| *** baojg has quit IRC | 00:57 | |
| *** baojg has joined #openstack-swift | 00:58 | |
| *** baojg has quit IRC | 01:29 | |
| *** baojg has joined #openstack-swift | 01:29 | |
| mattoliverau | oh nice timburke, doodled my time | 01:59 |
|---|---|---|
| *** rcernin has quit IRC | 02:40 | |
| *** gyee has quit IRC | 03:13 | |
| *** rcernin has joined #openstack-swift | 03:14 | |
| *** rcernin has quit IRC | 03:19 | |
| *** rcernin has joined #openstack-swift | 03:19 | |
| *** baojg has quit IRC | 03:34 | |
| *** baojg has joined #openstack-swift | 03:35 | |
| zaitcev | ok doodled | 04:04 |
| *** evrardjp has quit IRC | 04:33 | |
| *** evrardjp has joined #openstack-swift | 04:33 | |
| *** m75abrams has joined #openstack-swift | 05:23 | |
| *** djhankb has quit IRC | 05:49 | |
| *** djhankb has joined #openstack-swift | 05:50 | |
| *** renich has quit IRC | 06:16 | |
| *** dsariel has joined #openstack-swift | 07:11 | |
| *** baojg has quit IRC | 07:14 | |
| *** baojg has joined #openstack-swift | 07:15 | |
| *** rcernin has quit IRC | 07:36 | |
| *** rcernin has joined #openstack-swift | 07:59 | |
| *** djhankb has quit IRC | 08:01 | |
| *** rcernin has quit IRC | 08:02 | |
| *** djhankb has joined #openstack-swift | 08:02 | |
| *** adriant has quit IRC | 08:03 | |
| *** adriant has joined #openstack-swift | 08:03 | |
| *** viks____ has joined #openstack-swift | 09:02 | |
| *** tkajinam has quit IRC | 09:54 | |
| *** tkajinam has joined #openstack-swift | 09:55 | |
| *** baojg has quit IRC | 10:07 | |
| *** baojg has joined #openstack-swift | 10:08 | |
| *** mgagne has quit IRC | 10:39 | |
| *** tonyb has quit IRC | 11:05 | |
| *** tonyb has joined #openstack-swift | 11:31 | |
| *** dsariel has quit IRC | 12:46 | |
| *** dsariel has joined #openstack-swift | 12:47 | |
| *** baojg has quit IRC | 13:07 | |
| *** baojg has joined #openstack-swift | 13:08 | |
| *** baojg has quit IRC | 13:30 | |
| *** baojg has joined #openstack-swift | 13:31 | |
| *** baojg has quit IRC | 15:06 | |
| *** baojg has joined #openstack-swift | 15:06 | |
| *** m75abrams has quit IRC | 15:11 | |
| *** baojg has quit IRC | 15:39 | |
| *** baojg has joined #openstack-swift | 15:40 | |
| *** baojg has quit IRC | 16:13 | |
| *** baojg has joined #openstack-swift | 16:31 | |
| *** gyee has joined #openstack-swift | 16:38 | |
| *** baojg has quit IRC | 16:51 | |
| *** manuvakery has joined #openstack-swift | 16:51 | |
| *** baojg has joined #openstack-swift | 17:40 | |
| *** tonyb has quit IRC | 17:44 | |
| *** adriant has quit IRC | 17:44 | |
| *** djhankb has quit IRC | 17:44 | |
| *** TViernion has quit IRC | 17:44 | |
| *** aluria has quit IRC | 17:44 | |
| *** DHE has quit IRC | 17:44 | |
| *** tonyb has joined #openstack-swift | 17:46 | |
| *** adriant has joined #openstack-swift | 17:46 | |
| *** djhankb has joined #openstack-swift | 17:46 | |
| *** TViernion has joined #openstack-swift | 17:46 | |
| *** aluria has joined #openstack-swift | 17:46 | |
| *** DHE has joined #openstack-swift | 17:46 | |
| *** djhankb has quit IRC | 17:46 | |
| *** djhankb has joined #openstack-swift | 17:47 | |
| *** josephillips has quit IRC | 17:47 | |
| *** noonedeadpunk has quit IRC | 17:48 | |
| *** josephillips has joined #openstack-swift | 17:50 | |
| *** noonedeadpunk has joined #openstack-swift | 17:51 | |
| *** baojg has quit IRC | 17:53 | |
| *** baojg has joined #openstack-swift | 17:54 | |
| openstackgerrit | Tim Burke proposed openstack/swift master: proxy: Include thread_locals when spawning _fragment_GET_request https://review.opendev.org/749376 | 18:18 |
| *** baojg has quit IRC | 18:22 | |
| *** baojg has joined #openstack-swift | 18:23 | |
| *** baojg has quit IRC | 19:20 | |
| *** openstackgerrit has quit IRC | 19:21 | |
| *** viks____ has quit IRC | 19:28 | |
| *** manuvakery has quit IRC | 19:40 | |
| *** openstackgerrit has joined #openstack-swift | 19:44 | |
| openstackgerrit | Tim Burke proposed openstack/swift master: wip: s3api: Make quota-exceeded errors more obvious https://review.opendev.org/749382 | 19:44 |
| *** renich has joined #openstack-swift | 19:52 | |
| renich | good day, everyone! :D | 20:00 |
| timburke | renich, o/ how's the TLS connection going? | 20:12 |
| renich | timburke: well, trying, now, to implement wsgi for swift. It never worked. Some issue with SSL of some kind. | 20:25 |
| renich | I'm using wildcard LetsEncrypt certs and they work with keystone + wsgi + apache | 20:26 |
| renich | for some reason, they don't work with swift-proxy (ussuri) | 20:26 |
| timburke | :-/ and this is just using cert_file/key_file in proxy-server.conf? fwiw, i typically use an external terminator like haproxy or hitch | 20:29 |
| renich | timburke: yeah, I was considering that. I followed the Ubuntu guide, though, and configured stuff without having much of an idea of what I was doing, quite honestly. | 20:30 |
| renich | I'm just starting to learn how stuff works, hehe. | 20:30 |
| * renich prefers nginx and haproxy over apache | 20:30 | |
| renich | s/and/or/ | 20:30 |
| renich | timburke: yes, I was using only cert_file/key_file. My theory is that it might get funky because I am using keystone... who knows. | 20:31 |
| renich | I got keystone, as I said, to work with SSL without too much hassle. I had to re-configure the endpoints and change the openrc file for admin, though. | 20:31 |
| renich | Still, it worked fine. No idea of why swift-proxy refuses to work. I am sure it has the same cert; it has read permissions and all. | 20:32 |
| renich | And the logs, even in DEBUG, don't show anything. | 20:32 |
| renich | I'm following this guide, somewhat, for the proxy: https://docs.openstack.org/swift/ussuri/apache_deployment_guide.html. | 20:34 |
| renich | I've made some progress, just stuck on some odd behavior. I'm getting timeouts now. https://paste.centos.org/view/3e0f25f9 | 20:34 |
| renich | ^^ The logs. | 20:35 |
| timburke | oh! ok -- if you've got Apache handling client traffic, that's where you'll want to configure SSL -- you should be able to leave cert_file/key_file blank in proxy-server.conf those are mainly for simple development/testing | 20:41 |
| timburke | so i think in the <VirtualHost *:8080> config you'll want `SSLEngine on`, `SSLCertificateFile ...`, etc. | 20:43 |
| *** baojg has joined #openstack-swift | 21:44 | |
| renich | timburke: yep, that's what I have right now. https://paste.centos.org/view/ef037dfa | 21:48 |
| timburke | renich, at that point, you shouldn't need to do anything with your proxy-server.conf -- cert_file and key_file are only for running with the integral web front-end | 21:50 |
| renich | timburke: so, leave proxy-server.conf untouched? | 21:51 |
| renich | I had some certfile setting in the s3token section. | 21:54 |
| renich | I'm removing that. | 21:55 |
| timburke | yeah, see how that goes. still connect to https://...:8080, apache should be listening, unwrap the tls connection, and forward everything else on to swift | 21:55 |
| timburke | the s3token option may still be needed -- depends on whether you installed the CA cert system-wide or not | 21:57 |
| renich | I am using letsencrypt certificates | 21:59 |
| renich | no CA on my side. Should be part of the system-wide CA, right? | 21:59 |
| openstackgerrit | Tim Burke proposed openstack/swift master: proxy: Put storage policy index in object-server responses https://review.opendev.org/749400 | 21:59 |
| openstackgerrit | Tim Burke proposed openstack/swift master: s3api: Ensure backend headers make it through s3api https://review.opendev.org/749401 | 21:59 |
| timburke | good point -- yeah, i wouldn't worry about it then | 22:00 |
| renich | What I don't really get it's lines 12 and onwards: https://paste.centos.org/view/3e0f25f9 | 22:01 |
| renich | To get to line 12, I need to wait a long time before it times out. Probably like 2 or 3 minutes. | 22:02 |
| renich | Then, the rest of the messages pop out. | 22:03 |
| timburke | the thing that makes me suspicious is line 18 -- it seems like somebody's not holding up their end of the SSL conversation (before we even get to http and wsgi) | 22:06 |
| renich | OK, let me check endpoints and ssl configs everywhere. | 22:06 |
| timburke | i mean, i may well be barking up the wrong tree -- i don't deploy apache, so it's mostly guesswork from me | 22:08 |
| renich | Bingo! I think I found the culprit! | 22:15 |
| renich | [Tue Sep 01 22:15:39.769594 2020] [wsgi:alert] [pid 433347:tid 140444798610496] (2)No such file or directory: mod_wsgi (pid=433347): Unable to change working directory to home directory '/var/lib/swift' for uid=118. | 22:15 |
| renich | the wsgi user cannot use /var/lib/swift for some reason. I dunno if that even exists. | 22:16 |
| renich | hah! it works! | 22:16 |
| timburke | oh! interesting... | 22:16 |
| timburke | \o/ | 22:16 |
| renich | yeah! Man, you've saved my life like many times. I owe you! | 22:17 |
| timburke | this one was all you, i think ;-) | 22:17 |
| renich | Well, you always help me bounce off ideas and stuff. I appreciate your support and thank you sincerely. | 22:18 |
| renich | These things are hard... | 22:18 |
| timburke | if there's anything that could make those apache-deployment docs better, please do propose improvements! idk the last time anyone ran through them :-( | 22:18 |
| renich | Sure thing. I think they do need a bit of love since the official howto sets up apache for keystone at least. | 22:19 |
| renich | I need to re-group and figure out all I did, so I can have a clearer procedure in my head before I do. | 22:19 |
| renich | Where should I go to propose the doc changes? | 22:20 |
| renich | gitea? | 22:20 |
| timburke | we review code through gerrit; there's a quickstart guide at https://docs.openstack.org/contributors/code-and-documentation/quick-start.html | 22:23 |
| renich | right on, will check it. Thanks! | 22:24 |
| timburke | if that proves a heavy lift (it's not exactly an insignificant amount of work to get set up :-/ ), you can also submit a bug report -- there's a bug link in the upper/lower-right corners of each page of the docs | 22:31 |
| renich | nah, I started my affiliation already. | 22:35 |
| renich | I'll go through it. It's the least I can do in order to be able to contribute some to the project. | 22:35 |
| renich | will wait for the affiliation confirmation. I'll continue reading about the process. | 22:36 |
| renich | One question, does Gerrit support ed25519 ssh keys? | 22:42 |
| renich | ah... it doesn't | 22:43 |
| *** rcernin has joined #openstack-swift | 23:01 | |
| *** renich has quit IRC | 23:07 | |
| *** renich has joined #openstack-swift | 23:24 | |
| renich | OK, managed to build my own docs; cloned from review.opendev.org. OK, So, now, just to learn the procedure of submitting. | 23:24 |
| * renich already installed git-review | 23:24 | |
| *** djhankb has quit IRC | 23:27 | |
| *** djhankb has joined #openstack-swift | 23:27 | |
| *** baojg has quit IRC | 23:30 | |
| *** baojg has joined #openstack-swift | 23:30 | |
| openstackgerrit | Tim Burke proposed openstack/swift master: s3api: Make quota-exceeded errors more obvious https://review.opendev.org/749382 | 23:41 |
| timburke | nice! if you've gotten that far, it shouldn't be too far off now :-) should just be a matter of committing and running `git review` | 23:42 |
| renich | Right on. I, still, need to create my commits with meaningful messages and stuff. I've done several changes to the apache deployment guide :S | 23:48 |
| renich | And, I can infer some of the editing guidelines, but I'd like to read the docs about them... | 23:48 |
| mattoliverau | morning | 23:50 |
| renich | It might be a good idea to add an .editorconfig at doc/: https://editorconfig.org/ | 23:52 |
| renich | And some editors seem to support the max line length feature: https://github.com/editorconfig/editorconfig/wiki/EditorConfig-Properties#supported-by-a-limited-number-of-editors | 23:55 |
| renich | ... vim does ;D | 23:55 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!