Friday, 2016-07-08

« Thursday, 2016-07-07 Index Saturday, 2016-07-09 »
*** dan_nguyen has quit IRC00:04
*** chlong has quit IRC00:05
*** agireud has joined #openstack-keystone00:11
*** edtubill has quit IRC00:12
*** david-lyle has joined #openstack-keystone00:14
bretonshaleh: patch is welcome :)00:19
shalehbreton: I need to understand the why and future. Once I do, I will gladly submit.00:20
openstackgerritJamie Lennox proposed openstack/keystone: Use request object in policy enforcement  https://review.openstack.org/33869300:20
openstackgerritJamie Lennox proposed openstack/keystone: Add the oslo_context to the environment and request  https://review.openstack.org/33888500:20
openstackgerritJamie Lennox proposed openstack/keystone: Add is_admin property to request  https://review.openstack.org/33867400:20
shalehbreton: it looks like another case of we want to use oslo.x but the existing Y works better.00:21
*** agireud has quit IRC00:22
openstackgerritJamie Lennox proposed openstack/keystone: Use request object in policy enforcement  https://review.openstack.org/33869300:28
openstackgerritJamie Lennox proposed openstack/keystone: Use the context's is_admin property  https://review.openstack.org/33867400:28
*** agireud has joined #openstack-keystone00:29
jamielennoxare roles supposed to be case insensitive?00:30
jamielennoxhttps://bugs.launchpad.net/glance/+bug/101051900:31
openstackLaunchpad bug 1010519 in Glance "role case sensitivity" [High,Fix released] - Assigned to Alexej Ababilov (aababilov)00:31
jamielennoxglance insensitive: https://github.com/openstack/glance/blob/master/glance/api/middleware/context.py#L10800:36
*** agireud has quit IRC00:36
jamielennoxnova sensitive: https://github.com/openstack/nova/blob/master/nova/api/auth.py#L13800:37
jamielennoxneutron sensitive: https://github.com/openstack/neutron/blob/master/neutron/auth.py#L4200:39
*** agireud has joined #openstack-keystone00:40
jamielennoxcinder insensitive - going to assume glance just gets it wrong00:41
*** david-lyle has quit IRC00:46
*** itisha has quit IRC00:50
*** gagehugo has joined #openstack-keystone00:55
*** iurygregory_ has joined #openstack-keystone00:59
openstackgerritBoris Bobrov proposed openstack/keystone: Faster id mapping lookup  https://review.openstack.org/33929401:03
*** tonytan4ever has joined #openstack-keystone01:06
bretonlbragstad: we talked some time ago about performance of fetching users from LDAP. ^ trying to fix it.01:07
*** david-lyle has joined #openstack-keystone01:13
*** code-R has joined #openstack-keystone01:17
*** ozialien10 has joined #openstack-keystone01:18
*** david-lyle has quit IRC01:18
*** dhellmann has quit IRC01:19
*** code-R_ has joined #openstack-keystone01:19
*** code-R has quit IRC01:22
*** zqfan has joined #openstack-keystone01:22
*** dhellmann has joined #openstack-keystone01:26
*** chlong has joined #openstack-keystone01:27
*** bjornar_ has quit IRC01:27
*** dhellmann has quit IRC01:31
*** dhellmann has joined #openstack-keystone01:31
*** ddieterly has joined #openstack-keystone01:31
*** zzzeek has quit IRC01:34
*** rderose has quit IRC01:35
*** dhellmann has quit IRC01:39
*** dhellmann has joined #openstack-keystone01:39
openstackgerritMerged openstack/keystone: Pass request to build_driver_hints  https://review.openstack.org/33698001:41
*** dhellmann has quit IRC01:45
*** dhellmann has joined #openstack-keystone01:46
*** aastha has quit IRC01:49
*** dhellmann has quit IRC01:51
*** dhellmann has joined #openstack-keystone01:52
*** BjoernT has joined #openstack-keystone01:53
*** dhellmann has quit IRC01:59
*** dhellmann has joined #openstack-keystone02:00
*** TxGVNN has joined #openstack-keystone02:02
*** davechen has joined #openstack-keystone02:02
*** roxanaghe has joined #openstack-keystone02:02
*** davechen has quit IRC02:03
*** dan_nguyen has joined #openstack-keystone02:03
*** BjoernT has quit IRC02:03
*** simondodsley has joined #openstack-keystone02:03
openstackgerritShan Guo proposed openstack/keystone: keystone recommend deprecated memcache backend  https://review.openstack.org/33931002:04
*** davechen has joined #openstack-keystone02:05
*** tqtran has quit IRC02:06
*** roxanaghe has quit IRC02:07
*** chlong has quit IRC02:08
*** wangqun has joined #openstack-keystone02:09
*** TxGVNN has quit IRC02:13
*** TxGVNN has joined #openstack-keystone02:14
*** code-R_ has quit IRC02:14
*** code-R has joined #openstack-keystone02:14
*** code-R_ has joined #openstack-keystone02:20
*** code-R has quit IRC02:22
*** dan_nguyen has left #openstack-keystone02:29
*** zzzeek has joined #openstack-keystone02:30
*** zzzeek has quit IRC02:31
*** zzzeek has joined #openstack-keystone02:32
*** sheel has joined #openstack-keystone02:34
*** gagehugo has quit IRC02:37
*** ametts has joined #openstack-keystone02:40
*** browne has quit IRC02:58
*** ddieterly has quit IRC03:02
openstackgerritShan Guo proposed openstack/keystone: keystone recommend deprecated memcache backend  https://review.openstack.org/33931003:06
*** sdake has joined #openstack-keystone03:08
*** gyee has quit IRC03:09
*** sdake_ has joined #openstack-keystone03:10
*** sdake has quit IRC03:14
*** sdake_ has quit IRC03:15
*** sdake has joined #openstack-keystone03:17
stevemarbreton: looks interesting03:19
*** rderose has joined #openstack-keystone03:20
*** iurygregory_ has quit IRC03:27
*** chrisshattuck has joined #openstack-keystone03:36
*** richm has quit IRC03:43
*** GB21 has joined #openstack-keystone03:44
*** code-R_ has quit IRC03:55
*** code-R has joined #openstack-keystone03:56
*** rderose has quit IRC03:57
*** woodster_ has quit IRC03:59
*** simondodsley has quit IRC04:13
*** chlong has joined #openstack-keystone04:20
*** links has joined #openstack-keystone04:24
*** ametts has quit IRC04:26
*** ametts has joined #openstack-keystone04:26
*** sdake has quit IRC04:27
*** sdake has joined #openstack-keystone04:27
*** davechen has left #openstack-keystone04:37
*** sheel has quit IRC04:46
*** ametts has quit IRC05:01
*** GB21 has quit IRC05:19
*** chrisshattuck has quit IRC05:23
*** ametts has joined #openstack-keystone05:37
*** sdake_ has joined #openstack-keystone05:39
*** sdake has quit IRC05:42
*** aufi has joined #openstack-keystone05:43
*** GB21 has joined #openstack-keystone05:58
openstackgerritJamie Lennox proposed openstack/keystone: Require auth_context middleware in the pipeline  https://review.openstack.org/33935605:59
*** rcernin has joined #openstack-keystone06:09
*** danpawlik has joined #openstack-keystone06:15
*** jojden has joined #openstack-keystone06:16
*** roxanaghe has joined #openstack-keystone06:18
*** roxanaghe has quit IRC06:23
jojdenhi06:27
jojdenanybody have idea about how can we use policy.json in the project06:27
jojdenI am creating new REST API using pecan framework. So I nneed to use policy.json of keystone06:27
jojdenhow to do that06:27
*** code-R has quit IRC06:39
*** chlong has quit IRC06:42
*** GB21 has quit IRC06:43
*** code-R has joined #openstack-keystone06:47
*** pcaruana has joined #openstack-keystone06:51
*** GB21 has joined #openstack-keystone06:55
*** tesseract- has joined #openstack-keystone06:59
*** tonytan4ever has quit IRC07:06
*** tonytan4ever has joined #openstack-keystone07:26
*** GB21 has quit IRC07:33
*** amoralej|off is now known as amoralej07:40
openstackgerritJamie Lennox proposed openstack/keystone: Handle more auth information via context  https://review.openstack.org/33939007:43
*** code-R has quit IRC07:53
*** code-R has joined #openstack-keystone07:54
*** bjornar_ has joined #openstack-keystone07:57
openstackgerritJamie Lennox proposed openstack/keystone: Implement Views and convert credentials  https://review.openstack.org/33542307:58
openstackgerritJamie Lennox proposed openstack/keystone: Implement a whole bunch of views  https://review.openstack.org/33635707:58
*** code-R has quit IRC07:59
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** rcernin has quit IRC08:02
*** sdake_ has quit IRC08:07
*** tqtran has joined #openstack-keystone08:07
keanset xtrace  what meaning ?08:08
*** sdake has joined #openstack-keystone08:08
*** sdake has quit IRC08:08
*** sdake has joined #openstack-keystone08:08
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843508:10
*** tqtran has quit IRC08:12
*** GB21 has joined #openstack-keystone08:17
*** rcernin has joined #openstack-keystone08:22
*** daemontool has joined #openstack-keystone08:22
jojdenhi08:25
jojdenanybody have idea about how can we use policy.json in the project08:25
jojdenI am creating new REST API using pecan framework. So I nneed to use policy.json of keystone08:25
jojdenhow to do that08:25
*** pnavarro has joined #openstack-keystone08:26
openstackgerritMerged openstack/python-keystoneclient: Improve docs for v3 regions  https://review.openstack.org/33806308:48
*** bjornar_ has quit IRC09:01
*** tonytan4ever has quit IRC09:07
*** aswadr_ has joined #openstack-keystone09:17
*** nisha has joined #openstack-keystone09:18
*** nisha is now known as Guest5199409:19
aswadr_Hello, what should "idp_id" be set to for federated keystone setup ? Ref: http://docs.openstack.org/developer/keystone/extensions/openidc.html09:19
aswadr_I am trying to set it up with OAuth client in google api client09:20
*** sdake has quit IRC09:30
*** GB21 has quit IRC09:44
*** code-R has joined #openstack-keystone09:55
*** GB21 has joined #openstack-keystone09:56
*** code-R has quit IRC10:00
*** aloga has quit IRC10:12
*** aloga has joined #openstack-keystone10:13
*** rcernin has quit IRC10:15
*** nisha_ has joined #openstack-keystone10:17
*** Guest51994 has quit IRC10:21
*** zqfan has quit IRC10:33
*** nikhil has quit IRC10:33
*** nikhil has joined #openstack-keystone10:34
*** ebalduf has joined #openstack-keystone10:44
*** samueldmq has joined #openstack-keystone10:52
*** ChanServ sets mode: +v samueldmq10:52
openstackgerritBoris Bobrov proposed openstack/keystone: Faster id mapping lookup  https://review.openstack.org/33929410:58
*** TxGVNN has quit IRC10:59
dstanekjojden: use olso.policy11:00
jojdenok11:01
jojdencan you please explain little more11:01
jojdenabout it11:01
jojdendstanek11:01
jojdenis it possible to give myown policy.json file?11:02
jojdenor how the oslo.policy takes the policy.json file ?11:03
jojdendstanek11:03
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add region functional tests  https://review.openstack.org/33915811:04
dstanekjojden: you can start here http://docs.openstack.org/developer/oslo.policy/usage.html11:04
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 endpoints  https://review.openstack.org/33946811:04
jojdenthank yoi dstanek11:07
nisha_samueldmq, morning11:07
nisha_samueldmq, ^^11:07
*** rcernin has joined #openstack-keystone11:08
*** ebalduf has quit IRC11:09
dstanekjojden: does that make more sense now?11:14
jojdendstanek yes, Getting it now11:15
dstanekjojden: this is where keystone uses it http://git.openstack.org/cgit/openstack/keystone/tree/keystone/policy/backends/rules.py11:16
jojdenwe can create the policy.json file in our machine and we can edit it11:16
dstanekjojden: yes11:16
jojdenin that we need to define lke this11:17
jojdenenforcer = policy.Enforcer(policy_file=_POLICY_PATH)11:17
jojdenright dstanek11:18
*** bjornar_ has joined #openstack-keystone11:27
openstackgerritBoris Bobrov proposed openstack/keystone: Faster id mapping lookup  https://review.openstack.org/33929411:27
*** ddieterly has joined #openstack-keystone11:28
*** wangqun has quit IRC11:32
samueldmqmorning keystone11:34
samueldmqnisha_: hi11:34
*** samueldmq has quit IRC11:39
dstanekstevemar: hi11:44
*** nisha__ has joined #openstack-keystone11:46
*** nisha_ has quit IRC11:49
*** code-R has joined #openstack-keystone11:56
*** code-R has quit IRC12:01
*** ddieterly has quit IRC12:04
*** raildo-afk is now known as raildo12:08
*** tqtran has joined #openstack-keystone12:09
*** samueldmq has joined #openstack-keystone12:09
*** ChanServ sets mode: +v samueldmq12:09
*** nisha__ is now known as nisha12:12
*** nisha is now known as nisha_12:12
*** tqtran has quit IRC12:13
*** GB21 has quit IRC12:16
*** nisha__ has joined #openstack-keystone12:17
*** nisha_ has quit IRC12:20
*** nisha__ is now known as nisha_12:22
*** ddieterly has joined #openstack-keystone12:25
*** rodrigods has quit IRC12:27
*** rodrigods has joined #openstack-keystone12:27
*** ddieterly has quit IRC12:29
*** sheel has joined #openstack-keystone12:30
*** pauloewerton has joined #openstack-keystone12:35
*** ebalduf has joined #openstack-keystone12:37
*** TxGVNN has joined #openstack-keystone12:42
*** wangqun has joined #openstack-keystone12:43
*** jmlowe has quit IRC12:47
*** ebalduf has quit IRC12:51
*** amoralej is now known as amoralej|lunch12:53
*** nisha_ has quit IRC12:53
*** henrynash has joined #openstack-keystone12:54
*** ChanServ sets mode: +v henrynash12:54
*** ddieterly has joined #openstack-keystone12:55
*** henrynash has quit IRC13:00
*** ddieterly has quit IRC13:02
*** BjoernT has joined #openstack-keystone13:04
*** lamt has joined #openstack-keystone13:12
*** links has quit IRC13:15
*** gagehugo has joined #openstack-keystone13:16
dstanekjojden: i didn't catch that last part. have you gotten it to work?13:17
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone: Doc update on enabled external auth and federation  https://review.openstack.org/33916513:27
samueldmqstevemar: morning, please have a look  ^13:29
samueldmqdstanek: o/13:29
*** henrynash has joined #openstack-keystone13:30
*** ChanServ sets mode: +v henrynash13:30
dstanekhi samueldmq13:30
lbragstadis the gate having some issues?13:32
raildolbragstad,  tempest.lib.exceptions.SSHTimeout: Connection to the 172.24.5.11 via SSH timed out.13:35
samueldmqdstanek: I wonder about why auth_token was said to be deprecated in Mitaka, re patch 30528713:37
patchbotsamueldmq: https://review.openstack.org/#/c/305287/ - keystone - Deprecate the AdminTokenAuthMiddleware13:37
*** nisha_ has joined #openstack-keystone13:37
*** jmlowe has joined #openstack-keystone13:38
dstanekgit has been mightly slow for me13:38
samueldmqdstanek: the link jamielennox cited on the review also says it's deprecated in mitaka :/13:38
dstaneksamueldmq: oooo, maybe we dont' need my review at all13:39
samueldmqdstanek: I am wondering whether it was properly deprecated or not13:42
samueldmqdstanek: if it was, yes, perhaps your review is not necessary ?13:43
openstackgerritDavid Stanek proposed openstack/keystone: Test showing creating implied roles by domain admin  https://review.openstack.org/33955813:43
samueldmqdstanek: a warning was thrown at https://github.com/openstack/keystone/blob/d9c6b50a3ae514e640fa13a344e59fe3649ee0ef/keystone/middleware/auth.py#L17513:44
samueldmqdstanek: and there was that comment in the pipeline saying it was deprecated too13:44
*** richm has joined #openstack-keystone13:48
samueldmqdstanek: I see strong recommendations for not using it, e.g https://github.com/openstack/keystone/blob/1b0a5530f9935a0d7d166b4b92fd6a9cfe85e72f/keystone/conf/default.py#L2813:51
samueldmqdstanek: but looks like it wasn't properly deprecated ?13:51
openstackgerritRichard proposed openstack/keystone: Doc update on enabled external auth and federation  https://review.openstack.org/33916513:54
*** tonytan4ever has joined #openstack-keystone13:54
*** richm has quit IRC13:55
*** ddieterly has joined #openstack-keystone13:55
*** thumpba has joined #openstack-keystone13:56
*** danpawlik has left #openstack-keystone13:56
*** code-R has joined #openstack-keystone13:57
*** code-R has quit IRC13:58
*** code-R_ has joined #openstack-keystone13:58
*** jmlowe1 has joined #openstack-keystone13:59
*** amoralej|lunch is now known as amoralej13:59
*** jmlowe has quit IRC13:59
lbragstaddolphm this (https://bitbucket.org/zzzeek/dogpile.cache/issues/65) looks similar to the errors i'm seeing in https://review.openstack.org/#/c/339234/214:02
patchbotlbragstad: patch 339234 - keystone - Isolate token caching into its own region14:02
lbragstadcc notmorgan ^14:02
*** sigmavirus_away is now known as sigmavirus14:03
*** henrynash has quit IRC14:07
*** code-R has joined #openstack-keystone14:08
dstanekjmlowe1: did you happen to file a bug about your issue?14:09
*** code-R has quit IRC14:09
*** code-R__ has joined #openstack-keystone14:09
*** code-R_ has quit IRC14:10
amrithbknudson_, would you ping me when you are back ...14:12
amrithre: https://bugs.launchpad.net/bugs/160010914:13
openstackLaunchpad bug 1600109 in python-keystoneclient "Unit tests should not perform logging,but some tests still use" [Undecided,Incomplete] - Assigned to Ji.Wei (jiwei)14:13
*** richm has joined #openstack-keystone14:14
stevemaramrith: what about that bug?14:14
stevemaramrith: i had the same questions you have14:15
amrithi'll post a small note here about that in a couple14:15
amrithjust writing it offline14:15
lbragstaddolphm notmorgan i wonder if it is because we didn't add the TOKEN_REGION to https://github.com/openstack/keystone/blob/master/keystone/server/backends.py#L32-L4314:16
lbragstadtrying that now14:16
dolphmlbragstad: grep ftw :P14:16
dstanekamrith: stevemar: i don't think that is a valid bug. we need more information14:18
amrithdstanek, I think there's a kernel of truth in that bug but yes; at this point it is not valid.14:19
dstanekamrith: what is the bug saying? that our unit tests are actually logging or that our code shouldn't be during test runs?14:20
amrithso, the problem we have found in trove is this14:20
amrithcode being unit tested has logging14:20
amriththat's natural14:20
amrithunfortunately one of the consequences that I found a while ago is that the test framework14:20
amrithdoesn't instantiate a root logger14:20
amriththerefor emessages that are logged just go to the moral equivalent of /dev/null14:20
amrithand once I found that I had a test that was patently bogus and it seemed to pass.14:21
amritha little digging found that what was happening was that the routine being tested was generating an error14:21
amrithin the form of a message being logged and quietly ignored14:21
amrithso, I created this little piece of code http://git.openstack.org/cgit/openstack/trove/tree/trove/tests/root_logger.py14:21
openstackgerritLance Bragstad proposed openstack/keystone: Isolate token caching into its own region  https://review.openstack.org/33923414:22
amrithand when that is around, the unit tests generate errors like https://bugs.launchpad.net/trove/+bug/159979414:22
openstackLaunchpad bug 1599794 in OpenStack DBaaS (Trove) "tests failing to mock logging (again)" [Undecided,New] - Assigned to Amrith (amrith)14:22
dstanekamrith: that's not an argument for no logging, but one for raising errors properly14:22
amrithif it is the intent of some test to execute code that is going to generate a message log, then it should be up to the unit test to mock logging properly14:22
dstanekupon success the keystone logs go to /dev/null. upon failure they get printed14:22
dstanekamrith: yes that is true too14:23
lbragstaddolphm sweet - that seems to have fixed it!14:23
amrithSo, while I agree that the literal interpretation of the bug here is that you should do no logging, I'm going to be a bit generous in the issue14:23
amrithand treat it as maybe a language issue here.14:23
amrithmaybe the guy has some point and I'm interested in hearing more about it14:23
amrithbefore dismissing the bug off hand.14:23
amrithI hate my solution for trove14:23
amrithevery now and again, this code generates warnings14:23
amrithshould I just make it fail outright14:23
amrithso that it will never clear the gate?14:24
amrithno, I'll get howls from the peanut gallery14:24
amrithshould I just ignore logged messages and send them to /dev/null?14:24
amrithI don't think so either14:24
amriththat could mean that the tests are meaningless as I found before.14:24
amrithso I want to see what the guy has to say, with the understanding that this is a TOEFL.14:24
dstaneki've not dismissed it yet, but i'm pretty close. it feels like one of those "i read this in a book and need to apply everywhere" bugs14:25
amrithin the strictest interpretation of TOEFL.14:25
dstaneki have marked it as incomplete for keystone14:25
amrithyes, I marked it as opinion for trove14:25
dstanekgenerally speaking i think logging should be ignored in most tests14:25
amrithbut you are right, I'm damn close to throwing this out as one of those "I have a hammer, let's see how many nails I can put"14:26
samueldmqdstanek: ++14:26
stevemarit was definitely a 'meh' for me14:26
amrithsee: https://bugs.launchpad.net/trove/+bug/149109314:27
openstackLaunchpad bug 1491093 in OpenStack DBaaS (Trove) "Fix potentially broken test test_backup_incremental_metadata" [Medium,Fix released] - Assigned to Amrith (amrith)14:27
amrithI think you ignore error logging in unit tests at your own peril14:27
dolphmamrith: ++14:28
*** slberger has joined #openstack-keystone14:29
amrithbut it is peril, not <BOLD>PERIL</BOLD>14:29
dolphmshould mark it incomplete for every project i have authz to14:29
*** woodster_ has joined #openstack-keystone14:29
amrithdolphm, sounds good. I'll join you on Trove.14:29
amrithdone14:30
dstanekamrith: from an architecture perspective proper operation of software should not rely on logging at all. in keystone there are a few tests to verify log messages, but failure to log would not result in bad user experience. just bad debuggin experience14:31
amrithdstanek, agreed 100%14:31
amriththe issue is that I can write a totally valid test and then someone changes the unit under test in a way that really fails the test but just generates some boneheaded message in a log. the test will be meaningless and I get a false sense of security.14:32
amriththe only way to catch that is to make sure that if there are messages being generated, that we treat them properly14:33
amrithand if a test is known to generate messages; fine14:33
amrithjust mock and keep going14:33
amrithbut having a catch-all mock for all unit tests and ignoring logging strikes me as an unsafe thing.14:33
*** code-R__ has quit IRC14:34
*** code-R has joined #openstack-keystone14:34
openstackgerritLance Bragstad proposed openstack/keystone: Invalidate token cache on domain disablement  https://review.openstack.org/33923514:34
*** pauloewerton has quit IRC14:35
dolphmdstanek: any idea what database jmlowe1 was using?14:35
*** slberger has quit IRC14:35
dstanekdolphm: no idea14:35
dstaneki was testing on mysql and that's what i'm planning on using do try a full upgrade14:36
dstanek....but so far i've not had luck generating the issue14:36
dolphmyou asked jmlowe1 "what is different between what you run and upstream" and jmlowe1 responded "rdo bits and ubuntu 15.10 bits" - does that mean jmlowe1 is using rdo?14:36
*** pauloewerton has joined #openstack-keystone14:37
lbragstaddolphm dstanek I have https://review.openstack.org/#/c/339235/3 passing for me locally14:37
patchbotlbragstad: patch 339235 - keystone - Invalidate token cache on domain disablement14:37
lbragstadbrb - refilling coffee14:37
dolphmayoung: jdennis1: any crazy RDO bugs reporting all passwords lost on upgrade to mitaka?14:37
ayoungdolphm, nope14:37
dolphmayoung: what database does RDO use?14:38
ayoungdolphm, None. RDO  just writes down passwords on scrap pieces of paper14:38
ayoungMaria DB14:38
dolphmayoung: "strong gust of wind causes post it notes to become unstuck, unable to authenticate with RDO"14:39
dstanekayoung: scrap pieces of paper sounds about right14:39
ayoungdolphm, yeah, I closed that one "Will not fix:"14:40
dolphmmariadb only uses innodb, right?14:40
dstanekdolphm: the reason i locked onto 091 as the issue is not only because the password records were not created, but the password column was also dropped14:40
ayoungdolphm, I can never remember...which one is the good one?14:40
dolphmdstanek: i wonder if that upgrade could have been complicated by an earlier migration step?14:40
dstanekinnodb is the good one14:41
dolphmdstanek: lol it's the only option we need to focus on for reproducing, right?14:41
ayoungdolphm, ah, yeah...I think that is in the migrations, though, rigjht?  In the table defs?14:41
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/sql/migrate_repo/versions/067_kilo.py14:42
dolphmayoung: we used to have to explicitly set the default to innodb on every upgrade, yes14:42
dolphmon every table create*14:42
dstanekpoor isam14:42
ayoungdolphm, so the split of the password table was part of that shadow users effort, right?14:43
dstaneknobody wants to be her friend14:43
ayoungdstanek, isam deserves to be poor14:43
dstanekayoung: yes, it was for shadow user14:43
ayounghttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/sql/migrate_repo/versions/091_migrate_data_to_local_user_and_password_tables.py14:43
ayoungwe should have done the drop columns in a separate migration14:44
dstanekso in the link ayoung just posted i think line 55 doesn't happen and yet the columns are dropped14:44
jmlowe1dolphm: didn't notice the question, banging away recreating my password hashes, I have 2 controllers using the rdo bits, 1 using ubuntu 15.04 bits, shut down all 3, updated one to rdo mitaka, ran keystone-manage dbsync14:45
*** links has joined #openstack-keystone14:45
dolphmjmlowe1: oh hey, just tweeted you14:46
jmlowe1ayoung: I'm guessing my 3 way galera-mysql with very short connection timeouts factored in14:47
dolphmjmlowe1: how old is the deployment? (what was the first release you used in the deploy?)14:47
*** rderose has joined #openstack-keystone14:47
jmlowe1Liberty circa Dec '1514:47
dolphmjmlowe1: that narrows it down quite a bit. can you confirm the db engine on all your tables?14:48
*** henrynash has joined #openstack-keystone14:49
*** ChanServ sets mode: +v henrynash14:49
jmlowe1http://paste.openstack.org/show/528602/14:49
dolphmjmlowe1: http://stackoverflow.com/a/4225613/17674114:49
dolphmjmlowe1: and the other user tables?14:50
*** ravelar159 has joined #openstack-keystone14:50
*** thumpba has quit IRC14:50
jmlowe1http://paste.openstack.org/show/528609/14:51
*** thumpba has joined #openstack-keystone14:51
*** edtubill has joined #openstack-keystone14:53
*** links has quit IRC14:54
*** slberger has joined #openstack-keystone14:54
ayoungdstanek, this upgrade scares me.14:57
ayoungdstanek, what if we remove the line that drops the columns from this migration14:57
ayoungand then clean it up in Newton?14:57
dstanekayoung: in light of what happened that sounds sane14:59
dstanekjmlowe1: dolphm: i'm going to create a bug for this so we have a place to track15:00
openstackgerritBoris Bobrov proposed openstack/keystone-specs: LDAP preprocessing  https://review.openstack.org/33960015:00
*** KevinE has joined #openstack-keystone15:03
*** KevinE has quit IRC15:03
*** KevinE has joined #openstack-keystone15:04
dolphmstevemar: dstanek: amrith: i fixed the rest of https://bugs.launchpad.net/tempest/+bug/160010915:04
openstackLaunchpad bug 1600109 in OpenStack DBaaS (Trove) "Unit tests should not perform logging,but some tests still use" [Undecided,Incomplete] - Assigned to haobing1 (haobing1)15:04
*** david-lyle has joined #openstack-keystone15:08
*** slberger has quit IRC15:09
*** chrisshattuck has joined #openstack-keystone15:10
*** sdake has joined #openstack-keystone15:10
*** slberger has joined #openstack-keystone15:10
*** sdake_ has joined #openstack-keystone15:12
*** timcline has joined #openstack-keystone15:12
dstanekdolphm: nice15:12
*** spzala has joined #openstack-keystone15:13
*** spzala has quit IRC15:13
dstanekdolphm: jmlowe1: i created this for tracking https://bugs.launchpad.net/keystone/+bug/1600268 - please update if i've gotten some of the info wrong or to add more15:13
openstackLaunchpad bug 1600268 in OpenStack Identity (keystone) "Upgrading from Liberty to Mitaka erased passwords from SQL backend" [Undecided,Incomplete]15:13
dolphmdstanek: you already tried a liberty -> mitaka upgrade, right?15:13
*** pcaruana has quit IRC15:13
dstanekdolphm: no, not a full upgrade. that was my plan for today15:13
openstackgerritLance Bragstad proposed openstack/keystone: Invalidate token cache on domain disablement  https://review.openstack.org/33923515:14
dolphmdstanek: okay, i'm going to do the same15:14
*** wangqun has quit IRC15:15
dstanekdolphm: first i need to call mfisch15:15
*** sdake has quit IRC15:15
dolphmdstanek: lol ++15:15
dolphmi believe he has donethis upgrade without issue15:16
stevemarayoung: we both +1'ed breton at the same time O_O15:16
ayoungstevemar, race condition15:16
stevemarhehe15:17
ayoungI still need a hotel for the midcycle.15:17
*** sdake_ has quit IRC15:17
ayoungThey changes our travel portal and now I can't log in15:17
*** sdake has joined #openstack-keystone15:18
ayoungmaybe I should just get a rental car and then crash with friends...might be cheaper15:20
dolphmjmlowe1: did you run the destructive db_sync from an RDO node or a ubuntu node?15:20
*** code-R has quit IRC15:25
dolphmjmlowe1: i'd also be curious to know what your sql connection string looks like (extra paramaters, if any?)15:25
openstackgerritMerged openstack/keystone: Refactor: [ldap] suffix should not be an instance attribute  https://review.openstack.org/33671515:25
*** diazjf has joined #openstack-keystone15:26
*** tesseract- has quit IRC15:27
*** sdake_ has joined #openstack-keystone15:27
openstackgerritMerged openstack/keystone: Remove last parts of query_string from context  https://review.openstack.org/33701415:29
*** sdake has quit IRC15:32
dolphmdstanek: migration 91 was already in place in liberty15:32
*** sdake_ has quit IRC15:35
openstackgerritBoris Bobrov proposed openstack/keystone-specs: LDAP preprocessing  https://review.openstack.org/33960015:36
*** nisha_ has quit IRC15:36
dolphmdstanek: oh, i'm looking at the pyc.15:36
*** nisha_ has joined #openstack-keystone15:37
*** aastha has joined #openstack-keystone15:38
ayoungDoes San Jose have Bike Share?15:41
*** sdake has joined #openstack-keystone15:45
jmlowe1dolphm: that was on an RDO node, liberty RDO  and liberty ubuntu nodes were stopped15:45
*** pnavarro has quit IRC15:45
*** sheel has quit IRC15:46
dstanekdolphm: back :-)15:48
dolphmjmlowe1: cool, thanks for all these etails15:49
dolphmdetails*15:49
dolphmdstanek: what did mfisch say?15:49
dstanekdolphm: i got some more data from him and confirmed that it probably is a bug15:50
dolphmdstanek: has he seen a similar behavior?15:50
*** browne has joined #openstack-keystone15:51
jmlowe1I added a few more details to the bug, versions and whatnot.15:51
dstanekdolphm: oh, no. i was working with him on a different bug15:52
dolphmjmlowe1: thanks!15:52
jmlowe1and the migration logs too15:54
openstackgerritBrad Topol proposed openstack/keystone: Mark the domain config via API as stable  https://review.openstack.org/33925916:02
dstanekjmlowe1: thanks for adding all of that detail to the bug16:03
*** ametts has quit IRC16:05
mgagneanyone ever encounter an issue where after assigning a role to a user, user-role-list doesn't show it right away? We use Apache WSGI and memcached. We found that if you have 2 Apache processes, you need list list twice to get the actual list of roles.16:07
mgagnewith 3 processes, you need to list 3 times before having the role.16:07
mgagnewith 1 process, role is showing right away16:07
mgagneso we suspect some form of in-process cache which I can't find16:08
dstanekmgagne: 3 process or 3 nodes?16:08
mgagneprocesses16:08
*** KevinE has quit IRC16:08
mgagnewe only have 1 node in our dev environment16:08
*** KevinE has joined #openstack-keystone16:09
mgagnein prod, prob is worst, you need to issue a LOT of requests to "bust" the in-process cache (we have a lot of nodes and processes)16:09
dstaneki've not heard of that, but it sounds more like you are using an in-memory cache. can you paste your sanitized keystone.conf?16:09
*** roxanaghe has joined #openstack-keystone16:10
mgagnedstanek: http://paste.openstack.org/show/528619/16:11
mgagnethis is for dev, not prod16:11
dolphmdstanek: jmlowe1: alright, i've got a script to attempt to reproduce using vanilla keystone, mysql+pymysql, and it migrated without issue. going to start playing with it16:14
dstanekmgagne: hmm...that all looks correct.16:15
mgagneyea, we have been scratching our heads for some times now16:16
mgagnewe are running kilo with a backported patch if it matters16:16
dstanekmgagne: i'm in the middle of looking at two bugs now, but if you make a new bug for this i'd appreciate it. then i can tackle that next.16:16
mgagneI'm sure my bug will be rejected as it is against kilo ;)16:16
dstanekerrr....three bugs if you include the one dolphm is also working on16:16
dstanekmgagne: ah. have you tried it against something more recent?16:17
*** GB21 has joined #openstack-keystone16:17
mgagnedstanek: we are not geared to run latest code, that's why we are "stuck" with kilo ;)16:17
stevemardstanek: ugh, the passwords were nuked, brutal16:17
*** rcernin has quit IRC16:18
nisha_hi stevemar16:18
mgagnedstanek: interesting, I restarted memcached and problem isn't showing anymore....16:18
dstanekmgagne: when in doubt use the Windows(tm) way out! reboot, restart or just cross you fingers16:19
mgagneI tested multiple times, not like I restarted between calls16:19
mgagnenow it's showing again, sorcery16:20
*** pcaruana has joined #openstack-keystone16:21
*** TxGVNN has quit IRC16:21
*** code-R has joined #openstack-keystone16:22
lbragstaddstanek what are your thoughts on making request validation an inline call in the method versus a decorator?16:24
nisha_henrynash, henrynash_ hi, you around?16:24
nisha_I am writing functional tests for endpoints. But I am getting an error can anyone help please>16:25
*** code-R_ has joined #openstack-keystone16:26
nisha_here is the code and error, http://paste.openstack.org/show/528622/16:27
dstaneklbragstad: generally speaking i hate python decorators. validation is one case where i don't feel as strongly about it, but i wouldn't be sad to see them go away16:28
nisha_samueldmq, if you around please have a look ^16:28
lbragstaddstanek removing them might make it easier to get validation things from config before validation (without having to worry about races with configuration registration)16:29
*** code-R has quit IRC16:29
dstaneklbragstad: you can't do it in another decorator?16:29
lbragstaddstanek i could - for that we would just be doing something like @validation.id_string_validated(schema.user_create, 'user') instead of @validation.validated(schema.user_create, 'user')16:31
*** pcaruana has quit IRC16:31
lbragstadright?16:31
*** ddieterly is now known as ddieterly[away]16:31
dstaneki think you need a more generic mechanism.16:32
dstanekfor instance, a @lazy_validated('schema_name', 'user')16:32
stevemarnisha_: hey16:32
lbragstaddstanek ah - so would we want to use that for all our validations?16:32
stevemarjeez our docs are all over the place16:33
lbragstaddstanek instead of having two different validation decorators?16:33
stevemarespecially the "configuration" section16:33
dstanekand 'schema_name' is looked up when the first request to validate is called16:33
nisha_stevemar, if you get some time can you have a look at this please, http://paste.openstack.org/show/528622/16:33
stevemarnisha_: sure, what am i looking at?16:34
dstaneklbragstad: you could and just make the initial one lazy. i'll have to think about that for a bit16:34
dstaneki really hate our propensity to do all the things at import time16:34
nisha_stevemar, yeah, its the functional test for endpoints16:35
nisha_stevemar, just create and check16:35
lbragstaddstanek hm - yeah...16:35
stevemarnisha_: ah, i remember seeing it fail in jenkins16:35
lbragstaddstanek I'd rather have one way to do something that is generic than two specific ways to do the same thing16:35
*** phalmos has joined #openstack-keystone16:35
lbragstadwhich is why I started thinking about just moving the validation inline with the method - that would take care of the lazy-ness part (I think)16:36
nisha_stevemar, I haven't pushed it yet. I think you are talking about the docs for endpoints16:36
stevemarnisha_: i was thinking about this one: https://review.openstack.org/#/c/339158/316:37
patchbotstevemar: patch 339158 - python-keystoneclient - Add region functional tests16:37
stevemarnisha_: but yeah, i get ya, that is unrelated16:37
nisha_stevemar, ohh, yeah, lot of test failing due to the hierarchy. yeah, :)16:38
dolphmjmlowe1: what version of RDO were you upgrading from?16:40
dolphmdstanek: i'm testing migrations copied straight from RDO packaging - in case it's a packaging issue (there's pyc's and pyo's in the package)16:41
*** shaleh_ has joined #openstack-keystone16:42
stevemarnisha_: does it report that same error for random properties, like endpoint.foo ?16:42
stevemarnisha_: i think we renamed service to service_id16:42
*** diazjf has quit IRC16:42
nisha_stevemar, oh, yeah that might be the casue16:43
nisha_stevemar, thanks I will check for service_id16:43
samueldmqstevemar: nice debugging skills16:44
samueldmq:-)16:44
*** diazjf has joined #openstack-keystone16:45
*** daemontool has quit IRC16:45
nisha_stevemar, samueldmq when I use this, endpoint_ref['service_id'] alongwith endpoint.service_id, I get KeyError for the former16:51
nisha_stevemar, samueldmq when I just use, endpoint.service_id I got mismatch error16:52
samueldmqnisha_: perhaps endpoint_ref doesn't contain a 'service_id' attribute ?16:52
nisha_reference = <keystoneclient.tests.functional.v3.client_fixtures.Service object at 0x7fb9d89dcd10>16:52
nisha_actual    = u'5cf3bf09764144e387dc822d103ef4fb'16:52
nisha_for mismatch ^16:52
samueldmqnisha_: fix the fixtures to contain the 'service_id' attribute instead of 'service'16:52
*** ddieterly[away] is now known as ddieterly16:53
nisha_samueldmq, okay thanks16:53
samueldmqnisha_: then self.assertEqual(endpoint_ref['service_id'], endpoint.service_id) should work ?16:53
samueldmqnisha_: np16:53
nisha_samueldmq, yeah I think16:53
nisha_samueldmq, also, it was mentioned in the doc that we are no longer using service instead service_id. So, Can I edit the function calling too, or is it not adviced as of now?16:54
samueldmqnisha_: what function is that ?16:55
nisha_samueldmq, Also, it's written interface is optional attribute, gets None by default, still while creating an endpoint I had to provide it16:55
nisha_function in the keystoneclient/v3/endpoints.py the create function parameters16:56
nisha_its definition16:56
samueldmqnisha_: looking16:56
nisha_thanks16:56
samueldmqnisha_: hmm I see what you're saying16:57
samueldmqnisha_: it accepts 'service' as argument for creating an endpoint16:58
samueldmqnisha_: but the endpoint entity contains service_id16:58
samueldmqnisha_: you might simply leave things as they are (endpoint fixture with 'service')16:59
samueldmqnisha_: and just modify your assertion to be:16:59
samueldmqself.assertEqual(endpoint_ref['service'], endpoint.service_id)16:59
nisha_endpoint_ref['service'].id16:59
nisha_samueldmq, above raises mismatch error16:59
samueldmqlike this: self.assertEqual(endpoint_ref['service'], endpoint.service_id)17:00
samueldmqendpoint_ref is a dict17:00
samueldmqendpoint is an object17:00
nisha_but that raises mismatch error17:01
nisha_reference = <keystoneclient.tests.functional.v3.client_fixtures.Service object at 0x7fb9d89dcd10>17:01
nisha_<nisha_> actual    = u'5cf3bf09764144e387dc822d103ef4fb'17:01
samueldmqnisha_: endpoint.service_id returns a service object ?17:01
nisha_I don't think so :/17:02
samueldmqtry it again17:02
samueldmqand let me see the code for the tests & fixtures17:02
samueldmqcan I see your fixture code ?17:03
samueldmqmaybe it's filling in 'service' attribute of the fixture with a service object rather than just an ID17:03
nisha_samueldmq, here is the related code and error, http://paste.openstack.org/show/528627/17:13
*** spzala has joined #openstack-keystone17:16
*** nisha_ has quit IRC17:16
lbragstaddstanek i'm working on a wip review to move the validation stuff inline with the methods - just so we can see what it looks like17:17
*** rcernin has joined #openstack-keystone17:20
*** rcernin has quit IRC17:20
*** browne has quit IRC17:20
*** nisha_ has joined #openstack-keystone17:23
stevemarsamueldmq: o/17:23
*** rcernin has joined #openstack-keystone17:24
jmlowe1dolphm: I believe the version was openstack-keystone-8.1.2-1.el717:25
dolphmjmlowe1: perfect, thanks17:26
samueldmqstevemar: o/17:27
stevemarsamueldmq: pm'ed you!17:27
*** nisha__ has joined #openstack-keystone17:27
*** gyee has joined #openstack-keystone17:29
*** ChanServ sets mode: +v gyee17:29
*** sdake_ has joined #openstack-keystone17:30
*** code-R_ has quit IRC17:31
*** code-R has joined #openstack-keystone17:31
*** aufi has quit IRC17:33
*** sdake has quit IRC17:34
*** nisha_ has quit IRC17:34
*** nisha__ is now known as nisha_17:34
*** GB21 has quit IRC17:38
mgagnedstanek: running with cache debugging enabled, I found the key is only set/updated after a couple of requests, not right away when assignments are updated.17:41
*** spzala has quit IRC17:41
mgagnedstanek: restarting apache right after I changed assignment made it so cache is never updated until it expires. So I suspect the update is "queued" in one of the process in Apache.17:42
stevemardolphm: poke17:42
stevemardolphm: do you plan on revisiting the federation spec?17:42
*** tqtran has joined #openstack-keystone17:42
dstanekmgagne: that is pretty strange behavior. we don't do anything async with memcached that i know of, unless dogpile is doing that for us (cc notmorgan)17:43
*** tqtran_ has joined #openstack-keystone17:43
mgagneyea I don't think keystone is doing anything of that sort on purpose17:44
mgagneI'm trying to search/understand where this behavior happens17:44
*** tqtran has quit IRC17:46
*** ddieterly is now known as ddieterly[away]17:49
*** amoralej is now known as amoralej|off17:52
*** code-R has quit IRC17:56
openstackgerritRoxana Gherle proposed openstack/keystone: Fix the username value in federated tokens  https://review.openstack.org/33561717:57
*** diazjf has quit IRC18:00
*** slberger1 has joined #openstack-keystone18:02
*** slberger has quit IRC18:02
*** chrisshattuck has quit IRC18:03
*** rderose has quit IRC18:05
*** shaleh has quit IRC18:06
*** shaleh_ is now known as shaleh18:06
shalehsamueldmq: when you have a moment, I'd like to discuss the user-agent review18:06
samueldmqshaleh: sure, I am here now18:07
*** kmARC has left #openstack-keystone18:07
shalehsamueldmq: I posted two reviews. The first one tries to use a heuristic to determine the user-agent. Jamie was not keen on it but it went in. Jamie asked that I add the second review to force setting of the user-agent.18:08
shalehsamueldmq: that is the history18:08
*** chrisshattuck has joined #openstack-keystone18:09
mgagnedstanek: found the cause. invalidate in dogpile "does not affect the data in the cache in any way, and is also local to this instance of :class:`.CacheRegion`."18:10
mgagneso I will check against master branch of keystone and see if code changed since kilo18:11
dstanekmgagne: wow that's terrible18:11
mgagnelooks to be the same https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L21618:11
dolphmjmlowe1: no luck https://bugs.launchpad.net/keystone/+bug/1600268/comments/318:12
openstackLaunchpad bug 1600268 in OpenStack Identity (keystone) "Upgrading from Liberty to Mitaka erased passwords from SQL backend" [Critical,Incomplete]18:12
dstaneknotmorgan: stevemar: i feel almost like ditching dogpile and just using a native memcached cache implementation18:12
dolphmstevemar: do i need to update it today? trying to focus on bugs18:12
mgagneI think the issue is that dogpile cannot know all keys in a region and therefore can't delete/invalidate them all.18:12
stevemardolphm: no, i'll allow an FFE for you :P18:13
dolphmstevemar: it'd probably be an ocata target if we're going to commit to work on it. either way, i can update the spec18:13
stevemardolphm: oh sadness18:13
dstanekmgagne: it should be able to invalidate an entry in the cache. it doesn't make sense that it's only local18:13
mgagneso I guess this behavior will only show for people running Keystone in mod_wsgi and not eventlet which could have a shared dogpile instance18:13
stevemardolphm: was looking forward to that one18:13
dolphmstevemar: it's a big change though18:14
stevemaryeah18:14
samueldmqshaleh: what about adding '  in order to make debugging and tracing easier for operators.' to that message ?18:14
stevemari guess early in O is better18:14
dolphmstevemar: maybe show up in barcelona with a PoC18:14
samueldmqshaleh: 'When creating or using keytoneauth1.Session user_agent must be set in order to make debugging and tracing easier for operators.'18:14
stevemardolphm: we'll be 6 weeks into O at that point18:14
stevemarbut sure18:14
dolphmstevemar: oh true18:14
samueldmqshaleh: this way it's (at least) clear why user_agent is requested to be set18:14
dolphmstevemar: so, PoC before that18:14
samueldmqshaleh: makes sense ?18:15
stevemardolphm: ideally yes, once newton-3 is cut you can start hacking on it18:15
stevemardolphm: alright, then retarget the spec for O once you have a chance18:15
stevemarit's become less of a priority now18:16
shalehsamueldmq: not sure about adding it to the output message. Although, that was why I had the bikeshed FIXME :-)18:17
shalehsamueldmq: Adding it to the comments and function docstring makes sense for sure.18:17
shalehsamueldmq: just not sure about the UX of the message itself.18:17
mgagnethis means the implementation of caching in Keystone is flawed. If you have 10 keystone nodes with 16 processes each, could be a while before you see your now role :-/18:18
dstanekmgagne: yeah, i'm actually looking at other caching bugs right now18:18
*** ravelar159 has quit IRC18:20
stevemarayoung: want to +2/+A https://review.openstack.org/#/c/339600/ ?18:21
patchbotstevemar: patch 339600 - keystone-specs - LDAP preprocessing18:21
samueldmqshaleh: warnings are for operators, so the suggestion makes sense to me18:21
shalehdstanek: I was asking about caching yesterday evening. We currently suggest oslo_cache.memcache_pool and dogpile.cache.memcache (or something close, you get the point). But there is no clarity as to why I would prefer one over the other.18:21
samueldmqshaleh: if that was a message to session end-users (raising an exception), I'd agree that'd be bad UX18:21
openstackgerritBoris Bobrov proposed openstack/keystone: Faster id mapping lookup  https://review.openstack.org/33929418:21
mgagneI found the other backend to show the same behavior or worst (cache is never invalidated)18:21
shalehsamueldmq: hmmm, fair points. I will ponder and update the review.18:22
*** diazjf has joined #openstack-keystone18:22
dstanekmgagne: it's possible that the bug i'm working on will actually fix this issue too18:23
mgagnedstanek: can you share the link if any?18:23
dstanekshaleh: caching doesn't need to be this complicated18:23
*** spzala has joined #openstack-keystone18:24
raildodstanek, how to make a commit message for a wip patch: https://review.openstack.org/#/c/335906/ :P18:25
patchbotraildo: patch 335906 - nova - DO NOT MERGE - ROOAAAAAARRRR ! Testing live migrat...18:25
dstaneklol18:25
*** jaugustine has joined #openstack-keystone18:25
shalehdstanek: ++++++18:26
openstackgerritMerged openstack/keystone-specs: LDAP preprocessing  https://review.openstack.org/33960018:26
*** spzala_ has joined #openstack-keystone18:30
*** spzala_ has quit IRC18:30
*** spzala_ has joined #openstack-keystone18:31
*** spzala_ has quit IRC18:31
*** spzala has quit IRC18:34
*** ravelar159 has joined #openstack-keystone18:34
bretonwhat18:35
bretonldap preprocessing got merged?18:35
bretoni don't need to ask for exceptions for it at the meeting?18:35
dstanekbreton: ssshhhh.18:37
*** pcaruana has joined #openstack-keystone18:37
bretongood.18:40
samueldmqshaleh: nice, thanks18:41
bretonstevemar: i will answer the question about 40k users on Monday18:41
*** spzala has joined #openstack-keystone18:47
*** ddieterly[away] has quit IRC18:49
*** spzala has quit IRC18:51
*** haplo37_ has joined #openstack-keystone18:54
*** spzala has joined #openstack-keystone18:59
*** nisha_ has quit IRC18:59
*** rderose has joined #openstack-keystone19:00
*** aswadr_ has quit IRC19:01
*** spzala has quit IRC19:03
*** ddieterly has joined #openstack-keystone19:04
stevemarbreton: it wasn't contentious19:08
stevemarbreton: it's not a major overhaul of something major like service tokens/users or project naming19:08
stevemarto mention a few :)19:08
*** nkinder has quit IRC19:10
*** code-R has joined #openstack-keystone19:10
*** spzala has joined #openstack-keystone19:11
*** spzala has quit IRC19:16
*** spzala has joined #openstack-keystone19:19
*** timcline has quit IRC19:19
*** timcline has joined #openstack-keystone19:20
*** spzala has quit IRC19:24
*** timcline has quit IRC19:24
*** spzala has joined #openstack-keystone19:25
*** spzala has quit IRC19:25
*** spzala has joined #openstack-keystone19:26
*** code-R_ has joined #openstack-keystone19:26
*** code-R has quit IRC19:29
*** raildo is now known as raildo-afk19:30
*** spzala has quit IRC19:45
*** chrisshattuck has quit IRC19:46
*** spzala has joined #openstack-keystone19:48
*** itisha has joined #openstack-keystone19:51
*** sdake_ has quit IRC19:51
*** spzala has quit IRC19:52
openstackgerritSean Perry proposed openstack/keystoneauth: Show deprecation when a user_agent is not set  https://review.openstack.org/28964520:01
shalehsamueldmq: review updated ^^^20:01
*** jmlowe1 has quit IRC20:05
openstackgerritLance Bragstad proposed openstack/keystone: Allow id string validation to be configurable  https://review.openstack.org/33467320:06
openstackgerritLance Bragstad proposed openstack/keystone: Move request validation inline  https://review.openstack.org/33980020:06
openstackgerritLance Bragstad proposed openstack/keystone: Remove validated decorator  https://review.openstack.org/33980120:06
lbragstaddstanek ^20:06
*** timcline has joined #openstack-keystone20:07
*** timcline has quit IRC20:11
notmorgandstanek: you know, i don't care if we ditch dogpile at this point.20:12
shalehnotmorgan: are you still angling for oslo.cache to be the preferred interface?20:12
notmorgani don't really care at this point20:13
shalehnotmorgan: oh, we are back to that morgan :-)20:13
notmorgani'm just too tired of debugging/providing reviews on caching20:13
notmorganwith invalidtions etc.20:13
shalehyeah, cachine can be complex20:13
notmorgani also wont be at the midcycle, just too much going on with the things i should be working on instead of keystone.20:14
notmorganso...20:14
notmorgani figure having to step back from keystone, i should care less -- and making an effort to do so.20:15
stevemarnotmorgan: we will drink on your behalf20:15
notmorgani can't be that involved with keystone and focus on the other stuff.20:15
notmorganstevemar: eh, drink to enjoy, not on my behalf.20:16
dstaneknotmorgan: i'm just struggling to figure out how dogpile is working. invalidations, for instance, seem fundamentally broken20:17
*** ddieterly is now known as ddieterly[away]20:17
notmorgandstanek: it depends on how invalidations are done20:18
notmorganthe global invalidations require a hack.20:18
notmorganfor the whole region that is20:18
*** markvoelker has joined #openstack-keystone20:19
stevemarnotmorgan: we'll miss you anyway :)20:20
notmorganindividual invalidations are a bit weird because of the need to pass self etc.20:20
*** spzala has joined #openstack-keystone20:21
openstackgerritLance Bragstad proposed openstack/keystone: Move request validation inline  https://review.openstack.org/33980020:22
dstaneknotmorgan: i just want it simple. same key in memcache. delete from memcache to invalidate.20:23
openstackgerritLance Bragstad proposed openstack/keystone: Remove validated decorator  https://review.openstack.org/33980120:23
openstackgerritLance Bragstad proposed openstack/keystone: Allow id string validation to be configurable  https://review.openstack.org/33467320:23
notmorgandstanek: you are going to run into issues with "action" needs to invalidate many things20:24
notmorganand you can't know all the keys without tracking them as well20:24
notmorganit's a lot of house keeping.20:25
notmorganits one of the major flaws we had with the token backend20:25
*** spzala has quit IRC20:26
dstaneknotmorgan: yeah, i've have to do this before. you just have to have a plan20:28
openstackgerritSam Leong proposed openstack/keystone: List role_assignments?include_names boolean parameter should not expect a value  https://review.openstack.org/33980920:35
*** gagehugo has quit IRC20:35
*** haplo37_ has quit IRC20:35
*** gagehugo has joined #openstack-keystone20:36
openstackgerritSam Leong proposed openstack/keystone-specs: List role_assignments?include_names boolean parameter should not expect a value  https://review.openstack.org/33981220:37
*** phalmos has quit IRC20:39
*** ddieterly[away] is now known as ddieterly20:40
dstaneknotmorgan: is a dogpile region anything more than a key namespace?20:41
*** iurygregory has quit IRC20:42
notmorgandstanek: it is both a keynamespace and a means to connect to the backend20:43
notmorgantechnically a new region could connect to a different backend...20:43
notmorganit also can mangle keys / etc differently20:44
dstaneknotmorgan: cool. thanks. now i just have to figure out how it handles expiration time20:48
dstanekit's not clear to me how anything ever expires20:49
*** timcline has joined #openstack-keystone20:49
notmorganit encodes expiration in 2 ways20:49
notmorgan1: the item stored has the expiration in it20:50
notmorganso the region is setting (expiry, data)20:50
notmorganexpiry is checked against now() basically20:50
notmorgan[it's a bit more complex, it's a TTL, and when the key was set]20:50
notmorganthen the backend can also set a ttl like a memcache ttl20:51
notmorganso the actual key in the backend itself will expire as well20:51
*** rcernin has quit IRC20:52
*** jmlowe has joined #openstack-keystone20:54
*** daemontool has joined #openstack-keystone21:01
*** diazjf has quit IRC21:01
dstaneknotmorgan: so it doesn't use memcache's expiration mechanism?21:03
*** roxanaghe has quit IRC21:05
*** roxanaghe has joined #openstack-keystone21:06
*** pnavarro has joined #openstack-keystone21:07
openstackgerritRoxana Gherle proposed openstack/keystone: Fix the username value in federated tokens  https://review.openstack.org/33561721:10
notmorgandstanek: it does. it doesn't use that exclusivly21:11
*** slberger1 has quit IRC21:11
notmorganit usually relies on the stored TTL21:11
notmorganin the cache data21:11
notmorganusually you want to set the TTL of the cached data a bit shorter than the memcache ttl21:13
notmorganbecause you can have an async runner refresh the data21:14
notmorganwhile still serving the old data out21:14
*** ravelar159 has quit IRC21:14
*** pauloewerton has quit IRC21:20
openstackgerritBrad Topol proposed openstack/keystone: Mark the domain config via API as stable  https://review.openstack.org/33925921:22
*** diazjf has joined #openstack-keystone21:22
openstackgerritRon De Rose proposed openstack/keystone: Mark the domain config via API as stable  https://review.openstack.org/33925921:24
openstackgerritRon De Rose proposed openstack/keystone: Mark the domain config via API as stable  https://review.openstack.org/33925921:24
*** slberger has joined #openstack-keystone21:24
*** pnavarro has quit IRC21:27
dstaneknotmorgan: i'm just seeing strange things in the cache/b 2921:28
*** edtubill has quit IRC21:37
*** daemontool has quit IRC21:37
*** basilAB has quit IRC21:37
openstackgerritEric Brown proposed openstack/keystone: Replace deprecated function inspect.getargspec()  https://review.openstack.org/33982821:37
stevemarlbragstad: so what's your end game with the IDs being customizable?21:39
*** basilAB has joined #openstack-keystone21:39
*** roxanaghe has quit IRC21:39
*** edtubill has joined #openstack-keystone21:40
*** jaugustine has quit IRC21:40
openstackgerritBrad Topol proposed openstack/keystone: Mark the domain config via API as stable  https://review.openstack.org/33925921:44
*** roxanaghe has joined #openstack-keystone21:47
*** edtubill has quit IRC21:48
*** ayoung has quit IRC21:55
*** timcline has quit IRC21:56
*** pnavarro has joined #openstack-keystone21:59
*** sigmavirus is now known as sigmavirus_away22:00
*** stevemar changes topic to "Newton Deadlines: http://releases.openstack.org/newton/schedule.html | API Sprint: https://etherpad.openstack.org/p/keystone-api-sprint | Midcycle (July 20-22, San Jose, CA) https://etherpad.openstack.org/p/keystone-newton-midcycle | Meeting Agenda https://etherpad.openstack.org/p/keystone-weekly-meeting"22:05
stevemardolphm: bknudson_ dstanek gyee henrynash jamielennox samueldmq topol FYI, if you want something added to the midcycle agenda, add it here: https://etherpad.openstack.org/p/keystone-newton-midcycle22:09
*** clenimar_ has joined #openstack-keystone22:10
*** spzala has joined #openstack-keystone22:12
*** slberger has left #openstack-keystone22:12
*** pnavarro has quit IRC22:16
*** ddieterly is now known as ddieterly[away]22:17
notmorgandstanek: can you point it out to me and i'll try and take a look22:17
openstackgerritMerged openstack/keystoneauth: Add create_plugin to loader  https://review.openstack.org/33311922:19
*** sheel has joined #openstack-keystone22:37
*** ddieterly[away] is now known as ddieterly22:39
*** ddieterly has quit IRC22:39
*** markvoelker has quit IRC22:40
*** code-R_ has quit IRC22:43
*** aastha has quit IRC22:49
*** roxanaghe has quit IRC22:57
*** ozialien10 has quit IRC23:02
*** thumpba has quit IRC23:02
*** ozialien10 has joined #openstack-keystone23:02
gyeestevemar, thanks, will do23:04
*** rderose has quit IRC23:05
*** ddieterly has joined #openstack-keystone23:06
*** ddieterly has quit IRC23:08
*** ebalduf has joined #openstack-keystone23:10
openstackgerritJamie Lennox proposed openstack/keystoneauth: Allow registering additional plugin loaders  https://review.openstack.org/33312623:16
*** BjoernT has quit IRC23:35
*** roxanaghe has joined #openstack-keystone23:36
*** KevinE has quit IRC23:38
*** markvoelker has joined #openstack-keystone23:41
*** rderose has joined #openstack-keystone23:43
*** roxanaghe has quit IRC23:44
*** roxanaghe has joined #openstack-keystone23:46
*** markvoelker has quit IRC23:47
*** roxanaghe has quit IRC23:50
*** spzala has quit IRC23:51
openstackgerritMerged openstack/keystone: Ensure status code is always passed as int  https://review.openstack.org/33921423:52
openstackgerritMerged openstack/keystone: Move the auth plugins abstract base class out of core  https://review.openstack.org/33911223:54
openstackgerritMerged openstack/keystone: Doc update for moving abstract base classes out of core  https://review.openstack.org/33915223:55
*** clenimar_ has quit IRC23:58
« Thursday, 2016-07-07 Index Saturday, 2016-07-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!