Wednesday, 2016-03-23

« Tuesday, 2016-03-22 Index Thursday, 2016-03-24 »
*** trown|outtypewww is now known as trown00:03
*** dims_ has joined #openstack-keystone00:03
*** dims has quit IRC00:04
stevemaranteaya: oh jeez, can't believe i forgot the tag00:05
* stevemar facepalms00:05
*** mylu has quit IRC00:05
stevemarserves me right for rushing it before i headed out00:05
*** arunkant has quit IRC00:07
openstackgerritDolph Mathews proposed openstack/keystone-specs: Shadow users (continuation for newton)  https://review.openstack.org/29612300:11
*** roxanaghe has quit IRC00:14
*** daemontool has quit IRC00:15
*** jorge_munoz has joined #openstack-keystone00:17
stevemardolphm: thank you for the spec00:18
*** mylu has joined #openstack-keystone00:20
morganstevemar: heh.00:21
*** jorge_munoz has quit IRC00:23
*** mylu has quit IRC00:25
*** aginwala has quit IRC00:28
*** shoutm_ has joined #openstack-keystone00:29
*** shoutm has quit IRC00:32
*** aginwala has joined #openstack-keystone00:32
*** spandhe has quit IRC00:32
*** shoutm_ has quit IRC00:34
*** shoutm has joined #openstack-keystone00:40
*** krotscheck has joined #openstack-keystone00:42
*** sdake has quit IRC00:50
*** sdake has joined #openstack-keystone00:51
*** lhcheng has quit IRC01:04
*** mylu has joined #openstack-keystone01:06
*** browne has quit IRC01:14
*** aginwala has quit IRC01:16
*** fawadkhaliq has quit IRC01:18
*** fawadkhaliq has joined #openstack-keystone01:18
*** aginwala has joined #openstack-keystone01:19
*** fawadkhaliq has quit IRC01:19
*** fawadkhaliq has joined #openstack-keystone01:20
*** EinstCrazy has joined #openstack-keystone01:21
*** shaleh has quit IRC01:22
*** mylu has quit IRC01:23
*** ayoung has joined #openstack-keystone01:32
*** ChanServ sets mode: +v ayoung01:32
openstackgerritRon De Rose proposed openstack/keystone: WIP - Cleaning up identity.core  https://review.openstack.org/29614001:33
*** mylu has joined #openstack-keystone01:33
*** dims_ has quit IRC01:40
*** csoukup has joined #openstack-keystone01:42
*** jasonsb has joined #openstack-keystone01:46
*** csoukup has quit IRC01:46
*** mylu has quit IRC01:54
*** jasonsb has quit IRC01:54
*** mylu has joined #openstack-keystone01:57
*** mylu has quit IRC01:58
*** mylu has joined #openstack-keystone02:00
*** fawadkhaliq has quit IRC02:01
*** fawadkhaliq has joined #openstack-keystone02:02
openstackgerritRon De Rose proposed openstack/keystone: WIP - Cleaning up identity.core  https://review.openstack.org/29614002:03
*** henrynash has joined #openstack-keystone02:03
*** ChanServ sets mode: +v henrynash02:03
*** shoutm has quit IRC02:05
*** shoutm_ has joined #openstack-keystone02:05
*** henrynash has quit IRC02:08
*** fawadkhaliq has quit IRC02:10
*** fawadkhaliq has joined #openstack-keystone02:10
*** jbell8 has joined #openstack-keystone02:11
*** mylu has quit IRC02:15
*** mylu has joined #openstack-keystone02:17
*** timcline has joined #openstack-keystone02:23
*** timcline_ has joined #openstack-keystone02:24
*** timcline has quit IRC02:25
*** Ephur has quit IRC02:26
*** woodster_ has quit IRC02:27
*** henrynash has joined #openstack-keystone02:28
*** ChanServ sets mode: +v henrynash02:28
openstackgerritRon De Rose proposed openstack/keystone: WIP - Cleaning up identity.core  https://review.openstack.org/29614002:28
*** lhcheng has joined #openstack-keystone02:29
*** ChanServ sets mode: +v lhcheng02:29
*** knikolla has quit IRC02:34
*** shoutm has joined #openstack-keystone02:38
*** mylu has quit IRC02:38
*** mylu has joined #openstack-keystone02:39
*** shoutm_ has quit IRC02:39
openstackgerritRon De Rose proposed openstack/keystone: Cleaning up identity.core  https://review.openstack.org/29614002:47
*** dan_nguyen has quit IRC02:50
*** fawadkhaliq has quit IRC02:51
*** aginwala has quit IRC02:51
*** fawadkhaliq has joined #openstack-keystone02:52
*** markvoelker has quit IRC02:59
*** henrynash has quit IRC03:00
*** fawadkhaliq has quit IRC03:01
*** fawadkhaliq has joined #openstack-keystone03:01
*** fawadkhaliq has quit IRC03:01
*** spandhe has joined #openstack-keystone03:01
*** fawadkhaliq has joined #openstack-keystone03:02
*** timcline_ has quit IRC03:04
*** timcline has joined #openstack-keystone03:05
*** timcline has quit IRC03:09
*** GB21 has joined #openstack-keystone03:12
*** mylu has quit IRC03:17
*** spandhe has quit IRC03:18
*** mylu has joined #openstack-keystone03:22
*** links has joined #openstack-keystone03:28
*** aginwala has joined #openstack-keystone03:29
*** aginwala has quit IRC03:33
*** timcline has joined #openstack-keystone03:35
*** timcline has quit IRC03:40
*** lhcheng has quit IRC03:42
*** GB21 has quit IRC03:44
*** richm has quit IRC03:45
*** shoutm has quit IRC03:47
*** shoutm has joined #openstack-keystone03:47
*** markvoelker has joined #openstack-keystone03:59
*** markvoelker has quit IRC04:04
*** shoutm has quit IRC04:06
*** shoutm has joined #openstack-keystone04:12
*** fawadkhaliq has quit IRC04:17
*** fawadkhaliq has joined #openstack-keystone04:17
*** lhcheng_ has joined #openstack-keystone04:21
*** jasonsb has joined #openstack-keystone04:22
*** dave-mccowan has quit IRC04:24
*** mylu has quit IRC04:32
*** fawadkhaliq has quit IRC04:35
*** timcline has joined #openstack-keystone04:36
*** fawadkhaliq has joined #openstack-keystone04:36
*** mylu has joined #openstack-keystone04:36
*** mylu has quit IRC04:38
*** lhcheng has joined #openstack-keystone04:39
*** ChanServ sets mode: +v lhcheng04:39
*** lhcheng_ has quit IRC04:39
*** nehap has joined #openstack-keystone04:40
*** timcline has quit IRC04:40
*** fawadkhaliq has quit IRC04:40
*** fawadkhaliq has joined #openstack-keystone04:41
*** aginwala has joined #openstack-keystone04:41
*** fawadkhaliq has quit IRC04:41
*** fawadkhaliq has joined #openstack-keystone04:42
*** fawadkhaliq has quit IRC04:42
*** aginwala has quit IRC04:43
*** fawadkhaliq has joined #openstack-keystone04:43
*** fawadkhaliq has quit IRC04:46
*** fawadkhaliq has joined #openstack-keystone04:46
*** nehap has quit IRC04:47
*** fawadkhaliq has quit IRC04:47
*** fawadkhaliq has joined #openstack-keystone04:48
*** fawadkhaliq has quit IRC04:48
*** fawadkhaliq has joined #openstack-keystone04:49
*** aginwala has joined #openstack-keystone04:49
*** mylu has joined #openstack-keystone04:50
*** furface has quit IRC04:53
*** GB21 has joined #openstack-keystone04:58
*** nehap has joined #openstack-keystone05:03
*** GB21 has quit IRC05:07
*** GB21 has joined #openstack-keystone05:07
*** gangaec has joined #openstack-keystone05:12
*** gangaec has left #openstack-keystone05:13
*** gangaec has joined #openstack-keystone05:14
*** mylu has quit IRC05:17
*** shoutm_ has joined #openstack-keystone05:22
*** shoutm has quit IRC05:25
*** nehap has quit IRC05:31
*** jbell8 has quit IRC05:34
*** timcline has joined #openstack-keystone05:37
*** lhcheng has quit IRC05:39
*** timcline has quit IRC05:41
*** roxanaghe has joined #openstack-keystone05:43
*** shoutm has joined #openstack-keystone05:43
*** shoutm_ has quit IRC05:45
*** furface has joined #openstack-keystone05:48
*** roxanaghe has quit IRC05:50
*** naresht has joined #openstack-keystone05:52
*** timcline has joined #openstack-keystone05:55
*** timcline has quit IRC05:59
*** markvoelker has joined #openstack-keystone06:00
*** fawadkhaliq has quit IRC06:03
*** fawadkhaliq has joined #openstack-keystone06:04
*** markvoelker has quit IRC06:04
*** jasonsb has quit IRC06:06
*** henrynash has joined #openstack-keystone06:09
*** ChanServ sets mode: +v henrynash06:09
*** roxanaghe has joined #openstack-keystone06:11
*** roxanaghe has quit IRC06:15
*** fawadkhaliq has quit IRC06:20
*** fawadkhaliq has joined #openstack-keystone06:21
*** fawadkhaliq has quit IRC06:25
*** fawadkhaliq has joined #openstack-keystone06:25
*** fawadkhaliq has quit IRC06:26
*** fawadkhaliq has joined #openstack-keystone06:26
*** fawadkhaliq has quit IRC06:27
*** fawadkhaliq has joined #openstack-keystone06:28
*** fawadkhaliq has quit IRC06:28
*** fawadkhaliq has joined #openstack-keystone06:29
*** lhcheng has joined #openstack-keystone06:29
*** ChanServ sets mode: +v lhcheng06:29
*** sdake_ has joined #openstack-keystone06:35
*** sdake has quit IRC06:36
*** henrynash has quit IRC06:42
*** sdake_ has quit IRC06:44
*** sdake has joined #openstack-keystone06:44
*** wanghua has joined #openstack-keystone06:51
*** timcline has joined #openstack-keystone06:55
*** pnavarro has quit IRC06:56
*** e0ne has joined #openstack-keystone06:58
*** timcline has quit IRC07:00
*** markvoelker has joined #openstack-keystone07:01
*** markvoelker has quit IRC07:07
*** rk4n has joined #openstack-keystone07:15
*** rk4n has quit IRC07:16
*** henrynash has joined #openstack-keystone07:19
*** ChanServ sets mode: +v henrynash07:19
*** bjornar has quit IRC07:20
*** GB21 has quit IRC07:23
*** sdake has quit IRC07:23
*** GB21 has joined #openstack-keystone07:25
*** e0ne has quit IRC07:28
*** aginwala has quit IRC07:29
*** roxanaghe has joined #openstack-keystone07:32
*** roxanaghe has quit IRC07:36
*** shoutm_ has joined #openstack-keystone07:37
*** shoutm has quit IRC07:39
*** lhcheng has quit IRC07:39
*** tesseract has joined #openstack-keystone07:41
*** spandhe has joined #openstack-keystone07:41
*** tesseract is now known as Guest6084207:41
*** shoutm_ has quit IRC07:41
*** shoutm has joined #openstack-keystone07:42
*** GB21 has quit IRC07:49
*** rk4n has joined #openstack-keystone07:51
*** lhcheng has joined #openstack-keystone07:51
*** ChanServ sets mode: +v lhcheng07:51
*** timcline has joined #openstack-keystone07:56
*** timcline has quit IRC08:01
*** jaosorior has joined #openstack-keystone08:06
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value to server side  https://review.openstack.org/29624608:11
*** EinstCra_ has joined #openstack-keystone08:13
*** spandhe has quit IRC08:16
*** EinstCrazy has quit IRC08:16
*** bjornar has joined #openstack-keystone08:30
*** shoutm_ has joined #openstack-keystone08:32
*** xek has quit IRC08:32
*** roxanaghe has joined #openstack-keystone08:33
*** xek has joined #openstack-keystone08:33
*** shoutm_ has quit IRC08:33
*** shoutm has quit IRC08:35
*** roxanaghe has quit IRC08:37
*** lhcheng has quit IRC08:39
*** permalac has joined #openstack-keystone08:43
*** jed56 has joined #openstack-keystone08:44
*** GB21 has joined #openstack-keystone08:54
*** timcline has joined #openstack-keystone08:57
*** henrynash has quit IRC09:00
*** links has quit IRC09:01
*** timcline has quit IRC09:02
*** e0ne has joined #openstack-keystone09:03
*** markvoelker has joined #openstack-keystone09:03
*** openstackgerrit has quit IRC09:03
*** openstackgerrit has joined #openstack-keystone09:03
*** doug-fish has quit IRC09:04
*** henrynash has joined #openstack-keystone09:05
*** ChanServ sets mode: +v henrynash09:05
*** markvoelker has quit IRC09:08
*** browne has joined #openstack-keystone09:11
*** nisha has joined #openstack-keystone09:17
*** links has joined #openstack-keystone09:18
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624609:30
*** roxanaghe has joined #openstack-keystone09:34
*** browne has quit IRC09:34
*** daemontool has joined #openstack-keystone09:35
*** daemontool_ has joined #openstack-keystone09:36
*** daemontool_ has quit IRC09:36
*** roxanaghe has quit IRC09:38
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624609:48
*** timcline has joined #openstack-keystone09:58
*** dims has joined #openstack-keystone10:00
*** timcline has quit IRC10:02
*** wanghua has quit IRC10:04
*** GB21 has quit IRC10:05
*** links has quit IRC10:05
*** LZ has quit IRC10:09
*** EinstCra_ has quit IRC10:10
*** nisha has quit IRC10:14
*** nisha has joined #openstack-keystone10:15
*** links has joined #openstack-keystone10:21
*** GB21 has joined #openstack-keystone10:22
*** shoutm has joined #openstack-keystone10:25
*** lhcheng has joined #openstack-keystone10:28
*** ChanServ sets mode: +v lhcheng10:28
*** ankur has quit IRC10:31
*** lhcheng has quit IRC10:33
*** nehap has joined #openstack-keystone10:34
*** jaosorior has quit IRC10:34
*** nehap has quit IRC10:35
*** e0ne has quit IRC10:35
*** jaosorior has joined #openstack-keystone10:36
openstackgerrithenry-nash proposed openstack/keystone: Fix table row counting SQL for MySQL and Postgresql  https://review.openstack.org/29601710:37
*** mvk has joined #openstack-keystone10:39
*** nisha_ has joined #openstack-keystone10:40
*** nisha has quit IRC10:42
*** henrynash has quit IRC10:44
*** e0ne has joined #openstack-keystone10:45
*** henrynash has joined #openstack-keystone10:48
*** ChanServ sets mode: +v henrynash10:48
*** timcline has joined #openstack-keystone10:58
*** timcline has quit IRC11:03
*** markvoelker has joined #openstack-keystone11:04
*** dims_ has joined #openstack-keystone11:05
*** dims has quit IRC11:06
*** nisha_ has quit IRC11:08
*** markvoelker has quit IRC11:08
*** GB21 has quit IRC11:15
*** henrynash has quit IRC11:16
*** roxanaghe has joined #openstack-keystone11:22
*** doug-fish has joined #openstack-keystone11:22
*** roxanaghe has quit IRC11:26
afazekasayoung, can you have look on this https://review.openstack.org/#/c/295862/ is it the intended config ?11:28
patchbotafazekas: patch 295862 - openstack-dev/devstack - Configure the admin as admin11:28
*** henrynash has joined #openstack-keystone11:31
*** david-lyle_ has joined #openstack-keystone11:58
*** timcline has joined #openstack-keystone11:59
*** david-lyle has quit IRC12:00
*** timcline has quit IRC12:03
*** markvoelker has joined #openstack-keystone12:20
*** GB21 has joined #openstack-keystone12:21
*** edmondsw has joined #openstack-keystone12:28
*** raildo-afk is now known as raildo12:30
*** pauloewerton has joined #openstack-keystone12:39
*** EinstCrazy has joined #openstack-keystone12:42
*** dave-mccowan has joined #openstack-keystone12:52
*** ninag has joined #openstack-keystone12:53
*** timcline has joined #openstack-keystone13:00
*** links has quit IRC13:01
*** Ephur has joined #openstack-keystone13:04
*** timcline has quit IRC13:04
*** david-lyle_ is now known as david-lyle13:06
*** jsavak has joined #openstack-keystone13:07
*** roxanaghe has joined #openstack-keystone13:10
*** rodrigods has quit IRC13:11
*** rodrigods has joined #openstack-keystone13:11
*** roxanaghe has quit IRC13:14
*** richm has joined #openstack-keystone13:18
*** GB21 has quit IRC13:27
*** jaugustine has joined #openstack-keystone13:28
*** trown is now known as trown|afk13:28
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_implied_roles_fk_on_delete_cascade  https://review.openstack.org/29601813:29
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_migrate_data_to_local_user_and_password_tables  https://review.openstack.org/29604113:29
openstackgerritBrant Knudson proposed openstack/keystone: Opportunistic testing with different DBs  https://review.openstack.org/29583713:29
*** rcrit_ has left #openstack-keystone13:30
*** GB21 has joined #openstack-keystone13:33
*** daemontool_ has joined #openstack-keystone13:33
*** daemontool has quit IRC13:33
*** ninag has quit IRC13:35
*** ninag has joined #openstack-keystone13:36
*** ninag has quit IRC13:37
*** ninag has joined #openstack-keystone13:37
*** knikolla has joined #openstack-keystone13:39
*** timcline has joined #openstack-keystone13:44
*** henrynash has joined #openstack-keystone13:45
*** ChanServ sets mode: +v henrynash13:45
*** mvk_ has joined #openstack-keystone13:45
anteayastevemar: you will get the world, hope they come up with good suggestions :)13:47
*** thiagolib has joined #openstack-keystone13:48
*** mkrcmari__ has joined #openstack-keystone13:48
*** gordc has joined #openstack-keystone13:49
*** timcline has quit IRC13:49
*** GB21 has quit IRC13:49
*** mvk has quit IRC13:50
*** timcline has joined #openstack-keystone13:50
*** pushkaru has joined #openstack-keystone13:50
*** trown|afk is now known as trown13:51
*** mvk_ has quit IRC13:52
*** mvk_ has joined #openstack-keystone13:55
*** mvk has joined #openstack-keystone13:57
*** csoukup has joined #openstack-keystone13:57
*** mkrcmari__ has quit IRC13:58
*** BigWillie has joined #openstack-keystone13:59
*** mvk_ has quit IRC13:59
*** mvk has quit IRC14:01
*** sigmavirus24_awa is now known as sigmavirus2414:01
*** dims has joined #openstack-keystone14:04
*** dims_ has quit IRC14:04
*** openstack has joined #openstack-keystone14:21
ayoungafazekas, awesome.  +1 from me.14:22
*** real56 has quit IRC14:23
*** real56 has joined #openstack-keystone14:23
anteayastevemar: :)14:24
*** ametts has joined #openstack-keystone14:24
ayoungstevemar, can you reinforce? https://review.openstack.org/#/c/295862/214:26
patchbotayoung: patch 295862 - openstack-dev/devstack - Configure the admin as admin14:26
*** sdake has joined #openstack-keystone14:27
stevemarayoung: just did14:30
ayoungstevemar, I was looking ast Stackalytics or whatever it is called.. you are like Atlas here, holding up the world on your shoulders.  Well done....14:31
ayounghttp://stackalytics.com/  #4 overall.14:31
ayoung-2|-1|+1|+2|A|x (+ ratio)   ==  4|31|9|143|71  for me....14:33
ayoungdamn I am too nice.14:33
stevemarayoung: it's been an interesting release to say the least14:34
stevemarayoung: i felt like i had to up my review game14:34
ayoungstevemar, the PTL job is lots of responsibility, minimum authority.  You are kicking at, and hard.14:34
knikollagamification of reviews14:35
ayoungknikolla, oh, we have that, too.  Though, I have not had to submit a review under a new change ID to avoid a -2 since termie left the project14:35
*** slberger has joined #openstack-keystone14:35
stevemarayoung: yeah, that played a major factor. i had the idea in my head that if i took on a bulk of the work then that would free everyone else up14:36
ayoungstevemar, we need to work to delegate that better.  As Isee it, core should be doing the majority of the reviews, and PTL should be reviewing core...if that makes sense14:36
* ayoung thinking like an Army OFfcier again14:37
ayoungBut you don't have the authority to force me to do reviews....so we would have to resort to public shaming and the lash.14:37
*** shoutm has quit IRC14:37
samueldmqbknudson: dstanek: I am trying to figure out how would it be to use fixtures in those ksclient tests14:39
stevemarayoung: hehe, or pleading :P14:39
stevemarbut i agree, a most delegating would help. i need to stop acting like an MMO tank14:40
bknudsonsamueldmq: you would have a fixture to represent a user.14:43
*** henrynash has quit IRC14:43
*** timcline has quit IRC14:44
*** henrynash has joined #openstack-keystone14:44
*** timcline has joined #openstack-keystone14:44
samueldmqbknudson: what is a fixtures for ?14:45
samueldmqbknudson: from the examples I saw, I could create a UserFixture and define setUp within it14:45
bknudsonsamueldmq: it encapsulates the setup and cleanup of a resource14:45
bknudsonsamueldmq: yes, that's what it would do.14:45
samueldmqbknudson: then create what  Ineed and call addCleanUp as well14:46
samueldmqbknudson: if I need a user in my tests; I'd create it there (calling the client, etc) as I am doing right now, but within the class itself14:46
bknudsonright14:46
samueldmqbknudson: nice, will post an update soon14:47
samueldmqthx14:47
*** david-lyle_ is now known as david-lyle14:47
bknudsonthere shouldn't be a need to call new_user_ref() since the fixture can hold the ref14:47
bknudsonthe dict14:47
*** sdake_ has joined #openstack-keystone14:48
samueldmqbknudson: ok14:48
*** ninag has quit IRC14:48
*** sdake has quit IRC14:49
samueldmqbknudson: so using fixtures those new_*_ref are unlikely to be needed at all14:49
*** timcline has quit IRC14:49
samueldmqI'd only need that to complex cases where the fixtures aren't enough14:49
bknudsonfor functional tests, probably won't need them14:49
samueldmqcool14:50
*** zzzeek has quit IRC14:50
*** ninag has joined #openstack-keystone14:51
*** ninag has quit IRC14:51
*** ninag has joined #openstack-keystone14:51
*** SDub has joined #openstack-keystone14:51
SDubHi, I am in the middle of upgrading our production instance of OS from icehouse to juno, and we've encountered an error we didn't anticipate. When syncing the keystone database, we're having multiple failures, but from version 52 to 53 is when it starts. Could someone advise me on what to do?14:52
*** sdake has joined #openstack-keystone14:53
*** sdake_ has quit IRC14:53
*** ninag has quit IRC14:55
bknudsonayoung: another good reason to have our tempest plugin outside of keystone is that then if you want to run it you don't have to install all of keystone and its dependencies.14:55
ayoungbknudson, ++14:55
ayoungI like that14:55
*** roxanaghe has joined #openstack-keystone14:56
*** jsavak has quit IRC14:56
bknudsonI'm still fine with it either way, but there's a few good arguments for a new lib14:56
bknudsonthe new lib would be branchless just like tempest and unlike keystone14:56
*** bjornar has quit IRC14:57
stevemarbknudson: we could work on it in keystone proper right now and we can easily create a new repo when we have something substantial14:58
bknudsonyes, no need to worry about getting it right to begin with since it's easy to change14:58
stevemaryeppers14:59
*** trown|meeting is now known as trown15:00
*** roxanaghe has quit IRC15:00
*** ninag has joined #openstack-keystone15:00
*** diazjf has joined #openstack-keystone15:01
*** rderose has joined #openstack-keystone15:02
*** zzzeek has joined #openstack-keystone15:02
*** EinstCrazy has quit IRC15:03
*** gordc has quit IRC15:03
*** jsavak has joined #openstack-keystone15:03
*** jorge_munoz has joined #openstack-keystone15:04
*** SDub__ has joined #openstack-keystone15:07
*** SDub has quit IRC15:07
*** openstackstatus has joined #openstack-keystone15:12
*** ChanServ sets mode: +v openstackstatus15:12
*** alextricity_h has joined #openstack-keystone15:12
*** jbell8 has joined #openstack-keystone15:15
*** timcline has joined #openstack-keystone15:15
*** knikolla_ has joined #openstack-keystone15:15
*** jbell8 has quit IRC15:19
*** timcline has quit IRC15:19
*** jbell8 has joined #openstack-keystone15:19
openstackgerritDina Belova proposed openstack/keystone: Add DB operations tracing  https://review.openstack.org/29453515:20
*** gddub has joined #openstack-keystone15:20
*** browne has joined #openstack-keystone15:22
*** nehap has joined #openstack-keystone15:23
*** nehap has left #openstack-keystone15:23
harlowja_at_homeayoung, i added the insecure messaging stuff to  https://etherpad.openstack.org/p/newton-cross-project-sessions if u are interested15:25
*** knikolla_ has quit IRC15:25
harlowja_at_homei think it needs to be talked about in the wider forum15:25
*** agrebennikov has joined #openstack-keystone15:25
ayoungharlowja_at_home, fan.tas.tic!15:25
harlowja_at_home:-P15:25
harlowja_at_homethx, i didn't want to fill in a abstract, lol15:26
harlowja_at_homenot yet at least ;)15:26
*** jaosorior has quit IRC15:27
harlowja_at_homemessaging, u so scary, lol15:28
*** jsavak has quit IRC15:28
*** gyee has joined #openstack-keystone15:29
*** ChanServ sets mode: +v gyee15:29
ayoungharlowja_at_home, how do you like that?15:29
harlowja_at_homeseems good to me, lol15:29
*** jsavak has joined #openstack-keystone15:29
harlowja_at_homebtw, ayoung how much u climb still?15:30
harlowja_at_homei'm pretty active (mostly indoors still, as not everyone i know goes outdoors, ha)15:30
* harlowja_at_home saw http://adam.younglogic.com/climbing/ :-P15:31
ayoungharlowja_at_home, I joined a new Gym in December, and have been unable to go regularly enough to get strong enough to pas the lead test15:32
harlowja_at_home:(15:32
harlowja_at_homeawwww15:32
ayoungharlowja_at_home, dad/husband stuff.15:32
harlowja_at_homeya, fair nuff15:32
ayoungWife was recovering from Surgery through most of the winter...she's better now. I was in on Sunday, planning to go today15:32
ayoungBut youngest son is home with a cold...15:33
ayoungharlowja_at_home, I can actually work from there15:33
ayounghttp://brooklynboulders.com/somerville/15:33
harlowja_at_homenice nice, prettier webpage than what planet granite has, lol15:34
bretonstevemar: yeah, please don't get burned out with reviews :)15:34
*** timcline has joined #openstack-keystone15:35
harlowja_at_homeayoung, maybe find a gym in austin, i know another guy that would go, beats some of those parties IMHO, ha15:35
ayoungharlowja_at_home, already discussed that with jaosoriar15:36
harlowja_at_homelol15:36
harlowja_at_homeok, that makes 4 (if the other guy will go)15:36
ayoungharlowja_at_home, I'm thinkgin either Austin Rock Gym or North Austin Rock gym.  My Gut says "North"15:37
ayoungusually the newer the gym, the better the features15:37
harlowja_at_homeah, ya, if its newer, then def15:38
ayoungand if they added "North" it was the second gym15:38
ayounghttp://www.austinrockgym.com/15:38
ayoungAh...no15:38
ayoungNorth is bouldering only15:38
harlowja_at_homeya, i'd be fine with that, although bouldering and me == meh, lol15:38
ayounghttp://www.austinrockgym.com/south-austin-rock-gym-sarg/15:38
harlowja_at_homeya, seems like south for sport climbing15:39
*** timcline has quit IRC15:40
ayoungharlowja_at_home, lets shoot for Monday night.15:40
ayoungthat way, if we like it, we can hit it again later in the week15:40
harlowja_at_homeseems fine with me15:40
harlowja_at_homei think15:40
harlowja_at_homegotta double check my other plans, ha15:41
ayoungOooh, THursday is opoen til Midnight15:41
*** jsavak has quit IRC15:41
harlowja_at_homedepends how long u guys can last, lol15:41
harlowja_at_homei've been doing 12b recently (top rope) and like 12a (lead),, sooo thats where i'm at15:42
ayoungstevemar, so...merging Policy blobs.  I want to make this a command line tool, like the policy checker.15:42
ayoungharlowja_at_home, much stronger than I am.15:42
ayoungThat was my high water mark 10+ years ago15:42
harlowja_at_homeu might be 10 years older than me :-P15:42
ayoungBut I'll belay you.  Let's see if we can rent lead ropes.15:42
harlowja_at_homedef15:42
ayoungharlowja_at_home, 45 this summer....15:43
harlowja_at_homeya, so 10 ;)15:43
harlowja_at_home1115:43
*** jsavak has joined #openstack-keystone15:43
harlowja_at_homeclose enough15:43
*** jaosorior has joined #openstack-keystone15:44
ayoungharlowja_at_home, it ain't the years.   Its the children.15:45
harlowja_at_homeah15:45
harlowja_at_homeya ya15:45
harlowja_at_homeand gym time spent :-P15:45
*** bjornar has joined #openstack-keystone15:49
*** timcline has joined #openstack-keystone15:49
*** woodster_ has joined #openstack-keystone15:49
*** timcline has quit IRC15:52
*** timcline has joined #openstack-keystone15:52
*** fawadkhaliq has quit IRC15:54
*** jbell8 has quit IRC15:54
*** jbell8 has joined #openstack-keystone15:54
*** roxanaghe has joined #openstack-keystone15:56
*** jsavak has quit IRC15:57
*** jsavak has joined #openstack-keystone15:58
*** bjornar has quit IRC15:58
*** mvk has joined #openstack-keystone15:59
*** roxanaghe has quit IRC16:02
openstackgerritBrant Knudson proposed openstack/keystone: Fix table row counting SQL for MySQL and Postgresql  https://review.openstack.org/29601716:03
openstackgerritBrant Knudson proposed openstack/keystone: Fix test_add_int_pkey_to_revocation_event_table for MySQL  https://review.openstack.org/29601616:03
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_implied_roles_fk_on_delete_cascade  https://review.openstack.org/29601816:03
openstackgerritBrant Knudson proposed openstack/keystone: Switch migration tests to oslo.db DbTestCase  https://review.openstack.org/29424616:03
openstackgerritBrant Knudson proposed openstack/keystone: Correct test_migrate_data_to_local_user_and_password_tables  https://review.openstack.org/29604116:03
openstackgerritBrant Knudson proposed openstack/keystone: Opportunistic testing with different DBs  https://review.openstack.org/29583716:03
bknudsonopportunistic testing should be ready to go16:04
*** diazjf has quit IRC16:04
stevemarbknudson: nice16:04
stevemar+2 the whole chain!16:04
* stevemar actually goes to review it16:04
stevemarbknudson: you changed up the order16:06
*** links has joined #openstack-keystone16:06
stevemarSwitch migration tests to oslo.db DbTestCase was first16:06
bknudsonyes, there were a couple of easy fixes that didn't depend on the switch to DbTestCase.16:06
bknudsonI could have moved the other fixes, too.16:06
stevemarbknudson: gotcha16:07
bknudsonbut then I'd have to revert some changes and then reapply them in the switch16:07
*** dan_nguyen has joined #openstack-keystone16:08
stevemarbknudson: ah we had to change keystone/common/sql/core.py eh16:08
stevemari don't like it when we have to change code to account for tests16:08
bknudsonstevemar: it's tricky because with sqlite in-memory testing you need to use the same engine for all ops (otherwise you get an empty db)16:09
stevemaryeah, this change seems inevitable16:09
stevemarunavoidable*16:09
stevemarwe are also losing db2 testing :(16:09
stevemarnot that it was ever really tested16:09
stevemarbut now we're losing the ability to test it at all?16:10
bknudsonanother option is to change sql.core to use the oslo.db global transaction in both test and non-test situation. I didn't try it.16:10
bknudsonI believe you can still test with db2 you just have to set an env var.16:10
bknudsonI didn't try testing with db2.16:10
stevemarbknudson: it's not tested anyway16:12
bknudsony, somehow we couldn't convince our team to get their ci working.16:13
bknudsonwe don't have much pull around here16:14
stevemarbknudson: i've never had pull anywhere16:15
*** rderose has quit IRC16:18
*** real56 has quit IRC16:18
*** real56 has joined #openstack-keystone16:19
*** trown is now known as trown|lunch16:19
*** thiagolib has quit IRC16:19
*** Guest60842 has quit IRC16:21
*** rderose has joined #openstack-keystone16:21
*** real56 has quit IRC16:24
*** real56 has joined #openstack-keystone16:25
*** alextricity_h has quit IRC16:27
dstaneksamueldmq: did you get it figured out?16:27
*** sigmavirus24 is now known as sigmavirus24_awa16:29
*** jasonsb has joined #openstack-keystone16:30
*** tqtran has joined #openstack-keystone16:30
*** fawadkhaliq has joined #openstack-keystone16:31
*** gordc has joined #openstack-keystone16:32
*** david-lyle has quit IRC16:33
*** david-lyle has joined #openstack-keystone16:33
*** spzala has quit IRC16:33
*** lhcheng has joined #openstack-keystone16:35
*** ChanServ sets mode: +v lhcheng16:35
*** fawadkhaliq has quit IRC16:35
*** fawadkhaliq has joined #openstack-keystone16:36
*** gangaec has quit IRC16:37
*** jasonsb has quit IRC16:38
*** browne has quit IRC16:38
*** jasonsb has joined #openstack-keystone16:39
*** naresht has quit IRC16:39
*** spzala has joined #openstack-keystone16:39
*** real56 has quit IRC16:40
*** real56 has joined #openstack-keystone16:41
*** fundcor has joined #openstack-keystone16:42
*** gddub has quit IRC16:43
*** aginwala has joined #openstack-keystone16:44
*** spzala has quit IRC16:44
*** spzala has joined #openstack-keystone16:45
*** spzala_ has joined #openstack-keystone16:48
*** aginwala has quit IRC16:49
*** links has quit IRC16:49
*** spzala has quit IRC16:50
*** spzala_ has quit IRC16:53
*** spzala has joined #openstack-keystone16:54
*** spzala_ has joined #openstack-keystone16:56
*** spzala has quit IRC16:58
*** spzala_ has quit IRC17:00
*** maxabidi has joined #openstack-keystone17:02
*** spzala has joined #openstack-keystone17:02
*** roxanaghe has joined #openstack-keystone17:02
*** arunkant has joined #openstack-keystone17:03
*** spzala_ has joined #openstack-keystone17:04
*** dims_ has quit IRC17:05
*** spzala has quit IRC17:06
*** dims has joined #openstack-keystone17:06
*** diazjf has joined #openstack-keystone17:07
*** diazjf has quit IRC17:07
*** spzala_ has quit IRC17:08
*** spzala_ has joined #openstack-keystone17:09
openstackgerritColleen Murphy proposed openstack/keystone: Fix keystone-manage config file path  https://review.openstack.org/29611017:09
*** jasonsb has quit IRC17:09
*** real56 has quit IRC17:11
*** real56 has joined #openstack-keystone17:12
*** bjornar has joined #openstack-keystone17:12
*** spzala_ has quit IRC17:13
*** spzala has joined #openstack-keystone17:14
*** spzala has quit IRC17:19
*** spzala has joined #openstack-keystone17:20
*** mylu has joined #openstack-keystone17:22
*** real56 has quit IRC17:24
samueldmqdstanek: yep, thanks17:24
samueldmq:)17:24
*** real56 has joined #openstack-keystone17:24
*** spzala has quit IRC17:25
*** aginwala has joined #openstack-keystone17:26
*** roxanagh_ has joined #openstack-keystone17:27
morganstevemar: https://review.openstack.org/#/c/295641/2 should be a quick +2/+A now. crinkle has it all happy passing the gate17:28
patchbotmorgan: patch 295641 - keystone - Implement HEAD method for all v3 GET actions17:28
*** spzala has joined #openstack-keystone17:28
*** rcernin has quit IRC17:29
*** browne has joined #openstack-keystone17:31
*** roxanagh_ has quit IRC17:31
*** real56 has quit IRC17:33
*** spzala has quit IRC17:33
*** real56 has joined #openstack-keystone17:34
*** spzala has joined #openstack-keystone17:34
*** real56 has quit IRC17:35
*** fawadkhaliq has quit IRC17:36
*** trown|lunch is now known as trown17:36
*** real56 has joined #openstack-keystone17:36
*** fawadkhaliq has joined #openstack-keystone17:37
*** spzala has quit IRC17:39
*** pushkaru has quit IRC17:39
*** pushkaru has joined #openstack-keystone17:39
*** fawadkhaliq has quit IRC17:39
*** fawadkhaliq has joined #openstack-keystone17:39
*** henrynash has joined #openstack-keystone17:39
*** ChanServ sets mode: +v henrynash17:39
*** henrynash has quit IRC17:40
*** fawadkhaliq has quit IRC17:41
*** fawadkhaliq has joined #openstack-keystone17:41
openstackgerritBoris Bobrov proposed openstack/keystone: Correct test to support changing N release name  https://review.openstack.org/29120717:45
*** fawadkhaliq has quit IRC17:47
*** fawadkhaliq has joined #openstack-keystone17:47
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663917:48
*** real56 has quit IRC17:48
*** spzala_ has joined #openstack-keystone17:48
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663917:49
*** real56 has joined #openstack-keystone17:49
*** real56 has quit IRC17:52
*** spzala_ has quit IRC17:52
*** ninag has quit IRC17:54
*** spzala has joined #openstack-keystone17:54
*** spandhe has joined #openstack-keystone17:58
*** spzala has quit IRC17:58
*** pumarani__ has joined #openstack-keystone18:00
*** tellesnobrega is now known as tellesnobrega_af18:01
*** jsavak has quit IRC18:02
*** tellesnobrega_af is now known as tellesnobrega18:02
*** jsavak has joined #openstack-keystone18:02
*** pushkaru has quit IRC18:03
*** sigmavirus24_awa is now known as sigmavirus2418:06
*** spzala has joined #openstack-keystone18:06
edmondswstevemar Why does "openstack user list --long" have a column for project? user's aren't project-specific...18:07
stevemaredmondsw: hang over from v2 probably18:12
edmondswstevemar, how would that have made sense in v2?18:12
stevemaredmondsw: users had default projects18:13
*** jaosorior has quit IRC18:13
edmondswah, true18:13
edmondswdo we not allow default projects for users in v3?18:13
bretonthere is no such thing as default project in v318:14
stevemar^18:14
edmondswgood to know18:14
bretonthere are roles assigned18:14
edmondswwhy not?18:14
bretonto user for a project18:14
*** krotscheck has quit IRC18:14
*** krotscheck has joined #openstack-keystone18:15
bretonbecause it didn't let us do proper access control18:15
edmondswsure, but a default project could still be useful for horizon, to log you into your default project18:15
stevemarbreton: thanks for cleaning up https://review.openstack.org/#/c/291207/18:15
patchbotstevemar: patch 291207 - keystone - Correct test to support changing N release name18:15
edmondswassuming you have a role on that project, of course... not taking away from role assignments18:15
*** iurygregory has quit IRC18:15
*** ericksonsantos has quit IRC18:16
*** clenimar has quit IRC18:16
stevemaredmondsw: horizon will log you into whatever project it finds first, you can use the list to switch18:16
edmondswyeah... which is kinda odd... would be nicer to log you into the one you've set as your default18:16
*** pauloe has quit IRC18:16
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663918:17
stevemarmorgan: donezo18:17
stevemarmorgan: want to kick this chain through: https://review.openstack.org/#/c/296016/18:20
patchbotstevemar: patch 296016 - keystone - Fix test_add_int_pkey_to_revocation_event_table fo...18:20
*** mvk_ has joined #openstack-keystone18:22
stevemarmorgan: and... https://review.openstack.org/#/c/291207/18:23
patchbotstevemar: patch 291207 - keystone - Correct test to support changing N release name18:23
*** jsavak has quit IRC18:24
morganlooking18:24
morganwas on a call for another company18:24
morgan(re: employment)18:24
*** jsavak has joined #openstack-keystone18:24
*** pauloe has joined #openstack-keystone18:25
*** mvk has quit IRC18:25
*** ericksonsantos has joined #openstack-keystone18:26
*** krotscheck has quit IRC18:26
*** raildo is now known as raildo-afk18:26
*** raildo-afk is now known as raildo18:26
*** krotscheck has joined #openstack-keystone18:26
*** iurygregory has joined #openstack-keystone18:27
*** clenimar has joined #openstack-keystone18:28
*** jsavak has quit IRC18:28
*** aginwala has quit IRC18:30
morgandone and done18:31
morganre patches18:31
openstackgerritSamuel de Medeiros Queiroz proposed openstack/python-keystoneclient: Add users functional tests  https://review.openstack.org/28930618:32
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609018:32
samueldmqbknudson: dstanek: using fixture ^ the tests themselves are much simpler18:32
samueldmqmaybe I need to move UserFixture somewhere else ?18:32
samueldmqalso the delete test isn't working because it deletes the entity and passes its checks; but fails in the cleanup because the entity was already deleted18:33
samueldmqI'd like to see your thoughts/suggestions18:33
samueldmq:)18:34
*** jsavak has joined #openstack-keystone18:36
*** maxabidi has quit IRC18:36
*** aginwala has joined #openstack-keystone18:37
*** krotscheck has quit IRC18:38
*** krotscheck has joined #openstack-keystone18:39
*** permalac has quit IRC18:39
*** diazjf has joined #openstack-keystone18:39
*** henrynash has joined #openstack-keystone18:41
*** ChanServ sets mode: +v henrynash18:41
*** sdake_ has joined #openstack-keystone18:41
openstackgerritRon De Rose proposed openstack/keystone: WIP - Drop EPHEMERAL user type  https://review.openstack.org/29663918:43
*** sdake has quit IRC18:44
ayoungharlowja_at_home, Having really strict key management for SSH access into your OpenStack deployment, but not locking down the Queue is like this https://youtu.be/eU2Or5rCN_Y18:46
*** sdake has joined #openstack-keystone18:47
ayoungstevemar, do oslo-policy specs go in keystone-specs?18:47
*** aginwala has quit IRC18:47
*** sdake_ has quit IRC18:49
bretonayoung: yes afaik18:50
*** clenimar has quit IRC18:51
bretonbknudson pushed that18:51
*** openstack has joined #openstack-keystone19:07
*** openstackstatus has joined #openstack-keystone19:08
*** ChanServ sets mode: +v openstackstatus19:08
*** lhcheng_ has joined #openstack-keystone19:08
*** openstack has joined #openstack-keystone19:20
*** rderose has quit IRC19:21
*** rm_work has joined #openstack-keystone19:21
*** sigmavirus24 has quit IRC19:21
*** openstackstatus has joined #openstack-keystone19:23
*** ChanServ sets mode: +v openstackstatus19:23
*** raquellira is now known as raquel19:23
*** zhiyan_ is now known as zhiyan19:23
*** serverascode_ is now known as serverascode19:23
*** raquel has left #openstack-keystone19:23
*** sigmavirus24 has joined #openstack-keystone19:24
*** DuncanT_ is now known as DuncanT19:24
fundcorHello! I am trying to run an existing uWSGI-connected keystone app under Gunicorn. What should I do?19:24
dstanekfundcor: have you created a gunicorn config?19:25
*** Guest69253 is now known as zeus`19:25
*** mylu has quit IRC19:27
*** aginwala has joined #openstack-keystone19:32
*** jsavak has quit IRC19:33
*** zeus` is now known as zeus19:33
*** zeus has quit IRC19:34
*** zeus has joined #openstack-keystone19:34
*** jsavak has joined #openstack-keystone19:34
*** mylu has joined #openstack-keystone19:37
dstanekin an Apache setup is there really no way to specify explicitly where the keystone.conf is located?19:38
fundcordstanek, Yes, I have created gunicorn config and a paste configuration, maybe someone could an advise how to get my system running?19:39
morgandstanek: we need to support that option via ENV Var19:40
*** spzala has quit IRC19:40
morgandstanek: (mod_wsgi has limitations)19:40
morgandstanek: in uwsgi it's totally doable :)19:40
dstanekfundcor: what happens when you run the gunicorn process?19:41
dstanekmorgan: that bytes19:41
dstanekmorgan: maybe i can grab cfg.CONF and make it parse another config file for me19:41
morgandstanek: or just look in environ['keystone_config']19:42
morgandstanek: and set that ENV in apache conf19:42
*** aginwala has quit IRC19:42
dstanekmorgan: then i'd be making changes to keystone and/or the wsgi stuf19:42
dstanekstub19:42
morgandstanek: it's something we should move to anyway since eventlet is in it's last throws.19:42
morgandstanek: nah, in apache_config19:42
morgandstanek: you can setENV in the apache vhost19:43
dstanekmorgan: but keystone doesn't read that does it?19:43
morganif you can read from the env *or* cli like we do for other things.19:43
*** simondodsley has joined #openstack-keystone19:43
*** dims_ has joined #openstack-keystone19:43
morgandstanek: no, we'd need to make conf aware of the env19:43
*** aginwala has joined #openstack-keystone19:44
*** spzala has joined #openstack-keystone19:44
*** dims has quit IRC19:45
*** sheel has quit IRC19:47
fundcordstnek, I suppose that I have wrong configuration files or command line arguments and I can`t find any manual19:47
dstanekfundcor: can you put your config and command line args on paste.openstack.org?19:49
*** spzala has quit IRC19:49
*** ninag has joined #openstack-keystone19:50
*** jorge_munoz has joined #openstack-keystone19:52
*** dims_ has quit IRC19:53
*** dims has joined #openstack-keystone19:56
fundcordstanek, http://paste.openstack.org/show/491633/19:57
*** roxanaghe has joined #openstack-keystone19:59
fundcordstanek, ver.2 http://paste.openstack.org/show/491634/20:01
*** roxanaghe_ has joined #openstack-keystone20:01
dstanekfundcor: what is the error that you are getting?20:03
*** roxanaghe has quit IRC20:03
fundcordstanek, Workers can not start:  http://paste.openstack.org/show/491635/20:08
ayoungmorgan, harlowja_at_home OK  so, yes, you can enforce on message sender20:08
morganayoung: cool20:09
ayounghttps://www.rabbitmq.com/validated-user-id.html   is the Java version, I converted to Python and confirmed:20:09
morganayoung: hm.20:09
morganok this is the inverse of what i think we need.20:09
morganbut it'd also work20:09
ayoungmorgan, so the sender needs to explicitly send it.  THen the broker checks that it matches the Rabbit user20:09
morgani think we want to check on the receiving end20:10
morganvs the sending end "this message, according to the broker, was sent by X"20:10
ayoungmorgan, taht is it.20:11
ayoungone sec20:11
dstanekfundcor: is there anything in the keystone log?20:11
morganthis, if i am reading right prevents publishing of the message unless the user is who they say they are20:11
morganit's inverted, more work to use, but could also work20:11
ayoungmorgan, you can then check on the other side...let me confirm the filter works and I'll paste20:11
morgancool20:11
*** rk4n has quit IRC20:11
ayoungpika.exceptions.ChannelClosed: (406, "PRECONDITION_FAILED - user_id property set to 'rabbit_userid' but authenticated user was 'a5f56bdb395f53864a80b95f45dc395e94c546c7'")20:12
morganright20:12
ayoungthat is what happens when you try to send an invalid user-id20:12
ayoungon the receiver side:20:12
ayoung [x] Sent 'Hello World!'20:12
ayoung [x] Received 'Hello World!'20:12
ayoungMessage user_id is a5f56bdb395f53864a80b95f45dc395e94c546c720:12
morganperfect20:13
morganthe receiving side is the important part20:13
ayoungmorgan, http://paste.openstack.org/show/491636/20:13
ayounghttp://paste.openstack.org/show/491637/20:13
morganif the sending side was the only enforceable part... suuuure, it'd be doable20:13
morganbut, most important is the receiving side.20:13
*** BigWillie has quit IRC20:13
morganfor ease of implementation20:14
ayoungso a user chas the option to either send it or hide it, but not fake it20:14
morganyup20:14
morganand we should move towards verified user_id20:14
morganthat solves the authenticated messages issue20:14
*** jsavak has quit IRC20:14
ayoungYep.20:15
morganat least to the same level of assurances that a crytographically signed message would be20:15
ayoungBlog post!20:15
fundcordstanek, I think it is missing or empty20:15
harlowja_at_homeayoung,  neat20:15
*** jsavak has joined #openstack-keystone20:15
morganayoung: *and* spec proposal for oslo.messaging!20:15
harlowja_at_homeblog post + 120:15
harlowja_at_homeand that to20:15
harlowja_at_homelol20:15
harlowja_at_homebb20:15
morganayoung: once oslo.messaging supports sending/user_validation then the change in nova should be easy-ish20:16
*** rk4n has joined #openstack-keystone20:16
morganayoung: and queue segmentation shouldn't be needed [a nice addon down the line for performance reasons, but not for pure security reasons]20:16
ayoungmorgan, yeah. THis is kinda basic20:16
ayoungmorgan, right now, you can split the control(rpc) vhost from notifications20:17
morganayoung: still need to ensure the authentication is sane, but i mean, thats just "secure your queue" and firewall off access20:17
ayoungthat is a start20:17
*** e0ne has joined #openstack-keystone20:17
ayoungnext, we give everyone a name20:17
ayounginstead of using guest for all,20:17
ayoungnova-api-3 , nova-conductor-1 and so on20:18
morganand i'd push towards the name bit as the default deployment story, the split queue being a "strongly recommended"20:18
morganeh, even if all nova-api nodes shared a single user, thats ok as long as nova-api is separate from conductor, is separate from compute20:18
*** rk4n has quit IRC20:18
ayoungthen you can do message level validation:  Hey, I got this from node-1, but it is telling me to power down?20:18
*** henrynash has joined #openstack-keystone20:19
*** ChanServ sets mode: +v henrynash20:19
*** openstack has joined #openstack-keystone20:31
stevemari don't remember recommending uwsgi over mod_wsgi20:31
bknudsonstevemar: I wouldn't recomment uwsgi over mod_wsgi at this point20:32
bknudsonif we can get mod_proxy_uwsgi in the gate and running I'd recommend that20:32
morganbknudson: ++20:32
*** roxanaghe has joined #openstack-keystone20:33
morganbknudson: the correct steps, 1) uwsgi working, 2) gating on mod_proxy_uwsgi, 3) ???, 4) profit20:33
morganstevemar: i recommend uwsgi over eventlet! anyday20:33
morgan:P20:33
bknudsonwe've got a uwsgi job running now and it's been stable, I think.20:34
bknudsonI was disappointed when it didn't work well to begin with though... doesn't seem to handle persistent connections for some reason20:34
bknudsonnot sure why they're saying it's complex to deploy with uwsgi.20:35
dstanekbknudson: because it's different20:35
bknudsonespecially compared to mod_wsgi.20:36
*** e0ne has quit IRC20:37
fundcorDoes anyone know how to run a Keystone under gunicorn?20:37
morganfundcor: probably similar to uwsgi, but it hasn't had much engineering work done to make it work20:37
bknudsonfundcor: I can't imagine it's much different than uwsgi, but I didn't run it.20:37
dstanekfundcor: i had it working a while ago, but at the time i had to make code changes20:38
dstanekfundcor: let me try your config....20:38
*** jsavak has quit IRC20:39
*** jsavak has joined #openstack-keystone20:39
openstackgerritMerged openstack/keystone: Implement HEAD method for all v3 GET actions  https://review.openstack.org/29564120:40
openstackgerritMerged openstack/keystone: Fix test_add_int_pkey_to_revocation_event_table for MySQL  https://review.openstack.org/29601620:41
dstanekfundcor: here is a little hint... gunicorn --paste ks.ini#public_service20:44
dstanekyou are not specifying the app from paste correctly20:44
*** mylu_ has quit IRC20:44
bknudsonwhy use paste? keystone already does that20:45
openstackgerritMerged openstack/keystone: Correct test to support changing N release name  https://review.openstack.org/29120720:45
dstanekfundcor: http://docs.gunicorn.org/en/latest/settings.html#paste20:46
dstanekbknudson: what do you mean? paste builds the wsgi app and gunicorn runs it20:46
*** mylu has joined #openstack-keystone20:46
bknudsonwe already ship a wsgi app20:46
dstanekbknudson: that includes all of the middleware already configured?20:46
bknudsonit reads the normal keystone paste.ini20:47
*** BigWillie has quit IRC20:48
dstanekbknudson: i didn't even think of that. 'gunicorn keystone.server.wsgi:initialize_admin_application' works too20:48
*** bknudson has left #openstack-keystone20:50
*** bknudson has joined #openstack-keystone20:50
*** ChanServ sets mode: +v bknudson20:50
bknudsondstanek: we've also got the /usr/local/bin/keystone-wsgi-admin -- not sure how to point gunicorn to it20:50
dstanekbknudson: normall with unicorn you specify the python module, but there may be a way to specify a command line script20:51
*** fawadkhaliq has quit IRC20:53
bknudsonall that keystone-wsgi-admin does is keystone.server.wsgi:initialize_admin_application anyways.20:53
*** fawadkhaliq has joined #openstack-keystone20:53
dstanekbknudson: exactly. i stole the path from our setup.cfg20:53
* ayoung proposed a new oslo-policy spec https://review.openstack.org/296785 but those don't show up here20:55
*** aginwala has quit IRC20:56
dimsayoung : have you seen knikolla 's osc patch? https://review.openstack.org/#/c/296582/ think you'll like it20:57
patchbotdims: patch 296582 - python-openstackclient - WIP - Calls to K2K Federated Service Providers20:57
*** diazjf has quit IRC20:58
*** david-lyle has quit IRC20:59
fundcorThanks to all21:00
*** aginwala has joined #openstack-keystone21:01
*** diazjf has joined #openstack-keystone21:01
*** aginwala has quit IRC21:01
ayoungdims, K2K  is really not my thing.21:02
ayoungdims, but the idea is sound.21:02
dimsayoung : i see. i was just reading http://adam.younglogic.com/2015/03/key-fed-lookup-redux/21:03
dimsso assumed :)21:03
ayoungdims, K2K is not Federation21:03
*** aginwala has joined #openstack-keystone21:03
ayoungdims, K2K is for linking Keystones togeterh21:03
ayoungbut the rest of federation is about external Identity providers21:03
ayoungI don't like that the two names are confusing to people21:03
ayoungK2K uses SAML, but that is pretty much the only overlap21:04
dimsayoung : interesting, pray enlighten the difference21:04
*** fawadkhaliq has quit IRC21:04
*** fawadk has joined #openstack-keystone21:04
ayoungdims, start with the assumption that Keystone should not be an identity provider...21:05
*** david-lyle has joined #openstack-keystone21:05
ayoungdims, as nkinder wrote so well:  https://blog-nkinder.rhcloud.com/?p=13021:05
ayoungSo, "federating" between Keystone servers is not a pattern I tend to favor.  It makes more sense for a provider like RAX that already has a huge user base in Keystone, and needs to make them work together21:06
*** spzala has joined #openstack-keystone21:06
*** timcline has quit IRC21:07
ayoungdims, the MOC folks are using the concept to drive their Hardward federation, too, which is kinda cool.21:07
*** timcline has joined #openstack-keystone21:07
ayoungBut, I am more focused on the authorization side of Keystone, and letting the external tools do authorization21:07
*** spzala has quit IRC21:08
breton> external tools do authorization21:08
*** spzala has joined #openstack-keystone21:08
bretonwhat tools for example?21:08
* dims reading the nkinder blog post21:08
*** diazjf has quit IRC21:09
dimsbreton : guessing FreeIPA :)21:09
*** mylu has quit IRC21:09
*** timcline has quit IRC21:11
*** jbell8_ has joined #openstack-keystone21:11
stevemarbknudson: haha, http://lists.openstack.org/pipermail/openstack-docs/2016-March/008371.html21:12
*** jbell8 has quit IRC21:12
bknudsonstevemar: that merged in N, not M.21:12
*** mylu has joined #openstack-keystone21:12
bretonlooks in M to me21:13
bknudsonoh, oops, that wasn't meant to merge until N.21:15
bretonhttps://review.openstack.org/#/c/293114/21:15
patchbotbreton: patch 293114 - keystone - Document running in uwsgi proxied by apache (MERGED)21:15
bknudsonI thought we already had a stable branch at that point21:15
*** mylu has quit IRC21:15
bknudsonstill, it's not a difficult configuration. And it's easy to set up since you can deal with apache and keystone separately21:16
*** trown is now known as trown|outtypewww21:17
*** david-lyle has quit IRC21:21
*** tmcpeak has joined #openstack-keystone21:21
*** tmcpeak has left #openstack-keystone21:21
bknudsonalso in production mode it would be easier since no need to listen on :5000 and :35357, just listen on subpath.21:21
*** edmondsw has quit IRC21:22
*** edmondsw has joined #openstack-keystone21:22
*** edmondsw has quit IRC21:22
*** david-lyle has joined #openstack-keystone21:23
dstanekfundcor: did you get it working?21:24
*** diazjf has joined #openstack-keystone21:24
*** rcrit_ has joined #openstack-keystone21:24
*** sdake has quit IRC21:27
openstackgerritRon De Rose proposed openstack/keystone: WIP - Concrete role assignments for federated users  https://review.openstack.org/28494321:28
*** ninag has quit IRC21:31
ayoungdims, harlowja_at_home morgan http://adam.younglogic.com/2016/03/id-sender-rabbitmq/21:32
*** daemontool_ has quit IRC21:34
*** timcline has joined #openstack-keystone21:37
*** daemontool_ has joined #openstack-keystone21:38
*** timcline_ has joined #openstack-keystone21:38
*** browne has quit IRC21:41
*** timcline has quit IRC21:41
*** jbell8_ has quit IRC21:42
*** pnavarro has quit IRC21:43
*** jbell8 has joined #openstack-keystone21:43
openstackgerritTom Cocozzello proposed openstack/keystone: Run federation tests under Python 3  https://review.openstack.org/29479721:44
*** roxanagh_ has joined #openstack-keystone21:45
*** jbell8 has quit IRC21:45
*** jbell8 has joined #openstack-keystone21:45
openstackgerritTom Cocozzello proposed openstack/keystone: Run federation tests under Python 3  https://review.openstack.org/29479721:47
*** roxanagh_ has quit IRC21:49
knikollaayoung, in identity, what keys does group_ref need to have in it?21:52
harlowja_at_homeayoung, neat21:54
harlowja_at_homenow we just need to start using this stuff better in openstack21:54
harlowja_at_homeespecially around RPC :-/21:55
*** doug-fish has quit IRC21:55
*** sdake has joined #openstack-keystone21:55
*** browne has joined #openstack-keystone21:57
*** SDub__ has quit IRC21:58
*** sigmavirus24 is now known as sigmavirus24_awa21:59
*** diazjf has quit IRC22:01
*** slberger has left #openstack-keystone22:02
openstackgerritKristi Nikolla proposed openstack/keystone: WIP - ldap3 Identity Driver  https://review.openstack.org/29609022:03
*** diazjf has joined #openstack-keystone22:04
*** knikolla has quit IRC22:04
*** spzala has quit IRC22:07
*** spzala has joined #openstack-keystone22:08
*** mylu has joined #openstack-keystone22:09
*** diazjf has quit IRC22:11
*** spzala has quit IRC22:12
*** pumarani__ has quit IRC22:14
*** ametts has quit IRC22:14
*** timcline_ has quit IRC22:15
*** lhcheng_ has joined #openstack-keystone22:16
*** lhcheng_ has quit IRC22:19
*** lhcheng__ has joined #openstack-keystone22:19
*** lhcheng has quit IRC22:20
*** roxanaghe has quit IRC22:20
*** jsavak has quit IRC22:27
*** sdake_ has joined #openstack-keystone22:29
*** sdake has quit IRC22:30
*** pauloe has quit IRC22:30
*** roxanaghe has joined #openstack-keystone22:31
*** daemontool_ has quit IRC22:31
*** rk4n has joined #openstack-keystone22:32
*** pgbridge has joined #openstack-keystone22:33
*** knikolla has joined #openstack-keystone22:40
*** sheel has joined #openstack-keystone22:40
*** tristanC has quit IRC22:43
*** tristanC has joined #openstack-keystone22:44
*** henrynash has quit IRC22:44
*** spzala has joined #openstack-keystone22:46
*** timcline has joined #openstack-keystone22:46
*** csoukup has quit IRC22:47
*** aginwala has quit IRC22:49
*** jbell8 has quit IRC22:50
*** timcline has quit IRC22:51
*** fawadk has quit IRC22:53
ayoungknikolla, so, usually the group is assigned by twoi entries22:53
*** fawadkhaliq has joined #openstack-keystone22:53
ayoungthe user etnry has member-of-groups and the group object also has a collection of members22:53
ayoungknikolla, I think the usual approach is to look from whatever object you have22:54
ayoungmost of the Directory servers maintain the two way relationships (I think, I might be lying out my tuchas) so you can read the association from either end.22:55
*** fawadkhaliq has quit IRC22:55
knikollaayoung, in the latest patchset i did the list_users_in_group22:55
*** fawadkhaliq has joined #openstack-keystone22:56
*** aginwala has joined #openstack-keystone22:56
*** browne has quit IRC22:56
knikollaayoung, for the other one I wasn't sure as some resource i found said that the memberOf in the user object is not a standard.22:56
*** aginwala has quit IRC22:58
knikollaayoung, though the question I asked you was for the actual dict that is returned by get_group22:58
knikollawhat keys must it have22:58
ayoungknikolla, have you ever had to read code you wrote 4 years ago?22:58
ayoungNow, how about code someone else wrote that you ported?22:59
ayoungI can't remeber from day to day...I'm looking22:59
*** sdake_ is now known as sdake22:59
knikollaayoung, i know the feel. thanks.23:00
*** roxanagh_ has joined #openstack-keystone23:00
ayoungknikolla, so we starte here? http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/ldap.py#n35023:00
ayoungknikolla, like most things, the only required 'attribute' is the dn23:01
ayoungfor the rest, we look for attributes like:23:01
morganayoung: then make it python-ldap code and cry23:01
ayoungself.member_attribute,23:01
ayoungmorgan, I decided to start drinking scotch instead23:02
morganheh23:02
*** aginwala_ has joined #openstack-keystone23:03
knikollamorgan, ldap3 has a pretty nice abstraction module23:03
ayoungknikolla, I think that is it:  the group needs a name, a dn, an a list of members23:03
ayoungUgh...did I really write http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/ldap.py#n39423:04
morganayoung: maaaaybe23:04
*** browne has joined #openstack-keystone23:04
*** jaugustine has quit IRC23:04
ayoungknikolla, so, that code might not be required.  If what I said about 2 way group associations is true, you should be able to get the list of users from group 'members' attribute23:04
*** roxanagh_ has quit IRC23:05
morganayoung: the hard part is there are 3 ways to do groups and then the AD way... and referral chasing23:05
morganayoung: so, ick :(23:05
ayoungOh, wait...yeah, that is what it does23:05
*** darrenc_ has joined #openstack-keystone23:05
*** aginwala_ has quit IRC23:05
*** darrenc has quit IRC23:06
*** aginwala has joined #openstack-keystone23:06
ayoungstill don;t undertand what a dumb-User_dn is23:06
ayoung if self._is_dumb_member(user_dn):23:06
knikollaayoung, some edge case probably23:06
ayoungthat code is pretty horrible, but it is LDAP that is really horrible23:06
*** mylu has quit IRC23:06
morganayoung: it's the difference between a "string" of "users" i think and a real DN23:06
morgani *think*23:06
*** darrenc_ is now known as darrenc23:07
morgani think dumb member wont matter in read-only23:07
morganthere is a *lot* of write magic in the current driver23:07
ayoungmorgan, well it seems to play in list groups for users23:07
*** fawadkhaliq has quit IRC23:07
*** mylu has joined #openstack-keystone23:07
ayoungmorgan, BTW, shadow users.  We should record the groups for the shadow users23:08
ayoungnot stick them in the fernet token23:08
*** fawadkhaliq has joined #openstack-keystone23:08
morganwhich i think dumb member was a write thing that then get piled on for the get23:08
*** thiagolib has quit IRC23:09
ayoungmorgan, predates me:  http://adam.younglogic.com/2012/02/openstack-keystone-ldap-redux/  looks like I copied that over from Nova23:11
ayoung"use_dumb_member is still honored from the previous incarnation, but has not been tested, nor do I understand the intention of this code."23:11
* ayoung cackling23:12
*** BigWillie has joined #openstack-keystone23:12
*** rk4n has quit IRC23:13
*** gordc has quit IRC23:14
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/config.py#n59723:14
ayoungmorgan, knikolla OK I think I figured it out23:14
ayoungit might be that the group object needs to have at least one member in the list23:14
knikollaayoung, that explains it.23:14
ayoungif so,  add a dumb member23:14
knikollai'll eventually have to add all these edge cases in some way23:15
ayoungso you can delete everyone and still have a valid group.23:15
ayoungknikolla, make sure the existing LDAP unit tests pass, and yes, you should get them23:15
*** BigWillie has quit IRC23:16
knikollaayoung, roger.23:16
knikollaayoung, thanks for the help.23:17
ayoungknikolla, thanks for doing this.  please keep notes on the etherpad23:21
*** openstack has joined #openstack-keystone23:22
knikollaayoung, i think the unit tests from ldap can't be used as is.23:22
ayoungknikolla, probably need some adapting23:22
knikollathey use python-ldap23:22
ayoungbut the set of unit tests needs to stay the same23:23
ayoungand what they test23:23
*** openstackstatus has joined #openstack-keystone23:23
*** ChanServ sets mode: +v openstackstatus23:23
ayoungknikolla, rewritint the unit tests first so they use ldap3 would be a good idea.  If someone else pops up here and asks to help, I'll point them at that23:23
knikollaayoung, they use it only for a few driver implementation specific things so it might not even be required.23:25
knikollaayoung, but this is a good point to add to the etherpad.23:26
ayoungknikolla, ++23:26
*** daemontool_ has joined #openstack-keystone23:26
*** daemontool_ has quit IRC23:27
ayoungharlowja_at_home, got a response back from the rock gym.  Group rate for 8+.  need to bring our own lead ropes.23:33
*** fawadkhaliq has quit IRC23:39
harlowja_at_homeayoung, k, hmmm, maybe i'll pack a rope23:45
ayoungharlowja_at_home, we might be able to get away with a 1/2 rope23:45
*** harlowja_at_home has quit IRC23:45
ayoungwalls are 30', so a 200' cut in half would reach23:46
*** harlowja_at_home has joined #openstack-keystone23:46
ayoungharlowja_at_home, I had a 1/2 200 for my old gym,but I don't think I can get away with it at my current.  However, I plan on packing a full suitcase, so I can toss in a rope.23:47
*** aginwala has quit IRC23:47
*** timcline has joined #openstack-keystone23:47
*** fawadkhaliq has joined #openstack-keystone23:49
*** aginwala has joined #openstack-keystone23:49
*** aginwala has quit IRC23:50
*** timcline has quit IRC23:51
*** shoutm has joined #openstack-keystone23:56
*** timcline has joined #openstack-keystone23:57
harlowja_at_homeayoung, ok let me know23:57
harlowja_at_homei can bring my gym rope23:57
harlowja_at_home60m i think23:57
harlowja_at_home9.7mm23:58
*** agrebennikov has quit IRC23:58
*** spzala has quit IRC23:59
« Tuesday, 2016-03-22 Index Thursday, 2016-03-24 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!