Wednesday, 2019-01-23

« Tuesday, 2019-01-22 Index Thursday, 2019-01-24 »
openstackgerritMerged openstack/keystone master: Update idp policies for system reader  https://review.openstack.org/61937100:04
*** efried has joined #openstack-keystone00:05
openstackgerritMerged openstack/keystone master: Add limit protection tests  https://review.openstack.org/62102000:12
kmallocefried: https://docs.openstack.org/nova/latest/configuration/config.html#placement.auth_type is, i think, what you're mapping of the plugin to be is.00:15
*** dklyle has joined #openstack-keystone00:21
openstackgerritMerged openstack/keystone master: Add limit tests for system member role  https://review.openstack.org/62102100:22
*** spsurya has quit IRC00:26
*** david-lyle has joined #openstack-keystone00:27
*** dklyle has quit IRC00:30
*** ileixe has joined #openstack-keystone00:50
*** ileixe has quit IRC00:52
*** ileixe has joined #openstack-keystone00:53
openstackgerritMerged openstack/oslo.policy master: Add policy-upgrade tool  https://review.openstack.org/61390601:02
*** david-lyle has quit IRC01:14
*** lbragstad has quit IRC01:52
*** Dinesh_Bhor has joined #openstack-keystone01:55
*** Dinesh_Bhor has quit IRC02:00
*** Dinesh_Bhor has joined #openstack-keystone02:03
*** erus_ has quit IRC02:24
*** lbragstad has joined #openstack-keystone02:33
*** ChanServ sets mode: +o lbragstad02:33
*** Dinesh_Bhor has quit IRC03:04
*** Dinesh_Bhor has joined #openstack-keystone03:07
*** tkajinam_ has joined #openstack-keystone03:13
*** tkajinam has quit IRC03:16
*** vishwanathj has joined #openstack-keystone03:20
*** awalende has joined #openstack-keystone03:41
*** awalende has quit IRC03:45
*** Dinesh_Bhor has quit IRC03:58
*** imacdonn_ has quit IRC04:12
*** ileixe has quit IRC04:22
*** whoami-rajat has joined #openstack-keystone04:35
*** ileixe has joined #openstack-keystone04:55
*** tkajinam_ is now known as tkajinam04:57
*** Dinesh_Bhor has joined #openstack-keystone04:58
*** shyamb has joined #openstack-keystone05:00
openstackgerritSergey Vilgelm proposed openstack/keystone master: Fix list projects for user  https://review.openstack.org/63256505:02
*** shyamb has quit IRC05:09
openstackgerritSergey Vilgelm proposed openstack/keystone master: Fix list projects for user  https://review.openstack.org/63256505:16
*** shyamb has joined #openstack-keystone05:19
*** dave-mccowan has quit IRC05:22
*** spsurya has joined #openstack-keystone06:08
*** shyamb has quit IRC06:19
openstackgerritJuan Antonio Osorio Robles proposed openstack/python-keystoneclient master: Make default interface 'internal' instead of 'admin'  https://review.openstack.org/63252006:40
*** shyamb has joined #openstack-keystone06:50
*** aojea has joined #openstack-keystone07:03
*** lbragstad has quit IRC07:06
openstackgerritJuan Antonio Osorio Robles proposed openstack/python-keystoneclient master: Make default interface 'internal' instead of 'admin'  https://review.openstack.org/63252007:10
openstackgerritMerged openstack/keystone master: bump Keystone version for Stein  https://review.openstack.org/63136907:14
openstackgerritwangxiyuan proposed openstack/keystone master: Ensure change is addressed for unified limit table  https://review.openstack.org/62149707:24
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain_id column for limit  https://review.openstack.org/62020207:24
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain level limit support - Manager  https://review.openstack.org/62146807:24
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain level limit support - API  https://review.openstack.org/62277307:24
openstackgerritwangxiyuan proposed openstack/keystone master: Add domain level support for strict-two-level-model  https://review.openstack.org/62315307:24
openstackgerritwangxiyuan proposed openstack/keystone master: Update project depth check  https://review.openstack.org/62398407:24
openstackgerritwangxiyuan proposed openstack/keystone master: Release note for domain level limit  https://review.openstack.org/62401907:24
openstackgerritwangxiyuan proposed openstack/keystone master: [api-ref] add domain level limit support  https://review.openstack.org/62456207:24
*** vishwanathj has quit IRC07:28
*** aojea has quit IRC07:28
*** aojea has joined #openstack-keystone07:29
*** aojea has quit IRC07:31
*** shyamb has quit IRC07:53
openstackgerritJuan Antonio Osorio Robles proposed openstack/python-keystoneclient master: Make default interface 'internal' instead of 'admin'  https://review.openstack.org/63252008:00
*** awalende has joined #openstack-keystone08:00
*** rcernin has quit IRC08:04
*** tkajinam has quit IRC08:10
*** Dinesh_Bhor has quit IRC08:31
*** Dinesh_Bhor has joined #openstack-keystone08:34
*** markvoelker has joined #openstack-keystone08:47
*** markvoelker has quit IRC08:53
*** xek_ has joined #openstack-keystone08:54
*** shyamb has joined #openstack-keystone09:03
*** jaosorior has quit IRC09:05
*** jaosorior has joined #openstack-keystone09:08
*** awalende has quit IRC09:26
*** awalende has joined #openstack-keystone09:29
*** awalende has quit IRC09:33
*** awalende has joined #openstack-keystone09:35
*** shyamb has quit IRC09:36
*** shyamb has joined #openstack-keystone09:37
*** markvoelker has joined #openstack-keystone09:49
*** awalende has quit IRC09:54
*** awalende has joined #openstack-keystone09:55
*** awalende has quit IRC09:57
*** awalende has joined #openstack-keystone09:57
*** awalende has quit IRC10:00
*** awalende has joined #openstack-keystone10:01
*** awalende has quit IRC10:06
*** Dinesh_Bhor has quit IRC10:15
*** shyamb has quit IRC10:16
*** shyamb has joined #openstack-keystone10:19
*** Dinesh_Bhor has joined #openstack-keystone10:20
*** Dinesh_Bhor has quit IRC10:21
*** markvoelker has quit IRC10:22
*** awalende has joined #openstack-keystone10:23
*** awalende has quit IRC10:27
*** awalende has joined #openstack-keystone10:27
*** awalende_ has joined #openstack-keystone10:29
*** shyamb has quit IRC10:32
*** awalende has quit IRC10:32
*** pcaruana has joined #openstack-keystone10:37
*** andreaf has quit IRC10:54
*** andreaf has joined #openstack-keystone10:56
*** ileixe has quit IRC10:59
*** shyamb has joined #openstack-keystone11:10
*** yan0s has joined #openstack-keystone11:15
*** markvoelker has joined #openstack-keystone11:20
*** Dinesh_Bhor has joined #openstack-keystone11:35
*** Dinesh_Bhor has quit IRC11:40
*** markvoelker has quit IRC11:52
openstackgerritMerged openstack/keystone master: Add region protection tests for system readers  https://review.openstack.org/61908512:10
openstackgerritMerged openstack/keystone master: Fix wrong urls  https://review.openstack.org/63177912:10
*** erus_ has joined #openstack-keystone12:37
*** shyam89 has joined #openstack-keystone12:41
*** shyamb has quit IRC12:45
*** markvoelker has joined #openstack-keystone12:49
*** erus_ has quit IRC12:49
*** erus_ has joined #openstack-keystone12:50
*** shyamb has joined #openstack-keystone13:00
*** shyam89 has quit IRC13:02
*** shyamb has quit IRC13:20
*** erus_ has quit IRC13:20
*** erus_ has joined #openstack-keystone13:21
*** markvoelker has quit IRC13:22
*** markvoelker has joined #openstack-keystone13:23
*** markvoelker has quit IRC13:30
knikollao/13:35
erus_\o13:42
*** dave-mccowan has joined #openstack-keystone13:43
cmurphyo/13:56
*** lbragstad has joined #openstack-keystone14:19
*** ChanServ sets mode: +o lbragstad14:19
*** xek_ is now known as xek14:58
*** efried has quit IRC15:08
*** aojea_ has joined #openstack-keystone15:12
*** dklyle has joined #openstack-keystone15:17
*** awalende_ has quit IRC15:25
*** awalende has joined #openstack-keystone15:25
*** awalende has quit IRC15:30
*** efried has joined #openstack-keystone15:30
*** aojea_ has quit IRC15:31
*** mchlumsky has joined #openstack-keystone15:37
*** mchlumsky has quit IRC15:41
*** mchlumsky has joined #openstack-keystone15:42
jaosoriorayoung: regarding https://review.openstack.org/#/c/632520/ . the other option is to use the public endpoint.15:45
jaosoriorwhat do you think?15:45
ayoungjaosorior, why does it matter?  We should publish all three endpoints pointing at the same URL and not break anyone15:46
*** efried has left #openstack-keystone15:47
*** erus_ has quit IRC15:47
jaosoriorI'm still dubious about doing that. I'm pretty sure that's gonna break folks. That's why I'm trying to do this in a phased manner15:47
*** erus_ has joined #openstack-keystone15:47
ayoungjaosorior, break TripleO?15:48
jaosoriorno, but folks integrating with it15:49
jaosoriorlike NFVis (pretty sure I've seen some instances of hardcoded 35357)15:49
ayoungSucks to be them15:51
ayoungThey are not getting that out of the service catalog anyway, so if they do that, there is nothing we can do about it\15:51
ayoungand we can claim we've told people not to do that for years now15:52
*** jmlowe has joined #openstack-keystone15:59
*** erus_ has quit IRC15:59
openstackgerritMerged openstack/keystone master: Allow project users to retrieve domains  https://review.openstack.org/60587115:59
*** jmlowe has quit IRC16:00
*** erus_ has joined #openstack-keystone16:00
*** dklyle has quit IRC16:02
*** jmlowe has joined #openstack-keystone16:06
*** erus_ has quit IRC16:06
*** erus_ has joined #openstack-keystone16:06
*** gyee has joined #openstack-keystone16:23
*** dklyle has joined #openstack-keystone16:24
*** erus_ has quit IRC16:24
*** erus_ has joined #openstack-keystone16:25
*** ayoung has quit IRC16:38
*** dklyle has quit IRC16:55
*** erus_ has quit IRC16:55
*** dklyle has joined #openstack-keystone16:56
*** erus_ has joined #openstack-keystone16:56
*** dklyle has quit IRC17:01
*** dklyle has joined #openstack-keystone17:01
*** dklyle has quit IRC17:13
kmallocjaosorior: i contradict ayoung saying "it sucks to be them". realisistically we need to communicate to those folks "hard coded ports / urls are not the correct way to do it... here is the correct fix"17:16
kmallocjaosorior: but... we are moving towards port 80/443 in general. downstream (e.g. triple-o and things based on triple-o) should likewise push hard to not use the high-ports.17:16
lbragstadwe do have some documentation around this - specifically for external developers, but it might be applicable elsewhere, too17:19
lbragstadhttps://docs.openstack.org/keystone/latest/contributor/service-catalog.html17:19
openstackgerritMorgan Fainberg proposed openstack/keystone-specs master: Renewable Application Credentials  https://review.openstack.org/60420117:22
kmalloccmurphy: ^ corrected the nits and i agree, lgtm17:22
kmalloccmurphy: +2 on the spec.17:22
kmallocknikolla: ^17:23
kmalloclbragstad: ^17:23
*** awalende has joined #openstack-keystone17:26
*** awalende has quit IRC17:31
lbragstadcool17:39
lbragstadcmurphy did you follow these steps verbatim https://docs.openstack.org/keystone/latest/admin/configure_tokenless_x509.html#create-an-identity-provider-idp ?17:39
lbragstadspecifically to hash the id for the identity provider?17:39
*** dklyle has joined #openstack-keystone17:39
lbragstadi've created the private key, csr, and used them to create a certificate17:40
lbragstadi went through the steps to hash the id for the identity provider17:40
lbragstadbut when i make the request to keystone, i get an HTTP 404 saying the identity provider can't be found (so i feel like i hashed something wrong)17:41
lbragstadtrace back - https://pasted.tech/pastes/b7ca33afa541c2a5808e0cdc4fd38bc46b0c79a4.raw17:41
lbragstadcode i'm using to hash the id - https://gist.github.com/lbragstad/5338e8bfdcc1158ceaedffd4036e671e17:42
lbragstadresulting hash - https://pasted.tech/pastes/db251e70dc4af45f3a085b9f9f589bd1251993e8.raw17:43
lbragstadfwiw - i wrote that script based on the format in the docs17:44
lbragstad(e.g., no spaces and using a specific ordering)17:44
*** dklyle has quit IRC17:48
*** yan0s has quit IRC17:51
*** jmlowe has quit IRC17:58
*** jmlowe has joined #openstack-keystone18:00
lbragstadbah - nevermind...18:10
lbragstadkeystone is hashing CONF.tokenless_auth.trusted_issuer18:11
lbragstadi'm not sure if that's clear from the documentation though18:11
* lbragstad steps away for a minute18:13
*** dklyle has joined #openstack-keystone18:24
*** aojea has joined #openstack-keystone18:27
*** aojea has quit IRC18:29
*** dklyle has quit IRC18:29
*** aojea has joined #openstack-keystone18:30
cmurphylbragstad: i created the hash using the devstack root ca not the client cert info18:33
*** erus_ has quit IRC18:33
*** erus_ has joined #openstack-keystone18:34
cmurphyoh yeah trusted_issuer also needed18:34
cmurphydocs are super confusing on this18:34
*** dklyle has joined #openstack-keystone18:48
jrosserkmalloc: before Christmas we chatted about radosgw s3 auth caching, here is our PR against ceph to implement that https://github.com/ceph/ceph/pull/2609518:52
*** erus_ has quit IRC18:52
*** erus_ has joined #openstack-keystone18:53
jrosserkmalloc: thanks for the pointer to the swift s3 midddleware, that was really helpful figuring this out18:53
*** dklyle has quit IRC18:54
*** mugsie has quit IRC18:55
*** mugsie has joined #openstack-keystone18:57
lbragstadcmurphy very...19:12
lbragstadi kinda wanted to not read the code so that i could get a real perspective on how operators would interpret all this19:12
lbragstadbut i eventually had to crack the lid19:13
kmallocjrosser: :) cool!19:17
kmallocjrosser: glad it helped!19:17
lbragstadcmurphy also - the way the docs are written make it seem like trust_issuer should be every user in the deployment?19:25
lbragstadgyee's name is on the spec, too19:26
lbragstadi wonder if he knows19:26
gyeelbragstad, trusted issuer is per IdP19:41
lbragstadok - so you setup on one trusted issuer based on some CA19:42
lbragstadbecause you trust the CA19:42
gyeecorrect19:42
lbragstadok19:42
lbragstadcool19:42
lbragstadi was reading the examples and it looked like it was per user19:42
lbragstadwhich blew my mind19:42
gyeeCA = trusted issuer = IdP19:43
lbragstadgot it - that's what i was hoping for19:43
lbragstadbut looking at "trusted_issuer = emailAddress=john@openstack.com,CN=john,OU=keystone,O=openstack,L=Sunnyvale,ST=California,C=US" in the docs19:43
lbragstadhttps://docs.openstack.org/keystone/latest/admin/configure_tokenless_x509.html#create-an-identity-provider-idp19:43
lbragstadi got confused19:43
lbragstadbecause that also appears to be the subject of a certificate19:44
lbragstadin those examples19:44
gyeeI had the whole thing setup in a vagrant VM awhile back, let me see if I can update it and push it to github or something19:44
gyeepretty sure its outdated19:44
lbragstadi wouldn't be opposed to breaking that doc up a bit19:45
lbragstadsome of it is related to how administrators should configure this19:45
lbragstadand other bits would be useful in the user guide19:45
gyeeoh yeah, I see what you're saying19:45
gyeeI think that example is bad19:45
lbragstad(e.g., you have a private key given to you from a trust issuers, how do you use it)19:45
lbragstadtrusted*19:45
gyeewe need to update the doc with a more intuitive example19:45
lbragstad++19:45
gyeelet me do that19:46
lbragstadi'm going to open a bug, too19:46
gyeeassign it to me :-)19:46
gyeeI'll take care of it19:46
*** xek has quit IRC19:50
*** dklyle has joined #openstack-keystone19:50
*** xek has joined #openstack-keystone19:50
lbragstadgyee just opened it - https://bugs.launchpad.net/keystone/+bug/181305719:51
openstackLaunchpad bug 1813057 in OpenStack Identity (keystone) "The tokenless authentication documentation is opaque" [Medium,Triaged]19:51
lbragstadit's a little sparse, but i include a couple things that would be useful to address with it19:52
lbragstadthanks gyee !19:52
*** dklyle has quit IRC19:53
gyeelbragstad, got it19:54
*** spsurya has quit IRC19:55
*** aojea has quit IRC20:03
*** aojea has joined #openstack-keystone20:04
*** dklyle has joined #openstack-keystone20:20
*** dklyle has quit IRC20:29
*** jmlowe has quit IRC20:31
*** jmlowe has joined #openstack-keystone20:34
*** dklyle has joined #openstack-keystone20:49
lbragstadgyee i'm not sure if there are better ways to do this with ssl but this what i have scripted20:58
lbragstadhttps://gist.github.com/lbragstad/5338e8bfdcc1158ceaedffd4036e671e20:58
lbragstadone is for figuring out the hash and the other is for re-ordering the issuer's dn so that you can put it into config20:59
lbragstadwhen you use openssl to verify a certificate, you get the issuer information, but when it comes through keystone via mod_ssl (i assume?) it appears to be in a different order21:00
*** dklyle has quit IRC21:10
*** timothyb89 has joined #openstack-keystone21:12
*** awalende has joined #openstack-keystone21:22
*** dklyle has joined #openstack-keystone21:22
*** awalende has quit IRC21:26
*** aojea_ has joined #openstack-keystone21:27
*** aojea has quit IRC21:28
*** dklyle has quit IRC21:28
lbragstadgyee also - i'm not sure i can get a scoped token using tokenless auth?21:32
*** erus_ has quit IRC21:32
lbragstadi can authenticate - but only for unscoped tokens, regardless of what i put in the X-Project-Id header21:32
*** erus_ has joined #openstack-keystone21:33
lbragstadfor example https://pasted.tech/pastes/be93bfd4b23e1f7bfd2fac96d4c7f078cd8ac5a5.raw21:34
*** xek has quit IRC21:35
gyeelbragstad, you should be able to get a scoped token21:35
lbragstadrole assignments https://pasted.tech/pastes/86fb28c62daad36b1fdd77eabdbc02d3363d0e3e.raw21:36
lbragstadafaict john has a role assignment on the demo project21:36
*** gagehugo has quit IRC21:38
*** erus_ has quit IRC21:38
gyeesorry I mean it follows the federation spec21:38
gyeeif mapping allows scoped token, the it should work21:39
*** erus_ has joined #openstack-keystone21:39
lbragstadoh - so tokenless authentication doesn't honor direct role assignments?21:40
gyeethough I haven't tested it lately so its possible that something is broken21:40
gyeeif mapping allows it, then in theory it should work21:40
lbragstadfwiw - this is what i'm using for a mapping https://pasted.tech/pastes/9ffb6d16e6eeb6913614d85583bbd08574108e1c.raw21:41
gyeeits basically whenever token that the mapping yield21:41
gyeethat's mapping for an unscoped token21:41
lbragstadah21:42
gyeecan you trying adding group or project mapping to see if it works?21:42
lbragstadyep21:42
lbragstadlemme try that quick21:42
*** dklyle has joined #openstack-keystone21:42
*** whoami-rajat has quit IRC21:45
*** erus_ has quit IRC21:45
*** erus_ has joined #openstack-keystone21:45
lbragstadstrange21:48
gyeelbragstad, so there are two separate things with x.509 certs. 1) certificate authenticate (i.e. cert for token); and 2) tokenless (cert directly authorized to perform keystone operations)21:49
lbragstadthe keystone logs appear to be building role assignments21:49
lbragstadright now - i'm trying to do #121:49
gyeewhat you are testing is the former21:49
gyeeright, so that's strictly federation21:50
gyeeso if mapping allows it, then it should yield a federated token21:50
*** dklyle has quit IRC22:01
*** rcernin has joined #openstack-keystone22:03
*** gagehugo has joined #openstack-keystone22:09
lbragstadgyee trying again with the autoprovisioned mapping stuff22:16
*** erus_ has quit IRC22:16
lbragstadthe mapping validation keeps failing with the examples we have in docs, we should probably fix that, too22:16
*** erus_ has joined #openstack-keystone22:17
gyeeyeah I figure, things has changed quite a bit since I last touched that feature22:18
gyeeI'll spend some quality time on it22:18
lbragstadhttps://etherpad.openstack.org/p/keystone-tokenless-auth-documentation-overhaul22:21
lbragstadTrying to take some notes here22:21
*** jmlowe has quit IRC22:21
*** jmlowe has joined #openstack-keystone22:24
gyeelbragstad, slides from the talk back in the days https://docs.google.com/presentation/d/1cBgiKb0ZgdKaBRfj77N7vEu4OwSma0FK57nKg4u5D-k/edit#slide=id.p1122:24
lbragstadoh - sweet22:25
gyeethat's basically answers the why and how22:25
*** dave-mccowan has quit IRC22:25
lbragstadslide 8 is helpful22:26
lbragstader - slide 522:27
gyeeI want to update those slides and give another talk in Denver but haven't managed to find the time22:29
*** erus_ has quit IRC22:29
*** erus_ has joined #openstack-keystone22:29
lbragstadjames would have found this useful22:30
rodrigodsjust submitted a couple of talks to the summit22:37
rodrigodshopefully i will be there :fingers_crossed: (too much slack these days)22:37
gyeethat's your golden ticket :-)22:39
rodrigodslol22:40
*** tkajinam has joined #openstack-keystone22:59
*** mchlumsky has quit IRC23:04
*** aojea_ has quit IRC23:13
lbragstadgyee if a users authenticates with x509 certs and uses their private key for ssl23:15
lbragstadwould it be possible for them to sign their requests with the same private key?23:15
gyeesure, if the key usage allows them to23:17
lbragstadso23:18
lbragstadlet me know if i'm talking crazy here23:18
lbragstadbut - if that's the case, could users authenticate for tokens with their x509 certificate, then issue signed requests to any openstack service to get around the bearer token problem?23:19
*** erus_ has quit IRC23:19
gyeein theory, yes23:19
*** erus_ has joined #openstack-keystone23:19
*** jmlowe has quit IRC23:19
lbragstadhuh... sweet23:19
gyeein fact, I remember at one point, we were talking about that design23:20
gyeewhere Keystone doesn't have to issue tokens, just store the authorization templates23:20
lbragstadwhat would be an example of an authorization template?23:20
gyeemapping23:21
lbragstadoh - got it23:21
gyeeservice just fetch the mapping from keystone and mapping the cert to auth context23:21
lbragstadright23:21
lbragstadeven if you did still have to deal with tokens23:22
lbragstadif requests are signed and a bad actor tries to reuse your token, the signature isn't going to match23:22
gyeeexactly, you could just sign the token with the private key for the extra protection23:23
lbragstadoh, interesting...23:24
lbragstadi suppose you could do it both ways23:24
lbragstadeither 1.) sign the entire request or 2.) just sign the token23:24
lbragstadif OpenStack-Token-Signature is populated, then you'd have to find the users public key to validate the token with it in middleware somehow23:25
*** erus_ has quit IRC23:25
gyeesigning the entire request is a bit tough, depending on the API23:26
*** erus_ has joined #openstack-keystone23:26
gyeeyou'll need to figure out how to assemble the content for signing, like canonicalize the data23:27
lbragstadyeah - i suppose it'll have to be serialized the same on both sides23:28
gyeeexactly23:28
lbragstadyou'd still have to find a way to get a user's public key in middleware23:29
gyeepublic key is with the cert23:31
*** vishakha has quit IRC23:31
lbragstadin keystonemiddleware?23:31
gyeethat you can either store in Keystone or LDAP23:31
lbragstade.g., if we wanted to verify the token signature + token presented to nova in keystonemiddleware23:32
gyeewith two way SSL, the cert is sent to the peer23:32
lbragstadahhh23:33
*** dklyle has joined #openstack-keystone23:34
gyeehttps://httpd.apache.org/docs/2.4/mod/mod_ssl.html23:36
gyeewith Apache mod_ssl, for example, you can find it in SSL_CENT_CERT env var23:36
lbragstadnice23:38
*** dklyle has quit IRC23:40
gyeeI was going to do a prototype with FreeIPA, end to end, but that project got scraped23:41
gyeemaybe its time to restart that thing again :-)23:42
lbragstad:)23:43
lbragstadit would be cool to see23:44
*** dklyle has joined #openstack-keystone23:54
« Tuesday, 2019-01-22 Index Thursday, 2019-01-24 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!