Re: [openstack-dev] [all] [tc] [api] Paste Maintenance

at 07:49:35AM -0700, Morgan Fainberg wrote: > > I should be able to do a write up for Keystone's removal of paste *and* > > move to flask soon. > > > > I can easily extract the bit of code I wrote to load our external > > middleware (and add an external loader) for the t

Re: [openstack-dev] [all] [tc] [api] Paste Maintenance

Also, doesn't bitbucket have a git interface now too (optionally)? On Mon, Oct 22, 2018, 07:49 Morgan Fainberg wrote: > I should be able to do a write up for Keystone's removal of paste *and* > move to flask soon. > > I can easily extract the bit of code I wrote to load

Re: [openstack-dev] [all] [tc] [api] Paste Maintenance

I should be able to do a write up for Keystone's removal of paste *and* move to flask soon. I can easily extract the bit of code I wrote to load our external middleware (and add an external loader) for the transition away from paste. I also think paste is terrible, and would be willing to help

Re: [openstack-dev] [oslo][glance][cinder][nova][keystone] healthcheck

Keystone no longer uses paste (since Rocky) as paste is unmaintained. The healthcheck app is permanently enabled for keystone at /healthcheck. We chose to make it a default bit of functionality in how we have Keystone deployed. We also have unit tests in place to ensure we don't regress and

Re: [openstack-dev] [keystone] Keystone Team Update - Week of 1 October 2018

87 (keystone:Undecided) > https://bugs.launchpad.net/keystone/+bug/1782687 > Bug #1796077 (keystone:Undecided) > https://bugs.launchpad.net/keystone/+bug/1796077 > Bug #1796247 (keystone:Undecided) > https://bugs.launchpad.net/keystone/+bug/1796247 > > Bugs fixed (4) >

Re: [openstack-dev] [Openstack-operators] [all] Consistent policy names

Ideally I would like to see it in the form of least specific to most specific. But more importantly in a way that there is no additional delimiters between the service type and the resource. Finally, I do not like the change of plurality depending on action type. I propose we consider *::[:]*

Re: [openstack-dev] [cinder][glance][ironic][keystone][neutron][nova][edge] PTG summary on edge discussions

This discussion was also not about user assigned IDs, but predictable IDs with the auto provisioning. We still want it to be something keystone controls (locally). It might be hash domain ID and value from assertion ( similar.to the LDAP user ID generator). As long as within an environment, the

Re: [openstack-dev] [Openstack-operators] [all] Consistent policy names

I am generally opposed to needlessly prefixing things with "os". I would advocate to drop it. On Fri, Sep 14, 2018, 20:17 Lance Bragstad wrote: > Ok - yeah, I'm not sure what the history behind that is either... > > I'm mainly curious if that's something we can/should keep or if we are >

Re: [openstack-dev] [keystone] keystoneauth version auto discovery for internal endpoints in queens

Typically speaking if we broke a behavior via a change in KeystoneAuth (not some behavior change in openstackclient or the way osc processes requests), we are in the wrong and we will need to go back through and fix the previous behavior. I'll spend some time going through this to verify if this

[openstack-dev] Changes to keystone-stable-maint members

Hi, I am proposing making some changes to the Keystone Stable Maint team. A lot of this is cleanup for contributors that have moved on from OpenStack. For the most part, I've been the only one responsible for Keystone Stable Maint reviews, and I'm not comfortable being this bottleneck Removals

Re: [openstack-dev] Fwd: [Openstack-operators][tc] [keystone][all] v2.0 API removal

In addendum, the final v2.0 (EC2-API) path will eventually be removed (mitaka +7, the "T" release). The v3 versions (where they exist) will continue to be maintained and not removed. On Fri, Oct 20, 2017 at 5:16 PM, Morgan Fainberg <morgan.fainb...@gmail.com> wrote: > Let me c

Re: [openstack-dev] Fwd: [Openstack-operators][tc] [keystone][all] v2.0 API removal

Let me clarify a few things regarding the V2.0 removal: * This has been planned for years at this point. At one time (I am looking for the documentation, once I find it I'll include it on this thread) we worked with Nova and the TC to set forth a timeline on the removal. Part of that agreement

Re: [openstack-dev] [nova][keystone] keystoneauth1 and keystonemiddle setting

On Aug 16, 2017 11:31, "Brant Knudson" wrote: On Mon, Aug 14, 2017 at 2:48 AM, Chen CH Ji wrote: > In fixing bug 1704798, there's a proposed patch > https://review.openstack.org/#/c/485121/7 > but we stuck at http_connection_timeout and timeout value in

Re: [openstack-dev] [keystone] using only sql for resource backends

On Tue, Aug 15, 2017 at 7:36 AM, Lance Bragstad wrote: > During RC, Morgan's made quite a bit of progress on a bug found by the > gate [0]. Part of the solution led to another patch that removes the > ability to configure anything but sql for keystone's resource backend >

Re: [openstack-dev] [keystone] rc2 updates

On Fri, Aug 11, 2017 at 11:10 AM, Lance Bragstad wrote: > Thanks for the update. > > Outside of the docs patches, we made some good progress on a bug 1702211 > (reported as https://bugs.launchpad.net/keystone/+bug/1703917 and > https://bugs.launchpad.net/keystone/+bug/1702211

Re: [openstack-dev] [qa] [keystone] Random Patrole failures related to Identity v3 Extensions API

On Fri, Aug 11, 2017 at 9:25 AM, Morgan Fainberg <morgan.fainb...@gmail.com> wrote: > On Fri, Aug 11, 2017 at 8:44 AM, Felipe Monteiro > <felipe.carneiro.monte...@gmail.com> wrote: >> Patrole tests occasionally fail while executing tests that test the >> Identity v3

Re: [openstack-dev] [qa] [keystone] Random Patrole failures related to Identity v3 Extensions API

On Fri, Aug 11, 2017 at 8:44 AM, Felipe Monteiro wrote: > Patrole tests occasionally fail while executing tests that test the > Identity v3 Extensions API [0]. Previously, this was not the case when > we used Fernet tokens and used a time.sleep(1) to allow for

Re: [openstack-dev] [all][elections] PTL nomination period is now over

On Aug 9, 2017 16:48, "Kendall Nelson" wrote: Hello Everyone! The PTL Nomination period is now over. The official candidate list is available on the election website[0]. There are 2 projects without candidates, so according to this resolution[1], the TC will have to

Re: [openstack-dev] [keystone][kubernetes] Webhook PoC for Keystone based Authentication and Authorization for Kubernetes

I shall take a look at the webhooks and see if I can help on this front. --Morgan On Tue, Aug 8, 2017 at 6:34 PM, joehuang wrote: > Dims, > > Integration of keystone and kubernetes is very cool and in high demand. Thank > you very much. > > Best Regards > Chaoyi Huang

Re: [openstack-dev] [keystone][api] Backwards incompatible changes based on config

On Fri, Aug 4, 2017 at 3:09 PM, Kevin L. Mitchell <klmi...@mit.edu> wrote: > On Fri, 2017-08-04 at 14:52 -0700, Morgan Fainberg wrote: >> > Maybe not, but please do recall that there are many deployers out >> > there >> > that track master, not fixed releases

Re: [openstack-dev] [keystone][api] Backwards incompatible changes based on config

On Fri, Aug 4, 2017 at 2:43 PM, Kevin L. Mitchell wrote: > On Fri, 2017-08-04 at 16:45 -0400, Kristi Nikolla wrote: >> Is this the case even if we haven’t made any final release with the change >> that introduced this issue? [0] >> >> It was only included in the Pike milestones

Re: [openstack-dev] [rally][no-admin] Finally Rally can be run without admin user

On Tue, Jun 13, 2017 at 1:04 PM, Boris Pavlovic wrote: > Hi stackers, > > Intro > > Initially Rally was targeted for developers which means running it from > admin was OK. > Admin was basically used to simplify preparing environment for testing: > create and setup

Re: [OpenStack-Infra] Zuul v3: proposed new Depends-On syntax

From someone who has used/consumed/worked with/contributed to Zuul, this seems very straight forward and reasonable. The only concern is ensuring that the metadata on "if this has in-fact merged" is clearly available in the URL. I want to ensure we're implementing something generally useful and if

Re: [Openstack] All Hail our Newest Release Name - OpenStack Rocky

It would be nice if there was a bit more transparency on the "legal risk" (conflicts with another project, etc), but thanks for passing on the information none-the-less. I, for one, welcome our new "Rocky" overlord project name :) Cheers, --Morgan On Fri, Apr 28, 2017 at 2:54 PM, Monty Taylor

Re: [openstack-dev] [Openstack] All Hail our Newest Release Name - OpenStack Rocky

It would be nice if there was a bit more transparency on the "legal risk" (conflicts with another project, etc), but thanks for passing on the information none-the-less. I, for one, welcome our new "Rocky" overlord project name :) Cheers, --Morgan On Fri, Apr 28, 2017 at 2:54 PM, Monty Taylor

Re: [openstack-dev] Emails for OpenStack R Release Name voting going out - please be patient

I also have not received a poll email. On Apr 12, 2017 6:13 AM, "Neil Jerram" wrote: > Nor me. > > On Wed, Apr 12, 2017 at 1:55 PM Doug Hellmann > wrote: > >> Excerpts from Dulko, Michal's message of 2017-04-12 12:09:30 +: >> > On Wed, 2017-04-12 at

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

On Mon, Mar 20, 2017 at 12:23 PM, Dave McCowan (dmccowan) wrote: > +1 from me. That looks easy to implement and maintain. > > On 3/20/17, 2:49 PM, "Davanum Srinivas" wrote: > >>Dave, >> >>Here's the precendent from oslo.policy:

Re: [openstack-dev] [Keystone] Admin or certain roles should be able to list full project subtree

On Mar 16, 2017 07:28, "Jeremy Stanley" wrote: On 2017-03-16 08:34:58 -0500 (-0500), Lance Bragstad wrote: [...] > These security-related corner cases have always come up in the past when > we've talked about implementing reseller. Another good example that I > struggle with

Re: [openstack-dev] [all][swg] per-project "Business only" moderated mailing lists

On Mon, Feb 27, 2017 at 9:18 AM, Thierry Carrez wrote: > Dean Troyer wrote: > > On Mon, Feb 27, 2017 at 3:31 AM, Clint Byrum wrote: > >> This is not for users who only want to see some projects. That is a well > >> understood space and the mailman

Re: [openstack-dev] [keystone] [nova] keystonauth catalog work arounds hiding transition issues

On Mon, Feb 27, 2017 at 7:26 AM, Sean Dague <s...@dague.net> wrote: > On 02/27/2017 10:22 AM, Morgan Fainberg wrote: > > > I agree we should kill the discovery hack, however that is a break in > > the keystoneauth contract. Simply put, we cannot. Keystoneauth is o

Re: [openstack-dev] [keystone] [nova] keystonauth catalog work arounds hiding transition issues

On Mon, Feb 27, 2017 at 5:56 AM, Sean Dague wrote: > We recently implemented a Nova feature around validating that project_id > for quotas we real in keystone. After that merged, trippleo builds > started to fail because their undercloud did not specify the 'identity' > service

Re: [openstack-dev] [octavia][sdk] service name for octavia

On Wed, Feb 15, 2017 at 7:25 AM, Monty Taylor wrote: > On 02/15/2017 09:12 AM, Hayes, Graham wrote: > > On 15/02/2017 15:00, Monty Taylor wrote: > >> On 02/14/2017 07:08 PM, Qiming Teng wrote: > >>> When reviewing a recent patch that adds openstacksdk support to > octavia,

Re: [openstack-dev] [oslo][oslo.db] MySQL Cluster support

On Thu, Feb 2, 2017 at 2:28 PM, Octave J. Orgeron wrote: > That refers to the total length of the row. InnoDB has a limit of 65k and > NDB is limited to 14k. > > A simple example would be the volumes table in Cinder where the row length > goes beyond 14k. So in the IF

Re: [openstack-dev] gate jobs - papercuts

On Tue, Jan 31, 2017 at 1:55 PM, Morgan Fainberg <morgan.fainb...@gmail.com> wrote: > > > On Tue, Jan 31, 2017 at 10:37 AM, Matthew Treinish <mtrein...@kortar.org> > wrote: > >> On Tue, Jan 31, 2017 at 01:19:41PM -0500, Steve Martinelli wrote: >> >

Re: [openstack-dev] gate jobs - papercuts

On Tue, Jan 31, 2017 at 10:37 AM, Matthew Treinish wrote: > On Tue, Jan 31, 2017 at 01:19:41PM -0500, Steve Martinelli wrote: > > On Tue, Jan 31, 2017 at 12:49 PM, Davanum Srinivas > > wrote: > > > > > Folks, > > > > > > Here's the list of job failures

Re: [openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

On Wed, Jan 18, 2017 at 5:18 PM, Clint Byrum wrote: > Excerpts from Morgan Fainberg's message of 2017-01-18 15:33:00 -0800: > > On Wed, Jan 18, 2017 at 11:23 AM, Brant Knudson wrote: > > > > > > > > > > > On Wed, Jan 18, 2017 at 9:58 AM, Dave McCowan (dmccowan) <

Re: [openstack-dev] [all] [barbican] [security] Why are projects trying to avoid Barbican, still?

On Wed, Jan 18, 2017 at 11:23 AM, Brant Knudson wrote: > > > On Wed, Jan 18, 2017 at 9:58 AM, Dave McCowan (dmccowan) < > dmcco...@cisco.com> wrote: > >> >> On Mon, Jan 16, 2017 at 7:35 AM, Ian Cordasco >> wrote: >> >>> Hi everyone, >>> >>> I've seen a few

Re: [openstack-dev] [Nova] python 3 tests hate my exception handling

On Jan 3, 2017 19:29, "Matt Riedemann" wrote: On 1/3/2017 8:48 PM, Michael Still wrote: > So... > > Our python3 tests hate [1] my exception handling for continued > vendordata implementation [2]. > > Basically, it goes a bit like this -- I need to move from using

Re: [openstack-dev] [keystone] Custom ProjectID upon creation

On Mon, Dec 5, 2016 at 3:21 PM, Andrey Grebennikov < agrebenni...@mirantis.com> wrote: > >> >> On Mon, Dec 5, 2016 at 2:31 PM, Andrey Grebennikov < >> agrebenni...@mirantis.com> wrote: >> >>> -Original Message- From: Andrey Grebennikov Reply:

Re: [openstack-dev] [keystone] Custom ProjectID upon creation

On Mon, Dec 5, 2016 at 2:31 PM, Andrey Grebennikov < agrebenni...@mirantis.com> wrote: > -Original Message- >> From: Andrey Grebennikov >> Reply: OpenStack Development Mailing List (not for usage questions) >> >> Date:

Re: [openstack-dev] [keystone] team logo (initial draft)

Looks good! Commented on the Form, but the "grey section" might be even better if there was a little color to it. As it is, It might be too "stark" a contrast as it is to a black laptop/background (white alone tends to be) if the white sections are opaque, and it might fade into a "white" or

Re: [openstack-dev] [keystone][devstack][rally][python-novaclient][magnum] switching to keystone v3 by default

On Dec 1, 2016 8:25 AM, "Andrey Kurilin" wrote: > > As I replied at IRC, please do not mix two separate issues! > Yes, we have several scenarios which are not support keystone v3 yet. It is an issue, but it is unrelated issue to described in the first mail. > We have a job

Re: [openstack-dev] oaktree - a friendly end-user oriented API layer - anybody want to help?

On Tue, Nov 15, 2016 at 5:16 PM, Jay Pipes wrote: > Awesome start, Monty :) Comments inline. > > On 11/15/2016 09:56 AM, Monty Taylor wrote: > >> Hey everybody! >> >> At this past OpenStack Summit the results of the Interop Challenge were >> shown on stage. It was pretty

Re: [openstack-dev] [keystone] meeting format poll

I agree with Steve. I just want to highlight that the wiki is viable again if we wanted to change. The move to etherpad was a necessity, now we have options we should be sure eveyrone is still happy with it. On Tue, Nov 15, 2016 at 12:31 PM, Steve Martinelli wrote: > I

Re: [openstack-dev] Anyone want to meetup at KubeCon?

On Nov 8, 2016 4:53 PM, "Stephen McQuaid" wrote: > > We have been developing a keystone authz webhook for easy integration. If anyone is interested we can look at open-sourcing it > > > > Stephen McQuaid > > Sr. Software Engineer | Kubernetes & Openstack > > GoDaddy > > > >

Re: [openstack-dev] [all][dev][python] constructing a deterministic representation of a python data structure

On Thu, Nov 3, 2016 at 1:04 PM, Amrith Kumar wrote: > Gordon, > > You can see a very quick-and-dirty prototype of the kind of thing I'm > looking to do in Trove at > https://gist.github.com/amrith/6a89ff478f81c2910e84325923eddebe > > Uncommenting line 51 would simulate a bad

Re: [openstack-dev] [requirements][lbaas] gunicorn to g-r

On Oct 17, 2016 17:32, "Thomas Goirand" wrote: > > On 10/17/2016 08:43 PM, Adam Harwell wrote: > > Jim, that is exactly my thought -- the main focus of g-r as far as I was > > aware is to maintain interoperability between project dependencies for > > openstack deploys, and since

Re: [openstack-dev] PTG from the Ops Perspective - a few short notes

On Oct 17, 2016 12:15, "Clint Byrum" wrote: > > Excerpts from Chris Dent's message of 2016-10-17 10:38:25 +0100: > > On Mon, 17 Oct 2016, Renat Akhmerov wrote: > > > > > If you are a developer, of course, PTG is an important event to > > > attend. But… Being a developer, I would

Re: [openstack-dev] [Keystone] Project name DB length

On Thu, Oct 6, 2016 at 7:06 AM, gordon chung wrote: > > > On 05/10/16 07:55 AM, Sean Dague wrote: > > Except... the 64 char field in keystone isn't required to be a uuid4. > > Which we ran into when attempting to remove it from the URLs in Nova. > > There is no validation anywhere

Re: [openstack-dev] [elections][tc]Thoughts on the TC election process

On Oct 3, 2016 14:15, "Edward Leafe" wrote: > > On Oct 3, 2016, at 12:18 PM, Clay Gerrard wrote: > > > >> After the nominations close, the election officials will assign each candidate a non-identifying label, such as a random number, and those officials

Re: [openstack-dev] [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

On Sep 21, 2016 09:37, "Adam Lawson" wrote: > > But something else struck me, the velocity and sheer NUMBER of emails that must be filtered to find and extract these key announcements is tricky so I don't fault anyone for missing the needle in the haystack. Important needle no

Re: [openstack-dev] Too many mails on announce list again :)

On Tue, Sep 20, 2016 at 9:18 AM, Doug Hellmann wrote: > Excerpts from Thierry Carrez's message of 2016-09-20 10:19:04 +0200: > > Steve Martinelli wrote: > > > I think bundling the puppet, ansible and oslo releases together would > > > cut down on a considerable amount of

Re: [openstack-dev] venting -- OpenStack wiki reCAPTCHA

On Fri, Sep 9, 2016 at 8:43 AM, Tom Fifield wrote: > > > On 廿十六年九月九日 朝 10:41, Tom Fifield wrote: > >> >> >> On 廿十六年九月八日 暮 08:36, Jeremy Stanley wrote: >> >>> On 2016-09-09 01:10:15 + (+), Bhandaru, Malini K wrote: >>> Is it just me who likes to hit the save

Re: [openstack-dev] [keystone] new core reviewer (rderose)

On Sep 2, 2016 08:44, "Brad Topol" wrote: > > Congratulations Ron!!! Very well deserved!!! > > --Brad > > > Brad Topol, Ph.D. > IBM Distinguished Engineer > OpenStack > (919) 543-0646 > Internet: bto...@us.ibm.com > Assistant: Kendra Witherspoon (919) 254-0680 > > Steve

Re: [openstack-dev] [keystone][nova] "admin" role and "rule:admin_or_owner" confusion

On Sep 2, 2016 09:39, "rezroo" wrote: > > Hello - I'm using Liberty release devstack for the below scenario. I have created project "abcd" with "john" as Member. I've launched one instance, I can use curl to list the instance. No problem. > > I then modify

Re: [OpenStack-Infra] MeetBot taking unauthorised vacation

On Wed, Aug 17, 2016 at 8:57 AM, Anita Kuno wrote: > On 16-08-17 10:45 AM, Stig Telfer wrote: > >> I think our meeting ran over time and the openstack bot exited at 1 >> minute past the end of the meeting. So it’s quite likely there were >> supposed to be no meetings

[openstack-dev] [tc] Stepping Down.

Based upon my personal time demands among a number of other reasons I will be stepping down from the Technical Committee. This is planned to take effect with the next TC election so that my seat will be up to be filled at that time. For those who elected me in, thank you. Regards, --Morgan

Re: [openstack-dev] Retirement of openstack/cloud-init repository

On Jul 29, 2016 17:13, "Joshua Harlow" wrote: > > Hi all, > > I'd like to start the retirement (well actually it's more of shifting) of the openstack/cloud-init repository to its new location that *finally* removes the old bzr version of itself. > > The long story is that

Re: [openstack-dev] Switch 'all?' openstack bots to errbot plugins?

On Jul 28, 2016 22:50, "Joshua Harlow" wrote: > > Hi folks, > > I was thinking it might be useful to see what other folks think about switching (or migrating all the current bots we have in openstack) to be based on errbot plugins. > > Errbot @ http://errbot.io/en/latest/

Re: [openstack-dev] [Keystone] Multi-factor Auth with Keystone and TOTP

On Sun, Jul 17, 2016 at 10:37 PM, Steve Martinelli wrote: > Several comments inline > > On Mon, Jul 18, 2016 at 12:20 AM, Adrian Turjak > wrote: > >> Hello, >> >> I've been looking at options for doing multi-factor auth (MFA) on our >>

Re: [OpenStack-Infra] [gear] Making Gear easier to consume ( less .encode() and .decode() )

On Tue, Jun 21, 2016 at 3:16 PM, James E. Blair <cor...@inaugust.com> wrote: > Morgan Fainberg <morgan.fainb...@gmail.com> writes: > > > As I have been converting Zuul and NodePool to python3, I have had to do > a > > bunch of changes around encode() a

Re: [Openstack] [Keystone] Source IP address in tokens

On Jun 26, 2016 19:39, "林自均" wrote: > > Hi all, > > I have the following scenario: > > 1. On client machine A, a user obtains an auth token with a username and password. > 2. The user can use the auth token to do operations on client machine A. > 3. A thief steals the auth

Re: [Openstack] Release naming for P and Q open for nominations

Usually this is simply a "recommendation" phase, where the real clearance is handled before the poll is sent out to everyone. --Morgan On Wed, Jun 22, 2016 at 12:37 PM, Edward Leafe wrote: > On Jun 22, 2016, at 10:40 AM, Ed Leafe wrote: > > > >>

[OpenStack-Infra] [gear] Making Gear easier to consume ( less .encode() and .decode() )

As I have been converting Zuul and NodePool to python3, I have had to do a bunch of changes around encode() and decode() of strings since gear is (properly) an implementation of a protocol that requires binary data (rather than text_strings). What this has highlighted is that gear should be made

Re: [openstack-dev] [keystone][security] Service User Permissions

On Sun, Jun 19, 2016 at 6:51 PM, Adam Young wrote: > On 06/16/2016 02:19 AM, Jamie Lennox wrote: > > Thanks everyone for your input. > > I generally agree that there is something that doesn't quite feel right > about purely trusting this information to be passed from service

Re: [openstack-dev] [tempest][nova][defcore] Add option to disable some strict response checking for interop testing

On Wed, Jun 15, 2016 at 11:54 PM, Ken'ichi Ohmichi wrote: > This discussion was expected when we implemented the Tempest patch, > then I sent a mail to defcore comittee[1] > As the above ml, "A DefCore Guideline typically covers three OpenStack > releases". > That means

Re: [openstack-dev] [tempest][nova][defcore] Add option to disable some strict response checking for interop testing

On Jun 14, 2016 14:42, "Doug Hellmann" wrote: > > Excerpts from Matthew Treinish's message of 2016-06-14 15:12:45 -0400: > > On Tue, Jun 14, 2016 at 02:41:10PM -0400, Doug Hellmann wrote: > > > Excerpts from Matthew Treinish's message of 2016-06-14 14:21:27 -0400: > > > >

Re: [openstack-dev] [keystone] Changing the project name uniqueness constraint

On Jun 14, 2016 00:46, "Henry Nash" <henryna...@mac.com> wrote: > > On 14 Jun 2016, at 07:34, Morgan Fainberg <morgan.fainb...@gmail.com> > wrote: > > > > On Mon, Jun 13, 2016 at 3:30 PM, Henry Nash <henryna...@mac.com> wrote: > >> So, I

Re: [openstack-dev] [keystone] Changing the project name uniqueness constraint

ion around) what occurs if a project name is "changed" as project names are mutable, it would change the path; should project names become immutable? All of this means that current auth workflows *and* new "full_path" workflows play nicely and no compatibility is broken. We aren't

[openstack-dev] [tc][pbr][packaging][all] Definition of Data Files (config) in setup.cfg

There has been a bit of back[1] and forth[2][3][4][5] between at least one packaging group and a few folks who are trying to define data files (config) in the setup.cfg to aid/ease installation within virtual environments. >From what I can tell, there has been an issue with setuptools that makes

Re: [openstack-dev] [keystone][all] Incorporating performance feedback into the review process

s to consume. [1] http://logs.openstack.org/29/312929/16/check/gate-rally-dsvm-cinder/b7bab27/rally-plot/results.html.gz#/Authenticate.validate_cinder/overview Just my $0.02 on where we stand here. I feel like I've now contributed to a large derailing of this whole topic and will not be coming back to dis

Re: [openstack-dev] [keystone][all] Incorporating performance feedback into the review process

On Fri, Jun 10, 2016 at 3:26 PM, Lance Bragstad wrote: > >1. I care about performance. I just believe that a big hurdle has been >finding infrastructure that allows us to run performance tests in a >consistent manner. Dedicated infrastructure plays a big role in

Re: [openstack-dev] [keystone] Changing the project name uniqueness constraint

splay projects to the user (e.g. a home grown > UI) - then it might get confused until it supports 3.7 (i.e. asking for the > old microversion won’t help it) since all the names include the > hierarchical path. > > Just want to make sure we understand the implications…. > > H

Re: [openstack-dev] [keystone] Changing the project name uniqueness constraint

On Jun 3, 2016 12:42, "Lance Bragstad" wrote: > > > > On Fri, Jun 3, 2016 at 11:20 AM, Henry Nash wrote: >> >> >>> On 3 Jun 2016, at 16:38, Lance Bragstad wrote: >>> >>> >>> >>> On Fri, Jun 3, 2016 at 3:20 AM, Henry Nash

Re: [openstack-dev] [keystone][all] Incorporating performance feedback into the review process

On Jun 3, 2016 13:16, "Brant Knudson" wrote: > > > > On Fri, Jun 3, 2016 at 2:35 PM, Lance Bragstad wrote: >> >> Hey all, >> >> I have been curious about impact of providing performance feedback as part of the review process. From what I understand, keystone

[openstack-announce] [OSSA-2016-008] Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass (CVE-2016-4911)

(mitaka) release. -- Morgan Fainberg OpenStack Vulnerability Management Team signature.asc Description: OpenPGP digital signature ___ OpenStack-announce mailing list OpenStack-announce@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman

[Openstack] [OSSA-2016-008] Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass (CVE-2016-4911)

OSSA-2016-008: Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass :Date: May 23,

Re: [openstack-dev] [keystone] Who is going to fix the broken non-voting tests?

On Thu, May 26, 2016 at 7:55 AM, Adam Young wrote: > Some mix of these three tests is almost always failing: > > gate-keystone-dsvm-functional-nv FAILURE in 20m 04s (non-voting) > gate-keystone-dsvm-functional-v3-only-nv FAILURE in 32m 45s (non-voting) >

Re: [openstack-dev] [all][oslo_config] Improving Config Option Help Texts

On Wed, May 25, 2016 at 2:48 AM, Erno Kuvaja wrote: > On Tue, May 24, 2016 at 8:58 PM, John Garbutt > wrote: > >> On 24 May 2016 at 19:03, Ian Cordasco wrote: >> > -Original Message- >> > From: Erno Kuvaja

[openstack-dev] [keystone] New Core Reviewer (sent on behalf of Steve Martinelli)

I want to welcome Rodrigo Duarte (rodrigods) to the keystone core team. Rodrigo has been a consistent contributor to keystone and has been instrumental in the federation implementations. Over the last cycle he has shown an understanding of the code base and contributed quality reviews. I am super

Re: [openstack-dev] Plans to converge on one ldap client?

On Tue, May 24, 2016 at 8:55 AM, Corey Bryant <corey.bry...@canonical.com> wrote: > > > On Tue, May 24, 2016 at 11:11 AM, Morgan Fainberg < > morgan.fainb...@gmail.com> wrote: > >> >> >> On Tue, May 24, 2016 at 5:53 AM, Corey Bryant <core

Re: [openstack-dev] Plans to converge on one ldap client?

On Tue, May 24, 2016 at 5:53 AM, Corey Bryant wrote: > Hi All, > > Are there any plans to converge on one ldap client across projects? Some > projects have moved to ldap3 and others are using pyldap (both are in > global requirements). > > The issue we're running

Re: [openstack-dev] [all][tc] Languages vs. Scope of "OpenStack"

On Mon, May 23, 2016 at 4:28 PM, Gregory Haynes <g...@greghaynes.net> wrote: > On Mon, May 23, 2016, at 05:24 PM, Morgan Fainberg wrote: > > > > On Mon, May 23, 2016 at 2:57 PM, Gregory Haynes <g...@greghaynes.net> > wrote: > > On Fri, May 20, 2016, at 07:4

Re: [openstack-dev] [all][tc] Languages vs. Scope of "OpenStack"

On Mon, May 23, 2016 at 2:57 PM, Gregory Haynes wrote: > On Fri, May 20, 2016, at 07:48 AM, Thierry Carrez wrote: > > John Dickinson wrote: > > > [...] > > >> So the real question we need to answer is... where does OpenStack > > >> stop, and where does the wider open source

Re: [openstack-dev] [Keystone] Welcome Keystone to the World of Python 3

On Mon, May 23, 2016 at 12:03 PM, Doug Hellmann wrote: > Excerpts from Morgan Fainberg's message of 2016-05-23 11:55:48 -0700: > > On Mon, May 23, 2016 at 7:54 AM, Doug Hellmann > > wrote: > > > > > Excerpts from Morgan Fainberg's message of

Re: [openstack-dev] [Keystone] Welcome Keystone to the World of Python 3

On Mon, May 23, 2016 at 7:54 AM, Doug Hellmann wrote: > Excerpts from Morgan Fainberg's message of 2016-05-20 20:58:00 -0700: > > We've gone through all of our test cases and all of our code base. At > this > > point Keystone is no longer skipping any of the tests (which

[openstack-dev] [Keystone] Welcome Keystone to the World of Python 3

team involved in this multicycle effort. --Morgan -- Morgan Fainberg (notmorgan) __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http

Re: [openstack-dev] [all][tc] Languages vs. Scope of "OpenStack"

improving the leadership of OpenStack, we need to also work to have a clear product-vision (and I do not mean "product" as in something specifically sell-able). I think part of our issue and what is driving these conversations is a lack of clear product vision which is part of the

Re: [openstack-dev] [keystone] Newton midycle planning

On Tue, May 10, 2016 at 4:26 PM, Morgan Fainberg <morgan.fainb...@gmail.com> wrote: > On Wed, Apr 13, 2016 at 7:07 PM, Morgan Fainberg < > morgan.fainb...@gmail.com> wrote: > >> It is that time again, the time to plan the Keystone midcycle! Looking at >> the s

Re: [openstack-dev] [keystone][oslo][designate][zaqar][nova][swift] using pylibmc instead of python-memcached

On Fri, May 13, 2016 at 1:12 PM, Adam Young wrote: > On 05/13/2016 12:52 PM, Monty Taylor wrote: > >> On 05/13/2016 11:38 AM, Eric Larson wrote: >> >>> Monty Taylor writes: >>> >>> On 05/13/2016 08:23 AM, Mehdi Abaakouk wrote: > On Fri, May 13, 2016 at 02:58:08PM

Re: [openstack-dev] [Freezer] Replace Gnu Tar with DAR

On Fri, May 13, 2016 at 3:07 PM, Dieterly, Deklan wrote: > Does anybody see any issues if Freezer used DAR instead of Gnu Tar? DAR > seems to handle a particular use case that Freezer has while Gnu Tar does > not. > -- > Deklan Dieterly > > Senior Systems Software

Re: [openstack-dev] [keystone][oslo][designate][zaqar][nova][swift] using pylibmc instead of python-memcached

On Fri, May 13, 2016 at 6:23 AM, Mehdi Abaakouk wrote: > On Fri, May 13, 2016 at 02:58:08PM +0200, Julien Danjou wrote: > >> What's wrong with pymemcache, that we picked for tooz and are using for >> 2 years now? >> >> https://github.com/pinterest/pymemcache >> > > Looks like

Re: [openstack-dev] [keystone][oslo][designate][zaqar][nova][swift] using pylibmc instead of python-memcached

On May 13, 2016 05:32, "Kiall Mac Innes" wrote: > > Hey Dims, > > From what I remember, oslo.cache seemed unnecessarily complex to use > vs memcache's simplicity, and didn't have any usage docs[1] to help folks > get started using it. > > I can see there is some docs under the

Re: [openstack-dev] [keystone][oslo][designate][zaqar][nova][swift] using pylibmc instead of python-memcached

On May 13, 2016 05:25, "Mehdi Abaakouk" wrote: >>> >>> - Is anyone interested in using pylibmc in their project instead of >>> python-memcached? > > > This is not a real drop-in replacement, pylibmc.Client is not threadsafe > like python-memcached [1]. Aos it's written in C, it

Re: [openstack-dev] [keystone][oslo][designate][zaqar][nova][swift] using pylibmc instead of python-memcached

On May 13, 2016 04:36, "Davanum Srinivas" wrote: > > Steve, > > Couple of points: > > * We can add pylibmc to g-r and phase out python-memcached over a time period. > * If folks are using python-memcached, we should switch then over to > oslo.cache, then only oslo.cache will

[OpenStack-Infra] Please add me to the new ldappool gerrit groups.

Hi Openstack-Infra, Please at your earliest convenience add me to the new ldapppol groups in gerrit: My username: mdrnstm Groups: * ldappool-core https://review.openstack.org/#/admin/groups/1389 * ldappool-release https://review.openstack.org/#/admin/groups/1390 I'll work with the appropriate

Re: [openstack-dev] [cross-project][infra][keystone] Moving towards a Identity v3-only on Devstack - Next Steps

On Thu, May 12, 2016 at 10:42 AM, Sean Dague wrote: > We just had to revert another v3 "fix" because it wasn't verified to > work correctly in the gate - https://review.openstack.org/#/c/315631/ > > While I realize project-config patches are harder to test, you can do so > with a

Re: [OpenStack-Infra] CentOS 7 AFS mirror now live

On Wed, May 11, 2016 at 12:51 PM, Paul Belanger wrote: > I am happy to report our CentOS 7 AFS mirrors are now live[1]! Today we > are only > mirroring extras, os and updates. I don't think we need anything else, but > if we > do please let us know. > > The neat part of

Re: [openstack-dev] [keystone] Newton midycle planning

On Wed, Apr 13, 2016 at 7:07 PM, Morgan Fainberg <morgan.fainb...@gmail.com> wrote: > It is that time again, the time to plan the Keystone midcycle! Looking at > the schedule [1] for Newton, the weeks that make the most sense look to be > (not in preferential order): > > R

Re: [openstack-dev] [keystone] Token providers and Fernet as the default

On Tue, May 3, 2016 at 1:46 PM, Clint Byrum wrote: > Excerpts from Morgan Fainberg's message of 2016-05-03 11:13:38 -0700: > > On Tue, May 3, 2016 at 10:28 AM, Monty Taylor > wrote: > > > > > On 05/03/2016 11:47 AM, Clint Byrum wrote: > > > > > >>

  1   2   3   4   5   6   >