Thursday, 2025-02-13

« Wednesday, 2025-02-12 Index Friday, 2025-02-14 »
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135200:15
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: oci: Enable embedded authentication passing  https://review.opendev.org/c/openstack/ironic-python-agent/+/94130000:25
opendevreviewJulia Kreger proposed openstack/ironic master: OCI: Send the auth header to IPA  https://review.opendev.org/c/openstack/ironic/+/94125200:49
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: oci: Enable embedded authentication passing  https://review.opendev.org/c/openstack/ironic-python-agent/+/94130000:55
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: oci: permit an 'unknown' but valid image  https://review.opendev.org/c/openstack/ironic-python-agent/+/94149401:16
TheJuliaOkay, got it so an oci url user (who supplies a specific digest as well) to be able to do image_download_source=http which can also now handle a remote image registry enforcing authentication.01:37
cardoeNice02:01
cardoeWill do JayF. I’m just trying to figure out how to do per process / agent / whatever config when you’re on a collapsed box like devstack and using uWSGI or gunicorn.02:02
JayFhttps://review.opendev.org/c/openstack/ironic-inspector/+/939407 is passing CI now \o/ (to deprecate ironic-lib)04:56
fricklerJayF: could you revisit https://review.opendev.org/c/openstack/ironic/+/940635 please? all other backports are merged05:37
*** dmellado075539372 is now known as dmellado0755393706:50
vsaienkocardoe: AFAIR switch to uwsgi was initiated to mitigate development/devstack deployments issues https://governance.openstack.org/tc/goals/completed/pike/deploy-api-in-wsgi.html We have never switched to uwsgi on production. For development environments I think any kind of wsgi server will be okay.07:10
rpittaugood morning ironic! o/08:04
dtantsurJayF: I use `./bifrost-cli testenv` regularly, the last time a week ago09:03
rpittauJayF: still having issues with bifrost? I used it recently with no issue09:27
opendevreviewcid proposed openstack/ironic-python-agent master: Add token validation to command GET endpoints  https://review.opendev.org/c/openstack/ironic-python-agent/+/94153909:32
opendevreviewRiccardo Pittau proposed openstack/ironic-inspector master: Temp disable grenade job to let ironic-lib deprecation patches pass  https://review.opendev.org/c/openstack/ironic-inspector/+/94134110:48
opendevreviewMerged openstack/ironic-python-agent stable/2023.2: Warn when the provided checksum algorithm does not match the detected  https://review.opendev.org/c/openstack/ironic-python-agent/+/93409112:08
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135213:07
hjensasgood morning, I want to run ^ multiple times to see that it is stable.13:12
hjensasI tried to add the same job multiple times in zuul.d/project.yaml, but looks like it still just run one job in zuul status.13:13
hjensasIs there a way I can trick it to run 4 instances of the same job in parallel?13:14
JayFDefine the job with four names and make them different by just setting an environment variable that isn't read by anything13:51
hjensasThansk JayF - I'll try that on the next iteration.13:54
opendevreviewMerged openstack/networking-baremetal stable/2023.2: avoid attribute error on bad password or config  https://review.opendev.org/c/openstack/networking-baremetal/+/93407214:04
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135214:27
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135214:30
TheJuliagood morning14:40
opendevreviewJulia Kreger proposed openstack/ironic master: OCI: Send the auth header to IPA  https://review.opendev.org/c/openstack/ironic/+/94125214:48
cardoemorning all. I dunno how folks feel about the peeling off patches in a series and landing them. Like some of my "make hooks generic" that my redfish using hooks relies on should be good and passes tests. It actually fixes bugs in hooks that affect the agent today.14:57
cardoeSimilarly Steve's console bits, his utils patch has been +2'd a bunch and it just changes from rebases.14:57
cardoeAs far as the redfish hooks piece, I'm thinking of taking my docs on the shape of inventory a bit farther and actually writing out a jsonschema. A number of the hooks depend on specifics and will just throw KeyError if its not there. So when either implementation goes to save the inventory it gathered but before the hooks are executed, I'd check it against the schema and fail inspection if it didn't validate.14:59
JayFGoing to be as blunt as I can be here: I have no interest in landing anything inspector related before ironic-lib-migration and inspector rules migration lands15:03
JayFthe bottleneck on those patches has been review bandwidth15:03
JayFwell, the rules migration patches :)15:03
JayFspeaking of, https://review.opendev.org/c/openstack/ironic-inspector/+/939407 is approvaable15:04
cardoeWell I've +2'd them a couple of times. They have merge conflicts with master right now15:04
JayFand will free us up to land all the perfunctory patches and actually kill the ironic-lib from orbit15:04
JayFugh, I'm sure cid will rebase them. That tends to happen when stuff is outstanding that long :( 15:04
cidOn that right now15:15
opendevreviewcid proposed openstack/ironic master: DB: inspection rules migration  https://review.opendev.org/c/openstack/ironic/+/93931815:18
opendevreviewcid proposed openstack/ironic master: Apply Rules: inspection rules migration  https://review.opendev.org/c/openstack/ironic/+/93921815:18
opendevreviewcid proposed openstack/ironic master: API/Testing: Inspection rules migration  https://review.opendev.org/c/openstack/ironic/+/93921715:18
cardoeJayF: so I +2'd the DB one. Prior to it having conflicts, it had 3 +2's so let's +W that?15:23
JayFlooking15:24
JayFI think we were hoping for a +2 from dmitry, but I'm onboard with landing it, that's what followups are for15:24
JayFty for pointing at that :)15:24
cardoehjensas: We previously spoke about trunking missing in network_data.json, https://review.opendev.org/c/openstack/nova/+/941227 is a patch series I wanted to add you on.15:28
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: Remove pre-victoria cycle agent token transition upgrade support  https://review.opendev.org/c/openstack/ironic-python-agent/+/94156515:28
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: Remove agent_token_required upgrade knob  https://review.opendev.org/c/openstack/ironic-python-agent/+/94156615:28
hjensascardoe: ok, I added myself on the review. cloud-init is already able to parse/use vlan information from network_data.json JSON schema right?15:35
cardoeYes.15:35
cardoeWith the caveat of https://github.com/canonical/cloud-init/issues/601815:36
opendevreviewcid proposed openstack/ironic-python-agent master: Ensure IPA is locked down in rescue mode  https://review.opendev.org/c/openstack/ironic-python-agent/+/94148915:44
hjensascardoe: ah, I wonder if using systemd link files would make sense to give interfaces names. If we could get cloud-init to write the link files. (https://manpages.debian.org/buster/udev/systemd.link.5.en.html)15:47
JayFIs there a good upstream image anywhere that's suitable for using with arm servers?15:49
JayFTrying to prototype a thing and all I can find are installers and images built for raspberry pi.15:49
JayFThis is an Ampere-something :D 15:49
JayFapparently it's one of these https://www.hpe.com/uk/en/servers/proliant-rl-300.html15:52
arne_wiebalckI see that the Redfish interop profiles made it to the Ironic code base and that they are referenced in DMTF documents (great!). Has anyone experience using them for compliance testing when purchasing new hardware?15:54
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135215:58
fricklerJayF: upstream image for what? I did install bookworm on one ampere machine recently16:00
JayFliterally anything that Ironic could install16:01
JayFso it needs to be an *image* not an installer16:01
JayFmy downstream trying to hello-world their multiarch16:02
fricklerah, I didn't get to trying ironic with it yet. but I'll sure be interested in any experience you come up with ;)16:04
JayFyou just did a installer install then, yeah?16:04
JayFthat's what we're finding; it's tough to find a prebuilt image that's not specific to hardware (in all cases seemingly: rpi) or cloud usage 16:05
JayFbut lots and lots of "just install it"16:05
shermanmI've had good luck with the ubuntu cloud arm64 images, and used them as a base to build our own.16:07
shermanme.g. https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-arm64.img16:07
cardoearne_wiebalck: I want to. 16:08
JayFshermanm: did they contain expected drivers/bootloaders/etc for hardware or did you have to add them?16:09
JayFshermanm: our final state will be something along the lines of building our own, but trying to do a QA run sooner16:09
JayFwe're hitting errors about mounting read only when trying to install the bootloader, and when I saw it was a cloud image I kinda immediately blamed it lol16:10
shermanmit all worked basically out of the box, I think I had to add network drivers for some servers, but that wasn't a platform issue?16:10
shermanmcaveat, we're running these on cavium thunderx2, and fujitsu a64fx, so not a 1-1 match with yours16:10
shermanmboth of these are uefi boot, anything thats u-boot is more of a headache16:11
JayFThanks, that's really helpful.16:14
JayFIt completely blows up my hypothesis that these images might be shaped wrongly for ironic16:14
TheJuliaI need way more coffee today16:15
JayFI wouldn't be surprised for a failure mode of "machine won't boot" but it not imaging seemed weird16:15
JayFI went to 7/11 and got a red bull for the first time in a long time, I knew it'd be one of those days lol16:15
arne_wiebalckcardoe: Ok, thanks! The question of what we need to specify in terms of Redfish for upcoming purchases came up today and I remembered we tried to push these profiles a while ago.16:15
arne_wiebalckcardoe: We may have a look and see if/how we could use them in the process.16:16
JayFarne_wiebalck: I believe they were recently revised for accuracy too16:16
arne_wiebalckJayF: Thanks!16:16
arne_wiebalckJayF: Are they still based on the whole potential of sushy?16:16
JayFI don't fully understand what you're asking, but I'm pretty sure I don't know the answer :)16:17
arne_wiebalckJayF: :-D16:17
arne_wiebalckJayF: At the time the calls to a potential endpoint were using all potential calls in sushy.16:17
jrosserJayF: are you doing ironic+ampere?16:18
* jrosser reads back16:18
arne_wiebalckJayF: So, this is mostly likely a superset of what a deployment really needs.16:18
JayFjrosser: we're trying to hello-world a cloud image (of really any distro) onto a https://www.hpe.com/uk/en/servers/proliant-rl-300.html16:18
JayFjrosser: using yoga + some pulled forward patches for the *_by_arch configurations16:19
jrosserah please ask mossblaser :)16:19
arne_wiebalckJayF: cardoe: We may have a look, but if you have any experience to share, let me know!16:19
jrosserwe have this working in our environment on supermicro+ampere16:19
JayFarne_wiebalck: I haven't done purchasing in literally a decade, so I won't have a lot to help. :( 16:19
JayFI mainly just wanna know what image16:19
shermanmon this topic, does anyone have nvidia's grace / grace-hopper machines yet? I'll need to make them play nice with ironic eventually16:21
TheJuliaNobodyCam: ^ 16:24
mossblaserJayF: For our infrastructure we're using images generated by disk image builder using the configuration outlined here: https://docs.openstack.org/openstack-ansible-os_ironic/latest/configure-ironic-multiarch.html#building-an-aarch64-user-image16:26
JayFmossblaser: ack; we're trying to avoid that path right now for a really hilarious simple reason: the bootstrap problem16:27
JayFmossblaser: you need an arm machine to build an arm machine, and $downstream_security makes it tough to navigate that path inside the firewall16:27
jrosserfree tier on oracle cloud can fix that16:28
mossblaserah yes! (we have regular ARM nova VM compute nodes which we run this one)16:28
mossblaser(but as it happens we didn't have those when we first started so as jrosser says, we actually bootstrapped using oracle's free tier systems(!))16:28
JayFjrosser: oracle has a free tier that'll abduct all the security guys that would say "STOP" when I tried to use a random cloud server ;) 16:29
shermanmwe've actually been happily building ARM dib images on x86 servers16:29
mossblaser(I think I did manage to run DIB in a qemu soft-emulated ARM to completion once just to see if it could work.... but... just don't do that!)16:29
mossblasershermanm: does it "just work" or did you need to do something special? (I'm fairly sure I recall this not working when I first tried it)16:30
shermanmjayf: btw, I just confirmed that the exact ubuntu noble image above works via ironic on our arm servers16:30
JayFmossblaser: I have https://wiki.gentoo.org/wiki/Embedded_Handbook/General/Compiling_with_QEMU_user_chroot setup locally and use it a lot, but that's all on my gentoo laptop :D 16:30
JayFshermanm: ack, tyvm16:30
JayFshermanm: what ironic version?16:30
shermanmthis was via 2023.1, but we've also got it working on xena on a different site16:31
JayFack16:31
JayFthat's very useful, thank you16:31
mossblaseryeah; I think if you're even considering using an emulated VM, a USB stick (or Redfish/IPMI-boot-from-virtual-USB-stick) to manually bootstrap would be a better option!16:31
JayFConfirmed we get the same error on noble :( 16:31
mossblaser(i.e. to use the machine to generate the image ;), not as a day-to-day solution(!))16:32
JayFhttps://www.irccloud.com/pastebin/ecHB0UAC/16:32
JayFthe  /dev/nvme0n1p15 looks suss to me16:32
opendevreviewMerged openstack/ironic stable/2024.1: Fix redfish session cache on missing password  https://review.opendev.org/c/openstack/ironic/+/94063516:36
shermanmmossblaser: it "just worked" so long as we had the correct deps installed, here's a dockerfile I've been using16:42
shermanmhttps://github.com/ChameleonCloud/ipa-builder/blob/main/ipa_builder/Dockerfile16:42
shermanmmost important is `qemu-user-static`, debootstrap will use it automatically if the arch flag is set16:42
shermanmsame for running docker containers across architectures. it's slow, but not as bad as you'd guess, especially for bootstrapping16:42
jrosseri think a factor for us was that i don't think there is a prebuilt cloud image that uses the 64k-page (largemem) kernel16:47
JayFour end state will be a downstream built image16:49
JayFwe're just literally trying to get prototype server #1 past the finish line :)16:49
JayFyou all have given us lots of useful data and info16:49
shermanmnot that you're hitting it, but I'll note one issue that gave us fits initially is that the arm64 ipxe binaries that ship with ubuntu don't support gzip, and couldn't extract the arm64 IPA initramfs16:50
JayFwill keep that in mind16:50
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135217:08
rpittaugood night! o/17:11
JayFshermanm: hilariously enough, someone in #ubuntu-arm is telling me the cloud image won't work lol17:16
JayFI trust the person who actually did the thing 17:16
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: Remove pre-victoria cycle agent token transition upgrade support  https://review.opendev.org/c/openstack/ironic-python-agent/+/94156517:36
opendevreviewJulia Kreger proposed openstack/ironic-python-agent master: Remove agent_token_required upgrade knob  https://review.opendev.org/c/openstack/ironic-python-agent/+/94156617:41
TheJuliaI've got a bunch of open small oci patches, fixing minor things and allowing image_download_source=http with registries enforcing authentication, I'll re-test once everything once merged since its just a pain to layer it all together right now :)17:58
opendevreviewcid proposed openstack/ironic-python-agent master: Add token validation to command GET endpoints  https://review.opendev.org/c/openstack/ironic-python-agent/+/94153918:00
jrosserJayF: I just deployed an ampere node successfully with the stock noble cloud image18:08
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135218:55
opendevreviewMerged openstack/ironic master: DB: inspection rules migration  https://review.opendev.org/c/openstack/ironic/+/93931819:19
TheJuliaouch21:40
TheJuliahttps://www.irccloud.com/pastebin/XaCAqUMv/21:40
fricklercodeberg is under massive ddos from what I've heard. related: https://blog.codeberg.org/we-stay-strong-against-hate-and-hatred.html21:44
JayFWe could self-mirror that into something like github.21:44
TheJuliadunno, just stinks (and really, sort of annoying we build so many things for tinyipa, but it is what it is)21:47
TheJuliaMetal3 also timing out. Fridays are often better for CI :)22:15
cardoeShould we have prebuilt pieces and other loops test building those?22:17
opendevreviewcid proposed openstack/ironic master: Pass agent token to get command results  https://review.opendev.org/c/openstack/ironic/+/94160722:33
opendevreviewcid proposed openstack/ironic-python-agent master: Ensure IPA is locked down in rescue mode  https://review.opendev.org/c/openstack/ironic-python-agent/+/94148922:36
opendevreviewcid proposed openstack/ironic-python-agent master: Add token validation to command GET endpoints  https://review.opendev.org/c/openstack/ironic-python-agent/+/94153922:38
opendevreviewcid proposed openstack/ironic-python-agent-builder master: Prevent service restart while in 'rescued' state  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/94161022:39
opendevreviewcid proposed openstack/ironic-python-agent master: Ensure IPA is locked down in rescue mode  https://review.opendev.org/c/openstack/ironic-python-agent/+/94148922:47
*** dmellado075539373 is now known as dmellado0755393722:48
opendevreviewJay Faulkner proposed openstack/ironic master: Make _by_arch ramdisk settings apply for pxe  https://review.opendev.org/c/openstack/ironic/+/94161122:54
opendevreviewcid proposed openstack/ironic-python-agent master: Ensure IPA is locked down in rescue mode  https://review.opendev.org/c/openstack/ironic-python-agent/+/94148922:54
opendevreviewcid proposed openstack/ironic master: Pass agent token to get command results  https://review.opendev.org/c/openstack/ironic/+/94160723:23
opendevreviewcid proposed openstack/ironic master: Pass agent token to get command results  https://review.opendev.org/c/openstack/ironic/+/94160723:24
opendevreviewcid proposed openstack/ironic master: Pass agent token to get command results  https://review.opendev.org/c/openstack/ironic/+/94160723:25
opendevreviewcid proposed openstack/ironic-python-agent master: Add token validation to GET command endpoints  https://review.opendev.org/c/openstack/ironic-python-agent/+/94153923:28
« Wednesday, 2025-02-12 Index Friday, 2025-02-14 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!