#openstack-ironic log

15:00:07 <rpittau> #startmeeting ironic
15:00:08 <opendevmeet> Meeting started Mon Jun 21 15:00:07 2021 UTC and is due to finish in 60 minutes.  The chair is rpittau. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:08 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:08 <opendevmeet> The meeting name has been set to 'ironic'
15:00:12 <TheJulia> o/
15:00:18 <erbarr> o/
15:00:28 <rpioso> \o
15:00:40 <stendulker> o/
15:00:52 <rpittau> Hello everyone! Welcome to our weekly meeting!
15:00:59 <ajya> o/
15:01:04 <cenne> o/
15:01:04 <rpittau> I will be your host today :)
15:01:22 <rpittau> Our agenda can be found on the wiki
15:01:30 <rpittau> #link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting
15:01:37 <iurygregory> o/
15:01:54 <arne_wiebalck> o/
15:02:10 <rpittau> I think we have the quorum, so let's move on!
15:02:24 <rpittau> #topic Announcements / Reminders
15:02:29 <rloo> o/
15:02:50 <JayF> o/
15:02:55 <rpittau> we don't have any announcement or reminder in the agenda this week
15:03:11 <rpittau> Anyone has anything to announce today?
15:03:43 <TheJulia> I've got nothing
15:04:03 <rpittau> yep, doesn't look like we have anything
15:04:05 <rpittau> onward!
15:04:12 <rpittau> #topic Review action items from previous meeting
15:04:27 <rpittau> I don't see any action items from last week, so let's move forward
15:04:39 <rpittau> #topic Review subteam status reports
15:04:53 <rpittau> #link https://etherpad.opendev.org/p/IronicWhiteBoard
15:05:00 <rpittau> around L65
15:07:27 <rpittau> docs for anaconda deploy interface have merged \o/
15:07:36 <TheJulia> \o/
15:08:00 <TheJulia> I guess that just leaves CI for it
15:08:02 <rpittau> do we want to remove the iscsi removal task? it's completed
15:08:08 <TheJulia> ++
15:08:30 <rpittau> arne_wiebalck: any update on the node error history ?
15:08:38 <arne_wiebalck> rpittau: nope, sorry
15:08:44 <rpittau> np :)
15:08:47 <TheJulia> I suspect it needs to be rebased at this point
15:09:04 <rpittau> probably
15:09:07 <TheJulia> we've got a few different efforts seeking to make db changes, we should likely sort them out
15:09:33 <rpittau> yes, makes sense
15:10:50 <rpittau> janders: if you see this during your day, any updates on enhancing storage claening (L98) ?
15:11:05 <rpittau> iurygregory: I guess no updates for privsep
15:11:37 <iurygregory> rpittau, yeah, I'm wondering if we talked about it last week ( I was sick on monday)
15:11:44 <rpittau> iurygregory: we didn't
15:13:38 <rpittau> iurygregory: I see the last comment in the patch is from a week ago
15:14:02 <iurygregory> yeah I just saw the comment also
15:14:14 <TheJulia> would discussing it on review jam help things or are things still too early with it?
15:14:20 <rpittau> maybe we can discuss during this week
15:14:24 <iurygregory> but I don't quite understand if we can remove privsep out of the picture to call directly
15:14:43 <rpittau> I don't think we can remove it entirely
15:15:03 <iurygregory> that would probably work re review jam
15:15:26 <TheJulia> iurygregory: maybe add to tomorrow's agenda?
15:15:26 <rpittau> alright
15:15:31 <iurygregory> yup will do
15:15:36 <TheJulia> since your up a little later typically
15:15:42 <TheJulia> s/up/on/
15:15:48 <rpittau> I'll try to be there as well
15:16:03 <iurygregory> yeah =)
15:16:30 <rpittau> ok, I think we're good with the status update
15:16:32 <rpittau> moving on!
15:16:42 <rpittau> #topic Deciding on priorities for the coming week
15:16:54 <rpittau> #link https://tinyurl.com/ironic-weekly-prio-dash
15:17:34 <rpittau> we have a couple of patches in merge conflict in the prios
15:17:52 <TheJulia> I'll revise the db stack this morning
15:18:06 <TheJulia> was waiting until after meetings for a clear mind
15:18:14 <rpittau> yep
15:18:23 <rpittau> I added this https://review.opendev.org/c/openstack/ironic/+/796879
15:18:45 <TheJulia> ack
15:18:46 <TheJulia> sounds good to me
15:19:01 <TheJulia> Anything else out there, new patches on sushy? ironic-lib? ipa?
15:19:20 <rpittau> does anyone has anything to add to the priorities for this week ?
15:19:37 <arne_wiebalck> two small ones:
15:19:49 <arne_wiebalck> https://review.opendev.org/c/openstack/ironic-python-agent/+/796045
15:20:07 <arne_wiebalck> https://review.opendev.org/c/openstack/ironic-python-agent/+/796882
15:20:13 <iurygregory> sounds good to me
15:20:22 <rpittau> arne_wiebalck: feel free to add the ironic-week-prio tag :)
15:20:39 <TheJulia> added
15:20:59 <rpittau> thanks
15:21:06 <arne_wiebalck> thanks
15:21:44 <rpittau> alright, looks good
15:21:48 <rpittau> onward!
15:21:56 <rpittau> #topic Discussion
15:22:12 <rpittau> TheJulia: I see you have 2 topics to discuss :)
15:22:16 <TheJulia> Yes!
15:22:23 <TheJulia> The first item is in regards to Secure RBAC
15:23:30 <rpittau> reading
15:23:39 <TheJulia> Specifically, in order to have the tempest suite be able to test aspects, we need to toggle permissions. An enforce scope option can be added, but the question kind of if we want to go beyond the minimal and have specific tests or not. I anticipate we may end up having to update all of the tests, eventually
15:23:46 <TheJulia> but we're just not there yet as a community.
15:23:54 <rpittau> so that means having the same job with different permissions?
15:24:06 <TheJulia> So I guess the question for discussion is how far do we want to go
15:24:22 <TheJulia> So basically, today jobs get a project admin's permissions. Thats fine for some things, but not all things.
15:25:03 <TheJulia> When we go to remove legacy policies, it is going to break some of the existing jobs, so the question comes down to do we duplicate those jobs now, or just make it so they are togglable
15:25:44 <JayF> I'm not sure I fully undesrtand what you mean by toggleable
15:25:49 <rpittau> ok, so in the long run we won't actually ahve duplicates
15:25:58 <iurygregory> duplicate jobs doesn't sound like a good plan
15:26:08 <TheJulia> Dupes has led us down a path of insanity
15:26:17 <rpittau> well... yeah
15:26:35 <TheJulia> JayF: basically, switch saying "Jobs run with scope restrictions, so the internal baremetal client gets system admin privs instead
15:26:38 <TheJulia> "
15:26:54 <TheJulia> That is kind of the idea being floated in nova as well
15:27:01 <JayF> I have no opinion as long as we test both scenarios appropriately... it's not OK for our tempest tests to not exercise RBAC
15:27:07 <rloo> so we want the tests to continue to pass (we aren't testing rbac working or not)
15:27:14 <rloo> oh, jay disagrees.
15:27:56 <JayF> If it doesn't run in the gate, it's going to be broken, just a matter of when :) I think TheJulia is onboard with that, it's just a question of implementation IAUI
15:27:59 <TheJulia> so, it is different user rights that we need to account for, it is not about if we we exercise rbac or not
15:28:00 <rpittau> I tend to agree with JayF on this
15:28:13 <rloo> i agree with TheJulia :D
15:28:36 <rpittau> we have a standoff!
15:28:38 <JayF> The person actually doing the vote gets a couple dozen extra votes as far as I'm concerned
15:28:38 <TheJulia> JayF: I am, and I'm trying to figure out how much pain I'm in for :)
15:28:44 <TheJulia> rpittau: I think we're just using different words
15:28:46 <JayF> s/vote/work/
15:28:57 <rloo> also, if we want to test rbac outside of unit tests, maybe add the 'negative' tests for rbac. those should fail really quickly. (or succeed if the test is that they fail. if you know what i mean.)(
15:29:18 <TheJulia> rloo: yeah, that is a whole other thing that I'm hoping appears soon()
15:29:40 <TheJulia> I *think* some of the contractual tests can handle that cleanly with the current state of the plugin
15:29:43 <rloo> maybe a concrete example. pick a test that will need to be 'toggled' or whatever, to run.
15:29:57 <TheJulia> Just they won't pass on older versions but we added an API flag to identify when the capability was introduced
15:30:49 <TheJulia> I think if we could run just basic baremetal ops in either mode, it would have us mostly covered until we move to rip out the older policies
15:31:25 <TheJulia> actually, we have an indicator, we *could* just make the jobs figure it out
15:32:01 <TheJulia> at the same time, doing that also means we're going to not be testing one until we rip the old policies out
15:32:04 <TheJulia> which is a bad idea
15:32:34 <TheJulia> I guess duplicate scenario jobs is kind of the way to go, or at least one?
15:32:37 <rpittau> so we should test old AND new until we remove the old policies
15:32:59 <TheJulia> agreed
15:33:05 <rpittau> not sure we can avoid duplicates fi we want to do this then :/
15:33:07 <TheJulia> Okay, I think I have what I need to orient on that
15:33:44 <TheJulia> Second topic was a question if we wanted to move the EU friendly review jam to Tuesday at the same time instead of before the weekly project meeting.
15:33:47 <TheJulia> Any objections?
15:34:01 <TheJulia> This would put both review jams on Tuesdays
15:34:05 <iurygregory> +1 from me
15:34:06 <rpittau> it's good for me, fewer conflicts with downstream stuff
15:35:06 <TheJulia> Okay, then lazy consensus seems to go with that
15:35:09 <rpittau> let's give that a try
15:35:31 <TheJulia> Starting next week :)
15:35:43 <rpittau> I'll be out lol
15:35:55 <TheJulia> #agreed Moving EU review jam to Tuesday starting next week.
15:36:01 <rpittau> thanks!
15:36:22 <rpittau> we don't have other planned discussions for today
15:36:28 <rpittau> let's move on
15:36:36 <rpittau> #topic Baremetal SIG
15:36:45 <rpittau> #link https://etherpad.opendev.org/p/bare-metal-sig
15:37:06 <arne_wiebalck> Next meeting on July 13th, planned: an intro to bifrost from TheJulia
15:37:14 <rpittau> sounds great :)
15:37:20 <arne_wiebalck> it does :)
15:37:47 <arne_wiebalck> If you have suggestions for further topics, let me know.
15:37:51 <TheJulia> what time was that
15:37:51 <arne_wiebalck> I think that is it.
15:37:55 <cenne> woo !
15:37:57 <arne_wiebalck> 2pm UTC
15:38:17 <ajya> re EU friendly time - it would conflict with this SIG once a month
15:38:20 <rpittau> and that conflicts with the review jam! We found a bug :P
15:38:22 <ajya> skip those weeks?
15:38:26 <TheJulia> 7am local. \o/
15:38:39 <TheJulia> ajya: ugh, yeah, it would :\
15:38:53 <TheJulia> I guess we can skip those weeks. We run another jam 2 hours later which should be fine?
15:38:54 <arne_wiebalck> We can also move the SIG to one hour later if that is too early in general?
15:39:00 <rpittau> or we can have a shorter review jam ?
15:39:08 <TheJulia> Possibly
15:39:20 <TheJulia> I think it is good to give the SIG a little time though
15:39:21 <rpittau> arne_wiebalck: that wouldn't work for me :/
15:39:30 <arne_wiebalck> rpittau: oh, ok
15:39:35 <TheJulia> I think it just makes sense to skip the EU review jam on mornings where we have the isg
15:39:41 <TheJulia> s/isg/sig/
15:39:44 <rpittau> ok
15:39:45 <ajya> arne_wiebalck: for me either
15:39:57 * arne_wiebalck will not touch the SIG slot :)
15:40:08 <rpittau> thanks :)
15:40:29 <rpittau> alright, let's move forward
15:40:41 <rpittau> #topic RFE review
15:41:00 <rpittau> I don't see anything planned, but in case someone has an RFE to discuss ?
15:41:33 <rpittau> it's not the case it seems
15:41:40 <rpittau> #topic Open discussion
15:41:54 <ajya> sushy question - run into case where it would be useful to access other resources outside of Links relation, in this case, access TaskService from unrelated resource. Would it be possible to update sushy so that each resource has access to other resources? E.g., having access to their parent resource and walk there till root, etc., or pass reference to root around similar
15:41:57 <ajya> way registries are now passed around (even, replace registries with root).
15:43:35 <TheJulia> would that require loading the other resource?
15:43:45 <TheJulia> I *suspect* it would, how else would you know it is there
15:43:57 <TheJulia> Which I think would lead to performance implications
15:44:20 <ajya> that resource should be already loaded
15:44:41 <ajya> so would need to ensure that it's not creating new instance, just a reference
15:45:03 <TheJulia> I think it would come down to implementation details
15:45:24 <ajya> it's not like loading all possible resources, only the ones already "walked"
15:45:35 <TheJulia> yeah
15:46:30 <TheJulia> If it is not walking things automatically that may not be needed and doesn't explicitly require it to be pre-walked, then I guess it could be okay, but use/access model in terms of implementation details would be key
15:47:18 <ajya> I can propose patch and see how it turns out
15:47:27 <rpittau> it sounds ok in general, maybe add a story in storyboard with some details?
15:47:28 <ajya> if idea generally seems ok
15:47:44 <TheJulia> An example of use would likely help
15:47:49 <rpittau> yep
15:48:05 <ajya> ok
15:48:41 <rpittau> FYI I will be out the entire next week
15:49:04 <iurygregory> enjoy the PTO rpittau =)
15:49:10 <rpittau> thanks!
15:49:20 <rpittau> any more arguments for Open Discussion ?
15:49:51 <rpittau> seems we're good!
15:49:55 <rpittau> last but not least
15:50:03 <rpittau> #topic Who is going to run the next meeting?
15:50:36 <rpittau> any volunteer? :)
15:52:32 <rpittau> I would do it again, but I'm on PTO :/
15:52:42 <iurygregory> I can
15:52:51 <rpittau> iurygregory: thanks!
15:52:55 <iurygregory> np
15:53:19 <rpittau> alright folks, that's all, have a great week!
15:53:29 <rpittau> #endmeeting