#openstack-barbican log

13:00:12 <redrobot> #startmeeting barbican
13:00:13 <openstack> Meeting started Tue Dec  4 13:00:12 2018 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:14 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:16 <openstack> The meeting name has been set to 'barbican'
13:00:21 <redrobot> #topic Roll Call
13:00:59 <redrobot> Courtesy ping for Luzi lxkong moguimar rm_work xek
13:01:05 <redrobot> \o
13:01:07 <redrobot> o/
13:01:11 <redrobot> o/\o
13:01:11 <Luzi> o/
13:01:57 <redrobot> As per usual, our agenda is here:
13:01:59 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
13:02:19 <redrobot> And as usual there's nothing for today ... 😅
13:02:25 <redrobot> So we'll make it up as usual
13:03:36 <redrobot> We didn't have any action items last week ... so nothing to talk about there.
13:04:06 <redrobot> #topic HSM Support in TripleO
13:04:41 <redrobot> I'm not sure if you're aware, Luzi, but we've been working on getting support for a couple of HSMs in TripleO
13:04:55 <Luzi> that's nice
13:05:13 <Luzi> which one are you supporting?
13:05:35 <Luzi> or wanting to support
13:05:41 <redrobot> The first one we're working on is Thales
13:05:52 <redrobot> and we are also working on getting an ATOS one working as well
13:05:59 <redrobot> We have 3 patches for the Thales support
13:06:03 <redrobot> this one already merged:
13:06:05 <redrobot> #link https://review.openstack.org/#/c/608339/
13:06:22 <redrobot> These two still need reviews:
13:06:23 <redrobot> #link https://review.openstack.org/#/c/610629/
13:06:33 <redrobot> #link https://review.openstack.org/#/c/610634/
13:07:19 <redrobot> I'm also working on a patch for the Kolla project to get a new group added to the barbican user account inside the images.
13:07:40 <redrobot> We'll need it so that Barbican is able to talk to the Thales daemon that communicates with the HSM.
13:08:10 <redrobot> Luzi, I'm not sure about the specific models for those, but I can probably find out if you're curious.
13:08:36 <redrobot> We also got Yubico to send us a couple of YubiHSM 2s.
13:09:06 <redrobot> But their support for PKCS#11 is somewhat limited, and it won't work with our current PKCS#11 backend implementation.
13:09:37 <moguimar> o/
13:10:44 <Luzi> well it's certainly good to know, what HSMs are working with Barbican, and which ones doesn't right now
13:10:47 <Luzi> hi moguimar
13:11:46 <redrobot> The PKCS#11 plugin was originally written for the Safenet Luna SA (now Gemalto Network HSM).  I haven't tested it since I left Rackspace, but I expect it to still work.
13:12:26 <redrobot> I think it would be good to document which specific models have been tested.  We'll probably add it to the Barbican and/or TripleO docs as part of this effort.
13:12:44 <Luzi> it definitly works as we tested it with a gemalto HSM
13:13:09 <redrobot> Awesome! 😎
13:13:16 <redrobot> I'm glad we haven't broken anything, lol
13:16:15 <redrobot> OK, moving on
13:16:32 <redrobot> ...
13:17:02 <redrobot> #topic Reviews
13:17:05 <redrobot> #link https://tinyurl.com/yctfozgh
13:17:17 <redrobot> Just the usual weekly reminder to review things
13:18:40 <redrobot> ... and that's all the topics I can think of given the small amount of coffee I've consumed today.
13:18:54 <redrobot> Anything y'all want to talk about Luzi or moguimar ?
13:19:45 <moguimar> nope
13:20:26 <Luzi> not really
13:20:46 <redrobot> Alrighty, I think we can wrap it up for the meeting then.
13:20:51 <redrobot> Thanks for coming, guys!
13:20:58 <redrobot> #endmeeting