15:00:13 <JayF> #startmeeting ironic 15:00:13 <opendevmeet> Meeting started Mon Oct 16 15:00:13 2023 UTC and is due to finish in 60 minutes. The chair is JayF. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:13 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:13 <opendevmeet> The meeting name has been set to 'ironic' 15:00:15 <iurygregory> o/ 15:00:18 <dtantsur> o/ 15:00:21 <TheJulia> o/ 15:00:40 <JayF> Welcome to the Ironic meeting! A reminder that this meeting is held under the OpenInfra Code of Conduct available at https://openinfra.dev/legal/code-of-conduct. 15:00:47 <JayF> #topic Announcements / Reminder 15:00:53 <JayF> #info Standing reminder to review patches tagged ironic-week-prio and to hashtag any patches ready for review with ironic-week-prio: https://tinyurl.com/ironic-weekly-prio-dash 15:01:31 <JayF> #topic Action items from previous meeting 15:01:35 <JayF> I need to carry this over 15:02:00 <JayF> #action JayF to backport ngs_save fix for networking_generic_swtich, cut a bugfix-version (not branch) release of it 15:02:09 <JayF> sorry about that, it fell off my radar 15:02:20 <JayF> #topic Caracal Release schedule 15:02:27 <JayF> #link https://releases.openstack.org/caracal/schedule.html 15:02:34 <JayF> Take note, we have a release schedule. 15:02:39 <JayF> Any related commentary or discussion? 15:03:16 <TheJulia> nothing from me 15:03:27 <rpittau> o/ 15:03:33 <JayF> #topic October PTG 15:03:45 <JayF> #info Topics/schedule have been aligned for PTG, please review 15:03:52 <JayF> #link https://etherpad.opendev.org/p/ironic-ptg-october-2023 15:04:08 <JayF> As always, there is some flexibility, please review and make noise if any proposed thing is ahardship. 15:04:17 <JayF> Any related commentary or discussion on PTG? 15:05:01 <TheJulia> nothing on my end 15:05:01 <JayF> moving on. 15:05:05 <JayF> #topic Ironic CI Status 15:05:11 <JayF> Anything of note about Ironic CI? 15:06:04 <TheJulia> Last week the cirros mirror went offline, it was down for ~4-6 hours, I think on Thursday. Rechecks may be needed but I may have already done them on the open changes from that time window 15:06:09 * TheJulia doesn't remember anymore 15:06:39 <JayF> Aight. In general it's the quiet time so I'm not surprised the only report is a hard-break. 15:06:43 <JayF> #topic RFE Review 15:06:45 <JayF> One topic here 15:06:52 <JayF> #link https://review.opendev.org/c/openstack/ironic-specs/+/896474 15:06:56 <JayF> httpboot support 15:07:02 <JayF> Please take note of the spec and review it 15:07:19 <JayF> I will add it to my queue but probably will not be a +2 on it unless absolutely neccessary due to the lack of personal experience with redfish gear 15:07:22 <TheJulia> If anyone has questions, please feel free to ping me 15:08:04 <TheJulia> Also, FWIW, we have an ilo version which basically does the exact same thing as prior art, it is not mentioned, but it uses the httpboot bmc interface 15:08:15 <JayF> oh, neat 15:08:34 <JayF> I don't have access to ilo hardware for my work, fwiw, either, even though my downstream uses it 15:08:55 <JayF> Thanks for proposing that spec. 15:08:57 <JayF> #topic Open Discussion. 15:09:24 <JayF> I'm going to note, this is a bit of a plug but we've got 50 minutes, I feel OK doing it :P 15:09:37 <JayF> I'll be presenting at SeaGL on Nov 4, on Trust in an Open Source Community https://osem.seagl.org/conferences/seagl2023/program/proposals/984 15:09:52 <JayF> I believe it'll be simulcast or rebroadcast digitally for those not in the area, if you're interested. 15:10:05 <iurygregory> tks for sharing JayF =) 15:10:15 <rpittau> nice 15:11:06 <JayF> Anything else for open discussion? 15:11:14 <TheJulia> Do we have anything we need to discuss in advance of the ptg next week? 15:11:26 <TheJulia> Just thinking, it is next week 15:11:58 <JayF> I was hoping folks would look at the etherpad after the meeting and maybe that would induce conversation as needed 15:12:26 <JayF> you and I went over it sync last week to get it scheduled 15:12:36 <JayF> so I think mostly action lies on others now to do prework :) 15:12:40 <JayF> I have more TC-PTG prework to do, too 15:13:07 <TheJulia> It is also the week before the PTG, most of us need a little mental downtime plus time for administrative tasks 15:13:18 <TheJulia> so, mileage will vary this week. 15:13:18 <JayF> ++ 15:13:28 <drannou> I have one if you want: Don't know if you remumber but I ask few weeks ago if you already work on Disk encryption. Seems that it was not the case, so we move on checking how we could integrate SED disks encryption with ironic, barbican etc. We will try to make a POC 15:13:32 <JayF> I personally have had a lot of pulls on that cord as well the last two or three weeks 15:13:37 <TheJulia> dtantsur: so I'm thinking of completely ripping glean out. Any objections? 15:13:54 <dtantsur> It's not enough information for me to object or not :) 15:13:56 <TheJulia> dtantsur: still supporting the case though, just not using external tools/logic to do parsing 15:14:12 <JayF> drannou: so, is there hardware-assistance in the encrpytion or what? 15:14:13 <dtantsur> If you suggest to rewrite it ourselves.. I'll ask WHY 15:14:44 <JayF> drannou: would be interesting to see a writeup -- mailing list or RFE bug is OK if you're not spec-ready yet, about what you have in mind for on disk/orchestration 15:14:49 <TheJulia> dtantsur: eh, we don't need to do *everything* it does, just a small portion of stuff 15:15:00 <TheJulia> for a very short transient time, turns out to be very little code, really 15:15:22 <dtantsur> TheJulia: I think pretty much everything it does is networking. 15:15:39 <JayF> rip out glean in what context? 15:15:43 <TheJulia> networking for long term consumption, we're in a ramdisk :) 15:15:50 <TheJulia> virtual media boot handling/parsing of config-2 15:15:52 <dtantsur> The very goal of supporting several different networking backends is quite hard. Let alone testing that in the CI. 15:15:54 <JayF> ack 15:16:17 <TheJulia> dtantsur: not if we're using the standard interface to make runtime changes 15:16:26 <dtantsur> TheJulia: there are *at least* two of them 15:16:33 <JayF> there's a standard, cross-distro network interface? 15:16:34 <dtantsur> NM and systemd-network 15:16:37 <TheJulia> iproute2 should be available 15:16:44 <JayF> mmm 15:16:55 <JayF> that won't do everything network-data can specify 15:16:58 <JayF> e.g. bonding with vlans 15:17:07 <TheJulia> we don't configure bonding 15:17:13 <drannou> JayF: Yes, Drives like NVME support offloaded encryption: the device itself will manage it, on elec power on the disk is encrypted, waiting for the key. The idea would be to boot on IPA and let the IPA unlock the disk, and soft reboot on the disk 15:17:13 <dtantsur> we can do it 15:17:18 <TheJulia> and vlans was simple 15:17:20 <dtantsur> And using low-level tools behind the NM back is a risky approach 15:17:27 <TheJulia> okay, if someone were to do it manually, yes, they could articulate bonding 15:17:41 <dtantsur> wdym manually? it's a part of network data. 15:18:01 <TheJulia> I'm thinking in the fully integrated case, we bind ports individually afaik 15:18:14 <TheJulia> so manually would be someone populating network_data and have no neutron 15:18:38 <dtantsur> Which is what Steve Hardy is doing with Metal3 nowadays :) 15:18:40 <TheJulia> The alternative is add additional backends to glean so we can test it in CI 15:18:57 <TheJulia> (tinycore) 15:19:14 <dtantsur> Or test with a real IPA image 15:19:25 <TheJulia> can't due to rax 15:19:54 <dtantsur> Can we ask the Infra to not schedule us there? I feel like we're going too far to solve RAX issues already... 15:19:56 <TheJulia> or we rip out the fallback logic and just risk performance being a bigger issue 15:20:11 <JayF> that's what I was about to ask, dtantsur 15:20:19 <clarkb> we have nested virt flavors. They can and do fail we ask people willing to use them to work with the cloud when that happens to figure it out as we are unable to debug for you 15:20:28 <clarkb> they are also in limited clouds so may go away 15:20:31 <clarkb> but haven't yet 15:22:03 <TheJulia> I can always go deal with trying to write a glean backend for tinycore, but.. I dunno since there is fear over nested virt availability. We opt into nested virt where available 15:22:33 <JayF> drannou: as long as there's an open standard for it, I don't see why we'd be in opposition to it. That being said; barbican is not a super active openstack project to be blunt, so that's the only piece that makes me nervous is taking a dep there. 15:22:34 <dtantsur> A glean backend for tinycore is better than rewriting the whole Glean ourselves IMO 15:23:14 <TheJulia> It is not the whole of glean, but if we're super fearful of just making runtime changes, then I can abandon the path I'm on 15:23:22 <drannou> JayF: Yes I completely agree, but we would just use barbican for what it is : a secured key store 15:23:35 <dtantsur> TheJulia: 80% of Glean is already too much Glean :) 15:23:56 <JayF> drannou: if I was implementing it in Ironic; given the standalone-use-cases of Ironic, and especially that it's deployed in e.g. metal3, I'd probably suggest that key store be made into an interface in Ironic so it can be pluggable 15:24:49 <TheJulia> There was work a few years ago to do on-boot encryption and plug that into a remote keystore 15:24:52 <JayF> drannou: but I think it's obvious this is a feature that 'fits' Ironic; just write it up in an RFE and add it to "RFE Review" on meeting agenda (likely meeting next week is cencelled for PTG) 15:25:03 <TheJulia> .... CoreOS had it turned on for a short while. 15:25:05 <JayF> drannou: if we need more details, at that RFE review we might ask you to write a spec 15:25:11 <JayF> hmm 15:25:12 <TheJulia> I'm trying to remember what it was called 15:25:37 <JayF> I'm going to close the meeting; we've sorta devolved into general chat at this point 15:26:26 <JayF> #endmeeting