Tuesday, 2015-11-10

« Monday, 2015-11-09 Index Wednesday, 2015-11-11 »
*** pdesai has quit IRC00:19
*** everjeje has quit IRC00:27
*** ccneill has quit IRC00:29
*** jamielennox is now known as jamielennox|away00:33
*** jmckind has quit IRC00:37
*** mixos has joined #openstack-barbican00:45
*** mixos has quit IRC01:01
openstackgerritJason Fritcher proposed openstack/barbican-specs: Blueprint defining healthcheck API endpoint.  https://review.openstack.org/20731701:19
*** su_zhang has quit IRC01:25
*** diazjf has joined #openstack-barbican01:40
*** dave-mccowan has quit IRC01:42
*** mixos has joined #openstack-barbican01:50
*** diazjf has quit IRC02:02
*** mixos has quit IRC02:05
*** diazjf has joined #openstack-barbican02:17
*** jamielennox|away is now known as jamielennox02:34
*** dave-mccowan has joined #openstack-barbican02:57
*** yfujioka has quit IRC03:16
*** yuanying has quit IRC03:17
*** dave-mccowan has quit IRC03:22
*** kfarr has quit IRC03:34
*** diazjf has quit IRC03:59
*** david-lyle has joined #openstack-barbican04:07
*** diazjf has joined #openstack-barbican04:13
*** yuanying has joined #openstack-barbican04:14
*** kebray has joined #openstack-barbican04:41
*** jamielennox is now known as jamielennox|away05:01
openstackgerritFernando Diaz proposed openstack/barbican-specs: Blueprint defining user defined metadata for Barbican Secrets  https://review.openstack.org/22999505:15
*** su_zhang has joined #openstack-barbican05:21
*** jaosorior has joined #openstack-barbican05:31
*** gyee has quit IRC05:52
*** su_zhang has quit IRC05:56
*** ig0r__ has quit IRC06:05
*** ig0r__ has joined #openstack-barbican06:10
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Allow tox to be able to run independent functional tests  https://review.openstack.org/24342006:13
*** _edmund has quit IRC06:18
*** jaosorior has quit IRC06:30
*** diazjf has quit IRC06:38
*** kebray has quit IRC06:42
*** kebray has joined #openstack-barbican06:46
*** alee_ has quit IRC06:49
openstackgerritMerged openstack/barbican: Move Key gen script to cmd folder  https://review.openstack.org/23975306:49
*** alee has quit IRC06:52
*** alee_ has joined #openstack-barbican06:52
*** alee has joined #openstack-barbican06:53
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Allow Barbican Secrets to be Updated via File  https://review.openstack.org/24263506:56
*** jaosorior has joined #openstack-barbican07:00
*** woodster_ has quit IRC07:09
*** openstackgerrit has quit IRC07:46
*** openstackgerrit has joined #openstack-barbican07:47
*** zigo has quit IRC08:01
*** zigo has joined #openstack-barbican08:03
openstackgerritPradeep Kumar Singh proposed openstack/barbican: remove default=None for config options  https://review.openstack.org/24344208:09
*** openstackgerrit has quit IRC08:31
*** openstackgerrit has joined #openstack-barbican08:31
*** shohel has joined #openstack-barbican08:33
*** shohel has quit IRC08:47
*** kebray has quit IRC08:56
*** shohel has joined #openstack-barbican09:07
*** jamielennox|away is now known as jamielennox10:24
*** jaosorior has quit IRC10:25
*** jaosorior has joined #openstack-barbican10:25
*** jaosorior has quit IRC10:27
*** jaosorior has joined #openstack-barbican10:27
*** ig0r__ has quit IRC10:40
*** ccneill has joined #openstack-barbican12:39
*** stevemar_ has joined #openstack-barbican13:11
*** everjeje has joined #openstack-barbican13:12
*** ccneill has quit IRC13:13
*** alee has quit IRC13:18
*** alee_ has quit IRC13:19
*** stevemar_ has quit IRC13:20
*** stevemar_ has joined #openstack-barbican13:21
*** nelsnelson has joined #openstack-barbican13:32
*** su_zhang has joined #openstack-barbican13:33
*** woodster_ has joined #openstack-barbican13:56
*** stevemar_ has quit IRC14:04
*** rellerreller has joined #openstack-barbican14:11
*** stevemar_ has joined #openstack-barbican14:13
openstackgerritMerged openstack/barbican: Fix Database Migrations Documentation  https://review.openstack.org/24225014:20
*** mixos has joined #openstack-barbican14:25
*** mixos has quit IRC14:30
*** su_zhang has quit IRC14:30
*** jmckind has joined #openstack-barbican14:31
*** alee has joined #openstack-barbican14:32
*** lisaclark__ has joined #openstack-barbican14:46
*** lisaclark_ has quit IRC14:47
*** lisaclark__ is now known as lisaclark_14:47
*** stevemar_ has quit IRC14:53
*** stevemar_ has joined #openstack-barbican14:54
*** dave-mccowan has joined #openstack-barbican15:08
*** spotz_zzz is now known as spotz15:09
*** edtubill has joined #openstack-barbican15:14
*** jhfeng has joined #openstack-barbican15:17
*** rhagarty_ has quit IRC15:33
*** mixos has joined #openstack-barbican15:37
*** rhagarty has joined #openstack-barbican15:38
*** rhagarty has quit IRC15:40
*** rhagarty has joined #openstack-barbican15:40
*** rhagarty_ has joined #openstack-barbican15:42
*** rhagarty has quit IRC15:45
*** silos has joined #openstack-barbican15:45
*** everjeje has quit IRC15:57
*** woodster_ has quit IRC15:59
*** kebray has joined #openstack-barbican16:01
*** darrenmoffat has quit IRC16:13
*** darrenmoffat has joined #openstack-barbican16:14
*** ccneill has joined #openstack-barbican16:20
*** diazjf has joined #openstack-barbican16:25
*** leecalcote has joined #openstack-barbican16:27
*** leecalcote has quit IRC16:27
*** leecalcote has joined #openstack-barbican16:28
*** jamielennox has quit IRC16:28
*** su_zhang has joined #openstack-barbican16:31
*** su_zhang has quit IRC16:33
*** jamielennox has joined #openstack-barbican16:41
*** gyee has joined #openstack-barbican16:52
*** gyee has quit IRC17:25
*** jmckind is now known as jmckind_17:26
*** leecalcote has quit IRC17:28
*** gyee has joined #openstack-barbican17:28
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Allow Barbican Secrets to be Updated via File  https://review.openstack.org/24263517:36
jaosoriordave-mccowan: Hey man, how's it going? Hey, what's the deal with this Marshall thingie?17:37
dave-mccowancomparing Marshal to the Nova/Cinder option: for Marshal the encryption is visible to the guest VM.  for Nova/Cinder the encryption in invisible to guest VM.  depending on the use case, one or the other might be preferable.17:38
jaosoriormakes sense17:39
dave-mccowanthen... comparing Marshal, with just using OSC to grab a key... Marshal is special purposed for disk encryption, by providing the connection to dm-crypt and bitlocker.  currently it connects to Barbican API directly, but I think Castellan would be a better option to support more use cases.17:43
dave-mccowanjaosorior, edtubill thoughts?17:44
jaosoriorwell... not really sure; I guess if for disk encryption castellanw as already being used, I guess it would make sense for Marshall to use that too17:46
dave-mccowani'd like to see Marshall support multiple KMS options.  By using Castellan, it could use Barbican or an HSM directly.  Now, it only support Barbican.  If we don't use Castellan, then we'd need to add multiple plugins directly in Marshall to support different KMS.17:48
jaosorioruhm; in that case using Castellan makes more sense, yeah17:48
*** pdesai has joined #openstack-barbican17:49
*** rellerreller has quit IRC17:59
*** shohel has quit IRC18:03
openstackgerritDave McCowan proposed openstack/barbican: Refactor Base64 use and other changes for Python3  https://review.openstack.org/23363318:06
openstackgerritFernando Diaz proposed openstack/barbican-specs: Blueprint for allowing file input to Barbican Client  https://review.openstack.org/24375318:08
*** su_zhang has joined #openstack-barbican18:11
*** alee is now known as alee_lunch18:13
*** diazjf has quit IRC18:14
jhfengdave-mccowan: will this marshal agent run in VM kernel or userspace ?18:16
dave-mccowanthe agent runs in userspace18:17
jhfengdave-mccowan: thanks, still reading its wiki18:19
*** diazjf has joined #openstack-barbican18:20
*** mixos has quit IRC18:21
jkfAnyone around who I can get some final approvals from for my health check blueprint? https://review.openstack.org/#/c/207317/18:21
jkfAlso, my pkcs11 changes went up yesterday, for anyone who wants to review and give feedback. https://review.openstack.org/#/c/243291/18:22
jhfengjkf: I'll take a look it. I also have a p11 session pool patch. maybe our changes are overlapped18:24
jhfenghttps://review.openstack.org/#/c/243202/18:24
*** jaosorior has quit IRC18:25
jkfjhfeng: I saw your change yesterday. While I don't implement session pooling in my module, it does handle sessions a little better than the original module.18:25
*** jaosorior has joined #openstack-barbican18:25
jkfI am also looking for iterate on that to either a single persistent session, or a small pool, depending on what performance looks like at scale.18:26
jhfengjkf: have you measured any perf improvement with your patch ?18:27
jhfengjkf: single session wouldn't work. need pool18:27
jkfAt a small scale, yes. Caching of the project keks provides the biggest win so far.18:27
jhfengjkf: cool18:28
*** jaosorior has quit IRC18:29
*** jaosorior has joined #openstack-barbican18:29
jkfjhfeng: How're you using barbican such that a single session wouldn't work?18:29
*** su_zhang has quit IRC18:32
jhfengjkf: in multithreads/ multiprocess case, the 2nd thread will get P11 failure because another operation is using the session18:32
*** su_zhang has joined #openstack-barbican18:32
jkfAh, ok. How has threading been working out for Barbican? I've been considering it for my deployment.18:33
jhfengunless you change session to that can be shared18:33
jhfengchanging process number in /etc/barbican/vassals/barbican-api.ini18:35
jhfengi also added threads in it. looks like 'threads' is not in default18:36
*** mixos has joined #openstack-barbican18:36
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Update Readme to include new/updated CLI commands  https://review.openstack.org/24377218:37
jkfGotcha, I didn't think anyone was actually doing threading with Barbican. I'll have to go look at my code again with that in mind.18:38
jkfI already predict one issue, in that the new module holds open a single session to do key caching operations on. Might need to mutex wrap that to serialize key caching. Should only affect the first time a project kek is loaded though.18:40
*** su_zhang has quit IRC18:41
jhfengjkf: you may need my fix for initializing p11 crypto plugin manager in multithreading env18:45
jhfenghttps://review.openstack.org/#/c/241712/18:46
*** su_zhang has joined #openstack-barbican18:46
jkfjhfeng: Thanks, I'll take a look.18:46
*** su_zhang has quit IRC18:47
jhfengjvrbanac: please also review above patch18:47
*** su_zhang has joined #openstack-barbican18:47
*** dave-mcc_ has joined #openstack-barbican18:58
*** dave-mccowan has quit IRC18:58
*** dave-mccowan has joined #openstack-barbican18:59
*** mixos has quit IRC19:03
*** dave-mcc_ has quit IRC19:03
*** mixos has joined #openstack-barbican19:04
*** kfarr has joined #openstack-barbican19:09
edtubilldave-mccowan: sounds interesting, I guess my only issue is that you have to expose barbican in the network for the VM to connect to it.19:11
edtubilldave-mccowan:I also wanted to get your opinion for this patch: https://review.openstack.org/#/c/239798/19:12
edtubilldave-mccowan: it looks like there are competing ideas for how block encryption should be done.19:13
dave-mccowanedtubill yep.  in the marshall use case, barbican would be on the data network, instead of on the management network.  not necessarily pro or con, i think, just a different use case.19:13
*** su_zhang has quit IRC19:16
edtubilldave-mccowan: I can see that. Is another advantage that you don't have to do different implementations for iSCSI, Ceph, ... ?19:17
*** su_zhang has joined #openstack-barbican19:17
dave-mccowangood point, i hadn't thought about that.  but, i think that would be case.19:18
dave-mccowanthe same code could also be used on bare metal too...19:18
jkfIs it just me, or is the devstack gate broken right now?19:22
dave-mccowanjkf my rebase just finished with the expected results19:24
edtubilldave-mccowan: that sounds cool, I'm still going through the docs for it. I guess this is for the use case where you want to provide block encryption to the customer VM directly and it's going to be a solution that will sit beside the current solutions which are at the compute host dmcrypt level (non competing).19:24
dave-mccowanjust two deployment options.  i'm not sure if a single customer would want to use both, but certainly Marshal fits a niche and is not intended to replace the current deployment options.19:27
jkfdave-mccowan: I asked because I noticed your recent refactor base64 change had a devstack gate failure as well.19:27
*** mixos has quit IRC19:28
dave-mccowanyea... the same failures i had before, i was rebasing before fixing.   are you seeing an API timeout error?  that one seems to be popping up more frequently these days.19:29
jkfNot sure, I'm having a hard time figuring out why devstack is failing. First time dealing with devstack in the gate.19:30
diazjfredrobot, notmyname, I created an etherpad with what was discussed yesterday on Castellan in Swift's keymaster: https://etherpad.openstack.org/p/swifjt-keymaster-with-castellan any input would be great! :)19:30
dave-mccowanjkf what's your CR number?19:32
jkfdave-mccowan: to me it looks like its failing to install packages during setup.19:32
jkfhttps://review.openstack.org/#/c/243291/19:33
dave-mccowanjkf that looks like a transient gate failure to me.  i agree it looks like package install failed, long before barbican comes into the picture.19:35
jkfSo I can just recheck it then?19:35
*** alee_lunch is now known as alee19:35
dave-mccowanyep19:36
jkfsweet, thanks! :)19:36
*** mixos has joined #openstack-barbican19:56
*** diazjf has quit IRC19:58
openstackgerritElvin Tubillara proposed openstack/barbican-specs: Create spec for cron job garbage collector for barbican database  https://review.openstack.org/24380619:59
*** nelsnelson has quit IRC19:59
*** nelsnelson has joined #openstack-barbican20:01
*** diazjf has joined #openstack-barbican20:02
*** jhfeng has quit IRC20:05
*** jhfeng has joined #openstack-barbican20:14
*** rellerreller has joined #openstack-barbican20:15
*** gyee has quit IRC20:18
*** mixos has quit IRC20:19
*** jhfeng has quit IRC20:24
*** jmckind_ is now known as jmckind20:26
*** mixos has joined #openstack-barbican20:29
*** mixos has quit IRC20:30
*** pdesai has quit IRC20:30
*** su_zhang has quit IRC20:32
*** jmckind is now known as jmckind_20:34
*** mixos has joined #openstack-barbican20:41
*** rellerreller has quit IRC20:43
*** dave-mccowan has quit IRC20:48
*** dave-mccowan has joined #openstack-barbican20:50
*** dave-mcc_ has joined #openstack-barbican20:52
*** dave-mccowan has quit IRC20:55
*** jaosorior has quit IRC20:58
*** diazjf has quit IRC20:59
*** su_zhang has joined #openstack-barbican21:06
*** jamielennox is now known as jamielennox|away21:25
*** woodster_ has joined #openstack-barbican21:27
*** diazjf has joined #openstack-barbican21:39
*** jhfeng has joined #openstack-barbican21:39
*** silos has left #openstack-barbican21:41
*** mixos has quit IRC21:52
*** jmckind has joined #openstack-barbican21:55
*** mixos has joined #openstack-barbican21:56
*** jmckind has quit IRC21:56
*** jmckind has joined #openstack-barbican21:57
*** jmckind_ has quit IRC21:57
*** jmckind has quit IRC21:58
*** jmckind has joined #openstack-barbican21:58
*** jmckind has quit IRC21:59
*** jmckind has joined #openstack-barbican22:00
openstackgerritFernando Diaz proposed openstack/barbican: Add user_meta column to Secrets Database  https://review.openstack.org/24264522:00
*** jmckind has quit IRC22:00
*** jmckind has joined #openstack-barbican22:01
*** jmckind has quit IRC22:03
*** jmckind has joined #openstack-barbican22:03
*** jmckind has quit IRC22:04
*** mixos has quit IRC22:06
*** pdesai has joined #openstack-barbican22:12
*** jamielennox|away is now known as jamielennox22:24
*** mixos has joined #openstack-barbican22:25
*** mixos has quit IRC22:27
*** diazjf has quit IRC22:33
*** reaperhulk_ has joined #openstack-barbican22:35
*** reaperhulk has joined #openstack-barbican22:35
*** reaperhulk_ has quit IRC22:42
*** reaperhulk_ has joined #openstack-barbican22:43
*** reaperhulk_ has quit IRC22:44
*** spotz is now known as spotz_zzz22:46
*** reaperhulk has quit IRC22:47
*** reaperhulk has joined #openstack-barbican22:47
*** alee has quit IRC22:50
*** edtubill has quit IRC22:51
*** su_zhang has quit IRC23:17
*** jhfeng has quit IRC23:21
*** stevemar_ has quit IRC23:25
*** stevemar_ has joined #openstack-barbican23:26
*** stevemar_ has quit IRC23:30
*** su_zhang has joined #openstack-barbican23:33
*** su_zhang has quit IRC23:34
*** kfarr has quit IRC23:42
*** alee has joined #openstack-barbican23:52
*** su_zhang has joined #openstack-barbican23:52
*** su_zhang has quit IRC23:58
« Monday, 2015-11-09 Index Wednesday, 2015-11-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!