Monday, 2018-05-07

« Sunday, 2018-05-06 Index Tuesday, 2018-05-08 »
openstackgerritAdrian Turjak proposed openstack/keystone master: Revert "Rename fernet_utils to token_utils"  https://review.openstack.org/56648600:07
*** r-daneel has joined #openstack-keystone00:38
*** r-daneel has quit IRC00:42
*** r-daneel has joined #openstack-keystone00:44
*** dave-mccowan has joined #openstack-keystone00:47
*** junboli has joined #openstack-keystone01:02
*** edmondsw has joined #openstack-keystone01:32
*** edmondsw has quit IRC01:36
openstackgerritwangxiyuan proposed openstack/keystone master: Fix the test for unique IdP  https://review.openstack.org/56381201:47
*** links has joined #openstack-keystone02:17
*** namnh has joined #openstack-keystone02:18
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Hierarchical Unified Limits  https://review.openstack.org/54080302:37
*** EvilienM is now known as EmilienM02:45
*** junboli has quit IRC02:50
*** r-daneel has quit IRC02:50
*** dklyle has joined #openstack-keystone02:51
*** dklyle has quit IRC02:57
openstackgerritwangxiyuan proposed openstack/oslo.limit master: Init repo  https://review.openstack.org/55674403:07
*** edmondsw has joined #openstack-keystone03:20
*** dave-mccowan has quit IRC03:23
*** edmondsw has quit IRC03:24
*** pooja_jadhav has joined #openstack-keystone03:45
*** threestrands has joined #openstack-keystone04:04
*** jaosorior has joined #openstack-keystone04:05
*** namnh has quit IRC04:08
*** namnh has joined #openstack-keystone04:09
*** gyankum has joined #openstack-keystone04:10
*** redrobot has quit IRC04:12
*** hoonetorg has quit IRC05:07
*** hoonetorg has joined #openstack-keystone05:20
*** pcaruana has joined #openstack-keystone06:02
*** martinus__ has joined #openstack-keystone06:48
*** edmondsw has joined #openstack-keystone06:56
*** annp has joined #openstack-keystone06:57
*** edmondsw has quit IRC07:00
*** threestrands has quit IRC07:39
*** timss- is now known as timss08:29
*** timss has quit IRC08:32
*** timss has joined #openstack-keystone08:33
*** edmondsw has joined #openstack-keystone08:44
*** edmondsw has quit IRC08:49
*** sameer has joined #openstack-keystone08:53
sameerhow to create a trust with the trustor(user) and trustee in keystone ?08:53
wxysameer: here is the api ref: https://developer.openstack.org/api-ref/identity/v3-ext/index.html#os-trust-api08:58
wxysameer: the cli: https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/trust.html08:59
*** pcichy has joined #openstack-keystone09:00
*** normen has joined #openstack-keystone09:12
*** jaosorior has quit IRC09:17
*** jaosorior has joined #openstack-keystone09:19
*** xinran_ has joined #openstack-keystone09:24
openstackgerritwangxiyuan proposed openstack/keystone master: [POC] Strict two level hierarchical limit  https://review.openstack.org/55769609:39
*** afazekas is now known as afazekas|pto09:59
*** namnh has quit IRC10:15
*** edmondsw has joined #openstack-keystone10:32
*** edmondsw has quit IRC10:36
*** annp has quit IRC10:46
*** dave-mccowan has joined #openstack-keystone11:13
*** dave-mccowan has quit IRC11:26
*** dave-mccowan has joined #openstack-keystone11:26
*** jaosorior has quit IRC11:49
*** r-daneel has joined #openstack-keystone11:53
*** jroll has quit IRC11:56
*** jroll has joined #openstack-keystone11:57
pooja_jadhavwxy: Hi12:03
*** raildo has joined #openstack-keystone12:04
*** nicolasbock has joined #openstack-keystone12:09
*** sonuk has joined #openstack-keystone12:13
*** markvoelker has joined #openstack-keystone12:17
*** edmondsw has joined #openstack-keystone12:32
*** edmondsw has quit IRC12:36
*** edmondsw has joined #openstack-keystone12:38
*** edmondsw has quit IRC12:42
*** edmondsw has joined #openstack-keystone12:44
*** felipemonteiro has joined #openstack-keystone12:48
*** sonuk has quit IRC12:48
*** edmondsw has quit IRC12:48
*** edmondsw has joined #openstack-keystone12:49
*** jaosorior has joined #openstack-keystone12:54
*** bhagyashri_s has joined #openstack-keystone13:01
*** jmlowe_ has joined #openstack-keystone13:02
*** links has quit IRC13:05
*** lbragstad has joined #openstack-keystone13:06
*** ChanServ sets mode: +o lbragstad13:06
*** felipemonteiro has quit IRC13:07
*** zigo_ has joined #openstack-keystone13:07
*** sameer has quit IRC13:09
*** cburgess_ has joined #openstack-keystone13:09
*** chrome0_ has joined #openstack-keystone13:09
*** johnthetubaguy_ has joined #openstack-keystone13:10
*** jmlowe has quit IRC13:11
*** bhagyashris has quit IRC13:11
*** chrome0 has quit IRC13:11
*** openstackgerrit has quit IRC13:11
*** cburgess has quit IRC13:11
*** zigo has quit IRC13:11
*** johnthetubaguy has quit IRC13:11
*** rybridges has quit IRC13:11
lbragstado/13:12
*** rybridges has joined #openstack-keystone13:17
*** AlexeyAbashkin has joined #openstack-keystone13:28
*** superdan is now known as dansmith13:40
kmalloclbragstad: o/13:41
hrybackio/13:41
cmurphyo/13:44
*** r-daneel has quit IRC13:56
*** spilla has joined #openstack-keystone13:57
knikollao/13:59
lbragstadknikolla: i was going to try and follow up with you last week, but ran out of time14:01
lbragstadknikolla: any word on the community goal stuff? there was a thread on the ml, did anything ever come of it?14:02
knikollalbragstad: i haven't followed the progress closely. i have a note to do so tomorrow and if it's gone dormant to revive the discussion by posting on the list.14:04
*** gyankum has quit IRC14:05
lbragstadknikolla: awesome14:10
*** Supun has joined #openstack-keystone14:10
*** r-daneel has joined #openstack-keystone14:28
*** felipemonteiro has joined #openstack-keystone14:32
*** AlexeyAbashkin has quit IRC14:36
*** felipemonteiro_ has joined #openstack-keystone14:42
*** felipemonteiro has quit IRC14:45
*** xinran_ has quit IRC14:56
*** openstackgerrit has joined #openstack-keystone15:01
openstackgerritHarry Rybacki proposed openstack/keystone-specs master: Define a set of basic default roles  https://review.openstack.org/56637715:01
gagehugoo/15:06
*** pcaruana has quit IRC15:09
*** felipemonteiro_ has quit IRC15:10
*** felipemonteiro_ has joined #openstack-keystone15:10
*** Supun has quit IRC15:17
*** felipemonteiro__ has joined #openstack-keystone15:22
*** felipemonteiro_ has quit IRC15:26
*** sapd_ has quit IRC15:32
*** Supun has joined #openstack-keystone15:41
*** dklyle has joined #openstack-keystone15:52
*** dklyle has quit IRC15:57
*** dklyle has joined #openstack-keystone15:57
*** gyee has joined #openstack-keystone16:03
hrybackilbragstad: I'm wanting to start working on ^^ this week -- likely with the bootstrap process (that'll need to be updated regardless of which/what roles we end up opting for)16:09
lbragstadhrybacki: yeah - that sounds good16:11
lbragstadhrybacki: add a link to the meeting agenda for tomorrow so that we can try and discuss it as a group16:13
lbragstadadded*16:13
hrybackilbragstad: ack ack16:14
*** pcichy has quit IRC16:19
*** openstackgerrit has quit IRC16:19
*** Supun has quit IRC16:21
lbragstadkmalloc: with your home setup, have you ever configured a bridge to accept the same internal network address from your dhcp server?16:35
* lbragstad is pretty sure the networking on his dev box is hosed16:36
kmalloclbragstad: hmm16:36
kmalloclbragstad:  the same network address or an additional network address for a VM/Container?16:36
kmalloclbragstad: because i think linux gets cranky if it's the same network address.16:37
kmalloc(basically 2 machines/macs with an IP causes confusion)16:37
kmalloclbragstad: need more info to answer more clearly than that16:37
lbragstadi have an ubuntu 16.04 box running with a bridge (br0), and the ethernet device on the box puts the ip address from my dhcp server on the bridger16:37
lbragstadbridge*16:37
kmallocoh, yeah i do exactly that for my FW.16:37
lbragstadfor some reason it says it's waiting for a lock in order to bring up br016:38
kmallocBR0 is the main interface, management interface of the Firewall VM goes through br016:38
kmallochm.16:38
lbragstadwaiting on lock for /run/network/ifstate.br016:38
lbragstadhave you ever hit anything like that with ubuntu if that's what you run?16:39
kmalloclbragstad: here is what my interfaces looks like16:39
kmallochttps://www.irccloud.com/pastebin/Kbi1RrN3/16:39
kmallocI am not using networkmanager fwiw16:39
kmallocand i am upgrading to 18.04, which uses netplan.io16:39
kmalloc(plus systemd-networkd16:40
lbragstadah16:40
kmallocyou could use dhcp instead of static on br0 and it should be fine16:40
lbragstadyeah- that's what i was doing16:40
kmallocbut ... don't assign anything to the underlying interfaces.16:40
kmallocnote i;m using just eno1 as part of the bridge16:41
kmallocnow, if you're setting up LAGG or similar, it becomes a totally different thing16:41
kmallocbut if it is just for VM passthrough/bridged networking, the bridge_ports, stp, maxwait, and fd should work even with dhcp16:42
lbragstadok16:42
* kmalloc comments that netplan.io is MUCH nicer to work with.16:42
kmalloci am not looking forward to upgrading that box to 18.04 (the one i just pasted my interfaces from)16:42
lbragstadyeah - i was just exposing br0 on my home network and then configued lxd to use br0 instead of the lxdbr0 it creates by default16:42
kmallocyah that should be 100% ok16:43
lbragstadthat way containers pull ip addresses from my dhcp server/router16:43
kmalloci did the same thing with libvirt.16:43
lbragstadhuh - ok16:43
kmallocso.16:44
kmallocsilly question...16:44
kmallocdid you modify your interfaces file and tried an ifup/down and getting that error?16:44
kmallocno reboot, correct?16:44
lbragstadwell - i came downstairs, tried getting to a container and i realized it was down16:44
lbragstadlooked at the server, and realized it was off16:44
kmallocalso, are you setting the interface to auto?16:44
kmalloc"auto br0"16:45
kmallocthis might be an issue with a changed interface file and the system state being wonky16:45
kmallocit happens if you're changing how interfaces work sometimes without downing the network completly first.16:45
lbragstadso i turned it back on, but the dhcp reservation didn't seem to be working, so i got on the local console and realized it was failing to start lxd-container.service16:45
kmallochold on.16:46
lbragstadso i manually tried kicking the networking service16:46
kmalloccan you paste your ip addr show and interfaces file? [private message is fine if you want]16:46
lbragstadsure16:46
*** spilla has quit IRC16:46
kmallocalso what is in /run/network/ifstate / files in /run/network/16:47
lbragstadchecking - might take me a minute16:47
kmallocnp.16:47
lbragstadhttps://gist.github.com/lbragstad/2f0fe1777e46dc9e090237b92221c325 kmalloc16:53
kmalloci don't think you need "ifaces"16:53
lbragstadthe contents of /var/run/network: dynamic-interfaces ifstate ifstate.lo ifstate.rename316:54
kmallocbridge-ports should be fine, also, i don't think you need to explicitly up ifconfig eno1 up16:54
lbragstadso - lines 7 and 9 >16:55
lbragstad?16:55
lbragstader - 7 and 1016:55
kmallocyeah16:56
*** spilla has joined #openstack-keystone16:56
kmallocyou don't need STP, you're a single interface there16:56
kmalloci might do bridge_fd 016:56
kmallocas well, just to avoid forwarding delays16:56
*** normen has quit IRC16:56
kmalloca16:58
kmallocah16:58
kmallocyou don't need to change bridge_fd since you're dhcping16:58
kmallocthe default is a 15s wait (max) to ensure your network interface is all the way up/working16:58
kmallocsince i'm doing static assignments, maxwait/fd at zero makes sense.16:58
kmallocthough you might want to set maxwait and fd to 0, just to see if it helps16:59
kmalloclast of all, you *may* need to reboot the machine depending on how far out of sorts the tracking is16:59
kmallocit can be corrected manually with say a sysctl restart networking17:00
kmallocbut... it could also just still be in a serious funk17:00
lbragstadyeha17:03
lbragstadi've kicked it a couple times17:03
lbragstadit just seems to hang on the /var/run/network lock17:03
kmallocthats weird17:06
kmallocset the waits to 017:06
kmallocbridge_maxwait and bridge_fd17:06
lbragstadsudo ifup br0 gives me "No DHCPOFFERS received"17:08
kmallochmm..17:09
kmallocweird.17:10
kmallocif it wouldn't crash my network, i'd try this :P17:10
kmallocand go with DHCP17:10
kmalloccan you set a static network on br017:10
*** jmlowe_ has quit IRC17:10
kmallocjust to get you going?17:10
lbragstadyeah - i can try it... but it's almost like it's not finding the home router?17:10
kmallocsortof...17:18
kmallocyou might also want to bridge_stp off17:18
kmallocsince you're not actually bridging across 2 networks17:19
kmalloc(or interfaces) the likelyhood of running into STP issues is minimal/non-existant17:19
lbragstadok17:19
lbragstadjust rekicked the box, and i'll try that17:19
lbragstadinteresting - br0 is up17:21
lbragstadand it has an ip address17:21
lbragstadwhich is the static one that i set17:21
lbragstadbut still no network connectivity17:21
lbragstadbut the mac address that br0 has doesn't match the ethernet device, so that's probably an issue17:22
ayounghrybacki, lbragstad with default roles, are we going to give then a default UUID, or let the system assign it?17:23
hrybackiayoung: good question -- I'd assumed the latter. Are there any obvious pro/cons?17:24
ayoungif the UUIDs match, you can merge clouds17:24
ayounghrybacki, https://review.openstack.org/#/c/566448/17:24
ayoungso lets say two groups both do an OpenStack deploy, and later you decide you really want them to be a single cloud17:25
ayoungthe default domain is going to mess things up, as you are going to have 2 sets of projects under it that are likely now in conflict17:25
lbragstadthe current admin role is generated dynamically but has the same name everywhere "admin"17:25
lbragstadkmalloc: updated17:26
lbragstadhttps://gist.github.com/lbragstad/2f0fe1777e46dc9e090237b92221c32517:26
ayounglbragstad, yep.  that is the name, but not the uuid17:26
lbragstadright17:26
hrybackiinteresting ayoung -- thinking forward17:26
ayounglbragstad, I kinda want to make the ID the same as the name17:26
*** jaosorior has quit IRC17:26
hrybackiwhat about drawbacks?17:26
kmalloclbragstad: working now?17:26
ayoungexisting deployments17:26
lbragstadkmalloc: kicking it again17:26
kmalloclbragstad: kk17:26
ayoungwe could, however, fix that in a migration17:26
kmallocayoung: you have to be SUPER careful on that front17:27
kmallocbecause some folks may be relying on the uuid as is.17:27
ayoungfor the standard set of roles, update the role ID to match the role name on all role assignments17:27
ayoungkmalloc, for role_id?  Where?  In policy?17:27
ayoungOr in Horizon?17:27
kmallocafaik, you can reference therole id for setting/mucking with users etc17:27
lbragstadwhat if someone has 'auditor' already defined?17:27
ayoungright. which is why we have _member_17:28
kmallocso if folks are using the ID in their external automation17:28
*** jaosorior has joined #openstack-keystone17:28
ayoungbecause people were using Member and member already17:28
kmallocwe can't change it17:28
kmallocnot out from under them.17:28
kmallocwe need to provide a side-band (not automated) way to get into compliance with how we're doing things and make sure it's documented for moving to the new roles... I think17:28
kmallocthis might be a keystone-manage action17:29
ayoungright.  So the obvious thing to do is to use the uuid-gen mechanism17:29
ayoungthen if there is already an admin role, it will be the same, and if not, we will add one17:29
kmallocgoing forward, we can be much more specific (new installs)17:29
ayoungit just exacerbates the multi-region issues17:29
kmallocso, lets start with: fix forward looking, and then work on current installs.17:29
ayoungso, what if we  leave existing roles alone, but for new ones, make the roleid == the rolename within tolerances?17:30
ayoungOh...except for domain specific17:30
kmallocthat too.17:30
ayoungthose need to still be uuids, or they will block standard roles17:30
kmalloci think we run into some clear assumptions on role-id.17:30
kmallocthroughout keystone.17:30
kmallocthankfully nothing but keystone consumes the id17:31
*** ayoung has quit IRC17:31
*** ayoung has joined #openstack-keystone17:34
* kmalloc yells at bank websites... "My password CLEARLY adheres to the password 'validation', but it is saying I have invalid characters"17:34
kmalloc......17:34
lbragstadkmalloc: weird, i was about to get the ethernet mac address on br0, but still no network17:34
kmallocodd17:41
kmallocyou haven't set the bridge-devices17:41
kmallocbridge-ports "all" i've not had work17:42
kmalloclbragstad: also you have bridge-ports not bridge_ports17:42
lbragstadi updated interfaces https://gist.github.com/lbragstad/2f0fe1777e46dc9e090237b92221c32517:42
lbragstadoh - damn17:42
kmallocyah17:42
kmallocthat would do it17:42
lbragstadi was wondering if that was wrong17:42
kmallocand you don't need to define iface eno1 unless you're assigning to that interface something different than the bridge17:43
kmallocand you don't need up ifconfig17:43
lbragstadok17:43
*** jmlowe has joined #openstack-keystone18:04
*** Supun has joined #openstack-keystone18:08
*** jmlowe has quit IRC18:13
*** jmlowe has joined #openstack-keystone18:15
*** mvenesio has joined #openstack-keystone18:18
*** dave-mccowan has quit IRC18:36
*** dave-mcc_ has joined #openstack-keystone18:36
*** Supun has quit IRC18:37
lbragstadalright - stepping away for a run quick18:44
*** Supun has joined #openstack-keystone18:58
*** pcichy has joined #openstack-keystone19:00
*** dave-mccowan has joined #openstack-keystone19:07
*** dave-mcc_ has quit IRC19:07
*** Supun has quit IRC19:08
*** jmlowe has quit IRC19:27
lbragstadhmm - idk... networking is hard20:18
lbragstadkmalloc: i have no idea how this works.. but apparently it got the server back on the home network http://paste.openstack.org/raw/720518/20:22
lbragstadi doubt the containers i have on that server will work through because lxd is configured to use br0 and not whatever rename3 is20:22
lbragstadhttp://paste.openstack.org/raw/720519/20:24
*** spilla has quit IRC20:26
*** raildo has quit IRC20:26
*** mvenesio has quit IRC20:38
*** mvenesio has joined #openstack-keystone20:39
*** NobodyCam_ has joined #openstack-keystone20:45
*** awestin1_ has joined #openstack-keystone20:46
*** knikolla_ has joined #openstack-keystone20:47
*** simondodsley_ has joined #openstack-keystone20:47
*** szaher_ has joined #openstack-keystone20:48
kmallocOh man =\20:49
lbragstadi have absolutely no idea...20:52
lbragstadi swapped the config a couple times... kicked the networking service, now everything is working agian20:52
lbragstadcontainers and everything20:52
* lbragstad is scared to look at it20:52
*** mvenesio has quit IRC20:53
*** pcichy has quit IRC20:53
*** NobodyCam has quit IRC20:53
*** awestin1 has quit IRC20:53
*** knikolla has quit IRC20:53
*** mvk has quit IRC20:53
*** simondodsley has quit IRC20:53
*** szaher has quit IRC20:53
*** knikolla_ is now known as knikolla20:53
*** NobodyCam_ is now known as NobodyCam20:53
*** awestin1_ is now known as awestin120:53
*** simondodsley_ is now known as simondodsley20:53
*** mvk has joined #openstack-keystone20:54
lbragstadbr0 isn't even in my interface configuration currently... but it apparently it attach to my ethernet device...20:54
lbragstadw/e i'll figure this stuff out later... it works for now, so i'm just going to try and not break it20:55
*** johnthetubaguy_ has quit IRC20:56
*** johnthetubaguy has joined #openstack-keystone20:58
lbragstadcmurphy: now that i'm done fighting networking for the day, i noticed you fixed https://bugs.launchpad.net/keystone/+bug/1768980 in master with https://review.openstack.org/#/c/556023/21:04
openstackLaunchpad bug 1768980 in OpenStack Identity (keystone) "Wrong Port in "Create OpenStack client environment scripts in keystone" document" [Low,Triaged]21:04
lbragstadi proposed a backport to queens https://review.openstack.org/#/c/566735/21:04
*** martinus__ has quit IRC21:13
*** edmondsw has quit IRC21:15
*** edmondsw has joined #openstack-keystone21:15
*** edmondsw has quit IRC21:20
cmurphylbragstad: awesome21:44
cmurphyi love accidentally fixing bugs21:45
lbragstadit's the best21:48
*** redrobot has joined #openstack-keystone22:00
*** dave-mccowan has quit IRC22:01
*** openstackgerrit has joined #openstack-keystone22:01
openstackgerritGage Hugo proposed openstack/keystone master: Add functional testing gate  https://review.openstack.org/53101422:01
*** felipemonteiro__ has quit IRC22:24
*** rcernin has joined #openstack-keystone22:25
*** dave-mccowan has joined #openstack-keystone22:55
-openstackstatus- NOTICE: Any devstack job failure due to rsync errors related to tripleo-incubator can safely be rechecked now22:57
*** cloudnull is now known as cloudkiller23:20
*** cloudkiller is now known as cloudnull23:21
*** r-daneel has quit IRC23:28
*** pooja_jadhav has quit IRC23:28
*** pooja_jadhav has joined #openstack-keystone23:28
*** jdennis1 has joined #openstack-keystone23:59
*** jdennis has quit IRC23:59
*** jdennis1 has quit IRC23:59
*** jdennis has joined #openstack-keystone23:59
« Sunday, 2018-05-06 Index Tuesday, 2018-05-08 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!