Monday, 2016-09-19

« Sunday, 2016-09-18 Index Tuesday, 2016-09-20 »
*** itsuugo has quit IRC00:25
*** itsuugo has joined #openstack-keystone00:25
*** sdake has quit IRC00:28
*** spzala has joined #openstack-keystone00:28
*** itsuugo has quit IRC00:30
*** itsuugo has joined #openstack-keystone00:32
*** spzala has quit IRC00:33
*** itsuugo has quit IRC00:42
*** itsuugo has joined #openstack-keystone00:42
*** itsuugo has quit IRC00:49
*** itsuugo has joined #openstack-keystone00:50
*** itsuugo has quit IRC00:55
*** itsuugo has joined #openstack-keystone00:56
*** itsuugo has quit IRC01:10
*** itsuugo has joined #openstack-keystone01:11
*** itsuugo has quit IRC01:16
*** itsuugo has joined #openstack-keystone01:16
*** guoshan has joined #openstack-keystone01:18
*** tonytan_brb has joined #openstack-keystone01:19
*** itsuugo has quit IRC01:21
*** tonytan4ever has quit IRC01:21
*** itsuugo has joined #openstack-keystone01:22
*** itsuugo has quit IRC01:27
*** david-lyle has joined #openstack-keystone01:27
*** itsuugo has joined #openstack-keystone01:28
*** EinstCrazy has joined #openstack-keystone01:31
*** davechen has joined #openstack-keystone01:31
*** david-lyle has quit IRC01:31
*** itsuugo has quit IRC01:33
*** itsuugo has joined #openstack-keystone01:34
openstackgerritJamie Lennox proposed openstack/keystone: Add is_admin_project to policy dict  https://review.openstack.org/37185601:35
*** itsuugo has quit IRC01:42
*** itsuugo has joined #openstack-keystone01:43
*** zhangjl has joined #openstack-keystone01:43
*** itsuugo has quit IRC01:51
*** itsuugo has joined #openstack-keystone01:51
*** itsuugo has quit IRC01:56
*** itsuugo has joined #openstack-keystone01:57
*** itsuugo has quit IRC02:07
*** itsuugo has joined #openstack-keystone02:08
*** guoshan has quit IRC02:11
*** guoshan has joined #openstack-keystone02:11
*** namnh has joined #openstack-keystone02:11
openstackgerritHa Van Tu proposed openstack/keystone: Refactor Keystone admin-endpoint API  https://review.openstack.org/36980802:15
*** itsuugo has quit IRC02:15
*** itsuugo has joined #openstack-keystone02:17
openstackgerritHa Van Tu proposed openstack/keystone: Refactor Keystone admin-tokens and admin-users v2  https://review.openstack.org/36988302:17
openstackgerritHa Van Tu proposed openstack/keystone: Refactor Keystone admin-tenant API v2  https://review.openstack.org/36984902:17
*** roxanaghe has joined #openstack-keystone02:19
*** itsuugo has quit IRC02:22
*** itsuugo has joined #openstack-keystone02:22
*** nkinder has joined #openstack-keystone02:28
*** itsuugo has quit IRC02:34
*** itsuugo has joined #openstack-keystone02:36
*** itsuugo has quit IRC02:41
*** itsuugo has joined #openstack-keystone02:42
*** itsuugo has quit IRC02:46
*** itsuugo has joined #openstack-keystone02:47
*** itsuugo has quit IRC02:52
*** itsuugo has joined #openstack-keystone02:53
*** itsuugo has quit IRC02:58
*** itsuugo has joined #openstack-keystone02:59
namnhHi everyone. In newton, I see that Keystone supported database migration without downtime and there are three pharses: expand_repo, data_migration_repo, contract_repo. But I don't find options for those phases, so do you know the options?03:03
*** itsuugo has quit IRC03:04
*** itsuugo has joined #openstack-keystone03:05
*** EinstCrazy has quit IRC03:06
*** EinstCrazy has joined #openstack-keystone03:07
*** itsuugo has quit IRC03:09
*** itsuugo has joined #openstack-keystone03:10
*** chrisshattuck has joined #openstack-keystone03:11
*** chrisshattuck has quit IRC03:13
*** chrisshattuck has joined #openstack-keystone03:17
*** itsuugo has quit IRC03:22
*** itsuugo has joined #openstack-keystone03:22
*** adrian_otto has joined #openstack-keystone03:23
*** markvoelker has joined #openstack-keystone03:25
*** adrian_otto has quit IRC03:27
*** itsuugo has quit IRC03:27
*** itsuugo has joined #openstack-keystone03:28
*** itsuugo has quit IRC03:33
*** itsuugo has joined #openstack-keystone03:35
stevemarnamnh: the options and process for upgrading without downtime can be seen here: http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-without-downtime03:37
stevemarnamnh: keystone-manage db_sync --expand, keystone-manage db_sync --migrate, and keystone-manage db_sync --contract03:37
*** itsuugo has quit IRC03:39
*** itsuugo has joined #openstack-keystone03:41
*** nkinder has quit IRC03:45
namnhstevemar, thanks for your answer. As your link. currenlty, I can upgrade Keystone without *downtime* if I have multiple keystone service running active-active ?03:45
namnhstevemar, is that right?03:46
stevemarnamnh: thats the intention with newton, yes03:46
*** itsuugo has quit IRC03:47
namnhstevemar, Oh that is good news for me. thanks for your time. :)03:48
*** itsuugo has joined #openstack-keystone03:49
*** itsuugo has quit IRC03:54
*** itsuugo has joined #openstack-keystone03:55
*** adrian_otto has joined #openstack-keystone03:55
*** itsuugo has quit IRC04:00
*** itsuugo has joined #openstack-keystone04:01
*** michauds has joined #openstack-keystone04:04
*** chrisshattuck has quit IRC04:04
*** itsuugo has quit IRC04:06
*** guoshan has quit IRC04:06
*** itsuugo has joined #openstack-keystone04:07
*** itsuugo has quit IRC04:12
*** itsuugo has joined #openstack-keystone04:13
*** itsuugo has quit IRC04:17
*** itsuugo has joined #openstack-keystone04:19
*** itsuugo has quit IRC04:23
*** itsuugo has joined #openstack-keystone04:25
*** adrian_otto has quit IRC04:28
*** itsuugo has quit IRC04:30
*** itsuugo has joined #openstack-keystone04:31
*** michauds has quit IRC04:40
*** itsuugo has quit IRC04:41
*** itsuugo has joined #openstack-keystone04:42
*** chrisshattuck has joined #openstack-keystone04:43
*** itsuugo has quit IRC04:47
*** chrisshattuck has quit IRC04:48
*** chrisshattuck has joined #openstack-keystone04:49
*** itsuugo has joined #openstack-keystone04:49
*** chrisshattuck has quit IRC04:52
*** chrisshattuck has joined #openstack-keystone04:52
*** itsuugo has quit IRC04:54
*** itsuugo has joined #openstack-keystone04:55
*** itsuugo has quit IRC05:00
*** itsuugo has joined #openstack-keystone05:02
*** pcaruana has quit IRC05:05
*** itsuugo has quit IRC05:07
*** guoshan has joined #openstack-keystone05:07
*** itsuugo has joined #openstack-keystone05:08
*** adrian_otto has joined #openstack-keystone05:11
*** jaosorior has joined #openstack-keystone05:11
*** itsuugo has quit IRC05:12
*** itsuugo has joined #openstack-keystone05:13
*** itsuugo has quit IRC05:18
*** chrisshattuck has quit IRC05:19
*** itsuugo has joined #openstack-keystone05:19
*** itsuugo has quit IRC05:27
*** itsuugo has joined #openstack-keystone05:27
*** itsuugo has quit IRC05:32
*** itsuugo has joined #openstack-keystone05:33
*** itsuugo has quit IRC05:38
*** itsuugo has joined #openstack-keystone05:38
*** roxanaghe has quit IRC05:39
*** richm has quit IRC05:39
*** itsuugo has quit IRC05:43
*** chrisshattuck has joined #openstack-keystone05:44
*** itsuugo has joined #openstack-keystone05:45
*** itsuugo has quit IRC05:50
*** itsuugo has joined #openstack-keystone05:51
*** tonytan_brb has quit IRC05:52
zhangjlhey all05:54
zhangjli have some problems when setting keystone federation05:55
zhangjlis there anyone can help me?05:55
*** itsuugo has quit IRC05:58
*** chrisshattuck has quit IRC05:58
*** chrissha_ has joined #openstack-keystone05:59
*** itsuugo has joined #openstack-keystone05:59
*** rcernin has joined #openstack-keystone06:03
*** GB21 has joined #openstack-keystone06:03
*** itsuugo has quit IRC06:10
*** itsuugo has joined #openstack-keystone06:11
*** itsuugo has quit IRC06:16
*** itsuugo has joined #openstack-keystone06:16
*** pcaruana has joined #openstack-keystone06:17
*** itsuugo has quit IRC06:21
*** itsuugo has joined #openstack-keystone06:23
*** guoshan_ has joined #openstack-keystone06:28
*** guoshan has quit IRC06:29
*** EinstCrazy has quit IRC06:29
*** EinstCrazy has joined #openstack-keystone06:32
*** itsuugo has quit IRC06:38
*** adriant has quit IRC06:38
*** itsuugo has joined #openstack-keystone06:38
openstackgerritHa Van Tu proposed openstack/keystone: Fix prameters names in Keystone API v2-ext  https://review.openstack.org/36861806:39
*** itsuugo has quit IRC06:43
*** itsuugo has joined #openstack-keystone06:44
openstackgerritHa Van Tu proposed openstack/keystone: Fix prameters names in Keystone API v2-ext  https://review.openstack.org/36861806:49
*** itsuugo has quit IRC06:49
*** itsuugo has joined #openstack-keystone06:49
*** itsuugo has quit IRC06:54
*** itsuugo has joined #openstack-keystone06:55
*** itsuugo has quit IRC07:00
*** itsuugo has joined #openstack-keystone07:01
*** EinstCrazy has quit IRC07:05
*** itsuugo has quit IRC07:06
*** itsuugo has joined #openstack-keystone07:08
*** EinstCrazy has joined #openstack-keystone07:09
*** pnavarro has joined #openstack-keystone07:13
*** itsuugo has quit IRC07:19
*** zouyapeng has joined #openstack-keystone07:20
*** itsuugo has joined #openstack-keystone07:20
*** itsuugo has quit IRC07:30
*** itsuugo has joined #openstack-keystone07:31
*** code-R has joined #openstack-keystone07:32
*** tonytan4ever has joined #openstack-keystone07:46
*** tonytan4ever has quit IRC07:51
*** amoralej|off is now known as amoralej07:51
*** amitkqed has quit IRC07:53
*** amitkqed has joined #openstack-keystone07:54
*** itsuugo has quit IRC07:58
*** jpena|off is now known as jpena07:59
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** itsuugo has joined #openstack-keystone08:00
*** hugokuo has quit IRC08:13
*** rdo_ has quit IRC08:13
*** hugokuo has joined #openstack-keystone08:14
*** rdo_ has joined #openstack-keystone08:14
openstackgerritDave Chen proposed openstack/keystone: Handle the exception from creating request token properly  https://review.openstack.org/36108708:20
openstackgerritDave Chen proposed openstack/keystone: Handle the exception from creating access token properly  https://review.openstack.org/35979508:20
*** asettle has joined #openstack-keystone08:34
*** code-R has quit IRC08:39
*** itsuugo has quit IRC09:02
*** itsuugo has joined #openstack-keystone09:04
*** code-R has joined #openstack-keystone09:17
*** code-R_ has joined #openstack-keystone09:21
*** code-R has quit IRC09:24
*** adrian_otto has quit IRC09:25
*** itsuugo has quit IRC09:27
*** itsuugo has joined #openstack-keystone09:28
*** itsuugo has quit IRC09:40
*** itsuugo has joined #openstack-keystone09:42
*** davechen has left #openstack-keystone09:42
*** itsuugo has quit IRC09:47
*** tonytan4ever has joined #openstack-keystone09:47
*** itsuugo has joined #openstack-keystone09:48
openstackgerritAlexander Makarov proposed openstack/keystone: Unified delegation model  https://review.openstack.org/20848809:50
*** tonytan4ever has quit IRC09:52
*** lamt has quit IRC09:55
*** AlexOughton has quit IRC09:55
*** hoonetorg has quit IRC09:56
*** hoonetorg has joined #openstack-keystone09:57
*** andreykurilin has quit IRC09:58
*** andreykurilin has joined #openstack-keystone09:58
*** andreykurilin has left #openstack-keystone09:59
*** AlexOughton has joined #openstack-keystone10:00
*** mvk has quit IRC10:02
*** richm has joined #openstack-keystone10:10
*** itsuugo has quit IRC10:16
*** itsuugo has joined #openstack-keystone10:18
*** andreykurilin has joined #openstack-keystone10:19
*** itsuugo has quit IRC10:22
*** itsuugo has joined #openstack-keystone10:23
*** guoshan_ has quit IRC10:24
*** openstackstatus has quit IRC10:28
*** zhangjl has left #openstack-keystone10:32
*** itsuugo has quit IRC10:37
*** itsuugo has joined #openstack-keystone10:38
*** EinstCrazy has quit IRC10:38
*** mvk has joined #openstack-keystone10:39
*** nicolasbock has joined #openstack-keystone10:42
*** itsuugo has quit IRC10:44
*** itsuugo has joined #openstack-keystone10:46
*** guoshan has joined #openstack-keystone10:46
*** guoshan has quit IRC10:47
*** dikonoor has joined #openstack-keystone10:54
*** itsuugo has quit IRC10:57
*** itsuugo has joined #openstack-keystone10:58
*** ntpttr_ has quit IRC11:00
*** yarkot1 has quit IRC11:00
*** ntpttr_ has joined #openstack-keystone11:02
*** ntpttr_ has quit IRC11:02
*** itsuugo has quit IRC11:02
*** itsuugo has joined #openstack-keystone11:03
*** ntpttr_ has joined #openstack-keystone11:04
*** jlopezgu has quit IRC11:04
*** yarkot has quit IRC11:04
*** _sigmavirus24 is now known as sigmavirus11:06
*** sigmavirus has joined #openstack-keystone11:06
*** jplopezgu_ has joined #openstack-keystone11:06
*** itsuugo has quit IRC11:13
*** itsuugo has joined #openstack-keystone11:15
*** yarkot has joined #openstack-keystone11:20
*** itsuugo has quit IRC11:20
*** yarkot1 has joined #openstack-keystone11:20
*** itsuugo has joined #openstack-keystone11:21
*** namnh has quit IRC11:22
*** hoonetorg has quit IRC11:23
*** itsuugo has quit IRC11:26
*** itsuugo has joined #openstack-keystone11:28
*** itsuugo has quit IRC11:32
*** itsuugo has joined #openstack-keystone11:33
*** itsuugo has quit IRC11:38
*** jpena is now known as jpena|lunch11:38
*** itsuugo has joined #openstack-keystone11:39
*** tonytan4ever has joined #openstack-keystone11:48
*** sdake has joined #openstack-keystone11:49
*** markvoelker has quit IRC11:51
*** tonytan4ever has quit IRC11:52
stevemarmorning11:53
*** hoonetorg has joined #openstack-keystone11:56
HenryGHi, I have a bunch of questions about Neutron API documentation now that Neutron has drunk the Keystone V3 koolaid.11:57
*** hoonetorg has quit IRC11:57
*** hoonetorg has joined #openstack-keystone11:58
openstackgerritAlexander Makarov proposed openstack/keystone: WIP/DNM Verbose 401/403 debug responses  https://review.openstack.org/37243312:01
HenryGFirst... http://developer.openstack.org/api-ref/networking/v2/#authentication-and-authorization12:02
*** amoralej is now known as amoralej|lunch12:03
HenryGIs that ^^ OK once I replace tenant with project?12:03
*** porunov has joined #openstack-keystone12:03
*** porunov has left #openstack-keystone12:05
*** rodrigods has quit IRC12:06
*** rodrigods has joined #openstack-keystone12:06
*** GB21 has quit IRC12:07
HenryGSecond... http://developer.openstack.org/api-ref/networking/v2/?expanded=list-floating-ips-detail#floating-ips-floatingips12:07
HenryGThat ^^ is just one example of a resource.12:07
HenryGCan I reword it to: "Lists floating IPs visible to the user." ?12:08
*** raildo has joined #openstack-keystone12:08
HenryGAnd, "Default policy settings return only the floating IPs owned by the user's project, unless the user has admin role." ?12:09
*** sdake has quit IRC12:13
*** sdake has joined #openstack-keystone12:14
*** nkinder has joined #openstack-keystone12:17
*** guoshan has joined #openstack-keystone12:19
*** markvoelker has joined #openstack-keystone12:22
*** nk2527 has joined #openstack-keystone12:23
*** GB21 has joined #openstack-keystone12:23
*** ayoung has joined #openstack-keystone12:28
*** ChanServ sets mode: +v ayoung12:28
*** GB21 has quit IRC12:29
*** pauloewerton has joined #openstack-keystone12:30
*** david-lyle has joined #openstack-keystone12:38
*** edmondsw has joined #openstack-keystone12:40
*** GB21 has joined #openstack-keystone12:41
*** david-lyle has quit IRC12:43
*** jpena|lunch is now known as jpena12:45
*** guoshan has quit IRC12:46
*** tonytan4ever has joined #openstack-keystone12:48
*** tonytan4ever has quit IRC12:53
*** guoshan has joined #openstack-keystone12:53
*** itsuugo has quit IRC12:57
*** itsuugo has joined #openstack-keystone12:57
*** itsuugo has quit IRC13:05
*** itsuugo has joined #openstack-keystone13:05
*** asettle has quit IRC13:08
*** LamT_ has joined #openstack-keystone13:08
*** jaosorior has quit IRC13:09
*** asettle has joined #openstack-keystone13:09
*** jaosorior has joined #openstack-keystone13:09
*** guoshan has quit IRC13:14
dstanekgood morning13:19
raildomorning :)13:21
knikollamorning13:24
*** ravelar has joined #openstack-keystone13:26
*** GB21 has quit IRC13:28
*** amoralej|lunch is now known as amoralej13:31
*** tonytan4ever has joined #openstack-keystone13:37
*** iurygregory has joined #openstack-keystone13:45
lbragstado/14:01
*** woodster_ has joined #openstack-keystone14:03
*** spedione|AWAY is now known as spedione14:04
*** ddieterly has joined #openstack-keystone14:09
*** spzala has joined #openstack-keystone14:09
*** gagehugo has joined #openstack-keystone14:12
*** jaugustine has joined #openstack-keystone14:12
*** chrisshattuck has joined #openstack-keystone14:13
*** asettle has quit IRC14:15
*** asettle has joined #openstack-keystone14:16
*** gagehugo has quit IRC14:18
*** gagehugo has joined #openstack-keystone14:27
*** jaugustine has quit IRC14:27
*** acoles has joined #openstack-keystone14:28
acoleshi, could someone clarify the relationship (if any) between the domain with id=default described here https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L934 and the domain with name=default described here http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-users.html ? afaict they are different domains, is that correct?14:32
*** chrisshattuck has quit IRC14:32
*** jaugustine has joined #openstack-keystone14:34
*** openstackgerrit has quit IRC14:37
*** openstackgerrit has joined #openstack-keystone14:37
*** dikonoor has quit IRC14:37
dstanekacoles: i think they are the same. why do you think they are different?14:38
*** adrian_otto has joined #openstack-keystone14:39
knikollaacoles: They are the same. v2 api requests don't have knowledge about domains, the configuration option there tells keystone to direct all v2 api requests to that specific domain (which can be any domain as long as it exists).14:40
*** david-lyle has joined #openstack-keystone14:40
*** itsuugo has quit IRC14:41
*** chrisshattuck has joined #openstack-keystone14:42
*** itsuugo has joined #openstack-keystone14:44
*** david-lyle has quit IRC14:45
acolesdstanek: knikolla: thanks for replies. the install guide shows the domain with name 'default' getting a random UUID for its id, whereas the default_domain_id=default option in keystone.conf is described as defining an ID=default, so the two "default" domains seem to have different IDs. but it is confusing.14:46
acolesknikolla: my understanding had been as you say that v2 requests are directed to a default domain with ID=default and name=Default (capitilisation significant)14:47
bknudsonkeystone name lookup ignores capitalization.14:48
acolesbut the install guide (since mitaka) now seems to show a default domain with *name* default and random ID14:48
bknudsonalthough that depends on the backend that you use14:48
bknudsonthe name is Default14:48
bknudsonthat's what gets created by the migration14:49
bknudsonbut if you use name=default that should work.14:49
*** adrian_otto has quit IRC14:52
acolesI'm also reading http://docs.openstack.org/developer/keystone/services.html#the-default-domain which describes the default domain as I understood it, but the mitaka install guide confused me. If keystone has a domain with id=default and name=Default created by keystone-manage db_sync, and names are case-insensitive, then how does it work to create a domain named "default" as described here http://docs.openstack.org/mit14:54
acolesaka/install-guide-ubuntu/keystone-users.html ?14:54
*** adrian_otto has joined #openstack-keystone14:57
bknudsonI'd have to try it to see if it works to create a domain with name=default. it should fail.14:59
acolesbknudson: ok, that's interesting. btw I am asking because I am trying to resolve https://bugs.launchpad.net/swift/+bug/1604674 which arises because of the change in the install guide from libery to mitaka afaict.15:04
openstackLaunchpad bug 1604674 in OpenStack Object Storage (swift) "Doc error in Auth Overview for specifying keystone domain " [Undecided,New]15:04
*** itsuugo has quit IRC15:07
*** pcaruana has quit IRC15:07
*** itsuugo has joined #openstack-keystone15:09
*** gagehugo has quit IRC15:12
*** jaugustine has quit IRC15:14
openstackgerritRichard Avelar proposed openstack/keystone: Reduce revoke events for disabled domains/projects  https://review.openstack.org/37116515:17
*** rvba has quit IRC15:17
*** jaugustine has joined #openstack-keystone15:18
*** rvba has joined #openstack-keystone15:21
*** rvba has quit IRC15:21
*** rvba has joined #openstack-keystone15:21
*** roxanaghe has joined #openstack-keystone15:24
*** Marcellin__ has joined #openstack-keystone15:28
*** rcernin has quit IRC15:30
*** david-lyle has joined #openstack-keystone15:32
*** jaugustine has quit IRC15:34
*** rvba has quit IRC15:35
*** roxanaghe has quit IRC15:36
*** rvba has joined #openstack-keystone15:38
*** rvba has quit IRC15:38
*** rvba has joined #openstack-keystone15:38
*** slberger has joined #openstack-keystone15:38
*** gagehugo has joined #openstack-keystone15:41
*** dikonoor has joined #openstack-keystone15:44
*** roxanaghe has joined #openstack-keystone15:49
*** ddieterly is now known as ddieterly[away]15:50
*** ddieterly[away] is now known as ddieterly15:55
rodrigodsrderose, ping... re: PCI-DSS15:57
rodrigodsrderose, all the rules described at https://specs.openstack.org/openstack/keystone-specs/specs/keystone/newton/pci-dss.html landed?15:57
*** dikonoor has quit IRC15:57
*** gyee has joined #openstack-keystone15:57
*** adrian_otto has quit IRC15:57
*** adrian_otto has joined #openstack-keystone15:59
*** GB21 has joined #openstack-keystone16:28
stevemarrodrigods: yes, all those rules should have landed16:36
rodrigodsstevemar, cool, thx - planning to write functional tests for it16:36
stevemarrodrigods: ohh nice16:38
*** rvba has quit IRC16:38
*** rvba has joined #openstack-keystone16:42
*** rvba has quit IRC16:42
*** rvba has joined #openstack-keystone16:42
*** rcernin has joined #openstack-keystone16:51
*** adrian_otto has quit IRC16:52
*** slberger has quit IRC16:52
*** mvk has quit IRC16:55
*** spzala has quit IRC16:56
*** yarkot1 has quit IRC16:57
*** ntpttr_ has quit IRC16:57
*** spzala has joined #openstack-keystone16:57
stevemardstanek: ping?16:59
stevemaror maybe dolphm?16:59
*** ntpttr_ has joined #openstack-keystone17:00
*** ntpttr_ has quit IRC17:00
ayoungstevemar, I want to add to keystone-manage the ability to import and export keys for fernet rotation, especially to import, based on some encrypted transport package17:01
stevemarayoung: where will the keys live?17:01
*** spzala has quit IRC17:02
dstanekstevemar: pongish (lunching right now). what's up?17:02
dolphmstevemar: o/17:02
*** ntpttr is now known as ntpttr_17:03
*** ntpttr_ is now known as ntpttr17:03
ayoungstevemar, that is what I am trying to think through.  THe idea is that a content management system needs to publish them such that the keystone node can grab them, but only a registered keystone node should be able to read them17:03
*** GB21 has quit IRC17:03
*** ntpttr is now known as ntpttr_away17:04
ayoungstevemar, if we use the PKI setup part of keystone to set a keypair, I could encrypt the fernet keys with the public key, send it to the node, and decrypt it with the private key17:04
*** ntpttr_away is now known as ntpttr17:04
*** slberger has joined #openstack-keystone17:05
*** ntpttr is now known as ntpttr_wfh17:05
stevemardolphm: i need a history lesson, and i think we may have wedged ourselves17:05
ayoungsame approach could be used for the credential keys17:05
stevemarayoung: back in a minte17:05
*** ddieterly is now known as ddieterly[away]17:05
*** ntpttr_wfh is now known as ntpttr17:05
stevemardolphm: so https://review.openstack.org/#/q/Id5c607a777afb6565d66a336028eba796e3846b2,n,z the patch for master merged17:05
dstanekstevemar: is this about my placeholder question?17:06
stevemardstanek: yep17:06
dolphmwe didn't create placeholders in master?17:07
stevemardolphm: dstanek we normally add placeholder migrations right after stable is created17:07
stevemardolphm: we did not17:07
dolphmyeah...17:07
stevemarso backporting... ick17:07
dolphmstevemar: but, we haven't landed any *other* migrations to master before this one that will not be backported, right?17:07
stevemardolphm: right17:08
dolphmin other words, it's migration 4 in both branches17:08
stevemardolphm: right now, master is at 4 and stable/newton is at 3, with the patch it'll be at 417:08
stevemari think it's OK since we haven't RC'ed yet17:08
stevemari mean released yet17:08
dolphmold stable/newton deploys will do a 3->4 migration, new stable/newton deploys will run 1->4, and master deploys will run 1->4. all is well17:08
dolphmstevemar: so, let's create placeholders before we accidentally land a migration to master, in case we need to backport a migration later17:09
dolphmstevemar: they can go in after this patch, though17:09
stevemaryep, i'll get on that17:09
*** chrisshattuck has quit IRC17:09
stevemardolphm: i was pretty sure we were okay, i had a minor heart attack on friday when i realized it17:09
dolphmstevemar: lol ++17:10
stevemardolphm: okay, review the stable/newton patch if you can17:11
stevemardolphm: yeah, the placeholders went into rc1 last time, https://github.com/openstack/keystone/commit/b4e8584cb300535665259a59bf7bdf81b5d66f9417:12
dolphmstevemar: +A'd17:13
dolphmstevemar: what do you mean they went into RC1?17:14
stevemardolphm: last release17:14
stevemarno wit17:14
stevemarwait17:14
dolphmstevemar: they should go into master17:14
stevemargah17:15
dolphmstevemar: after stable/* is cut, so RC1 time17:15
stevemari'm having an off day17:15
*** chrisshattuck has joined #openstack-keystone17:15
stevemardolphm: i should clearly just give up on today17:15
*** asettle has quit IRC17:16
openstackgerritSteve Martinelli proposed openstack/keystone: add placeholder migrations for newton  https://review.openstack.org/37263917:18
stevemardolphm: dstanek ^17:18
*** asettle has joined #openstack-keystone17:22
*** browne has joined #openstack-keystone17:30
*** harlowja has joined #openstack-keystone17:30
rderoserodrigods: hi17:31
rderoserodrigods: everything's been done except: PCI-DSS 8.3: Incorporate two-factor authentication17:31
*** adrian_otto has joined #openstack-keystone17:35
*** esp has joined #openstack-keystone17:35
*** lamt has joined #openstack-keystone17:36
*** tqtran has joined #openstack-keystone17:36
*** jaosorior has quit IRC17:36
*** jpena is now known as jpena|off17:37
dstanekrderose: that's pretty close in keystone, but we also punt that to a real idp17:37
*** GB21 has joined #openstack-keystone17:37
rderosedstanek: yeah, that's true17:37
lbragstadhas anyone here had issues with keystone.tests.unit.test_backend_sql where you write something to the backend but you can't list it or show it later?17:38
lbragstadactually - keystone.tests.unit.test_backend_kvs seems to be doing the same thing17:38
rderoselbragstad: can't list it or show it later?17:39
rderosewhat do you mean?17:40
lbragstadrderose right - like if i create a user in keystone.tests.unit.test_backend_sql.SqlTokenCacheInvalidationWithPKI.test_delete_scoped_token_by_id i can't seem to get that user using the identity_api later17:40
lbragstadit's really strange - because I can validate that the user was actually created in the identity driver17:40
rderoseoh, hmm...17:41
lbragstadjust wondering if anyone else has seen the behavior before?17:41
stevemarlbragstad: dstanek can we this merged: https://review.openstack.org/#/c/372639/ :)17:41
*** asettle has quit IRC17:43
lbragstadstevemar left a comment -17:43
lbragstadwe shouldn't need placeholders for the legacy repository for any reason, should we?17:43
lbragstadany backported fixes will have to use the placeholders for the new migration model17:44
*** mvk has joined #openstack-keystone17:45
*** amoralej is now known as amoralej|off17:46
stevemarlbragstad: correct, legacy repo is closed for business17:46
openstackgerritLance Bragstad proposed openstack/keystone: Ensure all v2.0 tokens are validated the same way  https://review.openstack.org/37265517:47
lbragstadrderose ^ that's an example of where i'm seeing that issue with test_backend_sql17:47
rderoseok17:48
*** code-R_ has quit IRC17:49
*** acoles is now known as acoles_17:50
lbragstaddstanek here is the v2.0 follow on patch - https://review.openstack.org/#/c/372655/17:50
*** gagehugo has quit IRC17:52
*** itsuugo has quit IRC17:56
*** itsuugo has joined #openstack-keystone17:57
*** ddieterly[away] is now known as ddieterly17:57
notmorgandon't forget to vote y'all18:06
notmorganfor the PTL.18:06
*** itsuugo has quit IRC18:06
*** itsuugo has joined #openstack-keystone18:07
*** GB21 has quit IRC18:07
*** jaugustine has joined #openstack-keystone18:14
notmorganayoung: ... It's a Dropkick Murphys kind of day.18:14
*** lamt has quit IRC18:20
*** sdake_ has joined #openstack-keystone18:23
stevemarnotmorgan: TIL what a dropkick murphy is18:24
notmorganstevemar: irish punkrock from MA18:25
*** sdake has quit IRC18:25
notmorgani could do bosstones today, but i think punkrock feels more appropriate on a pirate-speaking day.18:26
ayoungnotmorgan, I can accept that18:28
notmorganayoung: hows the weather in MA?18:29
ayoungRainy and depressing.  But we need the rain18:29
*** jaugustine has quit IRC18:29
ayounghttps://www.youtube.com/watch?v=x-64CaD8GXw18:29
notmorganayoung: so... starting to feel like the start of autumn?18:29
ayoungnotmorgan, the wonderful thing about Mass is we get all four seasons.  Sometimes in the same day.18:29
notmorganayoung: hehe. we're def getting a solid "into autumn" in PDX18:30
ayoungnotmorgan, slightest touch of color in the trees here. My folks are about 100 Miles north and they are in full folliage mode. Note quite peak yet18:31
notmorganayoung: nice.18:31
notmorganayoung: yeah it's going to become amazing soon.18:31
*** LamT_ has quit IRC18:31
*** jaosorior has joined #openstack-keystone18:36
*** gagehugo has joined #openstack-keystone18:37
*** ddieterly is now known as ddieterly[away]18:38
*** asettle has joined #openstack-keystone18:43
*** jaosorior has quit IRC18:44
*** tonytan4ever has quit IRC18:45
*** jlk has quit IRC18:46
*** jlk has joined #openstack-keystone18:46
*** asettle has quit IRC18:49
stevemarayoung: im surprised you havent replied to http://lists.openstack.org/pipermail/openstack-dev/2016-September/103898.html18:51
*** ddieterly[away] is now known as ddieterly18:52
*** ddieterly has quit IRC18:57
*** spzala has joined #openstack-keystone18:59
openstackgerritMerged openstack/keystone-specs: Revert spec change for Microversions  https://review.openstack.org/36616319:00
*** lamt has joined #openstack-keystone19:01
*** itsuugo has quit IRC19:09
*** itsuugo has joined #openstack-keystone19:11
stevemardstanek: i think mfisch is busy and doesn't have time to look at the caching fix :(19:13
mfischwhich one19:14
mfischI tested crinkle's19:14
mfischnext was testing the M->N upgrade19:14
dstanekmfisch: the invalidation fix that was just ported to mitaka19:23
*** itsuugo has quit IRC19:24
dstanekmfisch: https://review.openstack.org/#/c/369618/19:24
*** itsuugo has joined #openstack-keystone19:25
*** jaugustine has joined #openstack-keystone19:30
mfischdstanek: sorry im not familar with this one, is this the one Eric Brown found?19:36
*** itsuugo has quit IRC19:37
*** itsuugo has joined #openstack-keystone19:38
brownemfisch: yes, that's the patch that's supposed to help our caching woes.  I haven't tried it myself yet19:40
mfischok19:40
mfischtbh dstanek its way easier to pull it in when it lands so I can test in a real env19:41
mfischI could pull it and re-enable cache19:41
*** tonytan4ever has joined #openstack-keystone19:42
*** asettle has joined #openstack-keystone19:45
stevemarmfisch: yes, the one that fixed caching issues19:46
mfischok19:46
mfischthats great to have, whats the risk of merging it19:46
dstaneki think if it's broken we risk it betting into disributions? i don't know how quicly that actually happens19:49
*** sdake has joined #openstack-keystone19:49
mfischits difficult to repro the issue in our virtual env so I'd like to get it into the lab19:50
*** asettle has quit IRC19:50
*** sdake_ has quit IRC19:52
*** gyee has quit IRC19:52
dstanekrodrigods: i don't quite get what you want done in that review19:53
*** gyee has joined #openstack-keystone19:57
*** asettle has joined #openstack-keystone19:59
*** itsuugo has quit IRC19:59
*** itsuugo has joined #openstack-keystone20:00
stevemarmfisch: how can we help get the fix to your lab?20:02
mfischmerge it ;)20:03
*** jaugustine has quit IRC20:03
dstanekmfisch: lol :-)20:04
stevemardolphm: ^ can you punt it through?20:04
stevemari've already +2'ed it20:05
*** chrisshattuck has quit IRC20:15
*** asettle has quit IRC20:19
*** chrisshattuck has joined #openstack-keystone20:21
notmorganstevemar: ALL THE +2's!20:23
*** chrisshattuck has quit IRC20:34
*** edtubill has joined #openstack-keystone20:34
dolphmmfisch: stevemar: dstanek: +A'd20:36
*** asettle has joined #openstack-keystone20:38
mfischthx20:39
*** asettle has quit IRC20:43
*** spzala has quit IRC20:44
*** spzala has joined #openstack-keystone20:45
*** spzala has quit IRC20:49
stevemarthanks dolphm20:49
stevemarmfisch: looking forward to the feedback, i'll be proposing a release of stable/mitaka20:50
*** edmondsw has quit IRC20:52
mfischok20:53
mfischshould know in 1-2 days20:53
stevemarmfisch: coolio20:53
mfischafter it lands that is20:53
stevemarmfisch: you don't need a release, you just need the patch merged?20:54
mfischyep20:54
stevemarmfisch: coolio20:54
stevemarmfisch: i hope this fixes the other issue you noticed20:54
mfischif it lets us re-enable cahing thats a big win20:54
stevemarmfisch: you also saw this one: https://bugs.launchpad.net/keystone/+bug/160039320:56
openstackLaunchpad bug 1600393 in OpenStack Identity (keystone) "v2.0 catalog seen in v3 token" [High,Confirmed]20:56
stevemari think it's related, but others don't20:56
mfischyeah thats why caching is off20:56
stevemarmfisch: i suspect the fix dstanek pointed to, once merged, should fix that bug too20:57
stevemarbut i'll wait til i hear your feedback20:57
bknudsonI never tried to recreate https://bugs.launchpad.net/keystone/+bug/1600393 . I only used v3.20:57
openstackLaunchpad bug 1600393 in OpenStack Identity (keystone) "v2.0 catalog seen in v3 token" [High,Confirmed]20:57
bknudsonfix is to stop using v2.20:57
stevemarbknudson: hehe20:57
dstanekbknudson: ++20:58
stevemarbknudson: oh, while you're around... https://bugs.launchpad.net/keystone/+bug/160039420:58
openstackLaunchpad bug 1600394 in OpenStack Identity (keystone) "memcache raising "too many values to unpack"" [Medium,Confirmed]20:58
stevemardid the uwsgi change fix it for you?20:58
*** chrisshattuck has joined #openstack-keystone20:59
*** spedione is now known as spedione|AWAY20:59
bknudsonstevemar: yes, when I changed the uwsgi setting I didn't see the problems anymore (dev environment)20:59
bknudsonalso changed it in our prod env.21:00
stevemarbknudson: tempted to mark it as fix-released21:00
bknudsonstevemar: I think it's fix released.21:00
*** raildo has quit IRC21:01
*** gagehugo has quit IRC21:02
stevemarbknudson: wfm21:05
*** pauloewerton has quit IRC21:07
*** chrisshattuck has quit IRC21:14
*** ddieterly has joined #openstack-keystone21:14
openstackgerritRichard Avelar proposed openstack/keystone: POC sql query revoked tokens  https://review.openstack.org/35937121:16
*** ddieterly is now known as ddieterly[away]21:20
*** adrian_otto has quit IRC21:22
*** ddieterly[away] is now known as ddieterly21:25
openstackgerritRichard Avelar proposed openstack/keystone: POC sql query revoked tokens  https://review.openstack.org/35937121:28
*** itsuugo has quit IRC21:35
*** chrisshattuck has joined #openstack-keystone21:35
*** nkinder has quit IRC21:36
*** itsuugo has joined #openstack-keystone21:36
*** r-daneel has joined #openstack-keystone21:39
*** ravelar has quit IRC21:43
*** asettle has joined #openstack-keystone21:44
*** asettle has quit IRC21:48
*** ravelar has joined #openstack-keystone21:48
*** ddieterly has quit IRC21:51
*** harlowja has quit IRC21:51
*** mrhillsman has quit IRC21:51
*** Trident has quit IRC21:51
*** Trident has joined #openstack-keystone21:51
*** mrhillsman has joined #openstack-keystone21:51
*** spzala has joined #openstack-keystone21:52
*** chrisshattuck has quit IRC21:52
*** ravelar has quit IRC21:53
*** harlowja has joined #openstack-keystone21:55
ayoungstevemar, he contacted me directly already.  I'm bringing at least one musical instrument to Spain21:59
rodrigodsdstanek, there? was afk22:00
*** adriant has joined #openstack-keystone22:09
*** itsuugo has quit IRC22:09
rodrigodsdstanek, replied there, maybe it is more clear now22:09
*** itsuugo has joined #openstack-keystone22:10
*** lamt has quit IRC22:15
dstanekrodrigods: i know what you want, but i don't understand why22:22
dstanekthe duplication to me is OK because i think it makes the tests clearer22:22
*** iurygregory_ has joined #openstack-keystone22:22
*** rcernin has quit IRC22:27
*** itsuugo has quit IRC22:28
*** itsuugo has joined #openstack-keystone22:29
openstackgerritEric Brown proposed openstack/keystone: Fix for unindent warning in doc build  https://review.openstack.org/37279622:31
*** gagehugo has joined #openstack-keystone22:33
dstanekstevemar: some of those doc changes are terribly hard to review22:35
*** slberger has left #openstack-keystone22:35
*** markvoelker has quit IRC22:36
*** itsuugo has quit IRC22:37
*** itsuugo has joined #openstack-keystone22:37
*** asettle has joined #openstack-keystone22:45
*** itsuugo has quit IRC22:50
*** asettle has quit IRC22:51
*** itsuugo has joined #openstack-keystone22:51
*** edtubill has quit IRC22:56
*** gyee has quit IRC22:56
*** itsuugo has quit IRC23:01
*** itsuugo has joined #openstack-keystone23:01
*** adrian_otto has joined #openstack-keystone23:07
*** chrisshattuck has joined #openstack-keystone23:11
*** chrisshattuck has quit IRC23:11
*** r-daneel has quit IRC23:11
*** itsuugo has quit IRC23:14
*** itsuugo has joined #openstack-keystone23:14
stevemardstanek: yeah, theres a lot of flipping back and forth23:22
*** nicolasbock has quit IRC23:23
stevemardstanek: giving each set of APIs its own yaml file will make it easier i think23:23
*** adriant has quit IRC23:23
*** itsuugo has quit IRC23:33
*** itsuugo has joined #openstack-keystone23:35
openstackgerritJamie Lennox proposed openstack/keystone: Add is_admin_project to policy dict  https://review.openstack.org/37185623:35
*** gyee has joined #openstack-keystone23:36
*** gyee has quit IRC23:41
*** openstackgerrit has quit IRC23:42
*** arunkant has quit IRC23:44
*** arunkant has joined #openstack-keystone23:44
*** openstackgerrit has joined #openstack-keystone23:46
*** asettle has joined #openstack-keystone23:47
*** markvoelker has joined #openstack-keystone23:48
*** asettle has quit IRC23:51
*** openstackgerrit has quit IRC23:51
*** itsuugo has quit IRC23:52
*** itsuugo has joined #openstack-keystone23:53
*** markvoelker has quit IRC23:53
*** hogepodge has quit IRC23:53
*** esmute has joined #openstack-keystone23:54
*** openstackgerrit has joined #openstack-keystone23:54
*** esmute has quit IRC23:55
*** hogepodge has joined #openstack-keystone23:56
« Sunday, 2016-09-18 Index Tuesday, 2016-09-20 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!