Friday, 2018-04-27

*** rajat__ has joined #openstack-barbican04:25
openstackgerritNam Nguyen Hoai proposed openstack/barbican master: [WIP] Replace container resource using OVO
*** jmlowe has quit IRC04:34
openstackgerritNam Nguyen Hoai proposed openstack/barbican master: [WIP] Implement OVO for Barbican [3]
*** dayou has quit IRC04:45
*** dayou has joined #openstack-barbican05:06
*** jmlowe has joined #openstack-barbican05:33
*** pcaruana has joined #openstack-barbican06:33
*** pcaruana has quit IRC06:50
*** pcaruana has joined #openstack-barbican07:06
*** jaosorior has joined #openstack-barbican07:21
*** pcaruana has quit IRC08:56
*** pcaruana has joined #openstack-barbican09:07
*** umbSublime_ is now known as umbSublime09:31
*** annp has quit IRC09:44
*** raildo has joined #openstack-barbican11:07
*** abishop has joined #openstack-barbican11:45
jaosoriorcould I get some reviews for this ?11:56
*** jmlowe has quit IRC12:13
*** jmlowe has joined #openstack-barbican12:27
*** pbourke has quit IRC13:27
*** pbourke has joined #openstack-barbican13:28
*** pbourke has quit IRC13:29
*** dave-mccowan has joined #openstack-barbican13:55
*** dave-mccowan has quit IRC13:59
*** dave-mccowan has joined #openstack-barbican14:00
*** raildo has quit IRC14:10
*** raildo has joined #openstack-barbican14:16
*** alee has joined #openstack-barbican14:19
*** dave-mccowan has quit IRC14:42
*** dave-mccowan has joined #openstack-barbican14:43
*** dave-mcc_ has joined #openstack-barbican14:46
*** dave-mccowan has quit IRC14:48
*** pcaruana has quit IRC15:11
jaosoriorcould I get some reviews for this ?15:16
*** jaosorior has quit IRC15:35
*** raildo has quit IRC16:42
*** raildo has joined #openstack-barbican16:46
openstackgerritAde Lee proposed openstack/barbican master: Remove pycrypto from dogtag plugin
*** pbourke has joined #openstack-barbican17:07
*** pbourke has quit IRC17:10
*** pbourke has joined #openstack-barbican17:10
*** pbourke has quit IRC17:12
*** pbourke has joined #openstack-barbican17:13
*** raildo has quit IRC17:26
*** raildo has joined #openstack-barbican17:37
*** rmascena has joined #openstack-barbican17:46
*** raildo has quit IRC17:46
jmlowealee: Are you around?17:48
aleejmlowe, hey there17:49
aleejmlowe, I have a short meeting in about 10 minutes, but shoudl be free for awhile after that17:50
jmloweok, I think I may have finally gotten a working dogtag but now trying to store a secret "MissingArgumentError: Must supply non-None value argument for SecretStoreMetadatum entry"17:50
jmloweI feel like you had a quick one line deletion for this17:50
aleeyup - let me find that commit17:50
jmlowehmm, looks like I have that17:58
aleejmlowe, can you paste the stacktrace?17:59
aleejmlowe, when you store the secret, try to tail the kra debug log to make sure the request is actuallygetting there17:59
aleejmlowe, tail -f /var/log/pki/pki-tomcat/kra/debug18:00
aleeif something is happening then stuff showld scroll -- we'll know then if we're at least getting to dogtag18:01
jmlowemmm all the verbose java logging I love18:01
jmlowe"KRAService serviceRequest EBaseException:Can't decrypt passphrase."18:02
jmloweok, so back to debugging dogtag/kra18:02
aleejmlowe, ok  meeting over -- progress though - we know its going to dogtag18:11
aleejmlowe, can you try an order ?  ie. try to generate a key18:12
jmloweI finally gave up on trying to run dogtag in a container18:12
aleejmlowe, ah -so its on a different machine somewhere?18:12
jmlowesame node I was trying to run the container on, I'll just deal with it being messy18:13
aleejmlowe, I'll have to try i again soon aginst the latest ipa containers18:13
jmlowedifferent than barbican node though18:13
aleejmlowe, can you paste the dogtag stacktrace?18:14
aleejmlowe, I assume you're using nss db?  what version of dogtag?18:15
aleeand on what os? centos? fedra?18:15
jmlowecentos 718:16
aleejmlowe, which version -- rpm -q pki-ca18:16
aleejmlowe, ok - on your barbican node, you have an nss db in /etc/barbican/alias  I suspect ..18:18
aleeso what certs ae in there -- that is certutil -L -d /etc/barbican/alias18:18
jmlowecertutil -L -d /etc/barbican/alias18:19
jmloweCertificate Nickname                                         Trust Attributes18:19
jmlowe                                                             SSL,S/MIME,JAR/XPI18:19
jmloweKRA transport cert                                           ,,18:19
jmlowewell that didn't paste well18:19
aleenp -- was looking to see if the transport cert ws thee -- you can do certutil -L -d /etc/barbican/alias -n "KRA transport cert"18:20
aleeand compare whats there to the actual transport cert in the kra18:21
aleejmlowe, so in the kra, you should have a certdb at /etc/pki/pki-tomcat/alias18:21
aleejmlowe, wait - thats the admin cert18:22
jmloweso delete that18:22
jmloweit should be grabbing the right cert on startup?18:23
aleemaybe .. I recall adding code to do that ..18:24
aleejmlowe, we can also install it manually to be sure18:24
jmlowe        Subject: "CN=DRM Transport Certificate,OU=pki-tomcat,O=JETSTREAM"18:24
jmlowethere we go18:24
aleeok - much better18:24
jmloweHA! success!18:25
jmloweThank you! Going to Vancouver?18:25
aleeI am yes18:25
aleeyou too?18:25
jmloweI owe you some some sort of beverage18:26
jmloweI am18:26
aleeexcellent -- I'll be giving the project update/onbarding -- so please drop by if you dont see my otherwise18:26
jmloweWill do18:26
aleejmlowe, you might want to add some code I recently added to make the interaction with dogtag more robust ..18:27
aleejmlowe, added retries in case of a connection issue18:28
aleejmlowe, let me know if you run into any other issues18:29
*** rmascena has quit IRC20:13
*** raildo has joined #openstack-barbican20:18
*** livelace has joined #openstack-barbican20:37
*** abishop has quit IRC21:12
*** raildo has quit IRC21:38
*** abishop has joined #openstack-barbican21:43
*** livelace has quit IRC21:56
*** dave-mcc_ has quit IRC22:07

Generated by 2.15.3 by Marius Gedminas - find it at!