Tuesday, 2019-03-05

« Monday, 2019-03-04 Index Wednesday, 2019-03-06 »
*** itlinux has joined #openstack-keystone00:09
*** itlinux_ has joined #openstack-keystone00:13
*** itlinux has quit IRC00:15
*** erus has quit IRC00:22
*** erus has joined #openstack-keystone00:23
*** lbragstad has quit IRC00:26
*** erus has quit IRC00:41
*** erus has joined #openstack-keystone00:42
*** markvoelker has joined #openstack-keystone00:48
*** wxy-xiyuan has joined #openstack-keystone00:53
*** ileixe has joined #openstack-keystone01:00
*** erus has quit IRC01:00
*** erus has joined #openstack-keystone01:00
gagehugokmalloc: done01:03
*** markvoelker has quit IRC01:22
*** ileixe has quit IRC01:40
*** dave-mccowan has joined #openstack-keystone01:47
*** dmellado has quit IRC01:50
*** ileixe has joined #openstack-keystone01:51
*** ileixe has quit IRC01:52
*** ileixe has joined #openstack-keystone01:53
*** jamesmcarthur has joined #openstack-keystone01:55
*** erus has quit IRC01:55
*** erus has joined #openstack-keystone01:56
*** whoami-rajat has joined #openstack-keystone02:02
*** jamesmcarthur has quit IRC02:04
*** jamesmcarthur has joined #openstack-keystone02:06
*** jamesmcarthur has quit IRC02:10
*** markvoelker has joined #openstack-keystone02:19
*** jamesmcarthur has joined #openstack-keystone02:37
*** markvoelker has quit IRC02:51
*** jamesmcarthur has quit IRC02:51
*** jamesmcarthur has joined #openstack-keystone02:54
*** dmellado has joined #openstack-keystone02:55
openstackgerritMerged openstack/keystone master: Switch federation check jobs to opensuse  https://review.openstack.org/64072403:00
*** itlinux_ has quit IRC03:06
*** jamesmcarthur has quit IRC03:10
*** jamesmcarthur has joined #openstack-keystone03:10
*** itlinux has joined #openstack-keystone03:12
*** erus has quit IRC03:12
*** erus has joined #openstack-keystone03:12
*** itlinux has quit IRC03:21
*** itlinux has joined #openstack-keystone03:25
*** dave-mccowan has quit IRC03:42
*** markvoelker has joined #openstack-keystone03:48
*** gyee has quit IRC03:54
*** jamesmcarthur has quit IRC03:57
*** vishakha has joined #openstack-keystone04:02
*** erus has quit IRC04:08
*** erus has joined #openstack-keystone04:08
*** markvoelker has quit IRC04:22
*** jamesmcarthur has joined #openstack-keystone04:35
*** jamesmcarthur has quit IRC04:44
*** jamesmcarthur has joined #openstack-keystone04:48
*** jamesmcarthur has quit IRC04:52
*** jamesmcarthur has joined #openstack-keystone05:00
*** shyamb has joined #openstack-keystone05:11
*** shyamb has quit IRC05:18
*** shyamb has joined #openstack-keystone05:18
*** markvoelker has joined #openstack-keystone05:19
openstackgerritVishakha Agarwal proposed openstack/keystone master: Drop py35 jobs  https://review.openstack.org/63990905:27
*** jamesmcarthur has quit IRC05:35
openstackgerritVishakha Agarwal proposed openstack/oslo.limit master: Drop py35 jobs  https://review.openstack.org/63991705:43
*** jhesketh has quit IRC05:47
*** jhesketh has joined #openstack-keystone05:48
*** markvoelker has quit IRC05:51
*** pcaruana has joined #openstack-keystone05:52
*** shyamb has quit IRC05:59
*** jamesmcarthur has joined #openstack-keystone06:03
*** shyamb has joined #openstack-keystone06:03
*** pcaruana has quit IRC06:07
*** jamesmcarthur has quit IRC06:09
*** dims has quit IRC06:24
*** dims has joined #openstack-keystone06:26
*** itlinux has quit IRC06:34
*** dims has quit IRC06:36
*** dims has joined #openstack-keystone06:37
*** jamesmcarthur has joined #openstack-keystone06:40
*** jamesmcarthur has quit IRC06:44
*** markvoelker has joined #openstack-keystone06:48
*** jamesmcarthur has joined #openstack-keystone06:56
*** erus has quit IRC06:56
*** erus has joined #openstack-keystone06:57
*** shyamb has quit IRC07:00
*** jamesmcarthur has quit IRC07:01
*** shyamb has joined #openstack-keystone07:05
*** markvoelker has quit IRC07:22
*** shyamb has quit IRC07:30
*** shyamb has joined #openstack-keystone07:43
openstackgerritVishakha Agarwal proposed openstack/keystone master: Implement domain reader for role_assignments  https://review.openstack.org/63858707:46
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add role assignment test coverage for domain members  https://review.openstack.org/63859307:46
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add role assignment test coverage for domain admins  https://review.openstack.org/63859707:46
openstackgerritVishakha Agarwal proposed openstack/keystone master: Add role assignment testing for project users  https://review.openstack.org/63971807:46
openstackgerritVishakha Agarwal proposed openstack/keystone master: Remove assignment policies from policy.v3cloudsample.json  https://review.openstack.org/64094307:46
*** shyamb has quit IRC08:07
*** shyamb has joined #openstack-keystone08:08
*** awalende has joined #openstack-keystone08:16
*** erus has quit IRC08:16
*** erus has joined #openstack-keystone08:16
*** markvoelker has joined #openstack-keystone08:18
*** pcaruana has joined #openstack-keystone08:18
*** tkajinam has quit IRC08:22
*** erus has quit IRC08:22
*** erus has joined #openstack-keystone08:23
*** shyamb has quit IRC08:24
*** shyamb has joined #openstack-keystone08:24
*** pcaruana has quit IRC08:25
*** shyamb has quit IRC08:31
*** pcaruana has joined #openstack-keystone08:37
openstackgerritColleen Murphy proposed openstack/python-keystoneclient master: [DNM] check if unit tests are working  https://review.openstack.org/64095308:41
*** pcaruana has quit IRC08:44
*** markvoelker has quit IRC08:51
*** shyamb has joined #openstack-keystone09:01
*** pcaruana has joined #openstack-keystone09:01
openstackgerritColleen Murphy proposed openstack/keystoneauth master: Fix rate semaphore for keystoneclient  https://review.openstack.org/64095709:02
cmurphymordred: kmalloc ^ keystoneauth broke keystoneclient09:02
*** erus has quit IRC09:09
*** erus has joined #openstack-keystone09:10
*** erus has quit IRC09:16
*** erus has joined #openstack-keystone09:16
*** erus has quit IRC09:37
*** erus has joined #openstack-keystone09:38
*** shyamb has quit IRC09:40
*** shyamb has joined #openstack-keystone09:42
*** erus has quit IRC09:44
*** erus has joined #openstack-keystone09:45
*** markvoelker has joined #openstack-keystone09:48
*** shyamb has quit IRC09:52
*** shyamb has joined #openstack-keystone09:59
mordredcmurphy: we haven't gotten rid of keystoneclient yet?10:03
cmurphymordred: nope10:04
mordredcmurphy: well then I guess breaking it is bad10:04
cmurphykinda10:04
*** markvoelker has quit IRC10:22
*** shyamb has quit IRC10:22
*** shyamb has joined #openstack-keystone10:54
*** markvoelker has joined #openstack-keystone11:19
*** erus has quit IRC11:40
*** erus has joined #openstack-keystone11:41
*** markvoelker has quit IRC11:51
*** shyamb has quit IRC11:59
*** awalende has quit IRC12:15
*** awalende has joined #openstack-keystone12:16
*** dave-mccowan has joined #openstack-keystone12:20
*** xek has joined #openstack-keystone12:27
*** erus has quit IRC12:30
*** shyamb has joined #openstack-keystone12:31
*** erus has joined #openstack-keystone12:31
kmalloc+312:36
*** markvoelker has joined #openstack-keystone12:49
*** erus has quit IRC12:56
*** erus has joined #openstack-keystone12:57
*** mchlumsky has joined #openstack-keystone13:01
*** jamesmcarthur has joined #openstack-keystone13:18
*** markvoelker has quit IRC13:21
*** erus has quit IRC13:21
*** erus has joined #openstack-keystone13:21
*** vishakha has quit IRC13:25
*** shyamb has quit IRC13:27
*** erus has quit IRC13:27
*** shyamb has joined #openstack-keystone13:27
*** erus has joined #openstack-keystone13:28
*** jamesmcarthur has quit IRC13:31
*** raildo has joined #openstack-keystone13:43
*** jamesmcarthur has joined #openstack-keystone13:46
*** mchlumsky has quit IRC13:51
*** mchlumsky has joined #openstack-keystone13:53
*** vishakha has joined #openstack-keystone13:54
*** erus has quit IRC13:54
*** erus has joined #openstack-keystone13:55
*** erus has quit IRC14:01
*** erus has joined #openstack-keystone14:01
*** lbragstad has joined #openstack-keystone14:06
*** ChanServ sets mode: +o lbragstad14:06
*** jamesmcarthur has quit IRC14:06
*** dklyle has joined #openstack-keystone14:13
*** erus has quit IRC14:13
*** erus has joined #openstack-keystone14:14
HD|Laptophey all14:14
HD|LaptopI have an existing keystone installation with everything being in the default domain and that's it14:15
HD|Laptophow do I best go in integrating LDAP/AD authentication for my colleagues?14:15
HD|LaptopBest would be if projects and permissions on projects could be automatically managed via LDAP groups14:15
lbragstadHD|Laptop we have a couple of sections of the admin guide that might help14:16
lbragstadhttps://docs.openstack.org/keystone/latest/admin/configuration.html#integrate-identity-with-ldap14:17
lbragstadwhich describes the process of setting up ldap14:17
lbragstadand https://docs.openstack.org/keystone/latest/admin/configuration.html#domain-specific-configuration14:17
lbragstadwhich describes how you can back a specific keystone domain to something like an LDAP server14:17
*** markvoelker has joined #openstack-keystone14:18
openstackgerritMerged openstack/keystoneauth master: Fix rate semaphore for keystoneclient  https://review.openstack.org/64095714:20
*** erus has quit IRC14:20
*** erus has joined #openstack-keystone14:20
*** shyamb has quit IRC14:22
*** shyamb has joined #openstack-keystone14:22
HD|Laptopok, let me try this once I have all my compute nodes up14:23
HD|Laptopthanks :)14:24
cmurphylbragstad: can you ack https://review.openstack.org/64102414:42
lbragstadeek14:46
lbragstadcmurphy done14:46
lbragstadHD|Laptop yup14:46
lbragstadcmurphy thanks for keeping the library releases under control14:47
*** raildo has quit IRC14:49
*** markvoelker has quit IRC14:52
*** pcaruana has quit IRC14:57
*** awalende has quit IRC14:59
*** awalende has joined #openstack-keystone15:00
*** shyamb has quit IRC15:01
*** shyamb has joined #openstack-keystone15:02
*** awalende has quit IRC15:04
*** openstackgerrit has quit IRC15:28
cmurphymight be a few minutes late to the meeting15:29
* lbragstad nods15:32
*** erus has quit IRC15:33
knikollao/15:34
*** erus has joined #openstack-keystone15:34
gagehugoo/15:37
*** jamesmcarthur has joined #openstack-keystone15:37
hrybackio/15:37
*** openstackgerrit has joined #openstack-keystone15:40
openstackgerritLance Bragstad proposed openstack/keystone master: Allow domain users to access the limit API  https://review.openstack.org/62102315:40
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with limits  https://review.openstack.org/62102415:40
openstackgerritLance Bragstad proposed openstack/keystone master: Remove limit policies from policy.v3cloudsample.json  https://review.openstack.org/62102515:40
lbragstadfwiw - i ended up reworking a bunch of https://review.openstack.org/#/c/621023/ to increase test coverage15:41
lbragstadit's a bit more involved than what i was expecting, but curious what feedback people have15:41
lbragstad(landing domain limit support required some reworking of the policies that protect that API)15:42
*** pcaruana has joined #openstack-keystone15:42
*** markvoelker has joined #openstack-keystone15:48
*** shyamb has quit IRC15:50
*** xek has quit IRC15:59
*** xek has joined #openstack-keystone15:59
*** erus has quit IRC16:07
*** erus has joined #openstack-keystone16:08
*** erus has quit IRC16:20
*** erus has joined #openstack-keystone16:20
*** markvoelker has quit IRC16:22
*** imacdonn has quit IRC16:35
*** imacdonn has joined #openstack-keystone16:36
*** erus has quit IRC16:40
*** erus has joined #openstack-keystone16:41
*** ayoung has quit IRC16:56
*** erus has quit IRC16:56
*** erus has joined #openstack-keystone16:57
openstackgerritMerged openstack/keystone-specs master: Update app cred capabilities spec  https://review.openstack.org/63918216:57
*** jamesmcarthur has quit IRC16:57
cmurphylbragstad: i can submit forum session for app creds, do you want to submit the one on roles/scope and/or the one for limits?16:58
lbragstadsure16:58
lbragstadit looks like we have 5 up for proposal16:58
lbragstadi need to sync up with ildikov16:59
cmurphyi'm not sure what you have in mind for the edge one16:59
lbragstadyeah - me either, tbh16:59
cmurphyi can submit the operator feedback one if you want16:59
* lbragstad takes notes16:59
ildikovo/16:59
lbragstadildikov do you have a forum session set aside for any keystone-related topics?17:00
* lbragstad isn't implying a requirement17:01
ildikovYou mean Keystone and edge topics?17:01
lbragstadcorrect17:01
ildikovHaven't checked the etherpad this week yet17:02
lbragstadi'm curious if you did have a need for a slot for those topics, since they've been occurring regularly during our meetups17:02
ildikovLast week we didn't have any specific proposals17:02
lbragstadif not - that's just fine, but if you did i didn't want to submit a duplicate proposal17:02
ildikovWe for sure planned to get together at the PTG17:03
lbragstadcool - then maybe that will suffice17:03
ildikovBut kept the Forum session ideas a bit more high level than that17:03
lbragstadsounds like we're in agreement that a forum session is unnecessary at this point, then?17:04
ildikovBut I'm happy to have a session at the Forum too if we can phrase it in a way that's useful for users and operators17:04
ildikovIf you feel the need17:04
ildikovWe thought about sessions about Edge Group feedback and MVP architecture17:05
lbragstada lot of the keystone-related work on that front is still in the works (e.g., bug fixes for x509)17:05
ildikovWe can make Keystone items be part of either of these17:05
lbragstadif there is a more general forum session proposed - i'll try and attend17:05
ildikovAnd move deep dive technical chats to the PTG17:05
lbragstadcool17:06
lbragstadi'll hold off on a forum session then17:06
*** jamesmcarthur has joined #openstack-keystone17:06
ildikovI'll write up abstracts today or tomorrow17:07
lbragstadsounds good - let me know if you need anything for me (for the PTG or forum)17:07
lbragstadkeystone-related, that is17:07
ildikovCan point you to them and we can do a last rounds of check if we're happy with coverage17:07
lbragstadpoint to them from our planning etherpad?17:07
ildikovOn my phone now, but can drop the link in later17:08
lbragstadthat works for me17:08
ildikovI also added the planning etherpad to the Forum etherpad wiki17:08
lbragstadthanks ildikov17:08
ildikovThanks for keeping me on my toes :)17:08
lbragstadwell - i appreciate the information17:09
ildikov:)17:09
lbragstadcmurphy so - just the 4 then? (unified limits, operator feedback, application credentials, default roles + scope)17:09
*** xek_ has joined #openstack-keystone17:10
cmurphylbragstad: wfm17:10
-openstackstatus- NOTICE: Gerrit is being restarted for a configuration change, it will be briefly offline.17:10
*** xek has quit IRC17:12
*** jamesmcarthur has quit IRC17:14
*** jistr|sick is now known as jistr17:14
*** markvoelker has joined #openstack-keystone17:19
*** ileixe has quit IRC17:20
*** jamesmcarthur has joined #openstack-keystone17:27
*** itlinux has joined #openstack-keystone17:35
*** erus has quit IRC17:37
*** xek_ has quit IRC17:42
*** xek_ has joined #openstack-keystone17:42
*** markvoelker has quit IRC17:51
*** gyee has joined #openstack-keystone17:54
*** raildo has joined #openstack-keystone18:02
lbragstadcmurphy ok - i submitted my two, i'm not sure i can get a link to the public version, though?18:06
lbragstadi was going to drop them in the etherpad - but i can just wait until they, or if they, get accepted18:06
openstackgerritMerged openstack/oslo.limit master: Drop py35 jobs  https://review.openstack.org/63991718:26
*** xek_ has quit IRC18:34
*** xek has joined #openstack-keystone18:35
*** itlinux has quit IRC18:42
*** itlinux has joined #openstack-keystone18:47
*** markvoelker has joined #openstack-keystone18:48
cmurphylbragstad: done as well18:51
cmurphyi stole your abstract from the last ops feedback session18:51
lbragstadsteal away18:51
lbragstadyou couldn't find a public link to your proposals, could you?18:52
*** jamesmcarthur has quit IRC18:52
cmurphyi don't think so, the link it gives me is the link to edit it18:52
cmurphyhttps://www.openstack.org/summit/denver-2019/call-for-presentations/manage/23643/summary18:53
*** eandersson has joined #openstack-keystone18:53
cmurphywhich doesn't show anything if i'm not logged in18:55
eanderssonIs there a reason why we couldn't have the ldap function get_user_by_name fallback to the sql database?18:55
eanderssonIt's very difficult right now to handle cases where a ldap user gets removed, but they still have OpenStack resources.18:55
cmurphyeandersson: if the user doesn't exist in the ldap backend i'm not sure what other behavior you could expect, it wouldn't be correct for keystone to report the user as still existing19:02
eanderssonsure - but it breaks many services19:05
eanderssone.g. trustee are... very unhappy19:06
eanderssonand difficult to remove resources at times19:06
kmalloci would be against keystone claiming a user still existed if the authoritative source had the user removed19:06
kmallocwe could work to make cleanup APIs.19:07
kmallocbut really, if a user is removed, the user should be removed.19:07
kmallocand not reported as active19:07
eanderssonfor sure - maybe disabling users that don't existing in the auth source?19:11
eanderssonbecause the user does exist in the keystone db still19:12
openstackgerritLance Bragstad proposed openstack/keystone master: Allow domain users to access the limit API  https://review.openstack.org/62102319:14
openstackgerritLance Bragstad proposed openstack/keystone master: Add tests for project users interacting with limits  https://review.openstack.org/62102419:14
openstackgerritLance Bragstad proposed openstack/keystone master: Remove limit policies from policy.v3cloudsample.json  https://review.openstack.org/62102519:14
eanderssonWhat is the expected behavior when a regular user is removed?19:15
eanderssonIs it still in the database and shows up as disable or similar?19:15
eanderssonOr is it purged from existence like with the ldap driver19:16
cmurphywhen a regular user is removed it's removed19:17
*** jamesmcarthur has joined #openstack-keystone19:21
*** markvoelker has quit IRC19:21
*** jamesmcarthur_ has joined #openstack-keystone19:24
*** jamesmcarthur has quit IRC19:25
*** vishakha has quit IRC19:25
*** dave-mccowan has quit IRC19:55
*** itlinux has quit IRC19:56
openstackgerritMerged openstack/keystonemiddleware master: Drop py35 jobs  https://review.openstack.org/63991320:00
openstackgerritMerged openstack/keystone master: Add domain level support for strict-two-level-model  https://review.openstack.org/62315320:02
openstackgerritMerged openstack/keystone master: Update project depth check  https://review.openstack.org/62398420:02
openstackgerritMerged openstack/keystone master: Release note for domain level limit  https://review.openstack.org/62401920:02
openstackgerritMerged openstack/keystone master: [api-ref] add domain level limit support  https://review.openstack.org/62456220:02
*** xek has quit IRC20:03
*** xek has joined #openstack-keystone20:03
*** itlinux has joined #openstack-keystone20:08
*** raildo has quit IRC20:09
lbragstadwoot20:12
lbragstadnice job wxy-xiyuan ^20:12
*** itlinux has quit IRC20:15
*** markvoelker has joined #openstack-keystone20:19
*** whoami-rajat has quit IRC20:22
*** markvoelker has quit IRC20:52
*** jamesmcarthur has joined #openstack-keystone20:57
*** jamesmcarthur_ has quit IRC21:00
*** pcaruana has quit IRC21:10
openstackgerritLance Bragstad proposed openstack/keystone master: Make system members the same as system readers for credentials  https://review.openstack.org/64112821:27
*** xek has quit IRC21:46
*** markvoelker has joined #openstack-keystone21:49
lbragstadcmurphy i slipped up on ^ a while back... that must have snuck in before I was able to update the member bit to be consistent with reader21:49
*** mchlumsky has quit IRC21:50
*** markvoelker has quit IRC22:22
*** mvkr has quit IRC22:25
*** kjorg50 has joined #openstack-keystone22:34
kjorg50Not sure if this is the best place to ask, but I was wondering if anyone could give me some insight into the purpose and intended usage of the different `keystone` images? (keystone-base, keystone-ssh, keystone, keystone-fernet) Do they all need to be used together? Should you use one or the other?22:37
*** jamesmcarthur has quit IRC22:41
*** tkajinam has joined #openstack-keystone22:54
*** jamesmcarthur has joined #openstack-keystone22:57
*** jamesmcarthur has quit IRC22:58
*** jamesmcarthur has joined #openstack-keystone22:58
*** ayoung has joined #openstack-keystone23:10
*** markvoelker has joined #openstack-keystone23:19
*** jamesmcarthur has quit IRC23:37
*** jamesmcarthur has joined #openstack-keystone23:38
*** jamesmcarthur has quit IRC23:40
*** markvoelker has quit IRC23:52
« Monday, 2019-03-04 Index Wednesday, 2019-03-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!