Friday, 2015-07-10

*** madhuri has joined #openstack-barbican00:14
*** nelsnelson has joined #openstack-barbican00:15
yuanyinganyone arround?00:15
madhuriredrobot, ping?00:16
*** gyee has quit IRC00:36
*** dimtruck is now known as zz_dimtruck00:42
*** nelsnelson has quit IRC00:45
*** nelsnelson has joined #openstack-barbican00:46
*** nelsnelson has quit IRC00:59
*** yuanying_ has joined #openstack-barbican01:02
*** yuanying has quit IRC01:05
*** yuanying_ has quit IRC01:07
*** nelsnelson has joined #openstack-barbican01:17
*** chlong has joined #openstack-barbican01:21
*** nelsnelson has quit IRC01:23
*** yuanying has joined #openstack-barbican01:24
*** yuanying has quit IRC01:28
*** yuanying has joined #openstack-barbican01:29
*** yuanying has quit IRC01:30
*** crc32 has quit IRC01:32
*** yuanying has joined #openstack-barbican01:33
*** kfarr has joined #openstack-barbican01:42
*** kebray has quit IRC01:58
*** zz_dimtruck is now known as dimtruck02:02
*** arunkant__ has joined #openstack-barbican02:19
*** arunkant_ has quit IRC02:22
*** jhfeng has joined #openstack-barbican02:51
*** arunkant has joined #openstack-barbican03:01
*** tkelsey has joined #openstack-barbican03:04
*** arunkant__ has quit IRC03:05
*** tkelsey has quit IRC03:08
*** dave-mcc_ has quit IRC03:32
*** jhfeng has quit IRC03:35
*** kebray has joined #openstack-barbican03:36
*** crc32 has joined #openstack-barbican03:59
*** xaeth_afk is now known as xaeth04:01
*** arunkant_ has joined #openstack-barbican04:03
*** arunkant has quit IRC04:06
*** arunkant__ has joined #openstack-barbican04:08
*** crc32 has quit IRC04:11
*** arunkant_ has quit IRC04:11
*** arunkant__ has quit IRC04:37
*** kfarr has quit IRC04:50
*** kebray_ has joined #openstack-barbican05:21
*** kebray has quit IRC05:25
*** david-ly_ has joined #openstack-barbican05:37
*** david-lyle has quit IRC05:40
*** dimtruck is now known as zz_dimtruck05:49
*** ig0r__ has joined #openstack-barbican05:52
*** ig0r_ has quit IRC05:55
*** nickrmc83 has joined #openstack-barbican06:03
*** kebray_ has quit IRC06:40
*** shohel has joined #openstack-barbican07:08
*** jamielennox is now known as jamielennox|away07:17
*** shohel has quit IRC07:17
*** xaeth is now known as xaeth_afk07:19
*** eglute has quit IRC07:30
*** dolphm has quit IRC07:30
*** shohel has joined #openstack-barbican07:34
*** shohel has quit IRC07:47
*** nickrmc83 has quit IRC07:59
*** chlong has quit IRC08:10
*** yuanying has quit IRC08:10
*** shohel has joined #openstack-barbican08:17
*** shohel has quit IRC08:20
*** nickrmc83 has joined #openstack-barbican08:39
*** tkelsey has joined #openstack-barbican09:04
*** shohel has joined #openstack-barbican09:46
*** mmdurrant_ has quit IRC10:09
*** arunkant__ has joined #openstack-barbican10:34
*** arunkant__ has quit IRC10:41
*** eglute has joined #openstack-barbican10:53
*** dolphm has joined #openstack-barbican10:53
*** jamielennox|away is now known as jamielennox10:54
*** mmdurrant_ has joined #openstack-barbican11:59
*** nickrmc83 has quit IRC12:07
*** ig0r__ has quit IRC12:17
*** darrenmoffat has quit IRC12:23
*** darrenmoffat has joined #openstack-barbican12:23
*** ig0r_ has joined #openstack-barbican12:23
*** david-lyle has joined #openstack-barbican12:28
*** chlong has joined #openstack-barbican12:28
*** david-ly_ has quit IRC12:30
*** hockeynut has quit IRC12:38
*** hockeynut has joined #openstack-barbican12:42
*** dave-mccowan has joined #openstack-barbican12:56
*** nelsnelson has joined #openstack-barbican12:59
*** nelsnelson has quit IRC13:00
*** nelsnelson has joined #openstack-barbican13:01
*** jamielennox is now known as jamielennox|away13:09
*** arunkant has joined #openstack-barbican13:13
*** everjeje has joined #openstack-barbican13:16
*** shohel has quit IRC13:28
*** woodster_ has joined #openstack-barbican13:36
*** arunkant has quit IRC13:36
*** arunkant has joined #openstack-barbican13:40
*** SheenaG has joined #openstack-barbican13:46
*** spotz_zzz is now known as spotz14:00
*** pglass has joined #openstack-barbican14:04
*** rellerreller has joined #openstack-barbican14:09
rellerrellerdumb question but can someone give me the command to get a keystone token for a devstack instance?14:17
rellerrellerI'm trying to use the openstack CLI tool to do this, and then I want to use that token to test with barbican cli.14:17
elmikokeystone token-get , irrc14:20
elmikoiirc14:20
elmikoor if you have the unified client `openstack token issue`14:20
*** mmdurrant has quit IRC14:21
*** mmdurrant_ is now known as mmdurrant14:21
*** kfarr has joined #openstack-barbican14:21
*** zz_dimtruck is now known as dimtruck14:22
aleeredrobot, have a question on how to use the python-barbicanclient14:22
aleeredrobot, lets say I create a certificate order -- the code will look something like this:14:23
aleeorder = barbican.orders.create_certificate(14:24
alee        name=name,14:24
alee        request_type='simple-cmc',14:24
alee        ca_id=ca_id,14:24
alee        profile=profile,14:24
alee        request_data=request_data)14:24
alee    order_ref = order.submit()14:24
aleeif the order is created - great -- I have an order_ref14:24
aleeif not -- say 401 error or 500 or cannot connect, how do I figure out whats going on?14:24
kfarralee When I'm debugging creating secrets and it gives an error, at that point I'll usually check the logs or the Barbican screen session if I'm using devstack.  Maybe that's helpful for certificate creation, too.  I'd be interested to hear how other people debug14:37
aleekfarr, thanks -- actually that wasn't quite my question -- I was looking more as to how to write the code to handle those cases14:38
aleekfarr, but looking at the castellan code, I see exceptions are thrown14:39
kfarralee oh, sorry I misunderstood14:39
aleekfarr, np - I prob wasn't clear14:39
kfarralee, yeah in Castellan, we were just going to throw exceptions if something invalid occurs, so that the calling code will catch it14:41
aleekfarr, yup in the certmonger code,  I need to handle the exceptions accordingly14:42
rellerrellerelmiko I have been trying openstack token issue with no luck :(14:46
*** dimtruck is now known as zz_dimtruck14:46
rellerrellerelmiko I did learn something interesting.14:46
elmikorellerreller: weird, how is it blowing up?14:46
rellerrellerelmiko If I run `openstack --os-auth-url=http://localhost:5000/v3 --os-project-domain-id=default --os-project-name=demo --os-user-domain-id=default --os-username=admin --os-auth-type=password token issue`14:46
rellerrellerthen token issue fails :( so sad14:47
elmikoshouldn't those be --os-project-domain-name=default ?14:47
elmikoand --os-user-domain-name=default14:47
rellerrellerelmiko I did a tcpdump on this and noticed that this is the json blob '{"auth": {"scope": {"project": {"domain": {"id": "default"}, "name": "demo"}}, "identity": {"password": {"user": {"domain": {"id": "default"}, "password": null, "name": "admin"}}, "methods": ["password"]}}}'14:48
rellerrellerelmiko notice that the password string is null even though it asks me for the password14:48
elmikoweird..14:48
rellerrellerelmiko then I ran the same command but specified the password on the command line string, not ideal but I wanted to see what would happen.14:48
rellerrellerelmiko low and behold it worked14:49
elmikonice =)14:49
elmikothat's how i usually use it, well password in env variable14:49
rellerrellerelmiko `openstack --os-auth-url=http://localhost:5000/v3 --os-project-domain-id=default --os-project-name=demo --os-user-domain-id=default --os-username=admin --os-password="secretadmin" --os-auth-type=password token issue`14:49
*** SheenaG has quit IRC14:50
elmikoin devstack there is that rc file you can source to get most of those options in the env14:50
rellerrellerelmiko I guess that is what I will need to do.14:50
elmikorellerreller: look at the file openrc in the devstack folder14:50
rellerrellerI have been banging my head on this for about 2 hours now. I should have done the tcpdump earlier14:50
elmikooh man... =(14:50
rellerrellerelmiko thanks. I did not know about that openrc file.14:52
elmikorellerreller: also, if you are curious i have a small script i source to set things up for a remote keystone. its only setup for v2 currently, but v3 shouldn't be that difficult14:52
elmikohttps://github.com/elmiko/stack-stuff/blob/master/keystone_admin_remote14:53
*** chlong is now known as chlong-weekend14:54
rellerrellerelmiko I like this. I was wondering about how to unset the env variables.14:55
elmikorellerreller: i stole some of that from the virtualenv scripts =)14:56
*** Kevin_Bishop has joined #openstack-barbican14:59
*** rellerreller has quit IRC15:04
*** SheenaG has joined #openstack-barbican15:08
*** kebray has joined #openstack-barbican15:13
*** zz_dimtruck is now known as dimtruck15:15
*** ig0r__ has joined #openstack-barbican15:19
*** ig0r_ has quit IRC15:22
*** mikeymeitbual has joined #openstack-barbican15:24
*** chlong-weekend has quit IRC15:26
*** SheenaG has quit IRC15:31
*** diazjf has joined #openstack-barbican15:40
*** SheenaG has joined #openstack-barbican15:46
*** SheenaG has quit IRC15:46
*** SheenaG has joined #openstack-barbican15:47
*** SheenaG has quit IRC15:52
*** SheenaG has joined #openstack-barbican15:52
*** SheenaG has left #openstack-barbican15:52
*** shohel has joined #openstack-barbican16:05
hockeynutwoodster_ ping16:08
woodster_hockeynut: morning16:12
*** xaeth_afk is now known as xaeth16:21
*** everjeje has quit IRC16:28
*** kebray has quit IRC16:32
*** silos has joined #openstack-barbican16:41
diazjfhey everyone, I'm trying to run Barbican Client functest, but am getting 401 because of keystone. Any guide on setting up my env to run the functest? thx16:45
woodster_diazjf: well, there is info on setting up a keystone instance locally in our sphinx docs if that helps. This CR adds more config info to the Docker Keystone setup as well: https://review.openstack.org/#/c/169114/16:49
diazjfwoodster_ thanks. I'll take a look16:53
*** gyee has joined #openstack-barbican16:57
*** kebray has joined #openstack-barbican16:59
*** bitblt has joined #openstack-barbican17:01
*** dabukalam has quit IRC17:07
*** dabukalam has joined #openstack-barbican17:08
openstackgerritCharles Neill proposed openstack/barbican: Unauthed tests for Secret & Container ACLs  https://review.openstack.org/20063417:19
*** rellerreller has joined #openstack-barbican17:20
*** ccneill has joined #openstack-barbican17:23
*** silos has left #openstack-barbican17:23
ccneillhey guys, anyone got a minute to review a CR? I promise it's an easy one O:-)17:23
ccneillhttps://review.openstack.org/#/c/200634/17:23
arunkantreaperhulk : there? Have a quick question on pkcs11 impl. Do you a minute to clarify it?17:28
*** arunkant has quit IRC17:29
*** diazjf has quit IRC17:31
*** arunkant has joined #openstack-barbican17:32
*** shohel has quit IRC17:34
*** rellerreller has quit IRC17:43
*** shohel has joined #openstack-barbican17:48
*** shohel has quit IRC17:52
*** ccneill has quit IRC18:08
*** ccneill has joined #openstack-barbican18:28
*** ccneill has quit IRC18:29
*** mdarby has joined #openstack-barbican18:33
*** arunkant_ has joined #openstack-barbican18:36
*** arunkant has quit IRC18:39
*** ryanpetrello has quit IRC18:40
*** mdarby has quit IRC18:45
*** ryanpetrello has joined #openstack-barbican18:45
*** ccneill has joined #openstack-barbican18:53
*** SheenaG has joined #openstack-barbican18:54
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/20065818:54
ccneillhey dave-mccowan, thanks for taking a look at my CR. I agree about the duplicate helper functions - just wanted to keep my security tests separate as I've done for the other resources, but I think in this case you're right that they should just go together18:57
ccneillI'll update it in a moment18:57
*** tkelsey has quit IRC19:00
dave-mccowanccneill cool.  moving the duplicate code into the global scope or share class would also work for me, to cut down on duplication.19:08
*** rm_work is now known as rm_work|away19:11
reaperhulkarunkant_: what's up19:16
*** ig0r__ has quit IRC19:19
*** ig0r_ has joined #openstack-barbican19:20
*** xaeth is now known as xaeth_afk19:33
*** pglass has quit IRC19:33
*** xaeth_afk is now known as xaeth19:34
*** pglass has joined #openstack-barbican19:34
*** kebray has quit IRC19:36
ccneilldave-mccowan: yeah, I don't see much reason for those methods to be within the testcase class other than some assertions, but for now I'd rather not make any big changes to anyone else's tests19:43
*** pglass has quit IRC19:43
*** pglass has joined #openstack-barbican19:44
openstackgerritNathan Reller proposed openstack/barbican: Added opaque data support to KMIP secret store  https://review.openstack.org/20069219:45
openstackgerritDave McCowan proposed openstack/barbican: Add RBAC Functional Test for ACL Opeations  https://review.openstack.org/20069619:59
dave-mccowanccneill ^^ fyi, we're writing code in the same neighborhood.  i'll be happy to rebase mine after yours merges.19:59
ccneillcool cool20:01
ccneilljust running tox -e functional, and I got some very interesting results...20:01
ccneilljust running the functional tests seems to have crashed the API o_O20:01
ccneillthe new standard way to run the api is bin/barbican-api right?20:02
*** kebray has joined #openstack-barbican20:05
openstackgerritCharles Neill proposed openstack/barbican: Unauthed tests for Secret & Container ACLs  https://review.openstack.org/20063420:05
dave-mccowanccneill are you seeing stuff like: error in setup command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers20:06
ccneillI think I did see that this morning.. I believe it has to do with the version of pip20:07
ccneillI upgraded pip and for my virtualenv and blew up the .tox directory and that seemed to fix that issue20:07
dave-mccowanccneill i thought that might be your weirdness.  the quick fix to that error is to the 'install_requires' error is to upgrade pbr.20:09
ccneillthis was part of the stacktrace before the API stopped responding: https://gist.github.com/cneill/9f2a0da4b757866498ca20:11
ccneillsomething about the database locking20:11
*** bitblt has quit IRC20:14
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/20065820:14
*** crc32 has joined #openstack-barbican20:40
*** crc32 has quit IRC20:49
*** crc32 has joined #openstack-barbican20:50
*** rm_work|away is now known as rm_work20:53
*** kfarr has left #openstack-barbican20:57
-openstackstatus- NOTICE: Gerrit will be unavailable from 22:00 to 22:30 UTC for project renames21:02
*** ig0r_ has quit IRC21:10
*** spotz is now known as spotz_zzz21:14
*** SheenaG has quit IRC21:14
*** Kevin_Bishop has quit IRC21:16
*** SheenaG has joined #openstack-barbican21:23
*** Kevin_Bishop has joined #openstack-barbican21:30
openstackgerritDave McCowan proposed openstack/barbican: Implement Configuration, Controllers, and Validators for Resource Quotas  https://review.openstack.org/19876421:34
*** xaeth is now known as xaeth_afk21:51
*** rm_you| has joined #openstack-barbican21:55
-openstackstatus- NOTICE: Gerrit is unavailable from approximately 22:00 to 22:30 UTC for project renames21:57
*** ChanServ changes topic to "Gerrit is unavailable from approximately 22:00 to 22:30 UTC for project renames"21:57
*** pglass has quit IRC21:57
*** rm_you has quit IRC21:58
*** dimtruck is now known as zz_dimtruck21:59
*** kebray has quit IRC22:04
elmikoalee: if you're around we're talking about the copy spec in openstack-api22:06
elmikoredrobot too ^^22:06
*** ChanServ changes topic to "OpenStack Barbican development"22:30
*** elmiko is now known as _elmiko22:50
*** rm_you has joined #openstack-barbican23:00
*** rm_you has joined #openstack-barbican23:00
*** ccneill has quit IRC23:02
*** rm_you| has quit IRC23:02
jkfI wanted to ask before I file a bug and submit a patch, in the policy.json file, is there a reason that certificate_authority:add_to_project,remove_from_project,set_preferred use role:admin instead of rule:admin like the surrounding entries?23:06
*** rm_work is now known as rm_work|away23:20
*** gyee has quit IRC23:21
*** SheenaG has quit IRC23:30
*** openstackgerrit has quit IRC23:39
*** openstackgerrit has joined #openstack-barbican23:39
openstackgerritJason Fritcher proposed openstack/barbican: Fix policy.json certificate_authority inconsistency  https://review.openstack.org/20076623:43
*** SheenaG has joined #openstack-barbican23:51
*** Daviey has quit IRC23:52
*** SheenaG has quit IRC23:54
*** SheenaG has joined #openstack-barbican23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!