Monday, 2019-04-08

« Sunday, 2019-04-07 Index Tuesday, 2019-04-09 »
*** jamesmcarthur has joined #openstack-keystone00:03
*** jamesmcarthur has quit IRC00:08
*** jamesmcarthur has joined #openstack-keystone00:12
*** jamesmcarthur has quit IRC00:16
*** ayoung has joined #openstack-keystone00:37
*** markvoelker has joined #openstack-keystone00:42
*** markvoelker has quit IRC00:44
*** markvoelker has joined #openstack-keystone00:45
*** whoami-rajat has joined #openstack-keystone01:19
*** irclogbot_1 has quit IRC01:44
*** edmondsw_ has quit IRC01:48
*** jamesmcarthur has joined #openstack-keystone01:50
*** Dinesh_Bhor has joined #openstack-keystone01:57
*** ileixe has joined #openstack-keystone02:53
*** Nel1x has quit IRC03:02
*** jamesmcarthur has quit IRC03:03
*** Nel1x has joined #openstack-keystone03:21
*** shyamb has joined #openstack-keystone04:05
*** Nel1x has quit IRC04:10
*** pcaruana has joined #openstack-keystone04:49
*** pcaruana has quit IRC04:55
*** shyamb has quit IRC04:56
*** jamesmcarthur has joined #openstack-keystone05:05
*** jamesmcarthur has quit IRC05:06
*** jamesmcarthur has joined #openstack-keystone05:06
*** jamesmcarthur has quit IRC05:10
*** shyamb has joined #openstack-keystone05:15
*** mkrai has joined #openstack-keystone05:34
mkraiHi, while setting up devstack I get this error http://paste.openstack.org/show/748981/05:35
mkraiI checked that auth05:35
mkraiI checked that auth_url is correctly set in environment variable05:35
*** phasespace has quit IRC06:01
*** jaosorior has joined #openstack-keystone06:05
*** pcaruana has joined #openstack-keystone06:30
openstackgerritColleen Murphy proposed openstack/keystone master: Convert user_id back to string  https://review.openstack.org/65061506:31
*** markvoelker has quit IRC06:43
*** awalende has joined #openstack-keystone07:10
*** shyamb has quit IRC07:19
*** awalende has quit IRC07:19
*** shyamb has joined #openstack-keystone07:19
*** phasespace has joined #openstack-keystone07:19
*** awalende has joined #openstack-keystone07:20
*** awalende has quit IRC07:24
*** awalende has joined #openstack-keystone07:24
*** awalende has quit IRC07:39
*** awalende has joined #openstack-keystone07:42
*** tkajinam has quit IRC08:11
*** rcernin has quit IRC08:19
*** mkrai has quit IRC08:38
*** markvoelker has joined #openstack-keystone08:45
*** zigo_ has joined #openstack-keystone08:45
*** zigo_ is now known as zigo08:50
*** tobberydberg has quit IRC09:12
*** markvoelker has quit IRC09:18
*** tobberydberg has joined #openstack-keystone09:25
*** shyamb has quit IRC09:35
*** markvoelker has joined #openstack-keystone10:16
*** markvoelker has quit IRC10:49
*** markvoelker has joined #openstack-keystone11:15
*** mvkr has quit IRC11:34
*** pcaruana has quit IRC11:47
*** edmondsw has joined #openstack-keystone12:04
*** raildo has joined #openstack-keystone12:04
*** jamesmcarthur has joined #openstack-keystone12:17
*** mvkr has joined #openstack-keystone12:29
*** jamesmcarthur has quit IRC12:30
*** mchlumsky has joined #openstack-keystone12:37
*** pcaruana has joined #openstack-keystone12:38
*** mchlumsky has quit IRC12:41
*** mchlumsky has joined #openstack-keystone12:42
*** jamesmcarthur has joined #openstack-keystone12:48
*** needssleep is now known as TheJulia12:49
*** jroll has quit IRC12:50
*** jroll has joined #openstack-keystone12:50
*** awalende has quit IRC12:59
*** awalende has joined #openstack-keystone12:59
*** ab-a has joined #openstack-keystone13:03
*** awalende has quit IRC13:04
knikollao/13:07
*** lbragstad has joined #openstack-keystone13:08
*** ChanServ sets mode: +o lbragstad13:08
openstackgerritColleen Murphy proposed openstack/keystone master: Convert user_id back to string  https://review.openstack.org/65061513:10
*** cmorpheus is now known as cmurphy13:11
*** whoami-rajat has quit IRC13:28
*** pcaruana has quit IRC13:31
*** pcaruana has joined #openstack-keystone13:36
*** whoami-rajat has joined #openstack-keystone13:38
*** jmlowe has quit IRC13:52
*** phasespace has quit IRC14:02
gagehugoo/14:24
lbragstado/14:26
*** spotz has joined #openstack-keystone14:27
*** jmlowe has joined #openstack-keystone14:28
cmurphy\o14:31
*** mchlumsky has quit IRC14:43
*** mchlumsky has joined #openstack-keystone14:46
*** lbragstad has quit IRC14:46
*** lbragstad has joined #openstack-keystone14:47
*** ChanServ sets mode: +o lbragstad14:47
*** phasespace has joined #openstack-keystone15:16
*** gyee has joined #openstack-keystone15:20
*** itlinux_ has quit IRC15:33
*** itlinux has joined #openstack-keystone16:28
ayoungkmalloc, got a customer interested in using mariadb async replication from a central keystone to remotes.  All installs done via TripleO.  THought?17:26
kmallocHmmmm17:26
ayoungAs I can see it, there problem points are going to be the data installed into the remote sites during install17:27
kmallocIf it is not bi-directional replication (not master/master with the remotes) it is probably ok.17:27
ayoungI think all service catalogs are region 117:27
ayoungand the nova etc users will have distinct passwords17:27
ayoungbut all be in the same database17:27
ayoungI think you can sync paswords, though,17:28
kmallocYou can. But conflicts because we key on name for unique in some cases could be hard.17:28
ayoungthey would have different userids, but I think all the config files only have usernames17:28
kmallocIf it is multi-master17:28
ayoungI wonder if they could install the lower clusters, shut them down, run the sync, update the config files, and bring it back up?17:29
kmallocProbably17:29
ayoungI don't think OOO supports service users in LDAP17:42
ayounglet me check.17:42
ayoungI think the installer puts services users in the default domain17:42
*** jamesmcarthur_ has joined #openstack-keystone17:46
*** jamesmcarthur has quit IRC17:49
*** itlinux has quit IRC18:19
*** johnsom has quit IRC18:20
*** johnsom has joined #openstack-keystone18:21
*** BlackDex has quit IRC18:22
*** BlackDex has joined #openstack-keystone18:22
ayoungkmalloc, I told them not to do it.  Upgrades18:41
kmallocah18:41
ayoungIt really is something we need to work on with the TripleO team18:41
ayoungor maybe edge?18:42
openstackgerritRaildo Mascena proposed openstack/keystone master: [WIP]Fixing dn_to_id function for cases were id it's not in the DN  https://review.openstack.org/64917718:48
*** mvkr has quit IRC18:51
*** jmlowe has quit IRC18:56
*** eandersson_ is now known as eandersson18:57
*** jamesmcarthur_ has quit IRC19:04
cmurphylbragstad: kmalloc need stable reviews for this stein boilerplate                         | https://review.openstack.org/#/q/status:open+(project:openstack/keystone+OR+project:openstack/keystoneauth+OR+project:openstack/keystonemiddleware)+branch:stable/stein                                           │19:11
kmallocdone19:13
* kmalloc goes back to PTO.19:13
* lbragstad goes back to tinkering with ansible19:14
lbragstadunrelated: i wish i would have found this *years* ago https://docs.ansible.com/ansible/latest/modules/github_key_module.html19:14
eanderssonA silly question but local_users has a primary key and auto increment for id.19:32
eanderssonWould it be possible to change this id to a uuid?19:32
eanderssonauto increment makes async replication difficult :p19:33
*** jamesmcarthur has joined #openstack-keystone19:34
*** jamesmcarthur_ has joined #openstack-keystone19:35
*** jamesmcarthur has quit IRC19:39
kmalloceandersson: uuid is a terrible PK19:39
eanderssonsure - but auto increment and primary key is not great either for replication19:40
eanderssonnot sure what the better alternative is19:40
kmallocautoinc19:40
kmallocyou can set a skip value, so node 1 does, 1, 3, 5 etc19:40
kmallocand node 2 does 2,4,619:40
eanderssonassuming you can do that19:41
kmallocuuids are terrible for PK indexing in most mysql cases. And internal PKs should not be exposed, especially if it's a FK to another table19:41
kmallocasync multimaster is also a terrible idea with an application like keystone19:42
kmallocthis is just my opinion though.19:43
kmallochonestly, i'd rather see all the PKs in keystone move to autoinc.19:44
kmallocto be consistent19:44
eanderssonI just want to offer a good experience to our customers19:44
kmallocwhat are you trying to solve exactly? a 100% shared keystone across many micro sites?19:45
eanderssonand unfortunately my expertise within databases, and database replications is limited19:45
openstackgerritColleen Murphy proposed openstack/keystone master: Convert user_id back to string  https://review.openstack.org/65061519:45
eanderssonpretty much19:45
* kmalloc is going to get yelled at by his better half for doing "work".19:45
eanderssonI mean we have had this running for many years19:45
kmallocwell not yelled at...just a stern glare19:45
kmalloc:P19:45
*** jamesmcarthur_ has quit IRC19:45
eanderssonand it works great in general, but as some applications started generating local users19:46
kmallocis it because you need domains/projects/user_ids to be consistent or are you using tokens from one environment in anotheR?19:46
eanderssonit started causing issues19:46
eanderssonas most of our users are backed by ldap19:46
*** ceryx has joined #openstack-keystone19:46
eanderssondomains/projects + tokens19:46
eanderssonis what we care about19:46
eanderssonto be available in all other regions19:46
eanderssonavailable + consistent19:46
kmallocso, the general way i'd do that is central management with read-only remote replicas.19:47
eanderssontokens are easy of course due to fernet19:47
kmallocassuming your CRMS is managing user data to LDAP.19:47
kmallocmanage users/projects/domains centrally, then the remote sites could receive 100% of the replication19:47
kmallocit can scale to probably ~20+ sites, though i think there are issues scaling this upwards of 100, even wtih async19:48
eanderssonHow would that even work? How do you move writes to one region, and all reads to local region?19:48
eanderssonor do you proxy writes to a central region?19:49
kmallocoslo.db should support read vs write connections19:49
kmalloci *think* we have that in keystone19:49
eanderssonAre you going to Denver kmalloc ?19:49
kmallocnope19:49
kmalloci wont be in denver19:49
*** jmlowe has joined #openstack-keystone20:00
*** dave-mccowan has joined #openstack-keystone20:06
*** whoami-rajat has quit IRC20:08
openstackgerritRaildo Mascena proposed openstack/keystone master: [WIP]Fixing dn_to_id function for cases were id it's not in the DN  https://review.openstack.org/64917720:09
*** jamesmcarthur has joined #openstack-keystone20:11
*** pcaruana has quit IRC20:25
*** whoami-rajat has joined #openstack-keystone21:45
*** mchlumsky has quit IRC21:52
*** rcernin has joined #openstack-keystone22:14
*** lbragstad has quit IRC22:14
*** raildo has quit IRC22:37
*** dave-mccowan has quit IRC22:58
*** tkajinam has joined #openstack-keystone23:00
*** jamesmcarthur has quit IRC23:22
*** jamesmcarthur has joined #openstack-keystone23:56
*** whoami-rajat has quit IRC23:58
« Sunday, 2019-04-07 Index Tuesday, 2019-04-09 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!