Friday, 2016-09-02

« Thursday, 2016-09-01 Index Saturday, 2016-09-03 »
*** markvoelker has quit IRC00:00
*** markvoelker has joined #openstack-keystone00:01
openstackgerritMerged openstack/keystone: Fixes spelling mistakes  https://review.openstack.org/36452700:08
*** fangxu has joined #openstack-keystone00:10
*** markvoelker has quit IRC00:35
*** tonytan4ever has joined #openstack-keystone00:38
*** markvoelker has joined #openstack-keystone00:44
stevemardolphm: o/00:45
lbragstadstevemar o/00:53
stevemarlbragstad: ahoy00:53
stevemarlbragstad: looks like a build error00:53
lbragstadstevemar digging00:53
stevemarlbragstad: just finishing something up, 30 more minutes :P00:53
stevemarlbragstad: your drive home is too quick00:53
stevemarlbragstad: MultiFernet requires at least one Fernet instance00:54
stevemarit'll fix the tests too00:54
lbragstadtrying to recreate locally00:55
*** chrisshattuck has joined #openstack-keystone00:57
*** chrisshattuck has quit IRC00:58
*** ddieterly has joined #openstack-keystone01:02
*** ddieterly is now known as ddieterly[away]01:02
*** spzala has joined #openstack-keystone01:20
*** ddieterly[away] is now known as ddieterly01:23
lbragstaddolphm stevemar so - those failures are interesting - i think they are because we moved them to be module level (?)01:23
*** arunkant has joined #openstack-keystone01:24
lbragstader - we move the get_multi_fernet_keys() and primary_key_hash() functions to be module level01:24
*** spzala has quit IRC01:25
stevemarlbragstad: ready eddie01:27
lbragstadstevemar sure thing01:27
*** ddieterly has quit IRC01:27
stevemarlbragstad: no idea, haven't looked at this in a while :(01:27
stevemardolphm: o/01:27
*** markvoelker has quit IRC01:28
*** markvoelker has joined #openstack-keystone01:35
*** EinstCrazy has joined #openstack-keystone01:38
*** wangqun_ has joined #openstack-keystone01:40
*** markvoelker has quit IRC01:40
*** esp has quit IRC01:41
*** gyee has quit IRC01:47
*** spzala has joined #openstack-keystone01:49
*** davechen has joined #openstack-keystone01:51
dolphmlbragstad: you're kidding01:55
lbragstaddolphm nope01:56
lbragstadworking through it now01:57
dolphmlbragstad: link to a failure?01:57
stevemardolphm: want to join our hangout?01:57
dolphmis that where all the cool kids are?01:58
lbragstaddolphm yep01:58
lbragstaddolphm , unit.TestCase01:59
lbragstaddolphm https://hangouts.google.com/hangouts/_/4zl5wbdnbrh6vol7kctelsz4rue?authuser=0&hl=en01:59
stevemardolphm: i feel funny about making a new required step in the upgrade path02:04
*** markvoelker has joined #openstack-keystone02:04
stevemarlbragstad: https://github.com/openstack-dev/grenade/tree/master/projects/10_keystone02:04
*** chlong has joined #openstack-keystone02:05
dolphmstevemar: required only if you're using credentials02:07
dolphmstevemar: but i agree - it's something we should be cautious about02:07
stevemardolphm: refer to https://review.openstack.org/#/c/355618/49/keystone/common/sql/data_migration_repo/versions/003_migrate_unencrypted_credentials.py02:07
lbragstaddolphm well, it's in the migration02:07
stevemardolphm: upgrade will fail02:07
lbragstadsame with new installs02:08
dolphmlbragstad: maybe query for any credentials first, before reading the credential repo?02:08
stevemarnew installs will fail if someone doesn't run credential_setup before running keystone02:08
stevemarthats what i said :)02:08
stevemarbut then the entire API will be unusable until someone runs credentials_setup :)02:09
*** phalmos has quit IRC02:10
stevemarlbragstad: https://review.openstack.org/#/c/355618/49/keystone/common/sql/contract_repo/versions/003_remove_unencrypted_blob_column_from_credential.py02:12
*** tqtran has quit IRC02:15
*** roxanaghe has joined #openstack-keystone02:15
*** browne has quit IRC02:19
openstackgerritEric Brown proposed openstack/keystone: Typo: key_manger_factory to key_mangler_factory  https://review.openstack.org/36461902:19
*** sdake has quit IRC02:21
*** fangxu has quit IRC02:23
*** su_zhang has joined #openstack-keystone02:23
*** markvoelker has quit IRC02:23
*** fangxu has joined #openstack-keystone02:25
*** tonytan4ever has quit IRC02:25
lbragstaddolphm are you able to recreate the key repository issues locally?02:25
*** fangxu has quit IRC02:26
lbragstaddolphm do we want to pull these back into the provider?02:26
lbragstadProvider class, that is?02:27
*** roxanaghe has quit IRC02:28
*** tonytan4ever has joined #openstack-keystone02:29
*** spzala has quit IRC02:30
*** su_zhang has quit IRC02:36
*** su_zhang has joined #openstack-keystone02:36
*** esp has joined #openstack-keystone02:38
*** su_zhang has quit IRC02:40
*** chrisshattuck has joined #openstack-keystone02:40
openstackgerritLance Bragstad proposed openstack/keystone: Implement encryption of credentials at rest  https://review.openstack.org/35561802:54
lbragstaddolphm  stevemar ^02:54
lbragstadthat's all passing for me locally02:54
stevemarlbragstad: one comment02:57
lbragstadstevemar responded02:59
lbragstadstevemar responded again03:02
*** asettle has joined #openstack-keystone03:05
stevemarlbragstad: responded again03:05
stevemarlbragstad: responded again again03:05
stevemardolphm: i'll give you a final looksy03:05
*** asettle has quit IRC03:10
*** __zouyee has joined #openstack-keystone03:20
stevemarlbragstad: nooo py34 failures03:28
stevemarlbragstad: keystone.exception.CredentialEncryptionError: Credential could not be encrypted: Unicode-objects must be encoded before hashing03:29
lbragstadstevemar we need an encode for the hash_key?!03:42
*** ianw has quit IRC03:46
*** links has joined #openstack-keystone03:46
*** tonytan_brb has joined #openstack-keystone03:47
*** tonytan4ever has quit IRC03:49
* stevemar shrugs at lbragstad03:53
lbragstadstevemar running it locally03:54
*** chlong has quit IRC04:01
*** esp has quit IRC04:07
*** fangxu has joined #openstack-keystone04:15
*** dikonoor has joined #openstack-keystone04:16
*** dikonoo has joined #openstack-keystone04:16
*** chrisshattuck has quit IRC04:17
openstackgerritLance Bragstad proposed openstack/keystone: Implement encryption of credentials at rest  https://review.openstack.org/35561804:17
lbragstadstevemar i think it's fixed...04:17
lbragstadstevemar running all the tests now04:17
lbragstadwell - starting with the py3404:17
lbragstadand they passed04:18
lbragstadrunning py2704:18
*** chlong has joined #openstack-keystone04:18
stevemarlbragstad: yay04:20
stevemardolphm or dstanek around?04:20
*** ianw has joined #openstack-keystone04:21
lbragstadstevemar alright py27 tests passed locally, too04:25
stevemarlbragstad: ffs, pep8 failed, but not your fault04:25
stevemarlbragstad: "gate-keystone-pep8-ubuntu-xenial: POST_FAILURE"04:25
lbragstadserious..04:25
stevemari'm going to hit the rebase button04:25
stevemarso it gets bumped and recheked04:25
openstackgerritSteve Martinelli proposed openstack/keystone: Implement encryption of credentials at rest  https://review.openstack.org/35561804:25
stevemardone..04:26
lbragstadstevemar yeah - pep8 passes locally04:26
lbragstadstevemar thansk04:26
stevemarlbragstad: dolphm and dstanek both +2ed, so i'm going to go ahead and +2/+W this one04:26
lbragstadstevemar do you know what the wait time on the gate queue is?04:28
stevemarlbragstad: only 2 patches deep04:28
stevemarlbragstad: and everything just had a post failure :|04:28
stevemarlbragstad: not yours though04:28
lbragstadstevemar 1 hour 10 minutes04:29
stevemarso you should get priority boarding lol04:29
lbragstadhopefully04:30
*** spzala has joined #openstack-keystone04:30
stevemarlbragstad: nope, post_failing all over the place04:33
*** spzala has quit IRC04:35
stevemarlbragstad: i don't see how this is a quick fix04:36
lbragstadpost_failing?04:36
*** evrardjp has quit IRC04:36
*** d34dh0r53 has quit IRC04:36
stevemarlbragstad: yeah, look at the check and gate queues: http://status.openstack.org/zuul/04:36
stevemareveyrthing is red04:36
lbragstad"he's dead jim"04:36
stevemarlbragstad: pretty much04:37
*** sigmavirus has quit IRC04:37
stevemarthe logs are saying nothing04:37
lbragstadstevemar so what's our plan04:37
stevemarlbragstad: merge it as a FFE and include it in rc1 i suppose04:37
stevemarlbragstad: in a few hours ttx is going to release keystone at whatever hash level i propose04:38
lbragstadok04:38
stevemarlbragstad: i can't propose a hash that isn't merged :\04:38
lbragstadstevemar agreed04:38
stevemarand the gate is, as you can see, dead04:38
lbragstadwanna consult in the morning?04:38
lbragstadI'm suppose to be out tomorrow afternoon but I'm around tomorrow morning to help with whatever I can04:39
stevemarlbragstad: we can recap and talk about merging this into rc104:39
lbragstadstevemar sounds good - i'll be on by 8 or earlier04:40
stevemarlbragstad: it definitely won't be going into newton-3 though, it's almost 7am in france, ttx will be releasing soon04:40
lbragstad9 or earlier your time04:40
lbragstadyeah...04:40
stevemarlbragstad: i'll be up in a few hours (the kiddo will inevitably wake us once :) )  i can recheck the change again04:42
stevemarlbragstad: anyway, i'm off for now04:43
stevemar"he's dead jim"04:43
lbragstadstevemar same - ping on google if you need anyting04:43
stevemarlbragstad: thanks for the extra hours today04:43
stevemari appreciate it ++04:43
lbragstadno problem - you too04:43
stevemaryour beers are on me in barcelona04:43
lbragstadlol - i'll hold ya to it ;)04:44
*** tonytan_brb has quit IRC04:44
*** _sigmavirus24 has joined #openstack-keystone04:44
*** d34dh0r53 has joined #openstack-keystone04:47
*** evrardjp has joined #openstack-keystone04:48
*** ravelar has joined #openstack-keystone04:51
*** dolphm has quit IRC05:07
*** fungi has quit IRC05:08
*** lbragstad has quit IRC05:09
-openstackstatus- NOTICE: The logs volume is full causing jobs to fail with POST_FAILURE. This is being worked on, please do not recheck until notified.05:09
*** ChanServ changes topic to "The logs volume is full causing jobs to fail with POST_FAILURE. This is being worked on, please do not recheck until notified."05:09
*** dolphm has joined #openstack-keystone05:13
*** ChanServ sets mode: +o dolphm05:13
*** lbragstad has joined #openstack-keystone05:18
*** fungi has joined #openstack-keystone05:22
*** chlong has quit IRC05:27
*** adriant has quit IRC05:27
*** adriant has joined #openstack-keystone05:32
*** ravelar has quit IRC05:32
*** ChanServ changes topic to "Newton Deadlines: http://releases.openstack.org/newton/schedule.html | Meeting Agenda https://etherpad.openstack.org/p/keystone-weekly-meeting"05:35
-openstackstatus- NOTICE: Space has been freed up on the log server. If you have POST_FAILURE results it is now safe to issue a 'recheck'05:35
*** richm has quit IRC05:39
*** chlong has joined #openstack-keystone05:48
*** adriant has quit IRC06:19
*** woodster_ has quit IRC06:29
*** rcernin has joined #openstack-keystone06:40
*** pcaruana has joined #openstack-keystone06:48
*** chlong has quit IRC06:49
*** tesseract- has joined #openstack-keystone07:02
*** NishaYadav has joined #openstack-keystone07:07
*** NishaYadav is now known as Guest104407:07
*** brad[] has quit IRC07:09
*** Guest1044 has quit IRC07:09
*** brad[] has joined #openstack-keystone07:10
*** nisha_ has joined #openstack-keystone07:14
*** nisha_ has quit IRC07:25
*** spzala has joined #openstack-keystone07:30
*** spzala has quit IRC07:35
*** jpena|off is now known as jpena07:51
*** __zouyee has quit IRC07:58
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** fangxu has quit IRC08:00
*** fangxu has joined #openstack-keystone08:01
*** joerch has left #openstack-keystone08:04
openstackgerritMerged openstack/keystone: Implement encryption of credentials at rest  https://review.openstack.org/35561808:04
openstackgerritMerged openstack/keystone: Typo: key_manger_factory to key_mangler_factory  https://review.openstack.org/36461908:05
*** asettle has joined #openstack-keystone08:07
*** __zouyee has joined #openstack-keystone08:16
*** EinstCra_ has joined #openstack-keystone09:03
*** __zouyee has quit IRC09:03
*** code-R has joined #openstack-keystone09:06
*** EinstCrazy has quit IRC09:06
*** jaosorior has joined #openstack-keystone09:11
*** code-R_ has joined #openstack-keystone09:11
*** code-R has quit IRC09:13
*** __zouyee has joined #openstack-keystone09:17
stevemarlbragstad: well this is awkward :)09:25
stevemarlbragstad: we released milestone 3 (without credential encryption) at 3 am09:26
stevemarlbragstad: andreas rechecked the credential encryption work and it merged at 4am09:26
stevemarso we'll have to revert it, or propose a FFE09:26
*** __zouyee has quit IRC09:41
*** EinstCra_ has quit IRC09:48
*** NishaYadav has joined #openstack-keystone09:52
NishaYadavo/09:53
*** joerch has joined #openstack-keystone09:54
*** EinstCrazy has joined #openstack-keystone10:02
*** EinstCrazy has quit IRC10:05
*** davechen has left #openstack-keystone10:10
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
openstackgerritDavanum Srinivas (dims) proposed openstack/keystone: [WIP] Testing latest u-c  https://review.openstack.org/31843510:10
*** markvoelker has joined #openstack-keystone10:10
*** EinstCrazy has joined #openstack-keystone10:10
*** richm has joined #openstack-keystone10:12
*** EinstCrazy has quit IRC10:13
*** EinstCrazy has joined #openstack-keystone10:13
*** EinstCrazy has quit IRC10:14
*** EinstCrazy has joined #openstack-keystone10:15
*** kevinbenton has quit IRC10:15
*** kevinbenton has joined #openstack-keystone10:17
*** wangqun_ has quit IRC10:17
*** markvoelker has quit IRC10:22
*** EinstCrazy has quit IRC10:24
*** NishaYadav has quit IRC10:27
*** markvoelker has joined #openstack-keystone10:30
*** NishaYadav has joined #openstack-keystone10:33
*** NishaYadav is now known as Guest4237010:33
samueldmqmorning keystone10:33
*** nisha_ has joined #openstack-keystone10:36
*** nisha_ has quit IRC10:36
*** Guest42370 has quit IRC10:38
*** nisha_ has joined #openstack-keystone10:38
nisha_good morning samueldmq10:39
*** markvoelker has quit IRC10:40
*** snecklifter has quit IRC10:44
*** snecklifter has joined #openstack-keystone10:45
samueldmqnisha_: o/10:45
*** amakarov has joined #openstack-keystone10:51
*** dikonoor has quit IRC11:07
*** dikonoo has quit IRC11:07
*** afred312 has quit IRC11:07
*** darrenc has quit IRC11:07
*** lamt has quit IRC11:07
*** anteaya has quit IRC11:07
*** jidar has quit IRC11:07
*** dikonoor has joined #openstack-keystone11:09
*** dikonoo has joined #openstack-keystone11:09
*** afred312 has joined #openstack-keystone11:09
*** darrenc has joined #openstack-keystone11:09
*** lamt has joined #openstack-keystone11:09
*** anteaya has joined #openstack-keystone11:09
*** jidar has joined #openstack-keystone11:09
openstackgerritMikhail Nikolaenko proposed openstack/keystone: [WIP] Move fernet utils to backend  https://review.openstack.org/35649911:18
*** dikonoor has quit IRC11:24
*** dikonoo has quit IRC11:25
*** dikonoor has joined #openstack-keystone11:25
*** dikonoo has joined #openstack-keystone11:25
*** jpena is now known as jpena|extendedlu11:28
*** jpena|extendedlu is now known as jpena|longlunch11:29
*** spzala has joined #openstack-keystone11:31
*** spzala has quit IRC11:35
*** aloga has quit IRC11:41
*** nisha__ has joined #openstack-keystone12:04
*** _sigmavirus24 is now known as sigmavirus12:05
*** sigmavirus has joined #openstack-keystone12:05
*** nisha__ is now known as nishaYadav12:05
*** ekarlso_ has joined #openstack-keystone12:05
*** raildo has joined #openstack-keystone12:06
*** nisha_ has quit IRC12:07
*** ekarlso_ has quit IRC12:11
*** flaper87 has quit IRC12:11
*** asettle has quit IRC12:13
*** __zouyee has joined #openstack-keystone12:27
*** rodrigods has quit IRC12:27
*** rodrigods has joined #openstack-keystone12:27
*** flaper87 has joined #openstack-keystone12:29
*** flaper87 has quit IRC12:29
*** flaper87 has joined #openstack-keystone12:29
*** rreimberg has joined #openstack-keystone12:37
*** jaosorior has quit IRC12:43
*** jaosorior has joined #openstack-keystone12:43
*** dikonoor has quit IRC12:52
dikonoobknudson :Hi12:52
dikonoobknudson : I need another +2 for this to get merged.  A very simple bug fix.https://review.openstack.org/#/c/359675/312:53
dikonoobknudson: Could you take a look?12:53
*** woodster_ has joined #openstack-keystone12:56
*** erhudy has joined #openstack-keystone12:58
bknudsondikonoo: It's on my list of things to look at.13:03
*** __zouyee has quit IRC13:03
dikonoobknudson : sure.Thanks13:04
*** ezpz has joined #openstack-keystone13:04
lbragstadstevemar hmm13:07
*** pauloewerton has joined #openstack-keystone13:07
*** jaosorior has quit IRC13:09
*** ezpz has quit IRC13:09
*** asettle has joined #openstack-keystone13:13
*** BjoernT has joined #openstack-keystone13:14
*** BjoernT is now known as Bjoern_zZzZzZzZ13:14
*** aloga has joined #openstack-keystone13:15
*** spzala has joined #openstack-keystone13:16
openstackgerritMikhail Nikolaenko proposed openstack/keystone: [WIP] Move fernet utils to backend  https://review.openstack.org/35649913:16
*** asettle has quit IRC13:19
*** Bjoern_zZzZzZzZ is now known as BjoernT13:22
*** dstanek has quit IRC13:25
*** madorn has quit IRC13:27
*** ayoung has joined #openstack-keystone13:29
*** ChanServ sets mode: +v ayoung13:29
*** dstanek has joined #openstack-keystone13:34
*** ChanServ sets mode: +v dstanek13:34
*** madorn has joined #openstack-keystone13:34
*** code-R_ has quit IRC13:39
*** links has quit IRC13:41
openstackgerritDoug Hellmann proposed openstack/python-keystoneclient: Update reno for stable/newton  https://review.openstack.org/36494413:42
samueldmqdo we have the concept of x509 federated authentication ?13:46
*** kevinbenton has quit IRC13:47
rodrigodssamueldmq, it is the "tokenless auth"13:49
rodrigodshmm "federated"13:49
rodrigodsdon't think so13:49
*** su_zhang has joined #openstack-keystone13:49
bknudsonx509 authentication was added a couple of releases ago13:49
samueldmqI don't see the relation between users and certificates13:50
samueldmqthus not the relation between local vs federated in that context13:50
bknudsonit maps the cn to a user or something13:50
*** kevinbenton has joined #openstack-keystone13:50
rodrigodsit is more used for services users13:50
rodrigodssince the services have a certificate in a tls env13:51
bknudsonhttp://git.openstack.org/cgit/openstack/keystone-specs/tree/specs/keystone/liberty/keystone-tokenless-authz-with-x509-ssl-client-cert.rst13:51
samueldmqhmm okay13:52
samueldmqso it uses the concept of mapping as well13:52
samueldmqhttp://docs.openstack.org/developer/keystone/configure_tokenless_x509.html13:52
*** browne has joined #openstack-keystone13:52
samueldmqjust as federation does13:52
rodrigodsyes, it gets the env vars exported by apache and maps to keystone concepts using mappings13:52
samueldmqrodrigods: bknudson: thanks for clarifying, I am looking at this cp spec : https://review.openstack.org/#/c/22229313:54
samueldmqthat talks a lot about that functionality13:54
*** su_zhang has quit IRC13:55
*** su_zhang has joined #openstack-keystone13:55
*** ravelar has joined #openstack-keystone13:59
*** su_zhang has quit IRC13:59
*** su_zhang has joined #openstack-keystone14:00
*** tesseract- has quit IRC14:03
*** code-R has joined #openstack-keystone14:04
dstaneki truly hate "D202  No blank lines allowed after function docstring"14:04
lbragstaddstanek here is a fix from dolphm's refactor a while back https://review.openstack.org/#/c/364986/14:05
dstaneklbragstad: coolio, i'll take a look14:08
dstaneki suck at this vacation thing everyone talks about :-(14:09
samueldmqstevemar: it would be nice if a keystoner with experience in eventlet issues and why we dropped it voiced @ https://review.openstack.org/#/c/16403514:09
samueldmqit's a cross-project spec talking about dropping eventlet support; and we've done it already! :)14:10
samueldmqkeystone cores ^14:10
*** tesseract- has joined #openstack-keystone14:13
dstaneklbragstad: dolphm: https://review.openstack.org/36456214:13
dstaneknot sure why the bot didn't report that in here....14:13
dstanekoh, samueldmq. you already +2ed that before bknudson vetoed your vote14:14
bknudsonI've got a veto?14:15
dstanekbknudson: you know you do and you love to use it14:16
dstanekbknudson: i added a test for my new functionality and as a bonus added a test for the original functionality (for free!)14:18
openstackgerritEric Brown proposed openstack/python-keystoneclient: Update reno for stable/newton  https://review.openstack.org/36494414:18
*** spedione|AWAY is now known as spedione14:19
bknudsondstanek: that's just a bot that I run that posts -1 when there's no test changes.14:20
bknudsonI wish.14:20
samueldmqdstanek: 1 test + 1 for free ? I will take a look before it's sold out14:20
*** nisha_ has joined #openstack-keystone14:22
bknudsonwe should change the managers to use wrapt - https://wrapt.readthedocs.io/en/latest/14:22
bknudsonrather than maintaining our own crappy implementation14:22
dstanekbknudson: maybe, but i don't care about managing the 3 lines of code since it's easy to see what they do14:23
dstanekbrowne: breton: you guys may be working toward the same goal on backporting my cache invalidation patch14:23
samueldmqdstanek: I think your tests test_callable_passthru is not showing it is passing through14:24
samueldmqdstanek: if it was caching it would still pass I believe14:25
dstanekbknudson: i'll have to look into that a bit more. lots there to understand14:25
dstaneksamueldmq: why is that?14:25
*** nishaYadav has quit IRC14:25
*** asettle has joined #openstack-keystone14:25
dstanekbecause the values are different?14:25
brownedstanek: looks it requires dogpile.cache 0.6.2, but mitaka is on 0.5.714:25
dstanekbrowne: yep, exactly14:25
brownewhat's the rules on updating upper-constraints in stable releases14:26
dstanekbrowne: breton was talking about getting some inspiration from some of the older patchsets that did the monkey patching14:26
samueldmqdstanek: no, test_property_passthru is okay asserting the values are different14:26
*** ezpz has joined #openstack-keystone14:26
bknudsonupper-constraints only shows what the gate tests. The project's requirements.txt tells what versions are supported.14:26
dstanekbrowne: that i don't know because last time i asked i got two different answers. if you find the docs for it i'd love to see them14:26
dstaneksamueldmq: oh i see. no if the value was cached it would always return the same number14:27
samueldmqdstanek: but test_callable_passthru is not correct I think, it passes anyways, because the cache would be the same anyways14:27
dstanekif you run that test against master you'll see it fail14:27
brownebreton: feel free to take over my patch if you like.  i just started the cherry-pick, because i need to test it out on mitaka14:28
dstaneksamueldmq: in current paster mgr.p would be the same no matter how many times you call it14:28
dstaneki need to ensure they are always different in this test14:29
samueldmqdstanek: so it would be nice to prove with a counter too14:29
samueldmqdstanek: I commented out your change in the common manager14:29
dstaneksamueldmq: prove what?14:29
samueldmqdstanek: and the tests still pass14:29
dstaneksamueldmq: really? fails on master for me14:30
dstaneksamueldmq: did you leave the setattr in?14:30
samueldmqdstanek: ah no, I commented it too14:30
samueldmqmb14:30
samueldmqdstanek: but test_callable_passthru still passes14:31
dstaneksamueldmq: then you are not testing correctly. the original code was doing the setattr as a caching optimization and that's the problem :-)14:32
*** gema has joined #openstack-keystone14:33
samueldmqdstanek: if the manager caches Inner and method, the test passes14:33
samueldmqdstanek: if it does not, the test still passes14:34
dstaneksamueldmq: oh, that test is just showing the existing behavior works. you get the thing you are asking ofr14:34
*** su_zhang has quit IRC14:34
*** su_zhang has joined #openstack-keystone14:35
*** spedione is now known as spedione|AWAY14:36
samueldmqdstanek: but if callable, it should not be a passthrough14:36
samueldmqbut a cache instead?14:36
dstaneksamueldmq: no, it should give back the thing. we use setattr so that we don't even trigger the __getattr__ for the second call14:37
gemaI wonder if someone could help us figure out what public, internal and admin endpoints are supposed to be so that we can set them up correctly and expose them to the world ?14:37
gemathe documentation is not helping a ton or we haven't found the right doc for this14:37
dstanek__getattr__ is expensive and is only called when you are asking for something that an object does not have. so after the first lookup we use setattr so that it will have it14:37
samueldmqdstanek: okay, so what was the issue with the previous behavior ? (setting the attribute in the manager too)14:38
samueldmqdstanek: ah, the case where attributes are dynamic ?14:38
gema(this is on newton)14:38
dstaneksamueldmq: yes properties. the original code would look them up and save the value to the instance. so the property would not be invoked a second time14:39
*** spedione|AWAY is now known as spedione14:39
*** su_zhang has quit IRC14:39
dstanekbknudson: the assertIs wasn't working for some reason14:39
dstanekbknudson: they are clearly the same object http://paste.openstack.org/show/566090/ and when debugging had the same id14:40
dstaneki was in a rush so i didn't try to figure out what was going on14:40
samueldmqdstanek: ok, adding one more "contradiction" to my count, +2'ed as it is14:44
samueldmqlet's see if bknudson likes it as it is too :-)14:45
bknudsonI'm not in a rush14:46
*** links has joined #openstack-keystone14:47
*** EinstCrazy has joined #openstack-keystone14:47
*** EinstCrazy has quit IRC14:52
stevemaro/14:53
*** EinstCrazy has joined #openstack-keystone14:53
*** EinstCrazy has quit IRC14:55
*** thebloggu has joined #openstack-keystone14:55
*** phalmos has joined #openstack-keystone14:57
*** rcernin has quit IRC15:01
*** links has quit IRC15:03
bknudsongerrit is slow15:05
lbragstadyup15:06
dstanekgerrit is not happy today15:07
stevemargerrit is not in a rush, like bknudson15:08
lbragstadweekend started early ;)15:08
dstanekbknudson: samueldmq: i'm on vacation today - so i probably won't be around to address follow up comments until later in the afternoon15:08
openstackgerritEric Brown proposed openstack/keystone: Few commands missing from configuration doc  https://review.openstack.org/36502215:08
stevemarbrowne: theres also credential_rotate and credential_migrate now15:11
browneoh ok, i can update15:12
stevemaranyone want to push https://review.openstack.org/#/c/359675/ ?15:13
stevemarit adds i18n support to a message in keystonemiddleware15:13
*** pcaruana has quit IRC15:15
*** sdake has joined #openstack-keystone15:16
openstackgerritEric Brown proposed openstack/keystone: Few new commands missing from docs  https://review.openstack.org/36502215:18
*** jpena|longlunch is now known as jpena15:19
stevemarbrowne: thanks for fixing all the release note patches +115:19
brownenp15:20
-openstackstatus- NOTICE: The Gerrit service on review.openstack.org is restarting quickly to relieve resource pressure and restore normal performance15:21
*** spzala has quit IRC15:26
*** chrisshattuck has joined #openstack-keystone15:26
*** phalmos has quit IRC15:28
*** spzala has joined #openstack-keystone15:29
*** spzala has quit IRC15:29
*** phalmos has joined #openstack-keystone15:29
*** code-R has quit IRC15:33
samueldmqstevemar: I can do it in a couple of minutes, if nobody else does it first15:35
*** arunkant has joined #openstack-keystone15:36
*** nisha_ has quit IRC15:39
*** tesseract- has quit IRC15:42
samueldmqstevemar: does that need a release note ?15:42
samueldmqnot sure it's a bug, mostly an enhacement ?15:43
samueldmqenhancement*15:43
stevemarsamueldmq: huh? the i18n logging in keystonemiddleware?15:44
samueldmqstevemar: yes15:47
samueldmqstevemar: it's not a fix of a real bug (even if there is one registered), just an enhancement15:47
samueldmqso perhaps it's fine as it is15:47
stevemarsamueldmq: first rderose asks for a test then you ask for a release note :)15:48
stevemarsamueldmq: its such a tiny change lol15:48
samueldmqstevemar: in that case it'd be nice to have a test for the release note too15:48
stevemar*shakes fist*15:48
samueldmqstevemar: +A :-)15:48
dimsrderose : Ron, my brain is still parsing your nick as "redrose"...15:54
samueldmqdims: lol I had never thought it like that :-)15:55
dimssamueldmq : if you liked that, try this http://www.dailywritingtips.com/cna-yuo-raed-tihs/15:57
*** chrisshattuck has quit IRC15:57
*** phalmos has quit IRC15:58
samueldmqdims: lol nice, I saw that once in Portuguese; I was able to read it in English too15:58
samueldmqbrain rocks15:58
dimstotally :)15:58
stevemardims: hehe, it's a good tea :)15:58
*** chrisshattuck has joined #openstack-keystone16:00
lbragstadstevemar dolphm dstanek added more docs for credential encryption - https://gist.github.com/lbragstad/ddfb10f9f9048414d1f781ba006e95d1#encrypted-credential-key-management16:03
*** roxanaghe has joined #openstack-keystone16:10
openstackgerritMerged openstack/keystonemiddleware: Update reno for stable/newton  https://review.openstack.org/36241416:11
ayoungWhat did we do with the API docs?16:11
openstackgerritEric Brown proposed openstack/keystone: Add doctor checks for credential fernet keys  https://review.openstack.org/36504916:12
ayoungstevemar, we pulled API out of http://git.openstack.org/cgit/openstack/keystone-specs/tree/  where did we put it?16:12
*** tonytan4ever has joined #openstack-keystone16:13
*** tonytan_brb has joined #openstack-keystone16:19
*** asettle has quit IRC16:21
*** tonytan4ever has quit IRC16:22
*** dims has quit IRC16:23
*** gyee has joined #openstack-keystone16:24
* samueldmq ayoung: https://github.com/openstack/keystone/tree/master/api-ref/source16:25
samueldmqayoung: https://github.com/openstack/keystone/tree/master/api-ref/source16:26
samueldmqnot sure where /me came from16:26
openstackgerritMerged openstack/python-keystoneclient: Remove deprecated 'data' credential argument  https://review.openstack.org/35256716:26
lbragstadsamueldmq my textual client does that sometimes16:26
lbragstadhttps://www.google.com/16:26
lbragstadtried to get it to happen ^16:26
samueldmqlbragstad: hmm16:26
samueldmqlbragstad: hehe, I am using irccloud16:27
lbragstadsometimes when i paste only links, it somehow interprets it as /me <link>16:27
samueldmqlbragstad: looks to be the case that just happened to me16:27
*** amakarov is now known as amakarov_away16:28
*** dims has joined #openstack-keystone16:32
samueldmqlbragstad: doctor takes the docstring and prints it out ?16:40
*** ebalduf_ has joined #openstack-keystone16:41
*** rdo_ has joined #openstack-keystone16:43
openstackgerritMerged openstack/keystoneauth: Update reno for stable/newton  https://review.openstack.org/36241216:43
*** tqtran has joined #openstack-keystone16:43
*** rdo_ has quit IRC16:43
*** esp has joined #openstack-keystone16:46
lbragstadsamueldmq16:47
lbragstadsamueldmq yep16:47
samueldmqlbragstad: cool16:48
*** su_zhang has joined #openstack-keystone16:50
openstackgerritMerged openstack/keystonemiddleware: Globalize authentication failure error  https://review.openstack.org/35967516:56
stevemarayoung: yeah, the source is here: https://github.com/openstack/keystone/tree/master/api-ref/source and gets rendered here: http://developer.openstack.org/api-ref/identity/v3/index.html17:01
stevemarayoung: for the sake of backing up, all the old stuff is here: https://github.com/openstack/keystone-specs/tree/master/attic17:02
stevemarayoung: the new published APIs should have parity with the old stuff17:02
stevemarayoung: we had an API sprint a few weeks back if you recall17:03
stevemarand folks have been cleaning up whatever lingered from the sprint17:03
lbragstadstevemar i'm out for the afternoon - ping me on google hangout if you need anything17:07
lbragstadi'll be on the road until 517:08
*** roxanaghe has quit IRC17:10
*** roxanaghe has joined #openstack-keystone17:10
*** ddieterly has joined #openstack-keystone17:12
openstackgerritEric Brown proposed openstack/keystone: Add doctor checks for credential fernet keys  https://review.openstack.org/36504917:16
*** BjoernT is now known as Bjoern_zZzZzZzZ17:16
*** ddieterly has quit IRC17:19
*** chrisshattuck has quit IRC17:19
*** ddieterly has joined #openstack-keystone17:25
*** markvoelker has joined #openstack-keystone17:29
stevemarlbragstad: let's deal with the ffe on monday17:29
stevemarerr tuesday17:29
stevemarlong weekend for most17:29
*** ddieterly is now known as ddieterly[away]17:31
*** phalmos has joined #openstack-keystone17:32
samueldmqstevemar: ffe ?17:33
samueldmqstevemar: for what ?17:33
*** markvoelker has quit IRC17:34
*** Bjoern_zZzZzZzZ is now known as BjoernT17:34
*** markvoelker has joined #openstack-keystone17:34
-openstackstatus- NOTICE: The infrastructure team is taking Gerrit offline for maintenance, beginning shortly after 18:00 UTC for a potentially 4 hour maintenance window.17:38
stevemarsamueldmq: credential encryption17:39
samueldmqstevemar: oh I thought that was in before yesterday's cut17:39
*** phalmos has quit IRC17:42
*** ebalduf_ has quit IRC17:46
*** phalmos has joined #openstack-keystone17:47
*** adrian_otto has joined #openstack-keystone17:49
*** thebloggu has quit IRC17:52
*** chrisshattuck has joined #openstack-keystone17:53
*** fangxu has quit IRC17:57
stevemarsamueldmq: nope!17:58
*** ravelar has quit IRC17:58
stevemarsamueldmq: we tagged at 816d26046af0482aa52a5b8faafe8ed1591cf8c617:58
stevemarhttps://github.com/openstack/keystone/commits/master17:59
stevemarso Merge "Fixes spelling mistakes"17:59
samueldmqstevemar: so it was mitaka-3 rc1 ?18:00
*** jpena is now known as jpena|off18:01
*** su_zhang has quit IRC18:01
stevemarnewton rc1 ;)18:01
samueldmqstevemar: ah , yes18:02
*** ravelar has joined #openstack-keystone18:04
-openstackstatus- NOTICE: Gerrit is now going offline for maintenance, reserving a maintenance window through 22:00 UTC.18:04
*** ChanServ changes topic to "Gerrit is now going offline for maintenance, reserving a maintenance window through 22:00 UTC."18:04
samueldmqpoor gerrit18:05
*** su_zhang has joined #openstack-keystone18:05
*** su_zhang has quit IRC18:07
*** chrisshattuck has quit IRC18:07
*** ravelar has quit IRC18:12
jaugustineSounds like it's time for the weekend ! ;)18:13
*** ddieterly[away] is now known as ddieterly18:20
*** spzala has joined #openstack-keystone18:20
EmilienMstevemar: hello18:22
stevemarEmilienM: o/18:22
stevemarlbragstad or dolphm around?18:22
* EmilienM invokes Keystone gods18:23
stevemarwell lbragstad probably won't be around...18:23
stevemar"lbragstad: stevemar i'm out for the afternoon - ping me on google hangout if you need anything"18:23
* dolphm is also sort of not here18:23
stevemarEmilienM: you're stuck with me!18:23
EmilienMstevemar: between canadians :P18:23
stevemarEmilienM: so read the third point over here: http://docs.openstack.org/releasenotes/keystone/unreleased.html#upgrade-notes18:23
stevemarerrr 4th point18:24
* EmilienM reading18:24
EmilienMstevemar: ok but our CI doesn't do upgrades18:24
EmilienMit's fresh installs18:24
*** dikonoo has quit IRC18:25
*** spzala has quit IRC18:25
*** fangxu has joined #openstack-keystone18:25
*** gyee has quit IRC18:25
stevemarEmilienM: right, so that kinda of implies that you've "upgraded" all the way, which means we no longer support storing unencrypted credentials, they have to be encrypted now18:25
stevemarDeployers must run keystone-manage credential_setup in order to use the credential API within Newton18:26
EmilienMok18:26
EmilienMI'm going to investigate our we do in puppet keystone and I'll let you knpow18:26
EmilienMthanks18:26
*** spzala has joined #openstack-keystone18:26
EmilienMstevemar: is it a problem on multi keystone servers?18:26
stevemarEmilienM: are they sharing the same database?18:26
*** phalmos has quit IRC18:26
EmilienMstevemar: yes18:27
EmilienMin tripleo we don't use fernet anyway so18:27
EmilienMI guess that's fine?18:27
EmilienMthe encryption is in db?18:27
stevemarEmilienM: that's fine, fernet is just a technique for encrypting things, this is totally different from fernet tokens18:28
stevemaryes, the values in the db will be encrypted18:28
stevemarthis is where i wish lbragstad and dolphm were around :)18:28
stevemarEmilienM: i want to say that you'll have to run credential_setup on each server, but they'd know better than i18:29
EmilienMayoung: https://bugs.launchpad.net/keystone/+bug/1619758/comments/118:29
openstackLaunchpad bug 1619758 in tripleo "Credential Encryption breaks deployments without Fernet" [Undecided,New]18:29
EmilienMstevemar: ok i'm doing this work now18:29
*** ravelar has joined #openstack-keystone18:29
EmilienMstevemar: thanks ! (lol)18:29
EmilienMstevemar: it was friday18:29
EmilienMand I was about to leave18:29
EmilienMand you broke my afternoon.18:29
stevemarEmilienM: :(18:30
*** phalmos has joined #openstack-keystone18:30
*** spzala has quit IRC18:30
stevemarEmilienM: more info here: https://github.com/openstack-dev/devstack/commit/69d4a71dfe86e8111101dcd1bcf5a4138a7956a4 and here: https://github.com/openstack-dev/grenade/blob/master/projects/10_keystone/from-mitaka/upgrade-keystone18:31
ayoungstevemar, going to write a no-op driver18:32
ayoungwe'll make that the default18:32
EmilienMlol18:32
ayoungstevemar, We are not forcing Fernet Keys on Tripleo.  It is not a feasable task18:33
EmilienMstevemar: it's a bit sad to see this kind of change just before a release18:33
*** su_zhang has joined #openstack-keystone18:33
ayoungEmilienM, meh, its expected18:33
EmilienMstupid question: is there something else I should know?18:33
ayoungwe need the feature, we just can't make it the default without an alternative18:33
*** ravelar has quit IRC18:34
*** chrisshattuck has joined #openstack-keystone18:34
EmilienMok puppet-keystone doesn't have credential_setup support18:34
EmilienMi'm adding it by default18:34
ayoungEmilienM, that will break the credential backend18:35
ayoungwe have three Keystone servers.  If each generates and uses their own sym keys, and talk to the same database, one will encrypt with one key, and another will try to decrypt with a different one and fail18:35
ayoungwe need key sync and rotation.18:35
ayoungWe need Kite18:36
ayoungbut that kite has sailed18:36
EmilienMso Keystone is currently broken if you run multiple keystone servers?18:36
notmorganoh snap, rderose is core.18:36
notmorgan;)18:36
notmorganayoung: no-op for what?18:37
* notmorgan is reading backscroll.18:37
*** roxanaghe has quit IRC18:37
ayoungnotmorgan, credential encryption using the sym keys from fernet18:37
* notmorgan has also been driving for 2 full days...sooooo18:37
notmorganayoung: oh. yeah.18:37
ayoungand pretty sure that driver should not be called Fernet, as it is just encrypting18:37
ayoungnot Fernetting18:37
notmorganayoung: i would call it AES :P18:37
notmorganayoung: as that is what it is.18:38
ayoungnotmorgan, ++18:38
notmorganayoung: i mean it is using HMAC(AES(payload)) but i mean.. standard way to "do it right"18:38
ayoungAES is about right18:39
notmorganfernet is just a wrapper for exactly that.18:39
ayoungsure...and Fernet is a fine name.18:39
ayoungI see that it really is doing Fernet....good enough18:39
notmorganbut it is less about the "fernet" model of use (tokens with a payload) and more about the AES part in this case18:39
notmorganbut i would call it AES personally - but renaming it now... mayyyyyy not be worth the headache18:40
EmilienMstevemar: at what time should I run credential_setup ?18:40
EmilienMright after bootstrap?18:40
EmilienMor after fernet_setup ?18:40
notmorganEmilienM: before or after fernet_setup is fine18:40
notmorganEmilienM: it is just another fernet-like repository of keys18:40
notmorganEmilienM: fernet_setup has no impace on credential_setup and vice-versa18:40
EmilienMbefore or after keystone-manage bootstrap ?18:41
notmorganvise-versa?18:41
EmilienMvice-versa18:41
notmorganEmilienM: wont matter as long as the config has the repo location defined18:41
notmorgankeystone-manage bootstrap is setting up the DB itself.18:41
notmorganw/ user/roles/project/etc18:41
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508718:41
EmilienMok good. Thanks.18:41
dolphmEmilienM: stevemar: it's a lot like the pattern for setting up fernet tokens -- you'll need to run credential_setup *once* on *one* server, sync the keys around, and you're good to go. there are operations to rotate keys, but there's no reason any of that should be a a regular operation (unless you think the database is compromised, or something)18:41
notmorgancredential data isn't touched by that18:41
stevemarEmilienM: sorry, was on a call for 10 minutes, i'd say after bootstrap is fine18:41
EmilienMok18:42
ayoungdolphm, that is not a trivial amount of infrastructure to write18:42
notmorganEmilienM: i generally would make bootstrap *always* first (best practice)18:42
EmilienMayoung: how are we going to do for tripleo?18:42
ayoungyou are talking a bout syncing crypto keys18:42
notmorganEmilienM: the other stuff is all interchangable.18:42
ayoungEmilienM, I started an etherpad18:42
EmilienMayoung: use noop?18:42
ayoungEmilienM, https://etherpad.openstack.org/p/keystone-fernet-token-cms18:42
ayoungEmilienM, that is a bandaid18:42
ayoungno-op will be the default in Keystone.  We can't force people to Fernet18:43
EmilienMright18:43
notmorganayoung: NSS! USE NSS! I mean...18:43
ayoungonce we have a key sync/rotate story in place, we can deprecate no-op and migrate people to fernet18:43
notmorganayoung: /me goes back under a rock.18:43
ayoungnotmorgan, works for me18:43
ayoungnotmorgan, CMS18:43
notmorganhehe18:43
dolphmayoung: you can also generate keys on the orchestration host and ship them to other servers18:44
dolphmayoung: no need to use keystone's native credential_setup command18:44
notmorgandolphm: do we have an ansible playbook for that pattern yet?18:44
dolphmit just creates a directory and populates it with a couple keys18:44
ayoungdolphm, yep, and that is what we are planning on doing.18:44
notmorgandolphm: it feels like we should.18:44
dolphmnotmorgan: not in OSA - they don't want credentials touching the ansible host18:44
ayoungdolphm, so, to do it right implies each of the Keystone servers has a way to decrypt messages means just for it18:44
ayoungit is actually really really close to the Kite use case18:45
notmorgandolphm: no, i mean a general playbook that could be used for "genering/syncing" keys18:45
notmorganregardless of *where* they are18:45
ayoungonly we need this to work without Keystone auth18:45
dolphmnotmorgan: oh, i think lance does18:45
dolphmnotmorgan: he has like a fernet_rotate ansible playbook18:45
*** fangxu has quit IRC18:45
notmorgandolphm: make sure that gets pubished up in some place "official"-ish18:45
notmorganlbragstad: ^18:45
ayoungEmilienM, once we have the FreeIPA integration, we will have a X509 story, and with that, a way to transport the keys18:45
dolphmnotmorgan: where would ansible playbook go, officially, if they're not part of openstack-ansible?18:45
notmorganbecause it should be something usable in general18:45
EmilienMayoung: ok18:46
EmilienMayoung: but how are we going to do for newton?18:46
ayoungwithout that, we have the risk if we did, say ,a Heat artifact, where the tarball would be world readable in the metadata.18:46
EmilienMthe release is almost out18:46
EmilienMand this thing just happens18:46
ayoungEmilienM, for Newton, we use No Op18:46
notmorgandolphm: i'd ask rbergeron18:46
notmorgandolphm: she might have some guidance for that.18:46
notmorgan(she's not in this channel)18:46
ayoungnotmorgan, the Ansible vault is password based.  Would be kindof yucky to use for this18:46
dolphmEmilienM: it's about 2 lines of python to create a fernet key - drop that in a file and you're done18:47
notmorganayoung: the "general key" and "sync" key doesn't need to be tied to vault18:47
dolphmEmilienM: from cryptography.fernet import Fernet; print(Fernet.generate_key())18:47
notmorganayoung: but i agree, vault would be like trying to use barbican for holding the fernet keys. (but barbican would be worse in this case)18:48
stevemarevery time notmorgan slowly disappears http://i.imgur.com/9rMgh5I.gif18:48
*** ravelar has joined #openstack-keystone18:48
notmorganstevemar: right?18:48
stevemar:)18:48
EmilienMall of this a Friday afternoon18:49
dolphmEmilienM: lbragstad also wrote a long step by step on a full migration w/ encrypted credentials if that helps you any https://gist.github.com/lbragstad/ddfb10f9f9048414d1f781ba006e95d1#file-migration-md18:50
* notmorgan has to write code around rev-events once this next phonecall is done18:50
* dolphm has to step away18:50
EmilienMdolphm: thx18:50
notmorgandolphm: don't step, RUN! :)18:50
notmorgandolphm: hide! :P18:50
*** phalmos has quit IRC18:51
*** adelia has joined #openstack-keystone18:54
*** su_zhang has quit IRC18:57
*** su_zhang has joined #openstack-keystone18:57
*** ravelar has quit IRC18:59
*** su_zhang has quit IRC19:00
EmilienMis it a big deal if I configure credential/key_repository all the time? is there some cases where we should not configure it?19:01
EmilienMie: if I use a specific driver, etc19:01
EmilienMstevemar: ^19:01
stevemarEmilienM: you can configure it if you want19:02
stevemarEmilienM: there's a reasonable default19:02
EmilienMwhat is the default?19:02
*** sdake has quit IRC19:02
EmilienMwell i can fin dit19:02
stevemarEmilienM: https://github.com/openstack/keystone/blob/master/keystone/conf/credential.py#L3919:03
stevemar'/etc/keystone/credential-keys/'19:03
EmilienM/etc/keystone/credential-keys/19:03
rodrigodshttps://review.openstack.org/#/c/365087/119:03
EmilienMok thanks19:03
rodrigodsEmilienM, stevemar ^19:03
rodrigodsok, stepped in the end of the conversation :P19:04
*** ddieterly is now known as ddieterly[away]19:10
*** ChanServ changes topic to "Newton Deadlines: http://releases.openstack.org/newton/schedule.html | Meeting Agenda https://etherpad.openstack.org/p/keystone-weekly-meeting"19:13
-openstackstatus- NOTICE: Gerrit is completing an online re-index, you may encounter slowness until it is complete19:13
samueldmqayoung: the admin role is only global if it's assigned on the admin_project. is that right ?19:17
*** ddieterly[away] is now known as ddieterly19:17
*** Nakato has quit IRC19:17
ayoungEmilienM, samueldmq not yet19:18
*** spzala has joined #openstack-keystone19:18
samueldmqayoung: ok, so it continues to have global privilegies19:18
ayoungsamueldmq, a whole slew of changes need to creep through the variuous projects to kill that pariticular bug19:18
*** Nakato has joined #openstack-keystone19:19
samueldmqayoung: ok. I am reading jamielennox|away and dolphm's spec on more granular roles in the cross-project repo19:19
samueldmqand I had that question, because it assumes that admin is still global (and it is correct)19:20
*** spzala has quit IRC19:23
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508719:24
*** spzala has joined #openstack-keystone19:29
topoldolphm you around?19:30
topolk try that19:31
topoldstanek, you  around?19:31
*** su_zhang has joined #openstack-keystone19:31
dstanektopol: maybe, what's up?19:33
*** spzala has quit IRC19:34
topoldstanek, So Im leading a workgroup that's focused on driving the OpenStack Interoperability Challenge https://wiki.openstack.org/wiki/Interop_Challenge19:35
*** ddieterly is now known as ddieterly[away]19:35
*** spzala has joined #openstack-keystone19:36
topoldstanek, we have some agreed to workloads. We have them running on BlueBox.  We wanted to test on RAX public cloud. Anyway to get me a free account for testing purposes/19:36
topol?19:36
dstanektopol: maybe i can ask as see who i need to talk to about that19:36
topolK, cool19:36
*** su_zhang has quit IRC19:37
*** markvoelker has quit IRC19:37
topoldstanek Egle Sigler would be aware of this effort if that helps19:38
topoldstaenk otherwise I pull out my credit card.  but that would take away from my budget of buying you drinks in Barcelona :-)19:38
topoldstanek ^19:38
dstaneklol19:38
*** roxanaghe has joined #openstack-keystone19:39
*** ddieterly[away] is now known as ddieterly19:39
*** ezpz has quit IRC19:40
*** spzala has quit IRC19:40
*** links has joined #openstack-keystone19:43
dstanektopol: email initiated. i'll let you know what i find out.19:47
*** chrisshattuck has quit IRC19:47
*** chrisshattuck has joined #openstack-keystone19:49
*** su_zhang has joined #openstack-keystone19:50
topoldstanek, cool thanks.  I'll remind my wallet of your help in Barcelona :-)19:50
*** ddieterly is now known as ddieterly[away]19:51
*** links has quit IRC19:55
*** spzala has joined #openstack-keystone19:56
*** su_zhang has quit IRC19:56
*** gyee has joined #openstack-keystone19:56
*** openstackgerrit has quit IRC20:04
*** openstackgerrit has joined #openstack-keystone20:04
*** tqtran has quit IRC20:07
*** spzala has quit IRC20:10
*** spzala has joined #openstack-keystone20:14
*** ddieterly[away] is now known as ddieterly20:14
*** su_zhang has joined #openstack-keystone20:14
*** roxanaghe has quit IRC20:15
*** spzala has quit IRC20:18
*** spedione is now known as spedione|AWAY20:20
*** BjoernT has quit IRC20:20
*** tonytan_brb has quit IRC20:42
*** rreimberg has quit IRC20:42
*** markvoelker has joined #openstack-keystone20:47
*** erhudy has quit IRC20:52
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508720:54
*** tqtran has joined #openstack-keystone20:54
*** ddieterly is now known as ddieterly[away]20:58
*** browne has quit IRC21:00
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508721:06
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508721:08
*** su_zhang has quit IRC21:11
*** roxanaghe has joined #openstack-keystone21:11
*** raildo has quit IRC21:11
*** ayoung has quit IRC21:13
*** su_zhang has joined #openstack-keystone21:14
*** gyee has quit IRC21:16
*** pauloewerton has quit IRC21:17
openstackgerritMerged openstack/python-keystoneclient: Update reno for stable/newton  https://review.openstack.org/36494421:18
*** sdake has joined #openstack-keystone21:19
*** adelia has quit IRC21:21
*** chrisshattuck has quit IRC21:23
*** roxanaghe has quit IRC21:28
*** roxanaghe has joined #openstack-keystone21:30
*** chrisshattuck has joined #openstack-keystone21:31
*** chrisshattuck has quit IRC21:31
*** gyee has joined #openstack-keystone21:32
*** chrisshattuck has joined #openstack-keystone21:32
*** chrisshattuck has quit IRC21:36
*** browne has joined #openstack-keystone21:36
*** chrisshattuck has joined #openstack-keystone21:37
*** roxanaghe has quit IRC21:37
*** chrisshattuck has quit IRC21:38
openstackgerritMerged openstack/keystone: Few new commands missing from docs  https://review.openstack.org/36502221:39
*** roxanaghe has joined #openstack-keystone21:40
*** ianw has quit IRC21:40
*** chrisshattuck has joined #openstack-keystone21:41
*** chrisshattuck has quit IRC21:42
*** tonytan4ever has joined #openstack-keystone21:42
*** chrisshattuck has joined #openstack-keystone21:43
*** woodburn has quit IRC21:44
*** woodburn has joined #openstack-keystone21:44
*** chrisshattuck has quit IRC21:45
*** chrisshattuck has joined #openstack-keystone21:47
*** tonytan4ever has quit IRC21:48
*** chrisshattuck has quit IRC21:48
*** chrisshattuck has joined #openstack-keystone21:52
*** chrisshattuck has quit IRC21:53
*** jefrite has quit IRC21:58
*** ddieterly[away] has quit IRC21:58
bretonbrowne: thanks, i will22:04
*** ianw has joined #openstack-keystone22:11
*** david-lyle has quit IRC22:15
*** browne has quit IRC22:16
*** jefrite has joined #openstack-keystone22:16
*** david-lyle has joined #openstack-keystone22:17
*** su_zhang has quit IRC22:26
*** ddieterly has joined #openstack-keystone22:32
*** ddieterly has quit IRC22:36
openstackgerritayoung proposed openstack/keystone: No Op provider for credential encryption  https://review.openstack.org/36508722:38
*** markvoelker has quit IRC22:47
*** ayoung has joined #openstack-keystone22:48
*** ChanServ sets mode: +v ayoung22:48
*** fangxu has joined #openstack-keystone22:53
*** asettle has joined #openstack-keystone23:05
*** fangxu has quit IRC23:05
*** esp has quit IRC23:05
*** esp has joined #openstack-keystone23:06
*** asettle has quit IRC23:10
*** esp has quit IRC23:10
*** openstackgerrit has quit IRC23:18
*** openstackgerrit has joined #openstack-keystone23:18
*** spzala has joined #openstack-keystone23:19
*** spzala has quit IRC23:23
*** spzala has joined #openstack-keystone23:34
*** tqtran has quit IRC23:41
*** spzala has quit IRC23:44
*** asettle has joined #openstack-keystone23:46
*** su_zhang has joined #openstack-keystone23:48
*** su_zhang has quit IRC23:48
*** su_zhang has joined #openstack-keystone23:49
*** su_zhang has quit IRC23:53
« Thursday, 2016-09-01 Index Saturday, 2016-09-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!