Thursday, 2015-08-13

« Wednesday, 2015-08-12 Index Friday, 2015-08-14 »
*** elo has quit IRC00:00
*** salv-orl_ has quit IRC00:03
*** markvoelker has joined #openstack-security00:15
*** zul has joined #openstack-security00:16
*** markvoelker has quit IRC00:21
*** sigmavirus24 is now known as sigmavirus24_awa00:32
*** tmcpeak has quit IRC00:43
*** salv-orlando has joined #openstack-security01:11
openstackgerritKATO Tomoyuki proposed openstack/security-doc: Remove XML entity reference 'mdash'  https://review.openstack.org/21223401:14
*** salv-orlando has quit IRC01:18
*** tkelsey has joined #openstack-security01:36
*** tkelsey has quit IRC01:40
*** bpokorny has quit IRC01:50
*** markvoelker has joined #openstack-security02:05
*** salv-orl_ has joined #openstack-security02:23
*** salv-orl_ has quit IRC02:31
*** elmiko has quit IRC02:53
*** elmiko has joined #openstack-security02:55
*** jian5397 has joined #openstack-security03:06
*** salv-orlando has joined #openstack-security03:33
*** jian5397 has quit IRC03:39
*** salv-orlando has quit IRC03:45
*** dave-mccowan has quit IRC03:46
openstackgerritAndreas Jaeger proposed openstack/security-doc: Remove Liberty as documented target  https://review.openstack.org/21231004:31
*** salv-orlando has joined #openstack-security04:47
openstackgerritMerged openstack/security-doc: Cleanup tox.ini  https://review.openstack.org/21212704:55
*** salv-orlando has quit IRC04:59
*** tkelsey has joined #openstack-security05:37
*** markvoelker has quit IRC05:41
*** tkelsey has quit IRC05:41
*** tjt263 has joined #openstack-security05:43
*** yaya has joined #openstack-security05:46
*** yaya has quit IRC06:00
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/21235406:03
*** salv-orlando has joined #openstack-security06:04
*** sdake has quit IRC06:07
*** shohel has joined #openstack-security06:12
*** salv-orlando has quit IRC06:13
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/21235406:26
*** shohel has quit IRC06:33
*** shohel has joined #openstack-security06:33
*** markvoelker has joined #openstack-security06:41
*** markvoelker has quit IRC06:46
*** salv-orlando has joined #openstack-security07:11
*** browne has quit IRC07:20
*** alex_klimov has joined #openstack-security07:40
*** openstackgerrit has quit IRC07:41
*** openstackgerrit has joined #openstack-security07:42
*** shohel has quit IRC07:45
*** openstackgerrit has quit IRC07:45
*** shohel has joined #openstack-security07:45
*** openstackgerrit has joined #openstack-security08:00
*** tkelsey has joined #openstack-security08:19
*** markvoelker has joined #openstack-security08:43
*** markvoelker has quit IRC08:47
openstackgerritMerged openstack/anchor: Stop mixing IPs and domains  https://review.openstack.org/20986709:13
*** jmckind_ has joined #openstack-security09:17
*** jmckind has quit IRC09:19
*** tkelsey has quit IRC10:18
*** markvoelker has joined #openstack-security10:43
*** markvoelker has quit IRC10:48
*** shohel1 has joined #openstack-security11:02
*** shohel has quit IRC11:02
*** markvoelker has joined #openstack-security11:44
*** markvoelker has quit IRC11:49
*** markvoelker has joined #openstack-security11:53
*** dave-mccowan has joined #openstack-security12:00
*** shohel1 has quit IRC12:03
*** sdake has joined #openstack-security12:53
*** sdake_ has joined #openstack-security12:54
*** sdake has quit IRC12:57
*** tjt263 has quit IRC12:59
*** openstackgerrit has quit IRC13:01
*** openstackgerrit has joined #openstack-security13:01
*** tmcpeak has joined #openstack-security13:04
*** edmondsw has joined #openstack-security13:05
*** shohel has joined #openstack-security13:20
*** bebech has joined #openstack-security13:24
*** elo has joined #openstack-security13:26
*** bebech has quit IRC13:27
*** browne has joined #openstack-security13:30
*** singlethink has joined #openstack-security13:31
*** singleth_ has joined #openstack-security13:40
*** singlethink has quit IRC13:43
*** jmckind_ has quit IRC13:49
*** jmckind has joined #openstack-security14:02
*** sigmavirus24_awa is now known as sigmavirus2414:10
*** jian5397 has joined #openstack-security14:27
*** tjt263 has joined #openstack-security14:33
*** voodookid has joined #openstack-security14:43
*** tjt263 has quit IRC14:50
*** jmckind has quit IRC14:50
*** sdake_ is now known as sdake14:56
*** elo has quit IRC14:59
*** singlethink has joined #openstack-security15:07
*** singleth_ has quit IRC15:08
*** dwyde has joined #openstack-security15:09
*** bpokorny has joined #openstack-security15:11
*** tjt263 has joined #openstack-security15:21
*** tjt263 has quit IRC15:39
*** sdake_ has joined #openstack-security15:54
*** singleth_ has joined #openstack-security15:55
*** sdake has quit IRC15:58
*** singlethink has quit IRC15:58
*** edmondsw has quit IRC16:06
*** bknudson has joined #openstack-security16:15
*** alejandrito has joined #openstack-security16:22
*** edmondsw has joined #openstack-security16:30
*** openstackgerrit has quit IRC16:31
*** openstackgerrit has joined #openstack-security16:31
*** alex_klimov has quit IRC16:32
*** shohel has quit IRC16:36
*** sdake has joined #openstack-security16:42
*** sicarie has joined #openstack-security16:45
*** jamielennox is now known as jamielennox|away16:45
*** sdake_ has quit IRC16:45
*** browne has quit IRC16:54
*** jian5397 is now known as michaelxin16:54
*** dwyde has quit IRC17:00
*** tkelsey has joined #openstack-security17:08
*** sdake_ has joined #openstack-security17:29
*** sdake has quit IRC17:32
openstackgerritShilla Saebi proposed openstack/security-doc: change to app_support file heading  https://review.openstack.org/21267217:34
openstackgerritShilla Saebi proposed openstack/security-doc: small changes to compliance rst files  https://review.openstack.org/21267417:36
alejandritoHi guys, just one existence question. suppose im a public cloud provider, how can i handle the amazon like "public address" assigment taking into account that "floating IP" has an internal ip addres space, so, what are the best practices to do a floatingIP -> public internet address, like for example take advantage of my few public ips, but using une public to, for example, redirect traffic to specific tenants floating I17:41
openstackgerritAndreas Jaeger proposed openstack/security-doc: Add README for common-rst  https://review.openstack.org/21267717:41
alejandritoPS. any experience on this ?17:41
*** browne has joined #openstack-security17:42
tmcpeakalejandrito sounds like you want a router that's got a public facing IP of the public IP you're using and then hooked up into the floating IP space17:46
tmcpeakI'm just blowing smoke though, I've never done this17:46
*** dwyde has joined #openstack-security17:46
tmcpeakseems like a reasonable approach17:46
elmiko+1, no direct experience here either, but that seems like a reasonable approach17:47
openstackgerritMerged openstack/security-doc: small changes to compliance rst files  https://review.openstack.org/21267417:47
alejandritotmcpeak, something like that, but ... suppose i just have 10 public ips, and 100's floatings, how public clouds to to take advantage of "fewer publics than floatings" redirection ?17:49
tmcpeakI'd think a load balancer can handle something like that17:49
elmikohmm, how would you associate the outside public IP with the private IP though, the use would still need some identifier to make the link happen. unless you are doing it by login name or something?17:50
elmikos/use/user17:50
tmcpeakelmiko: yeah, that's true17:52
elmikowould be much easier if the user was able to have a domain name that the router could then associate with an internal address17:53
tmcpeakunless it sent traffic for that public IP to all attached backends, which dooesn't sound great17:53
elmikoyea...17:53
elmikoi'm thinking if you have a domain like foobar.com, and then could hand out user1.foobar.com through user1000.foobar.com, you could load balance at the router and make the jump from public IP to private17:54
tmcpeakelmiko: +117:54
*** salv-orl_ has joined #openstack-security17:55
*** salv-orlando has quit IRC17:59
*** salv-orl_ has quit IRC18:01
*** salv-orl_ has joined #openstack-security18:01
*** bpokorny_ has joined #openstack-security18:02
*** salv-orl_ has quit IRC18:04
*** salv-orl_ has joined #openstack-security18:05
*** bpokorny has quit IRC18:05
*** bpokorny_ has quit IRC18:08
*** jmckind has joined #openstack-security18:09
openstackgerritAndreas Jaeger proposed openstack/security-doc: Update .gitignore  https://review.openstack.org/21268518:09
*** salv-orlando has joined #openstack-security18:10
elmikoalejandrito: was any of that useful for you?18:10
*** salv-orl_ has quit IRC18:12
alejandritoelmiko, makes lots of sense, so this would be for example18:19
alejandritoelmiko, user10.foobar.com:80 -> LOADBALANCER/FIREWALL -> floatingip:8018:20
elmikoyea, i would imagine so, as the LB/FW component would know the requested hostname and could perform the translation18:21
tmcpeak+118:21
elmikoyou would just need to write the middleware that would allow some easy sync up between users requesting new machines, and plumbing together all the pieces18:21
tmcpeakDNSaaS does that, does it not?18:22
alejandritotmcpeak, elmiko amazing, your information its just GOLD!18:24
alejandritotmcpeak, elmiko thanks so much18:24
tmcpeaksure :)18:24
elmikotmcpeak: i think so, but i am by no means a designate expert ;)18:25
elmikoalejandrito: sure thing, glad to help18:25
*** bpokorny has joined #openstack-security18:29
*** tkelsey has quit IRC18:31
openstackgerritMerged openstack/security-doc: Update .gitignore  https://review.openstack.org/21268518:35
*** salv-orlando has quit IRC18:39
*** nkinder has joined #openstack-security18:49
*** nkinder has quit IRC18:50
*** bapalm_ is now known as bapalm19:07
*** sdake has joined #openstack-security19:09
*** sdake_ has quit IRC19:12
*** salv-orlando has joined #openstack-security19:31
*** singleth_ has quit IRC19:31
*** singlethink has joined #openstack-security19:33
openstackgerritAndreas Jaeger proposed openstack/security-doc: Add README for common-rst  https://review.openstack.org/21267719:35
*** salv-orlando has quit IRC19:36
*** jmckind has quit IRC19:38
*** alejandrito has quit IRC19:44
openstackgerritMerged openstack/security-doc: Add README for common-rst  https://review.openstack.org/21267719:47
*** salv-orlando has joined #openstack-security19:50
openstackgerritShilla Saebi proposed openstack/security-doc: minor change to cookie rst file  https://review.openstack.org/21272219:52
openstackgerritMerged openstack/security-doc: minor change to cookie rst file  https://review.openstack.org/21272220:02
openstackgerritShilla Saebi proposed openstack/security-doc: change to system-documents rst file  https://review.openstack.org/21273120:04
elmikotmcpeak: looks like i've got approval for the mid-cycle \o/20:04
tmcpeakelmiko: sweet!!!20:04
elmikowe have a link for agenda item suggestions?20:05
elmikoor just the etherpad20:05
*** jmckind has joined #openstack-security20:08
tmcpeakelmiko: just etherpad20:08
elmikotmcpeak: ok cool, i'm being asked to bring a few topics. hopefully they'll make the cut20:09
tmcpeakelmiko: sure, I can take a look at them if you want or you can just roll them on site :)20:09
elmikotmcpeak: well, i guess given the format of the pad, i have a few topics i could present on that are issues we are experiencing and perhaps it could be the foundation for a discussion about possible solutions?20:10
tmcpeakelmiko: cool, sounds good20:11
elmikothey are mainly related to control plane <-> tenant plane comms20:11
tmcpeakahh cool, sounds like it could be a good discussion20:11
elmikook, i'll put something up and list myself as the leader20:11
tmcpeakelmiko: cool, sounds good20:11
elmikothanks!20:11
openstackgerritShilla Saebi proposed openstack/security-doc: change to checklist rst file  https://review.openstack.org/21273520:15
*** jmckind has quit IRC20:17
openstackgerritShilla Saebi proposed openstack/security-doc: small change to federated keystone rst  https://review.openstack.org/21274620:17
openstackgerritMerged openstack/security-doc: change to system-documents rst file  https://review.openstack.org/21273120:21
*** tkelsey has joined #openstack-security20:24
openstackgerritShilla Saebi proposed openstack/security-doc: fix spelling in security-services-for-instances  https://review.openstack.org/21277620:25
openstackgerritMerged openstack/security-doc: change to checklist rst file  https://review.openstack.org/21273520:25
*** alejandrito has joined #openstack-security20:28
openstackgerritShilla Saebi proposed openstack/security-doc: changes to inro to OpenStack rst  https://review.openstack.org/21277720:31
*** sdake_ has joined #openstack-security20:32
openstackgerritMerged openstack/security-doc: small change to federated keystone rst  https://review.openstack.org/21274620:32
*** sdake has quit IRC20:36
*** HERMANA has joined #openstack-security20:41
*** tkelsey has quit IRC20:44
*** HERMANA has quit IRC20:46
openstackgerritMerged openstack/security-doc: changes to inro to OpenStack rst  https://review.openstack.org/21277720:54
openstackgerritShilla Saebi proposed openstack/security-doc: change to security-boundaries and threats  https://review.openstack.org/21278520:56
openstackgerritShilla Saebi proposed openstack/security-doc: made small change to case-studies rst file  https://review.openstack.org/21278721:02
openstackgerritMerged openstack/security-doc: change to security-boundaries and threats  https://review.openstack.org/21278521:07
*** alex_klimov has joined #openstack-security21:19
*** tkelsey has joined #openstack-security21:27
*** alex_klimov has quit IRC21:27
*** tkelsey has quit IRC21:31
*** jmckind has joined #openstack-security21:37
*** michaelxin has quit IRC21:37
*** alejandrito has quit IRC21:41
*** sigmavirus24 is now known as sigmavirus24_awa21:46
*** jmckind has quit IRC21:50
*** webhat has quit IRC22:05
*** webhat has joined #openstack-security22:06
*** sdake has joined #openstack-security22:12
*** sdake_ has quit IRC22:16
*** dwyde has quit IRC22:24
*** jamielennox|away is now known as jamielennox22:33
*** tjt263 has joined #openstack-security22:34
*** sdake_ has joined #openstack-security22:42
*** sdake has quit IRC22:46
*** edmondsw has quit IRC22:48
*** singlethink has quit IRC22:49
*** voodookid has quit IRC23:06
*** jamielennox is now known as jamielennox|away23:18
tmcpeakbrowne: you around?23:24
browneyep23:27
tmcpeakdude, as far as I can tell virtualenv Bandit install is broken23:27
browneso this is a regression?23:28
tmcpeak"pip uninstall bandit; virtualenv test_me; source test_me/bin/activate; bandit -r /some/path" —> no config found23:28
brownedoesn't tox use venv23:28
tmcpeakI don't know, can you try that and see if it works for you?23:28
tmcpeaktox doesn't gates aren't broken23:28
tmcpeakoh yeah23:28
*** tkelsey has joined #openstack-security23:28
tmcpeaktox does use it, but the gates come with their own config23:28
tmcpeakthat's the only thing saving us23:28
tmcpeakyeah man, it's a regression23:30
tmcpeakgot broken in 0.13.023:30
tmcpeak12 works fine23:31
tmcpeak:(23:31
tmcpeakwe really need unit tests23:31
tmcpeakand I'm not sure why this config thing is so complicated but it's killing us23:31
browneyeah, i get the same23:32
*** tkelsey has quit IRC23:32
tmcpeak(sigh) damn23:32
browne[bandit]ERRORno config found - tried: ./bandit.yaml, /home/ericwb/.config/bandit/bandit.yaml, /etc/bandit/bandit.yaml, /usr/local/etc/bandit/bandit.yaml23:32
tmcpeakyep23:32
tmcpeakif you do the same thing with 0.12.0 it's fine23:32
tmcpeakwell I know what I'm doing tomorrow :|23:33
browneits because it doesn't check in bandit/config/bandit.yaml23:33
tmcpeakahh, so we can just add that one back to the end I guess23:33
brownewell, but we don't really know where that file is and where the cwd is23:34
browneshouldn't we be installing to /etc ?23:34
*** sicarie has quit IRC23:34
tmcpeakwe can't if it's not sudo, right?23:34
tmcpeakwe should be installing to virtualenv/etc23:35
brownetrue23:35
tmcpeakI'm surprised virtualenv doesn't handle that23:35
tmcpeakshouldn'23:36
tmcpeakshouldn't virutalenv/etc for all purposes be /etc?23:36
browneyeah, we need to figure out how venv finds data files23:36
tmcpeakyeah :|23:36
tmcpeakwe really need a good test set up now23:39
tmcpeaktoo many variables to manage and be sure we're not breaking stuff23:39
tmcpeakallright - well I'll dig into it first thing tomorrow23:40
brownesame issue with word-list23:41
*** jamielennox|away is now known as jamielennox23:47
*** markvoelker has quit IRC23:50
brownetmcpeak: so we can use the env var to deduce location to the bandit.yaml and word list.23:52
browneVIRTUAL_ENV=/home/ericwb/bandit/test_me23:52
brownei'll put together a patch23:55
« Wednesday, 2015-08-12 Index Friday, 2015-08-14 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!