Thursday, 2023-07-20

« Wednesday, 2023-07-19 Index Friday, 2023-07-21 »
JayFhow is it possible that the default opensuse tumbleweed install in wsl doesn't come with openssl? lol00:00
* TheJulia blinks00:00
JayFTheJulia: https://bpa.st/O2NQ is what raw.githubusercontent.com is serving up to me right now00:02
JayFto summarize00:02
JayF            X509v3 Subject Alternative Name: 00:03
JayF                DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com00:03
* JayF goes to look at the exact hostname on the failure00:03
TheJuliaoh goodie00:04
TheJulia++00:04
JayFokay, so here's what's actually happening00:04
JayF> + :   curl -Lf -o disk.qcow2 http://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img00:04
TheJuliaoh, look at the logs00:04
JayFredirects to github.com releases00:04
TheJuliait redirects it with 30200:04
JayFwhich has the wrong cert00:04
JayFso I think our best solution is to directly use the github.com url00:04
TheJuliawe don't have a choice00:05
TheJuliawe don't create the 302 redirect, cirros does00:05
JayFI'm saying have a human follow it lol00:05
TheJuliaAnyway, wifey needs to run out, and I can't look at a terminal anymore after trying to figure out what actually has testing, and doesn't00:05
JayFit 302s to https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86)64-disk.img 00:05
JayFso that seems like a reasonable place to pull it00:05
JayFlet me see if I can fix it...00:06
TheJuliak00:06
TheJulialikely00:06
TheJuliaplus side of writing a test and then writing code to support it, test driven development, but then when you go and go "oh, this needs more testing!, it feels like a slog00:06
JayFI think about it this way00:07
JayFmost people operate maybe like, a dozen clouds at most?00:07
JayFand have a lot of hardware00:07
JayFwe operate hundreds and hundreds in a teacup00:07
JayFit's a super hard problem and sometimes I think we forget to appreciate that when it's working  LOL00:07
TheJulia+++++00:08
TheJuliaWe operate hundreds in a coffee mug, and the plate has many other coffee mugs00:09
opendevreviewJay Faulkner proposed openstack/ironic master: CI: cirros images now 302 to github; correct the URL  https://review.opendev.org/c/openstack/ironic/+/88896100:10
opendevreviewJay Faulkner proposed openstack/ironic master: CI: Re-enable voting for Grenade job  https://review.opendev.org/c/openstack/ironic/+/88896200:10
opendevreviewJacob Anders proposed openstack/ironic master: [DNM] Retry connecting vmedia through a DVD device if available - alternate approach.  https://review.opendev.org/c/openstack/ironic/+/88874604:59
opendevreviewJacob Anders proposed openstack/ironic master: [DNM] Retry connecting vmedia through a DVD device if available - alternate approach.  https://review.opendev.org/c/openstack/ironic/+/88874605:00
fricklerJayF: TheJulia: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170 don't blame the target if your tool is broken05:43
Nisha_Agarwalmorning ironic06:10
opendevreviewyatin proposed openstack/ironic master: [DNM] Attempt source install dnsmasq  https://review.opendev.org/c/openstack/ironic/+/88812106:54
rpittaugood morning ironic! o/07:01
opendevreviewyatin proposed openstack/ironic master: [DNM] Attempt source install dnsmasq 2.89  https://review.opendev.org/c/openstack/ironic/+/88898407:17
opendevreviewVerification of a change to openstack/bifrost master failed: Refactor the use of include_vars  https://review.opendev.org/c/openstack/bifrost/+/87452310:45
*** mohammed_ is now known as mohammed11:08
iurygregorygood morning Ironic11:51
JayFfrickler: I'm going to be completely honest, I basically discarded the possibility that curl was broken because I assumed that it would break everything else in the entire world12:20
JayFThat bug makes it sound like it did break everything else in the entire world 😂12:20
iurygregoryI never expected that curl would be broken lol12:21
frickleryes, raises questions on ubuntu's QA12:22
fricklerat least it got fixed pretty fast12:23
TheJuliawow, I would have never expected such a broken package to ship13:15
jfargenWas just looking at the quickstart for bifrost and it seemed to install successfully.14:24
iurygregory\o/ happy to hear that people can follow our docs and have successful installations14:28
jfargenI see directions to enroll the node, but it doesn't mention the import of the node.14:43
jfargenAnd when running enroll, seeing this error.14:44
jfargen$ ./bifrost-cli enroll gvs02-sand2.json14:44
jfargen[WARNING]:  * Failed to parse /home/cloud-user/bifrost/playbooks/inventory/bifrost_inventory.py with script plugin: Inventory script (/home/cloud-user/bifrost/playbooks/inventory/bifrost_inventory.py) had an execution14:44
jfargenerror: 2023-07-20 10:39:57.384 4305 ERROR __main__ [-] Failed to parse JSON or YAML: while parsing a flow mapping   in "/home/cloud-user/bifrost/gvs02-sand2.json", line 5, column 22 expected ',' or '}', but got '<scalar>'14:44
jfargenin "/home/cloud-user/bifrost/gvs02-sand2.json", line 9, column 9: yaml.parser.ParserError: while parsing a flow mapping 2023-07-20 10:39:57.384 4305 ERROR __main__ [-] BIFROST_INVENTORY_SOURCE does not define a file14:44
jfargenthat could be processed: Failed to parse JSON or YAML.Tried JSON and YAML formats: Exception: Failed to parse JSON or YAML14:44
JayFwithout seeing your json file I can't be sure; but it looks like invalid json or yaml in that file14:48
JayFthe gvs02-sand2.json14:49
jfargenIs there an example of a yaml inventory file using redfish?14:52
jfargenhttps://filebin.net/mnu08251w8jofq6i/gvs02-sand2.json14:54
jfargenThere is a copy of the file.14:54
JayFaha so you gotta kill the trailing comma14:54
JayFafter the redfish_password entry14:54
JayFsame in nics[mac] as well14:54
TheJuliaactually,14:54
TheJuliaredfish_username is missing one14:55
JayFoh snap14:55
TheJuliapassword shouldn't have one for json14:55
JayFso we allow trailing commas?14:55
JayFprobably because we are using a json/yaml parser...14:55
TheJuliaso, strictly i don't remember14:55
TheJuliabut we're sort of failing on the line before14:55
TheJuliabecause it lacks one14:55
TheJuliaa json validator should complain about that14:56
jfargenOk, much happier. Thanks folks.14:56
jfargenThis doc - https://docs.openstack.org/bifrost/latest/user/howto.html#enroll-hardware, is missing the , (comma) after "redfish_username": "admin" .14:58
JayFhah14:59
JayFon it14:59
opendevreviewJay Faulkner proposed openstack/bifrost master: Correct JSON by adding missing comma  https://review.opendev.org/c/openstack/bifrost/+/88910715:00
jfargenOkay, the enroll progresses further, now seeing a new message.15:04
jfargenhttps://filebin.net/70gmlebclnj1fmo5/gvs02-bifrost.out15:04
iurygregorydo you have uuid set on your json file?15:07
iurygregoryat least from the message this seems to be the problem15:07
TheJuliaI think our in repo example files all have UUIDs15:07
JayFlol :/15:08
iurygregoryyup, maybe we shouldn't make it required and generate one, not sure...15:08
TheJuliait has been a while, and at one point we tried to name lookup15:08
jfargenThe doc says "The name, uuid, driver, and properties fields are directly mapped through to ironic. Only the driver is required.15:08
jfargen"15:08
TheJuliamaybe that code got changed in refactoring15:08
jfargenokay, I can add a uuid.15:09
JayFGonna be honest, this is the first I'm learning that you can provide a uuid at all for Ironic15:09
JayFnodes15:09
TheJuliaoh, on create! :)15:09
JayFyeah, enroll is what is happening15:09
jfargenDo we have a way to work around a dreaded self-signed cert?15:17
jfargenCaused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED15:18
jfargenFull text https://filebin.net/70gmlebclnj1fmo5/gvs02-bifrost.out15:18
iurygregoryyou can add redfish_verify_ca=False15:19
iurygregoryin the json under "driver_info" 15:20
iurygregory"redfish_verify_ca": false,15:22
iurygregorysomething like this if I recall correctly15:22
jfargenYes, the second example helped.15:34
jfargenGetting closer!15:34
TheJuliaCan I borrow a set of eyes?15:34
jfargenfatal: [gvs02-sand2 -> localhost]: FAILED! => {"changed": false, "extra_data": {"data": null, "details": "None", "response": "None"}, "msg": "Node 20000000-0000-0000-0000-000000000002 could not reach state manageable: failed to verify management credentials; the last error is Failed to get power state for node 20000000-0000-0000-0000-000000000002. Error: The attribute Actions is missing from the resource 15:34
jfargen/redfish/v1/Systems"}15:34
TheJuliajfargen: what hardware are you trying to remote control via redfish15:35
jfargendell15:35
jfargenDell R75015:35
TheJuliafirmware version of the BMC?15:35
TheJuliaiurygregory: JayF: https://bugs.launchpad.net/ironic/+bug/2028279 I feel like python lost it's mind on this one, I'd appreciate someone else's eyes looking at it15:36
jfargenFirmware Version5.10.10.0015:36
jfargenFirmware UpdatedTue Apr 19 15:01:30 202215:36
TheJuliawhat version of python-sushy is installed?15:37
iurygregoryTheJulia, ack will look at it15:38
jfargen@TheJulia Was this question "what version of python-sushy is installed?" for me?15:39
TheJuliajfargen: yes, sorry15:39
jfargenSeems not to be installed.15:40
jfargenbifrost) [cloud-user@bifrost-0 bifrost]$ sudo rpm -qa | grep python-sushy15:40
jfargen(bifrost) [cloud-user@bifrost-0 bifrost]$15:40
TheJuliatry pip-freeze looking for sushy15:40
TheJuliaerr pip freeze15:42
jfargensushy==4.5.015:43
TheJuliaso basically latest15:45
TheJuliajfargen: I hate to ask this, but could you consider updating your bmc firmware? I suspect your hitting issues around authentication. You *could* try turning off session based authentication as well, that will change the underlying behavior of the library, not horribly so, but I think things are detonating on the base lookup for where to find to authenticate. If you've got an exception in the logs, I can likely fix it or 15:46
TheJuliaaccount for it15:46
TheJuliaiurygregory: have you, by chance seen this on dell hardware?15:47
TheJuliahttps://docs.openstack.org/ironic/latest/admin/drivers/redfish.html look for "redfish_auth_type"15:47
* TheJulia wonders if base bmc config also changes the ability to use session auth15:48
rpittauwe've seen this in Dell and updateing firmware did fix that15:48
rpittausuggested version is 6.10.30.0015:48
jfargenShouldn't be an issue, let me see about doing it.15:48
TheJuliaI did kind of remember something with 5.10.10.10 specifically, but it just wasn't coming to the surface15:51
TheJuliaThanks rpittau 15:51
rpittauno problem15:51
rpittauyeah there are some bugged firmware in the 5.x series until 6.1015:51
rpittauin this case though it's indeed a compatibility issue, latest sushy works with 6.x series15:55
iurygregorysorry was having lunch16:02
iurygregoryyeah like rpittau mentioned 5 series seems to have some problems16:02
JayFIf we know current sushy doesn't work on that version of drac firmware; is there a way to give somone like jfargen that message without the IRC chat round trip? Like can sushy improve the err in those cases?16:09
TheJuliaI seem to remember 5.10.20.30 being happier, but I might be making that up16:10
JayFhttps://review.opendev.org/c/openstack/sushy/+/888649 can someone land this?16:10
TheJuliaWe don't have a mechanism to detect and return that on specific versions, the idea has been floated before and we had some pretty extreme push back from hardware vendor land on any suggestion of anything "negative"16:11
rpittauJayF: approved16:11
rpittauaaand see you tomorrow! o/16:11
TheJuliarpittau: you beat me due to the login screen! :)16:12
TheJuliaHave a wonderful evening!16:12
JayFHardware vendors don't have core review status on sushy, why do they get a vote :) 16:12
JayFIf they don't want versions blocklisted; don't release bad firmwares16:12
TheJuliaWe always attempt to play nice with everyone. :)16:12
TheJuliaWhich can be a mistake at times16:12
JayFI never want to be nice to a corp at the expense of our users :)16:12
TheJuliaI'd +2 a "known broken, report a 'update your bmc'" change16:12
JayFof course, all of those cases are 100% black and white16:13
JayFwith no grey area whatsoever16:13
JayF;) 16:13
* TheJulia notes being a core is a bit like being on the grey council16:13
JayFI've been one ignored shadow away from breaking the staff in two dramatically for years now16:14
* TheJulia wants the hall, the robes only if they are not "too warm"16:14
opendevreviewJay Faulkner proposed openstack/sushy stable/zed: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88911216:29
opendevreviewJay Faulkner proposed openstack/sushy stable/zed: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88911216:30
opendevreviewJay Faulkner proposed openstack/sushy stable/zed: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88911216:32
opendevreviewJay Faulkner proposed openstack/sushy stable/zed: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88911216:33
opendevreviewJay Faulkner proposed openstack/sushy stable/yoga: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88911416:59
opendevreviewJay Faulkner proposed openstack/sushy stable/xena: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88911517:01
mohammedTheJulia: Yesterday we have tested metal3 build after merging your fixes (sqlite database is locked) we have not seen that issue anymore :smile: but we noticed sometimes the inspection fails with the error reported here https://github.com/metal3-io/cluster-api-provider-metal3/issues/109917:11
mohammedI can see also similar failures on the ironic ci : https://zuul.opendev.org/t/openstack/build/54b3aeff26d44eb5816a485b953ed01f17:11
mohammedWe are still investigating this issue but I wanted to share this and see it you have any thoughts about it ! not sure if it is a side effect or related to the db issue ?17:11
opendevreviewMerged openstack/sushy stable/2023.1: Requests must always have a read/connect timeout  https://review.opendev.org/c/openstack/sushy/+/88864917:23
TheJuliamohammed: okay, I see what is going on, kind of17:38
TheJuliait is the retry handler, trying to retry! \o/17:38
TheJuliaand failing oddly17:38
TheJulia...weird17:38
TheJuliaso the unit test works because the logging is mocked to capture the calls. The examples were followed17:39
TheJuliathe issue is the examples were wrong of that precise use of logging :(17:39
TheJuliaokay! easy-ish fix17:39
TheJuliamohammed: on a plus side, we have clearly lessened the issue with the other work, the log is not 5 Megabytes!17:51
TheJuliatoday's question, how many times can Julia become distracted17:54
opendevreviewJulia Kreger proposed openstack/ironic master: Fix retry logic logging  https://review.opendev.org/c/openstack/ironic/+/88911718:03
mohammedI would change the question to: How many problems has Julia solved today?18:04
TheJuliaI have one I'm stumped on18:05
TheJuliaLike, it makes absolutely no sense to me18:05
TheJulialike, mentally, I'm starting to wonder *IF* the python in ubuntu is carrying some extra performance patch that makes things unsafe for our code18:06
TheJuliawheeee my ipv6 is not working, again18:07
* TheJulia just lets tox hang for a little while18:07
JayFTheJulia: after lunch, maybe we should look at that one together? I didn't fully undersrtand when I read the bug18:11
JayFbut one of those things where someone validating your assumptions would help, maybe?18:11
* JayF off to get said lunch18:11
TheJuliaJayF: sure18:11
TheJuliaJayF: I do have a 1-on-1 starting in 50 minutes, that typically runs an hour, fyi18:11
JayFso... 1pm PST then?18:11
TheJuliayeah18:12
JayFit's on the calendar, you have an inv18:12
TheJuliak18:14
opendevreviewJulia Kreger proposed openstack/ironic master: Fix retry logic logging  https://review.opendev.org/c/openstack/ironic/+/88911718:37
*** Continuity__ is now known as Continuity18:54
opendevreviewJay Faulkner proposed openstack/ironic master: DNM: Testing Nova-Ironic driver lessee change.  https://review.opendev.org/c/openstack/ironic/+/88912219:33
TheJuliahttps://bugs.launchpad.net/ironic/+bug/202675720:08
TheJuliaoriginal change https://review.opendev.org/c/openstack/ironic/+/888121/520:11
TheJuliahttps://zuul.opendev.org/t/openstack/build/817a806a3c1042488f7e5b6a1d1c22b020:12
TheJuliahttps://caf2f172638deaa44bce-d94eb819944fd5bc8105d713aef77d0b.ssl.cf1.rackcdn.com/888121/5/check/ironic-standalone-redfish/817a806/controller/logs/tempest_log.txt20:14
jfargenI've updated the iDRAC firmware to 6.10.80.00 and still seeing the same error.20:21
jfargenhttps://filebin.net/99ragngc5bdw2ljq/gvs02-bifrost.out20:22
TheJuliahttps://github.com/openstack/ironic-tempest-plugin/blob/master/ironic_tempest_plugin/tests/scenario/baremetal_standalone_manager.py20:23
jfargenIf there is a specific line number I should be interested in I would appreciate the guidance.20:27
jfargenIt might have been the Redfish API Path / redfish_system_id, it has been updated, waiting for output.20:32
JayFyeah I'm not sure jfargen, hopefully someone more dell-minded sees it20:35
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Raise an error on unknown values being filtered  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/88912820:35
JayFJulia and I are on a call troubleshooting something, you might be able to get her to look with patience :D 20:35
TheJuliajfargen: o/ uhh, what settings are you using?20:37
TheJuliajfargen: looks like you nuked the file20:47
TheJuliajfargen: I'll be out tomorrow, but can look/respond in irc20:55
JayFhttps://arstechnica.com/security/2023/07/millions-of-servers-inside-data-centers-imperiled-by-flaws-in-ami-bmc-firmware/ 21:08
TheJuliawell, luckilly most of the server BMCs out there in prod for almost everyone are not ami then21:15
TheJuliaI can't think of the company right now though21:15
TheJulia.. (and even then, the major vendors have their own firmware)21:15
JayFIt's an interesting article even if a little clickbaity though21:57
JayFI think anything that raises awareness of how bad, on average, BMC firmwares are is net-good for us21:58
jfargenDoes bifrost assume pxe and how can it be set to boot images from redfish virtual media?22:13
JayFI'm not sure what bifrost's default configuration is22:14
JayFbut I bet we have the last part documented22:14
JayFit should be as easy as, if needed, changing the boot interface22:14
JayFset to something like redfish_boot_vmedia (?)22:14
JayFhttps://docs.openstack.org/ironic/latest/admin/drivers/redfish.html#enabling-the-redfish-driver 22:15
JayFyeah redfish-virtual-media22:15
JayFI'm not sure how that looks in bifrost though22:15
JayFhttps://docs.openstack.org/ironic/latest/admin/drivers/redfish.html#virtual-media-boot is a more direct 22:15
JayFthat second link, you could just see if that works22:15
JayFand it's referenced in the instructions22:16
JayFso the settings are plumbed through bifrost somehow22:16
JayFmy hunch would be just setting the boot_interface in the inventory files during enrollment, or running the set command from that virtual-media-boot doc22:17
TheJuliaIt should just pass the values through23:54
« Wednesday, 2023-07-19 Index Friday, 2023-07-21 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!