Wednesday, 2017-09-06

« Tuesday, 2017-09-05 Index Thursday, 2017-09-07 »
*** harlowja has joined #openstack-keystone00:03
*** mjax has quit IRC00:07
*** mjax has joined #openstack-keystone00:08
openstackgerritchenaidong1 proposed openstack/keystone master:   Fix a typo  https://review.openstack.org/50072100:08
*** harlowja has quit IRC00:09
*** mjax has quit IRC00:10
*** chrisshattuck has quit IRC00:10
*** harlowja has joined #openstack-keystone00:14
*** agrebennikov has quit IRC00:15
*** edmondsw has joined #openstack-keystone00:19
*** thorst has joined #openstack-keystone00:20
*** thorst has quit IRC00:23
*** edmondsw has quit IRC00:24
*** jamesbenson has joined #openstack-keystone00:32
*** thorst has joined #openstack-keystone00:32
*** jamesbenson has quit IRC00:37
*** aselius has quit IRC00:47
*** dave-mccowan has quit IRC00:49
*** zhurong has joined #openstack-keystone00:53
*** chrisshattuck has joined #openstack-keystone00:54
*** harlowja has quit IRC00:57
*** harlowja has joined #openstack-keystone01:01
*** jamesbenson has joined #openstack-keystone01:03
*** nicolasbock has quit IRC01:06
*** thorst has quit IRC01:06
*** jamesbenson has quit IRC01:08
*** mjax has joined #openstack-keystone01:14
*** mjax has quit IRC01:15
*** nicolasbock has joined #openstack-keystone01:21
*** thorst has joined #openstack-keystone01:24
*** chrisshattuck has quit IRC01:25
*** thorst has quit IRC01:25
*** ricolin has joined #openstack-keystone01:32
*** thorst has joined #openstack-keystone01:39
*** thorst has quit IRC01:39
*** markvoelker has joined #openstack-keystone01:43
*** itlinux has joined #openstack-keystone01:54
mordredkmalloc: yah - I know you people likey the tests01:54
*** edmondsw has joined #openstack-keystone01:58
*** edmondsw has quit IRC02:02
*** thorst has joined #openstack-keystone02:07
*** thorst has quit IRC02:07
*** thorst has joined #openstack-keystone02:07
*** chrisshattuck has joined #openstack-keystone02:10
*** thorst has quit IRC02:12
*** markvoelker has quit IRC02:18
*** thorst has joined #openstack-keystone02:34
*** thorst has quit IRC02:34
*** chrisshattuck has quit IRC02:36
*** chrisshattuck has joined #openstack-keystone02:56
*** zhurong has quit IRC02:58
*** markvoelker has joined #openstack-keystone03:15
*** nicolasbock has quit IRC03:20
*** links has joined #openstack-keystone03:28
*** mjax has joined #openstack-keystone03:35
*** mjax has quit IRC03:36
*** chrisshattuck has quit IRC03:40
*** chrisshattuck has joined #openstack-keystone03:42
*** edmondsw has joined #openstack-keystone03:46
*** markvoelker has quit IRC03:48
*** edmondsw has quit IRC03:51
*** gyee has quit IRC04:00
*** zhurong has joined #openstack-keystone04:08
*** tbh_ has joined #openstack-keystone04:09
*** jamesbenson has joined #openstack-keystone04:11
*** chrisshattuck has quit IRC04:13
*** jamesbenson has quit IRC04:16
*** gcb has quit IRC04:19
*** thorst has joined #openstack-keystone04:26
*** thorst has quit IRC04:31
*** markvoelker has joined #openstack-keystone04:45
*** zxy has quit IRC04:49
*** zxy has joined #openstack-keystone04:49
*** jamesbenson has joined #openstack-keystone04:58
*** jamesbenson has quit IRC05:03
*** zxy has quit IRC05:14
*** zxy has joined #openstack-keystone05:14
*** markvoelker has quit IRC05:18
*** zxy has quit IRC05:22
*** zxy has joined #openstack-keystone05:22
*** pcaruana has joined #openstack-keystone05:27
*** thorst has joined #openstack-keystone06:27
*** aojea has joined #openstack-keystone06:28
Sara__Hello all06:28
Sara__while configuring keystone using ansible, am getting unauthorized error06:29
*** links has quit IRC06:29
Sara__i.e.,am unable to create keystone endpoint06:29
Sara__ we are installing openstack using fuel..could someone help me out06:29
Sara__Thanks in advance06:29
Sara__Please find the error logs: http://paste.openstack.org/show/620390/06:29
*** thorst has quit IRC06:32
*** jamesbenson has joined #openstack-keystone06:32
*** jamesbenson has quit IRC06:36
*** jamesbenson has joined #openstack-keystone06:48
openstackgerritchenaidong1 proposed openstack/keystone master:    Remove duplicate code  https://review.openstack.org/49987206:48
*** jamesbenson has quit IRC06:52
*** links has joined #openstack-keystone06:55
*** rcernin has joined #openstack-keystone06:57
*** Sara__ has quit IRC07:09
*** markvoelker has joined #openstack-keystone07:15
*** jamesbenson has joined #openstack-keystone07:19
*** edmondsw has joined #openstack-keystone07:22
*** jamesbenson has quit IRC07:23
*** edmondsw has quit IRC07:26
*** tesseract has joined #openstack-keystone07:30
*** markvoelker has quit IRC07:49
openstackgerritzhengliuyang proposed openstack/keystone master: Correct type of idp_id and protocol_id  https://review.openstack.org/50113907:50
*** hoonetorg has quit IRC07:58
*** edmondsw has joined #openstack-keystone08:03
*** hoonetorg has joined #openstack-keystone08:15
*** jaosorior has quit IRC08:27
*** thorst has joined #openstack-keystone08:28
*** thorst has quit IRC08:33
*** markvoelker has joined #openstack-keystone08:46
*** tbh_ has quit IRC08:58
*** ioggstream is now known as ioggstrea09:14
openstackgerrityanghuichan proposed openstack/keystone master: Fix wrong links  in keystone  https://review.openstack.org/50117709:15
*** openstackgerrit has quit IRC09:18
*** ioggstrea is now known as _iogg09:19
*** _iogg is now known as ioggstream09:19
*** markvoelker has quit IRC09:19
*** jamesbenson has joined #openstack-keystone09:24
*** jamesbenson has quit IRC09:29
*** openstackgerrit has joined #openstack-keystone09:38
openstackgerritchenaidong1 proposed openstack/keystone master:     Policy exception  https://review.openstack.org/50118109:38
openstackgerritchenaidong1 proposed openstack/keystone master:     Policy exception  https://review.openstack.org/50118109:40
openstackgerritchenaidong1 proposed openstack/keystone master:     Policy exception  https://review.openstack.org/50118109:40
*** amrith has quit IRC10:02
*** nicolasbock has joined #openstack-keystone10:02
*** openstackgerrit has quit IRC10:03
*** nicolasbock has quit IRC10:07
*** amrith has joined #openstack-keystone10:12
*** amrith is now known as Guest5755910:12
*** Guest57559 is now known as amrith10:12
*** edmondsw has quit IRC10:13
*** jaosorior has joined #openstack-keystone10:14
*** markvoelker has joined #openstack-keystone10:17
*** jamesbenson has joined #openstack-keystone10:26
*** thorst has joined #openstack-keystone10:29
*** jamesbenson has quit IRC10:30
*** thorst has quit IRC10:34
*** ioggstream has quit IRC10:34
*** nicolasbock has joined #openstack-keystone10:36
*** ioggstream has joined #openstack-keystone10:46
*** markvoelker has quit IRC10:49
*** zhurong has quit IRC10:54
*** nicolasbock has quit IRC11:07
*** nicolasbock has joined #openstack-keystone11:09
*** links has quit IRC11:20
*** links has joined #openstack-keystone11:32
*** dave-mccowan has joined #openstack-keystone11:39
*** nicolasbock has quit IRC11:40
*** markvoelker has joined #openstack-keystone11:46
*** nicolasbock has joined #openstack-keystone11:52
*** raildo has joined #openstack-keystone12:00
*** mjax has joined #openstack-keystone12:07
*** mjax has quit IRC12:08
*** edmondsw has joined #openstack-keystone12:10
*** edmondsw has quit IRC12:11
*** edmondsw has joined #openstack-keystone12:11
*** thorst has joined #openstack-keystone12:11
*** thorst has quit IRC12:12
*** thorst has joined #openstack-keystone12:13
*** markvoelker has quit IRC12:20
*** markvoelker has joined #openstack-keystone12:28
*** evrardjp_ has quit IRC12:35
*** evrardjp has joined #openstack-keystone12:35
*** david-lyle has quit IRC13:09
*** david-lyle has joined #openstack-keystone13:09
*** lucasxu has joined #openstack-keystone13:10
*** vgdublin has quit IRC13:28
*** catintheroof has joined #openstack-keystone13:29
*** thegreenhundred has joined #openstack-keystone13:30
*** aojea has quit IRC13:32
*** aojea has joined #openstack-keystone13:35
*** jaosorior has quit IRC13:41
*** zxy has quit IRC13:43
*** zxy has joined #openstack-keystone13:44
*** d0ugal has quit IRC13:55
*** jamesbenson has joined #openstack-keystone13:58
*** jaosorior has joined #openstack-keystone13:58
*** ayoung has joined #openstack-keystone14:03
*** jaosorior_ has joined #openstack-keystone14:09
*** d0ugal has joined #openstack-keystone14:16
*** Dave has quit IRC14:27
knikollao/14:30
*** links has quit IRC14:31
*** agrebennikov has joined #openstack-keystone14:32
*** chrisshattuck has joined #openstack-keystone14:33
*** Dave has joined #openstack-keystone14:43
*** efried_zzz is now known as efried15:01
ayounglbragstad, is the policy meeting no longer happening>?15:09
lbragstadayoung: it's in 50 minutes15:10
*** david-lyle has quit IRC15:10
ayounglbragstad, ah, cool.  Must have put it on the calendar wrong15:10
*** itlinux has quit IRC15:11
*** david-lyle has joined #openstack-keystone15:15
*** chrisshattuck has quit IRC15:21
*** chrisshattuck has joined #openstack-keystone15:23
*** amrith has quit IRC15:28
*** amrith has joined #openstack-keystone15:28
*** amrith is now known as Guest5560115:28
*** mjax has joined #openstack-keystone15:36
*** rmascena has joined #openstack-keystone15:38
*** raildo has quit IRC15:41
*** rmascena is now known as raildo15:42
*** rama_y has joined #openstack-keystone15:43
*** chrisshattuck has quit IRC15:45
*** chrisshattuck has joined #openstack-keystone15:46
*** gyee has joined #openstack-keystone15:55
*** lucasxu has quit IRC16:00
*** aselius has joined #openstack-keystone16:02
*** otleimat has joined #openstack-keystone16:02
*** david-lyle has quit IRC16:04
*** dklyle has joined #openstack-keystone16:04
*** itlinux has joined #openstack-keystone16:14
*** dklyle has quit IRC16:15
*** dave-mccowan has quit IRC16:17
*** david-lyle has joined #openstack-keystone16:18
*** jaosorior has quit IRC16:18
*** mjax has quit IRC16:23
*** mjax has joined #openstack-keystone16:24
*** mjax has quit IRC16:25
*** mjax has joined #openstack-keystone16:25
*** mjax has quit IRC16:26
*** mjax has joined #openstack-keystone16:27
*** mjax has quit IRC16:28
*** itlinux_ has joined #openstack-keystone16:31
*** itlinux has quit IRC16:32
*** mjax has joined #openstack-keystone16:32
*** mjax has quit IRC16:34
*** dave-mccowan has joined #openstack-keystone16:38
*** lucasxu has joined #openstack-keystone16:47
*** mjax has joined #openstack-keystone16:54
*** dave-mccowan has quit IRC16:56
*** dave-mccowan has joined #openstack-keystone16:56
*** rcernin has quit IRC17:02
*** jaosorior_ has quit IRC17:05
*** harlowja has quit IRC17:07
*** harlowja has joined #openstack-keystone17:07
*** mjax has quit IRC17:11
*** ricolin has quit IRC17:12
kmalloccburgess: hey, you around?17:12
*** cfriesen has quit IRC17:23
*** mjax has joined #openstack-keystone17:23
*** cfriesen has joined #openstack-keystone17:40
*** openstackgerrit has joined #openstack-keystone17:50
openstackgerritJaewoo Park proposed openstack/keystone master: WIP: Extend comparator support for project list by tags  https://review.openstack.org/49597817:50
*** Guest55601 is now known as amrith17:52
*** nicolasbock has quit IRC17:53
*** ioggstream has quit IRC17:55
*** itlinux_ has quit IRC18:01
*** harlowja has quit IRC18:02
*** thorst has quit IRC18:22
*** thorst has joined #openstack-keystone18:23
*** rama_y has quit IRC18:25
*** thorst has quit IRC18:27
*** thorst has joined #openstack-keystone18:29
*** jaosorior has joined #openstack-keystone18:30
*** tesseract has quit IRC18:31
*** thorst has quit IRC18:33
*** rama_y has joined #openstack-keystone18:37
*** rama_y has quit IRC18:37
*** thorst has joined #openstack-keystone18:46
*** jaosorior has quit IRC18:53
*** catinthe_ has joined #openstack-keystone19:04
*** catintheroof has quit IRC19:06
*** catintheroof has joined #openstack-keystone19:06
*** catinthe_ has quit IRC19:10
*** mjax has quit IRC19:21
openstackgerritMerged openstack/keystoneauth master: Add loading mock fixtures  https://review.openstack.org/43601219:28
*** itlinux has joined #openstack-keystone19:29
*** itlinux has quit IRC19:33
*** pcaruana has quit IRC19:34
*** lbragstad has quit IRC19:43
*** lbragstad has joined #openstack-keystone19:45
*** ChanServ sets mode: +o lbragstad19:45
stevemarjdennis: !! https://jdennis.fedorapeople.org/doc/mellon-doc/mellon.html20:10
stevemarcopy & paste to keystone docs :)20:11
stevemari'll approve it before they take my +A away20:11
*** dave-mccowan has quit IRC20:11
cmurphy@.@ mellon docs outside of a github readme? madness20:12
*** guzmark has joined #openstack-keystone20:20
guzmarkhi all. quick question, i can't find a definitive answer on this on the web.20:20
guzmarkis the ability to run keystone standalone depricated in Newton?20:20
jdennisstevemar: I've actually got another doc that covers mellon deployment in a HA TripleO environment and covers a lot of OpenStack specific issues, the two documents should complement each other, but at the moment that doc has a lot of extraneous material not relevant to a simple OpenStack deployment, I should edit that and target it to a simple OpenStack deployment. Them maybe the two docs can live side-by-side.20:22
knikollaguzmark: you mean outside of an openstack environment?20:22
guzmarkjust started testing out the upgrade from Mitaka -> Newton and the first problem I hit is the openstack systemd service is gone as is the keystone-all binary.20:22
guzmarkno i mean outside of apache/nginx20:23
*** prometheanfire has left #openstack-keystone20:23
knikollaguzmark: yeah. it's gone as of newton20:23
guzmarkknikolla: dang. that is a blow. that makes my upgrade job that little bit harder now20:24
knikollaguzmark: we're just a wsgi app :) a conf file for httpd and you're done20:25
guzmarkyeah i know. but i was running it on the same server as horizon, liked being able to restart one without restarting the other20:26
knikollaguzmark: you can still do that20:26
knikollathe way services are moving is uwsgi20:26
knikollaand using apache as a proxy to uwsgi20:26
guzmarkthat's a pain20:26
knikollathat way you restart the various uwsgi processes without the need for restarting apache20:26
guzmarki c20:27
guzmarknot so much of a pain then20:27
guzmarkknikolla: thanks for the info. I guess I've got some reconfiguring to do. Going to have to reconfig the pacemaker cluster also now.20:28
guzmarkremove the keystone service, fix the order and colocation constraints....20:28
knikollaguzmark: an idea would be to just change the command that the service runs to `uwsgi --ini <KEYSTONE_INI_FOR_UWSGI>`20:30
guzmarkknikolla:  hmm. yeah that could work. I'm a bit behind the curve on the wsgi stuff20:31
*** jmlowe_ has quit IRC20:33
*** jmlowe has joined #openstack-keystone20:34
stevemarjdennis: it all seems super valuable to have in the keystone docs IMO :P20:35
*** dave-mccowan has joined #openstack-keystone20:39
*** chrisshattuck has quit IRC20:39
*** lucasxu has quit IRC20:42
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Add version discovery support to BaseAuthPlugin  https://review.openstack.org/50095620:45
mordredefried, cmurphy: ^^ thanks for the review -that should be more better20:45
cmurphymordred: awesomesauce20:46
openstackgerritGage Hugo proposed openstack/keystone master: Add database migration for project tags  https://review.openstack.org/48445620:52
*** dave-mcc_ has joined #openstack-keystone21:03
*** dave-mccowan has quit IRC21:05
*** itlinux has joined #openstack-keystone21:12
*** jdennis has quit IRC21:17
efriedmordred Noyce.21:19
*** jdennis has joined #openstack-keystone21:20
kmallocif we nuke the cli commands for keystone (yes we should)21:20
kmallocit would be so much easier.21:20
*** aahh has joined #openstack-keystone21:23
*** chrisshattuck has joined #openstack-keystone21:28
*** harlowja has joined #openstack-keystone21:45
*** aojea has quit IRC21:46
*** edmondsw has quit IRC21:52
*** jamesbenson has quit IRC21:55
*** catintheroof has quit IRC21:56
*** dave-mcc_ has quit IRC21:57
aahhhi , could anyone point me to where exactly does the keystone verifies the information related to project and permissions22:02
aahhI know that we have a policy.json in keystone.conf which is matched with the role of the user22:02
aahhwould like to know which part of the code handles it22:02
aahh@lbragstad ^^22:02
lbragstadaahh: could you elaborate a bit more?22:09
lbragstadi'm not sure i completely understand your question22:09
*** erlon has quit IRC22:11
*** edmondsw has joined #openstack-keystone22:23
aahhsure. for example if i run a command 'openstack user list', where on the code does keystone verify my role and permissions22:27
aahh@lbragstad22:27
lbragstadaahh: that's done in the keystone server22:28
lbragstadkeystone server has a bunch of APIs22:28
*** edmondsw has quit IRC22:28
lbragstadand in the controller layer we implement a decorator that wraps entry methods for an API22:28
lbragstadso where you see @controller.protected is where we're doing the RBAC/policy enforcement22:29
lbragstadaahh: so to use your example22:30
lbragstadaahh: https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L223-L230 is the controller entry point for listing users from the keystone service22:30
lbragstadaahh: which enforces protection via this method - https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L9922:31
lbragstadaahh: or https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L240 for get_user22:32
aahhmakes sense. so technically after the RBAC auth context gets set up , it calls the identity/v3/users api to list users which goes to the https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L223-L23022:45
aahhand then policy enforced check on https://github.com/openstack/keystone/blob/master/keystone/common/controller.py22:46
aahhwhat is the connection from here to /keystone/policy/backends/rules.py:7722:48
lbragstadaahh: you must be on an older code base?22:50
lbragstadwe refactored a lot of that out from https://github.com/openstack/keystone/blob/master/keystone/policy/backends/rules.py in to https://github.com/openstack/keystone/blob/master/keystone/common/policy.py22:51
lbragstadthe policy backend was originally designed to be something similar to what AWS does with IAM policies22:51
aahhthis one is from the ocata/devstack codebase actually22:51
lbragstadbut it was never really implemented22:51
lbragstadso the self.policy_api.enforce method was looped into that api22:52
lbragstadbut last release it was refactored out in to a common utility since the policy api is not useful22:52
lbragstadi gotta run for now but i'll check back in a little later22:53
aahhsure thanks22:53
*** thegreenhundred has quit IRC22:55
*** gagehugo has quit IRC23:02
*** gagehugo has joined #openstack-keystone23:04
*** raildo has quit IRC23:15
*** itlinux has quit IRC23:16
*** Dave has quit IRC23:33
*** aojea has joined #openstack-keystone23:46
*** Dave has joined #openstack-keystone23:49
*** aojea has quit IRC23:51
« Tuesday, 2017-09-05 Index Thursday, 2017-09-07 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!