Tuesday, 2016-09-20

« Monday, 2016-09-19 Index Wednesday, 2016-09-21 »
*** austin987 has joined #openstack-security00:13
*** jamielennox is now known as jamielennox|away00:14
*** markvoelker has joined #openstack-security00:29
*** ccneill has quit IRC00:33
*** browne has quit IRC00:48
*** ccneill-phone has quit IRC01:15
*** diazjf has joined #openstack-security01:20
*** gfhellma has quit IRC01:20
*** vinaypotluri has quit IRC01:22
*** diazjf has quit IRC01:22
openstackgerritqinchunhua proposed openstack/bandit: Update flake8 ignore list  https://review.openstack.org/37281801:24
*** diazjf has joined #openstack-security01:36
*** diazjf has quit IRC01:38
*** salv-orl_ has joined #openstack-security01:42
*** nkinder has joined #openstack-security01:43
*** salv-orlando has quit IRC01:45
*** dikonoor has joined #openstack-security01:47
*** knangia has quit IRC01:51
*** markvoelker has quit IRC02:02
*** markvoelker has joined #openstack-security02:02
*** sdake has quit IRC02:06
*** sdake has joined #openstack-security02:06
*** sdake has quit IRC02:18
*** jamielennox|away is now known as jamielennox02:20
*** nkinder has quit IRC02:35
*** dave-mccowan has quit IRC02:41
*** zul has joined #openstack-security02:52
*** woodster_ has quit IRC03:00
*** markvoelker has quit IRC03:02
*** markvoelker has joined #openstack-security03:02
*** vinaypotluri has joined #openstack-security03:55
*** dikonoor has quit IRC04:43
*** sdake has joined #openstack-security04:46
*** markvoelker has quit IRC04:46
*** dikonoor has joined #openstack-security04:48
*** dikonoo has joined #openstack-security05:02
*** dikonoor has quit IRC05:05
*** dikonoor has joined #openstack-security05:16
*** dikonoo has quit IRC05:19
*** markvoelker has joined #openstack-security05:47
*** markvoelker has quit IRC05:52
*** dikonoor has quit IRC05:55
*** dikonoor has joined #openstack-security06:12
openstackgerritavnish proposed openstack/anchor: Update home page link in cfg file  https://review.openstack.org/37291906:19
*** markvoelker has joined #openstack-security06:48
*** pcaruana has joined #openstack-security06:50
*** markvoelker has quit IRC06:52
*** austin987 has quit IRC06:56
openstackgerritavnish proposed openstack/security-analysis: modify the home-page info with the developer documentation  https://review.openstack.org/37295907:03
*** knangia has joined #openstack-security07:13
*** rcernin has joined #openstack-security07:19
openstackgerritzhangyanxian proposed openstack/syntribos: A spelling mistake needs to be fixed  https://review.openstack.org/37298907:35
openstackgerritzhangyanxian proposed openstack/syntribos: A spelling mistake needs to be fixed  https://review.openstack.org/37298907:36
*** salv-orlando has joined #openstack-security07:42
*** vinaypotluri has quit IRC07:42
*** salv-orl_ has quit IRC07:44
*** markvoelker has joined #openstack-security07:49
*** markvoelker has quit IRC07:53
*** markvoelker has joined #openstack-security08:50
*** markvoelker has quit IRC08:54
*** knangia has quit IRC09:51
*** freerunner has quit IRC09:52
*** freerunner has joined #openstack-security09:52
openstackgerritTim Kelsey proposed openstack/bandit: Adding "input()" to the blacklist calls list  https://review.openstack.org/37239410:19
openstackgerritTim Kelsey proposed openstack/bandit: Adding test for assignment to __builtins__  https://review.openstack.org/37263310:24
*** dikonoor has quit IRC10:39
*** dikonoor has joined #openstack-security10:53
*** dikonoo has joined #openstack-security11:21
*** dikonoor has quit IRC11:22
*** dikonoo has quit IRC11:26
*** dikonoo has joined #openstack-security11:33
*** dave-mccowan has joined #openstack-security11:59
*** nkinder has joined #openstack-security12:09
*** edmondsw has joined #openstack-security12:12
*** markvoelker has joined #openstack-security12:24
*** ayoung has quit IRC12:30
*** _elmiko_ is now known as elmiko12:59
*** markd__ has joined #openstack-security13:07
*** markd__ has quit IRC13:08
*** liverpooler has quit IRC13:08
*** liverpooler has joined #openstack-security13:09
*** sdake has quit IRC13:17
*** jass93 has joined #openstack-security13:39
*** salv-orl_ has joined #openstack-security13:42
*** jass93 has quit IRC13:44
*** salv-orlando has quit IRC13:45
*** jass93 has joined #openstack-security13:45
*** sdake has joined #openstack-security13:49
*** mvaldes has joined #openstack-security13:50
*** cleong has joined #openstack-security13:58
*** markvoelker has quit IRC14:02
*** markvoelker has joined #openstack-security14:09
*** sdake_ has joined #openstack-security14:09
*** sdake has quit IRC14:11
*** woodster_ has joined #openstack-security14:12
*** ayoung has joined #openstack-security14:15
*** knangia has joined #openstack-security14:24
*** diazjf has joined #openstack-security14:26
*** diazjf has quit IRC14:34
*** jmckind has joined #openstack-security14:44
*** edtubill has joined #openstack-security14:57
*** dikonoo has quit IRC14:59
*** diazjf has joined #openstack-security15:03
*** mvaldes1 has joined #openstack-security15:09
*** mvaldes has quit IRC15:11
*** vinaypotluri has joined #openstack-security15:19
*** hongbin has joined #openstack-security15:21
hongbinhi security team, a question. if a user submit a private bug and attach patch in the private bug, how do i proceed with that bug/patch (not sure how to do code review outside of gerrit).15:23
*** jgrassler has joined #openstack-security15:24
*** diazjf has quit IRC15:36
*** diazjf has joined #openstack-security15:54
openstackgerritRahul U Nair proposed openstack/syntribos: Adding Template files for the compute service  https://review.openstack.org/37344316:06
*** browne has joined #openstack-security16:08
lhindshongbin: patches can be attached to launchpad for cores to look at.16:09
*** mdong has joined #openstack-security16:10
openstackgerritMerged openstack/syntribos: A spelling mistake needs to be fixed  https://review.openstack.org/37298916:19
*** diazjf has quit IRC16:23
*** diazjf has joined #openstack-security16:25
*** diazjf has quit IRC16:26
openstackgerritMerged openstack/bandit: Adding "input()" to the blacklist calls list  https://review.openstack.org/37239416:31
*** ccneill has joined #openstack-security16:40
*** gfhellma has joined #openstack-security16:45
hongbinlhinds: ack. i guess if the patch looks good, the next step is to publish it to gerrit?16:54
*** rcernin has quit IRC16:55
openstackgerritVinay Potluri proposed openstack/syntribos: Adding Nova template files  https://review.openstack.org/37346416:57
*** ccneill has quit IRC17:03
openstackgerritRahul U Nair proposed openstack/syntribos: Adding Template files for the compute service  https://review.openstack.org/37344317:11
*** popeye74 has joined #openstack-security17:14
*** pcaruana has quit IRC17:14
*** liverpooler has quit IRC17:20
lhindshongbin: the VMT team will let you know how it works in the launchpad issue17:21
lhindsmain thing is to make sure its marked as a 'security issue' in launchpad17:22
lhindshongbin: https://security.openstack.org/vmt-process.html17:22
*** liverpooler has joined #openstack-security17:24
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding nova templates for Syntribos  https://review.openstack.org/37347817:25
*** liverpooler has quit IRC17:27
*** ccneill has joined #openstack-security17:36
*** Canaimero-15d has joined #openstack-security17:53
*** Canaimero-15d has quit IRC17:53
*** popeye74_ has joined #openstack-security17:55
*** popeye74 has quit IRC17:56
*** mvaldes1 has quit IRC17:57
*** popeye74_ has quit IRC18:04
openstackgerritMichael Dong proposed openstack/syntribos: Added nova templates (hypervisors to external events)  https://review.openstack.org/37277218:19
*** mvaldes has joined #openstack-security18:23
openstackgerritRahul U Nair proposed openstack/syntribos: Adding Template files for the compute service  https://review.openstack.org/37344318:25
*** diazjf has joined #openstack-security18:27
*** sdake_ is now known as sdake18:50
*** lamt has joined #openstack-security18:57
*** markvoelker has quit IRC19:03
*** markvoelker has joined #openstack-security19:07
*** diazjf has quit IRC19:16
*** gfhellma has quit IRC19:25
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding nova templates for Syntribos  https://review.openstack.org/37347819:31
vinaypotluriccneill: i saw your comments on my patch to give the version numbers. According to the example the version no. is 2.1 . Should i just follow the example ?19:35
vinaypotlurihttp://developer.openstack.org/api-ref/compute/?expanded=update-server-detail#service-urls19:35
*** diazjf has joined #openstack-security19:41
*** salv-orlando has joined #openstack-security19:42
*** salv-orl_ has quit IRC19:45
*** gfhellma has joined #openstack-security19:51
*** jmckind_ has joined #openstack-security19:51
*** jmckind has quit IRC19:53
mdongso, I think the service URL is gonna be more complicated than that20:01
mdongI’m not 100% sure, but I think the service URL is going to be of the form /v2/{project id}/whatever20:02
mdongbecause when I use the python novaclient to list hypervisors, it actually makes a call to /v2/9671b079fe3f4fc096ac619139e8d207/os-hypervisors/detail20:03
mdongand it 404’s unless I have that there20:03
*** jass93 has quit IRC20:04
*** diazjf has quit IRC20:05
*** tmcpeak1 has quit IRC20:06
*** jass93 has joined #openstack-security20:07
*** tmcpeak has joined #openstack-security20:07
*** tmcpeak1 has joined #openstack-security20:10
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding nova templates for Syntribos  https://review.openstack.org/37347820:12
*** tmcpeak2 has joined #openstack-security20:12
ccneillhrmm20:12
ccneillmdong: we might have to add an extension to pull configuration options then20:13
mdongyeah, I’m writing a get_project_id function into the identity client20:13
mdongwe’d have to then call that in all of our templates20:13
ccneillright20:13
*** tmcpeak has quit IRC20:13
ccneill:\ wish there was another way, but we've known that this might be needed for a while20:13
*** tmcpeak1 has quit IRC20:16
mdongyeah, it makes our templates look disgusting20:17
mdonglike20:17
mdonghttps://gist.github.com/MCDong/445249b7238c4d766f464bc3498f8bf220:17
ccneillyeah..20:18
ccneillsigh20:18
ccneillthis is tempting me to look into a YAML replacement for our templates...20:18
ccneillwe could at least simplify the syntax a bit20:19
mdongyeah, definitely20:20
ccneillI posted a comment20:20
ccneillof what I think we could do20:20
ccneillstill not perfect, but less verbose20:20
ccneillwe just assume that you have a "client.py", and we only let you import from the extensions directoy20:21
ccneilldirectory*20:21
ccneillwhich we probably should've done from the start anyway..20:21
*** diazjf has joined #openstack-security20:23
mdongit’s definitely better, but I don’t know about assuming the existence of “client.py”20:24
ccneillcommented with another possibility20:24
ccneillit's more involved20:25
mdongfor example, the random data extension probably shouldnt have a client20:25
mdongcause it’s not a client for anything20:25
ccneilland makes our templates significantly less like a real raw HTTP request.. which sort of defeats the point20:25
ccneillwell, we can hack around that by just importing all the available functions in __init__.py and using the module itself20:25
ccneillso you can have as many files as you want, but you just have to import them into __init__.py20:26
ccneills/them/the functions you want to export/20:26
mdongI really like the second idea, except instead of having each template marked up, we could have a “definitions file” that lives in the templates directory20:26
ccneillyeah, actually that would be really nice20:27
ccneillthat way we don't have to put the CALL_EXTERNAL for the token in _every_ template20:27
ccneilland we don't have to build some weird parser to determine the end of the request template and the beginning of the definitions section, we can just load a vars.json or something20:29
*** diazjf has quit IRC20:30
mdongand we could replace all of the CALL_EXTERNAL lines with something like {<filename>:<variable name>}20:31
*** diazjf has joined #openstack-security20:32
*** evand has quit IRC20:35
*** evand has joined #openstack-security20:35
vinaypotluriccneill: mdong   do you think we should use uuid for names  https://review.openstack.org/#/c/373464/1/examples/templates/nova/servers_action/create_image.template20:37
vinaypotluriunrahul: knangia what do you think ?20:38
ccneillvinaypotluri: yeah, that's a good idea20:38
ccneillthat way it's easier to tell them apart in horizon and such20:38
vinaypotluriwouldnt that increase the overhead ?20:38
vinaypotluriok20:38
ccneill¯\_(ツ)_/¯ not by much20:38
ccneillI think it's probably worth it20:39
vinaypotluricool20:39
unrahul+1 vinaypotluri .. like ccneill said.. it might be a good idea to check.20:51
vinaypotluri+2  :)20:52
vinaypotluriunrahul:    here do you mean empty line ?https://review.openstack.org/#/c/373464/1/examples/templates/nova/servers_admin/migrate.template20:53
*** jass93 has quit IRC20:53
unrahulyup20:57
*** lamt has quit IRC21:05
*** browne has quit IRC21:09
openstackgerritVinay Potluri proposed openstack/syntribos: Adding Nova template files  https://review.openstack.org/37346421:11
*** browne has joined #openstack-security21:22
*** browne has quit IRC21:24
*** salv-orlando has quit IRC21:26
*** salv-orlando has joined #openstack-security21:26
*** mvaldes has quit IRC21:27
openstackgerritRahul U Nair proposed openstack/syntribos: Adding Template files for the compute service  https://review.openstack.org/37344321:30
*** jass93 has joined #openstack-security21:31
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding nova templates for Syntribos  https://review.openstack.org/37347821:36
*** cleong has quit IRC21:37
*** gfhellma has quit IRC21:40
ccneillknangia: looks like that weird double quote character got in there again21:43
*** edtubill has quit IRC21:43
ccneillin ["user"] inside the token CALL_EXTERNAL line21:43
*** diazjf has quit IRC21:45
*** edmondsw has quit IRC21:46
*** mdong_ has joined #openstack-security21:52
knangiaohh yaa, Charles, will correct it .21:52
*** mdong has quit IRC21:55
*** mdong_ is now known as mdong21:55
*** lamt has joined #openstack-security21:56
mdongerm…so…I’m trying to get the nova extension to play nice with the glance extension, because to create a server you need a valid image21:59
mdongand long story short, doing a “GET /v2.0” to the cluster’s Glance port results in a 500 error21:59
mdongthat is - when it doesn’t 40121:59
mdongccneill, unrahul - can you check it out and tell me what you get?22:00
*** jass93 has quit IRC22:00
mdongcause right now even running the glance tests fail22:00
unrahulHey mdong I have a docs appointment will be back in sometime22:01
ccneillget w/o token returns 401 for me22:01
mdongI’m doing it with the token22:01
unrahulDid it die? 😐22:01
mdongand it alternates between 401 and 50022:01
ccneillhmm.. maybe we blew it up with the OVA testing? lol22:01
mdongI have no idea what happened, since it was fine on Friday22:01
unrahulThere must a ton of fake images in the glance registry22:02
ccneilldunno22:02
unrahulMay be that's why22:02
unrahul😯22:02
ccneillthat's probably true ^22:02
mdongso I haven’t setup a local instance of devstack yet22:04
mdonghow do I go about doing that?22:04
dave-mccowanhyakuhei ping22:04
*** jmckind_ has quit IRC22:04
ccneillGET /v2/ returns alternating 401/404 for me.. 90% 40122:05
ccneillGET /v2 returns alternating 401/302 to /v2/22:05
mdongthe 404 will tell you that its an unknown api version22:05
*** jass93 has joined #openstack-security22:05
mdongand if you do /v2.0/, I get a 500 error22:05
ccneill  <h1>404 Not Found</h1>22:05
ccneill  The resource could not be found.<br /><br />22:05
ccneillweird.. with a scoped token?22:06
mdongyeah...22:06
ccneillhmm, I'm not seeing that on my end22:06
ccneillthat's strange22:06
ccneill/v2/images alternates 401/200 for me22:06
ccneillso it's not totally down22:06
mdonghuh...22:07
mdongwith a scoped token, GET /v2/ give me a22:07
mdong  <h1>404 Not Found</h1>22:07
mdong  Unknown API version specified<br /><br />22:07
mdongsame with a GET /v2/images for that matter22:08
ccneillnow I'm just getting 401s..22:11
ccneill404 with a new token from keystone22:12
ccneill¯\_(ツ)_/¯22:12
mdongyou don’t see the 500s or the unknown API version in the 404?22:19
*** jass93 has quit IRC22:24
mdongwell I’ll submit my WIP extension just so we can get started editing the templates22:25
openstackgerritMichael Dong proposed openstack/syntribos: Added nova extension client  https://review.openstack.org/37354722:25
ccneillnah I haven't seen any 500s22:25
ccneillwhich is strange, and makes me think that something is going on with keystone..22:26
openstackgerritMichael Dong proposed openstack/syntribos: Added nova extension client  https://review.openstack.org/37354722:33
*** gfhellma has joined #openstack-security22:34
mdongso, what happens if you do this curl command22:35
mdongcurl -i -s -k  -X 'GET' \22:35
mdong    -H 'User-Agent: python-glanceclient' -H 'Content-Type: application/octet-stream' -H 'X-Auth-Token: 1e922dfc89d041af968db354b87f0c55' \22:35
mdong    'http://172.99.106.231:9696/v2.0'22:35
mdongccneill: cause for me that gets me a 50022:35
openstackgerritKhanak Nangia proposed openstack/syntribos: Adding nova templates for Syntribos  https://review.openstack.org/37347822:35
mdong…er...22:35
*** diazjf has joined #openstack-security22:35
ccneill<_<22:35
mdong><22:35
ccneill>_>22:35
mdongwelp22:36
mdongon the plus side it 401’s anyway so no harm done right? ><22:39
*** tmcpeak2 has quit IRC22:39
*** gfhellma has quit IRC22:48
*** elmiko is now known as _elmiko22:51
*** nkinder has quit IRC22:52
*** markvoelker has quit IRC23:03
*** tmcpeak has joined #openstack-security23:03
*** markvoelker has joined #openstack-security23:03
dave-mccowantmcpeak ping23:06
*** hongbin has quit IRC23:11
*** diazjf has quit IRC23:25
*** jeremiah20x has joined #openstack-security23:35
*** jeremiah20x has quit IRC23:35
*** Alexey_Abashkin_ has joined #openstack-security23:45
openstackgerritMerged openstack/syntribos: Adding Nova template files  https://review.openstack.org/37346423:45
*** Alexey_Abashkin has quit IRC23:46
*** jass93 has joined #openstack-security23:47
« Monday, 2016-09-19 Index Wednesday, 2016-09-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!