Tuesday, 2015-03-10

*** theanalyst has joined #openstack-swift		00:00
openstackgerrit	paul luse proposed openstack/swift: Erasure Code Reconstructor https://review.openstack.org/131872	00:24
*** dmorita has joined #openstack-swift		00:25
*** ho has joined #openstack-swift		00:28
ho	morning!	00:29
*** rdaly2 has joined #openstack-swift		00:30
*** rdaly2 has quit IRC		00:35
*** jrichli has joined #openstack-swift		00:44
*** gyee has quit IRC		00:44
openstackgerrit	Merged openstack/swift: Fix param description on _make_request https://review.openstack.org/162592	00:50
*** wshao has quit IRC		00:53
mattoliverau	ho: morning	01:00
*** thumpba has quit IRC		01:04
*** bkopilov has joined #openstack-swift		01:24
*** zhill_ has joined #openstack-swift		01:33
*** zhill_ has quit IRC		01:34
*** tellesnobrega_ has joined #openstack-swift		02:14
*** tellesnobrega_ has quit IRC		02:14
*** Anticimex has quit IRC		02:43
*** wshao has joined #openstack-swift		02:54
*** ho has quit IRC		02:55
*** ho has joined #openstack-swift		02:55
*** wshao has quit IRC		02:58
*** haomaiwang has joined #openstack-swift		03:19
*** bkopilov has quit IRC		03:30
*** theanalyst has quit IRC		03:48
*** jrichli has quit IRC		03:55
*** ppai has joined #openstack-swift		04:05
*** theanalyst has joined #openstack-swift		04:20
*** panbalag has quit IRC		04:26
*** wshao has joined #openstack-swift		04:48
*** SkyRocknRoll has joined #openstack-swift		04:53
*** wshao_ has joined #openstack-swift		04:53
*** wshao has quit IRC		04:57
*** daniel___ has joined #openstack-swift		04:59
*** zaitcev has quit IRC		05:04
*** daniel___ has quit IRC		05:07
*** bkopilov has joined #openstack-swift		05:16
openstackgerrit	Clay Gerrard proposed openstack/swift: Prefer policy to policy_index https://review.openstack.org/162775	05:40
openstackgerrit	Clay Gerrard proposed openstack/swift: Return 400 from object server if policy does not exist https://review.openstack.org/162696	05:54
*** ho__ has joined #openstack-swift		05:56
*** ho has quit IRC		05:58
*** km_ has joined #openstack-swift		05:58
*** km has quit IRC		05:59
*** ppai has quit IRC		06:06
clayg	tdasilva: I didn't even try to go find the object-versioning patch today - hope that's still going well	06:09
*** wshao_ has quit IRC		06:10
*** ppai has joined #openstack-swift		06:19
*** zhill_ has joined #openstack-swift		06:27
*** david-lyle has quit IRC		06:30
*** rdaly2 has joined #openstack-swift		06:35
*** david-lyle has joined #openstack-swift		06:39
*** rdaly2 has quit IRC		06:39
*** zhill_ has quit IRC		06:48
*** wshao has joined #openstack-swift		06:50
*** wshao has quit IRC		06:57
*** silor has joined #openstack-swift		07:03
*** bkopilov has quit IRC		07:07
openstackgerrit	Yuan Zhou proposed openstack/swift: Fix copy from different type policy https://review.openstack.org/162890	07:10
*** david-lyle is now known as david-lyle_afk		07:11
*** chlong has quit IRC		07:21
*** bkopilov has joined #openstack-swift		07:22
*** nshaikh has joined #openstack-swift		07:26
*** jistr has joined #openstack-swift		07:31
*** openstackgerrit has quit IRC		07:35
*** openstackgerrit has joined #openstack-swift		07:36
*** ppai has quit IRC		07:39
*** km_ has quit IRC		07:44
*** mmcardle has joined #openstack-swift		07:52
*** ppai has joined #openstack-swift		07:54
*** rledisez has joined #openstack-swift		08:09
openstackgerrit	Yuan Zhou proposed openstack/swift: Fix Etag check on EC put for if_none_match https://review.openstack.org/162905	08:13
*** silor has quit IRC		08:14
*** Anticimex has joined #openstack-swift		08:20
*** geaaru has joined #openstack-swift		08:23
*** ho__ has quit IRC		08:27
*** haomaiwang has quit IRC		08:32
*** rdaly2 has joined #openstack-swift		08:36
*** haomaiwang has joined #openstack-swift		08:37
*** rdaly2 has quit IRC		08:41
openstackgerrit	Yuan Zhou proposed openstack/swift: Fix EC PUT on HTTP_CONFLICT or HTTP_PRECONDITION_FAILED https://review.openstack.org/162047	08:58
*** acoles_away is now known as acoles		08:58
*** silor has joined #openstack-swift		08:59
*** ho has joined #openstack-swift		09:01
openstackgerrit	Daisuke Morita proposed openstack/swift: object-updater runs for all async_pending directories https://review.openstack.org/141252	09:05
*** nellysmitt has joined #openstack-swift		09:06
*** aix has joined #openstack-swift		09:19
*** nshaikh has quit IRC		09:20
*** david-lyle_afk has quit IRC		09:30
*** david-lyle_afk has joined #openstack-swift		09:30
*** jistr has quit IRC		09:34
*** jistr has joined #openstack-swift		09:46
*** bkopilov has quit IRC		10:15
*** chlong has joined #openstack-swift		10:17
*** me has joined #openstack-swift		10:30
*** me is now known as Guest2514		10:30
donagh	acoles: I just re-read the crypto spec...there was a paragraph I could not parse; otherwise looking good.	10:31
Guest2514	good morning everybody! :)	10:31
*** aix has quit IRC		10:32
acoles	donagh: thanks!	10:32
Guest2514	i'm deploying swift on a ubuntu14.04 VM using this doc http://docs.openstack.org/developer/swift/development_saio.html#common-post-device-setup	10:32
Guest2514	i get an error when i try to build swift	10:33
Guest2514	cd $HOME/swift; sudo python setup.py develop; cd -	10:34
Guest2514	running develop	10:34
Guest2514	running egg_info	10:34
Guest2514	writing pbr to swift.egg-info/pbr.json	10:34
Guest2514	writing requirements to swift.egg-info/requires.txt	10:34
Guest2514	writing swift.egg-info/PKG-INFO	10:34
Guest2514	writing top-level names to swift.egg-info/top_level.txt	10:34
Guest2514	writing dependency_links to swift.egg-info/dependency_links.txt	10:34
Guest2514	writing entry points to swift.egg-info/entry_points.txt	10:34
Guest2514	[pbr] Reusing existing SOURCES.txt	10:34
Guest2514	running build_ext	10:34
Guest2514	Creating /usr/local/lib/python2.7/dist-packages/swift.egg-link (link to .)	10:34
Guest2514	swift 2.2.2.post113 is already the active version in easy-install.pth	10:34
Guest2514	Installing swift-account-audit script to /usr/local/bin	10:34
Guest2514	Installing swift-account-auditor script to /usr/local/bin	10:34
Guest2514	Installing swift-account-info script to /usr/local/bin	10:34
Guest2514	Installing swift-account-reaper script to /usr/local/bin	10:34
Guest2514	Installing swift-account-replicator script to /usr/local/bin	10:34
Guest2514	Installing swift-account-server script to /usr/local/bin	10:34
Guest2514	Installing swift-config script to /usr/local/bin	10:34
Guest2514	Installing swift-container-auditor script to /usr/local/bin	10:34
Guest2514	Installing swift-container-info script to /usr/local/bin	10:34
Guest2514	Installing swift-container-replicator script to /usr/local/bin	10:34
Guest2514	Installing swift-container-server script to /usr/local/bin	10:34
Guest2514	Installing swift-container-sync script to /usr/local/bin	10:34
Guest2514	Installing swift-container-updater script to /usr/local/bin	10:34
Guest2514	Installing swift-container-reconciler script to /usr/local/bin	10:34
ekarlso	Guest2514: ... please use pastebin :p	10:34
Guest2514	Installing swift-reconciler-enqueue script to /usr/local/bin	10:34
Guest2514	Installing swift-dispersion-populate script to /usr/local/bin	10:35
ekarlso	paste.openstack.org	10:35
Guest2514	Installing swift-dispersion-report script to /usr/local/bin	10:35
Guest2514	Installing swift-drive-audit script to /usr/local/bin	10:35
Guest2514	Installing swift-form-signature script to /usr/local/bin	10:35
Guest2514	Installing swift-get-nodes script to /usr/local/bin	10:35
Guest2514	Installing swift-init script to /usr/local/bin	10:35
Guest2514	Installing swift-object-auditor script to /usr/local/bin	10:35
Guest2514	Installing swift-object-expirer script to /usr/local/bin	10:35
Guest2514	Installing swift-object-info script to /usr/local/bin	10:35
Guest2514	Installing swift-object-replicator script to /usr/local/bin	10:35
Guest2514	Installing swift-object-server scr	10:35
Guest2514	Installing swift-object-updater script to /usr/local/bin	10:35
Guest2514	Installing swift-oldies script to /usr/local/bin	10:35
Guest2514	Installing swift-orphans script to /usr/local/bin	10:35
Guest2514	Installing swift-proxy-server script to /usr/local/bin	10:35
Guest2514	Installing swift-recon script to /usr/local/bin	10:35
Guest2514	Installing swift-recon-cron script to /usr/local/bin	10:35
Guest2514	Installing swift-ring-builder script to /usr/local/bin	10:35
Guest2514	Installing swift-temp-url script to /usr/local/bin	10:35
Guest2514	Installed /home/med/swift	10:35
Guest2514	Processing dependencies for swift==2.2.2.post113	10:35
Guest2514	Searching for xattr>=0.4	10:35
Guest2514	Reading https://pypi.python.org/simple/xattr/	10:35
Guest2514	Best match: xattr 0.7.5	10:35
Guest2514	Downloading https://pypi.python.org/packages/source/x/xattr/xattr-0.7.5.tar.gz#md5=42e727fef24c8eda20ea00d89da2c9e1	10:35
Guest2514	Processing xattr-0.7.5.tar.gz	10:35
Guest2514	Writing /tmp/easy_install-RHVL6g/xattr-0.7.5/setup.cfg	10:35
Guest2514	Running xattr-0.7.5/setup.py -q bdist_egg --dist-dir /tmp/easy_install-RHVL6g/xattr-0.7.5/egg-dist-tmp-Yu1xM9	10:35
Guest2514	Searching for cffi>=0.4	10:36
Guest2514	Reading https://pypi.python.org/simple/cffi/	10:36
Guest2514	Best match: cffi 0.9.1	10:36
Guest2514	Downloading https://pypi.python.org/packages/source/c/cffi/cffi-0.9.1.tar.gz#md5=8dbdf23c600845b75654024e434601ce	10:36
Guest2514	Processing cffi-0.9.1.tar.gz	10:36
Guest2514	Writing /tmp/easy_install-RHVL6g/xattr-0.7.5/temp/easy_install-M1u9rq/cffi-0.9.1/setup.cfg	10:36
Guest2514	Running cffi-0.9.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install-RHVL6g/xattr-0.7.5/temp/easy_install-M1u9rq/cffi-0.9.1/egg-dist-tmp-WnXLZu	10:36
Guest2514	Package libffi was not found in the pkg-config search path.	10:36
Guest2514	Perhaps you should add the directory containing `libffi.pc'	10:36
Guest2514	to the PKG_CONFIG_PATH environment variable	10:36
Guest2514	No package 'libffi' found	10:36
Guest2514	Package libffi was not found in the pkg-config search path.	10:36
Guest2514	Perhaps you should add the directory containing `libffi.pc'	10:36
Guest2514	to the PKG_CONFIG_PATH environment variable	10:36
Guest2514	No package 'libffi' found	10:36
Guest2514	Package libffi was not found in the pkg-config search path.	10:36
Guest2514	Perhaps you should add the directory containing `libffi.pc'	10:36
Guest2514	to the PKG_CONFIG_PATH environment variable	10:36
Guest2514	No package 'libffi' found	10:36
Guest2514	Package libffi was not found in the pkg-config search path.	10:36
Guest2514	Perhaps you should add the directory containing	10:36
Guest2514	to the PKG_CONFIG_PATH environment variable	10:36
Guest2514	No package 'libffi' found	10:36
Guest2514	compiling '_configtest.c':	10:36
Guest2514	__thread int some_threadlocal_variable_42;	10:36
Guest2514	x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -c _configtest.c -o _configtest.o	10:36
Guest2514	success!	10:37
Guest2514	removing: _configtest.c _configtest.o	10:37
Guest2514	c/_cffi_backend.c:13:17: fatal error: ffi.h: No such file or directory	10:37
Guest2514	#include <ffi.h>	10:37
Guest2514	^	10:37
Guest2514	compilation terminated.	10:37
Guest2514	error: Setup script exited with error: command 'x86_64-linux-gnu-gcc' failed with exit status 1	10:37
Guest2514	can anybody help me on that ?	10:37
*** rdaly2 has joined #openstack-swift		10:38
*** nellysmitt has quit IRC		10:41
*** rdaly2 has quit IRC		10:42
*** chlong has quit IRC		10:51
openstackgerrit	Alistair Coles proposed openstack/swift: Allow swift-object-info to inspect .meta and .ts files https://review.openstack.org/162306	10:51
*** ho has quit IRC		10:52
*** haomaiwang has quit IRC		10:53
*** aix has joined #openstack-swift		10:57
ahale	apt-get install python-cffi ? should probably find a pastebin too or something	10:58
Guest2514	@ahale: thank you it worked !! xD	11:02
Guest2514	that package have to be mentioned in the 'dependencies section' of the doc	11:03
ahale	yep I'm surprised it wasn't pulled in by something else, should probs get added indeed	11:08
acoles	Guest2514: which doc are you following? did you install the packages listed here?	11:09
ahale	fwiw, I build a SAIO by copy pasting the docs at the weekend with no problems	11:09
*** nellysmitt has joined #openstack-swift		11:09
*** Krast has quit IRC		11:09
acoles	Guest2514: sorry, forgot link http://docs.openstack.org/developer/swift/development_saio.html#installing-dependencies	11:10
Guest2514	i following the official doc http://docs.openstack.org/developer/swift/development_saio.html	11:10
Guest2514	i dont know,may be "python-cffi" is installed by defaut in some distros. I had to install it manually in my 14.04 VM	11:14
ahale	hm, from your paste you have xattr getting installed by pip pulling in cffi, while my 14.04 vm got it in the second apt-get install	11:20
openstackgerrit	Alistair Coles proposed openstack/swift-specs: Updates to encryption spec https://review.openstack.org/154318	11:23
*** bkopilov has joined #openstack-swift		11:25
*** SkyRocknRoll has quit IRC		11:28
rsFF	Hi there,	11:29
rsFF	could someone give me some information on this, https://bugs.launchpad.net/swift/+bug/1428866	11:29
openstack	Launchpad bug 1428866 in OpenStack Object Storage (swift) "swift-object-info display for sysmeta" [Wishlist,In progress] - Assigned to Ricardo Ferreira (rsff)	11:29
*** Guest2514 is now known as notme		11:30
*** notme is now known as Guest11309		11:30
*** Guest11309 is now known as m_h		11:31
*** m_h is now known as m_han		11:31
acoles	rsFF: i can try to help, do you have a specific question?	11:44
*** panbalag has joined #openstack-swift		11:47
rsFF	yes acoles, the output is somewhat like this:http://pastebin.com/938SSZHK	11:49
rsFF	Im not understanding what should be in a line	11:49
rsFF	cos I can grep each field of that output...	11:50
acoles	rsFF: if i understand the bug report from clayg the goal is to separate 'user metadata' from 'sysmeta' in the output	11:52
acoles	rsFF: see http://docs.openstack.org/developer/swift/development_middleware.html#swift-metadata for info on sysmeta	11:52
rsFF	hummmm ok, separate what is sysmeta vs meta...	11:53
acoles	rsFF: so print_obj_metadata would need to iterate over the metadata dict and parse keys to match either x-object-meta-* or x-object-sysmeta-*	11:54
acoles	rsFF: and group them separately in the output	11:54
rsFF	roger	11:54
rsFF	ty	11:55
acoles	rsFF: and, secondly, looks like clayg would like them listed one per line	11:55
acoles	rsFF: check out https://github.com/openstack/swift/blob/master/swift/common/request_helpers.py#L136-136 for useful helper methods	11:56
openstackgerrit	Denis Cavalcante proposed openstack/swift: Add storage policy support for sorting method https://review.openstack.org/160877	11:56
acoles	rsFF: and note that a client request cannot set sysmeta (it is reserved for internal use and stripped from client requests by proxy server) so actually getting some sysmeta into an object .data file to test will require a request direct to the object server - ask if you need help	11:59
rsFF	yeah i would like that, also if you have any more tips on setting up and env for testing, i currently use vim and print for the debug process, is it possible to integrate some IDE with remote debugging?	12:02
*** SkyRocknRoll has joined #openstack-swift		12:03
*** SkyRocknRoll has quit IRC		12:03
*** SkyRocknRoll has joined #openstack-swift		12:03
*** dmorita has quit IRC		12:24
*** rdaly2 has joined #openstack-swift		12:40
*** rdaly2 has quit IRC		12:44
*** jistr has quit IRC		12:47
*** jistr has joined #openstack-swift		12:48
*** nellysmitt has quit IRC		12:49
*** annegentle has joined #openstack-swift		12:51
openstackgerrit	Yuan Zhou proposed openstack/swift: Fix EC PUT on HTTP_CONFLICT or HTTP_PRECONDITION_FAILED https://review.openstack.org/162047	12:53
*** cdelatte has joined #openstack-swift		13:01
*** bkopilov has quit IRC		13:04
*** zul has quit IRC		13:04
*** jistr has quit IRC		13:04
*** jistr has joined #openstack-swift		13:05
*** zul has joined #openstack-swift		13:09
*** fifieldt has joined #openstack-swift		13:14
*** bkopilov has joined #openstack-swift		13:18
acoles	rsFF: this may help with creating some sysmeta in a .meta file to test against https://gist.github.com/alistairncoles/b7d67db06eda62d4bed2	13:19
acoles	rsFF: or maybe swiftly https://github.com/gholt/swiftly	13:20
*** mahatic has joined #openstack-swift		13:21
*** ppai has quit IRC		13:27
openstackgerrit	Stuart McLaren proposed openstack/python-swiftclient: Allow reading from object body on download https://review.openstack.org/155291	13:33
openstackgerrit	Elvis Teixeira proposed openstack/swift: Use assertTrue/False instead of assertEqual(*, True/False) https://review.openstack.org/163000	13:33
*** mmcardle has quit IRC		13:34
*** rdaly2 has joined #openstack-swift		13:44
*** mmcardle has joined #openstack-swift		13:48
*** annegentle has quit IRC		13:51
*** lcurtis has joined #openstack-swift		13:57
*** mahatic has quit IRC		14:01
*** nshaikh has joined #openstack-swift		14:03
*** rdaly2 has quit IRC		14:03
notmyname	good morning	14:07
*** annegentle has joined #openstack-swift		14:08
*** rdaly2 has joined #openstack-swift		14:09
*** annegentle has quit IRC		14:11
rsFF	acoles - thanks!	14:11
acoles	notmyname: morning!	14:14
*** mahatic has joined #openstack-swift		14:15
*** SkyRocknRoll has quit IRC		14:22
openstackgerrit	Elvis Teixeira proposed openstack/swift: Use assertTrue/False instead of assertEqual(*, True/False) https://review.openstack.org/163000	14:23
openstackgerrit	Donagh McCabe proposed openstack/swift: Support HTTP_X_SERVICE_IDENTITY_STATUS in keystoneauth https://review.openstack.org/156634	14:25
*** Guest75125 has joined #openstack-swift		14:30
cschwede	Hello everyone!	14:36
acoles	cschwede: hi	14:39
cschwede	acoles: hello Alistair!	14:41
notmyname	guten tag	14:43
*** Guest75125 is now known as notsogentle		14:43
*** notsogentle is now known as agentle_		14:43
*** nshaikh has quit IRC		14:44
*** agentle_ has quit IRC		15:05
*** david-lyle_afk is now known as david-lyle		15:23
*** jrichli has joined #openstack-swift		15:28
notmyname	reminder that there is no meeting tomorrow	15:31
*** thurloat has quit IRC		15:35
*** swat30 has quit IRC		15:35
*** delattec has joined #openstack-swift		15:37
*** cdelatte has quit IRC		15:39
*** swat30 has joined #openstack-swift		15:39
*** thurloat has joined #openstack-swift		15:40
*** gyee has joined #openstack-swift		15:46
*** fifieldt has quit IRC		15:57
*** bill_az has joined #openstack-swift		16:01
*** bkopilov has quit IRC		16:02
*** mahatic has quit IRC		16:09
*** zhill_ has joined #openstack-swift		16:09
*** agentle_ has joined #openstack-swift		16:10
*** delatte has joined #openstack-swift		16:10
*** delattec has quit IRC		16:13
straycat	Hi	16:13
straycat	I'm running into trouble with swift, I've configured it to use v2 apis as per http://docs.openstack.org/juno/install-guide/install/apt/content/swift-install-controller-node.html but the logs tell me it's using v3, I haven't been able to find out why yet	16:14
*** homegrown_ has quit IRC		16:18
acoles	straycat: what did you do to specifically configure v2 api? looks like that doc configures using keystone, but not a specific api version	16:19
straycat	acoles, I thought the api version was specified by the auth_uri, which in this case is 'auth_uri = http://controller:5000/v2.0'	16:20
straycat	If that's not the case how is the api version used determined?	16:24
acoles	straycat: its identity_uri that specifies the keystone service endpoint	16:24
acoles	straycat: auth_uri is a value that gets returned in www-authenticate header if request is denied	16:25
straycat	Ahh okay	16:25
acoles	straycat: the identity_uri api version is auto-discovered and these days defaults to v3	16:25
straycat	So can/should I specify the api version in the identity_uri?	16:26
acoles	straycat: so auth_uri should be publically visible endpoint your client can go to to re-authorize, whereas identity_uri may only be visible to the swift service	16:27
* straycat nods		16:27
acoles	straycat: err, i'm not sure about specifying api in identity_uri :/ if you did, you'd add either /v2.0 or /v3	16:28
straycat	Right	16:28
acoles	straycat: but as i say afaik it now 'discovers' the latest available api and defaults to that (preferring v3 over v2.0)	16:29
straycat	Okay that might explain the problem I'm having, I'll check my keystone config out more carefully	16:30
acoles	straycat: i'll just try adding v2.0 to identity_uri and get back to you...	16:31
clayg	morning	16:32
straycat	acoles, wow thanks, i appreciate the help	16:32
clayg	acoles: evening	16:32
acoles	clayg: hi	16:33
clayg	yuanz: yay! 162890 copy fix!	16:35
* clayg runs off to run functests		16:35
*** delattec has joined #openstack-swift		16:35
*** mahatic has joined #openstack-swift		16:36
*** delatte has quit IRC		16:38
acoles	straycat: adding /v2.0 to identity_uril wasn't good. adding auth_version = v2.0 inf [filter:authtoken] seems to work and judging by keystone logs is making calls to v2.0 api. ymmv of course :)	16:38
*** rdaly2 has quit IRC		16:39
acoles	straycat: for ref, config opts are here https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L240-240 . sorry to point you at code but in my experience is that unfortunately the authtoken middleware docs may not be up to date	16:40
straycat	acoles, no problem thanks for all your help :)	16:40
acoles	straycat: ok good luck	16:43
*** rdaly2 has joined #openstack-swift		16:46
*** delatte has joined #openstack-swift		16:51
*** delattec has quit IRC		16:51
*** agentle_ has quit IRC		16:58
acoles	clayg: been on other stuff so far today, not looked at the policy/policy-index patch(es) - but thanks for the comments	16:59
*** gyee has quit IRC		17:00
*** jistr has quit IRC		17:01
acoles	clayg: i kinda get you about int(policy) - big hint about the type	17:01
*** gyee has joined #openstack-swift		17:02
*** thumpba has joined #openstack-swift		17:03
*** thumpba_ has joined #openstack-swift		17:07
*** gyee has quit IRC		17:07
*** thumpba has quit IRC		17:10
openstackgerrit	Clay Gerrard proposed openstack/swift: Prefer policy to policy_index https://review.openstack.org/162775	17:20
clayg	acoles: yeah no worries	17:20
acoles	clayg: i just started looking over then again	17:21
clayg	acoles: ok, well I'd like to chat soon without you about the per-policy-diskfile idea - obviously tons of functional stuff we still need to work out but i really appreciate your help and would love to also be helpful to you	17:21
clayg	s/without/with :P	17:21
torgomatic	holy scrollback, Batman	17:21
acoles	torgomatic: lol you hit the setup.py stacktrace i presume	17:22
torgomatic	acoles: yup	17:22
acoles	clay: ack.	17:22
acoles	clay lol - chatting without me could be the better way to go	17:23
clayg	no no no	17:23
*** zhill_ has quit IRC		17:26
*** rledisez has quit IRC		17:29
*** silor has quit IRC		17:31
acoles	clayg: peluse: torgomatic: notmyname: about the .durable files...presumably we should be fsync'ing them? because without them we have no object.	17:40
torgomatic	makes sense to me	17:40
notmyname	+1	17:40
acoles	in which case we would't want to go fsyncing the dir until both the data and durable are written, like if we were to fscync the dir ever	17:41
acoles	one dir fsync is bad enough, two would be profligate	17:43
*** Nadeem has joined #openstack-swift		17:44
clayg	acoles: in an ideal world - sure	17:45
*** geaaru has quit IRC		17:49
*** fbo has quit IRC		18:01
*** tab_ has joined #openstack-swift		18:01
*** rdaly2 has quit IRC		18:03
*** tsg_ has quit IRC		18:04
*** bkopilov has joined #openstack-swift		18:05
*** rdaly2 has joined #openstack-swift		18:10
*** dencaval has joined #openstack-swift		18:15
*** gyee has joined #openstack-swift		18:17
*** fbo has joined #openstack-swift		18:25
acoles	clayg: ok i had a quick look but a bit pressed or time this evening - no problem at all with you taking/squashing 162696 into 162775 or whatever - if i don't have to go through the multi-FI patch checking for policy != None all over the place then I'm happy :)	18:28
acoles	clayg: and yeah lets chat on per-policy-diskfile soon (tomorrow?) but i gotta go now, sorry	18:29
straycat	It's odd that swift detects a v3 api, there's no v3 endpoint.	18:33
*** thumpba_ has quit IRC		18:38
*** thumpba has joined #openstack-swift		18:40
*** thumpba_ has joined #openstack-swift		18:41
torgomatic	I'm a little confused about the direction some of the EC work is going; what's up with all the storage-policy knowledge getting into the object servers?	18:42
torgomatic	it started out being do-what-the-proxy-tells-you and now it's getting more smarts-in-the-object-server	18:43
*** thumpba has quit IRC		18:45
*** panbalag has quit IRC		18:45
*** panbalag has joined #openstack-swift		18:45
clayg	acoles: tommorrow wfm	18:46
acoles	clayg: ok	18:46
*** agentle_ has joined #openstack-swift		18:50
*** agentle_ has quit IRC		18:55
*** agentle_ has joined #openstack-swift		18:55
*** wshao has joined #openstack-swift		19:00
*** wshao has left #openstack-swift		19:02
*** wshao has joined #openstack-swift		19:03
*** acoles is now known as acoles_away		19:05
peluse	torgomatic, tell me about it!	19:15
*** erlon has joined #openstack-swift		19:22
*** bill_az has quit IRC		19:24
*** wshao has quit IRC		19:35
*** wshao has joined #openstack-swift		19:37
*** vishy has joined #openstack-swift		19:38
*** wshao has quit IRC		19:41
clayg	tdasilva: hey! you know what I want - anything I can do to help?	19:42
tdasilva	clayg: Hey! sorry, i've just been really busy with some other work	19:42
tdasilva	but getting back on obj. versioning today	19:42
clayg	tdasilva: it's no problem, i'm really not trying to rush - I'm really just looking for anything I can do to help - but if you don't have anything that I could be useful doing - I'm happy to wait - just let me know	19:45
tdasilva	clayg: I did have a question for you tho. Last friday we talked about that issue I raised about the Delete with ACLs and we decided to fix it so that users don't need any acls on the versioned container	19:46
tdasilva	but I was thinking that the current behavior could actually be used as a feature :-)	19:46
tdasilva	similar to what cschwede has proposed before	19:47
tdasilva	where users would be able to write to a container and objects get versioned and maybe never be deleted	19:47
tdasilva	without admin access	19:47
clayg	tdasilva: ok, yeah let me think about that	19:48
tdasilva	clayg: ok...feel free to tell it's a really dumb idea :P	19:48
clayg	because - yes - i totally agree there's an overlap with the undelete and versions - and I like the idea that an operator or account admin could give access to a container that is "safe" w/o having to give access to the backups/shadow-copies/versioned objects that are protecting it	19:49
tdasilva	right!	19:49
clayg	i just don't know if that requires the existing version middleware to not work in this state...	19:50
clayg	brb	19:50
tdasilva	ok	19:50
*** NM has joined #openstack-swift		19:53
NM	Hello guys.	19:55
NM	Do you use any kind of script to test a storage node after an upgrade? I was thinking about writing a code do upload a file and then using swift-ring-builder check if everything is fine.	19:55
*** Tahmina has joined #openstack-swift		19:55
*** aix has quit IRC		19:57
*** mahatic has quit IRC		19:59
*** dencaval has quit IRC		20:12
clayg	NM: swift-dispersion-report sends out object writes to some % of the partition space (maybe up to 100%) - and it talks to nodes directly on the backend - be a good script for some other reasons and may cover some of the goals you're describing	20:13
clayg	tdasilva: I'm pretty much convinced myself that allowing zero-byte PUT but making DELETE return some sort of 40X is only the illusion of protection	20:14
tdasilva	well..not if the object gets versioned, no?	20:14
tdasilva	i'd agree with you if there was no versioning	20:14
clayg	tdasilva: if anything the lack of the x-version-location container listing calls into question the usefulness of the existing version implementation - there's no good way to do a restore	20:15
NM	clayg: That seens nice. I'll read about it.	20:15
clayg	tdasilva: well i just mean it doesn't prevent the source location for having data removed - but i guess i see what you mean about making it so they can't delete any versions of the object - maybe from like an audit perspective	20:16
clayg	tdasilva: I think it's a pretty janky use-case - but if it's existing behavior I suppose there's some change some client is expecting it	20:16
clayg	tdasilva: more likely if someone has a read/write acl'd container with a version location they're storing objects in it but don't realize they can't delete - i'd guess	20:17
tdasilva	clayg: Yeah, the thought just came to mind that with the current behavior we can actually meet different use cases	20:19
*** delatte has quit IRC		20:19
tdasilva	1. regular object versioning: jsut give read and write to both containers	20:19
tdasilva	2. auditing: just give write source container	20:19
tdasilva	but I also did think of the fact that we might already be trying to provide a similar feature with undelete	20:20
tdasilva	so no need to fuss with it in object versioning	20:20
clayg	tdasilva: i dont know - you might have a case	20:22
clayg	tdasilva: if it didn't already work this way I think i'd be pretty skeptical - but justifying any change in behavior needs to be pretty solid - http://xkcd.com/1172/	20:24
tdasilva	rofl..do you keep a log of these links somewhere? you always seem to have the perfect analogy for the discussed topic	20:25
*** cdelatte has joined #openstack-swift		20:41
clayg	google just finds them for me	20:46
mattoliverau	Morning	21:13
*** Tahmina has quit IRC		21:17
*** rdaly2 has quit IRC		21:26
tdasilva	mattoliverau: hi! how's the long weekend?	21:30
*** rdaly2 has joined #openstack-swift		21:31
mattoliverau	tdasilva: nice, my parents were visiting so was great catching up :) nice work on all the EC stuff you've been working on, I for one have been impressed :)	21:32
mattoliverau	And an extra day of is always nice ;)	21:33
tdasilva	mattoliverau: yes, definitely	21:33
tdasilva	mattoliverau: looks like there's a a thon of activity with EC in the past few days so I need to catch up with reviews	21:34
mattoliverau	You and me both :)	21:36
*** tsg has joined #openstack-swift		21:39
*** chlong has joined #openstack-swift		21:40
*** NM has quit IRC		21:48
clayg	tdasilva: it would be a huge contribution to the EC effort to get get versioned objects extracted to middleware - boarderline superhuman if you manage to eek out COPY as well	21:57
tdasilva	clayg: I think I found a couple of issues with that ACL scheme that makes it not work as a good auditing tool. 1. If user writes just one version of the object, then he will be able to delete it, because we only version on the 2nd PUT. 2. If only read access is given to x-versions-location, then on a DELETE system will copy previous version to source container, but not DELETE the object in x-versions-location	21:58
clayg	torgomatic: did you see yuanz's fix for COPY - this controller routing stuff has teeth :\ (https://review.openstack.org/#/c/162890/)	21:58
tdasilva	clayg: have you seen this: https://review.openstack.org/#/c/156923/ ?	21:59
clayg	tdasilva: idk, I thought we do the container listing before the delete - won't it blow up early enough that DELETE's just wont work at all w/o read access to the target container	21:59
clayg	tdasilva: i haven't looked at it much - it seemed not quite finished	21:59
clayg	tdasilva: have you tried it? you think it'll work?	22:00
tdasilva	no, it is not...was just pointing out that the work has started	22:00
tdasilva	planning to help ppai with it	22:00
clayg	versions first - I'd be happy to help as well - if it seems manageable it's in front of the ECObjectController PUT refactor	22:00
tdasilva	yep	22:01
clayg	notmyname: I took a stab at making loadapp work with a default config string	22:01
clayg	notmyname: it would... "work" - but... well I don't see any better options :'(	22:01
clayg	notmyname: I mean upstream patch obviously - we should get config_dir upstream too because it would make an olso migration much more palitable if paste supported loading from config dir's naitively	22:02
tdasilva	clayg: so back to versions: yes, the container listing is done before the DELETE, but the COPY as well...so if an admin gave the user read (but not write) then they would be able to do listing and even the copy, but not the final delete, which i think leaves it in a weird state where you overwrite the object in the source container, but did not delete it from the x-versions-location	22:03
*** tsg has quit IRC		22:03
openstackgerrit	Clay Gerrard proposed openstack/swift: Trick paste.deploy's loadapp into reading a config from a string https://review.openstack.org/163209	22:05
clayg	^ defintely the worst hack evar - anyone that needs a laugh should go check it out	22:06
clayg	tdasilva: oic, so DELETE, DELETE, DELETE just keeps copying the same object over - but you get an error back right?	22:07
*** chlong has quit IRC		22:07
tdasilva	yes	22:07
*** agentle_ has quit IRC		22:07
tdasilva	and I think point 1 above is really bad too	22:07
tdasilva	at least to claim this as a feature for auditing purposes	22:08
clayg	tdasilva: anyway I think that behavior sucks - and at lest with read access to the container you can do some sort of sane restore workflow	22:08
clayg	tdasilva: oh, if they have read access to the version location the listing will pass, turn up empty and remove the object without ever having a copy in the version location where it's safe - got it	22:09
clayg	yeah I think the new rev of versions that works more like shadow copy will cover this usecase better	22:10
clayg	it'll be great to have in middleware - easier to experiment with different workflows and use-cases	22:10
clayg	so yeah point 1 kills the audit workflow - it's amazing it almost worked as well as it did since that was obviously not the intention	22:11
clayg	tdasilva: but if you don't give read or write access to the version location that does efectively implement no data is ever deleted - only moved when you PUT	22:11
clayg	but it's so wonky I don't think it's worth trying to maintain	22:12
*** rdaly2 has quit IRC		22:12
tdasilva	true and true	22:12
clayg	let's assume anyone with a version location that doesn't have read/write is broken, so we're back to either fixing PUT or fixing DELETE - and I think we honestly could surprise someone with 40X if we make PUT not work until the ACL the version location	22:13
clayg	i'm as skeptical as ever that someone would be surprised if DELETE started "working" - but I guess it's possible - fuuuuuu	22:14
tdasilva	yeah..i was thinking of just fixing DELETE to use preauth, then I think we just need to document it really well	22:15
clayg	of course at least if we fix PUT they have a way to fix it - assuming they weren't relying somehow on the fact that a user can write to the source but not the version location	22:15
clayg	it's such a non feature to begin with - if you don't have read access to the version location you can't do a restore - if we allow DELETE to pop entries out of the version location you basically have write - so it's sorta crazy to maintain the preauthed behavior	22:17
clayg	i feel like fixing PUT might somehow be more defensible - i'm pretty sure we were all surprised it worked at all	22:18
tdasilva	do you mean "fix PUT" to be something like return 40X if user doesn't have read/write to versions-location?	22:19
clayg	tdasilva: anyway, fix it whichever way it's easier to code - but leaving the current behavior I think is wrong	22:19
clayg	tdasilva: yeah you can't PUT to a versioned container unless you have write access to the version location, you can't DELETE from a versioned container unless you have read access to the version location - something like that would make perfect sense I think	22:20
clayg	it's not a security audit feature - I'm not really sure how the write path managed to sneak past an authorization check on the version location container really	22:20
*** agentle_ has joined #openstack-swift		22:25
tdasilva	clayg: sorry, but just thought of something else: how big of a concern or how much do you think ops rely on having a single versions-location container for multiple containers. The reason I ask is because we have code specifically to handle that scenario and my concern is that if ops like that feature, then they might not be happy with giving read access to x-versions-location. If this is a true concern, then we might	22:36
tdasilva	need to fix DELETE instead	22:36
*** jrichli has quit IRC		22:41
*** agentle_ has quit IRC		22:47
clayg	tdasilva: well version location isn't	22:49
clayg	cross account	22:49
clayg	so it'd be multiple containers in the account - so id' think an admin/swift_owner still has read access	22:50
clayg	because of DELETE and restore being broken I think maybe someone doesn't have write access to version location - but they probably have read - maybe?	22:50
*** lcurtis has quit IRC		22:52
tdasilva	clayg: I was concerned for the case of one account and multiple "regular" users, with each just having access to their own container	22:52
tdasilva	clayg: is that a scenario you have seen before?	22:53
clayg	multiple non-swift-owner users with read/write to subset of containers sure - but I'm not sure if any of those containers would have an x-version-location to a container that they don't have read access too	22:54
clayg	tdasilva: i'm spinning up master now to play around with current behavior	22:54
tdasilva	ok...i'm sending up a new patchset for you to take a look and we can adjust accordingly	22:54
tdasilva	sorry if it seems like we are just spinning our wheels but new use cases just keep coming up	22:55
clayg	tdasilva: isn't having multiple containers pointing to the same x-versions-location broken because of the duplicate object name issue? like the little 3 char hash maybe only uses the source object name - not the source container/object name?	22:58
tdasilva	yes, but I think that was done in the first place to handle that exact scenario, it seems like it was just done with a bug :)	22:59
clayg	oh weird - it's just a length of the object name - i have no idea why that's there - notmyname?	23:02
*** erlon has quit IRC		23:11
openstackgerrit	Thiago da Silva proposed openstack/swift: versioned writes middleware https://review.openstack.org/134347	23:13
clayg	man it's really hard to reason about which object is where because there's no x-timestamp mangling - it's just the time when the copy happened nothing referencing the original objects life cycle	23:24
clayg	with read access to the x-versions-location DELETE is quite confusing indeed	23:25
clayg	write access to the x-version-location doesn't seem to have any effect on the behavior	23:26
clayg	tdasilva: i'm seeing no read access to x-versions-location disables all deletes (even the first one if there's no old versions)	23:30
clayg	tdasilva: so no read access to x-versions-location is a possible audit in that you can upload objects forever and never delete them (but you also can't restore old versions :\)	23:31
tdasilva	clayg: i see, because that would return an error right away	23:32
tdasilva	as the listing fails	23:33
*** david-lyle is now known as david-lyle_afk		23:33
clayg	tdasilva: yeah	23:40
clayg	tdasilva: you know I'm not sure the ability to write to the x-versions-location isn't a regression... I don't really see the code that is allowing it - when PUT constructs the COPY I think it's expecting the PUT to the x-version-location to call authorize...	23:41
*** tab_ has quit IRC		23:44
tdasilva	but that COPY request does not container "swift.authorize", right?	23:45
tdasilva	clayg: ^https://github.com/openstack/swift/blob/master/swift/proxy/controllers/obj.py#L541	23:45
clayg	tdasilva: yeah i just confirmed that it does not	23:46
*** chlong has joined #openstack-swift		23:54
clayg	tdasilva: so if i was going to try and fix master it'd be much easier to use make_subrequest when building the copy_req I think than it would be to add preauth requests to DELETE's listing and COPY requests	23:55
*** gyee has quit IRC		23:55
tdasilva	you mean use make_subrequest on the PUT, right?	23:56
clayg	what'd I say?	23:56
*** dmorita has joined #openstack-swift		23:56
clayg	yeah I think the line you linked predates common.wsgi.make_subrequest - if that code was being written today i'd be more obvious to use that and let the ACL's work as expected	23:57
tdasilva	yes, got it!	23:58
clayg	I mean the comment that retuns client_error even says "or bad permissions"	23:58
tdasilva	true true	23:58
clayg	i'm not saying that means we have a more obvious path forward	23:58
tdasilva	well...i think we have determined that either way it sounds like we need to change some behavior	23:59
clayg	unless by some mircale the ability to write to the x-version-location is a regression - then we can totally just say we're fixing a regression in the name of security!	23:59
clayg	tdasilva: yeah current behavior is the worst	23:59
*** zul has quit IRC		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!