#ansible-lockdown: general project

Meeting summary

1. 1. https://github.com/ansible/community/issues/388#issuecomment-435033692 (defionscode, 16:03:28)
   2. AGREED: use benchparse to init new role (defionscode, 16:07:19)
   3. https://github.com/kubernetes/community/blob/master/github-management/kubernetes-repositories.md#sig-repositories (defionscode, 16:08:54)
   4. IDEA: model after k8s subprojects (defionscode, 16:09:09)
   5. AGREED: create ansible-lockdown org to house incubating roles (defionscode, 16:24:47)
   6. ACTION: defionscode to make org and role scaffolding for stigs (defionscode, 16:27:47)
   7. AGREED: create ansible-lockdown-incubator org for things not-yet-endorsed by lockdown maintainers as 'ready' (defionscode, 16:31:49)
   8. https://git.wiki.kernel.org/index.php/GitSubmoduleTutorial (shepdelacreme, 16:42:20)
   9. AGREED: create a submodule at /library to house patched modules in order to support older ansible releases (defionscode, 16:43:43)
   
   
2. merger with ansible hardening (defionscode, 16:44:44)
   1. https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html (cyberpear, 16:48:12)
   2. ACTION: odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra (defionscode, 16:48:20)
   3. https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html (odyssey4me, 16:49:02)
   4. ACTION: odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do. (odyssey4me, 16:54:48)
   5. ACTION: defionscode to add odyssey4me and cloudnull to active members list on the community page (defionscode, 16:59:25)
   
   
3. how to best address manual and not remediated tasks (defionscode, 17:04:12)
   1. IDEA: generate xccdf xml report that can be ingested into DISA's STIG viewer (defionscode, 17:10:30)
   2. AGREED: callback plugin to output manual/nonremediated benchmark rules (defionscode, 17:15:33)
   3. ACTION: defionscode to make mvp of callback plugin for manual/nonremediated rules (defionscode, 17:16:00)
   
   
4. Style Guidelines (defionscode, 17:16:54)
   1. AGREED: no line limit lenght, but allow for changes/commits that do line breaks/continuation (defionscode, 17:20:05)
   2. AGREED: removing severity, audit, and patch tags severity tags go to the include level in main.yml and audit/patch tags go away completely (defionscode, 17:22:09)
   3. AGREED: rename fix-cat* to cat*.yml (defionscode, 17:25:00)
   4. AGREED: blocks should be named, and should follow convention unless it's complex and further details are warranted (defionscode, 17:28:59)
   5. AGREED: standardize on yes/no for BOOL (defionscode, 17:36:53)
   6. AGREED: move away from "myvar|failed" to "myvar is failed" (defionscode, 17:39:42)
   7. AGREED: once accepted into the upstream, use the scap_facts module to trigger failures in CI for roles (defionscode, 17:48:31)

Action items

1. defionscode to make org and role scaffolding for stigs
2. odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra
3. odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do.
4. defionscode to add odyssey4me and cloudnull to active members list on the community page
5. defionscode to make mvp of callback plugin for manual/nonremediated rules

Action items, by person

1. defionscode
   1. defionscode to make org and role scaffolding for stigs
   2. defionscode to add odyssey4me and cloudnull to active members list on the community page
   3. defionscode to make mvp of callback plugin for manual/nonremediated rules
2. odyssey4me
   1. odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra
   2. odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do.
   3. defionscode to add odyssey4me and cloudnull to active members list on the community page

People present (lines said)

1. defionscode (198)
2. cyberpear (72)
3. shepdelacreme (63)
4. odyssey4me (20)
5. cyberpear_ (5)
6. zodbot (5)
7. mnaser (3)
8. alikins_ (1)