15:00:58 <JayF> #startmeeting ironic
15:00:58 <opendevmeet> Meeting started Mon Feb 27 15:00:58 2023 UTC and is due to finish in 60 minutes.  The chair is JayF. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:58 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:58 <opendevmeet> The meeting name has been set to 'ironic'
15:01:04 <JayF> Who all is around?
15:01:10 <vanou> o/
15:01:12 <matfechner> o/
15:01:18 <TheJulia> o/
15:01:58 <JayF> #topic Announcements/Reminder
15:02:13 <JayF> Tag your patches #ironic-week-prio if they need review... if you want them in Antelope release that should be ~nowish :D
15:02:31 <JayF> Also, if you haven't seen, OIS schedule is out (not forum; just summit). Please check it out
15:02:37 <JayF> #link https://vancouver2023.openinfra.dev/a/schedule
15:02:42 <JayF> any other announcements
15:03:02 <rpittau> o/
15:03:50 <JayF> #note TheJulia had an action to get python-ironic-inspector-client CI happy; how did that go?
15:04:07 <TheJulia> requires a fix to be landed in insepcctor sine it imports the code directly
15:04:08 <TheJulia> one moment
15:04:33 <TheJulia> merged, so upon next inspector release the world should be happier for that job
15:04:40 <TheJulia> zed inspector release to be specific
15:04:41 <JayF> perfect
15:04:49 <JayF> that was the only action item last week, moving on
15:04:51 <TheJulia> err, maybe/maybe not, since it is not constrained
15:05:00 <TheJulia> either way, the patch needed has merged at this point
15:05:11 <JayF> well that fits right into
15:05:15 <JayF> #topic Ironic CI status
15:05:29 <JayF> how are things? any concerning issues seen over the last week
15:05:48 <rpittau> bifrost ci still kaput, fix is under review
15:06:06 <JayF> link?
15:06:20 <rpittau> https://review.opendev.org/c/openstack/bifrost/+/874650
15:06:59 <JayF> that's open here now; I'll have a look post-meeting
15:07:06 <rpittau> failures are inconsistents, so not easy to fixx all of them at the same time
15:07:06 <JayF> CI is V-1 right now on that :(
15:07:10 <rpittau> yeah
15:07:12 <rpittau> going to recheck
15:07:13 <JayF> yeah that's always our battle
15:07:26 <JayF> okay
15:07:34 <JayF> #topic VirtualPDU
15:07:41 <JayF> anything new on getting us access?
15:08:24 <rpittau> well waiting for fungi I guess
15:08:26 * iurygregory is late o/
15:08:40 <rpittau> no answers from cores
15:08:47 <rpittau> so last chance is on opendev team
15:09:06 <JayF> alright; I know they were all offsite last week so hopefully that moves more now
15:09:10 <JayF> are we on a timer for that?
15:09:16 <JayF> do we need to get it flipped before A is cut?
15:09:32 <rpittau> I think we're good if we move things forward this week
15:09:37 <JayF> alright
15:09:46 <JayF> #topic Release countdown: 3 weeks
15:10:03 <JayF> I owe a revision to cycle highlights; https://review.opendev.org/c/openstack/releases/+/874338 -- I'll do that as soon as this meeting is over
15:10:42 <JayF> https://etherpad.opendev.org/p/IronicWorkstreams2023.1 looking at this now for anything we can land before A hits
15:10:55 <JayF> I think we're nearing the point of things being in that are gonna git in, in terms of larger workstreams
15:12:51 <JayF> moving on since there's no further input
15:13:04 <JayF> #topic open discussion
15:13:08 <JayF> vanou: had two items in here
15:13:31 <vanou> Yes.
15:13:53 <vanou> First item is about acceptability of backport patch on iRMC driver (sorry for iRMC driver specific)
15:14:36 <vanou> This backport patch adds logic of logging warning, when it catches incompatible behavior of iRM server firmware
15:15:10 <TheJulia> through use of a verify step yes?
15:15:11 <JayF> Can you link the specific patch for context?
15:15:21 <vanou> Just adds warning, but it adds verify step. So in discussion with TheJulia, we need to ask community if it's backportable
15:15:39 <vanou> Soryy. This one https://review.opendev.org/c/openstack/ironic/+/870880
15:16:06 <vanou> TheJulia: yes
15:16:13 <JayF> Can we be explicit about the behavior if we don't backport this to Zed?
15:16:23 <JayF> On the surface I'm in agreement that it's a little much to backport
15:16:36 <TheJulia> my concern in this case is we're adding basically a feature in the form of a step an operator would need to invoke
15:16:58 <vanou> If we don't backport this, ironic operator lose chanse to notice iRMC incompatible behavior through ironic log
15:17:03 <JayF> Yeah; this change reads more like a feature than a bugfix -- even if it is working around/with new firmware behavior
15:17:38 <JayF> If all we're giving up is an operator getting a logging message; I don't think it should be backported. Instead, could we write a document for how users in these situations can figure out + fix it, outside of Ironic?
15:18:16 <vanou> JayF: notify user with doc is another reasonable option
15:18:31 <JayF> I think that's preferable
15:18:49 <JayF> Is there anyone stable core here who disagrees and wants to fight for #870880?
15:19:25 <TheJulia> I do not disagree, but I'm also the one who sort of forced this discussion to take place
15:19:32 <TheJulia> vanou: thank you for being up very late/very early for this meeting
15:19:34 <JayF> #note https://review.opendev.org/c/openstack/ironic/+/870880 is not permitted to be backported to Zed; instead we will focus on a documentation-based solution for operators in this case.
15:19:50 <JayF> vanou: I think you also had an item up about the vuln management docs I put a review on
15:20:10 <JayF> vanou: looking at your agenda item: to clarify my comments; Ironic can only set policy for Ironic-managed projects in the openstack/ namespace
15:20:14 <vanou> Regarding first item, thanks for feedback :) I'll take that doc way
15:20:25 <JayF> so vendor tools under x/ like x/proliantutils -- we don't have the authority to set policy for these
15:20:37 <JayF> one question I've had: why don't we just follow OpenStack VMT standard?
15:20:43 <JayF> is there a historical reason we're not/
15:22:38 <vanou> I felt the need the recommended way to handle vendor library, if that vul is also affect ironic code.
15:23:30 <TheJulia> JayF: so historical reason I believe was a lack of capacity, but it goes back to the days of Aeva
15:24:01 <TheJulia> and I think in part it is because of the duality nature at play with things like x/proliantutils being totally out side of our control and we just consume it
15:24:13 <JayF> Do we have any ironic contributors who'd oppose me syncing up with security group in OpenStack to get us in the VMT?
15:24:26 <JayF> That will not prevent us from being a 301-redirect for vendor-tools-related security bugs if they come in
15:24:35 <JayF> I suspect we can talk to the folks involved and they'll deal with us reasonably
15:24:47 <JayF> and if not, we would then have a specific reason to be different rather than "we just are" :)
15:24:58 <TheJulia> ++
15:25:09 <vanou> I agree with following OpenStack VMT regarding Ironic specific code problem
15:25:25 <JayF> #action JayF to engage VMT (probably mailing list post) to inquire about getting Ironic in it.
15:26:00 <JayF> vanou: I think for the non-openstack ironic based code issues; we have two potential paths: 1) the vendor that primarily maintains it discovers and issue, fixes it in the library, and discloses it to us so we can bump versions or
15:26:17 <JayF> 2) someone external, who uses Ironic, discovers it and reports it through our systems, and we responsibly pass it on to the vendor
15:26:36 <JayF> both of those things are stuff I would expect/hope would happen just by common sense by folks running things
15:27:13 <vanou> Yes. These 2 are good option regarding vulnerability on vendor library code.
15:27:41 <vanou> But I feel we need another guide if that vulnerability needs fix on both ironic and vendor library
15:28:10 <JayF> In those cases, VMT policy generally allows disclosure to trusted developers/cores needed to fix an issue
15:28:26 <JayF> in the case of those coordinations, I'd expect/hope people to work together without needing a document on exactly how to do it
15:28:30 <JayF> but maybe that's wishful thinking?
15:29:00 <TheJulia> I think the issue is when there is disagreement
15:29:04 <TheJulia> or a difference of view/opinion
15:29:32 <JayF> Disagreement about if something is a bug? Or how to fix it?
15:29:51 <TheJulia> which we've seen recently like with the glance report that has been revised a few times, inherently it is a feature, but the reporter wants it deemed a vulnerability
15:30:36 <TheJulia> so the challenge is who holds the power to say yes or no in the entire sequence of trying to work through a thing.
15:31:09 <JayF> I don't see how that problem exists any more or less in Ironic+vendor tools than it does with OpenStack+any-other-non-openstack-library
15:31:12 <TheJulia> And then codifying such a dynamic in a doc seems to be what is desired, which I think is reasonable, but then not every case is the same...
15:31:48 <JayF> I default to preferring to not document every single case, because each document comes with a maintenance cost
15:31:54 <TheJulia> I guess the challenge is there is nuance in all situations
15:31:55 <JayF> and I don't trust us to do a good job of updating it as things change
15:32:03 <JayF> ++ I do not want to remove any nuance
15:32:29 <JayF> Lets go down the path with the VMT
15:32:33 <JayF> and mention this in the thread
15:32:36 <JayF> and see how it goes
15:32:47 <JayF> the folks who do security in openstack-proper might already have some strategies for managing this kind of problem
15:32:56 <JayF> there's no reason for Ironic to discuss or try to solve it in a vacuum
15:34:02 <vanou> If we don't write guide on ironic+vendor vul, we need written policy on that because reporter don't know how ironic handle this situation.
15:34:27 <vanou> ^ just my comment.
15:34:37 <JayF> I'm saying lets get that question inside the larger conversation aorund Ironic joining VMT
15:34:48 <JayF> It's extremely possible openstack already has a policy that we can point to aorund that
15:34:51 <vanou> Ah. I understand
15:35:20 <JayF> I'll own making that thread on the list today
15:35:35 <JayF> #action JayF to email list about Ironic joining VMT; will be sure to mention potential vendor:Ironic complications
15:35:45 <JayF> Is there any other items we'd like to talk about in open discussion?
15:36:21 <JayF> Oh, I wanted to mention
15:36:33 <JayF> dtantsur found an issue with api-ref, he mentioned it in channel a couple of times
15:36:47 <JayF> well, good job there, the issue was found + is pending review to fix it in the theme for all openstack projects
15:36:51 <dtantsur> a fix has been proposed against openstackdocstheme
15:36:54 <JayF> https://review.opendev.org/c/openstack/openstackdocstheme/+/874957
15:36:57 <JayF> #link https://review.opendev.org/c/openstack/openstackdocstheme/+/874957
15:37:10 <JayF> our api-ref looks infinitely better with the change
15:37:40 <JayF> so thank you dtantsur for not letting that sit \o/
15:37:46 <dtantsur> :)
15:37:56 <JayF> We should probably also mention https://review.opendev.org/c/openstack/releases/+/875396
15:38:05 <JayF> #note dtantsur is no longer going to be an Ironic release liason
15:38:21 <JayF> Thank you for all the things you have done/do/are continuing to do for ironic
15:38:23 <dtantsur> alas! too much stuff on my shoulders already
15:38:27 <JayF> happy to lighten the burden a bit :)
15:38:54 <arne_wiebalck> thanks dtantsur for doing it for so long!
15:39:09 <vanou> thanks dtantsur!
15:39:55 <JayF> Also, I need a volunteer to run the meeting 3/13 (meeting-after-next)
15:40:09 <JayF> I'll be in Southern California presenting at SCALE (with TheJulia)
15:40:12 <iurygregory> o/
15:40:26 <JayF> if anyone is in that area and wants to recieve a high-five and/or have lunch, please reach out
15:40:27 <iurygregory> I can run the meeting
15:40:42 <JayF> #action iurygregory to run the meeting 3/13 (2 weeks from today)
15:40:56 <JayF> Last call for open discussion before I shut it down
15:42:26 <JayF> #endmeeting