Wednesday, 2018-05-16

« Tuesday, 2018-05-15 Index Thursday, 2018-05-17 »
*** rloo has quit IRC00:11
*** exodusftw has joined #openstack-ironic00:18
*** akhilaki has quit IRC00:32
*** linhnm has joined #openstack-ironic00:33
openstackgerritMark Hamzy proposed openstack/bifrost master: pip version 10 will not uninstall system packages  https://review.openstack.org/56871901:05
*** phuongnh has joined #openstack-ironic01:10
*** tiendc has joined #openstack-ironic01:11
*** r-daneel has quit IRC01:30
*** gyee has quit IRC01:38
*** zhangfei has joined #openstack-ironic01:44
*** gyankum has joined #openstack-ironic01:55
*** hemna_ has quit IRC01:59
*** trungnv has quit IRC02:03
*** phuongnh has quit IRC02:03
*** phuongnh has joined #openstack-ironic02:03
*** linhnm has quit IRC02:03
*** trungnv has joined #openstack-ironic02:03
*** rbudden has joined #openstack-ironic02:11
*** rbudden has quit IRC02:38
*** tuanla____ has joined #openstack-ironic03:00
*** baoli has joined #openstack-ironic03:07
*** baoli has quit IRC03:12
*** baoli has joined #openstack-ironic03:12
*** gyankum has quit IRC03:20
*** baoli has quit IRC03:24
*** rajinir has quit IRC03:39
*** links has joined #openstack-ironic03:41
*** fragatina has quit IRC03:46
*** gyankum has joined #openstack-ironic04:10
*** fragatina has joined #openstack-ironic04:11
openstackgerritMark Hamzy proposed openstack/bifrost master: pip version 10.0.0b1 will not uninstall system packages  https://review.openstack.org/56871904:22
*** zhangfei has quit IRC04:36
*** dtantsur|afk has quit IRC04:38
openstackgerritzenghui.shi proposed openstack/ironic master: Change exception msg of BIOS caching  https://review.openstack.org/56819304:38
*** zhangfei has joined #openstack-ironic04:38
*** sapd has quit IRC05:17
*** diga has joined #openstack-ironic05:25
*** diga has quit IRC05:32
*** jtomasek has joined #openstack-ironic05:36
*** marios has joined #openstack-ironic05:43
*** fragatina has quit IRC05:55
*** fragatina has joined #openstack-ironic05:55
*** mjura has joined #openstack-ironic05:55
*** sapd has joined #openstack-ironic05:56
*** lucas-afk has quit IRC06:05
*** lucasagomes has joined #openstack-ironic06:07
*** hjensas has quit IRC06:15
*** rbartal has joined #openstack-ironic06:20
*** livelace has joined #openstack-ironic06:26
*** ltomasbo has joined #openstack-ironic06:34
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861606:36
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861606:47
*** hjensas has joined #openstack-ironic06:55
openstackgerritzenghui.shi proposed openstack/ironic master: Change exception msg of BIOS caching  https://review.openstack.org/56819306:57
*** tuanla____ has quit IRC07:04
*** trungnv has quit IRC07:04
*** tiendc has quit IRC07:04
*** phuongnh has quit IRC07:04
*** phuongnh has joined #openstack-ironic07:04
*** tuanla____ has joined #openstack-ironic07:04
*** tiendc has joined #openstack-ironic07:04
*** trungnv has joined #openstack-ironic07:05
*** ajya has joined #openstack-ironic07:09
*** rcernin has quit IRC07:10
*** tesseract has joined #openstack-ironic07:17
*** AlexeyAbashkin has joined #openstack-ironic07:42
*** jaypipes has quit IRC07:50
*** jaypipes has joined #openstack-ironic07:51
*** milan has quit IRC07:51
*** mikal_ has joined #openstack-ironic07:57
*** mikal has quit IRC07:59
*** dims has quit IRC07:59
*** dims has joined #openstack-ironic08:02
*** mgoddard has joined #openstack-ironic08:03
vdrokgood morning ironic08:07
*** dims has quit IRC08:07
*** dims has joined #openstack-ironic08:07
*** dougsz has joined #openstack-ironic08:15
*** livelace has quit IRC08:26
openstackgerritWill Szumski proposed openstack/ironic-python-agent master: rework ATA secure erase  https://review.openstack.org/55775508:37
*** derekh has joined #openstack-ironic08:41
*** MattMan has quit IRC08:41
*** MattMan has joined #openstack-ironic08:42
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861608:43
olivierb-thanks TheJulia and jroll for looking into this, no more luck this morning after recheck, same "errors"08:43
olivierb-I've seen that the other patch you launched recheck on also failed :-(08:44
olivierb-so I am assuming that this is most probably not related to the patches themselves08:47
olivierb-I have also noted that etingof just launched a recheck on the same patch as I am writing, will see if this gets better on his side08:50
olivierb-good morning vdrok08:50
etingofgood morning olivierb- vdrok o/08:50
vdrokmorning olivierb- and etingof08:50
*** milan_ has joined #openstack-ironic08:55
*** links has quit IRC09:07
*** jistr has quit IRC09:09
*** jistr has joined #openstack-ironic09:12
*** links has joined #openstack-ironic09:23
*** pmannidi has quit IRC09:27
*** serlex has joined #openstack-ironic09:34
*** zhangfei has quit IRC09:37
*** dtantsur has joined #openstack-ironic09:43
dtantsurmorning ironic09:44
dtantsurmy bouncer was down, please repeat any pings09:44
etingofdtantsur, \o09:49
openstackgerritMerged openstack/ironic master: Mark xclarity password as secret  https://review.openstack.org/56763709:53
*** zhangfei has joined #openstack-ironic09:55
openstackgerritMerged openstack/ironic-ui master: Add release notes link to README  https://review.openstack.org/56845409:58
*** racedo_ has quit IRC10:03
*** racedo has joined #openstack-ironic10:04
*** sapd has quit IRC10:10
*** sapd has joined #openstack-ironic10:11
*** phuongnh has quit IRC10:21
*** jaganathan_ has quit IRC10:26
*** e0ne has joined #openstack-ironic10:39
*** links has quit IRC10:44
openstackgerritIlya Etingof proposed openstack/ironic master: Adds boot mode support to ManagementInterface  https://review.openstack.org/52677310:49
*** links has joined #openstack-ironic10:58
*** lucasagomes is now known as lucas-hungry11:04
olivierb-etingof no more luck for you after recheck I see :-(11:12
*** zhangfei has quit IRC11:27
*** rh-jelabarre has joined #openstack-ironic11:34
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861611:37
*** tuanla____ has quit IRC11:39
*** jcoufal has joined #openstack-ironic11:50
*** ae1280 has joined #openstack-ironic11:53
*** trown|outtypewww is now known as trown11:59
*** lucas-hungry is now known as lucasagomes12:09
*** dprince has joined #openstack-ironic12:16
*** hshiina is now known as hshiina|afk12:21
*** ae1280 has quit IRC12:21
TheJuliagood morning12:22
etingofTheJulia, \o12:22
dtantsurmorning TheJulia12:23
dtantsurTheJulia: how is this morning looking with regards to release ironic-inspector and/or ironic master? :)12:23
TheJuliaI was really hoping to get power fault recovery in for a release of ironic master12:24
TheJulialike... really really really hoping12:24
TheJuliawhy do you ask?12:24
dtantsurTheJulia: we haven't done their releases in Rocky yet, which goes against our promise to release often12:25
dtantsurI think ironic-inspector (maybe IPA/ironic-lib) may be ready, even if ironic is not12:25
TheJuliaagreed, ironic-lib gate may be broken at the moment12:26
dtantsurugh12:26
TheJuliahamzy seem sto have an interesting approach with https://review.openstack.org/#/c/568719 additional bifrost opinions would be good12:27
patchbotpatch 568719 - bifrost - pip version 10.0.0b1 will not uninstall system pac...12:27
dtantsurI'll request ironic-inspector then and look at IPA12:28
TheJuliaipa may be good if we land the rescue  bug fix and perhaps the ata erasing improvement changes12:28
TheJuliaI've not looked at the ata erase change yet12:28
dtantsurright, rescue is worth landing for sure12:29
TheJulialooks like ironic-lib now takes an extra 20-30 minutes to run....12:30
olivierb-good morning TheJulia12:32
hamzyyeah I didn't know how y'all would feel about that, but given that the get pip script serves version 10.0.1 I figure we need to do something12:33
TheJuliahamzy: we also need to switch over to virtualenvs by default12:33
sambetts|afkTheJulia: is it possible to no use the virtualenvs and just use the --user option instead?12:34
*** sambetts|afk is now known as sambetts12:34
TheJulianot really, --user requires that services can reach into the user's folder12:34
TheJuliawe've seen it try to do that before with people installing as root12:35
sambettsI was thinking more "pip install --user ironic" when ironic runs as user ironic12:35
sambettsman there were a lot of ironics in that sentence12:35
TheJuliaheh12:35
TheJuliaThat might work actually, but any dependencies for command lines might be an issue12:36
TheJuliaalso, we may have to do some duplicate dependency installs12:36
*** mjura has quit IRC12:36
*** mjura has joined #openstack-ironic12:37
sambettsyeah :/ I'm not 100% on what the implications of it are, I only learned about --user the otherday by being very confused by bifrosts env-setup.sh script12:37
openstackgerritJulia Kreger proposed openstack/ironic-lib master: Slightly increase job timeouts  https://review.openstack.org/56882812:37
TheJuliahmmm12:39
TheJuliaso I think i found the ironic-lib issue, not sure what actually cauesd the break12:39
TheJulialooks like it last worked on the 23rd of april when eventlet was uncapped12:46
*** r-daneel has joined #openstack-ironic12:47
*** Goneri has joined #openstack-ironic12:51
openstackgerritIlya Etingof proposed openstack/ironic master: Adds boot mode support to ManagementInterface  https://review.openstack.org/52677312:51
TheJuliaWell, extending that timeout might help some, looks like we're definitely still deploying from a scenario when things go sideways12:52
TheJuliain the form of the job ending12:52
TheJulialooks like tinyipa took about 20  minutes to build....12:57
openstackgerritMark Hamzy proposed openstack/bifrost master: pip version 10.0.0b1 will not uninstall system packages  https://review.openstack.org/56871912:59
sambettsTheJulia: woah... that shouldn't take that long... it was ~2-3min before12:59
dtantsurOo13:00
*** tiendc has quit IRC13:01
*** rloo has joined #openstack-ironic13:02
TheJuliasambetts: download retries it looks like it... we've seen it before  :(13:07
TheJuliaThere may be something else going on, I can't be sure with how massive the logs are becuase it is getting killed in flight. :(13:08
TheJuliaI guess only time will tell13:08
openstackgerritRuby Loo proposed openstack/ironic-specs master: Use node.fault field for power fault recovery work  https://review.openstack.org/56862713:10
*** rbudden has joined #openstack-ironic13:12
*** derekh has quit IRC13:12
*** derekh has joined #openstack-ironic13:12
*** r-daneel_ has joined #openstack-ironic13:15
olivierb-I've got an interesting  write_image.sh failure case that I'd like to discuss. I know it's a "side effect" of the way I re-provision baremetal nodes so that the iPXE timeout failures do not go back to previously provisioned HDD install but may be this is still something you'll want me to fix13:15
olivierb-so the story now13:15
olivierb-1st provisioning of machine A went fine and I ended up with a perfectly working image using GPT13:16
*** r-daneel has quit IRC13:16
*** r-daneel_ is now known as r-daneel13:16
olivierb-as I want to re-provision the SAME machine (because I forgot to add something or I messed up its current contents) I 'clear' the MBR data using a dd if=/dev/zero bs=1025 count=1 of=/dev/sda13:17
openstackgerritJulia Kreger proposed openstack/ironic-python-agent master: rework ATA secure erase  https://review.openstack.org/55775513:18
olivierb-I know this is bad but it used to work with MBR partitioning so that in case of iPXE timeout the BIOS does not go back to HDD boot mode13:18
TheJuliamgoddard: dtantsur: ^^^^ lgtm, I fixed the commit message so links/tracking works since I don't think storyboard handles lists13:18
dtantsurk13:19
olivierb-when I say it used to work, it means that re-provisioning the 2nd time (after all other cleanups in ironic DB and others of course) worked well also13:19
olivierb-now with GPT I get the following error which I think could be fixed13:19
TheJuliadtantsur: mgoddard: it occurs to me that it is very likely reno worthy....13:19
dtantsur++13:19
TheJuliaI think a quick reno-only patch is fine if someone wants to craft it real quick13:20
* dtantsur is busy making sense of tripleo SSL support....13:20
TheJuliafun13:20
* TheJulia does it13:21
olivierb-https://gist.github.com/obourdon/6dc68a3e8253be3380be98887c3423da13:21
olivierb-what are your thoughts on this please ?13:21
mgoddardTheJulia: agreed, I'll let Will know13:22
TheJuliamgoddard: oh, if will wants to do it that is even better13:22
TheJuliaolivierb-: I thought we were wiping the secondary partition table copy in ironic-lib... but I guess not. :\13:23
mgoddardTheJulia: Will is jovial[m] btw13:23
TheJuliathats a bug if we are not, and that not being done would explain the above error if you redeployed without a complete wipe13:23
TheJuliajovial[m]: Greetings!13:23
olivierb-TheJulia exactly what I was thinking13:24
*** hjensas has quit IRC13:26
TheJuliadtantsur: you might want to pull your wf-1 from 555708 just to not block updates moving forward. I removed my +213:27
dtantsurTheJulia: I assumed wf-1 does not block updates (unlike -2), but I can13:27
TheJuliadtantsur: a while back I remember tests not running on new uploads13:27
dtantsurugh. okay, removed13:27
TheJuliabut I was more thinking from a signaling standpoint that the contributor can continue refactoring13:28
dtantsurright13:29
jovial[m]TheJulia:  hey, I'll get that release note sorted13:31
TheJuliajovial[m]: just fyi, i updated the commit message story/task tagging so it links correctly13:31
jovial[m]TheJulia: thanks, I'm still learning the ropes :)13:32
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861613:34
*** Arkady has joined #openstack-ironic13:36
*** Arkady has quit IRC13:36
*** Arkady has joined #openstack-ironic13:36
*** baoli has joined #openstack-ironic13:40
TheJuliaI replied to the power fault recovery spec with my thoughts on trying to guess for upgrades13:42
TheJuliatl;dr I'm very much against the idea13:42
*** cjloader has joined #openstack-ironic13:47
jrollmorning y'all13:48
rlooTheJulia: I am fine with not trying to guess. To be clear, when upgrading a node that is already in maintenance, you would like node.fault = None, not node.fault='unknown'?13:48
rlooGood morning jroll, TheJulia, dtantsur, jovial[m], olivierb- and all the other great ironic'ers out there13:49
TheJuliajroll: correct, that way it looks like the operator has explicitly chosen to keep the node in maintenance and we just have a doc note saying "you may want to reconcile nodes you have in maintenance state"13:49
olivierb-monring rloo13:49
openstackgerritWill Szumski proposed openstack/ironic-python-agent master: Add a release note for secure erase changes  https://review.openstack.org/56885113:52
rlooTheJulia: well, that is fine with me. but it is hard for the operator to reconcile the nodes (if i understand what you mean). Say ironic had put the node in maintenance cuz of power-fault. after upgrade, node.fault=none. The operator would have to take the node out of maintenance, in order for the new code to kick in and at some point put it into maintenance with fault=power failure.13:52
rlooTheJulia: is that what you mean?13:52
* jroll assumes TheJulia was talking to rloo :)13:52
* rloo assumes that too :)13:53
jrollI think I agree - any pre-upgrade nodes in maintenance should be in whatever fault type is equivalent to being manually set13:53
jrollindicate ironic cannot fix it and the operator should13:53
dtantsurmorning rloo, jroll13:54
jroll\o dtantsur13:54
rloojroll: 'should be in whatever fault type' -- we don't know if/what fault type they were in13:54
rloojroll: so we're just going to assume node.fault=None13:55
dtantsurjroll: do you remember the reason to make image_checksum mandatory in the direct deploy? I mean, it's a good idea to provide them, but why are we forcing it?13:55
TheJuliarloo: exactly and that is kind of what I think we should be doing.13:55
jrollrloo: I mean, we should set the fault type which is equivalent to manual (None I guess?), during the upgrade, for any nodes that were in maintenance mode before the upgrade13:55
rloojroll: ok, got it. that jives with TheJulia.13:55
jrollI think we're saying the same thing :)13:55
jrollcool13:55
rloodtantsur: you ok with that? ^^13:56
dtantsurfine with me13:56
TheJuliadtantsur: validate that the image was not tampered with in transit13:56
rloothx, i'll update spec in a few min13:56
TheJuliarloo: thanks13:56
dtantsurTheJulia: that's rather what HTTPS is for.. and without HTTPS image_checksum can be tampered in transit13:56
jrolldtantsur: it was designed to work with glance/swift, which always has a checksum, we weren't doing arbitrary http servers before this13:56
TheJuliadtantsur: even with https, MitM is still a valid attack for corporate infratucture13:57
jrolland even with https, downloads can be corrupted13:57
dtantsuryep, I get why we may want to use it, but why make it mandatory?13:57
TheJuliathat as well13:57
dtantsurlike, we don't mandate https13:57
jrollI will never not use a checksum but not opposed to making it optional13:57
jrolldtantsur: we were guaranteed to have a checksum when the code was written13:57
jrollnothing more nothing less :)13:58
dtantsurI'm working on a deployment tool, so I'm thinking of why certain things are mandatory :)13:58
jrollright, this wasn't written to support standalone ironic and such13:58
TheJuliaI think it is good security practice to enforce an api user to submit the known-good checksum13:58
dtantsurTheJulia: well, so it forcing https13:58
TheJuliathat allows them to essentially mark a checkbox13:59
dtantsurs/it/is/13:59
TheJuliadtantsur: no, that doesn't actually protect it if I'm a corporation with an appropriate ssl certificates that is doing transparent proxying13:59
*** mjturek has joined #openstack-ironic13:59
dtantsurhmm, why? assuming you don't give your certificates to everyone?13:59
TheJuliaThat is just protecting endpoint to endpoint, not the contents inside13:59
dtantsuralso note that md5 is no longer secure14:00
dtantsurwell, if we can authenticate the HTTP server, we can authenticate contents on it, no?14:00
TheJuliaTrue, I was thinking about that recently I'm just not sure which way we should go because we should realistically support a number of checksum methods and that would be overly burdonsome if therew as no hint14:00
dtantsurwith actually secure algorithms?14:00
dtantsurso, I'm writing a tool that can take an https location and deploy from it14:01
dtantsurand I don't know where to *reliably* take a checksum from if a user does not know it14:01
dtantsur(tripleo does not IIRC)14:01
TheJuliaso if we're doing a CRL lookup on the client to verify that the server has not been revoked, and that the server metadata is exactly what we expect, I think it would be reasonable... but we're talking like checking the common name field in the cert14:01
dtantsurwell, given that without https anyone can overwrite the checksum on wire14:02
dtantsurit does not make sense to talk about the checksum before we got https in place14:02
TheJuliaand with crafted/special certs, they can still sit on the wire and do it :(14:02
* jroll suddenly regrets making the field "checksum" instead of "md5"14:03
TheJuliaheh14:03
TheJuliaI guess we could make it optional if we're pulling from a https endpoint, and maybe there are something like the OWASP docs that cover the attack vectors operators should be mindful of14:04
dtantsursure, so it's not really a security measure14:04
dtantsurso14:04
TheJuliai.e. they might want to pull from a local server with verified contents14:04
dtantsurplease14:04
dtantsurchecksums are NOT for security14:04
dtantsurlet's please never aware put in the docs anything assuming that14:05
TheJuliacontent integrety which is still security14:05
dtantsurnot security people think of14:05
dtantsursecurity from wire problems, not from intruders14:05
TheJuliatrue, the entire perception has changed over the last decade14:05
dtantsur1. md5 is broken, 2. we pass the checksum through the same channel as the image14:05
jrollimage location* :)14:05
jrollthe URL for the image comes from ironic, the image itself does not14:06
TheJuliaSame channel? I'm not sure that is correct14:06
dtantsurwell, it's the same HTTP(s) at least14:06
jrollno?14:06
dtantsurand jroll is right, we also pass the image URL with the checksum14:07
TheJuliadoesn't have to be14:07
dtantsurso it's enough to intersect this packager14:07
dtantsur* package14:07
TheJuliaThat is true, I'm thinking content14:07
jrollironic passes image URL and checksum to the agent, agent pulls down URL14:07
*** rajinir has joined #openstack-ironic14:07
dtantsurright, and if agent cannot verify TLS certificates, the image can be forged just as well14:07
jrollthe attacker would need API/DB access to ironic, or direct HTTP access to the agent, to modify the checksum14:07
TheJuliaIndeed, and if someone is between the conductor and the agent, then there is relaly nothing we can do, the risk exists outside of the local environment14:08
*** gyankum has quit IRC14:09
* jroll wonders how burdensome it is for standalone users to get the checksum, doesn't seem like it should be much work14:09
TheJuliait really is not hard14:09
jrollthis makes me less eager to make it optional14:09
TheJuliaI think for ansile we end up using the stat module to hand us checksums back14:09
TheJuliaansible14:09
jrollright14:10
jrollit's slightly harder without having the image locally, but still just a curl | md5sum14:10
TheJuliabut we also control the scenario with local images, remote images requires an additional download or the checksum published which while even insecure, they are often still published along with the newer hash algorithm values14:10
jrollI swear I remember a patch to support multiple algorithms somewhere14:11
TheJuliaI think there was one for sha1 at one point in time14:11
TheJuliabut we allso had support for rolling checksums on raw files *blink* *blink*14:12
jrollthat one was fun to write :)14:12
dtantsurTheJulia: well, depends on whether you have the image locally...14:12
jrollit's still there14:12
dtantsurjroll: ^^^14:12
dtantsurif the image is not local, you need to pull it and calculate the checksum14:12
dtantsurwhich kind of defeats the purpose14:12
jrollsure14:12
dtantsurbut it's what I'll have to do, apparently14:12
dtantsurOR expect a checksum in a file with .md514:13
dtantsurwhich may be a saner idea14:13
TheJuliabut it does kind of make sense to spin up a local server to serve that file so your also not crossing wan links (granted, this is 2018, not 2001 with a T1 line terminated next to a rack of servers)14:13
mjturekhey ironic -  can anyone help me understand where drivers.modules.agent.reboot_to_instance https://github.com/openstack/ironic/blob/master/ironic/drivers/modules/agent.py#L263 is called?14:13
*** mjturek has quit IRC14:13
*** mjturek has joined #openstack-ironic14:13
jrollmjturek: that might be a record for "ask question and leave" :P14:13
TheJuliajroll: indeed!14:14
vdrok:D14:14
dtantsurTheJulia: it's local, but it does not have to be on the same machine as a user14:14
*** mjturek has quit IRC14:14
*** mjturek has joined #openstack-ironic14:14
dtantsurthink a dev using her laptop14:14
jrollmjturek: https://github.com/openstack/ironic/blob/1588fd28a5b7ee2fa0c3d512db28d7d0c94b4447/ironic/drivers/modules/agent_base_vendor.py#L31714:14
TheJuliadtantsur: I guess for file integrety, expecting a checksum file along side is likely a sane thing. It does not help guard against that file changing and an operator blocking a rebuild if the file has changed, but I'm not sure how valid that is of a concern or side effect of a feature in a sense14:15
mjturekjroll - thanks! I saw this call, so that means reboot_to_instance only happens if something goes wrong?14:16
mjturekI'm wondering about it because it seems to be the only path leading to install_bootloader (https://github.com/openstack/ironic/blob/1588fd28a5b7ee2fa0c3d512db28d7d0c94b4447/ironic/drivers/modules/agent_base_vendor.py#L710)14:17
jrollmjturek: ah, the `msg` bit there is confusing - that's the exception message if and only if an exception is raised in that block (or in other words, in reboot_to_instance())14:17
jrollmjturek: but, we call reboot_to_instance() when the agent checks in and we find the deploy is done14:17
*** baha has joined #openstack-ironic14:17
jrollthat `msg` variable is only used here: https://github.com/openstack/ironic/blob/1588fd28a5b7ee2fa0c3d512db28d7d0c94b4447/ironic/drivers/modules/agent_base_vendor.py#L34114:17
mjturekahhhhhh got it - yeah that makes total sense14:18
mjturekthanks jroll!14:18
* jroll would approve a patch to clarify that with a comment, I've also gotten stuck on that14:18
jrollwelcome :)14:18
mjtureklol well that makes me feel better14:18
jrolldtantsur: anyway, I'm not strictly opposed to it, but I would like to find a way to warn someone that they shouldn't do this, and make it easy to troubleshoot when bits get flipped in transit14:19
TheJuliabit flipping in transit is less likely to occur with https since most algorithms do a chained block checksum14:20
*** r-daneel has quit IRC14:20
TheJuliaso a raw wire bit flip would cause a retransmisison or kill the connection depending on how the client library responds14:21
jrollor flipped in memory, or whatever, you get the point :)14:21
TheJuliayeah, a little less likely...14:21
openstackgerritMerged openstack/ironic-python-agent master: Rescue bug: tinyipa fails to acquire IP in multitenant env  https://review.openstack.org/56627914:21
* TheJulia hasn't seen on-wire bit flipping in a long time14:22
openstackgerritRuby Loo proposed openstack/ironic-specs master: Use node.fault field for power fault recovery work  https://review.openstack.org/56862714:22
* TheJulia reminisces and wonders if that caused the recruiter to email her about things that hasn't been published on her resume in quite a while14:26
TheJuliaokay... where did my mind go14:28
etingofdtantsur, shall we?14:30
*** rbartal has quit IRC14:38
openstackgerritchandra shekar proposed openstack/ironic-specs master: Added new spec for L3 based Ironic deployment  https://review.openstack.org/54393614:38
*** r-daneel has joined #openstack-ironic14:38
TheJuliaHeh, and I just reviewed that one :)14:39
TheJuliaThat one might be interesting for some folks14:40
*** Alexey_Abashkin has joined #openstack-ironic14:44
*** AlexeyAbashkin has quit IRC14:46
*** Alexey_Abashkin is now known as AlexeyAbashkin14:46
NobodyCamGood Morning Boot'ers14:47
NobodyCamieek Good Morning Ironic'ers14:47
NobodyCam:p14:47
* NobodyCam needs coffee14:47
*** rbudden has quit IRC14:48
openstackgerritJim Rollenhagen proposed openstack/ironic master: Remove endpoint_type from configuration  https://review.openstack.org/56762814:54
TheJuliaI sitll have not had coffee14:54
TheJuliawhat is wrong with me?!?!?!?14:54
dtantsurOo14:55
dtantsurmorning NobodyCam14:55
NobodyCamMorning TheJulia and dtantsur :)14:55
jrollTheJulia: I'm going to have summer rig something up to only allow your computer to unlock after coffee14:55
jrollmorning NobodyCam :)14:55
NobodyCammorning jroll oh kinda like the stop drunk text apps?14:56
NobodyCamI bet that would sell14:56
NobodyCam:)14:56
jrolllol yes!14:56
TheJuliajroll: that is MEAN! :(14:57
NobodyCam:p14:57
TheJuliahttps://media0.giphy.com/media/5z2fwa90BkWOc/200w.webp14:58
jrollTheJulia: heh, it's a rule I live by, it makes life much better, promise :)14:58
*** links has quit IRC14:58
NobodyCam:)14:59
*** mjura has quit IRC15:00
* TheJulia thinks a wawa run is in order after the current meeting15:03
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861615:05
openstackgerritJim Rollenhagen proposed openstack/ironic master: Remove endpoint_type from configuration  https://review.openstack.org/56762815:11
jrollI think this should be good to go now ^15:11
TheJuliaawesome15:13
olivierb-I have a side question that may be you might shed some light on here. Due to some issue in some baremetal infrastructures due to iPXE/DHCP timemouts, I have produced a binary version of undionly.kpxe which includes debugging message for switches "bad"behaviour detection and more dhcp retries. In bifrost either you take it from the distro in /usr/lib/ipxe or via get_url on ipxe.org/downloads. So my question if you had to put this15:29
olivierb- new binary to a "standard" downloadable place, where would you shoot for ? gist-like, dropbox, ... ? thanks15:29
*** hemna_ has joined #openstack-ironic15:29
TheJuliaolivierb-: a standard downloadable place that can be retrieved fo ryour deployments should be good, if memory serves if the url exists we override and collect it from there, but that was also written a long time ago15:31
*** ajya has quit IRC15:32
*** ajya has joined #openstack-ironic15:32
openstackgerritKaifeng Wang proposed openstack/ironic master: Implements baremetal inspect abort  https://review.openstack.org/56568715:33
*** gyankum has joined #openstack-ironic15:39
*** ajya3 has joined #openstack-ironic15:41
*** ajya has quit IRC15:41
*** hemna_ has quit IRC15:42
*** hemna_ has joined #openstack-ironic15:43
*** etingof is now known as etingof|brb15:46
TheJuliadtantsur: going back to the earlier discussion, if we added something along the lines of "image_checksum_url", which maybe could be inferred, that would allow the deployer to make the explicit decision to trust something remotely...15:47
dtantsurTheJulia: maybe even support URLs in image_checksum?15:47
*** v12aml has quit IRC15:51
*** fragatina has quit IRC15:57
rloobtw, TheJulia, wrt releasing ironic. It is OK to release ironic, then release it again after the power-fault-recovery is in. What I don't want is to release later this week (maybe today is already too late), right before the summit.15:59
TheJuliadtantsur: urls could definitely work, and we could also hav elogic that determines the type of checksum16:00
TheJuliathe visibility value right before summit is new shiny features... On a plus side, we've fixed lots of bugs16:02
*** marios has quit IRC16:04
TheJuliadtantsur: supporting gpg signed files would be super awesome16:05
dtantsur++16:05
*** baha has quit IRC16:06
*** milan_ has quit IRC16:07
*** v12aml has joined #openstack-ironic16:08
*** fragatina has joined #openstack-ironic16:12
*** rbudden has joined #openstack-ironic16:12
*** akhilaki has joined #openstack-ironic16:16
*** akhilaki has quit IRC16:16
*** akhilaki has joined #openstack-ironic16:17
*** dprince has quit IRC16:24
*** gyee has joined #openstack-ironic16:29
*** fragatina has quit IRC16:32
sambettsdtantsur, TheJulia: this has been something I've been working on https://review.openstack.org/#/c/565474/16:33
patchbotpatch 565474 - ironic - [WIP] Direct deploy serve HTTP images from conductor16:33
sambettsregarding downloading remote files16:33
dtantsurinteresting! so you can also re-calculate checksums, I guess?16:34
sambettsdtantsur: currently the patch maintains the existing checksum either from glance or from user all the way through to ensure that nothing gets conrrupted during the process, however if we enable force raw images for this work, then the conductor will need to confirm the checksum after downloading and then recalculate for the raw image after conversion16:36
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861616:36
openstackgerritDmitry Tantsur proposed openstack/sushy-tools master: Clean up unused items from templates  https://review.openstack.org/53826816:44
openstackgerritDmitry Tantsur proposed openstack/sushy-tools master: Support EthernetInterface resource in the emulator  https://review.openstack.org/53833816:44
*** dprince has joined #openstack-ironic16:45
*** Arkady has quit IRC16:49
*** links has joined #openstack-ironic16:54
*** baha has joined #openstack-ironic16:55
*** dougsz has quit IRC16:56
*** fragatina has joined #openstack-ironic16:58
*** fragatina has quit IRC16:58
dtantsursee you tomorrow16:58
*** dtantsur is now known as dtantsur|afk16:58
*** fragatina has joined #openstack-ironic17:01
*** derekh has quit IRC17:01
*** fragatina has quit IRC17:02
*** fragatina has joined #openstack-ironic17:02
TheJuliagoodnight dtantsur|afk17:03
*** mgoddard has quit IRC17:04
*** jcoufal_ has joined #openstack-ironic17:10
*** trown is now known as trown|lunch17:11
*** jcoufal has quit IRC17:13
*** links has quit IRC17:16
*** AlexeyAbashkin has quit IRC17:16
*** etingof|brb is now known as etingof17:21
*** ajya3 has quit IRC17:22
*** tesseract has quit IRC17:27
*** racedo has quit IRC17:34
*** hjensas has joined #openstack-ironic17:34
*** rh-jelabarre has quit IRC17:41
openstackgerritWill Szumski proposed openstack/ironic-python-agent master: Add a release note for secure erase changes  https://review.openstack.org/56885117:41
*** mgoddard has joined #openstack-ironic17:45
*** akhilaki has quit IRC18:06
*** rwsu has quit IRC18:13
*** sambetts is now known as sambetts|afk18:19
sambetts|afknight all o/18:19
*** gyankum has quit IRC18:24
openstackgerrityolanda.robla proposed openstack/ironic master: Add Node BIOS support - REST API  https://review.openstack.org/51257918:33
openstackgerritJulia Kreger proposed openstack/ironic-lib master: Slightly increase job timeouts  https://review.openstack.org/56882818:34
openstackgerrityolanda.robla proposed openstack/ironic-tempest-plugin master: Add manual clean step ironic standalone test  https://review.openstack.org/56861618:35
*** serlex has quit IRC18:36
*** trown|lunch is now known as trown18:44
openstackgerritMerged openstack/ironic master: Fix E501 errors  https://review.openstack.org/56702818:46
*** prometheanfire has joined #openstack-ironic18:51
*** etingof is now known as etingof|afk18:51
prometheanfirewhat ironic-python-agent version do I need to use to support partition images?18:51
jrollprometheanfire: something like liberty, iirc18:52
jrollit was pretty early18:52
prometheanfireERROR ironic.drivers.modules.agent [-] Command result did not return root_uuid for node 6417aeed-adf4-4722-96f0-adf8c3e7bfa0. The version of the IPA ramdisk used in the deployment might not have support for provisioning of partition images.18:52
prometheanfirethat was pike18:52
jrollO_o18:52
jrollcould be a bug presenting incorrectly18:53
prometheanfirethat was my reaction18:53
prometheanfireI'm thinking it was gpt stuff18:53
jrollah, 1.2.0 (mid-mitaka) https://docs.openstack.org/releasenotes/ironic-python-agent/mitaka.html18:53
prometheanfireusing the block-device-gpt element18:53
prometheanfireIRONIC_AGENT_VERSION="stable/pike"18:54
jrollyar, sounds like a bug18:55
prometheanfiregonna try with block-device-mbr and queens agent19:03
*** e0ne has quit IRC19:05
*** fragatin_ has joined #openstack-ironic19:05
*** e0ne has joined #openstack-ironic19:05
*** fragatin_ has quit IRC19:07
*** fragatin_ has joined #openstack-ironic19:07
*** fragatina has quit IRC19:07
*** fragatin_ has quit IRC19:09
*** livelace has joined #openstack-ironic19:12
*** fragatina has joined #openstack-ironic19:13
openstackgerritJulia Kreger proposed openstack/ironic master: [WIP] ramdisk deploy driver  https://review.openstack.org/56894019:19
TheJuliaprometheanfire: your likely missing a binary in the ramdisk19:21
* TheJulia looks19:21
prometheanfireya, I think so19:22
prometheanfirehttps://gist.githubusercontent.com/prometheanfire/af7dba6fdefbed21bb2bb294574fceb5/raw/cf094d45955b4521c68f4c4ac766a0bc95e12310/gistfile1.txt19:22
prometheanfirethat's a mbr test19:22
TheJuliaironic 16?19:23
prometheanfireit should be pike19:23
prometheanfireoh, that's openstack ansible version19:23
TheJuliaahh19:23
TheJuliahexdump!19:24
TheJuliado you have hexdump in your ramdisk!19:24
prometheanfire?19:24
prometheanfireno clue19:24
prometheanfireI'm just using dib to build it19:25
prometheanfiredisk-image-create --install-type source -o ironic-deploy ironic-agent ubuntu block-device-mbr devuser19:25
TheJuliahmmm19:25
TheJulialooks like the case I'm thinking of is queens timeframe19:27
prometheanfirelet's try fedora instead of ubuntu19:28
prometheanfireiirc that's closer to what you test with right?19:28
TheJuliapike with a master branch ipa image... hmm19:28
TheJuliaRecently I tend to use tinyipa, at least for virtual testing19:29
prometheanfirehow do you build that image?19:30
TheJuliaoh19:30
TheJuliahold on19:31
TheJuliaoh, nevermind19:31
TheJuliathere is the old element name19:31
TheJulianevermind19:31
* TheJulia wonders why block-device-mbr.... since it is a ramdisk...19:31
TheJuliaprometheanfire: anyway, I tend to download from tarballs.o.o19:31
prometheanfiredib changed how they do disk partitioning19:31
TheJuliabut... it is not for a partition...19:32
* TheJulia sighs19:32
TheJuliaprometheanfire: there are build scripts in ironic-python-agent for both TinyCore linux and CoreOS19:33
TheJuliafwiw19:33
prometheanfirehttps://docs.openstack.org/ironic-python-agent/latest/install/index.html#diskimage-builder19:35
TheJuliayeah, should19:37
prometheanfireheh19:38
*** mgoddard has quit IRC19:43
*** jcoufal has joined #openstack-ironic19:56
*** jcoufal_ has quit IRC19:59
*** sapd_ has joined #openstack-ironic20:00
*** fanzhang has quit IRC20:01
*** fanzhang has joined #openstack-ironic20:01
*** sapd has quit IRC20:03
*** zshi has quit IRC20:09
*** e0ne has quit IRC20:18
*** dprince has quit IRC20:28
*** srart has quit IRC20:53
prometheanfireTheJulia: which package did you say was missing?21:01
prometheanfirehttps://github.com/openstack/diskimage-builder/blob/master/diskimage_builder/elements/ironic-agent/package-installs.yaml21:01
*** trown is now known as trown|outtypewww21:05
*** jcoufal_ has joined #openstack-ironic21:07
*** jcoufal has quit IRC21:10
*** Goneri has quit IRC21:14
*** akhilaki has joined #openstack-ironic21:18
*** hemna_ has quit IRC21:18
*** mjturek has quit IRC21:21
*** baha has quit IRC21:24
openstackgerritVladyslav Drok proposed openstack/python-ironicclient master: Allow to use none auth in functional tests  https://review.openstack.org/50833021:28
openstackgerritVladyslav Drok proposed openstack/python-ironicclient master: Allow to use none auth in functional tests  https://review.openstack.org/50833021:28
*** d0ugal_ has joined #openstack-ironic21:39
*** d0ugal has quit IRC21:41
openstackgerritMerged openstack/ironic-inspector stable/queens: Raise KeyboardInterrupt on SIGTERM - Workaround  https://review.openstack.org/56333721:47
prometheanfireTheJulia: think I found it21:47
prometheanfireit's checking the uuid with blkid, but that doesn't exist21:48
prometheanfirepartuuid does though21:48
prometheanfirehttps://gist.githubusercontent.com/prometheanfire/2bcf2482288fdbd8baac4282b1de61b2/raw/9d1605d254ee1d23ca9f02bf9daada1d3e1eb922/gistfile1.txt21:48
TheJuliaoh joy :(21:50
prometheanfirehttps://github.com/openstack/ironic-lib/blob/master/ironic_lib/disk_utils.py#L32921:52
prometheanfireTheJulia: that that make sense to you?21:52
*** livelace has quit IRC21:52
TheJuliakind of, by chance have you logged an issue in storyboard?21:52
prometheanfirenot yet21:53
prometheanfireJUST figured it out21:53
prometheanfirebeing able to ssh into a deploy helps21:53
prometheanfirehttps://storyboard.openstack.org/#!/project/943 ?21:54
TheJuliaokay, yup it does help a lot :(21:54
TheJuliaThat works21:54
*** cjloader_ has joined #openstack-ironic21:57
*** cjloader has quit IRC21:57
prometheanfireTheJulia: https://storyboard.openstack.org/#!/story/200205221:58
TheJuliathanks!21:58
prometheanfirerelocating now21:59
prometheanfire :D21:59
prometheanfireif the plan (fallback ID) is good with you, I'll work on it tomorrow21:59
*** cjloader has joined #openstack-ironic22:02
*** cjloader_ has quit IRC22:02
*** baoli has quit IRC22:03
jrollprometheanfire: erm, if blkid doesn't exist, why is it returning exit code 0 (presumably), and why is there no stdout/stderr?22:03
*** baoli has joined #openstack-ironic22:03
jrolloh my, I can't read22:03
jrollthat top bit looked like it was part of storyboard22:04
* jroll is fine with that plan22:04
*** hemna_ has joined #openstack-ironic22:06
*** cjloader has quit IRC22:07
*** baoli has quit IRC22:07
*** rnoriega has quit IRC22:16
*** lhinds has quit IRC22:16
*** weshay has quit IRC22:17
*** weshay has joined #openstack-ironic22:22
prometheanfirecool22:24
*** rcernin has joined #openstack-ironic22:25
*** weshay has quit IRC22:26
*** rajinir has quit IRC22:28
*** andreaf has quit IRC22:29
*** andreaf has joined #openstack-ironic22:29
*** weshay has joined #openstack-ironic22:34
*** lhinds has joined #openstack-ironic22:35
openstackgerritMerged openstack/ironic master: [devstack] Switch ironic to uWSGI  https://review.openstack.org/50706722:36
*** rnoriega has joined #openstack-ironic22:37
*** d0ugal__ has joined #openstack-ironic22:39
*** d0ugal_ has quit IRC22:41
*** rbudden has quit IRC22:47
*** pmannidi has joined #openstack-ironic23:14
*** lhinds has quit IRC23:16
*** rnoriega has quit IRC23:16
*** weshay has quit IRC23:17
*** hemna_ has quit IRC23:18
*** hemna_ has joined #openstack-ironic23:19
*** rnoriega has joined #openstack-ironic23:21
*** weshay has joined #openstack-ironic23:21
*** lhinds has joined #openstack-ironic23:23
*** rloo has quit IRC23:28
*** jcoufal_ has quit IRC23:46
*** baoli has joined #openstack-ironic23:59
« Tuesday, 2018-05-15 Index Thursday, 2018-05-17 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!