#openstack-meeting-alt log

17:00:46 <hyakuhei> #startmeeting openstack security group
17:00:47 <openstack> Meeting started Thu Oct 23 17:00:46 2014 UTC and is due to finish in 60 minutes.  The chair is hyakuhei. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:51 <openstack> The meeting name has been set to 'openstack_security_group'
17:01:04 <hyakuhei> roll call peeps!
17:01:07 <rlpple> Afternoon/Morning/Evneing all
17:01:08 <bknudson> hi
17:01:10 <tmcpeak> HOLA
17:01:18 <shohel02> hi
17:01:27 <sicarie> o/
17:01:28 <sweston> Hi!!
17:01:29 <tkelsey> hello
17:01:36 <elmiko> hi, i'm mainly listening but i have a question for open discussion time =)
17:01:37 <sarnold007> hello all
17:01:40 <nkinder> hi all
17:01:47 <chair6> 'ello
17:01:59 <hyakuhei> Hey, so, the summit is less than two weeks away!
17:02:09 <hyakuhei> What should we discuss today?
17:02:52 <tmcpeak> well I'm sure we'll get OSSN status
17:03:09 <tmcpeak> book?
17:03:36 <nkinder> yeah, OSSNs will be pretty quick
17:03:42 <hyakuhei> ok lets start there
17:03:46 <hyakuhei> #topic ossn
17:04:04 <nkinder> So a number of issues were cleared out last week and published.
17:04:19 <nkinder> So there's just one in progress that's out for review (OSSN-0038)
17:04:33 <nkinder> #link https://review.openstack.org/#/c/128636/3
17:04:41 <tkelsey> thats mine i think, input welcome :)
17:05:01 <hyakuhei> Thanks tkelsey
17:05:13 <hyakuhei> I think there still a few in the queue
17:05:17 <tkelsey> your welcome hyakuhei
17:05:26 <nkinder> there are a handful free for others to pick up - https://bugs.launchpad.net/ossn/
17:06:25 <nkinder> Doug has one thar he picked up, but there's not a patch proposed yet - https://bugs.launchpad.net/ossn/+bug/1163569
17:06:26 <uvirtbot> Launchpad bug 1163569 in ossn "security groups don't work with vip and ovs plugin" [High,In progress]
17:07:06 <tkelsey> yeah, im supposed to be helping with that one, not had much time yet
17:07:13 <hyakuhei> Yeah that one was tricky iirc
17:07:21 <hyakuhei> We could discuss options for that now?
17:07:43 <nkinder> Sure.  So what's the tricky part of that one?
17:08:27 <tmcpeak> first of all it's hard to test I think
17:08:39 <tkelsey> I think there is some missing or confusing info, is Doug about, he woulf know more
17:08:59 <hyakuhei> I'll ping him on skype see if he can join us
17:09:02 <tmcpeak> it seems to need a lot of setup and domain knowledge
17:09:20 <tkelsey> yeah tmcpeak
17:10:02 <hyakuhei> Pinged dg, no reply, assume he's not joining
17:10:44 <tkelsey> shame, his input would have been good. I guess I'll try and look at it tomorrow
17:11:05 <hyakuhei> Yeah, so I think it's as tmcpeak said, if you don't work with it much this is confusing
17:11:20 <tkelsey> sure
17:11:33 <nkinder> ok, so perhaps tapping a developer from the area would be best here
17:11:43 <tmcpeak> +1
17:11:46 <hyakuhei> Know any friendly ones ? :P
17:11:47 <tkelsey> +1
17:12:41 <nkinder> probably worth just having Doug join the neutron weekly meeting to bring it up
17:12:54 <nkinder> or reach out to the current PTL
17:12:56 <hyakuhei> Depending on what timezone they run that in, sure.
17:13:07 <hyakuhei> Ok, I'll chat with dg about it tomorrow :)
17:13:08 <sweston> I can bring it up to Kyle
17:13:26 <nkinder> sweston: thanks!
17:14:06 <hyakuhei> Yeah, that'll be really helpful
17:14:07 <nkinder> I don't think there's much more on OSSNs
17:14:11 <sweston> nkinder:  sure, if you still want to ping Doug, feel free to bring me in ... I'll be here all day!!
17:14:21 <nkinder> ...aside from mentioning that we're almost up to 40 notes now!
17:14:27 <bdpayne_> :-)
17:14:30 <tkelsey> good work all :)
17:14:38 <nkinder> It's come a long way
17:14:38 <hyakuhei> +1
17:15:01 <tmcpeak> yeah, we've more than doubled in a few months
17:15:59 <nkinder> and there are lots of authors now too
17:16:21 <sweston> Who hoo ... on that "note", I'll take https://bugs.launchpad.net/ossn/+bug/1329214
17:16:22 <uvirtbot> Launchpad bug 1329214 in cinder "tgtadm iscsi chap does not work" [Critical,Fix released]
17:16:51 <tkelsey> nice sweston
17:16:59 <sweston> unless somebody else wants it :-)
17:17:02 <nkinder> sweston: great!  Any help you need, just ask.
17:17:05 <hyakuhei> I think it's all yours :P
17:17:30 <sweston> hehe, sure .. I'll ask for help if I need to, thanks!!
17:18:00 <tkelsey> sweston: you get bonus points for the pun :-P
17:18:26 <hyakuhei> ok, any other OSSN stuff?
17:18:34 <sweston> tkelsey: :-D
17:19:00 <nkinder> Nope.  That's it.
17:19:13 <hyakuhei> ok, next up on the agenda, elmiko - what did you want to discuss?
17:19:45 <elmiko> well, i'm chairing a session for Sahara on security
17:20:12 <elmiko> i have a few topics prepared, but i wanted to reach out and see if anyone might be able to help me find topics that we might be missing currently
17:20:14 <hyakuhei> Coolio, how can we help
17:20:40 <hyakuhei> I'm not very familiar with Sahara today - anyone got anything to contribute?
17:20:41 <elmiko> we have a few areas that we improved during juno, but i'm curious how much more can we find
17:20:43 <tmcpeak> elmiko: do you have a list?
17:21:17 <elmiko> tmcpeak: so far, we will talk about a new security group feature, and the new domain proxy feature. i'm still assembling more topics
17:21:24 <nkinder> elmiko: I know we discussed some things about keystone trusts quite a while back
17:21:34 <elmiko> what i'm really curious about are more general threats that a sahara user/operator should be aware of
17:21:46 <tmcpeak> elmiko: ok, are you looking for features, hardening your existing code, both?
17:21:53 <elmiko> nkinder: yes! and it helped us implement a new feature based around that
17:22:00 <elmiko> tmcpeak: both ideally
17:22:15 <hyakuhei> elmiko: maybe an email to the security mailinglist would be useful too?
17:22:41 <elmiko> hyakuhei: awesome idea, is that the openstack-dev list with an [ossg] on it?
17:22:52 <nkinder> elmiko: ok, so I wonder if starting with a security audit page for sahara would be a good start too.
17:23:03 <bdpayne_> elmiko openstack-security mailing list
17:23:12 <tmcpeak> nkinder: +1
17:23:12 <elmiko> nkinder: that would be great
17:23:30 <hyakuhei> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
17:23:37 <hyakuhei> elmiko: ^
17:23:56 <nkinder> elmiko: https://wiki.openstack.org/wiki/Security/Juno
17:23:56 <elmiko> hyakuhei: tnx
17:23:58 <hyakuhei> Although -dev with [ossg] _should_ work
17:24:09 <nkinder> I suppose it's time I create a Kilo page
17:24:19 <hyakuhei> Oooh!
17:24:39 <elmiko> nkinder: is there anything i can do to help get the audit under way?
17:25:12 <hyakuhei> Audit's are _really_ time intensive
17:25:20 <nkinder> elmiko: yeah, let me create a placeholder page after the meeting and you can look at the existing one for Keystone to get an idea of the info to collect.
17:25:29 <elmiko> nkinder: awesome
17:25:34 <nkinder> hyakuhei: not bad if you have experience with the project/code though
17:25:35 <hyakuhei> best bet right now is to find one or two devs who are interested and setup a meet in Paris to lay the groundwork
17:25:41 <bknudson> I think we should have discussions on -dev rather than the security list
17:25:43 <elmiko> hyakuhei: i'm willing to put some time in on it, if it's something that i can tackle
17:25:56 <hyakuhei> nkinder: +1 going in cold is the worst
17:26:28 <hyakuhei> elmiko: It's so much easier with someone who knows the code
17:26:38 <nkinder> #action nkinder to create kilo 'security info' page and a sahara template
17:26:45 <elmiko> hyakuhei: for sure, and i'm interested in being part of the process
17:26:46 <shohel02> And if we want more extensive, we can go some high level Threat analysis on Shara
17:27:20 <elmiko> shohel02: i think that's something that would be useful for the devs and our end-users
17:27:46 <elmiko> on a more general level, i am looking to gain an insight into the type of issues we should be looking for as an openstack project
17:27:57 <elmiko> these are the types of things i'd like to talk about at summit with our devs
17:28:03 <hyakuhei> heh, that's a long list
17:28:08 <elmiko> i'll bet ;)
17:28:11 <hyakuhei> Something we can help with though :)
17:28:38 <tkelsey> +1 elmiko hyakuhei
17:28:41 <rlpple> Sorry cant help too much today   need to leave for 'nother meeting
17:28:55 <elmiko> i'm trying to avoid covering topics that might be better addresses in other areas, for example should we talk about general networking configurations that might be out of scope for sahara?
17:28:58 <nkinder> elmiko: you'll be at the Summit then?
17:29:04 <elmiko> nkinder: yes
17:29:43 <elmiko> for those who haven't explored sahara, we are providing a data processing solution for openstack
17:29:52 <elmiko> so we are building clusters with hadoop, spark, and the like
17:29:58 <hyakuhei> oh hai dg__
17:30:07 <tkelsey> interesting stuff elmiko
17:30:16 <elmiko> talking about security within our clusters is one thing, but talking about threats to the stack i feel is a bigger issue
17:30:40 <dg__> hyakuei hi, think i need to kill my outlook calendar
17:30:54 <elmiko> for example, should we be worried about an attacker being able to infiltrate a project and thus gain access to the cluster and swift instances, or is that a more general openstack security concern?
17:31:27 <hyakuhei> There's a point where attack vectors become shared
17:31:37 <hyakuhei> but that can be influenced in many ways
17:31:47 <hyakuhei> We need a whiteboard and pretty pictures ;)
17:31:50 <elmiko> yea, i'm really trying to be that with regards to the topics we should discuss
17:32:03 <elmiko> *to be sensitive to that
17:32:20 <hyakuhei> Makes sense
17:32:48 <elmiko> but it sounds like we've generated some good topics. we can certainly talk about getting ready for an audit, and the possibility of doing higher level threat analysis
17:33:56 <hyakuhei> I'd love to do some threat analysis on Sahara
17:34:05 <elmiko> i might have missed it, was there a link to page about audits?
17:34:08 <elmiko> hyakuhei: cool!
17:35:09 <tmcpeak> hyakuhei: yeah, threat analysis sounds good
17:35:40 <shohel02> security audit... this one https://wiki.openstack.org/wiki/Security/Juno
17:35:47 <shohel02> nikander posted earlier
17:36:01 <elmiko> shohel02: ahh, thanks. got that one, thought i missed one
17:36:14 <nkinder> elmiko: here's a skeleton - https://wiki.openstack.org/wiki/Security/Kilo/Sahara
17:36:27 <elmiko> nkinder: awesome, thanks
17:36:47 <nkinder> elmiko: look at the Juno keystone one for an idea.  I'll create the Kilo one for Keystone today
17:36:57 <elmiko> cool
17:37:32 <elmiko> thanks everybody, this is great. i'll have a few more issues we should be talking about within Sahara, and expect me to haunt the OOSG sessions looking to talk more =)
17:37:41 <elmiko> *OSSG
17:37:47 <tmcpeak> elmiko: sounds good
17:38:08 <hyakuhei> cool, any other agenda items?
17:38:12 <tkelsey> elmiko: good stuff.
17:38:19 <tkelsey> so i have some SecImpact numbers
17:38:32 <bdpayne_> I'd like to talk about a couple of things
17:38:44 <bdpayne_> tkelsey is welcome to go first :-)
17:38:54 <tkelsey> ok, thanks bdpayne_
17:39:25 <tkelsey> so I ran a hacky script against gerrit looking for SecImpact changes, I have some numbers
17:39:37 <tkelsey> I'll put them into a pastbin I guess
17:39:40 <hyakuhei> #topic Security Impact
17:40:24 <tkelsey> http://pastebin.com/TuDfph6U
17:41:01 <tkelsey> the main take away is that 29 changes got merged that had SecImpact but no OSSG input
17:41:01 <hyakuhei> So what's good/bad mean?
17:41:12 <hyakuhei> but 25 did have input ?
17:41:18 <tkelsey> yes
17:41:21 <hyakuhei> That's better than I thought tbh
17:41:29 <tkelsey> bad == no OSSG, or -1 from OSSG
17:41:41 <hyakuhei> Can you do stats on who contributed from OSSG
17:41:43 <tkelsey> good = +1 or 0 from OSSG
17:41:52 <tkelsey> yes i can get names
17:41:57 <hyakuhei> hmm, so I think -1 from OSSG is still 'good' in this context?
17:42:01 <nkinder> tkelsey: I'm interested in knowing is OSSG looked at it at all
17:42:08 <nkinder> ...regardless of score
17:42:10 <bdpayne_> yeah
17:42:13 <hyakuhei> OSSG looked at something - yay
17:42:27 <tkelsey> sure, ok :-) not hard to change things for that metric
17:42:35 <bdpayne_> this is great to have the data... and something that we should track regularly
17:42:36 <hyakuhei> even so, takeaway from this is we're likely responding to over 50% of requests
17:42:39 <bdpayne_> perhaps each month or each quarter
17:42:45 <hyakuhei> Yup
17:42:49 <hyakuhei> Thanks for this tkelsey
17:42:55 <bdpayne_> indeed, thanks
17:42:56 <nkinder> +1
17:42:59 <tkelsey> bdpayne_: sure, I can handle doing this at intervals
17:43:37 <bdpayne_> tkelsey if you can provide the raw numbers, I could figure out a nice visualization to track this over time
17:43:51 <bdpayne_> just ping me to remind me that I said this ;-)
17:43:52 <tkelsey> sure thing bdpayne_
17:44:01 <tkelsey> haha no problem
17:44:05 <hyakuhei> Something Stacklytics-esk?
17:44:13 <bdpayne_> yeah
17:44:18 * bdpayne_ likes visualizations
17:44:19 <tkelsey> that would be very nice
17:44:52 <hyakuhei> Great stuff, thanks Tim!
17:45:03 <tkelsey> well thats all I had, just wanted to put the data out there. I'll clean things up and give bdpayne_  the info
17:45:13 <hyakuhei> Right bdpayne_ you had something you wanted to discuss ?
17:45:14 <tkelsey> hyakuhei: thanks
17:45:17 <bdpayne_> yeah
17:45:21 <bdpayne_> a couple of things
17:45:25 <bdpayne_> but I can be briefish
17:45:29 <bdpayne_> 1) Elections!
17:45:32 <hyakuhei> #topic Elections
17:45:39 <bdpayne_> We have an election going on this week
17:45:46 <e-vad> woo!
17:45:48 <bdpayne_> Polls will close on Monday morning (pacific time)
17:45:51 <hyakuhei> Scary stuff.
17:45:57 <bdpayne_> currently 41/91 people have voted
17:46:04 <bdpayne_> would love to see more votes
17:46:07 <chair6> vote early, vote often!
17:46:09 <hyakuhei> +1
17:46:23 <bdpayne_> so please go ahead and vote if you haven't already
17:46:28 <hyakuhei> That's a pretty decent sized electorate
17:46:47 <bdpayne_> also... just a placeholder here, but I think post-election we should have a discussion about electorate qualification going forward
17:47:06 <bdpayne_> but, regardless, we have 91 people in the electorate and 41 that have voted already
17:47:14 <bdpayne_> so that's a reasonable sized group
17:47:16 <bdpayne_> OSSG is growing
17:47:22 <bdpayne_> and by that I mean that active community
17:47:28 <bdpayne_> nice work everyone :-)
17:47:35 <bdpayne_> any questions on the elections?
17:47:36 <tmcpeak> wooohoo
17:48:03 <hyakuhei> It's always good to review these things
17:48:06 <bdpayne_> ok, let's move on to my next topic
17:48:12 <bdpayne_> 2) OSSG track at the summit
17:48:17 <hyakuhei> #topic OSSG track
17:48:27 <bdpayne_> we have talked about setting up a space for OSSG people to chat at the summit
17:48:34 <hyakuhei> Tuesday was looking good for that, not 100% sure ?
17:48:43 <bdpayne_> I would like to see us pick a day or 1/2 day to have a semi-formal track
17:48:50 <bdpayne_> at least, planned topics in time slots
17:48:53 <tkelsey> bdpayne_: +1
17:48:58 <bdpayne_> do we have an etherpad to track topics?
17:49:09 <hyakuhei> We _did_
17:49:15 <bdpayne_> hrm
17:49:16 <hyakuhei> but I confess I didn't make a note of it.
17:49:24 <bdpayne_> anyone know the link?
17:49:29 <hyakuhei> I'll circulate an email with it after the meeting, once I've updated the mnutes
17:49:32 <hyakuhei> *minutes
17:49:50 <bdpayne_> ok, sounds good
17:49:57 <bdpayne_> I'd like to have a book discussion in one of the slots
17:50:07 <bdpayne_> and I will probably have some other ideas too :-)
17:50:25 <bdpayne_> ok, I think that's all I have for today
17:50:28 <sweston> bdpayne_: +1 for books
17:50:47 <hyakuhei> #topic any other business
17:50:49 <hyakuhei> Thanks bdpayne_
17:51:07 <e-vad> re: other topics
17:51:30 <e-vad> have we talked about mentorship for folks wanting to jump in to ossg stuffs but unsure where to start?
17:51:49 <tmcpeak> e-vad: the channel is a good place to find help
17:51:55 <bdpayne_> we have talked a bit about this in the past, but it would be good to do more here
17:52:04 <tmcpeak> normally at least somebody is around to point you in the right direction
17:52:14 <bdpayne_> but people need to know to go into the channel
17:52:22 <tmcpeak> ahh, solid point
17:52:23 <bdpayne_> we need a super nice easy intro doc
17:52:28 <hyakuhei> Yeah, there's occasionally people reaching out on the ML too
17:52:30 <bdpayne_> and that needs to be easy to find
17:52:30 <e-vad> some of that could be as easy as update our wiki page some
17:52:37 <bdpayne_> perhaps an email sent to people that join the launchpad group
17:52:50 <bdpayne_> and an updated wiki page, yeah
17:53:29 <hyakuhei> both good points
17:53:31 <shohel02> and probably with some example .. .e.g., start with filing bugs in book, or writing OSSN
17:53:49 <bdpayne_> so there is a wiki with this goal in mind
17:53:55 <bdpayne_> but it could use some updating
17:54:11 <hyakuhei> We do have some 'how to contribute' text already that bdpayne_ wrote iirc
17:54:20 <bdpayne_> https://wiki.openstack.org/wiki/Security/How_To_Contribute
17:54:33 <bdpayne_> and some intro text on https://wiki.openstack.org/wiki/Security
17:54:43 <bdpayne_> those are good places to improve
17:55:24 <e-vad> yup
17:55:48 <e-vad> the docbook bits could use a link out to one of anne gentle's preso's on working with docbooks and contributing to openstack docs
17:56:00 <e-vad> it's not the most straightforward thing to do
17:56:28 <e-vad> i guess then, i'll volunteer to take a look over said wiki and see what can be poked
17:56:43 <bdpayne_> cool, thanks
17:57:12 <e-vad> as part of the ossg track at the summit we should do a thing as well
17:57:24 <hyakuhei> bdpayne_:Etherpad for the summit
17:57:32 <hyakuhei> #link https://etherpad.openstack.org/p/ossg-kilo-summit
17:57:37 <bdpayne_> ahh
17:57:38 <bdpayne_> thanks
17:57:42 <hyakuhei> Np.
17:57:50 <e-vad> help folks get signed up, involved, maybe dissect an ossn
17:59:02 <hyakuhei> Its definitely time we looked at that stuff again, made the ossg a bit more welcoming
17:59:42 <elmiko> fwiw, my experiences with OSSG have been really positive so far. kudos to you all
17:59:49 <e-vad> +1
18:00:03 <hyakuhei> Thats a great note to wrap on guys!
18:00:04 <tkelsey> thanks elmiko :-)
18:00:04 <hyakuhei> Thank you all!
18:00:10 <hyakuhei> #endmeeting