20:00:39 #startmeeting barbican 20:00:40 Meeting started Mon Feb 27 20:00:39 2017 UTC and is due to finish in 60 minutes. The chair is kfarr. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:41 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 20:00:43 The meeting name has been set to 'barbican' 20:01:15 #topic roll call 20:02:06 o/ 20:03:06 Not too many barbicaneers today! 20:03:11 * redrobot hears crickets 20:03:15 lol 20:03:20 hi kfarr !!! 20:03:31 hey redrobot :] 20:03:36 o/ 20:03:43 kfarr how was ATL? 20:03:56 ATL was great! Pretty productive 20:03:59 mrhillsman ping 20:04:13 +1 20:04:17 #topic PTG Update 20:05:00 Here are the notes from Barbican: 20:05:03 #link https://etherpad.openstack.org/p/ptg-barbican-pike 20:05:13 and from security: 20:05:16 #link https://etherpad.openstack.org/p/ptg-security-team 20:05:27 most interesting thing I think was the cross-project meeting AWG 20:05:44 also, our team photo! 20:05:47 #link https://www.flickr.com/photos/152419717@N06/32267857373/in/album-72157680602754246/ 20:06:02 they want to make key-manager a base service and perhaps make oslo adopt castellan 20:06:13 Yes, oslo.keymanager 20:06:30 bpoulos and I were going to reach out to oslo to see how we needed to go about that 20:06:49 dave-mccowan, unless you think it would be better coming from the PTL? 20:07:38 kfarr go for it. let me know if you need anything from me. 20:07:57 Gotcha. We also talked a lot about a Vault plugin 20:08:20 o/ 20:08:39 hyakuhei has a WIP patch here: https://review.openstack.org/#/c/438009/ 20:09:10 could we change the name to solo and keep ownership? 20:09:27 redrobot, as far as I know, we would still keep ownership 20:09:41 we, meaning the barbican team 20:09:43 the reason we have Castellan in the first place is because the Oslo team did not feel they had enough domain knowledge to review patches for oslo.key_manager 20:10:56 Yeah, it was my understanding that it would just be a name change, everything else would stay the same 20:11:10 * redrobot wonders if we can clean up the namespace a bit for that rename? 20:11:21 Yess, I hope so too 20:11:30 would love your opinions on that, redrobot 20:11:36 exactly my thoughts 20:11:48 kfarr great minds think alike ;) 20:11:58 hopefully no more common.objects 20:12:07 \o/ 20:12:16 presumably we'd need to make sure things are backward compatible? or would we need to make changes in any case? 20:12:36 and so we can grandfather things in .. 20:12:49 We would have to switch out the library in each project anyway 20:12:53 hey 20:13:00 sorry so late 20:13:33 was in uc meeting 20:13:46 Thanksk mrhillsman! We're still catching up on the PTG 20:14:01 Does anyone want to talk about anything in particular about the PTG? 20:14:27 Otherwise we can move on to the other agenda items 20:15:02 can we get some action items on the base services stuff? 20:15:28 the oslo weekly meeting is on Mondays 20:15:41 I can bring it up next monday? Or maybe email the ML to get things rolling? 20:15:54 #action kfarr to talk to oslo about switching castellan to oslo.keymanager 20:16:11 redrobot, the oslo meeting already happened today? 20:16:29 Do you usually go to those meetings? 20:16:30 https://etherpad.openstack.org/p/barbican-pike-ptg-barbican-discussion 20:17:26 those are the notes from that discussion. ArchWG took the action item "to engage consuming products". we should sync with Clint to stay in the loop 20:18:11 we should start a list of our internal actions items on "how can we make castellan better while we're renaming it?" 20:20:02 kfarr yeah, meeting was this morning. I usually check it on the eavesdrop log, but I can attend next week. 20:20:15 or just go ping some folks in #openstack-oslo 20:20:58 Started an etherpad here: https://etherpad.openstack.org/p/oslo-keymanager 20:21:38 Ok cool, I can do that 20:21:48 Ok, anything else? 20:22:27 Moving on to... 20:22:33 #topic Backlog review 20:23:01 During the PTG, we cleaned up the bugs for barbican 20:23:11 Went from 72 bugs to 46! 20:23:20 \o/ 20:23:40 Though the review backlog still has a bunch of patches up 20:24:06 So code reviews from everyone would be much appreciated 20:24:19 Moving on.. 20:24:25 #topic Tempest testing 20:24:48 Dane and Brianna have been working on the image signing scenario 20:24:50 https://review.openstack.org/#/c/431241/ 20:25:04 They got it to pass during the PTG 20:25:24 but then infra made some changes to how the gates use localrc / local.conf, so now it's broken 20:25:30 waiting for changes on the infra side 20:25:56 Also, we made some changes to decouple the barbican-tempest-plugin install from the barbican devstack plugin 20:26:29 Which makes one less dependency for other projects (like ocatvia) who want to test barbican in the gate 20:26:30 https://review.openstack.org/#/c/437028/ 20:26:57 Brianna gave a walkthrough of the image signing scenario test during the PTG 20:27:28 so if anyone has ideas for other barbican integration tests they'd like to see, we're open to them 20:27:45 That's all I've got for that, so moving on... 20:27:55 #topic Operator's adopt-a-prokject 20:27:59 #topic Operator's adopt-a-prokect 20:28:05 #topic Operator's adopt-a-project 20:28:34 mrhillsman any update? 20:30:00 so 20:30:15 we have nothing from any barbican team members yet 20:30:28 raddaoui_____: 20:30:51 what do you need from us? 20:30:53 is the point of contact within osic 20:31:16 an example is what ironic folks put 20:31:23 they are going to start work on rolling upgrades 20:31:37 Probably here, right? 20:31:39 #link https://etherpad.openstack.org/p/ops-adopt-a-project-pike 20:31:40 and would like to have us install and test it 20:31:41 o/ everyone 20:31:42 yep 20:31:58 we do not have any specifics from our end beyond what we have there 20:32:07 if that works, great 20:32:18 scope is not defined right now 20:32:31 some things that would be great to have from operators: 20:32:47 - What is needed from Barbican to increase adoption? 20:32:56 beyond trying to help barbican climb maturity scale 20:33:30 - We have a back log of old bugs, maybe you can help us recreate/triage them to see if they are still valid. 20:33:49 - Review our documentation from an operator's perspective, and help us update 20:34:32 ok, anything else? 20:34:36 i added those two 20:34:43 operators == folks running openstack clouds currently? 20:34:56 yeah 20:35:01 I'm curious to know if anyone has existing key management solutions in place 20:35:26 e.g. existing access to HSMs, or other secret storing service 20:35:29 captures 20:35:31 captured 20:35:43 if so, hardware or software based? 20:35:48 Also, should include install issues/suggestions 20:35:58 our biggest source of questions seems to be from users of Octavia and Barbican together. it'd be nice to have that scenario better tested and documented. 20:36:01 against the install docs 20:36:09 yeah, 20:36:15 I think our CLI has to be better 20:36:22 ++ 20:36:24 I'd still like to see the --file patches land 20:36:26 so you can 20:36:40 all good stuff 20:36:43 openstack secret create --name "my RSA key" --file key.pem 20:36:44 keep going :) 20:36:50 i'm adding to etherpad hehe 20:36:59 this is basically what we would like 20:37:03 random stuff going on there 20:37:13 then we can figure out what all we can do 20:37:39 it'll be interesting to learn how many folks are not using centralized key management 20:38:17 there was a question on a ML thread on whether operators wanted a key manager that could also work outside openstack 20:38:25 was just about to touch on that again, we did not think about, at least i did not, assisting with info gathering 20:41:27 looks like offline upgrade capabilites would give us another point on the project tracker 20:41:30 anything else? 20:41:32 #link https://www.openstack.org/software/releases/ocata/components/barbican 20:41:45 as well as minimal rolling upgrade 20:41:53 I think minimal may already be working 20:42:44 also, why does that youtube video make me look cheekier than I really am? 20:42:45 :-P 20:42:55 lol 20:43:07 i was like, is that doug 20:44:08 I can't think of anything else, but I'll add it to the etherpad if I do 20:44:09 i think we have good offline upgrade support. we need to add a gate test for upgrade to get the point. 20:45:06 Alright! Anything else for this topic before we move on? 20:45:52 Thanks mrhillsman and raddaoui_____ 20:45:59 moving on.. 20:46:07 #topic code review requests 20:46:15 We've got a few from Jeremy 20:46:26 Maintain policy in code: 20:46:28 #link https://review.openstack.org/#/c/431524/ 20:46:41 Fix serializable issues: 20:46:44 #link https://review.openstack.org/#/c/431405/ 20:46:55 Fix kmip plugin: 20:46:58 #link https://review.openstack.org/#/c/414405/ 20:47:08 Refactor barbicanclient: 20:47:10 #link https://review.openstack.org/#/c/403604/ 20:47:41 I've got a few, too: 20:47:57 Add list filter feature to python-barbicanclient: 20:47:58 thanks for entertaining us! 20:48:21 #link https://review.openstack.org/#/c/400370/ 20:48:47 Add ability to get only metadata in Castellan: 20:48:50 #link https://review.openstack.org/#/c/412558/ 20:49:16 Remove barbican-tempest-plugin from devstack plugin: 20:49:18 #link https://review.openstack.org/#/c/437028/ 20:49:29 thanks everybody we have a lot of work now 20:49:56 Does anyone have anything else? 20:50:12 Otherwise, let's open it up to any other business 20:52:04 Ok, sounds like that's it for today 20:52:18 thanks kfarr ! 20:52:23 Thanks for coming! 20:52:39 #endmeeting