Friday, 2025-02-14

« Thursday, 2025-02-13 Index Saturday, 2025-02-15 »
opendevreviewSteve Baker proposed openstack/ironic master: Utility functions for graphical console drivers  https://review.opendev.org/c/openstack/ironic/+/93950500:56
opendevreviewSteve Baker proposed openstack/ironic master: Add ironic-novncproxy service  https://review.opendev.org/c/openstack/ironic/+/93919100:56
opendevreviewSteve Baker proposed openstack/ironic master: [WIP] Add systemd provider for console containers  https://review.opendev.org/c/openstack/ironic/+/94161400:56
opendevreviewSteve Baker proposed openstack/ironic master: [WIP] implement drivers redfish-graphical, fake-graphical  https://review.opendev.org/c/openstack/ironic/+/94161500:56
opendevreviewAndrew Bonney proposed openstack/ironic master: Filter physnets when ports are pre-allocated to a segment  https://review.opendev.org/c/openstack/ironic/+/94134308:40
opendevreviewAndrew Bonney proposed openstack/ironic master: Filter physnets when ports are pre-allocated to a segment  https://review.opendev.org/c/openstack/ironic/+/94134308:44
opendevreviewMerged openstack/metalsmith master: Add ability to specify columns used for json output  https://review.opendev.org/c/openstack/metalsmith/+/92899311:23
opendevreviewHarald Jensås proposed openstack/ironic master: [WIP] OVN UEFI IPv6  https://review.opendev.org/c/openstack/ironic/+/94135212:16
*** tkajinam is now known as Guest912913:39
TheJuliaJayF: w/r/t https://review.opendev.org/c/openstack/ironic/+/941607, it LTGM14:20
TheJuliaErr LGTM14:20
opendevreviewHarald Jensås proposed openstack/ironic master: OVN UEFI IPv6 CI job  https://review.opendev.org/c/openstack/ironic/+/94135214:36
cardoeHow far back does that need to be backported?15:07
TheJuliaLikely to all current stable branches once merged15:08
kubajjShould it be possible to backport to unmaintained branches as well? (Just out of curiosity. I've got a weird error message when I tried to backport to antelope in IPA, maybe cause by the change https://review.opendev.org/c/openstack/ironic-python-agent/+/936679 failing? But no clue)15:23
TheJuliaIt can be possible15:24
TheJuliaeh, that looks like CI is just unhappy15:24
TheJuliaI guess the question is how much CI we keep on the oldest branches15:24
opendevreviewMerged openstack/ironic-python-agent master: Trivial:Remove codespell job (moved to pre-commit)  https://review.opendev.org/c/openstack/ironic-python-agent/+/94145615:51
JayFshermanm: jrosser: We tracked it down to a very, very slow BMC (thank you power_wait+power_state_change_timeout) and a bad IPA build with some permissions issues16:06
JayFwe have it deployed, thank you for the help16:06
opendevreviewMerged openstack/ironic master: Pass agent token to get command results  https://review.opendev.org/c/openstack/ironic/+/94160716:12
jrosserJayF: good it’s working - would be interesting to hear if you find any surprises with the hp ampere16:36
JayFjrosser: we got some interesting errors out of it before we slowed Ironic down; I've encouraged downstream engineers to share those in an upstream bug but I generally let them do it so I don't spill any beans :D 16:37
jrosserI’ve wondered how closely related it is to the supermicro as they’re both openbmc and almost certainly derived from the same reference design16:37
JayFYou should not assume that the hardware we're using has an off-the-shelf BMC configuration.16:37
TheJuliawould they be issues like... the bmc state takes like 5 minutes to update?16:38
jrosserobliquely relatedly, has anyone seen virtual media boot validate the certificate of the web server that the boot image is retrieved from?16:44
jrosserrather than just accept whatever random cert might be presented16:45
dtantsursome vendors start doing it by default. I think we've seen Dells?16:46
dtantsurCan be turned on/off in GUI16:46
JayFdtantsur: an error around being unable to adjust power state in post, and something generically invalid16:49
JayFdtantsur: all resolved by upping ironic timeouts and power_wait16:50
JayFdtantsur: but it still looked like something we'd wanna retry in sushy16:50
TheJuliacid: if you still around, https://review.opendev.org/c/openstack/ironic-python-agent/+/941489 needs a minor release not fix so we can backport it16:51
cidAlright, taking a look now. 16:54
TheJuliacardoe: I'm good with https://review.opendev.org/c/openstack/networking-generic-switch/+/93921117:08
opendevreviewcid proposed openstack/ironic-python-agent master: Ensure IPA is locked down in rescue mode  https://review.opendev.org/c/openstack/ironic-python-agent/+/94148917:19
shermanmI was happy to come across this in the queue, https://review.opendev.org/c/openstack/ironic/+/699953, it would definitely improve things for us17:31
TheJuliaYeah, I wnat to get that merged in17:32
cardoeTheJulia: I'm good with Andrew's change as well. Given how neutron works.17:39
cardoeIt's still wrong wrt to the spec. One of the random things I need to track on my behavioral delta to NGS.17:39
cardoeBut its neutron internals that are wrong.17:40
cardoeThat's all I was trying to say before.17:41
cardoe+1 to that patch as well shermanm.17:42
opendevreviewJulia Kreger proposed openstack/ironic master: trivial: de-distro dnsmasq version check  https://review.opendev.org/c/openstack/ironic/+/94170918:49
opendevreviewJulia Kreger proposed openstack/ironic master: trivial: lock dnsmasq check to ubuntu  https://review.opendev.org/c/openstack/ironic/+/94171018:49
TheJuliaI happen to be firing up devstack in fips mode on centos, so... those bit me18:52
*** awb_ is now known as awb19:04
opendevreviewJulia Kreger proposed openstack/ironic master: Filter physnets when ports are pre-allocated to a segment  https://review.opendev.org/c/openstack/ironic/+/94134319:22
TheJuliacardoe: ^ the ironic patch Andrew mentions, I've added a release note19:22
opendevreviewJulia Kreger proposed openstack/ironic master: CI: Set multinode jobs to fail if binding fails  https://review.opendev.org/c/openstack/ironic/+/94171219:44
opendevreviewSatoshi Shirosaka proposed openstack/ironic-python-agent master: WIP Add ContainerHardwareManager  https://review.opendev.org/c/openstack/ironic-python-agent/+/94171419:52
shermanm(very much not an ironic question): some time back I recall mention of who to talk to about bugs / feature requests for gophercloud? I was looking into adding support for blazar, but wasn't sure where to start20:19
JayFthey have a github, you could open an issue20:21
JayFadamcarthur5 might have some specific advice for getting started there20:21
opendevreviewJulia Kreger proposed openstack/ironic master: Fix devstack plugin for centos  https://review.opendev.org/c/openstack/ironic/+/94172020:49
opendevreviewJulia Kreger proposed openstack/ironic master: Fix devstack plugin for centos  https://review.opendev.org/c/openstack/ironic/+/94172020:53
opendevreviewSatoshi Shirosaka proposed openstack/ironic-python-agent master: WIP Add ContainerHardwareManager  https://review.opendev.org/c/openstack/ironic-python-agent/+/94171421:02
opendevreviewJulia Kreger proposed openstack/ironic master: Fix devstack plugin for centos  https://review.opendev.org/c/openstack/ironic/+/94172021:05
opendevreviewJay Faulkner proposed openstack/ironic stable/2024.2: Pass agent token to get command results  https://review.opendev.org/c/openstack/ironic/+/94172221:06
JayFstevebaker[m]: 21:11
JayFwhoops21:11
JayFstevebaker[m]: I approved https://review.opendev.org/c/openstack/ironic/+/939505/8#message-8a9c62a4093c2d91b8c00757be34dedb9b15da1f but had a security-related question, if you don't mind making sure you make sure we're safe there it'd be great21:12
TheJuliaJayF: anything with secret or password in the name gets scrubbed by the api surface code21:13
JayFack, I knew "password" was, I wasn't sure about "secret"21:13
TheJuliayeah, it is21:13
JayFtyvm for confirming21:13
JayFI was like, 99% sure but it's good to be 10021:14
TheJuliaI double checked for the oci authentication stuffs21:14
TheJulia(and yeah, it scrubbed it on the api side as expected (annoyingly so!))21:14
TheJuliathat being so, it is *always* good to double check21:14
stevebaker[m]JayF: that key is why I proposed this change in the first place, which hasn't actually landed yet https://review.opendev.org/c/openstack/ironic/+/93950421:19
JayFwhat are you talking about? that's approved, and it totally didn't get approved 13 seconds after you pasted it in IRC and I saw it :P 21:20
JayF(I had read that two days ago  and wanted to see if Kaifeng had anything else to chime in)21:20
JayFI'm sure I'll approve it again when I get to it in my massive tabs of review queue :D 21:21
stevebaker[m]:D21:21
JayFTheJulia: is your comment on https://review.opendev.org/c/openstack/ironic-python-agent/+/941300/3/ironic_python_agent/extensions/standby.py#75 still valid or is that what the `return r` fixed?21:26
stevebaker[m]Hey the graphical console work includes this whole other repo for the actual browser container (README will be written next week). We need to decide where the scripts should live, and also how others might build and consume a container. One option is that the contents of bin live in the ironic repo, and other existing repos have a way of building a container, like kolla21:32
stevebaker[m]This whole other repo https://github.com/steveb/ironic-vnc-container21:32
JayFI think it should go in ironic-the-program 21:33
JayFGiven we have history of embedding useful/needed scripts, even if containerfiles, e.g. ironic-python-agent/imagebuild (pre ipa-builder), we can probably slot it into ironic21:34
JayFjust make sure that setuptools is setup in a way where they don't end up in pypi bundles21:34
JayF(or maybe we do install them as resources? hmmmmm)21:34
stevebaker[m]so pull that whole repo into the ironic repo?21:34
JayFThat's what I'd think to do. I'm not sure everyone would agree :)21:35
JayFwe have examples in ipa repo, which is basically just bonus code21:35
JayFmaybe even just tools/vnc-container/[repo contents]21:35
JayFor something similarly better named21:35
stevebaker[m]yeah that would certainly be easiest. The container is currently opinionated centos21:36
JayFmaybe specifically namespace the container to centos then?21:37
JayFso if others want to contribute more, more power to them21:37
JayFI suspect my downstream will run what they are given :) 21:37
stevebaker[m]getting these scripts into pypi or whatever would actually be useful, because there will be other container build pipelines that need to consume them https://github.com/steveb/ironic-vnc-container/tree/main/bin21:37
JayFshould it be it's own repo/project then?21:38
stevebaker[m]they could be packaged as resources I think21:39
stevebaker[m]like setup.cfg data_files to /usr/share/ironic/vnc-container or something21:40
JayFyeah21:41
JayFyou are thinking along the lines as me now21:41
JayFand distro people can tar it up if they want :D 21:41
stevebaker[m]yep, like RDO could create a sub-package with just those scripts, and a container build can depend on that21:43
TheJuliaJayF: oh yeah, return r was all that was needed21:43
JayFI already +2d with that assumption as a condition21:43
JayFI have reviewed most everything outstanding AFAIK, if I missed something anyone needs please link it to me.21:44
TheJuliahonestly, I'd pull either into ironic's repo or another repo, but preferably ironic's main repo if possible since this is on a path to become core functionality21:44
TheJuliaagent just makes sense to be its own because it has a different use which is adjacent to address the overall task21:45
stevebaker[m]a sub directory of tools seems reasonable. Having it in the ironic repo will give it more visibility for adding support for other hardware21:47
JayFTheJulia: the idea of agent being in the same repo had NEVER occurred to me, because it's always been so separate21:47
TheJuliaYeah, even today I would say separate21:48
TheJuliabut for vnc stuffs and service, just all together21:48
JayFI think if we were making the agent today, a LOT of things about it would be different21:51
JayFit's a testament to how flexible the design was that it's still a good tool 10 years later, but I want to go back in time and make it even better :D 21:52
TheJuliahmmm21:58
TheJuliaour bindep stuff dislikes us21:58
TheJuliaso fun problem... our devstack plugin expects xinetd22:02
TheJuliaor inetd at all22:03
TheJuliabut... "nope"22:03
TheJuliaRegarding bidnep, I mean centos22:04
stevebaker[m]xinetd isn't even a thing in centos now. its systemd socket activation22:05
TheJuliayeah22:05
JayFlolwhat22:05
TheJuliayeah22:05
JayF2005 called it wants its service runner back22:06
TheJuliaModern Linux doesn't understand the non-multi-byte encoding22:06
JayFIDK if you need to fix it *right now* but if not, make sure it gets in a bug and I'm sure it'll get a look22:06
TheJuliaI'm trying to do a fips enforce devstack on centos22:07
TheJuliabecause I'm not going to pay ubuntu for ubuntu pro22:07
TheJuliaso I can turn on fips mode22:07
JayF\o/22:07
TheJulia... trying to decide if we just make tftp support optional...22:07
TheJuliaat least in the plugin22:07
JayFIf you don't need it for the testing you're doing, JFDI22:08
JayFbut please do bug it 22:08
JayFbecause that will break somewhere eventually and it's pretty straightforward to fix22:08
TheJuliayeah... trying to decide now22:08
TheJuliaI could vmedia it22:08
cardoeuuhh stevebaker[m] had me at container with a +1222:12
cardoeI know that's not gonna fly but I'm gonna end up building it as a container so the work is done for me22:12
JayFI mean, that's how the vnc console stuff will work22:13
JayFwith a container-based proxy thinger22:13
JayFthat's the official technical term /s22:13
cardoeSo doesn't conflict with cid's changes but if ya want... https://review.opendev.org/c/openstack/ironic/+/940332 is a refactor that fixes an actual bug (pretty small corner case)22:14
TheJuliacan we make that official name?22:15
TheJuliaJayF: bugs filed22:17
JayFcool22:18
JayFI don't have time today, but that'd be a nice relaxing one to take on if nobody gets to it before me :)22:18
JayFsystems stuff always is like a warm blanket compared to the cold dead blackness of python :P 22:18
TheJuliaso. I think one thing to do is just to enable turning off tftp, and see if I can just low memory refish it22:18
JayFthis is an awful suggestion dpeending on if you're trying to do CI or local testing22:19
JayFbut just make it disablable22:19
JayFand manually setup tftp22:19
TheJuliayeah, that is the other major possibility22:19
opendevreviewJulia Kreger proposed openstack/ironic master: Trivial: Enable disabling tftp setup  https://review.opendev.org/c/openstack/ironic/+/94174222:30
cardoeYou just nailed my favor commit message of the day... "enable disabling"22:31
TheJuliaI <3 success22:32
TheJuliaI've swapped my config over to virutal media, so time will tell22:33
cardoeYou know... enabling ruff format and just setting the quote style to single, since we already set the line length... not that bad of a diff.22:38
cardoeThe biggest change is some_func_call(arg1, arg2, {new line and indented over to arg1} arg3, arg4) is instead some_func_call({new line and 4 spaces in} arg1, arg2, arg3, arg4 {new line})22:40
cardoeFound it easier to just enable it and only commit the section I was really changing than to try and edit my code to match the style after the fact.22:41
opendevreviewMerged openstack/ironic-python-agent master: Ensure IPA is locked down in rescue mode  https://review.opendev.org/c/openstack/ironic-python-agent/+/94148922:46
opendevreviewMerged openstack/ironic-python-agent master: Add token validation to GET command endpoints  https://review.opendev.org/c/openstack/ironic-python-agent/+/94153922:46
opendevreviewMerged openstack/ironic-python-agent master: follow-up: update release note for bootable container work  https://review.opendev.org/c/openstack/ironic-python-agent/+/94113922:46
TheJuliacardoe: w/r/t your ML post, that is likelly the cleanest path, to at least try and whip up some templaes or even a superset driver to do some config embedding, But last time I looked... it didn't look like there was much available in the tooling because some of the "fork" looks like in name only22:47
opendevreviewMerged openstack/ironic master: Utility functions for graphical console drivers  https://review.opendev.org/c/openstack/ironic/+/93950522:47
opendevreviewMerged openstack/ironic master: Mask all driver_internal_info in node output  https://review.opendev.org/c/openstack/ironic/+/93950422:47
opendevreviewMerged openstack/ironic master: oci: fix auth config loading  https://review.opendev.org/c/openstack/ironic/+/94147922:47
cardoeI figured let me ask before diving in head first.22:47
cardoeGerrit and Zuul just got back from their coffee break.22:48
opendevreviewMerged openstack/ironic-tempest-plugin master: Testing bad microversions on v1/allocations  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/93721323:11
TheJulia... coffee sounds good23:26
cardoehttps://etherpad.opendev.org/p/cardoe-l2vni-segment-bug here's my jump to conclusions on the issue I saw in Andrew's code.23:28
cardoejamesdenton: ^23:28
opendevreviewMerged openstack/ironic-tempest-plugin master: Testing bad microversions on v1/nodes/{uuid}/firmware  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/93721423:38
« Thursday, 2025-02-13 Index Saturday, 2025-02-15 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!