Tuesday, 2018-09-04

« Monday, 2018-09-03 Index Wednesday, 2018-09-05 »
*** hongbin has joined #openstack-meeting-300:58
*** apetrich has quit IRC01:28
*** yamamoto has quit IRC01:50
*** yamamoto has joined #openstack-meeting-302:11
*** psachin has joined #openstack-meeting-302:42
*** psachin has quit IRC04:04
*** psachin has joined #openstack-meeting-304:06
*** hongbin has quit IRC04:58
*** e0ne has joined #openstack-meeting-305:13
*** mugsie has quit IRC05:49
*** zigo has quit IRC05:49
*** Luzi has joined #openstack-meeting-305:57
*** psachin has quit IRC06:25
*** psachin has joined #openstack-meeting-306:30
*** e0ne has quit IRC06:44
*** apetrich has joined #openstack-meeting-306:59
*** alexchadin has joined #openstack-meeting-307:33
*** apetrich has quit IRC07:41
*** tssurya has joined #openstack-meeting-307:45
*** apetrich has joined #openstack-meeting-308:13
*** alexchadin has quit IRC08:19
*** e0ne has joined #openstack-meeting-308:37
*** yamamoto has quit IRC08:43
*** d0ugal has quit IRC08:43
*** psachin has quit IRC08:50
*** tonyb has quit IRC08:50
*** d0ugal has joined #openstack-meeting-309:03
*** psachin has joined #openstack-meeting-309:03
*** yamamoto has joined #openstack-meeting-309:19
*** tonyb has joined #openstack-meeting-309:53
*** psachin has quit IRC10:06
*** yamamoto has quit IRC10:11
*** yamamoto has joined #openstack-meeting-310:11
*** yamamoto has quit IRC10:20
*** yamamoto has joined #openstack-meeting-310:44
*** mugsie has joined #openstack-meeting-310:46
*** pbourke has quit IRC10:55
*** pbourke has joined #openstack-meeting-310:57
*** andreaf has joined #openstack-meeting-311:06
*** alexchadin has joined #openstack-meeting-311:34
*** sambetts_ has quit IRC11:55
*** dims has joined #openstack-meeting-311:56
*** sambetts_ has joined #openstack-meeting-311:57
*** raildo has joined #openstack-meeting-312:16
*** jamesmcarthur has joined #openstack-meeting-312:46
*** bobh has joined #openstack-meeting-313:04
*** jamesmcarthur has quit IRC13:05
*** munimeha1 has joined #openstack-meeting-313:06
*** jamesmcarthur has joined #openstack-meeting-313:45
*** bobh_ has joined #openstack-meeting-313:54
*** bobh has quit IRC13:58
*** iyamahat has joined #openstack-meeting-314:04
*** mjturek has joined #openstack-meeting-314:19
*** alexchadin has quit IRC14:22
*** alexchadin has joined #openstack-meeting-314:26
*** aagate has joined #openstack-meeting-314:31
*** jamesmcarthur has quit IRC14:36
*** hongbin has joined #openstack-meeting-314:44
*** redrobot has joined #openstack-meeting-314:51
*** spilla has joined #openstack-meeting-314:56
*** dklyle has joined #openstack-meeting-314:58
*** jamesmcarthur has joined #openstack-meeting-314:59
raildo#startmeeting oslo-config-plaintext-secrets14:59
openstackMeeting started Tue Sep  4 14:59:36 2018 UTC and is due to finish in 60 minutes.  The chair is raildo. Information about MeetBot at http://wiki.debian.org/MeetBot.14:59
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:59
*** openstack changes topic to " (Meeting topic: oslo-config-plaintext-secrets)"14:59
openstackThe meeting name has been set to 'oslo_config_plaintext_secrets'14:59
moguimaro/14:59
raildo#link https://etherpad.openstack.org/p/oslo-config-plaintext-secrets14:59
spillao/15:00
raildocourtesy ping dhellmann redrobot15:01
redroboto/15:01
raildoI think that we can start it15:03
dhellmanno/15:03
raildo#topic Denver PTG15:03
*** openstack changes topic to "Denver PTG (Meeting topic: oslo-config-plaintext-secrets)"15:03
* dhellmann is currently debugging a release job failure so may only be paying partial attention15:03
raildodhellmann, no worries :)15:03
raildo#link oslo session: https://etherpad.openstack.org/p/oslo-stein-ptg-planning15:03
raildo#link Tripleo session: Wednesday 14:00 - 15:00: https://etherpad.openstack.org/p/tripleo-ptg-stein15:03
raildoso, we have these two session related to this topic, for the olso side, we're looking for review the next steps related to the oslo.config changes also the castellan driver15:04
*** yamamoto has quit IRC15:05
raildofor the TripleO side, we will be explaining what we are doing, why we are doing, and basically understand what will be necessary to do on TripleO do have that automated over there15:05
*** yamamoto has joined #openstack-meeting-315:05
beekneemecho/15:06
*** beekneemech is now known as bnemec15:06
raildohey bnemec :)15:06
bnemecHi15:07
*** lamt has joined #openstack-meeting-315:07
raildoso, hope to have a great feedback from those sessions about this feature :)15:07
raildo#topic Castellan driver15:08
*** openstack changes topic to "Castellan driver (Meeting topic: oslo-config-plaintext-secrets)"15:08
raildo#link https://review.openstack.org/#/c/599589/15:08
raildomoguimar, ^15:08
moguimaro/15:09
moguimarfirst lines of code on the castellan drive are out15:09
moguimarI'm finishing to answer Doug's review15:09
moguimarand fix the zuul crashes15:09
moguimarunit tests are still to be implemented15:10
moguimarand docs as well15:10
moguimaro\15:10
raildoalso, we're preparing a demo/slides for PTG, if needed to explain that for ppl outside this meeting, or if someone wants more details about the current progress, next steps and so on...15:11
raildoand we want to include a demo of this castellan driver code running, as well15:12
raildohope to have that done by the end of the week15:12
*** dklyle has quit IRC15:13
*** dklyle has joined #openstack-meeting-315:14
raildo#topic Castellan don't have update operation for secrets15:14
*** openstack changes topic to "Castellan don't have update operation for secrets (Meeting topic: oslo-config-plaintext-secrets)"15:14
raildoso, during the castellan investigation that we made, we noticed that castellan doesn't support update operation15:15
raildodhellmann, bnemec I'm not sure how that it will affect mutable values on oslo.config without that operation15:15
dhellmannif a secret is marked mutable, then the mapping value associated with it would have to be updated in order for a new value to be read out of the backend15:16
raildomaybe we gonna need to implement secrets updates to enable mutable values?15:16
raildoin the castellan side15:17
dhellmannthe process would be (1) create a new secret (2) update the mapping file with its ID (3) poke the service to have it reload its config15:17
raildodhellmann, the other solution would be generate a new secret and update the mapping file id15:17
dhellmannright15:17
raildoexactly15:17
bnemecYeah, we'll need to make sure the mapping opts inherit the mutability flag of their parent opt.15:17
raildo#topic open discussion15:19
*** openstack changes topic to "open discussion (Meeting topic: oslo-config-plaintext-secrets)"15:19
raildothat's all that I had for today15:19
dhellmannbnemec : I wasn't expecting us to define separate options for the mapping values15:19
bnemecdhellmann: Sure, but we have to have them defined somehow, right?15:20
dhellmannthey're identical to the group and opt names given to the driver for lookup15:20
bnemecYeah, but we can't reuse them because they won't necessarily be the same type.15:20
dhellmannthey don't need to be15:21
moguimarwe can poke the option itself15:21
bnemecWe can't read a string id into an int opt, can we?15:21
moguimarthe get() recieves group_name, option_name and the opt15:21
*** Luzi has quit IRC15:21
dhellmannaccessing conf.foo.bar causes the driver to load the secret id from the bar value in the foo section and then use that value to talk to the backend and return whatever the backend gives back15:21
dhellmannthe mapping values are never returned out of the driver15:21
dhellmannthe driver doesn't need to worry about type conversion, either, the caller does all of the coercion15:22
bnemecSo we're just going to use a standard ConfigParser to read the mapping file instead of an oslo.config object?15:23
* bnemec should probably go look at the review15:23
moguimarI was just looking at that15:23
dhellmannthat's not how it was written when I looked at it, but that was my suggestion, yes15:23
moguimarin the ConfigParser docs15:23
moguimarthe DEFAULT section behaves in a different way than oslo.conifg15:24
dhellmannthat supporting mapping file could be YAML or sqlite or anything, we just said we'd use ini for consistency from the deployer's perspective15:24
dhellmannoh?15:24
moguimarin configparser.ConfirParser, the DEFAULT section provides default values for the other sections when the option is not present15:25
bnemecI ran into that once before.  DEFAULT in ConfigParser applies to all groups.15:25
moguimaryep15:25
dhellmannmoguimar : ok, I don't think that's going to apply here, is it?15:25
bnemecSo if you have an opt DEFAULT/foo and you look up bar/foo, if bar/foo isn't defined you get the value in DEFAULT/foo.15:25
moguimarexactly bnemec15:25
dhellmanndo we want that behavior in this case?15:26
moguimarnope15:26
bnemecIt's kind of obnoxious and I don't think there was a good way to turn it off. :-/15:26
moguimarwe want to return NoValue15:26
moguimarI think there is15:26
moguimardefault_section=configparser.DEFAULTSECT15:27
moguimarin the __init__15:27
moguimarmaybe setting it to ''15:27
moguimarwould 'release' the DEFAULT section for what we want it to be15:27
bnemecAh, yeah that seems like it could work.15:27
*** mjturek has quit IRC15:28
moguimarso I'm also digging in the configparser.ConfigParser alternative15:28
moguimaranother thing, I got an Oslo Config talk approved for Python Brasil in October =D15:30
bnemecOh, that's right.  I ran into this in https://review.openstack.org/#/c/567950/3/oslo_config/validator.py15:30
raildodhellmann, do you agree with the moguimar's suggestion as well?15:30
bnemecI just used the oslo.config ConfigParser class instead.15:30
bnemecThat might work here too.15:31
moguimarthat's how I implemented it ben15:31
bnemecAh, okay. I really need to just go look at the review. :-)15:31
dhellmannI'm a bit concerned that reusing our custom parsing library for this non-custom file is going to mean that somewhere down the road a change to that parser breaks things. The standard library parser is pretty stable at this point and doesn't have as much fancy baggage on top, so it feels like it's good enough for this case. I can go along with using our custom driver if everyone else feels that it's necessary, though.15:33
moguimardhellmann I think the standard library parser is a viable option15:33
moguimarjust need to test it15:34
moguimaralso the erro handling will be easier15:34
dhellmanncool15:34
dhellmannyeah15:34
moguimarjust need to disable that DEFAULT magic15:34
moguimaras we don't have it in oslo.config15:34
raildocool, looks like we have some next steps for the next weeks :)15:35
raildowe're running our of time15:35
*** alexchadin has quit IRC15:35
moguimar🙄 we ran already15:35
bnemecI guess the one argument _for_ using the oslo.config parser is if we do any magic in there with opt names or anything it would automatically apply to the mapping file too.15:35
*** alexchadin has joined #openstack-meeting-315:36
bnemecI don't know if that happens at all though, or if it ever should.15:36
moguimarbnemec: but we don't register the options to the mapping file15:36
*** alexchadin has quit IRC15:36
moguimarthat falls back to the caller15:36
*** alexchadin has joined #openstack-meeting-315:36
moguimarso I think option deprecation will try to fetch again from the source with the deprecated name15:36
*** alexchadin has quit IRC15:37
* moguimar have not looked in the deprecation code yet15:37
moguimarhas*15:37
*** alexchadin has joined #openstack-meeting-315:37
dhellmannyeah, the driver API is designed to make the driver implementations as simple as possible15:37
*** alexchadin has quit IRC15:37
bnemecYeah, I'm kind of thinking out loud here. I don't know whether that's a relevant issue.15:37
dhellmannthey are specifically *not* supposed to do any guessing about alternative locations for values15:37
*** alexchadin has joined #openstack-meeting-315:38
bnemecI'm also curious how this would interact with the env var stuff Chris is working on. Seems like a container might want to store secrets in Castellan too.15:38
dhellmannthey basically implement a key-value lookup for a 2 part key (group and option name) and both parts of the key are always provided15:38
*** alexchadin has quit IRC15:38
dhellmannhmm15:38
dhellmannthat's interesting, bnemec15:38
moguimarI've been reviewing that one15:39
dhellmannI thought the idea was that the secret would be passed through the env var?15:39
moguimarit is comming good15:39
bnemecThat's probably not something we can get for free unless we create an entire ConfigOpts structure for the mapping, which it doesn't seem like we want to do.15:39
bnemecAnd I don't think it should block this work, just something we might want to consider in the future.15:40
raildodhellmann, bnemec would be nice to take some time during PTG to see if we can join both efforts for the next release? or see if make sense integrate somehow those efforts?15:40
dhellmannit would be good to talk about how they might interact, for sure15:40
bnemecraildo: It's already leveraging the driver infrastructure, but it can't be a normal driver because of precedence requirements.15:40
bnemecBut yeah, we can certainly talk about it at the PTG.15:41
* raildo is really sad because will be not attending PTG this time15:41
raildobnemec, yeah, got it15:41
bnemecMaybe we can grab Juan for that session? He's on your team, right?15:42
moguimaryep15:42
bnemecAlthough I imagine he's going to be a bit busy PTLing TripleO this cycle. :-)15:42
raildobnemec, yeah, he is, just ping me, when you have some day-time slot for this session, and I'll spoke with him to attend it15:42
*** jamesmcarthur has quit IRC15:43
bnemecOkay, sounds good. I need to sit down and come up with a rough schedule for the Oslo day.15:43
bnemecI'll send an email to the list once that's done.15:43
*** jamesmcarthur has joined #openstack-meeting-315:43
raildothat would be great :)15:43
raildoso, thank you guys for attending today, have a great PTG for those who will be attending it!15:44
moguimaro/15:44
bnemecThanks15:44
raildo#endmeeting15:44
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:44
openstackMeeting ended Tue Sep  4 15:44:14 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:44
openstackMinutes:        http://eavesdrop.openstack.org/meetings/oslo_config_plaintext_secrets/2018/oslo_config_plaintext_secrets.2018-09-04-14.59.html15:44
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/oslo_config_plaintext_secrets/2018/oslo_config_plaintext_secrets.2018-09-04-14.59.txt15:44
openstackLog:            http://eavesdrop.openstack.org/meetings/oslo_config_plaintext_secrets/2018/oslo_config_plaintext_secrets.2018-09-04-14.59.log.html15:44
*** redrobot has quit IRC15:46
*** mjturek has joined #openstack-meeting-315:48
*** jlvilla-viva is now known as jlvillal15:58
*** yamamoto has quit IRC15:58
*** yamamoto has joined #openstack-meeting-315:58
*** yamahata has quit IRC16:07
*** macza has joined #openstack-meeting-316:08
*** alexchadin has joined #openstack-meeting-316:10
*** alexchadin has quit IRC16:14
*** spilla has quit IRC16:36
*** mjturek has quit IRC16:41
*** mjturek has joined #openstack-meeting-316:42
*** tssurya has quit IRC16:54
*** njohnston has quit IRC17:12
*** Adri2000 has quit IRC17:16
*** Adri2000 has joined #openstack-meeting-317:19
*** njohnston has joined #openstack-meeting-317:34
*** yamahata has joined #openstack-meeting-317:37
*** iyamahat has quit IRC17:41
*** yamahata has quit IRC17:41
*** e0ne has quit IRC17:44
*** diablo_rojo has joined #openstack-meeting-317:47
*** mjturek has quit IRC17:53
*** iyamahat has joined #openstack-meeting-317:54
*** alexchadin has joined #openstack-meeting-317:56
*** iyamahat_ has joined #openstack-meeting-317:57
*** alexchadin has quit IRC18:00
*** iyamahat has quit IRC18:01
*** njohnston has quit IRC18:10
*** jamesmcarthur has quit IRC18:12
*** yamahata has joined #openstack-meeting-318:12
*** alexchadin has joined #openstack-meeting-318:23
*** alexchadin has quit IRC18:27
*** jamesmcarthur has joined #openstack-meeting-318:32
*** jamesmcarthur has quit IRC18:36
*** mjturek has joined #openstack-meeting-318:49
*** jamesmcarthur has joined #openstack-meeting-319:11
*** mjturek has quit IRC19:11
*** jamesmcarthur has quit IRC19:15
*** jamesmcarthur_ has joined #openstack-meeting-319:15
*** e0ne has joined #openstack-meeting-319:27
*** mjturek has joined #openstack-meeting-319:30
*** jamesmcarthur_ has quit IRC19:33
*** e0ne has quit IRC19:33
*** e0ne has joined #openstack-meeting-319:52
*** alexchadin has joined #openstack-meeting-320:16
*** jamesmcarthur has joined #openstack-meeting-320:21
*** alexchadin has quit IRC20:51
*** raildo has quit IRC20:51
*** bobh_ has quit IRC21:00
*** iyamahat__ has joined #openstack-meeting-321:01
*** bobh has joined #openstack-meeting-321:02
*** iyamahat_ has quit IRC21:04
*** bobh has quit IRC21:07
*** e0ne has quit IRC21:13
*** iyamahat__ has quit IRC21:31
*** iyamahat has joined #openstack-meeting-321:32
*** yamahata has quit IRC21:36
*** bobh has joined #openstack-meeting-321:36
*** yamahata has joined #openstack-meeting-321:36
*** munimeha1 has quit IRC21:47
*** bobh has quit IRC22:10
*** ianychoi has quit IRC22:22
*** aagate has quit IRC22:27
*** jamesmcarthur has quit IRC22:50
*** jamesmcarthur has joined #openstack-meeting-322:51
*** jamesmcarthur has quit IRC22:52
*** ianychoi has joined #openstack-meeting-323:16
*** aagate has joined #openstack-meeting-323:31
*** jamesmcarthur has joined #openstack-meeting-323:44
*** bobh has joined #openstack-meeting-323:44
*** jamesmcarthur has quit IRC23:48
*** bobh has quit IRC23:49
*** mjturek has quit IRC23:58
« Monday, 2018-09-03 Index Wednesday, 2018-09-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!