Monday, 2015-01-12

« Sunday, 2015-01-11 Index Tuesday, 2015-01-13 »
*** david-lyle has joined #openstack-barbican00:35
*** ryanpetrello has joined #openstack-barbican00:39
*** ryanpetrello has quit IRC00:58
hockeynutgreghaynes yeah, thats the approach to take for the json issue.  I was hoping that in general there might be a good way to get a devstack up that looks like what we run in the gate.01:04
*** ryanpetrello has joined #openstack-barbican01:17
*** david-lyle has quit IRC01:18
*** david-lyle has joined #openstack-barbican01:25
*** david-lyle has quit IRC01:27
*** david-lyle has joined #openstack-barbican01:28
*** zz_dimtruck is now known as dimtruck01:42
*** ryanpetrello has quit IRC01:48
*** rm_you| has joined #openstack-barbican01:52
*** rm_you has quit IRC01:55
*** david-lyle has quit IRC01:59
*** rm_you| is now known as rm_you02:39
*** david-lyle has joined #openstack-barbican03:44
*** woodster_ has joined #openstack-barbican03:49
*** david-lyle has quit IRC04:50
*** david-lyle has joined #openstack-barbican04:50
*** david-lyle has quit IRC05:06
*** Nirupama has joined #openstack-barbican05:08
*** woodster_ has quit IRC06:00
*** dimtruck is now known as zz_dimtruck06:31
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Return the actual name value for entities  https://review.openstack.org/14549507:29
*** zz_dimtruck is now known as dimtruck07:31
*** dimtruck is now known as zz_dimtruck07:41
*** jamielennox is now known as jamielennox|away07:56
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Return the actual name value for entities  https://review.openstack.org/14549508:04
*** chlong has quit IRC08:10
*** tkelsey has joined #openstack-barbican08:17
*** zz_dimtruck is now known as dimtruck08:33
*** dimtruck is now known as zz_dimtruck08:42
*** tkelsey has quit IRC08:52
*** jaosorior has joined #openstack-barbican08:58
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Return the actual name value for entities  https://review.openstack.org/14549509:12
*** zz_dimtruck is now known as dimtruck09:31
*** dimtruck is now known as zz_dimtruck09:41
*** zz_dimtruck is now known as dimtruck10:32
*** dimtruck is now known as zz_dimtruck10:42
*** david-lyle has joined #openstack-barbican11:32
*** zz_dimtruck is now known as dimtruck11:33
*** chlong has joined #openstack-barbican11:41
*** dimtruck is now known as zz_dimtruck11:42
*** chlong has quit IRC11:47
*** chlong has joined #openstack-barbican11:48
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Configure devstack conf to use keystone v3  https://review.openstack.org/14332912:12
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Fix usage of keystone v3  https://review.openstack.org/14332912:14
*** zz_dimtruck is now known as dimtruck12:34
*** dimtruck is now known as zz_dimtruck12:43
jaosoriorhockeynut: CR 143329 should fix the InvalidCredentials problem that you had seen12:44
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Fix usage of keystone v3  https://review.openstack.org/14332912:45
*** woodster_ has joined #openstack-barbican12:54
*** chlong has quit IRC12:55
*** Nirupama has quit IRC13:16
*** ryanpetrello has joined #openstack-barbican13:17
*** darrenmoffat has quit IRC13:24
*** darrenmoffat has joined #openstack-barbican13:24
*** zz_dimtruck is now known as dimtruck13:34
*** dimtruck is now known as zz_dimtruck13:44
*** davidhadas_ has joined #openstack-barbican13:45
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Only de-serialize objects when possible  https://review.openstack.org/14646713:52
*** davidhadas___ has joined #openstack-barbican13:54
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Enable functional tests to take a regex from tox  https://review.openstack.org/14646813:54
*** davidhadas_ has quit IRC13:57
elmikohockeynut: thanks!14:02
*** nkinder has quit IRC14:15
hockeynutjaosorior thanks!  looking at it now14:18
*** davidhadas___ has quit IRC14:31
jaosoriorhockeynut: by the way, got time to check out this one? https://review.openstack.org/#/c/146100/14:34
*** zz_dimtruck is now known as dimtruck14:35
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Only de-serialize objects when possible  https://review.openstack.org/14646714:35
hockeynutjaosorior peeking now14:40
jaosoriorhockeynut: Also, the reason why the stuff that I pushed worked in the gate is that tempest.conf there contains admin_domain_name, which is directly read in the credentials class in tempest's auth.py module14:40
hockeynutjaosorior yup - I've been bitten by that missing when I was playing with v3.  I need to get with jvrbanac to see how we get his docker keystone enabled for v3 (it only talks v2 t the moment)...then testing this stuff out will be easier.14:42
*** rm_you has quit IRC14:43
*** rm_you has joined #openstack-barbican14:43
*** rm_you has quit IRC14:43
*** rm_you has joined #openstack-barbican14:43
jaosoriorWhere is the docker keystone stuff?14:45
*** dimtruck is now known as zz_dimtruck14:45
jaosoriorMaybe I could take a look14:45
jaosoriorbeen checking that stuff out today14:45
jaosoriorBut anyway, that admin_domain_name stuff should be fixed in the CR that I told you  https://review.openstack.org/14332914:46
*** nkinder has joined #openstack-barbican15:05
*** lisaclark1 has joined #openstack-barbican15:07
*** tkelsey has joined #openstack-barbican15:24
*** kgriffs|afk is now known as kgriffs15:26
*** paul_glass has joined #openstack-barbican15:26
*** paul_glass has quit IRC15:26
*** paul_glass has joined #openstack-barbican15:27
*** SheenaG1 has joined #openstack-barbican15:34
*** zz_dimtruck is now known as dimtruck15:41
tkelseyhello Barbican folks, any chance of getting some more eyeballs on this https://review.openstack.org/#/c/135217/ its been sitting around for a while now16:00
jaosoriorhockeynut: by the way, did you figure out something regarding the JSONDecode errors?16:07
jaosoriortkelsey: would be good for you to put that as a topic in the weekly16:07
hockeynutjaosorior about to put up some test code to print out some debug info16:08
tkelseyjaosorior: sure, how do we add stuff to the agenda?16:08
jaosoriortkelsey: just add it there https://wiki.openstack.org/wiki/Meetings/Barbican16:09
tkelseycool, will do! thanks jaosorior16:09
jaosoriortkelsey: you have a +1 from me already, but I would really like more cores to take a look at it16:10
jaosoriorSo yeah, taking it up in the weekly is probably the way to go16:10
tkelseysure, thank you jaosorior, im in here hoping some cores will take a look, since it seems quite positive now16:11
tkelseyi'll add it to the agenda, so that should do it16:11
tkelseyadded :)16:15
*** rtom has joined #openstack-barbican16:18
jvrbanacjaosorior, https://github.com/jmvrbanac/dockerfile-collection/tree/master/simple-keystone16:22
jvrbanacjaosorior, https://registry.hub.docker.com/u/jmvrbanac/simple-keystone/16:23
*** ayoung has joined #openstack-barbican16:23
jaosoriorjvrbanac: I'll take a look when I get home. Thanks man16:24
woodster_tkelsey, I'm +1 on your CR too. reaperhulk, can you weigh in on this?: https://review.openstack.org/#/c/135217/16:25
tkelseythanks woodster_ :)16:25
woodster_tkelsey, np16:26
*** dimtruck is now known as zz_dimtruck16:29
*** zz_dimtruck is now known as dimtruck16:30
*** SheenaG1 has quit IRC16:40
*** nkinder has quit IRC16:41
*** SheenaG1 has joined #openstack-barbican16:42
woodster_alee, just an fyi that more comments were added to your per-secret rbac CR: https://review.openstack.org/#/c/127353/16:45
aleewoodster_, thanks16:45
aleewoodster_, will comment back later today16:46
*** nkinder has joined #openstack-barbican16:55
*** mikedillion has joined #openstack-barbican17:02
*** mikedillion has quit IRC17:06
*** jkf has joined #openstack-barbican17:09
*** nkinder has quit IRC17:14
*** samueldmq has joined #openstack-barbican17:21
samueldmqhey guys, I'm from Keystone side of our community :)17:22
samueldmqI wrongly created a bp on your side and I don't know how to abandon it (https://blueprints.launchpad.net/barbican/+spec/list-role-assignments-performance)17:22
aleejvrbanac, jaosorior - ping17:28
jvrbanacalee, pong17:29
aleejvrbanac, jaosorior - how do configure tox to run the dogtag unit tests?17:29
*** nkinder has joined #openstack-barbican17:29
jvrbanacsamueldmq, you just want it in the Keystone project?17:29
jvrbanacsamueldmq, I think I can reassign it17:30
samueldmqjvrbanac, I created one on Keystone side (https://blueprints.launchpad.net/keystone/+spec/list-role-assignments-performance)17:30
samueldmqjvrbanac, I'd like to abandon this :/17:30
morganfainbergjvrbanac, you can also mark it as superseded17:31
morganfainbergjvrbanac, should make it disappear17:31
morganfainberglp blueprints kinda suck... a lot17:31
samueldmqmorganfainberg, ++17:32
jvrbanac+217:33
jvrbanacinteresting... I'm doing the mark as superseded, but it's not sticking... lovely17:33
jvrbanacThere we go!17:33
jvrbanacsamueldmq, ^^17:33
jvrbanacThanks morganfainberg!17:34
*** bdpayne has joined #openstack-barbican17:34
samueldmqjvrbanac, just did the mark as superseded, sorry17:34
jvrbanacsamueldmq, it looks like it's taken care of now :)17:34
jvrbanacalee, are you just want to run those tests independently or apart of the overall unit test run?17:35
aleejvrbanac, well ultimately they should run as part of the unit test run17:35
aleejvrbanac, there are conditionals in there that prevent them from running when dogtag client code is not present17:36
aleebut I also want to run them independently too for now17:36
aleeis there a file that tox uses to determine which tests to run?17:37
samueldmqjvrbanac, added a comment as well, explaining why it's marked as superseded17:37
samueldmqjvrbanac, thanks17:37
jvrbanacsamueldmq, np! Thanks for letting us know!17:37
jvrbanacalee, tox.ini sets up the environments, but as we're using testr in the gate testr using .testr.conf as well17:39
samueldmqnp :-)17:39
aleejvrbanac, interesting -- I don't see anything that says not to run the dogtag tests17:41
jvrbanacalee, personally, I don't use testr when I'm working on unit tests. I'll run tox which uses testr as a sanity check before I put up a CR, but I much prefer PyTest or Nose for my local dev17:42
aleeI wonder if when I run tox, it sets up a new virt environment -- which does not include the dogtag pki client code?17:42
jvrbanacalee, I was just going to mention that17:43
*** gyee has joined #openstack-barbican17:44
aleejvrbanac, yeah - so I should be able to modify tox.ini to add the pki client code .. right?17:44
jvrbanacalee, however, it would be better to see if we could get it into our test-requirements17:44
aleejvrbanac, yeah - except its not pip packaged yet ..17:45
aleethats coming soon ..17:45
jvrbanacalee, ouch!17:45
aleejvrbanac, so for now, I need to just do it locally17:45
aleetill I get it in there17:45
aleejvrbanac, any idea how I might modify tox.ini?17:46
jvrbanacalee, http://paste.openstack.org/show/156506/17:47
jvrbanacalee, that should inherit all the attributes of the normal tox testenv with an added dep17:47
jvrbanacalee, you should be able to manually execute that with tox -e dogtag17:48
aleeYOUR_DEP_HERE is what ?  a path?17:48
jvrbanacWhatever you would give pip17:48
jvrbanaca path, name, repo, etc17:49
jvrbanacalee, if you're pointing it at a repo, you can see an example down in the functional section17:50
jvrbanacalee, it's pointing at the tempest repo17:51
aleejvrbanac, cool - thanks let me play with this a bit17:52
jvrbanacalee, np!17:53
*** ayoung is now known as ayoung-lunch17:54
*** lisaclark1 has quit IRC18:05
*** lisaclark1 has joined #openstack-barbican18:08
*** paul_glass has quit IRC18:21
*** bdpayne has quit IRC18:27
jaosorioralee: just read your messages. I can check in a bit. Not home yet18:31
aleejaosorior, thanks - for now I'm just using nosetests to run dogtag locally18:32
*** crc32 has joined #openstack-barbican18:35
*** bdpayne has joined #openstack-barbican18:38
jaosoriorAlright18:46
aleewoodster_, ping18:47
aleejvrbanac, woodster_  I just updated to latest - and now tox fails for me -- I see this error -- ./barbican/tests/api/test_init.py:40:1: F811 redefinition of unused 'exception' from line 20 ?18:48
jaosorioralee: by the way, for the functional tests. Our tox config is using nose. I uploaded a cr that allows you to give a regex to the arguments. That might help you18:48
aleejaosorior, I'll have to definitely look at that18:49
aleejaosorior, latest tox working for you? ^^18:49
jaosoriorHaven't checked18:49
jaosoriorI'm still at the climbing gym18:49
*** jraim_ is now known as jraim18:50
openstackgerritSteve Heyman proposed openstack/barbican: Added debugging to help diagnost json decode issue  https://review.openstack.org/14660818:51
aleejaosorior, I hope you're not checking irc while climbing. whoever is belaying you might be a little less than amused :)18:53
aleejvrbanac, woodster_ ?18:53
*** lisaclark2 has joined #openstack-barbican18:55
woodster_alee: hello18:55
aleewoodster_, any thoughts to above?18:55
openstackgerritAde Lee proposed openstack/barbican: Add support for simple cmc requests to Dogtag plugin  https://review.openstack.org/14661118:56
*** lisaclark1 has quit IRC18:57
woodster_alee: just have phone, but heading back to office now18:57
*** bdpayne has quit IRC18:57
aleewoodster_, just updated to latest and tox is not working for me.  Let me know if its working for you.18:58
*** bdpayne has joined #openstack-barbican18:59
jaosorioralee: hahaha nah, I do bouldering. No ropes is more fun :P19:01
jvrbanacjaosorior, it's only using nose for the tox functional job. That's actually not what devstack uses. I setup nose for that one for easier development. Devstack using testr outside of tox19:12
jvrbanacalee, what tox env did that fail on? pep8?19:13
jaosoriorYeah, for the gate I saw testr is being used19:15
aleejvrbanac, pep8 and py2719:16
alee./barbican/tests/api/test_init.py:40:1: F811 redefinition of unused 'exception' from line 2019:16
aleeERROR: InvocationError: '/home/alee/barbican/barbican/.tox/pep8/bin/flake8'19:16
aleebarbican.tests.tasks.test_resourcesNon-zero exit code (2) from test listing.19:16
aleeerror: testr failed (3)19:16
aleeERROR: InvocationError: '/home/alee/barbican/barbican/.tox/py27/bin/python setup.py testr --coverage --testr-args='19:16
jvrbanacalee, trying it right now. Did you recreate your tox envs yet?19:17
jaosoriorWhat's the tox version?19:17
aleejvrbanac, you mean for dogtag -- not yet -- will work on that later today19:18
alee1.6.1  jaosorior ^^19:18
aleejvrbanac, if its working for you, I can try a pip install -U19:20
jvrbanacalee, I had a weird error so I just "rm -r .tox"19:23
jvrbanacalee, it worked after that19:23
reaperhulkhaha, -r will recreate an env for you jvrbanac (although you already knew that). And I never remember what projects I run into these issues on, but tox 1.7.x fixes some bugs that affect...probably pyca.19:24
jvrbanacreaperhulk, yeah. I just like the feeling of deleting all the things!19:25
jvrbanac:D19:25
*** paul_glass has joined #openstack-barbican19:25
aleejvrbanac, trying .. its taking its sweet time to delete and re-install stuff ..19:26
*** lisaclark2 has quit IRC19:26
*** lisaclark1 has joined #openstack-barbican19:27
*** lisaclark1 has joined #openstack-barbican19:29
*** kaitlin-farr has joined #openstack-barbican19:34
rm_worklocal pypi cache helps, but not that significantly19:34
*** lisaclark1 has quit IRC19:34
woodster_tox -r  with tox v1.6.1 works for me19:34
aleewoodster_, jvrbanac  - ok worked for me - thanks!19:35
jvrbanacalee, w00t!19:35
woodster_local pypi lets you tox offline though which is nice19:35
*** rellerreller has joined #openstack-barbican19:35
aleejvrbanac, (if only they could be this easy)19:35
woodster_alee, for sure!19:35
jvrbanac:D19:36
reaperhulkpip 6 does a great deal more caching as well now (thanks to dstufft )19:36
dstufftyay caching19:37
reaperhulkRuining download counts since Late December19:37
rm_workheh19:37
rm_worktruth19:37
rm_workthough to be fair, it's kind of misleading when download counts include one developer installing your library 1000 times in a month19:38
dstufftobviously number of travis-ci runs that install your project is the ideal metric19:38
reaperhulkAnything that inflates my ego is good19:38
reaperhulkDeflates, bad.19:38
dstufftdon't worry, I can add code so that the download tally code randomly inverts the cryptography download counts to be -X instead of +X19:39
reaperhulkIf you explicitly targeted us that'd make me feel like a special snowflake too19:40
reaperhulk:D19:40
*** kebray has joined #openstack-barbican19:40
greghaynesshameless plug for reviews on https://review.openstack.org/#/c/140575/19:41
greghaynesAlso, I noticed the Castellan repo (which is currently empty). Anyone know what the goal of it was / where that was discussed?19:41
rm_workgreghaynes: there will be some discussion of Castellan at the meeting today19:42
rm_workgreghaynes: it was mostly discussed here19:42
greghaynesah, fun19:42
greghayneswhat time is the meeting? seems my calendar is out of date for that19:43
rm_work15m19:43
jvrbanacgreghaynes, I'll take a look at your CR this afternoon19:43
greghaynesperfect :)19:43
greghaynesjvrbanac: ty19:43
rm_workWe're trying to get all of the random Barbican interfaces that are stuck into other projects like Neutron/Octavia/Cinder/Swift/Nova/whatever into their own project so they can just be imported and maintained as one repo19:43
rm_workIE: https://review.openstack.org/#/c/146210/19:44
greghaynesrm_work: awesome. So the reason I was asking is because I was about to add another one of those for tripleo19:44
rm_workyeah19:44
rm_workI am hoping we can get some specs in soon and wrap this up at the Barbican meetup in feb19:45
rm_workbut that's what we're discussing19:45
greghaynesok, well id much rather help with that than add tech debt into tripleo ;)19:45
rm_workgreghaynes: if you want to use mine or cinder's as a model in the meantime, I am guessing Castellan's method should be similar19:45
rm_worksince I am probably going to be writing the BP/spec for the CertManager in Castellan19:45
greghaynesIs castellan going to be a client lib essentially?19:46
rm_workor Octavia's, which is nearly identical code, but better organized19:46
rm_workgreghaynes: kindof a service-lib19:46
rm_workmeaning, not useful for anything besides including in other code, unlike say "python-barbicanclient"19:46
greghaynesok, but on the client side. I wonder why barbican doesnt just expose a more general certificate api?19:47
rm_workgreghaynes: certificate storage in Barbican came around fairly recently19:47
rm_workI don't think people were originally expecting quite this use-case19:47
greghaynesah19:47
rm_workLBaaS has been a thorn in their side for a while :P19:48
greghaynesSo my thinking is that as a client lib it ends up being hard to do things like api versioning19:48
rm_workcurrently working on getting through permissions and validation stuff as well19:48
rm_workwell19:48
rm_workthe whole versioning this is somewhat tricky anyway, since at the moment there is a lot of breaking change happening19:48
*** kebray has quit IRC19:49
rm_workso pretty much to get it to work right you need Latest of both Barbican and Barbicanclient19:49
rm_workor else they don't communicate well (in my experience)19:49
rm_workI assume that will settle down some and sync up once it gets promoted19:49
jaosorioryay, home19:50
jaosorioralee: Did you guys figure out the tox business?19:50
greghaynesyep, I wonder, is there any reason to not just make castellan a separate service that (possibly) depends on barbican?19:50
greghayneswould fit a lot more with the openstack way19:50
rm_workrofl19:50
rm_workthat's a little more abstraction than I think we need, honestly19:50
greghaynesjust be a service that abstracts the cert lifecycle managers19:50
rm_workI don't know if it's trying to be a CLM19:51
rm_workjust an access abstraction layer19:51
greghaynesah, so maybe I was thinking of using it a little different than intended ;)19:51
rm_workat least that's what my group was aiming for19:51
* greghaynes reads the lbaas patch19:51
aleejaosorior, sure did - thanks -- needed to recreat my env19:51
rm_workwell, for CLM you can use something like ... damn, what was it called19:52
greghayneswell, I want a CLM abstraction19:52
rm_workerk19:52
rm_workwell, often that is done at the system daemon level19:52
rm_worknot sure how that'd work19:52
rm_worksec, i have 8 minutes to finish reading https://review.openstack.org/#/c/127353/ and gather my thoughts, in case we discuss it today <_<19:53
greghayneshaha, ok19:53
*** kgriffs is now known as kgriffs|afk19:59
*** lisaclark1 has joined #openstack-barbican19:59
*** tkelsey has quit IRC20:00
*** tkelsey has joined #openstack-barbican20:01
*** david-lyle has quit IRC20:02
rm_workchellygel: meeting?20:03
chellygeluhhh20:03
jaosoriorHALP20:03
rm_workWE ARE LEADERLESS20:03
chellygeli cannn run it?20:03
rm_workit's only moments until we go full-on mob20:03
jaosorioryus20:03
*** lisaclark1 has quit IRC20:07
*** lisaclark1 has joined #openstack-barbican20:07
*** ryanpetrello has quit IRC20:17
*** ryanpetrello has joined #openstack-barbican20:17
*** rm_you has quit IRC20:21
*** rm_you has joined #openstack-barbican20:22
*** rm_you has joined #openstack-barbican20:22
*** ayoung-lunch is now known as ayoung20:22
*** jamielennox|away has quit IRC20:23
*** lbragstad has quit IRC20:23
*** erw has quit IRC20:23
*** tdink has quit IRC20:24
*** russell_h has quit IRC20:24
*** dimtruck has quit IRC20:24
*** jaosorior has quit IRC20:25
*** alee has quit IRC20:25
*** rm_work has quit IRC20:25
*** jroll has quit IRC20:26
*** erw has joined #openstack-barbican20:26
*** kgriffs|afk has quit IRC20:27
*** kgriffs|afk has joined #openstack-barbican20:27
*** kgriffs|afk is now known as kgriffs20:28
*** jraim has quit IRC20:28
*** tdink has joined #openstack-barbican20:29
*** lbragstad has joined #openstack-barbican20:29
*** jraim has joined #openstack-barbican20:29
*** rm_work has joined #openstack-barbican20:29
*** dimtruck has joined #openstack-barbican20:29
*** alee has joined #openstack-barbican20:30
*** rm_work has quit IRC20:30
*** rm_work has joined #openstack-barbican20:30
*** russell_h has joined #openstack-barbican20:30
*** jroll has joined #openstack-barbican20:30
*** russell_h has quit IRC20:30
*** russell_h has joined #openstack-barbican20:30
*** jaosorior has joined #openstack-barbican20:30
openstackgerritSteve Heyman proposed openstack/barbican: Added debugging to help diagnost json decode issue  https://review.openstack.org/14660820:31
*** jamielennox|away has joined #openstack-barbican20:32
*** jamielennox|away is now known as jamielennox20:32
openstackgerritMerged openstack/python-barbicanclient: Updated from global requirements  https://review.openstack.org/14616320:36
*** kgriffs has quit IRC20:40
hockeynut** everyone can ignore https://review.openstack.org/146608 - I'm using that to get some debug information for that json decoding error **20:40
*** rm_you has quit IRC20:44
*** rm_you has joined #openstack-barbican20:45
*** rm_you has joined #openstack-barbican20:45
greghayneshockeynut: That would be sort of awesome to have merged though. Its super useful as an ops to be able to turn on debug and get that info.20:45
greghaynes(we do this all the time in tripleo with other services)20:46
*** kgriffs|afk has joined #openstack-barbican20:46
jvrbanacgreghaynes, I think this issue he's trying to deal with is not seeing any information coming back from testr20:46
*** kgriffs|afk is now known as kgriffs20:46
greghaynesYes. I am just saying that having a request's get logged when you have debug turned on is super useful20:47
greghayneswhich I think is what what does20:47
jvrbanacgreghaynes, I agree!20:47
*** david-lyle has joined #openstack-barbican20:57
*** kgriffs has quit IRC20:58
chellygelthanks rm_work , tkelsey  :)21:00
rm_workredrobot: when do you want to sync? probably woodster_ too21:00
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Only de-serialize objects when possible  https://review.openstack.org/14646721:01
redrobotrm_work I'm WFH right now21:01
rm_workredrobot: kk21:01
rm_workso more IRC discussion or wait until you're in-office?21:01
redrobotrm_work I can vidyo if you want more bandwidth than IRC21:01
rm_workor maybe woodster_ can set me straight if he had an opinion21:01
jaosorioranybody has time to check this one out? it's almost there :D https://review.openstack.org/#/c/144743/21:02
rm_workwoodster_ tends to be good at convincing me I had the right idea the whole time, and it was the one he had :P21:02
woodster_I'm game for IRC or vidyo21:02
*** kgriffs|afk has joined #openstack-barbican21:02
*** kgriffs|afk is now known as kgriffs21:03
woodster_rm_work, I think it's awesome you want to implement that RBAC feature actually :)21:03
rm_workwoodster_ / redrobot are you two on the same page?21:03
redrobotrm_work I think so...21:03
woodster_....is that what you mean?21:03
rm_workif so, I only need to talk to one of you, and see if one or the other of us comes around21:03
woodster_rm_work as far as barbican not being in castellan, I think so21:03
rm_workwoodster_: you have time today?21:04
woodster_if castellan is an independent repo, then other projects *and* barbican-client can depend on it21:04
redrobotrm_work maybe the commit message in this CR helps? https://review.openstack.org/#/c/138875/21:04
tkelseyOK, im going offline now, (its late here in the UK lol) thanks for the input all, I'll update the KMIP certs patch tomorrow21:04
rm_workI don't see why barbican-client would ever depend on Castellan21:04
rm_workCastellan is a higher level than Barbican21:04
woodster_tkelsey, thanks!21:04
rm_workUser -> Castellan -> Barbican21:05
rm_worknot User -> Barbican -> Castellan21:05
greghaynesrm_work: so is there going to be a client for castellan?21:05
rm_workno21:05
rm_workCastellan is a lib for importing into other code21:05
redrobotrm_work actually it's User -> (Castellan implementation via baribicanclient) -> Barbican21:05
rm_workyou wouldn't use it as a CLI or anything21:05
rm_workredrobot: sure21:05
woodster_castellan is a key manager interface only, no server/service21:05
rm_workyes21:05
greghaynesI think redrobot hit what I was getting at21:06
greghaynes*something* has to be a client21:06
rm_worksure21:06
rm_workerr21:06
rm_worknot really21:06
woodster_redrobot, agreed21:06
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Fix usage of keystone v3  https://review.openstack.org/14332921:06
rm_workUser -> Neutron-LBaaS (internally: Castellan -> Barbicanclient -> Barbican)21:06
rm_workOR21:06
rm_workUser -> Neutron-LBaaS (internally: Castellan -> LocalStorage -> Harddrive)21:06
redrobotrm_work yes, that is correct21:06
woodster_I suppose castellan could depend on barbican-client, but it would have to be an optional dependency for castellan, so openstack projects using don't *have* to install barbican-client too21:07
rm_workso both the LocalStorage and Barbicanclient implementations should live inside Castellan21:07
rm_workright21:07
rm_workit depends on what driver you use21:07
greghaynesgotcha, so its up to $project to make the client21:07
redrobotrm_work not necessarily, because then importing castellan would import barbicanclient and all its dependencies21:07
rm_workNeutron-LBaaS ships with radware/A10/netscaler/embrane/etc drivers, obviously it only "depends" on the one you configure it to use21:07
redrobotrm_work can neutron-lbass work with other drivers that are not included?21:08
rm_workredrobot: only if you use the barbicanclient driver21:08
rm_workredrobot: yes21:08
*** rellerreller has quit IRC21:08
rm_workthough we suggest people put theirs in-tree so others can make use of them21:08
redrobotrm_work think of the barbicanclient implementation as a driver outside the package.21:08
woodster_the barbican-client driver could not be gate tested in castillan though because barbican is not in global requirements.21:08
rm_workwoodster_: barbicanclient IS in global requirements21:08
rm_worksee: https://review.openstack.org/#/c/146231/21:09
rm_work(my change, actually)21:09
*** tkelsey has quit IRC21:09
woodster_rm_work, oh yeah, sorry I see it there21:09
rm_workredrobot: but if Castellan only includes the interface, it becomes much less useful21:09
rm_workbecause then we need OTHER repos to include to get the actual implementations21:10
rm_workor else we are right back in the code-reuse dilemma we started in21:10
rm_workcopy/pasting the same impl code over and over21:10
rm_workwhat is the point then?21:10
rm_workyou should be able to import Castellan, and configure it to use Barbican as its plugin21:11
rm_workand it just "works"21:11
redrobotrm_work you wouldn't copy-paste implementation....  for a deployment where barbican will be used, the operator would install barbicanclient and enable that implementation.21:11
rm_worksee the Octavia interface/impl21:11
woodster_I don't think so...deployers were deploy castellan to get interface, and then barbican-client to get impl for that interface.21:11
rm_workhttps://github.com/stackforge/octavia/blob/master/etc/octavia.conf#L3021:12
redrobotrm_work that's not to say that Castellan won't have _any_ implementations21:12
redrobotrm_work it's just that the Barbican implementation will live in barbicanclient21:12
rm_workso21:13
rm_workcert_manager_class = octavia.certificates.manager.LocalCertManager21:13
rm_workwould be21:13
rm_workcert_manager_class = python-barbicanclient.castellan.manager.BarbicanCertManager21:13
rm_work?21:13
redrobotrm_work yeah... and that BarbicanCertManager would implement the interface defined in Castellan21:14
rm_workI guess that works? but doesn't seem as simple to me21:14
*** kaitlin-farr has quit IRC21:14
rm_workand is definitely not how the rest of openstack functions21:14
greghaynesthat gets nasty for testing21:14
redrobotrm_work so that octavia would only use Castellan, and not have to worry about barbicanclient21:14
greghaynesyou have to co-gate the projects essentially21:14
rm_workredrobot: octavia already only worries about Castellan21:14
redrobotgreghaynes co-gate ?  How so?21:15
rm_workit's up to the deployer to configure it to use whatever plugin you want21:15
rm_workbut the plugins are all in-tree with Castellan, in one nice easy to browse/test/etc place21:15
greghaynesredrobot: you dont want changes in castellan breaking the barbican driver implementation21:15
woodster_Looking over the kilo-design sessions etherpad (at https://etherpad.openstack.org/p/barbican-kilo-design-sessions)...see line #35. Per my notes Doug Hellman was ok with having a Barbican driver impl in the key manager as long as not the only impl.21:15
rm_workthis is how *everything* in openstack already works21:15
greghaynesredrobot: but you cant test that unless you test barbicanclient per castellan change21:15
rm_workdrivers/plugins are primarily in-tree21:16
*** david-lyle has quit IRC21:16
*** david-ly_ has joined #openstack-barbican21:16
rm_workso I believe what you are suggesting would be a deviation21:16
redrobotgreghaynes yeah, we could set up a barbicanclient gate on castellan... it's not unheard of in OpenStack21:16
greghaynesredrobot: yep. but as of late were trying to get rid of that as much as possible21:16
greghaynestheres another issue with that, actually21:17
greghaynesI think it interferes with graduation ability21:17
greghaynesalthough that might be changed now21:17
woodster_...so if *politically* folks are ok with barbican-client being in castellan, I'd be ok with it. Where 'politically' is defined as core reviewers accepting a castellan dependency into their projects.21:17
redrobotgreghaynes why trying to get rid of upstream gating?21:18
rm_workit shouldn't force a hard dependency in any way... not sure why we keep coming back to that21:18
rm_workinstalling neutron-lbaas doesn't cause a dependency on A1021:19
rm_workjust because the A10 plugin is in-tree21:19
woodster_will python-barbicanclient be added to requirements.txt of castellan?  If so, then it's a hard dependency21:19
rm_worknot necessarily21:19
rm_workI'd put it in test-requirements21:19
rm_worksince it'd be required for a full test of all the plugins21:20
rm_workbut isn't required for basic use of the interface21:20
redrobotrm_work but then the operator would still have to install barbicanclient before being able to use it, so I don't see what the benefit is21:20
greghaynesredrobot: co-gating. I dont think its been codified yet though... As someone who maintains a project that does a ton of cross-project tests its because its a major PITA ;)21:20
rm_workthe operator has to configure it to use barbican as the chosen plugin as well21:20
rm_workbut that is already how this works throughout openstack21:20
rm_workusually there are deploy-notes21:21
rm_workbut it will never be the "default" configured plugin21:21
rm_workso a basic install will "just work"21:21
woodster_greghaynes, are you saying cross project gate tests interfere with graduation?21:21
woodster_rm_work, I'd agree with that21:22
rm_workif you want to see how neutron / neutron-lbaas handle this exact thing, I can show you21:22
greghayneswoodster_: well, I dont think graduation is a thing in post big-tent? There is an issue where you couldnt co-gate/depend on a non-graduated project21:22
redrobotyeah... I don't think "graduation" is a thing anymore >_>21:23
rm_workthe biggest thing is, as a project developer (architect / coder) I should just "from castellan import certmanager"21:23
woodster_but 'not incubated' is still a desired state, whatever that ends up being. :)21:23
rm_workand then the deployer should only have to change the config and read the deploy notes21:23
redrobotrm_work and you can... whether the implementation that uses barbican is in-tree or not.21:23
greghaynesyea, theres a tag system that I have yet to read up on21:23
woodster_rm_work, I do agree that from a separation of concerns perspective, I'd much rather have a barbican plugin for castellan in castellan21:24
rm_workso, I see what you're saying, and you are correct21:24
rm_workbut yes, what woodster_ said21:24
rm_workexcept I apparently weight that concern higher21:24
rm_workI would *much* rather have a barbican plugin for castellan *in castellan*21:25
rm_workthat way they can be iterated together21:25
rm_workand easily discovered21:25
rm_workand tested together21:26
woodster_I've just been concerned about the ability to get castellan CR's merged into the projects that wish to integrate (indirectly anyway) with barbican. It sounds like an in-castillan barbican client dependency on the testing side of things wouldn't prevent that. redrobot what do you think about that?21:27
redrobotwoodster_ rm_work  I really don't have a good argument against having the impl in Castellan.  The general concern in Paris was that if Castellan depended on Barbican people may not want to use it...21:29
rm_workI don't believe that is an issue21:29
*** paul_glass has quit IRC21:29
greghaynesdepend on barbicanclient, not barbican21:30
greghaynesThis is a problem heat has21:30
greghaynesand they just depend on *client21:30
greghaynesbut you could alternatively just put it in test-req's21:30
rm_workright21:30
rm_workyes21:30
woodster_After looking back at notes regarding Doug Hellman, I'm tending towards agreeing with rm_work. To clinch this though, do we need to get blessing from the TC, or maybe ask this question of the openstack dev mailing list?21:30
rm_workI assume when we're saying "dependency on barbican" what people mean is python-barbicanclient21:31
rm_workbecause it would be silly to depend on the actual service in requirements.txt >_>21:31
*** paul_glass has joined #openstack-barbican21:31
greghaynesIf you *really* want to give people a reason to be mad about a dependency you could do that21:32
rm_workeven putting python-barbicanclient in the main requirements.txt shouldn't be a huge issue, it's what, a few KB client lib that is completely inert unless called >_>21:32
woodster_Or just remove it from castellan later if folks disapprove later? :)  Since there is already implementation around all of this, I'm of a mind to just have it come in as is to get the ball rolling.21:32
rm_workbut test-requirements seems fine21:32
redrobotrm_work python-barbicanclient pulls in a ton of stuff via python-keystoneclient and oslo.*21:33
rm_workhmm21:33
woodster_rm_work, well it pulls in keystoneclient which apparently pulls in a number of other dependencies (20 or so?)21:33
rm_workthe assumption is this will be used by OpenStack projects21:33
rm_workbut21:33
rm_worki see your point21:33
rm_workIE, if you're using this, you probably ALREADY rely on keystone21:34
rm_workbut even so, test-requirements only would solve that21:34
woodster_rm_work, agreed on that last point21:34
rm_workand I am volunteering to do a lot of the work to get Castellan up and working :P21:34
redrobotI agree with woodster_ that we could put the impl in Castellan and move it to python-barbicanclient later if the community would prefer it that way21:35
*** kebray has joined #openstack-barbican21:35
woodster_I was curious about that, that last thing in the IRC today was that rellerreller was going to do the work21:35
rm_workyeah, if it comes to that, and people really hate it, that should be simple21:35
rm_workwoodster_: he was going to start by putting the cinder code in the repo21:35
rm_workfrom there I'll put my stuff on top and probably do a bit of tweaking / refactoring21:35
rm_workthat is my plan, at least, for the moment21:35
rm_worksince I specifically designed my stuff to go on top of cinder's base code, and i have in mind all the necessary tweaks for that to work21:36
woodster_did he say when he was going to do that though? I'd like to settle this soon in the Kilo cycle, before M2 preferably. He's a new dad and stretched thin at work. :)21:36
rm_workhmm21:37
rm_worknot sure21:37
rm_workas long as we get to it by the end of the meetup in Feb, I'm happy21:37
rm_worksooner would be even better though21:37
woodster_ok, I'll probably email him about it then21:37
*** jroll has quit IRC21:38
*** jroll has joined #openstack-barbican21:38
rm_work... this 5-point story has been going for 7 sprints now <_<21:38
rm_workit is my curse21:39
redrobotwoodster_ rm_work he did mention they were not looking at the client, and were already stretched thin21:39
woodster_rm_work, do you think that castellan CR would land easily in octavia, or would there be a long review cycle for it?21:39
rm_workwoodster_: should be easy to rip out my stuff and replace it with the Castellan interface, given that i'm literally planning on just moving the files from Octavia into the Castellan Repo and doing a find/replace on octavia -> castellan21:40
woodster_rm_work, but the core review/merge process would go quick after that?21:40
*** david-ly_ has quit IRC21:40
rm_workredrobot: right, so they will merge the interface in whatever state they need it, and i can throw the impl in there along with my stuff21:41
rm_workwoodster_: yes21:41
rm_workwoodster_: we're a pretty tight group and have decent motivation :P21:41
*** david-lyle has joined #openstack-barbican21:41
woodster_rm_work, nice! So other integrations are the nova/cinder integration that the JH team is working on, and Heat as well21:42
rm_workyeah21:42
rm_workand again, i hope those are fairly straightforward, granted the code is copy/pasted from cinder -> castellan directly in that case as well21:43
SheenaG1woodster_: ping21:47
woodster_SheenaG1, howdy21:47
woodster_rm_work, if rellerreller is swamped, could you do the initial port of code if needed?21:48
SheenaG1Hey woodster_, any chance you could jump into our internal channel?  I have a couple of questions21:48
rm_workwoodster_: probably if it comes to that21:48
rm_workmight actually not be a bad week for it21:48
woodster_SheenaG1, yep (in there now)21:48
rm_workwoodster_: i just assumed since they really *knew* that interface, they might want it set up in a particular way21:49
*** david-lyle has quit IRC21:49
rm_workalso I am a bit fuzzy on exactly how the keystone bits will work for the actual barbican impl, but i guess that's not specifically relevant21:49
rm_workand probably I will make that a different CR anyway21:49
*** david-lyle has joined #openstack-barbican21:50
woodster_SheenaG1, mumble or vidyo?21:50
SheenaG1woodster_: which room are you in?  I don't see you.21:50
SheenaG1I'm looking for you in our internal IRC21:50
redrobotrm_work I presume the impl will define some config parameters to get the keystone credentials needed for connecting to barbican21:51
rm_workyeah21:51
woodster_SheenaG1, I was bounced by vpn, in there now21:52
rm_workredrobot: see: https://github.com/stackforge/octavia/blob/master/octavia/certificates/common/barbican.py#L6021:52
rm_workI just haven't actually *tested* that yet21:52
rm_workbut it *should* work (hopefully well)21:52
*** kebray has quit IRC21:53
openstackgerritSteve Heyman proposed openstack/barbican: Added debugging to help diagnose json decode issue  https://review.openstack.org/14660821:58
*** ametts has joined #openstack-barbican21:59
rm_workI'll ask rellerreller if he'd prefer I do that, next time he's on22:00
*** kebray has joined #openstack-barbican22:07
openstackgerritMerged openstack/barbican: Configure keystomemiddleware using identity_uri  https://review.openstack.org/14610022:10
*** SheenaG1 has quit IRC22:32
*** lisaclark1 has quit IRC22:40
openstackgerritSteve Heyman proposed openstack/barbican: Added debugging to help diagnose json decode issue  https://review.openstack.org/14660822:42
*** ryanpetrello_ has joined #openstack-barbican22:56
*** SheenaG1 has joined #openstack-barbican22:56
*** ryanpetrello has quit IRC22:59
*** ryanpetrello_ is now known as ryanpetrello22:59
*** SheenaG11 has joined #openstack-barbican22:59
*** SheenaG1 has quit IRC23:01
*** dimtruck is now known as zz_dimtruck23:10
*** jaosorior has quit IRC23:13
*** nkinder has quit IRC23:14
*** zz_dimtruck is now known as dimtruck23:15
*** david-lyle has quit IRC23:20
*** ametts has quit IRC23:24
*** chlong has joined #openstack-barbican23:29
*** rtom has quit IRC23:37
*** paul_glass has quit IRC23:38
*** SheenaG1 has joined #openstack-barbican23:43
*** SheenaG11 has quit IRC23:47
*** dimtruck is now known as zz_dimtruck23:47
« Sunday, 2015-01-11 Index Tuesday, 2015-01-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!