Wednesday, 2026-07-08

opendevreviewRiccardo Pittau proposed openstack/ironic-prometheus-exporter master: Replace fixed sleep with active polling in DevStack plugin  https://review.opendev.org/c/openstack/ironic-prometheus-exporter/+/98844209:38
opendevreviewVerification of a change to openstack/tenks master failed: Add openstack.cloud collection to requirements  https://review.opendev.org/c/openstack/tenks/+/99306012:39
opendevreviewJed Preist proposed openstack/tenks master: Add Redfish support  https://review.opendev.org/c/openstack/tenks/+/99569713:02
TheJuliagood morning13:26
opendevreviewJed Preist proposed openstack/tenks master: Add Redfish support  https://review.opendev.org/c/openstack/tenks/+/99569713:26
opendevreviewMerged openstack/ironic bugfix/37.0: Only query Glance image members for shared images  https://review.opendev.org/c/openstack/ironic/+/99634513:43
JayFI am about to post a stack of patches, please prioritize their review and hold other patches from the gate until these land13:51
opendevreviewJay Faulkner proposed openstack/ironic master: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99646113:52
iurygregoryJayF, ack13:53
opendevreviewJay Faulkner proposed openstack/ironic master: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646213:53
dtantsur^^^ needs sanity-check from someone who is not me13:53
dtantsuriurygregory, rpittau ^^^13:54
opendevreviewJay Faulkner proposed openstack/ironic bugfix/37.0: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99646313:54
iurygregorylooking now 13:54
opendevreviewJay Faulkner proposed openstack/ironic bugfix/37.0: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646413:54
JayFfor some reason gerrit didn't like the signoffs for 44918, I'm having to amend the commit13:54
JayFI can't tell why but I'm just adding one it likes and moving forward13:55
opendevreviewJay Faulkner proposed openstack/ironic stable/2026.1: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99646613:56
opendevreviewJay Faulkner proposed openstack/ironic stable/2026.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646913:56
opendevreviewJay Faulkner proposed openstack/ironic bugfix/34.0: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647013:56
opendevreviewJay Faulkner proposed openstack/ironic bugfix/34.0: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647113:57
opendevreviewJay Faulkner proposed openstack/ironic bugfix/33.0: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647313:57
opendevreviewJay Faulkner proposed openstack/ironic bugfix/33.0: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647413:58
opendevreviewJay Faulkner proposed openstack/ironic stable/2025.2: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647513:58
opendevreviewJay Faulkner proposed openstack/ironic stable/2025.2: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647613:58
opendevreviewJay Faulkner proposed openstack/ironic stable/2025.1: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647713:59
opendevreviewJay Faulkner proposed openstack/ironic stable/2025.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647813:59
opendevreviewJay Faulkner proposed openstack/ironic unmaintained/2024.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647914:00
JayF(there is no 2024.1 for 54423)14:00
JayFGoing to get these urls into OSSAs14:01
TheJuliak14:01
rpittauJayF dtantsur: lgtm14:03
JayFif y'all could help land em it'd be ideal14:03
JayFI'll be doing paperwork another 15-20 minutes+14:03
JayFhttps://review.opendev.org/c/openstack/ossa/+/99648114:05
opendevreviewVerification of a change to openstack/ironic stable/2026.1 failed: Only query Glance image members for shared images  https://review.opendev.org/c/openstack/ironic/+/99634414:08
JayFhttps://review.opendev.org/c/openstack/ossa/+/99648214:09
opendevreviewVerification of a change to openstack/networking-generic-switch master failed: Add NetconfOpenConfigSwitch driver  https://review.opendev.org/c/openstack/networking-generic-switch/+/99006114:25
opendevreviewVerification of a change to openstack/networking-generic-switch master failed: Add NETCONF OpenConfig driver documentation  https://review.opendev.org/c/openstack/networking-generic-switch/+/99006214:25
opendevreviewVerification of a change to openstack/ironic master failed: add a mypy tox environment and CI job  https://review.opendev.org/c/openstack/ironic/+/99619214:25
opendevreviewVerification of a change to openstack/ironic master failed: Conditional check of remaining pending attributes  https://review.opendev.org/c/openstack/ironic/+/99377014:32
opendevreviewMerged openstack/ironic-python-agent-builder master: Mask dnf-makecache and fwupd-refresh services in ramdisk  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/99304914:34
opendevreviewVerification of a change to openstack/ironic bugfix/37.0 failed: Fix BIOS firmware update not applied when TaskMonitor disappears  https://review.opendev.org/c/openstack/ironic/+/99628214:38
opendevreviewVerification of a change to openstack/ironic stable/2026.1 failed: Fix BIOS firmware update not applied when TaskMonitor disappears  https://review.opendev.org/c/openstack/ironic/+/99628314:50
TheJuliaI feel like there should be a song about the gate going sideways14:54
TheJuliaPreferably in 50s lounge style14:55
JayFTheJulia: I just get this GIF in my head https://media1.giphy.com/media/v1.Y2lkPTc5MGI3NjExemo1aHd6aGJ5bHBwOW8zOHNnanMxb253ZDlvaXNucXFoNWU1b3AycCZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/yx400dIdkwWdsCgWYp/giphy.gif14:55
TheJuliais that to be let into the lounge ?14:56
TheJuliaLooks like we're going to need to do some re-checking, but that tends to happen when a bunch of patches get dropped on CI14:59
JayFyeah, mainly my goal is to get the OSSAs merged and announced15:00
JayFthen focus on patch merging15:00
TheJulia++15:00
TheJuliaWARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ReadTimeoutError("HTTPSConnectionPool(host='mirror.gra1.ovh.opendev.org', port=443): Read timed out. (read timeout=60.0)")': /pypi/simple/pecan/ :(15:00
JayFThat has been removed from rotation15:01
JayFthat site has, I believe15:01
TheJuliak15:03
TheJuliafor the record, when there is a nearby fire called the "Volcano Fire", you get images in your mind.15:13
opendevreviewMerged openstack/ironic bugfix/37.0: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99646315:15
opendevreviewDmitry Tantsur proposed openstack/ironic master: Trivial: fix pep8 violations in redfish/firmware.py  https://review.opendev.org/c/openstack/ironic/+/99649315:33
* TheJulia blinks at zuul15:47
TheJuliaI just saw a bunch of successful jobs get marked failure15:50
TheJuliaoh, no, it seems to be https://review.opendev.org/c/openstack/ironic/+/99646215:51
dtantsurBut what is success?...15:51
TheJuliaone moved off the list on my screen and that was why15:51
dtantsurhuh, this is fun https://review.opendev.org/c/openstack/ironic/+/996462/1/ironic/api/controllers/v1/node.py#320915:52
TheJuliaugh15:53
dtantsur(maybe there is a lesson in it: don't let a person who has little clue about RBAC create RBAC-related patches)15:53
TheJuliaheh, nah, thats not it ;)15:53
TheJuliaI have a meeting I have to be focused on in about six minutes, should have a semi-available brain again in about an hour15:56
TheJuliaand to think I almost punted back but after TIL moment on that line I was like "okay!"15:58
* TheJulia reminds self to be anti-magic15:58
TheJuliahttps://ftp.eu.openbsd.org/pub/OpenBSD/songs/song31.mp3 <-- for some reason, this comes to mind.15:59
opendevreviewMerged openstack/tenks master: Add Redfish support  https://review.opendev.org/c/openstack/tenks/+/99569716:02
fungii love that openbsd has continued to include a new song with every release for 24 years and counting16:06
fungioh maybe not every release, some recent ones got skipped, but 7.9 (the most recent) still got one16:07
fungiit's a fun tradition regardless16:08
TheJuliaoh yeah, I think for where they didn't make a song, they did some artwork or a comic if memory serves16:09
fungidtantsur: can i assume pavlo's comment on the child node rbac bug (OSSA-2026-026) is the same problem you were already discussing?16:10
TheJuliafungi: yeah16:10
fungiperfect, i was mainly popping in to make sure it wasn't lost in the shuffle16:11
TheJuliaI don't entirely understand why yet, but I have a meeting and can shift the gears after the meeting16:18
dtantsurIt would be great. I don't want to pick it up so close to the evening.16:19
TheJuliasure sure16:19
opendevreviewDmitry Tantsur proposed openstack/bifrost master: Enable TLS by default, deprecate enable_tls  https://review.opendev.org/c/openstack/bifrost/+/96836316:30
opendevreviewDmitry Tantsur proposed openstack/ironic master: Add an option for OCI-specific TLS settings.  https://review.opendev.org/c/openstack/ironic/+/96836116:41
opendevreviewDmitry Tantsur proposed openstack/ironic-python-agent master: Provide more context about inspection on lookup  https://review.opendev.org/c/openstack/ironic-python-agent/+/96847517:00
opendevreviewDmitry Tantsur proposed openstack/sushy-tools master: memoize: do not leak open connections  https://review.opendev.org/c/openstack/sushy-tools/+/97222217:02
opendevreviewVerification of a change to openstack/ironic bugfix/34.0 failed: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647017:18
opendevreviewDmitry Tantsur proposed openstack/ironic master: Verify agent TLS certificate and provide diagnostics  https://review.opendev.org/c/openstack/ironic/+/91111617:38
TheJuliaokay, this is just bizare17:38
opendevreviewVerification of a change to openstack/ironic master failed: add a mypy tox environment and CI job  https://review.opendev.org/c/openstack/ironic/+/99619217:43
TheJuliadtantsur: don't beat yourself up, with the way the unit tests are patterned, there would have been no way to detect it short of looking at the actual resulting patch values getting committed to the db17:55
TheJuliaI just sent a while going "wtaf"17:55
TheJuliaspent17:55
* cardoe hides behind a yak.18:00
* TheJulia gets out the atomic yak shaver18:01
cardoeThat could possibly be my most favorite tool.18:03
cardoeLemme know if you guys need help. I'm out of the loop but happy to assist.18:04
TheJuliafwiw, assume this is the world of fallout, as long as I get the giant axalotal18:04
TheJuliaI'm just working on a test which would have detected this18:04
cardoeI've been tackling similar things with my buddy Fable but from a different angle.18:06
cardoeSo I'm making a number of distinct types for things18:06
cardoeSo you just cannot get to places if you use the right type.18:07
cardoeWon't solve the same issues but hopefully will help with others.18:08
cardoee.g. TaskManager. I've got TaskNodeManager as well. Because a TaskManager "task" doesn't necessarily have "task.node". But a TaskNodeManager MUST have a node.18:09
TheJuliaif we had really had a pattern of looking at db objects we tried to commit on api tests, we would have spotted this unfortuantely18:10
TheJuliaits one step removed, really.18:10
cardoeWe've got Node. And I've now got NodeLocked as well. Which is a node that we've locked.18:10
cardoehjensas: so I wanna make a tweak to baremetal-l2vni which on the delete/remove path we only action on the port if "baremetal-l2vni" was in the bound driver list on that port.18:12
TheJuliaI'm going to have to bump complexity up :\18:13
TheJuliacardoe: can you rephrase that into human words for context changes?18:14
cardoeuh need food?18:17
opendevreviewJulia Kreger proposed openstack/ironic master: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646218:18
cardoeYour brain is mushy from ^18:18
TheJuliago eat18:18
cardoeAnd my brain is mushy from other stuff.18:18
TheJuliasomething tasty18:18
cardoeSo binding_vif_details has a dictionary with the keys being string-ified numbers starting with 0 and incrementing for each "binding level" that was completed by a driver.18:21
cardoeSo in the repo test case you'll have {"0": "baremetal-l2vni", "1": "networking-generic-switch"}18:22
TheJuliaoh, that would be perfect and enable clean unwind without making level assumptions18:22
cardoeThat's because we have "mechanism_drivers = ovn,baremetal_l2vni,baremetal,genericswitch" in our neutron config.18:23
TheJuliawell, relying upon config is actually "wrong" because that can change18:23
cardoeAnd lemme correct my example above based on actually reading18:23
TheJuliaif your unwindinging and that order changes because someone doesn't know better18:23
TheJuliathen you risk a failed unbind or sloppy state18:23
cardoe{"0": "baremetal_l2vni", "1": "genericswitch"}18:23
TheJuliawhich ideally should never be left18:23
cardoeIn the current releases of neutron you'll bind / create / update in the order of mechanism_drivers. You'll also remove / delete IN order as well.18:24
cardoeI've patched Neutron in master now to do remove / delete in reverse order.18:24
TheJuliagooooooood18:26
cardoeI'm adding a helper method for the remove / delete case which driver.am_i_bound(self, port)18:26
TheJulia^^^ please ensure the good is in the voice and cape of Darth Sidious 18:26
cardoeWhich checks to see if "baremetal_l2vni" appears in that binding_vif_details for example for that method if its called from the baremetal_l2vni driver18:27
cardoeIf it's false then we return out and don't do anything.18:27
TheJuliacardoe: if you wouldn't mind, a review on https://review.opendev.org/c/openstack/ironic/+/99646218:28
TheJuliathat makes sense, if we can get neutron to land general improvements18:28
TheJuliafwiw, once 996462 starts passing, I guess I'll start cherry-picking it along18:38
opendevreviewMerged openstack/ironic stable/2025.2: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647518:40
opendevreviewMerged openstack/ironic stable/2026.1: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99646618:40
opendevreviewMerged openstack/ironic master: Trivial: fix pep8 violations in redfish/firmware.py  https://review.opendev.org/c/openstack/ironic/+/99649318:48
TheJuliaLooks like CI is good for https://review.opendev.org/c/openstack/ironic/+/996462 just maybe 8 more jobs left to pass19:07
TheJuliacardoe, iurygregory, if one of y'all could +2 https://review.opendev.org/c/openstack/ironic/+/996462 it woudl be appreciated19:08
cardoeOh my bad. You asked me to review something and I kept talking and walked off to eat.19:08
JayFTheJulia: do you want me to abandon my existing backports or are you gonna reuse the change-id?19:09
TheJuliaI'll keep the change Id and just re-cherry-pick19:10
TheJuliathat way keeps the paperwork from needing to be amended19:10
JayFoh yeah of course, I forgot about that19:11
JayFideal19:11
opendevreviewJulia Kreger proposed openstack/ironic bugfix/37.0: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646419:14
* TheJulia gets out the cli19:15
opendevreviewJulia Kreger proposed openstack/ironic stable/2026.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646919:23
JayFTheJulia: https://review.opendev.org/c/openstack/ironic/+/996469/1..2 rebase whitespace unintentional?19:24
JayFin ironic.command.status19:24
cardoeI’m coming back.19:24
opendevreviewJulia Kreger proposed openstack/ironic stable/2026.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99646919:25
JayF+219:25
opendevreviewJulia Kreger proposed openstack/ironic bugfix/34.0: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647119:27
opendevreviewJulia Kreger proposed openstack/ironic bugfix/33.0: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647419:27
opendevreviewJulia Kreger proposed openstack/ironic stable/2025.2: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647619:27
JayFTheJulia: ^ that got the same rando whitespace19:28
TheJuliayeah, because of other changes19:28
opendevreviewJulia Kreger proposed openstack/ironic stable/2025.2: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647619:29
JayFI hate when that happens on a back rebase, especially if it's git's auto resolver doing it19:30
opendevreviewJulia Kreger proposed openstack/ironic stable/2025.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647819:37
opendevreviewJulia Kreger proposed openstack/ironic unmaintained/2024.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647919:44
JayFironic.cmd.status got full on >>>>> ====='d19:44
JayF(unresolved patch markers in ^)19:44
TheJulia.... what?!?19:45
* TheJulia blinks19:45
TheJuliabizzar19:45
JayFhttps://www.youtube.com/watch?v=C2cMG33mWVY19:45
opendevreviewJulia Kreger proposed openstack/ironic unmaintained/2024.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99647919:46
TheJuliaokay, that one was me19:46
JayFtyvm19:46
JayFother cores ^ that CVE-2026-44918 chain will need +2s from someone else19:47
opendevreviewMerged openstack/ironic master: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99646119:47
TheJuliawoot19:47
cardoeI gave it a +219:49
cardoeI hate the types19:49
JayFI tossed rechecks on the send_raw patches as needed19:49
opendevreviewJulia Kreger proposed openstack/ironic unmaintained/2023.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99652919:52
TheJuliaJayF: thanks!19:53
JayFTheJulia: I'll note we didn't 2023.1 on the advisory for that. Happy to land it anyway but you might wanna reply to the list and let folks know it exists19:53
* JayF reviews19:54
TheJuliaYeah, I first want to see how that goes against CI19:54
TheJuliaif its good, I'll unwip it and we can do so19:54
JayFack I'll let it sit then :)19:54
TheJulia(save mumesan[m] some headache tomorrow too)19:54
JayFTheJulia: cc clif -- have we ever considered just turning that complexity check off?19:55
JayFTheJulia: I've never once seen someone say "oh no! I better make this less complex!" I only see the number increment19:55
JayFwhich to me indicates it's of incredibly dubious value anyway19:55
clifI generally agree with JayF 19:56
clifwhile less complex is better, sometimes you can't reduce complexity easily19:56
TheJuliaso generally the times where I've had to bump it up, I've often gone back and fixed it19:56
TheJuliabut... patch with a backport series, was just undesirable and I might try to look tomorrow, but the patch logic is... eh19:56
TheJuliaI almost wish we had a "i know, i know, just ignore the complexity in this method" flag19:57
JayFUp to you :) I care minimally, it doesn't seem like a valuable metric19:57
cardoeSolved with more indirection!19:57
TheJuliaIt is situational really and its a guard rail19:57
JayFand I suspect any time spent making number-go-lower instead being pointed at typing, for instance, is a better use19:57
JayFbut IDK19:57
TheJuliaI remember ages ago we used to try and be strict about it too19:57
JayFwe used to be strict about a lot of things lol19:57
TheJulianow, I'm more a "is there more risk here I should be mindful of or not"19:58
TheJuliabut I've done some of that cleanup in the past so *shrug*19:58
clifsomewhat useful as a feedback item/warning, not as valuable as a hard limit imo19:59
TheJulia++19:59
* TheJulia senses migrain meds are in order soon19:59
JayFwhich is basically how we treat it, so 🤷19:59
clifclippy: it looks like you're writing some complex code... are you sure you want to do that? ;)20:00
TheJuliaclif: your supposed to change your nick to clippy first ;)20:00
cliftoo lazy!20:00
JayFhttps://en.wikipedia.org/wiki/Microsoft_Bob I still think if they stuck with the dog from bob20:01
JayFit would've been more successful20:01
JayFclippy was too much of a nerd /s20:01
TheJuliaClippy was also evil.20:03
opendevreviewMerged openstack/ironic master: add a mypy tox environment and CI job  https://review.opendev.org/c/openstack/ironic/+/99619220:11
TheJuliayeah, looks like I'll need to do some additional work on the 2023.1 change20:15
TheJuliaexercise first20:15
opendevreviewJulia Kreger proposed openstack/ironic unmaintained/2023.1: CVE-2026-44918: Prevent rehoming resources to nodes with different owner  https://review.opendev.org/c/openstack/ironic/+/99652921:22
TheJuliaOkay, that should address the non-parent node stuffs and work21:23
* TheJulia crosses fingers21:23
opendevreviewMerged openstack/ironic bugfix/34.0: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647022:26
opendevreviewMerged openstack/ironic bugfix/33.0: security: block vendor.send_raw (CVE-2026-54423)  https://review.opendev.org/c/openstack/ironic/+/99647322:37
opendevreviewGhanshyam Maan proposed openstack/ironic master: Remove setting of oslo_policy[enforce_scope] flag  https://review.opendev.org/c/openstack/ironic/+/99655922:37
TheJuliawe likely need to follow-up on ^^^ with a release note, fwiw22:57
JayFThat was only test changes. But I agree it would be ideal for us to push a release note about the requirements change.23:41

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!