Monday, 2015-06-08

« Sunday, 2015-06-07 Index Tuesday, 2015-06-09 »
*** kebray has joined #openstack-barbican00:48
*** kebray has quit IRC00:49
*** jamielennox|away is now known as jamielennox01:07
*** pglass has quit IRC01:19
*** zz_dimtruck is now known as dimtruck01:20
*** dave-mccowan has quit IRC01:24
*** stanzi has joined #openstack-barbican01:32
*** stanzi has quit IRC01:43
*** stanzi has joined #openstack-barbican01:43
*** dave-mccowan has joined #openstack-barbican01:46
*** stanzi has quit IRC01:48
*** kebray has joined #openstack-barbican02:24
*** dimtruck is now known as zz_dimtruck02:29
*** stanzi has joined #openstack-barbican02:30
*** kebray has quit IRC03:14
*** kebray has joined #openstack-barbican03:15
*** dave-mcc_ has joined #openstack-barbican03:55
*** stanzi has quit IRC03:56
*** dave-mccowan has quit IRC03:57
*** dave-mcc_ has quit IRC03:59
*** pglass has joined #openstack-barbican04:01
*** pglass has quit IRC04:27
*** kebray has quit IRC04:56
*** stanzi has joined #openstack-barbican05:07
*** stanzi has quit IRC05:11
*** mordred has quit IRC06:46
*** nickrmc83 has joined #openstack-barbican07:05
*** jaosorior has joined #openstack-barbican07:15
*** openstackgerrit has quit IRC10:09
*** openstackgerrit has joined #openstack-barbican10:09
*** darrenmoffat has quit IRC11:55
*** darrenmoffat has joined #openstack-barbican11:55
*** zz_dimtruck is now known as dimtruck12:06
*** kfarr_ has joined #openstack-barbican12:29
*** woodster_ has quit IRC12:32
*** dimtruck is now known as zz_dimtruck12:33
*** kfarr_ has quit IRC12:43
*** kfarr has joined #openstack-barbican12:43
*** dave-mccowan has joined #openstack-barbican12:53
*** rellerreller has joined #openstack-barbican13:23
*** alee has joined #openstack-barbican13:24
aleejaosorior, morning13:31
jaosorioralee: hey man13:31
jaosoriorhow's it going?13:31
aleejaosorior, good -- working from the New York office for the next couple of weeks13:31
aleejaosorior, its pretty nice, albeit a little noiser than home13:31
jaosoriornot bad! I've never been there13:32
aleejaosorior, Its a great city - although this will be the first time I'm there with the kids13:32
alee(part of our annual "vacation")13:33
aleejaosorior, I was looking at the dogtag gate job13:33
jaosoriorDid you look at the section of the log I pointed out last week?13:34
aleeit looks like for some reason the nss db is created for the alias-ca directory but not for the alias directory13:34
jaosorioryup, even though we do the mkdir for the alias directory13:35
*** woodster_ has joined #openstack-barbican13:35
aleedo we do a mkdir for the alias-ca directory?13:35
jaosoriorNo, it just works13:35
aleeweird -- looking at the plugin code ..13:36
jaosoriorNow, I did try to specify them both to be in the same alias directory... but that caused some other error in the installation that I couldn't identify from the logs13:36
aleejaosorior, I wonder if we can just create the initial nssdb in the alias directory13:37
jaosoriorI guess that could be possible. But we would still not know what the issue actually is. Which would be nice to either get fixed or at least documented13:39
aleejaosorior, ok - so creating the alias db is probably the wrong thing to do in this case because of this code ..13:39
aleeif not os.path.exists(nss_db_path):13:40
alee            create_nss_db = True13:40
alee            cryptoutil.NSSCryptoProvider.setup_database(13:40
alee                nss_db_path, nss_password, over_write=True)13:40
aleeso --- if we do create the alias directory, we must also create the nssdb13:40
jaosoriorAlright13:40
jaosoriorI'll remove the mkdir for the alias directory to try and figure out why it's not setting up the database13:41
aleeand then you also have to import the transport key13:41
aleeso yeah  -- lets remove the mkdir13:41
aleeand leave the debugging stuff in there to see whats going on13:42
jaosorioruhm.... would it be that the barbican process doesn't have permissions to create a directory in that path?13:42
aleewell it created the alias_ca directory, right?13:43
jaosoriortrue13:43
jaosorioris there anything different in the creation of that one?13:43
aleeno13:43
jaosoriordamn13:43
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: service_enabled instead of environment variable for dogtag  https://review.openstack.org/18518113:44
aleenow - it is true that for the alias dir , we also import the transport cert13:44
aleeso maybe something is failing there13:44
aleeI guess this run will tell us13:44
jaosoriorwhere in the code is the import of the transport cert13:46
jaosorior?13:46
aleeplugin/dogtag.py13:46
aleeline 15813:46
aleedont forget to check experimental13:46
*** zz_dimtruck is now known as dimtruck13:48
aleejaosorior, if this doesn't work, we can print out the kra logs -- thats where the transport cert comes from13:49
aleeand also modify things in make the import more explicit13:50
aleelets seee what the log says13:50
aleejaosorior, interesting ..13:51
jaosorioralee: what?13:51
aleejaosorior, so looking at the output you had13:51
aleethe owner of the certdb files is stack13:52
aleewould barbican be running as "stack" or as barbican?13:53
jaosorioruhm... I think it will be stack. Why?13:53
aleejust as long as whoever creates the certdb is the user that runs barbican13:54
aleeas long as both is stack13:54
*** insequent has joined #openstack-barbican14:05
*** pglass has joined #openstack-barbican14:12
aleejaosorior, looks like the certdb is created and the transport cert is imported14:12
aleejaosorior, looking at logs14:12
jaosorioralee: http://logs.openstack.org/81/185181/18/experimental/gate-barbican-dogtag-devstack-dsvm-f21/56fbc96/console.html#_2015-06-08_14_08_40_81214:17
aleejaosorior, right -- if you notice - the KRA transport cert has been imported.14:18
aleethe code looks like this ..14:19
aleeif create_nss_db:14:21
alee                self.import_transport_cert(crypto)14:21
alee            crypto.initialize()14:21
alee            self.keyclient.set_transport_cert(14:21
alee                DogtagKRAPlugin.TRANSPORT_NICK)14:21
aleeso it imports the transport cert correctly14:21
aleeand then tries to get the cert it just imported14:21
aleeand puts it in the crypto object14:22
aleethat call set_transport_cert() is failing ..14:22
aleewhy? why? !!!14:22
*** Kevin_Bishop has joined #openstack-barbican14:25
jaosorioryeah... it's that weird issue (SEC_ERROR_BAD_DATABASE) security library: bad database.14:26
jaosoriorwhere's the code for that pki package?14:26
aleejaosorior, well - thats in dogtag code, let me get a link ..14:27
aleejaosorior, https://git.fedorahosted.org/cgit/pki.git/tree/base/common/python/pki/key.py?h=DOGTAG_10_2_1_BRANCH#n44114:33
aleejaosorior, which calls https://git.fedorahosted.org/cgit/pki.git/tree/base/common/python/pki/crypto.py?h=DOGTAG_10_2_1_BRANCH#n28114:35
aleewhich calls nss.find_cert_from_nickname(cert_nick)14:35
aleewhich is in python-nss14:35
*** stanzi has joined #openstack-barbican14:37
jaosoriorok14:38
jaosoriorso, it tries to fetch that cert... where should that cert be set up in the first place?14:38
*** jamielennox is now known as jamielennox|away14:38
aleein the certdb which we just created14:38
aleeand which we see actually contains the cert14:39
jaosoriorI see14:41
*** stanzi has quit IRC14:41
jaosoriorwell, crap14:41
aleejaosorior, talking with someone else on this -- maybe join #dogtag-pki14:42
jaosoriorWell, I need to go for a couple of hours14:42
jaosoriorbut I'll check out if there was any news when I'm back14:42
*** xaeth_afk is now known as xaeth14:55
openstackgerritJohn Wood proposed openstack/barbican-specs: Add a No Prior Key Certificate Order Type  https://review.openstack.org/15589114:56
*** nkinder has joined #openstack-barbican15:02
openstackgerritJohn Wood proposed openstack/barbican-specs: Add a No Prior Key Certificate Order Type  https://review.openstack.org/15589115:04
*** xaeth is now known as xaeth_afk15:05
rellerrellerSo do the normal unit tests run with `tox` require devstack to be running now?15:08
rellerrellerWhat is the deal with cfg now? chellygel I saw your comment on that, but I did not know what that meant or what to do.15:09
*** xaeth_afk is now known as xaeth15:13
therverellerreller, Why do you say that?15:16
rellerrellertherve say which part?15:17
rellerrellerThe part about the unit tests or CFG?15:17
thervereaperhulk, unit tests15:17
therveUh rellerreller  sorry15:18
rellerrellertherve because my unit tests were failing, lots of them, and they were complaining about not gettting the right response from http://localhost/secrets or something similar.15:18
rellerrellerSo I invoked devstack to run and now my unit tests are passing, except for the CFG issue now.15:19
therverellerreller, I don't think that's expected15:19
therveAt least that works for me on master15:20
rellerrellertherve That's not good. I wonder if I did something wrong, but that was the first time that I have been able to run them.15:20
rellerrellertherve You mean you can run without devstack on master?15:21
therverellerreller, Yes15:21
rellerrellertherve What is happening to me then :(15:21
*** kebray has joined #openstack-barbican15:21
rellerrellerI'll try to rebase again and see what happens.15:22
chellygelhey rellerreller ! i was referring to the change that Kevin_Bishop made to centralize our configs15:22
chellygelone sec i'll pull it up15:22
therverellerreller, What's your patch? Did you try master?15:22
rellerrellertherve My patch is the pkcs1_config option. I rebased on Friday from the latest from master. That was the last rebase. I have not tried a straight run of master yet. The tests take a long time for me now, many minutes.15:23
rellerrellertherve I'm going to rebase and try again.15:24
kfarrchellygel rellerreller https://review.openstack.org/#/c/187297/15:25
kfarr^^ Kevin_Bishop 's  change15:26
elmikorellerreller: hey, can i bug you about the ManagedObject stuff for castellan?15:27
rellerrellerelmiko sure that's not a problem15:27
Kevin_Bishoprellerreller, yeah so we now create our own global CONF object in config.py instead of using the one found in the cfg module15:27
Kevin_Bishoprellerreller I had to change some of the base barbican unit tests in that patch, so maybe seeing those changes will help?15:28
elmikorellerreller: so, i appreciate the help on the sahara spec. i'm gonna update to talk about the passpharse key and remove our key. but i'm curious how is a user supposed to extend the key mechanism, i thought the Key abs was supposed to be the contract for those objects?15:28
chellygelrellerreller, i didn't intend for you to have to add it to that change, just as a separate one15:28
rellerrellerKevin_Bishop Thanks. I'll take a look at the changes.15:28
Kevin_Bishoprellerreller Yeah no problem15:29
chellygelin the future15:29
chellygeleventually15:29
chellygellol15:29
*** SheenaG has joined #openstack-barbican15:29
rellerrellerelmiko I'm not sure that I understand the question. Which aspect are you trying to extend the Key or KeyManager hierarchy?15:32
*** jsavak has joined #openstack-barbican15:33
elmikorellerreller: well, i'm just talking about how i implemented the SaharaKey, but it sounded like from your last comment that it won't be sufficient to pass into another KeyManager.15:33
elmikofor example,15:33
elmikoBarbicanKeyManager wouldn't accept a SaharaKey15:34
elmikoi thought the Key abc was the contract for those objects?15:34
*** kfarr-mobile has joined #openstack-barbican15:34
rellerrellerelmiko That is true. We could always extend ManagedObject to support another type of managed. We would just need to make sure that all possible implementations would support that managed object type.15:34
rellerrellerelmiko What do you mean by contract?15:35
rellerrellerelmiko The ManagedObject hierarchy simply provides an interface for the KeyManager implemenations to pull out the necessary information to store the object.15:35
elmikorellerreller: i thought those abc's defined the interface for creating objects, so as long as my object implements those methods it would be accepted. that's all i meant by contract15:36
therverellerreller, The tests work fine on your patch for me. Except that tests failure because of the cfg import15:36
elmikorellerreller: i guess i'll need to see the ManagedObject stuff to understand it better.15:36
*** gyee_ has joined #openstack-barbican15:36
rellerrellerelmiko For example, the KMIP implementation will need to map a SymmetricKey to a KMIPSymmetricKey object. This means getting the algorithm, bit length, and key value from the object.15:37
therverellerreller, It's possible something weirds happen if you have a /etc/barbican directory in your machine?15:37
elmikorellerreller: makes sense15:37
openstackgerritChelsea Winfree proposed openstack/barbican: Documentation for PKCS11 Key Generation script  https://review.openstack.org/18736715:37
redrobotelmiko why are you extending the Key?  I thought the goal of Castellan was to be able to use objects as is.15:38
rellerrellerelmiko I guess if your object extended one of the ManagedObjects then it would be ok. I'm not sure of the benefit at that point because none of the implementations would know how to parse SaharaKey.15:38
*** kfarr-mobile has quit IRC15:39
rellerrellerelmiko The implementations would only use the information found in the parent class, which is passphrase or symmetric key I do not remember which.15:39
elmikoredrobot: i had started to create a local version of Key for out project since none existed yet15:39
redrobotI think it would be hard to make Castellan return a SaharaKey back to you.15:39
rellerrellerelmiko was that message for me?15:39
elmikorellerreller: this discussion is a little academic because i agree with your assessment about using the Passphrase, but i'm trying to better understand the system15:40
elmikoredrobot: agreed, and it doesn't need to15:40
elmikowe will still be accessing the payload through the get_encoded method, i'm assuming that will stay consistent through all the Key impls15:41
rellerrellerelmiko Yes, all of the managed objects will have a means to get the payload or raw bytes.15:42
elmikorellerreller: i guess, i'm trying to understand if the interface defined by the Key abc will be valid for all keys returned from castellan15:42
elmikook15:42
rellerrellerelmiko Did I help you understand the system better or worse? What parts are still not clear?15:43
elmikorellerreller: i think better, i'd like to take a look at the ManagedObject stuff when it's ready. that would cement things for me.15:43
rellerrellerelmiko OK. kfarr is working on that. She has some ascii art out there on an etherpad page.15:43
kfarrelmiko, I can be sure to add you to the MR when it's up!15:44
elmikokfarr: thanks!15:44
redrobotelmiko rellerreller https://etherpad.openstack.org/p/Castellan-fishbowl-L-summit15:44
elmikoredrobot: ok yea, i remember that pad. thanks for the link =)15:44
rellerreller@redrobot Thanks! I was just looking for that.15:44
rellerrellerelmiko All of them will have a 'bytes' property. That will return what most people call the payload. The term payload scares me a little because that makes me think of an attacker's payload :)15:46
elmikohehe15:46
rellerrellerelmiko The encoded property defines how the key is encoded. This is like our content type problem. This will be something like PKCS#8, PKCS#1, etc.15:47
elmikorellerreller: ok, sounds like i'm just moving a little too quickly on our implementation. i was hoping that any Key descended object could be used with any KeyManager descended object15:47
elmikorellerreller: right, and in our case we don't really use the algorithm stuff, so our key is most like the Passphrase, just a clear text pw or something15:47
rellerrellerelmiko It's more like the KeyManagers are really only interested in the ManagedObject types that we define on the graph. A subclass is fine, but the extra information will not be gauranteed to be used by all KeyManager implementations.15:48
rellerrellerelmiko right15:48
rellerrellertherve My tests just passed for master branch without devstack. I blame my troubles on a 5 month old that is interested in sticking her fingers in my eyes.15:49
elmikorellerreller: yea, and we wouldn't be adding extra information to the class. which is why i think we could consume whatever object was returned from a KeyManager, be it SaharaKeyManager, BarbicanKeyManager, or something else, so long as we could access those common methods from the Key (ManagedObject?) returned from a retrieval operation.15:50
therverellerreller, You didn't let here finish the fix! :)15:50
rellerrellerelmiko I agree.15:52
elmikorellerreller: great, then i can count on your +1 ;)  j/k15:53
rellerrellerelmiko I will have kfarr include you on the review for the change to update the ManagedObject hierarchy. Then you can verify that the classes have all of the information you want.15:53
elmikorellerreller: cool, i don't think it will be an issue in our use case. i'm just moving too fast with our stuff.15:53
rellerrellerelmiko Do you have an update?15:53
elmikorellerreller: not yet, i needed to ask a few questions first =)15:54
rellerrellerelmiko gotcha15:54
elmikorellerreller: i'm gonna cycle our plans out a little further in to Liberty to ensure better coordination with castellan progress15:54
elmikorellerreller: i also have a proposal for castellan configs that kfarr and i talked about at summit, i'll focus on some of that stuff in the meantime.15:55
rellerrellerelmiko Sounds good. I'll have kfarr give an update on our timeline. Hopefully that will still work for you.15:55
*** nickrmc83 has quit IRC16:02
woodster_alee: chellygel  I added comments to the reissue bp CR here: https://review.openstack.org/#/c/155931  Please let me know if my comments make sense though16:08
chellygelwill take a look :)16:10
openstackgerritNathan Reller proposed openstack/barbican: Added pkcs1_only Configuration to KMIP  https://review.openstack.org/18246116:16
*** stanzi has joined #openstack-barbican16:23
*** stanzi has quit IRC16:23
*** stanzi has joined #openstack-barbican16:24
aleewoodster_, will take a look -- feel free to review https://review.openstack.org/186771 or https://review.openstack.org/187236 or https://review.openstack.org/127823 or https://review.openstack.org/187308 ")16:30
woodster_alee: will do16:31
elmikorellerreller: ok, now that i've looked at the diagrams again the ManagedObject makes more sense. looks like *if* we needed our own key type we would just implement a ManagedObject for it. i'm still guessing we will just wait for the Passphrase though.16:35
*** kebray has quit IRC16:42
*** HoloIRCUser2 has joined #openstack-barbican16:54
*** HoloIRCUser3 has joined #openstack-barbican16:54
*** stanzi has quit IRC16:55
*** HoloIRCUser2 has quit IRC16:58
*** pglass has quit IRC17:00
*** HoloIRCUser3 has quit IRC17:00
*** pglass has joined #openstack-barbican17:04
aleeredrobot, I'm trying to run latest master and see this:17:04
aleeValueError: Unknown remainder ['g2fbc7f6'] in '2015.2.dev91.g2fbc7f6'17:04
aleeanyone know whats going on?17:04
aleewoodster_, elmiko you seeing this when you run tox on master ? ^^17:06
elmikoalee: i was seeing that yesterday17:06
elmikohaven't tried again today17:06
aleeelmiko, ah - I was hhoping you'd say you fixed it17:06
elmikoLOL17:06
aleeredrobot, jvrbanac woodster_ ^^?17:07
elmikoalee: i kept seeing it when trying to run database upgrades, but then it went away when i started with a fresh db17:07
aleeelmiko, hmm .. let me try remove my db17:08
aleeelmiko, no - same problem17:09
elmikodang17:09
aleeat least running tox17:09
elmikoi'm running tox now, just to confirm17:09
aleeredrobot, special tox cleanup command needed?17:10
aleeelmiko, oh wait ,,,17:10
aleeelmiko, nm - I think I'm an idiot -- confirming ..17:11
elmikoalee: ok, i'm getting green on tox17:13
rellerrellerchellygel woodster_ jvrbanac I updated my pkcs1_only patch to avoid the merge conflicts, https://review.openstack.org/18246117:16
*** erw has left #openstack-barbican17:16
aleeelmiko, I forgot to set my pyenv environment. so not surprising it did not work -- its taking a lot longer now to recreate the envrionment17:21
openstackgerritSteve Heyman proposed openstack/barbican: Fix http 500 when no accept header passed to secret GET /payload  https://review.openstack.org/18904817:21
elmikoalee: doh!17:22
aleeelmiko, yeah .. me be an idjit ..17:22
elmikolol17:23
*** stanzi has joined #openstack-barbican17:26
jaosorioralee17:33
jaosoriorping17:33
aleejaosorior, yo17:33
aleejaosorior, I think I need to change the way we handle certdb in the dogtag plugin17:34
jaosorioralee: I kinda read what the dude said in the dogtag-pki chat17:34
jaosoriorSo what are you gonna do? a singleton class for the db?17:34
aleejaosorior, yeah - I have a patch and am trying to test it out , but my machine is a lillte borked right now17:34
*** stanzi has quit IRC17:34
aleejaosorior, let me send /post what I was thinking about for a patch ...17:35
jaosoriorsure17:35
aleejaosorior, I guess I'll just pop a quick review to gerrit17:36
jaosorioralright17:37
jaosoriorI'll go fetch some dinner and will check it out in a bit17:38
openstackgerritAde Lee proposed openstack/barbican: Changes to fix dogtag nss db handling - TESTING DO NOT MERGE  https://review.openstack.org/18937917:39
aleejaosorior, there it is .17:39
*** rellerreller_ has joined #openstack-barbican17:49
*** alee is now known as alee_lunch17:51
*** rellerreller has quit IRC17:52
*** gyee_ has quit IRC17:57
*** rellerreller_ has quit IRC18:01
*** stanzi has joined #openstack-barbican18:01
*** rellerreller has joined #openstack-barbican18:02
*** stanzi has quit IRC18:08
*** stanzi has joined #openstack-barbican18:08
*** openstackgerrit has quit IRC18:09
*** openstackgerrit has joined #openstack-barbican18:09
*** rellerreller has quit IRC18:23
*** rellerreller has joined #openstack-barbican18:28
*** SheenaG has quit IRC18:28
*** pglass has quit IRC18:29
*** SheenaG has joined #openstack-barbican18:30
*** pglass has joined #openstack-barbican18:30
*** stanzi has quit IRC18:32
*** xaeth is now known as xaeth_afk18:37
*** alee_lunch is now known as alee18:39
*** stanzi has joined #openstack-barbican18:41
*** insequent has quit IRC18:45
*** xaeth_afk is now known as xaeth18:47
*** jsavak has quit IRC18:48
*** insequent has joined #openstack-barbican19:00
*** xaeth is now known as xaeth_afk19:02
*** xaeth_afk is now known as xaeth19:10
jaosorioralee: any updates?19:24
aleejaosorior, did you see my CR?19:25
jaosoriorI did19:25
aleefor some reason, on my machine right now - my tox tests are failing19:26
aleeeven without my change19:26
jaosoriorwhaa19:26
jaosoriorok, let me check that out19:26
aleegetting SecretStorePluginNotConfigured19:26
jaosorioris that from the functional tests?19:27
aleejaosorior, no just normal unit tests19:27
aleejust running tox19:27
jaosoriorrunning19:27
aleejaosorior, jvrbanac what does the tox run point to for barbican-api.conf?19:28
jvrbanacalee, rebuild your tox environment19:28
aleejvrbanac, I did -- I did tox -r19:28
jaosoriortox -r19:28
aleesame error19:28
jaosorioruhm, I'm rebuilding it too19:28
jvrbanacalee, is this on trunk19:28
jvrbanac?19:28
aleejvrbanac, yes19:29
aleejaosorior, did you get this too>19:29
alee?19:29
jvrbanacalee, I saw something like that over the weekend, so I just rebuild everything (including the db)19:29
*** stanzi has quit IRC19:30
aleejaosorior, jvrbanac well I blew away my db19:30
aleetrying tox -r again19:31
jaosoriorrunning still19:31
aleejaosorior, anyways -- maybe you can take the changes I put in my patch and try that against the dogtag gate19:32
*** rellerreller has quit IRC19:32
openstackgerritSteve Heyman proposed openstack/barbican: Add RBAC tests for orders  https://review.openstack.org/18941119:32
jaosoriorwell, I could grab your commit and squash it with mine19:33
*** stanzi has joined #openstack-barbican19:33
aleejaosorior, sure19:34
*** rellerreller has joined #openstack-barbican19:34
aleejaosorior, its in different files in any case19:35
jaosoriortox passes in my machine19:35
aleejaosorior, or we can get your commit checked in --- its clearly trying at least to execute the dogtag code19:36
aleejaosorior, and then attempt my commit against the dogtag gate19:36
aleejaosorior, your choice -- I'm hoping this latest tox -r will fix things for me so I can test locally19:37
rellerrelleralee I keep getting this error "webtest.app.AppError: Bad response: 500 Internal Server Error (not 200 OK or 3xx redirect for http://localhost/secrets/)" while testing. Is that similar to your error?19:38
aleerellerreller, yup19:38
rellerrelleralee I have been getting that error since Friday.19:39
aleeif you look at stack trace you see SecretStorePluginNotConfigred I think19:39
rellerrelleralee This morning I tried running tests and they worked. Now once again they are failing. I'm not sure what is happening.19:39
aleerellerreller, ok good to know I'm not totally crazy19:40
rellerrelleralee me too. therve probably thought I was crazy because I brought it up to him, and he said everything was fine. So I reran and it worked.19:41
*** stanzi has quit IRC19:41
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: service_enabled instead of environment variable for dogtag  https://review.openstack.org/18518119:41
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Changes to fix dogtag nss db handling - TESTING DO NOT MERGE  https://review.openstack.org/18937919:41
jaosorioraleeL I made your commit dependant on mine19:41
aleejaosorior, ok19:41
aleejaosorior, dont forget to check experimental19:42
aleerellerreller, yeah - I still see the error19:42
jaosoriorwell, I did a check experimental on your commit instead of mine. Since I guess that's what we want to see19:43
aleejvrbanac, do you see it19:43
aleejaosorior, yes19:43
aleejaosorior, I'm assuming it will apply your changes?19:43
aleeseeing as they are dependent?19:43
jaosorioryup19:43
jvrbanacalee, I don't see the problem on just plain trunk19:44
jaosoriorwell... I haven't updated my system in a while19:45
jaosoriormaybe that makes a difference19:45
rellerrelleralee I think I may have something for you to fix your tests.19:46
rellerrelleralee I did this and it worked for me but not sure why. Kill your tests. Start a devstack instance and then rerun `tox` after devstack is created.19:46
rellerrelleralee I did that this morning and this fixed my issue. I just tried it again and it works as well.19:47
aleerellerreller, thats a little screwy19:48
rellerrelleralee Tell me about it, but my tests are not blowing up now :)19:48
*** igueths has joined #openstack-barbican19:48
aleerellerreller, I try not to run a devstack instance on my main dev box ... tends to mess things up ..19:49
rellerrelleralee After the first run you do not need devstack to be running. The best theory I have now is that devstack blows away db and then recreates it.19:49
aleerellerreller, the db is /var/lib/barbican/barbican.sqlite right?19:50
rellerrelleralee I do not know.19:50
*** stanzi has joined #openstack-barbican19:50
rellerrelleralee I have not messed with the db stuff much at all.19:50
rellerrelleralee I actually thought the unit tests were supposed to have an in-memory db. That would kill my theory, but I do not know what else devstack would do to change my environment and get my tests running.19:53
aleerellerreller, maybe some environment variable change?19:54
*** kfarr has left #openstack-barbican19:54
redrobotWeekly meeting starts in 5 minutes on #openstack-meeting-alt19:54
*** stanzi has quit IRC19:59
*** dave-mcc_ has joined #openstack-barbican19:59
jaosorioralee, rellerreller: after updating I now get an error while running tox20:00
aleejaosorior, when I run on an old tree, I have no issues20:01
aleejaosorior, so some recent checkin ..20:02
jaosoriorI had no issues until I updated a LOT of packages from my system20:02
*** kfarr has joined #openstack-barbican20:02
jaosoriorso I'm running the same hash from master. But something is messing things up20:02
*** dave-mccowan has quit IRC20:02
*** kebray has joined #openstack-barbican20:03
jaosorioryeah, mostly related to the database20:03
*** kfarr_ has joined #openstack-barbican20:04
*** kfarr has quit IRC20:07
*** xaeth is now known as xaeth_afk20:32
jaosoriorwell... removing /var/lib/barbican/barbican.sqlite didn't work for me :/20:34
*** rellerreller has quit IRC20:35
jaosoriorby the way, alee: http://logs.openstack.org/79/189379/2/experimental/gate-barbican-dogtag-devstack-dsvm-f21/22f244a/logs/screen-barbican.txt.gz#_2015-06-08_20_10_47_07120:35
aleejaosorior, phooey20:36
openstackgerritAmy Marrich proposed openstack/barbican: Changes the naming convention for Barbican config files to be more consistent with other OpenStack projects.  https://review.openstack.org/18943420:37
openstackgerritAmy Marrich proposed openstack/barbican: Changes the naming convention for Barbican config files to be more consistent with other OpenStack projects.  https://review.openstack.org/18943420:37
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Changes to fix dogtag nss db handling - TESTING DO NOT MERGE  https://review.openstack.org/18937920:38
aleejaosorior, you fixed the error reporting?20:38
openstackgerritAmy Marrich proposed openstack/barbican: Changes naming convention for Barbican config files to be more consistent  https://review.openstack.org/18943420:38
jaosorioralee: yeah. Casted the exception into string20:38
aleejaosorior, check experimental20:38
jaosoriorI did20:38
jaosoriorbuy anyway, after updating my system now I can't run tox :/20:39
jaosoriorso some python library was updated that now breaks the tox tests20:39
aleeyeah20:39
jaosoriorprobably even tox20:39
jaosoriormaybe people using Ubuntu will not see this in a bit, since they get updates...well...slower than the rest20:40
aleejaosorior, I did find that when I run tox on an older tree , it passes20:41
openstackgerritAmy Marrich proposed openstack/barbican: Changes naming convention for Barbican config files for consistency  https://review.openstack.org/18943420:41
jaosorioralee: which is weird, since with the newest tree it used to pass for me, until I updated my box20:41
*** xaeth_afk is now known as xaeth20:42
aleejaosorior, whats the error you are seeing?20:42
openstackgerritAmy Marrich proposed openstack/barbican: Change naming convention for Barbican config files  https://review.openstack.org/18943420:44
*** kfarr_ has quit IRC20:45
*** stanzi has joined #openstack-barbican20:47
*** stanzi has joined #openstack-barbican20:47
aleejaosorior, still there?20:48
jaosorioralee: yup, redirecting error to a file so I can post the exact errors...since there are many20:48
*** alee has quit IRC20:48
*** alee has joined #openstack-barbican20:49
*** dave-mccowan has joined #openstack-barbican20:50
*** dave-mcc_ has quit IRC20:50
jaosoriorsoooo, errors are here: http://pastebin.com/GERZNtNb20:53
redrobotjaosorior alee I'm going to blow away my env and see if I can recreate20:56
*** xaeth is now known as xaeth_afk20:56
elmikodid you guys try completely cleaning the barbican dir?20:56
aleeelmiko, you mean brand new checkout?20:57
aleeelmiko, no -- let me try that20:57
elmikoalee: i suppose you could go that far, but `git clean -fXd` i think would do the trick20:57
elmikothen `tox -r`20:57
aleelet me try that20:58
elmikoi'm getting success off master, only a few pyflakes complaints from some old build dir stuff20:58
elmikoalee: actually, `git clean -fxd` sorry20:58
aleeelmiko, trying- - the tox -r takes awhile20:59
woodster_make sure you pip install -U -r requirements.txt   and   pip install -U -r test-requirements.txt  too21:01
*** xaeth_afk is now known as xaeth21:04
*** nkinder_ has joined #openstack-barbican21:05
*** dave-mcc_ has joined #openstack-barbican21:06
aleewaiting for this to complete is like watching paint dry ..21:09
*** nkinder has quit IRC21:09
*** dave-mccowan has quit IRC21:10
woodster_same error for me :\21:10
*** nkinder_ has quit IRC21:12
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/18945421:12
*** nkinder_ has joined #openstack-barbican21:13
woodster_alee, might need to do 'pip install -e .' again...that fixed someone else over here...thanks for the reminder redrobot21:13
aleewoodster_, seeing if that makes a difference21:15
aleetrying tox -r again -- I ran into No module named functools32 for some reason21:16
aleebut its there ..21:16
jaosorioralee: ???21:17
aleeback in a sec ..21:18
woodster_alee, jaosorior can one of you workflow this?: https://review.openstack.org/#/c/188208/21:21
jaosoriorwoodster_: Does it work in postgres?21:22
*** gyee_ has joined #openstack-barbican21:22
*** kebray has quit IRC21:24
*** nkinder_ has quit IRC21:26
aleeok - so after clearing all out and doing tox -r , I'm getting "ImportError: No module named functools32"21:27
*** nkinder_ has joined #openstack-barbican21:27
elmikooh man...21:27
aleewhy do I feel like I'm going backwards21:27
alee?21:27
*** stanzi has quit IRC21:37
*** stanzi has joined #openstack-barbican21:42
*** stanzi has quit IRC21:46
woodster_jaosorior: igueths was able to verify it worked in postgres21:50
*** SheenaG has quit IRC21:51
*** SheenaG has joined #openstack-barbican21:53
*** nkinder__ has joined #openstack-barbican21:58
*** SheenaG has quit IRC22:01
*** Kevin_Bishop has quit IRC22:02
*** nkinder_ has quit IRC22:02
*** nkinder__ has quit IRC22:03
*** nkinder__ has joined #openstack-barbican22:04
woodster_chellygel: were you looking for reaperhulk to workflow your CR?: https://review.openstack.org/#/c/18736722:12
*** pglass has quit IRC22:14
reaperhulkwill read those docs as soon as I get back22:15
chellygelwoodster_, no -- the actual script i wished for him to review; however it was merged22:15
*** dave-mccowan has joined #openstack-barbican22:15
chellygelthe docs are just providing feedback for the script thats already there22:15
chellygelreaperhulk, if you coculd review the script, i'd be happy to make changes and upload22:16
woodster_chellygel: cool22:16
*** dave-mcc_ has quit IRC22:18
*** xaeth is now known as xaeth_afk22:27
*** igueths has quit IRC22:33
*** xaeth_afk is now known as xaeth22:36
reaperhulkchellygel: I think the script looked good? I remember only one little comment and you and I talked about that already22:37
chellygelyep, that is what i assumed :)22:39
openstackgerritMerged openstack/barbican: Documentation for PKCS11 Key Generation script  https://review.openstack.org/18736722:45
*** SheenaG has joined #openstack-barbican22:52
*** dimtruck is now known as zz_dimtruck23:17
*** alee has quit IRC23:18
*** nkinder__ has quit IRC23:18
*** alee has joined #openstack-barbican23:21
*** dave-mcc_ has joined #openstack-barbican23:23
*** alee has quit IRC23:24
*** dave-mccowan has quit IRC23:26
*** xaeth is now known as xaeth_afk23:27
*** jaosorior has quit IRC23:31
*** chlong has joined #openstack-barbican23:36
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/18945423:38
« Sunday, 2015-06-07 Index Tuesday, 2015-06-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!