Thursday, 2015-08-20

« Wednesday, 2015-08-19 Index Friday, 2015-08-21 »
*** dave-mccowan has quit IRC00:00
*** zz_dimtruck is now known as dimtruck00:06
*** ccneill has quit IRC00:10
*** tkelsey has joined #openstack-barbican00:11
*** dave-mccowan has joined #openstack-barbican00:14
*** tkelsey has quit IRC00:15
*** gyee has quit IRC00:33
*** dave-mccowan has quit IRC00:37
*** rellerreller has quit IRC00:58
*** dave-mccowan has joined #openstack-barbican00:59
*** pksingh has quit IRC01:27
*** pksingh has joined #openstack-barbican01:29
*** woodster_ has quit IRC01:49
*** dimtruck is now known as zz_dimtruck01:50
*** outworlder has joined #openstack-barbican01:55
*** outworlder has left #openstack-barbican01:55
*** kebray has joined #openstack-barbican01:58
*** everjeje has quit IRC02:02
*** SheenaG1 has joined #openstack-barbican02:03
*** vivek-ebay has quit IRC02:22
*** kebray has quit IRC02:23
*** vivek-ebay has joined #openstack-barbican02:28
*** vivek-ebay has quit IRC02:28
*** nkinder has quit IRC03:03
*** vivek-ebay has joined #openstack-barbican03:37
*** vivek-eb_ has joined #openstack-barbican03:43
*** vivek-ebay has quit IRC03:43
*** tkelsey has joined #openstack-barbican04:12
*** tkelsey has quit IRC04:17
openstackgerritDave McCowan proposed openstack/barbican: Implement Models and Repositories for Resource Quotas  https://review.openstack.org/20589404:19
*** dave-mccowan has quit IRC04:22
*** vivek-ebay has joined #openstack-barbican04:35
*** vivek-eb_ has quit IRC04:38
pksinghrm_work: Hi, are you around?04:55
rm_workpksingh: yeah04:59
rm_workwhat's up?04:59
pksinghrm_work: can you look into http://paste.openstack.org/show/422402/ please04:59
pksinghrm_work: exceptions raised in py27 and py34 are different for this case05:00
rm_worklol05:03
rm_workweird05:03
rm_workso let's see05:03
rm_workI am guessing in py27, binascii.Error doesn't exist?05:03
* rm_work checks for himself05:03
pksinghyes i think so05:03
pksinghdo i need to handle all exception in validator instead of TypeError?05:04
rm_workpossibly :/05:06
rm_workthat would be the easiest05:07
rm_workeven though catching just Exception is discouraged05:07
rm_workat least you have a valid reason for it?05:07
pksinghyes05:07
rm_workso, see what other projects have done:05:08
rm_workhttp://pcf-decrypt.readthedocs.org/en/latest/_modules/pcf_decrypt.html05:08
rm_workthey do a quick version check, and set up which error they look for05:09
rm_workprobably that is cleaner05:09
pksinghok let me check05:10
rm_workexcept DecodeError:05:10
rm_worksince it will be the correct type05:10
pksinghyes thanks, it seems good idea05:10
pksinghi will do in same way, i think it should be OK05:11
rm_workyeah, should be fine05:12
pksinghthanks , you saved my time . great :)05:12
rm_worknp, back to figuring out someone else's issue too :P05:14
rm_work*another someone else's05:14
rm_workfor some reason it's usually more interesting than doing my own work <_<05:15
*** vivek-ebay has quit IRC05:37
openstackgerritPradeep Kumar Singh proposed openstack/barbican: Make barbican.tests.api.controllers.test_secrets py3 compatible  https://review.openstack.org/21496305:58
openstackgerritPradeep Kumar Singh proposed openstack/barbican: Make barbican.tests.api.controllers.test_secrets py3 compatible  https://review.openstack.org/21496306:08
*** tkelsey has joined #openstack-barbican06:30
*** tkelsey has quit IRC06:35
*** Nirupama has joined #openstack-barbican07:03
*** shohel has joined #openstack-barbican07:04
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/21498807:15
*** nickrmc83 has quit IRC08:24
*** nickrmc83 has joined #openstack-barbican08:24
*** tkelsey has joined #openstack-barbican08:27
*** everjeje has joined #openstack-barbican08:30
*** tkelsey has quit IRC08:39
*** tkelsey has joined #openstack-barbican08:45
*** tkelsey has quit IRC08:49
*** mmdurrant has quit IRC10:09
*** woodster_ has joined #openstack-barbican11:48
*** alee_getting_kid has quit IRC11:56
*** mmdurrant has joined #openstack-barbican11:58
*** chlong has joined #openstack-barbican12:46
*** dave-mccowan has joined #openstack-barbican12:52
*** chlong has quit IRC13:00
*** everjeje has quit IRC13:02
*** chlong has joined #openstack-barbican13:04
*** alee_ has joined #openstack-barbican13:16
*** kfarr has joined #openstack-barbican13:19
*** jamielennox is now known as jamielennox|away13:30
*** Nirupama has quit IRC13:58
*** SheenaG1 has left #openstack-barbican14:04
*** jlhinson has joined #openstack-barbican14:11
*** rellerreller has joined #openstack-barbican14:16
*** spotz_zzz is now known as spotz14:20
dave-mccowanrellerreller thanks for the review!14:30
dave-mccowanrellerreller the next two are smaller, if you want to keep rolling: https://review.openstack.org/212967 and https://review.openstack.org/21287614:31
rellerrellerdave-mccowan I can probably get to those tomorrow. I'm supposed to work on my other project today.14:33
alee_redrobot, ping14:38
alee_redrobot, jvrbanac - how does one turn on logging in the client?14:39
alee_that is debug logging .. I have a setup where I have volume encryptiom and I see that there are calls being made in cinder through the barbican client that are failing14:40
alee_trying to figure out why...14:41
*** zz_dimtruck is now known as dimtruck14:49
*** pglass has joined #openstack-barbican15:02
*** ccneill has joined #openstack-barbican15:04
*** pglbutt has joined #openstack-barbican15:04
*** ccneill_ has joined #openstack-barbican15:06
*** pglass has quit IRC15:07
*** ccneill has quit IRC15:09
*** ccneill_ is now known as ccneill15:12
*** xaeth_afk is now known as xaeth15:16
*** shohel has quit IRC15:16
*** kfox1111 has quit IRC15:19
*** everjeje has joined #openstack-barbican15:38
*** arunkant_ has joined #openstack-barbican15:39
*** kebray has joined #openstack-barbican15:44
*** darrenmoffat has quit IRC15:47
*** darrenmoffat has joined #openstack-barbican15:48
alee_redrobot, rellerreller , jvrbanac ping15:48
redrobotalee_ pong15:49
alee_redrobot, hey - how do I confirm that my barbican instance is working with keystone?15:49
redrobotalee_ I usually send an unauthenticated request to a route that requires auth to verify the 401, then try the same call with a token procured from the configured keystone.15:50
alee_redrobot, as far as I understand, the only config I need to do is ==> pipeline = keystone_authtoken context apiapp  , right?15:50
redrobotalee_ the keystone instance needs to have the admin account used for verification (configured in barbican conf)15:51
alee_the user with barbican/orange ?15:51
redrobotalee_ so a prereq is running https://github.com/openstack/barbican/blob/master/bin/keystone_data.sh15:51
redrobotalee_ yeah, the above linked bash script should create the barbican/orange user15:51
alee_ah wait -- I may have chnges things there ..15:51
alee_redrobot, so just to verify ..15:53
alee_I can do  .. openstack token issue15:53
alee_then take the project_id returned?15:53
alee_and use that in the request ?15:53
redrobotI'm not familiar with the openstackclient cli (shame on me)15:54
redrobotI usually use the keystone cli15:54
* redrobot makes a note to upgrade to openstackclient15:54
redrobotassuming openstack cli is configured with one of the users provisioned by keystone_data.sh, then the token should include the correct roles to access barbican15:54
redrobotalee_ you should get a token_id, not a project_id15:55
alee_hmm ..15:57
redrobotthen the token can be used in the "X-Auth-Token: {token_here}" header15:57
alee_redrobot, the user must have the creator role?16:00
alee_to store/gen secrets?16:00
redrobotalee_ creator or admin16:00
openstackgerritMerged openstack/barbican: Introduce the key-manager:service-admin role  https://review.openstack.org/21357016:01
alee_redrobot, I'm using admin ..16:01
redrobotalee_ not sure how to verify this in openstackclient, but you should ensure you're getting a scoped token.16:02
redrobotalee_ if you do the req to keystone directly, you should include the project you're scoping to, so that the produced token is scoped16:02
redrobotalee_  unscoped tokens will always 40116:03
alee_redrobot, hmm .. maybe thats it .. looking16:03
*** tkelsey has joined #openstack-barbican16:04
kfarrredrobot, did you see the comments on the global requirements Castellan patch from 'lifeless'? https://review.openstack.org/#/c/184874/16:08
kfarrredrobot, I could write the updates lifeless is requesting, but I'm not sure what he means16:09
redrobotkfarr looking16:13
redrobotkfarr ah yes...  he's asking us to set up the automated jobs that submit globa-requirements changes to castellan16:14
kfarrredrobot, is that an easy thing to do?  I'm looking at project-config, but I'm not immediately seeing how to do it16:15
dave-mccowankfarr in zuul/layout.yaml add a "check-requirements" line like other projects have.16:16
redrobotkfarr shouldn't be too hard to do... let me see if I can get a patch set up16:16
kfarrok thanks dave-mccowan and redrobot!16:17
openstackgerritChelsea Winfree proposed openstack/barbican: Add PUT support for generic container types  https://review.openstack.org/20724916:22
*** vivek-ebay has joined #openstack-barbican16:27
redrobotkfarr should be good to go now16:32
redrobotkfarr https://review.openstack.org/#/c/215225/16:33
redrobotkfarr also updated https://review.openstack.org/#/c/184874/16:33
dave-mccowanchellygel ping16:35
elmikoredrobot, kfarr, i took a stab at adding a little more usage documentation for castellan https://review.openstack.org/#/c/214827/16:36
redrobotelmiko LGTM!16:39
elmiko\o/16:40
*** tkelsey has quit IRC16:42
alee_redrobot, can you tell me what command you use to get a scoped token?16:44
kfarrThanks redrobot!!16:48
kfarrelmiko, I'll take a look!16:48
alee_redrobot, ?16:49
chellygeldave-mccowan, pong16:51
chellygelleaving shortly!16:51
dave-mccowanchellygel... i think i answered my question.  i added more comments to your review.16:52
chellygelawesome, okay16:53
chellygelthanks, i'll take a look and update16:53
dave-mccowanchellygel cool. if i guessed wrong, you can let me know in gerrit. :-)16:53
dave-mccowanalee_ here's one way to do it with curl and keystone v2:  curl -d '{"auth": {"tenantName": "service", "passwordCredentials": {"username": "barbican", "password": "orange"}}}' -H "Content-type: application/json" http://192.168.59.110:5000/v2.0/tokens16:54
redrobotalee_ sorry, stepped away to grab some food.  ^^ is correct, though you should probably add -H "Accept: application/json" as well.16:55
arunkant_alee, you can look in keystone curl examples ..http://docs.openstack.org/developer/keystone/api_curl_examples.html16:58
alee_dave-mccowan, redrobot , arunkant thanks17:01
*** tkelsey has joined #openstack-barbican17:02
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/21498817:04
alee_redrobot, ok - it looks like I am in fact getting scoped tokens17:09
alee_redrobot, but even so, auth is not working --  getting auth required17:11
alee_redrobot, what do I need to do to make barbican talk to keystione?17:11
*** edtubill has joined #openstack-barbican17:11
*** dimtruck is now known as zz_dimtruck17:13
redroboteverything should be in that paste.ini17:13
redrobotalee_ ^^17:13
*** zz_dimtruck is now known as dimtruck17:19
kfarrredrobot, there's a comment on the python-barbicanclient release patch saying that the release team doesn't have permissions to create the release https://review.openstack.org/#/c/214280/ :/17:29
kfarrShould I just follow this instead? http://docs.openstack.org/infra/manual/creators.html#tagging-a-release17:29
redrobotkfarr no, I was talking to a relmgr in the #openstack-relmgr-office channel, and it seems we still need more configuration on our end17:30
redrobotkfarr I should have a patch to project-config soon17:31
kfarrredrobot, Ok, I'll +1 it :)17:31
*** rellerreller has quit IRC17:33
*** edtubill has left #openstack-barbican17:36
*** kebray has quit IRC17:36
*** gyee has joined #openstack-barbican18:00
*** gyee has quit IRC18:00
*** gyee has joined #openstack-barbican18:03
*** kebray has joined #openstack-barbican18:04
*** tkelsey has quit IRC18:10
redrobotkfarr https://review.openstack.org/#/c/215269/18:16
*** dave-mcc_ has joined #openstack-barbican18:36
*** dave-mccowan has quit IRC18:39
*** vivek-ebay has quit IRC18:49
*** vivek-ebay has joined #openstack-barbican18:49
*** ccneill has quit IRC18:56
*** ccneill has joined #openstack-barbican19:05
*** tkelsey has joined #openstack-barbican19:13
*** tkelsey has quit IRC19:18
*** woodster_ has quit IRC19:27
*** jamielennox|away has quit IRC19:27
*** DuncanT has quit IRC19:28
*** ryanpetrello has quit IRC19:28
*** dave-mccowan has joined #openstack-barbican19:30
chellygeldave-mccowan, ping ?19:30
dave-mccowanchellygel pong19:30
chellygelfor the 409 message i was thinking, "Only generic containers can be modified. This container type is not mutable"19:30
chellygelsound good to you?19:30
dave-mccowanchellygel yep19:31
*** DuncanT has joined #openstack-barbican19:31
*** woodster_ has joined #openstack-barbican19:31
*** rm_work is now known as rm_work|away19:32
*** dave-mcc_ has quit IRC19:33
*** ryanpetrello has joined #openstack-barbican19:36
woodster_alee_: just noticed your messages...this CR gives more info on setting up Keystone: https://review.openstack.org/#/c/169114/19:40
*** jamielennox|away has joined #openstack-barbican19:47
*** jamielennox|away is now known as jamielennox19:47
alee_woodster_, thanks -- actually I got it set up -- what was missing was that I had keystone set up with https:  instead of http:19:50
alee_woodster_, so I confirmed now that my barbican works with keystone.  now trying to figure out why its not working with cinder19:50
alee_that is cinder -> barbican through keystone19:50
openstackgerritDave McCowan proposed openstack/barbican: Implement Models and Repositories for Resource Quotas  https://review.openstack.org/20589419:50
alee_for volume encryption19:51
*** ryanpetrello has quit IRC19:52
*** ryanpetrello has joined #openstack-barbican19:55
kfarralee_ what part is failing?19:58
alee_kfarr, actually -- I got a little further by specifying encryption_auth_url = https://openstack.alee.test:5000/v3 in the keymgr section of cinder.conf19:59
alee_kfarr, now I can see the request actually going to barbican and the kra20:00
kfarralee_ are you using devstack?20:00
alee_and am now confounded by a mismatch between my barbicanclient and the server version20:00
alee_kfarr, packstack20:00
alee_kfarr, its getting there though20:01
alee_redrobot, if I'm using kilo/stable for my server, which version of barbicanclient should I use?20:02
kfarralee_ ok I have not used packstack before, I wish I could help you more with the debugging20:03
alee_kfarr, no worries -- its getting there -- now at least cinder is talking to barbican which is talking to the kra20:04
kfarrI think for nova you're going to need to override the barbican url in the config file, too20:04
alee_kfarr, most likely yup20:08
alee_trying latest barbicanclient now ..20:08
openstackgerritDave McCowan proposed openstack/barbican: Add Quota Enforcement API  https://review.openstack.org/21296720:17
openstackgerritMerged openstack/barbican: Updated from global requirements  https://review.openstack.org/21498820:20
*** rellerreller has joined #openstack-barbican20:51
openstackgerritChelsea Winfree proposed openstack/barbican: Add PUT support for generic container types  https://review.openstack.org/20724920:52
*** rm_work|away is now known as rm_work21:13
*** pglbutt has quit IRC21:13
*** xaeth is now known as xaeth_afk21:14
*** kebray has quit IRC21:17
*** xaeth_afk is now known as xaeth21:23
*** rellerreller has quit IRC21:43
*** alee_ has quit IRC21:47
*** redrobot changes topic to "OpenStack Barbican Development - next milestone liberty-3 on Sept 1-3"21:52
*** xaeth is now known as xaeth_afk22:15
*** xaeth_afk is now known as xaeth22:25
*** chlong has quit IRC22:25
*** spotz is now known as spotz_zzz22:35
*** kfarr has quit IRC22:38
*** alee_ has joined #openstack-barbican22:48
*** darrenmoffat has quit IRC22:56
*** darrenmoffat has joined #openstack-barbican22:58
*** rm_work is now known as rm_work|away23:01
*** jlhinson has quit IRC23:03
*** arunkant_ has quit IRC23:13
*** ccneill has quit IRC23:32
*** dimtruck is now known as zz_dimtruck23:33
« Wednesday, 2015-08-19 Index Friday, 2015-08-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!