Tuesday, 2018-08-14

*** namnh has quit IRC00:17
*** abishop has joined #openstack-barbican00:36
*** v1k0d3n has quit IRC00:57
*** namnh has joined #openstack-barbican00:59
*** v1k0d3n has joined #openstack-barbican01:04
*** namnh has quit IRC01:04
*** openstackgerrit has quit IRC01:06
*** abishop has quit IRC01:17
*** phuongnh has joined #openstack-barbican01:23
*** namnh has joined #openstack-barbican01:44
*** openstackgerrit has joined #openstack-barbican02:39
openstackgerritLingxian Kong proposed openstack/barbican master: Use absolute path for vault root token file in devstack  https://review.openstack.org/59155102:39
openstackgerritLingxian Kong proposed openstack/barbican master: Use absolute path for vault root token file in devstack  https://review.openstack.org/59155102:43
*** namnh has quit IRC03:40
*** dave-mccowan has quit IRC04:12
*** phuongnh has quit IRC06:29
*** pcaruana has joined #openstack-barbican06:44
*** salmankhan has joined #openstack-barbican07:29
*** salmankhan has quit IRC07:33
*** sapcc-bot1 has quit IRC07:42
*** sapcc-bot2 has quit IRC07:51
openstackgerritLingxian Kong proposed openstack/barbican master: Use absolute path for vault root token file in devstack  https://review.openstack.org/59155107:55
*** openstackstatus has quit IRC08:12
*** serlex has joined #openstack-barbican08:17
*** jaosorior has quit IRC08:53
*** salmankhan has joined #openstack-barbican09:10
*** salmankhan1 has joined #openstack-barbican09:15
*** salmankhan has quit IRC09:16
*** salmankhan1 is now known as salmankhan09:16
*** openstackstatus has joined #openstack-barbican09:40
*** ChanServ sets mode: +v openstackstatus09:40
*** jaosorior has joined #openstack-barbican10:51
*** jaosorior has quit IRC11:17
*** jaosorior has joined #openstack-barbican11:17
*** serlex has quit IRC11:24
ade_lee#startmeeting barbican12:00
openstackMeeting started Tue Aug 14 12:00:14 2018 UTC and is due to finish in 60 minutes.  The chair is ade_lee. Information about MeetBot at http://wiki.debian.org/MeetBot.12:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.12:00
openstackThe meeting name has been set to 'barbican'12:00
redroboto/12:00
ade_lee#topic roll call12:00
redrobot👋12:00
ade_leeredrobot, hey12:00
ade_leeanyone else joining?  jaosorior , lxkong ?12:01
lxkonghey, i'm here12:02
ade_leehey :)12:02
ade_leeok - lets get started then ..12:02
ade_lee#topic rocky12:02
ade_leeok - so we have cut an rc1  for rocky as of yesterday12:03
ade_leewe're hoping that this will be the only release candidate, though of course there is provision for more rc if needed12:04
*** serlex has joined #openstack-barbican12:04
ade_leebut the assumption is that anything not essential is going to be in stein12:04
ade_leeI did put in a FFE exception for castellan -- not sure where it is right now.12:05
ade_lee(this is for the review that allows asymmetric key generation)12:05
lxkongi saw your email, but i think it depends on if we really need asymmetric key generation12:06
lxkongin rocky12:06
lxkongfor vault...12:06
jaosoriorI'm around12:07
ade_leeright - it will be up to oslo config guys to decide fi they want to add it at this stage or not.12:07
jaosoriorade_lee: I guess you gotta poke bnemec about that12:07
ade_leejaosorior, yeah , I'll do that12:07
ade_leeit will be nice to have in so that we have  fairly complete vault plugin right out the gate.12:08
lxkongtrue12:08
ade_leebut I guess it wouldn't be the end of the world if its not there12:08
lxkongwe are going to use vault, but in the first step, we only need secret store12:08
ade_leeack.12:09
lxkongi mean, use vault as barbican backend plugin12:09
ade_leeyup12:09
ade_leeone thing I need to do is create a cycle-highlights text to indicate the achievements of the rcokcy cycle12:10
ade_leeI'll do that later today and circulate it on the irc channel12:10
ade_leeany other comments on rocky?12:10
ade_lee#topic PTG12:11
ade_leeany of you guys planning to be at the PTG in Denver?12:11
lxkongi won't be there12:11
ade_leeok, we will be sharing the room with the security SIG, so we need to come up with a rough agenda /schedule12:13
* ade_lee trying to create an etherpad ..12:13
ade_leehttps://etherpad.openstack.org/p/barbican-stein-ptg  is a blank etherpad right now12:14
ade_leeI suggest we put the things in there we want to discuss.12:14
ade_leelxkong, if you's like to attend , we can open up a phone line too12:15
jaosoriorlxkong: are you gonna use the vault plugin in production?12:15
ade_leebut lets start putting these things in this week please.12:15
redrobotI might want to dial in for some of the Castellan talks12:15
lxkongjaosorior: yeah...any problem?12:15
lxkongade_lee: thanks, i will try to12:16
redrobotlxkong, I would not recommend Vault backend for prod until we sort out Policy12:16
ade_leeredrobot, ack -- please add any castellan stuff you want disuceed to the etherpad12:16
jaosoriorlxkong: yeah, was gonna mention somehting along the lines of redrobot's concerns.12:16
jaosoriorlxkong: any idea how you're gonna handle policy for Vault?12:17
lxkongredrobot, jaosorior do you mean it's not appropriate to use root token in the config file?12:17
redrobotlxkong, currently the Vault plugin requires a master token, which is a security concern IMO12:17
redrobotlxkong, correct12:17
lxkongredrobot: yeah, we know that12:17
jaosoriorlxkong: weeeell, it's all up to your requirements :D not very recommended...but you could use that12:17
redrobotalso I'd like to see it use longer paths rather than store everything in the root12:18
lxkongmaybe we will use approle + secret + token, but it's not decided yet12:18
lxkongtoo complex12:18
ade_leeredrobot, jaosorior lxkong has volunteered to maintain the vault plugin - so he would be one of the guys to help fix the policy :)12:19
jaosoriorexcellent :D12:19
ade_leetbh - this sounds like a perfect candidate for a stein spec - and a discussion point at the PTG .. nudge nudge ..12:20
* lxkong ndoes12:20
* lxkong nodes12:20
* lxkong nods12:20
lxkongshit...12:20
ade_lee:)12:20
jaosoriorlol12:20
redrobot😂12:20
lxkongtoo late for me12:20
lxkong00:21AM12:21
lxkongor too early12:21
ade_leeany other comments on PTG ?12:21
ade_leeperfect segue to next topic ..12:22
ade_lee#topic stein12:22
ade_leelong live rocky! long live stein ..12:22
ade_leetime to start getting specs in12:22
jaosoriorwould be nice to drop these time based releases to be honest12:22
jaosoriorBarbican doesn't have a lot of traffic and all they do is make barbican development harder than it needs to be12:23
ade_leeI have at least one in the pipeline .. https://review.openstack.org/58660612:23
ade_leeand it sounds like we could use at least one more from lxkong on vault policy12:24
redrobotade_lee, oh geeze, is that for the CVE we found back in Barcelona?12:24
redrobotI'll work on a Policy spec12:24
ade_leeand I plan to add one for allowing changing ownership of secrets12:24
ade_leecool12:24
ade_leeyeah it is12:24
ade_leea lot of this pre-supposes we get the OVO work done though12:25
ade_leein any case, lets get those specs in and start getting comments and reviews -- I12:26
ade_leem going to start tracking those in meetings from next week.12:26
ade_leejaosorior, yeah - its a bit of a pain - but I'm not sure what to do about it .. the release process is not overly crazy though12:27
redrobotoh another Stein thing, we should definitely clean up the content-types stuff... currently it does not comply to the RFC12:27
jaosoriorade_lee: it's not about the release process but about it's overall effect on development. But I guess tihs is not the right place to discuss it :)12:28
ade_leeredrobot, please add spec/ptg item12:28
ade_leejaosorior, yup12:28
ade_leeother stein items include -- finishing the ovo work12:29
jaosoriorare we tracking the ovo work somewhere?12:29
ade_leenamh has taken it far, but we're going to need some volunterrs to get it finished off12:29
ade_leenamh is creating a trello board to show where the remaining work is.12:30
ade_leeI plan to work with him on that - and then we'll discuss and get some volunteers.12:30
ade_leealso, for stein, maybe micro versioning the API12:31
ade_leecoz some of the specs envision some API changes12:31
ade_leeIt would also be great for us to have a gate against softHSM -- to test the pkcs11 plugin12:33
*** raildo has joined #openstack-barbican12:33
ade_leeright now, lots of work is going on to getthe pkcs11 plugin to work with HSMs like Thales and ATOS for instance, but there is no upstream gate12:33
redrobot+1 softhsm gate12:33
redrobotalso, it seems we're running legacy gates, not whatever is current?12:34
ade_lee+1 to evaulate current gates12:34
ade_leeincluding for instance the kmip gate -- which is sadly still broken ..12:35
ade_leeok -- anything else for stein/ptg?12:35
lxkongade_lee: i'm wondering why we are not using uuid for CLI output?12:36
lxkongany plan to change this?12:36
ade_leelxkong, actually yes :)12:36
ade_leehttps://review.openstack.org/58810412:37
lxkongade_lee: nice12:37
ade_leedidn't make cutoff for rocky - but will be in stein ..12:37
redrobotlxkong, also12:37
redrobot#link https://storyboard.openstack.org/#!/story/200275412:37
lxkongade_lee: i'll have a review12:37
ade_leelxkong, excellent12:38
ade_leeI'll add to the ptg discussion too -coz we do need to clean that up12:38
ade_leeredrobot, jaosorior - that change could do with some reviews too..12:39
ade_lee(and its needed for octavia folks)12:39
*** jaosorior has quit IRC12:39
ade_leeanything else for stein?12:39
ade_lee#topic open discussion12:40
ade_leeanyone got anything else to discuss?12:41
ade_leealrighty then!  thanks for the great discussion guys == lxkong have a good nights sleep :)12:42
ade_leesee ya'll online12:42
lxkongade_lee: thanks i do need a sleep :-)12:42
ade_lee#endmeeting12:42
openstackMeeting ended Tue Aug 14 12:42:46 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)12:42
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-08-14-12.00.html12:42
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-08-14-12.00.txt12:42
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-08-14-12.00.log.html12:42
*** dave-mccowan has joined #openstack-barbican12:43
ade_leedave-mccowan, yo12:43
dave-mccowanade_lee good morning12:43
ade_leedave-mccowan, you just missed the barbican meeting :/12:43
dave-mccowan:-(12:44
ade_leedave-mccowan, you going to be at PTG?12:44
dave-mccowanno12:44
ade_leebummer .. no more trains for you ..12:45
dave-mccowani just saw the email about sessions at summit12:45
dave-mccowanw00t!12:45
ade_leewell - check out the meeting minutes - we have some discussions on stein work and ptg discussions12:46
ade_leedave-mccowan, have not checked it out yet .. looking12:46
ade_leew00t!12:47
ade_leedave-mccowan, 2 for 212:47
ade_leedave-mccowan, gonna be a busy summit - with project updates/onbaording too12:48
* ade_lee humming "I like Berlin in the spring time .."12:49
ade_leedave-mccowan, gotta pack up and head into the office -- but we need to chat later to start planning :)12:50
dave-mccowansounds good.  i'll catch up on the meeting minutes and we can sync later.12:51
*** abishop has joined #openstack-barbican12:55
*** raildo_ has joined #openstack-barbican13:09
*** raildo has quit IRC13:10
*** ade_lee has quit IRC13:13
*** jaosorior has joined #openstack-barbican13:44
*** pbourke has quit IRC13:54
*** ade_lee has joined #openstack-barbican13:54
*** pbourke has joined #openstack-barbican13:55
*** pcaruana has quit IRC16:02
*** ducnv_ has joined #openstack-barbican16:13
*** ducnv_ has quit IRC16:14
*** ducnv_ has joined #openstack-barbican16:14
*** mmethot has quit IRC16:41
*** serlex has quit IRC16:56
openstackgerritNam Nguyen Hoai proposed openstack/barbican master: Adding the unit-tests of OVO for Barbican [2]  https://review.openstack.org/57833717:24
openstackgerritMerged openstack/barbican master: Use absolute path for vault root token file in devstack  https://review.openstack.org/59155117:30
openstackgerritMerged openstack/barbican master: Update reno for stable/rocky  https://review.openstack.org/59151417:30
*** ducnv_ has quit IRC17:32
*** abishop has quit IRC17:53
*** salmankhan has quit IRC18:07
*** abishop has joined #openstack-barbican19:01
*** jaosorior has quit IRC19:45
*** jaosorior has joined #openstack-barbican19:58
*** salmankhan has joined #openstack-barbican20:20
*** rmascena__ has joined #openstack-barbican20:32
*** rmascena__ has quit IRC20:35
*** raildo_ has quit IRC20:35
*** rmascena__ has joined #openstack-barbican20:35
*** abishop has quit IRC20:44
*** jaosorior has quit IRC20:56
*** rmascena__ has quit IRC20:59
*** salmankhan has quit IRC21:23
*** salmankhan has joined #openstack-barbican21:24
*** salmankhan has quit IRC22:04
*** ade_lee has quit IRC22:29
openstackgerritNam Nguyen Hoai proposed openstack/barbican master: Adding the unit-tests of OVO for Barbican [2]  https://review.openstack.org/57833723:10

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!