On Thursday 04 December 2014 19:08:06 Sean Dague wrote:
Sorry for the late announce, too much turkey and pie
This Friday, Dec 5th, we'll be talking with Steve Martinelli and David
Stanek about Keystone Authentication in OpenStack.
Wiki page says that the event will be Friday Dec 5th -
On Thursday 12 March 2015 12:24:57 Duncan Thomas wrote:
ubuntu@devstack-multiattach:~/devstack$ cinder-manage db sync
/usr/local/lib/python2.7/dist-packages/oslo_db/_i18n.py:19:
DeprecationWarning: The oslo namespace package is deprecated. Please use
oslo_i18n instead.
from oslo import i18n
bugreports. Filing a bug is
pretty easy ;) https://bugs.launchpad.net/oslo.db/+bug/1431268
On 12 March 2015 at 11:41, Boris Bobrov bbob...@mirantis.com wrote:
On Thursday 12 March 2015 12:24:57 Duncan Thomas wrote:
ubuntu@devstack-multiattach:~/devstack$ cinder-manage db sync
/usr/local/lib
tests and running them in in-memory sqlite was proven
ineffective.The only solution we've come to is to run all db-related tests
against real rdbmses.
--
Best regards,
Boris Bobrov
__
OpenStack Development Mailing List
in his cloud.
There is no known workaround for the bug.
--
Best regards,
Boris Bobrov
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
too.
--
Best regards,
Boris Bobrov
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo
On Friday 27 March 2015 17:14:28 Boris Bobrov wrote:
Hello,
As you know, keystone introduced non-persistent tokens in kilo -- Fernet
tokens. These tokens use Fernet keys, that are rotated from time to time. A
great description of key rotation and replication can be found on [0] and
[1
On Thursday 29 January 2015 22:06:25 Morgan Fainberg wrote:
I’d like to propose we stop setting the expectation that a downwards
migration is a “good idea” or even something we should really support.
Offering upwards-only migrations would also simplify the migrations in
general. This downward
On Friday 30 January 2015 01:01:00 Boris Bobrov wrote:
On Thursday 29 January 2015 22:06:25 Morgan Fainberg wrote:
I’d like to propose we stop setting the expectation that a downwards
migration is a “good idea” or even something we should really support.
Offering upwards-only migrations
was already accepted in master branch.
--
Best regards,
Boris Bobrov
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http
On Saturday 04 April 2015 03:55:59 Morgan Fainberg wrote:
I am looking forward to the Liberty cycle and seeing the special casing we
do for SQLite in our migrations (and elsewhere). My inclination is that we
should (similar to the deprecation of eventlet) deprecate support for
SQLite in
definitions?
These are standard HTTP codes:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Description in exceptions is given because one error code can be used for
several errors. Success codes always have one meaning.
--
Best regards,
Boris Bobrov
On Sat, Aug 1, 2015 at 3:41 PM, Clint Byrum cl...@fewbar.com wrote:
This too is overly complex and will cause failures. If you replace key 0,
you will stop validating tokens that were encrypted with the old key 0.
No. Key 0 is replaced after rotation.
Also, come on, does
On Saturday 01 August 2015 16:27:17 bdobre...@mirantis.com wrote:
I suggest to use pacemaker multistate clone resource to rotate and
rsync
fernet tokens from local directories across cluster nodes. The resource
prototype is described here
On Monday 03 August 2015 21:05:00 David Stanek wrote:
On Sat, Aug 1, 2015 at 8:03 PM, Boris Bobrov bbob...@mirantis.com
wrote:
On Sat, Aug 1, 2015 at 3:41 PM, Clint Byrum cl...@fewbar.com
wrote:
This too is overly complex and will cause failures. If you replace key
0,
you
On Tuesday 04 August 2015 08:06:21 Lance Bragstad wrote:
On Tue, Aug 4, 2015 at 1:37 AM, Boris Bobrov bbob...@mirantis.com wrote:
On Monday 03 August 2015 21:05:00 David Stanek wrote:
On Sat, Aug 1, 2015 at 8:03 PM, Boris Bobrov bbob...@mirantis.com
wrote:
Also, come on, does http
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Best regards,
Boris Bobrov
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org
as an overlay.
This would seem to solve the issue you outline?
As far as I understand the issue is that corps want to have users in read-only
LDAP and have an ability to create groups outside of LDAP, in SQL.
Am I right?
--
Best regards,
Boris Bobrov
l
> [2] http://developer.openstack.org/api-ref-identity-v3.html
> [3] https://blueprints.launchpad.net/keystone/+spec/pagination
--
Best regards,
Boris Bobrov
__
OpenStack Development Mailing List (not for us
There are 2 dimensions this discussion should happen in: web server and
application server. Now we use apache2 as web server and mod_wsgi as app
server.
I don't have a specific opinion on the app server (mod_wsgi vs uwsgi) and I
don't really care.
Regarding apache2 vs nginx. I don't see any
nd support mod_wsgi (which is
tightly integrated with apache) as an app server. We can still require
Apache and support uwsgi as an app server, without any changes to
federation.
--
Best regards,
Boris Bobrov
__
Hi,
Try passing --os-identity-api-version=3 to `openstack`. Or set env
variable OS_IDENTITY_API_VERSION=3.
On 07/19/2016 09:56 PM, Nasim, Kam wrote:
Hi folks,
I have been trying to modify the default RBAC policies in keystone/policy.json
however my policy changes don't seem to be
Also, you might need to change OS_AUTH_URL to /v3/ or to unversioned.
Policy works only with v3 api. In v2 you are either admin or user, and
there are no policies or roles.
On 07/19/2016 10:08 PM, Boris Bobrov wrote:
Hi,
Try passing --os-identity-api-version=3 to `openstack`. Or set env
On Wednesday 29 June 2016 15:53:15 Kairat Kushaev wrote:
> Hi,
> Looks like this bug is duplicate of
> https://bugs.launchpad.net/oslo.cache/+bug/1590779
Looks like it.
> HTH
>
> Best regards,
> Kairat Kushaev
>
> On Wed, Jun 29, 2016 at 3:32 PM, Jeffrey Zhang
>
>
I would like to talk about it too.
On 02/10/2017 11:56 PM, Matt Riedemann wrote:
> Operators want hierarchical quotas [1]. Nova doesn't have them yet and
> we've been hesitant to invest scarce developer resources in them since
> we've heard that the implementation for hierarchical quotas in
Hi,
This:
http://eavesdrop.openstack.org/meetings/keystone/2017/keystone.2017-01-24-18.01.log.html#l-304
On 02/08/2017 11:36 PM, Kendall Nelson wrote:
> Hello All!
>
> So I am sure we've all seen it: people writing terminal commands into our
> project channels, misusing '/' commands, etc. But
Hello,
I wonder if it would be worth integrating ospurge into openstackclient.
Are there any osc sessions planned at the summit?
On 09/07/2016 04:05 PM, John Davidge wrote:
Hello,
During the Mitaka cycle we merged a new feature into the
python-neutronclient called ’neutron purge’. This
Hello,
in addition to this, please, PLEASE stop creating 'all project bugs'. i
don't want to get emails on updates to projects unrelated to the ones i
care about. also, it makes updating the bug impossible because it times
out. i'm too lazy to search ML but this has been raise before, please
/16, 7:35 AM, "Boris Bobrov" <bbob...@mirantis.com> wrote:
Hello,
> in addition to this, please, PLEASE stop creating 'all project bugs'. i
> don't want to get emails on updates to projects unrelated to the ones i
> care about. also, it makes updating t
Hi,
At any rate, would be great to know, and if there isn't a strong reason
against it we can make project name 255 for some more flexibility.
Plus although there is no true official standard, most projects in
OpenStack seem to use 255 as the default for a lot of string fields.
Weirdly enough,
Hi,
On 12/05/2016 09:20 PM, Andrey Grebennikov wrote:
> Hi keystoners,
> I'd like to open the discussion about the little feature which I'm
> trying to push forward for a while but I need some
> feedbacks/opinions/concerns regarding this.
> Here is the review I'm talking
> about
On 12/06/2016 01:46 AM, Andrey Grebennikov wrote:
> Hi,
>
> On 12/05/2016 09:20 PM, Andrey Grebennikov wrote:
> > Hi keystoners,
> > I'd like to open the discussion about the little feature which I'm
> > trying to push forward for a while but I need some
> >
"What were you trying to accomplish with keystone but failed"
"What functionality in keystone did you try to use but it wasn't good
enough"
"In your opinion, what in keystone requires most attention"
with choices "federation", "performance", "policy", "backend support"
and some other options.
On
On 03/15/2017 10:06 PM, Jay Pipes wrote:
> +Boris B
>
> On 03/15/2017 02:55 PM, Fox, Kevin M wrote:
>> I think they are. If they are not, things will break if federation is
>> used for sure. If you know that it is please let me know. I want to
>> deploy federation at some point but was waiting
Hi,
Please paste your mapping to paste.openstack.org
On 03/09/2017 02:07 AM, Evan Bollig PhD wrote:
> I am on Ocata with Shibboleth auth enabled. I noticed that Federated
> users with the admin role no longer have authorization to use the
> Admin** panels in Horizon related to Nova, Cinder and
-E
>> --
>> Evan F. Bollig, PhD
>> Scientific Computing Consultant, Application Developer | Scientific
>> Computing Solutions (SCS)
>> Minnesota Supercomputing Institute | msi.umn.edu
>> University of Minnesota | umn.edu
>> boll0...@umn.edu | 612-624-
-E
>> --
>> Evan F. Bollig, PhD
>> Scientific Computing Consultant, Application Developer | Scientific
>> Computing Solutions (SCS)
>> Minnesota Supercomputing Institute | msi.umn.edu
>> University of Minnesota | umn.edu
>> boll0...@umn.edu | 612-624-
Hi,
On 13.09.2017 18:54, Adrian Turjak wrote:
> Hello Keystone devs!
>
> I've been playing with some policy changes and realised that the trust
> policy rules were mostly blank. Which, based on how the policy logic
> works means that any authed user can list trusts:
>
Hi,
> On 12/07/2017 12:27 PM, Colleen Murphy wrote:
>> On Thu, Dec 7, 2017 at 5:37 PM, Pavlo Shchelokovskyy
>> wrote:
>>> Hi all,
>>>
>>> We have a following use case - several independent keystones (say KeyA and
>>> KeyB), using fernet tokens and synchronized
Hi,
Have a look at how openstackclient does this. Read this code:
https://github.com/openstack/python-openstackclient/blob/master/openstackclient/identity/v3/catalog.py#L43
and then this code:
https://github.com/openstack/osc-lib/blob/master/osc_lib/clientmanager.py#L239
On 09.12.2017 04:15,
Hey!
I don't work on Keystone as much as I used to any more, so i'm
stepping down from core reviewers.
Don't expect to get rid of me though. I still work on OpenStack-related
stuff and i will annoy you all in #openstack-keystone and in other IRC
channels.
Hi,
What is expected from people at the booth?
On 24.01.2018 15:55, Rich Bowen wrote:
> We have a table at FOSDEM, and we desperately need people to sign up to
> staff it.
>
> https://etherpad.openstack.org/p/fosdem-2018
>
> If you have an hour free at FOSDEM, please join us. Ideally, we need
42 matches
Mail list logo