20:00:55 <jborean93> #startmeeting Ansible Windows Working Group 20:00:55 <zodbot> Meeting started Tue Jul 23 20:00:55 2019 UTC. 20:00:55 <zodbot> This meeting is logged and archived in a public location. 20:00:55 <zodbot> The chair is jborean93. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:00:55 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:00:55 <zodbot> The meeting name has been set to 'ansible_windows_working_group' 20:00:57 <jborean93> ahoy all 20:01:01 <Shachaf92> hi 20:01:03 <jhawkesworth> heya 20:02:21 <jborean93> #chair Shachaf92 jhawkesworth 20:02:21 <zodbot> Current chairs: Shachaf92 jborean93 jhawkesworth 20:02:35 <jborean93> nitzmahone may be late so we'll get started without him 20:02:59 <jhawkesworth> ok - where are we starting on the agenda? 20:03:14 * jborean93 opens it up 20:03:36 <jhawkesworth> https://github.com/ansible/community/issues/420 20:03:44 <Shachaf92> well, i think that other then the fips choco one there is nothing 20:03:56 <jborean93> #topic https://github.com/ansible/community/issues/420#issuecomment-514358489 Chocolatey FIPS 20:04:08 <jborean93> yep that's the only 1 I see 20:04:15 <jborean93> I just commented in there about my thoughts 20:04:30 <jborean93> but ultimately we should probably check if we need to enable that feature on the first install 20:04:47 <jborean93> or set that flag if needed 20:04:54 <jborean93> but I don't know of a good way to really do that 20:05:36 <jhawkesworth> seems to be a hacky way to check if servers is in FIPS mode here: https://serverfault.com/questions/914504/test-fips-enabled 20:05:39 <Shachaf92> well i checked and we can simply check the reg that is the policy for it 20:06:08 <Shachaf92> in the official KB they list the key 20:06:24 <Shachaf92> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy 20:07:24 <jhawkesworth> wondering how far ansible should be supporting this. 20:07:31 <jborean93> yea, I don't think we should be blanket setting that arg 20:07:40 <jhawkesworth> last time I looked even MS didn't recommend using FIPS mode. 20:07:43 <jborean93> maybe just for the install scenario but even then it's somewhat questionable 20:08:31 <jborean93> yea FIPS is a fun one, regulation requires it but even then it's questionable the benefits it brings 20:08:33 <jhawkesworth> I'm thinking a 'Ansible and FIPS 140 environments' page in the docs would be more useful than information scattered across module documentation 20:09:09 <jhawkesworth> ps I am not volunteering to write such a page though 20:09:13 <jborean93> same 20:09:19 <Shachaf92> same 20:09:44 <jborean93> honestly for now the easiest win is to document how to install it manually with `win_shell` then show how to enable that feature with win_chocolatey_feature` 20:10:08 <jhawkesworth> agreed 20:10:15 <Shachaf92> +1 20:11:39 <jhawkesworth> I guess changing checksum algorithm would mean repackaging all the choco packages 20:12:31 * jborean93 hopes they don't use md5 anyway 20:13:16 <jborean93> #topic open floor 20:13:26 <jborean93> cool anything else we would like to talk about? 20:14:09 <jhawkesworth> not from me 20:14:53 <Shachaf92> nope 20:15:30 <jhawkesworth> guess we should let jborean93 get back to work then 20:15:58 <jborean93> heh, trying to prove a point on a win_chocolatey issue right now :( 20:16:06 <jborean93> cool short and sweet meeting 20:16:11 <jborean93> have a good day everyone 20:16:14 <jborean93> #endmeeting