| opendevreview | Merged openstack/ironic stable/2026.1: Add an agent flag to disable installing boatloaders https://review.opendev.org/c/openstack/ironic/+/991179 | 00:32 |
|---|---|---|
| kubajj | Good morning Ironic. o/ | 08:22 |
| kubajj | Does anybody know if it is possible to restrict application credentials for baremetal service more than the node indentifier? | 08:24 |
| kubajj | For example, I would like to do something like this: "path": "/v1/nodes/{node_indent}/driver_info/ipmi_username" | 08:24 |
| opendevreview | Jacob Anders proposed openstack/ironic master: Fix Redfish interop profile Storage requirements https://review.opendev.org/c/openstack/ironic/+/991300 | 09:58 |
| janders | ^ first attempt by me and Claude to address the schema issue raised in https://bugs.launchpad.net/ironic/+bug/2154614 | 09:58 |
| opendevreview | Esther Domfeh proposed openstack/ironic master: feat: add state, target_provision_state, and duration_seconds to node history https://review.opendev.org/c/openstack/ironic/+/989994 | 11:03 |
| dtantsur | janders: thanks! so it was a bug in the profile in the end? | 11:58 |
| TheJulia | kubajj: not really, at least right now. I've ponderd doing some additional rbac, but could you convey your use case so I can frame your needs against my current idea | 13:12 |
| kubajj | TheJulia: we want to give rights to the repair team to change only the BMC credentials (driver_info/ipmi_username, etc.) with application credentials - their team does not have access to the nodes in Ironic, so they have to ask us when they replace motherboards, for example | 13:48 |
| TheJulia | Could you create an RFE then? I wasn't quite thinking application credentials since they... if I can recall correctly can include path scoping restrictions but I don't think we have that in the code today beyond more administrative credential or service credential usage for application passwords so you can do credential rotation using app passwords. | 13:50 |
| opendevreview | Mithun Krishnan Umesan proposed openstack/ironic master: Add TLS configuration to agent lookup response https://review.opendev.org/c/openstack/ironic/+/987887 | 13:57 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Add NETCONF OpenConfig driver documentation https://review.opendev.org/c/openstack/networking-generic-switch/+/990062 | 14:00 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Add EVPN model classes for OpenConfig NETCONF https://review.opendev.org/c/openstack/networking-generic-switch/+/991358 | 14:00 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Add L2VNI plug/unplug to NETCONF OpenConfig driver https://review.opendev.org/c/openstack/networking-generic-switch/+/991359 | 14:00 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: doc: NETCONF OpenConfig EVPN/VXLAN L2VNI docs https://review.opendev.org/c/openstack/networking-generic-switch/+/991360 | 14:00 |
| kubajj | TheJulia: will do | 14:07 |
| opendevreview | Jay Faulkner proposed openstack/ironic master: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991365 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic master: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991366 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic master: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991367 | 14:26 |
| JayF | TheJulia: dtantsur: ^ | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic bugfix/34.0: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991368 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic bugfix/34.0: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991369 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic bugfix/34.0: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991370 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic bugfix/33.0: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991371 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic bugfix/33.0: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991372 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic bugfix/33.0: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991373 | 14:26 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2026.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991374 | 14:27 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2026.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991375 | 14:27 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2026.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991376 | 14:27 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991377 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991378 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991379 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991380 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991381 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991382 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991383 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991384 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991385 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991387 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991388 | 14:28 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991389 | 14:28 |
| TheJulia | wheeeeee | 14:38 |
| rpittau | oO | 14:38 |
| cid | oO | 14:39 |
| clif | \o/ | 15:11 |
| clif | thanks for posting those JayF | 15:18 |
| dtantsur | A few typos in https://review.opendev.org/c/openstack/ironic/+/991367/1/releasenotes/notes/security-bug-2148319-49974afdcd38d9c0.yaml, not sure if we want a follow-up | 15:49 |
| JayF | I suggest a master-only follow-up. | 15:50 |
| JayF | Please avoid pushing it for an hour or two though lol | 15:50 |
| JayF | we are waiting on OSSA announcements (4 total, including 3 from us) on the doc changes merging :D | 15:51 |
| JayF | some horrible person pushed like, 24 changes in 30 seconds and gummed up the gate | 15:51 |
| JayF | <.< >.> | 15:51 |
| opendevreview | Esther Domfeh proposed openstack/ironic master: feat: add state, target_provision_state, and duration_seconds to node history https://review.opendev.org/c/openstack/ironic/+/989994 | 15:54 |
| dtantsur | lol | 15:55 |
| TheJulia | Maybe we shouldn't try to shove them into the gate *that* quick in the future... | 15:55 |
| JayF | there's no alternative | 15:56 |
| JayF | you have to have the urls for the ossa | 15:56 |
| JayF | it's a direct dependency | 15:56 |
| TheJulia | Well, that is if your focused on the timeline | 15:56 |
| TheJulia | but almost every time, we have to recheck the jobs and wait out the whole set failing anyway | 15:56 |
| JayF | we were talking amongst the VMT about maybe shifting the promised time +1hr next time we do multiples | 15:56 |
| TheJulia | granted, we've done some timeout tuning | 15:56 |
| JayF | but we have to have changes in gerrit for OSSA to be completed, which means we always need to push them all | 15:56 |
| TheJulia | so maybe things are bit better | 15:56 |
| TheJulia | oh well | 15:57 |
| JayF | only real alternative would be patchset 1 disabling all jobs, then pushing a PS2 after the OSSA lands with the jobs re-enabled | 15:57 |
| JayF | meh-tastic | 15:57 |
| JayF | just sorta a side effect, it's fine, I don't want us to build giant dams that'll sit dry once the tsunami is over | 15:57 |
| TheJulia | yeah | 15:58 |
| TheJulia | fair enough | 15:58 |
| TheJulia | oh wow, it looks like the master branch changes will land soon-ish | 16:03 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Add EVPN model classes for OpenConfig NETCONF https://review.opendev.org/c/openstack/networking-generic-switch/+/991358 | 16:07 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Add L2VNI plug/unplug to NETCONF OpenConfig driver https://review.opendev.org/c/openstack/networking-generic-switch/+/991359 | 16:07 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: doc: NETCONF OpenConfig EVPN/VXLAN L2VNI docs https://review.opendev.org/c/openstack/networking-generic-switch/+/991360 | 16:07 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Add trunk subport for NETCONF OpenConfig driver https://review.opendev.org/c/openstack/networking-generic-switch/+/991458 | 16:07 |
| opendevreview | Harald Jensås proposed openstack/networking-generic-switch master: Netconf: Document Neutron trunk port support https://review.opendev.org/c/openstack/networking-generic-switch/+/991459 | 16:07 |
| opendevreview | Clif Houck proposed openstack/ironic-python-agent master: Standardize how we test if an image is a partition image https://review.opendev.org/c/openstack/ironic-python-agent/+/987392 | 16:16 |
| clif | JayF: what's the right way to pin CI to a specific version of python for the backports? | 16:31 |
| clif | because it looks like my patches are failing when CI tries to run on versions of python that are more recent and failing due to that | 16:32 |
| clif | like if I run `tox -e py3` locally things will fail, but if I run `tox -e py310` everything passes | 16:33 |
| clif | even if I set basepython = py310 in tox.ini | 16:33 |
| JayF | I don't ever run `tox -epy3`; I always specify a more specific version | 16:34 |
| JayF | at this point, if some of the backports need modification to pass CI, please push patchsets on them | 16:35 |
| JayF | I've been heads down in announcements/paperwork/etc and haven't looked at the epushed patches yet | 16:35 |
| clif | right, but I'm saying I don't quite understand what CI is doing | 16:40 |
| clif | or how to modify my patches to force CI to choose a specific version of python | 16:41 |
| JayF | *in CI*; you don't. CI runs tox in a way that forces the correct python version | 16:42 |
| JayF | so e.g. openstack-tox-py310 always runs python 3.10, it's meant to work that way | 16:42 |
| JayF | for local unit test running; I use `tox -epy3XX` to specify version; but for targets like docs and releasenotes they always use latest | 16:42 |
| JayF | sometimes this means running unit tests on stable branches are easier to do in a container of that supported LTS rather than trying to get it working locally | 16:43 |
| opendevreview | Riccardo Pittau proposed openstack/bifrost master: Drop Ubuntu Jammy support https://review.opendev.org/c/openstack/bifrost/+/991470 | 16:43 |
| JayF | I'm not sure the exact mechanism it forces that; but we can reverse engineer it in our 1:1 in :17 if you want | 16:43 |
| clif | but they *do* run correctly and pass when I specify the right python version locally | 16:43 |
| rpittau | FYI openstacksdk dropped support for Python 3.10 so anything based on jammy is foobar | 16:44 |
| JayF | clif: unless you have something else for our 1:1, maybe just be ready to share screen and demo and we can talk thru it with the code | 16:44 |
| rpittau | please review the bifrost change I've just submitted, otherwise CI is kaput :) | 16:44 |
| JayF | reviewing; this looks like a noble effort rpittau ;) | 16:45 |
| rpittau | lol | 16:45 |
| JayF | If CI is happy I am, +2 | 16:45 |
| rpittau | thanks :) | 16:45 |
| clif | JayF: it seems like that's the case for the tests that are failing? what rpittau said. it's running ubuntu-jammy | 16:47 |
| rpittau | clif: if jammy is involved, then most likely that's the reason :) | 16:47 |
| JayF | why aren't constraints contraining it to working versions? | 16:48 |
| clif | https://zuul.opendev.org/t/openstack/build/be04f7e49db547998b8039dd98eb21a0/log/job-output.txt?severity=0#3057 | 16:48 |
| JayF | This seems like a problem "higher" than Ironic, so to speak | 16:48 |
| clif | like it's failing on stuff that's totally unrelated to my change | 16:48 |
| JayF | 2026-06-03 15:36:19.243442 | ubuntu-jammy | Could not import extension sphinxcontrib.seqdiag (exception: No module named 'pkg_resources') | 16:49 |
| JayF | this needs the setuptools pin | 16:49 |
| clif | what does? my patch? | 16:49 |
| JayF | that branch, generally | 16:49 |
| JayF | for stuff like this, with these CI fails | 16:49 |
| JayF | just push separate patches to get CI happy | 16:49 |
| JayF | then we merge those, recheck the security fix, it merges, happy day | 16:49 |
| clif | I don't know the setuptools pin | 16:50 |
| JayF | although for unmaintained branches; posting the change is all we're really required to do | 16:50 |
| JayF | I'm looking for the commit to backport right now | 16:50 |
| clif | ty | 16:50 |
| JayF | I mean, we don't even have to post the change to UM branches :) | 16:50 |
| JayF | clif: https://review.opendev.org/q/I204d09c264be5c5152add8bfdc2f2f87b2019c2d | 16:50 |
| clif | ¯\_(ツ)_/¯ | 16:50 |
| JayF | that needs to land on impacted branches | 16:50 |
| JayF | looks like it needs to go on unmaintained/2024.1 and unmaintained/2023.1 | 16:51 |
| clif | ok I'll post them in a minute, I have to afk for ten | 16:51 |
| * JayF process for getting that: checked out 2025.2 (random stable branch that I know has working CI), git log -> /setuptools, found the commit + plugged change-id into review.opendev.org/q/[changeid] | 16:51 | |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: ci: Pin `setuptools` to a range that still ships https://review.opendev.org/c/openstack/ironic/+/991476 | 16:57 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: ci: Pin `setuptools` to a range that still ships https://review.opendev.org/c/openstack/ironic/+/991477 | 17:00 |
| JayF | clif: I JFDI ^ | 17:00 |
| TheJulia | Uhh, was 313 intentional here? https://review.opendev.org/c/openstack/ironic/+/991380/1/.pre-commit-config.yaml#4 | 17:04 |
| JayF | nope | 17:04 |
| JayF | good catch | 17:04 |
| TheJulia | looks like it is in https://review.opendev.org/c/openstack/ironic/+/991377 as well | 17:06 |
| JayF | -1 them and I can update :-| | 17:06 |
| JayF | of course it's the one at the bottom | 17:07 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991377 | 17:08 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991378 | 17:08 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991379 | 17:08 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991380 | 17:10 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991381 | 17:10 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991382 | 17:10 |
| JayF | 2024.1 and earlier do not have pre-commit | 17:10 |
| JayF | TheJulia: ^ | 17:10 |
| opendevreview | Merged openstack/ironic master: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991365 | 17:11 |
| TheJulia | woot woot | 17:24 |
| TheJulia | we can likely use reviews on 2026.1 branch now | 17:32 |
| TheJulia | along with some workflows | 17:32 |
| opendevreview | Merged openstack/ironic master: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991366 | 17:48 |
| opendevreview | Merged openstack/ironic master: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991367 | 17:59 |
| opendevreview | Merged openstack/ironic unmaintained/2024.1: ci: Pin `setuptools` to a range that still ships https://review.opendev.org/c/openstack/ironic/+/991476 | 17:59 |
| opendevreview | Merged openstack/ironic stable/2026.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991374 | 18:57 |
| opendevreview | Merged openstack/ironic unmaintained/2023.1: ci: Pin `setuptools` to a range that still ships https://review.opendev.org/c/openstack/ironic/+/991477 | 18:57 |
| JayF | since I fixed um/2024.1 and um/2023.1 CI (I hope!), I'm rechecking the old security patches | 19:06 |
| JayF | see if we can get them in | 19:06 |
| TheJulia | k | 19:07 |
| opendevreview | Merged openstack/ironic stable/2026.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991375 | 20:01 |
| opendevreview | Clif Houck proposed openstack/ironic stable/2025.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991380 | 20:04 |
| JayF | someone is going to need to re-push the others not stacked with this | 20:04 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991381 | 20:04 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991382 | 20:05 |
| JayF | :blink: | 20:05 |
| opendevreview | Merged openstack/ironic stable/2026.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991376 | 20:05 |
| JayF | ah, rebase button | 20:06 |
| TheJulia | yasss | 20:06 |
| TheJulia | clif: do you know if it was a clean cherry-pick past 2025.1 ? | 20:06 |
| TheJulia | oh, he stepped out | 20:07 |
| * TheJulia pulls current status down to give it a spin | 20:07 | |
| opendevreview | Julia Kreger proposed openstack/ironic unmaintained/2024.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991383 | 20:12 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991384 | 20:13 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991385 | 20:13 |
| TheJulia | looks like we need to fix 2025.2 as well | 20:14 |
| opendevreview | Julia Kreger proposed openstack/ironic unmaintained/2023.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991387 | 20:16 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991388 | 20:16 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991389 | 20:16 |
| * TheJulia awaits the great OOM | 20:21 | |
| TheJulia | "hi, desktop, please kill the browser now, kthxbai" | 20:22 |
| TheJulia | https://usercontent.irccloud-cdn.com/file/GAzDYmwd/1780518544.JPG | 20:29 |
| TheJulia | toats AI, but still sort of fun | 20:29 |
| opendevreview | Merged openstack/ironic bugfix/34.0: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991368 | 20:31 |
| opendevreview | Merged openstack/ironic bugfix/34.0: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991369 | 20:36 |
| opendevreview | Julia Kreger proposed openstack/ironic stable/2025.2: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991377 | 20:37 |
| JayF | clif: are you around to fix 2025.2 as well? Or do I need to? | 20:37 |
| TheJulia | uhh, going to have to revisit them all again | 20:37 |
| TheJulia | on it alrady | 20:37 |
| JayF | uh oh, what? | 20:38 |
| TheJulia | bandit needs nosec | 20:38 |
| JayF | ah | 20:38 |
| JayF | I hate bandit | 20:38 |
| JayF | I'm pretty sure at this point it provides more PITA than value | 20:39 |
| TheJulia | I gave bad advice and bandit is particular | 20:39 |
| opendevreview | Julia Kreger proposed openstack/ironic stable/2025.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991380 | 20:41 |
| opendevreview | Julia Kreger proposed openstack/ironic unmaintained/2024.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991383 | 20:44 |
| opendevreview | Julia Kreger proposed openstack/ironic unmaintained/2023.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991387 | 20:45 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991378 | 20:45 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.2: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991379 | 20:45 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991381 | 20:46 |
| opendevreview | Jay Faulkner proposed openstack/ironic stable/2025.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991382 | 20:46 |
| opendevreview | Merged openstack/ironic bugfix/34.0: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991370 | 20:46 |
| TheJulia | That should be good, another wave workflowed | 20:53 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991384 | 21:17 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2024.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991385 | 21:17 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991388 | 21:42 |
| opendevreview | Jay Faulkner proposed openstack/ironic unmaintained/2023.1: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991389 | 21:42 |
| JayF | https://review.opendev.org/c/openstack/ironic/+/986816 WE HAVE CI PASS ON UM/2024.1 \o/ \o/ \o/ | 21:43 |
| JayF | landing CVE-2026-42997 now | 21:43 |
| JayF | all outstanding changes on um/2024.1, except the 3 OSSAs from today, are rechecked and workflowed | 21:45 |
| TheJulia | woot | 21:45 |
| TheJulia | looks like we have differences in pep8 config versions which cause the change to need to be different across versions, I'll let zuul give results before I dive deep into it at this point | 21:45 |
| JayF | clif and I were talking downstream about how we suspect there's some weirdness | 21:47 |
| JayF | specifically observed with bandit but in general this is making me question more than just that | 21:47 |
| JayF | around pre-commit using inconsistent versions of things locally, making it difficult/impossible to reproduce CI | 21:47 |
| TheJulia | yeah, partly why I just want to try and get what can land land and move on from there | 21:58 |
| TheJulia | also, exercise is needed and just trying not to over do it | 21:59 |
| JayF | that's why I JFDI fixed um/2024.1 and suggested clif file the bug rather than bang head on a hard but ... low impact problem | 21:59 |
| opendevreview | Merged openstack/ironic bugfix/33.0: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991371 | 22:13 |
| opendevreview | Merged openstack/ironic bugfix/33.0: security: directory transversal ISO9660 support https://review.opendev.org/c/openstack/ironic/+/991372 | 22:17 |
| opendevreview | Merged openstack/ironic bugfix/33.0: security: disable driver_info level pxe_template override https://review.opendev.org/c/openstack/ironic/+/991373 | 22:22 |
| JayF | https://review.opendev.org/c/openstack/ironic/+/991377 could use an additional core review and +A | 22:44 |
| JayF | I will likely self-workflow before my EOD if someone else doesn't | 22:44 |
| * JayF JFDI | 22:45 | |
| JayF | 3 OSSAs from today on the way into 2025.2 | 22:45 |
| opendevreview | Verification of a change to openstack/ironic unmaintained/2024.1 failed: security: validate molds url against swift in keystone catalog https://review.opendev.org/c/openstack/ironic/+/986816 | 23:07 |
| opendevreview | Julia Kreger proposed openstack/ironic unmaintained/2024.1: Ensure kernel_append_params are valid kernel parameters https://review.opendev.org/c/openstack/ironic/+/991383 | 23:38 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!