20:00:49 <redrobot> #startmeeting barbican
20:00:50 <openstack> Meeting started Mon Jun 29 20:00:49 2015 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:51 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:54 <openstack> The meeting name has been set to 'barbican'
20:01:04 <redrobot> #topic Roll Call
20:01:08 <rellerreller_> o/
20:01:09 <jaosorior> o/
20:01:10 <kfarr> o/
20:01:10 <hockeynut> o/
20:01:10 <silos> o/
20:01:11 <elmiko> hi
20:01:14 <arunkant> o/
20:01:26 <redrobot> As usual the meeting agenda can be found here:
20:01:29 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
20:01:35 <dave-mccowan> o/
20:03:13 <redrobot> alright, let's get the meeting started
20:03:20 <redrobot> #topic Action Items from last meeting
20:03:29 <redrobot> #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-06-22-19.59.html
20:03:45 <redrobot> The only action item was for me to add a liberty series to Castellan
20:04:00 <redrobot> which can be found here:
20:04:02 <redrobot> #link https://launchpad.net/castellan/liberty
20:04:12 <elmiko> nice
20:04:29 <redrobot> I just renamed the previous series, so a lot of stuff should look the same
20:04:42 <redrobot> This should help with adoption in Liberty by other services
20:05:00 <redrobot> as we will guarantee this as a stable branch with security fixes
20:05:40 <elmiko> i'm very curious on the state of ManagedObjects in castellan,
20:05:42 <kfarr> Thanks redrobot!
20:06:03 <elmiko> as this is really holding up the adoption of the spec in sahara. i'm going to be talking with rellerreller tomorrow about it
20:06:20 <redrobot> elmiko I can add it as an agenda item
20:06:32 <kfarr> elmiko, There's an initial patch for ManagedObjects up, but first we need to get the Barbican wrapper into Castellan
20:06:53 <redrobot> or we can talk about it now ;)
20:06:54 <elmiko> kfarr: ah, cool. i had not seen that yet
20:07:14 <redrobot> #topic Castellan
20:07:14 <elmiko> redrobot: i'm ok to wait, i should probably read the review and talk with reller
20:07:18 <kfarr> Sorry, redrobot, I don't mean to derail the topcs
20:07:21 <rellerreller_> elmiko yes, our plan was to integrate barbican first and then move to MOs
20:07:21 <elmiko> or now =)
20:07:45 <redrobot> #info ManagedObjects are being blocked by the Barbican patch to Castellan.  More reviewers needed.
20:07:47 <rellerreller_> I'm ok with talking now if people want to do that.
20:07:52 <elmiko> rellerreller_: ok cool. you know i'm just way eager to get going with it ;)
20:08:05 <rellerreller_> elmiko you and me both.
20:08:22 <rellerreller_> We are always looking for helpers!
20:08:36 <elmiko> i'm working on the config bp =)
20:09:11 <rellerreller_> That is one thing that has concerned us with the adoption of castellan is that we are the bottle neck. By the time we finish the changes to MOs and such there is not much time left.
20:09:50 <elmiko> cool, i appreciate all the hard work. i'll add the reviews to my queue.
20:09:53 <rellerreller_> I do not foresee a lot of adoption with Castellan in this release because of that :(
20:10:33 <redrobot> #help more contributions to Castellan would be appreciated
20:11:00 <redrobot> any other questions/comments for Castellan?
20:12:08 <redrobot> ok, moving on
20:12:21 <redrobot> #topic py26 testing for python-barbicanclient
20:12:23 <rellerreller_> I'll be around at 10 ET tomorrow in case more questions come up
20:12:31 <redrobot> jaosorior I believe you added this topic?
20:12:37 <jaosorior> yup
20:12:43 <jaosorior> quickie, but still wandering that
20:12:56 <jaosorior> thought at some point there was a decision to stop supporting py26#
20:13:06 <redrobot> IIRC, py26 was deprecated for Services only
20:13:06 <jaosorior> did I imagine that or is that the case?
20:13:10 <jaosorior> aah
20:13:12 <jaosorior> I see
20:13:15 <hockeynut> was that server side only?
20:13:21 <redrobot> yep I think so
20:13:28 <jaosorior> who can we ask about that?
20:13:37 <redrobot> usually, when there's a deprecation, the infra team sends patches to the projects to remove the gates
20:13:44 <jaosorior> I see
20:14:06 * redrobot does a quick mailing list search to find info
20:15:29 <redrobot> looks like there was a thread earlier this month
20:15:37 <redrobot> where Murano was asking about 2.6 support in their client
20:15:39 <redrobot> #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/065443.html
20:15:53 <redrobot> the rest of the thread is people chiming in that client libs should keep python 2.6 support
20:16:07 <jaosorior> at least keystoneclient still has a py26 gate
20:16:12 <jaosorior> though ceilometerclient doesn't
20:16:17 <jaosorior> but anyway, just wanted to make sure
20:16:22 <redrobot> I think Castellan also has a py26 gate
20:16:24 <jaosorior> py26 annoys me, that's all :P
20:16:47 <redrobot> #info we'll continue testing client libs against 2.6 to annoy jaosorior
20:16:53 <jaosorior> yay
20:17:05 <hockeynut> <snicker>
20:17:16 <redrobot> hehe
20:17:18 <redrobot> moving on
20:18:02 <redrobot> #topic Promoting DogTag gate to voting
20:18:29 <jaosorior> that topic is also by me
20:18:53 <jaosorior> So, the dogtag gates seems to be working, and actually doing it's job :D
20:19:00 <redrobot> \o/
20:19:05 <elmiko> nice
20:19:09 <jaosorior> so I thought about asking if you guys think it's time to set it as voting
20:19:45 <chellygel> will we be setting all plugin gate jobs to voting in the future?
20:19:49 <hockeynut> a slightly related variation on this - should we fire up a kmip gate as well (which eventually would be voting too?)
20:19:51 <chellygel> should the be created?
20:19:59 <chellygel> hockeynut, knows whats up :P
20:20:03 <hockeynut> :-D
20:20:13 <hockeynut> no worries, I speak fluent Chelsea
20:20:14 <jaosorior> hockeunut: is there such a thing as a kmip gate yet? that would be really awesome!
20:20:37 <hockeynut> jaosorior not yet, but there is a CR showing issues with tests that fail because of differences w/kmip
20:20:37 <rellerreller_> So good news is that I was able to get functional tests working with KMIP, except for four of them
20:20:45 <hockeynut> ^ that
20:20:49 <redrobot> I had to think about this for a bit.
20:21:12 <rellerreller_> I have an issue with finding a KMIP device that supports PKCS#8 and opaque data objects.
20:21:13 <jaosorior> rellerreller: You could submit a CR checking if kmip is being used and skipping those tests meanwhile
20:21:35 <rellerreller_> jaosorior I was thinking the same thing
20:21:40 <hockeynut> rellerreller_ is there a "simulator" or does it require a real piece of HW?
20:21:45 <jaosorior> I think that's the way to go
20:21:53 <redrobot> +1 to KMIP gate
20:21:55 <jaosorior> it's better to test something, even if some are missing
20:21:59 <redrobot> -1 to DogTag voting for now
20:22:06 <rellerreller_> The downside of the KMIP tests is that it requires having username and password to access device, or possibly other sensitive data like private key
20:22:07 * redrobot is having connection problems
20:22:13 <jaosorior> redrobot: Alright, I'll bring the topic in a couple of weeks then
20:22:21 <rellerreller_> hockeynut right now it requires hw
20:22:27 <redrobot> jaosorior the only reason I'm -1 right now is because the gate fails in stable/kilo
20:22:30 <hockeynut> dang
20:22:31 <redrobot> as seen in
20:22:33 <redrobot> #link https://review.openstack.org/#/c/192339/
20:22:43 <jaosorior> redrobot: It will fail in stable/kilo cause there needs to be some backported patches
20:22:49 <rellerreller_> I do not know of a software KMIP server. We are working to write one, but it will be a long time from now.
20:22:56 <jaosorior> aaaand I was supposed to file a bug report
20:23:10 <jaosorior> can you set an action point for me to file a bug report for us to be able to backport those patches?
20:23:11 <hockeynut> rellerreller_ "long time" = before midcycle, right ;-)
20:23:23 <redrobot> jaosorior as soon as we backport the fixes into stable/kilo I will be +2 to make the gate voting.
20:23:43 <redrobot> #action jaosorior to backport the DogTag gate fixes into stable/kilo
20:23:48 <rellerreller_> hockeynut long time means at least a year from now
20:23:57 <hockeynut> thats what I figured
20:24:06 <hockeynut> optimism--
20:24:35 <rellerreller_> Now instead of an official gate check we could add a voting service
20:24:57 <jaosorior> could a third party CI gate help in this case?
20:25:10 <rellerreller_> Like with Cinder and Nova that have plugins from different vendors. You can listen for patches and then vote on the patch.
20:25:26 <redrobot> we had started going down that path with HP folks
20:25:35 <redrobot> they have a pair of Attallah HSMs for that purpose
20:25:36 <jaosorior> rellerreller_: I think this is what you're talking about http://docs.openstack.org/infra/system-config/third_party.html
20:25:37 <rellerreller_> That way we can setup this on our site and keep all of passwords and private keys private
20:25:58 <redrobot> but it seems to have stalled... last I heard the HSMs were in the process of being racked in the HP cloud.
20:26:07 <rellerreller_> jaosorior yes
20:26:29 <jaosorior> rellerreller_ I think that's the way to go
20:26:43 <rellerreller_> I would love to learn how to do this if anyone has some spare time.
20:26:51 <redrobot> rellerreller_ jaosorior  +1
20:27:00 <kfarr> I've gotta run to a class, but I really wish I could stay for the rest of this discussion
20:27:14 <rellerreller_> I tried learning this before and spent a few hours. At that point it was more complicated than a simple 8 hour job and had to abort.
20:27:16 <redrobot> rellerreller_ it involves setting up a few systems in your own cloud... like zuul and and others
20:27:28 <redrobot> kfarr have fun in class!
20:27:41 <redrobot> rellerreller_ yeah, definitely not a simple task.
20:27:41 <jaosorior> sounds like a task for the mid-cycle
20:27:48 <rellerreller_> redrobot Ya, it was not as easy as I was hoping for.
20:28:18 <rellerreller_> Our other issue is performance. Having a real device in place can make the tests last 10-20 minutes.
20:28:33 <redrobot> cool, let's aim for hashing this out more for the mid-cycle.  In the mean time I'll ping Rob Clark about the HP HSMs that we were going to use for this.
20:28:36 <rellerreller_> I'm not sure what kind of punishment we can put on these devices.
20:28:58 <redrobot> rellerreller_ a lot less than advertised, we've found :(
20:29:41 <rellerreller_> redrobot no bueno :(
20:30:20 <redrobot> anything else on DogTag/KMIP gates?
20:30:33 <jaosorior> redrobot: Nothing else on my side
20:30:43 <redrobot> ok, moving on
20:30:49 <redrobot> #topic Mid-Cycle Sprint topics
20:31:09 <redrobot> the last discussion reminded me that we started an etherpad to start tracking mid-cycle sprint topics
20:31:13 <redrobot> #link https://etherpad.openstack.org/p/barbican-liberty-midcycle
20:31:20 <redrobot> Feel free to add topics to it
20:31:39 <hockeynut> and that first item is basically what we just talked about (kmip)
20:32:32 <redrobot> also for reference, we have a M-cycle etherpad with topics we punted at the last summit:
20:32:34 <redrobot> #link https://etherpad.openstack.org/p/barbican-m-design-sessions
20:32:36 <rellerreller_> I was not expecting much resistance on that one :)
20:33:58 <redrobot> That's all I had on this topic.
20:34:04 <redrobot> any questions/comments?
20:35:00 <redrobot> ok, moving on
20:35:05 <redrobot> #topic Barbican Liberty-1
20:35:23 <redrobot> In case you missed it, the liberty-1 milestone release went out last week
20:35:31 <redrobot> #link https://launchpad.net/barbican/liberty/liberty-1
20:35:56 <redrobot> also we got to be included in the general announcement alongside all the cool kids :D
20:36:01 <redrobot> #link http://lists.openstack.org/pipermail/openstack-announce/2015-June/000391.html
20:36:23 <redrobot> almost makes me feel like we're part of openstack for reals
20:37:19 <elmiko> awesome!
20:37:30 <hockeynut> w00t w00t
20:37:57 <redrobot> something to note is that our versioning scheme was changed
20:38:11 <redrobot> liberty-1 was versioned 1.0.0.0b1
20:38:40 <rellerreller_> * has to leave now
20:38:43 <redrobot> which means that the final liberty release will be versioned 1.0.0.0
20:39:02 <redrobot> shouldn't affect anyone except packagers
20:40:34 <redrobot> any questions/comments about the release?
20:41:00 <chellygel> will there be a party?
20:41:02 <chellygel> :P
20:41:29 <redrobot> chellygel sure... we can set aside the last 5 minutes of this meeting to party....  you bring the desk whiskey!  :D
20:41:54 <elmiko> mmm desk whiskey...
20:42:06 <hockeynut> have some leftovers for tomorrow pls
20:42:24 <chellygel> i miss my desk whiskey ;~; stupid corporate jobs haha
20:42:48 <redrobot> chellygel they've never said we can't drink... we just can't keep working after we drink :-P
20:43:06 <redrobot> alrighty guys, that's all I have for now.
20:43:18 <elmiko> lol
20:43:19 <redrobot> #topic Open Discussion and/or Review Requests
20:43:42 <dave-mccowan> I have two open: https://review.openstack.org/#/c/171023/   https://review.openstack.org/#/c/181291/
20:44:41 <redrobot> dave-mccowan added to queue
20:45:14 <redrobot> Also we need spec reviews
20:45:19 <redrobot> #link https://review.openstack.org/#/q/status:open+project:openstack/barbican-specs,n,z
20:45:39 <redrobot> it would be cool to land these before liberty-2
20:49:27 <redrobot> alrighty guys, looks like there's nothing else to talk about today.
20:49:37 <redrobot> thanks for coming, and happy reviewing! :D
20:49:40 <redrobot> #endmeeting