Tuesday, 2018-05-15

openstackgerritMerged openstack/keystone master: Update tests to work with WebOb 1.8.1  https://review.openstack.org/56830400:03
*** panbalag has joined #openstack-keystone00:09
*** panbalag has quit IRC00:15
*** panbalag has joined #openstack-keystone00:18
*** panbalag has left #openstack-keystone00:24
*** Dinesh_Bhor has joined #openstack-keystone00:44
*** germs has joined #openstack-keystone00:47
*** germs has quit IRC00:47
*** germs has joined #openstack-keystone00:47
*** germs has quit IRC00:52
*** threestrands has quit IRC01:00
*** dklyle has quit IRC01:01
openstackgerritMerged openstack/keystone master: Remove token driver configuration  https://review.openstack.org/56711001:12
openstackgerritMerged openstack/keystone master: Consolidate oauth1.rst  https://review.openstack.org/54729301:12
*** gyee has quit IRC01:18
*** namnh has joined #openstack-keystone01:35
*** jmlowe has joined #openstack-keystone01:36
*** dave-mccowan has joined #openstack-keystone01:41
*** Dinesh_Bhor has quit IRC01:46
*** Dinesh_Bhor has joined #openstack-keystone01:52
openstackgerritLingyong Xu proposed openstack/keystonemiddleware master: Trivial: Update pypi url to new url  https://review.openstack.org/56841302:31
*** rcernin has quit IRC02:46
*** rcernin has joined #openstack-keystone02:50
*** nicolasbock has quit IRC03:11
openstackgerritwangxiyuan proposed openstack/keystone master: Remove some unused functions  https://review.openstack.org/56842903:24
*** links has joined #openstack-keystone03:37
*** dave-mccowan has quit IRC03:38
*** gyankum has joined #openstack-keystone03:59
*** namnh has quit IRC04:18
*** annp has quit IRC04:18
*** namnh has joined #openstack-keystone04:18
*** annp has joined #openstack-keystone04:18
*** pcaruana has joined #openstack-keystone04:31
*** linhnm has joined #openstack-keystone04:38
*** Dinesh_Bhor has quit IRC04:55
*** linhnm has quit IRC05:04
*** linhnm has joined #openstack-keystone05:26
*** masber has joined #openstack-keystone05:51
*** linhnm has quit IRC05:56
*** martinus__ has joined #openstack-keystone06:05
openstackgerritwangxiyuan proposed openstack/keystone master: Remove some unused functions  https://review.openstack.org/56842906:10
*** liuzz_ has quit IRC06:18
*** liuzz has joined #openstack-keystone06:18
*** belmoreira has joined #openstack-keystone06:19
*** markvoelker has quit IRC06:20
openstackgerritprashkre proposed openstack/python-keystoneclient master: Allow user to stop logging of user API response.  https://review.openstack.org/56837306:20
openstackgerritprashkre proposed openstack/python-keystoneclient master: Allow user to skip logging of user API response.  https://review.openstack.org/56837306:21
*** linhnm has joined #openstack-keystone06:22
*** belmoreira has quit IRC06:24
*** belmoreira has joined #openstack-keystone06:55
*** belmoreira has quit IRC06:58
*** namnh has quit IRC07:01
*** namnh has joined #openstack-keystone07:01
*** rcernin has quit IRC07:13
*** tesseract has joined #openstack-keystone07:13
*** pcaruana has quit IRC07:17
*** pcaruana has joined #openstack-keystone07:17
*** pcaruana has quit IRC07:18
*** afazekas|pto is now known as afazekas07:18
*** markvoelker has joined #openstack-keystone07:20
*** pcaruana has joined #openstack-keystone07:23
*** annp has quit IRC07:28
doxaanyone guru in totp authentication ?07:33
*** linhnm has quit IRC07:36
*** AlexeyAbashkin has joined #openstack-keystone07:36
*** markvoelker has quit IRC07:55
Shilpacmurphy: Hi08:10
*** edmondsw has joined #openstack-keystone08:52
*** markvoelker has joined #openstack-keystone08:52
doxaTFA auth anyone ?08:53
*** edmondsw has quit IRC08:56
Shilpaayoung: Hi09:04
*** linhnm has joined #openstack-keystone09:11
openstackgerritArmstrong Liu proposed openstack/keystone master: Add request parameter for create limit  https://review.openstack.org/56854109:19
*** markvoelker has quit IRC09:25
Shilpalbragstad[m]: Hi09:29
*** pcichy has joined #openstack-keystone09:35
*** bhagyashri_s has joined #openstack-keystone09:37
*** pooja-jadhav has joined #openstack-keystone09:38
*** bhagyashris has quit IRC09:40
*** pooja_jadhav has quit IRC09:41
*** annp has joined #openstack-keystone09:41
*** linhnm has quit IRC09:42
*** jaosorior has quit IRC10:00
*** pcichy has quit IRC10:01
*** jaosorior has joined #openstack-keystone10:01
*** namnh has quit IRC10:15
*** markvoelker has joined #openstack-keystone10:23
*** edmondsw has joined #openstack-keystone10:40
*** nicolasbock has joined #openstack-keystone10:40
*** tesseract is now known as info10:41
*** info is now known as tesseract10:41
*** edmondsw has quit IRC10:44
*** markvoelker has quit IRC10:55
*** edmondsw has joined #openstack-keystone11:21
*** markvoelker has joined #openstack-keystone11:52
*** pcichy has joined #openstack-keystone11:59
*** raildo has joined #openstack-keystone12:01
*** simondodsley has quit IRC12:02
*** markvoelker_ has joined #openstack-keystone12:02
*** markvoelker has quit IRC12:04
*** simondodsley_ has joined #openstack-keystone12:05
*** pooja-jadhav is now known as pooja_jadhav12:17
Shilpacmurphy: Hi12:25
*** gyankum has quit IRC12:25
*** panbalag has joined #openstack-keystone12:32
*** panbalag has left #openstack-keystone12:33
*** mvk has quit IRC12:45
*** nicolasbock has quit IRC12:55
lbragstadShilpa: hey12:59
Shilpalbragstad: Hi, want understanding reagarding configuring rackspace kesytonauth plugin with keystone, kindly guide me to proceed here13:00
*** nicolasbock has joined #openstack-keystone13:01
lbragstadShilpa: do you have a link to the code you're referencing?13:01
lbragstadrackspace keystoneauth plugin?13:01
*** dave-mccowan has joined #openstack-keystone13:02
*** rpittau has quit IRC13:02
Shilpayes i have downloaded from github, i am looking into LP bug https://bugs.launchpad.net/python-novaclient/+bug/174411813:03
openstackLaunchpad bug 1744118 in python-novaclient "Arguments not initialized if unsupported by keystoneauth plugin" [Medium,Confirmed]13:03
Shilpai have installed by cloning rackspace keystoneauth plugin, and installed via setup.cfg13:03
Shilpathen i have hit the commnad 'nova --os-auth-type rackspace_password --os-password admin list'13:04
Shilpaso what configuration will need to use custom plugin like rackspace keystoneauth/kerbose13:05
*** panbalag has joined #openstack-keystone13:05
lbragstadi'm not sure, i wasn't aware of a rackspace specific plugin for keystoneauth13:05
*** panbalag has left #openstack-keystone13:06
Shilpaohh, do you have any idea @ configuration for v3kerberos plugin?13:06
lbragstadkeystoneauth plugin documentation can be found https://docs.openstack.org/keystoneauth/latest/plugin-options.html#v3kerberos13:07
lbragstadand that tells you what information you need to provide in order to use those plugins13:07
lbragstadhttps://docs.openstack.org/keystoneauth/latest/plugin-options.html#using-plugins-via-cli describes how you can specify a specific plugin13:08
Shilpayes, i have gone throgh, it describes all keystoneauth1 detailing, but not resolving my basic query 'how to configure rackspace (any custom plugin with keystone), so that it will use custome plugin while authentication'13:11
lbragstadyou'll probably need to reach out to the maintainers of that code13:12
lbragstadi'm not exactly sure which project or plugin you're talking about, is it open source?13:13
*** mvk has joined #openstack-keystone13:13
Shilpalbragstad:yes its open source (https://github.com/rackerlabs/rackspace-keystoneauth-plugin), i have installed rackspace plugin and debug novaclient to check auth object at 'novaclient/client.py(164)_construct_http_client()', expected rackspace object but getting <keystoneauth1.identity.generic.password.Password object at 0x7f19c5211650>13:15
lbragstadShilpa: i'm unfamiliar with that code, but someone from rackspace might be able to help you a bit more13:19
Shilpalbragstad: ok thanks, can you help me to understand [auth] section from https://docs.openstack.org/ocata/config-reference/identity/samples/keystone.conf.html13:21
lbragstadsure - what questions do you have?13:22
Shilpapl clear do we need to add this section in case of custom authentication plugin?13:25
lbragstadif you're configuring keystone server to use a custom authentication plugin that you've written?13:26
*** dklyle has joined #openstack-keystone13:26
Shilpacustom authentication plugin, any examples13:27
lbragstadyes - if you've written a custom authentication plugin and you want to use it with keystone, you'll need to set the methods configuration option in that section13:28
*** gyankum has joined #openstack-keystone13:28
lbragstadwe have developer documentation for writing those types of plugins https://docs.openstack.org/keystone/latest/contributor/auth-plugins.html13:28
Shilpayes, rackspace-keystoneauth-plugin is the same13:29
Shilpaand i am configuring this [auth] section, but not able to proceed13:29
lbragstadkeystoneauth and keystone are two separate projects13:29
lbragstadthe rackspace-keystoneauth-project is a plugin for keystoneauth, so it looks like you'd use that if you were a rackspace public cloud customer13:30
lbragstadand wanted to use keystoneauth to talk to rackspace's public cloud13:30
*** dklyle has quit IRC13:32
*** mchlumsky has joined #openstack-keystone13:37
lbragstadwxy: thoughts on this? https://review.openstack.org/#/c/568541/113:37
Shilpalbragstad: ok thank you, will look into it more deeeper, and get back to you if further clarification needed.13:37
lbragstadwxy: i was digging through the code and noticed that we pull the project id for project limits from the reference, should we pull that from the token instead?13:38
*** felipemonteiro_ has joined #openstack-keystone13:42
*** felipemonteiro__ has joined #openstack-keystone13:44
*** felipemonteiro_ has quit IRC13:48
*** felipemonteiro__ has quit IRC13:51
*** mchlumsky has quit IRC14:00
*** mchlumsky has joined #openstack-keystone14:07
*** wxy| has joined #openstack-keystone14:07
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Fix logging of encoded headers  https://review.openstack.org/56836514:10
*** felipemonteiro has joined #openstack-keystone14:10
mordredlbragstad, cmurphy, kmalloc: ^^ that should fix the issue rosmaita ran in to with python-glanceclient14:16
lbragstadmordred: cool - thanks14:16
mordredI should maybe add a release note... one sec14:16
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Fix logging of encoded headers  https://review.openstack.org/56836514:19
mordredk. there it is with a release note14:19
*** mchlumsky has quit IRC14:19
mordredShilpa, lbragstad: fwiw, rackspace-keystoneauth-project is not needed to use keystoneauth with rackspace14:20
lbragstadi was going to say, i'd never seen that project before14:20
mordredit is needed to use rackspace's custom auth key thing which was a very early attempt at implementing something like what we just did with application credentials14:20
mordredexcept it's uselessly limited so provides basically no additional benefit over just using normal keystone password auth14:21
kmallocmordred: awesome.14:21
lbragstadit's more like a traditional API key iirc14:21
mordredlbragstad: rackspace _support_ will tell you you have to use their special auth plugin to talk to the openstack apis - but it's completely untrue- we use password auth for everything infra does on rackspace14:21
kmallocWhich, I would love to see in OpenStack, but we are a good way away from it.14:22
mordredI find it completely pointless14:22
kmallocTransitional API keys14:22
kmallocNot exchanged for a token14:22
kmallocNot the rackspace thing.14:22
*** mchlumsky has joined #openstack-keystone14:22
mordredah. gotcha14:22
mordredyeah - the rackspace thing is security theatre14:23
kmallocTyping on a phone. ;) So slower than your typing was.14:23
kmallocYah. Def not the rackspace thing. :)14:23
lbragstadmordred: one comment on the release note, otherwise that change looks sane14:24
kmallocWill review shortly, need to dog walk14:25
kmallocBut, I see no reason we can't land that today.14:25
*** prometheanfire has left #openstack-keystone14:27
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Fix logging of encoded headers  https://review.openstack.org/56836514:29
cmurphymordred: is this a python3-only issue? the tests pass for me on py27 without the session.py change applied14:34
mordredcmurphy: yes, it's a python3 only issue14:34
cmurphyah ok14:35
mordredcmurphy: well -it's only surfaced as a python3 only issue ... inability to sort a list that has mixed bytes and string keys14:35
*** aloga has quit IRC14:40
kmallocPy3 string issues.. yay! :(14:40
mordredkmalloc: your favorite14:46
*** panbalag has joined #openstack-keystone14:46
*** spilla has joined #openstack-keystone14:47
*** panbalag has left #openstack-keystone14:51
*** felipemonteiro has quit IRC14:53
*** felipemonteiro has joined #openstack-keystone14:53
*** r-daneel has joined #openstack-keystone14:57
*** dklyle has joined #openstack-keystone15:02
*** r-daneel has quit IRC15:19
*** r-daneel_ has joined #openstack-keystone15:19
*** links has quit IRC15:21
*** r-daneel_ is now known as r-daneel15:22
*** gyee has joined #openstack-keystone15:39
lbragstadknikolla: o/15:43
lbragstadping ayoung, breton, cmurphy, dstanek, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rderose, rodrigods, samueldmq, spilla, aselius, dpar, jdennis, ruan_he, wxy, sonuk16:01
lbragstadmeeting reminder in #openstack-meeting-alt16:01
*** tesseract has quit IRC16:21
*** jaosorior has quit IRC16:31
*** pcaruana has quit IRC16:33
*** felipemonteiro_ has joined #openstack-keystone16:37
*** felipemonteiro has quit IRC16:40
*** felipemonteiro_ has quit IRC16:41
*** felipemonteiro_ has joined #openstack-keystone16:41
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Expose version_between as a real function  https://review.openstack.org/56864016:43
mordredlbragstad, kmalloc: ^^ in adding microversion support to openstacksdk it has become clear that I'd really like that to be usable16:44
kmallocmordred: looking16:46
kmalloclbragstad: i don't think we can use oslo.service and get SIG handlers16:47
*** wxy| has quit IRC16:47
kmallocso moving to oslo.service isn't really going to fly [and i'm very very very much against going back to eventlet]16:47
lbragstadyeah - i wasn't thinking that would be much of an option after dhellmann's reply in the post16:47
lbragstadi should have done some more research prior to writing up that solution16:48
kmallocmordred: i'm fine with that.16:48
kmallocmordred: +2.16:48
*** dklyle has quit IRC16:48
lbragstadi was under the assumption that oslo.service was a set of tools that helped projects run under other web server16:48
kmallocmordred: makes sense to uspport "service between" publocally16:48
kmalloclbragstad: it seems to have wsgi capabilities.16:48
kmalloclbragstad: but remember mod_wsgi and signal handlers are bad-news(tm)16:49
lbragstadright - as knikolla pointed out16:49
kmalloclbragstad: annnnnd if uwsgi is truely managing the subprocesses, you can't catch it on a single event16:49
kmallocit might miss some/all/other issues16:49
kmalloci think we can make this work16:50
lbragstadthat's about where i ran out of steam yesterday chasing this down16:50
kmalloclet me get unit tests working on my initial flask conversion16:50
lbragstadi gotta step away real quick, but i'll be back in about 1016:50
kmallocafter i run down this doc bug in that ksa fix16:50
kmallocmordred: once zuul weighs in we can land that... but... i am inclined to take the header fix first and patch release it, then expose version_between as a minor version16:51
kmallocmordred: because header fix is def. a bug.16:51
mordredkmalloc: ++16:58
kmallocmordred: i am spoiled at home, 1gbit network down... coffee shop... 2Mbps16:59
kmallocmordred: this sphinx issue is taking forever because... tox -edocs is still installing :P16:59
kmallocmordred: :P16:59
lbragstad#startmeeting keystone-office-hours17:04
openstackMeeting started Tue May 15 17:04:22 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.17:04
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.17:04
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"17:04
*** ChanServ changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap"17:04
openstackThe meeting name has been set to 'keystone_office_hours'17:04
*** jmlowe has quit IRC17:06
*** spilla has quit IRC17:25
*** AlexeyAbashkin has quit IRC17:25
*** mvk has quit IRC17:29
knikollalbragstad, hrybacki: what happened to service specific default roles in the ? (nova_auditor, etc)17:42
hrybackiknikolla: removed during de-scope most likely. That happened a number of revisions ago so the specifics are a bit foggy17:43
knikollais that something we want to introduce? i remember people at the ptg seemed happy about that feature.17:44
hrybackiknikolla: not at this stage. I'm sure it will be brought up at the next PTG -- which I will use to pivot us into discussing the community goal aimed at release T17:48
knikollait sort of feels like since we are pushing everyone to standardize on {auditor,member,admin}. It's the same amount of effort to have them standardize on <service>_{auditor,member,admin} since <service> will be the same across that service.17:51
knikollait is true though that requires more operator effort since they have to create the implied roles, though it's only 3 commands per service.17:52
hrybackiknikolla: I think that would be a great next step but I'd really like to KISS and proof out the work within Keystone and Barbican (and work on getting testing in place for this and future work)17:54
*** dave-mcc_ has joined #openstack-keystone17:55
*** gyankum has quit IRC17:55
*** dave-mccowan has quit IRC17:55
knikollaack. also it's easy enough to generate policy files with service specific roles for the operators who might really want it sooner.17:55
hrybackithat's true. I'm remembering more of the conversation from before -- I think we basically decided that we would work with Octavia to /document/ how to do just that17:56
knikolla++ on documenting how17:58
hrybackiadding a work item for that knikolla17:58
openstackgerritHarry Rybacki proposed openstack/keystone-specs master: Define a set of basic default roles  https://review.openstack.org/56637717:59
hrybackithat should be enough of a reminder :)18:00
*** links has joined #openstack-keystone18:01
knikollahrybacki: cool, thanks!18:02
*** spilla has joined #openstack-keystone18:02
*** mvk has joined #openstack-keystone18:10
*** sonuk has joined #openstack-keystone18:35
*** jmlowe has joined #openstack-keystone18:36
*** felipemonteiro has joined #openstack-keystone18:40
*** sonuk has quit IRC18:40
*** felipemonteiro_ has quit IRC18:42
*** jmlowe has quit IRC18:49
*** felipemonteiro_ has joined #openstack-keystone18:49
*** felipemonteiro has quit IRC18:50
*** dklyle has joined #openstack-keystone18:50
*** jmlowe has joined #openstack-keystone19:01
*** r-daneel has quit IRC19:18
openstackgerritBen Nemec proposed openstack/oslo.policy master: Include both new and deprecated rules in generated sample  https://review.openstack.org/56867619:19
*** links has quit IRC19:20
*** jaosorior has joined #openstack-keystone19:21
*** r-daneel has joined #openstack-keystone19:35
*** pcichy has quit IRC19:36
*** pcichy has joined #openstack-keystone19:37
*** jmlowe_ has joined #openstack-keystone19:38
*** jmlowe has quit IRC19:40
*** pcichy has quit IRC19:53
openstackgerritMonty Taylor proposed openstack/keystoneauth master: Expose version_between as a real function  https://review.openstack.org/56864020:11
*** felipemonteiro_ has quit IRC20:17
*** aojea has joined #openstack-keystone20:18
*** jmlowe_ has quit IRC20:19
openstackgerritBen Nemec proposed openstack/oslo.policy master: Include deprecated_reason when deprecated_rule is set  https://review.openstack.org/56868720:20
*** r-daneel_ has joined #openstack-keystone20:36
*** r-daneel has quit IRC20:37
*** r-daneel_ is now known as r-daneel20:37
*** jmlowe has joined #openstack-keystone20:53
*** felipemonteiro has joined #openstack-keystone20:55
*** raildo has quit IRC20:59
*** openstack changes topic to "Rocky release schedule: https://releases.openstack.org/rocky/schedule.html | Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting | Bugs that need triaging: http://bit.ly/2iJuN1h | Trello: https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap"21:13
openstackMeeting ended Tue May 15 21:13:48 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:13
openstackMinutes:        http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-05-15-17.04.html21:13
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-05-15-17.04.txt21:13
openstackLog:            http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-05-15-17.04.log.html21:13
*** aojea has quit IRC21:24
*** felipemonteiro has quit IRC21:25
cmurphyanyone interested in checking my slides and giving me feedback? https://docs.google.com/presentation/d/15v_pWYZFFRXB5LHshvDK9ckG4IgL8EfOqiupazFOuyQ/edit?usp=sharing21:28
gagehugosuch green :)21:32
cmurphycan you tell what company i work at21:33
gagehugoit's very subtle21:34
gagehugomainly noticeable thing is the transition slides, the green text on green bg is kinda hard to read21:34
gagehugobut my monitor kinda sucks too so /shrug21:35
gagehugoslide 24 text looks alright with the bg21:35
cmurphycool, i can change that21:40
cmurphyany information you think is missing/wrong in the content?21:40
gagehugocmurphy here is the spec for plaintext passwords for oslo if you wanna plug it https://review.openstack.org/#/c/47430421:41
cmurphygagehugo: great, will do21:43
lbragstadnice - live demo21:43
lbragstad+1 on slide 1921:45
lbragstadi was hoping that would get called out explicitly21:45
gagehugocan't keystone solve all of our problems?21:49
lbragstadgood job cmurphy - i'm looking forward to it21:51
*** edmondsw has quit IRC21:52
*** edmondsw has joined #openstack-keystone21:53
gagehugocmurphy material looks good21:53
cmurphyyay thanks guys21:56
*** martinus__ has quit IRC21:56
*** edmondsw has quit IRC21:57
*** dklyle has quit IRC21:59
*** rcernin has joined #openstack-keystone22:00
*** felipemonteiro has joined #openstack-keystone22:01
*** felipemonteiro has quit IRC22:32
*** edmondsw has joined #openstack-keystone23:29
*** edmondsw has quit IRC23:34
*** germs has joined #openstack-keystone23:50
*** germs_ has joined #openstack-keystone23:53
*** germs has quit IRC23:56
*** dklyle has joined #openstack-keystone23:59

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!