15:00:02 #startmeeting oslo-config-plaintext-secrets 15:00:03 Meeting started Tue May 8 15:00:02 2018 UTC and is due to finish in 60 minutes. The chair is raildo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:04 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:07 The meeting name has been set to 'oslo_config_plaintext_secrets' 15:00:13 #link https://etherpad.openstack.org/p/oslo-config-plaintext-secrets 15:00:58 o/ 15:01:04 hey folks :) 15:01:06 o/ 15:02:40 do we have moguimar and dhellmann among us? 15:02:46 dhellmann, courtesy ping 15:02:47 o/ 15:03:12 I'm not sure about moguimar =/ but let's start it 15:03:28 #topic rocky-2 deadline 15:04:02 so, just to be aware that rocky-2 milestone will be something between Jun 04 - Jun 08 15:04:10 o/ 15:04:35 so, we have like 1 month to make as much progress as we can, to make worth ask for some feature freeze for rocky-3 15:04:43 hey bnemec :) 15:04:55 i think thats possible 15:05:47 #topic spec with next steps 15:05:52 #link https://review.openstack.org/#/c/474304/ 15:06:00 I'm a little less optimistic, based on the current rate of progress, but I will keep helping with reviews 15:06:30 dhellmann, ++ I'm quite unsure as well, that's why I'm raising this "warning" right now 15:06:43 I have to admit I'm pretty uncomfortable with the idea of granting an FFE for this too. 15:06:51 so we can see if we can improve the priority on this stuff 15:07:05 It's a fairly significant change to a fundamental piece of OpenStack. 15:07:39 We had discussed in Dublin that we wanted to get it in as early as possible in the cycle to give everyone a chance to tease out any non-obvious bugs. 15:07:59 * dhellmann nods 15:08:53 That said, I'm happy to help push this along any way I can. If we can get it done early enough that would be great. 15:09:04 bnemec, makes sense, so let's keep working to have as much as we can about that on Rocky, and we figure out which will be missing for S release(I don't know the next release name) 15:09:07 I know it's a feature people have been asking for a long time. 15:09:15 raildo: Sounds good. 15:09:28 Next release is Stein, FTR. 15:09:56 bnemec, yeah, I don't want to "force" a code to be merged, but want to have this done asap :) 15:10:09 Yep, understood. 15:11:00 bnemec, dhellmann, spilla so, for Rocky, at least we can have an agreement about the next steps after the oslo.config driver: https://review.openstack.org/#/c/474304/9 15:11:13 maybe already target that for Stein 15:11:26 yes, let's work out those details 15:11:36 yep, ive been catching up on that and will review 15:11:43 I'm glad to see that back in the oslo-specs repo 15:11:55 but anyway, I updated that spec, reviews are welcome :) 15:12:08 we want to be careful with how we set up the definition of done for that one 15:12:24 Thanks. It would be good to get the spec finalized since we've already started the implementation. 15:12:26 dhellmann, yeah, sorry about the misunderstand on that 15:12:37 we can encourage other teams to adopt the work, but the Oslo team can't require them to use this feature 15:13:13 Will there be additional work needed from other teams? 15:13:21 so the stuff about working on ansible roles or puppet modules shouldn't be blocking work in the libraries 15:13:24 Other than the deployment tools, I guess. 15:13:25 dhellmann, actually, I already spoke with some folks on Mistral and Tripleo they really want to use this feature, as soon as they can 15:13:38 Ah, we're talking about deployment tools. Okay. :-) 15:13:40 raildo : ok, that's good. maybe we can add that to the spec 15:13:52 we used to have a section for "early adopters" in one of the templates 15:14:01 dhellmann, ++ I'll do that 15:14:07 Yeah, I think that was the new library template. 15:14:08 what work does the mistral team need to do? 15:14:19 bnemec : yeah, that's what I'm thinking of, thanks 15:14:32 Mistral is the TripleO API, essentially. 15:14:59 ah 15:15:03 dhellmann, currently, they have some passwords in the workflow templates, and they're pushing this templates to be in logs 15:15:24 so, at some point will be useful to remove this plaintext secrets in the logs files 15:15:37 it would be useful to understand what other sorts of tools would make it easier for them to start using the castellan driver 15:15:51 something has to coordinate mapping secret id values to configuration settings 15:16:32 dhellmann, yeah, we had some discussions about that in the last PTGs, but would be great have some meeting with tripleo/mistral/oslo/castellan folks to sync all of that 15:16:50 well, let's start by writing down whatever was already said and put it into the spec 15:17:01 agreed 15:17:10 then we'll all be able to start that joint conversation from the same basic set of information and we can work from there 15:17:48 regarding the thing about the openstack-specs repo vs. oslo-specs, we're trying something new this cycle with the keystone team owning a spec to define common roles across all services 15:17:54 we can treat this one in a similar way 15:17:58 #action raildo update the spec https://review.openstack.org/#/c/474304 with Tripleo/Mistral early adopters' reasons 15:18:20 the oslo team would be responsible for describing how the feature would work from end-to-end, but we'd want to be pretty general about the description when it comes to what the deployment tools do 15:18:40 dhellmann, yeah, I was following this spec, that why I thought that would be good for this case, to follow the same pattern 15:18:46 so rather than being detailed about puppet modules there, we would just talk about the steps those modules need to take and what oslo tools they could use to do it 15:18:57 bnemec : how does that sound? 15:19:30 Yep, that's pretty much what I was getting at with my review comments on the spec. 15:19:41 ok, good 15:20:25 I don't want the spec to be tool-specific, but we'll need to figure out what they deployment tools need to do in order to use this. 15:20:29 so the spec needs more of those details about how the new feature will be used, and then we need to have some of the deployment tool teams look at the proposal and decide if it's going to work for them 15:21:24 #action raildo add more details about how the feature will be used 15:21:29 like, we need to say that we expect a service using the castellan driver to be configured with a separate file that maps configuration option names to secret IDs, what format the file will be, where someone might get those secret ID values, where someone would get the configuration option names, etc. 15:22:00 do we, for example, want an option on the config generator that will scan a service and dump any options marked as secret, so the user knows what they all are? 15:23:20 good question, that might be useful for this Mistral use case 15:23:26 and maybe we should talk through the workflow for upgrading a system that doesn't have this capability to one that does, so that we make sure we hit all of the use cases involved with that process 15:23:58 I'll try to use my ignorance of how all of these tools work to ask good questions on the review. :-) 15:24:57 dhellmann, please do, and I'll also get some ppl from deployment tools side to put some eyes on it 15:25:16 yes, definitely, we need to get someone from those teams to commit to helping design all of this 15:26:05 #topic Open Discussion 15:26:15 anything else? 15:26:52 I think I'm going to have some time tuesday afternoon at the summit if folks want to find a table to sit down and hack on this together 15:28:04 Tuesday at 3:30 is the Oslo project onboarding now. 15:28:09 im giving a lightning talk at 1:50 but i should have some time outside then 15:28:11 But other than that I should be pretty free. 15:28:22 bnemec : ah, I missed that change 15:28:33 Yeah, we swapped with infra because they had a conflict. 15:28:37 well, let's see if we can find some other time 15:28:52 unfortunately, I wont be able to join this summit, but I appreciate any feedback that you guys can catch about this 15:29:14 ack 15:30:03 so, have a good week everyone 15:30:10 #endmeeting