*** namnh has quit IRC | 00:17 | |
*** abishop has joined #openstack-barbican | 00:36 | |
*** v1k0d3n has quit IRC | 00:57 | |
*** namnh has joined #openstack-barbican | 00:59 | |
*** v1k0d3n has joined #openstack-barbican | 01:04 | |
*** namnh has quit IRC | 01:04 | |
*** openstackgerrit has quit IRC | 01:06 | |
*** abishop has quit IRC | 01:17 | |
*** phuongnh has joined #openstack-barbican | 01:23 | |
*** namnh has joined #openstack-barbican | 01:44 | |
*** openstackgerrit has joined #openstack-barbican | 02:39 | |
openstackgerrit | Lingxian Kong proposed openstack/barbican master: Use absolute path for vault root token file in devstack https://review.openstack.org/591551 | 02:39 |
---|---|---|
openstackgerrit | Lingxian Kong proposed openstack/barbican master: Use absolute path for vault root token file in devstack https://review.openstack.org/591551 | 02:43 |
*** namnh has quit IRC | 03:40 | |
*** dave-mccowan has quit IRC | 04:12 | |
*** phuongnh has quit IRC | 06:29 | |
*** pcaruana has joined #openstack-barbican | 06:44 | |
*** salmankhan has joined #openstack-barbican | 07:29 | |
*** salmankhan has quit IRC | 07:33 | |
*** sapcc-bot1 has quit IRC | 07:42 | |
*** sapcc-bot2 has quit IRC | 07:51 | |
openstackgerrit | Lingxian Kong proposed openstack/barbican master: Use absolute path for vault root token file in devstack https://review.openstack.org/591551 | 07:55 |
*** openstackstatus has quit IRC | 08:12 | |
*** serlex has joined #openstack-barbican | 08:17 | |
*** jaosorior has quit IRC | 08:53 | |
*** salmankhan has joined #openstack-barbican | 09:10 | |
*** salmankhan1 has joined #openstack-barbican | 09:15 | |
*** salmankhan has quit IRC | 09:16 | |
*** salmankhan1 is now known as salmankhan | 09:16 | |
*** openstackstatus has joined #openstack-barbican | 09:40 | |
*** ChanServ sets mode: +v openstackstatus | 09:40 | |
*** jaosorior has joined #openstack-barbican | 10:51 | |
*** jaosorior has quit IRC | 11:17 | |
*** jaosorior has joined #openstack-barbican | 11:17 | |
*** serlex has quit IRC | 11:24 | |
ade_lee | #startmeeting barbican | 12:00 |
openstack | Meeting started Tue Aug 14 12:00:14 2018 UTC and is due to finish in 60 minutes. The chair is ade_lee. Information about MeetBot at http://wiki.debian.org/MeetBot. | 12:00 |
openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 12:00 |
openstack | The meeting name has been set to 'barbican' | 12:00 |
redrobot | o/ | 12:00 |
ade_lee | #topic roll call | 12:00 |
redrobot | 👋 | 12:00 |
ade_lee | redrobot, hey | 12:00 |
ade_lee | anyone else joining? jaosorior , lxkong ? | 12:01 |
lxkong | hey, i'm here | 12:02 |
ade_lee | hey :) | 12:02 |
ade_lee | ok - lets get started then .. | 12:02 |
ade_lee | #topic rocky | 12:02 |
ade_lee | ok - so we have cut an rc1 for rocky as of yesterday | 12:03 |
ade_lee | we're hoping that this will be the only release candidate, though of course there is provision for more rc if needed | 12:04 |
*** serlex has joined #openstack-barbican | 12:04 | |
ade_lee | but the assumption is that anything not essential is going to be in stein | 12:04 |
ade_lee | I did put in a FFE exception for castellan -- not sure where it is right now. | 12:05 |
ade_lee | (this is for the review that allows asymmetric key generation) | 12:05 |
lxkong | i saw your email, but i think it depends on if we really need asymmetric key generation | 12:06 |
lxkong | in rocky | 12:06 |
lxkong | for vault... | 12:06 |
jaosorior | I'm around | 12:07 |
ade_lee | right - it will be up to oslo config guys to decide fi they want to add it at this stage or not. | 12:07 |
jaosorior | ade_lee: I guess you gotta poke bnemec about that | 12:07 |
ade_lee | jaosorior, yeah , I'll do that | 12:07 |
ade_lee | it will be nice to have in so that we have fairly complete vault plugin right out the gate. | 12:08 |
lxkong | true | 12:08 |
ade_lee | but I guess it wouldn't be the end of the world if its not there | 12:08 |
lxkong | we are going to use vault, but in the first step, we only need secret store | 12:08 |
ade_lee | ack. | 12:09 |
lxkong | i mean, use vault as barbican backend plugin | 12:09 |
ade_lee | yup | 12:09 |
ade_lee | one thing I need to do is create a cycle-highlights text to indicate the achievements of the rcokcy cycle | 12:10 |
ade_lee | I'll do that later today and circulate it on the irc channel | 12:10 |
ade_lee | any other comments on rocky? | 12:10 |
ade_lee | #topic PTG | 12:11 |
ade_lee | any of you guys planning to be at the PTG in Denver? | 12:11 |
lxkong | i won't be there | 12:11 |
ade_lee | ok, we will be sharing the room with the security SIG, so we need to come up with a rough agenda /schedule | 12:13 |
* ade_lee trying to create an etherpad .. | 12:13 | |
ade_lee | https://etherpad.openstack.org/p/barbican-stein-ptg is a blank etherpad right now | 12:14 |
ade_lee | I suggest we put the things in there we want to discuss. | 12:14 |
ade_lee | lxkong, if you's like to attend , we can open up a phone line too | 12:15 |
jaosorior | lxkong: are you gonna use the vault plugin in production? | 12:15 |
ade_lee | but lets start putting these things in this week please. | 12:15 |
redrobot | I might want to dial in for some of the Castellan talks | 12:15 |
lxkong | jaosorior: yeah...any problem? | 12:15 |
lxkong | ade_lee: thanks, i will try to | 12:16 |
redrobot | lxkong, I would not recommend Vault backend for prod until we sort out Policy | 12:16 |
ade_lee | redrobot, ack -- please add any castellan stuff you want disuceed to the etherpad | 12:16 |
jaosorior | lxkong: yeah, was gonna mention somehting along the lines of redrobot's concerns. | 12:16 |
jaosorior | lxkong: any idea how you're gonna handle policy for Vault? | 12:17 |
lxkong | redrobot, jaosorior do you mean it's not appropriate to use root token in the config file? | 12:17 |
redrobot | lxkong, currently the Vault plugin requires a master token, which is a security concern IMO | 12:17 |
redrobot | lxkong, correct | 12:17 |
lxkong | redrobot: yeah, we know that | 12:17 |
jaosorior | lxkong: weeeell, it's all up to your requirements :D not very recommended...but you could use that | 12:17 |
redrobot | also I'd like to see it use longer paths rather than store everything in the root | 12:18 |
lxkong | maybe we will use approle + secret + token, but it's not decided yet | 12:18 |
lxkong | too complex | 12:18 |
ade_lee | redrobot, jaosorior lxkong has volunteered to maintain the vault plugin - so he would be one of the guys to help fix the policy :) | 12:19 |
jaosorior | excellent :D | 12:19 |
ade_lee | tbh - this sounds like a perfect candidate for a stein spec - and a discussion point at the PTG .. nudge nudge .. | 12:20 |
* lxkong ndoes | 12:20 | |
* lxkong nodes | 12:20 | |
* lxkong nods | 12:20 | |
lxkong | shit... | 12:20 |
ade_lee | :) | 12:20 |
jaosorior | lol | 12:20 |
redrobot | 😂 | 12:20 |
lxkong | too late for me | 12:20 |
lxkong | 00:21AM | 12:21 |
lxkong | or too early | 12:21 |
ade_lee | any other comments on PTG ? | 12:21 |
ade_lee | perfect segue to next topic .. | 12:22 |
ade_lee | #topic stein | 12:22 |
ade_lee | long live rocky! long live stein .. | 12:22 |
ade_lee | time to start getting specs in | 12:22 |
jaosorior | would be nice to drop these time based releases to be honest | 12:22 |
jaosorior | Barbican doesn't have a lot of traffic and all they do is make barbican development harder than it needs to be | 12:23 |
ade_lee | I have at least one in the pipeline .. https://review.openstack.org/586606 | 12:23 |
ade_lee | and it sounds like we could use at least one more from lxkong on vault policy | 12:24 |
redrobot | ade_lee, oh geeze, is that for the CVE we found back in Barcelona? | 12:24 |
redrobot | I'll work on a Policy spec | 12:24 |
ade_lee | and I plan to add one for allowing changing ownership of secrets | 12:24 |
ade_lee | cool | 12:24 |
ade_lee | yeah it is | 12:24 |
ade_lee | a lot of this pre-supposes we get the OVO work done though | 12:25 |
ade_lee | in any case, lets get those specs in and start getting comments and reviews -- I | 12:26 |
ade_lee | m going to start tracking those in meetings from next week. | 12:26 |
ade_lee | jaosorior, yeah - its a bit of a pain - but I'm not sure what to do about it .. the release process is not overly crazy though | 12:27 |
redrobot | oh another Stein thing, we should definitely clean up the content-types stuff... currently it does not comply to the RFC | 12:27 |
jaosorior | ade_lee: it's not about the release process but about it's overall effect on development. But I guess tihs is not the right place to discuss it :) | 12:28 |
ade_lee | redrobot, please add spec/ptg item | 12:28 |
ade_lee | jaosorior, yup | 12:28 |
ade_lee | other stein items include -- finishing the ovo work | 12:29 |
jaosorior | are we tracking the ovo work somewhere? | 12:29 |
ade_lee | namh has taken it far, but we're going to need some volunterrs to get it finished off | 12:29 |
ade_lee | namh is creating a trello board to show where the remaining work is. | 12:30 |
ade_lee | I plan to work with him on that - and then we'll discuss and get some volunteers. | 12:30 |
ade_lee | also, for stein, maybe micro versioning the API | 12:31 |
ade_lee | coz some of the specs envision some API changes | 12:31 |
ade_lee | It would also be great for us to have a gate against softHSM -- to test the pkcs11 plugin | 12:33 |
*** raildo has joined #openstack-barbican | 12:33 | |
ade_lee | right now, lots of work is going on to getthe pkcs11 plugin to work with HSMs like Thales and ATOS for instance, but there is no upstream gate | 12:33 |
redrobot | +1 softhsm gate | 12:33 |
redrobot | also, it seems we're running legacy gates, not whatever is current? | 12:34 |
ade_lee | +1 to evaulate current gates | 12:34 |
ade_lee | including for instance the kmip gate -- which is sadly still broken .. | 12:35 |
ade_lee | ok -- anything else for stein/ptg? | 12:35 |
lxkong | ade_lee: i'm wondering why we are not using uuid for CLI output? | 12:36 |
lxkong | any plan to change this? | 12:36 |
ade_lee | lxkong, actually yes :) | 12:36 |
ade_lee | https://review.openstack.org/588104 | 12:37 |
lxkong | ade_lee: nice | 12:37 |
ade_lee | didn't make cutoff for rocky - but will be in stein .. | 12:37 |
redrobot | lxkong, also | 12:37 |
redrobot | #link https://storyboard.openstack.org/#!/story/2002754 | 12:37 |
lxkong | ade_lee: i'll have a review | 12:37 |
ade_lee | lxkong, excellent | 12:38 |
ade_lee | I'll add to the ptg discussion too -coz we do need to clean that up | 12:38 |
ade_lee | redrobot, jaosorior - that change could do with some reviews too.. | 12:39 |
ade_lee | (and its needed for octavia folks) | 12:39 |
*** jaosorior has quit IRC | 12:39 | |
ade_lee | anything else for stein? | 12:39 |
ade_lee | #topic open discussion | 12:40 |
ade_lee | anyone got anything else to discuss? | 12:41 |
ade_lee | alrighty then! thanks for the great discussion guys == lxkong have a good nights sleep :) | 12:42 |
ade_lee | see ya'll online | 12:42 |
lxkong | ade_lee: thanks i do need a sleep :-) | 12:42 |
ade_lee | #endmeeting | 12:42 |
openstack | Meeting ended Tue Aug 14 12:42:46 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 12:42 |
openstack | Minutes: http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-08-14-12.00.html | 12:42 |
openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-08-14-12.00.txt | 12:42 |
openstack | Log: http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-08-14-12.00.log.html | 12:42 |
*** dave-mccowan has joined #openstack-barbican | 12:43 | |
ade_lee | dave-mccowan, yo | 12:43 |
dave-mccowan | ade_lee good morning | 12:43 |
ade_lee | dave-mccowan, you just missed the barbican meeting :/ | 12:43 |
dave-mccowan | :-( | 12:44 |
ade_lee | dave-mccowan, you going to be at PTG? | 12:44 |
dave-mccowan | no | 12:44 |
ade_lee | bummer .. no more trains for you .. | 12:45 |
dave-mccowan | i just saw the email about sessions at summit | 12:45 |
dave-mccowan | w00t! | 12:45 |
ade_lee | well - check out the meeting minutes - we have some discussions on stein work and ptg discussions | 12:46 |
ade_lee | dave-mccowan, have not checked it out yet .. looking | 12:46 |
ade_lee | w00t! | 12:47 |
ade_lee | dave-mccowan, 2 for 2 | 12:47 |
ade_lee | dave-mccowan, gonna be a busy summit - with project updates/onbaording too | 12:48 |
* ade_lee humming "I like Berlin in the spring time .." | 12:49 | |
ade_lee | dave-mccowan, gotta pack up and head into the office -- but we need to chat later to start planning :) | 12:50 |
dave-mccowan | sounds good. i'll catch up on the meeting minutes and we can sync later. | 12:51 |
*** abishop has joined #openstack-barbican | 12:55 | |
*** raildo_ has joined #openstack-barbican | 13:09 | |
*** raildo has quit IRC | 13:10 | |
*** ade_lee has quit IRC | 13:13 | |
*** jaosorior has joined #openstack-barbican | 13:44 | |
*** pbourke has quit IRC | 13:54 | |
*** ade_lee has joined #openstack-barbican | 13:54 | |
*** pbourke has joined #openstack-barbican | 13:55 | |
*** pcaruana has quit IRC | 16:02 | |
*** ducnv_ has joined #openstack-barbican | 16:13 | |
*** ducnv_ has quit IRC | 16:14 | |
*** ducnv_ has joined #openstack-barbican | 16:14 | |
*** mmethot has quit IRC | 16:41 | |
*** serlex has quit IRC | 16:56 | |
openstackgerrit | Nam Nguyen Hoai proposed openstack/barbican master: Adding the unit-tests of OVO for Barbican [2] https://review.openstack.org/578337 | 17:24 |
openstackgerrit | Merged openstack/barbican master: Use absolute path for vault root token file in devstack https://review.openstack.org/591551 | 17:30 |
openstackgerrit | Merged openstack/barbican master: Update reno for stable/rocky https://review.openstack.org/591514 | 17:30 |
*** ducnv_ has quit IRC | 17:32 | |
*** abishop has quit IRC | 17:53 | |
*** salmankhan has quit IRC | 18:07 | |
*** abishop has joined #openstack-barbican | 19:01 | |
*** jaosorior has quit IRC | 19:45 | |
*** jaosorior has joined #openstack-barbican | 19:58 | |
*** salmankhan has joined #openstack-barbican | 20:20 | |
*** rmascena__ has joined #openstack-barbican | 20:32 | |
*** rmascena__ has quit IRC | 20:35 | |
*** raildo_ has quit IRC | 20:35 | |
*** rmascena__ has joined #openstack-barbican | 20:35 | |
*** abishop has quit IRC | 20:44 | |
*** jaosorior has quit IRC | 20:56 | |
*** rmascena__ has quit IRC | 20:59 | |
*** salmankhan has quit IRC | 21:23 | |
*** salmankhan has joined #openstack-barbican | 21:24 | |
*** salmankhan has quit IRC | 22:04 | |
*** ade_lee has quit IRC | 22:29 | |
openstackgerrit | Nam Nguyen Hoai proposed openstack/barbican master: Adding the unit-tests of OVO for Barbican [2] https://review.openstack.org/578337 | 23:10 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!