Wednesday, 2014-10-01

aleeredrobot, jvrbanac ping14:18
jvrbanacalee, pong14:18
*** openstackgerrit has joined #openstack-barbican14:19
aleejvrbanac, hey - quick question -- how do I run the functional tests?14:19
jvrbanacThe ones within the barbican repo?14:19
aleejvrbanac, yes and any outside it too14:19
aleejvrbanac, redrobot also I want to revisit your chef scripts to create a dogtag instance and get it working -- where are those again?14:20
jvrbanacThe ones within the repo are suppose to be executed within devstack, like they are in the gate. However, you can run them outside of devstack if you have keystone setup and a tempest.conf14:23
aleejvrbanac, are there instructions somewhere on how to do that?14:24
jvrbanacalee, I think the instructions for getting barbican running in devstack are a little old but:
jvrbanacalee, my less than ideal workflow right now uses vagrant to create a devstack that I mess with:
*** zz_dimtruck is now known as dimtruck14:27
aleejvrbanac, ok - I'll play with that - thanks.  Do you know where the chef scripts for dogtag are again?14:28
jvrbanacalee, not sure if this is what you're looking for:
aleejvrbanac, redrobot btw - do the functional tests test any certificate flows?14:29
jaosoriorHey guys, can we get more people to give an opinion on this one?
jvrbanacalee,  I don't think so14:39
jvrbanacjaosorior, I was planning on putting up some more examples today14:40
openstackgerritAndreas Jaeger proposed a change to openstack/barbican: Use canonical cover name for coverage
jvrbanacI just didn't want to make that patchset very large14:40
jaosoriorwell, maybe doing subsequent patchsets that depend on that one would be even better14:42
*** juantwo has joined #openstack-barbican14:57
*** juantwo has quit IRC14:57
*** juantwo has joined #openstack-barbican14:58
openstackgerritArvind Tiwari proposed a change to openstack/barbican: Code clean-up due to type order enhancement
rm_workalee: i wrote the bootstrap script at the bottom of that wiki page -- it still works (was updated recently) AFAIK15:26
rm_workit runs the functional tests at the end15:26
rm_worklet me know if you have any issues getting those to run, I've been through the wringer on that :)15:27
rm_workredrobot: I need to talk to Werner, where does he hang out on IRC?15:27
aleerm_work, will do. thanks!15:27
redrobotrm_work maybe keystone?  His nick is nonameentername15:29
rm_workredrobot: thanks15:29
rm_workredrobot: is he there right now?15:29
rm_workdon't see him in the channel15:30
redrobotrm_work he may still be in San Francisco?  He was speaking at Java One, but I'm not sure when he gets back.15:30
rm_workoh, ok, cool15:30
rm_workneed to find someone else from Identity then15:30
redrobotrm_work Georgie is my 2nd goto identity guy15:31
redrobotrm_work his nick is jorge_munoz15:31
rm_worki found their internal channel15:31
rm_worki'll hit them up there15:31
rm_workoh hey, jorge_munoz is here :P15:32
redrobotrm_work well, his znc is anyway...15:32
jorge_munozI’m here \o15:34
jorge_munozWhats up?15:34
rm_workah i'll go to PM15:36
*** juantwo has joined #openstack-barbican16:01
*** lisaclark1 has joined #openstack-barbican16:24
*** gyee has joined #openstack-barbican16:25
*** gyee has quit IRC16:59
*** juantwo has joined #openstack-barbican17:07
openstackgerritA change was merged to openstack/barbican: Code clean-up due to type order enhancement
*** gyee has joined #openstack-barbican17:15
openstackgerritJohn Vrbanac proposed a change to openstack/barbican: Cleaning up secret functional tests
jenkins-keepProject openstack-barbican-cloudcafe build #50: STILL FAILING in 8 min 20 sec:
jenkins-keeparvind.tiwari: Code clean-up due to type order enhancement17:31
openstackgerritJohn Vrbanac proposed a change to openstack/barbican: Cleaning up secret functional tests
aleeredrobot, ping18:20
*** akoneru_lunch is now known as akoneru18:21
arunkantwoodster_ , redrobot : Do we need more review on  to get this merged?19:04
aleeredrobot, I sent you some updated config files for the dogtag chef install.19:04
aleeredrobot, those work for me in terms of of installing a ca and kra.19:05
aleeredrobot, perhaps we can work on getting those chef scripts working.19:05
aleeredrobot, I also pointed you to a new copr repo build.19:05
redrobotalee awesome!  I'll give them a try as soon as I get a chance... which probably wont be until next week...  Going to a conference out of town tomorrow.  Gotta re19:06
redrobotGotta release RC1 before then..19:06
aleeredrobot, ok great19:06
redrobotalee I also want to try using docker containers... I want to see what will be easier/faster to spin up for automated tests and such.19:07
chellygelalee, what do you mean by KRA?19:08
redrobotarunkant there was some concerns from a couple of core devs about merging that patch the day before we release RC1. :(  I think we may have to wait until next week and merge it for Kilo19:08
aleechellygel, kra is the same as the drm -- key recovery authority19:09
redrobotchellygel it's dogtag stuff :)19:09
redrobotat least that's how I filed it in my brain...19:09
chellygelalee, -- thanks!19:09
aleechellygel, thats what the drm used to be called till someone in marketing decided on drm because kra sounded scary19:09
aleechellygel, the devs never liked drm though and all the code says kra19:10
redrobotlol, that's why the marketing folks make the big bucks.19:10
chellygelalee, kra is a few characters away from kraken -- i can see why its scary :P19:10
aleeand we just got approval to change it back to kra :)19:10
arunkantredrobot: So after RC1,  are there no more juno release?19:10
aleeseems that "drm" hasgotten a bad rap over the last few years ..19:11
*** lisaclark1 has quit IRC19:11
chellygelalee, yeah, from a gaming perspective, the term gets nasty looks... but that might be unrelated :P19:12
redrobotarunkant hopefull not.  RC stands for Release Candidate.  It should be the build that is ready to be released to the wild.  We'll be supporting the Juno release though, so if there's security fixes or critical bugs, we'll backport them.19:12
*** lisaclark1 has joined #openstack-barbican19:14
arunkantredrobot: Okay. I thought there is RC2 after that, may be not. This CR has been pending for a while. Hopefully it will get merge someday as tired of doing rebases.19:15
openstackgerritJohn Wood proposed a change to openstack/barbican: Sync SQLAlchemy lifecycle to request cycle
redrobotarunkant RC2 is only for critical bugfixes.  It's preferable to only have an RC1.19:27
redrobotarunkant and yes, we'll get it merged as soon as RC1 is out.19:27
*** dimtruck is now known as zz_dimtruck19:38
redrobothockeynut ping19:40
hockeynutredrobot speak o wise one19:40
redrobothockeynut have you run into an issue where Barbican is configured to talk to a Keystone that is using PKI tokens19:41
redrobotso Barbican tries to get the certificate19:41
redrobotbut for some reason it doesn't store the certs19:41
redrobotso authentication of tokens fails afterwards?19:41
hockeynutI recall a tokens vs uuid issue a while back19:42
redrobotIf I run Barbican in a Docker container, the cert is configured correclty, but if I run Barbican locally on my mac, the cert doesn't get cached.19:42
hockeynutnothing in /tmp ?19:42
hockeynutshould have 3 pem files in /tmp/barbican/cache19:43
redrobotso /tmp/barbican/cache is there, but it's empty19:44
hockeynutis your /etc/barbican/barbican-api-paste.ini setup for keystone?19:45
hockeynutdefault is not19:45
hockeynutunder [pipline:barbican_api] you should have this UNcommented:19:46
hockeynutpipeline = keystone_authtoken context apiapp19:46
hockeynutand this one commented out:19:46
hockeynut#pipeline = unauthenticated-context apiapp19:46
hockeynutthen down to [filter:keystone_authtoken]19:47
hockeynutauth_host points to your keystone server (default is localhost)19:47
hockeynutadmin_password probably needs to be adjusted too19:47
redrobothockeynut so, in my docker container, it seems the admin_password is ignored, b/c it's not set correctly, yet keystone integration works19:48
redrobotthis is the stacktrace I'm seeing
hockeynutah, ok19:49
hockeynutbeen there, got bitten by that19:49
*** zz_dimtruck is now known as dimtruck19:49
hockeynutlet me dig out the wiki update we did for that19:51
hockeynutsee item 119:52
redrobothockeynut I'll give that a try, thanks!19:53
aleerm_work, jvrbanac ping21:09
aleerm_work, jvrbanac trying that script ..
aleeand running into some issues ..21:10
*** joesavak has quit IRC21:10
rm_workare you on a clean Ubuntu 14.04 VM?21:10
aleerm_work, on line 4521:10
rm_workor is this your local system21:10
aleerm_work, my local system and its fedora 2021:10
rm_workhmm k21:10
rm_workNO idea about fedora21:11
aleeshould not matter for what we're doing though ..21:11
rm_workbut, what is wrong with that pip line?21:11
rm_workoh, err, this script is assumed to be run as root, BTW21:11
aleerm_work, on that line it refers to /opt/openstack/barbican21:11
aleeyup - got that :)21:11
aleenow what creates that directory?21:11 does21:12
rm_workit does all of the git clones21:12
aleeyeah thats what I figured but I dont see it being created .. ok - looking into the logs ..21:12
rm_workdid you do the first bits too?21:13
rm_workcp /tmp/barbican/contrib/devstack/local.conf /tmp/devstack/21:13
rm_workyou should be using the local.conf from barbican21:13
rm_workotherwise, you can manually just add "barbican" to your ENABLED_SERVICES i think21:13
rm_workif you have your own localrc or something21:13
aleethat should be done .. I may be running into perms issues -- looking21:15
aleerm_work, yeah - perm problems .. causes to exit prematurely21:25
rm_workare you doing it as the new stack user?21:25
rm_workeven locally you should REALLY use the "create stack user" script21:26
rm_workit gets messy otherwise21:26
aleeI was using myself first and am now using a new stack user -- I just extricated the mess.21:27
rm_workthough, if you get a perms issue on anything in /var/run/user/* then21:27
rm_workit's a little weird21:27
aleeI did -- but I think thats resolved -- on running the tests though I get this ..The Barbican (non-admin) API failed to respond within 20 seconds21:30
aleeand yeah - I get this --- > df: '/run/user/1000/gvfs': Permission denied21:31
*** jaosorior has quit IRC21:33
*** juantwo has joined #openstack-barbican21:40
*** juantwo has quit IRC21:41
*** juantwo has joined #openstack-barbican21:41
rm_workalee: any luck?21:52
aleerm_work, not so far -- I think is still exiting prematurely21:52
aleerm_work, this time on connecting to mysql21:53
alee+ sudo mysqladmin -u root password password21:53
aleemysqladmin: connect to server at 'localhost' failed21:53
aleeerror: 'Access denied for user 'root'@'localhost' (using password: NO)'21:53
rm_workdid you let it set up and configure your sql stuff? or did you already have mysql installed and configured?21:53
rm_workyou may need to tell it your root SQL password in the config21:53
rm_workit will assume it was not set\21:53
aleewhere would that go?  local.conf?21:54
aleerm_work, I need to play with it some more -- the problem is that I ran this before as a different user and set things up21:56
aleeneed to unset things again21:57
rm_workalee: yeah, local.conf *or* localrc22:00
rm_workI am not sure how it picks actuallyt22:00
rm_workbut both seem to work (albeit maybe slightly differently?? >_>)22:00
aleerm_work, ok - progress -- I set the password to what I had used before and it got further ..22:02
*** joesavak has quit IRC22:03
rm_workwhat's the error on now?22:22
rm_workI've seriously run into like... every error imaginable, plus some >_>22:23
aleerm_work, gotta go to dinner -  but I think I'm almost there.  the main error was that I had set stuff up before with different passwords22:38
rm_workthat's why i use a VM and nuke it *every day*22:38
aleerm_work, now at least it runs the tests22:38
rm_workand why I needed a bootstrap script so badly :P22:38
aleeyay -- and they just passed :)22:38
aleeyeah - a bootstrap script is very useful22:38
aleethis would totally suck without one22:39
aleeso thanks!22:39
rm_workseriously, your devstack will be out of date in like, an hour22:39
rm_workyou will need to redo it <_<22:39
rm_worklol, np :) enjoy dinner22:39
aleerm_work, one thing I would suggest is some cleanup things at the top22:39
rm_workfor the record, I use a VM and then ssh -X pycharm22:39
rm_workyeah, cleanup is a mess, easier to nuke the VM22:40
alee# cleanup22:40
aleerm -rf /tmp/new22:40
aleerm -rf /tmp/barbican22:40
aleerm -rf /tmp/devstack22:40
aleerm -rf /etc/tempest22:40
aleerm -rf /opt/stack/devstack22:40
aleerm -rf /opt/stack/new22:40
rm_workapt-get uninstall --purge *22:40
aleeyeah - you can do that too ..22:41
rm_workwell, any cleanup is kinda half-ass without cleaning that and the python environment22:41
rm_worklike I said, 10000000% easier to nuke the VM and start over22:41
aleecool - thanks dinner time ..22:42
rm_workthis is Openstack development -- EMBRACE THE CLOUD22:42
rm_workYou were adopted by the Cloud -- I was BORN into it.22:42
rm_work -- Cloudbane22:42
rm_worksorry -- "Oh, you think the Cloud is your ally, but you merely adopted the Cloud. I was born in it, molded by it." --Cloudbane22:43
openstackgerritDouglas Mendizábal proposed a change to openstack/barbican: Fix 500 error when PUTing an order
openstackgerritDouglas Mendizábal proposed a change to openstack/barbican: Fix 500 error when PUTing an order
openstackgerritJohn Wood proposed a change to openstack/barbican: Sync SQLAlchemy lifecycle to request cycle

