Friday, 2015-04-17

« Thursday, 2015-04-16 Index Saturday, 2015-04-18 »
*** SheenaG has quit IRC00:00
*** nkinder has joined #openstack-barbican00:14
*** everjeje has quit IRC00:16
*** stanzi has joined #openstack-barbican00:17
*** tkelsey has joined #openstack-barbican00:18
*** tkelsey has quit IRC00:23
*** zz_dimtruck is now known as dimtruck00:34
*** kebray_ has quit IRC00:38
*** stanzi has quit IRC00:48
*** stanzi has joined #openstack-barbican00:49
*** stanzi has quit IRC00:53
openstackgerritMerged openstack/barbican: Adding MySQL fixes to migrations  https://review.openstack.org/17361700:56
*** nkinder has quit IRC01:05
*** nkinder has joined #openstack-barbican01:49
openstackgerritMerged openstack/barbican: Refactor dogtag gate scripts  https://review.openstack.org/16193501:56
*** alee_ has quit IRC02:03
*** nkinder has quit IRC02:24
*** dimtruck is now known as zz_dimtruck02:34
*** stanzi has joined #openstack-barbican02:45
*** woodster_ has quit IRC02:50
*** stanzi has quit IRC02:53
*** stanzi has joined #openstack-barbican02:54
*** stanzi has quit IRC02:58
*** nkinder has joined #openstack-barbican03:00
*** stanzi has joined #openstack-barbican03:18
*** nkinder has quit IRC03:18
*** crc32 has joined #openstack-barbican03:20
*** dave-mccowan has joined #openstack-barbican03:23
*** stanzi has quit IRC03:26
*** stanzi has joined #openstack-barbican03:27
*** stanzi has quit IRC03:32
*** kebray has joined #openstack-barbican03:41
*** kebray has quit IRC03:41
*** kebray has joined #openstack-barbican03:46
*** xaeth_afk is now known as xaeth03:48
*** gyee has quit IRC03:52
*** stanzi has joined #openstack-barbican04:15
*** tkelsey has joined #openstack-barbican04:19
*** stanzi has quit IRC04:20
*** tkelsey has quit IRC04:24
*** nkinder has joined #openstack-barbican04:32
*** xaeth is now known as xaeth_afk04:37
*** crc32 has quit IRC04:38
*** crc32 has joined #openstack-barbican04:38
*** crc32 has quit IRC04:45
*** crc32 has joined #openstack-barbican05:15
*** openstackgerrit has quit IRC05:21
*** openstackgerrit has joined #openstack-barbican05:21
*** rm_work is now known as rm_work|away06:03
openstackgerritDave McCowan proposed openstack/barbican: Refactor RSA Functional Smoke Tests  https://review.openstack.org/17472206:20
*** tkelsey has joined #openstack-barbican06:21
openstackgerritDave McCowan proposed openstack/barbican: Refactor Translation Code for PER and DER Formats  https://review.openstack.org/17472406:22
*** tkelsey has quit IRC06:25
*** dave-mccowan has quit IRC06:51
*** jaosorior has joined #openstack-barbican07:09
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: Readability-related changes to secret store functions  https://review.openstack.org/17237807:16
*** tkelsey has joined #openstack-barbican07:18
*** chlong has quit IRC07:33
*** kebray has quit IRC07:36
*** crc32 has quit IRC08:23
*** jamielennox is now known as jamielennox|away09:49
*** woodster_ has joined #openstack-barbican12:19
*** dave-mccowan has joined #openstack-barbican12:26
*** zz_dimtruck is now known as dimtruck12:59
*** rellerreller has joined #openstack-barbican13:08
aleedave-mccowan, are you going to rebase https://review.openstack.org/#/c/171023/ ?13:28
dave-mccowanalee, now i will. :-)  thanks for reminder.13:29
aleeredrobot, jaosorior -- looked at the logs for the dogtag gate.  Not quite sure its been "fixed".13:37
aleeredrobot, jaosorior - the original problem was that something was goin wrong with the kra install.13:37
aleenow the kra install is not taking place.13:37
aleeand when the tests run, they are not actually using dogtag kra or ca13:38
aleewhich is why all the dogtag specific test cases are failing13:38
*** rellerreller has quit IRC13:40
jaosorioralee: yeah, the KRA install was having something weird, which is why I added the set -e in the beginning of the install script, to see exactly were it fails... not sure now if it helped much13:45
jaosorioralee: Then I got distracted by trying to install dog tag in a docker container for easy testing, but it seems that crashes even in the pki-ca install13:46
aleejaosorior, interesting - thats not a bad idea13:47
aleejaosorior, I'm curious where it crashes. I'll work with you to help set one up next week.13:48
jaosorioralee: sure, let me know when13:48
jaosorioralee: now, I'm still not sure why the KRA install fails13:49
jaosorioralee: referring to the gate13:49
aleejaosorior, yeah -- we need to get the logs back from the gate in order for me to figure out why13:50
jaosorioralee: uhm... I'm guessing there's no access to the /var/log/yum.log from the gate, right?13:54
aleejaosorior, I think you can specify other logs to package up -- redrobot was going to look at how to do that.  I'll need to help look into that next week.13:55
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican: ** DO NOT MERGE **  https://review.openstack.org/17488013:56
*** stanzi has joined #openstack-barbican13:57
*** stanzi has quit IRC13:58
*** dimtruck is now known as zz_dimtruck13:58
*** stanzi has joined #openstack-barbican13:58
woodster_ alee jaosorior I haven't been looking at the Dogtag gate but I'm wondering if you need to run it as a separate screen process maybe?14:04
*** zz_dimtruck is now known as dimtruck14:07
aleewoodster_, perhaps14:11
openstackgerritDave McCowan proposed openstack/barbican: Refactor Stored Key Certificate Order Validator Code  https://review.openstack.org/17102314:17
dave-mccowanalee ^^^14:18
aleedave-mccowan, ok - waiting for it to pass the gate14:19
*** rellerreller has joined #openstack-barbican14:23
rellerrellerredrobot dave-mccowan Is there anything left for the content type refactoring?14:24
rellerrellerI tested the changes with the new KMIP CR, and it all worked for me :)14:24
dave-mccowanrellerreller, everything i've tested is working now too. :-)  i have submitted two refactoring CRs, but they are functionally equivalent, just prettier.  one touches KMIP, you'll want to review that: https://review.openstack.org/17472414:26
rellerrellerdave-mccowan Glad to hear it is working for you too! You and redrobot have put in a lot of work on this. Good job and thanks!14:28
*** paul_glass has joined #openstack-barbican14:35
*** stanzi has quit IRC14:47
*** stanzi has joined #openstack-barbican14:47
hockeynutgood morning barbicaneers - got a question about our cmd line client.14:48
hockeynutcurrently you can do "barbican --help" and get help - awesomeness14:48
hockeynutshould I be able to use "barbican help secret" for example to get secret help?  Not sure if that's implemented or supported by cliff14:49
jaosoriorhockeynut: you should be able to do barbican help secret store.  But not barbican help secret because of the way it's implemented14:50
hockeynutjaosorior when I do that I get the basic barbican cmd help then ERROR: please specify authentication credentials14:51
*** igueths has joined #openstack-barbican14:51
*** stanzi has quit IRC14:52
hockeynutso each of the cmds that you see when you do --help should have associated help, but its not working that way.  Just wanted to be sure14:52
jaosoriorhockeynut: basically I took it from the way the openstackclient works. And the way out works is that underneath, "secret store" is one command, and the space is actually part of it. So just typing "help secret" won't match any command. So cliff won't be able to print help for that unless why hack around that14:53
jaosoriorhockeynut: then it's a bug14:53
hockeynutgotcha14:53
hockeynutI should have used "secret store" in my first query above, my bad (slaps self in head)14:53
jaosoriorFor usability's sake a user should be able to get help, or at list a list of the commands that are related to secrets. But we don't have that yet14:55
woodster_It would be good to catch docs up to these latest changes too. I think redrobot has been doing work there15:03
*** SheenaG has joined #openstack-barbican15:09
*** darrenmoffat has quit IRC15:16
*** darrenmoffat has joined #openstack-barbican15:16
*** rm_work|away is now known as rm_work15:18
dave-mccowanrellerreller, ping15:22
openstackgerritChelsea Winfree proposed openstack/python-barbicanclient: Fix the clientrc file to match defaults and add docs  https://review.openstack.org/17407615:24
*** kebray has joined #openstack-barbican15:29
dave-mccowanrellerreller, looking at "openssl asn1parse -inform DER -in private.der", I see that it is PKCS#1.  (there is no :rsaEncryption envelope).  the current code is using PKCS#1 DER and seems to be working.  (but is it wrong?)15:32
rellerrellerdave-mccowan pong15:38
rellerrellerYes, it is wrong. The keys should be in PKCS#8 format.15:39
rellerrellerdave-mccowan There is a tool to convert PKCS#1 to PKCS#8. It is openssl pkcs8, https://www.openssl.org/docs/apps/pkcs8.html15:40
dave-mccowanrellerreller, openssl pkcs8 -in private.pem -topk8 -outform DER -out private_pk8.der15:41
rellerrellerdave-mccown I'm surprised the KMIP device did not complain about that.15:41
rellerrellerdave-mccowan yes15:41
dave-mccowanrellerreller, so now if i fix it, will it break KMIP plugin. :-)15:41
rellerrellerdave-mccown I hope not.15:41
*** SheenaG has quit IRC15:42
dave-mccowanrellerreller, next is to figure out if I can get pyCrypto to make a _pkcs8.der.15:42
rellerrellerdave-mccowan I believe that is true. I thought I had seen that.15:43
*** joesavak has joined #openstack-barbican15:43
dave-mccowanrellerreller, got it.  funny how a nit in a code review can turn into a bug. :-)15:49
*** stanzi has joined #openstack-barbican15:50
rellerrellerdave-mccowan Oh geez. That is coming from that. That is crazy :)15:50
dave-mccowanrellerreller, and now i know more about asn1 than i ever wanted to.15:50
rellerrellerdave-mccowan Yes, asn1 is a beast.15:51
reaperhulkoh you can know so much more.15:52
* reaperhulk cries15:52
*** jsavak has joined #openstack-barbican15:55
dave-mccowanreaperhulk, do you have "asn1" on your keyword subscribe list? :-)15:58
*** chadlung has joined #openstack-barbican15:59
*** joesavak has quit IRC15:59
*** gyee has joined #openstack-barbican15:59
*** stanzi has quit IRC16:01
*** stanzi has joined #openstack-barbican16:02
*** stanzi has quit IRC16:06
*** paul_glass has quit IRC16:17
*** SheenaG has joined #openstack-barbican16:23
openstackgerritMerged openstack/python-barbicanclient: Porting over more documentation to RST from cli wiki  https://review.openstack.org/17459816:37
openstackgerritMerged openstack/python-barbicanclient: Updating client and client docs for accuracy  https://review.openstack.org/17461316:37
*** stanzi has joined #openstack-barbican16:46
*** stanzi has quit IRC16:46
*** stanzi has joined #openstack-barbican16:47
openstackgerritDave McCowan proposed openstack/barbican: Refactor and Fix Translation Code for PER and DER Formats  https://review.openstack.org/17472416:55
dave-mccowanrellerreller ^^^16:55
rellerrellerdave-mccowan Looks good!16:59
*** stanzi has quit IRC17:02
*** stanzi has joined #openstack-barbican17:02
*** stanzi has quit IRC17:03
*** stanzi has joined #openstack-barbican17:03
*** dimtruck is now known as zz_dimtruck17:05
*** stanzi_ has joined #openstack-barbican17:05
dave-mccowanrellerreller, is there more testing to be done to make sure the new format works?17:05
rellerrellerdave-mccowan I'm not sure. I tested the previous stuff with KMIP and it worked.17:05
rellerrellerYour stuff looks good to me. Unfortunately I will not have time to test it until Monday.17:06
*** stanzi_ has quit IRC17:06
rellerrellerdave-mccowan Did you have anything else mind?17:07
*** stanzi_ has joined #openstack-barbican17:07
*** stanzi has quit IRC17:08
*** stanzi_ has quit IRC17:08
dave-mccowanrellerreller, i didn't know if you had a testbed with an HSM that you were testing against.17:08
*** stanzi_ has joined #openstack-barbican17:10
rellerrellerdave-mccowan I have not done so with 174724, but I did with the other patches. I should say that I tested with the latest code from master at about 10:00 AM ET.17:10
dave-mccowanrellerreller, if you're happy with the change, i'm happy. :-)17:12
rellerrellerdave-mccowan It looks good to me. I can test it on Monday. I'm hoping that for Liberty we can have a gate check for this.17:12
rellerrellerdave-mccowan I have to leave now. My weekend has just started. Have a good weekend :)17:13
dave-mccowanrellerreller, sounds good.  you too!17:13
*** rellerreller has quit IRC17:13
*** stanzi_ has quit IRC17:14
*** stanzi has joined #openstack-barbican17:15
*** tkelsey has quit IRC17:15
*** SheenaG has quit IRC17:19
*** stanzi has quit IRC17:20
*** chadlung has quit IRC17:21
*** chadlung has joined #openstack-barbican17:33
openstackgerritDave McCowan proposed openstack/barbican: Refactor and Fix Translation Code for PER and DER Formats  https://review.openstack.org/17472417:33
*** stanzi has joined #openstack-barbican17:34
*** chadlung has quit IRC17:38
*** stanzi_ has joined #openstack-barbican17:38
*** stanzi has quit IRC17:38
*** stanzi has joined #openstack-barbican17:41
*** stanzi_ has quit IRC17:42
*** stanzi_ has joined #openstack-barbican17:44
openstackgerritMerged openstack/python-barbicanclient: Fix the clientrc file to match defaults and add docs  https://review.openstack.org/17407617:44
*** stanzi has quit IRC17:45
*** stanzi_ has quit IRC17:48
*** stanzi_ has joined #openstack-barbican17:52
*** jaosorior has quit IRC17:52
*** stanzi has joined #openstack-barbican17:55
*** stanzi_ has quit IRC17:56
*** stanzi has quit IRC17:59
*** stanzi has joined #openstack-barbican17:59
*** SheenaG has joined #openstack-barbican18:00
*** stanzi has quit IRC18:05
*** stanzi has joined #openstack-barbican18:06
openstackgerritJohn Wood proposed openstack/barbican: Add order_retry_tasks migration per latest model  https://review.openstack.org/16994618:06
*** stanzi has quit IRC18:10
*** stanzi has joined #openstack-barbican18:11
*** stanzi has quit IRC18:15
*** stanzi has joined #openstack-barbican18:15
*** stanzi has quit IRC18:26
*** stanzi has joined #openstack-barbican18:27
*** stanzi_ has joined #openstack-barbican18:27
*** stanzi__ has joined #openstack-barbican18:29
*** stanzi has quit IRC18:31
*** stanzi_ has quit IRC18:32
*** stanzi__ has quit IRC18:33
*** stanzi has joined #openstack-barbican18:34
*** stanzi_ has joined #openstack-barbican18:36
*** stanzi has quit IRC18:36
*** stanzi_ has quit IRC18:39
*** stanzi has joined #openstack-barbican18:40
redrobotdave-mccowan heya!18:45
dave-mccowanredrobot o/18:45
redrobotdave-mccowan I'm trying to figure out how much more work still needs to be done for RC118:45
dave-mccowanredrobot, good idea.  let's bug scrub.18:46
redrobotdave-mccowan ok, looking at https://bugs.launchpad.net/barbican/+bug/144301018:47
openstackLaunchpad bug 1443010 in Barbican "Ordered RSA Container Returns Secrets in Bad Format" [Undecided,New] - Assigned to Dave McCowan (dave-mccowan)18:47
redrobotdave-mccowan is that still broken?18:47
dave-mccowanredrebot 1443010, 1443009, and 1443008 were all fixed by the "big CR".  bummer I forgot to add Closes-Bug tags.18:48
*** chadlung has joined #openstack-barbican18:48
*** kebray has quit IRC18:49
dave-mccowanredrobot, 1445575 is needed per rellerreller.  my DER format was wrong for KMIP, even though it worked.18:49
dave-mccowanredrobot, if you don't mind, i was going to write a retrospective blueprint that you can mark complete for test_rsa.py.18:50
dave-mccowanredrobot also, you can mark complete the bandit-gate blueprint.  it runs as an experimental gate now and is working.  we can promote that to non-voting check sometime in liberty.18:51
*** SheenaG has quit IRC18:55
redrobotdave-mccowan ok, I marked the big CR bugs as "fix commited"18:57
redrobotdave-mccowan is there a CR already for the 1445575 fix?18:58
redrobotdave-mccowan oh never mind, I see it18:59
*** kebray has joined #openstack-barbican18:59
dave-mccowanredrobot, rellerreller gave it +2, but it cleared when i pushed a patch for 100% coverage19:00
redrobotdave-mccowan yeah, I have a pending question on it19:00
*** SheenaG has joined #openstack-barbican19:01
dave-mccowanredrobot ok, i can fix the decorator19:01
dave-mccowanredrobot, i'm not sure if it's necessary, but there is still some more validator checks that can be done.  for example, checking secret ACLs when storing a container or ordering a certificate.  that requires, as a base, a CR that I have pending.19:08
redrobotdave-mccowan do you think they are must-haves or nice-to-haves?19:09
dave-mccowanredrobot,  i think the symptom will be user gets a 500, instead of a 400.   alee, what do you think?19:10
redrobotdave-mccowan hmmm... yeah def sounds like a must-have19:13
redrobotwhat's the CRs?19:13
dave-mccowanhttps://review.openstack.org/17102319:14
dave-mccowanbut that is just to get the project_id inside the validator.  now the ACL checking code needs to be written.19:15
*** chadlung has quit IRC19:21
*** SheenaG has quit IRC19:24
*** kebray has quit IRC19:34
jvrbanacredrobot, https://review.openstack.org/#/c/171839/19:38
woodster_alee, elmiko, please take a look when you can: https://review.openstack.org/#/c/169946/19:41
elmikowoodster_: ack, lgtm19:42
*** SheenaG has joined #openstack-barbican19:47
openstackgerritDave McCowan proposed openstack/barbican: Refactor RSA Functional Smoke Tests  https://review.openstack.org/17472219:55
openstackgerritDave McCowan proposed openstack/barbican: Refactor and Fix Translation Code for PER and DER Formats  https://review.openstack.org/17472419:59
*** paul_glass has joined #openstack-barbican20:03
*** kebray has joined #openstack-barbican20:04
*** chadlung has joined #openstack-barbican20:06
*** openstackgerrit has quit IRC20:22
*** openstackgerrit has joined #openstack-barbican20:23
*** gyee has quit IRC20:32
*** stanzi has quit IRC20:35
-openstackstatus- NOTICE: Gerrit will be unavailable between 22:00 and 23:59 UTC for project renames and a database update.21:03
openstackgerritDave McCowan proposed openstack/barbican: Refactor RSA Functional Smoke Tests  https://review.openstack.org/17472221:08
*** openstackgerrit has quit IRC21:23
*** openstackgerrit has joined #openstack-barbican21:23
*** igueths has quit IRC21:33
*** alee has quit IRC21:35
*** chadlung has quit IRC21:43
*** jamielennox|away is now known as jamielennox21:48
openstackgerritMerged openstack/barbican: Add order_retry_tasks migration per latest model  https://review.openstack.org/16994621:50
*** paul_glass has quit IRC21:58
*** jsavak has quit IRC22:02
-openstackstatus- NOTICE: Gerrit is unavailable until 23:59 UTC for project renames and a database update.22:03
-openstackstatus- NOTICE: Gerrit is unavailable until 23:59 UTC for project renames and a database update.22:06
*** ChanServ changes topic to "Gerrit is unavailable until 23:59 UTC for project renames and a database update."22:06
*** dave-mccowan has quit IRC22:44
*** kebray has quit IRC22:50
*** ChanServ changes topic to "Kilo RC1 due April 9 https://launchpad.net/barbican/+milestone/kilo-rc1"23:03
-openstackstatus- NOTICE: Gerrit is available again.23:03
*** jamielennox is now known as jamielennox|away23:30
openstackgerritMerged openstack/python-barbicanclient: Raising errors from the client instead of ksclient  https://review.openstack.org/17183923:45
« Thursday, 2015-04-16 Index Saturday, 2015-04-18 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!