openstackgerrit | Jacob Anders proposed openstack/ironic master: Generic way to configure clean step priorites https://review.opendev.org/744117 | 00:18 |
---|---|---|
*** jamesdenton has quit IRC | 01:46 | |
*** jamesden_ has joined #openstack-ironic | 01:47 | |
janders | has anyone recently observed instance deployment issues on bifrost related to 403 errors from Nginx while attempting to fetch images? | 01:58 |
janders | I think I remember dtantsur|afk mentioning something along SELinux lines (can't find it in IRC history ATM though) so I first thought it was that, but it might have been just permissions: http://paste.openstack.org/show/797074/ | 02:02 |
janders | I haven't hit this for a while as my bifrost "uninstaller" wasn't deleting /httpboot which I will add now for better coverage :) | 02:02 |
*** Lucas_Gray has joined #openstack-ironic | 02:37 | |
*** uzumaki has joined #openstack-ironic | 02:57 | |
*** tkajinam has quit IRC | 04:03 | |
*** tkajinam has joined #openstack-ironic | 04:03 | |
*** abdysn has joined #openstack-ironic | 05:02 | |
*** hjensas_ has joined #openstack-ironic | 05:18 | |
*** Lucas_Gray has quit IRC | 05:21 | |
*** chenhaw has quit IRC | 06:04 | |
arne_wiebalck | Good morning, ironic! | 06:12 |
*** mnasiadka has quit IRC | 06:16 | |
*** mnasiadka has joined #openstack-ironic | 06:19 | |
*** rcernin has quit IRC | 06:23 | |
*** seongsoocho has quit IRC | 06:24 | |
*** seongsoocho has joined #openstack-ironic | 06:25 | |
*** rcernin has joined #openstack-ironic | 06:32 | |
*** dtantsur|afk is now known as dtantsur | 06:35 | |
dtantsur | morning ironic, happy Monday | 06:35 |
*** rcernin has quit IRC | 06:36 | |
*** rcernin has joined #openstack-ironic | 06:36 | |
dtantsur | janders: it feels like "just" permissions (and why on earth aren't we fixing them??) | 06:38 |
dtantsur | a patch is welcome | 06:38 |
*** jhesketh_ has quit IRC | 06:39 | |
*** jhesketh has joined #openstack-ironic | 06:41 | |
*** hjensas__ has joined #openstack-ironic | 06:48 | |
iurygregory | good morning janders arne_wiebalck dtantsur and Ironic o/ | 06:49 |
*** hjensas_ has quit IRC | 06:51 | |
arne_wiebalck | hey iurygregory dtantsur o/ | 06:52 |
*** mkrai has joined #openstack-ironic | 06:54 | |
*** chenhaw has joined #openstack-ironic | 06:55 | |
*** SuiongNg|ITRI_TW has joined #openstack-ironic | 06:58 | |
*** sshnaidm|afk is now known as sshnaidm | 07:03 | |
openstackgerrit | Merged openstack/ironic master: Documentation update for ilo hardware type https://review.opendev.org/746453 | 07:06 |
*** Qianbiao has joined #openstack-ironic | 07:09 | |
rpittau | good morning ironic! o/ | 07:12 |
dtantsur | folks, please review https://review.opendev.org/747437 it fixes a pretty serious bug | 07:19 |
patchbot | patch 747437 - bifrost - Explicitly enable DHCP services on baremetal CentO... - 2 patch sets | 07:19 |
rpittau | dtantsur, TheJulia, sorry I didn't have IRC connection on Friday afternoon/evening, I saw the "chicken-n-egg" issue later, but seems all good now | 07:20 |
dtantsur | yeah, TheJulia has solved it in the end | 07:22 |
dtantsur | rpittau: I wonder if we need the RAM bump backported.. | 07:22 |
rpittau | dtantsur: I was considering that, we probably do | 07:23 |
rpittau | dtantsur: TheJulia already backport to 15.2, but I think we should do it for ussuri too | 07:24 |
rpittau | same for ironic-python-agent | 07:25 |
iurygregory | morning rpittau o/ | 07:25 |
rpittau | hey iurygregory :) | 07:25 |
dtantsur | also looking for reviews on this bug fix https://review.opendev.org/#/c/747389/ | 07:28 |
patchbot | patch 747389 - ironic - Ensure in-band deploy steps are present in time fo... - 3 patch sets | 07:28 |
dtantsur | and on https://review.opendev.org/#/c/747413/ | 07:28 |
patchbot | patch 747413 - metalsmith - CI: use the direct deploy by default - 2 patch sets | 07:28 |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic-python-agent master: [PoC] A deploy step to update /etc/default/grub https://review.opendev.org/743771 | 07:30 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic stable/ussuri: Increase memory of tinyipa vms https://review.opendev.org/747633 | 07:33 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic-python-agent stable/ussuri: Increase memory for tinyipa jobs https://review.opendev.org/747634 | 07:38 |
openstackgerrit | Merged openstack/ironic stable/rocky: Retries and timeout for IPA command https://review.opendev.org/747265 | 07:51 |
*** lucasagomes has joined #openstack-ironic | 07:58 | |
*** akahat|rover is now known as akahat|lunch | 07:58 | |
openstackgerrit | vinay kumar muddu proposed openstack/ironic master: [WIP]: Adds ilo-uefi-https boot interface to ilo5 https://review.opendev.org/745501 | 08:03 |
*** yolanda has quit IRC | 08:03 | |
*** dougsz has joined #openstack-ironic | 08:04 | |
*** livelace has joined #openstack-ironic | 08:05 | |
openstackgerrit | vinay kumar muddu proposed openstack/ironic master: [WIP]: Adds ilo-uefi-https boot interface to ilo5 https://review.opendev.org/745501 | 08:11 |
Qianbiao | hello ironic. | 08:16 |
Qianbiao | Hi, when combine ironic with openstack-services, should dhcp still be provided by ironic in provisioning network? | 08:17 |
Qianbiao | should i still install a dnsmasq to provide dhcp for first pxe network | 08:17 |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic-lib master: Move some generic functions from IPA https://review.opendev.org/747641 | 08:26 |
openstackgerrit | Merged openstack/bifrost master: Explicitly enable DHCP services on baremetal CentOS/RHEL https://review.opendev.org/747437 | 08:26 |
dtantsur | Qianbiao: when using ironic with neutron, dhcp is usually provided by neutron-dhcp-agent | 08:27 |
Qianbiao | dtantsur hmm, should provisioning network be a subnet created by neutron? | 08:31 |
Qianbiao | in our test env, our nodes are connected directly(including SDN device) | 08:32 |
dtantsur | Qianbiao: usually the provisioning network is handled by neutron, yes. Your case may be different, of course. | 08:35 |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost bugfix/8.3: Explicitly enable DHCP services on baremetal CentOS/RHEL https://review.opendev.org/747644 | 08:35 |
*** livelace has quit IRC | 08:36 | |
Qianbiao | ok thanks dtantsur | 08:36 |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost stable/ussuri: Use firewalld to open ports on CentOS and RHEL. https://review.opendev.org/747645 | 08:36 |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost stable/ussuri: Explicitly enable DHCP services on baremetal CentOS/RHEL https://review.opendev.org/747646 | 08:37 |
openstackgerrit | Riccardo Pittau proposed openstack/ironic-python-agent-builder master: Leave kbd installed https://review.opendev.org/747647 | 08:38 |
*** derekh has joined #openstack-ironic | 08:43 | |
janders | g'day arne_wiebalck dtantsur iurygregory rpittau o/ | 08:51 |
rpittau | hey janders :) | 08:51 |
iurygregory | o/ | 08:52 |
janders | dtantsur noted regarding permissions, happy to look into that when I'm done with the initial part of the FIPS work | 08:52 |
arne_wiebalck | hey janders o/ | 08:52 |
*** k_mouza has joined #openstack-ironic | 08:52 | |
*** rcernin has quit IRC | 09:03 | |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic-lib master: Move some generic functions from IPA https://review.opendev.org/747641 | 09:12 |
rpittau | hey arne_wiebalck, welcome back :) | 09:24 |
arne_wiebalck | hey rpittau o/ thanks! | 09:24 |
*** priteau has joined #openstack-ironic | 09:24 | |
*** mkrai has quit IRC | 09:31 | |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Remove env-vars https://review.opendev.org/747668 | 09:39 |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Remove support for non-venv deployments https://review.opendev.org/747434 | 09:40 |
janders | dtantsur looks like the image-creation playbook already does the right thing with permissions: https://opendev.org/openstack/bifrost/src/branch/master/playbooks/roles/bifrost-create-dib-image/tasks/main.yml#L167 the only question remains why didn't it work for me... I'll raze my bifrost install, start fresh and see if I hit this issue again | 09:52 |
janders | the only thing that comes to mind is some weird race condition... maybe the node is still traumatised after the dev-scripts driven IO starvation episode on Friday LOL (I'm now using it for bifrost) | 09:54 |
*** livelace has joined #openstack-ironic | 09:55 | |
*** Qianbiao has quit IRC | 09:55 | |
*** Qianbiao has joined #openstack-ironic | 09:58 | |
openstackgerrit | Merged openstack/bifrost bugfix/8.3: Explicitly enable DHCP services on baremetal CentOS/RHEL https://review.opendev.org/747644 | 09:59 |
openstackgerrit | Merged openstack/bifrost stable/ussuri: Use firewalld to open ports on CentOS and RHEL. https://review.opendev.org/747645 | 09:59 |
openstackgerrit | Merged openstack/bifrost stable/ussuri: Explicitly enable DHCP services on baremetal CentOS/RHEL https://review.opendev.org/747646 | 09:59 |
dtantsur | janders: if running with --testenv, your image is a cirros image downloaded from the internet, not DIB-built | 10:01 |
*** mkrai has joined #openstack-ironic | 10:01 | |
janders | aha! will look into that codepath, too. Thanks heaps dtantsur! | 10:01 |
dtantsur | janders: https://opendev.org/openstack/bifrost/src/branch/master/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml#L330 | 10:02 |
janders | dtantsur I see how things might get wrong there | 10:02 |
dtantsur | janders: the reason it suddenly stopped working is https://github.com/ansible/ansible/issues/71200 | 10:02 |
dtantsur | i.e. an upstream defaults change | 10:02 |
dtantsur | I do think we should be explicit about ownership and ACL for all downloaded/built files | 10:03 |
dtantsur | so a patch is welcome :) | 10:03 |
janders | dtantsur very well spotted, I haven't hit this elsewhere yet | 10:04 |
janders | dtantsur will do | 10:04 |
dtantsur | janders: get_url seems to have a mode/owner, so it must be an easy fix | 10:14 |
*** rcernin has joined #openstack-ironic | 10:17 | |
* dtantsur is looking into running ansible-lint on bifrost | 10:17 | |
*** rcernin has quit IRC | 10:22 | |
*** ijw has joined #openstack-ironic | 10:23 | |
*** ijw has quit IRC | 10:27 | |
*** akahat|lunch is now known as akahat|rover | 10:27 | |
openstackgerrit | vinay kumar muddu proposed openstack/ironic master: Decouple the ISO creation logic from redfish https://review.opendev.org/739174 | 10:36 |
janders | dtantsur exactly my plan. Do you think we should parameterise permissions or is hardcoding okay? (I see a fair bit of hardcoded 644s around the code) | 10:38 |
*** Lucas_Gray has joined #openstack-ironic | 10:41 | |
openstackgerrit | vinay kumar muddu proposed openstack/ironic master: Allow HttpImageService to accept custom certificate https://review.opendev.org/742936 | 10:50 |
*** rh-jelabarre has joined #openstack-ironic | 10:53 | |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: [WIP] Add a CI job with ansible-lint https://review.opendev.org/747686 | 11:07 |
dtantsur | janders: hardcoding is pretty okay | 11:07 |
janders | dtantsur ACK, thank you | 11:08 |
janders | wrapping up for the day, see you tomorrow Ironic o/ | 11:08 |
janders | will finish up and submit that patch first thing in the morning | 11:09 |
iurygregory | bye janders | 11:09 |
janders | cheers iurygregory | 11:09 |
dtantsur | g'night janders | 11:11 |
*** mkrai has quit IRC | 11:13 | |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Add a CI job with ansible-lint https://review.opendev.org/747686 | 11:14 |
dtantsur | rpittau gotta like ^^^ probably :) | 11:14 |
* dtantsur will fix a few errors in a new patch | 11:14 | |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: Add a CI job with ansible-lint https://review.opendev.org/747686 | 11:15 |
* iurygregory brb lunch | 11:25 | |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: ansible-lint: fix error 204 (Lines should be no longer than 160 chars) https://review.opendev.org/747692 | 11:42 |
*** hjensas__ is now known as hjensas|lunch | 11:57 | |
rpittau | dtantsur: you were faster than me as usual, I was actually looking at that :) | 12:06 |
dtantsur | rpittau: oh sorry. what exactly are you looking at? | 12:06 |
dtantsur | I'm trying to fix 3xx atm | 12:06 |
rpittau | dtantsur: the ansible-lint :) | 12:06 |
* dtantsur should have asked, sorry again | 12:06 | |
rpittau | dtantsur: no worries! :) | 12:07 |
openstackgerrit | Dmitry Tantsur proposed openstack/bifrost master: ansible-lint: fix errors 303, 305, 306 https://review.opendev.org/747694 | 12:07 |
openstackgerrit | Kaifeng Wang proposed openstack/ironic-specs master: Snapshot support https://review.opendev.org/746935 | 12:07 |
dtantsur | I'll stop fixing lints for today after ^^^ | 12:07 |
dtantsur | any remaining are up for taking | 12:07 |
rpittau | :D | 12:07 |
rpittau | ok! | 12:07 |
*** mkrai__ has joined #openstack-ironic | 12:08 | |
*** mkrai__ has quit IRC | 12:08 | |
*** livelace has quit IRC | 12:13 | |
Qianbiao | hello dtantsur | 12:18 |
Qianbiao | when deploy interface is ramdisk, bm will pxe twice right? | 12:18 |
openstackgerrit | Dmitry Tantsur proposed openstack/metalsmith master: CI: use the direct deploy by default https://review.opendev.org/747413 | 12:19 |
dtantsur | Qianbiao: no, I think only once | 12:19 |
Qianbiao | deploy directly? without coreos loading> | 12:19 |
Qianbiao | then when will network changes from provision network to tenant network. | 12:20 |
Qianbiao | when pxe happen, server is in provisioning network or tenant | 12:20 |
*** mkrai has joined #openstack-ironic | 12:21 | |
dtantsur | Qianbiao: unless I'm mistaken, the first and only boot happens on the tenant network | 12:21 |
rpittau | dtantsur: what's the reason of limiting ansible-lint to <5 ? | 12:22 |
dtantsur | rpittau: I assume the next major version will have more lints by default | 12:22 |
dtantsur | breaking us | 12:22 |
rpittau | ok, I see, makes sense, thanks | 12:22 |
Qianbiao | dtantsur got thanks. | 12:23 |
Qianbiao | it there any method can void the pxe expose security issue. | 12:24 |
dtantsur | Qianbiao: if your hardware supports virtual media, you can use it | 12:27 |
dtantsur | otherwise, I'm afraid, it's unavoidable with the ramdisk deploy | 12:27 |
Qianbiao | <dtantsur> yes we support it. | 12:27 |
Qianbiao | should i add virtual media implementation | 12:27 |
dtantsur | that would be really good | 12:28 |
dtantsur | TheJulia: https://review.opendev.org/#/c/743771/ works, do you think it's worth turning into a real optional feature? | 12:32 |
patchbot | patch 743771 - ironic-python-agent - [PoC] A deploy step to update /etc/default/grub - 4 patch sets | 12:32 |
dtantsur | (there should be more work around whole-disk images) | 12:32 |
dtantsur | other opinions also welcome ^^^ | 12:32 |
*** livelace has joined #openstack-ironic | 12:33 | |
openstackgerrit | Merged openstack/bifrost master: Add a CI job with ansible-lint https://review.opendev.org/747686 | 12:59 |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic-python-agent master: documentation: clean up and expand the landing page https://review.opendev.org/747723 | 13:12 |
*** bnemec has joined #openstack-ironic | 13:22 | |
*** tosky has joined #openstack-ironic | 13:22 | |
*** Goneri has joined #openstack-ironic | 13:25 | |
TheJulia | good morning everyone | 13:26 |
rpittau | good morning TheJulia :) | 13:26 |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic-python-agent master: Refactor and fix documentation https://review.opendev.org/747723 | 13:27 |
openstackgerrit | Merged openstack/ironic-python-agent master: Clarify connection error on heartbeats https://review.opendev.org/747210 | 13:29 |
dtantsur | morning TheJulia | 13:29 |
*** rloo has joined #openstack-ironic | 13:32 | |
TheJulia | What is the assessment of the gate status this morning? | 13:34 |
TheJulia | line 55 from the etherpad seems really out of date | 13:34 |
rpittau | better than Friday :) | 13:34 |
rpittau | tinyipa jobs are fixed | 13:34 |
TheJulia | \o/ | 13:35 |
rpittau | TheJulia: I can add a couple of lines there to ezplain | 13:35 |
rpittau | or explain even | 13:35 |
*** tzumainn has joined #openstack-ironic | 13:37 | |
rpittau | TheJulia: btw, if you have a minute, we should pin pip version https://review.opendev.org/747218 | 13:41 |
patchbot | patch 747218 - ironic-python-agent-builder - Pin pip version to install in tinyipa images - 2 patch sets | 13:41 |
TheJulia | Hey, stable cores, can I get quick review on https://review.opendev.org/#/c/744053/ ? | 13:43 |
patchbot | patch 744053 - ironic-python-agent (stable/rocky) - improve error messages during node lookup failures - 1 patch set | 13:43 |
TheJulia | It is blocking another fix from merging | 13:43 |
rpittau | done | 13:43 |
openstackgerrit | Aija Jaunteva proposed openstack/ironic-specs master: System configuration within whole clean or deploy step https://review.opendev.org/740721 | 13:44 |
openstackgerrit | Julia Kreger proposed openstack/ironic bugfix/15.2: Ansible deploy - Ignore invalid devices https://review.opendev.org/747729 | 13:47 |
openstackgerrit | Julia Kreger proposed openstack/ironic bugfix/15.1: Ansible deploy - Ignore invalid devices https://review.opendev.org/747730 | 13:47 |
dtantsur | TheJulia: oh, by the way, this Monday is sponsored by https://github.com/ansible/ansible/issues/71200 | 13:51 |
dtantsur | (that's the cause of one of the bifrost issues trandles experienced) | 13:51 |
TheJulia | no wonder | 13:52 |
TheJulia | jeeze | 13:53 |
* TheJulia wonders who is the current pinkish-purple on the etherpad this morning | 13:53 | |
rpittau | I think they reverted the change ? | 13:53 |
rpittau | TheJulia: maybe me ? on line 56 ? | 13:54 |
TheJulia | yes! | 13:54 |
dtantsur | they did revert it. but there is also an ansible-lint for missing mode, so we'll have to fix it anyway :) | 13:54 |
rpittau | ah snap | 13:54 |
*** abdysn has quit IRC | 13:55 | |
*** mjturek has joined #openstack-ironic | 13:58 | |
TheJulia | stevebaker: For when your up, what is the deal with https://review.opendev.org/#/c/742795/7 ? | 14:07 |
patchbot | patch 742795 - ironic - New argument validate decorator - 7 patch sets | 14:07 |
openstackgerrit | Merged openstack/ironic master: Ensure in-band deploy steps are present in time for fast-track deployments https://review.opendev.org/747389 | 14:09 |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic bugfix/15.2: Ensure in-band deploy steps are present in time for fast-track deployments https://review.opendev.org/747737 | 14:10 |
dtantsur | TheJulia: I think we can release 15.2.1 after this ^^ and the ansible fix | 14:11 |
TheJulia | ++ | 14:11 |
TheJulia | we likely need to do a release of some of the older branches too | 14:12 |
*** hjensas|lunch is now known as hjensas | 14:13 | |
TheJulia | I wonder if someone needs to revise https://review.opendev.org/#/c/557051/ | 14:14 |
patchbot | patch 557051 - networking-generic-switch - Support multiple links in link_local_information d... - 12 patch sets | 14:14 |
JayF | What's the deal with lower constraints? What determines them, are are the flexible? | 14:19 |
JayF | > eventlet==0.18.2 | 14:19 |
TheJulia | lower-constraints.txt and yes they can be changed | 14:19 |
JayF | is scary old and buggy -- I'm amazed we have that old of a version there | 14:19 |
TheJulia | minimum versions things _should_ work with | 14:19 |
JayF | my what determines them is more philosophical, I know about the file | 14:19 |
JayF | e.g. are there certain use cases targetted | 14:20 |
TheJulia | humans do, so they can be out of date | 14:20 |
JayF | compatability with something, etx | 14:20 |
JayF | OK, so if the answer to IPA eventlet patch failures is "update lower-constraints", we're OK with that? Especially in IPA? | 14:20 |
TheJulia | it is fine to increment the minimum version upward on master branch | 14:20 |
JayF | (since IPA is not co-installed) | 14:20 |
JayF | ack; that'll likely be the action I take for my PR | 14:21 |
TheJulia | k | 14:21 |
JayF | I've read over 9000 bugs in old eventlet around wsgi+ssl; I don't think even if unit tests passed I'd be willing to suggest someone run on eventlet that old :D | 14:21 |
*** Lucas_Gray has quit IRC | 14:22 | |
dtantsur | JayF: please read my comments on your patch, updating eventlet won't simply help | 14:29 |
dtantsur | (at least it does not help when tried locally) | 14:29 |
JayF | 0.25.1 is what we run against in master? | 14:29 |
JayF | that was the missing piece for me | 14:29 |
dtantsur | yep, tried that | 14:29 |
JayF | ack; I'm sure I can track it down | 14:30 |
JayF | [knocks on wood] | 14:30 |
JayF | Did you see my replies abuot moving the __init__.py stuff around? | 14:30 |
dtantsur | probably not yet | 14:30 |
JayF | If we're OK with breaking mod_wsgi support, I'm happy to move it around | 14:30 |
JayF | but I wanted to make sure you read the commit and were making that suggestion with the explicit knowledge it breaks mod_wsgi | 14:30 |
JayF | although TBH, it's likely it didn't work under mod_wsgi anyway b/c of how we handle heartbeats | 14:31 |
dtantsur | JayF: I don't see how it would break mod_wsgi | 14:33 |
dtantsur | without actually calling eventlet, the environment variable won't affect anything, will it? | 14:33 |
JayF | see https://review.opendev.org/#/c/440292/ | 14:33 |
patchbot | patch 440292 - ironic - Move eventlet monkey patch code (MERGED) - 2 patch sets | 14:33 |
dtantsur | well, ignoring the fact that IPA is unlikely to work under mod_wsgi :) | 14:33 |
dtantsur | TheJulia: we need to get used to updating the CI of bugfix branches every time after the release | 14:34 |
*** mkrai has quit IRC | 14:34 | |
JayF | yeah; I'll re-centralize it and add to my release notes that it absolutely will not worj | 14:35 |
JayF | *work | 14:35 |
dtantsur | JayF: not because of your patch | 14:36 |
dtantsur | note that https://review.opendev.org/#/c/440292/2/ironic/__init__.py actually had monkey_patch in __init__ unlike IPA | 14:36 |
patchbot | patch 440292 - ironic - Move eventlet monkey patch code (MERGED) - 2 patch sets | 14:36 |
dtantsur | I agree that it's bad | 14:37 |
JayF | Yeah; which is why I moved it to cmd/ when I added the monkey_patch | 14:37 |
JayF | but I still think it's exceedingly unlikely that, for instance, ussuri IPA works under mod_wsgi | 14:37 |
JayF | so just take the guaranteed hard breakage, document it, and move on | 14:37 |
openstackgerrit | wu.chunyang proposed openstack/python-ironicclient master: Remove Babel requirement https://review.opendev.org/747581 | 14:37 |
JayF | that's what reverse proxying is for :D | 14:37 |
dtantsur | it's an option, although that's not exactly what I asked for | 14:37 |
dtantsur | (I was only pointing out a copy-paste of the environment code) | 14:38 |
JayF | Ooooh! I got it, you want the environment stuff at root level, the monkey patch at cmd/ level | 14:38 |
dtantsur | but yeah, I don't see how IPA would work under any WSGI server. half of its initialization is in agent.py which hardcodes using oslo.service | 14:38 |
JayF | All my previous comments are still valid though, because I don't think ^^^ exactly | 14:38 |
JayF | So I'm going to just move it all to the base level __init__.py, and document it won't work with it | 14:39 |
dtantsur | wfm | 14:39 |
JayF | *IPA won't work with mod_wsgi | 14:39 |
JayF | and then play requirements-bingo until I get CI to pass under lower-constraints :| | 14:39 |
openstackgerrit | Julia Kreger proposed openstack/ironic-python-agent master: Update the cache if we don't have a root device hint https://review.opendev.org/747072 | 14:41 |
*** mkrai has joined #openstack-ironic | 14:42 | |
dtantsur | JayF: could you please read https://storyboard.openstack.org/#!/story/2007214 before the meeting to make sure I'm not saying anything contradicting your plans? | 14:43 |
JayF | looking | 14:44 |
dtantsur | This RFE now tries to cover both static and automatic TLS configuration | 14:44 |
openstackgerrit | Merged openstack/ironic-python-agent stable/rocky: improve error messages during node lookup failures https://review.opendev.org/744053 | 14:44 |
JayF | The option as I have it written is ``listen_ssl``, you have it listed as ``listel_tls`` -- I don't mind tls vs ssl, we should just be consistent | 14:45 |
dtantsur | JayF: is it too late to change the option to tls in your code? | 14:45 |
dtantsur | ssl is an ancient thing | 14:45 |
JayF | the other thing, you may want to be specific it's ssl.cert_file / ssl.key_file not default.{} | 14:45 |
JayF | absolutely, I can change it | 14:45 |
*** cdearborn has joined #openstack-ironic | 14:46 | |
JayF | [agent]api_key_file is not required for client cert verification. | 14:46 |
JayF | You only need the CA file. | 14:47 |
brtknr | hey folks, after adding a new conductor, how do i rebalance the nodes across the conductors? | 14:47 |
JayF | Oh, you're talking about the other side, in the ironic.conf? | 14:47 |
dtantsur | yep | 14:47 |
JayF | That section 2.1 I think is missing something? | 14:47 |
brtknr | i have tried restarting the conductors but that doesnt seem to be enough | 14:47 |
JayF | Oh, nevermind, this is a little confusing, I keep losing track of who the client and who the server is | 14:48 |
JayF | dtantsur: LGTM. I'll make my config variable compatible, and edited your RFE just now to fix a typo | 14:48 |
*** kaifeng has joined #openstack-ironic | 14:49 | |
dtantsur | JayF: we might have had an editing collision, could you check again please? | 14:50 |
JayF | my typo fix (``listel_tls`` -> ``listen_tls``) still appears in the change | 14:50 |
dtantsur | and of course storyboard takes forever to refresh.. | 14:51 |
dtantsur | JayF: I don't see it anymore, could you also refresh? | 14:52 |
* dtantsur shakes fist at storyboard | 14:52 | |
JayF | lgtm after refresh? | 14:52 |
brtknr | how do you rebalance nodes across conductor groups in general? | 14:56 |
brtknr | i have seen it happen when a conductor fails | 14:56 |
brtknr | is there a way to trigger rebalance on demand? | 14:56 |
JayF | I believe a rolling restart should do it. | 14:56 |
openstackgerrit | Merged openstack/ironic-python-agent stable/rocky: Fix TypeError on agent lookup failure https://review.opendev.org/745426 | 14:57 |
brtknr | i dont want to resort to assigning nodes to conductor groups | 14:57 |
brtknr | JayF: is that in response to my questions? | 14:57 |
brtknr | i tried restarting | 14:57 |
brtknr | didnt help | 14:57 |
dtantsur | I believe the nodes balance out automatically, but not when they have instances already | 14:59 |
JayF | Yeah, that's the only way I know to do it. This is a little bit of an X/Y question -- you shouldn't need to worry about what nodes are managed by what conductor in general usage | 14:59 |
dtantsur | but that's a bit of an untested area, to be honest | 14:59 |
*** tkajinam_ has joined #openstack-ironic | 14:59 | |
JayF | So I'm wondering what the symptoms are you're trying to resolve | 14:59 |
TheJulia | They should balance out evenly, the conundrum is it can still be weighted on one side | 14:59 |
TheJulia | or on to a node | 14:59 |
TheJulia | Arne had some graphs a while back that showed an extra 200-400 nodes on one conductor for some reason | 15:00 |
TheJulia | Anyway, it is meeting time! | 15:00 |
TheJulia | #startmeeting ironic | 15:00 |
openstack | Meeting started Mon Aug 24 15:00:17 2020 UTC and is due to finish in 60 minutes. The chair is TheJulia. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
TheJulia | o/ | 15:00 |
openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
*** openstack changes topic to " (Meeting topic: ironic)" | 15:00 | |
*** another_larsks is now known as larsks | 15:00 | |
rpittau | o/ | 15:00 |
openstack | The meeting name has been set to 'ironic' | 15:00 |
JayF | o/ | 15:00 |
rajinir | o/ | 15:00 |
rpioso | \o | 15:00 |
kaifeng | o/ | 15:00 |
ajya | o/ | 15:00 |
TheJulia | Good morning ironic! | 15:00 |
erbarr | o/ | 15:00 |
bfournie | o/ | 15:00 |
bdodd | o/ | 15:00 |
arne_wiebalck | o/ | 15:00 |
brtknr | o/ | 15:00 |
iurygregory | o/ | 15:01 |
*** seongsoocho_ has joined #openstack-ironic | 15:01 | |
TheJulia | Our agenda can be found on the wiki, as always. | 15:01 |
TheJulia | #link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting | 15:01 |
cdearborn | o/ | 15:01 |
TheJulia | #topic Annoucements/Reminders | 15:01 |
*** openstack changes topic to "Annoucements/Reminders (Meeting topic: ironic)" | 15:01 | |
TheJulia | A midcycle topic etherpad has been setup | 15:01 |
TheJulia | #link https://etherpad.opendev.org/p/Ironic-Victoria-midcycle | 15:01 |
TheJulia | I believe September 2nd and 3rd are the best looking dates when I last glanced at the doodle | 15:02 |
dtantsur | o/ | 15:02 |
TheJulia | rpittau: when are we closing that out? | 15:02 |
rpittau | TheJulia: on wednesday | 15:02 |
rpittau | wanted to give some more time as I know some people were on vacation until today | 15:02 |
TheJulia | Additionally: If there is any update required for non-client libraries, we need to have it in before next week to meet the OpenStack release schedule | 15:03 |
*** stendulker has joined #openstack-ironic | 15:03 | |
TheJulia | #link https://releases.openstack.org/victoria/schedule.html | 15:03 |
*** seongsoocho has quit IRC | 15:03 | |
stendulker | o/ | 15:03 |
*** uzumaki has quit IRC | 15:03 | |
*** tkajinam has quit IRC | 15:03 | |
rloo | meeting? | 15:03 |
*** dougsz has quit IRC | 15:03 | |
*** seongsoocho_ is now known as seongsoocho | 15:03 | |
TheJulia | #link https://doodle.com/poll/pi4x3kuxamf4nnpu | 15:03 |
TheJulia | Is the link for the doodle | 15:03 |
TheJulia | Does anyone have anything else to announce or remind us of? | 15:04 |
*** SuiongNg|ITRI_TW has quit IRC | 15:04 | |
* TheJulia expects one day for someone to announce a gif of pixie boots on the moon or something | 15:04 | |
dtantsur | the PTG registration has opened, I think | 15:04 |
TheJulia | Looks like we had no action items last week, so we should be able skip that part of the meeting. | 15:05 |
TheJulia | Oh! | 15:05 |
*** ildikov has quit IRC | 15:06 | |
TheJulia | It is Forum brainstorming time! If there are items to be dsicussed or items that shoudl be held as forum topics, please add them to the victoria midcycle etherpad and we can further refine and bring those forward. | 15:06 |
TheJulia | I guess we'll be there as a team, the PTG that is? | 15:07 |
* TheJulia assumes yes | 15:08 | |
TheJulia | Anyway! Onward! | 15:08 |
*** ildikov has joined #openstack-ironic | 15:09 | |
dtantsur | yep | 15:09 |
iurygregory | ++ | 15:09 |
rpittau | yeah | 15:09 |
TheJulia | Moving to subteam status reports | 15:09 |
TheJulia | #topic Review subteam status reports | 15:09 |
*** openstack changes topic to "Review subteam status reports (Meeting topic: ironic)" | 15:09 | |
TheJulia | #link https://etherpad.openstack.org/p/IronicWhiteBoard | 15:09 |
TheJulia | Starting at line 327 | 15:10 |
TheJulia | dtantsur: you mentioned bug fix branch changes, can you write down something under breaking the cycle so we know to do it? | 15:10 |
TheJulia | I'm also not entirely sure what you were saying, so more $words is likely better | 15:11 |
TheJulia | iurygregory: any luck with grenade? | 15:11 |
*** chenhaw has quit IRC | 15:11 | |
dtantsur | TheJulia: I'll probably propose a documentation patch instead | 15:11 |
iurygregory | TheJulia, nope =( -P didn't help | 15:11 |
*** chenhaw has joined #openstack-ironic | 15:11 | |
TheJulia | dtantsur: awesome | 15:11 |
iurygregory | maybe worth to discuss during the next midcycle | 15:12 |
TheJulia | iurygregory: sounds like a great topic for the etherpad! | 15:12 |
*** johnhaan has quit IRC | 15:12 | |
*** johnhaan_ has joined #openstack-ironic | 15:12 | |
iurygregory | TheJulia, yeah I will add | 15:12 |
iurygregory | and we would probably need to merge broken so we would switch to zuulv3 | 15:13 |
iurygregory | and help the goal | 15:13 |
TheJulia | *sigh* | 15:14 |
TheJulia | well, on the plus side it would help more people see what is going on | 15:15 |
iurygregory | yeah | 15:15 |
iurygregory | compared to before, we can see some problems.. | 15:15 |
TheJulia | iurygregory: any news on privsep? | 15:15 |
TheJulia | being able to see the problems is a much better situation! | 15:15 |
iurygregory | I was able to chat with ralonsoh today (he was on PTO) | 15:16 |
iurygregory | the failure we see only in one job is a bit weird, since ironic should have access to all folders we are running the os.link | 15:16 |
rpittau | iurygregory: for privsep I think adding some more logging on the permissions of the dirs/files might help, at least for debugging | 15:16 |
iurygregory | rpittau, yeah | 15:16 |
TheJulia | To me, it seems likely that privsep will slip to next cycle? Any thoughts/concerns around this? | 15:17 |
rpittau | no concerns | 15:17 |
TheJulia | rpioso: thanks for the update on the redfish compatability profile stuffs | 15:17 |
TheJulia | arne_wiebalck: I guess we should talk about next steps for the sig. That could also be a midcycle topic I guess? | 15:17 |
iurygregory | no concerns also, but I will keep updating =) | 15:17 |
arne_wiebalck | TheJulia: yes | 15:18 |
arne_wiebalck | TheJulia: I need to pick this up | 15:18 |
rpioso | TheJulia: You're welcome. And done :) | 15:18 |
arne_wiebalck | TheJulia: I think we wanted to send out a mail re SIG meetings | 15:18 |
TheJulia | Yeah, I think that was the consensus before you went on PTO | 15:19 |
arne_wiebalck | TheJulia: And a first topic would be what to focus on after the white paper | 15:19 |
arne_wiebalck | TheJulia: There was some input from the opendev event | 15:19 |
arne_wiebalck | TheJulia: I will send out the mail to find a regular slot | 15:19 |
TheJulia | Indeed! | 15:19 |
TheJulia | Awesome! | 15:19 |
*** gyee has joined #openstack-ironic | 15:20 | |
TheJulia | Well, is everyone good to proceed to reviewing priorities for the coming week? | 15:20 |
rpittau | let's | 15:20 |
TheJulia | #topic Deciding priorities for the coming week | 15:20 |
*** openstack changes topic to "Deciding priorities for the coming week (Meeting topic: ironic)" | 15:20 | |
TheJulia | #link https://etherpad.openstack.org/p/IronicWhiteBoard | 15:20 |
TheJulia | Starting at line 156 | 15:20 |
TheJulia | Any thoughts on droppign the WSME removal changes/refactoring patches for now, they are blocked and we don't have clarity | 15:21 |
TheJulia | dropping them from the list for the next week or two, that is | 15:21 |
rpittau | sounds good, they need revision/rebase anyway | 15:21 |
*** rloo has quit IRC | 15:22 | |
TheJulia | Okay, removing merged items | 15:22 |
*** zaneb has quit IRC | 15:22 | |
*** andrein has quit IRC | 15:22 | |
*** donnyd has quit IRC | 15:22 | |
*** priteau has quit IRC | 15:22 | |
*** buhman has quit IRC | 15:22 | |
*** vkmc has quit IRC | 15:22 | |
*** mnaser has quit IRC | 15:22 | |
*** guilhermesp has quit IRC | 15:22 | |
TheJulia | just what we need during our weekly meeting, a netsplit | 15:23 |
dtantsur | \o/ | 15:23 |
rpittau | yay | 15:23 |
TheJulia | Looks like it was a small one anyway | 15:23 |
TheJulia | Okay, new items staring at line 230, any objection to adding these? | 15:24 |
iurygregory | I've updated the dhcp-less section | 15:25 |
TheJulia | Oh, that is awesome | 15:25 |
iurygregory | good thing is that we won't need changes on ipa etc | 15:25 |
iurygregory | glean just works | 15:25 |
TheJulia | impressive | 15:25 |
* TheJulia hears the lack of objections as agreement to add all the items after line 230 | 15:26 | |
iurygregory | the only fix we needed is merged https://review.opendev.org/#/c/747144/ (Vinay did some tests and reported this issue) | 15:26 |
patchbot | patch 747144 - ironic - Fix network_data path for dhcpless deployments (MERGED) - 1 patch set | 15:26 |
TheJulia | Okay list updated, Does that work for everyone? | 15:29 |
rpittau | yep | 15:30 |
stendulker | https://review.opendev.org/#/c/742936/ | 15:30 |
patchbot | patch 742936 - ironic - Allow HttpImageService to accept custom certificate - 6 patch sets | 15:30 |
TheJulia | Well, then I think it is time to move forward to discussion | 15:30 |
stendulker | Can this be added? | 15:30 |
TheJulia | stendulker: already in the list | 15:30 |
TheJulia | line 189 | 15:30 |
stendulker | TheJulia: oh, ok, Thanks | 15:31 |
TheJulia | No worries! | 15:31 |
*** weshay|ruck has quit IRC | 15:31 | |
TheJulia | #topic Discussion | 15:32 |
*** openstack changes topic to "Discussion (Meeting topic: ironic)" | 15:32 | |
*** weshay has joined #openstack-ironic | 15:32 | |
TheJulia | We have one discussion topic this morning. | 15:32 |
*** rloo has joined #openstack-ironic | 15:32 | |
*** tepper.freenode.net changes topic to "Bare Metal Provisioning | Status: http://bit.ly/ironic-whiteboard | Docs: http://docs.openstack.org/ironic/ | Bugs: https://storyboard.openstack.org/#!/project_group/75 | Contributors are generally present between 6 AM and 12 AM UTC, If we do not answer, please feel free to pose questions to openstack-discuss mailing list." | 15:32 | |
TheJulia | dtantsur: would you like the microphone? | 15:32 |
dtantsur | yep | 15:32 |
dtantsur | #link http://lists.openstack.org/pipermail/openstack-discuss/2020-August/016681.html | 15:32 |
dtantsur | this is a proposal to deprecate and eventually remove the iscsi deploy interface | 15:32 |
dtantsur | with the introduction of the image_download_source option we no longer seem to have use cases that are covered by iscsi but not by direct | 15:33 |
dtantsur | when working on deploy steps, the presence of a similar but not quite same interface implementation was a huge impediment | 15:33 |
*** zaneb has joined #openstack-ironic | 15:33 | |
*** donnyd has joined #openstack-ironic | 15:33 | |
*** andrein has joined #openstack-ironic | 15:33 | |
TheJulia | I can second the pain of the similar but fundamentally different interfaces causing headaches. | 15:34 |
dtantsur | with a goal of reducing the code base and substantially reducing the testing matrix, I'd like to remove it | 15:34 |
*** priteau has joined #openstack-ironic | 15:34 | |
*** buhman has joined #openstack-ironic | 15:34 | |
*** guilhermesp has joined #openstack-ironic | 15:34 | |
*** vkmc has joined #openstack-ironic | 15:34 | |
*** mnaser has joined #openstack-ironic | 15:34 | |
TheJulia | I'm pretty much for this proposal, I'm wondering if anyone is really objecting? | 15:35 |
* arne_wiebalck thinks that image_download_source=http for direct should be called indirect | 15:35 | |
kaifeng | how about moving it to x-stagging-drivers after removal from ironic? | 15:35 |
JayF | No objection from me. Maybe even a minor squeal of gleeful victory for the agent :D | 15:35 |
TheJulia | arne_wiebalck: propose a patch? :) | 15:35 |
iurygregory | arne_wiebalck, ++ | 15:35 |
TheJulia | I actually like that idea and deprecating/removing iscsi does open the door to that | 15:36 |
TheJulia | And it wouldn't need to be a separate interface, just an option | 15:36 |
dtantsur | arne_wiebalck: indirect is how we call it in the CI :) | 15:36 |
TheJulia | well, a separate interface of code | 15:36 |
TheJulia | So I'm not hearing objections, maybe we bring up one more time at the midcycle and if nobody screams by then go ahead and approve the deprecation? | 15:37 |
arne_wiebalck | I think this provides a very smooth transition for iscsi deployments | 15:37 |
arne_wiebalck | We should just be clear it does not address scalability issues | 15:37 |
TheJulia | it might be even easier for it to be an optional upgrade step or logic in the ugprade checker | 15:37 |
TheJulia | time for RFE Review?!? | 15:38 |
TheJulia | arne_wiebalck: ++ | 15:38 |
openstackgerrit | Ankit Kumar proposed openstack/ironic master: Enhance certificate verification for ilo harware type https://review.opendev.org/743490 | 15:39 |
TheJulia | #topic RFE Review | 15:40 |
*** openstack changes topic to "RFE Review (Meeting topic: ironic)" | 15:40 | |
TheJulia | dtantsur: are these all yours? :) | 15:40 |
dtantsur | at least added by me :) | 15:40 |
TheJulia | I need to step away for a moment, if you wouldn't mind :) | 15:40 |
dtantsur | #link https://storyboard.openstack.org/#!/story/2007214 Pass TLS certificate file from ironic to IPA via virtual media | 15:40 |
dtantsur | oops, I scared TheJulia :) | 15:40 |
iurygregory | hahaha | 15:40 |
dtantsur | anyway, the first one addresses the well known problem of TLS between ironic and the agent | 15:40 |
dtantsur | JayF helped me shape it so that it covers both static and automatic TLS | 15:41 |
dtantsur | (thanks!) | 15:41 |
JayF | One thing that on further consideration I wonder if you wanna add to that RFE | 15:41 |
dtantsur | my personal goal is to have the TLS pretty much automatically set up and enabled | 15:41 |
JayF | is the Ironic conductor presenting a client certificate to IPA | 15:41 |
*** k_mouza has quit IRC | 15:42 | |
JayF | and using the same mechanism for passing cert/key to IPA to also pass a ca file through to IPA | 15:42 |
dtantsur | yep, I haven't thought about this bit yet | 15:42 |
openstackgerrit | Dmitry Tantsur proposed openstack/ironic-python-agent master: Document in-band deploy steps and add more docs for custom steps https://review.opendev.org/747753 | 15:42 |
* TheJulia returns | 15:43 | |
dtantsur | JayF: should be easy to add, even later on | 15:43 |
JayF | ++ | 15:43 |
dtantsur | any thoughts on the overall RFE? especially if anybody understands TLS better than me? | 15:44 |
JayF | My only concern is that by design, sending a private key over to the agent over and over makes it unlikely to remain secure | 15:44 |
JayF | I think in a perfect world, we'd have Ironic generate a fresh, rapidly-expiring cert/key that's signed by a longer-lived cert | 15:45 |
dtantsur | JayF: I don't think we send the private key, do we? | 15:45 |
JayF | but there's nothing that would prevent that from being done as a later step | 15:45 |
TheJulia | as long as it seems like nothing blocks us in from doign that later, I'm good with it. | 15:45 |
dtantsur | the current proposal offers to generate the key on the agent side and send ironic its public part | 15:45 |
JayF | 2.1 bullet #2: If these are provided, embed them into the virtual media ISO and populate the oslo.service [ssl]cert_file and [ssl]key_file option in /etc/ironic-python-agent/ironic-python-agent.conf. | 15:45 |
dtantsur | ah, the client certificate part | 15:46 |
dtantsur | JayF: what if we split away the client certificates into a new RFE? | 15:46 |
dtantsur | the number of combinations here already gives me a headache | 15:46 |
JayF | but again, it can be a later enhancement so I don't view it as a blocker. It just makes it difficult to see deployers with strong preexisting certificate infrastructure being wiling to ship around private keys like that. | 15:46 |
JayF | dtantsur: +++ | 15:47 |
TheJulia | I like that idea | 15:47 |
TheJulia | (split them into two rfes | 15:47 |
TheJulia | ) | 15:47 |
dtantsur | okay, I'll split 2.1 and further improvements into a new RFE | 15:47 |
TheJulia | awesome | 15:47 |
TheJulia | next! | 15:47 |
dtantsur | how is everything else looking? | 15:47 |
* dtantsur gives people 1 more minute to add their comments | 15:47 | |
TheJulia | I already approved 2008043 | 15:47 |
TheJulia | Given it was always the intent for us to support that case | 15:48 |
dtantsur | okay, good :) | 15:48 |
TheJulia | it is just a logical progression at this point | 15:48 |
dtantsur | I'd not mind to have a volunteer for that | 15:48 |
dtantsur | #link https://storyboard.openstack.org/#!/story/2008043 (deploy steps via API) is looking for a volunteer since dtantsur is pretty busy | 15:48 |
TheJulia | ++ | 15:49 |
dtantsur | okay, moving to the last one (which is not mind, but I've put it here) | 15:49 |
dtantsur | s/mind/mine/ | 15:49 |
dtantsur | #link https://storyboard.openstack.org/#!/story/2008047 Add a feature discovery API to Ironic | 15:49 |
dtantsur | idea by dhellmann based on metal3 experience with ironic | 15:49 |
* dtantsur gives people time to read the text | 15:49 | |
openstackgerrit | Merged openstack/python-ironicclient master: Allow to pass global request id for remaining objects https://review.opendev.org/725941 | 15:50 |
TheJulia | I generally like the idea, but that seems like it could sprawl into a lot of ocde | 15:51 |
openstackgerrit | Merged openstack/python-ironicclient master: Add release note regarding global_request_id https://review.opendev.org/732590 | 15:51 |
TheJulia | code | 15:51 |
dtantsur | yep. I suspect this is something that would require a spec | 15:51 |
JayF | That API seems like it would be great. It also seems like it would be incredibly complex and a large amount of maintenance. | 15:51 |
*** Qianbiao has quit IRC | 15:51 | |
TheJulia | because it comes down to providing a concrete answer to the capability matrix of a driver, which means some of that has to be coded in with a union of what can be identified about the node | 15:51 |
JayF | I also suspect there are some capabilities which might be driver-capable but not environment-capable in a way Ironic can't identify | 15:52 |
TheJulia | dtantsur: I concur, JayF: I'm thinking the same | 15:52 |
dtantsur | well, to the best of our knowledge :) | 15:52 |
dhellmann | you could definitely build it incrementally | 15:52 |
dtantsur | dhellmann: o/ | 15:52 |
dhellmann | it doesn't have to be able to answer every possible question before it would be useful | 15:53 |
TheJulia | dhellmann: We love incrementalism here in ironic :) | 15:53 |
TheJulia | I'd love a spec that details basic mechanics, maybe an idea of how we would wire the basic internals together, and what the api response should be | 15:53 |
dhellmann | it also doesn't have to give perfect answers, if there are things ironic can't figure out | 15:53 |
*** k_mouza has joined #openstack-ironic | 15:53 | |
dhellmann | I could work with someone on that, but couldn't commit to doing the whole thing | 15:54 |
JayF | Having an oracle that's only sometimes-correct can be worse than having no answer at all. I'm not sure I agree this is a useful item to do incrementally. | 15:54 |
dtantsur | dhellmann: if it ends up being what we want downstream, somebody from our team will pair with you | 15:54 |
dhellmann | JayF: what features could we not answer definitively? | 15:54 |
dhellmann | dtantsur : ++ | 15:55 |
dtantsur | (it may be even me, given my experience with adding large stuff to ironic) | 15:55 |
JayF | dhellmann: that'd be something I'd need to think more on, but I think the matrix gets quite a few dimensions around some features | 15:55 |
dtantsur | JayF: agreed about sometimes, but there are things that we can figure out but currently don't | 15:55 |
dtantsur | like, we can look at a node and see if it has any chances of supporting virtual media at all | 15:56 |
dhellmann | I would wait to add features like that to the response set, then. | 15:56 |
TheJulia | Yeah, it could easily become a 3d matrix :\ | 15:56 |
dtantsur | by going to its redfish endpoint and seeing if the VirtualMedia resource is there | 15:56 |
dtantsur | and supports a Cd type | 15:56 |
dtantsur | and Manager-to-System mapping is 1-to-1 | 15:56 |
TheJulia | well, then there likely also needs otbe license checking | 15:56 |
TheJulia | "it is present" "And it is licensed" and "we can map it properly" | 15:56 |
dtantsur | if it can be checked - awesome! | 15:56 |
TheJulia | yeah | 15:57 |
dtantsur | then we go from "it may or may not support it" to "it's very likely to support it" | 15:57 |
TheJulia | lets focus on a single slice | 15:57 |
TheJulia | at least in terms of a spec and then see how that can be iterated upon in other areas | 15:57 |
dhellmann | sure. a first version may respond based on what ironic supports. a later version might add the license check | 15:57 |
* dtantsur adds needs-spec tag | 15:57 | |
TheJulia | Well, we seem to only have two minutes left and didn't get to Open Dsicussion | 15:58 |
TheJulia | #topic Open Discussion | 15:58 |
*** openstack changes topic to "Open Discussion (Meeting topic: ironic)" | 15:58 | |
TheJulia | Are there any other items to be discussed/raised? | 15:59 |
JayF | I wanted to toss out if we'd ever considered having an interface specifically for in-band cleaning. | 15:59 |
dtantsur | not sure I get it | 15:59 |
JayF | We have a few drivers which mix-in AgentBase to get agent cleaning support, even if agent isn't used for deployment. Just wondering if that's a good pattern to continue or if there'd be interest in making that a more clean split. | 15:59 |
dtantsur | that makes some sense at first glance; it also gives me a huge headache | 16:00 |
JayF | Right now, DeployInterface handles both deployment and cleaning. There are drivers, such as ramdisk driver, which mix-in agent for cleaning, along with another method for deployment | 16:00 |
TheJulia | JayF: is the thought to be able to have drivers that don't support cleaning? | 16:00 |
TheJulia | or nodes in configurations? | 16:00 |
*** ijw has joined #openstack-ironic | 16:00 | |
JayF | TheJulia: I'm thinking stuff like ramdisk driver, a potential future anaconda/kickstart driver, not having to worry about cleaning at all, but just handle the deployment half | 16:00 |
rloo | (also, soon-to-present rfe for an anaconda deploy driver -- not for cleaning...) | 16:01 |
TheJulia | hmm | 16:01 |
rloo | (yeah, what JayF said :)) | 16:01 |
JayF | TheJulia: since they mainly are about alternative ways to deploy, and are mostly ambivalent about cleaning -- although today that's implemented as mixing in AgentBase to get agent cleaning | 16:01 |
TheJulia | There is a knob over cleaning on the node | 16:01 |
JayF | I could see someone even wanting to, for instance, use a ramdisk driver with ansible cleaning, perhqps. | 16:01 |
TheJulia | And a long time ago there was discussion of splitting it, but in multitanant environments I suspect it would always be needed, so I'm not sure where the happy medium is at this moment | 16:02 |
dtantsur | we don't need to have no-clean implementation | 16:02 |
JayF | I just can't figure out why in our model deployment and cleaning should be unified. | 16:02 |
JayF | dtantsur: ++ | 16:02 |
TheJulia | JayF: I could see that case | 16:02 |
dtantsur | we can have a data migration that'll populate the new field based on the current deploy_interface | 16:02 |
*** lucasagomes has quit IRC | 16:02 | |
JayF | I'm not even proposing it for sure right now, I'm just curious if it passes the smell test. | 16:02 |
dtantsur | I fully agree, I wonder who can dedicate so much time to make it work | 16:02 |
JayF | Seems like it might be time for it, though. | 16:02 |
JayF | dtantsur: /me would try to volunteer zer0c00l to do it as part of the anaconda work | 16:03 |
JayF | lol | 16:03 |
TheJulia | seems like one of those 50/50 items. It might pass the smell test | 16:03 |
dtantsur | poor zer0c00l | 16:03 |
dtantsur | as somebody who's recently dived into the guts of our agent code... | 16:03 |
TheJulia | heh | 16:03 |
dtantsur | ... I don't want to do it again for such a big refactoring | 16:03 |
dtantsur | :) | 16:03 |
* TheJulia lives in that code... | 16:03 | |
rloo | it is ok to volunteeer zer0c00l with JayF as backup :D | 16:03 |
JayF | Oh no! A reversal! | 16:03 |
dtantsur | a well detailed RFE would be a good first step | 16:04 |
TheJulia | ++ | 16:04 |
TheJulia | Anyway, I guess we're done for today. Thanks everyone! | 16:04 |
JayF | ack; just wanted to make sure the answer wasn't "absolutely not" before taking more effort than a conversation | 16:04 |
JayF | o/ | 16:04 |
dtantsur | thanks! | 16:04 |
TheJulia | #endmeeting | 16:05 |
*** openstack changes topic to "Bare Metal Provisioning | Status: http://bit.ly/ironic-whiteboard | Docs: http://docs.openstack.org/ironic/ | Bugs: https://storyboard.openstack.org/#!/project_group/75 | Contributors are generally present between 6 AM and 12 AM UTC, If we do not answer, please feel free to pose questions to openstack-discuss mailing list." | 16:05 | |
*** ijw has quit IRC | 16:05 | |
openstack | Meeting ended Mon Aug 24 16:05:10 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:05 |
openstack | Minutes: http://eavesdrop.openstack.org/meetings/ironic/2020/ironic.2020-08-24-15.00.html | 16:05 |
openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/ironic/2020/ironic.2020-08-24-15.00.txt | 16:05 |
openstack | Log: http://eavesdrop.openstack.org/meetings/ironic/2020/ironic.2020-08-24-15.00.log.html | 16:05 |
dtantsur | something that did not fit into the meeting: what do you all think about developing https://review.opendev.org/#/c/743771/ into a new feature (an optional deploy step)? | 16:05 |
patchbot | patch 743771 - ironic-python-agent - [PoC] A deploy step to update /etc/default/grub - 4 patch sets | 16:05 |
*** weshay has quit IRC | 16:05 | |
*** weshay has joined #openstack-ironic | 16:05 | |
rpittau | dtantsur: I think it makes sense | 16:07 |
TheJulia | dtantsur: feasible, will we be mounting/unmounting the same image multiple times | 16:07 |
dtantsur | seems to | 16:07 |
TheJulia | also, what about running grub config with whole disk images | 16:07 |
dtantsur | run grub-install, no way around it | 16:07 |
TheJulia | well, that invalidates signed files | 16:08 |
dtantsur | assume that people who enable this step know what they are doing | 16:08 |
TheJulia | I've been thinking about doing something similar for /etc/fstab | 16:08 |
TheJulia | so I think it is reasonable | 16:08 |
JayF | I'm not super familiar with that code in particular | 16:08 |
JayF | but how does that work with Windows images? | 16:08 |
JayF | priority: 0 means it's non-default, so you just don't run that step, right? | 16:08 |
TheJulia | it would likely need to identify and run only on linux machines | 16:09 |
dtantsur | yep (the PoC has it enabled for CI testing purposes) | 16:09 |
TheJulia | we likely need a qualification helper | 16:09 |
* JayF puts on windows hat | 16:09 | |
dtantsur | it will be enabled via a deploy template, so don't use this template if your image does not support it? | 16:09 |
JayF | would we accept a similar step in the future to modify boot.ini for $windowsReasons? | 16:09 |
dtantsur | no objections from me | 16:10 |
TheJulia | JayF: I suspect so if we do it for linux | 16:10 |
dtantsur | as long as I'm not the one who writes and supports it :) | 16:10 |
JayF | Ack, WFM then :D I thought it'd be good just playing the advocate | 16:10 |
JayF | lol | 16:10 |
TheJulia | Zero objections here... and I'm with dtantsur on that one | 16:10 |
* JayF imagines the horror of a dib element to install ntfs support into an ipa ramdisk | 16:10 | |
TheJulia | file should be able to tell us if it is ntfs | 16:10 |
TheJulia | or ext[x] or xfs or jfs or whatever | 16:11 |
TheJulia | and file is a requirement | 16:11 |
dtantsur | somebody HAS asked me about software RAID for windows | 16:12 |
dtantsur | JayF: one day we may want to support btrfs as a partitioning schema :) | 16:12 |
TheJulia | I mean... if someone has the code ready I'd be happy to review and merge it if it is doable | 16:12 |
JayF | dtantsur: I don't want to take responsibility for users who want to subject their data to ritual sacrifice :D | 16:13 |
dtantsur | they say btrfs is better (heh) these days | 16:13 |
dtantsur | fedora wants to switch to it by default for desktops | 16:13 |
TheJulia | seriously? | 16:13 |
TheJulia | again?!? | 16:13 |
dtantsur | not sure about again, but for F33 :) | 16:14 |
TheJulia | JayF: would that be a ritual sacrafice of a stick of butter? | 16:14 |
JayF | you butter believe it | 16:14 |
dtantsur | https://fedoraproject.org/wiki/Changes/BtrfsByDefault | 16:14 |
TheJulia | And would that actually be more like butter being melted in a blisteringly hot cast iron pan? | 16:14 |
* TheJulia feels the need to cook with a whole stick of butter soon | 16:14 | |
* TheJulia should have a camera ready | 16:15 | |
* TheJulia goes and finds something to nom | 16:16 | |
dtantsur | I had an early start today, so bailing out now. c u | 16:16 |
JayF | o/ | 16:17 |
*** iurygregory has quit IRC | 16:18 | |
*** dtantsur is now known as dtantsur|afk | 16:19 | |
*** stendulker has quit IRC | 16:23 | |
openstackgerrit | Riccardo Pittau proposed openstack/ironic master: Enforce autospec in common tests https://review.opendev.org/747767 | 16:24 |
rpittau | goodnight o/ | 16:24 |
*** iurygregory has joined #openstack-ironic | 16:27 | |
*** ijw has joined #openstack-ironic | 16:39 | |
*** ijw_ has joined #openstack-ironic | 16:42 | |
*** k_mouza has quit IRC | 16:43 | |
*** ijw has quit IRC | 16:44 | |
*** ijw has joined #openstack-ironic | 16:48 | |
*** tosky has quit IRC | 16:49 | |
*** ijw_ has quit IRC | 16:51 | |
*** derekh has quit IRC | 17:02 | |
*** mkrai has quit IRC | 17:10 | |
*** k_mouza has joined #openstack-ironic | 17:18 | |
*** k_mouza has quit IRC | 17:23 | |
*** thiagop has joined #openstack-ironic | 17:36 | |
*** livelace has quit IRC | 17:44 | |
*** dking has joined #openstack-ironic | 17:56 | |
*** jtomasek has joined #openstack-ironic | 18:07 | |
*** kaifeng has quit IRC | 18:08 | |
*** thiagop is now known as outbrito | 18:25 | |
*** jtomasek has quit IRC | 18:27 | |
guilhermesp | hey there! im looking for a way to build my own initrd and kernel with a custom ironic-python-agent, so our user can set up those images to the nodes and have their own inspection parameters ... which would be the best way to do it? | 18:29 |
guilhermesp | in other words, we would like to customize the inspection, which i believe we can achieve that by build our ironic python agent | 18:32 |
*** outbrito is now known as thiagop | 18:34 | |
TheJulia | So you can do that. You can use ironic-python-agent-builder and set a environment variable to the appropriate path. I believe it is documented (if not, I can help you figure it out) | 18:37 |
*** jtomasek has joined #openstack-ironic | 18:37 | |
*** jtomasek has quit IRC | 18:48 | |
guilhermesp | TheJulia: hiiii thanks for the reply. I guess you mentioned https://docs.openstack.org/ironic-python-agent-builder/latest/ ... yeah i have a customer that is trying to create those images and run their own inspection process... im trying to figure out/understand what they did that resulted in a bad image, which breaks as soon as ironic loads it | 19:02 |
guilhermesp | and their steps was like | 19:02 |
guilhermesp | https://www.irccloud.com/pastebin/gRRn6fuF/ | 19:02 |
iurygregory | any logs you can share? | 19:08 |
*** lmcgann__ has joined #openstack-ironic | 19:11 | |
guilhermesp | nope unfortunately... actually it seems that the image is breaking somehow, im getting a screenshot o the console lol | 19:11 |
guilhermesp | https://usercontent.irccloud-cdn.com/file/GY1C38mZ/Untitled.png | 19:12 |
guilhermesp | that could mean a lot of stuff, but as im not seeing any issues in ironic logs, i believe that somehow their process to create those custom images is missing something | 19:13 |
* TheJulia files rebooting desktop under bad idea | 19:22 | |
*** priteau has quit IRC | 19:31 | |
*** jamesden_ has quit IRC | 20:02 | |
*** uzumaki has joined #openstack-ironic | 20:08 | |
*** dking has quit IRC | 20:08 | |
*** jamesdenton has joined #openstack-ironic | 20:09 | |
TheJulia | okay, and I'm back :( | 20:37 |
stevebaker | TheJulia: regarding https://review.opendev.org/#/c/742795 I'll refresh the series some time today regardless of where I'm at with node.py | 20:50 |
patchbot | patch 742795 - ironic - New argument validate decorator - 7 patch sets | 20:50 |
TheJulia | stevebaker: thanks | 20:50 |
*** lmcgann__ has quit IRC | 20:52 | |
*** livelace has joined #openstack-ironic | 21:14 | |
*** janders has quit IRC | 21:39 | |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: Eventlet should be monkey patched as early as possible https://review.opendev.org/746774 | 21:44 |
*** thiagop has quit IRC | 21:47 | |
*** bnemec has quit IRC | 21:50 | |
JayF | TheJulia: if you have a sec -- re: lower-constraints; is that held in a separate repo, e.g. openstack/requirements, or do I just edit it directly in our repo | 22:08 |
JayF | for IPA specifically | 22:08 |
JayF | https://gist.github.com/jayofdoom/c0fbf31bcd0964ed4b73aa0ad15b7d6a is the lower-constraints changes that appears to fix tests | 22:09 |
JayF | although I haven't version-bisected yet, the tests run with only those changes | 22:10 |
TheJulia | JayF: edit the one in our repo | 22:12 |
JayF | that sounds ezpz then. I'll find the maximally minimal change and commit it in \o/ | 22:13 |
JayF | IDK, I think I'll actually keep the changes as-is. It makes sense to depend on newer oslo.service | 22:13 |
JayF | newer oslo, newer eventlet | 22:14 |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: Eventlet should be monkey patched as early as possible https://review.opendev.org/746774 | 22:15 |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: If listen_tls is true, enable TLS on wsgi server https://review.opendev.org/747193 | 22:20 |
*** bfournie has quit IRC | 22:24 | |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent master: Eventlet should be monkey patched as early as possible https://review.opendev.org/746774 | 22:24 |
*** ijw has quit IRC | 22:25 | |
*** k_mouza has joined #openstack-ironic | 22:42 | |
*** ijw has joined #openstack-ironic | 22:46 | |
*** k_mouza has quit IRC | 22:47 | |
*** rloo has quit IRC | 22:48 | |
*** ijw has quit IRC | 22:51 | |
openstackgerrit | Jay Faulkner proposed openstack/ironic-python-agent-builder master: Add element to configure IPA with TLS, use configdir https://review.opendev.org/747309 | 23:07 |
*** ijw has joined #openstack-ironic | 23:08 | |
*** uzumaki has quit IRC | 23:09 | |
*** janders has joined #openstack-ironic | 23:18 | |
*** iurygregory has quit IRC | 23:21 | |
janders | good morning Ironic o/ | 23:32 |
*** rcernin has joined #openstack-ironic | 23:37 | |
TheJulia | good morning janders | 23:42 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!