Friday, 2017-07-07

« Thursday, 2017-07-06 Index Saturday, 2017-07-08 »
*** ductta___ has quit IRC00:08
*** thorst has joined #openstack-keystone00:23
*** thorst has quit IRC00:26
*** zhurong has joined #openstack-keystone00:44
*** Shunli has joined #openstack-keystone00:52
*** lbragstad has quit IRC00:56
*** tobberydberg has joined #openstack-keystone01:01
*** tobberydberg has quit IRC01:06
*** thorst has joined #openstack-keystone01:06
*** lbragstad has joined #openstack-keystone01:10
*** ChanServ sets mode: +o lbragstad01:10
*** liujiong has joined #openstack-keystone01:34
*** CowboyPride has quit IRC01:43
openstackgerritLance Bragstad proposed openstack/keystone master: Gear documentation towards a wider audience  https://review.openstack.org/47667602:01
openstackgerritLance Bragstad proposed openstack/keystone master: Move caching docs into admin-guide  https://review.openstack.org/47767802:10
lbragstadstevemar: morgan fixed and rebased ^02:11
*** aselius has quit IRC02:12
openstackgerritLance Bragstad proposed openstack/keystone master: Move upgrade documentation to admin-guide  https://review.openstack.org/48138102:19
*** gyee has quit IRC02:23
openstackgerritLance Bragstad proposed openstack/keystone master: Move upgrade documentation to admin-guide  https://review.openstack.org/48138102:28
openstackgerritLance Bragstad proposed openstack/keystone master: More performance documentation to admin-guide  https://review.openstack.org/48138302:37
*** xuhaigang has quit IRC02:50
*** lucasxu has joined #openstack-keystone02:53
openstackgerritMerged openstack/keystone master: Removed apache-httpd guide from docs  https://review.openstack.org/47763202:57
openstackgerritzhengliuyang proposed openstack/keystone master: Confusing log messages in project hierarchy checking  https://review.openstack.org/48096702:58
*** lucasxu has quit IRC02:59
*** gagehugo has quit IRC03:00
*** gagehugo has joined #openstack-keystone03:03
*** thorst has joined #openstack-keystone03:07
*** chlong_ has quit IRC03:08
*** chlong_ has joined #openstack-keystone03:09
openstackgerritLance Bragstad proposed openstack/keystone master: More performance documentation to admin-guide  https://review.openstack.org/48138303:11
*** thorst has quit IRC03:13
*** chlong_ has quit IRC03:17
*** chlong_ has joined #openstack-keystone03:18
*** gagehugo has quit IRC03:25
*** Shunli has quit IRC03:25
*** Shunli has joined #openstack-keystone03:26
*** gagehugo has joined #openstack-keystone03:27
openstackgerritLance Bragstad proposed openstack/keystone master: Remove policy mapping documentation  https://review.openstack.org/48139503:30
*** Shunli has quit IRC03:54
*** Shunli has joined #openstack-keystone03:55
openstackgerritLance Bragstad proposed openstack/keystone master: Move development environment setup to contributor docs  https://review.openstack.org/48140504:00
openstackgerritLance Bragstad proposed openstack/keystone master: Consolidate LDAP documentation into admin-guide  https://review.openstack.org/47820604:02
*** gagehugo has quit IRC04:02
*** gagehugo has joined #openstack-keystone04:03
*** thorst has joined #openstack-keystone04:09
*** thorst has quit IRC04:14
*** lbragstad has quit IRC04:14
*** links has joined #openstack-keystone04:29
*** faizy has joined #openstack-keystone04:42
openstackgerritMerged openstack/keystone master: Gear documentation towards a wider audience  https://review.openstack.org/47667604:47
*** liujiong is now known as liujiong|away04:52
*** zzzeek has joined #openstack-keystone04:55
*** zzzeek has quit IRC04:56
*** aojea has joined #openstack-keystone05:01
*** zzzeek has joined #openstack-keystone05:02
*** zzzeek has quit IRC05:02
*** zzzeek has joined #openstack-keystone05:04
*** zzzeek has quit IRC05:04
*** aojea has quit IRC05:06
*** zzzeek has joined #openstack-keystone05:08
*** tobberydberg has joined #openstack-keystone05:08
*** zzzeek has quit IRC05:09
*** zzzeek has joined #openstack-keystone05:10
*** zzzeek has quit IRC05:16
*** thorst has joined #openstack-keystone05:21
*** zzzeek has joined #openstack-keystone05:22
*** zzzeek has quit IRC05:23
*** thorst has quit IRC05:25
openstackgerritMerged openstack/keystone master: Update security compliance documentation  https://review.openstack.org/47935705:29
*** blake has joined #openstack-keystone05:38
*** zzzeek has joined #openstack-keystone05:40
*** zzzeek has quit IRC05:40
*** rcernin has joined #openstack-keystone05:46
*** markvoelker has quit IRC05:50
*** markvoelker has joined #openstack-keystone05:51
*** ianw is now known as ianw_pto05:55
*** markvoelker has quit IRC05:55
*** aojea has joined #openstack-keystone05:57
*** aojea has quit IRC05:59
*** aojea has joined #openstack-keystone05:59
*** junbo has quit IRC06:01
*** zzzeek has joined #openstack-keystone06:02
*** blake has quit IRC06:02
*** aojea has quit IRC06:13
*** zzzeek has quit IRC06:17
*** blake has joined #openstack-keystone06:21
*** blake has quit IRC06:24
*** liujiong|away is now known as liujiong06:26
*** timburke has quit IRC06:37
*** htruta has quit IRC06:38
*** charz has quit IRC06:38
*** Adobeman has quit IRC06:38
*** timburke has joined #openstack-keystone06:38
*** charz has joined #openstack-keystone06:39
*** Adobeman has joined #openstack-keystone06:39
*** rha has quit IRC06:41
*** htruta has joined #openstack-keystone06:42
*** rha has joined #openstack-keystone06:45
*** rha has quit IRC06:45
*** rha has joined #openstack-keystone06:45
*** liujiong has quit IRC07:01
*** tesseract has joined #openstack-keystone07:17
*** aojea has joined #openstack-keystone07:21
*** thorst has joined #openstack-keystone07:21
*** thorst has quit IRC07:27
*** markvoelker has joined #openstack-keystone07:51
*** zzzeek_ has quit IRC08:00
*** zzzeek has joined #openstack-keystone08:00
*** david-lyle has quit IRC08:19
*** david-lyle has joined #openstack-keystone08:19
*** markvoelker has quit IRC08:26
*** faizy has quit IRC09:04
*** faizy has joined #openstack-keystone09:05
*** tobberyd_ has joined #openstack-keystone09:06
*** tobberydberg has quit IRC09:10
*** tobberyd_ has quit IRC09:11
*** markvoelker has joined #openstack-keystone09:23
*** thorst has joined #openstack-keystone09:23
*** thorst has quit IRC09:28
*** Shunli has quit IRC09:29
*** aloga has quit IRC09:38
*** aloga has joined #openstack-keystone09:38
*** openstackgerrit has quit IRC09:48
*** markvoelker has quit IRC09:56
*** jmlowe_ has joined #openstack-keystone10:10
*** jmlowe has quit IRC10:11
*** raies has joined #openstack-keystone10:25
raiesAnybody around, is keystone policy API implementation is an alternate to download policy.json (or policy in code) using API ?10:25
*** zhurong has quit IRC10:46
*** markvoelker has joined #openstack-keystone10:53
*** thorst has joined #openstack-keystone11:00
*** thorst has quit IRC11:05
*** markvoelker has quit IRC11:26
*** openstackgerrit has joined #openstack-keystone11:31
openstackgerritbhavani proposed openstack/keystone master: Stop using deprecated 'message' attribute in Exception  https://review.openstack.org/48158811:31
*** markvoelker has joined #openstack-keystone11:44
*** pcaruana has joined #openstack-keystone11:49
*** jsavak has joined #openstack-keystone11:55
*** thorst has joined #openstack-keystone11:56
*** aojea has quit IRC11:57
*** jsavak has quit IRC12:03
*** raildo has joined #openstack-keystone12:03
*** jsavak has joined #openstack-keystone12:03
*** aojea has joined #openstack-keystone12:15
*** aojea has quit IRC12:19
*** edmondsw has joined #openstack-keystone12:21
*** aojea has joined #openstack-keystone12:24
*** aojea has quit IRC12:28
*** faizy has quit IRC12:28
*** catintheroof has joined #openstack-keystone12:40
*** chlong_ has quit IRC12:43
*** ducttape_ has joined #openstack-keystone12:59
*** lucasxu has joined #openstack-keystone12:59
*** ducttape_ has quit IRC13:01
*** links has quit IRC13:06
cmurphywhat's the difference between the admin guide and the operator guide? i'm wondering why https://review.openstack.org/#/c/477678 goes to the admin guide and not the operator guide13:07
samueldmqcmurphy: I asked myself the same question yesterday while hitting the sack13:09
samueldmqadmin == operator returned true for me13:09
cmurphywell - in my mind they're not 100% the same13:09
cmurphyoperator is the person deploying the thing13:09
samueldmqand admin is the person maintaining the thing?13:09
cmurphyadministrator is an API user doing administrator tasks13:09
samueldmqhmm13:10
samueldmqlike adding hypervisors?13:10
cmurphyya maybe13:10
cmurphyor adding users13:10
samueldmqcmurphy: makes sense13:10
cmurphybut idk if that's just in my brain or if that has basis in reality13:10
samueldmqthose different docs existed already in the openstack-manual repos, correct?13:10
samueldmq++ we can probably ask asettle13:11
cmurphyor sjain13:11
*** zhurong has joined #openstack-keystone13:24
*** aojea has joined #openstack-keystone13:27
*** bknudson has joined #openstack-keystone13:30
*** aojea has quit IRC13:31
*** aojea has joined #openstack-keystone13:31
*** Dinesh_Bhor has quit IRC13:32
raiesis there any way in keystone, where I can download keystone rbac policies (policy.json items) using API ?13:42
raiesI can see some policy APIs are implemented in keystone but not sure how they work.13:43
raiescan someone guide me if these policy APIs are used to download rbac policy ?13:44
*** jsavak has quit IRC13:47
*** jsavak has joined #openstack-keystone13:54
*** dansmith is now known as superdan13:55
*** sjain has joined #openstack-keystone14:08
*** chlong_ has joined #openstack-keystone14:08
*** jsavak has quit IRC14:11
samueldmqraies: hi, no those APIs are not used for downloading the policies in openstack deployments14:26
samueldmqthey were created as a way to allow for that, but the implementation hasnt gone too far than that14:26
*** zhurong has quit IRC14:26
samueldmqfor several reasons, but there are cross-project changes happening to the way policies are managed within openstack14:27
samueldmqthere are policy weekly meetings on Wed 16h00 UTC14:28
samueldmq#link http://eavesdrop.openstack.org/#Keystone_Policy_Meeting14:28
raiesyes i was supposed to join this but couldn't get time to join it.14:29
*** aselius has joined #openstack-keystone14:30
raiessamueldmq: Few weeks back I had submitted one blueprint specs and implementation - https://review.openstack.org/#/c/463547/14:32
raiesthis was to download/GET keystone rbac policy info.14:33
raiesthere was comment over this patch about this is already done14:34
raiesbut as u said it is not functional so far.14:34
raiesayoung: samueldmq: Just to give some background, OpenStack Patrole is tempest plugin14:35
raiesthere is a limitation of patrole that it can't be run from remote machine14:36
raiesbecause it needs API rbac action to be parsed from controller node (or where /etc/policy.json file exists)14:37
raiesSo to make it functional, I had proposed bp here so that we can get policy information on a remote machine14:38
raiesif these is any way  to get rbac policy information on a remote machine please suggest ? otherwise we will require a API implementation to GET policy information on  remote machine.14:39
*** ducttape_ has joined #openstack-keystone14:39
raiessamueldmq: ayoung: please sugest ^^14:39
raies**suggest14:39
samueldmqraies: sorry I need to go afk for a bit, will be back in a bit14:44
*** lbragstad has joined #openstack-keystone14:45
*** ChanServ sets mode: +o lbragstad14:45
raiessamueldmq: okay np14:49
openstackgerritLance Bragstad proposed openstack/keystone master: Move upgrade documentation to admin-guide  https://review.openstack.org/48138114:50
ayoungraies, I've given up.  I provided a whole solution.  But cannot get the support I need to implement in a timely manner.14:50
ayoungraies, but Patrole has the potential to do far more harm than good if it locks us into poor security decisions.  Keep that in mind as you move forward.14:51
*** catintheroof has quit IRC14:52
*** catintheroof has joined #openstack-keystone14:53
*** ppiela has quit IRC14:56
raiesayoung: ok14:56
*** catinthe_ has joined #openstack-keystone14:56
raiesayoung: any alternate suggestion for this ?14:59
*** catintheroof has quit IRC14:59
bknudsonshould openstack have a centralized authorization service?15:00
*** lucasxu has quit IRC15:04
*** rcernin has quit IRC15:06
*** catintheroof has joined #openstack-keystone15:06
*** catinthe_ has quit IRC15:09
*** zzzeek_ has joined #openstack-keystone15:17
*** zzzeek_ has quit IRC15:17
morganbknudson: unknown15:23
*** aojea has quit IRC15:24
*** sjain has quit IRC15:29
*** raies has quit IRC15:32
openstackgerritMerged openstack/keystonemiddleware master: Change locations of docs for intersphinx  https://review.openstack.org/48047415:32
*** catinthe_ has joined #openstack-keystone15:35
*** catintheroof has quit IRC15:36
openstackgerritMerged openstack/ldappool master: Switch from oslosphinx to openstackdocstheme  https://review.openstack.org/47920815:46
*** gyee has joined #openstack-keystone15:58
morganbknudson: i don't know if it makes sense to continue having a central authz/authn service15:58
morganbknudson: it really would be easier to oauth/oidc natively for the APIs15:59
morganand lean on the IDP to do the work15:59
bknudsonidp for authorization?15:59
morganidp can hand off group data etc15:59
morganthe app can be configured to map authz for it16:00
bknudsonsure, but then need to determine if the user can perform the op on the other service16:00
morganmove towards more normalized IDP/SP model16:00
morganbut i think that is a convo we can't really have in all seriousness16:00
morganbecause how far we are down the path we are =/16:00
morganbut *eh*16:00
* morgan shrugs.16:00
*** aojea has joined #openstack-keystone16:00
bknudsonopenstack has special case of tenancy, so not sure where that should live16:00
bknudsonshould be doing consul or something for service discovery16:01
*** aojea has quit IRC16:02
*** jmlowe_ has quit IRC16:05
*** sjain has joined #openstack-keystone16:13
*** aojea has joined #openstack-keystone16:13
*** thorst has quit IRC16:15
*** catinthe_ has quit IRC16:19
*** catintheroof has joined #openstack-keystone16:19
morgani like something like consul16:20
morganbut thats just me16:20
morganagain... a bit far down this path16:20
bknudsonmaybe there's a migration path where keystone queries consul...16:21
bknudson(a consul backend for catalog)16:22
*** aojea has quit IRC16:23
morganbknudson: i wanted to do that for the catalog16:25
morganany service can register with consul16:25
morganand keystone just represents that for compat reasons16:25
*** otleimat has joined #openstack-keystone16:35
lbragstadbknudson: morgan that's an interesting idea16:38
openstackgerritEric Fried proposed openstack/keystoneauth master: normalize_version_number([1]) => (1, 0) and docs  https://review.openstack.org/48130916:38
lbragstadso keystone would only be around to serve as the authority for project information and the catalog?16:38
morganlbragstad: yep16:46
morganlbragstad: that was something i wanted to do ages ago16:46
morganZK would also work, consul is a little better at it though16:46
lbragstadit would be an interesting exercise to map out the migratin16:47
lbragstadmigration*16:47
morganthe migration was pretty straightforward16:48
morgandriver for keystone16:48
morganKSM does the register16:48
morganfor the services16:49
morganand we expect a certain data type/set to know the registry16:49
morganerm know the registration16:50
morganwe could also use the is the connection active to enable/disable things in the catalog...an yway16:51
morganalso i think consul has a DNS front end on it16:51
morgan*shrug*16:51
*** jmlowe has joined #openstack-keystone16:52
openstackgerritLance Bragstad proposed openstack/keystone master: Consolidate LDAP documentation into admin-guide  https://review.openstack.org/47820616:53
openstackgerritMerged openstack/keystonemiddleware master: Switch from oslosphinx to openstackdocstheme  https://review.openstack.org/47920616:56
openstackgerritMerged openstack/keystoneauth master: Switch from oslosphinx to openstackdocstheme  https://review.openstack.org/47919116:59
asettlecmurphy and samueldmq - the ops guide and admin guide do contain a lot of practical similarities as you have noticed17:03
asettleBut the guides themselves differ between the theoretical and practical application of administration and operations17:04
asettleWe are very aware of the similarities17:04
*** jmlowe has quit IRC17:10
samueldmqasettle: kk. is there a description anywhere about those different audiences ? what an operator is VS what an admin is ?17:18
asettlesamueldmq: I wouldn't go as far as calling them different audiences. They are different guides for differing requirements.17:19
asettleAdministration is aimed at practical applications of operations17:19
asettleAnd the operations guide was aimed at theoretical side of operations17:19
asettleYOu can read the description on docs.openstack.org (each guide has a description underneath the link(17:19
samueldmqasettle: cool, I will take a better look there17:21
samueldmqwe need a clear understanding of that before we decide what goes where17:21
samueldmqthanks for sharing17:22
*** dave-mccowan has joined #openstack-keystone17:24
*** links has joined #openstack-keystone17:25
*** jmlowe has joined #openstack-keystone17:25
*** links has quit IRC17:29
*** links has joined #openstack-keystone17:30
*** ducttape_ has quit IRC17:31
cmurphythanks asettle17:34
*** links has quit IRC17:36
*** aojea has joined #openstack-keystone17:37
*** aojea has quit IRC17:41
*** sjain has quit IRC17:44
openstackgerritKelly Hall proposed openstack/keystone master: Trims whitespace from request headers  https://review.openstack.org/47042517:44
openstackgerritMerged openstack/keystone master: Switch from oslosphinx to openstackdocstheme  https://review.openstack.org/47918817:46
*** sjain_ has joined #openstack-keystone17:49
*** thorst has joined #openstack-keystone17:49
*** thorst has quit IRC17:52
*** thorst has joined #openstack-keystone17:52
*** bit_lySLH2uSZHed has joined #openstack-keystone18:00
*** bit_lySLH2uSZHed has left #openstack-keystone18:02
*** ducttape_ has joined #openstack-keystone18:03
*** sjain_ has quit IRC18:20
*** tesseract has quit IRC18:21
*** amyge_ has joined #openstack-keystone18:22
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031718:26
amyge_hi, I have a question about how to cache the token for keystone. I code in python. I generate the token plugin from the token I import then generate the session with that plugin,and cache the session and plugin. But when I try plugin.get_access(session).auth_token, I see that the auth_token is different from the one I import18:29
amyge_just wondering what's the right way to cache the token in keystone?18:30
*** chlong_ has quit IRC18:40
morganamyge_: so .get_access will get a new token if the plugin doesn't have a token18:41
morganthat is likely what is happening18:41
morganyou would need to pass the token in (not sure how that is working atm) if you want to use the token itself.18:41
morganthat you have previously used.18:41
morganerm, generated18:42
amyge_I pass the token in as one of the arguments to create the plugin18:50
morganhm. well either the token is expiring (they have a short window of life relatively speaking), we have a bug, or the construction of the plugin isn't being done like you expect18:50
amyge_but I test as soon as I create a new token...which I think should last for at least an hour right?18:51
morganshould.18:52
amyge_so basically {"token": mytoken} is passed in to keystoneauth1.identity.Token()18:52
amyge_and I generate session with keystoneauth1.session.Session(auth=plugin, ...)18:53
amyge_and I just cache the plugin and session18:53
morganright18:53
amyge_but when I try plugin.get_access(session).auth_token18:54
morganoh18:54
morganhm.18:54
morganlet me see what .get_access does18:54
morganthat might always get a new token18:55
amyge_yeah sure. I'm not sure if I do it wrong18:55
morganhm.18:56
morgani think something is creating a new auth_ref18:56
morgansomehow18:56
morgan.get_access would get a new auth_ref (and new token) if needed18:56
amyge_is that because my token is not valid?18:57
morganso, i think what is happening is you are in a state that the token has been deemed invalid...somehow18:57
morganor it's using your current token to get a new token18:57
morganwhich is what the token plugin is typically used for.18:57
morganbut passing the token in should do what you expect afaict at first glance18:57
openstackgerritKelly Hall proposed openstack/keystone master: Trims whitespace from request headers  https://review.openstack.org/47042518:58
amyge_oh okay.18:58
amyge_does this relate to some default setting?18:58
amyge_to not use the token passed in but instead, generate a new one?18:59
morgannot sure19:02
morganhonestly, i'm trying to context switch to think about what is happening19:02
amyge_kk~19:04
morganwhen you create the plugin with everything19:07
morgancheck what plugin.auth_ref is19:08
morganif that is not populated, it will get a new token19:08
*** bit_lySLH2uSZHed has joined #openstack-keystone19:08
*** bit_lySLH2uSZHed has left #openstack-keystone19:08
amyge_let me check19:09
morganthe Token plugin is specifically for authenticating with a known token, so it is almost assured that it is doing the right thing19:10
morganit is taking the toke you supplied and getting a new one19:10
morganand populating auth_ref19:10
amyge_yeah it returns 'None'19:10
amyge_do you mean that it will still generate a new token even if I pass in one?19:11
morganin this case.19:12
amyge_but am I able to cache that new token? or every time it will take the token and generate a new one from it?19:12
morganno it will not generate a new token unless it's expired *or* you don't have an auth_ref19:13
morgansee https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/base.py#L91-L11119:13
*** aojea has joined #openstack-keystone19:13
morgannow. that being said, using Token auth, once your original token expires it cannot re-auth19:13
morganlike Password could19:14
morganthe session already caches a generated token19:14
morgans/session/plugin19:14
amyge_I see. so if I create another client object, it will still get the cached token as long as it's not expired right?19:15
morganas long as you use the same session/plugin19:16
morganin theory you can use the same plugin across multiple sessions, just like you can use the same session in multiple clients19:16
amyge_okay I see.~ I will try and ask questions again if I have any19:17
amyge_thanks for the help!19:18
morgansure!19:18
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add history behind why keystone has two ports  https://review.openstack.org/47670319:19
morganrebased that19:19
morganit was being wonky19:19
*** ayoung has quit IRC19:19
morganneeded help19:19
*** ducttap__ has joined #openstack-keystone19:23
*** ducttape_ has quit IRC19:27
*** ducttape_ has joined #openstack-keystone19:30
*** ducttap__ has quit IRC19:32
*** amyge_ has quit IRC19:43
*** ayoung has joined #openstack-keystone19:55
*** catinthe_ has joined #openstack-keystone19:56
*** ppiela has joined #openstack-keystone19:58
*** catintheroof has quit IRC19:59
*** jmlowe has quit IRC20:00
*** amyge has joined #openstack-keystone20:04
amyge@morgan my original idea was to use only one token per user, so that it won't generate new token everytime when I run a new scenario and have a new osclient20:04
amygebut now, although the sess20:05
amygebut now, although the session cache the token and use it for other clients, when I run a new scenario, it will create a new session and will have to generate a new token20:06
morganyou could create a single plugin per scenario, which should only auth once unless it gets invalidated20:06
morganyeah20:06
morganthat is the case.20:06
morganit is safest, per scenario, to use a new token20:06
morganit means that if an invalidation of that token is being tested, it can succeed - it also means you're isolating a token to a single use20:07
*** ducttape_ has quit IRC20:07
morganthat is the safest testing scenario... that said, i get whyu somone would want to re-use a token20:07
morganyou could (possibly) deep_copy the auth_ref and just attach it to a new pluin20:07
morganplugin*20:07
morganauth_ref *is* a public interface on the plugin20:08
amygeI see20:09
amygeso if I want to try shell script, is it also possible to use one token per scenario?20:10
morganah you'd need to do it in python in this case20:11
ayoungamyge, you can save the token to a file and reuse it for the next call20:11
ayoungor put it in an env var really the better option20:12
morganayoung: oh right we can populate with the ENV20:13
amyge@ayoung you mean the "openstack --os-token" command?20:13
morgani was thinking strictly from within python itself20:13
ayoungamyge, yeah, or the comparable envvar20:14
morganamyge: yep20:14
amygewhat do you mean by "comparable envvar"?20:14
ayoung--os-token <auth-token>20:14
ayoung                        With token_endpoint: The token that will always be20:14
ayoung                        used With token_endpoint: Authentication token to use20:14
ayoung                        With v2token: Token With admin_token: The token that20:14
ayoung                        will always be used With v3scopedsaml: Token to20:14
ayoung                        authenticate with With token: Token to authenticate20:14
ayoung                        with With v3token: Token to authenticate with (Env:20:14
ayoung                        OS_TOKEN)20:14
morganamyge: openstackclient has OS_TOKEN env-var option as well20:14
ayoungso you need --os-endpoint <auth-endpoint>20:14
ayoung                        With token_endpoint: The endpoint that will always be20:14
ayoung                        used With admin_token: The endpoint that will always20:14
ayoung                        be used (Env: OS_ENDPOINT)20:14
morganif you don't want it on the command-line20:15
*** ducttape_ has joined #openstack-keystone20:15
ayoungset it once per scenario...or run each scenario in their own bash session20:15
ayoungos token issue --<all the vars>20:15
morganif you pass a os-token you don't have a catalog20:15
morganso the --os-endpoint is required20:15
ayoungund so wieder20:15
amygesorry I think I'm not following20:16
amygeif I store the token OS_TOKEN and passed it in, how can I set it once per scenario?20:17
amygeand I will also have to specify --os-endpoint?20:17
amygepass*20:18
openstackgerritEric Fried proposed openstack/keystoneauth master: normalize_version_number([1]) => (1, 0) and docs  https://review.openstack.org/48130920:23
*** markvoelker has quit IRC20:27
*** markvoelker has joined #openstack-keystone20:27
*** catinthe_ has quit IRC20:39
openstackgerritEric Fried proposed openstack/keystoneauth master: Fix _run_discovery caching; misc cleanup  https://review.openstack.org/48175420:39
ayoungamyge, nah, you want one or the other20:40
ayoungamyge, unset everything OS_*20:41
ayoungthen use openstack token issue with only command line flags to actually get the token:20:41
ayoungexport OS_TOKEN=`openstack token issue  --os-auth-url X --os-user-doamain-name X  ..."20:42
ayoungthen export OS_ENDPOINT=<OS_AUTH_URL>20:42
ayoungand from there on out, openstack commands should be scoped to the token you go.20:42
ayoungif you do all of that in one bash script per scenario, when the script exits, none of your info will bleed over into other scenarios20:43
ayoungKapishe?20:43
amygeI see, will try now20:53
amygethanks adam and also morgan ^^20:54
*** ducttape_ has quit IRC21:09
*** ducttape_ has joined #openstack-keystone21:09
amyge@ayoung if I have 10 commands in my script, will it create 10 new scoped token from the token I pass in? or is it gonna use the same original one?21:14
*** thorst has quit IRC21:16
*** ducttape_ has quit IRC21:24
*** raildo has quit IRC21:25
*** catintheroof has joined #openstack-keystone21:33
*** edmondsw has quit IRC21:34
*** thorst has joined #openstack-keystone21:38
*** thorst has quit IRC21:38
*** dave-mccowan has quit IRC21:41
*** iurygregory has quit IRC21:41
*** iurygregory has joined #openstack-keystone21:44
*** openstackgerrit has quit IRC21:47
*** openstackgerrit has joined #openstack-keystone21:49
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031721:49
*** thorst has joined #openstack-keystone21:50
*** openstackstatus has quit IRC21:56
*** openstack has joined #openstack-keystone21:57
*** thorst has quit IRC21:57
*** ducttape_ has joined #openstack-keystone21:57
*** openstackstatus has joined #openstack-keystone21:58
*** ChanServ sets mode: +v openstackstatus21:58
*** aojea has quit IRC22:00
*** zzzeek_ has joined #openstack-keystone22:08
*** zzzeek_ has quit IRC22:09
*** zzzeek_ has joined #openstack-keystone22:14
*** zzzeek_ has quit IRC22:14
*** zzzeek_ has joined #openstack-keystone22:14
*** zzzeek_ has quit IRC22:15
*** bknudson has quit IRC22:15
*** zzzeek_ has joined #openstack-keystone22:19
*** zzzeek_ has quit IRC22:24
*** zzzeek_ has joined #openstack-keystone22:29
*** zzzeek_ has quit IRC22:30
*** zzzeek_ has joined #openstack-keystone22:31
*** zzzeek- has joined #openstack-keystone22:33
*** zzzeek_ has quit IRC22:35
*** zzzeek- has quit IRC22:41
*** catintheroof has quit IRC22:42
*** jmlowe has joined #openstack-keystone23:07
openstackgerritOmar Tleimat proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031723:11
*** zzzeek_ has joined #openstack-keystone23:17
*** zzzeek_ has quit IRC23:21
*** zzzeek_ has joined #openstack-keystone23:21
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Add project tags  https://review.openstack.org/47031723:22
*** ducttape_ has quit IRC23:38
*** ducttape_ has joined #openstack-keystone23:47
*** jmlowe has quit IRC23:48
*** jmlowe has joined #openstack-keystone23:50
*** thorst has joined #openstack-keystone23:57
« Thursday, 2017-07-06 Index Saturday, 2017-07-08 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!