Wednesday, 2017-07-05

« Tuesday, 2017-07-04 Index Thursday, 2017-07-06 »
*** edmondsw has joined #openstack-keystone00:16
*** edmondsw has quit IRC00:20
*** thorst has joined #openstack-keystone00:27
*** ducttape_ has joined #openstack-keystone00:31
*** ducttape_ has quit IRC00:36
*** aselius has joined #openstack-keystone00:45
*** liujiong has joined #openstack-keystone01:14
*** Shunli has joined #openstack-keystone01:24
*** markvoelker has joined #openstack-keystone01:36
*** edmondsw has joined #openstack-keystone02:04
*** markvoelker has quit IRC02:08
*** edmondsw has quit IRC02:09
*** zhurong has joined #openstack-keystone02:12
*** lbragstad has joined #openstack-keystone02:17
*** ChanServ sets mode: +o lbragstad02:17
*** thorst has joined #openstack-keystone02:28
*** ducttape_ has joined #openstack-keystone02:33
*** thorst has quit IRC02:33
*** gongysh has joined #openstack-keystone02:33
*** ducttape_ has quit IRC02:37
*** openstackgerrit has joined #openstack-keystone02:51
openstackgerritSamriddhi proposed openstack/keystone master: Added configuration references to documentation  https://review.openstack.org/47454302:51
*** aselius has quit IRC02:55
openstackgerritSamriddhi proposed openstack/keystone master: WIP: Added configuration options using oslo.config  https://review.openstack.org/47963103:00
*** rajalokan has joined #openstack-keystone03:05
*** markvoelker has joined #openstack-keystone03:06
*** markvoelker has quit IRC03:39
*** links has joined #openstack-keystone03:44
*** gongysh has quit IRC03:54
*** lbragstad has quit IRC03:55
*** thorst has joined #openstack-keystone03:58
*** thorst has quit IRC04:03
*** goofie has quit IRC04:18
*** gongysh has joined #openstack-keystone04:26
*** ducttape_ has joined #openstack-keystone04:31
*** ducttape_ has quit IRC04:35
*** markvoelker has joined #openstack-keystone04:36
*** mtreinish has quit IRC04:44
*** mtreinish has joined #openstack-keystone04:51
*** aojea has joined #openstack-keystone05:01
*** markvoelker has quit IRC05:08
*** ducttape_ has joined #openstack-keystone05:11
*** ducttape_ has quit IRC05:16
*** aojea has quit IRC05:20
*** aojea has joined #openstack-keystone05:21
*** aojea has quit IRC05:22
*** aojea has joined #openstack-keystone05:23
*** aojea has quit IRC05:28
*** aojea has joined #openstack-keystone05:28
*** aojea has quit IRC05:33
*** tobberydberg has joined #openstack-keystone05:34
*** edmondsw has joined #openstack-keystone05:40
*** edmondsw has quit IRC05:45
*** tobberyd_ has joined #openstack-keystone05:56
*** thorst has joined #openstack-keystone05:59
*** tobberydberg has quit IRC05:59
*** thorst has quit IRC06:05
*** markvoelker has joined #openstack-keystone06:05
*** tobberyd_ is now known as tobberydberg06:17
*** belmoreira has joined #openstack-keystone06:36
*** markvoelker has quit IRC06:39
*** tobberydberg has quit IRC06:53
*** tobberydberg has joined #openstack-keystone06:53
*** tobberydberg has quit IRC06:54
*** tobberydberg has joined #openstack-keystone06:55
*** tobberydberg has quit IRC06:59
*** tobberydberg has joined #openstack-keystone06:59
*** tesseract has joined #openstack-keystone07:02
*** tobberydberg has quit IRC07:07
*** tobberydberg has joined #openstack-keystone07:07
*** tobberydberg has quit IRC07:08
*** tobberydberg has joined #openstack-keystone07:09
*** ducttape_ has joined #openstack-keystone07:12
*** ducttape_ has quit IRC07:17
*** rcernin has joined #openstack-keystone07:19
*** edmondsw has joined #openstack-keystone07:29
*** edmondsw has quit IRC07:33
*** markvoelker has joined #openstack-keystone07:36
*** xuhaigang has quit IRC07:40
*** d0ugal has joined #openstack-keystone07:46
*** d0ugal has quit IRC07:46
*** d0ugal has joined #openstack-keystone07:46
*** tobberydberg has quit IRC07:57
*** tobberydberg has joined #openstack-keystone07:57
*** zzzeek has quit IRC08:00
*** thorst has joined #openstack-keystone08:01
*** zzzeek has joined #openstack-keystone08:01
*** xuhaigang has joined #openstack-keystone08:04
*** thorst has quit IRC08:05
*** tobberydberg has quit IRC08:06
*** tobberydberg has joined #openstack-keystone08:07
*** tobberydberg has quit IRC08:08
*** markvoelker has quit IRC08:08
*** tobberydberg has joined #openstack-keystone08:09
*** tobberydberg has quit IRC08:09
*** tobberydberg has joined #openstack-keystone08:09
*** tobberydberg has quit IRC08:31
*** tobberydberg has joined #openstack-keystone08:31
*** tobberydberg has quit IRC08:33
*** tobberydberg has joined #openstack-keystone08:33
*** tobberydberg has quit IRC08:33
*** tobberydberg has joined #openstack-keystone08:34
*** links has quit IRC08:37
*** tobberydberg has quit IRC08:38
*** tobberydberg has joined #openstack-keystone08:39
*** links has joined #openstack-keystone08:53
openstackgerritBoris Bobrov proposed openstack/keystoneauth master: Change locations of docs for intersphinx  https://review.openstack.org/48044708:54
*** aojea has joined #openstack-keystone09:01
*** tobberydberg has quit IRC09:03
*** tobberydberg has joined #openstack-keystone09:04
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient master: Change locations of docs for intersphinx  https://review.openstack.org/48045309:04
openstackgerritBoris Bobrov proposed openstack/keystoneauth master: Change locations of docs for intersphinx  https://review.openstack.org/48044709:05
*** markvoelker has joined #openstack-keystone09:06
*** tobberydberg has quit IRC09:08
*** tobberydberg has joined #openstack-keystone09:08
*** Shunli has quit IRC09:12
*** ducttape_ has joined #openstack-keystone09:13
*** edmondsw has joined #openstack-keystone09:17
*** ducttape_ has quit IRC09:17
bretonanybody awake?09:18
bretoncould someone please review and approve https://review.openstack.org/#/c/480453/ ?09:19
knikollao/09:21
*** edmondsw has quit IRC09:21
openstackgerritBoris Bobrov proposed openstack/python-keystoneclient master: Bring back intersphinx reference to keystoneauth  https://review.openstack.org/48046509:21
openstackgerritBoris Bobrov proposed openstack/keystonemiddleware master: Change locations of docs for intersphinx  https://review.openstack.org/48047409:30
*** markvoelker has quit IRC09:39
*** sjain has joined #openstack-keystone09:46
*** links has quit IRC09:49
samueldmqsjain:  hi09:51
samueldmqmorning09:51
*** sjain_ has joined #openstack-keystone09:53
*** sjain has quit IRC09:55
*** thorst has joined #openstack-keystone10:02
*** links has joined #openstack-keystone10:03
*** thorst has quit IRC10:06
*** liujiong has quit IRC10:07
*** ayoung has quit IRC10:15
openstackgerritStephen Finucane proposed openstack/oslo.policy master: sphinxext: Use field lists in output  https://review.openstack.org/48050210:24
*** ayoung has joined #openstack-keystone10:25
*** markvoelker has joined #openstack-keystone10:36
*** tobberydberg has quit IRC10:43
*** tobberydberg has joined #openstack-keystone10:44
*** zhurong has quit IRC10:45
*** thorst has joined #openstack-keystone10:47
*** thorst has quit IRC10:49
*** thorst has joined #openstack-keystone11:00
*** edmondsw has joined #openstack-keystone11:05
*** sjain_ has quit IRC11:07
*** tobberyd_ has joined #openstack-keystone11:08
*** edmondsw has quit IRC11:09
*** gongysh has quit IRC11:09
*** markvoelker has quit IRC11:10
*** tobberydberg has quit IRC11:11
openstackgerritDavanum Srinivas (dims) proposed openstack/oslo.policy master: import configuration guide content from openstack-manuals repo  https://review.openstack.org/47859711:26
*** thorst has quit IRC11:36
openstackgerritMerged openstack/python-keystoneclient master: Change locations of docs for intersphinx  https://review.openstack.org/48045311:48
*** aojea has quit IRC11:54
*** aojea has joined #openstack-keystone12:01
*** raildo has joined #openstack-keystone12:01
*** aojea has quit IRC12:05
*** markvoelker has joined #openstack-keystone12:07
*** aojea has joined #openstack-keystone12:10
*** gongysh has joined #openstack-keystone12:11
*** aojea has quit IRC12:15
*** markvoelker has quit IRC12:16
*** markvoelker has joined #openstack-keystone12:17
*** edmondsw has joined #openstack-keystone12:22
*** tobberyd_ is now known as tobberydberg12:24
*** jmlowe has quit IRC12:28
*** aojea has joined #openstack-keystone12:28
*** dims has quit IRC12:29
*** sjain has joined #openstack-keystone12:30
*** aojea has quit IRC12:34
*** sjain has quit IRC12:34
*** sjain has joined #openstack-keystone12:34
*** ducttape_ has joined #openstack-keystone12:36
*** aojea has joined #openstack-keystone12:38
*** gongysh has quit IRC12:38
*** ducttape_ has quit IRC12:41
*** aojea has quit IRC12:42
*** thorst has joined #openstack-keystone12:44
*** dims has joined #openstack-keystone12:44
*** thorst_ has joined #openstack-keystone12:45
*** thorst has quit IRC12:48
*** sjain has quit IRC12:53
*** jsavak has joined #openstack-keystone12:56
*** lucasxu has joined #openstack-keystone13:00
*** bknudson has joined #openstack-keystone13:04
*** jmlowe has joined #openstack-keystone13:06
*** sjain has joined #openstack-keystone13:12
*** catintheroof has joined #openstack-keystone13:18
*** links has quit IRC13:24
*** zhurong has joined #openstack-keystone13:44
*** jsavak has quit IRC13:57
*** aojea has joined #openstack-keystone13:59
*** dmellado has joined #openstack-keystone14:01
dmelladohi there, I wanted to ask you a question, I've noticed that there's no longer a 5000 port around there14:01
dmelladois this related to the change to uswgi?14:01
dmelladoif so, how could I get back to having 5000 and 35357 ports around?14:02
dmelladoayoung: ^^ rodrigods ^^14:02
dmelladothanks in advance!14:02
*** aojea has quit IRC14:02
*** aojea has joined #openstack-keystone14:03
*** ducttape_ has joined #openstack-keystone14:03
dmelladowould I recover that by using KEYSTONE_DEPLOY=mod_wsgi ?14:04
openstackgerritMerged openstack/oslo.policy master: import configuration guide content from openstack-manuals repo  https://review.openstack.org/47859714:07
*** jsavak has joined #openstack-keystone14:08
*** zhurong has quit IRC14:09
openstackgerritMerged openstack/oslo.policy master: switch from oslosphinx to openstackdocstheme  https://review.openstack.org/47859614:20
bretondmellado: why would you want it?14:21
dmelladojust for the sake of doing a test with another service, I know that that's no longer the default way14:22
dmelladobut for the sake of my test that'd be great of knowing if I could somehow revert that14:22
dmelladoxD14:22
dmelladobreton: is that related to the uswgi then?14:23
ayoungdmellado, it is a deployment question14:29
ayoungare you talking devstack>?14:29
dmelladoayoung: yep, I'm talking about devstack14:29
ayoungso 5000 is dumb, but if it is gone, it is cuz devstack finally realized that14:30
ayoungand so I assume one of us put in a patch14:30
morganAfaik, devstack stopped listening on port 500014:30
dmelladoayoung: I was thinking about https://github.com/openstack-dev/devstack/blob/master/lib/keystone#L6414:30
dmelladomorgan: basically I'm trying to integrate it with mangeiq and that would expect a 5000 endpoint14:31
*** chlong_ has joined #openstack-keystone14:31
morgandmellado: the idea is that you should need the high ports for keystone. Port 80 is sufficient14:31
dmelladoalso I was trying to use the python-keystoneclient but couldn't get to connect there14:31
ayoungif you have code that is explicitly looking for port 5000 instead of OS_AUTH_URL you are in a state of sin14:32
dmelladomorgan: so  the example of https://github.com/openstack/python-keystoneclient14:32
ayoungso, do not expect a deployment to do port anything14:32
dmelladoauth = v3.Password(auth_url="http://example.com:5000/v314:32
ayounggetent services https14:32
morganThat is a very old example14:32
dmelladowould now just be http://example.com/identity/v314:32
morganThat we need to remove14:32
morganYeah. That looks correct14:33
ayoungdmellado, yep14:33
dmelladohmmm I see14:33
dmelladoif just for the sake of testing I'd like to get back to the 5000 and 35357 env14:33
dmelladohow far in the past should I go? xD14:33
morganYou'll need to manually add the elements to the keystone apache config14:34
morganOr ... Back to Ocata?14:34
dmelladomorgan: so back to ocata should be 'enough'?14:34
morganI think Ocata devstack still had the ports14:34
morganMight be mitaka14:34
dmelladoso stable/ocata for *both* devstack and ocata14:35
dmelladoand keystone14:35
morganBasically, you can configure keystone on the ports, but it is highly recommended to use port 8014:35
morganEven in Ocata, we never tested against port 500014:35
dmelladohow could I configure keystone on that way?14:35
morganIt was there just to be sure nothing broke14:35
morganYou add listen directives and vhosts on those ports in the apache config14:36
*** rajalokan has quit IRC14:40
dmelladoI see14:45
dmelladomorgan: sorry for disturbing you14:54
dmelladoI'm trying devstack stable/ocata14:54
dmelladowith keystone branch stable/ocata too14:54
dmelladoand I'm getting into this issue14:54
dmellado2017-07-05 14:52:28.490 | cp: cannot stat '/opt/stack/keystone/etc/policy.json': No such file or directory14:54
dmelladodoes this rings a bell or I just should give up on this attempt xD14:55
*** bknudson has quit IRC14:59
*** lucasxu has quit IRC15:00
*** bknudson has joined #openstack-keystone15:01
*** liujiong has joined #openstack-keystone15:03
*** liujiong has quit IRC15:04
*** lbragstad has joined #openstack-keystone15:05
*** ChanServ sets mode: +o lbragstad15:05
*** belmoreira has quit IRC15:06
*** aselius has joined #openstack-keystone15:18
*** rcernin has quit IRC15:21
*** chlong has joined #openstack-keystone15:23
*** chlong has quit IRC15:26
ayoungdmellado, looks like something hates policy15:29
ayoungI suspect it has something to do with us generating policy.json instead of checking it in to git15:29
dmelladoayoung: I'm redeploying from scratch from stable/ocata and checking15:29
*** bknudson has quit IRC15:30
dmelladowho knows what can had happened with the 'downgrade'15:30
ayoungdmellado, yeah, would not expect downgrade to be safe.  Never have found it to work in any software product reliably.  TOo many assumptions that are not really tested15:30
* ayoung an optimist15:30
dmelladohehehe15:31
*** bknudson has joined #openstack-keystone15:31
*** lucasxu has joined #openstack-keystone15:35
*** gyee has joined #openstack-keystone15:36
*** jsavak has quit IRC15:37
*** jdennis has quit IRC15:46
*** dstepanenko has quit IRC15:48
*** jsavak has joined #openstack-keystone15:52
sjainHi, I'm working on docs and I need to link policy.json sample file somewhere, can anyone pls direct me where I can find one like https://git.openstack.org/cgit/openstack/keystone/plain/etc/policy.json?h=stable/ocata ?15:53
sjainis it the yaml file created in doc/source/_static directory?15:54
openstackgerritLance Bragstad proposed openstack/keystone master: Remove duplicate token docs  https://review.openstack.org/47763815:56
lbragstadstevemar: samueldmq I addressed your comments ^15:56
*** sjain has quit IRC15:58
*** chlong_ has quit IRC15:58
*** aojea has quit IRC16:00
openstackgerritKelly Hall proposed openstack/keystone master: Trim Whitespace from X-Subject-Token  https://review.openstack.org/47042516:03
*** tobberyd_ has joined #openstack-keystone16:08
*** tobberydberg has quit IRC16:08
*** tobberyd_ has quit IRC16:09
*** tobberydberg has joined #openstack-keystone16:09
*** chlong_ has joined #openstack-keystone16:15
*** sjain has joined #openstack-keystone16:21
*** markvoelker has quit IRC16:24
morgandmellado: you weren't disturbing me :)16:26
morgandmellado: you need to always deploy devstack clean (in my experience)16:26
morgandowngrade is never safe ;)16:26
*** lucasxu has quit IRC16:27
*** tobberydberg has quit IRC16:30
*** markvoelker has joined #openstack-keystone16:30
*** tobberydberg has joined #openstack-keystone16:30
lbragstadsjain: were you asking based on https://review.openstack.org/#/c/474543/7 ?16:31
sjain@lbragstad: yes16:31
sjainI have made all the changes16:31
sjainjust can't find the policy.json file16:32
lbragstadsjain: the configuration ref is the last thing keystone needs for the doc-migration i think16:32
lbragstadsjain: have you tried generating it?16:32
sjainits almost done, the oslo.config part is also complete16:32
lbragstadawesome16:32
sjainhow to do that, I'm not sure16:32
lbragstadsjain: here is an example16:33
lbragstadhttps://docs.openstack.org/oslo.policy/latest/user/sphinxpolicygen.html16:33
sjainI have found a yaml file in _static directory16:33
sjainyes16:33
sjainI have included the other files with this only16:33
sjainfrom the openstack manuals, there are 4 sample files ref that need to be included16:34
sjainhttps://review.openstack.org/#/c/474543/7/doc/source/config-ref/samples/index.rst16:34
sjainthe other 3 I was able to find in etc/ directory16:34
sjainor the doc/source/_static directory16:35
sjainbut I'm not able to find the exact match for policy.json16:35
lbragstadsjain: that's because we generate the policy file from source16:35
lbragstadwe can also do that with the configuration file16:36
lbragstad(both keystone.conf and policy.json can be generated)16:36
sjainthere is a file keystone.policy.yaml.sample in _static, is that the one?16:36
lbragstadI'm not sure that the logging configuration can be generated and the keystone paste pipeline can't16:36
lbragstadsjain: let me see if i can find the example16:37
sjainhttps://github.com/openstack/keystone/tree/master/etc16:37
sjainthis keystone-paste is not an example?16:37
lbragstadsjain: https://github.com/openstack/keystone/blob/master/etc/keystone-paste.ini is an example16:38
lbragstadsjain: but we maintain it manually - instead of generating it16:38
sjainokay, so I'll just reference it from here16:39
sjainlogging example is also there16:39
lbragstadyeah16:39
*** toddnni has quit IRC16:39
lbragstadsjain: you should be able to reference the sample configuration file by doing something like this - https://github.com/openstack/keystone/blob/82f60fe22c405829f8e5f6576f25cf3663b10f73/doc/source/sample_files/sample_config.rst16:40
sjainsee there are some sample config files already included in docs16:40
sjainyeah I was also referencing those16:40
sjainin those the entire yaml file is directly used16:40
sjainfor this case I might need to convert it into json16:41
sjainplus once this patch is complete, we may not need those sample_files ^^16:41
lbragstadright16:41
lbragstadthose can be removed that way we only maintain a single copy that lives in the configuration guide16:42
sjainyeah16:42
sjainso currently the file policy.json is rendered like this https://docs.openstack.org/ocata/config-reference/identity/samples/policy.json.html16:42
sjainin openstack manuals16:42
lbragstadsjain: i think what dhellmann is saying here is to link to the _static/ representation of the policy file or generate it using oslo.policy instead of using a remote link16:43
lbragstadhttps://review.openstack.org/#/c/474543/7/doc/source/config-ref/samples/policy-json.rst16:43
sjainI agree16:43
*** toddnni has joined #openstack-keystone16:44
sjainthe only issue is that for the policy.json file, we have a yaml file and not a json one in _static directory16:44
sjainso for now I'll just include that16:45
lbragstadbut it should render like this - https://docs.openstack.org/keystone/latest/sample_files/sample_policy.html16:45
sjainyes right16:46
sjainand what we want is https://docs.openstack.org/ocata/config-reference/identity/samples/policy.json.html16:46
lbragstadohhh16:46
lbragstadi see what you mean16:46
sjainyeah16:46
lbragstadi personally think the .yaml format is fine16:46
lbragstadsjain: is there a requirement saying that we have to generate a .json representation?16:47
sjainokay16:47
sjainNone that I know of, it is just around the whole documentation we are saying use these sample files and we have not included a json file in that format16:48
lbragstadah16:49
lbragstadthe policy file can be in .yaml or .json format16:49
sjainI'll probably use the .yaml file for now16:49
sjainif needed, we will make changes later16:49
lbragstadI'd argue the yaml format is better because it is easier to generate a sample with comments16:49
lbragstadcomments don't really exist in .json16:50
sjainhmm right16:50
lbragstadwe've tried to do workaround for that in the past, but the yaml format actually supports it16:50
sjainokay, so its better to keep it in that format then16:51
lbragstadsjain: i would think so - unless asettle or dhellmann has a reason not to16:51
lbragstadsjain: does that help?16:51
sjainI'll ask them for review, lets see16:52
sjainyeah, thanks :)16:52
lbragstadsjain: cool - let me know when you need me to look at the next revision :)16:52
sjainsure :)16:52
* lbragstad steps away for a minute16:52
*** aojea has joined #openstack-keystone17:14
*** aojea has quit IRC17:19
*** chlong_ has quit IRC17:21
*** sjain___ has joined #openstack-keystone17:26
*** sjain has quit IRC17:26
*** ducttape_ has quit IRC17:31
*** chlong_ has joined #openstack-keystone17:33
*** ducttape_ has joined #openstack-keystone17:38
openstackgerritSamriddhi proposed openstack/keystone master: Added configuration references to documentation  https://review.openstack.org/47454317:53
sjain___Hi I'm trying to setup my environment, can someone please tell me how to step up fernet keys?17:57
*** bknudson has quit IRC17:59
*** bknudson has joined #openstack-keystone18:00
raildosjain___, depends on which version of Openstack you're doing the setup, is it on master? it's a devstack or a real deployment?18:05
*** Guest39045 is now known as med_18:05
*** med_ has joined #openstack-keystone18:05
sjain___devstack I think18:06
raildoif you're using the master, I believe that fernet is the default token provider18:07
sjain___okay so how should I set up those18:10
sjain___?18:10
sjain___I'm trying to use this for setting up the environment, https://docs.openstack.org/keystone/latest/devref/development_best_practices.html18:10
raildosjain___, first of all this is an dev reference, so if you're trying to setup an dev environment that right, if not, you should take a look on the other version. For example on this session related to the token provider: https://docs.openstack.org/ocata/config-reference/identity/token-provider.html18:13
*** rderose has joined #openstack-keystone18:14
sjain___raildo: yes, I need to set up the dev environment18:16
raildosjain___, so, did you follow those steps? like copy the keystone.conf file, run the server, create tables?18:18
raildosjain___, if you did so, you're already using fernet tokens in your dev env18:19
sjain___yes I'm getting this error "The request you have made requires authentication (HTTP 401)"18:19
sjain___samueldmq suggested that I should setup fernet tokens18:20
*** dave-mccowan has joined #openstack-keystone18:21
raildoon which request you got this error?18:22
sjain___when I ran  tools/sample_data.sh18:23
raildosjain___, do you have the traceback?18:25
sjain___http://paste.openstack.org/show/614492/18:25
raildohum... this doesn't looks like a clear environment, since everything already exists, are you running in using a virtual environment for this?18:27
sjain___yes I'm running it on a virtual environment18:28
raildosjain___, Did you tried the bootstrap? https://docs.openstack.org/keystone/latest/configuration.html18:30
sjain___yes I did, same result with that too18:30
raildosjain___, hum... that's weird...18:30
raildosjain___, so, i suggest execute the keystone-manage doctor, so we can figure out if there is any issue on this env, if you to try setup fernet tokens, you should try the keystone-manage fernet_setup command18:32
sjain___raildo: okay, I'll try that18:33
sjain___raildo: what is the exact command?18:34
raildosjain___, keystone-manage doctor18:34
sjain___keystone-manage doctor is giving me an error18:35
raildocan you send a paste link with the error?18:35
sjain___http://paste.openstack.org/show/614494/18:35
raildowell this is weird, since it's a supported option in the configuration docs, just do an keystone-manage --help and see if you find any similar there18:36
raildoare you sure that you're running this with the master version?18:37
sjain___master version meaning on the master branch?18:39
raildoyeap18:39
sjain___yes18:39
sjain___I ran keystone-manage --help, no doctor option18:39
raildook,did you tried authenticate on Keystone using the openstack cli?18:41
raildohttps://docs.openstack.org/keystone/latest/configuration.html18:42
raildoso, we can check if your whole setup are weird or only this authentication method18:42
sjain___I haven't yet18:42
sjain___which commands should I follow from there?18:43
raildoso, I suggest try with the openstack cli, since yoor log are showing that you already created the projects, users, domains...18:43
sjain___I tried openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ project list, it gave: __init__() got an unexpected keyword argument 'project_name'18:46
sjain___with openstack user list, it again gave : The request you have made requires authentication. (HTTP 401)18:46
raildosjain___, yeap, you should export the whole variables with the proper values that you have in your keystone.conf file18:46
openstackgerritMerged openstack/keystoneauth master: Change locations of docs for intersphinx  https://review.openstack.org/48044718:47
raildofor example:18:47
*** rcernin has joined #openstack-keystone18:47
raildohttp://paste.openstack.org/show/614495/18:47
sjain___I followed these commands while setting up from here, https://docs.openstack.org/keystone/latest/devref/development_best_practices.html18:48
sjain___I'll try that again18:48
sjain___same error18:52
raildodamn, I've to be off for a while, I'll try come back to help with other ways18:53
sjain___okay no prob, thanks :)18:54
openstackgerritSamriddhi proposed openstack/keystone master: Added configuration options using oslo.config  https://review.openstack.org/47963118:55
*** bknudson has quit IRC18:58
*** bknudson has joined #openstack-keystone18:59
*** bknudson has quit IRC19:01
*** ducttape_ has quit IRC19:02
*** jsavak has quit IRC19:03
*** bknudson has joined #openstack-keystone19:04
*** jsavak has joined #openstack-keystone19:04
lbragstadsjain___: I'm looking at your error19:06
lbragstadsjain___: that doesn't look fernet specific19:06
sjain___okay, anything else which can be tried upon?19:07
lbragstadsjain___: if keystone is missing fernet keys, but is configured to issued fernet tokens - we throw a 500 and fail to start https://github.com/openstack/keystone/blob/82f60fe22c405829f8e5f6576f25cf3663b10f73/keystone/token/providers/fernet/core.py#L33-L4519:07
lbragstadsjain___: how are you authenticating?19:07
lbragstadsjain___: actually - what are you doing when you receive a 401?19:08
sjain___I tried this doc, https://docs.openstack.org/keystone/latest/devref/development_best_practices.html19:08
sjain___openstack user list19:09
lbragstadsjain___: ah - i bet that information is stale19:09
sjain___tools/sample_data.sh19:09
sjain___both of these give me this error19:09
* samueldmq is back19:09
lbragstadsjain___: ah - you're just trying bootstrap your deployment I take it19:11
samueldmqlbragstad: I was wondering why we dont just tell our devs to run keystone-manage bootstrap and go from there19:11
lbragstadsamueldmq: i'm wondering the exact same thing19:11
samueldmqas opposed to tools/sample_data (which bootstraps much more data, used by devstack I think)19:12
lbragstadi don't really see a reason to support two separate bootstrapping methods19:12
samueldmqlbragstad: I think tools/sample_data is used by devstack19:12
lbragstadhmm19:12
samueldmqif it really is, we could move it to their repo? or maybe put in the devstack plugin/whateve directory19:12
lbragstadsamueldmq: or help devstack leverage keystone-manage bootstrap19:13
samueldmqlbragstad: that'd awesome19:13
samueldmqand we keep a single tool and don't confuse people :)19:13
*** chlong_ has quit IRC19:14
samueldmqlbragstad: for now I think we should ask sjain___ to replace "Initial Sample Data" with "Bootstrapping"19:14
samueldmqputting a brief explanation on it + commands19:14
sjain___I tries bootstrapping command too, it didn't work for me19:15
sjain___*tried19:15
lbragstadi believe we already have a section on bootstrapping keystone with `keystone-manage`19:15
samueldmqsjain___: hmm, something might be wrong in your env then, keystone-manage bootstrap should have worked just fine19:15
sjain___I can add that19:15
sjain___ohh19:16
samueldmqlbragstad: I think we have for the operator guide19:16
sjain___so what should I do now?19:16
lbragstadsjain___: what trace do you get when you try to use keystone-manage bootstrap?19:16
* samueldmq #link https://docs.openstack.org/keystone/latest/configuration.html#bootstrapping-keystone-with-keystone-manage-bootstrap19:16
lbragstadsamueldmq: yeah19:16
lbragstadsamueldmq: we also duplicate that documentation in the install guides19:16
samueldmqlbragstad: ^ I wouldn't be opposed to putting just the command there and 1-2 lines of explanation19:17
lbragstadwhich i think is probably fine19:17
samueldmqand maybe point to the operator for further details19:17
sjain___I don't remember, let me run it again19:17
samueldmqlbragstad: yes I think so, those docs have different purposes (testing,prod,etc), but all can/need to benefit from bootstrap19:17
samueldmqand operator docs should definitely contain more details19:18
samueldmqbecause it's prod19:18
sjain___samueldmq: lbragstad this I think works, http://paste.openstack.org/show/614501/19:19
*** ducttape_ has joined #openstack-keystone19:20
sjain___what should I try next?19:20
sjain___openstack user list again gives the same error HTTP 40119:21
lbragstadsjain___: ok - so bootstrap worked?19:21
sjain___yes, the output is in that link ^^19:22
lbragstadsjain___: cool - try authenticating as the admin user now19:22
sjain___but after that openstack user list again gave the same error19:22
lbragstadsamueldmq: i'm grepping the devstack project and I don't see that script used anywhere19:22
samueldmqwell, it's saying the user/project/etc already exists19:22
samueldmqsjain___: ^ which means they have already been created19:23
lbragstadsjain___: are you sure you have the right variables sourced?19:23
samueldmqyou may be passing the wrong password, for example19:23
sjain___they should be19:23
samueldmqmaybe wrong project, absence of projec19:23
samueldmqmight be different things ,make suere all your vars have the correct values19:23
samueldmqlbragstad: ++19:23
lbragstadsjain___: can you copy/paste the exact bootstrap command you used?19:24
samueldmqlbragstad: which is just cool. let's remove it (needs deprecation?)19:24
lbragstadsamueldmq: i wouldn't think so - but we should take it to the mailing list19:24
samueldmqlbragstad: +=19:24
lbragstadboth -dev and -operator mailing lists19:24
samueldmq++19:24
lbragstadjust to double check19:24
sjain___I just used keystone-manage bootstrap --bootstrap-password s3cr3t19:25
samueldmqlbragstad: there is a tool for searching code in openstack projects19:25
samueldmqsupported by infra I thing, we could try searching with that19:25
*** ducttap__ has joined #openstack-keystone19:25
sjain___then this http://paste.openstack.org/show/614502/19:25
lbragstadsamueldmq: http://codesearch.openstack.org/19:25
*** ducttape_ has quit IRC19:26
samueldmqlbragstad: looks like just the rpm-packaging project uses it19:26
samueldmqI agree with you the emails to the MLs is the right hting19:27
lbragstadsjain___: my example adminrc file looks like this - http://paste.openstack.org/show/614503/19:27
samueldmqsjain___: if you go to http://localhost:500019:27
samueldmqdoes it return you the discovery json?19:27
lbragstadwhich i use by doing `source adminrc` then `openstack token issue` or whatever command i want19:27
samueldmqlbragstad: sjain___: try eliminating the \ in your command19:28
samueldmqand using it in a single line. I remember to have seen weird things when trying that for a demo19:28
sjain___okay I'll try that19:28
lbragstadsamueldmq: i wonder if the rpm-packaging project has an irc channel?19:30
*** chlong_ has joined #openstack-keystone19:30
lbragstadsamueldmq: it doesn't look like they use it - they just package it19:30
samueldmqlbragstad: ++19:31
*** ducttape_ has joined #openstack-keystone19:34
*** jsavak has quit IRC19:36
lbragstadsamueldmq: done http://lists.openstack.org/pipermail/openstack-dev/2017-July/119309.html19:36
samueldmqlbragstad: nice19:37
samueldmqsjain___: have you tried that?19:37
sjain___yes, no luck19:37
sjain___same error19:37
samueldmqsjain___: ok, can you get a clean env?19:37
*** ducttap__ has quit IRC19:38
sjain___I tried with a new env19:38
sjain___deleted the previous one19:38
*** jsavak has joined #openstack-keystone19:40
*** jsavak has quit IRC19:41
*** jsavak has joined #openstack-keystone19:41
samueldmqsjain___: :(19:42
samueldmqlbragstad: when simply running uwsgi with default .conf19:42
samueldmqdoes it run on sqlite?19:42
lbragstadsjain___: try `openstack project list --os-username admin --os-project-name admin --os-auth-url http://localhost:5000/v3 --os-password s3cr3t`19:43
lbragstadsamueldmq: that's a good question - i'm not sure19:43
sjain___smae19:44
sjain___*same19:44
lbragstadoh19:46
lbragstadsjain___: try rerunning bootstrap19:48
lbragstadsjain___: with the endpoint and service information19:48
lbragstadhttp://paste.openstack.org/show/614506/19:48
sjain___same error again :(19:50
lbragstadtry `openstack token issue --os-username admin --os-project-name admin --os-auth-url http://localhost:5000/v3 --os-password s3cr3t`19:51
sjain___again the same error19:53
sjain___what do these statements do?19:53
lbragstadsjain___: hmm - is this a devstack install?19:54
sjain___do they interact with mysql db?19:54
lbragstadkeystone-manage bootstrap connects to keystone and bypasses authentication to create initial data for keystone to run19:54
*** chlong_ has quit IRC19:55
sjain___okay19:55
sjain___devstack install meaning?19:55
*** tesseract has quit IRC19:56
lbragstadsjain___: did you install the environment using devstack? https://github.com/openstack-dev/devstack/tree/master19:56
sjain___no19:56
sjain___I followed this https://docs.openstack.org/keystone/latest/devref/development_best_practices.html, and directly used the git repo19:57
lbragstadsjain___: have you run the keystone-manage db_sync step?19:59
sjain___yes I did19:59
lbragstadok19:59
sjain___that worked fine19:59
lbragstadare you running keystone on port 5000 or did you use the exact command above?20:00
lbragstad$ uwsgi --http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)20:00
sjain___yes its running on port 5000, i checked that in browser20:01
*** bknudson has quit IRC20:01
lbragstadsjain___: did you install keystone into a virtualenv?20:01
lbragstadusing `pip install -e path/to/keystone` ?20:01
sjain___no, I don't remember doing that20:02
lbragstadsjain___: what happens if you run `which keystone-wsgi-admin`?20:02
*** bknudson has joined #openstack-keystone20:03
lbragstadsjain___: does it give you the path of a file?20:03
sjain___yes this: /usr/bin/keystone-wsgi-admin20:03
lbragstadhmm20:03
*** tobberyd_ has joined #openstack-keystone20:04
lbragstadi assume you see something similar for `which keystone-wsgi-public`20:04
sjain___hmm right, which keystone-wsgi-public20:04
lbragstadok20:04
sjain___this, /usr/bin/keystone-wsgi-public20:04
lbragstadi wonder how you installed keystone?20:04
*** rcernin has quit IRC20:05
sjain___I followed each step in that developer best practices20:05
lbragstadsjain___: these? https://docs.openstack.org/keystone/latest/devref/development_environment.html20:06
sjain___I'll do one thing, I'll clone a new repo20:06
sjain___yes20:06
*** tobberydberg has quit IRC20:07
sjain___I'll do everything on a new repo again20:07
*** tobberyd_ has quit IRC20:09
bretonplease review https://review.openstack.org/#/q/is:open+AND+(keystone+OR+keystoneauth+OR+keystonemiddleware+OR++oslo.cache+OR++python-keystoneclient)+AND+topic:doc-migration to unlock our docs20:11
bretonif gerrit has existing -1, recheck, because it might already get fixed20:11
breton*if workflow20:12
bretonargh20:12
breton*if jenkins has -120:12
*** rcernin has joined #openstack-keystone20:14
*** bknudson has quit IRC20:16
*** bknudson has joined #openstack-keystone20:16
openstackgerritRaildo Mascena proposed openstack/keystone master: Fixing flushing tokens workflow  https://review.openstack.org/48028720:21
openstackgerritMerged openstack/keystone master: Remove duplicate token docs  https://review.openstack.org/47763820:22
*** tobberydberg has joined #openstack-keystone20:24
lbragstadbreton: thanks - those look good20:26
*** tobberydberg has quit IRC20:27
*** tobberyd_ has joined #openstack-keystone20:27
*** sjain___ has quit IRC20:28
*** raildo has quit IRC20:32
*** chlong_ has joined #openstack-keystone20:44
*** thorst_ has quit IRC20:55
*** thorst has joined #openstack-keystone20:57
*** jmlowe has quit IRC21:01
*** thorst has quit IRC21:01
*** jsavak has quit IRC21:01
*** aojea has joined #openstack-keystone21:01
*** aojea has quit IRC21:06
*** chlong_ has quit IRC21:18
*** rderose has quit IRC21:18
*** aojea has joined #openstack-keystone21:21
*** rderose has joined #openstack-keystone21:22
*** rderose has quit IRC21:24
*** rderose_ has joined #openstack-keystone21:24
*** edmondsw has quit IRC21:31
*** thorst has joined #openstack-keystone21:31
*** edmondsw has joined #openstack-keystone21:33
openstackgerritMerged openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/47794621:35
*** thorst has quit IRC21:35
*** edmondsw has quit IRC21:38
*** rderose_ has quit IRC22:04
*** rderose has joined #openstack-keystone22:04
*** rderose_ has joined #openstack-keystone22:05
*** rderose has quit IRC22:05
openstackgerritKelly Hall proposed openstack/keystone master: Trims whitespace from request headers  https://review.openstack.org/47042522:07
*** aojea has quit IRC22:09
*** rderose_ has quit IRC22:10
*** aojea has joined #openstack-keystone22:10
*** edmondsw has joined #openstack-keystone22:11
*** aojea has quit IRC22:14
*** edmondsw has quit IRC22:16
openstackgerritKelly Hall proposed openstack/keystone master: Trims whitespace from request headers  https://review.openstack.org/47042522:18
*** bknudson has quit IRC22:23
*** ayoung has quit IRC22:45
*** rcernin has quit IRC22:45
openstackgerritGage Hugo proposed openstack/keystone master: Update security compliance documentation  https://review.openstack.org/47935722:47
*** thorst has joined #openstack-keystone23:12
*** thorst has quit IRC23:12
*** ducttape_ has quit IRC23:12
*** thorst has joined #openstack-keystone23:19
*** ducttape_ has joined #openstack-keystone23:23
*** hemna is now known as assbutt23:25
*** assbutt is now known as buttass23:26
*** buttass is now known as butt23:26
*** ducttape_ has quit IRC23:28
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031723:40
*** hoonetorg has quit IRC23:47
*** catintheroof has quit IRC23:47
« Tuesday, 2017-07-04 Index Thursday, 2017-07-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!