12:07:06 #startmeeting security squad 12:07:07 Meeting started Wed Jul 18 12:07:06 2018 UTC and is due to finish in 60 minutes. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:07:08 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:07:10 The meeting name has been set to 'security_squad' 12:07:10 #chair redrobot 12:07:11 Current chairs: lhinds redrobot 12:07:17 :) 12:07:32 ok, good mornin' everyone! 12:07:39 o/ 12:08:01 Cédric Jeanneret proposed openstack/tripleo-specs master: Validation Framework specifications. https://review.openstack.org/583475 12:08:14 this is probably going to be a small one redrobot 12:08:16 #topic Roll Call 12:08:20 o/ 12:09:02 Here is the agenda: 12:09:04 #link https://etherpad.openstack.org/p/tripleo-security-squad 12:09:43 Quique Llorente proposed openstack/tripleo-quickstart master: [DNM] Use --with-ara for featureset010 https://review.openstack.org/583557 12:10:05 just looking over the agenda right now 12:10:10 do we usually go over every topic? 12:10:15 URGENT TRIPLEO TASKS NEED ATTENTION 12:10:17 https://bugs.launchpad.net/tripleo/+bug/1773325 12:10:17 https://bugs.launchpad.net/tripleo/+bug/1782165 12:10:17 Launchpad bug 1773325 in tripleo "tempest.api.object_storage.test_object_services is failing on scenario002" [Critical,Triaged] - Assigned to Arx Cruz (arxcruz) 12:10:18 Launchpad bug 1782165 in tripleo "ntp servers blocked. Can't deploy undercloud with oooq due to wrong NTP configuration" [Critical,Incomplete] - Assigned to wes hayutin (weshayutin) 12:10:33 Quique Llorente proposed openstack/tripleo-heat-templates master: [DNM] To test --with-ara https://review.openstack.org/583537 12:10:38 we usualy put things we'd like to discuss in the agenda 12:10:43 Jiri Tomasek proposed openstack/tripleo-common master: Update failures listing to use latest ansible-errors.json location https://review.openstack.org/583293 12:10:50 let me make the one for today 12:10:57 moguimar, awesome! 12:11:11 done 12:11:34 thanks moguimar 12:11:46 #topic Secret Management Update 12:11:53 nice 12:11:59 on secret management 12:12:07 #link https://etherpad.openstack.org/p/Secret-Management-for-TripleO 12:12:07 our work on oslo.config landed this week 12:12:20 awesome news 12:12:33 we're moving on to the next phase, castellan integration 12:12:52 redrobot did some work on a HashiCorp Vault instance for testing 12:13:26 now we'll point castellan to it and try to fetch secrets through castellan using oslo.config 12:13:58 a new driver for oslo.config is going to be the delivery for this phase 12:14:04 a castellan driver 12:14:40 then we'll be able to move to the next phase, finaly bringing it to tripleO 12:15:02 questions? 12:16:02 No questions from me, just a comment that there's a few things we'll need to think about when we get to adding Vault to TripleO 12:16:25 like making Vault policies that are in-line with the rest of TripleO policy 12:17:05 also, I'm not sure how we'll be getting secrets into vault... IIRC Castellan does not have a CLI? 12:17:28 so we may need to add one to Castellan to be able to automate storing secrets 12:17:56 or maybe just integrate TripleO with Castellan to store things via the API 12:18:20 that's all I can think of without my morning coffee 12:18:47 me too 12:19:03 😴 12:19:09 ok, moving on 12:19:11 Marios Andreou proposed openstack/tripleo-quickstart-extras master: WIP - Adds new bootstrap-subnodes role instead of tripleo.sh https://review.openstack.org/581026 12:19:40 #topic Any other business? 12:20:04 Next week I'll be at EuroPython in Edinburgh 12:20:18 presenting the oslo.config drivers 12:20:28 getting feedback 12:20:48 and today I'm starting on the castellan work as well 12:21:17 Emilien Macchi proposed openstack/tripleo-heat-templates master: Check container health as part of the deploy https://review.openstack.org/569153 12:21:21 Emilien Macchi proposed openstack/tripleo-heat-templates master: Test scenarios with https://review.openstack.org/#/c/569153/ https://review.openstack.org/581530 12:21:27 Emilien Macchi proposed openstack/tripleo-heat-templates master: Limit deploy health checks to paunch managed ones https://review.openstack.org/581529 12:22:49 moguimar, that's exciting. Can't wait to hear the feedback. 12:23:39 anyone else have any topics? I see a bunch of stuff in the TripleO etherpad that we haven't talked about. 12:24:19 redrobot: we only have d0ugal raildo and lhinds 12:24:29 and they are also in other meetings 12:24:33 yes, i have a quick one 12:24:47 lhinds, go ahead 12:25:07 i could really use some reviews on: 12:25:10 https://review.openstack.org/#/c/572760/ 12:25:34 especially any folks who know CI 12:25:36 that's it 12:25:55 #help We need more reviews on https://review.openstack.org/#/c/572760/ for lhinds 12:26:15 thanks lhinds 12:26:30 well it definitely was a short one this time around. 12:26:35 :) 12:26:53 Thanks everyone for joining! 12:26:59 o/ 12:27:18 moguimar, \o 12:27:19 moguimar: I'll be at EuroPython too! 12:28:02 #endmeeting