Wednesday, 2016-05-25

« Tuesday, 2016-05-24 Index Thursday, 2016-05-26 »
*** cemason has quit IRC03:04
*** cemason has joined #swift303:04
kota_ugh, reviewing sig v4 makes me nurvas, it looks too different from Swift3/S3 implementaion almostly everything. I have to solve the tangled code step by step...06:48
*** acoles_ is now known as acoles08:33
*** Shashikant86 has joined #swift308:41
*** Shashikant86 has quit IRC08:42
*** Shashikant86 has joined #swift308:43
*** Shashikant86 has quit IRC09:41
*** Shashikant86 has joined #swift309:45
*** Shashikant86 has quit IRC09:48
*** Shashikant86 has joined #swift309:56
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116510:03
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116510:06
kota_hopefully it is getting to be land-able... I was tired a bit to look at...10:09
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116510:13
*** Shashikant86 has quit IRC10:50
*** Shashikant86 has joined #swift310:54
*** openstackgerrit has quit IRC11:18
*** openstackgerrit has joined #swift311:18
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116511:19
kota_weird, that unit failure looks to come from self.path_info -> self.path  change11:20
kota_probably I am missing something11:20
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116511:30
*** Shashikant86 has quit IRC11:39
kota_ah....what?11:43
kota_looking at the log http://logs.openstack.org/65/301165/20/check/gate-swift3-tox-keystone/9faafc6/console.html, canonical request is as host:localhost:8080:8080 ??11:45
kota_ah, that's what Andrey said in the original patch, right?11:45
*** Shashikant86 has joined #swift311:52
*** Shashikant86 has quit IRC11:54
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116511:58
kota_anyway, the canonical string in string_to_sign matches the actuall public example from S3 so the calculation except host:port seems correct, right now...12:10
kota_ah, only one error remaining12:23
kota_yeah, that's probably what i touched in recent work.12:24
kota_gotcha, it comes from buggy boto code it makes the host name as localhost:8080 and append port info 8080, it makes swob.Request.host_url to localhost:8080:8080 that violates URL syntax.13:06
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116513:20
*** cemason1 has joined #swift313:21
*** cemason has quit IRC13:21
kota_ugh, still failed?13:35
kota_aaaaaah, the issue seems correct but the newest patch resolve nothing.13:45
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116514:19
kota_hopefully it can pass whole tests...14:26
kota_Pylint doesn't like six, i understood.14:50
timburkekota_: on the doubled-up ports: yeah, we saw that with the original patch. will be fixed if boto merges https://github.com/boto/boto/pull/3513 (or https://github.com/boto/boto/pull/3181 although i don't like that approach as much)16:48
*** lyrrad has joined #swift316:54
timburkeif the unit failure is the one i'm thinking of, i saw that before, too. get-utf8 subtest in test_canonical_string_v4? the path info should be unquoted in the env, so '/\xE1\x88\xB4' or u'/\u1234'.encode('utf-8') would more accurately reflect a real WSGI env (although i'm guessing you already figured that out)16:55
*** cemason has joined #swift320:34
*** cemason1 has quit IRC20:34
openstackgerritKota Tsuyuzaki proposed openstack/swift3: Re:implement AWS signature v4  https://review.openstack.org/30116521:32
*** acoles is now known as acoles_22:01
*** bill_az_ has joined #swift322:02
kota_hello23:00
bill_az_kota_: hi there23:00
kota_hi bill_az_23:01
kota_i'm expecting timburke also will attend...23:02
timburkehi! thanks for the ping :)23:02
kota_:-)23:03
bill_az_Hi23:03
kota_thanks for joining :)23:03
kota_let's get started23:03
kota_agenda is here, https://wiki.openstack.org/wiki/Meetings/swift323:03
kota_looks like just one item for today.23:03
kota_#topic sigv423:04
kota_(does the command work?)23:04
kota_yeah, that seems available only at #openstack-meeting channel23:05
timburkei think not; meetbot (or whatever) does that stuff23:05
kota_ok23:05
kota_recently I'm working on the signature v4 stuff again to address timburke's comment.23:06
kota_comments, they reached 50 comments.23:06
timburkeand i've been meaning to circle back and review all the latest changes. looking good so far!23:07
timburkelot's more to cover :(23:07
kota_i hope so, some parts of them were hard because about some of them I didn't know the original Andrey's intention23:08
kota_i think the latest one I pushed this morning can probably pass for all gates at gerrit.23:09
kota_(23:09
kota_it seems still being running.23:09
kota_or waiting at queue.23:09
timburkelooking at http://status.openstack.org/zuul/ everything seemed to pass. we should probably see a notification soon23:10
kota_with this work, I'm realizing to concern it is getting to big for one patch :/23:11
kota_I think, we still have minor issues (I added somewhere as NOTE) but if they're not serious, I'd like to merge it at first.23:11
timburkei was thinking about that too a bit. though now that i've gotten most of it loaded into my head, i don't really want to split it up23:12
kota_timburke: if you find something serious, it's ok to make -1 to prevent to merge23:12
kota_got a jenkins result!23:12
kota_all green yey23:12
bill_az_it is really only one file with big changes - not sure how you would split that up as changes are all related23:13
timburkeagreed. if there's nothing that leaps out at me, the plan is to leave some comments and start addressing them in follow-up patch(es)23:14
kota_bill_az_: yeah, request.py is too big and also the unit test is getting bigger rather than i expected23:15
kota_timburke: ;-)23:15
bill_az_kota_: when we're finished with this topic, i did have one question - I chatted with timburke last week but wanted to get your thoughts23:16
kota_bill_az_: yup, you have floor23:17
kota_scrolling back the log...23:17
kota_about s3token?23:18
bill_az_we are using swift3 w/ keystone auth, and we see big performance drop23:18
bill_az_yes23:18
kota_bill_az_: gotcha, that is probably problematic23:18
bill_az_using tempauth performance is comparable, but with s3token much worse - because each request is going back to keystone23:18
timburkeand worse, i think it's doing so twice :/23:19
bill_az_signature is only valid for short time - 15 min? - but I thought I had seen an earlier patch or blueprint that was about adding caching for signatures23:19
kota_yes, it makes 2 requests which is un cachable to keystone.23:19
bill_az_any ideas / suggestions on how we can improve this?23:20
kota_ah, signature caching?23:21
kota_can we go the way? I think the signature includes verb, path, any headers, and dates.23:21
bill_az_yeah - if its for the same object to the same proxy it would help - but that's probably not much help23:22
kota_even if we cache the signature, probably another request includes another info about them, i.e. signature will mis-match for the cache.23:22
kota_make sense.23:23
timburkeyeah, i'm fairly certain that any attempt to cache keystone responses in s3token will result in many many cache misses23:24
bill_az_what are the two requests to keystone?  looking at the code now -23:24
timburkeone in s3token, one in auth_token23:25
kota_the first is in s3token and the other is probably auth_token middleware23:25
timburkei want to make that less dumb, and now that s3token is in the swift3 repo, i think there's a better chance of it23:25
kota_timburke: agreed23:26
timburkebut i still haven't fully grokked how those interact or what needs to be populated where23:26
timburke(and probably ahead of that patch will be the use-swift's-http-client patch, which should help orient me somewhat)23:27
kota_bill_az_: in current swift3 process, s3token attempts to get *token* to use *Swift* via s3 signature, and then, auth_token attempts to verify the *token* to keystone.23:27
kota_even though the token is served just now in previous pipeline processs :/23:28
bill_az_ic - so s3token is basically converting signature to token and passing it on23:28
kota_timburke: yup23:28
kota_bill_az_: can i have the link for the blueprint for this?23:30
kota_or ealier patch?23:31
kota_anyways, we should file this issue somewhere online.23:31
bill_az_if s3token is getting a token, then shouldnt authtoken be able to take advantage of caching and reduce keystone calls to one?23:31
bill_az_kota_:  I was not able to find that - maybe I dreamed it up... :-(23:32
kota_bill_az_: if we could get all permissions like roles at the s3token request, we don't need auth_token process, i think.23:32
kota_bill_az_: ok, np. we can make a new report by ourselvs :)23:33
bill_az_If I can dig it up, I'll pass it on23:33
« Tuesday, 2016-05-24 Index Thursday, 2016-05-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!