#openstack-oslo log

15:00:35 <bnemec> #startmeeting oslo
15:00:35 <bnemec> Courtesy ping for bnemec, smcginnis, moguimar, johnsom, stephenfin, bcafarel, kgiusti, jungleboyj
15:00:35 <bnemec> #link https://wiki.openstack.org/wiki/Meetings/Oslo#Agenda_for_Next_Meeting
15:00:36 <openstack> Meeting started Mon Sep 21 15:00:35 2020 UTC and is due to finish in 60 minutes.  The chair is bnemec. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:37 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:39 <openstack> The meeting name has been set to 'oslo'
15:00:44 <hberaud> o/
15:00:45 <moguimar> o/
15:00:47 <smcginnis> o/
15:00:53 <kgiusti> o/
15:01:55 <johnsom> o/
15:03:43 <bnemec> #topic Red flags for/from liaisons
15:03:50 <moguimar> none from Barbican
15:04:21 <smcginnis> I don't see Jay yet - none from Cinder that I'm aware of.
15:04:23 <bnemec> Hopefully everything is quiet. I don't think we released anything last week.
15:04:40 <smcginnis> Hopefully it will be quiet for a few weeks yet.
15:04:52 <hberaud> :)
15:05:00 <johnsom> Nothing from Octavia
15:05:00 * bnemec crosses fingers
15:06:25 <bnemec> #topic Releases
15:06:32 <bnemec> As I mentioned, not much going on here either.
15:06:50 <bnemec> If all goes well we won't have to release victoria between now and when it ships.
15:07:57 <bnemec> #topic Action items from last meeting
15:08:02 <bnemec> "bnemec send ptg planning email"
15:08:04 <bnemec> Done
15:08:11 <bnemec> "backport https://review.opendev.org/#/c/719876/"
15:08:30 <bnemec> Also done
15:08:41 <bnemec> "Switch oslo.utils to wallaby test template"
15:08:50 <bnemec> I believe smcginnis took care of that. Thanks!
15:09:25 <bnemec> That's it for action items.
15:09:29 <bnemec> #topic PTG/Forum Planning
15:09:35 <bnemec> #link https://etherpad.opendev.org/p/oslo-wallaby-topics
15:10:15 <smcginnis> bnemec: We should have that template updated now every time we branch.
15:10:20 <bnemec> Just a reminder that the etherpad is out there. If there's anything we should discuss "face-to-face" then please add it to the list.
15:10:48 <bnemec> smcginnis: Yeah, IIRC you said it didn't happen this time because we didn't get the victoria one merged in time.
15:11:02 <smcginnis> Ah, right!
15:11:31 <bnemec> Which was because of a legitimate breakage, so hopefully not a regular occurrence. :-)
15:11:43 <smcginnis> (fingers crossed)
15:13:01 <bnemec> On the etherpad there's already a retrospective topic, so please fill that in with any thoughts you have on how the cycle went.
15:13:56 <bnemec> At some point we should probably discuss whether we want to do a project update too.
15:14:03 <bnemec> However, that kind of leads me into the next topic...
15:14:08 <bnemec> #topic  PTL election season
15:14:33 <bnemec> Once again, I don't intend to continue as PTL.
15:15:03 <bnemec> Especially as of late, my non-OpenStack responsibilities have been sucking up a lot of time. That situation will probably get worse as time goes on.
15:15:49 <bnemec> I'm still not planning to disappear completely or anything, but it would be good to have someone leading Oslo that is a little more in touch with what's going on.
15:16:34 <bnemec> So, if you're interested in the position, start preparing your nomination email now. :-)
15:18:17 <bnemec> #topic Weekly Wayward Review
15:18:38 <bnemec> #link https://review.opendev.org/#/c/725938/
15:19:31 <bnemec> hberaud: This is one of yours. I left a few comments that would be nice to address before merging.
15:19:44 <hberaud> bnemec: ack I'll take a look, thanks
15:20:05 <bnemec> Particularly the copyright and option name one.
15:20:14 <hberaud> ack
15:20:33 <bnemec> hberaud: Thanks, I'll WIP it for now.
15:20:42 <hberaud> ok
15:20:53 <hberaud> #link https://review.opendev.org/#/c/746723/
15:21:40 <hberaud> if some of you could take a look to this one too ^^^
15:21:41 <moguimar> I added myself to the reviewers
15:21:54 <bnemec> Crud, I never came back to that, did I?
15:22:20 <hberaud> bnemec: yes
15:24:11 <openstackgerrit> Hervé Beraud proposed openstack/oslo.config master: Allow HostAddressOpt to accept undercore - RFC1033  https://review.opendev.org/746723
15:24:11 <bnemec> Okay, I'll take a look at that when we're done here.
15:24:23 <hberaud> thanks
15:25:52 <bnemec> #topic Open discussion
15:26:03 <bnemec> That's it for the agenda. Anything else to discuss this week?
15:26:04 <moguimar> we need tributes to review pre-commit patches
15:26:23 <moguimar> https://review.opendev.org/#/q/topic:oslo-pre-commit+(status:open+OR+status:merged)
15:26:51 <moguimar> my inbox is full of those, and more than half of them are ready to go
15:27:06 <moguimar> thanks for the hard work there hberaud o/
15:27:29 <hberaud> thanks, my pleasure
15:28:16 <hberaud> I need to re-take a look to some of these
15:28:25 <hberaud> whose in failure
15:28:44 <bnemec> #action merge pre-commit patches
15:28:48 <moguimar> all -2 are gone
15:29:03 <moguimar> so it means that all have been updated to our last proposal of pre-commits
15:29:07 <hberaud> s/whose/those/
15:29:26 <moguimar> so now we just need to please the gate god
15:29:52 * hberaud start to slaughter a chicken
15:30:14 <bnemec> This is the second time in a week that someone has offered chickens to the ci gods. :-)
15:30:25 <moguimar> xD
15:30:25 <hberaud> poor chickens
15:30:34 <bnemec> Fair warning: I don't think it worked last time. :-P
15:31:01 <hberaud> you broke my dreams
15:31:08 <moguimar> you should sacrifice an empty floppy disk
15:31:49 <hberaud> my laptop even doesn't have CDROM reader
15:32:12 <moguimar> if it doesn't work, a floppy disk that hasn't been backed up yet
15:32:29 <bnemec> lol
15:32:31 <hberaud> lol
15:32:47 <bnemec> Floppies were such a terrible storage medium.
15:33:24 <moguimar> I used to cross my fingers everytime I was copying something out of them
15:33:34 <moguimar> back to the PC
15:33:34 <hberaud> hahaha
15:34:07 <moguimar> I was like 12-ish
15:34:26 <hberaud> :)
15:34:32 <moguimar> last milenium
15:34:46 <JayF> I have a bit of a question, if open discussion is extra-open now :D. o/ for those who don't know me, I've worked on Ironic for a while and manage it at Verizon Media.
15:35:01 <bnemec> o/ JayF
15:35:05 <hberaud> JayF: o/
15:35:32 <moguimar> o/
15:35:54 <JayF> I was going to file an RFE about getting support for SAN-name checking in the ssl socket wrapper in oslo.service -- primary use case: requiring client certificates with specific SAN names for clients connecting to the Ironic Python Agent (which uses oslo.service wsgi server)
15:36:44 <JayF> Just curious if that held  any general interest for you all, or if anyone is likely to vehemently oppose it. Barring any objections, I'd expect to put up an RFE soon and work on it sometime soon (think weeks, not days).
15:36:48 <moguimar> what happens right now if you try a SAN-name?
15:36:55 <hberaud> seems a good things
15:37:13 <JayF> SAN name is just a field in a client cert
15:37:25 <JayF> today; oslo.service supports ensuring that cert is signed by a specific CA
15:37:46 <JayF> but there's no way to say "signed by the CA, and SAN is 'my-trusted-server.example.com'"
15:38:08 <moguimar> I see
15:38:32 <moguimar> sounds ok
15:38:44 <moguimar> count me in for reviews
15:39:19 <hberaud> +1
15:39:25 <JayF> Thanks! Like I said, no promise on timeline -- but it's something I wanted to ensure there was general interest in upstream, and will do that code here. All part of a project to enhance TLS server support in IPA.
15:39:49 <bnemec> I will admit I don't entirely understand what you gain from checking that, but I'm no security expert so I wouldn't block it if there's a need.
15:40:14 <JayF> So let me give you a concrete example: we have a corporate-wide certificate issuing system
15:40:28 <JayF> currently, we have IPA checking that it has any-valid-cert from that system
15:40:45 <JayF> instead, we want to limit it to any-valid-cert /that an Ironic Conductor would hold/
15:40:59 <JayF> it's essentially imparting some authorization logic on what's primarily used for only authentication today
15:41:35 <JayF> IPA's API is generally minimally or unauthenticated, so adding this is a helpful security addition; especially for deployers who are not using dedicated provisioning/cleaning networks in Ironic to isolate nodes when the agent is running.
15:41:47 <bnemec> Ah, I think I see. It's the combination of the cert being valid and the name being correct, not one or the other.
15:42:15 <bnemec> You couldn't spoof an invalid SAN because you wouldn't have access to the cert issuing system.
15:42:18 <JayF> Exactly.
15:42:27 <hberaud> I don't think it can hurt
15:42:44 <JayF> I suspect the use case for it, with IPA at least, is minimal, but I could see other users of oslo.service seeing a benefit
15:42:51 <bnemec> Yeah, that sounds totally reasonable to add.
15:43:02 <JayF> and frankly, it's just nicer to contribute stuff like that upstream so I don't have to hold a patched library forever :D
15:43:11 <hberaud> :)
15:43:18 <bnemec> +1000
15:44:12 <bnemec> We don't want people to feel the need to have downstream forks of stuff.
15:44:48 <bnemec> Sounds like we're all in agreement on this.
15:44:53 <bnemec> Anything else before we call it a meeting?
15:45:02 <hberaud> nope
15:46:18 <JayF> Thanks! I'll be sure to link the relevant story (you all use storyboard, I presume?) and code as it gets written in here for review. And feel free to ping if you ever have an Ironic question :)
15:46:46 <bnemec> JayF: We don't use storyboard. We're still on launchpad.
15:46:56 <JayF> ack, I can do that
15:47:37 <bnemec> I'd probably advocate for just a wishlist bug, unless there ends up being significant design needed.
15:48:13 <JayF> that's what my plan was, this should be straightforward enough to not need a spec, at least by ironic standards
15:48:27 <bnemec> Agreed.
15:50:34 <bnemec> Okay, looks like we're done.
15:50:40 <bnemec> Thanks for joining, everyone!
15:50:43 <hberaud> bnemec: Thans
15:50:44 <bnemec> #endmeeting