20:00:03 #startmeeting barbican 20:00:04 Meeting started Mon Jun 8 20:00:03 2015 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:06 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 20:00:08 The meeting name has been set to 'barbican' 20:00:21 #topic Roll Call 20:00:27 o/ 20:00:27 o/ 20:00:31 o/ 20:00:38 o/ 20:00:44 o/ 20:00:46 o/ 20:00:54 o/ 20:00:59 Greetings 20:01:10 o/ 20:01:11 woo! lots of barbicaneers here today! 20:01:12 o/ 20:01:23 As usual, the agenda can be found here: 20:01:25 o/ 20:01:30 #link https://wiki.openstack.org/wiki/Meetings/Barbican 20:01:46 #topic Action Items from Previous Meeting 20:01:49 :t face 20:01:55 o/ 20:01:56 #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-06-01-20.00.html 20:01:56 sorry haha 20:02:30 elmiko you had an action item to file a bug to move management scripts from bin/ to entry_points 20:02:32 elmiko any progress on that? 20:02:49 yes 20:03:00 i've got a couple things going on that front 20:03:17 i think there are, minimum, two solutions; the hacky one, and the proper one. 20:03:23 #link https://bugs.launchpad.net/barbican/+bug/1454587 20:03:24 Launchpad bug 1454587 in Barbican "Install scripts in /usr/bin with extensions" [Undecided,Confirmed] 20:03:37 on the hacky front, i have a small poc script that will run the same uswgi flow we have now 20:03:39 oops, I think that's the wrong bug 20:04:19 on the proper front, i think we might want to follow the lead of other projects and create a true wsgi app that runs from the script 20:04:30 i've started to gather ideas about that here, https://etherpad.openstack.org/p/liberty-barbican-all-ideas 20:04:46 #link https://etherpad.openstack.org/p/liberty-barbican-all-ideas 20:04:46 but i have some questions about if this is something that the project wants, and also a few details 20:04:54 redrobot: thanks 20:05:22 so, basically, is it worth the effort to create an actual app that could run from barbican-all?? 20:05:43 like, instantiate a wsgi server running the pecan stuff, and then hook into all the oslo.config goodness, etc... 20:06:01 elmiko so currently we have a few scripts in bin/. There's one called barbican-api that just runs the WSGI app in paste.httpserver 20:06:05 #link http://git.openstack.org/cgit/openstack/barbican/tree/bin/barbican-api 20:06:11 yea 20:06:16 I would prefer that we drop uwsgi from our management scripts 20:06:17 i looked to those for inspiration 20:06:44 ok, cool 20:06:52 I think that ideally we'll want a WSGI setup that can run under apache 20:07:01 similar to what Keystone is doing in the httpd/ directory in their repo 20:07:10 do we want to keep the paste.deploy related configs in separate files still, or can we incorporate them into an app? 20:07:18 (in channel doesn't raise hand .____./) 20:07:23 redrobot: awesome, i was using keystone for some reference 20:08:15 i think a big piece of work will be creating a singular class to contain the wsgi app, then we could instantiate that either from an outside source (apache) or from a script through eventleft 20:08:20 *eventlet 20:08:30 not sure about the paste.deploy pipeline stuff... I think I would prefer Barbican to be a stand-alone app, then allow people to stitch their pipeline however they want. 20:08:41 i think this might be big enough that we would want a spec or something though. 20:09:00 redrobot: ok, so that would be like rolling the stuff in *-paste.ini into the app config? 20:09:29 yeah, it seems big enough to justify a blueprint to me 20:09:42 elmiko, I think a spec is a good idea - will allow us to see what needs to be done 20:10:07 maybe note how things are done now and how they would change? 20:10:17 ok, i can create a bp/spec for it. i will be out of town from 6/11-18, so just a heads up. 20:10:23 woodster_: yea, definitely 20:10:26 elmiko: so is paste getting phased out? 20:10:34 woodster_: not at all, 20:10:53 i was just concerned about if we should keep the external configurations for it, or roll those configs into the app structure. 20:10:56 Looks like eventlet usage was deprecated in keystone in Kilo..https://review.openstack.org/#/c/157495 20:11:13 arunkant: yes! finally 20:11:22 arunkant: ah, interesting... 20:11:29 it looked like it was still in the code 20:11:41 elmiko: it still works, but it's marked as deprecated 20:11:52 elmiko: we still support running keystone-all for now, but it will be removed 20:12:21 dstanek: ok, 20:12:29 i obviously need to read a little deeper 20:12:39 dstanek: thanks for the update 20:12:39 dstanek: so, keystone-all will be removed entirely? 20:14:00 sounds like you still have a ton of work left, elmiko 20:14:06 redrobot: agreed 20:14:07 elmiko: i'm thinking that it will 20:14:08 elmiko did you get a chance to file a launchpad bug? 20:14:15 i did, 1sec 20:14:37 elmiko: i'm working on implementing keystone on top of flask and i plan to have a devserver that's clearly marked as a devserver 20:14:38 #link https://bugs.launchpad.net/barbican/+bug/1462458 20:14:39 Launchpad bug 1462458 in Barbican "Barbican should expose a runner script through setuptools entry_points" [Undecided,New] - Assigned to Michael McCune (mimccune) 20:14:54 dstanek: hehe, cool. i'm used to flask from the sahara side of things. 20:15:10 elmiko awesome, thanks 20:15:25 redrobot: i'll start gathering all the details for a spec 20:15:31 elmiko sounds good 20:16:00 next action item was for me to backport the DogTag SecretStore fix into stable/kilo 20:16:11 which has already merged 20:16:12 #link https://review.openstack.org/#/c/187721/ 20:16:36 and that's it for last week's action items. 20:16:41 moving on... 20:16:45 #topic Mid-Cycle RSVP 20:17:06 I added a wiki page with the details for the Mid-Cycle Sprint 20:17:07 #link https://wiki.openstack.org/wiki/Sprints/BarbicanLibertySprint 20:17:40 It'll be happening at the Johns Hopkins University Applied Physics Laboratory 20:17:47 in Laurel, Maryland 20:17:52 August 5-7 20:18:08 I also added an Eventbrite event so interested folks can RSVP 20:18:15 #link https://eventbrite.com/event/17310650622/ 20:18:38 any questions/comments regarding the mid-cycle sprint? 20:19:21 Noup 20:19:31 have we nailed down start time for first day, and end time for last day? (just thinking about booking air travel). 20:19:53 I have it down for 9:00am Wednesday start and 5:00pm Friday end 20:20:26 any suggestions/ preferred hotels etc.? 20:20:47 rellerreller would probably be the best one to ask about hotels 20:21:07 Leave an action item for me to look into that. 20:21:10 redrobot, right - maybe add to the eventbrite 20:21:26 #action rellerreller to look into preferred Hotels for Mid-Cycle 20:21:30 alee will do. 20:21:38 rellerreller, is there a JPL rate ? :) 20:22:02 alee I'm not sure. I'll see how much influence I have :) 20:22:17 hot tubs included, pleez :-) 20:22:17 lol 20:22:48 hockeynut, they have a tokamak there they can use to heat things up .. 20:23:09 I was assuming it would be the fires from rioters 20:23:18 hockeynut lmao 20:23:30 ps I had to google tokamak 20:23:37 There's a list of hotels here: http://www.jhuapl.edu/aboutapl/visitor/lodging.asp 20:24:06 thanks kfarr_ ! 20:24:13 kfarr_ Thanks! 20:24:35 "make sure to advise the hotel front desk at check-in that your stay is related to your APL visit so that the hotel will honor the special rate." 20:24:40 woot! gotta love those immediate-action-items :) 20:25:26 #link http://www.jhuapl.edu/aboutapl/visitor/lodging.asp 20:25:42 anything else on this topic? 20:26:15 okay, moving on... 20:26:24 #topic High Priority Reviews 20:26:52 The last CR for the ACL API revamp just needs a workflow 20:26:53 #link https://review.openstack.org/#/c/188208/ 20:27:35 redrobot, ok - I'll take a look at that 20:27:45 and also the barbican-specs reviews, so we can get them landed before liberty-1 20:27:47 #link https://review.openstack.org/#/q/status:open+project:openstack/barbican-specs,n,z 20:28:03 there's quite a few of them out there 20:28:15 any other reviews I may have missed? 20:28:18 here's mine for the Quota support blueprint: https://review.openstack.org/#/c/186562/ 20:28:36 thanks dave-mcc_ 20:28:53 i've made good progress on the code, but i'm off for vacation tomorrow for 10 days. i'll be back to finish the work, but i'll be offline for a while. 20:28:56 Well, this is not high prio. But would sure love some reviews here, it's been out there for a while https://review.openstack.org/#/c/178601/ 20:29:07 would make life easier on the client side 20:29:12 I had a review, https://review.openstack.org/#/c/182461/ . It was approved but then had merge conflict. 20:29:33 Only one line changed so all those +2's should be easy again :) 20:29:35 jaosorior I think we also want to mention reviews that have been outstanding for a long time, so you're good 20:30:33 I'm paid by the blueprint now, so please review any of them with my name :) jk 20:30:50 alrighty... that's all I had on the agenda for today. 20:30:54 #topic Open Discussion 20:31:18 anything else we want to talk about today? If not we all get 30 min back. :) 20:31:18 FYI, there is a Keystone thread going about adding group-ID to header info from keystone middleware... 20:31:26 This would support group-based ACLs 20:31:39 could i ask a couple more questions about the barbican-all topic? 20:31:46 yes ... 20:32:00 we will be Unable to retrieve the secret in text/plain format generated from Barbican order resource 20:32:14 ok, one at a time, guys :) 20:32:22 redrobot, lets please prioritize spec reviews -- only two weeks to liberty-1 20:32:29 Asha: that's the generated AES key correct? 20:32:31 woodster_ do you have a link to the mailing list thread? 20:32:39 yes 20:32:51 asha I was going to write back to that thread.... text/plain is probably not what you need 20:33:07 ok ... 20:33:32 redrobot: the subject has this text: [openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx 20:34:07 then how would I pass the 32 bytes key generated to the standard python libraries like pycrytp 20:34:14 #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/065757.html 20:34:30 dstanek: FYI David regarding group-based ACLs 20:35:19 Asha so, in Python 2 bytes are represented by the type str, but in Python 3 bytes have their own type of bytes. 20:35:46 Asha if you're using Python 3, then bytes and strings are the same thing... (note that unicode strings in Python 2 are a different type) 20:36:06 errr Python2 bytes and strings are the same type (str) 20:36:23 @redrobot..Thanks I am using ython 2 20:36:33 Asha you should be using python-barbicanclient. It will take care of these low-level implementation details 20:37:11 Asha such as the conversion from the barbican response into a usable string (or bytes) depending on which python version you're using. 20:37:29 oh k ..Thanks ..I was using the request object 20:38:08 my turn? 20:38:16 Asha I'll send a reply to the mailing list summarizing this, just in case other people are interested. 20:38:18 elmiko go ahead 20:38:31 * redrobot feels like a juggler 20:38:35 @ redrobot ..Thanks redrobot I would use python barbican client ..dlmiko ..u can go ahead 20:38:49 hehe, np, i was trying to be respectful =) 20:38:52 elmiko * 20:39:22 just to be clear about any sort of upgrade wsgi/script stuff, one of the goals is to have a singular wsgi container that can be consumed by apache or another pipeline? 20:39:48 thanks a lot redrobot ... 20:39:49 elmiko yes, I would think so... there's nothing in Barbican that should prevent it from running in any web server 20:40:20 elmiko ideally we should be able to run in uwsgi, apache, gunicorn, nginx, or whatever people want to toss barbican into 20:40:37 redrobot: ok, cool. totally down with it =) 20:41:03 and then, we can make a simple helper for dev work or convenience in a single install that can just run that container. 20:41:36 just want to make sure i've got the target in sight for the spec. thanks! 20:42:35 anyone else having trouble running tox on master? 20:43:37 alee getting an error? 20:44:25 (sorry not sure if we're ready to transition to next topic yet) 20:44:32 alee go ahead 20:44:35 I think elmiko was done ? 20:44:41 redrobot: yup, all done. 20:45:12 alee, yeah I was getting an error over the weekend 20:45:33 i got the same error, but it was when i was running the server and db-migration scripts. not from tox. 20:46:50 redrobot: is there a plan/ need to add caching support in barbican? 20:46:56 https://www.irccloud.com/pastebin/i9EbcZnd/ 20:47:17 alee: look familiar? 20:47:45 anyone else still out there? 20:47:50 sorry, probably better for the project channel... 20:48:00 alee: yo/ 20:48:07 o/ 20:48:14 roll call again? :) 20:48:20 hehe 20:48:32 i actually reran the tox tests after alee mentioned it, but they passed for me 20:48:42 i used a fresh env though 20:48:46 alee have you tried nuking your db file? 20:48:58 yeah I tried to blow way .tox and start from scratch...no luck getting rid of my error 20:49:21 heh... guess he was having connection issues?' 20:49:23 redrobot: Now I'm getting the same error, and deleting the file didn't help 20:49:31 alee: ping 20:49:37 jaosorior: which error? 20:49:39 pong 20:49:40 jaosorior weird 20:49:52 sorry - I think I dropped out 20:49:54 seems like there's definitely something fishy going on 20:50:12 was seeing nothing for awhile 20:50:38 Basically everything was working. I was using latest master and everything. Then since I was reading others were having errors, I thought I might be able to reproduce it by updating my box (since I was away I hadn't updated it in some weeks) 20:50:46 and yeah, I get a buuuunch of errors now 20:51:01 possibly a tox update and... dunno what other problems 20:51:05 jaosorior, are you getting "SecretStorePluginNotConfigured" ? 20:51:16 I only see ''NoneType' object has no attribute 'conf'' but it is on every test :) 20:52:09 jaosorior, redrobot -interestingly when I try an older tree, it runs just fine. 20:52:21 here's the tox output: http://pastebin.com/GERZNtNb 20:52:42 jaosorior, redrobot so some combination of the latest code + updated packages seems to cause this 20:54:10 alee weird indeed... I don't think we'll figure out in the meeting though. Want to take the discussion back to our channel? 20:54:11 tox is like a box of chocolates...I'd like to put my error back half-eaten, but that would be uncool :) 20:54:21 lol! 20:54:29 redrobot: that works for me 20:54:38 redrobot, ok 20:55:00 alrighty guys, thanks for coming! 20:55:07 #endmeeting