| *** awalende has joined #openstack-barbican | 01:57 | |
| *** awalende has quit IRC | 02:02 | |
| *** pcaruana has joined #openstack-barbican | 05:25 | |
| *** jmlowe has quit IRC | 05:46 | |
| *** awalende has joined #openstack-barbican | 05:58 | |
| *** awalende has quit IRC | 06:02 | |
| *** dpawlik has joined #openstack-barbican | 07:14 | |
| *** tosky has joined #openstack-barbican | 07:35 | |
| *** awalende has joined #openstack-barbican | 07:47 | |
| *** dpawlik has quit IRC | 07:56 | |
| *** njohnston_ has joined #openstack-barbican | 08:06 | |
| *** njohnston has quit IRC | 08:07 | |
| *** ade_lee has quit IRC | 08:12 | |
| *** ade_lee has joined #openstack-barbican | 08:12 | |
| *** dpawlik has joined #openstack-barbican | 08:21 | |
| *** ivve has joined #openstack-barbican | 08:36 | |
| *** tosky has quit IRC | 09:13 | |
| *** tosky has joined #openstack-barbican | 09:14 | |
| *** awalende has quit IRC | 09:43 | |
| *** dpawlik has quit IRC | 09:45 | |
| *** awalende has joined #openstack-barbican | 09:48 | |
| *** awalende has quit IRC | 09:52 | |
| *** awalende has joined #openstack-barbican | 09:52 | |
| *** jaosorior has joined #openstack-barbican | 09:57 | |
| *** dpawlik has joined #openstack-barbican | 10:20 | |
| *** dpawlik has quit IRC | 10:24 | |
| *** dpawlik has joined #openstack-barbican | 10:51 | |
| *** dpawlik has quit IRC | 11:12 | |
| *** raildo has joined #openstack-barbican | 11:53 | |
| *** dave-mccowan has quit IRC | 12:17 | |
| *** pcaruana has quit IRC | 12:24 | |
| *** awalende has quit IRC | 12:26 | |
| *** pcaruana has joined #openstack-barbican | 12:50 | |
| *** awalende has joined #openstack-barbican | 12:52 | |
| *** awalende has quit IRC | 12:56 | |
| *** dave-mccowan has joined #openstack-barbican | 13:21 | |
| *** dpawlik has joined #openstack-barbican | 13:39 | |
| *** jaosorior has quit IRC | 14:18 | |
| *** mmethot has quit IRC | 14:34 | |
| *** mmethot has joined #openstack-barbican | 14:35 | |
| *** openstackgerrit has joined #openstack-barbican | 14:53 | |
| openstackgerrit | Sven Wegener proposed openstack/barbican master: consumers: Expose container attributes for policy checking https://review.opendev.org/674605 | 14:53 |
|---|---|---|
| *** dpawlik has quit IRC | 15:08 | |
| *** efried has joined #openstack-barbican | 15:17 | |
| efried | o/ barbican! | 15:17 |
| redrobot | efried, 👋 | 15:51 |
| efried | Dunno if you've been following, but that py3 patch has become interesting. | 15:51 |
| efried | though I actually showed up to ask a rather more esoteric question... | 15:51 |
| efried | is there a limit to the size of the, ahem, "passphrase" I can store in barbican? | 15:51 |
| redrobot | efried, yes, there's a configurable size limit for a secret | 15:52 |
| efried | or is it theoretically possible to (ab)use barbican as a pseudo- (but more secure) swift? | 15:52 |
| redrobot | we purposely did not want to be "encrypted swift" | 15:52 |
| redrobot | so the limit is pretty small | 15:52 |
| redrobot | 10K by default IIRC | 15:52 |
| efried | Okay. So even if I can get under 10K (I can) it would be a non-recommended use case. | 15:53 |
| efried | I reckon that answers my question :) | 15:53 |
| redrobot | efried, https://opendev.org/openstack/barbican/src/branch/master/barbican/common/config.py#L50-L52 | 15:53 |
| redrobot | you can change that to increase the limit | 15:53 |
| redrobot | but yea, we don't recommend going much bigger | 15:54 |
| redrobot | definitely not into the MBs or GBs | 15:54 |
| efried | well, it's more of a philosophical question, it sounds like. | 15:54 |
| efried | I'm pretty sure the thing I want to store would be well under 10K anyway | 15:54 |
| efried | and really I guess it's more of a question for the key manager (castellan) shim than anything else | 15:55 |
| efried | because my actual use case is going to involve a home-grown backend. | 15:55 |
| redrobot | Yeah, Castellan basically just shovels stuff back and forth | 15:55 |
| redrobot | if your key service backend allows big files, then I don't think Castellan would care | 15:56 |
| efried | except for the "did not want to be encrypted swift" philosophy. Does that statement apply to castellan as well, do you reckon, or barbican specifically? | 15:57 |
| redrobot | efried, barbican specifically ... but I think it's true of key managers in general | 15:57 |
| redrobot | Hardware HSMs have very limited storage for example | 15:57 |
| efried | I mean, it makes sense. It's a *key* manager, not a "random data blob" manager. | 15:58 |
| *** jmlowe has joined #openstack-barbican | 16:00 | |
| *** ivve has quit IRC | 16:09 | |
| *** jmlowe has quit IRC | 16:10 | |
| efried | gmann: Is there anything I can do to help with https://review.opendev.org/#/c/695052/ (barbican py3 gating)? | 16:15 |
| efried | kinda sounds like you've got the same issue elsewhere too? | 16:15 |
| gmann | efried: yeah it was strange behavior which i could not figured out last night. AJaeger pointed out about branch variant playing the magic role here so we need this to fix barbican grenade https://review.opendev.org/#/c/689458/ | 16:16 |
| *** dpawlik has joined #openstack-barbican | 16:18 | |
| efried | gmann: forgive my ignorance, but grenade uses the prior release's stable branch for the 'old' side? | 16:18 |
| gmann | efried: that is devstack of old branch but job definition or say inventory has t be from master (or the branch where gate is running) | 16:19 |
| gmann | so for master gate grenade job should 1. use the job definition of master 2. install the stable/train devstack on node 3. perform upgrade on that node by stop service and update the source code (no new devstack installation) | 16:20 |
| gmann | if 1st happen then it takes the code changes of your patch which makes greande to do py3-> py3 | 16:21 |
| gmann | means old node devstack installation will be on py3 instead of py2 | 16:21 |
| gmann | dave-mccowan: we need to get these backport in https://review.opendev.org/#/q/I24a46d0d7476203feccb1250d4ce3ad94b2e0ecd | 16:27 |
| *** dpawlik has quit IRC | 16:29 | |
| efried | gmann: sorry, still confused. Does the fact that https://review.opendev.org/#/c/681972/ (master) has merged mean that we should now be able to recheck https://review.opendev.org/#/c/695052/ (gate on py3)? Or do we have to wait for the train cherry-pick to merge? | 16:35 |
| *** dpawlik has joined #openstack-barbican | 16:35 | |
| *** jaosorior has joined #openstack-barbican | 16:40 | |
| gmann | efried: need to wait for cherry-pick of train and might be all stable branch. what happened is: zuul gets the job definition (same name) from master and stable/* branch which were different with branch variant. branch variant on stable/train satisfied the criteria to run on master gate so does zuul picked that job definition instead of master+your patch change. | 16:40 |
| *** dpawlik has quit IRC | 16:41 | |
| *** dpawlik has joined #openstack-barbican | 17:12 | |
| *** dpawlik has quit IRC | 17:21 | |
| *** dpawlik has joined #openstack-barbican | 17:35 | |
| openstackgerrit | Merged openstack/barbican stable/train: Don't use branch matching https://review.opendev.org/689458 | 17:50 |
| *** jaosorior has quit IRC | 17:50 | |
| *** dpawlik has quit IRC | 17:51 | |
| *** jaosorior has joined #openstack-barbican | 17:57 | |
| *** jmlowe has joined #openstack-barbican | 18:17 | |
| *** jaosorior has quit IRC | 18:22 | |
| *** tosky has quit IRC | 18:55 | |
| dave-mccowan | redrobot ^^ | 19:27 |
| redrobot | dave-mccowan, 🎉🎉🎉 | 19:29 |
| *** awalende has joined #openstack-barbican | 19:31 | |
| *** awalende_ has joined #openstack-barbican | 19:36 | |
| *** awalende has quit IRC | 19:39 | |
| *** awalende_ has quit IRC | 19:41 | |
| *** awalende has joined #openstack-barbican | 19:41 | |
| *** awalende_ has joined #openstack-barbican | 19:51 | |
| *** awalende has quit IRC | 19:54 | |
| *** awalende has joined #openstack-barbican | 20:05 | |
| *** awalende_ has quit IRC | 20:06 | |
| *** awalende_ has joined #openstack-barbican | 20:06 | |
| *** awalende has quit IRC | 20:10 | |
| *** awalende has joined #openstack-barbican | 20:17 | |
| *** awalende has quit IRC | 20:19 | |
| *** awalende_ has quit IRC | 20:20 | |
| *** jmlowe has quit IRC | 20:43 | |
| efried | redrobot et al: https://review.opendev.org/#/c/695052/ is green now. Do you want me to change the commit message at all? | 20:51 |
| redrobot | efried, lgtm | 20:56 |
| efried | cool | 20:56 |
| *** awalende has joined #openstack-barbican | 21:14 | |
| *** awalende has quit IRC | 21:19 | |
| *** raildo has quit IRC | 21:20 | |
| *** tosky has joined #openstack-barbican | 21:41 | |
| *** pcaruana has quit IRC | 21:42 | |
| *** awalende has joined #openstack-barbican | 22:11 | |
| *** awalende has quit IRC | 22:15 | |
| *** dave-mccowan has quit IRC | 22:29 | |
| gmann | seems like barbican stable/stein is brokenon fedora_latest job - https://review.opendev.org/#/q/status:open+project:openstack/barbican+branch:stable/stein | 23:38 |
| gmann | anyone know the reason or fix ? | 23:38 |
| gmann | it seems broken since 8 months - https://review.opendev.org/#/c/650415/ | 23:39 |
| gmann | redrobot: seems like fedora_latest was made non voting in this but not in stable branches - https://review.opendev.org/#/c/662543/16 | 23:55 |
| gmann | i am not sure if we can backport the whole thing of 662543. I will make the direct patch to stable/stein to make the job n-v and backport from there | 23:58 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!