Tuesday, 2018-07-17

*** antosh has quit IRC00:20
*** abishop has quit IRC01:45
*** mhen has quit IRC01:48
*** mhen has joined #openstack-barbican01:50
*** dave-mccowan has joined #openstack-barbican02:06
*** dave-mcc_ has joined #openstack-barbican02:24
*** dave-mccowan has quit IRC02:25
*** openstackgerrit has joined #openstack-barbican02:46
openstackgerritVu Cong Tuan proposed openstack/barbican master: Switch to stestr  https://review.openstack.org/58161902:46
*** dave-mcc_ has quit IRC03:30
*** Luzi has joined #openstack-barbican05:52
*** DongHM has joined #openstack-barbican06:13
*** alee has quit IRC06:28
*** alee has joined #openstack-barbican06:28
*** alee has quit IRC06:29
*** alee has joined #openstack-barbican06:30
*** velizarx has joined #openstack-barbican06:46
*** Luzi has quit IRC06:50
*** velizarx has quit IRC07:03
*** peereb has joined #openstack-barbican07:04
*** Luzi has joined #openstack-barbican07:05
*** serlex has quit IRC07:12
*** velizarx has joined #openstack-barbican07:23
*** ducnv has quit IRC07:39
*** ducnv has joined #openstack-barbican07:39
*** pbourke has quit IRC08:35
openstackgerritLingxian Kong proposed openstack/barbican master: Fix getting secret for vault plugin  https://review.openstack.org/58314908:36
*** serlex has joined #openstack-barbican08:39
*** pbourke has joined #openstack-barbican08:52
*** annp has quit IRC09:18
*** DongHM has quit IRC09:25
*** annp has joined #openstack-barbican09:26
*** salmankhan has joined #openstack-barbican09:30
*** Luzi has quit IRC10:34
*** velizarx has quit IRC10:54
*** velizarx has joined #openstack-barbican10:58
*** noslzzp has joined #openstack-barbican10:59
*** dave-mccowan has joined #openstack-barbican11:18
*** abishop has joined #openstack-barbican11:39
*** vanduc_ has joined #openstack-barbican11:41
*** alee_ has joined #openstack-barbican11:42
*** alee has quit IRC11:44
*** Luzi has joined #openstack-barbican11:49
*** vanduc_ has quit IRC11:58
*** ducnv_ has joined #openstack-barbican11:58
redrobotdave-mccowan, o/12:00
dave-mccowanhi redrobot o/12:00
redrobotdave-mccowan, alee said you're leading the barbican meeting right now?12:05
dave-mccowansorry, lost track of time.  thanks!12:05
dave-mccowan#startmeeting barbican12:05
openstackMeeting started Tue Jul 17 12:05:40 2018 UTC and is due to finish in 60 minutes.  The chair is dave-mccowan. Information about MeetBot at http://wiki.debian.org/MeetBot.12:05
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.12:05
*** openstack changes topic to " (Meeting topic: barbican)"12:05
openstackThe meeting name has been set to 'barbican'12:05
dave-mccowan#topic roll call12:05
*** openstack changes topic to "roll call (Meeting topic: barbican)"12:05
dave-mccowanis there an agenda posted?12:07
dave-mccowani don't see one on the agenda page.12:08
dave-mccowan#topic milestone 312:08
*** openstack changes topic to "milestone 3 (Meeting topic: barbican)"12:08
dave-mccowanthis week is the deadline for milestone 3 for the release12:08
dave-mccowandoes anyone have status to discuss for development line item?12:09
dave-mccowanwe should be feature-complete after this deadline, and move on to testing and bug fixing for the rest of the cycle.12:09
*** namnh has joined #openstack-barbican12:10
dave-mccowanhi namnh12:11
dave-mccowanok, in that case, please help out with patch reviews for the next couple of days so we can get as much as possible in for m3.12:11
namnhalee_: :)) Hi Ade, long time no chat :)12:12
dave-mccowan#topic barbican client12:12
*** openstack changes topic to "barbican client (Meeting topic: barbican)"12:12
dave-mccowanm3 is also usually the release date for client libraries.  has anyone been working with the client lately?  is it good for release?12:12
redrobotnamnh, I don't think alee_ is here... probably just a bouncer.12:13
redrobotpretty sure the client needs some TLC12:13
redrobotnot sure if anyone has picked up the UUID issue12:13
namnhdave-mccowan: hi dave, maybe I sent wrong address ;)12:13
redrobotbut it would be awesome if we could get it done before m312:13
dave-mccowanredrobot yep.  people keep asking about it, but i don't think anyone is working on it.12:14
dave-mccowani finally got --file parameter submitted.  but, there's still a couple other things that have been hanging around for a very long time.12:15
redrobotI'll try to get a lot of reviewing done this week12:16
dave-mccowanredrobot thanks!12:16
namnhredrobot: thanks !12:16
dave-mccowanboth testing and reviewing would be great from anyone who can spend some time early this week.  (especially for barbican client)12:17
dave-mccowan#topic validation12:17
*** openstack changes topic to "validation (Meeting topic: barbican)"12:17
dave-mccowanLuzi:  last week you and Ade talked about bit length validation.  do you have an update or any further questions?12:18
Luzino, he wanted to discuss this with more people12:18
redrobot#link https://review.openstack.org/#/c/575800/12:19
redrobotLuzi, I think this is the place to discuss :D12:19
dave-mccowanredrobot excellent!12:19
dave-mccowan#topic OVO12:19
*** openstack changes topic to "OVO (Meeting topic: barbican)"12:19
dave-mccowannamnh How's OVO going?12:20
namnhyeah, I am writing unittests for OVO12:20
redrobotI think we still need lots o' reviews too12:20
namnhthere are some patch sets which I pushed12:20
namnhbut, for now, I am an idea about this task12:21
namnhbecause, the final target is that Barbican can rolling upgrade.12:22
namnhafter I review all barbican database, RPC -> there is no change in the recent cycle.12:22
namnhand I tried to rolling upgrade with barbican, and the result is good. So I am thinking that we can create a docs to guide operators to rolling upgrade12:24
namnhafter that we can also push a patch set to get "rolling upgrade" tag from TC.12:24
namnhthen we still continue to  implement  OVO as Neutron is doing12:25
namnhwhat do you think?12:25
namnhdave-mccowan and redrobot12:26
redrobotHmm... I thought OVO was required for rolling upgrades?  Would be aewsome if it's not12:26
dave-mccowani see... since there is no database change in Queens to Rocky, then we can roll without OVO for that upgrade.12:26
dave-mccowanthat seems like it is cheating.  without OVO, we can't promise that R to S upgrade will be rolling.  i don't think we should request the tag until OVO is working.12:28
namnhredrobot: OVO is a method for rolling upgrade, but it is not required. It depends on the architecture of each project.12:28
namnhdave-mccowan: yeah, I know, as I mentioned, we still implement OVO after creating docs for rolling-upgrade12:29
namnhdave-mccowan: because OVO take time for us. Although, Barbican for now can be upgraded without downtime.12:30
namnhand I believe that Barbican can rolling upgrade from Pike12:32
dave-mccowanwe can wait for Ade to return to discuss more.  but, i'm not totally comfortable claiming support without OVO, since we don't know release S will contain.12:32
namnhdave-mccowan: Yeah, I understood, that is just my idea to discuss :)12:33
dave-mccowannamnh Thanks for suggesting it.  Maybe we can document it for operators with a warning?  We should make it a goal to merge OVO before we merge a patch that changes the database.12:34
dave-mccowan#topic Anything else?12:35
*** openstack changes topic to "Anything else? (Meeting topic: barbican)"12:35
Luziwell, I would at least like to hear, what you all think about https://review.openstack.org/#/c/577096/12:36
namnhdave-mccowan: btw, can you review the OVO patch set that got +2 from Ade12:36
dave-mccowannamnh yes, i'll do that today.12:36
namnhdave-mccowan: thanks :)12:36
Luzishould there be still a validation for bit-lengths, which would need to allow 512 bits for aes-xts12:37
Luzior should barbican be able to generate keys of any bit length?12:37
dave-mccowansimple sounds good to me.  seems like we'll always be chasing the future if we try to maintain a list of supported bit lengths for each new thing.12:40
*** raildo has joined #openstack-barbican12:40
dave-mccowananyone else?  redrobot namnh?12:40
namnhdave-mccowan: that's all from me.12:41
redrobotI may be the only dissenting opinion about bit lengths.  I'm on the explicitly supported in some crypto algorithm camp.12:41
dave-mccowanredrobot cool.  let's discuss in the review:  https://review.openstack.org/#/c/577096/12:42
Luziredrobot, that's something i also consider.12:42
redrobotI've been deep diving into Vault.  I think the Vault plugin for both Barbican and Castellan will need some improvements.12:42
redrobotright now they depend on a ROOT TOKEN to work12:43
redrobotbut no one in their right mind should be using root tokens that way12:43
redrobotVault docs say: "the Vault team recommends that root tokens are only used for just enough initial setup (usually, setting up auth methods and policies necessary to allow administrators to acquire more limited tokens) or in emergencies, and are revoked immediately after they are no longer needed."12:43
redrobotso, I'm digging into Vault Policy and hope to come up with a better scheme for using non-root tokens12:43
dave-mccowanredrobot thanks!12:44
redrobotThat's all I got...12:45
*** raildo has quit IRC12:45
dave-mccowanThanks everyone!  See ya later...12:45
*** openstack changes topic to "Discussion about development of OpenStack Barbican and its client libraries. - Logs: http://eavesdrop.openstack.org/irclogs/%23openstack-barbican/"12:46
openstackMeeting ended Tue Jul 17 12:46:29 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)12:46
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-17-12.05.html12:46
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-17-12.05.txt12:46
*** raildo has joined #openstack-barbican12:46
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-17-12.05.log.html12:46
*** ducnv_ has quit IRC12:46
*** raildo has quit IRC12:50
*** alee_ has quit IRC12:52
*** raildo has joined #openstack-barbican12:52
*** peereb has quit IRC12:56
*** alee_ has joined #openstack-barbican12:59
*** raildo has quit IRC13:00
*** raildo has joined #openstack-barbican13:00
*** raildo has quit IRC13:03
*** raildo has joined #openstack-barbican13:03
*** salmankhan has quit IRC13:09
*** velizarx has quit IRC13:35
*** raildo has quit IRC13:35
*** velizarx has joined #openstack-barbican13:35
*** raildo has joined #openstack-barbican13:36
*** salmankhan has joined #openstack-barbican13:36
*** raildo has quit IRC13:37
*** raildo has joined #openstack-barbican13:39
*** raildo has quit IRC13:41
*** raildo has joined #openstack-barbican14:07
*** antosh has joined #openstack-barbican14:21
*** velizarx has quit IRC14:27
*** jmlowe has joined #openstack-barbican14:36
*** tidwellr has joined #openstack-barbican14:41
*** FrankZhang has joined #openstack-barbican14:57
*** namnh has quit IRC14:57
*** alee_ has quit IRC15:02
*** alee_ has joined #openstack-barbican15:03
*** jmlowe has quit IRC15:09
*** jmlowe has joined #openstack-barbican15:18
*** Luzi has quit IRC15:25
*** jmlowe has quit IRC15:53
*** jmlowe has joined #openstack-barbican15:58
*** alee_ has quit IRC15:59
*** alee_ has joined #openstack-barbican16:00
*** alee_ has quit IRC16:14
*** jmlowe has quit IRC16:48
*** serlex has quit IRC16:50
*** jmlowe has joined #openstack-barbican16:51
*** noslzzp has quit IRC16:57
*** livelace2 has joined #openstack-barbican17:19
*** salmankhan has quit IRC17:22
*** tidwellr has quit IRC18:10
*** tidwellr has joined #openstack-barbican18:10
*** raildo has quit IRC20:31
*** FrankZhang has quit IRC20:38
*** raildo has joined #openstack-barbican20:38
*** raildo has quit IRC20:50
*** abishop has quit IRC21:17
*** tidwellr has quit IRC21:37
openstackgerritLingxian Kong proposed openstack/barbican master: Fix getting secret for vault plugin  https://review.openstack.org/58314921:56
*** antosh has quit IRC22:00
*** dave-mccowan has quit IRC22:16
*** antosh has joined #openstack-barbican22:30
lxkonghi, anybody is actually working on solving the CI issue?23:08
redrobothi lxkong, which CI issue are you talking about?23:45
lxkongthe jenkins keeps failing for recent patches23:45
lxkongthe job `barbican-kmip-devstack-functional`23:45
redrobotlxkong, oh yikes. :(23:47

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!