Tuesday, 2018-03-20

aleebarbican weekly meeting starting soon ..02:59
alee#startmeeting barbican03:00
openstackMeeting started Tue Mar 20 03:00:21 2018 UTC and is due to finish in 60 minutes.  The chair is alee. Information about MeetBot at http://wiki.debian.org/MeetBot.03:00
alee#topic roll call03:00
liujionghi alee03:02
aleehey Jeremy03:02
aleeliujiong, looking pretty sparse today (tonight).03:03
liujiongyeah, seems just you and me03:03
aleeliujiong, lets wait a couple minutes to see if anyone else shows up03:03
alee#topic rocky tracker03:06
*** openstack changes topic to "rocky tracker (Meeting topic: barbican)"03:06
aleeliujiong, wel, as its just the two of us -- we can probably run through the agenda pretty quickly03:06
liujiongI've seen that list03:07
aleeliujiong, I don't have much to add on the tracker at this point - other  than we need some volunteers to take on some of the community goals03:08
aleeliujiong, is there anything that you want to work on feature wise in rocky?03:08
liujiongyeah, got no idea about community goals03:08
aleeliujiong, one is about configuration changes without a service restart03:09
aleeliujiong, the second appears to be about the use of mox as opposed to mock .  I think we might already meet this goal03:10
aleebut other than the community goal, is there something you wanted to see in barbican in rocky?03:11
aleeor any bugs you wanted to fix?03:12
liujiongI don't think I want to bring some new feature in this release03:12
liujiongbut I do plan to test more barbican use cases03:12
liujiongabout HA, integrating with cinder/glance/nova etc.03:13
aleeliujiong, ok fair enough - more features are likely to come out of that testing03:13
aleeare you going to be using hsms?  or sgx?  or otheres>03:13
liujiongyes, I will spend some time to integrate sgx with barbican03:14
aleecool - maybe that will result in some sgx integration in S ..03:15
alee#topic summit03:15
*** openstack changes topic to "summit (Meeting topic: barbican)"03:15
aleeThe summit schedule has come out.03:15
liujiongany topic related with barbican?03:16
aleeand while the perennial barbican workshop is no longer there, there wil be a project update/ onboarding session03:16
aleeand a few barbican talks03:16
aleelooks like someone created a volume encryption service based on barbican and tatu - ssh as a service.03:17
aleewill you be attending the summit?03:17
liujiongno, I won't be there this time03:18
aleeat past summits, we had a wiki /etherpadwith topics to discuss at the summit for the attendees there.03:19
aleeI'll suggest similar maybe as we get closer in case anyone will be there03:19
alee#topic open03:20
*** openstack changes topic to "open (Meeting topic: barbican)"03:20
aleethats all I have in particular today -- anything else you'd like to discuss?03:20
liujiongno, nothing else03:21
aleecool - we'll cut it short then -- thanks for coming -- and also for keeping up on all the reviews!03:21
liujiongalee, good night03:22
aleeliujiong, good afternnon to you :)03:23
*** alee has joined #openstack-barbican13:20
jaosorioralee: which HSMs had barbican been tested in? beisner was asking above.13:24
beisnerappreciate your input.  i'm looking into acquiring some hsm units, but would like to poll the audience re: specific models and experiences with those models.13:27
aleebeisner, jaosorior - I believe rackspace had a production environment with lunasas13:39
aleeI know that they had to do a bunch of tuning - but I'm not sure what they did was ever published.13:39
aleethe dogtag plugin works against both lunasa and thales hsms (like nethsm)13:40
aleeand has been used with the thales nethsm in the barbican workshop the last few summits13:41
aleewe'll (Red Hat) be looking into performance testing/ tuning with the thales hsms soon.13:42
aleewith both the dogtag and pkcs11 plugins13:42
aleealso namh had mentioned that his company had been using hsms -- not sure which versions13:43
beisnerthanks for the input alee - appreciate that.18:02
aleebeisner, np18:30
*** salmankhan has joined #openstack-barbican20:45
*** dave-mccowan has joined #openstack-barbican20:59
beisnerhi jaosorior alee - there was once a hashicorp vault plugin in dev for barbican.  afaict it didn't land.  is that current/correct assessment of that plugin status?21:39
beisner(one ref: https://review.openstack.org/#/c/438009/ )\21:40
*** alee has joined #openstack-barbican23:43
