| *** k_mouza has joined #openstack-ironic | 00:01 | |
| *** k_mouza has quit IRC | 00:06 | |
| *** k_mouza has joined #openstack-ironic | 00:16 | |
| *** diurnalist has quit IRC | 00:20 | |
| *** k_mouza has quit IRC | 00:21 | |
| janders | is there an easy way of installing bifrost with ironic code from a proposed change? | 00:21 |
|---|---|---|
| janders | I wanted to have a closer look at the failures reported by CI on https://review.opendev.org/#/c/744117/ | 00:22 |
| patchbot | patch 744117 - ironic - [WIP]Generic way to configure clean step priorites - 3 patch sets | 00:22 |
| TheJulia | janders: just checkout what you want to install to your checkout folder | 00:23 |
| TheJulia | like /opt/stack/ironic | 00:23 |
| janders | neat! | 00:24 |
| janders | where does this fit in between the bifrost install steps? | 00:24 |
| janders | after env-setup but before the install? | 00:24 |
| *** baha has quit IRC | 00:57 | |
| *** baha has joined #openstack-ironic | 00:57 | |
| *** diurnalist has joined #openstack-ironic | 00:59 | |
| dking | I'm having trouble understanding the interaction between the ironic-api and ironic-conductor. It seems that ironic-conductor uses the same configuration file and are installed from the same git repo? Does it listen on it's own port, or how do they communicate? | 01:52 |
| *** diurnalist has quit IRC | 02:02 | |
| *** diurnalist has joined #openstack-ironic | 02:17 | |
| *** mkrai has joined #openstack-ironic | 02:26 | |
| *** rcernin has quit IRC | 02:27 | |
| *** gyee has quit IRC | 02:29 | |
| *** rcernin has joined #openstack-ironic | 02:30 | |
| openstackgerrit | dou proposed openstack/ironic master: Fix error word presistent in docs https://review.opendev.org/744590 | 02:41 |
| *** yaawang has quit IRC | 02:47 | |
| *** yaawang has joined #openstack-ironic | 02:48 | |
| *** diurnalist has quit IRC | 02:50 | |
| *** tzumainn has quit IRC | 02:54 | |
| *** rh-jelabarre has quit IRC | 03:15 | |
| TheJulia | janders: if the folder already exists it should just roll with it | 03:16 |
| TheJulia | dking: they are insstalled from the same repo. The Conductor is not user facing at all, but the API gives instructions to the conductor over an RPC bus... either using oslo.messaging (basically rabbitmq) or jsonrpc | 03:18 |
| dking | TheJulia: Okay. I'm trying to run the software in Docker containers, and I don't like running an init system, so I'm trying to have a container for each service that needs to run, which is taking me a bit to figure out how to split them up. | 03:20 |
| *** diurnalist has joined #openstack-ironic | 03:20 | |
| TheJulia | dking: the conductor will serve up jsonrpc | 03:20 |
| TheJulia | or try to connectt o a mutually configured jsonrpc | 03:21 |
| TheJulia | err | 03:21 |
| dking | I imagine that I'll either be sharing or duplicating some files. Right now, I'm sharing ironic.conf since I don't know for sure which pieces are needed by the API and which by the conductor. I found that I could set the conductor hostname in the json-rpc settings. | 03:21 |
| TheJulia | mutually configured rabbitmq | 03:21 |
| dking | I'm not using rabbitmq at this point, and no Keystone, so that simplifies things. | 03:21 |
| dking | Of course, because I'm running separate containers for each service, I'm going to have one for dnsmasq also, and then maybe something for nginx, if it's needed. Does the conductor itself need to right files to the webserver (nginx) document root? I'm not using cloud-init/configdrive at the moment. But I imagine it would need to write a custom pxe configuration for the MAC before deploy? | 03:23 |
| TheJulia | so yeah, jsonrpc is the way to go then | 03:23 |
| TheJulia | the api service will just need to be able to connect to the conductor hostname on the jsonrpc port | 03:24 |
| dking | Yep. I was able to get that working tonight, and I can create a node. | 03:24 |
| TheJulia | the conductor needs to be able to write to the webserver | 03:24 |
| TheJulia | specifically shared root path | 03:24 |
| dking | I suppose that they could share a volume for that, then. What things does it actually need to write? I'm going to be keeping my deploy images in a different location, and I could probably do the same for any of the static files, so it would be nice to know exactly what's needed. | 03:26 |
| TheJulia | so it writes pxe configs, bootloaders, and images for the agent to download | 03:27 |
| dking | Okay. I might use try to keep those in a shared volume for now. And the only thing that writes to them ins the conductor? | 03:33 |
| TheJulia | yes | 03:34 |
| dking | I'm also going to be adding in the inspector service. It looks like that's just an API that the ironic-api calls, and then is also hit from the IPA client on the nodes? | 03:35 |
| TheJulia | Yes | 03:36 |
| dking | Okay. That doesn't sound too bad, then. I'm going to try to throw all of this together, and maybe have somebody check and see if I'm just being silly. | 03:37 |
| TheJulia | That is correct | 03:37 |
| TheJulia | Sounds like your on the right path | 03:37 |
| dking | Oh, and one more really crazy question... I'm considering maybe trying to make this setup HA. Since I'll have everything sharing an external DB (which I might just make Gallera), it seems that most of these services could be run multiple times. However, one thing that I can see being a problem is that the conductor (I think?) polls power status regularly, and sends out changes. I imagine that's going to be a bit of a problem wh | 03:40 |
| dking | en I get there? | 03:40 |
| dking | Of course, maybe only having three IPMI requests at a time probably wouldn't kill anything, and multiple power status changes that are all the same might not be a complete blocker, either. | 03:41 |
| *** k_mouza has joined #openstack-ironic | 04:17 | |
| *** k_mouza has quit IRC | 04:21 | |
| *** Lucas_Gray has quit IRC | 04:36 | |
| *** Zempashi has joined #openstack-ironic | 05:30 | |
| *** Zempashi has quit IRC | 06:12 | |
| *** belmoreira has joined #openstack-ironic | 06:15 | |
| SuiongNg|ITRI_TW | Hi everyone, I'm still having problems with agent token after upgrade to the latest version. | 06:51 |
| SuiongNg|ITRI_TW | I can't rescue a node twice because the conductor will refuse to provide the agent token the second | 06:51 |
| SuiongNg|ITRI_TW | time. The workflow look like this : active => rescue (ok) => unrescue (ok) => rescue (failed) | 06:51 |
| SuiongNg|ITRI_TW | conductor and ipa log : http://paste.openstack.org/show/796553/ | 06:52 |
| arne_wiebalck | Good morning, ironic! | 07:04 |
| *** ntt has joined #openstack-ironic | 07:04 | |
| arne_wiebalck | dking: I don't think getting the power status will be a major issue: I think the conductors share the load, but for sure you can have parallelism within a conductor. IIRC, getting the power status via IPMI takes about 40 seconds for 1000 nodes. | 07:07 |
| *** mkrai has quit IRC | 07:10 | |
| *** mkrai_ has joined #openstack-ironic | 07:10 | |
| *** dtantsur|afk is now known as dtantsur | 07:16 | |
| dtantsur | morning ironic! | 07:16 |
| dtantsur | anyone feels desire to request a sushy-tools release? | 07:17 |
| iurygregory | good morning arne_wiebalck dtantsur and Ironic! | 07:22 |
| iurygregory | dtantsur, I can do it in a few | 07:22 |
| dtantsur | thanks | 07:22 |
| *** rcernin has quit IRC | 07:22 | |
| SuiongNg|ITRI_TW | btw, I'm using ironic standalone. | 07:25 |
| dtantsur | SuiongNg|ITRI_TW: let me check something | 07:26 |
| dtantsur | gah, it's probably a bug | 07:28 |
| SuiongNg|ITRI_TW | okay, thanks. nice to know. | 07:30 |
| *** mkrai_ has quit IRC | 07:30 | |
| *** dougsz has joined #openstack-ironic | 07:30 | |
| SuiongNg|ITRI_TW | Also, I think require_agent_token=false isn't able to circurvent this because the conductor will check the agent token when it sees a ipa with version 6.1. | 07:32 |
| dtantsur | correct | 07:33 |
| dtantsur | require_agent_token was a temporary hack for upgrades | 07:33 |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: Wipe agent token and URL on rescue and unrescue https://review.opendev.org/744655 | 07:40 |
| dtantsur | SuiongNg|ITRI_TW: try ^^^ | 07:40 |
| *** Zempashi has joined #openstack-ironic | 07:46 | |
| SuiongNg|ITRI_TW | dtantsur : it works !! | 07:46 |
| dtantsur | great | 07:46 |
| *** rcernin has joined #openstack-ironic | 07:48 | |
| rpittau | good morning ironic! o/ | 07:49 |
| iurygregory | dtantsur, 0.11.1 how does it sound for you? | 07:49 |
| iurygregory | I consider a bugfix the commits we have | 07:50 |
| iurygregory | good morning rpittau o/ | 07:50 |
| *** rcernin has quit IRC | 07:53 | |
| rpittau | hey iurygregory :) | 07:53 |
| * iurygregory grabs more coffee | 07:54 | |
| *** mkrai has joined #openstack-ironic | 07:58 | |
| dtantsur | iurygregory: I think so | 08:09 |
| iurygregory | done | 08:09 |
| *** mkrai has quit IRC | 08:09 | |
| *** mkrai has joined #openstack-ironic | 08:10 | |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: [WIP] Sync boot mode for all ramdisks in PXE https://review.opendev.org/744657 | 08:13 |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Support redfish emulation and add CI jobs with Redfish and UEFI https://review.opendev.org/744421 | 08:14 |
| iurygregory | Is anyone able to reproduce the failure from https://review.opendev.org/#/c/744547/ in l-c job locally? | 08:16 |
| patchbot | patch 744547 - ironic (stable/stein) - Pin ironic-tempest-plugin - 3 patch sets | 08:16 |
| iurygregory | I couldn't reproduce O.o | 08:16 |
| * dtantsur hasn't even tried | 08:16 | |
| openstackgerrit | Riccardo Pittau proposed openstack/python-ironicclient stable/ussuri: Restore default netboot boot option https://review.opendev.org/744659 | 08:18 |
| rpittau | iurygregory: gimme 5 minutes, I'll check that | 08:19 |
| *** Yumeng has joined #openstack-ironic | 08:23 | |
| *** jhesketh has quit IRC | 08:24 | |
| *** rcernin has joined #openstack-ironic | 08:27 | |
| iurygregory | rpittau, tks | 08:28 |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: [WIP] Configure redfish virtual media https://review.opendev.org/744459 | 08:29 |
| *** Lucas_Gray has joined #openstack-ironic | 08:30 | |
| *** rcernin has quit IRC | 08:31 | |
| *** priteau has joined #openstack-ironic | 08:43 | |
| *** derekh has joined #openstack-ironic | 08:47 | |
| *** k_mouza has joined #openstack-ironic | 08:53 | |
| *** rcernin has joined #openstack-ironic | 08:59 | |
| rpittau | iurygregory: in lower-constraints in stein we use rfc3986 0.3.1, but validators was added in 1.0 | 09:00 |
| iurygregory | wtf | 09:00 |
| iurygregory | locally it was working when I've run tox | 09:01 |
| iurygregory | seems like nova requires 1.1.0 in their l-c for stein | 09:03 |
| iurygregory | O.o | 09:03 |
| rpittau | ah there you go :) | 09:04 |
| iurygregory | https://opendev.org/openstack/nova/src/branch/stable/stein/lower-constraints.txt#L144 | 09:04 |
| rpittau | it makes sense, the version we have is super old | 09:04 |
| rpittau | consider that 1.0 is 4 years old | 09:05 |
| iurygregory | yeah | 09:05 |
| iurygregory | wondering if we can just change l-c | 09:05 |
| iurygregory | and requirements... | 09:05 |
| rpittau | I doubt we can increase the min version in a stable branch | 09:05 |
| iurygregory | yep | 09:05 |
| rpittau | we need to change in all the other branches too | 09:06 |
| iurygregory | oh god | 09:06 |
| rpittau | it's fun that we still have 0.3.1 mmmmmmm | 09:06 |
| rpittau | oh that's oslo config | 09:07 |
| iurygregory | https://opendev.org/openstack/nova/commit/2d2dc78975f1551a46f693a1e071c9917839ae2b well the changed that because it was a bug | 09:07 |
| rpittau | interesting | 09:08 |
| rpittau | we should probably do the same | 09:09 |
| iurygregory | yeah | 09:09 |
| rpittau | going to be hard make stein works though | 09:09 |
| iurygregory | ? | 09:09 |
| iurygregory | why | 09:09 |
| rpittau | because I'm not sure we can change the lower-constraints there | 09:10 |
| iurygregory | we probably need to talk with requirements I think | 09:10 |
| iurygregory | to get their input | 09:10 |
| rpittau | yeah | 09:10 |
| iurygregory | going to ask there | 09:10 |
| rpittau | ok | 09:11 |
| iurygregory | done | 09:14 |
| *** rcernin has quit IRC | 09:16 | |
| *** ociuhandu_ has joined #openstack-ironic | 09:21 | |
| *** ntt_ has joined #openstack-ironic | 09:21 | |
| *** ociuhandu has quit IRC | 09:21 | |
| *** ntt has quit IRC | 09:23 | |
| *** yaawang has quit IRC | 09:23 | |
| *** yaawang has joined #openstack-ironic | 09:26 | |
| openstackgerrit | Merged openstack/ironic-python-agent stable/train: Pin Ironic Tempest Plugin https://review.opendev.org/744548 | 09:27 |
| openstackgerrit | Merged openstack/ironic-python-agent stable/stein: Pin Ironic Tempest Plugin https://review.opendev.org/744546 | 09:27 |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: [WIP] Configure redfish virtual media https://review.opendev.org/744459 | 09:29 |
| openstackgerrit | Merged openstack/sushy-tools master: Update version of hacking https://review.opendev.org/743962 | 09:35 |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: [WIP] Correctly handle default_boot_mode https://review.opendev.org/744657 | 09:36 |
| ajya | Hi, I tried logging to IPA some time ago and it didn't work, then I solved the issue without getting the access, but now I need it again. In IPA logs I see that selinux=0 and rootpwd is passed, but it does not work. | 09:39 |
| ajya | I'm wondering if CentOS8 images from https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ have dynamic login enabled? Also tried SSH login, but there it has connection refused - is SSH enabled there? | 09:40 |
| dtantsur | ajya: it has been added very recently, make sure to use the latest images | 09:41 |
| ajya | dtantsur: ok, I'll try with the latest. Now I have from end of May. It's too old? | 09:42 |
| dtantsur | definitely | 09:42 |
| dtantsur | dynamic login was added on July 27th | 09:43 |
| ajya | indeed very recently :) | 09:45 |
| *** k_mouza has quit IRC | 09:47 | |
| *** k_mouza has joined #openstack-ironic | 09:59 | |
| *** yaawang has quit IRC | 10:04 | |
| *** yaawang has joined #openstack-ironic | 10:05 | |
| *** tkajinam has quit IRC | 10:12 | |
| *** sshnaidm_ has joined #openstack-ironic | 10:12 | |
| *** sshnaidm has quit IRC | 10:15 | |
| *** belmoreira has quit IRC | 10:17 | |
| *** k_mouza has quit IRC | 10:21 | |
| *** jhesketh has joined #openstack-ironic | 10:21 | |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: [WIP] Configure redfish virtual media https://review.opendev.org/744459 | 10:26 |
| *** sshnaidm_ is now known as sshnaidm | 10:26 | |
| rpittau | ironicclient in ussuri is broken unless we backport https://review.opendev.org/741804 | 10:27 |
| patchbot | patch 741804 - ironic - Update number of VM on ironic-base (MERGED) - 1 patch set | 10:27 |
| *** k_mouza has joined #openstack-ironic | 10:27 | |
| iurygregory | rpittau, there is a backport | 10:29 |
| iurygregory | I think TheJulia did | 10:29 |
| rpittau | iurygregory: I don't see it | 10:29 |
| rpittau | uh there it is | 10:30 |
| iurygregory | https://review.opendev.org/#/c/744538/1 | 10:30 |
| patchbot | patch 744538 - ironic (stable/ussuri) - Update number of VM on ironic-base - 1 patch set | 10:30 |
| rpittau | mmmm ok | 10:30 |
| iurygregory | l-c also broken | 10:30 |
| rpittau | same reason | 10:30 |
| iurygregory | validators | 10:30 |
| iurygregory | facepalm | 10:30 |
| rpittau | yeah | 10:30 |
| *** ociuhandu_ has quit IRC | 10:30 | |
| rpittau | wow | 10:30 |
| iurygregory | OGW | 10:31 |
| rpittau | this is not good | 10:31 |
| *** ociuhandu has joined #openstack-ironic | 10:31 | |
| iurygregory | I'm trying to understand how this only pop up "now" | 10:32 |
| *** ociuhandu has quit IRC | 10:36 | |
| rpittau | we do have oslo.config==5.2.0 in lower-constraints in ussuri, but it's installing 8.3.1 | 10:39 |
| iurygregory | enr | 10:40 |
| iurygregory | Zuul come here we need to talk with you, we have cookies lol | 10:40 |
| rpittau | I just posted on the reqs channel, let's see | 10:42 |
| * rpittau insert food to continue | 10:42 | |
| rpittau | before going for lunch, if you llok at the bottom of https://f9bceac7ceaf91e99aef-e9f72a59c843cab6405cc90a00b637b8.ssl.cf5.rackcdn.com/744538/1/check/openstack-tox-lower-constraints/73c5297/tox/lower-constraints-2.log you'll see that we're installing a bunch of incompatible pkgs | 10:44 |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Support default_boot_mode and prepare the CI for different boot modes https://review.opendev.org/744678 | 10:53 |
| *** rcernin has joined #openstack-ironic | 10:55 | |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Support redfish emulation and run the keystone jobs with redfish https://review.opendev.org/744421 | 10:56 |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Add CI jobs with Redfish and UEFI https://review.opendev.org/744434 | 10:58 |
| openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: [WIP] Configure redfish virtual media https://review.opendev.org/744459 | 10:58 |
| *** aedc has quit IRC | 11:08 | |
| *** alexmcleod has quit IRC | 11:10 | |
| *** mkrai has quit IRC | 11:11 | |
| *** mkrai_ has joined #openstack-ironic | 11:11 | |
| *** alexmcleod has joined #openstack-ironic | 11:14 | |
| *** diurnalist has quit IRC | 11:23 | |
| *** ociuhandu has joined #openstack-ironic | 11:23 | |
| *** ociuhandu has quit IRC | 11:24 | |
| *** ociuhandu has joined #openstack-ironic | 11:25 | |
| *** ociuhandu has quit IRC | 11:30 | |
| openstackgerrit | Merged openstack/ironic-python-agent stable/ussuri: set EVENTLET_NO_GREENDNS to 'yes' https://review.opendev.org/744279 | 11:36 |
| *** ociuhandu has joined #openstack-ironic | 11:40 | |
| openstackgerrit | Merged openstack/ironic-python-agent stable/ussuri: Prevent un-needed iscsi cleanup https://review.opendev.org/743032 | 11:40 |
| openstackgerrit | Merged openstack/ironic master: Fix error word presistent in docs https://review.opendev.org/744590 | 11:40 |
| *** mkrai_ has quit IRC | 11:45 | |
| *** k_mouza has quit IRC | 11:47 | |
| *** Zempashi has quit IRC | 11:49 | |
| *** belmoreira has joined #openstack-ironic | 11:51 | |
| *** rcernin has quit IRC | 11:53 | |
| *** rh-jelabarre has joined #openstack-ironic | 11:54 | |
| iurygregory | requirements people are probably on PTO XD | 12:01 |
| *** Zempashi has joined #openstack-ironic | 12:05 | |
| *** k_mouza has joined #openstack-ironic | 12:12 | |
| *** belmoreira has quit IRC | 12:23 | |
| iurygregory | rpittau, seems like we can update l-c | 12:29 |
| rpittau | iurygregory: yeah, I think we should start from master and then backport the change as a fix | 12:30 |
| rpittau | although if something has changed in tox, maybe we don't need to to that | 12:30 |
| iurygregory | hummm | 12:30 |
| iurygregory | well only l-c doesn't fix stable/stein etc | 12:31 |
| rpittau | if l-c is respected, the correct version of oslo.config is installed, so no need to update l-c in stable branches | 12:31 |
| iurygregory | yeah | 12:31 |
| iurygregory | that would be the best | 12:31 |
| rpittau | it wouldn't hurt to update reqs for master though :) | 12:32 |
| iurygregory | yeah | 12:38 |
| iurygregory | yay just saw the thread on openstack-discuss | 12:39 |
| rpittau | fantastic | 12:41 |
| iurygregory | break all requirements! | 12:43 |
| dtantsur | TheJulia: JFYI: we've got our first release from a bugfix branch: https://pypi.org/project/ironic-inspector/10.2.1/ | 12:49 |
| *** yaawang has quit IRC | 12:50 | |
| *** yaawang has joined #openstack-ironic | 12:51 | |
| dtantsur | iurygregory: do I recall it right that you had some WIP work for CI on bugfix branches? | 12:52 |
| iurygregory | dtantsur, yeah (forgot to update /me facepalm) | 12:52 |
| dtantsur | iurygregory: could you point me at it? | 12:53 |
| iurygregory | https://review.opendev.org/#/c/741825/ | 12:53 |
| patchbot | patch 741825 - ironic-python-agent (bugfix/6.2) - [DNM] Testing setting IRONIC_PYTHON_AGENT_BRANCH - 2 patch sets | 12:53 |
| iurygregory | I was testing on ipa only to see | 12:53 |
| dtantsur | ah, I see | 12:53 |
| dtantsur | I can give ironic-inspector a try | 12:53 |
| iurygregory | ack | 12:53 |
| *** mgoddard has quit IRC | 13:07 | |
| *** mgoddard has joined #openstack-ironic | 13:11 | |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic-python-agent master: Examples: add deploy_steps examples https://review.opendev.org/744705 | 13:22 |
| dtantsur | JayF: ^^ | 13:22 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic stable/ussuri: [DNM] Test fix for lower-constraints job https://review.opendev.org/744706 | 13:25 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic stable/ussuri: [DNM] Test fix for lower-constraints job https://review.opendev.org/744706 | 13:25 |
| iurygregory | yay good news | 13:27 |
| iurygregory | "if you include the simple-init element ... it should "just work" with a config drive that's how we boot all the infra nodes" | 13:27 |
| *** diurnalist has joined #openstack-ironic | 13:27 | |
| iurygregory | re dhcp-less \o/ | 13:27 |
| TheJulia | good morning | 13:28 |
| dtantsur | morning TheJulia | 13:28 |
| dtantsur | iurygregory: yep, except that our configdrive won't be in a standard location | 13:29 |
| TheJulia | iurygregory: umm... except how is that config drive going to be found | 13:29 |
| TheJulia | iurygregory: simple-init/glean looks for the config-2 label on a block device | 13:29 |
| TheJulia | at a minimum we likely need a loop attach of our iso for it to be found | 13:29 |
| TheJulia | maybe | 13:29 |
| iurygregory | ok | 13:30 |
| iurygregory | good morning TheJulia =) | 13:30 |
| TheJulia | good morning | 13:30 |
| dtantsur | iurygregory: I think I've figured out the bugfix branch CI (or rather fungi led me through it) | 13:31 |
| iurygregory | dtantsur, \o/ | 13:31 |
| dtantsur | with an exception of grenade which I intend to leave alone for now | 13:31 |
| iurygregory | hehehe | 13:31 |
| iurygregory | I totally agree with you | 13:32 |
| TheJulia | I think with grenade we kind of had consensus we could go another route and use bifrost and re-install on top with the node still present in the db | 13:32 |
| TheJulia | which, fwiw, worked just fine in my lab | 13:32 |
| dtantsur | correct, I just never had time to define a job | 13:33 |
| TheJulia | I need to finish this talk I'm working on, I could likely do it thursday if we manage to start getting stable branch CI happier and some of the fixes begin landing | 13:34 |
| *** hoonetorg has quit IRC | 13:36 | |
| iurygregory | well l-c is completely broken in OpenStack | 13:37 |
| dtantsur | so, https://review.opendev.org/#/c/744700/ ends up with all jobs scheduled, let's see if they pass | 13:37 |
| patchbot | patch 744700 - ironic-inspector (bugfix/10.2) - [WIP] Configure dsvm jobs for the bugfix branch - 5 patch sets | 13:37 |
| iurygregory | we probably need to update things so patches on bugfix/*** pop-ups here | 13:38 |
| rpittau | iurygregory: yep, but I think the change sean made should fix the issue | 13:38 |
| dtantsur | I think I have... | 13:38 |
| iurygregory | rpittau, \o/ | 13:38 |
| dtantsur | https://opendev.org/openstack/project-config/src/branch/master/gerritbot/channels.yaml#L763 | 13:38 |
| *** hoonetorg has joined #openstack-ironic | 13:39 | |
| iurygregory | dtantsur, yeah that should work O.o | 13:39 |
| dtantsur | iurygregory: wanna try a similar thing with IPA and/or ironic? | 13:40 |
| TheJulia | iurygregory: seriously....!??!? | 13:40 |
| iurygregory | dtantsur, yeah | 13:40 |
| iurygregory | doing now | 13:40 |
| dtantsur | iurygregory: just skip the "debug" bit, it was for, well, debugging :) | 13:40 |
| iurygregory | TheJulia, well yes .-. | 13:41 |
| dtantsur | by the way, a useful thing to know: setting debug:true in a zuul pipeline makes zuul tell you how it picks jobs | 13:41 |
| TheJulia | oohhh | 13:41 |
| iurygregory | :O | 13:41 |
| openstackgerrit | Vishal Manchanda proposed openstack/ironic-ui master: DNM: testing gate on ubuntu focal https://review.opendev.org/744708 | 13:42 |
| iurygregory | funny that I gave a try using name + override-checkout, but I probably need the ironic pin and devstack... | 13:42 |
| TheJulia | so is the l-c stuff on the mailing list? | 13:43 |
| iurygregory | yeah | 13:43 |
| iurygregory | =) | 13:43 |
| rpittau | TheJulia: yes | 13:44 |
| iurygregory | [nova] openstack-tox-lower-constraints broken | 13:44 |
| rpittau | the fix looks like a huge amount of pain | 13:44 |
| *** tzumainn has joined #openstack-ironic | 13:46 | |
| TheJulia | ugh, pip | 13:47 |
| * TheJulia remembers the last time it broke everything | 13:47 | |
| dtantsur | pip breaking things? no way! | 13:47 |
| dtantsur | nearly as impossible as UEFI not working | 13:48 |
| dtantsur | TheJulia: btw: https://review.opendev.org/#/c/744655/ | 13:48 |
| patchbot | patch 744655 - ironic - Wipe agent token and URL on rescue and unrescue - 1 patch set | 13:48 |
| * arne_wiebalck just logged into the first bare metal instance created with the redfish driver in our deployment \o/ | 13:50 | |
| dtantsur | congrats \o/ | 13:51 |
| rpittau | nice :) | 13:51 |
| openstackgerrit | Merged openstack/ironic-python-agent stable/ussuri: Return the final RAID configuration from apply_configuration https://review.opendev.org/743773 | 13:54 |
| TheJulia | arne_wiebalck: that is awesome | 13:55 |
| *** sdanni has joined #openstack-ironic | 13:56 | |
| TheJulia | o/ sdanni | 13:57 |
| iurygregory | dtantsur, patch 744717 seems to at least run a bunch of jobs =D | 14:00 |
| patchbot | https://review.opendev.org/#/c/744717/ - ironic (bugfix/15.1) - WIP - Test running jobs on bugfix - 1 patch set | 14:00 |
| dtantsur | good :) | 14:00 |
| *** Yumeng has quit IRC | 14:04 | |
| * TheJulia blinks looking at the constraints patch and wonders why this was not already a thing | 14:05 | |
| rpittau | it was decided to remove install_command at some point | 14:05 |
| dtantsur | I think the previous approach also broke lower-constraints :) | 14:06 |
| rpittau | yeah | 14:06 |
| TheJulia | right, it does add install_command on the l-c job | 14:06 |
| TheJulia | I looked the cinder one where it is trying to do the constraints on the install and they didn't ahve any of it on the testenv intall_command | 14:07 |
| TheJulia | and we have ours on deps | 14:07 |
| TheJulia | ugh | 14:07 |
| rpittau | yeah, the last change was not followed by everyone | 14:07 |
| TheJulia | I just asked on openstack-qa if there is any hope of a programmatic push to project repos or if we're going to have to fend for ourselves | 14:13 |
| rpittau | TheJulia: cause I was going to submit the first patch :D | 14:14 |
| rpittau | I missed an 'ok, ' there | 14:14 |
| TheJulia | rpittau: I say submit away if your in a place to do so | 14:17 |
| rpittau | it's just to fix ironic, so we can backport and fix ussuri at least | 14:18 |
| TheJulia | I can always take care of past ussuri | 14:18 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic master: Fix for lower-constraints job https://review.opendev.org/744727 | 14:19 |
| TheJulia | dtantsur: the rescue fix lgtm, btw | 14:19 |
| rpittau | whoops forgot the rest of the commit msg :/ | 14:20 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic master: Fix for lower-constraints job https://review.opendev.org/744727 | 14:22 |
| *** donnyd has joined #openstack-ironic | 14:40 | |
| *** dking has quit IRC | 14:42 | |
| ajya | dtantsur: finally got to check the latest IPA - can log in now. Thanks \o/ | 14:42 |
| dtantsur | awesome :) | 14:42 |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: agent_client: support custom TLS certficates https://review.opendev.org/744731 | 14:46 |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: agent_client: support custom TLS certificates https://review.opendev.org/744731 | 14:47 |
| JayF | dtantsur: any plan to do client certificates in agent client for connecting to agents? | 14:50 |
| dtantsur | JayF: no immediate plans, but should be easy to add | 14:50 |
| dtantsur | I'm now concerned with automating any TLS between the agent and ironic | 14:51 |
| dtantsur | i.e. https://storyboard.openstack.org/#!/story/2007214 | 14:51 |
| JayF | I'm about to write that code downstream, I'll see if I can make time to draft it upstream as well | 14:51 |
| JayF | the verification side on the agent for that is sticky though | 14:51 |
| openstackgerrit | Dmitry Tantsur proposed openstack/ironic-python-agent master: Examples: add deploy_steps examples https://review.opendev.org/744705 | 14:52 |
| dtantsur | yeaah | 14:52 |
| JayF | our IPA python server doesn't even support SSL natively | 14:52 |
| JayF | downstream I'm doing a fronting-proxy | 14:53 |
| dtantsur | we've changed to oslo_service, it does support TLS | 14:53 |
| TheJulia | JayF: upstream would be awesome and luckilly the agent side code and the client code for the agent has not changed much | 14:53 |
| JayF | Honestly it's just a matter of the math of how many hours in the day | 14:54 |
| JayF | moreso than difficulty | 14:54 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic master: Fix for lower-constraints job https://review.opendev.org/744727 | 14:58 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic-inspector master: Fix for lower-constraints job https://review.opendev.org/744733 | 15:00 |
| TheJulia | :( | 15:00 |
| TheJulia | Understood | 15:00 |
| JayF | also, would you all take that patch without the IPA side? | 15:01 |
| JayF | e.g. Ironic conductor sends a client cert; but no code on the IPA side to verify it? | 15:01 |
| JayF | I don't think there's a "good" way to do that today in IPA without massive changes to the wsgi server, and implementing it all in ramdisk is pretty... site-specific (I'm implementing a downstream element) | 15:02 |
| TheJulia | I think we'd have to grok the mechanisms/process/pattern before being able to answer that question | 15:02 |
| JayF | e.g. Ironic conductor sends client cert -> IPA TLS server | 15:02 |
| TheJulia | yeah | 15:02 |
| JayF | today there *is no upstream IPA TLS server* -- IPA is only available over http | 15:03 |
| TheJulia | the agent would have to functionally restart itself or startup a tls enabled one and kill the first | 15:03 |
| TheJulia | that mechanism will be headachy | 15:03 |
| JayF | or do it via infra, by installing apache/nginx/ats/etc into the ramdisk | 15:03 |
| TheJulia | eek | 15:03 |
| TheJulia | Yeah | 15:03 |
| JayF | the infra-apparoach is what I'm taking downstream, and AFAICT represents best practices for running wsgi apps | 15:03 |
| JayF | AFAICT we'd have to implement *our own* wsgi server to get one with TLS Client Cert support | 15:04 |
| TheJulia | I have a feeling your right about that | 15:04 |
| TheJulia | I don't remember seeing it in the docs last time I looked but that was over a year ago | 15:05 |
| TheJulia | if not 2 | 15:05 |
| JayF | downstream I'm doing a setup that looks like ... apache proxying back to IPA service, apache validates the cert against CA, pulls the CN/SAN out of the cert and puts it in a header for IPA to validate | 15:05 |
| TheJulia | maybe 3 | 15:05 |
| * TheJulia feels old | 15:05 | |
| *** derekh has quit IRC | 15:05 | |
| JayF | I did this investigation over the last two weeks :) | 15:05 |
| TheJulia | ok | 15:05 |
| JayF | so I'm extra-certain, unless my google-fu has atrophied | 15:05 |
| JayF | and I'm plenty old too, so it's possible that's true :D | 15:05 |
| TheJulia | I remember looking at this a really long time ago for other reasons | 15:05 |
| *** derekh has joined #openstack-ironic | 15:05 | |
| dtantsur | JayF: IPA supports TLS nowadays, it uses oslo.service | 15:06 |
| JayF | O.o | 15:06 |
| TheJulia | tls != tls client cert support | 15:07 |
| JayF | if it supports TLS, the jump to client cert might be trivial | 15:07 |
| TheJulia | yeah | 15:07 |
| JayF | I've been working against a base of stein, and it didn't have that support afaict | 15:07 |
| dtantsur | well, Jay said "IPA is only available only HTTP". I think it's a matter of configuration nowadays | 15:07 |
| dtantsur | yep, it came in ussuri IIRC | 15:07 |
| dtantsur | with the migration from pecan/wsme to werkzeug/oslo.service | 15:08 |
| JayF | OK; you just flipped my world around. Going to look at this new code. | 15:09 |
| JayF | While we're chatting, a question about another potential feature, if it's something we'd want upstream | 15:09 |
| dtantsur | JayF: https://opendev.org/openstack/oslo.service/src/branch/master/oslo_service/_options.py#L93-L119 | 15:09 |
| dtantsur | ca_file seems what you need | 15:09 |
| iurygregory | rpittau, funny that the fix is using install_command omg | 15:09 |
| JayF | Use case: Some IPA implementers may only be using a portion of functionality and wish to restrict that it's not using. e.g. deployers using agent deploy/clean, but not inspection -- if they want to disable those agent commands or clean steps unused in their environment | 15:10 |
| JayF | I think that might be a small enough case that it's not desired upstream; but I thought I'd check | 15:10 |
| rpittau | iurygregory: yep, basically forcing the constraint to be considered | 15:10 |
| JayF | dtantsur: that's pretty damn close to what I need, I just also have to validate the CN/SAN in the cert | 15:10 |
| *** dking has joined #openstack-ironic | 15:11 | |
| JayF | dtantsur: thanks for this, you just spent me into a tailspin about how I'm doing this downstream lol | 15:11 |
| dtantsur | yeah, there was also some flag to pass to oslo.service, like use_ssl. I'm not sure if it's required and whether we do pass it | 15:11 |
| iurygregory | rpittau, yeah, funny that there was a thread if I do remember saying to not use hehe | 15:11 |
| dtantsur | but yeah, most of the work should have been done already | 15:11 |
| JayF | I now kinda just wanna upgrade to ussuri, and revert the agent token code | 15:11 |
| dtantsur | :D | 15:11 |
| JayF | we already did validation of Stein IPA against Ocata Ironic though :) | 15:11 |
| rpittau | iurygregory: that's correct :/ | 15:12 |
| iurygregory | <insert drink> | 15:12 |
| iurygregory | <move to friday> | 15:12 |
| rpittau | drinkS | 15:12 |
| iurygregory | <loop> <insert drink> </loop> | 15:13 |
| TheJulia | JayF: Interesting. Ramdisk side there is some of that but there is also no commands on the ramdisk to do inspection reporting. Deploy/clean would be interesting and we've kind of already been thinking in that direction with the topic of long lived agents | 15:14 |
| TheJulia | because basically the same funcitonality would be needed and securely disable chunks or pivot the agent to enable a $thing such as (eventually (hopefully)) kexec or deploy over what is presently on disk (naturally there are dragons there) | 15:15 |
| JayF | Well, for some insight into how it's working here, we've (I've, really) written a "hybrid" driver, which uses our downstream Anaconda stuff for deploy and IPA for cleaning | 15:16 |
| JayF | and we'd like, for security reasons, to disable the ability for IPA to perform anything but cleaning, and specified clean steps, as an extra security measure | 15:16 |
| JayF | e.g. to prevent a nefarious actor from racing Ironic to the agent, and running write_image to deliver a payload | 15:16 |
| TheJulia | Yeah, in your environment/config you need something like that | 15:17 |
| TheJulia | becuase lookup is not a thing | 15:18 |
| JayF | Well, we're using lookup here :) | 15:18 |
| TheJulia | and also you don't have agent token which disables all actions until the token is established | 15:18 |
| JayF | We have not implemented the upstream spec jroll wrote yet | 15:18 |
| JayF | Yep, we don't have agent token | 15:18 |
| TheJulia | but if the attacker MitM it.... | 15:18 |
| JayF | Yeah, exactly, I think there are still cases where even with agent token this could be useful | 15:18 |
| JayF | but long-lived agents makes most simple solutions fail -- since you can't just pass mode=clean or something on the kernel cli | 15:18 |
| TheJulia | yeah, multiple mechanisms are realistically needed depending on use case | 15:19 |
| TheJulia | exactly | 15:19 |
| JayF | so unless you're terribly worried about it, I think this will be implemented downstream as a whitelist | 15:19 |
| JayF | er, allowlist | 15:19 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic-lib master: Fix for lower-constraints job https://review.opendev.org/744734 | 15:19 |
| TheJulia | I think that would be fine and upstream we could build a mechanism once we have the time/braincells to focus | 15:19 |
| rpittau | wow we were running l-c with no constraints since a while in all projects.... | 15:19 |
| JayF | TheJulia: this is a step to getting us in line with upstream :) hopefully we'll be able to implement upstream Eventually(tm) | 15:20 |
| *** openstackgerrit has quit IRC | 15:20 | |
| dtantsur | rage quit ^^^ | 15:20 |
| rpittau | :D | 15:20 |
| * TheJulia pours dtantsur whiskey | 15:20 | |
| TheJulia | are we keeping a list of the l-c patches? | 15:21 |
| dtantsur | :) | 15:21 |
| rpittau | https://review.opendev.org/#/q/topic:fix-l-c+(status:open+OR+status:merged) <- can change the topic if needed | 15:21 |
| iurygregory | rpittau, well there was an email saying it was ok =X | 15:22 |
| iurygregory | don't blame me =S | 15:22 |
| iurygregory | hehehe | 15:22 |
| TheJulia | rpittau: wfm | 15:22 |
| dking | arne_wiebalck: Thank you for your response. I'm actually not doing a controller. I'm doing something a bit different. I'm trying to run Bifrost, but I was trying to see about doing it as a Docker service and trying for redundancy. But it would be interesting to know how the conductors share the load, to see if it could apply when they are all accessed through the same address. It may just be a silly experiment, anyway. | 15:25 |
| rpittau | iurygregory: I blame the Great Old Ones trying to make us all crazy :) | 15:26 |
| iurygregory | rpittau, \o/ yeah | 15:26 |
| rpittau | let's wait for the l-c fixes, I'm following a discussion that might avoid all of that | 15:30 |
| TheJulia | rpittau: ohhhhhh | 15:31 |
| *** openstackgerrit has joined #openstack-ironic | 15:36 | |
| openstackgerrit | Kaifeng Wang proposed openstack/ironic-python-agent master: Extends pci devices metrics https://review.opendev.org/744403 | 15:36 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic-lib master: Fix for lower-constraints job https://review.opendev.org/744734 | 15:36 |
| *** k_mouza has quit IRC | 15:40 | |
| rpittau | so, about the l-c, TL;DR an update to pip should fix the issue globally, so it's up to us if we can wait for that | 15:45 |
| iurygregory | the patch with the update for pip is on CI already? | 15:45 |
| iurygregory | if yes I would say to wait | 15:45 |
| rpittau | nope | 15:45 |
| *** dmellado has joined #openstack-ironic | 15:46 | |
| iurygregory | .-. | 15:46 |
| iurygregory | well I don't have a strong option | 15:46 |
| iurygregory | were they were talking that update pip would fix? | 15:47 |
| rpittau | infra channel | 15:47 |
| rpittau | it's not 100% sure | 15:47 |
| *** ntt_ has quit IRC | 15:48 | |
| *** k_mouza has joined #openstack-ironic | 15:54 | |
| *** derekh has quit IRC | 16:15 | |
| *** ociuhandu has quit IRC | 16:27 | |
| TheJulia | I'm semi-cool with just waiting | 16:27 |
| TheJulia | its err | 16:27 |
| TheJulia | well | 16:27 |
| TheJulia | hmm | 16:27 |
| rpittau | I went ahead -> https://github.com/pypa/virtualenv/issues/1914 | 16:27 |
| TheJulia | oooohh virtualenv | 16:28 |
| * dtantsur looks at agent tokens and cries | 16:28 | |
| rpittau | yeah, clarkb and sean were discussing that, and it looks like the issue is exactly there | 16:29 |
| TheJulia | dtantsur: why are you crying? | 16:29 |
| dtantsur | TheJulia: there seems to be a few things broken.. for example, if we fail to receive a valid token from ironic, we leave the API wide open (just tried it) | 16:29 |
| clarkb | TheJulia: rpittau yes it is a pip bug. tox installs virtualenv which bundles pip. We need th pip that the tox test envs are using to be updated | 16:29 |
| TheJulia | dtantsur: what?!? | 16:30 |
| clarkb | we can hack around that in a couple ways, but the best thing is to have virtualenv make a release with a working pip then tox will use that | 16:30 |
| TheJulia | dtantsur: *sigh* | 16:30 |
| dtantsur | okay, no, it's even stranger | 16:30 |
| TheJulia | oh noes | 16:31 |
| rpittau | clarkb: thanks for the discussion before, I submitted an issue to virtualenv based on that, let's see if they reply :) | 16:31 |
| dtantsur | TheJulia: this is hit in our testing https://opendev.org/openstack/ironic-python-agent/src/branch/master/ironic_python_agent/agent.py#L233 | 16:31 |
| dtantsur | which allows me to run commands despite the token generated by the conductor.. and passed via kernel params | 16:31 |
| dtantsur | I guess we did intend this to work this way | 16:32 |
| TheJulia | oh, if memory serves we changed that for backwards compat | 16:32 |
| dtantsur | so it's fine. I only need to understand why the conductor rejects the token | 16:32 |
| dtantsur | also this is hit for virtual media, but it seems just a confusing log record https://opendev.org/openstack/ironic-python-agent/src/branch/master/ironic_python_agent/agent.py#L412-L417 | 16:33 |
| TheJulia | yeah, we anticipated that would be a thing with virutal media because it woudl be logged. We logged it more for pxe cases | 16:34 |
| dtantsur | probably we need 'if not self.agent_token' there | 16:35 |
| TheJulia | yeah, so it is not logged in that case | 16:35 |
| *** Zempashi has quit IRC | 16:36 | |
| *** dougsz has quit IRC | 16:38 | |
| *** gregwork has joined #openstack-ironic | 16:39 | |
| dtantsur | eeeehhhhmmmm, the token that is logged on the conductor when building vmedia options is not the same as the token that is passed to the kernel.. WUT | 16:40 |
| * dtantsur rubs his eyes | 16:41 | |
| dtantsur | yes, seriously, it boots with a token from another node.. i.e. with a CD from another node???? | 16:44 |
| dtantsur | yes, because they two nodes use the same redfish manager \o/ I told etingof it would be a problem..... | 16:47 |
| *** sshnaidm is now known as sshnaidm|afk | 16:48 | |
| *** gyee has joined #openstack-ironic | 16:49 | |
| *** priteau has quit IRC | 16:51 | |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic stable/ussuri: [DNM] Test fix for lower-constraints job https://review.opendev.org/744706 | 16:51 |
| *** priteau has joined #openstack-ironic | 16:52 | |
| dtantsur | stbenjam: my verdict: it's a race in sushy-tools because of how exceptionally mis-designed it is | 16:54 |
| iurygregory | ouch | 16:55 |
| iurygregory | =S | 16:55 |
| dtantsur | No offence, folks, but next time somebody glosses over my objections, I'll use -2 without regrets | 16:55 |
| * dtantsur has learned his lesson | 16:56 | |
| JayF | there's a reason it exists :) | 16:56 |
| * iurygregory gives whisky to dtantsur | 16:56 | |
| iurygregory | yeah | 16:56 |
| dtantsur | whisky is what I need for real | 16:57 |
| dtantsur | tl;dr for somebody who cares: in the default configuration sushy-tools uses one manager for everything. which means: the same CD is inserted for all nodes it manages. | 16:57 |
| dtantsur | which means: a node can get an agent token from another node. | 16:57 |
| dtantsur | I'll look into this tomorrow if nobody (pleeeeeez) beats me to it | 16:58 |
| dtantsur | .. because when I get to it, I'll rewrite half of sushy-tools to my liking | 17:00 |
| * dtantsur flips the table and quits, good night | 17:00 | |
| *** dtantsur is now known as dtantsur|afk | 17:00 | |
| * rpittau brace for impact | 17:00 | |
| TheJulia | I thought there was no explicit linkage between a manager and a system, that you just had to know from outside which goes to which | 17:05 |
| stbenjam | dtantsur|afk: :-( | 17:10 |
| stbenjam | dtantsur|afk: That really stinks... ok, thanks for looking | 17:11 |
| iurygregory | nice the cfp says my abstract has over 1000 chars -.-' | 17:12 |
| TheJulia | iurygregory: utf8?!? | 17:13 |
| TheJulia | multi-byte chars? | 17:13 |
| iurygregory | 2 tools I used to check says 991 and 998 .-. | 17:13 |
| TheJulia | heh | 17:13 |
| TheJulia | JIMMY! | 17:13 |
| iurygregory | I'm about to clean and write letter by letter hehe | 17:14 |
| iurygregory | maybe it doesn't like copy-paste | 17:14 |
| * TheJulia tries to remember jimmy's irc handle | 17:14 | |
| iurygregory | .-. | 17:14 |
| rpittau | iurygregory: just count them one by one :P | 17:14 |
| TheJulia | lol | 17:14 |
| TheJulia | that would be awful | 17:14 |
| iurygregory | rpittau, LOL | 17:14 |
| TheJulia | rpittau: will you be in charge of messagine random numbers to iurygregory ? | 17:14 |
| TheJulia | messaging | 17:15 |
| rpittau | :D | 17:15 |
| rpittau | TheJulia: the issue with l-c is "fixed", virtualenv released a new version with the good pip | 17:15 |
| iurygregory | rpittau, ">>> len(abstract) | 17:16 |
| iurygregory | 993" | 17:16 |
| iurygregory | python wouldn't lie to me (I hope) LOL | 17:16 |
| stbenjam | Is there a way to turn off agent tokens? | 17:17 |
| stbenjam | So I can bypass the sushy-tools problem | 17:17 |
| iurygregory | stbenjam, you can set the config to False require_agent_token | 17:18 |
| TheJulia | I just let jimmy with OSF know that the abstract length is getting kicked out | 17:18 |
| stbenjam | iurygregory: thanks! | 17:18 |
| TheJulia | but please for the love of the universe don't ship the product with that set | 17:18 |
| openstackgerrit | Riccardo Pittau proposed openstack/ironic stable/ussuri: [DNM] Test CI https://review.opendev.org/744760 | 17:18 |
| iurygregory | yeah ^ | 17:18 |
| iurygregory | you can use to test things till we found a fix | 17:18 |
| TheJulia | We're trying to make security better/stronger, and the multiple systems via one redfish API case is already super rare anyhow | 17:19 |
| stbenjam | TheJulia: I just need a way to test in dev | 17:19 |
| TheJulia | like... I'm not sure anyone ships gear that uses that is a vendor that also works with the ironic community | 17:19 |
| *** Lucas_Gray has quit IRC | 17:22 | |
| * iurygregory goes to do exercises and will try to submit the cfp after .-. | 17:23 | |
| TheJulia | iurygregory: it has been filed as a bug with the cfp system. If you don't get it in in-time let me know, I'm sure we can figure something out with them | 17:24 |
| TheJulia | okay, this is weird | 17:25 |
| TheJulia | somehow I accidently caused irccloud to try and translate | 17:25 |
| *** dsneddon has joined #openstack-ironic | 17:28 | |
| iurygregory | TheJulia, ack =) | 17:30 |
| *** priteau has quit IRC | 17:33 | |
| *** k_mouza has quit IRC | 17:36 | |
| TheJulia | so apparently chrome decided it needed to translate irccloud | 17:44 |
| TheJulia | queue funny nick translations | 17:44 |
| TheJulia | wheeee brain stuck in loop | 18:07 |
| *** rh-jelabarre has quit IRC | 18:16 | |
| openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent-builder master: Shift dhcp package for DHCPv6 https://review.opendev.org/743539 | 18:16 |
| *** rh-jelabarre has joined #openstack-ironic | 18:17 | |
| openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent stable/rocky: Pin Ironic Tempest Plugin https://review.opendev.org/744773 | 18:28 |
| openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent stable/queens: Pin Ironic Tempest Plugin https://review.opendev.org/744774 | 18:33 |
| openstackgerrit | Julia Kreger proposed openstack/ironic stable/stein: Remove locks before RPC bus is started https://review.opendev.org/743810 | 18:38 |
| *** dougsz has joined #openstack-ironic | 18:40 | |
| openstackgerrit | Julia Kreger proposed openstack/ironic stable/rocky: Remove locks before RPC bus is started https://review.opendev.org/743811 | 18:42 |
| openstackgerrit | Julia Kreger proposed openstack/ironic stable/queens: Remove locks before RPC bus is started https://review.opendev.org/743812 | 18:45 |
| *** k_mouza has joined #openstack-ironic | 18:48 | |
| TheJulia | reviews on https://review.opendev.org/#/c/744077 are greatly appreciated | 18:49 |
| patchbot | patch 744077 - ironic-python-agent - Fix TypeError on agent lookup failure - 2 patch sets | 18:49 |
| *** dougsz has quit IRC | 19:05 | |
| *** k_mouza has quit IRC | 19:07 | |
| *** dougsz has joined #openstack-ironic | 19:20 | |
| *** dougsz has quit IRC | 19:24 | |
| iurygregory | it's official the cfp hates me XD even with 988 chars lol | 19:31 |
| larsks | How does the ironic inspector service know which network to use? https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/baremetal_overcloud.html discusses the IronicProvisioningNetwork, IronicCleaningNetwork, and IronicRescuingNetwork parameters. Does the inspector use the IronicProvisioningNetwork? | 19:32 |
| *** Zempashi has joined #openstack-ironic | 19:41 | |
| larsks | Or to ask a different question, how do you get the inspector to listen on a specific neutron network? | 19:44 |
| TheJulia | iurygregory: ugh | 20:11 |
| TheJulia | larsks: Hmmm you don't | 20:12 |
| iurygregory | TheJulia, now I went trying without my last paragraph and seems like I'm having a party on my flat | 20:12 |
| TheJulia | There IS the ability to define a specific neutron network for inspection to take place on with ironic, but I don't think that is strictly wired into triple in terms of what to populate over nor inspector magically binds to that network | 20:12 |
| TheJulia | part on your flat?!? | 20:13 |
| TheJulia | #confused | 20:13 |
| iurygregory | (the screen is blinking with pop ups of erros lol) | 20:13 |
| iurygregory | party* | 20:13 |
| TheJulia | seriously?!? | 20:13 |
| TheJulia | ugh | 20:13 |
| iurygregory | yup | 20:14 |
| iurygregory | wait a bit I will have this on twitter XD | 20:14 |
| larsks | TheJulia: ignoring tripleo for the moment: if the 'provisioning' network is a vlan tagged network, and the host doesn't have an interface directly on that network (e.g., neutron is running dhcp for that network in a network namespace), where should the inspector listen? | 20:14 |
| TheJulia | iurygregory: good, so I can post some animated gif... just need one that is something like "jimmy!?!?" | 20:16 |
| iurygregory | TheJulia, I've sent an email to him (this happend after my idea to remove my last paragraph) so I could submit | 20:17 |
| iurygregory | now I'm going to try on firefox again | 20:17 |
| iurygregory | if doesn't work, I will try on windows | 20:17 |
| iurygregory | and if windows doesn't work, there is always the cellphone lol | 20:18 |
| TheJulia | larsks: so, inspector should ideally listen someplace that can be reached. I realize this is kind of a cop-out, but it is basically the case. We generally tell people for discovery of machines to hook things up so that default network booting results in the ramdisk for discovery/inspection. In the case of managed inspection ironic can toggle the networks around to put the node on a vlan tagged network based | 20:18 |
| TheJulia | on the known configuration and an ml2 driver, but inspector still has to be accessible from that network just like ironic has to be accessible from the provisioning/cleaning/rescue networsk | 20:18 |
| *** Zempashi has quit IRC | 20:19 | |
| TheJulia | larsks: generaly this means routing and firewalling but it is also environment specific configuration | 20:19 |
| larsks | Right, but in order for ironic to manage the switch configuration, it would need to know what network to use in order to set the vlan id, etc, right? Or am I overthinking? | 20:19 |
| larsks | We can set that for provisioning, cleaning, rescuing, but I didn't see a way to set that for inspection. | 20:20 |
| iurygregory | yay firefox is happy! | 20:21 |
| TheJulia | larsks: not over thinking at all | 20:22 |
| TheJulia | larsks: so managed inspection is a relatively new thing | 20:23 |
| TheJulia | hmm | 20:23 |
| * TheJulia looks | 20:23 | |
| TheJulia | inspection_network | 20:23 |
| TheJulia | https://docs.openstack.org/ironic/latest/configuration/sample-config.html | 20:24 |
| TheJulia | before it was introduced it just expected the default vlan to be able to reach it which is still the case for machine discovery | 20:24 |
| larsks | TheJulia: is that a post-ussuri thing? | 20:25 |
| TheJulia | it is in the ussuri sample config | 20:25 |
| larsks | Okay, interesting. I wonder if tripleo knows about that? Time to go spelunking through templates. | 20:26 |
| TheJulia | Unfortunately at the moment, I just don't know | 20:26 |
| larsks | Yeah, no worries, I appreciate the pointer. | 20:27 |
| larsks | I'm trying to help tzumainn with some network configuration issues, and we're both flailing a bit right now trying to figure out the correct way to have provisioning happen on a network other than the control plane network. | 20:27 |
| iurygregory | TheJulia, submitted \o/ | 20:39 |
| TheJulia | larsks: would it help to just talk through it? | 20:39 |
| larsks | TheJulia: possibly! Let me see if I can get anywhere this evening before I take up a chunk of anybody's time. | 20:42 |
| TheJulia | larsks: ack | 20:43 |
| dking | I know this is a silly question, but I'm not using cloud-init currently, which I know would be the way to send per-server info into the server, but is there another way to add a bit of information into all servers at deploy time that's not in the deploy image? | 20:50 |
| clarkb | rpittau: we have new xenial and bionic images built and all uploaded now. focal is in progress. That should address the majority of pip issues. We discoverd a nodepool configuration issue which I'll fix when focal is done then trigger image builds for al lthe other distros to be sure they're happy too | 20:52 |
| clarkb | but I expcet your unittest type jobs will be happy now | 20:52 |
| dking | We're going to be using multiple separate but similar Bifrost instances divided into pods, where all the nodes created will use the same deploy image, but I want to somehow inject a bit of info that will let a node know which pod it is in. I could do that through cloud-init, but I just wanted to avoid that if there were a more simple solution since each server from that bifrost instance will be the same. | 20:53 |
| *** sdanni has quit IRC | 20:54 | |
| janders | good morning Ironic o/ | 20:58 |
| iurygregory | morning janders o/ | 21:03 |
| janders | Hi iurygregory | 21:04 |
| janders | preso submitted? :) | 21:04 |
| iurygregory | yup | 21:04 |
| janders | awesome! very well done | 21:04 |
| iurygregory | with some problems but submitted | 21:04 |
| janders | oh.. what happened? | 21:05 |
| janders | was the submission system causing issues? | 21:05 |
| iurygregory | well the cfp tool says 1000chars | 21:05 |
| iurygregory | but 993 or 988 it didn't accept lol | 21:05 |
| janders | :/ | 21:05 |
| clarkb | were there multibyte unicode characters in there? I wonder if it is a byte count not a char count | 21:06 |
| iurygregory | when I removed the last paragraph and hit submit I got a party | 21:06 |
| janders | maybe it needs to be exactly 987 | 21:06 |
| janders | just to add to the challenge :) | 21:06 |
| iurygregory | https://twitter.com/_Skolt_Iury_/status/1290743386090201092 | 21:06 |
| iurygregory | so I had to send an email to Jimmy and now things are good =) | 21:07 |
| janders | sorry to hear you were having hassles | 21:07 |
| janders | and good on you for not leaving it till the last minute | 21:07 |
| iurygregory | yeah | 21:07 |
| iurygregory | now fingers crossed \o/ | 21:08 |
| janders | that's right! | 21:08 |
| janders | given your hassles I better get onto submitting the panel thing first thing in the morning in case I hit some hurdles too | 21:09 |
| janders | thanks for the heads up | 21:09 |
| iurygregory | yeah =) | 21:09 |
| TheJulia | iurygregory: I responded with lightswitch rave. And if you've never heard of that let me know :) | 21:47 |
| iurygregory | TheJulia, never heard, but I would totally do that! | 21:48 |
| TheJulia | oh we must fix this | 21:48 |
| TheJulia | https://www.youtube.com/watch?v=GtQpThwWQtQ | 21:48 |
| TheJulia | https://www.youtube.com/watch?v=Az49aNuYeJs | 21:49 |
| JayF | No, the Cheat! We gave you that so you can turn the lights on, and off. NOT FOR LIGHTSWITCH RAVES! | 21:49 |
| TheJulia | JayF: <3 | 21:49 |
| JayF | None of the Homestar Runner stuff is as good without it in flash though | 21:49 |
| JayF | and all the easter eggs | 21:49 |
| iurygregory | OMG I loved! | 21:50 |
| TheJulia | Computer Over. Virus = Very yes. | 21:50 |
| * iurygregory cliks on the second link | 21:50 | |
| JayF | Unrecoverable system error?! Your files are VERY DELETED!? | 21:50 |
| iurygregory | linux or something LMAO | 21:51 |
| JayF | Other required ones to look at is whatever the one is with "Limozeen" and "Trogdor the Burninator" | 21:52 |
| iurygregory | omg I can't stop laughing now | 21:52 |
| openstackgerrit | Verification of a change to openstack/ironic-python-agent failed: Ignore devices with size 0 when collecting inventory https://review.opendev.org/741172 | 21:53 |
| JayF | if you have an old flash browser, homestarrunner.com still has their old flash site up on archive | 21:53 |
| TheJulia | https://www.youtube.com/watch?v=JwZwkk7q25I | 21:53 |
| TheJulia | That is the whole techno episode | 21:54 |
| iurygregory | omg "It's now safe to turn off your computer" <3 | 21:54 |
| iurygregory | good times /nope | 21:54 |
| iurygregory | TheJulia, thank you for all the videos <3 | 21:57 |
| TheJulia | It is my duty to provide laughs... | 21:58 |
| TheJulia | now back to the slide deck | 21:58 |
| iurygregory | good luck =) | 21:58 |
| iurygregory | good night o/ | 21:58 |
| *** Lucas_Gray has joined #openstack-ironic | 22:01 | |
| *** ociuhandu has joined #openstack-ironic | 22:15 | |
| *** ociuhandu has quit IRC | 22:20 | |
| *** mraineri has quit IRC | 22:34 | |
| *** alexmcleod has quit IRC | 22:55 | |
| *** baha has quit IRC | 22:55 | |
| *** bnemec-pto has quit IRC | 22:55 | |
| *** chihhsin_ has quit IRC | 22:55 | |
| *** dansmith has quit IRC | 22:55 | |
| *** whizzz has quit IRC | 22:55 | |
| *** tkajinam has joined #openstack-ironic | 22:55 | |
| *** alexmcleod has joined #openstack-ironic | 22:57 | |
| *** baha has joined #openstack-ironic | 22:57 | |
| *** bnemec-pto has joined #openstack-ironic | 22:57 | |
| *** chihhsin_ has joined #openstack-ironic | 22:57 | |
| *** dansmith has joined #openstack-ironic | 22:57 | |
| *** whizzz has joined #openstack-ironic | 22:57 | |
| *** bdodd has quit IRC | 22:59 | |
| *** bdodd has joined #openstack-ironic | 23:01 | |
| *** diurnalist has quit IRC | 23:06 | |
| *** Lucas_Gray has quit IRC | 23:10 | |
| *** Lucas_Gray has joined #openstack-ironic | 23:14 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!