Thursday, 2016-03-24

*** chlong has quit IRC00:11
*** fawadkhaliq has quit IRC00:15
*** fawadkhaliq has joined #openstack-barbican00:17
*** gyee has quit IRC00:20
*** fawadkhaliq has quit IRC00:28
*** fawadkhaliq has joined #openstack-barbican00:30
*** zz_dimtruck is now known as dimtruck00:32
*** fawadkhaliq has quit IRC00:34
*** fawadkhaliq has joined #openstack-barbican00:35
*** fawadkhaliq has quit IRC00:41
*** woodster_ has quit IRC00:57
*** cheneydc has joined #openstack-barbican01:01
*** fawadkhaliq has joined #openstack-barbican01:08
*** fredyx10 has joined #openstack-barbican01:09
*** tkelsey has joined #openstack-barbican01:09
*** fawadkhaliq has quit IRC01:11
*** tkelsey has quit IRC01:14
*** Kevin_Zheng has joined #openstack-barbican01:15
*** fredyx10 has quit IRC01:26
*** chlong has joined #openstack-barbican01:36
*** fawadkhaliq has joined #openstack-barbican01:56
*** jorge_munoz has quit IRC02:13
*** fawadkhaliq has quit IRC02:27
openstackgerritReedip proposed openstack/python-barbicanclient: Fix argument order for assertEqual to (exp, obs)
*** xaeth has quit IRC03:53
*** fawadkhaliq has joined #openstack-barbican04:03
*** dimtruck is now known as zz_dimtruck04:14
*** fawadkhaliq has quit IRC04:27
*** fawadkhaliq has joined #openstack-barbican04:27
*** mp1 has joined #openstack-barbican04:41
*** dave-mccowan has quit IRC04:45
*** chlong has quit IRC04:56
*** tkelsey has joined #openstack-barbican05:10
*** mp1 has quit IRC05:12
*** chlong has joined #openstack-barbican05:13
*** tkelsey has quit IRC05:15
*** fawadkhaliq has quit IRC05:32
*** fawadkhaliq has joined #openstack-barbican05:32
*** pcaruana has quit IRC05:48
*** chlong has quit IRC06:08
openstackgerritAnh Tran proposed openstack/barbican: Removes redundant "to"
*** jaosorior has joined #openstack-barbican06:15
*** jaosorior has quit IRC06:17
*** jaosorior has joined #openstack-barbican06:18
*** chlong has joined #openstack-barbican06:22
*** fawadkhaliq has quit IRC06:53
openstackgerritAnh Tran proposed openstack/barbican: Removes redundants
*** pcaruana has joined #openstack-barbican07:32
*** scheuran has joined #openstack-barbican07:48
*** chlong has quit IRC08:38
*** tkelsey has joined #openstack-barbican08:47
*** cheneydc has quit IRC10:25
*** jaosorior has quit IRC10:34
*** jaosorior has joined #openstack-barbican10:43
*** viktors has joined #openstack-barbican11:15
viktorsfolks, I have a newbie question about the barbican usage - can I use it without openstack to store passwords securely (from person with root ssh access to server)?11:30
zigoGuys, I have a problem running barbican-db-manage upgrade with the RC1:11:31
zigo2016-03-24 11:30:17.089 16678 ERROR barbican.cmd.db_manage ProgrammingError: (_mysql_exceptions.ProgrammingError) (1146, "Table 'barbicandb.tenant_secret' doesn't exist") [SQL: u'ALTER TABLE tenant_secret DROP FOREIGN KEY tenant_secret_ibfk_1']11:32
zigo2016-03-24 11:30:17.089 16678 ERROR barbican.cmd.db_manage11:32
zigoERROR: (_mysql_exceptions.ProgrammingError) (1146, "Table 'barbicandb.tenant_secret' doesn't exist") [SQL: u'ALTER TABLE tenant_secret DROP FOREIGN KEY tenant_secret_ibfk_1']11:32
zigoIs it a known issue, and is there a fix for it?11:32
zigojaosorior: ^11:38
zigohockeynut: ^11:40
*** dave-mccowan has joined #openstack-barbican12:17
*** rellerreller has joined #openstack-barbican12:18
*** cheneydc has joined #openstack-barbican12:24
*** alee has quit IRC12:24
*** dongc has joined #openstack-barbican12:30
*** cheneydc has quit IRC12:32
*** dongc is now known as cheneydc12:32
*** zz_dimtruck is now known as dimtruck13:20
*** xaeth has joined #openstack-barbican13:24
zigoI got also other failures with barbican-keystone-listener, I need help to get it fixed.13:25
zigoOtherwise, this Debian package will be a really bad shape... :(13:25
zigodave-mccowan: jvrbanac_ jaosorior rellerreller reaperhulk hockeynut anyone around?13:30
*** jmckind has joined #openstack-barbican13:39
*** alee has joined #openstack-barbican13:40
*** fredyx10 has joined #openstack-barbican13:41
*** dimtruck is now known as zz_dimtruck13:44
*** cheneydc has quit IRC13:57
*** cheneydc has joined #openstack-barbican14:09
*** sigmavirus24_awa is now known as sigmavirus2414:09
*** woodster_ has joined #openstack-barbican14:11
*** zz_dimtruck is now known as dimtruck14:14
*** spotz_zzz is now known as spotz14:15
rellerrellerzigo what's up14:20
zigorellerreller: This:14:23
zigoGuys, I have a problem running barbican-db-manage upgrade with the RC1:14:23
zigo2016-03-24 11:30:17.089 16678 ERROR barbican.cmd.db_manage ProgrammingError: (_mysql_exceptions.ProgrammingError) (1146, "Table 'barbicandb.tenant_secret' doesn't exist") [SQL: u'ALTER TABLE tenant_secret DROP FOREIGN KEY tenant_secret_ibfk_1']14:23
zigo2016-03-24 11:30:17.089 16678 ERROR barbican.cmd.db_manage14:23
zigoERROR: (_mysql_exceptions.ProgrammingError) (1146, "Table 'barbicandb.tenant_secret' doesn't exist") [SQL: u'ALTER TABLE tenant_secret DROP FOREIGN KEY tenant_secret_ibfk_1']14:23
zigorellerreller: The migration is broken.14:23
rellerrellerzigo what version are you migrating from and to?14:24
zigorellerreller: From nothing to rc1.14:24
zigorellerreller: Just installing the Debian package and trying to do the db migration.14:24
rellerrellerzigo that makes sense based upon the error14:24
zigorellerreller: I had to produce that patch to make it work:
zigorellerreller: It's wrong in many ways, I know, so it'd be better to have something from you guys (upstream).14:25
rellerrellerzigo I'm not so familiar with barbican-db-manage at the moment, but the problem is that there were no tables to start with.14:26
rellerrellerzigo I would have to look to see if the script was intended for migrations only or to create new tables as well.14:26
zigorellerreller: Also, barbican-keystone-listener refuses to start.14:27
rellerrellerzigo I don't know what redrobot and others had intended for the script.14:27
rellerrellerzigo that's odd. I wonder why certificate_manager cannot be found. Any ideas why that is not in python path?14:29
zigorellerreller: Well, IT IS in the python path !!!14:30
rellerrellerzigo I saw this "ImportError: cannot import name certificate_manager" in error message. That's why I thought that.14:31
zigorellerreller: Look at that one:14:32
zigoIt doesn't work the first time, it does the 2nd time !!!14:32
woodster_rellerreller: zigo This alembic version script should get called initially to stand up tables:
rellerrellerzigo ??? I'm stumped by this.14:34
zigowoodster_: How would I start this then?14:34
zigoJust execute it?14:34
*** asingh has joined #openstack-barbican14:36
woodster_zigo: This should do it for you on a fresh db: barbican-db-manage --dburl $DB_MGR_CONN upgrade -v head14:36
*** jaosorior has quit IRC14:37
zigowoodster_: Ok, will try (I'm on a call, so will do after it).14:37
woodster_zigo: you should see that it stepping thru all the alembic scripts as it runs that command14:37
*** jvrbanac_ is now known as jvrbanac14:49
*** jorge_munoz has joined #openstack-barbican14:51
*** cheneydc has quit IRC14:53
*** cheneydc has joined #openstack-barbican14:54
*** jorge_munoz_ has joined #openstack-barbican14:55
*** jorge_munoz has quit IRC14:56
*** jorge_munoz_ is now known as jorge_munoz14:56
*** cheneydc has quit IRC14:59
*** cheneydc has joined #openstack-barbican15:01
zigowoodster_: Doing what you just wrote does exactly the same error.15:01
zigo2016-03-24 15:01:01.954 32258 ERROR barbican.cmd.db_manage InternalError: (pymysql.err.InternalError) (1025, u"Error on rename of './barbicandb/#sql-232b_ec0' to './barbicandb/orders' (errno: 150)") [SQL: u'ALTER TABLE orders CHANGE tenant_id project_id VARCHAR(36) NULL']15:01
zigo2016-03-24 15:01:01.954 32258 ERROR barbican.cmd.db_manage15:01
zigoERROR: (pymysql.err.InternalError) (1025, u"Error on rename of './barbicandb/#sql-232b_ec0' to './barbicandb/orders' (errno: 150)") [SQL: u'ALTER TABLE orders CHANGE tenant_id project_id VARCHAR(36) NULL15:01
*** cheneydc has quit IRC15:03
zigoSo, the is having issues, as I wrote.15:06
zigo    _change_fk_to_project(15:06
zigo        ctx, con, 'orders', 'orders_ibfk_1', 'orders_project_fk') <--- That one is failing over.15:06
*** silos has joined #openstack-barbican15:08
*** dave-mccowan has quit IRC15:13
*** david-lyle has quit IRC15:13
*** yuanying has quit IRC15:13
*** arunkant has quit IRC15:13
*** david-lyle has joined #openstack-barbican15:17
*** cheneydc has joined #openstack-barbican15:18
woodster_zigo: are you are starting with a completely clean db?15:27
zigowoodster_: Yes.15:28
* woodster_ Adding gate checks for alembic/migration testing to our newton etherpad...15:28
woodster_zigo:  we run those scripts against postgres locally, and upstream devstack testing uses sqlalchemy to populate the db at time zero15:29
*** dave-mccowan has joined #openstack-barbican15:29
*** yuanying has joined #openstack-barbican15:29
*** arunkant has joined #openstack-barbican15:29
zigowoodster_: Oh, so you're not trying MySQL ?15:29
zigowoodster_: Probably there's a problem with using MySQL then, no?15:29
woodster_zigo: we are moving to that but I don't believe the move has been completed as of yet15:30
woodster_zigo: that's what it seems :\15:35
*** arunkant_ has joined #openstack-barbican15:36
woodster_zigo: Looks like silos might have seen the same issue?:
woodster_zigo: my gut is that something changed with alembic, because these version files are pretty old now15:41
siloswoodster, zigo: I was trying to add the alembic/migration testing stuff, but that patch needs to get merged.15:45
zigowoodster_: Oh... So just patch this 1 into a 2 ? :)15:53
zigoI mean 2 -> 115:53
zigoOh ok.15:54
zigoWill just apply that one patch! :)15:54
arunkant_jaosorior: ping15:55
*** agrebennikov has joined #openstack-barbican15:56
*** jmckind_ has joined #openstack-barbican15:57
*** jmckind has quit IRC15:58
*** agrebennikov has quit IRC16:00
*** asingh has quit IRC16:00
*** silos has quit IRC16:01
*** asingh has joined #openstack-barbican16:01
*** silos has joined #openstack-barbican16:02
*** agrebennikov has joined #openstack-barbican16:08
*** gyee has joined #openstack-barbican16:12
*** jmckind_ has quit IRC16:18
*** jmckind has joined #openstack-barbican16:20
*** cheneydc has quit IRC16:20
*** fredyx101 has joined #openstack-barbican16:32
*** fredyx10 has quit IRC16:34
*** silos has quit IRC16:50
*** fredyx101 has quit IRC16:54
*** silos has joined #openstack-barbican16:55
*** tkelsey has quit IRC17:00
*** openstackgerrit has quit IRC17:01
*** tkelsey has joined #openstack-barbican17:01
*** openstackgerrit has joined #openstack-barbican17:01
*** scheuran has quit IRC17:02
*** jorge_munoz has quit IRC17:02
*** diazjf has joined #openstack-barbican17:04
*** asingh has quit IRC17:04
*** asingh has joined #openstack-barbican17:05
*** fredyx10 has joined #openstack-barbican17:07
*** fredyx101 has joined #openstack-barbican17:09
*** fredyx10 has quit IRC17:12
*** jmckind has quit IRC17:15
*** fredyx101 has quit IRC17:22
*** gyee has quit IRC17:23
*** pcaruana has quit IRC17:40
*** silos has quit IRC17:43
openstackgerritArun Kant proposed openstack/barbican: Adding support for barbican host href to be derived from wsgi request
*** fredyx10 has joined #openstack-barbican17:49
*** diazjf has quit IRC17:55
*** jorge_munoz has joined #openstack-barbican18:03
openstackgerritMerged openstack/barbican: Removes redundants
*** jmckind has joined #openstack-barbican18:21
*** diazjf has joined #openstack-barbican18:22
*** rellerreller has quit IRC18:29
*** silos has joined #openstack-barbican18:36
*** fredyx10 has quit IRC19:01
*** fredyx10 has joined #openstack-barbican19:02
*** diazjf has quit IRC19:17
*** silos1 has joined #openstack-barbican19:19
*** silos has quit IRC19:20
*** silos1 has quit IRC19:22
*** silos has joined #openstack-barbican19:24
*** diazjf has joined #openstack-barbican19:25
*** fredyx10 has quit IRC19:43
*** fredyx10 has joined #openstack-barbican19:47
*** silos1 has joined #openstack-barbican19:48
*** silos1 has quit IRC20:06
*** silos has joined #openstack-barbican20:06
*** gyee has joined #openstack-barbican20:06
zigowoodster_: fixed the issue with, now I have more in and 1c0f328bfce0_fixing_composite_primary_keys_and_.py20:19
zigo2016-03-24 20:15:09.828 25596 ERROR barbican.cmd.db_manage ProgrammingError: (pymysql.err.ProgrammingError) (1146, u"Table 'barbicandb.ContainerConsumerMetadatum' doesn't exist") [SQL: u'ALTER TABLE `ContainerConsumerMetadatum` MODIFY `URL` VARCHAR(255) NULL']20:19
zigo2016-03-24 20:15:09.828 25596 ERROR barbican.cmd.db_manage20:19
zigoERROR: (pymysql.err.ProgrammingError) (1146, u"Table 'barbicandb.ContainerConsumerMetadatum' doesn't exist") [SQL: u'ALTER TABLE `ContainerConsumerMetadatum` MODIFY `URL` VARCHAR(255) NULL']20:19
zigoSo, ContainerConsumerMetadatum doesn't exist ?!?20:19
*** fredyx10 has quit IRC20:28
*** fredyx10 has joined #openstack-barbican20:31
*** diazjf has quit IRC20:32
*** diazjf has joined #openstack-barbican20:34
*** silos has quit IRC20:35
*** tkelsey has quit IRC20:45
*** openstackgerrit has quit IRC20:48
*** fredyx10 has quit IRC20:48
*** openstackgerrit has joined #openstack-barbican20:49
*** fredyx10 has joined #openstack-barbican20:50
*** diazjf has quit IRC21:03
*** diazjf has joined #openstack-barbican21:08
*** spotz is now known as spotz_zzz21:11
woodster_zigo: hmm, looks like you are right...that version went in recently21:13
*** fawadkhaliq has joined #openstack-barbican21:13
woodster_redrobot: look like there's an incomplete alembic version up there21:15
*** asingh has quit IRC21:18
*** asingh has joined #openstack-barbican21:19
*** asingh has quit IRC21:21
*** asingh has joined #openstack-barbican21:21
*** asingh has quit IRC21:26
*** asingh has joined #openstack-barbican21:27
*** asingh has quit IRC21:29
*** asingh has joined #openstack-barbican21:29
zigowoodster_: It's a bit frustrating, because I need Barbican to be able to test Magnum ... :/21:32
zigowoodster_: If I just try: <the-code> except: pass in the mean while, will Barbican continue to work?21:33
*** jraim has quit IRC21:34
zigowoodster_: I also have a problem with barbican-keystone-listener which refused to start.21:34
*** asingh has quit IRC21:35
zigoWhat is barbican-keystone-listener for btw? I don't even know what it is for ...21:35
*** asingh has joined #openstack-barbican21:35
*** jraim has joined #openstack-barbican21:36
*** openstack has joined #openstack-barbican21:49
zigowoodster_: I still get this though:21:50
zigo# barbican secret container list21:50
zigoStarting new HTTP connection (1):
zigoStarting new HTTP connection (1):
zigoFailed to contact the endpoint at for discovery. Fallback to using that endpoint as the base url.21:50
zigoStarting new HTTP connection (2):
woodster_zigo: yep for sure it needs to be fixed21:50
zigoUnable to establish connection to
zigoAnd the server *IS* up and running, and listening on that port.21:50
*** fawadkhaliq has quit IRC21:51
*** jmckind has quit IRC21:51
woodster_zigo: are you getting a 400 back?21:51
zigowoodster_: nmap shows the port as open, netstat too.21:51
*** fawadkhaliq has joined #openstack-barbican21:52
woodster_are you launching via bin/ start?21:52
woodster_zigo: ^^21:52
zigoNop, I'm using uwsgi.21:52
zigowoodster_: <--- That's my init script.21:53
woodster_zigo: ...catching up on more recent mods to the startup process here
zigowoodster_: Oh, there's a barbican-api daemon now?21:55
zigoThat's new then.21:56
zigowoodster_: Does it support the normal --config-file and --log-file options as for the rest of OpenStack ?21:56
woodster_zigo: I'll have to defer to redrobot for those questions. I'd say if it doesn't we can bring that up in Austin next month21:58
*** diazjf has quit IRC21:58
woodster_zigo: perhaps try with that script first just to verify the code/configs are set correctly21:58
woodster_zigo: note that you need to provide the X-Project-Id header with your favorite fake tenant ID as a minimum in the no-auth mode21:59
zigowoodster_: My "favorite fake tenant" ?!? :)22:00
woodster_zigo: for ACL sorts of operations you'd need to provide one or two other headers22:00
zigowoodster_: Man, I've setup an all-in-one machine with nova, keystone, glance, heat, etc. :)22:00
*** yuanying has joined #openstack-barbican22:00
*** arunkant has joined #openstack-barbican22:00
zigoIt's not "fake dev mode", I'm trying to get that package work, just like the rest of OpenStack.22:00
woodster_zigo: out of the box barbican is in a no-auth 'eval' mode, just to play with the API as quickly as possible22:00
woodster_zigo: sounds like you are a power user then!22:01
zigowoodster_: I'd like to make it in a good enough shape so that "apt-get install barbican-api barbican-worker" is enough to make it fully work.22:01
zigowoodster_: I maintain ALL of OpenStack in Debian, nearly all alone.22:01
woodster_zigo: so are you on the debian or red hat packaging side of this then?22:02
zigo366 packages so far...22:02
woodster_zigo: ok I'm with you then22:02
woodster_zigo: I thought you were coming at this from the magnum side of things22:02
zigowoodster_: Well, I was trying to get Magnum to work with the Adrian Otto, then he told me "hey, that box you've setup, it needs Barbican".22:02
*** fredyx10 has quit IRC22:03
*** DuncanT has quit IRC22:03
zigoSo I tried, and found out the Barbican package was kind of completely broken...22:03
zigoIt used to work for Liberty.22:03
woodster_zigo: so alee and xaeth have been involved in getting rpm packages created for Barbican....there might be some knowledge share there. As for debian packaging, I'm not sure how much (if any) expertise has been available for that :\22:03
zigowoodster_: I just need a Barbican expert, I'm ok doing the packaging alone! :)22:04
woodster_zigo: do you mean the rpm one?22:04
zigowoodster_: Could you expand on the "no auth by default" thing?22:04
zigowoodster_: How do I make it use Keystone then?22:04
*** asingh has quit IRC22:04
zigoDid you see this one?
zigoIt's kind of weirdish ...22:05
woodster_zigo: so the default paste config sets up barbican no auth:
zigoAh, that's where I should look, thanks !22:05
*** DuncanT has joined #openstack-barbican22:05
woodster_zigo: this is the pipeline to use instead if you want keystone in the mix:
zigoHow can I make it use [pipeline:barbican-api-keystone] then ?22:06
woodster_zigo: I'm transitioning to the nova/glance side of things, and see they are building paste pipelines dynamically now...barbican is not there yet22:06
zigowoodster_: So, in [composite:main], I should set /v1 to barbican-api-keystone ?22:07
woodster_zigo: you have to modify that paste conf file to change the 4th line to: /v1: barbican-api-keystone22:07
zigoRight ! :)22:07
zigoWrote it just before you did. :P22:07
woodster_zigo: that too!22:07
zigoDoing it and trying again.22:07
woodster_zigo:  please let us know if there are things we should consider changing to make packaging easier22:09
zigoI still get the same trace dump ...22:09
woodster_zigo:  fyi, one thing alee mentioned was that the keystone + audit path doesn't utilize cors22:09
woodster_zigo: complaining about alembic?22:10
woodster_zigo: ...and that missing table?22:10
zigoNop, this one:
zigoFailing to do "barbican --debug secret container list"22:10
woodster_zigo: can you do this just to test barbican svc directly?: curl -v localhost:9311/v1/containers22:11
woodster_zigo: ...well sub in the IP addrss for localhost22:11
*** fawadkhaliq has quit IRC22:11
*** fawadkhaliq has joined #openstack-barbican22:12
woodster_zigo: it seems it is trying to use the barbican URL as the auth one22:12
zigoWell, the filter:keystone_authtoken are correct, normally.22:13
openstackgerritMerged openstack/barbican: Fix correct foreign key constraints
*** dave-mccowan has joined #openstack-barbican22:14
woodster_zigo: that looks better...probably just need an X-Auth-Token22:14
zigoAh, good that one's merged ! :)22:14
woodster_zigo: yeah, but have a missing table to add still :\22:15
woodster_zigo: so I'll confess being out of the loop on the barbican client side of things...I think the plan is to move to an openstack unified CLI but not sure how underway that is. My guess though is that you are missing an auth arg to pass in the auth credentials to the CLI22:17
zigoWhen I add an X-Auth-Token to that curl command, it doesn't work also. :(22:18
woodster_zigo: my go to smoke test for secrets: curl -v -k -X POST -H "X-Auth-Token:$TOKEN" -H 'content-type:application/json' -d '{"payload": "my-secret-here", "payload_content_type": "text/plain"}' $KEEP_ENDPOINT/v1/secrets22:20
woodster_zigo: also note that you need to assign roles to your project/tenant's users22:23
woodster_zigo: see
zigocurl: (7) Failed to connect to port 9311: Connection refused22:23
zigoI don't get why, because the server reaally IS there.22:24
zigoAh no, not this time, it isn't.22:24
zigohttpserver.serve(application, host='', port='9311') <--- In bin/barbican-api22:25
zigoProbably would be better ! :)22:25
zigoWorking now it seems ! :)22:27
zigowoodster_: Ok, how do I get this to log to /var/log/barbican/barbican-api.log ?22:28
woodster_zigo: yeah it is intended to get you running locally quickly, but tweaks like that would be good to add to support more options out of the box22:28
*** sigmavirus24 is now known as sigmavirus24_awa22:31
woodster_zigo: hmmm...I think only stdout by default22:31
*** dimtruck is now known as zz_dimtruck22:31
zigowoodster_: To make my life easier as a package maintaier, I'd suggest: 1/ get barbican-api installed by default in /usr/bin with everything else, using a standard PBR shell-script endpoint.22:31
zigowoodster_: 2/ use oslo-config-generator like everyone else, and get everything in one file, rather than a barbican-api-paste.ini which is very annoying.22:32
zigowoodster_: 3/ Get it to understand standard stuff like --config-file= and such.22:32
zigoSo, in short: please implement oslo.config and oslo.log ! :)22:32
woodster_zigo: is there an example project that you'd recommend emulating? Or maybe all of them? :)22:32
zigoYeah, mostly all of them are doing that.22:33
zigoNote that I'm far from a python upstream expert...22:33
woodster_zigo: well, we use both oslo libs by default, but they are probably not connected up propertly at boot time22:33
zigoI can package stuff which I don't even know ! :)22:33
zigoIf I need to know, I can dig-up.22:33
zigoBut I have no time to do so.22:33
zigo(and no need to either)22:34
woodster_zigo: are you heading to Austin for the summit by chance?22:34
zigoYup, I am.22:34
zigoI've been to all summit since Grizzly.22:34
zigo(ie: portland)22:34
woodster_zigo: ha! Yeah I've been going since Atlanta. It would be good to meet up with you next month. Our project has had more crypto experts on it than packaging experts22:36
woodster_zigo:  for deployments we just let CM handling things, but if libs can make that slicker/cleaner, that good info to know!22:37
zigowoodster_: CM ?22:37
*** alee has quit IRC22:37
woodster_zigo: btw, I'm adding your suggested steps to our design summit etherpad22:37
woodster_zigo: config management ala Chef or Ansible22:38
zigoWell, CM are mostly using packages.22:38
zigoI deploy everything using packages only and some debconf magic ! :)22:38
zigoIn other words, everything can be preseeded, and should work by default just by doing apt-get install22:39
zigoIt's all optional though...22:39
woodster_zigo: sounds slick for sure22:39
zigoThe reason is, I can't rely on CM to do the work so I can test my packages.22:40
zigoI have to find ways to test by myself...22:40
zigoCM should be 2nd stage.22:40
woodster_zigo: make sense22:41
*** nkinder has quit IRC22:42
woodster_zigo: are you at least unstuck for the moment?22:46
zigowoodster_: I hope so.22:46
zigowoodster_: I'm trying to hard-wire all of this in the package now.22:46
zigowoodster_: The only thing is logging to /var/log/barbican/barbican-api.log22:47
zigowoodster_: Also, barbican-worker doesn't log in /var/log/barbican/barbican-worker.log, and I'd like to fix that.22:47
zigoBut at least now, I should get a working package ! :)22:48
zigowoodster_: If I'm correct, this package may end-up in Ubuntu btw.22:48
* zigo checks22:49
zigoAh no, they seem to produce their own package these days.22:49
woodster_zigo: hmmm, so did someone over there go thru your pain to get a package up? Or maybe it doesnt' work so bueno?22:50
woodster_zigo: fwiw, there is this config option:
zigoAh, so it *does* understand stuff from oslo.config?22:51
zigoIn this case, I have nothing to do, and it will automatically log at the correct place: my openstack-pkg-tools scripts will generate a --log-file=/var/log/${PROJECT_NAME}/${NAME}.log22:52
zigoBut to what I could tell, it didn't work.22:52
zigoAnyway, let's finish what I'm doing first.22:52
zigowoodster_: BTW, are you based in USA?22:54
zigoYou're email is @rackspace ...22:55
woodster_zigo: well, it works if you mod the barbican.conf file.22:55
woodster_zigo: I work from the san antonio, tx offic...john.wood@rackspace.com22:55
woodster_zigo: how about you?22:55
zigowoodster_: That's a common missunderstanding: one CANNOT use log_file within the config file, because daemons are sharing that one file. This needs to be set in the command line, by the startup script.22:56
*** chlong has joined #openstack-barbican22:56
zigowoodster_: Until end of 2014, I was living in China, but since I got hired by Mirantis, I'm back to my own country, France (living in Grenoble, in the French Alpes).22:57
woodster_zigo: are you aware of docs on this sequence btw?22:57
zigoWhat do you mean?22:57
woodster_zigo: wow how wonderful. I flew my wife and two kids out to Paris after the was paradise. I'd love to live there22:57
woodster_zigo: well I guess I'm curious about the canonical/proper boot/daemon that documented someplace? Perhaps in deployer guides?22:58
zigoOn the upstream side, I'm really not sure.22:59
woodster_zigo: do you know a product person at Mirantis named Sheena by chance?22:59
zigoI do ! :)22:59
woodster_woodster_: ha! She was our product person on barbican a while ago. It was a sad day when she left us for Mirantis :(23:00
woodster_zigo: she lives in Austin now23:00
zigowoodster_: Oh, I thought she was in SF bay area...23:00
woodster_zigo: No she was living in san antonio as well.  if you get a final script up and running would you kick it back, or email it?23:06
*** fawadkhaliq has quit IRC23:06
zigowoodster_: As soon as I have something, I'll upload it to Debian Experimental ! :)23:06
*** fawadkhaliq has joined #openstack-barbican23:07
zigo(that's where Mitaka is until the final release)23:07
zigo(at which point I'll overwrite Liberty by Mitaka in Sid)23:07
zigoLOL, I've pushed barbican-api in /bin instead of /usr/bin ... :P23:08
* zigo fixes23:08
zigowoodster_: What is barbican-functional.conf for?23:09
woodster_zigo: only used for functional testing barbican23:10
zigoOk, I guessed it ... :P23:10
*** tkelsey has joined #openstack-barbican23:13
*** tkelsey has quit IRC23:17
zigowoodster_: ok, all seems to be working now, I have backports for both Jessie and Trusty, you can try them if you like.23:17
zigowoodster_: I still didn't fix the logging issue though...23:17
zigoSo it logs no-where ...23:17
woodster_zigo: my gut says it wouldn't take much to get that to work, since we do use olso-logging for all the things23:18
woodster_zigo: ...but maybe a today worry!23:18
zigowoodster_: Do you want to test out the packages?23:19
woodster_zigo: I can't do so right now...I'm a bit swamped of late, trying to spin up on things Nova in a hurry23:20
woodster_zigo: I can promote in the channel tomorrow to see if some can take a look at it23:20
zigoNo worries.23:20
zigowoodster_: Thanks a lot for all of your help.23:21
woodster_zigo: I am grateful you are looking into this though23:21
zigoI'm now uploading the result ! :)23:21
woodster_zigo: anytime, thank you!23:21
woodster_zigo: so it would be visible in the experimental packages then?23:21
zigowoodster_: In a few hours, yes.23:21
woodster_zigo: nice!23:22
zigowoodster_: The next dinstall run is in 2 hours 29 minutes (I just checked).23:22
zigowoodster_: So, there's that, then the time for your local mirror to pickup the new stuff.23:22
*** alee has joined #openstack-barbican23:26
zigobarbican_2.0.0~rc1-2_amd64.changes uploaded23:30
*** alee has quit IRC23:33
woodster_zigo: awesome!23:33

Generated by 2.14.0 by Marius Gedminas - find it at!