Sunday, 2016-11-20

« Saturday, 2016-11-19 Index Monday, 2016-11-21 »
*** diazjf has joined #openstack-keystone01:13
*** spzala has joined #openstack-keystone01:23
*** spzala has quit IRC01:28
*** itisha has quit IRC01:29
*** diazjf has quit IRC02:57
*** diazjf has joined #openstack-keystone03:03
openstackgerritEric Brown proposed openstack/keystone: Invalid parameter name on interface  https://review.openstack.org/39987003:25
*** tqtran has joined #openstack-keystone03:25
*** tqtran has quit IRC03:30
*** diazjf has quit IRC03:46
*** dave-mccowan has joined #openstack-keystone03:47
*** dave-mccowan has quit IRC03:52
*** kiran-r has joined #openstack-keystone04:34
*** spzala has joined #openstack-keystone05:24
*** spzala has quit IRC05:28
*** GB21 has joined #openstack-keystone06:02
masberhi06:17
masberhow can I get the keystone token?06:17
masber??06:33
*** richm has quit IRC06:41
*** maestropandy has joined #openstack-keystone06:54
*** maestropandy has left #openstack-keystone06:54
openstackgerritSteve Martinelli proposed openstack/keystone: Enable CADF notification format by default  https://review.openstack.org/39733906:58
openstackgerritSteve Martinelli proposed openstack/keystone: refactor notification test to work with either format  https://review.openstack.org/39993706:58
openstackgerritSteve Martinelli proposed openstack/keystone: Swap the notification formats in the docs  https://review.openstack.org/39993806:58
openstackgerritSteve Martinelli proposed openstack/keystone: refactor notification test to work with either format  https://review.openstack.org/39993706:59
openstackgerritSteve Martinelli proposed openstack/keystone: Enable CADF notification format by default  https://review.openstack.org/39733906:59
openstackgerritSteve Martinelli proposed openstack/keystone: Enable CADF notification format by default  https://review.openstack.org/39733907:00
openstackgerritSteve Martinelli proposed openstack/keystone: Swap the notification formats in the docs  https://review.openstack.org/39993807:00
openstackgerritSteve Martinelli proposed openstack/keystone: Swap the notification formats in the docs  https://review.openstack.org/39993807:01
*** maestropandy1 has joined #openstack-keystone07:11
*** maestropandy1 has left #openstack-keystone07:11
*** tqtran has joined #openstack-keystone07:27
*** bknudson has quit IRC07:31
*** tqtran has quit IRC07:31
openstackgerritMerged openstack/keystone: Use issue_v3_token instead of issue_v2_token  https://review.openstack.org/38666507:56
openstackgerritMerged openstack/keystone: refactor the token controller  https://review.openstack.org/38672607:56
*** spzala has joined #openstack-keystone08:24
openstackgerritMerged openstack/keystone: Remove issue_v2_token  https://review.openstack.org/38676208:25
openstackgerritMerged openstack/keystone: Remove issue_v3_token in favor of issue_token  https://review.openstack.org/38683708:25
*** spzala has quit IRC08:28
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:00
*** maestropandy has joined #openstack-keystone09:42
*** maestropandy has left #openstack-keystone09:50
*** maestropandy1 has joined #openstack-keystone09:58
*** maestropandy1 has left #openstack-keystone09:58
*** kumar has joined #openstack-keystone10:54
kumarhi10:54
kumarI am trying to use keystone client v2 to validate user token and also to get tenant information10:54
kumari am using service user to do that10:55
kumarIf I am using client.tokens.validate(user_token)10:56
kumarit gives me this error10:56
kumarkeystoneauth1.exceptions.catalog.EndpointNotFound: Endpoint for identity service10:56
kumarif I do client.get_raw_token_from_identity_service(auth_url=endpoint, token=user_token) I get token information but no tenant data10:57
kumarcan I get some help here10:57
bretonkumar: have you run keystone-manage bootstrap?10:58
kumarwhat is the best way to get tenat info10:58
kumarI have a devstack env which is running10:58
kumarI am trying to connect to that10:58
kumar+breton: I have a running keystone in devstack11:00
kumarI have not given keystone-manage bootstrap explicitly11:00
*** richm has joined #openstack-keystone11:09
*** maestropandy has joined #openstack-keystone11:13
*** maestropandy has left #openstack-keystone11:13
*** maestropandy1 has joined #openstack-keystone11:16
*** maestropandy1 has left #openstack-keystone11:16
*** tqtran has joined #openstack-keystone11:28
*** tqtran has quit IRC11:33
*** kiran-r has quit IRC11:39
openstackgerritMerged openstack/keystone: Remove format_token method  https://review.openstack.org/38936412:05
*** kumar has quit IRC12:11
*** david-lyle has joined #openstack-keystone12:12
openstackgerritDave Chen proposed openstack/keystone: Enable bootstrapping keystone with identity LDAP backend  https://review.openstack.org/39596712:13
*** david-lyle has quit IRC12:17
*** GB21 has quit IRC12:18
*** nicolasbock has joined #openstack-keystone12:19
openstackgerritDave Chen proposed openstack/keystone: Enable bootstrapping keystone with identity LDAP backend  https://review.openstack.org/39596712:28
openstackgerritSteve Martinelli proposed openstack/keystone: Remove metadata from token provider  https://review.openstack.org/38936512:44
openstackgerritSteve Martinelli proposed openstack/keystone: Clarify the v2.0 validation path  https://review.openstack.org/38936612:44
openstackgerritSteve Martinelli proposed openstack/keystone: refactor notification test to work with either format  https://review.openstack.org/39993712:46
openstackgerritSteve Martinelli proposed openstack/keystone: Enable CADF notification format by default  https://review.openstack.org/39733912:46
openstackgerritSteve Martinelli proposed openstack/keystone: Swap the notification formats in the docs  https://review.openstack.org/39993812:46
openstackgerritSteve Martinelli proposed openstack/keystone: Swap the notification formats in the docs  https://review.openstack.org/39993812:47
*** whycoin has joined #openstack-keystone13:02
*** whycoin has quit IRC13:04
*** nicolasbock has quit IRC13:17
openstackgerritSteve Martinelli proposed openstack/python-keystoneclient: Pass allow_expired to token validate  https://review.openstack.org/38209913:27
*** david-lyle has joined #openstack-keystone14:14
*** david-lyle has quit IRC14:18
*** maestropandy has joined #openstack-keystone14:19
openstackgerritMerged openstack/keystone-specs: Add spec for native SAML2  https://review.openstack.org/39786014:25
*** maestropandy has left #openstack-keystone14:48
openstackgerritMerged openstack/keystone: Remove metadata from token provider  https://review.openstack.org/38936515:14
openstackgerritMerged openstack/keystone: Clarify the v2.0 validation path  https://review.openstack.org/38936615:14
*** spzala has joined #openstack-keystone15:26
*** tqtran has joined #openstack-keystone15:30
*** tqtran has quit IRC15:35
*** GB21 has joined #openstack-keystone15:44
*** jrist has quit IRC16:19
*** jrist has joined #openstack-keystone16:20
*** diazjf has joined #openstack-keystone16:27
*** GB21 has quit IRC16:35
*** maestropandy has joined #openstack-keystone17:06
*** maestropandy has left #openstack-keystone17:07
*** stream10 has joined #openstack-keystone17:37
openstackgerritMerged openstack/keystone: Devstack plugin to federate with testshib.org  https://review.openstack.org/39393217:46
*** diazjf has quit IRC17:52
*** mkoderer__ has quit IRC17:55
*** timss has quit IRC17:55
*** mkoderer__ has joined #openstack-keystone17:56
*** timss has joined #openstack-keystone17:56
*** maestropandy has joined #openstack-keystone17:58
*** maestropandy has left #openstack-keystone17:58
*** david-lyle has joined #openstack-keystone18:11
*** stream10 has quit IRC18:16
*** stream10 has joined #openstack-keystone18:25
*** gagehugo has quit IRC18:29
*** phalmos has joined #openstack-keystone18:32
*** hogepodge has quit IRC18:34
*** gagehugo has joined #openstack-keystone18:43
*** phalmos has quit IRC18:48
*** spzala has quit IRC18:51
*** diazjf has joined #openstack-keystone19:05
*** tqtran has joined #openstack-keystone19:32
*** tqtran has quit IRC19:36
*** dave-mccowan has joined #openstack-keystone19:42
*** dave-mccowan has quit IRC20:08
*** stream10 has quit IRC20:20
*** hogepodge has joined #openstack-keystone20:22
*** hogepodge has quit IRC20:22
*** hogepodge has joined #openstack-keystone20:24
*** spzala has joined #openstack-keystone20:40
*** dave-mccowan has joined #openstack-keystone20:46
*** adriant has joined #openstack-keystone20:55
*** d0ugal has quit IRC21:12
*** jamielennox|away is now known as jamielennox21:15
*** spzala has quit IRC21:22
*** d0ugal has joined #openstack-keystone21:28
*** g2 is now known as g2[falcs1]21:34
masberhi21:40
*** g2[falcs1] is now known as g2[sea]21:40
*** g2[sea] is now known as g2[Sea]21:40
masberI am using rest api to get my tokens but they expire after 1 hour, is there a way to get a token without expiration date?21:41
masberor at least get expiration date of 5 years or something like that?21:42
*** dave-mccowan has quit IRC21:59
*** spzala has joined #openstack-keystone22:21
bretonmasber: why would you want that?22:43
bretonmasber: if you really-really want this, set keystone.conf:[token]expiration22:44
bretonmasber: bu we are trying to make the expiration shorter, not longer22:45
adriantmasber: Are you trying to use the token as a service API token akin to the EC2 access keys?22:45
adriantmasber: the keystone tokens are effectively a "authenticated session", so they should be short for security purposes, and because with fernet they also expire when the fernet encrypt keys change. :(22:46
adriantbreton: Actually that's a thought, the conf setting for token expiry is effectively superseded by how often you create new fernet keys.22:48
adriantThat's perfectly fine, just makes the conf setting less important in some ways.22:48
masberbreton, I am trying to setup grafana to collect logs from gnocchi22:56
masberand I am using token for authentication22:56
masberbut I am happy to hear about best practices22:58
adriantmasber: the approach that all the current python libraries tend to take is that given a username and password, they will fetch a token, and do things. Once that token expires, they will automatically get a new one.22:59
adriantThis is mostly handled in the Keystoneauth library which they all use.22:59
adriantIf you are using the rest API directly, you'd need to handle that logic yourself.22:59
adriantStore username/password, get token, do stuff, token expires, catch error, get new token, do more stuff, repeat.23:00
masberok, then best is to put username and password right?23:00
adriantThat might work too, but ideally you'd only use the username/pass to fetch tokens, and only update your token when it expires.23:02
adriantBecause otherwise the gnocchi api will authenticate you against keystone every time and create a new token for every api call.23:02
bretonadriant: creating a new fernet token doesn't destroy the old one23:02
bretonadriant: oh, keys23:03
adriantbreton: I know, I mean the encrypt keys23:03
bretonadriant: misread you, sorry23:03
adriantbreton: ah, yeah :)23:03
adriantbreton: new keys is basically the same as doing a table truncate for the token table when using UUID or PKI23:04
*** catintheroof has joined #openstack-keystone23:08
masberwhat is the difference between a token and a key?23:12
adriantmasber: a token is an authorised session basically. It represents a set of privileges you have for a given period of time. As for a key, well if you mean the EC2 access keys, then that's really just another username/password combo really but unique to the EC2 APIs.23:20
adriantIf that makes sense...23:20
masberadriant, yes that makes totally sense, thank you!23:20
*** tqtran has joined #openstack-keystone23:33
*** tqtran has quit IRC23:37
openstackgerritAdrian Turjak proposed openstack/keystone-specs: User self management of TOTP credentials  https://review.openstack.org/34570523:42
*** catintheroof has quit IRC23:49
*** catintheroof has joined #openstack-keystone23:50
*** catintheroof has quit IRC23:55
openstackgerritSteve Martinelli proposed openstack/keystone: move content from configuringservices to configuration  https://review.openstack.org/39978723:57
openstackgerritSteve Martinelli proposed openstack/keystone: Move docs from key_terms to architecture  https://review.openstack.org/39976023:58
openstackgerritSteve Martinelli proposed openstack/keystone: Remove extension and auth_token middleware docs  https://review.openstack.org/39976723:58
openstackgerritSteve Martinelli proposed openstack/keystone: clean up developer docs  https://review.openstack.org/39978123:58
*** alex_xu has quit IRC23:58
« Saturday, 2016-11-19 Index Monday, 2016-11-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!