15:01:24 #startmeeting barbican 15:01:24 Meeting started Mon Dec 16 15:01:24 2024 UTC and is due to finish in 60 minutes. The chair is xek. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:24 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:24 The meeting name has been set to 'barbican' 15:01:40 #topic Roll Call 15:01:50 Courtesy ping for dmendiza[m] ade_lee d34dh0r53 Luzi tosky tobias-urdin jjung mharley lpiwowar 15:01:57 As usual our agenda can be found here: 15:02:03 #link https://etherpad.openstack.org/p/barbican-weekly-meeting 15:03:33 hi 15:03:41 o/ 15:05:26 i have 2 questions for today :) i will wait for Q&A 15:05:41 would Doug join ? 15:06:25 I think so, he's in today 15:06:32 ok, let's go over the topics 15:06:43 #topic Review Past Meeting Action Items 15:07:02 #link https://meetings.opendev.org/meetings/barbican/2024/barbican.2024-12-09-15.01.html 15:07:02 There were none 15:07:06 #topic Liaison Updates 15:07:42 #note This will be our last meeting this year 15:08:30 #info This will be our last meeting this year 15:08:56 :) 15:09:10 #info also Jan 6th is a holiday here, so I won't be around 15:09:35 #topic Open Discussion 15:10:42 dmendizaI see the fix for httpx didn't go anywhere this week https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/937366 15:11:01 So let's make theese jobs non-voting 15:11:16 1. regarding https://review.opendev.org/c/openstack/barbican/+/933461 is it compatible with lower hsm firmware 7.3.3 ? i couldnt test this scenario since hsm firmware rollback is a destructive change 15:11:59 in production all hsm firmware are on 7.3.3, hence i will need to rollout this patch first and then upgrade the hsm firmware version to 7.7.1, right ? 15:12:22 What I heard is that dmendizais testing with older firmware, but I'm not sure which version 15:12:39 its been 3 weeks since Thales were informed regarding this change, but i had no information 15:13:03 i guess i need to wait for dmendiza[m] to comment on this then ? 15:13:17 It might be an even older version that he tested 15:14:11 oh ok ok, if rollback was not a destructive change, i would have gone ahead upgrading production but this isnt the case 15:15:00 yeah, you should wait for his comment on this 15:15:11 2. whats the best way to support multi-tenancy in barbican with HSM backend ? i see we support 1 secretstore type each but we cannot have multiple secretstores of the same type, correct ? 15:15:32 i dont think there is an option to create secret stores manually as well ? 15:16:15 if multiple secret stores are present, we can then use the secret store api to set the preferred secretstore for the project 15:20:33 would there be any security concerns in this approach ? 15:22:49 beyond the fact that it's not tested I can't think of any 15:23:22 okay, would Doug reply to mails ? or has Christmas celebrations started early :) 15:23:45 He might just have a busy morning today :) 15:24:58 ah ok, i will ask again in the next meeting then! 15:26:51 ok, let's finish up 15:27:02 #topic Bug Review 15:27:14 There were no new bugs reported since our last meeting 15:27:46 That's it for today, Happy Holidays! 15:28:03 #endmeeting