| *** SheenaG has quit IRC | 00:27 | |
| *** zz_dimtruck is now known as dimtruck | 00:29 | |
| *** kfox1111 has quit IRC | 00:40 | |
| *** SheenaG has joined #openstack-barbican | 00:44 | |
| *** stanzi has joined #openstack-barbican | 01:32 | |
| *** pglass has joined #openstack-barbican | 01:45 | |
| *** SheenaG has quit IRC | 01:54 | |
| *** stanzi has quit IRC | 02:03 | |
| *** stanzi has joined #openstack-barbican | 02:07 | |
| *** stanzi has quit IRC | 02:23 | |
| *** stanzi_ has joined #openstack-barbican | 02:54 | |
| *** stanzi_ has quit IRC | 03:03 | |
| *** xaeth_afk is now known as xaeth | 03:19 | |
| *** dimtruck is now known as zz_dimtruck | 03:23 | |
| *** xaeth is now known as xaeth_afk | 04:42 | |
| *** chlong is now known as chlong_mtg | 04:59 | |
| *** kebray has quit IRC | 05:17 | |
| *** chlong_mtg is now known as chlong | 06:06 | |
| *** shohel has joined #openstack-barbican | 06:14 | |
| *** shohel has quit IRC | 06:19 | |
| *** stanzi has joined #openstack-barbican | 06:24 | |
| *** stanzi has quit IRC | 06:28 | |
| *** shohel has joined #openstack-barbican | 06:34 | |
| *** nickrmc83 has joined #openstack-barbican | 08:11 | |
| *** chlong is now known as chlong_afk | 08:16 | |
| *** everjeje has quit IRC | 08:17 | |
| *** everjeje has joined #openstack-barbican | 08:34 | |
| *** pglass has quit IRC | 08:48 | |
| *** woodster_ has quit IRC | 09:01 | |
| *** chlong_afk has quit IRC | 09:03 | |
| *** SheenaG has joined #openstack-barbican | 11:56 | |
| *** darrenmoffat has quit IRC | 11:59 | |
| *** darrenmoffat has joined #openstack-barbican | 12:00 | |
| *** nickrmc84 has joined #openstack-barbican | 12:00 | |
| *** nickrmc83 has quit IRC | 12:02 | |
| *** shohel has quit IRC | 12:04 | |
| *** shohel has joined #openstack-barbican | 12:04 | |
| *** shohel has quit IRC | 12:11 | |
| *** kfarr has joined #openstack-barbican | 12:12 | |
| *** shohel has joined #openstack-barbican | 12:27 | |
| *** nickrmc84 has quit IRC | 12:55 | |
| *** nickrmc83 has joined #openstack-barbican | 12:56 | |
| *** shohel has quit IRC | 12:56 | |
| *** shohel has joined #openstack-barbican | 12:58 | |
| *** nickrmc83 has quit IRC | 13:02 | |
| *** shohel has quit IRC | 13:06 | |
| *** shohel has joined #openstack-barbican | 13:18 | |
| *** nkinder__ has quit IRC | 13:23 | |
| *** alee has joined #openstack-barbican | 13:24 | |
| *** stanzi has joined #openstack-barbican | 13:43 | |
| openstackgerrit | John Wood proposed openstack/barbican-specs: Add List of Group-IDs to ACL for Secrets/Containers https://review.openstack.org/191076 | 13:51 |
|---|---|---|
| *** woodster_ has joined #openstack-barbican | 13:51 | |
| *** jaosorior has joined #openstack-barbican | 14:02 | |
| *** SheenaG has quit IRC | 14:03 | |
| *** pglass has joined #openstack-barbican | 14:04 | |
| jvrbanac | redrobot, could you workflow this spec: https://review.openstack.org/#/c/186562/ Since I wasn't at the summit and not apart of the discussions, I don't feel super comfortable workflowing a CR for specs | 14:08 |
| redrobot | jvrbanac sure thing... looking... | 14:08 |
| *** shohel has quit IRC | 14:10 | |
| *** kfox1111 has joined #openstack-barbican | 14:11 | |
| *** shohel has joined #openstack-barbican | 14:15 | |
| *** stanzi has quit IRC | 14:17 | |
| *** stanzi has joined #openstack-barbican | 14:18 | |
| *** nkinder__ has joined #openstack-barbican | 14:20 | |
| openstackgerrit | Merged openstack/barbican-specs: Add Quota support for Barbican resources https://review.openstack.org/186562 | 14:21 |
| *** SheenaG has joined #openstack-barbican | 14:27 | |
| *** silos has joined #openstack-barbican | 14:27 | |
| jvrbanac | redrobot, thx | 14:33 |
| *** shohel has quit IRC | 14:35 | |
| *** stanzi has quit IRC | 14:42 | |
| *** stanzi has joined #openstack-barbican | 14:46 | |
| *** kfarr has quit IRC | 14:48 | |
| openstackgerrit | Kaitlin Farr proposed openstack/castellan: Add Barbican key manager https://review.openstack.org/171918 | 14:48 |
| *** kfarr has joined #openstack-barbican | 14:49 | |
| *** kebray has joined #openstack-barbican | 14:51 | |
| *** rellerreller has joined #openstack-barbican | 14:51 | |
| *** kebray has quit IRC | 14:51 | |
| *** zz_dimtruck is now known as dimtruck | 14:54 | |
| *** kebray has joined #openstack-barbican | 14:56 | |
| openstackgerrit | Kaitlin Farr proposed openstack/castellan: Add Barbican key manager https://review.openstack.org/171918 | 15:08 |
| *** kfarr has quit IRC | 15:12 | |
| kfox1111 | so... what exactly is castellan | 15:16 |
| kfox1111 | ? | 15:16 |
| kfox1111 | It looks like it may be an alternate python-barbicanclient? | 15:19 |
| *** xaeth_afk is now known as xaeth | 15:34 | |
| redrobot | kfox1111 kinda | 15:36 |
| redrobot | kfox1111 it's a key manager interface, with pluggable backends. It's meant for app developers who don't want to commit to Barbican being the only key manager. | 15:37 |
| redrobot | kfox1111 some folks won't have Barbican in their cloud, so they may want to talk to another key manager directly. | 15:38 |
| redrobot | kfox1111 also useful for environments with compliance requirements prohibit Barbican use. e.g. a cloud that needs a FIPS compliant key manager. | 15:38 |
| redrobot | kfox1111 it helps to think of castellan as a would be "oslo.key_manager" | 15:41 |
| *** stanzi has quit IRC | 15:48 | |
| *** stanzi has joined #openstack-barbican | 15:49 | |
| kfox1111 | ah. ok. that makes sense. | 15:50 |
| *** shohel has joined #openstack-barbican | 15:50 | |
| kfox1111 | so its intended to run in vm's as well as on clients? | 15:50 |
| *** stanzi_ has joined #openstack-barbican | 15:51 | |
| kfox1111 | Just trying to see if I should pull kfarr into the nova instance vm spec review. | 15:51 |
| *** stanzi has quit IRC | 15:53 | |
| *** shohel has quit IRC | 15:56 | |
| rellerreller | kfox1111 think of Castellan an interface | 15:59 |
| *** Daviey has joined #openstack-barbican | 15:59 | |
| rellerreller | kfox1111 it provides a KeyManager interface under which different implementations will sit, like python-barbicanclient | 15:59 |
| rellerreller | kfox1111 so Castellan itself does not run anything. It provides an abstraction to make calls out to different key managers like Barbican, KMIP, PKCS#11 | 16:00 |
| rellerreller | kfox1111 could you send a link out to the Nova instance VM spec? kfarr works with me, and now you have interested me in this spec. | 16:01 |
| *** stanzi_ has quit IRC | 16:06 | |
| kfox1111 | Sure. :) https://review.openstack.org/#/c/186617 | 16:07 |
| kfox1111 | Castellan running in the instance could use that mechanism to get credentials to talk to Barbican. | 16:08 |
| kfox1111 | It wouldn't have anything specific to any cloud in it, so it could be baked into the cloud image. | 16:10 |
| *** diazjf has joined #openstack-barbican | 16:11 | |
| diazjf | rellerreller ping | 16:12 |
| rellerreller | diazjf poing | 16:13 |
| rellerreller | pong | 16:13 |
| diazjf | hey I've been working with Silos on Barbican development and was wondering if you guys still needed to be able to store opaque secrets into KMIP servers | 16:14 |
| rellerreller | diazjf I think it would help. | 16:15 |
| diazjf | perfect, I'm gonna writre up a Blueprint | 16:15 |
| diazjf | any past dev on this? | 16:15 |
| rellerreller | diazjf Are you talking about the Barbican side or the KMIP side? | 16:16 |
| rellerreller | diazjf I plan to implement support for opaque data objects over the next week. That is the last type for me to implement :) | 16:16 |
| diazjf | Barbican side :) | 16:17 |
| rellerreller | diazjf Once that is implemented then all of the secret types will be supported by the KMIP secret store | 16:17 |
| diazjf | ohh cool, was just wondering what I could work on to get a head start in Barbican community dev | 16:18 |
| rellerreller | diazjf I should note that not all KMIP server support opaque objects. The spec is a bit weird with regards to this. | 16:18 |
| rellerreller | diazjf We have actually found a low percentage support them. | 16:19 |
| rellerreller | diazjf Nothing comes to mind off the top of my head. I'm working on the last of the secret types in KMIP secret store. | 16:19 |
| diazjf | no problem was just wondering. | 16:20 |
| diazjf | Anything on rekeying that the Barbican community? | 16:20 |
| rellerreller | diazjf If I think of anything then I will let you know. | 16:20 |
| diazjf | ok perfect | 16:20 |
| *** shohel has joined #openstack-barbican | 16:23 | |
| redrobot | diazjf we do have a bunch of Wishlist items if you're looking for something to work on: https://bugs.launchpad.net/barbican | 16:24 |
| *** gyee_ has joined #openstack-barbican | 16:28 | |
| *** xaeth is now known as xaeth_afk | 16:41 | |
| diazjf | redrobot thanks | 16:43 |
| openstackgerrit | Kaitlin Farr proposed openstack/castellan: Add Barbican key manager https://review.openstack.org/171918 | 16:47 |
| *** stanzi has joined #openstack-barbican | 16:50 | |
| *** stanzi has quit IRC | 16:51 | |
| *** stanzi has joined #openstack-barbican | 16:52 | |
| *** stanzi_ has joined #openstack-barbican | 16:53 | |
| *** stanzi has quit IRC | 16:53 | |
| *** stanzi_ has quit IRC | 17:08 | |
| *** jaosorior has quit IRC | 17:15 | |
| *** stanzi has joined #openstack-barbican | 17:22 | |
| *** gyee_ has quit IRC | 17:23 | |
| *** stanzi has quit IRC | 17:27 | |
| *** stanzi has joined #openstack-barbican | 17:30 | |
| *** shohel has quit IRC | 17:33 | |
| *** stanzi has quit IRC | 17:34 | |
| *** stanzi has joined #openstack-barbican | 17:34 | |
| *** stanzi has quit IRC | 17:38 | |
| *** stanzi has joined #openstack-barbican | 17:51 | |
| *** kebray has quit IRC | 17:53 | |
| *** kebray has joined #openstack-barbican | 17:53 | |
| *** xaeth_afk is now known as xaeth | 17:53 | |
| *** stanzi has quit IRC | 17:54 | |
| *** stanzi_ has joined #openstack-barbican | 17:54 | |
| *** gyee_ has joined #openstack-barbican | 17:57 | |
| *** everjeje has quit IRC | 17:57 | |
| *** stanzi_ has quit IRC | 17:59 | |
| *** stanzi has joined #openstack-barbican | 18:00 | |
| *** silos has quit IRC | 18:00 | |
| *** silos has joined #openstack-barbican | 18:00 | |
| *** stanzi_ has joined #openstack-barbican | 18:20 | |
| *** stanzi has quit IRC | 18:23 | |
| *** stanzi_ has quit IRC | 18:34 | |
| *** stanzi has joined #openstack-barbican | 18:35 | |
| jkf | Greetings, are there any known issues surrounding migrating from the Juno to Kilo stable versions? | 18:47 |
| jkf | I'm currently seeing kek validation failures with the simple crypto plugin after migrating. | 18:47 |
| jkf | The project kek that is. | 18:48 |
| jkf | Here's some log output from the failure I'm seeing... http://paste.openstack.org/show/5bNqGy6phvfO4u7i5CbK/ | 18:49 |
| * kfox1111 breaks down and cries. | 19:02 | |
| kfox1111 | going back around the loop all over again... :/ | 19:02 |
| kfox1111 | keystone folks are starting talking about wanting to use trusts and forcing every secret to have its own keystone project. :/ | 19:02 |
| *** stanzi has quit IRC | 19:17 | |
| *** stanzi has joined #openstack-barbican | 19:17 | |
| *** stanzi has quit IRC | 19:17 | |
| *** stanzi has joined #openstack-barbican | 19:18 | |
| redrobot | jkf are you running master or the kilo point release? | 19:38 |
| jkf | The head of the stable/kilo branch. | 19:38 |
| redrobot | kfox1111 IRC or ML? | 19:38 |
| kfox1111 | irc. | 19:41 |
| kfox1111 | he's going to think about it more though. | 19:41 |
| *** stanzi has quit IRC | 19:42 | |
| openstackgerrit | Nathan Reller proposed openstack/barbican: Added certificate support to KMIP secret store https://review.openstack.org/190299 | 19:52 |
| *** insequent has quit IRC | 20:07 | |
| *** dabukalam has quit IRC | 20:07 | |
| *** redrobot has quit IRC | 20:07 | |
| *** insequent has joined #openstack-barbican | 20:07 | |
| *** redrobot has joined #openstack-barbican | 20:08 | |
| *** redrobot is now known as Guest67074 | 20:08 | |
| *** dabukalam has joined #openstack-barbican | 20:09 | |
| *** stanzi has joined #openstack-barbican | 20:12 | |
| *** silos has left #openstack-barbican | 20:14 | |
| *** stanzi has quit IRC | 20:21 | |
| *** stanzi has joined #openstack-barbican | 20:23 | |
| *** greghaynes has quit IRC | 20:27 | |
| openstackgerrit | Kevin Fox proposed openstack/barbican-specs: Container ACL and Fetch API https://review.openstack.org/190404 | 20:38 |
| *** stanzi has quit IRC | 20:43 | |
| *** alee has quit IRC | 20:48 | |
| *** gyee_ has quit IRC | 21:33 | |
| *** xaeth is now known as xaeth_afk | 21:35 | |
| -openstackstatus- NOTICE: Gerrit will be offline for project renames between 22:00 and 22:30 UTC | 21:41 | |
| *** ChanServ changes topic to "Gerrit will be offline for project renames between 22:00 and 22:30 UTC" | 21:41 | |
| *** nkinder__ has quit IRC | 21:42 | |
| *** darrenmoffat has quit IRC | 21:54 | |
| *** darrenmoffat has joined #openstack-barbican | 21:54 | |
| *** darrenmoffat has quit IRC | 21:56 | |
| *** diazjf has left #openstack-barbican | 21:57 | |
| *** darrenmoffat has joined #openstack-barbican | 21:57 | |
| -openstackstatus- NOTICE: Gerrit is offline for project renames. ETA 20:30 | 22:02 | |
| *** ChanServ changes topic to "Gerrit is offline for project renames. ETA 20:30" | 22:02 | |
| *** pglass has quit IRC | 22:05 | |
| *** dimtruck is now known as zz_dimtruck | 22:06 | |
| -openstackstatus- NOTICE: Gerrit is offline for project renames. ETA 22:40 | 22:07 | |
| *** ChanServ changes topic to "Gerrit is offline for project renames. ETA 22:40" | 22:07 | |
| *** darrenmoffat has quit IRC | 22:15 | |
| *** stanzi has joined #openstack-barbican | 22:21 | |
| *** stanzi has quit IRC | 22:29 | |
| *** darrenmoffat has joined #openstack-barbican | 22:39 | |
| *** ChanServ changes topic to "Gerrit is offline for project renames. ETA 20:30" | 22:41 | |
| -openstackstatus- NOTICE: Gerrit is back online. Zuul reconfiguration for renamed projects is still in progress, ETA 23:30. | 22:41 | |
| *** ChanServ changes topic to "OpenStack Barbican development" | 22:49 | |
| *** arunkant has quit IRC | 22:56 | |
| *** arunkant has joined #openstack-barbican | 22:56 | |
| *** kfarr has joined #openstack-barbican | 23:08 | |
| *** openstackgerrit has quit IRC | 23:22 | |
| *** openstackgerrit has joined #openstack-barbican | 23:22 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!