Wednesday, 2016-07-20

« Tuesday, 2016-07-19 Index Thursday, 2016-07-21 »
*** joehuang has joined #openstack-tricircle01:30
shinobu_hi joehuang01:45
shinobu_what do you think of handling credential?01:45
joehuangdo you mean in Nova/Cinder APIGW01:45
shinobu_from me, we need to be more careful for that as i described01:45
joehuangyes01:46
shinobu_joehuang: yes01:46
joehuangif the API will be forwarded to the bottom Nova/Cinder01:46
joehuangthen the token validation and policy control will be done in the bottom OpenStack01:46
joehuangand we will also add policy controll on the Nova/Cinder API-GW if necessary01:47
shinobu_joehuang: oh, i'm talking about not token, but password for admin or whatever01:47
shinobu_joehuang: those kind of messages should not  be sent with plain text.01:48
joehuangmaybe we don't need to double controll for all APIs, but some of them will terminate the process in the Nova/Cinder APIGW, for example, quota management, we need policy control01:49
joehuangsure01:49
joehuangadmin and password should not being transfered in plain text01:49
shinobu_joehuang: i just want to make sure there is not mismatch between us.01:50
shinobu_joehuang: thanks for your agreement01:50
joehuanghow do you manage the password configuration item in production cloud in nova.conf and cinder.conf?01:51
shinobu_is there any situation that password in nova.conf and cinder.conf need to be changed?01:53
shinobu_if end users forget about that, they have to change but.01:54
joehuangit's not used for end user01:54
joehuangbut mainly used by the service for the token validation01:54
joehuangfor example admin_password in http://docs.openstack.org/liberty/config-reference/content/list-of-compute-config-options.html01:55
joehuangin the [keystone_authtoken] section01:55
shinobu_handling configuration file itself, this is a different story to me.01:56
shinobu_do you want the tricircle to modify configuration files as well?01:57
joehuangTricircle will not modify configuration files, other configuration management software will update the configuration file if needed. And Tricircle will only re-load the configuration after the process is re-started.02:03
shinobu_joehuang: that's what i'm expecting.02:04
joehuanggreat02:09
joehuanghi, Shinobu, There is update in the function _add_network_segment in Neutron, which will lead to the failure of our check and gate test, and block all new patches to be merged. Please review on the patch https://review.openstack.org/#/c/344524/. Thanks02:13
shinobu_joehuang: checked02:38
joehuangthanks02:45
*** yinxiulin has joined #openstack-tricircle02:48
yinxiulin•Hello,my name's yinxiulin, come from jiangxi,and glad to meet you !02:49
joehuangwelcome xiulin, welcome to join tircircle :)02:58
yinxiulinthanks02:59
shinobu_yinxiulin: thank you for your *great* contribution in advance.03:02
*** yinxiulin has quit IRC03:04
*** yinxiulin has joined #openstack-tricircle03:09
*** gongysh has joined #openstack-tricircle03:34
*** gongysh has quit IRC03:43
joehuanghi, xiulin, could you register a bug for the error code 500 returned by Nova/Cinder APIGW, John Garbutt comment on big-tent application "The above shows many "expected" 500 errors, which is something we explicitly call a bug in OpenStack APIs."03:56
joehuanghttps://review.openstack.org/#/c/338796/03:56
yinxiulinOK03:57
shinobu_yinxiulin: are you still there?07:36
yinxiulinyes07:41
shinobu_yinxiulin: what's your email address. i'm just asking you07:43
yinxiulinyinxiulin@huawei.com07:44
shinobu_thank you07:44
yinxiulinwelcome07:45
*** joehuang has quit IRC09:50
*** yinxiulin has quit IRC09:51
*** gongysh has joined #openstack-tricircle09:54
*** gongysh has quit IRC11:26
*** longxiongqiu has joined #openstack-tricircle12:46
*** longxiongqiu has quit IRC13:58
*** gongysh has joined #openstack-tricircle14:08
*** gongysh has quit IRC15:20
*** gongysh has joined #openstack-tricircle16:47
*** gongysh has quit IRC19:41
« Tuesday, 2016-07-19 Index Thursday, 2016-07-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!