*** kebray has joined #openstack-barbican | 00:17 | |
*** vivek-ebay has joined #openstack-barbican | 01:17 | |
*** vivek-ebay has quit IRC | 01:22 | |
*** yuanying has quit IRC | 01:32 | |
*** yuanying has joined #openstack-barbican | 01:35 | |
*** tkelsey has joined #openstack-barbican | 01:46 | |
*** tkelsey has quit IRC | 01:51 | |
*** david-ly_ has joined #openstack-barbican | 01:51 | |
*** yuanying has quit IRC | 01:52 | |
*** yuanying has joined #openstack-barbican | 01:53 | |
*** david-lyle has quit IRC | 01:54 | |
*** yuanying has quit IRC | 02:01 | |
*** yuanying has joined #openstack-barbican | 02:01 | |
*** yuanying has quit IRC | 02:02 | |
*** yuanying has joined #openstack-barbican | 02:13 | |
openstackgerrit | Pradeep Kumar Singh proposed openstack/barbican: Make tests in barbican.tests.plugin py3 compatible https://review.openstack.org/216093 | 02:15 |
---|---|---|
*** yuanying has quit IRC | 02:15 | |
*** yuanying has joined #openstack-barbican | 02:38 | |
*** vivek-ebay has joined #openstack-barbican | 02:49 | |
*** yuanying has quit IRC | 02:50 | |
*** yuanying has joined #openstack-barbican | 02:54 | |
*** dave-mcc_ has quit IRC | 02:58 | |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Use testr for running functional tests and documentation https://review.openstack.org/218117 | 03:25 |
*** yuanying_ has joined #openstack-barbican | 03:42 | |
*** yuanying has quit IRC | 03:44 | |
*** tkelsey has joined #openstack-barbican | 03:48 | |
*** tkelsey has quit IRC | 03:52 | |
*** jamielennox is now known as jamielennox|away | 03:56 | |
*** vivek-eb_ has joined #openstack-barbican | 04:10 | |
*** vivek-ebay has quit IRC | 04:13 | |
*** vivek-eb_ is now known as vivek | 04:14 | |
*** vivek is now known as Guest79188 | 04:14 | |
*** kebray has quit IRC | 04:18 | |
*** kebray has joined #openstack-barbican | 04:18 | |
*** Guest79188 has quit IRC | 04:23 | |
*** kebray_ has joined #openstack-barbican | 04:41 | |
*** kebray has quit IRC | 04:43 | |
*** vivek has joined #openstack-barbican | 05:20 | |
*** vivek is now known as Guest46095 | 05:20 | |
*** Guest46095 has quit IRC | 05:24 | |
*** Nirupama has joined #openstack-barbican | 05:38 | |
*** vivek has joined #openstack-barbican | 05:54 | |
*** vivek is now known as Guest1071 | 05:54 | |
*** pksingh has quit IRC | 06:05 | |
*** shohel has joined #openstack-barbican | 06:16 | |
*** Guest1071 has quit IRC | 06:17 | |
*** kebray_ has quit IRC | 06:59 | |
*** tkelsey has joined #openstack-barbican | 07:24 | |
*** chlong has quit IRC | 07:56 | |
*** everjeje has joined #openstack-barbican | 08:29 | |
*** shohel has quit IRC | 08:29 | |
*** shohel has joined #openstack-barbican | 08:29 | |
*** shohel has quit IRC | 08:51 | |
*** shohel has joined #openstack-barbican | 08:52 | |
*** darrenmoffat has quit IRC | 09:09 | |
*** darrenmoffat has joined #openstack-barbican | 09:10 | |
*** jaosorior has joined #openstack-barbican | 10:23 | |
*** jaosorior has quit IRC | 10:24 | |
*** jaosorior has joined #openstack-barbican | 10:24 | |
*** shohel1 has joined #openstack-barbican | 10:30 | |
*** shohel has quit IRC | 10:33 | |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 10:41 |
*** jaosorior has quit IRC | 10:54 | |
*** peter-hamilton has joined #openstack-barbican | 10:57 | |
*** DTadrzak has joined #openstack-barbican | 10:57 | |
*** jaosorior has joined #openstack-barbican | 10:59 | |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 11:03 |
*** shohel1 has quit IRC | 11:05 | |
*** shohel has joined #openstack-barbican | 11:05 | |
*** jaosorior has quit IRC | 11:27 | |
*** jaosorior has joined #openstack-barbican | 11:27 | |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 12:02 |
*** shohel has quit IRC | 12:02 | |
*** shohel has joined #openstack-barbican | 12:02 | |
*** Nirupama has quit IRC | 12:14 | |
*** dave-mccowan has joined #openstack-barbican | 12:18 | |
*** chlong has joined #openstack-barbican | 12:22 | |
*** lisaclark1 has joined #openstack-barbican | 12:25 | |
*** alee has quit IRC | 12:25 | |
*** alee_ has quit IRC | 12:25 | |
*** SheenaG has joined #openstack-barbican | 12:35 | |
*** SheenaG has left #openstack-barbican | 12:35 | |
*** jhfeng has quit IRC | 12:42 | |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 12:53 |
*** nelsnelson has joined #openstack-barbican | 12:58 | |
*** spotz_zzz is now known as spotz | 12:59 | |
*** lisaclark1 has quit IRC | 13:06 | |
*** woodster_ has joined #openstack-barbican | 13:13 | |
*** lisaclark1 has joined #openstack-barbican | 13:15 | |
*** kfarr has joined #openstack-barbican | 13:17 | |
jaosorior | kfarr: I think that CR is pretty much set. | 13:22 |
kfarr | jaosorior, ok :) | 13:22 |
jaosorior | kfarr: The one after that is pretty trivial too. If you have time to check it out :D | 13:23 |
*** lisaclark1 has quit IRC | 13:23 | |
jaosorior | kfarr: https://review.openstack.org/#/c/220563/ | 13:26 |
*** lisaclark1 has joined #openstack-barbican | 13:26 | |
kfarr | jasorior, I'm looking at it! Today's a great day to review sub-CA code | 13:26 |
jaosorior | haha yay :D | 13:27 |
*** shohel has quit IRC | 13:29 | |
*** alee has joined #openstack-barbican | 13:30 | |
*** alee_ has joined #openstack-barbican | 13:31 | |
*** shohel has joined #openstack-barbican | 13:34 | |
*** lisaclark1 has quit IRC | 13:35 | |
alee | jaosorior, ping | 13:38 |
alee | kfarr, thanks for reviews -- I'm going to address your comments on Oz last patch right now. | 13:38 |
alee | dave-mccowan, it would be great if you could add quota support to subcas. | 13:40 |
jaosorior | alee: pong | 13:40 |
jaosorior | alee: Which patch? | 13:40 |
alee | jaosorior, hey - validator patch | 13:41 |
alee | wasn't sure if you were around :) | 13:41 |
dave-mccowan | alee sound good. i'll do it. | 13:41 |
alee | jaosorior, but if you are - please feel free to address | 13:41 |
alee | dave-mccowan, thanks! | 13:41 |
jaosorior | alee: I'll do it. I'm just waiting for this patch to finish execution in the gate: https://review.openstack.org/#/c/220409/8 | 13:42 |
alee | jaosorior, thats the funcitonal tests one, right? | 13:43 |
jaosorior | alee: Yep. Should be passing now | 13:44 |
alee | jaosorior, we need to disable a few of the tests for dogtag | 13:44 |
alee | unless you did that .. | 13:44 |
jaosorior | alee: I did | 13:44 |
jaosorior | alee: three patches are disabled since the dogtag plugin still lacks that functionality | 13:44 |
jaosorior | alee: * tests, not patches | 13:45 |
alee | jaosorior, ok I see what you did - that works | 13:46 |
jaosorior | AAaand it passes now | 13:46 |
alee | jaosorior, I still see a coverage failure? | 13:47 |
dave-mccowan | what's the trick to getting snake oil configure to run? i uncommented the 3 lines at the bottom of barbican.conf and i set enabled_certificate_plugins = snakeoil_ca. but GET /v1/cas still returns [] | 13:47 |
jaosorior | alee: So it seems. I'll check it out after addressing kfarr's comments | 13:47 |
alee | dave-mccowan, you have to send in a cert request first | 13:48 |
alee | dave-mccowan, the cas table gets populated by an initial cert request | 13:48 |
alee | dave-mccowan, I'd like to change that perhaps - but thats the way it goes right now. | 13:48 |
dave-mccowan | alee doesn't a user need to know the ca id to make a cert request? | 13:49 |
alee | dave-mccowan, no | 13:49 |
alee | dave-mccowan, it will go to the default or first ca | 13:49 |
alee | and then all the ca plugins will be updated | 13:49 |
jaosorior | alee: wouldn't doing a GET to /v1/cas/get-preferred also populate it? | 13:49 |
alee | dave-mccowan, https://review.openstack.org/#/c/219412/7 | 13:50 |
alee | quickstart docs | 13:50 |
alee | jaosorior, I wouldn't think so offhand | 13:50 |
alee | there is a function refresh_cas() or somesuch that is called. | 13:50 |
alee | refresh_ca_table() | 13:52 |
alee | which is only called on issue_cert_request() right now | 13:52 |
dave-mccowan | alee thanks. i'd like to see that changed too. and that doc change merged. a couple folks at my company ran into this, and the current docs don't highlight that behavior, like your patch set does. | 13:54 |
alee | jaosorior, yeah - I tried to fix that coverage problem but my attempt doesn't seem to have worked | 13:54 |
alee | dave-mccowan, agreed - please +1 the docs patch :) | 13:54 |
alee | dave-mccowan, and yeah -once this set of patches gets merged, I'll look into changing that somehow. | 13:55 |
jaosorior | alee: Where was it that the coverage failed again? | 13:55 |
alee | jaosorior, barbican/plugin/snakeoil_ca.py (96.1%): Missing lines 228-230 | 13:55 |
alee | jaosorior, case where subca already exists and is read on startup | 13:56 |
alee | jaosorior, I tried creating a cert/key file in the tmpdir , but that didn't work | 13:57 |
jaosorior | alee: Aaah...that | 13:57 |
alee | jaosorior, so yeah - if you have any thoughts on how to fix that - that would be super. | 13:57 |
alee | more likely than not, that should be fixed on the previous patch though | 13:57 |
alee | ie. the one that adds snakeoil plugin | 13:57 |
jaosorior | yeah... I still don't figure out why it fails | 13:58 |
*** lisaclark1 has joined #openstack-barbican | 13:58 | |
alee | jaosorior, initially, it did not fail on my system because I had stuff under /etc/barbican/snakeoil-cas | 13:58 |
openstackgerrit | Merged openstack/barbican: Support for creation of subordinate CAs https://review.openstack.org/219411 | 13:59 |
alee | so I really don't know if its actually using the tmpdir | 13:59 |
alee | woohoo! one down | 13:59 |
alee | dave-mccowan, I see you took bug 1477240 | 14:01 |
openstack | bug 1477240 in Barbican "snakeoil plugin needs input CSR base64 decoded" [Undecided,Confirmed] https://launchpad.net/bugs/1477240 - Assigned to Dave McCowan (dave-mccowan) | 14:01 |
dave-mccowan | alee yea. i can fix the unit tests on your patch, if you'd like. | 14:01 |
alee | dave-mccowan, I fixed this in https://review.openstack.org/#/c/220409/ | 14:02 |
alee | dave-mccowan, needed to do this to run the functional tests correctly | 14:02 |
jaosorior | alee: Ah! I'll mark it there then | 14:03 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: API documentation for CAs interface https://review.openstack.org/219412 | 14:04 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add validators for new CA creations https://review.openstack.org/220563 | 14:04 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 14:04 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 14:04 |
dave-mccowan | alee does the one-line need to go to kilo too? | 14:04 |
alee | dave-mccowan, well its one line + fixes to the unit tests | 14:04 |
alee | dave-mccowan, but probably yes | 14:05 |
jaosorior | alee: Can you +2 the following CR? https://review.openstack.org/#/c/205059/ that's needed to get the kilo gate working | 14:05 |
*** lisaclark1 has quit IRC | 14:05 | |
alee | jaosorior, looking | 14:05 |
jaosorior | kfarr: Addressed your comments in the validator CR | 14:07 |
alee | jaosorior, hockeynut_afk , dave-mccowan whats the deal with the gate failures for the patch? | 14:09 |
alee | https://review.openstack.org/#/c/205059 | 14:09 |
jaosorior | alee: You mean the dogtag gate failures? That patch is the requirements to get the dogtag gate fix patches we've been meaning to put into the stable/kilo branch for a while | 14:10 |
jaosorior | * requirement | 14:11 |
dave-mccowan | alee in "stable" kilo, infra changed under us. Mock changed to a new version and Tempest changed to a new version and something else changes with docs. this super-patch is mostly a mash of 3 other CRs that all needed to go together to fix the gates. | 14:11 |
alee | jaosorior, ok - so I can ignore those then -- what about gate-barbican-devstack-dsvm-new ? | 14:11 |
jaosorior | I don't know if the new changes for the gate are enabled in the stable/kilo gate | 14:11 |
dave-mccowan | alee rm_work is working on -new gates. he has some more work to do, so the -new is liberty and newer only. | 14:12 |
alee | ok | 14:12 |
dave-mccowan | alee he wrote code to use the new devstack plugin feature to make barbican easier to use with devstack. | 14:12 |
dave-mccowan | jaosorior they shouldn't be. i -1ed his patch to project-infra until he makes it not apply to stable/kilo. | 14:14 |
alee | dave-mccowan, jaosorior looks like redrobot beat me to it | 14:14 |
alee | kfarr, thanks for review of https://review.openstack.org/#/c/220563/ | 14:16 |
jaosorior | alee: what are you referring to? | 14:17 |
alee | jaosorior, validators patch | 14:17 |
alee | jaosorior, I'm going to wait for gate results and then will workflow it | 14:17 |
jaosorior | alee: I meant when you said that redrobot beat you to it | 14:17 |
alee | jaosorior, infra patch | 14:17 |
jaosorior | I see | 14:18 |
jaosorior | Thanks redrobot :D | 14:18 |
*** shohel has quit IRC | 14:18 | |
redrobot | o/ | 14:18 |
alee | redrobot, you know, redrobot - as you're in a reviewing mood .. | 14:19 |
alee | redrobot, https://review.openstack.org/#/c/219412 is a nice easy one to workflow | 14:22 |
*** edtubill has joined #openstack-barbican | 14:33 | |
*** pglass has joined #openstack-barbican | 14:35 | |
jaosorior | kfarr: Are you around? | 14:42 |
kfarr | jaosorior, yup! | 14:42 |
jaosorior | kfarr: Got some workflows for this CR and the subsequent ones? https://review.openstack.org/#/c/205039/ they are part of a series to fix the dogtag gate in the stable/kilo branch | 14:43 |
jaosorior | kfarr: They are backported from the master branch directly | 14:43 |
kfarr | jaosorior, will take a look | 14:43 |
*** jhfeng has joined #openstack-barbican | 14:45 | |
jaosorior | kfarr: Sure. Initially the first patch (The one I referred you to) had fixed that gate; But some changes to dogtag required the subsequent patches | 14:45 |
*** david-ly_ is now known as david-lyle | 14:53 | |
jaosorior | kfarr: Anyway, the last patch should be the fix: https://review.openstack.org/#/c/205042/ and as you can see it actually makes the dogtag gate pass. But the patches before it are needed | 14:54 |
*** lisaclark1 has joined #openstack-barbican | 14:58 | |
*** everjeje has quit IRC | 15:02 | |
*** kfarr has quit IRC | 15:07 | |
*** kfarr has joined #openstack-barbican | 15:10 | |
*** lisaclark1 has quit IRC | 15:22 | |
*** lisaclark1 has joined #openstack-barbican | 15:33 | |
dave-mccowan | redrobot is the container put blueprint a priority for liberty, or are we going to push it? https://review.openstack.org/#/c/207249/ | 15:37 |
*** edtubill has left #openstack-barbican | 15:45 | |
*** edtubill has joined #openstack-barbican | 15:45 | |
jaosorior | Any workflows for this? https://review.openstack.org/#/c/219412/ | 15:51 |
jaosorior | kfarr: Thanks for the comments on the dogtag related fixes. I added the "cherry-picked from" flag | 15:52 |
*** lisaclark1 has quit IRC | 15:53 | |
*** lisaclark1 has joined #openstack-barbican | 15:56 | |
*** diazjf has joined #openstack-barbican | 16:00 | |
*** lisaclark1 has quit IRC | 16:02 | |
*** gyee has joined #openstack-barbican | 16:03 | |
openstackgerrit | Merged openstack/barbican: Add validators for new CA creations https://review.openstack.org/220563 | 16:05 |
*** ccneill has joined #openstack-barbican | 16:05 | |
*** vivek has joined #openstack-barbican | 16:06 | |
*** vivek is now known as Guest3460 | 16:06 | |
jaosorior | Hey people. I decided to nominate dave-mccowan for Barbican core: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html Bring those +1's | 16:11 |
jaosorior | alee, redrobot, woodster_, kfarr ^^ | 16:11 |
alee | jaosorior, dave-mccowan done | 16:14 |
*** rm_mobile has joined #openstack-barbican | 16:19 | |
*** rm_mobile has quit IRC | 16:19 | |
*** rm_mobile has joined #openstack-barbican | 16:19 | |
*** jaosorior has quit IRC | 16:21 | |
*** diazjf has quit IRC | 16:25 | |
*** Guest3460 has quit IRC | 16:26 | |
*** silos has joined #openstack-barbican | 16:28 | |
*** diazjf has joined #openstack-barbican | 16:30 | |
*** kebray has joined #openstack-barbican | 16:31 | |
*** kebray has quit IRC | 16:34 | |
*** lisaclark1 has joined #openstack-barbican | 16:39 | |
*** kebray has joined #openstack-barbican | 16:42 | |
*** lisaclark1 has quit IRC | 16:44 | |
*** lisaclark1 has joined #openstack-barbican | 16:51 | |
*** diazjf has quit IRC | 16:57 | |
*** everjeje has joined #openstack-barbican | 17:00 | |
*** lisaclark1 has quit IRC | 17:01 | |
*** lisaclark1 has joined #openstack-barbican | 17:03 | |
*** kfarr has quit IRC | 17:04 | |
*** kebray has quit IRC | 17:04 | |
*** diazjf has joined #openstack-barbican | 17:05 | |
*** lisaclark2 has joined #openstack-barbican | 17:07 | |
*** lisaclark2 has quit IRC | 17:07 | |
*** lisaclark1 has quit IRC | 17:09 | |
*** vivek has joined #openstack-barbican | 17:12 | |
*** vivek has quit IRC | 17:12 | |
*** rm_mobile has quit IRC | 17:18 | |
*** peter-hamilton has quit IRC | 17:19 | |
*** nelsnelson has quit IRC | 17:34 | |
*** nelsnelson has joined #openstack-barbican | 17:39 | |
*** ccneill has quit IRC | 17:45 | |
*** pglass has quit IRC | 17:49 | |
*** pglass has joined #openstack-barbican | 17:49 | |
*** ccneill has joined #openstack-barbican | 17:57 | |
*** nelsnelson has quit IRC | 17:59 | |
*** SheenaG has joined #openstack-barbican | 18:00 | |
*** SheenaG has left #openstack-barbican | 18:00 | |
diazjf | elmiko, can you share the patch for sahara that you are working on? kfarr, added this https://review.openstack.org/#/c/220850/ to enable rekey is future swift keymaster code.\ | 18:02 |
*** nelsnelson has joined #openstack-barbican | 18:03 | |
elmiko | diazjf: yea, 1sec, sorry i missed you last week. you logged off just before i uploaded my patch | 18:04 |
elmiko | diazjf: https://review.openstack.org/#/c/220680/ | 18:04 |
diazjf | elmiko, no worries, thanks alot!! | 18:07 |
elmiko | diazjf: no problem, ping me if you have any questions or comments | 18:10 |
diazjf | elmiko, thanks, I will look over the code in a few. BTW does your implementation use Barbican as a key manager? | 18:11 |
elmiko | diazjf: our impl allows for either barbican or our sahara key manager. by default we are using our own key manager. | 18:12 |
elmiko | this is based on our needs for backward compatibility, and not placing the barbican requirement on our end-users | 18:12 |
elmiko | the main reason we chose to use castellan is that it provides a nice abstraction for whichever key manager backend we need | 18:13 |
diazjf | elmiko, how are you able to choose? | 18:16 |
elmiko | diazjf: you can change the key manager by adjusting the "api_class" configuration value. | 18:18 |
elmiko | look at the castellan docs, https://github.com/openstack/castellan/blob/master/doc/source/usage.rst | 18:18 |
elmiko | see "Example. Changing the key manager provider while using the global configuration." | 18:19 |
diazjf | elmiko, will do thanks! | 18:22 |
*** openstackgerrit has quit IRC | 18:31 | |
*** openstackgerrit has joined #openstack-barbican | 18:31 | |
rm_work | woo Castellan doing what it is supposed to do :P | 18:38 |
*** jhfeng has quit IRC | 18:41 | |
*** jhfeng has joined #openstack-barbican | 18:44 | |
elmiko | rm_work: yea =) | 18:47 |
rm_work | so if you guys needed certificates, you'd still be a great use-case for castellan-certs | 18:47 |
rm_work | but i guess you do not? | 18:47 |
rm_work | since you do/did have a way for users to input certs directly to you, so it does make some sense for flipping from your DB to barbican | 18:48 |
elmiko | currently, we are just trying to offload password type secrets. we might have use for the certificate stuff in the future though/ | 18:55 |
*** ccneill_ has joined #openstack-barbican | 19:05 | |
*** ccneill has quit IRC | 19:05 | |
*** pglass has quit IRC | 19:06 | |
*** ccneill_ is now known as ccneill | 19:06 | |
*** ccneill_ has joined #openstack-barbican | 19:07 | |
*** ccneill has quit IRC | 19:11 | |
*** kebray has joined #openstack-barbican | 19:20 | |
*** kebray has quit IRC | 19:20 | |
*** silos has left #openstack-barbican | 19:21 | |
*** kebray has joined #openstack-barbican | 19:21 | |
*** kfarr has joined #openstack-barbican | 19:26 | |
*** kebray has quit IRC | 19:36 | |
alee | kfarr, ping | 19:52 |
kfarr | alee, pong! | 19:52 |
alee | kfarr, hey - can you look at https://review.openstack.org/#/c/220011/ ? | 19:52 |
alee | kfarr, and then https://review.openstack.org/#/c/220409/ ? | 19:53 |
kfarr | alee, ok, I will take a look! | 19:53 |
alee | kfarr, thanks! | 19:53 |
openstackgerrit | Merged openstack/barbican: API documentation for CAs interface https://review.openstack.org/219412 | 20:05 |
*** tkelsey has quit IRC | 20:07 | |
*** silos has joined #openstack-barbican | 20:10 | |
*** silos has left #openstack-barbican | 20:10 | |
*** pglass has joined #openstack-barbican | 20:20 | |
*** Guest99551 has joined #openstack-barbican | 20:23 | |
Guest99551 | hi | 20:23 |
redrobot | hi Guest99551 | 20:23 |
*** ccneill has joined #openstack-barbican | 20:24 | |
dave-mccowan | alee you need to add project_id to cert_resources.create_subordinate_ca() in 220011 | 20:24 |
dave-mccowan | alee (or i need to) :-) quota support on the way. | 20:24 |
alee | dave-mccowan, looking .. | 20:24 |
dave-mccowan | alee nevermind. it's there as project. | 20:25 |
alee | dave-mccowan, ok good :) | 20:25 |
*** ccneill_ has quit IRC | 20:27 | |
*** Guest99551 has quit IRC | 20:28 | |
*** Anton12345 has joined #openstack-barbican | 20:45 | |
*** Anton12345 has quit IRC | 20:46 | |
dave-mccowan | alee are the snakeoil functional tests working now? | 20:47 |
dave-mccowan | alee (for subcas) | 20:47 |
alee | dave-mccowan, theyshould be yes | 20:47 |
alee | dave-mccowan, they should be yes | 20:47 |
*** Antonwoods has joined #openstack-barbican | 20:47 | |
alee | dave-mccowan, https://review.openstack.org/#/c/220409/ | 20:48 |
dave-mccowan | alee do i need to change a config setting to unskip them? | 20:48 |
alee | dave-mccowan, so they are not yet merged -- see above patch (and one before that) | 20:49 |
alee | dave-mccowan, but with those patches merged, they would be running | 20:49 |
dave-mccowan | alee i did a git review -d 220409 to start. i'm basing my quota contribution on top of them. | 20:50 |
alee | dave-mccowan, ok good | 20:50 |
alee | dave-mccowan, so they should just run -- against the snakeoil ca | 20:50 |
*** Antonwoods has quit IRC | 20:51 | |
*** jaosorior has joined #openstack-barbican | 20:52 | |
dave-mccowan | for me, the skipIf check passes (not snakeoil) and they are skipped. | 20:52 |
dave-mccowan | alee and if i comment out that, only simple_certificate is showing up in my cas list. | 20:53 |
zigo | Hi ! | 20:53 |
*** Antonwoods has joined #openstack-barbican | 20:53 | |
zigo | Is there anyone working on Castellan here? | 20:53 |
zigo | I got packaging issues that must be solved upstream ASAP. | 20:53 |
jaosorior | dave-mccowan: What's up? | 20:53 |
dave-mccowan | jaosorior when i try to run the functional tests you added (and the new ones i added) all the snakeoil ones are skipped. | 20:54 |
dave-mccowan | jaosorior when i force them to run (by commenting out skipIfs), snakeoil is not in my cas list. | 20:55 |
jaosorior | Ooook | 20:55 |
jaosorior | that's weird | 20:55 |
zigo | To make things short: could someone urgently release a new version of castellan ? | 20:56 |
dave-mccowan | do functional tests read barbican.conf? | 20:56 |
*** reaperhulk has quit IRC | 20:56 | |
*** reaperhulk has joined #openstack-barbican | 20:56 | |
jaosorior | They should with the change I added | 20:56 |
zigo | Otherwise, it's going to be difficult for me to build Glance which depends on it. | 20:56 |
dave-mccowan | zigo you need to ask kfarr | 20:56 |
jaosorior | redrobot, kfarr: ^^ | 20:57 |
zigo | dave-mccowan: Thanks ! | 20:57 |
zigo | I just spoke to redrobot in the #openstack-glance channel, as I bumped into castellan doing the Liberty b3 package of Glance for Debian. | 20:57 |
kfarr | Hey zigo, I will take a look, what is the issue? | 20:57 |
dave-mccowan | jaosorior which one does it read? /etc/barbican or from the tree? | 20:58 |
zigo | kfarr: The requirements.txt of Castellan are basically those of Kilo ... | 20:58 |
zigo | kfarr: Things like pbr<1.0 | 20:58 |
jaosorior | dave-mccowan: It should be reading /etc/barbican | 20:58 |
rm_work | jaosorior: i thought they normally read from barbican-functional.conf, is that merging? | 20:58 |
zigo | kfarr: I can't use that if I don't heavily patch it. | 20:58 |
zigo | kfarr: So basically, just please release what's in master. | 20:58 |
jaosorior | I mean /etc/barbican/barbican.conf | 20:58 |
zigo | kfarr: Requirements.txt in master is in line with the rest of OpenStack as much as I can see. | 20:59 |
alee | yeah - should be reading from barbican-functional.conf | 20:59 |
jaosorior | rm_work: It read the one you mention. But if you import barbican.common.config you can actually read what's given to the serer | 20:59 |
alee | jaosorior, you mean /etc/barbican/barbican-functional.conf , right? | 20:59 |
jaosorior | no | 20:59 |
zigo | (I didn't look deep, just from top of my head after doing approx 50 package upload for Liberty B3 so far...) | 20:59 |
kfarr | zigo, I will work on a release, one second | 21:00 |
zigo | kfarr: Thanks so much. | 21:00 |
zigo | I'll put Glance and Castellan packaging on hold until then. | 21:00 |
jaosorior | The way I implemented the skipping of tests for in this CR https://review.openstack.org/#/c/220409/11/functionaltests/api/v1/functional/test_cas.py was by reading what plugin does the server have. And that configuration is not in the barbican-functional.conf | 21:00 |
zigo | And I'll work on something else. | 21:00 |
zigo | (probably horizon and its xstatic dependencies) | 21:00 |
jaosorior | so I needed to read what's it /etc/barbican/barbican.conf which is the server configuration | 21:00 |
alee | jaosorior, you are running the functional tests using tox -e functional , right? | 21:02 |
dave-mccowan | jaosorior alee i see, so now it reads from both. it works in the gate, but not in my setup. so i need to figure out what i'm doing differently. | 21:02 |
jaosorior | alee: I'm talking about the gate | 21:02 |
dave-mccowan | jaosorior mainly i was asking to make sure it's supposed to be working, before i debug my local setup. | 21:03 |
alee | jaosorior, so that I understand then, if I am running the functional tests locally then -- using tox -e functional , what config file do I need to have set up? | 21:04 |
dave-mccowan | before adding subcas, how many CAs should be in my list? 2 (simple_certificate and snakeoil) | 21:04 |
alee | yes | 21:05 |
jaosorior | Actually | 21:05 |
jaosorior | I think there's a bug | 21:06 |
jaosorior | it might be getting it from somewhere else | 21:06 |
jaosorior | due to this https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L134 | 21:06 |
jaosorior | I mean, this: https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L136 | 21:06 |
jaosorior | it's still looking for barbican-api.conf | 21:06 |
alee | sorry - guys I need to head offline right now .. back in a few hours | 21:07 |
jaosorior | alee: Have a good one | 21:07 |
alee | jaosorior, please send me an email with what you find. | 21:07 |
alee | jaosorior, I suspect that this might impact the strange coverage thing perhaps. | 21:07 |
jaosorior | alee: I will submit a patch and lets see how it works | 21:08 |
alee | jaosorior, but I'd like to know -- what should it be reading to have the config read on the gate and also set up locally | 21:08 |
alee | because the patchset originally changed barbican-functional.conf | 21:09 |
alee | so it could run locally | 21:09 |
kfarr | zigo, I pushed the tagged release to gerrit, but in the past it hasn't been releasing automatically to pypi. I'll have to ask redrobot for a manual release | 21:09 |
alee | so maybe it needs both ?? | 21:09 |
kfarr | redrobot, ping | 21:09 |
redrobot | kfarr pong | 21:10 |
kfarr | redrobot, can you please do a manual release for castellan through launchpad, I don't think it's automatically going to pypi for whatever reason | 21:10 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs https://review.openstack.org/220409 | 21:11 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin https://review.openstack.org/220011 | 21:11 |
openstackgerrit | Juan Antonio Osorio Robles proposed openstack/barbican: Use barbican.conf instead of barbican-api.conf https://review.openstack.org/221505 | 21:11 |
kfarr | redrobot, I tagged the release through gerrit already | 21:11 |
redrobot | kfarr sure thing... we should get that autorelease job fixed up though. | 21:11 |
kfarr | thanks redrobot! zigo, castellan 0.2.1 is out, do we need that in global requirements, too? | 21:12 |
redrobot | kfarr zigo https://pypi.python.org/pypi/castellan/0.2.1 | 21:13 |
zigo | kfarr: redrobot: Thanks so much !!! | 21:15 |
jaosorior | dave-mccowan: But yeah. Normally we add and read configurations for the functional tests from barbican-functional.conf | 21:16 |
jaosorior | dave-mccowan: Thing is, I needed to know which exact backend is configured on the server side, so I did it by importing barbican.plugin.interface.certificate_manager in line 24 of this file https://review.openstack.org/#/c/220409/12/functionaltests/api/v1/functional/test_cas.py | 21:17 |
*** alee_ has quit IRC | 21:17 | |
*** alee has quit IRC | 21:18 | |
jaosorior | there is where the certificate configuration is defined on the server side, which will also extend the global configuration file for the server (that's done in barbiacan.common.config)... which actually reads the file | 21:18 |
jaosorior | and it should be taking by default /etc/barbican/barbican.conf | 21:18 |
jaosorior | although if that is not present, it also accepts ~/barbican.conf if I recall correctly | 21:19 |
jaosorior | dave-mccowan: Does that make sense? | 21:19 |
dave-mccowan | jaosorior yep. i'll hook up the debugger to check what file my setup is reading. | 21:21 |
jaosorior | dave-mccowan: Alright. | 21:23 |
jaosorior | Well, I gotta go now | 21:27 |
*** jaosorior has quit IRC | 21:27 | |
*** silos1 has joined #openstack-barbican | 21:38 | |
*** silos1 has left #openstack-barbican | 21:38 | |
*** diazjf has left #openstack-barbican | 21:50 | |
*** jamielennox|away is now known as jamielennox | 21:51 | |
*** Antonwoods has quit IRC | 21:56 | |
*** woodster_ has quit IRC | 21:59 | |
*** Antonwoods has joined #openstack-barbican | 21:59 | |
*** Antonwoods is now known as Anton | 21:59 | |
*** Anton is now known as Guest27402 | 21:59 | |
zigo | kfarr: redrobot: Castellan uploaded to Debian Experimental (it will go through the FTP master NEW queue before being accepted). | 22:09 |
zigo | Thanks again. | 22:09 |
* zigo returns to building glance | 22:09 | |
*** Guest27402 has quit IRC | 22:11 | |
*** edtubill has quit IRC | 22:14 | |
*** spotz is now known as spotz_zzz | 22:16 | |
*** diazjf has joined #openstack-barbican | 22:23 | |
*** jhfeng has quit IRC | 22:34 | |
*** kfarr has quit IRC | 22:41 | |
*** pglass has quit IRC | 22:44 | |
*** Antonwoods has joined #openstack-barbican | 22:59 | |
*** Antonwoods is now known as Anton | 22:59 | |
*** Anton is now known as Guest34070 | 22:59 | |
*** Guest34070 has quit IRC | 23:01 | |
*** Antonwoods has joined #openstack-barbican | 23:01 | |
*** dimtruck is now known as zz_dimtruck | 23:18 | |
*** alee has joined #openstack-barbican | 23:21 | |
*** alee_ has joined #openstack-barbican | 23:22 | |
*** chlong has quit IRC | 23:27 | |
*** chlong has joined #openstack-barbican | 23:28 | |
*** Antonwoods has quit IRC | 23:29 | |
*** vivek-ebay has joined #openstack-barbican | 23:36 | |
*** Antonwoods has joined #openstack-barbican | 23:53 | |
*** Antonwoods is now known as Anton | 23:53 | |
*** Anton is now known as Guest76787 | 23:53 | |
*** woodster_ has joined #openstack-barbican | 23:57 | |
*** Guest76787 has quit IRC | 23:58 | |
*** ccneill has quit IRC | 23:58 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!