Tuesday, 2015-09-08

*** kebray has joined #openstack-barbican00:17
*** vivek-ebay has joined #openstack-barbican01:17
*** vivek-ebay has quit IRC01:22
*** yuanying has quit IRC01:32
*** yuanying has joined #openstack-barbican01:35
*** tkelsey has joined #openstack-barbican01:46
*** tkelsey has quit IRC01:51
*** david-ly_ has joined #openstack-barbican01:51
*** yuanying has quit IRC01:52
*** yuanying has joined #openstack-barbican01:53
*** david-lyle has quit IRC01:54
*** yuanying has quit IRC02:01
*** yuanying has joined #openstack-barbican02:01
*** yuanying has quit IRC02:02
*** yuanying has joined #openstack-barbican02:13
openstackgerritPradeep Kumar Singh proposed openstack/barbican: Make tests in barbican.tests.plugin py3 compatible  https://review.openstack.org/21609302:15
*** yuanying has quit IRC02:15
*** yuanying has joined #openstack-barbican02:38
*** vivek-ebay has joined #openstack-barbican02:49
*** yuanying has quit IRC02:50
*** yuanying has joined #openstack-barbican02:54
*** dave-mcc_ has quit IRC02:58
openstackgerritFernando Diaz proposed openstack/barbican: Use testr for running functional tests and documentation  https://review.openstack.org/21811703:25
*** yuanying_ has joined #openstack-barbican03:42
*** yuanying has quit IRC03:44
*** tkelsey has joined #openstack-barbican03:48
*** tkelsey has quit IRC03:52
*** jamielennox is now known as jamielennox|away03:56
*** vivek-eb_ has joined #openstack-barbican04:10
*** vivek-ebay has quit IRC04:13
*** vivek-eb_ is now known as vivek04:14
*** vivek is now known as Guest7918804:14
*** kebray has quit IRC04:18
*** kebray has joined #openstack-barbican04:18
*** Guest79188 has quit IRC04:23
*** kebray_ has joined #openstack-barbican04:41
*** kebray has quit IRC04:43
*** vivek has joined #openstack-barbican05:20
*** vivek is now known as Guest4609505:20
*** Guest46095 has quit IRC05:24
*** Nirupama has joined #openstack-barbican05:38
*** vivek has joined #openstack-barbican05:54
*** vivek is now known as Guest107105:54
*** pksingh has quit IRC06:05
*** shohel has joined #openstack-barbican06:16
*** Guest1071 has quit IRC06:17
*** kebray_ has quit IRC06:59
*** tkelsey has joined #openstack-barbican07:24
*** chlong has quit IRC07:56
*** everjeje has joined #openstack-barbican08:29
*** shohel has quit IRC08:29
*** shohel has joined #openstack-barbican08:29
*** shohel has quit IRC08:51
*** shohel has joined #openstack-barbican08:52
*** darrenmoffat has quit IRC09:09
*** darrenmoffat has joined #openstack-barbican09:10
*** jaosorior has joined #openstack-barbican10:23
*** jaosorior has quit IRC10:24
*** jaosorior has joined #openstack-barbican10:24
*** shohel1 has joined #openstack-barbican10:30
*** shohel has quit IRC10:33
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs  https://review.openstack.org/22040910:41
*** jaosorior has quit IRC10:54
*** peter-hamilton has joined #openstack-barbican10:57
*** DTadrzak has joined #openstack-barbican10:57
*** jaosorior has joined #openstack-barbican10:59
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs  https://review.openstack.org/22040911:03
*** shohel1 has quit IRC11:05
*** shohel has joined #openstack-barbican11:05
*** jaosorior has quit IRC11:27
*** jaosorior has joined #openstack-barbican11:27
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs  https://review.openstack.org/22040912:02
*** shohel has quit IRC12:02
*** shohel has joined #openstack-barbican12:02
*** Nirupama has quit IRC12:14
*** dave-mccowan has joined #openstack-barbican12:18
*** chlong has joined #openstack-barbican12:22
*** lisaclark1 has joined #openstack-barbican12:25
*** alee has quit IRC12:25
*** alee_ has quit IRC12:25
*** SheenaG has joined #openstack-barbican12:35
*** SheenaG has left #openstack-barbican12:35
*** jhfeng has quit IRC12:42
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs  https://review.openstack.org/22040912:53
*** nelsnelson has joined #openstack-barbican12:58
*** spotz_zzz is now known as spotz12:59
*** lisaclark1 has quit IRC13:06
*** woodster_ has joined #openstack-barbican13:13
*** lisaclark1 has joined #openstack-barbican13:15
*** kfarr has joined #openstack-barbican13:17
jaosoriorkfarr: I think that CR is pretty much set.13:22
kfarrjaosorior, ok :)13:22
jaosoriorkfarr: The one after that is pretty trivial too. If you have time to check it out :D13:23
*** lisaclark1 has quit IRC13:23
jaosoriorkfarr: https://review.openstack.org/#/c/220563/13:26
*** lisaclark1 has joined #openstack-barbican13:26
kfarrjasorior, I'm looking at it!  Today's a great day to review sub-CA code13:26
jaosoriorhaha yay :D13:27
*** shohel has quit IRC13:29
*** alee has joined #openstack-barbican13:30
*** alee_ has joined #openstack-barbican13:31
*** shohel has joined #openstack-barbican13:34
*** lisaclark1 has quit IRC13:35
aleejaosorior, ping13:38
aleekfarr, thanks for reviews -- I'm going to address your comments on Oz last patch right now.13:38
aleedave-mccowan, it would be great if you could add quota support to subcas.13:40
jaosorioralee: pong13:40
jaosorioralee: Which patch?13:40
aleejaosorior, hey - validator patch13:41
aleewasn't sure if you were around :)13:41
dave-mccowanalee sound good.  i'll do it.13:41
aleejaosorior, but if you are - please feel free to address13:41
aleedave-mccowan, thanks!13:41
jaosorioralee: I'll do it. I'm just waiting for this patch to finish execution in the gate: https://review.openstack.org/#/c/220409/813:42
aleejaosorior, thats the funcitonal tests one, right?13:43
jaosorioralee: Yep. Should be passing now13:44
aleejaosorior, we need to disable a few of the tests for dogtag13:44
aleeunless you did that ..13:44
jaosorioralee: I did13:44
jaosorioralee: three patches are disabled since the dogtag plugin still lacks that functionality13:44
jaosorioralee: * tests, not patches13:45
aleejaosorior, ok I see what you did - that works13:46
jaosoriorAAaand it passes now13:46
aleejaosorior, I still see a coverage failure?13:47
dave-mccowanwhat's the trick to getting snake oil configure to run?  i uncommented the 3 lines at the bottom of barbican.conf and i set enabled_certificate_plugins = snakeoil_ca.  but GET /v1/cas still returns []13:47
jaosorioralee: So it seems. I'll check it out after addressing kfarr's comments13:47
aleedave-mccowan, you have to send in a cert request first13:48
aleedave-mccowan, the cas table gets populated by an initial cert request13:48
aleedave-mccowan, I'd like to change that perhaps - but thats the way it goes right now.13:48
dave-mccowanalee doesn't a user need to know the ca id to make a cert request?13:49
aleedave-mccowan, no13:49
aleedave-mccowan,  it will go to the default or first ca13:49
aleeand then all the ca plugins will be updated13:49
jaosorioralee: wouldn't doing a GET to /v1/cas/get-preferred also populate it?13:49
aleedave-mccowan, https://review.openstack.org/#/c/219412/713:50
aleequickstart docs13:50
aleejaosorior, I wouldn't think so offhand13:50
aleethere is a function refresh_cas() or somesuch that is called.13:50
aleerefresh_ca_table()13:52
aleewhich is only called on issue_cert_request() right now13:52
dave-mccowanalee thanks.  i'd like to see that changed too.  and that doc change merged.  a couple folks at my company ran into this, and the current docs don't highlight that behavior, like your patch set does.13:54
aleejaosorior, yeah - I tried to fix that coverage problem but my attempt doesn't seem to have worked13:54
aleedave-mccowan, agreed - please +1 the docs patch :)13:54
aleedave-mccowan, and yeah -once this set of patches gets merged, I'll look into changing that somehow.13:55
jaosorioralee: Where was it that the coverage failed again?13:55
aleejaosorior, barbican/plugin/snakeoil_ca.py (96.1%): Missing lines 228-23013:55
aleejaosorior, case where subca already exists and is read on startup13:56
aleejaosorior, I tried creating a cert/key file in the tmpdir , but that didn't work13:57
jaosorioralee: Aaah...that13:57
aleejaosorior, so yeah - if you have any thoughts on how to fix that - that would be super.13:57
aleemore likely than not, that should be fixed on the previous patch though13:57
aleeie. the one that adds snakeoil plugin13:57
jaosorioryeah... I still don't figure out why it fails13:58
*** lisaclark1 has joined #openstack-barbican13:58
aleejaosorior, initially, it did not fail on my system because I had stuff under /etc/barbican/snakeoil-cas13:58
openstackgerritMerged openstack/barbican: Support for creation of subordinate CAs  https://review.openstack.org/21941113:59
aleeso I really don't know if its actually using the tmpdir13:59
aleewoohoo! one down13:59
aleedave-mccowan, I see you took bug 147724014:01
openstackbug 1477240 in Barbican "snakeoil plugin needs input CSR base64 decoded" [Undecided,Confirmed] https://launchpad.net/bugs/1477240 - Assigned to Dave McCowan (dave-mccowan)14:01
dave-mccowanalee yea.  i can fix the unit tests on your patch, if you'd like.14:01
aleedave-mccowan, I fixed this in  https://review.openstack.org/#/c/220409/14:02
aleedave-mccowan, needed to do this to run the functional tests correctly14:02
jaosorioralee: Ah! I'll mark it there then14:03
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: API documentation for CAs interface  https://review.openstack.org/21941214:04
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Add validators for new CA creations  https://review.openstack.org/22056314:04
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs  https://review.openstack.org/22040914:04
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin  https://review.openstack.org/22001114:04
dave-mccowanalee does the one-line need to go to kilo too?14:04
aleedave-mccowan, well its one line + fixes to the unit tests14:04
aleedave-mccowan, but probably yes14:05
jaosorioralee: Can you +2 the following CR? https://review.openstack.org/#/c/205059/ that's needed to get the kilo gate working14:05
*** lisaclark1 has quit IRC14:05
aleejaosorior, looking14:05
jaosoriorkfarr: Addressed your comments in the validator CR14:07
aleejaosorior, hockeynut_afk , dave-mccowan whats the deal with the gate failures for the patch?14:09
aleehttps://review.openstack.org/#/c/20505914:09
jaosorioralee: You mean the dogtag gate failures? That patch is the requirements to get the dogtag gate fix patches we've been meaning to put into the stable/kilo branch for a while14:10
jaosorior* requirement14:11
dave-mccowanalee in "stable" kilo, infra changed under us.  Mock changed to a new version and Tempest changed to a new version and something else changes with docs.  this super-patch is mostly a mash of 3 other CRs that all needed to go together to fix the gates.14:11
aleejaosorior, ok - so I can ignore those then -- what about gate-barbican-devstack-dsvm-new ?14:11
jaosoriorI don't know if the new changes for the gate are enabled in the stable/kilo gate14:11
dave-mccowanalee rm_work is working on -new gates.  he has some more work to do, so the -new is liberty and newer only.14:12
aleeok14:12
dave-mccowanalee he wrote code to use the new devstack plugin feature to make barbican easier to use with devstack.14:12
dave-mccowanjaosorior they shouldn't be.  i -1ed his patch to project-infra until he makes it not apply to stable/kilo.14:14
aleedave-mccowan, jaosorior looks like redrobot beat me to it14:14
aleekfarr, thanks for review of https://review.openstack.org/#/c/220563/14:16
jaosorioralee: what are you referring to?14:17
aleejaosorior, validators patch14:17
aleejaosorior, I'm going to wait for gate results and then will workflow it14:17
jaosorioralee: I meant when you said that redrobot beat you to it14:17
aleejaosorior, infra patch14:17
jaosoriorI see14:18
jaosoriorThanks redrobot :D14:18
*** shohel has quit IRC14:18
redroboto/14:18
aleeredrobot, you know, redrobot - as you're in a reviewing mood ..14:19
aleeredrobot, https://review.openstack.org/#/c/219412 is a nice easy one to workflow14:22
*** edtubill has joined #openstack-barbican14:33
*** pglass has joined #openstack-barbican14:35
jaosoriorkfarr: Are you around?14:42
kfarrjaosorior, yup!14:42
jaosoriorkfarr: Got some workflows for this CR and the subsequent ones? https://review.openstack.org/#/c/205039/ they are part of a series to fix the dogtag gate in the stable/kilo branch14:43
jaosoriorkfarr: They are backported from the master branch directly14:43
kfarrjaosorior, will take a look14:43
*** jhfeng has joined #openstack-barbican14:45
jaosoriorkfarr: Sure. Initially the first patch (The one I referred you to) had fixed that gate; But some changes to dogtag required the subsequent patches14:45
*** david-ly_ is now known as david-lyle14:53
jaosoriorkfarr: Anyway, the last patch should be the fix: https://review.openstack.org/#/c/205042/ and as you can see it actually makes the dogtag gate pass. But the patches before it are needed14:54
*** lisaclark1 has joined #openstack-barbican14:58
*** everjeje has quit IRC15:02
*** kfarr has quit IRC15:07
*** kfarr has joined #openstack-barbican15:10
*** lisaclark1 has quit IRC15:22
*** lisaclark1 has joined #openstack-barbican15:33
dave-mccowanredrobot is the container put blueprint a priority for liberty, or are we going to push it? https://review.openstack.org/#/c/207249/15:37
*** edtubill has left #openstack-barbican15:45
*** edtubill has joined #openstack-barbican15:45
jaosoriorAny workflows for this? https://review.openstack.org/#/c/219412/15:51
jaosoriorkfarr: Thanks for the comments on the dogtag related fixes. I added the "cherry-picked from" flag15:52
*** lisaclark1 has quit IRC15:53
*** lisaclark1 has joined #openstack-barbican15:56
*** diazjf has joined #openstack-barbican16:00
*** lisaclark1 has quit IRC16:02
*** gyee has joined #openstack-barbican16:03
openstackgerritMerged openstack/barbican: Add validators for new CA creations  https://review.openstack.org/22056316:05
*** ccneill has joined #openstack-barbican16:05
*** vivek has joined #openstack-barbican16:06
*** vivek is now known as Guest346016:06
jaosoriorHey people. I decided to nominate dave-mccowan for Barbican core: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html Bring those +1's16:11
jaosorioralee, redrobot, woodster_, kfarr ^^16:11
aleejaosorior, dave-mccowan done16:14
*** rm_mobile has joined #openstack-barbican16:19
*** rm_mobile has quit IRC16:19
*** rm_mobile has joined #openstack-barbican16:19
*** jaosorior has quit IRC16:21
*** diazjf has quit IRC16:25
*** Guest3460 has quit IRC16:26
*** silos has joined #openstack-barbican16:28
*** diazjf has joined #openstack-barbican16:30
*** kebray has joined #openstack-barbican16:31
*** kebray has quit IRC16:34
*** lisaclark1 has joined #openstack-barbican16:39
*** kebray has joined #openstack-barbican16:42
*** lisaclark1 has quit IRC16:44
*** lisaclark1 has joined #openstack-barbican16:51
*** diazjf has quit IRC16:57
*** everjeje has joined #openstack-barbican17:00
*** lisaclark1 has quit IRC17:01
*** lisaclark1 has joined #openstack-barbican17:03
*** kfarr has quit IRC17:04
*** kebray has quit IRC17:04
*** diazjf has joined #openstack-barbican17:05
*** lisaclark2 has joined #openstack-barbican17:07
*** lisaclark2 has quit IRC17:07
*** lisaclark1 has quit IRC17:09
*** vivek has joined #openstack-barbican17:12
*** vivek has quit IRC17:12
*** rm_mobile has quit IRC17:18
*** peter-hamilton has quit IRC17:19
*** nelsnelson has quit IRC17:34
*** nelsnelson has joined #openstack-barbican17:39
*** ccneill has quit IRC17:45
*** pglass has quit IRC17:49
*** pglass has joined #openstack-barbican17:49
*** ccneill has joined #openstack-barbican17:57
*** nelsnelson has quit IRC17:59
*** SheenaG has joined #openstack-barbican18:00
*** SheenaG has left #openstack-barbican18:00
diazjfelmiko, can you share the patch for sahara that you are working on? kfarr, added this https://review.openstack.org/#/c/220850/ to enable rekey is future swift keymaster code.\18:02
*** nelsnelson has joined #openstack-barbican18:03
elmikodiazjf: yea, 1sec, sorry i missed you last week. you logged off just before i uploaded my patch18:04
elmikodiazjf: https://review.openstack.org/#/c/220680/18:04
diazjfelmiko, no worries, thanks alot!!18:07
elmikodiazjf: no problem, ping me if you have any questions or comments18:10
diazjfelmiko, thanks, I will look over the code in a few. BTW does your implementation use Barbican as a key manager?18:11
elmikodiazjf: our impl allows for either barbican or our sahara key manager. by default we are using our own key manager.18:12
elmikothis is based on our needs for backward compatibility, and not placing the barbican requirement on our end-users18:12
elmikothe main reason we chose to use castellan is that it provides a nice abstraction for whichever key manager backend we need18:13
diazjfelmiko, how are you able to choose?18:16
elmikodiazjf: you can change the key manager by adjusting the "api_class" configuration value.18:18
elmikolook at the castellan docs, https://github.com/openstack/castellan/blob/master/doc/source/usage.rst18:18
elmikosee "Example. Changing the key manager provider while using the global configuration."18:19
diazjfelmiko, will do thanks!18:22
*** openstackgerrit has quit IRC18:31
*** openstackgerrit has joined #openstack-barbican18:31
rm_workwoo Castellan doing what it is supposed to do :P18:38
*** jhfeng has quit IRC18:41
*** jhfeng has joined #openstack-barbican18:44
elmikorm_work: yea =)18:47
rm_workso if you guys needed certificates, you'd still be a great use-case for castellan-certs18:47
rm_workbut i guess you do not?18:47
rm_worksince you do/did have a way for users to input certs directly to you, so it does make some sense for flipping from your DB to barbican18:48
elmikocurrently, we are just trying to offload password type secrets. we might have use for the certificate stuff in the future though/18:55
*** ccneill_ has joined #openstack-barbican19:05
*** ccneill has quit IRC19:05
*** pglass has quit IRC19:06
*** ccneill_ is now known as ccneill19:06
*** ccneill_ has joined #openstack-barbican19:07
*** ccneill has quit IRC19:11
*** kebray has joined #openstack-barbican19:20
*** kebray has quit IRC19:20
*** silos has left #openstack-barbican19:21
*** kebray has joined #openstack-barbican19:21
*** kfarr has joined #openstack-barbican19:26
*** kebray has quit IRC19:36
aleekfarr, ping19:52
kfarralee, pong!19:52
aleekfarr, hey - can you look at https://review.openstack.org/#/c/220011/ ?19:52
aleekfarr, and then https://review.openstack.org/#/c/220409/ ?19:53
kfarralee, ok, I will take a look!19:53
aleekfarr, thanks!19:53
openstackgerritMerged openstack/barbican: API documentation for CAs interface  https://review.openstack.org/21941220:05
*** tkelsey has quit IRC20:07
*** silos has joined #openstack-barbican20:10
*** silos has left #openstack-barbican20:10
*** pglass has joined #openstack-barbican20:20
*** Guest99551 has joined #openstack-barbican20:23
Guest99551hi20:23
redrobothi Guest9955120:23
*** ccneill has joined #openstack-barbican20:24
dave-mccowanalee you need to add project_id to cert_resources.create_subordinate_ca() in 22001120:24
dave-mccowanalee (or i need to) :-)  quota support on the way.20:24
aleedave-mccowan, looking ..20:24
dave-mccowanalee nevermind.  it's there as project.20:25
aleedave-mccowan, ok good :)20:25
*** ccneill_ has quit IRC20:27
*** Guest99551 has quit IRC20:28
*** Anton12345 has joined #openstack-barbican20:45
*** Anton12345 has quit IRC20:46
dave-mccowanalee are the snakeoil functional tests working now?20:47
dave-mccowanalee (for subcas)20:47
aleedave-mccowan, theyshould be yes20:47
aleedave-mccowan, they should be yes20:47
*** Antonwoods has joined #openstack-barbican20:47
aleedave-mccowan, https://review.openstack.org/#/c/220409/20:48
dave-mccowanalee do i need to change a config setting to unskip them?20:48
aleedave-mccowan, so they are not yet merged -- see above patch (and one before that)20:49
aleedave-mccowan, but with those patches merged, they would be running20:49
dave-mccowanalee i did a git review -d 220409 to start.  i'm basing my quota contribution on top of them.20:50
aleedave-mccowan, ok good20:50
aleedave-mccowan, so they should just run -- against the snakeoil ca20:50
*** Antonwoods has quit IRC20:51
*** jaosorior has joined #openstack-barbican20:52
dave-mccowanfor me, the skipIf check passes (not snakeoil) and they are skipped.20:52
dave-mccowanalee and if i comment out that, only simple_certificate is showing up in my cas list.20:53
zigoHi !20:53
*** Antonwoods has joined #openstack-barbican20:53
zigoIs there anyone working on Castellan here?20:53
zigoI got packaging issues that must be solved upstream ASAP.20:53
jaosoriordave-mccowan: What's up?20:53
dave-mccowanjaosorior when i try to run the functional tests you added (and the new ones i added) all the snakeoil ones are skipped.20:54
dave-mccowanjaosorior when i force them to run (by commenting out skipIfs), snakeoil is not in my cas list.20:55
jaosoriorOoook20:55
jaosoriorthat's weird20:55
zigoTo make things short: could someone urgently release a new version of castellan ?20:56
dave-mccowando functional tests read barbican.conf?20:56
*** reaperhulk has quit IRC20:56
*** reaperhulk has joined #openstack-barbican20:56
jaosoriorThey should with the change I added20:56
zigoOtherwise, it's going to be difficult for me to build Glance which depends on it.20:56
dave-mccowanzigo you need to ask kfarr20:56
jaosoriorredrobot, kfarr: ^^20:57
zigodave-mccowan: Thanks !20:57
zigoI just spoke to redrobot in the #openstack-glance channel, as I bumped into castellan doing the Liberty b3 package of Glance for Debian.20:57
kfarrHey zigo, I will take a look, what is the issue?20:57
dave-mccowanjaosorior which one does it read?  /etc/barbican or from the tree?20:58
zigokfarr: The requirements.txt of Castellan are basically those of Kilo ...20:58
zigokfarr: Things like pbr<1.020:58
jaosoriordave-mccowan: It should be reading /etc/barbican20:58
rm_workjaosorior: i thought they normally read from barbican-functional.conf, is that merging?20:58
zigokfarr: I can't use that if I don't heavily patch it.20:58
zigokfarr: So basically, just please release what's in master.20:58
jaosoriorI mean /etc/barbican/barbican.conf20:58
zigokfarr: Requirements.txt in master is in line with the rest of OpenStack as much as I can see.20:59
aleeyeah - should be reading from barbican-functional.conf20:59
jaosoriorrm_work: It read the one you mention. But if you import barbican.common.config you can actually read what's given to the serer20:59
aleejaosorior, you mean /etc/barbican/barbican-functional.conf , right?20:59
jaosoriorno20:59
zigo(I didn't look deep, just from top of my head after doing approx 50 package upload for Liberty B3 so far...)20:59
kfarrzigo, I will work on a release, one second21:00
zigokfarr: Thanks so much.21:00
zigoI'll put Glance and Castellan packaging on hold until then.21:00
jaosoriorThe way I implemented the skipping of tests for in this CR https://review.openstack.org/#/c/220409/11/functionaltests/api/v1/functional/test_cas.py was by reading what plugin does the server have. And that configuration is not in the barbican-functional.conf21:00
zigoAnd I'll work on something else.21:00
zigo(probably horizon and its xstatic dependencies)21:00
jaosoriorso I needed to read what's it /etc/barbican/barbican.conf which is the server configuration21:00
aleejaosorior, you are running the functional tests using tox -e functional , right?21:02
dave-mccowanjaosorior alee  i see, so now it reads from both.  it works in the gate, but not in my setup.  so i need to figure out what i'm doing differently.21:02
jaosorioralee: I'm talking about the gate21:02
dave-mccowanjaosorior mainly i was asking to make sure it's supposed to be working, before i debug my local setup.21:03
aleejaosorior, so that I understand then, if I am running the functional tests locally then -- using tox -e functional  , what config file do I need to have set up?21:04
dave-mccowanbefore adding subcas, how many CAs should be in my list?  2  (simple_certificate and snakeoil)21:04
aleeyes21:05
jaosoriorActually21:05
jaosoriorI think there's a bug21:06
jaosoriorit might be getting it from somewhere else21:06
jaosoriordue to this https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L13421:06
jaosoriorI mean, this: https://github.com/openstack/barbican/blob/master/barbican/common/config.py#L13621:06
jaosoriorit's still looking for barbican-api.conf21:06
aleesorry - guys I need to head offline right now .. back in a few hours21:07
jaosorioralee: Have a good one21:07
aleejaosorior, please send me an email with what you find.21:07
aleejaosorior, I suspect that this might impact the strange coverage thing perhaps.21:07
jaosorioralee: I will submit a patch and lets see how it works21:08
aleejaosorior, but I'd like to know -- what should it be reading to have the config read on the gate and also set up locally21:08
aleebecause the patchset originally changed barbican-functional.conf21:09
aleeso it could run locally21:09
kfarrzigo, I pushed the tagged release to gerrit, but in the past it hasn't been releasing automatically to pypi.  I'll have to ask redrobot for a manual release21:09
aleeso maybe it needs both ??21:09
kfarrredrobot, ping21:09
redrobotkfarr pong21:10
kfarrredrobot, can you please do a manual release for castellan through launchpad, I don't think it's automatically going to pypi for whatever reason21:10
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Added functional tests for creating CAs  https://review.openstack.org/22040921:11
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Add subca functionality to snakeoil plugin  https://review.openstack.org/22001121:11
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Use barbican.conf instead of barbican-api.conf  https://review.openstack.org/22150521:11
kfarrredrobot, I tagged the release through gerrit already21:11
redrobotkfarr sure thing...  we should get that autorelease job fixed up though.21:11
kfarrthanks redrobot!  zigo, castellan 0.2.1 is out, do we need that in global requirements, too?21:12
redrobotkfarr zigo  https://pypi.python.org/pypi/castellan/0.2.121:13
zigokfarr: redrobot: Thanks so much !!!21:15
jaosoriordave-mccowan: But yeah. Normally we add and read configurations for the functional tests from barbican-functional.conf21:16
jaosoriordave-mccowan: Thing is, I needed to know which exact backend is configured on the server side, so I did it by importing barbican.plugin.interface.certificate_manager in line 24 of this file https://review.openstack.org/#/c/220409/12/functionaltests/api/v1/functional/test_cas.py21:17
*** alee_ has quit IRC21:17
*** alee has quit IRC21:18
jaosoriorthere is where the certificate configuration is defined on the server side, which will also extend the global configuration file for the server (that's done in barbiacan.common.config)... which actually reads the file21:18
jaosoriorand it should be taking by default /etc/barbican/barbican.conf21:18
jaosorioralthough if that is not present, it also accepts ~/barbican.conf if I recall correctly21:19
jaosoriordave-mccowan: Does that make sense?21:19
dave-mccowanjaosorior yep.  i'll hook up the debugger to check what file my setup is reading.21:21
jaosoriordave-mccowan: Alright.21:23
jaosoriorWell, I gotta go now21:27
*** jaosorior has quit IRC21:27
*** silos1 has joined #openstack-barbican21:38
*** silos1 has left #openstack-barbican21:38
*** diazjf has left #openstack-barbican21:50
*** jamielennox|away is now known as jamielennox21:51
*** Antonwoods has quit IRC21:56
*** woodster_ has quit IRC21:59
*** Antonwoods has joined #openstack-barbican21:59
*** Antonwoods is now known as Anton21:59
*** Anton is now known as Guest2740221:59
zigokfarr: redrobot: Castellan uploaded to Debian Experimental (it will go through the FTP master NEW queue before being accepted).22:09
zigoThanks again.22:09
* zigo returns to building glance22:09
*** Guest27402 has quit IRC22:11
*** edtubill has quit IRC22:14
*** spotz is now known as spotz_zzz22:16
*** diazjf has joined #openstack-barbican22:23
*** jhfeng has quit IRC22:34
*** kfarr has quit IRC22:41
*** pglass has quit IRC22:44
*** Antonwoods has joined #openstack-barbican22:59
*** Antonwoods is now known as Anton22:59
*** Anton is now known as Guest3407022:59
*** Guest34070 has quit IRC23:01
*** Antonwoods has joined #openstack-barbican23:01
*** dimtruck is now known as zz_dimtruck23:18
*** alee has joined #openstack-barbican23:21
*** alee_ has joined #openstack-barbican23:22
*** chlong has quit IRC23:27
*** chlong has joined #openstack-barbican23:28
*** Antonwoods has quit IRC23:29
*** vivek-ebay has joined #openstack-barbican23:36
*** Antonwoods has joined #openstack-barbican23:53
*** Antonwoods is now known as Anton23:53
*** Anton is now known as Guest7678723:53
*** woodster_ has joined #openstack-barbican23:57
*** Guest76787 has quit IRC23:58
*** ccneill has quit IRC23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!