Tuesday, 2015-10-06

« Monday, 2015-10-05 Index Wednesday, 2015-10-07 »
*** zz_dimtruck is now known as dimtruck00:16
*** kebray has quit IRC00:32
*** mixos has joined #openstack-barbican00:44
*** dimtruck is now known as zz_dimtruck00:54
*** zz_dimtruck is now known as dimtruck00:55
*** gyee has quit IRC00:57
*** su_zhang_ has quit IRC00:59
*** jhfeng has joined #openstack-barbican01:08
*** mixos has quit IRC01:17
*** vivek-ebay has quit IRC01:18
*** vivek-ebay has joined #openstack-barbican01:18
*** dimtruck is now known as zz_dimtruck01:21
*** mixos has joined #openstack-barbican01:46
*** stevemar_ has quit IRC01:59
*** stevemar_ has joined #openstack-barbican02:00
*** kebray has joined #openstack-barbican02:18
*** jhfeng has quit IRC02:24
*** stevemar_ has quit IRC02:41
*** stevemar_ has joined #openstack-barbican02:42
*** stevemar_ has quit IRC02:43
*** stevemar_ has joined #openstack-barbican02:43
*** dave-mccowan has quit IRC02:44
*** jamielennox has quit IRC02:51
*** kebray has quit IRC03:02
*** jhfeng has joined #openstack-barbican03:07
*** vivek-ebay has quit IRC03:11
*** jamielennox has joined #openstack-barbican03:13
*** kebray has joined #openstack-barbican03:18
*** kebray has quit IRC03:18
*** kebray has joined #openstack-barbican03:18
*** stevemar_ has quit IRC03:21
*** stevemar_ has joined #openstack-barbican03:22
*** su_zhang_ has joined #openstack-barbican03:27
*** su_zhang_ has quit IRC03:27
*** su_zhang_ has joined #openstack-barbican03:28
*** jhfeng has quit IRC03:43
*** vivek-ebay has joined #openstack-barbican04:11
*** jaosorior has joined #openstack-barbican04:39
*** su_zhang_ has quit IRC04:40
*** xaeth_afk is now known as xaeth04:51
jaosoriorredrobot: Still awake?04:55
*** morgan has quit IRC05:02
*** redrobot has quit IRC05:03
*** atiwari1 has joined #openstack-barbican05:03
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Add RBAC docs for Cloud Administrator Guide  https://review.openstack.org/23122205:03
*** atiwari has quit IRC05:03
*** vivek-ebay has quit IRC05:06
*** morgan has joined #openstack-barbican05:06
*** redrobot has joined #openstack-barbican05:08
*** redrobot is now known as Guest2867805:09
stevemar_jaosorior: o/05:39
stevemar_jaosorior: when are you all going to release barbicanclient :)05:39
stevemar_https://github.com/openstack/python-barbicanclient/releases august 24th is old and no bueno05:39
*** xaeth is now known as xaeth_afk05:47
jaosoriorstevemar_ Good question dude, gotta ping redrobot for that05:48
jaosoriorstevemar_ Only thing I'm thinking about is the naming we used for commands; since at the moment they're all the same; both for our CLI and for the OSC plugin05:49
jaosoriorwe recently added ACL support, and that might get confusing in the OSC05:49
*** edtubill has joined #openstack-barbican05:51
stevemar_jaosorior: /me shrugs05:52
stevemar_nothing else went in?05:52
jaosoriorstevemar_ Well, the osc plugin, ACL support, a bunch of CA-related operations and bug-fixes05:53
jaosoriorbut the CA stuff is quite self-explanatory and shouldn't be an issue05:53
* stevemar_ shrugs05:57
stevemar_just thought i'd give you guys a heads up ^_^05:57
jaosoriorstevemar_ I'll ping redrobot about it when he's awake. It's around 1am over there05:58
jaosoriorstevemar_ But thanks. How's stuff otherwise?05:58
stevemar_jaosorior: crazy as always :)05:58
stevemar_jaosorior: how you liking RH?05:58
jaosoriorreally good so far :)05:59
jaosoriorGonna get my red hat this month05:59
stevemar_jaosorior: wear it with pride!06:04
jaosoriorstevemar_ haha sure will :d06:11
jaosorior* :D06:11
*** Nirupama has joined #openstack-barbican06:12
*** stevemar_ has quit IRC06:38
*** jamielennox is now known as jamielennox|away06:41
*** x3k has quit IRC06:42
*** woodster_ has quit IRC06:49
*** kebray has quit IRC07:19
*** edtubill has quit IRC07:37
*** xek_ is now known as xek07:53
*** mixos has quit IRC07:59
*** jaosorior has quit IRC08:48
*** jaosorior has joined #openstack-barbican08:49
*** darrenmoffat has quit IRC09:19
*** darrenmoffat has joined #openstack-barbican09:20
*** pksingh has joined #openstack-barbican09:21
pksinghjaosorior, Hi Good Morning :)09:23
jaosoriorpksingh: Hey, what's up?10:07
*** mmdurrant has quit IRC10:09
*** jamielennox|away is now known as jamielennox10:14
*** dave-mccowan has joined #openstack-barbican10:24
pksinghjaosorior, how's the day?10:39
jaosoriorpksingh: Pretty good, just got back from lunch and now back to coding. How about yours?10:40
pksinghjaosorior, just about to leave from office in 50 minutes10:41
pksinghtodays work ended10:42
jaosoriornot bad!10:42
jaosoriorI still have some hours ahead10:42
jaosoriorBut no worries, there's enough coffee :P10:43
pksinghgreat :)10:44
*** pksingh has quit IRC11:30
*** mmdurrant has joined #openstack-barbican11:59
*** alee_dinner has quit IRC12:24
*** jhfeng has joined #openstack-barbican12:47
*** jhfeng has quit IRC12:59
*** shohel has joined #openstack-barbican13:02
*** jhfeng has joined #openstack-barbican13:13
*** jhfeng has quit IRC13:14
*** dave-mccowan has quit IRC13:19
*** alee has joined #openstack-barbican13:20
*** jhfeng has joined #openstack-barbican13:24
*** woodster_ has joined #openstack-barbican13:25
*** jhfeng has quit IRC13:28
*** Nirupama has quit IRC13:28
*** Praston has joined #openstack-barbican13:34
*** dave-mccowan has joined #openstack-barbican13:34
Guest28678good mornin' barbican! :)14:12
*** Guest28678 is now known as redrobot14:13
*** zz_dimtruck is now known as dimtruck14:19
*** spotz_zzz is now known as spotz14:24
*** stevemar_ has joined #openstack-barbican14:28
*** silos has joined #openstack-barbican14:39
*** jaosorior has quit IRC14:39
*** jaosorior has joined #openstack-barbican14:39
*** xaeth_afk is now known as xaeth14:41
*** edtubill has joined #openstack-barbican14:45
*** mixos has joined #openstack-barbican14:46
*** david-ly_ is now known as david-lyle15:06
*** diazjf has joined #openstack-barbican15:12
*** diazjf has quit IRC15:22
*** Daviey_ has quit IRC15:30
*** Daviey has joined #openstack-barbican15:30
*** kebray has joined #openstack-barbican15:32
*** ccneill has joined #openstack-barbican15:32
openstackgerritArun Kant proposed openstack/python-barbicanclient: Part 3: Adding ACL functional tests.  https://review.openstack.org/20834415:42
arunkantjaosorior, silos: Can you review  ^^^ . Addressed a typo identified by jaosorior in earlier patch.15:44
*** vivek-ebay has joined #openstack-barbican15:49
silosarunkant: looking now15:59
jaosoriorarunkant: +2ed16:04
arunkantthanks jaosorior, silos16:05
*** gyee has joined #openstack-barbican16:12
*** vivek-ebay has quit IRC16:23
*** dimtruck is now known as zz_dimtruck16:34
*** jaosorior has quit IRC16:51
*** jaosorior has joined #openstack-barbican16:52
*** gyee has quit IRC17:05
*** ccneill has quit IRC17:18
*** david-ly_ has joined #openstack-barbican17:21
*** david-lyle has quit IRC17:21
*** david-ly_ is now known as david-lyle17:22
*** kebray has quit IRC17:28
aleedave-mccowan, ping17:40
*** su_zhang has joined #openstack-barbican17:40
*** shohel has quit IRC17:41
dave-mccowanalee pong17:41
aleedave-mccowan, have you played at all with using barbican for volume encryption>17:42
alee?17:42
aleeredrobot, ^^?17:42
dave-mccowanalee not yet, but that is nearing the top of my to-do list.  i definitely want to give it a try.17:43
aleeI'm trying to do it and running into a weird issue - its probably my config , but ..17:43
aleeanyone else here worked with volume encryption?17:44
aleerm_work, jvrbanac_ ?  ^^ I know rellerreller and kfarr have, but they're not here17:44
*** zz_dimtruck is now known as dimtruck17:46
dave-mccowanalee did you find cinder docs somewhere describing how it works?17:46
aleedave-mccowan, http://docs.openstack.org/juno/config-reference/content/section_testing_encryption.html17:47
aleedave-mccowan, there is some config -- I'll let you know when I get it working :)17:48
*** kebray has joined #openstack-barbican17:51
*** dave-mccowan has quit IRC17:54
*** su_zhang_ has joined #openstack-barbican17:58
*** su_zhang has quit IRC18:02
*** vivek-ebay has joined #openstack-barbican18:03
*** vivek-ebay has quit IRC18:03
*** vivek-ebay has joined #openstack-barbican18:04
*** ccneill has joined #openstack-barbican18:04
*** kebray has quit IRC18:05
*** dave-mccowan has joined #openstack-barbican18:07
*** su_zhang_ has quit IRC18:09
*** su_zhang has joined #openstack-barbican18:10
*** diazjf has joined #openstack-barbican18:11
*** gyee has joined #openstack-barbican18:16
*** su_zhang has quit IRC18:38
*** su_zhang has joined #openstack-barbican18:41
*** diazjf has left #openstack-barbican18:42
*** su_zhang has quit IRC18:52
*** kebray has joined #openstack-barbican18:55
*** silos1 has joined #openstack-barbican19:00
*** jaosorior has quit IRC19:00
*** jaosorior has joined #openstack-barbican19:01
*** silos has quit IRC19:04
*** kebray has quit IRC19:08
aleeredrobot, ping19:12
redrobotalee pong19:12
aleeredrobot, is there a way to log any requests going into barbican ?  ie . headers and everythiung ?19:13
aleeredrobot, I'm getting a rather cryptic message ..19:15
aleeOct 06 15:03:31 rdo.rdodom.test uwsgi[11273]: {address space usage: 446566400 bytes/425MB} {rss usage: 75468800 bytes/71MB} [pid: 11279|app: 0|req: 14/14] 192.168.128.3 () {30 vars in 497 bytes} [Tue Oct  6 15:03:31 2015] GET /secrets/5ad957ed-8cff-4168-9b45-2ea9f5797bc7 => generated 54 bytes in 0 msecs (HTTP/1.1 404) 3 headers in 112 bytes (1 switches on core 0)19:15
aleeredrobot, basically its a 404 on a secret I know is there -- would be nice to know what headers etc. are being passed in ..19:15
*** kfarr has joined #openstack-barbican19:28
redrobotalee I don't know a way to do it off the top of my head19:32
redrobotalee I would try making a wsgi middleware to log the requests19:32
redrobotalee or oldschool curl -vv19:33
aleeredrobot, yeah maybe middleware ..19:36
aleekfarr, ping19:37
kfarralee pong!19:40
aleekfarr, hey!  I'm hoping you can solve all my problems!19:41
kfarralee I hope so, too!19:41
aleekfarr, I'm trying to test volume encryption with barbican19:41
aleeand having some problems19:41
kfarralee, oh dear, what sort of problems?19:41
aleekfarr, I think I must be missing something in my config19:42
aleekfarr, so -- when I create an encrypted volume, I see a request come from cinder to create a symmetric key19:42
aleeand I see that key being created in dogtag and a reference returned to barbican19:42
aleeand I see the order being updated and cinder getting the right reference to the order and the secret19:43
aleeI am also able independently to retrieve the secret using a token issued for that project.19:44
aleebut now I try to attach that volume to a nova instance19:44
aleeand I see nova contact barbican19:44
aleeand I see barbican return a 404 for the secret ..19:44
aleewhich makes me think that nova for some reason is not sending a token/ the right token to barbican ..19:45
kfarralee, and you can see that it is using the correct uuid?  Have you tried seeing if you could request the key using either the python client or the command line?19:46
kfarrWhich user are you using?  admin or a regular user?19:46
aleekfarr, admin19:46
aleekfarr, I can see barbican log the request coming in and specifying 404 .  its the correct uuid19:47
aleeand I can retrieve that secret from the command line19:47
aleekfarr, is there any special keystone setup required?19:48
aleetrusts perhaps?19:48
aleekfarr, the only config I have done is in  nova.conf19:49
aleekfarr, [keymgr]19:50
aleeapi_class = nova.keymgr.barbican.BarbicanKeyManager19:50
aleeencryption_auth_url = http://rdo.rdodom.test:5000/v319:50
aleekfarr, what do you have in your nova config?19:50
kfarralee I do not currently have it set up, but I am looking through old notes to see, one sec19:51
kfarralee, you don't have encryption_auth_url specified in cinder?19:53
aleeoh I do ..19:53
aleethat was my nova config ... cinder config is ..19:53
aleekeymgr]19:54
aleeapi_class = cinder.keymgr.barbican.BarbicanKeyManager19:54
aleeencryption_auth_url = http://rdo.rdodom.test:5000/v319:54
kfarralee are you using a default project or one you created?19:55
aleedefault19:55
kfarralee, I do not know the answer immediately, but I can look into it some.  My first guess is something with the auth tokens is not correct19:58
kfarrYou're not using devstack right?  But admin user and default project.  I can try to reproduce19:59
aleekfarr, yup - that would be my guest .. if you take a look, that would be super ..19:59
aleepackstack19:59
aleebut admin user and default project19:59
kfarralee, ok, I will get back to you tomorrow morning because I am working on something else right now!20:00
aleekfarr, super thanks!20:00
aleekfarr, if you get it set up, at least we'll be able to see the difference in our configs20:01
*** su_zhang has joined #openstack-barbican20:08
*** su_zhang has quit IRC20:08
*** kebray has joined #openstack-barbican20:08
*** su_zhang has joined #openstack-barbican20:08
kfarralee does packstack automatically install Barbican, and if not how do I configure it to do so?20:37
aleekfarr, it doesn't - that I know of, but I just install a barbican server on top of it20:42
kfarralee ok, gotcha!20:43
*** jamielennox has quit IRC20:43
*** zigo has quit IRC20:43
*** DuncanT has quit IRC20:43
*** eglute has quit IRC20:43
*** lisaclark_ has quit IRC20:43
*** jraim has quit IRC20:43
*** jroll has quit IRC20:43
*** lbragstad has quit IRC20:43
*** hockeynut has quit IRC20:43
*** jillysciarilly has quit IRC20:43
*** tdink has quit IRC20:43
*** silos1 has left #openstack-barbican20:44
*** jamielennox has joined #openstack-barbican20:46
*** zigo has joined #openstack-barbican20:46
*** DuncanT has joined #openstack-barbican20:46
*** eglute has joined #openstack-barbican20:46
*** lisaclark_ has joined #openstack-barbican20:46
*** jraim has joined #openstack-barbican20:46
*** jroll has joined #openstack-barbican20:46
*** lbragstad has joined #openstack-barbican20:46
*** hockeynut has joined #openstack-barbican20:46
*** jillysciarilly has joined #openstack-barbican20:46
*** tdink has joined #openstack-barbican20:46
*** morgan has quit IRC20:52
*** morgan has joined #openstack-barbican20:52
*** gyee has quit IRC21:01
*** Praston has quit IRC21:11
*** su_zhang has quit IRC21:36
*** gyee has joined #openstack-barbican21:45
*** mixos has quit IRC21:54
*** stevemar_ has quit IRC21:55
*** stevemar_ has joined #openstack-barbican21:56
*** dave-mccowan has quit IRC21:57
*** stevemar_ has quit IRC21:58
*** kfarr has quit IRC22:01
*** xaeth is now known as xaeth_afk22:06
*** stevemar_ has joined #openstack-barbican22:07
*** dimtruck is now known as zz_dimtruck22:07
*** lisaclark has quit IRC22:09
*** lisaclark_ has quit IRC22:09
*** edtubill has quit IRC22:18
*** spotz is now known as spotz_zzz22:23
*** alee has quit IRC22:24
*** su_zhang has joined #openstack-barbican22:25
*** su_zhang has quit IRC22:34
*** stevemar_ has quit IRC22:43
*** stevemar_ has joined #openstack-barbican22:43
*** stevemar_ has quit IRC22:46
*** jhfeng has joined #openstack-barbican22:55
*** lisaclark has joined #openstack-barbican23:03
*** lisaclark_ has joined #openstack-barbican23:03
*** vivek-ebay has quit IRC23:04
*** chlong has quit IRC23:06
*** su_zhang has joined #openstack-barbican23:07
*** vivek-ebay has joined #openstack-barbican23:09
*** alee has joined #openstack-barbican23:14
*** kebray has quit IRC23:43
*** stevemar_ has joined #openstack-barbican23:50
*** dave-mccowan has joined #openstack-barbican23:51
*** jhfeng has quit IRC23:58
*** jhfeng has joined #openstack-barbican23:58
« Monday, 2015-10-05 Index Wednesday, 2015-10-07 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!