| *** zz_dimtruck is now known as dimtruck | 00:10 | |
| *** dimtruck is now known as zz_dimtruck | 01:01 | |
| *** zz_dimtruck is now known as dimtruck | 01:06 | |
| *** jorge_munoz has quit IRC | 02:28 | |
| *** jorge_munoz has joined #openstack-barbican | 02:54 | |
| *** gyee has quit IRC | 02:57 | |
| *** dimtruck is now known as zz_dimtruck | 03:00 | |
| *** woodster_ has quit IRC | 03:09 | |
| *** permalac has quit IRC | 04:25 | |
| *** permalac has joined #openstack-barbican | 04:26 | |
| *** jaosorior has joined #openstack-barbican | 04:55 | |
| *** pcaruana has quit IRC | 05:01 | |
| *** jorge_munoz_ has joined #openstack-barbican | 05:09 | |
| *** jorge_munoz has quit IRC | 05:10 | |
| *** jorge_munoz_ is now known as jorge_munoz | 05:10 | |
| -openstackstatus- NOTICE: zuul is being restarted to reload configuration. Jobs should be re-enqueued but if you're missing anything (and it's not on http://status.openstack.org/zuul/) please issue a recheck in 30min. | 05:23 | |
| *** jsheeren has joined #openstack-barbican | 06:06 | |
| *** jorge_munoz has quit IRC | 06:34 | |
| *** f13o has joined #openstack-barbican | 06:47 | |
| *** f13o has quit IRC | 06:55 | |
| *** pcaruana has joined #openstack-barbican | 07:24 | |
| *** jorge_munoz has joined #openstack-barbican | 07:42 | |
| *** jorge_munoz has quit IRC | 07:50 | |
| *** jsheeren has quit IRC | 08:10 | |
| *** jsheeren has joined #openstack-barbican | 08:10 | |
| *** openstackgerrit has quit IRC | 08:18 | |
| *** openstackgerrit has joined #openstack-barbican | 08:18 | |
| *** permalac has quit IRC | 08:40 | |
| *** ntpttr has quit IRC | 08:51 | |
| *** ntpttr has joined #openstack-barbican | 08:58 | |
| *** permalac has joined #openstack-barbican | 10:53 | |
| *** jaosorior has quit IRC | 11:28 | |
| *** jaosorior has joined #openstack-barbican | 11:29 | |
| *** jaosorior has quit IRC | 11:33 | |
| *** jaosorior has joined #openstack-barbican | 11:33 | |
| *** jsheeren_ has joined #openstack-barbican | 12:32 | |
| *** jsheeren has quit IRC | 12:32 | |
| *** woodster_ has joined #openstack-barbican | 12:36 | |
| *** zz_dimtruck is now known as dimtruck | 12:41 | |
| jaosorior | alee: ping | 13:20 |
|---|---|---|
| alee | jaosorior, yo | 13:20 |
| jaosorior | alee: Hey dude, I did the missing stuff from the barbican integration to tripleo | 13:21 |
| jaosorior | but | 13:21 |
| jaosorior | we need an RPM for puppet-barbican | 13:21 |
| alee | jaosorior, hey - I see you did some stuff :) | 13:21 |
| jaosorior | once that's done we can get it working in CI | 13:21 |
| alee | jaosorior, catching up on what you've done .. looks great :) | 13:22 |
| alee | jaosorior, is the absence of the rpm the reason the centos 7 gate fails? | 13:23 |
| jaosorior | alee: yes | 13:25 |
| alee | jaosorior, nice work , dude! | 13:25 |
| jaosorior | alee: It can't find the ::barbican puppet class because there is no RPM | 13:25 |
| jaosorior | alee: we can test it locally without the RPM though. But yeah, just a heads up that it will be needed anyway | 13:25 |
| alee | jaosorior, ok -- do you know where the spec files for the puppet modules live? | 13:26 |
| alee | jaosorior, we should be able to whip one together pretty quick | 13:26 |
| jaosorior | alee: No but I can figure that out | 13:26 |
| jaosorior | can you log into the #tripleo channel? | 13:27 |
| alee | jaosorior, yup -- joining | 13:27 |
| *** jsheeren_ has quit IRC | 13:34 | |
| *** jsheeren has joined #openstack-barbican | 13:35 | |
| tinwood | hello. I'd like to ask what HSM's that the barbican project is developing against? I tried to integrate SoftHSM2 (as an example) but ran into an OpenSSL < 1.0.2h issue on Ubuntu Xenial (16.04) which is missing an AES_WRAP_PAD function. Thanks. | 14:00 |
| *** dimtruck is now known as zz_dimtruck | 14:04 | |
| woodster_ | redrobot: alee jaosorior ^^^^ Rackspace is using safenet HSMs. The default plugin is an insecure one. Redhat uses Dogtag. Are you guys aware of folks using softHSMs? | 14:04 |
| tinwood | Thanks woodster_ | 14:05 |
| jaosorior | woodster_: no idea dude. should be possible I guess if the softHSM supports PKCS11 | 14:05 |
| jaosorior | tinwood: I reocmmend Dogtag tough :D | 14:05 |
| jaosorior | *recommend | 14:05 |
| tinwood | jaosorior, woodster_ SoftHSM2 isn't able to work yet (on Ubuntu anyway) as the OpenSSL library is 1.0.2g and that's missing the WRAP_PAD function that secret.store() eventually askes for. | 14:05 |
| tinwood | so safenet and dogtag atm/so far? | 14:06 |
| woodster_ | tinwood: is there a workaround? It'd be good to have that available | 14:07 |
| jaosorior | or ping canonical to update? | 14:07 |
| woodster_ | tinwood: there is also KMIP support | 14:08 |
| tinwood | woodster_, I filed a bug 1611393 for it. (disclaimer - I work for Canonical in the Openstack charms team) | 14:08 |
| openstack | bug 1611393 in OpenStack Barbican SoftHSM Charm "barbican + SoftHSM2 + openssl-1.0.2g missing EVP_aes_128_wrap_pad()" [Undecided,New] https://launchpad.net/bugs/1611393 | 14:08 |
| woodster_ | tinwood: ah cool | 14:09 |
| *** catintheroof has joined #openstack-barbican | 14:09 | |
| woodster_ | tinwood: we've considered using softHSM in a gate job in the past | 14:09 |
| tinwood | woodster_, jaosorior what we'd really like to do it to set it up in our lab with a real HSM as that's what actual customers would do; hence my query on what's being used in anger. | 14:10 |
| tinwood | woodster_, I also ran into an interesting configuration problem that required "WSGIApplicationGroup %{GLOBAL}" in the the barbican-api.conf file - it was to do with uwsgi and sub-interpreters + the C bindings to the library. | 14:11 |
| *** beisner has joined #openstack-barbican | 14:11 | |
| *** edtubill has joined #openstack-barbican | 14:12 | |
| jaosorior | alee ^^ Know anything about that? | 14:12 |
| woodster_ | tinwood: redrobot would be able to give details on safenet, but the recent PKCS11 plugin changes have been in support of that | 14:16 |
| woodster_ | tinwood: we also use gunicorn internally now fwiw | 14:17 |
| jaosorior | we use apache | 14:17 |
| * woodster_ don't recall reason for switch | 14:17 | |
| *** jsheeren has quit IRC | 14:18 | |
| *** jsheeren has joined #openstack-barbican | 14:18 | |
| tinwood | woodster_, jaosorior I think we pull the debian packages, test them. They are Apache + WSGI (I think my uwsgi comment is in error). | 14:19 |
| tinwood | woodster_, jaosorior anyway, thanks for the info on HSMs - we're definitely keen to get something set up, so we'll be testing with Barbican going forward. | 14:20 |
| jaosorior | nice! :D | 14:22 |
| woodster_ | That is nice, thanks! | 14:24 |
| *** zz_dimtruck is now known as dimtruck | 14:43 | |
| *** randallburt has joined #openstack-barbican | 14:47 | |
| *** randallburt1 has joined #openstack-barbican | 14:49 | |
| *** randallburt has quit IRC | 14:52 | |
| *** jsheeren has quit IRC | 14:57 | |
| *** dimtruck is now known as zz_dimtruck | 15:06 | |
| *** zz_dimtruck is now known as dimtruck | 15:06 | |
| *** david-lyle has quit IRC | 15:12 | |
| *** david-lyle has joined #openstack-barbican | 15:12 | |
| *** dimtruck is now known as zz_dimtruck | 15:15 | |
| *** zz_dimtruck is now known as dimtruck | 15:16 | |
| *** spotz_zzz is now known as spotz | 15:22 | |
| *** haplo37__ has joined #openstack-barbican | 15:29 | |
| *** dimtruck is now known as zz_dimtruck | 15:34 | |
| *** diazjf has joined #openstack-barbican | 15:41 | |
| *** zz_dimtruck is now known as dimtruck | 15:45 | |
| *** pcaruana has quit IRC | 16:29 | |
| *** jaosorior has quit IRC | 16:29 | |
| *** dave-mccowan has joined #openstack-barbican | 16:30 | |
| *** diazjf has quit IRC | 16:38 | |
| *** diazjf has joined #openstack-barbican | 16:54 | |
| diazjf | tinwood, I tried getting SoftHSM to work a while ago with no success. https://review.openstack.org/#/c/311571/ I think I will continue to work on it during the midcycle. | 17:03 |
| diazjf | tinwood, SoftHSMv2 would be great to integrate to a gate for testing, but shouldn't be used in Prod | 17:04 |
| diazjf | alee, could you point me towards the triple-o barbican integration items, I'd like to take a look | 17:04 |
| *** diazjf1 has joined #openstack-barbican | 17:13 | |
| *** diazjf1 has quit IRC | 17:15 | |
| *** diazjf has quit IRC | 17:16 | |
| *** woodster_ has quit IRC | 17:39 | |
| *** diazjf has joined #openstack-barbican | 18:22 | |
| *** catintheroof has quit IRC | 18:34 | |
| alee | diazjf, https://review.openstack.org/#/c/352447 and https://review.openstack.org/#/c/352458/ | 18:38 |
| diazjf | alee, awesome thanks! | 18:39 |
| alee | diazjf, np | 18:39 |
| *** panatl has quit IRC | 18:45 | |
| *** panatl has joined #openstack-barbican | 18:47 | |
| *** panatl has quit IRC | 18:48 | |
| *** woodster_ has joined #openstack-barbican | 19:13 | |
| *** diazjf has quit IRC | 19:26 | |
| *** jsheeren has joined #openstack-barbican | 19:26 | |
| *** diazjf has joined #openstack-barbican | 19:39 | |
| *** diazjf has quit IRC | 19:48 | |
| *** haplo37__ has quit IRC | 20:07 | |
| *** diazjf has joined #openstack-barbican | 20:27 | |
| *** diazjf has quit IRC | 20:37 | |
| *** diazjf has joined #openstack-barbican | 20:39 | |
| *** michauds has joined #openstack-barbican | 20:40 | |
| openstackgerrit | Arun Kant proposed openstack/barbican: Checking barbican resource id in URI is a valid uuid https://review.openstack.org/353744 | 21:31 |
| *** edtubill has quit IRC | 21:49 | |
| *** michauds has quit IRC | 22:13 | |
| *** diazjf has quit IRC | 22:15 | |
| *** diazjf has joined #openstack-barbican | 22:19 | |
| *** diazjf1 has joined #openstack-barbican | 22:19 | |
| *** diazjf1 has quit IRC | 22:21 | |
| *** diazjf has quit IRC | 22:23 | |
| *** dimtruck is now known as zz_dimtruck | 22:31 | |
| *** spotz is now known as spotz_zzz | 22:44 | |
| *** randallburt1 has quit IRC | 23:23 | |
| *** chlong|mtg has quit IRC | 23:31 | |
| *** zz_dimtruck is now known as dimtruck | 23:44 | |
| *** woodster_ has quit IRC | 23:49 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!