Tuesday, 2016-03-01

« Monday, 2016-02-29 Index Wednesday, 2016-03-02 »
*** browne has quit IRC00:07
*** sdake has quit IRC00:14
openstackgerritMerged openstack/pycadf: Remove unused pngmath Sphinx extension  https://review.openstack.org/28621500:18
*** henrynash has quit IRC00:21
*** henrynash has joined #openstack-keystone00:21
*** ChanServ sets mode: +v henrynash00:21
*** mylu has quit IRC00:21
openstackgerritMerged openstack/keystone: Use requst local in-process cache per request  https://review.openstack.org/27200700:30
*** boris-42 has quit IRC00:34
*** markvoelker has quit IRC00:38
*** mylu has joined #openstack-keystone00:39
openstackgerrithenry-nash proposed openstack/keystone: Projects acting as domains  https://review.openstack.org/23128900:42
*** fangxu has quit IRC00:52
kfox1111whats the legacy_endpoint_id in keystone?00:59
*** mylu has quit IRC01:02
*** fangxu has joined #openstack-keystone01:05
henrynashstevemar: I fixed the merge issue between projects as a domain and the (now merged) https://review.openstack.org/#/c/272007/01:05
patchbothenrynash: patch 272007 - keystone - Use requst local in-process cache per request (MERGED)01:05
*** EinstCrazy has joined #openstack-keystone01:06
henrynashstevemar: At the moment it looks like this will beat shadow users in, so I’ll let you +2A it (https://review.openstack.org/#/c/231289/64)01:07
patchbothenrynash: patch 231289 - keystone - Projects acting as domains01:07
*** mylu has joined #openstack-keystone01:08
*** jasonsb has joined #openstack-keystone01:12
openstackgerritMerged openstack/python-keystoneclient: Update developer docs for keystoneauth session  https://review.openstack.org/28581701:13
*** jorge_munoz has quit IRC01:14
stevemarthanks henrynash01:17
*** sigmavirus24 is now known as sigmavirus24_awa01:17
*** henrynash has quit IRC01:31
*** sheel has joined #openstack-keystone01:36
*** markvoelker has joined #openstack-keystone01:38
*** dan_nguyen has quit IRC01:42
*** ninag has joined #openstack-keystone01:45
*** jamielennox is now known as jamielennox|away01:45
*** mylu has quit IRC01:49
*** ninag has quit IRC01:50
*** mylu has joined #openstack-keystone01:54
*** lhcheng has quit IRC01:55
*** mylu has quit IRC01:56
*** doug-fish has quit IRC01:58
*** dims has quit IRC02:04
*** mylu has joined #openstack-keystone02:05
openstackgerritSteve Martinelli proposed openstack/keystone: Shadow users - Shadow federated users  https://review.openstack.org/27916202:06
*** markvoelker has quit IRC02:08
*** markvoelker has joined #openstack-keystone02:08
*** dims has joined #openstack-keystone02:08
*** bjornar has quit IRC02:11
*** dims has quit IRC02:13
*** mylu has quit IRC02:15
*** dims has joined #openstack-keystone02:17
*** mylu has joined #openstack-keystone02:18
*** mylu_ has joined #openstack-keystone02:19
*** mylu has quit IRC02:20
*** bjornar has joined #openstack-keystone02:20
*** mylu_ has quit IRC02:22
*** mylu has joined #openstack-keystone02:25
*** mylu has quit IRC02:27
*** fawadkhaliq has quit IRC02:27
*** ninag has joined #openstack-keystone02:31
*** blogan has quit IRC02:32
*** mylu has joined #openstack-keystone02:38
*** nisha has joined #openstack-keystone02:41
*** fpatwa_ has joined #openstack-keystone02:43
*** ninag has quit IRC02:44
*** fpatwa__ has joined #openstack-keystone02:46
*** fpatwa_ has quit IRC02:46
*** fpatwa__ has quit IRC02:48
*** fpatwa_ has joined #openstack-keystone02:51
*** csoukup has joined #openstack-keystone02:51
openstackgerritayoung proposed openstack/keystone: Remove unneeded revocation events  https://review.openstack.org/28513402:54
*** csoukup has quit IRC02:55
*** mylu has quit IRC03:04
*** spandhe has quit IRC03:07
*** fpatwa_ has quit IRC03:13
*** bjornar has quit IRC03:15
*** woodster_ has quit IRC03:16
openstackgerritPandiyan proposed openstack/keystone: Add driver details in architecture doc  https://review.openstack.org/28080203:19
*** dims has quit IRC03:19
*** jorge_munoz has joined #openstack-keystone03:21
*** mylu has joined #openstack-keystone03:22
*** jorge_munoz has quit IRC03:22
openstackgerritSteve Martinelli proposed openstack/keystone: Add driver details in architecture doc  https://review.openstack.org/28080203:26
openstackgerritSteve Martinelli proposed openstack/keystone: add hints to list_services for templated backend  https://review.openstack.org/28614203:29
*** ninag has joined #openstack-keystone03:29
*** Nakato has quit IRC03:31
*** ninag has quit IRC03:33
*** ninag has joined #openstack-keystone03:33
*** ccard_ has quit IRC03:34
*** richm has quit IRC03:37
*** ninag has quit IRC03:37
*** nisha_ has joined #openstack-keystone03:39
*** nisha has quit IRC03:43
*** dave-mccowan has quit IRC03:45
*** Nakato has joined #openstack-keystone03:45
*** ccard_ has joined #openstack-keystone03:47
*** links has joined #openstack-keystone03:49
*** chlong_ has quit IRC04:03
*** tellesnobrega is now known as tellesnobrega_af04:12
*** nisha_ has quit IRC04:14
*** fangxu has quit IRC04:16
*** fawadkhaliq has joined #openstack-keystone04:18
*** sheel has quit IRC04:27
*** fpatwa_ has joined #openstack-keystone04:44
*** diazjf has joined #openstack-keystone04:57
*** nisha has joined #openstack-keystone05:02
*** blogan_ has joined #openstack-keystone05:18
*** spandhe has joined #openstack-keystone05:25
*** mylu has quit IRC05:30
*** fpatwa_ has quit IRC05:33
*** mylu has joined #openstack-keystone05:34
*** fawadkhaliq has quit IRC05:42
*** mylu has quit IRC05:46
*** mylu has joined #openstack-keystone05:47
*** jaosorior has joined #openstack-keystone05:49
*** fawadkhaliq has joined #openstack-keystone05:58
*** sheel has joined #openstack-keystone06:02
*** Nirupama has joined #openstack-keystone06:04
*** spandhe_ has joined #openstack-keystone06:06
*** spandhe has quit IRC06:08
*** spandhe_ is now known as spandhe06:08
*** rcernin has joined #openstack-keystone06:09
*** sdake has joined #openstack-keystone06:11
*** nisha_ has joined #openstack-keystone06:15
*** nisha has quit IRC06:19
*** Nirupama has quit IRC06:20
*** e0ne has joined #openstack-keystone06:23
*** Nirupama has joined #openstack-keystone06:24
*** sdake has quit IRC06:27
*** diazjf has quit IRC06:29
*** e0ne has quit IRC06:31
*** sdake has joined #openstack-keystone06:33
*** e0ne has joined #openstack-keystone06:33
*** e0ne has quit IRC06:34
*** mariusv has quit IRC06:35
*** roxanaghe has quit IRC06:39
*** lhcheng has joined #openstack-keystone06:40
*** ChanServ sets mode: +v lhcheng06:40
*** mylu has quit IRC06:45
*** fangxu has joined #openstack-keystone06:49
*** Nirupama has quit IRC06:51
*** lunarlamp has joined #openstack-keystone06:56
*** nisha_ has quit IRC07:01
openstackgerritSteve Martinelli proposed openstack/keystone: Fix the migration issue for the user doesn't have a password  https://review.openstack.org/28515207:05
*** fangxu has quit IRC07:08
*** sdake has quit IRC07:10
*** sdake has joined #openstack-keystone07:12
*** spandhe has quit IRC07:15
EinstCrazydoes anyone know how to create a default domain?07:16
*** henrynash has joined #openstack-keystone07:17
*** ChanServ sets mode: +v henrynash07:17
*** fangxu has joined #openstack-keystone07:21
*** henrynash has quit IRC07:23
*** lhcheng has quit IRC07:32
*** fpatwa_ has joined #openstack-keystone07:33
*** Nirupama has joined #openstack-keystone07:34
*** fpatwa_ has quit IRC07:38
*** lhcheng has joined #openstack-keystone07:38
*** ChanServ sets mode: +v lhcheng07:38
*** roxanaghe has joined #openstack-keystone07:39
*** roxanaghe has quit IRC07:44
*** sdake has quit IRC07:48
*** lhcheng has quit IRC07:59
*** belmoreira has joined #openstack-keystone08:01
*** fawadkhaliq has quit IRC08:08
*** pcaruana has joined #openstack-keystone08:09
*** lhcheng has joined #openstack-keystone08:22
*** ChanServ sets mode: +v lhcheng08:22
openstackgerritSteve Martinelli proposed openstack/keystone: Return 404 instead of 401 for tokens w/o roles  https://review.openstack.org/27743608:23
*** henrynash has joined #openstack-keystone08:37
*** ChanServ sets mode: +v henrynash08:37
*** daemontool__ has joined #openstack-keystone08:38
*** rk4n has joined #openstack-keystone08:39
*** roxanaghe has joined #openstack-keystone08:41
*** daemontool_ has quit IRC08:41
*** fhubik has joined #openstack-keystone08:44
*** roxanaghe has quit IRC08:46
*** openstackgerrit has quit IRC08:48
*** openstackgerrit has joined #openstack-keystone08:48
openstackgerrithenry-nash proposed openstack/keystone: Deprecate domain driver interface methods  https://review.openstack.org/28645209:04
*** fangxu has quit IRC09:04
*** rk4n has quit IRC09:06
*** lhcheng has quit IRC09:07
*** rk4n has joined #openstack-keystone09:08
*** jistr has joined #openstack-keystone09:14
*** fhubik has quit IRC09:24
*** fhubik has joined #openstack-keystone09:27
*** e0ne has joined #openstack-keystone09:28
*** fpatwa_ has joined #openstack-keystone09:34
henrynashstevemar: there’s a follow up patch to projects acting as domains (https://review.openstack.org/#/c/286452/1) - no functional changes, but deprecating domain driver methods…getting this in would allow us to remove this in L09:36
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods09:36
henrynashstevemar: not a bug deal if we don’t get this in, but good to get things depreacted as soon as we can09:36
samueldmqmorning keystoners09:37
*** fhubik has quit IRC09:38
*** e0ne has quit IRC09:38
henrynashsamueldmq: one thing for you to take a quick squint at: there’s a follow up patch to projects acting as domains (https://review.openstack.org/#/c/286452/1) - no functional changes, but deprecating domain driver methods…getting this in would allow us to remove this in L09:38
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods09:38
*** fpatwa_ has quit IRC09:38
samueldmqhenrynash: sure09:39
henrynashsamueldmq: thx….leaving the domain table for now, we can remove that later09:39
samueldmqhenrynash: shadow users and domains as projs still on gate ? :(09:39
henrynashsamueldmq: so shadow users failed jenkins…so has been re-submitted….09:40
henrynashsamueldmq: projs as a domain is close to merging09:40
*** rha has joined #openstack-keystone09:40
*** rha has quit IRC09:40
*** rha has joined #openstack-keystone09:40
*** roxanaghe has joined #openstack-keystone09:42
samueldmqhenrynash: nice, +2'ed 286452, looks neat09:43
henrynashsamueldmq: thx09:44
*** mylu has joined #openstack-keystone09:45
*** roxanaghe has quit IRC09:46
*** mylu has quit IRC09:50
samueldmqhenrynash: so is_domain in tokens will wait for next cycle ?09:51
henrynashsamuelmdq: I’d love to get it in….but not sure we have time09:51
samueldmqhenrynash: same to me; that would be a good step forward09:52
samueldmqhenrynash: since we have announced to others this new way to deal with domain scoped tokens09:52
samueldmq(specially horizon)09:52
*** EinstCrazy has quit IRC09:54
samueldmqhenrynash: looks like the change is trivial ? https://review.openstack.org/#/c/19733109:54
*** EinstCrazy has joined #openstack-keystone09:54
henrynashsamueldmq: yes, might try to work up a patch…but have to head out for a couple of hours09:55
henrynashsamueldmq: might get it done before I head out…hold on!10:00
samueldmqhenrynash: great, I may give another updates if needed, perhaps htruta and raildo-afk too10:01
openstackgerrithenry-nash proposed openstack/keystone: Add is_domain in token response  https://review.openstack.org/19733110:02
samueldmqhenrynash: that was quick!10:03
henrynashsamuedlmq: I thought it would need fixing up but the rebase rsolved the errors!10:04
samueldmqhenrynash: do you think it needs more tests ? like in test_v3_auth ?10:04
samueldmqhenrynash: nice10:04
henrynashsamueldmq: it may well do…take a look and feel free to add10:05
samueldmqhenrynash: sure10:05
*** henrynash has quit IRC10:05
*** e0ne has joined #openstack-keystone10:11
*** Nirupama has quit IRC10:13
*** EinstCrazy has quit IRC10:15
*** EinstCrazy has joined #openstack-keystone10:16
*** EinstCrazy has quit IRC10:21
*** GB21 has joined #openstack-keystone10:34
-openstackstatus- NOTICE: Gerrit is going to be restarted due to poor performance10:36
*** ChanServ changes topic to "Gerrit is going to be restarted due to poor performance"10:36
*** daemontool has joined #openstack-keystone10:36
*** daemontool__ has quit IRC10:40
*** ChanServ changes topic to "mitaka-3 feature freeze on FEB 29 - please prioritize reviews accordingly! | Mitaka-3: https://launchpad.net/keystone/+milestone/mitaka-3"10:42
-openstackstatus- NOTICE: gerrit finished restartign10:42
*** roxanaghe has joined #openstack-keystone10:42
*** rcarrillocruz has joined #openstack-keystone10:47
*** roxanaghe has quit IRC10:47
rcarrillocruzheya folks10:51
rcarrillocruzi'm trying to test out some ansible/shade features with keystone v310:51
rcarrillocruznot finding instructions on how to setup devstack with keystone v310:52
rcarrillocruzsaw https://review.openstack.org/#/c/274703/10:52
patchbotrcarrillocruz: patch 274703 - openstack-dev/devstack - Revert "Move default Keystone API version to v3" (MERGED)10:52
rcarrillocruzapparently there are issues10:52
rcarrillocruzhow folks do keystone v3 for their daily testing? any pointers?10:52
*** rvba` is now known as rvba10:59
*** chlong_ has joined #openstack-keystone11:01
*** mvk has quit IRC11:03
*** dims has joined #openstack-keystone11:03
*** tellesnobrega_af is now known as tellesnobrega11:08
*** mvk has joined #openstack-keystone11:20
*** rodrigods has quit IRC11:29
*** rodrigods has joined #openstack-keystone11:29
*** henrynash has joined #openstack-keystone11:31
*** ChanServ sets mode: +v henrynash11:31
*** fpatwa_ has joined #openstack-keystone11:35
*** fpatwa_ has quit IRC11:39
henrynashsamueldmq: on the is_domain token, looking at the testing, I think there is quite a lot of work….I’ll do more later today, but I think it looks too much to get in for m311:45
*** mylu has joined #openstack-keystone11:46
*** mylu has quit IRC11:51
*** Nirupama has joined #openstack-keystone11:53
*** mylu has joined #openstack-keystone11:58
*** mhickey has joined #openstack-keystone12:06
*** bjornar__ has quit IRC12:07
*** daemontool_ has joined #openstack-keystone12:07
*** pauloewerton has joined #openstack-keystone12:07
*** bjornar__ has joined #openstack-keystone12:09
*** daemontool has quit IRC12:10
openstackgerritMerged openstack/keystone-specs: Fix cascade operations documentation  https://review.openstack.org/27483612:17
*** raildo-afk is now known as raildo12:18
*** Nirupama has quit IRC12:20
*** GB21 has quit IRC12:23
*** henrynash has quit IRC12:26
*** dave-mccowan has joined #openstack-keystone12:27
*** daemontool__ has joined #openstack-keystone12:34
*** jaosorior has quit IRC12:36
*** jaosorior has joined #openstack-keystone12:37
*** daemontool_ has quit IRC12:37
*** gordc has joined #openstack-keystone12:40
openstackgerritMerged openstack/keystone: Projects acting as domains  https://review.openstack.org/23128912:41
*** roxanaghe has joined #openstack-keystone12:44
openstackgerritMerged openstack/keystone: Shadow users - Shadow federated users  https://review.openstack.org/27916212:44
*** roxanaghe has quit IRC12:48
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656512:55
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656513:01
*** dims has quit IRC13:02
*** links has quit IRC13:07
*** dims has joined #openstack-keystone13:08
*** sdake has joined #openstack-keystone13:16
*** ninag has joined #openstack-keystone13:20
*** sdake has quit IRC13:21
*** sdake has joined #openstack-keystone13:21
*** ninag has quit IRC13:22
*** ninag has joined #openstack-keystone13:22
*** mylu has quit IRC13:24
openstackgerritRaildo Mascena proposed openstack/keystone: Constraint to prevent duplicate endpoints  https://review.openstack.org/13409513:31
raildostevemar: rebased ^13:31
*** richm has joined #openstack-keystone13:36
*** fpatwa_ has joined #openstack-keystone13:36
*** mylu has joined #openstack-keystone13:36
*** fpatwa_ has quit IRC13:40
bretonraildo: is something missing in https://review.openstack.org/#/c/134095/20/keystone/tests/unit/test_sql_upgrade.py ?13:48
patchbotbreton: patch 134095 - keystone - Constraint to prevent duplicate endpoints13:48
raildobreton: I don't think so, if you make a diff, you'll see that we just change the script number in related tests on the last patches (for example https://review.openstack.org/#/c/134095/17..20/keystone/tests/unit/test_sql_upgrade.py)13:50
patchbotraildo: patch 134095 - keystone - Constraint to prevent duplicate endpoints13:50
*** sdake_ has joined #openstack-keystone13:50
bretonCONF.shadow_users.driver13:51
bretonthis thing broke me with existing config13:51
raildobreton: I ran the tests here and works, but I'll do a double check on it13:52
bretonraildo: yeah, it won't fail -- there is no test.13:52
bretonraildo: "test_endpoint_unique_constraint_fails_if_duplicates" has not assertions or any places where it could fail13:53
bretonraildo: because it doesn't even upgrade to 9513:53
*** mylu has quit IRC13:54
*** sdake has quit IRC13:54
raildobreton: I see, I'll fix this, we should expect a error when we upgrade to 9513:55
raildobreton: thanks13:55
bretoncool13:55
*** diazjf has joined #openstack-keystone13:56
*** mylu has joined #openstack-keystone14:00
openstackgerritMerged openstack/keystone: Add driver details in architecture doc  https://review.openstack.org/28080214:05
samueldmqChange 231289 has been successfully merged into the git repository by Jenkins14:05
samueldmqraildo: htruta ^14:06
samueldmqpatch 23128914:06
patchbotsamueldmq: https://review.openstack.org/#/c/231289/ - keystone - Projects acting as domains (MERGED)14:06
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656514:07
raildosamueldmq: we are the champions, my friend \o/14:07
samueldmqraildo: :)14:10
*** mylu has quit IRC14:14
*** jamie_h has joined #openstack-keystone14:15
*** petertr7_away is now known as petertr714:17
*** sdake_ is now known as sdake14:19
*** henrynash has joined #openstack-keystone14:20
*** ChanServ sets mode: +v henrynash14:20
*** jsavak has joined #openstack-keystone14:22
*** woodster_ has joined #openstack-keystone14:24
bretonraildo: http://paste.openstack.org/show/488756/ what am I doing wrong?14:24
bretonthat's on clean mysql database14:26
raildobreton: you need to set up the region_id, the constraint is enforced by service_id, region_id and interface14:26
bretonso if there is no region_id, there still can be duplicate endpoints?14:27
bretonwhat if i don't care about region, because i have only one?14:27
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552114:27
raildobreton: hum... I think so14:27
raildoI think that constraint doesn't works with none values14:28
*** henrynash has quit IRC14:29
raildobreton: if you just have one region, you can use this region to create the endpoint14:29
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552114:29
bretonraildo: ok, what if i have 0 regions? :)14:30
bretonI really don't know if it's real-life scenario14:30
amakarovdolphm, notmorgan Hi! Please take a look at the closure table patch ^^14:30
raildobreton: me nether :P14:30
raildobreton: we can ask for a core view on this point14:31
*** edmondsw has joined #openstack-keystone14:31
*** henrynash has joined #openstack-keystone14:39
*** ChanServ sets mode: +v henrynash14:39
*** EinstCrazy has joined #openstack-keystone14:39
*** d0ugal has quit IRC14:39
*** d0ugal has joined #openstack-keystone14:40
*** d0ugal has quit IRC14:40
*** mylu has joined #openstack-keystone14:41
*** d0ugal has joined #openstack-keystone14:41
*** GB21 has joined #openstack-keystone14:42
*** sdake has quit IRC14:49
*** EinstCrazy has quit IRC14:50
*** EinstCrazy has joined #openstack-keystone14:50
*** knikolla has joined #openstack-keystone14:51
*** daemontool_ has joined #openstack-keystone14:53
*** doug-fish has joined #openstack-keystone14:55
*** sdake has joined #openstack-keystone14:56
*** daemontool__ has quit IRC14:56
*** e0ne has quit IRC14:56
henrynashayoung, stevemar: see if you think it’s OK to get https://review.openstack.org/#/c/286452/ in the m314:57
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods14:57
*** edmondsw has quit IRC14:57
ayounghenrynash, just deprecate?  Probably. Will be noisy14:57
ayoungBut we have to do it at some point14:57
henrynashayoung: no…its only the driver methods…nothing calls them anymore14:57
lbragstadxek dstanek ping14:58
ayounghenrynash,  ah14:58
henrynashayoung: not going to deprecate the manager methods until next release14:58
ayounghenrynash, yeah, then that is appropriate14:58
xeklbragstad, hi14:58
lbragstadxek dstanek available to visit?14:58
*** csoukup has joined #openstack-keystone14:58
*** mylu has quit IRC14:59
ayounghenrynash, so, one thing to consider for Newton.  Everything we deprecate should go into one set of tests, and be callable with a flag that disables the deprecation warnings, so the unit tests can run clean.  All The non-deprecate tests run without that flag, and have a top tlevel check that no deprecation warnings were thrown15:00
henrynashayoung: be back on soon15:00
*** henrynash has quit IRC15:00
xeklbragstad, dstanek, dolphm, I started an etherpad https://etherpad.openstack.org/p/keystone-online-schema-migrations15:01
xekthe main thing that interests me is what cases do you think should be tested15:01
*** fawadkhaliq has joined #openstack-keystone15:02
*** mylu has joined #openstack-keystone15:02
xekI plan on working on the simplest case next week, that is upgrade the DB schema to the latest version, then run tempest from the stable version15:02
lbragstadxek not sure if you reviewed it yet but we took a bunch of notes at the mid-cycle https://etherpad.openstack.org/p/keystone-mitaka-midcycle15:02
*** spandhe has joined #openstack-keystone15:03
*** spandhe has quit IRC15:03
xeklbragstad, I'm browsing it now...15:03
lbragstadxek so you mean to upgrade the keystone database to the latest, run keystone at stable/liberty and run tempest against that?15:03
lbragstadxek most of the notes are in "Thursday PM" section15:04
xeklbragstad, yes15:04
*** mylu has quit IRC15:05
dstanekxek: I think what you had is fine, but we just were ready for it yet15:06
dstanekWeren't15:06
lbragstaddstanek and a big reason for that was shadow users, right?15:06
dstanekThere is still lots of details that need to be worked out15:06
lbragstaddstanek there were other things going in too though15:06
xekdid you decide at the meeting on which approach to take?15:07
dstaneklbragstad: yes and likely all of the project work too15:07
xek "update schema (expand), update code, convert data (migrate), prune schema (contract)" - this was my proposal15:07
dstanekxek: no15:07
lbragstadxek we didn't finalize a direction15:07
lbragstadxek we talked about each of the options15:07
lbragstadxek the interesting idea that we came up with was the PoC project15:08
xekor, to be more precise, this is what nova does15:08
dstanekxek: there are still took many details missing. Like how updates happen. Keystone first or db first? How do we do breaking changes?15:09
xekin the POC project, on which databases do you think the migrations should be tested?15:10
lbragstadxek we were thinking we'd create a really simple application that isn't openstack specific15:10
lbragstadxek and the application would have database migrations15:11
lbragstadand we could automate upgrading and downgrading the databse15:11
lbragstadand the idea would be to observe the amount of "jitter"15:11
lbragstadnoticeable through the application because of the migrations15:11
lbragstaddstanek that was the gist of it right?15:12
dstanekWe also talked about the zero downtime language and we're uncomfortable saying we could really be zero. That's one reason for the poc15:12
*** EinstCrazy has quit IRC15:12
lbragstadyeah - especially since part of it depends on the architecture15:13
xekfrom the two approaches, I see that the consensus is that the expand/contract should be done in the same release?15:13
dstaneklbragstad: exactly15:13
xekand the POC would be implemented for the two scenarios?15:14
lbragstadxek yeah that was another part of the discussion - how do we make it so that we don't have migrations that last 3 cycles15:14
lbragstadxek it could be15:14
xekhave you thought if we would use sqlalchemy with alembic or sqlalchemy migrations?15:14
xekhow far should we differentiate from current keystone implementation?15:15
dstanekxek: we have talked about moving to alembic in general15:15
dstanekxek: are you talking about the poc?15:16
xekyes15:16
dstanekGood question15:17
lbragstadI thought we mentioned just using oslo_db to interact with the database15:17
lbragstadbut I'm not sure about the migrations15:18
lbragstadiirc it sounds like sqlalchemy migrations that were very similar to what keystone has15:18
lbragstadsounded*15:18
*** sdake_ has joined #openstack-keystone15:20
dstanekxek: i'm not really sure that it matters for this particular test15:20
*** sigmavirus24_awa is now known as sigmavirus2415:20
dstanekxek: i think we'd stick with sqlalchemy-migration15:20
*** mylu has joined #openstack-keystone15:21
xeklbragstad, yes... I asked this question, because nova experimented with expand/contract migrations in one release, but later dropped it, because it included large experimental changes which didn't work15:21
lbragstadxek do you recall what the major reasons were why it didn't work?15:22
xekthey tried to generate the sql migrations online, by looking at the current db state15:22
xekand it didn't work as planned...15:23
*** sdake has quit IRC15:23
*** daemontool__ has joined #openstack-keystone15:24
xekI think doing this poc is a great idea, when do we start? :)15:24
*** mylu has quit IRC15:24
lbragstaddstanek xek so - do you think we should start this by adding the CI first or the PoC?15:25
lbragstadI think we should lean towards the PoC15:25
lbragstadfirst15:25
dstanekpoc15:25
dstaneklbragstad: i don't think we should do anything until we define the upgrade process15:25
xekI'm not sure, because if we want to copy the nova approach, which I think is already proven, than we can start with the CI15:26
lbragstadand in order to do that we need the results from the PoC15:26
xekhowever, if we want to create something new, the poc would be the starting point15:26
lbragstadbut did the nova approach work?15:26
dstanekxek: how do they do breaking changes?15:27
xeklbragstad, yes, they are following the standard of not changing the schema in non addititive way15:27
bretonalembic didn't work out because we wanted to rely on oslo_db, and oslo_db part was not ready yet15:27
xekthey also test a multinode setup with grenade15:27
lbragstadxek so they *only* ever add things15:27
*** daemontool_ has quit IRC15:28
bretonand I also heard that zzzeek wanted to add ability to run sa-m migrations in alembic. I am not sure how far that went.15:28
xekthey remove things a cycle after removing the code which uses them15:28
dstanekxek: that removal potentially causes downtime right?15:29
lbragstaddstanek yep - I think it can15:29
xekit may cause locks on the db15:29
dstanekso basically instead of doing that when a deployer gets the feature we do it the next release? what does that save us?15:30
xekthe old code may still run and use the db as if the schema didn't change15:32
dstanekxek: when is the code updated in the process of an upgrade?15:32
xekafter changing the schema15:33
dstanekxek: so how do you do a change that is not compatible? can we no longer do that ever?15:34
*** jorge_munoz has joined #openstack-keystone15:34
*** slberger has joined #openstack-keystone15:34
xekdstanek, making non compatible changes would happen in a couple of releases15:34
xekfor example:15:35
xek1. add a column in first release15:35
xekthis release uses an old column and the new column to migrate the data15:35
xek2. stop using the old column15:35
xek3. remove the column at the beginning of the third release which doesn't use it15:36
*** mylu has joined #openstack-keystone15:37
*** fpatwa_ has joined #openstack-keystone15:37
dstanekxek: that's a vey simple case, what about something like http://git.openstack.org/cgit/openstack/keystone/commit/?id=312a041862dc48b776715ccb2585d21cc479f5fb15:38
xekrelease 0+1 can run together, as well as releases 1+2, 2+315:38
dstanekor any of the project as domain work we are currently doing15:38
dstanekwhat is "0+1" referring to?15:38
*** mylu has quit IRC15:39
xekdstanek, release 0 (the old release) can run with release 1, using the schema from release 115:39
dstanekxek: that's why we aren't ready yet. too many things happening in M (and N) that violate that15:40
*** fpatwa_ has quit IRC15:41
*** mylu has joined #openstack-keystone15:42
xekdstanek, maybe the new release would not support the new feature, until a change is made in the config15:42
*** ryanpetrello has quit IRC15:43
xekafter enabling it, we would stop being backward compatible by not using the old tables15:43
*** ryanpetrello has joined #openstack-keystone15:44
dstanekxek: that's possible, but we'd have to do migrations only at that time. so there are still issues to be worked out15:44
stevemaro/15:45
dstanekstevemar: hola15:47
xekdstanek, nova does this by running migration scripts15:47
xekdstanek, the scripts can be run when convenient, outside of the schema changes15:48
dstanekxek: so they have instructions to run a particular migration if a feature is turned on?15:49
dstanekxek: will that migration ever be forced?15:49
xekI agree it is extra work15:50
xekit is checked when removing things15:50
xektypically, the migration script nulls the values or removes the old, migrated rows, and the schema migration which does a remove, checks if it is not removing any data15:51
stevemarbreton: you had me scared a little there, with your shadow users bug -- i also did the same :)15:52
breton:p15:53
*** gokrokve has joined #openstack-keystone15:54
dstanekxek: (hypothetical) release M would have included shadow users code that could read out of either the old or new database. a config option to turn on the feature would make it read out of the new tables. there would be an optional migration that runs if the config option is enabled. then in N the migration is mandatory. is that correct?15:55
xekdstanek, yes15:56
dstanekxek: how does the code know when to read from the new tables? a keystone restart?15:56
xekdstanek, correct, a restart would probably be needed to stop initializing the old sqlalchemy models15:58
*** jsavak has quit IRC15:59
xekI made a POC to demonstrate this config change here https://review.openstack.org/#/c/269693/15:59
patchbotxek: patch 269693 - keystone - POC Online Schema Migration: Add BinaryHex field15:59
*** jsavak has joined #openstack-keystone16:00
xekdstanek, the model is initialised with different fields, depending on compatibility mode16:00
*** tellesnobrega is now known as tellesnobrega_af16:02
dstanekxek: so at least at this pace we'd always be taking keystone offline to do the migrations which is what we have now. i think that's partially why morgan called the gains speculative16:02
notmorgandstanek: ++16:03
xekdstanek, we wouldn't have to kill the old application in this case16:03
dstanekxek: it wouldn't work with the new tables16:04
*** kevinbenton has quit IRC16:04
notmorganxek: i also am adamantly against "different deployments have different schemas" - it realy doesn't make sense *and* there is no guarantee that something wont add back in string vs uuid data down the line. The BinaryUUID column is not a win in flexibility or usability, and it's minor at best improvement. There are other places to improve our schema16:04
notmorganand you may have deployments locked forever in the "string" mode.16:05
notmorganwe never said the ID had to be a uuid - therefore we can't / shouldn't change that now.16:05
*** jaosorior is now known as jaosorior_away16:06
notmorgannote, i am being specific about the binary field, not online migrations in this case16:06
notmorganbut back to the thing on online migrations - we still need keystone down for the migration, it's fairly speculative improvement --16:07
xeknotmorgan, I'm showing this only to demonstrate that a "schema braking" change could be done in one release cycle, I agree that the binary field was not a good idea16:07
notmorganxek: ok cool. :)16:07
notmorganxek: yay we're on the same page then16:07
* notmorgan was't sure there.16:07
xek:)16:08
bknudsonthere's no need to get all entries with id > 'some value', so the ids should be stored as binary16:09
*** chlong_ has quit IRC16:10
xekdstanek, when working in a compatible way, the new implementation would have to place data in both, the new, and the old tables16:11
*** henrynash has joined #openstack-keystone16:11
*** ChanServ sets mode: +v henrynash16:11
henrynashayoung: were you OK with +2/A o https://review.openstack.org/#/c/286452/16:12
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods16:12
dstanekxek: that increases the risk or bugs and timeline for landing features16:12
dstanekxek: we discussed a lot of this during the mid-cycle16:12
*** e0ne has joined #openstack-keystone16:13
xekdstanek, in my poc, with the CopyColumn there is actually little new code added16:14
ayounghenrynash, yes, sorry, thought I had pushed the button on that16:14
henrynashayoung: no worries16:14
henrynashayoung: thx16:15
xekdstanek, I'm not sure if this would be the pattern for all migrations, but in this case, the old code landed under an if, and the new implementation was just "appended", so the risk of bugs is minimal16:20
*** tellesnobrega_af is now known as tellesnobrega16:20
xeklbragstad, dstanek, at the midcycle, did you maybe talk about other approaches to minimizing upgrade downtime?16:22
openstackgerritSean Dague proposed openstack/keystone: remove pyc files before running tests  https://review.openstack.org/28668716:22
lbragstadxek i think we tried but a lot of the discussion came down to data we didn't have16:22
notmorganxek: we did, the one we hit closest to was code can always handle n-1 schema, so upgrade code (everywhere), then upgrade schema16:22
henrynashbknduson: on https://review.openstack.org/#/c/286452/1 we do test the project driver interface in the test above the one being removed16:23
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods16:23
notmorganxek: but it was not more than guess work because there is a lot of data missing as lbragstad said16:23
bknudsonhenrynash: ok. the methods should still be removed from the V9 adapter16:24
notmorganxek: the other concern was if we change [for example] the username column, in the proposed model we need now user_2 table or username_2 column16:24
notmorganat what point do we have username_2334 column [contrived example]16:24
henrynashbknduson: agree with that…are you OK with that as a follow up patch (since that isn’t required to classify those methods as deprecated)?16:24
bknudsonhenrynash: a follow-up patch works for me.16:25
notmorganand that seems like a hard to manage/follow schema/maintenance headaches16:25
henrynashbknudson: ok, great, thanks for thre review16:25
*** jbell8 has joined #openstack-keystone16:25
notmorganxek: that was one of the big questions that kept coming up16:25
xekI personally wouldn't mind appending something like _v99 or _99 to a column16:26
*** belmoreira has quit IRC16:28
notmorganxek: right - as a dev, that's great. as someone who has to look at the db/manage it/work with it/wonder where data broke, it makes operator life less fun if there are 10 username columns [for whatever reason]16:29
xeknotmorgan, there should be no more than 2 versions at the same time16:30
notmorganxek: it causes index expansions, i am unsure if column drops are non-blocking16:30
notmorganxek: can't guarantee that. if you have 2 changes in a cycle that are breaking, they're two different migrations16:30
notmorganand you need to assume someone is chasing master with code16:30
*** kevinbenton has joined #openstack-keystone16:30
notmorganand migrations16:30
notmorganif it was strictly isolated to a release, i agree with you (6-mo windows)16:31
notmorganxek: i think the easiest solution and with the fewest moving parts is: code supports schema (release-1), and upgrade code everywhere then schema once code is upgraded.16:33
notmorganxek: but it still results in some blips/downtime requirements.16:33
*** fawadkhaliq has quit IRC16:33
notmorganxek: that is if we're trying to minimize downtime for upgrades. it's worth exploring, but i worry that we will add a lot of complexity for a small improvement.16:34
*** mylu has quit IRC16:35
openstackgerrithenry-nash proposed openstack/keystone: Remove unused domain driver method in legacy wrapper  https://review.openstack.org/28669916:36
xeknotmorgan, I feel that this approach is more troublesome, because each new feature would have to adhere to this, in case of upgrading the schema before upgrading the code, additive changes would stay as-is, only incompatible changes would need extra work16:37
notmorganxek: i think you're underestimating the amount of work "additive" changes are ;)16:38
*** e0ne has quit IRC16:38
bknudsonnotmorgan: deployers consider no-downtime upgrades one of their most important requirements16:39
*** e0ne has joined #openstack-keystone16:40
notmorganbknudson: i'd like to know what "no downtime" upgrade is to each deployer. i'm going to guess we'll get about as many different answers as we have deployers16:42
bknudsonI wonder if the product group ever came up with a user story?16:42
notmorganbknudson: it would be good if they did16:43
notmorganbknudson: part of the issue is there isn't a user story in a lot of cases; it's just implmented by (say nova) one of the projects16:43
*** josecastroleon has quit IRC16:43
notmorganthen there are holes/gaps/issues and we either can't do the same thing w/o horrible experience because we didn't hve a clear target to begin with16:43
notmorganor non-consistent16:44
notmorganbknudson: but meh, like i said, worth exploring.16:45
xekbknudson, notmorgan, they track it here: https://wiki.openstack.org/wiki/ProductTeam/User_Stories/Rolling_Upgrades16:45
openstackgerritSean Dague proposed openstack/keystone: remove pyc files before running tests  https://review.openstack.org/28668716:45
bknudsonxek: thank you!16:45
bknudsonI thought they'd use a git repo16:45
bknudsonhttp://specs.openstack.org/openstack/openstack-user-stories/user-stories/draft/rollingupgrades.html16:46
raildoayoung: lbragstad did you have some minutes to see my comment here? https://review.openstack.org/#/c/258650/26/keystone/token/provider.py16:46
patchbotraildo: patch 258650 - keystone - [WIP]Make fernet default token provider16:46
lbragstadraildo yeah, I can take a look in a minute16:47
raildolbragstad: thanks :D16:47
ayoungraildo, not yet16:47
ayoungraildo, need to work throug a few things first.  If lbragstad can take it, so much the better16:47
notmorganxek: ah there we go16:48
bknudsonxek: I don't think the user story they have there totally answers our questions16:48
notmorgani think the user story is a good starting place16:48
bknudsonalso it's hard to read due to not formatting correctly16:48
notmorgani also think it's really 2 specs16:48
notmorgandataplane upgrades and control plane upgrades16:48
notmorganthey're linked but one is clearly easier than the other ;)16:49
notmorgan(control plane is often easier in my experience)16:49
notmorganbknudson: ++ hard to read16:49
*** rk4n has quit IRC16:51
notmorganxek: i also have an edge case question that needs to be answered as part of this: what happens in the case of a broken schema upgrade migration, is it expected to restore from backup (this is in the add-only bit)? how about... rolling it back for $insert_reason_here?16:51
*** gokrokve has quit IRC16:52
henrynashstevemar: ping16:52
stevemarhenrynash: poke16:52
notmorganxek: just so we have an answer for folks when it comes up, not that it's a blocker or reason not to push forward16:52
henrynashstevemar: just an fyi that https://review.openstack.org/#/c/286452/ is gating…if we can get this into m3 it would be nice from a deprecations point of view, not fucntional changes, but if you had to cut m3 without it, that’s OK16:53
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods16:53
*** josecastroleon has joined #openstack-keystone16:53
henrynashstevemar: it just means we can stop supporting domain driver methods in P, rather than wait till Q16:55
xeknotmorgan, I think in case of braking the schema or braking the data migration part, the operator would need to restore from backup, but in case of code misbehaving in other ways, the operator could still use the old version on the same (upgraded) schema16:55
stevemarhenrynash: it's OK to include it in the RC period16:55
*** rcernin has quit IRC16:55
notmorganxek: thats fine, just want to mak sure we clearly outline that :)16:55
henrynashstevemar: ah, OK…wasn’t sure if we “froze” definition of teh V9 driver at m316:55
henrynashstevemar: it will merge in about an hour, anyway16:55
notmorganhenrynash: OMG YOU BROKE THE DEFINITION :)16:56
notmorganhenrynash: :P16:56
henrynashnotmorgan: spank me now16:56
notmorganhenrynash: haha16:56
*** fawadkhaliq has joined #openstack-keystone16:56
stevemarkeep it pg henrynash16:57
*** jbell8 has quit IRC16:57
*** mylu has joined #openstack-keystone16:57
*** jbell8 has joined #openstack-keystone16:57
henrynashstevemar: tmi, tmi16:58
notmorganstevemar: "pg" in the UK or "pg" in the US, or "pg" in the supr conservative area of the us?16:58
henrynashnotmorgan: I’l take “pg” in the Trump camp…gives me carte balnche to do anything16:59
notmorganhenrynash: AHAHAHAH16:59
stevemarhehe17:00
stevemarsomeone push https://review.openstack.org/#/c/286687/ please :)17:00
patchbotstevemar: patch 286687 - keystone - remove pyc files before running tests17:00
notmorganstevemar: marked https://bugs.launchpad.net/keystone/+bug/1551836 as m-3 and high prio since it has landed17:01
openstackLaunchpad bug 1551836 in Trove "CORS middleware's latent configuration options need to change" [Undecided,New]17:01
notmorganstevemar: uhm. just do it man... just do it! :P17:01
notmorganstevemar: *chants* Power of the PTL *chants*17:01
stevemarnotmorgan: there's a whole crowd of y'all here :P17:01
*** twm2016 has joined #openstack-keystone17:02
henrynashstevemar: fyi, no need to wait for https://review.openstack.org/#/c/286699/1 , it’s https://review.openstack.org/#/c/286452/1 that actually marks them as deprecated17:02
patchbothenrynash: patch 286699 - keystone - Remove unused domain driver method in legacy wrapper17:02
patchbothenrynash: patch 286452 - keystone - Deprecate domain driver interface methods17:02
notmorganstevemar: see thats where you're mistaken17:02
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Revert "Fix cascade operations documentation"  https://review.openstack.org/28671617:02
notmorganstevemar: we're all virtual constructs ... on the internet no one knows you're a dog...erm bot17:03
*** gyee has joined #openstack-keystone17:03
*** ChanServ sets mode: +v gyee17:03
*** henrynash has quit IRC17:03
*** david8hu has joined #openstack-keystone17:03
notmorganstevemar: abandoned?17:03
*** jsavak has quit IRC17:03
twm2016Hi everyone, I have fix proposed to keystone but it needs some code-reviews, it hasn't been updated in 4 days. Can someone take a look at it please? https://review.openstack.org/#/c/285393/17:04
patchbottwm2016: patch 285393 - keystone - Add validation parameter "max_name_size"17:04
*** jsavak has joined #openstack-keystone17:05
*** jistr has quit IRC17:05
notmorgantwm2016: maybe we just lift the 64 limit?17:05
notmorgantwm2016: instead of making it configurable?17:05
*** jbell8 has quit IRC17:06
notmorgantwm2016: i'm fine with either, but this feels like a case where config might be overkill and not super useful.17:06
*** mylu has quit IRC17:06
notmorgantwm2016: basically, i am asking if config is really needed. because if config is needed, we're reallllly pushing the limits on freeze17:07
twm2016@notmorgan: I'm glad you're okay with it. I was addressing what the bugs says that the db schema is 255.17:07
*** pcaruana has quit IRC17:07
notmorganstevemar: ^ cc17:07
notmorgantwm2016: right. so an alternative would just make the validation 255 vs. config :) still addresses the bug.17:07
*** jorge_munoz has quit IRC17:08
twm2016@notmorgan: So you're suggesting to not use conf and set 255 in the condition?  like if len(username) > 255:17:11
notmorgantwm2016: pretty much no need to use conf. lets ask stevemar, i'll move to a +2 w/ the config depending on his view17:11
notmorgantwm2016: i +1'd it and commented on the review17:11
*** dan_nguyen has joined #openstack-keystone17:11
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Revert "Fix cascade operations documentation"  https://review.openstack.org/28671617:12
openstackgerritSteve Martinelli proposed openstack/keystone-specs: Revert "Fix cascade operations documentation"  https://review.openstack.org/28671617:13
notmorganstevemar: also https://review.openstack.org/#/c/277198/ do you want me to push that forward? cause... it's bad but there is no good option until oslo.cache has a .set_defaults17:14
patchbotnotmorgan: patch 277198 - keystone - Default caching to on for request-local caching.17:14
*** GB21 has quit IRC17:15
stevemarnotmorgan: eww umm17:15
*** mylu has joined #openstack-keystone17:15
*** dims_ has joined #openstack-keystone17:17
*** dims has quit IRC17:19
notmorganyeah, right?17:20
*** timcline has joined #openstack-keystone17:20
notmorganstevemar: anyway..17:21
openstackgerritMorgan Fainberg proposed openstack/keystone: Default caching to on for request-local caching.  https://review.openstack.org/27719817:21
*** josecastroleon has quit IRC17:23
openstackgerritRaildo Mascena proposed openstack/keystone: Constraint to prevent duplicate endpoints  https://review.openstack.org/13409517:26
*** mylu has quit IRC17:27
*** notmorgan is now known as morgan17:28
stevemaras soon as 285152 merges, i'll be tagging mitaka-317:29
*** rk4n has joined #openstack-keystone17:30
morganstevemar: look at the validation (username) patch^17:31
morganstevemar: config or no config.17:31
openstackgerritAlexander Makarov proposed openstack/keystone: Closure table for HMT  https://review.openstack.org/28552117:34
*** jbell8 has joined #openstack-keystone17:34
*** GB21 has joined #openstack-keystone17:35
*** fpatwa_ has joined #openstack-keystone17:38
*** StefanPaetowJisc has joined #openstack-keystone17:39
*** mhickey has quit IRC17:40
*** petertr7 is now known as petertr7_away17:41
*** lhcheng has joined #openstack-keystone17:42
*** ChanServ sets mode: +v lhcheng17:42
*** fpatwa_ has quit IRC17:42
*** nkinder has joined #openstack-keystone17:44
*** fhubik has joined #openstack-keystone17:47
*** jsavak has quit IRC17:47
*** jsavak has joined #openstack-keystone17:48
StefanPaetowJiscHi stevemar, we briefly spoke on here the week before last during the Openstack meetup in Manchester... Just FYI - I'll try to join the meeting this week but that's contingent on my mobile signal remaining consistent.17:49
*** rk4n has quit IRC17:50
*** StefanPaetowJisc has quit IRC17:50
*** rk4n has joined #openstack-keystone17:50
*** fhubik has quit IRC17:51
*** StefanPaetowJisc has joined #openstack-keystone17:51
*** sdake_ has quit IRC17:51
*** henrynash has joined #openstack-keystone17:51
*** ChanServ sets mode: +v henrynash17:51
*** nkinder has quit IRC17:53
*** roxanaghe has joined #openstack-keystone17:53
*** shaleh has joined #openstack-keystone17:57
*** tsymanczyk has joined #openstack-keystone18:00
stevemarpoke for ajayaa, amakarov, ayoung, breton, browne, davechen, david8hu, dolphm, dstanek, edmondsw, ericksonsantos, geoffarnold, gyee, henrynash, hogepodge, htruta, jamielennox, joesavak, lbragstad, lhcheng, marekd, morganfainberg, nkinder, raildo, rodrigods, roxanaghe, samueldmq, shaleh, stevemar, tsymanczyk, topol, vivekd, wanghong, claudiub, rderose, samleon, xek, MaxPC, tjcocozz, jorge_munoz << KEYSTONE MEETING!18:01
*** StefanPaetowJi-1 has joined #openstack-keystone18:01
*** rderose has joined #openstack-keystone18:01
*** jsavak has quit IRC18:02
*** jsavak has joined #openstack-keystone18:03
*** timcline has quit IRC18:04
*** timcline has joined #openstack-keystone18:05
*** StefanPaetowJisc has quit IRC18:05
*** StefanPaetowJi-1 is now known as StefanPaetowJisc18:05
*** e0ne has quit IRC18:08
*** timcline has quit IRC18:10
*** GB21 has quit IRC18:11
*** jed56 has quit IRC18:13
*** openstackgerrit has quit IRC18:18
*** openstackgerrit has joined #openstack-keystone18:18
*** spandhe has joined #openstack-keystone18:18
*** twm2016 has quit IRC18:21
*** haneef has joined #openstack-keystone18:26
*** serverascode has quit IRC18:26
*** zhiyan has quit IRC18:27
*** blogan_ is now known as blogan18:27
*** zhiyan has joined #openstack-keystone18:28
*** permalac has quit IRC18:31
*** jaosorior_away is now known as jaosorior18:31
*** serverascode has joined #openstack-keystone18:32
*** permalac has joined #openstack-keystone18:34
*** permalac has quit IRC18:34
*** jorge_munoz has joined #openstack-keystone18:36
*** petertr7_away is now known as petertr718:37
*** StefanPaetowJisc has quit IRC18:39
*** StefanPaetowJisc has joined #openstack-keystone18:40
raildoayoung: i had the same error db type could not be determined18:44
bknudsontox is overkill for running one test, just do .tox/py34/bin/python -m unittest18:44
raildobknudson: thanks :)18:45
*** dims has joined #openstack-keystone18:45
*** petertr7 is now known as petertr7_away18:50
*** wolsen has quit IRC18:50
*** dims_ has quit IRC18:52
*** knikolla has quit IRC18:52
*** BAKfr has quit IRC18:52
*** afazekas has quit IRC18:52
*** john5223 has quit IRC18:52
*** SpamapS has quit IRC18:54
*** openstack has joined #openstack-keystone19:08
*** openstack has joined #openstack-keystone19:09
ayoungstevemar, I think you jumped the gun on https://review.openstack.org/#/c/286687/319:12
patchbotayoung: patch 286687 - keystone - remove pyc files before running tests19:12
*** phalmos has quit IRC19:12
ayoungthat kills all the pyc files in the venv, too19:12
bknudsonayoung: why is it a problem to remove the pyc files from the venv?19:12
ayoungbknudson, its just not the intention of the patch.19:12
ayoungthere is a hell of a lot more to regen including files that have nothing to do with keystone that way19:12
*** openstack has joined #openstack-keystone19:14
ayoungbknudson, take a look19:14
dstanek++ to only in keystone19:15
bknudsonayoung: you only changed py34, not all of them19:16
ayoungah...19:16
ayoungthat was the one I was working on..you are rigjht19:16
*** SpamapS has joined #openstack-keystone19:16
ayoungbknudson, changing now...19:16
ayoungand testing19:16
bknudsonthanks19:16
*** openstackstatus has joined #openstack-keystone19:17
*** ChanServ sets mode: +v openstackstatus19:17
bknudsonthere's openstackstatus19:17
*** openstackgerrit has joined #openstack-keystone19:19
*** fangxu has joined #openstack-keystone19:20
*** mylu has joined #openstack-keystone19:23
*** petertr7 is now known as petertr7_away19:25
*** errr has quit IRC19:25
*** smurke_ has quit IRC19:25
*** sudorandom has quit IRC19:25
*** navidp has quit IRC19:25
*** odyssey4me has quit IRC19:25
*** briancurtin has quit IRC19:25
*** ctracey has quit IRC19:25
*** johnthetubaguy has quit IRC19:25
*** petertr7_away is now known as petertr719:28
*** StefanPaetowJisc has quit IRC19:30
*** errr has joined #openstack-keystone19:31
*** smurke_ has joined #openstack-keystone19:31
*** sudorandom has joined #openstack-keystone19:31
*** navidp has joined #openstack-keystone19:31
*** odyssey4me has joined #openstack-keystone19:31
*** briancurtin has joined #openstack-keystone19:31
*** ctracey has joined #openstack-keystone19:31
*** johnthetubaguy has joined #openstack-keystone19:31
*** jrist has quit IRC19:31
bknudsonstevemar: is there still an oauth plugin in keystoneauth?19:31
bknudsonstevemar: http://docs.openstack.org/developer/keystoneauth/authentication-plugins.html#v3-oauth-1-0a-plugins references an OAuth plugin but there isn't one (the link doesn't work)19:32
stevemarbknudson: there should be19:33
*** StefanPaetowJisc has joined #openstack-keystone19:35
bknudsonI can't find it19:36
*** sigmavirus24 is now known as sigmavirus24_awa19:37
*** StefanPaetowJisc has quit IRC19:37
*** StefanPaetowJisc has joined #openstack-keystone19:38
*** fpatwa_ has joined #openstack-keystone19:38
*** fpatwa_ has quit IRC19:43
*** david_cu has joined #openstack-keystone19:45
openstackgerritguang-yee proposed openstack/keystone: Return 404 instead of 401 for tokens w/o roles  https://review.openstack.org/27743619:47
openstackgerritguang-yee proposed openstack/keystone: Return 404 instead of 401 for tokens w/o roles  https://review.openstack.org/27743619:48
*** gyee has quit IRC19:48
*** spandhe has quit IRC19:50
*** sigmavirus24_awa is now known as sigmavirus2419:52
*** spandhe has joined #openstack-keystone19:52
*** StefanPaetowJisc has quit IRC19:55
*** jrist has joined #openstack-keystone19:55
*** josecastroleon has joined #openstack-keystone19:58
*** david-lyle has quit IRC19:59
stevemarbknudson: gdi20:01
*** sdake has quit IRC20:05
*** daemontool__ has joined #openstack-keystone20:05
*** jsavak has quit IRC20:07
*** jsavak has joined #openstack-keystone20:08
*** henrynash has quit IRC20:08
*** daemontool_ has quit IRC20:09
openstackgerritSam Leong proposed openstack/keystoneauth: Auth plugin for X.509 tokenless authz  https://review.openstack.org/28390520:09
*** david-lyle has joined #openstack-keystone20:09
*** gokrokve has joined #openstack-keystone20:12
*** fangxu has quit IRC20:12
*** jaosorior has quit IRC20:12
bknudsonstevemar: where did it go?20:13
*** mylu has quit IRC20:15
openstackgerritBrant Knudson proposed openstack/keystoneauth: Update test run instructions  https://review.openstack.org/28681320:16
openstackgerritBrant Knudson proposed openstack/keystoneauth: Fix exported symbol in identity.v3  https://review.openstack.org/28681420:16
openstackgerritBrant Knudson proposed openstack/keystoneauth: Editorial nits for docs  https://review.openstack.org/28681520:16
openstackgerritBrant Knudson proposed openstack/keystoneauth: Improve usability of docs  https://review.openstack.org/28681620:16
*** sdake has joined #openstack-keystone20:16
*** jorge_munoz has quit IRC20:17
*** mylu has joined #openstack-keystone20:17
*** jasonsb has quit IRC20:18
*** jbell8 has joined #openstack-keystone20:22
openstackgerritLance Bragstad proposed openstack/keystone: Return 404 instead of 401 for tokens w/o roles  https://review.openstack.org/27743620:23
lbragstadraildo new patch ^20:24
*** jorge_munoz has joined #openstack-keystone20:26
*** josecastroleon has quit IRC20:27
*** sdake has quit IRC20:31
openstackgerritBrant Knudson proposed openstack/keystoneauth: Add links to federation plugins  https://review.openstack.org/28682420:33
openstackgerritBrant Knudson proposed openstack/keystoneauth: Remove unavailable parameter  https://review.openstack.org/28682520:34
openstackgerritBrant Knudson proposed openstack/keystoneauth: Generate FederationBaseAuth constructor parameters  https://review.openstack.org/28682620:34
*** phalmos has quit IRC20:34
lbragstadstevemar do we have restrictions on config option changes wrt m-3's deadline? https://review.openstack.org/#/c/285393/220:34
patchbotlbragstad: patch 285393 - keystone - Add validation parameter "max_name_size"20:34
openstackgerritBrant Knudson proposed openstack/keystoneauth: Generate FederationBaseAuth constructor parameters  https://review.openstack.org/28682620:34
openstackgerritBrant Knudson proposed openstack/keystoneauth: Remove unavailable parameter  https://review.openstack.org/28682520:34
openstackgerritBrant Knudson proposed openstack/keystoneauth: Add links to federation plugins  https://review.openstack.org/28682420:35
openstackgerritBrant Knudson proposed openstack/keystoneauth: Improve usability of docs  https://review.openstack.org/28681620:35
openstackgerritBrant Knudson proposed openstack/keystoneauth: Editorial nits for docs  https://review.openstack.org/28681520:35
openstackgerritBrant Knudson proposed openstack/keystoneauth: Fix exported symbol in identity.v3  https://review.openstack.org/28681420:35
*** jsavak has quit IRC20:35
raildostevemar: ping, on https://review.openstack.org/#/c/134095/ if region_id is none, there still can be duplicate endpoints. Is that OK?20:36
patchbotraildo: patch 134095 - keystone - Constraint to prevent duplicate endpoints20:36
*** e0ne has joined #openstack-keystone20:38
*** alejandrito has joined #openstack-keystone20:38
raildostevemar: since the constraint is a combination of service_id, region_id and interface20:38
*** mylu has quit IRC20:39
*** sdake has joined #openstack-keystone20:43
*** pcaruana has joined #openstack-keystone20:44
*** jamielennox|away is now known as jamielennox20:45
*** roxanaghe has quit IRC20:45
lbragstaddoes anyone else get this when running tests locally - http://cdn.pasteraw.com/7w6v7eavvyrqmltcuseh63f6wf68v7j ?20:46
*** jamie_h has quit IRC20:46
*** e0ne has quit IRC20:47
stevemarbknudson: not sure if it ever made the move!20:47
*** jsavak has joined #openstack-keystone20:48
raildolbragstad: https://bugs.launchpad.net/keystone/+bug/155175120:48
openstackLaunchpad bug 1551751 in OpenStack Identity (keystone) "shadow users break on old config" [Undecided,Invalid]20:48
stevemarlbragstad: you betcha - we lived with bug 1279750 for many releases, we can live with it for another release20:48
openstackbug 1279750 in OpenStack Identity (keystone) "username validation 64 chars but can be 255 in database" [Low,In progress] https://launchpad.net/bugs/1279750 - Assigned to Trevor McCasland (twm2016)20:48
openstackgerritMerged openstack/keystone: Deprecate domain driver interface methods  https://review.openstack.org/28645220:49
*** gyee has joined #openstack-keystone20:50
*** ChanServ sets mode: +v gyee20:50
ayounglbragstad, yes20:50
ayounglbragstad, I rebuilt the venv20:50
lbragstadah20:51
lbragstadayoung raildo thanks20:52
raildonp20:52
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656520:52
*** e0ne has joined #openstack-keystone20:55
*** sdake has quit IRC20:56
*** sigmavirus24 is now known as sigmavirus24_awa20:58
*** sigmavirus24_awa is now known as sigmavirus2420:58
*** e0ne has quit IRC20:59
*** sdake has joined #openstack-keystone20:59
*** fangxu has joined #openstack-keystone21:00
*** jsavak has quit IRC21:04
*** raildo is now known as raildo-afk21:07
*** david-lyle has quit IRC21:08
*** david-lyle has joined #openstack-keystone21:17
*** mylu has joined #openstack-keystone21:20
*** pauloewerton has quit IRC21:25
*** phalmos has joined #openstack-keystone21:28
*** dims_ has joined #openstack-keystone21:31
*** jorge_munoz has quit IRC21:33
*** dims has quit IRC21:33
*** jbell8 has quit IRC21:35
*** fpatwa_ has joined #openstack-keystone21:39
openstackgerritTrevor McCasland proposed openstack/keystone: Change validation parameter max_param_size  https://review.openstack.org/28685221:43
*** fpatwa_ has quit IRC21:44
openstackgerritBrant Knudson proposed openstack/keystone: Stop using oslotest.BaseTestCase  https://review.openstack.org/28157921:44
*** jbell8 has joined #openstack-keystone21:46
*** petertr7 is now known as petertr7_away21:53
*** fawadkhaliq has quit IRC21:54
openstackgerritMerged openstack/keystoneauth: Fix typos and improve formatting in migrating.rst  https://review.openstack.org/28601821:57
*** pcaruana has quit IRC22:01
*** phalmos has quit IRC22:02
*** jbell8 has quit IRC22:02
*** dims_ has quit IRC22:02
*** fawadkhaliq has joined #openstack-keystone22:04
*** knikolla has quit IRC22:04
*** phalmos has joined #openstack-keystone22:06
openstackgerritMerged openstack/keystone: Fix the migration issue for the user doesn't have a password  https://review.openstack.org/28515222:09
*** petertr7_away is now known as petertr722:10
*** dims has joined #openstack-keystone22:10
*** rk4n has quit IRC22:11
openstackgerritBrant Knudson proposed openstack/keystone-specs: WIP - Swagger definition  https://review.openstack.org/28686522:12
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/28656522:12
*** jorge_munoz has joined #openstack-keystone22:18
*** alejandrito has quit IRC22:18
openstackgerritSteve Martinelli proposed openstack/keystone: remove pyc files before running tests  https://review.openstack.org/28668722:20
*** petertr7 is now known as petertr7_away22:20
*** timcline has joined #openstack-keystone22:23
*** josecastroleon has joined #openstack-keystone22:24
*** mvk has joined #openstack-keystone22:26
*** phalmos has quit IRC22:27
*** henrynash has joined #openstack-keystone22:27
*** ChanServ sets mode: +v henrynash22:27
*** phalmos has joined #openstack-keystone22:27
*** david-lyle has quit IRC22:29
*** tsymanczyk has quit IRC22:31
stevemarbknudson: proposed a release22:34
bknudsonstevemar: of what?22:34
stevemarbknudson: of keystone!22:35
stevemarhttps://review.openstack.org/#/c/286866/22:35
patchbotstevemar: patch 286866 - releases - release keystone mitaka-322:35
bknudsonstevemar: is keystone ready for a release?22:35
bknudsonis the world ready for a keystone release?22:35
stevemarbknudson: what else needs to land?22:35
stevemarbknudson: i think we both know that the world can't handle us22:35
bknudsonstevemar: are we the first?22:36
bknudsonwe strive to be first to release22:36
stevemarbknudson: i think so22:36
bknudsonwhat do you think about dropping keystoneclient and switching to a client generated from swagger?22:37
stevemarsounds interesting, i saw the patch...22:37
stevemari need to read up on it22:37
stevemargot any sources?22:38
bknudsonstevemar: if you take https://review.openstack.org/286865 and put the swagger.yaml into http://editor.swagger.io/#/ there's a button to generate client22:38
stevemarbknudson: nice22:40
jamielennoxdo we have consensus on swagger?22:41
jamielennoxif we can plug keystoneauth into it i'd love to ditch the clients22:41
bknudsonthe docs team is working on switching from the wadls to swagger22:41
bknudsonusing a tool called fairyslipper (that I think they developed)22:41
stevemari was just gonna ask how this ties into fairyslipper22:41
bknudsonI doubt that the swagger it generates is going to be adequate for keystone since our wadls are so crappy22:41
bknudsonI did take a quick look at fairyslipper but didn't figure out how to run it... I think it's a web service22:42
* jamielennox feels like we've had this conversation before22:44
bknudsondeja vu all over again22:44
jamielennoxthe generated client isn't too bad22:44
stevemarbknudson: nice, built in v2 and v3 python support]22:45
jamielennoxhowever given the investment in keystoneauth etc, what would be really interesting is writing our own codegen or figuring out how to plug into theirs22:45
bknudsonfrom what I saw you can customize the code generator (it's java :( )22:46
*** spzala has joined #openstack-keystone22:46
bknudsonthe important thing in the generated client is to be able to take a requests session... should be good from there22:47
jamielennoxwait - java22:47
jamielennoxbknudson: generated client i'm seeing is urllib322:48
bknudsonjamielennox: https://github.com/swagger-api/swagger-codegen#customizing-the-generator22:48
jamielennoxbknudson: yea, looking at that now22:48
stevemarbknudson: jamielennox i'd like to see the APIs/specs use swagger22:50
*** mylu has quit IRC22:50
bknudsonit's going to be a lot of work to switch over we've got like 200 apis22:51
bknudsonmight be able to automate some of it22:51
jamielennoxbknudson: that's super interesting, i think we could do a bunch of this with just templates22:53
*** spzala has quit IRC22:54
* jamielennox looks at job list 22:54
*** josecastroleon has quit IRC22:54
bknudsonyou can put references in the swagger so you don't have to duplicate everything already22:54
bknudsoni'll try it on the sample swagger doc for users22:55
jamielennoxstevemar, bknudson: re- https://review.openstack.org/#/c/285102/ does default region name make sense there?22:55
patchbotjamielennox: patch 285102 - keystone - Add identity endpoint creation to bootstrap22:55
bknudsonjamielennox: is it RegionOne?22:55
*** diazjf has quit IRC22:55
jamielennoxbknudson: i left it unset - should it be?22:55
*** dims has quit IRC22:55
*** timcline has quit IRC22:56
bknudsonjamielennox: I'm not the right person to answer this. I have no idea what regions are. Maybe gyee ?22:57
bknudsonI thought region was required, and devstack always set RegionOne for some reason22:57
jamielennoxbknudson: i know we default to RegionOne in some places22:57
jamielennoxand i think it might set None which is not good22:57
*** mylu has joined #openstack-keystone22:58
*** slberger has left #openstack-keystone22:58
*** josecastroleon has joined #openstack-keystone22:59
stevemarjamielennox: want to kick off the rest of bknudson's doc changes: https://review.openstack.org/#/q/project:openstack/keystoneauth23:00
bknudsonwe'll need to know if no-region-id is required for service catalog NG23:00
*** david-lyle has joined #openstack-keystone23:00
*** dims has joined #openstack-keystone23:00
jamielennoxstevemar: i did a few, then i stopped getting the option of voting23:01
jamielennoxstevemar: thought gerrit had finally disowned me23:01
stevemarjamielennox: no no, bknudson is just a noob at rebasing23:01
stevemarjamielennox: they are all there though23:01
jamielennoxstevemar: for you: https://review.openstack.org/#/c/286814/23:01
patchbotjamielennox: patch 286814 - keystoneauth - Fix exported symbol in identity.v323:02
gyeebknudson, jamielennox, afaik, region is optional in SC23:04
dstanekbknudson: how are you getting https://review.openstack.org/#/c/280671/1/keystone/tests/unit/common/test_notifications.py to fail?23:05
patchbotdstanek: patch 280671 - keystone - Enables the notification tests in py323:05
gyeeif we want to maintain the position of "all services in SC must be authenticated by a single Keystone" then region is merely a collection of services23:06
*** ianw has quit IRC23:07
gyeeif not, it would become a more profound conversation :-)23:07
stevemarnice catch jamielennox23:07
*** doug-fis_ has joined #openstack-keystone23:09
*** doug-fis_ has quit IRC23:09
*** doug-fis_ has joined #openstack-keystone23:09
*** doug-fish has quit IRC23:13
*** chlong_ has joined #openstack-keystone23:13
*** doug-fis_ has quit IRC23:14
dstanekok, i'm sick of capstone :-) need to do more keystone stuff before i burn out23:15
gyeecapstone!23:15
stevemardstanek: stop working on capstone, whatever the heck that is23:15
gyeestevemar, we need to put a franchise tag on dstanek23:16
*** Ephur has joined #openstack-keystone23:16
*** sheel has quit IRC23:17
stevemargyee: we should give him a contract that makes him exclusively work for us23:17
gyee++23:17
*** rk4n has joined #openstack-keystone23:21
gyeestevemar, dstanek, https://etherpad.openstack.org/p/OpenStack-Bug-Smash-Mitaka-BayArea23:23
gyeeSean and I are plan on to be there, for one day at least23:23
gyeenot sure if you guys have anything higher priority besides Mitaka RC bugs23:24
stevemarffs, why does our test templated_catalog have IDs, but not our shipped one23:27
*** josecastroleon has quit IRC23:29
*** jorge_munoz has quit IRC23:29
*** spandhe has quit IRC23:30
*** spandhe has joined #openstack-keystone23:33
*** darrenc is now known as darrenc_afk23:33
dstanekstevemar: it keeps you guessing23:35
dstanekgyee: we're almost out of bugs to smash!23:36
gyeedstanek, in that case, we'll just show up and party :-)23:37
*** ChanServ sets mode: +o stevemar23:38
dstanekgyee: i'm hoping that by next week we can be under 150 open23:39
*** fpatwa_ has joined #openstack-keystone23:40
*** david-lyle has quit IRC23:41
*** shaleh has quit IRC23:41
gyeeonly 150? not bad23:41
*** fpatwa_ has quit IRC23:45
dstanekgyee: oops. i mean under 125. we're already under 15023:46
*** doug-fish has joined #openstack-keystone23:46
*** sdake has quit IRC23:47
*** doug-fish has quit IRC23:47
lbragstaddstanek that's awesome23:48
*** mylu has quit IRC23:49
*** darrenc_afk is now known as darrenc23:50
*** mylu has joined #openstack-keystone23:51
gyeedstanek, you make that bug dashboard look good :-)23:52
*** gordc has quit IRC23:53
dstanekgyee: not i, there's lots of people working on it23:53
*** csoukup has quit IRC23:54
*** mylu has quit IRC23:55
gyeedstanek, https://review.openstack.org/#/c/281086/1/keystoneauth1/identity/v3/totp.py, I am trying to understand your suggestion23:55
patchbotgyee: patch 281086 - keystoneauth - Support TOTP auth plugin23:55
gyeedstanek, you mean don't subclass base.AuthConstructor?23:56
dstanekgyee: yeah, isn't that for supporting the old way to create a session?23:58
gyeedstanek, that's not a session though23:59
*** mylu has joined #openstack-keystone23:59
« Monday, 2016-02-29 Index Wednesday, 2016-03-02 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!