20:00:49 #startmeeting barbican 20:00:50 Meeting started Mon Jun 29 20:00:49 2015 UTC and is due to finish in 60 minutes. The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:51 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 20:00:54 The meeting name has been set to 'barbican' 20:01:04 #topic Roll Call 20:01:08 o/ 20:01:09 o/ 20:01:10 o/ 20:01:10 o/ 20:01:10 o/ 20:01:11 hi 20:01:14 o/ 20:01:26 As usual the meeting agenda can be found here: 20:01:29 #link https://wiki.openstack.org/wiki/Meetings/Barbican 20:01:35 o/ 20:03:13 alright, let's get the meeting started 20:03:20 #topic Action Items from last meeting 20:03:29 #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-06-22-19.59.html 20:03:45 The only action item was for me to add a liberty series to Castellan 20:04:00 which can be found here: 20:04:02 #link https://launchpad.net/castellan/liberty 20:04:12 nice 20:04:29 I just renamed the previous series, so a lot of stuff should look the same 20:04:42 This should help with adoption in Liberty by other services 20:05:00 as we will guarantee this as a stable branch with security fixes 20:05:40 i'm very curious on the state of ManagedObjects in castellan, 20:05:42 Thanks redrobot! 20:06:03 as this is really holding up the adoption of the spec in sahara. i'm going to be talking with rellerreller tomorrow about it 20:06:20 elmiko I can add it as an agenda item 20:06:32 elmiko, There's an initial patch for ManagedObjects up, but first we need to get the Barbican wrapper into Castellan 20:06:53 or we can talk about it now ;) 20:06:54 kfarr: ah, cool. i had not seen that yet 20:07:14 #topic Castellan 20:07:14 redrobot: i'm ok to wait, i should probably read the review and talk with reller 20:07:18 Sorry, redrobot, I don't mean to derail the topcs 20:07:21 elmiko yes, our plan was to integrate barbican first and then move to MOs 20:07:21 or now =) 20:07:45 #info ManagedObjects are being blocked by the Barbican patch to Castellan. More reviewers needed. 20:07:47 I'm ok with talking now if people want to do that. 20:07:52 rellerreller_: ok cool. you know i'm just way eager to get going with it ;) 20:08:05 elmiko you and me both. 20:08:22 We are always looking for helpers! 20:08:36 i'm working on the config bp =) 20:09:11 That is one thing that has concerned us with the adoption of castellan is that we are the bottle neck. By the time we finish the changes to MOs and such there is not much time left. 20:09:50 cool, i appreciate all the hard work. i'll add the reviews to my queue. 20:09:53 I do not foresee a lot of adoption with Castellan in this release because of that :( 20:10:33 #help more contributions to Castellan would be appreciated 20:11:00 any other questions/comments for Castellan? 20:12:08 ok, moving on 20:12:21 #topic py26 testing for python-barbicanclient 20:12:23 I'll be around at 10 ET tomorrow in case more questions come up 20:12:31 jaosorior I believe you added this topic? 20:12:37 yup 20:12:43 quickie, but still wandering that 20:12:56 thought at some point there was a decision to stop supporting py26# 20:13:06 IIRC, py26 was deprecated for Services only 20:13:06 did I imagine that or is that the case? 20:13:10 aah 20:13:12 I see 20:13:15 was that server side only? 20:13:21 yep I think so 20:13:28 who can we ask about that? 20:13:37 usually, when there's a deprecation, the infra team sends patches to the projects to remove the gates 20:13:44 I see 20:14:06 * redrobot does a quick mailing list search to find info 20:15:29 looks like there was a thread earlier this month 20:15:37 where Murano was asking about 2.6 support in their client 20:15:39 #link http://lists.openstack.org/pipermail/openstack-dev/2015-June/065443.html 20:15:53 the rest of the thread is people chiming in that client libs should keep python 2.6 support 20:16:07 at least keystoneclient still has a py26 gate 20:16:12 though ceilometerclient doesn't 20:16:17 but anyway, just wanted to make sure 20:16:22 I think Castellan also has a py26 gate 20:16:24 py26 annoys me, that's all :P 20:16:47 #info we'll continue testing client libs against 2.6 to annoy jaosorior 20:16:53 yay 20:17:05 20:17:16 hehe 20:17:18 moving on 20:18:02 #topic Promoting DogTag gate to voting 20:18:29 that topic is also by me 20:18:53 So, the dogtag gates seems to be working, and actually doing it's job :D 20:19:00 \o/ 20:19:05 nice 20:19:09 so I thought about asking if you guys think it's time to set it as voting 20:19:45 will we be setting all plugin gate jobs to voting in the future? 20:19:49 a slightly related variation on this - should we fire up a kmip gate as well (which eventually would be voting too?) 20:19:51 should the be created? 20:19:59 hockeynut, knows whats up :P 20:20:03 :-D 20:20:13 no worries, I speak fluent Chelsea 20:20:14 hockeunut: is there such a thing as a kmip gate yet? that would be really awesome! 20:20:37 jaosorior not yet, but there is a CR showing issues with tests that fail because of differences w/kmip 20:20:37 So good news is that I was able to get functional tests working with KMIP, except for four of them 20:20:45 ^ that 20:20:49 I had to think about this for a bit. 20:21:12 I have an issue with finding a KMIP device that supports PKCS#8 and opaque data objects. 20:21:13 rellerreller: You could submit a CR checking if kmip is being used and skipping those tests meanwhile 20:21:35 jaosorior I was thinking the same thing 20:21:40 rellerreller_ is there a "simulator" or does it require a real piece of HW? 20:21:45 I think that's the way to go 20:21:53 +1 to KMIP gate 20:21:55 it's better to test something, even if some are missing 20:21:59 -1 to DogTag voting for now 20:22:06 The downside of the KMIP tests is that it requires having username and password to access device, or possibly other sensitive data like private key 20:22:07 * redrobot is having connection problems 20:22:13 redrobot: Alright, I'll bring the topic in a couple of weeks then 20:22:21 hockeynut right now it requires hw 20:22:27 jaosorior the only reason I'm -1 right now is because the gate fails in stable/kilo 20:22:30 dang 20:22:31 as seen in 20:22:33 #link https://review.openstack.org/#/c/192339/ 20:22:43 redrobot: It will fail in stable/kilo cause there needs to be some backported patches 20:22:49 I do not know of a software KMIP server. We are working to write one, but it will be a long time from now. 20:22:56 aaaand I was supposed to file a bug report 20:23:10 can you set an action point for me to file a bug report for us to be able to backport those patches? 20:23:11 rellerreller_ "long time" = before midcycle, right ;-) 20:23:23 jaosorior as soon as we backport the fixes into stable/kilo I will be +2 to make the gate voting. 20:23:43 #action jaosorior to backport the DogTag gate fixes into stable/kilo 20:23:48 hockeynut long time means at least a year from now 20:23:57 thats what I figured 20:24:06 optimism-- 20:24:35 Now instead of an official gate check we could add a voting service 20:24:57 could a third party CI gate help in this case? 20:25:10 Like with Cinder and Nova that have plugins from different vendors. You can listen for patches and then vote on the patch. 20:25:26 we had started going down that path with HP folks 20:25:35 they have a pair of Attallah HSMs for that purpose 20:25:36 rellerreller_: I think this is what you're talking about http://docs.openstack.org/infra/system-config/third_party.html 20:25:37 That way we can setup this on our site and keep all of passwords and private keys private 20:25:58 but it seems to have stalled... last I heard the HSMs were in the process of being racked in the HP cloud. 20:26:07 jaosorior yes 20:26:29 rellerreller_ I think that's the way to go 20:26:43 I would love to learn how to do this if anyone has some spare time. 20:26:51 rellerreller_ jaosorior +1 20:27:00 I've gotta run to a class, but I really wish I could stay for the rest of this discussion 20:27:14 I tried learning this before and spent a few hours. At that point it was more complicated than a simple 8 hour job and had to abort. 20:27:16 rellerreller_ it involves setting up a few systems in your own cloud... like zuul and and others 20:27:28 kfarr have fun in class! 20:27:41 rellerreller_ yeah, definitely not a simple task. 20:27:41 sounds like a task for the mid-cycle 20:27:48 redrobot Ya, it was not as easy as I was hoping for. 20:28:18 Our other issue is performance. Having a real device in place can make the tests last 10-20 minutes. 20:28:33 cool, let's aim for hashing this out more for the mid-cycle. In the mean time I'll ping Rob Clark about the HP HSMs that we were going to use for this. 20:28:36 I'm not sure what kind of punishment we can put on these devices. 20:28:58 rellerreller_ a lot less than advertised, we've found :( 20:29:41 redrobot no bueno :( 20:30:20 anything else on DogTag/KMIP gates? 20:30:33 redrobot: Nothing else on my side 20:30:43 ok, moving on 20:30:49 #topic Mid-Cycle Sprint topics 20:31:09 the last discussion reminded me that we started an etherpad to start tracking mid-cycle sprint topics 20:31:13 #link https://etherpad.openstack.org/p/barbican-liberty-midcycle 20:31:20 Feel free to add topics to it 20:31:39 and that first item is basically what we just talked about (kmip) 20:32:32 also for reference, we have a M-cycle etherpad with topics we punted at the last summit: 20:32:34 #link https://etherpad.openstack.org/p/barbican-m-design-sessions 20:32:36 I was not expecting much resistance on that one :) 20:33:58 That's all I had on this topic. 20:34:04 any questions/comments? 20:35:00 ok, moving on 20:35:05 #topic Barbican Liberty-1 20:35:23 In case you missed it, the liberty-1 milestone release went out last week 20:35:31 #link https://launchpad.net/barbican/liberty/liberty-1 20:35:56 also we got to be included in the general announcement alongside all the cool kids :D 20:36:01 #link http://lists.openstack.org/pipermail/openstack-announce/2015-June/000391.html 20:36:23 almost makes me feel like we're part of openstack for reals 20:37:19 awesome! 20:37:30 w00t w00t 20:37:57 something to note is that our versioning scheme was changed 20:38:11 liberty-1 was versioned 1.0.0.0b1 20:38:40 * has to leave now 20:38:43 which means that the final liberty release will be versioned 1.0.0.0 20:39:02 shouldn't affect anyone except packagers 20:40:34 any questions/comments about the release? 20:41:00 will there be a party? 20:41:02 :P 20:41:29 chellygel sure... we can set aside the last 5 minutes of this meeting to party.... you bring the desk whiskey! :D 20:41:54 mmm desk whiskey... 20:42:06 have some leftovers for tomorrow pls 20:42:24 i miss my desk whiskey ;~; stupid corporate jobs haha 20:42:48 chellygel they've never said we can't drink... we just can't keep working after we drink :-P 20:43:06 alrighty guys, that's all I have for now. 20:43:18 lol 20:43:19 #topic Open Discussion and/or Review Requests 20:43:42 I have two open: https://review.openstack.org/#/c/171023/ https://review.openstack.org/#/c/181291/ 20:44:41 dave-mccowan added to queue 20:45:14 Also we need spec reviews 20:45:19 #link https://review.openstack.org/#/q/status:open+project:openstack/barbican-specs,n,z 20:45:39 it would be cool to land these before liberty-2 20:49:27 alrighty guys, looks like there's nothing else to talk about today. 20:49:37 thanks for coming, and happy reviewing! :D 20:49:40 #endmeeting