#openstack-meeting-3 log

15:00:02 <raildo> #startmeeting oslo-config-plaintext-secrets
15:00:03 <openstack> Meeting started Tue May  8 15:00:02 2018 UTC and is due to finish in 60 minutes.  The chair is raildo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:07 <openstack> The meeting name has been set to 'oslo_config_plaintext_secrets'
15:00:13 <raildo> #link https://etherpad.openstack.org/p/oslo-config-plaintext-secrets
15:00:58 <gagehugo> o/
15:01:04 <raildo> hey folks :)
15:01:06 <spilla> o/
15:02:40 <spilla> do we have moguimar and dhellmann among us?
15:02:46 <raildo> dhellmann, courtesy ping
15:02:47 <dhellmann> o/
15:03:12 <raildo> I'm not sure about moguimar =/ but let's start it
15:03:28 <raildo> #topic rocky-2 deadline
15:04:02 <raildo> so, just to be aware that rocky-2 milestone will be something between Jun 04 - Jun 08
15:04:10 <bnemec> o/
15:04:35 <raildo> so, we have like 1 month to make as much progress as we can, to make worth ask for some feature freeze for rocky-3
15:04:43 <raildo> hey bnemec :)
15:04:55 <spilla> i think thats possible
15:05:47 <raildo> #topic spec with next steps
15:05:52 <raildo> #link https://review.openstack.org/#/c/474304/
15:06:00 <dhellmann> I'm a little less optimistic, based on the current rate of progress, but I will keep helping with reviews
15:06:30 <raildo> dhellmann, ++ I'm quite unsure as well, that's why I'm raising this "warning" right now
15:06:43 <bnemec> I have to admit I'm pretty uncomfortable with the idea of granting an FFE for this too.
15:06:51 <raildo> so we can see if we can improve the priority on this stuff
15:07:05 <bnemec> It's a fairly significant change to a fundamental piece of OpenStack.
15:07:39 <bnemec> We had discussed in Dublin that we wanted to get it in as early as possible in the cycle to give everyone a chance to tease out any non-obvious bugs.
15:07:59 * dhellmann nods
15:08:53 <bnemec> That said, I'm happy to help push this along any way I can.  If we can get it done early enough that would be great.
15:09:04 <raildo> bnemec, makes sense, so let's keep working to have as much as we can about that on Rocky, and we figure out which will be missing for S release(I don't know the next release name)
15:09:07 <bnemec> I know it's a feature people have been asking for a long time.
15:09:15 <bnemec> raildo: Sounds good.
15:09:28 <bnemec> Next release is Stein, FTR.
15:09:56 <raildo> bnemec, yeah, I don't want to "force" a code to be merged, but want to have this done asap :)
15:10:09 <bnemec> Yep, understood.
15:11:00 <raildo> bnemec, dhellmann, spilla so, for Rocky, at least we can have an agreement about the next steps after the oslo.config driver: https://review.openstack.org/#/c/474304/9
15:11:13 <raildo> maybe already target that for Stein
15:11:26 <dhellmann> yes, let's work out those details
15:11:36 <spilla> yep, ive been catching up on that and will review
15:11:43 <dhellmann> I'm glad to see that back in the oslo-specs repo
15:11:55 <raildo> but anyway, I updated that spec, reviews are welcome :)
15:12:08 <dhellmann> we want to be careful with how we set up the definition of done for that one
15:12:24 <bnemec> Thanks.  It would be good to get the spec finalized since we've already started the implementation.
15:12:26 <raildo> dhellmann, yeah, sorry about the misunderstand on that
15:12:37 <dhellmann> we can encourage other teams to adopt the work, but the Oslo team can't require them to use this feature
15:13:13 <bnemec> Will there be additional work needed from other teams?
15:13:21 <dhellmann> so the stuff about working on ansible roles or puppet modules shouldn't be blocking work in the libraries
15:13:24 <bnemec> Other than the deployment tools, I guess.
15:13:25 <raildo> dhellmann, actually, I already spoke with some folks on Mistral and Tripleo they really want to use this feature, as soon as they can
15:13:38 <bnemec> Ah, we're talking about deployment tools.  Okay. :-)
15:13:40 <dhellmann> raildo : ok, that's good. maybe we can add that to the spec
15:13:52 <dhellmann> we used to have a section for "early adopters" in one of the templates
15:14:01 <raildo> dhellmann, ++ I'll do that
15:14:07 <bnemec> Yeah, I think that was the new library template.
15:14:08 <dhellmann> what work does the mistral team need to do?
15:14:19 <dhellmann> bnemec : yeah, that's what I'm thinking of, thanks
15:14:32 <bnemec> Mistral is the TripleO API, essentially.
15:14:59 <dhellmann> ah
15:15:03 <raildo> dhellmann, currently, they have some passwords in the workflow templates, and they're pushing this templates to be in logs
15:15:24 <raildo> so, at some point will be useful to remove this plaintext secrets in the logs files
15:15:37 <dhellmann> it would be useful to understand what other sorts of tools would make it easier for them to start using the castellan driver
15:15:51 <dhellmann> something has to coordinate mapping secret id values to configuration settings
15:16:32 <raildo> dhellmann, yeah, we had some discussions about that in the last PTGs, but would be great have some meeting with tripleo/mistral/oslo/castellan folks to sync all of that
15:16:50 <dhellmann> well, let's start by writing down whatever was already said and put it into the spec
15:17:01 <raildo> agreed
15:17:10 <dhellmann> then we'll all be able to start that joint conversation from the same basic set of information and we can work from there
15:17:48 <dhellmann> regarding the thing about the openstack-specs repo vs. oslo-specs, we're trying something new this cycle with the keystone team owning a spec to define common roles across all services
15:17:54 <dhellmann> we can treat this one in a similar way
15:17:58 <raildo> #action raildo update the spec https://review.openstack.org/#/c/474304 with Tripleo/Mistral early adopters' reasons
15:18:20 <dhellmann> the oslo team would be responsible for describing how the feature would work from end-to-end, but we'd want to be pretty general about the description when it comes to what the deployment tools do
15:18:40 <raildo> dhellmann, yeah, I was following this spec, that why I thought that would be good for this case, to follow the same pattern
15:18:46 <dhellmann> so rather than being detailed about puppet modules there, we would just talk about the steps those modules need to take and what oslo tools they could use to do it
15:18:57 <dhellmann> bnemec : how does that sound?
15:19:30 <bnemec> Yep, that's pretty much what I was getting at with my review comments on the spec.
15:19:41 <dhellmann> ok, good
15:20:25 <bnemec> I don't want the spec to be tool-specific, but we'll need to figure out what they deployment tools need to do in order to use this.
15:20:29 <dhellmann> so the spec needs more of those details about how the new feature will be used, and then we need to have some of the deployment tool teams look at the proposal and decide if it's going to work for them
15:21:24 <raildo> #action raildo add more details about how the feature will be used
15:21:29 <dhellmann> like, we need to say that we expect a service using the castellan driver to be configured with a separate file that maps configuration option names to secret IDs, what format the file will be, where someone might get those secret ID values, where someone would get the configuration option names, etc.
15:22:00 <dhellmann> do we, for example, want an option on the config generator that will scan a service and dump any options marked as secret, so the user knows what they all are?
15:23:20 <raildo> good question, that might be useful for this Mistral use case
15:23:26 <dhellmann> and maybe we should talk through the workflow for upgrading a system that doesn't have this capability to one that does, so that we make sure we hit all of the use cases involved with that process
15:23:58 <dhellmann> I'll try to use my ignorance of how all of these tools work to ask good questions on the review. :-)
15:24:57 <raildo> dhellmann, please do, and I'll also get some ppl from deployment tools side to put some eyes on it
15:25:16 <dhellmann> yes, definitely, we need to get someone from those teams to commit to helping design all of this
15:26:05 <raildo> #topic Open Discussion
15:26:15 <raildo> anything else?
15:26:52 <dhellmann> I think I'm going to have some time tuesday afternoon at the summit if folks want to find a table to sit down and hack on this together
15:28:04 <bnemec> Tuesday at 3:30 is the Oslo project onboarding now.
15:28:09 <spilla> im giving a lightning talk at 1:50 but i should have some time outside then
15:28:11 <bnemec> But other than that I should be pretty free.
15:28:22 <dhellmann> bnemec : ah, I missed that change
15:28:33 <bnemec> Yeah, we swapped with infra because they had a conflict.
15:28:37 <dhellmann> well, let's see if we can find some other time
15:28:52 <raildo> unfortunately, I wont be able to join this summit, but I appreciate any feedback that you guys can catch about this
15:29:14 <dhellmann> ack
15:30:03 <raildo> so, have a good week everyone
15:30:10 <raildo> #endmeeting