Tuesday, 2017-11-21

*** edmondsw has joined #openstack-keystone00:05
*** deepika08 has quit IRC00:06
*** _ix has quit IRC00:06
*** edmondsw has quit IRC00:10
*** jrist-afk is now known as jrist00:12
*** AlexeyAbashkin has joined #openstack-keystone00:13
*** AlexeyAbashkin has quit IRC00:17
*** itlinux has quit IRC00:26
*** Sandy619 has joined #openstack-keystone00:43
*** Sandy619 has quit IRC00:45
*** edmondsw has joined #openstack-keystone00:49
*** aojea has joined #openstack-keystone00:50
*** edmondsw has quit IRC00:52
*** edmondsw has joined #openstack-keystone00:52
*** aojea has quit IRC00:55
*** AlexeyAbashkin has joined #openstack-keystone01:12
*** AlexeyAbashkin has quit IRC01:16
*** daidv has quit IRC01:18
*** daidv has joined #openstack-keystone01:19
*** edmondsw has quit IRC01:20
*** edmondsw has joined #openstack-keystone01:20
*** edmondsw has quit IRC01:25
*** dave-mccowan has joined #openstack-keystone01:31
*** gmann_afk is now known as gmann02:25
*** itlinux has joined #openstack-keystone02:38
*** _ix has joined #openstack-keystone02:46
*** aselius has quit IRC02:49
*** aojea has joined #openstack-keystone02:51
*** aojea has quit IRC02:55
*** edmondsw has joined #openstack-keystone02:55
ayounghey kmalloc wanna see something funny?02:57
ayoungtell me what is wrong with this otherwise discoverable API02:58
*** edmondsw has quit IRC03:00
*** dave-mccowan has quit IRC03:10
*** links has joined #openstack-keystone03:19
*** harlowja has quit IRC03:22
lbragstadayoung: it has a tenant?03:45
lbragstadbreton: yeah - wxy_ is picking up that work03:45
*** deepika08 has joined #openstack-keystone03:49
*** itlinux has quit IRC03:58
*** harlowja has joined #openstack-keystone04:01
ayounglbragstad, heh04:07
ayounglbragstad, look at the verbs04:07
*** itlinux has joined #openstack-keystone04:12
*** ayoung has quit IRC04:36
*** edmondsw has joined #openstack-keystone04:44
*** itlinux has quit IRC04:44
*** itlinux has joined #openstack-keystone04:47
*** edmondsw has quit IRC04:48
*** aojea has joined #openstack-keystone04:51
*** aojea has quit IRC04:56
*** _ix has quit IRC04:57
*** lbragstad has quit IRC04:58
*** markvoelker has quit IRC05:00
*** edmondsw has joined #openstack-keystone05:29
*** itlinux has quit IRC05:31
*** edmondsw has quit IRC05:33
*** pcaruana has joined #openstack-keystone05:39
*** edmondsw has joined #openstack-keystone05:48
*** harlowja has quit IRC05:52
*** edmondsw has quit IRC05:52
*** deepika08 has quit IRC05:58
*** markvoelker has joined #openstack-keystone06:00
*** pcaruana has quit IRC06:13
*** annp has joined #openstack-keystone06:23
*** aojea has joined #openstack-keystone06:29
*** edmondsw has joined #openstack-keystone06:29
*** aojea has quit IRC06:33
*** edmondsw has quit IRC06:33
*** edmondsw has joined #openstack-keystone06:48
*** edmondsw has quit IRC06:53
*** rcernin has quit IRC06:59
*** aojea has joined #openstack-keystone07:03
*** josecastroleon has quit IRC07:04
*** josecastroleon1 has joined #openstack-keystone07:04
*** edmondsw has joined #openstack-keystone07:08
*** aojea has quit IRC07:11
*** spectr has joined #openstack-keystone07:11
*** spectr has quit IRC07:12
*** edmondsw has quit IRC07:12
*** edmondsw has joined #openstack-keystone07:23
*** magicboiz has quit IRC07:26
*** pcaruana has joined #openstack-keystone07:30
*** edmondsw has quit IRC07:33
*** josecastroleon1 has quit IRC07:40
*** edmondsw has joined #openstack-keystone07:48
*** edmondsw has quit IRC07:52
*** d0ugal has joined #openstack-keystone08:08
*** edmondsw has joined #openstack-keystone08:08
*** josecastroleon has joined #openstack-keystone08:12
*** edmondsw has quit IRC08:13
*** hoonetorg has quit IRC08:18
*** tesseract has joined #openstack-keystone08:23
*** edmondsw has joined #openstack-keystone08:28
*** edmondsw has quit IRC08:33
*** hoonetorg has joined #openstack-keystone08:35
*** magicboiz has joined #openstack-keystone08:38
*** aloga has quit IRC08:48
*** aloga has joined #openstack-keystone08:48
*** edmondsw has joined #openstack-keystone08:49
*** edmondsw has quit IRC08:53
*** Sandy619 has joined #openstack-keystone09:05
*** aojea has joined #openstack-keystone09:16
*** aojea has quit IRC09:21
*** Sandy619 has quit IRC09:30
*** mvk has quit IRC09:30
*** mvk has joined #openstack-keystone09:30
*** rcernin has joined #openstack-keystone10:01
*** daidv has quit IRC10:05
*** annp has quit IRC10:28
*** jhesketh has quit IRC10:28
*** jhesketh has joined #openstack-keystone10:30
*** gmann is now known as gmann_afk10:34
*** betherly has joined #openstack-keystone10:41
betherlyhi all! running devstack on my vm and connecting to my local horizon through the local_settings. I can login to the dashboard through the direct url for the devstack instance on the vm but through my local horizon i am getting keystone auth errors10:42
betherlyany ideas?10:42
cmurphy"Unable to establish connection to" is that the right host for keystone and can you reach that IP and port from your local env?10:44
betherlycmurphy: ive left the OPENSTACK_KEYSTONE_URL settings as default10:46
betherlycmurphy:  has that changed now in the default devstack keystone settings?10:47
*** edmondsw has joined #openstack-keystone10:48
cmurphybetherly: on devstack it will use /identity instead of :5000 and devstack should set that up properly for horizon but if you have set up a local horizon you'd have to change it to match10:48
betherlycmurphy: hmm ive never had to change that before. i guess somethings changed in devstack somewhere :/ so i should change:10:51
betherlyOPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST10:51
betherlyto OPENSTACK_KEYSTONE_URL = "http://%s/identity10:52
*** edmondsw has quit IRC10:52
cmurphybetherly: it should also use v3 since we deleted v2.0, so http://%s/identity/v3 (but that would cause a different error)10:53
cmurphybetherly: i think if you just make the OPENSTACK_KEYSTONE_URL and OPENSTACK_HOST in your local env match the devstack version it will work10:54
betherlystill getting errors :( thanks for all your help though its super appreciated10:58
cmurphybetherly: different errors or the same error?10:58
betherlyim wondering if its something to do with this line:11:00
betherlyLogin failed for user "admin", remote address
betherlythat its looking for remote address as my localhost even though openstack_host is set to the devstack environment11:00
cmurphybetherly: i think there's some kind of IDENTITY_API_VERSION setting in local_settings? it should be set to 3 or v3 or something11:01
cmurphyit's trying to use /tokens which doesn't exist in keystone v3, it should be using /auth/tokens11:01
cmurphybetherly: brb11:01
betherlycmurphy: its set to 3 as default11:02
cmurphybetherly: hrm i'm not sure then :/11:07
*** edmondsw has joined #openstack-keystone11:08
betherlycmurphy: thanks for your help!11:08
cmurphybetherly: np11:09
*** edmondsw has quit IRC11:12
*** aojea has joined #openstack-keystone11:17
*** aojea has quit IRC11:22
*** AlexeyAbashkin has joined #openstack-keystone11:24
*** mvk has quit IRC11:27
*** edmondsw has joined #openstack-keystone11:28
*** edmondsw has quit IRC11:32
*** edmondsw has joined #openstack-keystone11:48
*** edmondsw has quit IRC11:52
*** aojea has joined #openstack-keystone11:55
*** mvk has joined #openstack-keystone11:57
*** aojea has quit IRC12:05
*** raildo has joined #openstack-keystone12:10
*** panbalag has joined #openstack-keystone12:12
*** panbalag has left #openstack-keystone12:22
*** niraj_singh has quit IRC12:37
*** edmondsw has joined #openstack-keystone12:48
*** aojea has joined #openstack-keystone12:48
*** aojea_ has joined #openstack-keystone12:50
*** aojea has quit IRC12:50
*** efried has quit IRC13:04
*** dave-mccowan has joined #openstack-keystone13:11
*** dave-mcc_ has joined #openstack-keystone13:16
*** dave-mccowan has quit IRC13:17
*** efried has joined #openstack-keystone13:17
*** belmoreira has joined #openstack-keystone13:18
*** rmascena has joined #openstack-keystone13:24
*** raildo has quit IRC13:26
*** rcernin has quit IRC13:30
*** _ix has joined #openstack-keystone13:42
*** _ix has quit IRC13:52
*** aojea_ has quit IRC13:53
*** raildo has joined #openstack-keystone14:04
*** rmascena has quit IRC14:05
*** _ix has joined #openstack-keystone14:16
*** lbragstad has joined #openstack-keystone14:24
*** ChanServ sets mode: +o lbragstad14:24
*** clayton has quit IRC14:27
*** _ix_ has joined #openstack-keystone14:30
*** clayton has joined #openstack-keystone14:30
*** rmascena has joined #openstack-keystone14:31
*** markvoelker has quit IRC14:31
*** markvoelker has joined #openstack-keystone14:31
*** _ix has quit IRC14:32
*** raildo has quit IRC14:33
*** links has quit IRC14:47
openstackgerritMatthew Edmonds proposed openstack/keystonemiddleware master: Expect paste.deploy and gnocchi/panko options  https://review.openstack.org/51529114:49
openstackgerritMatthew Edmonds proposed openstack/keystonemiddleware master: Expect paste.deploy and gnocchi/panko options  https://review.openstack.org/51529114:52
*** aojea has joined #openstack-keystone14:53
*** magicboiz has quit IRC14:56
*** aojea has quit IRC14:58
*** mvk has quit IRC15:03
cmurphybetherly: so i just tried it and I had to uncomment OPENSTACK_API_VERSIONS to get it to use the right identity version, so i guess v3 isn't really the default15:16
openstackgerritMerged openstack/keystone master: Populate user, project and domain names from token into context  https://review.openstack.org/51875115:16
*** mvk has joined #openstack-keystone15:19
betherlycmurphy: ah thanks muchly! trying now15:24
*** ayoung has joined #openstack-keystone15:25
betherlycmurphy: what value did you have for OPENSTACK_KEYSTONE_URL15:26
betherlyso i can try exactly your setup?15:26
betherly(using my own ip obvs)15:26
cmurphybetherly: i have OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST15:36
* lbragstad digs into bug triage in preparation for office hours15:36
cmurphylbragstad: that reminds me, i won't be around for the meeting or office hours (on a plane)15:37
lbragstadcmurphy: no worries - thanks for the heads up!15:37
*** rmascena is now known as raildo15:47
*** panbalag has joined #openstack-keystone15:48
*** panbalag has left #openstack-keystone15:49
*** mvk has quit IRC15:54
*** aojea has joined #openstack-keystone15:54
*** jistr is now known as jistr|mtg15:59
*** aojea has quit IRC16:00
*** spilla has joined #openstack-keystone16:01
*** links has joined #openstack-keystone16:03
*** ktibi has joined #openstack-keystone16:05
ktibiHi, where can I find keystone-manage client for centos pike version ??16:05
*** mvk has joined #openstack-keystone16:07
*** ktibi has left #openstack-keystone16:09
*** itlinux has joined #openstack-keystone16:10
*** links has quit IRC16:12
*** jistr|mtg is now known as jistr16:16
*** edmondsw has quit IRC16:24
*** KwozyMan has joined #openstack-keystone16:25
*** edmondsw has joined #openstack-keystone16:25
*** jose-phillips has joined #openstack-keystone16:26
*** AlexeyAbashkin has quit IRC16:28
*** edmondsw has quit IRC16:29
*** josecastroleon has quit IRC16:29
*** belmoreira has quit IRC16:39
*** openstackstatus has quit IRC16:58
*** openstackstatus has joined #openstack-keystone16:59
*** ChanServ sets mode: +v openstackstatus16:59
*** tesseract has quit IRC17:09
*** josecastroleon has joined #openstack-keystone17:10
*** KwozyMan has quit IRC17:21
*** d0ugal has quit IRC17:30
*** aojea has joined #openstack-keystone17:36
*** aojea has quit IRC17:41
*** pcaruana has quit IRC17:48
*** d0ugal has joined #openstack-keystone17:50
*** jistr is now known as jistr|off|trng18:04
*** mvk has quit IRC18:09
*** david-lyle has quit IRC18:09
*** david-lyle has joined #openstack-keystone18:09
*** _ix_ has quit IRC18:30
*** AlexeyAbashkin has joined #openstack-keystone18:40
*** aselius has joined #openstack-keystone18:42
*** AlexeyAbashkin has quit IRC18:44
openstackgerritEric Fried proposed openstack/keystoneauth master: WIP: Return the endpoint_override from EndpointData  https://review.openstack.org/49194718:50
*** mvk has joined #openstack-keystone18:54
openstackgerritSean McGinnis proposed openstack/oslo.policy master: Handle deprecation of inspect.getargspec  https://review.openstack.org/52197918:55
*** KwozyMan has joined #openstack-keystone18:55
*** itlinux has quit IRC18:57
* kmalloc is here.18:57
* kmalloc is trying to do more than lurk18:57
lbragstadKwozyMan: josecastroleon18:57
* kmalloc needs cooffeeeeeee18:57
kmallocso. sec18:57
kmallocno coffee but...18:59
kmallochere we go18:59
kmallocthe biggest issue with allowing an admin to specify the ID (in *any* case) is that you now have the potential for Keystone to run into "i don't own" the ID issues. and start conflating the name/id and cause for things like id "squatting" in public (or even in corporate, people are sometimes petty) environments19:01
kmallocit also opens up things for say "guessing Ids", if they are randomly generated (or random with seeds based upon IDP ids) we can avoid almost all of those cases19:01
kmallocI'll eat my hat if we have more than an isolated incident of conflicting UUIDs (when done with UUID4) based upon the 64-bit space.19:01
kmallocthe main use cases we came up with started with two places19:02
kmalloc1) Restoring Deleted Projects19:02
kmallocthat is solved with either soft deletes or with admin allowed specification of ID19:02
kmalloc2) "I want the same ID in multiple deployments without DB replication"19:03
KwozyManboth valid usecases, imho19:03
*** itlinux has joined #openstack-keystone19:03
kmallocthis turned out to be one or two total folks asking for it, and I would be highly concerned with making the API generally able to do this in the case of sourcing data from outside locations [if more than one vector for creating <resource> occurs]19:03
lbragstadthe second use case was made more apparent to me at the forum19:04
kmallocif you have folks who are supplying enough information to force an ID to be created, you could then end up with creating a malicious case where you own and ID for something that will be created in the future19:04
lbragstadbecause there are restrictions in EU that prevent data replication19:04
josecastroleonthat's the one from the orange folks19:04
kmalloci create XXXXXXXXXX because i know it will be created when org Y's IDP passes information in19:05
kmallocand now I can, in theory, own their data19:05
kmallocit's a public-ish cloud concern, but we have to look at both cases.19:05
lbragstadright - that's a good point19:05
josecastroleonwe don't allow project autoprovissioning19:05
kmallocjosecastroleon: you don't, some folks do19:05
lbragstadyeah - we built that feature in a while ago19:06
KwozyManspecifying an id at creation time doesn't mean not checking if said id exists already? or am I missing something?19:06
kmallocwe, unfortunately, need to ensure we're planning for all supported (sorry) methods of creation19:06
kmallocKwozyMan: you could, but the error in creation results in 2 issues19:06
lbragstad#link https://docs.openstack.org/keystone/latest/advanced-topics/federation/federated_identity.html#auto-provisioning19:07
lbragstad#startmeeting keystone-office-hours19:07
openstackMeeting started Tue Nov 21 19:07:42 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.19:07
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:07
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"19:07
openstackThe meeting name has been set to 'keystone_office_hours'19:07
kmalloc1) I can't create the resource at all. and now i am stuck because someone squatted/created/owns it19:08
kmalloc2) I error, but can still use the resource, but someone else can as well19:08
kmalloc(one of two issues*)19:08
kmallocrandomized creation explicitly dodged these issues.19:08
kmalloclet me be clear, i am not going to block or say we are unable to add this feature19:08
kmallocwe have to be *Very* careful if we are adding it19:08
kmallocand we have to consider interop between deployments/use19:08
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"19:08
KwozyManfair enough19:09
kmallocif some clouds allow you to create ids and some don't - it adds to the already awful UX we have where options change the API behavior19:09
josecastroleonthe concern I have with autoprovisioning is that the resources are not cleaned up19:09
*** hoonetorg has quit IRC19:09
josecastroleonyou lose track from the user because it's not yours19:09
kmallocjosecastroleon: no resources are really auto-cleaned up19:09
josecastroleonand on a public cloud you have your credit card19:10
kmallocyou lose track the moment is is created in keystone.19:10
*** hoonetorg has joined #openstack-keystone19:10
josecastroleonso you don't care19:10
kmallocit is the CRM's job to track that stuff19:10
kmalloc(customer relations management software, aka salesforce or sugar, etc)19:10
lbragstadanother interesting side-effect of project IDs over the API is if a token is revoked in one region19:10
kmallocFTR: i disagreed with adding autoprovisioning19:10
lbragstadit won't be revoked in another19:10
kmalloci wish i had been at the forum, so i could have worked w/ orange folks to understand the specific replication concerns19:11
kmallocit is likely that it is PII-specific not "zero replication"19:11
lbragstadsince the data base isn't replicated - if the token is revoked in region A it won't be revoked in region B19:11
*** AlexeyAbashkin has joined #openstack-keystone19:11
kmallocwhich could lead towards isolation of data and certifying what is replicatable19:11
lbragstadtrue - i asked for some more information on the actually restriction19:12
lbragstadi'll be sure to send it out if i get it19:12
kmalloci am fairly certain it is not "you cannot replicate" but most orgs default to that because it dodges issues with "well but we got item Y by accident"19:12
lbragstadthe other requirement was that authZ data can't come from the source of authN19:13
kmallocthat was orange's requirement?19:13
kmalloceh, thats easy enough with some SSO things.19:14
lbragstadnot sure - it came up in discussion somewhere and i wrote it down19:14
lbragstadbut you could also do that today by not having a mapping19:14
kmalloci wonder if that means the authoritative authn or any authn19:14
lbragstadand just manually managing role assignment on the shadow user19:14
kmallocbecause what if keystone is backed by ldap19:14
kmallocldap is providing authn but by proxy to ldap19:14
kmallocis that sufficient19:14
kmallocand what you said about mapping19:15
kmallocin short, autogeneration of IDs is the best option for most of keystone's use-cases19:15
lbragstadright authZ from an openstack perspective would be completely isolated from authN19:15
KwozyManGentlemen, I have to retire now.19:16
kmalloci *might* be willing to add id-specification (for projects and users) as resource-options to a domain19:16
*** AlexeyAbashkin has quit IRC19:16
kmallocso you create the domain with that option set19:16
kmallocand then you're allowed to specify ids.19:16
lbragstadKwozyMan: no worries - thanks for coming19:16
kmallocbut it has to be discoverable19:16
KwozyManWe'll try to rewrite the spec to consider your concerns19:16
kmallocKwozyMan: ^19:16
lbragstadkmalloc: yeah - that'd be another way to go about it19:16
*** KwozyMan has quit IRC19:17
kmalloclbragstad: that makes me a bit happier since you can look at the domain object to know if it's allowed19:17
kmallocand then you can provide or not19:17
*** aojea has joined #openstack-keystone19:17
lbragstadwhich should be specific to an idp19:17
kmallocit doesn't really break APIs and it makes it so it is every explicitly opted into19:17
lbragstadwhich gets around the stealing of namespace before someone hooks things up from the Idp, right?19:17
kmallocnow ids are still 100% globally unique19:17
kmallocso i would probably force a prefix that we can control19:18
kmallocdo a UUID5(namespace-prefix, uuid4)19:18
kmallocso they can generate it but it must conform to a way we can avoid conflicts and we can reject uuids in other places that don't conform19:18
kmallocor prefix + uuid4[4:]19:19
josecastroleonthe project id will be then the uuid4 or the whole blob?19:19
kmallocjosecastroleon: the id would be the whole blob. it makes this viable going forward19:19
lbragstadit would be munged together19:19
kmallocnot retroactively19:19
lbragstad(token payloads would be a bit longer)19:19
kmalloclbragstad: nah19:19
kmalloclbragstad: we'd still 32 byte ids19:20
lbragstadunless you deconstruct the token and serialize them separately?19:20
kmallocjust say first 4 bytes would be restricted or frist 1019:20
kmalloclbragstad: ids are imuutable19:20
kmallocso 2 cases:19:20
kmallocauto creation of id, lets say 10-bytes unique (lots ot space)19:20
kmallocdomain-specific-10-by-prefix + uuid4()[10:]19:21
kmallocso 1234567890 + uuid4() and drop the first 10 bytes of the uuid before munging19:21
josecastroleonthen they need to have the same domain id in both enviroments right?19:21
kmallocwe would need to address that, but domain-flagged projects, I'm more willing to be flexible on19:22
josecastroleonbut when you are creating it, would you be able to specify it?19:22
josecastroleoni meant the domain19:22
kmallocugh but we run into the same issues since domains and projects are the same type19:22
kmallocjosecastroleon: well you can specify domain-names for everything19:23
kmallocand you could specify the domain-prefix id19:23
kmallocthis is awful.19:23
kmalloci don't think we can reasonably supply a consistent API to allow specification of IDs19:23
josecastroleoncan we do some kind of configuration option to allow them to go forward? with a very big warning message with all the things that will fail19:24
kmallocjosecastroleon: i can't +2 that, but i can "not block it"19:25
kmallocbecause i never feel good with the "set an option that changes the API behavior"19:25
josecastroleonit's more on orange side19:25
kmallocright. and it still comes down to a general purposew config to handle that use case19:26
josecastroleonwe can workaround it19:26
kmalloci think i need to know more about the orange restrictions19:27
kmallocwhat are the real limitations19:27
*** _ix has joined #openstack-keystone19:27
kmallocbut that said... i understand what they're trying to do.19:27
lbragstadyeah - if it is a law thing, we should hopefully be able to dig into some public documentation on it somewhere19:28
lbragstadmaybe that helps clarify requirements19:29
lbragstadjosecastroleon: either way - let's see if we can get this stuff captured somewhere19:31
lbragstadespecially since this conversation comes up frequently19:32
lbragstadit'll hopefully be easier to iterate towards a solution when we have things documented19:32
lbragstador come up with alternatives that work19:32
josecastroleonthanks, i need to retire, it's getting late here :D19:35
lbragstadjosecastroleon: sounds good - thanks for sticking around19:42
*** josecastroleon has quit IRC19:48
lbragstadfor those here for office hours - i'll be working on bug triage19:52
lbragstadi haven't done much of that in the last couple weeks with all the things going on, so i'll be catching up on that19:52
lbragstadi have stumbled across several good candidates if anyone is looking for something though19:52
*** rmascena has joined #openstack-keystone19:54
*** raildo has quit IRC19:57
*** jose-phillips has quit IRC20:09
*** AlexeyAbashkin has joined #openstack-keystone20:11
*** jose-phillips has joined #openstack-keystone20:11
*** AlexeyAbashkin has quit IRC20:15
*** aojea has quit IRC20:29
*** aojea has joined #openstack-keystone20:29
*** aojea has quit IRC20:34
*** sbezverk has quit IRC20:42
*** McClymontS has joined #openstack-keystone20:45
*** McClymontS has quit IRC20:49
*** McClymontS has joined #openstack-keystone20:52
*** McClymontS has quit IRC20:52
lbragstadlamt: https://bugs.launchpad.net/oslo.cache/+bug/173192121:07
openstackLaunchpad bug 1731921 in keystonemiddleware "memcache_socket_timeout is too high" [Undecided,In progress] - Assigned to Vincent Untz (vuntz)21:07
lbragstad^ that might be something that gets fixed once we port ksm to use oslo.cache21:08
*** sbezverk has joined #openstack-keystone21:11
*** rmascena has quit IRC21:21
*** dave-mcc_ has quit IRC21:47
*** threestrands has joined #openstack-keystone21:48
*** rcernin has joined #openstack-keystone21:50
lamtlbragstad : am planning to start oslo.cache work after Thanksgiving21:52
lbragstadi parsed most of the recent bug activity and updated various reports with office-hours tags https://bugs.launchpad.net/keystone/+bugs?field.tag=office-hours21:52
lbragstadlamt: awesome21:53
lbragstadmost of those bugs seem like things that can be accomplished in a few hours21:53
lbragstadif anyone is looking for bugs to work on21:53
*** mvk has quit IRC21:59
*** mvk has joined #openstack-keystone22:15
*** markvoelker has quit IRC22:16
*** aojea has joined #openstack-keystone22:22
*** markvoelker has joined #openstack-keystone22:27
*** ayoung has quit IRC22:35
*** efried is now known as fried_turkey22:38
openstackgerritLance Bragstad proposed openstack/oslo.policy master: Add scope_types to RuleDefault objects  https://review.openstack.org/51022222:53
*** openstack changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/5F0h9Hoe/keystone"23:02
openstackMeeting ended Tue Nov 21 23:02:52 2017 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)23:02
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-11-21-19.07.html23:02
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-11-21-19.07.txt23:02
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-11-21-19.07.log.html23:02
*** itlinux has quit IRC23:05
*** aojea has quit IRC23:06
*** AlexeyAbashkin has joined #openstack-keystone23:12
*** AlexeyAbashkin has quit IRC23:16
*** spilla has quit IRC23:21
*** Sandy619 has joined #openstack-keystone23:28
*** gmann_afk is now known as gmann23:28
*** Sandy619 has quit IRC23:30
*** d0ugal has quit IRC23:58
*** d0ugal has joined #openstack-keystone23:58

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!