Thursday, 2019-03-07

« Wednesday, 2019-03-06 Index Friday, 2019-03-08 »
*** gyee has quit IRC00:26
*** gyee has joined #openstack-keystone00:27
*** dave-mccowan has joined #openstack-keystone00:36
*** markvoelker has joined #openstack-keystone00:50
*** xek__ has joined #openstack-keystone00:58
*** xek_ has quit IRC01:01
*** xek_ has joined #openstack-keystone01:04
*** whoami-rajat has joined #openstack-keystone01:07
*** xek__ has quit IRC01:07
*** lbragstad has quit IRC01:09
*** gyee has quit IRC01:11
*** dave-mccowan has quit IRC01:18
*** erus has quit IRC01:18
*** erus has joined #openstack-keystone01:19
*** markvoelker has quit IRC01:22
*** rcernin has quit IRC01:31
*** rcernin has joined #openstack-keystone01:32
*** xek__ has joined #openstack-keystone01:40
*** xek_ has quit IRC01:43
*** xek_ has joined #openstack-keystone01:43
*** xek__ has quit IRC01:46
*** xek__ has joined #openstack-keystone01:47
*** xek_ has quit IRC01:50
*** xek_ has joined #openstack-keystone01:54
*** xek__ has quit IRC01:57
*** xek__ has joined #openstack-keystone01:57
*** xek_ has quit IRC02:00
*** jamesmcarthur has joined #openstack-keystone02:01
*** xek_ has joined #openstack-keystone02:02
*** xek__ has quit IRC02:04
*** jamesmcarthur has quit IRC02:08
*** jamesmcarthur has joined #openstack-keystone02:08
*** dave-mccowan has joined #openstack-keystone02:17
*** jamesmcarthur has quit IRC02:17
*** markvoelker has joined #openstack-keystone02:20
*** jamesmcarthur has joined #openstack-keystone02:24
*** jamesmcarthur has quit IRC02:38
*** markvoelker has quit IRC02:52
*** lbragstad has joined #openstack-keystone03:11
*** ChanServ sets mode: +o lbragstad03:11
lbragstadtimothyb89 nice!03:11
lbragstadthat's good news - if you haven't done so already, it would be awesome to leave those results on the review03:13
*** awalende has joined #openstack-keystone03:17
*** awalende has quit IRC03:21
*** ileixe has joined #openstack-keystone03:27
ileixeHi guys. I have a simple operational question.03:27
ileixeWe have LDAP system which is a endpoint user action started, and are using keystone for frontend for it.03:28
ileixeSo in our system, operator can delete LDAP user without notifying keystone.03:28
ileixeIs there any way to bind bi-directionally between two systems using keystone?03:29
ileixeIdeally, user action sould be started using keystone API though, reality is tough.03:30
*** shyamb has joined #openstack-keystone03:48
*** markvoelker has joined #openstack-keystone03:49
*** vishakha has joined #openstack-keystone03:50
*** dave-mccowan has quit IRC04:00
*** markvoelker has quit IRC04:22
*** aning_ has quit IRC04:26
*** bnemec has quit IRC04:26
*** kukacz has quit IRC04:26
*** cburgess has quit IRC04:26
*** gary_perkins has quit IRC04:26
*** brtknr has quit IRC04:26
*** konetzed has quit IRC04:26
*** kklimonda_ has quit IRC04:26
*** ileixe has quit IRC04:31
*** shyamb has quit IRC04:32
*** shyamb has joined #openstack-keystone04:33
*** erus has quit IRC04:39
*** erus has joined #openstack-keystone04:40
*** aning_ has joined #openstack-keystone04:53
*** bnemec has joined #openstack-keystone04:53
*** kukacz has joined #openstack-keystone04:53
*** cburgess has joined #openstack-keystone04:53
*** gary_perkins has joined #openstack-keystone04:53
*** brtknr has joined #openstack-keystone04:53
*** konetzed has joined #openstack-keystone04:53
*** kklimonda_ has joined #openstack-keystone04:53
*** rcernin has quit IRC04:56
*** ileixe has joined #openstack-keystone04:59
*** rcernin has joined #openstack-keystone05:02
*** markvoelker has joined #openstack-keystone05:19
*** lbragstad has quit IRC05:33
*** markvoelker has quit IRC05:53
*** erus has quit IRC05:53
*** jhesketh has quit IRC05:53
*** erus has joined #openstack-keystone05:53
*** jhesketh has joined #openstack-keystone05:54
*** shyamb has quit IRC05:56
*** shyamb has joined #openstack-keystone06:12
*** erus has quit IRC06:48
*** erus has joined #openstack-keystone06:49
*** markvoelker has joined #openstack-keystone06:50
*** shyamb has quit IRC06:57
*** phasespace has quit IRC07:00
*** markvoelker has quit IRC07:22
*** pcaruana has joined #openstack-keystone07:25
*** erus has quit IRC07:25
*** erus has joined #openstack-keystone07:26
*** rcernin has quit IRC07:27
*** david-lyle has joined #openstack-keystone07:36
*** dklyle has quit IRC07:37
*** dklyle has joined #openstack-keystone07:41
*** david-lyle has quit IRC07:42
*** dklyle has quit IRC07:55
*** dklyle has joined #openstack-keystone07:55
*** shyamb has joined #openstack-keystone08:02
*** tkajinam has quit IRC08:12
*** awalende has joined #openstack-keystone08:19
*** markvoelker has joined #openstack-keystone08:19
*** ileixe has quit IRC08:20
*** ileixe has joined #openstack-keystone08:21
*** erus has quit IRC08:21
*** erus has joined #openstack-keystone08:22
*** ileixe has quit IRC08:26
*** erus has quit IRC08:28
*** erus has joined #openstack-keystone08:28
*** phasespace has joined #openstack-keystone08:37
*** shyamb has quit IRC08:38
*** adriant has quit IRC08:47
*** adriant has joined #openstack-keystone08:48
*** shyamb has joined #openstack-keystone08:50
*** cosss_ has quit IRC08:51
*** cosss_ has joined #openstack-keystone08:51
*** xek_ has quit IRC08:53
*** markvoelker has quit IRC08:53
*** xek_ has joined #openstack-keystone08:53
openstackgerritPavlo Shchelokovskyy proposed openstack/keystone master: Add hint for order of keys during distribution  https://review.openstack.org/63839709:08
openstackgerritPavlo Shchelokovskyy proposed openstack/keystone master: Add hint for order of keys during distribution  https://review.openstack.org/63839709:11
*** shyamb has quit IRC09:23
*** shyamb has joined #openstack-keystone09:23
*** erus has quit IRC09:35
*** erus has joined #openstack-keystone09:35
openstackgerritMerged openstack/keystone master: Add JSON driver for access rules config  https://review.openstack.org/62852409:43
*** markvoelker has joined #openstack-keystone09:50
*** ianw is now known as ianw_pto09:52
*** shyamb has quit IRC09:53
*** shyamb has joined #openstack-keystone09:57
*** erus has quit IRC10:06
*** erus has joined #openstack-keystone10:06
*** shyamb has quit IRC10:16
*** shyamb has joined #openstack-keystone10:16
*** markvoelker has quit IRC10:23
*** erus has quit IRC10:30
*** erus has joined #openstack-keystone10:31
vishakhalbragstad:  In https://review.openstack.org/#/c/639718/, project users(admin or member or reader) won't10:52
vishakha be able to list role assignments?10:52
*** odyssey4me has quit IRC10:53
*** odyssey4me has joined #openstack-keystone10:53
*** ileixe has joined #openstack-keystone11:01
*** erus has quit IRC11:01
*** erus has joined #openstack-keystone11:01
*** markvoelker has joined #openstack-keystone11:20
*** erus has quit IRC11:20
*** erus has joined #openstack-keystone11:20
*** shyamb has quit IRC11:30
*** ileixe has quit IRC11:35
*** xek_ has quit IRC11:45
*** markvoelker has quit IRC11:53
*** raildo has joined #openstack-keystone12:14
*** dave-mccowan has joined #openstack-keystone12:22
*** erus has quit IRC12:47
*** erus has joined #openstack-keystone12:48
*** markvoelker has joined #openstack-keystone12:50
cmurphyhttps://etherpad.openstack.org/p/BER19-OPS-KEYSTONE-FEEDBACK <-- notes from keystone session at ops meetup13:21
*** markvoelker has quit IRC13:22
*** phasespace has quit IRC13:32
*** lbragstad has joined #openstack-keystone13:48
*** ChanServ sets mode: +o lbragstad13:48
*** jmlowe has quit IRC13:51
lbragstadcmurphy \o/13:54
*** erus has quit IRC13:54
cmurphy:D13:54
*** erus has joined #openstack-keystone13:54
cmurphylbragstad: since you weren't in the channel: https://etherpad.openstack.org/p/BER19-OPS-KEYSTONE-FEEDBACK <-- notes from keystone session at ops meetup13:56
lbragstadsweet13:56
lbragstadthere are some good point in there13:58
*** BlackDex has quit IRC13:59
lbragstadunrelated: someone pinged me saying http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003552.html got filtered as spam by gmail, did any other gmail users notice that?13:59
*** BlackDex has joined #openstack-keystone14:02
*** markvoelker has joined #openstack-keystone14:20
*** mchlumsky has joined #openstack-keystone14:21
*** jmlowe has joined #openstack-keystone14:30
HD|Laptophey all14:30
HD|LaptopI'm trying to enable ldap authentication - but as soon as I set driver = ldap14:31
*** erus has quit IRC14:31
HD|Laptopall my authentication breaks14:32
*** erus has joined #openstack-keystone14:32
HD|Laptophow do I keep sql for the "default" domain, or at least keep all the users for the various service accounts?14:32
lbragstadHD|Laptop https://docs.openstack.org/keystone/latest/admin/configuration.html#domain-specific-configuration14:36
lbragstadyou can use domain-specific identity backends14:36
*** imacdonn has quit IRC14:39
HD|Laptoplbragstad: so keep driver=sql in keystone.conf, create /etc/keystone/domains/foo.conf and there do a section [identity] driver=ldap [ldap] ...?14:46
lbragstadyeah - that's the idea14:47
HD|Laptoplbragstad: doesn't work. i have restarted apache, but while openstack list user shows the normal sql users, openstack list user --domain=foo is empty14:49
HD|Laptopbut there should be ~3500 users returned14:49
HD|Laptopin the logs it says "keystone.exception.DomainNotFound: Could not find domain: foo"14:51
*** markvoelker has quit IRC14:53
*** erus has quit IRC14:53
HD|Laptopd'oh, wrong naming convention14:53
*** erus has joined #openstack-keystone14:54
HD|Laptopsimple_bind() argument 1 must be str or None, not bytes: TypeError: simple_bind() argument 1 must be str or None, not bytes14:54
HD|LaptopWTF?14:54
HD|LaptopI'll ask over at debian-openstack, looks like yet ANOTHER python3 fuckup14:54
*** erus has quit IRC14:59
*** erus has joined #openstack-keystone15:00
*** erus has quit IRC15:07
knikollao/15:07
*** erus has joined #openstack-keystone15:08
*** awalende has quit IRC15:16
*** awalende has joined #openstack-keystone15:17
*** awalende has quit IRC15:21
vishakhao/15:27
vishakhalbragstad:  In https://review.openstack.org/#/c/639718/, project users(admin or member or reader) won't be able to list role assignments?15:27
lbragstadvishakha correct15:29
lbragstadi think we reached consensus that only system and domain users should be able to view that information15:29
*** erus has quit IRC15:30
vishakhalbragstad: Ok. And what will be the behaviour of this API https://github.com/openstack/keystone/blob/bf7ca0bc7d934fa965fd7f264e464537b55a0388/keystone/common/policies/role_assignment.py#L52-L6215:31
*** erus has joined #openstack-keystone15:31
coreycbcmurphy: hi, do you know what i need to do to get ldappool===2.3.1 into upper-constraints for stable/rocky?15:37
coreycbcmurphy: it seems fairly straight forward for projects that are listed in releases/deliverables/rocky but ldappool is in releases/deliverables/_independent15:38
lbragstadvishakha we might be able to continue with the plan in that NOTE15:40
lbragstadwe can just open that API up to project-admins, but we can do that in a follow-on, too15:40
coreycbcmurphy: for example - https://github.com/openstack/releases/commit/fc79a3a6a71e6f859027b6c83c6d9cdf5f242b6f15:40
lbragstadvishakha by follow-on, specifically we can fix that subtree assignment list once we know we have good test coverage for all users and roles against the /v3/role_assignment API15:41
* lbragstad back in 10 minutes15:42
vishakhalbragstad: Should I leave that for now? Later on we can add as follow-on?15:43
*** erus has quit IRC15:45
*** erus has joined #openstack-keystone15:46
*** markvoelker has joined #openstack-keystone15:50
*** jamesmcarthur has joined #openstack-keystone16:08
lbragstadvishakha yeah - i think that is fine16:14
lbragstadvishakha making it work for all system users and domain users will probably be more useful initially anyway16:15
vishakhalbragstad: thanks. So I need to fix tempest test cases then and put the project test cases which should not allow users to list role assignments16:17
lbragstadcorrect16:17
lbragstador - at least as far as i understand it16:17
lbragstadwe might have to tinker with how tempest is configured, too16:18
vishakhaYeah. So after feature freeze these all system scope patches be merged in train?16:22
*** markvoelker has quit IRC16:23
*** jmlowe has quit IRC16:36
lbragstadvishakha well - after feature freeze we'll be in release candidate mode16:49
lbragstadso we can still merge bug fixes16:49
lbragstadas soon as we cut a release candidate for keystone, technical the master branch will be open for Train development16:49
lbragstadcmurphy were you in the room during the berlin ops session?16:50
lbragstadbah - nevermind, i just read line 416:51
lbragstadtimothyb89 fyi - https://bugs.launchpad.net/keystone/+bug/181903617:12
openstackLaunchpad bug 1819036 in OpenStack Identity (keystone) "keystone validates X-Auth-Token twice on every request" [High,Triaged]17:12
*** markvoelker has joined #openstack-keystone17:20
*** imacdonn has joined #openstack-keystone17:37
cmurphycoreycb: i think you can just go ahead and propose an update directly to stable/rocky of requirements17:38
cmurphylbragstad: lol17:38
*** jmlowe has joined #openstack-keystone17:49
*** markvoelker has quit IRC17:53
*** gyee has joined #openstack-keystone17:57
*** phasespace has joined #openstack-keystone17:57
*** erus has quit IRC17:59
*** erus has joined #openstack-keystone17:59
*** irclogbot_1 has joined #openstack-keystone18:02
coreycbcmurphy: ok thanks. promethianfire recommended the same so i'll go ahead and do that.18:27
*** erus has quit IRC18:28
coreycbcmurphy: fyi https://review.openstack.org/#/c/641752/18:36
*** pcaruana has quit IRC18:46
*** markvoelker has joined #openstack-keystone18:51
*** vishakha has quit IRC18:54
*** pcaruana has joined #openstack-keystone19:05
*** xek_ has joined #openstack-keystone19:17
*** markvoelker has quit IRC19:23
*** pcaruana has quit IRC19:33
*** brtknr has quit IRC20:10
*** brtknr has joined #openstack-keystone20:15
*** markvoelker has joined #openstack-keystone20:20
*** jamesmcarthur has quit IRC20:23
*** jamesmcarthur_ has joined #openstack-keystone20:23
*** markvoelker has quit IRC20:53
*** xek_ has quit IRC21:15
*** whoami-rajat has quit IRC21:17
*** markvoelker has joined #openstack-keystone21:50
*** dave-mccowan has quit IRC22:02
*** jamesmcarthur_ has quit IRC22:03
*** raildo has quit IRC22:13
*** markvoelker has quit IRC22:23
*** rcernin has joined #openstack-keystone22:41
*** tkajinam has joined #openstack-keystone22:58
*** mloza has joined #openstack-keystone23:09
mlozahello, we have existing openldap server, is it possible to integrate it with keystone or do I have build to a new openldap because keystone needs a new schema?23:12
*** markvoelker has joined #openstack-keystone23:20
*** jmlowe has quit IRC23:46
*** jmlowe has joined #openstack-keystone23:46
*** markvoelker has quit IRC23:52
« Wednesday, 2019-03-06 Index Friday, 2019-03-08 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!