Friday, 2014-10-10

*** bdpayne has quit IRC00:20
*** alee_afk has quit IRC00:47
*** joesavak has joined #openstack-barbican00:50
*** jsavak has joined #openstack-barbican00:51
*** joesavak has quit IRC00:54
*** jkf has quit IRC01:46
*** zz_dimtruck is now known as dimtruck02:02
openstackgerritDouglas Mendizábal proposed a change to openstack/barbican: Modify Barbican DevStack not to use uWSGI
*** bubbva has quit IRC02:26
*** ayoung-afk has quit IRC02:52
*** openstackgerrit has quit IRC02:58
*** ayoung-afk has joined #openstack-barbican03:05
*** jorge_munoz has joined #openstack-barbican03:10
*** jorge_munoz has quit IRC03:15
*** jsavak has quit IRC03:26
*** jorge_munoz has joined #openstack-barbican03:30
*** bubbva has joined #openstack-barbican03:32
*** jorge_munoz has quit IRC03:42
*** jorge_munoz has joined #openstack-barbican03:51
*** kebray has joined #openstack-barbican04:09
*** Kamaris has left #openstack-barbican04:11
*** juantwo has quit IRC04:42
*** kebray has quit IRC04:56
*** kebray has joined #openstack-barbican05:07
*** jorge_munoz has quit IRC05:20
*** jorge_munoz has joined #openstack-barbican05:21
*** dimtruck is now known as zz_dimtruck05:39
*** ayoung-afk has quit IRC05:56
*** jorge_munoz has quit IRC05:59
*** kebray has quit IRC07:17
*** woodster_ has quit IRC07:30
*** juantwo has joined #openstack-barbican12:24
*** ayoung has joined #openstack-barbican12:45
*** akoneru has joined #openstack-barbican12:48
*** vb-awe has joined #openstack-barbican13:00
*** rellerreller has joined #openstack-barbican13:14
vb-awemight i know what is the position of KMIP support for barbican ?13:14
rellerrellervb-awe what is the question?13:25
rellerrellerWe have implemented a KMIP secret store that can generate and store symmetric keys in a KMIP server13:26
rellerrellerThere was another patch out there to use HP Atalla ESKM as a crypto plugin,
rellerrellervb-awe we are planning to support asymmetric keys in Kilo13:29
rellerrellervb-awe Does that answer your question?13:29
*** joesavak has joined #openstack-barbican13:29
vb-awealso i wanted to know if this uses PyKMIP (the project by JHU-APL)13:31
rellerrellerThe KMIP secret store uses PyKMIP to talk to a KMIP server. I do not think does.13:32
*** usimha has joined #openstack-barbican13:32
rellerrellervb-awe What is your interest in KMIP? Are there any features that you would like to see or are planning to implement?13:34
vb-awei wanted to contribute by using it along with a KMIP server as backend13:37
*** jsavak has joined #openstack-barbican13:44
*** tdink has joined #openstack-barbican13:47
rellerrellervb-awe cool. Let me know if you have any questions. I would be happy to work with you. I did the KMIP secret store and PyKMIP. The more KMIP developers we get the better!13:47
*** joesavak has quit IRC13:48
*** usimha has quit IRC13:50
*** usimha has joined #openstack-barbican13:55
usimharellerreller: Even I'd also like to contribute. Is there any specific part of KMIP which has not been implemented as of now?13:56
rellerrellerusimha For PyKMIP we have only implemented create, register, get, and delete, and we only support symmetric keys at the moment.13:58
rellerrellerWe would like to implement a basic KMIP key store / foundry for symmetric and asymmetric keys13:59
rellerrellerThere is a lot of work for that.13:59
*** tdink has quit IRC13:59
rellerrellerIn terms of Barbican our next proposals will be asymmetric key support, and probably key wrapping14:00
*** ayoung has quit IRC14:03
usimhaOh, we would definitely like to contribute towards it.14:07
*** vb-awe has quit IRC14:13
*** openstackgerrit has joined #openstack-barbican14:16
*** kebray has joined #openstack-barbican14:23
*** vb-awe has joined #openstack-barbican14:38
*** JeffF has joined #openstack-barbican14:41
*** woodster_ has joined #openstack-barbican14:42
*** zz_dimtruck is now known as dimtruck14:43
*** kgriffs|afk is now known as kgriffs14:46
*** jorge_munoz has joined #openstack-barbican14:47
*** vb-awe has left #openstack-barbican14:47
*** jsavak has quit IRC14:59
*** paul_glass has joined #openstack-barbican15:06
*** tdink has joined #openstack-barbican15:17
*** SheenaG1 has joined #openstack-barbican15:25
*** akoneru has quit IRC15:51
*** SheenaG1 has quit IRC15:51
*** rellerreller has quit IRC15:57
*** rtom has joined #openstack-barbican16:12
*** tdink has quit IRC16:14
*** himhiker has joined #openstack-barbican16:18
*** usimha has quit IRC16:18
*** akoneru has joined #openstack-barbican16:20
*** himhiker has quit IRC16:23
*** jamielennox has quit IRC16:25
*** tdink has joined #openstack-barbican16:25
*** kebray has quit IRC16:31
*** JeffF has left #openstack-barbican16:50
*** JeffF has joined #openstack-barbican16:54
*** jamielennox has joined #openstack-barbican17:10
openstackgerritJohn Vrbanac proposed a change to openstack/barbican: Removing new_name argument from test_wrapper
*** jkf has joined #openstack-barbican17:13
*** jkf has quit IRC17:21
*** ryanpetrello has quit IRC17:25
*** ryanpetrello has joined #openstack-barbican17:26
openstackgerritA change was merged to openstack/barbican: Adding parameterized decorators for unit tests
*** rellerreller has joined #openstack-barbican17:31
*** bdpayne has joined #openstack-barbican18:15
*** kebray has joined #openstack-barbican18:27
*** juantwo has quit IRC18:30
*** kgriffs is now known as kgriffs|afk18:31
*** openstackgerrit has quit IRC18:48
*** openstackgerrit has joined #openstack-barbican18:55
*** paul_glass has quit IRC19:02
*** rellerreller has quit IRC19:12
*** mkam has joined #openstack-barbican19:13
*** JeffF has quit IRC19:13
*** mkam has left #openstack-barbican19:14
*** JeffF has joined #openstack-barbican19:16
*** juantwo has joined #openstack-barbican19:26
*** juantwo has quit IRC19:27
*** juantwo has joined #openstack-barbican19:27
*** tdink has quit IRC19:50
*** lisaclark1 has joined #openstack-barbican20:04
*** lisaclark1 has quit IRC20:06
*** tdink has joined #openstack-barbican21:07
*** tdink has quit IRC21:17
openstackgerritArun Kant proposed a change to openstack/barbican-specs: Blueprint for supporting binary secret retrieval in text format
*** kebray has quit IRC21:33
JeffFchellygel: do you have a few minutes to help me, or point me in the right direction for getting the digicert plugin running in barbican?21:34
chellygelhey JeffF I will try my best!21:34
JeffFhere's what I've done.21:34
JeffFI have it running I guess.  I see the output for loaded plugins when barbican starts up.  I see the 4 plugins loading, dogtag, sym, simple, and digicert21:35
JeffFI see that output21:35
JeffFwhen I issue a request, just via command line curl right now, the output I see is "Invoking issue_certificate_request" from simple_certificate_plugin manager21:36
JeffFI enabled the plugin in /etc/barbican-api.conf21:36
JeffFso barbican knows about my plugin, but doesn't seem to know to send requests to it.21:37
JeffFI'm sure that I have just missed something in configuration.21:37
chellygelhmm... im not 100% sure, i'm still a nublet -- woodster_ may give better perspective -- but i'd agree with you21:37
JeffFdo you have any ideas of what I may have missed21:37
chellygeli think there is another place that you ahve to set it?21:38
chellygellet me look21:38
JeffFI set it to enabled in /etc/barbican-api.conf and listed it in setup.cfg also21:38
woodster_JeffF, can you reply with the lines you modified in the .conf and .cfg files?21:39
JeffFsure, one sec21:39
JeffFfrom /etc/barbican-api.conf::    [certificate]21:40
JeffFnamespace = barbican.certificate.plugin21:40
JeffFenabled_certificate_plugins = dc21:40
JeffFnamespace = barbican.certificate.event.plugin21:40
JeffFenabled_certificate_event_plugins = dc21:40
JeffFfrom setup.cfg::21:40
JeffFbarbican.certificate.plugin =21:40
JeffF    simple_certificate = barbican.plugin.simple_certificate_manager:SimpleCertificatePlugin21:40
JeffF    symantec =
JeffF    dogtag = barbican.plugin.dogtag:DogtagCAPlugin21:40
JeffF    dc = barbican.plugin.dc:DigiCertCertificatePlugin21:40
JeffFboy that formatted terribly, can you read it?21:40
JeffFI'm guessing this line:  enabled_certificate_event_plugins = dc isn't necessary.21:44
JeffFjust the one above it, enabled_certificate_plugin probably21:45
chellygelso, im totally guessing... did you try leaving the eventing one set to simple ?21:46
chellygelthe simple stuff was added as a default... but i dont remember doing anything w/ the eventing for symantec21:47
JeffFchellygel: yeah, I checked the symantec plugin and there wasn't any implementation of the event base class.  I can set that back to simple21:48
JeffFso this is what I mean.  Here's the output on barbican startup for the digicert plugin21:54
JeffFDEBUG stevedore.extension [770d00b8-2def-49fb-b612-a173ccadd8b2 ] found extension EntryPoint.parse('dc = barbican.plugin.dc:DigiCertCertificatePlugin') _load_plugins /usr/local/lib/python2.7/dist-packages/stevedore/
JeffFso barbican knows it's there21:54
JeffFbut when I submit a request, here's what I see and I don't see any of my logging in my syslog or console where I'm sending it.21:55
JeffFINFO barbican.plugin.simple_certificate_manager [770d00b8-2def-49fb-b612-a173ccadd8b2 None] Invoking issue_certificate_request()21:55
chellygelhmmf! woodster_ any ideas :S22:00
woodster_JeffF, is there another enabled_certificate_plugins = simple_certificate sort of line in that /etc/barbican/barbican-api.conf file perhaps?22:04
* JeffF looking22:05
woodster_JeffF, you are running this from a virtual env with a local barbican git repository, correct?22:05
JeffFI don't see any other relevant line, well, what to my eyes seems relevant to the plugin anyway.  which isn't saying much.  but I know there must be some other configuration somewhere because I commented out the plugins from setup.cfg, ran install and then barbican complained about not having the other cert plugins installed22:08
JeffFIf there isn't anything obvious that sticks out to you, then I must have just done something weird or missed something.22:09
JeffFwell, I don't want to keep you.  I bet it's just past 5 your time, so I can keep playing with this and if I get stuck again, I'll hit you up next week sometime,  how's that?22:10
woodster_JeffF, you should only run install once per virtual environment. After that, use start.  If you run install again, it will overwrite your /etc/barbican/... configuration files.22:11
JeffFI realized that22:11
JeffFas I noticed it was getting over written22:12
woodster_So if you did this: install -> modify setup.cfg and /etc/barbican/barbican.conf -> start, then I think you might need to run this again: pip install -e .22:13
woodster_JeffF, that 'pip install -e .' part is necessary because you modified the setup.cfg file I believe.22:13
JeffFahhh, ok.  I think that makes sense22:14
JeffFI'll try that then and I'll get back to you next week if I get stuck again.22:15
JeffFthanks woodster_ and chellygel !!22:15
woodster_JeffF, then run start after that.  But you do see the 'dc = ...' log coming out of stevedore22:15
woodster_JeffF, for sure, please let us know if you get blocked or have success!22:16
JeffFI do.  I see that barbican knows the plugin is enabled22:16
JeffFwoodster_: thanks!  Have a good weekend!22:16
woodster_JeffF, you as well22:16
*** gyee has quit IRC22:18
*** rtom has quit IRC22:25
*** ametts has quit IRC22:27
*** JeffF has left #openstack-barbican22:27
*** jorge_munoz has quit IRC22:38
*** ayoung has joined #openstack-barbican22:40
*** openstackgerrit has quit IRC22:54
*** tdink has joined #openstack-barbican22:58
*** tdink has quit IRC23:09
*** kebray has joined #openstack-barbican23:23
*** kebray has quit IRC23:34

Generated by 2.14.0 by Marius Gedminas - find it at!