[openstack-dev] [keystone] no policy meeting today

2017-07-05 Thread Lance Bragstad
Hey all, Given the empty agenda [0] and the holiday, we will cancel the policy meeting this week. We'll pick up again next week. Thanks [0] https://etherpad.openstack.org/p/keystone-policy-meeting signature.asc Description: OpenPGP digital signature

Re: [openstack-dev] [tc][all][ptl] Most Supported Queens Goals and Improving Goal Completion

2017-07-05 Thread Lance Bragstad
On 06/30/2017 04:38 AM, Thierry Carrez wrote: > Mike Perez wrote: >> [...] >> What do people think before we bikeshed on the name? Would having a >> champion volunteer to each goal to help? > It feels like most agree that having champions would help. Do we have > any volunteer for the

[openstack-dev] [keystone] removing domain configuration upload via keystone-manage

2017-06-27 Thread Lance Bragstad
Hi all, Keystone has deprecated the domain configuration upload capability provided through `keystone-manage`. We discussed it's removal in today's meeting [0] and wanted to send a quick note to the operator list. The ability to upload a domain config into keystone was done as a stop-gap until

[openstack-dev] [keystone] deprecating and removing tools/sample_data.sh

2017-07-05 Thread Lance Bragstad
Hi all, Keystone has a script to perform some bootstrapping operations [0]. It's not really tested and its purpose has been superseded by using the `keystone-manage bootstrap` command. Based on codesearch, only openstack/rpm-packaging references the script [1]. Is anyone opposed to the

[openstack-dev] [keystone] forum session etherpads

2017-04-26 Thread Lance Bragstad
Hi all, I've created the etherpads for our sessions and linked them to the wiki [0]. I've bootstrapped them with basic content and they are ready to be bookmarked! If you'd like to help flesh out the agendas for any of those sessions, just ping me. Thanks! [0]

Re: [openstack-dev] [keystone] mascot v2.0

2017-04-26 Thread Lance Bragstad
to bump up the timeline for this and add Heidi to the thread. That way she is aware of any feedback we want to give. If we don't have any feedback by tomorrow, we will default to the mascot we already have. Thanks! On Mon, Apr 24, 2017 at 9:13 AM, Lance Bragstad <lbrags...@gmail.com> wrote: &

[openstack-dev] [keystone] mascot v2.0

2017-04-24 Thread Lance Bragstad
Based on some feedback of the original mascot, the Foundation passed along another revision that incorporates a keyhole into the turtle shell. There are two versions [0] [1]. We can choose to adopt one of the new formats, or stick with the one we already have. I have it on our agenda for

Re: [openstack-dev] [keystone][api] Backwards incompatible changes based on config

2017-08-04 Thread Lance Bragstad
gt;> >> On Fri, Aug 04, 2017 at 03:35:38PM -0400, William M Edmonds wrote: >>> Lance Bragstad <lbrags...@gmail.com> wrote on 08/04/2017 02:37:40 PM: >>>> Properly fixing this would result in a 403 -> 204 status code, which >>>> requires an AP

[openstack-dev] [keystone] [keystone] [ptl] PTL candidacy for Queens

2017-08-04 Thread Lance Bragstad
* Hi all, ** I'd like to formally communicate my desire to continue serving as the keystone PTL for the upcoming Queen’s release. Despite some turbulence throughout the Pike development cycle, keystone has managed to make progress on some long standing issues. Even though the pace of

[openstack-dev] [keystone][api] Backwards incompatible changes based on config

2017-08-04 Thread Lance Bragstad
Keystone had a bug reported [0] recently (that we are targeting to pike-rc1) that exposes an inconsistency in the API based on configuration. The happy path is as follows: - a deployment is configured to store projects (controlled by the resource backend) and users (controlled by the identity

[openstack-dev] [keystone] office hours report 2017-08-08

2017-08-08 Thread Lance Bragstad
Hi all, Today we had good focus on RC1 bugs. We spent most of the keystone meeting and all of office hours discussing or reviewing fixes. Full logs can be found at the bottom of the note [0]. Here's a summary of what we accomplished: Bug #1674676 in OpenStack Identity (keystone): "The URL

[openstack-dev] [keystone][policy] no policy meeting today 2017-08-02

2017-08-02 Thread Lance Bragstad
A lot of the team is focused on getting pike-rc1 out the door and reviews. The agenda is also empty. Let's cancel today and pick up next week or shortly before the PTG to organize our policy sessions there. Thanks, Lance signature.asc Description: OpenPGP digital signature

Re: [openstack-dev] [OpenStack-Ansible] Not running for Queens PTL

2017-08-02 Thread Lance Bragstad
I couldn't agree more with what others have already said. It's been awesome to see positive things come out of close communication between deployment projects and other project teams. I look forward to seeing the pattern and precedence continue! On 07/31/2017 12:59 PM, Amy Marrich wrote: > Andy,

Re: [openstack-dev] [keystone][api] Backwards incompatible changes based on config

2017-08-07 Thread Lance Bragstad
ote: > On Fri, 4 Aug 2017, Lance Bragstad wrote: >> On 08/04/2017 03:45 PM, Kristi Nikolla wrote: >>> Therefore the call which now returns a 403 in master, returned a 2xx in >>> Ocata. So we would be fixing something which is broken on master rather >>> than

[openstack-dev] [keystone] office hours report 2017-08-22

2017-08-22 Thread Lance Bragstad
Today we realized we're going to need to cut a new release candidate due to some confusion around release notes. Particularly the ones for Pike. We spent the majority of office hours fixing and reviewing those patches. Full logs from office hours can be found here [0]. Thanks for all the quick

[openstack-dev] [keystone][forum] BM/VM session conflict with project workshop

2017-05-03 Thread Lance Bragstad
Looking through the schedule of keystone-tagged sessions, it appears we have a conflict between one of the BM/VM sessions [0] and keystone's project on-boarding session [1]. I wouldn't be opposed to shuffling, but I assume it's too late for that? If we can get a good idea of who is going to show

[openstack-dev] [keystone] Colleen Murphy for core

2017-05-02 Thread Lance Bragstad
Hey folks, During today's keystone meeting we added another member to keystone's core team. For several releases, Colleen's had a profound impact on keystone. Her reviews are meticulous and of incredible quality. She has no hesitation to jump into keystone's most confusing realms and as a result

[openstack-dev] [keystone] No meeting next week (2017-05-09)

2017-05-02 Thread Lance Bragstad
Just a reminder that we won't have a meeting next week since it will be the week of the Forum in Boston. Our next meeting will be on May 16th. See you then! __ OpenStack Development Mailing List (not for usage questions)

[openstack-dev] [keystone] No policy meeting next week (2017-05-10)

2017-05-03 Thread Lance Bragstad
Next week is the Forum, so we'll forego the the policy meeting in favor of some face-to-face discussions. Let's pick back up with policy recaps on the 17th of May. Thanks, Lance __ OpenStack Development Mailing List (not

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

2017-05-15 Thread Lance Bragstad
On Sun, May 14, 2017 at 11:59 AM, Monty Taylor <mord...@inaugust.com> wrote: > On 05/11/2017 02:32 PM, Lance Bragstad wrote: > >> Hey all, >> >> One of the Baremetal/VM sessions at the summit focused on what we need >> to do to make OpenStack more cons

Re: [openstack-dev] [nova] [glance] [cinder] [neutron] [keystone] - RFC cross project request id tracking

2017-05-15 Thread Lance Bragstad
On Mon, May 15, 2017 at 6:20 AM, Sean Dague wrote: > On 05/15/2017 05:59 AM, Andrey Volkov wrote: > > > >> The last time this came up, some people were concerned that trusting > >> request-id on the wire was concerning to them because it's coming from > >> random users. > > > >

Re: [openstack-dev] [keystone] [Pile] Need Exemption On Submitted Spec for the Keystone

2017-05-16 Thread Lance Bragstad
That sounds good - I'll review the spec before today's meeting [0]. Will someone be around to answer questions about the spec if there are any? [0] http://eavesdrop.openstack.org/#Keystone_Team_Meeting On Mon, May 15, 2017 at 11:24 PM, Mh Raies wrote: > Hi Lance, > > >

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

2017-05-16 Thread Lance Bragstad
On Tue, May 16, 2017 at 8:54 AM, Monty Taylor <mord...@inaugust.com> wrote: > On 05/16/2017 05:39 AM, Sean Dague wrote: > >> On 05/15/2017 10:00 PM, Adrian Turjak wrote: >> >>> >>> >>> On 16/05/17 13:29, Lance Bragstad wrote: >>> &

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

2017-05-15 Thread Lance Bragstad
On Mon, May 15, 2017 at 7:07 PM, Adrian Turjak <adri...@catalyst.net.nz> wrote: > > On 16/05/17 01:09, Lance Bragstad wrote: > > > > On Sun, May 14, 2017 at 11:59 AM, Monty Taylor <mord...@inaugust.com> > wrote: > >> On 05/11/2017 02:32 PM, Lance B

[openstack-dev] [all][keystone][product] api keys/application specific passwords

2017-05-11 Thread Lance Bragstad
Hey all, One of the Baremetal/VM sessions at the summit focused on what we need to do to make OpenStack more consumable for application developers [0]. As a group we recognized the need for application specific passwords or API keys and nearly everyone (above 85% is my best guess) in the session

Re: [openstack-dev] [all] Policy rules for APIs based on "domain_id"

2017-06-20 Thread Lance Bragstad
Domain support hasn't really been adopted across various OpenStack projects, yet. Ocata was the first release where we had a v3-only jenkins job set up for projects to run against (domains are a v3-only concept in keystone and don't really exist in v2.0). I think it would be great to push on some

Re: [openstack-dev] [all][tc] Turning TC/UC workgroups into OpenStack SIGs

2017-06-21 Thread Lance Bragstad
On 06/21/2017 11:55 AM, Matt Riedemann wrote: > On 6/21/2017 11:17 AM, Shamail Tahir wrote: >> >> >> On Wed, Jun 21, 2017 at 12:02 PM, Thierry Carrez >> > wrote: >> >> Shamail Tahir wrote: >> > In the past, governance has helped (on

Re: [openstack-dev] [tc][all][ptl] Most Supported Queens Goals and Improving Goal Completion

2017-06-22 Thread Lance Bragstad
On 06/22/2017 12:57 PM, Mike Perez wrote: > Hey all, > > In the community wide goals, we started as a group discussing goals at > the OpenStack Forum. Then we brought those ideas to the mailing list > to continue the discussion and include those that were not able to be > at the forum. The

Re: [openstack-dev] [tc][all] Move away from meeting channels

2017-06-26 Thread Lance Bragstad
On 06/26/2017 08:58 AM, Chris Dent wrote: > On Mon, 26 Jun 2017, Flavio Percoco wrote: > >> So, should we let teams to host IRC meetings in their own channels? > > Yes. +1 > >> Thoughts? > > I think the silo-ing concern is, at least recently, not relevant on > two fronts: IRC was never a good

Re: [openstack-dev] [keystone] New Office Hours Proposal

2017-06-26 Thread Lance Bragstad
According to the poll results, office hours will be moved to Tuesday 19:00 - 22:00 UTC. We'll officially start tomorrow after the keystone meeting. Thanks for putting together and advertising the poll, Harry! On 06/20/2017 02:30 PM, Harry Rybacki wrote: > Greetings All, > > We would like to

[openstack-dev] [keystone] documentation migration and consolidation

2017-06-26 Thread Lance Bragstad
Hey all, We recently merged the openstack-manuals admin-guide into keystone [0] and there is a lot of duplication between the admin-guide and keystone's "internal" operator-guide [1]. I've started proposing small patches to consolidate the documentation from the operator-guide to the official

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

2017-05-18 Thread Lance Bragstad
On Thu, May 18, 2017 at 9:39 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > > > On Thu, May 18, 2017 at 8:45 AM, Sean Dague <s...@dague.net> wrote: > >> On 05/18/2017 09:27 AM, Doug Hellmann wrote: >> > Excerpts from Adrian Turjak's message of 2017-05-18

Re: [openstack-dev] [all][keystone][product] api keys/application specific passwords

2017-05-18 Thread Lance Bragstad
On Thu, May 18, 2017 at 8:45 AM, Sean Dague wrote: > On 05/18/2017 09:27 AM, Doug Hellmann wrote: > > Excerpts from Adrian Turjak's message of 2017-05-18 13:34:56 +1200: > > > >> Fully agree that expecting users of a particular cloud to understand how > >> the policy stuff works

Re: [openstack-dev] [doc][ptls][all] Documentation publishing future

2017-05-23 Thread Lance Bragstad
I'm in favor of option #1. I think it encourages our developers to become better writers with guidance from the docs team. While ensuring docs are proposed prior to merging the implementation cross-repository is totally possible, I think #1 makes that flow easier. Thanks for putting together the

[openstack-dev] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-24 Thread Lance Bragstad
Hey all, To date we have two proposed solutions for tackling the admin-ness issue we have across the services. One builds on the existing scope concepts by scoping to an admin project [0]. The other introduces global role assignments [1] as a way to denote elevated privileges. I'd like to get

Re: [openstack-dev] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-24 Thread Lance Bragstad
stone/blob/3d033df1c0fdc6cc9d2b02a702efca286371f2bd/etc/keystone.conf.sample#L2334-L2342 On Wed, May 24, 2017 at 10:35 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > Hey all, > > To date we have two proposed solutions for tackling the admin-ness issue > we have acr

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-26 Thread Lance Bragstad
On Fri, May 26, 2017 at 5:32 AM, Sean Dague wrote: > On 05/26/2017 03:44 AM, John Garbutt wrote: > > +1 on not forcing Operators to transition to something new twice, even > > if we did go for option 3. > > > > Do we have an agreed non-distruptive upgrade path mapped out yet?

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-26 Thread Lance Bragstad
On Fri, May 26, 2017 at 9:31 AM, Sean Dague <s...@dague.net> wrote: > On 05/26/2017 10:05 AM, Lance Bragstad wrote: > > > > > > On Fri, May 26, 2017 at 5:32 AM, Sean Dague <s...@dague.net > > <mailto:s...@dague.net>> wrote: > > > >

[openstack-dev] [keystone] deprecating the policy and credential APIs

2017-05-26 Thread Lance Bragstad
At the PTG in Atlanta, we talked about deprecating the policy and credential APIs. The policy API doesn't do anything and secrets shouldn't be stored in credential API. Reasoning and outcomes can be found in the etherpad from the session [0]. There was some progress made on the policy API [1], but

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-25 Thread Lance Bragstad
igration you're willing to make. This might be a loaded question and it will vary across deployments, but how long would you expect that migration to take for you're specific deployment(s)? -m > > > > > On Thu, 2017-05-25 at 10:42 +1200, Adrian Turjak wrote: > > > > On 25

Re: [openstack-dev] [all] Onboarding rooms postmortem, what did you do, what worked, lessons learned

2017-05-19 Thread Lance Bragstad
Project: Keystone Attendees: 12 - 15 We conflicted with one of the Baremetal/VM sessions I attempted to document most of the session in my recap [0]. We started out by doing a round-the-room of introductions so that folks could put IRC nicks to faces (we also didn't have a packed room so this

Re: [openstack-dev] [Keystone] Cockroachdb for Keystone Multi-master

2017-05-19 Thread Lance Bragstad
On Thu, May 18, 2017 at 6:43 PM, Curtis wrote: > On Thu, May 18, 2017 at 4:13 PM, Adrian Turjak > wrote: > > Hello fellow OpenStackers, > > > > For the last while I've been looking at options for multi-region > > multi-master Keystone, as well as

[openstack-dev] [keystone][nova][cinder][policy] policy meeting tomorrow

2017-05-16 Thread Lance Bragstad
Hey folks, Sending out a reminder that we will have the policy meeting tomorrow [0]. The agenda [1] is already pretty full but we are going to need cross-project involvement tomorrow considering the topics and impacts. I'll be reviewing policy things in the morning so if anyone has questions or

Re: [openstack-dev] [kolla][osprofiler][keystone][neutron][nova] osprofiler in paste deploy files

2017-05-30 Thread Lance Bragstad
On Mon, May 29, 2017 at 4:08 AM, Matthieu Simonin wrote: > Hello, > > I'd like to have more insight on OSProfiler support in paste-deploy files > as it seems not similar across projects. > As a result, the way you can enable it on Kolla side differs. Here are > some

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-31 Thread Lance Bragstad
/build/html/specs/keystone/ongoing/global-roles.html On Wed, May 31, 2017 at 9:10 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > > > On Fri, May 26, 2017 at 10:21 AM, Sean Dague <s...@dague.net> wrote: > >> On 05/26/2017 10:44 AM, Lance Bragstad wrote: >>

[openstack-dev] [tc][ptls][all] Potential Queens Goal: Move policy and policy docs into code

2017-06-01 Thread Lance Bragstad
Hi all, I've proposed a community-wide goal for Queens to move policy into code and supply documentation for each policy [0]. I've included references to existing documentation and specifications completed by various projects and attempted to lay out the benefits for both developers and

Re: [openstack-dev] [Keystone] Cockroachdb for Keystone Multi-master

2017-06-01 Thread Lance Bragstad
On Thu, Jun 1, 2017 at 3:46 PM, Andrey Grebennikov < agrebenni...@mirantis.com> wrote: > We had a very similar conversation multiple times with Keystone cores > (multi-site Keystone). > Geo-rep Galera was suggested first and it was immediately declined (one of > the reasons was the case of

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-06-08 Thread Lance Bragstad
. Thanks for all the feedback and patience. [0] https://review.openstack.org/#/c/464763/ On Tue, Jun 6, 2017 at 4:39 PM, Marc Heckmann <marc.heckm...@ubisoft.com> wrote: > On Tue, 2017-06-06 at 17:01 -0400, Erik McCormick wrote: > > On Tue, Jun 6, 2017 at 4:44 PM, Lance B

Re: [openstack-dev] [all] etcd3 as base service - update

2017-06-08 Thread Lance Bragstad
After digging into etcd a bit, one place this might be help deployer experience would be the handling of fernet keys for token encryption in keystone. Currently, all keys used to encrypt and decrypt tokens are kept on disk for each keystone node in the deployment. While simple, it requires

Re: [openstack-dev] [all] etcd3 as base service - update

2017-06-08 Thread Lance Bragstad
On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi <emil...@redhat.com> wrote: > On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > > After digging into etcd a bit, one place this might be help deployer > > experience would be the han

[openstack-dev] [keystone] Specification Freeze

2017-06-08 Thread Lance Bragstad
Happy Stanley-Cup-Playoff-Game-5 Day, Sending out a quick reminder that tomorrow is specification freeze. I'll be making a final push for specifications that target Pike work tomorrow. I'd also like to merge others to backlog as we see fit. By EOD tomorrow, I'll go through and put procedural

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-06-06 Thread Lance Bragstad
> >> On Fri, May 26, 2017 at 2:52 AM, joehuang <joehu...@huawei.com> wrote: >> >>> I think a option 2 is better. >>> >>> Best Regards >>> Chaoyi Huang (joehuang) >>> -- >>> *From:* Lance Bragstad [lb

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-06-06 Thread Lance Bragstad
/ On Tue, Jun 6, 2017 at 10:01 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > I replied to John, but directly. I'm sending the responses I sent to him > but with the intended audience on the thread. Sorry for not catching that > earlier. > > > On Fri, May 26, 2017 at

Re: [openstack-dev] [release][glance][barbican][telemetry][keystone][designate][congress][magnum][searchlight][swift][tacker] unreleased libraries

2017-06-09 Thread Lance Bragstad
We have a review in flight to release python-keystoneclient [0]. Thanks for the reminder! [0] https://review.openstack.org/#/c/472667/ On Fri, Jun 9, 2017 at 9:39 AM, Doug Hellmann wrote: > We have several teams with library deliverables that haven't seen > any releases

Re: [openstack-dev] [release][glance][barbican][telemetry][keystone][designate][congress][magnum][searchlight][swift][tacker] unreleased libraries

2017-06-09 Thread Lance Bragstad
Just pushed a release for pycadf as well [1]. [1] https://review.openstack.org/#/c/472717/ On Fri, Jun 9, 2017 at 9:43 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > We have a review in flight to release python-keystoneclient [0]. Thanks > for the reminder! &

Re: [openstack-dev] [all] etcd3 as base service - update

2017-06-09 Thread Lance Bragstad
On Fri, Jun 9, 2017 at 9:57 AM, Mike Bayer <mba...@redhat.com> wrote: > > > On 06/08/2017 01:34 PM, Lance Bragstad wrote: > >> After digging into etcd a bit, one place this might be help deployer >> experience would be the handling of fernet keys for token encryp

Re: [openstack-dev] [all] etcd3 as base service - update

2017-06-09 Thread Lance Bragstad
On Fri, Jun 9, 2017 at 11:17 AM, Clint Byrum <cl...@fewbar.com> wrote: > Excerpts from Lance Bragstad's message of 2017-06-08 16:10:00 -0500: > > On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi <emil...@redhat.com> > wrote: > > > > > On Thu, Jun 8,

Re: [openstack-dev] [rally][no-admin] Finally Rally can be run without admin user

2017-06-14 Thread Lance Bragstad
On Tue, Jun 13, 2017 at 3:51 PM, Morgan Fainberg wrote: > On Tue, Jun 13, 2017 at 1:04 PM, Boris Pavlovic wrote: > > Hi stackers, > > > > Intro > > > > Initially Rally was targeted for developers which means running it from > > admin was OK. > >

[openstack-dev] [keystone] session etherpads

2017-05-07 Thread Lance Bragstad
Hey all, We have a couple sessions to start off the week and I wanted to send out the links to the etherpads [0] [1] [2]. Let me know if you have any questions. Otherwise feel free to catch up or pre-populate the etherpads with content if you have any. Thanks! [0]

[openstack-dev] [keystone][nova][policy] policy goals and roadmap

2017-05-04 Thread Lance Bragstad
Hi all, I spent some time today summarizing a discussion [0] about global roles. I figured it would help build some context for next week as there are a couple cross project policy/RBAC sessions at the Forum. The first patch is a very general document trying to nail down our policy goals [1].

Re: [openstack-dev] [all][ptl][goals] Community goals for Queen

2017-05-06 Thread Lance Bragstad
For scheduling purposes, here is a link to the session [0]. [0] https://www.openstack.org/summit/boston-2017/summit-schedule/events/18732/queens-goals On Sat, May 6, 2017 at 5:36 PM, Matt Riedemann wrote: > On 5/5/2017 8:23 PM, Sean Dague wrote: > >> On 05/05/2017 05:09

Re: [openstack-dev] [keystone][horizon] weekly meeting

2017-05-04 Thread Lance Bragstad
nstack.org/p/ocata-keystone-horizon > > On Thu, Apr 20, 2017 at 3:46 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > >> I wonder if the meeting tooling supports a monthly cadence? >> >> On Thu, Apr 20, 2017 at 2:42 PM, Rob Cresswell < >> robert.cressw

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-05-31 Thread Lance Bragstad
On Fri, May 26, 2017 at 10:21 AM, Sean Dague <s...@dague.net> wrote: > On 05/26/2017 10:44 AM, Lance Bragstad wrote: > > > Interesting - I guess the way I was thinking about it was on a per-token > > basis, since today you can't have a single token represent mu

Re: [openstack-dev] [Openstack-operators] [keystone][nova][cinder][glance][neutron][horizon][policy] defining admin-ness

2017-06-06 Thread Lance Bragstad
On Tue, Jun 6, 2017 at 3:06 PM, Marc Heckmann <marc.heckm...@ubisoft.com> wrote: > Hi, > > On Tue, 2017-06-06 at 10:09 -0500, Lance Bragstad wrote: > > Also, with all the people involved with this thread, I'm curious what the > best way is to get consensus. If I've tallie

[openstack-dev] [all] policy in code burndown chart

2017-09-19 Thread Lance Bragstad
Hey all, The upgrade to Gerrit 2.13.9 affected a script I was using to generate the burndown chart by querying the REST api. I've pushed a fix [0] and it should be working again in case you weren't seeing your project being reflected in the burndown [1]. Let me know if you have any additional

Re: [openstack-dev] [all] dashboard query changes since upgrade

2017-09-19 Thread Lance Bragstad
I should have read this thread before starting a new one [0]. The query bits sound somewhat similar to what I experienced with a script to generate a burndown chart, but querying a topic instead. [0] http://lists.openstack.org/pipermail/openstack-dev/2017-September/122315.html On 09/19/2017

[openstack-dev] [keystone] [policy] policy meeting 2017-09-20

2017-09-19 Thread Lance Bragstad
Hey all, I won't be available to run the policy meeting tomorrow. It doesn't look like there is anything posted to the agenda yet [0]. If someone feels like hosting it, please feel free to do so. I'll catch the scroll back afterwords. Thanks, Lance [0]

Re: [openstack-dev] Garbage patches for simple typo fixes

2017-09-22 Thread Lance Bragstad
On Sep 22, 2017 07:59, "Matt Riedemann" wrote: On 9/22/2017 9:50 AM, Rajath Agasthya (rajagast) wrote: > On 9/21/17, 10:19 PM, "Jeremy Freudberg" > wrote: > > 3) Delay spin-up of resource-intensive/long-running CI jobs until after > some >

[openstack-dev] [keystone] office hours report 2017-10-03

2017-10-06 Thread Lance Bragstad
Hey all, The following was done during office hours this week: Bug #1698455 in OpenStack Identity (keystone): "Install and configure in Installation Guide: Populate the Identity service database step fails on CentOS7" https://bugs.launchpad.net/keystone/+bug/1698455 Triaged and tagged Bug

Re: [openstack-dev] [keystone][zuul] A Sad Farewell

2017-10-02 Thread Lance Bragstad
+1,000 to all of what Steve said. It's still tough for me to wrap my head around all the client/library work you shouldered. Your experience, perspective, and insight will certainly be missed. Thanks for being an awesome member of this community and best of luck on the new gig, they're lucky to

[openstack-dev] [policy] AWS IAM session

2017-10-03 Thread Lance Bragstad
Hey all, It was mentioned in today's keystone meeting [0] that it would be useful to go through AWS IAM (or even GKE) as a group. With all the recent policy discussions and work, it seems useful to get our eyes on another system. The idea would be to spend time using a video conference/screen

Re: [openstack-dev] [tc][election] Question for all candidates in TC election: What will you do if you don't win?

2017-10-16 Thread Lance Bragstad
On 10/16/2017 09:09 AM, Amrith Kumar wrote: > In a recent conversation on #openstack-tc where we bemoaned the ills > of Stackalytics and related management-by-objectives to Heisenberg's > uncertainty principle, the conversation (on 10-03, for example) veered > towards why people were interested

[openstack-dev] [keystone] specification proposal freeze deadline

2017-10-16 Thread Lance Bragstad
Hey all, Sending out a reminder that keystone's specification proposal freeze deadline is this week. We're still in the process of getting formal dates merged to the schedule [0], but this is roughly the same time line we use every release. Let me know if you have any questions. Thanks! [0]

Re: [openstack-dev] [policy] AWS IAM session

2017-10-16 Thread Lance Bragstad
Sending out a gentle reminder to vote for time slots that work for you [0]. We'll keep the poll open for a few more days, or until we reach quorum. Thanks! [0] https://beta.doodle.com/poll/ntkpzgmcv3k6v5qu On 10/11/2017 01:48 PM, Lance Bragstad wrote: > Oh - one note about the doodle [0].

Re: [openstack-dev] [all] [oslo] schedule for Denver PTG is ready !

2017-09-08 Thread Lance Bragstad
around in the morning, pending the Application Credentials discussion. [0] https://etherpad.openstack.org/p/queens-PTG-vmbm On 09/05/2017 09:15 PM, Lance Bragstad wrote: > Thanks! That should work. We have a couple things set up with the > baremetal/VM SIG [0] during that time, but I don't

[openstack-dev] [keystone] Blueprints for Queens

2017-08-30 Thread Lance Bragstad
Now that Pike is out the door (big thanks to everyone for helping!), I've create the deprecated-as-of-queen [0] and removed-as-of-queens [1] blueprints. Feel free to use them as needed now that Queens is underway. Thanks! [0]

Re: [openstack-dev] [all] [oslo] schedule for Denver PTG is ready !

2017-09-05 Thread Lance Bragstad
you still have conflicts :-) > > [1] https://etherpad.openstack.org/p/oslo-ptg-queens > > 2017-09-02 6:16 GMT+08:00 Lance Bragstad <lbrags...@gmail.com>: > >> Thanks for the schedule! I should be somewhat available Monday afternoon >> for the policy deprecation discussion

Re: [openstack-dev] [keystone] [nova] [neutron] [cinder] [ironic] [glance] [swift] Baremetal/VM SIG PTG Schedule/Etherpad

2017-09-07 Thread Lance Bragstad
know it's a bit late, but I'd like to have the schedule pretty well set by the weekend. Thanks! [0] https://etherpad.openstack.org/p/queens-PTG-vmbm On 08/24/2017 03:34 PM, Lance Bragstad wrote: > Hi all, > > Keystone has a few cross-project topics we'd like to share with a wider >

[openstack-dev] [policy] [all] policy in code schedule and room

2017-09-10 Thread Lance Bragstad
Hey all, The schedule [0] has been updated with room information for the policy-in-code effort. We'll be in Grays Peak on Level 3 on Monday and Tuesday to help projects with the Queens goal [1]. [0] https://etherpad.openstack.org/p/policy-queens-ptg [1]

Re: [openstack-dev] [keystone] [nova] [neutron] [cinder] [ironic] [glance] [swift] Baremetal/VM SIG PTG Schedule/Etherpad

2017-09-10 Thread Lance Bragstad
Looks like the Baremetal/VM SIG (#compute) will meet in Ballroom B, Banquet Level. I've updated the etherpad with the room information [0]. [0] https://etherpad.openstack.org/p/queens-PTG-vmbm On 09/07/2017 10:01 AM, Lance Bragstad wrote: > I spoke with John a bit today in IRC and we h

Re: [openstack-dev] [keystone] Queens PTG Planning

2017-09-10 Thread Lance Bragstad
Looks like we'll be in Telluride B, Atrium Level. I've updated the room information in the etherpad [0]. [0] https://etherpad.openstack.org/p/keystone-queens-ptg On 08/24/2017 02:25 PM, Lance Bragstad wrote: > I've worked the topics into a schedule [0]. Monday and Tuesday are > pretty g

[openstack-dev] [all] tracking policy community goal for queens

2017-09-06 Thread Lance Bragstad
Hey all, I reused some of Doug's doc-migration tooling to create a burndown chart specifically for policy work in Queens [0][1]. As some of you might know, I've attempted to update projects that are not impacted by the goal [2]. Another reminder that we will be having two sessions dedicated to

[openstack-dev] [keystone]] Trello board update

2017-09-25 Thread Lance Bragstad
Hey all, I went through the Trello board for all our Queens work and updated all cards that needed "fleshing out". Each should have an accurate description of the work, why it's needed, and a checklist if applicable. If a card still doesn't make sense, please ping me or add the "needs fleshing

[openstack-dev] [keystone] Sydney Forum Session Proposals

2017-09-28 Thread Lance Bragstad
Hey all, In the weekly meeting on Tuesday, we talked about possible forum sessions for Sydney. I proposed the following based on the etherpad [0]. * Keystone User & Operator Feedback [1] * Application Credentials Feedback [2] * RBAC/Policy Roadmap Feedback [3] We decided to omit the last

Re: [openstack-dev] [Oslo][oslo.policy] Bug: Glance doesn't send correctly authorization request to Oslo policy

2017-09-29 Thread Lance Bragstad
++ it'd be great to come up with some sort of pattern here that other projects can follow if they need to implement the same thing. Some sort of consistency would be great when/if we start seeing more http_check adoption. On 09/29/2017 07:56 AM, ruan...@orange.com wrote: > > Hi folks, > > We are

Re: [openstack-dev] [keystone] [keystoneauth] Debug data isn't sanitized - bug 1638978

2017-09-29 Thread Lance Bragstad
On 09/27/2017 06:38 AM, Bhor, Dinesh wrote: > > Hi Team, > >   > > There are four solutions to fix the below bug: > > https://bugs.launchpad.net/keystoneauth/+bug/1638978 > >   > > 1) Carry a copy of mask_password() method to keystoneauth from > oslo_utils [1]: > > *Pros:* > > A. keystoneauth

[openstack-dev] [keystone] office hours report 2017-09-26 and plans for next week

2017-09-29 Thread Lance Bragstad
Office hours was a little slow this week. Most people seem to be getting back in the groove from the PTG. No bugs were closed during this week's office hours. FWIW - I plan to go through and start cleaning up v2.0 bugs there are no longer relevant now that v2.0 is being removed. This will be a

[openstack-dev] [all] policy community goal progress

2017-10-03 Thread Lance Bragstad
Hey all, According to our burndown chart [0], just over half the projects have started implementing the goal [1]. I've been proposing patches for some of the projects in the not-started column. Most patches I've been working on would benefit from a review from someone more experienced with the

Re: [openstack-dev] [keystone] Queens PTG Planning

2017-08-24 Thread Lance Bragstad
of the Etherpad as a champion, moderator, or scribe (see definitions in the main schedule). Let me know if you see any issues or conflicts. Thanks, Lance [0] https://etherpad.openstack.org/p/keystone-queens-ptg On 07/27/2017 12:21 PM, Lance Bragstad wrote: > I've added a section to the etherpad

[openstack-dev] [keystone] [nova] [neutron] [cinder] [ironic] [glance] [swift] Baremetal/VM SIG PTG Schedule/Etherpad

2017-08-24 Thread Lance Bragstad
Hi all, Keystone has a few cross-project topics we'd like to share with a wider group, like the Baremetal/VM SIG. As a result, I attempted to dust off some of the Baremetal/VM sessions [0][1] from Boston and port the popular topics over to the etherpad for the PTG [2]. Maybe it will kick start

Re: [openstack-dev] [Openstack-dev][keystone][AAA] Unable to log in to DLUX UI using keystone created users

2017-09-01 Thread Lance Bragstad
It looks like the users exist in keystone. Are you able to authenticate directly against keystone and see if that works? On 09/01/2017 06:22 AM, A Vamsikrishna wrote: > > Hi All, > > > > *Setup details: * > > > > ubuntu-16.04.2-server-amd64 > > Docker version 1.12.6 > > Installed keystone in

Re: [openstack-dev] [all] [oslo] schedule for Denver PTG is ready !

2017-09-01 Thread Lance Bragstad
Thanks for the schedule! I should be somewhat available Monday afternoon for the policy deprecation discussion. The only conflict that might come up for me is with the Baremetal/VM group [0]. Keystone has a few topics to iron out there, but I'm not exactly sure when that group plans to talk about

Re: [openstack-dev] [Openstack-dev][keystone][AAA] Unable to log in to DLUX UI using keystone created users

2017-09-05 Thread Lance Bragstad
anks for your kind response!! > >   > > Can you please help me with the process to authenticate the created > users directly against keystone ?? > >   > > Best regards, > > Vamsi krishna > >   > > *From:*Lance Bragstad [mailto:lbrags...@gmail.com] > *Sent:*

Re: [openstack-dev] [oslo][oslo.db][keystone] A POC of Keystone over CockroachDB

2017-09-05 Thread Lance Bragstad
On 09/04/2017 11:06 AM, Ronan-Alexandre Cherrueau wrote: > Hi folks, > > Recently in the Inria's Discovery initiative[1], we got in touch with > CockroachLabs guys with an idea: make Keystone supports CockorachDB. So > we give it a try and you can find a very first result on our GitHub[2]. > The

Re: [openstack-dev] [policy] AWS IAM session

2017-10-09 Thread Lance Bragstad
://eavesdrop.openstack.org/#Keystone_Policy_Meeting [1] https://etherpad.openstack.org/p/keystone-policy-meeting On 10/05/2017 02:24 AM, Colleen Murphy wrote: > On Tue, Oct 3, 2017 at 10:08 PM, Lance Bragstad <lbrags...@gmail.com > <mailto:lbrags...@gmail.com>> wrot

Re: [openstack-dev] [keystone][middleware]: Use encrypted password in the service conf file

2017-10-11 Thread Lance Bragstad
This sounds like something that was discussed during the PTG. The oslo team was exploring ways to implement this, which would be consumable to keystonemiddleware as a library [0]. [0] https://etherpad.openstack.org/p/oslo-ptg-queens On 10/11/2017 07:43 AM, pnkk wrote: > Hi, > > We have our API

Re: [openstack-dev] [policy] AWS IAM session

2017-10-11 Thread Lance Bragstad
Oh - one note about the doodle [0]. All proposed times are in UTC, so just keep that in mind when selecting your availability. Thanks! [0] https://beta.doodle.com/poll/ntkpzgmcv3k6v5qu On 10/11/2017 01:44 PM, Lance Bragstad wrote: > In today's policy meeting we went through and started prepp

Re: [openstack-dev] [policy] AWS IAM session

2017-10-11 Thread Lance Bragstad
for upgrading the account. [0] https://etherpad.openstack.org/p/analyzing-other-policy-systems [1] https://doodle.com/poll/ntkpzgmcv3k6v5qu On 10/09/2017 04:23 PM, Lance Bragstad wrote: > I've put a scheduling session on the books for the next policy meeting > [0][1]. Advertising it here since

Re: [openstack-dev] [policy] AWS IAM session

2017-10-18 Thread Lance Bragstad
10/16/2017 08:45 AM, Lance Bragstad wrote: > Sending out a gentle reminder to vote for time slots that work for you > [0]. We'll keep the poll open for a few more days, or until we reach > quorum. Thanks! > > [0] https://beta.doodle.com/poll/ntkpzgmcv3k6v5qu > > On 10/11/2017

Re: [openstack-dev] [all] [policy] [keystone] Support for deprecating policies

2017-11-15 Thread Lance Bragstad
I messed up the links in the previous note. Merged implementation: https://review.openstack.org/#/c/509909/ Documentation: https://docs.openstack.org/oslo.policy/latest/reference/api/oslo_policy.policy.html#oslo_policy.policy.DeprecatedRule On 11/15/2017 11:34 AM, Lance Bragstad wrote: >

<    1   2   3   4   5   >