15:00:07 <rpittau> #startmeeting ironic 15:00:08 <opendevmeet> Meeting started Mon Jun 21 15:00:07 2021 UTC and is due to finish in 60 minutes. The chair is rpittau. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:08 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:08 <opendevmeet> The meeting name has been set to 'ironic' 15:00:12 <TheJulia> o/ 15:00:18 <erbarr> o/ 15:00:28 <rpioso> \o 15:00:40 <stendulker> o/ 15:00:52 <rpittau> Hello everyone! Welcome to our weekly meeting! 15:00:59 <ajya> o/ 15:01:04 <cenne> o/ 15:01:04 <rpittau> I will be your host today :) 15:01:22 <rpittau> Our agenda can be found on the wiki 15:01:30 <rpittau> #link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting 15:01:37 <iurygregory> o/ 15:01:54 <arne_wiebalck> o/ 15:02:10 <rpittau> I think we have the quorum, so let's move on! 15:02:24 <rpittau> #topic Announcements / Reminders 15:02:29 <rloo> o/ 15:02:50 <JayF> o/ 15:02:55 <rpittau> we don't have any announcement or reminder in the agenda this week 15:03:11 <rpittau> Anyone has anything to announce today? 15:03:43 <TheJulia> I've got nothing 15:04:03 <rpittau> yep, doesn't look like we have anything 15:04:05 <rpittau> onward! 15:04:12 <rpittau> #topic Review action items from previous meeting 15:04:27 <rpittau> I don't see any action items from last week, so let's move forward 15:04:39 <rpittau> #topic Review subteam status reports 15:04:53 <rpittau> #link https://etherpad.opendev.org/p/IronicWhiteBoard 15:05:00 <rpittau> around L65 15:07:27 <rpittau> docs for anaconda deploy interface have merged \o/ 15:07:36 <TheJulia> \o/ 15:08:00 <TheJulia> I guess that just leaves CI for it 15:08:02 <rpittau> do we want to remove the iscsi removal task? it's completed 15:08:08 <TheJulia> ++ 15:08:30 <rpittau> arne_wiebalck: any update on the node error history ? 15:08:38 <arne_wiebalck> rpittau: nope, sorry 15:08:44 <rpittau> np :) 15:08:47 <TheJulia> I suspect it needs to be rebased at this point 15:09:04 <rpittau> probably 15:09:07 <TheJulia> we've got a few different efforts seeking to make db changes, we should likely sort them out 15:09:33 <rpittau> yes, makes sense 15:10:50 <rpittau> janders: if you see this during your day, any updates on enhancing storage claening (L98) ? 15:11:05 <rpittau> iurygregory: I guess no updates for privsep 15:11:37 <iurygregory> rpittau, yeah, I'm wondering if we talked about it last week ( I was sick on monday) 15:11:44 <rpittau> iurygregory: we didn't 15:13:38 <rpittau> iurygregory: I see the last comment in the patch is from a week ago 15:14:02 <iurygregory> yeah I just saw the comment also 15:14:14 <TheJulia> would discussing it on review jam help things or are things still too early with it? 15:14:20 <rpittau> maybe we can discuss during this week 15:14:24 <iurygregory> but I don't quite understand if we can remove privsep out of the picture to call directly 15:14:43 <rpittau> I don't think we can remove it entirely 15:15:03 <iurygregory> that would probably work re review jam 15:15:26 <TheJulia> iurygregory: maybe add to tomorrow's agenda? 15:15:26 <rpittau> alright 15:15:31 <iurygregory> yup will do 15:15:36 <TheJulia> since your up a little later typically 15:15:42 <TheJulia> s/up/on/ 15:15:48 <rpittau> I'll try to be there as well 15:16:03 <iurygregory> yeah =) 15:16:30 <rpittau> ok, I think we're good with the status update 15:16:32 <rpittau> moving on! 15:16:42 <rpittau> #topic Deciding on priorities for the coming week 15:16:54 <rpittau> #link https://tinyurl.com/ironic-weekly-prio-dash 15:17:34 <rpittau> we have a couple of patches in merge conflict in the prios 15:17:52 <TheJulia> I'll revise the db stack this morning 15:18:06 <TheJulia> was waiting until after meetings for a clear mind 15:18:14 <rpittau> yep 15:18:23 <rpittau> I added this https://review.opendev.org/c/openstack/ironic/+/796879 15:18:45 <TheJulia> ack 15:18:46 <TheJulia> sounds good to me 15:19:01 <TheJulia> Anything else out there, new patches on sushy? ironic-lib? ipa? 15:19:20 <rpittau> does anyone has anything to add to the priorities for this week ? 15:19:37 <arne_wiebalck> two small ones: 15:19:49 <arne_wiebalck> https://review.opendev.org/c/openstack/ironic-python-agent/+/796045 15:20:07 <arne_wiebalck> https://review.opendev.org/c/openstack/ironic-python-agent/+/796882 15:20:13 <iurygregory> sounds good to me 15:20:22 <rpittau> arne_wiebalck: feel free to add the ironic-week-prio tag :) 15:20:39 <TheJulia> added 15:20:59 <rpittau> thanks 15:21:06 <arne_wiebalck> thanks 15:21:44 <rpittau> alright, looks good 15:21:48 <rpittau> onward! 15:21:56 <rpittau> #topic Discussion 15:22:12 <rpittau> TheJulia: I see you have 2 topics to discuss :) 15:22:16 <TheJulia> Yes! 15:22:23 <TheJulia> The first item is in regards to Secure RBAC 15:23:30 <rpittau> reading 15:23:39 <TheJulia> Specifically, in order to have the tempest suite be able to test aspects, we need to toggle permissions. An enforce scope option can be added, but the question kind of if we want to go beyond the minimal and have specific tests or not. I anticipate we may end up having to update all of the tests, eventually 15:23:46 <TheJulia> but we're just not there yet as a community. 15:23:54 <rpittau> so that means having the same job with different permissions? 15:24:06 <TheJulia> So I guess the question for discussion is how far do we want to go 15:24:22 <TheJulia> So basically, today jobs get a project admin's permissions. Thats fine for some things, but not all things. 15:25:03 <TheJulia> When we go to remove legacy policies, it is going to break some of the existing jobs, so the question comes down to do we duplicate those jobs now, or just make it so they are togglable 15:25:44 <JayF> I'm not sure I fully undesrtand what you mean by toggleable 15:25:49 <rpittau> ok, so in the long run we won't actually ahve duplicates 15:25:58 <iurygregory> duplicate jobs doesn't sound like a good plan 15:26:08 <TheJulia> Dupes has led us down a path of insanity 15:26:17 <rpittau> well... yeah 15:26:35 <TheJulia> JayF: basically, switch saying "Jobs run with scope restrictions, so the internal baremetal client gets system admin privs instead 15:26:38 <TheJulia> " 15:26:54 <TheJulia> That is kind of the idea being floated in nova as well 15:27:01 <JayF> I have no opinion as long as we test both scenarios appropriately... it's not OK for our tempest tests to not exercise RBAC 15:27:07 <rloo> so we want the tests to continue to pass (we aren't testing rbac working or not) 15:27:14 <rloo> oh, jay disagrees. 15:27:56 <JayF> If it doesn't run in the gate, it's going to be broken, just a matter of when :) I think TheJulia is onboard with that, it's just a question of implementation IAUI 15:27:59 <TheJulia> so, it is different user rights that we need to account for, it is not about if we we exercise rbac or not 15:28:00 <rpittau> I tend to agree with JayF on this 15:28:13 <rloo> i agree with TheJulia :D 15:28:36 <rpittau> we have a standoff! 15:28:38 <JayF> The person actually doing the vote gets a couple dozen extra votes as far as I'm concerned 15:28:38 <TheJulia> JayF: I am, and I'm trying to figure out how much pain I'm in for :) 15:28:44 <TheJulia> rpittau: I think we're just using different words 15:28:46 <JayF> s/vote/work/ 15:28:57 <rloo> also, if we want to test rbac outside of unit tests, maybe add the 'negative' tests for rbac. those should fail really quickly. (or succeed if the test is that they fail. if you know what i mean.)( 15:29:18 <TheJulia> rloo: yeah, that is a whole other thing that I'm hoping appears soon() 15:29:40 <TheJulia> I *think* some of the contractual tests can handle that cleanly with the current state of the plugin 15:29:43 <rloo> maybe a concrete example. pick a test that will need to be 'toggled' or whatever, to run. 15:29:57 <TheJulia> Just they won't pass on older versions but we added an API flag to identify when the capability was introduced 15:30:49 <TheJulia> I think if we could run just basic baremetal ops in either mode, it would have us mostly covered until we move to rip out the older policies 15:31:25 <TheJulia> actually, we have an indicator, we *could* just make the jobs figure it out 15:32:01 <TheJulia> at the same time, doing that also means we're going to not be testing one until we rip the old policies out 15:32:04 <TheJulia> which is a bad idea 15:32:34 <TheJulia> I guess duplicate scenario jobs is kind of the way to go, or at least one? 15:32:37 <rpittau> so we should test old AND new until we remove the old policies 15:32:59 <TheJulia> agreed 15:33:05 <rpittau> not sure we can avoid duplicates fi we want to do this then :/ 15:33:07 <TheJulia> Okay, I think I have what I need to orient on that 15:33:44 <TheJulia> Second topic was a question if we wanted to move the EU friendly review jam to Tuesday at the same time instead of before the weekly project meeting. 15:33:47 <TheJulia> Any objections? 15:34:01 <TheJulia> This would put both review jams on Tuesdays 15:34:05 <iurygregory> +1 from me 15:34:06 <rpittau> it's good for me, fewer conflicts with downstream stuff 15:35:06 <TheJulia> Okay, then lazy consensus seems to go with that 15:35:09 <rpittau> let's give that a try 15:35:31 <TheJulia> Starting next week :) 15:35:43 <rpittau> I'll be out lol 15:35:55 <TheJulia> #agreed Moving EU review jam to Tuesday starting next week. 15:36:01 <rpittau> thanks! 15:36:22 <rpittau> we don't have other planned discussions for today 15:36:28 <rpittau> let's move on 15:36:36 <rpittau> #topic Baremetal SIG 15:36:45 <rpittau> #link https://etherpad.opendev.org/p/bare-metal-sig 15:37:06 <arne_wiebalck> Next meeting on July 13th, planned: an intro to bifrost from TheJulia 15:37:14 <rpittau> sounds great :) 15:37:20 <arne_wiebalck> it does :) 15:37:47 <arne_wiebalck> If you have suggestions for further topics, let me know. 15:37:51 <TheJulia> what time was that 15:37:51 <arne_wiebalck> I think that is it. 15:37:55 <cenne> woo ! 15:37:57 <arne_wiebalck> 2pm UTC 15:38:17 <ajya> re EU friendly time - it would conflict with this SIG once a month 15:38:20 <rpittau> and that conflicts with the review jam! We found a bug :P 15:38:22 <ajya> skip those weeks? 15:38:26 <TheJulia> 7am local. \o/ 15:38:39 <TheJulia> ajya: ugh, yeah, it would :\ 15:38:53 <TheJulia> I guess we can skip those weeks. We run another jam 2 hours later which should be fine? 15:38:54 <arne_wiebalck> We can also move the SIG to one hour later if that is too early in general? 15:39:00 <rpittau> or we can have a shorter review jam ? 15:39:08 <TheJulia> Possibly 15:39:20 <TheJulia> I think it is good to give the SIG a little time though 15:39:21 <rpittau> arne_wiebalck: that wouldn't work for me :/ 15:39:30 <arne_wiebalck> rpittau: oh, ok 15:39:35 <TheJulia> I think it just makes sense to skip the EU review jam on mornings where we have the isg 15:39:41 <TheJulia> s/isg/sig/ 15:39:44 <rpittau> ok 15:39:45 <ajya> arne_wiebalck: for me either 15:39:57 * arne_wiebalck will not touch the SIG slot :) 15:40:08 <rpittau> thanks :) 15:40:29 <rpittau> alright, let's move forward 15:40:41 <rpittau> #topic RFE review 15:41:00 <rpittau> I don't see anything planned, but in case someone has an RFE to discuss ? 15:41:33 <rpittau> it's not the case it seems 15:41:40 <rpittau> #topic Open discussion 15:41:54 <ajya> sushy question - run into case where it would be useful to access other resources outside of Links relation, in this case, access TaskService from unrelated resource. Would it be possible to update sushy so that each resource has access to other resources? E.g., having access to their parent resource and walk there till root, etc., or pass reference to root around similar 15:41:57 <ajya> way registries are now passed around (even, replace registries with root). 15:43:35 <TheJulia> would that require loading the other resource? 15:43:45 <TheJulia> I *suspect* it would, how else would you know it is there 15:43:57 <TheJulia> Which I think would lead to performance implications 15:44:20 <ajya> that resource should be already loaded 15:44:41 <ajya> so would need to ensure that it's not creating new instance, just a reference 15:45:03 <TheJulia> I think it would come down to implementation details 15:45:24 <ajya> it's not like loading all possible resources, only the ones already "walked" 15:45:35 <TheJulia> yeah 15:46:30 <TheJulia> If it is not walking things automatically that may not be needed and doesn't explicitly require it to be pre-walked, then I guess it could be okay, but use/access model in terms of implementation details would be key 15:47:18 <ajya> I can propose patch and see how it turns out 15:47:27 <rpittau> it sounds ok in general, maybe add a story in storyboard with some details? 15:47:28 <ajya> if idea generally seems ok 15:47:44 <TheJulia> An example of use would likely help 15:47:49 <rpittau> yep 15:48:05 <ajya> ok 15:48:41 <rpittau> FYI I will be out the entire next week 15:49:04 <iurygregory> enjoy the PTO rpittau =) 15:49:10 <rpittau> thanks! 15:49:20 <rpittau> any more arguments for Open Discussion ? 15:49:51 <rpittau> seems we're good! 15:49:55 <rpittau> last but not least 15:50:03 <rpittau> #topic Who is going to run the next meeting? 15:50:36 <rpittau> any volunteer? :) 15:52:32 <rpittau> I would do it again, but I'm on PTO :/ 15:52:42 <iurygregory> I can 15:52:51 <rpittau> iurygregory: thanks! 15:52:55 <iurygregory> np 15:53:19 <rpittau> alright folks, that's all, have a great week! 15:53:29 <rpittau> #endmeeting