Friday, 2018-04-20

« Thursday, 2018-04-19 Index Saturday, 2018-04-21 »
*** gyee has quit IRC00:04
*** PsionTheory has quit IRC00:20
*** edmondsw has joined #openstack-keystone00:27
*** edmondsw has quit IRC00:32
*** oikiki has joined #openstack-keystone00:37
*** harlowja has quit IRC00:46
*** panbalag has joined #openstack-keystone00:49
*** panbalag has left #openstack-keystone00:49
*** dave-mccowan has quit IRC01:01
*** knasim-wrs has quit IRC01:03
*** knasim-wrs has joined #openstack-keystone01:05
*** yikun__ has quit IRC01:20
*** dave-mccowan has joined #openstack-keystone01:26
openstackgerritwangxiyuan proposed openstack/oslo.policy master: Follow the new PTI for document build  https://review.openstack.org/54908801:42
*** dave-mccowan has quit IRC01:47
openstackgerritMerged openstack/keystone master: Allow blocking users from self-service password change  https://review.openstack.org/55943801:57
*** edmondsw has joined #openstack-keystone02:15
*** edmondsw has quit IRC02:20
*** jaosorior has quit IRC02:42
*** jaosorior has joined #openstack-keystone02:57
*** knasim-wrs has quit IRC02:58
*** knasim-wrs has joined #openstack-keystone02:58
*** threestrands has joined #openstack-keystone02:59
*** eschwartz is now known as btrfs03:00
*** nicolasbock has quit IRC03:00
*** zhurong has joined #openstack-keystone03:00
*** jmlowe has quit IRC03:02
*** sonuk has joined #openstack-keystone03:18
*** germs has quit IRC03:21
*** germs has joined #openstack-keystone03:21
*** oikiki has quit IRC03:37
*** oikiki has joined #openstack-keystone03:38
*** oikiki has quit IRC03:45
*** annp has quit IRC03:54
*** annp has joined #openstack-keystone03:55
*** btrfs is now known as defrag03:56
*** zhurong has quit IRC04:24
*** sonuk has quit IRC05:09
*** jaosorior_ has joined #openstack-keystone05:17
openstackgerritMerged openstack/keystone master: Update the RDO installation guide to use port 5000  https://review.openstack.org/56281405:20
*** jaosorior has quit IRC05:21
*** links has joined #openstack-keystone05:26
*** jaosorior_ is now known as jaosorior05:48
*** sonuk has joined #openstack-keystone06:28
*** pcaruana has joined #openstack-keystone06:43
openstackgerritmelissaml proposed openstack/keystonemiddleware master: Follow the new PTI for document build  https://review.openstack.org/56295106:45
*** threestrands has quit IRC07:00
*** rcernin has quit IRC07:02
*** tesseract has joined #openstack-keystone07:12
*** AlexeyAbashkin has joined #openstack-keystone07:37
fricklerI'm trying to track down why the ceph job is failing in keystone startup for some weeks now, if anyone could take a look that would be great https://bugs.launchpad.net/openstack-gate/+bug/176563808:49
openstackLaunchpad bug 1765638 in OpenStack-Gate "legacy-tempest-dsvm-full-devstack-plugin-ceph job failing" [Undecided,New]08:49
wxyfrickler: http://logs.openstack.org/86/547986/9/check/legacy-tempest-dsvm-full-devstack-plugin-ceph/cd4a858/logs/screen-keystone.txt.gz08:51
wxyfrickler: seems the urlmap package is missing.08:51
fricklerwxy: I don't think there is such a package, iiuc it is paste-deploy magic. what completely eludes me is why it is failing in this job and not in others with a seemingly identical devstack config08:53
*** jaosorior has quit IRC08:59
wxyfrickler: oh right. seems paste doesn't work. checking.09:02
openstackgerritwangxiyuan proposed openstack/keystonemiddleware master: Fix the doc CI failure  https://review.openstack.org/56299409:07
*** viks__ has joined #openstack-keystone09:23
*** viks___ has joined #openstack-keystone09:23
*** viks___ has left #openstack-keystone09:23
*** viks__ has quit IRC09:24
*** sonuk_ has joined #openstack-keystone09:28
*** sonuk has quit IRC09:31
fricklerwxy: oh, but you still have led me onto the right track it seems: ceph pkgs pull in python-paste pkg from upstream which seems to overwrite the pip-installed Paste. and even though it claims to be the same version (2.0.3), they seem to behave differently09:32
*** viks has joined #openstack-keystone09:41
*** pcichy has joined #openstack-keystone09:51
openstackgerritTovin Seven proposed openstack/keystone master: Trivial: Update pypi url to new url  https://review.openstack.org/56301909:56
openstackgerritTovin Seven proposed openstack/python-keystoneclient master: Trivial: Update pypi url to new url  https://review.openstack.org/56305510:20
*** markvoelker has quit IRC10:30
*** markvoelker has joined #openstack-keystone10:30
*** pcaruana has quit IRC10:31
*** nicolasbock has joined #openstack-keystone10:33
*** markvoelker has quit IRC10:35
*** alex_xu has quit IRC11:14
*** alex_xu has joined #openstack-keystone11:19
*** alex_xu has quit IRC11:23
*** jaosorior has joined #openstack-keystone11:29
*** alex_xu has joined #openstack-keystone11:29
*** panbalag has joined #openstack-keystone11:29
*** obre_ has quit IRC11:37
*** obre has joined #openstack-keystone11:39
*** obre has quit IRC11:40
*** obre has joined #openstack-keystone11:41
*** sonuk_ has quit IRC11:41
*** pcaruana has joined #openstack-keystone11:46
*** jmlowe has joined #openstack-keystone11:59
*** annp has quit IRC12:02
*** markvoelker has joined #openstack-keystone12:02
*** jmlowe has quit IRC12:04
*** jmlowe has joined #openstack-keystone12:23
*** raildo has joined #openstack-keystone12:26
*** thiagolib_ has joined #openstack-keystone12:44
*** panbalag has left #openstack-keystone12:50
*** spilla has joined #openstack-keystone12:51
*** dave-mccowan has joined #openstack-keystone12:57
*** dave-mccowan has quit IRC13:02
*** edmondsw has joined #openstack-keystone13:05
*** dave-mccowan has joined #openstack-keystone13:07
*** edmondsw has quit IRC13:10
*** jmlowe_ has joined #openstack-keystone13:16
*** jmlowe has quit IRC13:19
*** ayoung has joined #openstack-keystone13:21
*** masber has quit IRC13:27
lbragstadfrickler: wxy melwitt and i were working on the same bug last week - http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-04-13.log.html#t2018-04-13T23:34:1713:29
*** defrag is now known as eschwartz13:31
*** masuberu has joined #openstack-keystone13:32
cmurphylbragstad: do you have any tricks or scripts for querying launchpad bugs? I'm wondering how we could get a status report for all keystone+ksa+ksm+ksc+? projects or reporting on how many bugs were opened versus closed this week13:37
lbragstadcmurphy: i do not - i really just have a set of links for specify lp queries13:39
lbragstadbut - i said i was going to write a tool in denver during the retro13:39
cmurphylbragstad: are those the links you gave in the last update email?13:40
lbragstadso maybe that time is now if we're going to integrate more of that kind of information in the report13:40
lbragstadyes13:40
lbragstadthe bitly ones13:40
cmurphymmk13:40
lbragstad(google's url shortened is apparently going away)13:40
cmurphywhat no way13:40
lbragstadyep13:40
lbragstadhttps://goo.gl/13:41
cmurphy:(13:41
lbragstadi was very surprised to see that last week when i went to use it... hence the bitly urls13:41
cmurphythat's very strange13:42
cmurphyanyways13:42
cmurphywe're still at 127 bugs for openstack/keystone13:42
lbragstadwe're really good at closing like two or three and then opening like two or three13:43
cmurphyso reporting that number again isn't that interesting but reporting how many were closed and opened would be a little more valuable13:43
cmurphylol yeah13:43
lbragstadi agree13:43
lbragstaddo we want something that tells us all bug activity?13:44
lbragstador do we really only care about a few specific things for all keystone projects?13:44
lbragstad(e.g. opened bugs, closed bugs, total bugs, etc.)13:44
fricklerlbragstad: yes, I discovered that in the meantime when landing at the same revert ... :-D13:44
lbragstadfrickler: oh - good deal, i assume you found melwitt's revert then?13:45
fricklerlbragstad: yes, as a duplicate of the revert that I tried ;)13:45
lbragstadcool13:45
cmurphyi feel like there's only a few things i care about: how many are open for all projects under the keystone umbrella, how many have been opened since <date>, how many were fixed since <date>, maybe how many were wontfix closed since <date>, and how many fires there are13:46
cmurphylaunchpad doesn't make it super easy to find that just with the UI, maybe it's easier with the API13:47
lbragstadcmurphy: yeah - it's about the same, but at least with a script you can aggregate things together and make it appear like a single query13:47
cmurphyah okay13:47
cmurphyotoh if we want to move to storyboard then it's probably not worth the time to write new lp scripts13:48
lbragstador at least that's how i've gotten around that (most of my lp tooling connects with a single project at a time)13:48
lbragstadthat's a fair point13:48
lbragstadi'm not sure how much time we have left though?13:49
lbragstadhas there been any breaking news on that front?13:49
cmurphyi think we can reach out to the storyboard/infra team and do it whenever we want13:49
cmurphyiirc hrybacki was going to do a storyboard evaluation13:49
lbragstadahh13:49
*** ayoung has quit IRC13:53
*** ayoung has joined #openstack-keystone13:57
*** dims has quit IRC13:58
lbragstadayoung: i'm trying to work jay's feedback into https://review.openstack.org/#/c/553613/13:59
lbragstadi should have a working version today with the scope_types stuff13:59
lbragstadin case you want to take a gander13:59
ayounglbragstad, on the tests?13:59
lbragstadyeah - i just tried working the tests into the patch so that the nova developers would feel a little better making the change14:00
ayoungI think what I wanted to show with my tests is that things worked exactly the same, so they were comfortable merging them14:00
*** mnaser has quit IRC14:00
*** mnaser has joined #openstack-keystone14:01
lbragstadyeah - that's a good point14:01
ayounglbragstad, a big thing I was shooting for was opt in.  THat was what I was trying to get at last week:  we need to let things continue to work as is until we activate.14:01
hrybackicmurphy: correct. On the list of todos :)14:01
ayoungSo we can't just immediately jump to "you have to have these system roles" or everthing will break and the Tempest tests will fail etc14:02
lbragstadsure - but we do have enforce_scope at our disposal, too14:02
*** links has quit IRC14:03
*** dansmith is now known as superdan14:04
*** dims has joined #openstack-keystone14:04
*** hrybacki has quit IRC14:06
*** hrybacki has joined #openstack-keystone14:06
ayounglbragstad, yep, so the tests should show both with and without enforce_scope activated, maybe with a comment along those lines.14:11
lbragstadok - right14:11
*** pcichy has quit IRC14:12
lbragstadi have quiet a few changes locally and i did some restructuring - but hopefully it will make that easier14:12
*** sonuk has joined #openstack-keystone14:26
*** jaosorior has quit IRC14:37
*** samueldmq has quit IRC14:40
*** samueldmq has joined #openstack-keystone14:41
*** bhagyashris has quit IRC14:52
*** edmondsw has joined #openstack-keystone14:54
*** edmondsw has quit IRC14:58
*** knasim-wrs has quit IRC15:00
gagehugoo/15:00
*** felipemonteiro has joined #openstack-keystone15:00
lbragstado/15:01
*** felipemonteiro_ has joined #openstack-keystone15:02
knikollao/15:02
*** felipemonteiro has quit IRC15:06
*** dklyle has joined #openstack-keystone15:08
*** wlmbasson has quit IRC15:12
*** wlmbasson has joined #openstack-keystone15:12
*** germs has quit IRC15:21
*** germs has joined #openstack-keystone15:22
*** germs has quit IRC15:22
*** germs has joined #openstack-keystone15:22
*** dave-mccowan has quit IRC15:24
*** gmann has quit IRC15:27
*** gmann has joined #openstack-keystone15:27
*** jdennis has quit IRC15:31
*** gyee has joined #openstack-keystone15:45
*** gyee has quit IRC15:45
*** tesseract has quit IRC15:58
lbragstadthis is a pretty cool library http://dateparser.readthedocs.io/en/latest/15:58
lbragstad^ that just made my launchpad tooling *way* easier to use15:59
*** thiagolib_ has quit IRC16:04
*** felipemonteiro_ has quit IRC16:04
*** gyee has joined #openstack-keystone16:06
*** dims has quit IRC16:06
*** AlexeyAbashkin has quit IRC16:09
*** dims has joined #openstack-keystone16:11
*** jdennis has joined #openstack-keystone16:12
*** germs has quit IRC16:22
*** germs has joined #openstack-keystone16:23
*** germs has quit IRC16:23
*** germs has joined #openstack-keystone16:23
lbragstadcmurphy: i should have a rough report ready for you soon, but if you're just about it hit send i can respond to your note with the bug details16:24
lbragstadhttp://paste.openstack.org/show/719644/ march report16:40
lbragstadhttp://paste.openstack.org/show/719645/ weekly report16:41
lbragstadtl;dr 5 bugs were opened this week; non were close; 4 were fixed16:41
*** edmondsw has joined #openstack-keystone16:42
openstackgerritMerged openstack/keystonemiddleware master: Fix the doc CI failure  https://review.openstack.org/56299416:43
*** edmondsw has quit IRC16:47
*** dklyle has quit IRC16:49
alee__lbragstad, hey - any idea how I would test sql migrations?17:03
lbragstadalee__: you should be able to with a blank mysql database, connection information in the keystone configuration file, and use keystone-manage db_sync17:04
alee__lbragstad, I tried running the command under https://docs.openstack.org/keystone/latest/contributor/testing-keystone.html  in "Testing Schema Migrations¶" with no dice ..17:05
alee__lbragstad, let me try that ...17:05
lbragstadalee__: do you have a database locally that keystone can connect to?17:07
lbragstadlike, a real database, not sqlite?17:07
alee__lbragstad, no -- I'm just usign sqlite fo now17:08
lbragstadalee__: ok, just a warning, our migrations might do different things spending on the sql engine17:09
alee__lbragstad, ack -- so I'm looking to fix the following bug .. https://bugzilla.redhat.com/show_bug.cgi?id=156960517:10
openstackbugzilla.redhat.com bug 1569605 in rhosp-director "OSP10->11->12 undercloud upgrade fails with: ERROR keystone DbMigrationError: (pymysql.err.InternalError) (1061, u"Duplicate key name 'ix_default_project_id'") [SQL: u'CREATE INDEX ix_default_project_id ON user (default_project_id)']" [Urgent,Assigned] - Assigned to hrybacki17:10
alee__lbragstad, the basic problem is that I backported a change which has a sql miration in it that creates an index17:10
alee__when folks try to upgrade, the index create runs again17:11
lbragstadyeah17:11
alee__and bad things ensue17:11
lbragstadkmalloc: and i were looking at this a big yesterday with hrybacki17:11
alee__the fix is basically to make the migration script idempotent17:11
lbragstadcorrect17:11
lbragstads/big/bit/17:11
alee__indicentally is there a way in sqlalchemy to check for the existence of an index?17:12
alee__I have not seen one googling ..17:12
alee__I can always catch the exception otherwise ..17:13
alee__(and ignore it)17:13
lbragstadalee__: oh - that might be a good question for zzzeek_17:15
*** knasim-wrs has joined #openstack-keystone17:16
alee__lbragstad, thanks - I figured you'd know who the expert was :)17:16
knasim-wrshas anybody tried to enable K2K Federation with keystone running under Gunicorn?17:16
alee__zzzeek_, ^^ ?17:17
knasim-wrsDocumentation says to use Apache17:17
lbragstadknasim-wrs: that's because keystone's current federation implementation relies on apache plugins to do the heavy lifting with SAML17:17
zzzeek_alee__: sure use inspect(engine).get_indexes(tablename)17:17
knasim-wrsbummer :(17:18
lbragstadbut last i heard you could use some of those plugins with other things (i want to say someone got it running with nginx)17:18
zzzeek_alee__: http://docs.sqlalchemy.org/en/latest/core/reflection.html?highlight=get_indexes#sqlalchemy.engine.reflection.Inspector.get_indexes17:18
knasim-wrswhat if I use something like OpenID instead of SAML?17:18
lbragstadi believe the openstack-ansible folks were working on that17:18
alee__zzzeek_, ah cool thanks ..17:21
*** pcaruana has quit IRC17:22
*** pcaruana has joined #openstack-keystone17:33
*** felipemonteiro_ has joined #openstack-keystone17:33
gyeelbragstad, for fernet token, can't fernet_rotate implicitly do fernet_setup if it hasn't been initialized. I see OSA have separate tasks for them. It would be nice if fernet_rotate encapsulates fernet_setup. Saved us an extra step.17:34
gyeeand extra deployment code17:34
*** felipemonteiro_ has quit IRC17:39
kmallocknasim-wrs: gunicorn has historically not worked for keystone at all17:43
kmallocknasim-wrs: i've always had serious issues (hence the choice of uwsgi over gunicorn)17:43
knasim-wrswe've been using gunicorn for 3 releases of our product now17:43
knasim-wrsfor both Keystone and Ceilometer17:43
knasim-wrskmalloc: what kind of issues? Maybe I can look into some and make a case for us to move17:44
kmallocknasim-wrs: oslo-config stomps on config options gunicorn needed17:44
kmallocbasically gunicorn and oslo-config (due to some CLI processing we used to do) just caused it to fail17:45
kmallocif you can get it to work, no guarantees it wont break again unless we get some level of testing added to the gate17:45
knasim-wrsok, i'll look into it17:45
kmallocwe test with uwsgi and we know mod_wsgi is very compatible17:45
knasim-wrsbasically I just need K2K federation to allow Single Sign On for users in my Primary Cloud with Sub Clouds.17:47
knasim-wrsis there any other way I can achieve this without transitioning to Apache?17:47
knasim-wrsshort of replicating DBs which is ugly17:47
knasim-wrsMy SQL identity backend that is17:47
knasim-wrsunless I make Nginx as the front for my gunicorn17:50
kmallochmmmmmmm... i think you might need apache or nginx for shibboleth fronting17:50
kmallocnginx works fine with uwsgi as well, for the record.17:51
knasim-wrsthere is stuff out there to enable federation / Shibboleth with Nginx:17:51
knasim-wrshttps://medium.com/ucl-api/adventures-in-shibboleth-and-nginx-part-2-of-2-6455a7f1d02617:51
kmallocyep17:51
kmallocnginx should be able to do it, but i haven't tried it myself.17:51
knasim-wrsok I'll try nginx with gunicorn and if that doesn't work then I guess we will have to move to uwsgi17:51
kmallocthat sounds good17:51
kmallocuwsgi should be super easy to run in lieu of gunicorn if needed17:52
*** ayoung has quit IRC17:58
cmurphylbragstad: i wasn't about to hit send :)18:01
knasim-wrskmalloc: came across this: https://docs.openstack.org/keystone/pike/advanced-topics/external-auth.html18:02
lbragstadcmurphy: just wanted to make sure you weren't waiting on me18:03
knasim-wrsI essentially just need Keystone to query an external Identity Backend (the one in my primary cloud) so one option may be to use a custom Middleware like what the link describes18:03
cmurphylbragstad: no i wasn't gonna worry about it that much :)18:03
*** oikiki has joined #openstack-keystone18:03
lbragstadcmurphy: cool -18:04
*** dklyle has joined #openstack-keystone18:04
lbragstadi actually had an interesting idea with that18:04
kmallocknasim-wrs: it is possible.18:04
lbragstadif you generate reports for every week, you can get all bug data for the history of the project in week increments18:05
kmallocknasim-wrs: there are a lot of options.18:05
lbragstaddistill it into a simple format, and plot out with $you-favorite-tool18:05
lbragstadyour*18:05
lbragstadmight be intersting to see the trends18:05
lbragstadi guess it would be a more detailed view of the stackalytics reports18:06
cmurphylbragstad: that would be cool18:07
*** dave-mccowan has joined #openstack-keystone18:07
lbragstadi did generate reports for the last three months and we consistently close about 15 - 17 bugs a month lol18:08
cmurphyhaha awesome18:08
cmurphygo us18:08
lbragstads/close/fix/18:08
lbragstadah - fixed 10 in january, 16 in february, 17 in march18:09
*** ayoung has joined #openstack-keystone18:11
*** pcaruana has quit IRC18:29
*** nicolasbock has quit IRC18:36
kmalloclbragstad: pushed the enum fix for stable18:38
lbragstadsweet18:38
lbragstadkmalloc: thanks18:39
*** pcichy has joined #openstack-keystone18:45
openstackgerritmelissaml proposed openstack/keystoneauth master: Trivial: Update pypi url to new url  https://review.openstack.org/56322718:50
*** harlowja has joined #openstack-keystone19:02
*** knasim-wrs has quit IRC19:18
*** nicolasbock has joined #openstack-keystone19:33
alee__lbragstad, hrybacki  do you happen to know if the db issue ever had a launchpad bug opened for it?19:42
alee__lbragstad, or shoudlI just reference the bugzilla?19:43
hrybackialee__: it hasn't -- the fix was never backported upstream so noone would have encountered it =/19:46
alee__hrybacki, ok - creating a lp bug19:46
lbragstadcmurphy: https://github.com/lbragstad/launchpad-toolkit#building-bug-reports19:58
openstackgerritAde Lee proposed openstack/keystone master: Make db migration idempotent  https://review.openstack.org/56326620:05
alee__hrybacki, lbragstad ^^20:06
alee__zzzeek_, ^^20:06
cmurphylbragstad: sweet20:07
lbragstadcmurphy: it's rough, but it gives a better high level view that our other tools20:09
lbragstader - my other lp tools20:09
*** edmondsw has joined #openstack-keystone20:19
*** germs has quit IRC20:22
*** edmondsw has quit IRC20:23
lbragstadkmalloc: you might be interested in taking a look at that migration20:24
lbragstadhttps://bugs.launchpad.net/keystone/+bug/176583020:24
openstackLaunchpad bug 1765830 in OpenStack Identity (keystone) "migration from osp 10 -> 11 -> 12 fails because migration script 22 is not idempotent" [Undecided,In progress] - Assigned to Ade Lee (alee-3)20:24
*** germs has joined #openstack-keystone20:25
*** germs has quit IRC20:25
*** germs has joined #openstack-keystone20:25
*** dave-mccowan has quit IRC20:32
*** raildo has quit IRC20:44
openstackgerritMerged openstack/keystone master: Trivial: Update pypi url to new url  https://review.openstack.org/56301920:53
*** jmlowe has joined #openstack-keystone21:01
*** jmlowe_ has quit IRC21:04
*** felipemonteiro has joined #openstack-keystone21:06
*** spilla has quit IRC21:10
*** aning has quit IRC21:13
*** lbragstad has quit IRC21:17
*** eschwartz has quit IRC21:19
*** lbragstad has joined #openstack-keystone21:19
*** ChanServ sets mode: +o lbragstad21:19
*** anyone has joined #openstack-keystone21:19
openstackgerritMerged openstack/keystonemiddleware master: Properly zero out max_retries in test_http_error_not_cached_token  https://review.openstack.org/54722821:27
openstackgerritMerged openstack/keystonemiddleware master: Remove empty files  https://review.openstack.org/54695221:27
openstackgerritMerged openstack/keystonemiddleware master: Only include response body if there's a response  https://review.openstack.org/53810821:27
*** spilla has joined #openstack-keystone21:36
*** felipemonteiro_ has joined #openstack-keystone21:52
*** felipemonteiro has quit IRC21:55
*** felipemonteiro_ has quit IRC21:56
*** felipemonteiro_ has joined #openstack-keystone21:57
*** oikiki has quit IRC22:00
*** oikiki has joined #openstack-keystone22:01
*** oikiki has quit IRC22:01
*** gyee has quit IRC22:06
*** edmondsw has joined #openstack-keystone22:07
*** edmondsw has quit IRC22:11
*** felipemonteiro__ has joined #openstack-keystone22:26
*** felipemonteiro_ has quit IRC22:29
*** felipemonteiro_ has joined #openstack-keystone22:30
*** felipemonteiro__ has quit IRC22:30
*** superdan is now known as dansmith22:51
*** pcichy has quit IRC22:51
*** nicolasbock has quit IRC23:11
*** rcernin has joined #openstack-keystone23:15
kmallocOk23:19
*** felipemonteiro_ has quit IRC23:21
*** edmondsw has joined #openstack-keystone23:56
« Thursday, 2018-04-19 Index Saturday, 2018-04-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!