Thursday, 2016-04-14

« Wednesday, 2016-04-13 Index Friday, 2016-04-15 »
stevemarmorgan: keystonemiddleware stable is broken00:01
stevemarmorgan: this fixes it: https://review.openstack.org/#/c/305527/00:01
patchbotstevemar: patch 305527 - keystonemiddleware (stable/mitaka) - do not review - test commit00:01
stevemarrather... https://review.openstack.org/#/c/305526/00:01
patchbotstevemar: patch 305526 - keystonemiddleware (stable/mitaka) - Remove bandit.yaml in favor of defaults00:01
*** fawadkhaliq has joined #openstack-keystone00:13
*** stingaci has joined #openstack-keystone00:18
morganstevemar: wait which is it?00:20
*** fhubik has joined #openstack-keystone00:27
*** roxanaghe has quit IRC00:31
*** mylu has quit IRC00:32
*** stingaci has quit IRC00:33
*** mylu has joined #openstack-keystone00:33
*** fhubik has quit IRC00:34
stevemarmorgan: the latter00:47
*** diazjf has joined #openstack-keystone00:48
morganstevemar: so... i'm going to be a bad person00:49
morganstevemar: i was a bad person. but there you go00:50
*** dan_nguyen has quit IRC00:50
*** spandhe has quit IRC00:53
*** brad[]` is now known as brad[]00:57
*** gyee has quit IRC00:59
*** stingaci has joined #openstack-keystone01:01
*** stewie925 has quit IRC01:02
*** csoukup_ has joined #openstack-keystone01:02
*** pumarani__ has quit IRC01:06
*** csoukup_ has quit IRC01:06
*** spzala has quit IRC01:09
*** browne has quit IRC01:09
*** spzala has joined #openstack-keystone01:10
*** josecastroleon has joined #openstack-keystone01:16
*** mylu has quit IRC01:22
*** mylu has joined #openstack-keystone01:24
*** stingaci has quit IRC01:27
*** EinstCrazy has joined #openstack-keystone01:28
*** rderose has quit IRC01:29
*** stingaci has joined #openstack-keystone01:31
*** EinstCrazy has quit IRC01:32
*** EinstCrazy has joined #openstack-keystone01:32
*** josecastroleon has quit IRC01:38
*** jasonsb has joined #openstack-keystone01:45
stevemarmorgan: bad person?!01:48
morganstevemar: go look at your patch01:48
stevemarmorgan: you pushed it through01:48
morganyep01:48
morganbad person01:48
morgan;)01:48
morganwas a clean cherry-pick and unbreaking a stable gate = important01:49
stevemar:)01:49
stevemaryolanda: morgan ksa 2.6.0 is out :)01:49
morganstevemar: woo01:50
stevemarmorgan: https://review.openstack.org/#/c/304924/1 should pass now...01:50
patchbotstevemar: patch 304924 - keystonemiddleware (stable/mitaka) - Create signing_dir upon first usage01:50
morgan++01:50
morganimportant backport01:50
morganstevemar: +2 on that backport, +A whenever it passes01:51
morganstevemar: ... this one https://review.openstack.org/#/c/208488/ makes my head hurt a little :(01:52
patchbotmorgan: patch 208488 - keystone - Unified delegation model01:52
morganwel the whole chain01:53
*** tqtran has quit IRC01:53
*** sdake has quit IRC01:55
*** sdake has joined #openstack-keystone01:56
*** browne has joined #openstack-keystone01:58
*** EinstCrazy has quit IRC01:59
*** EinstCrazy has joined #openstack-keystone02:01
*** dan_nguyen has joined #openstack-keystone02:05
*** fawadkhaliq has quit IRC02:08
morganstevemar: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092298.html02:08
*** dan_nguyen has quit IRC02:10
*** zqfan has joined #openstack-keystone02:10
*** sdake has quit IRC02:12
mfischanyone seen this error before with memcache reaping?02:12
mfischhttps://bugs.launchpad.net/keystone/+bug/157015802:12
openstackLaunchpad bug 1570158 in OpenStack Identity (keystone) "memcache pool reap issue (stable/liberty)" [Undecided,New]02:12
morganmfisch: i have not02:14
morganmfisch: also https://review.openstack.org/#/c/304487/02:15
patchbotmorgan: patch 304487 - keystone (stable/mitaka) - Set the values for the request_local_cache02:15
mfischI saw that02:15
mfischI dont quite understand what that solves02:15
morganmfisch: limites the queries to the backend and to memcache02:15
morganso if you ask .get_domain(<id>) for that http request, it will never ask outside of keystone02:16
mfischoh02:16
mfischthats good02:16
morganstores the data in the request object02:16
morganit relies on caching, but it does it for all cached values02:16
morganyou can use it as well without memcache by setting caching backend to dogpile.null02:17
morganand then enable caching02:17
*** browne has quit IRC02:17
mfischcan we backport it?02:18
morganmfisch: that review is for mitaka02:18
morganbackporting to liberty is backporting the whole request local cache02:18
morgandoable, (it's encapsulated) but needs buyin from stevemar and other stable reviewers02:19
mfischI mean M02:19
morganyep02:19
mfischwe have to BP to M now right?02:19
morganyes02:19
morgan^ that review is the backport to mitaka02:19
morganit's a bug fix to solve a missing if check/set in the original code02:20
mfischmorgan: ok cool02:20
mfischwe're going to go to M after the summit02:20
morgannice02:21
morganmfisch: also - http://lists.openstack.org/pipermail/openstack-dev/2016-April/092298.html come midcycle with us :)02:22
*** morgan changes topic to "Newton Summit Soon! | Midcycle Planning Thread: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092298.html"02:23
mfischI'd like to02:23
stevemarmfisch: morgan backporting to liberty would be a no-go, it's more feature-y than buggy02:23
*** diazjf1 has joined #openstack-keystone02:25
mfischyeah I just meant M02:26
*** lhcheng has quit IRC02:26
*** diazjf has quit IRC02:27
mfischok i'm out02:27
stevemarmorgan: i don't think mfisch can attend, he's having a summer of george02:31
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/30518702:33
morganstevemar: ooh the proposal bot is back with another ready-to-fail update ;)02:33
morgani love that the only change is removing the extras02:34
morgan:P02:34
*** spzala has quit IRC02:38
*** fawadkhaliq has joined #openstack-keystone02:38
*** spzala has joined #openstack-keystone02:38
*** edmondsw has quit IRC02:40
*** stingaci has quit IRC02:42
stevemarmorgan: :)02:42
stevemarmorgan: that bot doesn't learn very well does it?02:42
*** spzala has quit IRC02:43
*** fawadkhaliq has quit IRC02:45
*** stingaci has joined #openstack-keystone02:46
*** fawadkhaliq has joined #openstack-keystone02:46
*** fawadkhaliq has quit IRC02:47
*** lhcheng_ has joined #openstack-keystone03:04
*** stingaci has quit IRC03:14
*** diazjf1 has quit IRC03:18
*** diazjf has joined #openstack-keystone03:22
*** real56 has joined #openstack-keystone03:26
*** real56 has quit IRC03:33
*** diazjf has left #openstack-keystone03:33
*** real56 has joined #openstack-keystone03:33
*** ankur has joined #openstack-keystone03:37
*** stingaci has joined #openstack-keystone03:37
*** mylu has quit IRC03:39
*** stingaci has quit IRC03:41
openstackgerritwangxiyuan proposed openstack/python-keystoneclient: Allow send null value in extra properties  https://review.openstack.org/29624603:44
*** jasonsb has quit IRC03:47
*** stingaci has joined #openstack-keystone03:55
*** richm has quit IRC03:56
*** spzala has joined #openstack-keystone04:02
*** mylu has joined #openstack-keystone04:07
*** spzala has quit IRC04:08
*** ksavich has joined #openstack-keystone04:17
*** timburke has quit IRC04:30
*** hugokuo has quit IRC04:30
*** rvba has quit IRC04:31
*** rdo has quit IRC04:31
*** mc_nair has quit IRC04:31
*** SamYaple has quit IRC04:31
*** SamYaple has joined #openstack-keystone04:31
*** rvba has joined #openstack-keystone04:31
*** rvba has quit IRC04:31
*** rvba has joined #openstack-keystone04:31
*** mc_nair has joined #openstack-keystone04:31
*** jlvillal has quit IRC04:32
*** jlvillal has joined #openstack-keystone04:32
*** timburke has joined #openstack-keystone04:34
*** hugokuo has joined #openstack-keystone04:34
*** lamt has quit IRC04:36
*** rdo has joined #openstack-keystone04:37
*** fawadkhaliq has joined #openstack-keystone04:42
*** rcernin has joined #openstack-keystone04:50
*** mylu has quit IRC04:56
*** spzala has joined #openstack-keystone05:02
*** markvoelker has quit IRC05:06
*** spzala has quit IRC05:07
*** roxanaghe has joined #openstack-keystone05:12
*** roxanaghe has quit IRC05:12
*** roxanaghe has joined #openstack-keystone05:13
*** jaosorior has joined #openstack-keystone05:20
*** lhcheng_ has quit IRC05:21
*** lhcheng has joined #openstack-keystone05:21
*** ChanServ sets mode: +v lhcheng05:21
*** ksavich has quit IRC05:22
*** roxanagh_ has joined #openstack-keystone05:22
*** real56 has quit IRC05:22
*** real56 has joined #openstack-keystone05:23
*** jidar has quit IRC05:24
*** roxanaghe has quit IRC05:24
*** roxanagh_ has quit IRC05:26
*** jidar has joined #openstack-keystone05:28
*** real56 has quit IRC05:49
*** real56 has joined #openstack-keystone05:50
*** spandhe has joined #openstack-keystone05:54
*** markvoelker has joined #openstack-keystone06:00
*** dims_ has joined #openstack-keystone06:00
*** vnogin1 has joined #openstack-keystone06:02
*** darrenc_ has joined #openstack-keystone06:02
*** spzala has joined #openstack-keystone06:03
*** tristanC_ has joined #openstack-keystone06:04
*** sigmavirus24b has joined #openstack-keystone06:05
*** alex_xu_ has joined #openstack-keystone06:05
*** pumarani- has joined #openstack-keystone06:06
*** markvoelker has quit IRC06:06
*** charz_ has joined #openstack-keystone06:07
*** huats__ has joined #openstack-keystone06:07
*** sileht_ has joined #openstack-keystone06:07
*** zeus- has joined #openstack-keystone06:07
*** Nirupama has joined #openstack-keystone06:07
*** spzala has quit IRC06:07
yolandastevemar, thanks06:08
*** Nakato_ has joined #openstack-keystone06:08
*** woodster_ has quit IRC06:08
*** rvba` has joined #openstack-keystone06:08
*** jlvillal_ has joined #openstack-keystone06:08
*** gsilvis_ has joined #openstack-keystone06:08
*** fawadkhaliq has quit IRC06:08
*** jlvillal has quit IRC06:08
*** rvba has quit IRC06:08
*** stingaci has quit IRC06:08
*** ankur has quit IRC06:08
*** huats_ has quit IRC06:08
*** sileht has quit IRC06:08
*** vnogin has quit IRC06:08
*** charz has quit IRC06:08
*** afazekas has quit IRC06:08
*** dtroyer has quit IRC06:08
*** alex_xu has quit IRC06:08
*** dims has quit IRC06:08
*** gsilvis has quit IRC06:08
*** SpamapS has quit IRC06:08
*** tristanC has quit IRC06:08
*** med_ has quit IRC06:08
*** mdavidson has quit IRC06:08
*** zeus has quit IRC06:08
*** cloudnull has quit IRC06:08
*** darrenc has quit IRC06:08
*** krotscheck_dcm has quit IRC06:08
*** adam_g has quit IRC06:08
*** ryanpetrello has quit IRC06:08
*** sigmavirus24_awa has quit IRC06:08
*** Nakato has quit IRC06:08
*** pumaranikar has quit IRC06:08
*** ctracey has quit IRC06:08
*** dobson has quit IRC06:08
*** spandhe has quit IRC06:08
*** zeus- is now known as zeus06:09
*** krotscheck has joined #openstack-keystone06:09
*** zeus is now known as Guest3681206:09
*** ryanpetrello has joined #openstack-keystone06:09
*** darrenc_ is now known as darrenc06:10
*** jlvillal_ is now known as jlvillal06:10
*** tqtran has joined #openstack-keystone06:10
*** real56 has quit IRC06:10
*** jlvillal is now known as Guest8348506:10
*** real56 has joined #openstack-keystone06:11
*** dobson has joined #openstack-keystone06:11
*** med_ has joined #openstack-keystone06:12
*** real56 has quit IRC06:12
*** med_ is now known as Guest4633706:12
*** ryanpetrello has quit IRC06:14
*** sileht_ is now known as sileht06:15
*** real56 has joined #openstack-keystone06:15
*** SpamapS has joined #openstack-keystone06:15
*** mdavidson has joined #openstack-keystone06:15
*** ctracey has joined #openstack-keystone06:16
*** ryanpetrello has joined #openstack-keystone06:16
*** lhcheng has quit IRC06:17
*** cloudnull has joined #openstack-keystone06:24
*** darrenc has quit IRC06:25
*** roxanaghe has joined #openstack-keystone06:27
*** roxanaghe has quit IRC06:32
*** rk4n has joined #openstack-keystone06:33
*** dikonoor has joined #openstack-keystone06:35
*** dikonoo has joined #openstack-keystone06:35
stevemaryolanda: yw :)06:37
stevemaryolanda: thank you for the betamax work06:37
*** real56 has quit IRC06:43
*** real56 has joined #openstack-keystone06:44
*** ryanpetrello has quit IRC06:45
*** tesseract- has joined #openstack-keystone06:45
*** josecastroleon has joined #openstack-keystone06:46
*** e0ne has joined #openstack-keystone06:46
*** tqtran has quit IRC06:47
*** fawadkhaliq has joined #openstack-keystone06:49
*** dhellmann has quit IRC06:49
*** jaosorior has quit IRC06:50
*** jaosorior has joined #openstack-keystone06:50
*** rk4n has quit IRC06:52
*** ryanpetrello has joined #openstack-keystone06:52
*** dhellmann has joined #openstack-keystone06:56
*** adam_g has joined #openstack-keystone06:58
*** adam_g has quit IRC06:58
*** adam_g has joined #openstack-keystone06:58
*** rk4n has joined #openstack-keystone06:59
*** afazekas has joined #openstack-keystone07:00
*** real56 has quit IRC07:02
*** spzala has joined #openstack-keystone07:03
*** real56 has joined #openstack-keystone07:05
*** spzala has quit IRC07:08
*** darrenc has joined #openstack-keystone07:09
*** sdake has joined #openstack-keystone07:12
*** stingaci has joined #openstack-keystone07:12
*** jaosorior has quit IRC07:13
*** e0ne has quit IRC07:15
*** daemontool has joined #openstack-keystone07:15
*** daemontool_ has quit IRC07:17
*** stingaci has quit IRC07:17
*** e0ne has joined #openstack-keystone07:18
*** e0ne has quit IRC07:21
*** ryanpetrello has quit IRC07:21
*** real56 has quit IRC07:21
*** real56 has joined #openstack-keystone07:21
*** ryanpetrello has joined #openstack-keystone07:23
*** real56 has quit IRC07:23
*** rk4n has quit IRC07:23
*** real56 has joined #openstack-keystone07:24
*** real56 has quit IRC07:29
*** real56 has joined #openstack-keystone07:30
*** sdake has quit IRC07:31
*** fawadkhaliq has quit IRC07:34
*** jaosorior has joined #openstack-keystone07:35
*** pnavarro has joined #openstack-keystone07:36
*** mhickey has joined #openstack-keystone07:43
stevemarmorgan: if you get a chance, look at the session schedule: https://www.openstack.org/summit/austin-2016/summit-schedule/global-search?t=Keystone%3A07:43
*** fhubik has joined #openstack-keystone07:47
*** jaosorior has quit IRC07:48
*** jaosorior has joined #openstack-keystone07:48
*** daemontool has quit IRC07:49
*** jaosorior has quit IRC07:49
*** jaosorior has joined #openstack-keystone07:49
*** dtroyer has joined #openstack-keystone07:49
*** daemontool has joined #openstack-keystone07:51
*** markvoelker has joined #openstack-keystone08:02
*** spzala has joined #openstack-keystone08:05
*** markvoelker has quit IRC08:08
*** spzala has quit IRC08:10
*** roxanaghe has joined #openstack-keystone08:12
*** Tridde has quit IRC08:14
*** roxanaghe has quit IRC08:16
*** henrynash has joined #openstack-keystone08:17
*** ChanServ sets mode: +v henrynash08:17
*** jistr has joined #openstack-keystone08:18
*** real56 has quit IRC08:21
*** real56 has joined #openstack-keystone08:24
*** openstackstatus has joined #openstack-keystone08:25
*** ChanServ sets mode: +v openstackstatus08:25
*** adam_g has quit IRC08:30
*** e0ne has joined #openstack-keystone08:34
*** adam_g has joined #openstack-keystone08:36
*** adam_g has quit IRC08:36
*** adam_g has joined #openstack-keystone08:36
*** e0ne has quit IRC08:44
*** permalac has joined #openstack-keystone08:53
*** e0ne has joined #openstack-keystone08:53
*** daemontool_ has joined #openstack-keystone08:57
permalacHello guys.08:57
permalacI have an openstack installation and I have to federate it with another one.08:57
permalacthey just gave me a bunch of users and passwords, users like admin-<region> nova-<region>  and so on.08:58
permalacI'm trying to understand what to do, but I'm failing on it on a very Hollywood style.08:59
*** ankur has joined #openstack-keystone08:59
permalaccan someone give me a link to a place where to learn the required knowledge to understand how to test the keystone functionalities?08:59
permalacI really think that I'm not understanding something basic or so.09:00
*** roxanaghe has joined #openstack-keystone09:00
*** daemontool has quit IRC09:01
*** roxanaghe has quit IRC09:05
*** odyssey4me_ is now known as odyssey4me09:05
*** real56 has quit IRC09:07
*** real56 has joined #openstack-keystone09:08
*** GB21 has joined #openstack-keystone09:10
*** chlong has quit IRC09:11
*** Trident has joined #openstack-keystone09:27
*** akscram has quit IRC09:30
*** david-lyle_ has joined #openstack-keystone09:30
*** david-lyle has quit IRC09:33
*** dhellmann has quit IRC09:33
*** mc_nair has quit IRC09:33
*** trey has quit IRC09:33
*** bradjones has quit IRC09:33
*** mdavidson has quit IRC09:34
*** dancn` has quit IRC09:34
*** akscram has joined #openstack-keystone09:35
*** real56 has quit IRC09:38
*** jistr has quit IRC09:38
*** tesseract- has quit IRC09:38
*** dancn has joined #openstack-keystone09:39
*** GB21 has quit IRC09:40
*** trey has joined #openstack-keystone09:41
*** dhellmann has joined #openstack-keystone09:41
*** bradjones has joined #openstack-keystone09:43
*** bradjones has quit IRC09:43
*** bradjones has joined #openstack-keystone09:43
*** mc_nair has joined #openstack-keystone09:45
*** GB21 has joined #openstack-keystone09:47
*** mvk has joined #openstack-keystone09:50
*** tesseract- has joined #openstack-keystone09:50
*** mdavidson has joined #openstack-keystone09:51
*** GB21 has quit IRC09:57
*** e0ne has quit IRC10:01
*** e0ne has joined #openstack-keystone10:01
*** markvoelker has joined #openstack-keystone10:04
*** alex_xu_ has quit IRC10:04
*** spzala has joined #openstack-keystone10:07
*** alex_xu has joined #openstack-keystone10:08
*** markvoelker has quit IRC10:09
*** daemontool__ has joined #openstack-keystone10:10
*** spzala has quit IRC10:12
*** daemontool_ has quit IRC10:14
*** fhubik has quit IRC10:16
*** jistr has joined #openstack-keystone10:22
*** sheel has joined #openstack-keystone10:24
*** GB21 has joined #openstack-keystone10:28
*** daemontool__ has quit IRC10:57
*** mvk has quit IRC10:59
*** EinstCrazy has quit IRC11:02
*** edmondsw has joined #openstack-keystone11:03
*** GB21 has quit IRC11:06
*** ankur has quit IRC11:07
*** spzala has joined #openstack-keystone11:08
*** GB21 has joined #openstack-keystone11:08
*** alex_xu has quit IRC11:08
*** henrynash has quit IRC11:09
*** alex_xu has joined #openstack-keystone11:10
*** spzala has quit IRC11:13
*** doug-fish has joined #openstack-keystone11:13
*** stingaci has joined #openstack-keystone11:14
*** mnaser has quit IRC11:16
*** stingaci has quit IRC11:19
*** GB21 has quit IRC11:20
*** GB21 has joined #openstack-keystone11:22
*** aimeeU has joined #openstack-keystone11:24
*** mnaser has joined #openstack-keystone11:31
*** flaper87 has quit IRC11:33
*** flaper87 has joined #openstack-keystone11:33
*** GB21 has quit IRC11:39
*** GB21 has joined #openstack-keystone11:39
*** gordc has joined #openstack-keystone11:40
*** dancn has quit IRC11:42
*** wanghua has quit IRC11:44
*** dancn has joined #openstack-keystone11:50
*** woodburn has quit IRC11:50
*** Guest46337 is now known as med_11:55
*** med_ has quit IRC11:55
*** med_ has joined #openstack-keystone11:55
*** dancn has quit IRC12:00
*** doug-fish has quit IRC12:01
*** doug-fish has joined #openstack-keystone12:02
*** bradjones has quit IRC12:02
*** mdavidson has quit IRC12:04
*** flaper87 has quit IRC12:04
*** markvoelker has joined #openstack-keystone12:05
*** Guest83485 has quit IRC12:05
*** doug-fish has quit IRC12:06
*** dancn has joined #openstack-keystone12:07
*** spzala has joined #openstack-keystone12:09
*** bradjones has joined #openstack-keystone12:09
*** bradjones has quit IRC12:09
*** bradjones has joined #openstack-keystone12:09
*** markvoelker has quit IRC12:09
*** trown|outtypewww is now known as trown12:10
*** flaper87 has joined #openstack-keystone12:11
*** flaper87 has quit IRC12:11
*** flaper87 has joined #openstack-keystone12:11
*** jlvillal has joined #openstack-keystone12:13
*** tristanC_ is now known as tristanC12:13
*** mdavidson has joined #openstack-keystone12:13
*** spzala has quit IRC12:13
*** markvoelker has joined #openstack-keystone12:14
*** markvoelker has quit IRC12:14
*** tesseract- has quit IRC12:15
*** tesseract- has joined #openstack-keystone12:16
*** raildo-afk is now known as raildo12:17
*** GB21 has quit IRC12:18
*** GB21 has joined #openstack-keystone12:23
*** furface has quit IRC12:25
openstackgerritSamuel de Medeiros Queiroz proposed openstack/python-keystoneclient: Improve docs for v3 users  https://review.openstack.org/30579612:26
*** dancn has quit IRC12:26
samueldmqbknudson: ^ as requested for user functional tests12:26
*** markvoelker has joined #openstack-keystone12:27
*** furface has joined #openstack-keystone12:28
openstackgerritSamuel de Medeiros Queiroz proposed openstack/python-keystoneclient: Add users functional tests  https://review.openstack.org/28930612:28
*** GB21 has quit IRC12:28
*** richm has joined #openstack-keystone12:31
*** dancn has joined #openstack-keystone12:33
*** ninag has joined #openstack-keystone12:38
openstackgerrithenry-nash proposed openstack/keystone: Create V9 driver for identity backend  https://review.openstack.org/30531512:42
*** dancn has quit IRC12:42
*** rvba` has quit IRC12:45
*** rvba has joined #openstack-keystone12:45
*** rvba has quit IRC12:45
*** rvba has joined #openstack-keystone12:45
*** Guest36812 is now known as zeus12:45
*** zeus has quit IRC12:46
*** zeus has joined #openstack-keystone12:46
*** jaosorior has quit IRC12:46
*** dancn has joined #openstack-keystone12:49
*** doug-fish has joined #openstack-keystone12:52
*** spzala has joined #openstack-keystone12:53
*** doug-fish has quit IRC12:53
*** doug-fish has joined #openstack-keystone12:54
*** lamt has joined #openstack-keystone13:01
openstackgerrithenry-nash proposed openstack/keystone: Create V9 driver for identity backend  https://review.openstack.org/30531513:07
*** henrynash has joined #openstack-keystone13:09
*** ChanServ sets mode: +v henrynash13:09
*** jsavak has joined #openstack-keystone13:12
*** Nakato_ is now known as Nakato13:14
*** permalac_ has joined #openstack-keystone13:14
*** david-lyle has joined #openstack-keystone13:15
*** markvoelker_ has joined #openstack-keystone13:15
*** roxanaghe has joined #openstack-keystone13:16
*** cburgess has quit IRC13:17
*** richm has quit IRC13:17
*** richm1 has joined #openstack-keystone13:17
*** rvba has quit IRC13:17
*** jaimguer has quit IRC13:17
*** pleia2 has quit IRC13:17
*** lmiccini has quit IRC13:17
*** markvoelker has quit IRC13:17
*** jlvillal has quit IRC13:17
*** david-lyle_ has quit IRC13:17
*** permalac has quit IRC13:17
*** rvba has joined #openstack-keystone13:17
*** rvba has quit IRC13:18
*** rvba has joined #openstack-keystone13:18
*** pleia2 has joined #openstack-keystone13:18
*** jlvillal has joined #openstack-keystone13:18
*** jaimguer has joined #openstack-keystone13:19
*** lmiccini has joined #openstack-keystone13:20
*** roxanaghe has quit IRC13:21
*** cburgess has joined #openstack-keystone13:22
*** pauloewerton has joined #openstack-keystone13:23
*** tlbr has quit IRC13:26
*** tlbr has joined #openstack-keystone13:26
*** daemontool has joined #openstack-keystone13:36
*** Nirupama has quit IRC13:39
*** mylu has joined #openstack-keystone13:39
*** richm1 is now known as richm13:39
*** darosale has joined #openstack-keystone13:46
*** ninag_ has joined #openstack-keystone13:46
*** pumarani- has quit IRC13:47
*** med_ has quit IRC13:47
*** aimeeU has quit IRC13:48
*** dhellmann has quit IRC13:48
*** vnogin1 has quit IRC13:48
*** SamYaple has quit IRC13:48
openstackgerritRodrigo Duarte proposed openstack/keystone-specs: Include blacklist and whitelist to mappings docs  https://review.openstack.org/30586613:49
*** daemontool has quit IRC13:49
*** ninag has quit IRC13:49
*** mdavidson has quit IRC13:49
*** edmondsw has quit IRC13:49
*** daemontool has joined #openstack-keystone13:49
*** med_ has joined #openstack-keystone13:52
*** med_ is now known as Guest9074813:53
*** sigmavirus24b is now known as sigmavirus2413:53
*** sigmavirus24 has quit IRC13:53
*** sigmavirus24 has joined #openstack-keystone13:53
*** pumaranikar has joined #openstack-keystone13:54
*** woodburn has joined #openstack-keystone13:55
*** ametts has joined #openstack-keystone13:57
*** ayoung has quit IRC13:57
*** dhellmann has joined #openstack-keystone13:58
*** dhellmann has quit IRC14:01
*** aimeeU has joined #openstack-keystone14:01
*** vnogin has joined #openstack-keystone14:02
*** edmondsw has joined #openstack-keystone14:02
*** mdavidson has joined #openstack-keystone14:03
*** dhellmann has joined #openstack-keystone14:03
*** dmellado_ is now known as dmellado14:04
*** gagehugo has joined #openstack-keystone14:06
*** Guest90748 is now known as medberry14:10
*** medberry has quit IRC14:10
*** medberry has joined #openstack-keystone14:10
*** SamYaple has joined #openstack-keystone14:11
*** pushkaru has joined #openstack-keystone14:14
*** ksavich has joined #openstack-keystone14:15
*** woodster_ has joined #openstack-keystone14:15
rodrigodsknikolla, ping... did my email help?14:17
*** mylu has quit IRC14:17
*** rderose has joined #openstack-keystone14:22
knikollarodrigods: yeah, but we’re facing other issues after the redirect.14:22
*** mylu has joined #openstack-keystone14:22
*** jaugustine has joined #openstack-keystone14:22
mylurodrigods: lol I need help14:22
rodrigodsmylu, knikolla, sure14:23
rodrigodswhat is the current issue?14:23
knikollarodrigods: i’ll let mylu explain14:23
*** dan_nguyen has joined #openstack-keystone14:24
mylurodrigods: so when I request http://keystone.sp/v3/OS-FEDERATION/identity_providers/kestone-idp/protocols/saml2/auth after 302, I get WARN Shibboleth.SessionInitiator.SAML2 [8]: unable to locate compatible SSO service for provider and INFO Shibboleth.SessionInitiator.Shib1 [8]: unable to locate Shibboleth-aware identity provider role for provider14:24
myluBut I did see INFO Shibboleth.SessionCache [8]: new session created for my idp14:25
rodrigodsmylu, ok... we need to check shibboleth's config, check your IdP setup and your SP setup (the entities created in both of them)14:26
myluand in keystone.log I see None of the configured SessionInitiators handled the request.14:26
mylurodrigods: we're testing in a devstack pair that has k2k set up correctly, meaning that it works when we use keystoneauth114:27
rodrigodsmylu, hmm ok, so you may be calling the wrong URL14:28
*** gagehugo has quit IRC14:28
rodrigodsmylu, can you paste the list of service providers (and its attributes) of your IdP keystone?14:28
*** gagehugo has joined #openstack-keystone14:28
rodrigodsmylu, https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-federation-ext.rst#listing-service-providers14:29
*** slberger has joined #openstack-keystone14:30
myluI believe I'm using the right url I just got this http://sp-ip:35357/v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth14:30
myluand when I look in keystone_access log I found this:14:31
myluWhen I use keystoneauth: "POST /Shibboleth.sso/SAML2/ECP HTTP/1.1" 302 292 "-" "Python-httplib2/0.9.2 (gzip)" 13234(us)14:31
mylu"GET /v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth HTTP/1.1" 500 988 "-" "Python-httplib2/0.9.2 (gzip)" 2466(us)14:31
myluwait sorry the above is when I use my test code in tempest14:32
henrynashquick, easy (hopefully) +2/A (famous last words): https://review.openstack.org/#/c/288403/414:32
patchbothenrynash: patch 288403 - keystone - Expose not clearing of user default project on pro...14:32
*** phalmos has joined #openstack-keystone14:32
myluthis is when I use keystoneauth: "POST /Shibboleth.sso/SAML2/ECP HTTP/1.1" 302 292 "-" "keystoneauth1/2.3.0 python-requests/2.9.1 CPython/2.7.6" 15955(us)14:32
mylu"GET /v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth HTTP/1.1" 201 438 "-" "keystoneauth1/2.3.0 python-requests/2.9.1 CPython/2.7.6" 11802960(us)14:32
rodrigodsmylu, could you paste in paste.openstack.org? it is easier to read there14:33
mylurodrigods: http://paste.openstack.org/show/494084/14:34
*** permalac_ has quit IRC14:36
*** ksavich has quit IRC14:40
*** mvk has joined #openstack-keystone14:40
*** csoukup_ has joined #openstack-keystone14:42
rodrigodsmylu, strange... can i take a look in the code?14:44
*** gagehugo has quit IRC14:44
mylurodrigods: yes sure14:44
rodrigodsmylu, you can paste here... i'll be leaving for lunch but as soon as i'm back i'll take a look14:44
mylurodrigods: let me commit it to my own github...its messy bare with me lol14:44
rodrigodssure14:44
*** timcline has joined #openstack-keystone14:50
*** henrynash has quit IRC14:52
*** ayoung has joined #openstack-keystone14:53
*** ChanServ sets mode: +v ayoung14:53
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP users  https://review.openstack.org/30548714:55
mylurodrigods: https://github.com/minggLu/tempest/commit/f02eee8598d51fb431a9c3d81f6ed6ec49007fbe ... sorry in advance cuz it too messy...14:55
*** gagehugo has joined #openstack-keystone14:55
*** henrynash has joined #openstack-keystone14:56
*** ChanServ sets mode: +v henrynash14:56
*** mylu has quit IRC14:57
*** zzxwill has joined #openstack-keystone14:57
*** tesseract- has quit IRC14:58
*** mylu has joined #openstack-keystone14:58
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548714:58
bretonhave we discussed roles-scoped tokens before?15:02
*** henrynash has quit IRC15:06
*** EinstCrazy has joined #openstack-keystone15:07
morganbreton: role scoped? what would a role scope be?15:10
morganbreton: keystone made a choice in ... grizzly? to not have a role (global) assigned to a user without an associated project15:11
morganstevemar: schdule looks good to me15:12
*** zzxwill has quit IRC15:13
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548715:14
*** stingaci has joined #openstack-keystone15:15
bretonmorgan: role+project scoped15:15
morganbreton: isn't... that what we have now?15:16
rodrigodsmylu, think i found the issue15:16
rodrigodsmylu, https://github.com/minggLu/tempest/commit/f02eee8598d51fb431a9c3d81f6ed6ec49007fbe#diff-ee738dc5e5d9db383e0c17fa92770f52R103 is missing the port15:16
mylurodrigods: sorry I forgot to change it back, that was when I changed it this morning because I was not a believer15:17
gsilvis_breton: do you mean a token that only grants some of the roles that a user would have?15:17
bretonmorgan: if a user has 3 assignments to 1 project, all these roles will be activated. I'm thinking about activating a single role.15:17
mylurodrigods: I did it before with port 5000 and 35357 and it wasn't working either15:18
bretonmorgan: (or a subset of roles)15:18
bretongsilvis_: yep15:18
morganbreton: token with limited roles/subset. that is something ayoung was working on15:18
gsilvis_breton: because I believe it's possible to get such a token right now, using trusts, though I don't know if there's a more straightforward way15:18
*** gsilvis_ is now known as gsilvis15:18
ayoungmorgan, gsilvis is right15:18
morganyou can do that with trusts as gsilvis said, but it's clunky15:18
ayoungtoken is the only way today15:18
bretongsilvis: afaik we cannot create trust on ourselves.15:18
ayoungbreton, why not?15:18
bretonayoung: i dunno, i've just tried in tests and it have 403. Maybe i tried bad though.15:19
ayoungbreton, I mean, I don't trust *myself* but you should trust you15:19
breton*it gave15:19
ayoungnah, self trusts work15:19
bretondo we have a test for it?15:19
ayoungbreton, just do it15:19
ayoungit works15:19
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548715:20
ayoungor write a test if you don't believe me....I forget if we tested it, but there is not explicit check that trustee can nnot = user15:20
*** stingaci has quit IRC15:20
*** slberger1 has joined #openstack-keystone15:21
* breton checks15:21
*** slberger has quit IRC15:22
bretonright. It works, i tried not enough before.15:22
bretonok then15:22
*** henrynash has joined #openstack-keystone15:22
*** ChanServ sets mode: +v henrynash15:22
rodrigodsmylu, can you avoid the final step of doing the GET after the redirect?15:23
rodrigodsand do that manually, with cURL15:23
*** jsavak has quit IRC15:23
mylurodrigods: sure15:23
rodrigodsto check what happens? i'm suspecting the "self.get()" is including unnecessary stuff in the request15:23
rderoseany idea when oslo_log package will get updated?15:26
rderoseSo that we can refer to the Newton release in our deprecated decorator, e.g. versionutils.deprecated.NEWTON15:26
*** jsavak has joined #openstack-keystone15:26
*** josecastroleon has quit IRC15:30
*** Bjoern has joined #openstack-keystone15:30
*** josecastroleon has joined #openstack-keystone15:33
openstackgerrityolanda.robla proposed openstack/keystoneauth: WIP: Create custom serializer for keystoneauth and betamax  https://review.openstack.org/30593715:34
stevemarmorgan: i will leave the work rooms as-is15:34
stevemarmorgan: i won't fill in the details, we can work on stuff from the fishbowls15:35
morganyeah15:35
morganwfm15:35
mylurodrigods: http://paste.openstack.org/show/494094/15:36
*** pnavarro has quit IRC15:38
*** skape has joined #openstack-keystone15:39
*** stingaci has joined #openstack-keystone15:40
openstackgerritNavid Pustchi proposed openstack/keystone: Fix D401 PEP8 violation.  https://review.openstack.org/30594415:41
mylurodrigods: I feel like the problem is when I do get request to /v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth, shibboleth tries to initiate a new session instead of using the cached one15:43
mylurodrigods:  maybe I need to pass extra parameter with my GET request.. like the 'set-cookie' I got from the 302 response?15:44
rodrigodsmylu, hmm... maybe?15:44
mylurodrigods: but I have no idea how to do it lol I'm gonna try to look at how keystoneauth session does it...15:45
skapeHi!   guys !!!15:45
skapei'm installing mitaka following the install guide for rdo on centos, all went well until the verification of cinder with the command "cinder service-list" when I receive an 503 error. in the cinder-api.log lists an authentication error. while trying to resolv this issue I found out the keystone command is also not working for exemple keystone catalog, and here is where i'm lost "openstack token issue"  works fine what am I15:45
*** chianingwang has quit IRC15:46
rodrigodsmylu, a easy way is to check the request being made by keystoneauth to see what is missing15:47
mylurodrigods: I've been looking at keystoneauth.identity.v3.k2k for references, I'm doing exactly the same thing https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/v3/k2k.py#L15515:49
mylurodrigods: it could be session is doing something that I'm not doing and that caused the problem...but that doesn't make sense either because15:50
rodrigodsmylu, exactly, i mean you check the request headers, url, everything15:50
mylurodrigods: http://paste.openstack.org/show/494096/ this is what I got from the debug message when I run it with keystoneauth15:51
mylurodrigods: and it's the same curl command except not including User-Agent...15:52
*** henrynash has quit IRC15:52
openstackgerritTom Cocozzello (tjcocozz) proposed openstack/keystone: DO NOT REVIEW (testing experimental)  https://review.openstack.org/30595415:52
rodrigodsmylu, bizarre... need to leave for a hour or so15:52
mylurodrigods: same here hahaha15:52
rodrigodswill ping you when i'm back15:53
mylurodrigods: but I'll still look into the session code and see if I can find anything helpful15:53
mylurodrigods: sounds good Thanks for helping!15:53
skapewhat is the diference between "openstack token issue" and "keystone catalog" what can be wrong when the first works but the second dont ?15:54
*** henrynash has joined #openstack-keystone15:55
*** ChanServ sets mode: +v henrynash15:55
skapejoin #openstack-cinder15:55
skapeops15:56
EmilienMso last night with ayoung we played with fernet keys deployments with puppet-keystone and we were wondering where is the right place for keys. Should it be in /etc/keystone/fernet-keys? or /var/lib/keystone/fernet-keys? somewhere else? current situation is /etc/keystone/fernet-keys by default15:56
morganEmilienM: i would say /etc/keystone/fernet-keys15:56
lbragstadEmilienM that's totally up to your - the keys just have to be readable by the process running keystone15:57
ayoungEmilienM, I think you could make an argument for either, so lets go least resisitenace15:57
lbragstadyou*15:57
ayounglbragstad, its a permissions thing15:57
*** roxanaghe has joined #openstack-keystone15:57
EmilienMI like /etc/keystone/fernet-keys15:57
EmilienMit's where we have ssl certifs, and all config15:57
morganit is keystone config-like data, i worry /var/lib/* will be less consistent15:57
ayoungin general, you want /etc to be owned by root and only readable by the process, where as /var is for data written by the process. You don't typically want a process able to change its own config15:57
morganand certs etc... yes what EmilienM said15:57
bknudsonmaybe we can use this for keystone tests to get rid of eventlet -- https://github.com/jd/pifpaf15:57
*** henrynash has quit IRC15:58
EmilienMayoung: so using /etc/keystone/fernet-keys works find on ubuntu with UCA packaging. It does not work on RDO because of permissions. Maybe can we discuss about it on #rdo, to make it work?15:58
morgani don't expect keystone to write keys from the keystoneprocess15:58
morganin fact... i'd say that is a security concern15:58
ayounghowever, a Key like this is  fine in /etc.  I would sy, then, that it should be written by root, but readable byt the Keystone user15:58
ayoungmorgan, he was runnning keystone-manage as non-root15:58
lbragstadayoung I'd agree with that15:58
ayoungEmilienM is the puppetmaster15:58
openstackgerritMerged openstack/keystoneauth: Removing tox ignore D401 and make keystoneauth compliant  https://review.openstack.org/30484315:58
EmilienMok, let me summarize the problem :15:59
morganayoung: regardless of root or non-root, i see a security gap if the running keystone can write keys15:59
ayoungEmilienM, so,  maybe  run as root, but chgrp keystone perms 64015:59
ayoungmorgan, ++15:59
morganayoung: def. keystone group read :)15:59
EmilienM1/ if I ru keystone-manage fernet as root, it works fine, except /var/log/keystone/keystone/log is written as root user, so later db_sync fails since it's written with keystone user (same for httpd process btw)15:59
morgan640 is good.15:59
morganEmilienM: lets work on making keystone-manage better then.16:00
EmilienM2/ if I run keystone-manage fernet as keystone user, I got permissions issues on centos7 (using RDO), impossible to create /etC/keystone/fernet-keys16:00
ayoungEmilienM, hack/workoaround:  touch /var/log/keystone/keystone/log; chown keystone:keystone /var/log/keystone/keystone/log16:00
morganmaybe keystone-manage deserves it's own log? not keystone/log16:00
ayoungmorgan, ++16:00
EmilienMmorgan: ++ bis16:00
morgan:)16:01
EmilienMbut we still have the problem with db_sync16:01
ayoung/var/log/keystone/keystone_manage.log?16:01
EmilienMwe run db_sync as keystone user16:01
ayoungmange16:01
ayoungMagia16:01
ayoungMangia16:01
EmilienMhttps://github.com/openstack/puppet-keystone/blob/master/manifests/db/sync.pp16:01
EmilienMwhy should we use root at all?16:02
ayoungHmmmm....So that is going to connect to the database as the Keystone user anyway.16:02
ayoungIt probably does not matter there16:02
morganayoung: that'll connect with whatever the config says.16:02
EmilienMto me, the simpliest thing is to allow keystone user to create /etc/keystone/fernet-keys in RDO package16:02
*** mylu has quit IRC16:02
ayoungBad practice to run with root by default, though.16:02
EmilienMyes16:03
EmilienMimho, we should run everything as keystone16:03
morganEmilienM: that is your call, but i would be inclined to say the order of operations could solve this.16:03
morgani also very strongly disagree with fernet keys being rotated by the same user running keystone16:03
ayoungEmilienM, nah...keystone-manage in general is doing config type stuff...the database one is even OK to do as Root16:03
EmilienMtoday, all works fine on ubuntu packaging16:03
ayoungEmilienM, "damned by faint praise"16:03
morganbut i stay out of packaging conversations usually16:03
ayoungNo errors != It works right16:04
dstanekmorgan: ++ if you do that there may be room for an attacker to mess with it16:04
EmilienMmorgan: right, that's why I propose to continue on #rdo if needed16:04
ayoungKeys should be owned by root16:04
* morgan moves to #rdo, dstanek join us!:)16:04
*** sdake has joined #openstack-keystone16:05
*** mylu has joined #openstack-keystone16:06
*** mhickey has quit IRC16:06
*** josecastroleon has quit IRC16:06
*** mylu has quit IRC16:08
openstackgerritTom Cocozzello (tjcocozz) proposed openstack/keystone: DO NOT REVIEW (testing experimental)  https://review.openstack.org/30595416:09
openstackgerritTom Cocozzello (tjcocozz) proposed openstack/keystone: DO NOT REVIEW (testing experimental)  https://review.openstack.org/30596316:09
*** mylu has joined #openstack-keystone16:11
*** aimeeU has quit IRC16:11
*** sheel has quit IRC16:15
*** sheel has joined #openstack-keystone16:15
*** mylu has quit IRC16:18
*** timcline has quit IRC16:21
samueldmqDO NOT REVIEW -> okay, let's take a quick look at it16:22
samueldmqtjcocozz: ^16:22
tjcocozzsamueldmq, lol I always do the same thing :-)16:22
samueldmqtjcocozz: actually this has the opposite effect16:23
samueldmqtjcocozz: I will add this when I need something merging quickly16:23
samueldmqlol16:23
samueldmqat least getting quick feedback hehe16:23
EmilienMmorgan: how did you triage it for " Status tracked in Newton " in Launchpad?16:24
EmilienMis it automagic?16:24
tjcocozzsamueldmq, You should add "REVIEW" at the beginnning so I know to review it :p16:24
morganEmilienM: "target series" and select newton16:24
morganEmilienM:  :)16:24
morganEmilienM: and the project is set to have newton as the primary target16:25
morganof dev.16:25
EmilienMoh ok16:25
morgan:)16:25
*** jistr has quit IRC16:28
*** trown is now known as trown|lunch16:30
*** EinstCrazy has quit IRC16:32
*** josecastroleon has joined #openstack-keystone16:35
*** rcernin has quit IRC16:36
*** skape has left #openstack-keystone16:37
*** ninag_ has quit IRC16:39
*** stingaci has quit IRC16:40
mfischdolphm: one of my devs asked me why fernet tokens vacillate in size, 184 bytes to 205 bytes, wondering why they're not always the same16:41
openstackgerritTom Cocozzello (tjcocozz) proposed openstack/keystone: Test list project hierarchy is correct for a large tree  https://review.openstack.org/27751216:42
*** rbak has joined #openstack-keystone16:42
dolphmmfisch: different payloads16:47
*** browne has joined #openstack-keystone16:48
mfischnot sure why I thought they were always fixed16:48
dolphmmfisch: unscoped tokens are different in size from project-scoped, are different in size than federated tokens, are different in size from trust tokens16:48
dolphmmfisch: you tend to see one of two sizes most frequently, i think16:48
mfischseems obvious once you tell me16:48
dolphmmfisch: rderose's "shadow user" work has the potential to eliminate federated tokens this release, which are potentially unbounded in size right now (they carry an enumeration of groups)16:49
rbakI knew there was a difference between scoped and unscopped tokens, but assuming I'm always authenticating with the same set of credentials, what would change in the payload?16:50
*** harlowja has quit IRC16:51
mfischdatestamp but thats the same length16:51
*** fawadkhaliq has joined #openstack-keystone16:53
*** aimeeU has joined #openstack-keystone16:56
*** fawadkhaliq has quit IRC16:56
*** josecastroleon has quit IRC16:57
*** fawadkhaliq has joined #openstack-keystone16:58
*** fawadkhaliq has quit IRC16:59
*** e0ne has quit IRC16:59
dolphmBjoern: o/ did you get your v3cloudsample policy issue worked out?17:00
Bjoernno17:00
dolphmBjoern: you replaced "admin_domain_id" in the sample file with a real domain ID, correct?17:01
*** fawadkhaliq has joined #openstack-keystone17:01
Bjoernyeah also tried "role:admin and (token.is_admin_project:True or domain_id:%(domain_id)s)"17:02
Bjoernbut still 40117:02
dolphmBjoern: but you tried something like "role:admin and (token.is_admin_project:True or domain_id:5ZCjEqDd3rXGFhUzLOvIie)" ?17:03
Bjoernyes17:03
BjoernI used the id returned from domain list17:03
*** trown|lunch is now known as trown17:03
dolphmBjoern: cool - then you authenticated with keystone with a domain-scope on the same domain?17:03
openstackgerritRon De Rose proposed openstack/keystone: Move the assignment abstract base class out of core  https://review.openstack.org/29963517:03
dolphmBjoern: username + password + user_domain_id + domain_id, for example?17:04
Bjoernif you send me your public SSH key I can show you the env17:04
BjoernI use OS_PROJECT_DOMAN, OS_USER_DOMAIN and username/password17:05
dolphmBjoern: OS_PROJECT* will authenticate you for a project-scoped token instead of a domain-scoped token17:05
dolphmBjoern: in which case, you won't have domain-level authorization and won't be able to match a domain-based policy check17:05
dolphmBjoern: you need to use the OS_DOMAIN* variables instead17:05
dolphmOS_DOMAIN_ID should suffice, since you already have the ID17:06
Bjoernok let me test17:06
Bjoernthat was one of my questions back in March17:06
Bjoernbecause we set both domain settings17:06
dolphmBjoern: there are 317:06
Bjoernand I didn't know which one is for what17:06
Bjoernyeah I know17:06
dolphmBjoern: well, 617:06
Bjoernso the token can only scoped to one domain at a time ?17:06
dolphmBjoern: Bjoern: USER_DOMAIN_ID/NAME, PROJECT_DOMAIN_ID/NAME, DOMAIN_ID/NAME17:07
dolphmBjoern: correct17:07
dolphmBjoern: the USER_DOMAIN contextualizes the user you're authenticating as, because usernames are not unique across domains17:07
Bjoernwhy did we set OS_USER_DOMAIN_NAME and OS_PROJECT_DOMAIN_NAME inside the our standard openrc ?17:07
dolphmBjoern: the PROJECT_DOMAIN* contextualizes the project scope you're requesting for the same reason (names are not unique across domains)17:07
BjoernI mean both settings at the same time17:07
dolphmBjoern: and DOMAIN* requests a domain-scope instead of a project-scope17:08
dolphmBjoern: OS_USER_DOMAIN_NAME is set because it probably authenticates with a username17:08
dolphmBjoern: OS_PROJECT_DOMAIN_NAME is set because it probably authenticates for a project-scoped token normally17:08
Bjoernwhey I set OS_DOMAIN_NAME I get ERROR: openstack Authentication cannot be scoped to multiple targets. Pick one of: project, domain or trust17:09
dolphmBjoern: you'll have to unset OS_PROJECT* to get a domain scope instead17:09
BjoernI had also OS_PROJECT_NAME set17:09
dolphmBjoern: unset!17:09
*** darosale has quit IRC17:09
Bjoernyeah still got the same error17:10
*** stingaci has joined #openstack-keystone17:10
Bjoernso the domain level scoping is the reason why I do see now assignments attached to the domain  I guess ?17:10
Bjoernwhat is that token.is_admin_project for ?17:11
*** lhcheng has joined #openstack-keystone17:11
*** ChanServ sets mode: +v lhcheng17:11
dolphmBjoern: that's a new feature in mitaka - let me find you a link17:12
*** lhcheng has quit IRC17:12
*** lhcheng has joined #openstack-keystone17:12
*** ChanServ sets mode: +v lhcheng17:12
dolphmBjoern: and 'yes' to your previous question17:12
dolphmBjoern: what's your output of: env | grep OS_* | awk -F "=" '{print $1}' | tr '\n' ' ' ; echo17:12
BjoernOS_AUTH_VERSION OS_IDENTITY_API_VERSION OS_PASSWORD OS_DOMAIN_NAME OS_AUTH_URL OS_USERNAME OS_TENANT_NAME OS_ENDPOINT_TYPE OS_NO_CACHE LESSCLOSE17:12
dolphmBjoern: are you setting OS_DOMAIN_NAME to the name or ID?17:13
*** jsavak has quit IRC17:13
dolphmBjoern: also, unset OS_TENANT_NAME -- that *should* be equivalent to OS_PROJECT*, but i think neutronclient or something still uses the old name17:13
*** jsavak has joined #openstack-keystone17:14
Bjoernyeah it was the OS_TENANT_NAME. Still get 401, let me check if the user has the correct role assigned for the UserDomain trtget17:15
*** fawadk has joined #openstack-keystone17:17
*** rbak_ has joined #openstack-keystone17:18
*** markvoelker has joined #openstack-keystone17:18
*** woodburn has quit IRC17:18
openstackgerritMerged openstack/keystonemiddleware: PEP257: add flake8-docstring testing  https://review.openstack.org/30492517:19
*** cburgess has quit IRC17:19
*** woodburn has joined #openstack-keystone17:19
*** fawadkhaliq has quit IRC17:19
*** dancn has quit IRC17:19
Bjoernyeah still 40117:20
*** slberger1 has quit IRC17:20
*** rbak has quit IRC17:20
*** gordc has quit IRC17:20
*** ayoung has quit IRC17:21
*** markvoelker_ has quit IRC17:21
*** mnaser has quit IRC17:21
dolphmBjoern: is keystone in debug mode?17:21
*** timcline has joined #openstack-keystone17:22
*** iurygregory has quit IRC17:23
*** sdake has quit IRC17:23
*** gordc has joined #openstack-keystone17:24
*** fawadk has quit IRC17:25
*** fawadkhaliq has joined #openstack-keystone17:25
*** cburgess has joined #openstack-keystone17:26
*** sdake has joined #openstack-keystone17:26
*** ericksonsantos has quit IRC17:26
*** mnaser has joined #openstack-keystone17:26
*** timcline has quit IRC17:27
*** pauloewerton has quit IRC17:28
*** dancn has joined #openstack-keystone17:28
*** rbak__ has joined #openstack-keystone17:31
*** slberger has joined #openstack-keystone17:33
*** jaosorior has joined #openstack-keystone17:33
*** jsavak has quit IRC17:34
*** rbak_ has quit IRC17:34
*** jsavak has joined #openstack-keystone17:35
*** ayoung has joined #openstack-keystone17:35
*** ChanServ sets mode: +v ayoung17:35
*** dikonoo has quit IRC17:36
*** dikonoor has quit IRC17:36
*** yolanda has quit IRC17:36
*** tqtran has joined #openstack-keystone17:44
*** darosale has joined #openstack-keystone17:44
*** dan_nguyen_ has joined #openstack-keystone17:48
*** sdake_ has joined #openstack-keystone17:48
*** rderose_ has joined #openstack-keystone17:49
*** timcline has joined #openstack-keystone17:50
*** roxanaghe_ has joined #openstack-keystone17:50
*** mkoderer__ has joined #openstack-keystone17:50
*** mkoderer___ has quit IRC17:50
*** dan_nguyen has quit IRC17:50
*** dan_nguyen_ is now known as dan_nguyen17:50
*** jsavak has quit IRC17:50
*** yolanda has joined #openstack-keystone17:51
*** fawadkhaliq has quit IRC17:51
*** sdake has quit IRC17:51
*** roxanaghe has quit IRC17:51
*** rderose has quit IRC17:51
*** vnogin has quit IRC17:51
*** fawadkhaliq has joined #openstack-keystone17:51
*** jsavak has joined #openstack-keystone17:52
*** vnogin has joined #openstack-keystone17:52
*** josecastroleon has joined #openstack-keystone17:54
*** timcline has quit IRC17:54
*** gyee has joined #openstack-keystone17:55
*** ChanServ sets mode: +v gyee17:55
*** rbak_ has joined #openstack-keystone17:56
*** ametts has quit IRC17:59
*** rbak__ has quit IRC17:59
*** ametts has joined #openstack-keystone18:01
*** fawadkhaliq has quit IRC18:02
*** fawadkhaliq has joined #openstack-keystone18:02
*** sdake_ is now known as sdake18:04
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548718:04
*** rbak__ has joined #openstack-keystone18:06
*** fawadkhaliq has quit IRC18:09
*** harlowja has joined #openstack-keystone18:09
*** rbak_ has quit IRC18:09
*** fawadkhaliq has joined #openstack-keystone18:09
*** ericksonsantos has joined #openstack-keystone18:12
openstackgerritMerged openstack/keystone: OSprofiler release notes  https://review.openstack.org/30534418:12
Bjoerndplphm: I run keystone now on debug will send you some output later, anything in particular ?18:13
Bjoerndolphm: ^18:13
dolphmBjoern: i'm wondering what the details of your 401 are18:15
dolphmBjoern: the error message should be a bit more verbose with keystone in debug mode18:15
BjoernRBAC ?18:15
Bjoernoh yes I recall18:15
dolphmBjoern: there should be a "message" in the response, with hopefully something more than a "you're not authorized"18:15
*** sdake_ has joined #openstack-keystone18:17
Bjoernlol 2016-04-14 18:18:15.306 593 TRACE keystone.auth.plugins.core UserNotFound: Could not find user:18:18
Bjoernq2016-04-14 18:18:15.306 593 TRACE keystone.auth.plugins.core     return fn(*arg, **kw)18:18
Bjoern2016-04-14 18:18:15.306 593 TRACE keystone.auth.plugins.core   File "/usr/local/lib/python2.7/dist-packages/keystone/identity/core.py", line 773, in get_user_by_name18:18
Bjoern2016-04-14 18:18:15.306 593 TRACE keystone.auth.plugins.core     ref = driver.get_user_by_name(user_name, domain_id)18:18
Bjoern2016-04-14 18:18:15.306 593 TRACE keystone.auth.plugins.core   File "/usr/local/lib/python2.7/dist-packages/keystone/identity/backends/sql.py", line 145, in get_user_by_name18:18
Bjoern2016-04-14 18:18:15.306 593 TRACE keystone.auth.plugins.core     raise exception.UserNotFound(user_id=user_name)18:19
*** sdake has quit IRC18:19
Bjoernso the scoping did not work18:19
Bjoernthe openstack client does scoping EBUG: openstackclient.identity.v3.user.ListUser take_action(Namespace(columns=[], domain='domain1', formatter='table', group=None, long=False, max_width=0, project=None, quote_mode='nonnumeric'))18:19
BjoernI will try the ID18:19
*** jsavak has quit IRC18:20
*** fawadkhaliq has quit IRC18:20
*** jsavak has joined #openstack-keystone18:20
*** timcline has joined #openstack-keystone18:21
*** fawadkhaliq has joined #openstack-keystone18:22
*** timcline has quit IRC18:22
*** timcline has joined #openstack-keystone18:23
*** josecastroleon has quit IRC18:23
*** fawadkhaliq has quit IRC18:24
*** tqtran has quit IRC18:25
*** pauloewerton has joined #openstack-keystone18:26
dstanekBjoern: try to use paste as it make reading easier18:27
Bjoernyes18:28
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548718:30
dolphmBjoern: that's not a scoping issue - it failed before it got that far18:30
dolphmBjoern: that's an issue with your OS_USER* variables alone18:30
*** daemontool has quit IRC18:31
*** sdake_ is now known as sdake18:32
*** fhubik has joined #openstack-keystone18:32
dolphmBjoern: also, do mention me in your replies :)18:32
*** zqfan has quit IRC18:32
dolphmBjoern: are you sure your OS_USER_DOMAIN_NAME is correct? the user is *in* that domain?18:33
rodrigodsbreton, can you revisit https://review.openstack.org/#/c/303502/5/keystone_tempest_plugin/tests/api/identity/v3/test_service_providers.py18:35
patchbotrodrigods: patch 303502 - keystone - Add service providers integration tests18:35
openstackgerritRodrigo Duarte proposed openstack/keystone: Add mapping rules integration tests  https://review.openstack.org/30544418:36
*** jsavak has quit IRC18:39
openstackgerritMarcellin Fom Tchassem proposed openstack/keystone: Deprecation reason for domain_id_immutable  https://review.openstack.org/30602118:41
*** fhubik has quit IRC18:42
openstackgerritMerged openstack/keystoneauth: Documentation example fix  https://review.openstack.org/30423318:47
*** jsavak has joined #openstack-keystone18:49
openstackgerritMarcellin Fom Tchassem proposed openstack/keystone: Deprecation reason for domain_id_immutable  https://review.openstack.org/30602118:51
bretonrodrigods: i've removed -1, but can't +1 yet.18:51
*** tqtran has joined #openstack-keystone18:59
*** spandhe has joined #openstack-keystone18:59
ayoungdolphm, you ever figure out running unit tests on an old code base?  I'm  working through that now19:01
*** e0ne has joined #openstack-keystone19:01
*** jaosorior has quit IRC19:01
dolphmayoung: every time i worked out one dependency issue, i'd run into another, so i gave up :-/19:02
ayoungdolphm, so I cna help19:02
*** sdake has quit IRC19:02
ayoungthere is an internal set of RPMS I found on our CI server19:02
ayoungand then I am still installing pysaml from PIP19:02
*** lhcheng has quit IRC19:05
*** sdake has joined #openstack-keystone19:05
*** lhcheng has joined #openstack-keystone19:07
*** ChanServ sets mode: +v lhcheng19:07
*** lhcheng has quit IRC19:07
*** trown is now known as trown|afk19:08
*** lhcheng has joined #openstack-keystone19:08
*** ChanServ sets mode: +v lhcheng19:08
*** mylu has joined #openstack-keystone19:10
*** e0ne has quit IRC19:13
*** iurygregory has joined #openstack-keystone19:16
*** iurygregory has quit IRC19:18
*** iurygregory has joined #openstack-keystone19:18
*** e0ne has joined #openstack-keystone19:22
*** timcline has quit IRC19:27
dolphmayoung: thanks for your help, btw!19:28
*** mrhillsman has joined #openstack-keystone19:29
mrhillsmanhey folks, anyone aware of how to have a "projectadmin", user with projectadmin role that can only create/delete/update users within the project they belong19:30
mrhillsmani can get the role to allow visibility of users tab in horizon, but when you click on it, says unauthorized19:31
*** harlowja has quit IRC19:31
mrhillsmaneven when said role can run openstack user list19:31
ayoungmrhillsman, you willing to write custom policy?19:32
mrhillsmanyep19:33
ayoungso look at the cloudsample policy file.  It has a special check to prevent a global admin:19:33
ayoungis_admin_proejct19:33
ayoungmrhillsman, http://git.openstack.org/cgit/openstack/keystone/tree/etc/policy.v3cloudsample.json#n319:34
mrhillsmanyep, looking19:34
ayoungso the default is http://git.openstack.org/cgit/openstack/keystone/tree/etc/policy.json#n45  admin required19:35
mrhillsmanyep, i follow19:35
dolphmayoung: that's new for mitaka, right?19:35
ayoungwe cn't put the "is_admin_project" rule into the default policy file, as it will break a lot of people19:35
ayoungdolphm, yep19:35
*** e0ne has quit IRC19:35
dolphmmrhillsman: i assume you're on stable/mitaka or master?19:35
mrhillsmanunfortunately trying to implement in kilo19:35
*** harlowja has joined #openstack-keystone19:36
ayoungdolphm, one of things to nail down this summit is the migration plan for this19:36
ayoungmrhillsman, ooh.  So, yeah19:36
dolphmmrhillsman: ooh, this is definitely not supported at all in kilo19:36
dolphmmrhillsman: (why kilo?!)19:36
ayoungthe issue is https://bugs.launchpad.net/keystone/+bug/96869619:36
openstackLaunchpad bug 968696 in Glance ""admin"-ness not properly scoped" [High,Triaged]19:36
mrhillsmanyeah, read that bug19:36
dolphmmrhillsman: would you like a bug 968696 tshirt?19:36
mrhillsmanlol19:36
dolphmmrhillsman: bug 968696 is not a joke :(19:37
ayoungmrhillsman, dolphm I only had 2 made up, and gave on away.  Pretty sure he doesn't want the one I wore.  Should I have more made up?19:37
*** jsavak has quit IRC19:37
dolphmayoung: it was an awesome shirt :P19:37
mrhillsmani got all the way to pretty much looking the code before i said let me ask the folks who would know better than me19:37
dolphmmrhillsman: that'd be a lot of code to backport to kilo :P19:37
mrhillsmanok cool19:38
mrhillsmani did not know it was that involved19:38
dolphmmrhillsman: can you wait for / upgrade to kilo?19:38
ayoungmrhillsman, ok, so unless you are willing to backport the fix for _is_admin_project I don't relly have a good answer for you19:38
dolphmerr, mitaka?19:38
ayounghmmm19:38
ayoungmrhillsman, actually, yes I do19:38
ayoungyou can hardcode the project_id19:38
ayoungin the policy files if you are willing to write custom19:38
mrhillsmanyes19:39
mrhillsmani tried to do a custom rule19:39
ayoungso a project admin would be just role:admin, but for any more important API call add in project_id: <uuidofadminproject>19:39
mrhillsmanand use project_id:%(user.project_id)s i believe19:39
ayoungNope19:39
mrhillsmanah, so you would have to hardcode it19:39
ayoungmrhillsman, yeah,  for the APIs that you *don't* want just anyole admin executing19:40
navidphi this patch fixes some pep8 D400 and removes the ignore D400 from tox, if youhave time to review it https://review.openstack.org/#/c/305944/19:40
patchbotnavidp: patch 305944 - keystone - Fix D401 PEP8 violation.19:40
ayoungnavidp, whatis pep8 D400?19:40
navidpD401 not D40019:40
mrhillsmanthank you ayoung19:40
ayoungWhat is D401?19:40
mrhillsmani appreciate the info19:40
ayoungmrhillsman, good luck.  If you get it to work, write it up and send me the soltion19:41
navidpayoung, 401: First line should be in imperative mood19:41
mrhillsmansure thing19:41
openstackgerritBrian Curtin proposed openstack/keystoneauth: Include query string in request logging  https://review.openstack.org/30605119:41
*** real56 has joined #openstack-keystone19:41
ayoungGAH19:42
navidpayoung, https://github.com/openstack/keystone/blob/master/tox.ini#L124-L12819:42
ayoungnavidp, I'm stunned19:42
ayoungOne the one hand, wow, that was a lot of work19:42
dolphmayoung: navidp: all the pep257 error codes http://pydocstyle.readthedocs.org/en/latest/error_codes.html19:42
ayoungon the other hand,    I don't think I want  churn for that in our codebase19:42
ayoungI mean, I'm pretty pedantic, and that is a bit much for me19:43
navidpayoung, ok19:45
ayoungnavidp, but...thanks.19:45
dolphmnavidp: that is a LOT of files - but if we get the change reviewed quickly you won't have to rebase it endlessly19:45
*** e0ne has joined #openstack-keystone19:45
*** e0ne has quit IRC19:45
dolphmnavidp: i bet that was the pep257 rule with the most violations too lol19:45
ayoungTHat is not a bad way to learn the code base.  And it is early in the cycle.19:45
ayoungdolphm, can they actually automate that check?19:45
dolphmayoung: yes, pypi/pep25719:45
ayoungWow19:46
navidpdolphm, that would be great19:46
dolphmayoung: or rather, we're using pypi/flake8-pep257, which uses pypi/pep25719:46
dolphmayoung: so we run it as part of the pep8 / hacking job19:46
ayoungnavidp, going through it now.  If there is nothing glaring, tmepted to just +2 and bedone iwth it19:47
*** sdake_ has joined #openstack-keystone19:47
navidpayoung, good deed thanks19:47
dolphmi am too - first few files look great19:48
*** sdake has quit IRC19:49
ayoungnavidp, its actually a pretty easy code review.19:50
ayoungAnd things should still backport OK, which is what I was really worried about19:51
ayoungworks for me19:52
navidpayoung, yap, it is, thanks19:52
ayoungits a one time hit, and it might actually hepl write better docs19:52
*** real56 has quit IRC19:53
*** mylu has quit IRC19:54
*** mminesh has joined #openstack-keystone19:55
*** akscram has quit IRC19:58
*** akscram has joined #openstack-keystone19:59
*** mylu has joined #openstack-keystone19:59
dolphmgo team go20:04
dolphmnavidp: you also don't need to open bugs for all these - there is no end user impact to these changes beyond docs, and the required changes are already tracked in tox.ini per project20:05
dolphmnavidp: (bugs should track things that end users care directly about)20:05
navidpok dolphm20:06
*** mminesh has quit IRC20:06
*** ayoung has quit IRC20:08
openstackgerritMarcellin Fom Tchassem proposed openstack/keystone: Deprecation reason for domain_id_immutable  https://review.openstack.org/30602120:08
openstackgerritNavid Pustchi proposed openstack/keystone: Fix D401 PEP8 violation.  https://review.openstack.org/30594420:09
*** rcarrillocruz has joined #openstack-keystone20:13
rcarrillocruzhi folks20:14
rcarrillocruzquestion20:14
rcarrillocruzi'm checking http://developer.openstack.org/api-ref-identity-v3.html#projects-v3 docs20:14
rcarrillocruzand noticed the delete operation of projects does not allow domain_id as param20:14
rcarrillocruzwhereas create/update does20:14
rcarrillocruzis there a reason for this?20:14
*** timcline has joined #openstack-keystone20:14
*** gagehugo_ has joined #openstack-keystone20:16
*** gagehugo has quit IRC20:18
*** mylu_ has joined #openstack-keystone20:19
*** sileht has quit IRC20:19
*** sileht has joined #openstack-keystone20:19
*** mylu has quit IRC20:22
*** mylu_ has quit IRC20:24
*** sheel has quit IRC20:25
*** mylu has joined #openstack-keystone20:25
morganrcarrillocruz: because create you need to specify the domain owner20:25
morganrcarrillocruz: on delete, the id is known - and the domain can be discovered by the project ref20:25
morganrcarrillocruz: basically, because domain_id isn't needed on delete :)20:25
*** mylu has quit IRC20:26
*** mylu has joined #openstack-keystone20:27
*** fhubik has joined #openstack-keystone20:27
rcarrillocruzso, what you are saying is that when you do a delete it has to be with a domain scoped token, thus it's infered ?20:27
rcarrillocruzwhat i'm getting at, is that a cloud admin, that has access to all domains and all projects contained in them (projects/users/etc) cannot do a delete specifying the domain id, it has to get a token scoped to the domain and then do the delete?20:30
rcarrillocruzmorgan: ^20:30
morganrcarrillocruz: no delete on any resource you are allowed (policy dictates) knows what domain the project is in20:31
morganrcarrillocruz: because you're using project_id20:31
morganids are unique20:31
morganyou technically can delete the project you are scoped to *if* policy allows you to20:31
morganwhen using id (user_id, group_id, project_id, etc) you don't need to guess what domain, but on creation it just is a case of "who owns this resource i am creating"20:32
morganit could be inferred by scope, but that gets wonky with cloud-admin like roles20:32
rcarrillocruzoh wait20:33
rcarrillocruzso20:33
rcarrillocruza project id20:33
rcarrillocruzis unique20:33
rcarrillocruzeven amongst domains20:33
rcarrillocruz?20:33
rcarrillocruzi.e. i can't have project_id=1 on domain foo and domain bar20:34
rcarrillocruzproject_id will be unique inter-domain?20:34
*** hongbin has joined #openstack-keystone20:40
morganyes20:40
morganproject_name is only unique within it's owning domain20:40
morganproject_id is a uuid.uuid4() - if it collides in your install (legitimately), I'll buy the round of drinks ;)20:41
morganwe use the id as a unique index to look up things - so it has to be unique in a given deployment20:42
*** aimeeU has quit IRC20:43
rcarrillocruzthat makes sense now20:43
rcarrillocruzthanks for clarifying20:43
morganand with 32bytes hex, it likely is unique in the entire world. if my math isn't awful, there are 3.4028237e+38 possible uuid4s20:44
rcarrillocruz:-)20:44
morganrcarrillocruz: glad to help20:53
*** stevelle has joined #openstack-keystone20:55
*** harlowja has quit IRC20:55
openstackgerritRodrigo Duarte proposed openstack/keystone: Test list project hierarchy is correct for a large tree  https://review.openstack.org/27751221:00
*** gagehugo_ has quit IRC21:00
*** jaugustine has quit IRC21:02
*** ninag has joined #openstack-keystone21:04
*** navidp has quit IRC21:07
*** hongbin has left #openstack-keystone21:15
morganstevemar, dude i found a way to make our tokens smaller we do something like this https://twitter.com/internetofshit/status/72071440294996377821:18
morganlbragstad, dstanek, dolphm, ^ cc21:18
bknudsonwe could strip of the gAAAAA from the front of the tokens21:19
rodrigodsmorgan, makes sense!21:20
morganbknudson: hehe21:20
morgani hate to admit how hard i laughed at that tweet21:20
EmilienMmorgan: I tried to do that in the meantime https://review.openstack.org/#/c/306044/21:22
patchbotEmilienM: patch 306044 - puppet-keystone - pki/fernet: write keystone-manage logs in new files21:22
morganEmilienM: nice!21:22
EmilienMmorgan: but it does not work yet, I don't know why but logs still go in http://logs.openstack.org/51/305451/8/check/gate-puppet-openstack-integration-3-scenario003-tempest-centos-7/8ebc2a8/logs/keystone/keystone.txt.gz (on centos only, on ubuntu it goes in the right file)21:22
morganah.21:22
morganweird21:22
morganvery weird21:22
morganmaybe logging.conf is clobbering something?21:23
openstackgerritMerged openstack/keystone: Dev doc update for moving abstract base classes out of core  https://review.openstack.org/30231721:23
EmilienMyeah, I'm investigating21:23
*** csoukup_ has quit IRC21:23
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548721:27
openstackgerritRon De Rose proposed openstack/keystone: Move the resource abstract base class out of core  https://review.openstack.org/30282621:32
*** pauloewerton has quit IRC21:35
*** baffle_ is now known as baffle21:35
*** fhubik has quit IRC21:39
*** fhubik has joined #openstack-keystone21:39
*** doug-fis_ has joined #openstack-keystone21:47
*** doug-fis_ has quit IRC21:47
*** doug-fis_ has joined #openstack-keystone21:48
*** trown|afk is now known as trown|outtypewww21:48
*** slberger has left #openstack-keystone21:49
*** doug-fish has quit IRC21:50
*** timcline has quit IRC21:50
*** timcline has joined #openstack-keystone21:51
*** doug-fis_ has quit IRC21:52
*** gyee has quit IRC21:52
*** gyee has joined #openstack-keystone21:53
*** ChanServ sets mode: +v gyee21:53
*** edmondsw has quit IRC21:53
*** jlvillal has quit IRC21:53
openstackgerritRon De Rose proposed openstack/keystone: Move identity.backends.sql model code to sql_model.py  https://review.openstack.org/29261121:54
openstackgerritRon De Rose proposed openstack/keystone: WIP - Shadow LDAP and non-local users  https://review.openstack.org/30548721:54
*** tqtran has quit IRC21:56
*** rderose_ has quit IRC21:57
*** sigmavirus24 is now known as sigmavirus24_awa21:57
*** jlvillal has joined #openstack-keystone21:58
*** rderose_ has joined #openstack-keystone21:58
*** pushkaru has quit IRC22:00
*** roxanaghe_ has quit IRC22:01
*** richm has quit IRC22:01
*** doug-fish has joined #openstack-keystone22:01
*** pushkaru has joined #openstack-keystone22:02
*** roxanaghe_ has joined #openstack-keystone22:03
*** edmondsw has joined #openstack-keystone22:04
*** csoukup_ has joined #openstack-keystone22:04
*** dan_nguyen has quit IRC22:05
*** darosale has quit IRC22:07
*** harlowja has joined #openstack-keystone22:09
*** ametts has quit IRC22:10
*** tqtran has joined #openstack-keystone22:10
*** csoukup_ has quit IRC22:11
*** spandhe has quit IRC22:14
*** richm has joined #openstack-keystone22:15
*** pushkaru has quit IRC22:18
*** gordc has quit IRC22:21
*** Bjoern has quit IRC22:23
*** ninag has quit IRC22:25
*** ayoung has joined #openstack-keystone22:39
*** ChanServ sets mode: +v ayoung22:39
*** tqtran has quit IRC22:44
*** tqtran has joined #openstack-keystone22:44
*** phalmos has quit IRC22:44
*** sheel has joined #openstack-keystone22:47
*** mylu has quit IRC22:51
*** mylu has joined #openstack-keystone22:54
*** rbak__ has quit IRC22:55
*** jamielennox is now known as jamielennox|away22:58
*** spzala has quit IRC23:03
*** spzala has joined #openstack-keystone23:03
*** spzala has quit IRC23:08
*** mylu has quit IRC23:11
*** mylu has joined #openstack-keystone23:11
*** mylu has quit IRC23:18
*** mylu has joined #openstack-keystone23:21
*** ayoung has quit IRC23:23
*** mylu has quit IRC23:24
*** mylu has joined #openstack-keystone23:25
*** mylu has quit IRC23:30
*** alex_xu has quit IRC23:40
*** alex_xu has joined #openstack-keystone23:42
*** timcline has quit IRC23:44
*** shoutm has joined #openstack-keystone23:45
*** spzala has joined #openstack-keystone23:46
*** jamielennox|away is now known as jamielennox23:59
« Wednesday, 2016-04-13 Index Friday, 2016-04-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!