Thursday, 2015-10-22

« Wednesday, 2015-10-21 Index Friday, 2015-10-23 »
shalehnm, elastic recheck says it is a known problem00:03
*** EinstCrazy has joined #openstack-keystone00:04
*** lhcheng has quit IRC00:06
*** EinstCrazy has quit IRC00:09
*** gyee has quit IRC00:18
*** NM has quit IRC00:18
*** shadower has joined #openstack-keystone00:23
*** jasonsb has quit IRC00:33
openstackgerritSean Perry proposed openstack/keystone: Use unit.new_service_ref() consistently  https://review.openstack.org/23828300:34
stevemar_jamielennox: \o/00:35
stevemar_starting a enw!00:35
stevemar_new*00:35
*** markvoelker has joined #openstack-keystone00:36
openstackgerritHidekazu Nakamura proposed openstack/keystone: Adds sample data for policy.v3cloudsample.json  https://review.openstack.org/23689800:37
*** markvoelker has quit IRC00:41
*** roxanagh_ has quit IRC00:42
openstackgerritSachi King proposed openstack/keystone: Add -constraints for CI jobs  https://review.openstack.org/23828900:44
*** rdo has quit IRC00:51
*** rdo has joined #openstack-keystone00:53
openstackgerritXiaBing Yao proposed openstack/keystone: Use oslo_config PortOpt support  https://review.openstack.org/23829100:53
*** wwwjfy has joined #openstack-keystone00:56
*** fawadkhaliq has joined #openstack-keystone01:00
*** EinstCrazy has joined #openstack-keystone01:02
*** ekarlso has quit IRC01:07
*** ekarlso has joined #openstack-keystone01:12
*** jamielennox is now known as jamielennox|away01:13
openstackgerritSean Perry proposed openstack/keystone: Use unit.new_region_ref() consistently  https://review.openstack.org/23830201:17
shalehnight all01:18
*** shaleh has quit IRC01:18
*** jimbaker has joined #openstack-keystone01:19
*** diegows has quit IRC01:22
stevemar_o\ shadower01:27
stevemar_shaleh ^01:27
*** mylu has joined #openstack-keystone01:29
*** davechen has joined #openstack-keystone01:29
openstackgerritDave Chen proposed openstack/keystone: Using the right format to render the docstring correctly  https://review.openstack.org/22622501:30
*** lhcheng has joined #openstack-keystone01:32
*** ChanServ sets mode: +v lhcheng01:32
*** mylu has quit IRC01:32
*** mylu has joined #openstack-keystone01:34
*** akanksha_ has quit IRC01:38
*** topol has joined #openstack-keystone01:47
*** ChanServ sets mode: +v topol01:47
*** fawadkhaliq has quit IRC01:48
*** wwwjfy has quit IRC01:50
*** topol has quit IRC01:51
*** edmondsw has quit IRC01:54
*** su_zhang has joined #openstack-keystone02:01
*** su_zhang has quit IRC02:03
*** richm has quit IRC02:04
*** boris-42 has joined #openstack-keystone02:08
*** jamielennox|away is now known as jamielennox02:10
*** dims__ has quit IRC02:33
openstackgerritDave Chen proposed openstack/keystone: Using the right format to render the docstring correctly  https://review.openstack.org/22622502:33
*** doug-fish has joined #openstack-keystone02:34
*** markvoelker has joined #openstack-keystone02:37
*** doug-fish has quit IRC02:39
*** markvoelker has quit IRC02:42
*** lhcheng has quit IRC02:50
morganstevemar_: what hotel are yat ?02:53
morganin tokyo02:53
*** wwwjfy has joined #openstack-keystone02:55
openstackgerritDave Chen proposed openstack/keystone: No request body or empty resource acceptable in the validation  https://review.openstack.org/23744802:56
*** jasonsb has joined #openstack-keystone02:59
*** bigjools has quit IRC03:00
*** bigjools has joined #openstack-keystone03:00
*** bigjools has quit IRC03:00
*** bigjools has joined #openstack-keystone03:00
*** r-daneel has quit IRC03:02
openstackgerritXiaBing Yao proposed openstack/keystone: Use oslo_config PortOpt support  https://review.openstack.org/23829103:05
stevemar_morgan: prince shinagawa03:08
morganwhen do you get in?03:08
stevemar_morgan: saturday at 3pm-ish03:17
morganNRT?03:17
morganor HND?03:17
stevemar_i sense the #PreStack will be strong this summit03:17
stevemar_yep03:17
stevemar_NRT03:17
morganwell, guess what...03:18
stevemar_:O03:18
morganI'm landing 345, NRT03:18
stevemar_\o/03:18
*** jbell8 has quit IRC03:18
morganmtreinish is landing around then as well03:18
*** mylu has quit IRC03:18
stevemar_morgan: i land at 3:50 PM03:18
stevemar_hehe03:18
stevemar_terminal 1?03:19
morganuhmm... looking03:19
morganprobably03:19
mtreinishmorgan: http://www.narita-airport.jp/en/guide/t_info/index.html03:19
stevemar_morgan: what hotel you at?03:20
morganon saturday, the same one you are at03:20
stevemar_gotta see if theres a way to meet you post landing :P03:20
morganon sunday I move to the sheraton03:20
stevemar_ah03:20
stevemar_theres gonna be a bunch of IBMers on my flight03:21
stevemar_hopefully we bump into each other at the luggage retrieval?03:21
openstackgerritXiaBing Yao proposed openstack/keystone: Use oslo_config PortOpt support  https://review.openstack.org/23829103:21
morganprobably03:21
morganconsidering we're landing at almost the same time...03:21
stevemar_or wanna wait at the air canada gate? :P03:21
mtreinishstevemar_: I normally see a bunch of IBMers on my summit flights too03:21
morganARRIVE:03:22
morgan3:45 PM - SAT, 24 OCT03:22
morgan* TERMINAL 103:22
morgansoooo03:22
stevemar_mtreinish: they travel in herds03:22
morganyah prob. will see you at about the time you land03:22
mtreinishstevemar_: they do, it's freaky03:22
stevemar_morgan: what airline you on?03:22
morganDelta03:23
morganBUR -> PDX -> NRT03:23
stevemar_morgan: alright, when i land, i'll check the delta gate to see if you've landed03:23
stevemar_morgan: you do the same for the air canada one :P03:24
stevemar_brb03:24
morganyah03:25
morganstevemar_: you gonna have international data/roaming?03:25
morganstevemar_: could also drop you a txt when I land.03:25
*** topol has joined #openstack-keystone03:30
*** ChanServ sets mode: +v topol03:30
*** mylu has joined #openstack-keystone03:30
*** doug-fish has joined #openstack-keystone03:33
*** dims has joined #openstack-keystone03:33
*** doug-fish has quit IRC03:37
*** markvoelker has joined #openstack-keystone03:38
*** dims has quit IRC03:39
*** jamielennox is now known as jamielennox|away03:41
*** markvoelker has quit IRC03:43
stevemar_morgan: i'll keep it on for a bit, sure03:52
*** doug-fish has joined #openstack-keystone03:54
*** tristanC has joined #openstack-keystone03:54
openstackgerritSteve Martinelli proposed openstack/keystone: Use oslo_config PortOpt support  https://review.openstack.org/23829103:58
*** doug-fish has quit IRC03:58
stevemar_topol: quit signing on at midnight03:59
topolface palm03:59
topolbeen a long week04:00
stevemar_topol: take it easy, you'll be on a jet plane soon enough :)04:01
stevemar_topol: they might even have movies from the 80s available to watch04:02
*** jbell8 has joined #openstack-keystone04:06
morganstevemar_: are you implying back to the future might be on the plane rides?04:07
*** jbell8 has quit IRC04:07
*** jbell8 has joined #openstack-keystone04:08
stevemar_morgan: strong possibility04:15
*** su_zhang has joined #openstack-keystone04:15
*** chlong_ has joined #openstack-keystone04:17
*** chlong_ has quit IRC04:17
*** fawadkhaliq has joined #openstack-keystone04:18
*** links has joined #openstack-keystone04:23
*** jbell8 has quit IRC04:26
*** jbell8 has joined #openstack-keystone04:27
*** lhcheng has joined #openstack-keystone04:30
*** ChanServ sets mode: +v lhcheng04:30
*** jbell8 has quit IRC04:33
*** jbell8 has joined #openstack-keystone04:34
*** jaosorior has quit IRC04:36
*** jaosorior has joined #openstack-keystone04:36
*** mylu has quit IRC04:44
*** jbell8 has quit IRC04:50
*** jbell8 has joined #openstack-keystone04:51
*** topol has quit IRC05:00
stevemar_jamielennox|away: around?... nope he's away05:01
*** csoukup has joined #openstack-keystone05:08
*** pumaranikar has joined #openstack-keystone05:16
*** su_zhang has quit IRC05:21
*** dikonoor has joined #openstack-keystone05:23
*** zzzeek has quit IRC05:28
*** zqfan_afk is now known as zqfan05:34
*** zzzeek has joined #openstack-keystone05:34
*** stevemar_ has quit IRC05:34
*** dims has joined #openstack-keystone05:35
*** pumaranikar has quit IRC05:38
*** markvoelker has joined #openstack-keystone05:39
*** jamielennox|away is now known as jamielennox05:41
*** dims has quit IRC05:41
*** markvoelker has quit IRC05:43
*** sudorandom has quit IRC06:00
*** csoukup has quit IRC06:01
*** topol has joined #openstack-keystone06:06
*** ChanServ sets mode: +v topol06:06
*** topol has quit IRC06:10
*** pgreg has joined #openstack-keystone06:11
*** pumaranikar has joined #openstack-keystone06:12
*** EinstCrazy has quit IRC06:18
*** EinstCrazy has joined #openstack-keystone06:24
*** sudorandom has joined #openstack-keystone06:31
*** urulama has quit IRC06:33
*** brad[] has quit IRC06:34
*** urulama has joined #openstack-keystone06:34
*** ParsectiX has joined #openstack-keystone06:36
*** ParsectiX has quit IRC06:37
*** lhcheng has quit IRC06:37
*** lhcheng has joined #openstack-keystone06:38
*** ChanServ sets mode: +v lhcheng06:38
*** jaosorior has quit IRC06:48
*** jaosorior has joined #openstack-keystone06:48
*** doug-fish has joined #openstack-keystone06:48
*** jaosorior has quit IRC06:49
*** tellesnobrega is now known as tellesnobrega_af06:49
*** pumaranikar has quit IRC06:51
*** doug-fish has quit IRC06:53
*** roxanagh_ has joined #openstack-keystone06:59
*** henrynash has quit IRC06:59
*** rm_work has quit IRC07:00
*** jaosorior has joined #openstack-keystone07:01
bretondolphm: regarding http://dolphm.com/deploying/07:03
bretondolphm: do I get it right that you put service users to ldap there?07:04
*** EinstCra_ has joined #openstack-keystone07:05
*** ParsectiX has joined #openstack-keystone07:06
dolphmbreton: you know what, i think i wrote that flat-out backwards. they should be in SQL.07:06
dolphmservice users in the default domain in SQL, using the base keystone.conf configuration. real users use v3 in a second domain backed by LDAP - i used "Default" in those examples. bah.07:07
*** lsmola_ has joined #openstack-keystone07:08
*** roxanagh_ has quit IRC07:08
dolphmbreton: ^ i wrote this months ago as notes on an implementation, polished it up a bit today, and published it. i should have proofed it better :(07:08
*** EinstCrazy has quit IRC07:08
*** doug-fish has joined #openstack-keystone07:09
dolphmbreton: added a disclaimer to the top of the article. i'll correct it tomorrow/friday and add a section to clarify the overall end result. thank you!07:11
*** gildub has quit IRC07:13
*** doug-fish has quit IRC07:14
*** EinstCrazy has joined #openstack-keystone07:15
*** EinstCra_ has quit IRC07:18
*** rm_work has joined #openstack-keystone07:29
*** markvoelker has joined #openstack-keystone07:40
*** jamielennox has quit IRC07:40
*** jamielennox has joined #openstack-keystone07:40
*** ChanServ sets mode: +v jamielennox07:40
*** markvoelker has quit IRC07:44
*** mewald has joined #openstack-keystone07:47
mewaldI tried using keystone policy.json from https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json and replaced "admin_domain_id" with "default". If I am not mistaken this should allow me to list users as user "admin" with role "admin" in domain "default". But I get  unauthorized. Why?07:48
*** ParsectiX has quit IRC07:49
*** stevemar_ has joined #openstack-keystone07:50
*** ChanServ sets mode: +o stevemar_07:50
*** stevemar_ has quit IRC07:52
*** jamielennox is now known as jamielennox|away07:54
*** lhcheng has quit IRC08:01
*** fhubik has joined #openstack-keystone08:03
*** fhubik is now known as fhubik_brb08:05
*** fhubik_brb is now known as fhubik08:16
*** ParsectiX has joined #openstack-keystone08:16
*** arunkant has quit IRC08:16
*** arunkant has joined #openstack-keystone08:17
openstackgerritMerged openstack/python-keystoneclient: Mark abstractmethod bodies with nocover  https://review.openstack.org/23820908:19
*** woodster_ has quit IRC08:29
*** ParsectiX has quit IRC08:30
*** ParsectiX has joined #openstack-keystone08:30
*** jistr has joined #openstack-keystone08:33
*** arunkant has quit IRC08:40
*** aix has joined #openstack-keystone08:44
*** akanksha_ has joined #openstack-keystone08:45
*** gildub has joined #openstack-keystone08:47
*** exploreshaifali has joined #openstack-keystone08:55
*** csoukup has joined #openstack-keystone08:57
*** openstackgerrit has quit IRC09:01
*** csoukup has quit IRC09:01
*** openstackgerrit has joined #openstack-keystone09:02
*** dikonoo has joined #openstack-keystone09:17
*** dikonoor has quit IRC09:17
*** arunkant has joined #openstack-keystone09:19
mewaldIs there any resource that covers writing policy.json files? I would like to implement a very basic model with cloud admins, domain admins and users but struggle to find any info on how to do that09:29
breton> this should allow me to list users as user "admin" with role  "admin"09:30
bretonyep, this should09:30
*** doug-fish has joined #openstack-keystone09:30
bretonmewald: http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html here is a guide :)09:30
mewaldbreton: yeah found this too, thanks :) I am not worrying about the syntax but rather things like "The mapping between API calls and actions is not generally documented." ;) And more: Sometime examples show something like "user_id:%(user_id)s" How do you know "user_id" is actually something and how do I know what else I can match against?09:36
*** marzif has joined #openstack-keystone09:37
*** doug-fish has quit IRC09:38
*** markvoelker has joined #openstack-keystone09:40
*** amakarov_away is now known as amakarov09:41
*** dims has joined #openstack-keystone09:42
*** markvoelker has quit IRC09:45
*** openstackgerrit has quit IRC09:46
*** openstackgerrit has joined #openstack-keystone09:47
*** dims has quit IRC09:49
*** lhcheng has joined #openstack-keystone09:50
*** ChanServ sets mode: +v lhcheng09:50
*** marzif has quit IRC09:50
*** browne has joined #openstack-keystone09:53
*** davechen has left #openstack-keystone09:53
*** lhcheng has quit IRC09:54
*** mjb has quit IRC10:00
*** dims has joined #openstack-keystone10:02
*** fhubik is now known as fhubik_brb10:09
*** dims_ has joined #openstack-keystone10:09
*** EinstCrazy has quit IRC10:12
*** dims has quit IRC10:13
*** dims has joined #openstack-keystone10:13
*** urulama has quit IRC10:14
*** urulama has joined #openstack-keystone10:14
*** dims_ has quit IRC10:17
*** mjb has joined #openstack-keystone10:18
*** mewald has quit IRC10:26
*** NM has joined #openstack-keystone10:30
*** wwwjfy has quit IRC10:33
*** dims_ has joined #openstack-keystone10:35
*** dims has quit IRC10:37
*** mewald has joined #openstack-keystone10:38
*** aix has quit IRC10:40
*** ParsectiX has quit IRC10:43
*** fhubik_brb is now known as fhubik10:44
*** josecastroleon has quit IRC10:46
*** stevemar_ has joined #openstack-keystone10:50
*** ChanServ sets mode: +o stevemar_10:50
*** jbell8 has quit IRC10:51
*** stevemar_ has quit IRC10:53
*** fhubik is now known as fhubik_brb10:55
*** markvoelker has joined #openstack-keystone10:56
*** ParsectiX has joined #openstack-keystone10:59
*** markvoelker has quit IRC11:01
*** ParsectiX has quit IRC11:03
*** ParsectiX has joined #openstack-keystone11:03
*** weihan has joined #openstack-keystone11:07
*** EinstCrazy has joined #openstack-keystone11:16
*** doug-fish has joined #openstack-keystone11:18
*** aix has joined #openstack-keystone11:19
*** d0ugal has quit IRC11:21
*** gildub has quit IRC11:22
*** fhubik_brb is now known as fhubik11:31
*** weihan has quit IRC11:31
*** browne has quit IRC11:32
*** links has quit IRC11:32
*** wwwjfy has joined #openstack-keystone11:37
*** lhcheng has joined #openstack-keystone11:39
*** ChanServ sets mode: +v lhcheng11:39
*** exploreshaifali has quit IRC11:40
*** fhubik is now known as fhubik_brb11:42
*** lhcheng has quit IRC11:43
*** mewald has quit IRC11:51
*** pgreg_ has joined #openstack-keystone11:53
*** pgreg has quit IRC11:56
*** pgreg_ has quit IRC11:56
*** pgreg_ has joined #openstack-keystone11:57
*** pgreg_ is now known as pgreg11:57
*** doug-fish has quit IRC12:01
*** ParsectiX has quit IRC12:03
*** lhcheng has joined #openstack-keystone12:03
*** ChanServ sets mode: +v lhcheng12:03
*** stevemar_ has joined #openstack-keystone12:06
*** ChanServ sets mode: +o stevemar_12:06
*** lhcheng has quit IRC12:08
*** mewald has joined #openstack-keystone12:10
*** markvoelker has joined #openstack-keystone12:12
*** stevemar_ has quit IRC12:12
*** tellesnobrega_af is now known as tellesnobrega12:12
*** stevemar_ has joined #openstack-keystone12:12
*** ChanServ sets mode: +o stevemar_12:12
*** stevemar_ has quit IRC12:15
*** fhubik_brb is now known as fhubik12:23
*** richm has joined #openstack-keystone12:23
*** raildo-afk is now known as raildo12:25
*** links has joined #openstack-keystone12:26
*** richm has quit IRC12:30
*** ParsectiX has joined #openstack-keystone12:34
*** fawadkhaliq has quit IRC12:36
*** doug-fish has joined #openstack-keystone12:39
*** fhubik is now known as fhubik_brb12:42
*** doug-fish has quit IRC12:44
*** bill_az has joined #openstack-keystone12:46
*** annasort has quit IRC12:48
*** annasort_ has joined #openstack-keystone12:48
*** annasort_ is now known as annasort12:48
*** akanksha_ has quit IRC12:48
*** belmoreira has joined #openstack-keystone12:49
*** annasort has quit IRC12:53
*** njohnston is now known as nate_gone12:53
*** richm1 has joined #openstack-keystone12:56
*** Ephur has quit IRC12:56
*** richm1 is now known as richm12:57
*** exploreshaifali has joined #openstack-keystone12:59
*** Ephur has joined #openstack-keystone13:02
*** petertr7_away is now known as petertr713:03
*** davechen has joined #openstack-keystone13:06
*** fhubik_brb is now known as fhubik13:09
*** mewald has quit IRC13:11
*** links has quit IRC13:13
*** mewald has joined #openstack-keystone13:14
*** nate_gone is now known as njohnston13:25
lbragstadtjcocozz o/ do you happen to have a link to the hacking ignore bug?13:26
*** annasort has joined #openstack-keystone13:29
openstackgerritLance Bragstad proposed openstack/keystonemiddleware: Address hacking check H405.  https://review.openstack.org/23816113:29
*** dims_ has quit IRC13:35
*** dims has joined #openstack-keystone13:35
*** mewald has quit IRC13:36
*** ParsectiX has quit IRC13:43
*** sseago has joined #openstack-keystone13:46
*** davechen has left #openstack-keystone13:50
*** fhubik is now known as fhubik_brb13:53
*** dims has quit IRC13:53
sseagoayoung, so I was talking to nkinder about keystone ssl setup before he went on PTO -- I'm trying to figure out what's wrong w/ the keystone running in my dev env. I'm using the self-signed setup generated by "keystone-manage ssl_setup". so this works for me if the client passes in ca.pem, keystone.pem, and keystonekey.pem -- but it won't work with the client only passing in the CA cert, which *should* work fine I think13:58
*** ktychkova has joined #openstack-keystone13:58
ayoungsseago, do it right13:59
ayounguse Dogtag13:59
ayounganything else is just handjammed, and not worth spending cycles on13:59
ayoungif you just want proof of concept, use cermonger+ self signed13:59
ayoungcertmonger13:59
*** tonytan4ever has joined #openstack-keystone14:00
ayoungkeystone-manage ssl_setup was written by bknudson, I think, based on the travesty that I wrote for PKI tokens14:00
*** fawadkhaliq has joined #openstack-keystone14:00
*** hrou has left #openstack-keystone14:00
sseagoyeah this is just for testing from openshift, so the easiest (reliable) thing to get going is probably what I want.14:01
sseagois certmonger the way to go for that?14:01
*** doug-fish has joined #openstack-keystone14:03
*** dims has joined #openstack-keystone14:03
ayoungsseago, are you ruinning Keystone in HTTPD?14:04
*** fawadkhaliq has quit IRC14:04
sseagoright now, no -- this is just a standalone keystone14:04
ayoungsseago, We have a whole demo setup based on Packstack, keystone in HTTPD, ssl, etc14:05
ayoungI'm working on fixing it right now, but you are more than welcome to use it;14:05
sseagooh. yeah, ultimately I just need an endpoint that I can authenticate against, so if there's one out there that I can just point to and grab the appropriate ca, that would probably be better than standing up a working env locally14:07
ayoungsseago, I'm kindof in crunch mode to get it ready for Tokyo.   You going?14:07
sseagoI won't be in Tokyo, no.14:07
openstackgerritXiaBing Yao proposed openstack/keystone: Use oslo_config PortOpt support  https://review.openstack.org/23829114:07
*** csoukup has joined #openstack-keystone14:07
ayoungsseago, you just trying to get things started for development?14:07
*** fhubik_brb is now known as fhubik14:09
openstackgerritHenrique Truta proposed openstack/keystone: Limit subtree and parents queries  https://review.openstack.org/20913214:09
sseagoayoung, so I've been working on an OpenShift identity provider for keystone - yes, I know, it's not an authentication service -- this is a limited use case, largely POC-related, for when we need to integrate openshift w/ openstack and keystone is only using local DB users (not LDAP)14:10
*** d0ugal has joined #openstack-keystone14:10
*** d0ugal is now known as Guest9326314:10
sseagoayoung, I've tested it w/ ssl and non-ssl keystone, but as I mentioned, it was only working for me when passing in ca, cert, and key14:10
sseagobut I verified that the same problem happens w/ curl, so the issue was my keystone setup, not the openshift plugin14:10
*** su_zhang has joined #openstack-keystone14:11
*** akanksha_ has joined #openstack-keystone14:11
*** Guest93263 is now known as d0ugal14:12
*** d0ugal has quit IRC14:12
*** d0ugal has joined #openstack-keystone14:12
ayoungsseago, why not just use mod_auth_dbd?14:12
*** pumaranikar has joined #openstack-keystone14:14
sseagoyou mean instead of the identity provider? I remember that came up in the discussion thread (and subsequent meeting) about this -- but some reasons were given as to not go that way. I'd have to dig up the thread, as I don't recall offhand the reason why14:16
*** exploreshaifali has quit IRC14:16
ayoungsseago, so you just having trouble making an SSL Keystone  call?14:17
ayoungWHat language is OpenShift call from?  Python or something else?14:17
sseagoso the call is from go, but I'm pretty sure the problem is in my keystone setup, not the openshift code - -since I'm having the same problem if I invoke curl manually14:19
sseagowhen I pass in --cacert but without --cert and --key, I get this error:14:19
sseago* NSS: client certificate not found (nickname not specified)14:19
sseago* NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT)14:19
sseago(from curl)14:19
openstackgerritTom Cocozzello proposed openstack/keystone: Fix docstring  https://review.openstack.org/23488114:20
*** erhudy has joined #openstack-keystone14:20
ayoungsseago, is the go code using libcurl?14:20
sseagoagain this is w/ the keystone-manage ssl_setup, so maybe I just need to dump my ssl certs and regenerate something w/ certmonger or something similar14:20
ayoungnot, that ios the server side.  Your issues are with the calling side14:22
*** fhubik has quit IRC14:23
sseagoso on the curl cli, what would I be messing up to get that error?14:24
bknudsondon't use keystone-manage ssl_setup if it's not working.14:24
sseagobknudson, that's the impression I had from the first half of this conversation -- start over w/ certs generated elsewhere, but ayoung was just now suggesting the problem may be on the calling side.14:26
bknudsondoes it working using openssl s_client ?14:26
sseagohere's an example curl attempt where I'm getting an error -- and if I add --cert and --key with keystone.pem, keystonekey.pem it works,but without it I get this: https://gist.github.com/sseago/bd73b56f7f892025e8a514:27
sseagoopenssl s_client tells me "No client certificate CA names sent", but no other errors14:35
bretonsamueldmq: ktychkova:14:36
*** ayoung has quit IRC14:38
ktychkovabreton: samueldmq: Hi, a little bit about Apache Fortress: The end goal of this initiative is to have all OpenStack services enforcing RBAC policy using a mechanism commonly adopted in the enterprise.14:40
ktychkovaThe first idea was to use Apache Fortress, but after some research it looks like Fortress isn't widely used in the enterprise. Right now we want to create oslo.policy driver which will use some LDAP schema directly.14:40
ktychkovaThis initiative is still on research stage and we don't have a spec for it.14:40
ktychkovaBTW: since Apache Fortress driver aroused great interest I'm going to create a video about Apache Fortress.14:40
*** stevemar_ has joined #openstack-keystone14:40
*** ChanServ sets mode: +o stevemar_14:40
*** belmoreira has quit IRC14:41
stevemar_o/14:41
*** marzif has joined #openstack-keystone14:42
*** marzif has quit IRC14:44
*** marzif has joined #openstack-keystone14:45
*** slberger has joined #openstack-keystone14:45
*** jaosorior has quit IRC14:48
*** jaosorior has joined #openstack-keystone14:48
*** phalmos has joined #openstack-keystone14:52
*** topol has joined #openstack-keystone14:54
*** ChanServ sets mode: +v topol14:54
*** marzif has quit IRC14:54
openstackgerritMarek Denis proposed openstack/keystoneauth: SAML2 authentication plugins in keystoneauth  https://review.openstack.org/23854914:54
*** marzif has joined #openstack-keystone14:55
marekdstevemar_: https://review.openstack.org/#/c/238549/1/setup.cfg so i started moving saml2 code into ksa. I added an entry, but also needed to add lxml dep in test-requirements.txt14:56
marekdnot sure if it's the way to go14:56
marekdbknudson: ^^14:57
*** slberger1 has joined #openstack-keystone14:57
*** markvoelker_ has joined #openstack-keystone14:57
*** darrenc_ has joined #openstack-keystone14:58
*** zz_john5223 is now known as john522314:59
*** kfox1111_ has joined #openstack-keystone15:00
*** gus_ has joined #openstack-keystone15:00
*** jsavak has joined #openstack-keystone15:01
*** tsymancz4k has joined #openstack-keystone15:01
*** pumaranikar has quit IRC15:01
*** fawadkhaliq has joined #openstack-keystone15:01
*** dutsmoc has joined #openstack-keystone15:03
*** krotscheck_ has joined #openstack-keystone15:04
*** dolphm_ has joined #openstack-keystone15:04
*** BrAsS_mOnKeY has joined #openstack-keystone15:04
*** tjcocozz_ has joined #openstack-keystone15:04
*** rm_work| has joined #openstack-keystone15:04
*** hockeynut_afk has joined #openstack-keystone15:04
*** mhu1 has joined #openstack-keystone15:04
*** Nakato_ has joined #openstack-keystone15:04
*** eglute_s has joined #openstack-keystone15:04
*** _d34dh0r53_ has joined #openstack-keystone15:04
*** timburke_ has joined #openstack-keystone15:04
*** marzif has quit IRC15:04
*** fawadkhaliq has quit IRC15:05
*** mgagne_ has joined #openstack-keystone15:05
*** pumaranikar has joined #openstack-keystone15:05
*** marzif has joined #openstack-keystone15:05
*** dtroyer_zz has joined #openstack-keystone15:05
*** diazjf has joined #openstack-keystone15:05
*** slberger has quit IRC15:06
*** stevemar_ has quit IRC15:06
*** richm has quit IRC15:06
*** markvoelker has quit IRC15:06
*** mjb has quit IRC15:06
*** rm_work has quit IRC15:06
*** kfox1111 has quit IRC15:06
*** tsymanczyk has quit IRC15:06
*** f13o has quit IRC15:06
*** krotscheck has quit IRC15:06
*** comstud has quit IRC15:06
*** mgagne has quit IRC15:06
*** hockeynut has quit IRC15:06
*** eglute has quit IRC15:06
*** dtroyer has quit IRC15:06
*** d34dh0r53 has quit IRC15:06
*** dolphm has quit IRC15:06
*** gus has quit IRC15:06
*** darrenc has quit IRC15:06
*** Nakato has quit IRC15:06
*** tjcocozz has quit IRC15:06
*** errr has quit IRC15:06
*** odyssey4me has quit IRC15:06
*** mhu has quit IRC15:06
*** BrAsS_mO- has quit IRC15:06
*** timburke has quit IRC15:06
*** rm_work| is now known as rm_work15:06
*** dolphm_ is now known as dolphm15:06
*** mhu1 is now known as mhu15:06
*** rm_work has quit IRC15:06
*** rm_work has joined #openstack-keystone15:06
*** ChanServ sets mode: +o dolphm15:06
*** su_zhang has quit IRC15:07
*** phalmos has quit IRC15:09
*** phalmos has joined #openstack-keystone15:10
*** jbell8 has joined #openstack-keystone15:12
*** jbell8 has quit IRC15:13
*** jbell8 has joined #openstack-keystone15:14
*** henrynash has joined #openstack-keystone15:14
*** ChanServ sets mode: +v henrynash15:14
openstackgerrithenry-nash proposed openstack/keystone: Enable listing of role assignments in a project hierarchy  https://review.openstack.org/20815215:15
openstackgerrithenry-nash proposed openstack/keystone: Rationalize list role assignment routing  https://review.openstack.org/22033515:16
*** fifieldt_ has quit IRC15:17
*** odyssey4me has joined #openstack-keystone15:17
*** stevemar_ has joined #openstack-keystone15:18
*** ChanServ sets mode: +o stevemar_15:18
*** krotscheck_ is now known as krotscheck15:19
*** tonytan4ever has quit IRC15:21
*** john5223 is now known as zz_john522315:21
*** zz_john5223 is now known as john522315:22
*** mjb has joined #openstack-keystone15:23
*** urulama has quit IRC15:24
*** urulama has joined #openstack-keystone15:24
*** richm has joined #openstack-keystone15:24
*** f13o has joined #openstack-keystone15:26
*** dikonoo has quit IRC15:28
*** akscram has quit IRC15:29
*** fawadkhaliq has joined #openstack-keystone15:32
*** bill_az has quit IRC15:34
*** lsmola_ has quit IRC15:39
*** petertr7 is now known as petertr7_away15:40
*** josecastroleon has joined #openstack-keystone15:41
*** marzif has quit IRC15:45
*** jbell8 has quit IRC15:45
*** stevemar_ has quit IRC15:47
*** marzif has joined #openstack-keystone15:48
marekdbknudson: thanks for this review - quite helpful i must say!15:50
bknudsonmarekd: thanks for working on the change.15:50
*** errr has joined #openstack-keystone15:51
marekdno problem!15:51
*** jaosorior has quit IRC15:52
*** jaosorior has joined #openstack-keystone15:52
*** elmiko has joined #openstack-keystone15:53
*** phalmos has quit IRC15:54
elmikohi all, i'm trying to generate a config file with `tox -r -egenconfig` but i'm getting a weird error from tox about not being able to satisfy the ".[ldap,memcache,mongodb]" dependency. do i need to install something outside of tox for this?15:54
bknudsonelmiko: you probably need a newer pip or setuptools or something15:55
elmikobknudson: thanks, i'll give that a try15:56
*** jbell8 has joined #openstack-keystone15:56
*** marzif has quit IRC16:00
*** marzif has joined #openstack-keystone16:00
*** diazjf has quit IRC16:01
*** phalmos has joined #openstack-keystone16:02
*** stevemar_ has joined #openstack-keystone16:03
*** ChanServ sets mode: +o stevemar_16:03
*** pushkaru has joined #openstack-keystone16:04
amakarovhenrynash, greetings! What do you think about extending hints framework for it to support multi-table queries?16:04
*** pumaranikar has quit IRC16:04
*** ankurgupta has joined #openstack-keystone16:07
*** stevemar_ has quit IRC16:07
*** gyee has joined #openstack-keystone16:08
*** ChanServ sets mode: +v gyee16:08
*** raildo is now known as raildo-afk16:09
*** jaosorior has quit IRC16:11
*** jaosorior has joined #openstack-keystone16:12
*** raildo-afk is now known as raildo16:12
*** raildo is now known as raildo-afk16:13
*** urulama has quit IRC16:14
*** raildo-afk is now known as raildo16:14
*** urulama has joined #openstack-keystone16:15
*** orionx has joined #openstack-keystone16:21
*** mylu has joined #openstack-keystone16:23
orionxcan i create multiple API endpoints for the same service (like glance)?  for example, i'd like to be able to host the glance-api on host1 and host2.16:24
henrynashamakarov: hi, give me an example...16:24
*** jasonsb has quit IRC16:24
*** mylu has quit IRC16:24
amakarovhenrynash, https://review.openstack.org/#/c/209600/12/keystone/delegation/backends/sql.py,cm16:25
*** jasonsb has joined #openstack-keystone16:25
amakarovmy TODO at line 24316:25
*** mylu has joined #openstack-keystone16:25
amakarovhenrynash, delegation follows trust model: roles are related through m2m table16:27
*** tonytan4ever has joined #openstack-keystone16:28
*** mylu has quit IRC16:29
openstackgerritAlexander Makarov proposed openstack/keystone: Move region configuration to a critical section  https://review.openstack.org/22217316:29
*** jasonsb has quit IRC16:29
*** jbell8 has quit IRC16:29
*** petertr7_away is now known as petertr716:31
*** marzif has quit IRC16:32
*** jbell8 has joined #openstack-keystone16:32
*** marzif has joined #openstack-keystone16:32
*** _d34dh0r53_ is now known as d34dh0r5316:34
pc-pothole,16:35
*** jsavak has quit IRC16:37
*** jistr has quit IRC16:41
*** jsavak has joined #openstack-keystone16:41
openstackgerritDavid Stanek proposed openstack/keystone: make response of endpoint_group API contain full url  https://review.openstack.org/15186316:41
*** marzif has quit IRC16:44
*** petertr7 is now known as petertr7_away16:46
*** marzif has joined #openstack-keystone16:47
*** mylu has joined #openstack-keystone16:51
raildohenrynash: ping, can we invalidate this bug? https://bugs.launchpad.net/keystone/+bug/148457716:52
openstackLaunchpad bug 1484577 in OpenStack Identity (keystone) "OS-INHERIT does not seem to work for users but works for groups" [Medium,Triaged] - Assigned to Henry Nash (henry-nash)16:52
*** annasort has quit IRC16:53
*** annasort has joined #openstack-keystone16:53
henrynashraildo: yes, I’ll mark it as  duplicate of https://bugs.launchpad.net/keystone/+bug/140353916:53
openstackLaunchpad bug 1403539 in OpenStack Identity (keystone) "Can't create both inherited and direct role assignment on same entities" [Medium,Fix released] - Assigned to Samuel de Medeiros Queiroz (samueldmq)16:53
*** josecastroleon has quit IRC16:53
raildohenrynash: that was I thought16:54
henrynashraildo: hmm, don't we have a  “duplicate” status or something you can set bugs to?16:55
raildohenrynash: there is a option in the right side, that you can set as duplicated16:56
henrynashraildo: ah, got it, thx16:57
raildohenrynash: np16:57
*** annasort has quit IRC16:58
*** diazjf has joined #openstack-keystone17:00
*** iurygregory is now known as iurygregory_meet17:01
*** iurygregory_meet is now known as iury_meeting17:01
*** shaleh has joined #openstack-keystone17:05
*** lhcheng has joined #openstack-keystone17:07
*** ChanServ sets mode: +v lhcheng17:07
*** su_zhang has joined #openstack-keystone17:08
*** yottatsa has joined #openstack-keystone17:09
*** Zanatoz has quit IRC17:10
*** yottatsa has left #openstack-keystone17:10
*** jasonsb_ has joined #openstack-keystone17:14
*** mylu has quit IRC17:19
*** diazjf has left #openstack-keystone17:21
*** pgreg has quit IRC17:25
*** akscram has joined #openstack-keystone17:26
*** urulama has quit IRC17:28
*** marzif has quit IRC17:29
*** urulama has joined #openstack-keystone17:29
*** mylu has joined #openstack-keystone17:29
*** mylu has quit IRC17:33
*** petertr7_away is now known as petertr717:38
*** arunkant_ has joined #openstack-keystone17:41
*** aix has quit IRC17:41
*** jbell8 has quit IRC17:46
*** jbell8 has joined #openstack-keystone17:48
openstackgerritBrant Knudson proposed openstack/keystone: Fix inaccurate debug mode response  https://review.openstack.org/23863617:49
openstackgerritLance Bragstad proposed openstack/keystone: Fix punctuation in doc strings.  https://review.openstack.org/23863717:49
openstackgerritBrant Knudson proposed openstack/keystone: Fix UnexpectedError exceptions to use debug_message_format  https://review.openstack.org/23864317:59
*** jsavak has quit IRC18:02
*** mgagne_ is now known as mgagne18:03
*** jsavak has joined #openstack-keystone18:03
*** amakarov is now known as amakarov_away18:03
*** iury_meeting is now known as iurygregory18:04
*** woodster_ has joined #openstack-keystone18:04
openstackgerritBrant Knudson proposed openstack/keystone: Fix exceptions to use correct titles  https://review.openstack.org/23865118:06
lbragstadmarekd jamielennox|away quick federation question for you two. There wasn't anything added in the Liberty release that would allow for a mapping to map roles directly to federated users is there. Instead of mapping federated users to groups? I'm poking through the code and I'm not seeing anything along those lines, but I wanted to double check.18:08
*** annasort has joined #openstack-keystone18:09
openstackgerritBrant Knudson proposed openstack/keystone: Fix UnexpectedError exceptions to use debug_message_format  https://review.openstack.org/23864318:10
openstackgerritBrant Knudson proposed openstack/keystone: Fix exceptions to use correct titles  https://review.openstack.org/23865118:11
elmikobknudson: that pip version thing is totally killing me. i found a workaround, but i cannot get tox to accept a different version...18:19
elmikoi even replaced the system pip and it still grabs some old version, a real head scratcher18:19
tjcocozz_elmiko, are you stuck at version 1.*18:22
elmikotjcocozz_: no, i've got v6.0.8 installed from fedora repos18:24
tjcocozz_are you one 14.04?18:25
tjcocozz_ubuntu18:25
elmikobut it seems i need 7.x to recognize the newer install dependency18:25
elmikono, fedora 2218:25
tjcocozz_pip install --upgrade pip18:25
elmikoyea, i did that. tox still grabs 6.0.8 for some reason18:26
elmikoi even tried upgrading the pip inside the tox venv, and somehow it *still* replaces it with the older one18:26
tjcocozz_elmiko, give me 1 sec to get this new vm running.  I have got around it before. Give me 1 minute to try agian :p18:27
elmikotjcocozz_: sure thing, thanks!18:27
openstackgerritBrant Knudson proposed openstack/keystone: Fix exceptions to use correct titles  https://review.openstack.org/23865118:28
*** marzif has joined #openstack-keystone18:34
tjcocozz_elmiko, We are up and running now :) It took a while to start that new vm18:37
elmikotjcocozz_: no worries18:38
elmikotjcocozz_: i actually have to run out quickly, but i should be back in about an hour. could i ping you when i get back?18:38
tjcocozz_yes that works for me18:39
elmikocool, thanks!18:39
*** urulama_ has joined #openstack-keystone18:41
*** urulama has quit IRC18:41
*** marzif_ has joined #openstack-keystone18:41
*** marzif has quit IRC18:43
*** su_zhang has quit IRC18:43
*** tonytan4ever has quit IRC18:48
*** phalmos has quit IRC18:50
*** phalmos has joined #openstack-keystone18:52
*** marzif_ has quit IRC18:52
*** phalmos has quit IRC18:54
*** tsymancz4k is now known as tsymanczyk18:54
*** phalmos has joined #openstack-keystone18:54
*** su_zhang has joined #openstack-keystone18:55
*** su_zhang has quit IRC18:55
*** phalmos has quit IRC19:00
*** rderose has joined #openstack-keystone19:01
*** rderose has quit IRC19:02
*** urulama_ is now known as urulama19:03
*** marzif_ has joined #openstack-keystone19:08
*** jaosorior has quit IRC19:11
*** doug-fish has quit IRC19:11
*** lhcheng has quit IRC19:18
*** rderose has joined #openstack-keystone19:28
*** stevemar_ has joined #openstack-keystone19:30
*** ChanServ sets mode: +o stevemar_19:30
*** doug-fish has joined #openstack-keystone19:36
*** jbell8 has quit IRC19:36
*** jbell8 has joined #openstack-keystone19:37
*** phalmos has joined #openstack-keystone19:38
*** phalmos has quit IRC19:40
*** tonytan4ever has joined #openstack-keystone19:40
*** fawadkhaliq has quit IRC19:40
*** jbell8 has quit IRC19:41
*** rderose has quit IRC19:44
*** jbell8 has joined #openstack-keystone19:53
*** orionx has quit IRC19:56
*** mylu has joined #openstack-keystone19:58
*** stevemar_ has quit IRC19:59
*** gyee has quit IRC20:02
elmikotjcocozz_: hey, back20:03
tjcocozz_elmiko, what ubuntu was doing was not acutally showing I was using pip version 7 until i restarted my machine20:04
tjcocozz_I thought it would be more technical that that but that's what the core problem for me was20:05
tjcocozz_1 - install from default package manager.  2 - pip install --upgrade pip 3 - restart20:05
*** henrynash has quit IRC20:06
elmikoyea, that didn't seem to work for me20:07
elmikobut, maybe had some cached version of pip20:07
*** su_zhang has joined #openstack-keystone20:07
*** tellesnobrega is now known as tellesnobrega_af20:12
*** ericksonsantos has quit IRC20:13
*** iurygregory has quit IRC20:14
*** doug-fis_ has joined #openstack-keystone20:19
*** njohnston is now known as nate_gone20:21
*** doug-fish has quit IRC20:22
*** raildo is now known as raildo-afk20:25
*** slberger has joined #openstack-keystone20:32
*** slberger1 has quit IRC20:33
*** gyee has joined #openstack-keystone20:33
*** ChanServ sets mode: +v gyee20:33
*** stevemar_ has joined #openstack-keystone20:35
*** ChanServ sets mode: +o stevemar_20:35
openstackgerritMerged openstack/keystone: Fix exceptions to use correct titles  https://review.openstack.org/23865120:36
*** urulama has quit IRC20:36
*** urulama has joined #openstack-keystone20:37
*** stevemar_ has quit IRC20:37
*** iurygregory has joined #openstack-keystone20:40
*** iurygregory has quit IRC20:40
*** iurygregory has joined #openstack-keystone20:40
*** topol has quit IRC20:41
*** topol has joined #openstack-keystone20:41
*** ChanServ sets mode: +v topol20:41
*** jsavak has quit IRC20:41
*** topol has quit IRC20:41
*** jsavak has joined #openstack-keystone20:42
*** NM has quit IRC20:44
*** gildub has joined #openstack-keystone20:45
*** stevemar_ has joined #openstack-keystone20:47
*** ChanServ sets mode: +o stevemar_20:47
openstackgerritMerged openstack/keystone: Fix UnexpectedError exceptions to use debug_message_format  https://review.openstack.org/23864320:49
*** jsavak has quit IRC20:49
*** ericksonsantos has joined #openstack-keystone20:53
*** su_zhang has quit IRC20:53
openstackgerritMerged openstack/keystone: Fix punctuation in doc strings.  https://review.openstack.org/23863720:54
*** su_zhang has joined #openstack-keystone20:56
*** petertr7 is now known as petertr7_away20:57
*** su_zhang has quit IRC20:57
*** mylu has quit IRC20:58
*** petertr7_away is now known as petertr720:59
*** mylu_ has joined #openstack-keystone20:59
*** ankurgupta has quit IRC20:59
openstackgerritHenrique Truta proposed openstack/keystone: Restrict inherited role assignments to subdomains  https://review.openstack.org/16418021:09
*** mylu_ has quit IRC21:26
*** mylu_ has joined #openstack-keystone21:26
*** petertr7 is now known as petertr7_away21:27
*** mylu_ has quit IRC21:29
*** mylu has joined #openstack-keystone21:29
*** gyee has quit IRC21:32
*** su_zhang has joined #openstack-keystone21:44
*** r-daneel has joined #openstack-keystone21:44
*** su_zhang has quit IRC21:45
*** mylu has quit IRC21:46
*** mylu has joined #openstack-keystone21:46
*** stevemar_ has quit IRC21:52
*** pushkaru has quit IRC22:01
*** Ephur has quit IRC22:02
*** su_zhang has joined #openstack-keystone22:03
*** darrenc_ is now known as darrenc22:03
*** mylu has quit IRC22:07
*** mylu has joined #openstack-keystone22:07
*** csoukup has quit IRC22:10
*** mylu has quit IRC22:12
*** slberger has left #openstack-keystone22:12
*** lhcheng has joined #openstack-keystone22:15
*** ChanServ sets mode: +v lhcheng22:15
*** lhcheng_ has joined #openstack-keystone22:19
*** lhcheng has quit IRC22:22
*** zigo has quit IRC22:25
*** zigo has joined #openstack-keystone22:27
*** chlong has quit IRC22:32
*** elmiko is now known as _elmiko22:32
*** tonytan4ever has quit IRC22:33
*** arunkant_ has quit IRC22:34
*** su_zhang has quit IRC22:36
*** darrenc is now known as darrenc_afk22:36
*** su_zhang has joined #openstack-keystone22:36
*** tsymanczyk has quit IRC22:39
*** Guest16451 has quit IRC22:39
*** darrenc_afk is now known as darrenc22:45
*** tsymancz2k has joined #openstack-keystone22:56
*** akanksha_ has quit IRC22:58
*** dims_ has joined #openstack-keystone23:02
*** jbell8 has quit IRC23:05
*** dims has quit IRC23:06
*** dims has joined #openstack-keystone23:09
*** dims_ has quit IRC23:10
*** gildub has quit IRC23:17
*** tsymancz4k has joined #openstack-keystone23:17
*** tsymancz4k is now known as tsymanczyk23:18
*** urulama has quit IRC23:21
*** urulama has joined #openstack-keystone23:21
*** jbell8 has joined #openstack-keystone23:22
*** gus_ is now known as gus23:24
*** erhudy has quit IRC23:49
*** chlong has joined #openstack-keystone23:51
*** gildub has joined #openstack-keystone23:52
*** boris-42 has quit IRC23:58
« Wednesday, 2015-10-21 Index Friday, 2015-10-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!