Monday, 2015-07-27

*** chlong has joined #openstack-barbican00:00
*** everjeje has quit IRC00:30
*** kfarr has joined #openstack-barbican00:40
*** kfarr2 has joined #openstack-barbican00:42
*** kfarr1 has quit IRC00:42
*** kfarr has quit IRC00:45
*** SheenaG has quit IRC00:55
*** SheenaG has joined #openstack-barbican01:01
*** SheenaG has quit IRC01:31
openstackgerritKaitlin Farr proposed openstack/castellan: Update mock key manager
openstackgerritKaitlin Farr proposed openstack/castellan: Update mock key manager
openstackgerritKaitlin Farr proposed openstack/castellan: Update mock key manager
*** kfarr2 has quit IRC03:38
openstackgerritDave McCowan proposed openstack/barbican: Implement Models and Repositories for Resource Quotas
*** kebray has joined #openstack-barbican04:17
*** dave-mcc_ has quit IRC04:27
*** Nirupama has joined #openstack-barbican05:18
*** Nirupama has quit IRC05:20
*** Nirupama has joined #openstack-barbican05:23
*** kebray has quit IRC07:11
*** nickrmc83 has joined #openstack-barbican07:17
*** chlong has quit IRC07:28
*** dtadrzak_ has quit IRC08:06
*** shohel has joined #openstack-barbican08:21
*** shohel has quit IRC08:32
*** Nirupama has quit IRC08:37
*** nickrmc83 has quit IRC08:58
*** nickrmc83 has joined #openstack-barbican09:00
*** tkelsey has joined #openstack-barbican09:03
*** nickrmc83 has quit IRC09:05
*** nickrmc83 has joined #openstack-barbican09:11
*** shohel has joined #openstack-barbican09:50
*** mmdurrant has quit IRC10:09
*** darrenmoffat has quit IRC10:21
*** mjg59` has quit IRC10:21
*** mjg59 has joined #openstack-barbican10:22
*** darrenmoffat has joined #openstack-barbican10:23
*** everjeje has joined #openstack-barbican10:35
*** DTadrzak has joined #openstack-barbican10:55
*** nickrmc83 has quit IRC11:47
*** mmdurrant has joined #openstack-barbican11:58
*** jaosorior has joined #openstack-barbican12:03
*** zz_dimtruck is now known as dimtruck12:25
*** chlong has joined #openstack-barbican12:31
*** woodster_ has joined #openstack-barbican12:45
*** dave-mccowan has joined #openstack-barbican13:03
*** kfarr has joined #openstack-barbican13:04
*** alee has joined #openstack-barbican13:05
*** SheenaG has joined #openstack-barbican13:16
*** Nirupama has joined #openstack-barbican13:20
*** nickrmc83 has joined #openstack-barbican13:21
openstackgerritDave McCowan proposed openstack/barbican: Implement Models and Repositories for Resource Quotas
*** Nirupama has quit IRC13:28
*** chlong has quit IRC13:42
*** nelsnelson has joined #openstack-barbican14:01
*** spotz_zzz is now known as spotz14:09
*** Kevin_Bishop has joined #openstack-barbican14:11
*** nickrmc83 has quit IRC14:13
aleehey all - my pycharm license is set to expire in a couple of days?  are there replacement licenses anywhere?14:20
*** edtubill has joined #openstack-barbican14:23
*** pglass has joined #openstack-barbican14:24
*** rellerreller has joined #openstack-barbican14:41
*** kfarr has quit IRC14:45
*** SheenaG has quit IRC14:58
jaosoriorswitch to Vim ;)15:01
*** kfarr has joined #openstack-barbican15:02
jaosoriorkfarr: Any castellan CR that I should prioritize review? I'm about to brew some coffee :P15:04
jaosoriorredrobot: ping15:07
ryanpetrelloanybody in barbican-land available to help me figure out why these tests are failing :\?
dave-mccowanjaosorior i have a fresh quotas commit that would go well with coffee:
ryanpetrelloI don't think it's related to the changeset15:08
*** kfarr has quit IRC15:08
jaosoriorryanpetrello: I can check what's up in about... 15 min. Need to brew some coffee first15:09
ryanpetrellocool, thx15:09
ryanpetrelloI need to make some, too :D15:09
jaosoriordave-mccowan: cool, your CR is open and will check it out once coffee is done :P15:09
*** silos has joined #openstack-barbican15:09
*** SheenaG has joined #openstack-barbican15:12
*** xaeth_afk is now known as xaeth15:15
*** nickrmc83 has joined #openstack-barbican15:16
jaosoriorryanpetrello: Where can I see the specification of that gate?15:17
jaosoriorSome errors appear to be related to the policy and others to the mocked objects, which is pretty weird15:18
jaosoriorIIRC some of those mock errors were previously fixed by dave-mccowan. Is that the stable/kilo branch?15:18
dave-mccowanjaosorior yes, looks like stable/kilo.  what happened with the backport?15:20
jaosoriorIt's still there15:21
jaosoriorwhich is why I've been trying to ping redrobot15:21
jaosoriorI haven't figured out why the gate fails and also the doc tests fail15:21
*** SheenaG has quit IRC15:21
ryanpetrelloyep, sec15:22
jaosoriorryanpetrello: Anyway, that CR above is the one needed to make the py27 tests pass for the stable/kilo branch.15:22
*** edtubill has quit IRC15:22
*** kfarr has joined #openstack-barbican15:23
jaosoriorStill gotta figure out why the functional tests fail. Seems to me like there's some issue with the policy15:23
*** edtubill has joined #openstack-barbican15:23
jaosoriorit is indeed stable/kilo15:23
*** diazjf has joined #openstack-barbican15:24
jaosoriorlets focus on getting tip to work first15:24
jaosorioris that running using the keystonemiddleware?15:24
*** SheenaG has joined #openstack-barbican15:26
*** kfarr has quit IRC15:27
jaosoriorryanpetrello: ^^15:29
*** nickrmc83 has quit IRC15:31
*** kebray has joined #openstack-barbican15:33
rellerrellerjaosorior There are some castellan reviews.15:35
rellerrellerI'll take a look for priorities if coffee is not made yet.15:35
rellerrellerjaosorior 1.
rellerrellerjaosorior 2.
rellerrellerjaosorior 3.
*** xaeth is now known as xaeth_afk15:36
jaosoriorrellerreller: Sure, will take a look. Right now I'm trying to check out what's the problem with the barbican job in the pecan gated15:37
rellerrellerjasorior 4. (this is an easy one)15:37
rellerrellerjaosorior np, any help is greatly appreciated.15:37
*** kfarr has joined #openstack-barbican15:42
*** xaeth_afk is now known as xaeth15:43
*** kfarr has quit IRC15:47
openstackgerritJoel Coffman proposed openstack/castellan: Remove copy_key operation
*** shohel has quit IRC16:02
*** kfarr has joined #openstack-barbican16:03
*** xaeth is now known as xaeth_afk16:05
*** xaeth_afk is now known as xaeth16:11
*** mragupat has joined #openstack-barbican16:18
*** vivek-ebay has joined #openstack-barbican16:24
jaosoriorryanpetrello: OK, caffeine kicked in haha. Seems that I initially got confused and thought it was trying to run some functional tests. I see now that it's actually just running the py27 environment from the barbican tests. Trying to duplicate now16:38
*** dave-mccowan has quit IRC16:42
jaosoriorryanpetrello: Found the problem and it's a bug on our side. I'll upload a CR today16:46
ryanpetrello:D thanks for taking a look :)16:46
jaosoriorryanpetrello: No problem16:47
jaosoriorryanpetrello: If you're curious, the error is this
*** rm_work is now known as rm_work|away16:51
chellygeljkf, ping16:53
chellygeldid you ever get a response to your question about secrets ?16:54
jkfchellygel: What's up?16:54
jkfI have not.16:54
chellygelwoodster_, ? yt?16:54
chellygeljkf, does Symantec have a public facing irc room like this for the partner API?16:56
jkfWe don't. Symantec is surprisingly backwards when it comes to irc. :/16:56
jkfOnly reason I'm here is my tunnel my irc connections out through ssh.16:57
jkf*I tunnel16:57
chellygelohhh boy -- that ... well16:57
chellygelI'll see if i can track down woodster_ for you today so you can get some answers16:58
jkfOk, thanks!16:58
*** dave-mccowan has joined #openstack-barbican17:09
*** diazjf has quit IRC17:22
*** vivek-ebay has quit IRC17:27
*** tkelsey has quit IRC17:35
*** nelsnelson has quit IRC17:36
*** vivek-ebay has joined #openstack-barbican17:48
*** rellerreller has quit IRC18:00
*** tkelsey has joined #openstack-barbican18:03
*** vivek-ebay has quit IRC18:07
*** tkelsey has quit IRC18:08
*** pglbutt has joined #openstack-barbican18:08
*** pglass has quit IRC18:08
*** pglass has joined #openstack-barbican18:12
*** diazjf has joined #openstack-barbican18:13
*** pglbutt has quit IRC18:15
elmikohey all, castellan question. shouldn't the requirements.txt include python-barbicanclient?18:24
aleejaosorior, ping18:29
diazjfelmiko, Yes I think it should, I see imports such as from barbicanclient import client as barbican_client18:29
*** kebray has quit IRC18:30
openstackgerritMichael McCune proposed openstack/castellan: refactoring castellan configuration
elmikodiazjf: yea, that's what i experience too. by default you can't import all the castellan modules because of the dependency.18:31
redrobotelmiko I would think not18:33
redrobotelmiko since it's an optional dependency18:33
elmikoredrobot: that's fair, but i think the default api_class should be changed from barbican then.18:34
redrobotelmiko ah indeed... if it blows up out of the box, then yeah we need to fix something.18:34
elmikoredrobot: it will make a difference with the configuration refactor i'm proposing too18:35
aleeredrobot, how do you run the barbicanlcient funtional tests?18:36
*** rm_work|away is now known as rm_work18:37
redrobotalee tox -e functional18:37
rm_workelmiko: yeah barbican should not be the default -- default should be mock or similar18:37
jaosorioralee: pong18:37
aleeredrobot, jaosorior when I run tox -e functional, I run into a bunch of auth failures .. what else do I need to set up?18:38
elmikorm_work: ack, that makes a lot of sence18:39
*** nelsnelson has joined #openstack-barbican18:39
aleejaosorior, on a related note -- I am trying to run barbican client on the command line.18:41
openstackgerritMichael McCune proposed openstack/castellan: refactoring castellan configuration
jaosorioralee: Have you set up the appropriate users and projects in keystone?18:42
aleejaosorior, thats what I was going to ask about :)18:42
aleejaosorior, what users/projects do I need to 1) run functonal tests18:43
alee2) run some basic tests from the command line18:43
*** rellerreller has joined #openstack-barbican18:44
kfarrelmiko, just saw your messages, yes that's a good point about things blowing up if python-barbicanclient isn't installed18:44
elmikokfarr: i added a bit of defensive coding for those cases to my change. but i think it's something we'll have to address more globally18:45
*** kebray has joined #openstack-barbican18:46
rm_workelmiko: yeah, i thought per discussion at the last midcycle that the barbican drivers and all other contrib drivers would be part of test-reqs only, so their unit tests could run, but wouldn't be required for install18:48
aleejaosorior, I tried something like in my clientrc for the cli but doesn't seem to be working18:49
elmikorm_work: ok, that makes sense. (i wasn't at the midcycle)18:49
rm_workyeah obviously we weren't paying attention when the barbican driver became the default :P18:50
*** mragupat_ has joined #openstack-barbican18:50
elmikorm_work, kfarr, i wonder what the default behavior should be? if we are going to use a "mock" key manager, i could contribute my sahara key manager which basically does nothing except give you back the values you supplied.18:50
rm_workelmiko: i assumed mock would be like... inmemory or somesuch18:51
*** kebray has quit IRC18:51
elmikorm_work: ahh, ok18:51
rm_workI had a "local" version that stored to the filesystem18:51
kfarrThere's a mock key manager in the tests directory18:51
rm_workbut i think we opted to not do that18:51
rm_worksince it's a little bit cleaner to just to inmemory18:51
elmikokfarr: ack18:51
rm_workand yeah ^^ kfarr did something along those lines18:51
rm_workkfarr: is it inmemory or truly just mocks?18:52
kfarrIt's in memory!18:52
elmikomaybe bring that out into the main tree and call it InMemoryKeyManager or something?18:53
rm_workk yeah18:53
rm_worknot sure it should live in tests18:53
rm_workelmiko: +118:53
elmikothat would at least be a default api_class that would work18:53
jaosorioralee: How is it not working?18:54
*** mragupat has quit IRC18:54
jaosorioralee: Also, the users/projects that you need you can see then in bin/keystone_data.sh18:54
kfarrwell I think the idea behind putting it in tests was because it's not suitable for an actual deployment18:54
aleejaosorior, actually -- I might have gotten it working now -- wrong user .. needed admin .. looking18:54
elmikokfarr: fair, but we need a sensible default for deployments that don't have barbican (not sure why anyone would do that, testing maybe)18:55
rm_workyeah the default deploy should be whatever works for devstack/testing18:55
rm_workwhich IMO should be using inmemory18:55
elmiko+1, we are having many discussions about deployments that don't have barbican for our use case.18:56
kfarrthat sounds reasonable to me18:57
rm_worki am still planning to contribute my CertificateManager code too...18:57
rm_workwhen I actually have time to polish it up18:57
rm_workyet more people who want to use it18:58
rm_workare asking me about it18:58
elmikokfarr, rm_work, should i make a bug about the default api_class and possibly put a patch up?19:00
elmikoalso, rm_work, what is your gerrit id?19:00
kfarrelmiko sounds fine to me, so many patches that need to go in!19:01
elmikokfarr: no worries, i've got a few cycles to help with this stuff =)19:01
kfarrelmiko :D19:01
*** vivek-ebay has joined #openstack-barbican19:02
rm_workelmiko: i go by ?19:04
rm_worki think that is how gerrit tracks me19:04
elmikorm_work: ack, just wanted to add you to my review19:05
elmikogot it, thanks!19:05
jaosoriorryanpetrello: It's actually a different issue and it will take more than I expected... But I'm still working on it19:05
ryanpetrellookay, thanks for your help :)19:05
rm_worklots of open and +2'd CRs in castellan19:05
rm_workwould be good to clear through some of those probably19:05
*** vivek-ebay has quit IRC19:08
*** igueths has joined #openstack-barbican19:08
elmikorm_work: +119:08
*** kebray has joined #openstack-barbican19:11
ryanpetrellojaosorior: is there a launchpad bug?19:12
*** Asha has joined #openstack-barbican19:12
jaosoriorryanpetrello: There isn't19:13
jaosoriorI'm still figuring out what's up19:13
jaosoriorwhen I first run tox it fails19:13
jaosoriorbut when I run it a second time the tests pass19:13
jaosoriorso it's a very weird thing19:13
jaosoriorstill testing what's actually going on19:14
ryanpetrellosounds like a doozy19:14
rm_workelmiko: note
rm_workelmiko: if you move mock_key_manager before that merges, you'll have a funny conflict19:17
*** peter-hamilton has joined #openstack-barbican19:17
rm_workseriously can we get some of those CRs merged?19:18
elmikorm_work: yea, i'll just deal with it when those merge. but definitely ack19:18
rm_workand then see if any merge conflicts come up for the rest19:18
rm_workwho else is Castellan core19:18
kfarreveryone who is Barbican core19:20
*** SheenaG has quit IRC19:20
*** edtubill1 has joined #openstack-barbican19:21
rm_workwell then...19:21
rm_workcan we get some +A?19:21
*** SheenaG has joined #openstack-barbican19:22
aleejaosorior, ping19:24
*** edtubill has quit IRC19:25
kfarrelmiko is the configuration change going to break the sample config generation for this:
* elmiko looks19:26
kfarror did we duplicate some things?19:27
elmikokfarr: do the functional tests assume the current defaults in castellan.key_manager.__init__ and castellan.key_manager.barbican_key_manager?19:29
jaosorioralee: pong19:29
kfarrIt assumes the defaults unless there's a config file19:29
elmikokfarr: i don't think so, but i will double check when that patch gets approved19:30
aleejaosorior, I'm trying to add the cas interface to barbicanclient -- but having some trouble finding my commands19:30
aleejaosorior, just a sec - let me try something ..19:30
kfarrelmiko ok, however you're doing config options in the new patch, I'd like to use the same thing for the functional tests19:31
elmikokfarr: ack, makes sense. i will update my patch when that merges19:31
elmikokfarr: ok, so the big change will be passing the ConfigOpts object into the BarbicanKeyManager() call19:32
aleejaosorior, is there somewhere where I need to register new interrfaces?  let me post what I have and you can tell me what I'm missing?19:33
elmikothat will be a really good test for my patch as well =)19:33
aleejaosorior, because from the command line , I keep getting Unknown command ['cas', 'get']19:34
aleeand simiar19:34
jaosorioralee: Commands are registered in setup.cfg19:34
aleejaosorior, ah ..19:35
jaosorioralee: It's how cliff works19:35
aleejaosorior, cool thanks .. adding now ..19:35
jaosoriorno problem dude, anything else let me know, I'll be around for a bit still19:35
elmikokfarr: the way those functional tests look now, they use "http://localhost:9311/" for barbican_endpoint, and "v1" for api_version. assuming that stays true, it would require only a minor change.19:36
redrobotjaosorior did you ever submit a name change to the governance repo?19:36
kfarrelmiko, ok sounds good19:36
elmikokfarr: as it stand now, that functional test can't change the barbican_endpoint and api_version19:37
jaosoriorredrobot: Haven't yet19:37
elmikoeven with a conf file19:37
jaosoriorlet me do that19:37
kfarrelmiko oh bummer, really?19:38
elmikokfarr: yea because BarbicanKeyManager assumes you are using the oslo_config.cfg.CONF object to pass configuration values but that patch uses a local ConfigOpts to handle the options19:38
elmikokfarr: although, with my patch you could change those values19:38
*** peter-hamilton has quit IRC19:45
kfarrelmiko ok I see what you're saying.  Yeah I remembered you said you had a configuration patch in the works, so I was holding off on messing with the config stuff for the barbican keey manager til then19:45
elmikokfarr: i think it's ok for now, as long as the functional tests are run on the same server as the barbican api server. but for the future it will be nice to configure that stuff.19:47
elmikokfarr: fwiw, i think it will be easy to do19:47
rm_workbut seriously can we merge like 6 of those patches ASAP19:49
rm_workalmost everything is touched by them it seems, so it's very confusing to try to move forward with them looming, lol19:49
elmikorm_work: +1, we should bring this up again at the meeting in 10 minutes =)19:50
kfarrrm_work I was gonna bring it up at the meeting19:50
rm_workyeah that seems like it'd be successful19:50
elmiko.... i owe you a beverage kfarr ;)19:50
redrobotjaosorior thanks!  added a +1 fwiw19:55
jaosoriorredrobot: I will need your help this week to figure out what's up with the stable/kilo tests19:56
rm_workredrobot: go ahead and add a +A to those other patches while you're at it19:56
jaosoriorthey're failing :(19:56
*** kebray has quit IRC19:56
*** jhfeng has joined #openstack-barbican19:57
redrobotWeekly meeting is about to start19:58
redroboton #openstack-meeting-alt19:58
*** vivek-ebay has joined #openstack-barbican20:00
*** xaeth is now known as xaeth_afk20:00
*** Asha has quit IRC20:01
*** pglbutt has joined #openstack-barbican20:04
*** tkelsey has joined #openstack-barbican20:04
*** pglass has quit IRC20:05
*** tkelsey has quit IRC20:09
*** crc32 has joined #openstack-barbican20:20
*** kebray has joined #openstack-barbican20:21
*** kebray has quit IRC20:21
*** xaeth_afk is now known as xaeth20:21
*** kebray has joined #openstack-barbican20:31
*** mragupat_ has quit IRC20:36
*** mragupat has joined #openstack-barbican20:37
*** mragupat has quit IRC20:37
*** mragupat has joined #openstack-barbican20:37
*** mragupat has quit IRC20:38
*** mragupat has joined #openstack-barbican20:39
*** rellerreller has quit IRC20:41
*** dimtruck is now known as zz_dimtruck20:56
*** silos has left #openstack-barbican20:57
kfarrHas anyone used the snakeoil certificate plugin lately?  I was trying to use it to generate a certificate, but when I tried accessing the certificate payload, I got an HTTPError.  Is there documentation available?20:58
*** edtubill1 has left #openstack-barbican21:00
*** zz_dimtruck is now known as dimtruck21:01
aleekfarr, well there is the bug that I was working on21:01
aleekfarr, which it seems I need to get back to.21:01
kfarralee is there a bug report for that?  I think I missed that conversation21:01
aleekfarr, I think you reviewed the patch :)21:01
kfarrOh oops D:21:02
*** qwebirc63623 has joined #openstack-barbican21:02
kfarrOh the base64 one21:02
aleethere are no instructions -- I need to write something up21:02
qwebirc63623Hi All , I would like to discuss on Barbican Integration with HSM  HA setup ...21:04
qwebirc63623Asha here21:04
qwebirc63623Is Jobn vbranac around or if anyone could help me that would be great !21:06
qwebirc63623John *21:06
qwebirc63623Mentioned the virtual slot number in barbican.conf file ...Not sure why it is faliling ...21:08
*** SheenaG has quit IRC21:09
*** SheenaG has joined #openstack-barbican21:10
*** SheenaG has quit IRC21:15
redrobotjvrbanac ^^21:16
*** xaeth is now known as xaeth_afk21:16
*** vivek-ebay has quit IRC21:17
diazjf is ready, just need a workflow +1 :)21:17
*** kfarr has left #openstack-barbican21:42
*** diazjf has left #openstack-barbican21:43
qwebirc63623Hi redrobot21:46
qwebirc63623Would like to reason why the HSM HA configuration integration with Barbican failing since I am unable to creat the secret21:48
*** xaeth_afk is now known as xaeth21:51
*** Kevin_Bishop has quit IRC21:56
*** mragupat has quit IRC21:57
*** vivek-ebay has joined #openstack-barbican21:58
*** pglbutt has quit IRC22:07
*** igueths has quit IRC22:08
*** chlong has joined #openstack-barbican22:09
*** xaeth is now known as xaeth_afk22:11
*** spotz is now known as spotz_zzz22:39
*** qwebirc63623 has quit IRC22:42
*** dimtruck is now known as zz_dimtruck22:52
*** tkelsey has joined #openstack-barbican23:04
*** tkelsey has quit IRC23:08
*** jaosorior has quit IRC23:11
*** jhfeng has quit IRC23:43

Generated by 2.14.0 by Marius Gedminas - find it at!