Monday, 2016-03-21

« Sunday, 2016-03-20 Index Tuesday, 2016-03-22 »
*** itlinux has quit IRC00:01
*** superdan is now known as dansmith00:08
*** mylu has joined #openstack-keystone00:12
*** sdake has quit IRC00:24
*** itlinux has joined #openstack-keystone00:25
*** itlinux has quit IRC00:28
*** spzala has joined #openstack-keystone00:28
*** sdake has joined #openstack-keystone00:29
*** mylu has quit IRC00:34
*** roxanaghe has quit IRC00:39
*** mylu has joined #openstack-keystone00:46
*** EinstCrazy has joined #openstack-keystone01:19
*** jbell8 has quit IRC01:22
*** mylu has quit IRC01:25
*** mylu has joined #openstack-keystone01:27
*** itlinux has joined #openstack-keystone01:27
*** spzala has quit IRC01:29
*** itlinux has quit IRC01:36
*** sdake has quit IRC01:36
*** itlinux has joined #openstack-keystone01:37
*** itlinux has quit IRC01:40
*** EinstCra_ has joined #openstack-keystone01:48
*** EinstCrazy has quit IRC01:50
*** EinstCrazy has joined #openstack-keystone02:00
*** EinstCra_ has quit IRC02:03
*** furface has quit IRC02:06
*** itlinux has joined #openstack-keystone02:12
*** itlinux has quit IRC02:13
*** itlinux has joined #openstack-keystone02:17
*** itlinux has quit IRC02:21
*** spzala has joined #openstack-keystone02:29
*** itlinux has joined #openstack-keystone02:29
*** itlinux has quit IRC02:31
*** spzala has quit IRC02:35
*** furface has joined #openstack-keystone02:43
*** dan_nguyen has joined #openstack-keystone02:44
*** itlinux has joined #openstack-keystone03:17
*** mylu has quit IRC03:26
*** dave-mccowan has quit IRC03:27
*** jbell8 has joined #openstack-keystone03:28
*** spzala has joined #openstack-keystone03:31
*** itlinux has quit IRC03:34
*** spzala has quit IRC03:37
*** mylu has joined #openstack-keystone03:45
*** jbell8 has quit IRC03:45
*** furface has quit IRC04:01
*** links has joined #openstack-keystone04:03
*** roxanaghe has joined #openstack-keystone04:25
*** spzala has joined #openstack-keystone04:33
*** roxanaghe has quit IRC04:38
*** spzala has quit IRC04:38
*** dan_nguyen has quit IRC04:47
*** dan_nguyen has joined #openstack-keystone04:47
*** roxanaghe has joined #openstack-keystone04:51
*** mylu has quit IRC04:53
*** real56 has joined #openstack-keystone04:53
*** dan_nguyen has quit IRC04:57
*** EinstCra_ has joined #openstack-keystone04:57
*** EinstCrazy has quit IRC04:59
*** furface has joined #openstack-keystone05:04
*** real56 has quit IRC05:05
*** _fortis has joined #openstack-keystone05:17
*** sdake has joined #openstack-keystone05:29
*** spzala has joined #openstack-keystone05:34
*** sdake has quit IRC05:38
*** spzala has quit IRC05:38
*** roxanaghe has quit IRC05:39
*** roxanaghe has joined #openstack-keystone05:41
*** sdake has joined #openstack-keystone05:41
*** roxanaghe has quit IRC05:45
*** GB21 has joined #openstack-keystone05:51
*** LZ has joined #openstack-keystone05:52
*** sdake has quit IRC05:55
*** pcaruana has quit IRC06:02
*** jaosorior has joined #openstack-keystone06:06
*** jaosorior has quit IRC06:07
*** jaosorior has joined #openstack-keystone06:08
*** mvk_ has joined #openstack-keystone06:09
*** mvk has quit IRC06:12
*** openstackgerrit has quit IRC06:17
*** openstackgerrit_ is now known as openstackgerrit06:17
*** openstackgerrit_ has joined #openstack-keystone06:18
*** openstackgerrit_ is now known as openstackgerrit06:18
*** openstackgerrit_ has joined #openstack-keystone06:19
*** rcernin has joined #openstack-keystone06:20
*** spzala has joined #openstack-keystone06:34
*** spzala has quit IRC06:39
*** roxanaghe has joined #openstack-keystone06:42
*** roxanaghe has quit IRC06:47
*** spzala has joined #openstack-keystone07:35
*** jbell8 has joined #openstack-keystone07:38
*** jbell8 has quit IRC07:39
*** spzala has quit IRC07:40
*** Nirupama has joined #openstack-keystone07:42
*** GB21 has quit IRC07:45
*** daemontool has joined #openstack-keystone07:50
*** tesseract has joined #openstack-keystone07:50
*** tesseract is now known as Guest944107:51
*** GB21 has joined #openstack-keystone08:25
*** roxanaghe has joined #openstack-keystone08:30
*** roxanaghe has quit IRC08:34
*** spzala has joined #openstack-keystone08:36
*** permalac has joined #openstack-keystone08:40
*** spzala has quit IRC08:41
*** daemontool has quit IRC08:55
*** bjornar has joined #openstack-keystone08:56
*** sheel has joined #openstack-keystone08:59
*** LZ has quit IRC09:01
*** henrynash has quit IRC09:02
*** daemontool has joined #openstack-keystone09:04
*** permalac has quit IRC09:05
*** permalac has joined #openstack-keystone09:05
*** LZ has joined #openstack-keystone09:12
*** naresht has joined #openstack-keystone09:12
*** mvk_ has quit IRC09:19
nareshtIdentity API version 2 will support federation ?09:20
nareshtI am new to Openstack09:20
*** gsilvis has quit IRC09:23
*** gsilvis has joined #openstack-keystone09:23
marekdnaresht: hi, no, it won't09:26
marekdin general Identity API v2 is slowly going to be removed so I'd consider switching to V309:26
*** henrynash has joined #openstack-keystone09:26
*** ChanServ sets mode: +v henrynash09:26
*** permalac has quit IRC09:26
nareshtThank you +marekd09:28
nareshtHow to update to V3 from V209:29
marekdnaresht: well, you probably have V3 already enabled (depending on version of OpenStack you have).09:29
marekdnaresht: now, just make your clients start speaing v309:29
*** rk4n has joined #openstack-keystone09:32
*** spzala has joined #openstack-keystone09:37
*** spzala has quit IRC09:41
nareshtI'm trying Keysonte as an IdP. following this link http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo/. We are getting below errors http://paste.openstack.org/show/491230/. How can I generate certs ?. Could you please help me ?09:45
*** mvk_ has joined #openstack-keystone09:51
*** chaitu has joined #openstack-keystone09:52
*** e0ne has joined #openstack-keystone09:52
marekdnaresht: i recommend also reading this: http://docs.openstack.org/developer/keystone/configure_federation.html#keystone-as-an-identity-provider-idp09:53
marekdnaresht: see if /etc/keystone/ssl/certs/ has .pem files09:53
marekdif so you should be good to use them.09:53
*** rk4n has quit IRC10:01
*** rk4n has joined #openstack-keystone10:02
naresht+marekd; I'm sorry. We didn't find any .pem files and I need to create them. How could I do ?10:07
marekdhttp://docs.openstack.org/developer/keystone/configuration.html#certificates-for-pki10:08
*** GB21 has quit IRC10:12
*** jaosorior has quit IRC10:15
*** jaosorior has joined #openstack-keystone10:15
*** roxanaghe has joined #openstack-keystone10:18
*** roxanaghe has quit IRC10:22
*** EinstCra_ has quit IRC10:27
*** naresht has quit IRC10:31
*** agrebennikov has joined #openstack-keystone10:32
*** agrebennikov has quit IRC10:37
*** spzala has joined #openstack-keystone10:37
*** spzala has quit IRC10:42
*** LZ has quit IRC10:43
*** LZ has joined #openstack-keystone10:43
*** tellesnobrega is now known as tellesnobrega_af10:46
*** tellesnobrega_af is now known as tellesnobrega10:49
*** dims has joined #openstack-keystone10:49
*** naresht has joined #openstack-keystone10:50
naresht+marekd; Thanks. We generated those .pem files. Now I'm getting error http://paste.openstack.org/show/491236/. Could you please look at it once ?10:50
*** henrynash has quit IRC10:53
openstackgerritKonstantin Maximov proposed openstack/keystone: Add test for domains list filtering and limiting  https://review.openstack.org/20745611:12
*** GB21 has joined #openstack-keystone11:19
*** tellesnobrega is now known as tellesnobrega_af11:20
*** tellesnobrega_af is now known as tellesnobrega11:21
*** edmondsw has joined #openstack-keystone11:27
*** spzala has joined #openstack-keystone11:38
*** spzala has quit IRC11:43
*** dave-mccowan has joined #openstack-keystone11:47
*** gordc has joined #openstack-keystone11:47
*** spzala has joined #openstack-keystone11:53
*** trown|PTO is now known as trown12:01
*** roxanaghe has joined #openstack-keystone12:06
*** rodrigods has quit IRC12:10
*** roxanaghe has quit IRC12:10
*** rodrigods has joined #openstack-keystone12:10
*** pauloewerton has joined #openstack-keystone12:24
*** henrynash has joined #openstack-keystone12:25
*** ChanServ sets mode: +v henrynash12:25
*** henrynash has quit IRC12:26
*** nisha has joined #openstack-keystone12:29
*** EinstCrazy has joined #openstack-keystone12:30
nishaHi all :)12:31
*** GB21 has quit IRC12:31
*** woodster_ has joined #openstack-keystone12:34
bretono/12:34
*** LZ has quit IRC12:34
*** mvk_ has quit IRC12:34
*** mvk has joined #openstack-keystone12:35
*** raildo-afk is now known as raildo12:35
*** akanksha_ has joined #openstack-keystone12:40
*** doug-fis_ has joined #openstack-keystone12:47
nareshtWhen I do this  "keystone-manage saml_idp_metadata > /etc/keystone/keystone_idp_metadata.xml"  I'm getting below error "IOError: Cannot open certificate /etc/keystone/ssl/certs/signing_cert_req.pem. Reason: Strange beginning of PEM file". Could you please help me here ?12:48
marekdnaresht: make a copy of the pem file12:48
marekdand remove the text12:48
marekdnaresht: what's the structure of your certificate?12:48
marekdit's lots of text and public key there?12:49
*** doug-fish has quit IRC12:50
marekdnaresht: it should be only key with ------BEGIN CERTIFICATE----- and -----END CERTIFICATE-----12:51
amakarovnaresht, I'm recalling I've ran into something similar too - look for another certificate file in that folder12:56
*** real56 has joined #openstack-keystone12:58
nareshtamakarov: I have got two files which are "signing_cert_req.pem" "signing_key.pem"12:58
* amakarov looking through old presentations and stuff...12:59
nareshtboth are in same format what +marekd specified.12:59
*** ninag has joined #openstack-keystone13:00
*** richm has joined #openstack-keystone13:08
amakarovnaresht, here, catch! http://blog.rodrigods.com/it-is-time-to-play-with-keystone-to-keystone-federation-in-kilo/13:09
amakarovI've noticed that path to certificated differs from keystone default, but rodrigods'es recipe worked for me13:10
*** ametts has joined #openstack-keystone13:21
nareshtWe have followed rodrigods'es recipe... but not worked for me.13:24
nareshtis there anything like ownership permissions13:24
amakarovnaresht, are you using devstack?13:25
nareshtYes13:26
*** real56 has quit IRC13:28
*** links has quit IRC13:28
nareshtamakarov: yes13:28
*** permalac has joined #openstack-keystone13:34
*** dims_ has joined #openstack-keystone13:34
amakarovnaresht, have you noticed this config line? certfile=/etc/keystone/ssl/certs/ca.pem13:35
*** dims has quit IRC13:36
nareshtamakarov; yes i have same path but file name is different13:37
*** henrynash has joined #openstack-keystone13:37
*** ChanServ sets mode: +v henrynash13:37
amakarovnaresht, yes, and I remember that ca.pem works fine and the default one - does not13:38
nareshtamakarov: Here is my saml section http://paste.openstack.org/show/491267/13:38
amakarovnaresht, yep, exact my problem :) Don't you have ca.pem in that folder?13:40
*** vint_bra has joined #openstack-keystone13:40
amakarovIf you have - use ca.pem13:40
nareshtNo I don't have13:41
amakarovnaresht, for some reason these pem files are not compatible13:41
nareshtHow to generate that file13:41
amakarovrodrigods, ^^13:41
*** nisha has quit IRC13:43
amakarovnaresht, this is the question to answer - I haven't look that deep - I've just had that files13:43
amakarovrodrigods, where have you got /etc/keystone/ssl/certs/ca.pem for K2K fedefation?13:45
*** sigmavirus24_awa is now known as sigmavirus2413:51
*** naresht has quit IRC13:52
*** roxanaghe has joined #openstack-keystone13:54
*** dave-mccowan has quit IRC13:55
*** BigWillie has joined #openstack-keystone13:55
*** real56 has joined #openstack-keystone13:56
*** sdake has joined #openstack-keystone13:58
*** roxanaghe has quit IRC13:58
*** pcaruana has joined #openstack-keystone14:05
openstackgerritRaildo Mascena proposed openstack/keystonemiddleware: Handling is_domain token attribute from keystone  https://review.openstack.org/19807614:09
*** jaosorior has quit IRC14:10
*** jaosorior has joined #openstack-keystone14:11
*** dave-mccowan has joined #openstack-keystone14:12
*** spzala has quit IRC14:12
*** boris-42 has joined #openstack-keystone14:12
*** knikolla has joined #openstack-keystone14:12
*** Ephur has joined #openstack-keystone14:18
*** alejandrito has joined #openstack-keystone14:18
*** slberger has joined #openstack-keystone14:27
*** itlinux has joined #openstack-keystone14:27
*** Nirupama has quit IRC14:28
rodrigodsamakarov, hi... was afk14:31
rodrigodsgenerated via keystone-manager iirc14:31
*** csoukup has joined #openstack-keystone14:31
*** bjornar has quit IRC14:34
*** nisha has joined #openstack-keystone14:34
zigoGuys, it looks like keystone missed decorator in its requirements.txt14:35
zigoSee: http://paste.openstack.org/show/491274/14:35
stevemarzigo that looks like it is coming from `migrate` ?14:36
stevemarwhich comes from oslo.db ?14:37
zigostevemar: So, it should be added to the python-migrate package as depends: ?14:37
* zigo checks14:37
*** jorge_munoz has joined #openstack-keystone14:37
stevemarzigo: thats how i would understand it14:37
zigoOk, I'll fix that one there then.14:37
zigoHum... I have it there already...14:38
zigoI don't get it.14:38
rodrigodsstevemar, any hints about the import issue here https://review.openstack.org/#/c/294201/ ?14:38
patchbotrodrigods: patch 294201 - keystone - Add conflict validation for idp update14:38
stevemarhttps://github.com/openstack/oslo.db/blob/master/requirements.txt#L1314:38
zigoOh, I think I know.14:38
zigoIt happens only in my Trusty port.14:39
stevemarzigo: hmm yeah, it is there: https://github.com/openstack/sqlalchemy-migrate/blob/fe3e08ae0b70cd94b0105a87919977ce506fe49b/requirements.txt#L1014:39
stevemarah14:39
zigoYup, because keystone doesn't require a version high enough of migrate in my package.14:39
stevemarzigo: gotcha!14:39
stevemarzigo: time to bump it :)14:39
stevemarrodrigods: it's opened in one of my chrome tabs, just haven't gotten to it yet14:39
stevemarrodrigods: i'm moving slow this morning14:40
rodrigodsstevemar, np, i'm just not understanding why i can't import keystone.common there14:40
rodrigodsyou can take a look when you have a moment14:40
rodrigodsthanks14:40
dstanekrodrigods: imports are hard :-)14:41
zigostevemar: Yup, did so.14:41
rodrigodsdstanek, i'm getting to same the conclusion too :)14:41
dstanekrodrigods: at first glance it appears that you introduced a import loop14:41
zigoThough I catched it because -migrate 0.10.0 failed to build in my Trusty Jenkins, which I didn't catch.14:42
rodrigodsdstanek, hmm14:42
stevemarrodrigods: dstanek hmmm http://logs.openstack.org/01/294201/2/check/gate-keystone-python27/70fb02c/console.html.gz#_2016-03-18_18_54_25_31114:43
stevemarrodrigods: i still don't understand why the legacy drivers would fail? you aren't changing the signature14:44
rodrigodsstevemar, it fails because the test expects a 40914:45
rodrigodsand a 500 is returned14:45
*** bjornar has joined #openstack-keystone14:46
*** timcline has joined #openstack-keystone14:53
*** links has joined #openstack-keystone14:54
*** tellesnobrega is now known as tellesnobrega_af14:55
*** spzala has joined #openstack-keystone14:57
*** spzala has quit IRC14:57
*** spzala has joined #openstack-keystone14:57
*** links has quit IRC15:02
stevemarrodrigods: i'll pull it down and see what i can do15:03
*** raorn has quit IRC15:04
*** BAKfr has quit IRC15:09
dstanekrodrigods: any luck on your import problem?15:10
*** tellesnobrega_af is now known as tellesnobrega15:11
*** tellesnobrega is now known as tellesnobrega_af15:12
*** henrynash has quit IRC15:12
dstanekclear15:14
dstaneklol15:14
*** fesp has joined #openstack-keystone15:16
dstanekrodrigods: let me pull down the patch real quick...15:17
*** EinstCrazy has quit IRC15:18
dstanekrodrigods: solved: http://paste.openstack.org/show/491291/15:18
*** BAKfr has joined #openstack-keystone15:18
dstanekyou'll have to figure out a different way organize some of the code so that there is no circular import15:18
*** real56 has quit IRC15:20
*** real56 has joined #openstack-keystone15:21
*** EinstCrazy has joined #openstack-keystone15:26
*** EinstCrazy has quit IRC15:33
*** roxanaghe has joined #openstack-keystone15:42
*** nisha has quit IRC15:43
*** alejandrito has quit IRC15:47
*** roxanaghe has quit IRC15:47
*** real56 has quit IRC15:47
rodrigodsdstanek, sorry, was afk15:48
rodrigodsstevemar, dstanek got it... will try here15:49
*** alejandrito has joined #openstack-keystone15:49
*** nisha has joined #openstack-keystone15:49
openstackgerritKonstantin Maximov proposed openstack/keystone: Add test for domains list filtering and limiting  https://review.openstack.org/20745615:49
*** mylu has joined #openstack-keystone15:49
*** fesp has quit IRC15:50
stevemardstanek: clear15:52
dstanekstevemar: done15:53
*** bjornar has quit IRC15:56
*** alejandrito has quit IRC15:57
*** rderose has joined #openstack-keystone15:58
*** alejandrito has joined #openstack-keystone15:59
*** rcernin has quit IRC15:59
*** daemontool has quit IRC16:00
*** henrynash has joined #openstack-keystone16:01
*** ChanServ sets mode: +v henrynash16:01
*** browne has joined #openstack-keystone16:01
*** mylu has quit IRC16:09
*** daemontool has joined #openstack-keystone16:10
*** jorge_munoz has quit IRC16:14
*** real56 has joined #openstack-keystone16:15
*** dan_nguyen has joined #openstack-keystone16:18
*** roxanaghe has joined #openstack-keystone16:18
stevemaris anyone else getting disconnected a lot?16:19
rodrigodsstevemar, fine here, i'm connected to cameron.freenode16:21
*** itlinux has quit IRC16:22
*** pcaruana has quit IRC16:25
*** spzala has quit IRC16:25
*** mylu has joined #openstack-keystone16:26
*** Guest9441 has quit IRC16:30
*** tqtran-afk has joined #openstack-keystone16:31
*** spzala has joined #openstack-keystone16:32
*** aginwala has joined #openstack-keystone16:32
*** rderose has quit IRC16:34
*** spzala has quit IRC16:36
*** sdake_ has joined #openstack-keystone16:38
*** sdake has quit IRC16:41
*** spzala has joined #openstack-keystone16:47
*** rderose has joined #openstack-keystone16:47
*** agireud has quit IRC16:49
*** aginwala has quit IRC16:49
*** lhcheng has joined #openstack-keystone16:50
*** ChanServ sets mode: +v lhcheng16:50
*** aginwala has joined #openstack-keystone16:50
*** daemontool has quit IRC16:51
*** spzala has quit IRC16:51
*** agireud has joined #openstack-keystone16:52
*** aginwala has quit IRC16:54
*** aginwala has joined #openstack-keystone16:55
*** spzala has joined #openstack-keystone16:57
*** rderose has quit IRC16:57
morganstevemar: i haven't had an issue16:57
*** tellesnobrega_af is now known as tellesnobrega16:59
*** aginwala has quit IRC17:00
*** spzala has quit IRC17:02
*** timcline has quit IRC17:02
*** timcline has joined #openstack-keystone17:03
*** daemontool has joined #openstack-keystone17:03
*** spzala has joined #openstack-keystone17:03
*** aginwala has joined #openstack-keystone17:03
*** aginwala has quit IRC17:03
*** aginwala has joined #openstack-keystone17:04
*** tqtran-afk is now known as tqtran17:06
*** timcline has quit IRC17:07
*** spzala has quit IRC17:08
*** spzala has joined #openstack-keystone17:09
*** trown is now known as trown|lunch17:11
*** CaioBrentano has joined #openstack-keystone17:13
*** spzala has quit IRC17:13
*** mylu has quit IRC17:14
*** mylu has joined #openstack-keystone17:14
*** spzala has joined #openstack-keystone17:15
*** yarkot1 has quit IRC17:18
*** spzala has quit IRC17:19
*** doug-fis_ has quit IRC17:20
*** spzala has joined #openstack-keystone17:20
*** doug-fish has joined #openstack-keystone17:21
*** e0ne has quit IRC17:21
*** yarkot has joined #openstack-keystone17:23
*** nisha has quit IRC17:25
*** spzala has quit IRC17:25
*** doug-fish has quit IRC17:25
*** agireud has quit IRC17:26
*** spzala has joined #openstack-keystone17:26
*** agireud has joined #openstack-keystone17:28
*** chlong|wfh has quit IRC17:28
*** aginwala has quit IRC17:29
*** agireud has quit IRC17:29
*** agireud has joined #openstack-keystone17:31
*** spzala has quit IRC17:31
*** aginwala has joined #openstack-keystone17:32
*** mvk has quit IRC17:32
*** jasonsb has quit IRC17:36
*** aginwala has quit IRC17:38
*** aginwala has joined #openstack-keystone17:38
*** aginwala has quit IRC17:39
*** aginwala has joined #openstack-keystone17:40
*** sdake_ has quit IRC17:40
*** chlong|wfh has joined #openstack-keystone17:42
*** real56 has quit IRC17:44
*** spzala has joined #openstack-keystone17:44
*** real56 has joined #openstack-keystone17:44
*** spzala has quit IRC17:47
*** spzala has joined #openstack-keystone17:48
*** real56 has quit IRC17:48
*** real56 has joined #openstack-keystone17:48
*** Ephur has quit IRC17:48
*** Ephur has joined #openstack-keystone17:50
*** doug-fish has joined #openstack-keystone17:50
*** timcline has joined #openstack-keystone17:51
*** doug-fish has quit IRC17:52
*** doug-fish has joined #openstack-keystone17:52
*** jaosorior has quit IRC17:53
*** tellesnobrega is now known as tellesnobrega_af17:54
*** tellesnobrega_af is now known as tellesnobrega17:54
*** nisha has joined #openstack-keystone17:59
*** mvk has joined #openstack-keystone18:07
*** Ephur has quit IRC18:07
*** nehap has joined #openstack-keystone18:08
*** itlinux has joined #openstack-keystone18:09
*** tellesnobrega is now known as tellesnobrega_af18:10
*** aginwala has quit IRC18:10
*** sdake has joined #openstack-keystone18:13
nehapHi ayoung18:13
ayoungnehap, with you in a moment18:14
*** tellesnobrega_af is now known as tellesnobrega18:14
*** mvk_ has joined #openstack-keystone18:16
*** aginwala has joined #openstack-keystone18:17
*** mvk has quit IRC18:20
*** trown|lunch is now known as trown18:27
*** rderose has joined #openstack-keystone18:29
*** nisha_ has joined #openstack-keystone18:33
*** aginwala has quit IRC18:34
*** nisha has quit IRC18:35
*** real56 has quit IRC18:41
*** real56 has joined #openstack-keystone18:41
*** rderose has quit IRC18:44
*** pnavarro has joined #openstack-keystone18:46
*** aginwala has joined #openstack-keystone18:49
*** aginwala has quit IRC18:50
*** mvk has joined #openstack-keystone18:50
*** aginwala has joined #openstack-keystone18:50
*** mvk_ has quit IRC18:53
*** e0ne has joined #openstack-keystone18:55
*** aginwala has quit IRC18:56
*** pushkaru has joined #openstack-keystone18:57
*** nehap has quit IRC19:01
*** timcline has quit IRC19:08
*** timcline has joined #openstack-keystone19:09
*** dave-mccowan has quit IRC19:10
*** timcline has quit IRC19:14
*** rderose has joined #openstack-keystone19:14
*** roxanaghe has quit IRC19:18
*** pnavarro has quit IRC19:27
*** gordc has quit IRC19:28
*** slberger1 has joined #openstack-keystone19:28
*** aginwala has joined #openstack-keystone19:29
*** rderose has quit IRC19:30
*** timcline has joined #openstack-keystone19:30
*** slberger has quit IRC19:31
*** mylu has quit IRC19:31
*** mylu has joined #openstack-keystone19:33
*** dave-mccowan has joined #openstack-keystone19:36
*** spandhe has joined #openstack-keystone19:38
*** nisha__ has joined #openstack-keystone19:46
*** rk4n has quit IRC19:48
*** nisha_ has quit IRC19:48
openstackgerritRaildo Mascena proposed openstack/keystone: [WIP]Make fernet default token provider  https://review.openstack.org/25865019:50
*** maxabidi has joined #openstack-keystone19:58
ayoungraildo, did you work around the test issues?19:59
*** gordc has joined #openstack-keystone20:10
*** e0ne has quit IRC20:17
*** pcaruana has joined #openstack-keystone20:21
*** alejandrito has quit IRC20:25
*** jrist has quit IRC20:26
*** jrist has joined #openstack-keystone20:27
*** aginwala has quit IRC20:29
*** roxanaghe has joined #openstack-keystone20:31
*** alejandrito has joined #openstack-keystone20:31
*** aginwala has joined #openstack-keystone20:33
raildoayoung: yes, I fix a couple of tests related to assignments and with the last rebase20:38
ayoungraildo, how are we looking?  Is it close to running, or do we still have significant work left?20:38
raildoayoung: we have a couple os tests related to trust that I don't know how to handle, and I'm working in the others tests, I think that we are close to running20:39
raildoayoung: I'll come in the next days to discuss with you and lbragstad about it20:39
ayoungraildo, that works.20:40
knikollaayoung, I'd like to help with this https://etherpad.openstack.org/p/Keystone-LDAP-Cleanup20:42
ayoungknikolla, excellent20:43
ayoungknikolla, can you deploy Devstack with LDAP in it yet?20:43
knikollaayoung, yeah. It's already running.20:43
ayoungExcellent.20:43
ayoungknikolla, OK, so we have 3 main tasks20:44
ayoungone is to convert over to the ldap3 library20:44
ayoungcare to give that a try?20:44
knikollaayoung, sounds good.20:44
ayoungknikolla, so that can start by editing the tox requirements and pulling in the ldap3 library.20:46
ayoungdstanek, youi played some with LDAP3.  Is it a drop in replacement for the python-ldap?  Does it work for 2 as well as 3?20:46
*** akanksha_ has quit IRC20:47
ayoungknikolla, keep notes about what you are doing posted on the etherpad so other people can see, too.20:47
openstackgerritSteve Martinelli proposed openstack/keystone: Add conflict validation for idp update  https://review.openstack.org/29420120:49
knikollaayoung, sure.20:49
ayoungknikolla, please break things, then record how you break them20:50
ayoungknikolla, the LDAP code is nasty.20:50
morganayoung: ldap3 is not a drop in replacement20:50
ayoungIt could stand a bit of refactoring20:50
ayoungmorgan, does it at least also support ldap2?20:50
ayounger20:50
ayoungpython2?20:50
morganyep20:50
morganit's pure python20:50
*** maxabidi has quit IRC20:51
morganas well20:51
*** BigWillie has quit IRC20:51
morganbut it is totally different semantics to write code around it, hence the idea to do http://specs.openstack.org/openstack/keystone-specs/specs/backlog/ldap3.html20:51
morganayoung: a new driver that is ldap3 specific vs. trying to refactor/retrofit the current code20:51
knikollamorgan, i like the idea of a new driver20:52
morganayoung: ldap3 is much more pythonic as well, it uses dicts rather than listsof tuples20:52
ayoungknikolla, excellent.20:52
morganbascially nothing will be needed in keystone.common for the ldap3 driver20:53
ayoungOK...this is a better approach.  I can see that now.20:53
morganit can be 100% isolated in keystone.identity.backends.ldap320:53
morgan:)20:53
ayoungmorgan, do we inherit anything from the common config?20:53
morganayoung: perhaps. didn't evaluate that20:53
morganayoung: it may be worth new options in [ldap3] block20:54
ayoungI think we do...its mostly the fields needed to talk to the remote server20:54
ayounglets try not.20:54
ayoungif all we have to do is tell people to change their driver, it will be much nicer20:54
morganayoung: but that part i figured was more implementation detail20:54
morganyou'll likely need to make some changes to options add one or remove a couple20:54
ayoungOK...that gets us both goals20:54
morganbut that shouldn't be the end of the world20:54
morganbut there should be zero ldap3 code in keystone.common20:55
ayoungI doubt it.  Those values are for "here is the LDAP query" to execute, and should be orthoganal to the code layout20:55
ayoungwe might want to deprecate most of them20:55
ayoungbut the ones we use should be the ones from that file20:55
morganwhen assignment was killed many ldap options were killed20:55
ayoungok... knikolla you got enough to get started?20:55
morganthe read/write options will be deprecated20:55
morgansince ldap3 will be read only20:55
ayoungmorgan, I was thinking all the "tree" options, too20:55
morganayoung: likely20:56
ayoungmake it so there is only one way to specify the objects you are looking for, etc20:56
knikollaayoung, yes.20:56
*** alejandrito has quit IRC20:57
ayoungknikolla, try supporting just the config options in here: http://adam.younglogic.com/2014/08/getting-service-users-out-of-ldap/20:57
ayoungHmmm20:57
ayoungactually, let me see if I have a better set...20:57
rodrigodsstevemar, thanks! was working on it just right now20:58
rodrigodsheh20:58
* ayoung goes to get stevemar 's keystone O'Reilly book,...20:58
*** alejandrito has joined #openstack-keystone20:58
ayoungknikolla, yeah, we still need the tree_dn way of querying.  Start by supporting the config options in http://adam.younglogic.com/2014/08/getting-service-users-out-of-ldap/  but we will need to put in a few more, for AD support, as an example.21:01
*** timcline has quit IRC21:01
knikollaayoung, ok, good! I'll do that.21:02
knikollaayoung, once I get something basic I'll propose a WIP change. What topic should that be on?21:03
*** raildo is now known as raildo-afk21:03
*** raildo-afk is now known as raildo21:06
ayoungknikolla, ldap321:06
*** rk4n has joined #openstack-keystone21:08
*** aginwala has quit IRC21:09
*** pauloewerton has quit IRC21:13
dstanekmorgan: i actually started a wrapper around ldap3 to highlight the differences21:14
*** trown is now known as trown|outtypewww21:16
morgandstanek: I know the ldap3 folks are planning a drop in compat modulr21:18
*** rk4n has quit IRC21:18
morganYou might be able to contribute to that. But last I saw it had zero develop memt on it and a big "TODO"21:18
knikollaayoung, morgan. Would the new ldap3 driver be sync or async?21:22
*** pnavarro has joined #openstack-keystone21:22
ayoungsync knikolla21:22
morganknikolla: uhmmmmmmm... *shrug* go with what ayoung says21:22
ayoungmorgan, async means threads.  This is Python....21:23
ayoungwe shall await your reply21:23
morganayoung: like i said... go with what you said.21:23
ayoungknikolla, does ldap3 claim to have decend async support, or are you just talking from an LDAP perspective?21:24
*** aginwala has joined #openstack-keystone21:25
knikollaayoung, http://ldap3.readthedocs.org/tutorial.html#accessing-an-ldap-server21:25
knikollaaccording to this guide, ldap3 support async21:25
ayoungSORRY This page does not exist yet.21:26
knikollaayoung, http://ldap3.readthedocs.org/tutorial.html21:26
ayoungweeeeeird21:26
knikollaayoung, scroll to "Accessing an LDAP server"21:27
knikollalooks like inpage links don't work *shrugs*21:27
ayoungknikolla, ah, right, so a very thin wrapper around the LDAP protocol.  So, I am not certain that we could even do async21:27
dstanekknikolla: i don't think we should do async21:28
dstanekayoung: basically the calls would return a message id for a request and then we'd have to ask at some later point what the status was for the operation21:28
ayoungdstanek, Oh, I know we *should not* do it.  I was wondering if we even *could* do it.  I guess, in theory we could, but I am not certain that it would actually work in python21:28
ayoungdstanek, it is so eventlet like21:29
ayoung"never block" for IO21:29
dstanekayoung: python has great async IO support; we don't have the necessary infrastructure for it21:29
*** doug-fish has quit IRC21:29
ayoungdstanek, "infrastructure" meaning what?21:30
dstanekayoung: kinda like eventlet, but we would control the event loop21:30
knikolladstanek, ayoung. even with async support it wouldn't have much benefit. We wouldn't be doing anything else with the thread while waiting.21:30
dstanekknikolla: exactly.21:30
dstanekif we were making a multiplexed app then we would see some benefit, but that's very far off from our design21:31
*** doug-fish has joined #openstack-keystone21:32
ayoungknikolla, still, that was a good question.  Please capture this discussion on the Etherpad.21:34
*** doug-fis_ has joined #openstack-keystone21:34
*** doug-fish has quit IRC21:36
knikollaayoung, done.21:38
*** doug-fis_ has quit IRC21:38
*** pnavarro_ has joined #openstack-keystone21:39
*** sdake_ has joined #openstack-keystone21:39
*** pnavarro has quit IRC21:40
*** fawadkhaliq has joined #openstack-keystone21:41
*** sdake has quit IRC21:41
*** nisha__ has quit IRC21:44
*** aginwala has quit IRC21:45
*** nisha__ has joined #openstack-keystone21:45
*** raildo is now known as raildo-afk21:47
*** doug-fish has joined #openstack-keystone21:51
*** aginwala has joined #openstack-keystone21:52
*** doug-fish has quit IRC21:55
*** doug-fish has joined #openstack-keystone21:55
mfischstevemar: which team owns the requirements repo?21:57
*** rk4n has joined #openstack-keystone21:57
mfischI see commits from lots of folks21:57
mfischI'd like to know when the mitaka branch will show up21:58
*** real56 has quit IRC21:58
morganjamielennox, ayoung: if either of you happen to have centos7 image running: https://github.com/morganfainberg/positional/issues/16 a quick check would be good.21:58
*** real56 has joined #openstack-keystone21:58
ayoungmorgan, I do...let me look21:59
morganayoung: thnx21:59
ayoungmorgan, uh...hhmmm21:59
ayoungwhat am I looking for?21:59
*** timcline has joined #openstack-keystone21:59
morganayoung: pip install positional21:59
morganfailed for that guy on cent722:00
ayoungmorgan, http://fpaste.org/343515/85976561/22:01
ayoungCentOS Linux release 7.2.1511 (Core)22:01
morganhmmm22:01
morganok22:01
*** Ephur has joined #openstack-keystone22:01
*** sdake_ is now known as sdake22:02
*** rk4n has quit IRC22:02
*** nisha__ has quit IRC22:04
*** knikolla has quit IRC22:04
*** pcaruana has quit IRC22:06
*** aginwala has quit IRC22:07
*** rk4n has joined #openstack-keystone22:09
*** pnavarro_ has quit IRC22:09
*** aginwala has joined #openstack-keystone22:10
*** nisha has joined #openstack-keystone22:12
openstackgerritBrant Knudson proposed openstack/keystone: Switch migration tests to oslo.db DbTestCase  https://review.openstack.org/29424622:12
*** sdake_ has joined #openstack-keystone22:12
*** sigmavirus24 is now known as sigmavirus24_awa22:13
jamielennoxmorgan: yea, module release doesn't sound like its our fault22:15
*** sdake has quit IRC22:15
*** timcline has quit IRC22:17
morganjamielennox: yeah.22:17
*** timcline has joined #openstack-keystone22:18
*** aginwala has quit IRC22:20
*** csoukup has quit IRC22:22
morganjamielennox: do you have a pypi user?22:22
jamielennoxmorgan: yep22:22
morganjamielennox: let me give you access to publish positional releases22:22
jamielennoxpretty sure22:22
*** aginwala has joined #openstack-keystone22:22
morganjamielennox: since i am ... busy finding work --22:23
jamielennoxmorgan: it's just jamielennox22:23
morganjamielennox: ok22:24
morganwill add you soon to the owners of the pypi package22:24
*** mylu has quit IRC22:27
morganjamielennox: ok added22:27
jamielennoxyay?22:28
*** spzala has quit IRC22:29
*** nisha has quit IRC22:30
*** alejandrito has quit IRC22:32
*** ninag has quit IRC22:33
*** ninag has joined #openstack-keystone22:33
*** zqfan has joined #openstack-keystone22:36
*** ninag has quit IRC22:38
*** knikolla has joined #openstack-keystone22:39
*** slberger1 has left #openstack-keystone22:39
*** timcline has quit IRC22:53
*** timcline has joined #openstack-keystone22:54
*** spzala has joined #openstack-keystone22:54
*** aginwala has quit IRC22:58
*** timcline has quit IRC22:58
*** spzala has quit IRC22:59
*** edmondsw has quit IRC22:59
*** ametts has quit IRC23:00
*** openstackgerrit has quit IRC23:03
*** openstackgerrit_ is now known as openstackgerrit23:03
*** openstackgerrit has quit IRC23:03
*** openstackgerrit_ has joined #openstack-keystone23:03
*** boris-42 has quit IRC23:04
*** openstackgerrit_ is now known as openstackgerrit23:04
*** rk4n has quit IRC23:07
*** openstackgerrit_ has joined #openstack-keystone23:08
*** dims_ has quit IRC23:09
*** dims has joined #openstack-keystone23:09
*** lucas_ has joined #openstack-keystone23:10
*** mylu has joined #openstack-keystone23:11
*** dims has quit IRC23:21
*** dims has joined #openstack-keystone23:22
*** sdake has joined #openstack-keystone23:25
*** sdake_ has quit IRC23:26
*** spzala has joined #openstack-keystone23:27
*** dims has quit IRC23:27
*** dims has joined #openstack-keystone23:28
*** dims has quit IRC23:33
*** gordc has quit IRC23:33
*** fawadkhaliq has quit IRC23:35
*** timcline has joined #openstack-keystone23:39
*** trown|outtypewww is now known as trown23:42
*** timcline has quit IRC23:44
*** trown is now known as trown|outtypewww23:45
*** fawadkhaliq has joined #openstack-keystone23:45
*** aginwala has joined #openstack-keystone23:46
*** fawadkhaliq has quit IRC23:50
*** fawadkhaliq has joined #openstack-keystone23:50
*** pushkaru has quit IRC23:50
*** pushkaru has joined #openstack-keystone23:51
*** furface has quit IRC23:52
*** aginwala has quit IRC23:54
*** pushkaru has quit IRC23:55
*** lucas_ has quit IRC23:56
*** lucas_ has joined #openstack-keystone23:57
« Sunday, 2016-03-20 Index Tuesday, 2016-03-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!