Wednesday, 2018-06-27

« Tuesday, 2018-06-26 Index Thursday, 2018-06-28 »
*** lifeless has quit IRC00:38
openstackgerritSamuel Merritt proposed openstack/swift master: Be more explicit about WSGI/non-WSGI environment keys  https://review.openstack.org/57823900:43
*** lifeless has joined #openstack-swift00:45
*** zaitcev_ has joined #openstack-swift00:50
*** ChanServ sets mode: +v zaitcev_00:50
*** zaitcev has quit IRC00:54
*** zaitcev_ has quit IRC01:16
kota_good morning01:42
notmynamehello kota_01:44
*** gyee has quit IRC01:51
mattoliveraukota_: morning01:54
kota_o/01:54
*** bkopilov has quit IRC02:30
*** psachin has joined #openstack-swift02:38
*** itlinux has joined #openstack-swift02:44
*** SkyRocknRoll has joined #openstack-swift03:21
*** bkopilov has joined #openstack-swift04:02
*** viks_ has joined #openstack-swift04:27
*** SkyRocknRoll has quit IRC04:38
*** psachin has quit IRC04:41
*** vpc has joined #openstack-swift05:10
vpchi05:10
vpchow to use tempauth rather than keystoneauth?05:11
vpc+mattoliverau05:11
vpc+kota_05:11
vpcis there a way to use tempauth + keystoneauth05:11
*** tdasilva has quit IRC05:21
vpchi05:27
*** silor has joined #openstack-swift05:31
mattoliverauvpc: why do you want to do that? tempauth should only be used for dev/testing and not for production. As all users passords are stored in plan text in the proxy config.05:33
vpchere +mattoliverau05:33
vpchttps://github.com/stmuraka/OpenStackSwift-OpenWhisk/tree/master/OpenStackSwift/Webhook05:33
*** tdasilva has joined #openstack-swift05:33
mattoliveraubut if you do. you just need to replace authtoken and keystoneauth and in thier place put tempauth.05:34
mattoliverauand yes you can use both.05:34
vpclike this  http://paste.openstack.org/show/724355/?05:34
mattoliverauyou'd need to define a different reseller prefix for tempauth if you want both.05:35
vpci want to integrate openwhisk in swift05:35
vpcwhen i putting new image it creating a thumbnail05:35
mattoliverauvpc: if your getting rid of keystone auth, then like I said you need to remove both authtoken and keystone auth, you still have authtoken in that pipeline05:36
vpcokay wait05:36
vpchere http://paste.openstack.org/show/724361/05:38
vpcmay i know if you have example of a proxy server conf if i use both keystone and tempauth05:38
vpcswift -A http://107.105.135.163:8080/v1/AUTH_04eabf5e839a4476a4d312e7941a1e4f -U test:tester -K testing stat05:40
vpcUnauthorized. Check username/id, password, tenant name/id and user/tenant domain name/id.05:40
mattoliverauhaving both would look something like: http://paste.openstack.org/show/724364/ (I think based on your first paste)05:43
vpcokay i'll use that thank you :)05:43
mattoliverauvpc: I haven't tested it, mind you :)05:44
vpcUnauthorized. Check username/id, password, tenant name/id and user/tenant domain name/id.05:44
vpcwhen using tempauth05:44
mattoliverauwhat does the proxy log say?05:44
vpcswift -A http://107.105.135.163:8080/v1/ -U test:tester -K testing stat05:44
vpcis my url okay?05:44
vpchttp://paste.openstack.org/show/724365/05:45
mattoliverauvpc: the tempauth auth url (the -A) should be: auth/v1.0 so something like:  http://107.105.135.163:8080/auth/v1.005:47
vpcso it doesnt based on my endpoint list05:47
mattoliverauno, endpoint list is _only_ for keystone, so something knows where to go once keystone gives a token.05:48
vpcyehey you're so good05:48
vpcits works05:48
mattoliverautempauth, is just for testing so have it's own endpoint you hit (on the proxy) to get the token05:48
vpchere http://paste.openstack.org/show/724366/05:48
vpcthe next one is to try both keystone and tempatuh05:50
*** cbartz has joined #openstack-swift05:59
*** bharath1234 has joined #openstack-swift06:07
mattoliverauvpc: I still don't know why you need tempauth, as far as I can see, in the url you've given, tempauth is used. all you need is your token and endpoint. Which you were getting from keystone last we talked. So in the curl examples you can just swap the token and endpoint/storage url with your one you got from keystone rather then the one they get from tempauth.06:08
vpcbut the probleme is06:09
vpcno trigger is happening :(06:09
vpcbecause on this setup06:09
vpche only have one server06:09
vpcone server with openwhisk plus openstack swift06:09
mattoliverauif the container or object being creating in swift?06:10
bharath1234But i feel temp auth is useful as it is installed by default and is very light weight(if i m right?). For keystone we need to set up on a seperate server?06:10
vpc+mattoliverau here is the expected output http://paste.openstack.org/show/724368/06:10
vpcthe second is my openwhisk06:10
vpcwheniver i put image on my container06:10
vpcthe webhook trigger to create a thumbnail of it06:10
vpcon it*06:11
mattoliveraubharath1234: sure.. but tempauth is great _but_ only for testing, don't use it in prod. And keystone was already set up and working06:11
vpcSo if ever i put openstack logo  the webhook action will trigger then create a thumbnail of that image and create a container06:11
vpcopenwhisk will be the one to create container and thumbnail the image i upload on the container that have my openwhisk webhook06:12
mattoliverauI haven't used openwhisk. But have you seen a the webhook fire from the swift proxy? ie watching netstat or tcpdump.06:18
mattoliveraulooking at the webhook middleware, it should be writing info logs to the log. what does your proxy log say?06:18
*** threestrands has quit IRC06:19
mattoliverauthe webhook doesn't seem to check the reponse code from the POST request. If it's timing out, it would say so. Otherwise it might just say successfully called webhook or something.06:20
mattoliverauthey really should look for a success so you know. ie if the response is in the 200 series etc.06:21
mattoliveraubut in either case there should be some logging. and so long as your at least on info level logging in syslog you should be seeing something when it's a hook is triggered.06:22
*** ccamacho has joined #openstack-swift06:22
*** bharath1234 has quit IRC06:31
*** hseipp has joined #openstack-swift06:41
*** pcaruana has joined #openstack-swift06:44
vpchere +mattoliverau http://paste.openstack.org/show/724372/06:50
vpcSSl error?06:50
mattoliverauyup looks that way. For whatever reason the connection from the webhook middleware doesn't like your ssl cert. I assume on your openswhisk server.06:52
mattoliverauSo webhook request doen't make it so you can't see it on the whisk side.06:53
*** mikecmpbll has joined #openstack-swift06:53
vpche uses https06:54
vpchttps://github.com/stmuraka/OpenStackSwift-OpenWhisk/blob/master/OpenWhisk/deployOpenWhisk.sh06:55
mattoliverausure, are you, and if so is it a valid ssl cert your using?06:56
mattoliveraupython 2 urllib2 doesn't think it is, what ever you've got.06:57
vpci think he generate  a self signed cert06:57
mattoliveraufor testing you could turn off ssl on the whisk server. OR look into how to tell the middleware to make a request where it doesn't verify.06:58
vpcAs here https://github.com/stmuraka/OpenStackSwift-OpenWhisk/blob/master/OpenWhisk/deployOpenWhisk.sh#L21606:58
mattoliverauor maybe theres a global option to tell python to ignore.06:58
vpcthis is the webhook.py06:59
vpchttps://github.com/stmuraka/OpenStackSwift-OpenWhisk/blob/master/OpenStackSwift/Webhook/swift/common/middleware/webhook.py06:59
mattoliverauI guess, make the cert you used trusted. Maybe the proxy server needs to know about the "new" CA that was created.07:00
vpci added the cert to the controller07:01
vpccurl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.07:01
vpcang curl it07:01
*** pcaruana has quit IRC07:02
vpccan i edit this +mattoliverau https://github.com/stmuraka/OpenStackSwift-OpenWhisk/blob/master/OpenStackSwift/Webhook/swift/common/middleware/webhook.py#L13807:03
mattoliveraucan you just turn off ssl on the openwhisk server as this is a test system to see if it works. Looking online apparently you might be able to add PYTHONHTTPSVERIFY=0 to your evironment when the swift proxy maybe. Will skip verification.07:05
mattoliverau*when running the swift proxy maybe07:05
vpcon the openwhiskserver07:06
vpcor on the swift swide07:06
mattoliverauon the side that is making the reqeust to the server with the bad SSL cert.07:06
mattoliverauso the swift proxy side.07:06
*** tesseract has joined #openstack-swift07:07
*** bharath1234 has joined #openstack-swift07:09
*** bharath1234 has quit IRC07:10
vpccorrection my proxy server is in container07:11
*** geaaru has joined #openstack-swift07:17
mattoliverauvpc: well, the ssl cert seems to be your problem. So you need to make the cert or cert authority that was used to create it trusted on the requester side, use a trusted cert, don't use SSL, or somehow make pythons urllib2 not do ssl verify. Damn security :P07:18
mattoliverauI gotta step into a meeting, and then finally end for the day and go eat dinner and spend time with the family. Good luck.07:19
vpcsame error when i run all export PYTHONHTTPSVERIFY=0 in both sides07:19
vpcnoted thank you for your time07:19
mattoliverauit has to be exported in the env of the running process07:20
mattoliveraubut yeah, not sure if that'll work, I was it online somewhere :)07:20
*** rcernin has quit IRC07:51
*** rcernin has joined #openstack-swift07:53
*** pcaruana has joined #openstack-swift07:57
acolesgood morning08:12
*** ccamacho has quit IRC08:27
*** ccamacho has joined #openstack-swift08:27
*** rcernin has quit IRC08:47
*** hseipp has quit IRC08:48
*** hseipp has joined #openstack-swift08:51
*** d0ugal has quit IRC08:54
openstackgerritMerged openstack/swift master: py3: port healthcheck  https://review.openstack.org/57757409:06
openstackgerritMerged openstack/swift master: Log unexpected errors when trying to clean up empty dirs  https://review.openstack.org/57822409:06
vpchi guys09:12
*** ianychoi has quit IRC09:14
*** ianychoi has joined #openstack-swift09:15
openstackgerritAlistair Coles proposed openstack/swift master: Add keymaster to fetch root secret from KMIP service  https://review.openstack.org/57807509:37
*** threestrands has joined #openstack-swift09:45
*** threestrands has quit IRC09:45
*** threestrands has joined #openstack-swift09:45
*** threestrands has quit IRC09:46
*** threestrands has joined #openstack-swift09:47
*** threestrands has quit IRC09:47
*** threestrands has joined #openstack-swift09:47
*** silor1 has joined #openstack-swift10:02
*** silor has quit IRC10:03
*** silor1 is now known as silor10:03
*** bkopilov has quit IRC10:09
*** gkadam__ has quit IRC10:16
*** gkadam__ has joined #openstack-swift10:16
vpchi10:23
*** pcaruana has quit IRC10:31
vpcgi +mattoliverau10:52
vpchi +mattoliverau10:52
vpchi +kota_10:52
*** cbartz has quit IRC11:45
*** ^andrea^ has joined #openstack-swift12:07
*** mvk has quit IRC12:07
*** mvk has joined #openstack-swift12:37
*** cbartz has joined #openstack-swift12:48
*** hseipp has quit IRC12:56
*** hseipp has joined #openstack-swift13:22
*** hseipp has quit IRC13:31
*** bkopilov has joined #openstack-swift13:34
*** itlinux has quit IRC13:35
*** drewn3ss has joined #openstack-swift13:46
*** hseipp has joined #openstack-swift13:46
*** hseipp has quit IRC13:47
*** hseipp has joined #openstack-swift13:48
*** silor has quit IRC13:52
*** cbartz has quit IRC14:17
*** cbartz has joined #openstack-swift14:18
*** itlinux has joined #openstack-swift14:22
*** SkyRocknRoll has joined #openstack-swift14:25
*** threestrands has quit IRC14:30
*** mvk has quit IRC15:23
*** gkadam__ has quit IRC15:26
*** gkadam__ has joined #openstack-swift15:26
*** cbartz has quit IRC15:42
*** gyee has joined #openstack-swift15:42
notmynamegood morning15:57
*** mvenesio has joined #openstack-swift16:01
*** tesseract has quit IRC16:34
*** gkadam__ has quit IRC16:37
openstackgerritAlistair Coles proposed openstack/swift master: WIP: Add support multiple root encryption secrets  https://review.openstack.org/57787417:43
*** SkyRocknRoll has quit IRC18:29
*** geaaru has quit IRC18:29
*** mvk has joined #openstack-swift18:53
*** hseipp has quit IRC18:58
*** m_kazuhiro has joined #openstack-swift20:42
notmynameswift team meeting in 10 minutes20:50
*** zaitcev has joined #openstack-swift20:51
*** ChanServ sets mode: +v zaitcev20:51
kota_good morning20:52
notmynamekota_: m_kazuhiro: zaitcev: tdasilva: acoles: torgomatic: mattoliverau: clayg: rledisez: cschwede: courtesy meeting ping (2 minutes)20:57
claygI’m not really “online” or “working”20:58
notmynameI know :-)20:59
notmynameclayg: what do you want us to do with https://review.openstack.org/#/c/337960/? I was going to bring it up in the meeting20:59
patchbotpatch 337960 - swift - Send correct SLO ETag for container updates20:59
mattoliverauMorning20:59
notmyname...or we can just talk about it in the meeting20:59
clayg🤷‍♂️20:59
claygA bunch of people think it makes the world better to merge as is. I’ve advocated more work should happen to make the world better but with only additive API changes. Contention seems to be broad support for use-case and weak support for more-work/legacy-api-warts. So we’re stuck. We need a value judgment.21:04
timburkeoh... this swiftclient release will include some rather noticeable version bumps for dependencies -- how do we feel about that? should i try to sort out https://review.openstack.org/#/c/568914/, or just abandon it?21:07
patchbotpatch 568914 - python-swiftclient - Back out some version bumps21:07
acolestimburke: if you're putting together a list of swiftclient patches to land for release then there is https://review.openstack.org/#/c/574261/ which IIRC someone wanted21:09
patchbotpatch 574261 - python-swiftclient - Add option for user to enter password21:09
notmynameacoles: yes!21:09
*** mvenesio has quit IRC21:18
*** mvenesio has joined #openstack-swift21:19
*** mvenesio has quit IRC21:24
*** m_kazuhiro has quit IRC21:30
*** itlinux has quit IRC21:50
*** rcernin has joined #openstack-swift21:50
notmynametimburke: when you get a chance, can you add those swiftclient patches you mentioned to the https://wiki.openstack.org/wiki/Swift/PriorityReviews wiki?22:25
notmynametimburke: I just added a section for it22:25
openstackgerritTim Burke proposed openstack/swift master: Content-Length enforcement fixups  https://review.openstack.org/57857522:54
openstackgerritTim Burke proposed openstack/swift master: swob: Fix up some WSGI string business  https://review.openstack.org/57821022:56
openstackgerritTim Burke proposed openstack/swift master: swob: Stop auto-encoding unicode bodies  https://review.openstack.org/57822723:00
*** mrjk has quit IRC23:08
*** ianychoi has quit IRC23:16
*** kei_yama has joined #openstack-swift23:17
*** ianychoi has joined #openstack-swift23:19
mattoliveraumorning.. again23:22
openstackgerritTim Burke proposed openstack/swift master: swob: Stop auto-encoding unicode bodies  https://review.openstack.org/57822723:42
openstackgerritTim Burke proposed openstack/swift master: swob.Match: remove quotes when checking __contains__  https://review.openstack.org/55666423:53
« Tuesday, 2018-06-26 Index Thursday, 2018-06-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!