#openstack-barbican log

03:00:13 <alee> #startmeeting barbican
03:00:14 <openstack> Meeting started Tue Mar 13 03:00:13 2018 UTC and is due to finish in 60 minutes.  The chair is alee. Information about MeetBot at http://wiki.debian.org/MeetBot.
03:00:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
03:00:17 <openstack> The meeting name has been set to 'barbican'
03:00:26 <alee> #topic roll call
03:00:39 <liujiong> hi alee
03:00:47 <alee> hello :)
03:01:00 <dave-mccowan> o/
03:01:08 <liujiong> finally, I get chance to attend our weekly meeting
03:01:09 <alee> hi dave-mccowan
03:01:17 <liujiong> hi dave-mccowan
03:01:30 <dave-mccowan> hello all
03:01:35 <dave-mccowan> namnh ping
03:01:51 <namnh> dave-mccowan: pong
03:02:14 <alee> namnh, its the barbican weekly meeting now in case you'd like  to join
03:02:40 <namnh> alee: yes, i'm going to join it
03:03:02 <alee> namnh, good to see you here
03:04:33 <alee> welcome everyone - good to see a good attendance for our new time
03:04:55 <alee> we'll keep it at this time from now onwards
03:05:05 <alee> #topic rocky
03:05:37 <alee> I have collected some thoughts on what could be our focuses in rocky
03:05:45 <alee> https://etherpad.openstack.org/p/barbican-tracker-rocky
03:06:10 <alee> as well as various important dates.
03:06:38 <openstackgerrit> Rajat Sharma proposed openstack/barbican master: [WIP]Retrieving DER DSA keys  https://review.openstack.org/551967
03:06:39 <alee> If there is anything else you'd like to add, or comment on, please go ahead
03:07:01 <alee> rajat__, hello :)
03:07:28 <alee> please add any bugs that concern youin particular to the list at the bottom as well.
03:08:14 <alee> I have not had a chance to go trough the bugs yet - but knowing which ones folks are working on/ or are affected by will help.
03:09:15 <alee> any questions /concerns/ comments?
03:09:54 <liujiong> ok
03:10:06 <namnh> yes, got it
03:10:47 <alee> cool
03:10:56 <dave-mccowan> do we want to try to match work items to milestones?  i like deadlines to help prioritize work.  it'll also help to know which items need high priority reviews, etc.
03:11:51 <alee> dave-mccowan, that dos sound like a good idea -- it would also be nice to match works items with folks too.
03:12:36 <alee> all, are there work items that folks would like to sign up for?  or others they'd like to propose
03:12:38 <alee> ?
03:13:02 <alee> that way we can see who will work on various things through
03:13:38 <alee> i would also be nice to get any new specs written by milestone one too
03:14:46 <alee> dave-mccowan, certainly though I think though we can try to get all the queens carry-ovwer work done by milestone 1
03:14:56 <alee> dave-mccowan, namnh is that possible?
03:16:22 <dave-mccowan> alee i'll commit to the three client item for m-1.
03:16:30 <alee> namnh, I know you've been waiting on reviews -- are there further patches needed afterwards for rolling upgrades?
03:17:32 <namnh> alee: well, i try my best to update OVO but there are so many unit-test need to be updated.
03:18:05 <alee> namnh, is milestone 2 a more realistic target?
03:18:38 <namnh> alee: i will trying my best
03:18:48 <namnh> alee: i will try my best
03:18:49 <alee> I do plan to review your existing patch very soon - hopefully this week
03:19:05 <alee> namnh, all we can ask for :)
03:19:21 <alee> lets put milestone 2 for now and see how it goes ..
03:19:56 <namnh> alee: yes
03:21:09 <alee> if anyone is interested in any other topics/ features on the list, please fill in and propose milestone
03:21:35 <alee> or any other features they would like to work on
03:22:24 <alee> any other comments/questions on this topic?
03:23:54 <alee> #topic intros
03:24:19 <alee> I should have lead with this - but given that this is the first time we're having this meting at this time,
03:24:39 <alee> we are probably chatting for the first time with a few folks.
03:25:19 <alee> I'm particlatrly interested in what your interest in barbican is, whether you're using it and how, and what you'e interested in
03:25:34 <alee> I guess I'll start ..
03:26:25 <alee> I'm Ade Lee (PTL).  I work for Red Hat . anwe;ll be releasing Barbican as part of OSP 13 very soon
03:26:54 <alee> so I have been working on integration of Barbican with tripleo
03:27:21 <alee> and will be working on doing things like performace testing esecially against the pkcs11 and dogtag plugins
03:27:36 <alee> and getting more inegration scenarios in place.
03:28:05 <alee> one of the things that might happen in the triple-o space is that we may put barbica in the undercloud to hndle secrets there
03:28:32 <alee> I'm also keeping tabs in the ongoing castellan /oslo integration work.
03:28:48 <alee> ok -- next up?
03:29:02 <alee> dave-mccowan, ?
03:31:03 <alee> namnh, liujiong , rajat_ ?
03:31:33 <liujiong> so i'll be the next one
03:32:32 <liujiong> I'm Jeremy Liu, work for GohighSec in China, a company aims to enhance security in cloud computing
03:33:53 <alee> liujiong, hey Jeremy -  do you guys have deployments with barbican?
03:33:54 <liujiong> Recently, we've been integrating SGX with barbican to provide secure communication channel/secret transportation.
03:34:03 <alee> oh nice!
03:34:43 <dave-mccowan> i'm Dave.  My focus is cloud security at my company.  I started contributing to Barbican a few years ago and have been PTL and a core reviewer.  I see Barbican as instrumental in OpenStack to enable data encryption.  My company's offerings do not currently include Barbican, but I hope we can include it soon.  (Support in OSP 13 will help.)
03:35:31 <dave-mccowan> liujiong Is there much extra code to use SGX?  can that code be committed back to OpenStack?
03:36:05 <liujiong> That work is mostly a PoC, there's much to improve
03:36:18 <namnh> I am Nam, from Fujitsu VN which is IT company. For now, I am focusing on rolling upgrade for Barbican and i hope that i can implement this interesting feature.
03:36:35 <namnh> for Barbican
03:37:05 <alee> namnh, does your company use barbican?
03:37:37 <namnh> Yes, we do
03:37:57 <alee> do you guys use it with an hsm or other backend?
03:38:09 <alee> or just with simple crypto
03:38:11 <alee> ?
03:39:17 <namnh> i am not sure about this information. maybe HSM
03:39:59 <alee> namnh, just curious :)
03:40:06 <namnh> For now, Fujitsu Japan is using Barbican, that company is parent of Fujitsu VN
03:40:51 <alee> I'd like to try to find out if anyone is actually using barbican in production with an HSM so we can actually make sure its well tested
03:41:40 <alee> namnh, are there other features you're interested in - once we wrap up rolling upgrades?
03:42:17 <namnh> alee: ok, i will ask Fujitsu Japan about use-cases
03:42:40 <namnh> :)) all of my effort are focusing on rolling-upgrade
03:42:46 <alee> namnh, cool - that would be great to know.
03:43:02 <namnh> alee: ^^
03:43:14 <alee> anyone else for intros?
03:43:26 <alee> rajat_, ?
03:43:59 <namnh> sorry, but "intros?", what do that mean?
03:44:14 <namnh> introduction?
03:44:28 <alee> yup introductions
03:44:44 <namnh> :) thanks
03:45:19 <alee> np:)
03:45:48 <alee> #topic sgx
03:46:08 <alee> liujiong, I'm pretty interested in the sgx stuff.
03:46:22 <alee> neat to know that you're working on it
03:47:08 <alee> I've seen the code, but yeah - its all poc -- and needs work to actually get it into the upsteam barbican
03:47:41 <liujiong> yeah, much to improve to meet upstream requirements
03:48:01 <liujiong> and deployment requirements
03:49:24 <alee> liujiong, would you guys be interested in taking some of that on?
03:49:46 <alee> I know its a lot, and the intel guys seem to want to throw it over the wall as it were.
03:50:21 <liujiong> yes, I do, but not sure for R cycle
03:50:57 <alee> yeah I think it would be too much for that.
03:51:25 <alee> would be really useful though - especially if you add the attestation bits as well
03:51:54 <liujiong> yup, we tested RA feature
03:51:59 <liujiong> works fine
03:52:32 <alee> good to know ..
03:52:33 <dave-mccowan> SGX could be a good Forum talk at summit
03:53:16 <alee> I know they have proposed a talk at the summit -- if that gets accepted, we can certainly open a forum talk for them there too.
03:54:00 <alee> I'll continue to let them know that folks are interested and trying their stuff out ..
03:54:12 <liujiong> cool
03:54:30 <alee> #topic anything else?
03:54:58 <alee> any other topics?
03:55:03 <namnh> yes
03:55:22 <namnh> https://review.openstack.org/#/c/547120/
03:55:54 <namnh> For there are a error during upgrade Barbican database with maridbdb 10.2.12
03:55:58 <liujiong> that's all from me, and it's lunch time, thank you all for this meeting
03:56:17 <alee> liujiong, thats Jeremy!
03:56:21 <alee> thanks
03:56:29 <namnh> I already checkit, it will be fixed at mariadb 10.2.13
03:56:57 <alee> namnh, oh - thats really good to know --I've been trying to reproduce this
03:57:26 <alee> namnh, whats the issue in mariadb 10.2.12?
03:58:02 <namnh> here is the bug which was fixed at 10.2.13
03:58:04 <namnh> https://jira.mariadb.org/browse/MDEV-13508
03:59:43 <alee> namnh, nice detctive work -- I see a koji build https://koji.fedoraproject.org/koji/buildinfo?buildID=1054329
04:00:19 <alee> for 10.2.13-2 -- so maybe that update is not pushed yet?
04:01:41 <namnh> yes, i check in devstack.log in gate barbican-dogtag-devstack-functional-fedora-27
04:02:04 <namnh> it is using mariadb 10.2.12
04:02:16 <namnh> http://logs.openstack.org/20/547120/2/check/barbican-dogtag-devstack-functional-fedora-27/8f93ca1/logs/devstacklog.txt.gz
04:03:45 <alee> namnh, ok - thanks for tracking down the issue -- I can follow up with the maintainer for mariadb to find out the status of the update - and maybe get it pushed out sooner rather than later
04:04:36 <alee> cheecking bodhi
04:06:18 <alee> namnh, https://bodhi.fedoraproject.org/updates/FEDORA-2018-00647ae0d5
04:07:02 <alee> namnh, so shoudl go to stable in looks like 3 days
04:08:11 <namnh> alee: yes, i just need to wait for now, right?
04:08:20 <alee> which should hopefully resolve this issue
04:08:31 <alee> namnh, I think so :)
04:08:55 <alee> namnh, I can check wth the maintainer if we need to hurry it up - do we?
04:10:14 <namnh> alee: i think no need :0
04:10:31 <alee> cool - nice figuring it out :)
04:10:45 <alee> any other  business?
04:10:54 <namnh> that's all to me
04:11:00 <namnh> :)
04:11:10 <alee> thank for coming, all !  see ya next week !
04:11:17 <alee> #endmeeting