Friday, 2014-09-26

*** bknudson has quit IRC		00:01
*** oomichi has joined #openstack-keystone		00:03
*** gokrokve has joined #openstack-keystone		00:10
*** marcoemorais has quit IRC		00:12
*** marcoemorais has joined #openstack-keystone		00:12
*** gokrokve has quit IRC		00:13
*** topol has quit IRC		00:17
*** dims has quit IRC		00:20
*** morgan_remote_ has quit IRC		00:20
*** dims has joined #openstack-keystone		00:21
*** richm has quit IRC		00:24
*** dims has quit IRC		00:25
*** andreaf has quit IRC		00:26
*** andreaf has joined #openstack-keystone		00:26
*** gokrokve has joined #openstack-keystone		00:44
*** cjellick has quit IRC		00:44
*** gokrokve has quit IRC		00:45
*** gokrokve has joined #openstack-keystone		00:45
*** cjellick has joined #openstack-keystone		00:46
*** cjellick has quit IRC		00:46
*** ncoghlan has joined #openstack-keystone		00:52
*** _cjones_ has quit IRC		00:55
*** _cjones_ has joined #openstack-keystone		00:56
*** _cjones_ has quit IRC		01:00
*** dims has joined #openstack-keystone		01:07
*** dims_ has joined #openstack-keystone		01:09
*** alex_xu has quit IRC		01:11
*** dims has quit IRC		01:13
*** marcoemorais has quit IRC		01:14
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: Tests raise exception if logging problem https://review.openstack.org/119946	01:15
openstackgerrit	Brant Knudson proposed a change to openstack/keystone: sys.exit mock cleanup https://review.openstack.org/124240	01:15
ayoung	boltR, I was off today, should have shut down my IRC client, but...	01:27
ayoung	yes, you have it right.	01:27
*** alex_xu has joined #openstack-keystone		01:30
*** junhongl has quit IRC		01:36
*** junhongl has joined #openstack-keystone		01:36
openstackgerrit	Nathan Kinder proposed a change to openstack/identity-api: Correct response status for HEAD requests https://review.openstack.org/124243	01:39
openstackgerrit	Nathan Kinder proposed a change to openstack/keystone: Add expected status for all HEAD requests in tests https://review.openstack.org/124244	01:44
*** HenryG has joined #openstack-keystone		01:49
*** andreaf has quit IRC		01:52
*** r-daneel has quit IRC		01:56
*** diegows has quit IRC		02:02
*** zzzeek has quit IRC		02:10
*** packet has joined #openstack-keystone		02:23
*** packet has quit IRC		02:23
*** packet has joined #openstack-keystone		02:23
*** morgan_remote_ has joined #openstack-keystone		02:26
morgan_remote_	ayoung: nice token constraint description.	02:26
*** gokrokve has quit IRC		02:33
*** KanagarajM has joined #openstack-keystone		02:37
*** harlowja is now known as harlowja_away		02:38
*** marcoemorais has joined #openstack-keystone		02:43
*** marcoemorais1 has joined #openstack-keystone		02:45
*** amcrn has quit IRC		02:47
*** wanghong has quit IRC		02:48
*** marcoemorais has quit IRC		02:48
*** _cjones_ has joined #openstack-keystone		02:54
*** ncoghlan is now known as ncoghlan_afk		02:55
*** wanghong has joined #openstack-keystone		02:59
*** ncoghlan_afk is now known as ncoghlan		03:04
*** KanagarajM has quit IRC		03:05
*** KanagarajM has joined #openstack-keystone		03:05
*** dims_ has quit IRC		03:11
*** packet has quit IRC		03:11
*** gyee has quit IRC		03:24
*** KanagarajM has quit IRC		03:24
*** KanagarajM has joined #openstack-keystone		03:25
openstackgerrit	OpenStack Proposal Bot proposed a change to openstack/keystone: Updated from global requirements https://review.openstack.org/124259	03:54
*** zhiyan has quit IRC		03:54
*** zhiyan has joined #openstack-keystone		03:57
*** dims has joined #openstack-keystone		04:12
*** dims has quit IRC		04:17
*** arborism has joined #openstack-keystone		04:25
*** KanagarajM has quit IRC		04:49
*** KanagarajM has joined #openstack-keystone		04:52
stevemar	we should use `git review --no-rebase` when the dependent change is in the gate right?	04:54
morganfainberg	stevemar, yes	04:54
morganfainberg	stevemar, or -R	04:54
stevemar	thanks morganfainberg	04:54
morganfainberg	np	04:55
morganfainberg	literally just got back from OpenStack LA meetup too :P	04:55
stevemar	just double checking... it's been a while since i actually cared about something not getting bumped out	04:55
stevemar	howd that go?	04:55
morganfainberg	was a good meetup	04:55
morganfainberg	VXLAN talk	04:55
morganfainberg	stevemar, slloooowly slooooowly we're having things make their way through the gate.	04:56
*** gokrokve has joined #openstack-keystone		04:59
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Use openstackclient examples in configuration documentation https://review.openstack.org/124270	05:00
*** morgan_remote_ has quit IRC		05:00
stevemar	morganfainberg, got a quick q for you, style question	05:03
morganfainberg	stevemar, quick answer for you.	05:04
morganfainberg	42	05:04
stevemar	morganfainberg, if i were to show keystoneclient examples here too: http://docs-draft.openstack.org/95/124095/1/check/gate-keystone-docs/2a219d8/doc/build/html/cli_examples.html	05:04
stevemar	should I put it at the end or the docs, "like here's a quick summary in ksc CLI"	05:04
stevemar	or inline?	05:04
morganfainberg	i would make it a separate section unless you completely rewrite to to say "this document will explain the osc method and then the ksc method for accomplishing tasks"	05:05
*** KanagarajM has quit IRC		05:05
morganfainberg	so you'd have OSC - projects - project create	05:06
morganfainberg	for example	05:06
morganfainberg	and KSC - projects - project create	05:06
stevemar	do you have a preference for either?	05:06
*** ncoghlan is now known as ncoghlan_afk		05:06
morganfainberg	not really	05:06
stevemar	morganfainberg, I was thinking under example, to just put: "Here is the equivalent command in KSC": blah	05:09
stevemar	but the problem with that is, it may take different parameters	05:09
morganfainberg	it might be cleanest to make it separate sections	05:10
stevemar	yeah, a bit redundant, but yeah	05:10
*** arborism has quit IRC		05:10
*** KanagarajM has joined #openstack-keystone		05:13
*** _cjones_ has quit IRC		05:16
*** _cjones_ has joined #openstack-keystone		05:17
*** KanagarajM has quit IRC		05:18
*** fifieldt has joined #openstack-keystone		05:21
*** _cjones_ has quit IRC		05:21
*** _cjones_ has joined #openstack-keystone		05:22
*** ncoghlan_afk is now known as ncoghlan		05:24
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Update the CLI examples to use openstackclient https://review.openstack.org/124095	05:25
*** ajayaa has joined #openstack-keystone		05:26
*** KanagarajM has joined #openstack-keystone		05:31
stevemar	morganfainberg, i realllllly love the new project-config repo	05:33
stevemar	it's so much less daunting now!	05:33
morganfainberg	right?!	05:33
morganfainberg	ok i'm gonna go lie down	05:33
morganfainberg	ugh. tirred	05:33
morganfainberg	stevemar, also https://review.openstack.org/#/c/124243/	05:34
*** ncoghlan is now known as ncoghlan_afk		05:34
*** amcrn has joined #openstack-keystone		05:37
*** vdreamarkitex has quit IRC		05:37
*** gokrokve_ has joined #openstack-keystone		05:40
*** rushiagr_away is now known as rushiagr		05:41
*** KanagarajM has quit IRC		05:42
*** gokrokve has quit IRC		05:43
*** gokrokve_ has quit IRC		05:45
stevemar	ugh! gate restarted :(	05:45
stevemar	morganfainberg, at least we're near the top	05:45
*** afazekas has joined #openstack-keystone		05:48
stevemar	morganfainberg, i -1'ed the keystone code	05:49
*** KanagarajM has joined #openstack-keystone		05:50
*** ajayaa has quit IRC		05:56
openstackgerrit	OpenStack Proposal Bot proposed a change to openstack/keystone: Imported Translations from Transifex https://review.openstack.org/123941	06:05
*** ncoghlan_afk is now known as ncoghlan		06:11
*** gokrokve has joined #openstack-keystone		06:15
*** ajayaa has joined #openstack-keystone		06:16
*** gokrokve has quit IRC		06:20
*** stevemar has quit IRC		06:26
*** uvirtbot has quit IRC		06:28
*** swartulv has quit IRC		06:29
*** KanagarajM has quit IRC		06:29
*** swartulv has joined #openstack-keystone		06:30
*** k4n0 has joined #openstack-keystone		06:37
*** uvirtbot has joined #openstack-keystone		06:43
*** lufix has joined #openstack-keystone		06:49
openstackgerrit	A change was merged to openstack/keystone: Adding an index on token.user_id and token.trust_id https://review.openstack.org/102041	06:53
*** dims has joined #openstack-keystone		07:02
viklund	I'm planning on using linotp for 2-factor auth. And I'd like hear if my approach is sound.	07:02
viklund	We're using a LDAP backend to keystone and my idea was to overide the authenticate method to not only try to auth against ldap	07:03
viklund	but after a successful auth (or before) send the OTP to linotp	07:03
viklund	I can't decide on whether I should make a new backend that inherits everything from the current LDAP and just implements the extra auth-logic	07:04
viklund	or if I should just make a small patch against the current ldap backend.	07:05
*** dims has quit IRC		07:07
*** jaosorior has joined #openstack-keystone		07:08
*** marekd\|away is now known as marekd		07:08
*** BAKfr has joined #openstack-keystone		07:10
*** f13o has quit IRC		07:12
*** boris-42 has quit IRC		07:15
*** swartulv has quit IRC		07:15
*** gokrokve has joined #openstack-keystone		07:16
*** swartulv has joined #openstack-keystone		07:17
*** marcoemorais1 has quit IRC		07:19
*** gokrokve has quit IRC		07:21
*** alex_xu has quit IRC		07:30
*** alex_xu has joined #openstack-keystone		07:37
*** _cjones_ has quit IRC		07:54
*** _cjones_ has joined #openstack-keystone		07:54
*** ukalifon has joined #openstack-keystone		07:55
openstackgerrit	A change was merged to openstack/keystone: Fix failure of delete domain group grant when identity is LDAP. https://review.openstack.org/123585	07:57
*** amerine has quit IRC		07:58
*** _cjones_ has quit IRC		07:59
*** bdossant_ has quit IRC		08:01
*** bdossant has joined #openstack-keystone		08:01
*** ncoghlan has quit IRC		08:08
*** oomichi has quit IRC		08:11
openstackgerrit	A change was merged to openstack/keystone: Clean up the Configuration documentation https://review.openstack.org/123960	08:13
openstackgerrit	A change was merged to openstack/keystone: New section for CLI examples in docs https://review.openstack.org/123969	08:13
openstackgerrit	A change was merged to openstack/keystone: Update architecture documentation https://review.openstack.org/123938	08:13
*** gokrokve has joined #openstack-keystone		08:15
*** gokrokve has quit IRC		08:17
*** gokrokve has joined #openstack-keystone		08:17
*** gokrokve has quit IRC		08:21
*** ajayaa has quit IRC		08:21
*** f13o has joined #openstack-keystone		08:28
*** amcrn has quit IRC		08:32
*** ajayaa has joined #openstack-keystone		08:34
*** jamiec has joined #openstack-keystone		08:45
*** dvorak has quit IRC		08:47
*** KanagarajM has joined #openstack-keystone		08:47
*** aix has joined #openstack-keystone		08:49
*** dvorak has joined #openstack-keystone		08:50
*** Dafna has joined #openstack-keystone		09:07
*** lsmola has joined #openstack-keystone		09:15
*** gokrokve has joined #openstack-keystone		09:16
*** gokrokve has quit IRC		09:17
*** gokrokve has joined #openstack-keystone		09:18
*** gokrokve has quit IRC		09:22
*** andreaf has joined #openstack-keystone		09:28
*** KanagarajM has quit IRC		09:50
ekarlso	hey guys, will ksclient requires be bumped to 0.11 ?	10:07
*** gokrokve has joined #openstack-keystone		10:16
*** gokrokve has quit IRC		10:21
*** dims has joined #openstack-keystone		10:37
*** ajayaa has quit IRC		11:12
*** ajayaa has joined #openstack-keystone		11:40
*** k4n0 has quit IRC		11:46
*** diegows has joined #openstack-keystone		11:47
openstackgerrit	Alvaro Lopez Garcia proposed a change to openstack/python-keystoneclient: auth_token: http_connect_timeout should be an int https://review.openstack.org/117213	11:50
openstackgerrit	Alvaro Lopez Garcia proposed a change to openstack/python-keystoneclient: DO NOT MERGE: debug failure for change I201c2dbe48e649ac302406dfff16aa482aa7cea2 https://review.openstack.org/124383	11:56
*** htruta has joined #openstack-keystone		12:10
*** vdreamarkitex has joined #openstack-keystone		12:17
*** radez_g0n3 is now known as radez		12:17
ayoung	morganfainberg, thanks	12:26
openstackgerrit	Ilya Pekelny proposed a change to openstack/keystone: Comparision of database models and migrations. https://review.openstack.org/80630	12:56
*** gordc has joined #openstack-keystone		12:57
*** dims has quit IRC		12:58
*** dims has joined #openstack-keystone		12:59
*** joesavak has joined #openstack-keystone		13:05
*** richm has joined #openstack-keystone		13:12
*** dhellmann_ is now known as dhellmann		13:13
*** gokrokve has joined #openstack-keystone		13:16
*** gokrokve has quit IRC		13:21
openstackgerrit	ayoung proposed a change to openstack/python-keystoneclient-kerberos: kerberos client plugin https://review.openstack.org/123614	13:24
openstackgerrit	Marek Denis proposed a change to openstack/keystone: Set issuer value to CONF.saml.idp_entity_id. https://review.openstack.org/124176	13:25
openstackgerrit	ayoung proposed a change to openstack/python-keystoneclient-kerberos: kerberos client plugin https://review.openstack.org/123614	13:27
*** bdossant_ has joined #openstack-keystone		13:31
*** bdossant has quit IRC		13:34
*** adrienverge has joined #openstack-keystone		13:35
*** ajayaa has quit IRC		13:37
adrienverge	Hi all	13:37
adrienverge	What would be the best way to test if a service exists (e.g. 'volumev2')? Knowing that the requesting user doesn't necessarily have the right to list services in policy.	13:37
*** sigmavirus24_awa is now known as sigmavirus24		13:39
*** rushiagr is now known as rushiagr_away		13:43
*** ajayaa has joined #openstack-keystone		13:43
*** bdossant_ has quit IRC		13:43
*** bdossant has joined #openstack-keystone		13:44
dstanek	adrienverge: so you dont' have a catalog? what information do you have?	13:46
adrienverge	dstanek: I'm calling from Heat, in the Cinder client _create() method. I want to know what volumes services are available ('volume' and/or 'volumev2').	13:49
adrienverge	dstanek: I don't see any way to access the catalog without calling keystone.client.services.list() / find()	13:50
adrienverge	dstanek: Is it stored somewhere in the context?	13:51
*** ajayaa has quit IRC		13:52
dstanek	adrienverge: if you have an instance of HTTPClient it may be in client.service_catalog	13:52
dstanek	adrienverge: i'm sorta guessing by piecing together what i know	13:53
*** zzzeek has joined #openstack-keystone		13:54
adrienverge	dstanek: Thanks, I'll check that	13:58
*** ayoung is now known as ayoung-afk		14:15
*** andreaf has quit IRC		14:16
*** andreaf has joined #openstack-keystone		14:17
*** adrienverge has quit IRC		14:17
*** dims has quit IRC		14:19
*** dims has joined #openstack-keystone		14:21
*** stevemar has joined #openstack-keystone		14:22
*** sigmavirus24 is now known as sigmavirus24_awa		14:24
*** dims has quit IRC		14:25
*** david-lyle has joined #openstack-keystone		14:25
*** andreaf has quit IRC		14:26
*** andreaf has joined #openstack-keystone		14:27
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Use openstackclient examples in configuration documentation https://review.openstack.org/124270	14:27
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Update the CLI examples to use openstackclient https://review.openstack.org/124095	14:27
*** sigmavirus24_awa is now known as sigmavirus24		14:27
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Update the CLI examples to use openstackclient https://review.openstack.org/124095	14:31
stevemar	henrynash, ^	14:32
*** dims has joined #openstack-keystone		14:32
*** dims has quit IRC		14:32
*** adrienverge has joined #openstack-keystone		14:33
*** ukalifon has quit IRC		14:33
*** dims has joined #openstack-keystone		14:33
*** dims has quit IRC		14:34
*** dims has joined #openstack-keystone		14:35
*** dims has quit IRC		14:35
*** zoresvit has joined #openstack-keystone		14:41
*** dims has joined #openstack-keystone		14:42
*** dims has quit IRC		14:42
*** ukalifon has joined #openstack-keystone		14:42
*** dimsum_ has joined #openstack-keystone		14:43
*** dimsum_ has quit IRC		14:43
*** dimsum_ has joined #openstack-keystone		14:45
*** jorge_munoz has joined #openstack-keystone		14:49
lbragstad	bknudson1: you had some comments here that didn't get addressed before the change was merged https://review.openstack.org/#/c/119452/31	14:50
*** vhoward has left #openstack-keystone		14:50
lbragstad	should another patch be pushed to master before attempting to backport that?	14:50
bknudson1	lbragstad: that's pretty common... it takes me a long time to do reviews	14:50
lbragstad	AFAICT, they are valid comments though	14:50
bknudson1	backport?	14:51
bknudson1	to stable/icehouse?	14:51
lbragstad	bknudson1: yes	14:51
lbragstad	it fixed this bug https://bugs.launchpad.net/keystone/+bug/1360446	14:51
uvirtbot	Launchpad bug 1360446 in keystone "client connection leak to memcached under eventlet due to threadlocal" [Medium,Fix committed]	14:51
bknudson1	lbragstad: I haven't been able to make the time to propose the changes myself.	14:53
bknudson1	also, I don't know what the response should be to some of them	14:53
bknudson1	lbragstad: too busy with PSIRTs	14:53
lbragstad	:)	14:54
lbragstad	new hire?	14:54
bknudson1	no, a guy in shanghai... he's not as reliable as we'd hope.	14:55
lbragstad	bknudson1: I can see if I can push something up to master, fixing your comments, and it can be iterated there I guess?	14:55
bknudson1	and they've got several week-long national holidays	14:55
bknudson1	lbragstad: if you've got the time to make the changes, go ahead.	14:57
nkinder_	stevemar: thanks for pointing out that head() checks for 204 in test_v3 already	14:57
nkinder_	stevemar: I totally missed that!	14:57
lbragstad	bknudson1: I have a few minutes right now, I'll see if I can address some of your comments.	14:58
nkinder_	stevemar: I added you to a related API doc change - https://review.openstack.org/#/c/124243/	14:58
stevemar	nkinder_, np! i actually have that open in a browser tab now :)	14:58
openstackgerrit	Julien Danjou proposed a change to openstack/keystonemiddleware: Switch to oslo.utils https://review.openstack.org/124435	15:02
openstackgerrit	Julien Danjou proposed a change to openstack/keystonemiddleware: Switch to oslo.serialization https://review.openstack.org/124436	15:02
*** bdossant has quit IRC		15:02
*** radez is now known as radez_g0n3		15:05
*** adrienverge has quit IRC		15:05
*** _cjones_ has joined #openstack-keystone		15:10
*** gokrokve has joined #openstack-keystone		15:16
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Use openstackclient examples in configuration documentation https://review.openstack.org/124270	15:18
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Update the CLI examples to use openstackclient https://review.openstack.org/124095	15:18
*** thedodd has joined #openstack-keystone		15:19
*** afazekas has quit IRC		15:19
*** gokrokve has quit IRC		15:20
*** anteaya has quit IRC		15:23
dstanek	lbragstad: old-style classes..yuck	15:24
lbragstad	dstanek: :)	15:24
lbragstad	bknudson1: note, I'm not real sure what to do about some of those comments for the doc strings, so I might have to defer those to someone with a little more knowledge on the patch	15:25
bknudson1	lbragstad: so nobody knows how the class is supposed to work?	15:26
lbragstad	bknudson1: about this comment, https://review.openstack.org/#/c/119452/31/keystone/tests/core.py you want this in our common log implementation?	15:26
morganfainberg	mornin	15:26
lbragstad	bknudson1: speak of the devil ^ that's probably the guy we're looking for	15:27
morganfainberg	lbragstad, i don't think that belonds in oslo.	15:27
bknudson1	lbragstad: I think we've got similar code somewehere that affects server.	15:27
morganfainberg	bknudson1,lbragstad, but it is something we can probably override somehow	15:27
dstanek	lbragstad: which comments are you unsure of?	15:27
lbragstad	bknudson1: doing a quick grep and I didn't see it	15:28
lbragstad	dstanek: some of the doc string questions	15:28
lbragstad	https://review.openstack.org/#/c/119452/31/keystone/common/cache/_memcache_pool.py	15:29
bknudson1	lbragstad: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/config.py#n29	15:29
bknudson1	it's called from keystone-all and probably in the wsgi server too	15:30
morganfainberg	bknudson1, a lot of your comments are valid on this and actually should be cleaned up in the next phase which is "make this it's own library" not something we need to carry in keystone	15:30
*** cjellick has joined #openstack-keystone		15:30
dstanek	lbragstad: i'll add some additonal commentary	15:30
morganfainberg	the only reason this is in keystone is because we are beyond dep freeze :(	15:30
bknudson1	morganfainberg: it's shared with middleware?	15:30
morganfainberg	bknudson1, yeah. thats why it needs to be split out	15:31
bknudson1	to... keystoneclient?	15:31
bknudson1	that would be a bad place	15:31
morganfainberg	keystoneclient we didn't port to, we probably should.	15:31
bknudson1	if it needs to be in keystoneclient anyways then could just leave it there	15:31
morganfainberg	no, the idea is it should stand alone something not carrlied by keystone packages	15:31
morganfainberg	since it should be pluggable into dogpile itself (in the case of ekystone)	15:32
morganfainberg	but there is more than just work on the keystone side to get there.	15:32
openstackgerrit	Lance Bragstad proposed a change to openstack/keystone: Address some late comments for memcache clients https://review.openstack.org/124443	15:33
lbragstad	dstanek: ^	15:33
lbragstad	you can iterate over that review	15:33
morganfainberg	also the queue object is weird because in non-eventlet it's an old-style class, and under eventlet it's a new style class :(	15:33
bknudson1	looks like it belongs in dogpile.cache.backends	15:33
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Update the CLI examples to also use openstackclient https://review.openstack.org/124095	15:33
dstanek	lbragstad: you can't use super	15:33
morganfainberg	bknudson1, the idea is dogpile will get configurable pools.	15:33
*** lufix has quit IRC		15:33
openstackgerrit	Nathan Kinder proposed a change to openstack/keystone: Improve documentation of RBAC policy behavior https://review.openstack.org/123862	15:33
morganfainberg	bknudson1, so it'll not be in dogpile directly	15:34
morganfainberg	bknudson1, or if it is it'll be different than dogpile.cache.backends	15:34
* lbragstad brb		15:34
morganfainberg	bknudson1, talked with zzzeek a lot on this and thats the direction we're hoping to take it.	15:34
morganfainberg	bknudson1, zzzeek is the dogpile maintainer :)	15:34
bknudson1	he's busy	15:34
morganfainberg	yep	15:34
*** gokrokve has joined #openstack-keystone		15:36
nkinder_	morganfainberg: this change can be abandoned - https://review.openstack.org/#/c/111088/	15:39
nkinder_	morganfainberg: I don't have the ability to do so, but I've talked with the reporter (and a customer who requested that change)	15:39
morganfainberg	nkinder_, ok	15:39
morganfainberg	nkinder_, will do so	15:39
nkinder_	morganfainberg: cool, thx	15:40
*** andreaf has quit IRC		15:41
*** andreaf has joined #openstack-keystone		15:42
*** BAKfr has quit IRC		15:42
*** samuelmz has quit IRC		15:44
openstackgerrit	David Stanek proposed a change to openstack/keystone: Address some late comments for memcache clients https://review.openstack.org/124443	15:50
dstanek	lbragstad: ^ i removed your use of super() and added a few docstrings	15:50
morganfainberg	dstanek, mind running tox -esample_config on that?	15:56
morganfainberg	i mean... since config.py was updated.	15:56
dstanek	sure	15:57
morganfainberg	and do we want to land that in K1? ( dstanek, lbragstad, bknudson1)? or try and sneak it in during RC? It looks mostly like stuff we could drop in K1 and look to backport (mostly harmless)	15:57
morganfainberg	i'm leaning towards K1 just based on how backed up the gate is.	15:57
morganfainberg	but if overwhelminly this needs to land in J, i'd consider it	15:58
dstanek	that would say k1 because it's mostly cosmetic in nature	15:58
morganfainberg	dstanek, ++ ok i'm goint to toss a -2 on it with a comment for that then.	15:59
*** gyee has joined #openstack-keystone		16:03
morganfainberg	bknudson1, that requirements update looks like it might be the last thing we need (after the k2k is expirimental and marek's "add version to saml") patches	16:06
morganfainberg	bknudson1, am i correct in that?	16:06
openstackgerrit	David Stanek proposed a change to openstack/keystone: Address some late comments for memcache clients https://review.openstack.org/124443	16:07
bknudson1	morganfainberg: I can't think of anything that's really required.	16:09
morganfainberg	bknudson1, cool and i assume that requirements (kombu) update is just putting us in line with everyone else?	16:09
bknudson1	morganfainberg: it was accepted into global requirements	16:09
morganfainberg	ah and we don't have a juno branch yet on reqs	16:10
morganfainberg	ok	16:10
morganfainberg	yep	16:10
*** jaosorior has quit IRC		16:12
*** __TheDodd__ has joined #openstack-keystone		16:16
*** thedodd has quit IRC		16:17
*** marcoemorais has joined #openstack-keystone		16:17
*** __TheDodd__ has quit IRC		16:20
henrynash	stevemar: commented on the new openstack cli examples…there appears to be no mention of domains in any of the apis? seems odd…	16:21
stevemar	henrynash, I just wanted parity with what's there. I can add a new section (v3 vs v2 for OSC) and show domains/groups there	16:22
henrynash	stevemar: ok, maybe add a follow on patch, maybe to add that?	16:22
henrynash	stevemar: or if you want to do it in the same patch, that;s fine too	16:22
stevemar	henrynash, OK just getting your comments now - so for V2 project create and user create we don't need domain (and like I said, just wanted parity)	16:23
henrynash	stevemar: I assume the openstack client defautls to the default domain if you don’t specify?	16:23
stevemar	henrynash, of course	16:23
*** marcoemorais has quit IRC		16:23
stevemar	henrynash, i'll add a follow on patch, i don't like bogging down the reviews with 100s of lines to review	16:24
*** marcoemorais has joined #openstack-keystone		16:24
henrynash	stevemar: agreed	16:24
*** marcoemorais has quit IRC		16:24
*** marcoemorais has joined #openstack-keystone		16:24
*** marcoemorais has quit IRC		16:25
*** marcoemorais has joined #openstack-keystone		16:26
openstackgerrit	Andre Aranha proposed a change to openstack/keystone: Creating a policy sample https://review.openstack.org/123509	16:26
*** henrynash has quit IRC		16:28
*** wwriverrat has joined #openstack-keystone		16:29
*** anteaya has joined #openstack-keystone		16:34
*** zzzeek has quit IRC		16:39
*** thedodd has joined #openstack-keystone		16:40
*** zzzeek has joined #openstack-keystone		16:40
marekd	mhu: hey	16:46
*** ayoung-afk is now known as ayoung		16:48
*** thedodd has quit IRC		16:51
*** Dafna has quit IRC		16:53
mhu	marekd: hellp	16:54
mhu	hello	16:54
marekd	i am now playing with your patch for OSC (auth plugins)	16:55
marekd	looks very nice.	16:55
*** ukalifon1 has joined #openstack-keystone		16:55
marekd	I am wondering if you think we need some kind a wrapper for v3unscopedsaml and v3scopedsaml or you are planning to cover it in osc?	16:55
*** andreaf has quit IRC		16:55
*** andreaf has joined #openstack-keystone		16:56
marekd	mhu: in other words: do you think https://review.openstack.org/#/c/106751/ will be useful	16:56
marekd	stevemar: ^^ question for you too..	16:56
mhu	marekd, I think your wrapper is the way to go	16:56
mhu	making it available at the library level makes more sense I think	16:57
*** packet has joined #openstack-keystone		16:57
marekd	stevemar: mhu i think we might want it in keystoneclient, so osc doesn;t need to resolve any dependencies or worse, error handling. I was also thinking to use the wrapper to use either shibboleth or adfs plugin for unscoped tokens and handle tthis somewhat behind the scenes.	16:57
marekd	mhu: ok, so we have consensus on this.	16:57
mhu	yup, you got my +1 on that !	16:57
marekd	mhu: thank you!	16:58
*** ukalifon has quit IRC		16:58
*** marcoemorais has quit IRC		16:58
*** henrynash has joined #openstack-keystone		16:58
*** marcoemorais has joined #openstack-keystone		16:59
*** thedodd has joined #openstack-keystone		16:59
*** wwriverrat has left #openstack-keystone		16:59
*** marcoemorais has quit IRC		16:59
*** marcoemorais has joined #openstack-keystone		17:00
stevemar	marekd, mhu well that was resolved quickly... but yeah, keep it in KSC for the reasons marek suggests	17:01
marekd	stevemar: ++	17:03
henrynash	stevemar: so what determins, for openstack client, ehther ‘project create’ is a v2 or v3 command…the url set in —os-url ?	17:03
*** f13o has quit IRC		17:04
henrynash	stevemar: if so, I’m not sure we ever actually say that in configuration.rst	17:05
*** marcoemorais has quit IRC		17:05
*** marcoemorais has joined #openstack-keystone		17:06
*** sigmavirus24 is now known as sigmavirus24_awa		17:08
*** henrynash has quit IRC		17:14
*** henrynash has joined #openstack-keystone		17:17
*** dhellmann is now known as dhellmann_		17:18
openstackgerrit	A change was merged to openstack/keystone: Mark k2k as experimental https://review.openstack.org/124107	17:25
stevemar	henrynash, the variable OS_IDENTITY_API_VERSION	17:25
stevemar	henrynash, it defaults to v2.0 for now, i'll mention it in another patch	17:26
henrynash	stevemar: ok, got it, thanks	17:26
marekd	korek	17:29
*** marcoemorais has quit IRC		17:30
*** marcoemorais has joined #openstack-keystone		17:31
*** praneshp has joined #openstack-keystone		17:31
*** __TheDodd__ has joined #openstack-keystone		17:32
*** thedodd has quit IRC		17:32
*** thedodd has joined #openstack-keystone		17:35
*** dhellmann_ is now known as dhellmann		17:36
*** henrynash has quit IRC		17:38
*** __TheDodd__ has quit IRC		17:38
*** __TheDodd__ has joined #openstack-keystone		17:41
*** thedodd has quit IRC		17:44
*** __TheDodd__ has quit IRC		17:50
*** thedodd has joined #openstack-keystone		17:57
*** _cjones_ has quit IRC		17:58
*** _cjones_ has joined #openstack-keystone		17:59
*** harlowja_away is now known as harlowja		17:59
*** gokrokve_ has joined #openstack-keystone		18:01
*** sigmavirus24_awa is now known as sigmavirus24		18:02
*** _cjones_ has quit IRC		18:03
*** gokrokve_ has quit IRC		18:05
*** gokrokve has quit IRC		18:05
*** gokrokve has joined #openstack-keystone		18:05
*** morgan_remote_ has joined #openstack-keystone		18:07
*** gokrokve has quit IRC		18:10
gordc	stevemar: is federation implemented in juno?	18:14
rodrigods	gordc, k2k you mean?	18:15
rodrigods	or just regular federation?	18:15
gordc	what's the use case/definition of k2k	18:15
gordc	rodrigods: ^	18:16
rodrigods	k2k is keystone to keystone federation, the ability to federate multiple keystones	18:16
rodrigods	which, is implemented in Juno as experimental	18:16
rodrigods	and regular federation is available since icehouse	18:16
gordc	rodrigods: cool cool. wanted to make sure it wasn't some super fancy keystone term.	18:17
stevemar	rodrigods is doing a fantastic job in my absence	18:17
gordc	stevemar: go away.lol	18:17
stevemar	gordc, as you wish!	18:17
gordc	nooo!!!	18:17
gordc	ok. so it's experimental... and i assume requires v3 api enabled in all projects?	18:18
rodrigods	gordc, yes, it does	18:19
gordc	when we say experimental, does that mean "it works, but might break" or "we've no idea if it works"	18:19
rodrigods	stevemar, right?	18:19
rodrigods	=)	18:19
gordc	either of you know which projects actually use v3 or have the ability to use v3?	18:19
rodrigods	i think that it requires v3 only for keystone, i might be wrong, though	18:20
rodrigods	gordc, about being experimental: https://review.openstack.org/#/c/124107/2/doc/source/configure_federation.rst	18:22
stevemar	gordc, i think just heat as of today, still	18:22
stevemar	gordc, experimental == stuff might break, but we plan on continuing development anyway	18:23
gordc	stevemar: cool cool. i'll take a look at heat. i think we have v3 code in ceilometer but we don't actually use it.	18:23
stevemar	likely	18:23
gordc	rodrigods: stevemar: thanks... will come back with more tedious questions later.	18:24
*** radez_g0n3 is now known as radez		18:24
rodrigods	stevemar, btw, if you need some extra hands to help with it, i'm available =)	18:28
stevemar	rodrigods, just testing it all out :(	18:28
stevemar	rodrigods, manual test, tempest test, functional tests, anything really	18:28
stevemar	we need federation to be more stable	18:28
rodrigods	stevemar, i absolutely can do that	18:29
gordc	stevemar: i might have time to help...	18:29
rodrigods	we have a "regular" federation deployment here	18:29
stevemar	rodrigods, nice	18:29
gordc	stevemar: if you give me back my vpn access.	18:29
stevemar	rodrigods, how painful was it to set up? how beneficial has it been?	18:29
stevemar	gordc, send you the cert later	18:29
rodrigods	stevemar, biggest issues were related about shibboleth setup	18:30
gordc	stevemar: cool cool. all about trusts.	18:30
rodrigods	and we did it only to investigate about it's status, check if it's nice and stable	18:30
stevemar	rodrigods, i figured that would be the pain point. what about the mapping and authentication	18:30
morgan_remote_	lbragstad, bknudson1: we might want to get the memcache pool log override in for Juno.	18:31
ayoung	stevemar, morgan_remote_ I have a better idea for K2K	18:31
rodrigods	stevemar, this was easier, no issues about that as I remember now	18:31
morgan_remote_	Or tag it for a Juno stable back port	18:31
*** gokrokve has joined #openstack-keystone		18:31
bknudson1	keystonemiddleware doesn't even have support for v3 auth.	18:33
bknudson1	morgan_remote_: is there a review?	18:33
morgan_remote_	bknudson1: no not yet. I'll make sure we have a bug and tag it for stable back port potential.	18:33
gordc	bknudson1: so k2k is not possible or does it not matter?	18:33
rodrigods	stevemar, bknudson1 gordc i'm planning to make a test deployment here (k2k), is it possible?	18:34
rodrigods	even with the known issues	18:34
bknudson1	I didn't know there were any known issues with k2k.	18:34
ayoung	bknudson1, it only does Identity	18:35
ayoung	I have a plan for assignments...	18:35
bknudson1	what more do you need?	18:35
gordc	rodrigods: i'd be interested in results.	18:36
morgan_remote_	ayoung: isn't that the whole reason we were doing the local token? How does local keystone know the remote's structure / project / roles?	18:36
ayoung	morgan_remote_, that is my plan...	18:36
ayoung	morgan_remote_, "shared domains"	18:36
ayoung	so K1 creates the domain, and exports the data to K2	18:36
*** andreaf has quit IRC		18:36
*** gokrokve has quit IRC		18:36
stevemar	rodrigods, i think marekd found 2 bugs that are being merged / gating right now	18:36
morgan_remote_	I'll be upfront and say I'm skeptical due to data sync needs but willing to see what you're proposing	18:36
ayoung	K2 says "Ok, K1 can sign for only tokens scoped to these domains or proejcts in them"	18:37
*** andreaf has joined #openstack-keystone		18:37
ayoung	morgan_remote_, it involves Multiple signers...all sorts of good sh....stuff	18:37
morgan_remote_	Not opposed to the concept of we can make it robust and not-too-onerous to manage	18:37
stevemar	rodrigods, one is gating, the other is this one: https://review.openstack.org/#/c/124176/	18:37
morgan_remote_	S/of/if	18:38
ayoung	morgan_remote_, I think it won't be too bad. still crafting the message	18:38
morgan_remote_	ayoung: sure. Looking forward to more details then.	18:39
ayoung	morgan_remote_, in keystone.egg-info/PKG-INFO I see the value Version: 2014.2.dev154.g1af2428. I know the last part is based on the git hash. Any idea what dev154 is?	18:40
morgan_remote_	stevemar: if I read the bug correctly as long as the id would match the conf value it works. It's a config issue vs a never could work issue. And the fix makes the ux more expected.	18:41
openstackgerrit	Steve Martinelli proposed a change to openstack/keystone: Add v3 openstackclient CLI examples https://review.openstack.org/124489	18:41
stevemar	morgan_remote_, i think for the sanity of the deployer it should be merged	18:42
morgan_remote_	ayoung: hmm. I'd have to look into pbr and setuptools (dark magic). Dev Is either "installed from git" or pip install -e / setup develop	18:42
morgan_remote_	The number I don't know	18:42
ayoung	morgan_remote_, I'm digging through PBR now	18:43
morgan_remote_	stevemar: but my assessment is correct right? Not disagreeing that it should be merged. Looking at "is this never going to work" or is it "bad us/non-intuitive behavior"	18:43
morgan_remote_	S/us/ux	18:44
morgan_remote_	ayoung: you likely could just ask lifeless or mordred.	18:44
morgan_remote_	Or clarkb	18:44
ayoung	morgan_remote_, yeah.	18:44
ayoung	and I suspec that this is somethi pbr inherits, not generates	18:45
stevemar	morgan_remote_, yes your assessment is correct	18:45
morgan_remote_	I still want to circle back and make sample config generated on "install"	18:45
ayoung	morgan_remote_, and I want to make an RPM not have to wipe out the PBR data	18:45
morgan_remote_	Which is going to take a pbr fix afaict	18:45
morgan_remote_	ah that sounds like worth fixing!	18:46
ayoung	morgan_remote_, yeah....so close	18:46
ayoung	morgan_remote_, I think that, if I can get the RPM and setup.py version in sync, the pbr issue goes away	18:46
ayoung	right now, if I leave pbr in, when I go to build the rpm I get	18:46
morgan_remote_	stevemar: ok. Sounds good. Let's look at where we sit and start classifying thing a as "must get in for rc" and stable Juno potential.	18:47
ayoung	+ /usr/bin/python setup.py build	18:47
ayoung	error in setup command: Error parsing /home/ayoung/rpmbuild/BUILD/keystone-2014.2.b3/setup.cfg:Exception: Versioning for this project requires either an sdist tarball, or access to an upstream git repository. Are you sure that git is installed?	18:47
morgan_remote_	ayoung: ugh. That isn't fun! :(	18:47
stevemar	morgan_remote_, my vote is that it's 'must get in for rc'	18:47
ayoung	morgan_remote_, no, but its made me angry enough that HULK SMASH!	18:47
stevemar	morgan_remote_, were you able to reproduce that bug on 12.04 last night?	18:48
morgan_remote_	stevemar: I'll be back at my computer soon. (Finishing my breakfast/lunch/coffee). Hard to see a complete view from my phone (though the big screen does help make it less icky)	18:48
morgan_remote_	stevemar: have to do t today. Was at openstack la meetup till like 10. Too tired to do VM wrangling last night.	18:49
ayoung	morgan_remote_, oooh...so speaking of generating the config file options, it turns out we modify the sample conf on build, with a patch....	18:50
* ayoung needs to talk to apevec		18:51
ayoung	morgan_remote_, new rule of thumb...if you are carrying long term patches in your distro package specification, you are in a state of sin	18:52
*** ukalifon1 has quit IRC		18:53
morgan_remote_	ayoung: can't disagree.	18:53
*** rm_work is now known as rm_work\|away		18:57
*** dhellmann is now known as dhellmann_		18:57
*** rm_work\|away is now known as rm_work		18:57
*** jorge_munoz has quit IRC		18:58
*** rushiagr_away is now known as rushiagr		19:11
dstanek	lbragstad: you beat me to the userId/username review :P	19:13
lbragstad	dstanek: :)	19:13
lbragstad	you can still review it if you want, I tested the logic	19:13
dstanek	lbragstad: i think there may be tests missing so i'm going to post a follow up, but it's not an RC blocker	19:13
lbragstad	ok	19:13
*** _cjones_ has joined #openstack-keystone		19:18
*** gordc has quit IRC		19:19
*** zzzeek has quit IRC		19:21
*** andreaf has quit IRC		19:21
*** andreaf has joined #openstack-keystone		19:22
*** boris-42 has joined #openstack-keystone		19:27
*** saipandi has joined #openstack-keystone		19:27
*** rushiagr is now known as rushiagr_away		19:29
*** gokrokve has joined #openstack-keystone		19:32
*** nkinder_ has quit IRC		19:33
*** nkinder has joined #openstack-keystone		19:33
morganfainberg	stevemar, ok looking at that migration issue here now.	19:35
*** gokrokve has quit IRC		19:37
morganfainberg	stevemar, haha looks like someone took topol's name on IRC just sent a message to the wrong person with some weird anti-spam thing	19:41
morganfainberg	stevemar, he should register it and enable nick protection :P	19:42
*** andreaf has quit IRC		19:44
*** andreaf has joined #openstack-keystone		19:45
*** amcrn has joined #openstack-keystone		19:50
*** hurgleburgler has joined #openstack-keystone		19:51
morganfainberg	oh boy: https://bugs.launchpad.net/keystone/+bug/1374497	19:52
uvirtbot	Launchpad bug 1374497 in oslo.db "change in oslo.db "ping" handling is causing issues in projects that are not using transactions" [High,In progress]	19:52
*** dhellmann_ is now known as dhellmann		19:55
*** gordc has joined #openstack-keystone		19:55
dstanek	morganfainberg: wow, that's not good	19:57
morganfainberg	dstanek, that ... is potentially an ugly fix if we need to roll that in now	19:59
lbragstad	I remember seeing a review come through for that a long time ago	19:59
dstanek	morganfainberg: is that a real problem that people are seeing or is it a theortical problem?	20:00
lbragstad	isn't it part of the reason we are seeing the "MySQL server has gone away" bug?	20:00
lbragstad	https://bugs.launchpad.net/keystone/+bug/1361378	20:00
uvirtbot	Launchpad bug 1361378 in oslo.db ""MySQL server has gone away" again" [Undecided,Incomplete]	20:00
dstanek	lbragstad: hmmm...yes i do remember something about that	20:00
lbragstad	I thought I saw a review a while back where someone went through everything and changed that,	20:01
lbragstad	where we were relying on the autocommit stuff	20:01
lbragstad	but, I don't remember... my review memory has a max depth of about 5 reviews.	20:02
morganfainberg	lbragstad, i think so.	20:04
morganfainberg	lbragstad, that looks like the root of it	20:04
morganfainberg	which... i'd much rather see another oslo.db release...but i don't see that happening	20:05
stevemar	morganfainberg, hehe, topol is out today	20:07
morganfainberg	i know i hit him up on twitter about it	20:08
*** hurgleburgler has left #openstack-keystone		20:11
stevemar	wow, i get to vote, apparently i contributed to cinder	20:12
stevemar	must have been a small bug >.>	20:12
morganfainberg	stevemar, in either Icehouse or Juno	20:12
stevemar	probably juno	20:12
*** zzzeek has joined #openstack-keystone		20:13
morganfainberg	why ubuntu why do you make it so hard to install openssh server	20:19
*** topol_ has joined #openstack-keystone		20:21
*** aix has quit IRC		20:21
lbragstad	morganfainberg: 14.04?	20:22
morganfainberg	lbragstad, 12.04	20:22
dstanek	morganfainberg: i have recently switched to Fedora on a trial bases	20:26
dstanek	or basis	20:26
morganfainberg	dstanek, except i am trying to duplicate a 12.04 bug	20:26
morganfainberg	;)	20:26
lbragstad	ah.. that makes sense	20:27
*** rwsu has quit IRC		20:31
*** gokrokve has joined #openstack-keystone		20:32
*** zohar has joined #openstack-keystone		20:34
zohar	Hi all	20:35
zohar	I am trying to do a simple thing, I have a single node which I want to use as an authentication endpoint	20:35
zohar	on ubuntu14	20:35
zohar	i do apt-get install keystone	20:35
zohar	configure /etc/keystone/keystone.conf	20:35
zohar	service keystone restart	20:36
*** gordc has quit IRC		20:36
*** NM1 has joined #openstack-keystone		20:36
zohar	assign some env vars like OS_USERNAME/TENANT/PASSWORD/AUTH_URL	20:36
zohar	then a keystone tenant-list returns this:	20:36
*** morganfainberg is now known as morgan		20:36
*** morgan is now known as morganfainberg		20:37
*** gokrokve has quit IRC		20:37
zohar	Authorization Failed: Unable to establish connection to http://127.0.0.1:35357/v2.0/tokens	20:37
zohar	what am i missing?	20:37
*** raildo has quit IRC		20:39
nkinder	zohar: what is your OS_AUTH_URL set to?	20:39
morganfainberg	dstanek, ok https://bugs.launchpad.net/keystone/+bug/1374497 talked w/ dhellmann and zzzeek in #openstack-oslo this is something we need to fix in kilo, but oslo.db should get fixed for us for the Juno timeframe	20:40
uvirtbot	Launchpad bug 1374497 in oslo.db "change in oslo.db "ping" handling is causing issues in projects that are not using transactions" [High,In progress]	20:40
dstanek	morganfainberg: cool, that works for me	20:41
*** thedodd has quit IRC		20:45
morganfainberg	ayoung, is this still relevant? https://bugs.launchpad.net/keystone/+bug/1208588 or is it not based on your new kerberos work?	20:46
uvirtbot	Launchpad bug 1208588 in keystone "Support getting Auth attributes from Kerberos PAC" [Wishlist,New]	20:46
ayoung	KILL THAT	20:46
ayoung	er...	20:46
ayoung	nah, I guess it is still valid	20:46
ayoung	it would be a Federation type use case	20:46
morganfainberg	is it a bug?	20:46
ayoung	Wishlist	20:47
morganfainberg	or is it a -spec? or is it something else?	20:47
morganfainberg	ok so.. we want it?	20:47
ayoung	morganfainberg, I think, maybe, we can close it. the PAC would be unpacked by Apache	20:47
morganfainberg	ok i'll close it for now, and we can re-open if needed	20:47
ayoung	so nothing that Keystone would have to do but treat it like another Federation case	20:47
morganfainberg	or attach it where we need it.	20:47
morganfainberg	k	20:47
ayoung	Yeah, close	20:48
morganfainberg	ooh we're close to having no untriaged (new state) bugs in keystone :)	20:48
*** thedodd has joined #openstack-keystone		20:49
*** topol_ is now known as bradtopol		20:50
*** radez is now known as radez_g0n3		20:50
zohar	nkinder, sorry for late response, it's just http://127.0.0.1:35357/v2.0/	20:53
zohar	since i want to run it on the same node	20:53
*** dimsum_ has quit IRC		20:56
zohar	i think i am missing an the actual apache server to receive requests at that address	20:56
*** dimsum_ has joined #openstack-keystone		20:56
zohar	what would be the easiest way to setup a working keystone authentication endpoint on a fresh node?	21:00
*** dimsum_ has quit IRC		21:00
*** marcoemorais has quit IRC		21:07
*** marcoemorais has joined #openstack-keystone		21:07
nkinder	zohar: is keystone running? (ps -ef \| grep keystone-all)	21:10
nkinder	zohar: that should show your keystone server (unless you've deployed it in httpd w/mod_wsgi)	21:11
*** amcrn_ has joined #openstack-keystone		21:11
*** amcrn has quit IRC		21:12
zohar	yes its running	21:12
zohar	nkinder, it's running. ive been looking now into this: https://github.com/swiftstack/keystone_install	21:12
zohar	it would be nice to go through all the steps myself though to get better understanding of setting this up	21:13
nkinder	zohar: it's odd that you get a connection error though. Does 'netstat -an \| grep 35357' show that it's listening on the right interfaces?	21:15
zohar	nkinder, ill get back to you on this in a second, let me recreate this on another node, ive run the keystone_install thing on my previous one	21:16
zohar	nkinder, without changing keystone.conf, i get this from netstat: tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN	21:19
*** bradtopol is now known as btopol		21:19
*** btopol is now known as topol		21:20
zohar	oh wow, and after changing keystone.conf and doing service keystone restart, it is not listening anymore	21:20
*** stevemar has quit IRC		21:20
*** morgan_remote_ has quit IRC		21:20
zohar	oh oops	21:20
*** dimsum_ has joined #openstack-keystone		21:21
zohar	nkinder, i fixed the conf, now netstat returns this: tcp 0 0 <correct_ip>:35357 0.0.0.0:* LISTEN	21:22
nkinder	zohar: ok, so can you do a 'keystone tenant-list' now?	21:24
nkinder	zohar: with all of your proper ENV vars set...	21:24
zohar	nope, same error, unable to establish connection	21:24
zohar	also, the keystone_install "autoinstall" shell script didnt work :P	21:24
*** marcoemorais has quit IRC		21:25
zohar	either way i rather do it by hand	21:26
nkinder	zohar: so <correct_ip> is a real IP, or is it 127.0.0.1?	21:27
zohar	real ip	21:27
zohar	is that the reason?	21:27
nkinder	zohar: if it's not 127.0.0.1 or 0.0.0.0, you're not listening on the loopback	21:27
zohar	oh wow	21:28
nkinder	zohar: you can connect over the real IP by setting OS_AUTH_URL to use it	21:28
zohar	yes i just did	21:28
zohar	now next issue	21:28
zohar	Could not find user, admin. (HTTP 401)	21:29
zohar	:P	21:29
zohar	i guess its time to create a user :D	21:29
nkinder	zohar: it you want to listen on all addresses, set admin_bind_host/public_bind_host to 0.0.0.0 in keystone.conf	21:29
nkinder	zohar: yeah, you can use the admin_token in keystone.conf to connect and set up all of your users/roles/projects	21:30
zohar	ok thank you	21:30
zohar	now here is my big picture task	21:31
zohar	im trying to set up a minimal test node, which will point to an object-storage-only cluster	21:31
*** andreaf has quit IRC		21:31
zohar	and run some tests on the test node side over swift-api	21:31
*** andreaf has joined #openstack-keystone		21:32
*** thedodd has quit IRC		21:32
zohar	so im trying to put together everything necessary for this test enviornment, and keystone is the first point	21:32
*** gokrokve has joined #openstack-keystone		21:32
zohar	on the remote end, there is a working swift api and keystone authentication	21:33
*** gokrokve has quit IRC		21:33
zohar	so once i get keystone auth server working on the test node, i will add its tenants to the remote cluster and point to it via service endpoint	21:33
*** gokrokve has joined #openstack-keystone		21:34
*** gokrokve has quit IRC		21:38
*** packet has quit IRC		21:39
*** joesavak has quit IRC		21:40
*** marcoemorais has joined #openstack-keystone		21:44
*** marcoemorais has quit IRC		21:46
*** marcoemorais1 has joined #openstack-keystone		21:46
*** david-lyle has quit IRC		21:56
*** marcoemorais1 has quit IRC		21:57
*** rkofman has quit IRC		21:58
*** rkofman has joined #openstack-keystone		21:58
morganfainberg	https://bugs.launchpad.net/keystone/+bug/1371620 is SQLite specific	21:58
uvirtbot	Launchpad bug 1371620 in keystone "Setting up database schema with db_sync fails with OperationalError: (OperationalError) database is locked u'DELETE FROM user_project_metadata' ()" [Undecided,Confirmed]	21:58
morganfainberg	I believe this is a similar issue to what we had with 042 .	21:59
*** marcoemorais has joined #openstack-keystone		22:02
*** imkarrer has joined #openstack-keystone		22:02
*** marcoemorais has quit IRC		22:02
*** marcoemorais has joined #openstack-keystone		22:04
imkarrer	Hey, I am looking for information on extensions within Keystone IceHouse release. The documentation states that keystone ships with extensions in keystone/contrib/extensions. I would like to use the OS-KSADM but it is not clear how to install it or which releases support this extension. Could anyone point me in the right direction?	22:05
morganfainberg	hm	22:10
morganfainberg	dstanek, might have a question for you	22:10
dstanek	i may have an answer for you	22:11
morganfainberg	dstanek, so migration 39	22:11
morganfainberg	dstanek, https://github.com/openstack/keystone/blob/master/keystone/common/sql/migrate_repo/versions/039_grant_to_assignment.py#L85 this fails in SQLite	22:11
morganfainberg	i think because of table locks	22:11
morganfainberg	i'm not sure why we're needing to delete all the rows, the next migration we drop the tables.	22:11
morganfainberg	thats the root cause of https://bugs.launchpad.net/keystone/+bug/1371620 and it only affects SQLite	22:12
uvirtbot	Launchpad bug 1371620 in keystone "Setting up database schema with db_sync fails with OperationalError: (OperationalError) database is locked u'DELETE FROM user_project_metadata' ()" [Undecided,Confirmed]	22:12
morganfainberg	i'm not sure how we're passing unit tests tbh	22:12
dstanek	morganfainberg: is it a sqlite version thing?	22:13
*** sigmavirus24 is now known as sigmavirus24_awa		22:13
morganfainberg	as in sqlite version? or schema version	22:13
dstanek	sqlite version	22:13
morganfainberg	i think we'd run into this earlier if it was sqlite specific	22:13
morganfainberg	erm version specific	22:13
morganfainberg	because we did test on 12.04 for a long time	22:13
*** NM1 has quit IRC		22:14
morganfainberg	unless a minor version introduced a regression?	22:14
*** topol has quit IRC		22:14
dstanek	the only two things i've ever seen cause a locked issue was messing with tables on an ancient version of sqlite and when the DB file was actually on a share instead of local disk	22:15
morganfainberg	this is on local disk	22:16
morganfainberg	and this is a "clean" 12.04 install	22:16
morganfainberg	as in i just spun it up and installed everything	22:16
dstanek	so you can reproduce?	22:16
morganfainberg	dstanek, yep consistently	22:16
*** marcoemorais has quit IRC		22:16
morganfainberg	works just fine in relation dbs.	22:16
morganfainberg	you know.. let me distupgrade here and 2x check	22:17
*** david-lyle has joined #openstack-keystone		22:17
morganfainberg	but SQLite seems special.	22:17
dstanek	what version of sqlite is installed?	22:18
*** andreaf has quit IRC		22:19
*** andreaf has joined #openstack-keystone		22:19
dstanek	morganfainberg: ok, i did a phone a friend to get a better answer. when we were using that old version the real problem was that we had 2 processing doing stuff in the DB and that caused the issue. we upgraded to fix.	22:19
morganfainberg	dstanek, ii libsqlite3-0 3.7.9-2ubuntu1.1 SQLite 3 shared library	22:19
morganfainberg	dstanek, this is the packaged version of sqlite with 12.04	22:20
morganfainberg	latest version	22:20
*** david-lyle has quit IRC		22:21
morganfainberg	i'm thinking it's a list operation that hasn't closed the session action yet.	22:21
morganfainberg	so looking a bit more closely at the migration	22:21
morganfainberg	but... again i'm surprised this works in our unit tests / worked on 12.04	22:22
morganfainberg	ooh, i think i see it.	22:22
morganfainberg	we're not "Really" using a transaction but using some autocommit	22:22
dstanek	morganfainberg: if that's the case i would have expected this to have come up before; very wierd	22:23
morganfainberg	yeah	22:23
morganfainberg	this is very strange	22:23
dstanek	i'm trying this on a newer box	22:25
morganfainberg	k	22:26
morganfainberg	i don't have a 14.04 instance ready atm or i'd be trying it there	22:26
morganfainberg	would need to rebuild.	22:26
dstanek	yeah, wow - fails for me too	22:30
morganfainberg	so, simplest solution is "don't delete the rows, we're dropping the tables in the next migration"	22:31
morganfainberg	but what bugs me is that is passes unit tests obstensibly	22:31
morganfainberg	maybe... this is a disk-based vs in-memory sqlite issue	22:31
morganfainberg	we use in-memory iirc for everything now.	22:31
morganfainberg	would be a strange differentiation imo	22:32
dstanek	i think i fixed it locally	22:32
*** gokrokve has joined #openstack-keystone		22:32
morganfainberg	dstanek, how?	22:32
dstanek	morganfainberg: http://paste.openstack.org/show/115749/	22:33
morganfainberg	dstanek, sure.	22:34
morganfainberg	dstanek, ok i'm good with that.	22:34
dstanek	morganfainberg: what you said about the operation not being closed gave me the idea	22:34
morganfainberg	dstanek, right.	22:34
morganfainberg	this feels like something that we should get into RC.	22:34
morganfainberg	and backport to icehouse.	22:35
dstanek	i have no idea why this hasn't failed before, but meh	22:35
dstanek	do you want me to commit or do you want the honors?	22:35
morganfainberg	dstanek, it does fail using our docs on "setting up keystone" as outlined in the bug	22:35
morganfainberg	go for it, i'll review.	22:35
morganfainberg	tagging this to RC. and for icehouse backport.	22:36
morganfainberg	dstanek, thanks	22:36
*** leonchio__ has joined #openstack-keystone		22:37
morganfainberg	dstanek, doh RC bugs trickling in! (at least we're finding them sooner vs later)	22:37
*** gokrokve has quit IRC		22:37
*** rm_work is now known as rm_work\|away		22:40
*** NM1 has joined #openstack-keystone		22:40
*** dhellmann is now known as dhellmann_		22:42
*** dimsum_ has quit IRC		22:43
*** henrynash has joined #openstack-keystone		22:43
*** dimsum_ has joined #openstack-keystone		22:44
dstanek	morganfainberg: pushing now - this feel like a hack because sqlite shouldn't be breaking like this	22:45
morganfainberg	i agree.	22:45
morganfainberg	i'll poke zzzeek to review this.	22:46
morganfainberg	he might have better insight	22:46
openstackgerrit	David Stanek proposed a change to openstack/keystone: Adds a commit in a migration between SQA calls https://review.openstack.org/124533	22:46
*** marcoemorais has joined #openstack-keystone		22:46
morganfainberg	zzzeek, ^ if you don't mind.	22:47
*** rwsu has joined #openstack-keystone		22:47
zzzeek	morganfainberg: how come	22:47
morganfainberg	zzzeek, something is weird with SQLite in this case.	22:47
morganfainberg	it's failing in 039 migration and it looks like something is being held open before the delete.	22:47
morganfainberg	the commit closes it out and make the migration work	22:48
zzzeek	well youre mixing engines and sessions that arent linked together again, it seems :)	22:48
morganfainberg	but this feels weird, because theorestically this should have failed unit tests.	22:48
morganfainberg	oh	22:48
* zzzeek sings the happy alembic doesnt have this problem dance		22:48
morganfainberg	zzzeek, can has?	22:48
morganfainberg	zzzeek, :)	22:48
zzzeek	at the top of the whole script: with engine.begin as conn:	22:48
*** dimsum_ has quit IRC		22:48
zzzeek	then “conn” is it, if you make a Session, say, Session(bind=conn)	22:48
zzzeek	everything on that conn	22:49
zzzeek	engine.begin() that is	22:49
zzzeek	one connection for the whole thing	22:49
morganfainberg	ah, so we should just engine.begin and it should also solve it?	22:49
morganfainberg	and use it for the session	22:49
morganfainberg	ok let me try that. i like that better than the commits	22:50
morganfainberg	zzzeek hope we can move to alembic for keystone in Kilo. would make me happy	22:51
zzzeek	morganfainberg: OK but if we just do decent connectivity in scripts, that’ll be almost as good :)	22:51
morganfainberg	fair enough	22:52
dstanek	zzzeek: thanks, i am trying that out	22:54
morganfainberg	dstanek, i know why it doesn't fail in tests	22:56
morganfainberg	dstanek, we explicitly pass sessions	22:56
morganfainberg	and connections	22:56
praneshp	dolphm: I see you assigned https://bugs.launchpad.net/cinder/+bug/1306559?comments=all to me. I’ll work on it, but was curious why you picked me out.	23:02
uvirtbot	Launchpad bug 1306559 in keystone "Fix python26 compatibility for RFCSysLogHandler" [Low,Confirmed]	23:02
*** marcoemorais has quit IRC		23:05
*** dimsum_ has joined #openstack-keystone		23:07
*** praneshp has quit IRC		23:10
morganfainberg	lbragstad, ping	23:13
*** _cjones_ has quit IRC		23:14
morganfainberg	lbragstad, is this solved with your validation patch? https://bugs.launchpad.net/keystone/+bug/1244423 or .. am i mis-reading this?	23:14
uvirtbot	Launchpad bug 1244423 in keystone "Inconsistency in the keystone api "enabled" field" [Undecided,Triaged]	23:14
morganfainberg	hm	23:14
*** _cjones_ has joined #openstack-keystone		23:15
*** _cjones_ has quit IRC		23:19
*** marcoemorais has joined #openstack-keystone		23:20
*** _cjones_ has joined #openstack-keystone		23:24
dstanek	zzzeek: i just tested in my env and the one reported in the bug - all i had to do to get around the error was to the the existing session instead of the session and engine	23:27
zzzeek	um OK	23:27
zzzeek	didnt look too closely but when i see “migrate_engine” and “session” mixed up i know somtehings off	23:28
morganfainberg	dstanek, lbragstad, ayoung, are we supporting V3 constructs in keystoneclient, i think we determined we arent: https://bugs.launchpad.net/python-keystoneclient/+bug/1367868	23:29
uvirtbot	Launchpad bug 1367868 in python-keystoneclient "List inherited role assignments for domains available on keystone API but not on client" [Undecided,In progress]	23:29
morganfainberg	gyee, dolphm, ^	23:29
*** rwsu has quit IRC		23:30
morganfainberg	bknudson1, ^	23:30
dstanek	morganfainberg: did we determine we didn't want to do that? i voted a +1 or +2 or a related review i think	23:30
morganfainberg	dstanek, i'm fine if we do want to, but trying to get the bugs that are in limbo dealt with in LP	23:31
morganfainberg	this is keystonelclient fix that hasn't gone anywhere	23:31
morganfainberg	s/fix/bug	23:31
morganfainberg	report	23:31
openstackgerrit	David Stanek proposed a change to openstack/keystone: Uses session in migration to stop DB locking https://review.openstack.org/124533	23:32
gyee	morganfainberg, client SDK or CLI	23:32
gyee	?	23:32
* zzzeek hopes dstanek is in PDT time		23:32
dstanek	zzzeek: can you take a quick peek and see if i'm crazy ^	23:32
zzzeek	dstanek: sure ! :)	23:32
dstanek	zzzeek: nope, EST here	23:32
zzzeek	reallly	23:32
zzzeek	dude	23:32
*** gokrokve has joined #openstack-keystone		23:32
gyee	we are not doing anymore V3 CLI stuff in keystoneclient	23:32
zzzeek	7:30 friday	23:32
morganfainberg	zzzeek, dstanek is crazy like that.	23:32
zzzeek	drinky	23:32
dstanek	...maybe i've already started...	23:33
zzzeek	dstanek: yeah thats OK session.execute() will use the ongoing context	23:33
zzzeek	dstanek: if it works, you’re golden	23:34
zzzeek	gotta go out to meet the wife	23:34
dstanek	zzzeek: i really need to learn more about SQA. i just know the basics because i've been traditionally a django guy	23:34
dstanek	zzzeek: thanks for you help	23:34
dstanek	dinner time for me now	23:35
*** gokrokve has quit IRC		23:36
*** NM1 has quit IRC		23:37
*** zzzeek has quit IRC		23:44

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!