Wednesday, 2016-02-03

« Tuesday, 2016-02-02 Index Thursday, 2016-02-04 »
*** jamielennox|away is now known as jamielennox00:02
*** zz_dimtruck is now known as dimtruck00:11
*** pdesai has quit IRC00:12
*** rellerreller has joined #openstack-barbican00:16
*** edtubill has joined #openstack-barbican00:21
redrobotarunkant workflowed.  also, the agenda is open for anyone to add discussion items: https://wiki.openstack.org/wiki/Meetings/Barbican#Agenda00:24
*** jamielennox is now known as jamielennox|away00:38
*** jamielennox|away is now known as jamielennox00:39
arunkantredrobot: thanks. Will add discussion item for next week.00:42
*** edtubill has quit IRC00:54
*** cheneydc has joined #openstack-barbican00:57
*** ccneill has quit IRC00:58
openstackgerritMerged openstack/barbican: Addressing error by clearing sqlalchemy session leak  https://review.openstack.org/26335800:59
*** spotz is now known as spotz_zzz01:00
*** rellerreller has quit IRC01:11
*** fnaval has quit IRC01:13
openstackgerritFernando Diaz proposed openstack/castellan: Introduce Castellan Credential Factory  https://review.openstack.org/27386301:23
openstackgerritFernando Diaz proposed openstack/castellan: Allow Barbican Key Manager to accept different auth credentials  https://review.openstack.org/27387201:23
*** jamielennox is now known as jamielennox|away01:30
*** dimtruck is now known as zz_dimtruck01:40
*** zz_dimtruck is now known as dimtruck01:47
*** su_zhang has quit IRC01:48
*** kebray has joined #openstack-barbican01:59
*** kebray has quit IRC02:03
*** kebray has joined #openstack-barbican02:04
*** fnaval has joined #openstack-barbican02:29
*** jamielennox|away is now known as jamielennox02:31
*** woodster_ has joined #openstack-barbican02:37
*** dimtruck is now known as zz_dimtruck02:41
*** zz_dimtruck is now known as dimtruck02:42
openstackgerritFernando Diaz proposed openstack/castellan: Allow Barbican Key Manager to accept different auth credentials  https://review.openstack.org/27387203:06
*** fnaval_ has joined #openstack-barbican03:09
*** fnaval has quit IRC03:12
*** yuanying_ has quit IRC03:20
*** yuanying has joined #openstack-barbican03:24
*** gyee has quit IRC03:28
*** gyee has joined #openstack-barbican03:38
*** Nirupama has joined #openstack-barbican03:48
openstackgerritMerged openstack/barbican: Python 3 deprecated the logger.warn method in favor of warning  https://review.openstack.org/26265903:48
*** pdesai has joined #openstack-barbican03:59
*** diazjf has quit IRC04:01
*** yuanying has quit IRC04:06
*** gyee has quit IRC04:07
*** yuanying has joined #openstack-barbican04:07
*** jamielennox is now known as jamielennox|away04:09
*** su_zhang has joined #openstack-barbican04:13
*** su_zhang has quit IRC04:15
*** su_zhang has joined #openstack-barbican04:16
*** sidx64 has joined #openstack-barbican04:17
*** su_zhang_ has joined #openstack-barbican04:26
*** su_zhang has quit IRC04:27
*** dimtruck is now known as zz_dimtruck04:29
*** diazjf has joined #openstack-barbican04:32
*** diazjf has quit IRC04:33
*** diazjf has joined #openstack-barbican04:35
*** fnaval_ has quit IRC04:50
*** fnaval has joined #openstack-barbican04:54
*** fnaval has quit IRC04:54
*** fnaval has joined #openstack-barbican04:54
*** Nirupama has quit IRC05:07
*** Nirupama has joined #openstack-barbican05:22
*** diazjf has quit IRC05:47
*** pdesai has quit IRC06:00
*** woodster_ has quit IRC06:16
*** dave-mccowan has quit IRC06:48
*** lbragstad has quit IRC07:16
*** lbragstad has joined #openstack-barbican07:21
*** spotz_zzz is now known as spotz07:34
*** spotz is now known as spotz_zzz07:35
*** spotz_zzz is now known as spotz07:35
*** spotz is now known as spotz_zzz07:57
*** su_zhang_ has quit IRC08:33
*** jaosorior has joined #openstack-barbican08:39
*** Nirupama has quit IRC08:58
*** Nirupama has joined #openstack-barbican09:14
*** chlong has quit IRC09:20
*** jaosorior has quit IRC09:53
*** jaosorior has joined #openstack-barbican09:54
*** cheneydc has quit IRC10:02
*** jaosorior has quit IRC10:09
*** jaosorior has joined #openstack-barbican10:16
*** sidx64 has quit IRC10:51
*** spotz_zzz is now known as spotz10:52
*** jaosorior has quit IRC10:58
*** jaosorior has joined #openstack-barbican10:59
*** spotz is now known as spotz_zzz11:15
*** jaosorior has quit IRC11:21
*** spotz_zzz is now known as spotz11:57
*** spotz is now known as spotz_zzz12:08
*** zz_dimtruck has quit IRC12:15
-openstackstatus- NOTICE: Infra running with lower capacity now, due to a temporary problem affecting one of our nodepool providers. Please expect some delays in your jobs. Apologies for any inconvenience caused.12:39
*** jaosorior has joined #openstack-barbican12:57
*** openstackgerrit has quit IRC13:02
*** openstackgerrit has joined #openstack-barbican13:03
*** Nirupama has quit IRC14:05
*** Kevin_Zheng has joined #openstack-barbican14:07
*** dave-mccowan has joined #openstack-barbican14:20
*** krotscheck1 has joined #openstack-barbican14:21
krotscheck1I've got a review that's been around for 2 months without a lot of attention, can I get some cores to look at it? https://review.openstack.org/#/c/255364/14:22
*** su_zhang has joined #openstack-barbican14:23
jaosoriorkrotscheck1: Just a quick question. CORS middleware will block all headers that are not in that list, right? Including X-Forwarded-Proto14:26
krotscheck1jaosorior: It won't block- it will simply not permit an x-domain browser request if that header is present.14:28
krotscheck1jaosorior: I mean: It won't filter out headers that aren't permitted.14:29
krotscheck1jaosorior: It will just not decorate the response with the things that tell the browser it's allowed to make the request.14:29
jaosoriorkrotscheck1: Done14:32
krotscheck1jaosorior: WOO! Thanks :)14:32
*** edtubill has joined #openstack-barbican14:36
*** jmckind has joined #openstack-barbican14:38
jaosoriorredrobot: Are you around>14:51
jaosorior?14:51
*** sidx64 has joined #openstack-barbican14:54
*** spotz_zzz is now known as spotz15:03
openstackgerritElvin Tubillara proposed openstack/barbican-specs: Create blueprint for restoring secrets  https://review.openstack.org/26703015:04
openstackgerritElvin Tubillara proposed openstack/barbican-specs: Blueprint for making soft deletions optional  https://review.openstack.org/26703415:04
*** sidx64_Cern has joined #openstack-barbican15:07
*** sid_cerner has joined #openstack-barbican15:09
*** sidx64 has quit IRC15:11
*** sidx64_Cern has quit IRC15:13
*** mp1 has joined #openstack-barbican15:31
*** sidx64_Cern has joined #openstack-barbican15:33
*** sid_cerner has quit IRC15:37
*** dimtruck has joined #openstack-barbican15:42
*** jhfeng has joined #openstack-barbican16:00
*** diazjf has joined #openstack-barbican16:03
*** woodster_ has joined #openstack-barbican16:05
jaosoriorredrobot: ping16:05
redrobotjaosorior pong16:05
jaosoriorredrobot: Hey dude, so pretty much. So then Arun is gonna work on enabling multiple endpoints for barbican then?16:06
redrobotjaosorior yeah, it appears that having multiple endpoints is a requirement for him, and running two sets of API nodes with different configurations is not acceptable to his ops team.16:07
jaosoriorredrobot: that makes sense. So what do we do with our patches then? They do pretty much the same thing16:07
redrobotjaosorior I don't think we need to wait on that work to land either patch.  I'd rather fix the inconsistency now, and let arunkant take his time to implement something that works for him.16:08
redrobotjaosorior want to review mine?  I can probably get woodster_ to take a look at it as well16:09
jaosoriorredrobot: Honestly I rather have the patch I did land, since it removes the unused parameter from the function.16:10
redrobotjaosorior sounds good, want to remove the WIP?16:10
redrobotjaosorior I'll +2 and get woodster_ to take a look at it as well.16:10
arunkantredrobot, jaosorior : Actually for supporting multiple endpoint, there is nothing do we done, if just follow what's currently done in version side..is done on href side16:11
redrobotarunkant I thought I explained yesterday why the way that versions is handled is a problem16:11
jaosoriorarunkant: What about the host_href that is currently being returned?16:11
arunkantversion side of code already works for multiple endpoint16:11
redrobotarunkant i'm running barbican inside a container16:11
redrobotarunkant and versions does not work for me16:12
redrobotarunkant because of the way that docker handles the network16:12
redrobotarunkant I would prefer for you to implement something like the Keystone solution that you linked yesterday16:13
jaosoriorarunkant: Seems to me that the real solution for handling multiple endpoints is to support something similar like public_endpoint and internal_endpoint options, but this also needs to be reflected in the secret's href that is returned from the barbican side16:13
redrobotarunkant so that the endpoints are set in conf, instead of depending on the environment, because env assumptions are not going to be consistent for every possible deployment.16:13
arunkantredrobot: But then there is no possible solution which works for dokcer container setup and other kind of setup. We will need to pass header from proxy to differentiate internal and public endpoint.16:13
jaosoriorarunkant: Yeah, we probably should be using X-Forwarded16:14
redrobotjaosorior +116:14
jaosoriorwhich is what I do for other services. But it seems to me that the easiest thing is to get the endpoint type from the keystone context, and then use the configuration accordingly16:14
arunkantjaosorior: Yes..that's the way it currently works with X-Forwarded-For and X-Forwarded-Proto header for version logic16:15
redrobotarunkant whatever the solution is, it HAS to work for containers.16:15
* redrobot thinks containers are the future! ;)16:16
arunkantjaosorior: Call is coming from client, I don't think keystone provides anything related to endpoint_type in token validation response16:16
jaosoriorredrobot, arunkant: a middleground would be to add a config option that tells the server what to use. Either the solution that's there now, or the host_href16:16
redrobotjaosorior i'd be ok with that...  I still insist we need to fix the version inconsistency now.  and then implement something that works for both arunkant and I16:17
arunkantjaosorior: +1, yes..that's what keystone currently has16:17
arunkantredrobot: Okay...yes..that will work for me..if that is an acceptable option. I can add the fix for that in coming weeks.16:18
jaosoriorredrobot: Lets get your commit merged, in that case, the request's url will still be present there, so then a config option can be added easily that will use the url if set16:19
arunkantredrobot: Are you going to be okay for adding this as  bug fix in that manner ? I have bug for that..https://bugs.launchpad.net/barbican/+bug/154111816:20
openstackLaunchpad bug 1541118 in Barbican "Barbican single host setting does not work with internal and public endpoints" [Undecided,New]16:20
*** silos has joined #openstack-barbican16:20
*** diazjf has quit IRC16:21
jaosoriorredrobot, arunkant: Oh, I see mine merged. Anyway, now it's a matter of fixing the bug report you added.16:21
*** diazjf has joined #openstack-barbican16:22
jaosoriorarunkant: And you're right, keystone context doesn't have information about the endpoint type. The way they do it is that they have different configuration for the versions resource depending on which endpoint was accessed16:22
openstackgerritChristopher Solis proposed openstack/barbican-specs: Add a KMIP key manager interface in Castellan  https://review.openstack.org/24654616:22
arunkantjaosorior: Okay..yes I looked into this other day.16:22
jaosoriorarunkant: Yeah... so the fact that barbican secrets are always returned with the public endpoint prepended is not a problem for you?16:25
jaosoriorbrb16:26
*** pwp has joined #openstack-barbican16:27
jaosoriorwooster_, redrobot: Anyway, thanks for the reviews16:31
edtubillwoodster_: can you review this when you have time? https://review.openstack.org/#/c/269903/16:32
*** sid_cerner has joined #openstack-barbican16:40
*** sidx64_Cern has quit IRC16:45
*** tonyb has quit IRC16:45
*** tonyb has joined #openstack-barbican16:46
*** ccneill has joined #openstack-barbican16:49
*** sidx64 has joined #openstack-barbican16:51
*** su_zhang has quit IRC16:53
*** sid_cerner has quit IRC16:54
*** pwp has quit IRC16:56
*** pwp has joined #openstack-barbican16:57
openstackgerritMerged openstack/barbican: Use host href for version discovery  https://review.openstack.org/27389517:01
*** gyee has joined #openstack-barbican17:01
*** mp1 has quit IRC17:01
*** jmckind has quit IRC17:06
*** mp1 has joined #openstack-barbican17:06
openstackgerritMerged openstack/barbican: Add missing database constraints and defaults  https://review.openstack.org/27427617:10
*** jmckind has joined #openstack-barbican17:13
*** jmckind has quit IRC17:33
*** alee has joined #openstack-barbican17:33
*** pwp has quit IRC17:34
*** mp1 has quit IRC17:36
*** mp1 has joined #openstack-barbican17:37
*** sidx64 has quit IRC17:38
*** sidx64_Cern has joined #openstack-barbican17:38
*** pwp has joined #openstack-barbican17:38
*** fnaval has quit IRC17:43
*** pwp has quit IRC17:43
*** jaosorior has quit IRC17:46
*** pdesai has joined #openstack-barbican17:50
*** jorge_munoz has quit IRC17:59
*** su_zhang has joined #openstack-barbican17:59
*** su_zhang has quit IRC18:01
*** su_zhang has joined #openstack-barbican18:02
*** fnaval has joined #openstack-barbican18:03
*** diazjf has quit IRC18:04
*** silos has quit IRC18:04
*** fnaval_ has joined #openstack-barbican18:05
*** alee has quit IRC18:06
*** su_zhang has quit IRC18:07
*** su_zhang_ has joined #openstack-barbican18:07
jkfAny cores around who can workflow this bug fix of mine? https://review.openstack.org/#/c/27057218:07
*** mp1 has quit IRC18:08
*** fnaval has quit IRC18:08
*** sidx64_Cern has quit IRC18:09
*** su_zhang_ has quit IRC18:39
*** su_zhang has joined #openstack-barbican18:40
*** mp1 has joined #openstack-barbican18:45
*** diazjf has joined #openstack-barbican18:49
openstackgerritFernando Diaz proposed openstack/barbican: WIP: User Metadata API and tests  https://review.openstack.org/27588518:50
*** silos has joined #openstack-barbican18:52
*** diazjf has quit IRC19:08
*** kebray has quit IRC19:09
*** jmckind has joined #openstack-barbican19:11
*** fnaval_ is now known as fnaval19:12
*** kebray has joined #openstack-barbican19:15
*** jsavak has joined #openstack-barbican19:20
*** su_zhang has quit IRC19:32
*** su_zhang has joined #openstack-barbican19:33
*** su_zhang has quit IRC19:33
*** su_zhang has joined #openstack-barbican19:34
*** pwp has joined #openstack-barbican19:34
*** pwp has quit IRC19:36
*** su_zhang has quit IRC19:40
*** mp1 has quit IRC19:40
*** pwp has joined #openstack-barbican19:40
*** pwp has quit IRC19:40
*** krotscheck1 is now known as krotscheck_dcm19:42
*** silos has quit IRC19:42
*** silos has joined #openstack-barbican19:43
*** mp1 has joined #openstack-barbican19:43
*** su_zhang has joined #openstack-barbican19:46
*** kebray has quit IRC19:57
*** jsavak has quit IRC19:58
*** kebray has joined #openstack-barbican19:59
*** diazjf has joined #openstack-barbican20:08
*** diazjf has quit IRC20:09
*** diazjf has joined #openstack-barbican20:18
*** su_zhang has quit IRC20:40
openstackgerritElvin Tubillara proposed openstack/barbican: Simple soft deletion clean up for barbican-db-manage  https://review.openstack.org/26990320:47
*** su_zhang has joined #openstack-barbican20:48
*** rtmorgan has quit IRC21:00
*** diazjf has quit IRC21:02
*** edtubill has quit IRC21:05
*** su_zhang has quit IRC21:05
*** edtubill has joined #openstack-barbican21:05
*** jhfeng has quit IRC21:10
*** silos has quit IRC21:10
*** rtmorgan has joined #openstack-barbican21:16
*** su_zhang has joined #openstack-barbican21:17
*** rtmorgan has quit IRC21:20
*** rtmorgan has joined #openstack-barbican21:21
*** rtmorgan has quit IRC21:33
*** rtmorgan has joined #openstack-barbican21:34
*** edtubill has quit IRC21:39
*** su_zhang has quit IRC21:41
*** edtubill has joined #openstack-barbican21:50
*** edtubill has quit IRC21:50
*** lbragstad has left #openstack-barbican21:56
*** silos has joined #openstack-barbican21:56
*** edtubill has joined #openstack-barbican21:57
silosIf anyone has some free time to review, i'm trying to get this spec into mitaka: https://review.openstack.org/#/c/246546/21:58
edtubillping woodster_22:04
*** su_zhang has joined #openstack-barbican22:04
*** krotscheck_dcm has quit IRC22:17
*** krotscheck1 has joined #openstack-barbican22:17
*** su_zhang has quit IRC22:17
*** jhfeng has joined #openstack-barbican22:19
*** diazjf has joined #openstack-barbican22:21
*** rtmorgan has quit IRC22:37
*** rtmorgan has joined #openstack-barbican22:41
*** silos has left #openstack-barbican22:45
*** mp1 has quit IRC22:46
*** rtmorgan has quit IRC22:48
*** krotscheck1 has quit IRC22:49
*** alee has joined #openstack-barbican22:51
*** su_zhang has joined #openstack-barbican22:52
*** diazjf has quit IRC22:54
*** pdesai has quit IRC23:00
*** jmckind has quit IRC23:04
*** dave-mccowan has quit IRC23:08
*** alee has quit IRC23:17
*** jhfeng has quit IRC23:23
*** spotz is now known as spotz_zzz23:29
openstackgerritElvin Tubillara proposed openstack/barbican: Simple soft deletion clean up for barbican-db-manage  https://review.openstack.org/26990323:30
*** edtubill has quit IRC23:33
*** dave-mccowan has joined #openstack-barbican23:40
*** dimtruck is now known as zz_dimtruck23:42
*** jamielennox|away is now known as jamielennox23:47
*** yuanying has quit IRC23:54
*** yuanying has joined #openstack-barbican23:56
« Tuesday, 2016-02-02 Index Thursday, 2016-02-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!