12:07:06 <lhinds> #startmeeting security squad
12:07:07 <openstack> Meeting started Wed Jul 18 12:07:06 2018 UTC and is due to finish in 60 minutes.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:07:08 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:07:10 <openstack> The meeting name has been set to 'security_squad'
12:07:10 <lhinds> #chair redrobot
12:07:11 <openstack> Current chairs: lhinds redrobot
12:07:17 <lhinds> :)
12:07:32 <redrobot> ok, good mornin' everyone!
12:07:39 <moguimar> o/
12:08:01 <openstackgerrit> Cédric Jeanneret proposed openstack/tripleo-specs master: Validation Framework specifications.  https://review.openstack.org/583475
12:08:14 <moguimar> this is probably going to be a small one redrobot
12:08:16 <redrobot> #topic Roll Call
12:08:20 <redrobot> o/
12:09:02 <redrobot> Here is the agenda:
12:09:04 <redrobot> #link https://etherpad.openstack.org/p/tripleo-security-squad
12:09:43 <openstackgerrit> Quique Llorente proposed openstack/tripleo-quickstart master: [DNM] Use --with-ara for featureset010  https://review.openstack.org/583557
12:10:05 <redrobot> just looking over the agenda right now
12:10:10 <redrobot> do we usually go over every topic?
12:10:15 <ooolpbot> URGENT TRIPLEO TASKS NEED ATTENTION
12:10:17 <ooolpbot> https://bugs.launchpad.net/tripleo/+bug/1773325
12:10:17 <ooolpbot> https://bugs.launchpad.net/tripleo/+bug/1782165
12:10:17 <openstack> Launchpad bug 1773325 in tripleo "tempest.api.object_storage.test_object_services is failing on scenario002" [Critical,Triaged] - Assigned to Arx Cruz (arxcruz)
12:10:18 <openstack> Launchpad bug 1782165 in tripleo "ntp servers blocked. Can't deploy undercloud with oooq due to wrong NTP configuration" [Critical,Incomplete] - Assigned to wes hayutin (weshayutin)
12:10:33 <openstackgerrit> Quique Llorente proposed openstack/tripleo-heat-templates master: [DNM] To test --with-ara  https://review.openstack.org/583537
12:10:38 <moguimar> we usualy put things we'd like to discuss in the agenda
12:10:43 <openstackgerrit> Jiri Tomasek proposed openstack/tripleo-common master: Update failures listing to use latest ansible-errors.json location  https://review.openstack.org/583293
12:10:50 <moguimar> let me make the one for today
12:10:57 <redrobot> moguimar, awesome!
12:11:11 <moguimar> done
12:11:34 <redrobot> thanks moguimar
12:11:46 <redrobot> #topic Secret Management Update
12:11:53 <moguimar> nice
12:11:59 <moguimar> on secret management
12:12:07 <redrobot> #link https://etherpad.openstack.org/p/Secret-Management-for-TripleO
12:12:07 <moguimar> our work on oslo.config landed this week
12:12:20 <redrobot> awesome news
12:12:33 <moguimar> we're moving on to the next phase, castellan integration
12:12:52 <moguimar> redrobot did some work on a HashiCorp Vault instance for testing
12:13:26 <moguimar> now we'll point castellan to it and try to fetch secrets through castellan using oslo.config
12:13:58 <moguimar> a new driver for oslo.config is going to be the delivery for this phase
12:14:04 <moguimar> a castellan driver
12:14:40 <moguimar> then we'll be able to move to the next phase, finaly bringing it to tripleO
12:15:02 <moguimar> questions?
12:16:02 <redrobot> No questions from me, just a comment that there's a few things we'll need to think about when we get to adding Vault to TripleO
12:16:25 <redrobot> like making Vault policies that are in-line with the rest of TripleO policy
12:17:05 <redrobot> also, I'm not sure how we'll be getting secrets into vault... IIRC Castellan does not have a CLI?
12:17:28 <redrobot> so we may need to add one to Castellan to be able to automate storing secrets
12:17:56 <redrobot> or maybe just integrate TripleO with Castellan to store things via the API
12:18:20 <redrobot> that's all I can think of without my morning coffee
12:18:47 <moguimar> me too
12:19:03 <redrobot> 😴
12:19:09 <redrobot> ok, moving on
12:19:11 <openstackgerrit> Marios Andreou proposed openstack/tripleo-quickstart-extras master: WIP - Adds new bootstrap-subnodes role instead of tripleo.sh  https://review.openstack.org/581026
12:19:40 <redrobot> #topic Any other business?
12:20:04 <moguimar> Next week I'll be at EuroPython in Edinburgh
12:20:18 <moguimar> presenting the oslo.config drivers
12:20:28 <moguimar> getting feedback
12:20:48 <moguimar> and today I'm starting on the castellan work as well
12:21:17 <openstackgerrit> Emilien Macchi proposed openstack/tripleo-heat-templates master: Check container health as part of the deploy  https://review.openstack.org/569153
12:21:21 <openstackgerrit> Emilien Macchi proposed openstack/tripleo-heat-templates master: Test scenarios with https://review.openstack.org/#/c/569153/  https://review.openstack.org/581530
12:21:27 <openstackgerrit> Emilien Macchi proposed openstack/tripleo-heat-templates master: Limit deploy health checks to paunch managed ones  https://review.openstack.org/581529
12:22:49 <redrobot> moguimar, that's exciting.  Can't wait to hear the feedback.
12:23:39 <redrobot> anyone else have any topics?  I see a bunch of stuff in the TripleO etherpad that we haven't talked about.
12:24:19 <moguimar> redrobot: we only have d0ugal raildo and lhinds
12:24:29 <moguimar> and they are also in other meetings
12:24:33 <lhinds> yes, i have a quick one
12:24:47 <redrobot> lhinds, go ahead
12:25:07 <lhinds> i could really use some reviews on:
12:25:10 <lhinds> https://review.openstack.org/#/c/572760/
12:25:34 <lhinds> especially any folks who know CI
12:25:36 <lhinds> that's it
12:25:55 <redrobot> #help We need more reviews on https://review.openstack.org/#/c/572760/ for lhinds
12:26:15 <redrobot> thanks lhinds
12:26:30 <redrobot> well it definitely was a short one this time around.
12:26:35 <redrobot> :)
12:26:53 <redrobot> Thanks everyone for joining!
12:26:59 <moguimar> o/
12:27:18 <redrobot> moguimar, \o
12:27:19 <d0ugal> moguimar: I'll be at EuroPython too!
12:28:02 <redrobot> #endmeeting