Sunday, 2014-03-16

« Saturday, 2014-03-15 Index Monday, 2014-03-17 »
*** Midnightmyth has quit IRC00:17
*** keving1 has joined #openstack-swift00:37
*** keving1 has quit IRC00:46
*** keving1 has joined #openstack-swift01:42
*** keving1 has quit IRC01:51
*** keving1 has joined #openstack-swift02:47
*** keving1 has quit IRC02:55
*** zouguangxian has joined #openstack-swift03:29
*** zouguangxian has joined #openstack-swift03:29
*** sileht has quit IRC04:00
openstackgerritPeter Portante proposed a change to openstack/swift: In-process swift server for functional tests  https://review.openstack.org/6610804:21
*** Diddi_ has quit IRC04:36
*** sileht has joined #openstack-swift04:38
*** sileht has quit IRC04:50
*** sileht has joined #openstack-swift04:51
*** sileht has quit IRC04:55
*** keving1 has joined #openstack-swift04:57
*** keving1 has quit IRC05:02
*** sileht has joined #openstack-swift05:05
*** sileht has quit IRC05:09
*** chandan_kumar has joined #openstack-swift05:14
*** sileht has joined #openstack-swift05:25
*** keving1 has joined #openstack-swift05:27
*** keving1 has quit IRC05:35
*** sileht has quit IRC05:48
*** changbl has quit IRC06:05
*** keving1 has joined #openstack-swift06:32
*** chandan_kumar has quit IRC06:34
*** keving1 has quit IRC06:40
*** keving1 has joined #openstack-swift07:37
*** keving1 has quit IRC07:46
*** sileht has joined #openstack-swift08:27
*** keving1 has joined #openstack-swift08:42
*** keving1 has quit IRC08:51
*** mlipchuk has joined #openstack-swift09:20
*** keving1 has joined #openstack-swift09:47
*** keving1 has quit IRC09:56
*** Midnightmyth has joined #openstack-swift10:18
*** keving1 has joined #openstack-swift10:52
*** keving1 has quit IRC11:01
*** keving1 has joined #openstack-swift11:57
*** keving1 has quit IRC12:06
*** keving1 has joined #openstack-swift13:02
*** zouguangxian has quit IRC13:11
*** keving1 has quit IRC13:11
*** thomaschaaf has joined #openstack-swift13:35
*** keving1 has joined #openstack-swift14:07
*** keving1 has quit IRC14:16
*** bada has joined #openstack-swift14:39
*** bada__ has quit IRC14:41
thomaschaafI am currently getting a lot of "unauthorized" requests. I am using the tempauth. If I request an authentication token from proxy-server1 is it also good on proxy-server2? Both have a memcache server running on them and in the proxy configutation both are listed. Could this be the cause?14:51
*** keving1 has joined #openstack-swift15:12
*** keving1 has quit IRC15:21
*** changbl has joined #openstack-swift15:32
*** jamieh has joined #openstack-swift15:38
*** jamieh is now known as Guest434015:38
hugokuothomaschaaf: The token suppose to be ok on both proxy severs.15:43
hugokuothomaschaaf: you can try to retrieve token for times. Does proxy return same token for you ?15:44
thomaschaaflet me check15:44
thomaschaafyea I get the same key on both.15:46
thomaschaafI found out how to break it :)15:49
thomaschaafso if I have the 2 memcache servers and one restarts for some reason the tokens are out of sync for my user15:49
thomaschaafIt seems that tempauth breaks in a way which is not good -.-15:54
thomaschaafmaybe its that I am using 1.1015:56
openstackgerritClay Gerrard proposed a change to openstack/swift: Make object server agressive delete capable  https://review.openstack.org/8074916:09
*** mmcardle has joined #openstack-swift16:17
*** keving1 has joined #openstack-swift16:17
*** keving1 has quit IRC16:26
*** mmcardle has quit IRC16:33
thomaschaafI am trying to understand the code to be able to debug. Where in the code is x-storage-token or x-auth-token ever checked? (using tempauth) I cant find a place where the token is actually checked against the database.16:48
*** keving1 has joined #openstack-swift17:22
*** keving1 has quit IRC17:31
openstackgerritpaul luse proposed a change to openstack/swift: Prevent object with storage policy mismatch from being updated in a container  https://review.openstack.org/7973117:32
*** Guest4340 has quit IRC17:55
gholtthomaschaaf: tempauth is a small example auth implementation not really meant for production use. Though I'd guess some would argue it is for production use, but I named it "temp" for a reason when I wrote it. ;) Either way, the tokens are validated against the tokens in memcache so yeah, if you restart a memcache node you'll lose whichever tokens were on that server and those users will need to reauthenticate to establish new t18:01
gholtokens.18:01
*** mlipchuk has quit IRC18:03
thomaschaafTHank you gholt. Sadly I am experiencing a situation where even a reauthentication is giving me a bad token back. I am still trying to debug this though :(18:04
gholtThat's also how some other auth systems work, though I wouldn't doubt many keep a persistent backed store for their tokens as well as caching them for speed.18:04
gholtGotcha, a bad token returned is not fun to debug. :/18:04
thomaschaafI am not quiet sure what advantages there are from giving back tokens for a password.18:05
thomaschaafThe swift for us is an internal data store where we only have one user per environment (dev/stage/live) and I am thinking of naively implementing a simpler authentication for this usecase.18:06
gholtWell, the general design was that the auth system that gives back the token is/could-be completely separate from swift and that you might not want to share the password with every service the auth system could let you use.18:07
thomaschaafI would understand that if they persisted like an oauth token. But as I understand it is rather proof of concept for this functionality?18:08
gholtYeah, tempauth was originally written just to have a test harness for swift to ensure it worked with the general design. It has since grown...18:08
gholtDevelopers didn't want to have to install and configure all of Keystone just to work on Swift.18:09
thomaschaafI'd love to write a really simple auth. With do you think that would be of interesst to others?18:09
thomaschaafI am thinking of stripping all the memcache stuff and keep it in a file so that I can deploy it via puppet/chef. With non changing keys.18:11
gholtQuite likely. However, I'd caution that anything to do with security seldom ends up really simple. :)18:11
gholtThe other you might go up against is existing tooling that expects the general design to be in use. But you might be able to fake all that out by giving the password/api-key back as the token when that first step is accomplished.18:13
thomaschaafah that seems like a nice idea18:13
gholtIt would also be a bit humorous -- to me at least. :) "Hey, I need a token these credentials..." "Sure, here's your credentials you gave me."18:14
gholtMemcache is also often used for speed, but I'm sure you could cache a small user database in memory yourself sourced from a static file on each proxy. Heheh18:15
gholtWhere you start to creep into non-simple (but still simple so far) is folks would probably want that static file to reload the in-memory database when the mtime changes or something similar.18:16
thomaschaafmtime being the time it expires?18:17
thomaschaafI'd really rather just not have anything expire. If I need to change passwords I'll have to rollout an update & restart the proxys. (still thinking a bit smaller)18:17
gholtOh, I meant the mtime of the file. In other words, to add a user you add them to the static file and push that out the all the proxies and they notice and reload their in-memory databases.18:17
thomaschaafI have only done this with watchdog18:18
thomaschaafwould you periodically poll the file?18:19
gholtBut yeah, if it's just for your use and you don't mind a restart/reload of all your proxies on user database changes you can just skip all that.18:19
thomaschaafOr is there a native solution with less overhead than watchdog?18:19
gholtWell, there's a similar concept in swift/common/container_sync_realms.py that auto-reloads the container sync realm data when its config file changes. Main plus is not having to restart/reload all your proxies for what is considered a simple change.18:21
gholtAnd remember that a restart of a proxy will sever all ongoing connections, mid upload/download even. A reload will let the old connections gracefully finish.18:22
thomaschaafI'll try and get it so that one user can have two passwords so that if I want to change the password from a to b I can have both active while I deploy the software which uses swift.18:24
thomaschaafsorry for mistreating your code :D18:24
gholtHaha, no problem. It started as my code for that specific purpose and has long since grown beyond my control. Always happens it seems. :)18:25
gholtWorse yet, before Keystone I'd written Swauth and folks still use that so I try to keep it in working condition. Auth is such fun I don't recommend it to anyone. ;)18:27
*** keving1 has joined #openstack-swift18:27
gholtWell, that reads weird, I did *not* write Keystone. I think a committee was involved with that one. Hehe18:28
*** keving1 has quit IRC18:36
thomaschaafgholt: do you think I should fork swift or create a new repository just for the auth?19:01
gholtthomaschaaf: Usually a separate project is best for things like that. If you want to allow others to use it, they'd just install your package and configure your middleware in their existing Swift set up.19:08
thomaschaafI am not familiar with the python way of doing this should I just simlink to usr/lib/python2.7/dist-packages/swift/common/middleware19:09
thomaschaafor do you know a plugin with a good installation guide? Writing the file is no problem but I hate just having one file in my repo without a nice guide how to install19:10
gholtHmm. let me see if I can find a simple example out there.19:10
gholtOh, https://github.com/gholt/mempeek is pretty darn simple.19:11
gholtIt has no OS packaging though, that gets "advanced" kinda quick. For mempeek, you'd just clone a copy of the repository, run "python setup.py install" and then add the middleware to your pipeline in the proxy-server.conf19:12
gholthttps://github.com/dpgoetz/sos is a more full example of middleware (It's CDN integration middleware) that has packaging for Debian-based systems.19:13
gholtThe key starting point though is the entry point in setup.py such as https://github.com/gholt/mempeek/blob/master/setup.py#L1319:15
gholtSwift uses paste.deploy configs to set up middleware and that line defines the paste.deploy entry point that can be used.19:16
gholtYou can then put mempeek in your proxy-server.conf pipeline and add a section to that file something like:19:17
gholt[filter:mempeek]19:17
gholtuse = egg:mempeek:mempeek19:17
gholt...19:17
gholtErr, sorry: use = egg:mempeek#mempeek19:17
thomaschaafokay I will try this :) thank you for your help!19:17
gholtYeah, you've got a bit of a learning curve, but hey, a goal is the best way learn right?19:18
*** keving1 has joined #openstack-swift19:32
*** mkollaro has joined #openstack-swift19:35
*** keving1 has quit IRC19:41
*** jamieh has joined #openstack-swift19:52
*** jamieh is now known as Guest4753019:53
thomaschaafgholt: I just looked into the code further and as far as i understand https://github.com/openstack/swift/blob/master/swift/common/middleware/tempauth.py#L274 this would not require me to create a token20:19
gholtthomaschaaf: Ah, that well could be. It has been a while since I looked at the Authorization header part of the code. That was for S3 integration as I recall, but it may have morphed since then.20:30
thomaschaafI am trying to get it to work that way. Then I don't need to look after another piece of code :)20:31
gholtIt sure looks like that part of the code is still using token though... the base64 line20:32
gholtTo be perfectly honest, I don't remember how the S3 and HTTP_AUHTORIZATION stuff in there works. I probably copied that code from the previous incarnation of tempauth after some guys had added an S3 compatibility layer.20:35
gholtWhat I do know about S3's auth is that you have to sign each request independently, so it's even more user-active than just getting a single token for 24hr use.20:36
gholtBut this might be faking things in some other way that is less user burdensome, I just don't remember. :/20:37
*** keving1 has joined #openstack-swift20:37
*** keving1 has quit IRC20:46
*** dosaboy_ has joined #openstack-swift20:59
*** bvandenh has quit IRC21:19
*** dosaboy has quit IRC21:21
*** Guest47530 has quit IRC21:21
*** bvandenh has joined #openstack-swift21:21
*** keving1 has joined #openstack-swift21:42
*** keving1 has quit IRC21:51
*** thomaschaaf has quit IRC22:05
*** acoles- has quit IRC22:43
*** haomaiw__ has quit IRC22:43
*** j_king_ has quit IRC22:43
*** mtreinish has quit IRC22:43
*** CrackerJackMack has quit IRC22:43
*** sudorandom has quit IRC22:43
*** wer has quit IRC22:43
*** chmouel has quit IRC22:43
*** zackmdavis has quit IRC22:43
*** zanc_ has quit IRC22:43
*** ondergetekende has quit IRC22:43
*** bvandenh has quit IRC22:43
*** changbl has quit IRC22:43
*** Midnightmyth has quit IRC22:43
*** mkerrin1 has quit IRC22:43
*** wkelly has quit IRC22:43
*** pandemicsyn has quit IRC22:43
*** EmilienM has quit IRC22:43
*** tristanC has quit IRC22:43
*** pconstantine_ has quit IRC22:43
*** omame has quit IRC22:43
*** bsdkurt has quit IRC22:43
*** occupant has quit IRC22:43
*** sileht has quit IRC22:43
*** gholt has quit IRC22:43
*** dosaboy_ has quit IRC22:43
*** mkollaro has quit IRC22:43
*** ccorrigan has quit IRC22:43
*** Guest56062 has quit IRC22:43
*** sfineberg has quit IRC22:43
*** saschpe has quit IRC22:43
*** swifterdarrell has quit IRC22:43
*** clarkb has quit IRC22:43
*** peluse has quit IRC22:43
*** openstackgerrit has quit IRC22:43
*** otherjon has quit IRC22:43
*** mandarine has quit IRC22:43
*** grapsus__ has quit IRC22:43
*** joearnold has quit IRC22:43
*** Alex_Gaynor has quit IRC22:43
*** krtaylor has quit IRC22:43
*** wayneeseguin has quit IRC22:43
*** pberis has quit IRC22:43
*** fbo has quit IRC22:43
*** yuan has quit IRC22:43
*** booi has quit IRC22:43
*** jeblair has quit IRC22:43
*** acorwin has quit IRC22:43
*** tanee-away has quit IRC22:43
*** early has quit IRC22:43
*** redbo has quit IRC22:43
*** notmyname has quit IRC22:43
*** MooingLemur has quit IRC22:43
*** rahmu has quit IRC22:43
*** torgomatic has quit IRC22:43
*** minnear has quit IRC22:43
*** glange has quit IRC22:43
*** jogo has quit IRC22:43
*** hugokuo has quit IRC22:43
*** ctennis has quit IRC22:43
*** anderstj has quit IRC22:43
*** alpha_ori has quit IRC22:43
*** ryao has quit IRC22:43
*** anticw has quit IRC22:43
*** dfg has quit IRC22:43
*** mordred has quit IRC22:43
*** kragniz has quit IRC22:43
*** swills has quit IRC22:43
*** zigo has quit IRC22:43
*** Anticimex has quit IRC22:43
*** StevenK has quit IRC22:43
*** creiht has quit IRC22:43
*** mhu has quit IRC22:43
*** russellb has quit IRC22:43
*** greghaynes has quit IRC22:43
*** ChanServ has quit IRC22:43
*** briancline has quit IRC22:43
*** akscram has quit IRC22:43
*** rturk-away has quit IRC22:43
*** Anju1 has quit IRC22:43
*** ekarlso has quit IRC22:43
*** JelleB has quit IRC22:43
*** mlanner has quit IRC22:43
*** amandap has quit IRC22:43
*** therve has quit IRC22:43
*** portante has quit IRC22:43
*** luisbg has quit IRC22:43
*** ahale has quit IRC22:43
*** rpedde has quit IRC22:43
*** clayg has quit IRC22:43
*** bvandenh has joined #openstack-swift22:45
*** dosaboy_ has joined #openstack-swift22:45
*** mkollaro has joined #openstack-swift22:45
*** changbl has joined #openstack-swift22:45
*** Midnightmyth has joined #openstack-swift22:45
*** sileht has joined #openstack-swift22:45
*** peluse has joined #openstack-swift22:45
*** openstackgerrit has joined #openstack-swift22:45
*** Alex_Gaynor has joined #openstack-swift22:45
*** krtaylor has joined #openstack-swift22:45
*** ondergetekende has joined #openstack-swift22:45
*** acoles- has joined #openstack-swift22:45
*** mkerrin1 has joined #openstack-swift22:45
*** wkelly has joined #openstack-swift22:45
*** haomaiw__ has joined #openstack-swift22:45
*** pandemicsyn has joined #openstack-swift22:45
*** EmilienM has joined #openstack-swift22:45
*** tristanC has joined #openstack-swift22:45
*** j_king_ has joined #openstack-swift22:45
*** pconstantine_ has joined #openstack-swift22:45
*** omame has joined #openstack-swift22:45
*** mtreinish has joined #openstack-swift22:45
*** bsdkurt has joined #openstack-swift22:45
*** CrackerJackMack has joined #openstack-swift22:45
*** sudorandom has joined #openstack-swift22:45
*** ccorrigan has joined #openstack-swift22:45
*** wer has joined #openstack-swift22:45
*** briancline has joined #openstack-swift22:45
*** akscram has joined #openstack-swift22:45
*** swills has joined #openstack-swift22:45
*** zigo has joined #openstack-swift22:45
*** rturk-away has joined #openstack-swift22:45
*** Anticimex has joined #openstack-swift22:45
*** StevenK has joined #openstack-swift22:45
*** creiht has joined #openstack-swift22:45
*** Anju1 has joined #openstack-swift22:45
*** mhu has joined #openstack-swift22:45
*** occupant has joined #openstack-swift22:45
*** chmouel has joined #openstack-swift22:45
*** wayneeseguin has joined #openstack-swift22:45
*** russellb has joined #openstack-swift22:45
*** zackmdavis has joined #openstack-swift22:45
*** pberis has joined #openstack-swift22:45
*** Guest56062 has joined #openstack-swift22:45
*** greghaynes has joined #openstack-swift22:45
*** fbo has joined #openstack-swift22:45
*** dickson.freenode.net sets mode: +v creiht22:45
*** zanc_ has joined #openstack-swift22:45
*** yuan has joined #openstack-swift22:45
*** booi has joined #openstack-swift22:45
*** jeblair has joined #openstack-swift22:45
*** gholt has joined #openstack-swift22:45
*** otherjon has joined #openstack-swift22:45
*** sfineberg has joined #openstack-swift22:45
*** acorwin has joined #openstack-swift22:45
*** tanee-away has joined #openstack-swift22:45
*** saschpe has joined #openstack-swift22:45
*** swifterdarrell has joined #openstack-swift22:45
*** mandarine has joined #openstack-swift22:45
*** jogo has joined #openstack-swift22:45
*** early has joined #openstack-swift22:45
*** grapsus__ has joined #openstack-swift22:45
*** redbo has joined #openstack-swift22:45
*** ekarlso has joined #openstack-swift22:45
*** clarkb has joined #openstack-swift22:45
*** JelleB has joined #openstack-swift22:45
*** notmyname has joined #openstack-swift22:45
*** dickson.freenode.net sets mode: +vvvv gholt swifterdarrell redbo notmyname22:45
*** MooingLemur has joined #openstack-swift22:45
*** mlanner has joined #openstack-swift22:45
*** amandap has joined #openstack-swift22:45
*** therve has joined #openstack-swift22:45
*** joearnold has joined #openstack-swift22:45
*** rahmu has joined #openstack-swift22:45
*** torgomatic has joined #openstack-swift22:45
*** minnear has joined #openstack-swift22:45
*** glange has joined #openstack-swift22:45
*** hugokuo has joined #openstack-swift22:45
*** ctennis has joined #openstack-swift22:45
*** anderstj has joined #openstack-swift22:45
*** alpha_ori has joined #openstack-swift22:45
*** portante has joined #openstack-swift22:45
*** ryao has joined #openstack-swift22:45
*** anticw has joined #openstack-swift22:45
*** dfg has joined #openstack-swift22:45
*** dickson.freenode.net sets mode: +vvvv torgomatic glange portante dfg22:45
*** mordred has joined #openstack-swift22:45
*** kragniz has joined #openstack-swift22:45
*** luisbg has joined #openstack-swift22:45
*** ahale has joined #openstack-swift22:45
*** rpedde has joined #openstack-swift22:45
*** ChanServ has joined #openstack-swift22:45
*** clayg has joined #openstack-swift22:45
*** dickson.freenode.net sets mode: +ov ChanServ clayg22:45
*** keving1 has joined #openstack-swift22:47
*** mkollaro has quit IRC22:55
*** keving1 has quit IRC22:57
*** sungju has joined #openstack-swift23:08
*** mlipchuk has joined #openstack-swift23:11
*** fifieldt has joined #openstack-swift23:16
*** h6w has joined #openstack-swift23:28
h6wMorning all!23:42
h6wIs there a ca_file option in /etc/swift/proxy-server.conf or perhaps a ca_bundle?23:43
*** keving1 has joined #openstack-swift23:52
« Saturday, 2014-03-15 Index Monday, 2014-03-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!