19:19:41 #startmeeting keystone-office-hours 19:19:42 Meeting started Tue Feb 6 19:19:41 2018 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:19:43 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 19:19:45 The meeting name has been set to 'keystone_office_hours' 19:19:48 sorry about that 19:19:54 lol 19:20:09 :) 19:51:50 cmurphy: https://review.openstack.org/#/c/529914/ looks ok to me, but it'd be good to get your feedback on it whenever you have a minute 19:52:03 lbragstad: yeah i'm looking at it now 19:55:07 wunderbar 19:57:39 Eric Fried proposed openstack/keystoneauth master: DNM: Debug nova-next failure: user headers https://review.openstack.org/541425 20:02:43 Eric Fried proposed openstack/keystoneauth master: DNM: Debug nova-next failure: invalidate https://review.openstack.org/541429 20:04:32 Eric Fried proposed openstack/keystoneauth master: DNM: Debug nova-next failure: connection params https://review.openstack.org/541431 20:08:52 kmalloc: https://review.openstack.org/#/c/541074/ finishes up the self. refactor in tests 20:10:37 https://review.openstack.org/#/c/531915/ closes a bug, too 20:53:45 lbragstad: sorry missed the meeting, was picking up Brie from the airport 20:53:57 no worries 20:54:20 lbragstad: +2 but with comments, maybe knikolla could take a look? https://review.openstack.org/#/c/529914/ 21:01:21 lbragstad: +2/+A on both of those 1074 and 1915 21:01:45 fantastic 21:04:11 quick question 21:04:31 our install guide goes through port 35357 21:04:36 and does the install based on that port 21:05:03 thoughts on rewriting the install guide to use uwsgi + apache instead? 21:05:42 and ProxyPass? 21:06:31 so something like this for uwsgi https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone-uwsgi.ini.j2 and something like this for apache https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone-httpd.conf.j2#L109-L110 ? 21:07:47 +1 but you might need to coordinate with distros who are shipping default vhost files 21:07:48 with the removal of v2.0, we don't actually need both ports 21:08:04 yeah - that's a good point 21:09:42 so just 5000? 21:10:01 well - it could be up to the deployers discretion 21:10:24 because the port would only get used in the ProxyPass statement in apache configuration 21:10:59 apache would be doing something like `ProxyPass /identity uwsgi://127.0.0.1:5000/` 21:11:11 or `ProxyPass /identity uwsgi://127.0.0.1:8443/` 21:12:03 and uwsgi would be running keystone on that port 21:13:30 but you could also specify that port in apache, too i suppose 21:13:37 https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone-httpd.conf.j2#L71-L72 21:13:43 kinda like what osa does ^ 21:14:49 yea 21:15:11 so you could specify http:$CONTROLLER_IP:5000/identity 21:15:48 wait - actually 21:15:59 it would be http://$CONTROLLER_IP/identity 21:16:12 which would route to uwsgi internally on port 5000 21:16:58 if i'm understand the apache config correctly 21:20:32 Lance Bragstad proposed openstack/keystone master: Update sample configuration file for Queens https://review.openstack.org/541447 21:30:36 Kristi Nikolla proposed openstack/keystone master: WIP - Add opts --only-invalid and --remove-assignment for mapping_purge https://review.openstack.org/487579 21:31:15 Kristi Nikolla proposed openstack/keystone master: WIP - Add opts --invalid and --assignments for mapping_purge https://review.openstack.org/487579 21:42:02 cmurphy: do you know who maintains the package files for suse? 21:42:41 lbragstad: yes 21:42:55 my team 21:43:02 can def help there 21:43:08 sweet 21:43:23 i kinda went down a rabbit hole looking for the debian packagers 21:43:50 https://github.com/openstack/deb-keystone 21:43:57 i think that's where they used to be 21:44:28 * lbragstad wonders if hrybacki knows who maintains the redhat package files for keystone 21:44:47 lol 21:44:48 i think the debian packages moved off of openstack infra 21:45:01 but we don't have docs for debian anyways, need to engage the ubuntu people 21:45:28 think the raspbian package for keystone is icehouse 21:45:35 lol 21:45:39 nice 21:45:44 get it while it's hot 21:46:00 oh jeez, ayoung might still be in charge of them? I'm sure that falls on my team however 21:47:37 cmurphy: this looks like the right ubuntu team? https://wiki.openstack.org/wiki/Packaging/Ubuntu 21:47:44 hrybacki: it's not just using delorean? 21:48:38 lbragstad: yeah that looks right? 21:48:44 cmurphy: I know that's involved but I'm not sure what's pushing the last leg of that (RDO->OSP) The pipeline is kind of confusing 21:49:02 s/kind of// 21:49:33 lbragstad: btw we're crunching to get a huge release out the door this month so i'm not going to want to propose major changes to the keystone package till march 21:50:01 ack 21:50:48 so - even though we don't include v2.0 in Queens, you think we should push of refactoring the entire install guide to include uwsgi + apache on a single port until later/ 21:51:23 ah actually scratch that, our release is based on pike so i can probably do whatever with the queens packages 21:52:10 ok 21:52:12 cool 21:54:15 i was thinking it would be nice to have the install guide reflect the removal of v2.0 21:54:26 i'm just wondering if it will be too late for that 21:54:49 i kinda spaced on the whole default package files thing... 21:55:07 and how that is not controlled in our repository 22:04:29 lots of moving parts to juggle 22:14:32 Colleen Murphy proposed openstack/keystone master: Remove all v2.0 APIs except the ec2tokens API https://review.openstack.org/540141 22:19:08 Lance Bragstad proposed openstack/keystone master: Remove v2 and v2-admin API documentation https://review.openstack.org/540529 22:19:18 Lance Bragstad proposed openstack/keystone master: Update curl request documentation to remove v2.0 https://review.openstack.org/539342 22:19:28 Lance Bragstad proposed openstack/keystone master: Remove v2.0 extension documentation https://review.openstack.org/540525 22:19:38 Lance Bragstad proposed openstack/keystone master: Remove v2.0 from documentation guides https://review.openstack.org/540499 22:21:24 oops sorry :( 22:22:18 cmurphy: you're good - thanks for fixing that 22:24:21 getting some information on the ubuntu packages http://paste.openstack.org/show/664081/ 22:24:35 ^ because they don't have logging on that channel 22:24:49 but the TL;DR is that it is here - https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/keystone/tree/debian/keystone.conf 22:28:31 lbragstad: we still have this in ksm http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/_auth.py#n66 :( we should probably fix that 22:29:31 yeah... we have a card for all that https://trello.com/c/rP53zMgc/16-remove-v20-api-support-from-libraries 22:33:39 cmurphy: that can be fixed in rocky, yeah? 22:38:29 lbragstad: yeah i guess? some people are going to have broken paste configs and it's not going to be clear why 22:38:34 http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/__init__.py#n889 22:40:46 i think this is what broke tripleo's CI, someone might think they're all converted to v3 but the weirdness in ksm's auth plugin handler can trick you 22:43:16 hmm 22:43:33 if we were go to a single port with package installs, would there be a recommended port to listen on? 22:43:38 35357 or 5000? 22:44:24 80/443 :) 22:45:06 ++ 22:47:29 full conversation from #openstack-pkg http://paste.openstack.org/show/664112/ 22:47:44 looks like we'll get some assistance from the ubuntu folks! 23:07:22 #endmeeting