Thursday, 2015-07-09

« Wednesday, 2015-07-08 Index Friday, 2015-07-10 »
*** SheenaG has quit IRC00:04
*** rm_you has quit IRC00:09
*** rm_you has joined #openstack-barbican00:15
*** kfarr has joined #openstack-barbican00:16
*** jamielennox is now known as jamielennox|away00:29
hockeynutDaviey I did reply so they were on the pathset 2700:38
hockeynutpatchset00:38
*** jamielennox|away is now known as jamielennox00:39
*** zz_dimtruck is now known as dimtruck01:02
*** elmiko is now known as _elmiko01:04
*** bitblt has quit IRC01:45
openstackgerritKaitlin Farr proposed openstack/castellan: Add managed objects hierarchy  https://review.openstack.org/19188401:53
*** gyee has quit IRC02:28
openstackgerritMerged openstack/kite: Drop use of 'oslo' namespace package  https://review.openstack.org/19577702:35
*** xaeth_afk is now known as xaeth02:58
*** yuanying has quit IRC03:16
*** crc32 has joined #openstack-barbican03:21
*** jamielennox is now known as jamielennox|away03:22
*** xaeth is now known as xaeth_afk03:28
*** jamielennox|away is now known as jamielennox03:31
*** dave-mccowan has quit IRC03:33
*** xaeth_afk is now known as xaeth03:36
*** kfarr1 has joined #openstack-barbican03:38
*** kfarr has quit IRC03:39
openstackgerritMerged openstack/barbican: Adding script for rewrapping p11 KEKs  https://review.openstack.org/19627003:45
*** xaeth is now known as xaeth_afk03:57
*** alee has quit IRC03:59
*** yuanying has joined #openstack-barbican04:08
*** alee has joined #openstack-barbican04:11
*** woodster_ has quit IRC04:41
*** arunkant_ has quit IRC05:02
*** alee has quit IRC05:38
*** alee has joined #openstack-barbican05:51
*** ig0r_ has joined #openstack-barbican05:52
*** ig0r__ has quit IRC05:55
*** everjeje has joined #openstack-barbican05:59
*** crc32 has quit IRC06:23
*** kfarr1 has quit IRC06:35
*** nickrmc83 has joined #openstack-barbican07:09
*** dimtruck is now known as zz_dimtruck07:10
*** shohel has joined #openstack-barbican07:21
*** jaosorior has joined #openstack-barbican07:55
openstackgerritMerged openstack/barbican: Completed localization tagging for plugin directory  https://review.openstack.org/19915509:33
*** DTadrzak has joined #openstack-barbican09:37
DTadrzakHello guys I want to ask about a version Object in Barbican. Tell me if barbican need a Version Object and if somebody has been working on it?09:40
jaosoriorCan you ellaborate on what you mean by Version Object?09:41
jaosoriorDTadrzak: Is this what you're talking about? http://docs.openstack.org/developer/swift/overview_object_versioning.html09:41
DTadrzakhttps://review.openstack.org/#/c/174318/209:42
jaosoriorwait..wrong link: http://docs.openstack.org/developer/oslo.versionedobjects/09:42
jaosoriorthat's the one09:42
jaosoriorDTadrzak: Well, there are some questions in that blueprint that Grzegorz Grasza has not answered09:42
jaosoriorif you're interested, can you answer the questions we posed there?09:42
DTadrzaki will ask Grzegorz to answer your question ASAP09:43
jaosorioralright09:43
jaosoriorDTadrzak: Also, if he could provide a more detailed description of what the versionedobjects actually are trying to solve, we would appreciate it a lot, since it seems that some people are still figuring out the real use-cases for such a library09:46
DTadrzakjaosorior: Well generally It will allow to have a communication via rpc with different version of our project it's very useful in case of Rolling upgrades for more details plz provide your question to this spec i will ask Grzegorz to answer your questions. ok :)?09:59
*** mmdurrant has quit IRC10:09
*** nickrmc83 has quit IRC10:17
*** nickrmc83 has joined #openstack-barbican10:25
jaosoriorDTadrzak: sure10:34
*** yuanying has quit IRC10:41
*** arunkant_ has joined #openstack-barbican10:59
*** arunkant_ has quit IRC11:08
*** arunkant has joined #openstack-barbican11:18
*** arunkant has quit IRC11:24
*** shohel has quit IRC11:34
*** dave-mccowan has joined #openstack-barbican11:34
*** shohel has joined #openstack-barbican11:57
*** mmdurrant has joined #openstack-barbican11:59
*** darrenmoffat has quit IRC12:21
*** darrenmoffat has joined #openstack-barbican12:22
*** shohel has quit IRC12:45
*** pserebryakov has joined #openstack-barbican12:47
*** shohel has joined #openstack-barbican12:47
*** alee has quit IRC12:51
*** kfarr has joined #openstack-barbican13:01
*** kfarr has quit IRC13:06
*** _elmiko is now known as elmiko13:15
*** arunkant has joined #openstack-barbican13:23
*** arunkant_ has joined #openstack-barbican13:31
*** arunkant has quit IRC13:35
*** pserebryakov has quit IRC14:00
*** alee has joined #openstack-barbican14:05
*** pglass has joined #openstack-barbican14:05
*** SheenaG has joined #openstack-barbican14:15
*** kfarr has joined #openstack-barbican14:19
jaosorioralee: Got some time to review this CR? https://review.openstack.org/#/c/199142/14:23
aleejaosorior, so you opted not to put the storage of the private key in the _save_secrets() method?14:27
aleejaosorior, thats fine - just wondering about your reasoning.14:28
jaosoriormy initial reasoning was that I didn't feel like save_secrets should have the knowledge of the type, but let me make a quick fix to see how it looks like if it was done that way14:28
aleejaosorior, you should fix the coverage failure too.14:29
aleejaosorior, I dont have a strong feeling either way on where that code should live -- I'll be ok with what you have - once coverage is fixed.14:30
jaosoriorlet me check the coverage part. The test that covers that is functional (actually can only be verified in dogtag at the moment) and that is not taken into account for the coverage14:32
*** kebray has joined #openstack-barbican14:41
*** kebray has quit IRC14:44
*** kebray has joined #openstack-barbican14:45
*** zz_dimtruck is now known as dimtruck14:47
*** jhfeng has joined #openstack-barbican14:49
*** silos has joined #openstack-barbican14:52
*** Kevin_Bishop has joined #openstack-barbican14:56
aleeredrobot, is woodster around?14:56
redrobotalee I don't see him at his desk14:57
*** xaeth_afk is now known as xaeth14:57
aleeredrobot, has there been any discussion of talks to be submitted at Tokyo?  I believe the deadline is next week.14:59
redrobotalee we had a brain storming session here at the Rack the other day... let me pull up my notes.14:59
openstackgerritSteve Heyman proposed openstack/barbican: Add retry server and functional tests to DevStack  https://review.openstack.org/17089615:02
jaosoriorhas anybody seen kfox1111? I actually went ahead and added some feedback to his blueprint https://review.openstack.org/#/c/190404/ but he never replied :/15:03
redrobotalee So, we've got a few abstracts we'll be submitting:15:08
redrobotalee High Availability Barbican: Deployment lessons learned and best practices - iguethz15:08
redrobotalee Deploying Barbican: Backend comparisons or Which HSM/Secret Store/CA is right for me? - redrobot and reaperhulk15:10
jhfengopenstack-dev mailing list currently doesn't have "barbican" project in filtering option. It would be nice be added.15:10
*** dave-mccowan has quit IRC15:10
redrobotalee thought you might be interested in talking about DogTag on that last one15:10
aleeredrobot, sure :)15:11
aleeredrobot, those both sound like good talks15:12
aleeredrobot, and I'll be happy to tag along as a co-presenter on the second.  make my case for going to Tokyo stronger :)15:13
redrobotalee Key Federation - not sure about the title yet, another Racker is driving this one.  He's coordinating with HP/IBM/Cern to talk about audit and identity federation as well.15:13
aleeredrobot, reaperhulk - do you need anything from me on that talk?15:13
*** diazjf has joined #openstack-barbican15:13
redrobotalee "Why aren't you barbicaneeng" by chellygel ... thinking this would be a panel where users can ask questions about Barbican usage/missing features.15:14
redrobotalee I'm on the hook to write the abstract15:14
redrobotalee I'll run it by you on Monday.15:14
aleesounds good.15:14
*** arunkant__ has joined #openstack-barbican15:15
redrobotalee Barbican Threat Models: what it does and does not protect you from by reaperhulk15:15
redrobotalee and the last one: Testing your live Barbican Deployment by hockeynut15:15
*** arunkant has joined #openstack-barbican15:17
jhfengperformance is another good topic if anyone have some experience on it. release M is for perf, right ?15:18
*** arunkant_ has quit IRC15:18
aleeredrobot, cool - we're going to be running some demos at the Red Hat booth that will hopefully include for example, deployment of FreeIPA/Dogtag/barbican in RDO to do volume encryption, issuance of certs using certmonger.  Need to think if there is a talk to come out of that.15:19
aleeredrobot, perf would be nice and you guys may be able to talk to that.15:20
*** arunkant__ has quit IRC15:20
redrobotjhfeng alee  agreed... not sure if we'll have enough data to give a good talk this cycle though15:21
*** dave-mccowan has joined #openstack-barbican15:22
*** jamielennox is now known as jamielennox|away15:23
*** kfarr has quit IRC15:27
hockeynutredrobot is there an etherpad for these abstracts?15:28
redrobothockeynut nope15:29
hockeynutredrobot want one?15:29
*** kfarr has joined #openstack-barbican15:29
*** jamielennox|away is now known as jamielennox15:32
*** rm_you has quit IRC15:33
*** rm_you has joined #openstack-barbican15:33
redrobothockeynut I don't have a preference.  I'll probably put mine on an etherpad so alee  can read it.15:34
*** shohel has quit IRC15:35
hockeynutok15:35
*** nickrmc83 has quit IRC15:50
*** mdarby has joined #openstack-barbican15:56
*** shohel has joined #openstack-barbican15:59
*** bitblt has joined #openstack-barbican16:03
*** shohel has quit IRC16:04
*** jamielennox is now known as jamielennox|away16:21
*** kfarr1 has joined #openstack-barbican16:21
*** kfarr has quit IRC16:24
*** chadlung has joined #openstack-barbican16:27
*** jamielennox|away is now known as jamielennox16:29
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Add Private Key to the resulting container if stored-key order  https://review.openstack.org/19914216:35
jhfengjust FYI, "barbican" now is in the openstack-dev mailing project filtering option list. You can use it to filter your openstack-dev emails.16:36
*** kfarr1 has quit IRC16:39
*** bitblt has quit IRC16:45
*** shohel has joined #openstack-barbican16:46
*** tkelsey has joined #openstack-barbican16:47
*** kfarr has joined #openstack-barbican16:55
*** mmdurrant has quit IRC16:57
*** mmdurrant has joined #openstack-barbican16:58
siloskfox1111: posted a commment on your blueprint: https://review.openstack.org/#/c/190404/17:06
*** alee is now known as alee_lunch17:11
openstackgerritMerged openstack/barbican: Imported Translations from Transifex  https://review.openstack.org/19990217:14
*** silos has left #openstack-barbican17:21
*** mdarby has quit IRC17:36
*** chadlung has quit IRC17:52
*** jhfeng has quit IRC18:01
*** jhfeng has joined #openstack-barbican18:02
*** rellerreller has joined #openstack-barbican18:04
*** chadlung has joined #openstack-barbican18:15
*** jhfeng has quit IRC18:16
*** tkelsey has quit IRC18:18
*** chadlung has quit IRC18:20
*** chadlung has joined #openstack-barbican18:21
*** alee_lunch is now known as alee18:24
*** silos has joined #openstack-barbican18:25
*** chadlung has quit IRC18:33
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Allow Barbican Client Secret Update Functionality  https://review.openstack.org/19687618:34
*** chadlung has joined #openstack-barbican18:35
*** jaosorior has quit IRC18:36
*** chadlung has quit IRC18:42
*** tkelsey has joined #openstack-barbican18:46
*** tkelsey has quit IRC18:51
*** everjeje has quit IRC18:58
*** jhfeng has joined #openstack-barbican18:59
*** arunkant_ has joined #openstack-barbican19:07
*** arunkant has quit IRC19:10
*** jhfeng has quit IRC19:17
*** jhfeng has joined #openstack-barbican19:18
*** mdarby has joined #openstack-barbican19:24
*** dave-mccowan has quit IRC19:40
*** diazjf has quit IRC19:42
*** diazjf has joined #openstack-barbican19:43
*** rellerreller has quit IRC19:43
*** spotz has joined #openstack-barbican19:52
*** crc32 has joined #openstack-barbican19:55
*** SheenaG has quit IRC20:06
*** dave-mccowan has joined #openstack-barbican20:08
*** SheenaG has joined #openstack-barbican20:18
*** SheenaG has left #openstack-barbican20:18
*** kfarr has quit IRC20:23
*** gyee has joined #openstack-barbican20:28
*** mmdurrant_ has joined #openstack-barbican20:36
mmdurrant_Sorry, there are two of me now and I don’t have access to kill my process at home.20:37
*** gyee has quit IRC20:38
*** kfarr has joined #openstack-barbican20:40
*** gyee has joined #openstack-barbican20:41
mmdurrant_So when I create a container in Barbican as a user, should I also expect Barbican to create default ACLs for the container so said user has read access?20:43
redrobotmmdurrant_ nope.  the main access control is RBAC20:44
redrobotmmdurrant_ ACL is an additional/complementary access control.20:44
redrobotmmdurrant_ being able to create a secret implies that you have a role that can also retrieve the secret20:45
redrobotmmdurrant_ so an ACL entry is not necessary20:45
*** mdarby has quit IRC20:46
mmdurrant_Interesting… doing so as the admin user and authenticating as admin, through the public REST API I get permission denied so apparently I don’t have the roles configured correctly.  Thanks redrobot20:46
*** kfarr has quit IRC20:47
*** tkelsey has joined #openstack-barbican20:47
*** tkelsey has quit IRC20:52
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Allow Barbican Client Secret Update Functionality  https://review.openstack.org/19687620:54
*** kfarr has joined #openstack-barbican21:01
*** xaeth is now known as xaeth_afk21:06
*** gyee has quit IRC21:34
*** jamielennox is now known as jamielennox|away21:37
*** chadlung has joined #openstack-barbican21:38
*** gyee has joined #openstack-barbican21:41
*** dave-mcc_ has joined #openstack-barbican21:45
*** DTadrzak has quit IRC21:47
*** DTadrzak has joined #openstack-barbican21:47
*** jamielennox|away is now known as jamielennox21:48
*** dave-mccowan has quit IRC21:49
*** kfarr has quit IRC21:50
*** nelsnelson has joined #openstack-barbican21:54
mmdurrant_OK, I’m getting a little frustrated now.  I get “File "/opt/stack/barbican/barbican/queue/__init__.py", line 19, in <module>22:00
mmdurrant_    import oslo_messaging as messaging22:00
mmdurrant_ImportError: No module named oslo_messaging”22:00
mmdurrant_oslo.messaging exists22:00
mmdurrant_And this is something I’ve seen frequently - is the oslo project moving away from oslo_* to oslo.* ?22:00
mmdurrant_There doesn’t appear to be much consistency in that regard22:00
redrobotmmdurrant_ yes, oslo is changing all their namespaces.  maybe you have an old version?  newer versions introduce the underscore naming scheme.22:02
*** silos has left #openstack-barbican22:03
mmdurrant_I pull pretty regularly - my adventures with the master branch yesterday were… interesting.  I try to stick to the stable ones as there is less churn and less unpredictability.22:04
*** kfarr has joined #openstack-barbican22:04
*** Kevin_Bishop has quit IRC22:06
*** diazjf has left #openstack-barbican22:06
*** kfarr has left #openstack-barbican22:06
mmdurrant_I’ll try master today.  When devstack’ing barbican, it seems the most important parts are: ensuring the contrib/lib/barbican file is in devstack and the 70-barbican.sh is in extras.d so when devstack reads “barbican” in enabled services, it has the files necessary to install it22:08
rm_worki had some scripts around setting up octavia/neutronlbaas/barbican22:09
rm_workcan see if they are helpful for you, though they are a little outdated22:09
*** pglass has quit IRC22:10
rm_workmmdurrant_: https://gist.github.com/rm-you/d7fbe613d525f12dc44722:12
rm_workmmdurrant_: but as i said, it may be outdated, haven't tested in a while22:13
*** jhfeng has quit IRC22:23
mmdurrant_rm_work: tyvm22:29
*** spotz is now known as spotz_zzz22:32
*** alee has quit IRC22:33
*** chadlung has quit IRC22:44
*** chadlung has joined #openstack-barbican22:45
*** chadlung has quit IRC22:48
*** chadlung has joined #openstack-barbican22:48
*** chadlung has quit IRC22:51
*** chadlung has joined #openstack-barbican22:52
*** chadlung_ has joined #openstack-barbican22:57
*** chadlung has quit IRC22:57
*** shohel has quit IRC22:58
*** tkelsey has joined #openstack-barbican23:02
*** chadlung_ has quit IRC23:05
*** chadlung has joined #openstack-barbican23:05
*** tkelsey has quit IRC23:06
*** mdarby has joined #openstack-barbican23:07
*** mdarby has quit IRC23:07
*** chadlung has quit IRC23:10
*** chadlung has joined #openstack-barbican23:10
*** chadlung_ has joined #openstack-barbican23:13
*** chadlung has quit IRC23:13
*** chadlung_ has quit IRC23:20
*** chadlung has joined #openstack-barbican23:20
*** chadlung has quit IRC23:22
*** chadlung_ has joined #openstack-barbican23:23
*** chadlung_ has quit IRC23:26
*** chadlung has joined #openstack-barbican23:26
*** alee has joined #openstack-barbican23:26
*** yuanying has joined #openstack-barbican23:28
*** chadlung has quit IRC23:29
*** openstack has joined #openstack-barbican23:38
*** nelsnelson has quit IRC23:42
*** chlong has quit IRC23:49
« Wednesday, 2015-07-08 Index Friday, 2015-07-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!