Thursday, 2014-11-13

« Wednesday, 2014-11-12 Index Friday, 2014-11-14 »
*** tdink has joined #openstack-barbican00:09
*** david-lyle_afk is now known as david-lyle00:10
*** paul_glass has joined #openstack-barbican00:20
*** rsyed is now known as rsyed_away00:20
*** rm_you|wtf has joined #openstack-barbican00:21
*** paul_glass has quit IRC00:25
*** rm_you| has quit IRC00:26
*** tdink has quit IRC00:27
*** tdink has joined #openstack-barbican00:31
*** zz_dimtruck is now known as dimtruck00:31
*** tdink has quit IRC00:40
*** rsyed_away is now known as rsyed00:42
*** nkinder has joined #openstack-barbican01:07
*** tdink has joined #openstack-barbican01:21
*** gyee has quit IRC01:25
*** tdink has quit IRC01:31
*** rsyed is now known as rsyed_away01:34
*** bdpayne has quit IRC01:47
*** tdink has joined #openstack-barbican01:59
*** ayoung has quit IRC02:04
*** ayoung has joined #openstack-barbican02:05
*** david-lyle is now known as david-lyle_afk02:08
*** tdink has quit IRC02:09
*** rm_you| has joined #openstack-barbican02:24
*** rm_you|wtf has quit IRC02:28
*** rm_you| has quit IRC02:47
*** rm_you| has joined #openstack-barbican02:48
*** dimtruck is now known as zz_dimtruck02:54
*** rm_you| has quit IRC03:48
*** rm_you| has joined #openstack-barbican03:48
*** codekobe_ has joined #openstack-barbican04:08
*** chellygel_ has joined #openstack-barbican04:11
*** mordred_ has joined #openstack-barbican04:12
*** chellygel has quit IRC04:12
*** codekobe has quit IRC04:12
*** redrobot has quit IRC04:12
*** insequent has quit IRC04:12
*** zz_dimtruck has quit IRC04:12
*** mordred has quit IRC04:12
*** mordred_ is now known as mordred04:12
*** codekobe_ is now known as codekobe04:13
*** redrobot has joined #openstack-barbican04:14
*** zz_dimtruck has joined #openstack-barbican04:14
*** redrobot is now known as Guest1762704:14
*** zz_dimtruck is now known as dimtruck04:14
*** insequent has joined #openstack-barbican04:23
*** ayoung is now known as ayoung-mia04:27
*** kebray has quit IRC07:22
*** akoneru has quit IRC08:30
*** akoneru has joined #openstack-barbican09:19
*** ajc_ has joined #openstack-barbican11:06
*** ajc_ has quit IRC11:06
*** akoneru has quit IRC12:48
*** SheenaG1 has joined #openstack-barbican13:32
*** alee has quit IRC13:34
*** ryanpetrello has joined #openstack-barbican13:49
*** ryanpetrello has quit IRC13:54
*** SheenaG11 has joined #openstack-barbican13:54
*** SheenaG1 has quit IRC13:57
*** akoneru has joined #openstack-barbican14:04
*** nkinder has quit IRC14:08
*** alee has joined #openstack-barbican14:26
*** kebray has joined #openstack-barbican14:32
*** rsyed_away is now known as rsyed14:40
*** ametts has joined #openstack-barbican14:45
*** nkinder has joined #openstack-barbican14:54
*** ryanpetrello has joined #openstack-barbican15:04
*** tdink has joined #openstack-barbican15:05
*** dave-mccowan has joined #openstack-barbican15:21
chellygel_alee, ping15:22
aleechellygel_, pong15:23
chellygel_i'm reading your identify cas spec... still a little confused about the conversation woodster was having with you in it15:23
chellygel_he mentioned the ca_id should be a UUID from barbican instead of preset in the plugin... is that correct alee ?15:23
chellygel_or am i misreading that15:24
*** JeffF has joined #openstack-barbican15:24
aleechellygel_, right -- I'm ok with that. let me pull up the spec15:25
aleechellygel_, which line?15:26
chellygel_105 alee15:26
*** chellygel_ is now known as chellygel15:27
aleechellygel, ok - so I think I agreed that the ca-id could be a barbican uuid.15:28
chellygelthats what it sounded like, i was trying to understand context15:28
chellygeli get a little lost in your conversations haha15:28
aleechellygel, the SKI is supposed to be unique though and may be more valuable for a client15:28
*** rtom has joined #openstack-barbican15:29
chellygelokay, another question alee -- the PCA is that a single entry for the entire table?15:29
chellygelessentially allowing only one preferred CA? or could there be multiple?15:29
chellygelah, wait projects -- so its multiple projects15:30
chellygelim bad at reading apparently15:30
aleeonly one preferred ca per project15:30
aleeso it will be a table with project_id as the primary key and ca_id as the entry15:31
chellygelgotcha15:31
chellygeli might ping you with more as im reading through15:33
aleenp15:37
*** paul_glass has joined #openstack-barbican15:41
*** paul_glass1 has joined #openstack-barbican15:44
*** paul_glass has quit IRC15:48
*** bdpayne has joined #openstack-barbican16:02
*** tdink has quit IRC16:25
*** tdink has joined #openstack-barbican16:26
*** SheenaG11 has left #openstack-barbican16:30
*** SheenaG11 has joined #openstack-barbican16:30
*** Guest17627 is now known as redrobot16:34
aleeredrobot, ping16:35
redrobotalee png16:35
aleeredrobot, I'm making a lot of progress with my rpm packaging16:36
aleeredrobot, now a question about barbican.sh16:36
redrobotalee good!16:36
aleeredrobot, so ...16:36
aleeif I look at barbican.sh install - I see we end up copying barbican-api.conf to the home directory of the user16:37
aleewhats up with that?16:37
alee # Copy conf file to home directory so oslo.config can find it16:38
alee    cp $LOCAL_CONFIG ~16:38
redrobotalee I think the idea was that barbican.sh would only be used for development16:38
redrobotalee it needs to be re-written for general-purpose use16:38
aleeredrobot, how can I get oslo.config to find the config file in /etc/barbican?16:38
redrobotalee that's an excellent question, unfortunaltey I don't know the answer to that.16:39
aleeredrobot, any idea who might know?16:39
aleeoslo/uwsgi experts?16:39
redrobotoslo folk should know for sure...  It _should_ be documented somewhere in oslo.config16:40
redrobotalee and just so that we're cleare, there is no hard dependency on uwsgi.  Barbican should be able to run within any web server with a WSGI container.  So it would be acceptable to remove that dependency from a general-use RPM.16:41
redrobotsome people may want to use nginx+gnunicorn16:42
redrobotor even apache+mod_wsgi16:42
aleeredrobot, understood -- I'm just trying to get it working to begin with.  I think we are likely to go with apache+wmod_wsgi16:42
aleefor the rhel/fedora rpms16:43
redrobotalee cool.16:44
aleeredrobot, there is a proposal out there to put all the openstack services in apache/mod_wsgi with specified urls16:44
aleeso we dont have to have tons of ports to manage16:44
aleeso barbican would be under /keys or whatever16:44
redrobotinteresting.  I think that could be easily achieved in the paste config16:45
redrobotbtw, did y'all see this? https://aws.amazon.com/about-aws/whats-new/2014/11/12/introducing-aws-key-management-service/16:51
tiger_toesIt's a bit limited for now. *cough*16:52
openstackgerritThomas Dinkjian proposed openstack/barbican: Added test to check that an expired secret cannot be retrieved  https://review.openstack.org/13429216:57
*** david-lyle_afk is now known as david-lyle16:58
openstackgerritThomas Dinkjian proposed openstack/barbican: Added test to check that an expired secret cannot be retrieved  https://review.openstack.org/13429217:02
*** kebray has quit IRC17:11
*** SheenaG11 has left #openstack-barbican17:16
*** SheenaG1 has joined #openstack-barbican17:21
*** kebray has joined #openstack-barbican17:26
*** dimtruck is now known as zz_dimtruck17:32
*** openstackgerrit has quit IRC17:34
*** openstackgerrit has joined #openstack-barbican17:34
*** bdpayne has quit IRC17:37
*** paul_glass1 has quit IRC17:39
*** SheenaG1 has quit IRC17:52
*** stanzi has joined #openstack-barbican17:57
*** SheenaG1 has joined #openstack-barbican17:57
*** openstackgerrit has quit IRC18:03
*** openstackgerrit has joined #openstack-barbican18:04
*** bdpayne has joined #openstack-barbican18:06
*** stanzi has quit IRC18:35
*** paul_glass has joined #openstack-barbican18:39
*** paul_glass has quit IRC18:42
*** paul_glass has joined #openstack-barbican18:43
*** bdpayne_ has joined #openstack-barbican18:44
*** bdpayne has quit IRC18:46
*** tdink_ has joined #openstack-barbican18:47
*** kebray has quit IRC18:48
*** openstackgerrit has quit IRC18:49
*** kebray has joined #openstack-barbican18:49
*** openstackgerrit has joined #openstack-barbican18:49
*** tdink has quit IRC18:50
*** tdink_ has quit IRC18:51
*** akoneru has quit IRC18:57
*** rcarrill` has joined #openstack-barbican18:58
*** kebray has quit IRC19:00
*** rcarrillocruz has quit IRC19:00
*** stanzi has joined #openstack-barbican19:02
*** akoneru has joined #openstack-barbican19:08
*** openstackgerrit has quit IRC19:18
*** openstackgerrit has joined #openstack-barbican19:18
*** paul_glass1 has joined #openstack-barbican19:22
*** paul_glass1 has quit IRC19:23
*** paul_glass has quit IRC19:23
*** ayoung-mia is now known as ayoung19:25
*** paul_glass has joined #openstack-barbican19:26
*** stanzi has quit IRC19:32
*** stanzi has joined #openstack-barbican19:32
aleeredrobot, ping19:35
redrobotalee pong19:36
*** stanzi has quit IRC19:36
aleeredrobot, if I want to deploy barbican in apache using mod_wsgi , do I need some kind of barbican.wsgi file?19:36
aleeredrobot, just noticed no such file is created in the build ..19:37
redrobotalee I think so?  ...  not sure if mod_wsgi can use a paste file.19:39
aleeredrobot, ok - so its not something ya'll have tried yet19:39
redrobotalee nope.  we've been battling uwsgi since day one19:39
aleeok19:40
redrobotalee Chad was able to get it running without uwsgi in devstack, but his CR never merged.19:40
aleeredrobot, which cr was this?19:40
redrobotalee https://review.openstack.org/#/c/98490/19:41
aleeredrobot, so this is using eventlet?  or apache?19:43
redrobotalee looks like he's loading the WSGI app, and then using paste.httpserver to serve it https://review.openstack.org/#/c/98490/14/bin/barbican_devstk_api.py,cm19:45
redrobotalee so it's an all python server.19:45
redrobotalee but I think setting up the wsgi app for mod_wsgi would be similar.19:45
aleeredrobot, paste.httpserver is yet another server?19:45
redrobotalee yep.  he was copying another service.  maybe keystone?  I think that's the server that DevStack services are using.19:46
aleeok - in that case, it might make sense for devstack at least ..19:47
*** zz_dimtruck is now known as dimtruck19:47
*** darrenmoffat has quit IRC19:49
*** darrenmoffat has joined #openstack-barbican19:50
*** kebray has joined #openstack-barbican20:00
*** openstackgerrit has quit IRC20:04
*** openstackgerrit has joined #openstack-barbican20:05
*** tdink has joined #openstack-barbican20:05
openstackgerritThomas Dinkjian proposed openstack/barbican: Added test to check that an expired secret cannot be retrieved  https://review.openstack.org/13429220:28
openstackgerritThomas Dinkjian proposed openstack/barbican: Added test to check that an expired secret cannot be retrieved  https://review.openstack.org/13429220:31
*** rellerreller has joined #openstack-barbican20:33
*** dimtruck is now known as zz_dimtruck20:44
*** alee has quit IRC20:56
*** kebray has quit IRC21:04
*** kebray has joined #openstack-barbican21:04
*** bubbva has quit IRC21:04
*** bubbva has joined #openstack-barbican21:04
*** openstackgerrit has quit IRC21:19
*** openstackgerrit has joined #openstack-barbican21:19
*** kebray has quit IRC21:31
*** alee has joined #openstack-barbican21:41
rm_workreaperhulk: hey21:47
rm_workreaperhulk: would you do me a huge favor and look over this CR for me? https://review.openstack.org/#/c/130659/21:47
rm_workreaperhulk: it's not Barbican, but it's a security thing, and I feel like you could provide useful feedback (like, YOU ARE DUMB DON'T DO THAT)21:48
rm_workreaperhulk: err, can be found more legibly here: http://docs.octavia.io/review/130659/specs/version0.5/tls-data-security.html21:48
rm_workbut the review would be where comments could go :)21:49
dstufftyay tls21:51
*** nkinder has quit IRC21:56
*** stanzi has joined #openstack-barbican21:58
*** zz_dimtruck is now known as dimtruck22:03
*** stanzi has quit IRC22:04
*** stanzi has joined #openstack-barbican22:05
*** stanzi_ has joined #openstack-barbican22:06
*** stanzi has quit IRC22:09
*** ryanpetrello has quit IRC22:16
aleechellygel, ping22:19
chellygelalee, pong22:19
aleechellygel, so does symantec support cmc requests?22:19
chellygelwhat is cmc alee ?22:20
aleechellygel, its a request format for cert enrollments22:20
chellygeldo you have an example? i can look into it22:20
chellygelnot familiar with that22:20
aleechellygel, this is relevant because rfc 7030 basically is a REST API around CMC requests22:21
aleechellygel, CMC requests defined in http://tools.ietf.org/html/rfc5272#section-3.122:21
chellygelchecking their api docs alee22:23
chellygelif i am reading this right CMS => CMC22:25
chellygelsame thing22:25
chellygelPKCS7?22:25
*** akoneru is now known as akoneru_afk22:26
*** akoneru_afk has quit IRC22:26
*** stanzi_ has quit IRC22:26
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/13438122:27
*** stanzi has joined #openstack-barbican22:27
aleechellygel, http://en.wikipedia.org/wiki/Certificate_Management_over_CMS22:30
*** stanzi has quit IRC22:31
chellygelalee, sorry for my ignorance -- im still trying to wrap my head around it22:35
aleechellygel, no worries - me too :)22:36
aleeback in a bit22:36
*** gyee has joined #openstack-barbican22:37
*** stanzi has joined #openstack-barbican22:38
*** stanzi has quit IRC22:40
*** stanzi has joined #openstack-barbican22:40
*** kebray has joined #openstack-barbican22:41
*** kebray has quit IRC22:41
*** paul_glass has quit IRC22:41
*** kebray has joined #openstack-barbican22:43
*** alee is now known as alee_daycare22:44
*** stanzi has quit IRC22:44
*** rsyed is now known as rsyed_away22:51
*** dave-mccowan has quit IRC22:58
*** rellerreller has quit IRC23:00
*** ametts has quit IRC23:07
*** nkinder has joined #openstack-barbican23:17
*** akoneru has joined #openstack-barbican23:37
*** rtom has quit IRC23:56
« Wednesday, 2014-11-12 Index Friday, 2014-11-14 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!