*** ravlew is now known as Guest3203 | 04:18 | |
opendevreview | Merged openstack/ironic-python-agent master: Replace shlex module with helper function https://review.opendev.org/c/openstack/ironic-python-agent/+/898058 | 05:23 |
---|---|---|
opendevreview | Taketani Ryo proposed openstack/ironic master: Add the setting of memcached servers to keystone_authtoken https://review.opendev.org/c/openstack/ironic/+/898183 | 06:23 |
opendevreview | likui proposed openstack/ironic master: update doc and drop deprecated plugin https://review.opendev.org/c/openstack/ironic/+/898157 | 06:32 |
rpittau | good morning ironic! Happy Friday! o/ | 07:15 |
masghar | Good morning! | 08:18 |
opendevreview | Adam Rozman proposed openstack/ironic-python-agent master: improve multipathd error handling https://review.opendev.org/c/openstack/ironic-python-agent/+/898209 | 08:52 |
opendevreview | Adam Rozman proposed openstack/ironic-python-agent master: improve multipathd error handling https://review.opendev.org/c/openstack/ironic-python-agent/+/898209 | 10:44 |
opendevreview | Verification of a change to openstack/ironic-python-agent master failed: implement basic-auth support for user-image download process https://review.opendev.org/c/openstack/ironic-python-agent/+/890272 | 11:50 |
iurygregory | good morning Ironic | 12:22 |
iurygregory | TheJulia, sure, so since we added the Retry logic and the fallback from CD to DVD in case the HW doesn' | 12:24 |
iurygregory | doesn't have support for CD devices in https://review.opendev.org/c/openstack/ironic/+/888746 | 12:24 |
iurygregory | we fail to eject the media we attached to a DVD device from the hardware | 12:25 |
opendevreview | Iury Gregory Melo Ferreira proposed openstack/ironic master: Make sure we eject media from DVD when CD is requested https://review.opendev.org/c/openstack/ironic/+/897989 | 12:48 |
iurygregory | dtantsur, thanks for the review on it ^ I've updated the release note | 12:48 |
opendevreview | Verification of a change to openstack/ironic-python-agent master failed: implement basic-auth support for user-image download process https://review.opendev.org/c/openstack/ironic-python-agent/+/890272 | 13:10 |
TheJulia | iurygregory: I guess I'm still sort of wondering, why not just detach everything then | 13:22 |
iurygregory | I'm ok with just ignoring "boot_device" | 13:23 |
iurygregory | but we need to agree this is the path :D | 13:23 |
iurygregory | not sure if would affect the design to attach vmedia outside the workflow or not (I don't think it will) cc dtantsur rpittau | 13:24 |
dtantsur | we currently plan to have boot device supported | 13:24 |
iurygregory | if we don't care about the boot device we just go and "Eject all the media!" | 13:24 |
dtantsur | which means, we'll need to implement the DVD workaround anyway | 13:24 |
dtantsur | (you can do "detach all" for the deploy case if you wish) | 13:25 |
iurygregory | but since we kinda need backport this would make things complicated? | 13:25 |
iurygregory | maybe someone manually attach things to their hardware for $reasons we don't know and this could break them? | 13:25 |
dtantsur | You mean, the risk of breaking $something? | 13:25 |
iurygregory | yes | 13:26 |
TheJulia | I think we *should* break them then, what if it is an attacker? | 13:26 |
TheJulia | it was clearly done with elevated access outside ironic's interaction | 13:26 |
dtantsur | I'm not against it, just please keep the code available - we need it for the new API | 13:27 |
TheJulia | dtantsur: when your speaking of boot device, do you mean just attaching a boot iso, nothing else in a deployment flow | 13:27 |
dtantsur | sorry, I don't get the question. we're talking about two things here: | 13:27 |
dtantsur | 1) normal deployment where an ISO but possibly also USB/floppy are attached and detached | 13:27 |
dtantsur | 2) new API where an devices can be attached or detached at the user's choice | 13:28 |
dtantsur | #2 will need the DVD workaround regardless of what we decide for #1 | 13:28 |
TheJulia | okay, that makes sense | 13:28 |
TheJulia | #2, basically we would need to also keep in memory where we attached to | 13:28 |
dtantsur | That's not in the plans | 13:29 |
iurygregory | ok, I see | 13:30 |
TheJulia | For #1, I'd advocate detaching everything is just a good security measure | 13:30 |
dtantsur | The planned API is 1) connect $url to ISO/floppy/USB, 2) disconnect CD/floppy/USB, 3) disconnect everything | 13:30 |
TheJulia | oh, even better! | 13:30 |
* TheJulia likes disconnect everything | 13:31 | |
iurygregory | nice | 13:31 |
* TheJulia then suggests a conveyer belt to transport the servers into the concrete box machine | 13:31 | |
iurygregory | WOW | 13:31 |
TheJulia | We, after all, must ensure secure servers ;) | 13:31 |
TheJulia | The most secure servers are embedded in concrete! | 13:31 |
iurygregory | ++ | 13:32 |
dtantsur | truth | 13:32 |
iurygregory | so we can go with the workaround (since it will be needed anyway) | 13:32 |
iurygregory | and we can update things to "eject all the media" also (in another patch probably) | 13:32 |
iurygregory | sounds like a plan? | 13:33 |
TheJulia | Yeah, I'm good with that since you mentioned you need to backport the fix your working on now | 13:33 |
iurygregory | pain of backports... | 13:33 |
iurygregory | upstream and downstream | 13:33 |
TheJulia | https://www.youtube.com/watch?v=g8IVI0sZ6F8 <-- I got dhcp-less vmedia to boot in CI | 13:34 |
iurygregory | \o/ | 13:35 |
iurygregory | <happy gif dance> | 13:35 |
TheJulia | I hit a challenge though, and I need opinions, any thoughts on installing, but not directly enabling glean in tinyipa builds? | 13:35 |
TheJulia | (the whole, no nested virt on rackspace's cloud code path in our devstack plugin so we can reliably run jobs) | 13:36 |
iurygregory | I have thoughts on renaming tinyipa :D | 13:36 |
iurygregory | but +1 from me | 13:36 |
TheJulia | to? | 13:36 |
iurygregory | nottinyipa LOL | 13:38 |
TheJulia | heh | 13:39 |
rpittau | well it is tiny compared to other distros | 13:39 |
TheJulia | very much so | 13:39 |
iurygregory | yeah =) | 13:39 |
iurygregory | I wish I could understand the magic in gophercloud about fixing CI | 13:40 |
iurygregory | but I'm not going to try to understand, I will just add a workaround =X | 13:40 |
TheJulia | :( | 13:40 |
iurygregory | no idea why "sudo apt update && sudo apt -y upgrade" works well outside an action, but doesn't work when defined in the action :D | 13:41 |
TheJulia | inside a container | 13:41 |
TheJulia | your blocked from touching the portion of things for booting the system right? | 13:42 |
rpittau | iurygregory: mmm that sounds familiar, can you send me a link ? | 13:42 |
iurygregory | TheJulia, hummm | 13:42 |
iurygregory | rpittau, https://github.com/gophercloud/gophercloud/pull/2805 | 13:43 |
iurygregory | we had the idea to add the workaround directly in the devstack-action https://github.com/EmilienM/devstack-action/pull/15 | 13:43 |
iurygregory | so we would just bump the action version, but it didn't work :D | 13:43 |
iurygregory | attempt to bump the action version with the PR15 https://github.com/gophercloud/gophercloud/pull/2808 | 13:44 |
iurygregory | baremetal jobs broken https://github.com/gophercloud/gophercloud/actions/runs/6497520105/job/17646816590?pr=2808 but on 2805 they are green lol | 13:44 |
rpittau | I believe that's a limitation of the github actions, you need to express that in a different way if I remember correctly, but I see you got it with the workaround, no? | 13:47 |
rpittau | iurygregory: also you could just specify that single package, not everything | 13:48 |
rpittau | and install what version you need | 13:48 |
iurygregory | rpittau, yeah the workaround works if not inside the action | 13:51 |
iurygregory | well I just need to run update and upgrade (wondering if would need to be two separate things in the action...) | 13:51 |
iurygregory | but they are ok with merging to make the jobs working again, so it's ok | 13:52 |
rpittau | iurygregory: I would separate the two things, just as good practice, then install the package you need instead of upgrading everything | 13:53 |
iurygregory | well, according to the problem we are having the workaround is to run update upgrade :D | 13:53 |
* TheJulia tries to remember the way to install stuff in tinyipa | 13:53 | |
dtantsur | TheJulia, just no glean please | 14:00 |
dtantsur | at least not until we fix the issue with several config-2's | 14:00 |
dtantsur | (this is why our docs say "rebuild your image with simple-init" rather than just doing it on our side) | 14:00 |
TheJulia | dtantsur: that is what I'm trying to fix, I'm specifically trying to retool the approach without doing the on-boot pattern | 14:01 |
TheJulia | so we can detect and use the correct configuration source | 14:01 |
dtantsur | \o/ | 14:02 |
dtantsur | Then I'll have no objections | 14:02 |
TheJulia | okay, cool | 14:02 |
* TheJulia removes python2 support first | 14:02 | |
dtantsur | wow python 2 :D | 14:03 |
TheJulia | well, from the builder | 14:03 |
dtantsur | ah, that was for centos 7 right? but I think we use python 3 even there nowadays | 14:04 |
TheJulia | yeah | 14:04 |
TheJulia | I think the path forward might be to have glean, but not simple-init with dib, just so it is decoupled completely but not *quite* there yet | 14:07 |
TheJulia | we're eventually going to need to retool installs in tinyipa, since we use setup.py sdist execution in it | 14:16 |
dtantsur | Unrelated: does https://review.opendev.org/c/openstack/ironic/+/898183/ mean that we need to install memcachedb in bifrost when keystone is enabled? | 14:17 |
rpittau | TheJulia: I was looking at that a while ago and then dropped for other priorities, I could revamp it, do you have something specific in mind? | 14:18 |
TheJulia | rpittau: I don't know the options, I just know locally running unit tests I get a nice big warning about deprecated usage of setup.py | 14:20 |
TheJulia | dtantsur: ugh, Dunno. The code path as I remember it was that it would try and shunt to re-looking up | 14:20 |
TheJulia | dtantsur: if that is *still the same* then it is fine without | 14:21 |
iurygregory | did we ever faced some error like https://askubuntu.com/questions/1231781/errors-encountered-while-processing-grub-efi-amd64-signed-and-shim-signed-p ? | 14:21 |
iurygregory | I seem to remember something about problems in /boot/efi... | 14:22 |
TheJulia | We've encountered many such issues | 14:24 |
TheJulia | with varying flavors | 14:24 |
TheJulia | and sprinkles | 14:24 |
TheJulia | a bit like ice cream :) | 14:24 |
JayF | we do a setup.py style install in tinyipa?! lol | 14:24 |
rpittau | TheJulia: mmm I guess that's the easy_install part, plus a couple more things, I guess we could use pure pip -> https://packaging.python.org/en/latest/discussions/pip-vs-easy-install/ | 14:24 |
JayF | that has been deprecated for a while | 14:24 |
iurygregory | TheJulia, yeah | 14:25 |
iurygregory | time to look at the the labels in the disks etc... yay | 14:26 |
TheJulia | iurygregory: labels in disks? huh? | 14:28 |
iurygregory | if is using the right type of filesystem | 14:29 |
iurygregory | etc | 14:29 |
TheJulia | regarding vmedia config? | 14:30 |
iurygregory | nope, the gophercloud jobs | 14:30 |
TheJulia | oh! yah | 14:30 |
rpittau | bye everyone, have a great weekend! o/ | 14:59 |
iurygregory | flags are in place, things look totally ok | 15:19 |
iurygregory | but removing cache helped :D | 15:19 |
iurygregory | https://askubuntu.com/questions/1276111/error-upgrading-grub-efi-amd64-signed-special-device-old-ssd-does-not-exist | 15:20 |
TheJulia | oh wow | 15:28 |
TheJulia | nice | 15:28 |
iurygregory | manually it works | 15:29 |
iurygregory | lets see when trying to add to the workflow in the action :D | 15:29 |
iurygregory | Green \o/ https://github.com/gophercloud/gophercloud/actions/runs/6510167001 | 15:58 |
opendevreview | Dmitry Tantsur proposed openstack/ironic master: First pass at the new in-band inspection docs https://review.opendev.org/c/openstack/ironic/+/898237 | 16:08 |
dtantsur | masghar: ^^ | 16:08 |
dtantsur | on this positive note I'm wishing everyone a nice weekend | 16:08 |
masghar | Excellent! Happy weekend | 16:09 |
iurygregory | have a great weekend dtantsur | 16:24 |
TheJulia | So here is a conundrum. If I dynamically create a network in tempest.... how do I add routing to that since neutron doesn't solve that part for me | 16:33 |
iurygregory | can't we call the API that adds the route? (via client for example?) | 16:34 |
TheJulia | I'm talking about on the devstack host | 16:34 |
iurygregory | ohhhh | 16:34 |
iurygregory | ok | 16:34 |
TheJulia | say we assign 10.0.6.0/24 as a brand new network | 16:34 |
TheJulia | we have no route to it | 16:34 |
TheJulia | we go out the default :\ | 16:34 |
iurygregory | I see | 16:34 |
* iurygregory wondering about calling subprocess in the test to execute the command to add the route | 16:35 | |
TheJulia | yeah, that feels like the "easiest" path | 16:36 |
iurygregory | yeah, at least from what I remember since we don't need external deps to use it | 16:36 |
iurygregory | we can have a script in ansible or something in the repo that will execute and in subprocess we just call it | 16:37 |
iurygregory | or just add the shell commands directly | 16:37 |
TheJulia | the other challenge is changing the route table is a root command | 16:39 |
TheJulia | tempest has no concept of this internally | 16:40 |
TheJulia | I think I'm quickly heading in a path of a reserved special IP | 16:41 |
TheJulia | and setup a route in devstack ahead of time :\ | 16:41 |
iurygregory | hummm that could work | 16:41 |
iurygregory | and we can have this with ansible and add in the job to run this before installing | 16:41 |
TheJulia | we just need to set aside an IP to run the command really | 16:47 |
iurygregory | truth | 16:54 |
opendevreview | Julia Kreger proposed openstack/ironic-python-agent-builder master: Remove USE_PYTHON3 option https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/898241 | 17:02 |
opendevreview | Julia Kreger proposed openstack/ironic-python-agent-builder master: DNM: Add Glean into TinyIPA image https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/898242 | 17:02 |
iurygregory | wooow USE_PYTHON3 | 17:02 |
opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/898006 | 17:03 |
opendevreview | Merged openstack/ironic-python-agent master: implement basic-auth support for user-image download process https://review.opendev.org/c/openstack/ironic-python-agent/+/890272 | 17:08 |
opendevreview | Julia Kreger proposed openstack/ironic master: WIP/DNM: Advanced vmedia deployment test ops https://review.opendev.org/c/openstack/ironic/+/898010 | 17:35 |
TheJulia | Okay, lets see if that gets us much further | 17:35 |
opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/898006 | 18:08 |
opendevreview | Julia Kreger proposed openstack/ironic master: WIP/DNM: Advanced vmedia deployment test ops https://review.opendev.org/c/openstack/ironic/+/898010 | 19:03 |
TheJulia | wheee Details: {'type': 'PolicyNotAuthorized', 'message': '(rule:create_router and (rule:create_router:external_gateway_info and (rule:create_router:external_gateway_info:network_id and rule:create_router:external_gateway_info:external_fixed_ips))) is disallowed by policy', 'detail': ''} | 19:54 |
iurygregory | ouch | 20:00 |
iurygregory | PolicyNotAuthorized yay? | 20:00 |
TheJulia | looks like only a project scoped admin may create with that way and by default tempest gives me a member | 20:20 |
* TheJulia fixes this | 20:20 | |
opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/898006 | 20:26 |
opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/898006 | 22:27 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!