| openstackgerrit | Ian Wienand proposed openstack/diskimage-builder master: Fix DISTRO_NAME in Fedora elements https://review.opendev.org/c/openstack/diskimage-builder/+/791627 | 00:02 |
|---|---|---|
| *** yoctozepto has quit IRC | 00:17 | |
| *** yoctozepto has joined #openstack-dib | 00:17 | |
| *** dhill has joined #openstack-dib | 00:23 | |
| openstackgerrit | Merged openstack/diskimage-builder master: Add fedora-containerfile element https://review.opendev.org/c/openstack/diskimage-builder/+/790365 | 00:52 |
| *** logan- has quit IRC | 06:12 | |
| *** logan- has joined #openstack-dib | 06:15 | |
| *** iurygregory has quit IRC | 07:12 | |
| *** iurygregory has joined #openstack-dib | 07:21 | |
| *** jenxie has joined #openstack-dib | 07:47 | |
| *** dtantsur|afk is now known as dtantsur | 08:09 | |
| *** sam_wan has joined #openstack-dib | 08:18 | |
| *** sam_wan has quit IRC | 11:17 | |
| *** yoctozepto has quit IRC | 11:55 | |
| openstackgerrit | Hitesh Kumar proposed openstack/diskimage-builder master: Migrate from testr to stestr https://review.opendev.org/c/openstack/diskimage-builder/+/789246 | 12:10 |
| openstackgerrit | Merged openstack/diskimage-builder master: Fix DISTRO_NAME in Fedora elements https://review.opendev.org/c/openstack/diskimage-builder/+/791627 | 12:15 |
| *** yoctozepto has joined #openstack-dib | 12:31 | |
| *** sdanni has joined #openstack-dib | 13:43 | |
| sdanni | Hi TheJulia! I submitted the keylime-agent element to DIB weeks beofore. ianw and other reviewers think they don't know keylime and want to get insight from ironic people to decide whether the new element should belong to dib or ipa. According to dtantsur, this element is not specific to ipa so it shouldn't belong to ironic. But reviewers haven't reach an agreement yet. What do you think of it? https://review.opendev.org/ | 16:16 |
| sdanni | c/openstack/diskimage-builder/+/789601. | 16:16 |
| sdanni | https://review.opendev.org/c/openstack/diskimage-builder/+/789601. | 16:17 |
| dtantsur | sdanni: to be clear, I asked rather than claimed on https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/763837 :) | 16:18 |
| sdanni | dtantsur: yes! From my understanding, keylime element can be independent from ipa. | 16:24 |
| sdanni | But it does need to communicate with ironic controller to control the attestation | 16:25 |
| dtantsur | the key question is whether someone would use this element with something that is not IPA | 16:26 |
| sdanni | dtantsur: i guess our integration point is ipa but in theory there's no reason that it has to be exclusive to ipa | 16:33 |
| dtantsur | then I'll leave it up to the DIB folks to decide if they're willing to take the element | 16:35 |
| dtantsur | I'm not strictly against hosting it in IPA-builder fwiw | 16:35 |
| *** dtantsur is now known as dtantsur|afk | 16:36 | |
| sdanni | thanks! | 16:36 |
| sdanni | clarkb, ianw: ^ what's your suggestion? | 16:47 |
| TheJulia | o/ sdanni sorry, I've not had a chance. I was away last week. | 17:18 |
| TheJulia | without looking at it, I suspect it should be generally useful to those not running IPA since to run attestation on deployed workload they would either need to install/set it up after the fact or have it in the image. | 17:20 |
| sdanni | yes, I think it should work this way | 17:25 |
| TheJulia | sdanni: so, what is the deal with the emulator? | 17:27 |
| sdanni | TheJulia: we don't have nodes to test with hardware TPM so I use software tpm emulator instead. | 17:29 |
| clarkb | I'll have to defer to ianw on what is maintainable in dib. | 17:29 |
| clarkb | I think the concern on the dib side is we don't have the knowledge or tooling to properly make use of such things so it is likely to bit rot in dib | 17:30 |
| TheJulia | sdanni: Okay, but that should be disjointed from the agent | 17:31 |
| TheJulia | it shouldn't *need* to be inside the running deployed workload | 17:32 |
| sdanni | TheJulia: sure! | 17:36 |
| TheJulia | sdanni: basically, I think the issue at hand is the use cases are not understood by the diskimage-builder reviewers, I'll try to help clarify this with my comments on the change | 17:44 |
| TheJulia | but, commit message + readme should likely represent it these facts so people grok it. | 17:44 |
| sdanni | TheJulia: cool. I'll update the readme file | 17:46 |
| TheJulia | sdanni: wait until I post my comments | 17:50 |
| sdanni | sure! | 17:50 |
| sdanni | TheJulia: thanks for your comments. I'm looking into them now. | 18:12 |
| TheJulia | sdanni: made two more | 18:12 |
| TheJulia | Just thinking from a general case | 18:12 |
| sdanni | alright | 18:16 |
| *** iurygregory has quit IRC | 22:10 | |
| *** iurygregory has joined #openstack-dib | 22:19 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!