Sunday, 2015-08-02

« Saturday, 2015-08-01 Index Monday, 2015-08-03 »
*** markvoelker has joined #openstack-keystone00:00
*** markvoelker has quit IRC00:04
openstackgerritHenrique Truta proposed openstack/keystone: Restricting domain_id changing  https://review.openstack.org/20721800:09
openstackgerritMerged openstack/keystoneauth: Set reasonable defaults for TCP Keep-Alive  https://review.openstack.org/20527600:20
*** ayoung has quit IRC01:23
*** dimsum__ has quit IRC01:24
*** jack_ has joined #openstack-keystone01:36
*** dimsum__ has joined #openstack-keystone01:53
*** topol has joined #openstack-keystone01:57
*** ChanServ sets mode: +v topol01:57
*** markvoelker has joined #openstack-keystone02:01
*** dimsum__ has quit IRC02:04
*** markvoelker has quit IRC02:05
*** jack_ has quit IRC02:46
*** hakimo has joined #openstack-keystone02:52
*** hakimo_ has quit IRC02:54
*** archers has joined #openstack-keystone02:58
*** markvoelker has joined #openstack-keystone03:16
*** markvoelker has quit IRC03:21
*** jamielennox|away is now known as jamielennox03:38
*** archers has quit IRC03:44
*** geoffarnold has quit IRC04:12
*** geoffarnold has joined #openstack-keystone04:13
*** topol has quit IRC04:14
*** jamielennox is now known as jamielennox|away04:42
*** browne has quit IRC04:54
*** jungler has quit IRC04:56
*** jungler has joined #openstack-keystone04:57
*** ankita_wagh has joined #openstack-keystone04:57
*** browne has joined #openstack-keystone04:59
*** topol has joined #openstack-keystone05:15
*** ChanServ sets mode: +v topol05:15
*** markvoelker has joined #openstack-keystone05:17
*** topol has quit IRC05:19
*** markvoelker has quit IRC05:22
*** jiaxi has joined #openstack-keystone05:53
*** ankita_wagh has quit IRC06:15
*** hrou has quit IRC06:20
*** josecastroleon has joined #openstack-keystone07:00
*** josecastroleon has quit IRC07:02
openstackgerritAndrey Pavlov proposed openstack/keystonemiddleware: update to global requirements  https://review.openstack.org/20819007:10
openstackgerritAndrey Pavlov proposed openstack/keystonemiddleware: Adding parse of protocol v4 of AWS auth to ec2_token  https://review.openstack.org/20544007:12
*** geoffarnold has quit IRC07:18
*** markvoelker has joined #openstack-keystone07:18
*** geoffarnold has joined #openstack-keystone07:18
*** markvoelker has quit IRC07:23
*** btully has quit IRC07:31
*** btully has joined #openstack-keystone07:31
*** browne1 has joined #openstack-keystone08:02
*** browne has quit IRC08:02
*** henrynash has joined #openstack-keystone08:14
*** ChanServ sets mode: +v henrynash08:14
*** ankita_wagh has joined #openstack-keystone08:27
*** ankita_wagh has quit IRC08:27
*** ankita_wagh has joined #openstack-keystone08:28
*** ankita_wagh has quit IRC08:32
openstackgerrithenry-nash proposed openstack/keystone: Improve List Role Assignments Filters Performance  https://review.openstack.org/13720208:46
openstackgerrithenry-nash proposed openstack/keystone: Enable listing of role assignments in a project hierarchy  https://review.openstack.org/20815208:47
*** henrynash has quit IRC09:14
*** markvoelker has joined #openstack-keystone09:19
*** ankita_wagh has joined #openstack-keystone09:19
*** belmoreira has joined #openstack-keystone09:21
*** markvoelker has quit IRC09:24
*** henrynash has joined #openstack-keystone09:37
*** ChanServ sets mode: +v henrynash09:37
*** ankita_wagh has quit IRC09:40
*** ankita_wagh has joined #openstack-keystone09:41
*** henrynash has quit IRC09:43
*** ankita_wagh has quit IRC09:45
*** rdo has quit IRC09:49
*** rdo has joined #openstack-keystone09:51
*** henrynash has joined #openstack-keystone10:11
*** ChanServ sets mode: +v henrynash10:11
*** henrynash has quit IRC10:12
*** navid_ has quit IRC10:13
*** topol has joined #openstack-keystone10:17
*** ChanServ sets mode: +v topol10:17
*** markvoelker has joined #openstack-keystone10:20
*** topol has quit IRC10:21
*** henrynash has joined #openstack-keystone10:22
*** ChanServ sets mode: +v henrynash10:22
*** navid_ has joined #openstack-keystone10:25
*** markvoelker has quit IRC10:26
*** henrynash has quit IRC10:26
*** henrynash has joined #openstack-keystone10:34
*** ChanServ sets mode: +v henrynash10:34
*** henrynash has quit IRC10:40
*** lhcheng has quit IRC11:11
*** marzif_ has joined #openstack-keystone11:28
*** dimsum__ has joined #openstack-keystone12:43
*** topol has joined #openstack-keystone12:47
*** ChanServ sets mode: +v topol12:47
*** dimsum__ has quit IRC12:50
*** topol has quit IRC12:51
*** dimsum__ has joined #openstack-keystone12:57
*** markvoelker has joined #openstack-keystone13:07
*** topol has joined #openstack-keystone13:08
*** ChanServ sets mode: +v topol13:08
*** markvoelker has quit IRC13:12
*** topol has quit IRC13:12
*** jack_ has joined #openstack-keystone13:25
*** BrAsS_mOnKeY has quit IRC14:18
*** markvoelker has joined #openstack-keystone14:38
openstackgerritBrant Knudson proposed openstack/keystone: Add LimitRequestBody to sample httpd config  https://review.openstack.org/20820814:42
*** hrou has joined #openstack-keystone14:42
*** markvoelker has quit IRC14:43
openstackgerritBrant Knudson proposed openstack/keystone: Remove sizelimit middleware from paste.ini  https://review.openstack.org/20820914:47
*** jack_ has quit IRC15:07
*** piyanai has joined #openstack-keystone15:11
openstackgerritBrant Knudson proposed openstack/keystone: Cleanup use of iteritems  https://review.openstack.org/20678515:14
openstackgerritBrant Knudson proposed openstack/keystone: Use dict.items() rather than six.iteritems()  https://review.openstack.org/20076215:14
*** piyanai has quit IRC15:24
*** topol has joined #openstack-keystone15:25
*** ChanServ sets mode: +v topol15:25
*** topol has quit IRC15:29
*** piyanai has joined #openstack-keystone15:39
*** albertom has quit IRC15:44
*** htruta has quit IRC15:45
*** htruta has joined #openstack-keystone15:45
*** albertom has joined #openstack-keystone15:46
*** piyanai has quit IRC15:50
*** piyanai has joined #openstack-keystone15:52
*** piyanai has quit IRC15:58
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Docstring updates  https://review.openstack.org/20821316:00
openstackgerritGhe Rivero proposed openstack/keystone: Create neutron service in sample_data.sh  https://review.openstack.org/20821516:04
openstackgerritBrant Knudson proposed openstack/keystone: Remove oslo import hacking check  https://review.openstack.org/20821616:11
*** e0ne has joined #openstack-keystone16:23
openstackgerritBrant Knudson proposed openstack/python-keystoneclient: Remove check for requests version  https://review.openstack.org/20821716:25
openstackgerritBrant Knudson proposed openstack/python-keystoneclient: Clarify setting socket_options  https://review.openstack.org/20821816:25
*** e0ne has quit IRC16:28
*** henrynash has joined #openstack-keystone17:09
*** ChanServ sets mode: +v henrynash17:09
*** henrynash has quit IRC17:13
*** alejandrito has joined #openstack-keystone17:30
*** markvoelker has joined #openstack-keystone17:40
*** lhcheng has joined #openstack-keystone17:43
*** ChanServ sets mode: +v lhcheng17:43
*** markvoelker has quit IRC17:44
*** ankita_wagh has joined #openstack-keystone18:01
*** henrynash has joined #openstack-keystone18:03
*** ChanServ sets mode: +v henrynash18:03
*** _cjones_ has joined #openstack-keystone18:11
*** _cjones_ has quit IRC18:15
*** josecastroleon has joined #openstack-keystone18:27
*** topol has joined #openstack-keystone18:39
*** ChanServ sets mode: +v topol18:39
*** hrou has quit IRC18:51
*** browne1 has quit IRC18:52
*** ankita_wagh has quit IRC18:55
*** clayton has quit IRC18:56
*** morganfainberg has quit IRC18:56
*** gsilvis has quit IRC18:56
*** Qlawy has quit IRC18:56
*** esp has quit IRC18:56
*** kfjohnson has quit IRC18:56
*** esp has joined #openstack-keystone18:56
*** Qlawy has joined #openstack-keystone18:56
*** Qlawy has quit IRC18:56
*** Qlawy has joined #openstack-keystone18:56
*** gsilvis has joined #openstack-keystone18:56
*** morganfainberg has joined #openstack-keystone18:56
*** ChanServ sets mode: +v morganfainberg18:56
*** kfjohnson has joined #openstack-keystone18:56
*** clayton has joined #openstack-keystone18:56
*** mylu has joined #openstack-keystone18:57
*** freerunner has quit IRC19:10
*** notmyname has quit IRC19:10
*** SpamapS has quit IRC19:10
*** med_ has quit IRC19:10
*** breton has quit IRC19:10
*** tobasco has quit IRC19:10
*** baffle has quit IRC19:10
*** larsks has quit IRC19:10
*** blogan has quit IRC19:10
*** baffle has joined #openstack-keystone19:10
*** notmyname has joined #openstack-keystone19:10
*** breton has joined #openstack-keystone19:10
*** SpamapS has joined #openstack-keystone19:10
*** tobasco has joined #openstack-keystone19:11
*** larsks has joined #openstack-keystone19:11
*** blogan has joined #openstack-keystone19:11
*** freerunner has joined #openstack-keystone19:11
*** med_ has joined #openstack-keystone19:11
*** med_ is now known as Guest531419:11
*** dimsum__ has quit IRC19:14
*** josecastroleon has quit IRC19:14
*** rdo has quit IRC19:17
*** rdo has joined #openstack-keystone19:19
*** browne has joined #openstack-keystone19:24
*** lhcheng has quit IRC19:31
*** topol has quit IRC19:38
*** mylu has quit IRC19:39
*** markvoelker has joined #openstack-keystone19:40
*** markvoelker has quit IRC19:45
*** lhcheng has joined #openstack-keystone19:51
*** ChanServ sets mode: +v lhcheng19:51
*** afazekas has joined #openstack-keystone20:00
*** afazekas has quit IRC20:06
*** dimsum__ has joined #openstack-keystone20:15
*** dims_ has joined #openstack-keystone20:17
*** ankita_wagh has joined #openstack-keystone20:20
*** dimsum__ has quit IRC20:20
*** afazekas has joined #openstack-keystone20:32
*** alejandrito has quit IRC20:37
*** e0ne has joined #openstack-keystone20:41
openstackgerritHenrique Truta proposed openstack/keystone: Honor domain operations in project table  https://review.openstack.org/14376320:43
*** e0ne has quit IRC20:44
openstackgerritHenrique Truta proposed openstack/keystone: Restricting domain_id changing  https://review.openstack.org/20721820:45
*** dims_ has quit IRC20:50
*** dimsum__ has joined #openstack-keystone20:51
*** markvoelker has joined #openstack-keystone20:56
*** dimsum__ has quit IRC20:57
*** ankita_wagh has quit IRC20:57
openstackgerritHenrique Truta proposed openstack/keystone: List projects filtering by is_domain flag  https://review.openstack.org/15839820:57
*** ankita_wagh has joined #openstack-keystone20:58
*** markvoelker has quit IRC21:01
*** dimsum__ has joined #openstack-keystone21:01
*** browne1 has joined #openstack-keystone21:14
*** browne has quit IRC21:15
openstackgerritHenrique Truta proposed openstack/keystone: Restrict inherited role assignments to subdomains  https://review.openstack.org/16418021:16
*** afazekas has quit IRC21:18
*** belmoreira has quit IRC21:19
*** chris has joined #openstack-keystone21:21
*** chris is now known as Guest5808421:21
*** hrou has joined #openstack-keystone21:22
*** dobson has quit IRC21:28
*** lhcheng has quit IRC21:33
*** dobson has joined #openstack-keystone21:33
openstackgerritMerged openstack/keystone: Add groups in scoped federated tokens  https://review.openstack.org/20716721:34
*** topol has joined #openstack-keystone21:38
*** ChanServ sets mode: +v topol21:38
*** topol has quit IRC21:43
openstackgerrithenry-nash proposed openstack/keystone: Improve List Role Assignments Filters Performance  https://review.openstack.org/13720221:48
*** BrAsS_mOnKeY has joined #openstack-keystone21:51
*** BrAsS_mOnKeY has quit IRC21:57
*** BrAsS_mOnKeY has joined #openstack-keystone21:59
*** jsavak has joined #openstack-keystone22:04
*** dims_ has joined #openstack-keystone22:05
*** dimsum__ has quit IRC22:06
*** henrynash has quit IRC22:13
*** jsavak has quit IRC22:30
*** markvoelker has joined #openstack-keystone22:57
*** markvoelker has quit IRC23:02
*** jamielennox|away is now known as jamielennox23:06
bigjoolsmorning jamielennox23:09
jamielennoxbigjools: hello - you coming over today?23:09
bigjoolsjamielennox: not sure at the moment. I'll probably come tomorrow though.23:09
bigjoolsjamielennox: question for you, if someone is using LDAP for plain users, what's the general solution for local admin users?23:11
jamielennoxbigjools: so it's one backend per domain, so generally we get people to put the service users in LDAP as well23:12
bigjoolsI thought maybe multi-domains would work but Horizon doesn't support that23:12
jamielennoxwhat do you mean for local admin specifically23:12
bigjoolsan admin user that's decoupled from needed LDAP23:13
bigjoolsneeding*23:13
jamielennoxyea, i'd go for another domain23:13
bigjoolsAlso keystone seems to have bugs using multiple domains https://bugs.launchpad.net/keystone/+bug/147957823:14
openstackLaunchpad bug 1479578 in Keystone "Domain-specific config breaks some ops" [Undecided,New]23:14
jamielennoxhorizon does support it23:14
bigjoolsso if I want to log in, it lets me choose a domain now? I couldn't get that working at least with Kilo, are you talking about master?23:15
*** alejandrito has joined #openstack-keystone23:15
morganfainbergjamielennox: https://bugs.launchpad.net/keystoneauth/+bug/147682223:20
openstackLaunchpad bug 1476822 in keystoneauth "default service_type atribute in url_for method should be 'identity'" [Undecided,In progress] - Assigned to Paulo Ewerton (pauloewerton)23:20
jamielennoxbigjools: i thought it was in kilo, there's a horizon option for selecting domain i think, let me look23:20
bigjoolsjamielennox: there is, but it doesn't work for actually logging in, at least in my testing23:21
jamielennoxbigjools: ok, cause i'm looking for the config option and i can't find it23:21
bigjoolsIOW it just sticks to the default domain23:21
jamielennoxwhat's the issue you see?23:22
bigjoolsit's in local_settings23:22
bigjoolsbasically I set up a second domain with its own domain-specific config that was connected to LDAP23:22
bigjoolsbut you can't log in as any of its users, only local sql ones in the default domain23:23
jamielennoxso you hvae v3 auth set up?23:23
bigjoolsas far as I can tell, yes23:23
bigjoolsI don't know whether it's meant to search all domains or if it's supposed to add a domain drop-down so you can select23:24
jamielennoxbigjools: https://github.com/openstack/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L5723:25
jamielennoxbut i thought there was something where you could have like a drop down23:25
bigjoolsrargh, I must have missed that23:25
bigjoolswell, let me check23:25
bigjoolsdamn, had missed it!23:26
jamielennox:)23:27
jamielennoxgood - because i wasn't sure what to suggest next23:27
bigjoolsheh23:27
bigjoolsSo. Much. Config.23:27
jamielennoxyea - that one's unfortunate but it makes sense23:27
jamielennoxoften you will want to have one horizon instance per domain23:27
jamielennoxand the enter a domain name on login isn't a great UX23:28
bigjoolsno :(23:28
bigjoolsjamielennox: what do you think to the idea of having a meta ID driver that can chain users from multiple other drivers?23:32
jamielennoxbigjools: it's certainly doable but it would be very client specific and so wouldn't be upstream23:34
bigjoolsclient specific?23:34
jamielennoxi was going to say domain specific but not like keystone domains23:35
jamielennoxdeployment specific23:35
bigjoolsI would argue that's not the case, given the replies I had on the dev list23:36
jamielennoxbigjools: i think the thing i would question here is why do you have local admin users rather than give admin roles to real users?23:36
bigjoolsBecause not all users are in LDAP23:37
bigjoolsor more to the point, not all admins might be there23:37
bigjoolsif you're running a managed service, you'll want admin users that are not part of a customer's LDAP23:38
jamielennoxso this is i guess a bigger bug bear of mine with REALM != DOMAIN23:39
jamielennoxbut ignore that23:40
bigjoolswords are hard :)23:40
jamielennoxideally the per-domain thing is the right way to do it23:41
jamielennoxwell i think they should be different concepts altogether23:41
bigjoolsI am desperate for a flat white and there's no damn milk in the house. This is a disaster.23:47
bigjoolsok so how would you envisage Horizon's UI for multi-domain login if the existing one is not good?23:48
jamielennoxbigjools: come here then23:55
*** dimsum__ has joined #openstack-keystone23:55
*** dims_ has quit IRC23:57
*** markvoelker has joined #openstack-keystone23:58
« Saturday, 2015-08-01 Index Monday, 2015-08-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!