| *** tkajinam has quit IRC | 03:10 | |
| *** hindret has quit IRC | 03:22 | |
| *** hindret has joined #openstack-barbican | 03:23 | |
| *** openstackgerrit has quit IRC | 05:46 | |
| *** tkajinam has joined #openstack-barbican | 06:53 | |
| *** openstackgerrit has joined #openstack-barbican | 07:05 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican master: Imported Translations from Zanata https://review.opendev.org/760060 | 07:05 |
|---|---|---|
| *** Luzi has joined #openstack-barbican | 08:55 | |
| *** tosky has joined #openstack-barbican | 08:57 | |
| *** openstack has quit IRC | 09:21 | |
| *** openstack has joined #openstack-barbican | 09:22 | |
| *** ChanServ sets mode: +o openstack | 09:22 | |
| *** JohnnyRainbow has joined #openstack-barbican | 12:12 | |
| JohnnyRainbow | johnsom I've upgraded barbican and octavia to stein release as we discussed lastly, but seems the issue still exist there. I was trying to debug more about it but I cannot find a root cause for it, seems like maybe issue with keystone(?), but all other barbican requests are working fine. Anyway I just made a brief listing of what seems for me | 12:17 |
| JohnnyRainbow | valid, maybe you can check quickly in a spare time and have some ideas? https://paste.ofcode.org/8MRyZjLSFUTtDx3YtVVzap Thanks for your help! :) | 12:17 |
| *** raildo has joined #openstack-barbican | 12:41 | |
| johnsom | JohnnyRainbow Did you make sure you have the correct version of python-barbicanclient on the Octavia instances? | 12:57 |
| JohnnyRainbow | let me check it | 12:59 |
| johnsom | JohnnyRainbow Did that help? | 13:57 |
| JohnnyRainbow | not fully, indeed I had a mismatch between python-barbicanclient, but it seems it can be correlated with octavia.conf which is probably not correctly configured to support barbican | 13:59 |
| JohnnyRainbow | I'm googling for some configuration hints for octavia.conf and I need to try it...at least I have some ideas...or if you have octavia.conf file which is working with barbican and you can share it, it would be more than welcome :) | 14:00 |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican master: DNM: Victoria health check https://review.opendev.org/760139 | 14:00 |
| johnsom | JohnnyRainbow Here is an example configuration file for our testing jobs: https://zuul.opendev.org/t/openstack/build/ce884c4e02364f4a8e9291f691921f78/log/controller/logs/etc/octavia/octavia_conf.txt | 14:02 |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican master: DNM: Ussuri health check https://review.opendev.org/760140 | 14:03 |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican stable/train: DNM: Train health check https://review.opendev.org/760141 | 14:04 |
| JohnnyRainbow | johnsom thanks! Is there anything which change this value: # cert_manager = barbican_cert_manager? Cause I see it commented, what is strange for me, but maybe I'm wrong | 14:05 |
| johnsom | Commented lines that have settings after them reflect what the default value is for the setting | 14:06 |
| johnsom | So "# cert_manager = barbican_cert_manager" means that the default value for cert_manager is barbican_cert_manager | 14:06 |
| *** d34dh0r53 has quit IRC | 14:07 | |
| JohnnyRainbow | ok, I thought default is local_cert_manager, but maybe I'm wrong or depand on version | 14:09 |
| johnsom | https://github.com/openstack/octavia/blob/master/octavia/common/config.py#L577 | 14:10 |
| JohnnyRainbow | thanks! | 14:10 |
| *** d34dh0r53 has joined #openstack-barbican | 14:11 | |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican stable/train: Use serial number or label for PKCS#11 tokens https://review.opendev.org/760154 | 14:50 |
| JohnnyRainbow | johnsom seems still something with ACLs for octavia, shouldn't be done automatically without need to add ACL manually? https://paste.ofcode.org/3hJJneUvK4CjxfCjKxhCAY | 14:54 |
| johnsom | JohnnyRainbow Yes, as of the Rocky release we were able to make the ACL management automatic. | 14:55 |
| johnsom | JohnnyRainbow Oh that log is interesting: format_exception | 14:56 |
| JohnnyRainbow | and is it done automatically by barbican? Cause I have barbican and octavia upgraded to stein, but not the others | 14:56 |
| johnsom | So what is stored in barbican is not valid | 14:56 |
| johnsom | It's handled by Octavia | 14:57 |
| JohnnyRainbow | hmm...can I somehow validate it why it not valid? | 14:57 |
| johnsom | Take a look at these steps: https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer | 14:58 |
| johnsom | It could be the format is wrong, or the way it is stored in barbican is not right. (notes, we should improve the user messaging in that use case for the CLI) | 14:59 |
| JohnnyRainbow | yes, that is what I'm doing currently...and I've tried in parallel with this: https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer | 14:59 |
| johnsom | That wiki is using the old method. It should still work, but might have some bugs. | 15:00 |
| johnsom | The docs are the best approach | 15:00 |
| JohnnyRainbow | ok, I was using the wiki method because it contains all steps for creation of certificate chain and key | 15:01 |
| JohnnyRainbow | Hmm...same thing with method from docs, but format looks more or less valid: https://paste.ofcode.org/Qh8BP4Q9fcXefXbKKdzzzJ | 15:09 |
| johnsom | JohnnyRainbow it looks like there is a passphrase in the content | 15:19 |
| JohnnyRainbow | let me check, maybe it's my fault, I need to double check | 15:28 |
| *** raildo has quit IRC | 15:42 | |
| *** raildo has joined #openstack-barbican | 15:42 | |
| *** JohnnyRainbow has quit IRC | 16:20 | |
| *** JohnnyRainbow has joined #openstack-barbican | 16:34 | |
| JohnnyRainbow | johnsom you were right, certificate was with password, now it works...I mean, it is step ahead :) https://paste.ofcode.org/uQxn2NgDE4sm6LCSAAMBDK Thanks for your help! | 16:35 |
| johnsom | JohnnyRainbow Glad you are up and running. | 16:35 |
| *** Luzi has quit IRC | 16:47 | |
| *** tosky has quit IRC | 17:20 | |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican stable/ussuri: Update .gitreview for stable/ussuri https://review.opendev.org/722953 | 19:37 |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican stable/ussuri: Update TOX_CONSTRAINTS_FILE for stable/ussuri https://review.opendev.org/722954 | 19:43 |
| openstackgerrit | Douglas Mendizábal proposed openstack/barbican stable/ussuri: Rebase alembic migrations https://review.opendev.org/760218 | 19:52 |
| *** tosky has joined #openstack-barbican | 20:39 | |
| *** rm_work has quit IRC | 21:59 | |
| *** rm_work has joined #openstack-barbican | 21:59 | |
| openstackgerrit | Merged openstack/python-barbicanclient master: Add Python3 wallaby unit tests https://review.opendev.org/751546 | 22:12 |
| openstackgerrit | Merged openstack/python-barbicanclient master: bump py37 to py38 in tox.ini https://review.opendev.org/752612 | 22:12 |
| openstackgerrit | Merged openstack/barbican master: Update hacking for Python3 https://review.opendev.org/716730 | 22:18 |
| openstackgerrit | Merged openstack/barbican master: Delete deprecated url of readme.rst ask.openstack.org is read-only and cannot raise a new question https://review.opendev.org/756455 | 22:18 |
| *** raildo has quit IRC | 22:37 | |
| *** JohnnyRainbow has quit IRC | 23:40 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!