Monday, 2014-06-30

*** openstack has joined #openstack-keystone13:49
-dickson.freenode.net- [freenode-info] if you're at a conference and other people are having trouble connecting, please mention it to staff: http://freenode.net/faq.shtml#gettinghelp13:49
*** openstackgerrit has joined #openstack-keystone13:49
*** leseb has joined #openstack-keystone13:50
*** jdennis has quit IRC13:51
*** vhoward- has joined #openstack-keystone13:51
*** leseb has quit IRC13:54
*** henrynash has quit IRC13:58
*** leseb has joined #openstack-keystone14:03
*** joesavak has joined #openstack-keystone14:04
*** rwsu has joined #openstack-keystone14:16
*** topol has joined #openstack-keystone14:22
*** jsavak has joined #openstack-keystone14:23
*** radez is now known as radez_g0n314:24
*** hrybacki_ has joined #openstack-keystone14:26
*** radez_g0n3 is now known as radez14:27
*** joesavak has quit IRC14:27
*** hrybacki has quit IRC14:29
*** leseb has quit IRC14:30
*** hrybacki_ has quit IRC14:30
*** hrybacki has joined #openstack-keystone14:30
*** leseb has joined #openstack-keystone14:31
*** diegows has quit IRC14:33
*** leseb has quit IRC14:35
*** diegows has joined #openstack-keystone14:45
*** henrynash has joined #openstack-keystone14:51
*** zhiyan is now known as zhiyan_14:55
*** zhiyan_ is now known as zhiyan14:56
*** jdennis has joined #openstack-keystone14:57
*** Mikalv is now known as meeh214:57
*** zhiyan is now known as zhiyan_14:59
*** thedodd has joined #openstack-keystone15:00
*** jgriffit1 is now known as jgriffith15:06
*** elmiko has quit IRC15:07
*** mitz- has quit IRC15:07
*** mitz has joined #openstack-keystone15:07
*** hrybacki has quit IRC15:08
*** diegows has quit IRC15:09
*** hrybacki has joined #openstack-keystone15:12
*** hrybacki has quit IRC15:15
*** hrybacki_ has joined #openstack-keystone15:15
*** mitz has quit IRC15:15
*** mitz has joined #openstack-keystone15:16
*** chandan_kumar has quit IRC15:18
*** david-lyle has joined #openstack-keystone15:18
*** erecio has quit IRC15:22
*** andreaf_ has quit IRC15:23
*** rodrigods has quit IRC15:23
*** htruta has quit IRC15:30
*** htruta has joined #openstack-keystone15:30
*** joesavak has joined #openstack-keystone15:30
*** diegows has joined #openstack-keystone15:31
*** leseb has joined #openstack-keystone15:31
*** jsavak has quit IRC15:33
*** achampio1 has joined #openstack-keystone15:35
*** leseb has quit IRC15:36
*** achampion has quit IRC15:37
openstackgerritHarry Rybacki proposed a change to openstack/python-keystoneclient: Add tests without optional create endpoint params  https://review.openstack.org/10322915:39
*** leseb has joined #openstack-keystone15:48
*** hrybacki_ is now known as hrybacki15:48
*** gyee has joined #openstack-keystone15:52
*** chandan_kumar has joined #openstack-keystone15:59
*** meeh2 is now known as Meeh15:59
*** praneshp has joined #openstack-keystone16:00
*** thedodd has quit IRC16:00
*** BAKfr has quit IRC16:04
*** stevemar has joined #openstack-keystone16:06
*** praneshp has quit IRC16:07
*** thedodd has joined #openstack-keystone16:09
*** erecio has joined #openstack-keystone16:11
*** praneshp has joined #openstack-keystone16:13
openstackgerritMarek Denis proposed a change to openstack/python-keystoneclient: Add CRUD operations for Federated Protocols.  https://review.openstack.org/8382916:14
marekdstevemar: ^^ this should make you happy16:15
*** doddstack has joined #openstack-keystone16:15
*** thedodd has quit IRC16:15
stevemarmarekd, i was *just* going to -1 it for failing pep8 and docs :(16:16
marekdi think docs rules have changed as i had to change docstrings and they didn't happen to fail.16:17
marekdlet's wait for jenkins16:17
marekdstevemar: regarding your tests with Tivoli16:18
stevemarmarekd, ProtocolManager.create:5: ERROR: Unexpected indentation16:18
stevemarmarekd, line 65, i think it'll fail16:19
marekdletme try again locally.16:19
stevemarmarekd, regarding my TFIM test, send me comments through email, I actually have today and tomorrow off, and have to run 10 different errants :)16:21
stevemarerrands*16:21
marekdyou are off and online? get the hell out of here....:-)16:22
*** doddstack has quit IRC16:23
*** thedodd has joined #openstack-keystone16:24
bknudsonmust be canada day16:24
stevemarmarekd, yay docs is passing16:27
marekdbknudson, dolphm: o/ For the k2k bp we will want to use existing identity_providers api, but this time they will be more than just an entry (and on/off switch). For starter we might need something like public keys. What's the best way to work on that -simply propose changes to identity-api or it needs to be versioned somehow (as current api doesn't really include such parameters)16:27
stevemarbknudson technically it's tomorrow, today is a floater day :)16:27
marekdstevemar: yep, you probaby ran old version.16:27
stevemarwhich is why i want to get a bunch of errands done today!16:27
*** marcoemorais has joined #openstack-keystone16:30
*** andreaf_ has joined #openstack-keystone16:30
*** morganfainberg_Z is now known as morganfainberg16:30
*** jimbaker` is now known as jimbaker16:31
*** stevemar has quit IRC16:32
openstackgerrithenry-nash proposed a change to openstack/keystone: Add identity mapping capability  https://review.openstack.org/10243016:35
morganfainberggyee, ping16:37
*** leseb has quit IRC16:37
*** leseb has joined #openstack-keystone16:38
gyeemorgainfainberg, g'mornin16:38
morganfainberggyee, how goes?16:38
gyeetrying to get the x.509 cert auth code in a reviewable state, plus the internal stuff as aways :)16:39
morganfainberggyee, do you have anything close to master that simiulates a real workload?16:39
morganfainberggyee, s/close to/works with close to/16:39
morganfainberggyee, trying to see if https://review.openstack.org/#/c/103304/ makes sense to persue16:40
morganfainberggyee, but the tempest tests alone are... not good "benchmarks"16:40
gyeemorganfainberg, we use load runner internally16:40
*** achampion has joined #openstack-keystone16:40
*** andreaf_ has quit IRC16:41
morganfainberggyee, i'd love to see if that change made a real difference under real workloads16:41
gyeeI don't think LoadRunner is open source though16:41
*** leseb has quit IRC16:42
morganfainberggyee, doesn't need to be used externally, just "is this helping us/others", "does this change make a real difference" type check16:42
morganfainberggyee, if so, i am willing to work on that stuff.16:42
*** achampio1 has quit IRC16:42
morganfainbergbut i don't have anything but tempest and a gut feeling at the moment ;)16:42
gyeemorganfainberg, ah, let me introduce you to the perf team to see what they can do16:43
morganfainberggyee, ++ cool16:43
*** dstanek is now known as dstanek_zzz16:46
*** miqui has quit IRC16:46
*** daneyon has joined #openstack-keystone16:47
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Remove deprecated token_api.list_tokens  https://review.openstack.org/10341716:49
*** daneyon has quit IRC16:50
*** daneyon has joined #openstack-keystone16:50
*** jaosorior has quit IRC16:52
dolphmmarekd: extensions aren't really versioned, so you can just propose backwards compatible changes to the extension and go16:52
dolphmmarekd: IIRC, pub keys were part of one of the early proposals, but we cut them since we weren't going to use them with shib -- worth digging that back up instead of starting from scratch :)16:53
*** nsquare has quit IRC16:57
morganfainbergdolphm, bknudson, Re: https://review.openstack.org/#/c/97059/10/keystone/trust/backends/sql.py the break/vs a sleep/yield on line 117, should I do an explicit sleep(0) to yield for eventlet purposes?16:59
morganfainbergdolphm, bknudson, vs a tight loop of attempts16:59
*** jaosorior has joined #openstack-keystone16:59
dolphmmorganfainberg: oh yuck... reading...17:00
morganfainbergdolphm, specifical regarding mike bayer's comment about sleep.17:00
lbragstadmorganfainberg: do you have a list of other things similar to this? https://bugs.launchpad.net/keystone/+bug/1334408 testing improvements that is?17:01
uvirtbotLaunchpad bug 1334408 in keystone "test_backend classes not always run in the test_backend_* module" [Low,Triaged]17:01
morganfainberglbragstad, it's mostly test_backend is a dumping ground17:02
morganfainberglbragstad, but dstanek_zzz has a lot of thoughts on it17:02
lbragstadmorganfainberg: ok, think we could tag those bugs with something?17:03
morganfainberglbragstad, if we breakup test_backend, we might se better luck (breakdown into identity, assignment, token, etc)17:03
morganfainberglbragstad, sure! we should create a tag for it!17:03
morganfainberg:)17:03
lbragstadtest-improvment?17:03
lbragstadtesting-improvement?17:03
*** achampio1 has joined #openstack-keystone17:03
dolphmmorganfainberg: regarding your comment, we landed the workers patch recently17:04
morganfainberglbragstad, test-improvement sounds good.17:04
lbragstadmorganfainberg: cool, I'll start applying that to the ones I see17:04
dolphmmorganfainberg: regarding an extra sleep, the loop will yield on each db call anyway, so i'm not sure what benefit the extra sleep will produce?17:04
*** hrybacki has quit IRC17:04
morganfainbergdolphm, oh eventlet yields on db calls?17:05
morganfainbergdolphm, i thought that ended up being blocking due to socket io17:05
morganfainbergdolphm, if we yield anyway, no reason to sleep(0)17:05
*** esp has left #openstack-keystone17:05
dolphmmorganfainberg: hmm, i might be wrong. *googling*17:05
dolphmmorganfainberg: (i think you're right though)17:06
morganfainbergdolphm, yeah */me wants eventlet in keystone to die... but knows it wont happen anytime soon*17:06
*** achampion has quit IRC17:06
morganfainbergdolphm, i would be happy to be wrong about it ;)17:06
morganfainbergdolphm, http://eventlet.net/doc/modules/db_pool.html the fact that there is a class for DBConnection makes me think it's something explicit that needs to be done17:07
dolphmmorganfainberg: nova uses that...17:09
dolphmmorganfainberg: or did; so i assume oslo.db does...17:10
morganfainbergdolphm, hmm. should go look. *goes to look*17:12
dolphmmorganfainberg: i can't find anything17:12
morganfainbergdolphm, hmm.17:12
morganfainbergit doesn't hurt us to sleep(0)17:13
morganfainbergi'll add it in and circle up with mike bayer and oslo.db folks to figure out the "right" approach here17:13
morganfainberglong term17:13
*** hrybacki has joined #openstack-keystone17:14
dolphmmorganfainberg: ++17:14
*** gokrokve has joined #openstack-keystone17:15
*** vhoward- has left #openstack-keystone17:16
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Remove `with_lockmode` use from Trust SQL backend.  https://review.openstack.org/9705917:16
*** harlowja has joined #openstack-keystone17:17
hrybackiall, once a change gets +2'd in Gerrit what is the process behind it actually getting merged into master?17:17
hrybackiit being the change17:18
morganfainbergdolphm, if there are folks at rax that are capable of running "real world" tests against close to master keystone, https://review.openstack.org/#/c/103304/ same comment i made to gyee17:18
morganfainbergdolphm, i'm happy to pursue these types of improvement,s but tempest and a gut feeling aren't enough to spend a lot of time on it.17:19
morganfainbergdolphm, it looks promising, looks like it has potential17:19
morganfainbergdolphm, but i am wary of this type of restructuring without some outside opinions on benefit17:19
dolphmmorganfainberg: we've never done profile, but we have run benchmarks. last time they were updated though was ~havana17:20
dolphmmorganfainberg: it was public, somewhere17:20
morganfainberg*nod*17:20
*** rodrigods has joined #openstack-keystone17:21
*** nsquare has joined #openstack-keystone17:22
bknudsonwe've got rally now17:22
bknudsonhrybacki: somebody with the correct authority needs to workflow +1 it.17:23
hrybackibknudson++ thank you!17:23
hrybackimorganfainberg, dolphm: I'm interested in working on https://bugs.launchpad.net/keystone/+bug/1224273 but I'm not really sure the best way to go about getting started. Thoughts?17:26
uvirtbotLaunchpad bug 1224273 in keystone "Need a test to verify token's do not get data creep" [Medium,Triaged]17:26
morganfainberghrybacki, you may want to wait until we get the non-persistent token stuff in17:27
morganfainberghrybacki, i'm working on restructuring the token code, it's ... a long path17:27
morganfainberghrybacki, you're welcome to help! :) but i always assumed that validating the v2 token isn't getitng more data is not super important, and how we store the data + validation needs to be looked to make that really possible with v317:28
hrybackimorganfainberg: okay, that's why I ask :) Any other bugs you'd recommend looking into? Maybe ones that won't be changing in the near future?17:28
*** miqui has joined #openstack-keystone17:29
morganfainberghrybacki, hm. if you want easier / smaller bugs give me a moment17:29
hrybackimorganfainberg++17:29
hrybackimorganfainberg: no need to work on things that might become moot17:29
dolphmhrybacki: lbragstad is working on jsonschema validation for several parts of the API (there's a spec up on the topic); a fix for that bug would be an extension of that work17:31
morganfainbergdolphm, hrybacki ++17:31
dolphmhrybacki: https://github.com/openstack/keystone-specs/blob/master/specs/juno/keystone-api-validation.rst17:31
hrybackireviewing17:32
hrybackithis was the first thing I looked at a month ago17:33
morganfainberghrybacki, this is good bug https://bugs.launchpad.net/keystone/+bug/1262360 to work on, probably a lot to do, but fixing that kind of stuff is important as well.17:33
hrybackiit seems to have evolved a bit since then17:33
uvirtbotLaunchpad bug 1262360 in keystone "Unable to delete domain if user from other domain was added" [Medium,Triaged]17:33
*** kwss has quit IRC17:38
marekddolphm: i will do so, thanks!17:39
morganfainberghrybacki, a lot of the medium bugs often can be validated to be a bug and be worked on. not sure how far you want to dive into any one of them. but if you're interested in bug smashing [vs. feature work], a lot of those are def. useful to solve.17:40
*** tkelsey_ has quit IRC17:40
hrybackimorganfainberg: nods -- need side work to do while ayoung, jamielennox, and I push the keystoneclient integration into the component clients17:41
hrybackimorganfainberg: just never really sure how to get started with these bugs. So. Much. Code.17:41
morganfainberghrybacki, feel free to ask me anytime if you want some direction17:42
hrybackimorganfainberg++17:42
morganfainberghrybacki, i'm happy to try and point you in the right direction17:42
morganfainbergthe one i linked above should be pretty easy to test. and might actually already been solved ( bug 1262360 )17:42
uvirtbotLaunchpad bug 1262360 in keystone "Unable to delete domain if user from other domain was added" [Medium,Triaged] https://launchpad.net/bugs/126236017:42
hrybackimorganfainberg: trying to recreate that one right now via the cli17:43
morganfainberghrybacki, you might need to use curl (needs v3)17:43
morganfainberghrybacki, since you're doing cross-domain work17:43
* hrybacki scratches head17:43
morganfainberghrybacki, the CLI for keystone (afaik) does v2 keystone api17:44
morganfainberghttp://docs.openstack.org/developer/keystone/api_curl_examples.html or using the python interface of keystoneclient would let you do v317:44
morganfainberghrybacki, but you'll need a user in one domain given a grant to a project in another domain17:45
hrybackimorganfainberg: is a python script likely the most simple way to set up that environment?17:45
morganfainberghrybacki, either python using the v3 managers in keystoneclient or curl directly17:46
morganfainberghrybacki, i would probably try python first :)17:46
hrybacki++17:47
lbragstadhrybacki: I remember running into that same situation, I asked bknudson if he had a TODO list :)17:52
bknudsonI have a monster todo list17:53
* lbragstad is scared by bknudson's todo list17:53
bknudson"Updates to http://docs.openstack.org/developer/python-keystoneclient/middlewarearchitecture.html now that middleware is moved out." is an easy one17:53
bknudsonthere's probably a keystone version of that, too.17:53
lbragstad++ I remember seeing a bunch of those types of todos when I sifted through it17:54
bknudson"Seems like federation extension always indicates that it's available even when not in the pipeline?"17:54
bknudson"Create a test fixture for auth_token middleware, see this http://lists.openstack.org/pipermail/openstack-dev/2014-May/036427.html"17:54
lbragstadbknudson: you had investigation topics too didn't you?17:54
lbragstad"investigation"*17:54
*** erecio has quit IRC17:54
morganfainbergso close, https://review.openstack.org/#/c/102326/17:55
bknudsonsure, like "Look into moving keystone's wsgi application stuff to oslo -- we shouldn't have to support this."17:55
lbragstadhrybacki: ^ ++17:55
bknudson"Look at eventlet backdoor_port"17:55
hrybackiso, middleware was pulled out of keystoneclient?17:55
morganfainbergbknudson, once that merges ^ we will be able to start doing full coverage tests of middleware once we release17:55
*** erecio has joined #openstack-keystone17:55
morganfainbergbknudson, eventlet... back door?17:55
hrybackilbragstad: ??17:55
morganfainberghrybacki, https://git.openstack.org/cgit/openstack/keystonemiddleware17:56
bknudsonhrybacki: the middleware in keystoneclient will only get security changes17:56
morganfainberghrybacki, has not received a release yet, but very soon17:56
bknudsonso that's what the middleware docs should say now17:56
bknudsonI mean that's what keystoneclient docs should say now17:56
*** daneyon has quit IRC17:56
lbragstadhrybacki: investigating things like "Look into moving keystone's wsgi application stuff to oslo -- we shouldn't have to support this." are good because they give you nice exposure to the code17:57
* morganfainberg needs to convince someone to help write a README for the middleware :P17:57
bknudson"Document to start keystone-all listening on IPv6, set bind_host = ::"17:57
lbragstadbknudson: want an etherpad?17:57
lbragstad;p17:57
bknudsonanyway whenever I've got something to look at I just put it in a doc.17:57
bknudsonI don't want to keep track of it in 2 places.17:57
hrybackiwhy did we refactor middleware out of the client? If there are docs for this I'll read those :P17:58
hrybackitoo big?17:58
bknudsonthere's a spec17:58
*** thedodd has quit IRC17:59
morganfainberghrybacki, https://github.com/openstack/keystone-specs/blob/master/specs/keystonemiddleware/split-middleware-repo.rst18:00
hrybackimorganfainberg++ reading it now -- this is quite a change18:00
hrybackiwhen is that being released?18:02
dolphmmorganfainberg: good question ^ :)18:03
morganfainberghrybacki, "Very Soon Now"™.18:03
hrybackilol18:03
morganfainbergdolphm, hrybacki, need this to land https://review.openstack.org/#/c/102326/18:04
morganfainbergdolphm, hrybacki, and we need to see if we *want* anything else included before we do 1.0.0 release18:04
morganfainbergdolphm, maybe brant's 2-ish reviews.18:04
morganfainbergwe _might_ want some stub of a README :P18:05
bknudsonI don't want anything merged in middleware until it's being used as is18:05
dolphmmorganfainberg: i'd prefer a 1.0.0 release to be identical to what was in keystoneclient's last release18:05
hrybackimorganfainberg: is there anything I can do to help before the 1.0.0 release?18:05
hrybackiI'm a free hand until Thursday18:05
dolphmmorganfainberg: ooh, i'll tackle a readme18:05
morganfainbergdolphm, ok so Readme i think would be nice and that patch ^^ needs to land18:05
morganfainbergdolphm, otherwise we *cant* really test it well18:06
bknudsonI'd also like to see the sessions support and v3 support18:06
bknudsonmy changes aren't adding anything new but I'd expect it will make adding revocation event support easier.18:07
morganfainbergbknudson, *nod*18:09
dolphmbknudson: ack, but not for 1.0.0 :-/ i'd like to make it a zero-risk transition18:09
morganfainbergi think session is a big enough refactor to warrant getting it as a second release (1.1.0)18:09
*** daneyon has joined #openstack-keystone18:09
morganfainbergmostly so we get adoption of the new package, risk is a valid point as well18:10
bknudsondolphm: making 1.0.0 the same as current middleware works for me.18:10
*** daneyon has quit IRC18:10
*** achampion has joined #openstack-keystone18:11
*** daneyon has joined #openstack-keystone18:11
bknudsonif there's any new commits I guess you could just tag the current one18:11
*** achampio1 has quit IRC18:13
*** bobt has joined #openstack-keystone18:20
*** andreaf_ has joined #openstack-keystone18:20
*** andreaf_ has quit IRC18:23
*** andreaf_ has joined #openstack-keystone18:23
morganfainbergdolphm, https://bugs.launchpad.net/keystonemiddleware/+bug/1333948 if you didn't see it18:23
uvirtbotLaunchpad bug 1333948 in keystonemiddleware "Keystone Middleware needs a README" [Wishlist,Triaged]18:23
*** thedodd has joined #openstack-keystone18:25
*** daneyon has quit IRC18:25
*** andreaf_ has quit IRC18:26
*** andreaf_ has joined #openstack-keystone18:27
morganfainbergok i need to go get now... lunch instead of breakfast. be back in a bit18:30
hrybackimorganfainberg: running a devstack install against 102326 btw18:31
morganfainberghrybacki, cool18:32
lbragstadmorganfainberg: took a quick stab at tagging some of the test improvement bugs we have: https://bugs.launchpad.net/keystone/+bugs?field.tag=test-improvement if you see anything I missed let me know18:50
*** raildo has joined #openstack-keystone18:50
*** andreaf has quit IRC18:51
*** andreaf has joined #openstack-keystone18:52
dolphmmorganfainberg: thanks18:53
openstackgerrithenry-nash proposed a change to openstack/keystone: Add identity mapping capability  https://review.openstack.org/10243018:55
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not use keystone's config for nova's port  https://review.openstack.org/10320418:58
*** mrda-away is now known as mrda18:58
*** ukalifon has quit IRC18:58
*** hrybacki has quit IRC19:01
openstackgerritDolph Mathews proposed a change to openstack/keystonemiddleware: add README  https://review.openstack.org/10362819:05
*** dims has quit IRC19:08
openstackgerritDolph Mathews proposed a change to openstack/keystonemiddleware: add CONTRIBUTING.rst  https://review.openstack.org/10363119:08
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not use keystone's config for nova's port  https://review.openstack.org/10320419:12
morganfainbergdolphm, maybe FreeNode information in the readme?19:14
morganfainbergdolphm, *shrug* not really important though the LP page has the info19:14
dolphmmorganfainberg: that's exactly why i referred to keystone at the end19:15
morganfainbergdolphm, ++19:15
dolphmmorganfainberg: should i tweak the text pointing to keystone somehow?19:15
morganfainbergeh19:15
morganfainbergnah.19:15
morganfainbergkeep it simple :)19:15
*** nsquare has quit IRC19:19
*** jaosorior has quit IRC19:22
*** navid has joined #openstack-keystone19:25
openstackgerritDolph Mathews proposed a change to openstack/python-keystoneclient: use embedded URLs for hyperlinks in the README  https://review.openstack.org/10363619:25
*** stevemar4 has joined #openstack-keystone19:33
stevemar4morganfainberg can you get eyes on bug 1335731, it's breaking identity-api builds i think (ref: https://review.openstack.org/#/c/90121/)19:34
uvirtbotLaunchpad bug 1335731 in openstack-api-site "dox-publish build fails to build for identity-api" [Undecided,New] https://launchpad.net/bugs/133573119:34
*** hrybacki has joined #openstack-keystone19:34
morganfainbergstevemar4, wow super shady today19:36
morganfainbergstevemar4, you should get a ZNC bouncer.19:36
stevemar4morganfainberg haha, i'll admit that i'm being super shady today19:37
morganfainbergthis looks like something we need the docs folks on?19:37
stevemar4morganfainberg yep19:38
stevemar4morganfainberg i don't know where they reside :(19:38
morganfainbergstevemar4, -dev maybe? -infra?19:38
morganfainbergstevemar4, i don't see annegentle in any of the channels, though i might be blind19:39
*** daneyon has joined #openstack-keystone19:39
stevemar4morganfainberg meh, i'll sort it out tomorr19:40
stevemar4w19:40
*** stevemar4 has quit IRC19:40
*** topol has quit IRC19:43
*** chandan_kumar has quit IRC19:52
*** nsquare has joined #openstack-keystone19:52
*** dims has joined #openstack-keystone19:56
*** nkinder_ has quit IRC20:13
*** elmiko has joined #openstack-keystone20:21
*** dstanek_zzz is now known as dstanek20:22
*** fifieldt has quit IRC20:25
*** fifieldt has joined #openstack-keystone20:26
*** nkinder_ has joined #openstack-keystone20:30
*** elmiko is now known as _elmiko20:47
mfischbknudson: ping20:49
mfischbknudson: lets discuss LDAP here20:49
bknudsonmfisch: what's up?20:50
mfischbknudson: IIRC that flag gets set by the python ldap client and sent to the server20:50
mfischbknudson: at least that was my understanding, then the server is free to do with it what it will20:50
mfischbut maybe thats not accurate20:51
mfischif its all coming from the library then the text is wrong20:51
bknudsonI hope that clients can't tell the server to generate all sorts of logs20:52
mfischthat would not make much sense would it20:52
mfischI guess I misinterpreted what I read wrong, there must also be a server side debug option that the admin could set20:53
mfischotherwise it would be a debug DOS attack since its rather chatty20:53
*** bobt has quit IRC20:54
bknudsonmfisch: are there docs that say it's sent to the server?20:54
mfischbknudson: not that I have, its not well documented but I never read that20:54
bknudsonmfisch: Sets/gets the debug level of the client library. -- http://www.openldap.org/software//man.cgi?query=ldap_get_option&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release20:56
mfischbknudson: that settles it then, thanks20:56
openstackgerritA change was merged to openstack/keystone: Fix test for get_*_by_name invalidation  https://review.openstack.org/10341921:01
*** radez is now known as radez_g0n321:01
*** rodrigods has quit IRC21:15
*** doddstack has joined #openstack-keystone21:24
*** nkinder_ has quit IRC21:24
*** thedodd has quit IRC21:25
*** radez_g0` has joined #openstack-keystone21:28
*** erecio has quit IRC21:30
*** lbragstad_ has joined #openstack-keystone21:31
*** clayg has left #openstack-keystone21:34
*** radez_g0n3 has quit IRC21:34
*** raildo has quit IRC21:34
*** lbragstad has quit IRC21:34
*** csd has quit IRC21:35
*** Daviey has quit IRC21:35
*** csd has joined #openstack-keystone21:36
*** Daviey has joined #openstack-keystone21:39
*** hrybacki has quit IRC21:44
*** raildo has joined #openstack-keystone21:48
*** shuffleb1t is now known as shufflebot21:49
*** shufflebot has quit IRC21:49
*** shufflebot has joined #openstack-keystone21:49
*** rodrigods has joined #openstack-keystone21:51
*** andreaf_ has quit IRC21:56
*** jamielennox is now known as jamielennox|away21:56
*** dims has quit IRC22:00
*** marcoemorais has quit IRC22:03
*** marcoemorais has joined #openstack-keystone22:03
*** joesavak has quit IRC22:05
*** rodrigods has quit IRC22:06
*** henrynash has quit IRC22:10
openstackgerritBob Thyne proposed a change to openstack/keystone-specs: Propose Specification for Endpoint Group Filter  https://review.openstack.org/10202322:24
*** marcoemorais has quit IRC22:30
*** nkinder_ has joined #openstack-keystone22:30
*** marcoemorais has joined #openstack-keystone22:30
*** marcoemorais has quit IRC22:31
openstackgerritDavid Stanek proposed a change to openstack/keystone: remove default=None for config options  https://review.openstack.org/9648022:31
*** marcoemorais has joined #openstack-keystone22:31
openstackgerritBob Thyne proposed a change to openstack/keystone-specs: Propose Specification for Endpoint Group Filter  https://review.openstack.org/10202322:32
*** marcoemorais has quit IRC22:33
*** marcoemorais has joined #openstack-keystone22:34
*** rodrigods has joined #openstack-keystone22:35
*** topol has joined #openstack-keystone22:37
marekdA question: what do we use for signing PKI tokens in OpenStack? Some stdlib from Python, 3rd party library? I wanted to see how much we can reuse for the k2k bp.22:42
*** doddstack has quit IRC22:43
marekdlooks like https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/common/cms.py is the answer to my own question.22:46
*** marcoemorais has quit IRC22:48
*** marcoemorais has joined #openstack-keystone22:48
*** topol has quit IRC22:49
morganfainbergbknudson, ping22:51
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Do not use keystone's config for nova's port  https://review.openstack.org/10320422:55
*** marekd is now known as marekd|away22:59
*** rodrigods has quit IRC23:09
*** rodrigods has joined #openstack-keystone23:13
*** hrybacki has joined #openstack-keystone23:14
*** joesavak has joined #openstack-keystone23:17
*** openstackgerrit has quit IRC23:19
*** openstackgerrit has joined #openstack-keystone23:20
*** zhiyan_ is now known as zhiyan23:26
*** dims_ has joined #openstack-keystone23:27
*** zhiyan is now known as zhiyan_23:27
bknudsonmorganfainberg: what's up?23:28
*** jamielennox|away is now known as jamielennox23:28
*** zhiyan_ is now known as zhiyan23:29
*** zhiyan is now known as zhiyan_23:30
*** oomichi has joined #openstack-keystone23:31
*** dims_ has quit IRC23:32
bknudsonmorganfainberg: I tried clearing out my pip cache and I get the same result23:34
morganfainbergbknudson, this is really weird23:34
morganfainbergbknudson, i'm curious why yours ends up being 'keystone', that seems very wrong23:35
morganfainbergfor a hostname, that is23:35
morganfainbergbknudson, silly question, do you have anything in your hosts file?23:35
morganfainbergmaybe setting 127.0.0.1 to 'keystone' ?23:36
bknudson127.0.0.1       localhost f1-ds23:36
*** david-lyle has quit IRC23:36
bknudsonoslo.messaging==1.3.023:36
* morganfainberg is baffled23:36
bknudsonwhat version do you have?23:36
bknudsonoslo.config==1.4.0.0a123:36
bknudsonI wonder how I got that.23:37
morganfainbergbknudson, oslo.messaging==1.3.023:37
morganfainbergoslo.config==1.3.023:37
*** dims_ has joined #openstack-keystone23:37
bknudsonI was looking at the wrong vent23:39
bknudsonvenv23:39
morganfainbergah23:39
bknudsonthat just has oslo.config 1.3.0, so no help there.23:39
morganfainbergvery odd then23:41
bknudsonsomething replaces the cert_subject localhost with keystone??23:42
morganfainbergyeah.23:42
morganfainbergthis is making me weirded out23:42
morganfainbergbknudson, https://github.com/openstack/keystone/blob/master/keystone/openstack/common/config/generator.py#L23923:44
*** joesavak has quit IRC23:44
morganfainberghttps://github.com/openstack/keystone/blob/master/keystone/openstack/common/config/generator.py#L24423:44
bknudson>>> socket.getfqdn()23:45
bknudson'localhost'23:45
morganfainberg>>> socket.getfqdn()23:46
morganfainberg'5.30.16.172.in-addr.arpa'23:46
bknudson5? impressive23:46
morganfainbergwtf.23:46
morganfainbergin-addr.arpa23:46
morganfainbergyes my machine's ip is 172.16.30.523:47
bknudsonok, I changed the order in /etc/hosts and now getfqdn gives me f1-ds23:47
bknudsonmystery solved23:47
morganfainbergah23:47
bknudsonhttp://mm.icann.org/pipermail/ianatransition/2014/000838.html23:48
*** marcoemorais has quit IRC23:49
*** marcoemorais has joined #openstack-keystone23:50
*** marcoemorais has quit IRC23:50
morganfainbergbknudson, *blink*23:50
*** marcoemorais has joined #openstack-keystone23:50
morganfainbergbknudson, no really, where do people come up with this?23:52
bknudsonI don't know if it's real23:52
morganfainbergi think i've read it 5 times23:53
*** henrynash has joined #openstack-keystone23:53
morganfainbergand .. *blink*23:53
*** topol has joined #openstack-keystone23:53
*** topol has quit IRC23:57
*** topol has joined #openstack-keystone23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!