Thursday, 2015-05-28

« Wednesday, 2015-05-27 Index Friday, 2015-05-29 »
*** alex_klimov has quit IRC00:01
*** salv-orlando has joined #openstack-security00:15
*** salv-orlando has quit IRC00:19
*** JAHoagie has quit IRC00:21
*** hyakuhei1 has joined #openstack-security01:13
*** hyakuhei has quit IRC01:14
*** dave-mccowan has joined #openstack-security01:15
*** nunbrs has quit IRC01:17
*** sdake_ has quit IRC01:28
*** browne has quit IRC01:29
*** markvoelker has quit IRC01:30
*** markvoelker_ has joined #openstack-security01:30
*** hyakuhei1 has quit IRC01:47
*** hyakuhei has joined #openstack-security01:48
*** sigmavirus24 is now known as sigmavirus24_awa01:50
*** bpokorny has quit IRC02:23
*** browne has joined #openstack-security02:29
*** hyakuhei1 has joined #openstack-security02:33
*** hyakuhei has quit IRC02:33
*** salv-orlando has joined #openstack-security02:37
*** salv-orlando has quit IRC02:42
*** hyakuhei1 has quit IRC02:55
*** hyakuhei has joined #openstack-security02:56
*** hyakuhei has quit IRC03:03
*** tmcpeak has quit IRC03:05
*** hyakuhei has joined #openstack-security03:09
*** hyakuhei1 has joined #openstack-security03:30
*** hyakuhei has quit IRC03:30
*** hyakuhei1 has quit IRC03:36
*** hyakuhei has joined #openstack-security03:36
*** dave-mccowan has quit IRC04:03
*** bpokorny has joined #openstack-security04:18
*** JAHoagie has joined #openstack-security04:26
*** sdake has joined #openstack-security04:39
*** hyakuhei1 has joined #openstack-security04:40
*** hyakuhei has quit IRC04:40
*** salv-orlando has joined #openstack-security04:42
*** hyakuhei has joined #openstack-security04:46
*** hyakuhei1 has quit IRC04:46
*** openstackgerrit has quit IRC04:50
*** openstackgerrit has joined #openstack-security04:50
*** sdake_ has joined #openstack-security04:50
*** salv-orlando has quit IRC04:53
*** sdake has quit IRC04:54
*** bpokorny has quit IRC04:56
*** hyakuhei has quit IRC04:56
*** hyakuhei has joined #openstack-security04:56
*** salv-orlando has joined #openstack-security05:23
*** JAHoagie has quit IRC05:33
*** hyakuhei has quit IRC05:56
*** hyakuhei1 has joined #openstack-security05:56
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/18626606:01
*** hyakuhei1 has quit IRC06:09
*** hyakuhei has joined #openstack-security06:09
*** hyakuhei has quit IRC06:32
*** hyakuhei has joined #openstack-security06:32
*** elmiko has quit IRC06:47
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/18626606:57
*** hyakuhei has quit IRC06:58
*** salv-orlando has quit IRC07:00
*** salv-orlando has joined #openstack-security07:00
*** hyakuhei has joined #openstack-security07:01
*** elmiko has joined #openstack-security07:16
*** browne has quit IRC07:21
*** alex_klimov has joined #openstack-security07:23
*** hyakuhei1 has joined #openstack-security07:26
*** hyakuhei has quit IRC07:26
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/18630707:35
*** salv-orlando has quit IRC07:38
*** alex_klimov has quit IRC08:04
*** alex_klimov has joined #openstack-security08:10
*** salv-orlando has joined #openstack-security08:39
*** hyakuhei1 has quit IRC08:44
*** salv-orlando has quit IRC08:45
*** hyakuhei has joined #openstack-security08:45
*** sdake has joined #openstack-security08:58
*** sdake_ has quit IRC09:01
*** sdake_ has joined #openstack-security09:04
*** sdake has quit IRC09:07
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/18630709:13
*** markvoelker_ has quit IRC09:16
*** tmcpeak has joined #openstack-security10:07
*** salv-orlando has joined #openstack-security10:10
*** markvoelker has joined #openstack-security10:17
*** markvoelker has quit IRC10:23
*** timkennedy has quit IRC10:26
*** timkennedy has joined #openstack-security10:27
*** sdake_ has quit IRC10:38
*** hyakuhei has quit IRC10:41
*** hyakuhei has joined #openstack-security10:41
*** salv-orlando has quit IRC11:12
openstackgerritMerged stackforge/anchor: Updating config.json to be sha256  https://review.openstack.org/18517911:13
*** openstackgerrit has quit IRC11:39
*** openstackgerrit has joined #openstack-security11:39
*** markvoelker has joined #openstack-security12:02
*** salv-orlando has joined #openstack-security12:12
*** dave-mccowan has joined #openstack-security12:23
*** hyakuhei has quit IRC12:33
*** hyakuhei has joined #openstack-security12:33
*** salv-orlando has quit IRC13:11
*** salv-orlando has joined #openstack-security13:11
openstackgerritMerged openstack/security-doc: Updating Case Studies - Alice's Monitoring & Logging  https://review.openstack.org/18410413:14
*** bknudson has joined #openstack-security13:19
*** nkinder has quit IRC13:21
*** jamielennox is now known as jamielennox|away13:29
*** singlethink has joined #openstack-security13:29
openstackgerritMerged openstack/security-doc: Updating Case Studies - Alice's Instance Security Management section  https://review.openstack.org/18360713:45
*** sigmavirus24_awa is now known as sigmavirus2414:02
*** sdake has joined #openstack-security14:09
*** sdake_ has joined #openstack-security14:10
*** sdake has quit IRC14:14
*** voodookid has joined #openstack-security14:25
*** nkinder has joined #openstack-security14:28
*** sdake has joined #openstack-security14:40
*** sdake_ has quit IRC14:44
*** dwyde has joined #openstack-security14:53
*** sicarie has joined #openstack-security15:04
*** bpokorny has joined #openstack-security15:22
*** edmondsw has joined #openstack-security15:23
*** browne has joined #openstack-security15:26
*** hyakuhei has quit IRC15:49
*** hyakuhei1 has joined #openstack-security15:49
*** singlethink has quit IRC15:52
*** sdake_ has joined #openstack-security15:58
*** sdake has quit IRC15:59
*** sdake has joined #openstack-security16:00
*** hyakuhei1 is now known as hyakuhei16:03
*** hyakuhei has quit IRC16:03
*** hyakuhei has joined #openstack-security16:03
*** sdake_ has quit IRC16:03
*** tkelsey has joined #openstack-security16:04
hyakuheiI'm not going to be around for the full security meeting today.16:04
*** alex_klimov has quit IRC16:04
nkinderhyakuhei: Me either.  I have a meeting that overlaps with it.  Perhaps tmcpeak can run it...16:07
*** dwyde has quit IRC16:24
*** singlethink has joined #openstack-security16:25
tmcpeakhyakuhei, nkinder: I can do it16:27
hyakuheithanks tmcpeak16:30
*** dwyde has joined #openstack-security16:46
*** browne has quit IRC17:02
*** pkarikh has joined #openstack-security17:08
*** lhcheng has joined #openstack-security17:08
*** pkarikh has quit IRC17:16
*** dwyde has quit IRC17:16
*** michaelxin has joined #openstack-security17:25
*** dan has joined #openstack-security17:27
*** dwyde has joined #openstack-security17:27
*** sicarie_ has joined #openstack-security17:31
*** sicarie has left #openstack-security17:31
*** bpokorny has quit IRC17:31
*** sdake_ has joined #openstack-security17:35
*** browne has joined #openstack-security17:38
*** sdake has quit IRC17:39
*** salv-orlando has quit IRC17:43
*** salv-orlando has joined #openstack-security17:47
*** nkinder has quit IRC18:03
tmcpeakdstufft: ping18:06
*** sicarie_ is now known as sicarie18:07
*** bknudson has quit IRC18:13
*** bknudson has joined #openstack-security18:18
dstuffttmcpeak: pong18:18
tmcpeakdstufft: yo yo, check PM por favor18:18
*** lhcheng has left #openstack-security18:18
dstuffttmcpeak: hm, don't see anything18:19
tmcpeakahh ok I'll send again18:19
*** nkinder has joined #openstack-security18:24
*** pkarikh has joined #openstack-security18:27
*** bpokorny has joined #openstack-security18:32
*** tkelsey has quit IRC18:33
pkarikhtristanC: hello!18:36
*** edmondsw has quit IRC18:43
*** browne has quit IRC18:45
*** nkinder has quit IRC18:49
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Alice's Compliance Section  https://review.openstack.org/18411218:52
*** pkarikh has quit IRC19:00
*** nkinder has joined #openstack-security19:01
sigmavirus24sicarie: thanks for filing the bug19:08
sicarienp19:08
tmcpeaksicarie: awesome!19:09
sicarieI figure if someone can follow the directions to disable the fw, they should be able to follow directions to open the proper ports19:09
sicarieI'm going to have to take an action to add a ufw ruleset to Ubuntu installs for the sec guide19:10
elmikomakes me wonder if we should provide an openstack.xml service file for firewalld based distros?19:10
openstackgerritMerged openstack/security-doc: Updating Case Studies - Alice's Compliance Section  https://review.openstack.org/18411219:18
*** sdake has joined #openstack-security19:26
*** sdake_ has quit IRC19:29
miscelmiko: it would be helpful and likely make the life of sysadmin easier IMHO19:34
misc( at least mine )19:34
elmikocool, i'll look at sicarie's change and hopefully follow suit19:40
sicarie+1 though that also makes me nervous about what else is in the install/ops/admin guides...19:40
elmikoyea, we might have to add it to the reading list19:40
elmikos/it/them/19:40
sicariemisc: how do you handle fw rulesets now? I'm trying to think of the easiest and most secure way to do this - something like "fw_hypervisor.xml: iptables rules allowing nova and mgmt communication"19:43
*** kutija has joined #openstack-security19:43
sicarieand then "fw_swift.xml: iptables rules for..."19:44
* sicarie runs off to check his swift cheatsheet19:46
miscsicarie: that's mostly dropping a xml file in /usr/lib/firewalld/services/19:46
*** tkelsey has joined #openstack-security19:46
miscand use firewall-cmd19:46
sicarietcp 8080 for api/backup, allowing scp/rsync, container updates over 6001/600219:47
sicarieok, yeah, would probably have to do two sets for firewalld/iptables19:47
miscI kinda like that because it make my ansible script idempotent by default19:47
miscwhile for iptables, everybody do their own stuff, so there isn't much sharing possible19:47
sicarieYeah, and the networks probably aren't going to be standard, which will be fun19:48
sicariemisc: thanks, I'll try to take a look at that!19:48
elmikowould be nice if we maintain a set of firewalld services files, and engage the individual projects to review them19:49
* sicarie volun-scripts elmiko19:49
elmikohehe, i'll add it to the backlog ;)19:50
sicarieRight!19:50
elmikois this something we could maintain in the security-doc repo and link into the document?19:51
*** tkelsey has quit IRC19:51
elmikoor would there be a better repo for it19:51
sicarieelmiko: good question - I think where the security-doc repo will live is an open question19:52
sicarieI know the docs team isn't claiming it, and I think there's another security repo that this may eventually fall under, but i'm not 100% sure19:53
elmikook, cool. i'll leave it up for research then19:53
sicarieyeah, I think that's for hyakuhei to determine now that we're an official project19:54
elmikosounds good19:54
*** nkinder has quit IRC19:59
*** singleth_ has joined #openstack-security20:00
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Alice's API Endpoints Section  https://review.openstack.org/18655220:00
*** singlethink has quit IRC20:03
*** kutija has quit IRC20:05
sicarietmcpeak sigmavirus24: bug closed as "wont fix"20:16
sicarie"Based on much prior discussion, the installation guide aims to install OpenStack in the easiest way possible for first-time users, not deploy a production environment. If you want to enable the firewall, the documentation includes a list of ports for each service"20:16
elmikoi guess that makes sense20:16
sigmavirus24Yeah that's vaguely what I expected20:17
sicarieI'll open another to at least have those ports referenced at that point in the guide20:19
*** browne has joined #openstack-security20:20
openstackgerritNathaniel Dillon proposed openstack/security-doc: Updating Case Studies - Alice's API Endpoints Section  https://review.openstack.org/18655220:23
*** kutija has joined #openstack-security20:24
*** sdake_ has joined #openstack-security20:26
*** sdake has quit IRC20:30
tmcpeaksicarie: bummer :(20:44
*** sdake_ has quit IRC20:47
*** sdake has joined #openstack-security20:49
*** salv-orlando has quit IRC20:49
*** michaelxin has quit IRC21:01
openstackgerritNathaniel Dillon proposed openstack/security-doc: Update Compute Chapter - Introduction  https://review.openstack.org/18656321:05
*** dave-mccowan has quit IRC21:07
openstackgerritMerged openstack/security-doc: Updating Case Studies - Alice's API Endpoints Section  https://review.openstack.org/18655221:08
openstackgerritNathaniel Dillon proposed openstack/security-doc: Update Compute Chapter - Introduction  https://review.openstack.org/18656321:09
*** sdake_ has joined #openstack-security21:11
*** sdake has quit IRC21:14
*** hyakuhei has quit IRC21:22
*** hyakuhei has joined #openstack-security21:23
*** jamielennox|away is now known as jamielennox21:34
*** openstackgerrit has quit IRC21:36
*** openstackgerrit has joined #openstack-security21:36
*** salv-orlando has joined #openstack-security21:50
*** alex_klimov has joined #openstack-security21:51
*** salv-orlando has quit IRC21:55
*** sdake has joined #openstack-security21:59
*** sdake_ has quit IRC22:03
*** dwyde has quit IRC22:11
*** salv-orlando has joined #openstack-security22:15
*** nkinder has joined #openstack-security22:17
*** singlethink has joined #openstack-security22:22
*** sdake_ has joined #openstack-security22:23
*** singleth_ has quit IRC22:24
*** sdake has quit IRC22:27
*** Guest82474 has joined #openstack-security22:40
*** Guest82474 has quit IRC22:40
*** barra204 has joined #openstack-security22:43
*** bknudson has quit IRC22:45
*** singlethink has quit IRC22:48
*** voodookid has quit IRC22:51
*** sicarie has left #openstack-security22:54
*** barra204 has quit IRC23:01
*** barra204 has joined #openstack-security23:15
*** salv-orlando has quit IRC23:30
*** alex_klimov has quit IRC23:41
*** tkelsey has joined #openstack-security23:49
*** tkelsey has quit IRC23:54
« Wednesday, 2015-05-27 Index Friday, 2015-05-29 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!