Wednesday, 2016-09-14

« Tuesday, 2016-09-13 Index Thursday, 2016-09-15 »
*** dave-mccowan has joined #openstack-barbican00:43
*** gyee has quit IRC01:03
*** jamielennox is now known as jamielennox|away01:26
*** woodster_ has quit IRC02:19
*** dave-mccowan has quit IRC02:38
*** stevemar_ is now known as stevemar02:49
openstackgerritArun Kant proposed openstack/barbican: Adding functional tests for multiple backend changes (Part 5)  https://review.openstack.org/36020203:08
openstackgerritArun Kant proposed openstack/barbican: Central logic to sync secret store data with conf data (Part 3)  https://review.openstack.org/35754403:08
openstackgerritArun Kant proposed openstack/barbican: Adding rest API for secret-stores resource (Part 4)  https://review.openstack.org/35816203:08
*** jaosorior has joined #openstack-barbican04:44
*** jaosorior has quit IRC05:00
*** jaosorior has joined #openstack-barbican05:01
*** phschwartz has quit IRC05:15
*** phschwartz has joined #openstack-barbican05:18
*** jamielennox|away is now known as jamielennox05:40
*** jaosorior has quit IRC06:29
*** jaosorior has joined #openstack-barbican06:30
*** pcaruana has joined #openstack-barbican06:32
*** dimtruck is now known as zz_dimtruck06:36
*** andreas_s has joined #openstack-barbican06:42
*** zz_dimtruck is now known as dimtruck06:57
*** shohel has joined #openstack-barbican07:02
*** jsheeren has joined #openstack-barbican07:05
*** dimtruck is now known as zz_dimtruck07:10
*** jaosorior has quit IRC07:27
*** jaosorior has joined #openstack-barbican07:27
*** jaosorior has quit IRC07:29
*** jaosorior has joined #openstack-barbican07:30
*** zz_dimtruck has quit IRC07:40
*** zz_dimtruck has joined #openstack-barbican07:42
*** zz_dimtruck is now known as dimtruck07:43
*** tkelsey has joined #openstack-barbican07:50
*** permalac has joined #openstack-barbican08:03
*** dimtruck is now known as zz_dimtruck09:11
*** jsheeren has quit IRC09:24
*** jsheeren has joined #openstack-barbican09:25
*** permalac has quit IRC09:38
jsheerenhi, latest git pull gives me following error: [wsgi:error] Exception: Versioning for this project requires either an sdist tarball, or access to an upstream git repository. Are you sure that git is installed?09:52
jsheerenhow can i fix this?09:52
*** jaosorior is now known as jaosorior_lunch09:54
*** shohel1 has joined #openstack-barbican10:10
*** shohel has quit IRC10:11
*** jaosorior_lunch is now known as jaosorior10:27
*** zz_dimtruck is now known as dimtruck11:01
*** dimtruck is now known as zz_dimtruck11:11
*** shohel1 has quit IRC11:12
*** shohel has joined #openstack-barbican11:25
*** openstackgerrit has quit IRC11:34
*** openstackgerrit has joined #openstack-barbican11:34
*** dave-mccowan has joined #openstack-barbican11:47
*** woodster_ has joined #openstack-barbican11:49
*** Kevin_Zheng has quit IRC12:06
*** jsheeren has quit IRC12:22
*** spotz_zzz is now known as spotz12:42
*** zz_dimtruck is now known as dimtruck12:50
*** Kevin_Zheng has joined #openstack-barbican13:00
*** jaosorior has quit IRC13:01
*** jaosorior has joined #openstack-barbican13:01
openstackgerritArun Kant proposed openstack/barbican: Checking barbican resource id in URI is a valid uuid  https://review.openstack.org/35374413:47
openstackgerritArun Kant proposed openstack/barbican: Adding functional tests for multiple backend changes (Part 5)  https://review.openstack.org/36020213:50
openstackgerritArun Kant proposed openstack/barbican: Central logic to sync secret store data with conf data (Part 3)  https://review.openstack.org/35754413:50
openstackgerritArun Kant proposed openstack/barbican: Adding rest API for secret-stores resource (Part 4)  https://review.openstack.org/35816213:50
openstackgerritArun Kant proposed openstack/barbican: Changes for multiple backend conf and friendly plugin names (Part 2)  https://review.openstack.org/35428513:50
arunkantalee_run, alee, _wooster: any more comments on multiple backends review .  I have addressed comments yesterday. Just now did a rebase with latest master.13:52
*** alee_run is now known as alee13:53
arunkantwoodster_ : ^^13:53
arunkantalee: ping13:53
aleearunkant, I thought we were going to add a check for any secrets using a secret store in the sync code?13:54
aleearunkant, thats not in part 3 as far as I can tell13:54
arunkantalee: yes, pinged you about that.13:54
aleearunkant, is that in a later part?13:54
arunkantalee: I looked into code and there is no easy way to implement that logic13:54
aleearunkant, is the secret store stored in secret metadata?13:56
arunkantalee: its a long reason..bear with me. The plugin names are stored in secret_store_metadata table as key-value pair13:56
arunkantSo e.g.  key: plugin_name , value: 'barbican.plugin.store_crypto.StoreCryptoAdapterPlugin'13:56
*** tdink has joined #openstack-barbican13:57
arunkantalee: So plugin name is actually python class name with its module path ..13:58
arunkantalee: Now when plugin is removed from configuration, then we no longer have capability to create plugin instance and derive the plugin name which is used in secret_store_metadata table13:59
arunkantalee: this is the mechanism used to derive actual class name . https://github.com/openstack/barbican/blob/master/barbican/common/utils.py#L14714:00
arunkantalee: as we no longer have plugin instance instantiated, there is no easy way to derive that plugin class name and then run query for doing lookup against *all* secrets stored in DB14:01
arunkantalee: is problem clear ?14:02
aleearunkant, yeah14:03
*** shohel has quit IRC14:03
aleearunkant, sorry - in a meeting - I'll get back to you.  It seems though that this is not easily solved14:03
aleearunkant, and we do not need to include it in this set of patches14:04
arunkantalee: okay. yes..this is also something which can be addressed later once we have a solution identified14:04
*** tdink has quit IRC14:04
aleearunkant, I'll open a bug for us to try and address this somehow later - but I would like to make sure that docs are updated appropriately to warn about this.14:05
arunkantalee: Yes, this is something which is current behavior so we should have some documentation around it.14:06
*** Daviey_ is now known as Daviey14:12
*** jaosorior has quit IRC14:31
*** spotz is now known as spotz_zzz14:34
*** randallburt has joined #openstack-barbican14:36
*** diazjf has joined #openstack-barbican14:36
*** randallburt1 has joined #openstack-barbican14:38
*** tdink has joined #openstack-barbican14:38
*** randallburt has quit IRC14:41
*** diazjf has quit IRC15:01
*** tdink has quit IRC15:03
*** diazjf has joined #openstack-barbican15:24
*** Kevin_Zheng has quit IRC15:26
aleewoodster_, redrobot -- lets start moving these multiple db backend patches through15:33
redrobotalee ack15:39
*** pcaruana has quit IRC15:40
*** andreas_s has quit IRC15:58
*** diazjf has quit IRC15:59
*** kfarr has joined #openstack-barbican16:00
*** diazjf has joined #openstack-barbican16:23
openstackgerritMerged openstack/barbican: Changes for multiple backend conf and friendly plugin names (Part 2)  https://review.openstack.org/35428516:56
*** kfarr has quit IRC16:56
*** kfarr has joined #openstack-barbican16:57
*** jarvis has joined #openstack-barbican17:00
jarvishello17:00
jarvisi am configuring openstack17:01
redrobothello jarvis17:01
jarvisvolume encryption with key manager17:01
jarvishey redboot17:01
jarvissry redrobot17:02
jarvisi have some errors17:02
jarvisand doubt in the same17:02
jarvisredrobot r u der17:03
redrobotjarvis I'm not sure how much help I would be... kfarr and alee are more familiar with that feature17:03
*** Kiall_ is now known as Kiall17:03
jarviswhen will they be online17:04
*** tdink has joined #openstack-barbican17:04
jarviscan some help me with volume encryption with key manager interface17:04
kfarrhey jarvis17:04
jarvishey kfarr17:04
kfarrjarvis, what are you errors?17:05
kfarrjarvis also fyi there is a bug that I am fixing: https://review.openstack.org/#/c/366750/217:05
arunkantredrobot: About your comment on field name..you want to change it to 'secret_stores'  as I was not clear from 'https://github.com/openstack/api-wg/blob/master/guidelines/naming.rst'17:05
arunkantredrobot: It says should use hypen in resource name and not underscore ..did not see same for field name17:05
jarvisin openstack liberity17:06
jarvisi hae configured the barbican key manager interface17:06
redrobotarunkant from that rst: "Field names should use snake_case style"17:06
jarvisand the key for the volume encryption is also generated17:06
jarvisand the encrypted volume is created17:07
jarvisbut the error comes while attaching the volume to the instance17:07
arunkantredrobot: oh ..it means that. okay..will change it soon.17:07
jarvisthe barbican logs shows 404 error17:07
redrobotarunkant thanks!17:07
jarviskfarr any thoughts17:08
kfarrjarvis did you edit both nova.conf and cinder.conf to use barbican?17:08
jarvisyes17:08
kfarrjarvis, what is the uuid it is trying to use?17:08
jarvisthe uuid created by the volume17:09
jarvisit takes it from the barbican17:09
kfarrok, just making sure it's not trying to use all zeros17:09
jarvisnope no zero17:09
jarvisbut i configured the volume encryption with key interface in openstack master17:11
*** tdink has quit IRC17:11
jarvisbut i had to made changes 2-3 changes17:11
jarviskfarr???17:11
kfarrjarvis, are you saying that it worked using openstack master, not openstack liberty17:11
jarvisyes but had to make changes17:12
kfarrjarvis, and your goal is use liberty, right?17:12
jarvisyes it must work in any of the openstack i guess17:12
jarvisthe main goal is to create bootable encrypted volume17:13
kfarrjarvis, well, yes17:13
jarviscan you help me with it17:14
jarvisder17:14
kfarrjarvis trying... but it would be helpful to have a little bit more information17:15
jarviswhen i create select a image=cirros  and volume type =LUKS17:16
*** tdink has joined #openstack-barbican17:16
jarvisthrough horizon17:16
jarvisit gives error unable to create volume17:16
kfarrusing liberty --17:16
kfarris it devstack or a deployment?17:16
kfarror something else?17:16
jarvisdevstack17:16
jarvisin openstack master17:17
jarvisbecause the liberty was not able to attach the volume17:17
jarvisto instance17:17
kfarrOk, so you are using openstack master now17:17
kfarrrunning devstack17:17
jarvisyes17:17
kfarrwhat does your local.conf look like17:17
kfarrand then after that, what does your cinder.conf and nova.conf look like17:18
kfarrand what specifically does the error message look like17:19
jarviswait i will paste them17:21
jarvislocal.conf17:23
jarvis[[local|localrc]]  enable_plugin barbican https://git.openstack.org/openstack/barbican stable/liberty enable_service rabbit mysql key  # This is to keep the token small for testing KEYSTONE_TOKEN_FORMAT=UUID  # Modify passwords as needed DATABASE_PASSWORD=secret RABBIT_PASSWORD=secret ADMIN_PASSWORD=secret SERVICE_PASSWORD=secret SERVICE_TOKEN=11122233344417:23
jarvisis it ok to paste them17:24
kfarrif you are using master, it needs to be17:24
kfarrenable_plugin barbican https://git.openstack.org/openstack/barbican17:24
openstackgerritArun Kant proposed openstack/barbican: Adding functional tests for multiple backend changes (Part 5)  https://review.openstack.org/36020217:24
openstackgerritArun Kant proposed openstack/barbican: Adding rest API for secret-stores resource (Part 4)  https://review.openstack.org/35816217:24
kfarrwith no stable/liberty17:24
kfarrafter17:24
jarvisbut its working17:24
jarvisonly the encypted bootable volume are not creating17:25
arunkantredrobot: ^^^ updated multiple backend review as per your comment..also updated api doc for change.17:25
kfarrjarvis what changes did you make17:25
kfarrand are you using the absolute latest master17:25
jarvispolicy.json17:25
jarvisand copied the cinder.conf of earlier version to master17:26
jarvisyes17:26
kfarrjarvis brb17:26
jarvisok17:27
*** diazjf has quit IRC17:30
*** kfarr has quit IRC17:31
jarviskfarr17:34
jarvishey guys17:37
*** kfarr has joined #openstack-barbican17:38
jarvisare you able to create bootable encrypted volume17:39
*** rhagarty has joined #openstack-barbican17:39
jarviskfarr??17:40
kfarrjarvis, please wait one minute17:41
jarvisok17:42
openstackgerritMerged openstack/barbican: Central logic to sync secret store data with conf data (Part 3)  https://review.openstack.org/35754417:44
jarviscinder.conf17:44
jarvis [keymgr] api_class=cinder.keymgr.barbican.BarbicanKeyManager  [keystone_authtoken] memcached_servers = 10.0.2.15:11211 signing_dir = /var/cache/cinder cafile = /opt/stack/data/ca-bundle.pem auth_uri = http://10.0.2.15:5000 project_domain_id = default project_name = service user_domain_id = default password = secret username = cinder auth_url = http://10.0.2.15:35357 auth_type = password  [DEFAULT] graceful_shutdown_timeou17:45
jarvissorry to interrupt kfarr17:48
jarviscan u tell me what the issue is17:48
kfarrok jarvis, catching up on your messages17:53
jarvisyes thanks for the attention17:53
kfarrjarvis can you tell me the git hash of the version of cinder you are using?17:57
arunkantalee, woodster_ , redrobot: 2 more multiple backend reviews remaining (part 4 and part 5) ..can those be reviewed today.17:57
jarvisdont know to check it??17:58
woodster_arunkant: did part 5 just now17:58
kfarrcd /opt/stack/cinder17:58
woodster_arunkant: I'll pick away at #4 today17:59
kfarrjarvis git rev-parse HEAD17:59
jarvis0ea086e1131fa3da284e348ee962d61470a9903518:01
jarvisgot this18:01
*** tdink has quit IRC18:01
jarviskfarr18:04
jarvisare u der18:04
kfarrjarvis, you told me you were using openstack master18:04
kfarrjarvis you are not using openstack master18:04
kfarryou are using stable/mitaka18:05
kfarrstable/mitaka does not support booting from encrypted volumes18:05
jarvisok then18:05
jarviscan u tell me the steps for creating the same18:06
kfarrjarvis, "the same" what18:06
jarvislike the local.conf for creating bootable and unbootable encrypted volumes using barbican18:07
jarvisand i told u earlier that made changes by coping the cinder.conf for pervious version18:08
kfarrjarvis, if I were you I would delete everything: /opt/stack/*18:10
kfarrand make sure you have the latest devstack18:10
kfarrcd devstack; git pull origin master18:10
woodster_arunkant: one small question on https://review.openstack.org/#/c/35816218:10
jarvisok will it help to create encypted bootable volumes18:11
arunkantwoodster_ : let me check18:11
kfarrjarvis use this as your local.conf18:12
kfarrhttp://pastebin.com/xqjzcTya18:12
kfarr./stack.sh18:12
kfarrapply this patch to cinder https://review.openstack.org/#/c/366750/18:13
kfarrset key_manager api_class in cinder.conf and nova.conf18:13
kfarrrestart cinder and nova services18:13
kfarrthen it should work18:13
jarvisok thank you18:13
jarviskfarr i will try it out and let u know if error occurs18:14
arunkantwoodster_ : just now replied to https://review.openstack.org/#/c/358162 comment18:14
jarvisand last question18:14
jarvisin master version the do have add pipeline for keystone in barbican.paste.ini18:15
woodster_arunkant: so the global default is set via conf file correct?18:15
* woodster_ and not via API call18:15
arunkantwoodster_ : yes, its only configurable via conf file18:15
woodster_arunkant: nice, ok thanks!18:15
kfarrjarvis, can you say that again?18:16
kfarrI don't follow18:16
jarvishttp://docs.openstack.org/developer/barbican/setup/keystone.html18:17
jarvisthis steps18:17
jarvismust be followed18:17
jarvisor not18:17
woodster_alee: You can review/merge https://review.openstack.org/#/c/358162 if you'd like18:18
kfarrjarvis, no, all you need is the line in local.conf to enable barbican18:19
jarvisok fine18:19
jarvisthank you18:19
aleewoodster_, arunkant looking at https://review.openstack.org/#/c/358162 now ..18:24
*** jarvis has quit IRC18:36
aleearunkant, booyah!18:39
*** tkelsey has quit IRC18:39
arunkantalee: thanks .18:39
arunkantwoodster_, alee, redrobot: thanks all for your review and help on adding this feature.18:40
woodster_arunkant: thanks for your patience and perseverance!18:42
*** diazjf has joined #openstack-barbican18:47
arunkantredrobot: Quick question, do I need to add release notes for multiple backend feature. I can add that as a separate review if its okay.19:06
redrobotarunkant yes, that would be helpful19:06
arunkantredrobot: okay..let me add that as a separate review.19:07
*** pcaruana has joined #openstack-barbican19:07
openstackgerritMerged openstack/barbican: Adding rest API for secret-stores resource (Part 4)  https://review.openstack.org/35816219:09
*** jsheeren has joined #openstack-barbican19:12
openstackgerritArun Kant proposed openstack/barbican: Adding reno release notes for multiple backend feature  https://review.openstack.org/37039019:12
arunkantredrobot, woodster_, alee  : ^^ release notes for multiple backends19:14
*** kfarr has quit IRC19:17
openstackgerritMerged openstack/barbican: Adding functional tests for multiple backend changes (Part 5)  https://review.openstack.org/36020219:18
openstackgerritMerged openstack/barbican: typo fix  https://review.openstack.org/36192919:25
arunkantalee, woodster_ :  can you review release notes for multiple backend and possibly merge it.19:38
arunkantreview: https://review.openstack.org/#/c/37039019:38
*** tdink has joined #openstack-barbican19:38
*** jsheeren has quit IRC19:40
*** diazjf has quit IRC19:47
*** diazjf has joined #openstack-barbican19:55
*** pcaruana has quit IRC20:00
*** rhagarty has quit IRC20:02
*** tkelsey has joined #openstack-barbican20:04
*** rhagarty has joined #openstack-barbican20:04
*** rm_mobile has joined #openstack-barbican20:06
*** rm_mobile has joined #openstack-barbican20:06
*** tkelsey has quit IRC20:08
*** rm_mobile has quit IRC20:22
woodster_arunkant: Added a question to CR please20:41
arunkantwoodster_ : let me check20:41
arunkantwoodster_ : I am not sure how to enter docs link in notes. let me see if i can find some reference for retext20:43
woodster_arunkant: well, perhaps that isn't relevant for release notes...redrobot, are links typically left out of release notes (i.e. are they just text only usually)?20:44
*** kfarr has joined #openstack-barbican20:48
arunkantwoodster_ : I can add the link ..so far what I have seen in release notes, its primarily text..very few places have docs link e.g. http://docs.openstack.org/releasenotes/nova/mitaka.html20:49
woodster_arunkant: I think it would be helpful to have the link in there20:50
arunkantwoodster_ : let me add that quickly.20:50
openstackgerritArun Kant proposed openstack/barbican: Adding reno release notes for multiple backend feature  https://review.openstack.org/37039020:55
woodster_arunkant: cool thanks, +220:56
arunkantwoodster_ : thanks..can this be merged as redrobot already gave +2 on earlier patch.20:57
woodster_arunkant: the updated patch removed his +2 though. alee, redrobot kfarr diazjf can one of you merge in https://review.openstack.org/370390? Small change20:58
aleearunkant, woodster_ we seem to be missing some prepositions ..21:02
*** randallburt1 has quit IRC21:02
arunkantalee: please suggest the text change..i will update it21:02
aleearunkant, yup adding ..21:03
*** tkelsey has joined #openstack-barbican21:05
aleearunkant, done21:08
*** tkelsey has quit IRC21:09
*** kfarr has quit IRC21:14
*** diazjf has quit IRC21:15
openstackgerritArun Kant proposed openstack/barbican: Adding reno release notes for multiple backend feature  https://review.openstack.org/37039021:16
arunkantalee: thanks for text..^^^ woodster_, kfarr updated release notes21:17
woodster_arunkant: merged!21:19
arunkantwoodster_ : great21:19
aleearunkant, nice going ! that was a harder slog than I anticipated getting that feature in.21:20
woodster_That was close to 2k lines of changes right?21:21
arunkantalee: I was not quite sure if it will get merged within newton release..thanks all for getting it reviewed in time.21:23
*** diazjf has joined #openstack-barbican21:24
*** rhagarty has quit IRC21:39
*** randallburt has joined #openstack-barbican21:43
*** dave-mccowan has quit IRC21:48
*** tdink has quit IRC21:53
*** diazjf has quit IRC22:01
*** mariojv has joined #openstack-barbican22:41
*** mariojv has left #openstack-barbican22:42
openstackgerritMerged openstack/barbican: Adding reno release notes for multiple backend feature  https://review.openstack.org/37039022:51
*** randallburt has quit IRC23:08
*** jamielennox is now known as jamielennox|away23:22
« Tuesday, 2016-09-13 Index Thursday, 2016-09-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!