Monday, 2015-09-14

« Sunday, 2015-09-13 Index Tuesday, 2015-09-15 »
*** spandhe has joined #openstack-keystone00:06
*** gus_ is now known as gus00:07
*** chlong has joined #openstack-keystone00:10
openstackgerritBrant Knudson proposed openstack/keystone: Refactor: Don't hard code the error code  https://review.openstack.org/19862300:22
*** shadower has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
stevemarbknudson: oof, thats a lot of re-write00:24
bknudsonstevemar: and it's incomplete.00:25
stevemarbknudson: missing some tests i guess?00:25
stevemari'm okay with that00:25
stevemarfollow on patch could fix that00:26
bknudsonstevemar: there are a lot of references to HTTP error codes that aren't changed.00:26
*** ericksonsantos has quit IRC00:30
*** ericksonsantos has joined #openstack-keystone00:35
*** rdo has quit IRC00:50
*** rdo has joined #openstack-keystone00:52
openstackgerritMerged openstack/keystoneauth: Move session loading tests into loading section  https://review.openstack.org/22201600:52
*** spandhe_ has joined #openstack-keystone00:53
*** spandhe has quit IRC00:54
*** spandhe_ is now known as spandhe00:54
*** chlong has quit IRC01:02
stevemarbknudson: thanks for reviewing the policy patch01:08
*** openstackgerrit has quit IRC01:16
*** openstackgerrit has joined #openstack-keystone01:17
openstackgerritMerged openstack/oslo.policy: remove deprecation text for policy_dirs option  https://review.openstack.org/22246601:25
*** davechen has joined #openstack-keystone01:31
davechenbknudson: thanks so much for helping fixing so many grammar issue in the patch (https://review.openstack.org/#/c/198623/) :)01:33
*** davechen1 has joined #openstack-keystone01:42
*** davechen has quit IRC01:45
*** chlong has joined #openstack-keystone01:53
*** davechen has joined #openstack-keystone01:58
openstackgerritMerged openstack/keystone: Refactor: Don't hard code the error code  https://review.openstack.org/19862301:58
*** davechen1 has quit IRC02:00
*** geoffarnold is now known as geoffarnoldX02:01
*** mylu has joined #openstack-keystone02:06
*** jamielennox|away is now known as jamielennox02:14
*** mylu has quit IRC02:15
stevemardavechen: we're happy to help02:16
*** mylu has joined #openstack-keystone02:17
*** dimsum__ has quit IRC02:17
*** tobe has joined #openstack-keystone02:24
*** tobe has quit IRC02:24
davechenstevemar: :)02:26
davechenstevemar: for that patch, still need to replace 2xx and 500xx, change is huge somehow.02:27
stevemardavechen: yeah, i figured there were more to replace but its all good02:28
jamielennoxmordred: by a quick look on github heatclient should support session02:28
davechenstevemar: if we get those done, these will be a standard for the new testcases. :)02:28
stevemardavechen: yep, thats the hope02:29
davechenjamielennox: bug 1494327 is imported by this commits (https://review.openstack.org/#/c/216579).02:29
openstackbug 1494327 in keystonemiddleware "DuplicateOptError intermittently breaks UT" [High,In progress] https://launchpad.net/bugs/1494327 - Assigned to Dave Chen (wei-d-chen)02:29
*** csoukup has joined #openstack-keystone02:30
jamielennoxmordred: endpoint_type looks broken02:30
jamielennoxdavechen: yea i came to that conclusion as well. i have no idea why02:31
*** csoukup has quit IRC02:31
jamielennoxwell i have some idea but i don't know why it would show up now or why it worked before02:31
davechenthere might be more easy way to address this bug by just remove username from the conf, but this is not flexible, and it not allowed us to register these conf with the new values.02:31
davechenso, i do some change to unregister those effected conf options after testcases.02:32
jamielennoxit's not the coffee that's broken it's the test in that review. it instantiates two copies of auth_token and they are registering different plugins on a global object02:32
jamielennoxcode - typing on phone02:33
davechenoslo-config allow the conf options with the same value but not allow to register with the new value, you have given the new value in the testcase, so, it's broken.02:33
davecheni think it is not make sense that all of the testcase and maybe the testcase in the future should keep using the default.02:35
*** markvoelker has joined #openstack-keystone02:43
*** Nirupama has joined #openstack-keystone02:44
*** sdake has joined #openstack-keystone02:44
*** mylu has quit IRC02:46
*** markvoelker has quit IRC02:48
*** stevemar has quit IRC02:51
davechenjamielennox: it instantiates two copies of auth_token, but they are using the same ConfigOpts02:51
*** dave-mccowan has quit IRC02:52
*** stevemar has joined #openstack-keystone02:52
*** ChanServ sets mode: +v stevemar02:52
jamielennoxright, one time send to register the password plugin, one time the v3 password plugin and the help text for username is different so it fails02:53
*** sdake_ has joined #openstack-keystone02:56
davechenand not just usename, in my test user_id also cause the failure.02:56
davechenjamielennox: that means it will also fail some testcase before that commit, but not such frequently.02:57
*** sdake has quit IRC02:59
jamielennoxi don't know how that test case changed others, i think there is some problems in how CONF is being reused03:00
davechenjamielennox: looked into the oslo-config, it just refuse to register the different value for the same option, but okay if the reuse it with the same value.03:01
davechencode is here, https://github.com/openstack/oslo.config/blob/master/oslo_config/cfg.py#L572-L57403:03
*** geoffarnoldX is now known as geoffarnold03:04
*** mylu has joined #openstack-keystone03:05
davechenjamielennox: IMO, your testcase is not the root cause, it just make the issue happened more frequent, such as the different user_id, and password used in the V2/V3 plugin can also cause the failure.03:05
*** sdake has joined #openstack-keystone03:06
jamielennoxdavechen: yep, so it should allow you to register the exact same options multiple times, but it won't let you register two different options with the same name03:06
jamielennoxin this case we have two different plugins registering a username option03:06
bknudsonwhy doesn't it fail every time?03:07
davechenjamielennox: agreed, but should allow in our testcase03:07
jamielennoxand yes i don't think that patch is the actual problem, it's just more complex than most of the other test s03:07
jamielennoxbknudson: it has been for me when trying it, but I've no idea what changed to make it start03:08
bknudsondoes this test need to be complex?03:08
davechenbknudson: I cannot figure out the reason.03:08
bknudsonif you can recreate it set a breakpoint03:08
*** sdake_ has quit IRC03:09
jamielennoxbknudson: so there is some state contamination going on, of you run each test individually it's fine03:09
*** roxanagh_ has quit IRC03:09
jamielennoxso breakpoints become harder03:09
bknudsonseems like the config fixture should be creating a fresh config every time03:09
davechensure,  run each test individually is fine03:10
jamielennoxi would have thought so03:10
davechenbknudson: config fixture has already did this, but these conf opitons is registered out of config fixture.03:11
davechenso, it will not been unregistered after the test.03:11
bknudsonif you run the tests serially it might fail every time.03:12
bknudsonmaybe the tests need to be run in the same worker03:12
davechenbknudson: in my dugging (set breakpoint), it fail every time.03:12
davechen*debugging.03:13
bknudsonthe steps to recreate should be put in the bug report if they're not there already03:13
jamielennoxoh, that's right, because auth_token registers it's options in __init__ rather than load because people have different CONF objects03:14
davechenbknudson: run in the same worker doesn't fix the issue,  they are using the same ConfigOpts, so it will not  be allowed to register with different value for the same option.03:14
davechenbknudson: will do.03:15
davechenbelieve me, username is not the only option that cause the failure, but we cannot clean all of these options since they are used widly in the testcases.03:17
*** fifieldt has joined #openstack-keystone03:18
*** dimsum__ has joined #openstack-keystone03:20
*** sdake_ has joined #openstack-keystone03:20
*** mylu has quit IRC03:22
*** mylu has joined #openstack-keystone03:23
*** sigmavirus24_awa has quit IRC03:23
*** sdake has quit IRC03:24
*** eglute has quit IRC03:25
*** ayoung has quit IRC03:26
*** dolphm has quit IRC03:27
*** d34dh0r53 has quit IRC03:27
*** erhudy1 has quit IRC03:28
*** dolphm has joined #openstack-keystone03:29
*** d34dh0r53 has joined #openstack-keystone03:29
*** links has joined #openstack-keystone03:29
*** eglute has joined #openstack-keystone03:29
*** ayoung has joined #openstack-keystone03:31
*** ChanServ sets mode: +v ayoung03:31
*** sigmavirus24_awa has joined #openstack-keystone03:32
*** btully has joined #openstack-keystone03:35
*** dimsum__ has quit IRC03:39
*** btully has quit IRC03:40
*** lhcheng has joined #openstack-keystone03:48
*** ChanServ sets mode: +v lhcheng03:48
*** sdake has joined #openstack-keystone03:49
*** sdake_ has quit IRC03:52
*** ayoung has quit IRC04:01
*** chlong has quit IRC04:02
*** geoffarnold is now known as geoffarnoldX04:06
*** spandhe has quit IRC04:25
*** lhcheng has quit IRC04:31
*** jasonsb has joined #openstack-keystone04:39
*** dimsum__ has joined #openstack-keystone04:39
*** geoffarnoldX is now known as geoffarnold04:40
*** pcaruana has quit IRC04:43
*** markvoelker has joined #openstack-keystone04:45
*** dimsum__ has quit IRC04:46
stevemarhmm, theres no way to get a catalog without authenticating eh04:47
stevemari wonder if theres a way to uniquely define each "cloud" / openstack deployment04:48
stevemarhostname and IP address could work, but theres gonna be a bunch of 10.0.1.y's and 127.0.0.1's04:48
*** markvoelker has quit IRC04:49
*** btully has joined #openstack-keystone04:50
*** lhcheng has joined #openstack-keystone04:52
*** ChanServ sets mode: +v lhcheng04:52
*** chlong has joined #openstack-keystone05:03
*** mylu has quit IRC05:04
*** jasonsb has quit IRC05:09
*** jerrygb has quit IRC05:12
*** hrou has quit IRC05:13
*** mylu has joined #openstack-keystone05:14
*** links has quit IRC05:16
*** sdake_ has joined #openstack-keystone05:17
*** links has joined #openstack-keystone05:17
*** roxanagh_ has joined #openstack-keystone05:18
*** mylu has quit IRC05:19
*** sdake has quit IRC05:20
*** urulama has joined #openstack-keystone05:23
*** chlong has quit IRC05:30
*** links has quit IRC05:31
*** geoffarnold is now known as geoffarnoldX05:43
*** links has joined #openstack-keystone05:44
*** chlong has joined #openstack-keystone05:45
*** roxanagh_ has quit IRC05:48
*** roxanagh_ has joined #openstack-keystone05:48
*** roxanagh_ has quit IRC05:57
*** topol has quit IRC05:57
*** roxanagh_ has joined #openstack-keystone05:58
*** roxanagh_ has quit IRC06:02
*** chlong has quit IRC06:06
*** chlong has joined #openstack-keystone06:09
*** chlong has quit IRC06:11
*** chlong has joined #openstack-keystone06:11
*** _cjones_ has joined #openstack-keystone06:15
*** _cjones_ has quit IRC06:17
*** _cjones_ has joined #openstack-keystone06:17
*** pnavarro has joined #openstack-keystone06:27
*** ParsectiX has joined #openstack-keystone06:27
*** ankita_wagh has joined #openstack-keystone06:27
*** nakamura has quit IRC06:42
*** hidekazu has joined #openstack-keystone06:43
*** markvoelker has joined #openstack-keystone06:45
*** markvoelker has quit IRC06:50
*** lsmola has joined #openstack-keystone06:52
*** pcaruana has joined #openstack-keystone06:53
*** roxanagh_ has joined #openstack-keystone06:59
*** henrynash has joined #openstack-keystone07:00
*** ChanServ sets mode: +v henrynash07:00
*** roxanagh_ has quit IRC07:04
*** pnavarro has quit IRC07:14
*** pnavarro has joined #openstack-keystone07:14
*** ankita_wagh has quit IRC07:18
*** ankita_wagh has joined #openstack-keystone07:19
*** ankita_wagh has quit IRC07:24
*** drjones has joined #openstack-keystone07:25
*** btully has quit IRC07:26
*** _cjones_ has quit IRC07:28
*** drjones has quit IRC07:29
*** lhcheng has quit IRC07:30
*** _cjones_ has joined #openstack-keystone07:30
*** drjones has joined #openstack-keystone07:31
*** _cjones_ has quit IRC07:35
*** drjones has quit IRC07:35
*** stevemar has quit IRC07:41
*** boris-42 has joined #openstack-keystone07:52
openstackgerritMerged openstack/keystone: Get method's class name in a python3-compatible way  https://review.openstack.org/15877707:52
*** chlong has quit IRC07:53
*** fhubik has joined #openstack-keystone07:57
*** jistr has joined #openstack-keystone08:18
*** roxanagh_ has joined #openstack-keystone08:18
*** roxanagh_ has quit IRC08:23
*** dimsum__ has joined #openstack-keystone08:44
*** markvoelker has joined #openstack-keystone08:46
*** fhubik is now known as fhubik_brb08:47
*** markvoelker has quit IRC08:51
*** e0ne has joined #openstack-keystone08:51
*** dimsum__ has quit IRC08:51
*** fhubik_brb is now known as fhubik08:53
*** tobe has joined #openstack-keystone08:56
*** henrynash has quit IRC08:56
*** tobe has quit IRC08:56
*** vivekd has joined #openstack-keystone08:57
*** e0ne has quit IRC09:03
*** samueldmq has joined #openstack-keystone09:13
*** e0ne has joined #openstack-keystone09:16
*** lhcheng has joined #openstack-keystone09:18
*** ChanServ sets mode: +v lhcheng09:18
*** katkapilatova has joined #openstack-keystone09:22
*** lhcheng has quit IRC09:23
*** aix has quit IRC09:37
openstackgerritHidekazu Nakamura proposed openstack/keystone: Update development environment set up doc  https://review.openstack.org/22302009:41
*** henrynash has joined #openstack-keystone09:48
*** ChanServ sets mode: +v henrynash09:48
*** davechen has left #openstack-keystone09:52
*** EinstCrazy has joined #openstack-keystone09:59
*** roxanagh_ has joined #openstack-keystone10:07
*** dimsum__ has joined #openstack-keystone10:11
*** henrynash has quit IRC10:11
*** roxanagh_ has quit IRC10:12
*** martinus__ has joined #openstack-keystone10:16
*** openstackgerrit has quit IRC10:16
*** openstackgerrit has joined #openstack-keystone10:17
*** henrynash has joined #openstack-keystone10:19
*** ChanServ sets mode: +v henrynash10:19
*** fhubik is now known as fhubik_brb10:19
*** fhubik_brb is now known as fhubik10:30
mordredjamielennox: but heatclient/v1/client.py class Client has a required arg "endpoint"10:32
jamielennoxmordred: is it morning there already10:33
mordredjamielennox: (I mean http.common construct_http_client10:33
mordredjamielennox: I'm in Germany at the moment :)10:33
jamielennoxah10:33
mordredjamielennox: oh - so - actually, you're right - I see the SessionClient10:34
jamielennoxyea, it should be based on session being in kwargs, but i haven't tried it for a while10:35
mordredjamielennox: I missed the _ in the construct_http_client and instead looked at the one without a _10:35
mordredthat's much better10:35
jamielennoxthere's two? these are so bad10:35
mordredjamielennox: not really - looking at it against I just suck a lot10:36
mordredjamielennox: ok. I fixed the shade patch. it looks much better now - thanks for the eyeballs10:41
*** shoutm has joined #openstack-keystone10:47
*** markvoelker has joined #openstack-keystone10:47
*** henrynash has quit IRC10:49
*** e0ne has quit IRC10:49
*** markvoelker has quit IRC10:51
*** henrynash has joined #openstack-keystone10:53
*** ChanServ sets mode: +v henrynash10:53
*** bapalm has quit IRC10:58
*** jacorob has quit IRC10:58
*** mgagne has quit IRC10:58
*** Guest18499 has quit IRC10:58
*** jacorob has joined #openstack-keystone10:58
*** blewis has joined #openstack-keystone10:58
*** blewis is now known as Guest6036310:59
*** chlong has joined #openstack-keystone11:00
*** bapalm has joined #openstack-keystone11:01
*** mgagne has joined #openstack-keystone11:01
*** mgagne is now known as Guest1251411:01
*** lhcheng has joined #openstack-keystone11:08
*** ChanServ sets mode: +v lhcheng11:08
*** aix has joined #openstack-keystone11:10
*** lhcheng has quit IRC11:13
*** samueldmq has quit IRC11:14
*** mylu has joined #openstack-keystone11:21
*** henrynash has quit IRC11:23
*** mylu has quit IRC11:26
*** martinus__ has quit IRC11:26
*** e0ne has joined #openstack-keystone11:28
*** gordc has joined #openstack-keystone11:30
*** boris-42 has quit IRC11:30
*** jistr is now known as jistr|biab11:30
*** lhcheng has joined #openstack-keystone11:32
*** ChanServ sets mode: +v lhcheng11:32
*** dave-mccowan has joined #openstack-keystone11:36
*** lhcheng has quit IRC11:36
*** dikonoor has joined #openstack-keystone11:41
dikonoorbknudson:Hi bknudson11:42
dikonoorbknudson:This is about https://bugs.launchpad.net/oslo.db/+bug/137449711:42
openstackLaunchpad bug 1374497 in oslo.db juno "change in oslo.db "ping" handling is causing issues in projects that are not using transactions" [High,Fix released] - Assigned to Mike Bayer (zzzeek)11:42
dikonoorbknudson : This bug has a comment from you that says - "There's a fix in oslo.db. The work to update Keystone will be part of a spec or blueprint to use new features in oslo.db once they're ready. I don't think it's worth keeping a bug open."11:43
dikonoorbknudson : Do you know if where i can find this spec11:44
*** chlong_ has joined #openstack-keystone11:44
*** e0ne has quit IRC11:46
*** shoutm has quit IRC11:47
*** markvoelker has joined #openstack-keystone11:48
*** chlong_ has quit IRC11:48
*** e0ne has joined #openstack-keystone11:52
*** iurygregory has joined #openstack-keystone11:52
*** iurygregory_ has joined #openstack-keystone11:52
*** iurygregory_ has quit IRC11:52
*** iurygregory has quit IRC11:52
*** markvoelker has quit IRC11:52
*** iurygregory has joined #openstack-keystone11:53
*** iurygregory has quit IRC11:53
*** iurygregory_ has joined #openstack-keystone11:53
*** iurygregory_ is now known as iurygregory11:54
*** roxanagh_ has joined #openstack-keystone11:56
*** Nirupama has quit IRC11:57
*** EinstCrazy has quit IRC11:57
*** e0ne has quit IRC11:59
*** vivekd_ has joined #openstack-keystone11:59
*** vivekd has quit IRC12:01
*** vivekd_ is now known as vivekd12:01
*** roxanagh_ has quit IRC12:01
*** e0ne has joined #openstack-keystone12:01
*** raildo-afk is now known as raildo12:11
*** openstackgerrit has quit IRC12:16
*** openstackgerrit has joined #openstack-keystone12:17
*** vivekd has quit IRC12:18
*** markvoelker has joined #openstack-keystone12:24
*** jistr|biab is now known as jistr12:24
*** henrynash has joined #openstack-keystone12:26
*** ChanServ sets mode: +v henrynash12:26
*** edmondsw has joined #openstack-keystone12:31
*** doug-fish has joined #openstack-keystone12:33
*** toddnni has quit IRC12:36
bknudsondikonoor: keystone is already using oslo.db.12:37
dikonoorbknudson:I was running into a similar error12:40
*** toddnni has joined #openstack-keystone12:41
*** toddnni has quit IRC12:46
dikonoorbknudson: could you point me to the patch / review12:47
bknudsondikonoor: the patch is in the bug : https://review.openstack.org/#/c/124466/12:47
*** dimsum__ has quit IRC12:48
*** dims has joined #openstack-keystone12:48
*** dguerri` is now known as dguerri12:49
*** dguerri is now known as dguerri`12:50
dikonoorbknudson:thanks12:51
*** fhubik is now known as fhubik_brb12:52
*** dguerri` has quit IRC12:54
*** ninag has joined #openstack-keystone12:59
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token()  https://review.openstack.org/19764713:01
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687713:01
*** iurygregory has left #openstack-keystone13:04
*** hrou has joined #openstack-keystone13:07
*** samueldmq has joined #openstack-keystone13:09
openstackgerritLance Bragstad proposed openstack/keystone: Additional documentation for services  https://review.openstack.org/21118413:10
samueldmqmorning13:12
*** raildo is now known as raildo-afk13:13
*** openstackgerrit has quit IRC13:16
*** raildo-afk is now known as raildo13:16
*** openstackgerrit has joined #openstack-keystone13:17
openstackgerritLance Bragstad proposed openstack/keystone: Add caching to get_catalog  https://review.openstack.org/21521213:18
*** raildo is now known as raildo-afk13:25
*** jecarey has joined #openstack-keystone13:25
*** fhubik_brb is now known as fhubik13:28
*** jsavak has joined #openstack-keystone13:29
*** sdake_ is now known as sdake13:30
*** raildo-afk is now known as raildo13:35
*** toddnni has joined #openstack-keystone13:41
*** r-daneel has joined #openstack-keystone13:47
*** toddnni has quit IRC13:49
*** shoutm has joined #openstack-keystone13:52
*** boris-42 has joined #openstack-keystone13:59
*** sigmavirus24_awa is now known as sigmavirus2414:00
*** jsavak has quit IRC14:03
*** zzzeek has joined #openstack-keystone14:04
*** links has quit IRC14:04
*** jsavak has joined #openstack-keystone14:05
*** richm has joined #openstack-keystone14:06
*** ParsectiX has quit IRC14:09
*** btully has joined #openstack-keystone14:09
*** amakarov_away is now known as amakarov14:12
*** EinstCrazy has joined #openstack-keystone14:14
*** roxanagh_ has joined #openstack-keystone14:16
*** slberger has joined #openstack-keystone14:17
*** david-lyle has quit IRC14:19
*** toddnni has joined #openstack-keystone14:19
*** ChanServ sets mode: +o dolphm14:20
*** roxanag__ has joined #openstack-keystone14:21
*** roxanagh_ has quit IRC14:22
*** iurygregory has joined #openstack-keystone14:24
*** lsmola has quit IRC14:27
*** katkapilatova has quit IRC14:27
*** aix has quit IRC14:27
*** pcaruana has quit IRC14:27
*** fhubik has quit IRC14:27
*** jorge_munoz has joined #openstack-keystone14:27
*** jistr has quit IRC14:27
*** sdake has quit IRC14:36
*** geoffarnoldX is now known as geoffarnold14:36
*** roxanag__ has quit IRC14:38
*** aix has joined #openstack-keystone14:39
*** lsmola has joined #openstack-keystone14:40
*** pcaruana has joined #openstack-keystone14:40
*** roxanagh_ has joined #openstack-keystone14:40
*** jistr has joined #openstack-keystone14:41
*** katkapilatova has joined #openstack-keystone14:41
*** pnavarro is now known as pnavarro|afk14:43
*** jsavak has quit IRC14:45
*** jsavak has joined #openstack-keystone14:46
*** jsavak has quit IRC14:49
*** jsavak has joined #openstack-keystone14:50
*** tonytan4ever has joined #openstack-keystone14:50
*** thiagop has joined #openstack-keystone14:52
*** roxanagh_ has quit IRC14:53
*** thiagop has quit IRC14:58
openstackgerritMerged openstack/keystone: Use /auth/projects in tests  https://review.openstack.org/21726615:05
*** jerrygb has joined #openstack-keystone15:06
*** david-lyle has joined #openstack-keystone15:06
*** shoutm has quit IRC15:11
*** thiagop has joined #openstack-keystone15:12
*** phalmos has joined #openstack-keystone15:14
lbragstaddolphm: quick question you had on the patch for revocation events and the comparison to fernet timestamps. The last few failures here are because the POST token operation is happening in the same second as the revocation event - https://review.openstack.org/#/c/195780/15:15
lbragstadI thought https://review.openstack.org/#/c/216236/4 was suppose to help address that?15:15
*** stevemar has joined #openstack-keystone15:16
*** ChanServ sets mode: +v stevemar15:16
dolphmlbragstad: it causes those tokens to be revoked, intentionally, by using <= instead of <15:16
dolphmlbragstad: the tempest test should be updated to sleep for 1.0 seconds, then?15:16
*** nkinder has joined #openstack-keystone15:17
*** pcaruana has quit IRC15:19
lbragstaddolphm: for some reason I was thinking the fix was in removing subsecond precision from revocation events, but then I started look at the data, and it doesn't have it anyway15:20
dolphmlbragstad: in the revocation event?15:20
lbragstaddolphm: right, or at least when I look at the data (i'm using sql)15:20
dolphmlbragstad: i think we write subsecond precision to the db, but mysql discards it15:21
dolphm(5.5 truncates)15:21
lbragstad++15:21
lbragstadyeah, i think that's right15:21
dolphmhttp://dev.mysql.com/doc/refman/5.6/en/fractional-seconds.html15:21
dolphm5.6.4 is the magic version number15:21
dolphm'mysql-server' installs 5.5.44 in ubuntu 14.04 right now, unless you specify 'mysql-server-56', in which case you get 5.6.1915:23
dolphmbut as of a couple releases ago, neutron would fail catastrophically with 5.6.* because of it's inability to perform transactions correctly, iirc, so 5.6 isn't (or, wasn't_ an option for devstack15:24
dolphmlbragstad: ^15:24
lbragstadmakes sense15:24
lbragstadso, one fix might be to introduce a higher sql version number?15:25
dolphmlbragstad: to fix keystone alone, yes15:25
lbragstadbecause then revocation events would have subsecond precision; while fernet tokens would still be rounded to the second15:25
lbragstaddolphm: apt-get upgrade mysql-server just gave me version 5.6.2515:30
*** phalmos has quit IRC15:30
*** aix has quit IRC15:31
dolphmlbragstad: ah, actually.... either morgan or bknudson pointed out that if fernet tokens have truncated precision and revocation events have subsecond precision, then a fernet token quickly issued after a revocation event is effectively issued in the past, so mysql-server version won't help that case :-/15:31
lbragstaddolphm: oh... good point15:32
dolphmlbragstad: in the real world, that behavior is errs on the side of security though, so i suppose i'm still inclined to slow the tempest test down15:32
bknudsontokens should all work the same way15:33
bknudsonso if fernet is seconds-precision then make all providers to the second15:33
lbragstadis mtreinish around?15:33
morganbknudson: ++15:33
*** kfox1111_away is now known as kfox111115:33
*** woodster_ has joined #openstack-keystone15:33
*** phalmos has joined #openstack-keystone15:34
*** diazjf has joined #openstack-keystone15:35
*** ankita_wagh has joined #openstack-keystone15:45
morgandolphm: I am ok with revocation events being issue-1 second or having a 1second window where a token is "in the past" and automatically invalid (this second option is better from a security standpoint) cc lbragstad15:47
lbragstadmorgan: wouldn't that be revoke_map['issued_at'] + 115:48
lbragstad?15:48
*** haneef has quit IRC15:48
lbragstadwith the removal of subsecond precision15:49
morganlbragstad: either round up or down15:49
morganBoth are fine15:49
morganRound up is more secure15:49
lbragstadmorgan: right15:49
morganSo I recommend that.15:50
*** katkapilatova has left #openstack-keystone15:50
morganJust make sure to truncate the microseconds or not use sub second=true15:50
dolphmi don't like mysql's datetime support15:52
*** EinstCrazy has quit IRC15:54
*** jistr has quit IRC15:55
*** jsavak has quit IRC15:57
bknudsoncan computers really do things in less than a second?15:57
bknudsoncan't imagine why anyone would need sub-second precision.15:57
*** jsavak has joined #openstack-keystone15:58
morganbknudson: subsecond is guaranteed within a single system to be accurate but drift prevents coordination across multiple systems. Unless you have some crazy $$$$ rtc chip16:00
morganIt was useful for guaranteeing unique information in the tokens (pki hack) and not much else16:01
*** openstackgerrit has quit IRC16:01
bknudsonthat's a good point if you're running multiple keystones you'd get tokens issued at random times.16:01
*** openstackgerrit has joined #openstack-keystone16:02
openstackgerritLance Bragstad proposed openstack/keystone: Remove subsecond precision from revocation events  https://review.openstack.org/22320216:04
*** Guest12514 is now known as mgagne16:05
*** mgagne has joined #openstack-keystone16:05
*** geoffarnold is now known as geoffarnoldX16:06
*** jsavak has quit IRC16:06
*** jsavak has joined #openstack-keystone16:06
bknudsonhttp://docs.oracle.com/cd/E19253-01/816-4557/setup-192/index.html -- says the default max clock skew is 300 seconds16:07
bknudsonwould be difficult to handle 300 seconds difference in token issuance16:07
bknudsonthe tokens could be considered expired on one system the moment they're issued on another.16:08
*** geoffarnoldX is now known as geoffarnold16:10
*** stevemar has quit IRC16:11
*** jsavak has quit IRC16:11
*** stevemar has joined #openstack-keystone16:11
*** ChanServ sets mode: +v stevemar16:11
*** jsavak has joined #openstack-keystone16:11
*** stevemar has quit IRC16:16
*** jerrygb has quit IRC16:19
dolphmbknudson: SECONDS, jeezus16:21
*** ebalduf_ has joined #openstack-keystone16:22
*** gyee has joined #openstack-keystone16:24
*** ChanServ sets mode: +v gyee16:24
lbragstaddolphm: what, specifically, don't you like about mysql's datetime support?16:27
dolphmlbragstad: it's less consistent than it's decimal support :)16:27
*** Ephur has joined #openstack-keystone16:29
*** aix has joined #openstack-keystone16:33
*** phalmos has quit IRC16:35
*** ankita_wagh has quit IRC16:39
*** dikonoor has quit IRC16:40
lbragstaddolphm: less consistent?16:41
lbragstaddolphm: i'm sorry, i'm not that familiar, just trying to gather some context16:41
morganlbragstad: datetime objects in MySQL are wonky16:42
morganThey have changed and behave in strange ways when you don't use MySQL to generate them.16:42
lbragstadmorgan: are there some docs on this?16:42
morganThere are.16:43
morganSomewhere16:43
* lbragstad pokes Google16:43
morganBut version to version datetime has changed16:43
morganExample subsecond support16:44
*** _cjones_ has joined #openstack-keystone16:44
lbragstadmorgan: https://dev.mysql.com/doc/refman/5.0/en/using-date.html ?16:49
morganlbragstad: yes. But just experience shows it has been odd16:49
*** edmondsw has quit IRC16:54
*** jsavak has quit IRC16:55
*** tonytan4ever has quit IRC16:55
*** jsavak has joined #openstack-keystone16:56
*** tonytan4ever has joined #openstack-keystone17:09
*** ankita_wagh has joined #openstack-keystone17:09
openstackgerritAlexander Makarov proposed openstack/keystone: Check datetime string to validate is a string  https://review.openstack.org/22322817:20
*** Ephur has quit IRC17:23
*** e0ne has quit IRC17:23
*** csoukup has joined #openstack-keystone17:24
lbragstaddolphm: morgan ok - so i found a few resources; http://blog.client9.com/2010/02/19/dont-waste-time-with-python-mysql-and.html and http://billauer.co.il/blog/2009/03/mysql-datetime-epoch-unix-time/17:24
*** edmondsw has joined #openstack-keystone17:24
morganlbragstad: the easiest solution really is to just use seconds17:24
morganlbragstad: it is the lowest common denominator17:25
*** pnavarro|afk has quit IRC17:25
lbragstadbut those mainly deal with *creating* the timestamp with SQL. Just checking that would never really be the case with Keystone because we'd (or Fernet) would always be the ones creating the timestamp17:25
lbragstadmorgan: I agree, have you heard of any issues where SQL messes with the precision of timestamps created by other things?17:27
*** stevemar has joined #openstack-keystone17:27
*** ChanServ sets mode: +v stevemar17:27
morganYes. Former versions of mysql17:27
morganSubsecond was truncated17:27
morganBut it won't change the data itself17:28
morganIf you generate a datetime object that will be consistent. And we don't care if subsecond a are added back in as they'd be .00000017:28
morganSince we don't supply them in the new model17:29
lbragstadspecific to revocation events once subsecond precision is removed...17:29
morganIt isnt hard to make it all consistent17:32
morganIf we just drop subsecond everywhere we should be good17:32
*** tonytan4ever has quit IRC17:34
*** jproulx has joined #openstack-keystone17:36
*** jsavak has quit IRC17:37
*** jsavak has joined #openstack-keystone17:37
*** phalmos has joined #openstack-keystone17:50
openstackgerritvenkatamahesh proposed openstack/keystone: Fix the http link for JSON schema  https://review.openstack.org/21731917:51
openstackgerritEric Brown proposed openstack/keystone: Update man pages with liberty version and dates  https://review.openstack.org/22323817:52
*** kiran-r has joined #openstack-keystone17:54
*** kiran-r has quit IRC17:54
*** ninag has quit IRC17:55
*** samueldmq has quit IRC17:56
*** ninag has joined #openstack-keystone18:00
*** mylu has joined #openstack-keystone18:00
*** harlowja has quit IRC18:00
*** tonytan4ever has joined #openstack-keystone18:01
jproulxHaving syntax issues (i think) writing a policy.json rule:18:01
jproulx"proj_admin": "role:proj_admin and project_id:%(target.project.id)s"18:01
jproulxIf I leave it at role it does what I want trying to add project_id it stops, can anyone seem my probably obvious blunder?18:01
*** harlowja has joined #openstack-keystone18:02
*** jsavak has quit IRC18:03
*** jsavak has joined #openstack-keystone18:04
*** lhcheng has joined #openstack-keystone18:05
*** ChanServ sets mode: +v lhcheng18:05
*** lhcheng_ has joined #openstack-keystone18:06
*** lhcheng has quit IRC18:10
*** ninag has quit IRC18:11
*** r-daneel has quit IRC18:15
*** openstackgerrit has quit IRC18:16
*** mylu has quit IRC18:16
*** openstackgerrit has joined #openstack-keystone18:17
*** mylu has joined #openstack-keystone18:17
*** r-daneel has joined #openstack-keystone18:18
edmondswmorgan, do you know if anyone is working on adding keystone v3 support to refstack? Just discovered it only supports keystone v2.018:21
morganedmondsw: no idea18:22
morganFirst I've heard about this gap18:22
edmondswk... thought you'd probably want to know anyway18:22
edmondswI should be more specific... refstack-client18:23
edmondswno #openstack-refstack irc channel?18:23
*** e0ne has joined #openstack-keystone18:24
edmondswoh, it's #refstack18:25
*** david-lyle has quit IRC18:29
*** doug-fis_ has joined #openstack-keystone18:32
*** doug-fis_ has quit IRC18:32
*** doug-fis_ has joined #openstack-keystone18:32
*** sdake has joined #openstack-keystone18:33
*** doug-fish has quit IRC18:34
*** sdake_ has joined #openstack-keystone18:36
*** sdake has quit IRC18:39
*** dims_ has joined #openstack-keystone18:50
*** dims has quit IRC18:52
stevemaredmondsw: yep, it only does v2 tests i think18:57
stevemarmfisch: yo, did i end up sending you an email about your paste?18:57
edmondswstevemar, morgan, it won't even connect, so can't do anything. But catherineD says it's in the works18:58
stevemarmfisch: if i didn't, it looks cool, really re-enforces the need to tweak it just a bit18:58
mfischstevemar: no email18:58
stevemaredmondsw: yeah, i'm chatting with her now-ish, but i think shes looking at it from an 'upload the results', cause you need to authN to upload test results, i think?18:59
mfischstevemar: this is a background thing for me to maintain my sanity dealing with data center stuff.  I think the filtering at your end would be key18:59
stevemarmfisch: well, i'll say it here, your pastie was cool!18:59
stevemarmfisch: yep18:59
edmondswstevemar, she asked me to open a bug for "not supporting V3 when fetching the Keystone ID being used as Cloud Provider ID"... whatever that means19:00
mfischstevemar: My next thing is to get it to handle rabbit going away without dying, that is complicated but there's a nice example from the pika guys19:01
*** jsavak has quit IRC19:01
*** jproulx has left #openstack-keystone19:02
*** doug-fis_ has quit IRC19:02
*** doug-fish has joined #openstack-keystone19:02
*** Ephur has joined #openstack-keystone19:04
*** jsavak has joined #openstack-keystone19:08
edmondswstevemar, refstack bug is https://bugs.launchpad.net/refstack/+bug/149567119:08
openstackLaunchpad bug 1495671 in refstack "not supporting V3 when fetching the Keystone ID being used as Cloud Provider ID" [Undecided,New]19:08
*** mylu has quit IRC19:14
*** mylu has joined #openstack-keystone19:15
stevemaredmondsw: looks like refstack is meeting now in #openstack-meeting-alt19:18
*** samueldmq has joined #openstack-keystone19:18
*** devlaps has joined #openstack-keystone19:18
*** jsavak has quit IRC19:18
*** jsavak has joined #openstack-keystone19:19
*** pnavarro|afk has joined #openstack-keystone19:29
openstackgerritAlexander Makarov proposed openstack/keystone: Check datetime string to validate is a string  https://review.openstack.org/22322819:29
*** amakarov is now known as amakarov_away19:30
*** david-lyle has joined #openstack-keystone19:34
*** e0ne has quit IRC19:36
*** mylu has quit IRC19:41
*** mylu has joined #openstack-keystone19:41
*** stevemar has quit IRC19:43
*** stevemar has joined #openstack-keystone19:43
*** ChanServ sets mode: +v stevemar19:43
*** pnavarro|afk has quit IRC19:44
*** ninag has joined #openstack-keystone19:44
*** mylu has quit IRC19:46
*** stevemar has quit IRC19:48
*** lhcheng_ is now known as lhcheng19:50
*** ChanServ sets mode: +v lhcheng19:50
*** e0ne has joined #openstack-keystone19:50
*** jsavak has quit IRC19:53
*** stevemar has joined #openstack-keystone19:53
*** ChanServ sets mode: +v stevemar19:53
*** jsavak has joined #openstack-keystone19:57
*** stevemar has quit IRC19:57
*** stevemar_ has joined #openstack-keystone19:58
*** ChanServ sets mode: +v stevemar_19:58
*** stevemar_ has quit IRC19:58
*** stevemar has joined #openstack-keystone19:58
*** ChanServ sets mode: +v stevemar19:58
*** mylu has joined #openstack-keystone20:02
*** Guest30379 has quit IRC20:02
dstanekdamn...looks like i need to dist-upgrade at some point20:03
*** tsymanczyk has joined #openstack-keystone20:06
*** jsavak has quit IRC20:06
bknudsondstanek: cattle > pets20:06
*** tsymanczyk is now known as Guest8592720:06
*** jsavak has joined #openstack-keystone20:07
*** e0ne has quit IRC20:07
*** mylu has quit IRC20:07
dstanekbknudson: unfortunately i can't treat my daughter's desktop at cattle yet. i need a nas or something20:08
bknudsondstanek: I've got a synology diskstation. it's small and has worked great so far20:09
*** tonytan4ever has quit IRC20:09
bknudsonjust give her a rackspace account20:09
*** samueldmq has quit IRC20:09
bknudsonif she needs something it's just nova boot20:10
*** boris-42 has quit IRC20:10
dstaneki wonder if i can do remote desktop and make her workstation a dump terminal.20:11
*** mylu has joined #openstack-keystone20:11
*** dims has joined #openstack-keystone20:14
*** jasonsb has joined #openstack-keystone20:14
*** ankita_wagh has quit IRC20:16
*** dims_ has quit IRC20:16
*** mylu has quit IRC20:17
*** csoukup has quit IRC20:19
*** med_ has quit IRC20:20
*** mfisch has quit IRC20:20
*** mfisch has joined #openstack-keystone20:20
*** med_ has joined #openstack-keystone20:20
bknudsonthat would make backups easy just use snapshot20:20
*** med_ is now known as Guest4776620:20
*** mfisch is now known as Guest1577720:20
*** Guest47766 is now known as medberry20:22
*** medberry has quit IRC20:22
*** medberry has joined #openstack-keystone20:22
*** openstackgerrit has quit IRC20:31
*** ankita_wagh has joined #openstack-keystone20:31
*** openstackgerrit has joined #openstack-keystone20:32
*** edmondsw has quit IRC20:34
*** mylu has joined #openstack-keystone20:35
*** mylu has quit IRC20:37
*** mylu has joined #openstack-keystone20:37
*** boris-42 has joined #openstack-keystone20:40
*** devananda has left #openstack-keystone20:41
*** thiagop has quit IRC20:41
*** ericksonsantos has quit IRC20:41
*** mylu has quit IRC20:41
*** iurygregory has quit IRC20:42
openstackgerritDolph Mathews proposed openstack/keystonemiddleware: Refactor _v3_to_v2_catalog()  https://review.openstack.org/22329120:45
stevemardolphm: yes, calling it "region" was very annoying20:46
stevemarbut it was out of scope for the patch20:46
*** Guest85927 has quit IRC20:50
*** raildo is now known as raildo-afk20:53
*** urulama has quit IRC20:53
*** urulama has joined #openstack-keystone20:54
*** tellesnobrega is now known as tellesnobrega_af20:54
morgandolphm: generally +2 on that fix, +1 because I'd like to smash that TODO into something a bit less obtuse.20:56
*** e0ne has joined #openstack-keystone20:59
*** thiagop has joined #openstack-keystone21:00
*** thiagop has quit IRC21:05
*** henrynash has quit IRC21:05
*** ericksonsantos has joined #openstack-keystone21:06
*** SheenaG has joined #openstack-keystone21:07
*** gabriel-bezerra has quit IRC21:08
*** tellesnobrega_af is now known as tellesnobrega21:08
*** tsymancz1k has joined #openstack-keystone21:09
*** jasonsb has quit IRC21:10
*** jsavak has quit IRC21:12
*** Guest15777 is now known as mfisch21:14
*** mfisch has quit IRC21:14
*** mfisch has joined #openstack-keystone21:14
mfischstevemar: https://github.com/matthewfischer/keystone_logging/blob/master/listen.py21:14
mfischwill keep working on it here as time permits21:14
*** fifieldt_ has joined #openstack-keystone21:15
*** fifieldt has quit IRC21:18
*** thiagop has joined #openstack-keystone21:19
*** devlaps has quit IRC21:20
*** gabriel-bezerra has joined #openstack-keystone21:20
*** iurygregory has joined #openstack-keystone21:23
stevemarmfisch: we should really add the name of the entity and the domain name (if its a group/user/project)21:25
mfischstevemar: right now I'm going to work on making it not barf if the rabbit connection drops21:25
mfischits complicated of course because its rabbit21:25
stevemar:(21:25
mfischhttps://pika.readthedocs.org/en/0.10.0/examples/asynchronous_consumer_example.html21:25
stevemari don't know enough about rabbit, i leave that bit up to oslo.messaging21:25
mfischrabbit is the most dangerous part of our infra21:26
mfischanything goes wrong on any node and everything breaks21:26
stevemarugh21:26
mfischId rather lose a core switch21:26
stevemarthat sounds awful21:26
mfischhence my motivation for you to filter the token validations at the source21:26
stevemari had no idea it was that bad21:26
mfischits a lynchpin21:26
mfischopenstack is using it smarter now in K so its not as bad21:27
mfischalso we know more21:27
*** mylu has joined #openstack-keystone21:27
stevemargood to hear it's gotten better21:28
mfischstevemar: also I welcome patches on that code ;)21:31
stevemarmfisch: i will probably tinker with the keystone side of things (adding names and giving you an option to pick what events you want published)21:33
mfischperfect21:33
stevemari've got a few grunts looking for work21:33
mfischI cant imagine anyone wants to log token validates21:33
mfischunless you are selling hard drives21:34
stevemarlol21:34
stevemarmaybe that was ambitious on our part21:34
stevemarwe're helping to promote cross-business needs21:34
*** stevemar has quit IRC21:37
mfischmaybe it would be useful for a crude measure of api activity21:38
mfischthere's better ways21:38
*** mylu has quit IRC21:45
*** openstackgerrit has quit IRC21:46
*** mylu has joined #openstack-keystone21:46
*** openstackgerrit has joined #openstack-keystone21:47
*** tqtran has joined #openstack-keystone21:51
*** ninag has quit IRC21:56
*** doug-fish has quit IRC21:56
*** doug-fish has joined #openstack-keystone21:56
*** doug-fish has quit IRC21:58
*** doug-fish has joined #openstack-keystone21:58
*** doug-fish has quit IRC21:59
*** doug-fish has joined #openstack-keystone21:59
*** mylu has quit IRC22:00
*** mylu has joined #openstack-keystone22:01
*** e0ne has quit IRC22:04
*** doug-fish has quit IRC22:04
*** e0ne has joined #openstack-keystone22:09
morganmfisch: yeah uhhhh rabbit22:09
morganmfisch: /me wont take credit for this but... imap as a replacement for rabbit ... it would scale!22:10
mfischwait like the email protocol?22:10
morganmfisch: yes22:11
morganmfisch: think about it.  Fanout is easy, delivery/marking "read" is easy22:11
mfischreply-all22:11
morganmfisch: can do secure auth.. can even do secure sending22:11
*** dims has quit IRC22:11
morganmfisch: and scales masssssssively22:11
mfischso instead of rabbitmq I have to run sendmail22:12
morganeh, i wouldn't use sendmail but something that can do it22:12
mfischmaybe google would host it for me22:12
morganbut even then sendmail is a known beast and managing/maintaining it is a "solved" problem22:12
mfischI dont have enough beer to discuss this22:12
*** e0ne has quit IRC22:12
morgandrink beer, discuss with mordred in tokyo22:13
*** doug-fish has joined #openstack-keystone22:13
*** diazjf has left #openstack-keystone22:13
*** dave-mccowan has quit IRC22:14
morganmfisch: let the whole thing stew on the back burner. it's actually pretty entertaining to think of what can be done with imap ;)22:14
*** slberger has left #openstack-keystone22:15
*** ninag has joined #openstack-keystone22:15
mordredwhat did I do?22:15
morganmordred: imap22:16
mordredYES IMAP22:16
mordredsendmail isn't the thing - what you want is cyrus IMAPd - which is easy to run small-scale for single-node deployments, but can cluster to massive size (it's what fastmail runs)22:16
mordredyou don't actually need to send email22:17
morganmordred: you know what is interesting... we could use email as a inter->region transport22:17
mordredyou can connect over IMAP port and inject messages of arbitrary payloads (headers not needed)22:17
mordredmorgan: yah22:17
*** shaleh has joined #openstack-keystone22:17
mordredmorgan: turns out this is a system that is TOTALLY understood22:17
*** doug-fish has quit IRC22:17
morganand it's a solved problem to scale it pretty massively22:17
mordredyup22:17
mordredall that remains is to prove it out22:18
morganthe more I think about it the more I want to do it.22:18
*** hrou has quit IRC22:20
*** ninag has quit IRC22:20
openstackgerritMerged openstack/keystone: Move TestClient to test_versions  https://review.openstack.org/21858422:28
*** shaleh has left #openstack-keystone22:28
*** jecarey has quit IRC22:29
*** gordc has quit IRC22:30
*** mylu has quit IRC22:30
*** stevemar has joined #openstack-keystone22:37
*** ChanServ sets mode: +v stevemar22:37
*** shadower has quit IRC22:37
*** stevemar has quit IRC22:40
*** erhudy1 has joined #openstack-keystone22:46
*** sdake has joined #openstack-keystone22:58
*** sdake_ has quit IRC23:02
*** dave-mccowan has joined #openstack-keystone23:04
*** markvoelker has quit IRC23:06
*** ankita_wagh has quit IRC23:15
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: auth_token tests use clean config  https://review.openstack.org/22333823:18
*** david-lyle has quit IRC23:20
*** hrou has joined #openstack-keystone23:21
*** mylu has joined #openstack-keystone23:22
*** geoffarnold is now known as geoffarnoldX23:22
*** zzzeek has quit IRC23:24
*** markvoelker has joined #openstack-keystone23:39
mordredmorgan: I just got my citycloud account working23:40
mordredmorgan: they are running keystone v323:40
morgannice23:40
mordredok. they win for best flavor names23:40
mordred"16C-32GB-200GB"23:40
morganhuh, that just makes too much sense23:41
morganis ... that allowed?23:41
*** shoutm has joined #openstack-keystone23:45
*** stevemar has joined #openstack-keystone23:49
*** ChanServ sets mode: +v stevemar23:49
*** SheenaG has quit IRC23:50
*** ankita_wagh has joined #openstack-keystone23:51
*** dsirrine has quit IRC23:53
*** samueldmq has joined #openstack-keystone23:55
*** phalmos has quit IRC23:59
« Sunday, 2015-09-13 Index Tuesday, 2015-09-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!