#ansible-lockdown: Ansible Lockdown Working Group Meeting

Meeting started by defionscode at 17:02:30 UTC (full logs).

Meeting summary

  1. Galaxy (defionscode, 17:03:32)
    1. AGREED: no automated tagging in CI on PR merge (defionscode, 17:11:34)
    2. IDEA: investigate looking into triggering CI via git tag push (defionscode, 17:12:31)
    3. https://github.com/ansible-network/zuul-config/blob/master/zuul.d/jobs.yaml#L80-L89 (gundalow, 17:13:34)
    4. https://github.com/ansible-network/zuul-config/blob/master/playbooks/publish/galaxy.yaml (gundalow, 17:13:56)
    5. github.com/ansible-network/* are Galaxy repos. AFAIK Zuul is configured to push a release to Galaxy on `git tag`, see https://github.com/ansible-network/zuul-config/blob/master/zuul.d/jobs.yaml#L80-L89 and https://github.com/ansible-network/zuul-config/blob/master/playbooks/publish/galaxy.yaml as in #ansible-network for more info (gundalow, 17:14:58)
    6. ACTION: check with galaxy team about leveraging the future built-in pulp mechanism (defionscode, 17:20:00)

  2. development experience (defionscode, 17:20:56)
    1. ACTION: defionscode to create hacking dir with single-rule dynamic test setup (defionscode, 17:24:59)
    2. IDEA: use molecule converge for single-rule iteration (defionscode, 17:31:45)
    3. IDEA: create bash wrapper for converge iteration (defionscode, 17:32:11)
    4. AGREED: re-integrate oscap results into CI pass/fail criteria (defionscode, 17:35:23)
    5. IDEA: track pass/fail status of each rule (defionscode, 17:35:36)
    6. IDEA: store per-rule results in S3 or something similar (defionscode, 17:37:42)
    7. ACTION: cyberpear to create patch file to make disa xccdf use-able in centos (defionscode, 17:48:08)
    8. ACTION: defionscode to ping clarkb on #openstack-infra/mailing-list (defionscode, 17:51:06)

  3. domains from AH (defionscode, 17:53:08)
    1. AGREED: on not having domains (defionscode, 17:56:09)

  4. contrib stuff from AH (defionscode, 17:56:30)
    1. ACTION: hit up openstack-dev about hardening split for ubuntu (defionscode, 18:01:39)

  5. identifier for docs (defionscode, 18:02:01)
    1. AGREED: keep stig ID as primary but include vuln ID in front matter (defionscode, 18:04:43)

  6. open topics (defionscode, 18:04:53)


Meeting ended at 18:17:23 UTC (full logs).

Action items

  1. check with galaxy team about leveraging the future built-in pulp mechanism
  2. defionscode to create hacking dir with single-rule dynamic test setup
  3. cyberpear to create patch file to make disa xccdf use-able in centos
  4. defionscode to ping clarkb on #openstack-infra/mailing-list
  5. hit up openstack-dev about hardening split for ubuntu


Action items, by person

  1. cyberpear
    1. cyberpear to create patch file to make disa xccdf use-able in centos
  2. defionscode
    1. defionscode to create hacking dir with single-rule dynamic test setup
    2. defionscode to ping clarkb on #openstack-infra/mailing-list
  3. UNASSIGNED
    1. check with galaxy team about leveraging the future built-in pulp mechanism
    2. hit up openstack-dev about hardening split for ubuntu


People present (lines said)

  1. defionscode (145)
  2. shepdelacreme (52)
  3. bcoca (23)
  4. cyberpear (23)
  5. mnaser (14)
  6. cyberpear_ (9)
  7. gundalow (6)
  8. zodbot (5)
  9. treyp_ (1)


Generated by MeetBot 0.1.4.