20:00:03 <redrobot> #startmeeting barbican 20:00:04 <openstack> Meeting started Mon Jun 8 20:00:03 2015 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 20:00:08 <openstack> The meeting name has been set to 'barbican' 20:00:21 <redrobot> #topic Roll Call 20:00:27 <dave-mcc_> o/ 20:00:27 <hockeynut> o/ 20:00:31 <elmiko> o/ 20:00:38 <jaosorior> o/ 20:00:44 <silos> o/ 20:00:46 <woodster_> o/ 20:00:54 <Asha> o/ 20:00:59 <jkf> Greetings 20:01:10 <alee> o/ 20:01:11 <redrobot> woo! lots of barbicaneers here today! 20:01:12 <igueths> o/ 20:01:23 <redrobot> As usual, the agenda can be found here: 20:01:25 <rellerreller> o/ 20:01:30 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican 20:01:46 <redrobot> #topic Action Items from Previous Meeting 20:01:49 <jaosorior> :t face 20:01:55 <arunkant> o/ 20:01:56 <redrobot> #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-06-01-20.00.html 20:01:56 <jaosorior> sorry haha 20:02:30 <redrobot> elmiko you had an action item to file a bug to move management scripts from bin/ to entry_points 20:02:32 <redrobot> elmiko any progress on that? 20:02:49 <elmiko> yes 20:03:00 <elmiko> i've got a couple things going on that front 20:03:17 <elmiko> i think there are, minimum, two solutions; the hacky one, and the proper one. 20:03:23 <redrobot> #link https://bugs.launchpad.net/barbican/+bug/1454587 20:03:24 <openstack> Launchpad bug 1454587 in Barbican "Install scripts in /usr/bin with extensions" [Undecided,Confirmed] 20:03:37 <elmiko> on the hacky front, i have a small poc script that will run the same uswgi flow we have now 20:03:39 <redrobot> oops, I think that's the wrong bug 20:04:19 <elmiko> on the proper front, i think we might want to follow the lead of other projects and create a true wsgi app that runs from the script 20:04:30 <elmiko> i've started to gather ideas about that here, https://etherpad.openstack.org/p/liberty-barbican-all-ideas 20:04:46 <redrobot> #link https://etherpad.openstack.org/p/liberty-barbican-all-ideas 20:04:46 <elmiko> but i have some questions about if this is something that the project wants, and also a few details 20:04:54 <elmiko> redrobot: thanks 20:05:22 <elmiko> so, basically, is it worth the effort to create an actual app that could run from barbican-all?? 20:05:43 <elmiko> like, instantiate a wsgi server running the pecan stuff, and then hook into all the oslo.config goodness, etc... 20:06:01 <redrobot> elmiko so currently we have a few scripts in bin/. There's one called barbican-api that just runs the WSGI app in paste.httpserver 20:06:05 <redrobot> #link http://git.openstack.org/cgit/openstack/barbican/tree/bin/barbican-api 20:06:11 <elmiko> yea 20:06:16 <redrobot> I would prefer that we drop uwsgi from our management scripts 20:06:17 <elmiko> i looked to those for inspiration 20:06:44 <elmiko> ok, cool 20:06:52 <redrobot> I think that ideally we'll want a WSGI setup that can run under apache 20:07:01 <redrobot> similar to what Keystone is doing in the httpd/ directory in their repo 20:07:10 <elmiko> do we want to keep the paste.deploy related configs in separate files still, or can we incorporate them into an app? 20:07:18 <chellygel> (in channel doesn't raise hand .____./) 20:07:23 <elmiko> redrobot: awesome, i was using keystone for some reference 20:08:15 <elmiko> i think a big piece of work will be creating a singular class to contain the wsgi app, then we could instantiate that either from an outside source (apache) or from a script through eventleft 20:08:20 <elmiko> *eventlet 20:08:30 <redrobot> not sure about the paste.deploy pipeline stuff... I think I would prefer Barbican to be a stand-alone app, then allow people to stitch their pipeline however they want. 20:08:41 <elmiko> i think this might be big enough that we would want a spec or something though. 20:09:00 <elmiko> redrobot: ok, so that would be like rolling the stuff in *-paste.ini into the app config? 20:09:29 <woodster_> yeah, it seems big enough to justify a blueprint to me 20:09:42 <alee> elmiko, I think a spec is a good idea - will allow us to see what needs to be done 20:10:07 <woodster_> maybe note how things are done now and how they would change? 20:10:17 <elmiko> ok, i can create a bp/spec for it. i will be out of town from 6/11-18, so just a heads up. 20:10:23 <elmiko> woodster_: yea, definitely 20:10:26 <woodster_> elmiko: so is paste getting phased out? 20:10:34 <elmiko> woodster_: not at all, 20:10:53 <elmiko> i was just concerned about if we should keep the external configurations for it, or roll those configs into the app structure. 20:10:56 <arunkant> Looks like eventlet usage was deprecated in keystone in Kilo..https://review.openstack.org/#/c/157495 20:11:13 <dstanek> arunkant: yes! finally 20:11:22 <elmiko> arunkant: ah, interesting... 20:11:29 <elmiko> it looked like it was still in the code 20:11:41 <jaosorior> elmiko: it still works, but it's marked as deprecated 20:11:52 <dstanek> elmiko: we still support running keystone-all for now, but it will be removed 20:12:21 <elmiko> dstanek: ok, 20:12:29 <elmiko> i obviously need to read a little deeper 20:12:39 <woodster_> dstanek: thanks for the update 20:12:39 <elmiko> dstanek: so, keystone-all will be removed entirely? 20:14:00 <redrobot> sounds like you still have a ton of work left, elmiko 20:14:06 <elmiko> redrobot: agreed 20:14:07 <dstanek> elmiko: i'm thinking that it will 20:14:08 <redrobot> elmiko did you get a chance to file a launchpad bug? 20:14:15 <elmiko> i did, 1sec 20:14:37 <dstanek> elmiko: i'm working on implementing keystone on top of flask and i plan to have a devserver that's clearly marked as a devserver 20:14:38 <elmiko> #link https://bugs.launchpad.net/barbican/+bug/1462458 20:14:39 <openstack> Launchpad bug 1462458 in Barbican "Barbican should expose a runner script through setuptools entry_points" [Undecided,New] - Assigned to Michael McCune (mimccune) 20:14:54 <elmiko> dstanek: hehe, cool. i'm used to flask from the sahara side of things. 20:15:10 <redrobot> elmiko awesome, thanks 20:15:25 <elmiko> redrobot: i'll start gathering all the details for a spec 20:15:31 <redrobot> elmiko sounds good 20:16:00 <redrobot> next action item was for me to backport the DogTag SecretStore fix into stable/kilo 20:16:11 <redrobot> which has already merged 20:16:12 <redrobot> #link https://review.openstack.org/#/c/187721/ 20:16:36 <redrobot> and that's it for last week's action items. 20:16:41 <redrobot> moving on... 20:16:45 <redrobot> #topic Mid-Cycle RSVP 20:17:06 <redrobot> I added a wiki page with the details for the Mid-Cycle Sprint 20:17:07 <redrobot> #link https://wiki.openstack.org/wiki/Sprints/BarbicanLibertySprint 20:17:40 <redrobot> It'll be happening at the Johns Hopkins University Applied Physics Laboratory 20:17:47 <redrobot> in Laurel, Maryland 20:17:52 <redrobot> August 5-7 20:18:08 <redrobot> I also added an Eventbrite event so interested folks can RSVP 20:18:15 <redrobot> #link https://eventbrite.com/event/17310650622/ 20:18:38 <redrobot> any questions/comments regarding the mid-cycle sprint? 20:19:21 <jaosorior> Noup 20:19:31 <dave-mcc_> have we nailed down start time for first day, and end time for last day? (just thinking about booking air travel). 20:19:53 <redrobot> I have it down for 9:00am Wednesday start and 5:00pm Friday end 20:20:26 <alee> any suggestions/ preferred hotels etc.? 20:20:47 <redrobot> rellerreller would probably be the best one to ask about hotels 20:21:07 <rellerreller> Leave an action item for me to look into that. 20:21:10 <alee> redrobot, right - maybe add to the eventbrite 20:21:26 <redrobot> #action rellerreller to look into preferred Hotels for Mid-Cycle 20:21:30 <redrobot> alee will do. 20:21:38 <alee> rellerreller, is there a JPL rate ? :) 20:22:02 <rellerreller> alee I'm not sure. I'll see how much influence I have :) 20:22:17 <hockeynut> hot tubs included, pleez :-) 20:22:17 <elmiko> lol 20:22:48 <alee> hockeynut, they have a tokamak there they can use to heat things up .. 20:23:09 <hockeynut> I was assuming it would be the fires from rioters 20:23:18 <redrobot> hockeynut lmao 20:23:30 <hockeynut> ps I had to google tokamak 20:23:37 <kfarr_> There's a list of hotels here: http://www.jhuapl.edu/aboutapl/visitor/lodging.asp 20:24:06 <hockeynut> thanks kfarr_ ! 20:24:13 <rellerreller> kfarr_ Thanks! 20:24:35 <kfarr_> "make sure to advise the hotel front desk at check-in that your stay is related to your APL visit so that the hotel will honor the special rate." 20:24:40 <redrobot> woot! gotta love those immediate-action-items :) 20:25:26 <redrobot> #link http://www.jhuapl.edu/aboutapl/visitor/lodging.asp 20:25:42 <redrobot> anything else on this topic? 20:26:15 <redrobot> okay, moving on... 20:26:24 <redrobot> #topic High Priority Reviews 20:26:52 <redrobot> The last CR for the ACL API revamp just needs a workflow 20:26:53 <redrobot> #link https://review.openstack.org/#/c/188208/ 20:27:35 <alee> redrobot, ok - I'll take a look at that 20:27:45 <redrobot> and also the barbican-specs reviews, so we can get them landed before liberty-1 20:27:47 <redrobot> #link https://review.openstack.org/#/q/status:open+project:openstack/barbican-specs,n,z 20:28:03 <redrobot> there's quite a few of them out there 20:28:15 <redrobot> any other reviews I may have missed? 20:28:18 <dave-mcc_> here's mine for the Quota support blueprint: https://review.openstack.org/#/c/186562/ 20:28:36 <redrobot> thanks dave-mcc_ 20:28:53 <dave-mcc_> i've made good progress on the code, but i'm off for vacation tomorrow for 10 days. i'll be back to finish the work, but i'll be offline for a while. 20:28:56 <jaosorior> Well, this is not high prio. But would sure love some reviews here, it's been out there for a while https://review.openstack.org/#/c/178601/ 20:29:07 <jaosorior> would make life easier on the client side 20:29:12 <rellerreller> I had a review, https://review.openstack.org/#/c/182461/ . It was approved but then had merge conflict. 20:29:33 <rellerreller> Only one line changed so all those +2's should be easy again :) 20:29:35 <redrobot> jaosorior I think we also want to mention reviews that have been outstanding for a long time, so you're good 20:30:33 <woodster_> I'm paid by the blueprint now, so please review any of them with my name :) jk 20:30:50 <redrobot> alrighty... that's all I had on the agenda for today. 20:30:54 <redrobot> #topic Open Discussion 20:31:18 <redrobot> anything else we want to talk about today? If not we all get 30 min back. :) 20:31:18 <woodster_> FYI, there is a Keystone thread going about adding group-ID to header info from keystone middleware... 20:31:26 <woodster_> This would support group-based ACLs 20:31:39 <elmiko> could i ask a couple more questions about the barbican-all topic? 20:31:46 <Asha> yes ... 20:32:00 <Asha> we will be Unable to retrieve the secret in text/plain format generated from Barbican order resource 20:32:14 <redrobot> ok, one at a time, guys :) 20:32:22 <alee> redrobot, lets please prioritize spec reviews -- only two weeks to liberty-1 20:32:29 <woodster_> Asha: that's the generated AES key correct? 20:32:31 <redrobot> woodster_ do you have a link to the mailing list thread? 20:32:39 <Asha> yes 20:32:51 <redrobot> asha I was going to write back to that thread.... text/plain is probably not what you need 20:33:07 <Asha> ok ... 20:33:32 <woodster_> redrobot: the subject has this text: [openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx 20:34:07 <Asha> then how would I pass the 32 bytes key generated to the standard python libraries like pycrytp 20:34:14 <redrobot> #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/065757.html 20:34:30 <woodster_> dstanek: FYI David regarding group-based ACLs 20:35:19 <redrobot> Asha so, in Python 2 bytes are represented by the type str, but in Python 3 bytes have their own type of bytes. 20:35:46 <redrobot> Asha if you're using Python 3, then bytes and strings are the same thing... (note that unicode strings in Python 2 are a different type) 20:36:06 <redrobot> errr Python2 bytes and strings are the same type (str) 20:36:23 <Asha> @redrobot..Thanks I am using ython 2 20:36:33 <redrobot> Asha you should be using python-barbicanclient. It will take care of these low-level implementation details 20:37:11 <redrobot> Asha such as the conversion from the barbican response into a usable string (or bytes) depending on which python version you're using. 20:37:29 <Asha> oh k ..Thanks ..I was using the request object 20:38:08 <elmiko> my turn? 20:38:16 <redrobot> Asha I'll send a reply to the mailing list summarizing this, just in case other people are interested. 20:38:18 <redrobot> elmiko go ahead 20:38:31 * redrobot feels like a juggler 20:38:35 <Asha> @ redrobot ..Thanks redrobot I would use python barbican client ..dlmiko ..u can go ahead 20:38:49 <elmiko> hehe, np, i was trying to be respectful =) 20:38:52 <Asha> elmiko * 20:39:22 <elmiko> just to be clear about any sort of upgrade wsgi/script stuff, one of the goals is to have a singular wsgi container that can be consumed by apache or another pipeline? 20:39:48 <Asha> thanks a lot redrobot ... 20:39:49 <redrobot> elmiko yes, I would think so... there's nothing in Barbican that should prevent it from running in any web server 20:40:20 <redrobot> elmiko ideally we should be able to run in uwsgi, apache, gunicorn, nginx, or whatever people want to toss barbican into 20:40:37 <elmiko> redrobot: ok, cool. totally down with it =) 20:41:03 <elmiko> and then, we can make a simple helper for dev work or convenience in a single install that can just run that container. 20:41:36 <elmiko> just want to make sure i've got the target in sight for the spec. thanks! 20:42:35 <alee> anyone else having trouble running tox on master? 20:43:37 <hockeynut> alee getting an error? 20:44:25 <alee> (sorry not sure if we're ready to transition to next topic yet) 20:44:32 <redrobot> alee go ahead 20:44:35 <redrobot> I think elmiko was done ? 20:44:41 <elmiko> redrobot: yup, all done. 20:45:12 <woodster_> alee, yeah I was getting an error over the weekend 20:45:33 <elmiko> i got the same error, but it was when i was running the server and db-migration scripts. not from tox. 20:46:50 <arunkant> redrobot: is there a plan/ need to add caching support in barbican? 20:46:56 <woodster_> https://www.irccloud.com/pastebin/i9EbcZnd/ 20:47:17 <woodster_> alee: look familiar? 20:47:45 <alee> anyone else still out there? 20:47:50 <woodster_> sorry, probably better for the project channel... 20:48:00 <elmiko> alee: yo/ 20:48:07 <woodster_> o/ 20:48:14 <woodster_> roll call again? :) 20:48:20 <elmiko> hehe 20:48:32 <elmiko> i actually reran the tox tests after alee mentioned it, but they passed for me 20:48:42 <elmiko> i used a fresh env though 20:48:46 <redrobot> alee have you tried nuking your db file? 20:48:58 <woodster_> yeah I tried to blow way .tox and start from scratch...no luck getting rid of my error 20:49:21 <redrobot> heh... guess he was having connection issues?' 20:49:23 <jaosorior> redrobot: Now I'm getting the same error, and deleting the file didn't help 20:49:31 <jaosorior> alee: ping 20:49:37 <woodster_> jaosorior: which error? 20:49:39 <alee> pong 20:49:40 <redrobot> jaosorior weird 20:49:52 <alee> sorry - I think I dropped out 20:49:54 <redrobot> seems like there's definitely something fishy going on 20:50:12 <alee> was seeing nothing for awhile 20:50:38 <jaosorior> Basically everything was working. I was using latest master and everything. Then since I was reading others were having errors, I thought I might be able to reproduce it by updating my box (since I was away I hadn't updated it in some weeks) 20:50:46 <jaosorior> and yeah, I get a buuuunch of errors now 20:51:01 <jaosorior> possibly a tox update and... dunno what other problems 20:51:05 <alee> jaosorior, are you getting "SecretStorePluginNotConfigured" ? 20:51:16 <woodster_> I only see ''NoneType' object has no attribute 'conf'' but it is on every test :) 20:52:09 <alee> jaosorior, redrobot -interestingly when I try an older tree, it runs just fine. 20:52:21 <jaosorior> here's the tox output: http://pastebin.com/GERZNtNb 20:52:42 <alee> jaosorior, redrobot so some combination of the latest code + updated packages seems to cause this 20:54:10 <redrobot> alee weird indeed... I don't think we'll figure out in the meeting though. Want to take the discussion back to our channel? 20:54:11 <woodster_> tox is like a box of chocolates...I'd like to put my error back half-eaten, but that would be uncool :) 20:54:21 <elmiko> lol! 20:54:29 <woodster_> redrobot: that works for me 20:54:38 <alee> redrobot, ok 20:55:00 <redrobot> alrighty guys, thanks for coming! 20:55:07 <redrobot> #endmeeting