Friday, 2015-01-02

« Thursday, 2015-01-01 Index Saturday, 2015-01-03 »
*** chrisshattuck has quit IRC00:01
*** hdd has quit IRC00:05
*** samueldmq has joined #openstack-keystone00:05
*** dims__ has quit IRC00:16
*** dims__ has joined #openstack-keystone00:57
*** dims__ has quit IRC01:28
*** lhcheng_ has quit IRC01:49
*** lhcheng has joined #openstack-keystone01:49
*** hdd has joined #openstack-keystone02:05
*** chrisshattuck has joined #openstack-keystone02:06
*** chrisshattuck has quit IRC02:06
*** chrisshattuck has joined #openstack-keystone02:07
*** lhcheng has quit IRC02:18
*** dims__ has joined #openstack-keystone02:28
*** lhcheng has joined #openstack-keystone02:29
*** dims__ has quit IRC02:33
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Improve creation of expected role assignments  https://review.openstack.org/14454402:55
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Improve List Role Assignment Tests  https://review.openstack.org/13702102:55
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Refactor role assignment assertions  https://review.openstack.org/14454302:55
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Fixes 'OS-INHERIT:inherited_to' info in tests  https://review.openstack.org/14454202:55
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Refactor check of targets and actors on RoleV3  https://review.openstack.org/14470202:55
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Check for invalid filtering on v3/role_assignments  https://review.openstack.org/14470302:55
*** erkules has joined #openstack-keystone02:58
*** erkules_ has quit IRC03:00
*** samueldmq has quit IRC03:03
*** lhcheng has quit IRC03:05
*** lhcheng has joined #openstack-keystone03:06
*** dims__ has joined #openstack-keystone03:07
*** lhcheng has quit IRC03:10
*** stevemar has quit IRC03:27
*** lhcheng has joined #openstack-keystone03:32
*** timcline has joined #openstack-keystone03:43
*** timcline has quit IRC03:43
*** timcline has joined #openstack-keystone03:44
*** timcline has quit IRC03:45
*** dims__ has quit IRC03:56
*** chrisshattuck has quit IRC03:57
*** chrisshattuck has joined #openstack-keystone03:58
*** rm_work is now known as rm_work|away04:02
*** hdd has quit IRC04:27
*** dims__ has joined #openstack-keystone04:34
*** wpf has quit IRC04:36
*** wpf has joined #openstack-keystone04:41
*** dims__ has quit IRC04:43
*** lhcheng has quit IRC04:58
*** rm_work|away is now known as rm_work04:59
*** lhcheng has joined #openstack-keystone05:04
*** jimbaker has quit IRC05:14
*** lhcheng has quit IRC05:25
*** stevemar has joined #openstack-keystone05:40
*** ChanServ sets mode: +v stevemar05:40
*** dims__ has joined #openstack-keystone05:44
*** dims__ has quit IRC05:49
*** LinstatSDR has joined #openstack-keystone06:03
*** LinstatSDR has quit IRC06:09
*** hdd has joined #openstack-keystone06:26
*** lhcheng has joined #openstack-keystone06:26
*** lhcheng has quit IRC06:31
*** hdd has quit IRC07:00
*** lhcheng has joined #openstack-keystone07:41
*** chrisshattuck has quit IRC07:53
*** lhcheng has quit IRC08:03
openstackgerritAbhishek Kekane proposed openstack/keystone: Eventlet green threads not released back to pool  https://review.openstack.org/13082408:05
*** lhcheng has joined #openstack-keystone08:17
*** lhcheng has joined #openstack-keystone08:17
*** f13o has joined #openstack-keystone08:21
*** lhcheng has quit IRC08:31
*** stevemar has quit IRC08:43
*** NAND_ has joined #openstack-keystone09:11
*** andreaf has joined #openstack-keystone10:20
NAND_Hey guys, wanted to ask if anyone knows about any problems that may occur during keystone upgrade (juno -> kilo)10:24
*** jaosorior has joined #openstack-keystone11:08
*** dims__ has joined #openstack-keystone11:10
*** dims__ has quit IRC11:15
*** lhcheng has joined #openstack-keystone11:31
*** samueldmq has joined #openstack-keystone11:32
*** lhcheng has quit IRC11:36
*** rm_work is now known as rm_work|away11:36
*** samueldmq has quit IRC12:24
*** jimbaker has joined #openstack-keystone12:36
*** jimbaker has quit IRC12:36
*** jimbaker has joined #openstack-keystone12:36
*** therve` is now known as therve12:46
*** NAND_ has quit IRC12:46
*** samueldmq has joined #openstack-keystone13:20
*** samueldmq has quit IRC13:40
*** LinstatSDR has joined #openstack-keystone13:53
*** dims__ has joined #openstack-keystone13:56
openstackgerritMerged openstack/keystone: Remove extra V3 version router  https://review.openstack.org/11852214:08
*** LinstatSDR has quit IRC14:12
*** pradip_vedams has joined #openstack-keystone14:15
pradip_vedamshi every one14:16
pradip_vedamsi am getting problem with keystone services14:16
pradip_vedamsi had submit the bug14:16
pradip_vedamshttps://bugs.launchpad.net/keystone/+bug/140709014:16
uvirtbotLaunchpad bug 1407090 in keystone "Unable to start keystone service on Docker container" [Undecided,New]14:16
pradip_vedamscan anybody have any idea about how to setup keystone on docker container14:17
lbragstadpradip_vedams: there was some stuff in Devstack for running services in docker containers but I'm not sure where that is at now. I want to say that it was ripped out last March?14:19
lbragstadpradip_vedams: I've tried it a few times, but I end up getting stuck on issues with docker14:19
lbragstadpradip_vedams: you could try using https://github.com/ewindisch/dockenstack14:20
*** dims__ has quit IRC14:28
*** colettecello is now known as gothicmindfood14:44
*** junhongl has quit IRC15:06
*** junhongl has joined #openstack-keystone15:06
*** dims__ has joined #openstack-keystone15:13
*** pradip_vedams has quit IRC15:23
*** dims__ has quit IRC15:29
*** f13o has quit IRC15:31
*** jungleboyj has joined #openstack-keystone15:34
lbragstadhttps://review.openstack.org/#/c/144669/ is an easy one for any other cores around16:12
*** BMDan has joined #openstack-keystone16:13
BMDanI've looked around, but I've been unable to find it: anyone know if there's a blueprint for RFC 3602 support in Keystone?  It's the extended password change operation, which would allow us to offload password validation onto LDAP (right now, since we just push a hashed password in, there's no way to e.g. check that the minimum password length is satisfied).16:14
*** chrisshattuck has joined #openstack-keystone16:15
*** thedodd has joined #openstack-keystone16:23
*** afazekas has joined #openstack-keystone16:24
lbragstadBMDan: I don't believe so,16:24
lbragstadBMDan: that sounds like it'd be a specific auth plugin type/operation16:25
*** dims__ has joined #openstack-keystone16:30
*** samueldmq has joined #openstack-keystone16:32
*** dims__ has quit IRC16:34
*** stevemar has joined #openstack-keystone16:42
*** ChanServ sets mode: +v stevemar16:42
*** _cjones_ has joined #openstack-keystone16:43
*** samueldmq has quit IRC16:44
bknudsonBMDan: https://tools.ietf.org/html/rfc3602 ?16:46
bknudsonnobody should be using LDAP directly with Keystone... that's what federation is for.16:46
*** larsks|alt is now known as larsks16:50
*** samueldmq has joined #openstack-keystone16:55
*** stevemar has quit IRC17:03
*** stevemar has joined #openstack-keystone17:03
*** ChanServ sets mode: +v stevemar17:03
*** dims__ has joined #openstack-keystone17:07
*** dims__ has quit IRC17:07
*** LinstatSDR has joined #openstack-keystone17:12
*** rwsu has joined #openstack-keystone17:23
*** samueldmq has quit IRC17:27
*** jdennis has joined #openstack-keystone17:36
*** afaranha has joined #openstack-keystone17:37
*** dims__ has joined #openstack-keystone17:38
*** dims__ has quit IRC17:43
*** LinstatSDR has quit IRC17:51
*** harlowja_away is now known as harlowja18:11
openstackgerritMerged openstack/keystone: Update the keystone.conf sample  https://review.openstack.org/14466918:13
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient-federation: Updated from global requirements  https://review.openstack.org/14478518:21
*** hdd has joined #openstack-keystone18:25
BMDanbknudson: Sorry, 3062*, not 3602.  As to federation: I'm using [identity] driver=keystone.identity.backends.ldap.Identity18:25
BMDanAm I taking the wrong approach?18:26
*** afaranha_ has joined #openstack-keystone18:29
*** afaranha has quit IRC18:30
openstackgerritLance Bragstad proposed openstack/keystone: Add positive test case for content types  https://review.openstack.org/13059118:31
openstackgerritLance Bragstad proposed openstack/keystone: Tests assert 200 on POST operations instead of 201  https://review.openstack.org/14244018:31
openstackgerritLance Bragstad proposed openstack/keystone: Expose bug in token revocation for projects  https://review.openstack.org/14209918:32
BMDan(While I wait for a reply…) I'm going to see how far I can get with adding rfc3062 support to keystone.identity.backends.ldap.Identity, as it just seems generally useful.18:37
*** afaranha__ has joined #openstack-keystone18:38
*** afaranha_ has quit IRC18:39
*** tellesnobrega has quit IRC18:42
*** samuelms has quit IRC18:43
BMDanbknudson: Specifically, I followed (mostly) http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html18:48
*** afaranha__ has quit IRC18:50
bknudsonBMDan: my opinion is that it's the wrong approach. Eventually all that code should be going away in favor of federation18:50
bknudsonand if you're using LDAP with keystone it should be in read-only mode. make updates to ldap using your ldap tools.18:52
*** rwsu has quit IRC18:55
*** rwsu has joined #openstack-keystone18:55
*** radez_g0` is now known as radez18:56
*** dims__ has joined #openstack-keystone19:06
*** tellesnobrega has joined #openstack-keystone19:07
*** samuelms has joined #openstack-keystone19:08
BMDanbknudson: I'm in Icehouse due to a need for LTS (this is a security-audited deployment, so I can't chase head).  I don't foresee the needed bits of Federation being backported, do you?  As to changing passwords—fair enough, I could do it with an external tool, instead, but why not take advantage of a single interface, since I've already got it?  3062 is also more secure, if only because it enables stronger hash options and (at least on 319:13
*** dims__ has quit IRC19:13
BMDanAt the risk of creating an XY problem for myself, though, here's the whole story: I've got a VPN server and my OpenStack.  I need both of them to share a password DB, and I need to enforce the use of strong passwords.  If there's a better overall approach to this, I'm open to it!19:14
bknudsonBMDan: federation will not be backported... openstack policy is to not backport features (only bugs).19:19
BMDanbknudson: Unintentional humor?  ;)19:22
BMDanBut, yes, figured.  So, that means I get to hoe the lonely row on my own, I guess.  S'ok, it doesn't strike me as being that hard, based on what I've seen thus far.19:23
BMDanI'll push my changes back up towards the tree, keeping in mind they're unlikely to be applied, just in case someone else finds themselves in my same bind.  :)19:24
BMDan["bind": no pun intended]19:24
*** lhcheng has joined #openstack-keystone19:27
*** lhcheng_ has joined #openstack-keystone19:30
bknudsonBMDan: are extended operations supported by python ldpa?19:32
bknudsonldap19:32
*** lhcheng has quit IRC19:32
BMDanbknudson: Yes: http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.passwd19:41
bknudsonBMDan: ok, should be easy19:42
BMDanbknudson: Yeah, for you.  I'm not very good at Python; I'm an old, grizzled C veteran.  I like my programs undocumented and my pointer math endian-dependent.  ;)19:47
BMDanBut I'll push this up somewhere when I'm done so you more-talented folk can mock me until it's half-decent.  :)19:47
*** hdd has quit IRC19:50
*** jdandrea has quit IRC20:01
*** jaosorior has quit IRC20:03
*** zzzeek has joined #openstack-keystone20:10
*** dims__ has joined #openstack-keystone20:14
*** dims__ has quit IRC20:18
*** dims__ has joined #openstack-keystone20:18
*** EmilienM is now known as EmilienM|afk20:24
*** thedodd has quit IRC20:24
*** harlowja is now known as harlowja_away20:28
*** _cjones_ has quit IRC20:29
*** andreaf has quit IRC20:35
*** andreaf has joined #openstack-keystone20:36
*** dims__ has quit IRC20:36
*** andreaf has quit IRC20:40
*** andreaf has joined #openstack-keystone20:41
*** _cjones_ has joined #openstack-keystone20:44
*** andreaf has quit IRC20:48
*** zzzeek has quit IRC20:48
*** andreaf has joined #openstack-keystone20:48
*** zzzeek has joined #openstack-keystone20:48
*** EmilienM|afk is now known as EmilienM20:52
*** LinstatSDR has joined #openstack-keystone21:01
*** andreaf has quit IRC21:04
*** andreaf has joined #openstack-keystone21:05
openstackgerritBrant Knudson proposed openstack/keystone: switch from sample_config.sh to oslo-config-generator  https://review.openstack.org/11390521:05
*** dims_ has joined #openstack-keystone21:06
*** andreaf has quit IRC21:11
*** andreaf has joined #openstack-keystone21:12
*** fifieldt has quit IRC21:19
*** fifieldt_ has joined #openstack-keystone21:19
*** andreaf has quit IRC21:24
*** andreaf has joined #openstack-keystone21:24
*** LinstatSDR has quit IRC21:41
*** lhcheng_ has quit IRC21:44
*** hdd has joined #openstack-keystone21:48
*** zzzeek has quit IRC21:51
openstackgerritBrant Knudson proposed openstack/keystone: Remove test PYTHONHASHSEED setting  https://review.openstack.org/13659321:58
openstackgerritBrant Knudson proposed openstack/keystone: Correct XMLEquals matcher for ordering  https://review.openstack.org/13891821:58
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_auth_unscoped_token_project for result ordering  https://review.openstack.org/13891921:58
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_get_v3_catalog test for result ordering  https://review.openstack.org/13892021:58
openstackgerritBrant Knudson proposed openstack/keystone: Correct catalog response checker for result ordering  https://review.openstack.org/13892121:58
openstackgerritBrant Knudson proposed openstack/keystone: Correct a v3 auth test for result ordering  https://review.openstack.org/13892221:58
openstackgerritBrant Knudson proposed openstack/keystone: Correct version tests for result ordering  https://review.openstack.org/13892321:58
*** andreaf has quit IRC22:04
*** andreaf has joined #openstack-keystone22:05
*** dims_ has quit IRC22:05
*** dims__ has joined #openstack-keystone22:09
*** stevemar has quit IRC22:17
*** dims__ has quit IRC22:31
*** hdd has quit IRC22:39
openstackgerritBrant Knudson proposed openstack/keystone: Tests fail only on deprecation warnings from keystone  https://review.openstack.org/14481022:43
*** dims__ has joined #openstack-keystone22:57
*** dims__ has quit IRC23:05
*** BMDan has quit IRC23:07
*** rwsu has quit IRC23:07
*** rwsu has joined #openstack-keystone23:18
*** chrisshattuck has quit IRC23:23
*** stevemar has joined #openstack-keystone23:50
*** ChanServ sets mode: +v stevemar23:50
« Thursday, 2015-01-01 Index Saturday, 2015-01-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!