Friday, 2016-11-11

« Thursday, 2016-11-10 Index Saturday, 2016-11-12 »
*** gyee has quit IRC00:06
mattoliverautimur: cool, add me as a reviewer when you do, cause I'd love to follow up and join in on discussions there, especially after discussions we had at summit.00:11
*** chlong has joined #openstack-swift00:12
timurmattoliverau: will do!00:18
*** jerrygb has joined #openstack-swift00:34
*** dmorita has quit IRC00:37
*** catintheroof has quit IRC00:38
*** jerrygb has quit IRC00:38
*** catintheroof has joined #openstack-swift00:39
*** dmorita has joined #openstack-swift00:39
*** catintheroof has quit IRC00:43
*** jamielennox is now known as jamielennox|away00:44
openstackgerritJohn Dickinson proposed openstack/swift: Add checksum to object extended attributes  https://review.openstack.org/33632300:53
notmynametorgomatic: so many funny stories in there ^00:53
notmynamegood news is that everythign is working in my SAIO for having an xfs TMPDIR in my home directory and /tmp using tmpfs. so I /think/ I can get https://review.openstack.org/#/c/394600/ updated to do something similar and we'll be good to go00:55
patchbotpatch 394600 - openstack-infra/project-config - enable xfs for swift in-process functests00:55
timburkenotmyname: no Depends-On: I3339de0d57726b339dfc6638d225e49d097f7b63 ?00:55
notmynametimburke: no. I linked it instead of Depends-On00:55
notmynamewhy? because...umm...00:55
notmynameseemed like a good idea at the time? (ie 30 seconds ago)00:55
notmynameit works both ways, just skips a lot without the infra test00:56
notmynameand I want to see what happens with the infra change before I make this one depend on it00:56
*** clu_ has quit IRC00:59
*** ChubYann has quit IRC01:02
openstackgerritSamuel Merritt proposed openstack/swift: Add checksum to object extended attributes  https://review.openstack.org/33632301:10
*** dmorita_ has joined #openstack-swift01:11
notmynametorgomatic: thanks01:11
*** dmorita has quit IRC01:11
*** dmorita has joined #openstack-swift01:25
*** dmorita_ has quit IRC01:26
*** dmorita_ has joined #openstack-swift01:33
*** dmorita has quit IRC01:33
*** dmorita_ has quit IRC01:38
*** dmorita has joined #openstack-swift01:40
*** dmorita_ has joined #openstack-swift01:45
*** dmorita has quit IRC01:46
*** takashi has joined #openstack-swift01:50
*** chlong has quit IRC02:11
*** jerrygb has joined #openstack-swift02:34
*** jerrygb_ has joined #openstack-swift02:37
*** jerrygb has quit IRC02:39
*** winggundamth has joined #openstack-swift02:43
*** david_c_ has quit IRC02:45
kota_hello world02:45
mattoliveraukota_: hola o/02:53
kota_mattoliverau: hola! glad you are getting back :)02:54
*** jerrygb has joined #openstack-swift02:54
mattoliveraukota_: yeah it's good to be back :)02:54
*** jerrygb_ has quit IRC02:56
*** jerrygb has quit IRC03:00
*** diogogmt has quit IRC03:15
*** dikonoor has joined #openstack-swift03:20
*** ppai has joined #openstack-swift03:35
*** ppai has quit IRC03:43
*** takashi has quit IRC03:46
*** takashi has joined #openstack-swift03:46
*** dmorita_ has quit IRC03:47
jrichlitimburke has patchbot-foo03:48
jrichlior is that fu?03:48
jrichlimattoliverau: so glad you are feeling better03:49
mattoliveraujrichli: thanks, yeah I am03:49
mattoliverauif its like mad kung-fu skills then fu.. but maybe as devs foo makes more sense :)03:50
*** diogogmt has joined #openstack-swift04:18
*** jerrygb has joined #openstack-swift04:20
*** jerrygb has quit IRC04:23
*** jerrygb has joined #openstack-swift04:23
jrichlimattoliverau: lol, yes ... i meant fu.  but just used to writing foo04:23
*** takashi has quit IRC04:26
*** jerrygb has quit IRC04:28
*** gmmaha has quit IRC05:00
*** jerrygb has joined #openstack-swift05:01
*** jerrygb has quit IRC05:02
*** gmmaha has joined #openstack-swift05:03
*** SkyRocknRoll has joined #openstack-swift05:05
*** chirag has joined #openstack-swift06:03
chiragHello, can someone help me, what is the difference between starting all swift services via "swift-init all start" & "systemctl  start"06:06
chiragIn both the cases I start service successfully but I still get an error of 503 service not available :(06:07
chiragUsing release Mitaka06:07
*** jlwhite has quit IRC06:10
mattoliverauchirag: what did you use to install swift?06:11
chiragredhat OSP release06:11
mattoliverauie, I assume you use some system package06:11
mattoliverauSwift by default uses swift-init to start stop services and it manages keeping track of pid files etc.06:11
chiragYes I used OSP 9 package06:12
*** jlwhite has joined #openstack-swift06:12
mattoliverauSystemd configuration was added by the package mantainer, and I don't know what they do. If they just wrap up swift-init, there I guess there isn't much difference, however if they manage the pid files etc systemd then that will collide with swift-init and you shouldn't use both.06:13
chiragmattoliverau, i started all service successfully useing swift-init, but still when I try uploading objects I get an 503 error06:13
mattoliveraubut again, I don't know how the systemd OSP packages were written06:14
mattoliverauwhat error message are you getting in the logs?06:14
* mattoliverau notes I'm about to end for the day as it's after 5pm on a Friday here and the wife is waiting for me.06:15
chiragjust 503 on OUT and additional  [Errno 13] Permission denied: '/var/cache/swift/object.recon06:15
chirag*on PUT06:16
mattoliverauwell the recon thing just means swift doesn't have permission to dump recon data there, that doesn't stop running. Was that the proxy log or the object servers? sorry gotta go, boss (wife) is now calling me.06:22
chiragno issues, will manage :)06:24
*** klrmn has quit IRC06:25
*** Jeffrey4l has quit IRC06:35
*** Jeffrey4l has joined #openstack-swift06:48
*** tesseract has joined #openstack-swift07:03
openstackgerritDrew Balfour proposed openstack/swift: add byteorder information and logic to ring files  https://review.openstack.org/39523707:03
*** tesseract is now known as Guest760507:03
zaitcevIt's a very fresh bug, too07:04
zaitcevchirag: see https://review.openstack.org/38759107:06
patchbotpatch 387591 - swift - Set owner of drive-audit recon cache to swift user (MERGED)07:06
*** sams-gleb has joined #openstack-swift07:10
*** sams-gleb has quit IRC07:10
*** sams-gleb has joined #openstack-swift07:11
*** rcernin has joined #openstack-swift07:11
*** sams-gleb has quit IRC07:57
*** sams-gleb has joined #openstack-swift07:58
*** sams-gleb has quit IRC08:02
*** geaaru has joined #openstack-swift08:23
chiragI am configuring ceilometer with swift facing an error "LookupError: Entry point 'swift' not found in egg 'ceilometer'"08:32
chiragDo I need to specify anything manually other than in proxy.conf?08:33
*** amoralej|off is now known as amoralej08:34
*** wuhg has joined #openstack-swift08:39
*** dmorita has joined #openstack-swift08:47
*** dmorita has quit IRC08:52
*** raman has joined #openstack-swift09:02
*** raman has left #openstack-swift09:03
*** asettle has joined #openstack-swift09:14
*** cbartz has joined #openstack-swift09:19
*** cbartz has left #openstack-swift09:24
*** cbartz has joined #openstack-swift09:26
*** sams-gleb has joined #openstack-swift09:33
*** Guess456787654 has joined #openstack-swift09:43
*** openstackgerrit has quit IRC09:48
*** openstackgerrit has joined #openstack-swift09:49
kota_tdasilva: hello, can you add links for github code base to https://launchpad.net/pyeclib and https://launchpad.net/liberasurecode description like as https://launchpad.net/swift09:50
*** Guess456787654 has quit IRC09:50
kota_tdasilva: that's worthful to make the launchpad is starting point of the project (tracking issues, knowing code, etc...)09:51
*** ChubYann has joined #openstack-swift09:51
openstackgerritMerged openstack/liberasurecode: Change link to pyeclib in README.md  https://review.openstack.org/32513209:52
*** Trixboxer has joined #openstack-swift10:09
*** chirag has quit IRC10:09
*** suresh_ has joined #openstack-swift10:11
suresh_hii all, how can increase swift upload speed is there any parameter kind of thing in swift configuration10:13
*** acoles_ is now known as acoles10:13
suresh_please someone help?10:13
suresh_hii all, Is there any way to increase swift upload speed?  is there any parameter kind of thing in swift configuration10:16
suresh_please someone help?10:16
*** suresh_ has quit IRC10:36
*** silor has joined #openstack-swift10:40
*** silor1 has joined #openstack-swift10:45
*** silor has quit IRC10:47
*** silor1 is now known as silor10:47
*** wuhg has quit IRC10:51
*** d0ugal has quit IRC11:07
*** Guess456787654 has joined #openstack-swift11:17
openstackgerritAlistair Coles proposed openstack/swift: Include debug message for rsync tempfiles  https://review.openstack.org/39196011:52
acolesclayg: timburke I removed some stale code ^^ one of you should probably double check me before +A11:55
openstackgerritKota Tsuyuzaki proposed openstack/swift: WIP: Allowing copy objects which has special content type  https://review.openstack.org/39660311:57
kota_timburke: how do you think of patch 396603?11:57
patchbothttps://review.openstack.org/#/c/396603/ - swift - WIP: Allowing copy objects which has special conte...11:57
kota_timburke: I found the behavior when I was trying to re-put all objects in my containers for a reason11:58
kota_timburke: to consider the context of the delete-marker, it seems ok to disallow to copy the delete-marker to anywhere but not sure right now any case we don't have similar situation (i cannot remenber all use case ';' in the swift middlewares)12:00
-openstackstatus- NOTICE: Our OpenStack CI systems are stuck and no new jobs are submitted. Please do not recheck - and do not approve changes until this is fixed.12:01
kota_oh, notice says 'do not approve changes'12:16
kota_so it's good time to be heading home?12:17
kota_heading for12:17
*** vint_bra has joined #openstack-swift12:21
openstackgerritKota Tsuyuzaki proposed openstack/pyeclib: Make hard-coded dependency for liberasurecode>=1.3.1  https://review.openstack.org/39599812:26
kota_got new idea for less code but still in thinking of how we can resolve the gate setup liberasurecode from source.12:27
*** catintheroof has joined #openstack-swift12:27
*** catintheroof has quit IRC12:31
*** Guess456787654 has quit IRC12:35
*** Guess456787654 has joined #openstack-swift12:36
*** catintheroof has joined #openstack-swift12:40
*** Guess456787654 has quit IRC12:42
*** Guess456787654 has joined #openstack-swift12:50
*** Guess456787654 has quit IRC12:55
-openstackstatus- NOTICE: Our OpenStack CI system is coming back online again. Thanks for your patience.13:00
*** ma9 has joined #openstack-swift13:25
ma9Hi, when I use Swift by exposing its S3 interface, I need to create EC2 credentials. Given that the line is something like this13:27
ma9openstack credential create --type ec2 --project s3test testuser1 '{"access":"testuser1","secret":"****"}'13:27
ma9is there a way to make the secret be the same as the keystone password?13:27
ma9I mean, I would like the user to be able to use S3, and he only should know his password13:28
ma9and it should  be the same he uses to access keystone anyway13:28
openstackgerritMerged openstack/swift: Py3: Fixes header key dict  https://review.openstack.org/34832213:32
*** kei_yama has quit IRC13:38
*** SkyRocknRoll has quit IRC13:48
*** amoralej is now known as amoralej|lunch13:54
tdasilvakota_: hi, just saw your msg, let me update that13:55
kota_hi tdasilva, thanks13:55
tdasilvakota_: you are still around! it is late in Tokyo13:56
kota_tdasilva: just playing with my laptop in night time ;-)13:57
*** asettle has quit IRC13:59
tdasilvakota_: changed it, i think you should now also be able to change ;)14:03
*** catinthe_ has joined #openstack-swift14:05
kota_tdasilva: thanks! And i fixed small mistake in launchpad liberasurecode (pyeclib -> liberasurecode)14:06
tdasilvakota_: left it there just to see if you were paying attention ;)14:06
tdasilvahehe14:07
tdasilvajk14:07
kota_lol14:07
*** catintheroof has quit IRC14:08
kota_tdasilva: btw, do you know how to fix, https://bugs.launchpad.net/pyeclib/+bug/1641074 ?14:15
openstackLaunchpad bug 1641074 in PyECLib "Pypi's bug tracker url point to bitbucket" [Undecided,New]14:15
*** StraubTW has joined #openstack-swift14:17
kota_it looks like no project-config setting and no info about https://bitbucket.org/kmgreen2/pyeclib/issues in the code from my egrep result.14:17
*** Renich has joined #openstack-swift14:17
tdasilvakota_: yeah, i can't really find it where to change that yet14:20
tdasilvalookng14:20
*** amoralej|lunch is now known as amoralej14:21
kota_tdasilva: thx. not urgent and I'm going to offline for asleep14:21
tdasilvakota_: have a good night!14:21
kota_g'night14:21
*** dikonoor has quit IRC14:28
openstackgerritAlistair Coles proposed openstack/swift: Unset random seed after rebalancing ring  https://review.openstack.org/37156414:30
*** d0ugal has joined #openstack-swift14:40
*** Renich has quit IRC14:46
*** dmorita has joined #openstack-swift14:48
*** dmorita has quit IRC14:53
*** StraubTW_ has joined #openstack-swift15:00
*** sams-gleb has quit IRC15:00
*** StraubTW has quit IRC15:01
*** sams-gleb has joined #openstack-swift15:01
*** sams-gleb has quit IRC15:06
*** sams-gleb has joined #openstack-swift15:28
*** klamath has joined #openstack-swift15:35
*** sgundur_ has joined #openstack-swift15:36
*** klamath has quit IRC15:43
*** sgundur_ has quit IRC15:45
*** asettle has joined #openstack-swift15:48
openstackgerritJanie Richling proposed openstack/swift: Automatic refresh of memcache config settings  https://review.openstack.org/21849015:48
jrichlinow the default behavior - which is not to enable refresh - is fully documented ^^15:49
*** sgundur_ has joined #openstack-swift15:52
*** rcernin has quit IRC16:05
*** sgundur_ has quit IRC16:05
*** ntata_ has joined #openstack-swift16:25
*** StraubTW_ has quit IRC16:27
*** ma9 has left #openstack-swift16:29
openstackgerritAlistair Coles proposed openstack/swift: Add OPTIONS in manpages  https://review.openstack.org/39066716:31
*** ntata_ has quit IRC16:34
*** david_c_ has joined #openstack-swift16:34
openstackgerritAlistair Coles proposed openstack/swift: Show file parameters as mandatory in swift-*-info man pages  https://review.openstack.org/39669116:37
acolestrivial ^^16:37
*** Guest7605 has quit IRC16:43
*** cbartz has left #openstack-swift16:47
notmynamegood morning16:51
*** sgundur_ has joined #openstack-swift16:57
*** david-lyle has quit IRC16:58
claygmorning!17:00
*** asettle has quit IRC17:15
pdardeaugood morning17:15
*** asettle has joined #openstack-swift17:16
*** clu_ has joined #openstack-swift17:44
timburkegood morning17:47
*** d0ugal has quit IRC17:57
*** sgundur_ has quit IRC17:57
*** david-lyle has joined #openstack-swift17:58
*** sgundur_ has joined #openstack-swift18:00
*** david-lyle has quit IRC18:03
*** klrmn has joined #openstack-swift18:05
*** rcernin has joined #openstack-swift18:10
*** d0ugal has joined #openstack-swift18:12
*** rcernin has quit IRC18:12
*** asettle has quit IRC18:24
*** acoles is now known as acoles_18:28
*** Administrator_ has joined #openstack-swift18:30
*** zhugaoxiao has quit IRC18:33
*** david-lyle has joined #openstack-swift18:36
jrichlibkeller`: thanks for the review of the memcache patch!18:43
*** sgundur_ has quit IRC18:46
openstackgerritTim Burke proposed openstack/swift: remove double checks on account/container info  https://review.openstack.org/31708018:46
*** sgundur_ has joined #openstack-swift18:54
*** catinthe_ has quit IRC18:56
*** sgundur_ has quit IRC18:59
*** sgundur_ has joined #openstack-swift19:00
*** d0ugal has quit IRC19:02
*** pcaruana has quit IRC19:07
*** stradling has joined #openstack-swift19:20
claygjrichli: i'm just not sure that account_autocreate is even really a "security" issue?19:22
claygjrichli: there's one like "allow_account_mangement" - they're related - but I always forget how19:22
*** stradling has quit IRC19:23
*** catintheroof has joined #openstack-swift19:25
*** catintheroof has quit IRC19:27
*** catintheroof has joined #openstack-swift19:29
jrichlioh, i will look more into it.  I think my past work experiences have left me with an awareness of over-cautious hardening and compliance checklists19:31
notmynamedid I miss something you asked jrichli? I didn't see anything come up in here about account autocreate19:32
jrichlinotmyname: comments from https://bugs.launchpad.net/swift/+bug/162971119:33
openstackLaunchpad bug 1629711 in OpenStack Object Storage (swift) "change account_autocreate to default to true" [Wishlist,In progress] - Assigned to Cheng Li (shcli)19:33
notmynameah, got it. thanks19:34
*** catintheroof has quit IRC19:42
*** catintheroof has joined #openstack-swift19:55
*** geaaru has quit IRC19:55
*** sgundur_ has quit IRC19:57
*** catintheroof has quit IRC19:59
*** sgundur_ has joined #openstack-swift20:01
*** dmorita has joined #openstack-swift20:04
*** dmorita has quit IRC20:09
*** amoralej is now known as amoralej|off20:13
*** sgundur_ has quit IRC20:16
*** silor has quit IRC20:22
*** portante has quit IRC20:26
*** portante has joined #openstack-swift20:31
*** ndk_ has quit IRC20:39
*** ndk_ has joined #openstack-swift20:42
*** catintheroof has joined #openstack-swift20:45
*** portante has quit IRC20:46
*** portante has joined #openstack-swift20:51
*** portante has quit IRC20:55
*** ndk_ has quit IRC20:56
*** sgundur_ has joined #openstack-swift20:58
tdasilvajrichli: hello, still around?21:14
jrichlitdasilva: yes.  what's up?21:15
tdasilvajrichli: in patch 232162 you mentioned seeing func. test errors when running without symlinks in the pipeline but with fast post enabled21:16
patchbothttps://review.openstack.org/#/c/232162/ - swift - Symlink implementation.21:16
tdasilvaare you still seeing those errors?21:16
*** ndk_ has joined #openstack-swift21:17
jrichliyes, but it's just that symlink tests themselves are not skipped if symlinks is not in the pipeline.21:18
tdasilvajrichli: oh yeah, sorry forgot about that21:18
tdasilvajrichli: jumping on that now21:18
*** portante has joined #openstack-swift21:20
openstackgerritMerged openstack/swift: Include debug message for rsync tempfiles  https://review.openstack.org/39196021:20
openstackgerritMerged openstack/swift: Add OPTIONS in manpages  https://review.openstack.org/39066721:22
openstackgerritMerged openstack/swift: Show file parameters as mandatory in swift-*-info man pages  https://review.openstack.org/39669121:22
jrichlitdasilva clayg:  I am planning to create a first cut of the api-ref docs soon21:26
jrichlitdasilva: I also had a question about whether or not we will  allow a POST to a symlink to update symlink meta (using symlink=true)21:32
*** Jeffrey4l has quit IRC21:33
tdasilvajrichli: no, at least that's not the plan today21:34
tdasilvaa POST to a symlink will return an error21:34
*** catinthe_ has joined #openstack-swift21:34
*** catintheroof has quit IRC21:34
tdasilvasymlink=true is only used for GET/HEAD21:34
jrichlioh, ok.  I was confused about that.  I guess I was thinking that we needed to support updating the symlink metadata for auto-tiering, but I guess  that will be different21:35
tdasilvajrichli: yeah, so that would be handled by the auto-tiering feature itself21:37
jrichlithere was a comment "TODO: need to document fast post." I wondered what is different for fast post that needed to be documented21:38
tdasilvajrichli: mm...need to look...loading all this stuff in my head again, haven't looked at symlinks for a while now :/21:38
jrichliok, np21:38
tdasilvajrichli: will get back to you on that21:39
jrichliok, i will update with replies to questions you have answered here21:40
*** sams-gleb has quit IRC21:42
*** sams-gleb has joined #openstack-swift21:43
*** sgundur_ has quit IRC21:43
*** portante has quit IRC21:43
*** ndk_ has quit IRC21:44
*** sams-gleb has quit IRC21:47
*** ndk_ has joined #openstack-swift21:48
*** portante has joined #openstack-swift21:48
*** si1ver has joined #openstack-swift21:58
si1verIs there a guide for setting up swift3 middleware to support aws4 auth?22:00
*** vint_bra has quit IRC22:08
*** portante has quit IRC22:18
*** ndk_ has quit IRC22:18
*** portante has joined #openstack-swift22:19
claygtimburke: kota_: ^ i can barely spell aws22:19
si1verThe documentation appears to not have been updated since icehouse.22:20
si1verand it mentiones a swift3 config file, which I cannot find.22:21
claygsi1ver: can you drop a link?  maybe we can file a bug.22:21
notmynameare you lookign at https://github.com/openstack/swift3?22:21
claygsi1ver: and thanks - sorry I don't more - try to hang around - someone might be ... like notmyname!22:22
clayg*don't know22:22
timburkesi1ver: is swift3 already configured? you should get v4 auth support for free with swift3 v1.11 + keystone 9.022:22
timburkethe config file it's refering to is almost certainly proxy-server.conf22:22
si1verI have the directives for s3token to reach keystone in proxy-server.conf22:23
notmynametimburke: is the swift3 built docs tree published anywhere? I didn't find it on docs.openstack.org22:23
si1verLooking for that page again still22:23
timburkenotmyname: no idea22:23
*** ndk_ has joined #openstack-swift22:24
si1verhttp://docs.openstack.org/juno/config-reference/content/configuring-openstack-object-storage-with-s3_api.html22:24
si1verI can't find it for mitaka but I swear I have seen it. :p22:24
si1verI'll check my keystone version22:24
si1ver2:8.0.0-0ubuntu1~cloud022:25
si1verSo that is too old?22:25
timburkesi1ver: can you make requests with v2 signatures?22:25
si1verYes22:25
si1verI'm trying to support newer clients that are not v2 capable22:26
timburkeah, yeah, i think you need a version of keystone that includes https://github.com/openstack/keystone/commit/f11d39622:26
si1verDoes newton ship with keystone 9.0?22:26
si1verSeems mitaka is 8.022:26
si1verassuming 2:8.0.0.0 actually means 8.022:27
timburkeoh, weird. i thought mitaka started with 9.0 :-/22:27
si1verhang on, might be a ubuntu issue22:27
si1verapt-get upgrade didn't pick up the cloud repo, so my mistake.22:28
si1verI've been trying for a week on liberty, trying today on mitaka.22:29
si1verstill getting '       The request signature we calculated does not match the signature you provided. Check your key and signing method.'22:30
si1verii  keystone                         2:9.2.0-0ubuntu1~cloud022:33
*** ndk_ has quit IRC22:34
si1verok so how about basics. The v2 creds seem to be access="tenant:user" and secret="password". Does v4 use ec2 credentials  generated by keystone or does it use the same format as v2? We use v2 with tempauth.22:35
*** two_tired has joined #openstack-swift22:35
*** ndk_ has joined #openstack-swift22:36
*** Renich has joined #openstack-swift22:40
two_tiredI want to improve the error handling of swiftclient for when there is a connection reset... Is there any known way to simulate a connection reset?22:40
two_tiredthe problem that exists today is that when a segment fails due to connection reset, swiftclient waits for the rest of the segments to be uploaded before failing22:41
notmynametwo_tired: might be possible to mock/monkey-patch a socket in a test and simulate it. woudl that get you what you need?22:42
timburkesi1ver: keystone users always use ec2 credentials. tempauth doesn't yet support v4; i've been meaning to fix that...22:42
two_tirednotmyname: yeah, mocking could do it22:42
si1verKeystone users always use ec2 creds... then what's all the admin-rc and demo-rc stuff about? Those allow the swift client to work with keystone without having ec2 creds.22:43
two_tiredIn the past I've actually killed active TCP connections, but that's not the same as a connection reset22:43
si1verOS_USERNAME and OS_PASSWORD don't look like ec2 creds.22:43
*** portante has quit IRC22:44
timburkesi1ver: for S3 api requests, i mean. keystone doesn't currently give us a way to validate signatures using the user's actual password22:44
si1verOk that makes more sense22:44
*** portante has joined #openstack-swift22:45
notmynametwo_tired: I think the place I'd start would be in client.py:HTTPConnection._request()22:46
notmynametwo_tired: probably try to mock that, maybe find an underlying socket object, etc22:47
two_tiredIt's _retry() where I need to fix the exception handling22:47
two_tiredConnection._retry()22:48
two_tiredit catches SSLError, and then raises it22:48
two_tiredseems pointless22:48
two_tiredand prevents a retry from happening22:49
two_tiredso I'm proposing replace raise with an error message and "pass"22:49
two_tiredunless there's some reason not to retry after an SSLError22:49
timburkei think the assumption was that it was the result of an invalid cert22:50
notmynamethe commit that changed that was a really big one (porting to use requests). yeah. what timburke said22:50
timburkeor some other server-side issue where retrying wouldn't help22:50
two_tiredin my situation it's not a cert issue22:51
*** mariusv has quit IRC22:51
two_tiredespecially considering the rest of the segments complete successfully22:51
notmynamethat sounds like a great test to add (and bug to fix, then) :-)22:51
*** mariusv has joined #openstack-swift22:51
two_tiredbut yeah, I saw that was a big commit, and figured the author meant to come back to it at some point22:51
timburkecan we get more info out of the exception to determine what went wrong? if we only re-raise on invalid certs, i think i'd be happy22:52
*** ndk_ has quit IRC22:54
si1vertimburke: so when I run keystone ec2-credentials-list it kicks out tenant, access, and secret. Do I need to do anything with the tenant value?22:55
*** ndk_ has joined #openstack-swift22:56
timburkesi1ver: nope; you just need access and secret23:00
si1vergetting 401 errors now from keystone in the proxy log. That's progress. I was getting 404s.23:00
timburkewhat port are you using? i think i remember something about the admin vs public pipelines having different behavior there...23:01
si1ver808023:02
si1verhere are the proxy logs: http://pastebin.com/R3CXCdfx23:02
si1verDemo cluster, not on internet. Don't care about the pw being exposed.23:02
*** vint_bra has joined #openstack-swift23:02
si1veraccount: none and user_id:none do not sound right to me.23:03
si1verunless keystone fills in those blanks23:04
timburkesorry, i meant the keystone port. fwiw, looks like we test against 35357?23:04
si1verWould an s3 client work on that port? That seemed to only be for the python swift client.23:05
si1veroh wait do you mean the port listed i nthe proxy server config, not the client config?23:06
timburkein proxy-server.conf, the s3token section...yeah! that23:06
si1verauth_port = 3535723:06
si1verI confirmed I can get a token with the admin credentials in the swift config, as suggested by https://ask.openstack.org/en/question/43818/keystone-auth-failure-is-what-it-seems/23:18
si1verHere's the keystone log that was at the same time that the proxy log above was from. http://pastebin.com/raw/e6c5rRRQ23:25
*** Jeffrey4l has joined #openstack-swift23:31
timburkehmm. maybe try with port 5000? i know someone else was bit by that admin/public pipeline issue earlier, let me go back through my notes...23:34
si1vertrying23:38
two_tiredpprint on my exception gives me: SSLError(SSLError(CertificateError("hostname 'abc.def.com' doesn't match '*.top.secret.com'",),),)23:41
two_tiredwhat's the right way to test the object for CertificateError?23:41
si1verno luck with port 5000.23:48
si1verI've gotta run, but thanks for looking.23:48
zaitcevthere's a way to use openssl to just open a connection and examine a cert, but in practice I think everyone just runs curl.23:51
two_tiredMy cert is intentionally bad and I want to be able to identify that it's bad in swiftclient23:52
*** Renich has quit IRC23:52
claygopenssl s_client -connect HOSTNAME23:56
claygalthough I hear gnutls-cli is the all the rage now that we're out of legacy ip addresses23:56
*** catinthe_ has quit IRC23:58
« Thursday, 2016-11-10 Index Saturday, 2016-11-12 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!