17:06:00 <hyakuhei> #startmeeting openstack security group 17:06:01 <openstack> Meeting started Thu Jan 15 17:06:00 2015 UTC and is due to finish in 60 minutes. The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:06:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:06:04 <openstack> The meeting name has been set to 'openstack_security_group' 17:06:13 <elmiko> weird... 17:06:17 <tkelsey> hummm guess its bust, technology eh? :P 17:06:18 <bdpayne> oh well, carry on :-) 17:06:33 <hyakuhei> well that was an exciting diversion! 17:06:40 <bknudson> hackers. 17:06:44 <tkelsey> :P 17:06:47 <hyakuhei> haxors everywhere! 17:06:59 <hyakuhei> Right, back on topic. Which was, to set the agenda :) 17:07:11 <hyakuhei> Anchor, Bandit, Mid-Cycle - anything else? 17:07:37 <hyakuhei> ok 17:07:46 <hyakuhei> tkelsey: what’s the latest on Anchor? 17:07:47 <bdpayne> sounds good to me 17:07:58 <tkelsey> hyakuhei: test, test and more tests 17:08:18 <tkelsey> well, slowly adding coverage 17:08:25 <tkelsey> I also updated the wiki pages 17:08:32 <hyakuhei> Superb. Anyone want to get involved with Anchor? This is a great time. 17:08:46 <hyakuhei> Still need to workout where/when to write the Barbican plugin 17:08:52 <tkelsey> #link https://wiki.openstack.org/wiki/Anchor 17:08:56 <hyakuhei> and bdpayne you wanted to talk about some stuff ? 17:09:00 <tkelsey> hyakuhei: yeah good point 17:09:16 <bdpayne> I did? 17:09:33 <hyakuhei> Yeh, I thought you mentioned something last week, ah well 17:09:50 <hyakuhei> So yes in general, we are feature freezing Anchor while we add a number of tests. 17:09:57 <bdpayne> well, I have some thoughts that I'll keep to myself for now until I can dig into the code base some more 17:10:18 <hyakuhei> Righto, feel free to air them early, we won’t get offended :) 17:10:22 <tkelsey> bdpayne: awesome :) input very welcome when your ready 17:10:25 * redrobot is fashionably late 17:10:28 <bdpayne> cool 17:10:35 <hyakuhei> welcome redrobot ! 17:10:54 <hyakuhei> We were just talking about adding an Anchor plugin into Babrican :) 17:11:38 <hyakuhei> ok, so re: Anchor - get involved, write some tests :) 17:11:45 <tkelsey> +1 :) 17:11:52 <hyakuhei> #topic Bandit 17:12:12 <tmcpeak> Bandit might be mostly a no-op this week 17:12:22 <hyakuhei> Last week we spoke about testing out Bandit in various places 17:12:24 <elmiko> i have a bandit user report 17:12:30 <hyakuhei> Excellent! 17:12:31 <tmcpeak> ooh 17:12:32 <tmcpeak> do tell 17:12:34 <tkelsey> :D 17:12:37 <elmiko> i ran it against the sahara code base, it was smooth sailing 17:12:47 <elmiko> i followed the instructions and it worked like magic =) 17:12:48 <tmcpeak> find anything interesting? 17:12:50 <tkelsey> elmiko: thats awesome news, find anything interesting ? 17:12:59 <elmiko> yea, i think so 17:13:05 <tmcpeak> awesome! 17:13:16 <redrobot> I've been meaning to run it against the Barbican code base... 17:13:21 <elmiko> #link https://gist.github.com/elmiko/94f063583912a5d8c3cb 17:13:24 <elmiko> that's our output 17:13:27 <tkelsey> redrobot: +1 17:13:38 <hyakuhei> I did run it once a while back, found a few things iirc. 17:13:43 <elmiko> it mainly complains about our usage of /tmp, but that's occuring on our cluster nodes so maybe something to look at 17:13:58 <bknudson> that is scary. 17:14:13 <bknudson> sudo su - -c "mkdir /tmp/oozielib !!?? 17:14:40 <hyakuhei> eeeeeew 17:14:44 * elmiko feels like he just exposed sahara's bare ass 17:15:03 <tmcpeak> sudo /tmp/sahara-hadoop-init.sh :) 17:15:08 <elmiko> yea, we need some help =) 17:15:33 <sicarie> tmcpeak to be fair they created the directory 500 immediately before :) 17:15:43 <hyakuhei> That’s a good thing elmiko, what we are here for :) 17:15:56 <tkelsey> hyakuhei: +1 17:15:56 <tmcpeak> ahh gotcha 17:16:01 <sicarie> er, not directory 17:16:12 * sicarie stops typing while caffeine goes through his system 17:16:52 <elmiko> anyways, aside from our issues, kudos to the bandit team. the process was painless and the docs were clear. 17:17:00 <bknudson> bandit is sure doing it's job if it's able to catch these issues. 17:17:14 <tmcpeak> elmiko: thanks for using it 17:17:22 <tmcpeak> so next step is to get it in the gate 17:17:25 <elmiko> i would like to learn how best to interpret it's output as my next task with bandit 17:17:27 <tkelsey> elmiko: awesome, thanks for the feedback 17:17:45 <chair6> yeah, nice to see real world usage :) 17:17:49 <hyakuhei> +1 17:17:51 <tkelsey> elmiko: tmcpeak or myself can help if you have any questions 17:18:00 <tmcpeak> +1 17:18:09 <elmiko> tkelsey: awesome, i'll find you guys in openstack-security 17:18:18 <bknudson> I ran it on keystone quickly a month ago to see if it worked, and it worked fine... I think I asked for a feature to skip files (e.g., test directory) 17:18:21 <tmcpeak> bdpayne: btw, did you know if Lucas is planning on merging his improvements? 17:18:30 <bdpayne> yeah he is 17:18:33 <bdpayne> I'll ping him to do so 17:18:44 <tmcpeak> bknudson: oh right, I added that item to our wiki 17:18:46 <hyakuhei> bknudson: You mentioned before it might fit in the Keystone gate? 17:19:06 <bknudson> I would definitely like to see this in keystone gate. 17:19:19 <hyakuhei> What’s the process of doing a trial? 17:19:22 <tmcpeak> there's a little work we need to do to get it in requirements 17:19:36 <bknudson> and if you need project to start with I think keystone is a good target. 17:19:37 <tmcpeak> after that it should be easy to set up a non-blocking gate job for it 17:19:44 <bknudson> maybe middleware. 17:20:28 <bknudson> I think this would be a good topic for the cross-project meeting. 17:20:33 <hyakuhei> We’ll use it in Anchor soon but it looks like Keystone would be the first ‘proper’ project to test it with 17:20:51 <tmcpeak> what's the cross-project meeting? 17:21:02 <tmcpeak> is that a summit thing? 17:21:11 <bknudson> https://wiki.openstack.org/wiki/Meetings/CrossProjectMeeting 17:21:29 <bknudson> "Any cross-team issue is on-topic for this meeting." 17:21:48 <tmcpeak> ahh cool, I was not aware this was a thing :) 17:22:04 <bdpayne> neither was I... interesting 17:22:19 <bknudson> it would be good to take care of any objections that might be raised... I don't anticipate any other than there might be a request for a cross-project spec. 17:22:34 <tmcpeak> bknudson: yeah, that looks like a good fit for that discussion 17:22:44 <bknudson> so you might want to get started on a spec. 17:22:57 <tmcpeak> cool 17:23:04 <tmcpeak> ok so todo: 1) requirements 2) spec 17:24:22 <hyakuhei> Anyone want to volunteer to take that as an action? 17:24:24 <bknudson> Here's an example cross-project spec: https://review.openstack.org/#/c/145544/ 17:24:35 <hyakuhei> another action would be to attend the cross-project meeting 17:24:42 <hyakuhei> which is at 21:00 UTC 17:24:59 <tmcpeak> let's attend when we have what we need in place 17:25:08 <tmcpeak> I'm a little bandwidth challenged right now, but I can at least work #1 17:25:20 <hyakuhei> cool 17:25:37 <hyakuhei> #action tmcpeak to take a look at the requirements regarding Bandit and Keystone Gate Tests 17:26:07 <sarnold007> I might be able to assist with the spec 17:26:13 <tmcpeak> awesome! 17:26:20 <hyakuhei> Anything else on Bandit? 17:26:29 <tmcpeak> nope 17:26:40 <sarnold007> is there a deadline for it? other than ASAP? 17:26:40 <hyakuhei> cool 17:26:55 <tmcpeak> next week would be good 17:27:15 <tmcpeak> as you're able 17:27:19 <sarnold007> Ok, I'll work on it this weekend 17:27:31 <tmcpeak> you don't have to :) 17:27:37 <tmcpeak> the week after is fine 17:27:48 <tmcpeak> not trying to crack the whip 17:27:48 <sarnold007> it gives me an excuse to avoid my teenager :) 17:27:58 <tmcpeak> haha ok, awesome 17:28:37 <hyakuhei> Ok, lets move along, thanks Bandit peoples! 17:28:43 <hyakuhei> #topic Mid-Cycle 17:28:46 <hyakuhei> #link https://etherpad.openstack.org/p/ossg-kilo-meetup 17:29:10 <hyakuhei> Agenda is looking pretty thin at the moment, I’d like to see more on there, especially if you’re a confirmed attendee 17:29:25 <hyakuhei> At the very least put your name down against the things that you think are most important 17:29:46 * bdpayne will add at least one agenda item 17:30:52 <hyakuhei> Thanks :) 17:31:26 <tmcpeak> looks like a HP/Nebula party? 17:31:30 <hyakuhei> I’m finalizing travel plans over the next 24 hours 17:31:39 <hyakuhei> Malini from Intel is going to try to come 17:31:46 * bdpayne added one item 17:32:14 <bdpayne> Can we put an address on there for Geekdom? 17:32:17 <hyakuhei> I’ll try to add a few over the next few days. 17:32:19 <tmcpeak> yep, I'll get it 17:32:24 <bknudson> I need to convince my employer to get me to the security meetups. 17:32:25 <hyakuhei> thanks tmcpeak 17:32:46 <bdpayne> also, it says "proposed dates" up top, but those _are_ the dates, right? 17:33:01 <hyakuhei> They have a decent bike lockup there fyi, I’ll be renting a roadie for a day or two while I’m there :) 17:34:13 <hyakuhei> So I don’t have a whole bunch more to add atm. I noticed a few prospective board members mentioning security 17:34:36 <tmcpeak> can we get some pandering? :) 17:34:37 <hyakuhei> Jesse Proudman used the recent glance vulnerability as an example of things not working great 17:34:52 <bdpayne> Re bike lockup, that's nice as I'll probably be taking the train/bike to the spot each day 17:35:11 <hyakuhei> Cool 17:35:18 <hyakuhei> They can lend you a lock too bdpayne 17:36:20 <bdpayne> what time are we starting on the first day? 17:36:20 <bdpayne> and what time are we ending on the last day? 17:36:20 <bdpayne> (to help people with travel plans) 17:36:35 <hyakuhei> So, we’ve got the place 9-5 Tuesday-Friday 17:36:41 <hyakuhei> with a 4pm finish on Thursday 17:36:51 * bdpayne doesn't trust someone else's lock, but thanks 17:36:54 <hyakuhei> Sure 17:37:16 <bdpayne> should we just plan to start 9a on Tuesday than? 17:37:18 <bdpayne> s/than/then/ 17:37:21 <hyakuhei> Yup 17:37:23 <bdpayne> or is that too early? 17:37:28 <tmcpeak> 9's good 17:37:37 <hyakuhei> Lets start strong ;) 17:37:50 <bdpayne> for me, strong would be later in the morning ;-) 17:37:58 <bdpayne> but, I can figure out the 9a thing 17:38:01 <bdpayne> I hear it's possible 17:38:06 <elmiko> lol 17:38:14 <hyakuhei> You can be late 17:38:15 <tmcpeak> yeah bdpayne: that's a sub-optimal Caltrain ride you have to do 17:38:19 <hyakuhei> but you must bring cake. 17:38:46 <bdpayne> yeah, it will be a bit painful 17:38:53 <bdpayne> but I'd rather not be away from my family all week 17:38:55 <bdpayne> so, eh 17:38:56 <bdpayne> ;-) 17:39:16 <bdpayne> I can do the bullet train 17:39:16 <hyakuhei> Whatever works bdpayne, it’s always a slow start on the first day. 17:39:30 <bdpayne> no worries 17:40:04 <hyakuhei> I’m hoping we can have a social event one day. 17:40:35 <tmcpeak> I know some good spots around there 17:41:00 <hyakuhei> Cool 17:41:03 <bdpayne> ah good, b/c I don't really know that area too well 17:41:09 <jroll> I just found out about the OSSG meetup, I'd like to start getting involved, mind if I drop in on it? :) 17:41:19 <bdpayne> sure 17:41:19 * jroll works upstairs from geekdom 17:41:23 <bdpayne> a great way to get started 17:41:25 <hyakuhei> Sure jroll 17:41:28 <hyakuhei> https://etherpad.openstack.org/p/ossg-kilo-meetup 17:41:32 <jroll> awesome, thanks 17:41:35 <jroll> I'll add my name 17:42:04 <hyakuhei> Sweet! 17:42:46 <hyakuhei> Ok, if there’s nothing to add lets close it out :) 17:42:58 <hyakuhei> Thanks all! 17:43:00 <hyakuhei> #endmeeting