Re: [openstack-dev] [openstack-ansible][security] Security hardening backport to Liberty desirable?

[Jesse Pretorius]

On 7 March 2016 at 14:25, Major Hayden  wrote:

>
> That seems reasonable.  Would it be appropriate to add some documentation
> in the Liberty release that explains how to enable the role with that
> release?
>

Yes, I think that's a perfectly reasonable thing to do.
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [openstack-ansible][security] Security hardening backport to Liberty desirable?

[Major Hayden]

On 03/05/2016 06:40 AM, Jesse Pretorius wrote:
> Liberty is a stable branch and the Mitaka release is just around the corner. 
> I think it's a bit late in the game to add it. Consider, also, that deployers 
> can easily consume the role with their own playbook to execute it if they 
> would like to.
> 
> *If* a backport is supported by the consuming community and core team, I 
> would only support an opt-in model to allow deployers to make use of the 
> role, but only if they choose to.

That seems reasonable.  Would it be appropriate to add some documentation in 
the Liberty release that explains how to enable the role with that release?

--
Major Hayden

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [openstack-ansible][security] Security hardening backport to Liberty desirable?

[Jesse Pretorius]

On 4 March 2016 at 16:50, Major Hayden  wrote:

> Hey folks,
>
> I have proposed a review[1] which adds the openstack-ansible-security[2]
> role to OpenStack-Ansible's Liberty release.  I would really appreciate
> some feedback from deployers on whether this change is desirable in Liberty.
>
> The role applies cleanly to Liberty on Ubuntu 14.04 and the role already
> has some fairly basic gating.
>
> The two main questions are:
>
>   1) Does it make sense to backport the openstack-ansible-security
>  role/playbook to Liberty?
>   2) Should it be applied by default on AIO/gate builds as it is
>  in Mitaka (master)?
>
> Thanks!
>
> [1] https://review.openstack.org/#/c/273257/
> [2] http://docs.openstack.org/developer/openstack-ansible-security/


Hi Major,

Liberty is a stable branch and the Mitaka release is just around the
corner. I think it's a bit late in the game to add it. Consider, also, that
deployers can easily consume the role with their own playbook to execute it
if they would like to.

*If* a backport is supported by the consuming community and core team, I
would only support an opt-in model to allow deployers to make use of the
role, but only if they choose to.
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [openstack-ansible][security] Security hardening backport to Liberty desirable?

[Major Hayden]

Hey folks,

I have proposed a review[1] which adds the openstack-ansible-security[2] role 
to OpenStack-Ansible's Liberty release.  I would really appreciate some 
feedback from deployers on whether this change is desirable in Liberty.

The role applies cleanly to Liberty on Ubuntu 14.04 and the role already has 
some fairly basic gating.

The two main questions are:

  1) Does it make sense to backport the openstack-ansible-security
 role/playbook to Liberty?
  2) Should it be applied by default on AIO/gate builds as it is
 in Mitaka (master)?

Thanks!

[1] https://review.openstack.org/#/c/273257/
[2] http://docs.openstack.org/developer/openstack-ansible-security/

--
Major Hayden



signature.asc
Description: OpenPGP digital signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev