Monday, 2018-02-05

« Sunday, 2018-02-04 Index Tuesday, 2018-02-06 »
*** dave-mcc_ has joined #openstack-keystone00:32
*** dave-mccowan has quit IRC00:35
*** panbalag has joined #openstack-keystone00:40
*** panbalag has left #openstack-keystone00:41
*** threestrands has joined #openstack-keystone00:43
*** edmondsw has joined #openstack-keystone00:52
*** edmondsw has quit IRC00:56
openstackgerritwangxiyuan proposed openstack/keystone master: Fix cache invalidation for application credential  https://review.openstack.org/54027001:24
openstackgerritwangxiyuan proposed openstack/keystone master: Add cache invalidation when delete application credential  https://review.openstack.org/54032401:24
openstackgerritwangxiyuan proposed openstack/keystone master: Expose a bug that cache invalidation doesn't work for application credential  https://review.openstack.org/54068901:24
*** zhurong has joined #openstack-keystone01:30
*** gagehugo has quit IRC01:33
*** namnh has joined #openstack-keystone01:44
*** mtreinish has quit IRC01:58
*** mtreinish has joined #openstack-keystone01:59
*** threestrands has quit IRC02:01
*** StefanPaetowJisc has joined #openstack-keystone02:01
*** StefanPaetowJisc has quit IRC02:06
*** daidv has joined #openstack-keystone02:06
*** itlinux has joined #openstack-keystone02:07
*** threestrands has joined #openstack-keystone02:16
*** threestrands has quit IRC02:16
*** threestrands has joined #openstack-keystone02:16
*** itlinux has quit IRC02:37
openstackgerritwangxiyuan proposed openstack/keystone master: Add cache invalidation when delete application credential  https://review.openstack.org/54032402:39
openstackgerritwangxiyuan proposed openstack/keystone master: Expose a bug that application credential cache is not invalidated  https://review.openstack.org/54070002:39
*** edmondsw has joined #openstack-keystone02:40
*** jmlowe has quit IRC02:43
*** zhurong has quit IRC02:43
*** edmondsw has quit IRC02:45
*** jmlowe has joined #openstack-keystone02:45
*** abhi89 has joined #openstack-keystone03:00
*** annp has joined #openstack-keystone03:05
*** dave-mcc_ has quit IRC03:32
*** itlinux has joined #openstack-keystone03:48
*** gongysh has joined #openstack-keystone03:54
openstackgerritwangxiyuan proposed openstack/keystone-specs master: block diag quota scenarios  https://review.openstack.org/44120303:55
*** threestrands has quit IRC04:07
*** itlinux has quit IRC04:12
*** gongysh has quit IRC04:13
*** threestrands has joined #openstack-keystone04:19
*** threestrands has quit IRC04:19
*** threestrands has joined #openstack-keystone04:19
*** edmondsw has joined #openstack-keystone04:28
*** edmondsw has quit IRC04:33
*** gongysh has joined #openstack-keystone04:33
*** threestrands has quit IRC04:36
*** threestrands has joined #openstack-keystone04:37
*** gongysh has quit IRC04:38
*** Suramya_ has joined #openstack-keystone04:54
*** StefanPaetowJisc has joined #openstack-keystone05:04
*** threestrands has quit IRC05:07
*** StefanPaetowJisc has quit IRC05:09
*** vish_18 has joined #openstack-keystone05:13
*** zhurong has joined #openstack-keystone05:39
*** jaosorior has joined #openstack-keystone05:39
*** threestrands has joined #openstack-keystone05:42
*** links has joined #openstack-keystone05:46
*** threestrands has quit IRC05:47
*** threestrands has joined #openstack-keystone05:47
*** vish_18 has quit IRC05:49
*** links has quit IRC05:49
*** vish_18 has joined #openstack-keystone05:49
*** links has joined #openstack-keystone05:51
*** links has quit IRC05:59
*** links has joined #openstack-keystone06:00
*** jmlowe has quit IRC06:04
*** threestrands_ has joined #openstack-keystone06:04
*** threestrands_ has quit IRC06:04
*** threestrands_ has joined #openstack-keystone06:04
*** jmlowe has joined #openstack-keystone06:04
*** StefanPaetowJisc has joined #openstack-keystone06:05
*** threestrands has quit IRC06:06
*** StefanPaetowJisc has quit IRC06:09
openstackgerritwangxiyuan proposed openstack/keystone master: Add cache invalidation when delete application credential  https://review.openstack.org/54032406:10
*** links has quit IRC06:14
*** links has joined #openstack-keystone06:16
*** edmondsw has joined #openstack-keystone06:17
*** jmlowe has quit IRC06:18
*** jmlowe has joined #openstack-keystone06:20
*** edmondsw has quit IRC06:21
*** jmlowe has quit IRC06:32
*** jmlowe has joined #openstack-keystone06:33
*** gongysh has joined #openstack-keystone06:44
*** jmlowe has quit IRC06:47
*** jmlowe has joined #openstack-keystone06:48
*** jaosorior has quit IRC06:50
*** wangqiang has joined #openstack-keystone06:53
vish_18lbragstad_: Regarding this  bug  https://bugs.launchpad.net/keystone/+bug/171493706:56
openstackLaunchpad bug 1714937 in OpenStack Identity (keystone) "keystone returns 500 on password change" [Low,In progress] - Assigned to Vishakha Agarwal (vishakha.agarwal)06:56
vish_18lbragstad_: The keystone service crashes when token.driver set to "any garbage value"06:57
*** martinus__ has joined #openstack-keystone06:58
vish_18lbragstad_: As this a new bug. So can we raise a new bug for it?06:59
*** pcaruana has joined #openstack-keystone07:04
*** jmlowe has quit IRC07:04
*** StefanPaetowJisc has joined #openstack-keystone07:06
*** josecastroleon has joined #openstack-keystone07:06
*** jmlowe has joined #openstack-keystone07:06
*** StefanPaetowJisc has quit IRC07:11
*** jaosorior has joined #openstack-keystone07:12
*** rcernin has quit IRC07:18
vish_18lbragstad_: Also as per my understanding keystone only supports sql driver. Can you pls confirm?07:23
*** AlexeyAbashkin has joined #openstack-keystone07:41
*** d0ugal has quit IRC07:42
*** AlexeyAbashkin has quit IRC07:45
*** AlexeyAbashkin has joined #openstack-keystone07:50
*** jaosorior has quit IRC08:00
*** edmondsw has joined #openstack-keystone08:05
*** d0ugal has joined #openstack-keystone08:06
*** edmondsw has quit IRC08:09
*** hoonetorg has quit IRC08:15
*** Suramya_ has quit IRC08:22
*** wangqiang has quit IRC08:23
*** d0ugal has quit IRC08:26
*** hoonetorg has joined #openstack-keystone08:28
*** tesseract has joined #openstack-keystone08:28
*** d0ugal has joined #openstack-keystone08:47
*** threestrands_ has quit IRC08:54
*** jmlowe has quit IRC08:59
*** jmlowe has joined #openstack-keystone09:01
*** timothyb89 has joined #openstack-keystone09:11
*** wangqiang has joined #openstack-keystone09:21
*** frti has joined #openstack-keystone09:39
*** StefanPaetowJisc has joined #openstack-keystone09:47
openstackgerritwangxiyuan proposed openstack/keystone-specs master: [WIP] Hierarchical Unified Limits  https://review.openstack.org/54080310:00
*** StefanPaetowJisc has quit IRC10:08
*** annp has quit IRC10:09
*** jmlowe has quit IRC10:09
*** jmlowe has joined #openstack-keystone10:10
*** StefanPaetowJisc has joined #openstack-keystone10:11
*** wangqiang has quit IRC10:15
*** wangqiang has joined #openstack-keystone10:15
abhi89cmurphy: Hi Colleen10:23
abhi89cmurphy: I am having few doubts around identity federation.. would be great if you can help me out..10:24
abhi89cmurphy: to enable federation there are 2 methods mentioned, using saml websso profile & saml ecp profile..10:24
abhi89i understand that websso profile deals in HTTP redirects & HTML forms. But our openstack based product doesn't use Horizon, we have our own10:24
abhi89GUI.. the steps mentioned in the tutorial to enable federation talks about using websso..10:24
abhi89so, for us to enable federation in our product we need CLI based enablement, so we need to use saml ECP profile i guess.. however i couldn't find any reliable resources around this.10:24
abhi89can you help me through this?10:24
*** namnh has quit IRC10:33
*** abhi89 has quit IRC10:38
cmurphyabhi89: are you using shibboleth?10:38
cmurphyoops :(10:38
*** jaosorior has joined #openstack-keystone10:43
*** sambetts|afk is now known as sambetts11:00
*** jmlowe has quit IRC11:02
*** jmlowe has joined #openstack-keystone11:04
*** gongysh has quit IRC11:17
*** jmlowe has quit IRC11:20
*** jmlowe has joined #openstack-keystone11:25
*** wangqiang has quit IRC11:26
*** jmlowe has quit IRC11:39
*** jmlowe has joined #openstack-keystone11:40
*** abhi89 has joined #openstack-keystone11:40
*** edmondsw has joined #openstack-keystone11:41
*** edmondsw has quit IRC11:45
cmurphyabhi89: hi11:57
cmurphyabhi89: enabling ecp for keystone is basically the same as enabling websso, you just skip the horizon part11:58
cmurphyabhi89: and if you're using shibboleth as your SP you need to set ECP=true in your <SSO ...> config in shibboleth2.xml11:59
cmurphyon the identity provider side you need to make sure it can support ECP and has it enabled, the details of that will be different for whatever IdP you're using and I don't know much about that side11:59
*** StefanPaetowJisc has quit IRC12:00
cmurphyfor authenticating with the CLI you'll want to use the v3samlpassword auth plugin via openstackclient i think12:00
*** raildo has joined #openstack-keystone12:01
*** pcaruana has quit IRC12:02
*** jmlowe has quit IRC12:04
*** jmlowe has joined #openstack-keystone12:05
*** jmlowe has quit IRC12:15
*** jaosorior has quit IRC12:16
*** gongysh has joined #openstack-keystone12:17
*** jmlowe has joined #openstack-keystone12:26
*** jmlowe has quit IRC12:36
*** StefanPaetowJisc has joined #openstack-keystone12:52
*** gongysh has quit IRC12:58
*** josecastroleon1 has joined #openstack-keystone13:00
*** josecastroleon has quit IRC13:00
*** gongysh has joined #openstack-keystone13:02
*** jmlowe has joined #openstack-keystone13:08
*** edmondsw has joined #openstack-keystone13:13
*** gongysh has quit IRC13:25
*** edmondsw has quit IRC13:36
*** edmondsw has joined #openstack-keystone13:36
*** jaosorior has joined #openstack-keystone13:37
*** StefanPaetowJisc has quit IRC13:39
*** edmondsw has quit IRC13:41
*** abhi89 has quit IRC13:42
*** abhi89 has joined #openstack-keystone13:43
*** panbalag has joined #openstack-keystone13:44
*** edmondsw has joined #openstack-keystone13:44
*** StefanPaetowJisc has joined #openstack-keystone13:46
*** edmondsw has quit IRC13:50
*** edmondsw has joined #openstack-keystone13:51
*** abhi89 has quit IRC13:51
*** abhi89 has joined #openstack-keystone13:52
*** d0ugal has quit IRC13:55
*** edmondsw has quit IRC13:55
*** edmondsw has joined #openstack-keystone13:59
*** edmondsw has quit IRC14:01
*** edmondsw has joined #openstack-keystone14:01
*** dave-mccowan has joined #openstack-keystone14:08
lbragstad_vish_18: the bug is already triaged and targeted for the queens release candidate14:24
lbragstad_vish_18: keystone only provides a sql token driver for the time being, but that doesn't mean you can't write your own token storage backend and use that instead14:25
*** StefanPaetowJisc has quit IRC14:25
*** d0ugal has joined #openstack-keystone14:29
*** david-lyle has quit IRC14:30
*** dklyle has quit IRC14:32
*** StefanPaetowJisc has joined #openstack-keystone14:36
*** dave-mcc_ has joined #openstack-keystone14:39
*** gongysh has joined #openstack-keystone14:41
*** dave-mccowan has quit IRC14:42
*** spilla has joined #openstack-keystone14:48
*** gongysh has quit IRC14:49
*** josecastroleon1 has quit IRC14:53
*** zeus has quit IRC15:02
*** r-daneel has joined #openstack-keystone15:03
*** mchlumsky has joined #openstack-keystone15:04
*** zeus has joined #openstack-keystone15:05
*** zeus is now known as Guest6004515:05
*** josecastroleon has joined #openstack-keystone15:09
*** StefanPaetowJisc has quit IRC15:10
*** StefanPaetowJisc has joined #openstack-keystone15:11
*** StefanPaetowJisc has quit IRC15:18
knikollaabhi89, cmurphy: you can actually use websso for that too.15:22
knikollaadd your web ui to `trusted_dashboard` in `/etc/keystone/keystone.conf` and then redirect to the websso endpoint with your dashboard as origin15:23
knikollakeystone will handle the redirects, login and then send the user back to your dashboard with the token in the `token` form via POST.15:24
knikolla`token` field in a from.15:24
knikollaform*15:24
*** StefanPaetowJisc has joined #openstack-keystone15:25
knikollathis is an example: https://github.com/CCI-MOC/ksproj/blob/master/ksproj/main.py#L55-L6315:25
*** Supun has joined #openstack-keystone15:25
cmurphyknikolla: ++15:26
*** abhi89 has quit IRC15:35
*** gagehugo has joined #openstack-keystone15:39
gagehugoo/15:40
lbragstad_does anyone have thoughts here? http://lists.openstack.org/pipermail/openstack-dev/2018-February/126985.html15:42
*** david-lyle has joined #openstack-keystone15:42
*** lbragstad_ is now known as lbragstad15:43
*** ChanServ sets mode: +o lbragstad15:44
lbragstadactually - i'll ping people in -dev, too15:44
cmurphyslight preference for tuesday since the first contact sig is scheduled for monday15:45
lbragstadack15:46
knikollalbragstad: no preference on my side. maybe tuesday would be better since i arrive in dublin at 6am monday16:04
cmurphyoof16:04
*** mchlumsky has quit IRC16:05
*** Supun has quit IRC16:06
*** Supun has joined #openstack-keystone16:06
*** mchlumsky has joined #openstack-keystone16:10
openstackgerritMurali Annamneni proposed openstack/keystone master: Enables MySQL Cluster support for Keystone  https://review.openstack.org/43122916:11
openstackgerritMurali Annamneni proposed openstack/keystone master: [WIP] Enables MySQL Cluster support for Keystone  https://review.openstack.org/43122916:13
*** AlexeyAbashkin has quit IRC16:34
*** AlexeyAbashkin has joined #openstack-keystone16:34
*** StefanPaetowJisc has quit IRC16:37
*** links has quit IRC16:37
*** itlinux has joined #openstack-keystone16:37
*** itlinux has quit IRC16:40
evrardjplbragstad: do you know by heart if there is a difference between the [cache] backend dogpile.cache.memcache or oslo_cache.memcache_pool ?16:46
evrardjpboth seem to connect to a list of the memcache servers, probably the difference is in the pooling or not, but just to be sure.16:48
*** itlinux has joined #openstack-keystone16:48
*** edmondsw has quit IRC16:50
lbragstadevrardjp: that's a good question - kmalloc would know more about that than i would16:53
evrardjpI am finishing this story to the bottom, cleaning everything we have in all our branches, this way it's done once and for all.16:55
evrardjp:D16:55
*** gyee has joined #openstack-keystone16:55
evrardjpthanks for all your help!16:55
lbragstadfrom what i could tell - it was an issue with one of the caching clients from oslo.cache16:55
*** edmondsw has joined #openstack-keystone16:56
lbragstadthat was having issues with the multi-server configuration bit16:56
*** edmondsw has quit IRC17:00
*** frti has quit IRC17:04
*** AlexeyAbashkin has quit IRC17:05
*** d0ugal has quit IRC17:15
*** AlexeyAbashkin has joined #openstack-keystone17:17
*** tonytan4ever has joined #openstack-keystone17:17
*** tonytan4ever has quit IRC17:17
*** AlexeyAbashkin has quit IRC17:21
*** brad[] has quit IRC17:23
*** d0ugal has joined #openstack-keystone17:23
*** Supun has quit IRC17:24
openstackgerritMerged openstack/keystone master: Expose a bug that cache invalidation doesn't work for application credential  https://review.openstack.org/54068917:44
*** sambetts is now known as sambetts|afk17:45
*** josecastroleon has quit IRC17:57
*** david-lyle has quit IRC18:01
*** jose-phillips has joined #openstack-keystone18:01
lbragstadwxy: nice! glad you're going to make it to the PTG!18:11
*** josecastroleon has joined #openstack-keystone18:12
*** d0ugal has quit IRC18:13
kmalloclbragstad: reading backlog18:14
kmallocevrardjp: yeah, so the memcache pool uses a fixed number of connections instead of a one-per-request model.18:14
kmallocevrardjp: it was designed to help in the case of eventlet, however, it can cause more latency/blocking on getting data because the pool has a fixed size. the memcache pool also has some diiiiiirrrrrty hacks in it to get around issues with "threadlocal"18:15
kmallocin the base memcache libraries18:15
lbragstadgagehugo: is the security sig stuff going to be something that happens on monday and tuesday?18:16
lbragstador are we planning on having that in the keystone room later in the week?18:16
evrardjpkmalloc: Oh.18:16
kmalloci should probably book my flight(s)18:17
evrardjpfor the ptg?18:17
kmallocit's getting ot that time...18:17
kmallocyeah18:17
evrardjpnice, let's meet there!18:17
kmallocneed to see if my wife will be joining me in IReland or not and base travel on that18:18
kmallocthere is also a chance i wont make it out there.18:18
evrardjpdue to late booking?18:18
kmallocnah, due to "I like sleeping in my own bed" :)18:18
evrardjpwho doesn't! -- but Ireland has tools to help sleeping in another bed.18:19
evrardjpbut I am thinking we are losing the initial topic there!18:19
evrardjpkmalloc: thanks for your help, it was very informative.18:19
kmallocabsolutely, happy to help18:20
gagehugolbragstad I think that is the plan18:24
gagehugowould like to cover vmt stuff then18:24
lbragstadgagehugo: oh - i suppose...18:24
lbragstadi just read line 7318:24
* lbragstad facepalm18:24
*** d0ugal has joined #openstack-keystone18:26
*** itlinux has quit IRC18:31
*** david-lyle has joined #openstack-keystone18:57
*** d0ugal has quit IRC18:59
*** harlowja has joined #openstack-keystone19:03
*** itlinux has joined #openstack-keystone19:07
*** brad[] has joined #openstack-keystone19:17
kmallocmordred: https://review.openstack.org/#/c/505764/8 +2, see in-line comment as a general criticism for the choice, but nothing that would stop me from merging it. needs another +2.19:18
*** d0ugal has joined #openstack-keystone19:22
*** edmondsw has joined #openstack-keystone19:29
*** abhi89 has joined #openstack-keystone19:29
*** tesseract has quit IRC19:36
*** AlexeyAbashkin has joined #openstack-keystone19:38
*** AlexeyAbashkin has quit IRC19:47
*** edmondsw_ has joined #openstack-keystone19:57
*** edmondsw has quit IRC20:00
*** frti has joined #openstack-keystone20:01
kmalloclbragstad: more providerAPI stuff pushed through20:01
lbragstadsweet20:02
lbragstadall that's left if the rest of the tests20:02
lbragstads/if/is/20:02
lbragstadthere are still a lot of occurrences in the tests of self.<api>. though20:03
*** itlinux has quit IRC20:06
*** raildo has quit IRC20:16
kmallochehe20:18
kmallocbut we can nuke it from at least all the non-tests20:19
*** itlinux has joined #openstack-keystone20:23
*** dave-mcc_ has quit IRC20:29
lbragstadi can work on another patch today for more of the testing stuff20:34
lbragstadit would be nice to get rid of all of it in the same release20:34
gagehugogonna head home before the ice storm then I'll be back on20:51
*** martinus__ has quit IRC20:58
*** spilla has quit IRC21:01
*** dave-mccowan has joined #openstack-keystone21:20
*** rcernin has joined #openstack-keystone21:26
*** itlinux has quit IRC21:45
*** itlinux has joined #openstack-keystone21:54
*** edmondsw_ is now known as edmondsw21:57
*** idlemind_ has joined #openstack-keystone22:01
idlemind_if i have an AD or RADIUS back-end is their a way to give each user their own project or at least map a certain user (via multiple filters maybe) to a certain project created after the fact? or is it only all users from this federated source get these roles?22:02
*** dave-mccowan has quit IRC22:10
*** abhi89 has quit IRC22:16
*** idlemind_ has quit IRC22:17
*** idlemind has joined #openstack-keystone22:18
openstackgerritMerged openstack/keystone master: Fix cache invalidation for application credential  https://review.openstack.org/54027022:25
openstackgerritMerged openstack/keystone master: Expose a bug that application credential cache is not invalidated  https://review.openstack.org/54070022:26
*** frti has quit IRC22:32
openstackgerritMerged openstack/keystone master: Use keystone.common.provider_api for auth APIs  https://review.openstack.org/53023322:34
openstackgerritMerged openstack/keystone master: Refactor self.*_api out of tests  https://review.openstack.org/54055722:34
*** itlinux has quit IRC22:48
mordredkmalloc: thanks ... so - for the first one, I was using None so we could distinguih 'not set' from 'True' or 'False' - since the value gets passed around and stuff23:02
*** edmondsw has quit IRC23:07
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Add some comments explaining split_loggers flag logic  https://review.openstack.org/54106623:07
*** edmondsw has joined #openstack-keystone23:08
mordredkmalloc: ^^ I has added followup with comments - thanks, that's excellent feedback23:08
*** edmondsw has quit IRC23:12
kmalloc:)23:13
kmallocmordred: feel free to +A that followup if no one else does, everything addressed. just didn't +A since zuul had not responded yet23:16
*** threestrands has joined #openstack-keystone23:19
*** threestrands has quit IRC23:19
*** threestrands has joined #openstack-keystone23:19
openstackgerritLance Bragstad proposed openstack/keystone master: Finish refactoring self.*_api out of tests  https://review.openstack.org/54107423:23
lbragstadalright - that was about as much fun as I can handle for the day23:23
lbragstadkmalloc: we should probably remove the self. magic sooner rather than later just to make sure we don't lose ground on the tests23:23
kmallocyeah23:23
openstackgerritLance Bragstad proposed openstack/keystone master: Finish refactoring self.*_api out of tests  https://review.openstack.org/54107423:26
mordredkmalloc: coolio23:30
« Sunday, 2018-02-04 Index Tuesday, 2018-02-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!