Friday, 2014-01-03

« Thursday, 2014-01-02 Index Saturday, 2014-01-04 »
*** herndon_ has quit IRC00:00
*** nelsnels_ has quit IRC00:01
*** herndon has joined #openstack-dev00:03
*** herndon has quit IRC00:03
*** rushiagr has joined #openstack-dev00:04
bknudsonmorganfainberg: got a minute?00:05
morganfainbergbknudson, of course00:05
*** ArxCruz has quit IRC00:05
morganfainbergbknudson, ugh, i keep mis reading your comment on the credential_api.00:07
morganfainbergi think the conversion to the lambda has not made it more clear.00:07
morganfainbergsince i endlessly mis-read it00:07
bknudsonmorganfainberg: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/assignment/core.py#n26300:07
morganfainberg=/00:07
morganfainbergbknudson, ok looking at that link now.00:07
bknudsonexpiration_time=CONF.assignment.cache_time00:07
bknudsonthat actually happens at import time.00:08
morganfainbergoh.00:08
bknudsonso the default expiration time is going to be whatever CONF.assignment.cache_time is set to before CONF() is called00:08
morganfainbergshould probably make it a method call.00:08
morganfainbergthen.00:08
*** carlp has quit IRC00:08
*** mriedem has quit IRC00:08
*** buzztroll has quit IRC00:09
bknudsonmorganfainberg: so you want it to be whatever the user configured it to?00:09
morganfainbergyeah.00:09
morganfainbergrather than the default.00:09
bknudsonbecause right now it'll just be whatever the default is.00:09
morganfainbergthat was the intention00:09
bknudsonmorganfainberg: I'll look into how we could do that.00:09
morganfainbergbknudson, probably similar to how the SHOULD_CACHE_FN works00:10
*** michchap has quit IRC00:10
morganfainbergoh. huh00:10
morganfainbergactually... that might be challenging.00:10
bknudsonmorganfainberg: EXPIRATION_TIME_FN ?00:10
morganfainbergwould have the same problems00:10
*** michchap has joined #openstack-dev00:10
morganfainbergit would be called at import time00:11
*** teran has joined #openstack-dev00:11
morganfainbergand value would be stored.00:11
*** buzztroll has joined #openstack-dev00:11
bknudsonmorganfainberg: mind if I just change it for now to the default, since that's how it works.00:12
morganfainbergsure go for it00:12
morganfainbergmake sure to hit any/all @cache.on_arguments00:12
*** mkoderer_ has quit IRC00:12
bknudsonI'm going to get rid of the config.configure() call... http://git.openstack.org/cgit/openstack/keystone/tree/keystone/config.py#n2500:12
morganfainbergok00:12
bknudson-- """Wrapper for keystone.common.config that configures itself on import."""00:13
morganfainbergalso, configuration.rst has some references to those conf values00:13
morganfainbergi'll work on proposing a change to upstream dogpile to offer an expiration_time_fn option (or similar)00:13
openstackstatusNOTICE: see: https://etherpad.openstack.org/p/pip1.5Upgrade00:13
*** ChanServ changes topic to "OpenStack development || Support is in #openstack"00:13
bknudsonwe shouldn't have parts trying to configure themselves or do anything on import.00:13
morganfainbergbknudson, agreed.  unfortunately, decorators work at import time :P00:14
*** rongze has joined #openstack-dev00:14
*** erkrnt has quit IRC00:14
*** erkrnt1 has joined #openstack-dev00:14
*** mkoderer_ has joined #openstack-dev00:15
morganfainbergi'll see if I can figure out the best way to make this work in-line with the current dogpile impl though, might be doable00:15
morganfainbergw/o new version that is00:15
bknudsonmorganfainberg: when I removed config.configure() I get "oslo.config.cfg.NoSuchOptError: no such option: assignment" ... so it's pretty obvious that doing something wrong00:15
morganfainberghm.. yeah00:16
*** Mandell_ has joined #openstack-dev00:17
morganfainbergbknudson, according to the docs... we can make it a callable00:17
morganfainbergexpiration_time that is00:17
morganfainbergchecking to make sure the min version we require has that support00:17
*** rushiagr has quit IRC00:17
*** terrylhowe has left #openstack-dev00:18
*** rongze has quit IRC00:18
*** terrylhowe has joined #openstack-dev00:18
morganfainbergbknudson, https://bitbucket.org/zzzeek/dogpile.cache/src/91e6658b2e86a6fc6cf58166af0015861279d1ba/dogpile/cache/region.py?at=rel_0_5_0#cl-88600:19
morganfainbergbknudson, looks like we can pass it as a callable that takes no arguments, so expiration_time_fn that pulls the correct config option00:19
bknudsonmorganfainberg: I opened a bug: https://bugs.launchpad.net/keystone/+bug/126567000:19
*** Mandell has quit IRC00:20
uvirtbotLaunchpad bug 1265670 in keystone "Changing cache_time doesn't work" [Undecided,New]00:20
morganfainbergbknudson, cool.00:20
morganfainbergbknudson, i can put together a patch for that in about 15 minutes.00:20
morganfainbergor 20 if you don't want to tackle irt00:20
bknudsonI'll work on it since I'm looking at it.00:20
morganfainbergbknudson, cool.00:20
bknudsonI don't trust you with functions or lambdas anymore.00:21
morganfainbergbknudson, LOL00:21
morganfainbergbknudson, like i said, i think making it a lambda has made it harder for me to read :(00:21
morganfainbergi keep mis-reading your comment...over and over00:21
*** CaptTofu has quit IRC00:21
morganfainbergeither that... or syntax highlighting is needed00:21
bknudsonmorganfainberg: should just be like "DEFAULT_EXPIRATION_TIME = lambda: CONF.assignment.cache_time"00:21
morganfainbergbknudson, sure.  you said DEFAULT_CONFIGURATION_TIME = lambda: print 'hi i'm a lambda function'  right?00:22
morganfainberg>.>00:22
morganfainberg(see what i did there)00:22
morganfainbergbknudson, but in seriousness, yes, that looks correct.00:23
morganfainbergi'd probably call it EXPIRATION_TIME though not "default_..."00:23
morganfainbergsince it's configurable00:23
bknudsonmorganfainberg: but it's the default value for the function argument... "expiration_time=DEFAULT_EXPIRATION_TIME)"00:24
morganfainbergi.. i can't argue00:24
bknudsonI'll call it EXPIRATION_TIME00:24
morganfainbergthe logic is sound.00:24
bknudsonbecause it's shorter00:25
morganfainbergbknudson, i don't think it really matters what you call it.  call it bunny_foo_foo for the lulz00:25
morganfainbergbknudson, but yeah, that was a mistake because we did that wonky configure() thing.00:25
morganfainbergbknudson, thanks for catching/cleaning that up00:26
*** Mandell has joined #openstack-dev00:26
bknudsonmorganfainberg: I'll get rid of the config.configure() oddity and hopefully will not have this problem again.00:26
morganfainbergbknudson, ++++++00:26
morganfainbergayoung, https://review.openstack.org/#/c/60742/ this seems to pass w/o the non-expiry keys.00:27
morganfainbergayoung, so, rebased it as the top of the chain for parallel work00:27
bknudsonlooks like the same problem with CONF.token.cache_time00:27
morganfainbergbknudson, all of the caches will have the same issu00:27
morganfainberge00:27
morganfainbergbknudson, identity likely has it as well00:27
morganfainbergbknudson, oh nope. identity has no caching as far as i can tell00:28
*** Mandell_ has quit IRC00:29
*** jergerber has quit IRC00:29
*** Mandell_ has joined #openstack-dev00:30
*** Mandell has quit IRC00:32
bknudsonmorganfainberg: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/cache/core.py#n84 -- why is that happening on import?00:33
morganfainbergbknudson, service.py is doing the cache configuration00:34
morganfainbergthat can ... likely be moved into load_backends00:35
bknudsonmorganfainberg: I'm guessing that doesn't have to happen at import-time?00:35
morganfainberghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/service.py#n43 can be moved to line 50 or so00:35
morganfainbergis my guess00:35
bknudsonmorganfainberg: do you want that called in all the tests that do load_backends?00:35
bknudsonor does it have to happen once for all the tests?00:35
*** erlon has quit IRC00:36
morganfainbergit needs to happen for all tests before a method with caching is called00:36
morganfainbergbut calling it more than once with the same config should be idempotent00:36
*** mehdi has quit IRC00:37
*** Mandell_ has quit IRC00:37
morganfainbergbknudson, it needs to be configured for every test (and before anything calls a method that is decorated w/ @cache.on_arguments), but it doesn't need to occur at import in service.py00:38
morganfainbergs/and before/before00:38
bknudsonmorganfainberg: alright, that was it. server starts.00:38
morganfainbergcool.00:38
morganfainberggood to solve that issue so no one else makes a bad assumption about configuration state00:39
*** mehdi has joined #openstack-dev00:39
*** kgriffs is now known as kgriffs_afk00:39
*** Mandell has joined #openstack-dev00:41
*** kgriffs_afk is now known as kgriffs00:46
*** carlp has joined #openstack-dev00:51
morganfainbergbknudson, ok https://review.openstack.org/#/c/63564/9/keystone/credential/core.py i _think_ i finally got it right.00:51
bknudsonmorganfainberg: yep, that's it.00:53
morganfainbergbknudson, trust me again w/ functions and lambdas :P00:54
morganfainberg>.>00:54
*** carl_baldwin has quit IRC00:54
* morganfainberg hangs head in shame00:54
bknudsonmorganfainberg: ok, I'll do that.00:54
bknudsonmorganfainberg: I would have been more impressed if some fancy itertools had been used.00:56
bknudsonmaybe http://docs.python.org/2/library/itertools.html#itertools.ifilter ?00:56
morganfainbergbknudson, LOL00:56
morganfainbergbknudson, next time!00:56
morganfainbergkeystone needs more instances of using yield00:57
morganfainbergjust to confuse people.00:57
morganfainbergactually, i could have used straight filter as well.00:57
bknudsonugh, filter.00:58
morganfainberglol00:58
morganfainberghopefully that code is _never_ actually used.00:58
*** xarses has quit IRC00:59
morganfainbergsince the only credential impl we have is SQL... and we've made some _very_ SQL-specific choices in the credential api uses00:59
*** giulivo has quit IRC01:00
*** pmathews has quit IRC01:00
bknudsonI'd be ok if you used reduce()01:00
morganfainbergbknudson, hehe01:01
morganfainbergwas looking at that actually01:01
*** xarses has joined #openstack-dev01:01
*** xarses_ has joined #openstack-dev01:01
*** jaypipes has quit IRC01:02
*** stevemar has joined #openstack-dev01:02
*** pcm has quit IRC01:04
*** xarses_ has quit IRC01:05
*** jay-lau-513 has quit IRC01:07
*** amcrn has joined #openstack-dev01:09
*** terriyu has joined #openstack-dev01:10
*** terriyu has quit IRC01:11
*** rongze has joined #openstack-dev01:15
*** epopt37 has quit IRC01:15
*** colinmcnamara has quit IRC01:16
*** melwitt has joined #openstack-dev01:17
*** rongze has quit IRC01:20
*** xarses has quit IRC01:21
*** galstrom_zzz is now known as galstrom01:22
*** kgriffs is now known as kgriffs_afk01:23
*** buzztroll has quit IRC01:23
*** romcheg has quit IRC01:23
*** cpallares has quit IRC01:24
*** galstrom is now known as galstrom_zzz01:26
*** epopt37 has joined #openstack-dev01:27
*** dave_tucker has left #openstack-dev01:28
*** pberis has quit IRC01:28
*** alex_xu has joined #openstack-dev01:30
*** pberis has joined #openstack-dev01:31
*** angdraug has quit IRC01:32
*** anniec has quit IRC01:33
*** slagle has joined #openstack-dev01:35
*** rods has joined #openstack-dev01:38
*** rongze has joined #openstack-dev01:38
*** CaptTofu has joined #openstack-dev01:39
ayoungmorganfainberg, something is not right with that patch.  You are making Trust API calls from inside the driver.  That should be in the manager layer, not the driver.01:43
morganfainbergayoung, this is resolving that issue where trust scoped tokens are in the wrong list.  should i instead pass in the trust data into create_token?01:44
morganfainbergthis is a kvs-speciifc issue01:44
morganfainbergkvs/memcache01:44
ayoungnah...something is wrong01:44
morganfainbergyou need the trustee user_id.01:44
morganfainbergis that in the token data?01:44
ayoungdo that resolution at the Manager level, and pass it in if needs be, but no driver to API dependencies01:45
ayoungif it isn't, put it in there...01:45
ayoungSQL must have it already...lets see01:45
morganfainbergSQL doesn't need user-lists01:45
morganfainbergit can do a filter and inspect the data directly01:45
morganfainbergold kvs did the same thing.01:46
*** anniec has joined #openstack-dev01:46
morganfainbergit had access to the in-mem dict and just looked for matching trusts01:46
morganfainbergonce you move out of memory (not guaranteed with dogpile to be in process mem) you can't inspect the whole store01:46
ayounghmmmm01:46
*** sushils has quit IRC01:47
*** StevenK has quit IRC01:47
morganfainbergthis _likely_ becomes a non-issue with revocation events01:47
*** russell_h has quit IRC01:47
morganfainbergand definitely becomes a non-issue with ephemeral tokens01:47
ayoungUgh...OK, I don't like it, but I guess it is the right thing01:48
*** StevenK has joined #openstack-dev01:48
ayoungwait01:48
morganfainbergayoung, i went circles around that one, if there is a better way please :) make it suck less01:48
ayoungtrustee_id needs to be in the token01:48
ayoungit is in the token_data,,,01:49
morganfainbergthe token data is ... a bit hard to remember all the fields, i should create that validator that documents expected token data01:49
morganfainbergif it's there, we can remove a couple lines and not need to lookuip the trust01:49
*** Ryan_Lane has joined #openstack-dev01:49
ayoungmorganfainberg, https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L7801:50
morganfainbergok so it's in the data, thanks01:50
ayounghttps://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L18601:50
morganfainbergthat doesn't change much logic, but don't need to lookup the trust then01:50
ayoungRIGHT01:50
morganfainbergoh ick01:51
morganfainbergv2 vs v3 again :(01:51
ayounghee hee hee01:51
* morganfainberg cries in the corner01:51
ayoungI think you can assume v3, though, no?01:51
morganfainbergnope.01:51
morganfainbergneeds to support both01:51
morganfainbergor it's a security issue01:51
ayoungDon't we only record V3 now...? I thought gyee fixed that01:51
ayoungand convert v3 to v201:51
ayoungupon demand01:51
morganfainbergdid he?01:51
morganfainbergno.01:52
morganfainbergit looks like we still have v2 and v3 specific tokens01:52
ayoungblergh!01:52
morganfainberginfact... we explicitly set a version in the token data01:52
morganfainbergat least i can use that to pick the right place to look01:52
morganfainberghttps://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L36501:52
morganfainbergactually..01:53
*** sushils has joined #openstack-dev01:53
*** sarob has joined #openstack-dev01:53
morganfainbergyep01:53
*** bdpayne has quit IRC01:54
morganfainbergayoung, it's hard to tell.  actually.01:55
morganfainbergminor differences perhaps01:55
morganfainbergmight be able to pull the token version out of the stored data01:55
*** thedodd has joined #openstack-dev01:55
morganfainbergthe raw token data is different... and it is stored in the token.01:55
*** russell_h has joined #openstack-dev01:56
*** russell_h has joined #openstack-dev01:56
morganfainbergthough it would be good to only store a single format token.01:56
*** sarob_ has quit IRC01:57
*** sarob has quit IRC01:58
*** thedodd has quit IRC01:58
*** xarses has joined #openstack-dev02:00
*** krotscheck has quit IRC02:02
*** carlp has quit IRC02:02
*** nati_ueno has joined #openstack-dev02:03
*** AnilV4 has quit IRC02:05
morganfainbergayoung, ok checking to see if that change works.  if so i'll get another patchup later tonight (in case you have other feedback)02:06
ayoungmorganfainberg, cool beans02:06
*** CaptTofu_ has joined #openstack-dev02:06
ayoungmorganfainberg, my nightmare scenario involves hypervisor compromises:  http://arstechnica.com/security/2014/01/openssl-site-defacement-involving-hypervisor-hack-rattles-nerves/02:06
*** AnilV4 has joined #openstack-dev02:07
morganfainbergayoung, oh geeze02:08
ayoungYep02:08
*** CaptTofu has quit IRC02:08
ayounghttp://zone-h.org/mirror/id/2142572002:09
*** CaptTofu has joined #openstack-dev02:09
morganfainberglol. at least the defacement was simple =/02:10
morganfainbergand ... didn't touch code.02:10
*** CaptTofu_ has quit IRC02:11
ayoungGIT saves the day on that02:12
*** kgriffs_afk is now known as kgriffs02:14
ayoungmorganfainberg, ok, I think I am suffering from writers block.  I have the revocation code this far...  https://review.openstack.org/#/c/55908/  but ...I really want to just be done with the damn thing02:15
ayoungI need to do "create a token, delete it, and see the revocation..."02:15
*** terrylhowe has quit IRC02:15
ayoungcrud...I fixed the wrong patch...02:16
thingeemorganfainberg or ayoung: is there any doc to tell me as a keystone plugin dev about what the manager means to me compared to the identity core class itself? I started following how an assignment api get related to an identity driver and then got lost.02:16
*** dguitarbite has joined #openstack-dev02:16
ayoungthingee, I sense this is more of a vent than a question...what is the real problem?02:17
*** dguitarbite__ has joined #openstack-dev02:17
morganfainbergayoung, ouch :( hate it when i muck in the wrong tree/fix the wrong patchset02:17
morganfainbergayoung, and that sounds right, create, delete, revocation should be there/exist/notify/watever02:18
*** rongze has quit IRC02:18
thingeeayoung: nope wasn't a vent. I really can't figure out how to get my identity core plugin to know it has an assignment api linked with it.02:19
*** yuan has quit IRC02:19
*** slagle has quit IRC02:19
thingeeidentit plugin*02:19
thingeeidentity**02:19
morganfainbergthingee, your identity driver?02:19
ayoungmorganfainberg, it is the whole kit and kaboodle...right through to checking revocating internally, which needs to be comparable code that is in auth_token middleware....02:19
*** rongze has joined #openstack-dev02:19
ayoungthingee, ok, so we had this thing with LDAP02:19
ayoungare you using LDAP?02:19
*** rongze has quit IRC02:19
morganfainbergoh the automatic assignment driver magic?02:20
*** nermina has quit IRC02:20
*** rongze has joined #openstack-dev02:20
ayoungmorganfainberg, shh..he isn't cleared for magic02:20
morganfainbergayoung, are you a wizard?02:20
ayoungthingee, here is the deal02:20
ayoungwe split id and assignements, but the LDAP backend didn't split cleanly02:20
*** nermina has joined #openstack-dev02:21
ayoungso if someone was uing LDAP for identity, and did not splecifically state they had an assignment back end, they still get LDAP...but otherwise, the assignment backend is SQL02:21
ayoungmorganfainberg, fairly certain that by now I am considered a Necromancer02:22
ayoungkeeping code alive that should have long since shuffled off its mortal coil02:22
thingeeayoung: I have my class that inherits identity.core. It has its own logic on translating a legacy auth system.02:22
ayoungthingee, where do you want to store assignments?02:22
thingeeso nothing that keystone comes with. But I want to have that custom class to know it has an assignment api02:22
ayoungthingee, @depends02:22
morganfainbergthingee, @dependancy.requires('assignment_api)02:23
morganfainbergthingee, dependency02:23
morganfainbergthingee, from keystone.common import dependency02:23
*** erkules has quit IRC02:23
ayoungthingee, wait, you want identity to know aboiut assignments or assignements to know about identity?02:23
*** buzztroll has joined #openstack-dev02:23
*** kgriffs is now known as kgriffs_afk02:23
thingeeayoung: I want it to know about my own assignment class. I have defined in my own identity core class default_assignment_driver()02:24
thingeeand the appropriate dot path is returned.02:24
morganfainbergthingee, that should only be used if the config hasn't specified an assignment driver02:25
ayoungthingee, these are tightly coupled?02:25
ayoungmorganfainberg, they have a custom backend...I screwed these guys when I split things02:25
ayoungand thingee was nice enough to not kneecap me at the summit02:25
morganfainbergayoung, i've talked to thingee about it some. but i'm not 100% familiar with their setup still02:25
morganfainbergin fact... *something something whiskey in pasadena soon*02:26
thingeeah I totally missed the assignment driver config02:26
ayoungthingee, OK, so there is some ugliness with circular dependencies...the identity backend needs assignemtns and vice aversa...which is why there is that future_dependency thing.02:27
*** CaptTofu has quit IRC02:27
ayoungthingee, yeah, if you are explicitly specifying the assingment driver, that will win.02:27
thingeemorganfainberg: yes sir ;)02:27
*** CaptTofu has joined #openstack-dev02:27
ayoungthingee, both assignments and identity are in your custom back ned, right?02:27
ayoungend02:27
*** sushils has quit IRC02:28
thingeeayoung: yeah02:28
thingeeI'm sure this config opt will do the trick though02:28
ayounggood luck.  as a customer, I am counting on you02:28
thingee:)02:29
thingeethanks guys02:29
*** zhikunliu has joined #openstack-dev02:29
morganfainbergthingee, sure thing02:29
morganfainbergayoung, we do shady things creating tokens not through the providers in unit tests :(02:29
morganfainbergit looks like.02:30
ayoungmorganfainberg, that predated the providers02:30
morganfainbergi know :(02:30
morganfainbergtime to retrofit a bunch of tests02:30
ayoungmorganfainberg, Necromancy02:30
morganfainbergon the plus side i almost have a patchset ready to go to pull out the per-domain-idenitity backends.02:30
morganfainbergit does cleanup code a bit.02:31
morganfainbergon the downside it's deep in a patchset chain of cleanup.02:31
*** rongze has quit IRC02:32
*** rongze has joined #openstack-dev02:33
morganfainbergayoung, it feels like the token_providers need more love and get merged back down into token.core02:33
ayoungmorganfainberg, you really want to do that, don't you02:33
ayoungmorganfainberg, oh yes02:34
ayoungthe token provider needs to be broken into a pipeline02:34
morganfainbergayoung, no i don't want to do it :(. but i'm on a cleanup binge it looks like02:34
ayoungI'd rather not remove that code.  I think we will want it eventually02:34
ayoungdon't yank it without clearing with henrynash02:35
morganfainbergit'll be a patchset that nothing else depends on.02:35
morganfainbergi'll mark it WIP for good measure02:36
morganfainbergbut basically, i am going to push hard to make the extra IDP stuff leverage the federation work.  i firmly believe that code isn't really in any state to be resuscitated without some significant internal refactoring of ... well domains at their core02:37
morganfainbergif we can get the federation work to supply the multi-ldap backend stuff (one way or another), it would be far better.02:37
morganfainbergand we still haven't figured out the unique id issues .02:38
morganfainbergwhen makeing ids from dns that is.02:38
ayoungmorganfainberg, so...LDAP is already an extra RPC.  We go to a remote Keystone, and to get a token, its client->keystone1->LDAP->keystone->client->keystone2....02:38
morganfainbergs/dns/DNs02:38
ayoungyeah, IDs from DNs has issues02:39
ayoungbut we need to figure out unique IDs no matter what02:39
*** erkules has joined #openstack-dev02:39
ayoungactually, Federation is going to require it just as much as the existing multi backend stuff...same problem02:39
morganfainbergif we have one internal idp, we can make the federation stuff be "smart" from square one02:39
morganfainbergsince federation is new, we don't have the same issues as the earlier discussion held02:40
morganfainbergor at least we can be a bit more flexible02:41
*** kgriffs_afk is now known as kgriffs02:41
*** AnilV4 has quit IRC02:42
ayoungmorganfainberg, nope02:42
morganfainbergayoung, yes. we can be smart about encoding IDs and have no migration issues.02:42
morganfainbergor similar concepts02:42
*** AnilV4 has joined #openstack-dev02:42
ayoungwe need a persistant ID.  The only alternatives are to calculate one from the Identity document (assertion) or to calculate one on the fly02:43
ayounganything we do with Federation would work for multi LDAP02:43
morganfainbergayoung, only if we re-write the LDAP identity backend significantly02:43
ayoungmorganfainberg, you are missing the point02:44
morganfainbergwhich, it might as well conform to the federation work then02:44
ayoungwe can do what we want with LDAP02:44
ayoungwe need a unique ID that works when we can't write to the backend02:44
ayoungLDAP ,shmeldap02:44
morganfainbergayoung, again, this is an issue where having multiple "domain" drivers to reference is an ugly hack.02:45
ayoungIf we want to ghost the identity values in the Keystone server, we don't have a problem....I don't want to do that02:45
*** dguitarbite__ has quit IRC02:45
*** dguitarbite has quit IRC02:45
morganfainbergthe architecture poorly supports that concept02:45
morganfainbergand part of the poor support is the way domains are constructed02:45
morganfainbergnot the concept, the implementation02:45
morganfainbergand fixing that implementation is no small task.02:46
ayoungmorganfainberg, it is going to come down to recording the domain ID for the user separately.02:47
ayoungAccept this now my young apprentice02:47
ayoungand your journy to t...gah, too much star wars in this household02:47
morganfainbergayoung, heh,02:48
ayoungmorganfainberg, seriously, though, that is the only real solution02:48
lifelessITYM don't fear domains, because fear leads to...02:48
morganfainbergayoung, we will just need to disagree on this, but the domain implementation is bad when it comes to mixing projects and users.02:48
morganfainbergayoung, we have the same issue if we had multiple SQL backends.02:49
morganfainbergor actually...worse02:49
ayoungmorganfainberg, you can disagree with me right yup to the point where you realize I am right02:49
ayoungI've already been through the stages...anger, denial02:49
ayoungdepression02:49
ayoungskip right to acceptance02:49
morganfainbergayoung, except for one bit, i firmly believe you are wrong in the need for this in the implementation that is partially there02:50
morganfainbergi think it is the wrong approach, it does not work.02:50
morganfainbergand it needs some serious re-thinking.02:50
ayoungmorganfainberg, assignments will need to know where the user identity comes from.02:50
ayoungor, more correctly02:50
morganfainbergstarting on the multiple backend approach from scratch (or not implementing it internally) is the correct approach02:51
ayoungtokens will need to be able to deduce02:51
*** kgriffs is now known as kgriffs_afk02:51
ayoungdoesn't matter...we need to be able to calculate the IdP from the assignement02:51
morganfainbergif we pull this out, and hook into the same "new" mechanisms federation will provide, i think we can not have the same edgecases and issues02:51
morganfainbergfederation cannot hook into what we have.02:52
morganfainbergand if we keep federation, this, and internal SQLisms, we now have 3 bits of (in some cases fragile) code that all do the same thing02:52
ayoungview it from the assignments side, irregardless of Federation02:52
morganfainbergidentity should be flat02:52
morganfainbergno domains02:52
morganfainbergfrom that side02:52
ayoungwe need to be able to deconflict user ids02:53
*** stevemar has quit IRC02:53
morganfainbergwell not the "same" domain constructs assignment is using02:53
*** stevemar has joined #openstack-dev02:53
morganfainbergall user ids should be available from an assignment standpoint, and not be tightly coupled to the same construct.02:53
*** alop has quit IRC02:54
morganfainbergespecially since we have users from identity domain X with grants in assignment domain Y02:54
*** ffio has quit IRC02:54
morganfainbergso putting projects in identity domain X adds all sorts of bad edge cases to resolve.02:54
ayoungwe need to be able to deconflict user ids....that is the problem to solve.  The rest is commentary.  Go and study02:54
morganfainbergwhich, is fine.02:55
morganfainbergayoung, and we can work on that. but having 3 different ways to deconflict ids is a bad idea02:56
morganfainbergand you're advocating just that02:56
ayoungmorganfainberg, agreed.  We need to have one and only one.  Right now we have none02:56
morganfainbergright now we have 102:56
morganfainbergand it involves use a single internal idp02:56
morganfainbergthat should be expanded02:56
morganfainbergnot have things bolted on haphazardly02:57
morganfainbergayoung, anyway, i think this might need to be shelved until San antonio02:57
morganfainbergayoung, i'll still stick the patch up, marked WIP02:57
*** SumitNaiksatam has joined #openstack-dev02:58
morganfainbergbut, after diggign around in the edge cases and trying to fix this in havana, it needs to be redone or we need to restructure domains imo02:58
ayoungmorganfainberg, seriosly, I've been over this groun.  I am not just being flippant.  We need to use the domain id (or an analogue) to deconflict assignments.  It will either mean al onger user id, that iw then parsable, or it means we split the key into two pieces, but the end result is the same:  assignemtns will be for user/domain02:59
*** cyeoh has quit IRC03:01
morganfainbergayoung, and my argument is to make sure we are not wedging things on top of a very rough implementation that has a massive amount of edge cases that do not resolve well03:01
morganfainbergayoung, i'm saying we should undo the multi-LDAP stuff because it really is not working, and start on that clean and make sure it uses the same (and a clean) mechanism that is re-usable to de-conflict ids03:02
ayoungmorganfainberg, I suspect the code can be cleaned up, but I think the long term solution will require multiple internal LDAP servers.03:02
*** cyeoh has joined #openstack-dev03:02
morganfainbergayoung, lets come back to this in person in SA. Neither you nor I are going to budge on this over IRC i think.03:03
ayounglets figure out that deconfliction first.. I think the reason that the multi ldap is broken is because we have piece missing in our abstraction, not due to any fundamental flaw in the approach.  But I think we are close ienough in agreement for now03:03
morganfainberglike i said before, feel free to -2 the code, i will mark it as WIP so it wont be merged regardless.03:04
morganfainbergbut i'm going to post it up so it isn't lost.03:04
Ryan_Lanemultiple internal ldap servers?03:04
morganfainbergRyan_Lane, internal-to-keystone03:05
Ryan_Lanethat makes me throw up a little in my mouth03:05
morganfainberge.g. multiple ldap servers that provide different users/groups information03:05
morganfainbergRyan_Lane, i don't think it's a far departure from having federated ID sources (openid, ldap, sql, facebook auth [don't laugh], oauth)03:06
Ryan_Laneso, you'd somehow cache the remote ldap server info locally?03:06
morganfainbergRyan_Lane, it would work the same as the current ldap driver works, just not be restricted to a single LDAP store03:06
Ryan_Laneoh, so you don't mean you'd run a number of ldap servers03:07
morganfainbergRyan_Lane, lets assume you have 2 business units in your org03:07
morganfainbergand each need to use the cloud, but each have their own LDAP server for their users03:08
morganfainbergand that LDAP server is SSO for each busniess unit already03:08
morganfainbergso, keystone would need to be able to use both ldap systems to provide identity for each set of users03:08
Ryan_Laneyou mean the ldap servers have overlapping sets of users?03:09
Ryan_Laneor that each ldap server has a completely different set of users?03:09
morganfainbergRyan_Lane, second option03:09
Ryan_Lanewhy not just make each use keystone, and federate the keystones?03:09
morganfainbergRyan_Lane, the way assignment currently works doesn't really account for that03:10
morganfainbergit's assuming that you _really_ have one source of identity03:10
morganfainbergwhich is keystone itself. (backed by LDAP or SQL)03:11
Ryan_Lanehaving keystone merge a user's LDAPs is simply insane03:11
morganfainbergRyan_Lane, it is really no different that using SQL and supporting OpenID as an identity source as well03:11
morganfainbergor ... using 3 different OID sources03:11
morganfainbergGoogle, Launchpad, something else03:11
morganfainbergif we support that, we should _in theory_ support multiple of other sources (is the current argument)03:12
Ryan_Laneso you're saying you set each of them up as a separate provider, and allow them to specify multiple providers?03:12
morganfainbergcorrect, each is a provider that provides identity information03:12
Ryan_Laneah. ok, right. that makes sense03:13
morganfainbergkeystone maps that identity information into roles for the shared resource of the cloud03:13
Ryan_Laneand for this you'll simply make them provide that info and it'll talk to different ldap servers03:13
*** melwitt has quit IRC03:13
morganfainbergthe current implementation has large gaps.03:13
morganfainbergand doesn't work03:13
morganfainberg(actually can't work)03:13
morganfainbergthe two conversations today were about that.03:13
Ryan_Lanewhen you say use ldap internally, I hear "we're going to run ldap servers with keystone, and we're going to use it as our own data store"03:13
Ryan_Lanerather than "use multiple LDAP provider objects"03:14
*** doug_shelley66 has quit IRC03:14
morganfainbergRyan_Lane, that is one option, use a read-write ldap store that keystone managed03:14
morganfainbergbut it doesn't stop you from also wanting an enterprise ldap store that keystone doesn't manage03:14
morganfainbergat the same time03:14
Ryan_Laneright. I was thinking you were going to do some weird caching thing :)03:15
morganfainbergnah03:15
morganfainbergthats on the ldap deployer's shoulders03:15
*** Daviey has quit IRC03:15
Ryan_Lanethat approach sounds good03:15
morganfainbergi have no interest in do that kind of systems work03:15
morganfainbergRyan_Lane, so the issue at hand is that we have a partial implementation and some new initiatives, i was proposing 2 solutions to help with this.03:16
morganfainbergone was strike the current partial impl and start over03:16
morganfainbergthe other was to refactor how the namespaces work for identity information internal to keystone03:16
morganfainbergthe latter is a bad idea short of a new API major version03:16
morganfainbergthe former is what i was just arguing for. but we'll see where it goes when we all meetup in a couple weeks03:17
morganfainbergwe = keystone developers03:17
morganfainbergRyan_Lane, clear as mud huh?03:17
*** erkrnt1 has quit IRC03:19
Ryan_Lane:D03:19
*** Daviey has joined #openstack-dev03:23
*** ykhodork has quit IRC03:25
*** loq_mac has quit IRC03:25
ayoungmorganfainberg, is giving you his overly optimisitic view Ryan_Lane03:28
ayoungthe trusth is, there is no "starting over"03:28
morganfainbergayoung, i think i gave a fair assessment of the specific code in question03:29
ayoungwe need to basically say that an assignment is from a user,03:29
morganfainbergnot the more global assignment issues03:29
ayoungand that user must be differentiated from another user that might have the same userid03:29
ayoungthe differentiation is going to be based on where the user ID comes from...call it Domain or IdP03:29
morganfainbergayoung, and i stopped arguing on renaming based on earlier convo.03:30
morganfainbergor restructuring03:30
morganfainbergthe domain construct that is.03:31
* morganfainberg goes back to code.03:31
* morganfainberg stops looking at irc atm...it's not going to change things tonight :P03:31
Ryan_Lanekeystone light v2 it is!03:34
*** kgriffs_afk is now known as kgriffs03:34
morganfainbergRyan_Lane, be careful, you might attract the attention of someone you don't intend to ;)03:35
Ryan_Laneheh03:35
morganfainbergRyan_Lane, hehe03:36
morganfainbergargh... i should stop looking at IRC i'm _trying_ to write code!03:36
*** boris-42 has quit IRC03:37
Ryan_Lane:)03:38
Ryan_LaneI'm trying to fix an LDAP problem03:38
Ryan_Lanefunny enough03:38
*** ykhodork has joined #openstack-dev03:39
*** rods has quit IRC03:40
*** CaptTofu has quit IRC03:41
*** CaptTofu has joined #openstack-dev03:41
*** prekarat has quit IRC03:42
*** prekarat has joined #openstack-dev03:42
*** anniec has quit IRC03:44
*** ffio has joined #openstack-dev03:45
*** stevemar has quit IRC03:46
*** spzala has quit IRC03:49
*** harlowja is now known as harlowja_away03:51
*** stevemar has joined #openstack-dev03:53
*** aditirav has joined #openstack-dev03:53
*** bdpayne has joined #openstack-dev03:55
*** aditirav has quit IRC03:55
*** david-lyle_ has joined #openstack-dev03:56
*** aditirav has joined #openstack-dev03:56
*** pberis has quit IRC03:57
*** pberis has joined #openstack-dev03:58
*** ykhodork has quit IRC04:03
*** rongze has quit IRC04:04
*** buzztroll has quit IRC04:06
*** buzztroll has joined #openstack-dev04:06
*** paragan has joined #openstack-dev04:10
*** buzztroll has quit IRC04:11
*** RuiChen has quit IRC04:13
*** bdpayne has quit IRC04:15
*** david_lyle has joined #openstack-dev04:18
*** carl_baldwin has joined #openstack-dev04:19
*** erkrnt has joined #openstack-dev04:20
*** bdpayne has joined #openstack-dev04:20
*** david-lyle_ has quit IRC04:21
*** Joel-S has joined #openstack-dev04:25
*** gyee_ has quit IRC04:33
*** jab416171 has joined #openstack-dev04:33
*** prekarat has quit IRC04:36
*** CaptTofu has quit IRC04:38
*** xjiujiu has joined #openstack-dev04:38
*** CaptTofu has joined #openstack-dev04:39
*** kushal has joined #openstack-dev04:45
*** noslzzp has quit IRC04:52
*** zaitcev has quit IRC04:53
*** kushal has quit IRC04:53
*** buzztroll has joined #openstack-dev04:54
*** zaitcev has joined #openstack-dev04:58
*** melwitt1 has joined #openstack-dev04:58
*** melwitt2 has joined #openstack-dev05:00
*** blamar has quit IRC05:00
*** aditirav has quit IRC05:00
*** ffio has quit IRC05:02
*** melwitt1 has quit IRC05:03
*** Ryan_Lane has quit IRC05:03
*** kushal has joined #openstack-dev05:05
*** ffio has joined #openstack-dev05:08
*** doug_shelley66 has joined #openstack-dev05:10
*** HenryG has quit IRC05:11
*** buzztroll has quit IRC05:12
*** nermina has quit IRC05:14
*** doug_shelley66 has quit IRC05:15
*** Ryan_Lane has joined #openstack-dev05:15
*** kgriffs is now known as kgriffs_afk05:16
*** uvirtbot has quit IRC05:20
*** sungju has joined #openstack-dev05:22
*** sungju has quit IRC05:29
*** vartom11111110 has joined #openstack-dev05:29
*** zaitcev has quit IRC05:32
*** david_lyle has quit IRC05:33
*** stevemar has quit IRC05:35
*** neeti has joined #openstack-dev05:36
*** dstanek has quit IRC05:37
*** chandankumar has joined #openstack-dev05:37
*** gilliard has quit IRC05:38
*** dstanek has joined #openstack-dev05:39
*** Ryan_Lane has quit IRC05:40
*** DennyZhang has joined #openstack-dev05:41
*** beisner has quit IRC05:42
*** bdpayne has quit IRC05:43
*** chandankumar has quit IRC05:44
*** chandankumar has joined #openstack-dev05:45
*** sgordon has quit IRC05:45
*** erkrnt1 has joined #openstack-dev05:46
*** erkrnt has quit IRC05:46
*** kgriffs_afk is now known as kgriffs05:46
*** prekarat has joined #openstack-dev05:50
*** chandankumar has quit IRC05:50
*** factor has joined #openstack-dev05:51
*** chandankumar has joined #openstack-dev05:51
*** rushiagr has joined #openstack-dev05:53
*** prekarat has quit IRC05:54
*** danjared has quit IRC05:55
*** xingchao has joined #openstack-dev05:56
*** kgriffs is now known as kgriffs_afk05:58
*** Joel-S has quit IRC05:59
*** jecarey has quit IRC06:01
*** StevenK has quit IRC06:01
*** StevenK has joined #openstack-dev06:02
*** mrunge has joined #openstack-dev06:08
*** DennyZhang has quit IRC06:08
*** reed has quit IRC06:10
*** rdas has joined #openstack-dev06:10
*** xjiujiu has quit IRC06:11
*** jpeeler has quit IRC06:11
*** prekarat has joined #openstack-dev06:13
*** danjared has joined #openstack-dev06:18
*** vartom11111110 has quit IRC06:20
*** factor has quit IRC06:23
*** markwash has quit IRC06:24
*** factor__ has joined #openstack-dev06:25
*** dguitarbite has joined #openstack-dev06:27
*** carl_baldwin has quit IRC06:31
*** carl_baldwin has joined #openstack-dev06:35
*** factor__ has quit IRC06:36
*** chandankumar is now known as ciypro06:36
*** aeperezt has quit IRC06:38
*** Mandell has quit IRC06:38
*** pberis has quit IRC06:47
*** pberis has joined #openstack-dev06:48
*** kgriffs_afk is now known as kgriffs06:49
*** amcrn has quit IRC06:51
*** pberis has quit IRC06:54
*** dstanek has quit IRC06:55
*** dstanek has joined #openstack-dev06:56
*** pberis has joined #openstack-dev06:57
*** kgriffs is now known as kgriffs_afk06:58
*** bdpayne has joined #openstack-dev07:00
*** bashok has joined #openstack-dev07:04
*** ngoracke has quit IRC07:04
*** dguitarbite has quit IRC07:06
*** dguitarbite has joined #openstack-dev07:09
*** tzumainn has quit IRC07:11
*** rongze has joined #openstack-dev07:12
*** Drankis has joined #openstack-dev07:14
*** ykhodork has joined #openstack-dev07:15
*** Drankis has quit IRC07:15
*** drankis_ has joined #openstack-dev07:15
*** drankis_ has joined #openstack-dev07:15
*** drankis_ has quit IRC07:16
*** Drankis has joined #openstack-dev07:16
*** carl_baldwin has quit IRC07:17
*** vartom11111110 has joined #openstack-dev07:18
*** Drankis has quit IRC07:20
*** vartom11111111 has joined #openstack-dev07:24
*** vartom11111110 has quit IRC07:24
*** Drankis has joined #openstack-dev07:29
*** teran has quit IRC07:30
*** teran has joined #openstack-dev07:30
*** yaguang has joined #openstack-dev07:31
*** teran has quit IRC07:35
*** kushal has quit IRC07:36
*** alex_klimov has joined #openstack-dev07:40
*** alex_klimov has left #openstack-dev07:41
*** erkrnt1 has quit IRC07:46
*** kgriffs_afk is now known as kgriffs07:49
*** sthaha has quit IRC07:50
*** ifarkas has joined #openstack-dev07:50
*** rushiagr has quit IRC07:56
*** xga has joined #openstack-dev07:57
*** bdpayne has quit IRC07:57
*** kgriffs is now known as kgriffs_afk07:59
*** sahid has joined #openstack-dev07:59
*** flaper87|afk is now known as flaper8708:00
*** jprovazn has joined #openstack-dev08:02
*** melwitt2 has quit IRC08:02
*** pberis has quit IRC08:06
*** kpavel has joined #openstack-dev08:09
*** pberis has joined #openstack-dev08:10
*** yolanda has joined #openstack-dev08:11
*** sthaha has joined #openstack-dev08:14
*** sthaha has quit IRC08:14
*** sthaha has joined #openstack-dev08:14
*** sthaha has quit IRC08:18
*** asalkeld_ has quit IRC08:22
*** asalkeld_ has joined #openstack-dev08:22
*** kpavel has quit IRC08:23
*** kpavel has joined #openstack-dev08:24
*** vipul is now known as vipul-away08:27
*** vipul-away is now known as vipul08:29
*** xgsa has joined #openstack-dev08:30
*** teran has joined #openstack-dev08:31
*** teran has quit IRC08:35
*** evgenyf has joined #openstack-dev08:37
*** xga_ has joined #openstack-dev08:43
*** lsmola_ has joined #openstack-dev08:43
*** fire has joined #openstack-dev08:43
*** fire is now known as ffio_08:43
*** xga has quit IRC08:44
*** vipul is now known as vipul-away08:44
*** cyeoh has quit IRC08:45
*** ffio has quit IRC08:46
*** jtomasek has joined #openstack-dev08:47
*** kgriffs_afk is now known as kgriffs08:50
*** fbo_away is now known as fbo08:51
*** xga has joined #openstack-dev08:52
*** factor__ has joined #openstack-dev08:58
*** jpich has joined #openstack-dev08:59
*** rossella_s has joined #openstack-dev09:00
*** vipul-away is now known as vipul09:00
*** kgriffs is now known as kgriffs_afk09:00
*** MaxV has joined #openstack-dev09:00
*** arosen has quit IRC09:00
*** ygbo has joined #openstack-dev09:01
*** jistr has joined #openstack-dev09:02
*** rongze has quit IRC09:10
*** amotoki has joined #openstack-dev09:11
*** corrigac has quit IRC09:12
*** dguitarbite has quit IRC09:12
*** buzztroll has joined #openstack-dev09:13
*** arezmerita has joined #openstack-dev09:14
*** rushiagr has joined #openstack-dev09:14
*** buzztrol_ has joined #openstack-dev09:15
*** zqfan has joined #openstack-dev09:16
*** buzztroll has quit IRC09:17
*** mkollaro has joined #openstack-dev09:17
*** derekh has joined #openstack-dev09:18
*** buzztrol_ has quit IRC09:19
*** ndipanov_gone is now known as ndipanov09:20
*** boris-42 has joined #openstack-dev09:21
*** rushiagr has quit IRC09:22
*** rushiagr has joined #openstack-dev09:23
*** zhikunliu has quit IRC09:25
*** aditirav_ has joined #openstack-dev09:25
*** armax has joined #openstack-dev09:28
*** rushiagr2 has joined #openstack-dev09:28
*** rushiagr has quit IRC09:31
*** zqfan has quit IRC09:32
*** prekarat has quit IRC09:32
*** rossella_s has quit IRC09:36
*** aditirav_ has quit IRC09:37
*** aditirav has joined #openstack-dev09:37
*** rossella_s has joined #openstack-dev09:38
*** amotoki has quit IRC09:42
*** sdake has quit IRC09:43
*** sdake has joined #openstack-dev09:46
flaper87sdague: ping re: https://review.openstack.org/#/c/63754/09:48
*** sushils has joined #openstack-dev09:49
*** kgriffs_afk is now known as kgriffs09:51
*** johnthetubaguy has joined #openstack-dev09:53
*** giulivo has joined #openstack-dev09:53
*** gongysh has joined #openstack-dev09:56
*** dirk has joined #openstack-dev09:59
*** eglynn has joined #openstack-dev10:01
*** kgriffs is now known as kgriffs_afk10:02
*** rongze has joined #openstack-dev10:04
*** aditirav_ has joined #openstack-dev10:06
*** lcheng has quit IRC10:07
*** aditirav has quit IRC10:08
*** aditirav_ is now known as aditirav10:08
*** omachace has joined #openstack-dev10:08
*** sushils has quit IRC10:08
*** aditirav has quit IRC10:10
*** aditirav has joined #openstack-dev10:11
*** aditirav_ has joined #openstack-dev10:12
*** sushils has joined #openstack-dev10:12
*** martyntaylor has joined #openstack-dev10:14
*** bvandenh has joined #openstack-dev10:14
*** buzztroll has joined #openstack-dev10:14
*** dguitarbite has joined #openstack-dev10:14
*** martyntaylor has left #openstack-dev10:14
*** aditirav has quit IRC10:15
*** aditirav_ is now known as aditirav10:15
tristanCbugsduggan: ping (about swift client ssl verification)10:16
*** neoXsys has quit IRC10:17
*** ykhodork has quit IRC10:18
*** gongysh has quit IRC10:18
*** archon__ has joined #openstack-dev10:21
*** dguitarbite has quit IRC10:26
*** neoXsys has joined #openstack-dev10:29
*** factor__ has quit IRC10:30
*** dguitarbite has joined #openstack-dev10:35
*** johnthetubaguy1 has joined #openstack-dev10:40
*** dguitarbite has quit IRC10:42
*** teran has joined #openstack-dev10:42
*** johnthetubaguy has quit IRC10:42
*** xingchao has quit IRC10:46
*** rossella_s_ has joined #openstack-dev10:47
*** lcheng has joined #openstack-dev10:47
*** buzztroll has quit IRC10:48
*** rossella_s has quit IRC10:49
*** rossella_s_ is now known as rossella_s10:49
*** pixelb has joined #openstack-dev10:49
*** nmagnezi has joined #openstack-dev10:50
*** kgriffs_afk is now known as kgriffs10:53
*** noorul has quit IRC10:54
*** yaguang has quit IRC10:56
*** mkollaro has quit IRC10:58
*** kgriffs is now known as kgriffs_afk11:03
*** lucasagomes has joined #openstack-dev11:06
*** lucasagomes has quit IRC11:08
*** lucasagomes has joined #openstack-dev11:10
*** mkollaro has joined #openstack-dev11:10
*** omachace has left #openstack-dev11:11
*** lcheng has quit IRC11:13
*** pcm_ has joined #openstack-dev11:13
*** doug_shelley66 has joined #openstack-dev11:15
*** pcm_ has quit IRC11:16
*** pcm_ has joined #openstack-dev11:16
*** ihrachys has joined #openstack-dev11:19
*** akrivoka has joined #openstack-dev11:21
*** archon__ has quit IRC11:22
*** paragan has quit IRC11:23
*** evgenyf has quit IRC11:24
*** yolanda has quit IRC11:25
*** yolanda has joined #openstack-dev11:26
*** lucasagomes has quit IRC11:26
*** lucasagomes has joined #openstack-dev11:27
*** xga has quit IRC11:28
*** xga_ has quit IRC11:28
*** dguitarbite_ has joined #openstack-dev11:30
*** yolanda has quit IRC11:31
*** devvesa has joined #openstack-dev11:31
*** MaxV has quit IRC11:31
*** yolanda has joined #openstack-dev11:31
*** lucasagomes has quit IRC11:32
*** AnilV4 has quit IRC11:33
*** dguitarbite_ has quit IRC11:36
*** akrivoka has quit IRC11:37
*** rods has joined #openstack-dev11:37
*** pberis has quit IRC11:39
*** pberis has joined #openstack-dev11:39
*** akrivoka has joined #openstack-dev11:39
*** yolanda has quit IRC11:39
*** yolanda has joined #openstack-dev11:41
*** yeylon_ has quit IRC11:42
*** yolanda has quit IRC11:44
*** buzztroll has joined #openstack-dev11:44
*** sgordon has joined #openstack-dev11:45
*** yolanda has joined #openstack-dev11:45
*** AnilV4 has joined #openstack-dev11:46
*** cyeoh_ has joined #openstack-dev11:48
*** cyeoh_ is now known as cyeoh11:48
*** buzztroll has quit IRC11:48
*** lucasagomes has joined #openstack-dev11:50
*** dguitarbite has joined #openstack-dev11:50
*** yolanda has quit IRC11:51
*** yolanda has joined #openstack-dev11:52
*** XxLocutusxX has joined #openstack-dev11:53
*** yolanda has joined #openstack-dev11:53
*** lucasagomes has quit IRC11:53
*** Rissmann has joined #openstack-dev11:53
*** lucasagomes has joined #openstack-dev11:54
*** kgriffs_afk is now known as kgriffs11:54
*** yolanda has quit IRC11:56
*** yolanda has joined #openstack-dev11:57
*** yeylon_ has joined #openstack-dev11:58
*** MaxV has joined #openstack-dev11:58
*** lucasagomes has quit IRC11:59
*** AnilV4 has quit IRC11:59
*** MaxV has quit IRC12:00
*** MaxV has joined #openstack-dev12:01
*** lucasagomes has joined #openstack-dev12:04
*** kgriffs is now known as kgriffs_afk12:04
*** lucasagomes has quit IRC12:05
*** AnilV4 has joined #openstack-dev12:07
*** yolanda has quit IRC12:07
*** sgordon has quit IRC12:09
*** yolanda has joined #openstack-dev12:09
*** dguitarbite has quit IRC12:12
*** mindpixel has joined #openstack-dev12:15
*** lucasagomes has joined #openstack-dev12:15
*** armax has left #openstack-dev12:17
*** CaptTofu has quit IRC12:17
*** CaptTofu has joined #openstack-dev12:17
*** dguitarbite_ has joined #openstack-dev12:23
*** yolanda has quit IRC12:23
*** ArxCruz has joined #openstack-dev12:24
*** yolanda has joined #openstack-dev12:24
*** devvesa has quit IRC12:27
*** bashok has quit IRC12:28
*** pberis has quit IRC12:29
*** pberis has joined #openstack-dev12:30
*** AnilV4 has quit IRC12:31
*** XxLocutusxX has quit IRC12:36
*** yeylon_ has quit IRC12:36
*** AnilV4 has joined #openstack-dev12:36
*** dguitarbite_ has quit IRC12:37
*** jingwang has quit IRC12:42
*** yolanda has quit IRC12:44
*** yolanda has joined #openstack-dev12:44
*** buzztroll has joined #openstack-dev12:45
*** yolanda has joined #openstack-dev12:46
*** CaptTofu has quit IRC12:46
*** CaptTofu has joined #openstack-dev12:46
*** tdruiva has joined #openstack-dev12:46
*** rushiagr2 is now known as rushiagr_away12:47
*** CaptTofu has quit IRC12:47
*** CaptTofu_ has joined #openstack-dev12:47
*** aditirav_ has joined #openstack-dev12:49
*** tdruiva has quit IRC12:50
*** yolanda has quit IRC12:51
*** Mandell has joined #openstack-dev12:51
*** yolanda has joined #openstack-dev12:51
*** aditirav has quit IRC12:52
*** danielbruno has joined #openstack-dev12:52
*** aditirav_ has quit IRC12:52
*** aditirav has joined #openstack-dev12:53
*** CaptTofu_ has quit IRC12:53
*** CaptTofu has joined #openstack-dev12:54
*** dguitarbite has joined #openstack-dev12:54
*** aditirav_ has joined #openstack-dev12:54
*** mrunge has quit IRC12:55
*** kgriffs_afk is now known as kgriffs12:55
*** AnilV4 has quit IRC12:56
*** aditirav has quit IRC12:57
*** aditirav_ is now known as aditirav12:57
*** aditirav has quit IRC12:58
*** aditirav has joined #openstack-dev12:58
*** CaptTofu has quit IRC12:59
*** dguitarbite has quit IRC13:00
*** stevemar has joined #openstack-dev13:02
*** teran has quit IRC13:02
*** teran has joined #openstack-dev13:03
*** kgriffs is now known as kgriffs_afk13:05
*** teran has quit IRC13:06
*** galstrom_zzz is now known as galstrom13:07
*** galstrom is now known as galstrom_zzz13:08
*** colinmcnamara has joined #openstack-dev13:08
*** rushiagr_away is now known as rushiagr213:08
*** pberis has quit IRC13:08
*** pberis has joined #openstack-dev13:09
*** xga has joined #openstack-dev13:09
*** xga_ has joined #openstack-dev13:09
*** rongze has quit IRC13:10
*** Mandell has quit IRC13:11
*** danielbruno has quit IRC13:13
*** xga_ has quit IRC13:14
*** xga has quit IRC13:14
*** xga has joined #openstack-dev13:15
*** xga__ has joined #openstack-dev13:15
*** buzztroll has quit IRC13:18
*** dguitarbite has joined #openstack-dev13:22
*** dguitarbite has left #openstack-dev13:23
*** dguitarbite_ has joined #openstack-dev13:23
*** evgenyf has joined #openstack-dev13:26
*** danielbruno has joined #openstack-dev13:26
*** dguitarbite_ has quit IRC13:27
*** pberis has quit IRC13:28
*** pberis has joined #openstack-dev13:28
*** xga__ has quit IRC13:31
*** eglynn is now known as eglynn-lunch13:32
*** b3nt_pin has joined #openstack-dev13:33
*** markvoelker1 has joined #openstack-dev13:34
*** b3nt_pin is now known as beagles13:34
*** pmathews has joined #openstack-dev13:34
*** pberis has quit IRC13:35
*** pberis has joined #openstack-dev13:37
*** jpeeler has joined #openstack-dev13:40
*** rongze has joined #openstack-dev13:41
*** zzelle has joined #openstack-dev13:42
*** zzelle has joined #openstack-dev13:42
*** pberis has quit IRC13:43
*** radez_g0n3 is now known as radez13:44
*** jruzicka has joined #openstack-dev13:44
*** Rissmann has quit IRC13:45
*** dprince has joined #openstack-dev13:46
*** dvarga has joined #openstack-dev13:46
*** rods has quit IRC13:48
*** dguitarbite has joined #openstack-dev13:49
*** ekarlso has quit IRC13:50
*** ciypro has quit IRC13:51
*** rongze has quit IRC13:52
*** ekarlso has joined #openstack-dev13:52
*** pberis has joined #openstack-dev13:52
*** rods has joined #openstack-dev13:53
*** rdas has quit IRC13:53
*** kgriffs_afk is now known as kgriffs13:56
*** neeti has quit IRC13:56
*** cpallares has joined #openstack-dev13:57
*** factor__ has joined #openstack-dev13:58
*** buzztroll has joined #openstack-dev13:59
*** HenryG has joined #openstack-dev14:00
*** jpeeler has quit IRC14:00
*** jpeeler has joined #openstack-dev14:01
*** vartom11111111 has quit IRC14:01
*** dguitarbite has quit IRC14:01
*** neeti has joined #openstack-dev14:02
*** sgordon has joined #openstack-dev14:04
*** tzumainn has joined #openstack-dev14:04
*** kgriffs is now known as kgriffs_afk14:05
*** jasondotstar has joined #openstack-dev14:06
*** anniec has joined #openstack-dev14:06
*** anniec_ has joined #openstack-dev14:09
*** anniec has quit IRC14:11
*** anniec_ is now known as anniec14:11
*** mriedem has joined #openstack-dev14:16
*** kblin_ is now known as kblin14:16
*** kblin has joined #openstack-dev14:16
*** aeperezt has joined #openstack-dev14:19
*** aditirav has quit IRC14:19
*** jswarren has joined #openstack-dev14:21
*** nermina has joined #openstack-dev14:21
*** neelashah has quit IRC14:22
*** mriedem has quit IRC14:25
*** neeti has quit IRC14:26
*** rtheis has joined #openstack-dev14:26
*** arezmerita has quit IRC14:27
*** mriedem has joined #openstack-dev14:27
*** vijendar has joined #openstack-dev14:29
*** arezmerita has joined #openstack-dev14:29
*** joesavak has joined #openstack-dev14:30
*** vladikr has joined #openstack-dev14:30
*** stevemar has quit IRC14:30
*** alex_xu has quit IRC14:31
*** kgriffs_afk is now known as kgriffs14:33
*** neelashah has joined #openstack-dev14:34
*** neelashah has left #openstack-dev14:34
*** pmathews has quit IRC14:38
*** evgenyf has quit IRC14:38
*** pmathews has joined #openstack-dev14:38
*** dbalog has joined #openstack-dev14:38
*** peristeri has joined #openstack-dev14:39
*** pberis has quit IRC14:41
*** dbalog has left #openstack-dev14:41
*** eharney has joined #openstack-dev14:41
*** pberis has joined #openstack-dev14:42
*** pmathews has quit IRC14:43
*** pmathews1 has joined #openstack-dev14:43
*** dbalog has joined #openstack-dev14:44
*** rongze has joined #openstack-dev14:45
*** mfer has joined #openstack-dev14:45
*** mfer has quit IRC14:46
*** anniec has quit IRC14:46
*** pmathews1 has quit IRC14:47
*** neelashah has joined #openstack-dev14:48
*** jobewan has joined #openstack-dev14:49
*** terriyu has joined #openstack-dev14:49
*** kbringard has joined #openstack-dev14:49
*** rongze has quit IRC14:50
*** kgriffs is now known as kgriffs_afk14:50
*** mfer has joined #openstack-dev14:51
*** portante is now known as portante|afk14:51
*** armax has joined #openstack-dev14:51
*** markvoelker1 has quit IRC14:52
*** yolanda has joined #openstack-dev14:53
*** rongze has joined #openstack-dev14:56
*** chmouel has quit IRC14:59
*** evgenyf has joined #openstack-dev15:05
*** carlp has joined #openstack-dev15:06
*** xga has quit IRC15:06
*** xga has joined #openstack-dev15:09
*** radez is now known as radez_g0n315:09
*** nermina has quit IRC15:09
*** ngoracke has joined #openstack-dev15:12
*** ruhe has joined #openstack-dev15:12
*** kevinconway has joined #openstack-dev15:13
*** dvarga has quit IRC15:14
*** rushiagr2 has quit IRC15:15
*** giroro_ has joined #openstack-dev15:18
*** jmontemayor has joined #openstack-dev15:18
*** yolanda has quit IRC15:18
*** kgriffs_afk is now known as kgriffs15:18
*** yolanda has joined #openstack-dev15:19
*** Ruetobas has quit IRC15:19
*** dvarga has joined #openstack-dev15:19
*** otherwiseguy has quit IRC15:21
*** thedodd has joined #openstack-dev15:22
*** giroro_ has quit IRC15:22
*** russellb is now known as rustlebee15:23
*** Ruetobas has joined #openstack-dev15:23
*** chandankumar has joined #openstack-dev15:24
*** hartsocks is now known as hartbot15:24
*** dansmith is now known as damnsmith15:26
*** evgenyf has quit IRC15:27
*** Ruetobas has quit IRC15:27
*** giroro_ has joined #openstack-dev15:27
*** rossella_s has quit IRC15:28
*** blamar has joined #openstack-dev15:29
*** dims has quit IRC15:30
*** noorul has joined #openstack-dev15:31
*** herndon has joined #openstack-dev15:31
*** yolanda has quit IRC15:31
*** yolanda has joined #openstack-dev15:32
*** giroro_ has quit IRC15:32
*** yolanda has quit IRC15:33
*** dims has joined #openstack-dev15:33
*** radez_g0n3 is now known as radez15:33
*** yolanda has joined #openstack-dev15:34
*** dims is now known as dimsum15:34
*** yolanda has quit IRC15:34
*** chandankumar has quit IRC15:35
*** yolanda has joined #openstack-dev15:36
*** carlp has quit IRC15:37
*** spzala has joined #openstack-dev15:38
*** carlp has joined #openstack-dev15:38
*** mikeoutland has joined #openstack-dev15:38
*** factor__ has quit IRC15:38
*** lucasagomes is now known as lucas-hungry15:38
*** Ruetobas has joined #openstack-dev15:39
*** pmathews has joined #openstack-dev15:42
*** yolanda has quit IRC15:43
*** factor__ has joined #openstack-dev15:44
*** yolanda has joined #openstack-dev15:44
*** rtheis has quit IRC15:45
*** rnirmal has joined #openstack-dev15:47
*** armax has left #openstack-dev15:47
*** terriyu has quit IRC15:53
*** yolanda has quit IRC15:55
*** changbl has quit IRC15:57
*** changbl has joined #openstack-dev15:57
*** xga has quit IRC15:57
*** xga has joined #openstack-dev15:57
*** Drankis has quit IRC15:59
*** chmouel has joined #openstack-dev16:00
*** pasquier-s has quit IRC16:00
*** tdruiva has joined #openstack-dev16:00
*** Ruetobas has quit IRC16:01
*** mikeoutl_ has joined #openstack-dev16:01
*** mikeoutland has quit IRC16:02
*** markmcclain has joined #openstack-dev16:02
*** Ruetobas has joined #openstack-dev16:03
*** ifarkas has quit IRC16:05
*** otherwiseguy has joined #openstack-dev16:06
*** jprovazn is now known as jprovazn_afk16:07
*** aditirav has joined #openstack-dev16:08
*** Ruetobas has quit IRC16:08
*** Ruetobas has joined #openstack-dev16:08
*** yolanda has joined #openstack-dev16:13
*** yolanda has quit IRC16:13
*** lxsli0 is now known as lxsli16:14
*** yolanda has joined #openstack-dev16:14
*** yolanda has quit IRC16:15
*** david-lyle_ has joined #openstack-dev16:15
*** yolanda has joined #openstack-dev16:16
*** yolanda has quit IRC16:18
*** sahid has quit IRC16:18
*** carl_baldwin has joined #openstack-dev16:19
*** xgsa has quit IRC16:19
*** yolanda has joined #openstack-dev16:19
*** DennyZhang has joined #openstack-dev16:20
*** buzztroll has quit IRC16:21
*** yolanda has quit IRC16:22
*** buzztroll has joined #openstack-dev16:22
*** yolanda has joined #openstack-dev16:23
*** alop has joined #openstack-dev16:25
*** lucas-hungry is now known as lucasagomes16:26
*** tdruiva has quit IRC16:27
*** tdruiva has joined #openstack-dev16:28
*** factor__ has quit IRC16:31
*** nelsnelson has joined #openstack-dev16:32
*** yolanda has quit IRC16:33
*** dvarga is now known as dvarga|away16:33
*** dvarga|away is now known as dvarga16:33
*** ruhe has quit IRC16:35
*** chandankumar has joined #openstack-dev16:36
*** yolanda has joined #openstack-dev16:36
*** DennyZhang has quit IRC16:37
*** pballand has joined #openstack-dev16:37
*** yolanda has quit IRC16:38
*** xga has quit IRC16:38
*** yolanda has joined #openstack-dev16:40
*** otherwiseguy has quit IRC16:40
*** bvandenh has quit IRC16:40
*** xga has joined #openstack-dev16:41
*** yolanda has quit IRC16:42
*** hemna has joined #openstack-dev16:43
*** markwash has joined #openstack-dev16:43
*** yolanda has joined #openstack-dev16:43
*** yolanda has quit IRC16:44
*** pberis has quit IRC16:45
*** yolanda has joined #openstack-dev16:45
*** rossella_s has joined #openstack-dev16:47
*** vartom11111111 has joined #openstack-dev16:49
*** reed has joined #openstack-dev16:50
*** yolanda has quit IRC16:53
*** comstud is now known as bearhands16:56
*** zzelle has quit IRC16:56
*** bdpayne has joined #openstack-dev16:57
*** yolanda has joined #openstack-dev16:57
*** lcheng has joined #openstack-dev16:58
*** yolanda has quit IRC16:58
*** yolanda has joined #openstack-dev16:59
*** noslzzp has joined #openstack-dev17:00
*** jnoller has joined #openstack-dev17:01
*** gyee_ has joined #openstack-dev17:02
*** radez is now known as radez_g0n317:04
*** aditirav has quit IRC17:04
*** yolanda has quit IRC17:05
*** herndon has quit IRC17:05
*** otherwiseguy has joined #openstack-dev17:05
*** yolanda has joined #openstack-dev17:07
*** orion195 has quit IRC17:08
*** herndon has joined #openstack-dev17:08
*** bnemec is now known as beekneemech17:09
*** ffio_ has quit IRC17:10
*** nmagnezi has quit IRC17:12
*** yolanda has quit IRC17:12
*** evgenyf has joined #openstack-dev17:13
*** mlavalle has joined #openstack-dev17:13
*** yolanda has joined #openstack-dev17:13
*** yolanda has quit IRC17:14
*** mindpixel has quit IRC17:14
*** rcleere has joined #openstack-dev17:16
*** jecarey has joined #openstack-dev17:16
*** MaxV has quit IRC17:17
*** MaxV has joined #openstack-dev17:17
*** SumitNaiksatam has quit IRC17:18
*** ygbo has quit IRC17:20
*** MaxV has quit IRC17:22
*** eglynn-lunch is now known as eglynn17:23
*** gyee_ has quit IRC17:23
*** flaper87 is now known as flaper87|afk17:24
*** vartom11111111 has quit IRC17:25
*** mikeoutl_ has quit IRC17:25
*** terrylhowe has joined #openstack-dev17:28
*** derekh has quit IRC17:29
*** moted has quit IRC17:29
*** moted has joined #openstack-dev17:30
*** gyee_ has joined #openstack-dev17:30
*** yolanda has joined #openstack-dev17:32
*** Drankis has joined #openstack-dev17:32
*** yolanda has quit IRC17:33
*** jpich has quit IRC17:34
*** krotscheck has joined #openstack-dev17:34
*** CaptTofu has joined #openstack-dev17:34
*** xga has quit IRC17:34
*** SumitNaiksatam has joined #openstack-dev17:34
*** xga_ has joined #openstack-dev17:35
*** CaptTofu_ has joined #openstack-dev17:35
*** xarses has quit IRC17:36
*** kgriffs is now known as kgriffs_afk17:38
*** harlowja_away is now known as harlowja17:38
*** CaptTofu has quit IRC17:39
*** jnoller has quit IRC17:41
*** fbo is now known as fbo_away17:42
*** Underbyte has quit IRC17:42
*** ruhe has joined #openstack-dev17:46
*** rtheis has joined #openstack-dev17:46
*** xga_ has quit IRC17:47
*** angdraug has joined #openstack-dev17:47
*** jdurgin1 has joined #openstack-dev17:48
*** carlp has quit IRC17:50
*** mkollaro has quit IRC17:51
*** akrivoka has quit IRC17:53
*** dave_tucker_zzz has joined #openstack-dev17:53
*** dave_tucker_zzz is now known as dave_tucker17:53
*** dave_tucker is now known as dave_tucker_zzz17:54
*** jistr has quit IRC17:55
*** ruhe is now known as _ruhe17:57
*** hemna has quit IRC17:57
*** ndipanov has quit IRC17:57
*** amcrn has joined #openstack-dev17:58
*** markmcclain has quit IRC17:59
*** pballand has quit IRC18:02
*** Andrewsd has joined #openstack-dev18:03
AndrewsdHelloo18:03
AndrewsdI need some help...I have deployed openstack havana with devstack18:03
AndrewsdI want to ping an Instance from host machine18:04
AndrewsdI only get : Destination host unreachable18:04
*** hemna has joined #openstack-dev18:04
*** bknudson has quit IRC18:05
Andrewsdany ideea what I should u?18:06
Andrewsddo18:06
*** bknudson has joined #openstack-dev18:06
*** yolanda has joined #openstack-dev18:06
*** novel1 has quit IRC18:08
*** yolanda has quit IRC18:08
*** yolanda has joined #openstack-dev18:09
*** yolanda has quit IRC18:10
*** yolanda has joined #openstack-dev18:10
*** yolanda has quit IRC18:11
*** yolanda has joined #openstack-dev18:12
*** yolanda has quit IRC18:12
*** _ruhe is now known as ruhe18:13
*** yolanda has joined #openstack-dev18:13
*** xarses has joined #openstack-dev18:14
*** prad has joined #openstack-dev18:14
*** yolanda has joined #openstack-dev18:15
*** yolanda has quit IRC18:16
*** yolanda has joined #openstack-dev18:17
*** thedodd has quit IRC18:20
*** negronjl_ has joined #openstack-dev18:20
thingeeayoung: ping18:21
*** eglynn has quit IRC18:21
*** negronjl_ has quit IRC18:22
*** rushiagr has joined #openstack-dev18:22
ayoungthingee, whats up?18:22
*** negronjl_ has joined #openstack-dev18:23
*** negronjl has quit IRC18:23
thingeeayoung: I'm trying to call add_user_to_project. I was kind of assuming I could call this method directly from an assignment backend like kvs, but it seems it only comes from the manager class. I'm not sure how the two work together.18:24
ayoungyou should always call the manager,18:24
ayoungthe maanger is the abstract base class, so to speak18:24
thingeeok, and the manager just knows based on the assignment driver?18:24
thingeeopt18:24
ayoungyeah18:25
ayoungsee keystone/common/manager.py18:25
thingeeok, thanks!18:25
*** kbringard has quit IRC18:25
*** dvarga is now known as dvarga|away18:26
*** dvarga|away is now known as dvarga18:26
*** negronjl_ has quit IRC18:26
*** rwsu has quit IRC18:28
*** ruhe is now known as _ruhe18:28
*** chandankumar has quit IRC18:28
*** evgenyf has quit IRC18:28
*** negronjl has joined #openstack-dev18:28
ayounghttp://www.openssl.org/news/secadv_hack.txt18:28
*** ykhodork has joined #openstack-dev18:29
*** johnthetubaguy1 has quit IRC18:30
bknudsonayoung: sneaky!18:30
*** mlavalle has quit IRC18:31
*** buzztroll has quit IRC18:32
*** _ruhe is now known as ruhe18:33
*** Rissmann has joined #openstack-dev18:37
*** yolanda has joined #openstack-dev18:37
*** kevinconway has quit IRC18:38
*** jruzicka has quit IRC18:40
*** yolanda has quit IRC18:40
*** yolanda has joined #openstack-dev18:40
*** Rissmann has quit IRC18:42
Andrewsdcan someone help me out...i can't understand why I can't ping an instance18:42
*** jruzicka has joined #openstack-dev18:42
*** yolanda has quit IRC18:42
*** yolanda has joined #openstack-dev18:43
*** markmcclain has joined #openstack-dev18:43
*** yolanda has quit IRC18:43
*** jasdeepH has joined #openstack-dev18:43
*** yolanda has joined #openstack-dev18:44
*** rossella_s has quit IRC18:44
*** garyk has quit IRC18:45
*** kevinconway has joined #openstack-dev18:45
*** yolanda has quit IRC18:51
*** yolanda has joined #openstack-dev18:51
*** yolanda has quit IRC18:52
*** zzelle has joined #openstack-dev18:54
*** thedodd has joined #openstack-dev18:55
*** dstanek has quit IRC18:58
*** herndon has quit IRC19:00
*** MaxV has joined #openstack-dev19:00
*** evgenyf has joined #openstack-dev19:00
*** JonnyNomad has quit IRC19:01
*** gyee_ has quit IRC19:02
*** dstanek has joined #openstack-dev19:02
*** herndon has joined #openstack-dev19:03
*** rushiagr has quit IRC19:05
*** Andrewsd has quit IRC19:07
*** MaxV has quit IRC19:09
*** ykhodork has quit IRC19:13
*** galstrom_zzz is now known as galstrom19:14
*** xarses has quit IRC19:14
*** sushils has quit IRC19:15
*** rongze has quit IRC19:15
*** arosen has joined #openstack-dev19:15
*** rongze has joined #openstack-dev19:16
*** negronjl has quit IRC19:16
*** xarses has joined #openstack-dev19:16
*** galstrom is now known as galstrom_zzz19:17
*** JonnyNomad has joined #openstack-dev19:18
*** negronjl has joined #openstack-dev19:18
*** jruzicka has quit IRC19:18
*** galstrom_zzz is now known as galstrom19:18
*** jruzicka has joined #openstack-dev19:19
*** rongze has quit IRC19:20
*** negronjl has quit IRC19:21
*** negronjl has joined #openstack-dev19:22
*** evgenyf has quit IRC19:22
*** giulivo has quit IRC19:24
*** jgrimm has joined #openstack-dev19:25
*** jtomasek has quit IRC19:27
*** mlavalle has joined #openstack-dev19:28
*** xarses has quit IRC19:29
*** beisner has joined #openstack-dev19:29
terrylhoweAndrewsd security group rules maybe?19:29
*** xarses has joined #openstack-dev19:29
*** salv-orlando_ has joined #openstack-dev19:30
*** jasdeepH has quit IRC19:31
*** buzztroll has joined #openstack-dev19:33
*** salv-orlando has quit IRC19:34
*** salv-orlando_ is now known as salv-orlando19:34
*** Drankis has quit IRC19:34
*** chandankumar has joined #openstack-dev19:35
*** CaptTofu_ has quit IRC19:35
*** galstrom is now known as galstrom_zzz19:36
*** dstanek has quit IRC19:38
*** spzala has quit IRC19:39
*** marios has quit IRC19:41
*** devoid has joined #openstack-dev19:41
*** marios has joined #openstack-dev19:41
*** devoid has left #openstack-dev19:41
*** rwsu has joined #openstack-dev19:41
*** dstanek has joined #openstack-dev19:41
*** evgenyf has joined #openstack-dev19:42
*** xga has joined #openstack-dev19:43
*** doug_shelley66 has quit IRC19:45
*** colinmcnamara has quit IRC19:45
*** doug_shelley66 has joined #openstack-dev19:46
morganfainbergbknudson, massive rebase in.19:46
*** colinmcnamara has joined #openstack-dev19:47
*** dstanek has quit IRC19:47
*** xga has quit IRC19:47
*** noslzzp has quit IRC19:48
*** buzztroll has quit IRC19:55
*** buzztroll has joined #openstack-dev19:55
thingeeayoung: my assignment driver is a union of assignment drivers. so CONF.assignment_driver is multiple drivers (kvs, sql). With the keystone.assignment.Manager looking at CONF.assignment_driver I end up with a really bad recursion. Besides cfg.set_override for loading each manager for each assignment driver, what would you recommend?19:58
ayoungWhiskey19:58
thingeethat was last night19:58
thingeealthough willet will be opened tonight19:58
ayoung CONF.assignment_driver  should be your union driver.19:59
thingeeyup19:59
ayoungwhere is the recursion?19:59
*** vipul is now known as vipul-away20:00
ayoungyou need to load the unionized drivers directly...and I am guessing that id->union_driver->[dirvers]->identity is the problem?20:00
thingeeso for example add_user_to_project is going to call the first backend manager, and if that fails try the second backend manager. I need to load those managers ahead of time. But I can't just ask for the keystone.assignment.Manager() because that's the union assignment driver.20:01
ayoungah...no...and you want the logic from the manager...ugh20:01
ayoungadd_user_to_project is a wrpaaer around opther calls20:01
ayoungassign_role_to_user_in project20:01
ayoungthat is what you really need to have call each other, not the semantic sugar call20:02
morganfainbergthingee does it really need the logic from the manager or could you use a proxy driver that calls in sequence to the actual backend - e.g. raise a known error then make the same call to the other driver if needed?20:02
morganfainbergso it works like manager -> proxy driver -> [driver1, if error, driver2]20:03
thingeeI was just having the union assignment driver talk to each backends assignment manager because I thought that's where things should be called instead of directly from the assignment driver, from earlier question with ayoung.20:04
morganfainbergthe manager logic typically doesn't care what the backend does. my thought was that since you don't care about the backend logic at the manager level, it would be a "smart-ish" driver.20:05
ayoungthingee, yeah, I didn't realize that you had the union thing going on...so add_user_to_project  should remain unchanged, but the fallback logic should be in the driver specific function20:05
ayounghttps://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L21920:06
*** vipul-away is now known as vipul20:07
thingeeayoung: got it20:07
*** novel1 has joined #openstack-dev20:08
*** lucasagomes has quit IRC20:08
*** flaper87|afk is now known as flaper8720:08
ayoungmorganfainberg, all your patches depend on each other...is that intentional, or are you just getting sick of rebasing?20:12
*** ArxCruz has quit IRC20:14
*** spzala has joined #openstack-dev20:15
*** rongze has joined #openstack-dev20:16
*** agntdrake has joined #openstack-dev20:17
*** evgenyf has quit IRC20:19
*** radez_g0n3 is now known as radez20:20
thingeemorganfainberg, ayoung: I wrote this up real quick, but this is the hack I'm hitting with not being able to get instances of each backend manager http://paste.openstack.org/show/5997820:20
thingeeI know there has to be a better way :)20:20
thingee*catches up*20:20
*** vipul is now known as vipul-away20:23
*** rongze has quit IRC20:23
*** hartbot has quit IRC20:25
thingeemorganfainberg: right, it falls back onto the second driver.20:25
*** chandankumar has quit IRC20:26
asadoughidhellmann: looks like new pypi version of cliff broke python-neutronclient UT, currently debugging..20:28
*** jsavak has joined #openstack-dev20:29
thingeemorganfainberg: oh you were suggesting that. The example I gave was kind of along those lines. I'm just not sure how I can get an instance of a manager with the correct backend driver loaded. overriding conf settings seems to be a way since assignment.Manager__init__() is checking CONF.assignment_driver..but it's hacky.20:31
thingeebb lunch20:31
*** joesavak has quit IRC20:31
*** joesavak has joined #openstack-dev20:35
dhellmannasadoughi: ack, have a link to a failing test?20:35
asadoughidhellmann: http://logs.openstack.org/30/62130/4/check/gate-python-neutronclient-python27/6b6fc56/console.html20:35
*** rods has quit IRC20:35
asadoughidhellmann: from Jenkins on my review https://review.openstack.org/#/c/62130/20:35
*** hartsocks has joined #openstack-dev20:36
*** zaitcev has joined #openstack-dev20:36
*** dvarga is now known as dvarga|away20:38
*** dvarga|away is now known as dvarga20:38
*** jsavak has quit IRC20:38
ayoungthingee, makes sense. I mean, do it as an array and iterate through each pone...and not on the add_user_top_orject call but rather the one we discussed, and I think you have the right general idea.  You planing on submitting that?20:39
*** radix_ has joined #openstack-dev20:39
*** kbringard has joined #openstack-dev20:41
*** kbringard has quit IRC20:41
*** vipul-away is now known as vipul20:42
*** otherwiseguy has quit IRC20:42
*** sushils has joined #openstack-dev20:44
dhellmannasadoughi: what is the client trying to do there? why is it trying to load its own formatters?20:45
asadoughidhellmann: my guess is as good as yours20:47
*** carl_baldwin has quit IRC20:47
asadoughi(was just trying to make my jenkins job green for the review)20:47
*** sarob has joined #openstack-dev20:49
*** tdruiva has quit IRC20:50
dhellmannasadoughi: ok :-)20:50
terrylhoweseems like should just make prettytable 0.7 required and dump that20:50
*** nermina has joined #openstack-dev20:50
asadoughidhellmann: git-blame points to e901c5f Add custom TableFormater for keep same empty list behavior as prettytable 0.620:50
dhellmannasadoughi: yeah, found https://bugs.launchpad.net/python-neutronclient/+bug/116596220:53
*** yolanda has joined #openstack-dev20:53
*** buzztroll has quit IRC20:56
*** ozialien_ has joined #openstack-dev20:57
*** melwitt has joined #openstack-dev20:58
*** vipul is now known as vipul-away20:59
asadoughidhellmann: ok, well looks like python-neutronclient doesn't depend on prettytable anymore, just cliff, so if i just revert the code from the commit i mentioned, it looks green21:00
*** melwitt1 has joined #openstack-dev21:00
*** jprovazn_afk has quit IRC21:02
*** vipul-away is now known as vipul21:02
dhellmannasadoughi: yeah, that looks like it would fix it, but I don't understand the rationale for the change in the first place -- the output format changed, but I'm not sure what the compatibility requirements are for that part of the client21:03
*** melwitt has quit IRC21:03
*** xarses has quit IRC21:05
*** vipul is now known as vipul-away21:08
*** vipul-away is now known as vipul21:08
dhellmannasadoughi: https://review.openstack.org/#/c/64909/21:09
*** yolanda has quit IRC21:09
*** jasondotstar has quit IRC21:09
*** yolanda has joined #openstack-dev21:10
morganfainbergayoung, mostly intentional21:10
*** yolanda has quit IRC21:10
ayoungmorganfainberg, I'll try to stay on that thread....need those in21:10
morganfainbergthe re-worked business logic ones?21:11
morganfainbergthose shouldn't affect KVS21:11
*** yolanda has joined #openstack-dev21:11
morganfainbergwow jenkins hates me today21:11
thingeeayoung: oh, you would be interested in a union driver idea in core?21:11
ayoungthingee, no idea...sure, why not?21:12
morganfainbergayoung, the reworked business logic patches really would be one change if it wasn't a PITA to review21:12
morganfainbergi split them up as logically as possible.21:12
ayoungmorganfainberg, I'm just afraid of hte length of our review queue21:12
ayoung75+ in Keystone alone21:12
morganfainbergayoung, yeah i know.21:12
thingeeayoung: Oh was just not sure what you meant by planning to submit that. That's just kind of the general thing I've been doing internally21:12
ayoungnot counting client, etc...and I am supposed to start looking at Barbican21:12
morganfainbergayoung, i'll be doing reviews instead of new code this weekend methinks.21:12
ayoungI need to knock out revocations...but keep getting sucked into reviews21:13
ayoungmorganfainberg, ++21:13
*** krotscheck_ has joined #openstack-dev21:14
bknudsonmorganfainberg: got a minute?21:14
*** krotscheck_ has quit IRC21:14
*** yolanda has quit IRC21:16
morganfainbergbknudson, sure21:16
morganfainbergbknudson, always have some time for ya21:16
bknudsonmorganfainberg: you've worked on next-review a bit...21:17
morganfainbergbknudson, yes, i have. i need to use it more.21:17
morganfainberg;)21:17
bknudsonmorganfainberg: you think it could be integrated with reviewday -- https://review.openstack.org/#/c/64471/21:17
bknudson?21:17
morganfainbergnot familiar with reviewday21:17
* morganfainberg looks21:17
*** yolanda has joined #openstack-dev21:17
bknudsonmorganfainberg: it's this page http://status.openstack.org/reviews/21:18
morganfainbergooh21:18
morganfainbergoh thats cool21:18
bknudsonthe change I submitted makes it so that there'll be a JSON version of that data.21:18
bknudsonreviewday calculates a score for all the reviews21:18
bknudsonso could automatically prioritize21:18
morganfainbergdude, thats awesome21:19
morganfainbergi... dig that21:19
*** rongze has joined #openstack-dev21:19
bknudsonso that your important changes related to blueprint would be prioritized above my test cleanups.21:19
*** xarses has joined #openstack-dev21:19
morganfainbergso your thought would be to make nextreview pull from reviewday data?21:19
bknudsonmorganfainberg: anyways, I would have to talk to lawyers before I could change next-review21:19
morganfainbergor optionally at least?21:19
ayoung"Your branch is behind 'origin/master' by 74 commits, and can be fast-forwarded."  Dang21:20
bknudsonmorganfainberg: yes, I was thinking next-review could use the score to suggest that next.21:20
*** jruzicka has quit IRC21:20
morganfainbergbknudson, there should be no reason why it couldn't easily pull from a difference source of data.21:20
bknudsonmorganfainberg: if you know next-review well enough to determine if the json there works then that would be helpful.21:21
morganfainbergbknudson, let me take a look, i think it would be a different code path though, since my _guess_ is the gerrit data is a bit divergent (which is what is currently used)21:21
morganfainbergdivergent from the reviewday json that is21:21
ayoung"talk to the lawyers"  Bah!21:21
thingeeayoung: would it make sense to have keystone.assignment.core.Manager.__init__(self, assignment_driver=None) and if None continue normal behavior? I might also just be totally missing the correct way to do this.21:21
thingeehttps://github.com/openstack/keystone/blob/stable/havana/keystone/assignment/core.py#L5521:22
asadoughiasadoughi: cool, reviewed it. pushed https://review.openstack.org/#/c/6491021:22
asadoughioops dhellman: ^21:22
ayoungthingee, I dpn't think so...relucatnat to say for certainty one way or the other without thinking deeply21:22
morganfainbergbknudson, but my guess is it wouldn't be hard to make some minor changes to support either bit of data.21:22
ayoungbut really don't want to break things for the LDAP folks out there21:22
thingeeayoung: the proposed idea would continue normal behavior for those not passing anything to Manager. I think ldap folks would be fine?21:23
ayoungBut really, you just want to explicitly define the assignment driver in config, and then let the existing mechanism resolve it.  Your problem, I am guessing, is that you need to then config the other two drivers?21:23
dhellmannasadoughi: updated, thanks21:23
*** rongze has quit IRC21:23
thingeeit just introduces the interface you get from keystone.common.manager.Manager21:23
morganfainbergayoung, i think we need to make a change that forces a configuration choice in an up-coming release rather than a side effect, but that would be what, K if we changed that now?21:23
*** rfolco has quit IRC21:24
ayoungthingee, it feels wrong.  You should not be explcitly calling that function21:24
ayoungmorganfainberg, Juno could have it.  We just need to warn people it is coming21:24
morganfainbergayoung, hm. *scribbles not for a log.warning patch sometime after I-2*21:24
morganfainbergbknudson, i'll let you know monday what i find about next-review?  if it's silly easy i might write it or an example of it to leverage reviewday21:25
bknudsonmorganfainberg: awesome!21:25
*** yolanda has quit IRC21:25
bknudsonmorganfainberg: having a +1 on there saying that the JSON is what you want might help.21:26
thingeeayoung: ok, so the problem I'm hitting through is if set assignment_driver to be the union driver. Once it hits anything with self.driver.some_method...it's just going to go back to the union_driver, then back to the manager, then back the union_driver21:26
bknudsonhttps://review.openstack.org/#/c/64471/21:26
thingeehttps://github.com/openstack/keystone/blob/stable/havana/keystone/assignment/core.py#L21621:26
morganfainbergbknudson, will mark that and look at is as well.21:26
thingeeI was suggesting the interace change to avoid have to override conf to load each instance. It just seemed wrong too.21:26
bknudsonmorganfainberg: maybe it would be better to have "project-name": { "--url--": { "score": "35" } }21:26
morganfainbergsince i'm going to circle back for reviews bit later on21:26
morganfainbergbknudson, that would probably be better21:27
morganfainberghm. no21:27
bknudsonmorganfainberg: also, seems like score should be a number.21:27
morganfainbergscore should be an int (or float)21:27
morganfainbergbut url can be an element of the dictionary w/o too much headache i think21:27
ayoungthingee, the union driver needs to short circuit those calls.  Never have the union driver forward on, except to safe underlying calls21:28
morganfainberglet me look at gerrit's json21:28
ayoungso add_role_to_userand project....21:28
morganfainbergbknudson, i think we should mirror that implementation if it make url the key or just as part of the object as an element21:28
ayoungah...you need to work from tip of tree21:28
ayoungwe broke the dependency that is messing you up21:28
*** herndon has quit IRC21:28
bknudsonmorganfainberg: reviewday also gets the gerrit JSON data and enhances it... maybe there's a better way to generate the JSON rather than trying to make it like the HTML21:29
morganfainbergbknudson, ++21:29
ayoungdamit, no we didn't21:29
ayounghttps://github.com/openstack/keystone/blob/master/keystone/assignment/backends/sql.py#L298  is going away in some review...21:30
bknudsonI'm just not familiar with the template engine they use... Cheetah21:30
morganfainbergayoung, https://review.openstack.org/#/c/54647/21:30
morganfainbergbknudson, yeah also cheetah iirc is pretty dead.21:30
morganfainbergas in not maintained21:30
ayoungthingee, bknudson ^^21:30
bknudsonayoung: sorry, that one's hung up on me getting the tempest change in.21:31
ayoungbknudson, no need to apologize..you arecleaning up my mess.  I appreciate that.21:31
bknudsonI'm easily distracted.21:31
ayoungthingee, try rebasing on top of ^^21:31
ayoungor just commenting out that check:  there is no reason to go to the identity driver.21:31
*** rods has joined #openstack-dev21:32
morganfainbergayoung, thingee, yeah just for testing it, comment that check out.21:33
morganfainbergthingee, or even in your tree.  we will def. have that fix in for Icehouse.21:33
*** buzztroll has joined #openstack-dev21:33
*** herndon has joined #openstack-dev21:33
morganfainbergayoung, is the HMAC/encrypt code relevant for your revocations stuff (in KVS)?21:34
morganfainbergayoung, I want to know so I can prioritise the memcache token backend stuff or the new encrypt kvs stuff.21:34
morganfainbergi think they'll be about the same amount of work.21:35
ayoungmorganfainberg, I don't think it is....why would revocations depend on HMAC?21:36
*** mikeoutland has joined #openstack-dev21:36
morganfainbergayoung, i wasn't sure if you were planning on imlpementing/using that in the KVS backend21:36
morganfainbergayoung, it's why I was asking.21:36
ayoungNope...should not need it21:36
morganfainbergayoung, i'll therefore work on finishing up the memcache conversion and the non-expiry keys stuff once i get the in-mem kvs patch working w/ the trust change21:37
ayoung++21:37
morganfainbergayoung, trying to make sure i don't block ya somehow.21:37
*** otherwiseguy has joined #openstack-dev21:37
morganfainbergfwiw, i think icehouse is getting a ton of needed cleanup in keystone :)21:38
*** cpallares has quit IRC21:39
morganfainbergerm.  swap keystone and icehouse in that sentence21:39
*** dprince has quit IRC21:41
*** dvarga has quit IRC21:41
*** giulivo has joined #openstack-dev21:44
*** rods has quit IRC21:46
*** factor has joined #openstack-dev21:50
*** kgriffs_afk is now known as kgriffs21:53
*** jsavak has joined #openstack-dev21:53
*** lsmola_ has quit IRC21:55
*** akrivoka has joined #openstack-dev21:55
*** vipul is now known as vipul-away21:56
*** vipul-away is now known as vipul21:56
*** joesavak has quit IRC21:57
*** danielbruno has quit IRC22:03
*** rods has joined #openstack-dev22:04
*** comay has quit IRC22:04
*** beagles has quit IRC22:04
*** ozialien_ has quit IRC22:04
*** ozialien has joined #openstack-dev22:05
*** nati_ueno has quit IRC22:05
*** vartom11111111 has joined #openstack-dev22:07
*** nati_ueno has joined #openstack-dev22:08
*** xarses has quit IRC22:09
*** xarses_ has joined #openstack-dev22:09
*** SergeyLukjanov has joined #openstack-dev22:10
*** mikeoutl_ has joined #openstack-dev22:10
*** mikeoutland has quit IRC22:10
*** sgordon has quit IRC22:12
*** ozialien has quit IRC22:12
*** sarob has quit IRC22:15
*** sarob has joined #openstack-dev22:16
*** mikeoutl_ has quit IRC22:17
*** prad has quit IRC22:17
*** neelashah has quit IRC22:17
*** mikeoutland has joined #openstack-dev22:18
*** erkrnt has joined #openstack-dev22:18
*** pcm_ has quit IRC22:19
*** vladikr has quit IRC22:19
*** rongze has joined #openstack-dev22:20
*** sarob has quit IRC22:20
*** jergerber has joined #openstack-dev22:20
*** vartom11111112 has joined #openstack-dev22:21
*** vartom11111111 has quit IRC22:22
*** nati_ueno has quit IRC22:22
*** SumitNaiksatam has quit IRC22:24
*** rtheis has quit IRC22:25
*** rongze has quit IRC22:25
*** mikeoutland has quit IRC22:26
*** mikeoutland has joined #openstack-dev22:26
sdaguettx: https://review.openstack.org/#/c/64891/ this is proposed because of oslo.rootwrap, but I'm not clear how oslo.rootwrap would trigger that22:27
*** dave_tucker_zzz is now known as dave_tucker22:30
*** jergerber has quit IRC22:34
*** eharney has quit IRC22:35
*** mriedem has quit IRC22:35
*** vipul is now known as vipul-away22:35
*** vipul-away is now known as vipul22:36
*** jobewan has quit IRC22:37
*** factor has quit IRC22:40
*** factor has joined #openstack-dev22:45
*** sarob has joined #openstack-dev22:46
*** burt has quit IRC22:46
*** mfer has quit IRC22:47
*** buzztroll has quit IRC22:49
*** Makdaam is now known as MMMM22:52
*** MMMM is now known as Makdaam22:52
*** Makdaam has quit IRC22:52
*** Makdaam has joined #openstack-dev22:52
*** Makdaam has joined #openstack-dev22:52
*** buzztrol_ has joined #openstack-dev22:54
*** dirk has quit IRC22:54
*** sarob has quit IRC22:57
*** kevinconway has quit IRC22:59
*** dvarga has joined #openstack-dev23:02
*** dvarga has quit IRC23:02
jgriffithdhellmann: ping23:06
*** nati_ueno has joined #openstack-dev23:07
*** dbalog has left #openstack-dev23:08
*** mikeoutland has quit IRC23:11
*** salv-orlando has quit IRC23:14
*** salv-orlando has joined #openstack-dev23:14
*** flaper87 is now known as flaper87|afk23:15
*** thedodd has quit IRC23:16
*** peristeri has quit IRC23:16
*** hartsocks has quit IRC23:18
*** galstrom_zzz is now known as galstrom23:19
*** rongze has joined #openstack-dev23:20
*** jsavak has quit IRC23:20
*** thedodd has joined #openstack-dev23:21
*** vijendar has quit IRC23:22
*** galstrom is now known as galstrom_zzz23:23
*** giulivo has quit IRC23:24
*** rongze has quit IRC23:25
*** SergeyLukjanov has quit IRC23:26
*** vartom11111113 has joined #openstack-dev23:26
*** sushils has quit IRC23:28
*** vartom11111112 has quit IRC23:28
*** vartom11111114 has joined #openstack-dev23:29
*** arosen has quit IRC23:29
*** vipul is now known as vipul-away23:30
*** vipul-away is now known as vipul23:30
*** vartom11111113 has quit IRC23:31
*** devoid has joined #openstack-dev23:32
*** mkollaro has joined #openstack-dev23:32
*** rcleere has quit IRC23:33
*** erkrnt has quit IRC23:33
*** erkrnt has joined #openstack-dev23:33
*** thedodd has quit IRC23:35
*** devoid has quit IRC23:35
*** devoid has joined #openstack-dev23:35
*** jmontemayor has quit IRC23:36
*** dstanek has joined #openstack-dev23:37
*** zz_ewindisch is now known as ewindisch23:40
*** nermina has quit IRC23:43
*** ruhe is now known as _ruhe23:44
*** ewindisch is now known as zz_ewindisch23:45
*** factor has quit IRC23:46
*** vipul is now known as vipul-away23:46
*** zz_ewindisch is now known as ewindisch23:49
*** ewindisch is now known as zz_ewindisch23:53
*** rnirmal has quit IRC23:54
*** nelsnelson has quit IRC23:56
*** dimsum has quit IRC23:57
*** jecarey has quit IRC23:57
*** buzztrol_ has quit IRC23:58
« Thursday, 2014-01-02 Index Saturday, 2014-01-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!