Friday, 2016-08-05

« Thursday, 2016-08-04 Index Saturday, 2016-08-06 »
*** haplo37__ has quit IRC00:02
*** sdake_ has joined #openstack-keystone00:06
*** sdake has quit IRC00:09
stevemarjamielennox: google00:10
*** markvoelker has joined #openstack-keystone00:12
*** markvoelker_ has quit IRC00:14
*** tqtran has quit IRC00:25
jamielennoxstevemar: ok, i thought you might have known how to configure websphere liberty00:26
jamielennoxor whatever00:26
stevemarjamielennox: i used that once too00:27
stevemarjamielennox: https://developer.ibm.com/opentech/2015/06/17/use-websphere-liberty-as-an-openid-connect-provider-for-openstack/00:27
stevemarlike a year ago...00:27
stevemarfrom keystoneclient.contrib.auth.v3 import oidc00:27
stevemarfrom keystoneclient import session00:27
stevemarbefore ksa was a thing00:27
*** KevinE has quit IRC00:29
*** mkoderer__ has quit IRC00:29
*** chlong has quit IRC00:32
*** arunkant_ has quit IRC00:34
*** mkoderer__ has joined #openstack-keystone00:37
*** narengan has joined #openstack-keystone00:44
jamielennoxstevemar: ah - that's almost exactly wha ti'm looking for00:44
jamielennoxstevemar: i tried to read the docs but i have no idea how to do java things00:44
*** agrebennikov has quit IRC00:50
*** jamielennox is now known as jamielennox|away00:55
*** jamielennox|away is now known as jamielennox00:57
stevemarjamielennox: why are you using websphere liberty anyhow?00:58
jamielennoxstevemar: i'm putting in a talk cfp on openid connect and was researching providers i can experiment with00:59
*** shaleh has quit IRC00:59
stevemarjamielennox: makes sense00:59
jamielennoxi know google and stuff but i wanted to know what was runnable (and preferably open source)00:59
*** markvoelker has quit IRC00:59
jamielennoxthought i should at least experiment with the IBM one00:59
jamielennoxit seems unfortunately easy to implement one that does exactly what you want with a library, but there aren't a lot of readily available ones01:01
jamielennoxi'm kind of annoyed how long i spent playing with dex and never really getting it to work properly01:02
* stevemar shrugs at jamielennox01:03
stevemarjamielennox: it was pretty easy to setup liberty to use the ibm ldap backend01:03
stevemarjamielennox: the only hard part was figuring out the ldapRegistry for the server.xml01:04
jamielennoxstevemar: yea, there's a chunk of LDAP there - but this is always going to be usage specific01:05
stevemaryap01:05
jamielennoxbasically i'm annoyed trying to experiment with things that don't provide a docker/run with config kind of experience01:05
jamielennox(not looking at keystone - obviously)01:05
jamielennoxwebsphere actually seems to have one01:07
*** ayoung has joined #openstack-keystone01:07
*** ChanServ sets mode: +v ayoung01:07
jamielennoxto ayoung's mixed reaction keycloak was awesome in that regard01:08
*** spzala has quit IRC01:09
*** spzala has joined #openstack-keystone01:10
*** ravelar has quit IRC01:14
*** davechen has joined #openstack-keystone01:14
*** spzala has quit IRC01:14
*** guoshan has joined #openstack-keystone01:23
*** ddieterly has joined #openstack-keystone01:25
*** EinstCrazy has joined #openstack-keystone01:48
*** agrebennikov has joined #openstack-keystone01:59
*** EinstCrazy has quit IRC02:00
*** sdake has joined #openstack-keystone02:03
*** sdake_ has quit IRC02:04
*** EinstCrazy has joined #openstack-keystone02:09
*** spzala has joined #openstack-keystone02:10
*** jamielennox is now known as jamielennox|away02:12
*** sdake_ has joined #openstack-keystone02:14
*** sdake has quit IRC02:17
*** spzala has quit IRC02:17
*** dave-mcc_ has joined #openstack-keystone02:17
*** dave-mccowan has quit IRC02:17
*** browne has quit IRC02:19
*** narengan1 has joined #openstack-keystone02:22
*** narengan has quit IRC02:25
*** ddieterly has quit IRC02:26
*** julim has joined #openstack-keystone02:28
*** daemontool_ has quit IRC02:31
*** itisha has quit IRC02:40
openstackgerritMerged openstack/keystone: Add schema validation to create user v2  https://review.openstack.org/34853102:44
*** ddieterly has joined #openstack-keystone02:47
*** EinstCrazy has quit IRC02:51
*** EinstCrazy has joined #openstack-keystone02:52
*** dave-mcc_ has quit IRC02:59
*** spzala has joined #openstack-keystone03:01
*** spzala has quit IRC03:06
*** ddieterly has quit IRC03:17
*** EinstCrazy has quit IRC03:18
*** EinstCrazy has joined #openstack-keystone03:20
*** EinstCrazy has quit IRC03:23
*** ayoung is now known as ayoung_ZZZzzz03:26
*** julim has quit IRC03:31
*** jamielennox|away is now known as jamielennox03:35
openstackgerritSteve Martinelli proposed openstack/keystone: Make hash_algorithms order deterministic  https://review.openstack.org/35122203:40
*** sdake_ has quit IRC03:42
*** chlong has joined #openstack-keystone03:49
*** agrebennikov has quit IRC03:50
*** richm has quit IRC03:51
*** sdake has joined #openstack-keystone03:57
*** spzala has joined #openstack-keystone04:02
*** guoshan has quit IRC04:04
*** spzala has quit IRC04:07
*** sdake has quit IRC04:14
openstackgerritMerged openstack/keystone: Update the api-ref to mark the v2 API as deprecated  https://review.openstack.org/35137004:23
openstackgerritMerged openstack/keystone: Report v2.0 as deprecated in version discovery  https://review.openstack.org/35139604:23
*** sdake has joined #openstack-keystone04:24
stevemarjamielennox: howd the liberty setup go?04:28
jamielennoxstevemar: haven't tried it yet, going away for the week and have mostly been packing04:37
jamielennoxthat can be a job for later04:37
*** markvoelker has joined #openstack-keystone04:38
stevemarjamielennox: oh? have fun04:38
stevemarhope youre going somewhere nice04:38
jamielennoxskiing :)04:41
jamielennoxso keen04:41
*** EinstCrazy has joined #openstack-keystone04:42
*** jamielennox is now known as jamielennox|away04:43
*** markvoelker has quit IRC04:43
*** jaosorior has joined #openstack-keystone04:45
*** guoshan has joined #openstack-keystone04:49
*** jaosorior has quit IRC04:51
*** roxanaghe has joined #openstack-keystone04:52
*** jaosorior has joined #openstack-keystone04:52
*** guoshan has quit IRC04:53
*** jaosorior has quit IRC04:54
*** jaosorior has joined #openstack-keystone04:55
*** spzala has joined #openstack-keystone05:01
*** narengan1 has quit IRC05:03
*** spzala has quit IRC05:06
*** jaosorior has quit IRC05:14
*** jaosorior has joined #openstack-keystone05:15
*** jaosorior has quit IRC05:17
*** jaosorior has joined #openstack-keystone05:18
openstackgerritSteve Martinelli proposed openstack/keystone: Make hash_algorithms order deterministic  https://review.openstack.org/35122205:20
openstackgerritSteve Martinelli proposed openstack/keystone: Make hash_algorithms order deterministic  https://review.openstack.org/35122205:23
openstackgerritzheng yin proposed openstack/python-keystoneclient: Add Python 3.5 classifier and venv  https://review.openstack.org/34193105:24
*** EinstCrazy has quit IRC05:25
*** roxanaghe has quit IRC05:25
*** rcernin has joined #openstack-keystone05:31
*** links has joined #openstack-keystone05:36
*** guoshan has joined #openstack-keystone05:43
stevemarjamielennox|away: oh that is fun, enjoy05:46
*** korean101 has joined #openstack-keystone05:46
korean101hi05:47
korean101how can i use keystone v2?05:47
korean101i use v3 now05:47
korean101how can i change?05:47
*** guoshan has quit IRC05:48
*** ekarlso has quit IRC05:58
*** code-R has joined #openstack-keystone05:59
*** code-R_ has joined #openstack-keystone06:00
*** spzala has joined #openstack-keystone06:02
*** code-R has quit IRC06:04
*** code-R_ has quit IRC06:05
*** spzala has quit IRC06:07
*** chlong has quit IRC06:08
*** guoshan has joined #openstack-keystone06:16
*** guoshan has quit IRC06:27
openstackgerritMerged openstack/keystone: PCI-DSS Lockout requirements  https://review.openstack.org/34007406:28
davechenkorean101: export OS_IDENTITY_API_VERSION=2.0 export OS_AUTH_URL=http://10.239.159.68:5000/v2.006:32
davechenkorean101: you should change these env to make it call v2 APi06:33
korean101davechen: yes but not solved...06:34
*** pnavarro has joined #openstack-keystone06:35
davechenkorean101:  It works for me, other env should be the same as V3, there is a doc from keystone repo about his but I forgot the link.06:36
davechenkorean101:  or you can google it, there are many post about this.06:37
*** code-R has joined #openstack-keystone06:37
korean101davechen: http://paste.openstack.org/show/550100/06:38
*** code-R_ has joined #openstack-keystone06:39
*** adriant has quit IRC06:39
*** markvoelker has joined #openstack-keystone06:40
*** chlong has joined #openstack-keystone06:40
davechenkorean101:  I paste all the env in my side, pls see http://paste.openstack.org/show/550101/06:42
*** code-R has quit IRC06:42
davechenkorean101:  If that still doesn't work, it  might be failed for other reasons.06:43
*** danpawlik has joined #openstack-keystone06:44
*** markvoelker has quit IRC06:44
korean101davechen: http://paste.openstack.org/show/550102/06:46
korean101davechen: <Location /identity> section needed?06:47
*** chlong has quit IRC06:52
davechenkorean101: i don't think you need change that file, it exactly the same as mine.06:54
korean101davechen: nono that file is devstack's file. my file is different06:58
davechenkorean101: you can have a try :)06:59
korean101davechen: http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html (my file status)06:59
*** pnavarro has quit IRC06:59
korean101davechen: i already try. but same... ok many thanks07:00
*** code-R_ has quit IRC07:01
*** belmoreira has joined #openstack-keystone07:03
*** spzala has joined #openstack-keystone07:03
*** spzala has quit IRC07:08
openstackgerrityuyafei proposed openstack/python-keystoneclient: Add __ne__ built-in function  https://review.openstack.org/33743507:19
*** code-R has joined #openstack-keystone07:20
*** code-R has quit IRC07:23
*** code-R has joined #openstack-keystone07:24
*** jpena|off is now known as jpena07:26
*** flaper87 has joined #openstack-keystone07:36
*** flaper87 is now known as Guest7354807:36
*** gb21 has joined #openstack-keystone07:42
*** gb21 has quit IRC07:55
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** EinstCrazy has joined #openstack-keystone08:00
*** openstackgerrit has quit IRC08:03
*** openstackgerrit has joined #openstack-keystone08:03
*** guoshan has joined #openstack-keystone08:06
*** gb21 has joined #openstack-keystone08:06
*** gb21 has quit IRC08:06
*** guoshan has quit IRC08:11
*** jaosorior has quit IRC08:13
*** jaosorior has joined #openstack-keystone08:14
*** tesseract- has joined #openstack-keystone08:16
*** code-R_ has joined #openstack-keystone08:25
openstackgerritzheng yin proposed openstack/python-keystoneclient: Add Python 3.5 classifier  https://review.openstack.org/34193108:25
*** pnavarro has joined #openstack-keystone08:27
*** code-R has quit IRC08:28
*** d0ugal has quit IRC08:32
*** d0ugal has joined #openstack-keystone08:33
*** d0ugal has quit IRC08:33
*** d0ugal has joined #openstack-keystone08:33
*** d0ugal has quit IRC08:33
*** d0ugal has joined #openstack-keystone08:33
*** sdake has quit IRC08:37
*** Guest73548 is now known as flaper8708:39
*** flaper87 is now known as Guest7864108:39
*** markvoelker has joined #openstack-keystone08:40
*** EinstCrazy has quit IRC08:43
*** Guest78641 has quit IRC08:44
*** markvoelker has quit IRC08:45
*** EinstCrazy has joined #openstack-keystone08:47
*** mdavidson has joined #openstack-keystone08:52
*** itisha has joined #openstack-keystone09:01
*** code-R has joined #openstack-keystone09:03
*** code-R_ has quit IRC09:03
*** spzala has joined #openstack-keystone09:05
*** guoshan has joined #openstack-keystone09:08
*** spzala has quit IRC09:10
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting List/Create/Show/Update services  https://review.openstack.org/35159809:16
*** mdavidson has quit IRC09:16
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting parameters of Show/Update/List/Create endpoint  https://review.openstack.org/35160009:17
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting parameters of Show/Update/List/Create endpoint  https://review.openstack.org/35160009:29
*** EinstCra_ has joined #openstack-keystone09:29
*** EinstCrazy has quit IRC09:32
*** code-R has quit IRC09:35
*** EinstCra_ has quit IRC09:35
*** EinstCrazy has joined #openstack-keystone09:37
*** flaper87 has joined #openstack-keystone09:40
*** flaper87 has quit IRC09:40
*** flaper87 has joined #openstack-keystone09:40
*** amoralej is now known as amoralej|brb09:46
*** davechen has left #openstack-keystone10:02
*** amoralej|brb is now known as amoralej10:06
*** spzala has joined #openstack-keystone10:07
*** spzala has quit IRC10:12
openstackgerritAnh Tran proposed openstack/keystone: api-ref: Correcting parameters of Policies APIs  https://review.openstack.org/35163610:28
*** GB21 has joined #openstack-keystone10:30
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331410:33
*** sheel has joined #openstack-keystone10:35
*** guoshan has quit IRC10:35
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password expires validation  https://review.openstack.org/33336010:49
openstackgerritRon De Rose proposed openstack/keystone: Drop EPHEMERAL user type  https://review.openstack.org/29663910:51
*** GB21 has quit IRC10:54
*** guoshan has joined #openstack-keystone10:54
*** GB21 has joined #openstack-keystone10:55
*** spzala has joined #openstack-keystone11:08
*** pnavarro is now known as pnavarro|lunch11:13
*** spzala has quit IRC11:13
odyssey4mehas anyone seen anything like this come up lately? http://paste.openstack.org/show/550395/ (401 during tempest testing)11:22
dstanekodyssey4me: is that a transient issues?11:23
dstanekstevemar: ping11:24
odyssey4mewe're getting it very consistently in our horizon role test, which implements keystone and uses the tempest plugin for horizon11:24
dstanekodyssey4me: i haven't seen that specifically. we've had a few transient auth failures that we believe is from our caching, but this appears to be different11:25
odyssey4meyeah, no caching involved here11:25
odyssey4mewell, no memcache at least11:25
odyssey4medstanek odd, I'm not seeing evidence of the auth failure in keystone logs11:40
odyssey4meit's been a while though - what should I be looking for?11:41
dstanekodyssey4me: no 401/403 errors in the access log?11:43
odyssey4medstanek ah ok, I had forgotten to check the apache access log11:45
odyssey4meright, now I have the timings11:45
odyssey4medstanek so this is what I have in the debug log during that minute: http://paste.openstack.org/show/550406/11:47
dstanekodyssey4me: 'User 40bb577837884a418784eaf1961586ea has no access to domain default _populate_roles' doesn't look good11:49
odyssey4meheh, and the auth failure on the following line which I completely missed11:49
*** GB21 has quit IRC11:50
*** gordc has joined #openstack-keystone11:56
*** EinstCrazy has quit IRC12:07
*** guoshan has quit IRC12:07
*** guoshan has joined #openstack-keystone12:07
*** rodrigods has quit IRC12:07
*** rodrigods has joined #openstack-keystone12:08
*** dave-mccowan has joined #openstack-keystone12:08
*** spzala has joined #openstack-keystone12:09
*** amoralej is now known as amoralej|lunch12:09
*** julim has joined #openstack-keystone12:12
*** jpena is now known as jpena|lunch12:13
*** spzala has quit IRC12:14
*** lmiccini_ has joined #openstack-keystone12:17
*** lmiccini has quit IRC12:17
*** nishaYadav has joined #openstack-keystone12:43
* nishaYadav waves hello o/12:44
*** spzala has joined #openstack-keystone12:49
openstackgerritMikhail Nikolaenko proposed openstack/keystone: Add domain check in domain-specific role implication  https://review.openstack.org/35126412:49
*** catintheroof has quit IRC12:53
*** jaosorior has quit IRC12:54
*** nisha_ has joined #openstack-keystone12:54
*** nishaYadav has quit IRC12:56
*** markvoelker has joined #openstack-keystone12:56
*** nisha_ is now known as nishaYadav12:57
*** nishaYadav is now known as Guest7509312:57
*** Guest75093 has quit IRC12:58
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add role functional tests  https://review.openstack.org/33511812:59
*** nisha_ has joined #openstack-keystone13:01
*** pnavarro|lunch has quit IRC13:01
*** ddieterly has joined #openstack-keystone13:04
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 credentials  https://review.openstack.org/34850613:05
*** nisha__ has joined #openstack-keystone13:05
*** catintheroof has joined #openstack-keystone13:05
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add credential functional tests  https://review.openstack.org/34855713:06
nisha__samueldmq, can you please review this ^13:08
*** ddieterly has quit IRC13:08
*** nisha_ has quit IRC13:09
*** sdake has joined #openstack-keystone13:11
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password expires validation  https://review.openstack.org/33336013:14
*** lmiccini has joined #openstack-keystone13:15
*** lmiccini_ has quit IRC13:18
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password expires validation  https://review.openstack.org/33336013:20
*** amoralej|lunch is now known as amoralej13:20
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Password expires validation  https://review.openstack.org/33336013:21
*** iurygregory_ has joined #openstack-keystone13:22
*** nisha__ has quit IRC13:25
*** jpena|lunch is now known as jpena13:25
*** iurygregory has quit IRC13:25
*** iurygregory_ is now known as iurygregory13:26
*** itisha has quit IRC13:30
*** EinstCrazy has joined #openstack-keystone13:32
openstackgerrithenry-nash proposed openstack/keystone: Add the migration phase status table  https://review.openstack.org/34970313:33
*** agrebennikov has joined #openstack-keystone13:34
openstackgerrithenry-nash proposed openstack/keystone: Add support for rolling upgrades to keystone-manage  https://review.openstack.org/34971613:37
*** richm has joined #openstack-keystone13:38
openstackgerrithenry-nash proposed openstack/keystone: Add contract migrations to keystone-manage  https://review.openstack.org/34993913:38
*** ametts has joined #openstack-keystone13:42
*** danpawlik has quit IRC13:42
*** sheel has quit IRC13:46
openstackgerritRon De Rose proposed openstack/keystone: Password expires ignore user list  https://review.openstack.org/35174913:48
openstackgerritRon De Rose proposed openstack/keystone: Password expires ignore user list  https://review.openstack.org/35174913:49
*** nishaYadav has joined #openstack-keystone13:50
*** pblaho has joined #openstack-keystone13:51
*** tonytan4ever has joined #openstack-keystone13:53
*** tonytan4ever has quit IRC13:55
*** tonytan4ever has joined #openstack-keystone13:55
stevemardstanek: pong13:56
*** spzala has quit IRC13:57
dstanekstevemar: morning13:57
dstanekquestion about hash sorting.... where did you see that None error?13:57
*** spzala has joined #openstack-keystone13:57
dstaneki took a quick look at the test failures and didn't see that13:58
stevemardstanek: hmm, let me bring up the patch13:58
stevemarwas gonna chat with you about that one13:58
stevemardstanek: "gate-keystone-tox-db-legacy_drivers" of patch set 113:59
*** catintheroof has quit IRC14:00
stevemardstanek: it's also in the functional logs: http://logs.openstack.org/22/351222/1/check/gate-keystone-dsvm-functional/013d8d8/logs/devstacklog.txt.gz#_2016-08-04_20_41_35_40514:00
*** spzala has quit IRC14:01
*** openstackgerrit has quit IRC14:03
*** openstackgerrit has joined #openstack-keystone14:03
*** edmondsw has joined #openstack-keystone14:04
dstanekstevemar: interesting14:05
*** narengan1 has joined #openstack-keystone14:07
*** catintheroof has joined #openstack-keystone14:07
*** ddieterly has joined #openstack-keystone14:09
*** lmiccini has quit IRC14:09
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Improve docs for v3 ec2  https://review.openstack.org/35017314:09
openstackgerritNisha Yadav proposed openstack/python-keystoneclient: Add ec2 functional tests  https://review.openstack.org/35024514:10
*** nishaYadav has quit IRC14:12
*** guoshan has quit IRC14:12
mnikolaenkoHello everyone. As far as I know, domain-specific role should not be able to imply global role. But in this test that happens https://github.com/openstack/keystone/blob/master/keystone/tests/unit/test_v3_assignment.py#L2712 . Is it wrong test?14:13
*** tonytan4ever has quit IRC14:17
*** jaosorior has joined #openstack-keystone14:17
*** tonytan4ever has joined #openstack-keystone14:17
*** lmiccini has joined #openstack-keystone14:19
*** guoshan has joined #openstack-keystone14:21
stevemardstanek: i think the fix is no less harmlful now than it was before14:22
stevemarhenrynash: around?14:24
dstanekstevemar: ah, ok. now i see what's happening. the available list is a None. odd, but whatever :-) i think what you have is fine14:24
stevemardstanek: ++14:25
*** guoshan has quit IRC14:25
stevemardstanek: i'm just wondering why it was None14:25
stevemarbut this might be one of those cases where we are coding for the "test"14:25
dstanekstevemar: that box may not have any crypto stuff compiled in. it's a deprecated option so it's probably not worth investigating too much14:26
stevemardstanek: right14:26
*** daemontool has joined #openstack-keystone14:26
stevemardstanek: if you're happy, punt it through14:26
stevemaroh its your change, i will punt it, sounds like you're oK with it14:26
stevemardstanek: give it a +1 if you're cool with the change14:27
dstanekstevemar: does it matter that the logic is slightly different than before?14:27
*** ezpz has joined #openstack-keystone14:27
stevemardstanek: before meaning that it defaulted to None if nothing was available?14:28
dstanekright14:28
stevemardstanek: i'd say it's better if we default to md5, cause None choices makes the option not work14:29
dstanekstevemar: md5 won't work either if the box doesn't have it available. i guess it doesn't matter either way then14:30
stevemardstanek: oh i guess choices=None just allows anything14:30
stevemarhttps://github.com/openstack/oslo.config/blob/fbe660df29093f51e9c852ed3d2c3ec89b9bcb7d/oslo_config/types.py#L100-L11414:30
dstaneki just gave the review a +114:30
stevemarand https://github.com/openstack/oslo.config/blob/fbe660df29093f51e9c852ed3d2c3ec89b9bcb7d/oslo_config/types.py#L142-L14314:30
*** guoshan has joined #openstack-keystone14:31
*** nishaYadav has joined #openstack-keystone14:31
stevemardstanek: i think i like setting choices to None more :)14:31
stevemardstanek: mind if i change it?14:31
*** michauds has joined #openstack-keystone14:31
dstanekstevemar: not at all. go fer it14:31
openstackgerritSteve Martinelli proposed openstack/keystone: Make hash_algorithms order deterministic  https://review.openstack.org/35122214:32
stevemardstanek: done14:32
dstanekstevemar: looks good to me, thanks14:38
*** ayoung_ZZZzzz is now known as ayoung14:42
openstackgerritSteve Martinelli proposed openstack/keystone: Update etc/keystone.conf.sample  https://review.openstack.org/35106014:46
*** prometheanfire has joined #openstack-keystone14:47
prometheanfirethe keystone logs on our tests are too long and causeing it to look like tests are failing, did you guys modify zuul / project-config to allow for more logs?14:47
prometheanfirehttp://logs.openstack.org/71/349371/5/check/gate-cross-keystone-python27-db-ubuntu-xenial/e4eeaf6/console.html#_2016-08-05_07_15_27_87980014:48
stevemarprometheanfire: oh noes, we've flirted with hitting the 50MB limit before14:50
stevemarprometheanfire: i don't think we've added any unusually large logging14:50
*** lmiccini_ has joined #openstack-keystone14:51
*** roxanaghe has joined #openstack-keystone14:52
*** jaugustine has joined #openstack-keystone14:53
prometheanfireya14:54
*** lmiccini has quit IRC14:54
prometheanfireit seems fairly reproducable for us14:54
*** clenimar has quit IRC14:54
*** clenimar has joined #openstack-keystone14:55
stevemarprometheanfire: i see "Reloading cached file" the policy file, at least 1300 times, and it sprews the entire contents of the policy file14:55
stevemaralso "The admin_token_auth middleware presents a security risk and should be removed from the" shows up 7500 times14:56
*** roxanaghe has quit IRC14:57
prometheanfireis there something we can do about those?14:57
prometheanfirewe are just running your tests with updated reqs14:57
*** hoonetorg has quit IRC14:57
stevemarthinking14:57
prometheanfirethanks14:57
stevemarthe policy one is coming from oslo.policy's debug https://github.com/openstack/oslo.policy/blob/43587dec7ea23e3454ee2d97e8c79b3a6f18991f/oslo_policy/policy.py#L37014:57
*** spzala has joined #openstack-keystone14:58
stevemarprometheanfire: can't we set the logging level for oslo.policy to be INFO for keystone14:58
prometheanfirethat I don't know14:59
stevemarprometheanfire: i think we can add oslo.cache=INFO to: https://github.com/openstack/keystone/blob/8a56c161ee29e34e70c6334b048881e8fbbd7514/etc/keystone.conf.sample#L19115:00
stevemarerr oslo.policy*15:00
prometheanfireoh, that's a nice one15:01
stevemarlemme double check stuff n things for ya15:01
prometheanfirelol15:01
*** spzala has quit IRC15:02
*** d0ugal has quit IRC15:05
*** clenimar_ has joined #openstack-keystone15:05
*** ddieterly is now known as ddieterly[away]15:08
*** ddieterly[away] is now known as ddieterly15:08
*** ddieterly is now known as ddieterly[away]15:08
*** hoonetorg has joined #openstack-keystone15:09
*** spzala has joined #openstack-keystone15:12
*** jistr is now known as jistr|mtg15:14
*** guoshan has quit IRC15:15
*** d0ugal has joined #openstack-keystone15:18
*** code-R has joined #openstack-keystone15:18
*** nisha_ has joined #openstack-keystone15:19
*** nisha_ has quit IRC15:19
*** code-R_ has joined #openstack-keystone15:20
*** tesseract- has quit IRC15:21
*** code-R has quit IRC15:23
*** rcernin has quit IRC15:26
*** itisha has joined #openstack-keystone15:26
SamYapleo/ prometheanfire15:29
dolphmhenrynash: ping15:29
*** ddieterly[away] is now known as ddieterly15:31
prometheanfireSamYaple: hi15:31
*** links has quit IRC15:33
*** ravelar has joined #openstack-keystone15:34
stevemardolphm: i've been trying to catch henrynash for a few days myself15:39
stevemardolphm: i need a masterball when he appears15:39
*** browne has joined #openstack-keystone15:39
stevemardolphm: so, selfishly, i like the read-only spec because it's 99% less code and complexity15:39
*** belmoreira has quit IRC15:40
stevemardolphm: i don't particularly care if it doesn't support non-fernet tokens15:41
bknudsonI can't think of a reason that going read-only for a while would be a problem for our deployment.15:41
bknudsonCan't speak for every deployment, though.15:41
dolphmbknudson: that's good to hear - and yeah, it's an idea that needs to ratification from busy deployments15:42
dolphmneeds some* ratification15:42
bknudsonwhether we make keystone read-only or a long delay, users are going to complain.15:42
bknudsonoperations will likely time out so they'll get an error either way15:43
dstanekbknudson: ++15:43
dstanekthe biggest issues i can think of are federated logins and pci enforcement15:44
*** GB21 has joined #openstack-keystone15:45
dolphmdstanek: yeah, i think we'd have to specifically skip PCI features that require writing, just to ensure auth still works15:46
dstanekwe probably just have to document that if you want to remain compliant that you still need downtime when you upgrade15:48
stevemardstanek: see my comments in https://review.openstack.org/#/c/351636/1 -- i noticed you +2'ed similar ones, do you agree/disagree with me on my comment?15:48
patchbotstevemar: patch 351636 - keystone - api-ref: Correcting parameters of Policies APIs15:48
dstanekstevemar: yeah i think that's a good idea to make it easier to read15:49
*** EinstCrazy has quit IRC15:52
prometheanfirestevemar: is your change something that'll happen soon or...?15:56
*** sdake has quit IRC15:56
*** sdake has joined #openstack-keystone15:56
* prometheanfire wants to know because it affects how we are doing reqs reviews15:56
stevemarprometheanfire: i looked our tests and i don't see the same logging :(15:56
prometheanfirehmm15:57
prometheanfirethat seems odd15:57
stevemarprometheanfire: i picked a random one: http://logs.openstack.org/98/351598/1/check/gate-keystone-python27-db-ubuntu-xenial/d85ab95/ and there's no spam there15:58
stevemarthe ones in our gate are ~40MB not >50 like the ones you shared15:58
prometheanfireya15:58
stevemarprometheanfire: i could still push that change through, its harmless, we could see if it changes things for you guys15:59
prometheanfirethat would be helful (hopefully15:59
stevemarbut i was wondering why you're seeing different results if its just tox -e py27...15:59
*** gyee has joined #openstack-keystone16:00
prometheanfire55M16:00
prometheanfirethat's our size16:00
*** jaugustine has quit IRC16:00
stevemaryeah, our tests are consistently 40MB16:01
stevemarDL'ed another, 4116:01
stevemarweird16:01
stevemarlet me push the oslo.policy logging change through, if nothing changes we can revert16:02
prometheanfirek, thanks16:02
*** code-R_ has quit IRC16:02
*** pcaruana has quit IRC16:05
*** KevinE has joined #openstack-keystone16:07
*** KevinE has quit IRC16:07
*** nisha_ has joined #openstack-keystone16:07
*** roxanaghe has joined #openstack-keystone16:08
*** KevinE has joined #openstack-keystone16:08
*** nishaYadav has quit IRC16:09
openstackgerritSteve Martinelli proposed openstack/keystone: make oslo.policy log INFO level by default  https://review.openstack.org/35182716:11
stevemarprometheanfire: want to try a depends-on and see what that produces?16:11
*** roxanaghe has quit IRC16:12
*** amoralej is now known as amoralej|off16:13
*** roxanaghe has joined #openstack-keystone16:13
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331416:14
prometheanfirestevemar: sure, I think I can alter the existing pr16:16
prometheanfirewell, not pr, but review16:16
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331416:17
*** code-R has joined #openstack-keystone16:19
openstackgerritRon De Rose proposed openstack/keystone: PCI-DSS Minimum password age requirements  https://review.openstack.org/34331416:20
stevemarprometheanfire: tomato vs tomatoe :P16:21
*** roxanaghe has quit IRC16:24
prometheanfirestevemar: dolphm says that gate-keystone-python27-db-ubuntu-xenial overrides a bunch of log level stuff16:26
prometheanfirealso, afk for meetings :(16:26
*** nishaYadav has joined #openstack-keystone16:32
*** nisha_ has quit IRC16:34
*** nisha_ has joined #openstack-keystone16:37
*** tonytan4ever has quit IRC16:39
*** nishaYadav has quit IRC16:41
*** nisha__ has joined #openstack-keystone16:43
*** ddieterly is now known as ddieterly[away]16:44
*** d0ugal has quit IRC16:44
*** tonytan4ever has joined #openstack-keystone16:45
*** nisha_ has quit IRC16:46
*** nisha_ has joined #openstack-keystone16:47
*** ddieterly[away] is now known as ddieterly16:48
*** nisha__ has quit IRC16:50
*** jpena is now known as jpena|off16:58
openstackgerritMerged openstack/python-keystoneclient: Add Python 3.5 classifier  https://review.openstack.org/34193116:59
*** nisha_ has quit IRC17:08
*** d0ugal has joined #openstack-keystone17:11
*** daemontool_ has joined #openstack-keystone17:13
*** EinstCrazy has joined #openstack-keystone17:15
*** itlinux has quit IRC17:15
*** daemontool has quit IRC17:16
*** Ephur has joined #openstack-keystone17:34
*** jed56 has quit IRC17:35
stevemardolphm: does it now? ^17:36
*** alisha has joined #openstack-keystone17:42
stevemarjdennis: o/17:44
stevemarjdennis: dtroyer is looking for ya :P17:44
jdennisstevemar: Dean and I communicated about 2 hours ago, is he still looking for me?17:45
stevemarjdennis: oops, maybe not, i am catching up on pings post-lunch17:45
*** ddieterly is now known as ddieterly[away]18:00
*** jaugustine has joined #openstack-keystone18:00
*** ezpz has quit IRC18:01
*** tonytan4ever has quit IRC18:03
*** michauds has quit IRC18:06
*** jaugustine has quit IRC18:07
*** diazjf has joined #openstack-keystone18:13
prometheanfirestevemar: let me know what the review is so I can dep on it18:20
*** adu has joined #openstack-keystone18:21
*** EinstCrazy has quit IRC18:22
*** daemontool_ has quit IRC18:23
stevemarprometheanfire: https://review.openstack.org/35182718:25
prometheanfirethanks, missed that18:26
*** GB21 has quit IRC18:27
*** code-R has quit IRC18:35
*** eeiden has joined #openstack-keystone18:37
*** mdurrant has joined #openstack-keystone18:37
*** roxanaghe has joined #openstack-keystone18:38
mdurrantfor v3, what should the default endpoint URL be in the service catalog?  <host>/identity/v3 ?  devstack gave it <host>/identity and some custom instance management code I wrote broke when we moved to v3, despite pulling the URL from the service catalog18:41
*** alisha has quit IRC18:42
mdurrantWhat's my question?  1) Is the devstsack URL correct?  2) If so, is there a method I need to call that properly constructs the identity endpoint URL ?18:44
*** roxanaghe has quit IRC18:46
*** ddieterly[away] has quit IRC19:00
*** catintheroof has quit IRC19:00
openstackgerritMerged openstack/python-keystoneclient: Add role functional tests  https://review.openstack.org/33511819:01
*** fifieldt has quit IRC19:02
*** roxanaghe has joined #openstack-keystone19:03
*** jaosorior has quit IRC19:04
*** ddieterly has joined #openstack-keystone19:05
*** Gorian_ has joined #openstack-keystone19:18
*** roxanaghe has quit IRC19:18
*** fifieldt has joined #openstack-keystone19:18
*** narengan1 has quit IRC19:24
*** sdake has quit IRC19:26
*** sdake has joined #openstack-keystone19:28
*** roxanaghe has joined #openstack-keystone19:30
bretonmdurrant: 1. yes19:31
bretonmdurrant: 2. no19:31
bretonmdurrant: apache in devstack is configured to be on /identity/19:31
bretonmdurrant: other instances can be configured other way19:32
bretonmdurrant: btw in addition to http://localhost/identity/ devstack still does http://localhost:5000/19:33
lbragstaddstanek you don't have a new cache region invalidation patch up yet do you?19:33
*** spzala has quit IRC19:39
*** spzala has joined #openstack-keystone19:39
*** spzala has quit IRC19:43
*** dave-mccowan has quit IRC19:45
*** dave-mccowan has joined #openstack-keystone19:45
*** slberger has joined #openstack-keystone19:47
*** thiagolib has quit IRC19:48
*** dave-mccowan has quit IRC19:50
*** roxanaghe has quit IRC19:55
*** dave-mccowan has joined #openstack-keystone19:57
*** slberger has quit IRC19:57
*** clenimar_ has quit IRC19:58
*** slberger has joined #openstack-keystone20:00
*** spzala has joined #openstack-keystone20:00
*** ddieterly is now known as ddieterly[away]20:02
dstaneklbragstad: no, that's what i'm working on20:03
*** spzala has quit IRC20:05
*** ddieterly[away] is now known as ddieterly20:07
*** ddieterly is now known as ddieterly[away]20:08
*** narengan has joined #openstack-keystone20:10
openstackgerritMerged openstack/keystone: Make hash_algorithms order deterministic  https://review.openstack.org/35122220:12
*** adu has quit IRC20:12
*** pnavarro|lunch has joined #openstack-keystone20:13
dstanekdoing a little multiprocess debugging right now20:17
*** diazjf1 has joined #openstack-keystone20:18
lbragstaddstanek nice20:18
*** diazjf has quit IRC20:21
bknudsonbug spam20:22
*** michauds has joined #openstack-keystone20:25
*** ametts has quit IRC20:26
*** code-R has joined #openstack-keystone20:32
*** ddieterly[away] is now known as ddieterly20:33
*** code-R_ has joined #openstack-keystone20:34
*** code-R has quit IRC20:37
stevemaranteaya: bknudson apparently marking it as invalid is marking it as spam20:39
anteayawell marking it as spam to whom?20:40
anteayaI'm not sure that designation will get the attention of launchpad admins20:40
stevemaranteaya: oh agreed, but i don't see a link to do that20:41
*** r-daneel has joined #openstack-keystone20:41
anteayaI think following this example may work: https://answers.launchpad.net/launchpad/+question/30326420:42
anteayabknudson: did you want to give this route a try?20:42
anteayaapparently you ask a question: https://answers.launchpad.net/launchpad20:44
anteayaseems asking a question entitled 'spam' is what someone else does20:45
anteayabknudson: let me know what you decide20:46
*** diazjf1 has quit IRC20:49
*** diazjf has joined #openstack-keystone20:52
*** ddieterly is now known as ddieterly[away]20:59
bknudsonanteaya: I clicked on the user's name and got 404, so I'm guessing drive-by21:01
bknudsonhopefully this doesn't become an epidemic.21:01
openstackgerritDolph Mathews proposed openstack/keystone-specs: Simplify manage-migration spec by introducing read-only mode  https://review.openstack.org/35179821:04
anteayawell you can also get the bug itself removed21:06
anteayawhich also would show spammers that their efforts are for naught21:06
*** diazjf has quit IRC21:06
*** gordc has quit IRC21:07
dolphmanteaya: bknudson: i marked it as Private to bury it21:10
anteayadolphm: ah thank you21:10
dolphmanteaya: i *think* the person who opened it can reverse that, but not if they lost their account21:11
anteayacool21:11
anteayaas long as it doesn't show up on search engines, that is all I care about21:11
*** sdake has quit IRC21:12
*** ddieterly[away] is now known as ddieterly21:12
dolphmanteaya: ++21:12
*** pnavarro|lunch has quit IRC21:12
*** michauds has quit IRC21:13
anteaya:)21:13
bknudsondolphm: cool, will try to remember that.21:15
*** iurygregory has quit IRC21:16
*** code-R_ has quit IRC21:18
*** code-R has joined #openstack-keystone21:18
*** code-R has quit IRC21:24
*** michauds has joined #openstack-keystone21:26
notmorganpeople are opening bugs with spam in them?21:30
notmorgandolphm, bknudson: also "opinion" buries a bunch of things too21:30
*** code-R has joined #openstack-keystone21:35
*** code-R has quit IRC21:40
*** edmondsw has quit IRC21:42
anteayanotmorgan: yeah spammers are hitting anything they can find once signed in with ubuntuone21:43
anteayawhich is our single sign on app we use21:44
anteayaI didn't know about opinion21:44
*** sdake has joined #openstack-keystone21:54
*** narengan has quit IRC21:55
prometheanfirestevemar: it doesn't look like it worked https://review.openstack.org/349371 http://logs.openstack.org/71/349371/6/check/gate-cross-keystone-python27-db-ubuntu-xenial/128e6ab/21:58
*** narengan has joined #openstack-keystone22:17
*** slberger has left #openstack-keystone22:18
*** ddieterly has quit IRC22:23
*** dave-mccowan has quit IRC22:24
*** code-R has joined #openstack-keystone22:28
*** adu has joined #openstack-keystone22:30
*** code-R_ has joined #openstack-keystone22:32
*** code-R has quit IRC22:35
*** ravelar has quit IRC22:38
*** roxanaghe has joined #openstack-keystone22:41
*** adu has quit IRC22:51
*** Gorian_ has quit IRC22:55
*** itisha has quit IRC23:00
*** code-R_ has quit IRC23:02
*** KevinE has quit IRC23:19
*** stewie925 has joined #openstack-keystone23:25
stewie925hello all - I have devstack and I tried running "keystone tenant-list" and I get this error: Traceback (most recent call last):   File "/usr/bin/keystone", line 6, in <module>     from keystoneclient.shell import main23:25
stewie925ImportError: No module named shell23:26
*** sdake has quit IRC23:31
*** roxanaghe has quit IRC23:34
*** michauds has quit IRC23:44
« Thursday, 2016-08-04 Index Saturday, 2016-08-06 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!