Wednesday, 2014-08-20

*** bdpayne has joined #openstack-barbican00:12
*** bdpayne has quit IRC00:23
*** xianghui has quit IRC00:54
*** xianghui has joined #openstack-barbican00:58
*** xianghui has quit IRC01:07
*** xianghui has joined #openstack-barbican01:08
*** bdpayne has joined #openstack-barbican01:10
*** ayoung has quit IRC01:17
*** bdpayne has quit IRC01:22
openstackgerritlifeless proposed a change to openstack/python-barbicanclient: Remove hardcoded version.
*** alee_on_way_home is now known as alee02:03
*** xianghui has quit IRC02:07
*** xianghui has joined #openstack-barbican02:08
*** woodster_ has quit IRC02:25
*** juantwo_ has joined #openstack-barbican02:51
*** juantwo has quit IRC02:55
*** xianghui has quit IRC03:09
*** xianghui has joined #openstack-barbican03:10
*** xianghui has quit IRC03:16
*** xianghui has joined #openstack-barbican03:17
*** kebray has joined #openstack-barbican03:21
*** kebray has quit IRC03:21
*** kebray has joined #openstack-barbican03:22
*** kebray has quit IRC03:45
*** kebray_ has joined #openstack-barbican03:45
*** kebray_ has quit IRC03:55
*** kebray has joined #openstack-barbican03:56
*** bdpayne has joined #openstack-barbican04:09
*** xianghui has quit IRC04:17
*** xianghui has joined #openstack-barbican04:17
*** juantwo_ has quit IRC04:50
*** bdpayne has quit IRC05:18
*** rm_you| has joined #openstack-barbican05:25
*** rm_you has quit IRC05:29
*** bdpayne has joined #openstack-barbican05:36
*** bdpayne has quit IRC06:07
openstackgerritOpenStack Proposal Bot proposed a change to openstack/barbican: Imported Translations from Transifex
*** kebray has quit IRC07:24
*** tkelsey has joined #openstack-barbican09:50
*** openstackgerrit has quit IRC10:10
*** tkelsey has quit IRC10:59
*** SheenaG1 has joined #openstack-barbican11:06
*** SheenaG11 has joined #openstack-barbican11:10
*** SheenaG1 has quit IRC11:12
*** tkelsey has joined #openstack-barbican11:15
*** juantwo has joined #openstack-barbican11:45
*** juantwo has quit IRC11:47
*** juantwo has joined #openstack-barbican11:47
*** nkinder has quit IRC13:11
*** woodster_ has joined #openstack-barbican13:35
*** nkinder has joined #openstack-barbican14:10
*** SheenaG11 has quit IRC14:25
*** akoneru has joined #openstack-barbican14:36
*** paul_glass has joined #openstack-barbican14:37
aleewoodster_, ping14:54
woodster_alee: hello14:54
aleewoodster_, hey - I just uploaded a new cr for the dogtag plugin14:54
woodster_alee: nice!14:55
aleeshould be good to review.14:55
aleeinterestingly the jenkins jobs did not kick off14:55
aleeand there was nothing that showed up on this irc.14:55
woodster_alee: I'm looking at initial hooking into the cert stuff from the order side...seeing issues14:55
woodster_alee: zuul is angry14:55
aleethere appears to be a "toggle ci" button on the screen -- am I supposed to click that?14:56
woodster_I think that just changes your view...that's how you can get the inlined jenkins status to show up14:56
aleewell it didn;t seem to do anything14:57
woodster_I don't think that triggers any zuul activity, but could be wrong14:57
aleeno it doesn't appear to be -- but zuul appears to be on holiday14:57
aleewoodster_, anyways - we should chat some more about the orders -> certs patch14:59
woodster_alee: I'm just trying to get a cert type order to flow thru to the new cert logic now...I figure the first patch could just do that. It would be enough to get your code looped in I think15:00
aleewoodster_, yup - something basic I can take a look at15:01
aleewoodster_, looks like zuul is back15:01
*** SheenaG1 has joined #openstack-barbican15:01
aleebut for some reason devstack gte not happy -- looking15:02
*** ayoung has joined #openstack-barbican15:04
*** akoneru is now known as akoneru_brb15:04
aleewoodster_, is the correct entry "recheck no bug" ?15:06
aleewoodster_, one of the things jamielennox said to me yesterday resonated with me -- which is that"having to know the kind of ca that is on the backend diminishes the power of the abstraction"15:08
aleewhy not just go directly to dogtag or symantec or whatever ..15:08
woodster_alee: yes to 'recheck no bug'15:08
woodster_hmmm...abstract vs direct to dogtag/symantec/etc15:09
aleeso I do think we should resurrect the idea of creating a common cert api -- for the most common tasks -- like getting a SSL server cert -- and look to supporting that in K15:09
woodster_they seem at odds :)15:09
aleewe can still keep the ability to get at more complicated cert requests etc. through vendor specific fields15:10
aleebut I think there is value in presenting an interface where I can just ask barbican for a server cert15:10
aleegiven a csr for instance15:11
rm_work+1 alee15:12
aleewoodster_, I dont think we have time to design that interface now - although I think that the one blueprint is a start.15:12
rm_workdegrading your abstraction by expecting a bunch of vendor specific fields in any request is really… :/15:12
*** openstackgerrit has joined #openstack-barbican15:12
rm_work(speaking from dealing with the same issue in Neutron-LBaaS)15:13
aleeI think that blueprint requires something like profiles for spcific use cases15:13
aleewoodster_, anyways I think we should push forward with allowing vendor specific fields so that we can show that we can issue certs for J15:14
aleebut that we should do so in a way that would allow us to add a common interface in K15:14
aleewoodster_, we might be able to do something like this .. for instance15:15
aleein the order metadata -- if the request is vendor specific, then have a dict labeled "dogtag" or "symantec" or ..15:16
aleeeventually we could end up adding a dict called "barbican" or "common"15:16
aleefor common-api specific request fields15:17
aleedoes that make sense?15:17
aleethe advantage of doing it that way also is that you might be able to make a common request and also send in any supplemental required vendor specific request params too.15:19
aleewoodster_, still there?15:21
woodster_alee: yep, just in impromptu meetings right now :)15:21
rm_workneed more eyes on
rm_workneed to get the BP through before the CR :P15:25
*** bdpayne has joined #openstack-barbican15:25
redrobotrm_work that BP looks familiar15:25
rm_workredrobot: :P15:25
rm_workit just might15:25
rm_workredrobot: though this might be an opportunity for you to look at and actually adjust the BP if you decide you want to see anything else15:26
redrobotrm_work RE: loonch, I forgot I'm senseing a coding dojo today.  Might be able to go after 1pm15:26
woodster_alee: That sounds like a good discussion for K for sure. I'd personally favor common key/values, that includes an optional 'vendor' sort of key/value pair. The key/values that come after that are specific to a vendor.  So keep the overall meta dict simple and flat perhaps?15:26
rm_workredrobot: lol k that could still work for me15:26
rm_workredrobot: oh which one is that? I was thinking about going to the python one15:27
redrobotrm_work we may still have seats for the dojo if you're interested.15:27
rm_workhow many seats? I think some others from my team might want to go as well...15:27
rm_workjust a hunch15:27
redrobotrm_work it'a TDD dojo.  Probably doing the Bowling Kata today.15:27
rm_workthis is all foreign to me15:28
rm_worki mean, I know TDD15:28
rm_workbut the Dojo thing15:28
redrobotno idea, I don't organize it, I just show up and help with the tech side of it15:28
aleewoodster_, so something like dogtag-csr - for instance?15:28
rm_workBowling problem?15:28
rm_workshould I know what that is? :/15:28
redrobotrm_work everyone takes turns on the keyboard.  First person writes a test, next person makes it pass and writes one of their own, rinse, repeat15:28
rm_worklike… just ANY test? :P15:29
redrobotno, the sensei picks a problem to solve15:29
aleewoodster_, I'm not sure we want to be in the business of adding/stripping off vendor prefixes ..15:29
rm_workah k15:29
redrobottoday we'll be writing a class to score a bowling game15:29
aleewoodster_, maybe keep the common stuff in the meta as flat and just have a subdict for vendor specific stuff.15:30
redrobotrm_work not sure how useful it would be to you, but people new to Python seem to really enjoy it.15:30
aleewoodster_,  so symantec would be under order_meta{ symantec { ...}}15:31
rm_workyeah I might spend the time getting the containers CR rebased and updated to the new model :)15:31
woodster_alee: I think that's more detail type stuff....I think a blueprint that considers segregating CSR-generic fields from optional vendor specific one makes sense, how it is done can be considered later for sure15:31
aleewoodster_,  right now for J, we can only support vert generation using vendor specific fields.15:33
woodster_alee: that's correct, good starting point15:33
aleebecause we dont really have the time to define and put in the common api.  If we put the vendor specific fields within a subdict from the start, then there will be no migration required for clients that start to implement using J15:34
rm_workthanks for the +2 jvrbanac15:36
jvrbanacrm_work, np15:36
rm_workjvrbanac: oh, and i did figure out how to kinda do what you were saying on the CR with moving some of the if/else logic down to streamline it15:36
rm_workjust took me a bit :P15:36
aleewoodster_, I'm mentioning this now of course because you're writing the patch that links up orders to cert plugins.  I think we need to support two differentiators -- a vendor_type (like dogtag, symantec) and an SKI.15:39
*** paul_glass has quit IRC15:39
rm_workBTW, how does string translation work for our project?15:40
rm_workI don't actually see any _() or similar like I am used to for translation handling15:40
aleewoodster_, yay - jenkins just approved my cr .. please take a look when you get a chance.15:41
woodster_alee: I will take a look15:43
woodster_rm_work: we should move to the localization stuff for the client, but not done yet....future CR15:43
rm_work<_< k15:43
rm_workwoodster_: surprised I got a +2 from you that quickly on the client CR :P15:44
rm_workI guess redrobot / reaperhulk still have time to -1/-2 me15:45
woodster_rm_work: oh sorry, didn't mean to break review form...I'll take it off until it ripens for another couple of days15:45
woodster_rm_work: you did help out with my git review issue yesterday I'll just keep it there, thanks!15:45
rm_workheh thanks ;)15:46
rm_workthough I have to assume there's going to be at least one more patchset for some minor nitpicks if nothing else <_<15:46
*** gregsharek1 has joined #openstack-barbican15:48
*** akoneru_brb is now known as akoneru15:53
aleewoodster_, ping. question on your certificate events CR ..15:58
*** gregsharek1 has left #openstack-barbican15:58
woodster_alee: howdy15:58
aleewoodster_, can you tell me what get_plugin() is supposed to return for the CertificateEventPluginManager ?15:59
woodster_it just gets the plugin configured for default just the logging event plugin15:59
aleethe first plugin or all of them?16:00
woodster_alee: just the first plugin. Realistically there would only be one in a deployment I'd think. So maybe a CADF/Ceilometer one for openstack deploys, or a ticketing interface one for enterprises16:00
*** juantwo has quit IRC16:01
*** juantwo has joined #openstack-barbican16:01
aleewoodster_, well I  would think you would want to invoke all event plugins ..16:02
aleewoodster_, anyways I'll comment in the CR -- just seeking clarification as to your intent16:03
*** kebray has joined #openstack-barbican16:04
jvrbanacwoodster_, alee, reaperhulk, rellerreller, would we get a workflow on: ?16:04
*** juantwo has quit IRC16:05
*** juantwo has joined #openstack-barbican16:06
*** juantwo has quit IRC16:07
*** juantwo has joined #openstack-barbican16:08
*** juantwo has quit IRC16:09
*** juantwo has joined #openstack-barbican16:10
*** juantwo has quit IRC16:10
*** bdpayne has quit IRC16:10
*** juantwo has joined #openstack-barbican16:11
woodster_jvrbanac: just workflow+1-ed it16:15
jvrbanacwoodster_, thanks!16:15
woodster_alee: are you there? If so, check out a question I sent to you please....16:15
rm_workso redrobot I guess I'm down for Erik's 1pm if you are :P16:17
arunkantwoodster_ and others, looking for review comments on .16:17
rm_workchellygel: I guess I can get your tacos if you are down to wait till 1pm, lol16:17
chellygelyeah doug was saying 1, if i'm done, i'll go! just ping me when yall are ready to leave16:18
openstackgerritA change was merged to openstack/barbican: Imported Translations from Transifex
*** tkelsey has quit IRC16:45
*** paul_glass has joined #openstack-barbican16:46
*** bdpayne has joined #openstack-barbican16:47
*** paul_glass1 has joined #openstack-barbican16:49
*** paul_glass has quit IRC16:52
openstackgerritPaul Kehrer proposed a change to openstack/barbican: change CryptoPluginManager to be instantiated in the module scope
*** paul_glass1 is now known as paul_glass16:58
*** atiwari has joined #openstack-barbican17:07
openstackgerritA change was merged to openstack/barbican-specs: blueprint for adding HP Atalla ESKM crypto plugin.
*** akoneru is now known as akoneru_lunch17:10
openstackgerritArvind Tiwari proposed a change to openstack/barbican: fix for bug #1359197
openstackgerritArvind Tiwari proposed a change to openstack/barbican: fix for bug #1359197
openstackgerritJohn Wood proposed a change to openstack/barbican: Initial connect orders resource to certificate processing
reaperhulkwoodster_: is ready for review (and passes tests). Thanks for catching that import mistake :p I must have looked at that 50 times and never noticed17:35
*** nkinder has quit IRC17:35
openstackgerritArvind Tiwari proposed a change to openstack/barbican: fix for bug #1359197
woodster_reaperhulk: I ended up seeing the issue with nosetests...tox hid away the root cause exception. Interestingly I didn't see an issue running the server directly. At any rate, I think that is the only issue with that CR if you want to retry it.17:42
reaperhulkyeah I fixed it and it passed all the tests this time17:42
reaperhulkthat's why I said it's ready for review :)17:42
*** nkinder has joined #openstack-barbican17:48
atiwariredrobot, can someone look in to
atiwarinot sure what is going on17:50
atiwariredrobot, nevermind17:50
SheenaG1Hey woodster_ if you get a chance, I just need workflow now17:54
woodster_SheenaG1: done!17:57
atiwarihockeynut, are you there?17:59
*** bdpayne has quit IRC17:59
*** bdpayne has joined #openstack-barbican18:02
SheenaG1YAY ATC ATC ATC18:02
SheenaG1atiwari: looks like he's afk, I think he went to lunch with jvrbanac18:02
rm_workhopefully redrobot is out of his thing soon and loonching can happen18:02
atiwariSheenaG1, thanks I will check back18:02
redrobotrm_work LOOOOONCH!18:07
SheenaG1Hey rm_work I need to talk to you when you get back18:10
SheenaG1re: timelines18:10
openstackgerritA change was merged to openstack/barbican: Edited docs to improve context
*** akoneru_lunch is now known as akoneru18:13
*** paul_glass1 has joined #openstack-barbican18:21
*** paul_glass has quit IRC18:24
*** samuelbercovici has joined #openstack-barbican18:31
hockeynuthi atiwari18:37
hockeynutapologies but this week has been (and continues to be) meeting hell!18:39
*** paul_glass1 has quit IRC18:40
atiwarihockeynut, np18:54
hockeynutwhats up?18:54
atiwarihockeynut, I am trying to understand you comment on
atiwariregarding failing the devstack18:55
hockeynutah yes - I looked at the output of the devstack job to see what was failing18:56
atiwarihockeynut, I am trying to see where to fix18:57
hockeynutpeek at
atiwarilet me see18:58
hockeynutapologies, its 2pm which means time for another meeting :-(  Back in a few (if we survive)18:58
*** paul_glass has joined #openstack-barbican19:10
*** lifeless has joined #openstack-barbican19:11
lifelessany cores around ?19:12
lifelessI'd really love to get landed to unblock the pbr semver blueprint19:12
reaperhulk+2 from me19:15
lifelessthank you!19:28
rm_workSheenaG1: hey back19:37
rm_workSheenaG1: timelines are shot19:37
redrobotlifeless on the way to merge19:39
jvrbanaclifeless, did something change with PBR?19:39
openstackgerritA change was merged to openstack/python-barbicanclient: Remove hardcoded version.
reaperhulk is ready for review now too redrobot, jvrbanac ;)19:42
jvrbanacreaperhulk, taking a look now19:42
redrobotreaperhulk is there a Bug # for that change?19:42
reaperhulkonly if woodster_ filed one19:42
reaperhulklaunchpad scares me19:42
reaperhulki think he might have19:43
redrobotreaperhulk yeah,19:43
redrobotreaperhulk would you mind adding Closes-Bug: 1358386 to commimt message?19:43
reaperhulkyeah one moment19:43
openstackgerritPaul Kehrer proposed a change to openstack/barbican: change CryptoPluginManager to be instantiated in the module scope
redrobotas lame as launchpad is, I have to admint the Gerrit->Launchpad bug integration is pretty neat19:44
reaperhulkI'd rather have github style :)19:46
jvrbanacreaperhulk, +2 and _119:49
reaperhulkcool, closing that out will let our dev environment be a fully operational battleship too19:49
jvrbanacreaperhulk, awesoem19:50
jvrbanacGeez! I can't type today19:50
reaperhulktyping is hard19:50
jvrbanacreaperhulk, I type much better on a beach :D19:50
reaperhulkwell why aren't you here then19:50
jvrbanacreaperhulk, good question19:51
jvrbanacarunkant, I added a few comments to your CR19:52
arunkantthanks jvrbanac19:52
*** kebray has quit IRC19:58
*** kebray has joined #openstack-barbican20:04
*** kebray has quit IRC20:06
redrobotwoodster_ finally got annoyed with the Jenkins failed jobs... I'm packaging all the stuff we need20:09
*** kebray has joined #openstack-barbican20:09
woodster_you mean the rdo stuff too??20:10
woodster_redrobot: I think the only issue is that the upload script isn't sending the keystonemiddleware rpm up to yum repo20:11
redrobotwoodster_ crap, this sucks... the keystonemiddleware lib depends on an unreleased oslo.confg -___20:11
redrobotwoodster_ I uploaded python-keystonemiddleware, but now its dependencies are needed20:12
woodster_redrobot: arg!  Ok, that sucks20:12
redrobotugh, I see the version we need in PyPI, but fpm is refusing to pull it down :(20:14
redrobotwoodster_ this is a mess... thinking about just doing this instead
openstackgerritArvind Tiwari proposed a change to openstack/barbican: Reorganize code to use store crypto plug-in
atiwarihockeynut, I have fixed the issue added more unit tests, so that in future it won't happen again.20:16
woodster_redrobot: ha, let me know if that works out for ya!20:16
redrobotwoodster_ yeah.... fpm is not wanting to play nice... going to need some serious work to get that pipeline back into shape. :(20:25
woodster_redrobot: I was hoping that was the easy part...shouldn't have known better!20:25
woodster_redrobot: so ditch it for the docker jenkins stuff? :)20:26
redrobotwoodster_ that's what I'm thinking...  it's just such a time sink to try to get unpackaged stuff right.20:26
woodster_redrobot: I agree for sure20:27
*** paul_glass has quit IRC20:27
*** jamielennox is now known as jamielennox|away20:33
*** SheenaG1 has quit IRC20:34
openstackgerritA change was merged to openstack/barbican: change CryptoPluginManager to be instantiated in the module scope
*** SheenaG1 has joined #openstack-barbican20:40
*** juantwo has quit IRC20:41
*** kebray has quit IRC20:44
*** kebray has joined #openstack-barbican20:45
*** gyee_ has joined #openstack-barbican20:50
*** denis_makogon has quit IRC20:52
*** dmakogon_ has joined #openstack-barbican20:53
SheenaG1rm_work: ping21:04
*** kebray has quit IRC21:05
*** bdpayne has quit IRC21:10
*** atiwari has quit IRC21:15
*** bdpayne has joined #openstack-barbican21:15
openstackgerritArvind Tiwari proposed a change to openstack/barbican: Reorganize code to use store crypto plug-in
*** atiwari has joined #openstack-barbican21:23
rm_workSheenaG1: pong21:43
rm_workSheenaG1: SYN21:43
hockeynutatiwari awesome, thanks!21:59
rm_workwhelp, I think I found an even cleaner way of instantiating / handling get() on the Secret/Order objects <_<22:18
*** kebray has joined #openstack-barbican22:18
*** SheenaG1 has quit IRC22:19
*** atiwari has quit IRC22:19
*** jamielennox|away is now known as jamielennox22:22
*** nkinder has quit IRC22:26
openstackgerritJohn Wood proposed a change to openstack/barbican: Add initial files for certificate event handling
openstackgerritJohn Wood proposed a change to openstack/barbican: Add initial files for certificate event handling
openstackgerritJohn Wood proposed a change to openstack/barbican: Add initial files for certificate event handling
rm_workredrobot / woodster_: uh hey, so... right now, if I do a GET on a container, the "secret_refs" structure it returns gives me the "secret_id" (which is a UUID), not a "secret_ref" >_>23:01
rm_workthat might be a blocker for containers in the client, unless I want to do really dumb workarounds23:01
rm_workany idea why it was implemented that way?23:01
*** kebray has quit IRC23:04
redrobotrm_work someone fubarred it?  we should file a bug for that23:14
rm_workredrobot: like this?
rm_workCR incoming23:14
redrobotrm_work yes, just like that23:15
redrobotrm_work what's your launchpad id?23:15
rm_worki have so many freaking IDs23:16
rm_workand they're all different T_T23:16
rm_workmaybe adam-harwell23:16
redrobotnever mind I assigned you23:16
rm_worktry that23:16
rm_workotherwise rm-you23:16
*** kebray has joined #openstack-barbican23:23
rm_workwoodster_ / redrobot: oh I figured it out23:28
rm_workit's ONLY on the LIST23:28
rm_workit's already handled properly in the ContainerController, just not in ContainersController23:29
rm_workupdated bug
rm_workCR incoming23:35
openstackgerritAdam Harwell proposed a change to openstack/barbican: Fix Container list to properly format secret_refs
rm_workthere we go23:38
rm_workwow, never landed
rm_workwoodster_: is he "tsv" on IRC?23:42
rm_workreaperhulk: hey are you around?23:43
rm_workreaperhulk: your comment on is... maybe not correct? >_>23:43
rm_workit appears to be defined immediately above the line you commented on :P23:44
*** kebray has quit IRC23:44
*** nkinder has joined #openstack-barbican23:46
*** juantwo has joined #openstack-barbican23:48
*** juantwo has quit IRC23:50
*** juantwo has joined #openstack-barbican23:50
*** openstackgerrit has quit IRC23:54
rm_workalright, guess I'll look at this stuff again tomorrow :(23:55
*** openstackgerrit has joined #openstack-barbican23:58

Generated by 2.14.0 by Marius Gedminas - find it at!