Friday, 2014-07-04

openstackgerritA change was merged to openstack/keystone: update example with a status code we actually use
*** gyee has quit IRC00:14
*** dims__ has quit IRC00:17
*** gokrokve has joined #openstack-keystone00:23
*** gokrokve has quit IRC00:27
*** dims__ has joined #openstack-keystone00:45
*** dims__ has quit IRC00:51
openstackgerritAnne Gentle proposed a change to openstack/identity-api: Updates pom and fixes a problem to fix the build
*** rodrigods_ has joined #openstack-keystone01:02
*** mberlin1 has joined #openstack-keystone01:14
*** mberlin has quit IRC01:16
ayoungjamielennox, doesn't seem to make a difference.01:21
jamielennoxayoung: i'm actually looking at some stuff now about client and unscoped tokens - it's a disaster01:22
ayoungjamielennox, yeah01:22
ayoungjamielennox, glad its not just me seeing this01:22
ayoungjamielennox, so here is how it should work01:22
ayoungif you create a mgmt=False client, you use the AUTH url for everything, but only allow a very little bit01:23
ayounglike  user self admin and listing projects01:23
ayoungno catalog is good there:  I'd like to make catalog optional, or at least not have it in the token.01:23
*** rwsu has quit IRC01:23
jamielennoxayoung: kind of, really you should be using public anyway01:23
jamielennoxayoung: but yes, i just wrote a patch that i haven't submitted yet so that you can ask for the auth_url01:25
jamielennoxunrelated to what you're doing01:25
ayoungjamielennox, I need this for Horizon01:25
jamielennoxayoung: yea, makes sense - i'm not sure how it would work now01:27
ayoungjamielennox, I think I need a hack to make mgmt=False work, or something smarter to say "here is your management url"01:28
ayoungjamielennox, would that be part of the client, the session, or the Auth plugin?01:28
ayoungI'm thinking client01:29
jamielennoxumm, session01:29
jamielennoxhang on, i'll submit the one i'm working on01:29
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Add the auth endpoint to the identity plugin base.
jamielennoxayoung: hmm, it doesn't make all that much sense without context ^01:32
*** diegows has quit IRC01:32
ayoungjamielennox, I think client, not session01:32
*** rodrigods_ has quit IRC01:32
ayoungI think that two different clients should be able to use two different base urls, no?01:33
jamielennoxayoung: they do01:33
jamielennoxthat would mean saying that endpoint_filter={'interface': 'auth'} will always give you the auth_url01:33
jamielennoxand then the idea would be to expose that at a higher level and cut out management altogether01:34
jamielennoxbecause a boolean there is not expressive enough01:34
jamielennoxah, stupid shell tests doing there own mocking01:35
*** junhongl has joined #openstack-keystone01:39
*** junhongl has quit IRC01:39
ayoungjamielennox, so wouldn't it make sense to specify mgmt url as a kwarg when creating the client?01:41
jamielennoxcreating? no i don't think so - it's more a hangover from the v2 days where there was actually a difference between admin and public url01:42
jamielennoxsaying always use public would cut out a big chunk of what the client could actually do01:42
jamielennoxi think as part of the adapter i allowed people to specify a default though01:43
jamielennoxit makes more sense for other clients01:43
*** dims__ has joined #openstack-keystone01:46
*** dims__ has quit IRC01:50
ayoungjamielennox, so you have a patch that addresses this?>01:52
jamielennoxayoung: i'm trying to do things that will make it better01:53
ayoungjamielennox, I just need to make progress; I'm ok with a throwaway patch for now, so long as the general approach makes sense01:54
jamielennoxayoung: trying to figure out how to emulate this mess with sessions:
jamielennoxwhich i guess is exactly the same problem :)01:55
openstackgerritayoung proposed a change to openstack/python-keystoneclient: Initial kerberos plugin implementation.
jamielennoxi guess you can c&p that into v3 and i'll fix v3 projects at the same time01:55
ayoungjamielennox, into v3 list?01:56
jamielennoxproject list01:56
jamielennoxif all you need is a hack for unscoped tokens01:56
ayoungjamielennox, ugh01:57
ayoungjamielennox, why not in CrudManager?01:57
jamielennoxlovely isn't it01:57
jamielennoxbecause it only applies to projects/tenants and a couple of user operations as they are the only things you can do with an unscoped token01:57
ayoungjamielennox, so what.   Don't enforce policy on the client01:58
ayounglet them call whatever they want via the AUTH url, and then we'll restrict it on the server01:58
jamielennoxi'm not following01:58
jamielennoxit should only go within project list01:58
ayoungjamielennox, nah, let it go within the generic list function:  Instead of getting the base URL from the service catalog, the user can explicitly set it.  For all objects of a specific service02:02
jamielennoxayoung: what is the point of allowing v2 to list eg users on the auth_url?02:02
ayoungjamielennox, because a given deployment should be able to add or remove whatever they want from a given pipeline, and because we are trying to cut down dependence on the service catalog.02:03
jamielennoxthat's debatable on the service catalog - we're trying to change it but there is a lot of work that depends on keystone supplying a service catalog02:05
jamielennoxif we make that same change everywhere then clients suddenly start having to manage there own catalogs again02:05
jamielennoxas it is you are saying that the user should re-use the auth_url02:05
ayoungAuth URL is obvious for Keystone, but what about for the other clients?02:07
jamielennoxso that generic list function is almost exactly the same everywhere02:08
jamielennoxand it's one of the main pieces the oslo apiclient people are trying to synchronize02:08
jamielennoxayoung: take the hack for now, i'm doing some stuff in this area and i'll show you in a day or two02:09
ayoungjamielennox, wilco02:09
jamielennoxit's the same level as bad as the v202:09
jamielennoxisn't roger the agreement?02:10
jamielennoxthis file is completely untested:
* jamielennox cries a little02:12
*** zhiyan_ is now known as zhiyan02:17
ayoungjamielennox,Morse code operators used to send just the R character to indicate a message received.  When Radio came around, the Army came up ewith a Phonetic alphabet to help ake thing clear when spelling across the air.  'R' was Roger, just like A=Able, B=Baker,C=Charlie, and so on.    roger means "recieved"  due to the army not realizing that it was the same amount of syllables.  And the Army has even changed the Phonetic02:19
ayoung Alphabet since then, so that R is now Romeo, but we all still say Roger due to old WWII flicks02:19
ayoungWILCO means Will Comply02:19
ayoungand it implies Received.02:19
ayoungSo you are never supposed to say "Roger, Wilco"02:20
ayoungand Out (end of transmision) implies Over (I'm done speaking)02:20
ayoungbut in the movies we hear "Roger Wilco, over and Out02:20
jamielennoxayoung: did you want me to do anything with the link above?02:21
ayoungjamielennox, note them message:02:21
ayoung"concatenating self.management_url and url and"02:22
jamielennoxyea, anything that goes through _cs is supposed to be authenticated02:22
ayoungbut it doesn't seem to do that, it seems to just get the service catalog02:22
jamielennoxhowever get/post/put etc all go through _cs02:22
jamielennoxmanagement_url should be the admin url from the catalog02:22
ayoungwhy can't that be explicitly set?02:23
ayoungor can it...02:23
jamielennoxi'm trying to make it settable02:23
jamielennoxwell at least that's what endpoint_filter is doing02:23
jamielennoxany reason why you'd ever want to get a token from an admin url, like:
jamielennox(implies v2)02:24
*** dims__ has joined #openstack-keystone02:25
ayoungjamielennox, um...yeah, there was...I want to say it was due to auth_token middleware, and only having a single URL to work with02:25
jamielennoxok, but auth_token definetly doesn't use that code02:25
jamielennoxi guess my question is can i just change that to always use auth_url or do i need to try both02:26
ayoungjamielennox, I don't know.  Lets assume that there is someone out htere that mkes use of every last dumb mistake we've ever mande02:31
ayoungthe real question is "do we care"02:32
ayoungjamielennox, what does _cs  mean in _cs_request?02:37
jamielennoxayoung: no idea, that's way older than my involvement02:38
jamielennoxit's present in novaclient and most others02:38
jamielennoxbut all through the testing as well you will see people calling a client cs - client.Client(..)02:38
jamielennoxso cs was obviously something02:38
*** hrybacki has joined #openstack-keystone02:55
openstackgerritwanghong proposed a change to openstack/keystone: add --rebuild option for ssl/pki_setup
ayoungjamielennox, OK, so I see why it wouldn't be a session wide thing, because the session is supposed to be for all endpoints, and this is specific to one.  I think it makes sense for it to be client specific03:01
openstackgerritAnne Gentle proposed a change to openstack/identity-api: Updates pom and fixes a problem to fix the build
ayoungjamielennox, do I want this review, then?
jamielennoxayoung: eventually, but it'll make more sense mixed in with the 4 or 5 others that i'm doing now03:10
ayoungjamielennox, ok.  So here is the endstate:  I want to use the kerberos plugin from horizon to authenticate, and get an unscoped token, and to then enumerate the projects for a user with that token.  Then, once the user selects a project, they get a scoped token03:11
jamielennoxso it's just enumerating projects with an unscoped token that hasn't been tested03:13
ayoungI've tested it.  It breaks03:18
ayoungbut I assume that is what you are working on.  I'll look for it on Monday.  Please send me an email with the set of patches I need to apply and I'll give them a test.03:18
*** ajc_ has joined #openstack-keystone03:28
*** ajc_ has quit IRC03:28
*** hrybacki has quit IRC03:29
*** ajc_ has joined #openstack-keystone03:30
*** bobt has quit IRC03:33
openstackgerritA change was merged to openstack/identity-api: Updates pom and fixes a problem to fix the build
*** dims__ has quit IRC03:56
boris-42jamielennox hi04:09
jamielennoxboris-42: hi04:09
boris-42jamielennox I make new release of osprofiler04:09
boris-42jamielennox so now it looks like
boris-42jamielennox is it ok ?04:10
jamielennoxgreat, yea that looks good04:10
boris-42jamielennox as well I reply on your comment04:10
jamielennoxthanks for that, i know it was a little bit over cautious04:10
boris-42jamielennox no worries04:10
boris-42jamielennox I agree that it looks better04:11
boris-42jamielennox so it is better to change API before everybody start using it=)04:11
jamielennoxok, i think i didn't present my point well for the commit message04:12
jamielennoxi see what you mean you are looking at profiling calls to keystone, i was thinking it was keystone trying to profile other calls04:12
boris-42jamielennox so in keystone there will be another patch04:13
boris-42jamielennox with actually trace points04:13
boris-42jamielennox so e.g. when you are making request to nova via nova python client04:13
boris-42jamielennox user will get in trace tracepoints from keystone as well04:14
boris-42jamielennox which is nice04:14
jamielennoxyea, just a word in commit message that turns it around04:14
jamielennoxi put a comment on there04:14
boris-42jamielennox lemme see04:14
jamielennoxthe first line is still keystoneclient because it's keystoneclient that you use to talk to keystone04:14
*** openstackgerrit has quit IRC04:14
boris-42jamielennox yep but the keystone is actually profiled..04:14
jamielennoxthe s/in/for comment is what made me think you were trying to do things in keystone server04:15
boris-42jamielennox yep agree with s/in/for/04:15
jamielennoxif you can fix those two (you can do it from gerrit directly) i'll +04:15
boris-42jamielennox done04:16
jamielennoxcool, _204:17
boris-42jamielennox thanks04:17
boris-42jamielennox we will need actually as well one more small change in ceilometer04:17
boris-42jamielennox need to add here exchange04:18
jamielennoxthat's ok, it shouldn't affect the keystoneclient side at all, the headers will get used when ceilometer catches up04:19
boris-42jamielennox so quite soon profiler can be available in python gates04:19
boris-42jamielennox yep04:19
boris-42jamielennox it's more about getting this in gate running=)04:19
boris-42which is my major goal04:19
boris-42combine benchmarks & profiling04:19
jamielennoxwill be good to see, i don't think there has been enough done looking at profiling04:20
*** dims__ has joined #openstack-keystone04:22
boris-42jamielennox ?04:22
jamielennoxboris-42: never mind, i was agreeing with you04:22
boris-42jamielennox heh=)04:22
boris-42jamielennox btw what about moving bin/* folder to keystone/cmd/* like in other projects?)04:23
boris-42jamielennox I spend 1 hour to find it lol=)04:23
*** dims__ has quit IRC04:24
jamielennoxheh, i think it's just because we don't use setuptools for those entry points, it is actually a script04:24
jamielennoxif you want to convert it i think people would accept it04:24
boris-42if __name__ == '__main__':04:24
boris-42ahh I see04:24
boris-42yep probably it will be better to convert04:25
boris-42will be cleaner for newbies like me04:25
*** gokrokve has joined #openstack-keystone04:27
boris-42jamielennox so here is the patch in the project
*** hrybacki has joined #openstack-keystone04:51
*** dstanek is now known as dstanek_zzz04:58
*** hrybacki has quit IRC05:05
*** amcrn has quit IRC05:07
*** gokrokve has quit IRC05:11
*** dims has joined #openstack-keystone05:24
*** chandan_kumar has joined #openstack-keystone05:29
*** dims has quit IRC05:29
*** andreaf has joined #openstack-keystone05:44
*** KanagarajM has joined #openstack-keystone05:54
*** chandan_kumar has quit IRC06:01
*** henrynash has joined #openstack-keystone06:17
*** stevemar has quit IRC06:19
*** KanagarajM has quit IRC06:31
*** KanagarajM has joined #openstack-keystone06:32
*** tkelsey has joined #openstack-keystone06:37
*** chandan_kumar has joined #openstack-keystone06:38
*** KanagarajM has quit IRC06:39
*** afazekas_ has joined #openstack-keystone06:39
*** KanagarajM has joined #openstack-keystone06:39
*** BAKfr has joined #openstack-keystone07:13
*** andreaf has quit IRC07:13
*** andreaf has joined #openstack-keystone07:14
*** dims_ has joined #openstack-keystone07:26
*** dims_ has quit IRC07:31
*** mrda is now known as mrda-away07:41
*** KanagarajM has quit IRC07:45
*** amerine has quit IRC07:51
*** leseb has joined #openstack-keystone07:57
*** openstackgerrit has joined #openstack-keystone08:19
*** KanagarajM has joined #openstack-keystone08:24
*** dims_ has joined #openstack-keystone08:26
*** dims_ has quit IRC08:33
*** dstanek_zzz is now known as dstanek08:40
*** bvandenh has joined #openstack-keystone08:45
*** leseb has quit IRC08:47
*** leseb has joined #openstack-keystone08:48
*** leseb has quit IRC08:52
*** dstanek is now known as dstanek_zzz09:05
*** oomichi has quit IRC09:08
*** leseb has joined #openstack-keystone09:09
openstackgerritgordon chung proposed a change to openstack/keystone-specs: move audit middleware to keystonemiddleware repo
openstackgerritgordon chung proposed a change to openstack/keystone-specs: move audit middleware to keystonemiddleware repo
*** praneshp has quit IRC09:52
*** gordc has joined #openstack-keystone09:54
openstackgerritMarek Denis proposed a change to openstack/keystone: Implement Service Providers API for OS-FEDERATION
*** xianghui has quit IRC09:55
*** xianghui has joined #openstack-keystone09:56
*** chandan_kumar is now known as chandankumar09:59
openstackgerritMarek Denis proposed a change to openstack/keystone: Make OS-FEDERATION core.Driver methods abstract
*** leseb has quit IRC10:13
*** marekd|away is now known as marekd10:13
*** leseb has joined #openstack-keystone10:13
*** leseb has quit IRC10:18
*** gokrokve has joined #openstack-keystone10:41
*** rodrigods_ has joined #openstack-keystone10:46
*** rodrigods_ has quit IRC10:57
*** gokrokve has quit IRC10:59
*** leseb has joined #openstack-keystone10:59
*** leseb has quit IRC11:04
*** zhiyan is now known as zhiyan_11:12
*** leseb has joined #openstack-keystone11:15
*** htruta has quit IRC11:26
*** rodrigods_ has joined #openstack-keystone11:29
*** dims has joined #openstack-keystone11:31
*** dims has quit IRC11:35
openstackgerritMarek Denis proposed a change to openstack/keystone: Make OS-FEDERATION core.Driver methods abstract
*** openstackgerrit has quit IRC11:49
*** openstackstatus has quit IRC11:50
*** openstack has joined #openstack-keystone11:50
*** openstackgerrit has joined #openstack-keystone11:50
*** openstackstatus has joined #openstack-keystone11:51
*** ChanServ sets mode: +v openstackstatus11:51
*** rodrigods_ has quit IRC11:52
*** rodrigods_ has joined #openstack-keystone11:53
*** KanagarajM has quit IRC12:02
*** rodrigods_ has quit IRC12:05
*** afaranha has quit IRC12:07
*** ajc_ has quit IRC12:07
*** htruta has joined #openstack-keystone12:10
*** dhellmann is now known as dhellmann_12:20
*** therve has joined #openstack-keystone12:34
*** htruta has quit IRC12:36
openstackgerrithenry-nash proposed a change to openstack/keystone: multi-backend support for identity
*** dstanek_zzz is now known as dstanek12:52
*** diegows has joined #openstack-keystone12:53
*** leseb has quit IRC12:59
*** leseb has joined #openstack-keystone13:02
*** dims has joined #openstack-keystone13:09
openstackgerritMarek Denis proposed a change to openstack/keystone: Implement Service Providers API for OS-FEDERATION
rodrigodsmarekd, I suppose there is a needed change at keystoneclient as well? ^13:41
marekdrodrigods: in general or now?13:42
rodrigodsmarekd, in general13:42
marekdrodrigods: BTW, this is  WIP :-)13:42
marekdrodrigods: ah, you mean for Service provider's CRUD?13:42
marekdwell, yes, but I wouldn't bother right now...13:43
marekdrodrigods: i am building some stub for Service Providers but the end result may be sslightly different.13:43
marekdthat's why it will be wip until we finalize specs13:43
rodrigodsmarekd, cool, will try to be updated with this =)13:44
marekdsure :-)13:44
marekdif you want to help with keystoneclient and Icehouse federation13:45 you have access to some SAML IdPs ?13:45
rodrigodsmarekd, yeah, we've made a deploy here in the lab to test Icehouse federation13:46
rodrigodsis there anything to be implemented at keystoneclient?13:46
marekdwhat idp?13:46
marekdrodrigods: ^^13:46
marekdhm, do you fancy playing with and the depending patch?13:47
rodrigodsmarekd, never used it, but seems something nice to play with =)13:49
marekdi'd appreciate :-)13:50
marekdi tested it against real shib IdP, but the more eyes on that the better.13:50
rodrigodsmarekd, cool13:51
marekdreviews appreciated as well :-)13:52
marekdrodrigods: but that's obvious :-)13:52
openstackgerritMarek Denis proposed a change to openstack/keystone: Add schema check for OS-FEDERATION mapping table
marekdrodrigods: i will need to wrap the ecp plugins with another class but generally the workflow and the core code stays...13:53
marekduntil we figure out there is something fundamentally wrong :-)13:54
*** bvandenh has quit IRC13:59
rodrigodsmarekd, nice14:03
*** gordc has quit IRC14:09
*** chandankumar has quit IRC14:17
*** chandankumar has joined #openstack-keystone14:25
*** gokrokve has joined #openstack-keystone14:31
*** stevemar has joined #openstack-keystone14:38
openstackgerritJordan Pittier proposed a change to openstack/python-keystoneclient: Ensure no double slash in get token URL
*** rodrigods_ has joined #openstack-keystone14:56
*** rodrigods_ has quit IRC15:03
*** gokrokve has quit IRC15:04
*** richm has joined #openstack-keystone15:08
*** richm has left #openstack-keystone15:08
*** topol has joined #openstack-keystone15:13
*** rodrigods_ has joined #openstack-keystone15:18
*** rodrigods_ has quit IRC15:21
*** leseb has quit IRC15:43
*** leseb has joined #openstack-keystone15:43
*** leseb has quit IRC15:48
stevemarmarekd, ping15:53
*** BAKfr has quit IRC15:54
marekdstevemar: hey16:01
stevemarmarekd, it's so busy today!16:02
marekdJuly 4th :D16:02
marekddo you know if the docs' bug if now fixed?16:04
marekdthere are couple of patches pending ;/16:04
stevemarmarekd, i doubt it, just try rechecking :P16:05
marekdstevemar: nah, i will be more eco and save some CPUs cycles :P16:06
stevemarmarekd, oh  maybe, this was merged:
*** hrybacki has joined #openstack-keystone16:07
marekdstevemar: i can see you are doing the job :D16:08
stevemarmarekd, the gate isn't exactly under heavy load atm :P16:08
stevemarmarekd, yep! done!16:08
stevemarmarekd, so how did you want to split up the k2k work?16:08
stevemaryou've got a handle on SP?16:08
marekdstevemar: should be easy.16:09
stevemari can update idp w/ public keys?16:09
marekdstevemar: sure. Do you want to add an attribute?16:09
stevemarmarekd, yeah, add a column to the table, i can do mapping enhancements if they are required (project, role, domain)16:09
stevemarmarekd, the auth piece should be similar, but need to verify it's signed properly16:10
marekdstevemar: hmmm, TBH I woiuld hold off with that: adding an attribute to IdP can be easy, but mapping enhacements. After yesterday's discussions are we sure we will use custome protocol and not get back to saml idea?16:11
marekdI am not so sure...;/16:11
stevemaryeah :(16:11
marekdso it's of course up to your decision but you very likely can waste your time.16:11
marekdi think SPs will be used anyway, so i started doing that. But mappings? I am not sure. I think lots will happen during the hackathon.16:12
marekdhow about you trying saml ecp client plugin aith TFIM?16:12
marekdi don't the access and I am very interested how it works ;/16:12
marekdso we can confirm it works with IBM product.16:12
*** leseb has joined #openstack-keystone16:14
*** gokrokve has joined #openstack-keystone16:15
*** leseb has quit IRC16:15
*** leseb has joined #openstack-keystone16:15
*** tkelsey has quit IRC16:15
*** leseb has quit IRC16:15
*** gokrokve has quit IRC16:19
*** topol has quit IRC16:23
marekdstevemar: i am out of here. Flying to the States tmrw16:30
marekdsee ya on Tuesday!16:30
*** marekd is now known as marekd|away16:31
*** chandankumar has quit IRC16:36
openstackgerritA change was merged to openstack/identity-api: Revert "Trusted Attributes Policy for External Identity Providers"
openstackgerritA change was merged to openstack/identity-api: Fix links sections in federation mapping docs
*** raildo has left #openstack-keystone16:58
*** rodrigods has quit IRC16:58
*** praneshp has joined #openstack-keystone16:58
stevemaryay things merged!17:06
*** thedodd has joined #openstack-keystone17:13
*** achampion has quit IRC17:13
*** thedodd has quit IRC17:28
*** afazekas_ has quit IRC17:29
openstackgerritSteve Martinelli proposed a change to openstack/identity-api: Remove duplicate section title
morganfainbergstevemar, thats right, you don't get the day off do ya?17:57
morganfainbergstevemar, since you work today *shifty eyes*17:58
morganfainbergstevemar, mind takeing a look at - i need a couple +2s on it (even failing tempest) before we can merge the tempest fixes.17:58
morganfainbergstevemar, even a +1 saying you'd support the change would be good and/or lots of comments17:58
stevemarmorganfainberg, yes... today... *shifty eyes*17:58
stevemari'm holding down the fort!17:58
stevemarmorganfainberg, oof ... yes, that one17:59
morganfainbergi'm gonna go buy some new cycling gear today18:00
morganfainbergmaybe a new car18:00
morganfainberggonna go for a nice big bike ride tomorrow morning :)18:00
morganfainbergand then pack for the meetup on... uh... sunday i think or monday18:00
stevemarmorganfainberg, things are open?18:00
stevemari thought stores would be closed up?18:01
morganfainberglots of stuff is open18:01
morganfainbergthe 4th is a big sale day18:01
morganfainbergthey just close early18:01
morganfainbergbanks are closed18:02
stevemari guess just retail is open then18:02
morganfainbergthe 4th is a big money day. so retail and such are open18:02
morganfainbergyeah. services companies get the day off, etc18:03
*** achampion has joined #openstack-keystone18:10
*** diegows has quit IRC18:13
*** achampion has quit IRC18:14
*** tkelsey has joined #openstack-keystone18:19
*** diegows has joined #openstack-keystone18:25
*** tkelsey has quit IRC18:32
openstackgerritA change was merged to openstack/identity-api: Updated from global requirements
*** achampion has joined #openstack-keystone18:57
*** diegows has quit IRC18:58
boris-42morganfainberg around18:59
morganfainbergboris-42, breifly19:00
boris-42morganfainberg heh happy holidays btw=) why are you working lol?)19:00
morganfainbergboris-42, not working, just ahppen to be on the computer where IRC is logged in :)19:00
boris-42morganfainberg =)19:00
boris-42morganfainberg so about profiling it's ready to be merged..19:01
boris-42morganfainberg so guys can we somehow put priority for it?19:01
boris-42morganfainberg so probably during next thing I'll automate everything in rally19:01
morganfainbergi'll look at it either sunday or monday.19:01
morganfainbergwe're at the hackathon next week, so it'll be easier to review some of thise stuff19:01
boris-42morganfainberg yep that will be nice19:01
morganfainbergboris-42, so, since apache performance should be a bit better:,n,z19:02
boris-42morganfainberg so here are 2 super tiny pathces19:02
morganfainbergthose are the reviews that block apache keystone19:02
boris-42morganfainberg btw something happened with perfromance19:02
boris-42morganfainberg and it's already better19:02
morganfainbergwell we have had a bunch of things shift19:03
boris-42morganfainberg compare pls19:03
morganfainbergand eventlet now _can_ run multi worker19:03
hrybackimorganfainberg: if you're doing quick reviews I'd love if you could glance at these ;) and  -- trying to get them merged before they are forgotten!19:04
boris-42morganfainberg so compare thoos things19:04
boris-42hrybacki hm why they should be random?19:04
boris-42hrybacki personally I dislike random in tests19:05
hrybackiboris-42: as per bknudson19:05
morganfainbergboris-42, also we have seen a change based upon the clouds tempest runs in.19:05
boris-42morganfainberg ?19:05
boris-42morganfainberg but it's not related to rally gates at all19:05
morganfainbergboris-42, running in different hp / rax clouds/AZ/etc has produced different results on _anything_ we run19:05
boris-42morganfainberg or you mean that tempest is passing faster19:05
morganfainbergboris-42, so if you land in a slow now, rally would be slow19:06
morganfainbergslow node*19:06
boris-42morganfainberg yep it will be slower a bit19:06
morganfainberggenerally, i think the underlying VMs have been better lately with the changes19:06
boris-42morganfainberg but there is no more such crap19:06
morganfainbergalso, we run tempest in trusty now not precise19:06
morganfainberg14.04 vs 12.0419:06
morganfainbergdifferent kernels19:06
boris-42morganfainberg ahh19:06
morganfainbergdifferent lots of stuff19:06
boris-42morganfainberg in any case you are getting better result now=)19:06
boris-42morganfainberg ooo19:07
boris-42morganfainberg thanks
openstackboris-42: Error: "!" is not a valid command.19:07
morganfainbergboris-42, yeah that was an easy one19:07
boris-42morganfainberg the second one is as well easy19:07
boris-42morganfainberg we will have a bit to hack devstack gate project19:07
boris-42morganfainberg to be able to enable in rally gates profiling19:07
morganfainbergboris-42, the 2nd one takes more than a quick glance19:08
morganfainbergboris-42, and i need to run to a store before they close today19:08
boris-42morganfainberg he19:08
boris-42morganfainberg btw fyi19:08
boris-42morganfainberg I updated read me file19:08
morganfainberghrybacki, those are a bit more involved than a quick glance right now can get done19:08
boris-42morganfainberg so it will help you a lot19:08
morganfainberghrybacki, i'll need to circle back later on19:08
hrybackimorganfainberg: ++ thank you!19:08
boris-42morganfainberg so just read the read me file=)19:09
morganfainbergboris-42, nice!19:09
boris-42morganfainberg and you'll understand what is happening=)19:09
*** jdennis has quit IRC19:09
morganfainbergboris-42, if you have any kind of real workloads to test on, i'd appreciate it19:09
morganfainbergboris-42, i'm trying to justify the work and continuing on that path19:10
boris-42morganfainberg to put some rally jobs?19:10
morganfainbergboris-42, but it's looking like a wash fom tempest and rally19:10
boris-42morganfainberg I mean benchmarks in task of rally19:10
morganfainbergboris-42, not just for rally, but from a "is this change benefitting us at all"19:10
morganfainbergboris-42, right, but rally is contrived, and the benchmark isn't as defined as a real workload19:10
morganfainbergboris-42, yet19:10
morganfainbergboris-42, eventually it'll be more rounded, i'm positive19:11
boris-42morganfainberg but actually with random()19:11
boris-42morganfainberg we can trigger a lot of operations19:11
morganfainbergboris-42, but i'm looking for shorter term "does this really make things better, worse, or no change"19:11
boris-42morganfainberg or we can just run multiply commands19:11
morganfainberglike i said, looking to find if that makes any real difference19:11
boris-42morganfainberg btw we can test it on local installation19:11
boris-42morganfainberg so it will be the same hardware19:12
boris-42morganfainberg with change and without19:12
morganfainbergyeah, that would work. just let me know if you have a few minutes to run some tests19:12
boris-42morganfainberg on different benchmarks19:12
boris-42morganfainberg yep I have19:12
boris-42morganfainberg I will run some tests19:12
morganfainbergcomment on the review if you do get a chance19:12
morganfainbergi'd love to get feedback on the value19:12
morganfainbergif it's no benefit, i'll shelve that work until we solve the other stuff going on19:12
boris-42morganfainberg sure I will just put results19:12
boris-42morganfainberg and you'll make decison=)19:12
morganfainberge.g. apache, non-persistent tokens, etc19:13
morganfainbergboris-42, ++ awesome19:13
boris-42morganfainberg so we have benchmark19:13
boris-42morganfainberg for tokens19:13
boris-42morganfainberg that calls authentification19:13
boris-42morganfainberg I actually can run all set of benchmarks19:13
boris-42morganfainberg related to keystone19:13
boris-42and share results19:13
boris-42actually I'll just do that19:14
morganfainbergthe non-persistent tokens may be less of a performance win and more of a "no overhead cause we don't store them" win.19:14
boris-42morganfainberg btw we have some user stories19:14
boris-42morganfainberg difference of authenticate in case of default installation and apache=)19:14
morganfainbergwow the apache one is waaaaaay better19:15
morganfainbergholy crap19:15
boris-42morganfainberg =)19:15
morganfainberghave you tried with multiple eventlet workers?19:15
boris-42morganfainberg that's why we started these user stores19:15
boris-42morganfainberg it's not my work19:15
boris-42morganfainberg it's done by nkhare19:15
*** diegows has joined #openstack-keystone19:15
boris-42morganfainberg that wrote most of keystone benchmarks19:15
morganfainbergcan try that same kind of stuff with set higher19:16
morganfainbergand compare to apache19:16
boris-42morganfainberg so I'll make one more user story19:16
boris-42morganfainberg I'l ask nkhare19:16
boris-42morganfainberg cause I don't have the same hardware19:16
boris-42morganfainberg and it's kind of important thing=)19:16
boris-42morganfainberg so wait for my user sotry=)19:17
*** dims has quit IRC19:22
*** jdennis has joined #openstack-keystone19:23
*** stevemar has quit IRC19:49
*** dstanek is now known as dstanek_zzz19:59
openstackgerritA change was merged to openstack/python-keystoneclient: Add profiling support to keystoneclient
boris-42morganfainberg ^ woot20:19
*** dstanek_zzz is now known as dstanek20:20
*** dims has joined #openstack-keystone20:27
*** dstanek is now known as dstanek_zzz20:30
*** dstanek_zzz is now known as dstanek20:32
*** hrybacki has quit IRC20:40
*** chandankumar has joined #openstack-keystone20:46
*** chandankumar has quit IRC21:03
*** dstanek is now known as dstanek_zzz21:05
*** dstanek_zzz is now known as dstanek21:12
*** dims has quit IRC21:12
*** henrynash has quit IRC21:22
*** jamielennox is now known as jamielennox|away22:02
*** dstanek is now known as dstanek_zzz22:11
*** andreaf has quit IRC22:22
*** andreaf has joined #openstack-keystone22:24
*** zhiyan_ is now known as zhiyan22:26
*** boris-42 has quit IRC22:29
*** boris-42 has joined #openstack-keystone22:29
*** mrda-away is now known as mrda23:05
*** dstanek_zzz is now known as dstanek23:13
*** diegows has quit IRC23:20
*** dstanek is now known as dstanek_zzz23:22
*** zhiyan is now known as zhiyan_23:36

Generated by 2.14.0 by Marius Gedminas - find it at!