20:00:51 <redrobot> #startmeeting barbican
20:00:52 <openstack> Meeting started Mon Mar 17 20:00:51 2014 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:53 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:57 <openstack> The meeting name has been set to 'barbican'
20:01:30 <redrobot> Hi everybody!  Who's here for the Barbican meeting?  Let's see a show of hands
20:01:48 <hockeynut> o/
20:01:57 <jraim> o/
20:02:55 <redrobot> alright then... let's wait a couple of minutes to see if anyone else shows up.
20:02:56 <jvrbanac> o/
20:03:00 <chadlung> o/
20:04:02 <lisaclark1> o/
20:04:32 <redrobot> cool, let's get started then.  I've updated the agenda for today
20:04:35 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
20:04:48 <redrobot> #topic Remove RBAC from Version resource
20:05:19 <redrobot> First up on the agenda is removing RBAC from the version resource
20:05:23 <redrobot> chadlung any updates on that?
20:05:35 <chadlung> yes
20:05:58 <chadlung> I've been troubleshooting Arvind's CR. I think we've isolated the issue.
20:06:37 <chadlung> I also added a Blueprint to specify the overall direction of Versions: https://blueprints.launchpad.net/barbican/+spec/fix-version-api
20:06:55 <redrobot> #link https://blueprints.launchpad.net/barbican/+spec/fix-version-api
20:07:12 <redrobot> is this blueprint separate from arvind's CR?
20:07:28 <woodster1> arvind: your CR will answer the mail on removing RBAC from versions, Chad's bp will address providing version content for that version request
20:07:29 <chadlung> That would sync us up with how other OpenStack projects are handling versioning output (like Nova, Keystone, Manila)
20:07:54 <woodster1> redrobot: so yes, separate blueprint from arvind's CR
20:08:15 <chadlung> That being said, before we work on the versions we probably need to determine if we are sticking with Falcon or moving to Pecan to avoid more effort than needed.
20:08:15 <atiwari> woodster1, sorry I am late
20:08:19 <atiwari> which cr?
20:08:25 <redrobot> #agreed Blueprint will align our version resource with other OpenStack projects
20:08:30 <woodster1> your RBAC removal CR
20:08:39 <atiwari> on version?
20:08:44 <malini> woodster1: greetings, happy to be joining in
20:08:46 <woodster1> yes
20:08:53 <atiwari> ok
20:08:55 <woodster1> malini: welcome back
20:09:00 <malini> :-)
20:09:11 <redrobot> atiwari you didn't miss much. chadlung thinks he may have isolated the issue with the DevStack gate
20:09:26 <woodster1> atiwari: yes, probably just a devstack tweak needed to your CR to make it pass that gate job. Chad is looking at it
20:09:27 <kgriffs> chadlung: sorry for the delay in getting our team's Pecan report out to the mailing list; the individual working on that has been swamped, but we are working hard to get that out today
20:09:28 <redrobot> #agreed We're glad to see malini is back :)
20:09:29 <atiwari> great
20:09:48 <atiwari> hi malini
20:10:20 <redrobot> #action chadlung to work with atiwari to fix gate job issue
20:10:23 <chadlung> kgriffs: no problem
20:10:27 <malini> hello! you guys are too nice.
20:11:08 <woodster1> kgriffs: thanks for helping with that
20:11:21 <redrobot> Any other concerns regarding RBAC and the Version resource or can we move on?
20:12:22 <codekobe> kgriffs looking forward to reading that report
20:12:38 <atiwari> guys, I want to introduce arunkant from my team, he is working on bug/1291073 and secret-isolation-at-user-level bp
20:12:39 <redrobot> ok moving on
20:12:39 <woodster1> atiwari: are you ok with approach on completing your RBAC CR?
20:12:46 <atiwari> sure
20:13:01 <redrobot> nice to e-meet you arunkant
20:13:24 <redrobot> #topic DogTag integration
20:13:59 <arunkant> :-)
20:14:06 <redrobot> I don't see alee here, so I'll update
20:14:35 <redrobot> Working through getting a DogTag plugin, we've decided that we need to change the Crypto plugin interface
20:14:39 <redrobot> #link https://blueprints.launchpad.net/barbican/+spec/update-crypto-plugin-interface
20:15:15 <redrobot> basically this boils down to remove the create() method
20:15:21 <codekobe> reading blueprint
20:15:24 <redrobot> and replace it with a generate() method
20:15:53 <codekobe> so generate is just combining create and encrypt
20:16:01 <codekobe> into a single call
20:16:03 <codekobe> ?
20:16:05 <redrobot> codekobe yes, that's right
20:16:14 <woodster1> so the secret creation/generation will be combined with the encrypt step…so the plain text of generated secret doesn't leave the plugin
20:16:36 <atiwari> as per of api-orders-add-more-types bp I may change the crypto plugin interface
20:16:37 <codekobe> that makes perfect sense
20:16:42 <atiwari> as part
20:17:00 <atiwari> woodster1 ^^^
20:17:34 <redrobot> codekobe also, makes it easier for the DogTag plugin to generate secrets
20:17:49 <redrobot> atiwari do you know what changes are needed?
20:17:58 <codekobe> Where will the dogtag plugin code live?
20:18:09 <atiwari> I will let you gus know in next meeting
20:18:18 <woodster1> atiwari: it would be better to keep as separate CR from the bp I think
20:18:30 <redrobot> #action atiwari may need to change the interface further.  He'll update next week
20:19:10 <redrobot> codekobe currently the idea is that the DogTag plugin will live in the Barbican codebase
20:19:12 <woodster1> atiwari: the crypto plugin change is relatively simple. The bp will be more involved I think
20:19:12 <codekobe> is this for adding the "type"attribute to the orders resource?
20:19:34 <woodster1> codekobe: yes
20:19:42 <atiwari> woodster1, so you want  api-orders-add-more-types and change  crypto plugin interface for api-orders-add-more-types  in two cr?
20:19:51 <atiwari> correct
20:20:13 <woodster1> the plugin interface change is one CR by itself I'd think
20:20:19 <codekobe> redrobot any chance there is a chef cookbook for dogtag
20:20:24 <woodster1> the new orders types work is separate work
20:20:30 <atiwari> ok
20:20:44 <atiwari> so far I was trying add in one
20:20:46 <redrobot> codekobe I haven't found any, so I started one.  Haven't pushed it out to GitHub yet
20:21:06 <codekobe> ok, might be useful for integration testing
20:21:14 <redrobot> codekobe haven't made much progress on it either, so if you're interested I can push up what I have and we can collaborate
20:21:23 <codekobe> yes, please do
20:21:37 <woodster1> atiwari: yeah, the crypto interface change is simple. Teh orders one will be a little more involved I think
20:21:43 <redrobot> #action redrobot will add a chef-dogtag repository to cloudkeep-ops for a DogTag cookbook
20:22:25 <atiwari> woodster1 , that is true but so far I have made changes in one for all
20:22:32 <atiwari> I have to separate them
20:23:06 <codekobe> futture topic suggestion - chef cookbook sin stackforge
20:23:13 <woodster1> atiwari: let's explore that after the meeting in the barbican channel if that's ok
20:23:29 <atiwari> ok
20:23:58 <redrobot> codekobe we can talk about that next.  This is the last topic I have in the agenda
20:24:09 <codekobe> ok redrobot
20:24:19 <redrobot> ok, any other comments/concerns regarding DogTag integration?
20:24:27 <atiwari> gyee, did you push the barbican client v3 sync for review?
20:24:46 <gyee> atiwari, not yet, need to finishup the tests today
20:24:55 <gyee> should be in gerrit later today
20:25:35 <atiwari> ok
20:25:50 <redrobot> ok moving on...
20:26:02 <redrobot> #topic Chef cookbooks in Stackforge
20:26:13 <redrobot> codekobe you wanna talk about this?
20:26:32 <codekobe> So I have noticed there are quite a bit of mature chef cookbooks for deploying openstack services living in stackforge
20:26:54 <codekobe> Is this something that we are expected to do?
20:27:20 <redrobot> good question.  I don't have an answer for that
20:27:37 <redrobot> I was browsing the wiki last night and noticed there's an #openstack-chef channel
20:27:47 <codekobe> i don;t think it would be an urgent action, but it may help get support for allowing these cookbooks to deploy to different platforms
20:27:57 <codekobe> other than just centos
20:28:17 <woodster1> seems like it would make sense to head that way for sure
20:28:47 <redrobot> #agreed We should aim to provide Barbican cookbooks as part of Stackforge Cookbook effort
20:28:49 <woodster1> I don't see any harm in moving to the stackforge org.
20:29:14 <redrobot> codekobe do you want to look into what would be required on our part?
20:29:32 <codekobe> sure, I can look into how the current cookbooks are structured
20:30:13 <woodster1> you could also contact a committer or two on the existing repos to see if they have suggestions
20:30:14 <codekobe> I would like to find some of the other cookbooks building on zuul
20:30:15 <redrobot> #action codekobe will investigate what we will need to contribute to stackforge cookbooks
20:30:36 <redrobot> codekobe cool,  I would also join #openstack-chef and see what those guys are up too
20:30:44 <codekobe> I am not sure how they are doing that because i don't see Rakefiles
20:30:51 <codekobe> but I do see spec tests
20:31:12 <codekobe> sounds good redrobot
20:32:43 <redrobot> alrighty...  anything else on this topic?
20:32:47 <atiwari> yes
20:32:55 <atiwari> all, I also want to introduce gyee in this forum, he is finishing up #link https://blueprints.launchpad.net/barbican/+spec/barbican-client-has-to-be-keystone-v3.0-complaint.
20:33:08 <redrobot> welcome gyee
20:33:11 <woodster1> gyee: thanks!
20:33:25 <gyee> hi, look forward to party with your cool guys
20:33:39 <woodster1> all: please note that the devstack gate check is enabled now on CRs
20:33:48 <redrobot> :D
20:33:51 * redrobot likes to party
20:33:56 <codekobe> lol party time
20:34:06 <woodster1> yes!
20:34:15 <redrobot> oh yes... thanks for bringing that up woodster1
20:34:26 <redrobot> Barbican has two new voting gates now
20:34:30 <malini> gyee, glad to see you on barbican and welcome to arunkant
20:34:39 <redrobot> Python 2.6 and the DevStack gate (previously non-voting)
20:34:40 <malini> this summit big birthday party for barbican
20:34:40 <woodster1> atiwari is familiar with that now :)
20:34:55 <atiwari> chadlung I will ping you after the meeting
20:35:01 <redrobot> #topic New Gerrit gates
20:35:14 <redrobot> #note Gerrit now has a Pyhton 2.6 gate
20:35:25 <redrobot> #note DevStack gate is now a voting gate
20:35:31 <chadlung> Actually they haven't enabled the voting dsvm gate yet: https://review.openstack.org/#/c/80686/2
20:35:41 <lisaclark1> is the python 2.6 also a voting gate?
20:36:06 <redrobot> #note oops... DevStack gate will *soon* be a voting gate
20:36:16 <chadlung> lisaclark1: they all vote now
20:36:16 <redrobot> lisaclark1 yes, Python 2.6 is a voting gate
20:36:53 <chadlung> lisaclark1: technically the dsvm one is still non-voting until the CR is approved
20:37:06 <woodster1> dstufft: thanks for getting python 2.6 working
20:37:30 <redrobot> #link https://review.openstack.org/#/c/80686/2 is the CR that will make the DevStack gate a voting gate
20:37:38 <codekobe> all these gates and their opinions!
20:37:49 <redrobot> #agreed gates are opinionated
20:38:07 <redrobot> codekobe just wait til we turn Hacking on
20:38:18 <woodster1> gates = control
20:38:31 <woodster1> barbican is growing up :)
20:38:33 <lisaclark1> gates = green goodness!
20:39:01 <codekobe> redrobot, I didn't realize hacking was off!
20:39:47 <redrobot> codekobe https://github.com/stackforge/barbican/blob/master/tox.ini#L21,L22
20:40:36 <redrobot> Ok guys, anything else we would like to talk about for this meeting?
20:40:50 <codekobe> i'm all out of ideas
20:40:59 <atiwari> I have one
20:41:07 <redrobot> atiwari shoot
20:41:24 <atiwari> how to add topic for summit discussion ?
20:41:38 <redrobot> #topic Summit Discussions
20:41:42 <atiwari> Barbican is not an option in http://summit.openstack.org/
20:42:14 <redrobot> atiwari I would guess that no actions have been taken to add Barbican now that we're incubated
20:42:31 <atiwari> ok
20:43:00 <malini> atiwari: add to keystone for the time being
20:43:03 <redrobot> I think jraim is working on getting Design Sessions scheduled
20:43:12 <lisaclark1> jraim had reached out to openstack coordinators to see about adding design sessions for barbican
20:43:18 <atiwari> redrobot, what is the procedure or time line for Barbican to be main line project
20:43:22 <redrobot> lisaclark1 jinx!
20:43:44 <redrobot> atiwari now that we're incubated we have to wait two cycles before applying for graduation
20:43:52 <redrobot> atiwari so at least a year...?
20:44:02 <atiwari> hmm
20:44:45 <atiwari> ok
20:45:23 <woodster1> (thinks to himself out loud: …maybe if the masses clamor for it sooner…)
20:45:37 <redrobot> ha!
20:46:34 <redrobot> we still have a few minutes in this channel.  Any other questions/concerns/comments before we finish this meeting?
20:47:19 <woodster1> I'm good
20:47:23 <malini> redrobot: need to add a chapter on key manager to openstack-security-guide
20:47:46 <malini> version-1 had a reference to it, now it is time to flesh it out
20:47:47 <redrobot> #topic Add Barbican to OpenStack Security Guide
20:48:01 <redrobot> malini is this something you would like to look into?
20:48:20 <malini> redrobot: yes, would feel honored to handle it
20:49:04 <redrobot> #action malini will look into adding a Barbican chapter to the OpenStack security guide
20:49:35 <redrobot> malini if we can help in any way let us know
20:49:55 <redrobot> i'm not very familiar with the security guide... I probably need to read up on it.
20:50:14 <redrobot> also, I'm sure jraim will have some input on that.
20:50:25 <malini> redrobot, will ping for help, editting etc, you are drafted!
20:50:34 <redrobot> malini :D
20:51:10 <woodster1> malini: thanks for the help (again)
20:51:32 <malini> Hey, thanks for building barbican, we need it
20:51:42 <malini> and waiting to see you all at Atlanta!
20:51:53 <woodster1> for sure
20:52:42 <redrobot> alrighty guys, any last minute comments or concerns?
20:54:22 <redrobot> ok then, thanks everyone for coming to the meeting.  See you guys here again next week.
20:54:28 <redrobot> #endmeeting