Thursday, 2014-03-13

NobodyCam	lol, theres got to be a better way to get what I want	00:00
NobodyCam	cat $TE_DATAFILE\| jq -r '.nodes[] \| {("mac"): .mac, ("type"): .virt_type} \| tostring ' \| grep $MAC \| jq '.type'	00:00
*** jbjohnso_ has quit IRC		00:07
*** lazy_prince has quit IRC		00:12
*** lazy_prince has joined #openstack-ironic		00:13
*** lazy_prince is now known as killer_prince		00:13
*** rpodolyaka has quit IRC		00:17
*** Lotus907efi is now known as Lotus907efi-		00:23
*** MarkAtwood has quit IRC		00:24
*** matsuhashi has joined #openstack-ironic		00:27
*** rpodolyaka has joined #openstack-ironic		00:27
*** EmilienM has quit IRC		00:30
*** EmilienM has joined #openstack-ironic		00:35
lifeless	NobodyCam: what do you want	00:48
*** JoshNang has quit IRC		00:50
*** JoshNang has joined #openstack-ironic		00:50
*** JayF has quit IRC		00:52
*** JayF has joined #openstack-ironic		00:52
NobodyCam	lifeless: to get per node virsh_type from $TE_DATAFILE only having the mac address	01:06
lifeless	NobodyCam: wait, why?	01:07
NobodyCam	just sitting down for dinner... back in a bit :)	01:08
*** matsuhashi has quit IRC		01:11
*** matsuhashi has joined #openstack-ironic		01:14
NobodyCam	sorry 'bout that lifeless	01:24
NobodyCam	i'm looking at lines 47 thru 50 of https://review.openstack.org/#/c/72969/14/scripts/register-nodes	01:25
*** jbjohnso_ has joined #openstack-ironic		01:26
*** matsuhashi has quit IRC		01:31
*** matsuhashi has joined #openstack-ironic		01:31
lifeless	NobodyCam: ok	01:32
*** matsuhashi has quit IRC		01:32
lifeless	NobodyCam: so that should build on the refactoring arc stevenk is on	01:32
lifeless	NobodyCam: which will make it massively simpler	01:32
NobodyCam	yes, :) that just seeing if I could get it.	01:34
*** matsuhashi has joined #openstack-ironic		01:35
NobodyCam	I was going to at os-apply-config to if I could filter better	01:36
lifeless	NobodyCam: you don't need to start with the mac	01:37
lifeless	NobodyCam: a for loop over the nodes vector is all that you 'll need	01:37
NobodyCam	ya :) I'll push up a new rev in the morning.. :)	01:39
*** jbjohnso_ has quit IRC		01:41
*** blamar has quit IRC		01:41
*** nosnos has joined #openstack-ironic		01:46
openstackgerrit	Jenkins proposed a change to openstack/ironic: Updated from global requirements https://review.openstack.org/79334	01:48
*** max_lobur has quit IRC		01:50
openstackgerrit	Ruby Loo proposed a change to openstack/ironic: Delete node while waiting for deploy https://review.openstack.org/80141	01:52
*** rpodolyaka has quit IRC		01:58
openstackgerrit	yangxurong proposed a change to openstack/ironic: Do not use __builtin__ in python3 https://review.openstack.org/80144	02:00
*** killer_prince is now known as lazy_prince		02:07
*** rpodolyaka has joined #openstack-ironic		02:08
*** rpodolyaka has quit IRC		02:21
*** vkozhukalov has quit IRC		02:25
openstackgerrit	Fengqian Gao proposed a change to openstack/ironic: Use range instead xrange to keep python 3.X compatibility https://review.openstack.org/79875	02:29
*** matsuhashi has quit IRC		02:45
*** matsuhashi has joined #openstack-ironic		02:45
*** killer_p- has joined #openstack-ironic		02:45
*** killer_p- is now known as killer_prince		02:46
*** matsuhashi has quit IRC		02:46
*** matsuhashi has joined #openstack-ironic		02:46
*** matsuhashi has quit IRC		02:47
*** matsuhashi has joined #openstack-ironic		02:47
*** matsuhashi has quit IRC		02:48
*** lazy_prince has quit IRC		02:48
*** matsuhashi has joined #openstack-ironic		02:49
*** matsuhashi has quit IRC		02:49
*** matsuhashi has joined #openstack-ironic		02:50
*** rpodolyaka has joined #openstack-ironic		02:53
*** rloo has quit IRC		02:53
*** rpodolyaka has quit IRC		02:54
*** rpodolyaka has joined #openstack-ironic		02:54
openstackgerrit	yangxurong proposed a change to openstack/ironic: Do not use __builtin__ in python3 https://review.openstack.org/80144	03:34
*** matsuhashi has quit IRC		03:49
*** vkozhukalov has joined #openstack-ironic		03:51
*** rpodolyaka has quit IRC		03:51
*** harlowja is now known as harlowja_away		04:20
*** rpodolyaka has joined #openstack-ironic		04:22
*** harlowja_away is now known as harlowja		04:24
*** eghobo has joined #openstack-ironic		04:26
*** matsuhashi has joined #openstack-ironic		04:47
*** lazy_prince has joined #openstack-ironic		04:49
*** blamar has joined #openstack-ironic		05:15
*** blamar has quit IRC		05:19
*** blamar has joined #openstack-ironic		05:20
*** mrda is now known as mrda_away		05:36
*** harlowja is now known as harlowja_away		05:53
*** blamar has quit IRC		06:00
*** blamar has joined #openstack-ironic		06:01
*** killer_prince has quit IRC		06:05
openstackgerrit	Jenkins proposed a change to openstack/ironic: Imported Translations from Transifex https://review.openstack.org/78862	06:07
openstackgerrit	Russell Haering proposed a change to openstack/ironic: Expose API for fetching a single driver https://review.openstack.org/80187	06:39
*** pradipta_away is now known as pradipta		06:41
*** eghobo has quit IRC		06:41
*** killer_prince has joined #openstack-ironic		06:46
openstackgerrit	Russell Haering proposed a change to openstack/ironic: Expose API for fetching a single driver https://review.openstack.org/80187	07:00
*** killer_prince has quit IRC		07:05
*** rpodolyaka has quit IRC		07:12
*** vkozhukalov has quit IRC		07:16
*** loki_ has joined #openstack-ironic		07:18
*** max_lobur has joined #openstack-ironic		07:31
*** matsuhashi has quit IRC		07:32
*** matsuhashi has joined #openstack-ironic		07:32
*** nosnos has quit IRC		07:32
*** nosnos_ has joined #openstack-ironic		07:32
*** linuxgeek has joined #openstack-ironic		07:39
*** linuxgeek has quit IRC		07:40
*** killer_p- has joined #openstack-ironic		07:42
*** killer_p- is now known as killer_prince		07:42
GheRivero	morning all	07:47
lifeless	o/	08:03
*** saju_m has joined #openstack-ironic		08:12
*** jistr has joined #openstack-ironic		08:21
*** yuriyz has joined #openstack-ironic		08:42
openstackgerrit	Ghe Rivero proposed a change to openstack/ironic: Fix misspelled impi to ipmi https://review.openstack.org/80216	08:56
*** derekh has joined #openstack-ironic		09:00
*** matsuhashi has quit IRC		09:07
*** romcheg has joined #openstack-ironic		09:07
*** athomas has joined #openstack-ironic		09:08
*** nosnos has joined #openstack-ironic		09:11
*** nosnos_ has quit IRC		09:11
*** jrist has quit IRC		09:11
*** matsuhashi has joined #openstack-ironic		09:12
*** lucasagomes has joined #openstack-ironic		09:24
*** jrist has joined #openstack-ironic		09:24
openstackgerrit	Ghe Rivero proposed a change to openstack/ironic: SeaMicro use device parameter for set_boot_device https://review.openstack.org/80221	09:30
*** martyntaylor has joined #openstack-ironic		09:34
*** matsuhashi has quit IRC		09:44
*** matsuhashi has joined #openstack-ironic		09:47
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Make the Nova Ironic driver to wait for ACTIVE https://review.openstack.org/79906	09:48
*** tatyana has joined #openstack-ironic		09:50
*** max_lobur has quit IRC		09:50
*** ndipanov_gone is now known as ndipanov		09:51
*** killer_p- has joined #openstack-ironic		09:58
*** killer_prince has quit IRC		09:59
*** killer_p- is now known as killer_prince		09:59
*** athomas has quit IRC		10:03
*** killer_prince has quit IRC		10:03
*** killer_p- has joined #openstack-ironic		10:04
*** killer_p- is now known as killer_prince		10:04
*** athomas has joined #openstack-ironic		10:11
mdurnosvistov	Morning all :)	10:12
yuriyz	morning Ironic	10:12
*** blamar has quit IRC		10:24
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Make the Nova Ironic driver to wait for ACTIVE https://review.openstack.org/79906	10:34
lucasagomes	yuriyz, morning	11:00
lucasagomes	yuriyz, r u going to update 68697?	11:00
*** matsuhashi has quit IRC		11:11
*** matsuhashi has joined #openstack-ironic		11:12
*** max_lobur has joined #openstack-ironic		11:20
yuriyz	morning lucasagomes, plan to update today	11:21
*** pradipta is now known as pradipta_away		11:25
openstackgerrit	A change was merged to openstack/ironic: Set the database.connection option default value https://review.openstack.org/80003	11:32
*** jgrimm has joined #openstack-ironic		11:39
openstackgerrit	Ghe Rivero proposed a change to openstack/ironic: SeaMicro use device parameter for set_boot_device https://review.openstack.org/80221	11:41
*** lazy_prince has quit IRC		11:45
*** loki_ has quit IRC		11:46
openstackgerrit	Yuriy Zveryanskyy proposed a change to openstack/ironic: Check BMC availability in ipmitool 'validate' method https://review.openstack.org/68697	11:52
*** matsuhashi has quit IRC		12:11
*** matsuhashi has joined #openstack-ironic		12:12
*** romcheg has quit IRC		12:14
*** nosnos has quit IRC		12:15
Shrews	good morning ironic	12:15
*** matsuhashi has quit IRC		12:16
agordeev	Shrews: morning!	12:17
Shrews	agordeev: hi! i was able to successfully connect to devstack vm's yesterday! it was a tftp problem	12:18
agordeev	Shrews: great, i'd read the backlog. It's still possible to use atftpd. Actually the problem is in deploy-agent script, but it's possible to work around it on tftp side.	12:20
Shrews	agordeev: yes. i got it to work with a simple symlink in $IRONIC_TFTPBOOT_DIR/tftpboot	12:21
Shrews	but adam_g's patch makes devstack align more closely with tripleo testing	12:22
agordeev	more terrible thing is that i've already fixed it in my GH repo. About month ago, and totally forgot to file bug/publish comment/etc	12:23
Shrews	lol! we wondered why it was working for you :)	12:23
agordeev	https://github.com/ninja-cat/diskimage-builder/commit/fe16251f4419c0d5d2e12bbd79f36db3edfe52f7 due to that, my deploy-agent works successfully.	12:23
dtantsur	ifarkas, hi. Did you try making notes on running devstack+ironic on Fedora? It looks like a lot of differences with Ubuntu..	12:24
agordeev	Shrews: also devstack can be fixed without switching to tftpd-hpa. Just with 3 additional lines	12:25
*** matsuhashi has joined #openstack-ironic		12:26
ifarkas	dtantsur, hey. I had no trouble running devstack with ironic on fedora. do you want to setup ironic with the nova driver?	12:26
dtantsur	ifarkas, I'm not sure, just following https://etherpad.openstack.org/p/IronicAndDevstackAgain	12:27
dtantsur	ifarkas, I wonder how you could experience no problems with ssh opening 2222 port... did you use setenforce 0?	12:27
agordeev	Shrews: http://paste.openstack.org/show/73375/ something like that.	12:27
ifarkas	dtantsur, right. so that etherpad is specifically testing the CI patch, which sets up devstack with the nova driver	12:27
ifarkas	dtantsur, you might rather want to use this one: https://wiki.openstack.org/wiki/Ironic/Devstack	12:28
dtantsur	ifarkas, from what I already encountered: no libvirtd group under F20, SELinux prevents access to 2222 port by SSH, now SSH started, but I cannot log into it using ironic key	12:29
dtantsur	ifarkas, is https://wiki.openstack.org/wiki/Ironic/Devstack different with respect to all these?	12:29
Shrews	agordeev: i did it with one line, though it is a hack: http://paste.openstack.org/show/73376/ :)	12:29
ifarkas	dtantsur, yes, the latter guide works for me on Fedora too	12:30
dtantsur	ifarkas, ok, thanks	12:30
ifarkas	dtantsur, I am not sure if the CI patch is supposed to work on Fedora. If yes, it might worth reporting the issues	12:31
ifarkas	dtantsur, looking at the patch, there are certain parts which are not specific to the CI, so I would suggest to report the issues on the patch	12:40
lucasagomes	yuriyz, ack thanks :)	12:40
*** lucasagomes is now known as lucas-hungry		12:40
*** linggao has joined #openstack-ironic		12:53
*** rloo has joined #openstack-ironic		12:54
*** rloo has quit IRC		13:00
*** rloo has joined #openstack-ironic		13:00
*** rloo has quit IRC		13:02
*** romcheg has joined #openstack-ironic		13:02
*** rloo has joined #openstack-ironic		13:03
*** rloo has quit IRC		13:03
*** toure has quit IRC		13:03
*** rloo has joined #openstack-ironic		13:04
*** rloo has quit IRC		13:09
*** rloo has joined #openstack-ironic		13:09
*** rloo has quit IRC		13:09
*** rloo has joined #openstack-ironic		13:10
*** matty_dubs\|gone is now known as matty_dubs		13:12
*** rloo has quit IRC		13:13
*** rloo has joined #openstack-ironic		13:13
*** mdurnosvistov has quit IRC		13:22
*** jdob has joined #openstack-ironic		13:26
*** yuriyz has quit IRC		13:41
*** matsuhashi has quit IRC		13:42
*** mdurnosvistov has joined #openstack-ironic		13:54
devananda	morning, all	13:57
devananda	agordeev: hi! just read scrollback -- has that /tftpboot fix been applied to the devstack patch?	13:59
devananda	ifarkas: the CI/devstack patch should work on both fedora & ubutu. where it doesn't, it should be fixed :)	14:00
*** jbjohnso_ has joined #openstack-ironic		14:01
ifarkas	devananda, good to know, thanks!	14:02
ifarkas	devananda, and good morning! :-)	14:02
agordeev	devananda: hi! yup, it was applied by Adam	14:03
ifarkas	dtantsur, ^	14:03
devananda	fwiw, I just added a note at the top of https://wiki.openstack.org/wiki/Ironic/Devstack	14:03
dtantsur	devananda, I've reported a couple of issues, but honestly I gave up in the middle trying to fight ssh	14:04
devananda	dtantsur: were you trying based on the devstack patch (https://review.openstack.org/#/c/70348/) or ..?	14:05
agordeev	dtantsur: what's the problem with ssh? could it be default firewall setting?	14:06
dtantsur	devananda, yes, patchset 22 using https://etherpad.openstack.org/p/IronicAndDevstackAgain	14:06
dtantsur	agordeev, SELinux first, then - don't know. I can start from scratch, capturing everything that does not work	14:06
dtantsur	agordeev, ssh is only allowed to use 22 by default	14:06
dtantsur	agordeev, you need like semanage port -a -t ssh_port_t -p tcp 2222 (not sure about correctness, need to check)	14:07
agordeev	devananda: on what fedora version should CI/devstack work?	14:08
devananda	dtantsur: a few google searches suggest that devstack in general doesn't work with selinux	14:09
devananda	dtantsur: not that google search results are authoritative, but ... http://devstack.org/faq.html	14:09
rloo	devananda: when doing tear-down, is that 'unprovisioning' or 'deprovisioning'?	14:11
dtantsur	devananda, honestly, I can't figure out what they mean in this FAQ: do ther support SEL or not; anyway, the remaining devstack seems to work _somehow_ with SEL	14:11
devananda	rloo: neither word is in miriam-webster	14:12
devananda	*merriam-webster	14:12
rloo	devananda: what about oxford? :-) So when we use the term 'provisioning' does that include deleting/tear-down? I don't think so.	14:13
rloo	devananda: https://review.openstack.org/#/c/80141/1/ironic/api/controllers/v1/node.py	14:14
rloo	devananda: yuriy pointed out that we're using 'Node.. already being provisioned', even if the instance is being deleted	14:15
agordeev	rloo: FYI, teeth-agent (python deploy agent) uses 'decomissioning' word	14:15
devananda	agordeev, dtantsur: re: what RH dist to target, CentOS 6.5	14:16
rloo	agordeev: I hope they didn't misspell it. 'decommissioning' ;)	14:16
dtantsur	devananda, so no Fedora here?	14:17
agordeev	rloo: ah, yeah, it's just me. 'decommissioning' to be exact	14:17
devananda	dtantsur: i'm sure there are folks who use fedora (and plenty of other versions of things)	14:17
devananda	dtantsur: but my priority is seeing devstack support for Ironic added to the openstack CI system	14:18
devananda	dtantsur: which uses ubuntu 12.04 and centos 6.5	14:18
dtantsur	devananda, ok then, may I still report issues with Fedora as I find them?	14:18
devananda	dtantsur: absolutely :)	14:18
devananda	dtantsur: feel free to fix them too, if you're so inclined ;)	14:18
dtantsur	devananda, btw, doesn't centos have selinux as well?	14:19
devananda	dtantsur: fwiw, though, it's really more helpful to the project right now if we are all focusing on the same goals (namely, getting CI into the gate and pivoting TripleO)	14:21
devananda	dtantsur: fwiw, based on a conversation in -infra jsut now, it looks like fedora isn't even properly supported by devstack -at all-	14:21
devananda	dtantsur: folks are working on support for F20 .. but it's not complete	14:21
dtantsur	devananda, in fact, I'm new to Ironic and just trying to find some place here :) And as I'm @redhat.com I started with Fedroa by default :)	14:22
devananda	dtantsur: lucas-hungry may have some advice as to what to use, as he's also @RH	14:22
*** saju_m has quit IRC		14:22
devananda	IIRC, tripleo supports fedora, but IMBW	14:23
*** lucas-hungry is now known as lucasagomes		14:24
lucasagomes	devananda, dtantsur morning	14:24
dtantsur	lucasagomes, hi	14:24
lucasagomes	dtantsur, yeah selinux is a bit problematic	14:24
lucasagomes	dtantsur, I disable it for now (tripleo set it to permissive, they have an element for that)	14:24
NobodyCam	Good Morning Ironic	14:25
devananda	mornin!	14:25
NobodyCam	:)	14:25
agordeev	NobodyCam: morning	14:26
dtantsur	lucasagomes, did you try the patch in question with Fedora? Or what do you use for development?	14:26
NobodyCam	morning agordeev :)	14:27
lucasagomes	dtantsur, nop I haven't tried on fedora because as infra is going to use ubuntu precise I think the focus was to get it working on precise first	14:27
lucasagomes	dtantsur, but my dev env for all the rest is fedora based	14:27
openstackgerrit	Yuriy Zveryanskyy proposed a change to openstack/ironic: Fix 'spacing' parameters for periodic tasks https://review.openstack.org/80300	14:29
dtantsur	agordeev, devananda will it be possible to at least ensure SELinux is in permissive mode (also helpful for centos) and install missing packages? That should not take long, but will be a great step towards fedora	14:29
lucasagomes	dtantsur, +1	14:31
*** ndipanov has quit IRC		14:32
dtantsur	agordeev, apart from syslinux you may also want to install libvirt	14:33
*** ndipanov has joined #openstack-ironic		14:34
GheRivero	morning all	14:38
agordeev	GheRivero: morning	14:38
openstackgerrit	Ruby Loo proposed a change to openstack/ironic: Delete node while waiting for deploy https://review.openstack.org/80141	14:38
NobodyCam	dtantsur: I beleieve TripleO has RH/Fedora elements that set permissive mode for SELinux	14:38
lucasagomes	dtantsur, yeah there's things like PATHs as well, the pxelinux.0 is in a diff path	14:39
NobodyCam	morning GheRivero :)	14:39
lucasagomes	on ubuntu and fedora	14:39
dtantsur	lucasagomes, I think it found a correct path after installing syslinux for me	14:40
lucasagomes	right, ok	14:40
NobodyCam	brb... quick morning walkies :)	14:40
agordeev	dtantsur: k. could you please collect all issues you faced into one place? etherpad or just making inline comments for patch. That would be very helpful, thanks in advance!	14:47
dtantsur	agordeev, sure, I'm now starting from scratch so that I don't forget anything	14:48
rloo	GheRivero: funny to see you -1 your patch https://review.openstack.org/#/c/79892/	14:49
GheRivero	:)	14:52
lucasagomes	yuriyz: hey I just -2 ur patch fixing the periodic parameters for the periodic tasks, I don't think that's the correct way to fix the problem I left a comment with some suggestion that I think that would be a better way to fix that	15:10
lucasagomes	yuriyz: I'm open for discussion as well, thanks for the patch anyway	15:10
lucasagomes	devananda: ^ can u take a quick look and see if u agree w/ me or not? https://review.openstack.org/#/c/80300/	15:10
dtantsur	Maybe stupid question, but still: while using Fedora, do I need to change BM_DEPLOY_FLAVOR="-a amd64 ubuntu deploy-ironic" (from localrc template)?	15:11
* devananda looks		15:12
NobodyCam	dtantsur: I dont think ubuntu is correct, I'd bet on s/ubuntu/fedora/	15:12
Shrews	dtantsur: yes. just change "ubuntu" to "fedora"	15:12
devananda	dtantsur: well. it should be fine as ubuntu, i think	15:13
lucasagomes	what does BM_DEPLOY_FLAVOR does? create the image that it's going to boot? and the deploy ramdisk?	15:13
devananda	that creates the deploy ramdisk	15:13
lucasagomes	if so it might be fine to be ubuntu... but if u want to have a full fedora stack	15:13
devananda	not the user image	15:13
lucasagomes	u might want to change that to fedora	15:13
devananda	and I think DIB can cross-distro-build	15:13
lucasagomes	devananda, yeah it can	15:13
devananda	but changing to fedora wouldn't hurt :)	15:14
Shrews	"fedora" didn't work for me on "ubunut"	15:14
Shrews	ubuntu, even	15:14
lucasagomes	Shrews, didn't work to create a fedora image on a ubuntu hot?	15:14
lucasagomes	host*	15:14
openstackgerrit	Russell Haering proposed a change to openstack/ironic: Expose API for fetching a single driver https://review.openstack.org/80187	15:14
lucasagomes	or the image didn't work?	15:14
Shrews	creating the image	15:15
Shrews	iirc	15:15
devananda	what's the flag to DIB to tell it not to rebuild images?	15:15
NobodyCam	-c i think	15:16
dtantsur	Shrews, do you remember, was it that devstack is unable to build fedora image or it was due to fedora-ubuntu interop?	15:16
Shrews	dtantsur: i don't recall	15:16
devananda	NobodyCam: hah! you tricked me	15:16
devananda	NobodyCam: -c -- clear environment before starting work	15:16
lucasagomes	Shrews, right it might be a bug in dib then, cause dib customize an image, it downloads it and chroot into it to do the work	15:17
NobodyCam	ahhh	15:17
devananda	hmm. so there is --offline now, which doesn't download new image, but I don't see an option to not _build_ an image if one already exists	15:17
NobodyCam	I'm sorry :(	15:18
lucasagomes	should work with cross-distros	15:18
*** rpodolyaka has joined #openstack-ironic		15:18
devananda	agordeev: within the devstack patch, when building the ramdisk, we should include --offline if $OFFLINE is true	15:19
devananda	there's one other option i'm still trying t ofind	15:20
NobodyCam	ahh -c is for boot-seed-vm script	15:20
NobodyCam	sorry 'bout that devananda :-p	15:21
devananda	gotta love consistency :)	15:21
lucasagomes	:P	15:21
NobodyCam	something about many chefs one kitchen	15:21
devananda	lucasagomes: so Nova's periodic task defs include a lot of spacing=CONF.xxx as well	15:22
lucasagomes	devananda, yes, and it's broken	15:22
devananda	lucasagomes: in nova?	15:22
lucasagomes	devananda, yeah	15:22
devananda	hah!	15:22
devananda	um	15:22
lucasagomes	I had a chat with markmc about it	15:22
devananda	that's a pretty serious bug	15:22
devananda	where's teh LP bug?	15:23
lucasagomes	lemme see if there's one	15:23
devananda	I'd think that would matter to a LOT of people	15:23
*** ndipanov has quit IRC		15:24
lucasagomes	devananda, yeah def	15:24
lucasagomes	that's why I think it should be fixed in oslo	15:24
lucasagomes	and not on specific projects	15:24
devananda	yep	15:24
*** ndipanov has joined #openstack-ironic		15:25
devananda	agordeev: ok, DIB doesn't actually support an offline mode. i'll add a comment to the review about hwo to work with it	15:30
devananda	posted	15:34
*** rpodolyaka has left #openstack-ironic		15:35
Shrews	devananda: did you delete the bit about sshd jumping on the bridge from the etherpad?	15:38
devananda	Shrews: is that still a problem?	15:38
Shrews	devananda: yes. agordeev just encountered it on the hp instance i loaned him	15:39
devananda	great	15:39
devananda	adding it back	15:39
devananda	done	15:41
*** vkozhukalov has joined #openstack-ironic		15:41
devananda	Shrews: tftpd-hpa: unrecognized service	15:42
devananda	ya'll had some notes on tftpd and symlinks?	15:42
Shrews	devananda: i haven't tried adam_g's latest patch	15:42
agordeev	devananda: i'm making it to work with regular linux bridges. It will allow us not to update libvirt on U12.04. What do you think does it worth adding?	15:43
Shrews	devananda: so, if you use patchset 21, you can hack it to work with this: http://paste.openstack.org/show/73376/	15:44
devananda	agordeev: aiui, we are using neutron's ovs support, so we need to continue using ovs, not regular linux bridge	15:45
devananda	agordeev: but I may be totally wrong	15:45
devananda	Shrews: oh, i see my problem. OFFLINE=True && files/apts/ironic changed	15:46
devananda	so stack.sh didn't install the updates	15:46
*** eghobo has joined #openstack-ironic		15:48
romcheg	Morning folks	15:49
romcheg	lucasagomes: Are you around?	15:49
agordeev	devananda: I'm talking about fake berametal nodes. They can use regular bridge without any problem. Neutron still continues to use ovs regardlessly	15:49
agordeev	romcheg: morning	15:49
lucasagomes	romcheg, hey, yes	15:49
NobodyCam	morning romcheg :)	15:49
romcheg	I was looking on these patches https://review.openstack.org/#/c/73005/6 and https://review.openstack.org/#/c/80187/3	15:50
romcheg	I'm concerned about do we need the last one?	15:50
*** matty_dubs is now known as matty_dubs\|lunch		15:52
dtantsur	ifarkas, https://etherpad.openstack.org/p/jjWcLDThTK	15:52
dtantsur	^^^ collection issues with F20 here	15:52
ifarkas	dtantsur, thanks, I will add the issues for centos	15:53
devananda	agordeev: neutron needs to be able to assign IPs to the those VMs, etc -- not just resond to DHCP BOOT request.	15:53
devananda	*respond	15:53
*** vkozhukalov has quit IRC		15:54
agordeev	devananda: it will able to do. There's no difference in what (virtual) network type used by fake baremetal nodes since it can be properly connected to neuron network	15:57
devananda	lucasagomes, romcheg: on 73005, I think we should take a close look at it and decide if we're going to land it this week, or hold off entirely	15:58
devananda	until Juno opens	15:58
devananda	it's a valuable addition to the API, but I haven't given it enough review time myself	15:58
devananda	dtantsur: 15:56:50 < pleia2> devananda, sdague fedora work is being tracked here: https://etherpad.openstack.org/p/fedora-on-gate last review outstanding to mostly get us there is here (needs reviews) https://review.openstack.org/#/c/69510/	15:59
dtantsur	devananda, thanks	16:00
pleia2	I've also been trying to make sure new nodepool commits going in won't break fedora	16:01
rloo	fwiw, romcheg, devananda. I think 73005 should be punted cuz I'm not sure you'll have time and it is Thurs already. Whatever changes you might want, I most likely won't get done before the end of this week (I'm off Fri).	16:02
devananda	agordeev: k, then it sounds OK. I would suggest checking with lifeless though - he's got a better grasp of the neutron bits here than I do at this point	16:03
lucasagomes	romcheg, looking	16:06
openstackgerrit	A change was merged to openstack/ironic: Check BMC availability in ipmitool 'validate' method https://review.openstack.org/68697	16:08
devananda	rloo: only issue i see so far is a) it needs a rebase, b) there is no API endpoint for /v1/drivers/{NAME}/	16:08
romcheg	lucasagomes: I just think that 80187 does not bring new fetures and can be easily replaced with rloo's patch	16:08
lucasagomes	romcheg, yeah... me too to be honest, idk it's fine to get only one driver but I don't see the real value on it	16:08
lucasagomes	devananda, that's what 73005 is bringing	16:09
devananda	rloo: it impelements /v1/drivers/{NAME}/properties but this URI doesn't appear to be discoverable from /v1/drivers/ or /v1/drivers/{NAME}	16:09
devananda	lucasagomes: i'm looking at 73005	16:09
openstackgerrit	A change was merged to openstack/ironic: Use range instead xrange to keep python 3.X compatibility https://review.openstack.org/79875	16:09
openstackgerrit	A change was merged to openstack/ironic: Fix misspelled impi to ipmi https://review.openstack.org/80216	16:09
lucasagomes	devananda, ack maybe 80187 should add a dependency on 73005	16:09
*** hemna has joined #openstack-ironic		16:09
devananda	ahh right	16:09
devananda	lucasagomes: if 80817 also included a /properties link	16:10
devananda	then yes	16:10
romcheg	+1	16:10
lucasagomes	yeah	16:10
devananda	ok -- so there's clearly room for optimization in how 80187 is getting its info from the DB, but that aside	16:11
lucasagomes	+1, he left a note there	16:11
devananda	are we comfortable enough with this API to land it this late?	16:11
romcheg	I'm also giving agordeev's patch to devstack a heavy test. Already found a few critical problems	16:11
NobodyCam	hahahahha: http://paste.openstack.org/show/TUBrrvg0iFZbEuYqQCK9/	16:11
devananda	/v1/drivers -> the list we have today	16:12
devananda	^ is missing links	16:13
devananda	/v1/drivers/NAME -> details of a driver plus link to properties	16:13
devananda	/v1/drivers/NAME/properties -> list of required & optional parameters	16:13
romcheg	+1, because right now the only information I got from /drivers/name is this: http://paste.openstack.org/show/73418/	16:13
romcheg	Giving a note that it queries all the drivers in the implementation, it's quite useless	16:14
devananda	seems like an incomplete API, but also, very useful information	16:14
devananda	we'll need to maintain API compatibility in Juno with this API -- thus my hesitation to land an incomplete /drivers API	16:15
devananda	even though I want to expose the list of required/optional driver params	16:15
romcheg	Let's postpose this to Juno	16:15
romcheg	Then we'll have enough time to think on in	16:15
devananda	lucasagomes: ?	16:16
lucasagomes	reading	16:16
lucasagomes	devananda, I would postpone as well, unless we are landing the properties patch as well	16:18
lucasagomes	but as rloo pointed she prefer it to be punted	16:18
lucasagomes	devananda, why we have to maintain the compability? cause of the icehouse release?	16:18
lucasagomes	I think that adding links and properties won't break that compatibility anyway, it's add more stuff not removing what we already have	16:19
lucasagomes	so I'm fine in postponing it	16:19
*** rpodolyaka has joined #openstack-ironic		16:19
devananda	see L115 of https://review.openstack.org/#/c/68258/5/reference/incubation-integration-requirements	16:20
* NobodyCam git's mo coffee.. brb		16:21
lucasagomes	devananda, right but we didn't graduate	16:21
devananda	lucasagomes: so technically, assuming we dont graduate, then yea, we dont have to maintain compat	16:21
lucasagomes	yea	16:21
devananda	lucasagomes: however we will have users, and they will probably care .... :)	16:21
lucasagomes	well I don't think we are going to break the compability by adding more stuff to that resources	16:21
lucasagomes	devananda, +1	16:21
romcheg	Who cares about users? :-P	16:21
lucasagomes	devananda, btw, I was thinking about proposing a session to the design summit about this	16:22
lucasagomes	devananda, why we didn't graduate, and how we can make sure that we are on the right path to graduate in juno	16:22
lucasagomes	set's some goals/expectatives there	16:22
lucasagomes	assign tasks to the active members of the community etc	16:22
devananda	lucasagomes: right - so, add drivers/NAME and drivers/NAME/properties now, so users of Icehouse can see this info w/o reading the code? -- seems valuable to me	16:22
devananda	lucasagomes: ++	16:22
romcheg	lucasagomes: +1 for the session	16:22
lucasagomes	devananda, romcheg ack I will propose it	16:23
lucasagomes	devananda, right, but u think people will benefit from seem these info?	16:23
lucasagomes	devananda, I think that the real benefit in having the properties in the api	16:24
lucasagomes	is for the driver	16:24
lucasagomes	that has to know which properties it needs to populate for the driver	16:24
lucasagomes	so we can kill that driver_parameters_map we have today in the Ironic driver	16:24
devananda	lucasagomes: you mean the nova driver	16:24
devananda	ah	16:24
lucasagomes	yeah	16:24
devananda	so	16:24
lucasagomes	I don't see a real benefits for the users in looking at that	16:24
devananda	IMO, that is orthogonal	16:24
devananda	anything which the nova driver needs to change per-instance needs to be mvoed to node.instance_info	16:25
lucasagomes	devananda, right	16:25
lucasagomes	hmmm	16:25
devananda	and the node.driver_info should never be changed by nova -- only by the deployer as a precondition to using Ironic with that chunk of hardware	16:25
lucasagomes	right	16:25
devananda	whcih is why exposing that in the API -- to users -- seems valuable to me	16:25
devananda	but it's a bit tangled up right now	16:25
lucasagomes	devananda, it might be exposing the wrong stuff tho	16:25
lucasagomes	while we don't have the intance_info	16:25
devananda	yep	16:26
devananda	it is	16:26
lucasagomes	many of those parameters will be moved afterwards	16:26
lucasagomes	it might be misleading	16:26
devananda	ok -- i'm convinced :)	16:26
lucasagomes	heh ok	16:26
*** vkozhukalov has joined #openstack-ironic		16:26
devananda	jroll: you guys are working on the instance_info stuff, ya?	16:26
jroll	devananda: yeah, I have a review up. lucasagomes has some comments but I haven't addressed them yet. have been distracted with other things	16:27
lucasagomes	devananda, jroll right yeah, I was mostly questioning the reason why we have nested dicts and lists for that field instead of a simply keypair=value kind of attribute	16:29
lucasagomes	and why we have some database field I think it was dictlarge or something	16:29
devananda	ahh right	16:29
jroll	right	16:29
devananda	when we last talked about that	16:29
devananda	the reason for nested dicts was ~ to stash all the config drive data in ironic and build it there	16:30
lucasagomes	build the instance metadata?	16:30
devananda	to which, my takeaway from the ensuing lengthy conversation was, ironic shouldn't be building a config drive	16:30
devananda	so it doesn't need a nested dict	16:30
lucasagomes	+1	16:30
lucasagomes	nova does it for us no?	16:30
devananda	right	16:30
lucasagomes	I mean we just "save" it	16:30
devananda	and ironic should expose any info back via the nova driver which nova needs to build the config drive	16:31
devananda	eg, what ports are bonded, etc	16:31
lucasagomes	ack yeah	16:31
lucasagomes	sounds more reasonable to me this approach	16:31
devananda	jroll: so you may want to read some backscroll -- this API patch https://review.openstack.org/#/c/73005/ is going to be affected by the instance_info work slightly	16:32
devananda	jroll: in as much as, moving params out of driver_info will change what that API exposes	16:32
lucasagomes	as an addon, the instance_info might also affect the validate of the drivers	16:32
lucasagomes	right now pxe looks for things like root_gb etc... to validate	16:33
jroll	devananda: right. I'd like to get the instance_info patch done, and the patch to move params out of driver_info done, before juno opens	16:33
jroll	lucasagomes: yep	16:33
NobodyCam	it will also impact the DIB work too	16:33
lucasagomes	dib?	16:33
NobodyCam	disk image builder	16:33
lucasagomes	yeah	16:33
*** Alexei_987 has joined #openstack-ironic		16:34
lucasagomes	the instance_info will affect dib?	16:34
lucasagomes	to build the image?	16:34
NobodyCam	well tripleo-incubator really	16:34
lucasagomes	ah	16:34
NobodyCam	https://review.openstack.org/#/c/72969/15/scripts/register-nodes	16:34
devananda	yea, tripleo-incubator // devtest	16:34
lucasagomes	right yeah	16:34
devananda	it'll also impact the nova driver	16:34
lucasagomes	yeah heh the whole chain	16:34
devananda	which, since it's in our tree, can be changed synchronously for now :)	16:35
lucasagomes	:D	16:35
lucasagomes	yay	16:35
openstackgerrit	Ghe Rivero proposed a change to openstack/ironic: Set boot device to PXE when deploying https://review.openstack.org/79892	16:35
openstackgerrit	Ghe Rivero proposed a change to openstack/ironic: Driver utils should raise unsupported method https://review.openstack.org/79964	16:35
lucasagomes	devananda, NobodyCam btw, another thing I see that in our tox.ini the pep8 tests for the nova driver is disabled	16:35
devananda	jroll: can you do it without nested dict?	16:35
lucasagomes	but should it be disabled? I think unittests disabled grand, but maybe we should leave pep8	16:36
lucasagomes	it's good to identify small syntax problems	16:36
jroll	devananda: if we go the route of "nova generates configdrive", yes. I need to look at all the details of that.	16:36
lucasagomes	and things like that variable ur trying to access doesn't exist	16:36
jroll	devananda: I just don't want a bunch of chatter back and forth between nova and ironic just to get the configdrive built	16:36
devananda	lucasagomes: ah. to run pep8 tests on it, i think we need to actually install all of nova in the .venv and then pep8 that	16:36
devananda	lucasagomes: otherwise imports will fail, etc	16:37
lucasagomes	devananda, ohh	16:37
lucasagomes	feck	16:37
lucasagomes	true	16:37
* lucasagomes checks		16:37
devananda	lucasagomes: imbw :)	16:37
* lucasagomes googles imbw		16:37
lucasagomes	heh	16:37
lucasagomes	ok	16:37
lucasagomes	np lemme check	16:37
devananda	jroll: fwiw, I would like to see all the info that nova needs be returned in a single API call	16:37
jroll	devananda: of course	16:39
devananda	Shrews: were you working on 80022?	16:43
Shrews	devananda: yes, and it makes me look forward to the day python 2.6 is no longer supported	16:44
devananda	indeed!	16:44
lucasagomes	Shrews, yeah! dict comprehension!!!	16:45
jroll	if I'm using auth_strategy=noauth, should ironic still be asking me for username/etc?	16:46
jroll	s/ironic/ironicclient	16:46
*** killer_prince is now known as lazy_prince		16:46
devananda	jroll: openstack still wants either a username or a token	16:48
devananda	jroll: export OS_AUTH_TOKEN=fake	16:49
jroll	got it, thanks	16:49
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Enable pep8 tests for the Nova Ironic Driver https://review.openstack.org/80335	16:49
devananda	critical patches in need of reviews: https://review.openstack.org/#/c/79964/ and https://review.openstack.org/#/c/79892/	16:49
lucasagomes	seems it works :)	16:49
devananda	lucasagomes: sweet! I'll approve once it passes J	16:50
lucasagomes	devananda, cheers	16:50
devananda	NobodyCam: https://review.openstack.org/#/c/79906/ could use eyes	16:50
* NobodyCam looks		16:51
NobodyCam	devananda: lucasagomes is InstanceNotFound the correct execption for a deleted node. I can see how it fits, maybe worth adding a InstanceDeleted execption for? thoughts?	16:56
Shrews	ooh, testtools assertRaises returns the exception. /me hugs lifeless	16:57
devananda	NobodyCam: see the conversation wtih comstud	16:57
lucasagomes	NobodyCam, yeah according to comstud that's the right exception because nova will set instance ERROR to any other exception but InstanceNotFound which it will treat as a race with delete	16:57
devananda	NobodyCam: tldr - if spawn() raises taht error, Nova knows how to handle it	16:57
NobodyCam	ahhh :) ok that makes sense	16:58
NobodyCam	what hit me as odd was that is the same error rasied for not findng the ironic host	16:59
*** martyntaylor has quit IRC		17:02
agordeev	for unknown reason neutron router doesn't work properly. And i don't see qrouter-<uuid> net namespace	17:05
agordeev	has anybody else faced this issue? ^	17:06
devananda	lifeless: ^ ?	17:06
devananda	adam_g: agordeev: I am now getting an error where devstack tries to start n-obj twice, naturally the second one fails with port already in use	17:06
NobodyCam	bbt...brb	17:06
*** snakehunter has joined #openstack-ironic		17:07
adam_g	devananda, that should be addressed by https://review.openstack.org/#/c/78581/	17:08
agordeev	devananda: fix for n-obj was merged into devstack not a long time ago.	17:09
agordeev	seems the patchset need to be rebased	17:09
devananda	ah	17:09
* agordeev have clicked on rebase		17:10
*** matty_dubs\|lunch is now known as matty_dubs		17:10
devananda	Filter ComputeCapabilitiesFilter returned 0 hosts	17:10
*** harlowja_away is now known as harlowja		17:10
devananda	failing extra_specs requirement	17:13
devananda	it's failing the "if cap is None:" check	17:16
devananda	inside compute_capabilities_filter.py	17:17
*** romcheg has quit IRC		17:17
NobodyCam	post bbt walkies ... bbiafm	17:21
devananda	anyone have devstack with a booted node right now?	17:22
devananda	i'm curious if my flavor / node defs differ from yous	17:22
*** tatyana has quit IRC		17:24
NobodyCam	I have tripleO / dib booted version	17:24
*** derekh has quit IRC		17:25
NobodyCam	http://paste.openstack.org/show/B8zvO56Cf0Fb7ZiZ8pIV/	17:25
devananda	http://paste.openstack.org/show/73433/	17:26
devananda	NobodyCam: and your node properties?	17:27
NobodyCam	http://paste.openstack.org/show/Wr4DMh0hxDB5GgRMRTN0/	17:30
NobodyCam	looks like a match to me	17:30
devananda	as soon as i remove cpu_arch: from extra_specs, it works	17:31
devananda	and yet it looks like a match to me, too	17:32
*** blamar has joined #openstack-ironic		17:32
adam_g	agordeev, any objection to changing the default ssh port from 2222 to 22? someone mentioned in etherpad that 2222 has issues on fedora/SElinux	17:33
devananda	adam_g: there is already ssh running on port 22 in the devstack-gate environment	17:33
devananda	adam_g: check with infra to see if they're OK with us modifying it. As long as we only add an auth'd key, I think it'll be fine	17:34
adam_g	devananda, well, theres already ssh running on 22 usually anyway. im saying just use that instead of reconfiguring ssh at all	17:34
*** max_lobur has quit IRC		17:35
devananda	adam_g: sure. but infra will care more if we modify sshd in their environment than your average devstack user :)	17:36
NobodyCam	devananda: anything odd in your nova.conf ... could there be a left over instance_type_extra_specs setting by change	17:38
openstackgerrit	A change was merged to openstack/ironic: Make the Nova Ironic driver to wait for ACTIVE https://review.openstack.org/79906	17:39
devananda	odd	17:39
devananda	devstack didn't change my nova.conf to use ironic	17:39
NobodyCam	oh that could do it	17:41
devananda	gah	17:41
devananda	NobodyCam: thanks ...	17:41
devananda	NobodyCam: i should have realized that issue earlier. Old VM, still had a localrc that enabled Ironic -- but it was missing VIRT_DRIVER=ironic :(	17:41
* devananda restacks		17:41
*** jistr has quit IRC		17:42
NobodyCam	hehehe :)	17:42
*** snakehunter has quit IRC		17:42
lifeless	devananda: agordeev: Hi, neutron q?	17:42
NobodyCam	morning lifeless :)	17:45
*** jbjohnso_ has quit IRC		17:46
*** Alexei_987 has quit IRC		17:46
*** Hefeweizen has quit IRC		17:48
*** Hefeweizen has joined #openstack-ironic		17:48
*** athomas has quit IRC		17:48
*** ndipanov has quit IRC		17:51
devananda	NobodyCam: http://paste.openstack.org/show/1bnYJUpmEGmSXwTNruFs/ -- should perhaps just be caught and not logged?	17:51
NobodyCam	humm my power state is none, should be off	17:51
NobodyCam	humm I thought we had a try around the remove	17:52
lucasagomes	ack, I'm off of the day	17:55
lucasagomes	going home, came to the office today	17:55
NobodyCam	have a good night lucasagomes	17:55
NobodyCam	have a beer for me	17:55
devananda	g'night lucasagomes!	17:55
lucasagomes	NobodyCam, devananda thanks! g'night!	17:56
*** lucasagomes has quit IRC		17:56
NobodyCam	ahh guess I should have checkd node validate ...doh	17:56
NobodyCam	SSH key file /mnt/state/var/lib/ironic/virtual-power-key not found.	17:56
NobodyCam	kinda a biggie	17:56
*** rpodolyaka has quit IRC		17:57
lifeless	NobodyCam: you shouldn't need that file for Ironic	17:57
lifeless	NobodyCam: IMNSHO	17:57
lifeless	NobodyCam: the power key should be passed into the API, since its per node	17:58
*** Lotus907efi- is now known as Lotus907efi		17:58
devananda	NobodyCam: the name of the key is passed into the API. the actual privatekey file is not	17:58
devananda	lifeless: ^ meant that for you	17:59
NobodyCam	lifeless: it is passed in ironic takes a file for ssh user key	17:59
lifeless	devananda: I know, I'm saying that seems like a bug to me.	17:59
devananda	lifeless: "not storing a private key in a DB" is an interesting bug	17:59
lifeless	devananda: since it means we have to reconfigure all the conductors via heat to add another VM host	17:59
devananda	huh?	18:00
lifeless	devananda: its either in the seed Heat DB or its in the Ironic DB	18:00
*** rpodolyaka has joined #openstack-ironic		18:00
lifeless	devananda: you wouldn't suggest passing in a path reference to a file with IPMI password in it, would you?	18:00
devananda	lifeless: fwiw, I think passing the private key contents via APIs is a bug	18:01
lifeless	devananda: credentials are credentials	18:02
devananda	clearly, though, it was a design choice which I do not undersatnd yet :)	18:02
devananda	NobodyCam: have a minute for https://review.openstack.org/#/c/79964/ ?	18:02
lifeless	devananda: I'm not arguing that things are 'right', but I don't see why IPMI creds should be special vs ssh creds, both are equivalent as far as Ironic is concerned.	18:03
devananda	lifeless: sure. and you can pass in the user/pass for SSH too	18:03
lifeless	devananda: ok, so why is a key file handled differently?	18:04
devananda	lifeless: i have a strong adverse reaction to storing a private key in a database and exposing it via a REST API	18:04
devananda	lifeless: whether or not it's functionally equivalent in this particular case	18:04
lifeless	devananda: do you disagree that the key file is equivalent in this case?	18:04
devananda	here's how it is different	18:05
devananda	in my opinion	18:05
devananda	today, a "user" with API access can find out the name of the key file	18:06
NobodyCam	devananda: was there a bug # for 79964?	18:06
devananda	but unless they have access to the ironic-conductor host(s), they can not get the content of that key, and therefor cn not get access to the host which is managing the VMs	18:06
devananda	NobodyCam: same bug as https://review.openstack.org/#/c/79892/ -- it's a prereq for that patch	18:06
lifeless	devananda: and if someone uses a user+pass rather than key file ?	18:07
devananda	lifeless: so for providers who want to separate SSH access to the hosts on which the VMs are being managed, this is imortant	18:07
devananda	lifeless: well, then they're exposing that risk.	18:08
lifeless	devananda: and anyone using IPMI exposes it too	18:08
lifeless	devananda: but I don't know if you know this, user+password is less safe than keys, because keys we can lock down to limited operations.	18:08
devananda	network isolation would mitigate that	18:08
lifeless	devananda: I don't understand	18:09
lifeless	devananda: you seem to be saying that an org might permit users to deploy to baremetal and run the own DB and API but not the conductors	18:12
devananda	lifeless: s/the/their/ ?	18:12
lifeless	devananda: so for any real environment they'd have complete ability to run anything on baremetal anywhere	18:13
devananda	lifeless: i'm suggesting that some orgs might separate "users of nova" and "users of ironic" and "operators of the cloud infra" into three distinct privilege groups	18:14
devananda	and the "users of ironic" would not have physical or network access to the ir-cond hosts or the ironic database	18:14
devananda	the "users of nova" would not have access to ir-api, either	18:15
devananda	lifeless: but I suspect we've side tracked sufficiently at this point	18:16
lifeless	devananda: but the creds are only accessible to operators of cloud infra + users of Ironic	18:16
lifeless	devananda: so nova is irrelevant	18:16
lifeless	devananda: (in principle, I know keystone v3 etc etc)	18:16
lifeless	devananda: users of Ironic add and remove machines	18:17
lifeless	devananda: in the above definition?	18:17
devananda	lifeless: your concern is not having to update a key FILE stashed on each condcutor when you bring a new VM host online, yes?	18:17
lifeless	yes	18:17
lifeless	e.g. to have an API :)	18:17
devananda	lifeless: could the new VM host share the same public key list as existing VM hosts?	18:17
lifeless	devananda: I don't think thats a reasonable constraint	18:18
devananda	why not?	18:18
devananda	the public key list is, presumably, something you injected via Heat when deploying the VM host(s)	18:18
lifeless	no	18:18
russell_h	it feels like if you want Ironic to manage your VM, its not unreasonable to have to put Ironic's public key on your VM	18:19
lifeless	its generated on the hosts and pushed to jenkins slaves via gear	18:19
lifeless	so we can obviously change that but that then makes all vm hosts have the same key, which I have an adverse reaction to - the same as having the same IPMI admin password on multiple physical hosts	18:19
devananda	lifeless: a public key list is commonly passed in via ec2 metadata for all nova instances that i've ever used	18:20
devananda	ahh	18:20
devananda	we have different security models	18:20
lifeless	the key is extremely limited in use	18:20
devananda	me: guard the key	18:20
lifeless	we have admin keys pushed in via ec2 obviously	18:20
devananda	you: make the key very limited	18:20
lifeless	but they are totally irrelevant for testing, since we don't trust anyone to have baremetal access to these machines	18:21
devananda	right. so create a second limited-access key, just for ironic's SSH driver, and share that	18:21
lifeless	the key will let you start / stop / enumerate vms and copy a seed disk file to a seed vm	18:22
openstackgerrit	A change was merged to openstack/ironic: SeaMicro use device parameter for set_boot_device https://review.openstack.org/80221	18:22
lifeless	devananda: we do that	18:22
devananda	it would be no less secure than what you have now, except the private key wouldn't be publicly accessible	18:22
lifeless	devananda: but you said 'make the key the same on all hosts'	18:22
lifeless	devananda: which as I said, adverse reaction.	18:22
devananda	or generate N keys where N == num hosts	18:22
lifeless	devananda: and the private key would be totally accessible since jenkins slaves still need it	18:22
devananda	or where N >> num hosts	18:22
lifeless	so I feel like you're arguing on behalf of some unknown environment, when for ssh driver AIUI there are precisely three users today - tripleo-ci, devstack, and local developers.	18:23
lifeless	for tripleo-ci, the VM hosts already exist, we think that giving jenkins slaves access to heat to inject more public keys is a terrible idea	18:24
lifeless	since it is equivalent to BM access, so we chose to hand out limited access ssh keys.	18:24
lifeless	For devstack-gate you have root on the machine, and its one machine so pretty much anything goes	18:26
* NobodyCam bangs head on keyboard... and with a sigh says "Remember to add the ssh key to the virsh server and not your local system."		18:26
devananda	lifeless: ok, so for tripleo-ci, i get why you do not want to change the list of allowable public keys	18:27
NobodyCam	\| power \| True	18:28
devananda	lifeless: what i dont get is why you need to inject the private key via ir-api, as opposed to copying the privkey into that host	18:28
lifeless	devananda: I said above that we either pass it in via Heat on the seed (to pass into the undercloud), or we pass it in via Ironic	18:28
russell_h	copying the public key into the host	18:28
lifeless	devananda: either way its an API	18:28
lifeless	russell_h: private key	18:29
russell_h	oh, the conductor host	18:29
lifeless	russell_h: think like IPMI, I have an appropriately configured security context already, and Ironic needs to play nice	18:29
russell_h	gotcha	18:29
russell_h	lifeless: right, I think I'm with you on this, its really no different than IPMI creds	18:29
*** dshulyak_ has joined #openstack-ironic		18:30
devananda	russell_h: yea, ir-cond needs the pprivkey to SSH to the host where the (fake vbaremetal) VMs are	18:30
*** romcheg has joined #openstack-ironic		18:30
russell_h	right	18:31
russell_h	I just don't see why there isn't just one private key	18:31
devananda	lifeless: so I dont qute followwhat you mean by "pass it in via Heat on the seed"	18:31
russell_h	and you put a public key with restricted access on any box you want Ironic to manage	18:31
lifeless	devananda: Using the Heat API for this seems ugly because it means that a different administrative domain has access to the key, vs passing it directly to the thing that needs it	18:31
russell_h	at least, if I was building this in isolation thats how I'd do it	18:31
russell_h	but given Ironic's model for managing IPMI creds, I'm with lifeless that it sort of makes sense to just put it in the database	18:32
russell_h	for a limited definition of "makes sense"	18:32
lifeless	russell_h: that means writing an API to take public keys and configure them with secured access on the vm host	18:32
lifeless	russell_h: note that many tests use one host at any point in time - we divide up the host into logical partitions	18:32
lifeless	devananda: we have four ways to get files onto an undercloud host:	18:33
lifeless	- ssh with the deployer credentials. Ugly. Terrible for Tuskar.	18:33
lifeless	- bake into the image. Ugly. Makes images include security sensitive contents, making them equivalent to the credentials.	18:33
lifeless	- supply via metadata (heat or ec2). Known and robust, but means the creds are stored by the cloud below persistently.	18:34
lifeless	- use some relevant API - e.g. we put image files into the undercloud by using glance-API.	18:34
lifeless	In the same way that I don't want to put the ramdisk and kernel they undercloud should be using to deploy things into the undercloud via ssh or heat or baking into the image :)	18:35
lifeless	devananda: but the big thing for me, is that these sequences of bits are entirely equivalent to IPMI	18:36
lifeless	devananda: and I haven't heard any explanation of how they are different other than 'well if the IPMI network is firewalled so only conductors can access it'... which applies equally well to SSH access to the VM hosts.	18:36
russell_h	well	18:37
lifeless	devananda: but, I'm going to drop this - you're trying to get tripleo-incubator working, I was merely trying to point out a way to make it a lot easier and more natural, and if you feel like the tradeoff is worth it, I have much bigger things to sort out	18:38
russell_h	except I'm a lot less likely to firewall off SSH than I am IPMI	18:38
russell_h	given that presumably people want access to the gear they provisioned	18:38
lifeless	russell_h: huh? no. the vm hosts may (probably are) addressible on an entirely different network to the emulated baremetal machines you deploy on them	18:39
lifeless	russell_h: those would (in a multihost setup) likely be on either a VLAN or an overlay network	18:39
russell_h	ah, gotcha	18:39
russell_h	either way, I buy it	18:39
russell_h	put all the credentials in the same place	18:40
lifeless	russell_h: I mean, sure, you can bridge eth0 of the vm host onto brbm, and have Neutron serving DHCP to both the vm hosts and the emulated BM nodes	18:40
russell_h	and if that place isn't good enough, lets make it better	18:40
lifeless	russell_h: but I think you'd go mad with that as a development environment	18:40
lifeless	also, I just realised I've been pushy here. Sorry - 0530 wakeup with Cynthia does not a stable Robert make.	18:41
NobodyCam	oh in tripleo's setup ironic is running in a different venv then nova	18:41
devananda	lifeless: stepping back -- the goal being integrate ironic and tripleo -- ironic supports key filenames or passwords today.	18:42
lifeless	NobodyCam: it may be, its not guaranteed. It might be on a totally different machine.	18:42
*** mdurnosvistov_ has joined #openstack-ironic		18:42
devananda	lifeless: can we make this work? or do we need to retool the ironic API and SSH driver -- either now (during feature freeze) or after Juno opens?	18:42
NobodyCam	oh that will make getting the nova driver very tuff.. :-p	18:43
openstackgerrit	A change was merged to openstack/ironic: Driver utils should raise unsupported method https://review.openstack.org/79964	18:44
* NobodyCam cheets by manually installing ironic in nova venv		18:44
lifeless	NobodyCam: you should do that yes	18:44
lifeless	NobodyCam: its not cheating	18:44
lifeless	NobodyCam: make a new element, nova-ironic	18:44
devananda	NobodyCam: lifeless: for tripleo, you'll need to install ironic on what ever host is running n-cpu	18:44
devananda	to get the driver	18:44
lifeless	NobodyCam: it should do that glue.	18:44
devananda	right	18:44
lifeless	same as e.g. nova-kvm installs libvirt	18:44
lifeless	devananda: so, the minimal delta is to support only one physical machine and pass it in like we do the nova-bm key	18:45
lifeless	devananda: which is via heat	18:45
devananda	lifeless: iow, pass the private key contents to ironic-api?	18:46
lifeless	devananda: this couples the test environment to our tooling, which I'm quite unhappy about, but it will work	18:46
lifeless	devananda: no, pass the private key contents to the heat thats deploying Ironic	18:46
devananda	k	18:46
openstackgerrit	A change was merged to openstack/ironic: Set boot device to PXE when deploying https://review.openstack.org/79892	18:46
NobodyCam	heheheheheh 75a49c8d-f48d-496d-8fa2-368e66dc681c \| f168c2a9-f801-4f33-98ac-5edcd3118122 \| power off \| deploying	18:53
NobodyCam	power on \| wait call-back	18:54
openstackgerrit	Devananda van der Veen proposed a change to openstack/ironic: Stop logging paramiko's DEBUG and INFO messages https://review.openstack.org/80365	18:55
devananda	tiny fix ^	18:55
devananda	super helpful for folks using devstack :)	18:55
lifeless	oh hmm	18:59
lifeless	btw paramiko.AutoAddPolicy	18:59
openstackgerrit	David Shrewsbury proposed a change to openstack/ironic: Suppress conductor logging of expected exceptions https://review.openstack.org/80022	18:59
lifeless	I think that really should be don't add	18:59
lifeless	(and don't load the host keys)	18:59
lifeless	but thats a different discussion	18:59
Shrews	oh nice. that automatically assigned me devananda's bug. pfft	19:03
devananda	haha	19:03
Shrews	now i KNOW you're the devil	19:03
devananda	;)	19:04
lifeless	does parse_driver_info execute on the conductor ?	19:04
devananda	yes	19:05
NobodyCam	humm ok something up with pxe... getting ip but then cant find configuration file	19:05
NobodyCam	thou I should rebuild now at 79892 landed	19:07
NobodyCam	brb	19:07
NobodyCam	maybe bbiafm	19:07
devananda	adam_g: have you changed something in the templates to add a txt console to the VMs?	19:09
adam_g	devananda, no, i haven't	19:09
devananda	adam_g: have you gotten a text console? :)	19:09
devananda	i suspect i'm at the "its not accessing tftpboot" stage, even though I thought you fixed that	19:10
adam_g	devananda, no, i've just been using virt-manager via ssh to look at console	19:10
adam_g	devananda, you should get some tftpd logging to syslog to confirm whether or not the node is hitting it, and if so how far its getting	19:10
Shrews	that bugs me that virt-manager can get to the console, but virsh cannot (rather, i don't know HOW to make virsh do it)	19:13
*** rpodolyaka has quit IRC		19:13
devananda	right - DHCP ACK and files are where tftpd says they should be	19:15
adam_g	so the node are successfully pulling their kernel, ramdisk and later token?	19:16
adam_g	devananda, also looking at comments @ https://review.openstack.org/#/c/70348/22..23/lib/baremetal... BM_DEPLOY_FLAVOR also needs to point to deploy-ironic element if we're using ironic. is lib/baremetal good to go away at this point?	19:18
*** vkozhukalov has quit IRC		19:18
devananda	adam_g: looks like it's not pulling the token	19:18
adam_g	i was hoping to land what we have and then remove lib/ironic's dependency on lib/baremetal.. then lib/ironic can contain all of its own defaults	19:18
devananda	adam_g: ++	19:19
adam_g	devananda, is it tftp showing a file not found error?	19:19
devananda	adam_g: removing lib/baremetal is a very good idea. anything we need (eg, upload_baremetal_ramdisk) should be moved over	19:19
devananda	hm, no. wondering if this ramdisk doesn't have the deploy-ironic element	19:19
*** dshulyak_ has quit IRC		19:20
* devananda rebuilds ramdisk, restacks		19:22
devananda	afk a bit	19:25
* NobodyCam thinks ummm lunch		19:26
*** max_lobur has joined #openstack-ironic		19:26
*** mdurnosvistov_ has quit IRC		19:28
openstackgerrit	lifeless proposed a change to openstack/ironic: Permit passing SSH keys into the Ironic API https://review.openstack.org/80376	19:29
lifeless	devananda: ^ that should do what I want, without compromising the other use cases you have	19:29
*** max_lobur has quit IRC		19:36
*** rloo has quit IRC		19:37
*** rloo has joined #openstack-ironic		19:37
*** max_lobur has joined #openstack-ironic		19:38
*** eghobo has quit IRC		19:45
openstackgerrit	Russell Haering proposed a change to openstack/ironic: Expose API for fetching a single driver https://review.openstack.org/80187	19:51
russellb	russell_h: i get an IRC notification every time you post a patch :-)	19:51
russellb	i'm going to be very on top of what you're working on, hehe	19:52
russell_h	russellb: perfect :)	19:52
russell_h	I had to turn off my "russell" highlight when I joined openstack channels	19:53
russellb	ha	19:53
NobodyCam	ahh good catch devananda i to forgot to use deploy-ironic	19:59
NobodyCam	brb walkies	20:02
devananda	still not getting a tftp fetch of the token	20:04
devananda	gotta run an errand, bbiab	20:04
*** rpodolyaka has joined #openstack-ironic		20:14
*** rpodolyaka has quit IRC		20:19
*** dwalleck has joined #openstack-ironic		20:19
*** rpodolyaka has joined #openstack-ironic		20:32
*** vkozhukalov has joined #openstack-ironic		20:32
*** eghobo has joined #openstack-ironic		20:35
*** rpodolyaka has quit IRC		20:39
*** eghobo has quit IRC		20:40
*** rpodolyaka has joined #openstack-ironic		20:40
lifeless	devananda: I'd like to know if its small enough to FFE (or even doesn't need it); e.g. should I polish it and/or shepard it, or just leave it as a POC ?	20:41
openstackgerrit	lifeless proposed a change to openstack/ironic: Permit passing SSH keys into the Ironic API https://review.openstack.org/80376	20:43
*** eghobo has joined #openstack-ironic		20:44
openstackgerrit	lifeless proposed a change to openstack/ironic: Permit passing SSH keys into the Ironic API https://review.openstack.org/80376	20:45
*** eghobo has quit IRC		20:47
*** jdob has quit IRC		20:47
*** eghobo has joined #openstack-ironic		20:47
openstackgerrit	Dan Prince proposed a change to openstack/ironic: Run ipmi power status less aggressively https://review.openstack.org/80400	20:53
*** mdurnosvistov_ has joined #openstack-ironic		20:56
jroll	is there documentation on the configs needed to use the ironic driver?	20:56
lifeless	jroll: should be in the config opts in the driver	20:58
jroll	lifeless: I mean the nova configuration. e.g. I know I need to set compute_driver, is there other things?	20:59
jroll	lifeless: I guess I'm just wondering if there's anything written down before I go source-diving	21:00
lifeless	jroll: yes, thts what I thought you meant.	21:03
lifeless	jroll: see ironic/nova/virt/ironic/driver.py	21:03
lifeless	api version, api endpoint, etc etc	21:03
jroll	right, probably under an [ironic] section?	21:03
lifeless	yes	21:03
jroll	ok	21:03
lifeless	line 45-75 of that file	21:03
jroll	right, I got that	21:04
lifeless	:)	21:04
openstackgerrit	lifeless proposed a change to openstack/ironic: Fix typo tenet -> tenant https://review.openstack.org/80403	21:05
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Enable pep8 tests for the Nova Ironic Driver https://review.openstack.org/80335	21:23
*** linggao has quit IRC		21:25
*** dwalleck has quit IRC		21:26
*** dwalleck has joined #openstack-ironic		21:39
lifeless	NobodyCam: btw https://review.openstack.org/80403 should allow you to take the nodes vector and shove it straight into Ironic with minimal changes, just map the fields and done.	21:42
NobodyCam	ohhhh /me clicks	21:42
NobodyCam	lifeless: ^^^ fixes a help string?	21:43
lifeless	NobodyCam: oh nuts, I mean https://review.openstack.org/80376	21:43
NobodyCam	:-p	21:43
NobodyCam	ahh neet.. How about on the client end? will we want to show the key_contents data of some kind of isSet flag	21:46
NobodyCam	I can see some like show the keys comment if set, so that we aren't actually showing the key itself	21:47
NobodyCam	s/some/something/	21:47
*** max_lobur has quit IRC		21:47
lifeless	NobodyCam: well, what do we do for IPMI passwords ?	21:47
lifeless	NobodyCam: I think we should do the same	21:47
*** dwalleck has quit IRC		21:48
NobodyCam	good question, I think we just show it	21:48
lifeless	so see the discussion above for long thoughts on it, but given this is optional, I'd say just do the same as for passwords	21:50
lifeless	folk with particular concerns can a) use key paths, b) help make credential storage better for all of Ironic	21:50
NobodyCam	yay for b !!!	21:51
*** matty_dubs is now known as matty_dubs\|gone		21:52
*** hemna has quit IRC		22:14
*** rpodolyaka has quit IRC		22:15
*** rpodolyaka has joined #openstack-ironic		22:18
openstackgerrit	lifeless proposed a change to openstack/ironic: Permit passing SSH keys into the Ironic API https://review.openstack.org/80376	22:19
lifeless	NobodyCam: ^ tests and pep8 fixed	22:21
NobodyCam	:)	22:21
*** mrda_away is now known as mrda		22:26
mrda	morning all	22:26
NobodyCam	morning mrda	22:26
mrda	Hi NobodyCam	22:26
NobodyCam	:)	22:27
*** hemna has joined #openstack-ironic		22:28
*** mdurnosvistov_ has quit IRC		22:29
lifeless	NobodyCam: so if this looks useful, I might let you do the client stuff? devananda hasn't weighed in yet though, so it might be a non-starter :)	22:34
* devananda looks		22:35
devananda	NobodyCam: i'm refactoring the _require_node() method in nova.virt.ironic.driver -- it's not catching cases where ironic has already disassociated the instance but nova has an old cache	22:36
devananda	eg, in destroy	22:36
NobodyCam	ack :)	22:37
*** eguz has joined #openstack-ironic		22:40
*** eghobo has quit IRC		22:43
comstud	so.. i have an ironic auth related question	22:44
comstud	wrt to nova	22:44
comstud	or maybe not even nova	22:45
lifeless	shoot	22:45
comstud	but how do you do noauth ?	22:45
comstud	assuming that ironic api is on a secured network	22:45
lifeless	teach keystone I would assume	22:46
comstud	i'd not want ironic unnecessarily query auth, because it's just extra latency and point of failure	22:46
comstud	well, i want keystone out of the way	22:46
comstud	we can configure ironic as noauth	22:46
comstud	but the clients all require creds :-/	22:46
comstud	although i think you can pass in a fake token and that seems to work	22:46
lifeless	comstud: use a signed token they don't need keystone chatter	22:47
*** jgrimm has quit IRC		22:47
comstud	i think the nova ironic driver needs to understand this and currently doesn't	22:47
devananda	comstud: ooh. good point	22:49
comstud	the driver's _get_client does a get_admin_context()	22:49
*** romcheg has quit IRC		22:49
comstud	and checks for 'auth_token' in it to pass it	22:49
devananda	comstud: with noauth in ironic, aiui, it's not checking keystone, but it still wants to receive credentials	22:49
comstud	but nova never sets that at all :)	22:49
comstud	unless you pass it in as a kwarg	22:49
devananda	sure	22:49
devananda	so	22:49
comstud	yeah	22:49
devananda	we've been using noauth only for isolated testing (eg, ironic w/o services)	22:50
comstud	we kludged something for now.. passing a fake token	22:50
devananda	if you have other services (eg, nova) then i am assuming you also have keystone	22:50
comstud	but required hard coding in the driver	22:50
devananda	and thereby real aoth	22:50
comstud	sure	22:50
comstud	but i don't want to add more queries to auth	22:50
comstud	:)	22:50
devananda	?	22:50
devananda	is the questiona bout noauth or reducing queries to keystone?	22:50
comstud	both? noauth doesn't query keystone, right?	22:50
devananda	afaik, it does not	22:51
comstud	right	22:51
comstud	the problem is:	22:51
comstud	I want to do noauth with ironicclient, but it doesn't allow it	22:51
devananda	but with auth enabled, i think both nova and ironic need to validate with keystone	22:51
devananda	we can't skip that	22:51
devananda	comstud: oh -- you want ironicclient not to need to pass a fake token :)	22:51
comstud	i think that's what I'm getting at... and then the corresponding support in nova :)	22:52
comstud	Or just a reasonable way of doing this in the nova driver without changing ironicclient would be acceptable	22:52
comstud	:)	22:52
comstud	but the other reason I bring this up is...	22:53
comstud	the nova driver seems to have support for passing in a pre-generated token	22:53
comstud	but that case can never be hit right now	22:53
devananda	right	22:53
devananda	taht's intentional	22:53
comstud	because nova_context.get_admin_context9) never sets .auth_token	22:54
comstud	(unless you pass it in to that method)	22:54
comstud	so conceivably I could add a config option that would do that	22:54
devananda	well. the "dont use the client's context" is intentional. ironic.driver line 180	22:54
comstud	admin_auth_token or something	22:54
comstud	yeah, maybe i'm not being clear	22:54
comstud	sec	22:54
comstud	https://github.com/openstack/ironic/blob/master/ironic/nova/virt/ironic/driver.py#L175	22:55
comstud	that 'else' is never hit right now	22:55
comstud	because ctx.auth_token is always None	22:55
devananda	ahh	22:55
devananda	ok, didn't realize that	22:55
comstud	because nova_context.get_admin_context9) above	22:55
comstud	never passes one in	22:55
comstud	so I'm thinking about adding a config option to support that	22:56
comstud	admin_auth_token or something	22:56
devananda	so we explicitly want to avoid passing the existing user context to ironic	22:56
comstud	correct, i'm not proposing changing that	22:56
devananda	whether the operator needs to configure a separate user account and supply that to nova, or just fall back to the admin context -- either is fine _for now_.	22:56
comstud	i'd just like an option to say "here's an admin token that's always good"	22:57
devananda	++	22:57
comstud	which for the noauth case could just be "fake"	22:57
comstud	:)	22:57
comstud	ok	22:57
devananda	comstud: also see my note there -- we shouldn't need to recreate the token or auth context for each request. it is cacheable, so we should cache it in the driver (or somewhere) IMHO	22:57
comstud	yeah, although the client is what has the token	22:58
devananda	I couldn't find precedent in Nova for that after a brief and not exhaustive search, so i just left a note :)	22:58
comstud	ironicclient i mean	22:58
comstud	it's getting it from keystone itself	22:58
devananda	right	22:58
devananda	but that icli object can be cached	22:58
comstud	gotcha	22:58
comstud	yep	22:58
devananda	it's not related to the resources being operated upon	22:58
comstud	so	22:58
comstud	there was a case where we were doing this before	22:58
comstud	for quantum at the time	22:58
devananda	ahhh	22:58
comstud	but it didn't use a pool correctly or at all :)	22:59
comstud	so you'd get multiple greenthreads using the connection at the same time	22:59
comstud	on random occasions	22:59
comstud	hehe	22:59
devananda	heh	22:59
*** rpodolyaka has quit IRC		22:59
devananda	fun	22:59
devananda	comstud: unrelated nova question for you	23:00
comstud	although i'm not sure that would happen here	23:00
comstud	i'm guessing each ironic_call creates a new connection	23:00
comstud	but has the token cached is all	23:00
devananda	when destroy() fails because the instance is already gone from the hypervisor, how is that handled today?	23:00
comstud	so auth only queried on the first one	23:00
*** eguz has quit IRC		23:00
comstud	we just clean things up	23:00
comstud	on the nova side	23:00
comstud	or should :)	23:01
devananda	comstud: if the token is cached and shareable, then i think it's fine for each icli object to establish a new HTTP connection, yea	23:01
devananda	it's not ...	23:01
comstud	i haven't looked at it in a while	23:01
comstud	devananda: yes, it's fine	23:01
comstud	(some sort of keep-alive option in our clients would be nice at some point, but that's another issue entirely)	23:02
comstud	checking on the destroy case just to refresh myself	23:02
devananda	_delete_instance -> _shutdown_instance	23:03
comstud	it looks like if it's gone from the hypervisor	23:03
devananda	if that raises any exception, then _complete_deletion is not called	23:03
comstud	we try to deallocate network	23:03
comstud	rollback quota. hm weird	23:03
devananda	where i'm at right now is, the ironic node is already disassociated, so ironic has no record of the instance uuid	23:03
comstud	yeah	23:04
devananda	i'm changing our driver to raise InstanceNotFound when nova calls driver.destroy()	23:04
devananda	but that doesn't work	23:04
*** rpodolyaka has joined #openstack-ironic		23:04
comstud	i feel like the nova code is not quite correct here	23:04
devananda	it looks like the only thing that would work is just to return	23:04
devananda	let driver.destroy() silently succeed if there is no instance in ironic	23:04
comstud	i think so ATM	23:04
devananda	which feels dirty ...	23:04
comstud	yeah it does	23:04
comstud	just return because, well, you already did the work	23:05
comstud	no more work to do	23:05
devananda	k	23:05
comstud	but I think you hit on an interesting potential issue here in nova	23:05
comstud	there's most certainly an issue if you just manaully wiped the instance out on the hypervisor	23:06
NobodyCam	ahh seed needs a ram disk build with deploy and undercloud need one built on deploy-ironic	23:06
comstud	it looks like we do deallocate network	23:06
comstud	but we leave it counting against quota	23:06
devananda	comstud: yea. there are some odd corners there	23:07
devananda	that worked. have to just return	23:07
*** dwalleck has joined #openstack-ironic		23:09
*** dwalleck has quit IRC		23:09
*** dwalleck has joined #openstack-ironic		23:09
*** jgrimm has joined #openstack-ironic		23:15
*** rpodolyaka has quit IRC		23:17
devananda	NobodyCam: ugh, there's a nasty race condition here. I stuck a note in a while ago but didn't fix it	23:18
NobodyCam	:(	23:19
devananda	IronicDriver.spawn()	23:19
devananda	see the FIXME at the top	23:19
NobodyCam	BUT IT DOESN'T! :(	23:20
*** rpodolyaka has joined #openstack-ironic		23:20
*** dwalleck has quit IRC		23:21
devananda	the old nova-bm code used an atomic update-then-select operation	23:22
devananda	oooh	23:25
devananda	nvm	23:25
devananda	we did	23:25
devananda	ironic raises a NodeAssociated error if you try to replace the instance_uuid	23:25
devananda	the nova driver jsut isnt' catching it	23:26
*** eghobo has joined #openstack-ironic		23:34
NobodyCam	humm wait call back and then unable to locate configuration file	23:36
lifeless	devananda: so what do you think of my ssh patch?	23:42
devananda	i think i almost have this nova driver bug fixed :)	23:42
devananda	one sec	23:42
NobodyCam	ahh chmod on /tftpboot/pxelinux.cfg dir	23:51
devananda	Shrews: another exception to add to the wrapper around update_node() -- NodeAssociated	23:54

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!