Wednesday, 2017-05-31

« Tuesday, 2017-05-30 Index Thursday, 2017-06-01 »
*** dave-mccowan has joined #openstack-keystone00:03
*** markvoelker has quit IRC00:04
*** thorst has joined #openstack-keystone00:14
*** raildo has quit IRC00:14
*** thorst has quit IRC00:15
*** thorst has joined #openstack-keystone00:17
*** masber has joined #openstack-keystone00:17
*** thorst has quit IRC00:19
*** masber has quit IRC00:26
*** masber has joined #openstack-keystone00:26
*** markvoelker has joined #openstack-keystone00:47
*** frontrunner has joined #openstack-keystone00:49
*** dikonoor has joined #openstack-keystone01:01
*** Shunli has joined #openstack-keystone01:04
*** markvoelker_ has joined #openstack-keystone01:16
*** markvoelker has quit IRC01:17
*** lucasxu has joined #openstack-keystone01:17
*** lucasxu has quit IRC01:17
*** thorst has joined #openstack-keystone01:19
*** jose-phillips has quit IRC01:20
*** lucasxu has joined #openstack-keystone01:20
*** markvoelker_ has quit IRC01:21
*** jose-phillips has joined #openstack-keystone01:22
*** lucasxu has quit IRC01:22
*** lucasxu has joined #openstack-keystone01:23
*** markvoelker has joined #openstack-keystone01:23
*** __Nautilus__ has joined #openstack-keystone01:23
*** dikonoor has quit IRC01:24
*** thorst has quit IRC01:24
*** arahal_ has quit IRC01:32
*** aselius has quit IRC01:45
*** lucasxu has quit IRC02:01
*** namnh has joined #openstack-keystone02:04
*** lucasxu has joined #openstack-keystone02:11
*** lucasxu has quit IRC02:13
*** thorst has joined #openstack-keystone02:13
*** thorst has quit IRC02:13
*** lucasxu has joined #openstack-keystone02:14
*** __Nautilus__ has quit IRC02:15
*** __Nautilus__ has joined #openstack-keystone02:15
*** dave-mccowan has quit IRC02:15
*** __Nautilus__ has quit IRC02:19
*** jrist has quit IRC02:20
*** yunus has quit IRC02:29
*** jrist has joined #openstack-keystone02:34
*** thorst has joined #openstack-keystone02:37
*** thorst has quit IRC02:38
*** __Nautilus__ has joined #openstack-keystone02:39
*** lucasxu has quit IRC02:40
*** shuyingya has joined #openstack-keystone02:41
*** zsli_ has joined #openstack-keystone02:44
*** lucasxu has joined #openstack-keystone02:45
*** Shunli has quit IRC02:46
*** lucasxu has quit IRC02:47
*** shuyingy_ has joined #openstack-keystone02:48
*** shuyingya has quit IRC02:48
*** nicolasbock has quit IRC02:49
*** __Nautilus__ has quit IRC02:50
*** __Nautil_ has joined #openstack-keystone02:53
*** lucasxu has joined #openstack-keystone02:56
*** lucasxu has quit IRC03:04
*** __Nautil_ has quit IRC03:05
*** __Nautilus__ has joined #openstack-keystone03:06
*** zsli_ has quit IRC03:08
*** Shunli has joined #openstack-keystone03:08
*** __Nautil_ has joined #openstack-keystone03:09
*** thorst has joined #openstack-keystone03:09
*** __Nautil_ has quit IRC03:09
*** __Nautilus__ has quit IRC03:09
*** nicolasbock has joined #openstack-keystone03:20
*** liujiong has joined #openstack-keystone03:21
*** thorst has quit IRC03:26
*** frontrunner has quit IRC03:26
openstackgerrityangweiwei proposed openstack/keystone master: Expose a bug in getting federation projects  https://review.openstack.org/46931803:27
openstackgerrityangweiwei proposed openstack/keystone master: Expose a bug in getting federation projects  https://review.openstack.org/46931803:31
*** nicolasbock has quit IRC03:33
*** david-lyle has joined #openstack-keystone03:35
*** prashkre has joined #openstack-keystone03:36
*** links has joined #openstack-keystone03:45
*** lucasxu has joined #openstack-keystone03:45
*** prashkre has quit IRC04:01
*** wasmum has quit IRC04:05
*** jaosorior has quit IRC04:10
*** lucasxu has quit IRC04:11
*** jaosorior has joined #openstack-keystone04:12
*** zhurong has joined #openstack-keystone04:16
*** aojea has joined #openstack-keystone04:18
*** dikonoor has joined #openstack-keystone04:18
*** zhurong has quit IRC04:19
*** piliman974 has quit IRC04:20
*** aojea has quit IRC04:22
*** dikonoor has quit IRC04:37
*** dikonoor has joined #openstack-keystone04:55
*** dikonoor has quit IRC05:01
*** hawk_ has joined #openstack-keystone05:09
hawk_Dear All, I am trying to configure my keystone service in order to integrate with LDAP. But after I add driver = keystone.identity.backends.ldap.Identity into keystone.conf, openstack user list command gives an error like below, "Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. Internal Server Error (HTTP 500) error." Do you have any opinion ab05:09
*** thorst has joined #openstack-keystone05:23
*** thorst has quit IRC05:28
*** gyee has quit IRC05:34
openstackgerritzhengliuyang proposed openstack/keystone master: Remove hash_algorithms from performance.rst  https://review.openstack.org/46933305:47
*** tobberydberg has joined #openstack-keystone05:52
*** prashkre has joined #openstack-keystone06:04
*** jaosorior has quit IRC06:08
*** mvk has quit IRC06:09
*** rcernin has joined #openstack-keystone06:10
pooja_jadhavlbragstad: Hi, I went through the discussion which held previously. So team has decided to write API microversion for this change. am I right? that List resources with invalid filters should return 400.06:10
openstackgerritVan Hung Pham proposed openstack/keystone master: Replace assertRaisesRegexp with assertRaisesRegex  https://review.openstack.org/46933806:11
*** ducttap__ has joined #openstack-keystone06:16
*** jaosorior has joined #openstack-keystone06:17
*** ducttape_ has quit IRC06:17
pooja_jadhavlbragstad: this the bug reference-https://bugs.launchpad.net/keystone/+bug/1654084. i have referred.06:18
openstackLaunchpad bug 1654084 in OpenStack Identity (keystone) "Listing resources with invalid filters should result in a 400" [Wishlist,In progress] - Assigned to Tin Lam (lamt)06:18
pooja_jadhavlamt: Hi06:19
lamtpooja_jadhav There was discussion during the summit about microversioning06:19
pooja_jadhavlamt: ok06:20
lamtpooja_jadhav I think more discussion is needed, so that defect is on hold06:20
*** abhishek_k has joined #openstack-keystone06:21
pooja_jadhavlamt: Are you taking follow up for this issue?06:23
*** thorst has joined #openstack-keystone06:24
lamtpooja_jadhav: yup, but implementing microversion needs more discussion, I don't think that defect will be resolved in the immediate future though06:25
pooja_jadhavlamt: ok, thank you for the update.06:26
lamtpooja_jadhav not a problem06:26
*** thorst has quit IRC06:29
hawk_Dear All, I am trying to configure my keystone service in order to integrate with LDAP. But after I add driver = keystone.identity.backends.ldap.Identity into keystone.conf, openstack user list command gives an error like below, "Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. Internal Server Error (HTTP 500) error." Do you have any opinion ab06:29
openstackgerrityangweiwei proposed openstack/keystone master: Expose a bug in getting federation projects  https://review.openstack.org/46931806:31
openstackgerrityangweiwei proposed openstack/keystone master: Expose a bug in getting federation projects  https://review.openstack.org/46931806:36
cmurphyhawk_: the keystone logs should give you a hint about what went wrong06:39
cmurphyhawk_: also for the last couple of releases you can just have driver = ldap not the full entry point06:39
*** basilAB has quit IRC06:42
*** basilAB has joined #openstack-keystone06:44
hawk_I have only keystone-manage.log and do not have keystone.log.06:44
hawk_Do you have to change some configuration to keep logs?06:53
cmurphyhawk_: if you're following the install guide it is probably run under apache and the keystone logs will be in /var/log/apache206:53
*** tesseract has joined #openstack-keystone06:53
*** Dave has quit IRC07:02
*** Dave has joined #openstack-keystone07:08
*** mvk has joined #openstack-keystone07:08
openstackgerrityangweiwei proposed openstack/keystone master: Fix bugs in mapping rules with blacklist  https://review.openstack.org/46827807:13
*** flwang has quit IRC07:24
*** pcaruana has joined #openstack-keystone07:26
*** aojea has joined #openstack-keystone07:26
*** shuyingy_ has quit IRC07:27
*** shuyingya has joined #openstack-keystone07:27
*** aselius has joined #openstack-keystone07:45
*** hawk_ has quit IRC07:45
*** thorst has joined #openstack-keystone07:46
*** thorst has quit IRC07:50
*** adriant has quit IRC07:52
*** hungpv has joined #openstack-keystone07:53
*** hawk_ has joined #openstack-keystone07:54
hawk_Dear All, When I enable LDAP, openstack user list commands gives error. I checked keystone.log here is the errors look like : 2017-05-31 07:48:06.359244 ImportError: No module named ldap.filter 2017-05-31 07:48:07.604887 mod_wsgi (pid=441): Target WSGI script '/usr/bin/keystone-wsgi-admin' cannot be loaded as Python module. 2017-05-31 07:48:07.605155 mod_wsgi (pid=441): Exception occurred processing WSGI script '/usr/bin/key07:56
hawk_Is there any suggestion? Thanks for helping.07:56
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:01
*** dikonoor has joined #openstack-keystone08:02
cmurphyhawk_: do you have the ldap module installed? `pip freeze | grep ldap`08:06
*** Drankis has joined #openstack-keystone08:10
hawk_Traceback (most recent call last):   File "/usr/bin/pip", line 11, in <module>     sys.exit(main())   File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 215, in main     locale.setlocale(locale.LC_ALL, '')   File "/usr/lib/python2.7/locale.py", line 581, in setlocale     return _setlocale(category, locale) locale.Error: unsupported locale setting08:12
*** Shunli has quit IRC08:12
*** Shunli has joined #openstack-keystone08:13
bretonwhat's output of "locale"?08:18
hawk_locale: Cannot set LC_ALL to default locale: No such file or directory LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=en_US.UTF-8 LC_COLLATE="en_US.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="en_US.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL=08:20
bretonsomething is very wrong with your system. Maybe https://stackoverflow.com/questions/14547631/python-locale-error-unsupported-locale-setting or https://stackoverflow.com/questions/36394101/pip-install-locale-error-unsupported-locale-setting could help you, but i am not sure08:23
cmurphyyeah this is wandering away from a keystone issue, but "no module named ldap.filter" issue is probably because of a missing dependency08:25
breton++08:29
hawk_i set lc_all = c then installed python_ldap and python_ldappool08:29
hawk_The request you have made requires authentication. (HTTP 401)then error changed to08:30
*** dikonoor has quit IRC08:39
*** piliman974 has joined #openstack-keystone08:41
*** thorst has joined #openstack-keystone08:47
*** cristicalin has joined #openstack-keystone08:48
*** cristicalin has quit IRC08:50
*** hungpv_ has joined #openstack-keystone08:52
*** ducttape_ has joined #openstack-keystone08:52
*** jose-phi_ has joined #openstack-keystone08:53
*** ediardo_ has joined #openstack-keystone08:54
*** oomichi_ has joined #openstack-keystone08:59
*** zzzeek_ has joined #openstack-keystone09:00
*** johnthetubaguy_ has joined #openstack-keystone09:00
*** zzzeek has quit IRC09:01
*** hungpv has quit IRC09:01
*** ducttap__ has quit IRC09:01
*** links has quit IRC09:01
*** jose-phillips has quit IRC09:01
*** pooja_jadhav has quit IRC09:01
*** ediardo has quit IRC09:01
*** eandersson has quit IRC09:01
*** oomichi has quit IRC09:01
*** johnthetubaguy has quit IRC09:01
*** jistr has quit IRC09:01
*** oomichi_ is now known as oomichi09:01
*** ediardo_ is now known as ediardo09:01
*** adriant has joined #openstack-keystone09:02
*** jistr has joined #openstack-keystone09:02
*** charz has quit IRC09:03
*** andreaf has quit IRC09:03
*** charz has joined #openstack-keystone09:06
*** thorst has quit IRC09:06
*** andreaf has joined #openstack-keystone09:06
*** links has joined #openstack-keystone09:07
*** pooja_jadhav has joined #openstack-keystone09:08
*** eandersson has joined #openstack-keystone09:08
*** david-lyle has quit IRC09:11
*** david-lyle has joined #openstack-keystone09:12
*** jaosorior is now known as jaosorior_lunch09:19
*** cristicalin has joined #openstack-keystone09:22
*** masber has quit IRC09:23
*** Shunli has quit IRC09:32
*** andreykurilin has quit IRC09:32
*** shuyingya has quit IRC09:48
*** shuyingya has joined #openstack-keystone09:49
*** cristicalin has quit IRC09:52
*** aselius has quit IRC09:54
*** mvk has quit IRC09:55
*** dikonoor has joined #openstack-keystone09:56
*** nicolasbock has joined #openstack-keystone09:56
*** liujiong has quit IRC10:02
*** flwang has joined #openstack-keystone10:02
*** mvk has joined #openstack-keystone10:10
*** dikonoor has quit IRC10:13
*** dikonoor has joined #openstack-keystone10:14
*** links has quit IRC10:16
*** piliman974 has quit IRC10:17
*** piliman974 has joined #openstack-keystone10:19
*** nicolasbock has quit IRC10:27
*** nicolasbock has joined #openstack-keystone10:27
*** nicolasbock has quit IRC10:28
*** nicolasbock has joined #openstack-keystone10:28
*** hawk_ has quit IRC10:35
*** yk1 has joined #openstack-keystone10:36
*** piliman974 has quit IRC10:36
*** namnh has quit IRC10:36
*** links has joined #openstack-keystone10:36
*** adriant has quit IRC10:40
*** jaosorior_lunch is now known as jaosorior10:41
*** hungpv_ has quit IRC10:47
*** piliman974 has joined #openstack-keystone10:50
*** yk1 has quit IRC10:55
*** thorst has joined #openstack-keystone11:04
*** cristicalin has joined #openstack-keystone11:06
*** thorst has quit IRC11:08
*** raildo has joined #openstack-keystone11:11
*** dave-mccowan has joined #openstack-keystone11:12
*** xuhaigang has quit IRC11:16
*** xuhaigang has joined #openstack-keystone11:19
*** yunus has joined #openstack-keystone11:26
*** thorst has joined #openstack-keystone11:30
yunusHi all, I try to configure Ldap on keystone according to the documentation. Ldapsearch command works. How to check that it is working? When I run openstack user list, it gives an error. After removing driver = ldap from keystone.conf. openstack user list works.11:33
yunusldapsearch -x -LLL -h X.X.X.X -D cn=admin,dc=ldap,dc=example,dc=org -w XXXX -b dc=ldap,dc=example,dc=org => works but after configuring keystone.conf openstack user list not working11:35
yunus[ldap] url = ldap://X.X.X.X user = cn=admin,dc=ldap,dc=example,dc=org password = XXXX suffix = dc=ldap,dc=example,dc=org11:36
yunususer_tree_dn = ou=People,dc=ldap,dc=example,dc=org user_objectclass = organizationalUnit group_tree_dn = Groups,dc=ldap,dc=example,dc=org group_objectclass = organizationalUnit11:36
cmurphyyunus: the keystone logs should give you a clue about what went wrong, and setting insecure_debug = true in keystone.conf will give even more information11:37
yunusthanks for helping. Actually i am wondering that my keystone.conf's user field is correct or not? Because it is somehow unclear that what is expected?11:41
yunus[ldap] url = ldap://X.X.X.X user = cn=admin,dc=ldap,dc=example,dc=org11:42
*** piliman974 has quit IRC11:45
*** piliman974 has joined #openstack-keystone11:47
openstackgerritrocky proposed openstack/keystone master: Add role test to test_consume_trust_once in test_v3_auth.py  https://review.openstack.org/46944411:47
cmurphyyunus: I think it's the user used to bind to the ldap server, so if it works with ldapsearch -D then i think it's probably right11:49
*** andreykurilin has joined #openstack-keystone11:51
yunus2017-05-31 11:39:08.534789 2017-05-31 11:39:08.534 6707 WARNING keystone.auth.plugins.core [req-xxxx - - - - -] Could not find user: admin11:53
yunus2017-05-31 11:39:08.535920 2017-05-31 11:39:08.535 6707 WARNING keystone.common.wsgi [req-xxxx - - - - -] Authorization failed. Could not find user: admin (Disable insecure_debug mode to suppress these det$11:54
*** frontrunner has joined #openstack-keystone12:00
*** edmondsw has joined #openstack-keystone12:02
*** chlong has quit IRC12:03
*** links has quit IRC12:11
samueldmqmorning keystone!12:12
cmurphymorning samueldmq12:12
samueldmqcmurphy: o/12:14
samueldmqI am not able to run our tests locally12:31
samueldmqI am getting http://paste.openstack.org/show/611083/ on almost all tests12:32
samueldmqClean Python 3.5 venv on a macOS12:33
samueldmqHas anybody seen that before?12:33
*** shuyingya has quit IRC12:39
lamtsamueldmq yeah - keystone unittest doesn't work on macOS because macOS ships with an outdated OpenLDAP library12:54
lamtsamueldmq I did get it to work by rebuilding pyldap with newer library12:55
samueldmqlamt: is that a system dependency or a Python one?12:56
samueldmqlamt: I guess it is a system dependency, if it was Python should be fine since I am using a venv12:56
lamtsamueldmq it is a system one - lemme find a blog I was reading the other day12:57
lamtsamueldmq #link https://keathmilligan.net/python-ldap-and-macos/12:57
lamtsamueldmq I built a wheel based on that blog and just pip install into my tox venv - that works for me12:59
yunusldapsearch -x -LLL -h X.X.X.X -D cn=admin,dc=ldap,dc=example,dc=org -w XXXX -b dc=ldap,dc=example,dc=org => works but after configuring keystone.conf openstack user list not working13:00
yunus[ldap] url = ldap://X.X.X.X user = cn=admin,dc=ldap,dc=example,dc=org password = XXXX suffix = dc=ldap,dc=example,dc=org13:00
yunususer_tree_dn = ou=People,dc=ldap,dc=example,dc=org user_objectclass = organizationalUnit group_tree_dn = Groups,dc=ldap,dc=example,dc=org group_objectclass = organizationalUnit13:00
yunusWARNING keystone.auth.plugins.core [req-xxxx - - - - -] Could not find user: admin13:00
yunusWARNING keystone.common.wsgi [req-xxxx - - - - -] Authorization failed. Could not find user: admin (Disable insecure_debug mode to suppress these det$13:00
samueldmqlamt: interesting, why doesn't just updating the system openldap get it working?13:00
samueldmqlamt: or is the version it updates different from the version the wheel was built with13:01
samueldmqor that does not make sense at all13:01
samueldmq:-)13:02
lamtsamueldmq it should, but homebrew won't let you override the osx library - I didn't try too hard to override the system libs13:02
samueldmqlamt: ah got it13:03
samueldmqlamt: I will try that out, thanks!13:03
cmurphyyunus: well it looks like it couldn't find the user?13:04
lamtsamueldmq np, feels hacky and I wish Apple would just update their ldap library :(13:04
cmurphyyunus: are you using domain specific configs? https://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers if not, are you trying to authenticate with the old non-ldap admin user's credentials?13:05
*** cristicalin has quit IRC13:07
*** lucasxu has joined #openstack-keystone13:11
*** lifeless has quit IRC13:15
yunusnope i am not using domain specific configs13:17
yunusprobably it tries to authenticate with admin_openrc.sh credentials13:17
*** mugsie has quit IRC13:27
prashkreayoung: Hi. could you please review backport to stable/ocata https://review.openstack.org/#/c/469299/13:30
*** chlong has joined #openstack-keystone13:30
*** shuyingya has joined #openstack-keystone13:30
*** lifeless has joined #openstack-keystone13:33
prashkrelbragstad: Hi. could you please take a look at https://review.openstack.org/#/c/469299/, this is a backport to stable/ocata from https://review.openstack.org/#/c/468103/ with few changes to fix UT.13:34
*** shuyingya has quit IRC13:34
*** prashkre has quit IRC13:40
*** zhurong has joined #openstack-keystone13:42
*** cristicalin has joined #openstack-keystone13:43
*** chlong has quit IRC13:43
*** piliman974 has quit IRC13:43
*** piliman974 has joined #openstack-keystone13:45
*** chlong has joined #openstack-keystone13:46
*** tobberyd_ has joined #openstack-keystone13:55
*** tobberydberg has quit IRC13:58
*** jefrite has quit IRC14:02
*** Drankis has quit IRC14:11
*** aselius has joined #openstack-keystone14:13
*** dikonoor has quit IRC14:27
openstackgerritSamriddhi proposed openstack/keystone master: Added keystone admin guides to documentation  https://review.openstack.org/46951514:34
*** zhurong has quit IRC14:35
*** cristicalin has quit IRC14:49
*** agrebennikov has joined #openstack-keystone14:54
*** flwang has quit IRC14:56
*** arahal_ has joined #openstack-keystone14:59
*** ducttape_ has quit IRC15:04
*** hoonetorg has quit IRC15:04
*** ducttape_ has joined #openstack-keystone15:05
*** shuyingya has joined #openstack-keystone15:05
*** gyee has joined #openstack-keystone15:09
*** prashkre has joined #openstack-keystone15:14
*** hoonetorg has joined #openstack-keystone15:17
*** mvk has quit IRC15:19
*** tobberyd_ has quit IRC15:21
knikollao/15:21
lbragstado/15:26
prashkrelbragstad: on you comment at https://review.openstack.org/#/c/469299/3/keystone/tests/unit/default_fixtures.py, we don't have a common role_id matching in both master and ocata.15:37
prashkrelbragstad: why do we need a change in master because we already have MEMBER_ROLE_ID in master but doesn't exits in ocata.15:37
lbragstadprashkre: so a patch went into master to change that, can it be backported to ocata?15:38
lbragstadprashkre: the reviewers on that patch were looking for a way to not have a delta between ocata and master as far as the back port is concerns15:38
lbragstadconcerned*15:38
edmondswlbragstad I don't know that I'm super concerned... if you're fine with the current backport patch then I would be15:41
edmondswI don't think it should really be a big deal, but just wanted to point out what I saw there and see what you thought15:41
lbragstadi don't expect much to change in that area for ocata15:41
lbragstadi'll take another look15:42
lbragstadi'm preparing for the policy meeting15:42
lbragstadbut i can take another look at the backport right afterwords15:42
*** piliman974 has quit IRC15:42
*** piliman974 has joined #openstack-keystone15:43
*** nhelgeson has joined #openstack-keystone15:54
prashkrelbragstad: edmondsw: I don't think detla between ocata and master affects other tests in ocata because roles in default_fixtures.py serve has lookup of existing roles to validate against them. To keep the test(test_list_role_assignments_group_not_found) same in both master and ocata, I would say this change is needed in ocata because we don't have common role_id to make use of it in in master and ocata.15:56
*** aojea has quit IRC15:59
*** david-lyle has quit IRC16:06
*** rcernin has quit IRC16:07
*** tesseract has quit IRC16:08
*** david-lyle has joined #openstack-keystone16:14
*** shuyingya has quit IRC16:21
*** piliman974 has quit IRC16:28
*** rcernin has joined #openstack-keystone16:46
*** mvk has joined #openstack-keystone16:49
*** pcaruana has quit IRC16:50
*** dikonoor has joined #openstack-keystone17:00
knikollalunch break, back in 1 hr.17:05
edmondswknikolla I added my comments in https://review.openstack.org/#/c/45697417:07
edmondswlbragstad also added you as a reviewer there17:07
lbragstadknikolla: edmondsw awesome - i have it in my queue for this afternoon after I get my comments posted on the rbac in middleware approach17:08
*** rmascena has joined #openstack-keystone17:09
*** raildo has quit IRC17:11
samueldmqedmondsw: lbragstad: would appreciate your review on https://review.openstack.org/#/c/466066/17:25
samueldmqjust compare what it is building against https://docs.openstack.org/developer/keystone/17:26
samueldmqL27 in https://review.openstack.org/#/c/466066/7/doc/source/index.rst contains my main concern17:26
samueldmqso you can look directly at that if you want, other than that the new theme looks great17:27
*** aojea has joined #openstack-keystone17:29
*** MasterOfBugs has joined #openstack-keystone17:38
*** jaosorior is now known as jaosorior_away17:44
edmondswsamueldmq yeah, I think I would echo that concern. Is there a way to see what this will actually look like?17:48
edmondsw(before it merges)17:48
samueldmqedmondsw: just click on the docs-gate17:48
edmondswsamueldmq there it is... I knew I'd done this once before...17:49
samueldmq:)17:50
*** aojea has quit IRC17:50
*** aojea has joined #openstack-keystone17:51
*** aojea has quit IRC17:55
*** aojea has joined #openstack-keystone17:57
*** nicolasbock has quit IRC17:58
*** aojea has quit IRC18:03
*** prashkre has quit IRC18:04
*** chlong has quit IRC18:05
*** ducttape_ has quit IRC18:06
*** ducttape_ has joined #openstack-keystone18:12
eanderssonIf you have multiple groups, and the groups has different permissions18:14
eanderssondoes keystone combine the groups?18:14
eanderssone.g. if group1 has _member_ and group2 has heat_stack_owner, does the user have _member_ and heat_stack_owner?18:15
samueldmqeandersson: yes18:16
*** prashkre has joined #openstack-keystone18:16
samueldmqeandersson: if that user is in both of those groups, yes18:16
eanderssonthanks samueldmq!18:16
samueldmqeandersson: anytime18:17
*** aojea has joined #openstack-keystone18:18
cmurphylbragstad: when you have time, could you sign off on https://review.openstack.org/#/c/468954/ and https://review.openstack.org/#/c/468943/ for me?18:19
*** chlong has joined #openstack-keystone18:22
*** aojea has quit IRC18:22
*** prashkre has quit IRC18:30
*** ayoung has quit IRC18:42
*** tobberydberg has joined #openstack-keystone18:43
edmondswsamueldmq I added my comments to the docs rework18:45
lbragstadcmurphy: yep - i can do that18:46
samueldmqedmondsw: thanks!18:47
edmondswnp18:47
edmondswdidn't take as much thought as these policy things :)18:47
*** tobberydberg has quit IRC18:48
*** dikonoor has quit IRC18:50
*** nhelgeson has quit IRC18:54
*** tobberydberg has joined #openstack-keystone18:59
*** tobberydberg has quit IRC19:03
*** lucasxu has quit IRC19:13
lbragstadmorgan: quick stable review for you if you're interested https://review.openstack.org/#/c/469299/319:21
lbragstadmordred: it's a new one (not the stable/newton one you reviewed recently)19:22
*** makoto_ has joined #openstack-keystone19:23
lbragstadmordred: sorry - i hit a rogue tab there19:24
lbragstadcmurphy: done19:24
cmurphylbragstad: ty19:24
lbragstadcmurphy: thank you for taking the initiative19:26
cmurphylbragstad: no problem19:27
*** aojea has joined #openstack-keystone19:28
makoto_Hello, at OpenStack Summit in Boston, ayoung mentioned somebody developed Ansible playbook to setup keystone+Federation+Kerberos. Has anybody got one? Thank you19:33
lbragstadmakoto_: that's a good question - i'm not sure where that lives though19:34
lbragstadmakoto_: i know the openstack-ansible team has keystone playbooks for federation19:34
lbragstadmakoto_: i'm not sure what the kerberos support is like though19:34
*** pcaruana has joined #openstack-keystone19:45
*** pcaruana has quit IRC20:02
edmondswlbragstad can you do kerberos and federation at the same time? I thought it had to be one or the other20:02
lbragstadedmondsw: yeah - that's why i'm curious to know where that lives20:03
edmondswlbragstad makoto_ https://specs.openstack.org/openstack/openstack-ansible-specs/specs/kilo/keystone-federation.html20:05
lbragstad"Later options to extend support to would include the saml-based Apache mod_auth_mellon, the OpenID-based Apache mod_auth_openidc, the kerberos-based Apache mod_auth_kerb/mod_auth_identity."20:06
edmondswright20:06
lbragstadsomeone in #openstack-ansible might know20:06
edmondswI didn't see a newer spec that, from it's title, would seem to have extended the kilo one20:07
lbragstadthey've had support for setting up keystone federation with ansible for a while20:07
*** lucasxu has joined #openstack-keystone20:20
*** rcernin has quit IRC20:21
*** lucasxu has quit IRC20:21
*** rcernin has joined #openstack-keystone20:22
*** prashkre has joined #openstack-keystone20:23
*** rcernin has quit IRC20:42
*** rmascena has quit IRC20:45
*** prashkre has quit IRC20:48
*** ayoung has joined #openstack-keystone20:52
*** chlong has quit IRC20:53
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Specification for global roles  https://review.openstack.org/46476320:59
*** chlong has joined #openstack-keystone21:05
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Specification for global roles  https://review.openstack.org/46476321:06
lbragstadsamueldmq: thanks for the suggestions on the spec21:08
*** pcaruana has joined #openstack-keystone21:12
*** aojea has quit IRC21:13
*** thorst has quit IRC21:17
flwang2lbragstad: hello21:18
openstackgerritMerged openstack/keystone master: Change url scheme passed to oauth signature verifier  https://review.openstack.org/46457721:18
flwang2lbragstad: i have some questions about the service token, could you tell me who is the right person i can ask? thanks21:18
*** harlowja has quit IRC21:21
*** pcaruana has quit IRC21:29
samueldmqlbragstad: sure21:38
samueldmqlbragstad: glad to help21:38
*** ayoung has quit IRC21:39
*** tobberydberg has joined #openstack-keystone21:40
*** tobberydberg has quit IRC21:45
*** xuhaigang has quit IRC21:51
*** xuhaigang has joined #openstack-keystone21:52
*** esp has joined #openstack-keystone21:55
*** thorst has joined #openstack-keystone21:56
*** edmondsw has quit IRC22:01
*** edmondsw has joined #openstack-keystone22:01
*** shuyingya has joined #openstack-keystone22:02
makoto_Got it, thank you lbragstad and edmondsw22:02
*** edmondsw_ has joined #openstack-keystone22:03
*** edmondsw has quit IRC22:05
*** harlowja has joined #openstack-keystone22:06
*** shuyingya has quit IRC22:07
*** edmondsw_ has quit IRC22:07
lbragstadflwang2: sure - feel free to ask your questions here22:12
*** esp has quit IRC22:14
*** esp has joined #openstack-keystone22:15
lbragstadflwang2: jamielennox|away was one of the people who implemented it22:27
morganflwang2: most of us can answer though22:27
lbragstadbut several people here are familiar with it22:27
morgansince most of us reviewed a chunk of it22:27
morgan;)22:27
*** edmondsw has joined #openstack-keystone22:31
*** edmondsw has quit IRC22:35
*** jose-phi_ has quit IRC22:42
*** jose-phillips has joined #openstack-keystone22:50
*** esp has quit IRC22:57
*** esp has joined #openstack-keystone22:59
*** chlong has quit IRC23:00
*** MasterOfBugs has quit IRC23:07
*** adriant has joined #openstack-keystone23:08
*** thorst has quit IRC23:09
*** agrebennikov has quit IRC23:09
*** ducttape_ has quit IRC23:15
*** nicolasbock has joined #openstack-keystone23:16
*** thorst has joined #openstack-keystone23:20
*** tobberydberg has joined #openstack-keystone23:29
*** tobberydberg has quit IRC23:33
*** tobberydberg has joined #openstack-keystone23:45
*** masber has joined #openstack-keystone23:46
*** tobberydberg has quit IRC23:49
« Tuesday, 2017-05-30 Index Thursday, 2017-06-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!