17:00:10 <tmcpeak> #startmeeting security
17:00:11 <openstack> Meeting started Thu Sep 10 17:00:10 2015 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:16 <openstack> The meeting name has been set to 'security'
17:00:19 <tmcpeak> #chair hyakuhei
17:00:23 <openstack> Warning: Nick not in channel: hyakuhei
17:00:24 <openstack> Current chairs: hyakuhei tmcpeak
17:00:28 <elmiko> o/
17:00:37 <tmcpeak> wassup e'rybody
17:00:43 <tmcpeak> I'll give a few minutes for people to trickle in
17:00:51 * bknudson o/
17:00:52 <tkelsey> o/
17:00:57 <jian5397> o/
17:01:09 <redrobot> o/
17:01:18 <tmcpeak> good to see you all
17:01:28 <tmcpeak> hope you've recovered from your travels back from midcycle for those who went
17:01:41 <tmcpeak> hyakuhei might be out saving lives (literally)
17:01:44 <michaelxin> will try to multitask for another meeting. sorry in advance.
17:01:53 <browne> hi
17:01:54 <tmcpeak> so he's asked me to run today
17:02:16 <hyakuhei> o/
17:02:18 <tmcpeak> ahh speak of the devil
17:02:21 <tmcpeak> want to run it Mr. Rob?
17:02:27 <tmcpeak> I've added you as a chair already
17:02:32 * hyakuhei just got through the door from a lifeboat shout.
17:02:41 <tmcpeak> you're efficient
17:02:47 <hyakuhei> Can you take the first 5 minutes please? I need to cool off hehe
17:02:51 <tmcpeak> sure, wlll do
17:02:54 <hyakuhei> Danke
17:02:54 <tmcpeak> ok
17:02:54 <bknudson> more refugees?
17:03:02 <tmcpeak> #topic Midcycle Recap
17:03:07 <hyakuhei> bknudson: drunk students.
17:03:11 <tmcpeak> we got a lot done last week
17:03:17 <dave-mccowan> o/
17:03:20 <tmcpeak> tons of work on Anchor, Bandit, and other projects
17:03:37 <tmcpeak> I'd like to do a small recap of each activity for those that weren't there and try to assemble next steps to make sure we don't lose momentum
17:03:45 <tmcpeak> elmiko: care to start with our architecture overview?
17:03:51 <elmiko> sure
17:04:19 <elmiko> we discussed, at some length, the ideas surrounding secure comms between the control plane(also known as under-cloud) and the tenant space
17:04:46 <elmiko> the results of our discussion are an architecture around passing credentials to nodes in the tenent
17:05:01 <tmcpeak> elmiko: did we end up formalizing and posting that anywhere?
17:05:05 <elmiko> the architecture addresses a privilege dropping scheme
17:05:13 <elmiko> tmcpeak: working on that
17:05:18 <tmcpeak> awesome
17:05:26 <tmcpeak> seems like a good devstack post at least, maybe BP coming?
17:05:55 <elmiko> the priv. drop scheme will, hopefully, create a nice way for projects to have their nodes in tenant space gain the creds necessary to perform actions on cloud resources (such as swift(
17:06:11 <tmcpeak> cool, yeah, seemed promising
17:06:14 <elmiko> this also roles in some interesting ideas about endpoint access as well
17:06:30 <elmiko> i am working on a formalized writeup in a spec-ish format for us to bat around
17:06:31 <tmcpeak> for those that weren't there and are interested we'll have a formal writeup from this and some diagrams to better illustrate
17:06:42 <elmiko> i'm also gonna do a poc with sahara as the target
17:06:46 <tmcpeak> perfect
17:06:52 <michaelxin> tmcpeak: cool. Thanks.
17:07:03 <tmcpeak> elmiko: we'll look forward to that
17:07:15 <elmiko> we should probaby talk more at the summit as well, but hopefully we'll have something formal to talk about and a poc to demo
17:07:16 <hyakuhei> elmiko: thank you so much for looking into this
17:07:19 <bknudson> we'll need a summit session
17:07:20 <hyakuhei> and doing the documentation
17:07:28 <tmcpeak> hyakuhei: +1
17:07:37 <tmcpeak> this seems really useful
17:07:48 <elmiko> hyakuhei: np, thinking about the docs has actually surfaced new questions for me. so it will be nice to rip it apart =)
17:07:59 <hyakuhei> So I think we came up with some nice ideas. I love the idea of working on a poc
17:08:05 <bknudson> will they have lightning talks? maybe a good place for a demo
17:08:12 <tmcpeak> bknudson: +1
17:08:14 <hyakuhei> I’m planning to have a fishbowl on this auth stuff
17:08:27 <elmiko> cool
17:08:39 <tmcpeak> hyakuhei: you cooled off? want to talk about anchor progress?
17:08:44 <bknudson> maybe combine with a(nother) dynamic policies
17:08:53 <hyakuhei> Yeah happy to
17:08:54 <bknudson> dynamic policies discussion
17:09:04 <elmiko> bknudson: +1
17:09:04 <bknudson> although that might be too much for 1 room.
17:09:11 <hyakuhei> cool off also equals do all the things I was supposed to do but couldn’t because I was on a lifeboat rescuing drunk people :P
17:09:23 <hyakuhei> #topic Anchor
17:09:35 <hyakuhei> Finally tagged with a version pre-api breaking changes being accepted
17:09:48 <hyakuhei> I also created some docker containers to make spinning up test instances a bit easier
17:09:53 <bknudson> next time bring a drone and post on youtube.
17:10:01 <hyakuhei> As this is what all the cool kids are doing
17:10:17 <elmiko> hyakuhei: is the container working well?
17:10:24 <hyakuhei> Seems to :)
17:10:31 <hyakuhei> https://review.openstack.org/#/c/221285/
17:10:38 <hyakuhei> I’d appreciate people kicking the tyres on that
17:10:54 <hyakuhei> if, unlike tmcpeak you could look the Readme first thatd be great ;)
17:11:13 <tmcpeak> haha
17:11:19 <dg___> hey, sorry Im late
17:12:03 <hyakuhei> In other news I created a docker org for openstack security
17:12:11 <hyakuhei> So if you want to be added ping me your username
17:12:50 <elmiko> nice
17:13:05 <tmcpeak> RTFM is actually useful sometimes ;)
17:13:19 <hyakuhei> It’s nice because it makes things look legit :P
17:13:34 <hyakuhei> #link https://review.openstack.org/#/c/221285/5/Dockerfile.anchorbase - topline
17:13:46 <hyakuhei> So I think that’s all I had on anchor - tkelsey ?
17:14:17 <hyakuhei> I guess that’s it then
17:14:22 <hyakuhei> #topic Bandit
17:14:33 <tmcpeak> tons of work done last week
17:15:01 <tmcpeak> largely around unit tests, tkelsey refactored result store, I wrote a little tool to automated upstream project checks
17:15:11 <tmcpeak> chair6 has added multi-threading
17:15:14 <tmcpeak> (in flight)
17:15:17 <elmiko> nice
17:15:21 <tmcpeak> ccneill has an output formatter done
17:15:26 <tmcpeak> well in review
17:15:31 <tmcpeak> I'm sure there's lots of stuff that I"m fogetting
17:15:32 <tkelsey> hey, sorry stepped away for a sec
17:15:41 <tmcpeak> elmiko, browne, chair6, tkelsey, bknudson, what else?
17:15:48 <tkelsey> so i posted to the ML about Bandit next steps etc
17:16:06 <hyakuhei> fyi I created a Bandit team under the “openstacksecurity” org if you guys want to consume some of the coolaid.
17:16:07 <tkelsey> pleas read and voice any thoughts there :) thanks
17:16:08 <bknudson> fixed a bunch of bugs
17:16:37 <browne> i had a question on bandit
17:16:45 <tmcpeak> browne: what's up?
17:16:49 <tkelsey> browne: ?
17:16:50 <browne> tox.ini shows it tests with pypy, but do we care about it?
17:16:58 <browne> and what version if we do?
17:17:36 <tkelsey> the Pypy tests come from copy n past of boilerplate tox code
17:17:38 <elmiko> yea, the pypy stuff always causes me trouble
17:18:00 <browne> ok, so are we cool if i remove it?
17:18:16 <tkelsey> I am ok with it
17:18:20 <tmcpeak> sounds good to me
17:18:22 <tkelsey> with removing it, that is
17:18:28 <browne> ok, cool
17:18:47 <browne> what about the crypto tracking?  how's that coming along?
17:19:00 <tkelsey> FYI: Bandit thread: #link http://lists.openstack.org/pipermail/openstack-dev/2015-September/073723.html
17:19:37 <tkelsey> browne: so the crypto stuff needs a report formatter, I'll start working on that soon, but have had no time
17:19:39 <tmcpeak> browne: good point, where did we get with that?
17:19:48 <chair6> i got distracted by concurrency :)
17:20:07 <tkelsey> yeah chair6 :) I spotted you did somthing for that, ill have to check it ou
17:20:10 <tkelsey> *out
17:20:22 <browne> ok, np.  just interested because i think it'll be very useful
17:20:33 <tkelsey> browne: +1
17:20:50 <tkelsey> im going to find time to work on it as well, just haven't managed yet
17:21:14 <tmcpeak> tkelsey: this post looks good
17:21:40 <tkelsey> tmcpeak: thanks, I invite people to follow up, so we have a more active showing on the list etc
17:21:46 <hyakuhei> Yeah good email
17:21:52 <tmcpeak> also it looks like severity filtering might be broken, git blame tkelsey? :)
17:22:11 <tkelsey> heh, probably my bad
17:22:20 <tkelsey> bug it and i'll go fix it
17:22:25 <tmcpeak> cool, will do
17:23:12 <tkelsey> chair6: do you want to talk about your concurrency stuff ?
17:23:45 <tkelsey> tmcpeak: I'll add in unit tests while fixing stuff as well
17:23:52 <tmcpeak> tkelsey: you the man
17:24:01 <tkelsey> not if i broke it :P
17:24:11 <tmcpeak> but you're fixing it and adding unit tests :)
17:24:27 <chair6> https://review.openstack.org/221861 is where the initial stab at multiprocessing is
17:24:39 <browne> we could really use unit tests of the manager.py
17:24:42 <chair6> take a look at the code and at the discussion, add your own thoughts :)
17:24:54 <tkelsey> browne: +1 and lots of other places :)
17:25:12 <tmcpeak> manager seems to be one of the big remaining areas
17:25:12 <tkelsey> chair6: will do! interesting stuff
17:25:20 <tmcpeak> chair6: nice simple approach
17:25:21 <tmcpeak> I like it
17:25:24 <browne> yeah, but manager.py is the big one.
17:26:09 <tmcpeak> that might be good on Bandit for now
17:26:11 <tmcpeak> ?
17:26:12 <tkelsey> ok, we should focus on that next then
17:26:45 <tmcpeak> I want to squawk about recruiting ;)
17:26:56 <tkelsey> im good for bandit stuff, chair6 looks like a tidy patch :)
17:27:07 <tkelsey> browne: I'll look at manager testing as well
17:27:26 <tmcpeak> thanks tkelsey
17:27:28 <browne> tkelsey: thanks.
17:27:34 <tmcpeak> since hyakuhei isn't stopping me, I'll squawk about recruiting
17:27:43 <tmcpeak> so we'd like to get some new membership for OSSG
17:27:44 <tkelsey> tmcpeak: +1
17:27:49 <tmcpeak> we have a lot of great projects in flight
17:27:57 <tmcpeak> but seems like we'll become spread thinly if we aren't already
17:28:08 <hyakuhei> Yeah - very thin
17:28:10 <tmcpeak> for example some of the agenda items at the midcycle we couldn't address and nobody was available to lead
17:28:26 <tmcpeak> I started OSSG with a talk bdpayne and nkinder were doing in the Bay
17:28:30 <tmcpeak> I'd like to get similar talks going again
17:28:43 <hyakuhei> +2
17:28:48 <tmcpeak> so we worked on a deck last week
17:28:50 <tmcpeak> think it's in fairly good shape
17:28:57 <tmcpeak> talks about OpenStack Security and all the related efforts
17:28:59 <hyakuhei> Yeah, needs a few tweaks still
17:29:07 <hyakuhei> Probably runs 10-15 minutes
17:29:31 <michaelxin> it looks good  now
17:29:32 <tmcpeak> is anybody who hasn't said so already interested in presenting locally?
17:29:55 <tmcpeak> so far we have bknudson will do one in wherever it is he lives ;)
17:30:04 <tmcpeak> hyakuhei and dg_ are going to do one in London'ish area
17:30:06 <tkelsey> dg___: got any info on the london one?
17:30:11 <tmcpeak> browne and I will do the bay
17:30:23 <michaelxin> I will do in San Antonio and Austin
17:30:24 <tmcpeak> michaelxin is going to do something in Texas somewheres
17:30:39 <bknudson> there's a minnesota meetup every once in a while
17:30:41 <hyakuhei> I was considering trying to piggyback some on local OWASP meetups etc
17:30:44 <bknudson> kyle mestery chairs it
17:31:01 <tmcpeak> also I should mention that we'll take a three pronged approach where possible 1) openstack meetup, 2) security focused meetup (like OWASP), 3) perhaps something for a security program in a university
17:31:06 <mestery> bknudson: Ack, would love to get folks there!
17:31:36 <tmcpeak> that's kind of where we got to
17:31:44 <tmcpeak> I want to make sure this does't get dropped though
17:32:00 <tmcpeak> some effort on our part here could boost our numbers meaningfully going forward
17:32:01 <michaelxin> I will use OWASP meet up first.
17:32:15 <tmcpeak> michaelxin: please let us know how it goes
17:32:16 <bknudson> mestery: at the last security group meetup we discussed doing an intro to openstack security group at meetups.
17:32:20 <hyakuhei> Excellent, thank you tmcpeak
17:32:23 <tkelsey> +1
17:32:31 <michaelxin> Should we track our presentations ?
17:32:40 <tmcpeak> michaelxin: yeah, definitely
17:32:41 <mestery> bknudson: That would be pretty epic! Would love to get that in at our Minnesota meetup
17:32:42 <hyakuhei> wikipage maybe?
17:33:08 <bknudson> mestery: great, we can discuss offline.
17:33:09 <tmcpeak> hyakuhei: sure or etherpad
17:33:13 <tmcpeak> I had one but I lost it
17:33:15 <mestery> bknudson: ack
17:33:17 <tmcpeak> should probably start a new one
17:33:17 <hyakuhei> hehe
17:33:45 <tmcpeak> let's use this:
17:33:48 <tmcpeak> #link https://etherpad.openstack.org/p/security-project-recruiting
17:33:54 <browne> so who will be first guinea pig for the presos?
17:34:24 <tmcpeak> browne: we'll have to do ours later
17:34:32 <tmcpeak> I'll be out of the bay until mid December
17:34:45 <browne> tmcpeak: np
17:35:04 <tmcpeak> oh forgot to mention chair6 and sicarie are doing Seattle :)
17:35:06 <michaelxin> I will try to do one for OWASP San Antonio in October since September is already booked.
17:35:12 <tmcpeak> michaelxin: great
17:35:17 <tmcpeak> meanwhile I'll continue to refine the deck
17:35:26 <tmcpeak> is there anybody that's interested that doesn't have access to the deck?
17:35:29 <michaelxin> Austin will have LASCON
17:35:32 <tmcpeak> PM me your google docs email addy
17:35:39 <michaelxin> We will try to present there too.
17:35:45 <hyakuhei> Any resemblence of the current recruitment deck to other HP decks is purely conincidental….
17:35:52 <tmcpeak> :P
17:35:58 <hyakuhei> As they’re almost certainly copyright...
17:36:01 <michaelxin> LASCON is next month.
17:36:03 <hyakuhei> So yeah, shiny and new :)
17:36:27 <tmcpeak> action items here?
17:36:33 <tmcpeak> want to make sure this doesn't stall out
17:36:41 <hyakuhei> Volunteer yourself, update the etherpad
17:36:44 <hyakuhei> refine the deck
17:36:57 <tmcpeak> michaelxin, browne, hyakuhei, dg_, chair6 can you each take a few minutes this week and try to refine the deck?
17:36:59 <tmcpeak> bknudson
17:36:59 <hyakuhei> Add non-HP content (none of the content is vendor specific but more authors is probably better)
17:37:03 <hyakuhei> tmcpeak: Sure
17:37:10 <dg___> tmcpeak sure
17:37:15 <michaelxin> tmcpeak: Got it.
17:37:19 <tmcpeak> awesome, thank you
17:37:20 <hyakuhei> Well, I’ll try, drunk people are making it hard for me today lol
17:37:34 <elmiko> lol
17:37:35 <browne> tmcpeak:  i'll try.  flying to Purdue tomorrow for a career fair event
17:37:39 <tmcpeak> I'm definitely going to get hammered and go boating when I visit UK this December
17:37:46 <elmiko> haha
17:37:52 <tmcpeak> and demand for hyakuhei to personally come save me
17:37:52 <tkelsey> lol
17:38:27 <tmcpeak> cool, so that's probably good for recruiting
17:38:35 <tmcpeak> michaelxin: summary for Syntribos?
17:38:50 <hyakuhei> Yeah that’d be cool
17:38:55 <michaelxin> I already updated that part
17:39:02 <michaelxin> for the slide
17:39:11 <tmcpeak> no I mean summarize on where we got during midcycle please
17:39:25 <michaelxin> ic
17:39:47 <michaelxin> I gave a demonstration to the group about its current function including different ways to fuzz
17:39:51 <michaelxin> how to run it.
17:40:01 <michaelxin> configuration and payloads.
17:40:07 <michaelxin> There are some good feedbacks.
17:40:11 <tmcpeak> I really enjoyed the demo
17:40:16 <tmcpeak> great work michaelxin and team
17:40:19 <michaelxin> Thanks.
17:40:24 <tmcpeak> did we identify concrete next steps to drive it forward?
17:40:30 <michaelxin> The group liked it and wanted me to move it to Stackforge.
17:40:36 <michaelxin> I already got the process started.
17:40:44 <tkelsey> michaelxin: +1
17:40:47 <tmcpeak> awesome!
17:40:52 <tkelsey> nice
17:40:54 <michaelxin> https://review.openstack.org/#/c/220351/
17:40:55 <elmiko> +1, syntribos demo was nice
17:41:04 <michaelxin> elmiko: tkelsey Thanks.
17:41:13 <tmcpeak> awesome
17:41:17 <michaelxin> At the same time, send me more feedbacks.
17:41:34 <tmcpeak> michaelxin: will do, it's on my queue of things to try to break things with Syntribos
17:41:46 <michaelxin> I will meet my team and give them update syntribos.
17:41:52 <tkelsey> michaelxin: looking forward to seeing it land :)
17:41:58 <michaelxin> tmcpeak: Thanks.
17:42:04 <tmcpeak> also we pretty much smashed through the OSSN queue :P
17:42:09 <hyakuhei> Yeah we did
17:42:15 <hyakuhei> Though there’s plenty waiting for late +2s
17:42:34 <tmcpeak> cool, anything we need to do there to get those through?
17:43:03 <hyakuhei> They need iterating through, making sure we’ve got project cores
17:43:03 <tmcpeak> who are our +2's? hyakuhei, sicarie, elmiko, and nkinder?
17:43:09 <hyakuhei> Yeah
17:43:47 <tmcpeak> cool, what's the best way to get those finished?
17:43:53 <elmiko> i'll take another pass through the open ones
17:43:57 <tmcpeak> better earlier while they're still fresh ;)
17:44:01 <hyakuhei> I’ll run through them tonight and badger people
17:44:07 <tmcpeak> perfect
17:44:09 <elmiko> i can't +2 my own though... ;)
17:44:22 <elmiko> well i can, but you know
17:44:24 <hyakuhei> elmiko: I’ve got you covered bro!
17:44:48 <elmiko> ^5 hyakuhei
17:45:02 <tmcpeak> awww
17:45:09 <hyakuhei> hehe
17:45:10 <tmcpeak> what a loving community
17:45:19 <michaelxin> tmcpeak: +1
17:45:51 <hyakuhei> #topic Any other business
17:46:22 <hyakuhei> I just want to say a massive thank you to everyone who’s helped and contributed to our work recently
17:46:28 <tmcpeak> hyakuhei: +1
17:46:32 <tkelsey> hyakuhei: +1
17:46:33 <michaelxin> hyakuhei: +1
17:46:42 <browne> hyakuhei:  +1
17:46:51 <tmcpeak> I'm always amazed how much we get done at these things
17:46:54 <hyakuhei> The Security project has so many cool activities running now, we’re generating great cotent, grokking the code, providing ways to encrypt many of the things etc. It’s awesome.
17:46:56 <tmcpeak> and it's always nice to meet face to face
17:47:03 <hyakuhei> +1
17:47:04 <tmcpeak> ++
17:47:14 <elmiko> hear hear, +1
17:47:22 <browne> true that
17:48:38 <tmcpeak> hyakuhei: should we start planning for summit things now?
17:48:39 <tmcpeak> or later?
17:48:47 <tmcpeak> I won't be there but it sounds like quite a few of you will
17:48:56 <browne> tmcpeak: good point
17:49:10 <hyakuhei> tmcpeak: It’s started
17:49:16 <hyakuhei> We’ve got two fish bowls and two work rooms
17:49:22 <hyakuhei> Bandit can have a WR if it wants it
17:49:27 <hyakuhei> Not sure about the other WR
17:49:37 <hyakuhei> FB - one will be the multil privilege auth issue
17:49:37 <browne> should we start an etherpad?
17:49:38 <tkelsey> hyakuhei: great start
17:49:41 <hyakuhei> yes
17:49:43 <tmcpeak> might be cool to do some inter-project socializing
17:49:46 <tmcpeak> of Bandit
17:50:03 <bknudson> wide receiver? fullback?
17:50:03 <tkelsey> tmcpeak: interesting
17:50:05 <hyakuhei> There’s the cross-project design sessions that we should also try to target heavily
17:50:42 <tkelsey> maybe invite some project guys to come voice their thoughts on bandit gates
17:50:51 <tkelsey> hyakuhei: +1
17:51:24 <tmcpeak> yeah, sounds good
17:51:24 <bknudson> I think once we get enough projects on bandit there will be enough momentum to get every project on it
17:51:35 <tkelsey> bknudson: hope so :)
17:51:43 <tmcpeak> bknudson: that would be awesome
17:51:48 <bknudson> eventually it'll be required for a tag or badge or whatever they call it
17:51:56 <tkelsey> nice
17:52:36 <elmiko> this just popped up on the ml, more food for thought about the privilege cloud user thing. #link http://lists.openstack.org/pipermail/openstack-dev/2015-September/074126.html
17:53:08 <tkelsey> elmiko: interesting
17:53:13 <tkelsey> good spot
17:53:34 <hyakuhei> Yeah that is interesting, we actually had that on the mid-cycle etherpad
17:53:44 <elmiko> that spec has been around for awhile now, but looks like its being moved out of nova into openstack-specs
17:53:54 <hyakuhei> The solution tightly couples to Bandit for identiy which is somewhat scary.
17:54:03 <elmiko> hehe
17:54:10 <hyakuhei> Honestly I think the solution we came up with is considerably more elegant
17:54:13 <chair6> s/Bandit/Barbican/, i hope? :)
17:54:19 <hyakuhei> yeah
17:54:19 <tkelsey> hyakuhei: s/Bandit/Barbican/
17:54:22 <tkelsey> heh lag
17:54:24 <hyakuhei> That would be _really_ scary
17:54:47 <tmcpeak> tightly couple all the things to Bandit
17:54:50 <hyakuhei> elmiko: Maybe we can work on our alternative option next week
17:54:54 * tkelsey hides
17:54:57 <redrobot> hyakuhei why scary?
17:55:01 <elmiko> hyakuhei: sounds good
17:55:44 <hyakuhei> redrobot: because I don’t want identity to pivot back to systems that hang off some other identity provider, it creates wierd cyclic auth paths
17:55:56 <hyakuhei> However, I haven’t read _all_ the words in that spec yet
17:56:29 <hyakuhei> redrobot: We love Barbican but sometimes people want to do “interesting” things with it
17:56:47 <redrobot> hyakuhei lol
17:57:02 <elmiko> also, the spec should probably be focusing on castellan instead of barbican, no?
17:57:13 <hyakuhei> if castellan now does Certificate magics.
17:57:16 <redrobot> elmiko nope, not in this case
17:57:25 <elmiko> ah, ok
17:57:27 <hyakuhei> Which I think someone told me it does?
17:57:39 <redrobot> hyakuhei nope, no certs in castellan
17:57:47 <hyakuhei> ok, that’s probably a good thing :)
17:57:49 <redrobot> actually, I take that back, you can store a cert via Castellan
17:57:56 <hyakuhei> heh
17:58:00 <redrobot> but you can't (and porbably never will) provision certs with Castellan
17:58:24 <hyakuhei> OpenStack : The cloud controller brought to you from the minds of “Inception” … wheels within wheels….
17:58:40 <tmcpeak> lol
17:58:51 <elmiko> lol
17:58:54 <hyakuhei> Ok, I think that’s time people!
17:59:08 <hyakuhei> Anyone else want to annoy redrobot before I call it?
17:59:14 <redrobot> :)
17:59:21 <hyakuhei> #endmeeting