Page MenuHomePhabricator
Create Task
Maniphest T263680

Learn about Barbican
Open, Stalled, MediumPublic
Actions

Description

Current questions:

  • is the horizon UI reasonable for our use cases?

    Nope! The upstream barbican_ui project doesn't work at all with Horizon/Train. We can retest with eventual future versions.
  • how should we actually store the secrets?
  • is there any semi-secure way to integrate with puppet?

Details

SubjectRepoBranchLines +/-
OpenStack: add initial manifests for OpenStack Barbican, a secrets APIoperations/puppetproduction+847 -0
Don't install barbican panelsopenstack/horizon/deploytrain+1 -1
Updated wheels for barbican supportopenstack/horizon/wheelstrain+0 -0
Add barbican_uiopenstack/horizon/deploytrain+10 -1
Add barbican_uiopenstack/horizon/deploymaster+10 -1
wmcs codfw1dev haproxy: add proxy for barbican apioperations/puppetproduction+9 -0
Added bogus secrets for barbican testinglabs/privatemaster+2 -0
Customize query in gerrit

Related Objects

Event Timeline

Andrew created this task.Sep 23 2020, 6:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 23 2020, 6:50 PM
gerritbot added a comment.Sep 23 2020, 7:36 PM

Change 629460 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[labs/private@master] Added bogus secrets for barbican testing

https://gerrit.wikimedia.org/r/629460

gerritbot added a project: Patch-For-Review.Sep 23 2020, 7:36 PM
gerritbot added a comment.Sep 23 2020, 8:28 PM

Change 629460 merged by Andrew Bogott:
[labs/private@master] Added bogus secrets for barbican testing

https://gerrit.wikimedia.org/r/629460

gerritbot added a comment.Sep 23 2020, 8:28 PM

Change 629472 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] OpenStack: add initial manifests for OpenStack Barbican, a secrets API

https://gerrit.wikimedia.org/r/629472

Andrew mentioned this in rLPRI50339d4de61e: Added bogus secrets for barbican testing.Sep 23 2020, 8:36 PM
gerritbot added a comment.Sep 24 2020, 1:30 PM

Change 629680 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] wmcs codfw1dev haproxy: add proxy for barbican api

https://gerrit.wikimedia.org/r/629680

gerritbot added a comment.Sep 24 2020, 3:41 PM

Change 629472 merged by Andrew Bogott:
[operations/puppet@production] OpenStack: add initial manifests for OpenStack Barbican, a secrets API

https://gerrit.wikimedia.org/r/629472

gerritbot added a comment.Sep 24 2020, 3:41 PM

Change 629680 merged by Andrew Bogott:
[operations/puppet@production] wmcs codfw1dev haproxy: add proxy for barbican api

https://gerrit.wikimedia.org/r/629680

gerritbot added a comment.Sep 24 2020, 6:59 PM

Change 629793 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[openstack/horizon/deploy@master] Add barbican_ui

https://gerrit.wikimedia.org/r/629793

gerritbot added a comment.Sep 24 2020, 7:01 PM

Change 629793 merged by Andrew Bogott:
[openstack/horizon/deploy@master] Add barbican_ui

https://gerrit.wikimedia.org/r/629793

gerritbot added a comment.Sep 24 2020, 7:06 PM

Change 629795 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[openstack/horizon/deploy@train] Add barbican_ui

https://gerrit.wikimedia.org/r/629795

gerritbot added a comment.Sep 24 2020, 7:09 PM

Change 629795 merged by Andrew Bogott:
[openstack/horizon/deploy@train] Add barbican_ui

https://gerrit.wikimedia.org/r/629795

gerritbot added a comment.Sep 24 2020, 8:31 PM

Change 629814 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[openstack/horizon/wheels@train] Updated wheels for barbican support

https://gerrit.wikimedia.org/r/629814

gerritbot added a comment.Sep 24 2020, 8:33 PM

Change 629814 merged by Andrew Bogott:
[openstack/horizon/wheels@train] Updated wheels for barbican support

https://gerrit.wikimedia.org/r/629814

gerritbot added a comment.Sep 25 2020, 2:36 PM

Change 630194 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[openstack/horizon/deploy@train] Don't install barbican panels

https://gerrit.wikimedia.org/r/630194

Andrew updated the task description. (Show Details)Sep 25 2020, 2:37 PM
gerritbot added a comment.Sep 25 2020, 2:55 PM

Change 630194 merged by Andrew Bogott:
[openstack/horizon/deploy@train] Don't install barbican panels

https://gerrit.wikimedia.org/r/630194

Andrew changed the task status from Open to Stalled.Oct 20 2020, 4:33 PM
Andrew triaged this task as Medium priority.

the Horizon UI doesn't work especially well in our current Horizon release, so I'm stalling this until we can do some upgrades.

Andrew added a comment.Apr 23 2021, 5:50 PM

I've worked more with the horizon UI but still don't have it working. It appears to be largely abandoned so to get things in shape I would probably need to adopt the project, at least temporarily.

The cli seems to work fine.

Andrew added a comment.May 13 2021, 7:22 PM

The next step might be to support barbican but only via the CLI and only with application credentials. That should be fairly simple to set up (it might even work already in codfw1dev).

Should this be blocked pending https endpoints? Maybe!

Andrew removed Andrew as the assignee of this task.May 17 2021, 10:04 PM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 7:12 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
Pppery removed a project: Patch-For-Review.Apr 2 2023, 12:53 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL