Thursday, 2015-02-12

« Wednesday, 2015-02-11 Index Friday, 2015-02-13 »
*** dimtruck is now known as zz_dimtruck00:01
*** zz_dimtruck is now known as dimtruck00:02
*** SheenaG1 has joined #openstack-barbican00:02
*** atiwari has joined #openstack-barbican00:04
*** atiwari has quit IRC00:06
*** dimtruck is now known as zz_dimtruck00:12
*** jkf has quit IRC00:44
openstackgerritMerged openstack/python-barbicanclient: Update documentation  https://review.openstack.org/15432700:48
*** atiwari has joined #openstack-barbican00:56
*** SheenaG1 has quit IRC00:56
*** bdpayne has quit IRC01:14
*** atiwari has quit IRC01:31
*** zz_dimtruck is now known as dimtruck01:37
*** atiwari has joined #openstack-barbican01:43
*** atiwari has quit IRC02:26
*** atiwari has joined #openstack-barbican02:26
*** atiwari has quit IRC02:27
*** woodster_ has quit IRC02:30
*** gyee has quit IRC02:52
*** gyee has joined #openstack-barbican02:57
*** david-lyle is now known as david-lyle_afk02:59
*** woodster_ has joined #openstack-barbican02:59
*** xaeth_afk is now known as xaeth03:27
*** xaeth is now known as xaeth_afk03:39
*** xaeth_afk is now known as xaeth03:46
*** gyee has quit IRC04:00
*** xaeth is now known as xaeth_afk04:52
*** woodster_ has quit IRC05:10
*** dimtruck is now known as zz_dimtruck05:22
*** xaeth_afk is now known as xaeth05:42
*** crc32 has joined #openstack-barbican06:15
*** xaeth is now known as xaeth_afk07:04
*** xaeth_afk is now known as xaeth07:14
*** rm_you| has quit IRC07:34
*** jaosorior has joined #openstack-barbican07:47
*** jaosorior has quit IRC07:49
*** jaosorior has joined #openstack-barbican07:49
*** rm_you has joined #openstack-barbican08:05
*** rm_you has joined #openstack-barbican08:05
*** openstackgerrit has quit IRC08:21
*** openstackgerrit has joined #openstack-barbican08:21
*** xaeth is now known as xaeth_afk08:34
*** chlong has quit IRC08:42
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Fix symmetric/asymmetric key order meta validation  https://review.openstack.org/15039609:10
*** woodster_ has joined #openstack-barbican13:00
*** alee_afk has quit IRC13:49
*** zz_dimtruck is now known as dimtruck13:52
*** rellerreller has joined #openstack-barbican13:58
*** dimtruck is now known as zz_dimtruck14:03
*** miqui_ has joined #openstack-barbican14:13
*** david-lyle_afk is now known as david-lyle14:25
*** ametts has joined #openstack-barbican14:42
*** alee has joined #openstack-barbican14:43
*** SheenaG1 has joined #openstack-barbican14:58
*** darrenmoffat has quit IRC15:03
*** paul_glass has joined #openstack-barbican15:04
*** darrenmoffat has joined #openstack-barbican15:04
*** xaeth_afk is now known as xaeth15:09
*** zz_dimtruck is now known as dimtruck15:24
openstackgerritSteve Heyman proposed openstack/barbican: Fix "invalid credentials" error running functional tests  https://review.openstack.org/15535515:29
*** crc32 has quit IRC15:45
*** xaeth is now known as xaeth_afk15:45
*** SheenaG1 has quit IRC15:55
openstackgerritMerged openstack/barbican-specs: Adding spec for Barbican MKEK Model.  https://review.openstack.org/14894815:55
*** nkinder has joined #openstack-barbican15:57
*** SheenaG1 has joined #openstack-barbican15:58
*** jaosorior has quit IRC16:01
*** dimtruck is now known as zz_dimtruck16:28
*** zz_dimtruck is now known as dimtruck16:32
*** gyee has joined #openstack-barbican16:54
*** bdpayne has joined #openstack-barbican16:57
*** tkelsey has joined #openstack-barbican17:08
*** atiwari has joined #openstack-barbican17:28
*** jkf has joined #openstack-barbican17:44
*** nkinder is now known as nkinder_sick17:46
rellerrellerping woodster_ redrobot17:47
SheenaG1rellerreller: woodster_ is stuck in a meeting with me until 1, I'll let him know you're looking for him though17:47
SheenaG1rellerreller: redrobot might be around17:48
rellerrellerSheenaG1 thanks17:48
rellerrellerIt's nothing urgent. Just wondering if the payload_content_type parameter can be removed from order POST call.17:49
*** dimtruck is now known as zz_dimtruck17:54
SheenaG1rellerreller: ah, okay - will make sure woodster_ catches up with you when we release him!17:56
*** zz_dimtruck is now known as dimtruck18:00
redrobothi rellerreller18:01
rellerrellerhey redrobot18:01
rellerrellerI have a question about the Orders API18:01
rellerrellerWhen you POST an Order to create a key there is a payload_content_type parameter that is passed as a part of the request.18:02
rellerrellerI feel like that parameter will no longer be needed with the content types spec code.18:02
rellerrellerI think we can remove that parameter because we are saying now that all keys will be returned in a specific format/encoding.18:03
redrobotrellerreller I think you're right...  payload_content_type was intended to differentiate the type of key material, I think maybe it should have been removed when we changed the format of the orders to have type+meta18:03
rellerrellerOK, I think we are on the same page then.18:04
rellerrellerI'll go ahead and remove it in my code that I will post for content types. If anyone sees a reason to keep it then we can discuss.18:05
rellerrellerIs that ok?18:05
redrobotrellerreller yep, I think so.  There should be enough information in the meta section to figure out what the content type should be.18:05
rellerrellerredrobot Excellent! I'll push forward with that.18:06
rellerrellerredrobot Thanks!18:06
*** tkelsey has quit IRC18:12
*** jkf has quit IRC18:24
*** paul_glass has quit IRC18:26
*** rellerreller has quit IRC18:27
*** dimtruck is now known as zz_dimtruck18:30
*** zz_dimtruck is now known as dimtruck18:35
*** paul_glass has joined #openstack-barbican18:55
openstackgerritMerged openstack/barbican: Fix "invalid credentials" error running functional tests  https://review.openstack.org/15535518:58
*** elmiko has joined #openstack-barbican19:17
*** paul_glass has quit IRC19:21
*** atiwari has quit IRC19:36
*** rellerreller has joined #openstack-barbican19:37
*** atiwari has joined #openstack-barbican19:39
*** alee is now known as alee_afk19:45
*** paul_glass has joined #openstack-barbican19:51
elmikohey folks, i'm working on putting together a spec for sahara/barbican integration and i'm curious if there are any examples about using keystone with barbican?20:00
elmikobasically i wasn't seeing anything about X-Auth-Token, or the like20:00
redrobotelmiko from a client point of view? http://docs.openstack.org/developer/python-barbicanclient/authentication.html20:04
elmikoyea20:04
elmikoredrobot: awesome, thanks!20:05
redrobotelmiko those are super simple examples... in a real implementation you'd probably want to read the Keystone username/pw from a config file using oslo config or something like that.20:06
*** briancurtin has quit IRC20:07
elmikoredrobot: yeah, we already have a method for gaining a keystone client. then we can just create the session and pass to barbican20:08
*** jraim has quit IRC20:09
*** jraim has joined #openstack-barbican20:15
*** dabukalam has joined #openstack-barbican20:16
*** briancurtin has joined #openstack-barbican20:17
*** jkf has joined #openstack-barbican20:17
*** gyee has quit IRC20:20
*** rellerreller has quit IRC20:37
rm_workelmiko: for Barbican integration you might be interested in Castellan20:37
rm_workelmiko: it'll also take care of the keystone stuff pretty automagically20:37
rm_workelmiko: that's how Neutron / Octavia / Nova / Cinder are planning to integrate with Barbican20:38
*** tkelsey has joined #openstack-barbican20:39
*** atiwari has quit IRC20:40
elmikorm_work: thanks, i'll do some reading up on Castellan20:40
*** atiwari has joined #openstack-barbican20:41
*** atiwari has quit IRC20:41
*** tkelsey has quit IRC20:43
*** alee_afk is now known as alee20:47
rm_workelmiko: it's still pretty bare, but we hope to have it fleshed out significantly better after next week20:52
*** bdpayne has quit IRC20:53
elmikorm_work: ok, i doubt my spec will land before feature freeze. but if castellan is the path forward for secret storage then we'll get in line =)20:53
elmikoit may, i'm hopefuly, but who knows20:53
woodster_elmiki, well, hopefully using castellan will accelerate the review acceptance?21:24
woodster_redrobot, hockeynut, on the quota bp, please take a look at the latest comments and tsv's summary of API calls. I think we are close...21:26
*** atiwari has joined #openstack-barbican21:27
elmikowoodster_: i dunno, from the sahara team perspective i think barbican and castellan are both relative unknowns21:33
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: All of the containers behaviors and container smoke tests  https://review.openstack.org/15178721:38
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds positive secret functional tests  https://review.openstack.org/15550222:04
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds positive container functional tests  https://review.openstack.org/15550222:06
reaperhulkinbound bug fix for pkcs11 coming22:09
reaperhulkuse after free bug wooooo22:09
* reaperhulk kills self22:09
chellygelreaperhulk for you: http://i.imgur.com/0SlSz9q.gif22:10
reaperhulkI didn't even find it22:10
* reaperhulk got emailed about it22:11
chellygelthere are 4 lights?22:11
reaperhulkwho is the cardassian torturer in this metaphor22:11
openstackgerritPaul Kehrer proposed openstack/barbican: fix a use after free bug  https://review.openstack.org/15550322:12
chellygeli think that is only something that you can answer!22:12
reaperhulkImagine that the "gcm" variable in this patch is an object that holds a reference to something else. When you call _build_gcm_mech it makes that object, assigns its value to "mech" and then returns "mech"22:13
reaperhulkThe problem with that is that the way cffi does memory ownership means that when the function returns "gcm" is now no longer in scope and can be garbage collected22:13
reaperhulkso the mech.parameter (line 436) is now pointing at memory that contains the correct data but is no longer owned by the application.22:14
woodster_hmmm....I'm getting a deja vu sort of feeling right about now...22:14
reaperhulkSo it's using the memory after freeing it. This works in most cases, but if something else allocates and overwrites that memory it now reads garbage22:14
woodster_rm_work, did you see this README by chance when you setup your local devstack env?: https://github.com/openstack-infra/devstack-gate22:15
reaperhulkWhile this is an obvious bug I'd like to have Rohit confirm it resolves the issue for him (he's able to reproduce this race condition easily in his environment) before we merge22:15
woodster_reaperhulk, that's the issue that bit you and jvrbanac a week or two back, correct?22:15
reaperhulkyep but in a diff spot :)22:15
rm_workwoodster_: hmmm22:16
reaperhulkthis one was clearly the exact same bug but we didn't notice because we weren't triggering it22:16
reaperhulkI'm surprised we haven't triggered this in our internal load testing actually, but *shrug* slab allocation22:16
reaperhulkpypy would probably trigger it. It's far more aggressive about nursery gc22:16
*** bdpayne has joined #openstack-barbican22:16
woodster_hockeynut, I think you were also trying to reproduce devstack gate results locally?22:16
rm_workwoodster_: interesting -- i did not, but i have basically replicated all of this from scratch :P22:17
woodster_reaperhulk, well other than by-inspection or stress testing, there's no cool linting tools to help out with these things?22:17
reaperhulkwoodster_: nope22:17
reaperhulkmemory leaks are a bit easier. You can hypothetically build python with support for valgrind (effectively disabling its slab allocation) and then run your tests inside valgrind at that point22:18
* reaperhulk has not tried to do that22:19
*** atiwari1 has joined #openstack-barbican22:19
reaperhulkmemory leaks are less insidious than use after free though22:19
rm_workwoodster_: i might try to do a new script based on this]22:19
reaperhulkvalgrind can find use after free, but it wouldn't catch it if it's marked for collection in Python but Python hasn't done a gc pass yet22:19
reaperhulkI suppose you could import gc and call gc.collect() as part of test infra?22:20
* reaperhulk is just spitballing22:20
reaperhulkultimately this code will get hoisted up into cryptography and become our problem (and we do intend to eventually run it under valgrind)22:21
*** atiwari has quit IRC22:21
woodster_rm_work, well given that wikis/.rsts go stale quickly you might take it with a few grains of salt, but might be helpful22:21
openstackgerritThomas Dinkjian proposed openstack/python-barbicanclient: Adds positive container functional tests  https://review.openstack.org/15550722:21
rm_workwoodster_: it looks very promising actually, but i hear ya22:21
woodster_reaperhulk, well is gc.collect() merely suggestive or is it a deterministic process?22:22
reaperhulkI have no idea :)22:22
woodster_hockeynut, had you mentioned Rally before?: https://wiki.openstack.org/wiki/Rally  This looks interesting for ci/cd testing22:22
reaperhulkaccording to the docs it looks like it immediately runs a blocking collection and it returns the number of unreachable objects22:22
* jvrbanac snickers22:22
reaperhulkjvrbanac we totally let a nasty bug slip through22:23
jvrbanacyeaaahhh22:23
woodster_exterminators are bringing bugs with them too? job security...22:24
jvrbanacreaperhulk, oops22:26
jvrbanacreaperhulk, I like how it didn't seem to come up as an issue in the limited testing we did22:26
woodster_alembic migrations on sqlite?: http://alembic.readthedocs.org/en/latest/batch.html22:27
*** alee has quit IRC22:28
reaperhulkjvrbanac: especially since the exact same bug with the attribute structs did22:28
jvrbanacreaperhulk, yeah22:28
*** xaeth_afk is now known as xaeth22:32
hockeynutwoodster_ yes looking at devstack gate locally.  also some teams use Rally, we haven't (yet)22:59
*** dimtruck is now known as zz_dimtruck22:59
woodster_hockeynut, do you recall who setup up our devstack gate job? Was it Chad?23:00
hockeynutwoodster_ I believe it was23:00
hockeynutthere are some instructions out there for setting up a "persistent" devstack machine the same as the one used in the gate.  I started down that road but then got sidetracked by other more pressing issues23:00
*** SheenaG1 has quit IRC23:03
redrobotI need to get into some of that devstack action23:06
openstackgerritMerged openstack/python-barbicanclient: All of the containers behaviors and container smoke tests  https://review.openstack.org/15178723:12
*** chlong has joined #openstack-barbican23:17
*** gyee has joined #openstack-barbican23:29
*** xaeth is now known as xaeth_afk23:33
*** gyee has quit IRC23:33
*** gyee has joined #openstack-barbican23:35
*** gyee has quit IRC23:35
*** gyee has joined #openstack-barbican23:36
*** gyee has quit IRC23:38
*** gyee has joined #openstack-barbican23:38
*** openstack has joined #openstack-barbican23:40
*** xaeth_afk is now known as xaeth23:42
*** xaeth is now known as xaeth_afk23:58
« Wednesday, 2015-02-11 Index Friday, 2015-02-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!