Wednesday, 2015-06-17

« Tuesday, 2015-06-16 Index Thursday, 2015-06-18 »
honotmyname: i think we need to find out a way to use oslo libraries00:00
notmynameI'm not opposed to using oslo libraries. it's a question of what problem they are solving for us vs the added complexity they bring00:01
*** haomai___ has joined #openstack-swift00:02
notmynameeg adding policy.json support is nice, but that (currently) seems to mean that we add new dependencies to swift and a whole new config system that isn't compatible with what deployers have been using for 5+ years00:02
*** yuanz has quit IRC00:03
*** haomaiwa_ has quit IRC00:03
honotmyname: my idea is hybrid (only middleware which uses olso libs initialize oslo config). not swift to oslo config deployment. I also don't want to change current deployment method (paste ini).00:04
notmynameyeah, that sounds a lot better than "everythign switch to a new config system" :-)00:04
notmynamebut doesn't that mean we'd end up with one config for keystone middleware and another config for everything else? that doesn't sound very nice00:05
notmynameho: how come it's not possible to put the necessary new config variables into the existing config section we have today?00:07
honotmyname: my idea is swift uses only proxy-server.conf but swift can get info from oslo config style and current style.00:07
*** petertr7 is now known as petertr7_away00:08
*** proteusguy has quit IRC00:08
honotmyname: it's difficult because you know oslo config is a global variable and some oslo libraries access it so it's difficult to control.00:09
notmynameisnt' that just a bad idea in general? having a global variable that multiple threads read and write to?00:10
notmynamebut what do you mean by "difficult to control"?00:11
honotmyname: i think so. we can't handle multi instances. "difficult to control" is oslo libraries use global conf internally so if I introduces oslo conf as a local conf, I also need to bring the local conf to other libraries.00:13
notmynameho: so eg in the current patch, when you create a new Enforcer(), you pass in the global CONF variable. why not pass in the config values that we already have and can derive from our existing config parser?00:13
honotmyname: you checked my code :-) I will re-produce it but I have some trouble with only passed CONF to Enforcer. I'm not sure now.00:14
notmynameoh, don't take my questions to mean that I understand either ;-)00:15
honotmyname: sorry, wait a minute.00:15
*** jrichli has quit IRC00:15
*** yuan has joined #openstack-swift00:18
*** nadeem has quit IRC00:19
honotmyname: CONF has some attributes such as project so I need to hack the CONF to pass it and I mentioned that oslo pli00:19
*** jrichli has joined #openstack-swift00:20
honotmyname: and oslo policy or some oslo dependencies use oslo config.00:20
*** proteusguy has joined #openstack-swift00:20
*** pgbridge has quit IRC00:20
honotmyname: minimum approach only for my problem is just initialize oslo config but not use it.00:21
notmynameso CONF is more than just a mapping of config options. it has some magic state and methods that do things outside of what we need it for. and the policy class constructors (eg Enforcer) require a CONF object to be passed in. therefore we need to have a CONF object to give it00:24
*** dmorita has quit IRC00:24
notmynames/CONF/whatever cfg.CONF thing/00:24
notmynameis that basically right?00:24
*** dmorita has joined #openstack-swift00:24
honotmyname: thanks for the summarization. it's right :-)00:25
notmynameho: based on your patch as-is right now, there are zero new config files needed by deployers, right? (except for the new policy.json -- I'm thinking just of an operator who has upgraded and hasn't started using it)00:27
honotmyname: right! zeo new config files.00:28
*** Guest73 has joined #openstack-swift00:28
hos/zeo/zero/00:28
*** Guest73 has quit IRC00:31
*** haomai___ has quit IRC00:34
*** richmit has joined #openstack-swift00:36
*** richmit has quit IRC00:37
notmynameho: what is the new _shared_state dictionary for? where is that used?00:40
notmynameoh wait. that's making one data structure that all instances have access to?00:41
*** chlong has joined #openstack-swift00:41
*** jasondotstar has quit IRC00:42
notmynamewhy?00:42
honotmyname: yes, oslo policy exectes some method such as authorize_cross_tenant, check_role_by_acls. the purpose is to share the instance attributes b/w AclCheck and KeystoneAUth00:44
honotmyname: many typo... s/exectes/executes/ s/KeystoneAUth/KeystoneAuth/00:46
notmynamewhat's ACLCheck?00:47
*** jrichli has left #openstack-swift00:48
honotnyname: AclCheck is a class which deal with swift's container acl checking (I will introduce new rule which starts with "acl:". see  L122 in keystoneauth.py )00:50
*** kota_ has joined #openstack-swift00:50
*** ChanServ sets mode: +v kota_00:50
kota_morning00:51
swifterdarrellkota_: g'morning!00:52
*** jrichli has joined #openstack-swift00:52
swifterdarrellkota_: you may be interested in https://review.openstack.org/#/c/191970/1  :) :)00:53
notmynametorgomatic: I can't find anything in gerrit for you for oslo.config. was your patch to allow passing in a dict to CONF or loading paste.ini stuff or ...?00:53
kota_swifterdarrell: good morning!00:53
swifterdarrellkota_: that was a great catch, btw, in your review!00:53
kota_swifterdarrell: thanks! and 191970 is interesting to me.00:54
*** zhill has joined #openstack-swift00:54
kota_awsome *quick* work for that :)00:54
kota_I'm willing to take a time to review it during today ;)00:55
swifterdarrellkota_: thanks!00:56
notmynameho: thank you for talking it over and helping me understand. I want to spend some more time thinking on it00:56
notmynameunfortunately, i've got to go now00:56
notmynametalk to you tomorrow00:56
hothanks! I'm really happy to share my concern for this :-)00:56
kota_swifterdarrell: Thanks for poking me to look at the nice patch and your patch 184189 is really interesting me too :)00:56
patchbotkota_: https://review.openstack.org/#/c/184189/00:56
honotmyaname: have a nice evening!00:57
hokota_: morning!01:07
kota_ho: morning :)01:08
mattoliveraukota_: morning01:12
kota_mattoliverau: :)01:13
*** zhill has quit IRC01:34
*** gyee is now known as operator9901:49
*** ahonda has quit IRC01:52
*** zhill has joined #openstack-swift01:55
*** zhill has quit IRC02:00
*** zhill has joined #openstack-swift02:01
*** ktsuyuzaki has joined #openstack-swift02:01
*** kota_ has quit IRC02:03
*** zhill has quit IRC02:05
*** jasondotstar has joined #openstack-swift02:09
*** jasondotstar has quit IRC02:09
*** jasondotstar has joined #openstack-swift02:10
*** zhill has joined #openstack-swift02:11
*** kota_ has joined #openstack-swift02:14
*** ChanServ sets mode: +v kota_02:14
*** ktsuyuzaki has quit IRC02:16
openstackgerritTim Burke proposed openstack/python-swiftclient: Add bulkdelete command  https://review.openstack.org/19088702:16
*** ktsuyuzaki has joined #openstack-swift02:17
*** kota_ has quit IRC02:19
*** kota_ has joined #openstack-swift02:19
*** ChanServ sets mode: +v kota_02:19
*** ktsuyuzaki has quit IRC02:21
*** ktsuyuzaki has joined #openstack-swift02:22
*** kota_ has quit IRC02:23
*** jasondotstar has quit IRC02:24
*** kota_ has joined #openstack-swift02:24
*** ChanServ sets mode: +v kota_02:24
*** zhill has quit IRC02:24
*** ktsuyuzaki has quit IRC02:26
*** jrichli has quit IRC02:31
*** kota_ has quit IRC02:32
*** haomaiwang has joined #openstack-swift02:38
*** thurloat is now known as thurloat_isgone02:49
*** mfalatic has quit IRC02:52
*** marzif has joined #openstack-swift03:09
*** tellesnobrega has quit IRC03:22
jith_hi all, i have installed swift (SAIO) in one VM.. i have to connect this with another devstack machine.. how to connect the standalone swift with another devstack machine.. should i create swift endpoint using swift vm's ip??03:23
*** zaitcev has quit IRC03:26
*** kota_ has joined #openstack-swift03:57
*** ChanServ sets mode: +v kota_03:57
*** km_ has joined #openstack-swift04:02
*** km has quit IRC04:02
*** ho_ has joined #openstack-swift04:04
*** ho has quit IRC04:05
*** kota_ has quit IRC04:05
*** marzif has quit IRC04:13
*** ppai has joined #openstack-swift04:32
*** ho_ has quit IRC04:58
*** km_ has quit IRC05:00
*** ho has joined #openstack-swift05:01
*** SkyRocknRoll has joined #openstack-swift05:01
*** km has joined #openstack-swift05:02
*** ho has quit IRC05:02
*** ho has joined #openstack-swift05:07
*** fifieldt has joined #openstack-swift05:10
hojith_: I don't understand what do you want to use the devstack. devstack as a client or one of a storage node???05:11
*** haomaiwang has quit IRC05:14
*** Kennan has quit IRC05:14
hojith_: if you use the devstack as a client, you need to register an endpoint (the ip address, port of saio) in keystone.05:14
jith_ho: thanks for the response... i want to configure devstack setup with swift.. but swift is in a seperate Virual machine.. currently my devstack is running without swift in 192.168.52.11 and my swift (SAIO setup) is running in another VM (192.168.52.66). how i will bind the devstack machine to listen the swift machine05:15
jith_i understand something i have to do with endpoint and proxy-server.conf05:16
jith_ho: thanks a lot... should i configure anything in swift?05:17
jith_for eg http://thornelabs.net/2014/07/16/authenticate-openstack-swift-against-keystone-instead-of-tempauth.html in this they have edited something in proxy-server.conf05:18
*** Kennan has joined #openstack-swift05:20
hojith_: usually authtoken and keytoneauth in the pipeline in proxy-server.conf when you use keystone.05:23
hojith_: sorry. I will re-write. wait a minute.05:24
hojith_: when you use keystone as an authentication server authtoken and keystoneauth middleware should be configured in the pipeline (in proxy-server.conf)05:25
jith_ho:sure thanks :)05:25
jith_also i have used stack user in the place of <your-user-name> in saio.. so should i create stack user instead of swift in keystone, or is it enough if i mention  in proxy-server.conf  in default section as user:stack.. i m sorry if i am wrong.. i m a beginner05:29
hojith_: the user needs to have a role which is admin or SwiftOperator (you defined them in proxy-server.conf as operator_roles). So you need to put the role to the user in keystone.05:32
hojith_: http://docs.openstack.org/kilo/install-guide/install/apt/content/swift-install-controller-node.html05:34
jith_thanks ho: i am bit confused in /etc/swift/proxy-server.conf  DEFAULT section.. what user i have to mention? Swift processes run under a separate user and group. the default user is swift.  in my case it is running as jith user and jith group. but in keystone i have created the swift user.05:39
jith_so will it do any mismatch or i should create a jith user for swift in keystone?05:41
hojith_: user in default section is for executing the proxy-server process not related to keystone.05:51
ho:q05:51
jith_ho: thanks.. i think we have to give keystone user name in [filter:authtoken]05:52
hojith_: yes. in authtoken section you use an user to access keystone and in keystoneauth section you speficy roles for an user to access swift05:54
jith_ho: thanks.. i understand :)05:55
*** proteusguy has quit IRC05:55
hojith_: you are welcome :-)05:56
*** haomaiwa_ has joined #openstack-swift05:59
*** proteusguy has joined #openstack-swift05:59
jith_ho: u r really guiding good.. :)06:01
*** silor has joined #openstack-swift06:16
*** silor1 has joined #openstack-swift06:19
*** silor has quit IRC06:22
*** ianbrown has quit IRC06:39
*** kota_ has joined #openstack-swift06:39
*** ChanServ sets mode: +v kota_06:39
*** ronenkat has joined #openstack-swift06:41
*** mmcardle has joined #openstack-swift06:57
openstackgerritPradeep Kumar Singh proposed openstack/python-swiftclient: SwiftClient object upload beginning with / or "./"  https://review.openstack.org/18526906:58
*** SkyRocknRoll has quit IRC06:59
jith_ho: what is workers field in proxy-server.conf?07:07
*** SkyRocknRoll has joined #openstack-swift07:18
*** SkyRocknRoll has quit IRC07:18
*** SkyRocknRoll has joined #openstack-swift07:18
*** CrackerJackMack has quit IRC07:22
*** CrackerJackMack has joined #openstack-swift07:33
*** jordanP has joined #openstack-swift07:46
*** acoles_away is now known as acoles07:48
*** geaaru has joined #openstack-swift07:51
*** joeljwright has joined #openstack-swift07:53
*** ChanServ sets mode: +v joeljwright07:53
openstackgerritHisashi Osanai proposed openstack/swift-specs: Oslo config support in Swift  https://review.openstack.org/19209407:57
*** a1|away has quit IRC07:58
*** AbyssOne has quit IRC07:58
hojith_: https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L2508:01
hojith_: there is an explanation for it.08:02
*** ronenkat_ has joined #openstack-swift08:08
*** ronenkat has quit IRC08:11
*** chlong has quit IRC08:18
openstackgerritKota Tsuyuzaki proposed openstack/swift: Use just IP on get_more_nodes, too  https://review.openstack.org/19254808:30
*** ronenkat__ has joined #openstack-swift08:30
*** ronenkat_ has quit IRC08:34
*** km has quit IRC08:38
jith_ho: thanks08:56
jith_ho: for configuring SAIO in devstack... should i modify anything in local.conf?09:02
*** kei_yama has quit IRC09:02
jith_because usually in devstack we use SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f509:03
jith_SWIFT_REPLICAS=309:03
jith_SWIFT_DATA_DIR=/mnt/data/swift09:03
hojith_: I think SAIO and swift in devstack are different :) It looks more changes than my env. I don't think you should change more. detailed: https://github.com/openstack-dev/devstack/blob/master/lib/swift09:25
openstackgerritHisashi Osanai proposed openstack/swift: WIP: Enable Role-based access control using oslo.policy in Swift  https://review.openstack.org/14993009:25
jith_ho: thanks ho.. so i cant configure it?09:27
hojith_: you build swift in devstack right? i think you can configure it. (from terminology point of view it's not called saio)09:34
hojith_: i will leave now. see you tomorrow!09:35
*** ho has quit IRC09:36
jith_ho: i just enabled swift services in devstack.. and created keystone endpoints for SAIO.. then trying to up devstack now09:36
jith_ho: ok sure.. :)09:36
openstackgerritOndrej Novy proposed openstack/swift: Time synchronization check in recon.  https://review.openstack.org/19256209:40
*** haomaiwa_ has quit IRC09:41
*** ianbrown has joined #openstack-swift10:07
*** ianbrown has quit IRC10:19
*** cebruns has quit IRC10:19
*** cebruns has joined #openstack-swift10:21
*** ianbrown has joined #openstack-swift10:26
*** haomaiwang has joined #openstack-swift10:28
*** kota_ has quit IRC10:34
*** jasondotstar has joined #openstack-swift10:41
*** dmorita has quit IRC10:46
*** aix has joined #openstack-swift10:49
*** silor1 has quit IRC11:03
*** jasondotstar has quit IRC11:06
*** thurloat_isgone is now known as thurloat11:14
*** ianbrown has quit IRC11:22
*** tellesnobrega has joined #openstack-swift11:33
*** tellesnobrega has quit IRC11:40
*** tellesnobrega has joined #openstack-swift11:43
*** mmcardle has quit IRC11:45
*** ppai has quit IRC12:02
*** ppai has joined #openstack-swift12:16
*** ppai has quit IRC12:23
*** ppai has joined #openstack-swift12:35
*** NM has joined #openstack-swift12:40
*** geaaru has quit IRC12:41
*** geaaru has joined #openstack-swift12:42
*** mmcardle has joined #openstack-swift12:42
*** amoturi has joined #openstack-swift12:50
*** petertr7_away is now known as petertr712:53
*** ppai has quit IRC13:10
*** vinsh has joined #openstack-swift13:11
*** jamielennox is now known as jamielennox|away13:13
*** jamielennox|away is now known as jamielennox13:21
*** SkyRocknRoll has quit IRC13:30
*** NM1 has joined #openstack-swift13:30
*** NM has quit IRC13:33
*** jamielennox is now known as jamielennox|away13:33
*** lastops has joined #openstack-swift13:37
*** jamielennox|away is now known as jamielennox13:42
*** pgbridge has joined #openstack-swift13:43
*** acampbell has joined #openstack-swift13:45
*** wbhuber has joined #openstack-swift13:58
*** kbee has joined #openstack-swift14:00
*** pgbridge has quit IRC14:04
*** blmartin has joined #openstack-swift14:12
*** kbee has quit IRC14:20
*** kbee has joined #openstack-swift14:21
*** jrichli has joined #openstack-swift14:26
*** kbee has quit IRC14:27
*** ronenkat__ has quit IRC14:34
*** acampbel11 has joined #openstack-swift14:34
*** acampbel11 has quit IRC14:38
*** acampbell has quit IRC14:38
*** acampbel11 has joined #openstack-swift14:38
*** jrichli has quit IRC14:41
*** jrichli has joined #openstack-swift14:47
*** cdelatte has joined #openstack-swift14:47
*** minwoob has joined #openstack-swift14:49
*** jrichli has quit IRC14:49
*** NM1 has quit IRC14:50
*** jrichli has joined #openstack-swift14:50
*** pgbridge has joined #openstack-swift14:51
*** blmartin_ has joined #openstack-swift14:52
*** silor has joined #openstack-swift14:52
*** wbhuber has quit IRC14:53
*** jrichli has quit IRC14:54
*** blmartin has quit IRC14:55
*** jrichli has joined #openstack-swift14:56
*** wbhuber has joined #openstack-swift14:59
*** wbhuber_ has joined #openstack-swift14:59
*** zaitcev has joined #openstack-swift15:03
*** wbhuber has quit IRC15:03
*** ChanServ sets mode: +v zaitcev15:03
*** openstackgerrit has quit IRC15:05
*** openstackgerrit has joined #openstack-swift15:05
*** ajiang has left #openstack-swift15:23
*** jamielennox is now known as jamielennox|away15:38
notmynamegood morning15:41
*** janonymous_ has joined #openstack-swift15:42
*** jamielennox|away is now known as jamielennox15:47
*** petertr7 is now known as petertr7_away15:48
pgbridgegood morning15:49
*** lcurtis has joined #openstack-swift15:49
minwoobGood morning.15:49
charzgood morning15:50
*** jamielennox is now known as jamielennox|away15:58
*** jordanP has quit IRC15:59
janonymous_good morning16:05
*** jamielennox|away is now known as jamielennox16:06
*** kbee has joined #openstack-swift16:06
*** jlhinson has joined #openstack-swift16:07
*** nadeem has joined #openstack-swift16:08
*** nadeem has quit IRC16:08
minwoobDoes anyone know a good way to verify whether a fragment that needs to be reconstructed is already located on one of a list of nodes?16:09
minwoobRather, from a list of responses containing fragments from those nodes.16:10
*** ajiang has joined #openstack-swift16:13
minwoobFor clarification, I have hit a blocker in: https://bugs.launchpad.net/swift/+bug/145255316:13
openstackLaunchpad bug 1452553 in OpenStack Object Storage (swift) "don't rebuild existing fragments" [Undecided,New] - Assigned to Minwoo Bae (minwoob)16:13
notmynameI get so many emails about "would like to know more about Enterprise Mobility? We can help!"16:14
notmynameI don't even know what enterprise mobility means16:14
notmynamemuch less why it's capitalized16:14
notmynameor why I need help with it16:15
notmynameat least it makes for an easy email filter16:15
pgbridgethat could mean a lot of different things. mobility of what exactly?16:19
notmynameenterprise, obviously!16:21
notmynamemaybe something like detaching the saucer section? http://vignette3.wikia.nocookie.net/memoryalpha/images/1/1b/USS_Enterprise-D_saucer_separation.jpg/revision/latest?cb=20120205044747&path-prefix=en16:22
*** amoturi has quit IRC16:22
pgbridgelol maybe16:22
pgbridgethat's definitely something i could see needing help with16:22
*** janonymous__ has joined #openstack-swift16:24
*** janonymous_ has quit IRC16:26
minwoobclayg: If you could revisit the bug mentioned in my inquiry about ~20 min ago and let me know, that would be helpful. Thanks.16:27
*** kbee has quit IRC16:30
*** kbee has joined #openstack-swift16:30
*** openstackgerrit has quit IRC16:33
*** openstackgerrit has joined #openstack-swift16:34
*** jamielennox is now known as jamielennox|away16:35
*** zhill has joined #openstack-swift16:38
*** fthiagogv has joined #openstack-swift16:38
*** acampbell111 has joined #openstack-swift16:43
*** gyee_ has joined #openstack-swift16:43
*** fifieldt_ has joined #openstack-swift16:44
*** acampbel11 has quit IRC16:45
*** fifieldt has quit IRC16:45
*** operator99 has quit IRC16:45
*** ryshah has joined #openstack-swift16:46
*** a| has joined #openstack-swift16:46
*** a| has quit IRC16:46
openstackgerritTim Burke proposed openstack/python-swiftclient: Add bulkdelete command  https://review.openstack.org/19088716:47
*** logan2 has joined #openstack-swift16:47
ryshahHi - Does Juno Swift have this vulnerability? www.tenable.com/security/tns-2015-0516:49
*** jamielennox|away is now known as jamielennox16:49
ryshahJuno installs 3.6 Sqlite3 and Sqlite3 3.8  fixes the vulnerability... The issue is when user input is not validated....16:50
*** gyee has joined #openstack-swift16:52
*** mfalatic has joined #openstack-swift16:54
*** mmcardle has quit IRC16:54
notmynameryshah: for the record, it would have been MUCH better had you asked this question by filing a bug on launchpad and marking it as a security bug. that way, if it is an issue, it would only be shared with the security bug teams and a patch could be developed16:57
notmynameas it is, I'm looking at the CVE now https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-341516:57
ryshahnotmyname: I can definitely do that if you recommend... I was not sure if the issue was raised by someone before17:02
notmynameno need at this point17:02
notmynameso looking at the various links there, it's really hard to tell if it impacts swift or not17:03
*** thurloat is now known as thurloat_isgone17:03
notmynameon the one hand, I'd say no because users don't ever directly talk to sqlite DBs in swift. user data is put into those DBs, but that is properly escaped17:03
*** haomaiw__ has joined #openstack-swift17:04
*** haomaiwang has quit IRC17:04
notmynameon the other, I don't know17:04
ryshahThat was my initial thought too.. However, looking at code it seemed to me that at some places swift use container/account names directly in queries17:05
notmynameseems that the overview talks about a CHECK clause, which swift doesn't use17:05
*** kbee has quit IRC17:05
ryshahnotmyname: Do you think this needs to be looked further by security team? In that caseI can file a launchpad bug17:06
*** NM has joined #openstack-swift17:06
*** mfalatic has quit IRC17:07
*** petertr7_away is now known as petertr717:10
*** ronenkat has joined #openstack-swift17:11
*** jamielennox is now known as jamielennox|away17:13
*** mfalatic has joined #openstack-swift17:19
notmynameryshah: no not at this point. the CVE specifically talks about the CHECK clause, so I think we're ok17:22
ryshahnotmyname: OK - thank you!17:25
*** ryshah_ has joined #openstack-swift17:26
*** thurloat_isgone is now known as thurloat17:26
*** ryshah has quit IRC17:29
*** acoles is now known as acoles_away17:34
*** breitz has joined #openstack-swift17:42
*** aix has quit IRC17:42
notmynamejrichli: acoles_away: so I went to the vault meetup last night17:45
notmynameit was interesting. it's a pretty cool system they have with some very nice features17:48
notmynamefor example, you can have dynamic secrets that expire17:48
notmynameso if you have an application talking to a postgres DB, the application can ask vault for the creds, vault will generate unique credentials that work only for a certain amount of time, give those back to the app, then the app talks to the DB like normal17:49
*** petertr7 is now known as petertr7_away17:49
notmynamefull audit logging and integration with various different systems and auth schemes17:49
notmynamehowever, definitely not "enterprise" (which isn't a bad thing) ;-)17:50
notmynameeg they dont' currently have any integration with HSMs17:50
notmynamealthough the guy admitted that they probably would be forced to do that at some point17:50
notmynamethe scale of thigns they were talking about were in line with what I've heard from HSMs, but certainly way below a load that swift could generate17:52
*** nadeem has joined #openstack-swift17:53
*** prometheanfire has joined #openstack-swift17:53
notmynameeg vault might be good at storing a few tens of thousands of secrets and serving them up from storage at 1000/sec.17:53
prometheanfireso, how is swift's federation support (between federated keystones)?17:54
prometheanfirenotmyname: hi17:54
notmynamehowever, that's not any different (magnitude wise) from barbican or HSMs. so we've got to work around that kind of thing anyway (and there are ideas on that too)17:54
notmynameprometheanfire: I'm not sure what that question means17:54
*** petertr7_away is now known as petertr717:55
swifterdarrellnotmyname: CHECK might have just been an example of where comparison operator parsing could cause trouble?  https://www.sqlite.org/src/info/02e3c88fbf6abdcf17:56
notmynameswifterdarrell: yeah, I'm not sure. it's not the easiest report to parse17:56
prometheanfireusing federated keystone, can one region on one keystone replicate to one region on another keystone?17:57
notmynameprometheanfire: all keystone is doing is associating a user identity with a storage endpoint (or multiple endpoints). any federation/regionality of keystone and swift is independent17:58
notmynameprometheanfire: right?17:58
prometheanfireright17:59
prometheanfireis that enough to replication between federated 'regions'?17:59
prometheanfiredeployments might be a better word17:59
notmynameisn't keystone federation orthogonal to swift deployments?18:00
prometheanfireI think so?18:00
prometheanfirenot sure18:00
prometheanfirewhich is why I ask :D18:00
notmynameif you have 2 keystone deployments that federate auth, they can point to "local" swift clusters or a common swift cluster18:00
claygminwoob: looks like bug #1452553 is assigned to you - is there a gerrit review associated with the bug?  or still just the attached patchfile?18:01
openstackbug 1452553 in OpenStack Object Storage (swift) "don't rebuild existing fragments" [Undecided,New] https://launchpad.net/bugs/1452553 - Assigned to Minwoo Bae (minwoob)18:01
notmynameif you have two different swift clusters, then the only way to "move" data between them is with container sync18:02
prometheanfireright18:02
notmynameprometheanfire: there isn't anything we've done in swift with keystone federation. I'm not sure if that matters or not.18:02
prometheanfireya, will likely have to test18:03
openstackgerritJiri Suchomel proposed openstack/swift: Let swift-object-info print information about files in given directory, if directory is provided instead of data file together with --recursive option.  https://review.openstack.org/18925818:05
*** geaaru has quit IRC18:11
*** amoturi has joined #openstack-swift18:14
notmynamereminder to all that there's a swift team meeting today at 2100UTC (http://time.unitarium.com/utc/21). agenda is at https://wiki.openstack.org/wiki/Meetings/Swift18:21
notmynameand I'd like to spend some time talking about https://review.openstack.org/#/c/192094/ (oslo.config)18:22
*** acampbell has joined #openstack-swift18:25
jrichlinotmyname: thank you for the info about Vault18:26
jrichliI will take a closer look18:27
minwoobclayg: So I see that the fix for it will need to reside in swift.obj.reconstructor.make_rebuilt_fragment_iter(), but I was wondering if there is a precedent for how to verify that the retrieved fragments do not contain the fragment needing to be reconstructed?18:28
*** vinsh has quit IRC18:29
*** acampbell111 has quit IRC18:29
claygminwoob: all the info should be in the headers - I think you might have to throw out responses even before you get down into make_rebuilt_fragment_iter18:29
claygwhat did I do in the patch that was associated with the bug?18:29
openstackgerritSamuel Merritt proposed openstack/swift: Use just IP, not port, when determining partition placement  https://review.openstack.org/19197018:32
*** acampbel11 has joined #openstack-swift18:32
peluseclayg, when you get a chance please take a peek at patch 19152118:35
patchbotpeluse: https://review.openstack.org/#/c/191521/18:35
*** acampbell has quit IRC18:36
minwoobclayg: I don't think it was caused by anything you did. I just wanted to consult you on the bug for some clarification since I saw that you had opened it up.18:38
minwoobclayg: Thank you.18:38
claygminwoob: yeah I opened it - and I also attached a .patch - did you see the .patch?  It may have been crap (peluse knows all about my crap patches) - but if you haven't seen it you should go track it down and give it a once over before you get to far down in the weeds18:39
peluseheh18:39
peluseminwoob, what patch are your working on (patch num or bug num)?  I have something I've started on GET error handling in conjuntion with some pyeclib updates coming soon - want to make sure there isn't too much overlap here18:40
minwoobclayg: Ah, thanks for pointing that out.18:41
minwoobpeluse: It's for this one:18:41
minwoobpeluse: https://bugs.launchpad.net/swift/+bug/145255318:41
openstackLaunchpad bug 1452553 in OpenStack Object Storage (swift) "don't rebuild existing fragments" [Undecided,New] - Assigned to Minwoo Bae (minwoob)18:41
peluseminwoob, OK there might be a small amount of integration but I don't think anything huge. If you see your scope expanding beyond what's in the bug please sync w/me (no pun intended)18:44
minwoobpeluse: Haha.18:44
minwoobpeluse: Okay, got it.18:44
claygpeluse: is that like a "psync"?18:46
peluseyeah, much better than prevert!18:47
claygso what do I have to do to fix the jerasure thing in liberasure now?18:48
claygError: Invalid arguments passed to liberasurecode_instance_create18:54
*** wbhuber_ has quit IRC18:55
charznotmyname: clayg https://bugs.launchpad.net/swift/+bug/146414218:56
openstackLaunchpad bug 1464142 in OpenStack Object Storage (swift) "object-reconstructor ssync_sender and ssync_receiver exception" [Undecided,New]18:56
notmynameand https://bugs.launchpad.net/swift/+bug/146613818:57
openstackLaunchpad bug 1466138 in OpenStack Object Storage (swift) "EC reconstructor (ssync_sender) got exceptions while send request to object-server and disk already umount" [Undecided,New]18:57
notmynameand https://bugs.launchpad.net/swift/+bug/145261918:57
openstackLaunchpad bug 1452619 in OpenStack Object Storage (swift) "object-reconstructor crash in ssync_sender" [Undecided,Confirmed]18:57
notmynamethose are the 3 EC bugs i know of right now18:57
claygI installed charz there's a few unrelated requests in there18:58
claygobject-reconstructor: 192.168.12.15:6003/d34/608 Exception Broken Pipe <- that's ssync saying the remote end closed it's connection on him unexpectedly (could be 409's int he replicate requests)18:59
charzclayg: k, make sense.19:00
claygobject-server: 192.168.12.13/d56/2028 Exception invalid literal for int() <- that's the object server saying that ssnc closed it's connection on him unexpectedly (could be... idk... could be interesting)19:00
claygbut you can see those are different device/parts - so they're not related requests19:00
claygand in both cases somehow you managed to pull the uninteresting side of the explosion :(19:00
peluseFYI the patch I pinged clayg on earlier had the same failure signature as https://bugs.launchpad.net/swift/+bug/145261919:04
openstackLaunchpad bug 1452619 in OpenStack Object Storage (swift) "object-reconstructor crash in ssync_sender" [Undecided,Confirmed]19:04
charzclayg: yeah, I think I need to grab more info or log to the bug. will try tmr.19:04
claygpeluse: the got disconnected?  yeah the 409's can definately cause that - I would have thought charz already had all the known patches/issues applied19:05
pelusethat would be patch 19152119:05
patchbotpeluse: https://review.openstack.org/#/c/191521/19:05
pelusebah, starting a meeting I have to pay attention to19:05
*** joeljwright has quit IRC19:06
*** NM has quit IRC19:08
charzclayg: peluse I applied the patch 191521 for all nodes today. And this bug (https://bugs.launchpad.net/swift/+bug/1464142) is reported two or three days ago.19:11
openstackLaunchpad bug 1464142 in OpenStack Object Storage (swift) "object-reconstructor ssync_sender and ssync_receiver exception" [Undecided,New]19:11
patchbotcharz: https://review.openstack.org/#/c/191521/19:11
*** fifieldt_ has quit IRC19:12
*** NM has joined #openstack-swift19:14
*** openstackgerrit has quit IRC19:16
*** openstackgerrit has joined #openstack-swift19:16
claygisn't ldconfig supposed to square my LD_LIBRARY_PATH for me already or something?19:19
*** prometheanfire has left #openstack-swift19:20
pelusecharz, so I'm not sure I follow you- have you seen issues *since* you applied 191521?19:23
peluseor you saw issues so then you applied the patch?19:23
claygpeluse: i don't think he applied your change - he applied the my version in the .patch - so he may just have been seeing all the issues you already fixed in 19152119:24
*** gyee has quit IRC19:25
pelusethings never work out that well though :)19:25
pelusewill be interested to hear though...19:26
*** nadeem has quit IRC19:29
*** fifieldt_ has joined #openstack-swift19:30
claygNONE OF THIS IS RIGHT19:30
pelusedo tell!19:30
*** nadeem has joined #openstack-swift19:30
claygpeluse: pyeclib sucks at installing itself - i really have no f'in idea what it thinks it's doing19:31
pelusewhich version are you using?19:32
claygisn't everyone running 1.0.7?19:32
pelusewell, wasn't sure if you were off-roading or not19:32
peluseI believe tsg said there were isntallation fixes coming in 1.0.819:32
claygwell that'd be great19:33
peluselet me see if I can get an ETA19:33
pelusenew pyeclib in the next few days....19:35
notmynamepeluse: are tsg and kevin the only ones with commit access to pyeclib?19:35
*** NM has quit IRC19:37
pelusenotmyname, no I don't think so - others have contributed including kota I believe19:38
pelusemaybe more...19:38
pelusealso tsg mentions that there are indeed installation fixes in 1.0.819:38
notmynamecontributors != commit access19:39
peluseoh yeah, no I think just keving and tsg19:39
*** silor has quit IRC19:51
*** nadeem has quit IRC19:55
*** joeljwright has joined #openstack-swift20:01
*** ChanServ sets mode: +v joeljwright20:01
*** lastops has quit IRC20:09
*** nadeem has joined #openstack-swift20:16
*** thurloat is now known as thurloat_isgone20:17
*** amoturi has quit IRC20:18
*** NM has joined #openstack-swift20:21
*** wbhuber has joined #openstack-swift20:24
*** acampbel11 has quit IRC20:28
*** wer_ has quit IRC20:30
*** wer_ has joined #openstack-swift20:35
*** jrichli has quit IRC20:40
*** torgomatic has quit IRC20:46
*** gyee has joined #openstack-swift20:46
notmynametdasilva: any reason you did a +1 instead of a +2 on https://review.openstack.org/#/c/191970/ ?20:49
*** torgomatic has joined #openstack-swift20:50
*** ChanServ sets mode: +v torgomatic20:50
*** ho has joined #openstack-swift20:50
tdasilvanotmyname: that part of the code is pretty new to me, so I did review it but i'd prefer someone with more experience on that code giving their full blessing20:50
notmynametdasilva: ok :-)20:50
tdasilvai'm still pretty careful with the whole +2 thing ;)20:51
zaitcevIt was a problem to me but I resolved it differently20:51
*** acoles_away is now known as acoles20:52
tdasilvazaitcev: now i'm curious ???20:52
zaitcevI figured that the right model is "the buck stops here". As a core, I have the full power and full responsibility. So if I'm not familiar with the area, I have to study it.20:52
zaitcevThen, +1 goes only if I have objections. If I feel that my competence is lacking, I abstain. Sometimes do a comment with +020:53
hogood morning!20:54
notmynamehello ho20:54
honotmyname: hello!20:55
zaitcevIn kernel it happened all the time, except not formalized. Sometimes the fallback is to prove to yourself that this patch does not damage known use cases, and if it works or not, oh well, it's still a +2 as safe. So kinda degrade along the other axis than +x.20:55
zaitcevDon't we have a meeting in 5 minutes? New time?20:55
notmynameyup20:55
tdasilvazaitcev: good insights, thx20:56
*** kota_ has joined #openstack-swift20:56
*** ChanServ sets mode: +v kota_20:56
kota_Good morning!20:57
notmynamehello kota_20:57
hokota_: morning!20:57
mattoliveraumorning20:57
notmynamehi mattoliverau20:58
joeljwrightmorning :)20:58
zaitcevtdasilva: you can/should still drop -1 on anything you don't like, even spelling fixes20:58
notmynameeverybody is either waking up or staying up :-)20:58
*** delattec has joined #openstack-swift20:59
*** delatte has joined #openstack-swift20:59
*** jrichli has joined #openstack-swift20:59
peluseor half asleep in the middle of the day20:59
notmynamemeeting time in #openstack-meeting20:59
kota_joeljwright: hi and congrats for swiftclient-core!20:59
notmynamelooks like we need to wait for them to wrap up in there21:00
joeljwrightthanks kota_21:00
zaitcevjoeljwright: yeah, thanks for coming onboard, I really dropped the ball on reading those client fixes recently.21:00
*** cdelatte has quit IRC21:00
joeljwrightzaitcev: well I shall be here reminding people now :)21:01
*** gyee has quit IRC21:03
*** barker has joined #openstack-swift21:03
*** petertr7 is now known as petertr7_away21:03
acolesnotmyname: thanks for all that info re vault21:03
*** proteusguy has quit IRC21:09
*** ryshah_ has quit IRC21:11
*** wer_ has quit IRC21:13
*** haomaiwang has joined #openstack-swift21:13
*** haomaiw__ has quit IRC21:15
claygpeluse: reviewed!21:17
*** haomaiw__ has joined #openstack-swift21:21
*** haomaiwang has quit IRC21:21
*** openstackgerrit has quit IRC21:24
*** openstackgerrit has joined #openstack-swift21:24
*** wer_ has joined #openstack-swift21:25
acolespeluse: clayg : bug me if there are ec recon related patches you'd like me to review. i'm a bit distracted but will *try*21:29
peluseclayg, thanks :)  I debated submitting w/o a test for the obj server change and decided to go ahead since I was running short on time.  damn it :)21:30
peluseI'll work on it21:31
claygpeluse: i'm +1, if you get another +2 ping me and I'll approve with a todo to fix the tests - i agree it's better to get it in21:31
peluseyeah, wasn't obvious to me how to tackle it quickly at the time...21:34
pelusebut I have some time tomorrow to work on it21:34
*** barker has quit IRC21:38
*** fthiagogv has quit IRC21:42
*** ianbrown has joined #openstack-swift21:53
*** NM has quit IRC21:55
notmynameugh22:01
joeljwrightwow, that was intense22:01
notmynametons going on :-)22:02
kota_agreed22:03
joeljwrightguess I'm going to have my work cut out getting people to review swiftclient patches22:03
notmyname:-)22:03
MooingLemurI still have some outstanding EC issues that I haven't taken time to dig into, but effectively objects that appear to have quorum aren't getting reconstructed, and there are no exceptions thrown.22:03
notmynameMooingLemur: have you filed a bug on it?22:03
notmynamewe need to collect all the info and then prune duplicates as we find them22:04
* mattoliverau is off to find some breakfast22:04
MooingLemurnot yet, I felt like I didn't really have enough information to offer yet other than it isn't working right. :P22:04
hozaitcev: i have a question about selinux on rhel. does it work only for /srv/node? i was asked the question here (our time).22:04
kota_is as well as matt22:04
acolesmattoliverau: yum sounds tempting22:04
*** kota_ has quit IRC22:05
MooingLemurbut I added a few debug lines to the revert code, and it appears to be deleting things as if they'd been reverted every time it encounters one of these reconstructions.22:05
notmynameMooingLemur: if you have some tracebacks, that's good to. a repeatable case is even better (eg run this, then do that, ta-da it breaks)22:05
*** wbhuber has quit IRC22:06
MooingLemurI really wish I could turn up the debug on reconstruction22:06
MooingLemurthere doesn't seem to be enough logging there.22:06
joeljwrightwanted to ask - currently seeing test errors on swiftclient patches22:06
hozaitcev: and i couldn't find the code for rhel7. rhel6: https://github.com/redhat-openstack/openstack-selinux/blob/el6/openstack-selinux-swift.fc22:06
MooingLemura successful reconstruction logs nothing that I can see, even with debug logging22:06
joeljwrightgate-temptest-dsvm-neutron-src-python-swiftclient is failing with tempest.exceptions.BuildErrorException22:07
joeljwrightDetails: {u'code': 500, u'message': u'No valid host was found. There are not enough hosts available.', u'created': u'2015-06-17T21:31:05Z'}22:07
joeljwrightany ideas?22:07
*** mfalatic has quit IRC22:07
*** mfalatic has joined #openstack-swift22:08
notmynamejoeljwright: no, but that sounds like it might be a test-infrastructure error. I don't know22:08
notmynamejoeljwright: it might help to ask in #openstack-qa22:08
*** blmartin_ has quit IRC22:08
joeljwrightkk, thanks22:08
zaitcevho: Sorry, I don't know a thing about SElinux. I'll have to ask around.22:10
*** delatte has quit IRC22:10
*** delattec has quit IRC22:10
*** delattec has joined #openstack-swift22:18
*** delatte has joined #openstack-swift22:18
*** harlowja has left #openstack-swift22:22
hozaitcev: thanks!22:25
*** acoles is now known as acoles_away22:25
*** acoles_away is now known as acoles22:26
*** acoles is now known as acoles_away22:28
*** pgbridge has quit IRC22:36
*** jlhinson has quit IRC22:37
*** jrichli has quit IRC22:37
*** lcurtis has quit IRC22:39
*** km has joined #openstack-swift22:44
*** jasondotstar has joined #openstack-swift22:45
*** minwoob has quit IRC22:50
*** joeljwright has quit IRC22:54
zaitcevGuys I have an ops question. Does anyone run a bunch of object-expirers on several proxies or other nodes?22:59
*** gyee has joined #openstack-swift23:01
*** doxavore has joined #openstack-swift23:04
notmynamezaitcev: yeah, I think we have one running on each object server23:05
zaitcevnotmyname: What, really? One per object server?!23:06
notmynameI think23:07
acorwinzaitcev: notmyname got his info from me, which is not necessarily 100% reliable, but it looks that way. swifterdarrell might be able to pop in with more authority.23:07
zaitcevnotmyname: The real question is, do they tend to convoy or not? All they do is rescanning a special account. Will they try to expire all the same things simultaneously?23:07
swifterdarrellzaitcev: there was some sharding stuff added upstream and we use that23:08
*** mfalatic has quit IRC23:08
notmynamezaitcev: isnt' that what the "process" config var is for? so you can have each working on a different modulo23:08
swifterdarrellzaitcev: # processes is how many parts to divide the work into,23:10
swifterdarrellzaitcev: # process is "zero based", if you want to use 3 processes, you should run processes with process set to 0, 1, and 223:10
zaitcevnotmyname, swifterdarrell: thanks for pointing that out, the code is rather simple to follow about it. if obj_process % self.processes != self.process:23:10
zaitcev(even without the comments)23:10
swifterdarrellzaitcev: so the answer to your original question was "yes"23:11
zaitcevhowever, I thought about recommending someone "oh just run 4 of them, one per proxy" so they don't need to do an extra failover operation23:11
zaitcevthey rolled out a HA module with Pacemaker23:11
zaitcevAnd I was "WTF guys, you never do that in Swift", but then thoght "maybe they know something"23:12
zaitcevbut in that case, you can't run this "process" thing or else 1/4th remains unexpired and proxy goes down23:12
swifterdarrellzaitcev: I mean, you just need one object-expirer proc with each "process" value.  Making that HA is a separate problem, right?23:13
zaitcevCan I just tell them do do interval = I0 + proxy_number * prime_number23:13
zaitcevthat'll deconvoy them hopefuly23:13
swifterdarrellzaitcev: kind of like making a 2nd object-expirer (no process stuff) failover for a main one is also separate problem from having main one run23:13
swifterdarrellzaitcev: AFAIK, swift is agnostic re HA for that kind of backend daemon23:14
zaitcevwell sure23:14
swifterdarrellzaitcev: or perhaps "indifferent" vs. agnostic23:14
redboI'm not super happy with expiring objects.  The server that has the current expiring objects container on just gets hammered.23:15
swifterdarrellzaitcev: you want to shard swift-object-expirer for performance; that just makes you have to HA more processes23:15
zaitcevswifterdarrell: indeed.23:15
swifterdarrellzaitcev: for an eventually-consistent store, it's not like you need really fine-grained failover for object expiry; the backed daemons do the right thing before the objects are actually reaped23:16
redboso we have this little ddos that switches servers every hour23:16
swifterdarrellredbo: interesting...23:17
mattoliverauredbo: I'm assuming the expiring objects container's list order isn't important, so there could be some simple sharding we can do there.  Maybe I'll have a play with that later :)23:19
redboI kind of wish expired objects were just dropped from container listings the way tombstones are, and then the actual .data files were cleaned up by the auditor or something.23:19
mattoliverauinteresting idea23:20
redboor something, I haven't actually tried to write it.  But quit relying on containers to house them.23:21
claygredbo: the object auditor could also write an aysnc pending for the delete's23:21
redboyeah but I'd like to get them out of container listings faster than audit scale time23:22
*** nadeem has quit IRC23:24
*** kei_yama has joined #openstack-swift23:30
notmynamecschwede: chmouel: do you know cyril roelandt? or what his IRC nick is?23:36
*** chlong has joined #openstack-swift23:37
*** wer_ has quit IRC23:43
« Tuesday, 2015-06-16 Index Thursday, 2015-06-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!