Wednesday, 2019-10-09

« Tuesday, 2019-10-08 Index Thursday, 2019-10-10 »
*** zaitcev_ has joined #openstack-swift00:01
*** ChanServ sets mode: +v zaitcev_00:02
*** zaitcev has quit IRC00:06
*** diablo_rojo has joined #openstack-swift00:37
*** tkajinam_ has joined #openstack-swift01:26
*** tkajinam has quit IRC01:28
*** psachin has joined #openstack-swift02:12
*** renich has joined #openstack-swift02:24
renichGood $time_of_day, OpenStackers!02:24
renichI am having a bit of an issue with a newly installed keystone/swift cluster. Stein is the version.02:25
renichit turns out that: swift stat works fine for the admin user, but it doesn't work for my demouser.02:25
renichAlso, all operations with openstack work for the admin user. The odd part is that: openstack token issue works for the demouser but not any container or object operations.02:26
renichI dunno what is causing it. It's really odd.02:26
renichThis is how I created demouser: https://paste.fedoraproject.org/paste/8vHla6tqE45v1L~tlCflmw02:27
timburkerenich, what operator_roles do you have set for keystoneauth in your proxy-server.conf? significantly, is demorole included there?02:48
timburke(it doesn't necessarily have to be -- it kinda all depends on how you want auth to work for your cluster)02:49
timburkefor example, if the user should only have access to a particular container or set of containers, you could have the admin user create the container(s) and set appropriate container ACLs for the user02:50
renichtimburke: no, it's not. I set admin, user03:00
renichah, OK! I get it. But, for example, regular users should be operators in general, right?03:01
renichOK, so, I need to create the admin and user roles, right? In order to be able to grant operator privileges to those roles.03:03
renichtimburke: you were totally right. I added the user role to demoproject and it works fine now. Interesting! The idea of not adding the user role and controlling per-container access to users is awesome as well.03:07
timburkei'm torn about it, honestly -- it's a lot of power, but it seems easy to have it become overly complicated, and discoverability becomes an issue03:09
*** psachin has quit IRC03:17
*** psachin has joined #openstack-swift03:18
*** diablo_rojo has quit IRC03:40
*** renich has quit IRC05:29
*** renich has joined #openstack-swift05:30
*** renich has quit IRC05:50
*** rdejoux has joined #openstack-swift07:07
*** pcaruana has joined #openstack-swift07:10
*** tesseract has joined #openstack-swift07:13
*** ccamacho has joined #openstack-swift07:24
*** rpittau|afk is now known as rpittau07:35
*** tkajinam_ has quit IRC08:10
openstackgerritChristian Schwede proposed openstack/swift master: Fix misleading error msg if swift.conf unreadable  https://review.opendev.org/58128008:31
openstackgerritChristian Schwede proposed openstack/swift master: Fix misleading error msg if swift.conf unreadable  https://review.opendev.org/58128008:33
*** e0ne has joined #openstack-swift08:39
*** mvkr has quit IRC09:39
*** mvkr has joined #openstack-swift09:53
*** tesseract has quit IRC10:44
*** tesseract has joined #openstack-swift10:46
*** rcernin has quit IRC10:48
tdasilvacschwede!!!10:49
cschwedetdasilva: me? what did i break? ;)10:52
tdasilvacschwede: heh, it's goot to see you around!10:56
mattoliverau+10011:35
*** baojg has quit IRC11:46
*** tomha has joined #openstack-swift11:59
*** tomha has quit IRC12:09
*** tomha has joined #openstack-swift12:11
*** tomha has quit IRC12:16
*** psachin has quit IRC12:31
*** csmart has quit IRC12:33
*** csmart has joined #openstack-swift12:36
*** NM has joined #openstack-swift13:07
*** pcaruana has quit IRC13:31
*** pcaruana has joined #openstack-swift13:33
*** ianychoi has quit IRC13:41
*** mikecmpbll has joined #openstack-swift13:53
*** mahatic has quit IRC13:56
*** tonyb has quit IRC13:56
*** zaitcev_ has quit IRC13:56
*** MooingLemur has quit IRC13:56
*** cwright has quit IRC13:56
*** MooingLe1ur has joined #openstack-swift13:56
*** openstackstatus has quit IRC13:58
*** cwright has joined #openstack-swift14:00
timburke\o/ cschwede!14:05
openstackgerritThiago da Silva proposed openstack/swift master: Create segment container w/ same policy as primary  https://review.opendev.org/68757714:30
openstackgerritClay Gerrard proposed openstack/swift master: WIP: Allow internal clients to use null namespace  https://review.opendev.org/68213814:46
claygtdasilva: p 687577 looks obviously correct - i'm doing a quick once over14:51
patchbothttps://review.opendev.org/#/c/687577/ - swift - Create segment container w/ same policy as primary - 1 patch set14:51
tdasilvaclayg: thanks!14:51
tdasilvaclayg: I'm looking at p 682138 and wondering if I should rebase p 682382 on top of it14:52
patchbothttps://review.opendev.org/#/c/682138/ - swift - WIP: Allow internal clients to use null namespace - 9 patch sets14:52
patchbothttps://review.opendev.org/#/c/682382/ - swift - WIP: New Object Versioning mode - 11 patch sets14:52
claygtdasilva: i wouldn't yet - it's still unstable and timburke and I are having some problems with the null-byte in queries - it's all a mess 😞14:56
claygtdasilva: i'm in the middle of making the RESERVED_BYTE a constant in prepreation for having to go with \x01\x01 or something since the null-byte is starting to look sketchy 😢14:58
claygwe definately still need a reserved delimiter for name/version and a way to have system containers... but maybe the null-byte isn't the answer to our prayers we were hoping for - dunno14:59
*** diablo_rojo has joined #openstack-swift15:06
tdasilvaclayg: i'm back to wondering if we could claim something like \x01 to be a reserved_byte going forward. User's won't be able to create new container/object with it. If they have existing data, we could add the "shunt" option is the listing middleware to not filter it out.15:06
tdasilvaclayg: it does mean that for those cluster we would leak system containers, but it's not different behavior from what they have today15:07
tdasilvaclayg: i.e., users can see 'versions' and '+segments' container today15:07
claygI agree having something actually reserved - like \x01 - would be way better than having something reserved by convention like \x01\x0115:08
claygaws s3 allows keys with \x01 in the name - but like us - not \x0015:08
claygtimburke: suggested quite reasonably, that allowing them isn't the same as clients using them15:09
claygwe could potentially "reclaim" \x01-\x08" or something similar -  and call it 'reserved" w/o breaking clients15:09
claygOTOH, maybe someone is using it - or something in the future will say "but this works in s3"15:09
claygasides from the dubious handling in like queryies sqlite3 has done pretty well with it's null-byte handling despite being "undefined" - as best I can tell the marker/prefix queries are working perfectly - so I haven't given up hope15:11
claygbut i'm also running a fever - so don't listen to me 🤒15:11
openstackgerritThiago da Silva proposed openstack/swift master: Create segment container w/ same policy as primary  https://review.opendev.org/68757715:24
tdasilvaclayg: sorry for the noise ^^^15:28
claygNo worries, you just changed the req to seg-req?15:30
*** NM has quit IRC15:31
tdasilvaclayg: yep!15:36
*** rpittau is now known as rpittau|afk15:45
*** openstackgerrit has quit IRC15:52
*** BjoernT has joined #openstack-swift15:56
*** ccamacho has quit IRC16:03
*** zaitcev has joined #openstack-swift16:11
*** ChanServ sets mode: +v zaitcev16:11
*** rdejoux has quit IRC16:34
timburkeclayg, i wonder if we could add a restriction that all objects/containers that include a null byte must start with a null byte... i mean, the prefix/marker/end_marker tests you've done sure indicate that > and < work just fine with NUL -- maybe we tack on a " AND name >= '\x01' " if allow_null is false...16:39
*** gyee has joined #openstack-swift16:58
*** mikecmpbll has quit IRC17:02
*** e0ne has quit IRC17:02
*** NM has joined #openstack-swift17:03
*** tomha has joined #openstack-swift17:40
*** tomha has quit IRC17:48
zaitcevhttps://www.zdnet.com/article/suse-drops-openstacks/17:54
*** e0ne has joined #openstack-swift18:25
*** e0ne has quit IRC19:00
*** pcaruana has quit IRC19:07
*** e0ne has joined #openstack-swift19:08
*** umbSublime has joined #openstack-swift19:08
*** mgagne has quit IRC19:11
*** tesseract has quit IRC19:20
*** e0ne has quit IRC19:56
*** rdejoux has joined #openstack-swift20:10
mattoliverauYup, not gonna lie, I only knew about 24 hours before that article.. if that. It hasn't been a good few days, and I'm still in shock :(20:27
* timburke hugs mattoliverau20:27
*** pcaruana has joined #openstack-swift20:33
*** pcaruana has quit IRC20:40
kota_morning20:57
kota_suse!?20:57
alecuyerhello, ouch that's sad news :/20:59
timburkemeeting time!21:00
*** NM has quit IRC21:34
*** diablo_rojo has quit IRC21:47
*** BjoernT has quit IRC22:02
*** rdejoux has quit IRC22:06
*** rcernin has joined #openstack-swift22:14
*** tkajinam has joined #openstack-swift23:02
*** openstackstatus has joined #openstack-swift23:19
*** ChanServ sets mode: +v openstackstatus23:19
*** gyee has quit IRC23:27
*** NM has joined #openstack-swift23:54
*** NM has quit IRC23:58
« Tuesday, 2019-10-08 Index Thursday, 2019-10-10 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!