*** vivek-eb_ has joined #openstack-barbican | 00:18 | |
*** vivek-ebay has quit IRC | 00:18 | |
alee | dave-mccowan, interesting .. I got it working this way .. | 00:38 |
---|---|---|
alee | dave-mccowan, http://paste.openstack.org/show/467062/ | 00:39 |
alee | dave-mccowan, I think it makes a bit more sense in it really is a union between two different queries | 00:40 |
*** david-lyle has quit IRC | 00:40 | |
dave-mccowan | alee i'll buy it. | 00:41 |
alee | dave-mccowan, booyah! the patch passed the gate! | 00:41 |
alee | dave-mccowan, https://review.openstack.org/#/c/222583/ | 00:42 |
dave-mccowan | alee do you know the "rules" around when we need to call session.flush() and/or session.commit() | 00:42 |
alee | dave-mccowan, +2 it please | 00:42 |
alee | dave-mccowan, no - woodster_ would be the one to ask about that | 00:42 |
alee | but if I recall correctly, you want to do it as little as possible and let sqlalchemy figure out when to do it itself | 00:43 |
dave-mccowan | alee i added some to the refresh_table() code and the intermittent failures went away | 00:43 |
alee | ah good to know | 00:44 |
*** david-lyle has joined #openstack-barbican | 00:44 | |
alee | seems like a reasonable idea -- I wonder if that method needs to be synchronized in some way .. | 00:44 |
alee | especially if updates are actually happening | 00:44 |
alee | well - only if updates are actually happening | 00:45 |
dave-mccowan | alee http://paste.openstack.org/show/467064/ | 00:46 |
alee | dave-mccowan, gotta put kids to bed - back in a little bit .. | 00:47 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Finish Initialization of CA Table when Barbican Starts https://review.openstack.org/224156 | 00:50 |
*** vivek-eb_ has quit IRC | 00:53 | |
*** su_zhang has quit IRC | 01:00 | |
openstackgerrit | Dave McCowan proposed openstack/barbican: Finish Initialization of CA Table when Barbican Starts https://review.openstack.org/224156 | 01:00 |
alee | dave-mccowan, your patch is on top of the latest one I checked in? | 01:08 |
dave-mccowan | yes. | 01:09 |
alee | ok - I'll take a look, but we'll need to wait for Ozz to get a second +2 | 01:09 |
dave-mccowan | if i mark the other jobs (that will fail w/o your patch) with WIP, will they stop running in the gate? | 01:09 |
rm_you | i don't think WIP stops queued jobs | 01:10 |
rm_you | or unqueues them | 01:10 |
dave-mccowan | rm_you btw, have you seen the email thread on openstack-dev about lbaas and barbican? | 01:11 |
dave-mccowan | hmmm... the queue just emptied, alee was that you? | 01:11 |
alee | dave-mccowan, nope | 01:12 |
dave-mccowan | ah... they actually finished (and failed). zuul is back on track. | 01:12 |
rm_you | dave-mccowan: err, maybe? which one | 01:14 |
rm_you | dave-mccowan: is it the one i responded to a couple of times? | 01:14 |
dave-mccowan | [openstack-dev] [Barbican] Providing service user read access to all tenant's certificates | 01:16 |
*** lisaclark1 has joined #openstack-barbican | 01:18 | |
*** lisaclark1 has left #openstack-barbican | 01:28 | |
openstackgerrit | Merged openstack/barbican: Add functional test for project CA https://review.openstack.org/222583 | 01:36 |
*** zz_dimtruck is now known as dimtruck | 01:43 | |
rm_you | can you prod my change too? | 01:50 |
rm_you | https://review.openstack.org/#/c/224220/ | 01:50 |
rm_you | failed due to the cas thing | 01:50 |
rm_you | dave-mccowan: ^^ | 01:54 |
dave-mccowan | rm_you the fix just merged. just click rebase and you should be good. | 01:55 |
dave-mccowan | oh. i see, it needs a new workflow. i'm on it. | 01:57 |
dave-mccowan | rm_you ^^ | 01:57 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Add barbicanclient clone back (was overzealous in pruning) https://review.openstack.org/224220 | 01:57 |
dave-mccowan | rm_you i'll watch it and +W it after the gate passes. | 01:58 |
*** xaeth_afk is now known as xaeth | 02:13 | |
rm_you | dave-mccowan: thanks | 02:13 |
*** xaeth has left #openstack-barbican | 02:14 | |
*** diazjf has joined #openstack-barbican | 02:16 | |
*** xaeth has joined #openstack-barbican | 02:17 | |
*** xaeth is now known as xaeth_afk | 02:23 | |
openstackgerrit | Dave McCowan proposed openstack/barbican: Clean up CAs Policy Rules https://review.openstack.org/224963 | 02:26 |
*** gyee has quit IRC | 02:30 | |
openstackgerrit | Dave McCowan proposed openstack/barbican: Handle case of no logging environment variables https://review.openstack.org/224966 | 02:43 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Updates quota values to be read from conf file https://review.openstack.org/224903 | 02:45 |
alee | dave-mccowan, your init CR has failures .. | 02:49 |
*** su_zhang has joined #openstack-barbican | 02:50 | |
dave-mccowan | alee yea, the unit tests can't keep track of how many CAs there are. | 02:50 |
alee | dave-mccowan, ah | 02:51 |
alee | dave-mccowan, I'm almost done with a CR to fix GET /cas to send back the right number based on project | 02:51 |
alee | dave-mccowan, you might want to rebase on top of that | 02:52 |
alee | dave-mccowan, wait its functional tests not unit tests failing, right? | 02:53 |
alee | dave-mccowan, ah quota unit tests .. | 02:53 |
dave-mccowan | alee yea, that's a new one. i don't think it failed for me locally. | 02:55 |
alee | dave-mccowan, I think I'm going to want to consult with woodster_ and jaosorior about the commits() | 02:55 |
alee | and flushes() | 02:56 |
dave-mccowan | alee me too. and then i want to double check all my other database code after we learn the right way. :-) | 02:56 |
alee | :) | 02:57 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Add function to catch unknown attributes in URI https://review.openstack.org/224979 | 03:24 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Finish Initialization of CA Table when Barbican Starts https://review.openstack.org/224156 | 03:35 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Python 3 Refactoring: Replace six.iteritems() with the preferred items() https://review.openstack.org/219946 | 03:48 |
openstackgerrit | Merged openstack/barbican: Add barbicanclient clone back (was overzealous in pruning) https://review.openstack.org/224220 | 03:50 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Clean up CAs Policy Rules https://review.openstack.org/224963 | 03:53 |
openstackgerrit | Ade Lee proposed openstack/barbican: Fix ca related controllers https://review.openstack.org/224126 | 04:02 |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Cleanup Secrets created after Order functional tests https://review.openstack.org/224990 | 04:05 |
*** edtubill has joined #openstack-barbican | 04:25 | |
*** edtubill has quit IRC | 04:30 | |
*** edtubill has joined #openstack-barbican | 04:31 | |
openstackgerrit | Elvin Tubillara proposed openstack/python-barbicanclient: barbican help needs authentication https://review.openstack.org/224467 | 04:33 |
rm_work | that jeebus, finally | 04:37 |
rm_work | that always annoyed me but i never managed to find time to look into it | 04:38 |
rm_work | *thank jeebus | 04:38 |
*** dimtruck is now known as zz_dimtruck | 04:39 | |
*** vivek-ebay has joined #openstack-barbican | 04:39 | |
alee | dave-mccowan, that test has been added to the run_tests SKIP | 04:39 |
alee | regex | 04:39 |
alee | dave-mccowan, I could add it to the other test case class but I think I plan to add some more tests there | 04:40 |
dave-mccowan | alee you're missing a \ in the regex. (i noticed this test failed in the dvsm-new run.) | 04:43 |
alee | ugh | 04:44 |
alee | dave-mccowan, phooey | 04:45 |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Cleanup Secrets created after Order functional tests https://review.openstack.org/224990 | 04:45 |
alee | dave-mccowan, adding a few more funcitonal tests and then resubmitting .. | 04:46 |
dave-mccowan | alee i'm done for the night. see you tomorrow. | 04:47 |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Cleanup Secrets created after Order functional tests https://review.openstack.org/224990 | 04:47 |
alee | dave-mccowan, yup -- I may be crashing soon too. | 04:47 |
alee | :) | 04:47 |
alee | night | 04:47 |
*** dave-mccowan has quit IRC | 04:47 | |
rm_work | Fixed the gate migration thing: https://review.openstack.org/#/c/220370/ | 05:04 |
*** vivek-ebay has quit IRC | 05:22 | |
*** openstackgerrit has quit IRC | 05:31 | |
*** openstackgerrit has joined #openstack-barbican | 05:31 | |
*** edtubill has quit IRC | 05:46 | |
*** shohel has joined #openstack-barbican | 06:06 | |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Cleanup Secrets created after Order functional tests https://review.openstack.org/224990 | 06:08 |
openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Imported Translations from Zanata https://review.openstack.org/224227 | 06:22 |
*** jroll has quit IRC | 06:27 | |
*** eglute has quit IRC | 06:27 | |
*** jroll has joined #openstack-barbican | 06:33 | |
*** eglute has joined #openstack-barbican | 06:33 | |
*** su_zhang has quit IRC | 07:00 | |
*** woodster_ has quit IRC | 07:09 | |
*** diazjf has quit IRC | 07:27 | |
*** darrenmoffat has quit IRC | 08:40 | |
*** darrenmoffat has joined #openstack-barbican | 08:41 | |
*** chlong has quit IRC | 08:47 | |
*** Kevin_Zheng has quit IRC | 11:25 | |
*** jaosorior has joined #openstack-barbican | 11:41 | |
*** dave-mccowan has joined #openstack-barbican | 11:45 | |
openstackgerrit | Dave McCowan proposed openstack/barbican: Finish Initialization of CA Table when Barbican Starts https://review.openstack.org/224156 | 11:48 |
jaosorior | dave-mccowan: ping | 11:52 |
dave-mccowan | jaosorior pong | 11:52 |
jaosorior | dave-mccowan: https://review.openstack.org/#/c/224156/5/barbican/api/controllers/cas.py in that file. In what case will the plugin entries have expired? | 11:52 |
dave-mccowan | jaosorior i don't know why, but when they are created they with an expiration timestamp. https://github.com/openstack/barbican/blob/master/barbican/model/repositories.py#L1392 | 11:54 |
jaosorior | dave-mccowan: Interesting. Gotta ask alee why is that so | 11:56 |
dave-mccowan | jaosorior the biggest question i have about that CR is using session.flush() and commit(). i had some problems where the cas list sometimes came back empty after i wrote to it. that problem seemed to go away when i added flush/commit. i'd like to know if/when we need to use them. | 11:57 |
jaosorior | I think there exists an entity.save() that basically does those operations | 11:57 |
dave-mccowan | jaosoior. yea, i stepped through the code. we do call entity.save() with each _add_ca() | 11:59 |
*** kebray has joined #openstack-barbican | 12:00 | |
*** everjeje has quit IRC | 12:03 | |
*** shohel has quit IRC | 12:04 | |
*** shohel has joined #openstack-barbican | 12:04 | |
*** chlong has joined #openstack-barbican | 12:06 | |
*** chlong has quit IRC | 12:07 | |
*** chlong has joined #openstack-barbican | 12:07 | |
*** shohel has quit IRC | 12:12 | |
*** everjeje has joined #openstack-barbican | 12:19 | |
*** shohel has joined #openstack-barbican | 12:32 | |
*** zz_dimtruck is now known as dimtruck | 12:39 | |
alee | dave-mccowan, jaosorior - morning ya'll.. | 12:51 |
dave-mccowan | alee good morning! | 12:51 |
*** dimtruck is now known as zz_dimtruck | 12:55 | |
alee | dave-mccowan, still workiing on getting a new patch up. I started adding new tests and quickly saw some problems with get_preferred | 12:55 |
alee | dave-mccowan, which I think you saw before. | 12:55 |
dave-mccowan | alee have you looked through my patches from yesterday? i've got fixes to a couple think i saw. | 12:55 |
alee | yeah - I did -- and ended up putting a couple of those fixes in I think | 12:56 |
alee | dave-mccowan, anyways I think I;m going to take out the new tests for now and just get the original patch in (and passing tests) | 12:57 |
alee | then look at the preferred thing as a separate patch | 12:57 |
*** su_zhang has joined #openstack-barbican | 12:59 | |
dave-mccowan | alee how is global_preferred supposed to fit in to the whole "select the preferred" algorithm? | 13:01 |
alee | dave-mccowan, this is set by the barbican service admin | 13:01 |
alee | (optionaly) | 13:01 |
alee | if a request comes in without a ca_id, | 13:02 |
alee | and the project admin has not set any project cas - and therefore no preferred cas | 13:03 |
alee | then the request will go to the global preferred ca | 13:03 |
alee | (instead of just whatever the first available is) | 13:03 |
alee | well - first configured | 13:03 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Finish Initialization of CA Table when Barbican Starts https://review.openstack.org/224156 | 13:06 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Clean up CAs Policy Rules https://review.openstack.org/224963 | 13:07 |
*** rellerreller has joined #openstack-barbican | 13:09 | |
alee | dave-mccowan, ping | 13:19 |
dave-mccowan | alee pong | 13:20 |
alee | dave-mccowan, right now - GET /preferred returns a list of references that looks like ["cas", ["htpps://foo"]] | 13:20 |
alee | does that make sense? | 13:20 |
*** zz_dimtruck is now known as dimtruck | 13:20 | |
dave-mccowan | alee would it always be a list of one? | 13:21 |
alee | dave-mccowan, or should we really return a ca object? like get_ca does | 13:21 |
alee | yes | 13:21 |
alee | or just a reference? | 13:21 |
alee | "ca", "http://foo" | 13:22 |
alee | dave-mccowan, my inclination is a ca object -- like get_ca .. | 13:23 |
dave-mccowan | alee it should be something with json braces. one idea, off the top of my head: {'ca': {'ref' : 'http://foo'}} | 13:24 |
dave-mccowan | alee but i like being consistent with get_ca. that's sounds better. | 13:24 |
alee | dave-mccowan, ok - thats what I'll do | 13:24 |
*** woodster_ has joined #openstack-barbican | 13:32 | |
dave-mccowan | woodster_ ping. i need some wisdom on how to properly use session.flush(), .commit(), etc. https://review.openstack.org/224156 | 13:33 |
*** dimtruck is now known as zz_dimtruck | 13:39 | |
*** kebray has quit IRC | 13:42 | |
*** openstackgerrit has quit IRC | 13:46 | |
*** openstackgerrit has joined #openstack-barbican | 13:46 | |
*** zz_dimtruck is now known as dimtruck | 13:55 | |
*** kebray has joined #openstack-barbican | 13:59 | |
*** spotz_zzz is now known as spotz | 14:01 | |
jaosorior | Anybody in need of reviews? | 14:02 |
dave-mccowan | jaosorior o/ | 14:06 |
dave-mccowan | jaosorior there are several patches out now that are must-haves for Release Candidate next week. | 14:06 |
dave-mccowan | jaosorior we should prioritize those... non-urgent patches can go straight to Mitaka | 14:07 |
dave-mccowan | https://review.openstack.org/224979 | 14:08 |
dave-mccowan | https://review.openstack.org/224963 | 14:08 |
dave-mccowan | https://review.openstack.org/224156 | 14:08 |
dave-mccowan | https://review.openstack.org/220370 | 14:08 |
dave-mccowan | https://review.openstack.org/224903 | 14:09 |
dave-mccowan | jaosorior ^^^ it would be awesome if at least those five landed today-ish. | 14:10 |
*** kfarr has joined #openstack-barbican | 14:13 | |
jaosorior | dave-mccowan: reviewing | 14:18 |
*** jroll is now known as jroll|dupe | 14:31 | |
*** jroll|dupe is now known as brickednick | 14:31 | |
*** david-lyle has quit IRC | 14:31 | |
*** brickednick is now known as jroll | 14:31 | |
*** edtubill has joined #openstack-barbican | 14:31 | |
dave-mccowan | alee: jaosorior and i were wondering this morning why CAs have an expiration date. | 14:35 |
*** edtubill has quit IRC | 14:36 | |
alee | dave-mccowan, jaosorior about to push out an update to the big CR | 14:36 |
alee | just as soon as the func tests run | 14:36 |
alee | its a big one - sorry -- just kept growing | 14:37 |
alee | dave-mccowan, jaosorior so expiration .. | 14:37 |
alee | dave-mccowan, jaosorior the idea here is that the actual cas/subcas that are being provided by the backend ca are really defined at the backend ca | 14:38 |
alee | that is -- I can go directly to dogtag and create a new subca | 14:39 |
alee | but then barbican wont know anything about it | 14:39 |
alee | because it wasn;t created through barbican | 14:39 |
jaosorior | alee: Is it then possible for a CA to not have expiration? | 14:39 |
alee | so the only way to keep in sync is to poll the ca regularly | 14:40 |
*** kebray has quit IRC | 14:40 | |
alee | jaosorior, the ca plugin itself defines what its expiration is | 14:40 |
alee | jaosorior, so if it want to set it to 10 years , fine | 14:40 |
*** pglass has joined #openstack-barbican | 14:41 | |
dave-mccowan | alee what is the trigger in the code for Barbican to search for new ones? it seems with the logic now the trigger is expiration of *all* of the old ones | 14:41 |
alee | dave-mccowan, right -- the idea is that the ca plugin will expira all its cas at the same time | 14:42 |
alee | then when refresh is called -- it will query the plugin | 14:42 |
alee | and get all the supported cas/subcas | 14:42 |
dave-mccowan | alee, jaosorior the code seems to allow for expiration == None. | 14:42 |
alee | jaosorior, dave-mccowan - its a compromse between checking each operation - and never checking | 14:43 |
*** edtubill has joined #openstack-barbican | 14:43 | |
dave-mccowan | alee it would be cleaner to have that "timer" as part of the plugin definition, instead of every CA and sub-CA. | 14:44 |
*** silos has joined #openstack-barbican | 14:44 | |
alee | dave-mccowan, absolutely | 14:44 |
alee | dave-mccowan, I think thats a bug to be filed .. | 14:44 |
alee | (and fixed) | 14:44 |
dave-mccowan | alee three cheers for /v2/ | 14:45 |
jaosorior | hahaha yeah | 14:45 |
*** diazjf has joined #openstack-barbican | 14:46 | |
openstackgerrit | Ade Lee proposed openstack/barbican: Fix ca related controllers https://review.openstack.org/224126 | 14:47 |
alee | dave-mccowan, jaosorior ^^ | 14:47 |
alee | dave-mccowan, I incorporated a bit of one of your fixes in there to get it to work .. | 14:47 |
openstackgerrit | Christopher Solis proposed openstack/barbican: Updates quota values to be read from conf file https://review.openstack.org/224903 | 14:48 |
dave-mccowan | alee after this, do you have much left on the known to-do list? | 14:49 |
alee | dave-mccowan, when I ran it , I ran into some quota failure -- but it may pass on the gate | 14:49 |
alee | dave-mccowan, the known knowns .. :) | 14:49 |
alee | dave-mccowan, a little bit -- mostly cleanup -- let me find my list | 14:50 |
jaosorior | alee: reviewing | 14:50 |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Cleanup Secrets created after Order functional tests https://review.openstack.org/224990 | 14:51 |
alee | dave-mccowan, 1. getting ca_behaviors to track project_cas so we can unskip the funcitonal test in my latest patch - and maybe add more preferred_ca and project_ca functonal tests | 14:52 |
*** kebray has joined #openstack-barbican | 14:52 | |
alee | 2. fixing genertion of intermediates in the snakeoil ca | 14:52 |
alee | 3. updating dogtag plugin to provide subcas | 14:52 |
alee | dave-mccowan, those are the main things | 14:53 |
alee | 4. updating the quickstart/api docs for cas | 14:53 |
*** kfarr has quit IRC | 14:54 | |
*** kebray has quit IRC | 14:54 | |
alee | dave-mccowan, I also had a note to confirm that when issuing a cert, we need to ensure that if a subca is being used, then it must be owned by the requestees project. | 14:54 |
alee | would be good to have a functional test to prove that | 14:55 |
*** kebray has joined #openstack-barbican | 14:55 | |
alee | dave-mccowan, jaosorior maybe I should put all these on an etherpad | 14:55 |
jaosorior | alee: Probably that's a good idea | 14:57 |
dave-mccowan | alee etherpad sounds good. also also on that page we should have a list of patches out for review that need to land for liberty. everything else gets deferred to mitaka. | 14:58 |
alee | dave-mccowan, jaosorior https://etherpad.openstack.org/p/barbican_cas_todo_list | 15:02 |
alee | dave-mccowan, jaosorior feel free to add patches etc. | 15:02 |
jaosorior | alee: will do | 15:05 |
jaosorior | Buuuut I gotta go now. Have a good day people :D | 15:05 |
*** jaosorior has quit IRC | 15:06 | |
openstackgerrit | Fernando Diaz proposed openstack/barbican: Remove .pyc files before performing functional tests https://review.openstack.org/223219 | 15:08 |
alee | dave-mccowan, whats the gate like today? | 15:08 |
alee | rellerreller, woodster_ we may need another reviewer for some of the ca stuff please. | 15:11 |
*** xaeth_afk is now known as xaeth | 15:12 | |
dave-mccowan | alee much better | 15:21 |
*** ccneill has joined #openstack-barbican | 15:22 | |
dave-mccowan | alee yesterday afternoon, there were 450+ jobs queued. now just 63. we need rm_work's patch to land in to infra, so we don't run the devstack tests twice. | 15:23 |
dave-mccowan | elmiko ping | 15:24 |
alee | dave-mccowan, hey - how do I see the progress of the current run? | 15:24 |
elmiko | dave-mccowan: hey | 15:25 |
dave-mccowan | alee if you're on zuul's page, filter on "barbican" and then click in the middle of the box of the job you're interested in. | 15:25 |
alee | ah cool | 15:26 |
*** igueths has joined #openstack-barbican | 15:26 | |
dave-mccowan | elmiko are you an infra core? it would be nice to land this one: https://review.openstack.org/#/c/220370/ it will help our gate jobs go faster. | 15:26 |
igueths | Hi all. | 15:26 |
alee | click on middle .. | 15:26 |
elmiko | dave-mccowan: ah, sorry not me | 15:26 |
dave-mccowan | elmiko sorry. i guess you just seemed like the powerful type. ;-) | 15:27 |
elmiko | dave-mccowan: lol, /me blushes | 15:28 |
dave-mccowan | alee did you find it? | 15:29 |
alee | dave-mccowan, yeah -- loks like my coverage will fail - but not sure why .. | 15:29 |
alee | dave-mccowan, looks like its failing to run | 15:30 |
redrobot | good (ugt) mornin' | 15:30 |
alee | redrobot, you're just in time | 15:31 |
alee | redrobot, we need another core reviewer for the ca stuff - and you've been nominated | 15:32 |
redrobot | alee lol, sounds good, what CRs? | 15:34 |
alee | redrobot, lets start with my big one .. | 15:34 |
alee | https://review.openstack.org/224126 | 15:34 |
alee | dave-mccowan also has some as well | 15:35 |
dave-mccowan | redrobot: the six on this etherpad are all must-have (IMO) for RC1. https://etherpad.openstack.org/p/barbican_cas_todo_list | 15:35 |
redrobot | dave-mccowan ack | 15:37 |
*** shohel has quit IRC | 15:37 | |
dave-mccowan | alee if you're getting intermittent unit test failures in test_cas.py, you may want to rebase on my CR 224156 | 15:38 |
dave-mccowan | alee i had that... worked locally and failed in the gate. i added plugin_name filters to help the test cases count cas. | 15:40 |
*** gyee has joined #openstack-barbican | 15:42 | |
alee | dave-mccowan, aaargh .. waiting to gate tests - like watching paint dry .. | 15:44 |
*** su_zhang has quit IRC | 15:54 | |
alee | dave-mccowan, redrobot the gate finally came back on my https://review.openstack.org/#/c/224126/ | 15:58 |
alee | dave-mccowan, redrobot it looks like there are some failures there - but in fact, the coverage one just plain failed to run and the new gate ended up quitting on the second run of the funtonal tests | 15:59 |
alee | like the server just went down | 16:00 |
alee | dave-mccowan, redrobot - those gates are non-voting and they have nothing to do with my CR | 16:00 |
alee | dave-mccowan, did you have coments on this CR? | 16:01 |
*** diazjf has quit IRC | 16:08 | |
*** everjeje has quit IRC | 16:32 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/224598 | 16:36 |
*** rellerreller has quit IRC | 16:38 | |
*** vivek-ebay has joined #openstack-barbican | 16:46 | |
woodster_ | alee, are you there? | 16:49 |
alee | woodster_, yup | 16:49 |
woodster_ | alee: are you talking about the CA CRs that Dave is putting up? | 16:49 |
alee | woodster_, there are a bunch .. | 16:50 |
alee | https://etherpad.openstack.org/p/barbican_cas_todo_list | 16:50 |
alee | woodster_, ^^ | 16:50 |
alee | woodster_, many are small but a couple are large | 16:51 |
woodster_ | alee, wow, ok there are a bunch | 16:51 |
alee | woodster_, https://review.openstack.org/#/c/224126/ is big as is https://review.openstack.org/#/c/224156 | 16:52 |
alee | woodster_, the rest are a lot smaller | 16:52 |
alee | woodster_, but the big ones are where we need more eyes | 16:52 |
dave-mccowan | woodster_ we had a specific question about: https://review.openstack.org/224156 the question is: when should we use flush() and commit()? i saw some weirdness (missing DB entries) that went away when I added them. but, i'd rather know for sure when and what we are supposed to use. | 16:53 |
*** su_zhang has joined #openstack-barbican | 16:54 | |
dave-mccowan | alee i'm slogging through yours now. | 16:55 |
*** rellerreller has joined #openstack-barbican | 16:55 | |
dave-mccowan | alee we're going to have merge conflicts :-( | 16:56 |
alee | dave-mccowan, thanks. yeah - but not too many I think | 16:56 |
*** chadlung has joined #openstack-barbican | 16:57 | |
*** su_zhang has quit IRC | 17:06 | |
*** kebray has quit IRC | 17:06 | |
dave-mccowan | woodster_ thanks for the review. where to call initialize is something we talked about this week. can you recommend a better place? the other places we considered all came before controllers init... | 17:13 |
woodster_ | dave-mccowan: can you just do in the on_get() as you have now? | 17:14 |
woodster_ | dave-mccowan: so make it a lazy process...only computed when you need it? | 17:15 |
dave-mccowan | woodster_ only if we can impose on users that the first call they do is GET /cas/. | 17:16 |
woodster_ | dave-mccowan: well, how many operations require that cas info to be set from the plugins? | 17:16 |
dave-mccowan | woodster_, alee. i think all of them. without the init, barbican thinks there are zero CAs. | 17:17 |
alee | woodster_, dave-mccowan I would say all the operations in /cas and then issuing a cert request | 17:18 |
alee | woodster_, dave-mccowan we already call refresh() in the case of a cert request | 17:18 |
dave-mccowan | alee, woodster_ that does seem like a simple and safe fix though. | 17:20 |
woodster_ | so I'm thinking a common refresh() place that /cas operations can call off to to check refresh on plugins | 17:20 |
woodster_ | so could eventually only check if a time period has elapsed since the last check | 17:21 |
alee | what about in _lookup() on the cas controller? | 17:22 |
alee | and mayeb also then get_cas() etc. | 17:22 |
dave-mccowan | woodster_ a common call is good. we could even tie it into a message service too, for a plugin to poke Barbican to refresh. | 17:23 |
dave-mccowan | alee, woodster_ i like being direct and obvious.... just add a one-liner to each method that needs current data. | 17:24 |
alee | dave-mccowan, sure thats fine with me. | 17:24 |
alee | woodster_, had a chance to look at my CR yet? dave-mccowan ? | 17:24 |
openstackgerrit | Merged openstack/barbican: Add function to catch unknown attributes in URI https://review.openstack.org/224979 | 17:27 |
openstackgerrit | Merged openstack/barbican: Remove .pyc files before performing functional tests https://review.openstack.org/223219 | 17:30 |
*** diazjf has joined #openstack-barbican | 17:35 | |
dave-mccowan | alee, woodster. i took out the flush()/commit() and i'm back to broken. each all to refresh() is building new CAs. http://paste.openstack.org/show/468260/ | 17:53 |
openstackgerrit | Arun Kant proposed openstack/python-barbicanclient: Part 2: Adding ACL support for CLI commands and docs https://review.openstack.org/208343 | 17:59 |
*** su_zhang has joined #openstack-barbican | 18:06 | |
openstackgerrit | Arun Kant proposed openstack/python-barbicanclient: Part 2: Adding ACL support for CLI commands and docs https://review.openstack.org/208343 | 18:06 |
*** su_zhang_ has joined #openstack-barbican | 18:09 | |
*** su_zhang has quit IRC | 18:12 | |
openstackgerrit | Arun Kant proposed openstack/python-barbicanclient: Part 2: Adding ACL support for CLI commands and docs https://review.openstack.org/208343 | 18:18 |
openstackgerrit | Arun Kant proposed openstack/python-barbicanclient: Part 3: Adding ACL functional tests. https://review.openstack.org/208344 | 18:18 |
*** rellerreller has quit IRC | 18:19 | |
alee | dave-mccowan, woodster_ any other comments on https://review.openstack.org/#/c/224126/ ? | 18:20 |
alee | dave-mccowan, woodster_ I only see Oz's comments and they're pretty straightforward. | 18:21 |
alee | I could rebase on top of dave's patch - but I want to wait until thats in a final form. | 18:21 |
dave-mccowan | alee speaking of final form for init. what do you think? without flush/commit, it doesn't work. so, i'd like to leave it. | 18:26 |
alee | dave-mccowan, well thats a mighty good argument for leaving them in. | 18:27 |
alee | woodster_, ^^ what do you think ? you're the expert here in db sqlalchemy stuff. | 18:27 |
alee | dave-mccowan, you have no objections to anything else in my patch? | 18:28 |
*** mragupat has joined #openstack-barbican | 18:31 | |
dave-mccowan | alee not really. if we had more time, i'd bring up some nits... | 18:32 |
*** kebray has joined #openstack-barbican | 18:33 | |
alee | dave-mccowan, nits are for post-rc1 | 18:34 |
*** kebray has quit IRC | 18:35 | |
*** kebray has joined #openstack-barbican | 18:45 | |
*** kebray has quit IRC | 18:45 | |
*** kebray has joined #openstack-barbican | 18:46 | |
redrobot | alee looks like https://review.openstack.org/#/c/224126/ is in merge conflict | 19:12 |
diazjf | anyone know whats going on with "gate-tempest-dsvm-neutron-src-python-barbicanclient", just failed again on arunkant 's new patch | 19:18 |
*** dimtruck is now known as zz_dimtruck | 19:22 | |
alee | redrobot, yeah -- I'm going to rebase now | 19:23 |
alee | although I could just end up rebaseing on top of dave-mccowan last patch | 19:24 |
alee | redrobot, shouldn't stop your review though .. | 19:24 |
dave-mccowan | alee fyi doug just workflowed my init patch | 19:25 |
alee | dave-mccowan, ok cool -- I will rebase on top of yours now then :) | 19:26 |
alee | dave-mccowan, any more of yours still out there? | 19:26 |
alee | dave-mccowan, if I'm gonna end up rebaseing in any case .. | 19:27 |
alee | dave-mccowan, can you fix https://review.openstack.org/#/c/224963 | 19:29 |
alee | and submit | 19:29 |
alee | dave-mccowan, thats the last relevant one, right? | 19:31 |
dave-mccowan | i think so. just the one change suggested by ozz? | 19:31 |
alee | yes | 19:31 |
alee | back to the old name | 19:32 |
alee | dave-mccowan, let me know when done | 19:33 |
diazjf | redrobot, thanks for the +A, know whats going on with https://review.openstack.org/#/c/218396/ I wanna get all the behavior stuff merged soon | 19:35 |
openstackgerrit | Dave McCowan proposed openstack/barbican: Clean up CAs Policy Rules https://review.openstack.org/224963 | 19:36 |
dave-mccowan | alee ^^ | 19:36 |
alee | dave-mccowan, thanks .. stand by .. rebasing in progress .. | 19:37 |
*** su_zhang_ has quit IRC | 19:42 | |
*** silos has left #openstack-barbican | 19:45 | |
alee | dave-mccowan, did your patch still have the populating of ca tables on ca controller startup? | 19:47 |
alee | dave-mccowan, I thought we decided not to do that? | 19:47 |
dave-mccowan | alee that's what we discussed, but in the end we merged as is. | 19:48 |
alee | dave-mccowan, ok - we might reconsider thatearly next week | 19:49 |
dave-mccowan | alee i think we're ok with start-up. it's not too early, and potentially the same time as waiting for customer input. | 19:49 |
alee | ok | 19:49 |
dave-mccowan | alee we might have a hole if the entries have expired. only get_cas and post_order refresh the table now. | 19:49 |
alee | dave-mccowan, rigth - lets revisit after my patch merges :) | 19:50 |
openstackgerrit | Merged openstack/barbican: Finish Initialization of CA Table when Barbican Starts https://review.openstack.org/224156 | 19:57 |
openstackgerrit | Merged openstack/barbican: Updates quota values to be read from conf file https://review.openstack.org/224903 | 20:01 |
alee | dave-mccowan, yeah - just a few merge conflicts .. | 20:01 |
dave-mccowan | alee big question, now that these are all smushed together... does it work? :-) how complete is the functional test coverage? | 20:02 |
alee | dave-mccowan, well its a lot beter than it was .. | 20:03 |
alee | dave-mccowan, let me get it all merged together first .. | 20:03 |
*** su_zhang has joined #openstack-barbican | 20:04 | |
alee | dave-mccowan, passed pep 8 and only fails 4 unit tests . fixing .. | 20:08 |
alee | dave-mccowan, ping | 20:14 |
alee | dave-mccowan, so I have a question about your init patch | 20:15 |
dave-mccowan | alee pong | 20:15 |
alee | in test_cas.py (unit test) | 20:15 |
alee | you define num_root_cas =2 | 20:15 |
alee | where is that used? | 20:15 |
dave-mccowan | alee i used it in a failed attempt at to help the tests count. it should be removed. i ended up, instead, filtering by plugin_name so the test's entries didn't conflict with each other. | 20:16 |
alee | ah I was wondering how you mananged to avoid worrying about this .. | 20:17 |
dave-mccowan | alee it was a pita. the tests would work for me locally and then fail in the gate. | 20:18 |
alee | yeah - because it depends on whats in the db to begin with | 20:18 |
alee | and that depends on what plugins are configured | 20:18 |
alee | in the dogtag ate ofr instance only dogtag is configured | 20:19 |
*** vivek-ebay has quit IRC | 20:20 | |
dave-mccowan | alee it seems what tests have run before and after might also be a factor, as far as i could tell | 20:20 |
alee | shouldn't be ... | 20:21 |
alee | but lets see .. | 20:21 |
*** ccneill has quit IRC | 20:33 | |
*** insequent has joined #openstack-barbican | 20:33 | |
openstackgerrit | Merged openstack/barbican: Cleanup Secrets created after Order functional tests https://review.openstack.org/224990 | 20:36 |
alee | dave-mccowan, unit tests pass .. | 20:37 |
dave-mccowan | alee woot! | 20:38 |
alee | dave-mccowan, now -funcrional tests .. | 20:39 |
openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/224598 | 20:41 |
*** ccneill has joined #openstack-barbican | 20:44 | |
*** chadlung has quit IRC | 20:48 | |
alee | dave-mccowan, looking good so far .. | 20:49 |
*** vivek-ebay has joined #openstack-barbican | 20:50 | |
alee | dave-mccowan, there is a problem I think | 20:51 |
alee | dave-mccowan, so I killed my database and then startup up the server | 20:52 |
alee | dave-mccowan, on startup , I get errors like .. | 20:52 |
alee | MissingArgumentError: Must supply non-None value argument for CertificateAuthorityMetadatum entry | 20:52 |
alee | dave-mccowan, which is presumably in the init code for the cas | 20:52 |
alee | ie. the controllers | 20:53 |
alee | dave-mccowan, and then my server does not come up | 20:53 |
dave-mccowan | alee yea, i've found to clean up i need to clean out the snake oil directory when i delete the database. | 20:53 |
alee | dave-mccowan, hmm .. | 20:54 |
alee | dave-mccowan, ok - we need to look into making that more robust .. | 20:55 |
dave-mccowan | alee +1 | 20:55 |
*** vivek-ebay has quit IRC | 20:57 | |
*** vivek-ebay has joined #openstack-barbican | 20:57 | |
dave-mccowan | alee what's the right answer for that? should snakeoil be able to recover old CAs without Barbican database entries? | 21:00 |
alee | dave-mccowan, sorry - just trying to get the patch out .. | 21:12 |
alee | dave-mccowan, maybe | 21:13 |
*** chlong has quit IRC | 21:14 | |
*** mragupat_ has joined #openstack-barbican | 21:42 | |
openstackgerrit | Ade Lee proposed openstack/barbican: Clean up CAs Policy Rules https://review.openstack.org/224963 | 21:42 |
openstackgerrit | Ade Lee proposed openstack/barbican: Fix ca related controllers https://review.openstack.org/224126 | 21:42 |
alee | dave-mccowan, ^^ | 21:42 |
alee | redrobot, ^^ | 21:43 |
alee | dave-mccowan, going for a quick run -- hopefully the tests will pass. | 21:43 |
alee | redrobot, looking to you to workflow please once it goes through | 21:44 |
*** mragupat has quit IRC | 21:46 | |
*** mragupat_ has quit IRC | 21:46 | |
*** mragupat has joined #openstack-barbican | 21:47 | |
*** chadlung has joined #openstack-barbican | 21:48 | |
*** ccneill has quit IRC | 21:53 | |
*** chadlung has quit IRC | 21:55 | |
*** pglass has quit IRC | 21:59 | |
*** su_zhang has quit IRC | 22:02 | |
*** edtubill has left #openstack-barbican | 22:02 | |
*** su_zhang has joined #openstack-barbican | 22:04 | |
*** xaeth is now known as xaeth_afk | 22:05 | |
*** igueths has quit IRC | 22:11 | |
*** mragupat has quit IRC | 22:12 | |
openstackgerrit | Merged openstack/barbican: Completes localization of the api directory structure https://review.openstack.org/220291 | 22:19 |
*** chadlung has joined #openstack-barbican | 22:21 | |
openstackgerrit | Merged openstack/barbican: Updated from global requirements https://review.openstack.org/224598 | 22:21 |
*** ptoohill is now known as pc-pothole | 22:29 | |
*** nelsnelson has quit IRC | 22:38 | |
*** spotz is now known as spotz_zzz | 22:40 | |
*** chadlung has quit IRC | 22:42 | |
*** openstackgerrit has quit IRC | 22:46 | |
*** openstackgerrit has joined #openstack-barbican | 22:46 | |
alee | dave-mccowan, redrobot my patch passed gate - ship it please! | 22:57 |
alee | woodster_, ^^ | 22:57 |
alee | https://review.openstack.org/#/c/224126 | 22:58 |
alee | dave-mccowan, woodster_ redrobot ^^ | 22:58 |
redrobot | alee the parent commit is failing the py27 gate | 22:58 |
redrobot | alee https://review.openstack.org/#/c/224963/5 | 22:58 |
alee | aargh - thats like a 5 line patch .. | 22:59 |
alee | redrobot, coverage is messed up for some unknown reason - looks like it did not even run | 23:00 |
alee | py27 failure is quota tests -- dave-mccowan ^^ | 23:01 |
alee | rechecking .. | 23:02 |
*** diazjf has quit IRC | 23:08 | |
*** kebray has quit IRC | 23:09 | |
dave-mccowan | alee looks like you accidentally changed that patch. patch #4 was OK and had workflow, and they you uploaded patch set #5 | 23:19 |
redrobot | dave-mccowan patches 4 and 5 look the same to me. :-\ | 23:23 |
dave-mccowan | redrobot. yea. i must have been looking at the wrong CR. derp. | 23:26 |
redrobot | it's weird that one patch would pass but not the other... | 23:27 |
dave-mccowan | the current job passed both unit and coverage this time. we just have to wait for the devstack runs. | 23:33 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!