12:01:12 #startmeeting barbican 12:01:13 Meeting started Tue Jul 31 12:01:12 2018 UTC and is due to finish in 60 minutes. The chair is ade_lee. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:01:15 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:01:17 The meeting name has been set to 'barbican' 12:01:30 #topic roll call 12:01:41 o/ 12:01:43 o/ 12:02:11 o/ 12:02:17 and redrobot is here :) 12:02:28 * redrobot waves 12:02:48 a minute or so more .. 12:02:49 👋 12:03:36 welcome all -- lets get started 12:03:42 #topic rocky 12:04:07 so last week we had the m3 release - thanks to dave-mccowan for kicking that off 12:04:29 so that means we're in the final stretches of getting stuff in for rocky 12:04:41 o/ 12:05:06 there is still quite a bit to get in -- so we really need to try to get things reviewed and in 12:05:43 I've been using this to track things -- https://tinyurl.com/yctfozgh 12:05:50 o/ 12:05:57 dave-mccowan, hey dave-mccowan 12:06:22 the main features we're trying to get in -- 12:06:32 OVO patches .. 12:06:46 https://review.openstack.org/473658 needs some reviews 12:06:49 may i ask what's OVO? 12:07:05 oslo versioned objects 12:07:15 ade_lee: thanks 12:07:37 allows us to do rolling upgrades 12:07:59 and then be able to do database changes etc. more seamlessly 12:08:19 cool, gotcha 12:08:35 there are also some OVO patches which I've reviewed but could use second sets of eyes etc. 12:08:47 also -- vault plugin 12:09:07 lxkong has done a great job getting the vault plugin tests to pass 12:09:20 :-) 12:09:23 it would be great to be able to get all the tests passing 12:09:35 we are going to use vault plugin as backend for barbican 12:09:45 and that means being able to create asymmetric keys 12:10:00 which means a change in castellan 12:10:07 ade_lee: i have left comment in that patch 12:10:10 after testing 12:10:16 https://review.openstack.org/575800 12:10:35 lxkong, ack - I saw that and will try to address it today or tommorow 12:10:50 but we really need some more eyes on this .. 12:10:50 awesome 12:10:59 jaosorior, dave-mccowan , redrobot ^^ 12:11:36 I had hoped to get that change in before the client lib deadline - so we may need some feature freze exception for it 12:11:50 as its a client library 12:12:04 dave-mccowan, redrobot do you know the procedure for that? 12:12:37 I _think_ you just need to send a message to the ML 12:12:47 ade_lee: i guess we also need to bump the castellan version dependency in barbican 12:12:50 I doubt anyone will give us grief about it 12:12:57 ade_lee you should loop in oslo ptl, since oslo owns it now. 12:13:33 ack -- ok - well lets get it ready to merge first 12:13:50 I've been trying to test it here - https://review.openstack.org/586571 12:14:20 so far without success - but some folks in #openstack-infra pointed me to LIBS_FROM_GIT parameter 12:14:27 so I'm going to try that .. 12:14:54 https://docs.openstack.org/devstack/latest/development.html#testing-changes-to-libraries 12:15:15 also -- we'd like to get Luzi change in .. 12:15:39 so that we have support for xts mode with a large enough bit length 12:16:06 jaosorior, redrobot -- would like some feedback from ya'll there 12:16:28 https://review.openstack.org/577096 12:16:45 Luzi, I'll approve once you add a release note 12:16:47 also, i have a question - i was trying to create arelease note, but it failed somehow... 12:17:05 i used that command: tox -e venv -- reno new 12:17:07 hmm .. reno failed ? 12:17:11 yep 12:17:15 logs? 12:17:25 ERROR: InvocationError: could not find executable 'reno' 12:17:45 maybe you need to pip install reno ? 12:18:38 well, i added a release note to another patch, a few days ago without problems 12:19:17 oh well, i needed another version as it seemes 12:19:22 Luzi: reno is not part of barbican's requirements 12:19:27 thank you :) 12:19:33 either you need to pip install reno in that venv 12:19:41 or install it in your host (fedora packages it :D) 12:20:03 it worked now 12:20:16 i add the release note after the meeting 12:20:18 jaosorior, should we add it to requirements? do other projects have it? 12:20:23 not that I know of 12:20:33 ok 12:21:15 ok - those are the biggest things we need to get in right now - I think 12:21:21 maybe add it to test-requirements? 12:21:25 cool cool 12:21:28 are there any others that folks are concerned about ? 12:21:32 ade_lee: so your patch depends on Luzi's patch? 12:21:38 Luzi: thanks for the commit, by the way 12:21:39 ade_lee, actually, reno is a doc requirement https://github.com/openstack/keystone/blob/199e9b523878c7b0c40750e5534f14ad7bfa5bc2/doc/requirements.txt#L7 12:22:01 raildo, that makes sense 12:22:11 ade_lee, so, you can use the reno tool to generate the release notes later 12:22:13 Luzi, the command should be tox -e docs -- reno new 12:22:29 raildo, right 12:22:51 raildo, so it should be added to docs requirements.txt? 12:22:57 ah thanks redrobot - i used the command from the docu 12:23:17 which its in actually 12:23:20 ade_lee, yep 12:23:31 cool - so nothing to do 12:23:35 yay 12:23:56 jaosorior, I think my patch is independent of Luzi patch 12:24:18 jaosorior, why would it depend on it? 12:24:59 ade_lee: I had that notion for some reason. Anyway, might wanna talk to Lingxian Kong to see if his -1 has been addressed elsewhere 12:25:15 or if he's alright removing the -1 12:25:34 jaosorior, nah - we should have a better unit test in castellan itself 12:26:03 jaosorior, redrobot hrybacki has a patch here -- https://review.openstack.org/575218 12:26:17 about policy changes -- 12:26:33 funky it has a "Cannot Merge" sign 12:26:42 doc and policy in code -- might be nice to get that in - but it needs to be rebased .. 12:26:48 yeah 12:26:49 most likely 12:27:14 ok - anything else for rocky? 12:27:14 merge conflict 12:27:19 needs to be re-worked 12:27:23 ack 12:27:55 #topic barbican-specs 12:28:14 I added a new spec for folks to look at please for stein 12:28:27 https://review.openstack.org/586606 12:28:41 not urgent , but these things do take time 12:29:05 would especially like imput from the OVO side 12:29:38 I'm also planning to add a spec for a feature that abishop asked about -- being able to transfer ownership of secrets 12:29:46 alwould be nice to get assignee(s) for that spec 12:30:19 jaosorior, indeed -- anyone please feel free to volunteer :) 12:30:42 would it be a good idea to have a listing of "open work" in the wiki or something of the sort? 12:31:04 jaosorior, well thats what we have storyboard for, right? 12:31:26 wasn't my initial impression of storyboard, but sure, I guess we could use it for that. 12:31:45 we have open stories -- which is a pretty manageable list right now 12:32:14 anyways -- if anyone has stories that are interested in -- lets start getting some specs in there. 12:32:26 stories and spec. 12:33:00 #topic anything else? 12:34:20 just as a note, redrobot and I are currently doing interop testing with thales and atos hsms in case anyone is interested -- using the pkcs11 plugin 12:35:05 if nothing else ... 12:35:08 i would tell mhen about it, i guess he might have a few questions - but he is not here right now 12:35:30 Luzi, cool - he can ping us anytime 12:35:42 that's good, thank you :) 12:36:01 ok ya'll - thanks for coming! till next week. 12:36:08 #endmeeting