:56
*** sgordon has quit IRC20:56
*** mmagr has quit IRC20:57
hartsocksdolphm: at the moment, yes. It's a bad solution. The username and pass are plain text.20:57
morganfainberggyee, i think i'd rather do the imports when KVS is instantiated instead just to give more leeway for config being in a happy state.20:57
morganfainberggyee, i'll leave that one as is for now.  other than that, i'll get the other changes lined up here today20:57
gyeemorganfainberg, that's fine20:57
morganfainbergonce i write a repro script for a bug i'm filing.20:57
*** topol_ has joined #openstack-dev20:57
*** jsavak has joined #openstack-dev20:57
hartsocksdolphm: we could make things a bit better by doing some simply encryption on the conf file. We could make things a bit better again by figuring out how to do holder-of-key tokens we pull from somewhere...20:58
*** topol has quit IRC20:59
*** topol_ is now known as topol20:59
*** jistr has quit IRC20:59
*** byeager has quit IRC21:00
hartsocksdolphm: I suppose I'm trying to work out how to preserve the identity of the user between all calling layers.21:00
*** joesavak has quit IRC21:01
*** joesavak has joined #openstack-dev21:01
*** jsavak has quit IRC21:02
*** bknudson has joined #openstack-dev21:02
*** denis_makogon_ has joined #openstack-dev21:02
*** aveiga has quit IRC21:04
dolphmhartsocks: but you're only using one username + password, i assume... irrelevant of the API user?21:04
hartsocksdolphm: Just did some digging, the samples I wrote over a year ago were acquiring a holder of key token by user credentials supplied at the CLI… then storing this HoK token on the file system for re-use based on a file system level cache. That seemed to work fine. Why wouldn't we do do something like that in Keystone?21:05
dolphmhartsocks: why is the burden not on the client to provide SAML docs generated by vsphere? (rather than the user handing over credentials to nova?)21:07
hartsocksdolphm: yes, this use-case would pair the username + password supplied at Horizon or at the CLI with the identity used at the vSphere level. That is, to create a tenant a VI admin would actually create an LDAP entry to generate a vSphere user.21:07
hartsocksdolphm: I'm not sure I follow.21:08
*** yassine has quit IRC21:08
dolphmhartsocks: i.e. users normally don't want to hand over their credentials to system A over to system B, so that system B can hijack the user's account on system A21:09
dolphmhartsocks: as a user, i'd rather authenticate with vsphere myself, and then present nova with the results of that authentication so that nova can go do work for me21:09
hartsocksdolphm: okay, so how would that look?21:10
dolphmhartsocks: (same pattern as users authenticating with keystone and then presenting nova with a token as proof)21:10
*** denis_makogon_ is now known as denis_makogon21:11
*** epim has joined #openstack-dev21:11
dolphmhartsocks: as a nova user knowing that nova needs to talk to vsphere for me, i'd go get a SAML doc from vsphere myself (never giving my vsphere credentials to nova), hand the SAML doc over to nova, and then nova can use that to do work on vsphere21:11
dolphmso, the burden is mostly client-side21:11
dolphmhartsocks: unless i'm misunderstanding the end goal, which is always likely :)21:12
*** e0ne has quit IRC21:12
ayoungdolphm, I think I understand it the way you just described it as well21:12
hartsocksdolphm: sure… so if I follow… the flow looks like...21:12
hartsockslogin vCenter *some how* get SAML document21:13
*** sgordon has joined #openstack-dev21:13
hartsockshand SAML document *some how* to Nova21:13
*** gordc has joined #openstack-dev21:13
dolphmayoung: would you call this federation? because i don't think (in this scenario) nova cares about the contents of the user's SAML doc... nova would just pass it back to vsphere and then vsphere accepts/denies it's own SAML assertions21:14
*** anniec has joined #openstack-dev21:14
dolphmhartsocks: ++ the first *some how* is entirely between the client and vsphere21:14
ayoungdolphm, I'm assuming other openstack components come in to play, otherwise, why bother with nova.  Just do vSphere and be done with it21:14
dolphmhartsocks: the second somehow is *probably* a header, or if this is always a POST request to nova, it could just be another attribute in the request21:15
*** slagle has quit IRC21:15
*** MadDog31 has quit IRC21:15
dolphmayoung: my understanding is that vSphere's SSO isn't proprietary, so i really only have to know how to authenticate with my IdP and speak OpenStack beyond taht21:16
hartsocksdolphm: I was really thinking this would be something to do with the security context … that you would populate that *somehow* with an attribute I could pull out and hand to the SOAP conversation Nova was having with vSphere.21:16
*** alunduil has joined #openstack-dev21:16
*** MadDog31 has joined #openstack-dev21:16
dolphmhartsocks: it could be a one-liner middleware to pull some header out of hte request and add it to context21:17
*** dstanek has quit IRC21:17
*** Drankis has quit IRC21:18
*** dstanek has joined #openstack-dev21:18
hartsocksdolphm: my samples are in Java… we do a lot of backflipping to pull XML elements out of headers … the token object itself is an XML Element object (not that this matters too much for any reason other than the pain it's giving me to read this).21:19
hartsocksdolphm: I'm sure this won't be nearly as much work in Python.21:20
openstackstatusNOTICE: test21:20
*** ChanServ changes topic to "test"21:20
*** e0ne has joined #openstack-dev21:21
*** rfolco has quit IRC21:21
*** exed has quit IRC21:21
*** ChanServ changes topic to "OpenStack development || Support is in #openstack"21:21
*** colinmcn_ has quit IRC21:22
*** colinmcnamara has quit IRC21:22
hartsocksdolphm, ayoung: from the last few lines here, this doesn't sound so much like it's a part of federation … but more like some kind of proxy thing… am I thinking in the right direction here?21:22
ayounghartsocks, there are 2 parts.  One is Keystone, in which SAML is part of Federation.  THat will let you use the SSO to communicate with Glance etc.  THe other is Nova talking to vSphere, and that is not Federation, it just means passing SAML through to Nova21:23
hartsocksayoung: So I'm interested in doing things the right way… but the second case is *really* what the people who sign my paychecks care about for icehouse.21:24
ayounghartsocks, it is a custom Nova plugin, nothing to do with Keystone21:24
*** epim has quit IRC21:25
*** vipul-away is now known as vipul21:25
*** thomasem has quit IRC21:25
*** marekd is now known as marekd|away21:26
*** jnoller has quit IRC21:26
hartsocksayoung: by the end of Icehouse we will likely have a glance, cinder, and nova vSphere driver that will all talk to vCenter's authentication mechanisms…21:28
*** tdruiva has quit IRC21:29
*** jecarey has quit IRC21:29
*** lucasagomes is now known as lucas-dinner21:29
*** tdruiva has joined #openstack-dev21:29
hartsocksayoung: I was hoping this would be one effort.21:30
*** thomasem has joined #openstack-dev21:30
*** thomasem has quit IRC21:31
ayounghartsocks, I'm not really certain what that means21:31
ayounghartsocks, if you are going to replace auth_token middleware with SAML, fantastic21:31
*** teran has quit IRC21:31
*** epim has joined #openstack-dev21:32
*** dstanek has quit IRC21:32
hartsocksayoung: I'm interpreting your statement to mean I need to modify Nova, Cinder, etc.21:32
*** jtomasek has quit IRC21:32
*** openstackstatus has quit IRC21:32
dolphmayoung: i don't think it'd be replacing, more so just supplementing21:32
ayoungotherwise...I think they are all going to have the same problem:  how does the end user pass the SAML assertion to Glance such that Glance can fetch an  image out of vSpheres image store21:32
ayoungdolphm, I know, I can dream, though21:32
*** MadDog31 has quit IRC21:33
*** anniec has quit IRC21:33
dolphmayoung: if openstack is entirely acting as a proxy though, it's viable to drop keystone entirely as another system is handling all the authn/authz already21:33
*** openstackstatus has joined #openstack-dev21:33
*** asselin has quit IRC21:33
*** MadDog31 has joined #openstack-dev21:34
dolphmayoung: you could pass the saml doc in X-Auth-Token, auth_token could be replaced with something that just passes it along rather than validates anything about it21:34
*** tdruiva has quit IRC21:34
openstackstatusNOTICE: test21:34
*** ChanServ changes topic to "test"21:34
*** jcooley_ has quit IRC21:34
*** ChanServ changes topic to "OpenStack development || Support is in #openstack"21:34
*** jnoller has joined #openstack-dev21:34
*** mdomsch has quit IRC21:34
*** jnoller has quit IRC21:35
openstackstatusNOTICE: test21:35
*** ChanServ changes topic to "test"21:35
*** ChanServ changes topic to "OpenStack development || Support is in #openstack"21:35
*** teran has joined #openstack-dev21:35
*** epim has quit IRC21:36
*** boden has quit IRC21:36
hartsocksdolphm: so… we're back to Federation after a fashion?21:37
*** jcooley_ has joined #openstack-dev21:39
*** teran has quit IRC21:41
*** buzztroll has quit IRC21:41
*** jasondotstar has quit IRC21:41
hartsocksI'm going to go read some Keystone code… hopefully that will help me be less dumb.21:41
hartsocksIt looks like I should look at the various client code bits as well.21:42
*** anniec has joined #openstack-dev21:42
*** e0ne_ has joined #openstack-dev21:42
*** eglynn-afk has quit IRC21:42
*** fbo is now known as fbo_away21:43
*** buzztroll has joined #openstack-dev21:44
*** e0ne has quit IRC21:45
*** ArxCruz has quit IRC21:46
*** jhesketh has joined #openstack-dev21:46
dolphmhartsocks: no no, i think your immediate use case is distinct from what we're pursing as "federation"21:48
dolphmhartsocks: i thought ayoung explained the distinction pretty well21:49
*** topol has quit IRC21:51
*** freyes has quit IRC21:57
*** achampion has quit IRC21:57
*** dstanek has joined #openstack-dev21:58
*** anniec has quit IRC22:00
*** ykhodork has joined #openstack-dev22:01
*** Underbyte has quit IRC22:02
*** jdob has quit IRC22:03
*** dstanek has quit IRC22:03
*** greghill has quit IRC22:04
*** jroovers has quit IRC22:06
*** yeylon__ has quit IRC22:07
*** e0ne_ has quit IRC22:08
*** akrivoka has joined #openstack-dev22:10
*** dkranz has quit IRC22:11
*** e0ne_ has joined #openstack-dev22:12
*** sgordon has quit IRC22:12
*** e0ne_ has quit IRC22:13
*** eglynn-afk has joined #openstack-dev22:14
*** rraja has quit IRC22:14
*** vladikr has quit IRC22:15
*** radsy has joined #openstack-dev22:15
*** byeager has joined #openstack-dev22:15
hartsocksdolphm, ayoung: okay, so I'm thinking we have 2 types of integration here then. The federation case is lower priority for solving some immediate problems on my plate… I would like to pursue this … what to call it… SAML proxying? but I'll have to do that as an extracurricular. I should probably code up something to make sure I've got my head around this properly.22:16
*** ace has quit IRC22:16
*** mikeoutl_ has joined #openstack-dev22:20
*** larsbutler has quit IRC22:20
*** mikeoutland has quit IRC22:20
*** bswartz has quit IRC22:20
*** arozumenko has quit IRC22:21
*** anniec has joined #openstack-dev22:21
*** spzala has quit IRC22:22
*** utlemming has quit IRC22:23
*** buzztroll has quit IRC22:24
*** sgordon has joined #openstack-dev22:24
*** rkukura has quit IRC22:24
*** utlemming has joined #openstack-dev22:25
*** dims has quit IRC22:26
*** sgordon has quit IRC22:26
*** vartom11118 has quit IRC22:27
*** herndon has joined #openstack-dev22:28
dolphmhartsocks: it sounds like whatever you're doing in nova/cinder today should simply be moved over to the client, and the result passed to nova/cinder22:28
*** pixelb has joined #openstack-dev22:29
*** dstanek has joined #openstack-dev22:30
*** bknudson has left #openstack-dev22:31
hartsocksdolphm: yeah, they're being pretty dumb right now...22:31
*** joesavak has quit IRC22:31
*** michchap has joined #openstack-dev22:31
hartsocksdolphm: every time the driver is called they open a new network connection and use the credentials again.22:31
hartsocksdolpm: so there's got to be a number of *smarter* things to do.22:32
hartsocksdolphm: I would like to mask this behind some central call they could do so that way the RightThing(™) happens automatically to authenticate the Keystone user against vSphere or any other lower level service...22:33
*** dkuffner has joined #openstack-dev22:34
*** stevemar has quit IRC22:34
hartsocksdolphm: I would hope this could simplify the authentication part of driver development for all projects if done properly…22:34
hartsocksdolphm: what troubles me is that I have *two* identities for one user… I would like to at least be able to get rid of that.22:35
hartsocksI may have to build something to properly understand what I'm asking.22:36
hartsockseither way, it looks like I have more work to do and I don't get to piggy back on anything currently in development.22:36
*** henrynash has quit IRC22:37
*** teran has joined #openstack-dev22:37
*** mriedem has quit IRC22:37
*** ykhodork has quit IRC22:38
*** alex_klimov has quit IRC22:38
*** dkuffner has quit IRC22:38
*** dims has joined #openstack-dev22:39
pmathewstermie: ping22:42
*** agntdrake has joined #openstack-dev22:42
*** buzztroll has joined #openstack-dev22:44
*** SumitNaiksatam has quit IRC22:45
*** anniec has quit IRC22:45
*** MaxV has joined #openstack-dev22:46
*** anniec has joined #openstack-dev22:47
*** eglynn-afk has quit IRC22:47
*** mfer has quit IRC22:48
morganfainberggyee, new patchset posted.22:48
*** enikanorov__ has quit IRC22:49
*** arnaud|afk|flu has quit IRC22:50
*** litong has quit IRC22:51
*** tmclaugh[work] has quit IRC22:51
*** ykhodork has joined #openstack-dev22:52
*** mdomsch has joined #openstack-dev22:52
nkinderjamielennox: I'm adding clarification to the KDS doc on the way group membership is handled, and I really don't like it.22:52
*** mdomsch_ has joined #openstack-dev22:52
nkinderjamielennox: I think we should just bite the bullet and handle defining group membership explicitly instead of comparing the party name to the group name.22:53
*** CaptTofu has joined #openstack-dev22:53
*** romcheg has quit IRC22:54
nkinderjamielennox: what do you think?22:54
*** mdomsch has quit IRC22:54
*** mdomsch_ has quit IRC22:54
gyeenkinder, ++, much easier to grasp the concept with explicit membership22:54
simonkinder: --22:54
simomassive management overhead for queues22:55
simowith certain endless issues for admins22:55
nkindersimo: sorry, let me clarify.  I think it should support matching.22:55
gyeemorganfainberg, I wonder how the KVS locking mechanism hold up in a multi process environment22:55
*** jp_at_hp has quit IRC22:55
simonkinder: and it should be the default22:55
*** jayg is now known as jayg|g0n322:55
morganfainberggyee, the memcache bit or the weakref locking one?22:55
nkindersimo: I just think that a "member" is a rule that is used for matching the same way you use the group name now.22:56
morganfainberggyee, those are both basically what dogpile.cache uses natively.  just slightly modified to fit our usecase22:56
morganfainberggyee, the weakref locking is only useful in threaded envs22:56
gyeemorganfainberg, the keyvaluestorelock22:56
nkindersimo: so a group named "schedulers" would have a member rule of "scheduler.*" (or something similar)22:57
morganfainberggyee, it should hold up.  afaict from where it's based on.22:57
morganfainberggyee, and we're not leveraging it in a ton of places, it's very limited, so impact should be minimal22:57
nkindersimo: for our use case, you would have the group named as "scheduler" just as your example, but the membership rule would be explicit.22:57
simonkinder: as long as the KDS adds that rule by default for now I am fine22:58
simonkinder: there is *no other* user for now, why do we need to add APIs we have no need to ?22:58
*** krotscheck has quit IRC22:58
simothis is just feature creep for some idealistic desire22:58
nkindersimo: well, we wouldn't have to change it in the future22:59
*** jf-jenni has joined #openstack-dev22:59
*** jmontemayor has joined #openstack-dev22:59
simonkinder: BS, unused stuff is broken stuff, by the time someone come to use it, we'll find we need to "fix" something22:59
*** rkukura has joined #openstack-dev22:59
morganfainberggyee, i'm happy to rework it if needed though (any advice on direction would of course be welcome)23:00
*** e0ne has joined #openstack-dev23:00
*** anniec has quit IRC23:01
*** ykhodork has quit IRC23:01
gyeemorganfainberg, no need, we just have to deal with it later when the stuff is used outside of eventlet23:01
*** colinmcn_ has joined #openstack-dev23:02
*** colinmcnamara has joined #openstack-dev23:02
gyeeI mean if there's problem with locking23:02
morganfainberggyee, fair enough. this appears to be eventlet/non-eventlet agnostic23:02
morganfainbergand _should_ work in either case afaik23:02
morganfainberghopefully we don't run into a landmine there :)23:02
*** s0mik has quit IRC23:04
*** bknudson has joined #openstack-dev23:04
*** MadDog31 has quit IRC23:05
*** pasquier-s has quit IRC23:05
*** akrivoka has quit IRC23:05
*** mikeoutl_ has quit IRC23:05
sdaguemarkwash: I also sent this to the list - http://lists.openstack.org/pipermail/openstack-dev/2013-December/021983.html - but wanted to make sure to flag it to you as well.23:06
ayoungnkinder, I agree:  explicit group membership23:06
sdagueright now glance is changes can't merge until that requirements fix is handled23:06
sdaguebut lots of glance core are +Aing things into the gate23:07
nkinderayoung: so we're all at a disagreement23:07
sdaguewhich are just gumming it up for everyone else23:07
*** anniec has joined #openstack-dev23:07
ayoungnkinder, yep.  So lets punt on groups altogether23:07
*** pasquier-s has joined #openstack-dev23:08
nkinderayoung: so no support for group messaging at all?23:08
ayoungnkinder, In order to do groups correctly we need PKI.  I think anything short of that is broken23:08
*** neoXsys has quit IRC23:08
ayoungWell,  groups would work fine, but topics, which is what we really need, would be broken:  we need to know who posted to the topic23:09
markwashsdague: thanks23:09
morganfainbergmarkwash, you're also going to need https://github.com/openstack/keystone/blob/master/tox.ini#L8 (that line) in your tox.ini for the pin to work right23:09
morganfainbergmarkwash, iirc23:10
ayoungnkinder, am I wrong?23:10
markwashsdague: the auto full-update doesn't work for us quite yet, we're not ready for some of the hacking changes there yet23:10
* ayoung has to make a run to the store, back in a bit23:10
markwashsdague: so I made this https://review.openstack.org/#/c/61600/23:10
markwashmorganfainberg: ah, hmm lemme look23:10
*** anniec has quit IRC23:10
morganfainbergmarkwash, i think that resolves the 1.2b3 < 1.2 according to pip issues23:10
sdaguemarkwash: sure, however you manage to get past the sphinx issue23:10
*** teran has quit IRC23:11
sdagueand like morganfainberg says, you need that tox change as well (not for the gate, but for anyone to run locally)23:11
markwashsdague: cool, just wanted to make sure there wasn't something I was missing in the more limited patch. thanks!23:11
morganfainbergmarkwash, ^ yes for local not gate :)23:11
sdaguemarkwash: yeh, I think that should be sufficient23:11
morganfainbergmarkwash, sorry wasn't clear on that :)23:11
nkindermarkwash: do you have a moment to do a last quick check on my image sharing OSSN?23:11
nkindersimo: any thoughts on ayoung's comments to punt on groups completely? ^^^23:11
nkinderayoung: will we get any adoption of KDS for point to point messaging if we punt on groups?23:12
markwashnkinder: sure, can you send me another link?23:12
nkindermarkwash: https://bugs.launchpad.net/ossn/+bug/122607823:12
uvirtbotLaunchpad bug 1226078 in ossn "Glance allows user to create images and add other tenants as members (CVE-2013-4354)" [Medium,In progress]23:12
*** teran has joined #openstack-dev23:13
*** arnaud|afk|flu has joined #openstack-dev23:14
simonkinder: yes queues needs groups23:15
*** carl_baldwin has quit IRC23:16
*** mikeoutland has joined #openstack-dev23:16
*** flaper87 is now known as flaper87|afk23:17
*** ilukyanenkov has joined #openstack-dev23:17
markwashmorganfainberg: I guess I have a janky setup for building docs locally. . how do you do it with tox in keystone?23:17
*** teran has quit IRC23:18
*** geekinutah has joined #openstack-dev23:18
clarkbtox -evenv -- python setup.py build_sphinx is what the jenkins jobs do23:18
morganfainbergmarkwash, ^ clarkb with the assist (and not letting me look terrible by giving the wrong info)23:18
morganfainbergclarkb, :)23:18
markwashclarkb: thanks23:19
*** bpokorny has quit IRC23:19
*** kevinconway has quit IRC23:19
*** byeager has quit IRC23:20
clarkbzul indicated that if we use sphinx-build the distutils problem forcing us to cap sphinx goes away, but then I think we lose the ability to do some of the magic that happens in setup.py around doc builds23:20
clarkbwhen mordred has an internet connection we should probably talk about that23:20
*** alunduil has quit IRC23:20
*** galstrom is now known as galstrom_zzz23:21
*** SumitNaiksatam has joined #openstack-dev23:21
*** herndon has quit IRC23:21
dstufftdistutils worst utils23:22
*** jobewan has quit IRC23:23
*** MaxV has quit IRC23:23
*** clayb has quit IRC23:23
*** thedodd has quit IRC23:24
*** MaxV has joined #openstack-dev23:24
*** thedodd has joined #openstack-dev23:24
*** sergmelikyan has quit IRC23:24
*** s0mik has joined #openstack-dev23:25
*** shinylasers has quit IRC23:26
*** geekinutah has left #openstack-dev23:26
nkinderayoung: I think groups should be left in.  It's better than what we have now, and we just need to clearly spell out the limitations of the current approach.23:26
*** dstanek has quit IRC23:27
*** MaxV has quit IRC23:28
*** sushils has quit IRC23:29
*** gordc has quit IRC23:29
*** thedodd has quit IRC23:30
*** terriyu has quit IRC23:32
*** sushils has joined #openstack-dev23:32
*** rcleere has quit IRC23:32
*** arnaud|afk|flu has quit IRC23:32
*** ilukyanenkov has quit IRC23:33
*** lucas-dinner has quit IRC23:33
*** jgrimm has quit IRC23:33
*** dims has quit IRC23:34
jamielennoxnkinder, ayoung: even though groups is a long way from perfect it's lacking without it23:34
jamielennoxi tend to think groups will be one of the major uses23:35
*** Adri2000 has quit IRC23:35
jamielennoxi'm unfortunately not really familiar with how messaging works in the rest of OS, as to how much you address a message to a server but anything that is doing HA would need to be in a group right?23:36
*** neoXsys has joined #openstack-dev23:36
nkinderjamielennox: ok, we're on the same page then.  I think that there is value in the current implementation.23:36
*** Adri2000 has joined #openstack-dev23:36
*** Adri2000 has quit IRC23:36
*** Adri2000 has joined #openstack-dev23:36
nkinderjamielennox: there's some detail here on the way queues are used - http://docs.openstack.org/developer/nova/devref/rpc.html23:38
nkinderjamielennox: I'm just not a fan of the way membership is defined, but I'll leave it as is.23:39
*** s0mik has quit IRC23:39
*** blamar has quit IRC23:39
*** anniec has joined #openstack-dev23:40
*** jasdeepH has quit IRC23:40
*** stevemar has joined #openstack-dev23:40
*** huats_ has joined #openstack-dev23:40
*** huats_ has joined #openstack-dev23:40
jamielennoxnkinder: neither, but reading the start of the doc page you can see why group membership being defined as the part before the first . makes sense23:40
*** huats has quit IRC23:40
*** kbrierly has quit IRC23:41
*** ozialien_ has joined #openstack-dev23:42
*** neelashah has quit IRC23:42
*** radsy has quit IRC23:44
nkinderjamielennox: yep.  About to push an updated review.23:44
*** dstanek has joined #openstack-dev23:44
*** ngoracke has quit IRC23:44
jamielennoxnkinder: ok, i had a quick look at some of the comments earlier, i'll go through them again and see if there is anything i need to specifically comment on23:45
*** carl_baldwin has joined #openstack-dev23:45
*** sheeprine has quit IRC23:46
nkinderjamielennox: ok.  I think simo and I covered the comments pretty well.23:46
jamielennoxnkinder: if you want to add a POST /v1/keys that will auto-generate a key for a host i'm fine with that - it's a really simple addition23:46
jamielennoxand i can see it being useful23:46
nkinderjamielennox: I'll leave it alone for now23:47
*** ozialien_ has quit IRC23:47
*** nkinder has quit IRC23:47
*** arnaud|afk|flu has joined #openstack-dev23:49
*** carl_baldwin has quit IRC23:49
*** vipul is now known as vipul-away23:52
*** jhesketh__ has joined #openstack-dev23:55
*** teran has joined #openstack-dev23:55
*** lbragstad has quit IRC23:55
*** blamar has joined #openstack-dev23:56
*** datsun180b has quit IRC23:56
*** sheeprine has joined #openstack-dev23:57
*** colinmcnamara has quit IRC23:59
*** colinmcn_ has quit IRC23:59
« Tuesday, 2013-12-10 Index Thursday, 2013-12-12 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!