| rohit02 | hi team,We are deploying OSA Victoria with barbican plugin p11_crypto but where do we get these user defined library /opt/barbican/libs/libCryptoki2.so | 07:13 |
|---|---|---|
| rohit02 | jrosser: noonedeadpunk: ,We are deploying OSA Victoria with barbican plugin p11_crypto but where do we get these user defined library /opt/barbican/libs/libCryptoki2.so | 07:15 |
| jrosser | rohit02: i think that library would be specific to a particular HSM for the PKCS#11 plugin? | 07:20 |
| jrosser | which secret store plugin are you wanting to use? | 07:21 |
| rohit02 | jrosser: secret_store_plugin: store_crypto | 07:36 |
| rohit02 | crypto_plugin: p11_crypto | 07:36 |
| noonedeadpunk | rohit02: this lirary should be provided by HSM, yes | 07:38 |
| noonedeadpunk | so if we take thales luna network HSM, then when creating client for the service in THales, you will get client downloaded. While unpacking it you will find these libraries | 07:40 |
| noonedeadpunk | so this library is device-specific anyway afaik | 07:40 |
| noonedeadpunk | it also might have a bit different naming based on the HSM being used | 07:42 |
| rohit02 | noonedeadpunk: means HSM is h/w device which provide u the library right? | 07:53 |
| noonedeadpunk | yep | 08:19 |
| *** arxcruz is now known as arxcruz|rover | 08:48 | |
| *** arxcruz|rover is now known as arxcruz | 13:37 | |
| jamesdenton | spatel around? | 14:17 |
| opendevreview | Merged openstack/openstack-ansible stable/wallaby: Remove unnecessary pki step in haproxy install https://review.opendev.org/c/openstack/openstack-ansible/+/813099 | 14:46 |
| spatel | jamesdenton give me few min.. dealing with production issue :) | 15:18 |
| jamesdenton | no worries | 15:23 |
| opendevreview | James Denton proposed openstack/openstack-ansible master: Remove OVN-related haproxy configuration https://review.opendev.org/c/openstack/openstack-ansible/+/813858 | 16:04 |
| jrosser | jamesdenton: i don't think that will remove them on a deployment, just won't add them in a new one | 16:06 |
| jamesdenton | the haproxy configuration isn't overwritten? | 16:07 |
| jrosser | it drops a bunch of little files then glues them together for the total config | 16:07 |
| jamesdenton | ahh ok, i didn't look. It's OK if they're there, just won't be used | 16:08 |
| jamesdenton | i can verify and add a note | 16:08 |
| jrosser | there is a mechanism here https://github.com/openstack/openstack-ansible-haproxy_server/blob/96087b086749f293dde9fc4eaeee41fd9b514b47/tasks/haproxy_service_config.yml#L33-L43 | 16:08 |
| jrosser | or indeed release note | 16:08 |
| jamesdenton | thank you | 16:10 |
| jamesdenton | https://github.com/openstack/openstack-ansible-haproxy_server/blob/96087b086749f293dde9fc4eaeee41fd9b514b47/tasks/haproxy_service_config.yml#L40 | 16:14 |
| jamesdenton | typo? | 16:14 |
| jamesdenton | falsy? | 16:15 |
| jrosser | this? https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html#testing-truthiness | 16:15 |
| jamesdenton | gotcha, thanks | 16:16 |
| mgariepy | lol. falsy is fun.. | 16:45 |
| mgariepy | jamesdenton, https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/801910/2/tasks/haproxy_service_config.yml | 16:55 |
| jamesdenton | :D | 16:55 |
| mgariepy | lol. had the same reaction lol | 16:56 |
| jamesdenton | i'd never heard of it | 16:56 |
| jamesdenton | that's why i defer to the experts! | 16:56 |
| mgariepy | i first heard of it on aug 24.. lol | 16:56 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix manila haproxy manage https://review.opendev.org/c/openstack/openstack-ansible/+/813885 | 19:02 |
| -opendevstatus- NOTICE: Both Gerrit and Zuul services are being restarted briefly for minor updates, and should return to service momentarily; all previously running builds will be reenqueued once Zuul is fully started again | 22:49 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!