Tuesday, 2018-12-04

openstackgerritRajat Dhasmana proposed openstack/barbican master: Add barbican-status upgrade check command framework  https://review.openstack.org/61157404:47
openstackgerrit98k proposed openstack/python-barbicanclient master: Change openstack-dev to openstack-discuss  https://review.openstack.org/62209308:23
redrobotGood mornin' Barbican!12:58
Luzigood morning redrobot12:59
redrobot#startmeeting barbican13:00
redrobot#topic Roll Call13:00
redrobotCourtesy ping for Luzi lxkong moguimar rm_work xek13:00
redrobotAs per usual, our agenda is here:13:01
redrobot#link https://wiki.openstack.org/wiki/Meetings/Barbican13:01
redrobotAnd as usual there's nothing for today ... 😅13:02
redrobotSo we'll make it up as usual13:02
redrobotWe didn't have any action items last week ... so nothing to talk about there.13:03
redrobot#topic HSM Support in TripleO13:04
*** openstack changes topic to "HSM Support in TripleO (Meeting topic: barbican)"13:04
redrobotI'm not sure if you're aware, Luzi, but we've been working on getting support for a couple of HSMs in TripleO13:04
Luzithat's nice13:04
Luziwhich one are you supporting?13:05
Luzior wanting to support13:05
redrobotThe first one we're working on is Thales13:05
redrobotand we are also working on getting an ATOS one working as well13:05
redrobotWe have 3 patches for the Thales support13:05
redrobotthis one already merged:13:06
redrobot#link https://review.openstack.org/#/c/608339/13:06
redrobotThese two still need reviews:13:06
redrobot#link https://review.openstack.org/#/c/610629/13:06
redrobot#link https://review.openstack.org/#/c/610634/13:06
redrobotI'm also working on a patch for the Kolla project to get a new group added to the barbican user account inside the images.13:07
redrobotWe'll need it so that Barbican is able to talk to the Thales daemon that communicates with the HSM.13:07
redrobotLuzi, I'm not sure about the specific models for those, but I can probably find out if you're curious.13:08
redrobotWe also got Yubico to send us a couple of YubiHSM 2s.13:08
redrobotBut their support for PKCS#11 is somewhat limited, and it won't work with our current PKCS#11 backend implementation.13:09
Luziwell it's certainly good to know, what HSMs are working with Barbican, and which ones doesn't right now13:10
Luzihi moguimar13:10
redrobotThe PKCS#11 plugin was originally written for the Safenet Luna SA (now Gemalto Network HSM).  I haven't tested it since I left Rackspace, but I expect it to still work.13:11
redrobotI think it would be good to document which specific models have been tested.  We'll probably add it to the Barbican and/or TripleO docs as part of this effort.13:12
Luziit definitly works as we tested it with a gemalto HSM13:12
redrobotAwesome! 😎13:13
redrobotI'm glad we haven't broken anything, lol13:13
redrobotOK, moving on13:16
redrobot#topic Reviews13:17
*** openstack changes topic to "Reviews (Meeting topic: barbican)"13:17
redrobot#link https://tinyurl.com/yctfozgh13:17
redrobotJust the usual weekly reminder to review things13:17
redrobot... and that's all the topics I can think of given the small amount of coffee I've consumed today.13:18
redrobotAnything y'all want to talk about Luzi or moguimar ?13:18
Luzinot really13:20
redrobotAlrighty, I think we can wrap it up for the meeting then.13:20
redrobotThanks for coming, guys!13:20
*** openstack changes topic to "OpenStack PTG Denver - https://etherpad.openstack.org/p/barbican-stein-ptg"13:20
*** Luzi has quit IRC15:26
*** pcaruana has joined #openstack-barbican17:12
*** salmankhan has joined #openstack-barbican21:25
