Tuesday, 2018-06-26

*** ducnv has joined #openstack-barbican00:50
*** namnh has joined #openstack-barbican00:58
*** DongHM has joined #openstack-barbican01:31
*** ducnv has left #openstack-barbican01:33
*** ducnv has joined #openstack-barbican01:34
*** mhen has quit IRC01:39
*** mhen has joined #openstack-barbican01:41
*** tovin07 has joined #openstack-barbican02:08
*** tovin07 has quit IRC02:10
*** annp has joined #openstack-barbican03:39
*** ducnv has quit IRC03:54
*** ducnv has joined #openstack-barbican04:19
*** dims has quit IRC04:30
*** dims has joined #openstack-barbican04:35
*** ducnv has quit IRC04:42
*** strigazi has quit IRC05:17
*** strigazi has joined #openstack-barbican05:19
*** strigazi_ has joined #openstack-barbican05:24
*** strigazi has quit IRC05:27
*** ducnv has joined #openstack-barbican06:00
*** Luzi has joined #openstack-barbican06:01
*** openstackgerrit has quit IRC06:04
*** peereb has joined #openstack-barbican06:48
*** peereb has quit IRC06:49
*** peereb has joined #openstack-barbican06:49
*** peereb has quit IRC06:50
*** serlex has joined #openstack-barbican07:01
*** ducnv has quit IRC07:06
*** namnh has quit IRC07:06
*** pcaruana has joined #openstack-barbican07:20
*** jaosorior has quit IRC08:39
*** salmankhan has joined #openstack-barbican09:01
*** ducnv has joined #openstack-barbican09:42
*** strigazi_ is now known as strigazi09:47
*** ducnv_ has joined #openstack-barbican09:53
*** ducnv has quit IRC09:54
*** ducnv_ has left #openstack-barbican09:54
*** ducnv_ has joined #openstack-barbican09:54
*** ducnv_ has quit IRC09:55
*** ducnv has joined #openstack-barbican09:55
*** jaosorior has joined #openstack-barbican10:29
*** DongHM has quit IRC10:38
*** annp has quit IRC10:58
*** tovin07 has joined #openstack-barbican11:30
*** namnh has joined #openstack-barbican11:30
*** openstackgerrit has joined #openstack-barbican11:34
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican master: Remove unused policy enforcer attributes  https://review.openstack.org/57807111:34
*** asbishop has joined #openstack-barbican11:59
redrobot#startmeeting barbican12:00
openstackMeeting started Tue Jun 26 12:00:09 2018 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.12:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.12:00
*** openstack changes topic to " (Meeting topic: barbican)"12:00
openstackThe meeting name has been set to 'barbican'12:00
redrobot#topic Roll Call12:00
*** openstack changes topic to "Roll Call (Meeting topic: barbican)"12:00
redrobothi namnh!12:01
lxkonghi guys12:01
namnhhi redrobot :)12:01
Luzihi all12:01
redrobotlots of folks here today! 😁12:03
redrobotHere is the link to the agenda:12:03
redrobot#link https://wiki.openstack.org/wiki/Meetings/Barbican12:03
redrobotwhich I'm not sure anyone uses...12:03
redrobotso we're just going to wing it again12:03
redrobotLet's see..12:04
redrobot#topic Action Items from last meeting12:04
namnhLOL, sorry, i did not append my topic today, so can I still discuss as usual12:04
*** openstack changes topic to "Action Items from last meeting (Meeting topic: barbican)"12:04
redrobot#link http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-06-19-12.01.html12:05
redrobot"Luzi to add a story to Storyboard for adding AES 512 keys to barbican"12:05
Luziand up for review12:05
redrobot#link https://storyboard.openstack.org/#!/story/200261212:06
redrobot#link https://review.openstack.org/#/c/577096/12:06
redrobotI have not had a chance to review, unfortunately.  But I'll try to get to it this week for sure.12:06
redrobotanything you need to mention Luzi ?12:06
Luzinot really12:07
redrobotok, moving on12:07
redrobot"redrobot to follow up with infra team regarding the meeting time change on the eavesdrop website"12:08
redrobotI didn't talk to the infra folks... but the time has been updated on the eavesdrop site:12:08
redrobot#link http://eavesdrop.openstack.org/#Barbican_Meeting12:08
redrobotso I think we're good on that12:08
redrobotok, moving on12:08
redrobot#topic Castellan key store as base service12:09
*** openstack changes topic to "Castellan key store as base service (Meeting topic: barbican)"12:09
redrobot#link https://review.openstack.org/#/c/572656/12:09
redrobotlooks like the patch to openstack/governance has merged12:10
redrobotwhich is awesome12:10
redrobotI think Castellan still needs some TLC, but I don't have any patches to talk about right now.12:11
namnhgreat news12:11
redrobotthat's all I have for Castellan...12:12
redrobotany questions/comments?12:12
*** raildo has joined #openstack-barbican12:12
redrobotok, moving on12:13
redrobotnamnh, you said you had a topic to talk about?12:13
namnhyeah, for rolling upgrade in barbican. that I am taking care12:14
redrobot#topic Rolling Upgrades12:14
*** openstack changes topic to "Rolling Upgrades (Meeting topic: barbican)"12:14
redrobotnamnh, go ahead12:14
namnhsome patch sets. https://review.openstack.org/#/c/50024412:15
namnhwhich i would like to get some reviews12:15
namnhredrobot: would you mind helping me to review the patch sets.12:15
namnhnormally, Ade will review the patches for me. but i don't see him recently12:16
redrobotI've started looking at the OVO[3] patch.  Unfortunately, my review has been quite slow as I am not familiar with a lot of the stuff that is being changed.12:16
namnhdo you know reasons?12:17
redrobotyeah, Ade has been on vacation for about 2 weeks12:17
redrobotI think he _may_ be back next week?12:17
redrobotthat's why I've been doing the meetings the last couple of weeks. 😬12:17
namnhI understood, thanks :)12:18
redrobotLuzi, ducnv lxkong please feel free to review as well ☝12:18
redrobotanything else you want to comment about namnh ?12:19
namnhmoreover, I am writing unit-tests for it. you can review it, and i think it will be easy for you to understand12:19
namnhi will push more patch set about unit-test on this week.12:19
redrobot#help we need more reviews on namnh's OVO patches12:20
namnhit will be great to get your comment.12:20
namnhredrobot: thanks :)12:20
ducnvredrobot, i am quite new :))12:20
namnhredrobot: duc is my co-worker, he will join barbican team for now on :)12:20
redrobotducnv, welcome! 😁12:21
namnhokay, that's all my comments12:22
ducnvthis is first day I join channel12:22
redrobotducnv, well, I'm glad you've decided to join us. 😁12:23
redrobotok, moving on12:23
redrobotanyone else have topics that didn't make it to the Agenda?12:23
redrobotI'll take that as a no.12:25
redrobotI can't think of anything else off the top of my head12:25
lxkongguys, may i ask a question? I asked several days ago but didn't get any answer. Not sure it's a good chance12:25
redrobotlxkong, sure, what's up?12:26
lxkongDid anyone of you already deploy Barbican in production?12:26
lxkongI'm asking because we are going to deploy barbican in our cloud12:26
lxkongbut we are happy to know if there is anyone already done that, pitfalls, experiences, etc.12:27
Luzino but we are planning to do so12:27
redrobotI deployed Barbican to production at Rackspace a couple of years ago.  Unfortunately, it's not online anymore.12:27
lxkongredrobot: which secret store backend were you using?12:27
redrobotPKCS#11 backed by Safenet Luna SA HSMs12:27
redrobotwe had 2x HSMs per deployment12:27
redrobotfor HA12:28
redrobotas well as offsite key backups of the master keys in Safenet backup devices12:28
lxkongthere is an open source HSM implementation named SoftHSM, anyone has experince of it?12:29
lxkongwe are a small company relies on open source software12:29
lxkongso maybe the hardware HSM is not our option :-(12:29
redrobotI've played around with SoftHSM before12:30
lxkongredrobot: did you try to integrate that with Barbican?12:30
lxkongdoes that work?12:30
redrobotto be honest, I think it may be more trouble than it's worth...  I think you may be able to get the same level of security with the SimpleCrypto backend12:30
redrobotSoftHSM had some issues, as the mechanisms available are different than Safenet Luna's12:31
redroboteven though they're both PKCS#1112:31
redrobotbut at the end of the day, SoftHSM is just a key in memory, just like SimpleCrypto12:31
redrobotSoftHSM v2 is supposed to be a lot better, but I'm not sure what the status of it is12:32
redrobotit's been a couple of years since I looked at it, and v2 was just starting to be developed back then.12:32
lxkongyeah, we are jsut going to evaluate v212:32
lxkongusing PKCS#11 + SoftHSM will make it possible to migrate to hardware HSM in future, right?12:33
redrobotlxkong, yes, I think so... especially if you can extract the master key from SoftHSM and store it in the real HSM12:34
redrobotthe p11 plugin may need some work12:34
redrobotdepending on what mechanisms SoftHSM v2 makes available12:35
lxkongseems we will have a lot of work to do12:35
redrobotyup 😬12:35
lxkongredrobot: thanks so much for your answer12:36
redrobotlet me know if you run into issues with PKCS#11 as it is something that I'm super interested in12:36
*** _tovin07_ has joined #openstack-barbican12:36
lxkongLuzi: you said you are also going to deploy barbican, anything wanna share?12:36
Luziwe want12:36
Luziwe are currently evaluating Safenet HSM12:37
lxkongok, you are rich :-)12:37
Luzii am not... i just work in a nice team :)12:38
lxkongLuzi: good to know anyway, thanks12:38
lxkongredrobot: i'm done12:39
redrobotany other topics?12:39
redrobotalrighty then... looks like we're finished with 20 minutes to spare! 😁12:40
*** openstack changes topic to "Discussion about development of OpenStack Barbican and its client libraries. - Logs: http://eavesdrop.openstack.org/irclogs/%23openstack-barbican/"12:41
openstackMeeting ended Tue Jun 26 12:40:59 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)12:41
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-06-26-12.00.html12:41
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-06-26-12.00.txt12:41
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-06-26-12.00.log.html12:41
redrobotthanks for coming everyone!12:41
lxkongthank you12:41
*** ducnv has left #openstack-barbican12:42
*** _tovin07_ has quit IRC12:58
*** namnh has quit IRC13:06
openstackgerritJuan Antonio Osorio Robles proposed openstack/barbican master: Remove unused policy enforcer attributes  https://review.openstack.org/57807113:30
*** jaosorior has quit IRC13:59
*** Luzi has quit IRC14:31
*** antosh has joined #openstack-barbican14:40
*** namnh has joined #openstack-barbican14:53
*** FrankZhang has joined #openstack-barbican15:02
*** serlex has quit IRC15:09
*** pcaruana has quit IRC15:42
*** pbourke has quit IRC15:47
*** pbourke has joined #openstack-barbican15:49
*** jmlowe has quit IRC16:11
*** namnh has quit IRC16:16
*** salmankhan has quit IRC17:11
*** jaosorior has joined #openstack-barbican18:13
*** jmlowe has joined #openstack-barbican18:31
*** antosh has quit IRC18:33
*** antosh has joined #openstack-barbican18:50
*** raildo has quit IRC20:20
*** FrankZhang has quit IRC20:50
*** jmlowe has quit IRC20:51
*** asbishop is now known as abishop21:14
*** jmlowe has joined #openstack-barbican21:17
*** abishop has quit IRC21:19
*** FrankZhang has joined #openstack-barbican21:21
*** jmlowe has quit IRC21:29
*** FrankZhang_ has joined #openstack-barbican21:29
*** FrankZhang has quit IRC21:30
*** antosh has quit IRC21:43
*** antosh has joined #openstack-barbican22:12
*** jmlowe has joined #openstack-barbican22:13
*** FrankZhang_ has quit IRC22:41
*** FrankZhang has joined #openstack-barbican22:42
*** Kevin_Zheng has joined #openstack-barbican23:05
*** antosh has quit IRC23:39

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!