19:00:35 <jillr> #startmeeting Ansible Core Public IRC Meeting https://github.com/ansible/community/issues/507 19:00:35 <zodbot> Meeting started Tue Dec 17 19:00:35 2019 UTC. 19:00:35 <zodbot> This meeting is logged and archived in a public location. 19:00:35 <zodbot> The chair is jillr. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:35 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 19:00:35 <zodbot> The meeting name has been set to 'ansible_core_public_irc_meeting_https://github.com/ansible/community/issues/507' 19:00:40 <jillr> o/ 19:00:52 <jillr> #topic open floor 19:01:41 <felixfontein> I'd like to continue the discussion from last week, in the hope there's a quorum here today :) 19:02:18 * jillr peeks at PTO calendar, we'll see how many we get? :) 19:02:40 <agaffney> which discussion was that? 19:02:47 <felixfontein> as quiet as it is until now... ;) 19:03:07 <felixfontein> agaffney: about openssh_keypair, especially its key regeneration behavior 19:03:11 <jillr> felixfontein: is this the openssh_keypair discussion? 19:03:20 <felixfontein> (and implications for openssl_privatekey) 19:03:21 <jillr> #topic openssh_keypair 19:03:50 <felixfontein> should I sum the current state up? 19:03:58 <jillr> #link https://github.com/ansible/ansible/pull/65638 19:04:08 <jillr> felixfontein: yes please, and if there are any other PRs than^ 19:04:47 <felixfontein> there's also an issue: https://github.com/ansible/ansible/issues/65639 19:05:11 <jillr> #link https://github.com/ansible/ansible/issues/65639 19:05:13 <felixfontein> ok, so the current behavior of openssh_keypair and openssl_privatekey is that it will regenerate the key(pair) if it does not fit the module options 19:05:46 <felixfontein> that includes passphrase not matching, invalid keys (resp. keys the module can't parse), wrong keysize, ... 19:06:23 <felixfontein> the core meeting did decide some weeks ago that it didn't like the last change to this situation, which added regeneration in case of broken keys and passprhase not matching to openssh_keypair 19:07:05 <felixfontein> I'd like to know several things: 1) I guess this should also apply to openssl_privatekey. 2) how about other regenerates, like when key size / type does not fit? 3) should the new behavior be backported? 19:07:50 <felixfontein> the answer to 1) is probably yes (from the discussion form that older meeting; I wasn't able to attend it) 19:08:09 <felixfontein> but 2) and 3) are things I that I have no idea what's wanted/expected 19:08:43 <felixfontein> I've started that issue to discuss how especially 2) could be handled in the module, since there are people who like to always regenerate if the module options do not match 19:09:05 <felixfontein> ready_to_discuss ;) 19:10:14 <jillr> about half the core team is either out of working hours or on PTO right now, but we might get a few folks. 19:11:21 <jillr> I'm generally in favor of not regenerating openssh_keypair unless the user explicitly opts-in, I'm more open to debate on openssl_keypair 19:12:00 <jillr> and I think whatever we do we probably shouldn't backport behaviour changes like this 19:12:32 <felixfontein> that would be what I would guess is common expectation (from the debate) 19:12:58 <jillr> and sorry, felixfontein, that this has dragged out so long while we try to get quorum 19:13:10 <felixfontein> no problem, this is life ;) 19:13:14 <jillr> :) 19:13:22 <felixfontein> assuming it should not be backported, it is also not that urgent 19:15:06 <felixfontein> I guess I should keep a copy of that summary, so I can simply paste it next time(s) 19:16:30 <jillr> we'll give it a few minutes to give folks a chance to read and catch up, but it's looking like it might just be the 3 of us today 19:21:08 <jillr> looks like it's not going to happen today. until next time? 19:21:15 <jillr> #endmeeting