| Sandzwerg[m] | <TheJulia> "*or* haven't changed/updated/..." <- I to this day frequently look at the ironic state diagram, although less frequent than I used to. That does not mean that I have any preference on the format these diagrams in | 00:30 |
|---|---|---|
| TheJulia | Sandzwerg[m]: Truthfully, I really dislike the format of the diagram which gets generated. But short of rewriting the code to assemble it... *shrugs* | 00:32 |
| Sandzwerg[m] | Yeah rewriting stuff can be a lot of effort. But I think apart from the state diagram I don't remember many diagrams in the ironic docs. I never looked at all the vendor drivers to be fair and mostly try to find what I know or assume to be there, so I might miss stuff compared to reading it from the start to the end | 00:43 |
| opendevreview | Merged openstack/ironic master: Stop using a specific mirror in infra https://review.opendev.org/c/openstack/ironic/+/906256 | 01:24 |
| Kangie | Hi All, building out a new node provisioning / management system for our smallest HPC cluster has finally percolated to the top of my priority list. Ironic seems to fit most of what I need. Is there anything that I should know / read before I start deploying bifrost to do some initial testing, useful tips, etc? | 01:53 |
| JayF | What's the top line on the basic shape of your environment and requirements? What's your desired end state? and do you want any bells and whistles (e.g. fancy networking) | 02:05 |
| Kangie | How much of the openstack stack are you going to sell me? | 02:16 |
| Kangie | :p | 02:16 |
| Kangie | OK, what I'm looking at _for now_ is ~10 nodes + a head node | 02:17 |
| Kangie | bells and whistles I'd like would be the ability to flexibly deploy different types of node images (which I think is already possible out-of-the-box/via plugins | 02:18 |
| Kangie | and being able to define networking config, automagically (in particular bridged networks) would be particularly desirable here | 02:18 |
| Kangie | and useful if/when we decide to scale out to a larger cluster | 02:18 |
| Kangie | I guess the current baseline is Nvidia's Bright cluster manager. We'll probably end up building new authentication infra so we don't need that feature | 02:19 |
| Kangie | the rest is basically sugar around defining node configurations / networks / etc and the automagic to make that work within bright's 'box' | 02:19 |
| Kangie | I have a personal interest in trying to use OCI images to define our compute node config(s), but we're already used to managing chroot images so that could also be adopted | 02:20 |
| Kangie | Note that I _am_ open to being sold on more of the stack, so if there'a already a nice authentication plugin that we can use as a source of truth for users and groups that's fine, but we can also do openldap/389ds/etc independently which might end up being desirable. | 02:22 |
| Kangie | otherwise nothing too fancy, though longer term I'm hoping to have less 'hard' walls between our clusters so we can use software to magically redefine nodes and drop them on the right vlans for a different cluster (say via fancy switch config magic) | 02:23 |
| Kangie | oh and just to make things interesting we're now looking at adding a small pool of virtual login nodes to our next major cluster iteration | 02:25 |
| Kangie | (not part of this cluster, but something I'll need to someday manage...) | 02:37 |
| JayF | if anything, we're angled more towards the service provider direction: there are services that provide auth *for the cloud services* but not services that provide auth *for servers running in the cloud* | 03:18 |
| JayF | that'd be a workload we'd be happy to run | 03:18 |
| JayF | if that makes sense | 03:18 |
| JayF | Fancy networking in the sense I meant it is more: having Ironic and friends (neutron, is the only current option) coordinate switching networks to enhance security | 03:19 |
| JayF | so I can put a server on a dedicated provisioning network when provisioning, move it into "tenant A" network when provisioned by tenant A (or even have them pick), then move into a cleaning network to be cleaned safely | 03:19 |
| JayF | if you just need on-disk networking config once provisioned, again, that's in your workload -- Ironic will pass through a configdrive containing some metadata including a network-data.json which is read by several standard tools, including cloud-init and glean | 03:20 |
| JayF | and those tools usually do the initial setup like embedding ssh keys and converting that network metadata into whatever format $distro would want it in | 03:21 |
| JayF | bifrost crosses these lines a little more, I think, by setting up some of the configdrive pieces for you | 03:22 |
| JayF | and being a coordinator between ironic and some of your images | 03:22 |
| JayF | the lines I'm drawing here are Ironic lines :) bifrost is ansible that is sometimes meant to blur those lines to make it easier | 03:22 |
| JayF | but I figured, based on our previous chats in #gentoo-chat, you might appreciate knowing where the actual borders are underneath | 03:24 |
| opendevreview | Takashi Kajinami proposed openstack/ironic stable/2023.2: Stop using a specific mirror in infra https://review.opendev.org/c/openstack/ironic/+/906289 | 03:40 |
| opendevreview | Takashi Kajinami proposed openstack/ironic stable/2023.1: Stop using a specific mirror in infra https://review.opendev.org/c/openstack/ironic/+/906290 | 03:42 |
| opendevreview | Takashi Kajinami proposed openstack/ironic master: Clean up removed services from devstack options https://review.opendev.org/c/openstack/ironic/+/906326 | 03:48 |
| opendevreview | Takashi Kajinami proposed openstack/networking-generic-switch master: Clean up removed services from devstack options https://review.opendev.org/c/openstack/networking-generic-switch/+/906329 | 03:53 |
| Kangie | Yeah, That's sort of where I'm at now. | 03:58 |
| Kangie | neutron might be interesting though, how good is it at reprovisioning nodes for, say, tenant B? | 03:59 |
| Kangie | If each of our clusters can take advantage of that functionality it might meet some of my flexibility goals. | 03:59 |
| Kangie | though I guess for us in the physical world that might need to be done via switch port reconfiguration, or we just have one big management network down the line. | 04:01 |
| Kangie | (sorry, got side tracked with lunch) | 04:01 |
| TheJulia | The model is generally you have a central neutron, and you pull the machines back into a provisioning network by re-attaching them to perform the OS deploy, then you put them back on the tenant's requested network automatically | 04:39 |
| Kangie | I'll read some docs and try and wrap my head around that | 04:55 |
| Kangie | Probably not needed for the initial 10-node pilot anyway | 04:55 |
| TheJulia | oh, definitely not | 04:55 |
| TheJulia | Anyway, my cats are signaling it is time for sleep. | 04:56 |
| TheJulia | Goodnight! | 04:56 |
| Kangie | Goodnight! | 04:56 |
| opendevreview | Takashi Kajinami proposed openstack/ironic master: Use local mirror to download images for anabonda https://review.opendev.org/c/openstack/ironic/+/906343 | 06:15 |
| songwenping_ | hi, team, any body can tell me where the "$TEMPEST_BAREMETAL_MIN_MICROVERSION" define pls? | 06:36 |
| tkajinam | songwenping__, https://github.com/openstack/ironic/blob/master/devstack/lib/ironic#L585 | 07:29 |
| tkajinam | it's empty unless you (or a job) override it | 07:29 |
| rpittau | good morning ironic! o/ | 07:53 |
| tkajinam | rpittau, o/ | 08:10 |
| rpittau | hey tkajinam :) | 08:10 |
| tkajinam | https://review.opendev.org/c/openstack/ironic/+/906289 was merged and uefi-resfish-vmedia job is green so CI in sushy/sushy-tools is also green now \o/ | 08:12 |
| tkajinam | would be nice if we can merge these backports, too http://mirror-int.ord.rax.opendev.org:8080/rdo/centos9-master/component/network/3e/4a/3e4a3848963f64a0fd752a5b440290c8a04d764d_fb5748ee | 08:16 |
| -opendevstatus- NOTICE: all new logins to https://review.opendev.org are currently failing. investigation is ongoing, please be patient | 08:54 | |
| jrosser | songwenping_: you can also use codesearch to find things like that https://codesearch.opendev.org/?q=TEMPEST_BAREMETAL_MIN_MICROVERSION | 09:00 |
| iurygregory | good morning Ironic | 09:33 |
| songwenping | tkajinam, how can i start a job to override it? | 10:39 |
| tkajinam | songwenping, add you override under vars.devstack_localrc https://github.com/openstack/ironic/blob/master/zuul.d/ironic-jobs.yaml#L35 | 10:41 |
| tkajinam | you can find other environments being overridden there | 10:41 |
| songwenping | tkajinam, how the ironic tempest plugin skip the test for microversion, i cannot find the "$TEMPEST_BAREMETAL_MIN_MICROVERSION" set in old releases. | 10:51 |
| opendevreview | Merged openstack/ironic stable/2023.2: Stop using a specific mirror in infra https://review.opendev.org/c/openstack/ironic/+/906289 | 11:03 |
| tkajinam | songwenping, as long as the common helper from tempest is used, no tests with microversion requirements would be skipped without min/max_micro_version | 11:14 |
| tkajinam | I don't know which tests and which branch you are referring to. We may need to these as well as the real reason of tests tests being skipped to dig int that | 11:15 |
| iurygregory | we also set some tempest regex on some jobs, so maybe it doesn't run in the job you were looking | 11:21 |
| iurygregory | just a reminder Don't log out from review.opendev.org =) | 12:20 |
| opendevreview | Takashi Kajinami proposed openstack/sushy-tools master: Improving nova search filter https://review.opendev.org/c/openstack/sushy-tools/+/896130 | 12:56 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic-lib master: Split common qemu-img functions from disk_utils https://review.opendev.org/c/openstack/ironic-lib/+/906371 | 12:58 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic-lib master: Split common qemu-img functions from disk_utils https://review.opendev.org/c/openstack/ironic-lib/+/906371 | 13:00 |
| opendevreview | Takashi Kajinami proposed openstack/ironic master: Use local mirror to download images for anaconda https://review.opendev.org/c/openstack/ironic/+/906343 | 13:11 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic-python-agent master: Drop usage of run_as_root https://review.opendev.org/c/openstack/ironic-python-agent/+/906375 | 13:24 |
| opendevreview | Merged openstack/sushy-tools master: Add Python 3.10 and 3.11 to supported versions https://review.opendev.org/c/openstack/sushy-tools/+/906216 | 13:28 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic master: WIP auto-discovery https://review.opendev.org/c/openstack/ironic/+/906376 | 13:56 |
| opendevreview | Merged openstack/ironic stable/2023.1: Stop using a specific mirror in infra https://review.opendev.org/c/openstack/ironic/+/906290 | 14:01 |
| opendevreview | Merged openstack/ironic master: Clean up removed services from devstack options https://review.opendev.org/c/openstack/ironic/+/906326 | 14:01 |
| TheJulia | good morning | 14:11 |
| iurygregory | good morning TheJulia =) | 14:15 |
| dtantsur | Looking for more reviews for the new inspection stuff, especially the docs in https://review.opendev.org/c/openstack/ironic/+/904766 but also https://review.opendev.org/c/openstack/bifrost/+/896925 https://review.opendev.org/c/openstack/ironic/+/906308 and https://review.opendev.org/c/openstack/ironic/+/906314 | 14:44 |
| iurygregory | I've approved https://review.opendev.org/c/openstack/ironic/+/904766 | 14:55 |
| dtantsur | thx! | 15:01 |
| opendevreview | Merged openstack/ironic master: PXE configuration guide for unmanaged inspection https://review.opendev.org/c/openstack/ironic/+/904766 | 15:30 |
| * JayF will be OOO today; out sick | 15:43 | |
| dtantsur | get better JayF! | 15:46 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic master: Add node auto-discovery support for in-band inspection https://review.opendev.org/c/openstack/ironic/+/906376 | 15:50 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic master: Add node auto-discovery support for in-band inspection https://review.opendev.org/c/openstack/ironic/+/906376 | 16:04 |
| *** mmalchuk_ is now known as mmalchuk | 16:06 | |
| dking | dtantsur: That's a good point about the authentication. I suppose that some people will not want to expose that nor expect kubernetes to have that access. In that case, it seems like it could make sense to create a separate endpoint which internally checks the health of the software without exposing secure information. | 16:14 |
| JayF | Such an endpoint would also be a DoS attack vector. | 16:19 |
| JayF | You'd have to have it limited to healthcheckers via IP blocking or policy anyway | 16:20 |
| JayF | (at least assuming it was wired to give semi-real-time information) | 16:20 |
| opendevreview | Merged openstack/ironic master: Flip require_managed_boot to True for the new agent inspection https://review.opendev.org/c/openstack/ironic/+/906314 | 16:26 |
| dtantsur | JayF: could be using the cached hash ring | 16:27 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic master: Add node auto-discovery support for in-band inspection https://review.opendev.org/c/openstack/ironic/+/906376 | 16:35 |
| dtantsur | your mention of DoS made me add a warning here ^^ | 16:35 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic master: Add node auto-discovery support for in-band inspection https://review.opendev.org/c/openstack/ironic/+/906376 | 16:51 |
| TheJulia | This sounds a lot like the healthcheck vs healthcheck v2 stuffs | 17:05 |
| rpittau | good night! o/ | 17:15 |
| TheJulia | dtantsur: fyi, tried to get it all out of my head at this point: https://review.opendev.org/c/openstack/ironic-specs/+/906324/1/specs/approved/fix-vmedia-boot-config.rst It might just be easiest to try and have a meeting of the minds at some point to discuss further | 17:21 |
| opendevreview | Merged openstack/ironic master: Account for nodes with the same BMC hostname in inspection lookup https://review.opendev.org/c/openstack/ironic/+/906308 | 17:59 |
| dtantsur | TheJulia: will read asap (but not today) - thanks! | 18:21 |
| *** osmanlicilegi is now known as Guest16 | 18:22 | |
| opendevreview | Julia Kreger proposed openstack/ironic master: typo: fix a typo in api configuration https://review.opendev.org/c/openstack/ironic/+/906394 | 18:26 |
| iurygregory | If anyone has time for review today https://review.opendev.org/c/openstack/ironic/+/903379 =) | 18:28 |
| opendevreview | Merged openstack/ironic master: add default conductor group capability https://review.opendev.org/c/openstack/ironic/+/855705 | 19:17 |
| opendevreview | Julia Kreger proposed openstack/ironic master: Add HTTP versions of network boot interfaces https://review.opendev.org/c/openstack/ironic/+/900965 | 19:29 |
| -opendevstatus- NOTICE: The Gerrit service on review.opendev.org will be offline momentarily for a restart, in order to attempt to restore OpenID login functionality | 19:36 | |
| iurygregory | yay | 19:36 |
| TheJulia | yay | 19:37 |
| -opendevstatus- NOTICE: OpenID logins for the Gerrit WebUI on review.opendev.org should be working normally again since the recent service restart | 20:03 | |
| opendevreview | Merged openstack/ironic master: Drop rootwrap support https://review.opendev.org/c/openstack/ironic/+/904836 | 20:14 |
| opendevreview | Merged openstack/sushy-tools master: Remove translation sections from setup.cfg https://review.opendev.org/c/openstack/sushy-tools/+/906217 | 21:50 |
| opendevreview | Merged openstack/ironic master: typo: fix a typo in api configuration https://review.opendev.org/c/openstack/ironic/+/906394 | 21:54 |
| opendevreview | Merged openstack/ironic master: Disable legacy RBAC policy by default. https://review.opendev.org/c/openstack/ironic/+/902009 | 21:58 |
| opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: DNM/WIP: Detect misconfig and navigate https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/906432 | 23:14 |
| opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: WIP/DNM: Scope is enforced https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/906434 | 23:16 |
| opendevreview | Kyrylo Romanenko proposed openstack/python-ironicclient master: Add test for driver raid property list https://review.opendev.org/c/openstack/python-ironicclient/+/480489 | 23:38 |
| opendevreview | Kyrylo Romanenko proposed openstack/python-ironicclient master: Add test for driver raid property list https://review.opendev.org/c/openstack/python-ironicclient/+/480489 | 23:45 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!