Thursday, 2016-09-22

*** zz_dimtruck is now known as dimtruck00:24
*** Jiahao has quit IRC01:10
openstackgerritzhangyanxian proposed openstack/barbican: Fix typos in alembic.ini &
openstackgerritzhangyanxian proposed openstack/barbican: Fix typos in alembic.ini &
*** woodster_ has quit IRC01:50
*** david-lyle has quit IRC03:03
*** kberger has quit IRC04:15
*** kberger has joined #openstack-barbican04:16
*** alee_afk is now known as alee04:30
*** kberger has quit IRC04:45
*** kberger has joined #openstack-barbican04:46
openstackgerritTony Xu proposed openstack/python-barbicanclient: Add oslo.config to requirements
*** jaosorior has joined #openstack-barbican05:07
*** dimtruck is now known as zz_dimtruck05:22
*** andreas_s has joined #openstack-barbican06:35
*** jamielennox is now known as jamielennox|away08:09
*** jamielennox|away is now known as jamielennox09:18
*** ig0r_ has joined #openstack-barbican09:20
*** kberger has quit IRC10:47
*** kberger has joined #openstack-barbican10:48
*** zigo has quit IRC11:54
*** zigo has joined #openstack-barbican11:58
*** zigo is now known as Guest8360111:59
*** Guest83601 has quit IRC12:03
*** zigo_ has joined #openstack-barbican12:12
*** zigo_ has quit IRC12:17
*** zigo_ has joined #openstack-barbican12:18
*** alee has quit IRC12:23
*** zigo_ has quit IRC12:48
*** zigo_ has joined #openstack-barbican12:51
*** david-lyle has joined #openstack-barbican12:57
*** jperry has joined #openstack-barbican13:09
*** jaosorior has quit IRC13:12
*** jaosorior has joined #openstack-barbican13:13
*** woodster_ has joined #openstack-barbican13:20
*** zz_dimtruck is now known as dimtruck13:20
*** alee has joined #openstack-barbican13:33
*** spotz_zzz is now known as spotz13:56
*** ngupta has joined #openstack-barbican13:58
*** tdink has joined #openstack-barbican14:01
*** tdink has quit IRC14:03
*** jmckind has joined #openstack-barbican14:09
*** panatl has quit IRC14:12
*** dimtruck is now known as zz_dimtruck14:23
*** jaosorior has quit IRC14:29
*** panatl has joined #openstack-barbican14:32
woodster_alee: dave-mccowan FYI, here's a spec related to that cert validation use case and testing mentioned yesterday:
*** randallburt has joined #openstack-barbican14:37
*** tdink has joined #openstack-barbican14:40
dave-mccowanwoodster_ thanks.  i missed the conversation on Cursive.  Looks like it does does signing as a service.  Do you know if it plans to use Barbican for certificate storage?14:41
*** randallburt1 has joined #openstack-barbican14:41
*** edtubill has joined #openstack-barbican14:43
*** randallburt has quit IRC14:44
*** catintheroof has joined #openstack-barbican14:50
*** nkinder has joined #openstack-barbican14:59
*** zz_dimtruck is now known as dimtruck14:59
*** nkinder has quit IRC15:09
*** zigo_ is now known as zigo15:14
*** andreas_s has quit IRC15:17
*** andreas_s has joined #openstack-barbican15:17
*** nkinder has joined #openstack-barbican15:20
*** diazjf has joined #openstack-barbican15:37
*** andreas_s has quit IRC15:42
*** kfarr has joined #openstack-barbican15:55
*** ngupta has quit IRC15:58
*** ngupta has joined #openstack-barbican15:59
*** ngupta has quit IRC16:00
*** ngupta has joined #openstack-barbican16:00
kfarrdave-mccowan woodster_ cursive uses castellan, so yes it can use barbican to store certs16:01
*** diazjf has quit IRC16:01
kfarralso alee, catching up on the chat logs from yesterday, it wasn't my patch that broke cinder volume encryption >:-( though I worked on the fix16:03
aleekfarr, sorry - my bad - I appreciate that you worked on the fix though :)16:04
*** tdink has quit IRC16:04
*** tdink has joined #openstack-barbican16:05
dave-mccowankfarr cool.  should we have a Cursive/Barbican meetup at summit?  do they want to be part of the big tent?16:06
kfarrdave-mccowan, well, cursive is just a python utility library, similar to castellan16:07
woodster_kfarr: who created cursive?16:07
kfarrreally the only person who's been working on it who will be at the summit is dane-fichter, though I'm tangentially involved16:07
kfarrDane Fichter created it, on our APL team here16:07
woodster_kfarr: dane-fichter is tasked with adding a nova cert verify dev stack task, that's what started the conversations around this yesterday16:08
aleekfarr, ah - I was wondering who Dane Fichter was ..16:08
kfarrwoodster_, yeah I heard about it16:08
kfarrwould be really great to have an upstream gate check that used Barbican16:09
dave-mccowanif it makes sense to everyone, maybe Cursive could be added as a repo under the Barbican umbrella.  signing as a service has been on the list for a while now.16:10
woodster_kfarr: there was also talk of just adding such integration tests to demonstrate 'maturity' as one Nova core put it16:10
kfarrdave-mccowan, it's not a service right now, though16:11
dave-mccowankfarr do you know if Cursive has talked to Magnum or Designate?  (other projects who wanted to check signatures)16:13
kfarrdave-mccowan, AFAIK, Dane hasn't talked to any Magnum or Designate folks16:13
kfarralso redrobot alee diazjf (am I forgetting anyone?) I had an important meeting pop up at the same time as our meeting later today16:18
kfarrCould we shift the meeting back an hour?  Otherwise I will just try to catch the end of it16:19
aleekfarr, ok with me16:20
redrobotshift back == earlier or later?16:20
*** jperry has quit IRC16:20
*** jperry has joined #openstack-barbican16:20
alee(I assumed that meant later)16:20
kfarroh yeah, sorry, shift later16:21
redrobotyeah, I should be able to do that. just gotta move another meeting around.16:22
openstackgerritMerged openstack/python-barbicanclient: Add oslo.config to requirements
*** jperry has quit IRC16:28
aleekfarr, redrobot I don't think diazf is online16:28
aleekfarr, redrobot  -lets assume 3pm EST then pending further updates .. going to lunch now ..16:29
*** jperry has joined #openstack-barbican16:29
*** alee is now known as alee_lunch16:29
kfarrok thanks alee!16:29
*** edtubill has quit IRC16:39
*** zigo has quit IRC16:41
*** zigo has joined #openstack-barbican16:51
*** zigo is now known as Guest1865616:52
*** Guest18656 has quit IRC16:56
*** zigo_ has joined #openstack-barbican16:59
*** tkelsey has joined #openstack-barbican17:02
*** zigo_ has quit IRC17:07
*** zigo_ has joined #openstack-barbican17:11
*** edtubill has joined #openstack-barbican17:34
*** diazjf has joined #openstack-barbican17:34
*** tkelsey has quit IRC18:01
*** diazjf has quit IRC18:06
*** ngupta_ has joined #openstack-barbican18:09
*** ig0r_ has quit IRC18:09
*** jay_ has joined #openstack-barbican18:09
jay_hi all18:10
jay_i am facing issue with listener create18:10
jay_with liberty barbican18:10
jay_passing default-tls-container-ref parameter while creating listener18:11
jay_it errors out18:11
jay_ERROR: Could not process TLS container http://x.x.x.x:9311/v1/containers/05b750e5-ef14-4afc-b4fe-2b4949cf3356, Invalid user / password (Disable debug mode to suppress these details.)18:12
*** ngupta has quit IRC18:12
jay_i have configd this in neutron.conf18:12
jay_admin_tenant_name = admin admin_user = admin admin_password = password auth_version = v218:13
jay_under [keystone_authtoken]18:14
*** diazjf has joined #openstack-barbican18:14
jay_any idea , anyone faced similar issue18:14
*** ngupta_ has quit IRC18:20
*** ngupta has joined #openstack-barbican18:20
jay_in neutron_lbaas.conf did the foll config18:21
jay_[service_auth] auth_uri = http://localhost:35357/v2.0 admin_tenant_name = admin admin_user = admin admin_password = password auth_version = 218:21
*** ngupta_ has joined #openstack-barbican18:22
*** ngupta_ has quit IRC18:25
*** ngupta_ has joined #openstack-barbican18:26
*** arunkant__ has joined #openstack-barbican18:26
*** ngupta has quit IRC18:26
*** jay_ has quit IRC18:28
*** diazjf has quit IRC18:30
*** ngupta_ has quit IRC18:30
*** jperry has quit IRC18:35
*** jperry has joined #openstack-barbican18:35
*** alee_lunch is now known as alee18:41
*** jperry has quit IRC18:41
*** jperry has joined #openstack-barbican18:42
*** kfarr_ has joined #openstack-barbican18:46
*** ngupta has joined #openstack-barbican18:53
*** diazjf has joined #openstack-barbican18:59
diazjfalee, kfarr, redrobot, I'm here! saw the meeting was moved to 3:00PM EST19:01
aleeredrobot, is there a link for the google hangout?19:01
redrobotyeah, give me a sec19:01
kfarr_alee diazjf redrobot19:01
kfarr_I don't think there was one19:01
kfarr_but I just made one?19:01
redrobotkfarr_ have you tried turning the volume up?19:05
kfarr_haha thank redrobot19:05
kfarr_yeah I can hear everything else19:05
arunkant__can someone please review and possibly merge this..
*** zigo_ is now known as zigo19:30
openstackgerritdane-fichter proposed openstack/barbican: Improve devstack configuration
*** ngupta has quit IRC19:51
*** ngupta has joined #openstack-barbican19:52
*** ngupta_ has joined #openstack-barbican19:54
*** ngupta has quit IRC19:56
woodster_redrobot: dave-mccowan A bit of architectural discussion regarding Barbican at the arch-wg meeting today:
woodster_It woudl be good to meet with these folks at the summit...might give Barbican more cred with the community, though they are skeptical of the value of barbican without HSMs of course. It seems we need a soft HSM option that is better than saving master keks in conf files :)20:04
* woodster_ a default option that is20:04
*** diazjf has quit IRC20:07
woodster_alee: arunkant__ ^^^^20:08
aleewoodster_, and of course dogtag allows you to do this without hsms ..20:15
*** ngupta_ has quit IRC20:16
*** ngupta has joined #openstack-barbican20:17
*** diazjf has joined #openstack-barbican20:18
*** ngupta has quit IRC20:21
dave-mccowanwoodster_ i think barbican provides some value over keys in conf files.  1) you can have different keys for different instances, 2) you can store the keys on a different drive than both the config file and the data.20:24
kfarr_dave-mccowan +1 +120:25
*** ngupta has joined #openstack-barbican20:30
kfarr_redrobot, did you close on a house / was that a wall of the new house providing your backdrop during the video call? :)20:31
redrobotkfarr_ unfortunately, we didn't :(20:32
kfarr_redrobot noooo :(20:32
redrobotkfarr_ house needed a lot of repairs and the sellers didn't want to fix and/or lower the price. :-\20:32
kfarr_redrobot ugh that's a bummer20:33
kfarr_diazjf is it possible you could send the flask code this week instead of next just so I could take a look at it sooner?20:33
kfarr_next week will be pretty hectic for me20:34
woodster_dave-mccowan: kfarr I mean the default simple crypto for barbican that stores the master kek in the barbican conf file20:35
woodster_redrobot: sorry to hear that!20:36
woodster_alee: doesn't dogtag use an hsm as its backend?20:36
redrobotwoodster_ ¯\_(ツ)_/¯ we'll find the right house one of these days...20:37
aleewoodster_, dogtag can use either hsm or nss db as backend20:37
dave-mccowanwoodster_ even then, as long as the key database is on a different drive than the barbican conf file, i think there is some additional security compared to have one encryption key in the nova config file.20:39
woodster_dave-mccowan: agreed. There are several gray levels of security. It would be good to find a home for Barbican for all of these levels (in the minds of deployers/other OS projects)20:40
woodster_redrobot: yeah don't give up20:40
woodster_alee: I'd forgotten about nss db20:41
aleewoodster_, yup20:43
aleewoodster_, redrobot we really need to get that deployment guide fixed up ..20:44
dave-mccowanalee is the deployment guide in to repo?20:45
aleedave-mccowan, yup in the barbican tree20:46
aleedave-mccowan, its just not in a final form yet ..20:46
aleeparts missing ..20:46
aleedave-mccowan, there is a tox target to build it ..20:47
aleetox -e install-guide iirc ..20:47
dave-mccowanalee doc/source/admin-guide-cloud?20:48
aleedave-mccowan, no -- top-level install-guide20:49
*** spotz is now known as spotz_zzz20:50
aleedave-mccowan, tox -e install-guide20:51
dave-mccowanalee got it.  i was looking in an old branch20:51
aleedave-mccowan, builds in install-guide/build/html20:52
*** diazjf has quit IRC20:56
*** diazjf has joined #openstack-barbican20:59
*** kfarr_ has quit IRC21:09
*** diazjf has quit IRC21:15
*** diazjf has joined #openstack-barbican21:22
*** randallburt1 has quit IRC21:22
*** gyee has joined #openstack-barbican21:27
diazjfkfarr sure I'll take a look tonight and see if I can find it21:32
*** strigazi has quit IRC21:37
*** DuncanT has quit IRC21:37
*** diazjf has quit IRC21:37
*** alee has quit IRC21:37
*** vipul has quit IRC21:37
*** jorgem has quit IRC21:37
*** julian1 has quit IRC21:37
*** madorn has quit IRC21:37
*** kragniz has quit IRC21:37
*** sigmavirus has quit IRC21:37
*** rhagarty_ has quit IRC21:37
*** stupidnic has quit IRC21:37
*** stevemar has quit IRC21:37
*** eglute has quit IRC21:37
*** jvrbanac has quit IRC21:37
*** jroll has quit IRC21:37
*** jamielennox has quit IRC21:37
*** beisner has quit IRC21:37
*** cargonza has quit IRC21:37
*** dimtruck has quit IRC21:37
*** haplo37_ has quit IRC21:37
*** spotz_zzz has quit IRC21:37
*** diazjf has joined #openstack-barbican21:38
*** alee has joined #openstack-barbican21:38
*** vipul has joined #openstack-barbican21:38
*** jorgem has joined #openstack-barbican21:38
*** julian1 has joined #openstack-barbican21:38
*** madorn has joined #openstack-barbican21:38
*** kragniz has joined #openstack-barbican21:38
*** sigmavirus has joined #openstack-barbican21:38
*** jroll has joined #openstack-barbican21:40
*** jamielennox has joined #openstack-barbican21:40
*** beisner has joined #openstack-barbican21:40
*** dimtruck has joined #openstack-barbican21:40
*** haplo37_ has joined #openstack-barbican21:40
*** spotz_zzz has joined #openstack-barbican21:40
*** alee has quit IRC21:40
*** strigazi has joined #openstack-barbican21:41
*** rhagarty_ has joined #openstack-barbican21:42
*** stupidnic has joined #openstack-barbican21:42
*** stevemar has joined #openstack-barbican21:42
*** eglute has joined #openstack-barbican21:42
*** jvrbanac has joined #openstack-barbican21:42
*** tdink has quit IRC21:47
*** jmckind has quit IRC21:50
*** jperry has quit IRC22:01
*** cargonza has joined #openstack-barbican22:04
*** DuncanT has joined #openstack-barbican22:08
*** edtubill has quit IRC22:09
*** nickchase has joined #openstack-barbican22:14
*** nickchase has quit IRC22:15
*** ngupta has quit IRC22:15
*** ngupta has joined #openstack-barbican22:16
*** nickchase has joined #openstack-barbican22:17
nickchaseHey, all, quick question: what is Castellan and how does it relate to Barbican?22:19
*** ngupta has quit IRC22:20
*** diazjf has quit IRC22:22
*** ngupta has joined #openstack-barbican22:30
*** nickchase has quit IRC22:40
*** alee has joined #openstack-barbican22:42
*** ngupta has quit IRC22:54
*** randallburt has joined #openstack-barbican22:54
*** ngupta has joined #openstack-barbican22:54
*** randallburt1 has joined #openstack-barbican22:58
*** ngupta has quit IRC22:59
*** ngupta has joined #openstack-barbican23:00
*** randallburt has quit IRC23:02
*** randallburt1 has quit IRC23:14
*** ngupta has quit IRC23:18
*** ngupta has joined #openstack-barbican23:18
*** ngupta has quit IRC23:23
*** ngupta has joined #openstack-barbican23:28
*** ngupta has quit IRC23:51
*** ngupta has joined #openstack-barbican23:51
*** arunkant__ has quit IRC23:56

Generated by 2.14.0 by Marius Gedminas - find it at!