Tuesday, 2018-07-24

openstackgerritDuc Nguyen proposed openstack/barbican master: Update http to https and fix link in doc reference  https://review.openstack.org/58160101:28
openstackgerritMerged openstack/barbican master: Implement OVO for Barbican [3]  https://review.openstack.org/49941901:55
lxkongHi, barbican team, could you please merge this patch https://review.openstack.org/582812 to enable the non-voting vault plugin job?02:45
jaosoriorlxkong: well, it doesn't seem to be passing the gate :/ any idea why?08:52
lxkongthat patch is not supposed to solve the failed test cases, it's meant to enable the job. Solving the test issue is the next step.10:03
*** alee has joined #openstack-barbican11:24
redrobotalee, o/12:02
redrobothi namnh!12:03
namnhhi redrobot :)12:03
redrobotI don't think Dave or Ade are around.12:03
redrobot#startmeeting barbican12:03
openstackMeeting started Tue Jul 24 12:03:36 2018 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.12:03
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.12:03
*** openstack changes topic to " (Meeting topic: barbican)"12:03
openstackThe meeting name has been set to 'barbican'12:03
redrobot#topic Roll Call12:03
*** openstack changes topic to "Roll Call (Meeting topic: barbican)"12:03
redrobot#link https://wiki.openstack.org/wiki/Meetings/Barbican12:04
redrobot^ Agenda for the day12:04
redrobotbut it looks like nobody updated it...12:04
redrobotso we'll just make it up as we go12:05
redrobot#topic Rocky Milestone-312:06
*** openstack changes topic to "Rocky Milestone-3 (Meeting topic: barbican)"12:06
redrobotThis week is Rocky milestone 3 week12:06
redrobotI know alee was mentioning we have a lot of reviews on deck12:07
redrobotso I will review some stuff today12:07
redrobotjaosorior is back from vacation so hopefully he'll have some time for reviews as well.12:07
redrobot#link https://releases.openstack.org/rocky/schedule.html12:07
redrobotAlso going to look into the KMIP gate today12:08
redrobotIf worse comes to worst, then we'll try to make it a non-voting gate for now.12:08
redrobotany questions about rocky-3 ?12:10
namnhyeah, I am trying to understand the error12:10
namnhbut, I still don't understand the problem12:10
namnhredrobot: do you have any idea to fix the gate?12:11
namnhSome of my patch sets is being blocked by the gate12:11
jaosoriorSure, let me know if there are some urgent reviews and I'll check them out12:11
jaosoriorbeen a little swamped with bugs and reviews since I got back, but I'll make sure to give some time for any urgent ones here :)12:12
jaosoriorredrobot, namnh: The kmip gate seems to have issues with the initial certificate provisioning12:12
jaosoriorso it's not an actual barbican issue, but a setup issue12:13
*** strigazi has quit IRC12:13
redrobotthanks jaosorior!12:13
namnhyes, i think so12:13
jaosoriorstill gotta figure out how that setup bit works12:13
redrobotyeah, I have no idea how to fix the gate issue... but I haven't spent any time looking into it.12:13
*** strigazi has joined #openstack-barbican12:14
redrobotI may try to run the kmip gate locally in a VM to see if I can recreate that failure.12:14
namnhredrobot: we just download the local.conf in the gate and run with devstack on local, is that right?12:15
redrobotnamnh, I _think_ so...12:16
redrobotit's been a while since I've set up a devstack vm12:16
redrobotso it should be a nice learning/refresher task for me :)12:16
jaosoriorredrobot: here's the issue http://logs.openstack.org/71/578071/3/check/barbican-kmip-devstack-functional/41e126e/logs/devstacklog.txt.gz#_2018-07-24_02_46_31_93512:17
redrobotjaosorior, thanks12:19
redrobotok, moving on12:19
redrobot#topic Key Length Validation12:20
*** openstack changes topic to "Key Length Validation (Meeting topic: barbican)"12:20
redrobot#link https://review.openstack.org/#/c/577096/12:20
redrobotalee, is asking for feedback on that review12:20
redrobothe is of the opinion that Barbican should/could generate keys of arbitrary length12:20
redrobot*symmetric keys12:20
redrobotI kinda think we should only support lengths that can be used with well defined algorithms.12:21
redrobotyour opinion is wanted :)12:21
redrobotI think we definitely want to have a max length12:22
redrobot#topic Any other topics?12:24
*** openstack changes topic to "Any other topics? (Meeting topic: barbican)"12:24
LuziI think it is necessary to define allowed lenghts12:24
Luzisorry, was late12:24
*** namnh has quit IRC12:24
redrobotLuzi, no worries.  Please feel free to add that to the review I linked.12:24
LuziI think it's also a security issue12:24
*** namnh has joined #openstack-barbican12:24
Luziif we allow any size, also very small lengths would be okay - and that could be used for brute force attacks12:25
Luziit just would make it easier to guess the right key12:25
Luzithat's also why we wanted to increase the allowed bot length12:25
*** ducnv has left #openstack-barbican12:30
*** ducnv has joined #openstack-barbican12:30
redrobotwell, if we don't have any other topics to talk about we can call it a day...12:30
redrobotthanks everyone for coming!  Please review things if you have time!12:30
*** openstack changes topic to "Discussion about development of OpenStack Barbican and its client libraries. - Logs: http://eavesdrop.openstack.org/irclogs/%23openstack-barbican/"12:30
openstackMeeting ended Tue Jul 24 12:30:47 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)12:30
openstackMinutes:        http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-24-12.03.html12:30
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-24-12.03.txt12:30
openstackLog:            http://eavesdrop.openstack.org/meetings/barbican/2018/barbican.2018-07-24-12.03.log.html12:30
*** velizarx has joined #openstack-barbican12:58
*** Phuongnh has quit IRC13:00
*** serlex has quit IRC16:10
openstackgerritDouglas Mendizábal proposed openstack/barbican master: Fix response status for invalid routes  https://review.openstack.org/57859016:59
openstackgerritDouglas Mendizábal proposed openstack/barbican master: Remove deprecated secret decrypt  https://review.openstack.org/57861517:00
openstackgerritMerged openstack/barbican master: Ensure orders policy-in-code matches controller  https://review.openstack.org/57578217:58
openstackgerritMerged openstack/barbican master: Implement OVO for Barbican [4]  https://review.openstack.org/52897218:53
lxkonghi, anyone can take a look at https://review.openstack.org/#/c/582812/ please? Just enable vault backend job in CI.22:13
