15:00:35 <bnemec> #startmeeting oslo 15:00:35 <bnemec> Courtesy ping for bnemec, smcginnis, moguimar, johnsom, stephenfin, bcafarel, kgiusti, jungleboyj 15:00:35 <bnemec> #link https://wiki.openstack.org/wiki/Meetings/Oslo#Agenda_for_Next_Meeting 15:00:36 <openstack> Meeting started Mon Sep 21 15:00:35 2020 UTC and is due to finish in 60 minutes. The chair is bnemec. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:37 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:39 <openstack> The meeting name has been set to 'oslo' 15:00:44 <hberaud> o/ 15:00:45 <moguimar> o/ 15:00:47 <smcginnis> o/ 15:00:53 <kgiusti> o/ 15:01:55 <johnsom> o/ 15:03:43 <bnemec> #topic Red flags for/from liaisons 15:03:50 <moguimar> none from Barbican 15:04:21 <smcginnis> I don't see Jay yet - none from Cinder that I'm aware of. 15:04:23 <bnemec> Hopefully everything is quiet. I don't think we released anything last week. 15:04:40 <smcginnis> Hopefully it will be quiet for a few weeks yet. 15:04:52 <hberaud> :) 15:05:00 <johnsom> Nothing from Octavia 15:05:00 * bnemec crosses fingers 15:06:25 <bnemec> #topic Releases 15:06:32 <bnemec> As I mentioned, not much going on here either. 15:06:50 <bnemec> If all goes well we won't have to release victoria between now and when it ships. 15:07:57 <bnemec> #topic Action items from last meeting 15:08:02 <bnemec> "bnemec send ptg planning email" 15:08:04 <bnemec> Done 15:08:11 <bnemec> "backport https://review.opendev.org/#/c/719876/" 15:08:30 <bnemec> Also done 15:08:41 <bnemec> "Switch oslo.utils to wallaby test template" 15:08:50 <bnemec> I believe smcginnis took care of that. Thanks! 15:09:25 <bnemec> That's it for action items. 15:09:29 <bnemec> #topic PTG/Forum Planning 15:09:35 <bnemec> #link https://etherpad.opendev.org/p/oslo-wallaby-topics 15:10:15 <smcginnis> bnemec: We should have that template updated now every time we branch. 15:10:20 <bnemec> Just a reminder that the etherpad is out there. If there's anything we should discuss "face-to-face" then please add it to the list. 15:10:48 <bnemec> smcginnis: Yeah, IIRC you said it didn't happen this time because we didn't get the victoria one merged in time. 15:11:02 <smcginnis> Ah, right! 15:11:31 <bnemec> Which was because of a legitimate breakage, so hopefully not a regular occurrence. :-) 15:11:43 <smcginnis> (fingers crossed) 15:13:01 <bnemec> On the etherpad there's already a retrospective topic, so please fill that in with any thoughts you have on how the cycle went. 15:13:56 <bnemec> At some point we should probably discuss whether we want to do a project update too. 15:14:03 <bnemec> However, that kind of leads me into the next topic... 15:14:08 <bnemec> #topic PTL election season 15:14:33 <bnemec> Once again, I don't intend to continue as PTL. 15:15:03 <bnemec> Especially as of late, my non-OpenStack responsibilities have been sucking up a lot of time. That situation will probably get worse as time goes on. 15:15:49 <bnemec> I'm still not planning to disappear completely or anything, but it would be good to have someone leading Oslo that is a little more in touch with what's going on. 15:16:34 <bnemec> So, if you're interested in the position, start preparing your nomination email now. :-) 15:18:17 <bnemec> #topic Weekly Wayward Review 15:18:38 <bnemec> #link https://review.opendev.org/#/c/725938/ 15:19:31 <bnemec> hberaud: This is one of yours. I left a few comments that would be nice to address before merging. 15:19:44 <hberaud> bnemec: ack I'll take a look, thanks 15:20:05 <bnemec> Particularly the copyright and option name one. 15:20:14 <hberaud> ack 15:20:33 <bnemec> hberaud: Thanks, I'll WIP it for now. 15:20:42 <hberaud> ok 15:20:53 <hberaud> #link https://review.opendev.org/#/c/746723/ 15:21:40 <hberaud> if some of you could take a look to this one too ^^^ 15:21:41 <moguimar> I added myself to the reviewers 15:21:54 <bnemec> Crud, I never came back to that, did I? 15:22:20 <hberaud> bnemec: yes 15:24:11 <openstackgerrit> Hervé Beraud proposed openstack/oslo.config master: Allow HostAddressOpt to accept undercore - RFC1033 https://review.opendev.org/746723 15:24:11 <bnemec> Okay, I'll take a look at that when we're done here. 15:24:23 <hberaud> thanks 15:25:52 <bnemec> #topic Open discussion 15:26:03 <bnemec> That's it for the agenda. Anything else to discuss this week? 15:26:04 <moguimar> we need tributes to review pre-commit patches 15:26:23 <moguimar> https://review.opendev.org/#/q/topic:oslo-pre-commit+(status:open+OR+status:merged) 15:26:51 <moguimar> my inbox is full of those, and more than half of them are ready to go 15:27:06 <moguimar> thanks for the hard work there hberaud o/ 15:27:29 <hberaud> thanks, my pleasure 15:28:16 <hberaud> I need to re-take a look to some of these 15:28:25 <hberaud> whose in failure 15:28:44 <bnemec> #action merge pre-commit patches 15:28:48 <moguimar> all -2 are gone 15:29:03 <moguimar> so it means that all have been updated to our last proposal of pre-commits 15:29:07 <hberaud> s/whose/those/ 15:29:26 <moguimar> so now we just need to please the gate god 15:29:52 * hberaud start to slaughter a chicken 15:30:14 <bnemec> This is the second time in a week that someone has offered chickens to the ci gods. :-) 15:30:25 <moguimar> xD 15:30:25 <hberaud> poor chickens 15:30:34 <bnemec> Fair warning: I don't think it worked last time. :-P 15:31:01 <hberaud> you broke my dreams 15:31:08 <moguimar> you should sacrifice an empty floppy disk 15:31:49 <hberaud> my laptop even doesn't have CDROM reader 15:32:12 <moguimar> if it doesn't work, a floppy disk that hasn't been backed up yet 15:32:29 <bnemec> lol 15:32:31 <hberaud> lol 15:32:47 <bnemec> Floppies were such a terrible storage medium. 15:33:24 <moguimar> I used to cross my fingers everytime I was copying something out of them 15:33:34 <moguimar> back to the PC 15:33:34 <hberaud> hahaha 15:34:07 <moguimar> I was like 12-ish 15:34:26 <hberaud> :) 15:34:32 <moguimar> last milenium 15:34:46 <JayF> I have a bit of a question, if open discussion is extra-open now :D. o/ for those who don't know me, I've worked on Ironic for a while and manage it at Verizon Media. 15:35:01 <bnemec> o/ JayF 15:35:05 <hberaud> JayF: o/ 15:35:32 <moguimar> o/ 15:35:54 <JayF> I was going to file an RFE about getting support for SAN-name checking in the ssl socket wrapper in oslo.service -- primary use case: requiring client certificates with specific SAN names for clients connecting to the Ironic Python Agent (which uses oslo.service wsgi server) 15:36:44 <JayF> Just curious if that held any general interest for you all, or if anyone is likely to vehemently oppose it. Barring any objections, I'd expect to put up an RFE soon and work on it sometime soon (think weeks, not days). 15:36:48 <moguimar> what happens right now if you try a SAN-name? 15:36:55 <hberaud> seems a good things 15:37:13 <JayF> SAN name is just a field in a client cert 15:37:25 <JayF> today; oslo.service supports ensuring that cert is signed by a specific CA 15:37:46 <JayF> but there's no way to say "signed by the CA, and SAN is 'my-trusted-server.example.com'" 15:38:08 <moguimar> I see 15:38:32 <moguimar> sounds ok 15:38:44 <moguimar> count me in for reviews 15:39:19 <hberaud> +1 15:39:25 <JayF> Thanks! Like I said, no promise on timeline -- but it's something I wanted to ensure there was general interest in upstream, and will do that code here. All part of a project to enhance TLS server support in IPA. 15:39:49 <bnemec> I will admit I don't entirely understand what you gain from checking that, but I'm no security expert so I wouldn't block it if there's a need. 15:40:14 <JayF> So let me give you a concrete example: we have a corporate-wide certificate issuing system 15:40:28 <JayF> currently, we have IPA checking that it has any-valid-cert from that system 15:40:45 <JayF> instead, we want to limit it to any-valid-cert /that an Ironic Conductor would hold/ 15:40:59 <JayF> it's essentially imparting some authorization logic on what's primarily used for only authentication today 15:41:35 <JayF> IPA's API is generally minimally or unauthenticated, so adding this is a helpful security addition; especially for deployers who are not using dedicated provisioning/cleaning networks in Ironic to isolate nodes when the agent is running. 15:41:47 <bnemec> Ah, I think I see. It's the combination of the cert being valid and the name being correct, not one or the other. 15:42:15 <bnemec> You couldn't spoof an invalid SAN because you wouldn't have access to the cert issuing system. 15:42:18 <JayF> Exactly. 15:42:27 <hberaud> I don't think it can hurt 15:42:44 <JayF> I suspect the use case for it, with IPA at least, is minimal, but I could see other users of oslo.service seeing a benefit 15:42:51 <bnemec> Yeah, that sounds totally reasonable to add. 15:43:02 <JayF> and frankly, it's just nicer to contribute stuff like that upstream so I don't have to hold a patched library forever :D 15:43:11 <hberaud> :) 15:43:18 <bnemec> +1000 15:44:12 <bnemec> We don't want people to feel the need to have downstream forks of stuff. 15:44:48 <bnemec> Sounds like we're all in agreement on this. 15:44:53 <bnemec> Anything else before we call it a meeting? 15:45:02 <hberaud> nope 15:46:18 <JayF> Thanks! I'll be sure to link the relevant story (you all use storyboard, I presume?) and code as it gets written in here for review. And feel free to ping if you ever have an Ironic question :) 15:46:46 <bnemec> JayF: We don't use storyboard. We're still on launchpad. 15:46:56 <JayF> ack, I can do that 15:47:37 <bnemec> I'd probably advocate for just a wishlist bug, unless there ends up being significant design needed. 15:48:13 <JayF> that's what my plan was, this should be straightforward enough to not need a spec, at least by ironic standards 15:48:27 <bnemec> Agreed. 15:50:34 <bnemec> Okay, looks like we're done. 15:50:40 <bnemec> Thanks for joining, everyone! 15:50:43 <hberaud> bnemec: Thans 15:50:44 <bnemec> #endmeeting