Tuesday, 2015-11-24

« Monday, 2015-11-23 Index Wednesday, 2015-11-25 »
*** pumaranikar has joined #openstack-keystone00:00
*** aginwala has quit IRC00:01
*** aginwala has joined #openstack-keystone00:04
openstackgerritSean Perry proposed openstack/keystone: Use unit.new_project_ref consistently  https://review.openstack.org/24452300:04
shalehstevemar: ^^^ comment updated, nothing else00:04
*** lhcheng has quit IRC00:07
*** EinstCrazy has joined #openstack-keystone00:09
*** boris-42 has joined #openstack-keystone00:09
*** davechen has quit IRC00:10
*** pumaranikar has quit IRC00:13
*** openstackgerrit has quit IRC00:16
*** openstackgerrit has joined #openstack-keystone00:17
*** EinstCrazy has quit IRC00:19
*** diegows has quit IRC00:22
*** aginwala has quit IRC00:25
*** aginwala has joined #openstack-keystone00:33
*** aginwala has quit IRC00:37
*** liemmn has quit IRC00:42
*** aginwala has joined #openstack-keystone00:43
*** gildub has joined #openstack-keystone00:47
*** miyagishi_t has joined #openstack-keystone00:52
*** r-daneel has quit IRC00:55
*** EinstCrazy has joined #openstack-keystone01:00
*** NM has joined #openstack-keystone01:02
*** EinstCra_ has joined #openstack-keystone01:02
*** tellesnobrega_af is now known as tellesnobrega01:03
*** aginwala has quit IRC01:05
*** aginwala has joined #openstack-keystone01:06
*** EinstCrazy has quit IRC01:06
*** aginwala_ has joined #openstack-keystone01:06
*** jerrygb has quit IRC01:09
*** jerrygb has joined #openstack-keystone01:10
*** aginwala has quit IRC01:10
*** spandhe has quit IRC01:12
*** jerrygb has quit IRC01:14
*** shaleh has quit IRC01:22
*** ankita_wagh has quit IRC01:27
*** jgriffith_away is now known as jgriffith01:30
*** aginwala_ has quit IRC01:52
*** aginwala has joined #openstack-keystone01:55
*** jbell8 has joined #openstack-keystone01:56
*** richm has quit IRC01:59
openstackgerritJamie Lennox proposed openstack/keystone: Perform middleware tests with webtest  https://review.openstack.org/24444002:00
*** sahilsinha has joined #openstack-keystone02:04
sahilsinhahello all - im having a pretty difficult time getting keystone to go with openid connect02:05
sahilsinhais there a canonical resource on the redirect uris and apache locations that need to be protected?02:06
sahilsinhamod_auth_oidc itself works and im successfully about to authn with my idp02:07
stevemarsahilsinha: theres some info here: http://docs.openstack.org/developer/keystone/federation/openidc.html02:08
sahilsinhastevemar: thanks - wondering if it updated recently because now there is a /redirect at the end of the uri02:16
sahilsinhaim hoping i was just missing my callback template02:16
*** spandhe has joined #openstack-keystone02:22
sahilsinhai just get ridirected back to a 404 with my token02:24
sahilsinhafrom the idp02:24
*** spandhe_ has joined #openstack-keystone02:25
*** spandhe has quit IRC02:27
*** spandhe_ is now known as spandhe02:27
*** btully has quit IRC02:28
*** david-ly_ has quit IRC02:36
*** tellesnobrega is now known as tellesnobrega_af02:36
*** mylu has joined #openstack-keystone02:38
*** aginwala has quit IRC02:39
*** dims has joined #openstack-keystone02:40
*** mylu has quit IRC02:42
*** ankita_wagh has joined #openstack-keystone02:44
*** jerrygb has joined #openstack-keystone02:44
sahilsinhastevemar: is this you? https://gist.github.com/stevemart/4b41bd5437048a7fdfab02:51
*** aginwala has joined #openstack-keystone02:56
*** ankita_wagh has quit IRC02:57
*** harshs has quit IRC03:08
*** jerrygb has quit IRC03:11
*** mylu has joined #openstack-keystone03:11
*** davechen has joined #openstack-keystone03:11
stevemarsahilsinha: depends on who's asking ^_^03:12
*** jerrygb has joined #openstack-keystone03:13
stevemarthat stuff *may* be out of date03:13
*** topol has joined #openstack-keystone03:16
*** ChanServ sets mode: +v topol03:16
*** dims has quit IRC03:17
*** davechen has quit IRC03:19
*** davechen has joined #openstack-keystone03:19
*** topol has quit IRC03:20
*** dims has joined #openstack-keystone03:22
mfischI know that this is going to agitate ayoung but mgmt is asking me if keystone has any password requirement options for mysql users like length, age, complexity etc. Don't see anything in config03:24
stevemarmfisch: they do not!03:25
ayoungmfisch, and it never will03:25
ayounguse a real tool03:25
mfischyes thats what I told them03:25
mfischyou want to get out of the business of managing users and passwords03:25
mfischstevemar will shed a tear for me I hope03:26
ayoungmfisch, don't you work for a real company with things like SOX compliance and all that?03:26
mfischoh this is way worse than SOX03:26
*** pcaruana has quit IRC03:27
mfischwe dont use mysql for anything but service accounts atm03:27
*** roxanaghe has quit IRC03:30
mfischstevemar: are you a Bills fan?03:31
mfischthats like south Toronto right?03:31
stevemarmfisch: it definitely is03:31
stevemarbut i also like the pats03:31
stevemarmfisch: i go to at least 1 bills game per year03:31
mfischdont they play a couple in Toronto?03:31
mfischI will be at Pats/Broncos on Sunday brrr03:32
openstackgerritayoung proposed openstack/oslo.policy: Convert Exceptions to failures.  https://review.openstack.org/16590803:33
*** davechen1 has joined #openstack-keystone03:34
*** dims has quit IRC03:35
stevemarmfisch: they stopped the 'bills-in-toronto' series a year or two ago, cause... http://mattenglish.kinja.com/the-bills-in-toronto-series-is-mercifully-over-166616278603:35
stevemarmfisch: i gotta say, this has been a tight game so far, the bills are keeping it close03:36
*** davechen has quit IRC03:36
mfischwhats Rogers03:36
mfischis that your comcast or twc?03:37
*** davechen has joined #openstack-keystone03:38
*** davechen1 has quit IRC03:41
stevemarmfisch: essentially03:41
stevemarmfisch: rogers is the more evil of the two03:42
stevemarbell is the other one in our duopoly03:42
*** davechen1 has joined #openstack-keystone03:45
stevemarmfisch: did you see that 'inadvertent whistle'?03:45
stevemarthat sooo would have been a TD03:45
*** gildub has quit IRC03:46
*** davechen has quit IRC03:46
mfischah no wife is around so we're watching something else for now03:48
*** mylu has quit IRC03:48
*** mylu has joined #openstack-keystone03:49
*** mylu has quit IRC03:53
*** jbell8 has quit IRC03:54
*** mylu has joined #openstack-keystone03:58
*** david-lyle has joined #openstack-keystone04:08
*** aginwala has quit IRC04:09
*** gildub has joined #openstack-keystone04:16
*** sahilsinha has quit IRC04:17
davechen1marekd: this is ready to go - https://review.openstack.org/#/c/226225/ :)04:19
davechen1marekd: Just in case you don't mind, I saw you help to review some days before.04:20
*** ayoung has quit IRC04:20
*** jerrygb has quit IRC04:24
*** btully has joined #openstack-keystone04:29
stevemardavechen1: is there a reason that is proposed against the follow up patch?04:34
stevemarerr against the dependent patch?04:35
stevemari think i am going to rebase it against master and push it through, bknudson already +2'ed it04:35
openstackgerritSteve Martinelli proposed openstack/keystone: Using the right format to render the docstring correctly  https://review.openstack.org/22622504:37
openstackgerritSteve Martinelli proposed openstack/keystone: Correct docstring warnings  https://review.openstack.org/24433304:38
*** davechen1 is now known as davechen04:43
davechenstevemar: emm, you meant brant's comment?04:44
stevemardavechen: just wondering why it was depending on the removal of endpoint_filter/core.py04:45
davechenstevemar: that's beacuse the there are many updated needed in endpoint_filter/core.py04:45
davechenstevemar: and now that the file was removed, there is no need to address it in endpoint_filter/core.py again.04:46
davechenor else, we should do some change and will removed again, my feeling it's not necessary.04:47
stevemardavechen: should be fine... i really wanted https://review.openstack.org/#/c/226225/17 to get merged, since it's changing a lot of files04:48
davechenstevemar: thanks you sir, this simply patch was hanging for two months  :)04:49
davechenstevemar: now, you are stepping on the mine.04:50
davecheni need say sorry to all of the impacted patches.04:50
davechenneed rebase again :(04:50
stevemardavechen: yeah :(04:50
stevemardavechen: the longer it lives, the more it'll impact04:51
davechenagreed.04:51
davechenso, i want to kill it asap.04:51
davechenstevemar: i am not quite sure if we need do these proposal.04:52
stevemardavechen: which proposals?04:52
davechenstevemar: it's useful somehow but trivial enough.04:53
davechenstevemar: the docstring change where i update bunches of patches.04:53
davechenbunches of files.04:53
stevemaryeah, i'd like to stop the churn of changes like that04:54
davechenstevemar: got it.04:55
davechenstevemar: i aware that and i will keep in mind.04:55
*** jmccrory has quit IRC04:58
*** jmccrory has joined #openstack-keystone05:00
openstackgerritJamie Lennox proposed openstack/keystoneauth: Allow prompting for password when CLI loading  https://review.openstack.org/24852405:09
*** rcernin has joined #openstack-keystone05:15
*** Nirupama has joined #openstack-keystone05:28
*** andrey-mp has joined #openstack-keystone05:30
*** rcernin has quit IRC05:34
*** EinstCra_ has quit IRC05:37
*** EinstCrazy has joined #openstack-keystone05:37
*** davechen has left #openstack-keystone05:44
andrey-mphi Core, can someone review this - https://review.openstack.org/#/c/246844/ ? small fix that I need to do next changes in other project...05:46
*** pcaruana has joined #openstack-keystone05:49
*** mylu has quit IRC05:56
*** mylu has joined #openstack-keystone05:56
*** roxanaghe has joined #openstack-keystone05:56
*** jbell8 has joined #openstack-keystone05:58
*** roxanaghe has quit IRC05:59
*** mylu has quit IRC06:01
*** mylu has joined #openstack-keystone06:10
*** rcernin has joined #openstack-keystone06:18
breton_stevemar: 19-21 of January?06:21
stevemarbreton_: was it not clear? should i edit?06:21
stevemarbreton_: but yes... that was one of my intended dates06:22
*** andrey-mp has quit IRC06:26
breton_oh, I have not seen the mail yet06:27
breton_because...06:28
breton_stevemar: [Keystyone] is in mail subject06:28
stevemarFFS06:28
*** pcaruana has quit IRC06:28
breton_and openstack-dev is the last in my queue to read.06:28
stevemarbreton_: thanks for the heads up!06:31
stevemari'm re-sending now06:31
stevemarstupid fat fingers :)06:31
*** mylu has quit IRC06:32
breton_also please be careful with 27-29. FOSDEM in Europe is 30-31 and there will be some openstack day on the 29.06:32
*** mylu has joined #openstack-keystone06:32
breton_I am surprised I don't see 25-27 though.06:32
openstackgerritMerged openstack/keystone: Using the right format to render the docstring correctly  https://review.openstack.org/22622506:33
stevemarbreton_: i can add that option06:33
stevemari am the only one who voted so far06:33
breton_yes, please do06:34
stevemarbreton_: check it out again, see the new options?06:36
*** mylu has quit IRC06:37
breton_yep, thanks06:37
stevemarbreton_: thank you!06:38
*** e0ne has joined #openstack-keystone06:40
*** EinstCrazy has quit IRC06:45
*** jaosorior has joined #openstack-keystone06:48
*** boris-42 has quit IRC06:48
*** EinstCrazy has joined #openstack-keystone06:49
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/24903306:49
*** spandhe has quit IRC06:49
*** aginwala has joined #openstack-keystone06:50
*** spandhe has joined #openstack-keystone06:51
*** josecastroleon has joined #openstack-keystone07:06
*** e0ne has quit IRC07:08
*** jgriffith is now known as jgriffith_away07:15
*** aginwala has quit IRC07:16
*** btully has quit IRC07:16
*** spandhe has quit IRC07:22
*** aginwala has joined #openstack-keystone07:26
*** mjb has quit IRC07:26
*** _zouyee has joined #openstack-keystone07:30
*** _zouyee has quit IRC07:30
*** mjb has joined #openstack-keystone07:33
*** jerrygb has joined #openstack-keystone07:37
*** _zouyee has joined #openstack-keystone07:39
*** _zouyee has quit IRC07:39
*** topol has joined #openstack-keystone07:39
*** ChanServ sets mode: +v topol07:39
*** urulama__ is now known as urulama07:40
*** topol has quit IRC07:41
*** jerrygb has quit IRC07:42
*** rharwood has quit IRC07:42
*** rharwood has joined #openstack-keystone07:43
*** jaosorior has quit IRC07:45
*** btully has joined #openstack-keystone07:51
*** btully has quit IRC07:56
*** rha has quit IRC08:03
*** gildub has quit IRC08:04
*** jerrygb has joined #openstack-keystone08:12
*** wuhg has joined #openstack-keystone08:13
*** jaosorior has joined #openstack-keystone08:15
*** jerrygb has quit IRC08:17
*** jaosorior has quit IRC08:21
*** jaosorior has joined #openstack-keystone08:22
*** fhubik has joined #openstack-keystone08:31
*** _zouyee has joined #openstack-keystone08:32
openstackgerritDaniele Pizzolli proposed openstack/keystone: Allow building doc using make latexpdf  https://review.openstack.org/24906508:33
*** aginwala has quit IRC08:40
*** e0ne has joined #openstack-keystone08:49
*** fhubik is now known as fhubik_brb09:06
*** fhubik_brb is now known as fhubik09:07
*** fhubik is now known as fhubik_brb09:13
*** openstackgerrit has quit IRC09:16
*** openstackgerrit has joined #openstack-keystone09:17
*** akscram1 is now known as akscram09:20
*** rha has joined #openstack-keystone09:22
*** rha has quit IRC09:22
*** rha has joined #openstack-keystone09:22
*** fhubik_brb is now known as fhubik09:24
*** urulama has quit IRC09:26
*** urulama has joined #openstack-keystone09:27
*** fhubik is now known as fhubik_brb09:32
*** fhubik_brb is now known as fhubik09:34
*** jistr has joined #openstack-keystone09:44
*** EinstCrazy has quit IRC09:48
*** lhcheng has joined #openstack-keystone09:54
*** ChanServ sets mode: +v lhcheng09:54
*** woodster_ has quit IRC09:59
*** aix has joined #openstack-keystone10:05
lhchengraildo: ping10:09
*** breton_ is now known as breton10:13
*** fhubik is now known as fhubik_brb10:20
*** urulama has quit IRC10:23
*** urulama has joined #openstack-keystone10:24
*** josecastroleon1 has joined #openstack-keystone10:34
*** tellesnobrega_af is now known as tellesnobrega10:34
*** josecastroleon has quit IRC10:35
*** fhubik_brb is now known as fhubik10:36
*** urulama has quit IRC11:02
*** urulama has joined #openstack-keystone11:02
*** dims has joined #openstack-keystone11:06
*** dgonzalez has joined #openstack-keystone11:08
*** EinstCrazy has joined #openstack-keystone11:08
*** EinstCrazy has quit IRC11:09
*** EinstCrazy has joined #openstack-keystone11:09
openstackgerritMerged openstack/keystone: deprecate `enabled` option for endpoint-policy extension  https://review.openstack.org/24730511:09
*** rcernin is now known as rcernin|lunch11:13
*** aix has quit IRC11:14
*** aix has joined #openstack-keystone11:15
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/24903311:15
*** toddnni has quit IRC11:19
openstackgerrithenry-nash proposed openstack/keystone-specs: Enable retrieval of default values of domain config options  https://review.openstack.org/18565011:19
openstackgerrithenry-nash proposed openstack/keystone-specs: Enable retrieval of default values of domain config options  https://review.openstack.org/18565011:22
*** toddnni has joined #openstack-keystone11:22
openstackgerrithenry-nash proposed openstack/keystone-specs: Enable retrieval of default values of domain config options  https://review.openstack.org/18565011:23
*** Nirupama has quit IRC11:29
openstackgerritMerged openstack/keystone: Fix string conversion in s3 handler for python 2  https://review.openstack.org/24684411:34
*** daemontool has joined #openstack-keystone11:38
*** daemontool has quit IRC11:40
*** daemontool has joined #openstack-keystone11:40
*** zqfan_AFK is now known as zqfan11:41
*** josecastroleon1 has quit IRC11:42
*** LimorStotland has joined #openstack-keystone11:43
LimorStotlandhi all I have a question.... in the keystone log i see UserNotFound: Could not find user: mistral but the user exist in the DB and i can login to openstack with this user from horizon11:45
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/24903311:45
LimorStotlandis it connected to the fact the mistral works with keystone v3?11:45
*** zqfan is now known as zqfan_AFK11:46
*** fhubik is now known as fhubik_brb11:46
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone-specs: Enable retrieval of default values of domain config options  https://review.openstack.org/18565011:55
flaper87jamielennox: hey, do you happen to be around? Can I bother you with a small review request on a Glance patch? https://review.openstack.org/#/c/241986/12:04
flaper87(or anyone, really)12:04
flaper87especially the `trust_auth_ module12:04
flaper87`trust_auth`*12:04
*** daemontool has quit IRC12:08
*** josecastroleon has joined #openstack-keystone12:08
*** daemontool has joined #openstack-keystone12:09
*** _zouyee has quit IRC12:11
*** tellesnobrega is now known as tellesnobrega_af12:19
*** miyagishi_t has quit IRC12:20
jamielennoxflaper87: done12:20
flaper87jamielennox: thank you12:22
*** tellesnobrega_af is now known as tellesnobrega12:25
*** EinstCrazy has quit IRC12:26
*** EinstCrazy has joined #openstack-keystone12:28
*** alejandrito has joined #openstack-keystone12:34
*** fhubik_brb is now known as fhubik12:34
*** EinstCra_ has joined #openstack-keystone12:35
*** EinstCrazy has quit IRC12:35
*** rcernin|lunch is now known as rcernin12:36
*** diegows has joined #openstack-keystone12:40
*** wolsen has quit IRC12:41
*** pauloewerton has joined #openstack-keystone12:44
*** lhcheng_ has joined #openstack-keystone12:51
*** lhcheng has quit IRC12:51
*** gordc has joined #openstack-keystone12:59
openstackgerritJulien Danjou proposed openstack/keystone: eventlet: handle system that misses TCP_KEEPIDLE  https://review.openstack.org/22677313:06
*** lhcheng_ has quit IRC13:09
*** LukeHinds has joined #openstack-keystone13:12
*** wolsen has joined #openstack-keystone13:14
*** lhcheng has joined #openstack-keystone13:20
*** ChanServ sets mode: +v lhcheng13:20
*** NM has joined #openstack-keystone13:21
*** daemontool has quit IRC13:22
*** doug-fish has joined #openstack-keystone13:30
*** jbell8 has quit IRC13:32
*** NM has quit IRC13:34
*** markvoelker has quit IRC13:35
marekdjamielennox: here?13:35
*** daemontool has joined #openstack-keystone13:39
iurygregorymarekd, now works for everything https://review.openstack.org/#/c/216821/13:41
*** thiagop has joined #openstack-keystone13:43
marekdiurygregory: thanks.13:43
iurygregorymarekd, you're welcome13:44
marekdiurygregory: i think it looks fine, however I hope you tried it in the fresh sstems :-)13:45
marekdsystems13:45
marekdof course this does not fully configure federation, i hope we all agree on that.13:45
iurygregorymarekd, i've tested in ubuntu server and centos ^^13:46
marekdgrreeat13:46
iurygregorymarekd, yeah i can't configure the shibboleth attribute map on puppet-keystone13:46
iurygregorythis is the missing part =/13:46
marekd/etc/shibboleth/shibboleth2.xml too13:46
iurygregoryyeah13:47
iurygregorycan you +1? puppet-keystone will only configure things related to keystone (virtualhost and keystone.conf)13:47
marekdiurygregory: i just did!13:48
iurygregoryThanks man o/13:48
marekd\o13:48
*** fhubik is now known as fhubik_brb13:49
*** fhubik_brb is now known as fhubik13:50
*** fhubik is now known as fhubik_brb13:50
*** fhubik_brb is now known as fhubik13:53
*** ayoung has joined #openstack-keystone13:53
*** ChanServ sets mode: +v ayoung13:53
*** markvoelker has joined #openstack-keystone13:53
*** fhubik is now known as fhubik_brb13:54
*** fhubik_brb is now known as fhubik13:54
*** fhubik is now known as fhubik_brb13:54
*** daemontool has quit IRC13:56
*** daemontool has joined #openstack-keystone13:57
*** daemontool has quit IRC13:58
*** topol has joined #openstack-keystone13:58
*** ChanServ sets mode: +v topol13:58
*** daemontool has joined #openstack-keystone13:59
*** htruta has left #openstack-keystone13:59
*** htruta has joined #openstack-keystone13:59
*** jaosorior has quit IRC14:03
*** rcernin has quit IRC14:03
*** jaosorior has joined #openstack-keystone14:03
*** LimorStotland has left #openstack-keystone14:05
*** richm has joined #openstack-keystone14:08
*** jerrygb has joined #openstack-keystone14:23
*** mylu has joined #openstack-keystone14:23
*** nllrte has joined #openstack-keystone14:34
marekdiurygregory: congrats.looks like patch is approved14:40
*** NM has joined #openstack-keystone14:40
iurygregorymarekd, merged :D14:40
iurygregorythanks for your review =D14:40
marekdiurygregory: no problem14:41
*** goodygum_ is now known as noqa_v_qoovnie14:44
*** jgriffith_away is now known as jgriffith14:47
*** pumaranikar has joined #openstack-keystone14:54
*** jerrygb has quit IRC14:56
*** jerrygb has joined #openstack-keystone14:57
*** davechen has joined #openstack-keystone15:00
*** jaosorior has quit IRC15:00
*** mylu has quit IRC15:01
*** mylu has joined #openstack-keystone15:02
*** boris-42 has joined #openstack-keystone15:02
*** jaosorior has joined #openstack-keystone15:02
openstackgerritSteve Martinelli proposed openstack/keystone: Remove example extension  https://review.openstack.org/23557415:03
*** ajayaa has joined #openstack-keystone15:05
stevemarbknudson: ^ you asked about that in a review15:05
bknudsonstevemar: y, you can put closes-bug whatever the bug is15:06
*** jasonsb has joined #openstack-keystone15:06
bknudsonstevemar: Closes-Bug: #151924415:07
openstackbug 1519244 in OpenStack Identity (keystone) "Allow building doc using make latexpdf" [Undecided,In progress] https://launchpad.net/bugs/1519244 - Assigned to Daniele Pizzolli (daniele-pizzolli)15:07
openstackgerritSteve Martinelli proposed openstack/keystone: Remove example extension  https://review.openstack.org/23557415:07
stevemaryeah, just did15:07
stevemarnow to get someone else to review it :P15:07
bknudsonstevemar: Daniele Pizzolli should be interested15:08
*** breitz has quit IRC15:08
*** breitz has joined #openstack-keystone15:08
*** dims_ has joined #openstack-keystone15:08
*** dims has quit IRC15:09
*** ahilsinhas has joined #openstack-keystone15:12
*** jerrygb has quit IRC15:15
*** jerrygb has joined #openstack-keystone15:16
*** btully has joined #openstack-keystone15:17
*** markvoelker has quit IRC15:18
*** markvoelker has joined #openstack-keystone15:18
lbragstadxek updated your spec with a couple more questions15:24
openstackgerrithenry-nash proposed openstack/keystone-specs: Clarify project hierarchy and parent usage within the API  https://review.openstack.org/20062415:24
lbragstadxek are you pretty familiar with how nova does online migrations?15:24
lbragstadif so, I have questions :)15:24
*** urulama has quit IRC15:24
*** urulama has joined #openstack-keystone15:25
openstackgerrithenry-nash proposed openstack/keystone-specs: Clarify project hierarchy and parent usage within the API  https://review.openstack.org/20062415:26
*** henrynash has joined #openstack-keystone15:27
*** ChanServ sets mode: +v henrynash15:27
*** jasonsb has quit IRC15:32
*** jerrygb has quit IRC15:33
*** slberger has joined #openstack-keystone15:38
*** mylu has quit IRC15:43
*** ajayaa has quit IRC15:46
*** jbell8 has joined #openstack-keystone15:49
*** EinstCra_ has quit IRC15:51
*** NM has quit IRC16:07
*** fhubik_brb is now known as fhubik16:07
*** ericksonsantos has joined #openstack-keystone16:07
samueldmqhenrynash: hi, do you have a moment to talk about https://review.openstack.org/#/c/200434 ?16:09
henrynashsamueldmq: sure16:09
samueldmqhenrynash: so, looks like deprecating the old extension + adding the new api (based on the extension, but with inherited logic fixed) isn't going to wokr16:11
openstackgerrithenry-nash proposed openstack/keystone-specs: Allow url-safe project and domain names to be optionally enforced  https://review.openstack.org/24808316:11
samueldmqhenrynash: basically, what changes is htat, given the hierarchical prjects world, we need to evolve the inherited assignments16:12
henrynashsamueldmq: I’m ok with that too16:12
samueldmqhenrynash: but, we didn't do that in the same cycle as we introduced hierarchical projects16:12
samueldmqhenrynash: so now we're in trouble16:12
*** ajayaa has joined #openstack-keystone16:12
stevemarnotmorgan: regarding the topic of distrusting vs trusting: https://review.openstack.org/#/c/246749/ -- help a brother out?16:13
stevemaror lbragstad :) ^16:14
henrynashsamueldmq: not quite sure what you are angling for exactly....16:15
samueldmqhenrynash: the options I see are: i) we add a config option to change inherited behavior ii) add another completely new inherited param or iii) a third parameter to specify the type of inheritance16:15
samueldmqhenrynash: i) is bad for interoperability16:15
samueldmqhenrynash: ^ I am trying to list our alternatives, and the tradeoffs of each one16:16
henrynashsamueldmq: brb16:16
*** rcernin has joined #openstack-keystone16:16
samueldmqhenrynash: sure16:16
*** urulama has quit IRC16:19
*** urulama has joined #openstack-keystone16:19
henrynashsamueldmq: to add to this, I’ve come across at least one customer that really likes the current inheritance model and doesn’t want u sto change it (and that’s for project hierarchy inheritance, not just domain->project)16:19
openstackgerritMarek Denis proposed openstack/keystone-specs: Make keystone fully fledged SAML2 Service Provider  https://review.openstack.org/24469416:20
henrynashsamueldmq: so I was mulling adding a second inherited prarm16:20
samueldmqhenrynash: and I agree that can be useful in some cases16:20
henrynashanyway16:20
openstackgerritMorgan Fainberg proposed openstack/keystoneauth: Add docstring validation  https://review.openstack.org/23003516:20
samueldmqhenrynash: yes, a second inheritance parameter would be nice, and backwards compatible16:20
henrynashsamueldmq: agreed16:20
samueldmqhenrynash: perhaps it now becomes a naming problem :)16:21
samueldmqhenrynash: since we need to find a very good name for assignments which apply to both current and children16:21
raildolhcheng: ping, are you around? It's about Horizon impact with v2.0 deprecation16:21
henrynashsamueldmq: ‘inherited_to_projects_and_the_nice_target_you_placed_the_assignment_on’ ?16:22
notmorganstevemar: ^ yet another reason for that email. It's absurd for that policy with reno16:22
openstackgerritMarek Denis proposed openstack/keystone-specs: Make keystone fully fledged SAML2 Service Provider  https://review.openstack.org/24469416:23
*** NM has joined #openstack-keystone16:24
*** harshs has joined #openstack-keystone16:24
*** mylu has joined #openstack-keystone16:25
samueldmqhenrynash: haha, looks short enough for UX16:26
*** navid_ has joined #openstack-keystone16:27
henrynashsamueldmq: so I think what we are saying is that is a multistep process…first make current API core, then look at additional fucntionality16:28
*** lhcheng_ has joined #openstack-keystone16:29
*** dims_ has quit IRC16:30
*** josecastroleon has quit IRC16:31
*** lhcheng has quit IRC16:32
samueldmqhenrynash: that's what I am actually writing in my review there16:33
samueldmqhenrynash: would be great to do it this way, if you agree :)16:33
notmorganstevemar: https://review.openstack.org/#/c/245304/16:33
*** simondodsley has joined #openstack-keystone16:34
notmorganstevemar: if you could look at it. just a +1 is fine, but just making sure it makes sense to you until jamielennox wakes up16:35
openstackgerritBrant Knudson proposed openstack/keystone: Correct RoleNotFound usage  https://review.openstack.org/24846616:37
samueldmqhenrynash: reviewed, hope it helps :)16:37
stevemarnotmorgan: i'll look at it after gym, gotta make sure i'm alive to review16:38
stevemarnotmorgan lhcheng_ need a non-ibm +2 here: https://review.openstack.org/#/c/248466/16:38
stevemarnotmorgan: hehe16:38
openstackgerritMerged openstack/keystone: Updating sample configuration file  https://review.openstack.org/24903316:38
*** aix has quit IRC16:40
notmorganstevemar: but... really is the gym going to make you alive?16:41
* mordred is scared of stevemar16:41
*** daemontool has quit IRC16:43
*** daemontool has joined #openstack-keystone16:44
openstackgerritMerged openstack/keystoneauth: Allow saving and caching the plugin auth state  https://review.openstack.org/24561216:45
*** dims has joined #openstack-keystone16:46
*** daemontool has quit IRC16:49
*** EinstCrazy has joined #openstack-keystone16:51
dstanekhenrynash: https://gist.github.com/dstanek/756337141e5e0066ebce16:51
notmorganhenrynash: so... i need to know what is really driving the use-case for the reseller stuff (since we seem to be back to where we were pre-summit)16:52
notmorganhenrynash: with some minor adjustments... but16:52
*** fhubik is now known as fhubik_brb16:56
*** EinstCrazy has quit IRC16:56
openstackgerritMerged openstack/keystoneauth: Add load_from_options_getter to plugin loading  https://review.openstack.org/22202916:56
*** e0ne has quit IRC16:58
*** diegows has quit IRC17:00
dstanek*all*: some reading material for henrynash's topic - https://gist.github.com/dstanek/756337141e5e0066ebce17:01
bknudsondstanek: looks good to me. I think this should be proposed to the developer docs17:06
openstackgerritMerged openstack/keystoneauth: Add documentation to Opt  https://review.openstack.org/24852217:07
openstackgerritMerged openstack/keystoneauth: Tweak the way plugin attributes are loaded  https://review.openstack.org/24852317:07
raildobknudson: ++17:07
*** fhubik_brb is now known as fhubik17:09
stevemardstanek: <3 the doc17:11
*** ayoung has quit IRC17:13
*** dims has quit IRC17:18
*** dims_ has joined #openstack-keystone17:18
*** david-ly_ has joined #openstack-keystone17:19
*** david-l__ has joined #openstack-keystone17:23
*** david-ly_ has quit IRC17:23
*** david-lyle has quit IRC17:23
openstackgerritTom Cocozzello proposed openstack/keystone: Improve code and comments in test_catalog  https://review.openstack.org/24884617:24
openstackgerritTom Cocozzello proposed openstack/keystone: Improve code and comments in test_catalog  https://review.openstack.org/24884617:25
*** mylu has quit IRC17:26
*** harshs has quit IRC17:26
*** ayoung has joined #openstack-keystone17:26
*** ChanServ sets mode: +v ayoung17:26
*** mylu has joined #openstack-keystone17:26
*** jbell8 has quit IRC17:27
*** shaleh has joined #openstack-keystone17:29
*** david-l__ has quit IRC17:30
*** mylu has quit IRC17:31
*** roxanaghe has joined #openstack-keystone17:41
*** jbell8 has joined #openstack-keystone17:43
*** david-lyle has joined #openstack-keystone17:44
*** NM has quit IRC17:48
stevemarnotmorgan: you gonna be around for the meeting?17:50
*** arunkant has quit IRC17:50
stevemaror dstanek?17:50
stevemari may need some help running it, the electrician said he will come any time tuesday and he's picking *now*17:50
notmorganask dstanek i maaaaay disappear any moment17:51
*** arunkant has joined #openstack-keystone17:51
*** arunkant_ has joined #openstack-keystone17:52
dstaneki'll be here stevemar, notmorgan17:56
openstackgerritMerged openstack/keystone: Remove example extension  https://review.openstack.org/23557417:56
*** aix has joined #openstack-keystone17:57
dstanekstevemar: wow, lots of stuff for this meeting17:58
marekdtoo much i guess17:58
dstanekstevemar: do you want me to start/stop it and you can run while you are there or would you rather me just do the whole thing?17:58
stevemardstanek: i can start it17:59
dstanekstevemar: you just have to be there to end it too. or -infra can probably do that if you have to bail17:59
stevemarping ajayaa, amakarov, ayoung, breton, browne, davechen, david8hu, dolphm, dstanek, ericksonsantos, geoffarnold, gyee, henrynash, hogepodge, htruta, jamielennox, joesavak, lbragstad, lhcheng, marekd, morganfainberg, nkinder, raildo, rodrigods, roxanaghe, samueldmq, shaleh, stevemar, tsymanczyk, topol, vivekd, wanghong, claudiub, rderose, samleon, xek, MaxPC17:59
stevemardstanek: thats fine18:00
*** e0ne has joined #openstack-keystone18:01
*** david-lyle has quit IRC18:03
*** urulama has quit IRC18:04
*** jistr has quit IRC18:04
*** urulama has joined #openstack-keystone18:04
openstackgerritDiane Fleming proposed openstack/keystone-specs: missing new attribute about Token  https://review.openstack.org/24271918:04
openstackgerritDiane Fleming proposed openstack/keystone-specs: missing attibute about Token  https://review.openstack.org/24272418:06
openstackgerritMerged openstack/keystone: Add release notes for mitaka thus far  https://review.openstack.org/24674918:08
*** jaosorior has quit IRC18:09
*** jaosorior has joined #openstack-keystone18:10
*** david-lyle has joined #openstack-keystone18:11
*** wasmum has joined #openstack-keystone18:11
*** ayoung has quit IRC18:12
*** ayoung has joined #openstack-keystone18:12
*** ChanServ sets mode: +v ayoung18:12
topolo/18:13
stevemartopol: go to -meeting!18:15
*** jaosorior has quit IRC18:28
*** nllrte has quit IRC18:29
*** harshs has joined #openstack-keystone18:30
*** nllrte has joined #openstack-keystone18:42
*** spandhe has joined #openstack-keystone18:42
*** zqfan_AFK has quit IRC18:46
*** fhubik has quit IRC18:46
openstackgerritMerged openstack/keystoneauth: Add docstring validation  https://review.openstack.org/23003518:46
shaleha quick grep of the tree finds only one commented 2.6 compatibility piece19:00
shalehneed to do more searching19:01
shalehthings like "pre 2.7" and the like19:01
*** jerrygb has joined #openstack-keystone19:01
navid_marekd: I have a question about endpoint filtering, what is the criteria for filtering?19:01
*** wuhg has quit IRC19:01
*** aginwala has joined #openstack-keystone19:02
marekdnavid_: one moment19:02
ayounghenrynash, I'm going to make the changes suggested in the meeting to the URL safe names spec.  OK?19:02
*** tellesnobrega is now known as tellesnobrega_af19:03
davechennavid_: currently, it filter endpoint for s specific project.19:03
dstaneknotmorgan: i don't think anyone really address my points in the distrusting model email :-(19:04
notmorgandstanek: my response was to lbragstad respons19:05
davechennavid_: either from project_endpoint of from endpoint group project assocation.19:05
notmorgandstanek: i didn't specifically address your points.19:05
stevemardstanek: i distrust you all19:05
notmorgandavechen: i also have been trying to let the convo continue some before jumping back in.19:05
dstaneknotmorgan: everyone is talking about developers and not the other issue19:05
notmorganstevemar: i don't trust you or topol19:05
notmorganstevemar: clearly19:05
* dstanek rage quits because stevemar is mean19:05
davechennotmorgan: sorry. :(19:06
stevemardstanek: yes, one less person to give puppies to19:06
notmorgandstanek: feel free to tag back in and refocus the convo that way. i think your points are good19:06
notmorgandavechen: :P19:06
*** LukeHinds has quit IRC19:06
notmorgandstanek: i am happy we are having the convo on the ML though. its something we need to talk about in this community and if the result is a well defined (on each project) policy to how it is meant to be done - that is a win. but we need to be clear (I obviously want to go to the proposed model)19:07
henrynashayoung: are there any changes?19:09
bretondoes the old model hamper us somehow?19:09
ayounghenrynash, just clarifications.  I'll post a diff:19:09
dstaneknotmorgan: i actually wouldn't mind the trusting model, but i want to make sure everyone thinks about it from all angles19:10
*** alejandrito has quit IRC19:10
ayounghenrynash, right now I have http://paste.fedoraproject.org/294092/9221914419:10
notmorgandstanek: but honestly, as long as we have a clear policy on this i think we'll be fine. and the perceived inproprieties can be dealt with.19:10
dstanekwhile i trust all of the cores in our group I don't trust all of your companies :-) or all the other companies out there...19:10
tjcocozzI didn't realize the meeting time changed :(  stevemar you have some work for me about remove py26 code?19:10
notmorgandstanek: i *think* it will be a couple times of showing noting is untoward and it wont be an issue again19:11
notmorgandstanek: i am also personally inclined to trust the individuals (cores) to speak up to the PTL or the rest of the group if there is undue pressure19:11
dstaneknotmorgan: that's not really the issue either19:12
notmorgancoming from the corp chain19:12
henrynashayoung: I’m not sure we should we should be mentioned nested domains explciitely here…that’s for another spec19:12
topolso the avoid single company group think is an important issue19:12
notmorgandstanek: meaning it can be headed off beforesomething lands19:12
ayounghenrynash, ok...I can X that19:12
stevemartjcocozz: ha, np19:13
dstaneknotmorgan: imagine if dolphm, lbragstad and I pushed through fernet (all cores agreed it was correct and good). another org can come in and say Rax pushed it through instead of technology X19:13
notmorgantopol: i don't think the group think issue is at play here - we either already have that or we have a healthy development community/practices - that is something we can continue to solve w/o it.19:13
dstaneknow there is a PR/social (hard) problem19:13
topoldstanek EXACTLY19:13
topolits what dstanek said19:13
henrynashayoung: sounds good19:14
ayounghenrynash, so just http://paste.fedoraproject.org/294101/4839244419:14
dstanekso now my company and our team is taking heat because someone wants to make a headline at our expense19:14
stevemartjcocozz: take your pick: https://bugs.launchpad.net/keystone/+bug/151944919:14
openstackLaunchpad bug 1519449 in python-keystoneclient "Remove Python 2.6 Support" [Low,In progress] - Assigned to Keystone Drivers (keystone-drivers)19:14
topolagain we can be flexible for smaller projects and no one seems to get upset19:14
notmorgandstanek: and this is why i'm having the conversation in the open.19:14
*** mylu has joined #openstack-keystone19:14
notmorganbecause we can use the conversation [if policy is changed] to help head that off19:14
stevemardstanek: maybe the solution is to keep the distrustful policy on specs, but not for code?19:14
notmorganactually i have a different view on specs19:15
stevemari'd like specs to have a roll call19:15
notmorganthat i left out. this convo was really meant towards code review19:15
dstaneki'll put that example in the thread and see if we can get some comments on that. it's more than clear that people trust their developers19:15
notmorganstevemar: that was my recommendation19:15
dstanekstevemar: sure19:15
notmorganstevemar: roll-call, and PTL approves19:15
henrynashayoung: mayeb just for calrity in line 14 rather than saying “will be disabled” maybe say “will be treated as being disabled”19:15
topoldstanek notmorgan I really felt the pain one time of being perceived of my company pushing something through.. Even though a previous patchset was +2 by another company we still got whooped19:16
notmorganstevemar: kindof like the TC resolutions19:16
stevemarnotmorgan: yep19:16
dstanekthen do we need more of a formal policy that things should be tagged to a spec if they are a feature?19:16
ayounghenrynash, meaning that the "disabled" flag is not actually set in the database?19:16
henrynashayoung: exactly19:16
stevemartjcocozz: any questions about the bug?19:16
stevemarask bknudson haha19:16
* tjcocozz is looking now19:16
notmorgantopol: and i think that is going to be an issue anyway. so i am in favor of trusting individuals. i also will point to the fact that core is independant of affiliation anytime someone asks19:16
ayounghenrynash, OK...I might add some words19:16
henrynashayoung: ok19:16
notmorgantopol: if you change jobs/companies you're still core19:16
dstanek...and then ther are the wishlist bugs that we say don't need specs19:16
notmorgandstanek: i think we have a reasonable policy on that already19:17
openstackgerritayoung proposed openstack/keystone-specs: Allow url-safe project and domain names to be optionally enforced  https://review.openstack.org/24808319:17
ayoungnotmorgan, oh, come on, when will a core ever change companies?19:18
tjcocozzstevemar, i guess i will need help removing the gate job but other than that it looks pretty strait foward19:18
notmorganayoung: never... ever... ever... ever...19:18
stevemarayoung: how often do seasons change?19:18
stevemar:P19:18
stevemaror maybe as often as the wind changes direction?19:19
topolnotmorgan. I agree.   its just the perception.  even in reality we know dstanek, dolphm, lbragstad didnt railroad fernet down our throats but if they all did it themselves people would percieve it that way19:19
ayoungI misspoke when I said I was one of the architects.  I should have said "approvers" as I do remember the original conversation, but I don't remember who's idea it was.19:19
notmorgantopol: and i think this policy isn't saving us from that perception19:19
topolno worries ayoung.  we don't vet your credit claims :-)19:20
notmorgantopol: it's a strawman in this case .19:20
henrynashayoung, gyee: one of you want to up your +2 to +A ?19:20
henrynashayoung, gyee: https://review.openstack.org/#/c/220335/19:20
ayounghenrynash, will do19:20
ayounghenrynash, just a rebase, right?19:21
henrynashstevemar: are you ok now on: https://review.openstack.org/#/c/220452/19:21
topolnotmorgan the policy would have saved me when this blew up on us once19:21
henrynashayoung: yes19:21
*** mylu has quit IRC19:21
dstaneknotmorgan: maybe i've been through too much corporate training :)19:21
notmorgantopol: i actually don't think it would.19:21
notmorgantopol: i think it's a convientn place to point at, but it doesn't change much19:22
stevemarhenrynash: i still think having two policies is bananas19:22
topolnotmorgan, given a previous accusation of this I dedicated a resource to a project full time todo quality improvements to make amends.   Which I'm glad I did. The person is doing a great job imporving that projects quality19:23
henrynashstevemar: you mean one for list assignment on a specific target and one for doing a whole tree?19:23
topolBut still thats the impact I felt personally not having this policy19:23
stevemarhenrynash: the fact that a query parameter needs a different policy call19:24
topolnotmorgan, dstanek, being accused of a crime you didnt commit stinks...19:24
henrynashstevemar: so that’s an argument to do this a new API, rather than a query parameter…19:24
dstaneknotmorgan, topol: it's true that there isn't a way to know if this policy would have helped in that situation, but i suspect it would have been more ammo to combat accusations19:25
notmorgantopol: sure. but we can also make the change, see that it doesn't work [this becomes a serious issue] and say it was an experiment and go back.19:25
notmorgani don't think we're going to see higher incidences of this type of concern than we do today19:25
notmorganhonestly19:25
notmorganmostly because we as cores *will* continue to ask for outside insight19:25
stevemarhenrynash: and the policy for `list_role_assignments_for_tree` is the same for `list_role_assignments`19:25
notmorganetc.19:26
stevemar(minus one or)19:26
notmorganwe are continuing with healthy development practices. it allows flexibility where it makes sense (lets just point out reno changes, 1 line bug fixes, i18n modifications [not the bot, but string changes], etc) there are many many many things we can easily say the benefits outweigh the detriments19:27
notmorganespecially if the specs still are more rigerous19:27
topolnotmorgan, dstanek,   in my scenario the fallout occurred much much later.  A patch got in. It was buggy. The person left the company.  So it fell through the cracks for a long time. And then when the project leads saw that all IBMer's pushed it in they were very upset at us. And frankly I really understood their point of view19:27
notmorganwith a rollcall type vote vs. a +2/+A19:27
notmorganbecause the spec will still define the "do we want this"19:28
topolnotmorgan. I agree the policy should be flexible.   we have easier rules for pyacdf and heat translator19:28
tjcocozzstevemar, would you mind if I remove all the py2.6 projects from the gate?19:28
stevemartjcocozz: only for the keystone projects19:28
henrynashstevemar: by default it is the same, but we are asuming different deploymetns woudl change this to whats suityed them..teh point being that I think we have to let them be different19:28
topolnotmorgan, dstanek the question is how much more flexibility do you want/need and for which projects do you have concerns19:29
notmorgantopol: so, spec still more strict, but code review not? i think that tends to address the major concerns.19:29
tjcocozzstevemar, haha that makes sense.19:29
tjcocozzstevemar, working on it now19:29
notmorgantopol: i'd advocate for the full "trust" policy on all projects in OpenStack [specs being a project-by-project thing of course]19:29
topolnotmorgan.  possibly.  but what if competing patch implementations?19:29
*** ajayaa has quit IRC19:29
notmorgantopol: PTL deconflict, same as today really19:29
notmorgantopol: and if people are bad actors... we have remediation plans outlined in the proposal19:30
notmorganyou *can* revert19:30
notmorganyou can strip core status19:30
notmorganyou can change policy back19:30
notmorganuntil there is a reason to be distrustful, lets not be.19:30
topolwhat indemnifies me from PTL saying, this patch got in because of all IBMers. No one else understands it. IBM owns it, not the project?19:31
notmorgantopol: you elected the PTL19:31
notmorgannothing indeminfies you from the PTL today saying topol and morgan wrote that as a cabal19:31
topolnotmorgan PTL's can change every 6 months19:31
notmorganand they own it19:31
notmorgannot the project19:31
notmorgantopol: and mostly the PTL is responsible for what happened on their watch19:32
notmorganthe subsequent PTLs may blame the PTLs for some things but typically aren't going to retroactively say "OMG BAD TOPOL"19:32
notmorgantopol: so again, i don't think this policy is buying us anything except a level of distrust / culture that we are doing the right thing with (discussing it in the open)19:34
notmorgantopol: s/that we/and that we/19:34
topolnotmorgan so I am pretty open to anything.   If there was a new policy I would ask folks to be careful and only do the single company on non-controversy stuff. But I really think lbragstad, dolphm, and dstanek had good counterpoints19:34
dstanektopol: that's just rax trying to dictate development policy!19:34
shalehheh19:35
topoldstanek, SMH :-)19:35
*** henrynash has quit IRC19:35
notmorgandstanek: IBM.19:35
notmorgandstanek: it's totally IBM dictating the policy... i mean they even have the PTL! :P19:35
notmorgananyway i think some of this needs to end up continued on the ML thread19:36
notmorgani am pleased this convo is happening both for keystone and other projects19:36
*** navid_ has quit IRC19:36
stevemarnotmorgan: hey! i've been staying out of this convo for just that reason19:37
dstaneknotmorgan: yep, and like i said i'd be fine either way. i'm just doing my duty to make sure all the issues are considered and maybe planned for19:37
notmorganstevemar: ;)19:37
notmorgandstanek: yar19:37
stevemarit'll look way too bait if i agree with it :(19:38
notmorganstevemar: i also made it a point to send this email after I was done being PTL for a reason19:39
stevemarah19:40
topolnotmorgan, dstanek its a goodconversation to have.  Will be intersting to see if a consensus can be achieved19:42
topoldstanek, and notmorgan I'm not religious either way on this19:43
topolwhatever folks want I can make work19:43
bknudsontjcocozz: here's the -infra review for oslo libs: https://review.openstack.org/#/c/244275/19:44
topolI just remember the butt whoopin I got the one time we let this happen.  and darn it some other company did +2 a previous iterationof the patch :-)19:44
shaleh:-)19:44
topolbranded, marked as theone who ran from bitter creek19:44
bknudsonscarlet letter19:45
*** dims has joined #openstack-keystone19:53
*** aginwala has quit IRC19:54
dstanektjcocozz: are you working on one of those 2.6 bugs?19:55
tjcocozzdstanek, yes! i am working on removing it from the gate19:55
dstanektjcocozz: all of them?19:55
*** dims_ has quit IRC19:56
dstanektjcocozz: i'm going to assign one of them to me to start attacking the code19:56
tjcocozzdstanek, all the projects listed in the bug19:56
tjcocozzdstanek, sounds good.  hopefully i'm not stepping on peoples toes :)19:56
dstanektjcocozz: nope, if you want to work on the code for one of them assign the bug to yourself.19:57
tjcocozzdstanek, sounds good. I do want to get this blue print up and running before i start jumping into more bugs, if thats okay19:59
*** aginwala has joined #openstack-keystone20:00
openstackgerritMerged openstack/keystone: Correct RoleNotFound usage  https://review.openstack.org/24846620:03
dstanektjcocozz: sure. You don't have to do any. Just want to be sure we're now duplicating efforts20:04
davechentjcocozz, dstanek: i am going to look at keystoneclient, but i will check if there is anything already done before pushing a review.20:04
tjcocozzdstanek, that makes sense.   you will see my review up there shortly.  :-)20:05
davechenjust go ahead, and don't care about this.20:06
davechentjcocozz: cool, you are really fast. :)20:06
tjcocozzdavechen, I choose the simple task to do :)20:07
bknudsondavechen: tjcocozz is working on the -infra change to remove the py26 gate jobs.20:07
bknudsonthere's still work to do to remove the classifier from setup.cfg if it's there.20:07
bknudsonand update tox.ini20:07
bknudsonlet me see if I can find an example from oslo...20:08
davechenbknudson: there was a aged patch i have abandoned to fix the tox.ini in keystoneclient.20:08
davechenbknudson: i think it's could be restored now.20:08
bknudsonHere's an example of removing the classifier: https://review.openstack.org/#/c/246194/20:09
bknudsonand tox.ini cleanup: https://review.openstack.org/#/c/245475/20:09
dstanektjcocozz: you should comment on the bug that you are doing all of the gate stuff20:10
*** mylu has joined #openstack-keystone20:10
dstanekbknudson: we did this in keystone a few releases ago20:11
dstanekbknudson: and code cleanup20:11
bknudsondavechen: if you can find it just restore the old change. was there another bug already?20:12
tjcocozzdstanek, working on that now20:12
davechenbknudson: no bug, it's about some dependency needed in KSC for py26.20:13
bknudsonoh, nice... argparse maybe?20:13
davechenwe abandone that since we still need support py26 at that time.20:13
davechenit's 'discover'. https://review.openstack.org/#/c/171540/20:14
davechenbut i need check if we have aready remove it.20:14
kfox1111ran into maybe a snag.... just upgraded to liberty keystone with fernet tokens.20:15
kfox1111everything seems to work except ceph rados gw.20:15
kfox1111any known gotcha's there? :/20:15
kfox1111do admin tokens work with fernet ones?20:15
*** mylu has quit IRC20:15
tjcocozzstevemar, a core from openstack-infra wants you to take a look at my review to remove the py26 gate jobs for the projects. https://review.openstack.org/#/c/249400/20:17
stevemartjcocozz: coolio20:20
tjcocozzstevemar, thanks!20:21
*** nllrte has quit IRC20:21
dstanekunlike the server it doesn't look like we have any 2.6 specific hacks20:22
openstackgerritDavid Stanek proposed openstack/keystonemiddleware: Remove py26 target from tox.ini  https://review.openstack.org/24940420:23
*** navid_ has joined #openstack-keystone20:24
bknudsonI thought we would have removed py26 from keystonemiddleware at the same time we did keystone.20:25
*** ayoung has quit IRC20:26
*** ayoung has joined #openstack-keystone20:26
*** ChanServ sets mode: +v ayoung20:26
*** navid__ has joined #openstack-keystone20:26
stevemarbknudson: things slip through the cracks20:27
stevemarbknudson: can you do a check on https://review.openstack.org/#/c/220452/ for me, make sure i'm not crazy?20:27
kfox1111any ideas on the rados gw + fernet thing?20:27
stevemarbknudson: i feel like that is a terrible idea20:27
stevemarkfox1111: gonna have to but lbragstad and dolphm about that stuff :(20:27
openstackgerritMerged openstack/keystone: Rationalize list role assignment routing  https://review.openstack.org/22033520:28
*** navid_ has quit IRC20:28
kfox1111k.20:28
lbragstadkfox1111 reading back20:28
kfox1111know any reason why an admin_token wouldn't work with a fernet tokened keystone?20:29
*** mylu has joined #openstack-keystone20:31
lbragstadkfox1111 is your "admin" token the token defined in your config or is it a fernet token?20:32
lbragstadkfox1111 to my knowledge, that should work fine?20:32
lbragstadI haven't heard of any snags20:32
kfox1111admin in the keystone and ceph.20:32
openstackgerritDavid Stanek proposed openstack/keystoneauth: Remove Python 2.6 support  https://review.openstack.org/24940720:32
bknudsonstevemar: it's implementing a blueprint, so didn't we agree to do this?20:32
kfox1111i see a post followed by a get,20:33
bknudsonstevemar: regarding https://review.openstack.org/#/c/220452/20:33
kfox1111and the get fails with a 411 response.20:33
lbragstad411?20:33
lbragstador 401?20:33
kfox1111172.20.32.65 - - [24/Nov/2015:12:30:37 -0800] "GET /v2.0/tokens/<biglongencodedthingy> HTTP/1.1" 411 238 "-" "-"20:34
bknudson411 Length Required20:34
bknudsonThe server refuses to accept the request without a defined Content-    Length.20:34
kfox1111hmm....20:35
lbragstadthat doesn't seem fernet specific20:35
kfox1111I am running it through apache. cloud apache be injecting some extra requirements?20:35
kfox1111could20:35
lbragstadhttp://stackoverflow.com/questions/19227142/http-status-code-411-length-required20:35
bknudsonI don't think keystone would generate that, so might come from apache or whatever keystone is running in20:36
lbragstadin keystone, we don't actually use 411 anywhere - https://github.com/openstack/keystone/blob/master/keystone/exception.py20:36
kfox1111so this may be radosgw + apache'd keystone...20:37
lbragstadkfox1111 possibly20:38
bknudsonstevemar: regarding https://review.openstack.org/#/c/220452/ , I guess it makes sense to have a separate policy line for the tree operation so that it can be admin-only.20:38
*** e0ne has quit IRC20:38
bknudsonthe alternative would be to add a bunch of features to the policy language20:38
openstackgerritDavid Stanek proposed openstack/python-keystoneclient-kerberos: Remove Python 2.6 support  https://review.openstack.org/24941020:38
lbragstadkfox1111 but keystone shouldn't be discriminating your token format (admin vs fernet)... that should work20:38
kfox1111k.20:38
lbragstaddstanek 's is on the python 2.6 purge!20:39
dstaneklbragstad: technically i'm on a volunteer day, but we're not doing anything right now (or for the next few hours)20:39
lbragstaddstanek open-source development counts as volunteering20:40
lbragstad:)20:40
* dstanek thinks lbragstad is advocating giving his paychack to stockholders20:43
*** aginwala has quit IRC20:44
*** mylu has quit IRC20:44
dstaneklbragstad: my wife and her friend run a charity; so i help them from time to time20:45
lbragstaddstanek nice, what are you guys doing today?20:45
dstaneklbragstad: earlier we were getting food bags delivered to schools. i think we have to go shopping in a little bit for a few hundred cans of soup/pasta/etc20:47
dstaneklbragstad: http://www.wkyc.com/story/news/local/lake-county/2015/10/06/lake-health-tripoint-medical-center-end-68-hours-of-hunger/73479684/20:47
lbragstaddstanek that's awesome20:49
bknudsondstanek: it's strange the py26 job worked even when you removed the target -- https://review.openstack.org/#/c/249410/20:51
*** mylu has joined #openstack-keystone20:51
bknudsonohh, there wasn't a special target for py2620:52
openstackgerritDave Chen proposed openstack/python-keystoneclient: Removes discover from test-reqs  https://review.openstack.org/24941720:52
lbragstadwe never had a specific env for py26, right?20:52
lbragstadnavid__ here is the python 2.6 bug - https://bugs.launchpad.net/keystone/+bug/151944920:53
openstackLaunchpad bug 1519449 in python-keystoneclient-kerberos "Remove Python 2.6 Support" [Low,In progress] - Assigned to David Stanek (dstanek)20:53
dstanekbknudson: then run the tests differently20:53
dstaneks/then/they/20:53
dstanekbknudson: i've never really looked at their shell script before20:54
*** NM has joined #openstack-keystone20:54
stevemardstanek: poke, you should rebase this patch: https://review.openstack.org/#/c/158442/820:57
dstanekstevemar: yeah, i started to yesterday after samueldmq had questions about it20:58
dstanekbknudson: you are right on the closes vs. partial20:58
stevemarcloses actually closes it20:59
dstanekyeah, morgan said partial earlier and i didn't think about it20:59
stevemarnotmorgan: so "deprecated-as-of-mitaka" means things we're *removing* in mitaka or *deprecating* in mitaka?20:59
stevemaror either :P21:00
stevemarreferring to https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka21:00
* stevemar is pretty sure he said partial21:00
stevemarjusssayin21:00
*** raildo is now known as raildo-afk21:01
*** lhcheng_ has quit IRC21:01
openstackgerritDave Chen proposed openstack/python-keystoneclient: Removes discover from test-reqs  https://review.openstack.org/17154021:02
*** navid__ has quit IRC21:02
notmorganstevemar: deprecated. You'd have removed-as-of-mitaka for removee21:04
*** spandhe has quit IRC21:04
*** EinstCrazy has joined #openstack-keystone21:06
*** navid_ has joined #openstack-keystone21:06
dstanekbknudson: yeah, i just looked at the script and i have to idea how it passed21:07
stevemarnotmorgan: just saw that it was already created, thanks21:08
*** mylu has quit IRC21:09
dstanekbknudson: it's tox http://tox.readthedocs.org/en/latest/example/basic.html - you can use any of their available environments even if they are not listed in the tox.ini21:09
dstanekthe list in tox.ini is basically what to run when you don't specify the environment21:09
bknudsonmagic21:09
openstackgerritDavid Stanek proposed openstack/python-keystoneclient-kerberos: Remove Python 2.6 support  https://review.openstack.org/24941021:10
openstackgerritDavid Stanek proposed openstack/keystonemiddleware: Remove py26 target from tox.ini  https://review.openstack.org/24940421:11
*** jbell8 has quit IRC21:12
openstackgerritDavid Stanek proposed openstack/keystoneauth: Remove Python 2.6 support  https://review.openstack.org/24940721:12
*** EinstCrazy has quit IRC21:12
navid_lbragstad: thanks21:13
lbragstadnavid_ np!21:13
*** pauloewerton has quit IRC21:13
dstanekyay. last one for the 2.6 removal :-)21:14
*** aginwala has joined #openstack-keystone21:19
*** henrynash has joined #openstack-keystone21:26
*** ChanServ sets mode: +v henrynash21:26
*** NM has quit IRC21:37
*** dims has quit IRC21:37
*** dims has joined #openstack-keystone21:38
*** NM has joined #openstack-keystone21:40
davechendstanek: you missed this, https://github.com/openstack/python-keystoneclient/blob/master/tox.ini#L421:40
dstanekdavechen: no, i'm working on ksc now. haven't submitted a review yet21:43
*** gordc has quit IRC21:45
davechendstanek: cool :)21:46
shalehso what is the right way to draw reviewers in to +A my reviews? Do you all just add people as reviewers?21:47
*** ayoung has quit IRC21:48
*** boris-42 has quit IRC21:48
dstanekshaleh: there is no right way :-) i think people review they look at what's most important to them. if it's a critical bug fix then i'd probably add people to the review21:54
shalehdstanek: good to know :-)21:55
lbragstadthen again, everyone has a different perspective of what critical is ;)21:55
dstanekshaleh: if it's testing review then feel free to add me and i'll bug people when they start to block my testing work21:55
shalehdstanek: shall do21:56
shalehdstanek: I am sorry BTW. I am sure the churn I have been doing has not made your merges pleasant.21:57
*** lhcheng has joined #openstack-keystone21:57
*** ChanServ sets mode: +v lhcheng21:57
*** aginwala has quit IRC21:58
*** shaleh is now known as shaleh|away21:59
*** topol has quit IRC22:00
dstanekshaleh|away: not a big deal22:00
*** aginwala has joined #openstack-keystone22:02
*** aginwala has quit IRC22:03
*** aginwala has joined #openstack-keystone22:05
*** jerrygb has quit IRC22:14
*** jerrygb has joined #openstack-keystone22:15
*** mylu has joined #openstack-keystone22:19
*** mylu has quit IRC22:23
*** nkinder has quit IRC22:25
*** navid_ has quit IRC22:27
*** mylu has joined #openstack-keystone22:28
kfox1111so, this may or may not be a keystone+apache issue...22:28
kfox1111https://code.google.com/p/modwsgi/wiki/ChangesInVersion0300 mentions wsgi requiring a content_length.22:28
dstanekkfox1111: is one note being set? i would expect WebOb to actually do that for us22:30
*** aginwala has quit IRC22:30
*** mylu has quit IRC22:30
*** aginwala has joined #openstack-keystone22:30
kfox1111not sure. trying to get a packet dump now to verify.22:31
stevemardstanek: when you eventually create a patch for removing py26 support in keystone server, make a release note with it22:32
kfox1111dstanek: here's a strace from swift to keystone:22:33
kfox111132456 sendto(47, "GET /v2.0/tokens/<biglongencodedthinghere> HTTP/1.1\r\nHost: 172.20.32.64:5001\r\nAccept: */*\r\nTransfer-Encoding: chunked\r\nX-Auth-Token: <admintokenhere>\r\nExpect: 100-continue\r\n\r\n", 413, MSG_NOSIGNAL, NULL, 0) = 41322:33
kfox1111so it is doing the chunked thing like the wsgi3 spec mentions.22:33
kfox1111no content-length.22:33
kfox1111since there is no content though, I should probably be able to:     WSGIChunkedRequest On  ?22:34
dstanekkfox1111: that's the client request and not the server response22:34
dstanekkfox1111: i wouldn't expect a content-length there since the client isn't sending a body22:34
*** mylu has joined #openstack-keystone22:34
kfox1111but I think its complaining about that?22:35
notmynameI also wouldn't expect a transfer-endcoding at all on a GET22:35
kfox1111that's the get call that fails with the 411.22:35
*** mylu has quit IRC22:36
dstanekstevemar: we removed 2.6 support for server in Kilo22:36
*** davechen has left #openstack-keystone22:37
dstanekthe "Except" header is also strange22:37
stevemardstanek: d'oh22:38
stevemarwe'll need a release note somewhere22:38
dstanekstevemar: no release not for kilo?22:39
stevemardstanek: lemme check22:40
stevemarhttps://wiki.openstack.org/wiki/ReleaseNotes/Kilo#OpenStack_Identity_.28Keystone.2922:40
stevemarnope22:40
dstanekstevemar: https://review.openstack.org/#/c/137120/22:40
kfox1111so, setting "WSGIChunkedRequest On" seems to have made it return a valid token.22:40
kfox1111now, its not parsing the returned expire time. :/22:41
kfox1111"Keystone token parse error: access: token: Failed to parse ISO8601 expiration date from Keystone response."22:41
kfox1111the expire date looks like: 2015-11-24T23:38:55.421231Z22:43
*** aginwala has quit IRC22:43
*** urulama has quit IRC22:43
*** urulama has joined #openstack-keystone22:44
stevemardstanek: fantastic, i expect all the operators to read our patches :P22:44
kfox1111is it the subsecond's that are not compliant?22:45
*** mylu has joined #openstack-keystone22:46
dstanekstevemar: if they don't then they are missing out!22:47
kfox1111looks like its this: https://github.com/ceph/ceph/commit/136242b5612b8bbf260910b1678389361e86d22a22:47
dstanekthis ksc lazy import stuff is throwing me for a loop22:48
*** mylu has quit IRC22:48
*** mylu has joined #openstack-keystone22:48
stevemarshaleh|away: churn is a necessary evil, i think we all like seeing things look better22:49
*** doug-fis_ has joined #openstack-keystone22:49
stevemarits cleaning up technical debt, not flashy work, but necessary22:49
*** mylu_ has joined #openstack-keystone22:50
*** mylu has quit IRC22:52
*** doug-fish has quit IRC22:53
*** doug-fis_ has quit IRC22:53
kfox1111ok... looking for quick workarounds for now...22:54
kfox1111with the v2 api and fernet tokens, will there be any negative impact if I just floor the v2 api token returned expire date?22:54
*** aginwala has joined #openstack-keystone22:55
*** wuhg has joined #openstack-keystone22:57
kfox1111the keystone code's python, the radosgw, c++, so it will be much easier to work around for now in keystone if I can.22:57
openstackgerritSteve Martinelli proposed openstack/keystone: Remove RequestBodySizeLimiter from middleware  https://review.openstack.org/24946922:57
*** diazjf has joined #openstack-keystone22:58
*** simondodsley has quit IRC22:58
*** mylu_ has quit IRC22:59
*** mylu has joined #openstack-keystone23:00
*** topol has joined #openstack-keystone23:01
*** ChanServ sets mode: +v topol23:01
notmorgankfox1111: i can say I don't recommend doing that.23:01
notmorgankfox1111: but there is nothing stopping you from doing it.23:01
notmorgankfox1111: a lot of these choices were made for a number of reasons and the key bit is that we also want to keep everything consistent. You may run into odd edge cases we don't specifically handle23:02
kfox1111well, at least at some point, keystone v2 was not subsecond accurate, because radosgw coded specifically against that assumption.23:03
openstackgerritSteve Martinelli proposed openstack/keystone: Remove check_role_for_trust  https://review.openstack.org/24947223:03
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/24947323:03
*** harshs has quit IRC23:03
kfox1111so I'm just curious if there are any known gotcha's returning v2 to that behavior?23:03
kfox1111(temporarily until I can get rados gw upgraded at some point)23:04
*** doug-fish has joined #openstack-keystone23:04
*** NM has quit IRC23:04
*** topol has quit IRC23:05
kfox1111hmm.. I also remember something about fernet tokens not supporting subsecond accuracy anyway in liberty?23:07
stevemardstanek: you going to put https://gist.github.com/dstanek/756337141e5e0066ebce in the dev docs?23:08
dstanekstevemar: yes23:08
stevemaror do i have to keep my chrome tab open :P23:08
* stevemar joyously closes a chrome tab!23:08
stevemarchrome is basically how i manage my todo's23:08
*** doug-fish has quit IRC23:08
*** harshs has joined #openstack-keystone23:08
dstanekstevemar: nope, i'll do it23:10
*** boris-42 has joined #openstack-keystone23:10
*** diazjf has quit IRC23:11
*** spandhe has joined #openstack-keystone23:14
openstackgerritSteve Martinelli proposed openstack/keystone: Remove deprecated notification  https://review.openstack.org/24947523:15
lbragstadkfox1111 fernet tokens don't support subsecond accuracy due to the fernet spec23:18
lbragstadmeaning that you can't get subsecond precision but all issued_at times of tokens will be .00000Z, for example23:18
*** aginwala has quit IRC23:19
lbragstadit will just truncate it because the timestamp is being cast to an integer instead of a float23:19
*** henrynash has quit IRC23:20
openstackgerritSteve Martinelli proposed openstack/keystone: Remove deprecated notification event_type  https://review.openstack.org/24947523:23
*** pumaranikar has quit IRC23:24
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/24947823:27
*** dims_ has joined #openstack-keystone23:28
*** dims has quit IRC23:29
*** lhcheng_ has joined #openstack-keystone23:29
*** lhcheng has quit IRC23:30
notmorgankfox1111: ideally we would drop subsecond accuracy across the board23:32
notmorgankfox1111: but there were questions on the best approach there23:32
*** mylu_ has joined #openstack-keystone23:33
openstackgerritSteve Martinelli proposed openstack/keystone: Remove `extras` from token data  https://review.openstack.org/24948023:34
stevemarbknudson: just so you know, i plan on creating a single release note with all these small changes in there: https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bp/removed-as-of-mitaka,n,z23:34
stevemari didn't want to unnecessarily cascase the patches23:34
stevemarcascade*23:34
openstackgerritMerged openstack/keystoneauth: Remove Python 2.6 support  https://review.openstack.org/24940723:35
openstackgerritMerged openstack/keystonemiddleware: Remove py26 target from tox.ini  https://review.openstack.org/24940423:35
stevemarughhhhhhh do i really want to go through the effort of creating a patch to remove eventlet?23:35
stevemarthat's going to be a lot of work23:35
*** mylu has quit IRC23:36
*** aginwala has joined #openstack-keystone23:39
*** gildub has joined #openstack-keystone23:40
*** thiagop has quit IRC23:42
*** rcernin has quit IRC23:42
stevemaryeah, this is not going to be easy23:49
stevemarour tests are very intertwined with eventlet23:49
*** slberger has left #openstack-keystone23:52
notmorganstevemar: make devstack not configure eventlet to start23:52
notmorganstevemar: i had a patch but had a -1 from you re: containerization things23:52
stevemarnotmorgan: yeah, i am gonna sent a note about that to the ML soon23:52
stevemardid you get a chance to look at that?23:52
stevemari sent you a google docs things23:52
*** gildub has quit IRC23:53
notmorganstevemar: then there is a way we can standup a server with a fixture instead of needing to rely on eventlet23:53
notmorganstevemar: no i didn't, i just abandoned the thing because it was a bit out of whack and needed to be reconsidered anyway23:54
notmorganstevemar: but if you run apache in thread-worker you can do a single process in-container vs. pre-fork etc23:54
*** EinstCrazy has joined #openstack-keystone23:56
« Monday, 2015-11-23 Index Wednesday, 2015-11-25 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!