Monday, 2016-04-11

« Sunday, 2016-04-10 Index Tuesday, 2016-04-12 »
*** fpatwa_ has joined #openstack-keystone00:00
*** fpatwa_ has quit IRC00:04
*** rk4n has quit IRC00:05
*** fpatwa has joined #openstack-keystone00:05
*** fpatwa has quit IRC00:10
*** fester1 has joined #openstack-keystone00:17
fester1is POST /admin/v3/auth/tokens a valid location?00:17
jamielennoxfester1: depends on your setup00:18
jamielennox /v3/auth/tokens is, you _could_ set it up for /admin/ but it's not standard00:18
fester1so mitaka is adding it00:21
fester1or at least my uwsgi with nginx is adding it00:21
*** jerrygb has joined #openstack-keystone00:22
fester1I'm not sure where in python it's handling the uwsgi_param SCRIPT_NAME /admin00:22
*** chlong has quit IRC00:27
fester1so base_url function in common/wsgi.py does not remove the SCRIPT_NAME part of the basename, but apparently the API requires that it isn't there00:30
*** ayoung has joined #openstack-keystone00:32
*** ChanServ sets mode: +v ayoung00:32
fester1jamielennox: is this expected functionality?00:33
*** chlong has joined #openstack-keystone00:34
jamielennoxfester1: sorry, wasn't watching, did mitaka add /admin or /identity00:36
fester1it added /admin00:36
jamielennoxi thought the plan was to add /{service_type} because keystone v3 is the same on admin and public and we don't really care about < 300:36
jamielennox:(00:36
jamielennoxok, so i've not seen anything official around this - but my guess is that haproxy should be removing the /admin component00:37
fester1I get a 404 when it's present00:37
fester1I'm not using haproxy00:37
jamielennoxfester1: is this in a guide somewhere?00:37
fester1yes, step 3 here: http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-verify.html00:38
jamielennoxfester1: just to clarify then are you intending to add /admin because that's what i would consider a fairly advanced deployment00:39
jamielennoxor are you mostly following the guide?00:40
fester1i'm following the guide00:40
fester1I don't want to modify the deployment, mostly00:40
*** rderose has joined #openstack-keystone00:40
fester1the only change I've made is to use nginx and uwsgi00:40
jamielennoxfester1: oh, ok - changes the response a bit00:41
jamielennoxso from the guide there really shouldn't be a /admin component00:41
fester1ok00:41
jamielennoxnginx should be set up to serve from the root of port 5000 and 3535700:41
fester1interesting00:41
jamielennoxlooking at http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html00:42
jamielennoxyou can see that the entries in the service catalog then point to those urls00:42
fester1nginx is serving root00:42
fester1the wsgi is adding the /admin to the url00:43
jamielennoxso do you know where /admin crept in?00:43
fester1it's adding uwsgi_param SCRIPT_NAME00:43
jamielennoxso i don't know nginx, but i've done some stuff with uwsgi and i've not seen it modify the url00:44
jamielennoxit adds some other stuff to the environment but not that should matter her00:44
jamielennoxe00:44
fester1hmm, maybe because this is how I'm starting it: https://bpaste.net/show/adba83a2563f00:47
*** spzala has joined #openstack-keystone00:50
*** spzala has quit IRC00:55
jamielennoxfester1: it shouldn't be, that looks fairly standard, though the newer way is the installed /usr/local/bin/keystone-wsgi-admin and keystone-wsgi-public00:57
jamielennoxfester1: also, tip use irc names liberally because i get notified when you say something when i've gone back to whatever else i was doing00:58
*** tellesnobrega_af is now known as tellesnobrega00:59
fester1jamielennox: i'm not sure what's wrong then, so but i modified common/wsgi.py to remove '/(admin|main)' and it's working well now01:05
jamielennoxfester1: yea, i'll admit it sounds like a configuration error but i wouldn't know where or what's doing it, ^ is probably not a long term solution for upgrades01:06
*** fpatwa has joined #openstack-keystone01:06
jamielennoxi'm going to guess nginx because that's the bit i know least :)01:06
fester1jamielennox: i'm not sure where nginx even modifies it, it hands it off to uwsgi01:08
jamielennoxfester1: if you want to pastebin your configs i'll have a look but if you enable logging in everything, nginx, uwsgi, keystone you should be able to see the request url and at what point /admin is added01:10
jamielennoxor at least what program01:10
*** EinstCrazy has joined #openstack-keystone01:11
*** fpatwa has quit IRC01:11
*** fpatwa has joined #openstack-keystone01:12
fester1jamielennox: the nginx configs? sure01:12
fester1https://bpaste.net/show/904a176b22e901:14
fester1jamielennox: i have debug true enabled for everything01:14
*** mylu has quit IRC01:15
jamielennoxfester1: yea, it's the uwsgi_params that look suspicious01:16
*** fpatwa has quit IRC01:16
*** mylu has joined #openstack-keystone01:17
fester1afaik, nginx doesn't modify anything based on uwsgi_param01:17
jamielennoxfester1: no, but SCRIPT_NAME is a standard environment variable that would appear to be being set on the uwsgi request, but i don't know why it would be added to the url01:19
fester1so there's an overlap in environment variable names?01:21
jamielennoxfester1: have you seen http://uwsgi-docs.readthedocs.org/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info01:22
jamielennoxit may not be relevant as you have different socks for admin and public01:23
jamielennoxbut also if you have different admin/public socks you probably don't need to specify script_name in the nginx config at all01:23
fester1I'll try that01:24
jamielennoxare you using the uwsgi emperor or otherwise loading the uwsgi process specifically or doing the dynamic thing that requires script_name set?01:24
fester1i was planning on using it for horizon01:25
jamielennoxusing which?01:25
fester1using uwsgi01:26
jamielennoxnot what i meant, umm01:26
fester1i will be using this uwsgi/nginx server to host horizon as well01:27
jamielennoxso it looks like for uwsgi there is a dynamic mode that lets you serve multiple apps over the same socket, and that needs you to set script_name and add mount points so uwsgi can disambiguate which app to send it to01:27
fester1but i am not using the SCRIPT_NAME for anything else01:27
fester1I'm not hosting anything else, no01:27
jamielennoxif you're using uwsgi emperor or something where all this is already configured so one socket serves one app you should be able to delete the uwsgi script_name variable from nginx01:27
fester1i'm using more processes for admin and main and specifying different logging directories for the different apps, but that's about it01:30
fester1s/admin and/admin than/01:30
*** EinstCrazy has quit IRC01:31
jamielennoxfester1: yep, but you somewhere have sepearte uwsgi config that points to a python script for keystone admin and main and open independant sockets for them01:32
fester1yes01:33
jamielennoxand they are being launched seperately from nginx01:33
jamielennoxso try it without setting script_name in nginx01:34
fester1yep, that works01:35
*** EinstCrazy has joined #openstack-keystone01:35
fester1thank you01:35
jamielennoxfester1: sweet - no worries01:35
*** EinstCrazy has quit IRC01:35
*** EinstCrazy has joined #openstack-keystone01:35
*** akanksha_ has joined #openstack-keystone01:43
*** spzala has joined #openstack-keystone01:51
fester1jamielennox: I hope you have a good day. This bugged me for about 6hours last night.01:53
*** spzala has quit IRC01:56
jamielennoxfester1: heh, thanks - it's crazy the little things that look correct and are in people's blog posts that can hang you up for days01:56
fester1exactly01:57
*** mylu has quit IRC02:01
*** wanghua has joined #openstack-keystone02:05
*** EinstCrazy has quit IRC02:10
*** zqfan has joined #openstack-keystone02:11
*** EinstCrazy has joined #openstack-keystone02:15
*** sdake has joined #openstack-keystone02:24
*** knikolla has quit IRC02:24
*** mylu has joined #openstack-keystone02:24
*** sdake_ has joined #openstack-keystone02:27
*** sdake has quit IRC02:28
*** jerrygb has quit IRC02:29
*** sdake has joined #openstack-keystone02:39
*** jerrygb has joined #openstack-keystone02:42
*** sdake_ has quit IRC02:43
*** spzala has joined #openstack-keystone02:45
*** mylu has quit IRC03:09
*** jasonsb has quit IRC03:10
*** mfisch has quit IRC03:11
*** mylu has joined #openstack-keystone03:12
*** mfisch has joined #openstack-keystone03:12
*** mfisch is now known as Guest8965703:12
*** Guest89657 has quit IRC03:13
*** Guest89657 has joined #openstack-keystone03:13
*** Guest89657 is now known as mfisch03:14
*** mylu has quit IRC03:35
*** mylu has joined #openstack-keystone03:37
*** dan_nguyen has joined #openstack-keystone03:37
*** jerrygb has quit IRC03:41
*** links has joined #openstack-keystone03:45
*** fpatwa has joined #openstack-keystone03:50
*** jerrygb has joined #openstack-keystone03:51
*** jerrygb has quit IRC03:51
*** jerrygb has joined #openstack-keystone03:51
*** jerrygb has quit IRC03:51
*** fpatwa has quit IRC03:53
*** akanksha_ has quit IRC04:27
*** jerrygb has joined #openstack-keystone04:28
*** mylu has quit IRC04:30
*** mylu has joined #openstack-keystone04:32
*** lhcheng has joined #openstack-keystone04:36
*** ChanServ sets mode: +v lhcheng04:36
*** lhcheng_ has quit IRC04:36
*** jerrygb has quit IRC04:37
*** jerrygb has joined #openstack-keystone04:38
*** jerrygb has quit IRC04:43
*** jaosorior has joined #openstack-keystone04:46
*** rderose has quit IRC04:53
*** EinstCrazy has quit IRC04:57
*** EinstCrazy has joined #openstack-keystone05:01
*** fester1 has quit IRC05:03
*** spzala has quit IRC05:04
*** spzala has joined #openstack-keystone05:05
*** spzala has quit IRC05:09
*** stingaci has quit IRC05:11
*** GB21 has joined #openstack-keystone05:21
*** sdake_ has joined #openstack-keystone05:23
*** sdake has quit IRC05:24
*** dan_nguyen has quit IRC05:29
*** mylu has quit IRC05:36
*** pcaruana has joined #openstack-keystone05:39
*** dimsum__ has quit IRC05:40
*** agireud has quit IRC05:41
*** GB21 has quit IRC05:44
*** sdake_ is now known as sdake05:45
*** agireud has joined #openstack-keystone05:45
*** dims has joined #openstack-keystone05:47
*** lhcheng has quit IRC05:52
*** Nirupama has joined #openstack-keystone06:00
*** rk4n has joined #openstack-keystone06:10
*** chlong has quit IRC06:13
*** EinstCrazy has quit IRC06:15
*** rcernin has joined #openstack-keystone06:15
*** EinstCrazy has joined #openstack-keystone06:15
*** rk4n has quit IRC06:18
*** GB21 has joined #openstack-keystone06:18
*** rk4n has joined #openstack-keystone06:20
*** avishay has joined #openstack-keystone06:25
*** dims has quit IRC06:31
bretonmorning, keystone06:34
*** tesseract has joined #openstack-keystone06:35
*** EinstCrazy has quit IRC06:35
*** EinstCrazy has joined #openstack-keystone06:35
*** tesseract is now known as Guest898906:35
*** roxanaghe has joined #openstack-keystone06:37
*** roxanaghe has quit IRC06:41
*** rk4n has quit IRC06:47
*** daemontool has joined #openstack-keystone06:53
*** dims has joined #openstack-keystone06:54
*** dims has quit IRC06:58
*** markvoelker has joined #openstack-keystone07:01
*** jaosorior has quit IRC07:03
*** jaosorior has joined #openstack-keystone07:04
*** markvoelker has quit IRC07:06
*** spzala has joined #openstack-keystone07:06
*** spzala has quit IRC07:11
*** jamielennox is now known as jamielennox|away07:15
*** jed56 has joined #openstack-keystone07:21
*** xek has quit IRC07:24
*** GB21 has quit IRC07:25
*** GB21 has joined #openstack-keystone07:25
*** chlong has joined #openstack-keystone07:31
*** GB21 has quit IRC07:44
*** dims has joined #openstack-keystone07:45
*** jaosorior has quit IRC07:47
*** rk4n has joined #openstack-keystone07:47
*** jaosorior has joined #openstack-keystone07:48
*** jaosorior has quit IRC07:48
*** jaosorior has joined #openstack-keystone07:49
*** rk4n has quit IRC07:53
*** e0ne has joined #openstack-keystone08:02
*** spzala has joined #openstack-keystone08:07
openstackgerrityolanda.robla proposed openstack/keystoneauth: Allow to send different recorders to betamax  https://review.openstack.org/30395208:11
*** henrynash has joined #openstack-keystone08:11
*** ChanServ sets mode: +v henrynash08:11
*** spzala has quit IRC08:12
*** roxanaghe has joined #openstack-keystone08:25
*** GB21 has joined #openstack-keystone08:28
*** roxanaghe has quit IRC08:29
*** jistr has joined #openstack-keystone08:32
openstackgerritRyosuke Mizuno proposed openstack/keystone: Add keystone service ID to observer audit  https://review.openstack.org/30396308:36
*** dims has quit IRC08:48
*** ksnihyr has joined #openstack-keystone08:50
*** rk4n has joined #openstack-keystone08:50
*** rk4n has quit IRC08:54
*** dims has joined #openstack-keystone08:55
*** pcaruana has quit IRC09:00
*** markvoelker has joined #openstack-keystone09:02
*** markvoelker has quit IRC09:07
*** spzala has joined #openstack-keystone09:08
*** spzala has quit IRC09:13
*** wanghua has quit IRC09:14
*** rk4n has joined #openstack-keystone09:42
*** GB21 has quit IRC09:47
*** Kimmo_ has joined #openstack-keystone09:53
*** spzala has joined #openstack-keystone10:10
*** roxanaghe has joined #openstack-keystone10:13
*** spzala has quit IRC10:14
*** lupine has quit IRC10:15
*** lupine has joined #openstack-keystone10:15
*** roxanaghe has quit IRC10:18
*** EinstCrazy has quit IRC10:31
*** GB21 has joined #openstack-keystone10:38
*** sdake_ has joined #openstack-keystone10:45
*** sdake has quit IRC10:48
*** mvk has joined #openstack-keystone10:49
*** pece has joined #openstack-keystone10:57
*** rk4n_ has joined #openstack-keystone10:59
*** rk4n has quit IRC11:00
*** GB21 has quit IRC11:02
*** markvoelker has joined #openstack-keystone11:03
morganbreton: mornin'11:06
*** markvoelker has quit IRC11:07
*** spzala has joined #openstack-keystone11:10
*** spzala has quit IRC11:16
*** henrynash has quit IRC11:16
openstackgerritBoris Bobrov proposed openstack/keystone: Support for running functional federation tests  https://review.openstack.org/13913711:19
openstackgerritBoris Bobrov proposed openstack/keystone: enables bashate checking on dsvm code  https://review.openstack.org/15130911:19
openstackgerritBoris Bobrov proposed openstack/keystone: adds a devstack plugin for running a pysaml2 IdP  https://review.openstack.org/15131011:19
openstackgerritBoris Bobrov proposed openstack/keystone: adds a devstack plugin for setting up federation  https://review.openstack.org/15131111:19
*** GB21 has joined #openstack-keystone11:35
*** clenimar has joined #openstack-keystone11:37
*** raildo-afk is now known as raildo11:38
*** gordc has joined #openstack-keystone11:42
*** flaper87 has quit IRC11:51
*** flaper87 has joined #openstack-keystone11:51
*** sdake_ is now known as sdake11:59
*** roxanaghe has joined #openstack-keystone12:01
*** ksnihyr has quit IRC12:04
*** sheel has joined #openstack-keystone12:04
*** roxanaghe has quit IRC12:06
*** mdavidson has quit IRC12:07
*** sdake_ has joined #openstack-keystone12:10
*** spzala has joined #openstack-keystone12:12
*** sdake has quit IRC12:12
*** rodrigods has quit IRC12:13
*** rodrigods has joined #openstack-keystone12:13
*** dave-mccowan has joined #openstack-keystone12:14
*** spzala has quit IRC12:17
*** GB21 has quit IRC12:17
*** sdake_ has quit IRC12:18
*** markvoelker has joined #openstack-keystone12:19
*** GB21 has joined #openstack-keystone12:19
*** ksnihyr has joined #openstack-keystone12:24
*** ksnihyr has quit IRC12:24
*** ksnihyr has joined #openstack-keystone12:24
*** rk4n has joined #openstack-keystone12:24
*** edmondsw has joined #openstack-keystone12:26
*** rk4n_ has quit IRC12:28
*** ksnihyr has quit IRC12:28
*** EinstCrazy has joined #openstack-keystone12:34
*** GB21 has quit IRC12:40
*** GB21 has joined #openstack-keystone12:41
*** ninag has joined #openstack-keystone12:49
*** henrynash has joined #openstack-keystone12:50
*** ChanServ sets mode: +v henrynash12:50
*** mdavidson has joined #openstack-keystone12:50
*** pauloewerton has joined #openstack-keystone12:53
*** spzala has joined #openstack-keystone12:55
*** jsavak has joined #openstack-keystone12:58
openstackgerrityolanda.robla proposed openstack/keystoneauth: Allow to send different recorders to betamax  https://review.openstack.org/30395213:07
*** GB21 has quit IRC13:11
*** trown|outtypewww is now known as trown13:12
*** jerrygb has joined #openstack-keystone13:16
dstanekmorning all13:16
lbragstado/13:16
raildo:)13:18
*** links has quit IRC13:21
*** xek has joined #openstack-keystone13:24
*** ksnihyr has joined #openstack-keystone13:30
stevemarmorning indeed13:32
*** e0ne has quit IRC13:34
*** mylu has joined #openstack-keystone13:35
*** e0ne has joined #openstack-keystone13:39
*** rderose has joined #openstack-keystone13:49
*** ametts has joined #openstack-keystone13:55
*** doug-fish has joined #openstack-keystone14:00
*** jsavak has quit IRC14:01
*** e0ne has quit IRC14:01
*** jsavak has joined #openstack-keystone14:01
*** woodster_ has joined #openstack-keystone14:03
*** e0ne has joined #openstack-keystone14:04
*** mvk has quit IRC14:05
*** Nirupama has quit IRC14:06
*** pushkaru has joined #openstack-keystone14:11
*** anush_ has joined #openstack-keystone14:13
*** roxanaghe has joined #openstack-keystone14:18
*** roxanaghe has quit IRC14:22
*** jsavak has quit IRC14:24
*** jsavak has joined #openstack-keystone14:24
*** anush_ has quit IRC14:26
*** slberger has joined #openstack-keystone14:28
*** mvk has joined #openstack-keystone14:30
*** stingaci has joined #openstack-keystone14:35
*** knikolla has joined #openstack-keystone14:38
*** tpeoplesvacation is now known as tpeoples14:40
*** jaosorior is now known as jaosorior_away14:42
*** pumarani__ has joined #openstack-keystone14:46
*** pushkaru has quit IRC14:48
*** stingaci_ has joined #openstack-keystone14:51
*** stingaci has quit IRC14:51
*** diazjf has joined #openstack-keystone14:53
*** ninag has quit IRC14:57
*** ninag has joined #openstack-keystone14:57
*** ninag_ has joined #openstack-keystone14:59
morgani should get coffee15:00
*** fawadkhaliq has joined #openstack-keystone15:01
*** timcline has joined #openstack-keystone15:01
*** ninag has quit IRC15:02
anteayareminder gerrit will be offline for maintenance at 20:00 utc today: http://lists.openstack.org/pipermail/openstack-dev/2016-March/088985.html15:02
*** ninag_ has quit IRC15:04
*** nkinder has joined #openstack-keystone15:06
morgananteaya: oh noes! what shall i do instead of code review?15:07
morgananteaya: ;)15:07
morgananteaya: thanks for the heads up15:07
*** diazjf has quit IRC15:09
openstackgerritMerged openstack/keystoneauth: Allow to send different recorders to betamax  https://review.openstack.org/30395215:09
*** jsavak has quit IRC15:09
*** jsavak has joined #openstack-keystone15:10
*** diazjf has joined #openstack-keystone15:10
dstanekwhat is the new security email list?15:11
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/30313015:11
bknudsondstanek: if there's a new security email list I don't know about it.15:13
*** avishay has quit IRC15:14
knikollarodrigods, i can't edit the wiki as they have blocked new accounts. can you please add federation testing to the agenda for the meeting?15:14
dstanekbknudson: someone mentioned that they forwarded mfisch's email there15:14
bknudsondstanek: ossg discussions now take place on openstack-dev like all the other discussions15:14
dstanekbknudson: maybe that's what he meant15:15
dstanekrderose: are your reviews pretty stable or are you planning on pushing more changes in the next day or two?15:16
anteayamorgan: welcome15:17
anteayawell horizon likes to call bug triage sessions when they can't code review15:17
rderosedstanek: reviews should be pretty stable15:18
*** openstackgerrit has quit IRC15:18
*** openstackgerrit has joined #openstack-keystone15:18
dstanekrderose: cool, thanks15:18
morgananteaya: i actually have at least 1 bug to chase down that i'm almost positive is invalid.15:18
rderosedstanek: cool, thank you :)15:18
*** fawadkhaliq has quit IRC15:18
anteayamorgan: awesome15:19
anteayamorgan: I hope it is invalid15:19
morgananteaya: but need to add a bunch of debugging in to be sure since it hits a ton of layers15:19
anteayawow15:19
anteayasounds like you need some dedicated time to do that15:19
morgananteaya: yeah. and it's been painful w/o a solid dev laptop :(15:20
*** fawadkhaliq has joined #openstack-keystone15:21
morganwaiting for my new on in the mail.15:21
morganmight be here anytime in the next 3-4 days15:21
*** e0ne has quit IRC15:21
anteayago mail go15:22
morganyay custom builds =/15:22
anteayaI bet it has been painful15:22
anteayayeah, that too15:22
*** e0ne has joined #openstack-keystone15:23
*** diazjf has left #openstack-keystone15:24
*** ninag has joined #openstack-keystone15:24
*** daemontool_ has joined #openstack-keystone15:25
openstackgerritMerged openstack/keystone: Add missing backslash to keystone-manage bootstrap command in documentation  https://review.openstack.org/30412815:26
*** daemontool_ has quit IRC15:26
*** daemontool_ has joined #openstack-keystone15:27
*** daemontool has quit IRC15:28
*** richm has joined #openstack-keystone15:28
*** ninag has quit IRC15:28
*** navid_ has joined #openstack-keystone15:30
*** mylu has quit IRC15:30
*** stingaci_ has quit IRC15:35
*** Guest8989 has quit IRC15:35
*** jsavak has quit IRC15:38
*** harlowja_at_home has joined #openstack-keystone15:38
*** mylu has joined #openstack-keystone15:38
*** mylu has quit IRC15:43
*** gyee has joined #openstack-keystone15:45
*** ChanServ sets mode: +v gyee15:45
*** navid_ has quit IRC15:46
*** fawadkhaliq has quit IRC15:47
*** jaosorior_away has quit IRC15:47
*** jaosorior_away has joined #openstack-keystone15:48
*** mylu has joined #openstack-keystone15:48
*** dtroyer_zz has quit IRC15:52
*** dtroyer has joined #openstack-keystone15:52
*** ninag has joined #openstack-keystone15:54
*** jsavak has joined #openstack-keystone15:59
*** jaosorior_away has quit IRC16:04
*** jaosorior has joined #openstack-keystone16:05
*** jsavak has quit IRC16:07
*** jsavak has joined #openstack-keystone16:07
*** openstackstatus has joined #openstack-keystone16:10
*** ChanServ sets mode: +v openstackstatus16:10
*** ksnihyr has quit IRC16:12
*** dan_nguyen has joined #openstack-keystone16:12
*** david-lyle_ is now known as david-lyle16:15
*** fawadkhaliq has joined #openstack-keystone16:16
*** fawadkhaliq has quit IRC16:16
-openstackstatus- NOTICE: Reminder, Gerrit will be offline from 20:00 to 21:00 UTC for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html16:18
*** e0ne has quit IRC16:18
*** henrynash has quit IRC16:20
*** anush_ has joined #openstack-keystone16:20
*** fawadkhaliq has joined #openstack-keystone16:28
*** harlowja_at_home has quit IRC16:29
*** stingaci has joined #openstack-keystone16:29
*** stacker has quit IRC16:32
*** jaosorior has quit IRC16:33
*** stingaci has quit IRC16:37
*** stingaci has joined #openstack-keystone16:38
*** lhcheng has joined #openstack-keystone16:38
*** ChanServ sets mode: +v lhcheng16:38
*** rcernin has quit IRC16:40
*** jaosorior has joined #openstack-keystone16:44
*** roxanaghe has joined #openstack-keystone16:47
*** fawadkhaliq has quit IRC16:48
rodrigodsknikolla, sure16:49
rodrigodsknikolla, do you have any specific questions in mind?16:49
*** fawadkhaliq has joined #openstack-keystone16:49
*** navid_ has joined #openstack-keystone16:49
knikollarodrigods, not really. more like have a meeting to sync up and decide on the steps.16:53
*** jerrygb has quit IRC16:53
*** dutsmoc is now known as comstud16:54
*** jerrygb has joined #openstack-keystone16:54
*** daemontool__ has joined #openstack-keystone16:57
amakarovayoung, o/16:57
amakarovAre you here?16:57
*** navid__ has joined #openstack-keystone16:58
*** navid_ has quit IRC16:59
*** daemontool_ has quit IRC17:00
*** rderose has quit IRC17:00
*** rk4n has quit IRC17:02
ayoungamakarov, yes sah!17:04
*** fawadkhaliq has quit IRC17:06
amakarovayoung, redelegation resolution logic depends on other keystone parts and quite complicated itself. What can be done in the driver level?17:06
amakarovhttps://review.openstack.org/#/c/29187117:06
dolphmanyone know how to make `git checkout icehouse-eol && tox -e py27` work? it fails on "from oslo.utils import timeutils" with "ImportError: No module named utils" ... trying to install older versions of oslo.utils just wins me other dependency errors17:07
amakarovI left a comment in my patch17:07
ayoungamakarov, I'm OK with keeping it in the SQL driver17:08
amakarovdolphm, I can only suggest getting global requirements17:08
*** edmondsw has quit IRC17:08
ayoungthe more we work with the Database, the more it will actuall perform17:08
dolphmamakarov: global requirements aren't maintained for icehouse either17:08
amakarovayoung, how can I access roles from there17:08
ayoungas opposed to trying to work against the database17:08
dolphmamakarov: i'm hoping someone knows a trick to get keystone going17:08
ayoungamakarov, so is the problem that we have roles and role assignments in two different backends?17:09
*** fawadkhaliq has joined #openstack-keystone17:09
amakarovdolphm, you may try MOS 5.1.3 - it's built from icehouse and passes tests :)17:09
ayoungof course it is.17:09
dolphmamakarov: not sure what that is, but link?17:09
amakarovayoung, ++17:10
dolphmamakarov: sounds like something i could use to determine a working set of deps17:10
amakarovdolphm, https://software.mirantis.com/releases/#supported17:11
ayoungamakarov, so the business logic needs to work up one level.  First get the top level assignments for a user.  Then expand out implied roles so we have the whole tree.17:11
amakarovayoung, the problem is that I should make delegation driver depend on role  API :)17:12
ayoungdolphm, you might be able to do the same thing with an older RDO and get the RPM deps that way...I suspect that a Debian based deploy, too, would work17:12
ayoungamakarov maybe not the driver17:12
ayoungamakarov, the delegation driver should get the persisted data needed to reconsititue, but the merging should happen in the manager17:13
*** jsavak has quit IRC17:13
amakarovayoung, I can leave assignment and trust delegation drivers as they are now (without strict tree dependencies)17:13
dolphmamakarov: ayoung: thanks, i'll look into what packagers are doing after foods17:13
*** jsavak has joined #openstack-keystone17:13
ayoungIf you find yourself doing something in the driver that depends on another driver, push that logic up to the manager that calls it17:13
amakarovayoung, and do all the magic later when the delegation API is introduced17:14
*** e0ne has joined #openstack-keystone17:14
amakarovayoung, the problem is that I can't change neither assignment nor trust manager17:14
amakarovon the midcycle we agreed on driver replacement17:15
amakarovsubstitute to be more accurate17:15
amakarovayoung, and right now both of them pass standard assignment and trust tests respectively17:16
*** stingaci_ has joined #openstack-keystone17:26
*** stingaci has quit IRC17:26
*** e0ne has quit IRC17:27
*** trown is now known as trown|lunch17:28
*** ksnihyr has joined #openstack-keystone17:28
*** anush_ has quit IRC17:29
*** jsavak has quit IRC17:29
*** e0ne has joined #openstack-keystone17:30
*** jasonsb has joined #openstack-keystone17:30
*** jaosorior has quit IRC17:31
*** jsavak has joined #openstack-keystone17:32
ayoungamakarov, so, are you just bugging me for a review (which I totally owe you) or is there a more fundamental design question?17:34
openstackgerritAlexander Makarov proposed openstack/keystoneauth: Documentation example fix  https://review.openstack.org/30423317:34
amakarovayoung, I don't know how to organize the code and asking for an advice :)17:36
ayoungamakarov, OK...so I will try and give it a thorough review.  I think I need some time not in the middle of the day when I am constantly fielding questions, though, to do it justice.I'll aim for tonight17:36
amakarovayoung, I can introduce an intermediate layer that may operate on manager layer but operate as a driver17:36
rodrigodsknikolla, https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting#Agenda_for_next_meeting done17:37
rodrigodswould be nice to discuss that in tempest meeting too17:37
amakarovayoung, formally this should go but will look weird...17:38
*** neophy has joined #openstack-keystone17:40
*** mvk has quit IRC17:40
ayoungamakarov, I have a feeling for what it should look like.  It might be the wierdness you are describing17:40
knikollarodrigods, thanks. Agree, but with the keystone_plugin in our code tree it's more important to get a gate up and running.17:40
*** jerrygb has quit IRC17:41
amakarovayoung, like a manager incapsulating a manager?17:41
ayoungamakarov, calling, not encapsulating17:42
ayoungassignment calling role, maybe multiple times17:42
*** navid__ has quit IRC17:43
* amakarov intrigued17:43
*** ksnihyr has quit IRC17:44
*** ksnihyr has joined #openstack-keystone17:46
*** jistr has quit IRC17:51
openstackgerritRon De Rose proposed openstack/keystone: WIP - Concrete role assignments for federated users  https://review.openstack.org/28494317:57
*** navid__ has joined #openstack-keystone17:59
openstackgerritAlexander Makarov proposed openstack/keystoneauth: Documentation example removed for OAuth1  https://review.openstack.org/30424717:59
*** alejandrito has joined #openstack-keystone17:59
*** navid__ has quit IRC18:00
*** doug-fis_ has joined #openstack-keystone18:01
*** anush_ has joined #openstack-keystone18:02
*** doug-fi__ has joined #openstack-keystone18:02
*** rk4n has joined #openstack-keystone18:03
*** jsavak has quit IRC18:03
*** jsavak has joined #openstack-keystone18:03
*** doug-f___ has joined #openstack-keystone18:04
*** doug-fish has quit IRC18:04
openstackgerritMerged openstack/pycadf: Updated from global requirements  https://review.openstack.org/30315018:05
openstackgerritMerged openstack/pycadf: Remove invalid character from neutron_api_audit_map.conf  https://review.openstack.org/29445518:05
*** doug-f___ is now known as doug-fish18:06
*** doug-fis_ has quit IRC18:06
*** doug-fi__ has quit IRC18:07
*** rk4n has quit IRC18:08
*** daemontool__ has quit IRC18:10
openstackgerritColleen Murphy proposed openstack/keystonemiddleware: Create signing_dir upon first usage  https://review.openstack.org/30425518:12
*** stingaci_ has quit IRC18:12
*** trown|lunch is now known as trown18:14
*** stingaci has joined #openstack-keystone18:18
*** sdake has joined #openstack-keystone18:18
*** fawadkhaliq has quit IRC18:20
*** jasonsb has quit IRC18:21
*** fawadkhaliq has joined #openstack-keystone18:21
*** sheel has quit IRC18:27
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/30062618:27
*** ninag has quit IRC18:30
*** ninag has joined #openstack-keystone18:30
*** fawadkhaliq has quit IRC18:33
*** fawadkhaliq has joined #openstack-keystone18:34
*** ninag has quit IRC18:35
*** ninag has joined #openstack-keystone18:39
*** anush_ has quit IRC18:44
*** daemontool has joined #openstack-keystone18:46
*** med_ has quit IRC18:46
*** mylu has quit IRC18:47
*** mylu has joined #openstack-keystone18:50
samueldmqayoung: hi18:51
ayoungHey samueldmq18:51
samueldmqayoung: whenever you ahve a moment, could you look at patch 30278918:51
patchbotsamueldmq: https://review.openstack.org/#/c/302789/ - keystone - Add API Change Tutorial18:51
samueldmqayoung: that is a tutorial to help new contributors, I just wanted to see if we could find a better example for it18:52
samueldmqayoung: see the comments (mine and crinkle's=18:52
samueldmq)18:52
ayoungsamueldmq, it reads well on a first pass18:52
ayoungI'm tempted to say "lets push it" and deal with feedback from someone that actually has to work with it18:52
ayoungsamueldmq, its one of those where we won't know what is confusing until we try it on someone that does not know the process yet18:53
*** arunkant has quit IRC18:53
*** med_ has joined #openstack-keystone18:54
*** med_ has quit IRC18:54
*** med_ has joined #openstack-keystone18:54
samueldmqayoung: completely agreed18:55
samueldmqayoung: thanks for your feedback18:55
*** doug-fish has quit IRC18:57
*** ninag has quit IRC18:57
*** doug-fish has joined #openstack-keystone18:58
*** agireud has quit IRC19:00
*** yarkot_ has joined #openstack-keystone19:00
*** agireud has joined #openstack-keystone19:01
*** doug-fis_ has joined #openstack-keystone19:01
*** ninag has joined #openstack-keystone19:01
*** edmondsw has joined #openstack-keystone19:02
*** ninag_ has joined #openstack-keystone19:02
*** doug-fish has quit IRC19:03
*** ninag__ has joined #openstack-keystone19:04
*** rk4n has joined #openstack-keystone19:05
*** doug-fis_ has quit IRC19:06
*** ninag has quit IRC19:06
*** rk4n has quit IRC19:06
*** rk4n has joined #openstack-keystone19:06
*** ninag_ has quit IRC19:07
*** csoukup has joined #openstack-keystone19:09
bknudsontempest works with unversioned identity endpoint only by luck - http://git.openstack.org/cgit/openstack/tempest/tree/tempest/lib/auth.py#n33319:11
bknudsonwhen identity endpoint is like http://localhost:35357/ then path is '' so it appends the version_path (/v2.0)19:11
bknudsonwhereas if the identity endpoint is like http://localhost/identity then path is not empty so it doesn't append the version_path19:12
bknudsonnot sure what they were thinking19:12
*** zqfan has quit IRC19:12
rodrigodsbknudson, odd19:15
ayoungGAH spent the whole (interrupted) monring chaing down a test failure that was just an incorrect test19:18
ayoungone test closer to Trusts working for v2 one step closer to fernet19:18
*** csoukup has quit IRC19:19
morganayoung: heh19:26
*** stevemar has quit IRC19:27
*** stevemar has joined #openstack-keystone19:29
*** ChanServ sets mode: +o stevemar19:32
*** e0ne has quit IRC19:32
*** neophy has quit IRC19:34
*** fawadkhaliq has quit IRC19:39
*** fawadkhaliq has joined #openstack-keystone19:40
*** arunkant has joined #openstack-keystone19:45
*** stingaci has quit IRC19:45
-openstackstatus- NOTICE: Gerrit will be offline from 20:00 to 21:00 UTC (starting 10 minutes from now) for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html19:50
*** fawadkhaliq has quit IRC19:51
*** fawadkhaliq has joined #openstack-keystone19:51
bknudsonI should have asked what jamielennox|away was thinking -- https://github.com/openstack/tempest/commit/823a00433fe6622f25a3c9dacf86fcd66b3e819b19:51
*** lhcheng has quit IRC19:52
*** lhcheng has joined #openstack-keystone19:53
*** ChanServ sets mode: +v lhcheng19:53
*** mylu has quit IRC19:53
*** fawadkhaliq has quit IRC19:54
*** fawadkhaliq has joined #openstack-keystone19:55
*** anush_ has joined #openstack-keystone19:58
*** jsavak has quit IRC20:00
*** jsavak has joined #openstack-keystone20:00
*** trown is now known as trown|outtypewww20:01
*** maxabidi has joined #openstack-keystone20:02
*** lhcheng has quit IRC20:04
*** openstackgerrit has quit IRC20:05
-openstackstatus- NOTICE: Gerrit is offline until 21:00 UTC for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html20:06
*** ChanServ changes topic to "Gerrit is offline until 21:00 UTC for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html"20:06
*** ninag__ has quit IRC20:06
*** ninag has joined #openstack-keystone20:06
*** stingaci has joined #openstack-keystone20:06
*** yarkot_ has quit IRC20:09
*** mylu has joined #openstack-keystone20:10
*** ninag has quit IRC20:14
*** phalmos has joined #openstack-keystone20:16
*** neophy has joined #openstack-keystone20:21
*** jsavak has quit IRC20:23
*** openstackgerrit has joined #openstack-keystone20:27
*** maxabidi has quit IRC20:28
*** jsavak has joined #openstack-keystone20:29
*** alejandrito has quit IRC20:30
*** rderose has joined #openstack-keystone20:31
*** jsavak has quit IRC20:33
*** jsavak has joined #openstack-keystone20:34
*** alejandrito has joined #openstack-keystone20:36
*** doug-fis_ has joined #openstack-keystone20:40
*** ninag has joined #openstack-keystone20:41
*** csoukup has joined #openstack-keystone20:41
*** openstackgerrit has quit IRC20:41
*** anush_ has quit IRC20:42
ayoungraildo, OK,  I think I have the v2 trust stuff sorted20:43
ayoungrunning tox now20:43
raildoayoung: how did you fix it?20:43
raildoayoung: \o/ btw20:44
ayoungraildo, lbragstad, ^^  Had to switch a couple tests that were supposed to not validate for non-default domains20:44
ayoungraildo, there is also one ugle hack due to revocations20:44
lbragstadayoung awesome20:44
ayoungI have had to put a sleep 1 in a few places20:44
ayoungthat is the next thing to hunt down20:44
raildoayoung: I saw that, I was trying to understand how to fix it20:45
ayoungraildo, I still don't get why it is happening20:45
*** doug-fis_ has quit IRC20:45
ayoungraildo, but the revocation code needs a rewrite anyway.  THe tree must die20:45
raildoayoung: ++20:45
ayoungI suspect it is a glitch in the tree logic20:45
raildoayoung: maybe there is some thread issue when we can a revocation event20:45
ayoungraildo, so if we can pull up the old code, that does the linear search I bet it starts to work20:46
raildoayoung: great20:46
ayoungIt certainly feels like a race condition, but I don't see how it would invalidate the admin token20:46
ayoungraildo, and only for a second?20:46
ayoungwweeeeird20:46
raildoayoung: you know more about this than me :P I believe in you20:47
ayoungraildo, so that is one reason I was thinking to push through the change that reduces the number of revocation events.  It will simplify the linear search20:47
ayoungso there is a loose order to what I am working on here20:47
raildoayoung: I'll review that patch today20:48
*** spzala has quit IRC20:48
ayoungah..one more failure...20:49
ayoungtest_trust_get_token_fails_if_trustee_disabled20:49
ayounglooks like the race again...20:49
ayoungone sec20:49
raildoayoung: this is really weird...20:49
ayoungand...it passed when run standalone...20:50
ayoungoh..that had the sleep(1) in it and failed anyway.20:51
ayoungwell...I'll post the review20:51
*** jsavak has quit IRC20:51
*** jsavak has joined #openstack-keystone20:51
ayoung https://review.openstack.org/27869320:52
*** doug-fish has joined #openstack-keystone20:52
*** neophy has quit IRC20:53
*** openstackgerrit has joined #openstack-keystone20:55
*** doug-fish has quit IRC20:57
*** doug-fish has joined #openstack-keystone20:57
raildoayoung: awesome20:58
ayoungraildo, OK,  so grab that review,  and lets figure out how to reproduce the sleep issue....20:59
*** slberger1 has joined #openstack-keystone21:00
raildoayoung: I had a vm with this code running, and I was trying to reproduce this issue, if you want i can give access for you on it21:00
*** slberger has quit IRC21:01
*** anush_ has joined #openstack-keystone21:02
*** jsavak has quit IRC21:03
*** ninag has quit IRC21:03
*** ninag has joined #openstack-keystone21:03
*** ninag has quit IRC21:04
*** ninag has joined #openstack-keystone21:04
openstackgerritRodrigo Duarte proposed openstack/keystone: Add identity providers integration tests  https://review.openstack.org/30229921:05
openstackgerritRodrigo Duarte proposed openstack/keystone: Add service providers integration tests  https://review.openstack.org/30350221:05
*** ChanServ changes topic to "MITAKA is released! Thanks to everyone that contributed!"21:05
-openstackstatus- NOTICE: Gerrit move maintenance completed successfully; note that DNS has been updated to new IP addresses as indicated in http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html21:05
*** fawadkhaliq has quit IRC21:10
*** fawadkhaliq has joined #openstack-keystone21:10
*** fawadkhaliq has quit IRC21:11
*** fawadkhaliq has joined #openstack-keystone21:12
*** fawadkhaliq has quit IRC21:26
*** fawadkhaliq has joined #openstack-keystone21:26
*** pece has quit IRC21:28
*** raildo is now known as raildo-afk21:28
*** pauloewerton has quit IRC21:29
*** ninag has quit IRC21:34
*** ninag has joined #openstack-keystone21:34
*** ninag has quit IRC21:37
*** ninag has joined #openstack-keystone21:37
*** ninag has quit IRC21:38
*** mylu has quit IRC21:38
*** ninag has joined #openstack-keystone21:39
*** ksnihyr has quit IRC21:41
*** mylu has joined #openstack-keystone21:43
*** doug-fish has quit IRC21:45
stingaciHey guys. Quick question. There currently is no support for OS-INHERIT in the openstack client. Is that correct?21:46
*** edmondsw has quit IRC21:48
*** ninag has quit IRC21:50
*** ninag has joined #openstack-keystone21:50
morganstevemar: ^?21:54
stevemarmorgan: stingaci good question...21:54
morganstevemar: yeah i am just not sure, figured i'd ask you before doing the really deep dig into it.21:55
stevemarmorgan: stingaci i think it should work... you'll want to use the `openstack role add`` command, i think there is a --effective option21:55
stingaciI've looked up and down.. Didn't find any switches that support features like listing a project subtree.21:55
stevemarah, the subtree stuff is different than os-inherit (which just means your projects and subprojects get assignments from domains)21:56
morganooooh21:57
morganyeah21:57
morgani think we have a gap in OSC21:57
stevemarfor subtree bits, yeah, for sure21:57
stingaciI see. But even for adding a role there doesn't seem to be a 'push to child projects' swtich.21:58
openstackgerritBrant Knudson proposed openstack/keystone: Define identity interface - easy cases  https://review.openstack.org/29195021:58
openstackgerritBrant Knudson proposed openstack/keystone: Opportunistic LDAP testing  https://review.openstack.org/30023721:59
*** anush_ has quit IRC21:59
*** EinstCrazy has quit IRC21:59
*** anush_ has joined #openstack-keystone22:00
*** knikolla has quit IRC22:04
*** alejandrito has quit IRC22:11
*** ninag has quit IRC22:17
*** eandersson_ has joined #openstack-keystone22:18
morganstevemar: ^ bknudson makes up for lines removed with docstrings added22:24
bknudsoncan't win for losing.22:24
morgan;)22:28
*** timcline has quit IRC22:29
*** stingaci_ has joined #openstack-keystone22:30
*** stingaci has quit IRC22:30
*** lhcheng has joined #openstack-keystone22:31
*** ChanServ sets mode: +v lhcheng22:31
*** phalmos has quit IRC22:32
*** markvoelker has quit IRC22:33
*** slberger1 has left #openstack-keystone22:37
*** anush_ has quit IRC22:46
*** mylu has quit IRC22:47
*** ametts has quit IRC22:48
*** mylu has joined #openstack-keystone22:49
*** fawadkhaliq has quit IRC22:51
*** fawadkhaliq has joined #openstack-keystone22:51
*** sdake_ has joined #openstack-keystone22:53
*** mylu has quit IRC22:53
*** mylu has joined #openstack-keystone22:55
*** sdake has quit IRC22:55
*** gordc has quit IRC22:57
*** mvk has joined #openstack-keystone23:01
*** rk4n has quit IRC23:20
*** rk4n has joined #openstack-keystone23:20
*** jamielennox|away is now known as jamielennox23:22
rodrigodsstingaci_, stevemar morgan ^ https://github.com/openstack/python-openstackclient/blob/master/openstackclient/identity/v3/role_assignment.py#L7223:23
rodrigodsbtw, anyone has an opinion about the wording here https://review.openstack.org/#/c/303471/ ?23:24
patchbotrodrigods: patch 303471 - keystone-specs - Add note about service provider fields23:24
stingaci_rodrigods: cheers!23:26
rodrigodso/23:26
jamielennoxbknudson: did i break it/23:32
bknudsonjamielennox: it was probably all broken before.23:32
jamielennoxit is not my proudest patch but i just need something that worked23:32
bknudsonI tried to implement some version discovery but that was rejected as being too complicated.23:33
jamielennoxbknudson: it really needs a proper discovery system but that was more time than i was willing to invest23:33
jamielennoxyep, you were mentioned as having attempted that23:33
jamielennoxbknudson: so what's the case that i broke?23:33
bknudsonthe case where the endpoint is like https://localhost/identity23:33
jamielennoxwhat happens?23:34
*** markvoelker has joined #openstack-keystone23:34
bknudsonwhen it's  https://localhost:35357/ it puts /v2.0, but when it's https://localhost/identity it stays as https://localhost/identity23:34
jamielennoxthe case i was trying to fix was when path was empty, so endpoint is https://keystone:5000/ without version23:34
jamielennoxbecause the regexp went crazy and editted the base url and not just the path23:34
jamielennoxbknudson: unversioned like that wouldn't have worked previously either right?23:35
bknudsonthis code seems to have gone through several changes recently, so not sure which version you're talking about23:36
bknudsonbut at one point https://localhost/identity was working, and then it stopped23:36
bknudsonwhere https://localhost/identity was failing wasn't in replacing the version in the client, it was in replacing the version in tempest validate-config23:36
bknudsonfor some reason this functionality is reimplemented in a couple of places.23:37
*** markvoelker has quit IRC23:39
*** stingaci_ has quit IRC23:39
jamielennoxbknudson: :(23:41
*** mylu has quit IRC23:42
*** mylu has joined #openstack-keystone23:44
*** rk4n has quit IRC23:45
*** mylu has quit IRC23:48
*** mylu has joined #openstack-keystone23:49
morgandolphm: (ping) i... i think launchpad lost it's cookies23:51
morgandolphm: there was a security bug i got an email about ~42mins ago, but LP says you updated it in 2013?23:52
bknudsongrab a mop23:52
*** sdake has joined #openstack-keystone23:52
morgandolphm: what the deal is.23:52
morganoh and it's normal again23:52
morganderp23:53
morganit says mitaka23:53
morgannvm23:53
*** sdake_ has quit IRC23:53
openstackgerritBrant Knudson proposed openstack/keystone: Opportunistic LDAP testing  https://review.openstack.org/30023723:56
openstackgerritBrant Knudson proposed openstack/keystone: Tests clean up global ldap settings  https://review.openstack.org/30433723:56
bknudsonglobal variables are the worst.23:57
*** stingaci has joined #openstack-keystone23:59
« Sunday, 2016-04-10 Index Tuesday, 2016-04-12 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!