| opendevreview | Adam Rozman proposed openstack/ironic-specs master: propose root partition and configdrive encryption https://review.opendev.org/c/openstack/ironic-specs/+/924993 | 07:04 |
|---|---|---|
| opendevreview | Adam Rozman proposed openstack/ironic-specs master: propose root partition and configdrive encryption https://review.opendev.org/c/openstack/ironic-specs/+/924993 | 07:15 |
| opendevreview | Adam Rozman proposed openstack/ironic-specs master: propose root partition and configdrive encryption https://review.opendev.org/c/openstack/ironic-specs/+/924993 | 07:19 |
| opendevreview | Adam Rozman proposed openstack/ironic-specs master: propose root partition and configdrive encryption https://review.opendev.org/c/openstack/ironic-specs/+/924993 | 07:21 |
| rpittau | good morning ironic, happy friday! o/ | 07:43 |
| rpittau | thanks JayF :) | 07:43 |
| rpittau | everyone! the workaround for the issue with osc is merged in devstack, so we can recheck all the things! | 07:46 |
| adam-metal3 | Hello Ironic, FYI I have pushed the LUKS+TPM proposal https://review.opendev.org/c/openstack/ironic-specs/+/924993/4/specs/approved/root-device-root-partition-and-config-drive-encryption.rst, If you are interested in root device encryption feel free to take a look. | 07:55 |
| rpittau | thanks adam-metal3, FYI we have 4 weeks before feature freeze so that may end up into the next dev cycle | 08:21 |
| adam-metal3 | rpittau, thanks for the info | 08:28 |
| opendevreview | Adam Rozman proposed openstack/ironic-specs master: propose root partition and configdrive encryption https://review.opendev.org/c/openstack/ironic-specs/+/924993 | 10:38 |
| iurygregory | good morning Ironic | 10:43 |
| opendevreview | Adam Rozman proposed openstack/ironic-specs master: propose root partition and configdrive encryption https://review.opendev.org/c/openstack/ironic-specs/+/924993 | 10:45 |
| dtantsur | I'll just leave it here in case someone needs some cursed news this Friday https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/ | 12:18 |
| TheJulia | I saw said cursed item yesterday… | 13:21 |
| rpittau | good night! o/ | 15:39 |
| rpittau | have a great weekend everyone :) | 15:39 |
| cardoe | cid: So I know https://review.opendev.org/c/openstack/python-ironicclient/+/924895 conflicts with the runbooks bits but mine is pretty small change. Would you like me to wait for your runbooks to land and rebase? | 16:51 |
| cardoe | dtantsur: also wanted to ask you about https://review.opendev.org/c/openstack/ironic/+/924943 | 16:52 |
| cardoe | Not really sure how to reduce the complexity there... but I absolutely see devices being created with the empty data. | 16:52 |
| cardoe | TheJulia: | 16:52 |
| cardoe | TheJulia: I'm also wondering if you'd take some extensions / tweaks to sushy to make reading that data and more data better in the redfish inspector or should the focus be on the in-band inspector? | 16:53 |
| cardoe | I'm monkey patching some extra bits into sushy locally to behave better with our Dells | 16:53 |
| cardoe | It would change the interop profile | 16:54 |
| TheJulia | Better to ask during the weekly team meeting | 16:58 |
| TheJulia | I’m also not really around today, yesterday started at 6 am in Boston and ended around 11pm in California. | 16:59 |
| cardoe | That... that's a long day. | 17:11 |
| cardoe | Okay I can ask during the team meeting. I'm just lurking cause I don't wanna disturb. | 17:11 |
| TheJulia | Oh, disturb it! It is a good thing | 17:17 |
| * TheJulia has had two cups of coffee and wants more sleep | 17:17 | |
| opendevreview | Mohammed Boukhalfa proposed openstack/sushy-tools master: Add fake system driver docs https://review.opendev.org/c/openstack/sushy-tools/+/924920 | 17:21 |
| opendevreview | Merged openstack/ironic master: Test empty media type in redfish virtual media boot https://review.opendev.org/c/openstack/ironic/+/922947 | 17:49 |
| JayF | Does anyone remember/know who it was specifically who asked for the BIOS boot disablement configuration at the BM SIG? Would like to close the loop with them personally if possible. | 18:30 |
| JayF | Looks like keystone just switched over to `black` for formatting. Would there ever be an appetite in Ironic for using an autoformatter? | 20:03 |
| TheJulia | For what specifically? | 20:09 |
| JayF | black is like autopep8 | 20:11 |
| JayF | just applies a set of formatting rules similar to gofmt or the like | 20:11 |
| cardoe | Do it! | 20:49 |
| cardoe | Sitting there and having flake8 gripe at you and fixing it line by line is no fun. | 20:50 |
| cardoe | If I can throw out a recommendation and look at ruff. https://docs.astral.sh/ruff/ | 20:50 |
| cardoe | It's got two sides... "linter" and "formatter". The formatter is black. And the linter is flake8. But rather than flake8 where ya gotta pull in a bunch of plugins and such to get what you want. It comes baked in. | 20:51 |
| cardoe | It's also got isort baked in so your imports are cleaned up. | 20:52 |
| cardoe | All of that is configurable and you opt into what you want. | 20:52 |
| cardoe | https://docs.astral.sh/ruff/rules/ that gives you a list of what things are just baked in and can be enabled. | 20:53 |
| JayF | cardoe: do you know about https://docs.openstack.org/ironic/latest/contributor/dev-quickstart.html#git-hooks | 20:54 |
| JayF | that will at least lessen the pain | 20:54 |
| JayF | I'm super familiar with ruff :D It's pretty nice but basically you have to adopt a wrapper, like pre-commit, to really enable it. Plus it's not packaged everywhere yet. | 20:54 |
| cardoe | Yeah love me some pre-commit | 20:55 |
| cardoe | I run ruff via pre-commit personally | 20:55 |
| JayF | for instance, in nova, they drive almost all their tox environments and CI through pre-commit | 20:56 |
| JayF | which makes it nice and unified, but it also means your workflow has to match theirs pretty closely | 20:56 |
| JayF | I'd think if we adopted a tool like ruff, we'd probably have to go the same route. | 20:56 |
| JayF | And that is where we start getting into "is this REALLY worth it?" territory | 20:56 |
| cardoe | Yeah always a trade off for flexibility of people's workflows and consistency. | 20:56 |
| JayF | (in terms of opportunity cost; what we could be doing with that time) | 20:57 |
| cardoe | Well I will say Zuul is fairly heavy weight for running jobs. If you could run something light weight early it makes it much easier. | 20:59 |
| JayF | Do you know the history of Zuul? | 20:59 |
| cardoe | Something something Buildbot. | 20:59 |
| JayF | It's our first graduated OpenStack project. It was invented to be the job runner for OpenStack, but was so useful it "grew up" and out of OpenStack into a top level OpenInfra project | 20:59 |
| JayF | now it's a separate project, but it started out of jenkins not being good enough anymore aiui | 21:00 |
| cardoe | I mean not wrong. Jenkins isn't great. | 21:00 |
| JayF | Zuul is pretty great :D sometimes things have to be complex when the problemset is complex | 21:02 |
| cardoe | Yeah driving bare metal for testing isn't easy either. | 21:02 |
| JayF | often a cry to simplify things can be boiled down to "only support the exact set of features I need" :D | 21:02 |
| cardoe | I've bounced between buildbot, jenkins, gitlab ci, github actions over the years myself. Probably some others in the mix. | 21:03 |
| cardoe | As far as packaging of ruff btw, it's via pypi so like you've got the tox -e venv command. It could work there. | 21:05 |
| cardoe | So my comment about Zuul was more like a basic style / linter running before running some of the more heavy set tests. And that linter commenting back to the contributor with a link like you did. | 21:06 |
| JayF | ah, like a multi-stage build | 21:07 |
| JayF | do you know the trick for getting early results? | 21:08 |
| cardoe | Like you mentioned gofmt above. Folks tend to wrap that in a Makefile command (or are switching to golangci-lint but that's another story). The "fail fast step" comments back to them telling them "hey thanks for the contribution. can you run "make fmt" and resubmit" or some such. | 21:08 |
| JayF | zuul.opendev.org => click status beside openstack => put your change # (123456) in the textbox | 21:08 |
| JayF | and that'll let you expand the results, and clicking on the jobname will take you to the logs of the either running job or completed job | 21:08 |
| cardoe | huh. I've been clicking around usually to find them. definitely easier. | 21:09 |
| JayF | yeah, the problem isn't zuul being complex, it's that you need a decoder ring to know all the tricks, and whilethey are documented finding the docs are borderline-impossible | 21:14 |
| JayF | I think 90%+ of the help I give people is knowing the magic search string to find the doc lol | 21:14 |
| cardoe | Yeah I think every project has that issue. Discoverability and bubbling up what’s relevant to the user. | 21:17 |
| cardoe | Next I need to figure out how to grab patches easily from Gerrit or even git and build them into a loci based container. | 21:18 |
| JayF | top right of gerrit | 21:19 |
| JayF | "Download Patch" | 21:19 |
| JayF | gives you regular-git-client URLs that you can extract what you need from | 21:19 |
| JayF | also, devstack natively supports loading in custom code at startup | 21:19 |
| cardoe | Oh getting the patch isn’t hard. | 21:19 |
| cardoe | Need to have that workflow. | 21:20 |
| JayF | e.g.: stack@ubuntu:~# cat /opt/stack/devstack/local.conf | grep NOVA_ \n NOVA_REPO=https://review.opendev.org/openstack/nova \n NOVA_BRANCH=refs/changes/10/923910/3 | 21:20 |
| cardoe | We’re like metal3 where it’s kubernetes | 21:20 |
| cardoe | Gluing Nautobot with Ironic and Neutron for DCIM/IPAM at a bigger scale than a flat network and multi tenant. | 21:25 |
| JayF | flat network + ironic always makes me :( | 21:25 |
| JayF | not having cleaning/deploying machines in the same network with tenant instances is the cornerstone of large portions of what makes multitenant safe | 21:26 |
| cardoe | So I can beat the Ansible playbooks out of jamesdenton’s hands. | 21:26 |
| JayF | and I know not everyone has a use case, but I'm a chicken lol | 21:26 |
| cardoe | Yeah this is definitely not flat. | 21:28 |
| clarkb | you can run jobs before others iwth zuul... but it has been a conscious choice to not do that because 1) you can run eg `tox` locally and get a lot of that feedback before you ever push and we encuorage people to do so (but I too fall into the trap of just pushing things) and 2) getting as much feedback as possibly upfront reduces the total number of roundtrips (something | 21:36 |
| clarkb | that you actually complained about needing to fix them one at a time which is what happens when you sequence the jobs and require them to pass before others run) | 21:36 |
| clarkb | in this case tox isn't any different than your comparison to a makefile in a go project | 21:39 |
| clarkb | but it does require that people actually make use of the tool before they push otherwise the CI system (regardles of what it is) is going to be sad | 21:40 |
| JayF | Except GNU Make sometimes makes sense every now and then /s | 21:40 |
| * JayF still waiting for a magic fairy to appear and convert all our tox usage to nox usage | 21:40 | |
| JayF | but I just remembered I don't believe in magic :D | 21:40 |
| cardoe | So I just use a basic sequence job of lint to catch folks and send them a link to docs. | 21:42 |
| cardoe | Like welcome contributor. We recommend running tox before submitting. Here’s a link to our contributor doc. | 21:44 |
| JayF | bluntly, if they figured out how to use gerrit, they already found the docs | 21:44 |
| clarkb | it does do that fwiw | 21:44 |
| JayF | drive-by uninformed contributions become less of an issue when the tooling (fair or not that github "won" mindshare) acts as a moat | 21:45 |
| clarkb | "For information on how to proceed, see https://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing and https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures" | 21:45 |
| JayF | it's /really good tooling/ we just can't afford (or want?) to make ZuulBook like github did LOL | 21:45 |
| cardoe | clarkb: neither of those linked sections mention running tox locally fwiw. | 21:51 |
| clarkb | cardoe: I would consider that a bug in the openstack project-team-guide then as openstack is pretty standardized on tox and one of the best ways to prevent and handle test failures is to catch them locally | 21:52 |
| clarkb | or maybe the message needs to link to soething else instead if it exists. I don't know | 21:53 |
| JayF | I'll make a note to look into that, feel free to patch the project-team-guide cardoe or find a better link too, I'll race you | 21:56 |
| cardoe | Yeah not being an OpenStack guy has been the biggest on ramp for me. Cause there’s conventions and common things folks have done for ages like muscle memory | 21:59 |
| cardoe | Not trying to criticize just observations of a newbie | 22:00 |
| clarkb | I think typically that information lives in the repos under the readme or hacking files. But I agree the message the CI system is kicking back should link to that information too | 22:01 |
| cardoe | Going from LKML to GitHub was an on ramp too. | 22:02 |
| clarkb | definitely a bug in the docs or in what is linked depending on whether or not there is already richer documentation available | 22:02 |
| JayF | cardoe: just always ask if something seems weirdly difficult, because it probably means we didn't document the happy path (often we document how to fix broken stuff, but not how things work when it's all ideal) or you haven't found the exact doc you want yet | 22:04 |
| JayF | we're all willing to help, the only part you owe back is to fix the docs if/when they are the impediment :D | 22:05 |
| cardoe | Happy to do so. Already submitted a few docs fixes that have been merged. | 22:06 |
| cardoe | My biggest gripe is really with sphinx and it’s TOC. Like if I’m on the inspector hooks page. I have no idea of the other pages there are or what page I am on. | 22:17 |
| JayF | that is very close to one of the specific items identified in our docs audit | 22:21 |
| JayF | if you search for [ironic] and doc in the mailing list, you'll see a report we had commissioned around how to improve Ironic docs, that was one of the pieces | 22:21 |
| JayF | they are memorialized in bugs against ironic tagged 'docs-audit-2024' if you're curious | 22:21 |
| clarkb | read the docs' theme is particular good at addressing that problem. I suspect that theme didn't exist when the openstack theme was created. But I suspect the licenses would allow for a mashup | 22:25 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!