Tuesday, 2019-07-09

« Monday, 2019-07-08 Index Wednesday, 2019-07-10 »
*** sapd1 has joined #openstack-keystone01:05
*** imacdonn has quit IRC01:13
*** imacdonn has joined #openstack-keystone01:14
*** altlogbot_2 has quit IRC01:28
*** altlogbot_1 has joined #openstack-keystone01:31
*** hemna_ has quit IRC01:34
*** adriant has joined #openstack-keystone01:36
*** hemna_ has joined #openstack-keystone01:38
*** jamesmcarthur has quit IRC02:00
*** lbragstad has quit IRC02:57
*** whoami-rajat has joined #openstack-keystone03:12
*** jamesmcarthur has joined #openstack-keystone03:20
*** jamesmcarthur has quit IRC03:33
*** shyamb has joined #openstack-keystone03:40
*** jamesmcarthur has joined #openstack-keystone04:01
*** jamesmcarthur has quit IRC04:05
*** etp has joined #openstack-keystone04:13
*** jamesmcarthur has joined #openstack-keystone04:19
*** shyamb has quit IRC04:20
*** jamesmcarthur has quit IRC04:29
*** rcernin has quit IRC04:30
*** rcernin has joined #openstack-keystone04:31
*** jamesmcarthur has joined #openstack-keystone04:32
*** pcaruana has joined #openstack-keystone04:35
*** pcaruana has quit IRC04:38
*** vishakha has joined #openstack-keystone04:45
openstackgerritguang-yee proposed openstack/keystone master: update documentation for X.509 tokenless auth  https://review.opendev.org/66979004:59
*** gyee has quit IRC04:59
*** ileixe has quit IRC04:59
*** ileixe has joined #openstack-keystone05:01
*** ileixe has quit IRC05:03
*** ileixe has joined #openstack-keystone05:03
*** jamesmcarthur has quit IRC05:05
openstackgerritMerged openstack/keystone master: nit: remove some useless code  https://review.opendev.org/61262505:18
*** ivve has joined #openstack-keystone05:19
ivveEither [None] key_repository does not exist or Keystone does not have sufficient permission to access it: /etc/keystone/credential-keys/05:36
*** shyamb has joined #openstack-keystone05:36
ivvewas checking this05:37
ivvehttps://github.com/openstack/keystone/blob/106b28ad4c30948c293dc9200adb908893b24a35/keystone/common/fernet_utils.py#L37-L7305:37
ivveusing fernet with keystone.conf defaults05:38
ivvethis just appeared out of nowhere and became worse and worse05:39
ivvekeystone is working fine though05:39
ivvethere is no such directory at all05:39
ivvei tried creating it and giving proper permissions so thats not it05:39
ivverestarting and rotating keys does nothing05:40
*** shyam89 has joined #openstack-keystone05:41
ivvetried looking for bugs but can't find anyhing related05:41
*** shyamb has quit IRC05:41
*** jamesmcarthur has joined #openstack-keystone05:44
*** jamesmcarthur has quit IRC05:51
*** rcernin has quit IRC05:57
*** vishalmanchanda has joined #openstack-keystone06:05
*** jamesmcarthur has joined #openstack-keystone06:24
*** jamesmcarthur has quit IRC06:28
*** etp has quit IRC06:38
*** dancn has joined #openstack-keystone06:40
*** shyam89 has quit IRC06:52
*** jamesmcarthur has joined #openstack-keystone06:59
*** shyamb has joined #openstack-keystone07:02
*** pcaruana has joined #openstack-keystone07:03
*** jamesmcarthur has quit IRC07:05
*** awalende has joined #openstack-keystone07:16
*** ianw is now known as ianw_pto07:16
*** shyamb has quit IRC07:40
*** shyamb has joined #openstack-keystone07:44
*** starborn has joined #openstack-keystone07:49
*** shyamb has quit IRC07:50
*** rcernin has joined #openstack-keystone08:02
*** awalende has quit IRC08:04
*** awalende has joined #openstack-keystone08:05
*** rcernin has quit IRC08:11
*** shyamb has joined #openstack-keystone08:23
*** dancn has quit IRC08:24
*** rcernin has joined #openstack-keystone08:27
*** dancn has joined #openstack-keystone08:29
*** tkajinam has quit IRC08:42
openstackgerritVishakha Agarwal proposed openstack/keystone master: Fix keystone document  https://review.opendev.org/66981808:54
*** jamesmcarthur has joined #openstack-keystone09:01
*** jamesmcarthur has quit IRC09:05
*** jamesmcarthur has joined #openstack-keystone09:32
*** jamesmcarthur has quit IRC09:37
*** shyamb has quit IRC09:40
*** pcaruana has quit IRC09:48
*** shyamb has joined #openstack-keystone09:52
*** dancn has quit IRC09:57
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove [signing] config  https://review.opendev.org/65943410:22
*** xek_ is now known as xek10:32
*** shyamb has quit IRC10:35
*** shyamb has joined #openstack-keystone10:52
*** dancn has joined #openstack-keystone11:11
*** tesseract has joined #openstack-keystone11:11
*** tesseract has quit IRC11:13
*** tesseract has joined #openstack-keystone11:15
*** altlogbot_1 has quit IRC11:19
*** irclogbot_3 has quit IRC11:19
*** altlogbot_3 has joined #openstack-keystone11:20
*** tesseract has quit IRC11:23
*** altlogbot_3 has quit IRC11:25
*** jamesmcarthur has joined #openstack-keystone11:34
*** jamesmcarthur has quit IRC11:39
*** jistr_ has joined #openstack-keystone11:51
*** niceplace_ has joined #openstack-keystone11:52
*** kinrui has joined #openstack-keystone11:53
*** jistr has quit IRC11:55
*** aprice has quit IRC11:55
*** niceplace has quit IRC11:55
*** hogepodge has quit IRC11:55
*** mordred has quit IRC11:55
*** BlackDex has quit IRC11:55
*** jamespage has quit IRC11:55
*** kmalloc has quit IRC11:55
*** TheJulia has quit IRC11:55
*** dustinc has quit IRC11:55
*** jrosser has quit IRC11:55
*** fungi has quit IRC11:55
*** melwitt has quit IRC11:56
*** Krenair has quit IRC11:58
*** shyamb has quit IRC11:59
*** rcernin has quit IRC11:59
*** irclogbot_0 has joined #openstack-keystone12:00
*** aprice has joined #openstack-keystone12:01
*** hogepodge has joined #openstack-keystone12:01
*** jamespage has joined #openstack-keystone12:01
*** mordred has joined #openstack-keystone12:01
*** BlackDex has joined #openstack-keystone12:01
*** kmalloc has joined #openstack-keystone12:01
*** TheJulia has joined #openstack-keystone12:01
*** dustinc has joined #openstack-keystone12:01
*** jrosser has joined #openstack-keystone12:01
*** altlogbot_2 has joined #openstack-keystone12:02
*** raildo has joined #openstack-keystone12:03
*** altlogbot_2 has quit IRC12:05
*** irclogbot_0 has quit IRC12:05
*** jamesmcarthur has joined #openstack-keystone12:07
*** altlogbot_1 has joined #openstack-keystone12:08
*** pcaruana has joined #openstack-keystone12:10
*** altlogbot_1 has quit IRC12:11
*** jamesmcarthur has quit IRC12:11
*** kinrui is now known as fungi12:21
*** shyamb has joined #openstack-keystone12:26
*** jistr_ is now known as jistr12:33
*** jamesmcarthur has joined #openstack-keystone12:45
*** altlogbot_3 has joined #openstack-keystone12:54
*** altlogbot_3 has quit IRC12:57
*** lbragstad has joined #openstack-keystone13:15
*** shyamb has quit IRC13:23
*** vishakha has quit IRC13:33
*** jamesmcarthur has quit IRC13:49
*** cwright has quit IRC13:59
*** cwright has joined #openstack-keystone14:00
*** ayoung has joined #openstack-keystone14:02
*** jamesmcarthur has joined #openstack-keystone14:17
*** whoami-rajat has quit IRC14:18
cmurphywould anybody care to moderate today's meeting for me? I have a conflicting meeting that I'd like to give partial attention to14:22
*** BlackDex has quit IRC14:25
*** BlackDex has joined #openstack-keystone14:27
*** jamesmcarthur has quit IRC14:34
*** awalende has quit IRC14:34
*** jamesmcarthur has joined #openstack-keystone14:35
*** awalende has joined #openstack-keystone14:35
lbragstadcmurphy sure - i can do that14:36
cmurphythanks lbragstad14:37
*** awalende has quit IRC14:39
lbragstadnp14:40
*** BlackDex has quit IRC14:47
*** BlackDex has joined #openstack-keystone14:48
*** starborn has quit IRC14:48
*** ivve has quit IRC14:53
openstackgerritGauvain Pocentek proposed openstack/keystone master: Make application credentials work with group-assigned roles  https://review.opendev.org/66988615:03
*** dancn has quit IRC15:08
kmalloci might miss the meeting today15:11
kmallocdealing with a sick dog.15:11
kmallocjust jumped/lunged at our walker because he's not feeling well.15:11
*** altlogbot_2 has joined #openstack-keystone15:12
*** altlogbot_2 has quit IRC15:17
*** altlogbot_2 has joined #openstack-keystone15:42
*** altlogbot_2 has quit IRC15:47
*** vishakha has joined #openstack-keystone15:56
*** altlogbot_0 has joined #openstack-keystone16:08
*** ivve has joined #openstack-keystone16:08
*** njohnston has joined #openstack-keystone16:09
*** altlogbot_0 has quit IRC16:13
*** altlogbot_3 has joined #openstack-keystone16:20
*** whoami-rajat has joined #openstack-keystone16:20
*** altlogbot_3 has quit IRC16:23
*** irclogbot_3 has joined #openstack-keystone16:24
*** irclogbot_3 has quit IRC16:27
openstackgerritMerged openstack/keystone-specs master: Add spec for immutable resources  https://review.opendev.org/62469216:32
*** altlogbot_2 has joined #openstack-keystone17:00
*** altlogbot_2 has quit IRC17:05
*** irclogbot_2 has joined #openstack-keystone17:10
*** irclogbot_2 has quit IRC17:13
njohnstonlbragstad: Hi, I was wondering if I could ask for your help; mlavalle suggested you'd be a good person to contact.  I am working on https://bugs.launchpad.net/neutron/+bug/172048617:38
openstackLaunchpad bug 1720486 in neutron "ValueError: Circular reference detected when enable keystonemiddle audit" [Medium,Confirmed] - Assigned to Liyingjun (liyingjun)17:38
*** gyee has joined #openstack-keystone17:39
njohnstonlbragstad: There's a proposed solution in keystonemiddleware but it's downvoted with indications that the fix should be in neutron - but as I look at the neutron codebase I don't see where keystonemiddleware (or filter_factory) gets called in the neutron code that could be altered to prevent this.17:40
*** tesseract has joined #openstack-keystone17:40
kmallochey17:43
kmallocsorry for missing the meeting17:43
kmallocsick dog =/ dealing with that among other things17:43
kmalloclbragstad, cmurphy: changing a 500 -> 4XX is a better choice IMO, but a 500 is fine really17:44
kmalloci would like to go with easiest to maintain17:44
cmurphyhmm17:47
lbragstadnjohnston o/17:52
njohnstonlbragstad o/17:53
*** dancn has joined #openstack-keystone17:53
lbragstadnjohnston is there a ksm patch floating around somewhere?17:53
njohnstonlbragstad: https://review.opendev.org/#/c/508659/17:54
openstackgerritMerged openstack/keystone master: Fix keystone document  https://review.opendev.org/66981817:54
lbragstadtrying to refresh myself17:55
lbragstadlooks like it's been a while17:55
lbragstadwas one of the alternatives to not use `neutron_context` and instead just name the context `context`?17:56
njohnstonlbragstad: wouldn't that have the same issue?  In the bug, the nova guys talk about how they had to pop the context out of the notification entirely.17:57
lbragstaddigging up the nova patch17:58
njohnstonlbragstad: https://review.opendev.org/44694817:58
lbragstadaha - sure17:58
lbragstadhttps://review.opendev.org/#/c/446948/1/nova/exception_wrapper.py,unified17:58
lbragstadi think it would be reasonable to do this ksm if we're dealing with a generic name for context (as opposed to neutron_context)18:00
njohnstonright.  but the traces in the bug don't give an indication which notification it might be that neutron is passing through keystonemiddleware to cause this issue18:00
njohnstonlbragstad: so if I was able to change neutron to use 'service_context' instead of 'neutron_context' then the ksm patch could key off of that perhaps?18:01
lbragstadi think something to that effect might get us closer, yes18:01
lbragstadmainly because it makes things more generic and it's reuseable across services18:02
lbragstadotherwise, ksm needs a patch for each project that is using some sort of $project_context naming convention18:02
njohnstonright.  ok, so I'll propose a change in neutron and update the ksm change18:03
njohnstonlbragstad: Thanks very much!18:03
lbragstadiiuc - it looks like that was the main concern behind the current proposal in 50865918:03
lbragstadnjohnston no problem18:03
kmalloccmurphy: i should have the SQL migrations up tonight.18:15
kmalloccmurphy: they're doing construction nearby and i can't get anything done (like right outside my front door) atm18:15
ayoungkmalloc, you do all of your work in Docker, right?18:17
cmurphykmalloc: blegh :(18:17
*** jamesmcarthur has quit IRC18:21
*** dancn has quit IRC18:23
*** whoami-rajat has quit IRC18:30
*** jamesmcarthur has joined #openstack-keystone18:34
*** melwitt has joined #openstack-keystone18:35
*** irclogbot_0 has joined #openstack-keystone18:36
*** tesseract has quit IRC18:39
*** irclogbot_0 has quit IRC18:39
openstackgerritMerged openstack/python-keystoneclient master: Blacklist bandit 1.6.0 & cap sphinx for 2.7  https://review.opendev.org/66060918:40
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Expose root domain as assignment target  https://review.opendev.org/66183718:59
*** lbragstad has quit IRC20:02
*** vishakha has quit IRC20:04
*** ivve has quit IRC20:06
*** xek has quit IRC20:21
*** irclogbot_3 has joined #openstack-keystone20:24
*** irclogbot_3 has quit IRC20:27
*** jamesmcarthur has quit IRC20:40
*** jamesmcarthur has joined #openstack-keystone20:41
*** jamesmcarthur has quit IRC20:48
*** lbragstad has joined #openstack-keystone20:56
*** jmlowe has joined #openstack-keystone21:10
*** irclogbot_1 has joined #openstack-keystone21:14
*** pcaruana has quit IRC21:19
*** irclogbot_1 has quit IRC21:19
*** raildo has quit IRC21:27
*** irclogbot_2 has joined #openstack-keystone21:38
*** irclogbot_2 has quit IRC21:43
*** jmlowe has quit IRC21:51
*** jmlowe has joined #openstack-keystone21:53
*** irclogbot_2 has joined #openstack-keystone21:54
*** altlogbot_3 has joined #openstack-keystone21:55
*** altlogbot_3 has quit IRC21:55
*** irclogbot_2 has quit IRC21:59
*** rcernin has joined #openstack-keystone22:10
*** jamesmcarthur has joined #openstack-keystone22:21
*** awalende has joined #openstack-keystone22:37
*** awalende has quit IRC22:42
*** altlogbot_0 has joined #openstack-keystone22:44
*** Krenair has joined #openstack-keystone22:47
*** altlogbot_0 has quit IRC22:49
*** tkajinam has joined #openstack-keystone22:52
kmallocayoung: yes i did for a while23:12
*** jamesmcarthur has quit IRC23:21
*** jamesmcarthur has joined #openstack-keystone23:42
gyeecmurphy, lbragstad, https://bugs.launchpad.net/keystone/+bug/1813335 is not related to x.509. I think the doc is wrong. X.509 should always be used with federation.23:42
openstackLaunchpad bug 1813335 in OpenStack Identity (keystone) "x509 configured domains are redundant with auto-generated identity provider domains" [Low,Triaged]23:42
gyeeI even go as far as saying the remote user plugin is quite dangerous :-)23:42
cmurphygyee: you mean instead of 'external' ?23:44
cmurphyi thought x.509 was the classic use case for the external auth method23:44
cmurphygyee: i'm reviewing your doc change now btw23:45
*** jamesmcarthur has quit IRC23:46
gyeeno, x.509 is not designed for external auth23:47
gyeex.509 should always be using the federation mechanism23:47
cmurphykmalloc: ayoung ^23:48
gyeeexternal auth, which trust a single attribute (REMOTE_USER), is quite dangerous23:48
« Monday, 2019-07-08 Index Wednesday, 2019-07-10 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!