#openstack-meeting-alt log

20:00:39 <kfarr> #startmeeting barbican
20:00:40 <openstack> Meeting started Mon Feb 27 20:00:39 2017 UTC and is due to finish in 60 minutes.  The chair is kfarr. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:41 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:43 <openstack> The meeting name has been set to 'barbican'
20:01:15 <kfarr> #topic roll call
20:02:06 <redrobot> o/
20:03:06 <kfarr> Not too many barbicaneers today!
20:03:11 * redrobot hears crickets
20:03:15 <redrobot> lol
20:03:20 <redrobot> hi kfarr !!!
20:03:31 <kfarr> hey redrobot :]
20:03:36 <dave-mccowan> o/
20:03:43 <redrobot> kfarr how was ATL?
20:03:56 <kfarr> ATL was great!  Pretty productive
20:03:59 <dave-mccowan> mrhillsman ping
20:04:13 <dave-mccowan> +1
20:04:17 <kfarr> #topic PTG Update
20:05:00 <kfarr> Here are the notes from Barbican:
20:05:03 <kfarr> #link https://etherpad.openstack.org/p/ptg-barbican-pike
20:05:13 <kfarr> and from security:
20:05:16 <kfarr> #link https://etherpad.openstack.org/p/ptg-security-team
20:05:27 <dave-mccowan> most interesting thing I think was the cross-project meeting AWG
20:05:44 <kfarr> also, our team photo!
20:05:47 <kfarr> #link https://www.flickr.com/photos/152419717@N06/32267857373/in/album-72157680602754246/
20:06:02 <dave-mccowan> they want to make key-manager a base service and perhaps make oslo adopt castellan
20:06:13 <kfarr> Yes, oslo.keymanager
20:06:30 <kfarr> bpoulos and I were going to reach out to oslo to see how we needed to go about that
20:06:49 <kfarr> dave-mccowan, unless you think it would be better coming from the PTL?
20:07:38 <dave-mccowan> kfarr go for it.  let me know if you need anything from me.
20:07:57 <kfarr> Gotcha.  We also talked a lot about a Vault plugin
20:08:20 <alee> o/
20:08:39 <kfarr> hyakuhei has a WIP patch here: https://review.openstack.org/#/c/438009/
20:09:10 <redrobot> could we change the name to solo and keep ownership?
20:09:27 <kfarr> redrobot, as far as I know, we would still keep ownership
20:09:41 <kfarr> we, meaning the barbican team
20:09:43 <redrobot> the reason we have Castellan in the first place is because the Oslo team did not feel they had enough domain knowledge to review patches for oslo.key_manager
20:10:56 <kfarr> Yeah, it was my understanding that it would just be a name change, everything else would stay the same
20:11:10 * redrobot wonders if we can clean up the namespace a bit for that rename?
20:11:21 <kfarr> Yess, I hope so too
20:11:30 <kfarr> would love your opinions on that, redrobot
20:11:36 <kfarr> exactly my thoughts
20:11:48 <redrobot> kfarr great minds think alike ;)
20:11:58 <kfarr> hopefully no more common.objects
20:12:07 <redrobot> \o/
20:12:16 <alee> presumably we'd need to make sure things are backward compatible? or would we need to make changes in any case?
20:12:36 <alee> and so we can grandfather things in ..
20:12:49 <kfarr> We would have to switch out the library in each project anyway
20:12:53 <mrhillsman> hey
20:13:00 <mrhillsman> sorry so late
20:13:33 <mrhillsman> was in uc meeting
20:13:46 <kfarr> Thanksk mrhillsman!  We're still catching up on the PTG
20:14:01 <kfarr> Does anyone want to talk about anything in particular about the PTG?
20:14:27 <kfarr> Otherwise we can move on to the other agenda items
20:15:02 <redrobot> can we get some action items on the base services stuff?
20:15:28 <redrobot> the oslo weekly meeting is on Mondays
20:15:41 <redrobot> I can bring it up next monday?  Or maybe email the ML to get things rolling?
20:15:54 <kfarr> #action kfarr to talk to oslo about switching castellan to oslo.keymanager
20:16:11 <kfarr> redrobot, the oslo meeting already happened today?
20:16:29 <kfarr> Do you usually go to those meetings?
20:16:30 <dave-mccowan> https://etherpad.openstack.org/p/barbican-pike-ptg-barbican-discussion
20:17:26 <dave-mccowan> those are the notes from that discussion.  ArchWG took the action item "to engage consuming products".  we should sync with Clint to stay in the loop
20:18:11 <dave-mccowan> we should start a list of our internal actions items on "how can we make castellan better while we're renaming it?"
20:20:02 <redrobot> kfarr yeah, meeting was this morning.  I usually check it on the eavesdrop log, but I can attend next week.
20:20:15 <redrobot> or just go ping some folks in #openstack-oslo
20:20:58 <kfarr> Started an etherpad here: https://etherpad.openstack.org/p/oslo-keymanager
20:21:38 <kfarr> Ok cool, I can do that
20:21:48 <kfarr> Ok, anything else?
20:22:27 <kfarr> Moving on to...
20:22:33 <kfarr> #topic Backlog review
20:23:01 <kfarr> During the PTG, we cleaned up the bugs for barbican
20:23:11 <kfarr> Went from 72 bugs to 46!
20:23:20 <redrobot> \o/
20:23:40 <kfarr> Though the review backlog still has a bunch of patches up
20:24:06 <kfarr> So code reviews from everyone would be much appreciated
20:24:19 <kfarr> Moving on..
20:24:25 <kfarr> #topic Tempest testing
20:24:48 <kfarr> Dane and Brianna have been working on the image signing scenario
20:24:50 <kfarr> https://review.openstack.org/#/c/431241/
20:25:04 <kfarr> They got it to pass during the PTG
20:25:24 <kfarr> but then infra made some changes to how the gates use localrc / local.conf, so now it's broken
20:25:30 <kfarr> waiting for changes on the infra side
20:25:56 <kfarr> Also, we made some changes to decouple the barbican-tempest-plugin install from the barbican devstack plugin
20:26:29 <kfarr> Which makes one less dependency for other projects (like ocatvia) who want to test barbican in the gate
20:26:30 <kfarr> https://review.openstack.org/#/c/437028/
20:26:57 <kfarr> Brianna gave a walkthrough of the image signing scenario test during the PTG
20:27:28 <kfarr> so if anyone has ideas for other barbican integration tests they'd like to see, we're open to them
20:27:45 <kfarr> That's all I've got for that, so moving on...
20:27:55 <kfarr> #topic Operator's adopt-a-prokject
20:27:59 <kfarr> #topic Operator's adopt-a-prokect
20:28:05 <kfarr> #topic Operator's adopt-a-project
20:28:34 <dave-mccowan> mrhillsman any update?
20:30:00 <mrhillsman> so
20:30:15 <mrhillsman> we have nothing from any barbican team members yet
20:30:28 <mrhillsman> raddaoui_____:
20:30:51 <dave-mccowan> what do you need from us?
20:30:53 <mrhillsman> is the point of contact within osic
20:31:16 <mrhillsman> an example is what ironic folks put
20:31:23 <mrhillsman> they are going to start work on rolling upgrades
20:31:37 <kfarr> Probably here, right?
20:31:39 <kfarr> #link https://etherpad.openstack.org/p/ops-adopt-a-project-pike
20:31:40 <mrhillsman> and would like to have us install and test it
20:31:41 <raddaoui_____> o/ everyone
20:31:42 <mrhillsman> yep
20:31:58 <mrhillsman> we do not have any specifics from our end beyond what we have there
20:32:07 <mrhillsman> if that works, great
20:32:18 <mrhillsman> scope is not defined right now
20:32:31 <dave-mccowan> some things that would be great to have from operators:
20:32:47 <dave-mccowan> - What is needed from Barbican to increase adoption?
20:32:56 <mrhillsman> beyond trying to help barbican climb maturity scale
20:33:30 <dave-mccowan> - We have a back log of old bugs, maybe you can help us recreate/triage them to see if they are still valid.
20:33:49 <dave-mccowan> - Review our documentation from an operator's perspective, and help us update
20:34:32 <mrhillsman> ok, anything else?
20:34:36 <mrhillsman> i added those two
20:34:43 <redrobot> operators == folks running openstack clouds currently?
20:34:56 <mrhillsman> yeah
20:35:01 <redrobot> I'm curious to know if anyone has existing key management solutions in place
20:35:26 <redrobot> e.g. existing access to HSMs, or other secret storing service
20:35:29 <mrhillsman> captures
20:35:31 <mrhillsman> captured
20:35:43 <redrobot> if so, hardware or software based?
20:35:48 <Rockyg> Also, should include install issues/suggestions
20:35:58 <dave-mccowan> our biggest source of questions seems to be from users of Octavia and Barbican together.  it'd be nice to have that scenario better tested and documented.
20:36:01 <Rockyg> against the install docs
20:36:09 <redrobot> yeah,
20:36:15 <redrobot> I think our CLI has to be better
20:36:22 <Rockyg> ++
20:36:24 <redrobot> I'd still like to see the --file patches land
20:36:26 <redrobot> so you can
20:36:40 <mrhillsman> all good stuff
20:36:43 <redrobot> openstack secret create --name "my RSA key" --file key.pem
20:36:44 <mrhillsman> keep going :)
20:36:50 <mrhillsman> i'm adding to etherpad hehe
20:36:59 <mrhillsman> this is basically what we would like
20:37:03 <mrhillsman> random stuff going on there
20:37:13 <mrhillsman> then we can figure out what all we can do
20:37:39 <redrobot> it'll be interesting to learn how many folks are not using centralized key management
20:38:17 <redrobot> there was a question on a ML thread on whether operators wanted a key manager that could also work outside openstack
20:38:25 <mrhillsman> was just about to touch on that again, we did not think about, at least i did not, assisting with info gathering
20:41:27 <redrobot> looks like offline upgrade capabilites would give us another point on the project tracker
20:41:30 <mrhillsman> anything else?
20:41:32 <redrobot> #link https://www.openstack.org/software/releases/ocata/components/barbican
20:41:45 <redrobot> as well as minimal rolling upgrade
20:41:53 <redrobot> I think minimal may already be working
20:42:44 <redrobot> also, why does that youtube video make me look cheekier than I really am?
20:42:45 <redrobot> :-P
20:42:55 <mrhillsman> lol
20:43:07 <mrhillsman> i was like, is that doug
20:44:08 <redrobot> I can't think of anything else, but I'll add it to the etherpad if I do
20:44:09 <dave-mccowan> i think we have good offline upgrade support.  we need to add a gate test for upgrade to get the point.
20:45:06 <kfarr> Alright! Anything else for this topic before we move on?
20:45:52 <kfarr> Thanks mrhillsman and raddaoui_____
20:45:59 <kfarr> moving on..
20:46:07 <kfarr> #topic code review requests
20:46:15 <kfarr> We've got a few from Jeremy
20:46:26 <kfarr> Maintain policy in code:
20:46:28 <kfarr> #link https://review.openstack.org/#/c/431524/
20:46:41 <kfarr> Fix serializable issues:
20:46:44 <kfarr> #link https://review.openstack.org/#/c/431405/
20:46:55 <kfarr> Fix kmip plugin:
20:46:58 <kfarr> #link https://review.openstack.org/#/c/414405/
20:47:08 <kfarr> Refactor barbicanclient:
20:47:10 <kfarr> #link https://review.openstack.org/#/c/403604/
20:47:41 <kfarr> I've got a few, too:
20:47:57 <kfarr> Add list filter feature to python-barbicanclient:
20:47:58 <mrhillsman> thanks for entertaining us!
20:48:21 <kfarr> #link https://review.openstack.org/#/c/400370/
20:48:47 <kfarr> Add ability to get only metadata in Castellan:
20:48:50 <kfarr> #link https://review.openstack.org/#/c/412558/
20:49:16 <kfarr> Remove barbican-tempest-plugin from devstack plugin:
20:49:18 <kfarr> #link https://review.openstack.org/#/c/437028/
20:49:29 <raddaoui_____> thanks everybody we have a lot of work now
20:49:56 <kfarr> Does anyone have anything else?
20:50:12 <kfarr> Otherwise, let's open it up to any other business
20:52:04 <kfarr> Ok, sounds like that's it for today
20:52:18 <redrobot> thanks kfarr !
20:52:23 <kfarr> Thanks for coming!
20:52:39 <kfarr> #endmeeting