Wednesday, 2015-05-13

*** SheenaG has quit IRC00:05
*** SheenaG has joined #openstack-barbican00:19
*** chlong_ has joined #openstack-barbican00:20
openstackgerritArun Kant proposed openstack/barbican: Adding documentation for ACLs operations.
*** david-lyle has quit IRC00:28
openstackgerritArun Kant proposed openstack/barbican: Adding documentation for ACLs operations.
*** zz_dimtruck is now known as dimtruck00:40
*** dave-mccowan has quit IRC01:20
*** SheenaG has quit IRC01:23
*** dave-mccowan has joined #openstack-barbican02:30
*** dave-mccowan has quit IRC02:38
*** gyee has quit IRC02:47
*** chlong has quit IRC03:05
*** dave-mccowan has joined #openstack-barbican03:14
*** dimtruck is now known as zz_dimtruck03:36
*** david-lyle has joined #openstack-barbican03:48
*** chlong_ has quit IRC03:52
*** dave-mccowan has quit IRC03:53
*** kebray has quit IRC04:40
*** arunkant has quit IRC05:11
*** chlong has joined #openstack-barbican05:23
*** arunkant has joined #openstack-barbican05:32
*** chlong has quit IRC05:34
*** arunkant has quit IRC05:41
*** chlong has joined #openstack-barbican05:48
*** nickrmc83 has joined #openstack-barbican06:13
*** chlong has quit IRC06:24
*** chlong has joined #openstack-barbican06:27
*** smallbig has left #openstack-barbican06:49
*** woodster_ has quit IRC07:00
*** tkelsey has joined #openstack-barbican07:11
*** x3k is now known as xek07:19
*** xek has quit IRC07:40
*** xek has joined #openstack-barbican07:41
*** arunkant has joined #openstack-barbican07:43
*** jaosorior has joined #openstack-barbican08:28
zigoI have just uploaded barbican 2015.1.0 in Sid.09:29
zigoSo, it may reach Debian as soon as the Debian FTP masters approve the package.09:29
zigoHowever, there's a few things which should be fixed.09:29
zigoNamely, could we have Barbican use standard stuff for config like --log-file= and such?09:30
zigoRedirecting the standard output is not very nice...09:30
* zigo is out for lunch09:30
*** jamielennox is now known as jamielennox|away10:08
*** darrenmoffat has quit IRC10:18
*** darrenmoffat has joined #openstack-barbican10:19
*** mjg59 has quit IRC10:27
*** mjg59 has joined #openstack-barbican10:32
*** tkelsey has quit IRC11:12
*** tkelsey has joined #openstack-barbican11:30
*** tkelsey has quit IRC11:35
*** tkelsey has joined #openstack-barbican11:40
*** woodster_ has joined #openstack-barbican11:59
*** dave-mccowan has joined #openstack-barbican12:42
*** xaeth_afk is now known as xaeth13:10
*** nkinder has quit IRC13:24
*** alee has joined #openstack-barbican13:24
aleewoodster_, redrobot - workflow please --
woodster_alee: done!13:27
aleewoodster_, thanks!13:28
*** zz_dimtruck is now known as dimtruck13:47
openstackgerritMerged openstack/barbican: Base64 encode the cert returned from the Dogtag plugin
*** pglass has joined #openstack-barbican14:05
hockeynutredrobot reaperhulk woodster_  hit a brutha with a workflow?
*** nkinder has joined #openstack-barbican14:17
*** dave-mccowan has quit IRC14:26
*** chlong has quit IRC14:30
*** silos has joined #openstack-barbican14:34
*** dave-mccowan has joined #openstack-barbican14:39
openstackgerritJohn Vrbanac proposed openstack/barbican: Adding config option for specifying HSM slot
*** jhfeng has joined #openstack-barbican14:50
*** pglass has quit IRC15:06
*** pglass has joined #openstack-barbican15:07
*** nelsnelson has joined #openstack-barbican15:14
*** SheenaG has joined #openstack-barbican15:22
arunkantwoodster_, redrobot, jaosorior,  ACL code and doc review is up..  and
arunkantdave-mccowan ^^^15:27
*** kebray has joined #openstack-barbican15:29
*** jhfeng has quit IRC15:34
*** jhfeng has joined #openstack-barbican15:35
*** rellerreller has joined #openstack-barbican15:36
*** gyee has joined #openstack-barbican15:44
*** shakamunyi has quit IRC15:51
*** barra204 has quit IRC15:51
openstackgerritMerged openstack/python-barbicanclient: Create behaviors for secrets
*** kfarr has joined #openstack-barbican15:58
*** nickrmc83 has quit IRC16:04
*** kebray has quit IRC16:11
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements
redrobotzigo could you please file some bugs for the fixes you'd like to see?  It would be the best way to track what's needed, and recruit people to make the changes.16:39
*** dimtruck is now known as zz_dimtruck16:45
*** everjeje has quit IRC16:46
*** zz_dimtruck is now known as dimtruck16:53
*** jhfeng is now known as jhfeng-away17:06
rm_workSheenaG: can't find the calendar invite all the sudden17:06
rm_workwhere am I supposed to connect?17:06
rm_workredrobot: Sheena_ ^^17:07
redrobotrm_work ^^17:08
*** jhfeng-away is now known as jhfeng17:10
*** Asha has joined #openstack-barbican17:21
AshaHi All17:21
AshaI would need help ..what woruld be the workaround to execute the curl commands in the latest barbican code ..since it is giving the following error when I executed the curl command for uploading and retrieving the secret17:23
Asharoot@Clientfor-HAProxy ~]# curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here", "payload_content_type": "text/plain"}' http://localhost:9311/v1/secrets {"code": 403, "description": "Secret creation attempt not allowed - please review your user/project privileges", "title": "Forbidden"} [root@Clientfor-HAProxy ~]# curl -H 'X-Project-Id: 12345' http://localhost:9311/v1/secret17:23
rm_workredrobot / SheenaG: skip me i'll reboot17:23
AshaAny Help would highly be appreicated17:24
AshaI see der were some changes done in the barbican-functional file17:25
*** jhfeng has quit IRC17:26
jvrbanacAsha, you might check your policy.json file in etc/barbican17:26
Ashayeah far I had not got this t error till last week ..On Friday ..I pulled the latest barbican code and am facing dis issue17:27
jvrbanacAsha, what kind of database are you using?17:28
Ashasqllite..d default one17:29
AshaI also see that new RBAC users has been added to barbican -functional.conf file17:30
jvrbanacAsha, that file is just used for functional tests and shouldn't affect this.17:30
Ashaoh k ..thanks @jvrbanac17:31
jvrbanacAsha, ahh if you're using the development db (sqllite), that might be the problem. Ok. Try removing or moving the old /var/lib/barbican/barbican.sqlite file and restarting17:31
jvrbanacAsha, I'm guessing it's the database here because SQLlite doesn't support database migrations, so if you came from an older version it can cause some random and interesting problems.17:33
Ashaoh k ..Thanks a lot jvrbanac...would try doing that17:34
Ashaand will let u know17:34
jvrbanacAsha, awesome ok17:34
*** jhfeng has joined #openstack-barbican17:43
Asha@jvrbanac ..I am geting the same error after moving sqllite file17:45
openstackgerritNathan Reller proposed openstack/barbican: Added pkcs1_only Configuration to KMIP
jvrbanacAsha, :( Do you know what older version you were using before?17:46
AshaI was using the kilo version17:47
*** tkelsey has quit IRC18:02
AshaHi ..How do we get to know the version number of the barbican installed18:07
*** kfarr has quit IRC18:13
redrobotAsha should be listed on the response to the barbican root.18:14
*** kebray has joined #openstack-barbican18:15
redrobotAsha i.e. curl localhost:931118:15
Ashaoh k ..Thanks a lot @ redrobot18:16
Asha@jvrbanac ...both are V1 versions ..but the build number is different'18:39
*** kebray has quit IRC18:41
*** jhfeng is now known as jhfeng-away18:46
Ashathis was the older version I was using root@barbican:~#  curl -H 'X-Project-Id:12345' localhost:9311 {"v1": "current", "build": "2015.1.dev143"}18:47
*** jhfeng-away has quit IRC18:47
*** jaosorior has quit IRC18:52
*** rellerreller has quit IRC19:03
jvrbanacAsha, sry. I actually meant the git commit id. I wanted to see if I could replicate the problem19:11
Ashasure ..jvrbanac19:13
Asha{"v1": "current", "build": "2015.2.0.dev43"} - this is the latest one I got for which I am facing the issue19:14
Ashahow do we get the git commit id ?19:14
*** jhfeng has joined #openstack-barbican19:15
Ashaor else you can dowload the latest code from the git hub for barbican19:15
jvrbanacAsha, so what I was hoping to do was grab the version of code that has didn't have a problem for you and try to work out what has changed since then that might cause the problem19:19
jvrbanacAsha, You know... I just thought of something. Before we go down that road, can you try to reinstall the barbican dependencies? You should be able to do that with a: pip install -U -r requirements.txt19:21
Ashaoh k .sure19:23
Ashayeah ..done19:24
jvrbanacAsha, try restarting barbican and see if you still have the problem19:25
Ashanopes is not working19:29
AshaI guess it has to be something with the user and project permissions19:29
Ashaearlier dere  might be some default rules19:30
Ashawhere in we could genrally execute the curl command  with our  own project ID and the user can be anything ..In my case ,,it was the root user19:31
Ashaand used the project ID 1234519:31
AshaWe  need not configure these attributes in the barbican project19:32
jvrbanacAsha, I'm not too familiar with the per-secret permissions stuff that was added a while ago. If you have done this already, you might compare your policy.json file to:
*** dave-mccowan has quit IRC19:33
jvrbanacAsha, I'm guessing the one you're using is it /etc/barbican/policy.json19:33
AshaBut if we compare the rules , ACL support was added for the latest one19:46
Ashabut dat should ,not impact the basic commands like uploading or reterival mfo the secrets19:47
*** jhfeng has quit IRC19:55
*** silos has left #openstack-barbican20:00
AshaIt would be great if someone cud really help me with this20:15
AshaCurrently working on the proxy stuff20:16
AshaIt would block me if I would not resolve this issue20:16
*** dave-mccowan has joined #openstack-barbican20:26
*** kebray has joined #openstack-barbican20:30
*** kebray has quit IRC20:31
jvrbanacAsha, sry, I'm bouncing around between tasks today. So that ACL changes did affect permissions to secrets, so it's quite possible that something like an outdated policy.json could cause something like this.20:34
*** nkinder has quit IRC20:37
jvrbanacAsha, another potential issue is perhaps there is an issue with the use of barbican without authentication.20:39
jvrbanacAsha, I'm not sure20:39
Ashaoh k ..does it mean that we need to integrate it with the keystone in order to make it work20:41
*** kebray has joined #openstack-barbican20:41
Ashanp @jvrbanac ...I understand ..I would appreicate for your time and effort in helping me out with this issue20:42
jvrbanacAsha, it should work without Keystone; however, if it works behind keystone for you, then it's probably where the bug is20:49
*** kebray has quit IRC21:01
*** kebray has joined #openstack-barbican21:02
*** jorge_munoz_ has joined #openstack-barbican21:04
Ashak ..Thanks @jvrbanac ...I need to check if it works with integrating iwth keystone21:06
AshaSince I had integrated  iwth keystone the older barbican version21:06
Ashaolder version of barbican used to work without integarting with keystone ..but when imtegarted with the keystone n..v need to provide the token along with commad21:07
*** kfarr has joined #openstack-barbican21:07
*** jorge_munoz has quit IRC21:09
*** greghaynes has quit IRC21:09
*** jorge_munoz_ is now known as jorge_munoz21:09
jvrbanacAsha, yeah... it looks like there is an issue running unauthenticated.21:09
*** greghayn1 has joined #openstack-barbican21:10
*** kfarr has quit IRC21:10
*** kfarr has joined #openstack-barbican21:10
Ashayes jvrbanac21:11
*** greghayn1 is now known as greghaynes21:29
*** xaeth is now known as xaeth_afk21:47
*** SheenaG1 has joined #openstack-barbican21:50
*** SheenaG has quit IRC21:50
*** dave-mccowan has quit IRC21:53
*** kfarr has quit IRC21:59
*** nkinder has joined #openstack-barbican22:18
*** jamielennox|away is now known as jamielennox22:19
*** pglass has quit IRC22:20
*** nelsnelson has quit IRC22:25
*** dimtruck is now known as zz_dimtruck22:34
-openstackstatus- NOTICE: Gerrit and Zuul are going offline for reboots to fix a security vulnerability.22:38
*** ChanServ changes topic to "Gerrit and Zuul are going offline for reboots to fix a security vulnerability."22:38
*** openstackgerrit has quit IRC22:47
*** openstackgerrit has joined #openstack-barbican22:49
*** ChanServ changes topic to "OpenStack Barbican development"22:56
-openstackstatus- NOTICE: Gerrit and Zuul are back online.22:56
*** Asha has quit IRC22:57
*** SheenaG1 has quit IRC22:59
*** SheenaG has joined #openstack-barbican23:15
*** SheenaG has quit IRC23:36
*** SheenaG has joined #openstack-barbican23:44
*** dave-mccowan has joined #openstack-barbican23:47

Generated by 2.14.0 by Marius Gedminas - find it at!