*** htruta has quit IRC | 00:05 | |
*** dims_ has joined #openstack-keystone | 00:08 | |
*** geoffarnold has quit IRC | 00:23 | |
jiaxi | bknudson: I suggest that you have a little discuss with David. And then give a conclusion. | 00:38 |
---|---|---|
*** spandhe has quit IRC | 00:49 | |
*** piyanai has joined #openstack-keystone | 00:50 | |
*** ankita_wagh has quit IRC | 00:54 | |
jiaxi | bknudson: I hope that we can discuss in IRC , not in review comment. | 00:57 |
*** boris-42 has joined #openstack-keystone | 00:57 | |
*** browne has quit IRC | 00:59 | |
*** topol has joined #openstack-keystone | 01:04 | |
*** ChanServ sets mode: +v topol | 01:04 | |
*** topol has quit IRC | 01:09 | |
dstanek | jiaxi: just be patient; it'll get worked out | 01:12 |
jiaxi | dstanek: Form last comment, he given many options. | 01:13 |
jiaxi | dstanek: He say url with space is valid. And He want me to split the commit in two. He want me to use library. | 01:14 |
jiaxi | dstanek: His logic is too strange. | 01:14 |
*** tqtran has quit IRC | 01:15 | |
jiaxi | stanek: If url with space is valid as he said, Why should I split it into tow | 01:15 |
jiaxi | two | 01:15 |
dstanek | jiaxi: like i said earlier i don't have a problem with it as it stands, but i wouldn't have a problem removing the space check | 01:15 |
dstanek | lbragstad: you still around? | 01:16 |
*** btully has quit IRC | 01:16 | |
dstanek | jiaxi: because a commit should be as concise as possible; i understand why he would want that | 01:17 |
dstanek | jiaxi: i wouldn't worry about it right now, just wait and see what happens | 01:17 |
jiaxi | dstanek: It's all okay with me. But after I remove space check. bknudson will come to say that please use library | 01:17 |
dstanek | jiaxi: i really don't think so. he may want another commit to do that, but there was a reason that we stopped validating URLs in a strict way. that's why i was pinging lbragstad. i don't remember | 01:18 |
jiaxi | dstanek: The real problem he dont't like to come to IRC for discussion | 01:18 |
jiaxi | dstanek: You should ping bknudson!!! | 01:20 |
lhcheng | jiaxi: it 8pm his time, you can't expect people to be online in IRC all the time. | 01:20 |
*** jasonsb has quit IRC | 01:20 | |
jiaxi | lhcheng: But in his daytime. I saw him talking in IRC. | 01:21 |
jiaxi | But didn't reply me | 01:21 |
jiaxi | lhcheng: If IRC has log, We can find that. | 01:21 |
dstanek | jiaxi: i was talking to him this morning about something else. he is very often in here, but he does have a job to do and I'm sure is pretty busy | 01:23 |
lhcheng | jiaxi: perhaps try again tomorrow, keep it cool :) | 01:23 |
dstanek | lhcheng: ++ | 01:23 |
jiaxi | dstanek: David, do you think a url with space is valid ? | 01:24 |
jiaxi | dstanek: I'm surprised about his logic. Use www.facebook.com and www.f ac e book.com can get very different result. | 01:25 |
dstanek | jiaxi: that's different that a space in the path because a space in the domain won't resolve dns | 01:26 |
jiaxi | dstanek: use www.f ac e book.com can only get search result. use www.facebook.com can enter facebook | 01:26 |
dstanek | but no a space is not valid according to rfc1738 | 01:26 |
dstanek | jiaxi: that's DNS and nothing more | 01:26 |
dstanek | it seems that the best course of action if you must do anything is to just stop looking for the space in the url | 01:27 |
jiaxi | dstanek: I will tackle it. Only check substitution. | 01:28 |
dstanek | jiaxi: what you have to realize is that low priority and wishlist bugs are lower down on the list of things people are looking at; so it may take time to get a review through | 01:29 |
dstanek | no need to ping everyone when you update or add a comment; we all get notified and if we don't response that's because we are busy :-) | 01:29 |
*** piyanai has quit IRC | 01:29 | |
jiaxi | dstanek: So I often ask people to come to review | 01:29 |
*** davechen has joined #openstack-keystone | 01:30 | |
dstanek | jiaxi: right, dont ;-) | 01:30 |
*** pballand has quit IRC | 01:33 | |
*** henrynash_ has joined #openstack-keystone | 01:33 | |
*** ChanServ sets mode: +v henrynash_ | 01:33 | |
*** henrynash has quit IRC | 01:35 | |
*** henrynash_ is now known as henrynash | 01:35 | |
*** ankita_wagh has joined #openstack-keystone | 01:48 | |
*** ankita_wagh has joined #openstack-keystone | 01:49 | |
*** lhcheng has quit IRC | 01:49 | |
*** piyanai has joined #openstack-keystone | 01:52 | |
*** topol has joined #openstack-keystone | 02:08 | |
*** ChanServ sets mode: +v topol | 02:08 | |
*** bapalm has joined #openstack-keystone | 02:09 | |
*** topol has quit IRC | 02:12 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 02:12 | |
*** ankita_wagh has quit IRC | 02:19 | |
*** bapalm has quit IRC | 02:19 | |
*** markvoelker has joined #openstack-keystone | 02:19 | |
*** markvoelker_ has joined #openstack-keystone | 02:21 | |
*** markvoelker has quit IRC | 02:23 | |
*** lhcheng has joined #openstack-keystone | 02:23 | |
*** lhcheng has quit IRC | 02:24 | |
*** lhcheng has joined #openstack-keystone | 02:24 | |
*** ChanServ sets mode: +v lhcheng | 02:24 | |
*** jasonsb has joined #openstack-keystone | 02:25 | |
*** browne has joined #openstack-keystone | 02:26 | |
*** topol has joined #openstack-keystone | 02:29 | |
*** ChanServ sets mode: +v topol | 02:29 | |
openstackgerrit | jiaxi proposed openstack/keystone: Reject create endpoint with invalid urls https://review.openstack.org/200512 | 02:31 |
*** openstackgerrit has quit IRC | 02:31 | |
*** openstackgerrit has joined #openstack-keystone | 02:32 | |
jiaxi | bknudson: Are you here ? | 02:34 |
*** flwang1 has quit IRC | 02:38 | |
*** hrou has joined #openstack-keystone | 02:38 | |
*** btully has joined #openstack-keystone | 02:44 | |
*** ankita_wagh has joined #openstack-keystone | 02:47 | |
*** topol has quit IRC | 02:47 | |
*** ankita_wagh has quit IRC | 02:47 | |
*** topol has joined #openstack-keystone | 02:47 | |
*** ChanServ sets mode: +v topol | 02:47 | |
*** ankita_wagh has joined #openstack-keystone | 02:48 | |
*** btully has quit IRC | 02:48 | |
*** flwang1 has joined #openstack-keystone | 02:51 | |
*** hakimo has joined #openstack-keystone | 02:52 | |
*** hakimo_ has quit IRC | 02:54 | |
*** richm has quit IRC | 03:14 | |
dstanek | jiaxi: i doubt it. i think it's 10:30pm his time | 03:21 |
*** markvoelker_ has quit IRC | 03:23 | |
dstanek | jiaxi: i'm sure he'll see the email tomorrow and get to the review when he has a chance | 03:23 |
dstanek | jiaxi: take a look at my reviews... https://review.openstack.org/#/q/owner:%22David+Stanek%22+status:open,n,z ... i have lots open and some several week old | 03:25 |
*** markvoelker_ has joined #openstack-keystone | 03:26 | |
jiaxi | dstanek: Okay , I will | 03:26 |
*** h00327910__ has quit IRC | 03:28 | |
jiaxi | dstanek: I'm not familiar with stackforge/os-ansible-deployment , I will look only keystone | 03:28 |
dstanek | jiaxi: no, i'm not asking for reviews necessarily. just wanted to show you that many/most of us have a dozen or more open at a time. jamielennox|away or bknudson sometime have double or triple that | 03:29 |
jiaxi | dstanek: I will look bknudson's | 03:30 |
dstanek | jiaxi: i am suggesting a small change to the commit message to make it a little clearer | 03:31 |
jiaxi | dstanek: okay | 03:31 |
*** dims_ has quit IRC | 03:33 | |
*** stevemar has joined #openstack-keystone | 03:44 | |
*** ChanServ sets mode: +v stevemar | 03:44 | |
davechen | jiaxi: not suprise, i have several patches both in cinder/keystone which is longer than half years. :) | 03:44 |
jiaxi | davechen: A little crazy. In company, after submit patch, I will ask my colleague to review my patch. | 03:46 |
davechen | jiaxi: yeah, but this is opensource project, most of us is not coming from the same company and we have different priorities. | 03:47 |
davechen | jiaxi, lunch time, take a break, buddy. :) | 03:48 |
jiaxi | davechen: Okay, go out for lunch. | 03:48 |
*** nkinder has quit IRC | 03:52 | |
*** edmondsw has quit IRC | 03:56 | |
openstackgerrit | jiaxi proposed openstack/keystone: Reject create endpoint with invalid urls https://review.openstack.org/200512 | 03:59 |
*** jiaxi has quit IRC | 04:03 | |
*** htruta___ has joined #openstack-keystone | 04:23 | |
*** htruta has joined #openstack-keystone | 04:24 | |
*** htruta___ has quit IRC | 04:26 | |
*** htruta has quit IRC | 04:27 | |
*** htruta has joined #openstack-keystone | 04:28 | |
*** htruta_____ has joined #openstack-keystone | 04:29 | |
*** htruta_____ has quit IRC | 04:30 | |
*** htruta has quit IRC | 04:30 | |
openstackgerrit | Eric Brown proposed openstack/keystoneauth: py34 not py33 is tested and supported https://review.openstack.org/201088 | 04:36 |
*** piyanai has quit IRC | 04:51 | |
*** flwang1 has quit IRC | 04:55 | |
*** rm_work is now known as rm_work|away | 05:16 | |
*** amickus has joined #openstack-keystone | 05:22 | |
*** jaosorior has joined #openstack-keystone | 05:23 | |
*** ig0r_ has joined #openstack-keystone | 05:24 | |
*** stevemar has quit IRC | 05:29 | |
*** stevemar has joined #openstack-keystone | 05:29 | |
*** ChanServ sets mode: +v stevemar | 05:29 | |
*** Nirupama has joined #openstack-keystone | 05:32 | |
*** josecastroleon has joined #openstack-keystone | 05:46 | |
*** markvoelker_ has quit IRC | 05:48 | |
openstackgerrit | Morgan Fainberg proposed openstack/keystone: Adds missing list_endpoints tests https://review.openstack.org/176434 | 05:49 |
openstackgerrit | Morgan Fainberg proposed openstack/keystone: Removes KVS catalog backend https://review.openstack.org/158442 | 05:49 |
*** spandhe has joined #openstack-keystone | 05:52 | |
*** spandhe_ has joined #openstack-keystone | 05:55 | |
*** spandhe has quit IRC | 05:56 | |
*** spandhe_ is now known as spandhe | 05:56 | |
*** btully has joined #openstack-keystone | 05:56 | |
*** hrou has quit IRC | 06:00 | |
*** evrardjp_ is now known as evrardjp | 06:07 | |
*** ParsectiX has joined #openstack-keystone | 06:08 | |
*** stevemar has quit IRC | 06:08 | |
*** stevemar has joined #openstack-keystone | 06:09 | |
*** ChanServ sets mode: +v stevemar | 06:09 | |
*** spandhe has quit IRC | 06:09 | |
*** spandhe has joined #openstack-keystone | 06:11 | |
*** ig0r__ has joined #openstack-keystone | 06:11 | |
*** stevemar has quit IRC | 06:11 | |
*** ig0r_ has quit IRC | 06:12 | |
*** stevemar has joined #openstack-keystone | 06:13 | |
*** ChanServ sets mode: +v stevemar | 06:13 | |
*** stevemar has quit IRC | 06:31 | |
*** josecastroleon has quit IRC | 06:44 | |
*** lsmola has joined #openstack-keystone | 06:44 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/keystone: Imported Translations from Transifex https://review.openstack.org/206889 | 06:45 |
*** markvoelker has joined #openstack-keystone | 06:48 | |
*** browne has quit IRC | 06:49 | |
*** belmoreira has joined #openstack-keystone | 06:52 | |
*** markvoelker has quit IRC | 06:53 | |
*** josecastroleon has joined #openstack-keystone | 07:00 | |
*** josecastroleon has quit IRC | 07:02 | |
openstackgerrit | Dave Chen proposed openstack/keystone: Cleanup tearDown in unit tests https://review.openstack.org/207753 | 07:07 |
*** boris-42 has quit IRC | 07:10 | |
*** spandhe has quit IRC | 07:31 | |
*** yottatsa has joined #openstack-keystone | 07:32 | |
*** lhcheng has quit IRC | 07:36 | |
*** yottatsa has quit IRC | 07:36 | |
*** yottatsa has joined #openstack-keystone | 07:39 | |
*** fhubik has joined #openstack-keystone | 07:39 | |
*** ParsectiX has quit IRC | 07:42 | |
*** ParsectiX has joined #openstack-keystone | 07:43 | |
*** jaosorior has quit IRC | 07:44 | |
*** josecastroleon has joined #openstack-keystone | 07:46 | |
*** jaosorior has joined #openstack-keystone | 07:47 | |
*** henrynash has quit IRC | 07:56 | |
*** marzif_ has joined #openstack-keystone | 07:57 | |
*** marzif_ has quit IRC | 08:09 | |
*** afazekas has joined #openstack-keystone | 08:09 | |
*** fhubik is now known as fhubik_afk | 08:13 | |
openstackgerrit | Marek Denis proposed openstack/keystone: Add groups in scoped federated tokens https://review.openstack.org/207167 | 08:17 |
*** fhubik_afk is now known as fhubik | 08:18 | |
*** btully has quit IRC | 08:25 | |
*** jistr has joined #openstack-keystone | 08:32 | |
*** flwang1 has joined #openstack-keystone | 08:33 | |
breton | marekd: won't the patch ^ result in token size > 255? | 08:35 |
marekd | breton: ? | 08:35 |
*** e0ne has joined #openstack-keystone | 08:35 | |
marekd | breton: a, sorry i am blind | 08:36 |
marekd | read "won't" as "won" | 08:36 |
marekd | it may, but we already put groups in the token payload | 08:36 |
marekd | that's first | 08:36 |
marekd | second is without this the fernet token is useless | 08:36 |
marekd | i've debugging that since last week more or less. | 08:37 |
marekd | no groups -> no way to build roles for a project. | 08:37 |
marekd | dolphm: doesn't seem to be super sad about that. | 08:38 |
*** e0ne has quit IRC | 08:40 | |
marekd | breton: we can think about swueezeng group into group of groups | 08:40 |
marekd | byt... | 08:40 |
marekd | but | 08:40 |
*** marzif_ has joined #openstack-keystone | 08:40 | |
*** marzif_ has quit IRC | 08:41 | |
*** marzif_ has joined #openstack-keystone | 08:42 | |
*** fhubik has quit IRC | 08:43 | |
*** markvoelker has joined #openstack-keystone | 08:49 | |
*** markvoelker has quit IRC | 08:54 | |
*** yottatsa has quit IRC | 08:56 | |
*** davechen has left #openstack-keystone | 08:57 | |
breton | marekd: I don't quite understand the logic which was before the patch. The groups were included only for unscoped token, right? | 08:59 |
marekd | breton: right | 09:00 |
marekd | breton: so groups were included either way and we cannot do anything about that... | 09:00 |
*** aix has joined #openstack-keystone | 09:02 | |
marekd | well, you can take a look at this chain of patches: https://review.openstack.org/#/c/207167 | 09:02 |
marekd | i basically think groups should be kept always (unscoped and scoped) token in federated user case. | 09:02 |
marekd | while not keeping them in UUID/PKI case is not harmful it's a no-go in a federated token. | 09:03 |
marekd | so either we keep groups everywhere (it doesn't really change anything in terms of uuid/pki) or we will do some hacks/workarounds or simply break the contract in fernet token. | 09:03 |
openstackgerrit | Marek Denis proposed openstack/keystone: Refactor _populate_roles_for_groups() https://review.openstack.org/207785 | 09:05 |
*** fhubik has joined #openstack-keystone | 09:09 | |
*** flwang1 has quit IRC | 09:11 | |
*** e0ne has joined #openstack-keystone | 09:13 | |
openstackgerrit | Marek Denis proposed openstack/keystone: Add groups in scoped federated tokens https://review.openstack.org/207167 | 09:17 |
openstackgerrit | Marek Denis proposed openstack/keystone: Refactor _populate_roles_for_groups() https://review.openstack.org/207785 | 09:17 |
*** amickus has quit IRC | 09:22 | |
*** ankita_wagh has quit IRC | 09:26 | |
*** ankita_wagh has joined #openstack-keystone | 09:32 | |
*** henrynash has joined #openstack-keystone | 09:41 | |
*** ChanServ sets mode: +v henrynash | 09:41 | |
openstackgerrit | Marek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens. https://review.openstack.org/202176 | 09:49 |
*** ankita_wagh has quit IRC | 09:51 | |
openstackgerrit | Marek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens. https://review.openstack.org/202176 | 10:02 |
openstackgerrit | Marek Denis proposed openstack/keystone: Refactor _populate_roles_for_groups() https://review.openstack.org/207785 | 10:06 |
*** e0ne has quit IRC | 10:07 | |
openstackgerrit | Marek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens. https://review.openstack.org/202176 | 10:09 |
*** henrynash has quit IRC | 10:11 | |
openstackgerrit | Marek Denis proposed openstack/keystone: Fernet payloads for federated scoped tokens. https://review.openstack.org/202176 | 10:13 |
openstackgerrit | Marek Denis proposed openstack/keystone: Refactor: rename Fernet's unscoped federated payload https://review.openstack.org/202190 | 10:15 |
openstackgerrit | Marek Denis proposed openstack/keystone: Better error message when unable to map user https://review.openstack.org/206987 | 10:18 |
*** dg__ has joined #openstack-keystone | 10:20 | |
*** dg__ has quit IRC | 10:21 | |
*** henrynash has joined #openstack-keystone | 10:26 | |
*** ChanServ sets mode: +v henrynash | 10:26 | |
*** e0ne has joined #openstack-keystone | 10:31 | |
*** josecastroleon has quit IRC | 10:37 | |
*** henrynash has quit IRC | 10:43 | |
*** dg__ has joined #openstack-keystone | 10:48 | |
dg__ | anyone around and able to help with a dumb question about roles? | 10:50 |
*** fhubik has quit IRC | 11:04 | |
*** dims_ has joined #openstack-keystone | 11:04 | |
*** ig0r__ has quit IRC | 11:15 | |
*** ig0r_ has joined #openstack-keystone | 11:19 | |
*** josecastroleon has joined #openstack-keystone | 11:22 | |
*** dgonzalez has joined #openstack-keystone | 11:25 | |
*** jeffDeville has joined #openstack-keystone | 11:27 | |
*** yottatsa has joined #openstack-keystone | 11:27 | |
*** afazekas has quit IRC | 11:31 | |
openstackgerrit | Merged openstack/keystone: pemutils isn't used anymore https://review.openstack.org/207524 | 11:31 |
*** jeffDeville has quit IRC | 11:32 | |
openstackgerrit | Merged openstack/keystone: Fixes a docstring to reflect actual return values https://review.openstack.org/207525 | 11:35 |
samueldmq | morning | 11:38 |
*** dg__ has quit IRC | 11:45 | |
*** e0ne has quit IRC | 11:48 | |
*** e0ne has joined #openstack-keystone | 11:50 | |
*** piyanai has joined #openstack-keystone | 11:55 | |
*** bdossant has joined #openstack-keystone | 11:55 | |
*** fhubik has joined #openstack-keystone | 11:56 | |
*** marzif_ has quit IRC | 12:05 | |
*** gordc has joined #openstack-keystone | 12:09 | |
openstackgerrit | javeme proposed openstack/python-keystoneclient: pass correct max_positional_arg 4 utils.positional https://review.openstack.org/207857 | 12:09 |
*** raildo has joined #openstack-keystone | 12:10 | |
openstackgerrit | Merged openstack/keystone: Fix test_admin to expect admin endpoint https://review.openstack.org/206496 | 12:17 |
*** amakarov_away is now known as amakarov | 12:20 | |
openstackgerrit | Alexander Makarov proposed openstack/keystone: Materialized path mixin https://review.openstack.org/198418 | 12:21 |
openstackgerrit | javeme proposed openstack/python-keystoneclient: pass correct max_positional_arg 4 utils.positional https://review.openstack.org/207857 | 12:23 |
openstackgerrit | Alexander Makarov proposed openstack/keystone: Materialized path mixin https://review.openstack.org/198418 | 12:26 |
*** Nirupama has quit IRC | 12:28 | |
*** yottatsa has quit IRC | 12:30 | |
*** yottatsa has joined #openstack-keystone | 12:34 | |
*** edmondsw has joined #openstack-keystone | 12:36 | |
*** tjcocozz has joined #openstack-keystone | 12:40 | |
*** bapalm has joined #openstack-keystone | 12:42 | |
*** fhubik is now known as fhubik_afk | 12:43 | |
*** fhubik_afk is now known as fhubik | 12:50 | |
*** yottatsa has quit IRC | 12:50 | |
*** yottatsa has joined #openstack-keystone | 12:51 | |
*** dikonoor has joined #openstack-keystone | 12:54 | |
*** marzif_ has joined #openstack-keystone | 12:54 | |
*** marzif_ has quit IRC | 12:56 | |
*** marzif_ has joined #openstack-keystone | 12:56 | |
*** hrou has joined #openstack-keystone | 12:57 | |
*** browne has joined #openstack-keystone | 12:57 | |
*** stevemar has joined #openstack-keystone | 12:59 | |
*** ChanServ sets mode: +v stevemar | 12:59 | |
*** jsavak has joined #openstack-keystone | 13:07 | |
openstackgerrit | Rodrigo Duarte proposed openstack/python-keystoneclient: Add Keystone2Keystone auth plugin for K2K https://review.openstack.org/207585 | 13:15 |
*** bknudson has quit IRC | 13:16 | |
*** marzif_ has quit IRC | 13:17 | |
*** htruta has joined #openstack-keystone | 13:18 | |
*** topol has quit IRC | 13:21 | |
*** topol has joined #openstack-keystone | 13:22 | |
*** ChanServ sets mode: +v topol | 13:22 | |
*** TheIntern has joined #openstack-keystone | 13:23 | |
*** bknudson has joined #openstack-keystone | 13:23 | |
*** ChanServ sets mode: +v bknudson | 13:23 | |
*** pawel_ has joined #openstack-keystone | 13:26 | |
openstackgerrit | Merged openstack/keystone: Adds proper isolation to templated catalog tests https://review.openstack.org/174556 | 13:26 |
*** markvoelker has joined #openstack-keystone | 13:26 | |
*** browne has quit IRC | 13:26 | |
*** topol has quit IRC | 13:26 | |
pawel_ | hey. I was wondering why doesn't the function token.persistence.backends.sql.Token.delete_token() in fact remove a token from the db but only sets `valid` to 0 | 13:29 |
*** markvoelker_ has joined #openstack-keystone | 13:30 | |
*** markvoelker has quit IRC | 13:31 | |
*** jsavak has quit IRC | 13:31 | |
*** piyanai has quit IRC | 13:31 | |
pawel_ | and what's actually the difference between delete_token and revoke_token in that case? | 13:31 |
*** jsavak has joined #openstack-keystone | 13:32 | |
marekd | ayoung: to the rescue ^^ | 13:38 |
ayoung | Don't care. | 13:39 |
* ayoung elbow deep in Ansible guts at the moment | 13:39 | |
*** jiaxi_ has joined #openstack-keystone | 13:43 | |
*** ayoung is now known as ayoung-shh-busy | 13:43 | |
ayoung-shh-busy | jiaxi_, pawel_ just make up a random answer to your questions. That is really all I do | 13:45 |
stevemar | marekd: pawel_ lol | 13:47 |
marekd | stevemar: what's that? | 13:47 |
jiaxi_ | ayoung-shh-busy: What is pawel_ ????????? | 13:47 |
stevemar | the response was funny | 13:47 |
marekd | stevemar: ah, yes | 13:48 |
jiaxi_ | I haven't receive the response . | 13:48 |
stevemar | jiaxi_: pawel_ is a developer working with marekd | 13:48 |
stevemar | pawel_: i think the motivation for marking it as invalid in the token backend, and not deleting it, was so if an authentication request comes with that token, the user knows it's revoked, and not "Not Found" | 13:49 |
pawel_ | stevemar: fair enough. but the name in the api is kind of misleading ;) | 13:50 |
*** jiaxi__ has joined #openstack-keystone | 13:50 | |
stevemar | pawel_: True! | 13:50 |
jiaxi__ | I found a big bug of IRC | 13:51 |
jiaxi__ | If wifi is broken, then IRC is stopped. When the wifi is ok, the chat log didn't recorded. | 13:52 |
*** jiaxi_ has quit IRC | 13:52 | |
jiaxi__ | Just now, I asked a qustion. Maybe steve answered me. But I never had chance knew it | 13:52 |
marekd | so i'd say wifi is broken.... | 13:54 |
marekd | we should file a bug agains wifi | 13:54 |
*** jaosorior has quit IRC | 13:54 | |
marekd | wifi should not fail | 13:54 |
rodrigods | marekd, lol | 13:54 |
raildo | marekd: lol | 13:54 |
*** mefist has joined #openstack-keystone | 13:57 | |
ayoung-shh-busy | delete token was the name of the API for a user to delete. It was a soft delete. In the case of the PKI/revocation-list call, we needed the token around | 13:59 |
ayoung-shh-busy | revocation list was done in the same backend as tokens | 13:59 |
ayoung-shh-busy | instead of changing that, we put out revocation events. | 13:59 |
ayoung-shh-busy | jiaxi__, and pawel_ is another user on IRC also asking questions. IRC logging is done by your machine, so if it drops off the network, it can't log. However, logs of the chatroom are put up on evesdrop...theres is a delay: http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/ | 14:00 |
* ayoung-shh-busy still busy | 14:00 | |
*** sigmavirus24_awa is now known as sigmavirus24 | 14:03 | |
*** ParsectiX has quit IRC | 14:05 | |
lbragstad | dstanek: o/ | 14:05 |
marekd | stevemar: Jenkins has some hickups and failure seems to be random - dolphm was curious what you think about it: https://review.openstack.org/#/c/207167/4 | 14:07 |
*** jsavak has quit IRC | 14:09 | |
*** jsavak has joined #openstack-keystone | 14:09 | |
stevemar | marekd: i shall take a look | 14:12 |
*** diazjf has joined #openstack-keystone | 14:18 | |
*** bhenderson has quit IRC | 14:23 | |
*** richm has joined #openstack-keystone | 14:23 | |
*** pnavarro has joined #openstack-keystone | 14:23 | |
*** bapalm_ has joined #openstack-keystone | 14:23 | |
*** h00327910__ has joined #openstack-keystone | 14:24 | |
*** bapalm has quit IRC | 14:26 | |
ayoung-shh-busy | lbragstad, , I'm using ansible pre-2.0 and I bring up an interface using nmcli. It does not update the facts, so I don't have ansible_eth1.ipv4.address . Is it possible to trigger a facts refresh? | 14:27 |
*** josecastroleon has quit IRC | 14:28 | |
lbragstad | ayoung-shh-busy: you can explicitly tell ansible to (or not) gather facts for you. I have an example somewhere. | 14:29 |
ayoung-shh-busy | lbragstad, not the same thing | 14:29 |
ayoung-shh-busy | that is done up front | 14:29 |
ayoung-shh-busy | lbragstad, I want the initial gathered facts, just they need to be updated, or I'll end up doing something custom | 14:30 |
ayoung-shh-busy | its kindof like updating inventory dynamically, I think. | 14:30 |
lbragstad | oh, like ansible doesn't know what it's processing? | 14:30 |
lbragstad | oh... | 14:30 |
lbragstad | yeah I understand | 14:30 |
lbragstad | yeah, you can do that if you write you own dynamic inventory | 14:31 |
lbragstad | s/you/your/ | 14:31 |
lbragstad | do you want certain hosts in your inventory to have special attributes or properties? | 14:32 |
*** jecarey has joined #openstack-keystone | 14:33 | |
*** TheIntern has quit IRC | 14:34 | |
ayoung-shh-busy | lbragstad, so, not inventory in this case...I want to just retrigger the gathering of facts for a host | 14:35 |
ayoung-shh-busy | I brought up an interface, and I want that to show up in future checks. | 14:35 |
*** btully has joined #openstack-keystone | 14:36 | |
openstackgerrit | Rodrigo Duarte proposed openstack/keystone: Add is_domain field in Project Table https://review.openstack.org/157427 | 14:36 |
openstackgerrit | Rodrigo Duarte proposed openstack/keystone: Change project name constraints https://review.openstack.org/158372 | 14:36 |
marekd | stevemar: thanks! | 14:36 |
lbragstad | ayoung-shh-busy: hmm interesting... you should be able to do that with dynamic inventory | 14:36 |
*** mylu has joined #openstack-keystone | 14:37 | |
lbragstad | ayoung-shh-busy: dolphm and I were going to look into some dynamic inventory scripts for the keystone-deploy project but we were able to work around it | 14:37 |
*** mefist has quit IRC | 14:37 | |
*** mylu has quit IRC | 14:38 | |
*** mylu has joined #openstack-keystone | 14:39 | |
*** markvoelker_ has quit IRC | 14:40 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token() https://review.openstack.org/196877 | 14:41 |
*** josecastroleon has joined #openstack-keystone | 14:42 | |
*** ayoung-shh-busy is now known as ayoung | 14:42 | |
*** TheIntern has joined #openstack-keystone | 14:42 | |
*** dikonoor has quit IRC | 14:42 | |
*** lxsli is now known as lexloofer | 14:43 | |
openstackgerrit | Lance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token() https://review.openstack.org/196877 | 14:45 |
elmiko | anyone around who might be able to talk about trusts, auth plugins, sessions, and clients. i'm having a really weird issue that i don't quite understand | 14:46 |
elmiko | basically, if i create a keystone v3 Client using the direct methodology (passing username, passwd, etc), then i can create a trust | 14:46 |
openstackgerrit | Lance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token() https://review.openstack.org/197647 | 14:47 |
elmiko | but, if i create a client using a v3 Token auth plugin and a Session, when i try to create the trust i get an error about the trust failing to be created because it can't find project {id} | 14:47 |
*** pnavarro has quit IRC | 14:47 | |
elmiko | so, it obviously makes the transition from project name to project id, but why does my trust fail? | 14:47 |
*** jsavak has quit IRC | 14:49 | |
*** pgbridge has quit IRC | 14:49 | |
elmiko | ayoung: any thoughts about that ^ | 14:50 |
ayoung | elmiko, my answers come from a combination of the dictionary file and /dev/random | 14:51 |
elmiko | LOL | 14:51 |
ayoung | elmiko, I thin there is a different auth plugin you use to consume a trust. You doing that? | 14:52 |
ayoung | oh, wait. | 14:52 |
elmiko | yea, i'm using the Token auth plugin | 14:52 |
ayoung | failing to create the trust, not consuming | 14:52 |
ayoung | misread that ,sorry | 14:52 |
elmiko | yea | 14:52 |
ayoung | elmiko, debug | 14:52 |
elmiko | and i'm using keystoneclient.auth.identity.v3.Token for the auth | 14:53 |
ayoung | you sure the request is identical? | 14:53 |
ayoung | only difference is the auth plugin you use in the client? | 14:53 |
elmiko | yes | 14:53 |
*** jsavak has joined #openstack-keystone | 14:54 | |
elmiko | i'm trying to switch sahara to use Sessions, and this is a sticking point | 14:54 |
elmiko | so, i create the client with Client(session=session, auth=auth) | 14:54 |
elmiko | instead of Client(auth_url=..., username=..., etc....) | 14:54 |
ayoung | elmiko, can you paste the code? | 14:55 |
*** henrynash has joined #openstack-keystone | 14:55 | |
*** ChanServ sets mode: +v henrynash | 14:55 | |
elmiko | ayoung: ok, its kinda gnarly though | 14:55 |
ayoung | elmiko, so am I | 14:56 |
elmiko | fair point | 14:56 |
elmiko | https://github.com/elmiko/sahara/blob/bp/keystone-sessions/sahara/utils/openstack/keystone.py#L109 | 14:56 |
elmiko | that is the entry point to my auth | 14:56 |
ayoung | I look like this guy https://www.flickr.com/photos/39081697@N06/5524971477 | 14:57 |
elmiko | all my keystone client stuff happens in that file | 14:57 |
*** chlong has quit IRC | 14:57 | |
elmiko | lol, your hair is much messier than that ;) | 14:57 |
*** jecarey_ has joined #openstack-keystone | 14:58 | |
*** zzzeek has joined #openstack-keystone | 14:58 | |
*** jsavak has quit IRC | 14:58 | |
ayoung | elmiko, walk me through this...wghere does the initial token come from? The call that the user made to sahara? | 14:58 |
*** jsavak has joined #openstack-keystone | 14:58 | |
elmiko | ayoung: yes, ctx is our context object. the token is originating form X-Auth-Token header that user provides | 14:58 |
ayoung | elmiko, and you take that users token and use it to create a trust, but the create trust fails due to the missing project id? | 14:59 |
*** jecarey has quit IRC | 15:00 | |
elmiko | ayoung: yea, when i create the trust i get that error "Could not find project: f4d57bfbb9d54b3b8731ac4dfb155b1c" | 15:00 |
elmiko | ayoung: and that id is actually the id for my project | 15:00 |
*** jiaxi__ has quit IRC | 15:00 | |
elmiko | and it exists in the Default domain | 15:00 |
ayoung | elmiko, and the user has a role on that project? | 15:01 |
elmiko | yes | 15:01 |
elmiko | ayoung: i wonder if i need to also supply a user_domain_name when creating the auth plugin? | 15:01 |
elmiko | (i figured it would know that from the token) | 15:01 |
ayoung | elmiko, no clue. go look at the code | 15:02 |
elmiko | ayoung: ack, thanks for taking a look =) | 15:02 |
ayoung | but...it shouldn't....hmmm | 15:02 |
ayoung | I wonder if we are going to be breaking things here. | 15:03 |
*** topol has joined #openstack-keystone | 15:03 | |
*** ChanServ sets mode: +v topol | 15:03 | |
ayoung | You use a scoped token to create the auth plugin. | 15:03 |
ayoung | I don't know if that does a token-for-token thing | 15:03 |
elmiko | hmm | 15:03 |
amakarov | ayoung, hi! I want to backup unified delegation spec with some code - will it make sense to start actual implementation before spec is approved? | 15:04 |
elmiko | i used that token to create the Client object directly before (when it was working) | 15:04 |
ayoung | yep...we're going to be in trouble...not you elmiko | 15:04 |
* elmiko wipes brow | 15:04 | |
ayoung | amakarov, probably | 15:04 |
amakarov | ayoung, ok, thanks | 15:05 |
ayoung | elmiko, so., yeah, pull all of the data you need out of the ENV. http://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/auth/identity/v3/token.py#n34 | 15:05 |
ayoung | amakarov, a demo is worth a thousand slides | 15:06 |
elmiko | ayoung: ok, so basically build a more thoroughly scoped token? | 15:06 |
amakarov | ayoung, my thought exactly | 15:06 |
ayoung | elmiko, yep...and that is going to mess up some other code we have. Basically, I need to allow "use a token to get a token, but of the same or lesser scope" | 15:07 |
ayoung | actually, there is n "lesser scope" except maybe if we do explicit roles. But that does not exist yet | 15:07 |
*** pgbridge has joined #openstack-keystone | 15:07 | |
elmiko | ayoung: ok, i'll mess around with this a little more. thanks again | 15:07 |
elmiko | i'll let you know how it goes | 15:08 |
*** chlong has joined #openstack-keystone | 15:11 | |
*** piyanai has joined #openstack-keystone | 15:11 | |
*** dims_ has quit IRC | 15:17 | |
*** dims_ has joined #openstack-keystone | 15:17 | |
*** ankita_wagh has joined #openstack-keystone | 15:18 | |
*** dims_ is now known as dimsum__ | 15:21 | |
elmiko | ayoung: the api doesn't show this, neither does the code, but is it possible that the call to create the trust also should take a project_domain_id? | 15:22 |
ayoung | elmiko, I don't think that is what is failing for you | 15:22 |
ayoung | I think it is the token-for-token transfer | 15:23 |
ayoung | but...no, trusts are project ID only, I think | 15:23 |
elmiko | that's what the api says, project id only | 15:23 |
*** belmoreira has quit IRC | 15:24 | |
elmiko | ayoung: by token-for-token transfer, do you mean that the token auth plugin i create is somehow more narrowly scoped than the original? | 15:24 |
ayoung | elmiko, scoped the same...well, scoped based on what you pass in (unfortunately) | 15:24 |
ayoung | I need to talk to jamielennox|away about the token auth plugin after pyconau is over | 15:24 |
elmiko | ok, i'll dig into the keystoneclient code a little more in the meantime | 15:25 |
elmiko | ayoung: i'll make a clean section of code to demonstrate this and post it to the ML as well | 15:26 |
ayoung | elmiko, cool | 15:26 |
*** pballand has joined #openstack-keystone | 15:28 | |
*** ankita_wagh has quit IRC | 15:31 | |
*** ankita_wagh has joined #openstack-keystone | 15:32 | |
*** yottatsa has quit IRC | 15:35 | |
*** yottatsa has joined #openstack-keystone | 15:35 | |
openstackgerrit | Boris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity https://review.openstack.org/207960 | 15:36 |
*** henrynash has quit IRC | 15:40 | |
*** dikonoor has joined #openstack-keystone | 15:51 | |
*** jsavak has quit IRC | 15:53 | |
openstackgerrit | Merged openstack/keystone: Adds missing list_endpoints tests https://review.openstack.org/176434 | 15:53 |
*** josecastroleon has quit IRC | 15:54 | |
*** markvoelker has joined #openstack-keystone | 15:59 | |
*** jsavak has joined #openstack-keystone | 16:01 | |
*** markvoelker has quit IRC | 16:02 | |
*** bdossant has quit IRC | 16:03 | |
*** lhcheng has joined #openstack-keystone | 16:04 | |
*** ChanServ sets mode: +v lhcheng | 16:04 | |
*** browne has joined #openstack-keystone | 16:04 | |
*** geoffarnold has joined #openstack-keystone | 16:08 | |
*** mylu has quit IRC | 16:09 | |
*** geoffarnold has quit IRC | 16:10 | |
*** _cjones_ has joined #openstack-keystone | 16:11 | |
*** geoffarnold has joined #openstack-keystone | 16:11 | |
*** jecarey_ has quit IRC | 16:12 | |
*** e0ne has quit IRC | 16:13 | |
*** samleon has joined #openstack-keystone | 16:18 | |
*** mylu has joined #openstack-keystone | 16:19 | |
*** jsavak has quit IRC | 16:19 | |
*** jsavak has joined #openstack-keystone | 16:19 | |
*** piyanai has quit IRC | 16:20 | |
*** dikonoor has quit IRC | 16:23 | |
*** tjcocozz has quit IRC | 16:29 | |
*** piyanai has joined #openstack-keystone | 16:29 | |
*** piyanai has quit IRC | 16:31 | |
*** mylu has quit IRC | 16:33 | |
*** piyanai has joined #openstack-keystone | 16:34 | |
*** jamiec has joined #openstack-keystone | 16:40 | |
*** piyanai has quit IRC | 16:42 | |
*** jistr has quit IRC | 16:42 | |
*** spandhe has joined #openstack-keystone | 16:43 | |
*** piyanai has joined #openstack-keystone | 16:44 | |
*** fhubik has quit IRC | 16:45 | |
*** henrynash has joined #openstack-keystone | 16:47 | |
*** ChanServ sets mode: +v henrynash | 16:47 | |
*** mylu has joined #openstack-keystone | 16:47 | |
*** marzif_ has joined #openstack-keystone | 16:47 | |
*** jasonsb has quit IRC | 16:48 | |
*** jasonsb has joined #openstack-keystone | 16:48 | |
*** amit213 has quit IRC | 16:50 | |
*** amit213 has joined #openstack-keystone | 16:50 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Test to ensure fernet key rotation results in new key sets https://review.openstack.org/192817 | 16:51 |
openstackgerrit | Boris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity https://review.openstack.org/207960 | 16:52 |
*** browne has quit IRC | 16:53 | |
*** jasonsb has quit IRC | 16:53 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Add better user feedback when bind is not implemented https://review.openstack.org/203788 | 16:53 |
*** lhcheng_ has joined #openstack-keystone | 16:54 | |
*** jsavak has quit IRC | 16:56 | |
*** lhcheng has quit IRC | 16:56 | |
*** jsavak has joined #openstack-keystone | 16:56 | |
openstackgerrit | Boris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity https://review.openstack.org/207960 | 16:59 |
*** TheIntern has quit IRC | 17:00 | |
*** e0ne has joined #openstack-keystone | 17:03 | |
*** tsymanczyk has quit IRC | 17:03 | |
*** markvoelker has joined #openstack-keystone | 17:03 | |
openstackgerrit | Boris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity https://review.openstack.org/207960 | 17:05 |
*** chlong has quit IRC | 17:09 | |
*** Ephur has joined #openstack-keystone | 17:10 | |
*** jsavak has quit IRC | 17:11 | |
*** jsavak has joined #openstack-keystone | 17:12 | |
*** mylu has quit IRC | 17:16 | |
*** tjcocozz has joined #openstack-keystone | 17:20 | |
*** piyanai has quit IRC | 17:20 | |
henrynash | morganfainberg: ping | 17:21 |
*** ankita_wagh has quit IRC | 17:22 | |
*** mylu has joined #openstack-keystone | 17:23 | |
*** pballand has quit IRC | 17:23 | |
*** pballand has joined #openstack-keystone | 17:24 | |
*** markvoelker has quit IRC | 17:26 | |
*** e0ne has quit IRC | 17:33 | |
*** amakarov is now known as amakarov_away | 17:33 | |
*** e0ne has joined #openstack-keystone | 17:33 | |
*** browne has joined #openstack-keystone | 17:36 | |
*** henrynash has quit IRC | 17:42 | |
*** ankita_wagh has joined #openstack-keystone | 17:42 | |
lbragstad | I take it this isn't going to make it in this release? https://blueprints.launchpad.net/keystone/+spec/model-timestamps | 17:45 |
*** yottatsa has quit IRC | 17:50 | |
*** aix has quit IRC | 17:54 | |
*** haneef_ has quit IRC | 17:54 | |
*** jasonsb has joined #openstack-keystone | 17:54 | |
*** ankita_w_ has joined #openstack-keystone | 18:02 | |
*** tsymanczyk has joined #openstack-keystone | 18:05 | |
*** ankita_wagh has quit IRC | 18:05 | |
*** tsymanczyk is now known as Guest95037 | 18:06 | |
*** ankita_w_ has quit IRC | 18:11 | |
*** jsavak has quit IRC | 18:11 | |
*** ankita_wagh has joined #openstack-keystone | 18:11 | |
*** jsavak has joined #openstack-keystone | 18:13 | |
*** bknudson has quit IRC | 18:15 | |
*** mylu has quit IRC | 18:15 | |
*** TheIntern has joined #openstack-keystone | 18:20 | |
*** mattamizer has joined #openstack-keystone | 18:21 | |
*** bknudson has joined #openstack-keystone | 18:21 | |
*** ChanServ sets mode: +v bknudson | 18:21 | |
*** marzif_ has quit IRC | 18:25 | |
*** josecastroleon has joined #openstack-keystone | 18:27 | |
*** markvoelker has joined #openstack-keystone | 18:28 | |
*** mattamizer has quit IRC | 18:34 | |
*** e0ne has quit IRC | 18:37 | |
*** markvoelker has quit IRC | 18:37 | |
*** jsavak has quit IRC | 18:37 | |
*** e0ne has joined #openstack-keystone | 18:45 | |
*** Guest95037 has quit IRC | 18:45 | |
*** e0ne has quit IRC | 18:47 | |
*** tsymancz1k has joined #openstack-keystone | 18:48 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Fix the claimed expires_at & created_at timestamps for Fernet in v3 https://review.openstack.org/208021 | 18:50 |
*** jsavak has joined #openstack-keystone | 18:52 | |
*** josecastroleon has quit IRC | 18:57 | |
*** jsavak has quit IRC | 18:57 | |
*** jsavak has joined #openstack-keystone | 18:59 | |
*** tjcocozz has quit IRC | 19:01 | |
dolphm | lbragstad: the auditing concern has since been addressed by CADF | 19:11 |
dolphm | lbragstad: in fact, all of that is sort of addressed by CADF, it's just not exposed via HTTP | 19:11 |
openstackgerrit | Brant Knudson proposed openstack/keystone: admin and public httpd files https://review.openstack.org/194442 | 19:13 |
openstackgerrit | Brant Knudson proposed openstack/keystone: Update Httpd configuration docs for sites-available/enabled https://review.openstack.org/208025 | 19:13 |
lbragstad | gotcha, I was just going through all the sql reviews and stumbled across that | 19:14 |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Fix the claimed expires_at & created_at timestamps for Fernet https://review.openstack.org/208021 | 19:14 |
dolphm | lbragstad: ^ | 19:15 |
*** afazekas has joined #openstack-keystone | 19:18 | |
openstackgerrit | Brant Knudson proposed openstack/keystone: Use extras for ldap dependencies https://review.openstack.org/207602 | 19:19 |
openstackgerrit | Brant Knudson proposed openstack/keystone: admin and public httpd files https://review.openstack.org/194442 | 19:21 |
openstackgerrit | Brant Knudson proposed openstack/keystone: Use extras for memcache and MongoDB packages https://review.openstack.org/207620 | 19:24 |
*** ig0r_ has quit IRC | 19:26 | |
*** afazekas has quit IRC | 19:26 | |
*** tsymancz1k has quit IRC | 19:26 | |
*** roxanaghe has joined #openstack-keystone | 19:31 | |
*** e0ne has joined #openstack-keystone | 19:32 | |
*** openstack has joined #openstack-keystone | 19:33 | |
*** openstackstatus has joined #openstack-keystone | 19:34 | |
*** ChanServ sets mode: +v openstackstatus | 19:34 | |
*** tsymanczyk has joined #openstack-keystone | 19:34 | |
*** tsymanczyk is now known as Guest29544 | 19:35 | |
*** jsavak has quit IRC | 19:36 | |
*** jsavak has joined #openstack-keystone | 19:41 | |
openstackgerrit | Merged openstack/keystone: Explain the "or None" on eventlet's client_socket_timeout https://review.openstack.org/177443 | 19:46 |
openstackgerrit | Merged openstack/keystone: Explain the "or None" on eventlet's client_socket_timeout https://review.openstack.org/177443 | 19:46 |
*** rm_work|away is now known as rm_work | 19:49 | |
*** henrynash has joined #openstack-keystone | 19:49 | |
*** ChanServ sets mode: +v henrynash | 19:49 | |
openstackgerrit | Brant Knudson proposed openstack/keystone: Fix SmarterEncoder for python3 https://review.openstack.org/206785 | 19:52 |
openstackgerrit | Brant Knudson proposed openstack/keystone: Use dict.items() rather than six.iteritems() https://review.openstack.org/200762 | 19:52 |
openstackgerrit | Brant Knudson proposed openstack/keystonemiddleware: Merge test-requirements-py3.txt to test-requirements.txt https://review.openstack.org/206044 | 19:58 |
openstackgerrit | henry-nash proposed openstack/keystone-specs: Clarify project hierarchy and parent usage within the API https://review.openstack.org/200624 | 19:59 |
openstackgerrit | Brant Knudson proposed openstack/keystone: Extras for bandit https://review.openstack.org/207645 | 20:00 |
henrynash | stevemar, dstanek: I’m really keen that we get https://review.openstack.org/#/c/137202/ in as soon as we can, lots of other stuff depends on us having a manager level list_assignment method that supports filtering | 20:08 |
*** pballand_ has joined #openstack-keystone | 20:08 | |
*** topol has quit IRC | 20:08 | |
*** pballand has quit IRC | 20:10 | |
*** pballand_ is now known as pballand | 20:10 | |
openstackgerrit | Boris Bobrov proposed openstack/keystone: Prevent exception due to missing id of LDAP entity https://review.openstack.org/207960 | 20:16 |
*** Guest29544 has quit IRC | 20:24 | |
*** diazjf has left #openstack-keystone | 20:25 | |
*** TheIntern has quit IRC | 20:27 | |
*** e0ne has quit IRC | 20:30 | |
dgonzalez | Hi all, I am trying to set up a multi-region devstack environment (as explained here https://github.com/openstack-dev/devstack#multi-region-setup). When starting the second node (RegionTwo) the stack.sh script fails with the following message: | 20:38 |
dgonzalez | ERROR: openstack admin endpoint for identity service in RegionTwo region not found | 20:38 |
*** bapalm_ has quit IRC | 20:38 | |
dgonzalez | The command that causes this message is openstack --os-url=http://192.168.33.10:5000/v3 --os-identity-api-version=3 project create alt_demo --domain=default --or-show -f value -c id | 20:38 |
dgonzalez | Any idea what could cause this? | 20:39 |
dgonzalez | Could it be that the second region can not find the keystone endpoint, because it runs in the first region? | 20:39 |
*** ankita_w_ has joined #openstack-keystone | 20:42 | |
*** ankita_w_ has quit IRC | 20:43 | |
*** ankita_wagh has quit IRC | 20:44 | |
dolphm | dgonzalez: is it looking for an identity service in both regions? | 20:45 |
dolphm | dgonzalez: ++ to your last question | 20:45 |
morganfainberg | henrynash: pong | 20:46 |
*** aix has joined #openstack-keystone | 20:47 | |
morganfainberg | henrynash: i am in australia, so timezone is hard to sync up | 20:47 |
dgonzalez | dolphm: well i think it should be looking for the identity service in the first region (RegionOne), but the error message sounds like it is looking in the second region. | 20:47 |
dolphm | dgonzalez: do you have an OS_REGION env var set? | 20:48 |
dgonzalez | I did some multi-region setups with devstack in the past, but never stumbled across this error | 20:48 |
*** e0ne has joined #openstack-keystone | 20:48 | |
henrynash | morganfainberg: hi….not sure if you saw my earlier message…..I approved https://review.openstack.org/#/c/148730/ since it seemed to have sufficient +2s…but then suddenly realised, I’m not sure if we had agreed an exception for this? | 20:48 |
dolphm | dgonzalez: (or you could pass --os-region=RegionOne with your --os-url) | 20:48 |
*** doug-fish has left #openstack-keystone | 20:48 | |
dgonzalez | OS_REGION_NAME is set to RegionTwo | 20:48 |
morganfainberg | henrynash: meh. Its fine. | 20:48 |
henrynash | morganfainberg: ok. just wanted to check…. | 20:49 |
morganfainberg | henrynash: if your really worried send an email. But im ok with it | 20:49 |
henrynash | morganfainberg: oh, and don’t mention the cricket ! | 20:49 |
morganfainberg | Hahaha | 20:49 |
henrynash | morganfainberg: no, I’m not too worried, I’m not pushing it hard, just want to amke sure you were aware | 20:50 |
rodrigods | henrynash, there is some nits in the API spec to fix, btw | 20:51 |
dgonzalez | dolphm: I could do this when i run this script manually, but when installing a devstack environment this is not possible... | 20:51 |
henrynash | rodigods: feel free to propose a fix | 20:52 |
rodrigods | henrynash, ++ working full time in reseller stuff | 20:52 |
rodrigods | once I have some minutes I'll propose this fix | 20:52 |
henrynash | rodigods: probably the right thing | 20:52 |
*** roxanaghe has quit IRC | 20:52 | |
*** jsavak has quit IRC | 20:58 | |
*** jsavak has joined #openstack-keystone | 20:59 | |
*** jsavak has quit IRC | 21:03 | |
*** jsavak has joined #openstack-keystone | 21:03 | |
*** stevemar has quit IRC | 21:05 | |
*** stevemar has joined #openstack-keystone | 21:05 | |
*** ChanServ sets mode: +v stevemar | 21:05 | |
*** stevemar has quit IRC | 21:08 | |
*** tsymanczyk has joined #openstack-keystone | 21:09 | |
*** dsirrine has quit IRC | 21:09 | |
*** tsymanczyk is now known as Guest84815 | 21:09 | |
*** raildo has quit IRC | 21:09 | |
*** jsavak has quit IRC | 21:10 | |
*** jsavak has joined #openstack-keystone | 21:10 | |
*** hogepodge has quit IRC | 21:14 | |
*** Guest84815 has quit IRC | 21:18 | |
*** hogepodge has joined #openstack-keystone | 21:21 | |
*** boris-42 has joined #openstack-keystone | 21:23 | |
openstackgerrit | Rodrigo Duarte proposed openstack/keystone: Honor domain operations in project table https://review.openstack.org/143763 | 21:24 |
*** tsymanczyk has joined #openstack-keystone | 21:24 | |
*** tqtran has joined #openstack-keystone | 21:27 | |
*** henrynash has quit IRC | 21:27 | |
*** huats_ has joined #openstack-keystone | 21:28 | |
*** e0ne has quit IRC | 21:30 | |
*** bapalm_ has joined #openstack-keystone | 21:31 | |
openstackgerrit | Sam Leong proposed openstack/keystone: Tokenless authz with X.509 SSL client certificate https://review.openstack.org/156870 | 21:32 |
*** iurygregory has quit IRC | 21:34 | |
*** zzzeek has quit IRC | 21:43 | |
*** zzzeek has joined #openstack-keystone | 21:44 | |
*** jsavak has quit IRC | 21:50 | |
*** jsavak has joined #openstack-keystone | 21:51 | |
*** bapalm_ has quit IRC | 21:55 | |
*** piyanai has joined #openstack-keystone | 21:57 | |
*** gordc has quit IRC | 22:04 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Validate domain ownership for v2 tokens https://review.openstack.org/208069 | 22:04 |
*** htruta_____ has joined #openstack-keystone | 22:07 | |
*** htruta_____ has quit IRC | 22:20 | |
*** htruta has quit IRC | 22:21 | |
*** htruta has joined #openstack-keystone | 22:21 | |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Validate domain ownership for v2 tokens https://review.openstack.org/208069 | 22:23 |
openstackgerrit | Dolph Mathews proposed openstack/keystone: Fix the claimed expires_at & created_at timestamps for Fernet https://review.openstack.org/208021 | 22:23 |
*** htruta has quit IRC | 22:23 | |
*** htruta has joined #openstack-keystone | 22:23 | |
*** zzzeek has quit IRC | 22:27 | |
*** hrou has quit IRC | 22:33 | |
*** piyanai has quit IRC | 22:38 | |
*** samleon has quit IRC | 23:03 | |
*** jsavak has quit IRC | 23:08 | |
openstackgerrit | Dan Nguyen proposed openstack/keystone: Allow Domain Admin to get domain details https://review.openstack.org/208082 | 23:16 |
*** _cjones_ has quit IRC | 23:18 | |
*** jasonsb_ has joined #openstack-keystone | 23:23 | |
*** jasonsb has quit IRC | 23:23 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 23:26 | |
*** topol has joined #openstack-keystone | 23:30 | |
*** ChanServ sets mode: +v topol | 23:30 | |
*** topol has quit IRC | 23:35 | |
*** richm has quit IRC | 23:43 | |
*** hrou has joined #openstack-keystone | 23:43 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!