| *** brinzhang has joined #openstack-oslo | 00:33 | |
| *** redrobot has quit IRC | 01:08 | |
| *** zaneb has quit IRC | 02:03 | |
| *** zaneb has joined #openstack-oslo | 02:04 | |
| *** hberaud has quit IRC | 02:34 | |
| *** dave-mccowan has quit IRC | 03:23 | |
| *** zzzeek has quit IRC | 04:15 | |
| *** zzzeek has joined #openstack-oslo | 04:17 | |
| *** rcernin has quit IRC | 04:31 | |
| *** rcernin has joined #openstack-oslo | 04:40 | |
| *** rcernin has quit IRC | 05:39 | |
| *** sboyron has joined #openstack-oslo | 05:45 | |
| *** sboyron has quit IRC | 05:46 | |
| *** sboyron has joined #openstack-oslo | 05:48 | |
| *** rcernin has joined #openstack-oslo | 06:01 | |
| *** rcernin has quit IRC | 06:20 | |
| *** ralonsoh has joined #openstack-oslo | 06:24 | |
| *** tosky has joined #openstack-oslo | 07:03 | |
| *** hberaud has joined #openstack-oslo | 07:32 | |
| *** rcernin has joined #openstack-oslo | 07:39 | |
| *** rcernin has quit IRC | 07:52 | |
| *** moguimar has joined #openstack-oslo | 09:30 | |
| *** raildo has joined #openstack-oslo | 10:36 | |
| *** vishakha has joined #openstack-oslo | 12:10 | |
| *** kgiusti has joined #openstack-oslo | 12:33 | |
| *** dave-mccowan has joined #openstack-oslo | 12:35 | |
| *** Luzi has joined #openstack-oslo | 12:55 | |
| *** lbragstad has joined #openstack-oslo | 13:16 | |
| *** Luzi has quit IRC | 13:54 | |
| *** hemna has quit IRC | 14:30 | |
| *** hemna has joined #openstack-oslo | 14:30 | |
| openstackgerrit | Merged openstack/oslo.utils master: Add function to encapsule md5 for FIPS systems https://review.opendev.org/750031 | 14:41 |
|---|---|---|
| *** hberaud has quit IRC | 14:47 | |
| *** hberaud has joined #openstack-oslo | 14:48 | |
| bnemec | #startmeeting oslo | 15:00 |
| bnemec | Courtesy ping for bnemec, smcginnis, moguimar, johnsom, stephenfin, bcafarel, kgiusti, jungleboyj | 15:00 |
| bnemec | #link https://wiki.openstack.org/wiki/Meetings/Oslo#Agenda_for_Next_Meeting | 15:00 |
| openstack | Meeting started Mon Sep 21 15:00:35 2020 UTC and is due to finish in 60 minutes. The chair is bnemec. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| *** openstack changes topic to " (Meeting topic: oslo)" | 15:00 | |
| openstack | The meeting name has been set to 'oslo' | 15:00 |
| hberaud | o/ | 15:00 |
| moguimar | o/ | 15:00 |
| smcginnis | o/ | 15:00 |
| kgiusti | o/ | 15:00 |
| johnsom | o/ | 15:01 |
| bnemec | #topic Red flags for/from liaisons | 15:03 |
| *** openstack changes topic to "Red flags for/from liaisons (Meeting topic: oslo)" | 15:03 | |
| moguimar | none from Barbican | 15:03 |
| smcginnis | I don't see Jay yet - none from Cinder that I'm aware of. | 15:04 |
| bnemec | Hopefully everything is quiet. I don't think we released anything last week. | 15:04 |
| smcginnis | Hopefully it will be quiet for a few weeks yet. | 15:04 |
| hberaud | :) | 15:04 |
| johnsom | Nothing from Octavia | 15:05 |
| * bnemec crosses fingers | 15:05 | |
| bnemec | #topic Releases | 15:06 |
| *** openstack changes topic to "Releases (Meeting topic: oslo)" | 15:06 | |
| bnemec | As I mentioned, not much going on here either. | 15:06 |
| bnemec | If all goes well we won't have to release victoria between now and when it ships. | 15:06 |
| bnemec | #topic Action items from last meeting | 15:07 |
| *** openstack changes topic to "Action items from last meeting (Meeting topic: oslo)" | 15:07 | |
| bnemec | "bnemec send ptg planning email" | 15:08 |
| bnemec | Done | 15:08 |
| bnemec | "backport https://review.opendev.org/#/c/719876/" | 15:08 |
| bnemec | Also done | 15:08 |
| bnemec | "Switch oslo.utils to wallaby test template" | 15:08 |
| bnemec | I believe smcginnis took care of that. Thanks! | 15:08 |
| bnemec | That's it for action items. | 15:09 |
| bnemec | #topic PTG/Forum Planning | 15:09 |
| *** openstack changes topic to "PTG/Forum Planning (Meeting topic: oslo)" | 15:09 | |
| bnemec | #link https://etherpad.opendev.org/p/oslo-wallaby-topics | 15:09 |
| smcginnis | bnemec: We should have that template updated now every time we branch. | 15:10 |
| bnemec | Just a reminder that the etherpad is out there. If there's anything we should discuss "face-to-face" then please add it to the list. | 15:10 |
| bnemec | smcginnis: Yeah, IIRC you said it didn't happen this time because we didn't get the victoria one merged in time. | 15:10 |
| smcginnis | Ah, right! | 15:11 |
| bnemec | Which was because of a legitimate breakage, so hopefully not a regular occurrence. :-) | 15:11 |
| smcginnis | (fingers crossed) | 15:11 |
| bnemec | On the etherpad there's already a retrospective topic, so please fill that in with any thoughts you have on how the cycle went. | 15:13 |
| bnemec | At some point we should probably discuss whether we want to do a project update too. | 15:13 |
| bnemec | However, that kind of leads me into the next topic... | 15:14 |
| bnemec | #topic PTL election season | 15:14 |
| *** openstack changes topic to "PTL election season (Meeting topic: oslo)" | 15:14 | |
| bnemec | Once again, I don't intend to continue as PTL. | 15:14 |
| bnemec | Especially as of late, my non-OpenStack responsibilities have been sucking up a lot of time. That situation will probably get worse as time goes on. | 15:15 |
| bnemec | I'm still not planning to disappear completely or anything, but it would be good to have someone leading Oslo that is a little more in touch with what's going on. | 15:15 |
| bnemec | So, if you're interested in the position, start preparing your nomination email now. :-) | 15:16 |
| bnemec | #topic Weekly Wayward Review | 15:18 |
| *** openstack changes topic to "Weekly Wayward Review (Meeting topic: oslo)" | 15:18 | |
| bnemec | #link https://review.opendev.org/#/c/725938/ | 15:18 |
| bnemec | hberaud: This is one of yours. I left a few comments that would be nice to address before merging. | 15:19 |
| hberaud | bnemec: ack I'll take a look, thanks | 15:19 |
| bnemec | Particularly the copyright and option name one. | 15:20 |
| hberaud | ack | 15:20 |
| bnemec | hberaud: Thanks, I'll WIP it for now. | 15:20 |
| hberaud | ok | 15:20 |
| hberaud | #link https://review.opendev.org/#/c/746723/ | 15:20 |
| hberaud | if some of you could take a look to this one too ^^^ | 15:21 |
| moguimar | I added myself to the reviewers | 15:21 |
| bnemec | Crud, I never came back to that, did I? | 15:21 |
| hberaud | bnemec: yes | 15:22 |
| *** redrobot has joined #openstack-oslo | 15:23 | |
| openstackgerrit | Hervé Beraud proposed openstack/oslo.config master: Allow HostAddressOpt to accept undercore - RFC1033 https://review.opendev.org/746723 | 15:24 |
| bnemec | Okay, I'll take a look at that when we're done here. | 15:24 |
| hberaud | thanks | 15:24 |
| bnemec | #topic Open discussion | 15:25 |
| *** openstack changes topic to "Open discussion (Meeting topic: oslo)" | 15:25 | |
| bnemec | That's it for the agenda. Anything else to discuss this week? | 15:26 |
| moguimar | we need tributes to review pre-commit patches | 15:26 |
| moguimar | https://review.opendev.org/#/q/topic:oslo-pre-commit+(status:open+OR+status:merged) | 15:26 |
| moguimar | my inbox is full of those, and more than half of them are ready to go | 15:26 |
| moguimar | thanks for the hard work there hberaud o/ | 15:27 |
| hberaud | thanks, my pleasure | 15:27 |
| hberaud | I need to re-take a look to some of these | 15:28 |
| hberaud | whose in failure | 15:28 |
| bnemec | #action merge pre-commit patches | 15:28 |
| moguimar | all -2 are gone | 15:28 |
| moguimar | so it means that all have been updated to our last proposal of pre-commits | 15:29 |
| hberaud | s/whose/those/ | 15:29 |
| moguimar | so now we just need to please the gate god | 15:29 |
| * hberaud start to slaughter a chicken | 15:29 | |
| bnemec | This is the second time in a week that someone has offered chickens to the ci gods. :-) | 15:30 |
| moguimar | xD | 15:30 |
| hberaud | poor chickens | 15:30 |
| bnemec | Fair warning: I don't think it worked last time. :-P | 15:30 |
| hberaud | you broke my dreams | 15:31 |
| moguimar | you should sacrifice an empty floppy disk | 15:31 |
| hberaud | my laptop even doesn't have CDROM reader | 15:31 |
| moguimar | if it doesn't work, a floppy disk that hasn't been backed up yet | 15:32 |
| bnemec | lol | 15:32 |
| hberaud | lol | 15:32 |
| bnemec | Floppies were such a terrible storage medium. | 15:32 |
| moguimar | I used to cross my fingers everytime I was copying something out of them | 15:33 |
| moguimar | back to the PC | 15:33 |
| hberaud | hahaha | 15:33 |
| moguimar | I was like 12-ish | 15:34 |
| hberaud | :) | 15:34 |
| moguimar | last milenium | 15:34 |
| JayF | I have a bit of a question, if open discussion is extra-open now :D. o/ for those who don't know me, I've worked on Ironic for a while and manage it at Verizon Media. | 15:34 |
| bnemec | o/ JayF | 15:35 |
| hberaud | JayF: o/ | 15:35 |
| moguimar | o/ | 15:35 |
| JayF | I was going to file an RFE about getting support for SAN-name checking in the ssl socket wrapper in oslo.service -- primary use case: requiring client certificates with specific SAN names for clients connecting to the Ironic Python Agent (which uses oslo.service wsgi server) | 15:35 |
| JayF | Just curious if that held any general interest for you all, or if anyone is likely to vehemently oppose it. Barring any objections, I'd expect to put up an RFE soon and work on it sometime soon (think weeks, not days). | 15:36 |
| moguimar | what happens right now if you try a SAN-name? | 15:36 |
| hberaud | seems a good things | 15:36 |
| JayF | SAN name is just a field in a client cert | 15:37 |
| JayF | today; oslo.service supports ensuring that cert is signed by a specific CA | 15:37 |
| JayF | but there's no way to say "signed by the CA, and SAN is 'my-trusted-server.example.com'" | 15:37 |
| moguimar | I see | 15:38 |
| moguimar | sounds ok | 15:38 |
| moguimar | count me in for reviews | 15:38 |
| *** vishakha has quit IRC | 15:39 | |
| hberaud | +1 | 15:39 |
| JayF | Thanks! Like I said, no promise on timeline -- but it's something I wanted to ensure there was general interest in upstream, and will do that code here. All part of a project to enhance TLS server support in IPA. | 15:39 |
| bnemec | I will admit I don't entirely understand what you gain from checking that, but I'm no security expert so I wouldn't block it if there's a need. | 15:39 |
| JayF | So let me give you a concrete example: we have a corporate-wide certificate issuing system | 15:40 |
| JayF | currently, we have IPA checking that it has any-valid-cert from that system | 15:40 |
| JayF | instead, we want to limit it to any-valid-cert /that an Ironic Conductor would hold/ | 15:40 |
| JayF | it's essentially imparting some authorization logic on what's primarily used for only authentication today | 15:40 |
| JayF | IPA's API is generally minimally or unauthenticated, so adding this is a helpful security addition; especially for deployers who are not using dedicated provisioning/cleaning networks in Ironic to isolate nodes when the agent is running. | 15:41 |
| bnemec | Ah, I think I see. It's the combination of the cert being valid and the name being correct, not one or the other. | 15:41 |
| bnemec | You couldn't spoof an invalid SAN because you wouldn't have access to the cert issuing system. | 15:42 |
| JayF | Exactly. | 15:42 |
| hberaud | I don't think it can hurt | 15:42 |
| JayF | I suspect the use case for it, with IPA at least, is minimal, but I could see other users of oslo.service seeing a benefit | 15:42 |
| bnemec | Yeah, that sounds totally reasonable to add. | 15:42 |
| JayF | and frankly, it's just nicer to contribute stuff like that upstream so I don't have to hold a patched library forever :D | 15:43 |
| hberaud | :) | 15:43 |
| bnemec | +1000 | 15:43 |
| bnemec | We don't want people to feel the need to have downstream forks of stuff. | 15:44 |
| bnemec | Sounds like we're all in agreement on this. | 15:44 |
| bnemec | Anything else before we call it a meeting? | 15:44 |
| hberaud | nope | 15:45 |
| JayF | Thanks! I'll be sure to link the relevant story (you all use storyboard, I presume?) and code as it gets written in here for review. And feel free to ping if you ever have an Ironic question :) | 15:46 |
| bnemec | JayF: We don't use storyboard. We're still on launchpad. | 15:46 |
| JayF | ack, I can do that | 15:46 |
| bnemec | I'd probably advocate for just a wishlist bug, unless there ends up being significant design needed. | 15:47 |
| JayF | that's what my plan was, this should be straightforward enough to not need a spec, at least by ironic standards | 15:48 |
| bnemec | Agreed. | 15:48 |
| bnemec | Okay, looks like we're done. | 15:50 |
| bnemec | Thanks for joining, everyone! | 15:50 |
| hberaud | bnemec: Thans | 15:50 |
| bnemec | #endmeeting | 15:50 |
| *** openstack changes topic to "OpenStack Common Libraries | https://wiki.openstack.org/wiki/Oslo" | 15:50 | |
| openstack | Meeting ended Mon Sep 21 15:50:44 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:50 |
| openstack | Minutes: http://eavesdrop.openstack.org/meetings/oslo/2020/oslo.2020-09-21-15.00.html | 15:50 |
| openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/oslo/2020/oslo.2020-09-21-15.00.txt | 15:50 |
| openstack | Log: http://eavesdrop.openstack.org/meetings/oslo/2020/oslo.2020-09-21-15.00.log.html | 15:50 |
| hberaud | s/thans/thanks | 15:50 |
| *** ralonsoh has quit IRC | 15:57 | |
| *** moguimar has quit IRC | 17:18 | |
| *** dtantsur is now known as dtantsur|afk | 17:31 | |
| *** hamalq has joined #openstack-oslo | 17:57 | |
| *** sboyron has quit IRC | 18:42 | |
| *** dave-mccowan has quit IRC | 21:58 | |
| *** dave-mccowan has joined #openstack-oslo | 22:01 | |
| *** Dmitrii-Sh has quit IRC | 22:05 | |
| *** Dmitrii-Sh has joined #openstack-oslo | 22:10 | |
| *** Dmitrii-Sh has quit IRC | 22:48 | |
| *** tosky has quit IRC | 22:49 | |
| *** Dmitrii-Sh has joined #openstack-oslo | 22:55 | |
| *** rcernin has joined #openstack-oslo | 23:02 | |
| *** zzzeek has quit IRC | 23:10 | |
| *** rcernin has quit IRC | 23:11 | |
| *** rcernin has joined #openstack-oslo | 23:11 | |
| *** zzzeek has joined #openstack-oslo | 23:13 | |
| *** zzzeek has quit IRC | 23:17 | |
| *** zzzeek has joined #openstack-oslo | 23:20 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!