#tripleo log

12:00:43 <jaosorior> #startmeeting TripleO Security Squad
12:00:44 <openstack> Meeting started Wed Apr 25 12:00:43 2018 UTC and is due to finish in 60 minutes.  The chair is jaosorior. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:00:45 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:00:47 <openstack> The meeting name has been set to 'tripleo_security_squad'
12:00:58 <lhinds> hey jaosorior , et al
12:01:03 <moguimar> https://etherpad.openstack.org/p/tripleo-security-squad
12:01:04 * beagles had a short doubletake that it looks like bogdando and dtantsur were discussing octavia ;)
12:01:11 <moguimar> #link https://etherpad.openstack.org/p/tripleo-security-squad
12:01:22 <jaosorior> hello folks! how's it going?
12:01:25 <jaosorior> lhinds: hey dude!
12:01:34 <jaosorior> lets wait some minutes for more folks to join in before starting
12:01:39 <lhinds> hey jaosorior
12:03:28 <jaosorior> raildo, alee__: around?
12:03:58 <jaosorior> alright, I guess we can start
12:04:03 <jaosorior> #topic Secret Management work update
12:04:25 <jaosorior> So, most of the patches for the first task in this proposal have merged
12:04:49 <jaosorior> which is mostly enabling Barbican for the containerized undercloud, which will enable us to do encrypted objects in Swift (where we store the overcloud plan)
12:05:04 <jaosorior> only two are missing, which is tripleo-quickstart integration, so we can test it in upstream CI
12:05:13 <bogdando> dtantsur: PTAL https://review.openstack.org/#/c/564162 ;)
12:05:22 <jaosorior> so.... these two https://review.openstack.org/#/q/topic:secret-management+status:open
12:05:32 <jaosorior> hopefully we can merge them soon
12:05:56 <dtantsur> bogdando: https://etherpad.openstack.org/p/tripleo-inspector-containers am I missing something?
12:05:57 <jaosorior> after that we need to figure out the next steps to secure the rest of the secrets in the deployment
12:06:08 <jaosorior> And that's all for that topic
12:06:13 <jaosorior> any feedback/questions?
12:06:15 <openstackgerrit> Chandan Kumar proposed openstack/tripleo-quickstart-extras master: Get the list of tempest/-plugins rpms installed within a tempest container  https://review.openstack.org/564156
12:06:36 <bogdando> dtantsur: I'll take a look, thanks! Let's also write up a summary to the started openstack-dev topic
12:07:05 <jaosorior> #topic Public TLS by default work update
12:07:37 <jaosorior> most of the base work is done
12:07:40 <jaosorior> and the patches are up there
12:07:42 <jaosorior> #link https://review.openstack.org/#/q/topic:public-tls-default+status:open
12:07:53 <jaosorior> however, what's currently blocking that work is that we need to make sure that the upgrade path works
12:07:59 <owalsh> lhinds, jaosorior: hey... I'm kinda here but not 100% :-)
12:08:10 <jaosorior> owalsh: glad you made it though :)
12:08:35 <jaosorior> today or tomorrow I'll start poking jistr|mtgs for some help on the ugrades path
12:08:53 <jaosorior> basically we need to make sure that folks that already have a deployment without TLS, keep their configuration working
12:08:58 <jaosorior> so, not force people to enable the new defaults
12:09:17 <jaosorior> shouldn't be too hard, just gotta start doing that work and figure out where to put the changes.
12:09:32 <jaosorior> so yeah, gotta have some updates on that before we can merge the rest of the patches
12:09:42 <jaosorior> Any questions/feedback on that work?
12:11:33 <jaosorior> #topic jaosorior won't be around on the next meeting
12:11:47 <jaosorior> So, probably I won't be able to run the next meeting next week due to travel
12:12:02 <lhinds> want me to cover jaosorior ?
12:12:06 <jaosorior> not sure if folks still want to have the next meeting (somebody else could run it) or if we cancel it
12:12:22 <lhinds> or we could defer
12:12:24 <jaosorior> lhinds: if you want! that would be great
12:12:32 <lhinds> as you're currently quite central to a lot of the topics.
12:12:53 <jaosorior> I probably won't get to do a lot of work for the next week, but if you have an update on your topics, that would be useful to record
12:13:01 <lhinds> in fact second thoughts, lets leave it for a week, but I will make sure I turn up here in case anyone else does not get the msg
12:13:20 <jaosorior> Alright, that's probably a good idea
12:13:31 <jaosorior> So, I'll write up in the etherpad that we won't have a meeting next week
12:13:38 <lhinds> I am migrating Bandit over to PyQA so won't have much to update over the next week.
12:13:50 <jaosorior> nice work on that side
12:14:57 <jaosorior> #topic Any other business
12:15:17 <jaosorior> Anything that folks want to bring up to the meeting?
12:15:43 <lhinds> not from me.
12:16:59 <jaosorior> Alright, that's it from my side
12:17:03 <jaosorior> Thanks for joining folks!
12:17:06 <jaosorior> #endmeeting