| *** rajat__ has joined #openstack-barbican | 04:25 | |
| openstackgerrit | Nam Nguyen Hoai proposed openstack/barbican master: [WIP] Replace container resource using OVO https://review.openstack.org/564672 | 04:34 |
|---|---|---|
| *** jmlowe has quit IRC | 04:34 | |
| openstackgerrit | Nam Nguyen Hoai proposed openstack/barbican master: [WIP] Implement OVO for Barbican [3] https://review.openstack.org/499419 | 04:35 |
| *** dayou has quit IRC | 04:45 | |
| *** dayou has joined #openstack-barbican | 05:06 | |
| *** jmlowe has joined #openstack-barbican | 05:33 | |
| *** pcaruana has joined #openstack-barbican | 06:33 | |
| *** pcaruana has quit IRC | 06:50 | |
| *** pcaruana has joined #openstack-barbican | 07:06 | |
| *** jaosorior has joined #openstack-barbican | 07:21 | |
| *** pcaruana has quit IRC | 08:56 | |
| *** pcaruana has joined #openstack-barbican | 09:07 | |
| *** umbSublime_ is now known as umbSublime | 09:31 | |
| *** annp has quit IRC | 09:44 | |
| *** raildo has joined #openstack-barbican | 11:07 | |
| *** abishop has joined #openstack-barbican | 11:45 | |
| jaosorior | could I get some reviews for this https://review.openstack.org/#/c/563648/ ? | 11:56 |
| *** jmlowe has quit IRC | 12:13 | |
| *** jmlowe has joined #openstack-barbican | 12:27 | |
| *** pbourke has quit IRC | 13:27 | |
| *** pbourke has joined #openstack-barbican | 13:28 | |
| *** pbourke has quit IRC | 13:29 | |
| *** dave-mccowan has joined #openstack-barbican | 13:55 | |
| *** dave-mccowan has quit IRC | 13:59 | |
| *** dave-mccowan has joined #openstack-barbican | 14:00 | |
| *** raildo has quit IRC | 14:10 | |
| *** raildo has joined #openstack-barbican | 14:16 | |
| *** alee has joined #openstack-barbican | 14:19 | |
| *** dave-mccowan has quit IRC | 14:42 | |
| *** dave-mccowan has joined #openstack-barbican | 14:43 | |
| *** dave-mcc_ has joined #openstack-barbican | 14:46 | |
| *** dave-mccowan has quit IRC | 14:48 | |
| *** pcaruana has quit IRC | 15:11 | |
| jaosorior | could I get some reviews for this https://review.openstack.org/#/c/563648/ ? | 15:16 |
| *** jaosorior has quit IRC | 15:35 | |
| *** raildo has quit IRC | 16:42 | |
| *** raildo has joined #openstack-barbican | 16:46 | |
| openstackgerrit | Ade Lee proposed openstack/barbican master: Remove pycrypto from dogtag plugin https://review.openstack.org/564839 | 16:50 |
| *** pbourke has joined #openstack-barbican | 17:07 | |
| *** pbourke has quit IRC | 17:10 | |
| *** pbourke has joined #openstack-barbican | 17:10 | |
| *** pbourke has quit IRC | 17:12 | |
| *** pbourke has joined #openstack-barbican | 17:13 | |
| *** raildo has quit IRC | 17:26 | |
| *** raildo has joined #openstack-barbican | 17:37 | |
| *** rmascena has joined #openstack-barbican | 17:46 | |
| *** raildo has quit IRC | 17:46 | |
| jmlowe | alee: Are you around? | 17:48 |
| alee | jmlowe, hey there | 17:49 |
| alee | jmlowe, I have a short meeting in about 10 minutes, but shoudl be free for awhile after that | 17:50 |
| jmlowe | ok, I think I may have finally gotten a working dogtag but now trying to store a secret "MissingArgumentError: Must supply non-None value argument for SecretStoreMetadatum entry" | 17:50 |
| jmlowe | I feel like you had a quick one line deletion for this | 17:50 |
| jmlowe | pike | 17:50 |
| alee | yup - let me find that commit | 17:50 |
| alee | jmlowe, https://github.com/openstack/barbican/commit/0861657fc1ea2d04faad2b7180fae0d0e59fb09c | 17:57 |
| jmlowe | hmm, looks like I have that | 17:58 |
| alee | jmlowe, can you paste the stacktrace? | 17:59 |
| jmlowe | http://paste.openstack.org/show/720038/ | 17:59 |
| alee | jmlowe, when you store the secret, try to tail the kra debug log to make sure the request is actuallygetting there | 17:59 |
| alee | jmlowe, tail -f /var/log/pki/pki-tomcat/kra/debug | 18:00 |
| alee | if something is happening then stuff showld scroll -- we'll know then if we're at least getting to dogtag | 18:01 |
| jmlowe | mmm all the verbose java logging I love | 18:01 |
| jmlowe | "KRAService serviceRequest EBaseException:Can't decrypt passphrase." | 18:02 |
| jmlowe | ok, so back to debugging dogtag/kra | 18:02 |
| alee | jmlowe, ok meeting over -- progress though - we know its going to dogtag | 18:11 |
| alee | jmlowe, can you try an order ? ie. try to generate a key | 18:12 |
| jmlowe | I finally gave up on trying to run dogtag in a container | 18:12 |
| alee | jmlowe, ah -so its on a different machine somewhere? | 18:12 |
| jmlowe | same node I was trying to run the container on, I'll just deal with it being messy | 18:13 |
| alee | jmlowe, I'll have to try i again soon aginst the latest ipa containers | 18:13 |
| jmlowe | different than barbican node though | 18:13 |
| alee | ok | 18:13 |
| alee | jmlowe, can you paste the dogtag stacktrace? | 18:14 |
| alee | jmlowe, I assume you're using nss db? what version of dogtag? | 18:15 |
| alee | and on what os? centos? fedra? | 18:15 |
| jmlowe | http://paste.openstack.org/show/720040/ | 18:15 |
| jmlowe | centos 7 | 18:16 |
| alee | jmlowe, which version -- rpm -q pki-ca | 18:16 |
| jmlowe | pki-ca-10.4.1-17.el7_4.noarch | 18:16 |
| alee | jmlowe, ok - on your barbican node, you have an nss db in /etc/barbican/alias I suspect .. | 18:18 |
| alee | so what certs ae in there -- that is certutil -L -d /etc/barbican/alias | 18:18 |
| jmlowe | correct | 18:18 |
| jmlowe | certutil -L -d /etc/barbican/alias | 18:19 |
| jmlowe | Certificate Nickname Trust Attributes | 18:19 |
| jmlowe | SSL,S/MIME,JAR/XPI | 18:19 |
| jmlowe | KRA transport cert ,, | 18:19 |
| jmlowe | well that didn't paste well | 18:19 |
| alee | np -- was looking to see if the transport cert ws thee -- you can do certutil -L -d /etc/barbican/alias -n "KRA transport cert" | 18:20 |
| alee | and compare whats there to the actual transport cert in the kra | 18:21 |
| alee | jmlowe, so in the kra, you should have a certdb at /etc/pki/pki-tomcat/alias | 18:21 |
| jmlowe | http://paste.openstack.org/show/720041/ | 18:21 |
| alee | jmlowe, wait - thats the admin cert | 18:22 |
| jmlowe | oh | 18:22 |
| jmlowe | so delete that | 18:22 |
| jmlowe | it should be grabbing the right cert on startup? | 18:23 |
| alee | maybe .. I recall adding code to do that .. | 18:24 |
| alee | jmlowe, we can also install it manually to be sure | 18:24 |
| jmlowe | Subject: "CN=DRM Transport Certificate,OU=pki-tomcat,O=JETSTREAM" | 18:24 |
| jmlowe | there we go | 18:24 |
| alee | ok - much better | 18:24 |
| jmlowe | HA! success! | 18:25 |
| alee | :) | 18:25 |
| jmlowe | Thank you! Going to Vancouver? | 18:25 |
| alee | I am yes | 18:25 |
| alee | you too? | 18:25 |
| jmlowe | I owe you some some sort of beverage | 18:26 |
| jmlowe | I am | 18:26 |
| alee | excellent -- I'll be giving the project update/onbarding -- so please drop by if you dont see my otherwise | 18:26 |
| jmlowe | Will do | 18:26 |
| alee | jmlowe, you might want to add some code I recently added to make the interaction with dogtag more robust .. | 18:27 |
| alee | jmlowe, https://github.com/openstack/barbican/commit/9a30db85691cfa7272694ce9516cd5db0b076c50 | 18:28 |
| alee | jmlowe, added retries in case of a connection issue | 18:28 |
| alee | jmlowe, let me know if you run into any other issues | 18:29 |
| *** rmascena has quit IRC | 20:13 | |
| *** raildo has joined #openstack-barbican | 20:18 | |
| *** livelace has joined #openstack-barbican | 20:37 | |
| *** abishop has quit IRC | 21:12 | |
| *** raildo has quit IRC | 21:38 | |
| *** abishop has joined #openstack-barbican | 21:43 | |
| *** livelace has quit IRC | 21:56 | |
| *** dave-mcc_ has quit IRC | 22:07 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!