17:00:46 <tmcpeak> #startmeeting security
17:00:47 <openstack> Meeting started Thu Nov 12 17:00:46 2015 UTC and is due to finish in 60 minutes.  The chair is tmcpeak. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:49 <tmcpeak> o/
17:00:50 <openstack> The meeting name has been set to 'security'
17:00:52 <tmcpeak> \o
17:00:56 <tmcpeak> o\
17:00:59 <elmiko> thanks tmcpeak , was just looking up the meeting name ;)
17:00:59 <tmcpeak> o~
17:01:01 <tmcpeak> whatup
17:01:04 <michaelxin_> morning
17:01:23 <tmcpeak> mr. Hyakuhei sends his regrets but he's doing customer things
17:01:35 <tmcpeak> he has provided me with a wonderful agenda: https://etherpad.openstack.org/p/security-20151112-agenda
17:01:37 <elmiko> no worries
17:01:39 <tmcpeak> nkinder: whatup!
17:01:51 <nkinder> tmcpeak: hey!
17:01:55 <tmcpeak> long time man
17:01:57 <tmcpeak> wb
17:02:25 <michaelxin_> hi
17:02:33 <bknudson> hi
17:02:37 <tmcpeak> #topic roll-call
17:02:39 <tmcpeak> o/
17:02:43 <bknudson> present
17:02:48 <elmiko> o/
17:03:04 <tmcpeak> sweet
17:03:10 <tmcpeak> stragglers be damned
17:03:11 <bknudson> bueller?
17:03:17 <tmcpeak> #topic Midcycle
17:03:32 <tmcpeak> hyakuhei has set us up to do a joint midcycle with Barbican
17:03:34 <tmcpeak> which is legit
17:03:43 <redrobot> o/
17:03:50 <michaelxin_> +1
17:03:51 <tmcpeak> as he said in etherpad, since I literally have 0 to do with this…
17:03:52 <shelleea007> o/
17:03:54 <bknudson> would be nice to be in san antonio in january
17:03:58 <tmcpeak> "we'll likely be in SA"
17:04:02 <elmiko> bknudson: +1
17:04:06 <tmcpeak> "we'll likely be there Jan 11-15"
17:04:15 <tmcpeak> "redrobot has said we'll have enough space"
17:04:19 <tmcpeak> -hyakuhei
17:04:21 <tmcpeak> so legit!
17:04:24 <tmcpeak> this is going to be awesome
17:04:27 <redrobot> yeah, looking into space right now
17:04:27 <bknudson> we haven't discussed a keystone midcycle yet
17:04:43 <redrobot> anyone know avg attendance from OSSP for the mid-cycles?
17:04:48 <tmcpeak> personally Barbican is at the top of my list of cool projects which I know disappointingly jack-s about
17:04:57 <tmcpeak> redrobot: ~15
17:04:57 <dg_> tmcpeak +!
17:04:58 <bknudson> for keystone we've met at a hackerspace near the riverwalk
17:05:09 <bknudson> I still haven't seen the rackspace castle.
17:05:10 <redrobot> bknudson Geekdom!
17:05:19 <redrobot> I'm looking at space in the Castle
17:05:27 <tmcpeak> is it a castle?
17:05:35 <michaelxin_> we have more than enough space
17:05:41 <redrobot> michaelxin_  +1
17:05:46 <elmiko> don't you guys have an old mall or something?
17:05:46 <tmcpeak> SA is also way up on the list of US cities I haven't been but want to have been
17:06:00 <tmcpeak> good food, good booze, etc, etc
17:06:07 <redrobot> elmiko yup, used to be a shady mall
17:06:14 <elmiko> we could meet at the Hot Topic ;P
17:06:24 <tmcpeak> elmiko: :P
17:06:29 * elmiko chuckles
17:06:30 <redrobot> elmiko lol
17:06:33 <tmcpeak> redrobot: have you guys worked out sponsorship yet?
17:06:41 <tmcpeak> you guys buying? ;)
17:07:00 <tmcpeak> I'm sure HP can pick up a night of drinking at least
17:07:00 <redrobot> tmcpeak hehe
17:07:03 <tmcpeak> I won't speak for Rob though
17:07:18 <redrobot> I don't know yet...  we could probably do a few lunches at least
17:07:18 <bknudson> tmcpeak: you can speak for rob he's not here.
17:07:32 <tmcpeak> I can, but whatever I say doesn't carry weight, so..
17:07:35 <tmcpeak> ok cool
17:07:38 <tmcpeak> this is going to be awesome
17:07:40 <bknudson> when do the food trucks show up?
17:07:48 <tmcpeak> next week we'll start with the list of attendees, topics, etc
17:07:50 <redrobot> bknudson Tuesdays and Fridays
17:08:04 <bknudson> so midcycle is tue thru fri.
17:08:05 <tmcpeak> I for one think this might be the best midcycle yet
17:08:08 <tmcpeak> I'm excited about it
17:08:17 <michaelxin> I talked with my manager
17:08:32 <michaelxin> Our team will cover the cost for security mid-cycle
17:08:36 <michaelxin> I also talked with Lisa
17:08:39 <tmcpeak> michaelxin: !!
17:08:41 <tmcpeak> legit!
17:09:00 <michaelxin> She should be able to take care of Baribican side
17:09:01 <elmiko> nice
17:09:09 <tmcpeak> michaelxin is the new Opera
17:09:12 <redrobot> michaelxin awesome!
17:09:48 <michaelxin> thanks
17:10:01 <tmcpeak> ok awesome, I hope everybody can attend the whole week
17:10:09 <tmcpeak> this has been long overdue, I'm glad you guys set it up
17:10:34 <tmcpeak> ok cool
17:10:36 <tmcpeak> next up:
17:10:39 <tmcpeak> #topic Anchor
17:10:56 <tmcpeak> dg_, tkelsey: what's up?
17:11:31 <dg_> ive not touched anchor this week, dont know if tkelsey has?
17:11:41 <tmcpeak> tkelsey looks away
17:12:04 <tmcpeak> ok cool
17:12:06 <tmcpeak> then...
17:12:10 <tmcpeak> #topic Killick
17:12:15 <tmcpeak> dg_ what's up?
17:12:56 <bknudson> what's killick?
17:13:09 <tmcpeak> dg_: what is killick?
17:13:23 <tmcpeak> it sounds weird, I'm a little resistant ;)
17:13:33 <dg_> killick - 'a form of Anchor used by primitive societies' - thanks google :)
17:13:43 <wayward710> This? http://lists.openstack.org/pipermail/openstack-dev/2015-October/076486.html
17:14:10 <dg_> its basically a traditional PKI using the anchor validation functionality, so you can use it to automatically enforce a certifiate policy
17:14:36 <dg_> the intention is that it will plug in behind barbican if necessary, or be deployed as a stand-alone pki
17:14:37 <tmcpeak> cool what's the status, where is it going, and by when?
17:15:17 <dg_> currently a POC exists, you can curl it a CRL and it sticks it in the queue, and then you can connect to the admin api and deny/issue it
17:15:35 <tmcpeak> awesome!
17:15:36 <tmcpeak> what's next?
17:15:45 <tmcpeak> where is it? stackforge?
17:15:47 <dg_> the revocation API is working, but i havent had time to add the CRL signing code to anchor (because thats just going to be a whole bundle of bikesheds)
17:15:54 <tmcpeak> dg_: is this your baby?
17:16:04 <dg_> currently on github, stackforge isnt a thing afaik
17:16:20 <tmcpeak> wut
17:16:27 <tmcpeak> they killed stackforge?
17:16:31 <elmiko> yea, it's either openstack or not
17:16:39 <dg_> yeah its loosely my baby, tim and I thought it up on a plane and I wrote a POC on a different plane
17:16:40 <elmiko> or, openstack-dev i suppose
17:16:41 <tmcpeak> oooh
17:17:04 <tmcpeak> ok cool, it sounds awesome (not from this description, I've also seen more thorough presentations of it).  So what's next?
17:17:08 <tmcpeak> how can we help?
17:18:00 <tmcpeak> since we own security, can we just move it in to our project?
17:18:32 <dg_> yeah I was talking to Rob and he suggested we pull it into our project once the POC works
17:18:47 <dg_> I need to have a think about the auth of it - really must sit down and talk that through with rob
17:19:06 <tmcpeak> dg_ ok cool
17:19:18 <tmcpeak> it's going to be a great addition to OSSG when it's ready
17:19:21 <tmcpeak> let us know if you need anything
17:19:28 <tmcpeak> #topic OpenStack-Ansible-Security
17:19:29 <dg_> once we've pulled it in, there will be lots of dev work - we will need to write a barbican plugin, I want to add ACME functionality (so we can kill coyotes), it will need a gui
17:19:37 <tmcpeak> dg_: sweet, sounds good
17:19:44 <tmcpeak> don't hesitate to reach out..
17:19:47 <michaelxin> dg_: +1
17:19:47 <dg_> thanks tmcpeak - tis never going to be exciting like anchor, but its kinda useful when you want to deploy a cloud
17:19:55 <dg_> ty :)
17:19:55 <tmcpeak> sounds very useful
17:20:10 <tmcpeak> mhayden: you around?
17:20:46 <tmcpeak> ok.. if he comes around we'll come back
17:20:48 <tmcpeak> #topic Bandit
17:21:03 <tmcpeak> ok… so tkelsey and I have been working like crazy people on baseline
17:21:07 <tmcpeak> basically baseline is this
17:21:44 <tmcpeak> 1) I check in something   2) I run Bandit on the parent commit of whatever I check in   3) I run Bandit on what I've checked in   4) I subtract old findings from new   5) I report *just the new issues*
17:21:55 <tmcpeak> this is going to be awesome, and the quintessential gate I think
17:21:55 <dg_> nice
17:21:58 <elmiko> neat
17:22:06 <dg_> i like that, so i can see the stuff I've messed up
17:22:18 <tmcpeak> we're busting ass on this for an internal project, but once it's ready we'll upstream it
17:22:28 <tmcpeak> this should be a usable gate for any project
17:22:38 <bknudson> current on keystone the gate doesn't allow anything broken in.
17:22:44 <dg_> tmcpeak - lets have this as a gate for anchor (and killick)
17:22:54 <tmcpeak> dg_: awesome, I was hoping you might say that
17:23:02 <bknudson> so anything reported in a review is new.
17:23:09 <tmcpeak> bknudson: exactly
17:23:17 <dg_> bknudson thats good :)
17:23:20 <elmiko> i'm curious, how does this compare to just diffing the output of 2 runs?
17:23:23 <michaelxin> one of the feedbacks from summit is that people want to know what defects Bandit found
17:23:41 <michaelxin> maybe, we can document them somewhere for good defects.
17:24:03 <bknudson> a tag in the launchpad bug might help
17:24:08 <tmcpeak> elmiko: this is different because code position doesn't matter.  It's using Bandit's awareness of the issues.  So basically I have a tmp file issue - it moves.  No new issue
17:24:21 <wayward710> So this is Bandit? https://wiki.openstack.org/wiki/Security/Projects/Bandit
17:24:24 <tmcpeak> I have one temp file issue and now I have two - one of them is new.  Bandit shows what are the possible locations of the new issue
17:24:28 <elmiko> tmcpeak: interesting, sounds complicated ;)
17:24:39 <tmcpeak> wayward710: yep
17:24:46 <wayward710> thanks
17:24:50 <tmcpeak> wayward710: not sure we've seen you before
17:24:53 <tmcpeak> quick intro?
17:26:08 <wayward710> Sure.  I'm Wendy Edwards, hopefully future volunteer with OpenStack security.  Got a little bit of a backlog on some other open source tasks, which I'd like to clear before committing to anything else.  So right now, trying to watch and learn.
17:26:24 <elmiko> welcome wayward710 =)
17:26:30 <michaelxin> wayward710: welcome
17:26:31 <dg_> o/
17:26:33 <wayward710> Thanks, elmiko!
17:26:39 <wayward710> Thanks!
17:26:40 <tmcpeak> wayward710: awesome!  welcome :)
17:27:10 <dg_> wayward710 out of interest, how did you hear about OpenStack Security? Tmcpeak wants to know if his marketing drive is getting results...
17:27:11 <wayward710> Have done a little work in security and IAM, but eager to learn more.
17:27:19 <tmcpeak> also I've snazzed up the HTML reporter a bit
17:27:44 <wayward710> I think I know @pleia2 (who is AFK right now) and she's talked a lot about OpenStack
17:28:31 <tmcpeak> here's the new HTML report: http://pasteboard.co/25o5qfQI.png
17:29:07 <elmiko> ooh shiny
17:29:20 <tmcpeak> elmiko: thanks! you just made the top of my christmas card list
17:29:25 <tmcpeak> allright, enough braggies
17:29:30 <elmiko> haha
17:29:35 <tmcpeak> 0.16.0 coming up, then we should really be able to hit the projects hard for Bandit gates
17:29:47 <tmcpeak> it doesn't matter how many issues you have, Bandit can make sure you don't introduce new ones
17:29:58 <elmiko> sahara has taken on a task for Mitaka to get our bandit gate voting
17:30:09 <elmiko> not sure we'll make it, but it's a goal
17:30:12 <tmcpeak> elmiko: awesome! so far that's an exclusive bknudson club
17:30:12 <michaelxin> elmiko: +1
17:30:26 <tmcpeak> allright: OSSN
17:30:27 <bknudson> I don't want to be the only member.
17:30:32 <tmcpeak> #topic OSSN
17:30:36 <tmcpeak> nkinder: wassssssup?
17:31:04 <nkinder> Pretty slow on the OSSN side of things, but there is one private/embargoed issue I'll be writing up today.
17:31:17 <tmcpeak> saw that you assigned that to yourself…looks fun :D
17:31:25 <nkinder> :)
17:31:25 <tmcpeak> what's the backlog like?
17:31:31 <nkinder> there are 5 others in the backlog
17:31:41 <bknudson> this one will be full of apologies
17:31:47 <tmcpeak> ;)
17:32:00 <tmcpeak> we're the OSSN.  We don't apologize
17:32:13 <tmcpeak> OSSG even ;)
17:32:20 <nkinder> I believe that only one of them is picked up already
17:32:30 <nkinder> so we have 4 up for grabs
17:32:31 <tmcpeak> https://bugs.launchpad.net/ossn
17:32:33 <tmcpeak> #link https://bugs.launchpad.net/ossn
17:32:40 <tmcpeak> 6 it looks like
17:32:42 <tmcpeak> 4 untriaged
17:32:49 <tmcpeak> oh yeah
17:32:53 <tmcpeak> 5.. one fix commited?
17:33:10 <nkinder> Yeah.  I should be able to get the one michaelxin worked on published today.  It has the needed acks it seems.
17:33:34 <ccneill> howdy. sorry I'm late!
17:33:42 <tmcpeak> hey ccneill, how it do?
17:33:57 <ccneill> doin' just fine B)
17:34:11 <michaelxin> ccneill: +1
17:34:13 <tmcpeak> sweet
17:34:18 <nkinder> tmcpeak: the fix commited one might just need to be closed (I'll follow up on it)
17:34:24 <michaelxin> nkinder: thanks
17:34:35 <tmcpeak> ok cool, nkinder want to have a triage party on these others?
17:34:44 <nkinder> yeah
17:34:50 <nkinder> we can do that on the main IRC channel
17:34:58 <tmcpeak> ok cool, reach out to me early your time
17:35:02 <tmcpeak> I'm in deep-dark Europe ATM
17:35:31 <tmcpeak> #topic Security-Docs
17:35:35 <tmcpeak> sicarie: whattttup?
17:35:55 <sicarie> Still not much in that front
17:36:06 <sicarie> I think the case studies were merged, there might be one outstanding
17:36:07 <elmiko> we've got some nice checklists shaping up =)
17:36:11 <sicarie> +1
17:36:17 <tmcpeak> oooh, I like checklists
17:36:20 <sicarie> pdesai has put together a good framework for the checklists
17:36:53 <sicarie> next step is still get leaf version pushed as soon as possible
17:36:58 <tmcpeak> a checklist checklist? :P
17:36:59 <sicarie> that's really it for the guide ATM
17:37:05 <tmcpeak> ok cool
17:37:19 <sicarie> well, how else will you know if you completed all the checklists?
17:37:36 <tmcpeak> I guess we'll need a checklists checklist checklist
17:37:44 <tmcpeak> #topic Specs
17:37:45 <sicarie> +1 i'll open a bug
17:37:49 <tmcpeak> https://review.openstack.org/#/q/security-specs,n,z
17:37:59 <tmcpeak> wut is this
17:38:12 <tmcpeak> I see a lot of dg_ on this
17:38:22 <tmcpeak> dg_ wut is this
17:38:33 <elmiko> nice to see some specs
17:38:44 <tmcpeak> dg, dg, anchor, dg, anchor...
17:38:48 <dg_> looks like the specs repo to me
17:38:52 <tmcpeak> yesss
17:39:01 <elmiko> it's only like 3 specs from dg_ ...
17:39:10 <tmcpeak> but they're 3 of the first 4, so
17:39:17 <tmcpeak> this feels like a dg project
17:39:17 <dg_> we use specs to define ideas for things we want to build
17:39:20 * elmiko thinks tmcpeak is hitting the sangria early tonight... ;P
17:39:27 <tmcpeak> :P
17:39:28 <tmcpeak> wonderufl
17:39:31 <tmcpeak> wonderful
17:39:38 <dg_> elmiko its 5 o clock somewhere
17:39:41 <tmcpeak> ok, I have nothing else witty to say about this
17:39:42 <elmiko> +1
17:39:46 <tmcpeak> it's 6:40 here
17:39:51 <tmcpeak> :#
17:39:57 <tmcpeak> so… next item?
17:40:04 <tmcpeak> or does anybody want to talk about specs?
17:40:16 <dg_> we should probably close those specs
17:40:24 <tmcpeak> #topic Syntribos
17:40:25 <elmiko> or get some more reviews on them?
17:40:38 <tmcpeak> michaelxin, ccneil: what's up with Syntribox?
17:40:44 <michaelxin> will work on it next week
17:40:44 <tmcpeak> geeze, can't type
17:40:46 <tmcpeak> 5:00 or not
17:40:50 <dg_> at least some of them, i think we are done bikshedding killick, and my anchor spec merged a month back
17:40:55 <michaelxin> no update this week.
17:41:01 <tmcpeak> ok fair enough
17:41:05 <tmcpeak> ok cool
17:41:07 <tmcpeak> my favorite topic
17:41:09 <tmcpeak> #topic PR
17:41:22 <tmcpeak> ok guys, we have some good material
17:41:38 <tmcpeak> between the slide deck, the graphics that michaelxin has spearheaded getting for us..
17:41:43 <tmcpeak> let's roll some recruiting :)
17:41:48 <tmcpeak> we have a few teams set up
17:41:52 <tmcpeak> first meeting is on the books in Seattle
17:42:03 <tmcpeak> tangible action items are god
17:42:04 <michaelxin> Are we ok with the logo?
17:42:05 <tmcpeak> wow
17:42:06 <tmcpeak> good
17:42:15 <tmcpeak> michaelxin: link again?
17:42:19 <michaelxin> I am thinking about printing some stikcers
17:42:26 <elmiko> michaelxin: i like the shield logo that was used on the flag for the flyer
17:42:55 <michaelxin> http://5a6aa6580e900b8e8020-e5e45c5cb10329ebc9fb69948bb1b1a5.r65.cf1.rackcdn.com/ossp-badge-logo-01.png
17:43:09 <elmiko> yea, that one. +1 for stickers
17:43:14 <michaelxin> http://5a6aa6580e900b8e8020-e5e45c5cb10329ebc9fb69948bb1b1a5.r65.cf1.rackcdn.com/ossp-flag-flyer_v3.pdf
17:43:19 <tmcpeak> michaelxin: I really like this
17:43:28 <michaelxin> elmiko: I thought you like the pirate one?
17:43:42 <tmcpeak> I remember a pirate one I also like
17:43:50 <tmcpeak> bknudson: how are you doing with setting something up
17:43:51 <elmiko> hehe, well yea... but for general use, you know, we need something more "official"
17:43:54 <tmcpeak> redrobot, michaelxin: same
17:43:59 <bknudson> tmcpeak: I haven't made any progress.
17:44:08 <tmcpeak> bknudson: ok anything I can help with?
17:44:19 <michaelxin> ok
17:44:19 <bknudson> tmcpeak: not that I can think of
17:44:24 <michaelxin> I will print some stickers
17:44:35 <tmcpeak> my boss, mr. chair6 is deeply busy ATM, so we're probably relying mostly on sicarie for Seattle
17:44:53 <tmcpeak> bknudson: ok, can you sign up for a few presos this week you think?
17:44:57 <tmcpeak> I'll sign up for some in the bay
17:45:04 <wayward710> Out of curiousity, is the logo still readable at small scale, and does that matter?
17:45:21 <tmcpeak> wayward710: how small?
17:45:27 <bknudson> tmcpeak: presos?
17:45:29 <tmcpeak> it's a PNG so should scale
17:45:38 <elmiko> wayward710: good question
17:45:51 <tmcpeak> bknudson: yeah, basically we want to present what the security group is to OpenStack folks, security folks, and college students in your area
17:45:59 <sicarie> tmcpeak: I went through the deck yesterday
17:45:59 <elmiko> i'm guessing that png was generated from an svg though, it kinda looks like it
17:46:08 <tmcpeak> Minnesnowda or bust
17:46:11 <sicarie> I can speak well to anything on there except Syntribos - I need to spend some time in that
17:46:25 <sicarie> did we want to add ansible to the deck as well? Or the presenter notes?
17:46:34 <elmiko> not a bad idea
17:46:53 <elmiko> how does ansible fit into the greater security project though?
17:46:55 <tmcpeak> I'd love to, I think Ansible is one of the cooler projects… I'll try to find mhayden and see if he's interested in adding something
17:46:59 <tmcpeak> sicarie: good idea
17:47:01 <wayward710> I understand that vector graphics do well with scaling -- I just meant if you needed a smallish version of the logo -- say something that would fit in a 200x200 box, would you be able to read the lettering?
17:47:07 <elmiko> aside from securing it, we haven't talked much about our approach to using ansible
17:47:09 <sicarie> elmiko: mostly the ansible-security effort
17:47:34 <elmiko> wayward710: yea, i'm guessing it would not be very readable at those resolutions
17:47:35 <bknudson> tmcpeak: I'll have to see what kind of meetups are going on. I don't know if I'm going to have time for this.
17:47:41 <redrobot> I passed out flyers at a security meetup in SA last night
17:47:47 <bknudson> this week anyways
17:47:55 <redrobot> not sure if anyone came out though
17:48:07 <elmiko> wayward710: honestly though, for a micro version of the logo we could probably drop the lettering and just go with the shield, leaves, and openstack logo
17:48:10 <elmiko> michaelxin: ^^
17:48:15 <tmcpeak> bknudson: ok fair enough
17:48:29 <tmcpeak> if we an do Seattle, the Bay, Texas, and UK I'm happy
17:48:33 <tmcpeak> dg_; you still around?
17:48:51 <elmiko> sicarie, tmcpeak, re: ansible, i think we should have a stronger user story about ansible usage before we start including it
17:49:12 <tmcpeak> elmiko: have you seen the Ubuntu secure deployment stuff?
17:49:37 <elmiko> tmcpeak: yea, i've seen some cool stuff about using ansible, i just havent' heard any of it coming from ossp
17:49:52 <tmcpeak> mhayden has mostly done it on his own
17:49:59 <elmiko> i think we should increase our messaging, if that means including it in the presos. cool, but we should have more to our message.
17:50:03 <tmcpeak> if he's willing though we can mention it in our security presentation
17:50:08 <tmcpeak> elmiko: solid point
17:50:22 <tmcpeak> let me synch with him and see how interested he is in making it a security project
17:50:50 <tmcpeak> ok cool
17:50:53 <tmcpeak> #topic AOB
17:50:53 <elmiko> if we go down this path, we should help to generate information about how folks can get involved with deploying openstack through ansible
17:51:04 <elmiko> there was a really nice talk at summit about it too
17:51:11 <tmcpeak> the openstack stuff?
17:51:13 <tmcpeak> err
17:51:16 <tmcpeak> ansible stuff?
17:51:19 <elmiko> yea, using ansible to deploy
17:51:33 <tmcpeak> that project is doing some awesome stuff
17:51:55 <tmcpeak> after the Bandit baseline is merged I'm going to set up a vagrant deploy for it
17:52:10 <elmiko> check this one out, #link https://www.openstack.org/summit/tokyo-2015/videos/presentation/life-without-devstack-upstream-development-with-osad
17:52:22 <tmcpeak> we've been interested in some STIG-y stuff, I'm sure some of your orgs are as well
17:52:43 <tmcpeak> the ansible stuff is a good solution for that
17:53:07 <elmiko> yea, seems really nice
17:53:34 <tmcpeak> ok cool, so I think that's a wrap for this week?
17:53:50 <elmiko> nothing else from me
17:53:52 <tmcpeak> next week I'll hopefully have confirmed dates for bay area meetups
17:54:00 <tmcpeak> #endmeeting