Monday, 2017-07-31

« Sunday, 2017-07-30 Index Tuesday, 2017-08-01 »
*** masber has joined #openstack-keystone00:05
*** dave-mcc_ has joined #openstack-keystone00:05
*** dave-mccowan has quit IRC00:07
*** markvoelker has quit IRC00:10
*** phalmos has quit IRC00:18
*** phalmos has joined #openstack-keystone00:26
*** markvoelker has joined #openstack-keystone00:34
*** zhurong has joined #openstack-keystone00:44
*** Shunli has joined #openstack-keystone00:50
*** lwanderley has quit IRC00:52
*** deep-book-gk has joined #openstack-keystone00:58
*** phalmos has quit IRC00:59
*** deep-book-gk has left #openstack-keystone01:00
*** ducttape_ has joined #openstack-keystone01:04
*** phalmos has joined #openstack-keystone01:07
*** ducttape_ has quit IRC01:08
*** namnh has joined #openstack-keystone01:27
*** edmondsw has joined #openstack-keystone01:36
*** thorst has joined #openstack-keystone01:37
*** edmondsw has quit IRC01:40
*** thorst has quit IRC01:41
*** ducttape_ has joined #openstack-keystone01:51
*** ducttape_ has quit IRC01:56
*** thorst has joined #openstack-keystone02:42
*** thorst has quit IRC02:47
*** edmondsw has joined #openstack-keystone03:24
*** edmondsw has quit IRC03:28
*** aojea has joined #openstack-keystone03:34
*** aojea has quit IRC03:38
*** thorst has joined #openstack-keystone03:43
*** thorst has quit IRC03:48
*** ducttape_ has joined #openstack-keystone03:52
*** ducttape_ has quit IRC03:56
*** junbo has joined #openstack-keystone04:07
*** Dinesh_Bhor has joined #openstack-keystone04:43
*** aojea has joined #openstack-keystone05:08
*** GK1wmSU has joined #openstack-keystone05:21
*** GK1wmSU has left #openstack-keystone05:23
*** zhurong has quit IRC05:29
*** kornicameister has joined #openstack-keystone05:32
*** _GK1wmSU has joined #openstack-keystone05:34
*** _GK1wmSU has left #openstack-keystone05:36
*** thorst has joined #openstack-keystone05:44
*** aojea has quit IRC05:47
*** aojea has joined #openstack-keystone05:48
*** thorst has quit IRC05:49
*** aojea has quit IRC05:52
*** aojea has joined #openstack-keystone05:52
*** ducttape_ has joined #openstack-keystone05:53
*** markvoelker has quit IRC05:54
*** ducttape_ has quit IRC05:58
*** rcernin has joined #openstack-keystone06:11
*** pcaruana has joined #openstack-keystone06:19
*** tobberydberg has joined #openstack-keystone06:26
*** zsli_ has joined #openstack-keystone06:40
*** Shunli has quit IRC06:43
*** zhurong has joined #openstack-keystone06:47
*** edmondsw has joined #openstack-keystone06:59
*** edmondsw has quit IRC07:04
*** jaosorior has joined #openstack-keystone07:04
*** phalmos has quit IRC07:37
*** thorst has joined #openstack-keystone07:45
*** thorst has quit IRC07:50
*** josecastroleon has joined #openstack-keystone07:54
*** markvoelker has joined #openstack-keystone07:55
*** ducttape_ has joined #openstack-keystone07:56
*** aloga has quit IRC07:57
*** aloga has joined #openstack-keystone07:57
*** josecastroleon has quit IRC08:00
*** josecastroleon has joined #openstack-keystone08:00
*** ducttape_ has quit IRC08:00
*** ioggstream has joined #openstack-keystone08:25
*** markvoelker has quit IRC08:28
*** zhurong has quit IRC08:41
*** edmondsw has joined #openstack-keystone08:48
*** edmondsw has quit IRC08:53
*** aloga_ has joined #openstack-keystone09:04
*** aloga_ has quit IRC09:05
*** aloga_ has joined #openstack-keystone09:06
*** bhagyashris has joined #openstack-keystone09:07
*** markvoelker has joined #openstack-keystone09:25
*** zsli_ has quit IRC09:31
*** nicolasbock has joined #openstack-keystone09:35
*** zhurong has joined #openstack-keystone09:37
*** thorst has joined #openstack-keystone09:46
*** aloga_ has quit IRC09:49
*** ducttape_ has joined #openstack-keystone09:57
kairatlbragstad, may i ask you about fernet rotation?09:58
*** thorst has quit IRC09:58
*** markvoelker has quit IRC09:59
kairatbut i am suprised how that  could not have been detected before, so maybe i miss something10:00
*** ducttape_ has quit IRC10:01
kairatdo we have fernet experienced dev here?10:13
*** namnh has quit IRC10:17
cmurphykairat: best to ask your question and then wait, it's hard to volunteer to help when we don't know the context10:29
cmurphykairat: also most of the people who know fernet are in americas timezones so you might have to wait a bit10:29
kairatcmurphy, ok, got it10:29
kairatthanks!10:29
kairatso i have stable/ocata and i have got file not found error when rotated fernet tokens10:30
kairathttp://paste.openstack.org/show/616990/10:31
kairati noticed keystone must create new fernet token with name 0.tmp10:31
kairathttps://github.com/openstack/keystone/blob/master/keystone/common/fernet_utils.py#L13310:33
kairatand i noticed keystone is trying to find key 0 when doint rotate  https://github.com/openstack/keystone/blob/master/keystone/common/fernet_utils.py#L23710:35
kairati suspect there might be the bug10:35
kairatthe thing confuses me is that my env worked several weeks without any troubles10:36
kairatwith expiration =360010:36
*** edmondsw has joined #openstack-keystone10:36
*** jaosorior has quit IRC10:39
*** zhurong has quit IRC10:40
*** edmondsw has quit IRC10:41
cmurphykairat: did you delete key 0? the staged key is always named 010:46
cmurphykairat: you can recreate it with `keystone-manage fernet_setup`10:46
kairatcmurphy, i suspect 0 key was deleted during rotation10:47
kairatif i understand the code correctly first rotation should be successfull10:48
cmurphykairat: it will get promoted to the new primary key and then another staged key named 0 is created https://github.com/openstack/keystone/blob/master/keystone/common/fernet_utils.py#L24810:49
kairatbecause 0 file exist in fernet key folder10:49
*** jaosorior has joined #openstack-keystone10:50
*** zhurong has joined #openstack-keystone10:52
kairatcmurphy, ah, it seems I got this, thanks for clarification!10:53
*** markvoelker has joined #openstack-keystone10:56
*** aojea has quit IRC11:05
*** jistr is now known as jistr|mtg11:12
*** raildo has joined #openstack-keystone11:12
*** thorst has joined #openstack-keystone11:13
*** lwanderley has joined #openstack-keystone11:23
*** markvoelker has quit IRC11:28
*** jistr|mtg is now known as jistr11:39
*** aloga_ has joined #openstack-keystone11:41
*** thorst has quit IRC11:43
*** lwanderley has quit IRC11:54
*** lwanderley has joined #openstack-keystone11:54
*** ducttape_ has joined #openstack-keystone11:58
*** ducttape_ has quit IRC12:02
*** ducttape_ has joined #openstack-keystone12:02
*** edmondsw has joined #openstack-keystone12:06
*** edmondsw has quit IRC12:13
*** phalmos has joined #openstack-keystone12:14
*** ducttape_ has quit IRC12:15
*** ducttape_ has joined #openstack-keystone12:15
*** cristicalin has joined #openstack-keystone12:16
bhagyashrismordred: Hi,12:19
*** lwanderley has quit IRC12:20
*** ducttape_ has quit IRC12:25
*** markvoelker has joined #openstack-keystone12:26
*** catintheroof has joined #openstack-keystone12:29
*** markvoelker has quit IRC12:30
*** markvoelker has joined #openstack-keystone12:30
*** lwanderley has joined #openstack-keystone12:32
*** lwanderley has quit IRC12:34
*** lwanderley has joined #openstack-keystone12:36
*** phalmos has quit IRC12:38
*** lwanderley has quit IRC12:47
*** ducttape_ has joined #openstack-keystone12:50
*** ducttape_ has quit IRC12:52
*** thorst has joined #openstack-keystone13:00
openstackgerritPavlo Shchelokovskyy proposed openstack/keystoneauth master: Fix exception message in adapter loading  https://review.openstack.org/48921013:00
*** zhurong has quit IRC13:00
*** lucasxu has joined #openstack-keystone13:02
*** edmondsw has joined #openstack-keystone13:13
*** rmascena has joined #openstack-keystone13:13
*** raildo has quit IRC13:16
*** ducttape_ has joined #openstack-keystone13:16
*** aloga_ has quit IRC13:18
*** edmondsw has quit IRC13:22
*** edmondsw has joined #openstack-keystone13:22
*** tobberyd_ has joined #openstack-keystone13:28
*** josecastroleon has quit IRC13:29
*** tobberydberg has quit IRC13:32
*** ducttape_ has quit IRC13:32
*** tobberyd_ has quit IRC13:32
*** Adri2000 has quit IRC13:35
*** josecastroleon has joined #openstack-keystone13:38
lbragstado/13:42
cmurphy\o13:42
*** Adri2000 has joined #openstack-keystone13:44
*** kbaegis has joined #openstack-keystone13:50
kbaegisHey guys. How do I export a keystone v3 token for later use in curl commands?13:51
kbaegisusing it specifically for heat::softwaredeploy13:51
lbragstadkbaegis: in v3 - the token is in the header13:51
kbaegislbragstad: Is there an example? I keep finding examples for v213:52
lbragstadif you're using curl - make sure you tell it to print out the headers of the response13:52
lbragstadcurl -si13:52
lbragstadactually - curl -i13:52
lbragstadshould print out the headers for you13:52
kbaegislbragstad: What I really need is to request a token, output it to file or environment, and then make a call against heat13:54
lbragstadoh - i thought you were only asking about how to get the token out of the headers13:54
kbaegisAll of heats example files are outdated using v2 for keystone13:54
kbaegis(and clearly not maintained)13:55
lbragstadyou can start by using the v3 endpoint (v3/auth/tokens)13:55
lbragstadto authenticate and validate tokens13:55
lbragstadi'll grab an example request13:55
lbragstadhttps://developer.openstack.org/api-ref/identity/v3/index.html#authentication-and-token-management13:55
kbaegistyvm13:55
lbragstadthat link has a few different examples of how to get a token (via username/password or another token)13:56
kbaegisYeah, I wish heat had a good tool for doing notifications, but if they exist then they're not documented13:56
kbaegisI just need to do a curl to a url to let it know that swdeploy is done13:56
*** cristicalin has quit IRC13:57
*** ducttape_ has joined #openstack-keystone13:58
*** ducttap__ has joined #openstack-keystone14:02
*** ducttape_ has quit IRC14:06
kbaegislbragstad: So I've got the json portion of the request typed up with username, password, etc. Is there a convenient way to pass this to curl?14:09
lbragstadkbaegis: use -d14:10
lbragstadkbaegis: let me grab you another example14:10
lbragstadkbaegis: https://docs.openstack.org/keystone/latest/api_curl_examples.html#v3-api-examples-using-curl14:11
lbragstadyou can also put the request body in a .json file14:11
lbragstadand reference is using `-d @authenticate-request-body.json`14:11
lbragstadwhich cuts down on having to write json across multiple lines14:12
lbragstadin a single command14:12
kbaegisnice. That's working14:15
samueldmqmorning keystone14:17
gagehugosamueldmq o/14:21
kbaegisWhat's the v3 equivalent of {access{token{id}}}?14:25
kbaegisThe heat script here is horribly outdated. This is what I'm trying to use though: https://github.com/openstack/heat-templates/blob/master/hot/software-config/example-templates/cirros-example/init.d/heat-deploy-hook#L814:27
*** openstackgerrit has quit IRC14:33
lbragstadkbaegis: the token will be in the X-Subject-Token header of the response14:37
kbaegislbragstad: I'm looking at the token. I can't parse the appropriate ID field though14:38
kbaegisI don't know what it is14:38
kbaegislbragstad: Or- wait, is the giant json blob with the roles, project ids, etc not the token?14:39
kbaegis<— not using fernet *hangs head in shame*14:39
lbragstadkb14:40
lbragstadkbaegis: when you authenticate to keystone - you're going to get back a token authentcation response14:40
lbragstadwhich contains stuff about the deployment (like the service catalog), the project you've scoped to, the roles you have on the project, information about your user, etc..14:41
lbragstadall of that stuff is in the response body14:41
lbragstadwhich is probably what you're looking at14:41
lbragstadin v2.0 - the token ID was also relaying in the response body14:41
lbragstadin v3 - the token ID was moved to the headers of the request and the response to improve security14:42
lbragstadso - when you authenticate for a v3 token - you're going to get all the information in the response body - but for the token ID itself, you need to look in the X-Subject-Token header14:43
lbragstadwhich is where the `curl -i` part comes in because that tells curl to print the headers of the response14:43
kbaegisOh!14:44
kbaegisI need the X-Subject-Token:14:44
kbaegisgot it. tyvm14:44
lbragstadif you're using a library, like python requests, you can check the headers directly like you would a dictionary14:44
*** aojea has joined #openstack-keystone14:44
lbragstadtoken = response.headers.get('X-Subject-Token')14:44
*** ducttape_ has joined #openstack-keystone14:44
lbragstadif `response` is a response object from the request library14:45
*** ducttap__ has quit IRC14:48
*** ducttap__ has joined #openstack-keystone14:49
*** ducttape_ has quit IRC14:53
*** zeus has joined #openstack-keystone14:53
*** zeus is now known as Guest7550714:54
*** Guest75507 is now known as zeus`14:55
*** zeus` is now known as zeus14:57
*** zeus has quit IRC14:57
*** zeus has joined #openstack-keystone14:57
*** josecastroleon has quit IRC15:00
*** rcernin has quit IRC15:03
*** pcaruana has quit IRC15:04
*** _d34dh0r53_ has quit IRC15:14
*** eglute has quit IRC15:14
*** cloudnull has quit IRC15:14
*** cloudnull has joined #openstack-keystone15:15
*** d34dh0r53 has joined #openstack-keystone15:16
*** eglute has joined #openstack-keystone15:16
*** otleimat has joined #openstack-keystone15:25
*** lucasxu has quit IRC15:26
*** aselius has joined #openstack-keystone15:30
*** jmlowe has quit IRC15:37
*** ducttape_ has joined #openstack-keystone15:50
*** ducttap__ has quit IRC15:54
*** gyee has joined #openstack-keystone15:54
*** ducttap__ has joined #openstack-keystone16:01
kbaegislbragstad: How do I reference the token in another curl?16:04
*** ducttape_ has quit IRC16:04
kbaegisnevermind I think I know :)16:05
lbragstadkbaegis: if you're just using the command line - you can save it off into an env16:07
lbragstadand then reference it later16:07
*** lucasxu has joined #openstack-keystone16:10
kbaegislbragstad: I have the output from my successful token request16:12
kbaegisBut this is failing: https://hastebin.com/uzadejinis.scala16:13
kbaegisprobably about 10 things wrong with it from the heat side.16:14
kbaegisWhat's happening with keystone though?16:14
lbragstadkbaegis: it could be that the token is expired (which you can check by validating the token directly against keystone use GET /v3/auth/tokens and passing the token as the X-Auth-Token and X-Subject-Token)16:15
lbragstador it could be that the user doesn't have the required role to perform that operation you want to do it heat16:15
*** gyee has quit IRC16:21
*** gyee_ has joined #openstack-keystone16:21
*** openstackgerrit has joined #openstack-keystone16:25
openstackgerritLance Bragstad proposed openstack/oslo.policy master: throw an exception when sphinxext cannot find the config file  https://review.openstack.org/48854716:25
*** lwanderley has joined #openstack-keystone16:35
openstackgerritLance Bragstad proposed openstack/keystone master: Remove duplicate sample files  https://review.openstack.org/48860916:36
*** edmondsw has quit IRC16:37
morganzzzzzz16:38
*** mjax has joined #openstack-keystone16:43
*** efried_zzz is now known as efried16:44
lbragstadyeah - it's quiet today16:44
lbragstadbut - it's also monday16:44
*** david-lyle has joined #openstack-keystone16:47
*** markvoelker has quit IRC16:52
*** markvoelker has joined #openstack-keystone16:53
*** esp has joined #openstack-keystone16:59
*** ducttap__ has quit IRC17:00
lbragstadthese two oslo.policy patches would be good to get merged - https://review.openstack.org/#/q/topic:fix-sphinxext-empty-defaults17:02
lbragstadthey are required in order for us to render configuration docs17:02
lbragstadproperly17:02
*** ducttape_ has joined #openstack-keystone17:02
*** lwanderley has quit IRC17:05
*** kbaegis has quit IRC17:06
*** ducttape_ has quit IRC17:07
*** david-lyle has quit IRC17:11
*** david-lyle has joined #openstack-keystone17:13
*** ducttape_ has joined #openstack-keystone17:13
*** kbaegis has joined #openstack-keystone17:23
*** kbaegis has quit IRC17:24
*** kbaegis has joined #openstack-keystone17:26
knikollao.17:26
knikollao/17:26
knikollamonday is hard-to-get-off-bed-day17:26
gagehugoknikolla ++17:33
*** jmlowe has joined #openstack-keystone17:34
*** jmlowe has quit IRC17:39
*** jmlowe has joined #openstack-keystone17:39
efriedmordred yt?17:42
samueldmqlbragstad: for https://review.openstack.org/#/c/48854617:43
samueldmqlbragstad: I assume it is not possible at all to the default rule to be None17:43
*** kbaegis has quit IRC17:43
samueldmqthus it is okay to do "if rule.check_str"17:44
lbragstadsamueldmq: yeah - the issue we were hitting is that it was an empty string17:45
lbragstadand the oslo.policy show-policy directive attemps to wrap whatever the default rule is in literals17:45
samueldmqlbragstad: cool. approved both patches17:45
lbragstadso `` and ``17:45
* samueldmq nods17:45
lbragstadwhich ended up being ```` which the rst parser things is a underline or overline section17:45
samueldmqlbragstad: we've released Pike last Friday, correct?17:58
lbragstadyes - pike-317:58
*** kbaegis has joined #openstack-keystone18:01
samueldmqlbragstad: https://review.openstack.org/#/q/status:open+(project:openstack/python-keystoneclient+OR+project:openstack/keystoneauth+OR+project:openstack/keystonemiddleware)+branch:stable/pike18:02
samueldmqlbragstad: not sure what happened to ksc which got a -118:03
samueldmqI was investigating to see if the stable/pike hadn't been created for that project, but it does https://github.com/openstack/python-keystoneclient/tree/stable/pike18:04
lbragstadhttp://logs.openstack.org/81/488781/1/check/gate-keystoneclient-dsvm-functional-ubuntu-xenial/1c40558/console.html.gz#_2017-07-28_21_41_10_10612518:05
lbragstadyeah - we released that already18:05
lbragstadhttps://review.openstack.org/#/c/488413/18:05
*** kbaegis has quit IRC18:06
*** kbaegis has joined #openstack-keystone18:07
samueldmqlbragstad: yeah, that is weird, like it was trying to fetch the URL with the branch specified and got an unexpected http response18:10
samueldmqI left a recheck to see what happens18:10
*** harlowja has joined #openstack-keystone18:11
morganefried: i am going to guess that is a resounding "no" (probably a sleep-deprived/not-in-our-timezone one at that)18:12
efriedmorgan Yuh.  Trying to figure out how the service catalog gets populated.18:13
morganin shade18:13
morganor in keystone18:13
morganor in ksa?18:13
efriedksa.18:14
efriedmorgan More specifically: In nova, I'm trying to get the glance endpoint from the service catalog rather than the [glance]api_servers conf var.18:14
efriedrather, trying to get the glance endpoint via Adapter.get_endpoint_data, which I gather ought to be going to the service catalog, or to some discovery URL.18:16
morganahhh18:18
morganhmmm.18:19
morganit should, i think18:19
morgani'd need to look at how nova does that18:19
morganand what you're doing.18:19
morganso, we can match it up18:19
morganbut... in theory, you're right.18:20
morganit should be .get_endpoint_data iirc18:20
efriedmorgan Well, I'm writing the nova code right now (https://review.openstack.org/488137).  Heretofore, [glance]api_servers was required.18:24
efriedSo yeah, not sure if nova is actually populating the service catalog, or if there's a discovery URL available for glance - cause I don't know how that would happen normally.18:25
openstackgerritprashkre proposed openstack/keystone master: Filter users and groups in ldap  https://review.openstack.org/48530218:26
morganapi_servers.append(utils.get_endpoint_data('glance').url)18:28
morganshouldn't that be "image"18:28
morgannot "glance"18:28
morgan?18:28
morganefried: ^18:28
morgansince iirc service_type != name.18:29
morgane.g. nova would be compute18:29
morganefried: i can dig a bit further when i'm not on the phone.18:30
openstackgerritLance Bragstad proposed openstack/keystone master: WIP add version data to the controllers  https://review.openstack.org/48929718:35
lbragstadgagehugo: ^ more tinkering with the version header stuff18:36
lbragstadgagehugo: that's a little more evolved than the first time i took a stab at it18:36
lbragstadinstead - we should try and tack the version information on to the controllers instead of having to run into possible circular import issues18:37
*** aojea has quit IRC18:42
*** aojea has joined #openstack-keystone18:42
*** aojea has quit IRC18:47
efriedmorgan Yeah, sdague had a similar comment.  But nova.utils.get_endpoint_data != keystoneauth1.adapter.Adapter.get_endpoint_data.  The former accepts a conf group name and looks up the service type based on that.18:53
*** ioggstream has quit IRC18:54
efriedAnd the reason it's important that it be a conf group name is because that conf group is how we set up the Adapter (via ksa loading - load_adapter_from_conf_options).18:54
efriedAnd it's only if that conf group doesn't specify service_type (or endpoint_override) that we try to figure out a reasonable value for the service type.  We do that by assuming the conf group name corresponds to a project name, and looking up that project in service-types-authority (via os-service-types).18:55
*** prashkre has joined #openstack-keystone18:56
*** catintheroof has quit IRC18:59
*** catintheroof has joined #openstack-keystone19:00
*** catintheroof has quit IRC19:00
*** catintheroof has joined #openstack-keystone19:01
gagehugolbragstad cool! I'll ping rarora19:02
openstackgerritMerged openstack/keystonemiddleware master: Update reno for stable/pike  https://review.openstack.org/48864419:08
morganefried: that sounds... awful19:09
openstackgerritMerged openstack/python-keystoneclient master: Update reno for stable/pike  https://review.openstack.org/48878219:10
openstackgerritMerged openstack/oslo.policy master: fix formatting for empty defaults  https://review.openstack.org/48854619:10
openstackgerritMerged openstack/oslo.policy master: throw an exception when sphinxext cannot find the config file  https://review.openstack.org/48854719:11
openstackgerritMerged openstack/keystone master: A simple fix about explicit unscoped string  https://review.openstack.org/47155719:11
efriedmorgan I'm open to suggestions if you can think of a better way.19:17
efriedmordred signed off on the concept19:17
efriedOther consumers are going to be doing similar things.  Most of them will know the service type for sure, but that's really the small part of this.19:18
morganefried: i would honestly double-down on the service type, if you need to map the service-type to the "project" name (for conf reading purposes) that would be something i'd do behind the scenes in the utils code19:23
morganbut thats just me19:23
efriedmorgan service-types-authority already provides that capability.19:23
morganinstead of the other way.19:23
morganyou're asking for "Glance" now19:23
morgani'd ask for "image"19:23
efriedmorgan You're saying I should accept 'image' and map it to 'glance' to find the conf group??19:23
morganyes.19:23
morganthat is what I would do19:24
openstackgerritMerged openstack/keystoneauth master: Update reno for stable/pike  https://review.openstack.org/48864119:24
morganbut i don'19:24
morgant know how doable that is19:24
morgani don't like encoding "project" name anywhere that isn't historical at this point19:24
morgani'd really lean on service types in all code that can support it19:24
morganit means that you're not guessing that image service is always "glance" in the catalog, image (might be glare and 100% glance compatible), which means it might fall through in your lookup to map glance -> something useful19:25
efriedmorgan Doable for glance, because there's only one service type.19:25
*** ducttap__ has joined #openstack-keystone19:25
morgan** glare isn't glance compat atm19:25
morganbut i was using it as an example19:25
efriedMm, I get it.19:25
morganthe concept of what you're doing is right.19:25
morgani think it should be inverted and always lean on stype vs pname19:26
efriedmorgan Thanks for the suggestion.  Got to consider how it would work for e.g. cinder where there's multiple stype aliases.19:26
morgani would probably just do a "look for preferred, then non-preferred"19:27
morgancinder is an example of "special handling" for the most part19:27
efriedmorgan However, the question at hand is still: How does nova populate the service catalog and/or where does the version-data URL come from?19:27
morganmost everyone else is not doing the multiple stype case19:28
morganversion-data is a round-trip to the endpoint itself19:28
morganor apriori knowledge (unlikely in most cases)19:28
*** ducttape_ has quit IRC19:28
morganyou can only get "where is image service" from the catalog (for the most part)19:29
morganyou can't get "where is glance api v 123419:29
efriedmorgan That makes sense.  In a devstack situation, is it e.g. glance itself that sets up its endpoint in the service catalog?19:30
morganno. devstack scripts do19:30
morganglance just runs.19:30
morganit is not a lot different than an operator defining a new endpoint in a real cloud(tm)19:30
*** edmondsw has joined #openstack-keystone19:30
efriedmorgan Okay, that must be what I'm missing then.  Need to find where devstack is doing that.19:30
efriedatm, I'm trying to put up some DNM patches that will validate this setup works end to end when [glance]api_servers is omitted from nova.conf.  I would have expected devstack is setting up the glance endpoint in the service catalog, but maybe it's really not.19:31
*** edmondsw has quit IRC19:32
*** rarora has joined #openstack-keystone19:32
*** edmondsw has joined #openstack-keystone19:32
*** nicolasbock has quit IRC19:33
morgandevstack is setting the endpoint up in the SC19:36
morganbut glance itself is not19:36
openstackgerritMerged openstack/keystone master: Add the step to install apache2 libapache2-mod-wsgi  https://review.openstack.org/48838619:37
openstackgerritMerged openstack/keystone master: Fix the documentation sample for OS-EP-FILTER  https://review.openstack.org/48767619:37
openstackgerritprashkre proposed openstack/keystone master: Filter users and groups in ldap  https://review.openstack.org/48530219:49
*** spilla_ has joined #openstack-keystone19:55
*** ducttape_ has joined #openstack-keystone19:57
*** spilla_ has quit IRC20:00
*** ducttap__ has quit IRC20:00
*** aojea has joined #openstack-keystone20:07
prashkresamueldmq: Hi. could you please review https://review.openstack.org/#/c/485302/ when you get sometime today.20:10
*** jmlowe has quit IRC20:16
openstackgerritMatthew Edmonds proposed openstack/keystonemiddleware master: strip whitespace from token  https://review.openstack.org/48297120:16
morganlbragstad: ping.20:17
lbragstadmorgan: pong20:17
morganlbragstad: looking into something and need a sanity check20:17
lbragstadmorgan: sure20:17
morganif you create an EP in the catalog (v2) with no region...20:17
morganwhat does the catalog look like?20:17
*** prashkre has quit IRC20:17
lbragstadthat's a good question20:17
lbragstadapparently region isn't required for v2 endpoints20:20
morganright20:20
morganbut... i am not seeing how the catalog is rendered in this case20:20
morganis it catalog[None] = [ep, ep, ep, ep] ?20:21
morganerm, catalog[None] = {epid: ep, epid: ep ...}20:21
lbragstadregion isn't required for v3 either - so would that behavior exist with the sql backend, too?20:21
lbragstadhow come the endpoints are encapsulated in a service?20:21
morganyeah. that is what i'm trying to determine...20:21
morganthis is ... so terrible20:22
*** thorst is now known as thorst_afk20:25
*** gyee_ has quit IRC20:26
*** gyee has joined #openstack-keystone20:29
*** gyee has quit IRC20:29
*** gyee has joined #openstack-keystone20:30
efriedmorgan Butbutbut... then what do I do with service_type if it's supplied in the conf?20:42
*** gyee has quit IRC20:53
*** otleimat has quit IRC20:57
*** lucasxu has quit IRC21:02
*** gyee has joined #openstack-keystone21:10
*** catintheroof has quit IRC21:17
morganlbragstad: it looks like region is None in the v2 catalog then?21:20
lbragstadmorgan: looks like it isn't required but shouldn't the endpoint still be associated to a service?21:20
morganright.21:21
morgani think that is required21:21
morganso it looks like https://github.com/openstack/keystone/blob/master/keystone/catalog/backends/sql.py#L32221:22
morganit would be catalog[None][<s_type>] => [interface, interface, interface]21:23
morgan?21:23
morganthat looks ... broken21:23
*** ducttap__ has joined #openstack-keystone21:35
*** ducttape_ has quit IRC21:38
*** phalmos has joined #openstack-keystone21:43
*** otleimat has joined #openstack-keystone21:46
openstackgerritEric Fried proposed openstack/keystoneauth master: Add EndpointData.__str__ for debugging  https://review.openstack.org/48941321:54
*** ducttape_ has joined #openstack-keystone22:00
*** ducttap__ has quit IRC22:03
*** ducttap__ has joined #openstack-keystone22:15
*** aojea has quit IRC22:18
*** ducttape_ has quit IRC22:18
*** aojea has joined #openstack-keystone22:19
*** aojea has quit IRC22:24
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add yaml-loaded filesystem catalog backend  https://review.openstack.org/48351422:26
morganlbragstad: ^ some corrections.22:27
morganlbragstad: needs testing still22:27
*** phalmos has quit IRC22:31
*** phalmos has joined #openstack-keystone22:32
*** ducttape_ has joined #openstack-keystone22:32
*** ducttap__ has quit IRC22:35
*** thorst_afk has quit IRC22:38
*** jessegler has joined #openstack-keystone22:46
*** kbaegis has quit IRC22:48
*** kbaegis has joined #openstack-keystone22:49
*** edmondsw has quit IRC22:52
*** esp has quit IRC23:03
*** esp has joined #openstack-keystone23:06
*** gyee has quit IRC23:17
*** https_GK1wmSU has joined #openstack-keystone23:20
*** aojea has joined #openstack-keystone23:20
*** https_GK1wmSU has left #openstack-keystone23:22
*** catintheroof has joined #openstack-keystone23:24
*** aojea has quit IRC23:27
*** esp has quit IRC23:27
*** ducttape_ has quit IRC23:27
*** ducttape_ has joined #openstack-keystone23:32
*** ducttap__ has joined #openstack-keystone23:35
*** ducttape_ has quit IRC23:37
*** ducttap__ has quit IRC23:37
*** jessegler has quit IRC23:38
*** catintheroof has quit IRC23:43
« Sunday, 2017-07-30 Index Tuesday, 2017-08-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!