Sunday, 2015-03-08

« Saturday, 2015-03-07 Index Monday, 2015-03-09 »
*** igordcard has joined #openstack-ironic00:39
*** spandhe has joined #openstack-ironic00:45
*** achanda has quit IRC00:46
*** romcheg has quit IRC00:54
*** devananda has quit IRC01:08
*** devananda has joined #openstack-ironic01:09
*** igordcard has quit IRC01:11
*** igordcard has joined #openstack-ironic01:28
*** slagle has quit IRC01:30
*** slagle has joined #openstack-ironic01:31
*** ParsectiX has quit IRC01:42
*** ParsectiX has joined #openstack-ironic01:42
*** Haomeng|2 has joined #openstack-ironic01:48
*** achanda_ has joined #openstack-ironic01:49
*** Haomeng has quit IRC01:50
*** igordcard has quit IRC01:54
*** achanda_ has quit IRC02:54
*** jcoufal has quit IRC02:57
*** jerryz_ has joined #openstack-ironic03:01
*** anderbubble has joined #openstack-ironic03:22
*** spandhe has quit IRC03:30
*** chlong has quit IRC03:50
*** lazy_prince has quit IRC03:59
*** killer_prince has joined #openstack-ironic04:00
*** killer_prince is now known as lazy_prince04:00
*** rwsu-afk has quit IRC04:24
*** subscope has joined #openstack-ironic05:05
*** Marga_ has joined #openstack-ironic05:35
*** Marga_ has quit IRC05:37
*** Marga_ has joined #openstack-ironic05:38
*** achanda has joined #openstack-ironic05:46
*** r-daneel_ has quit IRC05:54
*** gridinv has joined #openstack-ironic06:00
*** Marga_ has quit IRC06:11
openstackgerritRamakrishnan G proposed openstack/ironic: iscsi_ilo driver to support agent ramdisk  https://review.openstack.org/16244906:38
*** gridinv has quit IRC06:54
*** ukalifon has joined #openstack-ironic06:58
*** jcoufal has joined #openstack-ironic07:24
*** ParsectiX has quit IRC07:32
*** ParsectiX has joined #openstack-ironic07:32
openstackgerritRamakrishnan G proposed openstack/ironic: Refactor node capability methods to ironic/common  https://review.openstack.org/16245107:41
*** jcoufal has quit IRC07:44
*** jcoufal has joined #openstack-ironic07:45
*** jerryz_ has quit IRC07:47
*** erwan_taf has joined #openstack-ironic08:30
*** achanda has quit IRC08:30
*** erwan_taf has quit IRC08:37
*** gridinv has joined #openstack-ironic08:37
*** jerryz_ has joined #openstack-ironic08:39
*** andreykurilin_ has joined #openstack-ironic08:48
openstackgerritRamakrishnan G proposed openstack/ironic: Add driver interface for RAID configuration  https://review.openstack.org/15523008:59
*** jistr has joined #openstack-ironic09:11
*** subscope has quit IRC09:14
*** anderbubble has quit IRC09:17
*** jistr has quit IRC09:23
*** romcheg has joined #openstack-ironic09:26
*** kalpase has joined #openstack-ironic09:31
*** gridinv has quit IRC10:00
*** ukalifon has quit IRC10:06
*** jcoufal has quit IRC10:12
*** jcoufal_ has joined #openstack-ironic10:12
*** athomas has joined #openstack-ironic10:20
*** gridinv has joined #openstack-ironic10:39
*** chlong has joined #openstack-ironic10:40
*** ParsectiX has quit IRC10:46
*** ParsectiX has joined #openstack-ironic10:47
*** gridinv has quit IRC10:57
*** andreykurilin_ has quit IRC11:11
*** romcheg has quit IRC11:14
*** igordcard has joined #openstack-ironic11:14
*** ParsectiX has quit IRC11:15
*** chlong has quit IRC11:21
*** Marga_ has joined #openstack-ironic11:26
*** ParsectiX has joined #openstack-ironic11:29
*** jcoufal_ has quit IRC12:01
*** Marga_ has quit IRC12:08
*** ParsectiX has quit IRC12:37
*** ParsectiX has joined #openstack-ironic12:38
*** chlong has joined #openstack-ironic12:39
*** jcoufal has joined #openstack-ironic12:40
*** pleia2 has quit IRC13:01
*** anderbubble has joined #openstack-ironic13:26
*** kalpase1 has joined #openstack-ironic13:35
*** kalpase has quit IRC13:35
*** enikanorov_ has quit IRC13:36
*** alexpilotti has joined #openstack-ironic13:46
*** ukalifon has joined #openstack-ironic13:56
*** Haomeng has joined #openstack-ironic14:01
*** Haomeng|2 has quit IRC14:04
*** chlong has quit IRC14:06
*** jerryz_ has quit IRC14:12
*** pleia2 has joined #openstack-ironic14:14
*** kalpase1 has left #openstack-ironic14:26
*** igordcard has quit IRC14:46
*** dtantsur|pto has quit IRC14:52
*** ParsectiX has quit IRC15:11
*** ParsectiX has joined #openstack-ironic15:11
*** PaulCzar has quit IRC15:47
*** alexpilotti has quit IRC15:48
*** jerryz has joined #openstack-ironic15:58
*** r-daneel_ has joined #openstack-ironic16:11
*** r-daneel__ has joined #openstack-ironic16:12
*** r-daneel_ has quit IRC16:16
*** ParsectiX has quit IRC16:37
*** ParsectiX has joined #openstack-ironic16:37
*** mdbooth has quit IRC16:43
*** jerryz has quit IRC16:43
*** mdbooth has joined #openstack-ironic16:50
*** andreykurilin_ has joined #openstack-ironic16:57
*** ijw has quit IRC17:05
*** ijw has joined #openstack-ironic17:06
*** mdbooth has quit IRC17:24
*** gridinv has joined #openstack-ironic17:28
*** mdbooth has joined #openstack-ironic17:29
*** Marga_ has joined #openstack-ironic17:30
*** anderbubble has quit IRC17:32
*** andreykurilin_ has quit IRC17:38
*** ParsectiX has quit IRC17:48
*** ParsectiX has joined #openstack-ironic17:48
*** anderbubble has joined #openstack-ironic17:48
*** ParsectiX has quit IRC17:50
*** ParsectiX has joined #openstack-ironic17:51
*** gridinv has quit IRC18:07
*** anderbubble has quit IRC18:19
*** ParsectiX has quit IRC18:22
*** ParsectiX has joined #openstack-ironic18:22
*** Marga_ has quit IRC18:29
*** achanda has joined #openstack-ironic18:35
*** r-daneel__ has quit IRC18:47
*** spandhe has joined #openstack-ironic18:53
openstackgerritNisha Agarwal proposed openstack/ironic: Automate boot iso creation with in ironic for iscsi-ilo  https://review.openstack.org/15590018:59
*** jmccrory has joined #openstack-ironic19:01
*** ParsectiX has quit IRC19:03
*** ParsectiX has joined #openstack-ironic19:04
*** andreykurilin_ has joined #openstack-ironic19:17
*** achanda has quit IRC19:27
*** andreykurilin_ has quit IRC19:28
*** ukalifon has quit IRC19:32
*** Marga_ has joined #openstack-ironic19:32
*** achanda has joined #openstack-ironic19:32
*** achanda has quit IRC19:34
*** ParsectiX has quit IRC19:35
*** ParsectiX has joined #openstack-ironic19:35
*** jcoufal has quit IRC19:37
openstackgerritNisha Agarwal proposed openstack/ironic: ironic port deletion fails even if node is locked by same process  https://review.openstack.org/16186119:39
*** achanda has joined #openstack-ironic19:40
openstackgerritSirushti Murugesan proposed openstack/ironic: Adds support for deploying whole disk images  https://review.openstack.org/15014219:51
*** gridinv has joined #openstack-ironic19:53
openstackgerritSirushti Murugesan proposed openstack/ironic: Adds support for deploying whole disk images  https://review.openstack.org/15014219:59
*** spandhe has quit IRC20:08
*** anderbubble has joined #openstack-ironic20:12
openstackgerritNisha Agarwal proposed openstack/ironic: iLO implementation for hardware inspection  https://review.openstack.org/15159620:14
*** gridinv has quit IRC20:17
*** jmccrory has quit IRC20:21
*** achanda has quit IRC20:21
*** romcheg has joined #openstack-ironic20:24
*** jcoufal has joined #openstack-ironic20:31
openstackgerritNisha Agarwal proposed openstack/python-ironicclient: enhanced node-set-provision-state  https://review.openstack.org/14880420:34
*** Marga_ has quit IRC20:59
*** achanda has joined #openstack-ironic21:01
*** Marga_ has joined #openstack-ironic21:03
*** dhellmann has quit IRC21:21
*** dhellmann has joined #openstack-ironic21:22
*** dhellmann has quit IRC21:23
*** dhellmann has joined #openstack-ironic21:24
*** dhellmann has quit IRC21:24
*** dhellmann has joined #openstack-ironic21:25
*** dhellmann has quit IRC21:28
*** dhellmann has joined #openstack-ironic21:29
*** chlong has joined #openstack-ironic21:38
*** gridinv has joined #openstack-ironic21:39
*** jamielennox has joined #openstack-ironic21:48
jamielennoxcan anyone tell me, is there an ironic specific reason that it keeps fetching new keystone tokens rather than using the user token21:49
*** igordcard has joined #openstack-ironic21:54
*** chlong has quit IRC21:56
*** jcoufal has quit IRC22:15
*** igordcard has quit IRC22:21
*** Marga_ has quit IRC22:38
*** Marga_ has joined #openstack-ironic22:43
*** igordcard has joined #openstack-ironic22:50
*** igordcard has quit IRC22:58
*** yuanying has joined #openstack-ironic23:10
openstackgerritGhe Rivero proposed openstack/ironic: Use oslo_log lib  https://review.openstack.org/15760223:11
*** andreykurilin_ has joined #openstack-ironic23:14
*** igordcard has joined #openstack-ironic23:19
*** Marga_ has quit IRC23:24
*** Marga_ has joined #openstack-ironic23:26
*** achanda has quit IRC23:34
*** chlong has joined #openstack-ironic23:35
*** achanda has joined #openstack-ironic23:36
openstackgerritGhe Rivero proposed openstack/ironic: Use oslo_log lib  https://review.openstack.org/15760223:37
jrolljamielennox: ironic api is admin-only23:41
jamielennoxjroll: any reason that wouldn't be controlled by the user having admin rights though?23:41
*** igordcard has quit IRC23:41
jamielennoxrather than having ironic get a token for the auth_token user?23:41
jrolljamielennox: the nova user?23:41
jrollI guess we should back up and figure out exactly which bits we're talking about23:42
openstackgerritGhe Rivero proposed openstack/ironic: Use strutils from oslo_utils  https://review.openstack.org/16249723:42
jamielennoxjroll: so i'm generally looking at making openstack use keystone v3 everywhere23:44
jamielennoxone of the things I did was to change how auth_token middleware was configured with v3 auth23:44
jamielennoxthis broke any service that expected auth_token middleware to be configured to use v2 auth23:44
jamielennoxironic does: https://github.com/openstack/ironic/blob/master/ironic/common/keystone.py23:45
jamielennoxnow ignoring that it doesn't cache the catalog at all, and that it does a full authentication to check the expiry date on a token23:45
jamielennoxI'm just not sure i see why it needs to use the auth_token user at all23:46
jamielennoxgiven that the 3 public functions are: get_keystone_url (should be a config option - or better yet from the catalog)23:47
jamielennoxget_service_url (should be from the catalog)23:47
jamielennoxdamn 423:47
jamielennoxget_admin_auth_token() - which *if* required should be configured independantly23:48
jamielennoxand token_expires_soon - which i haven't looked into yet but shouldn't need to do auth23:48
jrollso I'm not well versed in this and I have to leave in about 3 minutes, but23:49
jrollwe use tokens for a few things:23:49
jroll1) validating inbound tokens23:49
jroll2) configuring DHCP through neutron23:49
*** andreykurilin_ has quit IRC23:49
jroll3) getting image properties and downloading images from glance23:50
jroll4) uploading blobs to swift23:50
jamielennoxcool - so 1 should be handled by auth_token middleware23:50
jroll5) passing a token to deploy ramdisks on the bare metal machines, so they can talk to the ironic API23:50
jroll(I think that's it)23:50
jamielennoxnumber 2 i've got covered: https://review.openstack.org/#/c/162037/23:50
jamielennox5 is interesting23:51
jroll5 is really horrible and makes me sad23:52
jamielennoxit almost feels like 5 should be a message bus call rather than API with token23:52
jamielennoxor something else entriely23:52
jamielennoxclient certs?23:52
jrollclient certs are likely the most reasonable23:52
jrollit's all horrible, because this info is passed through DHCP23:52
jamielennoxso 3 and 4 i guess are what i'm looking at23:53
jrollwhich is pretty insecure, although the time it's available is short and it's restricted to a particular MAC address23:53
jamielennoxessentially what I guess i want to figure out is do i just add a new section to the ironic config for adding user details to talk to keystone23:53
jamielennoxor should i actually try and figure out what the auth is doing here, and whether we can just replace it with the user token23:53
jamielennoxthe first option being essentially what i did for neutron23:53
jrollyeah, I'm leaning toward the first, most of this is admin stuff, not user-exposed stuff23:54
jrollI gotta run; what timezone are you in?23:54
jamielennoxsydney23:54
jamielennox11am23:55
jrollmmm, ok23:55
jrollI'm west coast US... pop in here tomorrow morning and we can chat?23:55
jamielennoxsure23:55
jamielennoxif you're leaning towards the just replace option then that's much easier23:55
jamielennoxi was starting that patch when i thought i should come in and ask instead23:55
jamielennoxbecause the auth in common/keystone is a little basic23:56
jrollyeah, though I'm not sure of all the implications23:56
jrollI also don't have keystone v3 in my prod environment, so I'm nervous :)23:56
jamielennoxjroll: i've never touched ironic and i don't understand most of it :)23:56
jamielennoxuntil now23:56
jrollheh, same with me for keystone :P23:57
jrollbut not having v2 support would be a huge pain for me :P23:57
jamielennoxjust to clarify though - it wouldn't be a force up to keystone v3, you'd still be able to configure v2 and if that works then v3 would just be a few different options23:57
jamielennoxi'm trying to make all this transparent to the services23:58
jrollok, awesome23:58
jrolllet's talk tomorrow when smarter people than I are around then :)23:59
jamielennoxsounds good23:59
jamielennoxnight23:59
jrollsee ya23:59
« Saturday, 2015-03-07 Index Monday, 2015-03-09 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!