Thursday, 2016-10-06

klindgren	question for other ops - anyone feel like openstack clients --debug printing of the username/password parameters is a LOL WTActualF	00:02
klindgren	feature.	00:02
xavpaice	wow	00:03
* xavpaice goes and has a go		00:03
xavpaice	yup, there it is.	00:04
xavpaice	LOL WTActualF indeed	00:04
klindgren	yea - this bit me yesterday internally	00:04
xavpaice	pastebin?	00:04
klindgren	internal slack - but might as well have been	00:04
xavpaice	there's parts of the output that are clean - "'password': '***'" from an 'openstack --debug token issue'	00:05
klindgren	ok filling a bug. As I dont think users/ops expect that doing debug would send their password in clear text to the console. Thats ripe for cred leakage	00:06
xavpaice	yeah, it's bound to bite others, just that some wouldn't notice	00:06
klindgren	even -vv does it	00:06
*** jamesden_ has quit IRC		00:07
xavpaice	seems to be just the auth_config_hook(): bit of it that's not clean	00:08
*** paulobanon has quit IRC		00:09
klindgren	I see it in two spots in the output. 1.) in the options: Namespace bit 2.) in the Using paramaters bit	00:11
*** paulobanon has joined #openstack-operators		00:11
xavpaice	ouchy	00:11
*** ducttape_ has quit IRC		00:12
klindgren	and again in the defaults: under options	00:12
klindgren	https://bugs.launchpad.net/python-openstackclient/+bug/1630822	00:22
openstack	Launchpad bug 1630822 in python-openstackclient "Debug and -vv outputs user password in plain text" [Undecided,New]	00:22
*** markvoelker has joined #openstack-operators		00:22
*** emagana has quit IRC		00:27
*** markvoelker has quit IRC		00:27
*** Vinsh has joined #openstack-operators		00:33
*** emagana has joined #openstack-operators		00:33
*** ducttape_ has joined #openstack-operators		00:37
*** emagana has quit IRC		00:38
*** VW has joined #openstack-operators		00:42
mriedem	klindgren: which version?	00:43
klindgren	1.7.2	00:43
*** emagana has joined #openstack-operators		00:44
mriedem	ok so liberty	00:44
klindgren	xavpaice, what is your version?	00:44
xavpaice	openstackclient - 3.2.0	00:45
*** emagana has quit IRC		00:45
mriedem	so newton	00:46
*** emagana_ has joined #openstack-operators		00:46
mriedem	ok, so not fixed yet i guess	00:46
*** VW has quit IRC		00:47
*** dtrainor has quit IRC		00:47
*** emagana_ has quit IRC		00:47
klindgren	hrm	00:51
klindgren	this was suppose to be fixed in 2015-10-15	00:52
klindgren	https://review.openstack.org/#/c/233271/	00:52
mriedem	hmm https://github.com/openstack/python-openstackclient/commit/f0a81c284d2f533e0fe8adc747c5bd0532a7684f	00:53
mriedem	yup	00:53
xavpaice	https://review.openstack.org/#/c/233271/7/openstackclient/common/clientmanager.py line 170?	00:53
klindgren	yea	00:53
mriedem	note that was released in 1.8.0	00:54
mriedem	so didn't make liberty	00:54
mriedem	and for whatever reason they didn't backport it	00:54
klindgren	but its showing up in 3.2.0	00:54
mriedem	that code lives in osc_lib now	00:54
klindgren	with xav	00:54
mriedem	http://git.openstack.org/cgit/openstack/osc-lib/tree/osc_lib/shell.py#n366	00:54
xavpaice	I'd paste, but my password is in there ;)	00:54
*** zul has joined #openstack-operators		00:55
klindgren	guessing: http://git.openstack.org/cgit/openstack/osc-lib/tree/osc_lib/shell.py#n400	00:56
*** Hosam has quit IRC		00:57
klindgren	atleast under my old versions it was in options:, default: and paramaters sections	00:57
*** Hosam has joined #openstack-operators		00:57
*** Apoorva_ has joined #openstack-operators		00:58
*** Apoorva has quit IRC		01:01
mriedem	i've cherry picked back at least the change above to liberty	01:01
mriedem	i don't have a master devstack up to check out the 3.2.0 issue	01:01
*** Hosam has quit IRC		01:01
* mriedem stacks		01:02
xavpaice	I'm just using a client installed in a venv, from pip, with an elderly openstack	01:02
xavpaice	output is in the bug, but scrubbed a bit	01:02
*** dtrainor has joined #openstack-operators		01:02
*** Apoorva_ has quit IRC		01:03
mriedem	xavpaice: klindgren: http://git.openstack.org/cgit/openstack/python-openstackclient/tree/openstackclient/common/client_config.py#n183	01:04
mriedem	and http://git.openstack.org/cgit/openstack/osc-lib/tree/osc_lib/cli/client_config.py#n148	01:04
klindgren	if LOG.debug or LOG.INFO strutils.mask_password(self.<thingbeing printed>)	01:07
*** zul has quit IRC		01:08
*** emagana has joined #openstack-operators		01:10
mriedem	pushing the openstackclient patch after pep8 finishes	01:10
*** zul has joined #openstack-operators		01:12
mriedem	https://review.openstack.org/382699	01:12
mriedem	xavpaice: can you test ^ ?	01:12
*** emagana has quit IRC		01:14
xavpaice	hold the line caller..	01:15
mriedem	ditto	01:18
mriedem	https://review.openstack.org/382701	01:18
xavpaice	https://review.openstack.org/382699 doesn't do it	01:18
xavpaice	sorry that was unclear - it doesn't fix the issue	01:19
mriedem	ah yeah i see	01:21
xavpaice	also https://review.openstack.org/382701 doesn't change the output - still see my password	01:22
mriedem	yeah i hit the wrong thing	01:22
mriedem	weird, does --mask change anything by chance?	01:23
mriedem	actually that defaults to True so shouldn't be a problem	01:24
mriedem	seems like it's something in os-client-config	01:31
* xavpaice upgrades		01:33
xavpaice	same issue with os-client-config 1.21.1	01:33
mriedem	yeah idk, i'm not real familiar with osc	01:34
mriedem	i thought that auth_config_hook debug log was the ticket	01:34
xavpaice	well, it's all good info collecting	01:34
mriedem	xavpaice: how did you test it? pull the change down and rebuild the venv?	01:34
xavpaice	hacky hacky edit the code with vi	01:36
xavpaice	dirty, but it's easy to rebuild the venv if I break stuff	01:36
xavpaice	heck, hang on a bit, I need to re-try some of those tests	01:38
xavpaice	:/	01:38
mriedem	no you're right, it doesn't fix it	01:40
mriedem	i have the recreate locally	01:40
xavpaice	just retested, same	01:41
mriedem	xavpaice: it's osc_lib	01:49
mriedem	http://paste.openstack.org/show/584600/	01:50
mriedem	i injected an exception in auth_config_hook in osc-lib	01:50
mriedem	that's the "raise Exception(str(config))" part	01:50
xavpaice	nice	01:51
xavpaice	by jove, you've got it	01:54
mriedem	sweet	01:55
xavpaice	https://review.openstack.org/#/c/382701/1 - when I test it correctly - fixes it	01:55
mriedem	cool	01:55
xavpaice	(apologies for busted testing)	01:55
mriedem	probably doesn't hurt to have both	01:55
mriedem	np	01:55
xavpaice	indeed	01:55
mriedem	it's duplicated code for now as they are moving osc to use osc-lib	01:55
xavpaice	yeah, but the other change might fix things for the in-between versions	01:56
mriedem	yup	01:59
mriedem	i'll be backporting the osc one	01:59
mriedem	ok well that was fun, i'm going to try to do something non-work related for the last hour i have before bed	02:00
xavpaice	the trouble with timezones. Only 3pm here.	02:02
mriedem	heh	02:03
mriedem	i added the OSSA to this also	02:04
mriedem	so there is some awareness	02:04
xavpaice	yeah, that's entirely appropriate - nice job on such a fast fix, by the way	02:05
mriedem	thanks	02:06
mriedem	now i'm an osc ATC and can go to the pike summit!	02:06
*** mriedem has quit IRC		02:18
*** pontusf4 has quit IRC		02:33
*** pontusf4 has joined #openstack-operators		02:34
*** ducttape_ has quit IRC		02:51
*** maticue has quit IRC		02:55
*** VW has joined #openstack-operators		03:29
*** dtrainor has quit IRC		03:33
*** armax has quit IRC		03:41
*** armax has joined #openstack-operators		03:47
*** armax has quit IRC		04:02
*** armax has joined #openstack-operators		04:02
*** armax has quit IRC		04:03
*** markvoelker has joined #openstack-operators		04:25
*** markvoelker has quit IRC		04:30
*** sudswas__ has joined #openstack-operators		04:36
*** sudipto has joined #openstack-operators		04:36
*** VW has quit IRC		04:38
*** sudipto has quit IRC		04:42
*** sudswas__ has quit IRC		04:42
*** liverpooler has quit IRC		04:45
*** Rockyg has quit IRC		05:03
*** makowals has quit IRC		05:05
*** bjolo_ has joined #openstack-operators		05:06
*** admin0 has joined #openstack-operators		05:26
*** emagana has joined #openstack-operators		05:26
*** markvoelker has joined #openstack-operators		05:26
*** markvoelker has quit IRC		05:31
*** liverpooler has joined #openstack-operators		06:02
*** emagana has quit IRC		06:02
*** liverpooler has quit IRC		06:07
*** liverpooler has joined #openstack-operators		06:07
*** rcernin has joined #openstack-operators		06:15
*** makowals has joined #openstack-operators		06:19
*** markvoelker has joined #openstack-operators		06:27
*** simon-AS559 has joined #openstack-operators		06:30
*** markvoelker has quit IRC		06:32
*** VW has joined #openstack-operators		06:38
*** VW has quit IRC		06:43
*** simon-AS559 has quit IRC		06:49
*** mjrichardson has quit IRC		07:06
*** tesseract- has joined #openstack-operators		07:11
*** zeih has joined #openstack-operators		07:18
*** zeih has quit IRC		07:19
*** zeih has joined #openstack-operators		07:19
*** pcaruana has joined #openstack-operators		07:26
*** markvoelker has joined #openstack-operators		07:28
*** markvoelker has quit IRC		07:32
*** mjrichardson has joined #openstack-operators		07:35
*** simon-AS559 has joined #openstack-operators		07:38
*** jsheeren has joined #openstack-operators		07:38
*** bjolo_ has quit IRC		07:42
*** mjrichardson has quit IRC		07:47
*** racedo has quit IRC		07:53
*** mjrichardson has joined #openstack-operators		07:55
*** ducttape_ has joined #openstack-operators		07:56
*** racedo has joined #openstack-operators		07:57
*** ducttape_ has quit IRC		08:01
*** emagana has joined #openstack-operators		08:14
*** emagana has quit IRC		08:19
*** zeih has quit IRC		08:26
*** dbecker has joined #openstack-operators		08:27
*** derekh has joined #openstack-operators		08:38
*** dc_mattj has joined #openstack-operators		08:39
*** MrDanDan has joined #openstack-operators		08:50
*** ducttape_ has joined #openstack-operators		08:57
*** shintaro has joined #openstack-operators		09:00
*** racedo has quit IRC		09:01
*** ducttape_ has quit IRC		09:02
*** bjolo_ has joined #openstack-operators		09:02
*** racedo has joined #openstack-operators		09:03
*** zeih has joined #openstack-operators		09:04
*** racedo has quit IRC		09:04
*** racedo has joined #openstack-operators		09:12
*** saneax-_-\|AFK is now known as saneax		09:39
*** tholiv has joined #openstack-operators		09:51
*** ducttape_ has joined #openstack-operators		09:57
*** shintaro has quit IRC		10:00
*** ducttape_ has quit IRC		10:02
*** dc_mattj has quit IRC		10:03
*** dc_mattj has joined #openstack-operators		10:12
*** dc_mattj has quit IRC		10:27
*** pjm6 has quit IRC		10:54
*** pjm6 has joined #openstack-operators		10:54
*** ducttape_ has joined #openstack-operators		10:58
*** ducttape_ has quit IRC		11:03
*** d0ugal has quit IRC		11:05
*** jsheeren has quit IRC		11:05
*** d0ugal has joined #openstack-operators		11:06
*** RaginBajin has quit IRC		11:08
*** jsheeren has joined #openstack-operators		11:09
*** RaginBajin has joined #openstack-operators		11:10
*** RaginBajin has quit IRC		11:20
*** pasquier-s has quit IRC		11:20
*** RaginBajin has joined #openstack-operators		11:20
*** pasquier-s has joined #openstack-operators		11:20
*** tholiv has quit IRC		11:34
*** tholiv has joined #openstack-operators		11:34
*** dc_mattj has joined #openstack-operators		11:35
*** tholiv has quit IRC		11:36
*** tholiv has joined #openstack-operators		11:36
*** dc_mattj has quit IRC		11:42
*** racedo has quit IRC		11:49
*** tatwaffe has joined #openstack-operators		11:53
*** zeih has quit IRC		11:55
*** racedo has joined #openstack-operators		11:55
*** uxdanielle has quit IRC		11:56
*** ducttape_ has joined #openstack-operators		11:59
*** zeih has joined #openstack-operators		12:02
*** dc_mattj has joined #openstack-operators		12:03
*** ducttape_ has quit IRC		12:04
*** dc_mattj has quit IRC		12:09
*** ducttape_ has joined #openstack-operators		12:11
*** maticue has joined #openstack-operators		12:25
*** ducttape_ has quit IRC		12:30
*** markvoelker has joined #openstack-operators		12:31
*** ducttape_ has joined #openstack-operators		12:43
*** ducttape_ has quit IRC		12:47
*** liverpooler has quit IRC		12:56
*** zeih has quit IRC		13:05
*** ducttape_ has joined #openstack-operators		13:06
*** mriedem has joined #openstack-operators		13:16
*** VW_ has joined #openstack-operators		13:21
*** ducttape_ has quit IRC		13:28
*** jsheeren has quit IRC		13:29
*** zul has quit IRC		13:30
*** zul has joined #openstack-operators		13:33
mriedem	random question, how often do you use os-flavor-access?	13:35
mriedem	to give multiple tenants access to a private flavor	13:35
*** ducttape_ has joined #openstack-operators		13:58
*** dtrainor has joined #openstack-operators		14:05
*** dc_mattj has joined #openstack-operators		14:10
*** simon-AS559 has quit IRC		14:15
*** bjolo_ has quit IRC		14:18
*** dc_mattj has quit IRC		14:19
*** jamesdenton has joined #openstack-operators		14:22
*** liverpooler has joined #openstack-operators		14:23
*** dc_mattj has joined #openstack-operators		14:26
*** MrDanDan has quit IRC		14:29
*** dminer has joined #openstack-operators		14:30
*** dminer has left #openstack-operators		14:30
*** VW_ has quit IRC		14:31
*** dminer has joined #openstack-operators		14:31
*** VW has joined #openstack-operators		14:31
*** hj-hpe has joined #openstack-operators		14:37
*** dc_mattj has quit IRC		14:39
*** Hosam has joined #openstack-operators		14:40
*** Hosam_ has joined #openstack-operators		14:40
*** dc_mattj has joined #openstack-operators		14:43
*** Hosam has quit IRC		14:44
*** armax has joined #openstack-operators		14:54
*** DuncanT has quit IRC		14:55
*** bryan_att has quit IRC		14:55
*** peterjenkins_ has quit IRC		14:55
*** kelv has quit IRC		14:55
*** pkoraca has quit IRC		14:55
*** fyxim has quit IRC		14:55
*** dc_mattj has quit IRC		14:58
*** bdeschenes has joined #openstack-operators		15:03
*** marst has quit IRC		15:08
*** armax has quit IRC		15:10
*** peterjenkins_ has joined #openstack-operators		15:11
*** armax has joined #openstack-operators		15:11
*** nicodemus_ has joined #openstack-operators		15:11
*** fyxim has joined #openstack-operators		15:11
*** bryan_att has joined #openstack-operators		15:13
*** Hosam_ has quit IRC		15:13
*** Hosam has joined #openstack-operators		15:14
*** r-daneel has joined #openstack-operators		15:17
*** marst has joined #openstack-operators		15:19
*** Hosam has quit IRC		15:19
*** kelv has joined #openstack-operators		15:29
*** saneax is now known as saneax-_-\|AFK		15:29
*** DuncanT has joined #openstack-operators		15:36
*** ducttape_ has quit IRC		15:37
*** pkoraca has joined #openstack-operators		15:49
*** emagana has joined #openstack-operators		15:51
*** unrahul has quit IRC		15:52
*** unrahul has joined #openstack-operators		15:52
*** ducttape_ has joined #openstack-operators		15:52
klindgren	we dont use it very often	15:53
klindgren	however we are going to start doing it with baremetal	15:53
*** rcernin has quit IRC		16:01
mriedem	yeah that makes sense	16:03
openstackgerrit	Daniel Mellado proposed openstack/osops-tools-contrib: Add tox environement for ansible workloads https://review.openstack.org/383076	16:13
*** marst has quit IRC		16:20
*** marst has joined #openstack-operators		16:22
openstackgerrit	Daniel Mellado proposed openstack/osops-tools-contrib: Add tox environement for ansible workloads https://review.openstack.org/383076	16:24
*** ducttape_ has quit IRC		16:30
*** tesseract- has quit IRC		16:31
*** dminer has quit IRC		16:48
*** ducttape_ has joined #openstack-operators		16:54
*** Apoorva has joined #openstack-operators		16:54
*** derekh has quit IRC		16:56
*** Apoorva_ has joined #openstack-operators		17:01
*** Apoorva has quit IRC		17:04
*** Apoorva_ has quit IRC		17:05
*** saneax-_-\|AFK has quit IRC		17:07
*** Apoorva has joined #openstack-operators		17:12
*** saneax-_-\|AFK has joined #openstack-operators		17:18
*** emagana has quit IRC		17:20
*** Rockyg has joined #openstack-operators		17:23
*** Vinsh has quit IRC		17:41
*** simon-AS559 has joined #openstack-operators		17:41
*** Vinsh has joined #openstack-operators		17:41
*** priteau has joined #openstack-operators		18:01
*** emagana has joined #openstack-operators		18:34
*** saneax-_-\|AFK has quit IRC		18:41
*** saneax-_-\|AFK has joined #openstack-operators		18:44
*** simon-AS559 has quit IRC		18:49
*** harlowja has quit IRC		18:50
*** akijak has quit IRC		18:57
*** akijak has joined #openstack-operators		18:59
*** ducttape_ has quit IRC		19:09
*** maishsk has joined #openstack-operators		19:13
clayton	klindgren: yeah, that sort of thing is the reason why one of the asks at the ops meetup was the ability to grant flavor access with roles	19:15
klindgren	yea - can enforce some of that stuff with policy	19:16
klindgren	but policy violation are a real pain in the ass	19:16
klindgren	and imho are hacks to what people really want	19:16
clayton	how so?	19:16
klindgren	like we have a policy that a request must have an AZ in it to boot a vm	19:16
klindgren	which is enforced with policy, but if the end user doesn't supply one - they jsut get a 401 policy error	19:17
klindgren	without any details as to why	19:17
clayton	ah, I see what you mean	19:17
clayton	well, with flavors I would hope they just wouldn't show up in flavor list if they didn't have access	19:17
klindgren	they wouldn't but we could grant policy that only people with role blah can use flavor y	19:18
klindgren	but I dont think that would prevent people from seeing it as an option	19:18
klindgren	(currently)	19:18
klindgren	unless you went the private flavors route	19:18
*** racedo has quit IRC		19:19
clayton	right, that was the though, and use roles to grant people access, instead of specific tenants	19:19
clayton	it's a big pain in the ass to manage by tenant across multiple environments, since it wants the tenant by uuid, not by name	19:19
clayton	it'd be easier to grant a specific person the correct role in each environment	19:19
*** jsheeren has joined #openstack-operators		19:20
klindgren	yes	19:22
*** maishsk has quit IRC		19:33
*** ducttape_ has joined #openstack-operators		19:39
*** emagana_ has joined #openstack-operators		19:42
*** dalees has quit IRC		19:43
*** emagana has quit IRC		19:46
mriedem	does anyone here configure nova services with non-default rpc topics?	19:52
mriedem	because it's been proposed to remove that ability here https://review.openstack.org/#/c/351608/	19:52
mriedem	cburgess: jlk: klindgren: ^	19:53
jlk	I don't.	19:53
klindgren	I don't	19:53
cburgess	Fine with me	19:53
mriedem	ok, i think i know of maybe one thing that used this as a backdoor to run multiple computes with different virt drivers on the same host	19:54
cburgess	mriedem I just gave it a +1	19:54
mriedem	but that thing was crazy	19:54
cburgess	Yeah this seems like a bad option to begin with so I full support John's removal.	19:54
mriedem	+W	19:55
mriedem	thanks	19:55
*** dalees has joined #openstack-operators		19:56
*** Rockyg has quit IRC		19:58
jlk	maybe somebody is getting cute with rabbit load balancing and sharding?	20:06
*** jsheeren has quit IRC		20:07
*** harlowja has joined #openstack-operators		20:17
*** paramite has quit IRC		20:48
*** tholiv has quit IRC		20:48
*** tholiv has joined #openstack-operators		20:48
*** VW has quit IRC		20:53
*** tholiv has quit IRC		21:00
*** pilgrimstack1 has joined #openstack-operators		21:02
*** pilgrimstack has quit IRC		21:04
*** Apoorva_ has joined #openstack-operators		21:04
*** Apoorva has quit IRC		21:07
*** maticue has quit IRC		21:14
*** harlowja has quit IRC		21:17
*** bdeschenes has quit IRC		21:29
auggy	ooh while we're asking about nova options, i have a question... is anyone customizing mkisofs_cmd to something other than their OS's default ISO maker (eg, ubuntu - genisoimage; windows - mkisofs; etc..)	21:36
auggy	(for config drive)	21:37
auggy	context: http://docs.openstack.org/user-guide/cli-config-drive.html	21:37
*** mriedem has quit IRC		21:38
*** harlowja has joined #openstack-operators		21:39
*** harlowja has quit IRC		21:39
jlk	no	21:39
*** VW has joined #openstack-operators		21:39
*** harlowja has joined #openstack-operators		21:39
auggy	cool, i'll post to the ML too but i thought i'd vet it here first	21:42
auggy	jlk: do you know of any valid use case for why someone would need to modify this value to something other than their OS's preferred iso utility?	21:43
*** rcernin has joined #openstack-operators		21:47
*** simon-AS559 has joined #openstack-operators		21:49
*** hj-hpe has quit IRC		21:51
jlk	struggling to think of one	21:52
jlk	maybe they have to patch it somehow? But they couldn't they replace the standard path?	21:52
*** marst has quit IRC		21:54
*** bdeschenes has joined #openstack-operators		21:55
rcernin	what channel is dedicated to openstackclient guys? is there any?	21:57
*** ducttape_ has quit IRC		21:58
*** rcernin has quit IRC		21:59
*** rcernin has joined #openstack-operators		21:59
*** nicodemus_ has quit IRC		22:03
*** admin0 has quit IRC		22:05
*** Apoorva_ has quit IRC		22:12
*** Apoorva has joined #openstack-operators		22:13
*** jamesdenton has quit IRC		22:14
serverascode	lol maybe being clever with test openstack deployment passwords is not so clever: https://bugs.launchpad.net/oslo.config/+bug/1577731 I was using "0pen$stack" as a rabbit password	22:15
openstack	Launchpad bug 1577731 in shaker "NoSuchOptError: no such option in group DEFAULT: os_password" [Medium,Triaged]	22:15
*** bdeschenes has quit IRC		22:15
rcernin	guys what is the right openstackclient channel on #irc?	22:20
auggy	jlk: thanks, you're probably right but figured i'd do my due diligence ;)	22:21
auggy	rcernin: you want #openstack-sdk	22:22
auggy	rcernin: i'm full of lies, sorry let me check the spelling	22:23
auggy	rcernin: #openstack-sdks	22:23
auggy	forgot an s there hehe	22:23
rcernin	auggy: thank you	22:25
*** VW has quit IRC		22:33
*** TonyXu has quit IRC		22:41
*** TonyXu has joined #openstack-operators		22:42
*** ducttape_ has joined #openstack-operators		22:49
*** saneax-_-\|AFK is now known as saneax		23:12
*** priteau has quit IRC		23:26
*** mriedem has joined #openstack-operators		23:26
*** VW has joined #openstack-operators		23:29
*** rcernin has quit IRC		23:36
*** ducttape_ has quit IRC		23:44
*** ducttape_ has joined #openstack-operators		23:46
*** pcaruana has quit IRC		23:55

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!