| *** nkinder has quit IRC | 00:02 | |
| *** randallburt1 has quit IRC | 00:08 | |
| *** zz_dimtruck is now known as dimtruck | 00:22 | |
| *** david-lyle has quit IRC | 00:42 | |
| *** alee_ has quit IRC | 00:43 | |
| *** alee_ has joined #openstack-barbican | 00:55 | |
| *** woodster_ has quit IRC | 02:59 | |
| *** diazjf has joined #openstack-barbican | 03:16 | |
| *** diazjf has quit IRC | 03:20 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements https://review.openstack.org/336167 | 03:23 |
|---|---|---|
| *** jamielennox is now known as jamielennox|away | 03:43 | |
| *** nkinder has joined #openstack-barbican | 03:47 | |
| *** jamielennox|away is now known as jamielennox | 03:56 | |
| *** nkinder has quit IRC | 04:02 | |
| *** asingh has quit IRC | 04:25 | |
| *** jamielennox is now known as jamielennox|away | 04:35 | |
| *** jamielennox|away is now known as jamielennox | 04:42 | |
| *** dimtruck is now known as zz_dimtruck | 04:43 | |
| *** andreas_s has joined #openstack-barbican | 06:31 | |
| openstackgerrit | hongzhezheng proposed openstack/python-barbicanclient: Fix argument order for assertEqual to (expected, observed) https://review.openstack.org/338717 | 06:58 |
| *** jsheeren has joined #openstack-barbican | 07:10 | |
| openstackgerrit | Max Abidi proposed openstack/python-barbicanclient: Validate key order meta fields. https://review.openstack.org/320100 | 08:10 |
| *** openstackgerrit has quit IRC | 08:18 | |
| *** openstackgerrit has joined #openstack-barbican | 08:18 | |
| *** pcaruana has joined #openstack-barbican | 08:30 | |
| *** alee_ has quit IRC | 09:11 | |
| openstackgerrit | Jiong Liu proposed openstack/barbican: Barbican tests fail because of incomplete test dependencies https://review.openstack.org/329739 | 10:09 |
| openstackgerrit | Bin Zhou proposed openstack/barbican: Correct reraising of exception https://review.openstack.org/338866 | 10:56 |
| *** qwebirc82289 has joined #openstack-barbican | 12:16 | |
| *** alee has joined #openstack-barbican | 13:03 | |
| qwebirc82289 | hi everyone | 13:13 |
| qwebirc82289 | I am a university student and I configured barbicab with cinder and nova for Volume encryption. my question is: is it possible to rotate the key(s) used to encrypt the volume? how it works? | 13:13 |
| qwebirc82289 | can I set yearly rotation schedule? | 13:14 |
| *** woodster_ has joined #openstack-barbican | 13:21 | |
| *** jsheeren has quit IRC | 13:23 | |
| *** nkinder has joined #openstack-barbican | 13:32 | |
| *** zz_dimtruck is now known as dimtruck | 13:38 | |
| *** sigmavirus_away is now known as sigmavirus | 13:45 | |
| openstackgerrit | Jiong Liu proposed openstack/barbican: Move rabbit configurations to oslo_messaging_rabbit section https://review.openstack.org/328701 | 13:53 |
| *** dimtruck is now known as zz_dimtruck | 13:58 | |
| *** qwebirc82289 has quit IRC | 14:04 | |
| *** jmckind has joined #openstack-barbican | 14:08 | |
| *** alee_ has joined #openstack-barbican | 14:12 | |
| *** alee has quit IRC | 14:14 | |
| *** spotz_zzz is now known as spotz | 14:15 | |
| *** zz_dimtruck is now known as dimtruck | 14:21 | |
| *** spotz is now known as spotz_zzz | 14:32 | |
| *** spotz_zzz is now known as spotz | 14:44 | |
| *** randallburt has joined #openstack-barbican | 14:50 | |
| *** randallburt1 has joined #openstack-barbican | 14:52 | |
| *** randallburt has quit IRC | 14:54 | |
| *** dave-mccowan has joined #openstack-barbican | 14:59 | |
| *** rhagarty__ has quit IRC | 15:03 | |
| *** diazjf has joined #openstack-barbican | 15:03 | |
| alee_ | dave-mccowan, ping | 15:04 |
| alee_ | hyakuhei, ping | 15:04 |
| *** diazjf1 has joined #openstack-barbican | 15:05 | |
| dave-mccowan | alee_ hi ade | 15:05 |
| alee_ | dave-mccowan, hey - are you using barbican for encrypted volumes? | 15:06 |
| dave-mccowan | alee_ only as a proof of concept | 15:06 |
| alee_ | dave-mccowan, I'm just wondering what the latest config changes needed are for nova and cinder in order to work | 15:07 |
| alee_ | dave-mccowan, I remember making a bunch of changes , but was not sure if they were still all needed | 15:07 |
| *** diazjf has quit IRC | 15:08 | |
| dave-mccowan | alee_ i haven't tried in a while. i'm not sure if more is built-in now. | 15:11 |
| alee_ | dave-mccowan, specifically I remember doing this -- https://vakwetu.wordpress.com/2015/11/30/barbican-and-volume-encryption/ | 15:11 |
| alee_ | not sure if all the urls are needed -- well, guess I'll wait for kfarr | 15:12 |
| dave-mccowan | alee_ that's what i have too; i have the same config parameters in a devstack local.conf. i don't know if castellan integration has improved that since last year. | 15:16 |
| alee_ | dave-mccowan, thats what I was wondering .. anyways I'll start with that | 15:17 |
| *** andreas_s has quit IRC | 15:29 | |
| *** asingh has joined #openstack-barbican | 15:34 | |
| *** dimtruck is now known as zz_dimtruck | 15:40 | |
| *** pcaruana has quit IRC | 15:49 | |
| diazjf1 | alee_, kfarr, redrobot, added you to some talks. Make sure you add a picture and profile information. Feel free to edit the abstract as well. | 16:01 |
| alee_ | diazjf1, thanks - will do | 16:02 |
| diazjf1 | redrobot, I will be sending an email to the mailing list about the midcycle tonight or friday morning. Its been hard getting everything setup but I think it will go well :) | 16:03 |
| hyakuhei | whoot! | 16:03 |
| diazjf1 | hyakuhei, see you there man!! | 16:04 |
| hyakuhei | I’m very excited. So diazjf1 I can tell people to book plane tickets? | 16:05 |
| diazjf1 | hyakuhei, sure! It'll be in Austin for sure! If worst comes to worst we can do it at a coffee shop lol | 16:06 |
| hyakuhei | Excellent | 16:06 |
| hyakuhei | Walking around Austin in the middle of August. What could go wrong? | 16:06 |
| diazjf1 | hyakuhei, We have rooms booked, not the same room each day unfortunately. I still need to plan some "team-building" events, like visit the bars ;) | 16:07 |
| hyakuhei | wootles! | 16:08 |
| *** edtubill has joined #openstack-barbican | 16:29 | |
| *** asingh has quit IRC | 16:41 | |
| *** asingh has joined #openstack-barbican | 16:53 | |
| *** zz_dimtruck is now known as dimtruck | 17:20 | |
| *** diazjf1 has quit IRC | 17:20 | |
| *** edtubill has quit IRC | 17:45 | |
| *** catintheroof has joined #openstack-barbican | 17:53 | |
| *** alee_ is now known as alee_dinner | 17:56 | |
| *** alee_dinner has quit IRC | 18:04 | |
| *** jaosorior has joined #openstack-barbican | 18:08 | |
| *** alee_dinner has joined #openstack-barbican | 18:17 | |
| *** gyee has joined #openstack-barbican | 18:17 | |
| jaosorior | alee_dinner: ping | 18:20 |
| *** woodster_ has quit IRC | 18:49 | |
| *** diazjf has joined #openstack-barbican | 18:50 | |
| openstackgerrit | Pankaj Khandar proposed openstack/barbican: Insecure default PROTOCOL_TLSv1 version in KMIP plugin https://review.openstack.org/330688 | 18:59 |
| alee_dinner | jaosorior, yo | 19:04 |
| jaosorior | alee_dinner: no worries. Pinged ayoung instead. How's stuff there? | 19:04 |
| alee_dinner | same same .. you back? | 19:06 |
| *** alee_dinner is now known as alee | 19:06 | |
| alee | jaosorior, actually there might be smething you could help debug .. | 19:07 |
| jaosorior | alee: not really. Just needed to ping nkinder about some potential extra PTO in the end of July | 19:09 |
| jaosorior | I'm actually having some beers in a bar in Mexico :P | 19:09 |
| alee | jaosorior, :) | 19:09 |
| *** diazjf has quit IRC | 19:09 | |
| alee | jaosorior, I'm debugging openstack while watching football in a house in Rundu, namibia | 19:10 |
| *** diazjf has joined #openstack-barbican | 19:10 | |
| alee | jaosorior, any idea why barbican might be trying to connect to https:// for keystone when there appears to be nothing in the config file to specify that? | 19:11 |
| jaosorior | Check the keystone endpoint list | 19:12 |
| jaosorior | Might have https configured there | 19:12 |
| *** woodster_ has joined #openstack-barbican | 19:13 | |
| alee | jaosorior, yeah -- this is a puppet-barbican gate test | 19:15 |
| alee | jaosorior, in the test - keystone is set up without https | 19:15 |
| jaosorior | Where is barbican trying to use https to access keystone? Do you know if it's from the barbican client side or is it from the server? | 19:18 |
| jaosorior | Cause barbican client will initially access keystone to get the token | 19:18 |
| alee | jaosorior, it seems to be from the server | 19:19 |
| alee | jaosorior, I see it in the apache logs | 19:19 |
| jaosorior | And the configuration is http? | 19:20 |
| jaosorior | You know if something might be setting the X-Forwarded-For or X-Forwarded-Proto header? | 19:21 |
| alee | jaosorior, not sure -- looking to see if something is coming from client side .. | 19:22 |
| jaosorior | Is there a proxy in between? | 19:24 |
| alee | jaosorior, not sure | 19:25 |
| woodster_ | the gate doesn't use the keystone middleware for auth? | 19:27 |
| alee | woodster_, jaosorior so this is the gate job -- https://review.openstack.org/#/c/339028/ | 19:29 |
| alee | woodster_, jaosorior -- and this is how barbican is configured in the paste file: | 19:30 |
| alee | [filter:authtoken] | 19:30 |
| alee | paste.filter_factory = keystonemiddleware.auth_token:filter_factory | 19:30 |
| alee | project_domain_id=default | 19:30 |
| alee | project_name=services | 19:30 |
| alee | password=a_big_secret | 19:30 |
| alee | username=barbican | 19:30 |
| alee | user_domain_id=default | 19:30 |
| alee | auth_url=http://localhost:35357 | 19:30 |
| alee | jaosorior, still enjoyinhg that beer? | 19:31 |
| woodster_ | yeah so it should be using that auth_url there | 19:33 |
| alee | woodster_, am I missing something there -- identity_url or somesuch? | 19:33 |
| alee | woodster_, maybe something that for some reason is taking a default which has https? | 19:34 |
| woodster_ | well, I don't see any keystone setup stuff here now: https://github.com/openstack/barbican/blob/master/etc/barbican/barbican-api-paste.ini | 19:36 |
| * woodster_ I guess folks need to add that back when using keystone | 19:37 | |
| * woodster_ prefer to see commented out defaults in conf files | 19:38 | |
| jaosorior | Funky | 19:38 |
| jaosorior | I would need my machine to properly debug that | 19:38 |
| jaosorior | And yeah | 19:38 |
| jaosorior | Enjoying | 19:38 |
| jaosorior | https://usercontent.irccloud-cdn.com/file/0UAtALlt/irccloudcapture827033140.jpg | 19:38 |
| alee | jaosorior, nice | 19:44 |
| woodster_ | jaosorior: where is that? | 19:46 |
| jaosorior | Veracruz, Mexico | 19:47 |
| jaosorior | Gotta go | 19:53 |
| jaosorior | Have a good one! | 19:53 |
| alee | jaosorior, have fun! | 19:55 |
| *** edtubill has joined #openstack-barbican | 19:58 | |
| *** asingh has quit IRC | 20:17 | |
| *** asingh has joined #openstack-barbican | 20:18 | |
| openstackgerrit | Pankaj Khandar proposed openstack/barbican: Insecure default PROTOCOL_TLSv1 version in KMIP plugin https://review.openstack.org/330688 | 20:46 |
| *** diazjf has quit IRC | 20:46 | |
| *** diazjf has joined #openstack-barbican | 20:55 | |
| *** asingh has quit IRC | 21:17 | |
| *** jmckind has quit IRC | 21:25 | |
| *** edtubill has quit IRC | 21:32 | |
| *** ozialien10 has joined #openstack-barbican | 21:35 | |
| *** asingh has joined #openstack-barbican | 21:51 | |
| *** spotz is now known as spotz_zzz | 22:01 | |
| *** diazjf has quit IRC | 22:01 | |
| *** jaosorior has quit IRC | 22:04 | |
| openstackgerrit | Pankaj Khandar proposed openstack/barbican: Insecure default PROTOCOL_TLSv1 version in KMIP plugin https://review.openstack.org/330688 | 22:14 |
| *** sigmavirus is now known as sigmavirus_away | 22:20 | |
| *** ozialien10 has quit IRC | 22:22 | |
| *** dimtruck is now known as zz_dimtruck | 22:33 | |
| *** catintheroof has quit IRC | 22:40 | |
| *** edtubill has joined #openstack-barbican | 22:40 | |
| *** randallburt1 has quit IRC | 23:03 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!
