#ansible-lockdown log

14:15:41 <dfed> #startmeeting Ansible Lockdown Weekly Updates
14:15:41 <zodbot> Meeting started Thu Sep 17 14:15:41 2020 UTC.
14:15:41 <zodbot> This meeting is logged and archived in a public location.
14:15:41 <zodbot> The chair is dfed. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:15:41 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:15:41 <zodbot> The meeting name has been set to 'ansible_lockdown_weekly_updates'
14:15:57 <dfed> #topic Updates to the Ansible Lockdown Github Repositories
14:15:58 <xgeorgex> Nice I was thinking of a meaningful topic name
14:16:04 <dfed> take it away George ;)
14:16:41 <cyberpear> o/
14:16:50 <xgeorgex> So some of the things I have been working on is syncing up all of the repos for consistency. We used the RHEL 7 repo as a model
14:17:03 <xgeorgex> So all repos now have a devel branch branch for dev and a master branch
14:17:25 <xgeorgex> I have added protections to both devel/master that match what RHEL 7 had on devel
14:17:28 <dfed> The Master Branch is where we will tag the enterprise releases from.  But the Level is the community touchpoint
14:17:34 <dfed> *devel
14:17:38 <dfed> stupid autocorrect
14:17:39 <xgeorgex> And made the devel branch default
14:17:41 <xgeorgex> lol
14:17:55 <cyberpear> 👍
14:17:58 <dfed> Tell 'em about the testing! it's way awesome compared to travis
14:18:16 <dfed> we will be reading testing on devel.  George has more.
14:18:17 <xgeorgex> We are using refactr to create pipelines
14:18:49 <xgeorgex> For testing, so the pipeline will create an AWS or whatever instance, pull in the repo and run it against that instance
14:19:00 <cyberpear> nice!
14:19:01 <xgeorgex> The plan is to have that happen when things go into devel
14:19:16 <dfed> this will work for OS level testing and app-level testing.  we have changes to Postgres to do this for rhel and ubuntu for each app layer stig/cis
14:19:47 <dfed> it'll be triggered on the merge request on level like before
14:20:00 <dfed> develop holy crap macOS and autocorrect
14:20:05 <dfed> devel
14:20:11 * dfed gives up and stops typing
14:20:35 <xgeorgex> The workflow will be people will work in their branch and when done they will do a pull request to devel. We kick off the process for it to merge which triggers the automated testing pipeline
14:20:47 <xgeorgex> If it passes we are good and I think we can then do a hard review of the changes
14:20:55 <xgeorgex> Before merging with master
14:21:09 <cyberpear> sounds great!
14:21:12 <xgeorgex> @cyberpear anything scary with that process that you see
14:21:34 <xgeorgex> We will also be documenting the process as well
14:21:42 <cyberpear> wait, are we merging devel before testing?
14:21:46 <dfed> no
14:21:52 <dfed> testing first as part of the tests to merge
14:21:59 <cyberpear> ok good
14:22:08 <dfed> in gatlab, however, it does the opposite and that's one reason we're back on gitlab
14:22:10 <dfed> github
14:22:16 <dfed> oh my god I have to stop typing
14:22:24 <xgeorgex> Lol,
14:22:30 <dfed> anyway gitlab merges before testing.
14:22:38 <dfed> github tests before merge.  we like github
14:22:49 <cyberpear> 👍
14:23:27 <xgeorgex> We are still finishing up building the testing, but we are close to finishing that up
14:25:25 <xgeorgex> Also @cyberpear with the changes we are making you are still an owner/process control person
14:25:56 <cyberpear> I appreciate it... sorry I haven't been too active the past few weeks
14:26:03 <xgeorgex> No worries
14:26:15 <cyberpear> sounds like exciting improvements with the testing, though!
14:26:16 <dfed> I mean we have a lot of moving parts happening, it's ok
14:26:26 <dfed> but that brings me to my next question
14:26:36 <cyberpear> and happy to see everything moved to ansible-lockdown GH org!
14:26:36 <dfed> #topic documentation and contributing instructions
14:26:56 <dfed> We need a wiki on the group on github and a standardized contributing instruction set.
14:27:13 <dfed> I have no idea how to do that in github, anyone got some suggestions?
14:27:41 <dfed> we can do a wiki on each repo, but that seems like overkill
14:28:01 <cyberpear> seems like overkill... maybe a "community" repo in the gh org, with the wiki to cover all?
14:28:03 <xgeorgex> Yeah it does
14:28:19 <xgeorgex> That's a good idea
14:28:28 <xgeorgex> We can also keep other documentation in there as well
14:28:29 <dfed> Yeah one with all the legalese we need with contributing, license, etc.
14:28:35 <cyberpear> yeah
14:28:42 <dfed> and we can git submodule that to all the other repos or something
14:28:58 <cyberpear> then just the basic license in each repo
14:29:01 <cyberpear> ^ or that
14:29:07 <xgeorgex> I like it
14:29:13 <dfed> yeah or basic license and link in teh contributing.rst
14:29:48 <dfed> anyway not sure yet what to do, if we want we can do a working meeting about it next week
14:30:16 <xgeorgex> That might be good. Everyone can think about it for a bit and we can come back together to discuss
14:30:25 <cyberpear> sounds good
14:30:27 <dfed> ok let's table that.
14:30:37 <dfed> #topic collections!
14:30:50 <xgeorgex> collections.......
14:30:52 <dfed> ok so, we have a ansibefest talk showing migrations to collections
14:30:58 <dfed> using lockdown.
14:31:15 * cyberpear checks ansible fest dates
14:31:17 <dfed> but we haven't done it.  I am thinking we'll just chat with cyberpear when that is over to do the real thing
14:31:44 <dfed> like we demonstrate creating one, but we haven't actually done that for this working set of repos and I feel like it'll take some chat and planning to do for real
14:31:50 <cyberpear> I'm picturing the collecting being a structure repo with each role as a submodule
14:31:57 <dfed> yeah I was too
14:32:00 <dfed> maybe not that much planning
14:32:03 <dfed> LOL
14:32:11 <xgeorgex> Yeah that's what we were talking about on the call discussing the demo
14:32:14 <dfed> ok so let's plan to put that together after fest.
14:32:16 <xgeorgex> For the presentation
14:32:35 <dfed> I have to run, because covid home schooling etc.  I'll let y'all finish up
14:32:46 <xgeorgex> Sounds good
14:33:20 <xgeorgex> #topic upcoming roles
14:33:31 <xgeorgex> Damn I need to learn the bot commands
14:33:31 <dfed> wtf ok I got it
14:33:40 <dfed> #topic upcoming roles
14:33:47 <dfed> I think it only lets ops do it
14:33:49 <xgeorgex> Thanks dfed........
14:33:53 <dfed> brb
14:34:08 <cyberpear> #chair dfed xgeorgex cyberpear
14:34:20 <dfed> forgot that, sorry
14:34:25 <dfed> ok afk for realz
14:34:35 <xgeorgex> So I have ubuntu18 99% done. I have three controls that I'm stuck on
14:34:55 <xgeorgex> I created issues for them in GitHub
14:35:08 <xgeorgex> But other than those three ubuntu18cis is done
14:35:18 <xgeorgex> I have one control left for ubuntu20 to finish up
14:35:42 <xgeorgex> Ubuntu20cis has the same three tasks I was stuck on with 18 as well
14:35:57 <cyberpear> sounds like great progress!
14:36:07 <cyberpear> was there lots of copy/paste between ubuntu 18 and 20?
14:36:15 <xgeorgex> Yeah
14:36:33 <xgeorgex> Like numbering was different which I hate, but only a couple completely different controls
14:36:53 <dfed> we'll need to do stig on ubuntu soon too
14:36:54 <xgeorgex> Most of the differences, besides numbering, was like 18 was to disable a service and 20 was to remove the service
14:36:58 <xgeorgex> So minor differences
14:37:00 <dfed> but that's not important right now
14:38:16 <xgeorgex> Yeah going forward I think we are going to try and sync up ubuntu with RHEL stuff. We have ubuntu stig and adding ubuntu support to the postres role
14:38:54 <dfed> well once we have those done I'd like to migrate the one role to rule the OS from cyberpear and focus on some app layer and cloud stuff
14:39:05 <dfed> (back, sorry, kid's tablet was freaking otu with zoom)
14:39:24 <dfed> but yeah I don't think anything we're saying is surprising to cyberpear, xgeorgex
14:40:01 <cyberpear> yep... will be nice to have the unified role
14:40:24 <xgeorgex> I think that's all I had for this week
14:40:27 <dfed> we have a bunch of windows done too, so I think we could actually create a unified role for OS entirely.  or maybe we should make that a collection I dunno
14:40:37 <dfed> anyway, I don't have anything else.
14:40:41 <cyberpear> I haven't touched my PoC in a couple months...
14:41:05 <cyberpear> #topic next meeting
14:41:07 <xgeorgex> Collections might look cleaner, but I need to mss with them more
14:41:36 <cyberpear> same time next week, or 2 wks from now?
14:41:51 <dfed> I'm gonna vote for a 2 week cadence for now, to let us finish the changes and stuff
14:42:20 <cyberpear> fest is oct 13-14, so we have time
14:42:21 <xgeorgex> Sounds good
14:42:23 <dfed> also I may fork your PoC on the unified and do some work to merge back if you want
14:42:47 <dfed> do you want to move that into the group on github or leave it out for now?
14:43:16 <cyberpear> I suppose I could move mine
14:43:47 <dfed> OK George make sure you sync up the protections and setup.  that testing pipeline will be complicated
14:43:51 <cyberpear> I'll do that move today if it sounds good
14:43:57 <dfed> righto
14:44:06 <xgeorgex> Yup, protections are all set
14:44:24 <cyberpear> #info next meeting on Oct 1
14:44:29 <dfed> excellent
14:44:44 <cyberpear> #info next meeting on Oct 1 1400 UTC
14:44:48 <dfed> Happy thursday y'all.  I'm gonna go and get coffee before my next call
14:45:05 <cyberpear> thanks dfed, xgeorgex!
14:45:15 <xgeorgex> Thanks everyone
14:45:20 <cyberpear> #endmeeting
14:45:26 * cyberpear not #chair
14:45:44 <cyberpear> xgeorgex: I think you're #chair so can end meeting
14:46:02 <dfed> #endmeeting