Wednesday, 2018-06-06

« Tuesday, 2018-06-05 Index Thursday, 2018-06-07 »
*** bigdogstl has joined #openstack-keystone00:12
*** itlinux has joined #openstack-keystone00:13
*** bigdogstl has quit IRC00:16
*** jmlowe has joined #openstack-keystone00:19
*** bigdogstl has joined #openstack-keystone00:41
*** bigdogstl has quit IRC00:46
*** Dinesh_Bhor has joined #openstack-keystone00:47
*** edmondsw has joined #openstack-keystone00:51
*** edmondsw has quit IRC00:55
*** harlowja has quit IRC01:10
*** bigdogstl has joined #openstack-keystone01:14
*** spilla has quit IRC01:14
*** bigdogstl has quit IRC01:19
*** namnh has joined #openstack-keystone01:22
*** threestrands_ has joined #openstack-keystone01:33
*** threestrands has quit IRC01:36
*** gyee has quit IRC01:46
openstackgerritAdrian Turjak proposed openstack/keystone master: Rename token_utils back to fernet_utils  https://review.openstack.org/56620801:46
*** bigdogstl has joined #openstack-keystone01:50
openstackgerritAdrian Turjak proposed openstack/keystone master: [WIP] Implement auth receipts spec  https://review.openstack.org/57228601:51
*** blake has joined #openstack-keystone01:55
*** bigdogstl has quit IRC01:55
openstackgerritAdrian Turjak proposed openstack/keystone master: Revert "Rename fernet_utils to token_utils"  https://review.openstack.org/56620801:58
*** blake has quit IRC02:26
*** bigdogstl has joined #openstack-keystone02:27
*** bigdogstl has quit IRC02:32
*** edmondsw has joined #openstack-keystone02:39
*** edmondsw has quit IRC02:44
*** jmlowe has quit IRC02:47
*** bigdogstl has joined #openstack-keystone02:51
*** neha_alhat has quit IRC02:51
*** bigdogstl has quit IRC02:55
*** jmlowe has joined #openstack-keystone02:56
*** bigdogstl has joined #openstack-keystone03:02
*** bigdogstl has quit IRC03:07
*** liuzz has joined #openstack-keystone03:10
*** bigdogstl has joined #openstack-keystone03:11
*** bigdogstl has quit IRC03:15
*** bigdogstl has joined #openstack-keystone03:16
*** bigdogstl has quit IRC03:29
*** bigdogstl has joined #openstack-keystone03:39
*** sonuk has joined #openstack-keystone03:40
*** r-daneel has joined #openstack-keystone03:42
*** bigdogstl has quit IRC03:45
*** bigdogstl has joined #openstack-keystone03:48
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Hierarchical Unified Limits  https://review.openstack.org/54080303:51
*** bigdogstl has quit IRC03:53
openstackgerritwangxiyuan proposed openstack/keystone-specs master: Hierarchical Unified Limits  https://review.openstack.org/54080303:58
*** bigdogstl has joined #openstack-keystone04:00
*** germs has quit IRC04:00
*** germs has joined #openstack-keystone04:00
*** germs has quit IRC04:00
*** germs has joined #openstack-keystone04:00
*** links has joined #openstack-keystone04:02
*** masuberu has quit IRC04:04
*** germs has quit IRC04:04
*** bigdogstl has quit IRC04:04
*** boris_42_ has quit IRC04:06
*** bigdogstl has joined #openstack-keystone04:10
*** mvenesio has joined #openstack-keystone04:13
*** harlowja has joined #openstack-keystone04:17
*** bigdogstl has quit IRC04:25
*** edmondsw has joined #openstack-keystone04:27
*** edmondsw has quit IRC04:32
openstackgerritAdrian Turjak proposed openstack/keystone master: [WIP] Implement auth receipts spec  https://review.openstack.org/57228604:32
*** harlowja has quit IRC04:45
*** mvk has joined #openstack-keystone04:48
openstackgerritAdrian Turjak proposed openstack/keystone master: Revert "Rename fernet_utils to token_utils"  https://review.openstack.org/56620804:51
openstackgerritAdrian Turjak proposed openstack/keystone master: [WIP] Implement auth receipts spec  https://review.openstack.org/57228604:51
adriantcmurphy: I've manage to get the existing MFA tests to pass, but the application creds tests are failing for https://review.openstack.org/#/c/57228604:52
adriantI have no clue why...04:52
adriantthe fixtures/mocking stuff confuses the hell out of me in the Keystone tests.04:53
*** Dinesh_Bhor has quit IRC04:59
*** bigdogstl has joined #openstack-keystone05:11
*** bigdogstl has quit IRC05:15
*** Dinesh_Bhor has joined #openstack-keystone05:22
*** bigdogstl has joined #openstack-keystone05:23
*** mvenesio has quit IRC05:28
*** bigdogstl has quit IRC05:28
*** chris_hultin has quit IRC05:30
*** chris_hultin|AWA has joined #openstack-keystone05:30
*** chris_hultin|AWA is now known as chris_hultin05:30
*** links has quit IRC05:33
*** bigdogstl has joined #openstack-keystone05:40
*** bigdogstl has quit IRC05:44
*** bigdogstl has joined #openstack-keystone05:47
*** Dinesh_Bhor has quit IRC05:48
*** links has joined #openstack-keystone05:49
*** Dinesh_Bhor has joined #openstack-keystone05:49
*** bigdogstl has quit IRC05:52
*** jaosorior has joined #openstack-keystone05:52
*** dklyle has quit IRC05:59
*** germs has joined #openstack-keystone06:01
*** germs has quit IRC06:01
*** germs has joined #openstack-keystone06:01
*** masber has joined #openstack-keystone06:04
*** germs has quit IRC06:05
*** bigdogstl has joined #openstack-keystone06:13
*** edmondsw has joined #openstack-keystone06:15
*** bigdogstl has quit IRC06:18
openstackgerritJuan Antonio Osorio Robles proposed openstack/keystone master: Ensure default roles created during bootstrap  https://review.openstack.org/57224306:20
*** edmondsw has quit IRC06:20
*** martinus__ has joined #openstack-keystone06:25
*** bigdogstl has joined #openstack-keystone06:33
*** Dinesh_Bhor has quit IRC06:37
*** Dinesh_Bhor has joined #openstack-keystone06:38
*** bigdogstl has quit IRC06:41
*** links has quit IRC06:44
*** pcaruana has joined #openstack-keystone06:44
*** jaosorior has quit IRC06:47
*** ispp has joined #openstack-keystone06:48
cmurphyadriant: that's pretty weird06:59
*** bigdogstl has joined #openstack-keystone07:02
*** lifeless has quit IRC07:02
*** lifeless has joined #openstack-keystone07:02
openstackgerritNguyen Hai proposed openstack/keystonemiddleware master: Follow the new PTI for document build  https://review.openstack.org/56295107:03
*** links has joined #openstack-keystone07:03
*** bigdogstl has quit IRC07:06
*** rcernin has quit IRC07:07
*** links has quit IRC07:12
*** openstackgerrit has quit IRC07:19
*** Dinesh_Bhor has quit IRC07:20
*** lifeless has quit IRC07:22
*** Dinesh_Bhor has joined #openstack-keystone07:24
*** ispp has quit IRC07:25
*** bigdogstl has joined #openstack-keystone07:26
*** masber has quit IRC07:27
*** lifeless has joined #openstack-keystone07:28
*** bigdogstl has quit IRC07:31
*** links has joined #openstack-keystone07:33
*** masber has joined #openstack-keystone07:35
*** masuberu has joined #openstack-keystone07:39
*** masber has quit IRC07:43
*** bigdogstl has joined #openstack-keystone07:56
*** dklyle has joined #openstack-keystone07:57
*** bigdogstl has quit IRC08:01
*** germs has joined #openstack-keystone08:01
*** germs has quit IRC08:01
*** germs has joined #openstack-keystone08:01
*** threestrands_ has quit IRC08:03
*** edmondsw has joined #openstack-keystone08:03
*** germs has quit IRC08:06
*** edmondsw has quit IRC08:08
*** bigdogstl has joined #openstack-keystone08:09
*** dklyle has quit IRC08:09
*** dklyle has joined #openstack-keystone08:12
*** bigdogstl has quit IRC08:13
*** dklyle has quit IRC08:29
*** dklyle has joined #openstack-keystone08:29
*** bigdogstl has joined #openstack-keystone08:29
*** ispp has joined #openstack-keystone08:34
*** bigdogstl has quit IRC08:34
*** ispp has quit IRC08:47
*** bigdogstl has joined #openstack-keystone08:48
*** bigdogstl has quit IRC08:53
*** lifeless has quit IRC09:05
*** bigdogstl has joined #openstack-keystone09:10
*** bigdogstl has quit IRC09:15
*** bigdogstl has joined #openstack-keystone09:24
*** bigdogstl has quit IRC09:28
*** Dinesh_Bhor has quit IRC09:32
*** links has quit IRC09:39
*** lifeless has joined #openstack-keystone09:42
*** bigdogstl has joined #openstack-keystone09:50
*** edmondsw has joined #openstack-keystone09:52
*** ispp has joined #openstack-keystone09:53
*** bigdogstl has quit IRC09:54
*** ispp has quit IRC09:55
*** edmondsw has quit IRC09:56
*** links has joined #openstack-keystone09:57
*** germs has joined #openstack-keystone10:02
*** germs has quit IRC10:02
*** germs has joined #openstack-keystone10:02
*** germs has quit IRC10:07
*** jaosorior has joined #openstack-keystone10:08
*** bigdogstl has joined #openstack-keystone10:15
*** links has quit IRC10:16
*** namnh has quit IRC10:16
*** bigdogstl has quit IRC10:20
*** annp has quit IRC10:21
*** bigdogstl has joined #openstack-keystone10:26
*** lifeless has quit IRC10:26
*** lifeless has joined #openstack-keystone10:27
*** links has joined #openstack-keystone10:29
*** bigdogstl has quit IRC10:31
*** bigdogstl has joined #openstack-keystone10:39
*** bigdogstl has quit IRC10:43
*** bigdogstl has joined #openstack-keystone10:48
*** bigdogstl has quit IRC10:53
*** lifeless_ has joined #openstack-keystone10:57
*** lifeless has quit IRC10:57
*** dklyle has quit IRC11:02
*** bigdogstl has joined #openstack-keystone11:12
*** edmondsw has joined #openstack-keystone11:12
*** edmondsw has quit IRC11:16
*** bigdogstl has quit IRC11:17
*** edmondsw has joined #openstack-keystone11:20
*** sonuk_ has joined #openstack-keystone11:20
*** sonuk has quit IRC11:24
*** sonuk has joined #openstack-keystone11:26
*** sonuk_ has quit IRC11:26
*** liuzz has quit IRC11:27
*** felipemonteiro has joined #openstack-keystone11:31
*** dklyle has joined #openstack-keystone11:36
*** felipemonteiro has quit IRC11:48
*** felipemonteiro has joined #openstack-keystone11:49
*** raildo has joined #openstack-keystone12:01
*** germs has joined #openstack-keystone12:03
*** germs has quit IRC12:03
*** germs has joined #openstack-keystone12:03
*** felipemonteiro has quit IRC12:04
*** felipemonteiro has joined #openstack-keystone12:04
*** germs has quit IRC12:08
*** pcichy has joined #openstack-keystone12:11
*** sonuk has quit IRC12:15
*** r-daneel has quit IRC12:22
*** AlexeyAbashkin has joined #openstack-keystone12:29
*** r-daneel has joined #openstack-keystone12:32
*** links has quit IRC12:33
*** felipemonteiro_ has joined #openstack-keystone12:35
*** felipemonteiro has quit IRC12:38
hrybackio/13:00
*** felipemonteiro_ has quit IRC13:06
*** felipemonteiro_ has joined #openstack-keystone13:07
*** felipemonteiro_ has quit IRC13:11
*** bigdogstl has joined #openstack-keystone13:12
*** lifeless_ has quit IRC13:16
*** bigdogstl has quit IRC13:17
*** jaosorior has quit IRC13:20
*** spilla has joined #openstack-keystone13:29
*** nicolasbock has joined #openstack-keystone13:30
lbragstado/13:37
lbragstadkmalloc: i owe you flask reviews13:37
*** openstackgerrit has joined #openstack-keystone13:49
openstackgerritJohannes Grassler proposed openstack/keystone master: Migrations for application credential capabilities  https://review.openstack.org/57277613:49
*** Alexey_Abashkin has joined #openstack-keystone13:51
hrybackio/13:52
hrybackikmalloc lbragstad do y'all remember any client changes related to: https://review.openstack.org/#/c/568877/2/ ?13:52
*** AlexeyAbashkin has quit IRC13:53
*** Alexey_Abashkin is now known as AlexeyAbashkin13:53
lbragstadhrybacki: not that i can remember - but mordred would probably know better than I would13:53
*** david-lyle has joined #openstack-keystone13:56
hrybackiack thanks lbragstad13:57
*** dklyle has quit IRC13:58
*** dave-mccowan has joined #openstack-keystone13:59
kmallocyeah no client changes [yet]14:03
kmallocbut mostly it was for sdk14:03
lbragstadhrybacki: https://review.openstack.org/#/c/558903/ merged14:04
lbragstadhttps://review.openstack.org/#/c/559129/9/keystone/tests/unit/base_classes.py is an example of how you can reuse the bootstrap module to get a env for testing14:04
hrybackilbragstad: ack, I based my changes off of it14:05
*** xinran__ has joined #openstack-keystone14:05
hrybackiand I integrated my tests into the Boostrap CLI tests14:05
lbragstadnice14:05
*** dave-mcc_ has joined #openstack-keystone14:06
*** dave-mccowan has quit IRC14:08
*** felipemonteiro has joined #openstack-keystone14:09
lbragstadkmalloc: right here you mention "cross-talk" https://review.openstack.org/#/c/559129/9/keystone/tests/unit/base_classes.py14:10
lbragstadsorry - wrong link14:10
lbragstadhttps://review.openstack.org/#/c/568377/9/keystone/server/flask/application.py,unified@13114:10
lbragstadby that do you mean referencing sub-systems from each other?14:11
*** felipemonteiro_ has joined #openstack-keystone14:11
lbragstade.g. the resource API calling to the identity API, etc..14:11
kmallocyeah14:11
kmallocthere has been issues with cross talk from driver->manager and the like14:12
lbragstadso - moving to seperate wsgi apps will mitigate that?14:12
kmallocvs manager->manager14:12
lbragstadoh14:12
kmallocif it doesn't run in the same namespace, it could14:12
kmallocbasically force it to dispatch between subsystems14:12
kmalloc(HTTP request) even unauth/priv14:12
kmallocand you can't "python code" across subsystems14:13
kmallocand some of the odder interactions are for similar reasons14:13
lbragstadare we going to have to rewrite code that asks for things from other subsystem managers?14:13
kmallocnope, that comment was mostly a context comment14:13
kmallocit will be deleted when the middleware is deleted14:14
kmallocin fact, i'll just yank it in the next round of patches.14:14
lbragstadhttps://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/core.py#n20614:14
lbragstadok14:14
kmalloceither as the cleanup one or as a patchset14:14
kmallocwe have some badly written and linked subsystems14:15
lbragstadi guess i read that comment and thought it might affect places where we call manage->manager14:15
kmallocthat was one of the things we had to work around because of forign-keys14:15
lbragstadright14:15
*** felipemonteiro has quit IRC14:15
kmallocif these were all indepedant python apps you couldn't do user lookup->project lookup, you'd need to call the route to project_lookup14:16
kmallocand you couldn't just "load the data" behind the scenes14:16
lbragstadoh - by calling the manager directly you mean14:16
kmallocye[p14:16
lbragstadgot it14:16
kmallocor worse14:16
kmallocin the driver14:16
kmallocat the SQL level14:17
lbragstadthat would absolutely destroy our tests14:17
lbragstadwe rely on that a lot to set things up14:17
kmallocif we were to redesign each subsystem as a separate app, we'd need to re-work testingf14:17
kmallocand a lot of it would be internal "cross talk" just not call python code14:18
kmallocideally, i wanted to setup a test suite (not doable now) where each subsystem was in it's own isolated sql db14:18
kmallocbecause we designed it to "sortof" work like that14:18
kmallocbut with global [SQL] conf it isn't great.14:19
kmallocit would force us to make sure that each subsystem really was isolated and could be run with *any* developed driver14:19
kmallocback when dolphm was ptl i floated the idea of splitting identity and assignment (back when that was about the only systems we had) into two wsgi apps that didn't run in the same wsgi container14:20
kmallocwould have been much easier back then :)14:20
lbragstadyeah - vaguely remember that discussion14:20
*** felipemonteiro_ has quit IRC14:22
kmallocalso, because i'm using __all__ the setup_middleware can't be _setup_middleware unless i import core directly14:22
kmalloci don't want to put a private thing in __all__14:22
lbragstadthat's fine14:23
kmalloc(which reminds me, i need to update all our packages with __all__ in each __init__.py when i do the next part of flask work14:23
*** felipemonteiro has joined #openstack-keystone14:23
kmalloci want to be able to use the IDE debuggers and lacking __all__ means py3 built-in debuggers sometimes get cranky...also, it's "good code" to do so14:24
kmalloconce i'm done i'll add a test to check for __all__ in all modules.14:24
*** AlexeyAbashkin has quit IRC14:28
lbragstadare we removing the rest of the v2.0 bits in another follow on?14:28
kmallocyes14:29
kmalloci didn't route it here14:29
kmallocbut i didn't want to change too much14:29
lbragstadok - just wondering]14:29
kmallocthis was just the minimum to route our stuff without paste and use flask as the base app14:29
kmalloci'll have a delete v2.0 thing before the paste-deploy delete stuff lands14:29
kmallocthen the big code shuffle(tm) lands14:30
kmalloci'll have a rel-note for flask+no_paste.deploy use today.14:30
kmallocif there is nothing else that must be changed in the "move to flask" patch14:30
lbragstadcool14:31
kmallocthe big code shuffle should be internal/non-user affecting14:32
kmallocso, not too worried about capturing it in the upgrade note14:32
lbragstadso far it's just those two patches right?14:32
lbragstadall the testing cleanup landed14:32
kmallocyep14:33
lbragstadcool14:33
cwrightHi again, a couple days ago I asked here about enabling the auditing middleware in keystone. I'm still struggling with this.14:34
cwrightWhere in the keystone pipeline am I supposed to insert the `audit` filter?14:34
kmalloclbragstad: ah, i need to add a flag for audit-middleware too!14:34
kmalloclbragstad: with the debug one14:34
kmalloclbragstad: good to note.14:34
kmalloccwright: honestly, i'm not sure.14:34
kmalloclbragstad: that is a to-do followup bit to the current flask one as well.14:35
kmallocshould have that done today.14:35
*** AlexeyAbashkin has joined #openstack-keystone14:36
kmallocwell, relnote, [wsgi] conf stuff, cleanup, and respin of "drop paste deploy"14:36
knikollao/14:36
*** felipemonteiro has quit IRC14:37
*** felipemonteiro has joined #openstack-keystone14:37
kmalloccwright: if you can give me a bit [need to do morning things, like walk dogs, food] i can look into where it should be.14:39
kmalloccwright: if someone else doesn't get to it first.14:39
kmallocmight be an hour or 1.5 hours before i am able to do so14:39
cwrightkmalloc: thanks, I might be offline by then but I can check back later. I really appreciate it. I just can't find any comprehensive docs on how to enable the audit notifications in keystone14:43
kmalloccwright: well, in Rocky it will be a flag in keystone's conf14:44
kmalloccwright: provided i can land this big patch i'm working on14:44
cwrightgreat14:44
kmalloccwright: trying to eliminate paste.deploy because it's opaque and hard to work with [and not maintained as a library]14:45
kmallocas you're finding out14:45
cwrightthe two pieces that aren't clear right now are: 1) where in the pipeline does audit get inserted, and 2) an full example audit map for keystone14:46
*** r-daneel has quit IRC14:46
*** felipemonteiro_ has joined #openstack-keystone14:50
*** itlinux has quit IRC14:50
*** felipemonteiro has quit IRC14:53
*** dave-mcc_ has quit IRC14:56
*** dave-mccowan has joined #openstack-keystone15:05
*** bigdogstl has joined #openstack-keystone15:13
*** AlexeyAbashkin has quit IRC15:14
*** AlexeyAbashkin has joined #openstack-keystone15:16
lbragstadlooks like this was from the operator and user feedback session in Vancouver - https://bugs.launchpad.net/keystone/+bug/177298815:16
openstackLaunchpad bug 1772988 in OpenStack Identity (keystone) "Upgrade procedure performance issues" [Undecided,In progress] - Assigned to Romain LE DISEZ (rledisez)15:16
*** bigdogstl has quit IRC15:17
kmalloclbragstad: yes.15:20
kmalloclbragstad: they proposed the SQL fixes and we need to be more critical in the migrations in the future15:20
kmallocso we don't do that again15:21
openstackgerritMorgan Fainberg proposed openstack/keystonemiddleware master: Follow the new PTI for document build  https://review.openstack.org/56295115:22
*** pcaruana has quit IRC15:23
*** r-daneel has joined #openstack-keystone15:27
*** itlinux has joined #openstack-keystone15:36
*** germs has joined #openstack-keystone15:37
*** germs has quit IRC15:37
*** germs has joined #openstack-keystone15:37
*** germs has quit IRC15:37
*** germs has joined #openstack-keystone15:38
*** germs has quit IRC15:38
*** germs has joined #openstack-keystone15:38
*** felipemonteiro_ has quit IRC15:38
*** itlinux has quit IRC15:52
*** homeski has quit IRC16:03
*** homeski has joined #openstack-keystone16:04
openstackgerritMerged openstack/oslo.policy master: trivial: Fix file permissions  https://review.openstack.org/56718216:06
*** homeski has quit IRC16:12
*** homeski has joined #openstack-keystone16:12
openstackgerritLance Bragstad proposed openstack/keystone master: Clarify scope responses in authentication api ref  https://review.openstack.org/57130916:13
openstackgerritLance Bragstad proposed openstack/keystone master: Clarify scope responses in authentication api ref  https://review.openstack.org/57130916:21
*** homeski has quit IRC16:21
*** homeski has joined #openstack-keystone16:22
openstackgerritLance Bragstad proposed openstack/keystone master: Clarify scope responses in authentication api ref  https://review.openstack.org/57130916:26
lbragstadjohnthetubaguy: nice write up - https://www.stackhpc.com/openstack-forum-vancouver-2018.html16:31
kmalloclbragstad: releasenote change being posted shortly16:34
lbragstadsweet16:34
kmalloclbragstad: then i'll do the added cleanup patches16:34
lbragstadsounds good16:34
kmallocaudit middleware we need to do some testing before i add the new blocks for16:34
kmallocbut debug middleware has been posted16:34
kmallocoh hah i didn't git review it... whatever16:35
kmallocit'll be up shortly16:35
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add in ability to load DEBUG middleware  https://review.openstack.org/57282616:35
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add Flaskification release-note  https://review.openstack.org/57282716:35
kmalloclbragstad: ^16:36
lbragstadgood deal16:36
lbragstadi'm gonna run real quick, but i'll review as soon as i get back16:36
lbragstadkmalloc: interested in stepping the new token model stuff now that the CLI/bootstrap patch is done?16:36
lbragstadstepping through*16:37
*** homeski has quit IRC16:37
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add Flaskification release-note  https://review.openstack.org/57282716:37
*** homeski has joined #openstack-keystone16:37
kmalloclbragstad: sure. let me get the cleanup patches posted16:38
kmallocand then i'll step through the token model bits16:38
kmallocbefore diving into "MASSIVE CODE SHUFFLE" mode.16:38
lbragstadack16:39
*** AlexeyAbashkin has quit IRC16:57
*** david-lyle has quit IRC16:59
kmallocOMG, this feels good.  12 files changed, 9 insertions(+), 694 deletions(-)17:03
*** ckonstanski has joined #openstack-keystone17:11
*** bigdogstl has joined #openstack-keystone17:14
*** bigdogstl has quit IRC17:19
*** sapd2 has joined #openstack-keystone17:25
sapd2Hi Guys! Does anyone concern about time to issue a token in recently release of openstack? It too slow to get a new token when compare with keystone v2 (kilo version).17:27
lbragstadsapd2: what version are you using?17:29
lbragstadare you using fernet?17:29
*** gyee has joined #openstack-keystone17:30
*** edmondsw has quit IRC17:32
lbragstadkmalloc: hrybacki gagehugo knikolla cmurphy is there anything we want to merge before tomorrow's rocky-2 deadline?17:33
lbragstadotherwise i'll get that patch posted to openstack/releases17:33
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove the rest of v2.0 legacy  https://review.openstack.org/57284617:33
hrybackilbragstad: no open specs I need to merge AFAIK17:33
lbragstadanything to keystone server?17:34
hrybackitomorrow is spec freeze, not feature freeze, right?17:34
*** xinran__ has quit IRC17:34
lbragstadright - but we will be cutting rocky-2 tomorrow17:35
lbragstadjust checking with everyone to see if there is anything people want included in that milestone17:35
cmurphylbragstad: some easy ksm patches https://review.openstack.org/571470 https://review.openstack.org/570503 https://review.openstack.org/57044817:35
lbragstadcmurphy: ack - will review17:36
lbragstadgood call17:36
lbragstadif anyone has anything else they want included in rocky-2 release, just ask me to review today17:36
kmalloclbragstad: lets cut it where we're at17:36
kmallocr-3 can include flask change over17:36
openstackgerritMorgan Fainberg proposed openstack/keystone master: Flaskification cleanup  https://review.openstack.org/57284817:37
lbragstadi don't think any of the feature work is close enough to include in rocky-217:37
kmalloclbragstad: one more patch, cleanup all the paste-deploy stuff17:37
lbragstadwhich means rocky-3 is going to be... interesting17:37
kmallocand we're at the point where we can start moving code to flask (native)17:37
*** jamiec_ has quit IRC17:37
lbragstadsweet17:37
kmallocalso chasing down another deprecation warning from oslo.config17:37
kmallocso we can eliminate more "OMG SPAM"17:38
*** jamiec has joined #openstack-keystone17:38
lbragstadeasy reviews if anyone has time https://review.openstack.org/#/c/570448/1 https://review.openstack.org/#/c/571470/17:39
*** dklyle has joined #openstack-keystone17:40
lbragstadhttps://review.openstack.org/57284917:41
lbragstadmordred: is there anything you want included in ksa before we cut rocky-2?17:42
lbragstadactually - nevermind17:43
sapd2lbragstad: I'm using queens release and fernet token.17:43
lbragstadwe just did a ksa release17:43
lbragstadsapd2: do you have caching enabled?17:43
sapd2lbragstad[m]: use memcached for caching token in keystone.17:44
lbragstadhave you enabled caching in keystone's configuration fiel?17:44
lbragstadfile*17:44
sapd2It takes 1.5 seconds to get a new token.17:44
sapd2lbragstad:  yep.17:44
*** edmondsw has joined #openstack-keystone17:45
lbragstadare you storing passwords and users in sql?17:45
sapd2[cache]17:45
sapd2enable = True17:45
sapd2backend = dogpile.cache.memcached17:45
sapd2backend_argument = url:172.19.8.14:1121117:45
sapd2[catalog]17:45
sapd2caching = True17:45
sapd2[domain_config]17:45
sapd2caching = True17:45
sapd2[federation]17:45
sapd2caching = True17:45
sapd2[revoke]17:45
sapd2caching = True17:45
sapd2[role]17:46
sapd2caching = True17:46
sapd2[token]17:46
sapd2caching = True17:46
sapd2caching_on_issue = True17:46
sapd2[identity]17:46
sapd2caching = True17:46
sapd2cache_time = 60017:46
sapd2lbragstad: yes. I'm using sql backend17:46
lbragstadsapd2: fwiw - http://paste.openstack.org/17:46
openstackgerritMerged openstack/keystonemiddleware master: Fix the title in index.rst  https://review.openstack.org/57050317:46
lbragstadsapd2: do you know what your configuration option is for crypt_strength https://docs.openstack.org/keystone/latest/configuration/config-options.html#DEFAULT.crypt_strength ?17:47
sapd2lbragstad: my config for cache: http://paste.openstack.org/show/722822/17:47
sapd2lbragstad: I use default config for crypt_strength17:48
lbragstadok - that does affect performance, too17:48
lbragstadbut can you confirm the cache is being hit?17:48
sapd2lbragstad: I saw ESTABLISHED connection between keystone and memcached.17:51
sapd2lbragstad: and I get stats from memcached, It show "STAT get_hits 154042740"17:51
*** dave-mccowan has quit IRC17:52
sapd2lbragstad: How long does it take to get a new token in your system ?17:53
mordredlbragstad: yah - ksa is in pretty good shape17:58
mordredlbragstad: maybe we want to consider https://review.openstack.org/#/c/570934/ though?17:58
kmallocmordred: ++17:59
mordredactually ...17:59
mordredthat won't allow us to get rid of the similar code in sdk17:59
mordredwhich doesn't mean we shouldn't land it17:59
kmallocmordred: +218:01
kmallocmordred: it's good, i'd like to see one more test but meh, it's not a blocker by any stretch18:01
kmallocmordred:  31 files changed, 58 insertions(+), 1449 deletions(-)18:02
*** boris_42_ has joined #openstack-keystone18:07
*** jmlowe has quit IRC18:23
lbragstadsapd2: i can check18:30
*** itlinux has joined #openstack-keystone18:33
kmalloclbragstad: damn i'm good, 1 test failure in 1449 deletions locally18:34
kmalloc;)18:34
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove pastedeploy  https://review.openstack.org/57197918:35
kmalloclbragstad: ^ the paste.deploy-ectomy is complete18:36
lbragstadgood deal18:36
lbragstadthanks!18:36
kmallocthat covers everything except the "move to flask framework" for routes and code shuffle(tm)18:37
kmalloci am going to hold on those until we have general "ok to move forward" with these bits.18:37
kmallocjust because a rebase of this will get ugly fast.18:38
lbragstadsapd2: this is what i get locally with devstack http://paste.openstack.org/show/722823/18:39
*** fiddletwix has quit IRC18:39
lbragstadsapd2: granted, this is devstack and i'm using a client on the same machine as the server, so network traffic isn't an issue18:39
*** dave-mccowan has joined #openstack-keystone18:39
lbragstadsapd2: this is my keystone.conf http://paste.openstack.org/show/722824/18:40
lbragstadwhich is pretty basic and is just laid down by devstack18:40
kmallocmnaser: https://review.openstack.org/#/c/572827/ see, we didn't forget this time18:49
openstackgerritDoug Hellmann proposed openstack/oslo.policy master: fix tox python3 overrides  https://review.openstack.org/57287918:50
openstackgerritDoug Hellmann proposed openstack/oslo.policy master: fix tox python3 overrides  https://review.openstack.org/57287918:54
*** mvk has quit IRC18:54
mnaserkmalloc: :D18:59
mnaserhttps://docs.openstack.org/releasenotes/keystone/queens.html oh interesting19:00
mnaserit didnt show up as a seperate release19:00
kmallochasn't landed yet :P19:02
kmallocbut... it's in queue19:02
kmalloc:)19:02
kmallocfor review*19:02
kmallocalso.. *waves hands* NO MORE V2 KEYSTONE CODE.19:03
* kmalloc hides ksm and ksa code that handles v2.0 behind a curtain19:03
*** jmlowe has joined #openstack-keystone19:03
* kmalloc shoves said curtain under a bed, then nukes it all from orbit (it's the only way to be sure)19:03
*** jmlowe has quit IRC19:04
*** r-daneel_ has joined #openstack-keystone19:04
*** r-daneel has quit IRC19:04
*** r-daneel_ is now known as r-daneel19:04
*** jmlowe has joined #openstack-keystone19:05
*** martinus__ has quit IRC19:08
*** martinus__ has joined #openstack-keystone19:09
*** dave-mccowan has quit IRC19:10
*** dave-mccowan has joined #openstack-keystone19:11
*** bigdogstl has joined #openstack-keystone19:15
*** martinus__ has quit IRC19:17
*** martinus__ has joined #openstack-keystone19:19
*** bigdogstl has quit IRC19:19
* kmalloc wishes openstack was targeting Python 3.6+ instead of 3.5+19:24
openstackgerritDoug Hellmann proposed openstack/keystoneauth master: fix tox python3 overrides  https://review.openstack.org/57290619:27
openstackgerritDoug Hellmann proposed openstack/keystonemiddleware master: fix tox python3 overrides  https://review.openstack.org/57290719:27
*** bigdogstl has joined #openstack-keystone19:27
openstackgerritDoug Hellmann proposed openstack/pycadf master: fix tox python3 overrides  https://review.openstack.org/57292519:28
portdirecthey - I'm trying to use dex (https://github.com/coreos/dex) for OpenIDC with keystone19:28
portdirectthings are working fine with horizon et all via apache and mod_auth_openidc19:29
portdirectthough I'm having some difficulty using the openstack client to get a token19:29
lbragstadportdirect: interesting19:29
lbragstadi wondering if dims has tried anything similar to that before?19:29
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove the rest of v2.0 legacy  https://review.openstack.org/57284619:30
openstackgerritMorgan Fainberg proposed openstack/keystone master: Flaskification cleanup  https://review.openstack.org/57284819:30
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove pastedeploy  https://review.openstack.org/57197919:30
portdirectlbragstad: for context this is my apache config: https://review.openstack.org/#/c/572237/5/keystone/templates/etc/_wsgi-keystone.conf.tpl19:30
sapd2lbragstad: Could you tell me result?19:31
portdirectany ideas on how to translate this to a sutable set of flags/env vars for openatck cli?19:31
*** sapd2 has quit IRC19:31
portdirectI've tried many variations on this, though think I'm prob barking up the wrong tree:19:32
* dims reads scrollback19:32
portdirecthttps://www.irccloud.com/pastebin/hVGB4YCr/19:32
*** bigdogstl has quit IRC19:32
lbragstadsapd: did you happen to see my last couple pastes?19:33
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add Flaskification release-note  https://review.openstack.org/57282719:34
*** lifeless has joined #openstack-keystone19:35
kmalloclbragstad: ^ fixed release note19:35
lbragstadcool19:35
kmallocdims: oh hi there!19:35
kmalloclbragstad: rebased the chain to get them not dep. on the release note19:37
dimsportdirect : so massopen.cloud has a federated cloud and here's their faq on SSO from CLI - https://osticket.massopen.cloud/kb/faq.php?id=1619:37
dimsdoes that help? ^19:37
dimsknikolla takes care of it all ^19:38
knikolla:)19:41
portdirectdims: no joy :(19:42
portdirecthttps://www.irccloud.com/pastebin/mnVBkC9P/19:43
portdirectI'll see if i can get time to set up with keycloak instead of dex19:43
knikollalooking19:43
portdirectas all the examples i see out there use it19:43
knikollaportdirect: the issue is that you have not enabled the correct grant19:44
knikollayou need to enable Resource Owner Password Credentials Grant19:45
lbragstadkmalloc: here is some refactoring for some other comments i was about to post on the v2.0 change19:45
lbragstadhttp://paste.openstack.org/show/722830/19:45
lbragstadit fixes the _paste_in_port() method to be more accurate19:45
lbragstadand removes some of the if statements since we're only dealing with v3 versions now19:45
portdirectknikolla: thanks :) https://github.com/coreos/dex/pull/116319:46
*** r-daneel has quit IRC19:46
portdirectI'll have a look at the above pr - and see if it gets me home and dry19:47
*** r-daneel has joined #openstack-keystone19:47
portdirectthanks dims lbragstad as well :)19:47
knikollacool19:47
dimsw00t19:47
*** jmlowe has quit IRC19:50
*** blake has joined #openstack-keystone19:50
kmalloclbragstad: i'd say push that as a patch on the end19:50
kmalloclbragstad: vs. roll it inot the v2 change. the v2 deletion change still leaves scaffolding in case we wanted v4, for example19:50
lbragstadok19:51
lbragstadthat's fine19:51
kmalloctrying to keep the patches as narrow as i can.19:51
lbragstadi left the diff as a commento the review19:51
kmalloccool.19:51
lbragstadcomment on*19:51
*** dave-mcc_ has joined #openstack-keystone19:52
dimsknikolla : i'll show up in your neck of woods next monday i think19:52
*** dave-mccowan has quit IRC19:53
knikolladims: cool! what brings you around?19:55
dimssomeone else in huawei is visiting Orran and i'll tag along19:56
openstackgerritMorgan Fainberg proposed openstack/keystone master: Remove duplicated test  https://review.openstack.org/57294319:56
kmalloclbragstad: ^ for the v2 test.19:58
openstackgerritMerged openstack/keystoneauth master: Add optional support for retrying certain HTTP codes  https://review.openstack.org/57093419:58
kmalloclbragstad: otherwise yeah we should just toss that refactor onto the end of the chain19:58
kmalloclbragstad: and it simplifies our code nicely19:59
*** blake has quit IRC20:05
*** blake__ has joined #openstack-keystone20:05
openstackgerritMorgan Fainberg proposed openstack/keystone master: Add Flaskification release-note  https://review.openstack.org/57282720:07
openstackgerritDoug Hellmann proposed openstack/keystone master: fix tox python3 overrides  https://review.openstack.org/57296320:07
kmalloclbragstad: whoopse, typo in releasenote20:07
*** jmlowe has joined #openstack-keystone20:07
*** pooja-jadhav has joined #openstack-keystone20:13
*** pooja_jadhav has quit IRC20:13
*** bhagyashri_s has quit IRC20:13
*** bhagyashri_s has joined #openstack-keystone20:13
*** blake__ is now known as blake20:13
*** raildo has quit IRC20:15
*** dave-mcc_ has quit IRC20:15
openstackgerritMerged openstack/keystonemiddleware master: Switch coverage tox env to stestr  https://review.openstack.org/57147020:26
openstackgerritMerged openstack/keystonemiddleware master: Don't rely on pbr ChangeLog for docs  https://review.openstack.org/57044820:26
lbragstadsapd: this is the timing i got locally - http://paste.openstack.org/show/722823/20:31
openstackgerritMerged openstack/keystone master: Revert "Rename fernet_utils to token_utils"  https://review.openstack.org/56620820:37
itlinuxHello all, what is the right way to add this option into my AD/ config OPT_REFERRALS20:44
openstackgerritDoug Hellmann proposed openstack/keystonemiddleware master: fix tox python3 overrides  https://review.openstack.org/57290720:55
*** felipemonteiro has joined #openstack-keystone21:02
*** felipemonteiro_ has joined #openstack-keystone21:03
*** jmlowe has quit IRC21:05
*** felipemonteiro has quit IRC21:07
*** felipemonteiro_ has quit IRC21:09
*** edmondsw has quit IRC21:09
*** nicolasbock has quit IRC21:14
*** martinus__ has quit IRC21:15
*** lifeless_ has joined #openstack-keystone21:22
*** lifeless has quit IRC21:23
*** jmlowe has joined #openstack-keystone21:25
*** bigdogstl has joined #openstack-keystone21:28
kmallocayoung: you know you want your name on https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:flaskification and the -1400+ lines :)21:30
kmalloc(not so subtle, hey review it) -- fixed the paste-ini issue so we kept the file, but stripped it's usage and put a comment in21:31
*** itlinux has quit IRC21:36
ayoungkmalloc, +2A.  Damnation that felt good.21:36
*** itlinux has joined #openstack-keystone21:37
*** bigdogstl has quit IRC21:37
kmallocit's not all gone, but we are well on the wait to getting away from custom WSGI+WebOb and to Flask+Werkzeurg21:37
*** itlinux has quit IRC21:37
kmallocWerkzeug*21:37
kmallocand way*21:38
*** bigdogstl has joined #openstack-keystone21:40
*** bigdogstl has quit IRC21:45
*** bigdogstl has joined #openstack-keystone21:48
*** bigdogstl has quit IRC21:53
*** rcernin has joined #openstack-keystone21:54
*** r-daneel has quit IRC21:58
*** r-daneel has joined #openstack-keystone21:59
*** edmondsw has joined #openstack-keystone22:06
*** bigdogstl has joined #openstack-keystone22:09
*** edmondsw has quit IRC22:10
openstackgerritMerged openstack/keystonemiddleware master: Follow the new PTI for document build  https://review.openstack.org/56295122:14
*** bigdogstl has quit IRC22:14
openstackgerritLance Bragstad proposed openstack/keystone-specs master: Hierarchical Unified Limits  https://review.openstack.org/54080322:17
lbragstadwxy: i summarized some of the notes in ^22:17
lbragstadspecifically in the future work section22:17
lbragstadi was going to pull that out into another change and I amended it on accident :(22:18
lbragstadcc kmalloc ^22:18
lbragstadlet me know if i got the aggregate bits right22:18
kmallocsure. i'm sure it's fine22:18
kmallocalso... i have a magic invocation to undo git -a --amend22:19
kmallocfwiw, if you need it in the future22:19
lbragstadi would22:19
lbragstadi would've liked it about 3 minutes ago22:19
lbragstad;)22:19
kmallocLGTM.22:20
kmalloclbragstad: https://gist.github.com/tennisonchan/dce447b8aaf2db287cad22:21
lbragstadso - an aggregate is a sum of all child aggregates and current usage?22:21
kmallocyes22:21
lbragstadok22:21
*** jmlowe has quit IRC22:24
*** bigdogstl has joined #openstack-keystone22:25
*** spilla has quit IRC22:30
*** bigdogstl has quit IRC22:30
*** lifeless_ has quit IRC22:34
adriantcmurphy: yeah it's weird as hell: http://logs.openstack.org/86/572286/5/check/openstack-tox-py35/7fd159e/testr_results.html.gz22:34
*** lifeless has joined #openstack-keystone22:34
* adriant is unsure what he did to cause those failures22:35
*** bigdogstl has joined #openstack-keystone22:43
*** jmlowe has joined #openstack-keystone22:45
*** bigdogstl has quit IRC22:50
*** threestrands has joined #openstack-keystone22:51
*** bigdogstl has joined #openstack-keystone22:58
*** eandersson_ is now known as eandersson22:59
*** bigdogstl has quit IRC23:07
*** bigdogstl has joined #openstack-keystone23:18
*** jmlowe has quit IRC23:22
*** bigdogstl has quit IRC23:22
*** jmlowe has joined #openstack-keystone23:24
*** bigdogstl has joined #openstack-keystone23:25
*** bigdogstl has quit IRC23:32
openstackgerritMerged openstack/keystone master: Convert Keystone to use Flask  https://review.openstack.org/56837723:41
*** bigdogstl has joined #openstack-keystone23:42
*** lifeless has quit IRC23:46
*** lifeless has joined #openstack-keystone23:46
*** bigdogstl has quit IRC23:47
*** r-daneel has quit IRC23:47
*** edmondsw has joined #openstack-keystone23:54
*** edmondsw has quit IRC23:59
« Tuesday, 2018-06-05 Index Thursday, 2018-06-07 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!