Friday, 2015-06-12

*** SheenaG has quit IRC00:27
*** zz_dimtruck is now known as dimtruck00:29
*** kfox1111 has quit IRC00:40
*** SheenaG has joined #openstack-barbican00:44
*** stanzi has joined #openstack-barbican01:32
*** pglass has joined #openstack-barbican01:45
*** SheenaG has quit IRC01:54
*** stanzi has quit IRC02:03
*** stanzi has joined #openstack-barbican02:07
*** stanzi has quit IRC02:23
*** stanzi_ has joined #openstack-barbican02:54
*** stanzi_ has quit IRC03:03
*** xaeth_afk is now known as xaeth03:19
*** dimtruck is now known as zz_dimtruck03:23
*** xaeth is now known as xaeth_afk04:42
*** chlong is now known as chlong_mtg04:59
*** kebray has quit IRC05:17
*** chlong_mtg is now known as chlong06:06
*** shohel has joined #openstack-barbican06:14
*** shohel has quit IRC06:19
*** stanzi has joined #openstack-barbican06:24
*** stanzi has quit IRC06:28
*** shohel has joined #openstack-barbican06:34
*** nickrmc83 has joined #openstack-barbican08:11
*** chlong is now known as chlong_afk08:16
*** everjeje has quit IRC08:17
*** everjeje has joined #openstack-barbican08:34
*** pglass has quit IRC08:48
*** woodster_ has quit IRC09:01
*** chlong_afk has quit IRC09:03
*** SheenaG has joined #openstack-barbican11:56
*** darrenmoffat has quit IRC11:59
*** darrenmoffat has joined #openstack-barbican12:00
*** nickrmc84 has joined #openstack-barbican12:00
*** nickrmc83 has quit IRC12:02
*** shohel has quit IRC12:04
*** shohel has joined #openstack-barbican12:04
*** shohel has quit IRC12:11
*** kfarr has joined #openstack-barbican12:12
*** shohel has joined #openstack-barbican12:27
*** nickrmc84 has quit IRC12:55
*** nickrmc83 has joined #openstack-barbican12:56
*** shohel has quit IRC12:56
*** shohel has joined #openstack-barbican12:58
*** nickrmc83 has quit IRC13:02
*** shohel has quit IRC13:06
*** shohel has joined #openstack-barbican13:18
*** nkinder__ has quit IRC13:23
*** alee has joined #openstack-barbican13:24
*** stanzi has joined #openstack-barbican13:43
openstackgerritJohn Wood proposed openstack/barbican-specs: Add List of Group-IDs to ACL for Secrets/Containers  https://review.openstack.org/19107613:51
*** woodster_ has joined #openstack-barbican13:51
*** jaosorior has joined #openstack-barbican14:02
*** SheenaG has quit IRC14:03
*** pglass has joined #openstack-barbican14:04
jvrbanacredrobot, could you workflow this spec: https://review.openstack.org/#/c/186562/ Since I wasn't at the summit and not apart of the discussions, I don't feel super comfortable workflowing a CR for specs14:08
redrobotjvrbanac sure thing... looking...14:08
*** shohel has quit IRC14:10
*** kfox1111 has joined #openstack-barbican14:11
*** shohel has joined #openstack-barbican14:15
*** stanzi has quit IRC14:17
*** stanzi has joined #openstack-barbican14:18
*** nkinder__ has joined #openstack-barbican14:20
openstackgerritMerged openstack/barbican-specs: Add Quota support for Barbican resources  https://review.openstack.org/18656214:21
*** SheenaG has joined #openstack-barbican14:27
*** silos has joined #openstack-barbican14:27
jvrbanacredrobot, thx14:33
*** shohel has quit IRC14:35
*** stanzi has quit IRC14:42
*** stanzi has joined #openstack-barbican14:46
*** kfarr has quit IRC14:48
openstackgerritKaitlin Farr proposed openstack/castellan: Add Barbican key manager  https://review.openstack.org/17191814:48
*** kfarr has joined #openstack-barbican14:49
*** kebray has joined #openstack-barbican14:51
*** rellerreller has joined #openstack-barbican14:51
*** kebray has quit IRC14:51
*** zz_dimtruck is now known as dimtruck14:54
*** kebray has joined #openstack-barbican14:56
openstackgerritKaitlin Farr proposed openstack/castellan: Add Barbican key manager  https://review.openstack.org/17191815:08
*** kfarr has quit IRC15:12
kfox1111so... what exactly is castellan15:16
kfox1111?15:16
kfox1111It looks like it may be an alternate python-barbicanclient?15:19
*** xaeth_afk is now known as xaeth15:34
redrobotkfox1111 kinda15:36
redrobotkfox1111 it's a key manager interface, with pluggable backends.  It's meant for app developers who don't want to commit to Barbican being the only key manager.15:37
redrobotkfox1111 some folks won't have Barbican in their cloud, so they may want to talk to another key manager directly.15:38
redrobotkfox1111 also useful for environments with compliance requirements prohibit Barbican use.  e.g. a cloud that needs a FIPS compliant key manager.15:38
redrobotkfox1111 it helps to think of castellan as a would be "oslo.key_manager"15:41
*** stanzi has quit IRC15:48
*** stanzi has joined #openstack-barbican15:49
kfox1111ah. ok. that makes sense.15:50
*** shohel has joined #openstack-barbican15:50
kfox1111so its intended to run in vm's as well as on clients?15:50
*** stanzi_ has joined #openstack-barbican15:51
kfox1111Just trying to see if I should pull kfarr into the nova instance vm spec review.15:51
*** stanzi has quit IRC15:53
*** shohel has quit IRC15:56
rellerrellerkfox1111 think of Castellan an interface15:59
*** Daviey has joined #openstack-barbican15:59
rellerrellerkfox1111 it provides a KeyManager interface under which different implementations will sit, like python-barbicanclient15:59
rellerrellerkfox1111 so Castellan itself does not run anything. It provides an abstraction to make calls out to different key managers like Barbican, KMIP, PKCS#1116:00
rellerrellerkfox1111 could you send a link out to the Nova instance VM spec? kfarr works with me, and now you have interested me in this spec.16:01
*** stanzi_ has quit IRC16:06
kfox1111Sure. :)  https://review.openstack.org/#/c/18661716:07
kfox1111Castellan running in the instance could use that mechanism to get credentials to talk to Barbican.16:08
kfox1111It wouldn't have anything specific to any cloud in it, so it could be baked into the cloud image.16:10
*** diazjf has joined #openstack-barbican16:11
diazjfrellerreller ping16:12
rellerrellerdiazjf poing16:13
rellerrellerpong16:13
diazjfhey I've been working with Silos on Barbican development and was wondering if you guys still needed to be able to store opaque secrets into KMIP servers16:14
rellerrellerdiazjf I think it would help.16:15
diazjfperfect, I'm gonna writre up a Blueprint16:15
diazjfany past dev on this?16:15
rellerrellerdiazjf Are you talking about the Barbican side or the KMIP side?16:16
rellerrellerdiazjf I plan to implement support for opaque data objects over the next week. That is the last type for me to implement :)16:16
diazjfBarbican side :)16:17
rellerrellerdiazjf Once that is implemented then all of the secret types will be supported by the KMIP secret store16:17
diazjfohh cool, was just wondering what I could work on to get a head start in Barbican community dev16:18
rellerrellerdiazjf I should note that not all KMIP server support opaque objects. The spec is a bit weird with regards to this.16:18
rellerrellerdiazjf We have actually found a low percentage support them.16:19
rellerrellerdiazjf Nothing comes to mind off the top of my head. I'm working on the last of the secret types in KMIP secret store.16:19
diazjfno problem was just wondering.16:20
diazjfAnything on rekeying that the Barbican community?16:20
rellerrellerdiazjf If I think of anything then I will let you know.16:20
diazjfok perfect16:20
*** shohel has joined #openstack-barbican16:23
redrobotdiazjf we do have a bunch of Wishlist items if you're looking for something to work on: https://bugs.launchpad.net/barbican16:24
*** gyee_ has joined #openstack-barbican16:28
*** xaeth is now known as xaeth_afk16:41
diazjfredrobot thanks16:43
openstackgerritKaitlin Farr proposed openstack/castellan: Add Barbican key manager  https://review.openstack.org/17191816:47
*** stanzi has joined #openstack-barbican16:50
*** stanzi has quit IRC16:51
*** stanzi has joined #openstack-barbican16:52
*** stanzi_ has joined #openstack-barbican16:53
*** stanzi has quit IRC16:53
*** stanzi_ has quit IRC17:08
*** jaosorior has quit IRC17:15
*** stanzi has joined #openstack-barbican17:22
*** gyee_ has quit IRC17:23
*** stanzi has quit IRC17:27
*** stanzi has joined #openstack-barbican17:30
*** shohel has quit IRC17:33
*** stanzi has quit IRC17:34
*** stanzi has joined #openstack-barbican17:34
*** stanzi has quit IRC17:38
*** stanzi has joined #openstack-barbican17:51
*** kebray has quit IRC17:53
*** kebray has joined #openstack-barbican17:53
*** xaeth_afk is now known as xaeth17:53
*** stanzi has quit IRC17:54
*** stanzi_ has joined #openstack-barbican17:54
*** gyee_ has joined #openstack-barbican17:57
*** everjeje has quit IRC17:57
*** stanzi_ has quit IRC17:59
*** stanzi has joined #openstack-barbican18:00
*** silos has quit IRC18:00
*** silos has joined #openstack-barbican18:00
*** stanzi_ has joined #openstack-barbican18:20
*** stanzi has quit IRC18:23
*** stanzi_ has quit IRC18:34
*** stanzi has joined #openstack-barbican18:35
jkfGreetings, are there any known issues surrounding migrating from the Juno to Kilo stable versions?18:47
jkfI'm currently seeing kek validation failures with the simple crypto plugin after migrating.18:47
jkfThe project kek that is.18:48
jkfHere's some log output from the failure I'm seeing... http://paste.openstack.org/show/5bNqGy6phvfO4u7i5CbK/18:49
* kfox1111 breaks down and cries.19:02
kfox1111going back around the loop all over again... :/19:02
kfox1111keystone folks are starting talking about wanting to use trusts and forcing every secret to have its own keystone project. :/19:02
*** stanzi has quit IRC19:17
*** stanzi has joined #openstack-barbican19:17
*** stanzi has quit IRC19:17
*** stanzi has joined #openstack-barbican19:18
redrobotjkf are you running master or the kilo point release?19:38
jkfThe head of the stable/kilo branch.19:38
redrobotkfox1111 IRC or ML?19:38
kfox1111irc.19:41
kfox1111he's going to think about it more though.19:41
*** stanzi has quit IRC19:42
openstackgerritNathan Reller proposed openstack/barbican: Added certificate support to KMIP secret store  https://review.openstack.org/19029919:52
*** insequent has quit IRC20:07
*** dabukalam has quit IRC20:07
*** redrobot has quit IRC20:07
*** insequent has joined #openstack-barbican20:07
*** redrobot has joined #openstack-barbican20:08
*** redrobot is now known as Guest6707420:08
*** dabukalam has joined #openstack-barbican20:09
*** stanzi has joined #openstack-barbican20:12
*** silos has left #openstack-barbican20:14
*** stanzi has quit IRC20:21
*** stanzi has joined #openstack-barbican20:23
*** greghaynes has quit IRC20:27
openstackgerritKevin Fox proposed openstack/barbican-specs: Container ACL and Fetch API  https://review.openstack.org/19040420:38
*** stanzi has quit IRC20:43
*** alee has quit IRC20:48
*** gyee_ has quit IRC21:33
*** xaeth is now known as xaeth_afk21:35
-openstackstatus- NOTICE: Gerrit will be offline for project renames between 22:00 and 22:30 UTC21:41
*** ChanServ changes topic to "Gerrit will be offline for project renames between 22:00 and 22:30 UTC"21:41
*** nkinder__ has quit IRC21:42
*** darrenmoffat has quit IRC21:54
*** darrenmoffat has joined #openstack-barbican21:54
*** darrenmoffat has quit IRC21:56
*** diazjf has left #openstack-barbican21:57
*** darrenmoffat has joined #openstack-barbican21:57
-openstackstatus- NOTICE: Gerrit is offline for project renames. ETA 20:3022:02
*** ChanServ changes topic to "Gerrit is offline for project renames. ETA 20:30"22:02
*** pglass has quit IRC22:05
*** dimtruck is now known as zz_dimtruck22:06
-openstackstatus- NOTICE: Gerrit is offline for project renames. ETA 22:4022:07
*** ChanServ changes topic to "Gerrit is offline for project renames. ETA 22:40"22:07
*** darrenmoffat has quit IRC22:15
*** stanzi has joined #openstack-barbican22:21
*** stanzi has quit IRC22:29
*** darrenmoffat has joined #openstack-barbican22:39
*** ChanServ changes topic to "Gerrit is offline for project renames. ETA 20:30"22:41
-openstackstatus- NOTICE: Gerrit is back online. Zuul reconfiguration for renamed projects is still in progress, ETA 23:30.22:41
*** ChanServ changes topic to "OpenStack Barbican development"22:49
*** arunkant has quit IRC22:56
*** arunkant has joined #openstack-barbican22:56
*** kfarr has joined #openstack-barbican23:08
*** openstackgerrit has quit IRC23:22
*** openstackgerrit has joined #openstack-barbican23:22

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!