15:00:13 <JayF> #startmeeting ironic
15:00:13 <opendevmeet> Meeting started Mon Oct 16 15:00:13 2023 UTC and is due to finish in 60 minutes.  The chair is JayF. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:13 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:13 <opendevmeet> The meeting name has been set to 'ironic'
15:00:15 <iurygregory> o/
15:00:18 <dtantsur> o/
15:00:21 <TheJulia> o/
15:00:40 <JayF> Welcome to the Ironic meeting! A reminder that this meeting is held under the OpenInfra Code of Conduct available at https://openinfra.dev/legal/code-of-conduct.
15:00:47 <JayF> #topic  Announcements / Reminder
15:00:53 <JayF> #info      Standing reminder to review patches tagged ironic-week-prio and to hashtag any patches ready for review with ironic-week-prio: https://tinyurl.com/ironic-weekly-prio-dash
15:01:31 <JayF> #topic Action items from previous meeting
15:01:35 <JayF> I need to carry this over
15:02:00 <JayF> #action JayF to backport ngs_save fix for networking_generic_swtich, cut a bugfix-version (not branch) release of it
15:02:09 <JayF> sorry about that, it fell off my radar
15:02:20 <JayF> #topic Caracal Release schedule
15:02:27 <JayF> #link https://releases.openstack.org/caracal/schedule.html
15:02:34 <JayF> Take note, we have a release schedule.
15:02:39 <JayF> Any related commentary or discussion?
15:03:16 <TheJulia> nothing from me
15:03:27 <rpittau> o/
15:03:33 <JayF> #topic October PTG
15:03:45 <JayF> #info Topics/schedule have been aligned for PTG, please review
15:03:52 <JayF> #link https://etherpad.opendev.org/p/ironic-ptg-october-2023
15:04:08 <JayF> As always, there is some flexibility, please review and make noise if any proposed thing is ahardship.
15:04:17 <JayF> Any related commentary or discussion on PTG?
15:05:01 <TheJulia> nothing on my end
15:05:01 <JayF> moving on.
15:05:05 <JayF> #topic Ironic CI Status
15:05:11 <JayF> Anything of note about Ironic CI?
15:06:04 <TheJulia> Last week the cirros mirror went offline, it was down for ~4-6 hours, I think on Thursday. Rechecks may be needed but I may have already done them on the open changes from that time window
15:06:09 * TheJulia doesn't remember anymore
15:06:39 <JayF> Aight. In general it's the quiet time so  I'm not surprised the only report is a hard-break.
15:06:43 <JayF> #topic RFE Review
15:06:45 <JayF> One topic here
15:06:52 <JayF> #link https://review.opendev.org/c/openstack/ironic-specs/+/896474
15:06:56 <JayF> httpboot support
15:07:02 <JayF> Please take note of the spec and review it
15:07:19 <JayF> I will add it to my queue but probably will not be a +2 on it unless absolutely neccessary due to the lack of personal experience with redfish gear
15:07:22 <TheJulia> If anyone has questions, please feel free to ping me
15:08:04 <TheJulia> Also, FWIW, we have an ilo version which basically does the exact same thing as prior art, it is not mentioned, but it uses the httpboot bmc interface
15:08:15 <JayF> oh, neat
15:08:34 <JayF> I don't have access to ilo hardware for my work, fwiw, either, even though my downstream uses it
15:08:55 <JayF> Thanks for proposing that spec.
15:08:57 <JayF> #topic Open Discussion.
15:09:24 <JayF> I'm going to note, this is a bit of a plug but we've got 50 minutes, I feel OK doing it :P
15:09:37 <JayF> I'll be presenting at SeaGL on Nov 4, on Trust in an Open Source Community https://osem.seagl.org/conferences/seagl2023/program/proposals/984
15:09:52 <JayF> I believe it'll be simulcast or rebroadcast digitally for those not in the area, if you're interested.
15:10:05 <iurygregory> tks for sharing JayF =)
15:10:15 <rpittau> nice
15:11:06 <JayF> Anything else for open discussion?
15:11:14 <TheJulia> Do we have anything we need to discuss in advance of the ptg next week?
15:11:26 <TheJulia> Just thinking, it is next week
15:11:58 <JayF> I was hoping folks would look at the etherpad after the meeting and maybe that would induce conversation as needed
15:12:26 <JayF> you and I went over it sync last week to get it scheduled
15:12:36 <JayF> so I think mostly action lies on others now to do prework :)
15:12:40 <JayF> I have more TC-PTG prework to do, too
15:13:07 <TheJulia> It is also the week before the PTG, most of us need a little mental downtime plus time for administrative tasks
15:13:18 <TheJulia> so, mileage will vary this week.
15:13:18 <JayF> ++
15:13:28 <drannou> I have one if you want: Don't know if you remumber but I ask few weeks ago if you already work on Disk encryption. Seems that it was not the case, so we move on checking how we could integrate SED disks encryption with ironic, barbican etc. We will try to make a POC
15:13:32 <JayF> I personally have had a lot of pulls on that cord as well the last two or three weeks
15:13:37 <TheJulia> dtantsur: so I'm thinking of completely ripping glean out. Any objections?
15:13:54 <dtantsur> It's not enough information for me to object or not :)
15:13:56 <TheJulia> dtantsur: still supporting the case though, just not using external tools/logic to do parsing
15:14:12 <JayF> drannou: so, is there hardware-assistance in the encrpytion or what?
15:14:13 <dtantsur> If you suggest to rewrite it ourselves.. I'll ask WHY
15:14:44 <JayF> drannou: would be interesting to see a writeup -- mailing list or RFE bug is OK if you're not spec-ready yet, about what you have in mind for on disk/orchestration
15:14:49 <TheJulia> dtantsur: eh, we don't need to do *everything* it does, just a small portion of stuff
15:15:00 <TheJulia> for a very short transient time, turns out to be very little code, really
15:15:22 <dtantsur> TheJulia: I think pretty much everything it does is networking.
15:15:39 <JayF> rip out glean in what context?
15:15:43 <TheJulia> networking for long term consumption, we're in a ramdisk :)
15:15:50 <TheJulia> virtual media boot handling/parsing of config-2
15:15:52 <dtantsur> The very goal of supporting several different networking backends is quite hard. Let alone testing that in the CI.
15:15:54 <JayF> ack
15:16:17 <TheJulia> dtantsur: not if we're using the standard interface to make runtime changes
15:16:26 <dtantsur> TheJulia: there are *at least* two of them
15:16:33 <JayF> there's a standard, cross-distro network interface?
15:16:34 <dtantsur> NM and systemd-network
15:16:37 <TheJulia> iproute2 should be available
15:16:44 <JayF> mmm
15:16:55 <JayF> that won't do everything network-data can specify
15:16:58 <JayF> e.g. bonding with vlans
15:17:07 <TheJulia> we don't configure bonding
15:17:13 <drannou> JayF: Yes, Drives like NVME support offloaded encryption: the device itself will manage it, on elec power on the disk is encrypted, waiting for the key. The idea would be to boot on IPA and let the IPA unlock the disk, and soft reboot on the disk
15:17:13 <dtantsur> we can do it
15:17:18 <TheJulia> and vlans was simple
15:17:20 <dtantsur> And using low-level tools behind the NM back is a risky approach
15:17:27 <TheJulia> okay, if someone were to do it manually, yes, they could articulate bonding
15:17:41 <dtantsur> wdym manually? it's a part of network data.
15:18:01 <TheJulia> I'm thinking in the fully integrated case, we bind ports individually afaik
15:18:14 <TheJulia> so manually would be someone populating network_data and have no neutron
15:18:38 <dtantsur> Which is what Steve Hardy is doing with Metal3 nowadays :)
15:18:40 <TheJulia> The alternative is add additional backends to glean so we can test it in CI
15:18:57 <TheJulia> (tinycore)
15:19:14 <dtantsur> Or test with a real IPA image
15:19:25 <TheJulia> can't due to rax
15:19:54 <dtantsur> Can we ask the Infra to not schedule us there? I feel like we're going too far to solve RAX issues already...
15:19:56 <TheJulia> or we rip out the fallback logic and just risk performance being a bigger issue
15:20:11 <JayF> that's what I was about to ask, dtantsur
15:20:19 <clarkb> we have nested virt flavors. They can and do fail we ask people willing to use them to work with the cloud when that happens to figure it out as we are unable to debug for you
15:20:28 <clarkb> they are also in limited clouds so may go away
15:20:31 <clarkb> but haven't yet
15:22:03 <TheJulia> I can always go deal with trying to write a glean backend for tinycore, but.. I dunno since there is fear over nested virt availability. We opt into nested virt where available
15:22:33 <JayF> drannou: as long as there's an open standard for it, I don't see why we'd be in opposition to it. That being said; barbican is not a super active openstack project to be blunt, so that's the only piece that makes me nervous is taking a dep there.
15:22:34 <dtantsur> A glean backend for tinycore is better than rewriting the whole Glean ourselves IMO
15:23:14 <TheJulia> It is not the whole of glean, but if we're super fearful of just making runtime changes, then I can abandon the path I'm on
15:23:22 <drannou> JayF: Yes I completely agree, but we would just use barbican for what it is : a secured key store
15:23:35 <dtantsur> TheJulia: 80% of Glean is already too much Glean :)
15:23:56 <JayF> drannou: if I was implementing it in Ironic; given the standalone-use-cases of Ironic, and especially that it's deployed in e.g. metal3, I'd probably suggest that key store be made into an interface in Ironic so it can be pluggable
15:24:49 <TheJulia> There was work a few years ago to do on-boot encryption and plug that into a remote keystore
15:24:52 <JayF> drannou: but I think it's obvious this is a feature that 'fits' Ironic; just write it up in an RFE and  add it to "RFE Review" on meeting agenda (likely meeting next week is cencelled for PTG)
15:25:03 <TheJulia> .... CoreOS had it turned on for a short while.
15:25:05 <JayF> drannou: if we need more details, at that RFE review we might ask you to write a spec
15:25:11 <JayF> hmm
15:25:12 <TheJulia> I'm trying to remember what it was called
15:25:37 <JayF> I'm going to close the meeting; we've sorta devolved into general chat at this point
15:26:26 <JayF> #endmeeting