Monday, 2021-06-14

opendevreview	Merged openstack/ironic-python-agent stable/victoria: Make _get_efi_bootloaders return relative paths https://review.opendev.org/c/openstack/ironic-python-agent/+/796016	00:04
opendevreview	Merged openstack/ironic-python-agent stable/victoria: Utilize CSV file for EFI loader selection https://review.opendev.org/c/openstack/ironic-python-agent/+/796017	00:04
opendevreview	Merged openstack/ironic-python-agent stable/ussuri: Make _get_efi_bootloaders return relative paths https://review.opendev.org/c/openstack/ironic-python-agent/+/796021	00:04
opendevreview	Merged openstack/ironic-python-agent stable/ussuri: Utilize CSV file for EFI loader selection https://review.opendev.org/c/openstack/ironic-python-agent/+/796022	00:05
opendevreview	Merged openstack/ironic-python-agent stable/train: Make _get_efi_bootloaders return relative paths https://review.opendev.org/c/openstack/ironic-python-agent/+/796030	00:05
opendevreview	Merged openstack/ironic-python-agent stable/train: Utilize CSV file for EFI loader selection https://review.opendev.org/c/openstack/ironic-python-agent/+/796031	00:05
*** priteau <priteau!~priteau@93.186.40.84> has quit IRC (Ping timeout: 480 seconds)		02:04
*** priteau <priteau!~priteau@93.186.40.84> has joined #openstack-ironic		02:06
opendevreview	Merged openstack/ironic master: Fix ironic-status db index check https://review.opendev.org/c/openstack/ironic/+/795357	02:11
*** jelabarre-rh <jelabarre-rh!~jlabarre@2601:184:c300:2231:46fc:5644:1527:c695> has quit IRC (Ping timeout: 480 seconds)		03:41
*** iurygregory_ <iurygregory_!~iurygrego@2a02:8308:a007:3900:93ab:1c8f:2b9e:9349> has joined #openstack-ironic		06:07
*** iurygregory\|afk <iurygregory\|afk!~iurygrego@ip-86-49-241-46.net.upcbroadband.cz> has quit IRC (Read error: Connection reset by peer)		06:07
arne_wiebalck	Good morning, ironic!	06:52
*** rpittau\|afk is now known as rpittau		07:07
rpittau	good morning ironic! o/	07:07
rpittau	woohoo banned for the 2nd time from freenode!	07:07
rpittau	and I guess this time for good	07:12
*** tkajinam <tkajinam!~tkajinam@240d:1a:6af:1b00:3462:14d1:c5f6:8946> has quit IRC (Quit: Leaving)		07:16
*** tkajinam <tkajinam!~tkajinam@240d:1a:6af:1b00:3462:14d1:c5f6:8946> has joined #openstack-ironic		07:17
*** tosky <tosky!~luigi@dynamic-adsl-78-13-253-141.clienti.tiscali.it> has joined #openstack-ironic		07:45
*** lucasagomes <lucasagomes!~lucasagom@89.100.20.18> has joined #openstack-ironic		07:55
dtantsur	morning ironic	08:00
dtantsur	I'm still on freenode apparently	08:00
rpittau	good morning dtantsur :)	08:00
*** derekh <derekh!~derekh@2a01:b340:80:9a52:6423:15e0:3703:2> has joined #openstack-ironic		08:12
opendevreview	vinay50muddu proposed openstack/ironic master: Support clean/deploy step to add certificates to iLO https://review.opendev.org/c/openstack/ironic/+/783133	08:14
opendevreview	Merged openstack/ironic-ui master: Remove lower-constraints job https://review.opendev.org/c/openstack/ironic-ui/+/795940	08:17
opendevreview	Merged openstack/ironic-ui master: setup.cfg: Replace dashes with underscores https://review.opendev.org/c/openstack/ironic-ui/+/795937	08:23
opendevreview	Merged openstack/ironic-ui master: Changed minversion in tox to 3.18.0 https://review.opendev.org/c/openstack/ironic-ui/+/795939	08:24
opendevreview	Merged openstack/ironic-python-agent master: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796015	09:22
opendevreview	Merged openstack/ironic-python-agent-builder stable/wallaby: Restrict publishing jobs to master https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/795891	09:26
arne_wiebalck	Starting with Victoria, I am getting "ERROR Failed to connect to the agent running on node ..." messages when getting clean/deploy steps, reproducibly. Cleaning/deployment is working fine, though, so these do not seem to be fatal. Seem to come from a recent backport. Any suggestions what to check/do?	09:41
*** Luzi <Luzi!~Luzi@ipservice-092-208-056-099.092.208.pools.vodafone-ip.de> has joined #openstack-ironic		09:47
*** mgoddard- <mgoddard-!~mgoddard@240.240.125.91.dyn.plus.net> has joined #openstack-ironic		11:35
*** mgoddard <mgoddard!~mgoddard@238.240.125.91.dyn.plus.net> has quit IRC (Ping timeout: 480 seconds)		11:38
*** mgoddard- is now known as mgoddard		11:38
dtantsur	arne_wiebalck: why exactly does it fail?	11:45
arne_wiebalck	dtantsur: on cleaning, it is the ssl verification, so it seems with to be related with the introduction of TLS verification in Victoria	11:47
dtantsur	arne_wiebalck: clock skew?	11:47
arne_wiebalck	dtantsur: erm ... let me check ...	11:48
arne_wiebalck	dtantsur: clock skew would fit with why I do not seem to see this on all nodes	11:49
dtantsur	I think you provide IPA with an NTP server to avoid that	11:50
arne_wiebalck	dtantsur: yes, we have an extra clean step	11:50
opendevreview	Dmitry Tantsur proposed openstack/ironic-python-agent stable/wallaby: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796215	11:51
arne_wiebalck	dtantsur: I did not do any tls related config before moving to victoria, maybe I miss sth	11:51
dtantsur	there is nothing much to configure, except that it's sensitive to large clock skews	11:51
arne_wiebalck	time seems ok	11:52
opendevreview	Dmitry Tantsur proposed openstack/ironic-python-agent stable/victoria: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796216	11:52
*** bburns <bburns!~bburns@c-24-63-116-246.hsd1.nh.comcast.net> has quit IRC (Quit: Leaving)		11:52
*** bburns <bburns!~bburns@c-24-63-116-246.hsd1.nh.comcast.net> has joined #openstack-ironic		11:52
dtantsur	arne_wiebalck: if you don't have https://review.opendev.org/c/openstack/ironic-python-agent/+/766498, even a couple of minutes will count	11:53
arne_wiebalck	dtantsur: thanks, but that patch is included	11:55
arne_wiebalck	I am also getting "ConnectionResetError(104, 'Connection reset by peer')", usually on deploy, but now also on cleaning	11:55
dtantsur	the last time we saw that it was an MTU mismatch	11:56
arne_wiebalck	the funny thing is that all seems to work fine :)	11:56
dtantsur	the other candidate is eventlet version	11:56
dtantsur	we have retries everywhere :)	11:56
arne_wiebalck	heh	11:56
arne_wiebalck	seems to help big time	11:56
arne_wiebalck	but neither mtu nor eventlet version can be fixed byt his	11:56
arne_wiebalck	by retries, I mean	11:57
dtantsur	eventlet is capable of transient failures	11:57
arne_wiebalck	hmm	11:57
dtantsur	and MTU mismatch CAN be fixed by retries, although it's really an edge case	11:57
dtantsur	that's not your case probably, but if you're curious: https://storyboard.openstack.org/#!/story/2008904	11:58
*** jelabarre-rh <jelabarre-rh!~jlabarre@2601:184:c300:2231:46fc:5644:1527:c695> has joined #openstack-ironic		12:00
arne_wiebalck	oh, wow, I missed that one	12:00
arne_wiebalck	ok, I keep looking and will come back if I need help :)	12:01
arne_wiebalck	thanks, dtantsur !	12:01
*** lmcgann <lmcgann!~lmcgann@2601:19b:b00:f350:f854:f5f2:22de:6296> has joined #openstack-ironic		12:57
opendevreview	Merged openstack/ironic stable/wallaby: Refactor iDRAC OEM extension manager calls https://review.opendev.org/c/openstack/ironic/+/795275	13:02
*** rloo <rloo!~rloo@2001:4998:ef83:14:8000::10c2> has joined #openstack-ironic		13:06
arne_wiebalck	dtantsur: This the IPA not accepting Ironic's certificate (not the other way round), correct? http://paste.openstack.org/show/806593/	13:08
TheJulia	good morning	13:09
dtantsur	morning TheJulia	13:10
arne_wiebalck	hey TheJulia o/	13:10
TheJulia	Anyone still left on freenode or did we all get banned?	13:11
dtantsur	TheJulia: I'm still there, I think	13:11
dtantsur	arne_wiebalck: I don't think so. I think it's how the failure to connect to IPA looks like in IPA logs	13:11
arne_wiebalck	dtantsur: so, the IPA sent its self-signed cert to ironic which does not the ca	13:11
arne_wiebalck	not know	13:12
dtantsur	yep (this is why it sends it)	13:12
TheJulia	dtantsur: ack	13:12
arne_wiebalck	the node has agent_verify_ca set to False, so Ironic should be ok with a self-signed cert, no?	13:13
dtantsur	arne_wiebalck: ironic is okay with it anyway, IPA sends it to ironic on lookup	13:13
dtantsur	you're likely going down the wrong path. if the self-signed cert was not accepted, nothing would work for you	13:13
arne_wiebalck	the thing is, the self-signed cert is not accepted and all is working	13:14
arne_wiebalck	at least from what I see	13:14
dtantsur	that's not the definition of "not accepted" I have :)	13:16
*** paras333 <paras333!~paras333@209.6.68.100> has joined #openstack-ironic		13:16
arne_wiebalck	exactly, mine neither	13:16
* TheJulia tries to wake up		13:16
arne_wiebalck	So, to unwind things: Ironic tries to get the clean step from the agent.	13:18
TheJulia	conductor log?	13:18
* TheJulia blinks		13:19
arne_wiebalck	It fails with sth like "ERROR Failed to connect to the agent running on node ... '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed"	13:19
arne_wiebalck	but then moves on	13:20
arne_wiebalck	TheJulia: this should be the relevant snippet: http://paste.openstack.org/show/806594/	13:22
TheJulia	looks like it is immediately trying to connect... or almost immediately	13:25
dtantsur	I wish requests provided more details	13:26
arne_wiebalck	there is a 2min gap, no?	13:26
arne_wiebalck	I think this is when the node boots	13:26
TheJulia	doh	13:26
arne_wiebalck	the IPA calls back, Ironic asks for clean steps	13:26
TheJulia	okay, I need more coffee and need to wake up	13:26
arne_wiebalck	:)	13:27
arne_wiebalck	Ironic fails to get the clean steps, then lists them ... huh?	13:27
TheJulia	Do we have any patches to review jam on this morning?	13:29
*** paras333_ <paras333_!~paras333@209.6.68.100> has joined #openstack-ironic		13:33
*** paras333 <paras333!~paras333@209.6.68.100> has quit IRC (Read error: Connection reset by peer)		13:33
opendevreview	Julia Kreger proposed openstack/ironic-python-agent stable/ussuri: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796217	13:35
opendevreview	Julia Kreger proposed openstack/ironic-python-agent stable/train: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796218	13:35
rpittau	TheJulia: I ahve another meeting at the same time so I won't be there :/	13:37
TheJulia	no worries	13:37
TheJulia	If we don't need to have it, we don't need to have it this week	13:37
TheJulia	or at least today	13:37
TheJulia	Last week was a blur of un-planned work	13:37
TheJulia	pas-ha[m]: is there a bug filed for https://review.opendev.org/c/openstack/ironic-inspector/+/791251/ ?	13:39
*** zaneb <zaneb!~zaneb@0001a018.user.oftc.net> has joined #openstack-ironic		13:40
*** zaneb <zaneb!~zaneb@0001a018.user.oftc.net> has quit IRC (Remote host closed the connection)		13:41
*** zaneb <zaneb!~zaneb@2600:6c5e:517f:c213:6bc0:43cc:3007:2960> has joined #openstack-ironic		13:41
*** tzumainn <tzumainn!~tzumainn@2601:19b:881:8630:fa34:41ff:feb1:df6e> has joined #openstack-ironic		13:43
*** sdanni <sdanni!~sdanni@pool-98-118-100-55.bstnma.fios.verizon.net> has joined #openstack-ironic		13:44
pas-ha[m]	TheJulia: nope, just something we've caught ourselves in downstream	13:45
pas-ha[m]	I'll create an SB story	13:45
TheJulia	pas-ha[m]: ack, thanks. Seems like it is release note worthy, fwiw. It seems really similar to another issue I've got a fix posted for where basically you can orphan the state and can't reconcile it preventing re-inspection.	13:47
TheJulia	until the process is restarted	13:47
TheJulia	pas-ha[m]: also, I'm guessing backportable just fine?	13:48
ajya	TheJulia: ok, could skip review jam today	13:50
TheJulia	ajya: Yeah, I don't think I have enough awake braincells yet today	13:50
*** Luzi <Luzi!~Luzi@ipservice-092-208-056-099.092.208.pools.vodafone-ip.de> has quit IRC (Quit: Leaving)		14:01
opendevreview	Pavlo Shchelokovskyy proposed openstack/ironic-inspector master: Do not reset FSM when ironic ports cant be queried https://review.opendev.org/c/openstack/ironic-inspector/+/791251	14:03
pas-ha[m]	TheJulia: created https://storyboard.openstack.org/#!/story/2008971, added links to the commit message, will add release note later	14:04
TheJulia	pas-ha[m]: much appreciated	14:13
opendevreview	Pavlo Shchelokovskyy proposed openstack/ironic-inspector master: Do not reset FSM when ironic ports cant be queried https://review.opendev.org/c/openstack/ironic-inspector/+/791251	14:15
pas-ha[m]	added reno ^	14:15
*** bburns <bburns!~bburns@c-24-63-116-246.hsd1.nh.comcast.net> has quit IRC (Remote host closed the connection)		14:16
*** bburns <bburns!~bburns@c-24-63-116-246.hsd1.nh.comcast.net> has joined #openstack-ironic		14:19
TheJulia	pas-ha[m]: much appreciated	14:19
*** kkillsfirst <kkillsfirst!~kkillsfir@24-119-124-196.cpe.sparklight.net> has joined #openstack-ironic		14:24
opendevreview	Dmitry Tantsur proposed openstack/ironic master: Clean up vendor prefixes for iLO boot https://review.opendev.org/c/openstack/ironic/+/796287	14:37
opendevreview	Dmitry Tantsur proposed openstack/ironic master: Rename ilo_boot_iso -> boot_iso https://review.opendev.org/c/openstack/ironic/+/796289	14:54
opendevreview	Merged openstack/ironic-python-agent stable/wallaby: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796215	15:00
TheJulia	#startmeeting ironic	15:00
opendevmeet	Meeting started Mon Jun 14 15:00:49 2021 UTC and is due to finish in 60 minutes. The chair is TheJulia. Information about MeetBot at http://wiki.debian.org/MeetBot.	15:00
opendevmeet	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	15:00
opendevmeet	The meeting name has been set to 'ironic'	15:00
TheJulia	o/	15:00
dtantsur	o/	15:00
ajya	o/	15:00
rpittau	o/	15:00
rpioso	\o	15:01
stendulker	o/	15:01
TheJulia	Greetings everyone, and welcome to our weekly meeting!	15:01
arne_wiebalck	o/	15:01
TheJulia	Our agenda can be found on the wiki	15:01
TheJulia	#link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting	15:01
TheJulia	#topic Announcements / Reminders	15:02
TheJulia	I don't believe we have anything to announce or remind ourselves of this week. Does anyone have anything to raise this week?	15:02
* TheJulia hears the crickets appear and gives it a few more moments		15:03
TheJulia	Looks like we have no action items from last week	15:03
TheJulia	I guess we can proceed to subteam status reports then	15:04
dtantsur	yep	15:04
TheJulia	#topic Review subteam status reports	15:05
TheJulia	#link https://etherpad.openstack.org/p/IronicWhiteBoard	15:05
TheJulia	arne_wiebalck: By chance have you discussed node error history with kaifeng or are we basically at no update this week?	15:06
arne_wiebalck	sorry, no update	15:07
arne_wiebalck	I will try to pick this up	15:07
TheJulia	ack	15:07
TheJulia	iurygregory_, rpittau: any update on privsep?	15:07
JayF	I'll note it's not technically a subteam, but zer0c00l put up a PR for Anaconda driver docs. I added a couple of folks as reviewers and marked it as a review prio.	15:07
* TheJulia senses iurygregory_ is out today		15:07
rpittau	no updates	15:08
TheJulia	JayF: line 75 :)	15:08
rpittau	not sure we want to have the discussion today since iury's not here	15:08
* JayF is multitasking in a downstream meeting and may not have checked the whiteboard		15:08
TheJulia	rpittau: ack	15:08
TheJulia	JayF: ack	15:08
dtantsur	yeah, I think Iury took a day off	15:08
dtantsur	TL;DR I was concerned about launching a subprocess in IPA	15:08
dtantsur	given the "fun" around eventlet	15:09
dtantsur	but yeah, we can wait for him to come back (although I won't be here next Monday.. so ironic)	15:09
TheJulia	dtantsur: ack, okay	15:09
TheJulia	hmm	15:09
TheJulia	Well, Onward to priorities for the coming week?	15:10
dtantsur	yep	15:11
TheJulia	#topic Deciding on priorites for the coming week	15:11
TheJulia	#link https://review.opendev.org/q/hashtag:ironic-week-prio+status:open	15:11
dtantsur	I have two driver_info clean-ups to add: https://review.opendev.org/c/openstack/ironic/+/796287 https://review.opendev.org/c/openstack/ironic/+/796289 cc stendulker	15:12
TheJulia	I went through about an hour ago and I didn't see much that could be added to the list at present. Does anyone have anything they would like to see on the list?	15:12
stendulker	dtantsur: Will have a look	15:12
dtantsur	thanks! I'm asking you because they touch iLO	15:12
stendulker	dtantsur: np. Thank you	15:12
dtantsur	any objections to adding these 2 patches?	15:13
TheJulia	none, they have been added	15:13
TheJulia	Does anyone have anything else this week?	15:13
dtantsur	cool thx	15:13
arne_wiebalck	TheJulia: I guess your -1 on https://review.opendev.org/c/openstack/ironic/+/768009 can be removed, no? This may prevent further reviews.	15:13
TheJulia	arne_wiebalck: likely needs to be rebased, fwiw	15:13
dtantsur	can I add baremetal-operator PRs? :D (jk)	15:13
rpittau	lol	15:14
TheJulia	oh my	15:14
TheJulia	so onward to the baremetal sig?	15:14
dtantsur	++	15:14
rpittau	let's	15:14
TheJulia	#topic Baremetal SIG	15:15
arne_wiebalck	dtantsur's presentation on the IPAB is uploaded to the usual youtube channel	15:15
TheJulia	Awesome!	15:15
dtantsur	#link https://www.youtube.com/watch?v=1L1Ld7skgDw IPA-builder introduction	15:15
arne_wiebalck	thanks again, dtantsur !	15:15
TheJulia	has a blog entry been posted to ironicbaremetal.org ?	15:15
rpittau	nice	15:15
dtantsur	I haven't posted anything	15:15
arne_wiebalck	TheJulia: should we make this the routine for new presentations?	15:16
TheJulia	Okay, If I get a few minutes I'll try to do that	15:16
arne_wiebalck	ty	15:16
arne_wiebalck	I don't think there is anything else for the SIG.	15:16
TheJulia	arne_wiebalck: I think it would be good, but we need to make it a community habit to update the blog with $new stuff that is not just the videos from the SIG	15:16
arne_wiebalck	TheJulia: ++	15:17
TheJulia	Well, in that case, time for Open Discussion	15:17
TheJulia	#topic Open Discussion	15:17
TheJulia	arne_wiebalck: looks like you had a topic :)	15:17
arne_wiebalck	yes, it is about network burn-in	15:17
arne_wiebalck	cpu, mem, disk are merged	15:17
arne_wiebalck	network is slightly more complicated as we need two nodes	15:18
arne_wiebalck	at CERN, we use dynamic pairing for this	15:18
TheJulia	Interesting	15:18
arne_wiebalck	initially with a message queue, atm with a shared file	15:18
arne_wiebalck	for upstream I was thinking to use tooz/zookeeper	15:18
arne_wiebalck	for the match making	15:19
TheJulia	I know, for a while I had a semi-dedicated iperf target for such things, But pairing can make sense from a "can two nodes talk really fast to each other"	15:19
arne_wiebalck	the first iteration may use static pairs in driver_info	15:19
arne_wiebalck	just wanted to check if the overall plan sounds ok	15:19
dtantsur	why not use another fixed server?	15:19
arne_wiebalck	you mean like the controller?	15:20
arne_wiebalck	bandwidth mostly	15:20
arne_wiebalck	imagine 100 servers trying to connect	15:20
TheJulia	you also want to check cross-node bandwidth between the racks potentially	15:20
TheJulia	oh, and yeah	15:20
TheJulia	if your doing 100 at a time your going to have saturation issues	15:20
arne_wiebalck	dtantsur: it is an option which the static approach would cover as well	15:20
TheJulia	I think the idea makes sense and the approach of simple static and then evolve it makes sense as long as we don't explicitly add requirements for new services as a hard operating requirement	15:21
arne_wiebalck	dtantsur: but it is not only connectivity, but also if we can go full steam	15:21
arne_wiebalck	TheJulia: this is why I thought tooz as we (can) use this already	15:21
JayF	It's going to be tough to get creds for something like that down into the agent, isn't it?	15:22
arne_wiebalck	TheJulia: for leader election in inspector, for instance	15:22
TheJulia	Last time I used iperf, it had no concept of credentials	15:22
JayF	I'm saying if tooz is going to be used	15:22
TheJulia	ahh	15:22
JayF	there's not any cleaning steps, afaik, which coordinate between ironic and ipa for the step	15:23
TheJulia	well, it could be determied conductor side and fed to the agent	15:23
JayF	so if you're locking for access to the network server, you're going to need creds to do that locking in IPA	15:23
JayF	or come up with a new method for IPA clean steps to coordinate with conductor	15:23
JayF	which is probably a lot more complexity than desired for this problem?	15:23
TheJulia	I don't think tooz is necessarilly for locking	15:23
TheJulia	at least, that is not my perception, at least directly	15:23
JayF	Heh. Clean steps [lock network server] [ network burn in ] [unlock network server]	15:23
TheJulia	but getting creds in, is indeed a problem	15:24
arne_wiebalck	TheJulia: it can be, I think	15:24
TheJulia	and then communication flows	15:24
JayF	where 2 of them are in the conductor and one is in IPA	15:24
JayF	and you'd only need to ensure the priorities lined up	15:24
* JayF not sure he loves that but it would likely work		15:24
dtantsur	it seems like you're enabling someone with IPA access to lock IPA on another server?	15:24
dtantsur	(not sure if it's a concern or not)	15:24
TheJulia	Lets take this path, simple start, see where that leaves us, and then iterate from there?	15:25
JayF	I'm concerned about this feature in general which is why I'm trying to hash it out :) see if it's less complex than I thought itw as at first glance	15:25
arne_wiebalck	sounds good to	15:25
arne_wiebalck	me	15:25
TheJulia	so static operator supplied info, and then see if we can do automagic	15:25
arne_wiebalck	static works as well	15:25
arne_wiebalck	it is just not so nice if you have broken servers	15:25
arne_wiebalck	ok, thanks everyone!	15:25
TheJulia	Does anyone else have anything for Open Discussion?	15:26
dtantsur	not me	15:27
lmcgann	Id just like to remind everybody about our work on the security interface spec: https://review.opendev.org/c/openstack/ironic-specs/+/576718/27/specs/approved/security-interface.rst	15:27
TheJulia	In that case, the last step of our meeting is next	15:27
TheJulia	lmcgann: perhaps a few words to express why it is important to those in attendance of today's meeting?	15:28
TheJulia	I know I'm kind of putting you on the spot, but it helps people relate and understand why	15:31
TheJulia	Anyway, I guess we can proceed with our agenda	15:32
TheJulia	#topic Who is going to run the next meeting?	15:32
TheJulia	Any volunteers ?	15:32
dtantsur	I cannot - will be out for a language exam (doh)	15:33
TheJulia	eek	15:33
arne_wiebalck	German ... should be fun!	15:33
TheJulia	should we switch IRC to German for the week?	15:33
TheJulia	Granted, it will mostly be machine translated for many of us	15:33
arne_wiebalck	only for dtantsur maybe	15:33
TheJulia	hehe	15:33
TheJulia	Well, I can do it next week, I guess	15:34
rpittau	I think I can run the next meeting	15:34
TheJulia	rpittau: you sure?	15:34
lmcgann	sorry for the delay TheJulia, Im trying to think of a good way to describe the spec	15:34
rpittau	yeah :)	15:34
JayF	dtantsur: Wie werde ich all diese Server bereitstellen?	15:34
dtantsur	:D	15:34
rpittau	but it will be in Italian :P	15:34
arne_wiebalck	molto bene!	15:35
rpittau	lol	15:35
TheJulia	lmcgann: simplest phrases or expressions generally help, or even the desired end result	15:35
TheJulia	rpittau: in Italian, ugh.	15:35
NobodyCam	Good Morning Ironic Folks, Happy Monday!	15:35
* TheJulia should actually like... learn some about Italian explicitly given Latin experience		15:35
dtantsur	I will use morse alphabet. using the word "pizza" or absence of it.	15:36
TheJulia	rpittau: Okay, I guess your running the meeting next week if nothing comes up	15:36
rpittau	cool :)	15:36
rpittau	dtantsur: that's a way :D	15:37
TheJulia	dtantsur: so do we convey everything with pizzapizza or pizza and translate that to dots and dashed and then that to words?!	15:37
TheJulia	dtantsur: or Norse alphabet?	15:37
dtantsur	for Norse alphabet we may need hjensas to run the meeting	15:38
TheJulia	dtantsur: this is true...	15:38
TheJulia	Anyway, Thanks everyone, have a wonderful week!	15:38
arne_wiebalck	Thanks TheJulia !	15:38
rpittau	thanks!	15:38
TheJulia	#endmeeting	15:39
opendevmeet	Meeting ended Mon Jun 14 15:39:04 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	15:39
opendevmeet	Minutes: https://meetings.opendev.org/meetings/ironic/2021/ironic.2021-06-14-15.00.html	15:39
opendevmeet	Minutes (text): https://meetings.opendev.org/meetings/ironic/2021/ironic.2021-06-14-15.00.txt	15:39
opendevmeet	Log: https://meetings.opendev.org/meetings/ironic/2021/ironic.2021-06-14-15.00.log.html	15:39
lmcgann	Back to the security interface, we're adding a security_interface to nodes so we can integrate with remote attestation services such as Keylime. The end goal is to accomodate use cases where owners and lessees do not necessarily trust one another and want to attest the firmware of a node they are using.	15:44
TheJulia	to help identify malicious tampering to firmware?	15:46
TheJulia	(or maybe steal some words and add it on) :)	15:46
lmcgann	malicious tampering or just for hardware owners to enforce adherence to certain uses of the node	15:47
*** hjensas is now known as hjensas\|afk		15:50
lmcgann	The IMA subsystem and available policies, which Keylime uses to generate a "golden state" of the node, can be used to ensure either certain files are not tampered with or that certain system calls are not invoked	15:51
lmcgann	But yes one use case of this checking that the firmware hasnt been messed with	15:54
opendevreview	Merged openstack/ironic-python-agent stable/victoria: Reduce logging verbosity when collecting logs https://review.opendev.org/c/openstack/ironic-python-agent/+/796216	15:55
rpittau	good night o/	16:08
*** rpittau is now known as rpittau\|afk		16:08
TheJulia	lmcgann: Thanks :)	16:13
dtantsur	have a good night folks, see you tomorrow	16:37
TheJulia	goodnight	16:56
NobodyCam	Night dtantsur	17:01
opendevreview	Ruby Loo proposed openstack/ironic master: Use env to find python3 https://review.opendev.org/c/openstack/ironic/+/796305	17:06
lmcgann	Is using the update_node call within ipa code to update certain instance-info properties a reasonable thing to do? I am trying to pass a Keylime agent uuid from the node to the controller to be used by a driver.	17:15
TheJulia	lmcgann: if they are already set, they may already be there	17:42
TheJulia	lmcgann: but yes, should be fine	17:42
arne_wiebalck	bye everyone o/	17:45
TheJulia	sdanni: but, ironic can read from the agent and update data with-in the node	17:53
sdanni	TheJulia: how does ironic read from the agent and update data?	17:54
TheJulia	it reads data by requesting a node object from the API. It has a token which permits that. Also when requests come in from ironic, it can send an updated node object as to what it has on file.	18:08
TheJulia	Individual method calls conductor side are able to update a node, such as cleaning/deployment steps	18:09
sdanni	TheJulia: so the workflow would be: during a node booting, the keylime-agent is up. ipa grabs the uuid of keylime-agent and stores it. Then Ironic makes call to ipa to request a node object and update it with keylime-agent-uuid. I just wonder how does ironic know when to reach out to ipa?	18:26
TheJulia	sdanni: more ipa starts, it can collect the uuid. Ironic can then attempt to call the agent after a heartbeat operation has occured to get this uuid. The code executing in the conductor would then store this on the node object and I guess then query the attestation system once we know attestation has occured.	19:01
sdanni	TheJulia: Gotcha. Thanks!	19:11
lmcgann	How does the conductor grab info stored on the ipa. Is it possible to do this as part of a driver itself?	19:18
TheJulia	lmcgann: via the rest api, If there is a loaded extension in IPA it can be called by the conductor via the rest api	19:25
TheJulia	for example, the image.py extension has install_bootloader or something like that	19:26
TheJulia	The same interface/mechanism can be used to get data out	19:26
lmcgann	Thanks! Ill look into this	19:33
janders	good morning Ironic o/	20:12

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!