Friday, 2023-10-13

« Thursday, 2023-10-12 Index Saturday, 2023-10-14 »
*** ravlew is now known as Guest320304:18
opendevreviewMerged openstack/ironic-python-agent master: Replace shlex module with helper function  https://review.opendev.org/c/openstack/ironic-python-agent/+/89805805:23
opendevreviewTaketani Ryo proposed openstack/ironic master: Add the setting of memcached servers to keystone_authtoken  https://review.opendev.org/c/openstack/ironic/+/89818306:23
opendevreviewlikui proposed openstack/ironic master: update doc and drop deprecated plugin  https://review.opendev.org/c/openstack/ironic/+/89815706:32
rpittaugood morning ironic! Happy Friday! o/07:15
masgharGood morning!08:18
opendevreviewAdam Rozman proposed openstack/ironic-python-agent master: improve multipathd error handling  https://review.opendev.org/c/openstack/ironic-python-agent/+/89820908:52
opendevreviewAdam Rozman proposed openstack/ironic-python-agent master: improve multipathd error handling  https://review.opendev.org/c/openstack/ironic-python-agent/+/89820910:44
opendevreviewVerification of a change to openstack/ironic-python-agent master failed: implement basic-auth support for user-image download process  https://review.opendev.org/c/openstack/ironic-python-agent/+/89027211:50
iurygregorygood morning Ironic12:22
iurygregoryTheJulia, sure, so since we added the Retry logic and the fallback from CD to DVD in case the HW doesn'12:24
iurygregorydoesn't have support for CD devices in https://review.opendev.org/c/openstack/ironic/+/88874612:24
iurygregorywe fail to eject the media we attached to a DVD device from the hardware12:25
opendevreviewIury Gregory Melo Ferreira proposed openstack/ironic master: Make sure we eject media from DVD when CD is requested  https://review.opendev.org/c/openstack/ironic/+/89798912:48
iurygregorydtantsur, thanks for the review on it ^ I've updated the release note12:48
opendevreviewVerification of a change to openstack/ironic-python-agent master failed: implement basic-auth support for user-image download process  https://review.opendev.org/c/openstack/ironic-python-agent/+/89027213:10
TheJuliaiurygregory: I guess I'm still sort of wondering, why not just detach everything then13:22
iurygregoryI'm ok with just ignoring "boot_device"13:23
iurygregorybut we need to agree this is the path :D13:23
iurygregorynot sure if would affect the design to attach vmedia outside the workflow or not (I don't think it will) cc dtantsur rpittau 13:24
dtantsurwe currently plan to have boot device supported13:24
iurygregoryif we don't care about the boot device we just go and "Eject all the media!"13:24
dtantsurwhich means, we'll need to implement the DVD workaround anyway13:24
dtantsur(you can do "detach all" for the deploy case if you wish)13:25
iurygregorybut since we kinda need backport this would make things complicated?13:25
iurygregorymaybe someone manually attach things to their hardware for $reasons we don't know and this could break them?13:25
dtantsurYou mean, the risk of breaking $something?13:25
iurygregoryyes13:26
TheJuliaI think we *should* break them then, what if it is an attacker?13:26
TheJuliait was clearly done with elevated access outside ironic's interaction13:26
dtantsurI'm not against it, just please keep the code available - we need it for the new API13:27
TheJuliadtantsur: when your speaking of boot device, do you mean just attaching a boot iso, nothing else in a deployment flow13:27
dtantsursorry, I don't get the question. we're talking about two things here:13:27
dtantsur1) normal deployment where an ISO but possibly also USB/floppy are attached and detached13:27
dtantsur2) new API where an devices can be attached or detached at the user's choice13:28
dtantsur#2 will need the DVD workaround regardless of what we decide for #113:28
TheJuliaokay, that makes sense13:28
TheJulia#2, basically we would need to also keep in memory where we attached to13:28
dtantsurThat's not in the plans13:29
iurygregoryok, I see13:30
TheJuliaFor #1, I'd advocate detaching everything is just a good security measure13:30
dtantsurThe planned API is 1) connect $url to ISO/floppy/USB, 2) disconnect CD/floppy/USB, 3) disconnect everything13:30
TheJuliaoh, even better!13:30
* TheJulia likes disconnect everything13:31
iurygregorynice13:31
* TheJulia then suggests a conveyer belt to transport the servers into the concrete box machine13:31
iurygregoryWOW13:31
TheJuliaWe, after all, must ensure secure servers ;)13:31
TheJuliaThe most secure servers are embedded in concrete!13:31
iurygregory++13:32
dtantsurtruth13:32
iurygregoryso we can go with the workaround (since it will be needed anyway)13:32
iurygregoryand we can update things to "eject all the media" also (in another patch probably)13:32
iurygregorysounds like a plan?13:33
TheJuliaYeah, I'm good with that since you mentioned you need to backport the fix your working on now13:33
iurygregorypain of backports...13:33
iurygregoryupstream and downstream13:33
TheJuliahttps://www.youtube.com/watch?v=g8IVI0sZ6F8 <-- I got dhcp-less vmedia to boot in CI13:34
iurygregory\o/13:35
iurygregory<happy gif dance>13:35
TheJuliaI hit a challenge though, and I need opinions, any thoughts on installing, but not directly enabling glean in tinyipa builds?13:35
TheJulia(the whole, no nested virt on rackspace's cloud code path in our devstack plugin so we can reliably run jobs)13:36
iurygregoryI have thoughts on renaming tinyipa :D 13:36
iurygregorybut +1 from me13:36
TheJuliato?13:36
iurygregorynottinyipa LOL13:38
TheJuliaheh13:39
rpittauwell it is tiny compared to other distros13:39
TheJuliavery much so13:39
iurygregoryyeah =)13:39
iurygregoryI wish I could understand the magic in gophercloud about fixing CI13:40
iurygregorybut I'm not going to try to understand, I will just add a workaround =X13:40
TheJulia:(13:40
iurygregoryno idea why "sudo apt update && sudo apt -y upgrade" works well outside an action, but doesn't work when defined in the action :D 13:41
TheJuliainside a container13:41
TheJuliayour blocked from touching the portion of things for booting the system right?13:42
rpittauiurygregory: mmm that sounds familiar, can you send me a link ?13:42
iurygregoryTheJulia, hummm13:42
iurygregoryrpittau, https://github.com/gophercloud/gophercloud/pull/280513:43
iurygregorywe had the idea to add the workaround directly in the devstack-action https://github.com/EmilienM/devstack-action/pull/1513:43
iurygregoryso we would just bump the action version, but it didn't work :D13:43
iurygregoryattempt to bump the action version with the PR15 https://github.com/gophercloud/gophercloud/pull/280813:44
iurygregorybaremetal jobs broken https://github.com/gophercloud/gophercloud/actions/runs/6497520105/job/17646816590?pr=2808 but on 2805 they are green lol13:44
rpittauI believe that's a limitation of the github actions, you need to express that in a different way if I remember correctly, but I see you got it with the workaround, no?13:47
rpittauiurygregory: also you could just specify that single package, not everything13:48
rpittauand install what version you need13:48
iurygregoryrpittau, yeah the workaround works if not inside the action13:51
iurygregorywell I just need to run update and upgrade (wondering if would need to be two separate things in the action...)13:51
iurygregorybut they are ok with merging to make the jobs working again, so it's ok13:52
rpittauiurygregory: I would separate the two things, just as good practice, then install the package you need instead of upgrading everything13:53
iurygregorywell, according to the problem we are having the workaround is to run update upgrade :D13:53
* TheJulia tries to remember the way to install stuff in tinyipa13:53
dtantsurTheJulia, just no glean please14:00
dtantsurat least not until we fix the issue with several config-2's14:00
dtantsur(this is why our docs say "rebuild your image with simple-init" rather than just doing it on our side)14:00
TheJuliadtantsur: that is what I'm trying to fix, I'm specifically trying to retool the approach without doing the on-boot pattern14:01
TheJuliaso we can detect and use the correct configuration source14:01
dtantsur\o/14:02
dtantsurThen I'll have no objections14:02
TheJuliaokay, cool14:02
* TheJulia removes python2 support first14:02
dtantsurwow python 2 :D14:03
TheJuliawell, from the builder14:03
dtantsurah, that was for centos 7 right? but I think we use python 3 even there nowadays14:04
TheJuliayeah14:04
TheJuliaI think the path forward might be to have glean, but not simple-init with dib, just so it is decoupled completely but not *quite* there yet14:07
TheJuliawe're eventually going to need to retool installs in tinyipa, since we use setup.py sdist execution in it14:16
dtantsurUnrelated: does https://review.opendev.org/c/openstack/ironic/+/898183/ mean that we need to install memcachedb in bifrost when keystone is enabled?14:17
rpittauTheJulia: I was looking at that a while ago and then dropped for other priorities, I could revamp it, do you have something specific in mind?14:18
TheJuliarpittau: I don't know the options, I just know locally running unit tests I get a nice big warning about deprecated usage of setup.py14:20
TheJuliadtantsur: ugh, Dunno. The code path as I remember it was that it would try and shunt to re-looking up14:20
TheJuliadtantsur: if that is *still the same* then it is fine without14:21
iurygregorydid we ever faced some error like https://askubuntu.com/questions/1231781/errors-encountered-while-processing-grub-efi-amd64-signed-and-shim-signed-p ?14:21
iurygregoryI seem to remember something about problems in /boot/efi...14:22
TheJuliaWe've encountered many such issues14:24
TheJuliawith varying flavors14:24
TheJuliaand sprinkles14:24
TheJuliaa bit like ice cream :)14:24
JayFwe do a setup.py style install in tinyipa?! lol14:24
rpittauTheJulia: mmm I guess that's the easy_install part, plus a couple more things, I guess we could use pure pip -> https://packaging.python.org/en/latest/discussions/pip-vs-easy-install/14:24
JayFthat has been deprecated for a while14:24
iurygregoryTheJulia, yeah 14:25
iurygregorytime to look at the the labels in the disks etc... yay14:26
TheJuliaiurygregory: labels in disks? huh?14:28
iurygregoryif is using the right type of filesystem14:29
iurygregoryetc14:29
TheJuliaregarding vmedia config?14:30
iurygregorynope, the gophercloud jobs14:30
TheJuliaoh! yah14:30
rpittaubye everyone, have a great weekend! o/14:59
iurygregoryflags are in place, things look totally ok15:19
iurygregorybut removing cache helped :D15:19
iurygregoryhttps://askubuntu.com/questions/1276111/error-upgrading-grub-efi-amd64-signed-special-device-old-ssd-does-not-exist 15:20
TheJuliaoh wow15:28
TheJulianice15:28
iurygregorymanually it works15:29
iurygregorylets see when trying to add to the workflow in the action :D15:29
iurygregoryGreen \o/ https://github.com/gophercloud/gophercloud/actions/runs/651016700115:58
opendevreviewDmitry Tantsur proposed openstack/ironic master: First pass at the new in-band inspection docs  https://review.opendev.org/c/openstack/ironic/+/89823716:08
dtantsurmasghar: ^^16:08
dtantsuron this positive note I'm wishing everyone a nice weekend16:08
masgharExcellent! Happy weekend16:09
iurygregoryhave a great weekend dtantsur 16:24
TheJuliaSo here is a conundrum. If I dynamically create a network in tempest.... how do I add routing to that since neutron doesn't solve that part for me16:33
iurygregorycan't we call the API that adds the route? (via client for example?)16:34
TheJuliaI'm talking about on the devstack host16:34
iurygregoryohhhh16:34
iurygregoryok16:34
TheJuliasay we assign 10.0.6.0/24 as a brand new network16:34
TheJuliawe have no route to it16:34
TheJuliawe go out the default :\16:34
iurygregoryI see16:34
* iurygregory wondering about calling subprocess in the test to execute the command to add the route16:35
TheJuliayeah, that feels like the "easiest" path16:36
iurygregoryyeah, at least from what I remember since we don't need external deps to use it16:36
iurygregorywe can have a script in ansible or something in the repo that will execute and in subprocess we just call it16:37
iurygregoryor just add the shell commands directly16:37
TheJuliathe other challenge is changing the route table is a root command16:39
TheJuliatempest has no concept of this internally16:40
TheJuliaI think I'm quickly heading in a path of a reserved special IP16:41
TheJuliaand setup a route in devstack ahead of time :\16:41
iurygregoryhummm that could work16:41
iurygregoryand we can have this with ansible and add in the job to run this before installing16:41
TheJuliawe just need to set aside an IP to run the command really16:47
iurygregorytruth16:54
opendevreviewJulia Kreger proposed openstack/ironic-python-agent-builder master: Remove USE_PYTHON3 option  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/89824117:02
opendevreviewJulia Kreger proposed openstack/ironic-python-agent-builder master: DNM: Add Glean into TinyIPA image  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/89824217:02
iurygregorywooow USE_PYTHON317:02
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/89800617:03
opendevreviewMerged openstack/ironic-python-agent master: implement basic-auth support for user-image download process  https://review.opendev.org/c/openstack/ironic-python-agent/+/89027217:08
opendevreviewJulia Kreger proposed openstack/ironic master: WIP/DNM: Advanced vmedia deployment test ops  https://review.opendev.org/c/openstack/ironic/+/89801017:35
TheJuliaOkay, lets see if that gets us much further17:35
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/89800618:08
opendevreviewJulia Kreger proposed openstack/ironic master: WIP/DNM: Advanced vmedia deployment test ops  https://review.opendev.org/c/openstack/ironic/+/89801019:03
TheJuliawheee Details: {'type': 'PolicyNotAuthorized', 'message': '(rule:create_router and (rule:create_router:external_gateway_info and (rule:create_router:external_gateway_info:network_id and rule:create_router:external_gateway_info:external_fixed_ips))) is disallowed by policy', 'detail': ''}19:54
iurygregoryouch20:00
iurygregoryPolicyNotAuthorized yay?20:00
TheJulialooks like only a project scoped admin may create with that way and by default tempest gives me a member20:20
* TheJulia fixes this20:20
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/89800620:26
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/89800622:27
« Thursday, 2023-10-12 Index Saturday, 2023-10-14 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!