Friday, 2017-03-10

*** ngupta has quit IRC		00:09
*** ngupta has joined #openstack-barbican		00:10
*** alee has joined #openstack-barbican		00:13
*** ngupta has quit IRC		00:14
*** hoangcx has joined #openstack-barbican		00:22
*** catintheroof has quit IRC		00:29
*** catintheroof has joined #openstack-barbican		00:30
*** catintheroof has quit IRC		00:30
*** jamielennox is now known as jamielennox\|away		00:36
*** jamielennox\|away is now known as jamielennox		00:37
*** catintheroof has joined #openstack-barbican		00:42
*** dimtruck is now known as zz_dimtruck		00:46
*** zhurong has joined #openstack-barbican		00:56
*** liujiong has joined #openstack-barbican		01:16
*** tdink has quit IRC		01:33
*** chris_hultin is now known as chris_hultin\|AWA		01:34
*** agrebennikov has quit IRC		02:21
openstackgerrit	OpenStack Proposal Bot proposed openstack/barbican master: Updated from global requirements https://review.openstack.org/444073	03:28
openstackgerrit	OpenStack Proposal Bot proposed openstack/castellan master: Updated from global requirements https://review.openstack.org/444074	03:28
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-barbicanclient master: Updated from global requirements https://review.openstack.org/439344	03:37
*** noslzzp has quit IRC		03:53
*** noslzzp has joined #openstack-barbican		03:54
*** catintheroof has quit IRC		03:57
*** catintheroof has joined #openstack-barbican		03:58
*** catintheroof has quit IRC		03:59
*** zz_dimtruck is now known as dimtruck		04:49
openstackgerrit	Merged openstack/python-barbicanclient master: Change parent class of `WhenTestingCertificateOrders` https://review.openstack.org/438149	05:45
*** jaosorior has joined #openstack-barbican		06:09
*** andreas_s has joined #openstack-barbican		07:08
*** xek has quit IRC		07:37
*** jaosorior is now known as jaosorior_breakf		08:33
*** shohel has joined #openstack-barbican		08:35
*** jaosorior_breakf is now known as jaosorior		08:48
toabctl	jaosorior, hey	09:06
toabctl	is there anything I can do to get https://review.openstack.org/#/c/437981/ merged?	09:06
jaosorior	toabctl: so, at least I would like to see the dogtag gate run	09:08
jaosorior	toabctl: that last run you pointed out didn't. for some reason	09:08
toabctl	jaosorior, but can I do anything to get it run?	09:09
jaosorior	toabctl: now, it's even passed recently https://review.openstack.org/#/c/442344/ https://review.openstack.org/#/c/444073/	09:09
jaosorior	and when it doesn't, it's usually a timeout https://review.openstack.org/#/c/434820/	09:09
toabctl	jaosorior, so should I just do a recheck?	09:09
jaosorior	toabctl: I did a recheck and lets see what happens there.	09:10
toabctl	ok	09:10
*** tinwood is now known as tinwood_swap		09:18
*** dimtruck is now known as zz_dimtruck		09:39
*** zz_dimtruck is now known as dimtruck		09:39
*** dimtruck is now known as zz_dimtruck		09:49
openstackgerrit	Nam Nguyen Hoai proposed openstack/barbican master: Update barbican-worker to devstack plugin https://review.openstack.org/444190	10:04
*** zhurong has quit IRC		10:10
jaosorior	toabctl: ok, it timed out, and it seems it was running the tests	10:12
jaosorior	wow	10:12
jaosorior	though a lot of them failed	10:12
jaosorior	toabctl: runned it again to see if it was a one-off. But if that happens again, then it seems that it breaks the dogtag config	10:13
openstackgerrit	Jeremy Liu proposed openstack/python-barbicanclient master: Refactor barbicanclient https://review.openstack.org/403604	10:20
*** liujiong has quit IRC		10:23
*** openstackgerrit has quit IRC		10:33
*** zz_dimtruck is now known as dimtruck		10:40
*** zhubingbing_ has joined #openstack-barbican		10:46
zhubingbing_	hello guys	10:46
zhubingbing_	i can't find /usr/lib/libCryptoki2_64.so	10:46
zhubingbing_	i can't find /usr/lib/libCryptoki2_64.so	10:46
zhubingbing_	who can help me ?	10:47
*** dimtruck is now known as zz_dimtruck		10:50
*** hoangcx has quit IRC		10:50
*** zz_dimtruck is now known as dimtruck		10:53
*** dimtruck is now known as zz_dimtruck		11:02
*** liujiong has joined #openstack-barbican		11:09
liujiong	Hi guys, do you know how can get this library "libCryptoki2_64.so" installed ?	11:14
liujiong	alee, jaosorior, redrobot, any idea on that ^	11:16
jaosorior	liujiong: zhubingbing_: I'm not sure to be honest, but it would seem to me that it should be part of the openssl package. I don't know what distro you're trying to deploy barbican on.	11:19
zhubingbing_	distro is centos7.2	11:20
zhubingbing_	Package 1:openssl-devel-1.0.1e-60.el7_3.1.x86_64 already installed and latest version	11:23
zhubingbing_	Nothing to do	11:23
jaosorior	let me check	11:25
jaosorior	zhubingbing_: what backend are you trying to use?	11:25
zhubingbing_	[secretstore]	11:26
zhubingbing_	namespace = barbican.secretstore.plugin	11:26
zhubingbing_	enabled_secretstore_plugins = store_crypto	11:26
zhubingbing_	[crypto]	11:26
zhubingbing_	namespace = barbican.crypto.plugin	11:26
zhubingbing_	enabled_crypto_plugins = p11_crypto	11:26
zhubingbing_	[p11_crypto_plugin]	11:26
zhubingbing_	library_path = /usr/lib/libCryptoki2_64.so	11:26
jaosorior	zhubingbing_: that's the devel pacakge, what about the openssl package or the openssl-lib ?	11:26
zhubingbing_	login = FLe7YNP34RAV51CFVZzWoGmBvU09gvPdGIW1QjTe	11:26
zhubingbing_	mkek_label = kolla_master_kek	11:26
zhubingbing_	mkek_length = 32	11:26
zhubingbing_	hmac_label = kolla_hmac	11:26
jaosorior	zhubingbing_: I'm not very acquainted with the p11 package to be honest	11:26
zhubingbing_	openssl-devel	11:27
zhubingbing_	i install this package openssl-devel	11:27
zhubingbing_	and i have install openssl -lib	11:27
jaosorior	zhubingbing_: but it might be that in centos it's another path https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/using-tokens.html and not /usr/lib	11:27
jaosorior	zhubingbing_: I guess it depends on the packages that your HSM provider has given you.	11:28
zhubingbing_	i look it	11:29
zhubingbing_	thanks	11:29
liujiong	zhubingbing_: can you check if you have "/usr/lib64/pkcs11/" on your machine	11:37
*** zz_dimtruck is now known as dimtruck		11:53
*** dimtruck is now known as zz_dimtruck		12:03
*** catintheroof has joined #openstack-barbican		12:34
*** databus23_ has joined #openstack-barbican		12:53
*** zz_dimtruck is now known as dimtruck		12:54
*** pkovar has joined #openstack-barbican		12:55
*** andreas_s has quit IRC		13:00
*** dimtruck is now known as zz_dimtruck		13:04
*** kfarr has quit IRC		13:24
*** dave-mccowan has joined #openstack-barbican		13:33
*** zz_dimtruck is now known as dimtruck		13:55
*** noslzzp has quit IRC		13:58
*** openstackgerrit has joined #openstack-barbican		13:58
openstackgerrit	Kaitlin Farr proposed openstack/python-barbicanclient master: Add client list filter functionality https://review.openstack.org/400370	13:58
*** noslzzp has joined #openstack-barbican		13:59
*** dimtruck is now known as zz_dimtruck		14:05
*** zz_dimtruck is now known as dimtruck		14:12
*** liujiong has quit IRC		14:12
openstackgerrit	Merged openstack/python-barbicanclient master: Updated from global requirements https://review.openstack.org/439344	14:13
pkovar	could a core review this rather trivial change for me? https://review.openstack.org/#/c/422165/	14:16
*** namnh has joined #openstack-barbican		14:16
dave-mccowan	pkovar done. thanks for the patch!	14:23
openstackgerrit	Merged openstack/barbican master: Correct the doc link https://review.openstack.org/432861	14:27
openstackgerrit	Merged openstack/castellan master: Updated from global requirements https://review.openstack.org/444074	14:28
openstackgerrit	Merged openstack/barbican master: Updated from global requirements https://review.openstack.org/444073	14:38
*** agrebennikov has joined #openstack-barbican		14:46
*** namnh has quit IRC		14:48
*** tdink has joined #openstack-barbican		14:54
openstackgerrit	Merged openstack/python-barbicanclient master: Fix doc referencing --payload-content-type https://review.openstack.org/422165	14:58
*** catintheroof has quit IRC		15:00
*** catintheroof has joined #openstack-barbican		15:01
*** dimtruck is now known as zz_dimtruck		15:05
*** chlong_ has joined #openstack-barbican		15:15
*** jaosorior has quit IRC		15:24
*** zz_dimtruck is now known as dimtruck		15:36
*** chris_hultin\|AWA is now known as chris_hultin		15:43
*** chris_hultin is now known as chris_hultin\|AWA		15:52
*** chris_hultin\|AWA is now known as chris_hultin		15:55
*** shohel has quit IRC		16:18
*** chlong_ has quit IRC		16:19
*** jaosorior has joined #openstack-barbican		16:34
*** jaosorior has quit IRC		16:42
*** zhubingbing_ has quit IRC		16:45
*** pkovar1 has joined #openstack-barbican		16:54
*** pkovar has quit IRC		16:56
*** catintheroof has quit IRC		17:07
*** catintheroof has joined #openstack-barbican		17:08
*** zhubingbing has joined #openstack-barbican		17:08
redrobot	zhubingbing hi!	17:31
redrobot	zhubingbing RE: libCryptoki2_64.so	17:31
zhubingbing	hi	17:31
zhubingbing	yes	17:31
zhubingbing	i don‘t find it ；）	17:32
redrobot	zhubingbing that library is provided by SafeNET as part of the service agreement when you purchase a SafeNET Luna SA HSM	17:33
redrobot	zhubingbing it's the default in our conf file because most folks using the PKCS#11 backend are usinge SafeNET Lunas	17:33
zhubingbing	SO	17:33
redrobot	zhubingbing are you using SafeNET Lunas as well?	17:33
zhubingbing	so i should support this	17:33
zhubingbing	no i don;t use safeness	17:34
redrobot	zhubingbing if you are using a different HSM, then your HSM vendor will provide a PKCS#11 library for you to use	17:34
zhubingbing	i thinks we should support safenet in kolla	17:34
zhubingbing	how to install HSM？	17:34
redrobot	zhubingbing HSM stands for Hardware Security Module	17:35
redrobot	zhubingbing this is the product page by the vendor: https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/safenet-network-hsm/	17:35
zhubingbing	thanks	17:35
redrobot	zhubingbing if I recall correctly, you need to have purchased the HSM to be able to download the SO file	17:37
zhubingbing	；）	17:37
redrobot	zhubingbing our PTL dave-mccowan is a Kolla contributor also.	17:37
redrobot	dave-mccowan what is the kolla policy for vendor solutions? Not sure if you need to have SafeNET (Gemalto) support?	17:38
zhubingbing	i think 问	17:38
zhubingbing	we should remove support SafeNET	17:39
zhubingbing	i think	17:39
zhubingbing	thanks you redrobot	17:39
zhubingbing	dave-mccowan	17:39
zhubingbing	ok thanks	17:40
zhubingbing	I'll talk to him ；）	17:40
openstackgerrit	Kaitlin Farr proposed openstack/barbican master: Fix KMIP gate https://review.openstack.org/437747	17:41
*** zhubingbing has quit IRC		17:50
*** zhubingbing has joined #openstack-barbican		17:51
dave-mccowan	hi zhubingbing	18:06
dave-mccowan	zhubingbing i think for a default configuration for barbican in Kolla, you'll need to use SimpleCrypto. You can provide documentation to users on how to change their configuration file to use an HSM if they have one.	18:07
*** sapcc-bot2 has quit IRC		18:10
*** zhubingbing has quit IRC		18:10
*** sapcc-bot has joined #openstack-barbican		18:11
*** zhubingbing_ has joined #openstack-barbican		18:22
*** zhubingbing_ has quit IRC		18:42
*** zhubingbing has joined #openstack-barbican		18:44
*** pkovar1 has quit IRC		18:46
*** zhubingbing has quit IRC		18:46
*** chlong_ has joined #openstack-barbican		19:43
*** tdink has quit IRC		19:46
*** tdink has joined #openstack-barbican		19:47
*** dave-mccowan has quit IRC		21:57
*** chlong_ has quit IRC		22:21
*** catintheroof has quit IRC		22:23
*** dimtruck is now known as zz_dimtruck		22:26
*** Guest4533 has joined #openstack-barbican		22:46
*** Guest4533 has quit IRC		22:49
*** Kevin_Zheng has quit IRC		22:53
*** tdink has quit IRC		23:05
*** zz_dimtruck is now known as dimtruck		23:20
*** dimtruck is now known as zz_dimtruck		23:46
*** chris_hultin is now known as chris_hultin\|AWA		23:49

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!