CA certificates in the deployment configuration and those will be used instead
of generating self-signed certificates.
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@list
to bring their
own certificates.
Does this approach make sense?
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http
d be a default in all use cases.
What would you propose as the final steps to get the blueprint marked as
completed? Should documentation be added into openstack-ansible about
integrating openstack-ansible-security or should a script be provided for
quicker integrat
That sounds good. I'll hopefully get time to take a crack at that along with
the check mode enhancements this week.
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-re
esting, but it has quite a few dependencies that
may be a bit heavy resource-wise within the average openstack-ansible
environment.
I'm still on the hunt for a good solution but I appreciate the input so far!
[1] https://github.com/debop
://review.openstack.org/#/c/239525/
[2]
http://specs.openstack.org/openstack/openstack-ansible-specs/specs/mitaka/convert-aio-bootstrap-to-ansible.html
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions
like a decent plan? Let me know if that makes sense and I'll
get to work.
[1] http://docs.openstack.org/developer/openstack-ansible-security/
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWPSDTAAoJEHNwUeDBAR+x0/sP/iOO29N5wqLmbI/LU5FlGK6l
+project:openstack/openstack-ansible-security,n,z
[2] https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ
://review.openstack.org/#/q/status:open+project:openstack/openstack-ansible-security,n,z
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWHVIrAAoJEHNwUeDBAR+xFsEQAIs+UTOGLwdHQKk90Xn2zyg9
4+7UQCmWjHZG3NQb+ydlenhkAVWiPYsKqcmldEVzZu+BGAbdkhIbn777SoCcMqRD
DWv1NjJuIHcAzkf4pgjQ
into documentation as things deployers
should do locally?
[1] https://benchmarks.cisecurity.org/
[2] https://bugs.launchpad.net/openstack-ansible/+bug/1491915
[3] https://bugs.launchpad.net/openstack-ansible/+bug/1493981
[4] https://en.wikipedia.org/wiki/Information_security#Key_concepts
--
Major Hayden
ist" of CIS benchmarks and
try to tag them with one of the following:
* Do this in OSAD
* Tell deployers how to do this (in docs)
* Tell deployers not to do this (in docs)
That could be lumped in with a spec/blueprint of some sort. Would that be
beneficial?
- --
Major Hayden
-BEG
s a rough draft of a spec. Feel free to throw some darts.
https://review.openstack.org/#/c/222619/
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@list
h. One should be able to have code
> do the "turn it on" "turn it off" mechanics.
I'm completely in agreement on this one. ;)
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJV8fQcAAoJEHNwUeDBAR+x1BIP/jkq0Gd2SuPcWbMU53xADj1W
ml8VtfkJwT/gs1v8Kfd/
ributor just with more time spent more cross project and in other
> upstream communities.
I've only been working on the project for a short while, but I really
appreciate your hard work and consideration!
--
Major Hayden
_
://www.stigviewer.com/stig/red_hat_enterprise_linux_6/
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http
On 09/21/2015 07:14 PM, Sergii Golovatiuk wrote:
> Are any chance to configure chrony instead of ntpd? It acts more predictable
> on virtual environments.
That's my plan, if I can find an upstream Ansible galaxy role to use. ;)
--
Major
from other folks.
[1] https://bugs.launchpad.net/openstack-ansible/+bug/1413018
[2] https://review.openstack.org/#/c/225006/
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstac
s well with the other
services (like authentication with keystone).
[1]
https://github.com/openstack/openstack-ansible/tree/master/etc/openstack_deploy/env.d
[2]
https://github.com/openstack/openstack-ansible/tree/master/playbooks/roles
nstack-ansible-specs/specs/mitaka/security-hardening.html
[3]
https://github.com/openstack/openstack-ansible-specs/blob/master/specs/template.rst
[4]
http://specs.openstack.org/openstack/openstack-ansible-specs/specs/mitaka/independen
wouldn't pass up a trip to London
either (if it's in the cards). ;)
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http:/
]
https://docs.google.com/spreadsheets/d/1YZC6ng-AIHqbHHHeGPC2mar_JPYunvFm4BzqfAEOYLI/edit#gid=0
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWkCTcAAoJEHNwUeDBAR+xyKgP+wc4EC74SNjkz5wcwjJjR67L
KfA3y719XXVLmuYyB2PllDHC9cDYTxVJFM57/tR0xM4O5ubHm3ywjDD0G0iFQZWl
GB VM's with a highly
specialized configuration that limits resource usage but there's not
enough RAM left over for building VM's.
[1] http://docs.openstack.org/developer/openstack-ansible/developer-
docs/quickstart-aio.html
--
Major Hayden
___
aster/specs/template.rst
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
ate, not tested
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
to be moving along fairly quickly.
[1]
https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/connection/ssh.py#L245-L260
[2] https://review.openstack.org/#/c/248361/
--
Major Hayden
__
OpenStack Development Mailing
ence in results or performance between using
> paramiko or turning ssh pipelining off?
I tried running some jobs with pipelining on and off, but the errors still
appeared. It seems like the ssh client itself is part of the problem. I
haven't looked to see if Ubuntu has updated sshd recently i
s and some of them are
> not in the oslo namespace
>
> 2) OpenStack Client team as they maintain cliff already and it'd
> perhaps make more sense to have this library there.
#2 makes the most sense to me. Thanks for taking action to keep PrettyTable
alive! :)
- --
Major Hayden
-BE
ng within that
range. I'm not sure if hugging a weekend or sitting in the middle of the week
is best for us. I'd imagine that folks outside the US might appreciate a
weekend to recover from time zone changes before or after.
--
Maj
that sorted
out, we can fire up an etherpad for everyone to sign up for a spot.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXWbqdAAoJEHNwUeDBAR+xMUYP/1/SN69gCraGCO2XxR52ZKIN
NWzbeY7mw44eQyoeUBXtJLLo/qFxeQniR6ybaz/zMhqhxOliOys0rDn3Q1Xawtkn
Mq8IN
/
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXX/2sAAoJEHNwUeDBAR+xSJ0P/3H188yIgGYUDCW1Wt3Qddum
+2UNPxWSAJSMjAJhp5EeOXPR4XKvVqI5WIcn6r0ymk0Bq19GwiYe5FToXTRR4jPM
B2nI6xWDHMBpK8mF05pqfISHeKd1bxq0HZUSkhA5IgZkp39Rld3QFszfcg5XQcoT
H6KxY21OnlH
ode so that it works for both.
> I think the ops repo is the right one - we just need to get the scaffolding
> in place. I'll put a review up shortly.
Thanks, Jesse! :)
--
Major Hayden
__
OpenStack Development
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/09/2016 01:51 PM, Major Hayden wrote:
> Once we get that sorted out, we can fire up an etherpad for everyone to sign
> up for a spot.
As promised, here's a link to the etherpad:
https://etherpad.openstack.org/p/osa-midcycle-newton
he first edition for June 2016 is here:
https://major.io/2016/06/15/whats-happening-openstack-ansible-whoa-june-2016/
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXYqkyAAoJEHNwUeDBAR+xCUsP+wXzKva4jeNCpjQgQhj5m/3L
+vEhsProy9pIlouqJ+ITZ2MBMuy/u8rlvh
performance concerns documented[1], but they don't look huge.
[1]
http://stackoverflow.com/questions/766809/whats-the-difference-between-utf8-general-ci-and-utf8-unicode-ci
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXbSsXAAoJEHNwUeDBAR+x8KYP/01HJ3P2Sqjs
-October/077877.html
[3] https://review.openstack.org/#/c/243332/
[4] https://etherpad.openstack.org/p/openstack-ansible-tls-improvement
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWmP+9AAoJEHNwUeDBAR+xZpwP/Ana9JFTEGRvZSzKQHv/jQeY
/auth.yml#L60-L87
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWlmjbAAoJEHNwUeDBAR+x7zAP/RfGnihciZV0m7Jf+hVKSrzf
PEc4gauKRA1mZEFdgX4Ib137Vrztu9p1mPB29bRx9GN8aMcY2TtRwrR1QKmUOHX9
gtrjif9m5XgCM0ja/DMbj82j7pPpIQC5Tby0+CIhX27ZdgGxBpo/9UOj1Dns39Mg
DzOdNGkGVO6ngmBKdqKetjkT
ot sure if we can add this to a role by itself.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWl6O9AAoJEHNwUeDBAR+xCUMQAIg+eZudAHowbFXqwBu3XQ74
Kov9gD2hwd3wq6LPzpeFVjrd61vlw+GOMQUwJlvf5jeM0oXlw7/oRHtJWaHvLcLc
mFQDW2QTfA/jX1gGOSYctkFF6nTahNmWuSQ3G01Om0WkjNBGrZLJ
as a customer tenant network is challenging and bridging
those networks could allow an attacker to gain access to other things on that
admin tenant network.
Thanks in advance for your time.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWuLpuAAoJEHNwUeDBAR+xSF8P/j
. It's a shame that Ubuntu doesn't
have a comprehensive XCCDF profile available as the other distributions do. :/
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWuJmjAAoJEHNwUeDBAR+x7BYP/2Cv31QL7enVAXgEzHThc1Wb
ov3phFoEYCY8FFmcOoH6grSK3DsRPmPc33ma2I6bMMKWpz8j+
nd the Video Conference invitations to, so please get a Remote
> Partitipation ticket in Eventbrite [2] if you intend to join us through this
> facility.
Thanks for getting the remote participation put together for the event! :
49/
I appreciate any and all feedback! :)
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWqoIyAAoJEHNwUeDBAR+xjuEP/2TSZoziJFTbKCsu3LvfkXir
qaC/J0XZTSZVfCFB1gjqdXAsSYQT0T8gxRvEAtWkjXQ9IjbNdn+JP1TS5KntZnLc
PB5+Fg90zj00IG7RHTaeMirv9FHqRwVOwI8AQmLZRovD+t8QFIGMAFWzHY
to have this feature available?
[1]
http://docs.openstack.org/developer/devstack/guides/devstack-with-lbaas-v2.html
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWp8usAAoJEHNwUeDBAR+xXk8P/37tkHZujAbbX3SY5X4dR2wX
cmR1DN
rver instead of
the agent container. It doesn't need any special connections to isolated
networks since it talks to neutron/nova to get that done.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWp85iAAoJEHNwUeDBAR+x/BoP/RDR8dS4Z8/qf3xBPV6/Poff
ujj2ld7OgNDj+eZKsHNRnFZcoBxy
run both versions
concurrently. Brandon might be able to share a little more about the reasons
why.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWp9HwAAoJEHNwUeDBAR+x1vEP/A7b+3u42wo9Xf+YUxk83gzr
gWghI6Q/hSy/cF7lqzOUAPzm+vu/ThpLOx7x5AEbxMYIDXgNZVmU0wExhmRodH
] http://docs.openstack.org/developer/openstack-ansible-security/controls.html
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org
Andy has given you some feedback there in the review that should
help. If not, feel free to make additional comments in that review and we will
have a look. ;)
--
Major Hayden
__
OpenStack Development Mailing List (not for usage quest
you received?
That should help us figure out if it's a problem in Ansible or within your OS
configuration.
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.o
e
> /etc/network/interfaces for both controller node (br-vxlan, br-storage:
> manual without IP) and compute node (br-vxlan, br-storage: static with IP).
That makes sense. Would you be able to open a bug for us? I'll be glad to
help you write some documentation if you're inter
TLs on these projects to reach out to
these users and share gerrit dashboard[1] links? A PTL shared some of these
with me and it certainly helped me focus better on the right reviews.
[1] https://github.com/openstack/gerrit-dash-cre
ts, we
could possibly reach out to them as well. Perhaps I'm being too optimistic. :)
But, as Dolph said earlier, leaving this issue alone certainly makes it easier
to single out the folks who are doing something unproductiv
em to learn how to
> contribute in a way that has value.
I'll take a sample of the folks listed there and contact them. Hopefully I can
provide some general results here soon.
--
Major Hayden
__
OpenStack Development Mailing L
in
the Liberty release that explains how to enable the role with that release?
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?
://review.openstack.org/#/c/273257/
[2] http://docs.openstack.org/developer/openstack-ansible-security/
--
Major Hayden
signature.asc
Description: OpenPGP digital signature
__
OpenStack Development Mailing List (not for usage questions
hanks!
[1] http://docs.openstack.org/developer/openstack-ansible-security/
[2] https://review.openstack.org/#/c/301152/
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstac
consume it once it's available?
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXMyaMAAoJEHNwUeDBAR+xYwUP/iLfOuSOgW4TeOZ/pN0hkXuR
H0L1suY6R+oGjDT+xuxox2uDcAADIWbHxBKosV/1jQHJRPoWfKhBhke4W2/MOsTV
miqBrCKILLzJxdcXHrG54QHPb0FBqSLcmJIaFfysW1Rw3rH2b
have folks in the channel around the clock, so feel free
to jump in and ask questions.
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subj
k deployments, but we find new things that surprise us from time to
time. :)
Feel free to join #openstack-ansible on Freenode or hang out with us during our
IRC meetings on Thursday[2].
[1] https://github.com/major/openstack-ansible/tree/octavia
[2] https://wiki.openstack.org/wiki/Meetin
ct, I can think of no better addition to the
> core reviewer team.
Thanks for all the kind words in the thread! :)
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXLNmtAAoJEHNwUeDBAR+xVI0P/0qPXf+Th0Rw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2016 12:45 PM, Major Hayden wrote:
> The existing openstack-ansible-security role uses security configurations
> from the Security Technical Implementation Guide (STIG) and the new Red Hat
> Enterprise Linux 7 STIG is due
the Etherpad:
https://etherpad.openstack.org/p/osa-mascot
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.opensta
ing excellent work.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXjT6hAAoJEHNwUeDBAR+xeDMP/2Q0SGZFaLmrI1tQ6KJjmp7F
yzxg1KTpc27sI1yPsAfAxk6kjCIyPAxEkY0rzS0QrOM1mBbrn1PvxEzoVqF6UWD0
4VPS20Gy256pF0BBBLEdmGsctIELvO36AAmmQjMq8PQIismvjHezePhiE16MzSol
urWOOrIJP5WFxDjD
ommunity begins building scenario-based documentation.
Thanks for writing this, Travis! It's really easy to follow along and I plan
to give this a run-through in the lab in the next week or two. :)
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXfU1dAAoJEHNwUe
help! I plan to put a spec together once I get some
feedback.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJXo38iAAoJEHNwUeDBAR+xH5YP/0kmhZC4a1FAyV+OlEWcKM4p
qYZhHscgWqtmYHLgX5q51IyGEas9ae89cxF2ThskvF+LZ37+RfwaUAjpCwFR6wgB
work to be done.
[0]
http://specs.openstack.org/openstack/openstack-ansible-specs/specs/mitaka/lbaasv2.html
[1] https://review.openstack.org/#/c/417210/
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJYmdSOAAoJEHNwUeDBAR+xk
+1
Anyone who gets into the SELinux trenches with me that many times is
worth having as a core. ;)
--
Major Hayden
On Fri, Feb 3, 2017 at 7:33 AM, Jesse Pretorius
<jesse.pretor...@rackspace.co.uk> wrote:
> I’d like to propose Marc Gariepy [1] as a core reviewer for
> OpenStack-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/27/2017 08:29 AM, Alexandra Settle wrote:
> I would like to propose Amy Marrich for the core team for OpenStack-Ansible.
+3.14
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJYi15kAAoJEHNwUeD
changed for Ocata?
Thanks!
[0] https://review.openstack.org/#/c/426857/
[1] https://review.openstack.org/#/c/418494/
[2] https://github.com/pallets/jinja/releases/tag/2.9.5
[3] https://github.com/pallets/jinja/pull/624
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
ents list will
> then be wrong.
I've gone ahead and abandoned the patch for now. It's not critical at the
moment and 2.8.1 should be acceptable for Ocata.
Thanks, though!
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJYj7SnAAoJEHNwUeDBAR+xpGcP/24gEQq//FL
gt; and I’ll no longer be able to invest the time and energy required to maintain
> my involvement in the community.
Thanks for all you've done for the project and for all you've done for the
OpenStack-Ansible community members, too. We wish you the best in your future
endeavors! :)
THOROUGHLY ABOUT THIS ALREADY. SERIOUSLY. I'M WORKING ON
IT! SHEESH!
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http
time. =)
Correct! The Ocata release of OpenStack-Ansible will certainly support Ubuntu
16.04 as the primary OS, but there is a subset of us who are trying to get it
working well on CentOS 7 as well. ;)
--
Major Hayden
__
Ope
ded with LXC containers
I'm still working on reducing some of these bugs down into something tangible
but I hope to do that soon.
[0] https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1638695
[1] https://bugs.launchpad.net/openstack-ansible/+bug/1637494
--
to read. I'd really love to get some feedback on it
and see if it's useful for others.
[0] https://etherpad.openstack.org/p/osa-ptg-pike-monitoring
[1] https://review.openstack.org/#/c/436498/
[2] https://github.com/major/monitorstack
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
e helpful and the information contained within them is used when we
improve OSA. The Security Guide is also extremely useful for deployers who
need advice on configuring OpenStack in a secure way.
--
Major Hayden
signature.asc
Description: OpenPGP digital
, Mark! :)
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIsBAEBCAAWBQJXteJHDxxtYWpvckBtaHR4Lm5ldAAKCRBzcFHgwQEfscaxD/9g
gL9yvPldW8rICf+WNw2nEUsVI5omtknza0n7BJLOlWe0m600rLJWgtvFTROXbaAq
Yjsoz3gsS9i8wZTooeTW3cYfJp/TCQwGQAO3YYjVZVxrwtGwZbplWLrRsQbLyRCF
Rot0m0PIyjK8u0doYR7qQR016X+Kd5i
-- send me
some! :)
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIsBAEBCAAWBQJXvaBPDxxtYWpvckBtaHR4Lm5ldAAKCRBzcFHgwQEfsXC3D/0W
NzygxrJ0YQH4feQBTRWbtMP3mtlCX740nSjM4F1TV0OyH9I7y4xE4SotSVvsOtjB
E0dEp8WPNpfxcmzb1ORu5kMgCYWjyDMs+c9Dk40G3dV3dXwJ/D1xWOOMcwKCzyQr
OpenStack-Ansible training from Hastexo!
Previous reports are always available via the 'whoa' tag:
https://major.io/tag/whoa/
Please send over any feedback you have. I wish everyone safe travels to
Barcelona in a few weeks! :)
--
Major Hayden
signature.asc
Description: OpenPGP digital
On 11/02/2016 08:51 AM, Major Hayden wrote:
> At this point, I'm still trying to test some additional theories. Does anyone
> have any other ideas?
Here's an update for today. There are a few bugs open now:
OpenStack-Ansible bug:
https://bugs.launchpad.net/openstack-ansible/+bug/1
(16.04 was about half of 14.04). I set them both
to the same value but the performance testing didn't change.
Does anyone else have any ideas of what might be causing this?
--
Major Hayden
signature.asc
Description: OpenPGP digital signature
On 10/28/2016 10:17 AM, Major Hayden wrote:
>> Also, when running the tests on both systems, track cpu usage and number
>> > of threads to see if one has more restrictions than the other.
> Almost no difference here.
On the topic of threads, the sysbench output from both
assuming that the two virtual machines are identical (CPU type, memory,
> threads, virtio, etc)."
They are! We've seen this occur in the OpenStack CI jobs (with KVM), and I've
also tested this with Xen and bare metal.
--
Maj
! :)
[0] https://review.openstack.org/392205
[1]
http://docs-draft.openstack.org/05/392205/2/check/gate-openstack-ansible-specs-docs-ubuntu-xenial/8f1eec1//doc/build/html/specs/ocata/octavia.html
--
Major Hayden
signature.asc
Description: OpenPGP digital signature
On 10/28/2016 04:02 AM, Major Hayden wrote:
> On the topic of threads, the sysbench output from both Trusty and Xenial are
> nearly identical with the exception of threads. Trusty is usually about
> 15-20% faster on that benchmark than Xenial.
I spoke with a few other people and it s
Hey there,
Monty was kind enough to take a photo of some of the OpenStack-Ansible team
members at the OpenStack Summit in Barcelona. Here's a link to the photo:
http://i.imgur.com/5wOOAhe.jpg
--
Major Hayden
signature.asc
Description: OpenPGP digital signature
a look at the queue of
patches[2]. I've tried my best to break up the patches into the smallest
pieces possible so that they're easier to review.
THANKS!
- ---
Thanks to everyone who has helped make this role a success with patches,
reviews, testing, and general encouragement. ;)
- --
Major
Hey folks,
A conflict came up and I won't be available to run tomorrow's weekly meeting in
IRC. Would someone else be able to take over this meeting for me?
--
Major Hayden
__
OpenStack Development Mailing List
On 01/11/2017 10:08 AM, Alexandra Settle wrote:
> I can run the meeting tomorrow ☺
Thanks so much, Alex! :)
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-r
Great work by everyone involved. ;)
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
per release notes
will be provided.
Here are some helpful links:
https://github.com/openstack/openstack-ansible-security
http://docs.openstack.org/developer/openstack-ansible-security/
If you'd like to talk on IRC, hop into #openst
on
most Thursdays. ;)
If you're new to running meetings and you want some tips on how to run a good
meeting, please let me know. I'll be happy to do some brief training!
Thanks!
[0] https://wiki.openstack.org/wiki/Meetings/openstack-ansible
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version
ng to continue to mature
> and improve the project!
We're so thankful that you've put up with us for these past two cycles! :)
You've been a beacon for quality within the project and you've carefully
fostered a ton of new development within OpenStack-Ansible. Thanks for your
efforts!
- --
Major Hayd
one makes some sense. It would be fairly easy
to template the ferm DSL files.
[0] http://ferm.foo-projects.org/
[1] http://ferm.foo-projects.org/download/examples/webserver.ferm
--
Major Hayden
__
OpenStack Development Mailing
g role is solid
in my book. ;)
Markos has been doing great work and he's automated quite a few things that we
used to push around manually. SUSE support has been building out *really*
quickly, too.
- --
Major Hayden
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGB
chances of problems down the
road if distribution defaults change.
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http:/
gt;
> IIUC, we're using 'ansible-lint' for style checks. Does it make sense to
> add a new rule which warns/enforces to set the mode (or group/user)?
I'd definitely be in support of that. We should be as explicit as possible when
we
on works within the openstack-ansible project.
This is a good start! :)
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:u
[0] https://review.openstack.org/#/c/479415/
[1]
http://docs-draft.openstack.org/15/479415/5/check/gate-openstack-ansible-specs-docs-ubuntu-xenial/6a50e01//doc/build/html/specs/pike/software-firewall.html
- --
Major Hayden
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEG/mSZJWWADNpjCUrc3BR4MEBH7EFAll4rkwACg
ovements without
ruining infra's day. ;)
As long as you can put up with a few Dad jokes, I'll be there.
--
Major Hayden
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/17/2017 12:25 PM, Major Hayden wrote:
> So my questions are:
>
> 1) Should the openstack-ansible-security role be
> renamed to alleviate confusion?
>
> 2) If it should be renamed, what's your suggestio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/23/2017 12:23 PM, Major Hayden wrote:
> I'll see if we can move forward with 'ansible-hardening' and keep everyone
> updated! :)
The repo is up and ready to go:
https://github.com/openstack/ansible-hardening
There are some p
1 - 100 of 104 matches
Mail list logo