#ansible-windows log

20:00:55 <jborean93> #startmeeting Ansible Windows Working Group
20:00:55 <zodbot> Meeting started Tue Jul 23 20:00:55 2019 UTC.
20:00:55 <zodbot> This meeting is logged and archived in a public location.
20:00:55 <zodbot> The chair is jborean93. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:55 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:00:55 <zodbot> The meeting name has been set to 'ansible_windows_working_group'
20:00:57 <jborean93> ahoy all
20:01:01 <Shachaf92> hi
20:01:03 <jhawkesworth> heya
20:02:21 <jborean93> #chair Shachaf92 jhawkesworth
20:02:21 <zodbot> Current chairs: Shachaf92 jborean93 jhawkesworth
20:02:35 <jborean93> nitzmahone may be late so we'll get started without him
20:02:59 <jhawkesworth> ok - where are we starting on the agenda?
20:03:14 * jborean93 opens it up
20:03:36 <jhawkesworth> https://github.com/ansible/community/issues/420
20:03:44 <Shachaf92> well, i think that other then the fips choco one there is nothing
20:03:56 <jborean93> #topic https://github.com/ansible/community/issues/420#issuecomment-514358489 Chocolatey FIPS
20:04:08 <jborean93> yep that's the only 1 I see
20:04:15 <jborean93> I just commented in there about my thoughts
20:04:30 <jborean93> but ultimately we should probably check if we need to enable that feature on the first install
20:04:47 <jborean93> or set that flag if needed
20:04:54 <jborean93> but I don't know of a good way to really do that
20:05:36 <jhawkesworth> seems to be a hacky way to check if servers is in FIPS mode here: https://serverfault.com/questions/914504/test-fips-enabled
20:05:39 <Shachaf92> well i checked and we can simply check the reg that is the policy for it
20:06:08 <Shachaf92> in the official KB they list the key
20:06:24 <Shachaf92> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
20:07:24 <jhawkesworth> wondering how far ansible should be supporting this.
20:07:31 <jborean93> yea, I don't think we should be blanket setting that arg
20:07:40 <jhawkesworth> last time I looked even MS didn't recommend using FIPS mode.
20:07:43 <jborean93> maybe just for the install scenario but even then it's somewhat questionable
20:08:31 <jborean93> yea FIPS is a fun one, regulation requires it but even then it's questionable the benefits it brings
20:08:33 <jhawkesworth> I'm thinking a 'Ansible and FIPS 140 environments' page in the docs would be more useful than information scattered across module documentation
20:09:09 <jhawkesworth> ps I am not volunteering to write such a page though
20:09:13 <jborean93> same
20:09:19 <Shachaf92> same
20:09:44 <jborean93> honestly for now the easiest win is to document how to install it manually with `win_shell` then show how to enable that feature with win_chocolatey_feature`
20:10:08 <jhawkesworth> agreed
20:10:15 <Shachaf92> +1
20:11:39 <jhawkesworth> I guess changing checksum algorithm would mean repackaging all the choco packages
20:12:31 * jborean93 hopes they don't use md5 anyway
20:13:16 <jborean93> #topic open floor
20:13:26 <jborean93> cool anything else we would like to talk about?
20:14:09 <jhawkesworth> not from me
20:14:53 <Shachaf92> nope
20:15:30 <jhawkesworth> guess we should let jborean93 get back to work then
20:15:58 <jborean93> heh, trying to prove a point on a win_chocolatey issue right now :(
20:16:06 <jborean93> cool short and sweet meeting
20:16:11 <jborean93> have a good day everyone
20:16:14 <jborean93> #endmeeting