Wednesday, 2018-02-07

gagehugolbragstad I have not00:14
lbragstadgagehugo: so your battery hasn't imploded...00:16
gagehugonot yet haha00:18
gagehugomy issue may have already been fixed though if I had it00:18
lbragstadwhen did you get yours?00:20
*** r-daneel has quit IRC00:23
*** brad[] has joined #openstack-keystone00:25
gagehugomar/april last year00:26
gagehugomine came up affected00:27
gagehugoI think it's literally a loose screw may be in the laptop00:27
*** jessegler has quit IRC00:37
*** zhurong has joined #openstack-keystone00:42
*** gmann_ has joined #openstack-keystone01:03
*** wxy has joined #openstack-keystone01:08
openstackgerritMerged openstack/keystoneauth master: Zuul: Remove project name
*** gongysh has joined #openstack-keystone01:10
*** gongysh has quit IRC01:20
wxylbragstad: hi01:22
lbragstadwxy: o/01:22
wxylbragstad: I don't see JWT topic in
lbragstadline 12401:23
wxylbragstad: lol. I searched for "JWT"..01:23
lbragstadthere - you should be able to search for it now01:24
*** links has joined #openstack-keystone01:28
*** links has quit IRC01:29
lbragstadwxy: added some more details about it01:30
*** daidv has joined #openstack-keystone01:33
*** gmann_ has quit IRC01:46
*** gmann_ has joined #openstack-keystone01:46
*** masber has quit IRC01:59
*** gyee has quit IRC02:01
*** gongysh has joined #openstack-keystone02:10
*** Dave has quit IRC02:11
*** Dave_ has joined #openstack-keystone02:11
*** links has joined #openstack-keystone02:12
*** itlinux has joined #openstack-keystone02:14
*** Supun has joined #openstack-keystone02:45
*** Supun has quit IRC02:48
*** Supun has joined #openstack-keystone02:48
*** ayoung has joined #openstack-keystone02:52
*** namnh has joined #openstack-keystone03:18
*** itlinux has quit IRC03:25
*** Supun has quit IRC03:42
openstackgerritMerged openstack/keystone master: Finish refactoring self.*_api out of tests
openstackgerritMerged openstack/keystone master: Validate identity providers during token validation
openstackgerritMerged openstack/keystone master: Imported Translations from Zanata
openstackgerritMerged openstack/keystone master: Add cache invalidation when delete application credential
*** openstackgerrit has quit IRC04:04
*** itlinux has joined #openstack-keystone04:08
*** mvk has quit IRC04:21
*** harlowja has quit IRC04:32
*** nicolasbock has quit IRC04:32
*** namnh has quit IRC04:42
*** daidv has quit IRC04:44
*** Suramya has joined #openstack-keystone04:51
*** vish_18 has joined #openstack-keystone04:52
*** itlinux has quit IRC05:06
vish_18cmurphy: thanks !05:09
*** harlowja has joined #openstack-keystone05:37
*** zhurong has quit IRC05:39
*** Suramya_ has joined #openstack-keystone05:40
*** jaosorior has joined #openstack-keystone05:50
*** zhurong has joined #openstack-keystone05:53
*** openstackgerrit has joined #openstack-keystone06:03
openstackgerritMerged openstack/keystone master: Add scope_types to role policies
openstackgerritOpenStack Proposal Bot proposed openstack/oslo.policy master: Imported Translations from Zanata
*** annp has joined #openstack-keystone06:13
*** vish_18_ has joined #openstack-keystone06:18
vish_18_cmurphy: the orignal bug can be reproduced when we uncomment max_active_keys = 3 in master06:21
vish_18_cmurphy: ad setting driver = blah for fernet provider06:23
openstackgerritOpenStack Proposal Bot proposed openstack/keystone master: Imported Translations from Zanata
*** harlowja has quit IRC06:52
*** AlexeyAbashkin has joined #openstack-keystone07:22
*** martinus__ has joined #openstack-keystone07:42
*** AlexeyAbashkin has quit IRC07:42
*** rcernin has quit IRC07:48
*** akrzos has quit IRC07:50
*** AlexeyAbashkin has joined #openstack-keystone07:54
*** akrzos has joined #openstack-keystone08:02
*** annp has quit IRC08:14
*** annp has joined #openstack-keystone08:14
*** threestrands has quit IRC08:22
*** tesseract has joined #openstack-keystone08:24
*** zhurong has quit IRC08:25
*** zhurong has joined #openstack-keystone08:26
*** pcaruana has joined #openstack-keystone08:38
*** StefanPaetowJisc has joined #openstack-keystone08:48
*** StefanPaetowJisc has quit IRC08:59
openstackgerritMerged openstack/keystone master: Remove all v2.0 APIs except the ec2tokens API
openstackgerritMerged openstack/keystone master: Remove v2.0 extension documentation
*** StefanPaetowJisc has joined #openstack-keystone09:20
*** StefanPaetowJisc has quit IRC09:25
openstackgerritVishakha Agarwal proposed openstack/keystone master: Delete tokens from DB is not required in case of Fernet.
*** Adri2000 has joined #openstack-keystone09:56
Adri2000is there a reason keystone doesn't default to using oslo_cache.memcache_pool?09:57
*** pcaruana has quit IRC09:57
*** namnh has joined #openstack-keystone09:57
openstackgerritbaiwenteng proposed openstack/python-keystoneclient master: pelling error Keytone
*** Exhar has quit IRC10:05
*** sambetts|afk is now known as sambetts10:10
*** Exhar has joined #openstack-keystone10:11
*** pcaruana has joined #openstack-keystone10:13
*** Exhar has quit IRC10:15
Adri2000related question: is it a known issue that the default dogpile.cache.memcached backend leaks open connections? (I've found this old bug report
openstackLaunchpad bug 1360446 in keystonemiddleware "client connection leak to memcached under eventlet due to threadlocal" [Medium,Fix released] - Assigned to Morgan Fainberg (mdrnstm)10:18
*** annp has quit IRC10:22
*** gongysh has quit IRC10:33
*** zhurong has quit IRC10:35
openstackgerritMerged openstack/keystone master: Update sample configuration file for Queens
*** Dave_ is now known as Dave10:41
*** StefanPaetowJisc has joined #openstack-keystone10:54
*** pcaruana has quit IRC11:09
*** dmellado has quit IRC11:21
*** dmellado has joined #openstack-keystone11:27
*** namnh has quit IRC11:28
*** mvk has joined #openstack-keystone11:36
*** nicolasbock has joined #openstack-keystone11:41
*** dmellado has quit IRC11:48
*** StefanPaetowJisc has quit IRC11:55
*** dmellado has joined #openstack-keystone11:59
*** edmondsw has joined #openstack-keystone12:02
*** raildo has joined #openstack-keystone12:11
*** pcaruana has joined #openstack-keystone12:13
*** dave-mcc_ has joined #openstack-keystone12:15
*** AlexeyAbashkin has quit IRC12:25
*** AlexeyAbashkin has joined #openstack-keystone12:40
openstackgerritMerged openstack/keystone master: Remove the deprecated "giturl" option
*** jmlowe has quit IRC13:07
*** gongysh has joined #openstack-keystone13:15
openstackgerritSuramya proposed openstack/keystone master: Reorganize api-ref: v3-ext
openstackgerritSuramya proposed openstack/keystone master: Reorganize api-ref: v3-ext
*** AlexeyAbashkin has quit IRC13:34
*** AlexeyAbashkin has joined #openstack-keystone13:35
*** AlexeyAbashkin has quit IRC13:40
*** Supun has joined #openstack-keystone13:41
*** jmlowe has joined #openstack-keystone13:46
*** AlexeyAbashkin has joined #openstack-keystone13:55
*** markvoelker has joined #openstack-keystone13:57
*** r-daneel has joined #openstack-keystone14:04
*** links has quit IRC14:09
*** r-daneel has quit IRC14:12
*** daidv_ has joined #openstack-keystone14:13
*** r-daneel has joined #openstack-keystone14:31
openstackgerritColleen Murphy proposed openstack/keystone master: Drop domain id foreign key from user table
lbragstadour in progress column is *so* close to being empty14:56
*** spilla has joined #openstack-keystone14:57
lbragstadwe have a few patches with 2 +2s15:03
lbragstadso long as there isn't anything outstanding, we could probably start pushing those through15:03
knikollalbragstad: nothing like deletion patches to start the day15:08
lbragstadmmm fresh cup of coffee, a negative overall diff... what gets better than that?15:09
lbragstad is a good idea15:10
lbragstadwe used to do that more often when we did midcycle meet ups15:11
knikollalbragstad: i see references to 35357 in the doc patches, did we reach a consensus on what to do with the second port now that we don't need it?15:11
lbragstadknikolla: yeah - good question.. i have scroll back for you15:11
lbragstadi talked to a couple of the ubuntu maintainers (since cmurphy might be able to help with the suse side and hrybacki might be able to help with the redhat side)15:12
lbragstadcorey is going to work on a patch and reach out when he does15:13
lbragstadonce he does that, we should be able to update the second NOTE in our installation guide here -
*** Supun has quit IRC15:14
lbragstadand we can simplify our installation guide15:14
*** david-lyle has quit IRC15:15
knikollasweet, but that means i have to -1 the docs patch.15:15
lbragstadwhich one?15:15
knikollado a search&replace for 35357 and make it 500015:16
knikollaor that can be a follow up patch.15:17
lbragstadthe default apache configuration installed from keystone packages will still listen on port 35357 and 500015:17
lbragstadso v3 will be available for both15:17
knikollabut aren't we going to remove 35357? at least that's what i got out of the convo u linked to15:18
lbragstadmost likely, it depends on what they decide to use (they could use ports 80, 443, 5000, etc...)15:19
knikollai kind of like the /identity path instead of a port.15:19
knikollaand use apache just for proxying.15:19
lbragstadthat's an option too15:20
lbragstadthe ubuntu packages actually set things up like that15:20
knikollalbragstad: our red hat install does the same.15:21
*** gongysh has quit IRC15:23
knikollalbragstad: approved all three doc changes.15:23
knikollawe can worry about ports and paths later.15:24
lbragstadknikolla: thanks - i think we should definitely work through that stuff in rocky, probably talk about it at the PTG15:24
*** AlexeyAbashkin has quit IRC15:24
*** AlexeyAbashkin has joined #openstack-keystone15:24
knikollasounds good.15:25
knikollalbragstad: when does master open for rocky?15:31
lbragstadas soon as we get a release candidate cut15:32
lbragstadand we have a stable/queens branch created for keystone15:32
lbragstadthen we're technically ready for rocky development15:32
openstackgerritMerged openstack/keystone master: Fix list users by name
openstackgerritMerged openstack/keystone master: Reorganize api-ref: v3-ext
*** idlemind has quit IRC15:46
*** idlemind has joined #openstack-keystone15:47
openstackgerritSuramya proposed openstack/keystone master: Reorganize api-ref: v3-ext federation identity-provider
openstackgerritMerged openstack/keystone master: Remove v2 and v2-admin API documentation
*** pcaruana has quit IRC16:03
*** Supun has joined #openstack-keystone16:09
*** david-lyle has joined #openstack-keystone16:18
*** gyee has joined #openstack-keystone16:45
*** Supun has quit IRC16:45
*** markvoelker_ has joined #openstack-keystone16:47
*** itlinux has joined #openstack-keystone16:49
*** markvoelker has quit IRC16:49
openstackgerritColleen Murphy proposed openstack/keystone master: Drop domain id foreign key from user table
openstackgerritMerged openstack/keystone master: Remove v2.0 from documentation guides
openstackgerritMerged openstack/keystone master: Update curl request documentation to remove v2.0
*** harlowja has joined #openstack-keystone17:11
*** markvoelker_ has quit IRC17:14
*** markvoelker has joined #openstack-keystone17:14
*** harlowja has quit IRC17:17
*** AlexeyAbashkin has quit IRC17:26
*** tesseract has quit IRC17:27
openstackgerritGage Hugo proposed openstack/keystone master: Reorganize api-ref: v3 os-pki
openstackgerritGage Hugo proposed openstack/keystone master: Reorganize api-ref: v3 os-pki
gagehugocmurphy: fixed the merge conflict17:47
cmurphyhuh i didn't notice it was merge conflicting17:48
*** Supun has joined #openstack-keystone17:59
*** cfriesen has left #openstack-keystone18:02
*** harlowja has joined #openstack-keystone18:11
*** Supun has quit IRC18:11
lbragstadgagehugo: nice - thanks18:15
*** harlowja has quit IRC18:18
*** raildo has quit IRC18:19
lbragstaddoes anyone want to do a project interview during the PTG?
lbragstadcc wxy unified limits would be a good topic18:19
lbragstadknikolla: cmurphy fyi -
lbragstadfrom coreycb18:20
knikollalbragstad: yay!18:20
lbragstadthat will get rolled out with rc118:21
lbragstadso - i guess the next question is, do we need an rc2 if that becomes the new documentation?18:21
lbragstads/documentation/apache configuration/18:21
lbragstaddo we need new documentation for that configuration?18:21
*** raildo has joined #openstack-keystone18:22
*** r-daneel_ has joined #openstack-keystone18:28
knikollalbragstad: a search and replace for 35357 -> 5000 at a minimum18:28
lbragstadwe should be able to get that done today18:28
lbragstadand merged before tomorrow18:28
knikollaack, i'll review18:28
*** Supun has joined #openstack-keystone18:28
*** r-daneel has quit IRC18:29
*** r-daneel_ is now known as r-daneel18:29
knikollawe should also have redhat and suse (cmurphy) remove 35357, so that there's consistency18:29
knikollain their packages18:29
cmurphyyeah i can work on that this week18:29
knikollacool :)18:30
*** Supun has quit IRC18:38
*** Supun has joined #openstack-keystone18:38
*** sambetts is now known as sambetts|afk18:41
*** Supun has quit IRC18:57
*** Supun has joined #openstack-keystone19:00
mordredcmurphy, lbragstad: I just found a super-edge-casey bug in keystoneauth version discovery ... requesting version='latest' ona service that does not have any version discovery document but also has an unversioned endpoint in the catalog results in a traceback19:04
mordredinstead of falling back to using the endpoint in the catalog19:04
kmallocmordred: gross19:05
mordredkmalloc: yah. like I said -it's SUPER edge case, and I'll be working with the service in quesiton to get a version discovery document added19:05
*** Exhar has joined #openstack-keystone19:05
kmallocwe should prob. get a bug on it.19:05
*** Supun has quit IRC19:09
cmurphyhey kmalloc i had a crazy idea, can you tell me if it's ridiculous
cmurphyayoung is not a fan19:11
kmallocit's ridiculous, but not sure if good or bad until i look at it ;) [ok that doesn't help heheh]19:11
kmallochonestly, i prefer to drop the FK.19:12
cmurphythat's what that does19:12
kmallocit's a tough sell because it changes behavior(ish) in some cases.19:12
kmallocthe FK was a bad call when it was added19:13
kmalloclet me think about the ramifications, but i'd like to see it go if it doesn't impact things too much19:13
cmurphythanks kmalloc19:13
*** r-daneel_ has joined #openstack-keystone19:13
kmallocman, i'm cold today. not sure why19:14
*** r-daneel has quit IRC19:14
*** r-daneel_ is now known as r-daneel19:14
cmurphyi'm rationalizing that since it doesn't break tempest then it's not really changing behavior that badly19:14
cmurphybut the counter to that is maybe we don't have enough coverage19:14
kmallocwe def. don't have enough coverage :P19:15
kmallocbut that aside...19:15
*** jmlowe_ has joined #openstack-keystone19:16
*** jmlowe has quit IRC19:17
*** knasim-wrs has joined #openstack-keystone19:17
knasim-wrshi folks, I've migrated my deployment to Fernet and see a degradation in performance around VM Live Migration events19:18
knasim-wrsI am tracking the services (Cinder, Neutron, Nova) to see if the AUTH calls they make out to Keystone in Pike, have increased dramatically. In the meantime I was thinking of enabling caching19:19
knasim-wrsdoes Keystone offer an in-process cache? Something that does not require integration with Memcached or Redis19:19
kmallocyou should enable caching in general, it improves performance for tokens/validation by a large amount19:19
openstackgerritMonty Taylor proposed openstack/keystoneauth master: WIP Handle unversioned endpoints with no discovery document
kmallocdon't do in-process caching19:19
kmallocyou will be sad, because something will cache on some requests but not others19:20
kmallocand you might get failures/successes because tokens expire/revoke and it is only reflected on some processes19:20
knasim-wrskmalloc: Thanks. So you're saying enable cache/enabled = True19:20
mordredkmalloc, cmurphy, lbragstad: ^^ that fixes the immediate issue - but clearly needs tests and I left a TODO in there about another check that sohuld be added19:20
knasim-wrsbut what about the caching backend?19:20
kmalloci would, but you should be running with memcache or redis, memcache is the one with the most drivetime19:20
kmallockeystone ALSO does per-request caching for the data from the DB, but that cache is only to minimize SQL round-trips19:21
knasim-wrswon't be able to get Memcached in the product at this stage... shipping out next month19:21
kmalloceach of the services that use keystonemiddleware should also use caching for the tokens19:21
kmallocthat can be done in-memory, but again, memcache is a much much better choice19:21
kmallocmemcache scales keystone and auth/validation by a lot19:22
knasim-wrsso memcache is better, and I can consider that for our next software release. But for now I am going to enable the internal caches19:22
kmallocbe careful on that. do extensive testing and expect some wonky behavior19:22
knasim-wrs1) enable caching in the keystonemiddleware in all the services19:23
kmallocin-process caching in openstack is, imo, a mistake19:23
kmallocwe test in the gate with memcache fwiw.19:23
kmallocbut if you're ok with the edge cases, then it can help for sure.19:23
kmalloc(in-process that is)19:23
kmallocmordred: thanks19:24
kmallocmordred: yeah def. need tests. but that is a good starting place.19:24
mordredkmalloc: I happened to have a convenient live-against-public-cloud reproduction case locally so I could verify that that fixes the behavior - figured just pushing it up would record the issue19:25
mordreduntil we cna get it fleshed out more better19:25
knasim-wrsyeah I see that we have the in-process cache enabled in some of our services:19:25
knasim-wrskmalloc: For the caching backends in keystone I have these options in Pike19:27
knasim-wrskmalloc: For the caching backends in keystone I have these options in Pike19:28
*** Supun has joined #openstack-keystone19:28
knasim-wrsset to dogpile.cache.null19:28
lbragstadi was tinkering with dogpile.cache.memcached recently19:28
lbragstaddebugging some openstack-ansible issues19:28
knasim-wrshow was it LanceƉ19:29
knasim-wrsjust looking for a stable in-process cache that scales decently19:29
knasim-wrsenough for us to get the product out... right now Live Migration times in Pike after transitioning to Fernet has gone up to 70 seconds19:29
knasim-wrsthat is too long19:29
knasim-wrswe were in the 30-45 sec range in Newton19:30
lbragstadthe problem we were hitting was with multiple cache backends configured, which keystone should shard data across, making it an even better choice19:30
kmalloclbragstad: there was some bug around that... i think we fixed it?19:30
lbragstadyep - well, partially19:30
lbragstadi have a link19:30
lbragstadthis was the fix
kmallocyah. that one19:31
openstackLaunchpad bug 1743036 in oslo.cache "Multiple memcached back-end instances breaks caching" [Undecided,Confirmed] - Assigned to Morgan Fainberg (mdrnstm)19:31
kmallocthought that was it.19:31
lbragstadbut - there is a work around for it19:31
kmalloci have a fix for it, but it's going to be a lot of code19:32
lbragstadit more or less boils down to client issues, based on our last discussions19:32
kmallocso backend_argument can be used again19:32
kmallocit is not easy to fix unfortunately19:32
*** markvoelker has quit IRC19:33
*** markvoelker_ has joined #openstack-keystone19:33
*** jmlowe has joined #openstack-keystone19:33
*** jmlowe has quit IRC19:33
lbragstadknasim-wrs: i think one place i might start19:33
lbragstadwould be to try and install memcached locally with the keystone servers19:33
lbragstadand just let keystone use it's own local memcached deployment19:34
*** jmlowe_ has quit IRC19:34
lbragstadworst case performance would be a token hitting each server for validation before returning to one that has already validated it19:34
lbragstad(since each memcached instance is going to store it's own copy of the token)19:35
knasim-wrsI floated that idea by our architect. We would need to add memcached as a managed service since our platform supports HA (that is services run active-standby) so you can switch over on node failures19:35
lbragstadthen you're not dealing with in-process caching per se19:35
knasim-wrsand so that got turned down fast as its too late in the release cycle19:36
knasim-wrswhich is why I thought the next best option is in-process caching19:36
lbragstadi see what you mean19:36
kmallocalso, i think newton era had some fernet performance issues... lbragstad correct me if i'm wrong19:37
knasim-wrsnow with Fernet tokens I am also getting tons of these error messages:19:37
lbragstadit wasn't so much fernet being the problem, but the entire token validation process changed as a result of token writing a token reference to disk19:37
kmallocknasim-wrs: that is using old tokens with fernet19:37
*** AlexeyAbashkin has joined #openstack-keystone19:37
kmallocthose are uuids19:38
lbragstadso - by way of switching to fernet, we uncovered a lot of performance improvements we could make19:38
kmallocyou have things trying to validate uuid tokens.19:38
lbragstadthe result was a bunch of fixes to our caching implementation to make it more scalable19:38
kmallocyou can only use a single token backend.19:38
kmallocand old tokens when you switch backends will fail19:38
kmallocit's expected.19:39
lbragstadknasim-wrs: do you have to have a graceful turn over?19:39
lbragstadbetween the switch from UUID -> Fernet?19:39
knasim-wrswe create the fernet repo during bootstrap and then set the provider etc19:39
knasim-wrsso I don't understand how services are sending over UUID tokens19:40
knasim-wrsit also reports this:19:40
knasim-wrs2018-02-05 21:42:57.766 48706 WARNING keystonemiddleware.auth_token [-] A valid token was submitted as a service token, but it was not a valid service token. This is incorrect but backwards compatible behaviour. This will be removed in future releases.19:40
lbragstadthey could be holding on to a token prior to the switch19:40
lbragstadclients should re-authenticate if they get a 40419:40
lbragstadwhich will return a new token19:41
lbragstadin the new format19:41
knasim-wrsyeah clients are fine. It is just blowing up performance to authenticate again via Password19:41
knasim-wrsneed to investigate further19:41
lbragstadi did an experiment with a graceful switch19:41
lbragstadand i wrote about the changes you'd need to make if  you didn't want "token downtime" during the migration from uuid -> fernet19:42
lbragstad in case that helps19:42
knasim-wrsi'll look into this to see if we missed anything19:43
lbragstadbut it appears something is trying to pass a uuid token after you make the switch to fernet19:43
knasim-wrsas for in-process caching, is dogpile.cache.null ok?19:43
kmallocnull is no caching19:43
kmallocit's a do-nothing cache19:43
kmallocdogpile.cache.memory should be in-process19:43
lbragstadunless you have half the cluster running uuid and the other half issuing fernet19:43
knasim-wrsyeah that issue needs to be fixed first19:44
lbragstadthen token validation is going to be at the mercy of your load balancer algorithm19:44
knasim-wrsyeah we'd have a lot of cache misses if the transition from UUID -> fernet is not graceful or the cache is not flushed on transition19:45
knasim-wrswhat is oslo_cache.dict? In process?19:45
kmallocsame thing i think19:46
kmallocit does some cleanup though19:46
kmallocoslo_cache.dict is better than dogpile.cache.memory19:46
mordredkmalloc: blast19:49
kmallocmordred: ?19:49
kmallocdidn't work19:49
mordredkmalloc: I'd love to be able to use the stuff in oslo.cache in shade/sdk's caching layer19:50
mordredkmalloc: but it pulls in oslo.config and friends19:50
kmallocit's why KSA doesn't use it19:50
mordredI wonder if we could just split those dogpile plugins into their own thing19:50
*** pcaruana has joined #openstack-keystone19:52
kmallocwell i mean... you could.19:53
kmallocyou lose a bunch of the nice-config stuff that we did for the cache regions19:54
kmallocbut those backends should mostly work with just dogpile.cache19:54
kmallocmaybe need to just vendor the backend into shade (the in-mem one)19:54
*** blake has joined #openstack-keystone19:56
mordredkmalloc: yah - I'll poke around at options for that in this next cycle - I could also use some distributed locking support for the rate-limiting task manager20:01
*** jmlowe has joined #openstack-keystone20:02
*** Supun has quit IRC20:04
*** pcaruana has quit IRC20:07
openstackgerritColleen Murphy proposed openstack/keystone master: Drop domain id foreign key from user table
openstackgerritLance Bragstad proposed openstack/keystone master: Replace port 35357 with 5000 for ubuntu guide
lbragstadcmurphy: knikolla ^20:09
knikollaeasy +220:10
openstackgerritMerged openstack/keystone master: Reorganize api-ref: v3 os-pki
cmurphywhen I install keystone from cloud-archive:queens on ubuntu i still get the old vhost file20:19
cmurphylbragstad: is that commit just in a staging repo or waiting to be synced somewhere?20:20
lbragstadit apparently is going to be sync'd when RC1 goes out20:20
lbragstadat least when i was talking to coreycb in #openstack-pkg earlier20:21
cmurphyah okay20:21
*** AlexeyAbashkin has quit IRC20:33
*** mvk_ has joined #openstack-keystone20:34
*** blake has quit IRC20:36
*** mvk has quit IRC20:36
*** blake has joined #openstack-keystone20:36
*** blake has quit IRC20:48
*** blake has joined #openstack-keystone20:48
*** dave-mcc_ has quit IRC20:49
*** dave-mccowan has joined #openstack-keystone20:50
*** blake__ has joined #openstack-keystone20:50
*** blake has quit IRC20:53
*** blake__ is now known as blake20:55
*** timothyb89 has quit IRC21:09
*** timothyb89 has joined #openstack-keystone21:10
openstackgerritMerged openstack/oslo.policy master: Imported Translations from Zanata
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Repropose JWT specification for Rocky
openstackgerritMerged openstack/keystone master: Replace port 35357 with 5000 for ubuntu guide
*** Suramya has quit IRC21:23
*** Suramya_ has quit IRC21:23
*** raildo has quit IRC21:24
lbragstadcmurphy: you don't know if rderose has looked at yet, do you?21:31
lbragstadit doesn't look like he's commented on it21:33
lbragstadi remember he was in a session with dstanek for like a day figuring out the whole multiple user references thing21:34
cmurphylbragstad: i haven't talked to him about it21:35
lbragstadi might send an email to see if he'd be able to take a look at it21:35
lbragstadsince i don't see him on irc21:35
*** threestrands has joined #openstack-keystone21:39
*** panbalag has left #openstack-keystone21:46
*** spilla has quit IRC22:07
lbragstadcurious if anyone wants to give a read22:07
openstackLaunchpad bug 1748027 in OpenStack Identity (keystone) "The v3 users API should account for different scopes" [Undecided,New]22:07
lbragstadbefore i start creating a bunch of them for every FIXME we landed in policies for scope_types22:07
*** r-daneel has quit IRC22:08
cmurphylbragstad: lgtm22:09
*** rcernin has joined #openstack-keystone22:25
lbragstadstepping away for a bit, i'll be on tonight though22:33
*** knasim-wrs has quit IRC22:34
*** blake has quit IRC22:45
*** blake has joined #openstack-keystone22:46
*** itlinux has quit IRC22:50
*** blake has quit IRC22:52
*** martinus__ has quit IRC22:53
*** masber has joined #openstack-keystone23:27
*** edmondsw has quit IRC23:37
*** itlinux has joined #openstack-keystone23:43
*** dave-mccowan has quit IRC23:45
*** markvoelker_ has quit IRC23:45
*** dave-mccowan has joined #openstack-keystone23:47

Generated by 2.15.3 by Marius Gedminas - find it at!