| *** SheenaG has quit IRC | 00:05 | |
| *** SheenaG has joined #openstack-barbican | 00:19 | |
| *** chlong_ has joined #openstack-barbican | 00:20 | |
| openstackgerrit | Arun Kant proposed openstack/barbican: Adding documentation for ACLs operations. https://review.openstack.org/178479 | 00:22 |
|---|---|---|
| *** david-lyle has quit IRC | 00:28 | |
| openstackgerrit | Arun Kant proposed openstack/barbican: Adding documentation for ACLs operations. https://review.openstack.org/178479 | 00:32 |
| *** zz_dimtruck is now known as dimtruck | 00:40 | |
| *** dave-mccowan has quit IRC | 01:20 | |
| *** SheenaG has quit IRC | 01:23 | |
| *** dave-mccowan has joined #openstack-barbican | 02:30 | |
| *** dave-mccowan has quit IRC | 02:38 | |
| *** gyee has quit IRC | 02:47 | |
| *** chlong has quit IRC | 03:05 | |
| *** dave-mccowan has joined #openstack-barbican | 03:14 | |
| *** dimtruck is now known as zz_dimtruck | 03:36 | |
| *** david-lyle has joined #openstack-barbican | 03:48 | |
| *** chlong_ has quit IRC | 03:52 | |
| *** dave-mccowan has quit IRC | 03:53 | |
| *** kebray has quit IRC | 04:40 | |
| *** arunkant has quit IRC | 05:11 | |
| *** chlong has joined #openstack-barbican | 05:23 | |
| *** arunkant has joined #openstack-barbican | 05:32 | |
| *** chlong has quit IRC | 05:34 | |
| *** arunkant has quit IRC | 05:41 | |
| *** chlong has joined #openstack-barbican | 05:48 | |
| *** nickrmc83 has joined #openstack-barbican | 06:13 | |
| *** chlong has quit IRC | 06:24 | |
| *** chlong has joined #openstack-barbican | 06:27 | |
| *** smallbig has left #openstack-barbican | 06:49 | |
| *** woodster_ has quit IRC | 07:00 | |
| *** tkelsey has joined #openstack-barbican | 07:11 | |
| *** x3k is now known as xek | 07:19 | |
| *** xek has quit IRC | 07:40 | |
| *** xek has joined #openstack-barbican | 07:41 | |
| *** arunkant has joined #openstack-barbican | 07:43 | |
| *** jaosorior has joined #openstack-barbican | 08:28 | |
| zigo | Hi. | 09:28 |
| zigo | I have just uploaded barbican 2015.1.0 in Sid. | 09:29 |
| zigo | So, it may reach Debian as soon as the Debian FTP masters approve the package. | 09:29 |
| zigo | However, there's a few things which should be fixed. | 09:29 |
| zigo | Namely, could we have Barbican use standard stuff for config like --log-file= and such? | 09:30 |
| zigo | Redirecting the standard output is not very nice... | 09:30 |
| * zigo is out for lunch | 09:30 | |
| *** jamielennox is now known as jamielennox|away | 10:08 | |
| *** darrenmoffat has quit IRC | 10:18 | |
| *** darrenmoffat has joined #openstack-barbican | 10:19 | |
| *** mjg59 has quit IRC | 10:27 | |
| *** mjg59 has joined #openstack-barbican | 10:32 | |
| *** tkelsey has quit IRC | 11:12 | |
| *** tkelsey has joined #openstack-barbican | 11:30 | |
| *** tkelsey has quit IRC | 11:35 | |
| *** tkelsey has joined #openstack-barbican | 11:40 | |
| *** woodster_ has joined #openstack-barbican | 11:59 | |
| *** dave-mccowan has joined #openstack-barbican | 12:42 | |
| *** xaeth_afk is now known as xaeth | 13:10 | |
| *** nkinder has quit IRC | 13:24 | |
| *** alee has joined #openstack-barbican | 13:24 | |
| alee | woodster_, redrobot - workflow please -- https://review.openstack.org/#/c/181786/ | 13:26 |
| woodster_ | alee: done! | 13:27 |
| alee | woodster_, thanks! | 13:28 |
| *** zz_dimtruck is now known as dimtruck | 13:47 | |
| openstackgerrit | Merged openstack/barbican: Base64 encode the cert returned from the Dogtag plugin https://review.openstack.org/181786 | 13:51 |
| *** pglass has joined #openstack-barbican | 14:05 | |
| hockeynut | redrobot reaperhulk woodster_ hit a brutha with a workflow? https://review.openstack.org/#/c/179609/ | 14:14 |
| *** nkinder has joined #openstack-barbican | 14:17 | |
| *** dave-mccowan has quit IRC | 14:26 | |
| *** chlong has quit IRC | 14:30 | |
| *** silos has joined #openstack-barbican | 14:34 | |
| *** dave-mccowan has joined #openstack-barbican | 14:39 | |
| openstackgerrit | John Vrbanac proposed openstack/barbican: Adding config option for specifying HSM slot https://review.openstack.org/182128 | 14:47 |
| *** jhfeng has joined #openstack-barbican | 14:50 | |
| *** pglass has quit IRC | 15:06 | |
| *** pglass has joined #openstack-barbican | 15:07 | |
| *** nelsnelson has joined #openstack-barbican | 15:14 | |
| *** SheenaG has joined #openstack-barbican | 15:22 | |
| arunkant | woodster_, redrobot, jaosorior, ACL code and doc review is up..https://review.openstack.org//#/c/180888/ and https://review.openstack.org//#/c/178479/ | 15:26 |
| arunkant | dave-mccowan ^^^ | 15:27 |
| *** kebray has joined #openstack-barbican | 15:29 | |
| *** jhfeng has quit IRC | 15:34 | |
| *** jhfeng has joined #openstack-barbican | 15:35 | |
| *** rellerreller has joined #openstack-barbican | 15:36 | |
| *** gyee has joined #openstack-barbican | 15:44 | |
| *** shakamunyi has quit IRC | 15:51 | |
| *** barra204 has quit IRC | 15:51 | |
| openstackgerrit | Merged openstack/python-barbicanclient: Create behaviors for secrets https://review.openstack.org/179609 | 15:53 |
| *** kfarr has joined #openstack-barbican | 15:58 | |
| *** nickrmc83 has quit IRC | 16:04 | |
| *** kebray has quit IRC | 16:11 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/182322 | 16:31 |
| redrobot | zigo could you please file some bugs for the fixes you'd like to see? It would be the best way to track what's needed, and recruit people to make the changes. | 16:39 |
| *** dimtruck is now known as zz_dimtruck | 16:45 | |
| *** everjeje has quit IRC | 16:46 | |
| *** zz_dimtruck is now known as dimtruck | 16:53 | |
| *** jhfeng is now known as jhfeng-away | 17:06 | |
| rm_work | hey | 17:06 |
| rm_work | SheenaG: can't find the calendar invite all the sudden | 17:06 |
| rm_work | where am I supposed to connect? | 17:06 |
| rm_work | redrobot: Sheena_ ^^ | 17:07 |
| redrobot | https://plus.google.com/hangouts/_/calendar/c2hlZW5hLmdyZWdzb25AZ21haWwuY29t.ks3uj64h97s89o3vjbh60ol10k | 17:08 |
| redrobot | rm_work ^^ | 17:08 |
| *** jhfeng-away is now known as jhfeng | 17:10 | |
| *** Asha has joined #openstack-barbican | 17:21 | |
| Asha | Hi All | 17:21 |
| Asha | I would need help ..what woruld be the workaround to execute the curl commands in the latest barbican code ..since it is giving the following error when I executed the curl command for uploading and retrieving the secret | 17:23 |
| Asha | root@Clientfor-HAProxy ~]# curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here", "payload_content_type": "text/plain"}' http://localhost:9311/v1/secrets {"code": 403, "description": "Secret creation attempt not allowed - please review your user/project privileges", "title": "Forbidden"} [root@Clientfor-HAProxy ~]# curl -H 'X-Project-Id: 12345' http://localhost:9311/v1/secret | 17:23 |
| rm_work | redrobot / SheenaG: skip me i'll reboot | 17:23 |
| rm_work | yes | 17:23 |
| Asha | Any Help would highly be appreicated | 17:24 |
| Asha | I see der were some changes done in the barbican-functional file | 17:25 |
| *** jhfeng has quit IRC | 17:26 | |
| jvrbanac | Asha, you might check your policy.json file in etc/barbican | 17:26 |
| Asha | yeah ..so far I had not got this t error till last week ..On Friday ..I pulled the latest barbican code and am facing dis issue | 17:27 |
| jvrbanac | Asha, what kind of database are you using? | 17:28 |
| Asha | sqllite..d default one | 17:29 |
| Asha | I also see that new RBAC users has been added to barbican -functional.conf file | 17:30 |
| jvrbanac | Asha, that file is just used for functional tests and shouldn't affect this. | 17:30 |
| Asha | oh k ..thanks @jvrbanac | 17:31 |
| jvrbanac | Asha, ahh if you're using the development db (sqllite), that might be the problem. Ok. Try removing or moving the old /var/lib/barbican/barbican.sqlite file and restarting | 17:31 |
| jvrbanac | barbican | 17:31 |
| jvrbanac | Asha, I'm guessing it's the database here because SQLlite doesn't support database migrations, so if you came from an older version it can cause some random and interesting problems. | 17:33 |
| Asha | oh k ..Thanks a lot jvrbanac...would try doing that | 17:34 |
| Asha | and will let u know | 17:34 |
| jvrbanac | Asha, awesome ok | 17:34 |
| *** jhfeng has joined #openstack-barbican | 17:43 | |
| Asha | @jvrbanac ..I am geting the same error after moving sqllite file | 17:45 |
| openstackgerrit | Nathan Reller proposed openstack/barbican: Added pkcs1_only Configuration to KMIP https://review.openstack.org/182461 | 17:46 |
| jvrbanac | Asha, :( Do you know what older version you were using before? | 17:46 |
| Asha | I was using the kilo version | 17:47 |
| *** tkelsey has quit IRC | 18:02 | |
| Asha | Hi ..How do we get to know the version number of the barbican installed | 18:07 |
| *** kfarr has quit IRC | 18:13 | |
| redrobot | Asha should be listed on the response to the barbican root. | 18:14 |
| *** kebray has joined #openstack-barbican | 18:15 | |
| redrobot | Asha i.e. curl localhost:9311 | 18:15 |
| Asha | oh k ..Thanks a lot @ redrobot | 18:16 |
| Asha | @jvrbanac ...both are V1 versions ..but the build number is different' | 18:39 |
| *** kebray has quit IRC | 18:41 | |
| *** jhfeng is now known as jhfeng-away | 18:46 | |
| Asha | this was the older version I was using root@barbican:~# curl -H 'X-Project-Id:12345' localhost:9311 {"v1": "current", "build": "2015.1.dev143"} | 18:47 |
| *** jhfeng-away has quit IRC | 18:47 | |
| *** jaosorior has quit IRC | 18:52 | |
| *** rellerreller has quit IRC | 19:03 | |
| jvrbanac | Asha, sry. I actually meant the git commit id. I wanted to see if I could replicate the problem | 19:11 |
| Asha | sure ..np ..jvrbanac | 19:13 |
| Asha | {"v1": "current", "build": "2015.2.0.dev43"} - this is the latest one I got for which I am facing the issue | 19:14 |
| Asha | how do we get the git commit id ? | 19:14 |
| *** jhfeng has joined #openstack-barbican | 19:15 | |
| Asha | or else you can dowload the latest code from the git hub for barbican | 19:15 |
| jvrbanac | Asha, so what I was hoping to do was grab the version of code that has didn't have a problem for you and try to work out what has changed since then that might cause the problem | 19:19 |
| jvrbanac | Asha, You know... I just thought of something. Before we go down that road, can you try to reinstall the barbican dependencies? You should be able to do that with a: pip install -U -r requirements.txt | 19:21 |
| Asha | oh k .sure | 19:23 |
| Asha | yeah ..done | 19:24 |
| jvrbanac | Asha, try restarting barbican and see if you still have the problem | 19:25 |
| Asha | nopes ..it is not working | 19:29 |
| Asha | I guess it has to be something with the user and project permissions | 19:29 |
| Asha | earlier dere might be some default rules | 19:30 |
| Asha | where in we could genrally execute the curl command with our own project ID and the user can be anything ..In my case ,,it was the root user | 19:31 |
| Asha | and used the project ID 12345 | 19:31 |
| Asha | We need not configure these attributes in the barbican project | 19:32 |
| jvrbanac | Asha, I'm not too familiar with the per-secret permissions stuff that was added a while ago. If you have done this already, you might compare your policy.json file to: https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json | 19:32 |
| *** dave-mccowan has quit IRC | 19:33 | |
| jvrbanac | Asha, I'm guessing the one you're using is it /etc/barbican/policy.json | 19:33 |
| jvrbanac | s/it/in/ | 19:34 |
| Asha | yes | 19:44 |
| Asha | But if we compare the rules , ACL support was added for the latest one | 19:46 |
| Asha | but dat should ,not impact the basic commands like uploading or reterival mfo the secrets | 19:47 |
| *** jhfeng has quit IRC | 19:55 | |
| *** silos has left #openstack-barbican | 20:00 | |
| Asha | It would be great if someone cud really help me with this | 20:15 |
| Asha | Currently working on the proxy stuff | 20:16 |
| Asha | It would block me if I would not resolve this issue | 20:16 |
| *** dave-mccowan has joined #openstack-barbican | 20:26 | |
| *** kebray has joined #openstack-barbican | 20:30 | |
| *** kebray has quit IRC | 20:31 | |
| jvrbanac | Asha, sry, I'm bouncing around between tasks today. So that ACL changes did affect permissions to secrets, so it's quite possible that something like an outdated policy.json could cause something like this. | 20:34 |
| *** nkinder has quit IRC | 20:37 | |
| jvrbanac | Asha, another potential issue is perhaps there is an issue with the use of barbican without authentication. | 20:39 |
| jvrbanac | Asha, I'm not sure | 20:39 |
| Asha | oh k ..does it mean that we need to integrate it with the keystone in order to make it work | 20:41 |
| *** kebray has joined #openstack-barbican | 20:41 | |
| Asha | np @jvrbanac ...I understand ..I would appreicate for your time and effort in helping me out with this issue | 20:42 |
| jvrbanac | Asha, it should work without Keystone; however, if it works behind keystone for you, then it's probably where the bug is | 20:49 |
| *** kebray has quit IRC | 21:01 | |
| *** kebray has joined #openstack-barbican | 21:02 | |
| *** jorge_munoz_ has joined #openstack-barbican | 21:04 | |
| Asha | k ..Thanks @jvrbanac ...I need to check if it works with integrating iwth keystone | 21:06 |
| Asha | Since I had integrated iwth keystone the older barbican version | 21:06 |
| Asha | older version of barbican used to work without integarting with keystone ..but when imtegarted with the keystone n..v need to provide the token along with commad | 21:07 |
| *** kfarr has joined #openstack-barbican | 21:07 | |
| *** jorge_munoz has quit IRC | 21:09 | |
| *** greghaynes has quit IRC | 21:09 | |
| *** jorge_munoz_ is now known as jorge_munoz | 21:09 | |
| jvrbanac | Asha, yeah... it looks like there is an issue running unauthenticated. | 21:09 |
| *** greghayn1 has joined #openstack-barbican | 21:10 | |
| *** kfarr has quit IRC | 21:10 | |
| *** kfarr has joined #openstack-barbican | 21:10 | |
| Asha | yes jvrbanac | 21:11 |
| *** greghayn1 is now known as greghaynes | 21:29 | |
| *** xaeth is now known as xaeth_afk | 21:47 | |
| *** SheenaG1 has joined #openstack-barbican | 21:50 | |
| *** SheenaG has quit IRC | 21:50 | |
| *** dave-mccowan has quit IRC | 21:53 | |
| *** kfarr has quit IRC | 21:59 | |
| *** nkinder has joined #openstack-barbican | 22:18 | |
| *** jamielennox|away is now known as jamielennox | 22:19 | |
| *** pglass has quit IRC | 22:20 | |
| *** nelsnelson has quit IRC | 22:25 | |
| *** dimtruck is now known as zz_dimtruck | 22:34 | |
| -openstackstatus- NOTICE: Gerrit and Zuul are going offline for reboots to fix a security vulnerability. | 22:38 | |
| *** ChanServ changes topic to "Gerrit and Zuul are going offline for reboots to fix a security vulnerability." | 22:38 | |
| *** openstackgerrit has quit IRC | 22:47 | |
| *** openstackgerrit has joined #openstack-barbican | 22:49 | |
| *** ChanServ changes topic to "OpenStack Barbican development" | 22:56 | |
| -openstackstatus- NOTICE: Gerrit and Zuul are back online. | 22:56 | |
| *** Asha has quit IRC | 22:57 | |
| *** SheenaG1 has quit IRC | 22:59 | |
| *** SheenaG has joined #openstack-barbican | 23:15 | |
| *** SheenaG has quit IRC | 23:36 | |
| *** SheenaG has joined #openstack-barbican | 23:44 | |
| *** dave-mccowan has joined #openstack-barbican | 23:47 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!