Tuesday, 2018-04-24

« Monday, 2018-04-23 Index Wednesday, 2018-04-25 »
*** gyee has quit IRC00:02
*** pcaruana has quit IRC00:02
*** rmascena__ has quit IRC00:25
*** namnh has joined #openstack-keystone00:42
*** spzala has joined #openstack-keystone00:49
*** spzala has quit IRC01:13
*** jdennis has quit IRC01:14
*** zeus has quit IRC01:15
*** zeus has joined #openstack-keystone01:18
*** zeus is now known as Guest6275101:18
*** jdennis has joined #openstack-keystone01:18
*** spzala has joined #openstack-keystone01:52
*** spzala has quit IRC01:57
wxyayoung: The blog's name is "麦田的守望者", in English is "The Catcher in the Rye", actually it's from an English book. https://en.wikipedia.org/wiki/The_Catcher_in_the_Rye01:58
ayoungwxy Thank you. I got the reference, but I was wondering if it was a play on his name.01:58
wxyhis nick name is "麦田麦芽"01:59
ayoungwxy, do you happen to know if he is a regular OpenStack contributor?01:59
ayoungGoogle is translating his nickname to "Wheat malt"  which I have no idea if that is even close.02:00
ayoung麦田  is the same first two characters.  Google wants that to be Wheat Fields02:01
wxyayoung: it's hard to know, because he just uses a blog website, on which he just registered a nick name casually02:01
ayoungwxy, its too bad, as it seems to be the best documentation of using Gnocchi out there02:01
wxyayoung: I can ask others in my Chinese wechat group. Maybe someone knows.02:02
*** panbalag has joined #openstack-keystone02:06
*** panbalag has left #openstack-keystone02:11
ayoungwxy, thanks.  Its not critical, but it would be nice to properly cite.  If it is OK with them02:17
wxyayoung: well, seems nobody knows this blog. I think it's OK to properly cite them. We are not very strict for this kind of cite in China. You just need to add a  link to his article when citing02:29
*** spzala has joined #openstack-keystone02:34
*** annp has quit IRC02:42
*** gongysh has joined #openstack-keystone02:45
*** spzala has quit IRC02:48
*** jdennis has quit IRC02:52
*** annp has joined #openstack-keystone02:54
*** jdennis has joined #openstack-keystone02:58
*** nicolasbock has quit IRC03:26
*** jdennis has quit IRC03:33
*** jdennis has joined #openstack-keystone03:36
*** jdennis has quit IRC03:51
openstackgerritwangxiyuan proposed openstack/keystone master: Update IdP sql model  https://review.openstack.org/55967604:10
openstackgerritwangxiyuan proposed openstack/keystone master: Fix the test for unique IdP  https://review.openstack.org/56381204:10
*** evrardjp has quit IRC04:15
*** dklyle has joined #openstack-keystone04:17
*** markvoelker has quit IRC04:29
*** dklyle has quit IRC04:37
*** edmondsw has joined #openstack-keystone04:43
*** edmondsw_ has joined #openstack-keystone04:44
*** edmondsw has quit IRC04:48
*** sapd has quit IRC04:59
*** sapd_ has joined #openstack-keystone04:59
*** edmondsw_ has quit IRC04:59
*** sapd_ has quit IRC05:07
*** sapd__ has joined #openstack-keystone05:07
*** gongysh has quit IRC05:11
*** evrardjp has joined #openstack-keystone05:21
*** edmondsw has joined #openstack-keystone05:41
*** edmondsw has quit IRC05:45
*** edmondsw has joined #openstack-keystone06:02
*** edmondsw has quit IRC06:06
*** gongysh has joined #openstack-keystone06:07
*** martinus__ has joined #openstack-keystone06:08
*** links has joined #openstack-keystone06:16
*** markvoelker has joined #openstack-keystone06:30
*** threestrands has quit IRC06:32
*** tesseract has joined #openstack-keystone06:49
*** threestrands has joined #openstack-keystone06:50
*** threestrands has quit IRC06:50
*** threestrands has joined #openstack-keystone06:50
*** pcaruana has joined #openstack-keystone06:58
*** gongysh has quit IRC06:59
*** dangtrinhnt has joined #openstack-keystone07:02
*** markvoelker has quit IRC07:04
*** jaosorior has joined #openstack-keystone07:08
*** threestrands has quit IRC07:10
*** rcernin has quit IRC07:16
*** oikiki has joined #openstack-keystone07:23
*** edmondsw has joined #openstack-keystone07:24
*** edmondsw has quit IRC07:28
*** edmondsw has joined #openstack-keystone07:45
*** edmondsw has quit IRC07:49
*** spzala has joined #openstack-keystone07:53
*** spzala has quit IRC07:57
*** markvoelker has joined #openstack-keystone08:01
*** oikiki has quit IRC08:03
*** AlexeyAbashkin has joined #openstack-keystone08:05
*** edmondsw has joined #openstack-keystone08:05
*** edmondsw has quit IRC08:09
*** gongysh has joined #openstack-keystone08:15
*** edmondsw has joined #openstack-keystone08:26
*** mvk has quit IRC08:28
*** jistr is now known as jistr|mtgs08:28
*** edmondsw has quit IRC08:30
*** markvoelker has quit IRC08:34
openstackgerritMerged openstack/keystone master: Remove the sample .conf file  https://review.openstack.org/52124908:50
*** ianw is now known as ianw_pto08:54
*** mvk has joined #openstack-keystone08:59
*** panbalag has joined #openstack-keystone09:03
*** panbalag has left #openstack-keystone09:04
*** jaosorior has quit IRC09:18
*** markvoelker has joined #openstack-keystone09:31
*** jaosorior has joined #openstack-keystone09:44
*** gongysh has quit IRC09:48
*** namnh has quit IRC09:54
*** markvoelker has quit IRC10:06
*** annp has quit IRC10:29
*** mvk has quit IRC10:29
*** annp has joined #openstack-keystone10:30
*** mvk has joined #openstack-keystone10:42
*** jaosorior has quit IRC10:43
*** sapd__ has quit IRC10:45
*** annp has quit IRC10:46
*** markvoelker has joined #openstack-keystone11:02
*** nicolasbock has joined #openstack-keystone11:05
*** magnumbonum has joined #openstack-keystone11:14
magnumbonumhi all!11:14
magnumbonumI have a customer where we have implemented Keystone with an LDAP connection. Works fine. However, it is a fairly large AD.11:15
magnumbonumWe are hence getting a size limit exceeded error message in `keystone.log` when logging in, when pointing Keystone to the proper OU. Pointing Keystone to a another OU with fewer users works fine.11:16
magnumbonumI am implementing the `page_size` feature in the [ldap] stanza which I interpret like this: When Keystone contacts the LDAP server, it will page the results. So if there are more than `page_size` number of records, it will query the LDAP-server repeatedly until all items are retrieved.11:17
magnumbonumMy question is whether or not it is probable that Keystone also handles the attribute limit in AD when specifying the `page_size`? The problem with AD and large result sets are described in this article: https://support.microsoft.com/en-us/help/2009267/windows-server-2008-and-newer-domain-controller-returns-only-5000-valu11:20
magnumbonumThe problem might be when Keystone retrieves the user list. But it can also be that the MaxValRange attribute (the maximum number of attributes returned). This would mean that AD will not serve all memberOf or members on a group query, if it exceeds the hardcoded limit of 5.00011:22
magnumbonumNext action is setting up a testing environment for this, with a large number of users. But does anyone have any insight into the MaxValRange problem and if it is handled by Keystone?11:23
*** markvoelker has quit IRC11:36
*** alee has joined #openstack-keystone11:37
*** alee__ has quit IRC11:39
*** jaosorior has joined #openstack-keystone11:48
*** spzala has joined #openstack-keystone11:53
*** spzala has quit IRC11:57
*** raildo has joined #openstack-keystone12:08
*** zhongjun_ has quit IRC12:09
*** zhongjun_ has joined #openstack-keystone12:09
*** jaosorior has quit IRC12:15
*** jaosorior has joined #openstack-keystone12:16
*** markvoelker has joined #openstack-keystone12:16
*** mwhahaha has quit IRC12:26
*** mwhahaha has joined #openstack-keystone12:26
*** edmondsw has joined #openstack-keystone12:28
*** lbragstad has joined #openstack-keystone12:29
*** ChanServ sets mode: +o lbragstad12:29
*** edmondsw_ has joined #openstack-keystone12:29
*** alee has quit IRC12:31
*** Guest46098 has quit IRC12:32
*** Guest46098 has joined #openstack-keystone12:32
*** mchlumsky has joined #openstack-keystone12:33
*** edmondsw has quit IRC12:33
*** portdirect has quit IRC12:36
*** portdirect has joined #openstack-keystone12:37
*** edmondsw_ has quit IRC12:44
*** panbalag has joined #openstack-keystone12:46
*** panbalag has left #openstack-keystone12:46
*** edmondsw has joined #openstack-keystone12:48
*** felipemonteiro__ has joined #openstack-keystone12:52
*** edmondsw has quit IRC12:52
*** spzala has joined #openstack-keystone12:53
*** spzala has quit IRC12:57
*** edmondsw has joined #openstack-keystone12:59
*** edmondsw has quit IRC13:01
lbragstado/13:17
hrybackio/13:19
*** dave-mccowan has joined #openstack-keystone13:22
*** alee has joined #openstack-keystone13:22
*** spzala has joined #openstack-keystone13:26
*** edmondsw has joined #openstack-keystone13:27
*** jmlowe has quit IRC13:27
*** edmondsw has quit IRC13:31
gagehugoo/13:34
*** jaosorior has quit IRC13:55
*** jaosorior has joined #openstack-keystone13:55
*** felipemonteiro__ has quit IRC13:57
*** felipemonteiro__ has joined #openstack-keystone13:57
*** jdennis has joined #openstack-keystone13:58
*** edmondsw has joined #openstack-keystone13:59
*** edmondsw has quit IRC14:04
*** edmondsw has joined #openstack-keystone14:04
*** jaosorior has quit IRC14:07
*** spilla has joined #openstack-keystone14:08
*** edmondsw has quit IRC14:09
*** edmondsw has joined #openstack-keystone14:09
*** r-daneel has joined #openstack-keystone14:10
openstackgerritLance Bragstad proposed openstack/keystone master: Add conceptual overview of the service catalog  https://review.openstack.org/56397414:12
*** edmondsw has quit IRC14:14
*** zhongjun_ has quit IRC14:19
ayoungwxy, so one reason I am leary of an anonymous cite is that, if the information originally comes from someone else, and that someone does not want it released, it can make a sticky situation.  In this case, I think all the info is public, just well organized.14:23
*** panbalag has joined #openstack-keystone14:24
*** AlexeyAbashkin has quit IRC14:25
*** cristicalin has joined #openstack-keystone14:32
*** edmondsw has joined #openstack-keystone14:35
*** r-daneel has quit IRC14:38
*** r-daneel has joined #openstack-keystone14:39
*** edmondsw has quit IRC14:40
*** links has quit IRC14:42
*** edmondsw has joined #openstack-keystone14:42
*** edmondsw has quit IRC14:46
*** wxy| has joined #openstack-keystone15:02
*** jaosorior has joined #openstack-keystone15:05
*** tesseract has quit IRC15:06
*** tesseract has joined #openstack-keystone15:06
knikollao/15:07
*** AlexeyAbashkin has joined #openstack-keystone15:08
*** felipemonteiro_ has joined #openstack-keystone15:13
*** felipemonteiro__ has quit IRC15:16
lbragstadhrybacki: i don't think i have permission to add anything to the retro board15:21
lbragstads/anything/cards/15:21
hrybackilbragstad: try now15:23
hrybackilbragstad: can't seem to make it public...15:24
lbragstad40415:25
hrybackione mo time. It's public now15:25
hrybackihttps://trello.com/b/PiJecAs4/keystone-rocky-m1-retrospective or https://trello.com/b/PiJecAs415:25
gagehugoI had to join the board first15:25
hrybackifun fact: You cannot make a board public from the settings, but rather from a little button on the board UI itself -_-15:26
gagehugonice ui design15:26
kmallochrybacki: what in the actualk...15:26
kmallocthats....15:26
lbragstadaha15:27
*** dklyle has joined #openstack-keystone15:29
hrybacki\_0_/15:33
hrybackiperfect use case for the modern day shruggie15:33
*** edmondsw has joined #openstack-keystone15:33
*** jessegler has joined #openstack-keystone15:33
*** gyee has joined #openstack-keystone15:38
*** thorst has joined #openstack-keystone15:43
*** felipemonteiro_ has quit IRC15:49
*** felipemonteiro_ has joined #openstack-keystone15:49
*** pcaruana has quit IRC15:51
*** jmlowe has joined #openstack-keystone15:55
gagehugolbragstad yeah idk about that ldap down change15:56
gagehugoI have no idea how to test that outside of integration testing15:56
lbragstadyeah15:56
lbragstadthe one that cleans up connections?15:57
gagehugoyeah15:57
gagehugoit definitely needs work15:57
lbragstadwe could mock it for now i suppose?15:57
gagehugoI don't think we test much in terms of ldap15:57
gagehugoI haven't dug too deep into the test_backends though to look15:58
*** jmlowe has quit IRC15:59
*** r-daneel_ has joined #openstack-keystone15:59
*** r-daneel has quit IRC16:00
*** r-daneel_ is now known as r-daneel16:00
*** cristicalin has quit IRC16:16
*** alee_ has joined #openstack-keystone16:22
*** alee has quit IRC16:26
*** thorst has quit IRC16:30
*** pcaruana has joined #openstack-keystone16:43
*** jessegler has quit IRC16:53
*** itlinux has joined #openstack-keystone16:57
*** felipemonteiro__ has joined #openstack-keystone16:59
hrybackiReminder that we are conducting our M1 retrospective. Call-in: https://bluejeans.com/8559013623 Trello Board: https://trello.com/b/PiJecAs4/keystone-rocky-m1-retrospective -- I have to break. Let's plan to join in 10? Please add cards in respective columns as you may17:00
*** felipemonteiro__ has quit IRC17:01
lbragstadnote that i'll start office hours after our retrospective17:01
*** felipemonteiro__ has joined #openstack-keystone17:01
*** AlexeyAbashkin has quit IRC17:01
*** felipemonteiro_ has quit IRC17:02
*** felipemonteiro has joined #openstack-keystone17:03
*** edmondsw has quit IRC17:04
*** felipemonteiro__ has quit IRC17:06
*** mvk has quit IRC17:10
*** felipemonteiro_ has joined #openstack-keystone17:17
*** felipemonteiro has quit IRC17:20
*** jaosorior has quit IRC17:24
*** panbalag has quit IRC17:38
*** wxy| has quit IRC17:40
*** wxy| has joined #openstack-keystone17:40
gagehugosorry was pulled away17:42
*** cristicalin has joined #openstack-keystone17:46
*** cristicalin has quit IRC17:47
*** jdennis has quit IRC17:54
*** jdennis has joined #openstack-keystone17:55
*** wxy| has quit IRC17:55
*** edmondsw has joined #openstack-keystone17:56
hrybackiRocky M2 Retrospective Board: https://trello.com/b/1E3SeSsl/keystone-rocky-m2-retrospective17:56
lbragstad#startmeeting keystone-office-hours17:56
openstackMeeting started Tue Apr 24 17:56:56 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.17:56
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:56
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"17:56
*** ChanServ changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap"17:57
openstackThe meeting name has been set to 'keystone_office_hours'17:57
kmalloclbragstad: email sent to -dev17:58
kmallocre stable17:58
lbragstadchecking17:59
gagehugonice17:59
lbragstadfyi - https://review.openstack.org/#/c/563974/ and https://review.openstack.org/#/c/562716/ close bugs17:59
gagehugolbragstad looking18:01
lbragstadthe one about enforcement limits needs some feedback on the API bits18:01
lbragstadGET /v3/limit_model versus GET /v3/limit/model18:01
lbragstadi left comments in review and i can respin that pretty each18:01
lbragstadeasy*18:01
*** edmondsw_ has joined #openstack-keystone18:03
*** mvk has joined #openstack-keystone18:03
*** alee__ has joined #openstack-keystone18:05
*** edmonds__ has joined #openstack-keystone18:05
*** edmonds__ is now known as edmondsw__18:06
*** edmondsw__ is now known as edmondsw___18:06
*** edmondsw has quit IRC18:06
*** edmondsw___ is now known as edmondsw18:06
*** jdennis has quit IRC18:06
*** alee_ has quit IRC18:08
*** edmondsw_ has quit IRC18:09
*** jdennis has joined #openstack-keystone18:11
*** gyee has quit IRC18:28
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Add idea for alternative service catalogs  https://review.openstack.org/56404218:31
lbragstadmnaser: ^ relevant to your discussion in -tc the other day18:31
*** pcaruana has quit IRC18:32
*** jdennis has quit IRC18:34
*** felipemonteiro__ has joined #openstack-keystone18:39
*** felipemonteiro_ has quit IRC18:39
*** jdennis has joined #openstack-keystone18:51
*** dims has quit IRC19:02
*** dims has joined #openstack-keystone19:09
gagehugolbragstad with that double token provider use-case, we should avoid doing this: https://review.openstack.org/#/c/558918/19:13
gagehugoright?19:13
lbragstadgagehugo: yeah - it was a far fetched use case19:15
lbragstadi was just trying to think of things that would require the location of both repositories19:15
lbragstadthen again - if someone is rolling their own token providers, they might not have an issue just exposing new configuration values19:17
* lbragstad shrugs19:17
gagehugohmm19:17
gagehugoleave it up for now, we will likely discuss it once dev work begins on jwt19:20
gagehugoI guess*19:20
lbragstadyeah - that works19:21
*** tesseract has quit IRC19:26
* knikolla finally booked flights/hotel for vancouver. 19:28
gagehugo\o/19:38
*** tonytan4ever has joined #openstack-keystone19:58
*** tonytan4ever has quit IRC20:00
*** itlinux has quit IRC20:13
*** dklyle has quit IRC20:18
*** itlinux has joined #openstack-keystone20:19
openstackgerritLance Bragstad proposed openstack/keystone master: Add conceptual overview of the service catalog  https://review.openstack.org/56397420:26
*** spzala has quit IRC20:32
*** spzala has joined #openstack-keystone20:32
*** raildo has quit IRC20:34
*** raildo has joined #openstack-keystone20:34
*** spzala has quit IRC20:34
*** spilla has quit IRC20:36
lbragstadkmalloc: do you happen to know where the translation you speak of happens? https://review.openstack.org/#/c/530509/4/oslo_context/context.py20:36
*** spilla has joined #openstack-keystone20:37
*** dmellado has quit IRC20:38
lbragstadi see some stuff in keystonemiddleware/audit/_api.py20:39
lbragstadbut that doesn't seem right20:39
*** dmellado has joined #openstack-keystone20:43
*** rmascena has joined #openstack-keystone20:44
lbragstadoh...20:44
lbragstadhttps://github.com/openstack/keystonemiddleware/blob/686f7a5b0b13a7ef4c7ce6721e6c9e601816ad45/keystonemiddleware/auth_token/_request.py#L201-L21720:45
*** raildo has quit IRC20:46
*** rmascena has quit IRC20:50
kmallocNot off the top of my head20:50
kmallocWill look when done with lunch.20:50
*** jmlowe has joined #openstack-keystone20:50
*** jmlowe has quit IRC20:52
lbragstadi think i found a clue20:53
*** dklyle has joined #openstack-keystone20:56
*** spilla has quit IRC20:58
*** edmondsw_ has joined #openstack-keystone21:11
*** itlinux has quit IRC21:12
*** martinus__ has quit IRC21:13
*** edmondsw has quit IRC21:13
*** dklyle has quit IRC21:14
lbragstadthis is weird, i see where ksm scrubs the headers when it receives a request21:17
lbragstadand then it sets them appropriately if the user and service tokens are valid21:17
lbragstadwhich make total sense21:18
lbragstadthe request object trucks along through middleware21:18
lbragstadfollowing the wsgi pipeline21:18
lbragstadand then in the case of nova, it reaches a different piece of middleware called NovaKeystoneContext that processes the headers using oslo.context to build a context object for nova21:19
lbragstadwhere it gets strange is that ksm sets the headers like X-Project-Id21:20
lbragstadbut oslo.context looks for request.headers['HTTP_X_PROJECT_ID']21:20
* lbragstad goes to dig in requests21:20
lbragstads/requests/webob/21:22
lbragstadbaha - https://github.com/Pylons/webob/blob/4e8c7ecc20bed6ce6c64daa3dcb97cc328058e8c/src/webob/headers.py#L111-L11521:28
*** dklyle has joined #openstack-keystone21:44
*** r-daneel has quit IRC21:52
*** edmondsw_ has quit IRC21:55
*** alee__ has quit IRC22:03
*** edmondsw has joined #openstack-keystone22:05
*** edmondsw has quit IRC22:05
*** dave-mccowan has quit IRC22:15
openstackgerritLance Bragstad proposed openstack/keystonemiddleware master: Introduce new header for system-scoped tokens  https://review.openstack.org/56407222:15
*** gyee has joined #openstack-keystone22:23
kmalloclbragstad: aha22:43
*** alee__ has joined #openstack-keystone22:44
*** felipemonteiro__ has quit IRC23:16
*** hoonetorg has quit IRC23:52
« Monday, 2018-04-23 Index Wednesday, 2018-04-25 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!