janders | dtantsur|afk I'm happy to give https://storyboard.openstack.org/#!/story/2008038 a try | 00:19 |
---|---|---|
janders | (just reading through) | 00:19 |
janders | Just so I understand this correctly - what is the relative priority of FIPS work vs MAC-fetch work? I will allocate time accordingly. | 00:20 |
janders | meanwhile I will do some prep work for both | 00:20 |
*** ijw has joined #openstack-ironic | 00:35 | |
*** ijw_ has quit IRC | 00:39 | |
*** yolanda has quit IRC | 00:55 | |
*** xinliang has joined #openstack-ironic | 00:58 | |
*** yolanda has joined #openstack-ironic | 01:00 | |
*** rcernin has quit IRC | 01:19 | |
*** rcernin has joined #openstack-ironic | 01:28 | |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Update the cache if we don't have a root device hint https://review.opendev.org/747072 | 01:50 |
TheJulia | bfournie: there you go^ | 01:50 |
TheJulia | janders: I suspect if there is remaining fips items, they take priority | 01:51 |
*** gyee has quit IRC | 02:03 | |
janders | TheJulia ACK | 02:05 |
*** rcernin has quit IRC | 02:28 | |
*** ijw has quit IRC | 02:29 | |
*** rcernin has joined #openstack-ironic | 02:29 | |
*** ijw has joined #openstack-ironic | 02:43 | |
*** ijw has quit IRC | 02:48 | |
*** ijw has joined #openstack-ironic | 03:14 | |
*** ijw has quit IRC | 03:19 | |
*** mkrai has joined #openstack-ironic | 03:20 | |
*** rcernin has quit IRC | 03:24 | |
*** Qianbiao has joined #openstack-ironic | 03:26 | |
*** mkrai has quit IRC | 03:41 | |
*** mkrai has joined #openstack-ironic | 03:44 | |
*** rcernin has joined #openstack-ironic | 03:47 | |
*** mkrai has quit IRC | 04:08 | |
*** mkrai_ has joined #openstack-ironic | 04:08 | |
*** xinliang has quit IRC | 04:40 | |
*** ociuhandu has joined #openstack-ironic | 05:09 | |
*** ociuhandu has quit IRC | 05:14 | |
*** Qianbiao has quit IRC | 05:53 | |
*** sri_ has quit IRC | 05:56 | |
*** tzumainn has quit IRC | 05:57 | |
*** sri_ has joined #openstack-ironic | 05:57 | |
*** JamesBenson has quit IRC | 06:05 | |
*** JamesBenson has joined #openstack-ironic | 06:09 | |
openstackgerrit | Kaifeng Wang proposed openstack/ironic-inspector master: Identify accelerator devices during introspection https://review.opendev.org/745289 | 06:09 |
*** JamesBenson has quit IRC | 06:14 | |
*** hjensas has joined #openstack-ironic | 06:17 | |
*** xinliang has joined #openstack-ironic | 06:24 | |
*** Qianbiao has joined #openstack-ironic | 06:34 | |
*** mkrai_ has quit IRC | 06:40 | |
*** mkrai_ has joined #openstack-ironic | 06:40 | |
*** JamesBenson has joined #openstack-ironic | 06:49 | |
*** penick has joined #openstack-ironic | 06:50 | |
*** jtomasek has joined #openstack-ironic | 06:52 | |
*** penick has quit IRC | 06:55 | |
*** JamesBenson has quit IRC | 07:08 | |
*** mkrai_ has quit IRC | 07:10 | |
*** Qianbiao has quit IRC | 07:12 | |
*** ociuhandu has joined #openstack-ironic | 07:15 | |
*** belmoreira has joined #openstack-ironic | 07:18 | |
rpittau | good morning ironic! o/ | 07:20 |
*** mkrai_ has joined #openstack-ironic | 07:32 | |
*** dougsz has joined #openstack-ironic | 07:34 | |
*** dtantsur|afk is now known as dtantsur | 07:34 | |
dtantsur | morning ironic | 07:35 |
dtantsur | janders: what TheJulia said. thank you! | 07:35 |
janders | good morning rpittau dtantsur | 07:35 |
rpittau | hey janders dtantsur :) | 07:35 |
janders | dtantsur noted, thank you | 07:35 |
*** johnsom has quit IRC | 07:41 | |
*** gregwork has quit IRC | 07:42 | |
*** buhman has quit IRC | 07:42 | |
*** buhman has joined #openstack-ironic | 07:44 | |
*** vdrok has quit IRC | 07:44 | |
*** vdrok has joined #openstack-ironic | 07:46 | |
*** rpittau has quit IRC | 07:47 | |
*** buhman has quit IRC | 07:50 | |
*** vmud213 has joined #openstack-ironic | 07:54 | |
*** buhman has joined #openstack-ironic | 07:54 | |
*** gregwork has joined #openstack-ironic | 07:55 | |
janders | heading our for a walk, back soon | 07:55 |
*** rpittau has joined #openstack-ironic | 07:56 | |
*** johnsom has joined #openstack-ironic | 07:57 | |
*** rcernin has quit IRC | 07:58 | |
*** vmud213 has quit IRC | 07:58 | |
iurygregory | good morning everyone | 08:00 |
*** ociuhandu has quit IRC | 08:02 | |
*** Qianbiao has joined #openstack-ironic | 08:10 | |
rpittau | hey iurygregory :) | 08:11 |
*** vmud213 has joined #openstack-ironic | 08:12 | |
*** lucasagomes has joined #openstack-ironic | 08:13 | |
iurygregory | o/ | 08:14 |
*** vmud213 has quit IRC | 08:17 | |
*** mkrai_ has quit IRC | 08:17 | |
*** vmud213 has joined #openstack-ironic | 08:18 | |
*** mkrai_ has joined #openstack-ironic | 08:20 | |
iurygregory | dtantsur, release team didn't like ussuri release | 08:27 |
iurygregory | I'm wondering if it's ok to do 15.1 (but we have 15.1 in Victoria...) | 08:28 |
*** vmud213 has quit IRC | 08:28 | |
*** sri_ has quit IRC | 08:30 | |
*** sri_ has joined #openstack-ironic | 08:30 | |
*** vdrok has quit IRC | 08:30 | |
*** vdrok has joined #openstack-ironic | 08:30 | |
*** buhman has quit IRC | 08:30 | |
*** buhman has joined #openstack-ironic | 08:30 | |
*** gregwork has quit IRC | 08:30 | |
*** gregwork has joined #openstack-ironic | 08:30 | |
*** rpittau has quit IRC | 08:30 | |
*** rpittau has joined #openstack-ironic | 08:30 | |
*** johnsom has quit IRC | 08:30 | |
*** johnsom has joined #openstack-ironic | 08:30 | |
dtantsur | iurygregory: I don't think we should, why is that? | 08:31 |
iurygregory | https://review.opendev.org/#/c/746926/1 | 08:32 |
patchbot | patch 746926 - releases - Release ironic 15.0.1 for Ussuri - 1 patch set | 08:32 |
iurygregory | see Thierry comment | 08:32 |
rpittau | we have a new feature in the reloease note | 08:33 |
dtantsur | iurygregory: well, Thierry is wrong | 08:33 |
* dtantsur wants to opt out of stable policies in the moments like that | 08:34 | |
iurygregory | hehe | 08:34 |
rpittau | ok that was actually an extension of an already present feature | 08:35 |
*** ociuhandu has joined #openstack-ironic | 08:36 | |
Qianbiao | Hello ironic. | 08:37 |
rpittau | hey Qianbiao :) | 08:37 |
Qianbiao | hi folks, :) | 08:37 |
Qianbiao | long time no see. | 08:37 |
iurygregory | hello Qianbiao | 08:38 |
Qianbiao | hey rpittau iurygregory dtantsur | 08:38 |
dtantsur | o/ | 08:38 |
*** ociuhandu has quit IRC | 08:41 | |
Qianbiao | Our customer has a new requirement, need experience from ironic team. Basicly, what i get is they want to provision bm which has no disk (not swift AFAIK). | 08:42 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic master: [WIP] Replace retrying with tenacity https://review.opendev.org/376574 | 08:42 |
Qianbiao | Is it possible to do this with ironic? | 08:42 |
Qianbiao | os in memory? | 08:42 |
dtantsur | Qianbiao: https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#ramdisk-deploy ? | 08:43 |
Qianbiao | thanks dtantsur, reading. | 08:43 |
*** priteau has joined #openstack-ironic | 08:50 | |
*** k_mouza has joined #openstack-ironic | 08:51 | |
Qianbiao | dtantsu Can I use neutron as network provider for this ramdisk deploy? And as i know the ramdisk is very small, will this limit the to deploy OS image size? | 08:52 |
Qianbiao | * dtantsur | 08:53 |
*** mkrai_ has quit IRC | 08:53 | |
*** mkrai_ has joined #openstack-ironic | 08:54 | |
iurygregory | you can use neutron as network provider it shouldn't be a problem | 08:54 |
dtantsur | Qianbiao: you should be able to use neutron as network provided, but note that PXE booting will happen on the tenant network | 08:54 |
dtantsur | so you'll have to expose the PXE infrastructure to it | 08:55 |
dtantsur | which may be a security concern | 08:55 |
* dtantsur has dropped a bomb on the ML in the meantime :) | 08:55 | |
Qianbiao | <dtantsur> thanks, big help | 08:56 |
dtantsur | Qianbiao: as to the ramdisk size, its only limited by your RAM and network throughput. | 08:56 |
dtantsur | it may be wise to have only basics on the ramdisk and download other components on demand | 08:56 |
Qianbiao | got, Ironic team always surprise me, problems always solved soon. | 08:57 |
Qianbiao | :) | 08:58 |
* iurygregory liked the bomb | 08:58 | |
dtantsur | Qianbiao: we're glad to hear :) | 08:59 |
Qianbiao | :) | 09:01 |
*** Qianbiao is now known as Qianbiao|afk | 09:01 | |
*** brtknr has joined #openstack-ironic | 09:06 | |
brtknr | hey all, does python-dracclient expose hardware error logs that is viewable on idrac interface? | 09:07 |
dtantsur | ajya, rpioso ^^^ | 09:12 |
brtknr | i want to grab the system event logs via the client | 09:13 |
brtknr | from what I can tell, this is not currently available | 09:13 |
*** ociuhandu has joined #openstack-ironic | 09:17 | |
ajya | brtknr: currently there is no method for that, can try to check if "raw" WSMAN request can be constructed to get the logs | 09:20 |
*** ociuhandu has quit IRC | 09:22 | |
*** Lucas_Gray has joined #openstack-ironic | 09:35 | |
*** ociuhandu has joined #openstack-ironic | 09:47 | |
*** k_mouza has quit IRC | 09:48 | |
dtantsur | could anyone understanding TLS at least bit (i.e. better than me) provide feedback on https://storyboard.openstack.org/#!/story/2007214 please? | 09:50 |
*** mkrai_ has quit IRC | 09:54 | |
*** mkrai has joined #openstack-ironic | 09:55 | |
openstackgerrit | Kaifeng Wang proposed openstack/ironic-specs master: Snapshot support https://review.opendev.org/746935 | 09:56 |
*** mkrai has quit IRC | 10:11 | |
rpittau | dtantsur: not sure I know more about TLS than you, but I'll have time after lunch and meeting to check that :) | 10:12 |
*** k_mouza has joined #openstack-ironic | 10:12 | |
dtantsur | thx! | 10:13 |
*** JamesBenson has joined #openstack-ironic | 10:14 | |
*** JamesBenson has quit IRC | 10:19 | |
*** xinliang has quit IRC | 10:20 | |
*** vmud213 has joined #openstack-ironic | 10:25 | |
*** mkrai has joined #openstack-ironic | 10:25 | |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: [WIP] Accept and use a TLS certificate from the agent https://review.opendev.org/747136 | 10:27 |
openstackgerrit | Merged openstack/sushy master: Add a CI job with UEFI+vmedia and clean up the job definitions https://review.opendev.org/746962 | 10:30 |
vmud213 | Hello Ironic! | 10:33 |
iurygregory | hello vmud213 | 10:54 |
iurygregory | did you have any luck using dhcp-less? | 10:55 |
vmud213 | Hey iurygregory ! | 10:55 |
vmud213 | yes.Ido | 10:55 |
vmud213 | ther's an issue in the ironic, minor though | 10:55 |
vmud213 | i think u'r asking about the Glean stuff? | 10:55 |
iurygregory | yeah | 10:55 |
iurygregory | feel free to report the issue on storyboard | 10:56 |
iurygregory | so we can work on it o/ | 10:56 |
vmud213 | yes. the path to the network data file is wrong | 10:56 |
vmud213 | moreover the networkManager on the deploy OS also need to be reloaded | 10:57 |
vmud213 | Sure. I will | 10:57 |
iurygregory | tks! | 10:57 |
jroll | morning | 10:59 |
jroll | >RFC: deprecate the iSCSI deploy interface? | 10:59 |
jroll | dtantsur is making my dreams come true after 6 years | 10:59 |
dtantsur | morning jroll :) | 10:59 |
jroll | :) | 10:59 |
dtantsur | jroll: feel free to respond re iscsi, it's a bit quiet now :) | 11:06 |
jroll | dtantsur: I like the idea, but I'm not informed enough to say if the plan is good or not, sorry | 11:06 |
vmud213 | iurygregory: Created a story here https://storyboard.openstack.org/#!/story/2008042 | 11:11 |
vmud213 | will upload a patchset soon to fix this | 11:11 |
*** Lucas_Gray has quit IRC | 11:12 | |
vmud213 | dtantsur: Mind taking a look into this patch when u get time https://review.opendev.org/#/c/742936/ | 11:18 |
patchbot | patch 742936 - ironic - Allow HttpImageService to accept custom certificate - 5 patch sets | 11:18 |
dtantsur | will try to | 11:18 |
vmud213 | You reviewed it once. | 11:18 |
dtantsur | vmud213: did you have a chance to check stendulker's comments? | 11:19 |
vmud213 | yes. | 11:19 |
vmud213 | But i have one point to discuss | 11:20 |
vmud213 | so inviting more opinions on that | 11:20 |
vmud213 | basically, what i am trying to do is to use the certificates provided in the configuration and if it fails try one more time with standard certificate bundle. | 11:21 |
vmud213 | stendulkar's comment is to ignore calling the second time | 11:22 |
vmud213 | But IMO, the deploy and user images may be using different certificates. | 11:23 |
vmud213 | some using custom certificates and some using standard root CAs | 11:24 |
dtantsur | not sure, maybe we should use an explicit configuration? like deploy_verify_ca/instance_verify_ca? | 11:25 |
dtantsur | what if they use different custom certificates? | 11:25 |
*** Lucas_Gray has joined #openstack-ironic | 11:27 | |
openstackgerrit | Merged openstack/ironic master: Remove qemu-img rootwrap filter https://review.opendev.org/746731 | 11:28 |
openstackgerrit | vinay kumar muddu proposed openstack/ironic master: Fix network_data path for dhcpless deployments https://review.opendev.org/747144 | 11:40 |
vmud213 | dtantsur: They can all be kept in a single file | 11:41 |
vmud213 | Actually i was considering the option as u suggested until stendulker suggested to have a configuration option. | 11:44 |
vmud213 | I liked his idea as it would make things simple.So i implemented that way. | 11:44 |
vmud213 | The user has the option to either refer to the root CA's from standard path or has the option to configure custom certificate. | 11:46 |
vmud213 | If the custom certification validation fails then tries the standard path. | 11:46 |
*** belmoreira has quit IRC | 11:49 | |
*** k_mouza has quit IRC | 11:56 | |
*** belmoreira has joined #openstack-ironic | 12:05 | |
*** belmoreira has quit IRC | 12:08 | |
dtantsur | TheJulia, filed an RFE for the obvious missing bit in deploy steps: https://storyboard.openstack.org/#!/story/2008043 | 12:09 |
dtantsur | I won't have time for that in the near future, but maybe someone does.. | 12:09 |
*** k_mouza has joined #openstack-ironic | 12:12 | |
janders | see you tomorrow Ironic o/ | 12:15 |
*** JamesBenson has joined #openstack-ironic | 12:15 | |
rpittau | bye janders | 12:15 |
*** JamesBenson has quit IRC | 12:20 | |
*** k_mouza has quit IRC | 12:24 | |
*** JamesBenson has joined #openstack-ironic | 12:25 | |
vmud213 | TheJulia: Hi | 12:28 |
vmud213 | Mind having a look at this patch https://review.opendev.org/#/c/739174/ | 12:28 |
patchbot | patch 739174 - ironic - Decouple the ISO creation logic from redfish - 7 patch sets | 12:28 |
vmud213 | if you get time | 12:28 |
ajya | dtantsur: in relation to deploy steps, currently the docs read like if I create a flavor, baremetal resource, deploy template, tie them together and then add deploy template name as trait, then it should pick it up during deploy process. | 12:36 |
ajya | But it does not work for me. Am I missing something? Using devstack. What works is adding deploy template as trait and in instance info, then it works, don't use flavors at all. | 12:36 |
dtantsur | ajya: how do you populate flavors? | 12:39 |
dtantsur | nova is responsible for populating instance_info, including adding traits there | 12:42 |
ajya | dtantsur: devstack creates a baremetal flavor and I added trait manually | 12:42 |
dtantsur | ajya: how exactly? | 12:42 |
ajya | you mean the flavor or adding trait? | 12:43 |
ajya | if that's supposed to work, I can take another look, maybe something wrong with my setup, but for now I only add traits directly to node as it's too many steps to overwrite deploy step priorities:) `deploy_steps` addition will be useful | 12:45 |
dtantsur | I mean, how did you add the trait to the flavor? | 12:53 |
*** uzumaki has joined #openstack-ironic | 12:56 | |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic master: [WIP] Accept and use a TLS certificate from the agent https://review.opendev.org/747136 | 12:56 |
ajya | dtantsur: following this https://docs.openstack.org/ironic/latest/install/configure-nova-flavors.html, e.g., ` openstack flavor set --property trait:CUSTOM_TRAIT1=required my-baremetal-flavor` | 13:00 |
ajya | or same given in https://docs.openstack.org/ironic/latest/admin/node-deployment.html#example-of-use-with-the-compute-service | 13:03 |
*** ociuhandu has quit IRC | 13:06 | |
openstackgerrit | Riccardo Pittau proposed openstack/ironic master: [WIP] Replace retrying with tenacity https://review.opendev.org/376574 | 13:13 |
*** Goneri has joined #openstack-ironic | 13:13 | |
openstackgerrit | Riccardo Pittau proposed openstack/ironic master: Replace retrying with tenacity https://review.opendev.org/376574 | 13:14 |
*** Qianbiao|afk has quit IRC | 13:16 | |
guilhermesp | mornings! quick question: does inspector works with nodes using ipmi drivers? | 13:20 |
guilhermesp | https://www.irccloud.com/pastebin/lmqpxltv/ | 13:20 |
guilhermesp | what i have defined in my ironic.conf | 13:21 |
guilhermesp | https://www.irccloud.com/pastebin/ZVOlrioC/ | 13:21 |
*** ociuhandu has joined #openstack-ironic | 13:21 | |
*** ociuhandu has quit IRC | 13:25 | |
openstackgerrit | Aija Jaunteva proposed openstack/ironic-specs master: System configuration within whole clean or deploy step https://review.opendev.org/740721 | 13:26 |
TheJulia | good morning | 13:35 |
dtantsur | morning TheJulia | 13:36 |
dtantsur | guilhermesp: you need to add inspector to enabled_inspect_interfaces | 13:37 |
dtantsur | and maybe tell the nodes to use it explicitly | 13:37 |
*** Lucas_Gray has quit IRC | 13:37 | |
dtantsur | or set default_inspect_interface | 13:38 |
*** Wryhder has joined #openstack-ironic | 13:38 | |
TheJulia | guilhermesp: it should, looks like your missing a setting conveying the introspection network. Take a look for inspection_network in at https://docs.openstack.org/ironic/latest/configuration/sample-config.html | 13:38 |
TheJulia | dtantsur: email w/r/t depreating iscsi deploy interface. I'm feeling deja vu | 13:38 |
TheJulia | :) | 13:38 |
dtantsur | maybe? :) it has definitely come up already, but we didn't have swift-less operation back then | 13:38 |
*** Wryhder is now known as Lucas_Gray | 13:39 | |
*** k_mouza has joined #openstack-ironic | 13:39 | |
TheJulia | yeah | 13:40 |
TheJulia | well, for nova driven correct | 13:40 |
guilhermesp | huuum thanks TheJulia and dtantsur ! yeah when i enabled debug yesterday and saw the first error regarding missing introspection_network i was confused, coz in ironic.conf it is defined under [neutron] session, such as | 13:40 |
guilhermesp | https://www.irccloud.com/pastebin/uZC51csa/ | 13:40 |
dtantsur | yeah, it's for neutron | 13:41 |
guilhermesp | but i guess is not inspector | 13:41 |
TheJulia | its not inspector network, it is introspection | 13:41 |
dtantsur | well, a neutron network to use for introspection | 13:41 |
dtantsur | it's not strictly required though, your problem comes from your node using the 'no-inspect' implementation instead of 'inspector', I'd assume | 13:41 |
guilhermesp | well yeah | 13:41 |
guilhermesp | inspection, not inspector lol | 13:41 |
*** tzumainn has joined #openstack-ironic | 13:42 | |
TheJulia | I really need to spend time on code reviews today | 13:42 |
guilhermesp | yeah let me fix that first | 13:42 |
guilhermesp | thanks TheJulia and dtantsur yeah shame on me | 13:48 |
guilhermesp | typo on inspection_network | 13:48 |
guilhermesp | it is working now :P | 13:48 |
TheJulia | yay the bugfix I uploaded last night randomly fails on py38 in unit tests :( | 13:50 |
TheJulia | guilhermesp: \o/ | 13:50 |
TheJulia | There is no shame though! glad you got it working | 13:51 |
guilhermesp | o/ o/ i think was part of my excitement to be back working with ironic, it's been a long time i dont do ironic deployments :P | 13:51 |
*** k_mouza has quit IRC | 13:54 | |
*** Qianbiao|afk has joined #openstack-ironic | 13:54 | |
*** rloo has joined #openstack-ironic | 13:54 | |
rpittau | dtantsur: re: TLS https://storyboard.openstack.org/#!/story/2007214 it all does make sense and seems reasonable, wondering if specs are needed | 13:55 |
dtantsur | dunno, doesn't look too complex to me, but I'm the author :) | 13:56 |
rpittau | :) | 13:57 |
*** k_mouza has joined #openstack-ironic | 14:00 | |
*** belmoreira has joined #openstack-ironic | 14:06 | |
*** belmoreira has quit IRC | 14:07 | |
*** ociuhandu has joined #openstack-ironic | 14:12 | |
*** penick has joined #openstack-ironic | 14:12 | |
rpittau | dtantsur: the specs doubt was just if we want/need to discuss on more details, I think it's good to start with the implementation, discussion can happen on patches as well | 14:13 |
*** Wryhder has joined #openstack-ironic | 14:22 | |
*** Lucas_Gray has quit IRC | 14:23 | |
*** cdearborn has joined #openstack-ironic | 14:23 | |
*** Wryhder is now known as Lucas_Gray | 14:23 | |
JayF | dtantsur: a warning: hooking up SSL with oslo.service in IPA will be broken | 14:27 |
dtantsur | oh | 14:27 |
dtantsur | why so? | 14:27 |
JayF | dtantsur: I am writing a very similar patch to https://storyboard.openstack.org/#!/story/2007214 downstream right now | 14:27 |
JayF | dtantsur: without https://review.opendev.org/#/c/746774/ -- when IPA starts up with TLS enabled, using oslo.service, requests hang | 14:28 |
patchbot | patch 746774 - ironic-python-agent - Eventlet should be monkey patched as early as poss... - 2 patch sets | 14:28 |
JayF | dtantsur: I'm fairly sure it's because oslo.service is creating an unpatched socket before eventlet monkey patching is run | 14:28 |
dtantsur | thank you, oslo.service, thank you, eventlet | 14:28 |
dtantsur | yep, sounds plausible | 14:28 |
JayF | dtantsur: I was planning on upstreaming support for listen_ssl = (bool) and cert/key/ca (for client cert verification) | 14:28 |
JayF | dtantsur: would that be usable for store 2007214? Or should we sync up on that? | 14:29 |
JayF | dtantsur: yeah, so just warning you, but I'm already looking at it as you can tell | 14:29 |
JayF | very happy to get help on getting to the bottom of tempest failures on that PR though :( | 14:30 |
dtantsur | JayF: ideally, we should sync so that we don't end up with incompatible proposals | 14:30 |
JayF | dtantsur: absolutely. For my use case, I'm setting up IPA to use a cert/key embedded in the ramdisk -- although in practice, for me, that's going to be self-signed, so that's not a strong requirement | 14:31 |
dtantsur | JayF: is there anything you would modify in my proposal to cover your case? | 14:32 |
JayF | dtantsur: I can't tell for sure, but it sounds like there's an assumption that all agents would be running unique certs, and that Ironic would be using different certs to connect? | 14:32 |
JayF | dtantsur: for my case, I want to tell conductor "always use this cert/key for TLS to agents" | 14:32 |
JayF | dtantsur: and in agent, tell it "listen for TLS, use this cert/key, and validate client certificates against this CA" | 14:33 |
*** akahat is now known as akahat|rover | 14:33 | |
dtantsur | JayF: it seems covered by "To support agent builds that handle the TLS certificates some other way, IPA will look for files called /etc/ironic-python-agent/agent.crt and /etc/ironic-python-agent/agent.key. If they are present, they will be automatically used for TLS and the crt part will be sent to ironic." | 14:33 |
JayF | the IPA stuff is simple -- just needs that eventlet bug fixed, and an option added to IPA to flip on the use_ssl call to oslo_service.wsgi | 14:33 |
dtantsur | and the ironic side will be covered by the recently added driver_info[agent_verify_ca] | 14:33 |
JayF | aiui agent_verify_ca is about Ironic API validating the agent's identity | 14:34 |
JayF | I'm talking about the other direction: agents verifying that ironic is presenting a valid client certificate | 14:34 |
JayF | and honestly, it'd be a little spooky for me to configure that security via kernel command line or API return from ironic -- it's the sort of thing I'd want embedded in the image | 14:34 |
dtantsur | Failed to connect to the agent running on node e2f11e94-1835-4d15-933d-5a2e908da34f for invoking command clean.get_clean_steps. Error: HTTPConnectionPool(host='10.1.0.48', port=9999): Read timed out. | 14:35 |
dtantsur | JayF: I'm looking at the agent code, and it seems that IPA->ironic direction is actually already done | 14:36 |
dtantsur | JayF: https://opendev.org/openstack/ironic-python-agent/src/branch/master/ironic_python_agent/config.py#L203-L220 | 14:36 |
JayF | That's not possible; without TLS support in agent you can't have ironic provide a client certificate to ipa | 14:36 |
JayF | yeah, you're still talking the other direction | 14:37 |
dtantsur | "agents verifying ironic", no? | 14:37 |
dtantsur | I think these options are used for any HTTP requests in IPA | 14:37 |
JayF | Ironic Conductor -[presents client certificate] https://[agent]/v1/commands?do-cleaning-stuff -[validates client certficiate against ca]-> IPA | 14:37 |
JayF | To prevent a malicious actor with access to the nodes that are running agents from sending rogue commands | 14:38 |
dtantsur | ah, client certificates. right. I think in master agent tokens play the same role | 14:38 |
JayF | Yes-ish, although in my environment, we have a strong certificate infrastructure | 14:39 |
JayF | so we'd likely want this even if we were running an Ironic with support for agent_token | 14:39 |
JayF | (I'm working on this with IPA Ussuri, Ironic Ocata) | 14:39 |
*** penick has quit IRC | 14:39 | |
dtantsur | lemme think a bit and ping you again in a few minutes | 14:40 |
JayF | how about I get you some example code | 14:40 |
JayF | assuming I can fix the eventlet stuff | 14:40 |
dtantsur | ++++ | 14:40 |
JayF | oslo.service has *all* of this, we literally just need to flip a bool when we're calling out to oslo_service.wsgi | 14:40 |
JayF | use_ssl=False -> use_ssl=True, then oslo_service configuration handles literally everything else | 14:40 |
JayF | This is also how I discovered we are no longer honoring listen_host / listen_port | 14:41 |
* JayF a little hamstrung by not knowing the way around the new zuul ui / storyboard | 14:42 | |
JayF | https://storyboard.openstack.org/#!/story/2008016 -> IPA doesn't respect listen_host/port since oslo_service migration | 14:43 |
dtantsur | JayF: I've updated https://storyboard.openstack.org/#!/story/2007214 to hopefully add what you want | 14:47 |
JayF | I'll look after I finish with this draft patch. Literally <5 minutes. | 14:48 |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: If listen_host is true, enable TLS on wsgi server https://review.opendev.org/747193 | 14:50 |
JayF | dtantsur: ^ | 14:50 |
JayF | with the caveat that it's broken by some kind of eventlet-shenanigans, that's essentially the code I'm planning to run downstream and was going to push up. I had no idea there was something else going on to enable IPA TLS \o/ | 14:51 |
dtantsur | JayF: the commit summary seems wrong, but the patch looks good (and is compatible with what I'm proposing) | 14:51 |
JayF | and I've tested it working (with that draft eventlet patch), and it validates client certs | 14:51 |
JayF | I was pretty thrilled with how easy it was to plumb up the oslo.service work to ipa... until eventlet struck [dramatic music] | 14:51 |
dtantsur | JayF: a random guess: are you should about select=False when monkey patching? in ironic we do os=False instead. | 14:52 |
JayF | dtantsur: if select=True, select.poll for heartbeat explodes because eventlet-patched select doesn't have a `poll` method for somewhat-obvious reasons | 14:53 |
JayF | dtantsur: I suspect adding `os=False` will be my next change to try and get tempest happy | 14:53 |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Update the cache if we don't have a root device hint https://review.opendev.org/747072 | 14:53 |
dtantsur | I wonder if we can replace select.poll | 14:53 |
JayF | longer-term, I'd like to make heartbeats not use select.poll, as I strongly suspect it's a cause for some of the high IPA cpu issues that have been reported | 14:53 |
JayF | but I'm trying to get one thing done at a time. Making eventlet not blow up for TLS is a big enough bite of the pie for me right now :D | 14:54 |
dtantsur | if we leave select.poll unpatched, it means that the heartbeater thread freezes everything for seconds all the time | 14:55 |
dtantsur | no wonder API times out | 14:56 |
*** penick has joined #openstack-ironic | 14:56 | |
TheJulia | bfournie: above is the updated patch for the bug, it behaves far better now :) | 14:56 |
dtantsur | I'm afraid we have to replace it if we cannot monkey patch it | 14:56 |
JayF | Well, I'm a little confused why you wouldn't be seeing that behavior already | 14:57 |
JayF | eventlet *is monkey_patching* IPA, just via a library | 14:57 |
JayF | so it happens late | 14:57 |
dtantsur | I wonder if we do monkey patching at all now... | 14:57 |
JayF | maybe so late that it impacts *nothing* in the heartbeat thread, perhaps, but it's happening | 14:57 |
dtantsur | (my bad, really) | 14:57 |
JayF | yep. both oslo.service and oslo.concurrancy call to monkey_patch | 14:57 |
dtantsur | anyway, the eventlet bug recommend us to use https://docs.python.org/3/library/selectors.html | 14:57 |
bfournie | TheJulia: awesome, thanks | 14:57 |
JayF | so our code is getting it, just very late down the path | 14:57 |
dtantsur | I can give it a try, unless you want to | 14:57 |
JayF | dtantsur: you think that's just a drop-in replacement? | 14:58 |
JayF | dtantsur: I'm happy to try, I just don't have a devstack setup so got a little bit of long testing cycles | 14:58 |
dtantsur | JayF: it's supposed to be more high level and to automatically pick whatever is available | 14:58 |
JayF | but API-compatible | 14:58 |
dtantsur | so if poll is removed, it will use select | 14:58 |
JayF | if so... that's potentially a trivial fix | 14:58 |
JayF | and will be a big win all the way around | 14:58 |
JayF | dtantsur: you going to give it a shot today? or some other time? | 14:59 |
JayF | dtantsur: if not immediately, perhaps a hybrid approach: I'll take a shot at it today, then if you wanna look at it more normal-hours for you "tomorrow" and polish up if needed, that'd be excellent | 14:59 |
dtantsur | works for me | 14:59 |
JayF | I absolutely am thrilled to have more than just me poking at this stuff, it's a little scary TBH | 15:00 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic-python-agent-builder master: Fix finalise tinyipa https://review.opendev.org/747198 | 15:00 |
JayF | I spent literally a dozen+ hours tracking down that eventlet was causing the ssl hangs, and then more hours that I could monkey_patch early to fix it (and break lots of other shit) | 15:00 |
dtantsur | right :) me too | 15:00 |
JayF | sweet, thanks for this chat, I needed the jolt of bravery to go tackle the heartbeater :D | 15:01 |
dtantsur | :D | 15:01 |
dtantsur | btw I think you can ignore https://opendev.org/openstack/ironic-python-agent/src/branch/master/ironic_python_agent/inspect.py and only bother with agent itself | 15:02 |
dtantsur | JayF: I hope the fact that the 'selectors' module is Python 3 only is not a blocker for you | 15:03 |
JayF | I was ignoring it, entirely by accident :D | 15:04 |
dtantsur | heh | 15:04 |
JayF | dtantsur: we're running IPA Ussuri, inside CentOS 8, using very minimal downstream patches and upstream IPA-builder | 15:04 |
dtantsur | great | 15:04 |
JayF | dtantsur: and the goal will be to keep IPA as close to upstream as possible | 15:04 |
dtantsur | ++ | 15:05 |
JayF | IPA-builder is pretty great. I'm calling out to dib directly, and just using the elements, but it's been super easy to use. | 15:05 |
rpittau | about that, please review -> https://review.opendev.org/747198 :P | 15:05 |
patchbot | patch 747198 - ironic-python-agent-builder - Fix finalise tinyipa - 1 patch set | 15:05 |
JayF | dtantsur: in fact... if you think it's worthwhile, I could upstream the dib-element that generates cert/key and enables ssl in the config file | 15:05 |
dtantsur | JayF: why not, sounds useful to me | 15:09 |
dtantsur | I'm thinking of having more optional elements in ipa-builder | 15:09 |
JayF | so then a prereq question | 15:10 |
JayF | our docs say right now that /etc/ironic_python_agent/ironic_python_agent.conf works as a config file location by default | 15:10 |
JayF | spoiler alert: the docs lie | 15:10 |
dtantsur | I suspect you need dashes | 15:11 |
JayF | So part of this has to be making some sense out of having IPA-builder add a config file, and spit out reasonable values for them when an element needs them | 15:11 |
JayF | I tried with dashes, underscores, under the venv (/opt/i-p-a/etc/blah) | 15:11 |
JayF | nothing worked until I modified the systemd unit to pass `--config-file [blah]` | 15:12 |
dtantsur | mmmm, damn, I need to remember how oslo.config does it | 15:12 |
JayF | but that's not bad -- we can ship an empty config in ipa-builder and pass --config-file [blah] | 15:12 |
JayF | but I'm thinking it's not super sustainable, for instnace, if I upload a dib element that adds tls support and overwrites the whole config | 15:12 |
dtantsur | yep. then I'll have to figure out how to do the same for RDO (but that's my problems) | 15:12 |
dtantsur | oslo.config has something like --config-dir | 15:13 |
JayF | oh, of vourse | 15:13 |
dtantsur | which is similar to /etc/stuff.d in unixes | 15:13 |
JayF | +++ | 15:13 |
JayF | okay, so I have gotta stop talking and start coding if I want a chance of even half of this getting done o/ | 15:15 |
dtantsur | but damn, oslo.config is supposed to have some default | 15:15 |
dtantsur | I was pretty sure it somehow picks /etc/ironic/ironic.conf | 15:16 |
JayF | My hunch is maybe that behavior changed? Something disables it in a venv? | 15:16 |
*** mkrai has quit IRC | 15:16 | |
JayF | Always possible I was screwing something up too... but I think I tried every combo | 15:16 |
dtantsur | shouldn't.. but who knows | 15:16 |
JayF | But either way, sounds like using .d/ in the ipa-builder is the way to go | 15:17 |
JayF | which is going to fix all my issues in practice | 15:17 |
dtantsur | JayF: it really has to https://opendev.org/openstack/oslo.config/src/branch/master/oslo_config/cfg.py#L281-L339 | 15:19 |
dtantsur | "the program name, defaulting to the basename of | 15:20 |
dtantsur | sys.argv[0], without extension .py | 15:20 |
dtantsur | should support /etc/ironic-python-agent... | 15:20 |
dtantsur | anyway, tea time | 15:20 |
rpittau | friendly reminder: Vote for the Ironic Virtual Meetup! https://doodle.com/poll/pi4x3kuxamf4nnpu | 15:27 |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Clarify connection error on heartbeats https://review.opendev.org/747210 | 15:28 |
TheJulia | speaking of heartbeats^ | 15:29 |
TheJulia | Since apparently the error is a red herring :\ | 15:29 |
iurygregory | =( | 15:30 |
TheJulia | well, really it is people not reading to the end | 15:30 |
dtantsur | heh, why would they | 15:35 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic-python-agent-builder master: Pin pip version to install in tinyipa images https://review.opendev.org/747218 | 15:36 |
openstackgerrit | Iury Gregory Melo Ferreira proposed openstack/ironic master: Add tempest default_boot_option and altflavor https://review.opendev.org/741886 | 15:44 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic-python-agent-builder master: Remove old proc before finalising tinyipa https://review.opendev.org/747228 | 15:49 |
uzumaki | quick question, where do I find ironic conductor logs now? can no longer see them in /var/log/ironic | 15:49 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic-python-agent-builder master: Build centos8 on centos8 https://review.opendev.org/746901 | 15:50 |
dtantsur | uzumaki: depends on how you installed ironic? | 15:50 |
TheJulia | dtantsur: *sigh* | 15:50 |
rpittau | ipa-builder definitely needs some hugs | 15:50 |
*** mkrai has joined #openstack-ironic | 15:50 | |
dtantsur | we all do | 15:51 |
rpittau | :) | 15:51 |
*** Lucas_Gray has quit IRC | 15:52 | |
dtantsur | TheJulia: an interesting request born in a downstream conversation: https://storyboard.openstack.org/#!/story/2008047 | 15:55 |
uzumaki | dtantsur, well, I have it as a container image, that pulls the tripleo ironic master branch | 15:56 |
uzumaki | it's the metal3-io ironic-image repo Dockerfile | 15:56 |
dtantsur | uzumaki: I think you can use 'podman logs' | 15:56 |
uzumaki | the conductor logs are going to be dumped into podman? interesting.. | 15:57 |
rpittau | uzumaki: really depends how you deployed that container, using podman logs <container-name> should work | 15:58 |
uzumaki | let me try that.. | 15:58 |
uzumaki | got the logs. thanks! | 16:00 |
*** Lucas_Gray has joined #openstack-ironic | 16:00 | |
TheJulia | dtantsur: I don't see why not, just $spoons and $time | 16:02 |
TheJulia | I feel like we need a SPUC again | 16:03 |
dtantsur | quite likely! | 16:04 |
*** lucasagomes has quit IRC | 16:06 | |
*** penick has quit IRC | 16:07 | |
TheJulia | Has everyone been thinking of midcycle topics? | 16:07 |
TheJulia | and then possibly forum/ptg topics?!? | 16:08 |
JayF | I believe zer0c00l was aiming to get the disk data spec up in time to discuss there, but I don't think that's been committed to you all yet | 16:08 |
*** gyee has joined #openstack-ironic | 16:08 | |
dtantsur | TheJulia: the new Dell spec may be one. the dhellmann's proposal may be another one | 16:08 |
JayF | kickstart/partition/whatever you wanna call it | 16:08 |
dtantsur | ++ | 16:09 |
* TheJulia tries not to let sarcasm take over the items she is typing in | 16:09 | |
*** penick has joined #openstack-ironic | 16:10 | |
TheJulia | JayF: I thought he was going to head in the direction of trying to ramdisk boot with an argument to the kickstart file... | 16:11 |
JayF | I think that's more from a code perspective: using most of the ramdisk driver as a jumping off point | 16:11 |
JayF | using solely the ramdisk driver has a massive downside of the node going active several minutes to hours in advance of the install completing | 16:12 |
TheJulia | yeah, it would be good to kind of be able to mentally picture where his head is at | 16:12 |
JayF | It's a priority to get that spec to you all upstream | 16:12 |
*** vmud213 has quit IRC | 16:16 | |
dtantsur | TheJulia: do you have an etherpad already? | 16:18 |
TheJulia | I'm typing one up now | 16:22 |
TheJulia | https://etherpad.opendev.org/p/Ironic-Victoria-midcycle | 16:22 |
openstackgerrit | Verification of a change to openstack/sushy failed: Include extended information in debugging output https://review.opendev.org/745944 | 16:23 |
openstackgerrit | Verification of a change to openstack/sushy failed: Remove auth token header completely when error occurs https://review.opendev.org/746768 | 16:23 |
TheJulia | :( | 16:27 |
*** ijw has joined #openstack-ironic | 16:30 | |
*** dougsz has quit IRC | 16:31 | |
*** penick has quit IRC | 16:34 | |
uzumaki | Any ideas what could be causing this? | 16:35 |
uzumaki | bios interface implementation ironic.drivers.modules.drac.bios.DracWSManBIOS is not supported by hardware type IBMC | 16:36 |
dtantsur | uzumaki: do you have default_bios_interface set? | 16:36 |
uzumaki | yeah, I set it to idrac-wsman, should I remove that? | 16:36 |
dtantsur | yep. the default applies to all hardware types. | 16:36 |
uzumaki | oh boy, alright | 16:37 |
*** k_mouza has quit IRC | 16:38 | |
*** Lucas_Gray has quit IRC | 16:38 | |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Clarify connection error on heartbeats https://review.opendev.org/747210 | 16:47 |
*** Qianbiao|afk has quit IRC | 16:55 | |
*** dtantsur is now known as dtantsur|afk | 17:04 | |
dtantsur|afk | o/ | 17:04 |
TheJulia | goodnight | 17:18 |
uzumaki | A Dell R740XD keeps rebooting when trying to PXE boot for introspection, what could be the issue here? I see the PXE boot screen when it boots up, and immediately reboots, stuck like that for almost half an hour | 17:28 |
uzumaki | could it be a metal3 thing? | 17:29 |
*** ijw_ has joined #openstack-ironic | 17:36 | |
uzumaki | nevermind, it was a misconfigured HTTP server that hosted the boot images, fixed now | 17:38 |
*** ijw has quit IRC | 17:39 | |
*** mkrai has quit IRC | 17:53 | |
*** gregwork has quit IRC | 18:04 | |
*** belmoreira has joined #openstack-ironic | 18:12 | |
JayF | glad to hear you got it working! | 18:12 |
*** ijw has joined #openstack-ironic | 18:14 | |
*** k_mouza has joined #openstack-ironic | 18:16 | |
*** ijw_ has quit IRC | 18:17 | |
openstackgerrit | Julia Kreger proposed openstack/ironic stable/rocky: Retries and timeout for IPA command https://review.opendev.org/747265 | 18:20 |
*** Goneri has quit IRC | 18:21 | |
openstackgerrit | Riccardo Pittau proposed openstack/ironic master: Replace retrying with tenacity https://review.opendev.org/376574 | 18:23 |
rpittau | tenacity is.. well.. tenacious | 18:24 |
rpittau | an with this pearl I wish goodnight! | 18:24 |
rpittau | o/ | 18:24 |
openstackgerrit | Julia Kreger proposed openstack/ironic stable/rocky: Retries and timeout for IPA command https://review.opendev.org/747265 | 18:26 |
*** belmoreira has quit IRC | 18:30 | |
openstackgerrit | Julia Kreger proposed openstack/ironic stable/queens: Retries and timeout for IPA command https://review.opendev.org/747271 | 18:37 |
*** k_mouza has quit IRC | 18:43 | |
*** Goneri has joined #openstack-ironic | 18:52 | |
*** rloo has quit IRC | 18:52 | |
*** rloo has joined #openstack-ironic | 18:52 | |
*** rloo has quit IRC | 18:55 | |
*** rloo has joined #openstack-ironic | 18:56 | |
uzumaki | Thanks JayF =) | 19:14 |
openstackgerrit | Merged openstack/sushy master: Include extended information in debugging output https://review.opendev.org/745944 | 19:15 |
*** dustinc has joined #openstack-ironic | 19:16 | |
openstackgerrit | Julia Kreger proposed openstack/sushy master: Remove auth token header completely when error occurs https://review.opendev.org/746768 | 19:22 |
openstackgerrit | Merged openstack/ironic-python-agent bugfix/6.3: Update TOX_CONSTRAINTS_FILE for bugfix/6.3 https://review.opendev.org/746795 | 19:50 |
*** uzumaki has quit IRC | 19:50 | |
openstackgerrit | Merged openstack/ironic bugfix/15.2: Update TOX_CONSTRAINTS_FILE for bugfix/15.2 https://review.opendev.org/746797 | 19:58 |
*** rloo has quit IRC | 20:06 | |
*** rloo has joined #openstack-ironic | 20:06 | |
openstackgerrit | Merged openstack/bifrost master: Validate that the services are running after installation https://review.opendev.org/743569 | 20:07 |
*** Lucas_Gray has joined #openstack-ironic | 20:21 | |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: Eventlet should be monkey patched as early as possible https://review.opendev.org/746774 | 20:24 |
* rpioso is on staycation | 20:29 | |
rpioso | brtknr: As ajya pointed out, python-dracclient does not offer an API specifically for obtaining iDRAC log messages; however, they can be enumerated via its WSManClient member: https://opendev.org/openstack/python-dracclient/src/commit/b84667750ee091bfd8e9e1c804dd6489dd8d9373/dracclient/client.py#L71-L73. | 20:30 |
rpioso | brtknr: Please take a look at its lower level, generic enumerate method: https://opendev.org/openstack/python-dracclient/src/commit/b84667750ee091bfd8e9e1c804dd6489dd8d9373/dracclient/client.py#L1233-L1235. | 20:31 |
openstackgerrit | Julia Kreger proposed openstack/ironic stable/queens: Retries and timeout for IPA command https://review.opendev.org/747271 | 20:33 |
openstackgerrit | Julia Kreger proposed openstack/ironic stable/queens: Fix for failure in cleaning https://review.opendev.org/747288 | 20:33 |
JayF | TheJulia: +1, fwiw. Those are clean backports, I took 'em back to ocata (along with the response-code-checking from queens) recently | 20:35 |
TheJulia | rpioso: staycation sounds epic right now :) | 20:35 |
TheJulia | JayF: thanks! | 20:35 |
TheJulia | JayF: I'm really surprised we didn't backport them upstream immediatley but it is easy for things to get lost | 20:37 |
rpioso | TheJulia: Yep. Long overdue, though :-) And too short! | 20:37 |
TheJulia | JayF: are you guys using the iscsi deploy interface? | 20:38 |
* TheJulia is thinking direct, but wanted to make sure | 20:38 | |
JayF | No. We have an anaconda deploy driver that looks suspiciously similar to what was discussed and will be proposed soon. It was recently enhanced to boot IPA and use IPA for cleaning. | 20:38 |
TheJulia | ahh | 20:39 |
TheJulia | ok | 20:39 |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Clarify connection error on heartbeats https://review.opendev.org/747210 | 20:45 |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Update the cache if we don't have a root device hint https://review.opendev.org/747072 | 20:46 |
*** sshnaidm is now known as sshnaidm|afk | 20:47 | |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: Eventlet should be monkey patched as early as possible https://review.opendev.org/746774 | 20:50 |
JayF | TheJulia: dtantsur|afk: ^ I believe that ( https://review.opendev.org/746774 ) will pass tests and is reviewable now. | 20:51 |
patchbot | patch 746774 - ironic-python-agent - Eventlet should be monkey patched as early as poss... - 4 patch sets | 20:51 |
*** priteau has quit IRC | 20:52 | |
TheJulia | \o/ | 20:52 |
TheJulia | It is going to have ot be tomorrow unfortuantely, i'm about out of spoons already | 20:52 |
JayF | If the "high cpu usage" complaints are reproducable, I'd love someone to validate we need sleep(0.1) still. I removed it in favor of sleep(0), I believe having eventlet everywhere should settle down cpu usage. | 20:53 |
JayF | but TBH the high cpu usage was unreproducable for me from the beginning so *shrug* | 20:53 |
TheJulia | they really shouldn't be needed.... but yeah... | 20:57 |
* TheJulia is stuck while c select behavior restores into active ram | 20:58 | |
JayF | The behavior we were seeing makes 100% sense given the interactions I was seeing; now that it's all under eventlet that problem should disappear into the mists. | 20:58 |
TheJulia | yeah, it should, in theory | 20:58 |
JayF | TheJulia: it's not c select, it's magic eventlet select [waves hands wildly] | 20:58 |
JayF | Admittedly I understand the exact amount about this to be dangerous | 20:59 |
TheJulia | still! it triggered the restore | 20:59 |
janders | good morning Ironic o/ | 21:00 |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: If listen_ssl is true, enable TLS on wsgi server https://review.opendev.org/747193 | 21:04 |
JayF | morning janders | 21:07 |
openstackgerrit | Merged openstack/sushy master: Remove auth token header completely when error occurs https://review.opendev.org/746768 | 21:20 |
openstackgerrit | Julia Kreger proposed openstack/ironic master: Guard conductor from consuming all of the ram https://review.opendev.org/726483 | 21:28 |
TheJulia | good morning janders | 21:28 |
*** Goneri has quit IRC | 21:35 | |
openstackgerrit | Merged openstack/ironic-inspector master: Log outcome of `check_conditions` method. https://review.opendev.org/745663 | 21:55 |
stevebaker | morning | 22:07 |
*** jtomasek has quit IRC | 22:08 | |
janders | good morning stevebaker o/ | 22:08 |
stevebaker | my local test_node.py "only" has 269 failures now, down from 350. progress! | 22:18 |
*** Goneri has joined #openstack-ironic | 22:25 | |
*** Goneri has quit IRC | 22:32 | |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent-builder master: Add element to configure IPA with TLS, use configdir https://review.opendev.org/747309 | 22:41 |
JayF | dtantsur|afk: https://review.opendev.org/746774 https://review.opendev.org/747193 https://review.opendev.org/747309 as promised this morning. Admittedly the IPA-builder changes are mostly untested, but I'm going to port them downstream and test with cleaning tomorrow. | 22:45 |
patchbot | patch 746774 - ironic-python-agent - Eventlet should be monkey patched as early as poss... - 4 patch sets | 22:45 |
patchbot | patch 747193 - ironic-python-agent - If listen_ssl is true, enable TLS on wsgi server - 2 patch sets | 22:45 |
patchbot | patch 747309 - ironic-python-agent-builder - Add element to configure IPA with TLS, use configdir - 1 patch set | 22:45 |
*** rcernin has joined #openstack-ironic | 22:48 | |
*** Lucas_Gray has quit IRC | 23:05 | |
*** rcernin has quit IRC | 23:06 | |
*** rcernin has joined #openstack-ironic | 23:08 | |
*** hjensas has quit IRC | 23:41 | |
*** sri_ has quit IRC | 23:55 | |
*** rpioso has quit IRC | 23:55 | |
*** ildikov has quit IRC | 23:58 | |
*** rpioso has joined #openstack-ironic | 23:59 | |
*** pas-ha has quit IRC | 23:59 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!