Tuesday, 2018-06-12

« Monday, 2018-06-11 Index Wednesday, 2018-06-13 »
*** lifeless has quit IRC00:09
*** r-daneel has joined #openstack-keystone00:23
*** Dinesh_Bhor has joined #openstack-keystone00:31
*** jmlowe has joined #openstack-keystone00:41
*** devx has quit IRC00:59
*** devx has joined #openstack-keystone01:00
openstackgerritMorgan Fainberg proposed openstack/keystone master: Implement scaffolding for Flask-RESTful use  https://review.openstack.org/57441501:06
openstackgerritMorgan Fainberg proposed openstack/keystone master: Keystone adheres to public_endpoint opt only  https://review.openstack.org/57450201:06
*** gyee has quit IRC01:07
*** dave-mccowan has quit IRC01:30
*** sapd has quit IRC01:40
*** lifeless has joined #openstack-keystone01:41
*** sapd has joined #openstack-keystone01:44
*** annp has joined #openstack-keystone01:47
*** felipemonteiro has joined #openstack-keystone02:17
*** lifeless has quit IRC02:32
*** lifeless has joined #openstack-keystone02:33
*** rcernin is now known as rcernin|lunch02:35
*** dave-mccowan has joined #openstack-keystone02:52
*** agrebennikov has quit IRC03:02
*** sheel has joined #openstack-keystone03:07
*** itlinux has joined #openstack-keystone03:15
*** felipemonteiro has quit IRC03:44
*** dave-mccowan has quit IRC04:05
*** jmlowe has quit IRC04:10
*** germs has quit IRC04:13
*** itlinux has quit IRC04:19
*** felipemonteiro has joined #openstack-keystone04:27
*** germs has joined #openstack-keystone04:34
*** germs has quit IRC04:34
*** germs has joined #openstack-keystone04:34
*** germs has quit IRC04:37
*** Dinesh_Bhor has quit IRC05:01
*** mvk has joined #openstack-keystone05:03
*** Dinesh_Bhor has joined #openstack-keystone05:04
*** pcaruana has quit IRC05:24
*** AlexeyAbashkin has joined #openstack-keystone05:39
*** Alexey_Abashkin has joined #openstack-keystone05:42
*** Alexey_Abashkin has quit IRC05:42
*** Alexey_Abashkin has joined #openstack-keystone05:42
*** AlexeyAbashkin has quit IRC05:43
*** Alexey_Abashkin is now known as AlexeyAbashkin05:43
*** AlexeyAbashkin has quit IRC05:45
*** zzzeek has quit IRC05:54
*** zzzeek has joined #openstack-keystone05:58
*** mvk has quit IRC06:05
*** felipemonteiro has quit IRC06:06
*** Dinesh__Bhor has joined #openstack-keystone06:10
*** Dinesh_Bhor has quit IRC06:11
*** dklyle has quit IRC06:18
*** dklyle has joined #openstack-keystone06:18
*** david-lyle has joined #openstack-keystone06:20
*** dklyle has quit IRC06:23
*** pcaruana has joined #openstack-keystone06:27
*** liuzz has joined #openstack-keystone06:29
*** david-lyle has quit IRC06:32
*** AlexeyAbashkin has joined #openstack-keystone06:42
openstackgerritwangxiyuan proposed openstack/keystone master: [WIP] Strict two level hierarchical limit  https://review.openstack.org/55769606:53
*** martinus__ has joined #openstack-keystone06:56
*** hoonetorg has quit IRC07:01
*** AlexeyAbashkin has quit IRC07:04
*** AlexeyAbashkin has joined #openstack-keystone07:10
*** rcernin|lunch has quit IRC07:13
*** ykarel has joined #openstack-keystone07:15
*** dklyle has joined #openstack-keystone07:28
openstackgerritzhongshengping proposed openstack/keystone master: Add release notes link to README  https://review.openstack.org/57461207:31
*** redrobot has quit IRC07:33
*** pcaruana has quit IRC07:34
openstackgerritMerged openstack/keystone-specs master: Address follow-on comments in strict-two-level spec  https://review.openstack.org/57329207:36
*** lifeless has quit IRC07:39
*** lifeless has joined #openstack-keystone07:39
*** redrobot has joined #openstack-keystone07:39
*** hoonetorg has joined #openstack-keystone07:40
*** pcaruana has joined #openstack-keystone07:49
*** pcaruana has quit IRC07:59
*** pcaruana has joined #openstack-keystone08:15
*** ykarel_ has joined #openstack-keystone08:21
*** ykarel has quit IRC08:23
openstackgerritXiaojueGuan proposed openstack/keystone-specs master: Update links in README  https://review.openstack.org/57463708:25
*** ykarel_ is now known as ykarel08:28
*** gagehugo_ has joined #openstack-keystone08:31
*** gagehugo has quit IRC08:32
ykarelHi, anyone can guide with the flaskification change in keystone:- https://review.openstack.org/#/c/572827/4/releasenotes/notes/convert-keystone-to-flask-80d980e239b662b0.yaml08:36
ykareli am seeing that latest_app is None(should be updated with load_app) after changing to flask:- https://github.com/openstack/keystone/blob/master/keystone/version/controllers.py#L29-L3508:39
*** xinran__ has joined #openstack-keystone08:41
*** AlexeyAbashkin has quit IRC08:54
*** AlexeyAbashkin has joined #openstack-keystone08:58
*** nicolasbock has joined #openstack-keystone09:18
*** m3m0 has joined #openstack-keystone09:27
m3m0hello everyone, is it possible to define my projects and roles in openldap and be read by keystone? without creating them manually in openstack?09:27
*** nicolasbock has quit IRC09:37
*** Alexey_Abashkin has joined #openstack-keystone09:40
*** AlexeyAbashkin has quit IRC09:40
*** Alexey_Abashkin is now known as AlexeyAbashkin09:40
*** Haradani has joined #openstack-keystone09:41
*** Haradani has left #openstack-keystone09:41
*** Dinesh__Bhor has quit IRC09:53
*** lifeless has quit IRC09:59
openstackgerritwangxiyuan proposed openstack/keystone master: Strict two level hierarchical limit  https://review.openstack.org/55769610:01
ykarelso my quenstion for flask keystone, it looks like it's not working with unversioned keystone url10:12
ykarelcan someone please check10:12
*** annp has quit IRC10:22
*** AlexeyAbashkin has quit IRC10:28
*** xinran__ has quit IRC10:48
*** lifeless has joined #openstack-keystone11:03
*** lifeless has quit IRC11:13
*** lifeless has joined #openstack-keystone11:13
*** nicolasbock has joined #openstack-keystone11:33
openstackgerritchenxiangui proposed openstack/keystone master: Add release notes link to README  https://review.openstack.org/57470011:39
*** AlexeyAbashkin has joined #openstack-keystone11:45
*** Alexey_Abashkin has joined #openstack-keystone11:48
*** AlexeyAbashkin has quit IRC11:50
*** Alexey_Abashkin is now known as AlexeyAbashkin11:50
*** AlexeyAbashkin has quit IRC11:52
*** AlexeyAbashkin has joined #openstack-keystone11:53
*** raildo has joined #openstack-keystone11:54
*** anurag has joined #openstack-keystone11:56
anuraghi12:00
*** dave-mccowan has joined #openstack-keystone12:03
*** edmondsw has joined #openstack-keystone12:03
*** anurag has quit IRC12:07
*** cristicalin has joined #openstack-keystone12:09
openstackgerritwangxiyuan proposed openstack/keystone master: Strict two level hierarchical limit  https://review.openstack.org/55769612:17
*** ykarel_ has joined #openstack-keystone12:21
*** ykarel has quit IRC12:24
*** r-daneel has quit IRC12:25
*** ykarel_ is now known as ykarel12:26
*** r-daneel has joined #openstack-keystone12:40
knikolla[m]Bah, subway is broken today12:53
*** raildo has quit IRC12:53
*** raildo has joined #openstack-keystone12:55
*** pcaruana has quit IRC13:00
*** kman has joined #openstack-keystone13:16
*** cristicalin has quit IRC13:19
*** felipemonteiro_ has joined #openstack-keystone13:23
*** AlexeyAbashkin has quit IRC13:24
*** felipemonteiro has joined #openstack-keystone13:25
*** felipemonteiro has quit IRC13:27
*** felipemonteiro_ has quit IRC13:29
jaosoriorlbragstad: could I get a review for this if you have time https://review.openstack.org/#/c/572243/ ?13:32
*** AlexeyAbashkin has joined #openstack-keystone13:32
*** r-daneel has quit IRC13:41
*** pcaruana has joined #openstack-keystone13:46
*** sheel has quit IRC13:47
lbragstadjaosorior: sure13:48
lbragstadykarel: do you have steps to reproduce the issue?13:53
ykarellbragstad, facing it in tripleo jobs, may be devstack is also affected:- python -c "import requests,json;r=requests.get('http://<ip>:5000',verify=False,headers={'Accept': 'application/json-home'});print(r.content)"13:56
ykarellbragstad, ^^ fails13:56
ykareland this pass:- python -c "import requests,json;r=requests.get('http://<ip>:5000/v3',verify=False,headers={'Accept': 'application/json-home'});print(r.content)"13:56
lbragstadok - let me try that quick and see if it fails for me13:57
ykarelin devstack keystone logs also i can see // is appended in the keystone service url, so may be issue can be reproduced there as well13:57
ykarellbragstad, okk let me know13:58
kmalloclbragstad: ugh, '//' issue, that might be my fault13:58
ykarelkmalloc, ahh i was looking for you with other nicks :)13:59
lbragstadis this the error you're seeing?14:00
lbragstadhttp://paste.openstack.org/show/723311/14:00
ykarellbragstad, no14:01
ykarelmay be u are running behind apache14:01
lbragstadi am14:01
lbragstadit's a devstack deploy14:01
ykarelso try: http://192.168.1.5/identity14:01
lbragstadhttp://paste.openstack.org/show/723312/14:02
ykarelso it's working in devstack14:03
ykarellbragstad, can you check keystone log14:03
lbragstadsure14:04
*** r-daneel has joined #openstack-keystone14:04
lbragstadhttp://paste.openstack.org/show/723313/14:05
openstackgerritMorgan Fainberg proposed openstack/keystone master: Implement scaffolding for Flask-RESTful use  https://review.openstack.org/57441514:05
openstackgerritMorgan Fainberg proposed openstack/keystone master: Keystone adheres to public_endpoint opt only  https://review.openstack.org/57450214:05
openstackgerritMorgan Fainberg proposed openstack/keystone master: Store JSON Home Resources off the composing router  https://review.openstack.org/57473514:05
openstackgerritMorgan Fainberg proposed openstack/keystone master: [WIP] Convert json_home and version discovery to Flask  https://review.openstack.org/57473614:05
kmallocykarel: is that an old devstack or a clean run?14:07
* lbragstad just ran devstack yesterday on a clean run14:08
kmallocok14:08
*** r-daneel_ has joined #openstack-keystone14:08
ykarelkmalloc, lbragstad  i am seeing http://paste.openstack.org/show/723314/ in a clean tripleo deployment14:08
kmallochm.14:08
*** r-daneel has quit IRC14:08
*** r-daneel_ is now known as r-daneel14:08
kmallocwhat is the exception that is causing the 500?14:09
kmallocwe should never issue a 500 without a corresponding exception being raised.14:09
ykarelkmalloc, https://logs.rdoproject.org/openstack-periodic/periodic-tripleo-ci-centos-7-multinode-1ctlr-featureset030-master/fbc106b/subnode-2/var/log/containers/keystone/keystone.log.txt.gz#_2018-06-11_20_16_29_82414:10
lbragstadlooks like a couple of // are on the end of the url14:11
kmallocyeah.14:11
kmallocand that might be the dispatching middleware doing something wonky14:11
lbragstaddoes apache do something different with that?14:11
kmallocwell, not really, what is happening is that keystone does a stupid thing14:11
kmallocwhen you get the root / JSON HOME page, what it is actually doing is internally making a sub request to /v3 for the JSON Home page then re-writing the document14:12
kmallocafter deserializing the internal sub-request and then reserializing it.14:12
kmalloclbragstad: https://github.com/openstack/keystone/blob/master/keystone/version/controllers.py#L38-L4914:13
kmallocso... if we're getting an extra "/" passed through in that method, we are probably not getting real json_home data back14:14
kmallocwhich then fails when we try to loads/other stuff14:14
kmallocit's a VERY dumb way of doing things, but it "works" most of the time.14:14
ykarelkmalloc, also i noted that ^^ , latest_app=None14:14
lbragstadhmm14:14
kmallocykarel: latest_app=None should be fine.14:14
kmallocthat is magic for unit tests.14:14
ykarelkmalloc, ack14:15
ykarelkmalloc, in reno you mentioned deployments will need new wsgi scripts, what that mean14:15
kmallocyou'll need to re-generate the WSGI scripts to startup the keystone service14:15
kmallocsince we changes how we load things14:15
kmallocwe don't use paste-ini14:15
kmallocif keystone is starting, you have nothing to worry about14:16
kmallocbut it is intended to warn people who may have crafted their own wsgi scripts14:16
kmallocbasically, sdist install will generate the right things, but if you don't use the new things it might be broken-ish.14:16
kmallocykarel: i'm guessing that i will have this 100% fixed by https://review.openstack.org/#/c/574736/ this point14:17
ykarelkmalloc, we use from sdist, and currently have this:- http://paste.openstack.org/show/723316/14:17
kmallocyep14:17
kmallocyou're good14:17
kmallocreally, if you are using from sdist and make sure to grab the most current one, you'll not be broken :)14:18
kmalloc[basically, if keystone starts and runs, you're fine)14:18
kmalloclbragstad: so. i know exactly what the issue is. do you want me to spin an explicit fix or should i push on the move discovery to keystone.api14:18
kmalloci am maybe ~20lines of code away from that working.14:19
lbragstadif we're close with the rest of the keystone.api bits14:19
ykarelkmalloc, we are using latest commit from keystone14:19
kmalloclbragstad: see https://review.openstack.org/#/c/574736/14:20
lbragstadotherwise i feel compelled to pull it into a new patch we can fast track since people are broken14:20
kmallocreally, i just need to make that load and rip out some dispatcher code.14:20
kmalloclbragstad: it's under a chain though14:20
kmallocrealistically i could make https://review.openstack.org/#/c/574735/1 do the work for me.14:21
ykarelkmalloc, ok trying your patch:- https://review.openstack.org/#/c/574736/14:21
kmallocykarel: it wont work yet ;)14:21
ykarelohhk14:21
kmallocykarel: needs to actually use the new mechanism, hence the [WIP].14:21
kmalloc:) the discovery move was a lot more work because JSON Home is ... magical14:21
ykarel:) have fun14:21
ykarelkmalloc, lbragstad what's the recommended way: use unversioned of versioned url for keystone?14:22
kmallocpref. unversioned14:22
ykarelof/or14:22
kmallocbut that sometimes gets wonky14:22
ykarelokk, hmm as in our case versioned work is working fine14:23
ykarelbut unversioned one has issues14:23
kmallocright, that is a bug, but unversioned should just work14:23
kmallocin your case as well14:23
kmalloclet me try and fix this quickly so you can try.14:23
ykarelokk14:23
ykarelhmm would be good as otherwise we have to go with the versioned workaround14:24
kmallocreally, this should be fixed pretty quickly.14:25
kmalloc:)14:25
kmalloci happen to already be working in this part of keystone14:26
kmalloclbragstad: ugh, the test output is terrible on test_versions14:32
*** dave-mccowan has quit IRC14:35
*** kman has quit IRC14:45
knikollaanything i should be looking at / reviewing?14:46
openstackgerritMorgan Fainberg proposed openstack/keystone master: Store JSON Home Resources off the composing router  https://review.openstack.org/57473514:46
kmallocykarel: ^ try that one.14:46
kmalloclbragstad: ^14:46
ykarelkmalloc, trying14:46
*** codebot_ has joined #openstack-keystone14:47
kmallocYou prob need the preceesing patches as well.14:48
kmallocBut those are low impact. Not sure how clean a cherry pick that is in isolation.14:48
codebot_Hi I am new to openstack, I have setup a devstack pike environment14:48
codebot_Going through keystone14:48
kmalloclbragstad: ^ cc14:49
codebot_but in my system /var/log doesn`t contains keystone.log file14:49
codebot_any help is appreciated14:49
kmallocykarel: it doesn't solve the root issue, it just makes the bug go away, since we aren't doing the dumb internal request.14:50
codebot_keystone.log file is not generating, how to do that ? HELP14:51
codebot_Hello there?14:54
*** mordred has quit IRC14:55
lbragstadcodebot_: how are you running keystone?14:56
ykarelkmalloc, the patch is working, i just tried:- python -c "import requests,json;r=requests.get('http://192.168.24.1:5000',verify=False,headers={'Accept': 'application/json-home'});print(r.content)"14:56
ykarelkmalloc, ack for not fixing the root cause. so your WIP would bring the real fix?14:57
*** jmlowe has joined #openstack-keystone14:57
*** spilla has joined #openstack-keystone15:00
*** m3m0 has quit IRC15:02
*** dave-mccowan has joined #openstack-keystone15:03
kmallocYes15:03
kmallocBecause I am then removing the router dispatching middleware causing the issue for the / and /v3 Json home.15:04
codebot_@lbragstad it a devstack environment15:06
hrybackikmalloc: o/ https://bluejeans.com/u/hrybacki/15:06
*** wxy| has joined #openstack-keystone15:07
*** codebot_ has quit IRC15:07
*** mordred has joined #openstack-keystone15:08
lbragstadcodebot_ https://docs.openstack.org/devstack/latest/systemd.html#querying-logs15:08
ykarelkmalloc, Ok Thanks15:11
kmallocykarel: the fix i provided is part of the chain in either case15:13
kmalloci just accelerated it for getting you unblocked15:13
ykarelkmalloc, Thanks waiting it to get merged15:13
kmallocknikolla: https://review.openstack.org/#/c/574735/15:14
kmallocknikolla: since that and the preceeding patches unblock ykarel15:15
knikollakmalloc: looking15:16
kmallocknikolla: it probably needs some extra testing. but please let me know what is needed so i can get it landed.15:18
*** ykarel is now known as ykarel|away15:22
ildikovknikolla: kmalloc: lbragstad: hi :)15:26
kmallocildikov: allo therE! :)15:26
ildikovAnd cmurphy :)15:26
knikollao/15:26
kmallocildikov: meeting?15:26
ildikovTomorrow at 1300UTC there's an OPNFV Edge Cloud call where they would like to chat about test scenarios for Keystone among other topics15:27
ildikovWould either of you be available to dial in?15:28
knikollai can't make it.15:28
kmalloci don't think i can make it. but i'll 2x check when done with this meeting15:29
*** fiddletwix has quit IRC15:29
ildikovSorry for the last minute heads up :(15:29
kmalloci'll see if i can make it.15:29
ildikovI will send out a Doodle poll if no one is able to make it to have a separate meeting15:30
kmallocis this going to be on zoom.us or some other system?15:30
ildikovPlz lemme know :)15:30
kmalloci had issues dialing into the zoom thing last time.15:30
ildikovkmalloc: Zoom15:31
kmalloc=/15:31
* kmalloc really hates having to install a separate client to make it work.15:31
*** fiddletwix has joined #openstack-keystone15:31
ildikovkmalloc: there should be dial-in numbers if you don't want to install new stuff on your laptop15:31
lbragstadhrybacki: do you have a link to the default roles reviews?15:31
hrybackilbragstad: https://review.openstack.org/#/c/572243/ main review15:32
hrybackiall reviews: https://trello.com/c/sTBxkSDs/40-implement-default-roles15:32
ildikovkmalloc: I hear ya...15:32
lbragstadsweet15:33
cmurphyildikov: i think i can make it15:35
ildikovcmurphy: great, thanks!15:36
ildikovcmurphy: I will look up the wiki with the meeting details15:36
ildikovcmurphy: do you need a meeting invite too?15:36
cmurphyildikov: that would help me remember15:37
cmurphyildikov: colleen@gazlene.net15:37
ildikovcmurphy: will send it once I'm back to my laptop!15:37
cmurphyildikov: tyty15:38
ildikovcmurphy: me thanks :)15:38
*** liuzz_ has joined #openstack-keystone15:39
*** liuzz has quit IRC15:42
*** gyee has joined #openstack-keystone15:47
*** mordred has quit IRC15:48
*** itlinux has joined #openstack-keystone15:48
*** mordred has joined #openstack-keystone15:52
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add Flask-RESTful as a requirement  https://review.openstack.org/57441415:52
openstackgerritMorgan Fainberg proposed openstack/keystone master: Implement scaffolding for Flask-RESTful use  https://review.openstack.org/57441515:52
openstackgerritEric Fried proposed openstack/keystoneauth master: raise_exc default in Adapter  https://review.openstack.org/57478415:52
openstackgerritMorgan Fainberg proposed openstack/keystone master: Keystone adheres to public_endpoint opt only  https://review.openstack.org/57450215:52
openstackgerritMorgan Fainberg proposed openstack/keystone master: Store JSON Home Resources off the composing router  https://review.openstack.org/57473515:53
openstackgerritMorgan Fainberg proposed openstack/keystone master: [WIP] Convert json_home and version discovery to Flask  https://review.openstack.org/57473615:54
*** AlexeyAbashkin has quit IRC15:57
openstackgerritMorgan Fainberg proposed openstack/keystone master: Store JSON Home Resources off the composing router  https://review.openstack.org/57473515:57
openstackgerritMorgan Fainberg proposed openstack/keystone master: Store JSON Home Resources off the composing router  https://review.openstack.org/57473516:00
*** AlexeyAbashkin has joined #openstack-keystone16:01
*** hoonetorg has quit IRC16:02
kmallocykarel|away: https://bugs.launchpad.net/keystone/+bug/177650616:06
openstackLaunchpad bug 1776506 in OpenStack Identity (keystone) "Keystone JSON HOME on / fails" [High,In progress] - Assigned to Morgan Fainberg (mdrnstm)16:06
*** knikolla[m] has quit IRC16:08
*** lbragstad[m] has quit IRC16:08
*** gagehugo_ is now known as gagehugo16:09
*** trident has quit IRC16:11
openstackgerritMorgan Fainberg proposed openstack/keystone master: [WIP] Convert json_home and version discovery to Flask  https://review.openstack.org/57473616:13
*** jmlowe has quit IRC16:13
*** trident has joined #openstack-keystone16:13
*** Kumar has joined #openstack-keystone16:14
*** ykarel_ has joined #openstack-keystone16:22
*** hoonetorg has joined #openstack-keystone16:23
*** dave-mccowan has quit IRC16:23
*** ykarel|away has quit IRC16:24
*** lbragstad[m] has joined #openstack-keystone16:33
*** Alexey_Abashkin has joined #openstack-keystone16:33
*** Alexey_Abashkin has quit IRC16:35
*** AlexeyAbashkin has quit IRC16:35
*** Sundar has joined #openstack-keystone16:37
openstackgerritMorgan Fainberg proposed openstack/keystone master: Keystone adheres to public_endpoint opt only  https://review.openstack.org/57450216:39
openstackgerritMorgan Fainberg proposed openstack/keystone master: Store JSON Home Resources off the composing router  https://review.openstack.org/57473516:39
openstackgerritMorgan Fainberg proposed openstack/keystone master: [WIP] Convert json_home and version discovery to Flask  https://review.openstack.org/57473616:40
SundarHello, I am hitting an 'Internal Server Error" in keystone in response to "GET http://172.25.112.34/identity/v3/auth/tokens", when deploying with devstack. This same deployment was working until 2 days ago, but is failing after a unstack and running stack.sh again.16:42
SundarWould anybody here have any tips?16:42
lbragstadSundar: do you have logs?16:42
lbragstadSundar: or a trace?16:43
kmallocunstack/restack is not really that reliable16:45
*** knikolla[m] has joined #openstack-keystone16:46
kmallocit's a best effort and may sometimes result in an unusable system16:46
knikollasometimes clean helps16:46
kmallocthat said, a trace/logs may help us identify16:46
kmallocI always recommend a clean devstack if possible.16:46
kmallocknikolla: sorry you had to look at the composible router things16:47
kmallocknikolla: it... makes my head hurt, and i'm working in that section of keystone a lot right now16:47
*** germs has joined #openstack-keystone16:47
*** germs has quit IRC16:47
*** germs has joined #openstack-keystone16:47
Sundarkmalloc: yes, I have done many clean.sh runs, reboots and such16:47
Sundarlbragstad: yes, I do have logs. It came down to a single failure:16:47
Sundar"openstack project show admin -f value -c id" triggers the error every time16:48
ykarel_kmalloc, ack16:48
kmallocSundar: and in the keystone log, what is the traceback?16:48
lbragstadSundar: check the keystone logs - that command is trying to use keystone and probably isn't the actual cause of the failure16:48
lbragstad`sudo journalctl -f -a --unit devstack@keystone.service`16:49
knikollakmalloc: i've seen worse. i'm usually guilty myself of overengineering.16:49
kmalloclbragstad: hehe, journalctl *sigh*16:49
*** wxy| has quit IRC16:49
kmallocknikolla: there is a lot of history of "oh we'll just add X on top of this" going on in this code16:49
kmalloci don't think it really was "engineered"16:49
kmalloc;)16:50
* kmalloc gets the machete out and starts hacking away at the jungle that has "grown" out of keystone's WSGI layer16:50
Sundarlbragstad: Thanks. Here's the keystone log:16:50
SundarJun 12 21:41:49 otcfpga1.sc.intel.com devstack@keystone.service[12443]: ERROR keystone.common.wsgi     request.set_user_headers(request.token_auth.user) Jun 12 21:41:49 otcfpga1.sc.intel.com devstack@keystone.service[12443]: ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/_request.py", line 176, in set_user_headers Jun 12 21:41:49 otcfpga1.sc.intel.com devstack@keystone.serv16:50
knikollakmalloc: ha! actually that makes sense. I'm not sure you'd end up with three classes called Router if they were written in the same week/month.16:51
kmallocSundar: i recomment using paste.openstack.org, that looks truncated.16:51
lbragstadSundar: you can use http://paste.openstack.org/ and that'll be easier than pasting into irc16:51
kmalloclbragstad: :)16:51
* knikolla grabbing lunch. I'll be here for office hours since Tuesday is my keystone day. 16:52
kmallocknikolla: and Router, RouterBase, ComposingRouter, ComposibleRouter...16:52
knikollakmalloc: brings back my Java days.16:52
kmallocknikolla: you have no idea how many times ComposingRouter and ComposibleRouter has bitten me in this refactor16:53
Sundarlbragstad: Sure. Please see http://paste.openstack.org/show/723329/16:53
lbragstadSundar: you need to update keystonemiddleware16:54
lbragstadactually - you need to update keystoneauth16:54
Sundarlbragstad: Basic question: shouldn't devstack do that automatically?16:54
lbragstadit depends on how you have it configured16:55
lbragstaddevstack can reclone repositories for you if you tell it to16:55
lbragstadbut by default it doesn't16:55
SundarApart from PIP_UPGRADE=true, do I need to set anything else?16:55
*** ykarel_ is now known as ykarel|away16:56
lbragstadit depends on how you manage those repositories, if you're using devstack to do it, then you can set RECLONE=true16:56
lbragstador you can do it manually16:56
lbragstad#startmeeting keystone-office-hours16:58
openstackMeeting started Tue Jun 12 16:58:19 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.16:58
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:58
openstackThe meeting name has been set to 'keystone_office_hours'16:58
kmallocSundar: this is why i recommend a totally fresh devstack when possible (not just clean.sh) - this is one of those cases where devstack's cleanup is just not 100% and causes odd errors.16:58
kmallocthe best bet when you're struggling is RECLONE=true or start fresh and see if it continues, especially if you've done a number of stack/unstack/stack cycles16:59
kmalloclbragstad: omg MORE COFFEE.16:59
*** hoonetorg has quit IRC17:03
Sundarlbragstad: Thank you very much. I will re-install devstack with RECLONE=true.17:04
*** ykarel|away has quit IRC17:05
*** r-daneel_ has joined #openstack-keystone17:05
*** r-daneel has quit IRC17:06
*** r-daneel_ is now known as r-daneel17:06
kmallocSundar: good luck, let us know if you're still having issues after that17:09
*** hoonetorg has joined #openstack-keystone17:10
*** lifeless_ has joined #openstack-keystone17:15
*** lifeless has quit IRC17:16
kmalloclbragstad: did the KSA release happen yet?17:17
kmalloclbragstad: if not, we should include https://review.openstack.org/#/c/574784/17:17
lbragstadkmalloc: https://review.openstack.org/#/c/574337/17:18
lbragstadit did17:18
kmalloclbragstad: if it did, we should release with that once it lands17:18
lbragstadsure - i can keep tabs on it17:18
kmalloccool.17:18
kmallocok let me get back to this flaskification stuff.17:18
*** hoonetorg has quit IRC17:19
kmallocso i can get the root stuff moved to Flask Native and drop some of the icky dispatch code.17:19
Sundarkmalloc: Thanks very much! I will ping back if needed -- hopefully there won't be a need. :)17:20
*** hoonetorg has joined #openstack-keystone17:28
*** felipemonteiro has joined #openstack-keystone17:30
kmalloclbragstad: omg, about to post first actual move to flask api bit17:41
kmallocwoooooooo17:41
*** bhagyashri_s has joined #openstack-keystone17:45
*** hoonetorg has quit IRC17:47
*** hoonetorg has joined #openstack-keystone17:48
*** bhagyashris_ has quit IRC17:48
*** hoonetorg has quit IRC17:58
SundarHi, A cleandevstack install failed too. But not sure if this is Cinder or Keystone. Please see https://drive.google.com/file/d/19EncNpjzW_RflRn1zj_iu6hqDvoyuQ9m/view?usp=sharing17:59
*** felipemonteiro has quit IRC17:59
*** spilla has quit IRC18:00
lbragstadthat looks like a cinder-specific issue18:09
lbragstadcinder providers an option that allows you to deploy it with and without a dependency on keystone18:09
lbragstadare you able to dig into the logs and see why it failed?18:10
*** hoonetorg has joined #openstack-keystone18:16
*** r-daneel has quit IRC18:16
*** hoonetorg has quit IRC18:21
*** spzala has joined #openstack-keystone18:22
*** spzala has quit IRC18:22
*** Kumar has quit IRC18:26
*** felipemonteiro has joined #openstack-keystone18:28
*** dave-mccowan has joined #openstack-keystone18:30
*** hoonetorg has joined #openstack-keystone18:38
*** hoonetorg has quit IRC18:45
*** dave-mccowan has quit IRC18:47
*** hoonetorg has joined #openstack-keystone18:52
*** itlinux has quit IRC18:54
openstackgerritLance Bragstad proposed openstack/python-keystoneclient master: Add support for registered limits  https://review.openstack.org/53766818:57
openstackgerritLance Bragstad proposed openstack/python-keystoneclient master: Add support for project-specific limits  https://review.openstack.org/57439118:57
*** hoonetorg has quit IRC18:58
*** felipemonteiro has quit IRC19:02
lbragstadknikolla: thanks for the review on the unified limit client patches19:06
lbragstadposted some newer versions19:06
knikollalbragstad: was just looking at the new ones now :)19:06
lbragstadyou're the man knikolla19:07
*** hoonetorg has joined #openstack-keystone19:10
lbragstadkmalloc: i'll crack open the flask stuff in a minute here19:11
lbragstadi assume you still need it reviewed?19:11
*** hoonetorg has quit IRC19:15
*** hoonetorg has joined #openstack-keystone19:16
*** fiddletwix has quit IRC19:20
kmallocyeah19:24
kmallocworking on the WIP one at the end for discovery19:24
kmallocalmost done.19:25
kmallocbut the stuff up to the flask WIP one needs review19:25
*** hoonetorg has quit IRC19:30
*** lifeless_ has quit IRC19:31
hrybackilbragstad: question for you -- I'm not seeing where this is ever actually set:https://github.com/openstack/keystone/blob/master/keystone/cmd/bootstrap.py#L4019:31
hrybackithe attempt to create the role is here: https://github.com/openstack/keystone/blob/master/keystone/cmd/bootstrap.py#L163-L165 but I'm not seeing where the `None` is being replaced by an actual string19:32
lbragstadhrybacki: https://github.com/openstack/keystone/blob/master/keystone/cmd/cli.py#L16119:33
lbragstadwhich is using https://github.com/openstack/keystone/blob/master/keystone/cmd/cli.py#L13119:33
lbragstadwhich uses the default here - https://github.com/openstack/keystone/blob/master/keystone/cmd/cli.py#L8419:33
hrybackilbragstad: ah ack. Do you think I should port the `reader` and `admin` role names to a config and have them consumed like ^^ or keep them as is directly in the bootstrap code19:34
lbragstadumm19:36
lbragstadgood question19:36
lbragstadsince it's really just used one, i'd lean towards using it as another option to bootstrap19:36
lbragstadinstead of config options19:36
lbragstador - just create those roles and don't expose them via config or options?19:37
hrybackioh no, I don't mean necessarily a 'default roles or no default roles' option. But the names themselves e.g. do we want people to be able to replace 'reader' with 'readonly' by overriding default config19:37
lbragstadhmmm19:37
lbragstadi'm not sure if allowing them override is going to be that important?19:38
hrybackican always be added after the face19:38
hrybackifact19:38
lbragstadbut i'm willing to be convinced otherwise19:38
hrybackisee line 39 https://review.openstack.org/#/c/572243/7/keystone/cmd/bootstrap.py19:38
lbragstadwe've already committed to using 'admin', 'member', and 'reader'19:39
hrybackirather line 41 and 4519:39
* hrybacki nods19:39
*** Sundar has quit IRC19:39
openstackgerritMorgan Fainberg proposed openstack/keystone master: [WIP] Convert json_home and version discovery to Flask  https://review.openstack.org/57473619:39
knikollalbragstad: do we have any docs on implied roles?19:39
lbragstadif a deployment is going to use something else, they already need to roll their own custom policy19:39
knikollai'm writing the release note for the infer_roles deprecation and coming up blank with links to docs.19:40
lbragstadknikolla: not that i am aware of - i did have a bug open for that though19:40
kmalloclbragstad: ^ and we have flaskified discovery/json_home19:40
hrybackiack. I'll leave it as is and pull out the TODOs lbragstad19:40
lbragstadkmalloc: awesome19:40
lbragstadkmalloc: what's your opinion on hrybacki's question?19:40
kmallocdiscovery is *not* representative of anything else, but that is because discovery is super special19:40
kmallocuhm reading up19:40
lbragstadshould an operator be able to override the member and reader role names?19:40
lbragstadin the bootstrap option?19:40
kmallocin bootstrap?19:41
kmallocno19:41
kmallocbootstrap is explicitly opinonated19:41
kmallocit setups the system to a common "known" state19:41
lbragstadyeah- i just doesn't seem to get you much mileage19:41
kmallocit is up to the operator to move from there, but they know the state is consistent19:41
hrybackiack19:41
kmallocso they can automate from that point19:41
lbragstadsince we're going to be rewriting all of our policie to those default19:42
lbragstaddefaults*19:42
kmallocyep, go for opinionated and consistent19:42
*** raildo has quit IRC19:42
openstackgerritHarry Rybacki proposed openstack/keystone master: Ensure default roles created during bootstrap  https://review.openstack.org/57224319:42
kmallocthe whole idea is bootstrap gets keystone running to the point you can use the API to setup the rest19:42
openstackgerritKristi Nikolla proposed openstack/keystone master: Deprecate [token] infer_roles  https://review.openstack.org/57486919:42
hrybackicool, ^^ should be g2g then19:42
lbragstadhrybacki: you can just create them and then set the role IDs on the bootstrap object19:42
hrybackiI'm wondering if there isn't a way to rename 'admin' as things are right now19:43
lbragstadthen we can reuse those roles in tests19:43
hrybackialready setting them on the object so we should be good to go19:44
lbragstadsweet19:44
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert json_home and version discovery to Flask  https://review.openstack.org/57473619:45
openstackgerritMerged openstack/keystoneauth master: raise_exc default in Adapter  https://review.openstack.org/57478419:45
kmalloclbragstad: i have a good feeling that we're going to see a faster keystone just by leaning 100% on flask instead of having all these mappers we pass requests through19:47
kmalloca single dispatch layer is going to be good19:48
lbragstadi hope you're right19:48
kmallocwe already saw somewhat of that by dropping paste.deploy19:48
kmallocit wasn't huge, but it was a bit on our unit tests.19:48
*** lifeless has joined #openstack-keystone19:49
kmalloclbragstad: answered in-line questions (cc gagehugo) on the flask reviews19:57
*** dave-mccowan has joined #openstack-keystone20:01
gagehugokmalloc \o/20:04
*** AlexeyAbashkin has joined #openstack-keystone20:05
*** Alexey_Abashkin has joined #openstack-keystone20:08
*** AlexeyAbashkin has quit IRC20:09
*** Alexey_Abashkin is now known as AlexeyAbashkin20:09
*** dave-mccowan has quit IRC20:10
*** Alexey_Abashkin has joined #openstack-keystone20:15
*** AlexeyAbashkin has quit IRC20:16
*** Alexey_Abashkin is now known as AlexeyAbashkin20:16
*** itlinux has joined #openstack-keystone20:24
*** itlinux has quit IRC20:28
openstackgerritLance Bragstad proposed openstack/keystone master: Expose endpoint to return enforcement model  https://review.openstack.org/56271620:46
*** boris_42_ has joined #openstack-keystone20:47
*** lbragstad[m] has quit IRC20:49
*** knikolla[m] has quit IRC20:49
*** AlexeyAbashkin has quit IRC20:52
*** felipemonteiro has joined #openstack-keystone20:56
*** linkmark has joined #openstack-keystone20:58
hrybackilbragstad: o/ tbh I don't understand how the blueprints work in LP :P21:00
hrybackiI think you added that link to commit msg and I assumed it worked lol21:00
lbragstadblueprint in lp or how we link to them?21:00
hrybackihow we link them21:00
hrybackiI see https://blueprints.launchpad.net/keystone/+spec/basic-default-roles21:01
lbragstadyeah21:01
lbragstadso gerrit has a parser that will parse commit messages for special strings, and format them to links21:01
kmalloclbragstad: responded to comments on the discovery-flaskification bit21:01
lbragstadso if it sees something like `bp blah` it will replace that with a link to launchpad for a blueprint named 'blah'21:02
hrybackiah, so 'basic-default-roles' rather than 'define-default-roles'21:03
hrybackimakes sense21:03
* hrybacki updates21:03
lbragstadyep21:03
kmallocyeah21:03
*** efried has joined #openstack-keystone21:03
*** pcaruana has quit IRC21:04
efriedHey folks, did you want me to propose a release to pick up https://review.openstack.org/#/c/574784/ ?21:04
efriedIt's not an urgent thing, so no biggie if you're waiting to collect moar stuffs.21:04
lbragstadwould a week or two be too much time?21:05
efriedNot at all.21:05
efriedThanks Lance.21:05
lbragstadawesome - i'll keep an eye on ksa stuff and see what else we can roll in the next release21:05
efriedrgr21:05
lbragstadif i come up dry after a week or two, we'll happily do another release21:05
efriedsounds good21:05
lbragstadthanks efried21:05
efriedMy pleasure.21:05
*** lbragstad[m] has joined #openstack-keystone21:07
*** aojea has joined #openstack-keystone21:14
*** knikolla[m] has joined #openstack-keystone21:21
*** lifeless has quit IRC21:21
openstackgerritHarry Rybacki proposed openstack/keystone master: Ensure default roles created during bootstrap  https://review.openstack.org/57224321:22
hrybackithanks for the comments lbragstad21:23
lbragstadthanks for being on the ball21:23
*** sapd has quit IRC21:26
*** sapd has joined #openstack-keystone21:27
*** sapd has quit IRC21:27
*** sapd has joined #openstack-keystone21:27
*** lifeless has joined #openstack-keystone21:29
*** dtruong has quit IRC21:41
*** evrardjp_ has joined #openstack-keystone21:41
*** evrardjp has quit IRC21:43
*** dtruong has joined #openstack-keystone21:47
openstackgerritMorgan Fainberg proposed openstack/keystone master: Convert json_home and version discovery to Flask  https://review.openstack.org/57473621:48
*** nicolasbock has quit IRC21:51
knikollaadriant: o/21:54
knikollahave some adjutant questions21:54
*** felipemonteiro has quit IRC21:54
*** r-daneel has joined #openstack-keystone21:58
lbragstad#endmeeting21:59
openstackMeeting ended Tue Jun 12 21:59:36 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:59
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-06-12-16.58.html21:59
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-06-12-16.58.txt21:59
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-06-12-16.58.log.html21:59
*** dave-mccowan has joined #openstack-keystone22:00
*** r-daneel_ has joined #openstack-keystone22:01
*** r-daneel has quit IRC22:03
*** r-daneel_ is now known as r-daneel22:03
*** felipemonteiro has joined #openstack-keystone22:10
lbragstadwxy: knikolla thoughts on https://review.openstack.org/#/c/574391/2/keystoneclient/v3/limits.py ?22:14
lbragstadit'll require more cleanup changes to the server implementation22:14
lbragstadand we'll have to update the spec, but i'm wondering if there is a case to not do that?22:14
lbragstadwe can talk about it tomorrow or later this evening too22:14
knikollalbragstad: you could have them share a base class and the only difference being resource_class22:15
lbragstadsure22:15
lbragstadi guess i'm talking about the overall usability of the registered limit api and limit api?22:15
knikollawell, to the user only the url path will look different22:16
knikollaif they accept the same things22:16
lbragstadaccept what things?22:16
knikollalet me gather my thoughts. being coherent at 6.20pm is hard22:17
knikollawith the current implementation22:17
lbragstadagreed - i'm hitting that piont too22:17
knikollaregistered_limits API and limit API are the same, right?22:18
knikollawith limit taking a project also22:18
lbragstadhttps://developer.openstack.org/api-ref/identity/v3/index.html#unified-limits22:18
lbragstadthis is what an example create request looks like https://developer.openstack.org/api-ref/identity/v3/index.html#create-registered-limits22:18
lbragstadfor registered limits ^22:19
lbragstadfor limits -> https://developer.openstack.org/api-ref/identity/v3/index.html#create-limits22:19
lbragstadnotice that the only big difference is the addition of a project_id attribute and default_limit doesn't exist and is replaced with resource_limit22:19
knikollawhich ironically enough is missing from the table of parameters22:20
lbragstadbut the user of the API still needs to specify service_id, region_id, and resource_name22:20
knikollalbragstad: not necessarily. they can specify names22:21
knikollaif using the client22:21
lbragstadsure - but that's a client thing22:21
lbragstadwriting up a paste to see if that helps me get my thoughts out22:21
knikollalbragstad: in the case of specifying a registered_limit override they need to specify a limit to override22:22
knikollato uniquely qualify one they need either a reigstered limit ID22:22
knikollaor service, region and resource22:22
knikollaif they don't know the ID already22:22
knikollaor they can get a full list22:23
knikollahmmm...22:23
knikollaI guess both flows make sense in a way22:23
*** aojea has quit IRC22:23
lbragstadhttp://paste.openstack.org/raw/723353/22:25
*** edmondsw has quit IRC22:26
*** edmondsw has joined #openstack-keystone22:26
lbragstadsee how the very last example is duplicating information already associated to the registered limit?22:26
lbragstadbut that's how it works today22:27
lbragstadi'm just wondering if we care about that duplication?22:27
lbragstadif we want to leave it the way it is or change it since it is still experimental22:28
knikollamy feeling is that for people using clients. the current behavior is better.22:28
lbragstadso `openstack registered limit create nova cores 10`22:29
knikollaas a user that wants to override a limit on a project. i know what that limit represents. nova/RegionOne/vcpu/projectX/2022:29
lbragstadand then `openstack limit create project_foo nova cores 10`22:29
knikollaBut I don't know the limits ID, until I query for it.22:29
knikollayes22:30
knikollaif u need to specify an override22:30
knikollait would be `openstack reigstered limit show nova cores 10`22:30
knikollacopy paste id22:30
knikolla`openstack limi create project_foo <paste ID> 20`22:30
lbragstadyeah - or `openstack registered limit list`22:30
lbragstadright22:30
*** edmondsw has quit IRC22:31
knikollaI feel the first works better as a user flow22:31
knikollaas it avoids copy pasting22:31
knikollaor exposure to IDs22:31
lbragstadi can see that22:31
lbragstadok22:31
lbragstadi'll mull on it22:31
*** martinus__ has quit IRC22:32
lbragstadcc kmalloc wxy ^22:33
lbragstadthanks knikolla22:33
kmallocsec22:33
kmallocreading up22:33
lbragstadno worries - i'm about to step away for a minute, but wanted to get opinions22:33
kmallochm22:34
kmalloci don't care about the duplication really.22:36
kmalloci'm happy if you want to change it22:36
lbragstadso you're in the same boat as knikolla?22:36
kmalloci'm in the boat of "both look oke"22:37
lbragstadok22:37
kmallocbut in general... i don't like IDs for automation22:37
lbragstadthat fair22:39
knikollai should start heading back, but the office is empty and i'm really enjoying the quiet22:39
*** rcernin has joined #openstack-keystone22:44
*** jmlowe has joined #openstack-keystone22:55
*** dklyle has quit IRC22:55
*** dklyle has joined #openstack-keystone22:56
*** felipemonteiro has quit IRC23:07
*** lbragstad[m] has quit IRC23:16
*** knikolla[m] has quit IRC23:16
*** jmlowe has quit IRC23:17
*** jmlowe has joined #openstack-keystone23:19
*** felipemonteiro has joined #openstack-keystone23:23
*** jmlowe has quit IRC23:31
*** lbragstad[m] has joined #openstack-keystone23:33
*** jmlowe has joined #openstack-keystone23:35
*** threestrands has joined #openstack-keystone23:36
*** knikolla[m] has joined #openstack-keystone23:46
*** mchlumsky has quit IRC23:59
« Monday, 2018-06-11 Index Wednesday, 2018-06-13 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!