Wednesday, 2016-01-27

« Tuesday, 2016-01-26 Index Thursday, 2016-01-28 »
*** nelsnels_ has joined #openstack-barbican00:01
*** nelsnelson has quit IRC00:03
*** dimtruck is now known as zz_dimtruck00:15
*** SheenaG1 has joined #openstack-barbican00:23
*** kebray has quit IRC00:35
*** kebray has joined #openstack-barbican00:36
*** SheenaG1 has quit IRC00:53
*** cheneydc has joined #openstack-barbican00:55
*** jmckind_ has joined #openstack-barbican01:01
*** jmckind has quit IRC01:04
*** pdesai has joined #openstack-barbican01:13
*** jmckind has joined #openstack-barbican01:13
*** spotz is now known as spotz_zzz01:15
*** jmckind_ has quit IRC01:16
*** jmckind has quit IRC01:17
*** SheenaG has joined #openstack-barbican01:22
*** pdesai has quit IRC01:26
*** david-lyle has quit IRC01:36
*** pdesai has joined #openstack-barbican01:52
*** jhfeng has joined #openstack-barbican02:07
*** jhfeng has quit IRC02:12
*** kebray has quit IRC02:31
*** diazjf has joined #openstack-barbican02:33
*** su_zhang has quit IRC02:35
*** kebray has joined #openstack-barbican02:36
*** pdesai has quit IRC02:58
*** fnaval has quit IRC02:58
*** diazjf has quit IRC03:08
*** fnaval has joined #openstack-barbican03:13
*** yuanying has quit IRC03:21
*** yuanying has joined #openstack-barbican03:23
*** yuanying has quit IRC03:28
*** yuanying has joined #openstack-barbican03:33
*** yuanying has quit IRC03:40
*** yuanying has joined #openstack-barbican03:40
*** SheenaG has quit IRC03:47
*** SheenaG has joined #openstack-barbican03:48
*** yuanying has quit IRC03:56
*** yuanying has joined #openstack-barbican03:57
*** yuanying_ has joined #openstack-barbican03:58
*** yuanying has quit IRC04:01
*** sidx64 has joined #openstack-barbican04:14
*** david-lyle has joined #openstack-barbican04:25
*** david-lyle has quit IRC04:25
*** david-lyle has joined #openstack-barbican04:25
*** david-lyle has quit IRC04:30
*** mragupat has joined #openstack-barbican04:33
*** david-lyle has joined #openstack-barbican04:37
*** SheenaG has quit IRC05:02
*** fnaval has quit IRC05:06
*** su_zhang has joined #openstack-barbican05:09
*** kebray_ has joined #openstack-barbican05:25
*** kebray has quit IRC05:28
*** kebray_ has quit IRC05:28
*** kebray has joined #openstack-barbican05:28
*** kebray_ has joined #openstack-barbican05:45
*** kebray has quit IRC05:46
*** dave-mccowan has quit IRC05:52
openstackgerritMerged openstack/barbican: Updated from global requirements  https://review.openstack.org/27163706:00
*** Nirupama has joined #openstack-barbican06:18
*** jaosorior has joined #openstack-barbican06:27
*** mragupat has quit IRC06:28
*** scheuran has joined #openstack-barbican07:06
*** scheuran_ has joined #openstack-barbican07:19
*** scheuran has quit IRC07:21
*** chlong_zzz is now known as chlong07:31
*** yfujioka has joined #openstack-barbican07:43
*** su_zhang has quit IRC08:27
*** kebray_ has quit IRC08:43
*** woodster_ has quit IRC09:16
*** jaosorior has quit IRC09:19
*** jaosorior has joined #openstack-barbican09:20
*** jaosorior has quit IRC09:25
*** jaosorior has joined #openstack-barbican09:25
*** cheneydc has quit IRC10:05
*** pcaruana has joined #openstack-barbican11:44
*** cheneydc has joined #openstack-barbican12:17
openstackgerritMichael Krotscheck proposed openstack/barbican: Added CORS support to Barbican  https://review.openstack.org/25536412:18
*** pcaruana has quit IRC12:37
*** dave-mccowan has joined #openstack-barbican13:05
*** david-lyle has quit IRC13:08
*** chlong has quit IRC13:15
*** chlong has joined #openstack-barbican13:29
*** Nirupama has quit IRC14:08
*** darrenmoffat has quit IRC14:10
*** darrenmoffat has joined #openstack-barbican14:11
*** david-lyle has joined #openstack-barbican14:17
*** david-lyle has quit IRC14:44
*** SheenaG has joined #openstack-barbican14:46
*** david-lyle has joined #openstack-barbican14:48
*** zz_dimtruck is now known as dimtruck14:50
*** david-lyle has quit IRC14:53
*** su_zhang has joined #openstack-barbican14:53
*** spotz_zzz is now known as spotz15:02
*** jmckind has joined #openstack-barbican15:09
*** diazjf has joined #openstack-barbican15:11
*** silos has joined #openstack-barbican15:17
*** narengan12 has joined #openstack-barbican15:20
*** jmckind has quit IRC15:30
*** edtubill has joined #openstack-barbican15:31
*** jhfeng has joined #openstack-barbican15:34
*** mragupat has joined #openstack-barbican15:35
*** jmckind has joined #openstack-barbican15:36
*** mp1 has joined #openstack-barbican15:36
*** dimtruck is now known as zz_dimtruck15:39
*** zz_dimtruck is now known as dimtruck15:40
*** su_zhang has quit IRC16:03
*** su_zhang has joined #openstack-barbican16:06
*** SheenaG has left #openstack-barbican16:13
*** david-lyle has joined #openstack-barbican16:14
jaosorioralee: support for Fedora 23 in infra is getting there: http://lists.openstack.org/pipermail/openstack-infra/2016-January/003699.html16:16
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: WIP: Allow Barbican Secrets to be Stored via File  https://review.openstack.org/24263516:17
aleejaosorior, yay16:17
*** su_zhang has quit IRC16:17
*** diazjf has quit IRC16:17
*** woodster_ has joined #openstack-barbican16:21
*** dgonzalez has quit IRC16:23
*** dgonzalez has joined #openstack-barbican16:24
*** cheneydc has quit IRC16:25
*** diazjf has joined #openstack-barbican16:28
*** dimtruck is now known as zz_dimtruck16:31
*** david-lyle has quit IRC16:38
*** pwp has joined #openstack-barbican16:40
*** david-lyle has joined #openstack-barbican16:40
*** zz_dimtruck is now known as dimtruck16:48
*** scheuran_ has quit IRC16:56
*** sidx64 has quit IRC17:01
*** jmckind_ has joined #openstack-barbican17:13
*** kebray has joined #openstack-barbican17:15
*** kebray has quit IRC17:15
*** kebray has joined #openstack-barbican17:15
*** jmckind has quit IRC17:16
*** jaosorior has quit IRC17:20
*** jaosorior has joined #openstack-barbican17:20
*** jaosorior has quit IRC17:21
*** ccneill has joined #openstack-barbican17:22
openstackgerritFernando Diaz proposed openstack/python-barbicanclient: Allow Barbican Secrets to be Stored via File  https://review.openstack.org/24263517:23
*** kebray has quit IRC17:28
openstackgerritChristopher Solis proposed openstack/barbican: Create Orders Documentation  https://review.openstack.org/23612317:31
*** kfarr has joined #openstack-barbican17:33
*** kebray has joined #openstack-barbican17:42
*** narengan12 has quit IRC17:42
*** su_zhang has joined #openstack-barbican17:53
*** pwp has quit IRC17:55
*** kebray has quit IRC17:58
*** kebray has joined #openstack-barbican18:00
*** kebray has quit IRC18:03
*** narengan12 has joined #openstack-barbican18:07
*** SheenaG has joined #openstack-barbican18:13
*** SheenaG has left #openstack-barbican18:13
*** dimtruck is now known as zz_dimtruck18:15
*** pdesai has joined #openstack-barbican18:16
*** fnaval has joined #openstack-barbican18:18
openstackgerritJason Fritcher proposed openstack/barbican: Remove padding from legacy stored secrets  https://review.openstack.org/27057218:20
*** zz_dimtruck is now known as dimtruck18:25
*** pwp has joined #openstack-barbican18:26
*** kebray has joined #openstack-barbican18:32
*** stack_ has joined #openstack-barbican18:33
*** jmckind_ has quit IRC18:35
*** narengan12 has quit IRC18:37
*** jmckind has joined #openstack-barbican18:38
*** pwp has quit IRC18:41
*** mp1 has quit IRC18:43
*** ccneill has quit IRC18:45
*** stack_ is now known as narengan18:46
*** silos has quit IRC18:49
openstackgerritMerged openstack/barbican: Add lock for crypto plugin manager instantiation  https://review.openstack.org/24171218:54
woodster_jkf, jhfeng : I was curious about the thread locks in the p11 code...what issues were you seeing when you added those locks? Was the hsm driver locking up, or were you seeing db access issues?18:59
*** ccneill has joined #openstack-barbican19:01
*** ccneill has quit IRC19:01
*** ccneill has joined #openstack-barbican19:02
jhfengwoodster_: in my case, https://review.openstack.org/#/c/241712/ is for fixing https://bugs.launchpad.net/barbican/+bug/151151919:03
openstackLaunchpad bug 1511519 in Barbican "Fail to instantiate cryptoPlugin in multithread env" [Undecided,Fix released] - Assigned to Jeff Feng (jianhua)19:03
*** pwp has joined #openstack-barbican19:04
jhfengwoodster_ when I doing testing with multiple-thread from  client, say 10 threads to do secret PUT requests19:05
woodster_jhfeng: what WSGI container are you using to run Barbican? We are using gunicorn19:05
woodster_jhfeng:  so you guys are using multiple threads vs processes it looks like. I'm curious the impact of that on database concurrency with sqlalchemy. Are you tuning sqlalchemy config params at all, or just running defaults?19:07
jhfengmultiple threads in server side to do crypto plugin initialization one of succeed, others failed with P11CryptoPluginException: HSM returned response code: 0x191L CKR_CRYPTOKI_ALREADY_INITIALIZED19:07
jhfengwe use uWSGI, and use >1 processes ( worker)19:07
*** pwp has quit IRC19:08
jhfengI'm using default sqlalchemy config19:09
*** pwp has joined #openstack-barbican19:33
openstackgerritFernando Diaz proposed openstack/castellan: Add created property to Managed Objects  https://review.openstack.org/23815019:37
*** kebray has quit IRC19:46
diazjfkfarr, thanks for the reviews :) Can we schedule a hangout sometime next week do discuss BYOK?19:54
kfarrdiazjf, sure!19:54
*** pwp has quit IRC19:57
*** silos has joined #openstack-barbican19:58
*** pwp has joined #openstack-barbican20:01
diazjfkfarr, awesome! Maybe Tuesday or Wednesday. I'll give you a headsup before20:01
*** pwp has quit IRC20:01
*** pwp has joined #openstack-barbican20:01
kfarrOk, great thanks!  If you have it scheduled by Monday's meeting, it could be nice to announce it to everyone20:02
pwpredrobot: diazjf: I want to work on test cases for the python-barbican-client. I ran tox -e py27 and it looks like the acls need the most love. Any suggestions?20:03
diazjfkfarr, sure that works for me.20:04
redrobotpwp sounds good to me.20:04
*** barra204 has quit IRC20:06
diazjfpwp, barbican client needs some love.20:07
diazjfpwp look at orders as well20:07
*** mp1 has joined #openstack-barbican20:26
diazjfIf anyone has any free cycles, can you review https://review.openstack.org/#/c/219135/20:35
diazjfIts just an update to python-barbicanclient testing docs20:36
*** diazjf has quit IRC20:41
*** narengan has quit IRC20:48
edtubillping woodster_20:49
*** narengan has joined #openstack-barbican20:52
siloskfarr: could you check out this patch when you have a chance: https://review.openstack.org/#/c/246546/20:55
kfarrok silos20:56
siloskfarr: thanks!20:57
woodster_edtubill: hello20:59
kfarrsilos, I'm trying to find more information about Barbican federation.  Is this still up to date? https://wiki.openstack.org/wiki/Barbican/Discussion-Federated-Barbican21:09
siloskfarr: Not in that wiki. We decided at the mid-cycle to go forward with BYOK and I think diazjf was gonna set up a new wiki for that which would replace all the previous federation talks.21:11
kfarrsilos, ok, so when you talk about Barbican Federation, that solely means BYOK, and not all that discussion about creating a new "link" type secret in Barbican and all that?21:12
kfarrand when you talk about BYOK, does the user store keys in files on their own device or are they getting them out of some separate key manager?21:12
*** diazjf has joined #openstack-barbican21:15
siloskfarr: Yes. I don't think we decided to move forward with the links or any of the models we initially proposed. As for your second question I don't really know because we still haven't flushed out all the specifics yet of the BYOK model.21:16
siloskfarr: I could probably just remove the federation aspect mentioned in the BP. It was really germaine to our previous proposals but probably not the current one.21:17
silos*germane21:17
*** narengan has quit IRC21:19
kfarrsilos, ok, yeah that might help a little bit.21:20
siloskfarr: no prob.21:20
siloskfarr: thx for looking it over21:20
kfarrsilos, in that first use case, I'm still a little confused, are you talking about hooking up castellan directly to a KMIP device or are you talking about BYOK?21:21
kfarrOr is that what you were just saying, that you were going to just remove those last two sentences?21:22
kfarrbrb21:23
siloskfarr: yea. I was going to remove those last two sentences. ok21:23
kfarrsilos, ok yeah that's helpful, thanks!21:27
*** kebray has joined #openstack-barbican21:45
*** su_zhang has quit IRC21:49
*** kebray has quit IRC21:50
*** diazjf has quit IRC21:51
edtubillwoodster_: For cleaning up the database, before reaping the secret I wanted to set the order's secret_id to null so I could reap the secret without getting a FK error. Do you think this is fine? would I need to update the merged blueprint with this change?21:51
*** lvh_ is now known as lvh22:05
woodster_edtubill: maybe the first phase/CRs could focus on just cleaning up secrets that have no FK to an order. Then after that add cleaning up orders. What makes orders sticky is cert order types...those have to stick around for a long time potentially, to support reissues/renewals etc.22:13
woodster_edtubill:  nulling out the FK to a secret/container would be a bad experience I'd say22:14
openstackgerritChristopher Solis proposed openstack/barbican-specs: Add a KMIP key manager interface in Castellan  https://review.openstack.org/24654622:16
edtubillwoodster_: thx, that sounds good, for the first CRs I will skip the soft deleted secrets that have a non soft deleted order pointing to it.22:17
edtubillwoodster_: also, for the order model I saw that the order retry task child does not get cleaned. Should I do the same and skip if there is a child order_retry_task that is not soft deleted? Line 539: https://github.com/openstack/barbican/blob/master/barbican/model/models.py22:18
*** diazjf has joined #openstack-barbican22:25
*** jmckind_ has joined #openstack-barbican22:26
*** jmckind has quit IRC22:30
*** jmckind has joined #openstack-barbican22:31
*** jmckind_ has quit IRC22:33
woodster_edtubill: It seems like that could be yet another clean up phase too. That might actually be better to do from teh retry service logic anyway though22:35
edtubillwoodster_:ok thx!22:36
woodster_edtubill: yeah the delete children is about removing associations from the orders table... the retry table is really an independent entity22:36
edtubillwoodster_: I think the retry table has a non nullable FK for the order, and the relationship goes from retry->order. So I'm not sure if there is a period in time where there can be a soft deleted order but also a non soft deleted order retry task existing.22:38
*** jmckind has quit IRC22:41
woodster_edtubill: well orders only exist in that retry table to be retried. That same retry logic could scan for retry orders that are deletable and then just delete both the retry record and the order...probably would need a cascade rule from retry table to orders. At any rate that could come in later CRs I'd think22:42
*** dimtruck is now known as zz_dimtruck22:43
edtubillwoodster_: ok, I also had one more thing - Can you look at this comment I made here: https://review.openstack.org/#/c/270963/4/barbican/model/models.py22:43
edtubillwoodster_: I was wondering if all of these cascade rules defined for alchemy would have to be reflected in alembic as well, or does alchemy/alembic automatically handle the cascades?22:45
*** mp1 has quit IRC22:45
*** pwp has quit IRC22:48
*** pwp has joined #openstack-barbican22:51
*** mp1 has joined #openstack-barbican22:51
*** mp1 has quit IRC22:56
*** kfarr has quit IRC22:57
*** diazjf has quit IRC23:01
*** yuanying_ has quit IRC23:02
*** su_zhang has joined #openstack-barbican23:02
*** silos has left #openstack-barbican23:02
*** yuanying has joined #openstack-barbican23:12
*** chlong has quit IRC23:18
woodster_edtubill: taking a look....23:19
edtubillwoodster_:thx23:20
*** mp1 has joined #openstack-barbican23:21
*** mragupat has quit IRC23:22
edtubillwoodster_: I might be confused on the idea of deleting orphans because the FK of the child is non nullable, so therefore setting cascade delete-orphans might not be possible because the child can't become an orphan (you get a FK error when deleting the parent)?23:22
*** mp1 has quit IRC23:28
*** chlong has joined #openstack-barbican23:31
woodster_edtubill:  that should be true actually23:35
woodster_edtubill:  I'm curious why there is both a 'meta'  and 'secret_user_metadata' attribute on that CR...seems you only need one or the other (probably just the key/value table one?)23:37
*** zz_dimtruck is now known as dimtruck23:38
edtubillyeah I'm not sure about that json blob, I guess it's redundant if you have a table of key,values?23:38
*** ccneill has quit IRC23:38
edtubillI could ask diazjf about that later.23:39
*** spotz is now known as spotz_zzz23:40
*** jhfeng has quit IRC23:41
edtubillwoodster_: So I need to go, I want to ask you more questions later (maybe tomorrow) about cascades and if they actually work in barbican. So see you later and thx!23:44
*** edtubill has quit IRC23:45
*** dimtruck is now known as zz_dimtruck23:45
*** su_zhang has quit IRC23:56
« Tuesday, 2016-01-26 Index Thursday, 2016-01-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!