Monday, 2015-06-15

*** kebray has quit IRC00:09
*** nkinder__ has joined #openstack-barbican00:44
*** dimtruck is now known as zz_dimtruck00:50
*** zz_dimtruck is now known as dimtruck00:58
*** nkinder__ has quit IRC01:15
*** woodster_ has joined #openstack-barbican01:27
*** dimtruck is now known as zz_dimtruck01:56
*** kebray has joined #openstack-barbican02:27
*** nkinder__ has joined #openstack-barbican02:29
*** zz_dimtruck is now known as dimtruck02:44
*** kfarr has joined #openstack-barbican02:54
openstackgerritOpenStack Proposal Bot proposed openstack/barbican: Updated from global requirements  https://review.openstack.org/19155903:22
*** kfarr has left #openstack-barbican03:23
*** kfarr1 has joined #openstack-barbican03:32
*** dimtruck is now known as zz_dimtruck03:58
*** kfarr1 has quit IRC04:09
*** elmiko has joined #openstack-barbican04:39
*** kebray has quit IRC05:43
*** nickrmc83 has joined #openstack-barbican05:59
*** shohel has joined #openstack-barbican06:54
*** woodster_ has quit IRC07:21
*** chlong has quit IRC07:34
*** everjeje has quit IRC07:57
*** jorge_munoz has quit IRC08:26
*** jorge_munoz has joined #openstack-barbican08:28
*** shohel1 has joined #openstack-barbican09:31
*** shohel has quit IRC09:31
*** shohel1 has quit IRC09:36
*** shohel has joined #openstack-barbican09:50
*** shohel has quit IRC10:13
*** shohel has joined #openstack-barbican10:14
*** shohel1 has joined #openstack-barbican10:15
*** shohel has quit IRC10:15
*** nickrmc84 has joined #openstack-barbican12:05
*** nickrmc83 has quit IRC12:06
*** shohel1 has quit IRC12:13
*** chlong has joined #openstack-barbican12:20
*** kfarr has joined #openstack-barbican12:30
*** shohel has joined #openstack-barbican12:34
*** woodster_ has joined #openstack-barbican12:45
*** nelsnelson has joined #openstack-barbican12:58
*** nelsnelson has quit IRC12:58
*** jaosorior has joined #openstack-barbican13:10
*** nickrmc84 has quit IRC13:17
*** SheenaG1 has quit IRC13:21
*** nickrmc83 has joined #openstack-barbican13:30
*** zz_dimtruck is now known as dimtruck14:11
*** pglass has joined #openstack-barbican14:14
*** Kevin_Bishop has joined #openstack-barbican14:21
*** openstackgerrit has quit IRC14:24
*** rellerreller has joined #openstack-barbican14:24
*** openstackgerrit has joined #openstack-barbican14:24
*** xaeth_afk is now known as xaeth14:29
*** elmiko has quit IRC14:33
openstackgerritNathan Reller proposed openstack/barbican: Added certificate support to KMIP secret store  https://review.openstack.org/19029914:34
*** silos has joined #openstack-barbican14:34
openstackgerritMerged openstack/barbican: Updated from global requirements  https://review.openstack.org/19155914:37
*** SheenaG has joined #openstack-barbican14:44
*** kebray has joined #openstack-barbican14:52
*** kebray has quit IRC14:56
*** diazjf has joined #openstack-barbican14:56
*** kfox1111_ has quit IRC15:13
*** igueths has joined #openstack-barbican15:14
*** kebray has joined #openstack-barbican15:15
*** kebray has quit IRC15:21
*** rellerreller_ has joined #openstack-barbican15:28
*** rellerreller has quit IRC15:31
*** kebray has joined #openstack-barbican15:37
*** kebray has quit IRC15:42
*** jaosorior has quit IRC15:45
*** kfox1111 has joined #openstack-barbican15:49
*** nkinder__ has quit IRC15:50
*** kebray has joined #openstack-barbican15:50
*** stanzi has joined #openstack-barbican15:53
*** stanzi has quit IRC15:59
*** stanzi has joined #openstack-barbican15:59
*** Guest67074 is now known as redrobot16:02
*** nickrmc83 has quit IRC16:03
kfox1111the nova guys would be much more comfortable with the instance user if barbican folks would weigh in.16:08
kfox1111can you please?16:08
kfox1111https://review.openstack.org/#/c/18661716:08
kfox1111the keystone core's don't even seem to fully understand how other openstack projects have been using keystone for over a year. :/16:09
*** stanzi has quit IRC16:09
*** stanzi has joined #openstack-barbican16:14
openstackgerritNathan Reller proposed openstack/barbican: Added passphrase support to KMIP secret store  https://review.openstack.org/19152716:17
*** stanzi has quit IRC16:20
*** shohel has quit IRC16:28
*** diazjf1 has joined #openstack-barbican16:29
*** diazjf has quit IRC16:29
*** gyee_ has joined #openstack-barbican16:30
*** kebray has quit IRC16:31
*** diazjf1 has quit IRC16:31
*** stanzi has joined #openstack-barbican16:33
*** kfarr1 has joined #openstack-barbican16:44
*** kfarr has quit IRC16:47
openstackgerritKaitlin Farr proposed openstack/castellan: Add managed objects hierarchy  https://review.openstack.org/19188416:54
openstackgerritKaitlin Farr proposed openstack/castellan: Add managed objects hierarchy  https://review.openstack.org/19188416:56
openstackgerritJohn Wood proposed openstack/barbican-specs: Add List of Group-IDs to ACL for Secrets/Containers  https://review.openstack.org/19107616:56
*** elmiko has joined #openstack-barbican16:57
*** shohel has joined #openstack-barbican16:58
*** kfarr1 has quit IRC16:58
*** kfarr has joined #openstack-barbican17:14
*** elmiko has quit IRC17:23
*** stanzi has quit IRC17:27
*** crc32 has joined #openstack-barbican17:27
*** kfarr has quit IRC17:30
*** rellerreller_ has quit IRC17:33
*** stanzi has joined #openstack-barbican17:34
*** stanzi has quit IRC17:34
*** crc32 has quit IRC17:35
kfox1111Has Barbican and Designate talked through how https certs should be managed?18:15
kfox1111it would be great if you could issue http certs that matched up with domains you managed through Designate.18:15
chellygelkfox1111, that doesn't sound familiar to me. not sure that discussion has been had... anyone else?18:17
*** kebray has joined #openstack-barbican18:27
kfox1111bummer. :/18:28
*** Kevin_Bishop has quit IRC18:36
*** Kevin_Bishop has joined #openstack-barbican18:37
*** arunkant has joined #openstack-barbican18:47
*** crc32 has joined #openstack-barbican18:58
*** crc32 has quit IRC19:18
*** nkinder__ has joined #openstack-barbican19:20
*** silos has left #openstack-barbican19:22
kfox1111]#@$#(@*!19:28
*** jaosorior has joined #openstack-barbican19:29
kfox1111All the way back around again!19:29
kfox1111"How do you get a keystone secret to a vm so that it can talk to keystone"!19:29
jaosoriorLol seems I arrived at an interesting time19:32
*** stanzi has joined #openstack-barbican19:38
*** silos has joined #openstack-barbican19:44
*** rellerreller has joined #openstack-barbican19:47
*** everjeje has joined #openstack-barbican19:48
*** stanzi has quit IRC19:49
kfox1111ahhhh... ok. I have a path forward.... and interestingly, it involves more barbican! :)19:52
*** kfarr has joined #openstack-barbican19:52
kfox1111So barbican would become an identity provider of Keystone. :)19:53
redrobothmm... interesting19:53
kfox1111Nova would be modified to request pub/priv keys from barbican,19:53
kfox1111with attributes of the username = the instance uuid.19:53
morganfainbergredrobot: kfox1111: thre is a bit more to it than that19:54
morganfainbergyou can use the CA -> keystone mapping engine, would *possibly* just need standard certs19:54
morganfainbergno magic attributes19:54
kfox1111(yeah. just trying to whitle down what Barbican needs to know)19:54
* redrobot makes a note to go read the keystone log19:54
morganfainbergbarbican should need to allow nova user to create a cert from a known CA19:55
kfox1111redrobot: I'm going to update the spec too.19:55
morganfainbergkeystone needs tokenless-auth spec to be implemented19:55
morganfainbergmapping engine (in keystone) configured to map users from that CA to the right place19:55
kfox1111morganfainberg: just to double check, thats happening in Liberty for sure?19:55
morganfainbergkfox1111 it is slated for liberty19:55
kfox1111ok. cool.19:55
morganfainbergnothing is 100% until liberty release though19:55
* morganfainberg dodges19:55
kfox1111fair enough. :)19:55
kfox1111morganfainberg: did you look at the unscoped token spec too. I think that still might help things too.19:56
morganfainbergkfox1111: i'm officially on break this week19:56
kfox1111on the vm -> barbican side.19:56
morganfainbergso....19:56
morganfainbergno19:56
morganfainberg:P19:56
kfox1111ok. :)19:57
kfox1111I'll hit you up next week then. :)19:57
kfox1111sorry to bother you on your vacation.19:57
morganfainbergi just jumped in for that convo so we could head off the "oh hell this wont work or be interoperable" part19:57
kfox1111yeah. I appreciate that.19:57
morganfainbergsince keystone is really really trying to get out of managing any identities directly19:57
kfox1111yeah. I don't blame you. :)19:57
*** stanzi has joined #openstack-barbican19:58
*** stanzi has quit IRC19:58
morganfainbergfocusing on the access management (which is what we're better at anyway) and consuming identity from lots of sources19:59
* redrobot steps away for the weekly meeting19:59
*** stanzi has joined #openstack-barbican19:59
redrobotWeekly meeting is starting now in #openstack-meeting-alt19:59
kfox1111yeah. that should help matters a lot I think.19:59
*** elmiko has joined #openstack-barbican20:01
*** stanzi_ has joined #openstack-barbican20:08
openstackgerritKevin Bishop proposed openstack/barbican: Replace oslo incubator code with oslo_utils  https://review.openstack.org/19196020:09
*** kfarr1 has joined #openstack-barbican20:12
*** kfarr1 has left #openstack-barbican20:12
*** stanzi has quit IRC20:12
*** silos1 has joined #openstack-barbican20:12
*** stanzi_ has quit IRC20:13
*** stanzi has joined #openstack-barbican20:13
*** silos has quit IRC20:15
*** kfarr has quit IRC20:23
*** kebray has quit IRC20:30
*** kfarr has joined #openstack-barbican20:30
*** kfarr_ has joined #openstack-barbican20:33
*** igueths has quit IRC20:37
*** rellerreller has quit IRC20:39
*** silos1 has left #openstack-barbican20:44
*** kebray has joined #openstack-barbican20:46
*** kebray has quit IRC20:47
*** kebray has joined #openstack-barbican20:50
*** elmiko has quit IRC21:00
*** elmiko has joined #openstack-barbican21:04
*** elmiko has quit IRC21:06
*** SheenaG has quit IRC21:35
*** pglass has quit IRC21:45
*** shohel has quit IRC21:57
*** chlong has quit IRC21:57
*** stanzi has quit IRC21:57
*** xaeth is now known as xaeth_afk22:18
*** kebray has quit IRC22:19
*** dimtruck is now known as zz_dimtruck22:29
*** david-lyle has quit IRC22:31
*** SheenaG has joined #openstack-barbican22:31
*** Kevin_Bishop has quit IRC22:32
*** kfarr_ has quit IRC22:36
*** kfarr has left #openstack-barbican22:37
*** kfox1111 has quit IRC22:40
*** stanzi has joined #openstack-barbican22:42
*** darrenmoffat has quit IRC22:42
*** darrenmoffat has joined #openstack-barbican22:43
*** stanzi has quit IRC22:47
*** stanzi has joined #openstack-barbican22:47
*** stanzi has quit IRC23:04
*** jaosorior has quit IRC23:05
*** david-lyle has joined #openstack-barbican23:11
*** kfox1111 has joined #openstack-barbican23:19
*** stanzi has joined #openstack-barbican23:35
*** stanzi has quit IRC23:43
*** stanzi has joined #openstack-barbican23:45
*** chlong has joined #openstack-barbican23:47

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!