Tuesday, 2018-09-25

« Monday, 2018-09-24 Index Wednesday, 2018-09-26 »
*** zigo has quit IRC00:05
*** hongbin has joined #openstack-meeting-301:00
*** tsmith2 has quit IRC01:03
*** jamesmcarthur has joined #openstack-meeting-301:28
*** iyamahat_ has joined #openstack-meeting-301:32
*** jamesmcarthur has quit IRC01:33
*** yamahata has quit IRC01:34
*** iyamahat has quit IRC01:35
*** iyamahat_ has quit IRC01:41
*** iyamahat has joined #openstack-meeting-301:41
*** iyamahat has quit IRC01:46
*** iyamahat has joined #openstack-meeting-301:48
*** diablo_rojo has quit IRC01:48
*** iyamahat_ has joined #openstack-meeting-302:16
*** iyamahat has quit IRC02:19
*** jamesmcarthur has joined #openstack-meeting-302:35
*** iyamahat_ has quit IRC02:36
*** psachin has joined #openstack-meeting-302:43
*** jamesmcarthur has quit IRC03:23
*** jamesmcarthur has joined #openstack-meeting-303:24
*** jamesmcarthur has quit IRC03:28
*** e0ne has joined #openstack-meeting-304:28
*** hongbin has quit IRC04:33
*** yamamoto has quit IRC04:46
*** yamamoto has joined #openstack-meeting-304:46
*** e0ne has quit IRC04:51
*** e0ne has joined #openstack-meeting-305:09
*** e0ne has quit IRC05:10
*** pcaruana has joined #openstack-meeting-305:41
*** iyamahat has joined #openstack-meeting-305:48
*** belmoreira has joined #openstack-meeting-305:59
*** yamahata has joined #openstack-meeting-306:05
*** slaweq has joined #openstack-meeting-306:18
*** yamahata has quit IRC06:28
*** Luzi has joined #openstack-meeting-306:53
*** lpetrut has joined #openstack-meeting-306:54
*** lpetrut has quit IRC06:56
*** lpetrut has joined #openstack-meeting-306:56
*** slaweq has quit IRC06:58
*** slaweq has joined #openstack-meeting-307:11
*** slaweq has quit IRC07:16
*** iyamahat has quit IRC07:27
*** psachin has quit IRC07:41
*** alexchadin has joined #openstack-meeting-307:42
*** psachin has joined #openstack-meeting-307:49
*** e0ne has joined #openstack-meeting-307:52
*** e0ne has quit IRC07:53
*** jamesmcarthur has joined #openstack-meeting-308:09
*** jamesmcarthur has quit IRC08:13
*** jamesmcarthur has joined #openstack-meeting-308:30
*** jamesmcarthur has quit IRC08:34
*** slaweq has joined #openstack-meeting-308:49
*** jamesmcarthur has joined #openstack-meeting-308:50
*** jamesmcarthur has quit IRC08:55
*** e0ne has joined #openstack-meeting-308:59
*** jamesmcarthur has joined #openstack-meeting-309:11
*** alexchadin has quit IRC09:12
*** alexchadin has joined #openstack-meeting-309:16
*** jamesmcarthur has quit IRC09:16
*** tssurya has joined #openstack-meeting-309:17
*** pbourke has quit IRC09:21
*** pbourke has joined #openstack-meeting-309:22
*** jamesmcarthur has joined #openstack-meeting-309:32
*** jamesmcarthur has quit IRC09:36
*** e0ne has quit IRC10:12
*** jamesmcarthur has joined #openstack-meeting-310:13
*** jamesmcarthur has quit IRC10:17
*** yamamoto has quit IRC10:32
*** jamesmcarthur has joined #openstack-meeting-310:34
*** jamesmcarthur has quit IRC10:38
*** alexchadin has quit IRC10:52
*** yamamoto has joined #openstack-meeting-310:57
*** e0ne has joined #openstack-meeting-310:58
*** pcaruana has quit IRC11:15
*** jamesmcarthur has joined #openstack-meeting-311:15
*** jamesmcarthur has quit IRC11:20
*** e0ne_ has joined #openstack-meeting-311:22
*** e0ne has quit IRC11:25
*** alexchadin has joined #openstack-meeting-311:56
*** jamesmcarthur has joined #openstack-meeting-311:57
*** jamesmcarthur has quit IRC12:01
*** psachin has quit IRC12:07
*** raildo has joined #openstack-meeting-312:12
*** yamamoto has quit IRC12:22
*** lpetrut has quit IRC12:33
*** alexchadin has quit IRC12:36
*** lpetrut has joined #openstack-meeting-312:36
*** alexchadin has joined #openstack-meeting-312:37
*** alexchadin has quit IRC12:37
*** alexchadin has joined #openstack-meeting-312:37
*** alexchadin has quit IRC12:38
*** alexchadin has joined #openstack-meeting-312:38
*** alexchadin has quit IRC12:38
*** alexchadin has joined #openstack-meeting-312:39
*** alexchadin has quit IRC12:39
*** alexchadin has joined #openstack-meeting-312:49
*** alexchadin has quit IRC12:54
*** yamamoto has joined #openstack-meeting-312:59
*** moguimar has quit IRC13:00
*** tssurya has quit IRC13:01
*** tssurya has joined #openstack-meeting-313:01
*** bobh has joined #openstack-meeting-313:03
*** belmoreira has quit IRC13:05
*** moguimar has joined #openstack-meeting-313:13
*** alexchadin has joined #openstack-meeting-313:16
*** yamamoto has quit IRC13:22
*** belmoreira has joined #openstack-meeting-313:29
*** munimeha1 has joined #openstack-meeting-313:37
*** iyamahat has joined #openstack-meeting-313:38
*** yamamoto has joined #openstack-meeting-313:42
*** yamamoto has quit IRC13:42
*** yamamoto has joined #openstack-meeting-313:45
*** hongbin has joined #openstack-meeting-313:57
*** alexchadin has quit IRC14:07
*** e0ne_ has quit IRC14:10
*** e0ne has joined #openstack-meeting-314:10
*** alexchadin has joined #openstack-meeting-314:12
*** alexchadin has quit IRC14:17
*** alexchadin has joined #openstack-meeting-314:19
*** mjturek has joined #openstack-meeting-314:25
*** Luzi has quit IRC14:33
*** alexchadin has quit IRC14:57
*** redrobot has joined #openstack-meeting-314:58
moguimarping dhellmann bnemec redrobot raildo15:00
bnemeco/15:00
raildo#startmeeting oslo-config-plaintext-secrets15:00
openstackMeeting started Tue Sep 25 15:00:12 2018 UTC and is due to finish in 60 minutes.  The chair is raildo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: oslo-config-plaintext-secrets)"15:00
openstackThe meeting name has been set to 'oslo_config_plaintext_secrets'15:00
raildo#link https://etherpad.openstack.org/p/oslo-config-plaintext-secrets15:00
moguimarwaaa15:00
moguimarraildo was faster than me this time with the link xD15:00
raildo:)15:01
redroboto/15:01
raildoI think we can getting it started15:02
raildo#topic PTG feedback15:03
*** openstack changes topic to "PTG feedback (Meeting topic: oslo-config-plaintext-secrets)"15:03
raildobnemec, dhellmann how was the PTG for you guys?15:03
bnemecGood. I think we had some useful discussions.15:03
raildoany discussion/updates about this topic on Denver?15:03
*** david-lyle has quit IRC15:04
*** lpetrut has quit IRC15:04
bnemecYes, although I think it mostly consisted of "this is happening, next step is implementation of the castellan driver".15:04
bnemecOh, we did decide to continue deferring the issue of mutability too.15:05
*** dklyle has joined #openstack-meeting-315:05
bnemecBasically we're going to ignore it until someone complains. :-)15:05
*** jamesmcarthur has joined #openstack-meeting-315:05
raildobnemec, yeah, that makes sense for now :) let's keep that in mind to add a note for that in the castellan driver docs later15:05
moguimarsounds like a plan15:05
raildoin the tripleO side, I was remotely in the meeting, tripleo folks liked the idea of having that as a driver for castellan, but they think that we still a bit raw with the implementation details15:06
raildoand I kinda agree with that :)15:07
raildofor example, we should avoid duplicating the secrets in other places (like heat or ansible) where it could end up unencrypted, even using the castellan driver15:07
raildoto fix that one of the ideas was to bring up a temporary instance of Vault where we would store all the sensitive data, and eventually copy the encrypted database to the overcloud15:08
raildobut it's something that we'll need to spend more time during this release, and start writing some PoC for TripleO, so we can understand more how it will works15:09
raildoanything else on this topic?15:10
moguimarsounds good to me15:10
raildo#topic (moguimar) Castellan driver15:11
*** openstack changes topic to "(moguimar) Castellan driver (Meeting topic: oslo-config-plaintext-secrets)"15:11
moguimarthe driver works15:11
moguimarI'm trying to write some unit tests to it15:11
moguimarto make sure it keeps working and to have a notion of code coverage15:12
bnemec+100015:12
moguimarI'm confident with the vault part of castellan15:12
moguimarstill reading the barbican bits15:13
raildoso... one of the ideas that we had was to write a gate job with some functional tests for it. how feasible it will be to write some functional tests for it?15:13
moguimaridk, haven't write any functional tests at all so far15:14
moguimarso I can't estimate15:14
raildoare we able to create a simple vault server using tempest stuff or having barbican running on tempest?15:14
moguimarcastellan has a vault functional test15:14
moguimarand it uses pifpaf to run the vault server15:15
raildoI would love to have an idea on how we can test this driver over tempest before merge it, since we can set some next steps for a gate job for castellan during this release15:16
redrobotso Castellan doesn't have any functional gates at the moment15:16
redrobotthe Barbican team agreed to set one up during the PTG15:16
raildoredrobot, is there any specific reason?15:16
raildoah, great15:16
redrobotso I'll be helping make that happen15:16
redrobotI think for sure we'll want a Vault gate15:16
redrobotand probably a Barbican gate as well15:17
redrobotfor Castellan->Barbican15:17
moguimarI'm also planning on adding a new param for a prefix in the secret id15:17
moguimarwill I need a spec for that?15:17
raildoredrobot, yeah, that will bring more confidence to justify the driver work when we start working in the tripleo side of this feature15:17
moguimarright now, the secret_id is generated by uuid15:17
redrobotmoguimar, seems like the kind of change that would be good to flesh out on a spec15:18
moguimarI just need some more reading on the barbican bits of castellan15:18
moguimarit is feasible on vault15:18
raildomoguimar, yeah, that's like the pattern across generation of ids across the openstack services15:18
moguimarif it is feasible as well in barbican I will write it15:18
raildowhat reason this prefix will be needed for?15:19
moguimarso the key_manager.store() returns the secret_id15:19
moguimarand the idiea is to have key_manager.store(prefix="node_xyz_")15:20
moguimarto get a secret_id like "node_xyz_891273123"15:20
raildoso... shouldn't we create a resource node over secret and collect that date over there? usually I'm against to have any kind of useful data over the ids15:21
raildothat why we use uuid, so it'll be a totally random number15:21
moguimarthe prefix could also be the node id15:22
raildobut, let's write some spec about it, and we can keep the discussion over there :) sounds like something useful15:22
moguimarit would reduce the policy files size having a single policy for all secrets from one node15:23
moguimarinstead of a policy for each secret of that node15:23
moguimarthat's all on my end15:24
moguimarfor this topic15:24
raildo#action moguimar will write up a spec about adding a new param for a prefix in the secret id for castellan15:25
raildo#topic Getting back to our weekly meeting or should we keep as a bi-weekly meeting?15:25
*** openstack changes topic to "Getting back to our weekly meeting or should we keep as a bi-weekly meeting? (Meeting topic: oslo-config-plaintext-secrets)"15:25
moguimarif feasible in the barbican side as well15:25
moguimar+1 weekly15:25
raildothe topic already say everything15:25
raildoany other thoughts?15:27
raildoI'd rather the weekly meetings as well, just trying to have the everyone's opinion on it :)15:28
moguimarredrobot bnemec dhellmann15:28
moguimar+1 weekly or +1 biweekly15:28
bnemecI don't have a strong preference. If you think it would be helpful to meet every week that's fine with me.15:28
raildolet's come back to the weekly meetings, if we notice that we don't have enough topics to be discussing in 30 min, we can push it for bi-weekly again15:30
redrobotWeekly seems like a good cadence to stay on the same page. 🤷15:30
moguimarsame feelings redrobot15:30
moguimaror we can just skip one week15:30
moguimarwe've done that once15:30
raildoalso, I already updated our meeting's invite to be weekly, so you guys should receive the notification every week :)15:31
moguimarthen if we keep skipping, we talk about going biweekly again15:31
raildo#topic Open Discussion15:31
*** openstack changes topic to "Open Discussion (Meeting topic: oslo-config-plaintext-secrets)"15:31
moguimarnone on my end15:31
raildoanything else?15:31
*** yamamoto has quit IRC15:31
*** yamamoto has joined #openstack-meeting-315:32
raildook, so thank you all for you time, have an amazing week everyone!15:32
raildo#endmeeting15:32
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:32
openstackMeeting ended Tue Sep 25 15:32:39 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:32
openstackMinutes:        http://eavesdrop.openstack.org/meetings/oslo_config_plaintext_secrets/2018/oslo_config_plaintext_secrets.2018-09-25-15.00.html15:32
moguimaro/15:32
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/oslo_config_plaintext_secrets/2018/oslo_config_plaintext_secrets.2018-09-25-15.00.txt15:32
openstackLog:            http://eavesdrop.openstack.org/meetings/oslo_config_plaintext_secrets/2018/oslo_config_plaintext_secrets.2018-09-25-15.00.log.html15:32
*** yamamoto has quit IRC15:32
*** e0ne has quit IRC15:37
*** yamamoto has joined #openstack-meeting-315:44
*** yamamoto has quit IRC15:49
*** belmoreira has quit IRC15:52
*** yamahata has joined #openstack-meeting-315:52
*** bobh_ has joined #openstack-meeting-316:03
*** bobh has quit IRC16:06
*** pcaruana has joined #openstack-meeting-316:07
*** yamamoto has joined #openstack-meeting-316:21
*** iyamahat has quit IRC16:33
*** yamahata has quit IRC16:33
*** dklyle has quit IRC16:40
*** dklyle has joined #openstack-meeting-316:44
*** iyamahat has joined #openstack-meeting-316:50
*** yamahata has joined #openstack-meeting-316:51
*** diablo_rojo has joined #openstack-meeting-317:12
*** jamesmcarthur has quit IRC17:21
*** jamesmcarthur has joined #openstack-meeting-317:34
*** jamesmcarthur has quit IRC17:46
*** tssurya has quit IRC17:51
*** jamesmcarthur has joined #openstack-meeting-317:55
*** macza has joined #openstack-meeting-318:11
*** raildo_ has joined #openstack-meeting-318:53
*** raildo has quit IRC18:55
*** bobh_ has quit IRC18:55
*** bobh has joined #openstack-meeting-318:56
*** bobh has quit IRC19:01
*** toabctl has quit IRC19:05
*** bobh has joined #openstack-meeting-319:11
*** bobh has quit IRC19:15
*** jamesmcarthur has quit IRC19:29
*** e0ne has joined #openstack-meeting-319:41
*** bobh has joined #openstack-meeting-319:44
*** e0ne has quit IRC20:05
*** e0ne has joined #openstack-meeting-320:19
*** pcaruana has quit IRC20:43
*** e0ne has quit IRC20:43
*** raildo_ has quit IRC21:17
*** slaweq has quit IRC21:27
*** slaweq has joined #openstack-meeting-321:27
*** bobh has quit IRC21:31
*** munimeha1 has quit IRC22:03
*** bobh has joined #openstack-meeting-322:23
*** jamesmcarthur has joined #openstack-meeting-322:23
*** dklyle has quit IRC22:48
*** bobh has quit IRC23:08
*** jamesmcarthur has quit IRC23:10
*** macza has quit IRC23:17
*** macza has joined #openstack-meeting-323:17
*** macza has quit IRC23:22
*** hongbin has quit IRC23:27
*** mjturek has quit IRC23:42
« Monday, 2018-09-24 Index Wednesday, 2018-09-26 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!