Wednesday, 2017-07-26

« Tuesday, 2017-07-25 Index Thursday, 2017-07-27 »
*** aojea has joined #openstack-keystone00:06
*** jrist has quit IRC00:07
*** aojea has quit IRC00:10
*** aojea has joined #openstack-keystone00:15
*** aojea has quit IRC00:19
*** markvoelker has quit IRC00:20
*** edmondsw has joined #openstack-keystone00:20
*** jrist has joined #openstack-keystone00:21
*** aojea has joined #openstack-keystone00:24
*** edmondsw has quit IRC00:25
*** thorst has joined #openstack-keystone00:29
*** aojea has quit IRC00:29
*** ducttape_ has joined #openstack-keystone00:33
*** aojea has joined #openstack-keystone00:33
*** thorst has quit IRC00:33
*** markvoelker has joined #openstack-keystone00:35
*** aojea has quit IRC00:37
*** aojea has joined #openstack-keystone00:42
*** aojea has quit IRC00:47
*** ducttape_ has quit IRC00:50
*** aojea has joined #openstack-keystone00:51
*** aojea has quit IRC00:55
*** thorst has joined #openstack-keystone00:59
*** aojea has joined #openstack-keystone01:00
*** aojea has quit IRC01:05
*** ducttape_ has joined #openstack-keystone01:06
*** thorst has quit IRC01:07
*** aojea has joined #openstack-keystone01:09
*** aojea has quit IRC01:14
*** ducttape_ has quit IRC01:15
*** aojea has joined #openstack-keystone01:18
*** lucasxu has joined #openstack-keystone01:22
*** aojea has quit IRC01:23
*** lucasxu has quit IRC01:24
*** aojea has joined #openstack-keystone01:27
*** harlowja has quit IRC01:29
*** aojea has quit IRC01:32
*** Shunli has joined #openstack-keystone01:32
*** aojea has joined #openstack-keystone01:36
*** aojea has quit IRC01:41
*** aojea has joined #openstack-keystone01:46
*** aojea has quit IRC01:50
*** aojea has joined #openstack-keystone01:55
*** aojea has quit IRC01:59
*** aojea has joined #openstack-keystone02:04
*** aojea has quit IRC02:08
*** edmondsw has joined #openstack-keystone02:08
*** otleimat has quit IRC02:11
*** aojea has joined #openstack-keystone02:13
*** edmondsw has quit IRC02:13
*** aojea has quit IRC02:17
*** prashkre has joined #openstack-keystone02:38
*** aojea has joined #openstack-keystone02:40
*** aojea has quit IRC02:45
*** aojea has joined #openstack-keystone02:49
*** aojea has quit IRC02:53
*** prashkre has quit IRC02:56
*** aojea has joined #openstack-keystone02:58
*** aojea has quit IRC03:02
*** aojea has joined #openstack-keystone03:07
*** aojea has quit IRC03:11
*** aojea has joined #openstack-keystone03:16
*** aojea has quit IRC03:21
*** aojea has joined #openstack-keystone03:25
*** zsli_ has joined #openstack-keystone03:26
*** Shunli has quit IRC03:28
*** zsli_ has quit IRC03:30
*** aojea has quit IRC03:30
*** links has joined #openstack-keystone03:30
*** links has quit IRC03:30
*** aojea has joined #openstack-keystone03:35
*** aojea has quit IRC03:39
*** aojea has joined #openstack-keystone03:44
*** aojea has quit IRC03:48
*** aojea has joined #openstack-keystone03:53
*** edmondsw has joined #openstack-keystone03:57
*** aojea has quit IRC03:57
*** edmondsw has quit IRC04:01
*** nicolasbock has joined #openstack-keystone04:04
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031704:21
*** deep-book-gk_ has joined #openstack-keystone04:24
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031704:24
*** deep-book-gk_ has left #openstack-keystone04:25
*** oomichi has quit IRC04:29
*** oomichi has joined #openstack-keystone04:30
*** kornicameister has joined #openstack-keystone04:32
*** gongysh has joined #openstack-keystone04:34
*** harlowja has joined #openstack-keystone04:40
*** gongysh has quit IRC04:40
*** thorst has joined #openstack-keystone05:04
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031705:07
*** thorst has quit IRC05:10
*** ducttape_ has joined #openstack-keystone05:11
*** markvoelker has quit IRC05:13
*** ducttape_ has quit IRC05:16
*** harlowja has quit IRC05:39
*** gongysh has joined #openstack-keystone05:40
*** aojea has joined #openstack-keystone05:41
*** edmondsw has joined #openstack-keystone05:45
*** aojea has quit IRC05:46
*** edmondsw has quit IRC05:49
openstackgerritTin Lam proposed openstack/python-keystoneclient master: Add project tags to keystoneclient  https://review.openstack.org/48122305:53
*** prashkre has joined #openstack-keystone05:56
*** Shunli has joined #openstack-keystone05:59
*** rcernin has joined #openstack-keystone06:06
*** aojea has joined #openstack-keystone06:09
*** aojea has quit IRC06:14
*** aojea has joined #openstack-keystone06:18
*** aojea has quit IRC06:23
*** aojea has joined #openstack-keystone06:27
*** thorst has joined #openstack-keystone06:29
*** aojea has quit IRC06:32
*** thorst has quit IRC06:33
*** aojea has joined #openstack-keystone06:36
*** blake has joined #openstack-keystone06:39
*** aojea has quit IRC06:41
*** aojea has joined #openstack-keystone06:45
*** aojea has quit IRC06:50
*** blake has quit IRC06:51
*** aojea has joined #openstack-keystone06:54
*** aojea has quit IRC06:59
*** aojea has joined #openstack-keystone07:03
*** belmoreira has joined #openstack-keystone07:05
*** aojea has quit IRC07:08
*** mvpnitesh has joined #openstack-keystone07:08
*** aojea has joined #openstack-keystone07:13
*** ducttape_ has joined #openstack-keystone07:13
*** markvoelker has joined #openstack-keystone07:14
*** aojea has quit IRC07:14
*** aojea has joined #openstack-keystone07:14
*** ducttape_ has quit IRC07:17
*** phalmos has quit IRC07:23
*** edmondsw has joined #openstack-keystone07:33
*** edmondsw has quit IRC07:37
*** jaosorior has quit IRC07:43
*** dims has quit IRC07:45
*** tobberydberg has joined #openstack-keystone07:48
*** markvoelker has quit IRC07:48
*** dims has joined #openstack-keystone07:49
*** jaosorior has joined #openstack-keystone07:57
*** jaosorior has quit IRC07:58
*** jaosorior has joined #openstack-keystone07:59
*** zsli_ has joined #openstack-keystone08:00
*** jaosorior has quit IRC08:02
*** Shunli has quit IRC08:03
*** jaosorior has joined #openstack-keystone08:03
*** jaosorior has quit IRC08:03
*** jaosorior has joined #openstack-keystone08:04
*** zsli__ has joined #openstack-keystone08:08
*** zsli_ has quit IRC08:11
*** gongysh has quit IRC08:12
*** jaosorior has quit IRC08:13
*** zsli__ has quit IRC08:15
*** aselius has quit IRC08:15
*** Shunli has joined #openstack-keystone08:18
*** zsli_ has joined #openstack-keystone08:23
*** Shunli has quit IRC08:26
*** thorst has joined #openstack-keystone08:30
*** mvpnitesh has quit IRC08:32
*** mvpnitesh has joined #openstack-keystone08:33
*** thorst has quit IRC08:34
*** stevemar has quit IRC08:36
*** stevemar has joined #openstack-keystone08:36
*** markvoelker has joined #openstack-keystone08:45
*** tobberydberg has quit IRC08:49
*** tobberydberg has joined #openstack-keystone08:49
*** jaosorior has joined #openstack-keystone08:53
*** tobberydberg has quit IRC08:54
*** jaosorior has quit IRC09:03
*** tobberydberg has joined #openstack-keystone09:13
*** ducttape_ has joined #openstack-keystone09:14
*** markvoelker has quit IRC09:19
*** john5223_ has quit IRC09:19
*** timburke has quit IRC09:20
*** timburke has joined #openstack-keystone09:20
*** jaosorior has joined #openstack-keystone09:21
*** ducttape_ has quit IRC09:21
*** gongysh has joined #openstack-keystone09:21
*** edmondsw has joined #openstack-keystone09:22
*** iurygregory has quit IRC09:22
*** cristicalin has joined #openstack-keystone09:22
*** odyssey4me has quit IRC09:23
*** iurygregory has joined #openstack-keystone09:24
*** tobberydberg has quit IRC09:25
*** edmondsw has quit IRC09:25
*** tobberydberg has joined #openstack-keystone09:26
*** odyssey4me has joined #openstack-keystone09:27
*** mvpnitesh has quit IRC09:27
*** zsli_ has quit IRC09:28
*** tobberydberg has quit IRC09:30
*** mvk has quit IRC09:31
*** cristicalin has quit IRC09:31
*** aojea has quit IRC09:32
*** aojea has joined #openstack-keystone09:32
*** aojea has quit IRC09:57
*** thorst has joined #openstack-keystone09:58
*** aojea has joined #openstack-keystone09:59
*** mvk has joined #openstack-keystone10:04
*** thorst has quit IRC10:06
*** thorst has joined #openstack-keystone10:07
*** thorst has quit IRC10:11
*** markvoelker has joined #openstack-keystone10:16
*** jaosorior has quit IRC10:38
*** clarkb has quit IRC10:45
*** clarkb has joined #openstack-keystone10:45
*** markvoelker has quit IRC10:48
*** edmondsw has joined #openstack-keystone11:09
*** edmondsw has quit IRC11:13
*** ducttape_ has joined #openstack-keystone11:15
*** ducttape_ has quit IRC11:23
*** markvoelker has joined #openstack-keystone11:45
*** gongysh has quit IRC11:47
*** raildo has joined #openstack-keystone12:01
*** Dinesh_Bhor is now known as Dinesh_Bhor|away12:08
*** Dinesh_Bhor|away is now known as Dinesh_Bhor12:09
*** edmondsw has joined #openstack-keystone12:13
*** chlong has joined #openstack-keystone12:16
*** thorst has joined #openstack-keystone12:16
*** markvoelker has quit IRC12:19
*** catintheroof has joined #openstack-keystone12:21
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add Response class to return request-id to caller  https://review.openstack.org/32991312:21
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3)  https://review.openstack.org/26745612:22
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800312:22
*** markvoelker has joined #openstack-keystone12:28
*** ducttape_ has joined #openstack-keystone12:40
dimsmordred lbragstad : seen this? https://bugs.launchpad.net/keystoneauth/+bug/170653812:42
openstackLaunchpad bug 1706538 in python-troveclient ""ValueError: Expecting a string None" with keystoneauth 3.0.1" [Undecided,New]12:42
*** amrith has joined #openstack-keystone12:43
amrithdims ... here12:43
dimsefried : ^12:43
*** ducttape_ has quit IRC12:45
*** coolsvap has joined #openstack-keystone12:45
*** coolsvap has left #openstack-keystone12:45
amrithok, I have no scrollback, let me go find eavesdrop12:45
amrithor someone can tell me what's transpired so far; who killed whom with what and where12:46
amrithdims, looks like the issue is that we're not sending up an 'expires' in the token request12:47
amrithis that the issue12:47
amrithis this a new thing that keystone wants?12:48
amrithwhy's there no default?12:48
amrithor did I miss something else ... dims ^^12:48
dimsamrith : i haven't looked, just got pointed to the bug report and i added keystoneauth to it12:48
lbragstaddims: checking12:58
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3)  https://review.openstack.org/26745613:00
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add return-request-id-to-caller function(v3/contrib)  https://review.openstack.org/26800313:00
openstackgerritDinesh Bhor proposed openstack/python-keystoneclient master: Add Response class to return request-id to caller  https://review.openstack.org/32991313:00
lbragstadamrith: expires is an attribute of the token itself13:02
lbragstadits strange that its not there, since it always exists in the token reference when keystone issues and validates tokens13:03
*** dave-mccowan has joined #openstack-keystone13:09
mordreddims: I hadn't - but I have now13:15
lbragstadit's because of the mock in troveclient13:15
mordredmorning amrith13:16
mordredAH13:16
amrithg'morning mordred lbragstad13:16
*** dave-mcc_ has joined #openstack-keystone13:16
mordredincomplete mock then perhaps?13:16
lbragstadyeah - i think so?13:17
amrithlbragstad if you have it narrowed down, would you submit a patch13:17
lbragstadworking on a patch now13:17
mordredlbragstad: I feel like maybe we should write up a little doc to tell people how to use the requests_mock mocks of tokens and stuff that are in keystoneauth13:17
amriththx lbragstad13:17
lbragstadv2.0 doesn't have an expires_at attribute https://github.com/openstack/python-troveclient/blob/master/troveclient/tests/test_shell.py#L7713:17
*** dave-mccowan has quit IRC13:19
mordredoh, that reminds me, I need to figure out the intersection of requests_mock and cachecontrol13:19
*** jaosorior has joined #openstack-keystone13:24
lbragstadamrith: https://review.openstack.org/#/c/487417/13:25
lbragstadthat passes for me locally13:25
amrithlooking13:25
amrith@lbragstad change looks fine, if it passes that's great. how come it broke? this line wasn't added recently in the trove client. did something else change?13:31
*** jistr is now known as jistr|mtg13:31
lbragstadamrith: a lot of code in keystoneauth changed with version 313:33
amrithas you can see https://github.com/openstack/python-troveclient/blame/master/troveclient/tests/test_shell.py#L77, this has been around for a while.13:33
amriththat may be, but is this a change that breaks a contract?13:33
lbragstadmy guess is that the ordering of how token expiration is evaluated changed13:33
amrithI'm fine with your fix but if it wasn't given the 1 version grace period, I'm not thrilled with your change13:34
amrithwhat else broke in the same way?13:34
amrithok, trove stubbed its toes on this one, what other things are similar?13:34
amrithme, personally, I'd hold your change will we know what the actual thing is that changed to make this happen.13:35
lbragstadnothing in the contract changed13:35
amriththen why did this happen?13:35
lbragstadit's how python-troveclient built the mock13:35
amrithsorry, I don't follow. was 'expires_at' valid in the past? did it do anything?13:36
amrithwas 'expires_at' deprecated?13:37
lbragstadamrith: no13:38
lbragstadamrith: this is an example authentication response from v2.0 http://paste.openstack.org/show/616582/13:38
lbragstadamrith: this is an example authentication response from v3 http://paste.openstack.org/show/616583/13:39
lbragstadpython-troveclient was using a mock for v2.0 but referencing an expiration attribute only found in v313:39
lbragstadexpires_at in v3 and expires in v2.0 relay the same information13:40
lbragstadthey tell you when the token is going to expire13:40
lbragstadkeystoneauth does some processing to determine if the token being used to talk to keystone is going to expire soon13:41
amrithi'm not following you. here is what I'm seeing, https://bugs.launchpad.net/python-troveclient/+bug/170653813:41
openstackLaunchpad bug 1706538 in python-troveclient ""ValueError: Expecting a string None" with keystoneauth 3.0.1" [Undecided,In progress] - Assigned to Lance Bragstad (lbragstad)13:41
amrithkeystone auth has some code in keystoneauth1/_utils.py which is looking for 'exires'13:41
amrithyes?13:41
amriththat's the reason for this failure13:41
amriththe mock (or something) was giving it expires_at13:41
lbragstadkeystoneauth is looking for expires but the token reference doesn't have that attribute13:42
lbragstadand that is causing the failure13:42
amrithyour v3 paste http://paste.openstack.org/show/616583/ has (at line 33) an expires_at13:42
amrithit has no expires13:42
lbragstadamrith: yes - that's because that's a v3 response13:42
lbragstadwhat python-troveclient is using is v2.013:43
lbragstadwhich is a different API13:43
amrithso how did this test pass in the past?13:43
amrithclearly, for some period of time in the past 3 years, this test has been passing, I think13:43
amrithI get that your fix makes it pass again, I don't understand why/how13:44
amrithit was that it passed in the past and stopped now13:44
amriththere has got to be something else that changed, and I can't see what that is.13:44
*** catintheroof has quit IRC13:44
amrithI get what you are saying, that expires_at is a v3 field and expires is a v2 field.13:44
amrithbut v3 didn't exist 3 years ago when this code was written13:45
amrith(did it?)13:45
lbragstadv3 has been around for that long13:45
*** catintheroof has joined #openstack-keystone13:46
amrithok, so something changed that made this test fail13:46
amrithok, trove's test was wrong13:46
amrithwhat was the other change?13:46
amrithwere there other things that similarly used to work but now don't13:46
amrithI don't know, I'm happy to hold my nose and +2 your change.13:46
amrithjust strikes me as a shortcut13:47
*** jistr|mtg is now known as jistr13:47
lbragstadamrith: something in keystoneauth that moved the logic to check token expiration up a bit somewhere https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/access/access.py#L87-L9813:48
*** catintheroof has quit IRC13:48
lbragstadfwiw - trove has the same exact test for v3 https://github.com/openstack/python-troveclient/blob/555ba5ed690027088358288c9b0252d5a58bdc0d/troveclient/tests/test_shell.py#L33013:48
*** catintheroof has joined #openstack-keystone13:48
lbragstadand it didn't break with the new version of keystoneauth https://github.com/openstack/python-troveclient/blob/555ba5ed690027088358288c9b0252d5a58bdc0d/troveclient/tests/test_shell.py#L24913:48
lbragstadbecause it was using the right token attributes13:49
lbragstadin the mock13:49
amrithlbragstad I would not be so picky if this was a request, but this is a response. in other words in the past, a v2 response was saying expires_at.13:50
amrithis that correct?13:50
amrith(the mocked one)13:50
lbragstadno - v2.0 has never issued expires_at as an attribute of token responses13:50
amrithmy point exactly, some code someplace was ok with this bogus mock13:51
*** catintheroof has quit IRC13:51
*** catintheroof has joined #openstack-keystone13:52
*** rcernin has quit IRC13:54
efriedlbragstad mordred Is it worth making ksa more lenient with missing attrs?  Seems like not - seems like the troveclient test simply suffered from RBB here.13:55
lbragstadefried: expires and expires_at are required attributes of tokens13:56
* amrith listens, doesn't follow efried because this isn't a request attr but a response attr and the failure is *in keystone* invoked by troveclient13:57
efriedamrith I think the point here is that ksa would never give you back that response.13:58
efriedksa would give you a response with `expires`, not `expires_at`.13:58
amrithbut it seemed to be fine with it in the past as part of a response13:58
amrithand didn't fail13:58
efriedLuck :)13:58
amrithand clearly did something with it?13:59
amrithor the test is bogus (also possible)13:59
efriedamrith Right, it may be that the response is now getting funnelled back through ksa in some path that expects the `expires` attr, which wasn't happening before.13:59
efriedamrith Yahyah, I see it.  The point of the test wasn't to validate the auth; it was to validate versions.  So the token setup was incidental, and that token was getting passed back to ksa in order to do the version discovery.  That's when ksa blew up on the invalid token.14:04
efriedWhy it wasn't going through that code path before is an academic question.14:04
*** dave-mcc_ has quit IRC14:05
* amrith wonders14:05
efriedBut certainly ksa3 has changed the get_endpoint plumbing to always go through the new get_endpoint_data.14:05
efriedmordred could probably answer better there.14:06
*** ppiela has left #openstack-keystone14:06
lbragstadthe new version of keystoneauth (3.0.1) ends up actually checking the token to see if it needs to be refreshed14:08
lbragstadhttps://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/base.py#L30414:08
lbragstadcompared to previous versions https://github.com/openstack/keystoneauth/blob/stable/ocata/keystoneauth1/identity/base.py#L16014:08
lbragstadwhich is the difference in how the get_endpoint() method changed with version 3.0.114:09
efriedYup - get_endpoint_data is doing get_project_id, which get_endpoint wasn't doing before.14:09
lbragstadright14:10
lbragstadbecause it's using get_access() it automatically checks if the token needs to be refreshed14:10
efriedlbragstad mordred Is that actually a regression?  Like, before, you could get an endpoint from the catalog (a catalog you already had) without rechecking the token?14:11
lbragstadefried: the older version of get_endpoint() also relied on get_access(), which does the same thing https://github.com/openstack/keystoneauth/blob/stable/ocata/keystoneauth1/identity/base.py#L21214:12
lbragstadwhich means this same thing could have happened ^ if that path was invoked in versions of keystoneauth < 314:14
efriedlbragstad That's interesting; cause get_access didn't change.14:15
lbragstadefried: right - but this case must have not been executed https://github.com/openstack/keystoneauth/blob/stable/ocata/keystoneauth1/identity/base.py#L203-L21614:17
lbragstadotherwise - you would have seen the same failure we saw today14:17
*** aojea has quit IRC14:31
*** otleimat has joined #openstack-keystone14:31
*** ducttape_ has joined #openstack-keystone14:41
prashkreHi. Anyone for core team, could you please review https://review.openstack.org/#/c/485302/ for another +2 and workflow.14:45
*** ducttape_ has quit IRC14:52
*** prashkre has quit IRC14:55
*** blake has joined #openstack-keystone15:00
openstackgerritLance Bragstad proposed openstack/keystone master: Move performance documentation to admin-guide  https://review.openstack.org/48138315:01
openstackgerritOpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements  https://review.openstack.org/48746515:02
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements  https://review.openstack.org/48746615:02
*** ducttape_ has joined #openstack-keystone15:09
lbragstadgagehugo: lamt are tags sanitized in other projects?15:18
lbragstade.g. is `myTag` converted to `mytag`?15:18
lamtlbragstad : nova's tags are case sensitive - that caused some issue in the the implementation15:19
lamtso myTag != mytag for tag name15:19
lbragstadso it's possible to have `myTag` and `mytag` as two separate tags on a project15:20
gagehugoyes15:20
*** rcernin has joined #openstack-keystone15:21
*** jaosorior has quit IRC15:28
*** belmoreira has quit IRC15:29
*** rcernin has quit IRC15:34
*** aselius has joined #openstack-keystone15:36
*** aojea has joined #openstack-keystone15:42
*** aojea has quit IRC15:46
*** efried has quit IRC15:49
*** mvk has quit IRC15:49
*** Drankis has joined #openstack-keystone15:55
*** ducttape_ has quit IRC15:59
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031716:00
*** efried has joined #openstack-keystone16:02
*** tristanC has quit IRC16:03
*** rcernin has joined #openstack-keystone16:03
samueldmqlbragstad: lamt: gagehugo: few more comments in the initial patches for project tags16:04
*** ducttape_ has joined #openstack-keystone16:05
gagehugosamueldmq sure16:05
samueldmqgagehugo: we can remove the id from the table and make tag+project_id the pk for the table, correct?16:05
samueldmqI think we discussed that before16:05
lamtsamueldmq yeah, I think we accidentally patched that back in16:06
gagehugosamueldmq yes, the current PS for db migration got rebased to an old one, fixing that atm16:06
gagehugorebasing 4 patches on top of one another is interesting16:06
lbragstadok - so we don't need the id?16:07
lbragstadwas having the id related to being case sensitive somehow?16:07
*** chlong has quit IRC16:08
gagehugoI don't think so, the main issue we had with case sensitivity was the unicode16:08
samueldmqThe main one is not too far either16:08
samueldmqlbragstad: no16:08
samueldmqSo nice, the first 3 patches are really close then16:08
samueldmqThe main one is not too far either16:08
lbragstadok - good deal16:08
lbragstadi thought i saw a comment somewhere about that16:09
*** harlowja has joined #openstack-keystone16:15
samueldmqlbragstad: let's try to get all the chain approved before we workflow+1 it all at once, if that makes sense16:21
lbragstadsure - that's fine16:22
*** mvk has joined #openstack-keystone16:23
samueldmqgagehugo: lamt: so ... for the project tag implementation16:27
samueldmqI argue we should return the project entity WITH tags from the manager layer already.16:27
samueldmqso we dont need to do it manually all over16:27
samueldmqand the manager will return the full representation of a project (as it does today) with the new attribute (tags)16:28
samueldmqthat should make the code simpler too, see comment inline and let me know what you think16:28
lamtsamueldmq I agree, we found out the hard way there are other things that can return a project entity not under /v3/projects/..., e.g. the endpoint filtering16:29
gagehugothe issue though is domains are weird16:30
lamtso some unit tests failed because of the missing tags=[]16:30
lbragstadknikolla: is there a specific goal you had in mind for https://blueprints.launchpad.net/keystone/+spec/devstack-plugin ?16:30
gagehugobut we could do that16:31
lbragstadknikolla: wondering what to put for the series goal there - since the specification is still ongoing16:31
knikollalbragstad: not really. it's a CI thing, so not really user facing and release specific16:34
lbragstadok - i'll leave it unset then for now16:35
lbragstadstepping away for lunch quick16:37
*** spilla_ has joined #openstack-keystone16:40
*** tristanC has joined #openstack-keystone16:48
openstackgerritRohan Arora proposed openstack/python-keystoneclient master: Add project tags to keystoneclient  https://review.openstack.org/48122316:49
*** blake has quit IRC16:52
samueldmqgagehugo: lamt: domains are projects. so there is no issue on domains inheriting tags too16:55
samueldmqit makes total sense to me16:55
gagehugosome of the logic for domains seemed weird in the manager, but I will take another look16:56
samueldmqnot sure if others think differently, it might be worth it hear from others if you disagree16:56
gagehugoI would think domains can be tagged16:57
samueldmqgagehugo: ok. so imo you should just add the tags, regardless any logic for domains or projects16:57
gagehugook16:57
samueldmqmight be just before the return statement. add the tags and return16:57
samueldmqshould not be hard16:57
*** aojea has joined #openstack-keystone16:58
*** aojea has quit IRC17:02
*** ducttape_ has quit IRC17:06
*** blake has joined #openstack-keystone17:06
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031717:16
openstackgerritGage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags  https://review.openstack.org/48448317:16
openstackgerritGage Hugo proposed openstack/keystone master: Add database migration for project tags  https://review.openstack.org/48445617:16
openstackgerritGage Hugo proposed openstack/keystone master: Add policy for project tags  https://review.openstack.org/48675717:16
mordredefried, lbragstad: reading scrollback17:16
*** prashkre has joined #openstack-keystone17:18
mordredlbragstad, efried: yah - I don't think it's a regression - I think that behavior differences that arise from ways in which people have mocked something incompletely aren't a thing we can possibly deal with17:18
*** ducttape_ has joined #openstack-keystone17:18
mordredefried, lbragstad: HOWEVER - I think that we can definitely give people good reusable ksa mocks (and do already) along with some docs - so that it's not people's job to mock keystoneauth themselves17:19
mordredsince writing mocks that provide appropriate token data, catalogs and discovery data is ... complex17:20
lbragstadmordred: yeah - i would agree with that17:23
lbragstaddocumentation on sound mocks would be a good start17:23
*** spilla_ has quit IRC17:25
*** chlong has joined #openstack-keystone17:25
mordredlbragstad: ++17:25
mordredlbragstad: I can't get to that this week - but I might be able to next week or the week after17:25
lbragstadmordred: understandable17:26
*** chlong has quit IRC17:27
*** chlong has joined #openstack-keystone17:28
*** aojea has joined #openstack-keystone17:31
*** aojea has quit IRC17:32
*** aojea has joined #openstack-keystone17:34
knikollacmurphy: for the broken tempest. the errors seems to have disappeared :/ i see no errors on the logs but it still didn't work.17:35
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Bump application credentials to backlog  https://review.openstack.org/48753317:37
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Bump support for federated attributes to backlog  https://review.openstack.org/48753417:39
*** prashkre has quit IRC17:42
*** harlowja has quit IRC17:46
*** aojea has quit IRC17:47
openstackgerritLance Bragstad proposed openstack/keystone master: Fix typo in index documentation  https://review.openstack.org/47999817:48
openstackgerritEric Fried proposed openstack/keystone master: Fix typo in index documentation  https://review.openstack.org/47999817:52
openstackgerritMerged openstack/keystone master: Added new subsections to developer docs  https://review.openstack.org/47663517:58
openstackgerritKristi Nikolla proposed openstack/keystone master: In the devstack plugin, restart keystone after modifying conf  https://review.openstack.org/48720217:58
openstackgerritMerged openstack/keystone master: Move performance documentation to admin-guide  https://review.openstack.org/48138318:04
openstackgerritMerged openstack/keystone master: Make the devstack plugin more configurable for federation  https://review.openstack.org/48448018:04
*** aojea has joined #openstack-keystone18:16
*** ducttape_ has quit IRC18:27
knikollalbragstad: cmurphy: this time it's really fixed https://review.openstack.org/#/c/487202/18:27
knikollaapache had to be restarted also.18:27
lbragstadknikolla: awesome - looks good18:28
amrithlbragstad https://review.openstack.org/487417 has merged18:29
*** aojea has quit IRC18:30
lbragstadamrith: cool - let me know if you have any other issues with ksa18:31
*** ducttape_ has joined #openstack-keystone18:31
*** ducttape_ has quit IRC18:33
*** ducttape_ has joined #openstack-keystone18:34
amriththx @lbragstad18:41
*** ducttape_ has quit IRC18:41
*** ducttape_ has joined #openstack-keystone18:44
*** prashkre has joined #openstack-keystone18:51
*** aojea has joined #openstack-keystone18:56
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: Remove deprecate default domain id compatibility  https://review.openstack.org/48756118:57
*** aojea has quit IRC19:01
*** dave-mccowan has joined #openstack-keystone19:02
*** dave-mccowan has quit IRC19:04
*** nicolasbock has quit IRC19:06
*** jamiec has quit IRC19:12
openstackgerritSamuel Pilla proposed openstack/python-keystoneclient master: Add project tags to keystoneclient  https://review.openstack.org/48122319:13
*** jamiec has joined #openstack-keystone19:19
*** harlowja has joined #openstack-keystone19:21
*** ducttap__ has joined #openstack-keystone19:24
*** ducttape_ has quit IRC19:24
*** harlowja has quit IRC19:25
*** rcernin has quit IRC19:27
*** bknudson has joined #openstack-keystone19:27
*** bknudson has quit IRC19:28
*** chlong has quit IRC19:43
*** chlong has joined #openstack-keystone19:49
*** chlong has quit IRC19:52
*** chlong has joined #openstack-keystone19:53
prashkresamueldmq: Hi. Could you please review https://review.openstack.org/#/c/485302/?19:55
prashkrebreton:cmurphy: Hi. If you have sometime, could you please help me by reviewing https://review.openstack.org/#/c/485302/.19:58
*** blake has quit IRC20:07
*** prashkre has quit IRC20:16
*** raildo has quit IRC20:16
*** raildo has joined #openstack-keystone20:17
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: Remove deprecate default domain id compatibility  https://review.openstack.org/48756120:19
openstackgerritLance Bragstad proposed openstack/keystone master: WIP: Remove deprecate default domain id compatibility  https://review.openstack.org/48756120:25
lbragstadknikolla: nice job! https://review.openstack.org/#/c/487202/220:25
knikollalbragstad: thanks!20:28
lbragstadit's nice to see those green again20:28
knikollayep. were an eyesore.20:29
*** sjain has joined #openstack-keystone20:37
*** Drankis has quit IRC20:39
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031720:43
openstackgerritGage Hugo proposed openstack/keystone master: Add JSON schema validation for project tags  https://review.openstack.org/48448320:43
openstackgerritGage Hugo proposed openstack/keystone master: Add database migration for project tags  https://review.openstack.org/48445620:43
openstackgerritGage Hugo proposed openstack/keystone master: Add policy for project tags  https://review.openstack.org/48675720:43
openstackgerritKristi Nikolla proposed openstack/keystone master: WIP - Clean lingering roles when purging mappings  https://review.openstack.org/48757920:43
knikollalbragstad: thoughts on ^^20:43
openstackgerritSamuel Pilla proposed openstack/python-keystoneclient master: Add project tags to keystoneclient  https://review.openstack.org/48122320:44
lbragstadknikolla: i can look20:45
*** aojea has joined #openstack-keystone20:45
openstackgerritLance Bragstad proposed openstack/keystone master: Clarify documentation on whitelists and blacklists  https://review.openstack.org/48758320:49
*** thorst has quit IRC20:50
openstackgerritSamriddhi proposed openstack/keystone master: Improve docs about token persistence drivers  https://review.openstack.org/47638420:51
*** sjain has quit IRC20:56
*** catintheroof has quit IRC21:01
openstackgerritEric Fried proposed openstack/keystoneauth master: WIP: get_conf_options can exclude deprecated opts  https://review.openstack.org/48759021:04
*** raildo has quit IRC21:06
*** sjain has joined #openstack-keystone21:10
*** sjain has quit IRC21:14
*** chlong has quit IRC21:14
openstackgerritEric Fried proposed openstack/keystoneauth master: get_conf_options can exclude deprecated opts  https://review.openstack.org/48759021:16
*** blake has joined #openstack-keystone21:19
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031721:22
*** blake has quit IRC21:27
*** thorst has joined #openstack-keystone21:32
openstackgerritGage Hugo proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031721:33
*** ducttape_ has joined #openstack-keystone21:34
*** thorst has quit IRC21:37
*** ducttap__ has quit IRC21:37
*** ducttap__ has joined #openstack-keystone21:49
*** ducttape_ has quit IRC21:52
*** edmondsw has quit IRC21:58
*** harlowja has joined #openstack-keystone22:00
*** aojea has quit IRC22:23
cmurphyknikolla: so it needed apache restarted too?22:25
cmurphyknikolla: i guess that makes some sense because shibboleth22:25
*** thorst has joined #openstack-keystone22:25
*** thorst has quit IRC22:26
*** phalmos has joined #openstack-keystone22:32
*** blake has joined #openstack-keystone22:34
rm_workis there a definitive list of the current options for keytone_authtoken config section for services using the middleware?22:36
rm_workeverything i find says something different and/or is super old22:36
*** blake has quit IRC22:38
rm_workhttps://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/_opts.py22:41
rm_workmay be my best bet i guess lol22:41
*** blake has joined #openstack-keystone22:41
bretonrm_work: the options in your link + auth plugins' options22:49
rm_workhmm k22:49
rm_worki'm trying to disable cacheing of tokens22:49
rm_workbecause it is correct that the inmemory cache is bad22:49
rm_workbut i don't want to replace it with memcached either at the moment22:49
rm_worki just want to have *no cache*22:49
rm_worki set the cache time to -1 which it says will disable cacheing22:50
rm_workbut it still prints the warning about the inmemory thing everywhere22:50
rm_worki guess it's just not smart enough to realize i disabled cacheing?22:50
bretonrm_work: you should probably know that we tried that22:52
bretonrm_work: and had to revert the patch22:52
bretonrm_work: https://review.openstack.org/#/c/271352/22:52
rm_workhmm22:52
rm_workit was that bad?22:52
rm_workwhy is it THAT bad22:52
bretonrm_work: i don't know :) you can try reverting that revert if you feel brave22:53
rm_workbreton: so what it seems i'm running into (with the octavia api), is that i get slow requests every first request and every 5 minutes, which SEEMS to be related to the token cache22:53
rm_workif i mess with the cache time and other related settings, it seems to change accordingly22:54
bretonrm_work: it's probably cache, right22:54
rm_workbut it's like ... 10s request every time it misses the cache for a token22:54
rm_workwhich is bonkers22:54
openstackgerritOpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements  https://review.openstack.org/48746522:55
bretonrm_work: is cache enabled for keystone?22:59
rm_workon the keystone server itself? I don't actually know, but i can find out22:59
bretonrm_work: yes23:01
rm_workwe do not have cache enabled in keystone23:02
*** ducttap__ has quit IRC23:03
*** ducttape_ has joined #openstack-keystone23:05
*** blake has quit IRC23:05
*** edmondsw has joined #openstack-keystone23:06
*** ducttape_ has quit IRC23:09
*** ducttape_ has joined #openstack-keystone23:10
*** edmondsw has quit IRC23:11
harlowjabreton does caching do anything if u turn it on and say still use the sql token backend23:19
harlowjadoes using memcache offer any benefits unless u drop that token backend?23:20
harlowja(and switch to the memcache backend)23:20
* harlowja wondering cause rm_work and i use the sql backend23:20
harlowjaand we aren't turning on caching, but what would caching offer if we left the sql token backend as is23:20
harlowjalike i think we discovered that keystonemiddleware is all sorts of messed up due to the forced-on-memory-cache23:21
harlowjathat was super nice to figure out23:21
harlowjalol23:21
harlowjaso pretty much memcache is a requirement of anything that uses keystonemiddleware (ie everything)23:22
*** ducttape_ has quit IRC23:22
harlowja^ not saying i disagree with that, just ummm, was there every messaging to <anyone> about that?23:22
harlowjalol23:22
harlowjalike perhaps https://docs.openstack.org/keystonemiddleware/latest/ should say ' u have to really use this with memcache' in bold23:23
harlowjaimho it shouldn't even be optional23:23
harlowjait should default to 'u must have memcache'23:23
*** thorst has joined #openstack-keystone23:27
rm_workit does kinda23:28
rm_workwhen you spin up and a request happens:23:28
rm_workWARNING keystonemiddleware.auth_token [-] Using the in-process token cache is deprecated as of the 4.2.0 release and may be removed in the 5.0.0 release or the 'O' development cycle. The in-process cache causes inconsistent results and high memory usage. When the feature is removed the auth_token middleware will not cache tokens by default which may result in performance issues. It is recommended to use  memcache for the23:29
rm_work auth_token token cache by setting the memcached_servers option.23:29
harlowjaya, that's a message say ummmm a little late in the whole game no?23:29
rm_workheh23:29
harlowjau deployed all the things, ummm, and u thought it was all goign to work23:30
harlowjabut ya, go back to start and add memcache23:30
harlowjalol23:30
*** oomichi has quit IRC23:32
*** thorst has quit IRC23:32
harlowjaunless u like ` inconsistent results and high memory usage.`23:34
harlowjai mean who doesn't like ^23:34
harlowjalol23:34
*** oomichi has joined #openstack-keystone23:34
*** efried is now known as efried_zzz23:35
*** phalmos has quit IRC23:37
bretonharlowja: caching matters with any backend23:40
bretonharlowja: we cache a lot of stuff in very interesting ways23:40
harlowjalol23:40
harlowjanot sure if impressed or scared23:41
harlowjastill deciding, lol23:41
bretonharlowja: users, projects, revocations, even full tokens can be cached23:41
breton> imho it shouldn't even be optional > it should default to 'u must have memcache'23:42
bretonwe can't do that yet because keystonemiddleware is still used by eventlet-based servers23:42
openstackgerritMerged openstack/keystoneauth master: get_conf_options can exclude deprecated opts  https://review.openstack.org/48759023:42
bretonand they work badly with memcache client library23:42
harlowjawhich lib?23:42
harlowjawant me to make a lib that works, lol23:42
bretonpython-memcached23:42
harlowjadon't use that one?23:42
harlowjalol23:42
bretonharlowja: write a new one for us and i will be the first to +2 :p23:43
harlowjaisn't that pymemcache?23:43
harlowjapretty sure i have some contributions into that, lol23:43
bretonpymemcache is good, yes23:44
harlowjaso ya, ummmm, whats the hold up then, lol23:46
openstackgerritNicolas Helgeson proposed openstack/keystone master: Add new tags attribute to project  https://review.openstack.org/47031723:47
*** thorst has joined #openstack-keystone23:50
morganharlowja: convert to use oslo.cache and i can write a pymemcache impl in ~10m23:52
morgan(ok ok 1hr w/ tests)23:52
harlowjaget er done23:52
harlowjalol23:52
morganin all seriousness, oslo.cache would make a huge difference and make it easier to convert to pymemcache23:54
harlowjai'd assume so23:54
morganthe biggest issue is actually the swift cache object that is being passed to ksm sometimes.23:54
harlowjahttps://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/_cache.py#L59 scared me though, lol23:54
harlowjaat least in the keystone middleware code, that scared me23:55
harlowjaso i need to go to PTSD or something first23:55
openstackgerritMerged openstack/keystone master: In the devstack plugin, restart keystone after modifying conf  https://review.openstack.org/48720223:55
morganwell, you do get inconsistent results23:55
harlowjalol23:55
morgansome processes may cache the token, some may not23:55
morgana token may be valid in one request and not the next to the same endpoint23:55
morganand then valid again23:55
harlowjayup23:55
morganand with a ton of requests you burn spots in dict() for the sake of a maybe-use-sometime and a horrible performance bottleneck23:56
harlowjaso ya, i need to recover from PTSD first for a little23:56
harlowjalol23:56
*** ducttape_ has joined #openstack-keystone23:59
*** ducttape_ has quit IRC23:59
« Tuesday, 2017-07-25 Index Thursday, 2017-07-27 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!