| opendevreview | Merged openstack/ironic master: ci: fix CI (aki/ari && novncproxy containers) https://review.opendev.org/c/openstack/ironic/+/987239 | 00:40 |
|---|---|---|
| noonedeadpunk | cardoe: uWSGI but I think native wsgi is having same result now | 06:46 |
| noonedeadpunk | I haver submitted bug https://bugs.launchpad.net/ironic/+bug/2151134 | 07:12 |
| noonedeadpunk | I believe just adding healthcheck to devstack test will actually make ironic broken | 07:12 |
| *** hroy_ is now known as hroy | 07:20 | |
| opendevreview | Abhishek Bongale proposed openstack/ironic-tempest-plugin master: Add logging to baremetal scenario tests for VNC https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/987343 | 12:16 |
| elodilles | cid: hi, sorry, just a quick question, i see that there are multiple ironic release patches - sorry for not reviewing them earlier, i somehow missed them :S - and it seems that meanwhile, a security fix has landed on all branches ( https://review.opendev.org/#/q/I22a476dd3734ae4c1940c595f537be1c1a94acf5 ) don't you want to include them in the releases? | 13:26 |
| TheJulia | (I think the answer is yes, however the setup state for any answer should account for the fact our CI was down all of yesterday | 13:32 |
| rpittau | should be included, yeah | 13:34 |
| rpittau | cid: if you modify the patches I will +1 as soon as they're ready :) | 13:34 |
| opendevreview | Merged openstack/ironic-ui master: Update packaging configuration https://review.opendev.org/c/openstack/ironic-ui/+/987281 | 13:52 |
| opendevreview | Merged openstack/ironic-ui master: Drop Python 3.10 https://review.opendev.org/c/openstack/ironic-ui/+/987280 | 13:54 |
| opendevreview | Doug Goldstein proposed openstack/ironic master: bump sushy to work around timeout parameter issue https://review.opendev.org/c/openstack/ironic/+/987366 | 14:07 |
| cardoe | ^ should land and should be backported to stable/2026.1 | 14:25 |
| JayF | TheJulia: dtantsur: One of you wanna toss a review on https://review.opendev.org/c/openstack/ossa/+/986863 | 14:28 |
| JayF | if +1, I will announce today | 14:28 |
| JayF | and I'll make sure requested changes get in from existing comments | 14:28 |
| TheJulia | One minor item, its not explicitly an "image", it just uses swift as object storage | 14:30 |
| JayF | TheJulia: dtantsur: https://review.opendev.org/c/openstack/ossa/+/986863 edited for review feedback; I will announce this version in about an hour if there's no negative feedback | 14:57 |
| TheJulia | so my plan for today regarding the AKI/ARI confusion is to put in a release note today, and then likely draft up a blog post. It feels appropriate to point out CVE response can be a chaotic time and that is is really necessary to contextualize input as we get it | 14:57 |
| TheJulia | I haven't figured out the exact tone yet, it will come to me as my fingers meet the keyboard to do it | 14:59 |
| dtantsur | JayF: could you adjust affiliation per the latest template? | 14:59 |
| dtantsur | (if it's acceptable at all, of course) | 15:00 |
| JayF | dtantsur: please comment the string you want -- do you want "Red Hat, Metal3.io Security Team" or just Red Hat (and Ericson) | 15:00 |
| dtantsur | JayF: it was a lot of back-and-forth, we ended up with `Tuomo Tanskanen (Ericsson Software Technology) and Dmitry Tantsur (Red Hat) from the Metal3.io security team` | 15:02 |
| JayF | that is not the format of our OSSA | 15:05 |
| JayF | it's literally an "affiliation:" field per person | 15:05 |
| JayF | so I can't do ((X from Y) (X from Y) from Z) | 15:05 |
| dtantsur | yeah, sure, feel free to split them apart | 15:05 |
| JayF | so "Red Hat (Metal3.io Security Team)" ? | 15:06 |
| dtantsur | JayF: yep, for instance | 15:08 |
| cid | elodilles, rpittau, There was a conversation yesterday that we might want the molds feature removal to land first https://review.opendev.org/c/openstack/ironic/+/986703 before cutting the first release. | 15:27 |
| cid | And that change was held up by the glance related change (I think that's sorted now?), so I will confirm and recheck it | 15:27 |
| cid | And we also want the release for sushy landed first so that it's included in the Ironic release. | 15:27 |
| cid | https://review.opendev.org/c/openstack/releases/+/986893 | 15:28 |
| cid | As I understand it, 2 security fixes (socat console && molds validation) will already be part of the release. | 15:29 |
| cid | And we are waiting for the actual feature removal as well. | 15:29 |
| opendevreview | Doug Goldstein proposed openstack/python-ironicclient master: feat: add support for new runbook traits API https://review.opendev.org/c/openstack/python-ironicclient/+/983734 | 15:48 |
| cardoe | stephenfin: since you're talking types... https://review.opendev.org/c/openstack/python-ironicclient/+/983734 is a weird one... if I use "list" instead of "List". mypy is getting confused and saying that RunbookManager has no method list | 15:49 |
| cardoe | pyright is fine | 15:49 |
| opendevreview | Clif Houck proposed openstack/ironic master: Add a configuration option that enables partition images https://review.opendev.org/c/openstack/ironic/+/987387 | 16:23 |
| stephenfin | cardoe: We saw that in SDK recently too. You need to use `builtins.list` | 16:24 |
| cardoe | Are we somehow stomping global scope? | 16:24 |
| stephenfin | Not quite. There's a list method on that class. It's at the same scope as the annotation and is "closer" so it's definition win | 16:25 |
| stephenfin | *its | 16:25 |
| opendevreview | Doug Goldstein proposed openstack/python-ironicclient master: feat: add support for new runbook traits API https://review.opendev.org/c/openstack/python-ironicclient/+/983734 | 16:27 |
| cardoe | ah well.. thanks... I hate it... but makes sense. :-D | 16:27 |
| stephenfin | also, iirc it'll fail at runtime (so not only under mypy) on Python 3.14 or later | 16:27 |
| stephenfin | https://github.com/stephenfin/python-314-scoping-reproducer | 16:27 |
| stephenfin | I also hate it. Almost enough to s/def list/def index/ across SDK 😅 | 16:28 |
| cid | sushy is cut https://review.opendev.org/c/openstack/releases/+/986784 | 16:31 |
| cid | rpittau, can I batch the epoxy, flamingo, and gazpacho releases for ironic as one commit? Just like the sushy one? | 16:31 |
| cid | I am doing it anyway, I can always abandon an invalid change. | 16:31 |
| JayF | there is a #openstack-release you can ask in as well | 16:32 |
| JayF | but I'd just suggest put a best effort PR up | 16:32 |
| JayF | and internalize any feedback for the future ones | 16:32 |
| cid | Yeah. I already know it's possible, not just sure if for Ironic as well. | 16:33 |
| JayF | my hunch is they'd prefer it b/c fewer overall patches | 16:36 |
| JayF | but there's like two people on releases team so I tend to just do whatever they ask, however they ask, saying thank you as much as possible | 16:36 |
| opendevreview | Clif Houck proposed openstack/ironic-python-agent master: Add a flag to enable partition images https://review.opendev.org/c/openstack/ironic-python-agent/+/987391 | 16:37 |
| opendevreview | Clif Houck proposed openstack/ironic-python-agent master: Standardize how we test if an image is a partition image https://review.opendev.org/c/openstack/ironic-python-agent/+/987392 | 16:37 |
| cid | :D | 16:39 |
| JayF | dtantsur: That affiliation did not get updated before OSSA-2026-010 merge. It got missed. I am sorry and will update with errata if it's meaningful. | 16:43 |
| JayF | cid: email a reply to the CVE ticket you filed for OSSA-2026-010. Link to https://security.openstack.org/ossa/OSSA-2026-010.html and let them know it's now public | 16:46 |
| JayF | cid: let me know when they reply and I can tie the CVE to the launchpad | 16:46 |
| cardoe | cid: https://review.opendev.org/c/openstack/ironic/+/987366 | 16:46 |
| cardoe | That's the bump to sushy and I made a release note so we can backport it to stable/2026.1 | 16:46 |
| cid | +2ed | 16:48 |
| gouthamr | JayF: dtantsur: since OSSA-2026-008 was published with the same affiliation, maybe you could choose to skip? but it's a point to note for future advisories | 16:50 |
| JayF | I think we want "Dmitry Tantsur from Red Hat & Metal3.io Security Team" and same with Tuomo, just Ericson instead (the whole string is in the bugs) | 16:50 |
| gouthamr | i think at this point we've a list of known suspects for OSSA/OSSN/CVE credit | 16:50 |
| gouthamr | oh | 16:51 |
| gouthamr | so it's incorrect? | 16:51 |
| JayF | It's incomplete. | 16:51 |
| JayF | The string they gave us is "Person A from ACorp and Person B from BCorp with the Metal3.io Security Team" | 16:51 |
| JayF | so it doesn't exactly fit our existing model | 16:51 |
| JayF | I suggest we update sans errata and sans re-notification as it's not a security-impactful update, | 16:52 |
| TheJulia | following up on sushy, thank you for the bulk release | 16:52 |
| stephenfin | JayF: Not urgent, but I'd a small follow-up to Karan's typing work https://review.opendev.org/c/openstack/python-ironicclient/+/986719 It'd be nice to (a) be able to use these hints in other projects and (b) get a green tick beside python-ironicclient in my tracker https://that.guru/blog/are-we-typed-yet/ | 16:56 |
| cid | JayF, re 'CVE ticket.'. I just sent the mail... "OSSA-2026-010 is now public: https://security.openstack.org/ossa/OSSA-2026-010.html. Feel free to publish the CVE; I'll link it on Launchpad once it's live." | 16:58 |
| gouthamr | cid: i think they expect their web form to be used: https://cveform.mitre.org/ Select: "Notify CVE about a publication" | 17:04 |
| cid | Oh, on it! | 17:09 |
| JayF | gouthamr: whoa, really | 17:10 |
| JayF | gouthamr: I've been doing this wrong for [length-of-time-in-VMT] | 17:10 |
| TheJulia | I guess I need go push a patch now | 17:10 |
| opendevreview | Michal Nasiadka proposed openstack/bifrost master: [WIP] Experimental support for ARM64 hosts on Debian https://review.opendev.org/c/openstack/bifrost/+/920057 | 17:11 |
| TheJulia | oh, I pushed it already, yay! | 17:21 |
| TheJulia | a sign of too many plates | 17:22 |
| JayF | TheJulia: https://www.youtube.com/watch?v=Cb6NS_F5xTE ? (there's a guy who does a modern version of this act ... with cakes on the plates ... and the mess that ensues even when successful) | 17:23 |
| * TheJulia loads random Lucy Darling clip | 17:25 | |
| JayF | TheJulia: she's in Tacoma weekend after this ... but was sold out (well, down to a single ticket available) by the time I heard about it :( | 17:25 |
| cid | TheJulia, I was working on a patch for shellinabox's equivalent shell-injection vector patch and I am finding out that it's not vulnerable and Claude seems to agree with me. | 17:48 |
| TheJulia | cid: oh cool, please add a verbose comment just to close the loop. Thanks! | 17:48 |
| JayF | I'd docuement the findings in the .. ^ yup | 17:48 |
| cid | Ok. Will do! | 17:49 |
| opendevreview | Merged openstack/python-ironicclient master: Add missing py.typed file, typing classifier https://review.opendev.org/c/openstack/python-ironicclient/+/986719 | 17:52 |
| *** hroy_ is now known as hroy | 18:02 | |
| cardoe | TheJulia: https://review.opendev.org/c/openstack/ironic/+/987366 is the change I'd like to get into that stable/2026.1 ironic release. | 18:57 |
| opendevreview | Julia Kreger proposed openstack/ironic master: WIP: Add TLS hardening options for Redfish BMC connections https://review.opendev.org/c/openstack/ironic/+/985882 | 18:57 |
| TheJulia | I don't love it, but since its a bugfix version bump I guess that is okay | 19:12 |
| opendevreview | Julia Kreger proposed openstack/ironic master: WIP: Add TLS hardening for HTTP image service connections https://review.opendev.org/c/openstack/ironic/+/985883 | 19:19 |
| opendevreview | Julia Kreger proposed openstack/ironic master: WIP: Add TLS hardening for OCI registry connections https://review.opendev.org/c/openstack/ironic/+/985884 | 19:19 |
| opendevreview | Julia Kreger proposed openstack/ironic master: WIP: Add TLS hardening for Ansible stream_url module https://review.opendev.org/c/openstack/ironic/+/985885 | 19:19 |
| cardoe | I can blacklist in global-requirements.txt if that's better. | 19:53 |
| cardoe | We're in full compromise mode in #openstack-ironic the amount of times I've heard "I don't like it... but fine" these past two days. :D | 19:59 |
| opendevreview | Julia Kreger proposed openstack/ironic master: trivial: add follow-up release note for ari/aki confusion https://review.opendev.org/c/openstack/ironic/+/987422 | 20:00 |
| cardoe | I brokered a compromise between my boys and their friends on some camping activities they wanted to do in the time schedule we had yesterday. And I polled all of them if they were happy. And they all said no. So I told them that's how I know we got the best plan that we could make. | 20:01 |
| * JayF really dislikes that model for consensus. It's very, very easy to make everyone unhappy. | 20:02 | |
| cardoe | It was nonsense middle school boys. | 20:07 |
| cardoe | We've got two weekends before the end of school. One group wanted to go 5 hours to hike part of the AT without having done any prep yet. Another group wanted to go canoeing despite us being in drought conditions for the past 8 weeks and the water levels being too low. | 20:08 |
| cardoe | Hard to explain "you guys have it so good... these weren't even options for me as a kid". | 20:09 |
| cardoe | Go outside and hit a rock with a stick and drink water from a hose if you're thirsty were my options. | 20:10 |
| opendevreview | Merged openstack/ironic master: Remove deprecated configuration molds feature https://review.opendev.org/c/openstack/ironic/+/986703 | 20:31 |
| opendevreview | Doug Goldstein proposed openstack/python-ironicclient master: feat: add support for new runbook traits API https://review.opendev.org/c/openstack/python-ironicclient/+/983734 | 20:37 |
| TheJulia | JayF: I'm with you, but... there is truth and its a super valuable lesson to teach. Cardoe is a better parent for teaching that lesson :) | 20:47 |
| TheJulia | cardoe: you mean, make lots of fire and try to learn about metallurgy ? | 20:49 |
| cardoe | probably for the best that I was never good with flint and steel | 20:50 |
| TheJulia | Interestingly enough I asked gemini about this neich forging joke, and it now thinks any piece of steel should be folded 17 times to get 131k layers | 20:50 |
| TheJulia | generally, following up from the gnashing of teeth regarding ari/aki, https://github.com/OpenStackweb/ironic-website/pull/88 | 20:58 |
| cardoe | https://github.com/openstack/sushy/blob/1909826b98675359c2fc68dc6dbce946279abcdb/sushy/oem/dell/resources/manager/manager.py#L570 seriously? we call out to the shell to run ping against an iDRAC? | 21:03 |
| cardoe | That btw is the root of the spurious failures on the iDRACs I think. | 21:05 |
| cardoe | The two hardware models I have easily in front of me both ping about 7-12 seconds before the redfish interface is actually working | 21:07 |
| * TheJulia blinks | 21:07 | |
| * TheJulia gets out the tableflip robot | 21:08 | |
| * TheJulia looks for compressors | 21:08 | |
| cardoe | My jump to conclusions mat based on timings in the log files is that this is enough time. | 21:08 |
| cardoe | So we loop back around right when it pings but redfish isn't good yet so now we attempt to connect back over redfish. It fails... we back off 3 seconds... it fails again... we back off again... we hit it again and we're now in the later part of that window when the redfish is coming up but returns a non-200 error. | 21:09 |
| TheJulia | ugh, yeah | 21:10 |
| TheJulia | so... | 21:10 |
| TheJulia | well | 21:10 |
| TheJulia | hold on, I know upgrades of the bmc os itself *can* take a bit longer | 21:10 |
| TheJulia | but even then, its ping-able, but not https endpoint accessible | 21:10 |
| cardoe | right | 21:14 |
| cardoe | That's what I'm saying. If its pingable for 12 seconds before the redfish interface is happy. And we got that successful ping right at the start of the 12 second window. Then Ironic is gonna fail on the box. | 21:15 |
| opendevreview | Jay Faulkner proposed openstack/ironic-specs master: Add 2026.2 Work Items document https://review.opendev.org/c/openstack/ironic-specs/+/986018 | 21:17 |
| JayF | landing ^ that right now | 21:17 |
| cardoe | JayF: good work herding the cats over the finish line | 21:18 |
| JayF | I didn't, really | 21:18 |
| JayF | I just told the cats the food was getting pulled today | 21:18 |
| JayF | if they come meowing at me later it's their own fault | 21:18 |
| TheJulia | meow! Meow! | 21:21 |
| TheJulia | MEEEOW! | 21:21 |
| JayF | [closes office door and puts in headphones] | 21:21 |
| TheJulia | lol | 21:22 |
| cardoe | put your paw under his door and shake the door | 21:22 |
| TheJulia | clearly, cardoe is a cat! | 21:22 |
| cardoe | where's that flipped table? I wanna flip it again. | 21:23 |
| TheJulia | okay, blog post pushed again | 21:23 |
| cardoe | We don't use tenacity in this one path. We write our own. | 21:23 |
| TheJulia | no no, your supposed to push everything off the edge ;) | 21:23 |
| * cardoe pushes a half full glass of water off of JayF's desk while making direct eye contact. | 21:24 | |
| * TheJulia needed the laughs | 21:24 | |
| cardoe | okay yeah I'm not auditing any my logs. | 21:27 |
| cardoe | ping bad mmk | 21:27 |
| cardoe | nobody else probably hits this except us | 21:27 |
| cardoe | Cause I now see its just tied into this one path when you use "known_good_state" step. | 21:28 |
| cardoe | well really "reset_idrac" step call. | 21:28 |
| TheJulia | that makes more sense | 21:31 |
| opendevreview | Merged openstack/ironic-specs master: Add 2026.2 Work Items document https://review.opendev.org/c/openstack/ironic-specs/+/986018 | 21:45 |
| opendevreview | cid proposed openstack/ironic master: Bump release mapping to 36.0.0 https://review.opendev.org/c/openstack/ironic/+/986435 | 22:04 |
| cardoe | https://review.opendev.org/c/openstack/python-ironicclient/+/983734 that'll give you the ability to test the new runbook v2 with the CLI | 22:23 |
| cardoe | https://review.opendev.org/c/openstack/python-ironicclient/+/985236 some more typing clean up | 22:24 |
| cardoe | I wanna get back to landing the new contributors typing clean ups | 22:25 |
| opendevreview | Jay Faulkner proposed openstack/ironic master: Cleanup [conductor]file_url_allowed_path https://review.opendev.org/c/openstack/ironic/+/987439 | 22:30 |
| JayF | Curious to see if that breaks any CI :) We still set the value in devstack to add /opt/stack/ironic/ | 22:31 |
| cardoe | TheJulia: https://ironicbaremetal.org needs the new release number since ya touched it. | 22:58 |
| TheJulia | Uhh, I thought that should be automatic now | 22:58 |
| TheJulia | Errr | 23:01 |
| TheJulia | https://github.com/OpenStackweb/ironic-website/pull/89 | 23:13 |
| TheJulia | maybe?! | 23:13 |
| cardoe | TheJulia: any reason to go to the unreleased? | 23:34 |
| TheJulia | There is no latest rendered, so it was always falling back I guess | 23:34 |
| cardoe | Made two comments | 23:36 |
| TheJulia | I’ll look tomorrow, migraine | 23:36 |
| opendevreview | Steve Baker proposed openstack/ironic master: Graceful browser shutdown for graphical console https://review.opendev.org/c/openstack/ironic/+/987441 | 23:52 |
| opendevreview | Steve Baker proposed openstack/ironic master: DNM re-enable graphical console testing https://review.opendev.org/c/openstack/ironic/+/987442 | 23:52 |
| opendevreview | Merged openstack/ironic-python-agent master: Remove tags from README https://review.opendev.org/c/openstack/ironic-python-agent/+/972353 | 23:54 |
| opendevreview | Merged openstack/ironic-ui master: Imported Translations from Zanata https://review.opendev.org/c/openstack/ironic-ui/+/982523 | 23:57 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!