Thursday, 2017-02-02

« Wednesday, 2017-02-01 Index Friday, 2017-02-03 »
*** erlon has quit IRC00:00
*** tqtran has quit IRC00:04
*** lucas_ has quit IRC00:05
*** phalmos has quit IRC00:07
*** phalmos has joined #openstack-keystone00:12
*** jaosorior has quit IRC00:27
*** agrebennikov__ has quit IRC00:29
*** thorst_ has joined #openstack-keystone00:41
*** openstackgerrit has quit IRC01:02
*** thorst_ has quit IRC01:05
*** dave-mccowan has quit IRC01:05
*** thorst_ has joined #openstack-keystone01:06
*** thorst_ has quit IRC01:10
*** martinlopes has quit IRC01:15
*** adrian_otto has quit IRC01:16
*** thorst_ has joined #openstack-keystone01:16
*** martinlopes has joined #openstack-keystone01:21
*** gyee has quit IRC01:22
*** thorst_ has quit IRC01:25
*** thorst_ has joined #openstack-keystone01:33
*** jose-phillips has quit IRC01:44
*** thorst_ has joined #openstack-keystone01:53
*** thorst_ has quit IRC01:57
*** thorst_ has joined #openstack-keystone02:29
*** thorst_ has joined #openstack-keystone02:52
*** openstackgerrit has joined #openstack-keystone03:10
openstackgerritGage Hugo proposed openstack/keystone master: WIP Fix multiple uuid warnings with pycadf  https://review.openstack.org/42641103:10
*** thorst_ has joined #openstack-keystone03:13
*** thorst_ has quit IRC03:20
*** thorst_ has joined #openstack-keystone03:55
*** thorst_ has quit IRC03:55
*** nicolasbock has quit IRC04:01
*** lucas_ has joined #openstack-keystone04:02
*** lucas_ has quit IRC04:06
*** lucas_ has joined #openstack-keystone04:09
*** lucas_ has quit IRC04:09
*** stingaci has quit IRC04:09
*** dikonoor has joined #openstack-keystone04:27
*** thorst_ has joined #openstack-keystone05:33
*** thorst_ has quit IRC05:38
*** phalmos has quit IRC05:40
*** martinlopes has quit IRC06:07
*** markvoelker has joined #openstack-keystone06:10
*** markvoelker_ has quit IRC06:12
*** mnaser has quit IRC06:12
*** arunkant has quit IRC06:13
*** arunkant has joined #openstack-keystone06:13
*** adriant has quit IRC06:22
*** mnaser has joined #openstack-keystone06:28
*** clayton has quit IRC06:46
*** ravelar has quit IRC06:58
*** thorst_ has joined #openstack-keystone07:00
*** rcernin has joined #openstack-keystone07:06
*** thorst_ has quit IRC07:06
*** tesseract has joined #openstack-keystone07:16
*** richm has joined #openstack-keystone07:20
*** pcaruana has joined #openstack-keystone07:39
*** pcaruana has quit IRC07:42
*** pcaruana has joined #openstack-keystone07:43
openstackgerritAndreas Jaeger proposed openstack/keystone master: Prepare for using standard python tests  https://review.openstack.org/42786208:04
*** nkinder has joined #openstack-keystone08:09
*** rcernin has quit IRC08:28
*** edmondsw has joined #openstack-keystone08:43
*** edmondsw has quit IRC08:48
*** rcernin has joined #openstack-keystone08:52
*** richm has quit IRC08:55
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:01
*** thorst_ has joined #openstack-keystone09:02
*** thorst_ has quit IRC09:08
*** richm has joined #openstack-keystone09:18
*** jvarlamova_ has quit IRC10:07
*** masterjcool has quit IRC10:12
*** jvarlamova_ has joined #openstack-keystone10:14
*** phalmos has joined #openstack-keystone10:20
*** masterjcool has joined #openstack-keystone10:23
*** erlon has joined #openstack-keystone10:45
*** phalmos has quit IRC10:51
*** phalmos has joined #openstack-keystone10:51
*** thorst_ has joined #openstack-keystone11:04
*** thorst_ has quit IRC11:08
*** nicolasbock has joined #openstack-keystone11:18
*** nkinder has quit IRC11:28
*** pnavarro has joined #openstack-keystone11:32
*** aloga has quit IRC11:35
*** aloga has joined #openstack-keystone11:36
*** catintheroof has joined #openstack-keystone11:47
*** openstackgerrit has quit IRC12:03
*** edmondsw has joined #openstack-keystone12:04
*** clayton has joined #openstack-keystone12:13
*** openstackgerrit has joined #openstack-keystone12:13
openstackgerritAndreas Jaeger proposed openstack/keystone master: Prepare for using standard python tests  https://review.openstack.org/42786212:13
*** dave-mccowan has joined #openstack-keystone12:15
*** thorst_ has joined #openstack-keystone12:33
*** thorst_ has quit IRC12:34
samueldmqmorning keystone12:49
dstanekmorning samueldmq12:50
samueldmqdstanek: o/12:51
*** mvk has quit IRC12:55
*** richm has quit IRC12:57
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone master: Stop reading local config dirs for domain-specific SQL config driver  https://review.openstack.org/42794013:00
*** thorst_ has joined #openstack-keystone13:01
stevemaro/13:13
samueldmqstevemar: howdy13:14
*** richm has joined #openstack-keystone13:17
*** phalmos has quit IRC13:23
*** v1k0d3n has joined #openstack-keystone13:24
stevemarsamueldmq: hola!13:25
*** mvk has joined #openstack-keystone13:29
*** BobBall has left #openstack-keystone13:35
*** lamt has joined #openstack-keystone13:46
*** lamt has quit IRC13:46
*** lamt has joined #openstack-keystone13:47
*** lamt has quit IRC14:04
*** spzala has joined #openstack-keystone14:11
*** nkinder has joined #openstack-keystone14:14
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone master: Modify the spelling mistakes  https://review.openstack.org/42307914:23
*** jperry has joined #openstack-keystone14:27
*** gitudaniel has joined #openstack-keystone14:31
gitudanielo/14:32
*** agrebennikov__ has joined #openstack-keystone14:33
gitudanielhey guys, I've been trying to set up a keystone user and group using the --keystone-user and --keystone-group. The full command I ran is keystone-manage fernet_setup --keystone-user KEYSTONE --keystone-group KEYSTONE_GROUP. I ran this command as root and got 24897 ERROR keystone. Here is the full paste http://paste.openstack.org/show/597375/14:35
dstanekgitudaniel: is KEYSTONE_USER a valid user?14:36
gitudanieldstanek: I tried that as well and got the same error14:38
dstanekgitudaniel: what are you actually trying to do?14:39
*** lamt has joined #openstack-keystone14:39
*** zzzeek has quit IRC14:40
*** zzzeek has joined #openstack-keystone14:40
stevemardstanek: had a question about the content_length in your webob fix patch14:40
dstanekstevemar: fire away14:41
stevemarts in the review14:41
stevemarbut why set it for only one of the responses?14:41
*** spilla has joined #openstack-keystone14:42
gitudanieldstanek: I'm trying to set up fernet keys on keystone. I ran the command keystone-manage fernet_setup and was told that --keystone-user is needed. I'm setting up a keystone development environment from source so that I can understand how it all comes together14:42
dstanekstevemar: opening the review now...14:42
dstanekgitudaniel: that is the unix user and group that you what the repository created as14:46
dstanekstevemar: are we creating responses in other places i didn't find?14:47
gitudanieldstanek: if I understand you correctly the user and group on my host pc??14:48
dstanekgitudaniel: yes, i'm pretty sure i use root for that and then manually change the permissions so my webserver can read it too14:50
gitudanieldstanek: thanks let me give it a go14:51
*** nkinder has quit IRC14:55
stevemarproposed RC: https://review.openstack.org/#/c/428185/14:55
stevemarthe stable/ocata branch will be created off of the current tip of keystone master14:55
stevemarwe can backport any fixes to stable/ocata and create RC2 if necessary14:56
*** stingaci has joined #openstack-keystone14:57
gitudanieldstanek: thanks it worked. The fernet keys have been created 25267 INFO keystone.common.fernet_utils [-] Become a valid new key: /etc/keystone/fernet-keys/014:58
*** nkinder has joined #openstack-keystone15:00
stevemarcrinkle: o/15:09
*** dikonoor has quit IRC15:10
*** johndperkins has quit IRC15:17
*** dave-mccowan has quit IRC15:18
stevemarbah, why did i not get the notice for https://bugs.launchpad.net/keystoneauth/+bug/166043615:20
openstackLaunchpad bug 1660436 in OpenStack Dashboard (Horizon) "Federated users cannot log into horizon" [Critical,In progress] - Assigned to Colleen Murphy (krinkle)15:20
robcresswellstevemar: The doa fix puts us in a strange place15:23
stevemarrobcresswell: whys that?15:23
* robcresswell still doesnt understand why thats a separate lib15:23
stevemarjust backport it to stable/ocata and re-release, bump FFE upper-constraints15:23
robcresswellstevemar: Just due to versioning and release. I guess we just backport?15:24
robcresswellyeah15:24
stevemarrobcresswell: the requirements team will hate us, but thats not new :)15:24
robcresswellThere isnt a stable/ocata branch...15:24
robcresswellhmm15:24
stevemaroh wait, you haven't done that yet15:24
stevemarah15:24
stevemareven better15:24
robcresswellit should be done, since that should've gone last week15:25
stevemarrobcresswell: release a point release for DOA (3.1.1) https://github.com/openstack/releases/blob/master/deliverables/ocata/django_openstack_auth.yaml15:25
stevemarrobcresswell: i can propose it :)15:25
robcresswellstevemar: I'm a little confused by the missing branch though, thats all.15:26
robcresswellI'll go bug the release team.15:26
stevemarrobcresswell: the PTL is supposed to propse the branch now15:26
*** lamt has quit IRC15:26
stevemarrobcresswell: or release liaison15:26
robcresswell>.<15:26
stevemarrobcresswell: see https://review.openstack.org/#/c/428185/1/deliverables/ocata/keystone.yaml :)15:27
robcresswellokay15:27
robcresswellso that should've been done15:27
robcresswellmaybe we can sneak in the doa release15:27
stevemarrobcresswell: meh, do it now and make stable/ocata tag the 3.1.1 release15:28
stevemarrobcresswell: let the release / requirements team know though15:28
stevemarthey appreciate a heads up :)15:28
robcresswellfun stuff15:28
crinkleo/15:28
stevemarcrinkle: nevermind me, i'm a dummy15:29
*** edmondsw_ has joined #openstack-keystone15:32
*** adrian_otto has joined #openstack-keystone15:33
*** dave-mccowan has joined #openstack-keystone15:34
*** edmondsw has quit IRC15:34
openstackgerritRichard Avelar proposed openstack/keystone master: WIP add db_sync check  https://review.openstack.org/41638315:36
stevemarcrinkle: about that fix...15:37
*** jaosorior has joined #openstack-keystone15:37
*** lamt has joined #openstack-keystone15:37
stevemarcrinkle: won't we be playing whack-a-mole with the clients?15:37
stevemarcrinkle: if images/volumes/object storage/networking panels all load i'm OK with it :)15:38
*** thiagolib has quit IRC15:38
crinklestevemar: I haven't checked if it affects other clients, I'll spin up the other services and see15:40
stevemarcrinkle: ack15:40
*** edtubill has joined #openstack-keystone15:40
*** ravelar has joined #openstack-keystone15:41
knikollao/15:42
*** chris_hultin|AWA is now known as chris_hultin15:43
*** chris_hultin is now known as chris_hultin|AWA15:44
*** lucas_ has joined #openstack-keystone15:45
*** chris_hultin|AWA is now known as chris_hultin15:46
stevemarcrinkle: but no change in keystone necessary?15:46
stevemarcrinkle: that'll be nice :)15:46
crinklestevemar: I don't think so15:48
*** adrian_otto has quit IRC15:51
stevemaryay16:08
stevemarlbragstad dolphm ayoung bknudson dstanek jamielennox samueldmq rodrigods breton morgan let's not merge any new code for the next 24-48 hours (release notes, docs, tests are fine)16:10
samueldmqstevemar: ack16:11
lbragstadstevemar works for me16:11
bknudsonok16:11
*** lucas_ has quit IRC16:11
*** lucas_ has joined #openstack-keystone16:12
*** rcernin has quit IRC16:29
ayoungACK16:32
*** ayoung is now known as ayoung-dentist16:32
*** lucas_ has quit IRC16:34
*** adrian_otto has joined #openstack-keystone16:35
*** lucas_ has joined #openstack-keystone16:38
*** tesseract has quit IRC16:41
*** nkinder has quit IRC16:46
*** browne has joined #openstack-keystone16:47
*** dikonoor has joined #openstack-keystone16:52
*** gitudaniel has quit IRC16:59
*** ravelar has quit IRC16:59
*** ravelar has joined #openstack-keystone17:00
rodrigodsstevemar, ack17:01
*** hoonetorg has quit IRC17:03
*** hoonetorg has joined #openstack-keystone17:04
*** richm has quit IRC17:07
*** lucas_ has quit IRC17:22
openstackgerritMerged openstack/keystone master: Modify the spelling mistakes  https://review.openstack.org/42307917:33
openstackgerritMerged openstack/keystone master: Prepare for using standard python tests  https://review.openstack.org/42786217:35
*** hoonetorg has quit IRC17:38
*** chlong has joined #openstack-keystone17:39
*** hoonetorg has joined #openstack-keystone17:40
*** hoonetorg has quit IRC17:47
*** lucas_ has joined #openstack-keystone17:51
*** jose-phillips has joined #openstack-keystone17:55
*** hoonetorg has joined #openstack-keystone17:59
*** Ephur has joined #openstack-keystone18:05
*** lucas_ has quit IRC18:17
crinklestevemar: seems like novaclient was the only one with an issue18:17
*** dikonoor has quit IRC18:18
*** lucas_ has joined #openstack-keystone18:18
*** tqtran has joined #openstack-keystone18:19
*** spzala has quit IRC18:31
*** spzala has joined #openstack-keystone18:32
* morgan merges all the code!18:34
*** mvk has quit IRC18:35
*** spzala has quit IRC18:37
stevemarcrinkle: great to hear18:40
*** chris_hultin is now known as chris_hultin|AWA18:43
openstackgerritMorgan Fainberg proposed openstack/keystone master: Deprecate (and emit message) auth_token_middleware  https://review.openstack.org/42796218:54
morganstevemar: ^ re-proposed with pike in mind.18:54
morganstevemar: for post Ocata release18:54
rderoseIs there a Keystone/Horizon meeting today?  Are we still having these?18:54
stevemarrderose: let me ask, thanks for the reminder18:55
stevemarrderose: i think we're all in heads-down RC mode18:55
stevemarrderose: was there something you wanted to talk about?18:55
*** ayoung-dentist is now known as ayoung18:55
rderosestevemar: nah, just wanting to take a longer lunch18:55
rderose:)18:55
stevemarrderose: go forth young man!18:56
rderosehaha18:56
rderosethx18:56
*** portdirect is now known as portdirect_away18:57
robcresswellI would like to continue them next cycle at least, though I understand if everyone is tired with end of release18:57
robcresswell(I've seized power in Horizon again. *ahem* I mean, diplomatically elected)18:57
morganayoung: ugh dentist?18:57
morganayoung: sorry man. never fun.18:58
rderoserobcresswell: yeah, would like them to continue as well18:58
rderosenext cycle sounds good18:58
ayoungmorgan, all done18:58
morganstevemar: respinning KVS removal code.18:58
morganstevemar: so we have it teed up for the moment pike opens18:58
robcresswellrderose: Yeah, I think its been pretty productive, and really useful to have some actual knowledge rather than all of Horizon just asking Dave18:59
morganstevemar: i can't wait to land removing > 2000 lines18:59
rderoserobcresswell: yeah :)18:59
morganayoung: i need to review your authorization refactor18:59
rderosemorgan: ++18:59
morganayoung: but at a glance, looks like the right direction18:59
ayoungmorgan, it is just necessary to have all of the is_admin checks use the same mechanism18:59
morganayoung: i agree19:00
morganayoung: you know... i think we need to re-visit having unscoped RBAC.19:00
morganayoung: in keystone.19:00
ayoungmorgan, everywhere, or just for certain operations?19:00
morganayoung: we'd maintain scoped RBAC as well19:01
morganbut having unscoped rbac would be... good for things like Admin19:01
ayoungmorgan, Kubernetes has them as 2 different things.19:01
morganyeah19:01
morganthat is the way i think we should be leaning19:01
ayoungmorgan, to be honest, I don't have the heart for that battle any more.19:02
morganayoung: well you have 2-3 of us who are more inclined, and i think only 1 who was originally strongly against (since gyee isn't involved)19:02
morganayoung: gyee wanted oddly scoped rbac vs unscoped for some operations19:03
morganayoung i mean...19:03
morgananyway...19:03
ayoungmorgan, the scope part has been in there since termie, it was just poorly implemented...but, for now, I'd rather close the loop on what we've started then tilt at any further windmills19:03
morgannot saying you shold be the bearer of that torch19:04
morganjust saying we should re-evaluate that19:04
morganannnnnd... with your changes it becomes easier since is_admin is checked in one place19:04
morganthats all :)19:04
* morgan kicks LDAP identity.19:05
stevemarmorgan: why are you kicking it?19:06
morganstevemar: because our "unit tests" suck for it.19:06
stevemarthey're not that bad19:06
morganhave you looked at FAKELDAP?19:06
morganyes they are.19:06
morgani don't mean the real unit tests i mean the ... lets fake the LDAP backend tests19:06
stevemarohhh19:06
stevemaryeah :(19:06
morgannote air quotes "unit tests"19:07
stevemarmorgan: i've been meaning to push up a patch to fix devstack19:07
stevemarto create an LDAP upon start up19:07
*** jdennis has quit IRC19:08
* stevemar thinking about doing it by default19:08
morgando it as a multi-VM thing and actually use IPA19:08
morganvs "slapd"19:08
morganbut we should do that and ditch any test that is "fake ldap"19:09
ayoungWe could probably clean up the LDAP unit tests with proper canned responses.  FakeLDAP is pretty nasty19:09
morganayoung: as long as we had a functional test suite for LDAP, we could. unfortunately we can't atm because... we don't test the end-to-end (and i say that loosely) otherwise right now19:09
ayoungThen again, we should just toss all of the LDAP code into a middleware layer and use Federation19:09
morganbut it shouldn't be hard to do really.19:09
morganayoung: mod_ldap19:10
ayoungsomething like what dstanek is doing with SAML19:10
morgan;)19:10
ayoungnah19:10
ayoungmod_ldap is too hard coded.  I looked19:10
ayoungPush all of the LDAP calls up front, though, and populate env vars19:10
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove KVS code  https://review.openstack.org/42486219:13
ayoung+5, -218919:14
ayoungI can +2 on that alone!19:14
*** andrewbogott has quit IRC19:16
ayoungmorgan, I'm going through "deploy keystone via Kubernetes"19:17
ayoungonce I get that working ,one thing I want to try is19:17
ayoungdeploy a new container for each IdP19:18
ayoungwhole separate HTTPD server when you push out a new protocol, with just that protocol on it19:18
ayoungAUTH_URL will then be per IdP as well19:18
*** andrewbogott has joined #openstack-keystone19:22
*** chris_hultin|AWA is now known as chris_hultin19:32
*** spzala has joined #openstack-keystone19:33
openstackgerritMorgan Fainberg proposed openstack/keystone master: Deprecate (and slate for removal) UUID tokens  https://review.openstack.org/42838819:33
openstackgerritMorgan Fainberg proposed openstack/keystone master: Deprecate (and slate for removal) UUID tokens  https://review.openstack.org/42838819:36
*** spzala has quit IRC19:38
openstackgerritMorgan Fainberg proposed openstack/keystone master: Deprecate (and slate for removal) UUID tokens  https://review.openstack.org/42838819:38
openstackgerritMorgan Fainberg proposed openstack/keystone master: Deprecate (and emit message) auth_token_middleware  https://review.openstack.org/42787819:41
morgansamueldmq, stevemar: merged ayoung's and my commits for https://review.openstack.org/#/c/427878/ (admin_token), this way it does not remove major functionality (as it shouldn't) but makes it easier to cleanup/remove in the future.19:43
ayoungmorgan, I thought we were keeping UUID tokens19:46
ayoungthere is still a need for them19:46
*** spzala has joined #openstack-keystone19:46
morganayoung: nah.19:47
morganayoung: with making fernet default, i don't think there is anymore.19:47
morganif everything is driving towards / with fernet. slate UUID for removal.19:48
* morgan disagreed with making fernet default19:48
ayoungmorgan, we need to solve some key sync issues then19:48
morganbut having lost that argument, i think we can drive to dropping uuid.19:48
morgan2 cycles ;)19:48
morganmostly it's proposed to force the issue19:49
morganayoung: but in reality, it's no more difficult than deploying SSL certs to multiple web servers19:49
morganayoung: and that is a solved(tm) problem19:49
ayoungmorgan, we are still working on TLS....19:50
morgan*we* are. the world has mechanisms to deploy SSL certs ot many places19:50
morganfernet keys are no more complex than that19:50
ayoungmorgan, most of the world does not do that at the Keystone layer, but at the HA Proxy level.  Key sync needs some thought19:51
morganayoung: key sync needs exactly the same amount of thought as deploying SSL certs to multiple HA Proxies.19:51
morganwhich most people do-infact do19:52
morganor multiple apaches19:52
morganor multiple nginx's19:52
ayoungmorgan, ideally we would have some external, common method for producing, encrypting, transporting, and extracting keys in a secure manner.  My old team was looking to use Custodia to do that19:52
ayounghttps://github.com/latchset/custodia19:52
morganthat is *not* the concern of keystone to come up with19:52
morganthat is the concern of the devops tools19:52
morganjust like SSL certs19:52
ayoungBut external mechanisms have never been very popular in OpenStack19:52
morganwe specify key location/configuration/format19:53
morganlike apache leans on ssl/pem formats19:53
morganand yes, this is a case i am advocating punting over the wall19:53
morgani can't come up with a solution that will work with chef, puppet, ansible, cfengine, docker, etc19:53
morganwe give the clear specification, and let deployers use tools to do so.19:54
morganwe may need another command to generate a simple fernet key vs. shove in a repo19:54
morganbut that is about as far as i could see us needing to go19:54
morganrotation, etc can be pushed onto devops tools as long as we can generate a sane stand-alone key and provide the template for the repo (which iirc is super simple)19:55
ayoungmorgan, I think Tripleo is OK on that front.  I got them to think in terms of generating the Key on the undercloud, and pushing it out with Heat, but I do wish the mechanism was encrypted, and not just obfuscated19:55
morganright, and that is not keystone's job to do19:55
morganbut i agree, it should be encrypted19:55
ayoungIts the extract, and more importantly, the import of the key that we do not have standardized19:55
morganwe can't solve that19:55
ayoungCourse we can19:55
ayoungwe don't want to solve it19:55
morganwe can make loading keys better in keystone19:55
morganno we *cant* solve it19:56
morganwith the volume of tools used out there19:56
morganwe can only solve the keystone looking at the keys and using them19:56
morgananything beyond keystone loading keys/consuming them (and loading i mean into it's process space) it out of scope19:56
ayoungmorgan, if we could export import PKCS12 it would probably be the safest19:56
morgans/it/is19:56
ayounghttps://en.wikipedia.org/wiki/PKCS_1219:56
morgani don't think fernet can be PKCS_12'd but yes that is something we should look at19:57
morganand like i said we probably need to be able to generate a stand-alone key19:57
morganbut those are much easier barriers to cover (minimal code)19:57
ayoungits not Fernet, its a symmetric key, and IO think anything can be PKCS_12ed.  Which is the worst case of verbing I've seen all day19:58
ayoungVerbing weirds language19:58
morganPKCS_12 is very specific about format and options19:59
morgani don't know if we can put arbitrary data in it19:59
morgani'm looking19:59
morganit's https://tools.ietf.org/html/rfc729219:59
ayoungmorgan, we can CMS it if we need, but the real issue is that it requires a asym key for extract20:00
morganayoung: i don't mind supporting asym for extract20:00
morganthe other thing i totally would support would be a trivial impl for a "load_keys" function20:00
ayoungmorgan, we could actually use CMS as the format, in straight encrypt form, and it ends up being the same thing.20:00
morganand we test with raw files from disk, and a tar20:00
morganactually... yes, i think that is the right jchoice.20:01
morganwe just add a load_keys entry-point for fernet20:01
ayoungmorgan, but, again, no heart for it.  nkinder's team is going to be looking in to Custodia support, I think in this upcoming release.20:01
morganand we support simple archive, cms, repo20:01
morganor suple archive (tar) and repo (today) and let nkinder's team propose cms/custodia/etc20:02
morganor someone else help on that front20:02
*** tqtran has quit IRC20:05
openstackgerritGage Hugo proposed openstack/keystone master: WIP Fix multiple uuid warnings with pycadf  https://review.openstack.org/42641120:09
*** lucas_ has quit IRC20:12
*** lucas_ has joined #openstack-keystone20:12
*** adrian_otto has quit IRC20:13
*** mvk has joined #openstack-keystone20:38
*** lucas_ has quit IRC20:44
*** Ephur has quit IRC20:45
*** lucas_ has joined #openstack-keystone20:47
*** adriant has joined #openstack-keystone20:55
*** lucas_ has quit IRC20:58
*** harlowja has quit IRC21:00
*** jdennis has joined #openstack-keystone21:01
*** richm has joined #openstack-keystone21:02
*** lucas_ has joined #openstack-keystone21:02
knikollaayoung: still proposing the talk for RBAC for boston?21:07
*** lucas_ is now known as lucashxu21:08
*** dave-mccowan has quit IRC21:10
ayoungknikolla, yep21:11
*** catintheroof has quit IRC21:14
*** catintheroof has joined #openstack-keystone21:15
*** catintheroof has quit IRC21:19
*** raildo has quit IRC21:19
*** andrewbogott has quit IRC21:26
*** andrewbogott has joined #openstack-keystone21:26
*** adrian_otto has joined #openstack-keystone21:39
*** dave-mccowan has joined #openstack-keystone21:47
openstackgerritOpenStack Release Bot proposed openstack/keystone master: Update reno for stable/ocata  https://review.openstack.org/42844321:48
*** phalmos has joined #openstack-keystone21:52
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Policy in code  https://review.openstack.org/42845321:54
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Define a richer policy by default  https://review.openstack.org/42845421:54
lbragstadjohnthetubaguy ^21:54
*** ravelar has quit IRC21:54
*** Ephur has joined #openstack-keystone21:57
knikollaayoung: want me to present with you?21:58
lbragstadthis pertains to us - https://review.openstack.org/#/c/417441/21:58
ayoungknikolla, I think we passed the submission deadline, but did you get added?  Let me check21:59
lbragstadspilla gagehugo was that related to what you were working on? ^21:59
morganstevemar: did i just see stable/ocata cut?21:59
knikollaayoung: nah, submission deadline is next monday.21:59
stevemarmorgan: mmhmm21:59
*** jdennis has quit IRC21:59
ayoungknikolla, sure...go ahead and submit a bio21:59
morganstevemar: woot. lets land pike code in master then! :P22:00
stevemarmorgan: definitely :)22:00
ayoungknikolla, should be up there now22:01
morganstevemar: also https://review.openstack.org/#/c/427878/2 should be better now, no more removing functionality22:01
morganstevemar: woot https://review.openstack.org/#/c/424862/ can land now.22:01
*** richm has quit IRC22:01
*** richm has joined #openstack-keystone22:01
gagehugolbragstad: https://review.openstack.org/41731522:03
lbragstadgagehugo aha yep22:03
lamtgagehugo lbragstad : yup, would like to discuss microversions in ptg22:03
morganstevemar: we should get that kvs stuff through the door as early as possible - it's kindof ugly and removes enough code we should try and avoid rebases22:04
stevemarmorgan: yep, i was just going to create the 'removed-as-of-pike' bp22:06
morgangagehugo, lamt: as soon as we have a way to rev the api, i'll lift my -2 on that22:06
*** thorst_ has quit IRC22:06
morganbut until we have that in order, we can't move forward =/ (sorry)22:07
gagehugoyeah22:07
lamtmorgan : agreed22:07
stevemarmorgan: releaseeee noteeeee22:10
* stevemar ducks22:10
stevemarif you all just start including release notes, i won't have to -1 everyone22:10
stevemar:D22:10
morganstevemar: shush22:11
*** tqtran has joined #openstack-keystone22:11
morganstevemar: YOURE NOT PTL FOR MUCH LONGER! muahhahaha22:11
morgani mean...22:11
morgan>>22:11
morgan<<22:11
stevemarmorgan: I KNOW RIGHT?!22:11
stevemar:D22:11
morgan;)22:11
stevemarhehe22:11
morganstevemar: i'm proposing a fix to pike, anything using DictBase w/o an extras column is being moved to ModelDictMixin and i'm renaming DictBase to something more descriptive22:12
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Define a richer policy by default  https://review.openstack.org/42845422:12
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Policy in code  https://review.openstack.org/42845322:12
stevemarmorgan: sounds fine to me22:13
morganstevemar: i think some of the models that use extras shouldn't be using it anyway22:17
morganbut... different change22:17
openstackgerritMorgan Fainberg proposed openstack/keystone master: Make use of Dict-base including extras explicit  https://review.openstack.org/42847222:20
morganstevemar: in theory maybe we should white-list current things using DictBase and raise an exception if something new is based on it.22:21
*** spilla has quit IRC22:22
*** harlowja has joined #openstack-keystone22:25
*** richm has quit IRC22:27
openstackgerritMorgan Fainberg proposed openstack/keystone master: Make use of Dict-base including extras explicit  https://review.openstack.org/42847222:28
morganstevemar: ^ something like that22:28
*** ravelar has joined #openstack-keystone22:29
openstackgerritMorgan Fainberg proposed openstack/keystone master: Make use of Dict-base including extras explicit  https://review.openstack.org/42847222:30
*** thorst_ has joined #openstack-keystone22:31
*** harlowja has quit IRC22:32
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove KVS code  https://review.openstack.org/42486222:33
*** harlowja has joined #openstack-keystone22:33
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove KVS code  https://review.openstack.org/42486222:34
*** thorst_ has quit IRC22:35
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove KVS code  https://review.openstack.org/42486222:36
*** edtubill has quit IRC22:36
morganstevemar: ^ there22:36
stevemardanke!22:36
*** martinlopes has joined #openstack-keystone22:37
*** lucashxu has quit IRC22:37
morganstevemar: i got the requisite amount of snark in the remove-as-of-pike yaml file name22:37
*** lucas_ has joined #openstack-keystone22:38
morganstevemar: releasenotes/notes/removed-as-of-pike-deadbeefdeadbeef.yaml (it's VALID hex!)22:40
morganstevemar: def. let that go through ;)22:40
*** erlon has quit IRC22:40
*** lucas_ has quit IRC22:44
*** portdirect_away is now known as portdirect22:49
-openstackstatus- NOTICE: Restarting gerrit due to performance problems22:51
*** edmondsw_ has quit IRC22:53
*** MasterOfBugs has joined #openstack-keystone22:54
*** edmondsw has joined #openstack-keystone22:54
*** adrian_otto has quit IRC22:57
*** edmondsw has quit IRC22:58
*** spzala has quit IRC23:09
*** spzala has joined #openstack-keystone23:09
*** chris_hultin is now known as chris_hultin|AWA23:16
*** spzala has quit IRC23:16
*** spzala has joined #openstack-keystone23:17
*** thorst_ has joined #openstack-keystone23:20
*** dave-mccowan has quit IRC23:28
*** jdennis has joined #openstack-keystone23:44
*** jdennis has quit IRC23:53
*** jdennis has joined #openstack-keystone23:57
« Wednesday, 2017-02-01 Index Friday, 2017-02-03 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!