Wednesday, 2015-09-16

« Tuesday, 2015-09-15 Index Thursday, 2015-09-17 »
*** shoutm has joined #openstack-keystone00:10
openstackgerritMerged openstack/keystone: Fix logging in federation/idp.py  https://review.openstack.org/20304700:16
*** toddnni_ has joined #openstack-keystone00:18
*** devlaps has quit IRC00:18
*** mylu has joined #openstack-keystone00:19
*** mylu has quit IRC00:19
*** mylu has joined #openstack-keystone00:20
*** dims_ has quit IRC00:20
*** bapalm_ has joined #openstack-keystone00:20
*** clayton- has joined #openstack-keystone00:20
*** cburgess_ has joined #openstack-keystone00:21
*** cburgess has quit IRC00:21
*** jdennis has quit IRC00:21
*** toddnni has quit IRC00:21
*** toddnni_ is now known as toddnni00:21
*** bapalm has quit IRC00:21
*** clayton has quit IRC00:21
*** samueldmq has quit IRC00:21
*** clayton- is now known as clayton00:21
*** jdennis has joined #openstack-keystone00:22
*** shadower has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
*** mylu has quit IRC00:24
*** bradjones has quit IRC00:25
morgangyee, dstanek, lhcheng, jamielennox, https://review.openstack.org/#/c/217319/1 someone +2/+A that it's trivial and should just land00:27
lhchengmorgan: on it00:27
morganlhcheng: also take a moment to take in and appreciate the epic level of bike shed going on there00:28
jamielennoxmorgan: done00:28
*** shoutm_ has joined #openstack-keystone00:28
jamielennoxdidn't bother reading comments, trivial00:28
lhchengmorgan: hah00:29
lhchengreally?00:29
morganthe shed is now green00:29
lhchengyeah, that's a lot00:29
*** shoutm has quit IRC00:29
morgani facepalmed pretty hard00:29
*** wasmum- has joined #openstack-keystone00:31
*** mtaylor has joined #openstack-keystone00:31
*** mylu has joined #openstack-keystone00:32
*** gabriel-1 has joined #openstack-keystone00:33
*** htruta` has joined #openstack-keystone00:33
*** agireud- has joined #openstack-keystone00:34
lhchengmorgan: glad that it is not just horizon that has that. :P I remember people having hangout session spending hours deciding how to name a folder.00:35
*** agireud has quit IRC00:35
*** akscram1 has quit IRC00:35
*** gabriel-bezerra has quit IRC00:35
*** mordred has quit IRC00:36
*** htruta has quit IRC00:36
*** wasmum has quit IRC00:36
*** agireud- is now known as agireud00:36
morganlhcheng: simple, call it "thing"00:36
morganlhcheng: if thing is insufficient, fix it later00:36
morganlhcheng: we are now agile development00:36
morganlhcheng: :P00:36
lhchengmorgan: tough to make a call if there's a lot of experts00:39
lhchenghttps://www.youtube.com/watch?v=BKorP55Aqvg00:39
lhchengenjoy :)00:39
morgancan the red lines be blue?00:40
morganor with transparent ink00:40
lhchengyeah, it so simple00:40
lhchengso simple don't have to explain it00:41
*** hrou has joined #openstack-keystone00:41
*** akscram1 has joined #openstack-keystone00:42
*** _cjones_ has quit IRC00:43
*** ayoung has joined #openstack-keystone00:45
*** ChanServ sets mode: +v ayoung00:45
*** shoutm_ has quit IRC00:46
*** shoutm has joined #openstack-keystone00:48
*** lhcheng has quit IRC01:01
*** dims_ has joined #openstack-keystone01:05
*** jdandrea has quit IRC01:05
*** ankita_wagh has quit IRC01:15
*** r-daneel has quit IRC01:17
*** stevemar has joined #openstack-keystone01:19
*** ChanServ sets mode: +v stevemar01:19
*** geoffarnold is now known as geoffarnoldX01:20
*** geoffarnoldX is now known as geoffarnold01:28
*** samueldmq has joined #openstack-keystone01:28
*** stevemar has quit IRC01:29
*** stevemar has joined #openstack-keystone01:30
*** ChanServ sets mode: +v stevemar01:30
*** dims_ has quit IRC01:34
*** ebalduf has joined #openstack-keystone01:37
*** ebalduf has quit IRC01:41
*** sigmavirus24 is now known as sigmavirus24_awa01:43
*** spandhe has quit IRC01:50
*** htruta` is now known as htruta01:53
*** erhudy1 has quit IRC01:57
*** mylu has quit IRC02:01
*** mylu has joined #openstack-keystone02:02
*** shoutm has quit IRC02:05
*** shoutm has joined #openstack-keystone02:13
*** stevemar_ has joined #openstack-keystone02:20
*** ChanServ sets mode: +v stevemar_02:20
*** gyee has quit IRC02:24
*** doug-fish has joined #openstack-keystone02:26
*** stevemar has quit IRC02:28
*** akscram1 has quit IRC02:28
*** geoffarnold is now known as geoffarnoldX02:30
*** lhcheng has joined #openstack-keystone02:38
*** ChanServ sets mode: +v lhcheng02:38
*** mylu has quit IRC02:49
*** geoffarnoldX is now known as geoffarnold02:49
*** mylu has joined #openstack-keystone02:50
*** geoffarnold is now known as geoffarnoldX02:50
*** ankita_wagh has joined #openstack-keystone03:00
*** diazjf has quit IRC03:04
*** doug-fish has quit IRC03:07
*** richm has quit IRC03:08
*** zzzeek has joined #openstack-keystone03:12
*** zzzeek has quit IRC03:16
*** fifieldt has joined #openstack-keystone03:18
*** lhcheng has quit IRC03:20
*** boris-42 has quit IRC03:30
*** mylu has quit IRC03:40
*** lhcheng has joined #openstack-keystone03:41
*** ChanServ sets mode: +v lhcheng03:41
*** david-lyle has joined #openstack-keystone03:41
*** jgriffith has joined #openstack-keystone03:45
jgriffithany keystone folks around: https://bugs.launchpad.net/keystone/+bug/149622203:45
openstackLaunchpad bug 1496222 in Keystone "Requirements update breaks keystone install on 3'rd party CI systems" [Undecided,New]03:45
*** shoutm has quit IRC03:48
*** shoutm_ has joined #openstack-keystone03:49
*** boris-42 has joined #openstack-keystone03:49
*** boris-42 has quit IRC03:49
*** boris-42 has joined #openstack-keystone03:49
*** ayoung has quit IRC03:58
*** pkarikh has quit IRC04:08
*** pkarikh has joined #openstack-keystone04:08
*** ajayaa has joined #openstack-keystone04:12
*** geoffarnoldX is now known as geoffarnold04:14
*** ankita_wagh has quit IRC04:29
*** akscram1 has joined #openstack-keystone04:29
*** sdake has joined #openstack-keystone04:33
*** sdake_ has joined #openstack-keystone04:34
*** roxanagh_ has joined #openstack-keystone04:35
*** Nirupama has joined #openstack-keystone04:35
*** stevemar_ has quit IRC04:38
*** sdake has quit IRC04:38
*** ankita_wagh has joined #openstack-keystone04:41
*** david-lyle has quit IRC04:42
*** diazjf has joined #openstack-keystone04:44
*** david-lyle has joined #openstack-keystone04:45
*** geoffarnold is now known as geoffarnoldX04:54
*** sdake_ has quit IRC04:56
*** diazjf has left #openstack-keystone04:56
*** amit213 has quit IRC04:59
*** sdake has joined #openstack-keystone04:59
*** amit213 has joined #openstack-keystone04:59
*** diazjf has joined #openstack-keystone05:03
*** diazjf has left #openstack-keystone05:03
*** sdake_ has joined #openstack-keystone05:10
*** sdake has quit IRC05:14
*** roxanagh_ has quit IRC05:16
*** lhcheng has quit IRC05:21
*** lhcheng has joined #openstack-keystone05:23
*** ChanServ sets mode: +v lhcheng05:23
*** hrou has quit IRC05:33
*** roxanagh_ has joined #openstack-keystone05:41
*** agireud has quit IRC05:41
*** agireud has joined #openstack-keystone05:41
*** lsmola has joined #openstack-keystone05:42
*** shoutm_ has quit IRC05:44
*** EinstCrazy has joined #openstack-keystone06:06
*** lhcheng has quit IRC06:09
*** _cjones_ has joined #openstack-keystone06:09
*** ankita_wagh has quit IRC06:09
*** _cjones_ has quit IRC06:09
*** _cjones_ has joined #openstack-keystone06:10
*** shoutm has joined #openstack-keystone06:12
*** henrynash has joined #openstack-keystone06:13
*** ChanServ sets mode: +v henrynash06:13
*** topol has quit IRC06:17
*** roxanagh_ has quit IRC06:25
*** markvoelker has quit IRC06:25
*** ParsectiX has joined #openstack-keystone06:29
*** e0ne has joined #openstack-keystone06:37
*** stevemar has joined #openstack-keystone06:38
*** ChanServ sets mode: +v stevemar06:38
*** e0ne has quit IRC06:39
*** drjones has joined #openstack-keystone06:40
*** stevemar has quit IRC06:42
*** _cjones_ has quit IRC06:44
*** btully has quit IRC06:46
*** henrynash has quit IRC07:19
*** boris-42 has quit IRC07:19
*** ParsectiX has quit IRC07:19
openstackgerritZhao Jian proposed openstack/python-keystoneclient: Add support for grant_type "authorization_code"  https://review.openstack.org/22394607:23
*** ParsectiX has joined #openstack-keystone07:24
*** henrynash has joined #openstack-keystone07:25
*** boris-42 has joined #openstack-keystone07:25
*** cameron.freenode.net sets mode: +v henrynash07:25
*** markvoelker has joined #openstack-keystone07:26
*** EinstCrazy has quit IRC07:27
*** henrynash has quit IRC07:28
*** markvoelker has quit IRC07:30
*** roxanaghe has quit IRC07:42
*** pnavarro|off has joined #openstack-keystone07:55
*** lhcheng has joined #openstack-keystone07:57
*** ChanServ sets mode: +v lhcheng07:57
*** drjones has quit IRC07:57
*** _cjones_ has joined #openstack-keystone07:58
*** fhubik has joined #openstack-keystone07:59
*** fhubik is now known as fhubik_brb08:00
*** lhcheng has quit IRC08:02
*** e0ne has joined #openstack-keystone08:03
*** pece has joined #openstack-keystone08:04
*** fhubik_brb is now known as fhubik08:05
*** kiran-r has joined #openstack-keystone08:09
*** sdake has joined #openstack-keystone08:11
*** sdake_ has quit IRC08:12
*** jistr has joined #openstack-keystone08:19
*** e0ne has quit IRC08:24
*** shoutm has quit IRC08:33
*** _cjones_ has quit IRC08:45
*** e0ne has joined #openstack-keystone08:46
*** pnavarro|off is now known as pnavarro09:04
*** fhubik is now known as fhubik_brb09:13
*** aix has joined #openstack-keystone09:18
*** ninag has joined #openstack-keystone09:19
*** topol has joined #openstack-keystone09:19
*** ChanServ sets mode: +v topol09:19
*** ninag has quit IRC09:23
*** topol has quit IRC09:24
*** markvoelker has joined #openstack-keystone09:26
*** sdake has quit IRC09:30
*** markvoelker has quit IRC09:31
*** fhubik_brb is now known as fhubik09:32
*** dims_ has joined #openstack-keystone09:35
*** stevemar has joined #openstack-keystone09:40
*** ChanServ sets mode: +v stevemar09:40
*** stevemar has quit IRC09:44
*** lhcheng has joined #openstack-keystone09:46
*** ChanServ sets mode: +v lhcheng09:46
*** _cjones_ has joined #openstack-keystone09:47
*** bigjools has quit IRC09:49
*** lhcheng has quit IRC09:51
*** _cjones_ has quit IRC09:52
*** fhubik is now known as fhubik_brb10:05
*** lhcheng has joined #openstack-keystone10:10
*** ChanServ sets mode: +v lhcheng10:10
*** lhcheng has quit IRC10:15
*** topol has joined #openstack-keystone10:24
*** ChanServ sets mode: +v topol10:24
*** topol has quit IRC10:28
*** hidekazu has quit IRC10:37
*** bigjools has joined #openstack-keystone10:42
*** aix has quit IRC10:50
*** e0ne has quit IRC10:56
openstackgerritMerged openstack/keystone: Removed the extra http:// from JSON schema link  https://review.openstack.org/21731911:01
*** aix has joined #openstack-keystone11:03
*** mtaylor is now known as mordred11:12
*** e0ne has joined #openstack-keystone11:13
*** doug-fish has joined #openstack-keystone11:17
*** _cjones_ has joined #openstack-keystone11:17
*** fhubik_brb is now known as fhubik11:22
*** _cjones_ has quit IRC11:22
*** markvoelker has joined #openstack-keystone11:27
*** markvoelker has quit IRC11:32
*** davechen has joined #openstack-keystone11:35
*** davechen has left #openstack-keystone11:35
*** davechen has joined #openstack-keystone11:35
*** gordc has joined #openstack-keystone11:39
*** doug-fish has quit IRC11:41
*** doug-fish has joined #openstack-keystone11:42
*** urulama has quit IRC11:44
*** urulama has joined #openstack-keystone11:44
*** doug-fish has quit IRC11:46
*** doug-fish has joined #openstack-keystone11:46
*** boris-42 has quit IRC11:50
*** katkapilatova has joined #openstack-keystone11:52
*** ParsectiX has quit IRC11:56
*** raildo-afk is now known as raildo12:02
*** dsirrine has joined #openstack-keystone12:06
*** markvoelker has joined #openstack-keystone12:12
*** _cjones_ has joined #openstack-keystone12:19
*** nicodemos has joined #openstack-keystone12:22
*** EinstCrazy has joined #openstack-keystone12:23
*** _cjones_ has quit IRC12:23
*** kiran-r has quit IRC12:25
*** ajayaa has quit IRC12:29
*** edmondsw has joined #openstack-keystone12:33
*** e0ne has quit IRC12:38
*** EinstCrazy has quit IRC12:40
*** ninag has joined #openstack-keystone12:43
*** kiran-r has joined #openstack-keystone12:44
*** thiagop has joined #openstack-keystone12:44
*** ninag has quit IRC12:45
*** raildo is now known as raildo-afk12:45
*** ninag has joined #openstack-keystone12:45
*** davechen has quit IRC12:47
*** dims_ has quit IRC12:47
*** davechen has joined #openstack-keystone12:48
*** hockeynut has quit IRC12:49
*** lbragstad has quit IRC12:49
*** jacorob has quit IRC12:49
*** blewis_ has quit IRC12:49
*** comstud has quit IRC12:50
*** blewis has joined #openstack-keystone12:50
*** blewis is now known as Guest6818712:50
*** hockeynut has joined #openstack-keystone12:50
*** jacorob has joined #openstack-keystone12:50
*** comstud has joined #openstack-keystone12:51
*** lbragstad has joined #openstack-keystone12:51
*** henrynash has joined #openstack-keystone12:52
*** ChanServ sets mode: +v henrynash12:52
*** aix has quit IRC12:56
*** shoutm has joined #openstack-keystone12:58
*** dims_ has joined #openstack-keystone12:58
*** henrynash has quit IRC12:59
*** raildo-afk is now known as raildo13:08
*** richm has joined #openstack-keystone13:08
*** e0ne has joined #openstack-keystone13:09
*** aix has joined #openstack-keystone13:10
*** pece has quit IRC13:19
*** _cjones_ has joined #openstack-keystone13:19
*** ParsectiX has joined #openstack-keystone13:23
*** _cjones_ has quit IRC13:24
*** ninag has quit IRC13:26
*** ninag has joined #openstack-keystone13:27
*** ninag has quit IRC13:27
*** hrou has joined #openstack-keystone13:27
*** ninag has joined #openstack-keystone13:27
*** fhubik is now known as fhubik_brb13:29
*** kiran-r has quit IRC13:32
*** davechen1 has joined #openstack-keystone13:34
*** ninag has quit IRC13:36
*** davechen has quit IRC13:36
*** ninag has joined #openstack-keystone13:36
*** jsavak has joined #openstack-keystone13:37
*** LukeHinds has joined #openstack-keystone13:42
*** ebalduf has joined #openstack-keystone13:43
*** Nirupama has quit IRC13:44
*** fhubik_brb is now known as fhubik13:47
*** sigmavirus24_awa is now known as sigmavirus2413:47
*** ninag_ has joined #openstack-keystone13:48
*** sigmavirus24 is now known as sigmavirus24_awa13:48
*** dsirrine has quit IRC13:49
*** ayoung has joined #openstack-keystone13:49
*** ChanServ sets mode: +v ayoung13:49
*** ebalduf has quit IRC13:50
*** davechen has joined #openstack-keystone13:51
*** ninag has quit IRC13:51
*** davechen1 has quit IRC13:52
*** nicodemos has quit IRC13:54
*** erhudy has joined #openstack-keystone13:54
*** tellesnobrega is now known as tellesnobrega_af13:57
*** zzzeek has joined #openstack-keystone14:02
*** annasort has quit IRC14:03
*** thiagop has quit IRC14:03
*** dsirrine has joined #openstack-keystone14:04
*** iurygregory has quit IRC14:04
*** jsavak has quit IRC14:04
*** ericksonsantos has quit IRC14:04
*** jsavak has joined #openstack-keystone14:06
*** henrynash has joined #openstack-keystone14:07
*** ChanServ sets mode: +v henrynash14:07
*** ParsectiX has quit IRC14:08
openstackgerritDave Chen proposed openstack/keystone: functional tests for keystone on subpaths  https://review.openstack.org/19618614:09
*** davechen has left #openstack-keystone14:10
*** aix has quit IRC14:11
*** sigmavirus24_awa is now known as sigmavirus2414:11
*** r-daneel has joined #openstack-keystone14:12
*** jecarey has joined #openstack-keystone14:16
*** tellesnobrega_af is now known as tellesnobrega14:17
*** Ephur has joined #openstack-keystone14:19
*** _cjones_ has joined #openstack-keystone14:21
*** aix has joined #openstack-keystone14:22
*** pgbridge has joined #openstack-keystone14:25
*** _cjones_ has quit IRC14:25
ayoungbknudson, now that we use entrypoints instead of have keystone-all etc...how do I generate them? python setup.py build does not create them14:27
*** sdake_ has joined #openstack-keystone14:27
*** btully has joined #openstack-keystone14:28
*** jsavak has quit IRC14:28
*** jsavak has joined #openstack-keystone14:29
*** jorge_munoz has joined #openstack-keystone14:29
ayoungGAH  PYTHON!14:29
ayoungOK...entyrpoints are wonderful, but I do not want to install to run a CLI.  I don't want a venv. I want to build and use in my user-isolated realm....14:30
*** tellesnobrega is now known as tellesnobrega_af14:30
*** openstackgerrit has quit IRC14:31
*** tellesnobrega_af is now known as tellesnobrega14:31
*** openstackgerrit has joined #openstack-keystone14:32
lbragstadayoung: don't you just need it to be a package then? you don't want to expose the project through a CLI entry point, but having it in a package would still allow you to import it into another project, etc... right?14:32
*** tellesnobrega is now known as tellesnobrega_af14:32
ayounglbragstad, I'm talkking about for development...14:33
ayounglbragstad, It ok, I'll use the venv14:33
*** topol has joined #openstack-keystone14:33
*** ChanServ sets mode: +v topol14:33
ayoungbut I often ran the Keystone server in my home build dir to make sure RPMS etc were all good.  I can do it using python and importing the entry point.  Its just anotherthing that python does its own way14:34
*** annasort has joined #openstack-keystone14:34
lbragstadayoung: if you're trying to get it working for development can't you just install in in a venv with python setup.py?14:34
ayounglbragstad, I can.  It just does not make sense for one of my use patterns, and the bin scripts not being gneerated by python setup.py is a bit frustrating14:35
*** slberger has joined #openstack-keystone14:35
*** jsavak has quit IRC14:36
ayounglbragstad, I might be able to run the scripts inside the venv without activating it, but have not tried yet.  We have an issue where we need to run older version ofthe unit tests, but run aainst the RPMS installed on the system for dependencies, too14:36
ayoungand I wanted to run the migrations to make sure it worked against a real MySQL server, not just sqlite...14:36
ayounglittle things...14:36
lbragstadayoung: it should work in a development env venv if you pass entry_points using your setup.py script14:37
*** jsavak has joined #openstack-keystone14:37
*** david-lyle has quit IRC14:37
*** tellesnobrega_af is now known as tellesnobrega14:38
*** pnavarro has quit IRC14:38
*** ninag_ has quit IRC14:39
*** ninag has joined #openstack-keystone14:39
ayounglbragstad, ?14:40
*** raildo is now known as raildo-afk14:41
*** raildo-afk is now known as raildo14:41
lbragstadayoung: http://cdn.pasteraw.com/ahvhx4dsfm83kmv4dzpal3jfomaess314:42
bknudsonayoung: pip install doesn't create them?14:42
ayoungbknudson, I don't want to run pip install14:42
*** ebalduf has joined #openstack-keystone14:42
ayoungbknudson, I wanted to just do bin/keystone-manage14:42
*** jecarey has quit IRC14:42
ayoungso python setup.py build creats a lib but not a bin14:42
lbragstadayoung: the entry_points part should create a bin for you that points the module you want to use as the entry point14:43
ayounglbragstad, doing python setup.py build?14:43
lbragstadayoung: try python setup.py install14:44
ayounglbragstad, no14:44
ayoungthat installs into the /usr/lib tree on  RH based installs14:44
*** ninag has quit IRC14:44
ayoungbuild is supposed to do this, not install14:44
*** geoffarnoldX is now known as geoffarnold14:45
*** phalmos has joined #openstack-keystone14:45
*** ninag has joined #openstack-keystone14:46
lbragstadayoung: strange, I just did this yesterday but not on RH and it installed my project bins into a venv14:46
ayounglbragstad, I can do what I need by activating the venv for now14:47
ayounglbragstad, I think you used tox14:47
lbragstadnope14:47
lbragstadI used python setup.py14:47
bknudsonvirtualenv keystone-install && keystone-install/bin/pip install .14:47
ayounglbragstad, just doing python setup.py build should not create a venv14:47
ayoungGAH14:47
lbragstadbtw, this was for a side project, not keystone14:47
ayoungOk..tis is a pcakaging type workflow, not upstream development14:48
ayoung I want to test a patch14:48
bknudsonbetter do keystone-install/bin/pip install .[ldap]14:48
lbragstadayoung: can you use bdist?14:48
bknudsonso you get the ldap stuff14:48
ayoungI will eventually build a full RPM and test that way, but as an interim step I want to test the code against the RPMS installed by the repo14:48
*** fhubik is now known as fhubik_brb14:48
ayoungI want to keep my laptop clean, and not install unpackaged code into /lib bknudson14:49
bknudsondo you split keystone up into multiple rpms?14:49
ayoungso pip is out14:49
ayoungbknudson, actually, we do, but irrelevant for this.  Here is how it works14:49
ayoungwe have a repo that is bascially the stable code...14:50
lbragstaddoesn't pip -e provide functionality to install into a path?14:50
ayoungwe manage some patches independently, though14:50
ayoungand to test that code, I need to build a VM with a clean set of RPMs, so I don;t want to install anything into it via something other than yum, or I end up with a code path that does not reflect what I will deploy in the filed14:51
ayoungfield14:51
bknudsonyum localinstall .14:51
ayoungso I want to do something like yum install openstack-keystone to get all the deps filled in, then git checkout out the source version to build and test it14:52
lbragstadare you trying to expose an entry point from something maintained outside of keystone?14:52
*** fhubik_brb is now known as fhubik14:52
ayoungbknudson, yes, I will get there, but during the coding phase, I'd rather not have to build an rpm for each test.  I want to git checkout <mybranch> then run testr etc14:52
ayoungand also some manual tests, like keystone-manage db_sync14:52
morganayoung: pip install should not add anything but the project itself unless the system requirements are insufficient.14:53
ayoungwhat I really want is for things like entry_points to not replace the existing way of thinking about code14:53
bknudsonI'm not sure what the problem is... for the python libraries that keystone uses you want them to be from the rpms and not the venv?14:53
ayoungmorgan, in order to run pip install, I have to do sudo.  That is a nogo for this workflow14:53
ayoungbknudson, that is correct14:54
ayoungseriously, guys, forget pip14:54
morganOh just make a venv with access to the system14:54
ayoungmorgan, GAH.14:54
ayoungno14:54
ayoungthe system IS the venv here.14:54
morganOr use sdist14:54
ayoungits a testing vm14:54
bknudsonmy understanding is that pip is required.14:54
ayoungmy understanding is that whomever came up with entry_points for bins was not aware of how many people use code14:55
morganSo pip is the supported workflow. Setup.py install is not for lots of reasons14:55
ayoungpython setup.py build should create build/bin14:55
morganEither you are doing an install or a sdist14:55
morganBuild iirc is not what you want. But you can tag zigo for help here. He can probably guide you a bit better14:56
ayoung"Is the whole world taking crazy pills?  He's got one look!"14:56
morganThough he is likley using a chroot14:56
zigoCan I help?14:57
ayoungmorgan, TBH, I don't even really want build.14:57
ayoungzigo, without doing an install I want keystone-manage14:57
ayoungnot yusing pip14:57
morganzigo: which is an entry point14:57
ayoungjust from inside my tree, with normal user privs14:57
zigoayoung: Just write a tiny "entry point script" by hand...14:57
*** dims_ has quit IRC14:58
zigoI did that for some package expecting "setup.py install" when running tests.14:58
ayoungzigo, and this we call progress?14:58
bknudsonI guess we could take .venv/bin/keystone-manage and check it into keystone.14:58
*** stevemar has joined #openstack-keystone14:58
*** ChanServ sets mode: +v stevemar14:58
*** dims_ has joined #openstack-keystone14:58
bknudsonas bin/keystone-manage14:58
zigoayoung: Hum... Nop, definitively ! :)14:58
*** jistr is now known as jistr|call14:58
ayoungbknudson, let me try that and see what happends...14:59
zigoayoung: Maybe you can just call "python setup.py install --root=foo" then take the things from foo/usr/bin.14:59
zigoThis would work too.14:59
morganzigo: thnx. I figured it was something like that15:00
ayoungthis worked:15:00
ayoungmkdir build/bin15:00
ayoungcp .tox/py27/bin/keystone-manage build/bin/15:00
ayoungcd build15:00
ayoung./bin/keystone-manage db_version15:00
*** boris-42 has joined #openstack-keystone15:01
*** openstackgerrit has quit IRC15:01
*** richm has quit IRC15:02
morganayoung: fwiw - i always use a venv. Sometimes i make the venv access the ayatem libs (option when making a venv) then installing there. It will also show you what was insufficient compared to what the system has15:02
*** openstackgerrit has joined #openstack-keystone15:02
ayoungbknudson, it does not feel like someting to check in...more like an extension to setuptools to call PBR console_scripts or someting15:02
ayoungmorgan, trying to reduce the tooling necessary for QA, though15:02
ayoungI can work around it15:03
morganayoung: or just install keystone and nothing else. That has been my workflow when dealing with needing keystone + system install and not root perms15:03
bknudsonI thought we were all using docker now.15:03
ayoungbknudson, I would love it if we deployed keystone inside a container....15:03
morganbknudson: oh sorry docker docker docker docker docker docker15:03
ayoungwe do these all-in-one images and it means that we can't change the Keystone version due to all the library dependencies....15:04
ayoungdawkah15:04
morganBefore i request releases of libs anything we need to land?15:04
ayoungrevocation events?15:05
* ayoung ducks15:05
ayounglbragstad, is the issue with sub-second times on fernet tokens a space issue?15:05
bknudsonmorgan: would be nice to have https://review.openstack.org/#/c/223338/ or something like it15:06
dolphmayoung: a spec issue15:06
morganayoung: and a mitaka target15:06
morganTo fix15:06
bknudsonmorgan: since that fixes ut issue so we can merge other stuff15:06
ayoungdolphm, what do you mean?15:06
dolphmayoung: the fernet spec, which we did not write, specifies second-level precision15:06
ayoungah15:06
morganbknudson: looking15:06
bknudsonmorgan: then there's a reqs update: https://review.openstack.org/#/c/221079/15:06
dolphmayoung: github.com/fernet/spec15:06
ayoungdolphm, so, the reason we had the sub-second was due to the need for speed in the unit tests:  some tests ran so fast that the issue and revoke happend in the same second15:07
ayoungto work around that, I think we can manipulate the clock15:07
morganayoung: yeah something to fix next cycle15:07
dolphmayoung: right, but you can't manipulate the clock from tempest :-/15:07
bknudsonhttps://github.com/fernet/spec/blob/master/Spec.md#timestamp -- seconds since epoch15:07
ayoungbknudson, thanks15:08
bknudsonand you can't require customers to manipulate their clock15:08
morganThere are a few solutions to this issue. But nothing we can fix today15:08
morganOne is revocation events being a <now15:08
ayoungmorgan, I know...since I am responsible for the original issue (subseconds) I want to make sure the solution is solid...15:09
morgan1 second window of exposure15:09
morganSo anyway. Next cycle15:09
ayoungdoes tempest do things that fast, too?15:09
morganbknudson: first linked patch +A15:09
*** roxanaghe has joined #openstack-keystone15:09
morganbknudson: requirements change I'll +A once Jenkins approves15:10
bknudsonmorgan: I could rebase it onto https://review.openstack.org/#/c/223338/ ?15:11
bknudsonso that it passes15:11
morganbknudson: about the same amount of work. Your call.15:11
morganbknudson: if you do rebase feel free to +2/+A15:12
bknudsonI'll do the rebase so we don't have to wait for the first one to merge.15:12
morganSounds good15:12
openstackgerritBrant Knudson proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/22107915:12
ayoungbknudson, so fernet is only specified for AES 128 crypto?15:13
morganIt also has create time that is 1 second resolution15:14
bknudsonayoung: yes, I guess they figured it was the way to go.15:14
morganThe create time is outside the Aes payload15:14
morganBut AES128 CBC is pretty solid these days, and fernet could expand it to something else down the line15:15
bknudsonI guess we could put our own timestamp in the ciphertext and then not use the fernet timestamp?15:15
morganOr just call it some other gross alcohol and change the crypto15:15
bknudsonor just use it for the fernet invalidation15:15
bknudsonmorgan: what's the grossest alcohol?15:15
*** nicodemos has joined #openstack-keystone15:15
morganGrappa is up there in my book15:16
openstackgerrithenry-nash proposed openstack/keystone: Issue deprecation warning if domain_id not specified in create call  https://review.openstack.org/20984815:16
morganI am leaving out the college gross things like aftershock and fireball15:16
*** thiagop has joined #openstack-keystone15:18
*** tonytan4ever has joined #openstack-keystone15:21
*** diazjf has joined #openstack-keystone15:22
henrynashmorgan: for RC1, I have two bugs I’d liek to get in: https://review.openstack.org/#/c/209848/3 and https://review.openstack.org/#/c/191976/15:22
henrynashmorgan: could you add them to the list?15:22
*** katkapilatova has left #openstack-keystone15:24
henrynashlbragstad: I wonder if you could reapply your +2 to https://review.openstack.org/#/c/191976/ (had to rebase)15:25
bknudsonhenrynash: what's up with the migration change in https://review.openstack.org/#/c/191976/ ?15:26
bknudsonok, so it can be backported...15:26
henrynashbknudson: yep15:26
henrynashbknudson: we’ve had at least one customer fall into this hole15:26
*** iurygregory has joined #openstack-keystone15:28
bknudsonthis looks pretty scary for a backport.15:29
bknudsonwhy is the mutex table being added?15:29
*** shoutm has quit IRC15:30
*** jistr|call is now known as jistr15:30
henrynashbknudson: well, we need some cross-process communication to make sure that we don’t have multiple processes trying to grab teh one and only sql driver at the same time15:30
henrynashbknudson: use SQL seemed a reasonable thing to do for that….but am open to other simpler ways….15:31
bknudsonso this is implementing a whole distributed lock scheme?15:31
henrynashbknudson: basically, yes15:32
henrynashbknudson: just using a row in an sql table to do it15:32
bknudsonhenrynash: if a server goes down while it's holding a lock that'll require a db operation to clear it out?15:34
*** david-ly_ has joined #openstack-keystone15:35
henrynashbknudson: no, I hope I self heal in that case….15:35
henrynashbknudson: all the “lock” says is which domain has the mutex….we never wait on it15:36
henrynashbknduson: every time we start a keystone, we’re going to go through each domain config and see which one wants SQL…if we find one that does, and the row in the table already exists and it is for the domain that wants it, we say fine15:37
*** jsavak has quit IRC15:38
henrynashbknudson: if a server crashed deleting a domain (and just before removing the mutex)…we also detect that whenr checking the row in the table to see if the domain that claims to have it still exists15:39
bknudsondoesn't really seem like a mutex, it's just a row that says which domain is the sql one?15:41
henrynashbknudson: yeah, you right really!15:41
*** david-ly_ is now known as david-lyle15:41
bknudsonmind clearing it up?15:41
henrynashbkudson: in terms of naming?15:41
bknudsonyes15:41
henrynashsure, I’ll do that tonight....15:41
bknudsonthe table cols could be type | id with a primary index on type15:42
bknudsonwhere type is always 'sql'15:42
bknudsonthen a second insert would fail because of the conflict15:42
henrynashisn’t that what I’m doing?15:42
bknudsonyes, but for some reason the table is called mutex, when it isn't a mutex.15:43
henrynashah, right…sure…I’ll fix that!15:43
henrynashgreat, thx15:43
*** henrynash has quit IRC15:44
*** jsavak has joined #openstack-keystone15:46
*** jistr has quit IRC15:54
*** devlaps has joined #openstack-keystone15:54
lbragstadbknudson: our implementation of fernet was original written that way, where the issued at the expires at times were in the ciphertext, but it's redundant with what fernet already does and it bloats the token.15:56
*** roxanaghe has quit IRC15:57
bknudsonlbragstad: it's not redundant if it has more info15:57
bknudsoncould just store the microseconds in the cipher15:57
*** pece has joined #openstack-keystone15:57
*** ChanServ sets mode: +o dolphm15:57
lbragstadayoung: yep, tempest runs test within a second http://i.imgur.com/Gplkgcc.jpg15:58
*** jecarey has joined #openstack-keystone15:58
lbragstadayoung:  mtrienish was nice enough to do some profiling for us15:58
ayounglbragstad, so we can put a second delay in the tests that do issue/revoke15:59
lbragstadayoung: yes, essentially15:59
lbragstadayoung: I'm working on some patches locally that i'd like to get up by the end of the dya15:59
ayoungmorgan, AES is secure today, but symmetric crypto has typically had a short life.  Asym algorthms have not changed much, but the symmetric ones have been replaced fairly regularly (me handwaves for time span)16:00
*** richm has joined #openstack-keystone16:03
*** jsavak has quit IRC16:04
*** EinstCrazy has joined #openstack-keystone16:04
ayounglbragstad, post em and ping me16:06
*** EinstCrazy has quit IRC16:06
lbragstadayoung: will d16:06
lbragstaddo*16:06
*** gyee has joined #openstack-keystone16:06
*** ChanServ sets mode: +v gyee16:06
*** jsavak has joined #openstack-keystone16:07
*** EinstCrazy has joined #openstack-keystone16:08
*** EinstCrazy has joined #openstack-keystone16:09
openstackgerritMerged openstack/keystonemiddleware: auth_token tests use clean config  https://review.openstack.org/22333816:12
*** lhcheng has joined #openstack-keystone16:13
*** ChanServ sets mode: +v lhcheng16:13
*** lhcheng has quit IRC16:13
*** lhcheng has joined #openstack-keystone16:13
*** ChanServ sets mode: +v lhcheng16:13
morganOoh.. Earthquake. :(16:14
gyeemorgan, just now?16:19
*** henrynash has joined #openstack-keystone16:19
*** ChanServ sets mode: +v henrynash16:19
dstanekmorgan: that's the signal to move to the East coast16:19
*** henrynash has quit IRC16:21
morgandstanek: eh. Was maybe a 3.016:21
gyee3.0 is baby16:21
*** EinstCrazy has quit IRC16:22
*** sdake_ is now known as sdake16:23
*** henrynash has joined #openstack-keystone16:26
*** ChanServ sets mode: +v henrynash16:26
*** roxanaghe has joined #openstack-keystone16:31
*** ebalduf has quit IRC16:35
*** ebalduf has joined #openstack-keystone16:35
dstanekmorgan: looking at the bike shed review you mentioned yesterday. what are the migration rules for rst that are mentioned?16:35
*** ayoung has quit IRC16:36
*** diazjf has quit IRC16:41
*** diazjf has joined #openstack-keystone16:41
openstackgerrithenry-nash proposed openstack/keystone: Issue deprecation warning if domain_id not specified in create call  https://review.openstack.org/20984816:41
*** phalmos has quit IRC16:43
*** diazjf has quit IRC16:46
*** tonytan4ever has quit IRC16:47
*** ankita_wagh has joined #openstack-keystone16:49
*** richm has quit IRC16:50
slbergerhas any one experienced any performance deterioration with a single keystone node when making concurrent write requests to it? so like deleting 100 tenants using 10 threads at once16:52
*** browne has joined #openstack-keystone16:54
morgandstanek: not sure. But ultimately fixing a typo like that did not justify 5 patches16:56
*** diazjf has joined #openstack-keystone16:57
*** _cjones_ has joined #openstack-keystone16:58
*** exploreshaifali has joined #openstack-keystone16:59
morganOh earthquake was a 4.5. Looks like on/near San Andreas fault16:59
dstanekhas anyone gotten ldap identity working in devstack?17:03
bknudsondstanek: it's worked for me in the past.17:03
morgandstanek: not recently17:03
*** fhubik has quit IRC17:04
dstanekit's been one problem after another - current failure is http://paste.openstack.org/show/464960/17:05
dstanekbknudson: i'm also using your patch so things actually get installed17:05
*** richm has joined #openstack-keystone17:05
bknudsonit should work without my patch17:06
*** lsmola has quit IRC17:13
*** nicodemos has quit IRC17:16
*** e0ne has quit IRC17:19
*** exploreshaifali has quit IRC17:19
*** jsavak has quit IRC17:23
*** jsavak has joined #openstack-keystone17:24
openstackgerritMerged openstack/keystone: Support project hierarchies in data driver tests  https://review.openstack.org/15448517:24
*** geoffarnold has quit IRC17:29
*** geoffarnold has joined #openstack-keystone17:31
*** spandhe has joined #openstack-keystone17:31
*** phalmos has joined #openstack-keystone17:32
dstanekbknudson: without your patch i have to manually install python-ldap and ldappool17:35
bknudsondstanek: https://review.openstack.org/#/c/208153/7/lib/ldap is where ldappool happened before17:36
bknudsondevstack might assume that python-ldap is installed via packages?17:37
dstanekbknudson: ah, i bet it would have worked fine then. when i first started i had issues adding the ldap service (meaning i did it wrong), but changed the keystone backend to ldap17:38
dstanekso i guess i am just stuck at the cn=config ldap error after all17:38
*** jsavak has quit IRC17:41
*** jsavak has joined #openstack-keystone17:41
*** topol has quit IRC17:46
*** topol_ has joined #openstack-keystone17:48
*** ChanServ sets mode: +v topol_17:48
*** jsavak has quit IRC17:49
*** henrynash has quit IRC17:51
*** phalmos has quit IRC17:52
*** topol_ has quit IRC17:52
*** ankita_w_ has joined #openstack-keystone17:54
*** sdake_ has joined #openstack-keystone17:54
*** ankita_wagh has quit IRC17:56
*** sdake has quit IRC17:58
*** e0ne has joined #openstack-keystone17:59
*** jsavak has joined #openstack-keystone17:59
*** ankita_w_ has quit IRC18:00
*** ankita_wagh has joined #openstack-keystone18:00
*** ayoung has joined #openstack-keystone18:00
*** ChanServ sets mode: +v ayoung18:00
*** mylu has joined #openstack-keystone18:03
*** geoffarn_ has joined #openstack-keystone18:04
*** LukeHinds has quit IRC18:05
*** jsavak has quit IRC18:06
*** geoffarnold has quit IRC18:07
*** jsavak has joined #openstack-keystone18:07
*** ankita_w_ has joined #openstack-keystone18:09
*** ankita_wagh has quit IRC18:09
*** henrynash has joined #openstack-keystone18:11
*** ChanServ sets mode: +v henrynash18:11
*** jorge_munoz has quit IRC18:11
*** openstackgerrit has quit IRC18:16
*** pece has quit IRC18:16
*** fhubik has joined #openstack-keystone18:17
*** openstackgerrit has joined #openstack-keystone18:17
*** fhubik has quit IRC18:17
*** e0ne has quit IRC18:18
*** e0ne has joined #openstack-keystone18:20
stevemarjamielennox: around?18:26
stevemardstanek: i tried it around the mid-cycle and it worked18:27
*** tonytan4ever has joined #openstack-keystone18:28
dstanekstevemar: i'm just reading up on slapd now :-(18:28
*** david-lyle has quit IRC18:30
*** boris-42 has quit IRC18:30
dstanekstevemar: i think this is all because i'm using f2218:37
dstanekfirst issue was the switch from hdb to mdb as the default - now there is some inappropriate matching going on18:38
*** phalmos has joined #openstack-keystone18:40
*** aix has quit IRC18:46
openstackgerrithenry-nash proposed openstack/keystone: Relax newly imposed sql driver restriction for domain config  https://review.openstack.org/19197618:46
*** henrynash has quit IRC18:46
*** mylu has quit IRC18:47
*** mylu has joined #openstack-keystone18:47
bknudsonkeystone exceptions are a mess.18:51
*** henrynash has joined #openstack-keystone18:55
*** ChanServ sets mode: +v henrynash18:55
*** ninag has quit IRC18:56
*** ninag has joined #openstack-keystone18:56
morgandstanek: dirserv has some tools that make it easier to standup than raw slapd18:59
morgandstanek: but it's about the same18:59
*** roxanaghe has quit IRC19:00
*** roxanaghe has joined #openstack-keystone19:00
*** ninag has quit IRC19:01
*** jorge_munoz has joined #openstack-keystone19:01
*** roxanaghe has quit IRC19:02
*** ninag has joined #openstack-keystone19:03
*** roxanaghe has joined #openstack-keystone19:05
*** phalmos has quit IRC19:06
*** wasmum- has quit IRC19:08
*** csoukup has joined #openstack-keystone19:08
openstackgerrithenry-nash proposed openstack/keystone: Issue deprecation warning if domain_id not specified in create call  https://review.openstack.org/20984819:09
*** ninag has quit IRC19:11
openstackgerrithenry-nash proposed openstack/keystone: Remove unused code in domain config checking  https://review.openstack.org/19405719:11
*** ninag has joined #openstack-keystone19:11
*** henrynash has quit IRC19:13
dstanekmorgan: getting closer. now i'm getting a duplicate attribute error19:13
*** amakarov is now known as amakarov_away19:15
*** ninag has quit IRC19:17
*** tonytan4ever has quit IRC19:18
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/22107919:20
*** aix has joined #openstack-keystone19:25
*** phalmos has joined #openstack-keystone19:29
*** pumaranikar has joined #openstack-keystone19:34
*** e0ne has quit IRC19:35
*** ebalduf has quit IRC19:36
*** wasmum has joined #openstack-keystone19:37
*** henrynash has joined #openstack-keystone19:38
*** ChanServ sets mode: +v henrynash19:38
*** henrynash has quit IRC19:42
*** ebalduf has joined #openstack-keystone19:46
*** mylu has quit IRC19:47
*** topol has joined #openstack-keystone19:49
*** ChanServ sets mode: +v topol19:49
*** sdake has joined #openstack-keystone19:49
*** roxanaghe has quit IRC19:51
*** sdake_ has quit IRC19:52
*** tonytan4ever has joined #openstack-keystone19:53
*** mylu has joined #openstack-keystone19:58
*** ninag has joined #openstack-keystone19:59
*** dyasny has joined #openstack-keystone20:00
dyasnyhi all20:01
*** ninag has quit IRC20:01
dyasnyhow would one debug this error: ERROR keystone.common.wsgi [-] {'desc': 'Inappropriate authentication'} (trying to set up an ldap backend)20:02
*** ninag has joined #openstack-keystone20:02
*** openstackstatus has quit IRC20:02
*** mestery has quit IRC20:02
*** openstackstatus has joined #openstack-keystone20:03
*** ChanServ sets mode: +v openstackstatus20:03
*** mestery has joined #openstack-keystone20:03
*** mylu has quit IRC20:05
*** mylu has joined #openstack-keystone20:06
*** sigmavirus24 is now known as sigmavirus24_awa20:06
*** ninag has quit IRC20:06
dstanekdyasny: that looks like a failure to login to ldap. are your [ldap] user and password settings correct?20:06
*** ninag has joined #openstack-keystone20:08
*** sigmavirus24_awa is now known as sigmavirus2420:08
*** stevemar has quit IRC20:08
*** annasort has quit IRC20:08
*** stevemar has joined #openstack-keystone20:09
*** ChanServ sets mode: +v stevemar20:09
dyasnydstanek, frankly, my ldap can be queried without a login20:10
dyasnydstanek, so ldapsearch works whether I provide crednetials or not20:11
*** stevemar has quit IRC20:11
*** jsavak has quit IRC20:20
dstanekdyasny: so what do you have in keystone's configuration?20:20
dyasnydstanek, pretty much this: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/red-hat-enterprise-linux-openstack-platform-7-users-and-identity-management-guide/chapter-3-identity-management20:21
dstanekdyasny: is that a valid user for you?20:22
dyasnydstanek, I'm using another user, but the queryworks20:23
dstanekdyasny: i think that user/password combination must be valid20:23
dstanekdyasny: or i think you can leave user/password both blank20:25
dstanekbut you for sure can't put invalid credentials in there20:25
dyasnydstanek, mine are valid... is there a way to see what code keystone actually runs to authenticate?20:26
dyasnylike set logging to debug osmehow?20:26
dstanekdyasny: i think this is it: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/ldap/core.py#n128220:27
dstanekdyasny: if you can connect with the user/password from your config them i'm a little stumped20:28
dstanekdyasny: these are the relevant config values: http://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone.conf.sample#n90820:29
*** jsavak has joined #openstack-keystone20:31
*** pumaranikar has quit IRC20:33
*** pumaranikar has joined #openstack-keystone20:34
*** annasort has joined #openstack-keystone20:34
dyasnydstanek, thanks20:35
dstanekdyasny: get it working?20:35
dyasnydstanek, no, I think there might be something with the ldap backend that requires tweaking, going to make sure the python code works with auth first, and then apply that to keystone20:37
dstanekdyasny: ok. have you tried to change your config to not use a username/password?20:39
*** roxanaghe has joined #openstack-keystone20:40
dyasnydstanek, how do I do that?20:41
dstanekdyasny: i think you can just comment them out20:42
dstaneki'm guessing that it will run the queries without logging in, but i've only used the ldap backend with devstack and you need a username/password to access it20:43
*** csoukup has quit IRC20:43
ayoungdyasny, 'Inappropriate authentication'  sounds like you can't query ldap...maybe you actually specified a user whenre you menat to be anonymous?20:45
ayoungdyasny, I could fix it for you.  Let me send you a contract with my hourly rates.20:46
ayoungOh, damn, you work for my employer...20:46
morgandstanek, bknudson: any patches not inflight that need love before I start rolling up releases?20:46
dstanekmorgan: not to my knowledge20:46
morganayoung: you should still contract out for that... or is that a conflict of interest?20:46
morganayoung: :P20:46
dyasnyayoung, whoops :)20:46
ayoungmorgan, unfortunatly, yes.  I could make a killing20:47
* dyasny takes a screenshot and saves it into the potential blackmail folder20:47
morganayoung: hehe20:47
*** tonytan4ever has quit IRC20:47
bknudsonmorgan: keystoneclient bug https://docs.python.org/2/library/uuid.html#uuid.uuid420:47
morgandyasny: oh don't worry we all have lots of that on ayoung already. I don't think one more would make a difference20:47
ayoungOoh, Chronicals of the Lensman just arrived in the mail.20:47
morganbknudson: looking20:47
dstanekayoung: f22 nearly killed me today20:47
ayoungUm,  dyasny sorry, I can't help you right now....20:47
morgandstanek: solutioin: don't use f2220:47
ayoungheh20:47
dyasnymorgan, but but but I want to make a killing too!20:47
* ayoung sadly puts book aside20:47
morganbknudson: uhm... what is that bug?20:48
ayoungdyasny, OK, so what do you have for the following values....20:48
dstanekmorgan: Canonical makes me sad so I have moved on20:48
bknudsonmorgan: oops, pasted wrong link20:48
morgandstanek: I hear suse is fun20:48
morgandstanek: :P20:48
dyasnyayoung, before we drop into values, I think I know the problem - our ldap is open for queries, but it is not an authentication source, kerberos is elsewhere20:48
bknudsonmorgan: https://review.openstack.org/#/c/155758/20:48
morganbknudson: hehe aha that looks more interesting20:49
ayoungurl = ldap://localhost20:49
ayoungdyasny, ah20:49
ayoungdyasny, you tring to use corporate LDAP?20:49
morganbknudson: *facepalm* yes20:49
morganwe need that20:49
dyasnyayoung, indeed20:49
morganbknudson: +2/+A20:50
* dyasny just realised this must be the culprit20:50
ayoungdyasny, ok...that should actually work.  But...probably don;t want it to20:50
*** jorge_munoz has quit IRC20:50
*** mylu has quit IRC20:50
* morgan wonders if leaving now it owuld be possible to get 120km bike ride in before dark20:50
ayoungSo, yeah, you can authenticate against corp LDAP, but then the user does a simple bind, which means their password goes by way of Keystone.  And, Keystone really shouldn't see users passwords.20:50
bknudsonI don't see anything in keystonemiddleware20:50
ayoungBut it will work20:50
morganbknudson: yeah ksm looks clear20:51
ayounga better approach would be to use SAML and Federation20:51
*** mylu has joined #openstack-keystone20:51
morganbknudson: and i'm looking over Keystoneauth for any minor things to land [very minor or legit bug fixes]20:51
morganbknudson: not worried about pycadf atm20:51
dyasnyayoung, can you throw some links my way please?20:51
*** mylu has quit IRC20:52
bknudsonhttps://review.openstack.org/#/c/217501/ is gating now for pycadf20:52
*** mylu has joined #openstack-keystone20:52
morganbknudson: https://review.openstack.org/#/c/222029/ looks like we need it [silly,but was missed]20:52
morganbknudson: and this one can probably wait: https://review.openstack.org/#/c/223429/20:53
bknudsonif nobody using keystoneauth is complaining about missing https://review.openstack.org/#/c/222029/ I'd say skip it.20:53
morganbknudson: ok so just waiting on gating for pycadf, ksm, and ksc in flight and the ksa one would be nice to get in but not needed20:53
morganbknudson: thnx.20:53
bknudsondo we need a stable/ branch for keystoneauth?20:54
morganbknudson: we will get one20:54
morganbknudson: but no we don't20:54
morganbknudson: in fact if we ever need one we did it wrong.20:54
morganif a stable branch is needed we should be on keystoneauth220:54
bknudsonah, right.20:55
bknudsonthe way we do requirements seems off, but I guess we have to deal with the resolver issue20:56
openstackgerritMerged openstack/pycadf: Updated from global requirements  https://review.openstack.org/21750120:56
bknudsonseems like we should be able to say keystone reqs x>=1.0 and nova reqs x>=1.5 ... why not?20:56
*** spandhe has quit IRC21:00
*** mylu has quit IRC21:02
*** spandhe has joined #openstack-keystone21:02
openstackgerritMerged openstack/keystoneauth: Convert project to os-testr  https://review.openstack.org/22013121:03
morganbknudson: i dunno.21:03
morganbknudson: i mean, lifeless might have more info on the resolver issue but eh.21:04
*** phalmos has quit IRC21:04
bknudsonmorgan: if we deprecate in L we can't remove until N right?21:04
morganbknudson: depends on what21:04
morganbknudson: but typically yes21:04
bknudsonmorgan: https://review.openstack.org/#/c/209848/5/keystone/common/controller.py21:05
*** mylu has joined #openstack-keystone21:05
morganyeah that needs to be a N cycle removal21:05
bknudsonthis might go in the "small feature" bucket son only reqs 3 months21:05
bknudsonso only21:05
morganbknudson: i tossed a -1 on it with a comment of 2-cycle removal21:06
morganbut feel free to override/propose a quick change on top of it21:06
bknudsonI'll just update it since I agree.21:07
bknudsonwhat are we going to call the N release?21:07
*** pumaranikar has quit IRC21:07
morganbknudson: "N release"21:08
morganfor this case21:08
morgan:P21:08
*** jorge_munoz has joined #openstack-keystone21:09
*** tonytan4ever has joined #openstack-keystone21:09
*** raildo is now known as raildo-afk21:10
openstackgerritBrant Knudson proposed openstack/keystone: Issue deprecation warning if domain_id not specified in create call  https://review.openstack.org/20984821:11
lifelessmorgan: resolver issue ?21:16
morganlifeless: ask bknudson what he meant21:16
morganlifeless: not sure21:17
lifelessbknudson: ^?21:17
bknudsonlifeless: seems like we should be able to say keystone reqs x>=1.0 and nova reqs x>=1.5 ... why not?21:17
bknudsonrequiring the same min for all projects seems unnecessary.21:17
lifelessbknudson: you mean have differing lower bounds per project within openstack ?21:17
bknudsonyes21:17
lifelessbknudson: so, due to pip limitations (issue-988) thats infeasible today21:18
lifelessconsider A -> x>1, B21:18
lifelessand B -> x>221:19
lifelesspip install A will install x>1, not x>2.21:19
lifelessif x 1.5 is already installed, the result will be that it stays as-is, not upgraded, and B won't work.21:19
*** ankita_w_ has quit IRC21:20
lifelessthere are other angles we could talk about like consistency, predictability, the polynomial growth of tests required to be sure that a lower bound really is valid21:20
lifelessthe fact we don't even test *any* lower bounds today21:20
bknudsondeployers sometimes test lower bounds.21:20
lifelessbut issue-988 is a hard requirement to be able to have any confidence in differing lower bounds across the project21:20
lifelessbknudson: how? There's no machinery to select lower bounds within pip (or apt/dnf for that matter)21:21
bknudsonlifeless: they deploy without updating the packages and find problems21:21
lifelessbknudson: thats not testing :)21:21
lifelessbknudson: by testing I mean a reproducible automated thing we can do to find problems before it strikes in the field21:22
*** mylu has quit IRC21:22
*** mylu has joined #openstack-keystone21:23
*** ankita_wagh has joined #openstack-keystone21:23
*** hrou has quit IRC21:24
*** boris-42 has joined #openstack-keystone21:26
*** diazjf has left #openstack-keystone21:31
*** mylu has quit IRC21:34
*** topol has quit IRC21:39
*** topol has joined #openstack-keystone21:40
*** ChanServ sets mode: +v topol21:40
*** tonytan4ever has quit IRC21:40
*** ebalduf has quit IRC21:40
*** jsavak has quit IRC21:44
*** topol has quit IRC21:44
openstackgerritMerged openstack/python-keystoneclient: Avoid message concatenation in error path  https://review.openstack.org/15575821:46
*** spandhe has quit IRC21:49
*** jsavak has joined #openstack-keystone21:51
*** david-lyle has joined #openstack-keystone21:56
*** spandhe has joined #openstack-keystone22:00
*** jecarey has quit IRC22:02
*** ninag has quit IRC22:04
*** ninag has joined #openstack-keystone22:04
*** gordc has quit IRC22:06
*** jorge_munoz has quit IRC22:08
*** ninag has quit IRC22:08
*** stevemar has joined #openstack-keystone22:10
*** ChanServ sets mode: +v stevemar22:10
*** jorge_munoz has joined #openstack-keystone22:13
*** stevemar has quit IRC22:13
*** urulama has quit IRC22:15
*** jsavak has quit IRC22:15
*** urulama has joined #openstack-keystone22:15
*** thiagop has quit IRC22:16
*** jorge_munoz has quit IRC22:23
*** slberger has left #openstack-keystone22:25
*** david-lyle has quit IRC22:29
*** dsirrine has quit IRC22:34
*** ebalduf has joined #openstack-keystone22:38
*** ebalduf has quit IRC22:44
openstackgerritLin Hua Cheng proposed openstack/keystone: Respect federated user name in tokens.  https://review.openstack.org/21109322:47
*** dims_ has quit IRC22:48
*** henrynash has joined #openstack-keystone22:49
*** ChanServ sets mode: +v henrynash22:49
*** markvoelker has quit IRC23:05
*** hrou has joined #openstack-keystone23:24
*** dims_ has joined #openstack-keystone23:32
*** gyee has quit IRC23:35
openstackgerritgreghaynes proposed openstack/keystoneauth: Use option dest rather than name in missing error  https://review.openstack.org/22434823:36
*** chlong has quit IRC23:41
*** ankita_wagh has quit IRC23:46
*** erhudy has quit IRC23:49
« Tuesday, 2015-09-15 Index Thursday, 2015-09-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!