Monday, 2018-10-01

« Sunday, 2018-09-30 Index Tuesday, 2018-10-02 »
*** felipemonteiro has quit IRC00:25
vishakhacmurphy: :)00:36
openstackgerritGage Hugo proposed openstack/keystone master: Organize project tag api-ref by route  https://review.openstack.org/60687401:41
*** markvoelker has joined #openstack-keystone02:40
*** markvoelker has quit IRC02:45
*** markvoelker has joined #openstack-keystone02:50
*** Dinesh_Bhor has joined #openstack-keystone03:31
*** pooja_jadhav has joined #openstack-keystone03:55
*** Dinesh_Bhor has quit IRC03:56
*** pcaruana has joined #openstack-keystone04:06
*** shyamb has joined #openstack-keystone04:15
*** pcaruana has quit IRC04:23
*** shyamb has quit IRC04:45
*** shyamb has joined #openstack-keystone05:07
*** huaxia has joined #openstack-keystone05:11
*** Dinesh_Bhor has joined #openstack-keystone05:29
*** jaosorior has joined #openstack-keystone05:37
openstackgerritVishakha Agarwal proposed openstack/keystone master: Purge soft-deleted trusts  https://review.openstack.org/60497005:39
*** shyamb has quit IRC05:42
*** shyamb has joined #openstack-keystone05:45
*** pcaruana has joined #openstack-keystone05:51
*** shyamb has quit IRC06:07
openstackgerritVishakha Agarwal proposed openstack/keystone master: Adresses LDAP case-sensitive issue  https://review.openstack.org/60334506:09
*** shyamb has joined #openstack-keystone06:09
*** huaxia has quit IRC06:31
*** markvoelker has quit IRC06:33
*** markvoelker has joined #openstack-keystone06:34
*** markvoelker has quit IRC06:38
*** shyamb has quit IRC06:51
*** shyamb has joined #openstack-keystone06:55
*** sapd1 has quit IRC07:26
*** Emine has joined #openstack-keystone07:29
*** Dinesh_Bhor has quit IRC07:33
*** markvoelker has joined #openstack-keystone07:34
*** Dinesh_Bhor has joined #openstack-keystone07:35
*** shyamb has quit IRC07:38
*** Dinesh_Bhor has quit IRC07:44
*** zigo has joined #openstack-keystone07:46
*** d0ugal has joined #openstack-keystone07:52
*** sapd1 has joined #openstack-keystone08:17
*** pooja-jadhav has joined #openstack-keystone08:38
*** pooja_jadhav has quit IRC08:40
*** shyamb has joined #openstack-keystone08:41
*** pooja_jadhav has joined #openstack-keystone08:44
*** pooja-jadhav has quit IRC08:44
*** pooja-jadhav has joined #openstack-keystone08:44
*** shyamb has quit IRC08:45
*** shyamb has joined #openstack-keystone08:45
*** pooja_jadhav has quit IRC08:46
*** pooja_jadhav has joined #openstack-keystone08:49
*** pooja-jadhav has quit IRC08:52
*** Dinesh_Bhor has joined #openstack-keystone08:57
*** Dinesh_Bhor has quit IRC09:05
*** sapd1_ has joined #openstack-keystone09:06
*** sapd1 has quit IRC09:06
*** Dinesh_Bhor has joined #openstack-keystone09:06
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remaining cases of MappingEngineTester  https://review.openstack.org/60691209:10
*** Dinesh_Bhor has quit IRC09:22
openstackgerritVishakha Agarwal proposed openstack/keystone master: Purge soft-deleted trusts  https://review.openstack.org/60497009:26
*** shyamb has quit IRC09:30
openstackgerritVishakha Agarwal proposed openstack/keystone master: Purge soft-deleted trusts  https://review.openstack.org/60497009:33
*** shyamb has joined #openstack-keystone09:37
*** Dinesh_Bhor has joined #openstack-keystone09:53
*** felipemonteiro has joined #openstack-keystone09:53
*** shyamb has quit IRC10:22
*** shyamb has joined #openstack-keystone10:35
*** shyamb has quit IRC10:42
*** Dinesh_Bhor has quit IRC10:49
*** dave-mccowan has joined #openstack-keystone10:57
*** shyamb has joined #openstack-keystone10:59
*** jaosorior has quit IRC11:27
*** felipemonteiro has quit IRC11:34
*** phillu has joined #openstack-keystone11:54
*** markvoelker has quit IRC11:56
*** raildo has joined #openstack-keystone12:02
*** jaosorior has joined #openstack-keystone12:10
*** dave-mccowan has quit IRC12:22
*** Emine has quit IRC12:38
*** krypto has joined #openstack-keystone12:38
*** lbragstad has joined #openstack-keystone12:39
*** ChanServ sets mode: +o lbragstad12:39
kryptohi all i have newton release of openstack with domain based AD  configured.For enabling 2 FA does it require re configuring keystone or can the change be integrated with out re configuration12:40
*** lbragstad has quit IRC12:40
*** mchlumsky has joined #openstack-keystone12:45
kmallockrypto: the 2fa built into Keystone or a 2fa built into AD.12:47
kmallocThe keystone version is very rough around the edges still. We expect to enhance it and make it more usable this cycle12:48
kmalloc(so stien and after)12:48
cmurphykrypto: if you're wanting to use TOTP as the 2nd auth factor you need to add totp to [auth]/methods in keystone.conf, i think all other changes can be done via the API but there is pretty much 0 documentation on it12:49
kmalloccmurphy: ++12:49
kmallockrypto: and I don't think keystoneauth (and therefore horizon or any tool) can use 2fa easily12:50
kmallocSo, it would require direct auth via rest calls not leaning on the current tool chains.12:51
*** shyamb has quit IRC12:51
kryptoThanks Kmalloc for the reply. For now there is no 2FA integrated with AD/keystone .On already running system will it be possible to make the changes without reconfiguring keystone ..lets say if AD will be integrated with 2FA  and not keystoen12:51
kmallocIf AD is handling the 2fa, and it works like many tools, pin+token in lieu of password, no change to keystone is needed.12:52
*** Emine has joined #openstack-keystone12:52
kmallocAD or a tool directly integrated with AD*12:53
kmallocIf it works like Google's 2fa (or security FIDO[2]) with a separate page/prompt for the token, keystone does not have the workflow for that unless it is done in a WebSSO (using something like ADFS for SAML) model12:54
*** jroll has quit IRC12:54
kmallocs/security/security key/12:55
*** jroll has joined #openstack-keystone12:55
*** Emine has quit IRC12:59
*** krypto has quit IRC13:00
*** shyamb has joined #openstack-keystone13:10
openstackgerritayoung proposed openstack/keystone master: LDAP attribute names non-case-sensitive  https://review.openstack.org/60334513:11
*** shyamb has quit IRC13:17
*** Emine has joined #openstack-keystone13:17
*** dave-mccowan has joined #openstack-keystone13:21
kmalloco.O.13:27
kmallocWe treat attr names as.case sensitive... Ugh13:27
*** krypto has joined #openstack-keystone13:29
kryptoThanks kmalloc :)13:29
*** ayoung has joined #openstack-keystone13:34
*** mchlumsky has quit IRC13:37
openstackgerritayoung proposed openstack/keystone master: Allow an explicit_domain_id parameter when creating a domain  https://review.openstack.org/60523513:38
openstackgerritayoung proposed openstack/keystone master: Replace UUID with id_generator for Federated users  https://review.openstack.org/60516913:38
*** mchlumsky has joined #openstack-keystone13:39
*** dklyle has joined #openstack-keystone13:47
*** jaosorior has quit IRC13:48
*** markvoelker has joined #openstack-keystone14:09
*** markvoelker has quit IRC14:15
*** markvoelker has joined #openstack-keystone14:17
*** beekneemech is now known as bnemec14:21
*** itlinux has quit IRC14:25
*** markvoelker has quit IRC14:26
*** cfriesen has joined #openstack-keystone14:57
*** kukacz_ is now known as kukacz14:59
*** krypto has quit IRC15:16
*** krypto has joined #openstack-keystone15:18
*** itlinux has joined #openstack-keystone15:21
*** krypto has quit IRC15:22
*** pcaruana has quit IRC15:30
openstackgerritayoung proposed openstack/keystone master: LDAP attribute names non-case-sensitive  https://review.openstack.org/60334515:31
openstackgerritColleen Murphy proposed openstack/keystone master: LDAP attribute names non-case-sensitive  https://review.openstack.org/60334515:35
cmurphyayoung: ^15:35
ayounggah15:38
ayoungcmurphy, you fixed the nit, too, didn't you?15:38
ayoungHeh15:39
ayoungSlugworth!15:39
ayoungcmurphy, I'll rebase on yours15:39
cmurphyayoung: i thought you fixed the nit, i didn't overwrite that15:39
ayoungAH15:40
ayoungcmurphy, I see...I thought we were in a race condition here, but you got my change.  THanks15:40
cmurphyyep15:40
ayoungTYVM15:40
cmurphyyavw15:41
ayoungkmalloc, https://review.openstack.org/#/c/606195/1  makes all of knikolla 's Federated tests pass.  Once that merges, lets make those tests voting15:46
kmallocayoung: only if we aren't leaning on testshib15:51
kmallocayoung: we can't make test-shib based testing voting15:51
ayoungkmalloc, ah, ok, so we need to spin up our own SSO before we can make it voting?15:52
kmallocayoung: yep15:52
kmallocayoung: otherwise 100% needs to be voting15:52
kmallocno question15:52
ayounghrybacki, I think ^^ is a task for you15:52
knikollao/15:53
ayoungknikolla, you working on that?15:54
kmallocI also need to spin up a functional docker document15:54
kmallocAnd make my docker-unit test more dynamic15:55
knikollai have a patch for k2k testing which i need to polish one of these weeks15:55
knikollabut i'm not working on setting up a different idp atm15:55
kmallocI'll get the docker-test/docker-functional rolled into our official docs15:55
kmallocIf we have a docker-functional folks can run locally, I can expand for federation functional as well (once we have a standip an idp) bit.15:56
kmallocBut first.15:56
kmallocCoffee15:56
kmalloccmurphy: tag me in if you need coverage on stuff while lbragstad is busy. I'm keeping an extra eye on pings (will do the same if I'm swamped)15:57
*** dave-mccowan has quit IRC15:58
cmurphykmalloc: cool, btw i'll plan on chairing the meeting tomorrow16:00
kmalloccmurphy: perfectr16:00
ayoungkmalloc, knikolla what are we going to run in Docker?16:01
kmalloccmurphy: we can swap week to week as needed depending on how long till lbragstad sneaks back online :)16:01
cmurphykmalloc: sounds good16:01
kmallocayoung: i run all my unit tests run in docker, i will work to spin up a docker-functional and docker-function-idp mechanism for our tests locally16:01
ayoungah, cool16:02
kmalloci have a lot to do this week in catchup from last16:02
ayoungkmalloc, I was thinking  that, for our purposes, an IdM instance and Ipsilon would still be the way to go16:02
kmalloc6 doctor appointments in 7 days was a lot.16:02
cmurphyzuul can easily do multinode tests if we want to go that route for separate idp16:02
ayoungWebSSO is too much of a different app16:02
kmalloccmurphy: right. i was thinking strictly for local stuff, replicate the use of loci16:03
*** aojea has joined #openstack-keystone16:03
kmalloccmurphy: and have a command that spins up an idp, configures, and runs functional16:03
kmalloccmurphy: for gate ++ multi node is probably the easiest16:03
kmallocmy new tkl mechanical keyboard will be here in 2 days16:04
kmallocwill make it easier to work between this computer and the workstation (ugh, i wish synergy would run under wayland... but nope, not until next year)16:05
gagehugoo/16:11
spotzHey all quick Pike logs question - Student is seeing UserWarning: Invalid uuid: RegionOne. in his logs when doing an Ubuntu installation based on the docs. Concern not a concern and if it is would you like a bug?16:14
*** aojea has quit IRC16:15
cmurphyspotz: if it's just in the logs and not causing user-facing errors that is probably fine, python-openstackclient does things like that because it doesn't know if you've given it a resource ID or name and so it first tries to treat it as an ID and then tries it as a name16:25
cmurphyso you'll probably see a failed GET /v3/regions/RegionOne and then a successful GET /v3/regions?name=RegionOne16:26
spotzcmurphy: He did reinstall once because he'd made a mistake but says except for that message all is working this time around.16:26
spotzBut that makes sense, I'll let them know thanks!16:26
cmurphyyw16:27
*** gyee has joined #openstack-keystone16:30
kmallocspotz: it's a bug in how we handle things in CADF. we need to add special exemption(s)16:42
kmallocwe have it in a few places.16:42
kmallocit should have zero impact16:42
spotzkmalloc: Thanks, I'm assuming already bugged or would you like me to file one?16:42
kmallocit's not something we have bugged really. it is tough because keystone does things oddly16:43
kmallocit might be a bug already. but i don't think it is16:43
kmallocit is sortof a "known" issue =/16:43
spotzJust let me know:) We do a bit of just fixing and having official bugs for OSA16:43
kmallocyeah.16:43
kmallocfeel free to file a bug16:44
spotzOk will do16:44
kmallocbut i don't know if/when we can fix it, we made some choices in notifications/details that were in opposition with keystone's api/data/contract16:44
kmallocand it's ... a pain to unwind :P16:44
kmalloccmurphy, ayoung: i think simo covered a lot of what we already covered at the PTG16:45
kmalloccmurphy, ayoung: the biggest take away was the pool of crypto mechs. otherwise i *think* we are all on the same page (for the most part) there on JWT/JOSE/16:45
spotzkmalloc: Yeah it's still works fine so it's more of a visual thing and wishlisty16:46
ayoungkmalloc, ++16:46
kmallocayoung: this one is painful. so much unwinding to do: https://review.openstack.org/#/c/603461/216:50
kmallocayoung: i think i'm ~20 hrs into converting auth to flask.16:51
kmallocit's a *nightmare*16:51
kmalloci'm tempted to cheat.16:51
kmallocit's the wrong choice and doesn't fix things.. but ugh.16:52
*** zzzeek_ has joined #openstack-keystone16:53
*** dave-mccowan has joined #openstack-keystone16:54
*** d0ugal has quit IRC16:54
*** aojea has joined #openstack-keystone16:55
*** pcaruana has joined #openstack-keystone16:56
ayoungcheat?17:30
kmallocyeah. just hard convert to webob and back to flask17:42
kmalloclike i did for transition of federation17:43
kmallocbut it wont make anything any easier17:43
kmallocsoooooo.17:43
*** imacdonn has quit IRC17:51
*** imacdonn has joined #openstack-keystone17:52
*** blake has joined #openstack-keystone17:57
*** jmlowe has joined #openstack-keystone18:06
*** imacdonn has quit IRC18:08
*** markvoelker has joined #openstack-keystone18:15
*** imacdonn has joined #openstack-keystone18:21
*** markvoelker has quit IRC18:24
*** jmlowe has quit IRC18:27
*** aojea has quit IRC18:32
*** markvoelker has joined #openstack-keystone18:32
*** aojea has joined #openstack-keystone18:32
*** markvoelker has quit IRC18:37
*** jmlowe has joined #openstack-keystone18:44
*** blake has quit IRC19:04
*** pcaruana has quit IRC20:43
*** raildo has quit IRC21:00
*** phillu has quit IRC21:24
*** itlinux has quit IRC21:39
*** aojea has quit IRC21:41
openstackgerritMerged openstack/keystone master: LDAP attribute names non-case-sensitive  https://review.openstack.org/60334521:44
*** ianw is now known as ianw_pto22:17
*** threestrands has joined #openstack-keystone22:41
*** rcernin has joined #openstack-keystone22:49
*** gyee has quit IRC23:47
kmallocayoung: oooh man. well here we go, down to 8 failing tests... erm 7...23:51
kmallocayoung: gah. so icky.23:51
openstackgerritMorgan Fainberg proposed openstack/keystone master: WIP: Convert auth to flask native dispatching  https://review.openstack.org/60346123:52
« Sunday, 2018-09-30 Index Tuesday, 2018-10-02 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!