Tuesday, 2017-05-23

*** dimtruck is now known as zz_dimtruck01:09
*** catintheroof has joined #openstack-barbican01:29
*** catintheroof has quit IRC01:30
*** dave-mccowan has quit IRC01:36
*** jamielennox is now known as jamielennox|away01:54
*** zz_dimtruck is now known as dimtruck01:56
*** noslzzp has quit IRC02:37
*** noslzzp has joined #openstack-barbican02:38
*** noslzzp has quit IRC02:46
*** noslzzp has joined #openstack-barbican02:48
*** noslzzp has quit IRC03:21
*** jamielennox|away is now known as jamielennox04:23
*** jamielennox is now known as jamielennox|away05:11
*** ssmith has joined #openstack-barbican05:17
*** jaosorior_away is now known as jaosorior05:24
*** jamielennox|away is now known as jamielennox05:51
*** cpuga has quit IRC06:05
*** jamielennox is now known as jamielennox|away06:23
*** namnh has joined #openstack-barbican06:30
*** pcaruana has joined #openstack-barbican06:39
*** ssmith has quit IRC07:01
*** andreas_s has joined #openstack-barbican07:26
*** openstackgerrit has quit IRC08:18
*** pbourke has joined #openstack-barbican08:29
*** Kevin_Zheng has quit IRC08:56
*** liujiong has joined #openstack-barbican09:02
*** salmankhan has joined #openstack-barbican09:08
*** mkoderer_ has joined #openstack-barbican09:21
*** dgonzalez_ has joined #openstack-barbican09:21
*** seife_ has joined #openstack-barbican09:21
*** tpatzig_ has joined #openstack-barbican09:21
*** mkoderer_ has quit IRC09:23
*** dgonzalez_ has quit IRC09:23
*** seife_ has quit IRC09:23
*** tpatzig_ has quit IRC09:23
rpiHi, I am trying to implement ocata (4.0.0) barbican with SoftHSM v2.2 on Ubuntu 16.04. I notice the release of openssl in 16.04 is 1.0.2g and this charm (https://github.com/openstack/charm-barbican-softhsm) references a missing function within <1.0.2h. I have recompiled softhsm2.2 against openssl 1.0.2k, and have initialised my slot, prepared my mkek and hmac labels but I receive CKR_MECHANISM_INVALID within the barbican api logs when trying to store09:53
*** liujiong has quit IRC10:14
*** salmankhan has quit IRC10:14
*** salmankhan has joined #openstack-barbican10:20
*** namnh has quit IRC10:56
*** salmankhan has quit IRC11:17
*** salmankhan has joined #openstack-barbican11:17
*** salmankhan has quit IRC11:20
*** salmankhan has joined #openstack-barbican11:26
*** openstackgerrit has joined #openstack-barbican11:48
openstackgerritOpenStack Proposal Bot proposed openstack/barbican master: Updated from global requirements  https://review.openstack.org/46713811:48
openstackgerritOpenStack Proposal Bot proposed openstack/castellan master: Updated from global requirements  https://review.openstack.org/46714011:48
*** salmankhan1 has joined #openstack-barbican12:00
*** Kevin_Zheng has joined #openstack-barbican12:01
*** salmankhan has quit IRC12:03
*** salmankhan1 is now known as salmankhan12:03
*** dgonzalez has quit IRC12:12
*** dgonzalez has joined #openstack-barbican12:14
*** dave-mccowan has joined #openstack-barbican12:14
*** catintheroof has joined #openstack-barbican12:42
*** jamielennox|away is now known as jamielennox12:49
*** jaosorior has quit IRC12:57
*** jaosorior has joined #openstack-barbican12:57
*** cpuga has joined #openstack-barbican13:06
*** cpuga has quit IRC13:08
*** cpuga has joined #openstack-barbican13:08
dave-mccowanHello Barbicaneers.  I'd like to have a 10 minute IRC meeting today at 11am EDT(UTC-4) (about 2 hours from now)13:09
dave-mccowanNamnh would like to present/discuss his plans for rolling upgrades for Barbican.  Please join if you can.13:09
dave-mccowanalee kfarr redrobot jaosorior diazjf ^^^13:10
*** ssmith has joined #openstack-barbican13:25
openstackgerritMerged openstack/barbican master: Remove Certificate Orders and CAs from Documentation  https://review.openstack.org/46236813:34
*** dimtruck is now known as zz_dimtruck13:39
jaosoriordave-mccowan: I'm almost ending the day :/13:44
*** dave-mcc_ has joined #openstack-barbican13:48
*** dave-mccowan has quit IRC13:49
*** dave-mccowan has joined #openstack-barbican13:50
*** noslzzp has joined #openstack-barbican13:52
*** dave-mcc_ has quit IRC13:53
*** chlong has joined #openstack-barbican13:56
openstackgerritMerged openstack/python-barbicanclient master: Updated from global requirements  https://review.openstack.org/46718913:59
*** rpi has quit IRC13:59
*** rpi has joined #openstack-barbican14:00
*** andreas_s has quit IRC14:01
*** kfarr has joined #openstack-barbican14:11
*** salmankhan has quit IRC14:14
*** namnh has joined #openstack-barbican14:17
*** zz_dimtruck is now known as dimtruck14:17
namnhkfarr: hello Kaitlin, here is my patch [1] to setup as your comment on the patch [2]. [1] https://review.openstack.org/#/c/466174/2  [2] https://review.openstack.org/#/c/452679/14:24
namnhkfarr: could you take a look at it.14:24
kfarrnamnh sure :)14:24
namnhkfarr: thanks :) will we have the extra meeting after around 30'?14:26
kfarryeah I think so!  I'll be here at least14:26
openstackgerritMerged openstack/barbican master: Updated from global requirements  https://review.openstack.org/46713814:29
namnhkfarr: great, I will bring the rolling upgrade topic to discuss :)14:29
openstackgerritMerged openstack/castellan master: Updated from global requirements  https://review.openstack.org/46714014:29
*** salmankhan has joined #openstack-barbican14:56
dave-mccowanHi namnh15:01
aleeHi namnh15:02
namnhhello everyone, please wait a monent, let me restart my laptop, it have a problem :)15:04
*** namnh has quit IRC15:04
*** namnh has joined #openstack-barbican15:05
namnhsorry for this15:05
namnhI am ready15:06
dave-mccowannamnh thanks for all your work on offline upgrades15:06
namnhyes, you're welcome, i will talk about my topic for now or having to wait someone?15:07
dave-mccowannamnh please start15:08
namnhthanks, let me start a offline upgrade tag first, then rolling upgrade and finally zero downtime.15:09
namnhfor offline upgrade, I pushed up two patch sets. one is to fix grenade gate and one is docs for operators15:10
namnhI think if we finish two patchs then we can request "supports-upgrade" tag to TC. is that right?15:11
dave-mccowannamnh yes. the doc and gate are the final requirements.  i'll show you how to submit the patch to request the tag later.15:12
namnhhere is the two patchs: https://review.openstack.org/#/c/466174/ and https://review.openstack.org/#/c/449022/15:14
dave-mccowannamnh ok, we'll review these soon.15:14
namnhdave-mccowan: yes, I will follow the process15:14
namnhthanks everyone for helping me to review my patch sets.15:16
namnhalthough, I am not finish the offline upgrade tag but I am thinking about "rolling upgrade" tag. I will move to this tag15:17
namnhin my option, to support "rolling upgrade" tag, we need to consider some things:15:17
namnh1. implement rpc version: basically, we need to have a option in barbican.conf to show that it is last release. here is my idea: https://review.openstack.org/#/c/466247/15:19
namnh2. online schema migrate: we need to implement to migrate database like cinder's command "cinder-manage db online_data_migrations"15:19
namnh3. gracefull shutdown15:20
namnhfor worker and keystone-listener they are using oslo.service to start service and oslo.service was implemented this feature, it means we have this one in barbican15:20
namnhfor barbican-api: I am not sure about this :)15:20
namnh- ovo (oslo versionedobject: it depends on the architecture of each project. in my understanding, we don't need to this feature because we don't have any service which get information from database via a service like barbican-api or worker.   for example: nova-compute want to get information from database via nova-condutor. in this case, ovo will be useful to modify this infor before sending to nova-compute.15:22
namnhtrigger: I can learn how to use trigger from keystone or glance that are using trigger to migrade db15:22
namnh=)) I prepared some sentences before this meeting.15:23
namnhthat is my idea about how to support "rolling upgrade" tag for barbican15:24
namnhwhat do you think about this?15:24
dave-mccowanthanks for your proposal ,namnh.  i'm excited to get this feature for barbican.15:25
dave-mccowanto be honest, i don't know much about this area of code, so i can't be much help reviewing.15:25
dave-mccowankfarr, alee: do you know this area of code?  if not, maybe we can recruit some barbican alumni to help out.15:26
aleedave-mccowan, I;m not very familiar with it either.  I think either redrobot or even better woodster would be better positioned to lookk at these15:27
kfarrAbout oslo objects?  I think jaosorior knew the most15:27
dave-mccowannamnh please keep working on this proposal.  it seems very reasonable.  i will recruit some help to review.15:28
aleeand yeah, we can ping jaosorior15:28
namnhi would like to confirm with you one thing: currenlty, there are no any services which get information from database via a service like barbican-api or worker15:28
namnhis that right?15:28
namnhdave-mccowan: yes, I will.15:29
jaosoriorwhat did I do?15:30
*** chlong has quit IRC15:31
dave-mccowanjaosorior scroll back for context.  in short: namnh is proposing to changes to support rolling upgrades and we need some expertise to review his ideas and answer his questions.  (you're the expert. :-) )15:31
*** diazjf has joined #openstack-barbican15:31
jaosoriorok, so, this caught me a little off guard15:32
jaosoriorI think this merits a blueprint (could even be in a light format)15:32
namnhdave-mccowan: =)))15:32
jaosoriorand I'll do some research based on the blueprint to review it properly15:32
dave-mccowanok namnh: i can help putting your ideas into a blueprint document to help with review.15:33
namnhjaosorior: so I will make a blueprint for this idea?15:33
jaosoriornamnh: doesn't have to be the full format of a blueprint15:33
dave-mccowanjaosorior namnh had a particular question about how barbican does database access.15:33
jaosoriorthere was a "light" format but I can't find it now15:34
jaosoriorSo, for a long time we had brewed our own database code15:34
jaosoriorwhich made sense at the tiem, since no oslo.db existed (and if it did... it was on very early stages)15:34
jaosorioridealy we should be switching fully to it15:34
jaosoriorand IIRC, at least we use the oslo.db-provided engine (which fixes a bunch of issues we used to have)15:35
dave-mccowannamnh what is your question about database via a service?15:35
jaosoriorwe still define our own models using sqlalchemy directly though15:35
jaosoriorso we don't have full support of all the features in oslo.db15:36
namnhdave-mccowan: my question is that: are there any services in barbican which get information from database via a service (barbican-api or worker)15:37
namnhdave-mccowan: for example: nova-compute want to get information from database via nova-condutor. in this case, ovo will be useful to modify this infor before sending to nova-compute.15:37
jaosoriornamnh: it's sort of mixed unfortunately15:37
jaosoriornamnh: so we also would need to have that separation done as well15:38
namnhjaosorior: I am trying to confirm this to decide whether using ovo or not. actually, there are some project which don't use ovo to rolling upgrade like keystone and glance15:40
*** chlong has joined #openstack-barbican15:43
namnhjaosorior: summary, I will make a blueprint for this idea and list some items that need to solve?15:44
jaosoriornamnh: that would be great15:44
dave-mccowannamnh if you would like, i can start a patch for the blueprint.  i will take your ideas from this meeting and put them in the spec format, listing you as author.15:45
namnhdave-mccowan: that is great after that i will contribute to list some items, right?15:47
*** pcaruana has quit IRC15:47
dave-mccowannamnh yes, you can write the second patch.  i'll just help you get started.15:47
namnhdave-mccowan: I am sorry for misunderstanding your meant, you mean that you push the patch set and I will comment on the patch. after that you will update a final patch.15:50
namnhdave-mccowan: is that right, it's ok for me15:50
dave-mccowannamnh i will push the first patch.  then, you can comment or push the second patch. either way is fine with me.15:51
namnhdave-mccowan: thanks in advance :) for this idead, i will work this with jaosorior :)15:53
namnhs/idead/idea :))))15:54
namnhjaosorior: is it ok for you? :)15:55
dave-mccowannamnh is there anything else you want to discuss now?15:55
namnhdave-mccowan: one topic about zero downtime upgrade :)15:56
namnhdave-mccowan: do we have time?15:56
dave-mccowannamnh sure, keep going.15:57
namnhmaybe this idea for the future. however image that we finish "rolling upgrade" :) like keystone or glance. However I tested downtime during rolling upgrade keystone15:58
namnhthere are still one or two failure requests, and it occurs in migration phase15:59
namnhso I think about holding request during migration database and here my POC: https://review.openstack.org/#/c/466251/16:00
*** diazjf has quit IRC16:00
namnhwe can use a feature in Pecan to hold incoming request from users and other projects during upgrade database16:01
namnhfor testing keystone: https://www.youtube.com/watch?v=YgGkFvXtRZs&feature=youtu.be  and http://prntscr.com/fb6q6416:01
jaosoriornamnh: it's good16:01
namnhbut I think this solution is not good in case taking a long time to upgrade db.16:01
namnhwhat do you think about this idea?16:02
*** diazjf has joined #openstack-barbican16:02
namnhbty, here is a presentation about testing rolling upgrade for 5 projects. I and my co-worker do this but I could not go to the boston summit to present :)16:03
kfarrnamnh thanks for the link!  we missed you in Boston!16:05
namnhkfarr: thanks for helping to review the patch sets for "offline upgrade". could you please help me to push up the process of this tag16:06
*** diazjf has quit IRC16:06
dave-mccowanthanks namnh we'll check out the links.  hopefully we all can make the next summit in Sydney. :-)16:07
namnh=))) thanks. what do you think about zero downtime upgrade16:07
namnhhold requests. there will be a problem if upgrading barbican database takes a long time16:08
namnhdave-mccowan, kfarr, jaosorior16:09
dave-mccowannamnh it's a very interesting idea.  we'd need to make sure there is some limit to hold requests, so not to create an issue.16:10
dave-mccowanan issue when the migrate takes a long time, or there is some other database failure.16:11
dave-mccowannamnh for the upgrade tag:  in the governance repo, add the tag to the file governance/reference/projects/barbican.rst16:12
*** diazjf has joined #openstack-barbican16:14
dave-mccowannamnh correction, in the file governance/reference/project.yaml.   add the tag "assert:supports-upgrade" under barbican.16:17
namnhdave-mccowan: yes, i will try to finish upgrade tag soom to do this job :)16:19
namnhdave-mccowan: one last question, do you have any plan to change database in near future?16:19
namnhdave-mccowan: I mean, deleting or alter in barbican database16:20
dave-mccowannamnh i can't think of any proposed features that would require a change to the barbican database.16:23
namnhdave-mccowan: yes, that is last question. thank all for listening my idea :)16:24
namnhkfarr jaosorior. thank you.16:25
dave-mccowanthanks namnh, we appreciate the contributions.16:27
namnhdave-mccowan kfarr jaosorior: see you later.16:29
*** chlong has quit IRC16:30
*** namnh has quit IRC16:34
*** diazjf has quit IRC17:04
*** diazjf has joined #openstack-barbican17:06
openstackgerritKaitlin Farr proposed openstack/barbican master: DevStack plugin set tempest options in test-config section  https://review.openstack.org/46733017:15
*** jaosorior is now known as jaosorior_away17:17
*** diazjf has quit IRC17:18
*** kfarr has quit IRC17:19
*** salmankhan has quit IRC17:23
*** dimtruck has quit IRC17:36
*** dimtruck has joined #openstack-barbican17:38
*** arunkant has joined #openstack-barbican18:32
*** alee has quit IRC19:36
*** dave-mccowan has quit IRC20:10
*** salmankhan has joined #openstack-barbican20:43
*** ssmith has quit IRC21:04
-openstackstatus- NOTICE: The logserver has filled up, so jobs are currently aborting with POST_FAILURE results; remediation is underway.21:19
*** ChanServ changes topic to "The logserver has filled up, so jobs are currently aborting with POST_FAILURE results; remediation is underway."21:19
*** dimtruck is now known as zz_dimtruck21:33
*** catintheroof has quit IRC21:33
*** jroll has quit IRC21:47
*** jroll has joined #openstack-barbican21:47
*** jroll has quit IRC21:49
*** salmankhan has quit IRC21:52
*** alee has joined #openstack-barbican21:53
*** zz_dimtruck is now known as dimtruck21:53
*** jroll has joined #openstack-barbican21:53
*** cpuga has quit IRC22:02
*** dave-mccowan has joined #openstack-barbican22:43
*** cpuga has joined #openstack-barbican23:36
*** cpuga has quit IRC23:37
*** cpuga has joined #openstack-barbican23:40
*** dimtruck is now known as zz_dimtruck23:48
*** zz_dimtruck is now known as dimtruck23:51

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!