========================================================= #ansible-lockdown: Ansible Lockdown Working Group Meeting ========================================================= Meeting started by defionscode at 17:02:30 UTC. The full logs are available at https://meetbot.fedoraproject.org/ansible-lockdown/2018-11-15/ansible_lockdown_working_group_meeting.2018-11-15-17.02.log.html . Meeting summary --------------- * Galaxy (defionscode, 17:03:32) * AGREED: no automated tagging in CI on PR merge (defionscode, 17:11:34) * IDEA: investigate looking into triggering CI via git tag push (defionscode, 17:12:31) * LINK: https://github.com/ansible-network/zuul-config/blob/master/zuul.d/jobs.yaml#L80-L89 (gundalow, 17:13:34) * LINK: https://github.com/ansible-network/zuul-config/blob/master/playbooks/publish/galaxy.yaml (gundalow, 17:13:56) * github.com/ansible-network/* are Galaxy repos. AFAIK Zuul is configured to push a release to Galaxy on `git tag`, see https://github.com/ansible-network/zuul-config/blob/master/zuul.d/jobs.yaml#L80-L89 and https://github.com/ansible-network/zuul-config/blob/master/playbooks/publish/galaxy.yaml as in #ansible-network for more info (gundalow, 17:14:58) * ACTION: check with galaxy team about leveraging the future built-in pulp mechanism (defionscode, 17:20:00) * development experience (defionscode, 17:20:56) * ACTION: defionscode to create hacking dir with single-rule dynamic test setup (defionscode, 17:24:59) * IDEA: use molecule converge for single-rule iteration (defionscode, 17:31:45) * IDEA: create bash wrapper for converge iteration (defionscode, 17:32:11) * AGREED: re-integrate oscap results into CI pass/fail criteria (defionscode, 17:35:23) * IDEA: track pass/fail status of each rule (defionscode, 17:35:36) * IDEA: store per-rule results in S3 or something similar (defionscode, 17:37:42) * ACTION: cyberpear to create patch file to make disa xccdf use-able in centos (defionscode, 17:48:08) * ACTION: defionscode to ping clarkb on #openstack-infra/mailing-list (defionscode, 17:51:06) * domains from AH (defionscode, 17:53:08) * AGREED: on not having domains (defionscode, 17:56:09) * contrib stuff from AH (defionscode, 17:56:30) * ACTION: hit up openstack-dev about hardening split for ubuntu (defionscode, 18:01:39) * identifier for docs (defionscode, 18:02:01) * AGREED: keep stig ID as primary but include vuln ID in front matter (defionscode, 18:04:43) * open topics (defionscode, 18:04:53) Meeting ended at 18:17:23 UTC. Action Items ------------ * check with galaxy team about leveraging the future built-in pulp mechanism * defionscode to create hacking dir with single-rule dynamic test setup * cyberpear to create patch file to make disa xccdf use-able in centos * defionscode to ping clarkb on #openstack-infra/mailing-list * hit up openstack-dev about hardening split for ubuntu Action Items, by person ----------------------- * cyberpear * cyberpear to create patch file to make disa xccdf use-able in centos * defionscode * defionscode to create hacking dir with single-rule dynamic test setup * defionscode to ping clarkb on #openstack-infra/mailing-list * **UNASSIGNED** * check with galaxy team about leveraging the future built-in pulp mechanism * hit up openstack-dev about hardening split for ubuntu People Present (lines said) --------------------------- * defionscode (145) * shepdelacreme (52) * bcoca (23) * cyberpear (23) * mnaser (14) * cyberpear_ (9) * gundalow (6) * zodbot (5) * treyp_ (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot