*** tmcpeak has quit IRC | 00:01 | |
*** sigmavirus24_awa is now known as sigmavirus24 | 00:27 | |
*** salv-orlando has quit IRC | 00:57 | |
*** salv-orlando has joined #openstack-security | 01:00 | |
*** salv-orlando has quit IRC | 01:05 | |
*** bpokorny_ has quit IRC | 01:09 | |
openstackgerrit | Nathaniel Dillon proposed openstack/security-doc: Converting API endpoints section to RST https://review.openstack.org/203894 | 01:12 |
---|---|---|
*** bitblt has quit IRC | 01:29 | |
*** browne has quit IRC | 01:40 | |
*** elo has quit IRC | 01:45 | |
*** dave-mccowan has quit IRC | 01:59 | |
*** elo has joined #openstack-security | 02:04 | |
openstackgerrit | Michael McCune proposed openstack/security-doc: Index in RST format https://review.openstack.org/203854 | 02:16 |
*** browne has joined #openstack-security | 02:18 | |
*** dave-mccowan has joined #openstack-security | 02:21 | |
openstackgerrit | Merged openstack/security-doc: Index in RST format https://review.openstack.org/203854 | 02:32 |
*** y_sawai has joined #openstack-security | 02:43 | |
*** jhfeng has joined #openstack-security | 02:55 | |
*** elo has quit IRC | 03:17 | |
openstackgerrit | Nathaniel Dillon proposed openstack/security-doc: WIP - Updating Compute chapter to RST https://review.openstack.org/203916 | 04:28 |
*** jhfeng has quit IRC | 04:40 | |
*** jhfeng has joined #openstack-security | 04:40 | |
*** jhfeng has quit IRC | 04:42 | |
*** y_sawai_ has joined #openstack-security | 04:45 | |
*** y_sawai has quit IRC | 04:46 | |
*** dave-mccowan has quit IRC | 04:51 | |
*** y_sawai__ has joined #openstack-security | 04:58 | |
openstackgerrit | Andreas Jaeger proposed openstack/security-doc: Remove extra mkdir https://review.openstack.org/203922 | 05:00 |
*** y_sawai_ has quit IRC | 05:01 | |
*** y_sawai has joined #openstack-security | 05:05 | |
*** y_sawai__ has quit IRC | 05:08 | |
*** y_sawai_ has joined #openstack-security | 05:09 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 05:11 | |
*** y_sawai has quit IRC | 05:12 | |
openstackgerrit | Merged openstack/security-doc: Remove extra mkdir https://review.openstack.org/203922 | 05:22 |
*** markvoelker has quit IRC | 05:38 | |
*** y_sawai has joined #openstack-security | 05:38 | |
*** y_sawai has quit IRC | 05:39 | |
*** y_sawai_ has quit IRC | 05:42 | |
*** markvoelker has joined #openstack-security | 05:44 | |
*** y_sawai has joined #openstack-security | 06:00 | |
openstackgerrit | Nathaniel Dillon proposed openstack/security-doc: WIP - Updating Documentation section from DocBook to RST https://review.openstack.org/203933 | 06:02 |
openstackgerrit | Andreas Jaeger proposed openstack/security-doc: Initial conversion of Compliance chapter to rst https://review.openstack.org/203822 | 06:17 |
openstackgerrit | Andreas Jaeger proposed openstack/security-doc: Initial conversion of Management chapter to rst https://review.openstack.org/203830 | 06:18 |
openstackgerrit | Andreas Jaeger proposed openstack/security-doc: Converting API endpoints section to RST https://review.openstack.org/203894 | 06:20 |
openstackgerrit | Andreas Jaeger proposed openstack/security-doc: WIP - Updating Compute chapter to RST https://review.openstack.org/203916 | 06:21 |
*** shohel has joined #openstack-security | 06:22 | |
*** y_sawai has quit IRC | 06:23 | |
*** browne has quit IRC | 06:48 | |
*** salv-orlando has joined #openstack-security | 06:52 | |
*** salv-orlando has quit IRC | 07:28 | |
*** alex_klimov has joined #openstack-security | 07:44 | |
openstackgerrit | Dave Walker proposed openstack/security-doc: Conversion of Object Storage chapter to rst https://review.openstack.org/203965 | 08:10 |
*** dlitz has quit IRC | 08:17 | |
*** dlitz has joined #openstack-security | 08:22 | |
*** salv-orlando has joined #openstack-security | 08:25 | |
*** shohel has quit IRC | 08:39 | |
*** shohel has joined #openstack-security | 08:40 | |
*** tkelsey has joined #openstack-security | 09:04 | |
*** lexholden has joined #openstack-security | 09:24 | |
*** lexholden has quit IRC | 09:39 | |
*** elo has joined #openstack-security | 10:34 | |
*** lexholden has joined #openstack-security | 10:52 | |
*** dlitz has quit IRC | 11:01 | |
*** dlitz has joined #openstack-security | 11:05 | |
*** salv-orlando has quit IRC | 11:40 | |
*** dave-mccowan has joined #openstack-security | 11:57 | |
*** salv-orlando has joined #openstack-security | 12:01 | |
*** shohel has quit IRC | 12:07 | |
*** y_sawai has joined #openstack-security | 12:07 | |
*** shohel has joined #openstack-security | 12:07 | |
*** shohel1 has joined #openstack-security | 12:08 | |
*** shohel has quit IRC | 12:08 | |
*** y_sawai_ has joined #openstack-security | 12:18 | |
*** y_sawai has quit IRC | 12:20 | |
*** dlitz has quit IRC | 12:22 | |
*** dlitz has joined #openstack-security | 12:25 | |
*** alex7 has joined #openstack-security | 12:40 | |
*** alex7 has left #openstack-security | 12:40 | |
*** dlitz has quit IRC | 12:43 | |
*** dlitz has joined #openstack-security | 12:46 | |
*** markvoelker has quit IRC | 13:17 | |
*** bknudson has joined #openstack-security | 13:20 | |
*** y_sawai_ has quit IRC | 13:23 | |
*** shohel has joined #openstack-security | 13:27 | |
*** shohel1 has quit IRC | 13:28 | |
*** sdake has joined #openstack-security | 13:46 | |
*** sdake_ has joined #openstack-security | 13:47 | |
*** edmondsw has joined #openstack-security | 13:49 | |
*** sdake has quit IRC | 13:50 | |
*** rbrooker has joined #openstack-security | 13:50 | |
*** sicarie has joined #openstack-security | 14:03 | |
*** bknudson has quit IRC | 14:05 | |
sicarie | elmiko: ping | 14:12 |
elmiko | sicarie: hey | 14:15 |
sicarie | Do you have the link to the etherpad? | 14:15 |
sicarie | Somehow I lost it :( | 14:15 |
elmiko | https://etherpad.openstack.org/p/sec-guide-rst | 14:15 |
sicarie | thanks | 14:15 |
elmiko | np | 14:15 |
*** sigmavirus24_awa is now known as sigmavirus24 | 14:16 | |
elmiko | i merged pdesai's initial change last night, just to get things rolling | 14:16 |
sicarie | I saw that - it passed Jenkins, I'm good with it :) | 14:16 |
elmiko | there are a couple minor issues, but they'll get sorted | 14:16 |
sicarie | Daviey has proposed 3, and I have 3 (with issues) as well | 14:16 |
elmiko | cool | 14:16 |
sicarie | Hopefully we can keep up this pace and get it sorted | 14:17 |
elmiko | nice, i'm working through the dataprocessin chap now | 14:17 |
sicarie | awesome | 14:17 |
elmiko | one thing that will slow this down are the arbitrary linkages between the chapters. i'm running into it a bit, but i'm gonna link to the chapters with TODO notes about fixing up | 14:17 |
sicarie | Yeah, i'm pretty sure that's what most of my 'checklinks' failures are | 14:18 |
sicarie | I was waiting to go back and check those until the other sections got migrated | 14:18 |
*** jhfeng has joined #openstack-security | 14:18 | |
elmiko | as long as we're all aware of it, should be no problem | 14:18 |
sicarie | +1 | 14:19 |
elmiko | rst is gonna be so much nicer to hack on =) | 14:19 |
sicarie | I thought you guys were exaggerating how much nicer it was, and then I was going through it yesterday | 14:20 |
sicarie | much easier | 14:20 |
elmiko | haha | 14:20 |
Daviey | sicarie: Oi! You used the bug as your Branch Topic name. Do you want to flip it to what i said, or should i move mine to the bug? | 14:20 |
sicarie | Daviey: I think that's something that Gerrit does automatically with a "Partial-Bug" or "Closes-Bug" message that surprised me | 14:21 |
sicarie | anyway, I'm ambivalent - elmiko do you have a preference? | 14:22 |
sicarie | I think pdesai was in favor of the feature branch | 14:22 |
elmiko | i like Daviey's suggestion, makes it easier to have multiple local branches going | 14:22 |
elmiko | but, as long as we keep updating the etherpad with the reviews it's probably not a big deal | 14:23 |
sicarie | Daviey: I'll flip them when I re-up my changes | 14:23 |
sicarie | And thanks for knocking out those 3 chapters! | 14:23 |
Daviey | sicarie: Ah, when you - git review -t topic/name | 14:24 |
Daviey | overrides the auto behaviour | 14:24 |
sicarie | interesting | 14:24 |
sicarie | I have to say my understanding of git is light, I may be pinging for more details :) | 14:24 |
*** browne has joined #openstack-security | 14:27 | |
Daviey | sicarie: I won't pretend to be an expert :) | 14:30 |
*** sdake_ has quit IRC | 14:32 | |
*** sdake has joined #openstack-security | 14:32 | |
*** sdake_ has joined #openstack-security | 14:35 | |
sigmavirus24 | sicarie: feel free to ping me | 14:35 |
sigmavirus24 | Although git-review just does extra stuff on top so you don't have to think about gerrit | 14:35 |
*** rbrooker has quit IRC | 14:37 | |
*** sdake_ has quit IRC | 14:37 | |
*** sdake has quit IRC | 14:38 | |
Daviey | whilst looking to convert acknowledgements.xml, /me contemplates changing the logos | 14:41 |
elmiko | Daviey: is there something wrong with the logos? | 14:42 |
sigmavirus24 | elmiko: they're not logical | 14:43 |
Daviey | elmiko: Nothing.. just thought about adding an additional meme logo. | 14:43 |
sicarie | Daviey: I think the RedHat guy looks to dour, you should give him a smile :) | 14:43 |
elmiko | what!?! shadowman is awesome =) | 14:44 |
*** tmcpeak has joined #openstack-security | 14:44 | |
sigmavirus24 | Daviey: trollface? | 14:44 |
sigmavirus24 | I would endorse trollface as a logo | 14:45 |
elmiko | lol | 14:45 |
sigmavirus24 | "SSLv3 with RC4 ciphers is totally secure. <trollface.png>" | 14:45 |
sigmavirus24 | Daviey: or would that be trollface overlayed on top of <3 letter agency logo> | 14:46 |
elmiko | ouch... | 14:48 |
*** y_sawai has joined #openstack-security | 14:50 | |
*** voodookid has joined #openstack-security | 14:53 | |
*** y_sawai has quit IRC | 14:55 | |
*** y_sawai has joined #openstack-security | 14:56 | |
sigmavirus24 | elmiko: ? | 14:57 |
sigmavirus24 | elmiko: at least I didn't use "SSLv3 with RC4 ciphers is the only thing you should use" =P | 14:57 |
sicarie | sigmavirus24: I'm so hipster I use original SSL (the first is always the best, right?) | 14:59 |
tmcpeak | is that the one where they just exchange encryption keys in the clear in the first two packets? | 14:59 |
*** y_sawai has quit IRC | 14:59 | |
sicarie | isn't that what they mean for more security to be done out in the open? | 15:00 |
tmcpeak | +1 | 15:01 |
elmiko | sigmavirus24: i was more reacting to the trollface overlayed on top... | 15:01 |
elmiko | lol | 15:01 |
sigmavirus24 | elmiko: lol | 15:01 |
sigmavirus24 | elmiko: trollface overlayed == lulzsec right? | 15:01 |
elmiko | remember kids, installing backdoors into your crypto isn't just fun, it's patriotic too ;) | 15:01 |
sigmavirus24 | sicarie: hipster security is the best sakurity =P | 15:01 |
sigmavirus24 | elmiko: even if you're not murrican | 15:02 |
elmiko | sigmavirus24: especially if you're not murrican! | 15:02 |
sigmavirus24 | that should be a new way for nonmurricans to get murrican citizenship | 15:03 |
sigmavirus24 | step 1. make a cryptosystem with a backdoor; step 2. give it to <3 letter agency>; step 3. ???; step 4. citizenship! | 15:04 |
elmiko | haha | 15:06 |
tmcpeak | ;) | 15:06 |
*** edmondsw has quit IRC | 15:09 | |
*** jamielennox has quit IRC | 15:09 | |
*** bpokorny has joined #openstack-security | 15:14 | |
*** dwyde has joined #openstack-security | 15:14 | |
*** bknudson has joined #openstack-security | 15:15 | |
*** edmondsw has joined #openstack-security | 15:16 | |
*** jhfeng has quit IRC | 15:16 | |
Daviey | sigmavirus24: Not trollface, more Scumbag Steve? | 15:16 |
openstackgerrit | Merged openstack/bandit: Improving SQL Injection detection https://review.openstack.org/202646 | 15:29 |
openstackgerrit | Tim Kelsey proposed openstack/bandit: Adding documentation. https://review.openstack.org/204136 | 15:46 |
openstackgerrit | Tim Kelsey proposed openstack/bandit: Adding documentation. https://review.openstack.org/204136 | 15:48 |
sigmavirus24 | tmcpeak: surely we don't want documentation =P As part of the big tent, isn't it contrary to our purpose? | 15:57 |
elmiko | lol | 15:57 |
elmiko | going for the elusive "no docs" tag? | 15:57 |
sigmavirus24 | Or "wrong docs" | 15:58 |
tmcpeak | sigmavirus24: agile doesn't do documentation | 15:58 |
sigmavirus24 | I personally like keystoneclient.auth's docs that give you the completely wrong names for auth_plugins and such | 15:59 |
sigmavirus24 | Also gives you no indications of what option names to use for which auth plugin =P | 15:59 |
sigmavirus24 | i'm probably not the best person to talk to about docs | 16:00 |
sigmavirus24 | I've been rewriting/overhauling docs on projects that I'm part of outside of openstack | 16:00 |
elmiko | sicarie, Daviey, are we using "Partial-Implements: blueprint sec-guide-rst" on these reviews? | 16:01 |
elmiko | or is there a bug? | 16:02 |
openstackgerrit | Michael McCune proposed openstack/security-doc: adding security guide rst build dir to ignore https://review.openstack.org/204141 | 16:03 |
elmiko | sicarie ^^ | 16:04 |
*** alex_klimov has quit IRC | 16:05 | |
openstackgerrit | Michael McCune proposed openstack/security-doc: initial conversion of data processing chapter https://review.openstack.org/204143 | 16:05 |
Daviey | elmiko: We have both... | 16:15 |
Daviey | a bug and a spec | 16:16 |
Daviey | I don't care what we do, just let me know and i'll change mine to fit | 16:16 |
elmiko | lol, is there a preference? | 16:16 |
elmiko | i put the spec in mine | 16:16 |
Daviey | elmiko: Is Partial-Implements a thing for a spec? | 16:16 |
elmiko | yea | 16:16 |
elmiko | well, for a blueprint | 16:17 |
Daviey | I knew Partial-Bug worked, but i didn't know people used it for Implements aswell | 16:17 |
elmiko | i've used it before | 16:17 |
*** lexholden has quit IRC | 16:17 | |
*** bknudson has quit IRC | 16:18 | |
Daviey | chair6: Thanks for the testing of my config file branch... Are you easily able to tell me where the config file WAS installed for the failing procedures ? | 16:22 |
*** bknudson has joined #openstack-security | 16:25 | |
*** bknudson has quit IRC | 16:39 | |
*** pdesai has joined #openstack-security | 16:41 | |
openstackgerrit | Merged openstack/security-doc: Initial conversion of Management chapter to rst https://review.openstack.org/203830 | 16:42 |
openstackgerrit | Merged openstack/security-doc: Initial conversion of Compliance chapter to rst https://review.openstack.org/203822 | 16:42 |
Daviey | \o/ | 16:45 |
sicarie | elmiko Daviey: I think that using Partial-Bug will cause Gerrit to do something to move it off a feature branch | 16:46 |
sicarie | Not 100% sure, but I thought I had at least one of mine on a feature branch and I don't see it now | 16:46 |
Daviey | hmm, we've just had two branches on there that didn't reference the bug number | 16:47 |
Daviey | and had "Implements: blueprint sec-guide-rst" | 16:47 |
*** bknudson has joined #openstack-security | 16:47 | |
Daviey | I would have used Partial-Implements if i had known that was a thing | 16:47 |
Daviey | interesting reading, http://lists.openstack.org/pipermail/openstack-dev/2015-June/065940.html | 16:49 |
*** browne has quit IRC | 16:49 | |
Daviey | (and there was no agreement) | 16:50 |
elmiko | interesting... | 16:51 |
elmiko | i've always used partial-implements | 16:51 |
elmiko | i also forgot to use -t when pushing my review =( | 16:51 |
openstackgerrit | Merged openstack/security-doc: adding security guide rst build dir to ignore https://review.openstack.org/204141 | 16:55 |
chair6 | yeah @Daviey, i can get that info for each now.. | 16:55 |
Daviey | chair6: Ah thanks, i added it to the review... and regarding the debug.. I had it there to help write it, but removed it as i thought it was too noisey.. but i think you are right! | 16:56 |
Daviey | elmiko: You can change it in the webui by clicking it | 16:57 |
*** sdake has joined #openstack-security | 16:59 | |
chair6 | if it's there as a logger.debug() then you gotta do -d and it's only one line .. i figure if someone is running with -d they can expect noise :) | 17:11 |
Daviey | agree | 17:12 |
Daviey | chair6: Just to check, both OSX examples you gave - they didn't install the bandit.yaml anywhere other than the library path? With Linux, i was seeing it in etc AND the library path.. but not on your OSX example | 17:13 |
Daviey | - was your output over snipped or did it just not happen? | 17:13 |
chair6 | the snips should only be for matching directories .. i don't think it happened, i can double-check | 17:14 |
Daviey | chair6: pip uninstall bandit | grep bandit.yaml ? | 17:15 |
*** y_sawai has joined #openstack-security | 17:18 | |
chair6 | yeah, from a local install: | 17:18 |
chair6 | seventh:bandit finnigaj$ sudo pip uninstall bandit | grep bandit.yam /Library/Python/2.7/site-packages/bandit/config/bandit.yaml | 17:18 |
chair6 | ^C | 17:18 |
chair6 | uggh, format, but looks like it's just in the library path.. | 17:18 |
chair6 | hmm .. but for the venv example, this time around i am seeing a /Users/finnigaj/repo/bandit/venv27/etc/bandit/bandit.yaml be removed | 17:20 |
elmiko | Daviey: does that spin another version though? | 17:20 |
elmiko | (not that it matters) | 17:20 |
chair6 | yay for unpredicatable repetition.. | 17:20 |
Daviey | chair6: I think local install it is reasonable then just to say "you are on your own"? | 17:23 |
Daviey | As in, provide your own config | 17:23 |
*** shohel has quit IRC | 17:24 | |
Daviey | elmiko: Doesn't seem to make it a new revision, should be ok | 17:26 |
Daviey | (i did it on https://review.openstack.org/#/c/203822/ ) | 17:26 |
elmiko | ack, tahnks | 17:26 |
chair6 | seems fair .. and bandit fails cleanly if it can't find a config, saying where we looked.. | 17:28 |
*** pdesai has quit IRC | 17:30 | |
*** browne has joined #openstack-security | 17:36 | |
openstackgerrit | Michael McCune proposed openstack/security-doc: initial conversion of data processing chapter https://review.openstack.org/204143 | 17:36 |
*** pdesai has joined #openstack-security | 17:46 | |
*** bitblt has joined #openstack-security | 17:48 | |
*** bitblt has quit IRC | 17:51 | |
*** bitblt has joined #openstack-security | 17:51 | |
openstackgerrit | Nathaniel Dillon proposed openstack/security-doc: Updating Monitoring and Logging ch file to RST https://review.openstack.org/204184 | 17:53 |
*** markvoelker has joined #openstack-security | 17:55 | |
*** y_sawai has quit IRC | 17:55 | |
openstackgerrit | Nathaniel Dillon proposed openstack/security-doc: Updating Monitoring and Logging ch file to RST https://review.openstack.org/204184 | 17:57 |
*** bitblt has quit IRC | 17:58 | |
*** bitblt has joined #openstack-security | 17:58 | |
openstackgerrit | Nathaniel Dillon proposed openstack/security-doc: Updating Monitoring and Logging ch file to RST https://review.openstack.org/204184 | 18:02 |
*** tkelsey has quit IRC | 18:05 | |
*** jamielennox has joined #openstack-security | 18:15 | |
*** jamielennox is now known as jamielennox|away | 18:16 | |
*** jamielennox|away is now known as jamielennox | 18:23 | |
openstackgerrit | Priti Desai proposed openstack/security-doc: Updating Identity ch file to RST https://review.openstack.org/204205 | 18:40 |
openstackgerrit | Priti Desai proposed openstack/security-doc: Updating Databases ch file to RST https://review.openstack.org/204210 | 18:46 |
*** jmckind has joined #openstack-security | 18:48 | |
openstackgerrit | Priti Desai proposed openstack/security-doc: Updating Messaging ch file to RST https://review.openstack.org/204212 | 18:54 |
*** y_sawai has joined #openstack-security | 18:56 | |
*** y_sawai has quit IRC | 19:01 | |
*** pdesai has quit IRC | 19:01 | |
*** shohel has joined #openstack-security | 19:02 | |
*** bknudson has quit IRC | 19:06 | |
*** shohel has quit IRC | 19:07 | |
*** amit213 has quit IRC | 19:14 | |
*** amit213 has joined #openstack-security | 19:14 | |
openstackgerrit | Michael McCune proposed openstack/security-doc: initial conversion of instance management chapter https://review.openstack.org/204223 | 19:30 |
*** sdake_ has joined #openstack-security | 19:31 | |
*** sdake has quit IRC | 19:34 | |
*** y_sawai has joined #openstack-security | 19:57 | |
*** bitblt has quit IRC | 19:58 | |
*** jmckind has quit IRC | 19:58 | |
*** y_sawai has quit IRC | 20:01 | |
*** pdesai has joined #openstack-security | 20:08 | |
openstackgerrit | Michael McCune proposed openstack/security-doc: initial conversion of instance management chapter https://review.openstack.org/204223 | 20:12 |
elmiko | pdesai, Daviey, sicarie ping | 20:16 |
* sicarie waves | 20:17 | |
Daviey | \o | 20:17 |
elmiko | so, pdesai, i just got your email but i had already converted the chapters i was working on into singular documents. | 20:17 |
elmiko | i think we should discuss =) | 20:17 |
Daviey | Single files per Chapter vs subdir with each section in | 20:17 |
Daviey | [DEATH MATCH] | 20:18 |
elmiko | i vote single file! | 20:18 |
elmiko | (because i've done 2 and have a third on the way!) | 20:18 |
elmiko | is there a benefit to multiple files that i'm just overlooking? | 20:19 |
Daviey | elmiko: splitting is just /usr/bin/split away, right? | 20:20 |
elmiko | haha, nice | 20:20 |
elmiko | yea, really its trivial to split | 20:20 |
Daviey | elmiko: The slight benefit IMO is smaller files are easier to handle.. Single mammoth files can be overwhelming to both review and edit | 20:20 |
Daviey | I mean, to extend the logic - why don't we just put it all in index.rst? | 20:20 |
sicarie | So separate files is a slight increase in complexity (locations/linking), and a possibly significant adminsitrative overhead while a single file is easy to lose yoru place in | 20:20 |
sicarie | For the purposes of this migration, let's let elmiko's chapters land, but track them in the etherpad where we're tracking issues | 20:21 |
sicarie | there's no difference to the end-user and we can put off the conversation until the migration is complete | 20:21 |
Daviey | sicarie: well, i'd rather clear it up now | 20:21 |
elmiko | i guess, in this format, i prefer single file per chapter as it makes keeping the header levels in order easier | 20:22 |
sicarie | Yes, but pdesai is not around to vote, though she set up the repo to be split | 20:22 |
elmiko | whereas docbook did it for us | 20:22 |
Daviey | sicarie: I am about to start some section work, and would rather get it right first time | 20:22 |
pdesai | i am here guys | 20:22 |
sicarie | ah, excellent! | 20:22 |
elmiko | \o/ | 20:22 |
pdesai | reading through the chat history | 20:22 |
pdesai | whats up? | 20:22 |
elmiko | i missed your email and combined the chapters i did into single files | 20:23 |
Daviey | < Daviey> Single files per Chapter vs subdir with each section in | 20:23 |
sicarie | We're discussing single-files vs multiple files | 20:23 |
pdesai | i like the simplicity of having single file per ch. but we discussed last time, the main con with that, huge ch. file | 20:23 |
elmiko | yea | 20:24 |
elmiko | so, a question i have is this, if we break into section files do we need to be mindful of header levels within those files? | 20:25 |
elmiko | or do they reset in each file? | 20:25 |
pdesai | it should be consistent levels, not every section having title, for example, let me check on that | 20:26 |
sicarie | asked in -doc | 20:26 |
Daviey | i assumed if you included another file, it was treated as if it was included already | 20:26 |
Daviey | Are you thinking this is not the case | 20:27 |
Daviey | ? | 20:27 |
sicarie | Daviey: I would make that assumption as well because the styles are called out | 20:27 |
sicarie | ='s vs ~'s vs -'s | 20:27 |
sicarie | so elmiko: I think so | 20:27 |
Daviey | sicarie: Well testing locally should be pretty easy.. | 20:27 |
elmiko | yea | 20:27 |
pdesai | https://raw.githubusercontent.com/openstack/openstack-manuals/master/doc/admin-guide-cloud-rst/source/networking.rst | 20:27 |
pdesai | https://raw.githubusercontent.com/openstack/openstack-manuals/master/doc/admin-guide-cloud-rst/source/networking_introduction.rst | 20:28 |
pdesai | notice, the section header is actually a *title* in admin guide | 20:28 |
Daviey | right, that is as sicarie succulently said. | 20:28 |
elmiko | succulently? ;) | 20:29 |
pdesai | :) | 20:29 |
elmiko | ok, i can reformat my reviews. they haven't merged yet | 20:29 |
sicarie | elmiko: I'm in favor of yours landing and re-updating later so we can review how they're broken up after we've migrated | 20:30 |
sicarie | and I'll take that bug | 20:30 |
sicarie | though making the dir would probably be useful groundwork | 20:30 |
pdesai | elmiko: wait, this formating results in stand alone small sections like today | 20:31 |
elmiko | right | 20:31 |
elmiko | i just got carried away and did mass conversion =) | 20:31 |
pdesai | i think we are at a point where we take decision and everyone can follow the same formatting | 20:31 |
elmiko | for example, https://review.openstack.org/#/c/204223 | 20:32 |
pdesai | i think we all know about pros and cons of both approaches, how many would vote for seperate files per section | 20:33 |
pdesai | vs one single file per ch.? | 20:33 |
Daviey | I'm not core, so my vote doesn't carry.. but i'd certainly prefer small files.. | 20:34 |
elmiko | i don't mind single file, but i can see the wisdom of separate files | 20:34 |
sicarie | two ambivalents | 20:34 |
sicarie | pdesai? | 20:34 |
pdesai | small files | 20:34 |
pdesai | :) | 20:34 |
pdesai | sorry elmiko | 20:34 |
Daviey | suck it. | 20:35 |
elmiko | haha! | 20:35 |
Daviey | :) | 20:35 |
elmiko | fair enough, democracy in action =) | 20:35 |
pdesai | hehe | 20:35 |
sicarie | Great, so we'll break them up per pdesai's email | 20:35 |
sicarie | a topic folder, and sub-sections underneath | 20:35 |
sicarie | apologies, I have to run to a meeting I"m apparently late for | 20:35 |
* sicarie is away | 20:36 | |
pdesai | yes, sounds great | 20:36 |
pdesai | thanks guys | 20:36 |
Daviey | ta | 20:36 |
elmiko | thanks | 20:36 |
elmiko | pdesai: ok, one more question. as we create the subdirs per chapter, we will update the index.rst to reflect the head of each chapter being in the subdir? | 20:37 |
elmiko | (i'm looking at your networking.rst) | 20:38 |
elmiko | oh wait, not yours | 20:38 |
elmiko | ok, nvm. i guess we just add toctree to the chapter head files | 20:38 |
Daviey | Maybe i have missunderstood, but i thought index.rst only had to link to the top level ? | 20:38 |
elmiko | yea, i think that's correct. then we add the subsections to the chapter header rst files | 20:39 |
Daviey | right | 20:39 |
elmiko | ok, i'll fix my reviews | 20:39 |
elmiko | (even though sicare said he would) | 20:40 |
pdesai | yup index to only chapter head file, each ch. file to subsections (mostly with the same level of toctree maxdepth 2) | 20:47 |
*** y_sawai has joined #openstack-security | 20:58 | |
*** y_sawai has quit IRC | 21:03 | |
openstackgerrit | Dave Walker proposed openstack/security-doc: Conversion of Object Storage chapter to rst https://review.openstack.org/203965 | 21:05 |
openstackgerrit | Michael McCune proposed openstack/security-doc: initial conversion of data processing chapter https://review.openstack.org/204143 | 21:09 |
*** sdake_ is now known as sdake | 21:10 | |
* Daviey curses elmiko for pushing up many files in one commit | 21:17 | |
Daviey | elmiko: Oh, to be fair you didn't.. that is you splitting it up.. I withdraw my outrage! | 21:17 |
elmiko | lol | 21:23 |
elmiko | i'm limiting myself to single chapter | 21:23 |
elmiko | i just figured since i already hacked it up | 21:23 |
openstackgerrit | Michael McCune proposed openstack/security-doc: initial conversion of instance management chapter https://review.openstack.org/204223 | 21:26 |
elmiko | ok, secure comms will wait till tomorrow | 21:27 |
sigmavirus24 | I would offer to help y'all but I'm already overextended as it is =P | 21:31 |
*** lexholden has joined #openstack-security | 21:32 | |
elmiko | sigmavirus24: yea, i know the feeling ;) | 21:34 |
*** pdesai has quit IRC | 21:40 | |
*** y_sawai has joined #openstack-security | 21:45 | |
*** y_sawai has quit IRC | 21:46 | |
tmcpeak | nkinder: are notes supposed to be 72 width or 79? I never remember | 21:48 |
Daviey | tmcpeak: 79 i think | 21:51 |
sigmavirus24 | 72 is commit messages I think | 21:51 |
tmcpeak | ok cool, I know the email width is 72 but I don't remember how that actually maps to notes | 21:51 |
tmcpeak | I guess I could not be lazy and look :P | 21:51 |
Daviey | tmcpeak: You could also write a vimrc file for us. kkthnx | 21:52 |
*** pdesai has joined #openstack-security | 21:52 | |
tmcpeak | :D | 21:52 |
sigmavirus24 | oh god no | 21:52 |
tmcpeak | yeah, I've got a vimrc file for you | 21:53 |
sigmavirus24 | I like my vimrc just fine thank you | 21:53 |
Daviey | I used to love mine.. | 21:54 |
tmcpeak | width appears to be 72 | 21:54 |
Daviey | I do have spelling and line wrap for md files now | 21:55 |
Daviey | tmcpeak: Sorry, i just checked my config.. i do indeed have it at 72 | 21:55 |
sigmavirus24 | problem is that even as a dirty murrican I use the queen's english so spell checkers complain at me about behaviour or colour | 21:55 |
sigmavirus24 | and I just ignore them | 21:56 |
tmcpeak | sweet | 21:56 |
tmcpeak | sigmavirus24: you do? | 21:56 |
sigmavirus24 | I do | 21:56 |
* sigmavirus24 is out | 21:56 | |
sigmavirus24 | later all | 21:56 |
tmcpeak | laters | 21:56 |
*** sigmavirus24 is now known as sigmavirus24_awa | 21:57 | |
*** pdesai has quit IRC | 22:00 | |
Daviey | sigmavirus24_awa: I gave up on Proper english and just now default to US. | 22:00 |
*** mihero has quit IRC | 22:05 | |
*** mihero has joined #openstack-security | 22:06 | |
*** edmondsw has quit IRC | 22:07 | |
tmcpeak | hmm, no bknudson, no kinder | 22:08 |
tmcpeak | *nkinder | 22:08 |
nkinder | tmcpeak: what's up? | 22:09 |
tmcpeak | oh good | 22:09 |
tmcpeak | you are there | 22:09 |
tmcpeak | you have a link for an example for how to configure a service account to have least priv? | 22:09 |
tmcpeak | with the v3 api | 22:09 |
tmcpeak | for that note | 22:09 |
nkinder | tmcpeak: not exactly a single link, but I can give you some details | 22:09 |
tmcpeak | ok cool, that works | 22:10 |
nkinder | first thing would be to define a role for service users using the Identity API (a "services" role) | 22:10 |
tmcpeak | nkinder: ok cool, you have a pointer to an example of that? | 22:10 |
nkinder | yeah, one sec | 22:11 |
nkinder | tmcpeak: basically, you'd do this - http://paste.openstack.org/show/397301/ | 22:13 |
nkinder | tmcpeak: then you need to grant this new role to your service accounts on whatever project you use for service users | 22:13 |
tmcpeak | nkinder: ok, so this creates a role but how are the privs set for it? | 22:13 |
nkinder | with RDO, that's "services" (likely the same for others too) | 22:13 |
nkinder | we're getting to that... | 22:14 |
tmcpeak | ok :) | 22:14 |
tmcpeak | btw, if there's a clean solution like this, why isn't it just the default? | 22:14 |
openstackgerrit | Dave Walker proposed openstack/security-doc: Convert Chapter Introduction to rst https://review.openstack.org/204286 | 22:18 |
*** pdesai has joined #openstack-security | 22:18 | |
nkinder | tmcpeak: It's just history. Making big policy changes is hard, especially across multiple projects. | 22:19 |
nkinder | too easy to break the world | 22:20 |
nkinder | tmcpeak: so you then bneed to add the new role to your service users and remove the admin role - http://paste.openstack.org/show/397302/ | 22:20 |
nkinder | you would have to do that for every service user | 22:20 |
tmcpeak | fair enough | 22:20 |
nkinder | tmcpeak: ...then comes the hard part | 22:20 |
nkinder | updating policy.json files in all services for any API call that the service user might make | 22:21 |
tmcpeak | hmm, yeah, that is hte hard part | 22:21 |
nkinder | the token validation call in keystone is the obvious one | 22:21 |
nkinder | it's all of the other stuff that's more difficult | 22:21 |
nkinder | ..like the nova to neutron communication, or heat having to create trusts in keystone | 22:22 |
nkinder | ...I suppose heat uses the user's token for that, but it does a whole bunch of special stuff with it's own heat domain | 22:22 |
tmcpeak | hmm | 22:23 |
tmcpeak | I wonder how guidance for that should look | 22:23 |
openstackgerrit | Dave Walker proposed openstack/security-doc: Convert Chapter Introduction to rst https://review.openstack.org/204286 | 22:24 |
tmcpeak | if I show one example it would probably break keystone ;) | 22:24 |
*** tjt263 has joined #openstack-security | 22:24 | |
tmcpeak | nkinder: from what I've seen heat is just "cloud god" | 22:25 |
nkinder | not exactly. It uses keystone trusts to do things | 22:25 |
nkinder | it has power, but it's actually using delegation | 22:25 |
tmcpeak | hmm, yeah, but it does have unfettered root access on all the boxes, right? | 22:26 |
nkinder | tmcpeak: what do you mean? | 22:26 |
nkinder | tmcpeak: it can impersonate a user who has defined a stack in heat, which allows it to create that stack | 22:27 |
nkinder | tmcpeak: It's going to be very hard to list every policy that needs to be changed to do this | 22:27 |
nkinder | lots and lots of testing... | 22:28 |
tmcpeak | nkinder: yeah, for sure | 22:28 |
nkinder | if it was easy, it would already be documented and the default | 22:28 |
tmcpeak | and if we're going to do all that work we should just merge the fixes and skip the note | 22:28 |
tmcpeak | yeah | 22:28 |
tmcpeak | so what is practical guidance for using this we can/should recommend? | 22:28 |
tmcpeak | if users go in and start messing around with roles they're likely to brick their cloud | 22:28 |
tmcpeak | we don't even know there aren't hidden monsters | 22:28 |
tmcpeak | do we? | 22:29 |
nkinder | change policies and test is all that we can really say. It would be trial and error honestly. | 22:29 |
tmcpeak | nkinder: yeah, I'm thinking so too, but is that really something we want to recommend then? | 22:30 |
nkinder | We can state that keystone allows you to define more granular roles and policies, but it's not clearly defined what all needs to be changed for a particular cloud. | 22:30 |
nkinder | tmcpeak: well, policy is meant to be customized | 22:30 |
nkinder | ...it's just not well understood by a lot of people | 22:31 |
nkinder | so I think we can and shoudl say that policy can be customized to have more granularity, but changes need to be carefulyl vetted and tested | 22:31 |
tmcpeak | ok cool | 22:31 |
tmcpeak | so maybe I'll show one sliver of end-to-end changes? | 22:31 |
nkinder | yes | 22:32 |
tmcpeak | ok cool, I'll give that a shot and add you for review when I get something :) | 22:32 |
tmcpeak | thanks nkinder | 22:32 |
*** elo has quit IRC | 22:32 | |
*** elo has joined #openstack-security | 22:33 | |
*** dwyde has quit IRC | 22:35 | |
*** lexholden has quit IRC | 22:36 | |
openstackgerrit | Dave Walker proposed openstack/security-doc: Convert acknowledgements Section to RST https://review.openstack.org/204291 | 22:40 |
tmcpeak | browne: tough day on Zuul huh? | 22:50 |
browne | tmcpeak: yeah everything is broken | 22:52 |
browne | its ok. i'll wait it out. this happens all the time in nova | 22:53 |
tmcpeak | ;) | 22:53 |
Daviey | Made worse by people slamming recheck | 23:00 |
*** voodookid has quit IRC | 23:04 | |
*** pdesai has quit IRC | 23:06 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!