Wednesday, 2017-11-29

« Tuesday, 2017-11-28 Index Thursday, 2017-11-30 »
*** ukaynar has quit IRC00:36
*** ukaynar has joined #openstack-sahara00:36
*** ukaynar has quit IRC00:41
*** caowei has joined #openstack-sahara01:01
*** shuyingya has joined #openstack-sahara01:10
*** shuyingya has quit IRC01:15
*** shuyingya has joined #openstack-sahara01:36
*** shuyingya has quit IRC01:41
openstackgerritMerged openstack/puppet-sahara master: Prepare for Queens Milestone 2  https://review.openstack.org/52359301:45
*** shuyingya has joined #openstack-sahara01:48
*** shuyingy_ has joined #openstack-sahara01:49
*** shuyingya has quit IRC01:53
openstackgerritTuan Luong-Anh proposed openstack/sahara master: Fix the format command-line  https://review.openstack.org/52300301:53
openstackgerritTuan Luong-Anh proposed openstack/sahara master: Fix the format command-line  https://review.openstack.org/52300302:42
*** dave-mccowan has quit IRC02:42
openstackgerritcaowei proposed openstack/sahara master: Update designate manual installation URL  https://review.openstack.org/52366202:50
*** raissa has quit IRC02:58
openstackgerritTuan Luong-Anh proposed openstack/sahara master: Fix the format command-line  https://review.openstack.org/52300303:15
openstackgerritTuan Luong-Anh proposed openstack/sahara master: Fix the format command-line  https://review.openstack.org/52300303:16
*** ukaynar has joined #openstack-sahara03:29
*** caowei has quit IRC03:40
*** caowei has joined #openstack-sahara03:41
*** links has joined #openstack-sahara03:42
*** ukaynar has quit IRC04:33
*** ukaynar has joined #openstack-sahara04:34
*** pgadiya has joined #openstack-sahara04:43
*** pgadiya has quit IRC04:45
*** ukaynar has quit IRC05:01
*** ukaynar has joined #openstack-sahara05:03
*** caowei has quit IRC05:04
*** caowei has joined #openstack-sahara05:25
*** shuyingya has joined #openstack-sahara06:21
*** shuying__ has joined #openstack-sahara06:22
*** shuyingy_ has quit IRC06:24
*** shuyingya has quit IRC06:25
openstackgerritOpenStack Proposal Bot proposed openstack/sahara-dashboard master: Imported Translations from Zanata  https://review.openstack.org/52369906:36
*** shuyingya has joined #openstack-sahara06:39
*** shuyingya has quit IRC06:39
*** shuyingya has joined #openstack-sahara06:39
*** shuying__ has quit IRC06:43
*** rcernin has quit IRC07:43
*** pcaruana has joined #openstack-sahara08:04
*** rcernin has joined #openstack-sahara08:39
*** spectr has joined #openstack-sahara09:03
openstackgerritOpenStack Proposal Bot proposed openstack/sahara master: Updated from global requirements  https://review.openstack.org/52379609:21
*** caowei has quit IRC09:38
*** caowei has joined #openstack-sahara09:50
*** tosky has joined #openstack-sahara10:24
*** caowei has quit IRC10:27
*** spectr has quit IRC10:33
*** tellesnobrega has quit IRC11:06
*** shuyingy_ has joined #openstack-sahara11:52
*** tellesnobrega has joined #openstack-sahara11:53
*** shuyingya has quit IRC11:55
*** raissa has joined #openstack-sahara12:12
*** ukaynar has quit IRC13:00
*** ukaynar has joined #openstack-sahara13:05
*** ukaynar has quit IRC13:09
*** links has quit IRC13:21
*** dave-mccowan has joined #openstack-sahara13:36
*** shuyingy_ has quit IRC13:39
*** shuyingya has joined #openstack-sahara13:40
*** openstackstatus has quit IRC13:43
*** openstack has joined #openstack-sahara13:45
*** ChanServ sets mode: +o openstack13:45
openstackgerritMerged openstack/sahara master: Updated from global requirements  https://review.openstack.org/52379613:58
*** rcernin has quit IRC14:27
*** tellesnobrega has quit IRC14:38
*** ukaynar has joined #openstack-sahara14:40
*** openstack has quit IRC14:46
*** openstack has joined #openstack-sahara14:51
*** ChanServ sets mode: +o openstack14:51
*** ukaynar has quit IRC14:59
*** ukaynar has joined #openstack-sahara14:59
*** tellesnobrega has joined #openstack-sahara16:10
*** jeremyfreudberg has joined #openstack-sahara17:32
jeremyfreudbergtellesnobrega, you might have missed this backport proposal from a while ago, but I *think* it's ok to merge https://review.openstack.org/#/c/515313/17:33
tellesnobregajeremyfreudberg, thanks, i did miss it. I recently looked for open on branches and it didn't show up17:33
tellesnobregaI have to check my search skills17:34
jeremyfreudbergtellesnobrega, ha, don't worry about it17:34
tellesnobregajeremyfreudberg, I have a question for you. Do you know if you will make it to Dublin?17:34
jeremyfreudbergtellesnobrega, I can't say 100% right now. But it does look hopeful again that I will make it to PTG17:35
tellesnobregajeremyfreudberg, great17:35
tellesnobregaI vaguely remember while talking to you boss, she saying that you would be there17:36
jeremyfreudbergtellesnobrega, hmm, it's possible. we haven't really discussed it yet...17:38
tellesnobregacool17:38
tellesnobregaI signed up sahara, so it would be great to have you again17:39
jeremyfreudbergyep17:40
jeremyfreudbergI also wanted to mention that right now we are almost at queens-2...17:40
jeremyfreudberg...but no plugin upgrades done17:40
jeremyfreudbergNot blaming anyone, since we really all have been working hard, but it's a bit unfortunate that our plan to get that done early didn't happen17:41
tellesnobregajeremyfreudberg, I agree with you17:41
tellesnobregathis next meeting we can take some time to discuss the versions we want to upgrade to17:42
tellesnobregaand see how soon we can get it done17:42
jeremyfreudbergcool, i'll remember to bring it up at the meeting17:43
*** jeremyfreudberg has quit IRC17:51
*** tosky has quit IRC18:24
*** ukaynar has quit IRC18:27
openstackgerritMerged openstack/sahara stable/ocata: Use non corrupted libext from image.  https://review.openstack.org/51531318:45
*** shuyingya has quit IRC18:53
*** jeremyfreudberg has joined #openstack-sahara19:18
*** tosky has joined #openstack-sahara19:18
tellesnobregajeremyfreudberg, tosky, what is the right way to run just one unit test?19:25
tellesnobregakeep forgetting it19:25
jeremyfreudbergbasically I do python -m testtools.run package.whatever.tests.module, I guess you might have to source the tox env manually first19:26
jeremyfreudberglike `source .tox/py27/bin/activate` first19:26
tellesnobregathanks19:26
jeremyfreudbergit gets tricky because sometimes that module name ends up being relative (current directory) and sometime it refers to the installed package19:27
jeremyfreudberghence why I'm unsure about the tox thing19:28
tellesnobregait worked19:30
tellesnobregado we have that documented?19:30
tellesnobregahow to run single tests?19:30
tellesnobregaif not, we probably should19:30
jeremyfreudbergit's mentioned implicitly in the ostestr docs19:31
jeremyfreudbergbut you have to know to look there and also to understand their implication (they don't say directly, "this is how to do it")19:32
tellesnobregamaybe this is something we need to improve19:32
tellesnobregayou know, test running takes sometime, we need to make peoples lives easier19:32
jeremyfreudbergwell, it's not sahara specific. but it should probably be on some contributor guide somewhere19:32
jeremyfreudbergyes19:32
tellesnobregajeremyfreudberg, tosky just got decommission of specific node running and fixed tests19:42
tosky\o/19:42
tellesnobregaonly thing left to do is add some tests for specific nodes deletion19:42
tellesnobregaI'm planning on a couple actually19:42
jeremyfreudbergcongratulations19:42
tellesnobrega1) We delete one instance selecting the one and check it is removed19:43
tellesnobrega2) We delete N, N>1, and select M, M < N, and see the selected ones deleted + the N - M last instances removed19:43
tellesnobregaand we keep the current that doesn't select19:44
tellesnobregawhich are already working19:44
tellesnobregadoes that make sense to you both?19:44
toskyyep19:44
jeremyfreudbergyes, that makes sense19:48
jeremyfreudberganyway, I had actually logged into IRC to ping elmiko with a question about trusts19:53
jeremyfreudbergso, ping elmiko19:53
tellesnobregajeremyfreudberg, let me try to get his attention19:59
jeremyfreudbergit's not super urgent, but it was on my brain today. I'm patient20:00
elmikojeremyfreudberg: hi20:01
jeremyfreudberghey elmiko, just a quick question about the whole proxy-users-domain thing20:01
elmikoshoot20:01
jeremyfreudbergso, when we enable the proxy users thing, it makes new credentials every job execution,20:02
jeremyfreudbergbut20:02
jeremyfreudbergthere's also some code out there, which was intended for the more finicky Hive, which creates new credentials once and they last the entire life of the cluster20:03
jeremyfreudberg(I can link that code if needed)20:03
jeremyfreudbergmy actual question is20:03
jeremyfreudbergis there any forseeable issue of extending the use of that code to happen for all clusters, not just hive ones?20:03
elmikothe main issue is that you extend the window of vulnerability for those stores20:04
elmikoalthough we have tried to make the cluster->store access as tight as possible, the longer the cluster lives, the longer the window of time that an attacker has to learn the temporary secret and exploit the trust20:04
elmikootherwise, i think you would be ok extending the lifetime of those trusts20:04
elmikoi can't see a technical reason why it wouldn't work20:05
jeremyfreudbergI see what you mean20:06
jeremyfreudbergthis change would be only downstream to begin with, so I can use more lax standards regarding security. but it sounds like it's not so much worse from a security perspective20:07
elmikoit really depends on the situation, but yeah if someone has owned your cluster boxes then you are trouble either way20:07
jeremyfreudbergyes, I was going to say on the Sahara-side we have barbican. but the proxy password stored on the cluster itself is just as vulnerable as any other credentials stored on the cluster itself20:08
elmikoyup20:09
elmikoimo, this is more a failing with hadoop storing sensitive info in plaintext20:09
jeremyfreudbergwhich also reminds me that we should start looking into that new-fangled Hadoop CredentialProvider thing (perhaps a Hadoop 3 exclusive)20:09
jeremyfreudberghttps://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html20:10
jeremyfreudberg^secret storage within the hadoop cluster itself20:10
*** shuyingya has joined #openstack-sahara20:11
jeremyfreudberganyways, thanks elmiko, always good to have someone to talk at20:12
elmikojeremyfreudberg: no worries, hope it was helpful =)20:13
*** tellesnobrega has left #openstack-sahara20:15
*** tellesnobrega has joined #openstack-sahara20:15
*** shuyingya has quit IRC20:15
*** jeremyfreudberg has quit IRC20:17
*** spectr has joined #openstack-sahara20:18
*** spectr has quit IRC20:20
tellesnobregatosky, I'm not sure the way the tests are set up, it will really test what I want to20:25
tellesnobregaIt uses fake plugin manager, fake ops and so on20:25
*** tellesnobrega has left #openstack-sahara20:25
*** tellesnobrega has joined #openstack-sahara20:26
toskytellesnobrega: even if fake plugin, it uses heat anyway, so it may be enough to see if the right node is removed20:37
tellesnobregatosky, problem is, the cluster create has no instances20:37
tellesnobregawhen I print the cluster, it shows all info, but under node_groups, the instances list are all empty20:38
tellesnobregabecause it is only checks count number here20:39
tellesnobregathat has to be tests on clusters with instances20:39
toskyoh, unit tests20:41
tellesnobregayes20:41
tellesnobregamaybe this is better tested on scenarios20:42
toskyok, so either you mock a lot more things, or it could be a scenario20:42
tellesnobregaI truly believe scenario test works better for this case20:42
tellesnobregaand it gives me a chance to play with scenario tests20:43
tellesnobregabut I value your opinion on tests more than mine, what do you think it is best?20:43
toskywhat if we can have both? at least some unit tests for the new code, and a more complete targeted removal20:45
toskyon scenario20:45
tellesnobregathat is better, I was thinking that would be your answer20:45
tellesnobregaI will try to figure out how to that20:46
tellesnobregaI'm sending a first patch so you guys can take a look20:47
openstackgerritTelles Mota Vidal Nóbrega proposed openstack/sahara master: Decommission of an specific node  https://review.openstack.org/52398120:47
tellesnobregawhile I'm writing the tests20:47
tellesnobregathis still needs, saharaclient code and dashboard20:47
tellesnobregatosky, I will ping you tomorrow for help with the unit tests20:50
tellesnobregaI have to drop for the day20:50
tellesnobregaand you should drop for the day20:50
tellesnobregasee you tomorrow20:51
toskyI technically already dropped :)20:51
toskysee you o/20:51
*** shuyingya has joined #openstack-sahara20:52
*** shuyingya has quit IRC20:56
*** pcaruana has quit IRC21:00
*** rcernin has joined #openstack-sahara22:03
*** shuyingya has joined #openstack-sahara22:41
*** shuyingya has quit IRC22:46
*** hoonetorg has joined #openstack-sahara23:10
*** shuyingya has joined #openstack-sahara23:22
*** shuyingya has quit IRC23:27
*** tesseract has joined #openstack-sahara23:48
*** tesseract has quit IRC23:49
« Tuesday, 2017-11-28 Index Thursday, 2017-11-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!