Monday, 2017-04-10

« Sunday, 2017-04-09 Index Tuesday, 2017-04-11 »
*** stradling has joined #openstack-keystone00:27
*** zhurong has joined #openstack-keystone00:33
*** thorst has quit IRC00:33
*** stradling has quit IRC01:02
*** nicolasbock has joined #openstack-keystone01:10
*** thorst has joined #openstack-keystone01:34
*** thorst has quit IRC01:37
*** thorst has joined #openstack-keystone01:37
*** zhurong has quit IRC01:58
*** zhurong has joined #openstack-keystone02:10
*** aojea has joined #openstack-keystone02:13
*** aojea has quit IRC02:18
*** xuhaigang has quit IRC02:21
*** thorst has joined #openstack-keystone02:38
*** nicolasbock has quit IRC02:53
*** thorst has quit IRC02:57
*** catintheroof has joined #openstack-keystone03:43
*** catintheroof has quit IRC03:51
*** thorst has joined #openstack-keystone03:55
*** shu-mutou has joined #openstack-keystone03:55
*** rocky has joined #openstack-keystone03:56
*** thorst has quit IRC03:59
*** markvoelker has joined #openstack-keystone04:05
openstackgerritRichard Avelar proposed openstack/keystone master: Add federated support for get user  https://review.openstack.org/44873004:08
openstackgerritRichard Avelar proposed openstack/keystone master: Address comments from Policy in Code 5  https://review.openstack.org/44882604:09
*** Dinesh_Bhor has joined #openstack-keystone04:22
*** thorst has joined #openstack-keystone04:55
*** rocky has quit IRC04:59
*** thorst has quit IRC05:00
*** rcernin has joined #openstack-keystone05:25
*** richm has quit IRC05:43
*** thorst has joined #openstack-keystone05:56
*** thorst has quit IRC06:00
*** pcaruana has joined #openstack-keystone06:01
*** namnh has joined #openstack-keystone06:43
*** tesseract has joined #openstack-keystone06:48
*** jaosorior has joined #openstack-keystone06:49
*** voelzmo has joined #openstack-keystone06:54
*** thorst has joined #openstack-keystone06:57
*** voelzmo has quit IRC06:59
*** thorst has quit IRC07:01
*** voelzmo has joined #openstack-keystone07:01
*** markvoelker has quit IRC07:12
*** markvoelker has joined #openstack-keystone07:15
*** voelzmo has quit IRC07:15
*** adriant has quit IRC07:35
*** shuyingya has joined #openstack-keystone07:38
*** voelzmo has joined #openstack-keystone07:43
*** Aqsa has joined #openstack-keystone07:51
*** thorst has joined #openstack-keystone07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:01
*** thorst has quit IRC08:17
*** aojea has joined #openstack-keystone08:26
*** shu-mutou is now known as shu-mutou-AWAY08:59
*** thorst has joined #openstack-keystone09:14
*** thorst has quit IRC09:18
*** rocky_ has joined #openstack-keystone09:20
*** tovin07 has left #openstack-keystone09:47
*** richm has joined #openstack-keystone10:15
*** nicolasbock has joined #openstack-keystone10:22
*** namnh has quit IRC10:37
openstackgerritpawnesh kumar proposed openstack/keystone master: Add .idea pattern to .gitignore  https://review.openstack.org/45522810:38
Aqsarodrigods: hi10:52
*** raildo has joined #openstack-keystone10:59
*** raildo has quit IRC11:03
*** raildo has joined #openstack-keystone11:05
*** thorst has joined #openstack-keystone11:15
*** thorst has quit IRC11:20
*** jamielennox|away is now known as jamielennox11:25
openstackgerritXieYingYun proposed openstack/keystone master: Add Apache License Content in index.rst  https://review.openstack.org/45526311:30
*** belmoreira has joined #openstack-keystone11:36
*** thorst has joined #openstack-keystone11:55
*** stradling has joined #openstack-keystone12:09
*** markvoelker has quit IRC12:10
*** rocky_ has quit IRC12:13
*** edmondsw has joined #openstack-keystone12:16
*** markvoelker has joined #openstack-keystone12:25
*** zhurong has quit IRC12:26
*** shuyingya has quit IRC12:34
*** catintheroof has joined #openstack-keystone12:36
ayoungI'ma Devstackin'. I'ma Devstackin'.12:48
*** rmascena has joined #openstack-keystone12:56
*** raildo has quit IRC12:58
*** shuyingya has joined #openstack-keystone13:08
*** shuyingya has quit IRC13:13
*** shuyingya has joined #openstack-keystone13:13
*** spilla has joined #openstack-keystone13:13
*** chlong has joined #openstack-keystone13:31
*** openstackgerrit has quit IRC13:33
ayoungwhat is the new standard on API documentation?  In the Keystone docs repo now, or somewhere else?13:36
lbragstadayoung we keep the documentation in keystone/api-ref13:38
lbragstads/documentation/api documentation/13:38
dstanekg'morning13:38
lbragstado/13:39
ayounglbragstad, and nothing new is supposed to go into ext, right?13:39
lbragstadayoung what do you mean?13:40
ayounglbragstad, for example, the changes https://review.openstack.org/401808  go into api-ref/source/v3/13:40
ayoungwe are no longer doing extensions, right13:40
ayoungor experimental in a separate tree, whatever13:40
lbragstadayoung right13:41
ayoungOK.  Any standards on what those docs are supposed to look like, or just "make them look like the existing ones"13:41
lbragstadayoung the existing docs aren't the greatest13:42
lbragstadayoung but use the existing ones as a guide13:42
ayounglbragstad, adding new docs can be super frustrating if there are not a set of guidelines for what they are supposed to look like13:42
ayounglots of churn on the code reviews13:42
lbragstadayoung we've been fixing parts of it since we moved everything from -specs13:43
lbragstadayoung i'd like to propose we have another API docs sprint to clean up *all* of it13:43
ayounglbragstad, it is only fixed if we have a set of guidelines or standards to meet.  Otherwise, it really is just a bunch of gut feelings13:43
lbragstadayoung completely agree13:44
lbragstadayoung that'd be another thing to work on during an API spring13:44
lbragstaddefining, reviewing, and publishing those guidelines13:45
dstanekayoung: what do you mean by supposed to look like?13:46
*** rajpatel has joined #openstack-keystone13:47
ayoungdstanek, I mean "If I do these things, I meet the standard and thus the api change should be merged"13:49
ayoungversus a long painful back and forth on gerrit about what should or should not be in a code change due to the changes to the API13:49
*** shuyingya has quit IRC13:52
*** shuyingya has joined #openstack-keystone13:53
*** openstackgerrit has joined #openstack-keystone13:58
openstackgerritJose Castro Leon proposed openstack/keystoneauth master: Allows to modify the behavior of mutual authentication in kerberos Adds an optional parameter that will allow a deployer to tune it on their environments  https://review.openstack.org/45533013:58
*** ravelar has joined #openstack-keystone14:01
*** dave-mccowan has joined #openstack-keystone14:04
*** shuyingya has quit IRC14:09
*** dave-mccowan has quit IRC14:09
*** shuyingya has joined #openstack-keystone14:09
*** rajpatel has quit IRC14:14
openstackgerritayoung proposed openstack/keystoneauth master: Parameter to tune mutual authentication in kerberos  https://review.openstack.org/45533014:15
*** aloga has quit IRC14:18
*** aloga has joined #openstack-keystone14:18
*** aloga has quit IRC14:18
*** chris_hultin|AWA is now known as chris_hultin14:18
*** lucasxu has joined #openstack-keystone14:27
*** shuyingya has quit IRC14:28
openstackgerritRichard Avelar proposed openstack/keystone master: Validate rolling upgrade is run in order  https://review.openstack.org/43744114:37
*** stingaci has joined #openstack-keystone14:42
*** belmoreira has quit IRC14:46
*** rcernin has quit IRC15:03
ayoungknikolla, so it appears I never hooked up the routers in https://review.openstack.org/#/c/401808/1415:07
knikollaayoung: oh, i thought i had messed up my devstack somehow.15:08
*** aojea has quit IRC15:09
*** gcb has joined #openstack-keystone15:09
ayoungknikolla, nah, that was actually intentional at the time, as I was trying to do the patch in reviewable stages15:09
ayoungbut i am adding it in now15:09
knikollaayoung: ok cool. our talk is on wed, may 10. 4.30pm15:10
*** rderose has joined #openstack-keystone15:10
gcblbragstad,  our periodic job for Keystone has failures in http://logs.openstack.org/periodic/periodic-keystone-py27-with-oslo-master/b7ff181/testr_results.html.gz  that should be related with oslo.config commit https://review.openstack.org/32869215:12
*** voelzmo has quit IRC15:13
*** voelzmo has joined #openstack-keystone15:13
lbragstadgcb looks like we need to update keystone15:14
lbragstadgcb thanks for the heads up!15:14
gcblbragstad, yeah, that should be easy to fix, It's too late for me, I just fix Cinder one in https://review.openstack.org/455152 and hold on new release of oslo.config in https://review.openstack.org/45531815:15
gcblbragstad, please help dig the issue from keystone side, will help dig tomorrow if we haven't fixed from keystone side :-)15:16
lbragstadgcb will do - i'll dig into it15:17
lbragstadhttps://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L270 looks to be the only occurrence https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L27015:17
*** voelzmo has quit IRC15:18
gcblbragstad, thanks15:18
*** stingaci has quit IRC15:25
*** rajpatel has joined #openstack-keystone15:30
*** rajpatel has quit IRC15:34
*** thorst is now known as thorst_afk15:35
*** Aqsa has quit IRC15:48
*** rderose has quit IRC15:52
*** ravelar has quit IRC15:55
bretonbig problem with pymemcache is that it is barely packaged15:57
bretonfrom example, CentOS 7 doesn't have HashClient there15:57
*** rajpatel has joined #openstack-keystone15:58
lbragstadcc morgan ^15:59
morgansame as anything/everything for openstack, it is in g-r and can be used and will be packaged15:59
morganhave you checked EPEL?15:59
bretonI mean, Ocata RDO doesn't have HashClient. CentOS 7 hasn't pymemcache at all.16:00
*** lucasxu has quit IRC16:00
morganthis is why we do the conversions early if anything16:00
morganit can/will be packaged.16:00
morganif we can only ever use things that are packaged, we would never move forward.16:00
*** rajpatel has quit IRC16:00
morganit is https://github.com/openstack/requirements/blob/master/global-requirements.txt#L188 here16:01
morganit is useable16:01
morganand it will get packaged16:01
bretonepel is 1.2.5 -> no HashClient16:01
morgandoesn't matter still.16:01
morganbut if the argument is "i don't want to", thats fine as well.16:02
bretonwell, it's a show-stopper for me now16:02
morganit *will* be packaged.16:02
morganit is part of the requirements for the project then.16:02
morganthe only reason it isn't packaged now is because no one is using it here.16:03
morganin this case, just use it, next release will get it packaged16:03
morganRDO isn't going to be based on Master16:03
morganit willbe based on <stable/*>16:04
morgansimilar to other packages16:04
*** morgan sets mode: -o morgan16:08
*** rmascena is now known as raildo16:09
asettlelbragstad: could you or Richard take a look at: https://bugs.launchpad.net/openstack-manuals/+bug/168022816:12
openstackLaunchpad bug 1680228 in openstack-manuals "Install Guide missing --domain name parameter when creating role" [Undecided,New]16:12
asettleI was unable to verify16:12
*** gyee has joined #openstack-keystone16:14
*** aloga has joined #openstack-keystone16:15
*** rajpatel has joined #openstack-keystone16:22
*** lamt has joined #openstack-keystone16:30
lbragstadasettle will do16:34
asettleGracias, gracias16:35
*** Aqsa has joined #openstack-keystone16:35
*** lamt has quit IRC16:42
*** rajpatel has quit IRC16:44
ayoungknikolla, Ok, I think I fooled myself16:46
ayoungI was looking at the wrong place.  I did wire up the routers16:46
*** jaosorior is now known as jaosorior_away16:51
*** aojea has joined #openstack-keystone16:51
lbragstadasettle updated16:52
*** tesseract has quit IRC16:52
*** lucasxu has joined #openstack-keystone17:02
*** rocky_ has joined #openstack-keystone17:03
openstackgerritLance Bragstad proposed openstack/keystone master: Remove usage of enforce_type  https://review.openstack.org/45539117:07
lbragstadgcb ^ that should get us started17:07
lbragstadgcb that will have to wait until keystone is using oslo.config 3.24 though before it will pass tests17:08
lbragstadgcb https://github.com/openstack/keystone/blob/2dbd5d99bbf71ad5c4a81f54e8d4ce0de258ab00/requirements.txt#L2517:09
*** thorst_afk is now known as thorst17:16
*** MaxPC has joined #openstack-keystone17:20
*** stingaci has joined #openstack-keystone17:26
*** lamt has joined #openstack-keystone17:28
*** stingaci has quit IRC17:30
*** stradling has quit IRC17:47
ayoungmorgan, can you give this the once over https://review.openstack.org/#/c/290253/  so it has some keystone review?17:55
*** lamt has quit IRC17:56
*** stradling has joined #openstack-keystone17:58
*** aojea has quit IRC18:16
openstackgerritMerged openstack/keystone master: Updated from global requirements  https://review.openstack.org/45388118:17
knikollaayoung: actually IIRC, i think you hadn't hooked it up, but I did when I revised the patch.18:21
ayoungknikolla, ah18:22
ayoungknikolla, that makes sense18:22
ayoungI was wondering about that. Was origianlly doing it in stages. Lost track of how far I'd gotten18:22
morganayoung: i'll review it in a couple minutes18:23
ayoungmorgan, thanks18:23
*** stradling has quit IRC18:44
openstackgerritKristi Nikolla proposed openstack/python-keystoneclient master: WIP - Client functions for url_patterns  https://review.openstack.org/45289318:59
knikollaayoung: ^^18:59
ayoungknikolla, Thanks19:00
ayounglet me grab that for my devstack19:00
*** stradling has joined #openstack-keystone19:06
*** MaxPC has quit IRC19:06
*** edmondsw_ has joined #openstack-keystone19:15
*** edmondsw_ has quit IRC19:15
knikollaayoung: in keystone/unit/tests/assignment/test_core.py why is there test_deleting_role_removes_inference_rule and test_implied_role_crd?19:26
ayounghmmm19:34
ayoungknikolla, cuz I wanted to tes that those things worked?19:35
ayoungknikolla, if I have a role   X which implied member, and I assigned it to someone, and I delete the role X, the user should no longer have the member role19:36
ayoungall the implied role stuff is in the assignemnt backend19:36
knikollaayoung: i mean why are there in the rbac patch. its functionality not introduced by it.19:36
*** rajpatel has joined #openstack-keystone19:36
ayoungprobably because they were in my repo and I didn't realize they were still there?  OProbably squashed them into the patch by mistake19:37
ayoungbut they could and should be spun out to their own patch19:37
knikollaayoung: ok, will remove them from the rbac patch. just wanted to confirm19:37
ayoungcool19:37
ayoungjamielennox, I know it is early, but got a Keystoneclient question for you.  Trying to create a client based on the envvars set by the .rc file19:43
ayoungparser = argparse.ArgumentParser(19:44
ayoung        description='Simple HTTP testing for Openstack')19:44
ayoungloading.register_session_argparse_arguments(parser)19:44
ayoungloading.register_auth_argparse_arguments(parser, sys.argv[1:])19:44
ayoungopts = parser.parse_args()19:44
ayoungauth = loading.load_auth_from_argparse_arguments(opts)19:44
ayoungsession = loading.load_session_from_argparse_arguments(19:44
ayoung        opts,19:44
ayoung        auth=auth,19:44
ayoung        user_agent='os-http')19:44
ayoungkeystone = keystone_v3.Client(session=session)19:44
ayoungor anyone else here19:44
ayoungsorry for the flood,19:44
ayounganyway, that code should create a client, but trying to use it gets19:46
ayoungkeystoneauth1.exceptions.auth_plugins.MissingAuthPlugin: An auth plugin is required to determine endpoint URL19:46
ayounghowever, with the env vars set, I can use the openstack cli to listroles:19:47
ayoungopenstack role list  returns just right19:47
ayoungDo we have a decent example of creating a client this way?19:48
*** rajpatel has quit IRC19:57
ayoungknikolla, seems to work20:00
knikollaayoung: :)20:02
*** raildo has quit IRC20:04
*** lamt has joined #openstack-keystone20:08
openstackgerritKristi Nikolla proposed openstack/keystone master: URL pattern based RBAC Management Interface  https://review.openstack.org/40180820:22
openstackgerritMerged openstack/keystone-specs master: Unified limits specification  https://review.openstack.org/44081520:24
openstackgerritKristi Nikolla proposed openstack/keystone master: Remove LDAP delete logic and associated tests  https://review.openstack.org/42434420:32
openstackgerritSam Yaple proposed openstack/keystone master: DONOTMERGE - LOCI zuul-cloner test  https://review.openstack.org/45393320:34
*** lamt has quit IRC20:43
jamielennoxayoung: so that should work for CLI - but we are typically suggesting that people use os-c-c rather that the ksa argparse stuff20:46
jamielennoxbut it will work20:46
jamielennoxthe env vars should work with ksa, os-c-c gives you the yaml stuff20:46
jamielennoxthe thing i can think of is that osc defaults OS_AUTH_TYPE=password and ksa doesn't20:48
jamielennoxin ksa you must give an OS_AUTH_TYPE var20:48
openstackgerritMerged openstack/keystone master: Add Apache License Content in index.rst  https://review.openstack.org/45526320:50
openstackgerritMerged openstack/keystone master: Remove unused revocation check in revoke_models  https://review.openstack.org/45145220:50
*** aojea has joined #openstack-keystone20:51
*** Aqsa has quit IRC20:53
openstackgerritMerged openstack/keystone master: Address comments from Policy in Code 5  https://review.openstack.org/44882620:56
*** stradling has quit IRC20:57
*** thorst has quit IRC21:03
*** edmondsw has quit IRC21:08
*** spilla has quit IRC21:09
*** edmondsw has joined #openstack-keystone21:10
*** rajpatel has joined #openstack-keystone21:11
openstackgerritKristi Nikolla proposed openstack/keystone master: WIP - Document functional testing and devstack plugin  https://review.openstack.org/44877321:13
*** edmondsw has quit IRC21:15
*** pcaruana has quit IRC21:15
*** catintheroof has quit IRC21:25
*** pramodrj07 has joined #openstack-keystone21:32
*** MasterOfBugs has joined #openstack-keystone21:32
*** lucasxu has quit IRC21:40
*** sjain has joined #openstack-keystone21:40
*** sjain has quit IRC21:57
*** lamt has joined #openstack-keystone22:02
openstackgerritMerged openstack/keystoneauth master: Updated from global requirements  https://review.openstack.org/44508622:06
openstackgerritMerged openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/43931822:07
*** catintheroof has joined #openstack-keystone22:27
*** lamt has quit IRC22:31
*** hoonetorg has joined #openstack-keystone22:39
*** aojea has quit IRC22:48
*** edmondsw has joined #openstack-keystone22:53
*** edmondsw has quit IRC22:57
*** thorst has joined #openstack-keystone23:02
*** adriant has joined #openstack-keystone23:03
*** sjain has joined #openstack-keystone23:04
*** lamt has joined #openstack-keystone23:09
ayoungjamielennox, yeah, but I am still coding23:25
ayoungwe don't have a CLI for this new code yet, so I need to give an example using the python-keystoneclient23:26
jamielennoxayoung: that looks right for ksc23:27
ayoungjamielennox, didn't work23:27
jamielennoxyou can use ksa with ksc23:27
ayoungI had to do23:27
ayoungauth = v3.Password(auth_url='http://192.168.122.180:35357/v3',23:27
ayoung                   username='admin',23:27
ayoung                   password='FreeIPA4All',23:27
ayoung                   project_name='demo',23:27
ayoung                   user_domain_name='default',23:27
ayoung                   project_domain_name='default')23:27
jamielennoxand you set an OS_AUTH_TYPE=password23:27
*** jdennis has joined #openstack-keystone23:27
ayoungah, you think I just need that one more value?23:27
ayounglet me try that23:27
openstackgerritMorgan Fainberg proposed openstack/keystone master: Support new hashing algorithms for securely storing password hashes  https://review.openstack.org/43870123:27
jamielennoxayoung: os-http is the simplest example i have of this using os-c-c23:27
ayoungjamielennox, yep thanks23:28
*** lamt has quit IRC23:29
ayoungjamielennox, just trying to do development with  changes on keystone server, keystoneclient, and keystone middleware for the RBAC in middelware proof of concept23:29
ayoungjamielennox, any strong feelings on RBAC from middleware?   https://review.openstack.org/#/c/452198/23:30
ayoungjamielennox, and, I assume it is too much to hope that you are coming to Boston, right>23:31
ayoung?23:31
jamielennoxayoung: no boston for me ;(23:31
jamielennoxtalk rejected, and even then i'm not sure i would have been approved23:32
ayoungjamielennox, I knew this was going to happen when they split off the PTG23:32
jamielennoxdoesn't appear to be much developer funding for boston23:32
jamielennoxayoung: yep, it was fairly predictable23:32
ayoungMy talk is accepted, but not sure it is going to matter, as all the people that should be there won't be there23:32
jamielennoxayoung: my main concern with RBAC from middleware is the same as always - i think the lookup is going to be really slow23:32
jamielennoxparticularly now that nova and everyone is moving towards policy in code and decorators for policy23:33
*** lamt has joined #openstack-keystone23:33
ayoungjamielennox, what aspect do you think is going to be slow?  The HTTP fetch, or the pattern matching?23:35
jamielennoxwell, http fetch is always an issue - but pattern matching23:35
ayoungSo, I think that is going to be pretty quick23:36
ayoungit will be basically the same cost as selecting the route is now23:36
ayoungand, for the vast majority, I bet they use the default rule any way23:36
openstackgerritTin Lam proposed openstack/keystonemiddleware master: Replace pycrypto with cryptography  https://review.openstack.org/45194123:39
*** sjain has quit IRC23:41
openstackgerritSamriddhi proposed openstack/keystone master: Updated scope parameter description in v3 API-ref  https://review.openstack.org/45003823:42
ayoungjamielennox, so, I think that, in future iterations, the URL pattern match and the RBAC lookup could be done at the same time, as a performance tune.  You could pre-match the rules against the Routers, or something, so you only end up matching once23:42
jamielennoxayoung: agreed - but that's not middleware23:42
ayoungjamielennox, its a performance tune if, and only if, it proves to be an issue23:42
ayoungwe won't know until someone tries it23:42
ayoungI can't see that the pattern match would be signficantly different than any other dictionary lookup in Python, though23:43
ayoungand those are legion23:43
ayoungWe can probably also pay the price per URL once and somehow pre-calculate the matches for later URLs...hand wave hand wave23:44
*** lamt has quit IRC23:55
« Sunday, 2017-04-09 Index Tuesday, 2017-04-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!