Monday, 2021-03-15

« Sunday, 2021-03-14 Index Tuesday, 2021-03-16 »
*** ianw has joined #openstack-ironic00:11
*** tosky has quit IRC01:02
*** ociuhandu has joined #openstack-ironic01:12
*** ociuhandu has quit IRC01:26
openstackgerritRotan proposed openstack/ironic-inspector master: Fix the MismatchError  https://review.opendev.org/c/openstack/ironic-inspector/+/78021901:34
*** zzzeek has quit IRC02:09
*** zzzeek has joined #openstack-ironic02:11
*** zzzeek has quit IRC02:36
*** zzzeek has joined #openstack-ironic02:39
*** rcernin has quit IRC02:50
*** rcernin has joined #openstack-ironic02:55
*** rcernin has quit IRC03:12
openstackgerritRotan proposed openstack/ironic-inspector master: Fix the MismatchError  https://review.opendev.org/c/openstack/ironic-inspector/+/78021903:17
*** ricolin has quit IRC03:26
*** rcernin has joined #openstack-ironic03:31
*** rcernin has quit IRC03:34
*** rcernin has joined #openstack-ironic03:34
*** ricolin has joined #openstack-ironic04:12
*** baha has joined #openstack-ironic04:16
*** ricolin has quit IRC04:33
*** mkrai has joined #openstack-ironic04:59
*** k_mouza has joined #openstack-ironic05:16
*** k_mouza has quit IRC05:21
*** jamesdenton has quit IRC05:38
*** jamesdenton has joined #openstack-ironic05:40
*** anuradha1904 has joined #openstack-ironic06:10
openstackgerritRotan proposed openstack/ironic-inspector master: [WIP]Support AEP, sst at introspection data  https://review.opendev.org/c/openstack/ironic-inspector/+/76813806:38
arne_wiebalckGood morning, ironic!06:41
stevebakergood evening06:43
*** ociuhandu has joined #openstack-ironic06:56
*** viks____ has joined #openstack-ironic07:06
*** k_mouza has joined #openstack-ironic07:12
*** k_mouza has quit IRC07:16
*** rcernin has quit IRC07:17
*** ociuhandu has quit IRC07:44
*** ociuhandu has joined #openstack-ironic07:46
*** ociuhandu has quit IRC07:51
*** ociuhandu has joined #openstack-ironic08:04
openstackgerritliuzhuangzhuang proposed openstack/ironic master: update grub file name for uefi boot mode  https://review.opendev.org/c/openstack/ironic/+/78048108:05
*** jamesdenton has quit IRC08:13
*** jamesdenton has joined #openstack-ironic08:14
*** ociuhandu has quit IRC08:17
*** priteau has joined #openstack-ironic08:17
*** ociuhandu has joined #openstack-ironic08:18
*** rpittau|afk is now known as rpittau08:22
rpittaugood morning ironic! o/08:22
*** ociuhandu has quit IRC08:23
*** ociuhandu has joined #openstack-ironic08:48
*** tosky has joined #openstack-ironic08:53
*** lucasagomes has joined #openstack-ironic08:57
*** ociuhandu has quit IRC08:59
*** ociuhandu has joined #openstack-ironic08:59
*** derekh has joined #openstack-ironic09:06
*** k_mouza has joined #openstack-ironic09:12
*** k_mouza has quit IRC09:16
*** rcernin has joined #openstack-ironic09:36
*** mkrai has quit IRC09:39
*** mkrai has joined #openstack-ironic09:39
*** rcernin has quit IRC09:40
*** k_mouza has joined #openstack-ironic09:56
*** derekh has quit IRC09:57
*** derekh has joined #openstack-ironic09:57
*** derekh has quit IRC10:29
*** derekh has joined #openstack-ironic10:29
*** dtantsur|afk is now known as dtantsur10:31
dtantsurmorning ironic10:31
rpittaugood morning dtantsur :)10:35
arne_wiebalckPreparing the upgrade to Ussuri, I ran into the fact that localhost is not allowed as a callback URL for the inspector in ironic.conf anymore. We have this set like this since ever (so that I do not remember why :-), but I was wondering why this is not an allowed config any longer?10:41
openstackgerritMoshiur Rahman proposed openstack/ironic-python-agent-builder master: Fix: IPA image building with OpenSuse.  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/77872610:41
*** openstackgerrit has quit IRC10:43
*** k_mouza has quit IRC11:02
*** k_mouza_ has joined #openstack-ironic11:02
*** bfournie has quit IRC11:07
jandersgood morning / afternoon Ironic o/11:08
jandersjanders:bees 1:0 so far11:08
dtantsurarne_wiebalck: it's used in PXE configuration11:08
dtantsurUssuri allowed ironic to drive PXE configuration for inspector11:09
*** bfournie has joined #openstack-ironic11:21
rpittauhey janders :)11:21
rpittaudtantsur: when you have time can you please check my reply to your comment in https://review.opendev.org/c/openstack/ironic-python-agent/+/779812 ?11:32
dtantsurrpittau: just read. I cannot agree with blocking stable/ussuri fixes on a publishing job. I agree that we need visibility, but we can achieve it via a stable job on IPA-builder. Adding another source of breakages to stable/ussuri doesn't sound good to me.11:34
rpittaudtantsur: ok, just to clarify, do you mean adding an "ussuri" job to ipa-builder ?11:35
dtantsuryep11:35
dtantsurwhich is the expected source of breakage, right?11:35
rpittaudtantsur: yes, alright, makes sense. We still need to publish a new tinyipa ramdisk for ussuri as the current one is broken, would a dummy patch be ok? Otherwise we need something to backport :)11:37
rpittauor mmmmm  I could move the job from ipa to ipa-builder and we do both at the same time, kind of11:38
iurygregorygood morning Ironic o/11:40
jandershey iurygregory o/11:41
rpittauhey iurygregory :)11:41
*** jtomasek has joined #openstack-ironic12:03
dtantsurrpittau: it's handy to keep the job non-voting for tracking purposes. otherwise a dummy change or a smart backport - both are fine :)12:15
arne_wiebalckdtantsur: Thanks! As you may remember we do not rely on Ironic for PXE, so excuse my ignorance, but why is a localhost callback URL an issue for this functionality?12:19
* arne_wiebalck should probably also look into *why* we are doing this in our deployment12:20
dtantsurwell, ironic doesn't know that you don't use its PXE :)12:20
arne_wiebalckdtantsur: right, I am not arguing what we are doing is a good idea :)12:20
dtantsuryou can set https://docs.openstack.org/ironic/latest/configuration/config.html#inspector.callback_endpoint_override to something non-localhost12:21
arne_wiebalckusing the hostname works as well12:21
dtantsurthen you can keep the inspector endpoint as localhost12:21
dtantsuryeah12:21
arne_wiebalckusing 'localhost' with your config option does not work12:21
arne_wiebalck(if that is what you meant)12:22
dtantsurthe new option must be NOT localhost12:22
arne_wiebalckright12:22
dtantsurit defaults to endpoint_override/endpoint from keystone12:22
dtantsurand thus causes ^^^ to be non-localhost too12:22
dtantsurbut if you set it to something meaningful, you can keep using localhost for endpoint_override/in keystone12:22
dtantsur(this is IIRC, ussuri was a while ago)12:22
arne_wiebalckok12:23
arne_wiebalckbut what breaks in Ironic/PXE when you use localhost for this override?12:23
arne_wiebalck(just for interest)12:23
arne_wiebalckout of interest12:23
arne_wiebalckI mean 'localhost', not the localhost :)12:24
arne_wiebalckI *think* we do this since in our PXE we pass the host with the conductor/inspector to the IPA, and when the conductor then talks to some other inspector, things break ... but this config is pretty old, so I am not sure12:26
arne_wiebalckooh, this is the URL used by the node to post things back to the inspector?12:28
arne_wiebalckwhich is used in the PXE config to be passed as the kernel param?12:29
* arne_wiebalck begins to see why localhost makes no sense :)12:29
*** jtomasek has quit IRC12:38
*** jtomasek has joined #openstack-ironic12:40
TheJuliagood morning12:45
jandersgood morning TheJulia12:46
*** derekh has quit IRC12:50
*** k_mouza_ has quit IRC12:50
*** ricolin_ has joined #openstack-ironic12:50
*** ricolin_ has quit IRC12:50
*** k_mouza has joined #openstack-ironic12:50
*** ricolin has joined #openstack-ironic12:51
*** derekh has joined #openstack-ironic12:51
*** mkrai has quit IRC12:54
*** zaneb has joined #openstack-ironic12:58
*** zaneb has quit IRC13:03
*** zaneb has joined #openstack-ironic13:03
dtantsurmorning TheJulia13:04
dtantsurarne_wiebalck: exactly :)13:04
arne_wiebalckdtantsur: and this param is/was also used for something else and then split into two config options?13:06
arne_wiebalck13:06
dtantsurarne_wiebalck: endpoint_override itself is also used for ironic to talk to inspector. localhost is fine for this use case.13:06
arne_wiebalckdtantsur: exactly, this is what we use it for13:06
arne_wiebalckdtantsur: and the new callback_endpoint_override param can be used to tweak the callback URL passed to the IPA and needs to be set to allow 'localhost' in endpoint_override?13:09
dtantsurarne_wiebalck: correct13:12
*** rloo has joined #openstack-ironic13:12
arne_wiebalckdtantsur: ok, thanks, all clear now!13:12
*** jamesdenton has quit IRC13:14
*** jamesdenton has joined #openstack-ironic13:15
*** ricolin has quit IRC13:15
dtantsurTheJulia: FYI "baremetal:deploy_template:update deprecated without deprecated_reason or deprecated_since. This will be an error in a future release"13:20
dtantsur(and many more)13:20
dtantsurrelated, "baremetal:events:post should not configure deprecated_reason or deprecated_since as these should be configured on the DeprecatedRule indicated by deprecated_rule. This will be an error in a future release"13:20
dtantsurdunno what it all means and where exactly deprecated_reason/since have to go13:21
*** ociuhandu has quit IRC13:28
*** ociuhandu has joined #openstack-ironic13:29
janderssee you tomorrow Ironic o/13:30
dtantsuro/13:31
*** tosin has joined #openstack-ironic13:31
rpittaudtantsur: the unusual chain of changes is 780557 -> 780556 -> 78055813:38
*** ociuhandu has quit IRC13:39
*** ociuhandu has joined #openstack-ironic13:42
*** ricolin has joined #openstack-ironic13:45
TheJuliahmm, there should be a reason for most already set13:46
TheJuliainteresting13:46
TheJuliadtantsur: btw, I updated https://review.opendev.org/c/openstack/ironic/+/778340 as we discussed since anyone can technically be an owner of an allocation even those without baremetal13:49
dtantsurk will try to get to it13:49
*** ociuhandu has quit IRC13:50
*** ociuhandu has joined #openstack-ironic13:57
rpittaummm gerritbot is on PTO ?13:57
dtantsurwhy not? it's early spring, the nature is waking up13:58
TheJuliaheh13:59
arne_wiebalckmore like hibernation: it is snowing over here :)14:01
rpittau:)14:01
rpittaudo we have review jam today ?14:01
*** ociuhandu has quit IRC14:02
TheJuliayes! Anyone else want to join?14:02
TheJuliahttps://meetpad.opendev.org/ironic14:02
*** ociuhandu has joined #openstack-ironic14:03
*** ociuhandu has quit IRC14:08
*** ociuhandu has joined #openstack-ironic14:08
*** mkrai has joined #openstack-ironic14:18
*** kaifeng has joined #openstack-ironic14:56
*** openstackgerrit has joined #openstack-ironic14:58
openstackgerritDmitry Tantsur proposed openstack/ironic master: API to force manual cleaning without booting IPA  https://review.opendev.org/c/openstack/ironic/+/76979314:58
openstackgerritMerged openstack/ironic-specs master: Pre-defined system hw configuration in single step  https://review.opendev.org/c/openstack/ironic-specs/+/74072114:58
dtantsurajya: FYI ^^^14:58
TheJuliaI mentioned it on the review jam15:00
TheJulia#startmeeting ironic15:00
TheJuliao/15:00
openstackMeeting started Mon Mar 15 15:00:19 2021 UTC and is due to finish in 60 minutes.  The chair is TheJulia. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: ironic)"15:00
openstackThe meeting name has been set to 'ironic'15:00
rpittauo/15:00
rpioso\o15:00
kaifengo/15:00
ajyao/15:00
ajyadtantsur: ack15:00
mrainerio/15:00
TheJuliaGood morning everyone! And happy beginnings to Daylight Savings Time season!15:00
bdoddo/15:00
rlooo/15:00
erbarro/15:00
TheJuliaOur agenda is on the wiki15:01
TheJulia#link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting15:01
arne_wiebalcko/15:01
dtantsuro/15:01
TheJulia#topic Announcements / Reminders15:01
*** openstack changes topic to "Announcements / Reminders (Meeting topic: ironic)"15:01
TheJulia#info This week is R-4 in the Wallaby release schedule.15:01
TheJulia#info Projects which branch for RC1 will branch next week during R-3.15:02
TheJulia#info Ironic will likely be able to hold off on releasing until R-2, but devstack being changed may force us to release early that week.15:02
TheJulia#info *final* Wallaby releases will be the week of R-1 for all projects.15:03
TheJulia#info PTG is April 19th to 23rd.15:03
TheJuliatl;dr - Please register and add thoughts/ideas to the etherpad.15:03
TheJulia#link https://april2021-ptg.eventbrite.com/15:03
TheJulia#link https://etherpad.opendev.org/p/ironic-xena-ptg15:04
openstackgerritMoshiur Rahman proposed openstack/ironic-python-agent-builder master: Fix: IPA image building with OpenSuse.  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/77872615:04
TheJuliaI've signed us up for 4 days with a 1 hour session on friday to be informal social discussion. Also, for the first few days of the PTG, I've also selected an APAC friendlier time window for cross-over of discussions.15:05
* dtantsur likes the "bring your cats" part15:05
ajyaTheJulia: can you tell more about changes to devstack, what's the impact?15:05
TheJuliaajya: Devstack has branch setting changes that will go into effect or possibly breaking changes as soon as traditional projects are branched. We've seen it take upwards of a few weeks, and we've also seen them break us pretty much immediately.15:05
dtantsurajya: it's more about two things happening in R-2: requirements branching (and switching master to xena) and grenade testing Wallaby->master.15:05
TheJuliaWe just need to be cognizant of it because often it forces us to release as-is.15:06
TheJuliadtantsur++15:06
ajyathanks15:06
TheJuliaDoes anyone have anything else to announce this week? Hopefully everyone will be taking a little time off soon?15:06
*** jtomasek has quit IRC15:07
dtantsurAugust :) (but I've just had a bit)15:07
TheJuliadtantsur: I mean, one can bring dogs. Or iguanas. Or stuffed animals. It is all good :)15:08
TheJuliaA month off sounds glorious15:08
TheJuliaWe had no action items last week, so I think we can proceed to reviewing subteam status reports15:08
dtantsurI have a Pusheen!15:09
TheJulia\o/15:09
rpittauI'll bring my Cthulhu plush then!15:09
TheJuliaLast call for any other announcements or reminders?15:09
TheJuliaCthulhu, always a classic!15:10
TheJulia#topic Review subteam status reports15:10
*** openstack changes topic to "Review subteam status reports (Meeting topic: ironic)"15:10
TheJulia#link https://etherpad.opendev.org/p/IronicWhiteBoard15:10
TheJuliaStarting around line 29315:10
TheJuliabdodd: thank you for following up on that15:11
TheJuliawell, my question w/r/t redfish raid15:11
bdoddTheJulia: Aija is the one that investigated that15:13
* iurygregory is late o/15:13
TheJuliabdodd: well, thank you ajya!15:13
TheJuliaiurygregory: :)15:13
TheJuliaajya: rpioso: Looks like config molds requires an update, dated 3/815:13
TheJuliarpittau: it *does* look like the anaaconda interface is going to slip15:14
rpittauyep15:14
ajyaTheJulia: added15:15
TheJuliarpittau: I mean, we could request ffu, but I talked to JayF and zer0c00l on ?friday? and it seemed like they wanted to get everything up with CI so that means next cycle, at least to me15:15
rpittauI don't think we should rush it to be honest15:16
rlooi agree ++15:16
TheJuliaYeah, I'd still like to see it but understand15:16
TheJuliaI think we're good to proceed?15:17
dtantsur++15:17
rpittauyeah15:17
zer0c00lTheJulia: yes please15:18
zer0c00lhttps://review.opendev.org/c/openstack/requirements/+/78039715:18
TheJulia#topic Deciding on priorities for the coming week15:18
*** openstack changes topic to "Deciding on priorities for the coming week (Meeting topic: ironic)"15:18
openstackgerritMoshiur Rahman proposed openstack/ironic-python-agent-builder master: Fix: IPA image building with OpenSuse.  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/77872615:18
zer0c00lBtw i have to get a FFE https://review.opendev.org/c/openstack/requirements/+/78039715:18
TheJuliazer0c00l: I saw15:18
zer0c00lNo idea how to do that, any pointers /links would be helpful!15:19
zer0c00lthanks.15:19
TheJuliazer0c00l: if you want to get it into this release, then I have to send the email and justify it15:19
dtantsureither wait for the branches to happen or ^^^15:19
TheJuliaor that15:19
dtantsur* an email to openstack-discuss with [requirements] in it15:19
dtantsurbut given the state of the ironic patch, chances are high you'll hear "no"15:20
zer0c00lokay. We definitely want to get it done with in this cycle into wallaby15:20
zer0c00li see.15:20
zer0c00li mean if we can in wallaby, if not next cycle.15:21
TheJuliaIf xena is okay, then I think that is fine to do at this point15:21
zer0c00lTheJulia: ack. When is the wallaby code freeze?15:22
zer0c00lThe config drive feature can be shipped in X release15:22
TheJuliaI see it as an early Xena item since the patches are close, but yeah, the FFE + CI need means Wallaby is very unlikely15:22
zer0c00lok.15:22
TheJuliazer0c00l: Basically 2 weeks until we *have* to release15:22
zer0c00loh wow15:22
TheJuliayeah15:22
zer0c00lyeah no!15:22
TheJuliaheh, okay15:22
dtantsurwe're actually past feature frreeze15:22
dtantsurwe just don't obey it in ironic15:22
TheJulia++15:22
zer0c00l:)15:23
TheJuliaSo, the deciding on priorites for the week is awkward now, since we have the etherpad and the tagged items in the list15:23
dtantsurI think we only need to use the etherpad for incoming items15:24
TheJulia++15:24
TheJuliaI have no objetion so I'm adding tags15:24
TheJuliaDoes anyone have anything else they would like to add to the list for this week?15:25
TheJulia#link https://review.opendev.org/q/hashtag:%2522ironic-week-prio%2522+status:open15:25
dtantsurwe may remove the indicators until we have a good discussion (PTG?)15:26
TheJuliasounds good to me15:26
TheJuliaremoving15:26
TheJuliadtantsur: based upon your last comment, I think you may want to remove your -2 from https://review.opendev.org/c/openstack/ironic/+/77941815:28
rpittaucan we please add the tinycore 12 patches plus the final fixes for ussuri tinyipa ?15:28
dtantsurTheJulia: I would like it to move away from the dangerous approach first15:28
TheJuliarpittau: will this actually fix ussuri gates?15:29
rpittauTheJulia: yes15:29
TheJuliaadd the tag then15:29
rpittauok15:29
TheJuliadtantsur: ack15:29
TheJuliaLooks like we're good to proceed?15:29
rpittaulet's15:31
* TheJulia hears crickets15:31
* dtantsur has added indicators on the PTG etherpad15:31
TheJuliadtantsur: thanks!15:31
TheJulia#topic Discussion15:31
*** openstack changes topic to "Discussion (Meeting topic: ironic)"15:31
TheJuliaThis week, mraineri brings us a topic regarding the Redfish Forum.15:31
TheJulia#link https://redfishforum.com/15:32
TheJuliamraineri: The floor is yours15:32
mraineriI'd like to social the Redfish public forum found at https://redfishforum.com/15:32
mraineriThe forum allows anyone to post questions, comments, etc and get direct feedback from the authors of the standard15:32
dtantsurawesome! thanks mraineri15:33
mraineriSo, while we do encourage folks to join the DMTF and participate directly, we understand this isn't always possible15:33
mraineriMany of the topics involve things like feature requests, and we do take this sorts of requests and drive them back into Redfish to be standardized15:33
TheJuliaIt this someone related to the whole thing between OpenBMC developers and the DMTF on twitter?15:33
TheJulias/someone/something/15:33
mraineriBut we also have topics to help folks write client software as well15:33
TheJuliaor /somewhat15:33
mraineriSomewhat; I understand there's a lot of hesitancy around standards in general, but from a Redfish perspective, we're trying to be more open with what we do and how we interact with the rest of the world15:34
TheJuliaSounds good!15:34
mraineriAnd at the same time, one of the gaps we have within the DMTF is the major participants are on the service side of things; we'd really like more client involvement15:35
dtantsurThis has, indeed, been a problem for a long time15:35
* dtantsur has questions to ask15:35
mraineriYes, please open the flood gates on your question :)15:36
TheJuliadtantsur: in meeting questions, or outside meeting questions :)15:36
dtantsurlike why on earth is virtual media and console bound to Managers?15:36
TheJuliaor Redfish Forum questions?15:36
TheJuliaoh noes15:36
mraineriMyself and a few others review the threads daily usually15:36
dtantsurto redfish people15:36
mraineridtantsur: we actually moved it recently!15:36
dtantsur\o/15:36
* dtantsur is afraid to ask where though :D15:36
mraineriYeah, it took a while, but no one really gave us direct feedback on that for a long time15:36
TheJuliaoh no, compatability changes inbound at some point15:36
TheJuliaAre we good to proceed?15:37
mraineriAbsolutely, which is why we leave breadcrumbs with deprecation text15:37
mraineriAnd we can help you with how to walk through those types of scenarios to dynamically handle older and newer methods15:37
TheJuliamraineri: well, even then, we've seen how some implement their servers. A schism of a hard break is kind of common in my experience.15:37
mraineriTrue15:38
TheJuliaAnyway, seems like we can move on to the Baremetal SIG15:38
dtantsuris there a thread on this topic on redfishforum?15:38
mraineriBut that's also part of what we're there for on the forum; okay, there's a better way of doing something now, but how do I handle existing stuff?15:38
mraineriSpecifically for virtual media, no15:38
mraineriBut if you ask, I can certainly respond there and make the guidance available to everyone15:38
TheJuliaAwesome15:39
mraineriThat's all there is to it; if you're trying to do something and you're stuck, feel free to make a post and ask for help15:39
rpiosomraineri: Is it indexed by search engines?15:40
mraineriWe'll either guide you down the path we've already outlined in the schema/spec, or we might also scratch our heads and make changes to the standard15:40
mrainerirpioso: I think so15:40
TheJuliaAs long as it doesn't have a evil robots.txt it should get indexed15:40
TheJulias/a/an/15:40
*** tosin has quit IRC15:40
openstackgerritMerged openstack/ironic master: Update Redfish RAID release note  https://review.opendev.org/c/openstack/ironic/+/77955215:41
TheJuliaNow, most relevent things getting linked to, that is a whole different headache with search engines. :)15:41
TheJulia#topic Baremetal SIG15:41
*** openstack changes topic to "Baremetal SIG (Meeting topic: ironic)"15:41
TheJuliaI believe the next SIG meeting will be April 12th @ 2PM UTC15:41
TheJuliaThe topic will be Secure RBAC in Ironic15:41
TheJuliaarne_wiebalck: anything else to add?15:41
arne_wiebalckWe had iurygregory on the Ironic Prometheus Exporter last week (thanks again!), the video is ready and about to be published.15:41
iurygregory\o/15:42
arne_wiebalckAnd we have added some topics to the PTG agenda.15:42
TheJulia\o/15:42
arne_wiebalckVery few operators around, though :)15:42
TheJuliaHmm... we need to work on that15:43
arne_wiebalckAnyway, that's it I think.15:43
TheJuliaOkay then. Well, we have no RFE's listed, so I think that leads us to Open Discussion15:43
TheJulia#topic Open Discussion15:43
*** openstack changes topic to "Open Discussion (Meeting topic: ironic)"15:43
TheJuliaAnyone have anything to discuss this week?15:44
TheJuliaThe list of topics is getting longer for the PTG15:45
dtantsuryep15:45
TheJuliaSome really good topics as well15:46
TheJuliaWell, if nobody has anything for Open Discussion, I guess it is time to call this meeting a wrap15:49
TheJuliaThanks everyone!15:49
TheJuliaHave a wonderful week!15:50
TheJulia#endmeeting15:50
*** openstack changes topic to "Bare Metal Provisioning | Status: http://bit.ly/ironic-whiteboard | Docs: http://docs.openstack.org/ironic/ | Bugs: https://storyboard.openstack.org/#!/project_group/75 | Contributors are generally present between 6 AM and 12 AM UTC, If we do not answer, please feel free to pose questions to openstack-discuss mailing list."15:50
openstackMeeting ended Mon Mar 15 15:50:08 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:50
openstackMinutes:        http://eavesdrop.openstack.org/meetings/ironic/2021/ironic.2021-03-15-15.00.html15:50
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/ironic/2021/ironic.2021-03-15-15.00.txt15:50
openstackLog:            http://eavesdrop.openstack.org/meetings/ironic/2021/ironic.2021-03-15-15.00.log.html15:50
rpittauthanks!15:50
*** mkrai has quit IRC16:04
TheJuliaHi, Wind storm. Please go away. I don't want a migraine today16:07
*** another_larsks is now known as larsks16:07
* dtantsur sees https://review.opendev.org/c/openstack/ironic/+/778947 and cries16:09
TheJuliadtantsur: it is explicitly what was agreed upon16:10
TheJuliaan informational only signaling of the capability16:10
dtantsurTheJulia: it's an absolutely correct change16:10
TheJuliaotherwise we'll also won't be able to make decisions in tempest :(16:10
dtantsurI'm crying because I've just finished the disable_ramdisk patch, and now a merge conflict is looming :)16:10
TheJuliaoh noes16:10
TheJulia:(16:10
TheJuliawell, whatever merges first, it is not a big deal16:11
TheJulia778340 has to merge first so if it becomes 1.71, that is not a big deal16:11
dtantsurTheJulia: looking at https://review.opendev.org/c/openstack/ironic/+/778340/15/ironic/api/controllers/v1/allocation.py#22916:15
dtantsurit has node_ident, node_uuid and parent_node16:15
dtantsurat least the first two have to be redundant..16:15
dtantsurI suspect it's node_uuid. I also suspect it's not a blocking issue.16:16
TheJuliaone is a user supplied search16:16
TheJuliathe other is an override of the subresource being accessed16:17
TheJuliaThe third is the union of which should be used :\16:17
TheJuliaits because the same method is used by both controllers :(16:17
dtantsurTheJulia: parent_node_ident can be a name, right?16:17
dtantsurI don't think you account for that16:18
TheJuliaI think it gets looked up in advance16:18
TheJuliaby the parent controller16:18
dtantsurdoesn't seem so16:19
TheJuliaugh16:19
TheJuliaUGH16:20
*** hoonetorg has quit IRC16:20
dtantsurhttps://opendev.org/openstack/ironic/src/branch/master/ironic/api/controllers/v1/node.py#L165316:20
TheJuliathe example is with uuid, but i get your point16:20
dtantsurah, this is actually okay, but the code is confusing16:22
TheJuliaif it was separate helpers doing similar things but distinctly different, it would be easier16:23
dtantsuryou overwrite node_uuid on line 198, so there is no need to set it earlier16:24
dtantsurso I think the patch is fine, just confusing16:24
TheJuliayeah16:24
TheJuliaIt is also a parameter that can be passed in on another controller entry path16:25
TheJuliain that case, it is just overriden for the filter side of it later16:25
* TheJulia did not want a migraine today16:30
dtantsurspeaking of migraines, I think we've regressed and started double-JSON-encoding error messages again after the WSME transition16:31
openstackgerritRichard G. Pioso proposed x/sushy-oem-idrac master: Add resources to put iDRAC in known good state  https://review.opendev.org/c/x/sushy-oem-idrac/+/72159616:31
TheJuliaThat is a hangover with Whiskey and a migrane all at once16:32
dtantsurwhiskey++ migraine--16:32
dtantsurTheJulia: could you remind me, what are the rights of a member with regards to deployment?16:33
TheJuliaThey can change provision states and move a machine through the workflow16:34
dtantsurbut not unprovision? I'm trying to understand why allocation deletion is forbidden for them.16:34
TheJuliaunprovision as well... I think16:34
TheJuliawell, different classes of it16:34
* TheJulia looks16:34
dtantsursame question re lessee admins16:35
TheJulialesee admins only16:35
dtantsurallocation deletion logically belongs in the same basket as unprovisioning16:35
dtantsurdoes it mean that lessee members cannot unprovision too?16:35
TheJuliabut only the creator of the allocaiton can see the allocation16:35
TheJulialessee members cannot16:35
TheJulialessee, if htey didn't create the allocation, won't even be able to see the allocation16:35
dtantsurright16:36
TheJuliathink of it purely as only whoever creates it is the owner16:36
dtantsurI see a test called lessee_member_cannot_delete_their_allocation:16:36
dtantsurthis strikes me as incorrect16:36
dtantsurespecially since lessee_member_can_patch_allocation16:36
TheJuliagive me a moment16:36
TheJuliaso16:36
TheJuliamembers are explicitly expected to be able to read/update things, but not create or delete16:37
dtantsurallocation deletion ~= unprovisioning16:37
dtantsurallocation is not a physical concept, this rule does not apply to it16:37
TheJuliaso for a node itself it is SYSTEM_OR_OWNER_MEMBER_AND_LESSEE_ADMIN16:37
TheJuliaowner member can move it around, only lessee admin16:37
dtantsurimagine we finish deployment API, I hope you will agree that deployment deletion == unprovisioning?16:37
TheJuliaso if a owner also creates an allocation and they are a member, they are stuck16:38
TheJuliabut there is no way to delineate the two on the allocation side16:38
TheJuliashort of going back into the node and checking access based upon that if allocated16:38
dtantsurlessee_member_cannot_change_provision_state okay, so members are fine16:39
TheJulialessees specifically because they don't have any elevated node rights16:39
TheJuliaonly admins do really16:40
TheJuliaand that is tenant admins16:40
dtantsurI don't see a test for it so: if I'm a lessee member, can I create an allocation?16:41
TheJuliahmmmm16:41
TheJuliaso16:41
TheJuliaso, decouple the lessee concept16:42
TheJuliaThere is no allocation lessee, nor consultation of lesses in nodes16:42
TheJuliaexcept on visibility as a subnode resource16:42
TheJuliabut16:42
TheJuliathis says all system members, regardless can create an allocation16:42
TheJuliaerr16:43
TheJuliawait16:43
TheJuliathat is system16:43
dtantsurlessee_admin_can_change_provision_state16:43
* TheJulia pull sup the patch16:43
dtantsurwhich means they should be able to create allocations..16:43
TheJuliawait16:43
TheJuliaThat is system scoped16:43
TheJulianot project scoped16:43
TheJuliaso allocation creator, which is system members, or any role scoped admin16:44
TheJuliaSince we don't have a node, it is open to all project and their admins only16:44
TheJuliaagain, no lessee concept for any of this to leverage for creation/deletion16:45
dtantsurWhat I'm trying to say is:16:45
dtantsurmm, scratch it16:46
TheJuliaheh16:46
TheJuliait is not simple since the use model is different16:46
dtantsurI guess the problem is with the confusing name lessee_member_cannot_delete_their_allocation16:46
dtantsurthey should not have "their allocations"16:46
*** jamesdenton has quit IRC16:46
TheJuliabingo16:46
dtantsuralthough... they may be assigned an allocation by an admin16:46
TheJuliayes16:46
dtantsurbut they cannot unprovision, so it's fine16:47
*** jamesdenton has joined #openstack-ironic16:47
TheJuliacorrect16:47
openstackgerritMerged x/sushy-oem-idrac master: Add resources to put iDRAC in known good state  https://review.opendev.org/c/x/sushy-oem-idrac/+/72159616:47
dtantsurowner_member_cannot_delete_their_allocation16:48
dtantsurokay, this is probably wrong16:48
dtantsurTheJulia: ^^^ owner members can provision/unprovision, right?16:48
TheJuliain test_allocation.py?16:48
TheJuliaor the yaml?16:49
dtantsurI'm looking at test_rbac_project_scoped.yaml16:49
dtantsurline 231916:49
TheJulialooking16:49
dtantsur(much lines wow wow)16:49
TheJuliahmm16:49
openstackgerritVerification of a change to openstack/ironic failed: Trivial: add a missing argument to an exception  https://review.opendev.org/c/openstack/ironic/+/78027016:49
* TheJulia keeps looking16:49
TheJuliaso the issue here is likely I can't tell a node's owner apart from an allocation owner16:50
TheJuliashort of doing extra db queries16:50
TheJuliaso the allocation *is* in the member's project16:51
TheJuliaironic/common/policy.py restricts deleting to allocation_admin which points up to line 12716:52
TheJuliawhich is defined as system scoped members, or an admin in the project which created the allocation.16:52
dtantsurjust change to ALLOCATION_MEMBER?16:52
TheJuliaI guess we could, but that also allows any member of the project to nuke the allocation from high orbit16:53
dtantsurTheJulia: they can already do that by unprovisioning, no?16:53
TheJuliaonly if they are indepedendently defined as an owner of the node16:54
TheJuliaso the gray area is an owner of a node, who also uses an allocation16:54
TheJuliaor we could just allow allocation members to delete16:54
dtantsurso, the conundrum is that allocation.owner may be node.lessee, not node.owner?16:54
TheJuliamay be easier in the grand scheme of things16:54
TheJuliacorrect16:54
TheJuliaor not at all16:55
TheJuliawhich means they will have an emtpy result set potentially and the allocation failed for very good reasons16:55
TheJuliacan't allocate nodes they don't have access to16:55
dtantsuryeah, right16:55
dtantsurunless some admin creates a very interesting allocation16:55
TheJuliayup16:56
TheJuliaand in such a case, I think we should label them as evil admins16:56
dtantsur++16:56
TheJuliaSurely they were playing Voltare "When your evil"16:56
dtantsurheh16:57
TheJuliayour likely coming to understand why I've asked for people to carefully review this one :)16:57
arne_wiebalckHmm ... an ussuri conductor should be ok with a train IPA, no ?16:57
dtantsurTheJulia: yeah.. next question: why is ALLOCATION_CREATOR restricted to project owners? is it because we're handling everything else in Python?16:59
dtantsurarne_wiebalck: give or take tokens.. actually, I think yes16:59
TheJuliadtantsur: you mean line 139 in policy.py?16:59
arne_wiebalckdtantsur: does not seem to be related to tokens, more to the partition UUID and bootloader installation17:00
dtantsurTheJulia: yep17:00
TheJuliayeah, any project member with an admin role17:00
dtantsurarne_wiebalck: there was something like that, I thought I fixed it..17:00
arne_wiebalckdtantsur: it works with s/w RAID, but not without s/w RAID17:00
dtantsurTheJulia: but set_provision_state is allowed for project members?17:01
TheJuliamember not as in the role, but they are a user in the project with admin rights granted, which also gives them the member and reader roles17:01
arne_wiebalckdtantsur: I will have a look ...17:01
TheJuliaSystem members, Owner members, not lessee members17:01
dtantsurTheJulia: right, so owner members must be able to create allocations too?17:01
*** lucasagomes has quit IRC17:02
TheJuliadtantsur: so any user that is not an explicit reader only, can create an allocation then?17:02
TheJuliais that what your seeking?17:02
dtantsurTheJulia: allocation creation accompanies deployment, deletion - undeployment17:03
dtantsurthese actions must not have different ACLs17:03
TheJuliathey have to by the data model design17:03
TheJuliaI mean, the result is basically, anyone can create an allocation, which I guess I can be okay with since it will fail if they don't own baremetal or their project doesn't17:03
dtantsurif I'm a member of a project that owns some nodes, I need to be able to provision, which means I need to be able to allocate17:03
TheJuliaonly if I use the allocation api to begin with17:04
dtantsur(at some point I want to stop explicit patching of nodes for deployment)17:04
dtantsurright, this ^^17:04
dtantsurin a concurrent environment you need a sort of locking17:04
TheJuliathat is going to have to be a ptg topic17:04
rpittaugood night! o/17:04
*** rpittau is now known as rpittau|afk17:04
dtantsurallocation API was supposed to be a step away from patching nodes for deployment17:04
TheJuliayes, the instance_uuid is not enough17:04
TheJuliabut that is a whole different conundrum17:05
TheJuliaI can make it members can create, but ultimately then the argument will be why can't lessee members unprovision machines17:05
dtantsurso, my project owns some nodes (node.owner == my_user.project_id). I have a member role. I can provision, right?17:06
TheJuliaOwner access is intentionally elevated because they are the "managers of the baremetal"17:06
TheJuliayes, that would be possible17:06
dtantsurokay, then I need to be able to do allocations too17:06
dtantsur(and delete them)17:06
dtantsurlessees.... my head is going to explode17:07
TheJuliaWelcome to the club! Population 217:07
dtantsurI assumed the goal of the lessee field was to allow someone to deploy/undeploy, but nothing else17:07
dtantsuras we have now, being a member in a project that leases nodes gives you not much17:08
TheJuliabasic power options, see it, admins there deploy a thing17:08
dtantsur(which is fine in my book, but dunno)17:08
dtantsurokay, right17:08
TheJuliaI think in the end, we may want nova to grant lessee rights to users, but that will be a big giant knob on the virt driver17:08
TheJulia#notatodaything17:09
*** anuradha1904 has quit IRC17:09
dtantsurthen they'll need to undeploy, no?17:09
dtantsurokay, let's leave it there for now17:09
TheJuliayeah, they should be able to if they use nova to peel the node back17:09
dtantsurah, right. right. okay, I'm fine with lessees17:09
TheJuliaI think that is why it will need a knob since some (?most?) deployments may not want it17:10
dtantsurit seems like we need to pass our status all the way down to the allocation handling :(17:11
dtantsurwhich is.. gross17:11
TheJuliaI only used the project id so stuff got filtered appropriately down to the existing relationships17:12
dtantsurwhat's the downside of allowing lessee members to {de,}allocate as a side effect?17:12
TheJuliaand things like nova will have elevated rights anyway17:12
dtantsura (very sad) alternative is to add a new field to allocations whether to permit lessees17:13
TheJuliaI don't think there is much of a side effect, although common members won't be able to deploy ndoes... if they use the wrong project I could see this being a headache, but they used the wrong project then17:15
dtantsurTheJulia: okay, I'm about to post all the comments. Would you prefer to update the patch or create a follow-up?17:17
TheJuliaI can do a follow-up17:17
dtantsurthe most important comments are what we just discussed, I think everything else are nits17:17
TheJuliamost of these I've been doing follow-up since there are dependent patches17:17
TheJuliaokay cool17:18
TheJuliaI may not work on it with the migraine17:18
dtantsurokay, I've approved that17:18
TheJuliaat least this afternoon17:18
dtantsuryeah, no worries, let's just fit it into Wallaby17:18
openstackgerritMerged openstack/ironic-python-agent stable/victoria: Prepare to use tinycore 12  https://review.opendev.org/c/openstack/ironic-python-agent/+/78046017:18
TheJulia++17:18
dtantsurI did not comment, but the docs should likely be updated too17:19
TheJuliato reflect what we just discussed?17:20
dtantsuryep17:20
dtantsurI didn't check, but there was a doc addition on allocations17:21
*** k_mouza has quit IRC17:21
TheJuliayeah, it was highlighting the different behavior17:21
TheJuliaso I think it does need a minor change then17:21
*** k_mouza has joined #openstack-ironic17:21
TheJuliaand likely notation of a caveat17:21
dtantsurhttps://review.opendev.org/c/openstack/ironic/+/778340/15/doc/source/admin/secure-rbac.rst#15817:21
TheJulia"operators may wish to make default policy changes based upon their deployment's security requirements"17:22
openstackgerritAija Jauntēva proposed x/sushy-oem-idrac master: Add real-time status check to Lifecycle service  https://review.opendev.org/c/x/sushy-oem-idrac/+/77622417:24
*** dtantsur is now known as dtantsur|afk17:37
dtantsur|afko/17:37
openstackgerritVerification of a change to openstack/ironic failed: Trivial: add a missing argument to an exception  https://review.opendev.org/c/openstack/ironic/+/78027017:45
*** jtomasek has joined #openstack-ironic17:47
*** jtomasek has quit IRC17:50
openstackgerritMerged openstack/ironic stable/victoria: Prepare to use tinycore 12 for tinyipa  https://review.opendev.org/c/openstack/ironic/+/78045917:58
*** derekh has quit IRC18:03
*** k_mouza has quit IRC18:04
*** kaifeng has quit IRC18:05
openstackgerritAija Jauntēva proposed openstack/ironic-specs master: Followup pre-defined system hw conf in single step  https://review.opendev.org/c/openstack/ironic-specs/+/78064518:19
openstackgerritAija Jauntēva proposed openstack/ironic-specs master: Followup pre-defined system hw conf in single step  https://review.opendev.org/c/openstack/ironic-specs/+/78064518:23
*** jamesdenton has quit IRC18:31
*** jamesdenton has joined #openstack-ironic18:32
arne_wiebalckit seems my ussuri conductor / train IPA combination tries to use grub2 to install the bootloader (since it fails to see there is an EFI partition and should only call efibootmgr) ... there is a patch in ussuri to be more generous when to avoid grub2, but I don't understand why this worked before on train/train (since the detection is the same) ... tomorrow :)18:45
arne_wiebalckbye everyone o/18:46
*** ociuhandu has quit IRC18:49
*** ociuhandu has joined #openstack-ironic18:50
*** ociuhandu has quit IRC18:55
TheJuliauhh we did nothing for a long time on whole disk iamges19:08
TheJuliabut then some hardware *really* needed EFI partitions19:08
TheJuliaerr19:08
TheJuliaEFI references19:08
TheJuliaAlso, newer grub2 versions are hard breaking19:09
TheJuliawe don't know how far that has gotten since it is in centos-stream19:09
*** janders2 has joined #openstack-ironic19:09
*** janders has quit IRC19:11
*** janders2 is now known as janders19:11
*** bburns_ has quit IRC19:13
*** bburns has joined #openstack-ironic19:15
openstackgerritMerged openstack/ironic master: Allocation support for project scoped RBAC  https://review.opendev.org/c/openstack/ironic/+/77834019:15
TheJulia\o/19:16
*** ociuhandu has joined #openstack-ironic19:22
*** maelk40 has joined #openstack-ironic19:30
*** mushrushu has quit IRC19:31
*** mushrushu_ has joined #openstack-ironic19:31
*** mushrushu_ is now known as mushrushu19:32
*** maelk4 has quit IRC19:32
*** viks____ has quit IRC19:33
*** ociuhandu has quit IRC19:40
*** ociuhandu has joined #openstack-ironic20:07
arne_wiebalckTheJulia: Yeah ... I was thinking that newly created partitions are now as tagged as 'boot' (rather than 'efi', which then triggers the grub2 branch) and that this is why it worked before ... does not seem to be the case, though. I will confirm tmrw it works with train/train and take it from there. I'd like to avoid having to update the conductor and the IPA at the very same moment ...20:17
openstackgerritMerged openstack/ironic-python-agent stable/ussuri: Prepare to use ussuri jobs from ipa-builder  https://review.opendev.org/c/openstack/ironic-python-agent/+/78055720:18
openstackgerritMerged openstack/ironic-python-agent-builder master: Use tinycore 12 to build tinyipa  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/77658720:25
openstackgerritMerged openstack/ironic-python-agent-builder master: Avoid empty dependencies in tox.ini  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/77945020:25
*** ociuhandu has quit IRC20:27
openstackgerritMerged openstack/ironic-inspector master: Fix port id vs uuid in ValidateInterfacesHook  https://review.opendev.org/c/openstack/ironic-inspector/+/77907720:31
*** ociuhandu has joined #openstack-ironic20:34
*** ociuhandu has quit IRC20:47
openstackgerritMerged openstack/ironic master: Trivial: add a missing argument to an exception  https://review.opendev.org/c/openstack/ironic/+/78027020:50
openstackgerritSteve Baker proposed openstack/ironic master: Allow unsupported redfish set_boot_mode  https://review.opendev.org/c/openstack/ironic/+/77941820:54
*** bfournie has quit IRC20:56
*** lbragstad has quit IRC20:56
*** zer0c00l has quit IRC20:58
*** shadower has quit IRC20:58
*** frigo has joined #openstack-ironic20:58
*** bfournie has joined #openstack-ironic20:58
*** lbragstad has joined #openstack-ironic20:58
*** zer0c00l has joined #openstack-ironic20:58
*** shadower has joined #openstack-ironic20:58
frigo\o/20:58
*** frigo has quit IRC21:02
*** ociuhandu has joined #openstack-ironic21:19
*** bfournie has quit IRC21:22
*** bfournie has joined #openstack-ironic21:22
TheJuliadtantsur|afk: w/r/t https://review.opendev.org/c/openstack/ironic/+/778340/15/ironic/api/controllers/v1/allocation.py#376 can you calrify your ocmment21:22
TheJuliacomment21:22
*** lbragstad has quit IRC21:24
*** lbragstad has joined #openstack-ironic21:28
*** ociuhandu has quit IRC21:39
*** rcernin has joined #openstack-ironic21:57
*** ociuhandu has joined #openstack-ironic22:06
*** ociuhandu has quit IRC22:14
openstackgerritJulia Kreger proposed openstack/ironic master: WIP: Follow-up to RBAC allocation changes  https://review.opendev.org/c/openstack/ironic/+/78067722:32
openstackgerritJulia Kreger proposed openstack/ironic master: Deprecate legacy policies, update project scoped docs  https://review.opendev.org/c/openstack/ironic/+/77876722:53
openstackgerritJulia Kreger proposed openstack/ironic master: Increment API version for Secure RBAC  https://review.opendev.org/c/openstack/ironic/+/77894722:53
*** ociuhandu has joined #openstack-ironic23:00
*** ociuhandu has quit IRC23:05
*** rloo has quit IRC23:49
*** rloo has joined #openstack-ironic23:50
« Sunday, 2021-03-14 Index Tuesday, 2021-03-16 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!