12:08:55 <jaosorior> #startmeeting TripleO Security Squad
12:08:56 <openstack> Meeting started Wed Aug  1 12:08:55 2018 UTC and is due to finish in 60 minutes.  The chair is jaosorior. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:08:57 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:09:00 <openstack> The meeting name has been set to 'tripleo_security_squad'
12:09:05 <jaosorior> Hey! redrobot, moguimar! sorry for being late
12:09:23 <jaosorior> any idea if raildo is around?
12:09:52 <moguimar> security squad meeting: ping all (lhinds jaosorio shardy owalsh moguimar hrybacki raildo alee d0ugal redrobot)
12:10:01 <redrobot> o/
12:10:05 <moguimar> o/
12:10:14 <ooolpbot> URGENT TRIPLEO TASKS NEED ATTENTION
12:10:16 <ooolpbot> https://bugs.launchpad.net/tripleo/+bug/1784017
12:10:16 <ooolpbot> https://bugs.launchpad.net/tripleo/+bug/1784822
12:10:16 <openstack> Launchpad bug 1784017 in tripleo "Build of instance was re-scheduled: invalid argument: could not find capabilities for domaintype=kvm" [Critical,In progress] - Assigned to Rafael Folco (rafaelfolco)
12:10:17 <openstack> Launchpad bug 1784822 in tripleo "legacy-tripleo-ci-centos-7-ovb-3ctlr_1comp-featureset035-master fails contact ipmi" [Critical,Triaged]
12:10:35 <owalsh> o/
12:11:49 <jaosorior> So\
12:12:06 <jaosorior> I don't have a lot to update about, since I'm still catching up from my PTO :D
12:12:15 <jaosorior> redrobot, moguimar, any updates on the secret management work?
12:12:59 <moguimar> last couple of weeks I was busy with the europython presentation
12:13:17 <moguimar> many people interested in the oslo.config drivers =D
12:13:50 <jaosorior> #topic Secret Management work update
12:13:53 <redrobot> no progress from my end either... still thinking about a Vault policy that would work nicely with Castellan
12:14:34 <jaosorior> castellan still uses the same token for all projects, right?
12:15:01 <redrobot> yes, currently it requires a root token, which should not be used for anything other than initial Vault config.
12:15:15 <jaosorior> right
12:15:23 <jaosorior> gotta fix that asap
12:15:50 <redrobot> I'd like to at least make it so that each project using Castellan has its own token that does not let it access another project's stuff.
12:16:19 <moguimar> redrobot +1
12:16:24 <jaosorior> redrobot: it gets tricky, as that would require castellan to keep track of what token belongs to what project... which is basically a database...
12:16:42 <redrobot> jaosorior, sorry, I don't mean project as in keystone-project
12:16:53 <redrobot> I mean project as in Nova, Cinder, etc
12:16:58 <jaosorior> ah
12:17:01 <jaosorior> well
12:17:02 <jaosorior> user/service
12:17:09 <redrobot> yes, that :D
12:19:09 <jaosorior> redrobot: alright, but it seems that you're on top of that work, right?
12:22:53 <moguimar> yep, I still need to catch up with redrobot on his progress
12:23:03 <jaosorior> alright
12:23:03 <redrobot> jaosorior, yup
12:23:12 <jaosorior> moguimar, redrobot anything else you wanna bring up on this topic?
12:23:12 <redrobot> moguimar, ditto :D
12:24:07 <openstackgerrit> Quique Llorente proposed openstack-infra/tripleo-ci master: Replace TAGS with ansible var  https://review.openstack.org/584508
12:26:04 <redrobot> not on this end
12:26:14 <moguimar> nope
12:26:23 <jaosorior> #topic Any other business
12:26:29 <jaosorior> Anything else folks wanna bring up to the meeting?
12:28:53 <jaosorior> Alright, well, thanks for joining
12:28:55 <jaosorior> #endmeeting