Wednesday, 2018-04-11

« Tuesday, 2018-04-10 Index Thursday, 2018-04-12 »
*** dave-mccowan has joined #openstack-barbican00:46
aleejmlowe_, so hows it going?02:15
aleesounds like you're making progress02:16
aleethat error sounds like a bug I fixed .. what version do you have?02:17
*** dave-mccowan has quit IRC02:56
*** openstackgerrit has joined #openstack-barbican03:01
openstackgerritJeremy Liu proposed openstack/barbican master: Add os-testr as test dependency  https://review.openstack.org/55993603:01
*** jaosorior has joined #openstack-barbican04:21
openstackgerritJackie Truong proposed openstack/barbican-tempest-plugin master: Add certificate validation scenario tests  https://review.openstack.org/51521005:10
*** test_test has joined #openstack-barbican06:52
*** XueFeng has joined #openstack-barbican06:52
XueFenghi06:52
openstackgerritAndreas Jaeger proposed openstack/castellan master: Add barbican-tempest experimental job  https://review.openstack.org/55098407:07
openstackgerritVu Cong Tuan proposed openstack/barbican master: Apply pep8 check to app.wsgi  https://review.openstack.org/52334007:37
*** livelace has joined #openstack-barbican07:40
openstackgerritJeremy Liu proposed openstack/barbican master: Add os-testr as test dependency  https://review.openstack.org/55993607:41
*** pcaruana has joined #openstack-barbican08:13
*** livelace has quit IRC08:17
*** salmankhan has joined #openstack-barbican08:19
*** annp has quit IRC08:35
*** annp has joined #openstack-barbican08:42
*** salmankhan has quit IRC08:49
*** salmankhan has joined #openstack-barbican09:19
*** salmankhan1 has joined #openstack-barbican09:37
*** salmankhan has quit IRC09:38
*** salmankhan1 is now known as salmankhan09:38
*** annp has quit IRC09:40
*** annp has joined #openstack-barbican09:40
*** salmankhan has quit IRC09:50
*** salmankhan has joined #openstack-barbican09:59
*** pbourke has joined #openstack-barbican10:14
*** annp has quit IRC10:14
*** annp has joined #openstack-barbican10:15
openstackgerritJeremy Liu proposed openstack/barbican master: Add os-testr as test dependency  https://review.openstack.org/55993610:32
*** annp has quit IRC10:36
*** serlex has joined #openstack-barbican11:01
*** abishop has joined #openstack-barbican11:18
*** vegarl has quit IRC11:55
*** vegarl has joined #openstack-barbican11:56
*** raildo has joined #openstack-barbican11:58
*** dave-mccowan has joined #openstack-barbican12:35
*** salmankhan has quit IRC12:49
*** salmankhan has joined #openstack-barbican12:50
*** salmankhan has quit IRC12:54
*** salmankhan has joined #openstack-barbican13:16
jmlowe_alee: I'm on a pike release from rdo13:50
aleejmlowe_, ok - in a meeting right no - but there is a small fix I added to master14:03
aleejmlowe_, https://github.com/openstack/barbican/commit/0861657fc1ea2d04faad2b7180fae0d0e59fb09c14:07
jaosorioralee: could be backported though14:11
jmlowe_ooh, thanks, I'll give cherry picking a try14:16
openstackgerritcaoyuan proposed openstack/barbican master: Update auth_uri option to www_authenticate_uri  https://review.openstack.org/56044614:35
*** serlex has quit IRC14:50
aleejaosorior, yes - I think so15:29
aleejaosorior, I'll open a review later today to do that15:29
*** salmankhan has quit IRC15:57
*** randomhack has joined #openstack-barbican15:58
*** salmankhan has joined #openstack-barbican15:59
openstackgerritDoug Hellmann proposed openstack/barbican master: uncap eventlet  https://review.openstack.org/56048115:59
*** alee is now known as alee_afk17:12
*** salmankhan has quit IRC17:13
jmlowe_http://paste.openstack.org/show/718970/17:32
*** XueFeng has quit IRC17:38
*** test_test has quit IRC17:39
*** pcaruana has quit IRC18:55
*** livelace has joined #openstack-barbican19:12
openstackgerritDoug Hellmann proposed openstack/barbican master: uncap eventlet  https://review.openstack.org/56048119:17
openstackgerritDoug Hellmann proposed openstack/barbican master: fix lower constraints  https://review.openstack.org/56058219:17
*** livelace has quit IRC19:45
jmlowe_alee_afk: ^^^20:05
*** v1k0d3n_ has joined #openstack-barbican20:21
*** andreaf_ has joined #openstack-barbican20:27
*** v1k0d3n has quit IRC20:28
*** andreaf has quit IRC20:28
*** johnsom has quit IRC20:28
*** v1k0d3n_ is now known as v1k0d3n20:28
*** johnsom has joined #openstack-barbican20:29
*** andreaf_ is now known as andreaf20:29
*** alee_afk is now known as alee20:30
aleejmlowe_, so that happens even with the fix I suggestd?20:30
jmlowe_correct20:30
aleejmlowe_, let me see if I missed something20:31
aleejmlowe_, are you generating a secret or storing one?20:33
jmlowe_I am trying to store one20:34
aleejmlowe_, ok - from the cli?20:34
jmlowe_first crack at this so it's entirely possible I got something wrong20:34
jmlowe_yes, copied and pasted from the install doc verify operation section20:35
aleejmlowe_, yeah - I'm wondering if the error is hapening on the dogtag side20:35
aleejmlowe_, so is tyour dogtag instance on the same machine? at pki-tomcat?20:35
jmlowe_very possible, muddled through getting dogtag running in a docker container20:35
jmlowe_different machine in a docker container based on https://vakwetu.wordpress.com/2015/11/30/barbican-and-dogtagipa/20:36
aleeok so its a docker container ..  lets confirm a few thigs20:36
aleefirst your barbican nss cert db20:36
aleewhat directory is it in?20:36
jmlowe_always possible I didn't get ports correct or I did the bootstrap wrong20:36
aleeack20:37
aleethats what I'm trying to see ..20:37
aleejmlowe_, first lets see if dogtag is up and accesible20:38
aleejmlowe_, so you should be able to do something like this -- pki -h <host> -p <port> cert-find20:38
aleeand get a list of certs20:39
jmlowe_I've always used openssl s_client, this seems much easier once I finally get it installed20:42
aleejmlowe_, yup- what I'll ask you to do next if dogtag seems to be up is to tail the dogtag kra debug log when trying to store the secret - ans see if anything is happening .20:44
aleetail -f /var/log/pki/pki-tomcat/kra/debug20:44
*** raildo has quit IRC20:47
jmlowe_huh, pki hangs but sclient doesn't20:49
alee jmlowe_ try ..20:49
aleepki -h <host> -p <port> -P https cert-find20:50
jmlowe_that's better20:50
aleeok so you got a bunch of certs?20:50
jmlowe_not exactly20:51
aleewell a bunch of cert entry lists -20:51
aleeyou can see each cert with pki cert-show <serial_number>20:51
aleewith all the -h etc ...20:51
jmlowe_http://paste.openstack.org/show/718990/20:52
aleejmlowe_, is that the correct URI?20:52
jmlowe_yeah maybe not, should it be https and 8443?20:53
aleeit shouldn't matter but you can try it20:53
jmlowe_really kind of fuzzy on all the moving pieces for dogtag20:53
aleesure - dogtag ca has secure and insecure ports20:54
aleeby default the unsecure port is 808020:54
aleeand secure is 84320:54
alee844320:54
aleeso try to secure port and https20:54
jmlowe_really wondering where I got the list of ports from (it's been a few weeks), doesn't seem to be correct20:55
aleejmlowe_, well you took a standard instal , right?20:55
aleeand did not chage any of the ports?20:56
jmlowe_I should say the list of ports to forward for the container20:56
jmlowe_hmm, still PKIException: Not Found20:57
aleeadd a -v20:57
aleethats will give verbose output20:57
aleeand see where its trying to connect20:58
alee-vvv gives more output20:58
jmlowe_really kind of looking like a broken dogtag20:59
aleejmlowe_, could be -- I'm not sure yet20:59
jmlowe_404 errors20:59
aleewhere is it trying to connect?20:59
jmlowe_http://172.16.130.50:808021:01
aleeright- what servlet?21:01
jmlowe_HTTP request: GET /pki/rest/info HTTP/1.121:03
jmlowe_is that what you mean?21:03
aleeyup21:03
aleejmlowe_, ok -- it been awhile since I pulled down and tried this container .. let me try it now21:03
jmlowe_I'll need to go in a minute or two, pick this up tomorrow?21:04
aleesure :)21:04
aleein the meantime, I'll pul down the container21:04
jmlowe_Thanks for the help so far21:04
aleejmlowe_, np - what platform are you running all this on?21:04
jmlowe_jetstream-cloud.org is my project21:05
jmlowe_centos mostly21:05
aleejmlowe_, gotcha21:05
aleenow worries - we'll get it working21:05
jmlowe_maybe some day if it all goes well I can get a real big boy HSM21:06
alee:) me too21:07
jmlowe_right now we turn away anybody with ephi, it would be really nice to be able to service those researchers especially with the new native to qemu luks stuff in queens for encrypted volumes21:09
aleeyup21:09
*** abishop has quit IRC21:17
*** alee has quit IRC21:24
*** alee has joined #openstack-barbican21:27
*** noslzzp has quit IRC22:10
-openstackstatus- NOTICE: zuul was restarted to updated to the latest code; you may need to recheck changes uploaded or approvals added between 21:30 and 21:4522:29
« Tuesday, 2018-04-10 Index Thursday, 2018-04-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!