Wednesday, 2016-05-25

*** lhcheng has quit IRC		00:03
*** markvoelker has joined #openstack-keystone		00:12
*** markvoelker has quit IRC		00:16
*** spzala has quit IRC		00:18
*** spzala has joined #openstack-keystone		00:18
*** tqtran has quit IRC		00:21
*** spzala has quit IRC		00:23
openstackgerrit	guang-yee proposed openstack/keystonemiddleware: Determine project name from oslo_config or local config https://review.openstack.org/320123	00:33
openstackgerrit	guang-yee proposed openstack/keystonemiddleware: Make sure audit can handle API requests which does not require a token https://review.openstack.org/320725	00:33
*** rderose_ has joined #openstack-keystone		00:36
jamielennox	gyee: i was playing around with something like that yesterday, reviews started here: https://review.openstack.org/#/c/319715/	00:37
patchbot	jamielennox: patch 319715 - keystonemiddleware - Create a Config object	00:37
jamielennox	gyee: my thought was that we could abstract a config object out of keystonemiddleware that could then be used by all the keystone middlewares	00:38
gyee	jamielennox, yes, I was thinking of the same thing	00:38
gyee	it can be shared by all keystone middleware	00:39
jamielennox	yep, so that one just extracts the object so we'd have to give it a bit more smarts for things like config group - but that step would be fairly easy	00:40
gyee	not just config, but utilities such as _determine_project, setting user_agent, _determine_version, etc	00:40
jamielennox	yep, well the follow on patch to that rolls that all up into a user_agent @property that you can use	00:41
gyee	jamielennox, should we fix audit middleware first, then refactor? Or you prefer the reverse?	00:42
gyee	I am fine either way	00:42
jamielennox	gyee: depends how long it takes to get the refactor approved	00:42
gyee	I am sorta under-the-gun to get audit working for Swift :-)	00:43
jamielennox	gyee: i think you're in trouble right? because you can't configure messaging or anything without a real CONF object and swift doesn't have one	00:45
gyee	right, right now they can get around that by putting them in proxy-server.conf	00:45
gyee	so _conf_get() is a reasonable workaround	00:45
*** spzala has joined #openstack-keystone		00:47
gyee	I basically copied that logic from auth_token, minus the local_oslo_config stuff	00:47
jamielennox	yea, i'm not a fan of that either	00:48
jamielennox	but still what is creating the global CONF object?	00:48
jamielennox	do you have your own middleware in place?	00:48
gyee	I can roll a franken-audit middleware if I have to, but I rather fix it upstream	00:49
*** BjoernT has joined #openstack-keystone		00:57
*** timcline has joined #openstack-keystone		01:02
*** timcline has quit IRC		01:02
*** timcline has joined #openstack-keystone		01:03
*** markvoelker has joined #openstack-keystone		01:13
*** markvoelker has quit IRC		01:17
*** ngupta has joined #openstack-keystone		01:20
*** sheel has joined #openstack-keystone		01:21
*** woodster_ has quit IRC		01:28
*** EinstCrazy has joined #openstack-keystone		01:30
ayoung	jamielennox, I fixed Rippowam to work with Keycloak.	01:33
*** spzala has quit IRC		01:33
*** ngupta has quit IRC		01:35
*** sdake has joined #openstack-keystone		01:39
*** cheran has quit IRC		01:40
jamielennox	ayoung: oh, nice - i tried to run a version of it the other day to test some saml stuff	01:49
jamielennox	it's still tied into a number of internal repos	01:49
jamielennox	and has a few assumptions i couldn't match	01:49
jamielennox	assumptions that are because i don't really have an openstack env to set up machines on :(	01:50
ayoung	jamielennox, yeah, it is still OSP based..haven;'t even looked at what version. I'd like to make sure it runs with RDO first, and then do OSP9/10 afterwards	01:50
jamielennox	ayoung: it'd be good if we could use some of that as the basis for some saml functional testing	01:50
ayoung	jamielennox, that is one goal	01:51
ayoung	tripleo + IPA + Keycloak	01:51
jamielennox	because i looked at OSA's openstack-kyestone module and it's super tied to ubuntu and some IDP that i don't know about	01:51
ayoung	I need to split the packstack role into packstack-vanilla and "everything after"	01:51
jamielennox	oh yea, that was the other side of it - i didn't really want to deploy an entire packstack	01:52
ayoung	I had something sort-of working with OOO Quickstart, but it broke the other day so jdennis and I just pushed through getting Keycloak working with Rippowam,	01:52
*** sdake_ has joined #openstack-keystone		01:52
ayoung	I'm running another test now, to make sure I kick over the apache server after setting up the SAML routes, and then I'll push/	01:53
jamielennox	yea, if i didn't have the hardware to test packstack i definetly don't for OOO	01:53
*** sdake has quit IRC		01:53
ayoung	jamielennox, heh. If you can't do packstack, what are you developing with?	01:53
jamielennox	at the time i wanted just keystone for some saml and eventually k2k tests	01:54
jamielennox	i had some ansible for that but who knows where it went	01:54
*** diazjf has joined #openstack-keystone		01:54
jamielennox	so i was hoping to just do IPA + keystone	01:54
jamielennox	git preferable but RPM ok	01:54
*** timcline has quit IRC		01:56
ayoung	jamielennox, So the rippowam code for IPA would work. But all of the service customization would be a pain	01:56
*** diazjf has quit IRC		01:56
ayoung	I guess we could split out the Keystone+IPA stuff into its own role	01:56
jamielennox	ayoung: yep, thats about where i got to	01:56
*** spzala has joined #openstack-keystone		01:57
ayoung	notmorgan, https://review.openstack.org/#/c/311652/ looks good, with a failure that does not look related to the cache...ran out of hosts to run things on?	01:57
patchbot	ayoung: patch 311652 - keystone - Replace revoke tree with linear search	01:57
*** rbridgeman has joined #openstack-keystone		02:02
*** julim has joined #openstack-keystone		02:04
*** sdake_ has quit IRC		02:09
*** iurygregory_ has joined #openstack-keystone		02:12
*** gyee has quit IRC		02:39
rderose_	seeing a lot of patches failing: keystone-coverage-db FAILURE	02:42
rderose_	is this being worked on?	02:43
rderose_	or does anyone know why this is failing?	02:44
*** agrebennikov has quit IRC		03:07
*** rbridgeman has quit IRC		03:08
*** BjoernT has quit IRC		03:14
*** sdake has joined #openstack-keystone		03:15
*** rderose_ has quit IRC		03:18
*** tonytan_brb has joined #openstack-keystone		03:26
*** lhcheng has joined #openstack-keystone		03:27
*** ChanServ sets mode: +v lhcheng		03:27
*** sdake has quit IRC		03:27
*** tonytan4ever has quit IRC		03:29
*** spzala has quit IRC		03:34
*** sheel has quit IRC		03:35
*** tonytan_brb has quit IRC		03:35
*** ayoung has quit IRC		03:42
*** sdake has joined #openstack-keystone		03:44
*** sheel has joined #openstack-keystone		03:46
*** rderose_ has joined #openstack-keystone		03:49
openstackgerrit	Merged openstack/keystone: remove deprecated revoke_by_expiration function https://review.openstack.org/271135	03:57
*** links has joined #openstack-keystone		04:01
*** richm has quit IRC		04:14
*** TxGVNN has joined #openstack-keystone		04:17
*** iurygregory_ has quit IRC		04:25
*** lhcheng_ has joined #openstack-keystone		04:50
*** jamielennox is now known as jamielennox\|away		04:50
*** lhcheng has quit IRC		04:52
*** jaosorior has joined #openstack-keystone		04:59
*** jamielennox\|away is now known as jamielennox		05:04
*** sdake_ has joined #openstack-keystone		05:11
*** GB21 has joined #openstack-keystone		05:13
*** dave-mccowan has quit IRC		05:13
*** rderose_ has quit IRC		05:13
*** sdake has quit IRC		05:13
*** rderose_ has joined #openstack-keystone		05:27
*** rderose_ has quit IRC		05:27
*** agrebennikov has joined #openstack-keystone		05:42
*** agrebennikov has quit IRC		05:47
*** jamielennox is now known as jamielennox\|away		05:54
*** daemontool has joined #openstack-keystone		05:54
*** ig0r_ has joined #openstack-keystone		06:01
*** lhcheng has joined #openstack-keystone		06:06
*** ChanServ sets mode: +v lhcheng		06:06
*** agrebennikov has joined #openstack-keystone		06:07
*** lhcheng_ has quit IRC		06:09
*** jamielennox\|away is now known as jamielennox		06:10
*** ig0r_ has quit IRC		06:17
*** jamielennox is now known as jamielennox\|away		06:21
*** rcernin has joined #openstack-keystone		06:21
*** furface has quit IRC		06:24
*** furface has joined #openstack-keystone		06:26
*** jamielennox\|away is now known as jamielennox		06:28
*** belmoreira has joined #openstack-keystone		06:36
*** henrynash has joined #openstack-keystone		06:38
*** ChanServ sets mode: +v henrynash		06:38
*** tesseract has joined #openstack-keystone		06:47
*** pnavarro has joined #openstack-keystone		07:10
*** pnavarro has quit IRC		07:17
*** pnavarro has joined #openstack-keystone		07:18
*** pnavarro has quit IRC		07:18
*** pnavarro has joined #openstack-keystone		07:18
*** hoonetorg has quit IRC		07:43
*** jaosorior has quit IRC		07:45
*** chlong has quit IRC		07:46
*** lhcheng has quit IRC		07:48
*** pnavarro has quit IRC		07:55
*** sdake_ has quit IRC		07:56
*** pnavarro has joined #openstack-keystone		07:56
*** hoonetorg has joined #openstack-keystone		07:56
*** zzzeek has quit IRC		08:00
*** zzzeek has joined #openstack-keystone		08:00
*** daemontool_ has joined #openstack-keystone		08:07
*** daemontool_ has quit IRC		08:09
*** daemontool_ has joined #openstack-keystone		08:09
*** daemontool has quit IRC		08:10
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c https://review.openstack.org/318435	08:10
openstackgerrit	Davanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c https://review.openstack.org/318435	08:10
*** ig0r_ has joined #openstack-keystone		08:20
*** fhubik has joined #openstack-keystone		08:23
*** dmk0202 has joined #openstack-keystone		08:28
*** _fortis has quit IRC		08:32
*** brad[] has quit IRC		08:36
*** brad[] has joined #openstack-keystone		08:37
*** sdake has joined #openstack-keystone		08:43
*** jaosorior has joined #openstack-keystone		08:47
*** sdake has quit IRC		08:49
*** sdake has joined #openstack-keystone		08:51
*** markvoelker has joined #openstack-keystone		09:03
*** sdake has quit IRC		09:05
*** markvoelker has quit IRC		09:08
*** henrynash has quit IRC		09:10
*** daemontool_ has quit IRC		09:19
*** daemontool_ has joined #openstack-keystone		09:19
*** mvk has quit IRC		09:22
*** ygl has joined #openstack-keystone		09:35
ygl	HI All	09:35
ygl	i need soem information	09:35
ygl	i am querying the keystone server from a keystone client using --insecure option	09:36
ygl	how can I make it secure ?	09:36
ygl	can anyone help me please ?	09:47
*** fhubik has quit IRC		09:48
*** tlbr has quit IRC		09:49
*** tlbr has joined #openstack-keystone		09:52
*** mvk has joined #openstack-keystone		09:55
*** markvoelker has joined #openstack-keystone		10:04
*** GB21 has quit IRC		10:05
*** EinstCrazy has quit IRC		10:09
*** markvoelker has quit IRC		10:09
*** EinstCrazy has joined #openstack-keystone		10:09
*** EinstCrazy has quit IRC		10:14
*** rk4n has joined #openstack-keystone		10:15
*** TxGVNN has quit IRC		10:19
*** mkoshiya has joined #openstack-keystone		10:19
mkoshiya	Hi, all. could you please review bp/return-request-id-to-caller - https://review.openstack.org/#/c/261188/ and Related Changes.	10:22
patchbot	mkoshiya: patch 261188 - python-keystoneclient - Add wrapper classes for return-request-id-to-caller	10:22
openstackgerrit	Julien Danjou proposed openstack/keystone: Install necessary files in etc/ https://review.openstack.org/320880	10:22
*** al_loew has joined #openstack-keystone		10:23
dstanek	ygl: are you using SSL with a cert that can be validated?	10:24
ygl	dstanek: how and where can I enable it or install it ?	10:25
*** mkoshiya has quit IRC		10:33
*** ygl has quit IRC		10:35
*** _amrith_ is now known as amrith		10:40
*** al_loew has quit IRC		10:57
*** GB21 has joined #openstack-keystone		10:59
*** markvoelker has joined #openstack-keystone		11:05
*** markvoelker has quit IRC		11:10
*** vnogin has joined #openstack-keystone		11:14
*** openstackgerrit has quit IRC		11:18
*** openstackgerrit has joined #openstack-keystone		11:18
*** gordc has joined #openstack-keystone		11:28
*** belmoreira has quit IRC		11:31
openstackgerrit	Bertrand Lallau proposed openstack/python-keystoneclient: Remove unused iso8601 requirement https://review.openstack.org/320914	11:32
*** GB21 has quit IRC		11:34
*** GB21 has joined #openstack-keystone		11:50
*** jaosorior has quit IRC		11:56
*** jaosorior has joined #openstack-keystone		11:57
*** jamielennox is now known as jamielennox\|away		11:58
*** jaosorior has quit IRC		11:58
*** jaosorior has joined #openstack-keystone		11:59
*** rderose has joined #openstack-keystone		12:06
*** BlackDex_ is now known as BlackDex		12:07
*** jamielennox\|away is now known as jamielennox		12:07
*** markvoelker has joined #openstack-keystone		12:10
samueldmq	notmorgan: what have you and ayoun found out about patch 311652?	12:13
patchbot	samueldmq: https://review.openstack.org/#/c/311652/ - keystone - Replace revoke tree with linear search	12:13
*** GB21 has quit IRC		12:19
*** amrith is now known as _amrith_		12:30
*** henrynash has joined #openstack-keystone		12:30
*** ChanServ sets mode: +v henrynash		12:30
*** ddieterly has joined #openstack-keystone		12:33
*** ddieterly has quit IRC		12:35
*** ddieterly has joined #openstack-keystone		12:35
*** markvoelker has quit IRC		12:42
*** markvoelker has joined #openstack-keystone		12:48
notmorgan	samueldmq: i am with gyee... make it do the work in the db. but i can only argue so much.	12:49
*** pauloewerton has joined #openstack-keystone		12:58
*** ddieterly has quit IRC		12:59
*** edmondsw has joined #openstack-keystone		12:59
*** ayoung has joined #openstack-keystone		13:01
*** ChanServ sets mode: +v ayoung		13:01
*** belmoreira has joined #openstack-keystone		13:02
*** ig0r__ has joined #openstack-keystone		13:06
yolanda	hi notmorgan, and other keystone cores, can i get review for https://review.openstack.org/320340 ?	13:06
*** dave-mccowan has joined #openstack-keystone		13:07
*** ig0r_ has quit IRC		13:08
*** zqfan has quit IRC		13:13
*** zqfan has joined #openstack-keystone		13:15
*** henrynash has quit IRC		13:15
*** henrynash has joined #openstack-keystone		13:15
*** ChanServ sets mode: +v henrynash		13:15
*** jaosorior has quit IRC		13:23
openstackgerrit	henry-nash proposed openstack/keystone-specs: Microversions https://review.openstack.org/315180	13:27
*** ddieterly has joined #openstack-keystone		13:30
*** al_loew has joined #openstack-keystone		13:35
*** al_loew has quit IRC		13:35
*** ddieterly is now known as ddieterly[away]		13:36
*** al_loew has joined #openstack-keystone		13:37
*** _amrith_ is now known as amrith		13:41
*** BjoernT has joined #openstack-keystone		13:42
*** BjoernT is now known as Bjoern_zZzZzZzZ		13:42
*** richm has joined #openstack-keystone		13:42
*** amrith is now known as _amrith_		13:43
*** mou has joined #openstack-keystone		13:43
*** _amrith_ is now known as amrith		13:44
*** amrith is now known as _amrith_		13:45
*** ddieterly[away] is now known as ddieterly		13:46
*** tlbr has quit IRC		13:47
*** links has quit IRC		13:48
*** ngupta has joined #openstack-keystone		13:48
*** _amrith_ is now known as amrith		13:49
*** amrith is now known as _amrith_		13:49
*** tlbr has joined #openstack-keystone		13:49
*** phalmos has quit IRC		13:49
*** _amrith_ is now known as amrith		13:50
*** ametts has joined #openstack-keystone		13:51
*** xek has quit IRC		13:54
rodrigods	notmorgan, https://bugs.launchpad.net/nova/+bug/1585652 was wondering if keystoneauth could treat this kind of error? but created in nova anyway	13:55
openstack	Launchpad bug 1585652 in OpenStack Compute (nova) "EmptyCatalog not treated during cinderclient creation" [Undecided,New]	13:55
*** Bjoern_zZzZzZzZ is now known as BjoernT		14:00
*** darosale has joined #openstack-keystone		14:01
*** nkinder has quit IRC		14:02
*** sheel has quit IRC		14:05
*** haplo37_ has joined #openstack-keystone		14:10
knikolla	morning keystone!	14:13
dstanek	knikolla: good morning	14:14
*** sheel has joined #openstack-keystone		14:16
tsufiev	hello, folks!	14:17
tsufiev	are you aware that some recent devstack change to how keystone is deployed broke horizon?	14:18
tsufiev	more specifically, http://paste2.org/VHBI9vW0	14:18
*** timcline has joined #openstack-keystone		14:18
*** gagehugo has joined #openstack-keystone		14:18
rodrigods	samueldmq, henrynash, ping... should not wait the job for https://review.openstack.org/#/c/320145/ ?	14:18
patchbot	rodrigods: patch 320145 - keystone - Migrate identity /v3 docs from api-ref repo	14:18
knikolla	hi dstanek! quick question. when a devstack plugin lies in the keystone tree in devstack/plugin.sh. Is it automatically called if keystone is enabled? Till now i’ve been working out of tree and had to do enable_plugin federation git://repo	14:19
henrynash	rodigods: wait for what?	14:19
dstanek	tsufiev: is that due to the wrong API version?	14:20
rodrigods	henrynash, ah ok, the job has been merged: https://review.openstack.org/#/c/320486/	14:20
patchbot	rodrigods: patch 320486 - openstack-infra/project-config - Add api-ref job for keystone	14:20
rodrigods	henrynash, so it should run before merge that patch ^	14:20
dstanek	knikolla: i'm not really sure. i thought it was automatically called, but #openstack-qa would have the best answer	14:21
*** nkinder has joined #openstack-keystone		14:21
tsufiev	dstanek, how could I check if it's wrong?	14:21
knikolla	tsufiev: is there a v3 or v2.0 at the end of the auth url?	14:22
henrynash	rodigods: ah, I see what you mean….I think we’re Ok…..	14:22
tsufiev	knikolla, v3	14:22
*** henrynash has quit IRC		14:23
tsufiev	the endpoint url is http://<hostip>:5000/v3, then a request is made to http://<hostip>/identity/users/<userid>/projects to return project list which results in Http404	14:23
tsufiev	any suggestions?	14:23
dstanek	tsufiev: with no version in that url?	14:24
knikolla	tsufiev: http://<hostip>:5000/v3/identity/users/<userid>/projects should be the correct one i believe	14:25
samueldmq	rodrigods: henrynash: we need that for the job to run	14:25
*** ngupta has quit IRC		14:25
*** al_loew has quit IRC		14:26
*** pushkaru has joined #openstack-keystone		14:26
tsufiev	dstanek, confirmed, no version	14:27
tsufiev	could it be the case that django_openstack_auth is behind some important keystone/python-keystoneclient change?	14:27
*** spzala has joined #openstack-keystone		14:30
*** brad[] has quit IRC		14:30
dstanek	tsufiev: not sure. is that a brand new devstack installation?	14:31
tsufiev	dstanek, yes, it is	14:31
dstanek	tsufiev: i can give that a try in a few minutes and see what happens for me	14:31
dstanek	tsufiev: were you just tying to login to horizon when you got the error?	14:32
tsufiev	dstanek, that would be very helpful! Horizon gate is blocked due to this issue, because all integration tests are failing	14:32
bknudson	https://review.openstack.org/#/c/88736/ -- 434 patch sets	14:32
patchbot	bknudson: patch 88736 - swift - Updated from global requirements	14:32
bknudson	that must be a record	14:32
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Change password requirements https://review.openstack.org/320156	14:32
dstanek	bknudson: lol, i saw that on the list this morning	14:33
tsufiev	yes, once I log into it, there is an error 'Unable to get projects list'	14:33
dstanek	bknudson: maybe you know the solution to tsufiev's problem off the top of your head?	14:33
*** phalmos has joined #openstack-keystone		14:35
bknudson	dstanek: tsufiev: I don't know the solution off the top of my head. The change was to have users prefer the http://<hostip>/identity endpoint, so this is what keystone advertises.	14:36
dstanek	it looks like something is just not constructing the urls correctly then	14:36
*** amakarov_away is now known as amakarov		14:38
bknudson	a lot of applications seem to try way too hard to manipulate urls	14:38
tsufiev	looks like the url is constructed inside keystoneclient	14:39
*** ddieterly is now known as ddieterly[away]		14:44
tsufiev	well, my overall impression is that something in new devstack setup doesn't work particularly well with keystoneclient and django_openstack_auth	14:45
knikolla	tsufiev: bknudson: would this have anything to do with it? https://github.com/openstack/django_openstack_auth/blob/master/openstack_auth/utils.py#L257	14:48
*** iurygregory is now known as iury_afk		14:48
bknudson	knikolla: that looks broken to begin with.	14:50
bknudson	just based on the comment	14:50
bknudson	this is why keystone provides version discovery	14:50
*** EinstCrazy has joined #openstack-keystone		14:50
*** ddieterly[away] is now known as ddieterly		14:53
*** jaugustine has joined #openstack-keystone		14:55
bknudson	requested a new release of keystone mitaka since the previous release never made it to the tarball download site: https://review.openstack.org/#/c/321044/	14:57
patchbot	bknudson: patch 321044 - releases - keystone 9.0.2 (mitaka)	14:57
tsufiev	knikolla, bknudson: no, it doesn't seem to be the root cause	15:00
tsufiev	even if I entirely omit whole function contents (replacing with 'return auth_url' at the beginning), the issue is still there	15:01
*** amrith is now known as _amrith_		15:01
*** EinstCrazy has quit IRC		15:02
tsufiev	besides that, if I remove keystone endpoint version suffix from horizon config, I cannot authenticate at all	15:03
tsufiev	DEBUG:keystoneauth.identity.v3.base:Making authentication request to http://192.168.33.12:5000/auth/tokens	15:04
tsufiev	DEBUG:keystoneauth.session:Request returned failure status: 404	15:04
*** _amrith_ is now known as amrith		15:04
tsufiev	that's ^^^ what happens if I remove version suffix	15:04
*** amrith is now known as _amrith_		15:05
*** sdake has joined #openstack-keystone		15:09
*** _amrith_ is now known as amrith		15:09
*** yolanda_ has joined #openstack-keystone		15:10
*** EinstCrazy has joined #openstack-keystone		15:11
*** GB21 has joined #openstack-keystone		15:11
openstackgerrit	Mikhail Nikolaenko proposed openstack/keystone: Added app for policy enforcement https://review.openstack.org/317529	15:12
openstackgerrit	Merged openstack/keystone: Migrate identity /v3 docs from api-ref repo https://review.openstack.org/320145	15:12
*** EinstCrazy has quit IRC		15:13
*** sdake_ has joined #openstack-keystone		15:13
*** sdake has quit IRC		15:13
openstackgerrit	Merged openstack/keystone: Replace revoke tree with linear search https://review.openstack.org/311652	15:13
*** belmoreira has quit IRC		15:14
*** ddieterly is now known as ddieterly[away]		15:14
*** bknudson has left #openstack-keystone		15:15
*** daemontool_ has quit IRC		15:16
*** ddieterly[away] is now known as ddieterly		15:17
*** ngupta has joined #openstack-keystone		15:17
*** EinstCrazy has joined #openstack-keystone		15:18
*** EinstCrazy has quit IRC		15:19
*** EinstCrazy has joined #openstack-keystone		15:19
ayoung	THE TREE IS DEAD! https://review.openstack.org/#/c/311652/	15:20
patchbot	ayoung: patch 311652 - keystone - Replace revoke tree with linear search (MERGED)	15:20
*** yolanda has quit IRC		15:20
*** EinstCrazy has quit IRC		15:22
*** pushkaru has quit IRC		15:24
*** EinstCrazy has joined #openstack-keystone		15:25
*** EinstCrazy has quit IRC		15:26
*** roxanaghe has joined #openstack-keystone		15:27
*** bknudson has joined #openstack-keystone		15:28
*** ChanServ sets mode: +v bknudson		15:28
*** EinstCrazy has joined #openstack-keystone		15:28
*** roxanaghe has quit IRC		15:31
*** ngupta has quit IRC		15:32
*** sdake_ has quit IRC		15:34
*** EinstCrazy has quit IRC		15:35
tsufiev	folks, I created a bug https://bugs.launchpad.net/keystone/+bug/1585682 to track recent Horizon/Keystone Devstack issue	15:35
openstack	Launchpad bug 1585682 in OpenStack Dashboard (Horizon) "Horizon gating on dsvm-integration job is broken due to recent changes in devstack/keystone" [Critical,New]	15:35
*** rderose has quit IRC		15:39
*** rderose has joined #openstack-keystone		15:44
*** dmk0202 has quit IRC		15:49
*** SamYaple has quit IRC		15:50
*** SamYaple has joined #openstack-keystone		15:52
*** rk4n has quit IRC		15:53
*** jaugustine has quit IRC		15:53
*** timcline has quit IRC		15:59
*** tonytan4ever has joined #openstack-keystone		16:00
*** henrynash has joined #openstack-keystone		16:02
*** ChanServ sets mode: +v henrynash		16:02
notmorgan	tsufiev: i'm going to bet this is an issue with devstack change	16:02
notmorgan	tsufiev: i think the "prefer web ports" change landed yesterday	16:03
*** woodster_ has joined #openstack-keystone		16:03
notmorgan	bknudson: ^ cc on that	16:03
bknudson	notmorgan: revert the change?	16:03
notmorgan	bknudson: not my 1st choice	16:03
*** tonytan4ever has quit IRC		16:03
notmorgan	bknudson: just trying to chase down why/what can be fixed if possible first	16:04
notmorgan	bknudson: that is just what it looks like	16:04
*** rcernin has quit IRC		16:04
* notmorgan is really really against the "OMG REVERT" mode we tend to go with		16:04
notmorgan	i much prefer fail forwards.	16:05
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Change password requirements https://review.openstack.org/320156	16:05
bknudson	I'd prefer to have lots of time to work upstream, too, but that's not the case now.	16:05
notmorgan	bknudson: if i didn't have non-work things to deal with right now, i'd chase this down.	16:06
notmorgan	bknudson: but i do :(	16:06
notmorgan	if the only answer is revert... then ping sdague, and revert the change [if it fixes things]	16:06
bknudson	I won't have time to work on this, so unless somebody else can work on it then revert is the quickest.	16:07
notmorgan	@all, anyone willing to chase this down ^ it is likely related to issues with using non-web ports	16:08
tsufiev	notmorgan, bknudson: what do you think of running horizon integration tests for changes like this in devstack?	16:09
david-lyle	tsufiev: eek	16:09
notmorgan	tsufiev: this has been an on-going issue with the decoupling of tests.	16:09
bknudson	tsufiev: if you don't want horizon to be broken by devstack changes then run tests.	16:09
tsufiev	hm...	16:10
notmorgan	the more we decouple the integrated gate the more this is possible	16:10
notmorgan	we really don't have that many issues	16:10
notmorgan	but basically you're asking to go back to the integrated gate	16:10
bknudson	we have an issue every time we change keystone config	16:10
notmorgan	bknudson: and it is with a different project	16:10
*** links has joined #openstack-keystone		16:10
tsufiev	I think it is still the way it's functioning	16:10
*** daemontool has joined #openstack-keystone		16:10
tsufiev	I thought*	16:11
notmorgan	tsufiev: not exactly	16:11
notmorgan	it may also be a stacking issue, keystoneclient change on top of keystone changes on top of devstack changes	16:11
notmorgan	but it seems devstack changes for keystone tend to break the world because of where we sit in the stack	16:12
tsufiev	yes, I agree, these issues could be difficult to prevent	16:12
*** rk4n has joined #openstack-keystone		16:12
notmorgan	the other issue is that very few people seem able to chase down the keystone related issues like this (i know it's complex)	16:13
tsufiev	david-lyle, people in horizon community tend to think 'omg, tests are broken again', when actually that's not their fault at all :(	16:13
notmorgan	but we can't be "everywhere"	16:13
david-lyle	tsufiev: not always, no	16:13
notmorgan	and can't solve every single issue with every other project around identity	16:13
notmorgan	i do think we do a reasonable job at it though.	16:13
*** tesseract has quit IRC		16:13
david-lyle	but the effective pass rate needs to be much more consistent	16:13
notmorgan	i just don't have a good anwerr	16:13
notmorgan	i also can't guarantee tht issue is the devstack change	16:14
notmorgan	when did it start happening?	16:14
tsufiev	notmorgan, np, I was just thinking how to make overall test pass rate more predictable and prevent situation like that...	16:14
tsufiev	I would say it started yesterday	16:14
*** roxanaghe has joined #openstack-keystone		16:15
tsufiev	or even more recently, like 8-10 hours ago	16:15
notmorgan	tsufiev: i just marked the keystone side incomplete, please get us a logstash query showing when it started	16:15
notmorgan	and remark it "new" and ping us. it will help us chase down what landed when and where this started	16:16
notmorgan	tsufiev: especially since i don't want to play revert games if it isn't related	16:16
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Change password requirements https://review.openstack.org/320156	16:16
notmorgan	tsufiev: and like i said, i have non-work things to take care of pretty soon here, so i have to duck out :( or i'd offer to help more	16:17
*** ddieterly is now known as ddieterly[away]		16:17
*** roxanaghe has quit IRC		16:18
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Password strength requirements https://review.openstack.org/320586	16:19
*** lhcheng has joined #openstack-keystone		16:19
*** ChanServ sets mode: +v lhcheng		16:19
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Password strength requirements https://review.openstack.org/320586	16:19
*** daemontool has quit IRC		16:20
*** ddieterly[away] is now known as ddieterly		16:20
*** roxanaghe has joined #openstack-keystone		16:22
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Password strength requirements https://review.openstack.org/320586	16:22
*** tonytan4ever has joined #openstack-keystone		16:23
*** gyee has joined #openstack-keystone		16:23
*** ChanServ sets mode: +v gyee		16:23
openstackgerrit	Ron De Rose proposed openstack/keystone: Add password table columns to meet PCI-DSS change password requirements https://review.openstack.org/314284	16:24
*** GB21 has quit IRC		16:25
notmorgan	yolanda_: its on my short list - i have some stuff to takee care of non-work related first.	16:26
notmorgan	yolanda_: (have to turn a car in today)	16:27
*** roxanaghe has quit IRC		16:27
*** sdake has joined #openstack-keystone		16:29
openstackgerrit	Ron De Rose proposed openstack/keystone: Add password table columns to meet PCI-DSS change password requirements https://review.openstack.org/314284	16:31
*** ddieterly is now known as ddieterly[away]		16:32
openstackgerrit	Ron De Rose proposed openstack/keystone: Add password table columns to meet PCI-DSS change password requirements https://review.openstack.org/314284	16:35
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Change password requirements https://review.openstack.org/320156	16:36
openstackgerrit	Ron De Rose proposed openstack/keystone: WIP - PCI-DSS Password strength requirements https://review.openstack.org/320586	16:36
*** ddieterly[away] is now known as ddieterly		16:36
*** ngupta has joined #openstack-keystone		16:38
*** KevinE has joined #openstack-keystone		16:40
tsufiev	notmorgan, entered a query and a date range about 10 minutes ago, logstash is still searching at http://logstash.openstack.org/#/dashboard/file/logstash.json	16:40
tsufiev	anything I'm doing wrong?	16:40
KevinE	How does one set the interface to 'auth'?	16:41
notmorgan	tsufiev: you may need to adjust the timestamps.	16:41
notmorgan	tsufiev: erm timewindow	16:41
notmorgan	tsufiev: but it can be slow to search. there is a LOT of data	16:41
tsufiev	like narrowing it?	16:41
notmorgan	tsufiev: it defaults to 15 minutes	16:41
notmorgan	tsufiev: so you likely need to expand it	16:42
tsufiev	15 minutes won't say anything about the issue :/	16:42
notmorgan	exactly	16:42
tsufiev	okay, trying with 2 days	16:42
notmorgan	yep	16:42
KevinE	I'm having a lot of trouble in keystoneclient.auth.identity.base. Even if I try setting my endpoint_type to public, it will fail to contact the ADMIN endpoint	16:44
KevinE	anyone got a second to help?	16:45
*** jaugustine has joined #openstack-keystone		16:54
*** roxanaghe has joined #openstack-keystone		16:55
*** timcline has joined #openstack-keystone		17:00
*** rbridgeman has joined #openstack-keystone		17:02
*** rbridgeman_ has joined #openstack-keystone		17:03
*** timcline has quit IRC		17:04
openstackgerrit	Rudolf Vriend proposed openstack/keystone: Allow domain admins to list users in groups with v3 policy https://review.openstack.org/321128	17:05
*** rbridgeman has quit IRC		17:07
*** TxGVNN has joined #openstack-keystone		17:10
*** brad[] has joined #openstack-keystone		17:18
*** tonytan_brb has joined #openstack-keystone		17:19
*** tonytan4ever has quit IRC		17:20
*** KevinE has quit IRC		17:20
*** timcline has joined #openstack-keystone		17:23
*** timcline has quit IRC		17:23
*** timcline has joined #openstack-keystone		17:24
*** timcline has quit IRC		17:24
*** TxGVNN has quit IRC		17:24
*** timcline has joined #openstack-keystone		17:24
*** ddieterly is now known as ddieterly[away]		17:27
*** pnavarro has quit IRC		17:27
*** tonytan_brb is now known as tonytan4ever		17:28
*** sdake_ has joined #openstack-keystone		17:33
*** ngupta has quit IRC		17:33
*** sdake has quit IRC		17:35
*** BjoernT is now known as Bjoern_zZzZzZzZ		17:36
*** lamt has quit IRC		17:37
*** rk4n has quit IRC		17:39
*** rderose has quit IRC		17:40
*** Bjoern_zZzZzZzZ is now known as BjoernT		17:40
*** fawadkhaliq has joined #openstack-keystone		17:43
*** ngupta has joined #openstack-keystone		17:43
*** rderose has joined #openstack-keystone		17:43
*** spzala has quit IRC		17:44
*** spzala has joined #openstack-keystone		17:45
*** spzala_ has joined #openstack-keystone		17:48
*** spzala has quit IRC		17:50
*** ig0r__ has quit IRC		17:51
*** links has quit IRC		17:52
*** spzala_ has quit IRC		17:53
openstackgerrit	henry-nash proposed openstack/keystone: Create V9 driver for identity backend https://review.openstack.org/305315	17:55
*** jed56 has quit IRC		17:59
*** mou has quit IRC		18:07
*** agrebennikov has quit IRC		18:10
*** roxanaghe has quit IRC		18:11
*** roxanaghe has joined #openstack-keystone		18:12
*** mou has joined #openstack-keystone		18:19
*** mvk has quit IRC		18:20
*** sdake_ is now known as sdake		18:23
*** fawadkhaliq has quit IRC		18:23
*** ddieterly[away] is now known as ddieterly		18:25
*** spzala has joined #openstack-keystone		18:32
dstanek	tsufiev: i just created a brand new devstack and i couldn't duplicate your issue	18:34
tsufiev	that's weird	18:34
*** sdake_ has joined #openstack-keystone		18:34
tsufiev	lhcheng, ^^	18:35
*** roxanagh_ has joined #openstack-keystone		18:35
tsufiev	honestly, I have no idea what's happening in the devstack right now	18:35
tsufiev	dstanek, maybe your devstack and mine differ by a tiny commit that changes how horizon behaves )?	18:36
*** sdake has quit IRC		18:37
dstanek	tsufiev: could be. i have devstack as of 20 mins ago	18:37
*** roxanaghe has quit IRC		18:38
knikolla	compare the latest thing in git log	18:39
tsufiev	it seems that lhcheng has identified the root cause	18:42
dstanek	tsufiev: was it already fixed?	18:43
rodrigods	henrynash, ping re: tempest tests	18:44
tsufiev	dstanek, no, the issue lies within django_openstack_auth and was triggered by the recent devstack change which added /identity suffix to the auth_url that django_openstack_auth receives and tries (unsuccessfully) to fix	18:44
tsufiev	has to be fixed yet	18:44
rodrigods	henrynash, https://blueprints.launchpad.net/keystone/+spec/keystone-tempest-plugin-tests you also can ask me any doubts you may have	18:44
rodrigods	henrynash, my current plan is to add a scenario test case for federation, but we first need the clients (to make the calls to keystone server), that's why i've added straight forward API tests for idp, sp and mapping	18:45
dstanek	tsufiev: lhcheng: i wonder why i don't run into that	18:47
lhcheng	dstanek: does your keystone run in identity context? http://<host>/identity	18:48
*** sdake_ is now known as sdake		18:48
dstanek	lhcheng: checking....	18:50
dstanek	i'm just doing whatever the default is	18:50
lhcheng	dstanek: what is the default in devstack now? I haven't updated mine for a while	18:51
dstanek	lhcheng: looks like /identity is enabled, but not being used	18:53
dstanek	so that's why i didn't hit it	18:53
*** darosale has quit IRC		19:03
*** mvk has joined #openstack-keystone		19:05
openstackgerrit	Kristi Nikolla proposed openstack/keystone: WIP - Devstack plugin for Federation https://review.openstack.org/320623	19:09
*** spzala has quit IRC		19:12
*** spzala has joined #openstack-keystone		19:12
*** rbridgeman_ has quit IRC		19:13
*** rderose has quit IRC		19:15
*** flwang1 has joined #openstack-keystone		19:16
*** spzala has quit IRC		19:17
flwang1	notmorgan: ping	19:18
flwang1	notmorgan: could you pls revisit https://review.openstack.org/#/c/310083/ ? thanks	19:18
patchbot	flwang1: patch 310083 - governance - Add stable and deprecation tags for Zaqar	19:18
*** georgem1 has joined #openstack-keystone		19:22
*** darosale has joined #openstack-keystone		19:34
notmorgan	flwang1: done.	19:35
*** spzala has joined #openstack-keystone		19:38
flwang1	notmorgan: thank you!	19:38
flwang1	notmorgan: btw, who can do the workflow +1? thanks	19:39
*** spzala has quit IRC		19:43
*** ddieterly is now known as ddieterly[away]		19:43
notmorgan	flwang1: that is up to the TC Chair.	19:46
notmorgan	flwang1: and this is something that will be (likey) addressed in the next TC meeting as most of these are.	19:46
*** ngupta has quit IRC		19:48
ayoung	notmorgan, export OS_AUTH_TYPE=v3fedkerb seems to not be working, and it was last summer. Did we ever get a final resting place for that auth plugin?	19:53
flwang1	notmorgan: cool, cheers	19:55
ayoung	rodrigods, so If I run in debug I see	19:56
ayoung	oh...maybe I need to clear my other env vars...one sec	19:56
ayoung	DEBUG: openstackclient.api.auth Auth plugin osc_password selected	19:58
ayoung	its like it is missing the Kerberos one	19:58
ayoung	ah wait...I need it on my laptop...duh	19:58
*** spzala has joined #openstack-keystone		19:59
*** flwang1 has quit IRC		19:59
ayoung	disregard. it works	19:59
rodrigods	ayoung, :)	19:59
rodrigods	ayoung, was hard to imagine the same plugin was working for horizon but not for cli	20:00
*** zqfan has quit IRC		20:03
*** spzala has quit IRC		20:03
*** ayoung has quit IRC		20:04
*** amrith is now known as _amrith_		20:05
*** sheel has quit IRC		20:05
*** ddieterly[away] is now known as ddieterly		20:05
*** ddieterly is now known as ddieterly[away]		20:05
*** spzala has joined #openstack-keystone		20:07
*** tqtran has joined #openstack-keystone		20:10
*** ddieterly[away] is now known as ddieterly		20:11
*** raddaoui has joined #openstack-keystone		20:12
*** darosale has quit IRC		20:14
*** roxanagh_ has quit IRC		20:14
*** roxanaghe has joined #openstack-keystone		20:14
*** spzala has quit IRC		20:16
*** nkinder has quit IRC		20:18
*** nkinder has joined #openstack-keystone		20:21
*** roxanaghe has quit IRC		20:22
*** georgem1 has quit IRC		20:25
*** KevinE has joined #openstack-keystone		20:33
KevinE	Would it be a bad idea to add a parameter in service_catalog.py that looks for an endpoint_override?	20:34
*** mou has quit IRC		20:37
*** rbridgeman_ has joined #openstack-keystone		20:40
*** ngupta has joined #openstack-keystone		20:40
*** sdake_ has joined #openstack-keystone		20:46
*** sdake has quit IRC		20:48
*** KevinE has quit IRC		20:52
*** iurygregory has joined #openstack-keystone		20:56
*** julim has quit IRC		20:56
*** haplo37_ has quit IRC		21:01
*** roxanaghe has joined #openstack-keystone		21:04
*** nkinder has quit IRC		21:07
*** nkinder has joined #openstack-keystone		21:07
*** roxanaghe has quit IRC		21:07
*** gyee has quit IRC		21:07
*** daemontool has joined #openstack-keystone		21:07
*** raildo is now known as raildo-afk		21:09
*** georgem1 has joined #openstack-keystone		21:10
*** georgem1 has quit IRC		21:10
*** georgem1 has joined #openstack-keystone		21:11
*** darosale has joined #openstack-keystone		21:11
openstackgerrit	werner mendizabal proposed openstack/keystone: Support encryption of credentials in Keystone https://review.openstack.org/317169	21:13
*** agrebennikov has joined #openstack-keystone		21:14
*** clenimar has quit IRC		21:14
*** pauloewerton has quit IRC		21:17
*** gagehugo_ has joined #openstack-keystone		21:19
harlowja	notmorgan 'Morgan Fainberg has added skills: (>^_^)>, ┬─┬ ︵ /(.□. \\）, ┬─┬ ノ( ゜-゜ノ), (╯°□°)╯︵ ┻━┻, ಠ_ಠ'	21:19
harlowja	lol	21:19
harlowja	+1	21:19
*** ddieterly is now known as ddieterly[away]		21:19
notmorgan	harlowja: exactly	21:19
harlowja	emjoi skill	21:19
*** gagehugo has quit IRC		21:19
openstackgerrit	Andrew Laski proposed openstack/oslo.policy: Add sample file generation script and helper methods https://review.openstack.org/314244	21:20
openstackgerrit	Andrew Laski proposed openstack/oslo.policy: Add equality operator to policy.RuleDefault https://review.openstack.org/321242	21:20
openstackgerrit	Andrew Laski proposed openstack/oslo.policy: Add helper methods for generating policy info https://review.openstack.org/321243	21:20
*** gagehugo_ has quit IRC		21:20
*** gagehugo has joined #openstack-keystone		21:21
*** tonytan4ever has quit IRC		21:21
*** roxanaghe has joined #openstack-keystone		21:22
*** ddieterly[away] is now known as ddieterly		21:24
*** _amrith_ is now known as amrith		21:26
*** ametts has quit IRC		21:28
*** daemontool has quit IRC		21:31
*** henrynash has quit IRC		21:34
*** flwang1 has joined #openstack-keystone		21:36
*** georgem1 has quit IRC		21:38
*** jaugustine has quit IRC		21:39
*** edmondsw has quit IRC		21:41
*** sdake_ has quit IRC		21:45
*** flwang1 has quit IRC		21:45
*** sdake has joined #openstack-keystone		21:51
*** flwang1 has joined #openstack-keystone		21:53
*** lhcheng has quit IRC		21:59
*** iurygregory has quit IRC		22:01
*** darosale has quit IRC		22:10
*** ddieterly is now known as ddieterly[away]		22:15
*** henrynash has joined #openstack-keystone		22:24
*** ChanServ sets mode: +v henrynash		22:24
*** sdake has quit IRC		22:25
*** timcline has quit IRC		22:28
*** ayoung has joined #openstack-keystone		22:30
*** ChanServ sets mode: +v ayoung		22:30
*** gordc has quit IRC		22:31
openstackgerrit	Merged openstack/keystone: Add API Change Tutorial https://review.openstack.org/302789	22:35
*** ddieterly[away] is now known as ddieterly		22:40
*** afred312_ has joined #openstack-keystone		22:45
*** afred312 has quit IRC		22:47
*** lhcheng has joined #openstack-keystone		22:50
*** ChanServ sets mode: +v lhcheng		22:50
*** gyee has joined #openstack-keystone		22:55
*** ChanServ sets mode: +v gyee		22:55
*** ngupta has quit IRC		22:57
*** g2` is now known as BrAsS_mOnKeY		22:59
*** ddieterly has quit IRC		22:59
*** phalmos has quit IRC		23:01
*** chlong has joined #openstack-keystone		23:05
*** akscram has quit IRC		23:07
*** harlowja has quit IRC		23:12
notmorgan	keystoneauth-cores: https://review.openstack.org/#/c/320340/ this should be pretty straightforward.	23:16
patchbot	notmorgan: patch 320340 - keystoneauth - Update keystoneauth fixture to support v3	23:16
*** sdake has joined #openstack-keystone		23:28
*** BjoernT has quit IRC		23:30
*** rderose has joined #openstack-keystone		23:30
*** henrynash has quit IRC		23:33

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!