Thursday, 2019-12-12

« Wednesday, 2019-12-11 Index Friday, 2019-12-13 »
*** jamesmcarthur has joined #openstack-keystone00:26
*** jamesmcarthur has quit IRC01:37
*** gyee has quit IRC01:45
*** jamesmcarthur has joined #openstack-keystone02:05
*** jamesmcarthur has quit IRC02:20
*** Dinesh_Bhor has joined #openstack-keystone02:58
*** shyamb has joined #openstack-keystone05:07
*** awalende has joined #openstack-keystone05:48
*** awalende has quit IRC05:52
*** pcaruana has joined #openstack-keystone06:18
openstackgerritVishakha Agarwal proposed openstack/keystone-specs master: Alembic Migrations Specification Change-Id: I85579947f31fb74047b33529ad8918787ac7ed34  https://review.opendev.org/69827906:18
openstackgerritVishakha Agarwal proposed openstack/keystone-specs master: Alembic Migrations Specification  https://review.opendev.org/69827906:20
*** shyamb has quit IRC06:26
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add name in GET API of application credentials  https://review.opendev.org/69651906:27
*** shyamb has joined #openstack-keystone07:02
*** shyamb has quit IRC07:10
*** shyamb has joined #openstack-keystone07:10
openstackgerritVishakha Agarwal proposed openstack/keystone-specs master: Alembic Migrations Specification  https://review.opendev.org/69827907:12
*** awalende has joined #openstack-keystone07:15
*** awalende has quit IRC07:21
*** shyamb has quit IRC07:41
*** tesseract has joined #openstack-keystone07:59
*** tkajinam has quit IRC08:04
*** awalende has joined #openstack-keystone08:23
*** amoralej|off is now known as amoralej08:26
*** dancn has joined #openstack-keystone08:39
*** shyamb has joined #openstack-keystone09:01
*** redrobot has quit IRC09:11
*** redrobot has joined #openstack-keystone09:13
*** spatel has joined #openstack-keystone09:26
*** shyamb has quit IRC09:57
*** shyamb has joined #openstack-keystone09:59
*** spatel has quit IRC10:28
*** shyamb has quit IRC10:30
*** shyamb has joined #openstack-keystone10:43
*** shyamb has quit IRC10:44
*** shyamb has joined #openstack-keystone10:44
*** rcernin has quit IRC10:56
*** pcaruana has quit IRC11:03
*** pcaruana has joined #openstack-keystone11:06
*** shyamb has quit IRC11:19
*** shyamb has joined #openstack-keystone11:24
*** shyamb has quit IRC12:11
*** raildo has joined #openstack-keystone12:28
*** shyamb has joined #openstack-keystone12:59
*** amoralej is now known as amoralej|lunch13:02
*** shyamb has quit IRC13:15
*** jamesmcarthur has joined #openstack-keystone13:20
*** FlorianFa has joined #openstack-keystone13:22
*** amoralej|lunch is now known as amroalej13:32
*** amroalej is now known as amoralej13:32
*** jamesmcarthur has quit IRC13:36
*** jamesmcarthur has joined #openstack-keystone13:37
*** jamesmcarthur has quit IRC13:45
*** jamesmcarthur has joined #openstack-keystone13:47
*** pcaruana has quit IRC13:57
*** spatel has joined #openstack-keystone14:10
*** jamesmcarthur has quit IRC14:35
*** jamesmcarthur has joined #openstack-keystone14:35
*** pcaruana has joined #openstack-keystone14:36
*** jamesmcarthur has quit IRC14:37
*** jamesmcarthur_ has joined #openstack-keystone14:37
spatelcmurphy: morning!14:37
spatelcmurphy: I have 3 isolated openstack environment and all 3 has isolated keystone identity, i am using terraform to deploy instances so question is can i do something that Application creds get shared between all three cloud so i don't need to maintain 3 different app creds for 3 cloud.14:44
spatelwhat do you suggest for this kind of environment?  what would be the best practice here?14:45
mordredspatel: so - I don't know if terraform has support for reading a clouds.yaml file (I *think* gophercloud added support for that) - but that's what I use to manage resources across multiple independent clouds. it still requires having an app cred in each cloud - but that's because they are independent clouds14:50
spatelmordred: that is what i am looking for, we are using AWS which support multiple profiles so terraform works great. i am looking for that kind of solution where terraform read profile and load creds according.14:52
spatelIt would be great if i can link 3 cloud keystone and make them trustable or sharable creds but not sure if that is possible or not (keystone federation )14:53
mordredspatel: yeah - with openstacksdk / ansible / salt / openstackclient  there is a file called clouds.yaml that allows you to configure something like that (multiople named profile)14:53
mordredI'm 95% sure that the gophercloud folks added at least some support for the file format, which means it should be theoretcially possible to use it from terraform14:54
mordredbut I have no direct experience doing so14:54
mordredspatel: yes - it does14:55
mordredhttps://www.terraform.io/docs/providers/openstack/index.html#configuration-reference14:55
mordredif you look at the "cloud" option there14:55
spatelmordred: oh yeah!14:55
mordredhttps://docs.openstack.org/openstacksdk/latest/user/config/configuration.html#config-files14:56
mordredis the up to date docs - I'll see if I can figure out how to file a PR to update the terraform link14:56
spatelThat is cool..14:57
mordredhttps://github.com/terraform-providers/terraform-provider-openstack/pull/943 fwiw15:01
*** lbragstad has joined #openstack-keystone15:04
*** jamesmcarthur_ has quit IRC15:15
*** jamesmcarthur has joined #openstack-keystone15:16
*** jamesmcarthur has quit IRC15:22
*** jamesmcarthur has joined #openstack-keystone15:23
*** spatel has quit IRC15:29
*** jamesmcarthur has quit IRC15:31
*** jamesmcarthur has joined #openstack-keystone15:31
*** spatel has joined #openstack-keystone15:32
*** jamesmcarthur has quit IRC15:34
*** jamesmcarthur has joined #openstack-keystone15:34
aning_cmurphy: any document about how to use keystone evet notifications?15:39
aning_Basically a application wants to be notified if a user's password changed.15:40
gagehugoaning_ yeah one sec15:51
vishakhaaning_: You can look into https://docs.openstack.org/keystone/latest/admin/event_notifications.html15:51
gagehugo^15:51
gagehugocadf is the default notification format15:52
gagehugobut the auth notifications are disabled by default (They create a lot of notifications when on)15:52
gagehugoif you want those,then you need to set [DEFAULT] notification_opt_out: "" in the keystone conf15:53
gagehugoThen depending on if you want to output the notifications to a message bus (rabbitmq) or just in the keystone logs, you need to set the oslo_messaging_notifications driver config setting15:58
gagehugohttp://paste.openstack.org/show/787504/15:58
gagehugolog is easiest, rabbit requires setting up the service and providing the transport_url15:59
aning_gagehugo: thx. It has to be a message (by rabbitmq) in our case.16:00
aning_Do you know if a user password change will trigger an notification?16:01
aning_We want to limit notificatins as much as possible, only need password change notifications (at least for now)16:01
gagehugoyes it should16:03
gagehugo[DEFAULT] notification_opt_out: "" may or may not be needed for change_password, I'm not sure16:04
gagehugobut if it's not, then don't set that line16:04
*** gyee has joined #openstack-keystone16:05
aning_sounds good. Thx16:05
*** jamesmcarthur has quit IRC16:09
*** jamesmcarthur has joined #openstack-keystone16:10
*** dave-mccowan has joined #openstack-keystone16:10
*** irclogbot_2 has quit IRC16:14
*** irclogbot_2 has joined #openstack-keystone16:15
*** jamesmcarthur has quit IRC16:15
*** jamesmcarthur has joined #openstack-keystone16:16
*** lbragstad has quit IRC16:16
*** lbragstad has joined #openstack-keystone16:34
*** jamesmcarthur has quit IRC16:42
*** jamesmcarthur has joined #openstack-keystone16:43
*** jamesmcarthur_ has joined #openstack-keystone16:47
*** tesseract has quit IRC16:48
*** jamesmcarthur has quit IRC16:51
*** raildo has quit IRC17:05
*** raildo has joined #openstack-keystone17:05
*** jamesmcarthur_ has quit IRC17:06
*** raildo has quit IRC17:06
*** raildo has joined #openstack-keystone17:06
*** raildo has quit IRC17:11
*** raildo has joined #openstack-keystone17:13
*** jamesmcarthur has joined #openstack-keystone17:32
*** raildo has quit IRC17:50
*** raildo has joined #openstack-keystone17:51
*** lbragstad has quit IRC17:52
*** jamesmcarthur has quit IRC18:04
*** jamesmcarthur has joined #openstack-keystone18:04
*** jamesmcarthur has quit IRC18:07
*** jamesmcarthur has joined #openstack-keystone18:07
*** dancn has quit IRC18:08
*** awalende_ has joined #openstack-keystone18:09
*** ayoung has quit IRC18:09
*** awalende has quit IRC18:13
*** awalende_ has quit IRC18:13
*** awalende has joined #openstack-keystone18:14
*** awalende has quit IRC18:15
*** awalende has joined #openstack-keystone18:15
*** aloga has quit IRC18:15
*** awalende has quit IRC18:20
*** jamesmcarthur has quit IRC18:22
*** cmart has joined #openstack-keystone18:36
*** awalende has joined #openstack-keystone18:38
*** amoralej is now known as amoralej|off18:43
*** awalende has quit IRC18:43
*** gmann is now known as gmann_afk18:53
openstackgerritZane Bitter proposed openstack/oslo.policy master: Don't use string processing to combine deprecated rules  https://review.opendev.org/69879019:30
*** cmart has quit IRC20:14
*** pcaruana has quit IRC20:19
*** spatel has quit IRC20:48
*** raildo has quit IRC22:14
*** awalende has joined #openstack-keystone22:15
*** cmart has joined #openstack-keystone22:18
*** awalende has quit IRC22:20
*** cmart has quit IRC22:21
*** gmann_afk is now known as gmann22:29
*** tkajinam has joined #openstack-keystone23:06
*** dmellado has quit IRC23:09
*** irclogbot_2 has quit IRC23:11
*** dmellado has joined #openstack-keystone23:11
*** irclogbot_1 has joined #openstack-keystone23:12
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: WIP/PoC:Add RBAC tests  https://review.opendev.org/68630523:43
« Wednesday, 2019-12-11 Index Friday, 2019-12-13 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!