Monday, 2016-02-08

« Sunday, 2016-02-07 Index Tuesday, 2016-02-09 »
*** chlong has joined #openstack-barbican00:26
*** chlong has quit IRC01:03
*** su_zhang has joined #openstack-barbican01:11
*** hyakuhei has joined #openstack-barbican01:46
*** chlong has joined #openstack-barbican02:06
*** su_zhang has quit IRC02:07
*** su_zhang has joined #openstack-barbican02:23
*** hyakuhei has quit IRC02:29
*** hyakuhei has joined #openstack-barbican02:32
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/27711602:37
*** mragupat has joined #openstack-barbican02:55
*** mragupat has quit IRC03:09
*** mragupat has joined #openstack-barbican03:10
*** hyakuhei has quit IRC03:32
*** hyakuhei has joined #openstack-barbican03:43
*** mragupat has quit IRC04:22
openstackgerritFernando Diaz proposed openstack/castellan: Add Credential Authentication Usage Documentation  https://review.openstack.org/27418304:24
*** david-lyle has quit IRC04:30
*** david-lyle has joined #openstack-barbican04:45
*** dimtruck is now known as zz_dimtruck04:50
*** Nirupama has joined #openstack-barbican04:57
*** hyakuhei has quit IRC05:01
*** dave-mccowan has quit IRC05:31
*** Nirupama has quit IRC05:43
*** su_zhang has quit IRC05:50
*** yfujioka has joined #openstack-barbican05:54
*** Nirupama has joined #openstack-barbican05:56
*** nkinder has joined #openstack-barbican06:23
*** alee has joined #openstack-barbican06:33
*** nkinder has quit IRC06:39
*** su_zhang has joined #openstack-barbican06:44
*** alee has quit IRC06:47
*** chlong has quit IRC07:03
*** alee has joined #openstack-barbican07:42
*** nkinder has joined #openstack-barbican07:44
*** Nirupama has quit IRC07:53
*** jaosorior has joined #openstack-barbican07:57
*** jaosorior has quit IRC08:05
*** Nirupama has joined #openstack-barbican08:07
*** scheuran has joined #openstack-barbican08:09
*** jaosorior has joined #openstack-barbican08:13
jaosorioralee: You might want to take a look at this http://logs.openstack.org/24/274024/2/check/gate-barbican-dogtag-devstack-dsvm-f23/ba4fda7/logs/devstacklog.txt.gz#_2016-02-07_15_36_13_54008:16
*** su_zhang has quit IRC08:21
aleejaosorior, hmm08:25
aleejaosorior, were is the review that generated this log?08:29
jaosorioralee: It's the one I did yesterday08:33
jaosorioralee: https://review.openstack.org/#/c/274024/08:33
aleejaosorior, so - for some reason, we still fail rpm -i python-requests, but that may not be an issue given whats in pip08:44
jaosorioralee: Indeed it's not an issue. the pip feeze shows it's installed. So it's good. It's a bogus message.08:44
aleejaosorior, but its clear that what we thought was happening is happening08:45
jaosorioralee: And python-nss is no longer sending an error message. so that's fixed.08:45
aleethat is there is a hostname without a domain set08:45
jaosorioralee: Indeed... So we need the removal of that check or the introduction of that flag08:45
aleecan we patch pkispawn till this happens in dogtag code?08:45
*** shohel has joined #openstack-barbican08:46
jaosorioralee: We could patch that... though it's gonna be pretty damn dirty. And it will most likely break once you introduce that check08:46
jaosoriorso I had patched some dogtag code in the devstack script before to debug some things. But it was with a damn dirty sed08:47
aleejaosorior, ok -we'll discuss ..08:47
jaosoriorSo I rather have that flag in pkispawn or the removal of that check08:47
*** chlong has joined #openstack-barbican08:49
jaosorioralee: Anyway, for now. I will trim down the patch to only remove that python-nss error.08:51
aleeok08:52
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Remove erroneous installing of python-nss  https://review.openstack.org/27402408:55
jaosorioralee; ^^08:55
*** jaosorior has quit IRC08:57
*** openstackgerrit has quit IRC09:02
*** openstackgerrit has joined #openstack-barbican09:02
*** jaosorior has joined #openstack-barbican09:03
*** spotz_zzz is now known as spotz09:21
*** yuanying is now known as yuanying_influen09:25
*** yuanying_influen is now known as yuanying_flu09:25
openstackgerritTobias Zatti proposed openstack/barbican: Applied Jason Fritchers changes  https://review.openstack.org/27359010:13
*** sidx64 has joined #openstack-barbican10:20
*** jaosorior has quit IRC11:41
*** jaosorior has joined #openstack-barbican11:43
*** sidx64 has quit IRC11:56
*** jaosorior has quit IRC12:17
*** krotscheck_dcm is now known as krotscheck12:39
*** spotz is now known as spotz_zzz12:45
*** jaosorior has joined #openstack-barbican12:46
*** jaosorior has quit IRC12:51
*** krotscheck has quit IRC13:06
*** dave-mccowan has joined #openstack-barbican13:12
*** krotscheck has joined #openstack-barbican13:18
openstackgerritMerged openstack/castellan: Updated from global requirements  https://review.openstack.org/27277913:40
*** su_zhang has joined #openstack-barbican13:56
*** alee has quit IRC13:59
*** shohel has quit IRC14:02
*** hyakuhei has joined #openstack-barbican14:05
*** sidx64 has joined #openstack-barbican14:07
openstackgerritMerged openstack/castellan: Introduce Castellan Credential Objects  https://review.openstack.org/27060214:09
*** Nirupama has quit IRC14:09
*** jaosorior has joined #openstack-barbican14:11
*** alee has joined #openstack-barbican14:12
*** hyakuhei has quit IRC14:13
*** sidx64_Cern has joined #openstack-barbican14:14
*** alee has quit IRC14:14
*** alee has joined #openstack-barbican14:14
*** sidx64 has quit IRC14:16
*** jaosorior has quit IRC14:21
*** jaosorior has joined #openstack-barbican14:21
*** hyakuhei has joined #openstack-barbican14:22
*** edtubill has joined #openstack-barbican14:23
*** su_zhang has quit IRC14:28
*** peter-hamilton has joined #openstack-barbican14:34
*** rellerreller has joined #openstack-barbican14:42
*** sidx64_Cern has quit IRC14:49
*** nelsnelson has quit IRC14:50
*** hyakuhei has quit IRC15:02
*** nkinder has quit IRC15:09
*** nkinder has joined #openstack-barbican15:10
*** hyakuhei has joined #openstack-barbican15:11
*** Nirupama has joined #openstack-barbican15:16
*** spotz_zzz is now known as spotz15:17
*** mragupat has joined #openstack-barbican15:21
*** Nirupama has quit IRC15:23
*** alee has quit IRC15:23
*** nelsnelson has joined #openstack-barbican15:24
*** alee has joined #openstack-barbican15:27
*** zz_dimtruck is now known as dimtruck15:31
*** silos has joined #openstack-barbican15:32
*** jhfeng has joined #openstack-barbican15:44
*** hyakuhei has quit IRC16:01
*** mp1 has joined #openstack-barbican16:02
*** mp1 has quit IRC16:03
*** mp1 has joined #openstack-barbican16:04
redrobotgong hey fat choy barbicaneers16:06
*** tkelsey has joined #openstack-barbican16:08
elmikogong xi facai to you too ;)16:11
spotzHayy Chinese New YEars redrobot:)16:13
jaosoriorI was pretty confused for a bit16:13
*** ccneill has joined #openstack-barbican16:17
*** silos has quit IRC16:19
*** kebray has joined #openstack-barbican16:19
*** hyakuhei has joined #openstack-barbican16:22
*** kebray_ has joined #openstack-barbican16:23
*** kebray has quit IRC16:24
*** silos has joined #openstack-barbican16:24
*** kebray_ has quit IRC16:27
*** mragupat has quit IRC16:32
*** mragupat has joined #openstack-barbican16:32
*** kebray has joined #openstack-barbican16:32
*** kebray has quit IRC16:37
*** kebray has joined #openstack-barbican16:38
*** diazjf has joined #openstack-barbican16:39
*** alee has quit IRC16:43
*** nkinder has quit IRC16:44
*** gyee has joined #openstack-barbican16:48
*** mragupat_ has joined #openstack-barbican16:51
*** su_zhang has joined #openstack-barbican16:52
*** mragupat has quit IRC16:54
openstackgerritChristopher Solis proposed openstack/barbican-specs: Add a KMIP key manager interface in Castellan  https://review.openstack.org/24654616:57
*** fnaval has joined #openstack-barbican17:03
*** su_zhang has quit IRC17:05
*** scheuran has quit IRC17:12
arunkantrellerreller : ping?17:12
*** edtubill has quit IRC17:14
*** kebray has quit IRC17:16
*** kebray has joined #openstack-barbican17:16
*** mp1 has quit IRC17:41
*** edtubill has joined #openstack-barbican17:47
*** kebray has quit IRC17:59
*** su_zhang has joined #openstack-barbican18:00
*** su_zhang has quit IRC18:01
*** kebray has joined #openstack-barbican18:06
rellerrellerarunkant pong18:06
*** mp1 has joined #openstack-barbican18:08
arunkantrellerreller: just replied to your comment on https://review.openstack.org/#/c/263972 . Please check.18:09
rellerrellerarunkant why can't there be multiple KMIP secret stores?18:10
arunkantrellerreller: there is one KMIP plugin configuration supported at conf and plugin instance level18:11
rellerrellerarunkant so your spec is limited to only one instance of each type of secret store?18:12
arunkantrellerreller: I am not talking about my spec, I am talking about current barbican impl18:13
rellerrellerarunkant then you can change the scenario to have key A in KMIP and key B in Dogtag.18:13
rellerrellerarunkant I understand that. It is another issue that we will have to tackle if this spec is approved.18:14
arunkantrellereller: What issue you are referring to? Its just providing option to use different plugin at project level among whatever plugins are available. Type of plugin should not matter.18:16
rellerrellerarunkant I would like details on how key wrapping would work for keys stored in two different secret stores.18:17
*** su_zhang has joined #openstack-barbican18:17
rellerrellerarunkant I would like to see a sequence diagram that shows storing the keys in different projects, which means different secret stores, and then retrieving one key that is wrapped with another key.18:18
rellerrellerarunkant I want to know if your spec will support that type of scenario.18:18
arunkantrellerreller: I am not working on adding key wrapping support. This is something you are talking about.18:18
rellerrellerarunkant I understand that, but I believe your spec will have impact on key wrapping spec.18:19
rellerrellerarunkant I want to know if that will be an issue and how we would deal with that.18:19
arunkantrellerreller: Okay..so I would not the details of key wrapping . If you think that's an issue, may be don't enable multiple backend support with key wrapping18:20
arunkantrellerreller: Its not requirement to use multiple backend.  Its going to be disabled by default.18:21
arunkantrellerreller: I am not looking into key wrapping feature so don't know the internals of how it will work. Thinking out loud, if there is multiple backend and key wrapping support added, it will have to some mechanism (on barbican side) to tie them together (like we do for currently for secrets where we stamp backend information within secret)18:26
arunkantrellerreller: What do you think?18:28
rellerrellerarunkant the key wrapping can happen on get and store. We can just consider the get case for now. You simply issue a get_secret command and specify a wrapping key that will encrypt the specified key before returning it.18:28
*** silos has quit IRC18:29
rellerrellerarunkant You can look at the KMIP spec. I listed the section in my comments, but it is pretty straight forward to follow.18:29
rellerrellerarunkant any information to show how that would work would help the conversation move along.18:30
arunkantrellerreller: As I said, there is always option that..don't enable multiple backend support with key wrapping if you think that's an issue.18:31
*** hyakuhei has quit IRC18:32
rellerrellerarunkant why not see if it is an issue?18:33
arunkantrellerreller: I think this will be looked into when key wrapping support is added as it will greatly vary across different plugins. So checking one specific may not be sufficient.18:34
rellerrellerarunkant I'm talking about existing plugins. We can choose PKCS#11 and KMIP.18:35
rellerrellerarunkant I would rather think about these scenarios up front, so that future specs that will be impacted by this one do not have to modify multiple secret store code. If we can take some time up front to think about this and have a good design to accomodate that then it can save time later on.18:36
*** mp1 has quit IRC18:37
*** kebray has quit IRC18:38
*** kebray has joined #openstack-barbican18:43
*** kebray has quit IRC18:43
krotscheckI've got 3x +2 on https://review.openstack.org/#/c/255364/, anyone availble to kick the +A?18:45
*** hyakuhei has joined #openstack-barbican18:49
*** mp1 has joined #openstack-barbican18:53
*** su_zhang has quit IRC18:55
*** su_zhang has joined #openstack-barbican18:56
*** kebray has joined #openstack-barbican18:56
*** kebray has quit IRC18:57
*** ccneill has quit IRC18:58
*** su_zhang has quit IRC18:58
*** peter-hamilton has quit IRC18:58
*** fnaval has quit IRC19:16
*** mp1 has quit IRC19:16
*** su_zhang has joined #openstack-barbican19:18
*** hyakuhei has quit IRC19:22
*** silos has joined #openstack-barbican19:23
arunkantrellerreller: As per quick browsing of wrapping key (http://docs.oasis-open.org/kmip/spec/v1.2/os/kmip-spec-v1.2-os.html#_Toc409613462) in kmip spec, key wrapping looks similar to transport key.19:25
arunkantrellerreller: In that case, we can define wrapping key specific to plugin instance and then pass that key reference when doing related secret store operations.19:26
arunkantrellerreller: So its always one to one mapping for specific plugin . I don't see issue with that as it seems similar to transport key behavior.19:28
*** ccneill has joined #openstack-barbican19:33
*** hyakuhei has joined #openstack-barbican19:35
*** kebray has joined #openstack-barbican19:35
openstackgerritFernando Diaz proposed openstack/barbican: WIP: User Metadata API and tests  https://review.openstack.org/27588519:36
*** kebray has quit IRC19:40
*** kebray has joined #openstack-barbican19:40
*** fnaval has joined #openstack-barbican19:42
*** mp1 has joined #openstack-barbican19:53
*** kfarr has joined #openstack-barbican19:54
*** woodster_ has joined #openstack-barbican20:02
*** maxabidi has joined #openstack-barbican20:03
*** tkelsey has quit IRC20:14
*** kebray has quit IRC20:20
*** su_zhang has quit IRC20:21
*** kebray has joined #openstack-barbican20:24
*** kebray has quit IRC20:27
*** alee has joined #openstack-barbican20:27
*** edtubill_ has joined #openstack-barbican20:28
*** su_zhang has joined #openstack-barbican20:28
*** edtubill has quit IRC20:30
*** su_zhang has quit IRC20:33
*** su_zhang has joined #openstack-barbican20:33
*** kebray has joined #openstack-barbican20:40
*** kebray has quit IRC20:40
*** kebray has joined #openstack-barbican20:47
*** su_zhang has quit IRC20:50
arunkantwoodster_ : Can you please check https://review.openstack.org/#/c/263972/ if it answers your review comments.20:58
jhfengredrobot: on barbican-manage cmd bp https://review.openstack.org/#/c/253719/, please have a look see if it's worth in Mitaka. if yes, just need workflow20:58
redrobotjhfeng lgtm20:58
arunkantalee: Same for you..https://review.openstack.org/#/c/263972/ . Can you please check if your earlier review comments response and latest patch.20:59
openstackgerritMerged openstack/barbican-specs: Adding a barbican-manage command  https://review.openstack.org/25371921:00
*** rellerreller has quit IRC21:01
arunkantrellerreller: please check my earlier messages in IRC above about key wrapping. Let me know if there are any further questions around it.21:01
*** kebray has quit IRC21:03
jkfredrobot: Can you take a look at this bugfix and give me a stamp of approval? Been trying to get this merged for a few weeks now. https://review.openstack.org/#/c/27057221:05
jkfThat's in regards to the padding bug found in my new pkcs11 code.21:05
*** tkelsey has joined #openstack-barbican21:05
*** kebray has joined #openstack-barbican21:06
jhfengjkf: +1, it's needed for migration21:09
*** silos has quit IRC21:09
*** tkelsey has quit IRC21:10
*** kebray has quit IRC21:12
*** kebray has joined #openstack-barbican21:14
*** kebray has quit IRC21:17
*** su_zhang has joined #openstack-barbican21:21
*** nsun__ has joined #openstack-barbican21:23
*** su_zhang has quit IRC21:26
*** silos has joined #openstack-barbican21:26
*** su_zhang has joined #openstack-barbican21:30
*** jaosorior has quit IRC21:38
*** nsun__ has quit IRC21:57
*** jhfeng has quit IRC21:58
*** jhfeng has joined #openstack-barbican22:07
openstackgerritFernando Diaz proposed openstack/barbican: Introduce User-Meta table, model, and repo  https://review.openstack.org/27096322:08
openstackgerritFernando Diaz proposed openstack/barbican: WIP: User Metadata API and tests  https://review.openstack.org/27588522:10
*** jaosorior has joined #openstack-barbican22:12
*** nelsnelson has quit IRC22:36
*** diazjf has quit IRC22:36
*** edtubill_ has quit IRC22:39
*** silos has quit IRC22:41
*** dimtruck is now known as zz_dimtruck22:53
*** kfarr has quit IRC22:53
*** mp1 has quit IRC23:00
*** mragupat_ has quit IRC23:02
*** jhfeng has quit IRC23:05
*** jaosorior has quit IRC23:06
*** nelsnelson has joined #openstack-barbican23:23
*** alee has quit IRC23:27
*** zz_dimtruck is now known as dimtruck23:27
*** dimtruck is now known as zz_dimtruck23:28
*** spotz is now known as spotz_zzz23:47
*** alee has joined #openstack-barbican23:49
« Sunday, 2016-02-07 Index Tuesday, 2016-02-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!