Monday, 2017-04-24

« Sunday, 2017-04-23 Index Tuesday, 2017-04-25 »
*** stingaci has quit IRC00:08
*** stingaci has joined #openstack-keystone00:09
*** stingaci has quit IRC00:36
*** thorst has joined #openstack-keystone00:45
*** tovin07 has joined #openstack-keystone00:48
*** thorst has quit IRC00:50
*** Nakato has quit IRC01:14
*** thorst has joined #openstack-keystone01:21
*** thorst has quit IRC01:22
*** liujiong has joined #openstack-keystone01:27
*** jamielennox is now known as jamielennox|away01:33
*** jamielennox|away is now known as jamielennox01:44
*** namnh has joined #openstack-keystone01:44
*** thorst has joined #openstack-keystone01:47
*** Nakato has joined #openstack-keystone01:56
*** thorst has joined #openstack-keystone02:18
*** nicolasbock has quit IRC02:21
*** thorst has quit IRC02:36
*** Guest76746 is now known as med_02:37
*** med_ has joined #openstack-keystone02:38
*** Shunli has joined #openstack-keystone03:07
*** aojea has joined #openstack-keystone03:14
*** aojea has quit IRC03:18
*** jaugustine has joined #openstack-keystone03:29
*** thorst has joined #openstack-keystone03:33
*** dikonoor has joined #openstack-keystone03:36
*** dave-mccowan has quit IRC03:37
*** thorst has quit IRC03:37
*** prashkre has joined #openstack-keystone03:49
*** jaugustine has quit IRC03:54
*** jaugustine has joined #openstack-keystone03:59
*** Dinesh_Bhor has joined #openstack-keystone04:06
*** jaugustine has quit IRC04:26
*** dikonoor has quit IRC04:32
*** thorst has joined #openstack-keystone04:34
*** thorst has quit IRC04:38
*** dikonoor has joined #openstack-keystone04:43
*** oomichi has quit IRC04:46
*** aojea has joined #openstack-keystone05:07
*** thorst has joined #openstack-keystone05:34
*** thorst has quit IRC05:39
*** dikonoor has quit IRC05:43
*** aojea has quit IRC05:45
*** aojea has joined #openstack-keystone05:47
*** dikonoor has joined #openstack-keystone05:51
*** aojea has quit IRC05:52
*** adriant has quit IRC06:08
*** Dinesh_Bhor has quit IRC06:13
*** liujiong has quit IRC06:27
*** Dinesh_Bhor has joined #openstack-keystone06:27
*** thorst has joined #openstack-keystone06:35
*** thorst has quit IRC06:39
*** aojea has joined #openstack-keystone06:48
*** yangyapeng has joined #openstack-keystone06:52
yangyapenghello GUys, Install OpenStack in Devstack have a error, keystone did not start06:53
*** voelzmo has joined #openstack-keystone06:53
*** aojea has quit IRC06:54
*** voelzmo has quit IRC07:02
*** voelzmo has joined #openstack-keystone07:12
*** pcaruana has joined #openstack-keystone07:24
*** jaosorior has joined #openstack-keystone07:33
*** thorst has joined #openstack-keystone07:37
*** rcernin has joined #openstack-keystone07:43
*** d0ugal has joined #openstack-keystone07:50
*** d0ugal has quit IRC07:50
*** d0ugal has joined #openstack-keystone07:50
*** Aqsa has joined #openstack-keystone07:52
*** thorst has quit IRC07:56
*** zzzeek has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** rcernin has quit IRC08:23
*** evrardjp has joined #openstack-keystone08:41
*** aojea has joined #openstack-keystone08:50
*** aojea has quit IRC08:55
*** dikonoor has quit IRC08:55
*** dikonoor has joined #openstack-keystone09:21
*** dikonoor has quit IRC09:32
*** Shunli has quit IRC09:42
*** thorst has joined #openstack-keystone09:53
*** mvk has quit IRC09:54
*** masber has quit IRC09:54
*** thorst has quit IRC09:57
*** nicolasbock has joined #openstack-keystone10:06
*** aojea has joined #openstack-keystone10:14
*** aloga has quit IRC10:21
*** aloga has joined #openstack-keystone10:21
*** yangyapeng has quit IRC10:22
*** mvk has joined #openstack-keystone10:23
*** dikonoor has joined #openstack-keystone10:42
*** thorst has joined #openstack-keystone10:53
openstackgerritAqsa Malik proposed openstack/keystone master: Fix mapping_purge failure  https://review.openstack.org/40830410:58
*** thorst has quit IRC10:58
*** raildo has joined #openstack-keystone11:09
*** dave-mccowan has joined #openstack-keystone11:09
*** dikonoor has quit IRC11:11
*** zhugaoxiao has quit IRC11:13
*** zhurong has joined #openstack-keystone11:17
*** zhugaoxiao has joined #openstack-keystone11:17
*** dikonoor has joined #openstack-keystone11:29
*** zhugaoxiao has quit IRC11:34
*** zhugaoxiao has joined #openstack-keystone11:35
*** thorst has joined #openstack-keystone11:42
*** prashkre has quit IRC12:03
*** namnh has quit IRC12:05
*** lamt has quit IRC12:18
*** slunkad has joined #openstack-keystone12:24
*** edmondsw has joined #openstack-keystone12:26
*** catintheroof has joined #openstack-keystone12:37
*** stingaci has joined #openstack-keystone12:37
*** zhurong has quit IRC12:39
*** stingaci has quit IRC12:42
*** lamt has joined #openstack-keystone13:01
*** kencjohnston has quit IRC13:02
*** jerrygb has joined #openstack-keystone13:02
*** prashkre has joined #openstack-keystone13:14
*** jdwidari has joined #openstack-keystone13:41
*** erhudy has joined #openstack-keystone13:44
*** d0ugal_ has joined #openstack-keystone13:45
*** d0ugal has quit IRC13:48
*** d0ugal_ has quit IRC13:55
*** d0ugal has joined #openstack-keystone13:58
*** d0ugal has quit IRC14:01
*** d0ugal has joined #openstack-keystone14:32
*** g0d355__ has joined #openstack-keystone14:34
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Added "warning-is-error" sphinx check for docs  https://review.openstack.org/43981914:52
openstackgerritGage Hugo proposed openstack/python-keystoneclient master: Remove pbr warnerrors in favor of sphinx check  https://review.openstack.org/44146814:56
*** richm has joined #openstack-keystone15:00
*** adrian_otto has joined #openstack-keystone15:01
*** phalmos has joined #openstack-keystone15:08
*** sjain has joined #openstack-keystone15:11
ayoungknikolla, did you see my comments about the default/wildcard values in the pattern match?15:13
knikollaayoung: yes, working on that now. the wildcard verb case is easy. i'm unsure about the wildcard path. the routes library provides a syntax for wildcards https://routes.readthedocs.io/en/latest/setting_up.html#wildcard-routes15:14
ayoungknikolla, good catch15:15
ayoungknikolla, also, do you know how to get devstack setup to be able to test this?  I can help with that15:15
*** sjain has quit IRC15:16
knikollaayoung: where is ksm installed in devstack?15:17
ayoungknikolla, so, what you want to do is treat ksm and the other libraries as global installs15:17
knikollaayoung:  if it's in site-packages it's just pip install -e . and restarting apache15:17
ayoungknikolla, so, yeah, /usr/libwhatever/python27/sit-packages15:17
ayoungyou can do su and then python setup.py install in the respective directories15:18
ayoungthere is even an option to symlink to the source code directory, but I'd have to dig to remember15:18
openstackgerritKristi Nikolla proposed openstack/keystonemiddleware master: WIP - Role check in middleware  https://review.openstack.org/45893115:19
knikollaayoung: this fixes some of your comments ^^ i still need to plug in the cache though15:19
ayoungknikolla, right now I'm not expanded the implied roles on the server side. We can either build that into the middleware, or we need to modify the server to expand.15:29
*** david-lyle has joined #openstack-keystone15:29
ayoungoh, with15:29
ayoungwait15:29
ayoungfor now, we can expand the implied roles in the token validation.  Good enough for round one15:29
knikollaayoung: elaborate on that15:38
ayoungknikolla, I was thinking that your code need to call and expand the implied roles, but that is already handled15:38
ayoungwhen you validate the token, the keystone server is capable of doing that15:39
ayoungit is a config option that needs to be set, but that is enough for now15:39
knikollaayoung: i see15:39
ayoungthe other option is to expand the implied roles in the routes, either on the server side or in the middleware, but not a first iteration problem15:39
*** zhurong has joined #openstack-keystone15:42
knikollaayoung: ack15:45
*** zhurong has quit IRC15:57
*** Aqsa has quit IRC16:00
*** gyee has joined #openstack-keystone16:00
*** voelzmo has quit IRC16:02
*** zhurong has joined #openstack-keystone16:02
*** dikonoor has quit IRC16:03
*** zhurong has quit IRC16:07
*** sjain has joined #openstack-keystone16:14
sjainHi, I'm a new contributor, I made my first contribution here, https://review.openstack.org/#/c/450038/16:14
sjainCan anyone please review the changes16:14
*** jerrygb has quit IRC16:16
*** dikonoor has joined #openstack-keystone16:29
*** gyee has quit IRC16:32
SamYaple /win 616:33
*** jerrygb has joined #openstack-keystone16:33
*** mvk has quit IRC16:39
*** gyee has joined #openstack-keystone16:42
*** sjain has quit IRC16:54
*** jaosorior is now known as jaosorior_away16:59
knikollaayoung: if there is no rule match. what should be the default behavior?17:02
ayoungknikolla, if the role check is enabled and there is no rule match, denuy17:02
ayoungdeny17:02
knikollaayoung: ack17:03
*** adrian_otto1 has joined #openstack-keystone17:06
*** zhugaoxiao has quit IRC17:06
*** zhugaoxiao has joined #openstack-keystone17:07
knikollaayoung: should we treat /bla and /bla/ the same?17:08
*** adrian_otto has quit IRC17:09
*** jdennis1 has joined #openstack-keystone17:15
*** jdennis has quit IRC17:17
ayoungknikolla, lets go with whatever routes does by default17:17
ayoungnot try to add out own logic17:18
*** mvk has joined #openstack-keystone17:18
knikollaayoung: I think our APIs treat them as the same17:19
knikollaayoung: routes treats them differently17:19
ayoungknikolla, go with routes17:19
*** Aqsa has joined #openstack-keystone17:22
openstackgerritKristi Nikolla proposed openstack/keystonemiddleware master: WIP - Role check in middleware  https://review.openstack.org/45893117:22
*** adrian_otto1 has quit IRC17:23
knikollaayoung: added some unit tests and the role_check option ^^17:24
knikollawill start real testing after lunch17:24
*** dikonoor has quit IRC17:41
*** eandersson has joined #openstack-keystone17:54
*** chlong has joined #openstack-keystone17:59
*** catintheroof has quit IRC18:01
*** ducttape_ has joined #openstack-keystone18:02
*** ducttape_ has quit IRC18:04
*** ducttape_ has joined #openstack-keystone18:22
Yash_Hi people18:25
Yash_I am facing this error : You are not authorized to perform the requested action: identity:create_domain. (HTTP 403) when trying to do any adminstrative task18:25
Yash_Can anyone help me with this?18:26
*** stingaci has joined #openstack-keystone18:34
*** catintheroof has joined #openstack-keystone18:38
edmondswYash_ did you check your /etc/keystone/policy.json file?18:56
edmondswlook for "identity:create_domain" there18:56
edmondswit will tell you who is allowed to do that18:56
edmondswlbragstad or anyone... What's the best way to recover from "ValueError: Fernet key must be 32 url-safe base64-encoded bytes"18:58
edmondswSomeone is reporting this on a system where the disk had filled up, and I'm thinking maybe that interfered with the key rotation cron job18:58
lbragstadedmondsw ohhh18:58
* lbragstad goes to find a bug reoprt18:58
lbragstadedmondsw is this what you're seeing? https://bugs.launchpad.net/keystone/+bug/164245719:00
openstackLaunchpad bug 1642457 in OpenStack Identity (keystone) "Fernet rotate doesn't prevent rotation when disk is full" [Low,Fix released] - Assigned to John Lin (johnlinp)19:00
edmondswlbragstad yeah, probably19:01
lbragstadthat landed in ocata19:01
edmondswlbragstad so once it's happened, what would suggest to fix the system?19:02
edmondswpatching keystone-manage will prevent it from happening again, but won't get the 500 to go away...19:03
lbragstadedmondsw i'd probably start looking at all the fernet keys and figure out if the oldest ones could be removed19:03
edmondswsound like the problem is with the staged key, though19:03
edmondswcan't just remove that, since you have to have a staged key, right?19:03
edmondswso somehow need to put a valid key in that file19:03
edmondswsuggestion on how to create a valid key myself?19:04
lbragstadyou could generate a key manually19:04
lbragstadyeah - i can get you an exmaple19:04
edmondswtx19:04
lbragstadedmondsw per the pyca/cryptography docs - http://cdn.pasteraw.com/57kpixuj8d2e36ny082t0kzvc8od5sr19:05
lbragstadhttps://github.com/pyca/cryptography19:05
edmondswlbragstad tx!19:06
lbragstadyou could patch that into the staged key manually to fix it19:06
lbragstadthen go about the key distribution like you normally would19:06
lbragstadedmondsw np!19:06
Aqsacmurphy: Thanks for all the pointers in the unit test!19:40
*** jerrygb has quit IRC19:42
cmurphyAqsa: glad I could help :)19:43
*** prashkre has quit IRC19:49
*** ducttape_ has quit IRC19:56
*** Yash_ has quit IRC20:01
*** pcaruana has quit IRC20:01
*** harlowja has quit IRC20:03
*** raildo has quit IRC20:04
*** MasterOfBugs has joined #openstack-keystone20:08
*** jamielennox is now known as jamielennox|away20:13
*** jerrygb has joined #openstack-keystone20:17
*** jamielennox|away is now known as jamielennox20:20
*** jerrygb has quit IRC20:21
*** Aqsa has quit IRC20:33
*** ducttape_ has joined #openstack-keystone20:56
*** harlowja has joined #openstack-keystone20:59
*** thorst has quit IRC21:01
*** adrian_otto has joined #openstack-keystone21:02
*** ducttape_ has quit IRC21:05
*** ducttape_ has joined #openstack-keystone21:05
*** ducttape_ has quit IRC21:10
*** ducttape_ has joined #openstack-keystone21:14
openstackgerritKristi Nikolla proposed openstack/keystone master: WIP - Routes API Ref  https://review.openstack.org/45898321:15
*** catintheroof has quit IRC21:15
*** ducttape_ has quit IRC21:16
*** adrian_otto has quit IRC21:19
*** ducttape_ has joined #openstack-keystone21:20
*** adrian_otto has joined #openstack-keystone21:20
*** aojea has quit IRC21:26
openstackgerritGage Hugo proposed openstack/python-keystoneclient master: Remove pbr warnerrors in favor of sphinx check  https://review.openstack.org/44146821:28
openstackgerritGage Hugo proposed openstack/keystonemiddleware master: Added "warning-is-error" sphinx check for docs  https://review.openstack.org/43981921:31
*** jamiec has quit IRC21:35
*** jamiec has joined #openstack-keystone21:38
*** thorst has joined #openstack-keystone21:41
*** thorst has quit IRC21:46
*** jlk has joined #openstack-keystone22:21
*** phalmos has quit IRC22:30
*** adrian_otto has quit IRC22:52
*** ducttap__ has joined #openstack-keystone23:19
*** ducttape_ has quit IRC23:19
*** jlk has left #openstack-keystone23:21
*** hyakuhei has quit IRC23:22
*** hyakuhei has joined #openstack-keystone23:28
*** ducttap__ has quit IRC23:29
*** dave-mccowan has quit IRC23:30
*** spotz_ has quit IRC23:34
*** lamt has quit IRC23:36
*** spotz_ has joined #openstack-keystone23:56
*** spotz_ has quit IRC23:58
« Sunday, 2017-04-23 Index Tuesday, 2017-04-25 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!