Thursday, 2016-06-23

*** nkinder has quit IRC00:03
*** stevemar has quit IRC00:13
*** stevemar has joined #openstack-barbican00:14
*** stevemar has quit IRC00:18
*** stevemar has joined #openstack-barbican00:29
*** alee has quit IRC00:39
*** stevemar has quit IRC00:49
*** stevemar has joined #openstack-barbican00:50
*** stevemar has quit IRC01:00
*** alee has joined #openstack-barbican01:00
*** stevemar has joined #openstack-barbican01:00
*** stevemar has quit IRC01:05
*** stevemar has joined #openstack-barbican01:13
*** silos has joined #openstack-barbican01:33
*** silos has quit IRC01:38
*** stevemar has quit IRC01:40
*** stevemar has joined #openstack-barbican01:40
*** nkinder has joined #openstack-barbican02:09
*** stevemar has quit IRC02:14
*** diazjf has joined #openstack-barbican02:24
*** stevemar has joined #openstack-barbican02:34
*** zz_dimtruck is now known as dimtruck02:37
*** stevemar has quit IRC02:39
*** diazjf has quit IRC02:54
*** stevemar has joined #openstack-barbican02:57
*** stevemar has quit IRC03:20
*** stevemar has joined #openstack-barbican03:28
*** stevemar has quit IRC03:32
*** stevemar has joined #openstack-barbican03:35
*** stevemar has quit IRC03:35
*** stevemar has joined #openstack-barbican03:36
*** silos has joined #openstack-barbican03:45
*** silos has quit IRC03:50
*** dimtruck is now known as zz_dimtruck04:21
*** dave-mccowan has quit IRC04:41
*** jaosorior has joined #openstack-barbican04:55
*** Kevin_Zheng has joined #openstack-barbican06:08
*** alee has quit IRC06:16
*** andreas_s has joined #openstack-barbican06:28
*** jamielennox is now known as jamielennox|away06:48
*** woodster_ has quit IRC07:18
*** alee has joined #openstack-barbican07:48
*** jsheeren has joined #openstack-barbican08:09
*** silos has joined #openstack-barbican08:09
jsheerenhi all, i'm getting following error in my log when listing secret containers:"extern "Python": function Cryptography_rand_bytes() called, but @ffi.def_extern() was not called in the current subinterpreter.  Returning 0."08:09
jsheerenanyone sen this before?08:09
jsheerenam i using a wrong python library somewhere?08:10
jsheerenusing following crypto libs:08:13
jsheerenpip list | grep crypto08:13
jsheerencryptography (1.2.3)08:13
jsheerenpycrypto (2.6.1)08:13
jsheerenrequirements state: cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0   and  pycrypto>=2.6 # Public Domain08:14
*** silos has quit IRC08:14
jsheerenfunny thing is, i only get the message once and a while08:14
jsheerencffi version is: cffi (1.5.2)08:15
jaosoriorthat's weird08:17
jaosoriorjsheeren: most of the people are sleeping at the moment :/08:17
jaosoriorI recommend you submit a bug in launchpad08:17
jsheerenjaosorior: yeah was afraid of that08:18
jaosoriorwith details on how to reproduce it, and mention it's intermitent08:18
jsheerenlooks related to https://github.com/pyca/cryptography/issues/229908:23
jaosoriorwhat the hell08:25
jaosoriornow that's a funky bug08:25
jsheerenyeah, the 'fix' https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine08:28
jsheeren"To resolve this set the WSGIApplicationGroup to %{GLOBAL} in the mod_wsgi configuration."08:29
openstackgerritJohannes Grassler proposed openstack/barbican: Default to Keystone authentication  https://review.openstack.org/33317308:35
jsheerenhmmz https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html08:36
jsheerenweird, but that fixes it .. i'm not seeing the error anymore08:40
jsheereneven more, it's more stable now. before i got intermittend messages that the keystone service was unavailble. yet i could curl without issues..08:41
jaosoriorwaht O_O08:45
jsheerendoes setting the wsgiapplicationgroup to %{global} present a security issue?08:45
jaosoriorI honestly have no clue08:45
jaosorioralee ^^08:45
aleejaosorior, jsheeren - sorry no clue either08:52
jsheerenno prob08:54
jaosorioralee, certmonger question08:57
jaosorioralee, under what user permissions does certmonger run pre/post save commands?08:57
jaosoriorI need certmonger to restart a service on a post-save command08:57
jaosoriorand need to know if I need to consider some permissions there08:57
aleejaosorior, I think certmonger runs using root permissions09:01
aleejaosorior, so you should be able to restart the service09:01
aleejaosorior, I know ipa for instance will restart itself when its system certs are renewed09:03
jaosorioralee, do you have a reference to the pre/post save commands that it uses?09:04
aleejaosorior, ipa ? let me see ..09:04
aleejaosorior, looking - all the certmonger stuff in ipa appears to be in certmonger.py09:08
*** jaosorior has quit IRC09:11
*** jaosorior has joined #openstack-barbican09:11
jaosorioralee: uhm09:12
jaosoriorI remember there was an explicit script that certmonger was calling09:12
aleejaosorior, https://git.fedorahosted.org/cgit/freeipa.git/tree/ipapython/certmonger.py09:12
jaosoriorI just don't remember which09:12
aleejaosorior, yeah looking09:12
aleejaosorior,  one of them .. renew_ra_cert09:14
aleejaosorior, renew_ca_cert09:15
aleejaosorior, also stop_pkicad09:15
aleejaosorior, https://git.fedorahosted.org/cgit/freeipa.git/tree/install/restart_scripts09:17
aleejaosorior, https://git.fedorahosted.org/cgit/freeipa.git/tree/install/certmonger09:17
jaosoriorwell09:20
jaosoriorseems to be nothing special09:20
jaosoriorjust restarting the services taking into account the cred lock09:20
aleejaosorior, yup09:20
*** jamielennox|away is now known as jamielennox09:43
*** pcaruana has joined #openstack-barbican09:51
*** silos has joined #openstack-barbican10:21
*** silos has quit IRC10:25
*** alee_ has joined #openstack-barbican11:11
*** jsheeren has quit IRC11:29
*** sigmavirus24_awa is now known as sigmavirus2413:09
*** kfarr has joined #openstack-barbican13:14
*** zz_dimtruck is now known as dimtruck13:15
*** catintheroof has joined #openstack-barbican13:32
*** dimtruck is now known as zz_dimtruck13:44
*** dave-mccowan has joined #openstack-barbican13:55
*** jmckind has joined #openstack-barbican14:00
*** rbradfor has joined #openstack-barbican14:00
*** rbradfor has quit IRC14:02
*** rbradfor has joined #openstack-barbican14:05
*** spotz_zzz is now known as spotz14:09
*** woodster_ has joined #openstack-barbican14:12
*** jmckind_ has joined #openstack-barbican14:20
*** zz_dimtruck is now known as dimtruck14:23
*** jmckind has quit IRC14:23
*** ayoung has quit IRC14:37
*** asingh has joined #openstack-barbican14:39
*** pcaruana has quit IRC14:41
*** silos has joined #openstack-barbican14:43
*** edtubill has joined #openstack-barbican14:47
*** jaosorior has quit IRC14:53
*** randallburt has joined #openstack-barbican14:57
*** randallburt1 has joined #openstack-barbican14:59
*** jmckind has joined #openstack-barbican15:01
*** randallburt has quit IRC15:02
*** dave-mccowan has quit IRC15:02
*** jmckind_ has quit IRC15:04
*** silos has quit IRC15:05
*** kfarr has quit IRC15:09
*** silos has joined #openstack-barbican15:13
*** alee_ is now known as alee_dinner15:16
*** dave-mccowan has joined #openstack-barbican15:19
*** ayoung has joined #openstack-barbican15:37
*** andreas_s has quit IRC15:56
*** silos has quit IRC16:09
*** jmckind_ has joined #openstack-barbican16:18
*** jmckind has quit IRC16:21
*** jmckind has joined #openstack-barbican16:38
*** jmckind_ has quit IRC16:39
*** jmckind_ has joined #openstack-barbican17:00
*** jmckind has quit IRC17:02
*** spotz is now known as spotz_zzz17:08
*** ayoung has quit IRC17:28
*** kfarr has joined #openstack-barbican17:32
*** dave-mccowan has quit IRC17:58
*** dave-mccowan has joined #openstack-barbican18:19
*** asingh has quit IRC18:32
*** asingh has joined #openstack-barbican18:33
*** asingh has quit IRC19:03
*** asingh has joined #openstack-barbican19:03
*** alee_dinner is now known as alee_19:03
*** spotz_zzz is now known as spotz19:11
*** jmckind has joined #openstack-barbican19:33
*** jmckind_ has quit IRC19:36
*** gyee has joined #openstack-barbican20:16
*** rbradfor has quit IRC20:27
*** Daviey has quit IRC20:27
*** crc32_znc has quit IRC20:27
*** stupidnic has quit IRC20:27
*** dimtruck has quit IRC20:27
*** Kiall has quit IRC20:27
*** zigo has quit IRC20:27
*** DuncanT has quit IRC20:27
*** phschwartz has quit IRC20:27
*** jillysciarilly has quit IRC20:27
*** jvrbanac has quit IRC20:27
*** spotz has quit IRC20:27
*** jamielennox has quit IRC20:27
*** mmotiani_ is now known as mmotiani20:27
*** Kiall has joined #openstack-barbican20:27
*** stupidnic has joined #openstack-barbican20:27
*** jvrbanac has joined #openstack-barbican20:27
*** phschwartz has joined #openstack-barbican20:27
*** spotz_ has joined #openstack-barbican20:28
*** rbradfor has joined #openstack-barbican20:28
*** crc32|znc has joined #openstack-barbican20:28
*** zigo has joined #openstack-barbican20:29
*** jillysciarilly has joined #openstack-barbican20:29
*** woodster_ has quit IRC20:29
*** dimtruck has joined #openstack-barbican20:30
*** DuncanT has joined #openstack-barbican20:31
*** Daviey has joined #openstack-barbican20:34
*** jamielennox has joined #openstack-barbican20:38
*** _jungh4ns has quit IRC20:39
*** woodster_ has joined #openstack-barbican21:01
*** kfarr has quit IRC21:03
*** ozialien10 has quit IRC21:08
*** catintheroof has quit IRC21:21
*** jmckind has quit IRC21:43
*** edtubill has quit IRC22:00
*** dimtruck is now known as zz_dimtruck22:04
*** randallburt1 has quit IRC22:11
*** edtubill has joined #openstack-barbican22:14
openstackgerritArun Kant proposed openstack/barbican-specs: Adding spec for supporting multiple secret store backends  https://review.openstack.org/26397222:55
*** zz_dimtruck is now known as dimtruck23:33
*** agrebennikov has joined #openstack-barbican23:52
*** edtubill has quit IRC23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!