Tuesday, 2017-06-27

*** thorst has joined #openstack-keystone00:01
*** thorst has quit IRC00:03
*** spzala has joined #openstack-keystone00:13
*** spzala has quit IRC00:13
*** spzala has joined #openstack-keystone00:13
openstackgerritMerged openstack/keystone master: Remove the revocation api config section  https://review.openstack.org/47765300:22
*** sjain has quit IRC00:25
*** zhurong has quit IRC00:45
*** hoonetorg has quit IRC00:53
openstackgerritMerged openstack/keystone master: Remove note about kvs from admin-guide  https://review.openstack.org/47769300:55
*** lucasxu has joined #openstack-keystone00:57
*** lucasxu has quit IRC00:57
*** thorst has joined #openstack-keystone01:04
*** hoonetorg has joined #openstack-keystone01:05
*** thorst has quit IRC01:10
*** aojea has joined #openstack-keystone01:16
*** hoonetorg has quit IRC01:16
*** aojea has quit IRC01:23
*** liujiong has joined #openstack-keystone01:23
*** Shunli has joined #openstack-keystone01:26
stevemarlbragstad: i think stable/newton is toast http://logs.openstack.org/14/469514/1/check/gate-keystone-dsvm-functional-ubuntu-xenial/18ee462/console.html#_2017-06-26_20_49_55_03102101:28
*** hoonetorg has joined #openstack-keystone01:30
*** xuhaigang has joined #openstack-keystone01:31
*** aselius has quit IRC02:08
*** goofie has quit IRC02:10
*** zsli_ has joined #openstack-keystone02:25
*** yushb has joined #openstack-keystone02:26
*** yushb has left #openstack-keystone02:26
*** zsli__ has joined #openstack-keystone02:27
*** Shunli has quit IRC02:27
*** zsli_ has quit IRC02:31
*** wlfightup has joined #openstack-keystone02:55
*** wlfightup_ has joined #openstack-keystone02:59
*** wlfightup has quit IRC03:02
*** wlfightup_ is now known as wlfightup03:02
*** zsli__ has quit IRC03:02
*** zsli_ has joined #openstack-keystone03:02
*** wlfightup_ has joined #openstack-keystone03:02
wlfightup_hello everyone03:03
*** wlfightup_ has quit IRC03:06
*** aojea has joined #openstack-keystone03:09
*** aojea has quit IRC03:13
*** thorst has joined #openstack-keystone03:35
*** thorst has quit IRC03:41
*** links has joined #openstack-keystone03:42
*** Dinesh_Bhor has joined #openstack-keystone04:02
*** zsli_ has quit IRC04:14
*** zsli_ has joined #openstack-keystone04:14
*** spzala has quit IRC04:28
*** spzala has joined #openstack-keystone04:28
*** spzala has quit IRC04:33
*** spzala has joined #openstack-keystone04:36
*** zhurong has joined #openstack-keystone04:36
*** thorst has joined #openstack-keystone04:38
*** thorst has quit IRC04:43
*** htruta` has joined #openstack-keystone05:11
*** htruta has quit IRC05:13
*** breton has quit IRC05:13
*** EmilienM has quit IRC05:13
*** adriant has quit IRC05:13
*** chrome0 has quit IRC05:14
*** raj_singh has quit IRC05:14
*** adriant has joined #openstack-keystone05:14
*** raj_singh has joined #openstack-keystone05:15
*** chrome0 has joined #openstack-keystone05:15
*** john5223_ has quit IRC05:17
*** breton has joined #openstack-keystone05:19
*** EmilienM has joined #openstack-keystone05:20
*** adriant has quit IRC05:20
*** adriant has joined #openstack-keystone05:20
*** adriant67 has joined #openstack-keystone05:25
*** adriant67 has quit IRC05:25
*** adriant has quit IRC05:25
*** adriant has joined #openstack-keystone05:25
*** tobberydberg has joined #openstack-keystone05:27
*** masber has joined #openstack-keystone05:33
*** oomichi_ has joined #openstack-keystone05:36
*** ianw_ has joined #openstack-keystone05:36
*** oomichi has quit IRC05:39
*** ianw has quit IRC05:39
*** oomichi_ is now known as oomichi05:39
*** ianw_ is now known as ianw05:39
*** aojea has joined #openstack-keystone05:39
*** eglute_s has quit IRC05:41
*** eglute has joined #openstack-keystone05:44
*** wlfightup has quit IRC05:54
*** rcernin has joined #openstack-keystone05:55
*** aojea has quit IRC06:05
*** wlfightup has joined #openstack-keystone06:06
*** ayoung has quit IRC06:12
*** ayoung has joined #openstack-keystone06:24
*** rcernin has quit IRC06:26
*** spzala has quit IRC06:29
*** rcernin has joined #openstack-keystone06:32
openstackgerritwangzhenyu proposed openstack/keystoneauth master: Enable some off-by-default checks  https://review.openstack.org/47777506:41
*** thorst has joined #openstack-keystone06:47
*** clayton has quit IRC06:48
*** thorst has quit IRC06:52
*** tesseract has joined #openstack-keystone06:55
*** xuhaigang has quit IRC07:08
*** clayton has joined #openstack-keystone07:11
*** gyee has quit IRC07:23
*** f13o has joined #openstack-keystone07:27
*** pcaruana has joined #openstack-keystone07:32
*** xuhaigang has joined #openstack-keystone07:33
*** toddnni has joined #openstack-keystone07:33
*** f13o has quit IRC07:35
*** f13o has joined #openstack-keystone07:50
*** zzzeek has quit IRC08:00
*** spzala has joined #openstack-keystone08:00
*** zzzeek has joined #openstack-keystone08:03
*** aojea has joined #openstack-keystone08:05
*** spzala has quit IRC08:05
*** aojea has quit IRC08:28
*** aojea has joined #openstack-keystone08:34
*** thorst has joined #openstack-keystone08:49
*** thorst has quit IRC08:53
*** d0ugal has quit IRC08:58
*** d0ugal_ has joined #openstack-keystone08:59
*** d0ugal_ has quit IRC08:59
*** d0ugal has joined #openstack-keystone08:59
*** d0ugal has quit IRC08:59
*** d0ugal has joined #openstack-keystone08:59
*** spzala has joined #openstack-keystone09:01
*** spzala has quit IRC09:06
*** zsli_ has quit IRC09:11
*** Shunli has joined #openstack-keystone09:11
*** zsli_ has joined #openstack-keystone09:15
*** zsli_ has quit IRC09:16
*** Shunli has quit IRC09:17
openstackgerritzhengliuyang proposed openstack/keystone master: Remove hash_algorithms from performance.rst  https://review.openstack.org/46933309:21
*** Shunli has joined #openstack-keystone09:21
*** Shunli has quit IRC09:27
*** jmlowe_ has joined #openstack-keystone09:27
*** iogg has joined #openstack-keystone09:29
*** mvk has quit IRC09:30
*** jlvillal_ has joined #openstack-keystone09:33
*** d0ugal has quit IRC09:34
*** chrome0 has quit IRC09:34
*** hoonetorg has quit IRC09:34
*** jmlowe has quit IRC09:34
*** mgagne has quit IRC09:35
*** jlvillal has quit IRC09:35
*** chrome0 has joined #openstack-keystone09:35
*** jlvillal_ is now known as jlvillal09:36
*** jlvillal is now known as Guest6031909:37
*** mgagne has joined #openstack-keystone09:37
*** mgagne is now known as Guest2879609:37
*** d0ugal has joined #openstack-keystone09:40
*** hoonetorg has joined #openstack-keystone09:41
*** chlong has joined #openstack-keystone09:46
*** mvk has joined #openstack-keystone09:57
*** spzala has joined #openstack-keystone10:02
*** spzala has quit IRC10:06
samueldmqmorning keystone10:11
*** thorst has joined #openstack-keystone10:26
*** thorst has quit IRC10:29
*** wlfightup has quit IRC10:31
*** wlfightup has joined #openstack-keystone10:38
*** chlong_ has joined #openstack-keystone11:04
*** chlong has quit IRC11:04
*** johnthetubaguy has quit IRC11:16
*** johnthetubaguy has joined #openstack-keystone11:18
*** raildo has joined #openstack-keystone11:21
openstackgerritzhengliuyang proposed openstack/keystone master: Improper handle about building list of token deletion  https://review.openstack.org/47510011:33
*** aojea has quit IRC11:34
*** liujiong has quit IRC11:36
knikollao/ morning11:57
*** xuhaigang has quit IRC11:58
*** f13o has quit IRC12:09
*** edmondsw has joined #openstack-keystone12:19
openstackgerritOpenStack Proposal Bot proposed openstack/oslo.policy master: Updated from global requirements  https://review.openstack.org/47805612:20
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements  https://review.openstack.org/47013712:20
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements  https://review.openstack.org/47807812:21
*** f13o has joined #openstack-keystone12:22
*** lifeless has quit IRC12:30
*** pnavarro has joined #openstack-keystone12:37
*** hrybacki|trainin is now known as hrybacki12:38
*** f13o has quit IRC12:40
*** lifeless has joined #openstack-keystone12:43
*** spilla has joined #openstack-keystone12:52
*** lucasxu has joined #openstack-keystone13:05
openstackgerritSamriddhi proposed openstack/keystone master: Migrated docs from devdocs to user docs  https://review.openstack.org/47620013:06
*** ducttape_ has quit IRC13:08
*** ducttape_ has joined #openstack-keystone13:32
*** ducttape_ has quit IRC13:34
*** ducttape_ has joined #openstack-keystone13:35
*** thorst has joined #openstack-keystone13:40
*** sbezverk has quit IRC13:44
*** thorst has quit IRC13:44
*** sbezverk has joined #openstack-keystone13:45
*** bknudson has joined #openstack-keystone13:46
*** iogg is now known as ioggstream13:47
*** thorst has joined #openstack-keystone13:54
*** thorst has quit IRC13:56
openstackgerritSamriddhi proposed openstack/keystone master: Expanded the best practices subsection in devdocs  https://review.openstack.org/47654114:00
ioggstreamhi @all14:02
*** bknudson has quit IRC14:09
*** bknudson has joined #openstack-keystone14:09
*** f13o has joined #openstack-keystone14:16
*** spilla has quit IRC14:17
openstackgerritSamriddhi proposed openstack/keystone master: Reorganised developer documentation  https://review.openstack.org/47660614:27
*** aojea has joined #openstack-keystone14:28
*** aselius has joined #openstack-keystone14:30
*** d0ugal has quit IRC14:32
*** d0ugal has joined #openstack-keystone14:32
*** d0ugal has quit IRC14:32
*** d0ugal has joined #openstack-keystone14:32
openstackgerritSamriddhi proposed openstack/keystone master: Reorganised developer documentation  https://review.openstack.org/47660614:33
*** spzala has joined #openstack-keystone14:35
*** phalmos has joined #openstack-keystone14:59
lbragstadcmurphy: how familiar with our ldap docs are you?15:00
openstackgerritSamriddhi proposed openstack/keystone master: Added new subsections to developer docs  https://review.openstack.org/47663515:00
cmurphylbragstad: i've been known to read them from time to time15:00
lbragstadcmurphy: ok - i have a patch set on the way that attempts to consolidate a bunch of what we have between the admin-guide and the operator docs15:01
lbragstadcmurphy: i'll probably need you to keep me honest15:01
cmurphylbragstad: okay i will make sure to check it out15:01
lbragstadawesome - thanks15:01
cmurphylbragstad: possibly not till tomorrow though15:02
lbragstadcmurphy: yeah - that's fine, i'm still munging stuff locally15:02
*** Guest60319 is now known as jlvillal15:04
*** rcernin has quit IRC15:04
*** links has quit IRC15:05
*** tobberyd_ has joined #openstack-keystone15:07
*** tobberydberg has quit IRC15:11
*** tobberyd_ has quit IRC15:11
*** thorst has joined #openstack-keystone15:13
morgano/ lbragstad15:13
*** lucasxu has quit IRC15:14
*** lucasxu has joined #openstack-keystone15:16
*** jsavak has joined #openstack-keystone15:24
*** lucasxu has quit IRC15:28
*** thorst has quit IRC15:29
*** Shoaibwr12 has quit IRC15:30
*** f13o has quit IRC15:30
*** Shoaibwr12 has joined #openstack-keystone15:30
morganoh wow, i haven't seen jsavak in ages15:30
*** gyee has joined #openstack-keystone15:34
*** pnavarro has quit IRC15:35
*** tobberydberg has joined #openstack-keystone15:36
*** aojea has quit IRC15:37
*** jsavak has quit IRC15:37
*** aojea has joined #openstack-keystone15:38
*** jsavak has joined #openstack-keystone15:38
*** tobberydberg has quit IRC15:39
*** tobberydberg has joined #openstack-keystone15:39
*** tobberydberg has quit IRC15:39
*** tobberydberg has joined #openstack-keystone15:39
*** tobberydberg has quit IRC15:41
*** tobberydberg has joined #openstack-keystone15:42
*** aojea has quit IRC15:42
*** jsavak has quit IRC15:43
*** tobberydberg has quit IRC15:46
*** wlfightup has quit IRC15:48
*** jsavak has joined #openstack-keystone15:59
openstackgerritMerged openstack/oslo.policy master: Updated from global requirements  https://review.openstack.org/47805616:00
openstackgerritLance Bragstad proposed openstack/keystone master: Consolidate LDAP documentation into admin-guide  https://review.openstack.org/47820616:00
openstackgerritMerged openstack/python-keystoneclient master: Updated from global requirements  https://review.openstack.org/47807816:01
*** gyee has quit IRC16:02
*** links has joined #openstack-keystone16:02
*** chlong has joined #openstack-keystone16:05
*** chlong has quit IRC16:05
openstackgerritLance Bragstad proposed openstack/keystone master: Remove duplicate logging documentation  https://review.openstack.org/47769216:08
*** pcaruana has quit IRC16:09
*** thorst has joined #openstack-keystone16:11
*** lucasxu has joined #openstack-keystone16:16
lbragstadalright - breaking for lunch16:18
*** gyee has joined #openstack-keystone16:25
*** rderose has joined #openstack-keystone16:26
*** lucasxu has quit IRC16:29
*** lucasxu has joined #openstack-keystone16:30
*** tesseract has quit IRC16:40
*** lwanderley has joined #openstack-keystone16:42
*** jsavak has quit IRC16:48
*** jsavak has joined #openstack-keystone16:49
*** lucasxu has quit IRC16:49
*** jsavak has quit IRC16:53
*** links has quit IRC16:57
openstackgerritLance Bragstad proposed openstack/keystone master: Consolidate LDAP documentation into admin-guide  https://review.openstack.org/47820617:01
*** jsavak has joined #openstack-keystone17:03
*** aojea has joined #openstack-keystone17:08
*** spzala has quit IRC17:10
*** spzala has joined #openstack-keystone17:10
*** lucasxu has joined #openstack-keystone17:12
*** mvk has quit IRC17:27
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031717:31
*** ducttape_ has quit IRC17:37
*** aojea has quit IRC17:41
*** spilla has joined #openstack-keystone17:41
*** aojea has joined #openstack-keystone17:42
*** aojea has quit IRC17:46
*** lwanderley has quit IRC17:47
*** Shoaibwr12 has quit IRC17:48
*** lwanderley has joined #openstack-keystone17:52
hrybackilbragstad: so office hours will kick off each week with our meeting?17:53
lbragstadhrybacki: essentially17:53
lbragstadhrybacki: or right after is what i was thinking17:53
lbragstadshould make for a nice transition17:53
lbragstadand if we have extra time each week in the meeting we can use it for triage or whatever17:53
*** links has joined #openstack-keystone17:55
hrybackilbragstad: i'll be a few mins late to the mtg17:55
lbragstadhrybacki: no worries - thanks for the heads17:56
*** links has quit IRC18:02
*** sjain_ has joined #openstack-keystone18:06
*** spzala has quit IRC18:10
*** spzala has joined #openstack-keystone18:11
*** spzala has quit IRC18:15
*** spzala has joined #openstack-keystone18:16
*** ioggstream has quit IRC18:22
openstackgerritGage Hugo proposed openstack/keystone master: Add is_admin_project check to policy for non scoped operations  https://review.openstack.org/25763618:31
*** lwanderley has quit IRC18:43
*** spzala has quit IRC18:53
*** jsavak has quit IRC18:54
*** spzala has joined #openstack-keystone18:54
*** jsavak has joined #openstack-keystone18:54
*** jsavak has quit IRC18:59
*** spzala has quit IRC18:59
lbragstadoffice hours will be starting shortly18:59
*** jsavak has joined #openstack-keystone18:59
knikollaI can't attend for these few weeks i'm in europe, but after that i should be a go.19:02
*** aojea has joined #openstack-keystone19:03
hrybackiknikolla: ack19:03
samueldmqI will be back in a bit for office hours19:05
*** spilla has quit IRC19:07
*** tobberydberg has joined #openstack-keystone19:07
*** jsavak has quit IRC19:08
*** sjain_ has quit IRC19:09
*** jsavak has joined #openstack-keystone19:09
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystone master: Remove support for direct import of drivers  https://review.openstack.org/47824319:13
samueldmqlbragstad: ^ let's see what jenkins says about it19:13
lbragstad#startmeeting keystone-office-hours19:14
openstackMeeting started Tue Jun 27 19:14:03 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.19:14
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:14
openstackThe meeting name has been set to 'keystone_office_hours'19:14
hrybackicool. what now?19:15
lbragstadnext - let's go through what we want to try and get done19:16
lbragstadthis can be patches in review19:16
lbragstador bugs in LP19:16
hrybackiwhat needs help the most right now?19:16
lbragstadi use https://goo.gl/ZgrrT719:17
lbragstad#link https://goo.gl/ZgrrT719:17
gagehugolbragstad oh nice19:17
lbragstadthe idea came from dstanek19:18
*** ducttape_ has joined #openstack-keystone19:18
lbragstadbut the objective was to draw attention to the patches we have in review that already close bugs19:18
lbragstadinstead of automatically going to launchpad to find something to fix19:18
lbragstadnot to shamelessly plug my own patch but..19:19
lbragstad#link https://review.openstack.org/#/c/475472/ seems to be close19:19
lbragstad#link https://review.openstack.org/#/c/475929/ is good19:20
lbragstadi can review ^19:20
* lbragstad can't do much, be he can review 7 lines of code19:20
hrybackiI'll peak at your commit now lbragstad19:20
hrybacki /s/commit/review/19:20
lbragstadhrybacki: thanks!19:20
*** aojea has quit IRC19:21
gagehugolbragstad I went with a more generic message for https://review.openstack.org/#/c/475929/19:21
*** aojea has joined #openstack-keystone19:21
gagehugonot sure if we want to tell the user that the backend is ldap19:21
*** mvk has joined #openstack-keystone19:23
lbragstadgagehugo: ok - i think that's fine19:24
*** aojea has quit IRC19:26
lbragstad#action review https://review.openstack.org/#/c/475472/19:26
lbragstad#action review https://review.openstack.org/#/c/475929/19:27
lbragstad#link https://review.openstack.org/#/c/475100/19:27
lbragstad^ that's another one that's ready for review and closes a bug19:27
openstackRemoving item from minutes: #link https://review.openstack.org/#/c/475100/19:27
lbragstadmaybe not - triaging the bug19:28
*** rderose has quit IRC19:28
hrybackilbragstad: gagehugo general question -- when do we add tests?19:29
lbragstadhrybacki: unit tests?19:29
hrybackie.g. for gagehugo's review, would we want to add a test that checks the proper exception is caught?19:29
* hrybacki nods19:29
gagehugohrybacki yeah should probably do that19:29
lbragstadhrybacki: yeah - that'd be good19:30
hrybackido we have a general policy for that though?19:30
lbragstadgagehugo: think you can find a seem to test that?19:30
lbragstadhrybacki: typically every patch should be accompanied with tests19:31
*** tobberydberg has quit IRC19:31
lbragstadsome cases where that's not always the case is ldap stuff (because of integration issues and the slippery slope of mocking and cli stuff)19:31
gagehugoI'll find where we are testing invalid credentials19:31
*** tobberydberg has joined #openstack-keystone19:31
*** spzala has joined #openstack-keystone19:31
*** tobberydberg has quit IRC19:33
*** tobberydberg has joined #openstack-keystone19:33
gagehugoI don't think there are any current ldap unit tests for authing19:42
hrybackithat is a bug in and of itself haha19:42
lamtit might be in the functional test19:43
hrybackiconfused why steve gave +2 here: https://review.openstack.org/#/c/477638/ but left corrections in his comments19:43
lamtif deals with ldap19:43
*** ducttape_ has quit IRC19:46
cmurphyhey guys19:46
cmurphyhow is bug day going?19:46
lbragstadcmurphy: o/19:46
*** jsavak has quit IRC19:46
*** ducttape_ has joined #openstack-keystone19:46
hrybackilots of patches to review here cmurphy: https://goo.gl/H86e3719:48
lbragstad#link https://review.openstack.org/#/c/473245/319:48
*** jsavak has joined #openstack-keystone19:48
lbragstad^ that's a good one, too19:48
cmurphyhrybacki: lbragstad sweet19:49
*** aojea has joined #openstack-keystone19:53
*** tobberydberg has quit IRC19:59
*** tobberydberg has joined #openstack-keystone19:59
*** tobberydberg has quit IRC20:00
*** tobberydberg has joined #openstack-keystone20:00
*** tobberydberg has quit IRC20:01
*** tobberydberg has joined #openstack-keystone20:01
*** rmascena has joined #openstack-keystone20:07
*** rmascena has quit IRC20:09
lbragstad#link https://review.openstack.org/#/c/473245/3 has some good oauth tests in it if anyone is interested20:10
*** raildo has quit IRC20:10
hrybackilbragstad: reviewing that now20:10
lbragstadhrybacki: awesome20:10
hrybackiI love how documented these test are20:14
*** ioggstream has joined #openstack-keystone20:18
lbragstadyeah - that's nice20:19
lbragstadsamueldmq: it'd be good to get your opinion on https://review.openstack.org/#/c/475472/ when you have a minute20:20
*** thorst has quit IRC20:21
*** sjmc7 has joined #openstack-keystone20:46
openstackgerritLance Bragstad proposed openstack/keystone master: Validate rolling upgrade is run in order  https://review.openstack.org/43744120:46
lbragstadcc cmurphy hrybacki gagehugo ^20:47
*** lucasxu has quit IRC20:48
openstackgerritLance Bragstad proposed openstack/keystone master: Validate rolling upgrade is run in order  https://review.openstack.org/43744120:54
* samueldmq is back21:00
*** ducttape_ has quit IRC21:01
samueldmqlbragstad: looking21:02
hrybackiHave to head to my next meeting -- will finish looking over ^ first thing in the morning!21:04
morganI saw a ping of my name in the meetings ng21:09
*** jsavak has quit IRC21:09
sjmc7afternoon, folks. we’ve been doing some scale/stress testing and seen high request times listing projects (specifically, GET /users/<userid>/projects) when a user has access to a lot of them (0.1 seconds with a couple of assignments up to 4-5 seconds with 500). obviously there’s much more data being pulled out of the database, but flat out listing the projects is very fast, so my guess is it’s the role assignment calculations taking the time21:09
morganSomething about options?21:09
sjmc7does anyone have any suggestions if there’s something i can tweak or optimize? i know it’s not a common scenario21:09
morgansjmc7: yep it is the role calculation. Unfortunately that is going to be somewhat slow :(21:10
sjmc7no magic SQL index i can add? :)21:10
morganNot really. We can't do joins because that information could be in different backends21:10
*** tobberydberg has quit IRC21:11
lbragstadmorgan: ah - we were wondering when we can remove https://github.com/openstack/keystone/blob/9070172084fe31c9564de38886662fb198de68cb/keystone/conf/eventlet_server.py21:11
morganUser might be LDAP, project might be database, and roles could be something else. :(21:11
*** tobberydberg has joined #openstack-keystone21:11
sjmc7yeah, that makes sense21:11
morganlbragstad: remove it21:11
morganlbragstad: eventlet is dead21:11
morganFor keystone *21:12
lbragstadmorgan: ok - so those weren't there for backwards compat?21:12
morganMight have been, we used eventlet for testing for a while after we stopped supporting it for deployment21:12
morganMight have been that. We don't do that anymore21:12
morgan(or shouldn't)21:12
lbragstadwe still have the eventlet entry points21:12
morganEventlet should be dead, no?21:13
morganWe don't import it, we don't depend on ot21:13
lbragstadmorgan: well - i can run keystone locally using keystone-wsgi-admin21:13
morganAgain, I say make the last vestige disappear.21:13
openstackgerritLance Bragstad proposed openstack/keystone master: Document and add release note for HEAD APIs  https://review.openstack.org/47828421:15
openstackgerritLance Bragstad proposed openstack/keystone master: Document and add release note for HEAD APIs  https://review.openstack.org/47828421:15
*** ioggstream has quit IRC21:15
lbragstadmorgan: ok21:16
lbragstadcc cmurphy samueldmq hrybacki gagehugo ^ that one closes another bug21:18
sjmc7morgan: do you know where the time’s getting spent? querying role assignments is also very fast - is  there a lot of manipulation of the result going on in code?21:19
lbragstadsjmc7: do you happen to have caching enabled?21:20
sjmc7no, we don’t21:21
*** tobberydberg has quit IRC21:21
lbragstadsjmc7: that may have a significant impact on your results21:21
*** tobberydberg has joined #openstack-keystone21:21
sjmc7yeah, i imagine it would. i’ll give that a go, thanks21:22
*** ducttape_ has joined #openstack-keystone21:23
openstackgerritLance Bragstad proposed openstack/keystone master: Remove duplicate list() call when list projects  https://review.openstack.org/47828621:26
lbragstadsjmc7: ^ looking at the code now21:26
*** tobberydberg has quit IRC21:26
sjmc7lbragstad: thanks. i had a look, and it looked pretty straightforward (retrieve the assignments, retrieve all the projects by id)21:27
sjmc7but there’s something goign on - listing assignments with GET /role_assignments?user.id takes around 0.1 seconds and GET /projects is about 0.2 (including outputting to the terminal)21:28
sjmc7again, i know this isn’t exactly a common case that’d be optimized for21:28
lbragstadwe seem to jump from https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L23221:28
lbragstadright to the resource driver https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/resource/backends/sql.py#L85-L9321:28
lbragstadsjmc7: do you have any insight or ability to time each line in https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L226 ?21:29
sjmc7yeah, i can do that21:30
lbragstadsjmc7: hmmmm21:31
sjmc7i think this might be an old version (newton?) but it doesn’t look like it’s changed much21:32
lbragstadsjmc7: since we don't define that method in the resource manager, i wonder if it's even possible to cache it ?21:32
samueldmqlbragstad: done in the GET/HEAD reviews21:32
sjmc7# TODO(henry-nash): We might want to consider list limiting this at some21:32
sjmc7# point in the future.21:32
samueldmqI will need a bit of time to test that one in the db_sync check in my environment21:32
sjmc7someoen was here before me :)21:32
lbragstadsamueldmq: awesome - thanks for the feedback21:32
*** phalmos has quit IRC21:32
lbragstadsjmc7: we typically implement caching based on method arguments21:34
openstackgerritGage Hugo proposed openstack/keystone master: Clarify LDAP invalid credentials exception  https://review.openstack.org/47592921:34
lbragstadsjmc7: like this https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/token/provider.py#L18021:34
gagehugolbragstad hrybacki ^21:35
lbragstadgagehugo: running tests on it now21:35
gagehugoalso I noticed that one added test is being ran 8 times21:35
*** ducttape_ has quit IRC21:35
lbragstadgagehugo: it's probably because that test module is being inherited in other places21:36
gagehugolbragstad yeah21:36
gagehugoI wonder if that could be cleaned up?21:36
lbragstadi have a hard time wrapping my head around the dependencies of ldap/sql test modules21:36
lbragstadgagehugo: oh - i'm sure it could21:36
*** thorst has joined #openstack-keystone21:36
*** bknudson has quit IRC21:37
lbragstadsjmc7: since we don't have those methods defined in the resource manager, i'm not sure it's possible to cache them21:37
sjmc7that’s sad :(21:37
lbragstadsjmc7: i'd be curious to see if your results change with caching enabled21:37
lbragstadsjmc7: if not - that's certainly a bug21:37
lbragstadsjmc7: and we can get a fix up easy enough and possibly backported to ocata (we won't be able to backport to newton though)21:38
lbragstadsjmc7: it was likely missed because the method is defined in the driver and there isn't much business logic to move it up to the manager21:38
sjmc7ok. just generating timing info now21:40
*** thorst has quit IRC21:42
cmurphyI don't really know what to make of https://review.openstack.org/#/c/466567 - I'm trying to curl those APIs and they're broken because there's no pki_setup21:42
sjmc7lbragstad: looks like all the time’s taken inside list_role_assignments21:44
openstackgerritLance Bragstad proposed openstack/keystone master: Move list projects from ids to manager and cache  https://review.openstack.org/47829321:44
lbragstadsjmc7: that's a total wild guess21:45
lbragstadsjmc7: here - https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L227 ?21:45
sjmc7i’ll jam some timing info in there21:46
lbragstadsjmc7: hmm - https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/backends/sql.py#L190-L247 doesn't look trivial21:47
sjmc7no, but calling GET /role_assignments?user.id= *is* quick21:47
lbragstadsjmc7: hmm - which eventually calls into https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L88221:50
sjmc7those role assignment functions do get complicated quick21:53
lbragstadsjmc7: both of those API end up calling the same driver method21:53
sjmc7yeah :(21:53
gagehugolbragstad I'm getting 2 failures, I wonder if I can move this test to another class where it won't be ran 8 times21:54
*** ioggstream has joined #openstack-keystone21:54
lbragstadgagehugo: yeah - i got a couple, too21:54
lbragstadsjmc7: i wonder if it's a difference of using `effective` or not21:55
lbragstadsjmc7: https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L22821:55
sjmc7yeah, there’s a branch on that21:55
sjmc7gonna put some more timing around it21:56
lbragstadthe GET /role_assignment?user.id= API doesn't calculate effective role assignments unless you ask it to21:56
lbragstadsjmc7: but... list_projects_for_users does no matter what21:56
sjmc7ah, just spits them out from the DB21:56
sjmc7the list_effective function i can see would be expensive21:57
lbragstadhere - https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L931-L93521:58
lbragstadyeah - maybe time that?21:58
lbragstadsjmc7: https://github.com/openstack/keystone/blob/a1976aa2c9b70de30ea6f646b430bd49f82dbcc1/keystone/assignment/core.py#L692 looks intense, too21:59
*** aojea has quit IRC22:01
*** aojea has joined #openstack-keystone22:01
sjmc7yep :)22:03
sjmc7yeah, so calling /users/abc/projects list_effective is taking around 4 seconds. list_direct is very fast22:05
lbragstadsjmc7: so - sounds like effectively role assignments could be improved22:05
*** aojea has quit IRC22:05
sjmc7yeah, looks like it. it seems it’s unlikely to be the database since wit a few hundred rows even a full table scan will be very quick22:06
lbragstadyeah - effective role assignment probably has a lot of marshalling in python22:06
lbragstadwhich is more likely the case22:07
lbragstadsjmc7: would you be able to open a bug against keystone and include your timing?22:08
sjmc7yeah, will do22:08
lbragstadsjmc7: thanks22:09
lbragstadhrybacki: gagehugo cmurphy lamt that about does it for office hours22:09
lbragstadthanks for coming!22:09
openstackMeeting ended Tue Jun 27 22:09:54 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:09
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-06-27-19.14.html22:09
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-06-27-19.14.txt22:09
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-06-27-19.14.log.html22:09
lbragstadi kinda like using the meeting bot22:10
openstackgerritGage Hugo proposed openstack/keystone master: Clarify LDAP invalid credentials exception  https://review.openstack.org/47592922:16
*** phalmos has joined #openstack-keystone22:16
*** thorst has joined #openstack-keystone22:16
gagehugolbragstad tests pass there ^22:17
*** thorst has quit IRC22:17
lbragstadgagehugo: cool - reviewing it quick22:17
lbragstadhrybacki: any thoughts on my comments here? or should we address it in another patch set https://review.openstack.org/#/c/449246/6/keystone/common/policies/implied_role.py ?22:21
sjmc7https://bugs.launchpad.net/keystone/+bug/1700852 lbragstad . i have to step away, thanks for the help22:21
openstackLaunchpad bug 1700852 in OpenStack Identity (keystone) "Slow listing projects for user with many role assignments" [Undecided,New]22:21
lbragstadsjmc7: no problem - thanks for opening the bug22:22
*** ducttape_ has joined #openstack-keystone22:22
*** spzala has quit IRC22:28
*** spzala has joined #openstack-keystone22:29
*** phalmos_ has joined #openstack-keystone22:33
*** spzala has quit IRC22:33
*** phalmos has quit IRC22:35
*** phalmos has joined #openstack-keystone22:38
*** phalmos_ has quit IRC22:38
*** phalmos has quit IRC22:58
openstackgerritMerged openstack/keystone master: Implement HEAD for assignment API  https://review.openstack.org/47391222:59
*** ioggstream has quit IRC23:04
*** hoonetorg has quit IRC23:09
*** hoonetorg has joined #openstack-keystone23:26
*** phalmos has joined #openstack-keystone23:27
*** ducttape_ has quit IRC23:28
*** phalmos_ has joined #openstack-keystone23:29
*** phalmos has quit IRC23:32
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031723:41
*** phalmos_ has quit IRC23:42
*** phalmos has joined #openstack-keystone23:43
*** spzala has joined #openstack-keystone23:47
openstackgerritMerged openstack/keystone master: Move ec2 credential policies to DocumentedRuleDefault  https://review.openstack.org/44923523:47
*** thorst has joined #openstack-keystone23:51
*** spzala has quit IRC23:51
*** thorst has quit IRC23:52
*** phalmos has quit IRC23:55

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!