Thursday, 2025-07-03

opendevreviewAdam McArthur proposed openstack/ironic-specs master: Add emergency bulk operations  https://review.opendev.org/c/openstack/ironic-specs/+/95253301:15
adamcarthur5Hi TheJulia, the spec is in a place where I would be happy to receive another review + suggested next steps. cc cid01:17
adamcarthur5I would love advise on https://review.opendev.org/c/openstack/ironic/+/953352 if possible folks03:01
adamcarthur5cc stephenfin03:01
TheJuliaadamcarthur5: sure, I'll try to take a look tomorrow03:13
opendevreviewVerification of a change to openstack/ironic master failed: Fix Sensor Data values  https://review.opendev.org/c/openstack/ironic/+/95339503:36
opendevreviewMerged openstack/sushy master: Add retry logic to connection failures  https://review.opendev.org/c/openstack/sushy/+/95324803:59
opendevreviewSteve Baker proposed openstack/networking-generic-switch master: Create service plugin to configure security groups  https://review.opendev.org/c/openstack/networking-generic-switch/+/94983403:59
opendevreviewSteve Baker proposed openstack/networking-generic-switch master: Support security groups in netmiko base class  https://review.opendev.org/c/openstack/networking-generic-switch/+/94983503:59
opendevreviewSteve Baker proposed openstack/networking-generic-switch master: Add security group support to netmiko_cisco_nxos  https://review.opendev.org/c/openstack/networking-generic-switch/+/95231403:59
opendevreviewMerged openstack/ironic master: Fix Sensor Data values  https://review.opendev.org/c/openstack/ironic/+/95339506:04
rpittaugood morning ironic! o/07:11
queensly[m]Good morning07:31
abongaleGood morning ironic! 08:29
mumesan[m]Good morning!08:31
ContinuityMorning08:38
dtantsurTheJulia: "eventlet hiding a lot of stuff" is what I suspected too09:35
opendevreviewDmitry Tantsur proposed openstack/ironic-python-agent master: Graceful way for hardware managers to ignore certain devices  https://review.opendev.org/c/openstack/ironic-python-agent/+/95402410:23
opendevreviewDmitry Tantsur proposed openstack/ironic-python-agent master: Graceful way for hardware managers to ignore certain devices  https://review.opendev.org/c/openstack/ironic-python-agent/+/95402410:29
cidIronic, o/11:11
cidI see this new possible "quick fix" bug: https://bugs.launchpad.net/ironic-python-agent/+bug/2115721. Just wondering if this is something we think is worth patching upstream? It seems small enough to be handled downstream if needed, especially given the temporary nature of the --experimental_verify flag in FIO.11:11
cidadamcarthur5, I will ensure to review your updates ++.11:12
cidTheJulia: I indeed will love to listen in :)11:13
stephenfinadamcarthur5: replied12:15
* TheJulia drinks coffee while listening to folks have a managerial sort of meeting12:21
opendevreviewAbhishek Bongale proposed openstack/ironic-tempest-plugin master: Add Tempest tests for inspection rules in Ironic  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/95176112:42
TheJuliacid: dtantsur: do y'all have time to chat?13:17
dtantsurLet me check the state of cooking..13:18
TheJuliay'all being "southern US" for "you all"13:18
dtantsuryes, I am13:21
cidIf you were to start the meeting now, I will be able to join in around ~20mins.13:21
TheJuliaI have another meeting in ~4013:21
TheJuliaI can always sync with dmitry and then sync with you cid, if that works13:21
cidSo, short meeting!13:21
cidTheJulia. Works!13:21
TheJuliahopefully13:21
TheJuliaok13:21
TheJuliadtantsur: https://meet.google.com/ofx-avoq-eni13:21
opendevreviewStephen Finucane proposed openstack/ironic master: api: Add schema for inspection rules API (versioning)  https://review.opendev.org/c/openstack/ironic/+/95403813:45
opendevreviewStephen Finucane proposed openstack/ironic master: api: Add schema for inspection rules API (requests)  https://review.opendev.org/c/openstack/ironic/+/95403913:45
dtantsurTheJulia: okay, yeah, we have stuff: https://docs.python.org/3/library/multiprocessing.html#pipes-and-queues13:51
dtantsurI'm still thinking how I could wire something compatible *before* we pull the trigger on migration13:52
dtantsurI guess it would be a (green) thread in the conductor that is reading from the queue and invoking actual methods13:52
dtantsurwell, that won't allow us to read the response in a sane manner, will it13:53
TheJuliaI'd suspect multiprocessing might still hold the answer in the multiprocessing style, in other words maybe have two parts using the same object initialized by multiprocessing13:54
dtantsuryeah, it seems to have some primitive wrappers around unix sockets or pipes https://docs.python.org/3/library/multiprocessing.html#multiprocessing-listeners-clients13:55
TheJuliafor example, on load of conductor/rpc_service.py, create the queue and have each side work it via the object13:55
TheJuliathat way its initailized upfront and each side can interact with it indepedently13:55
dtantsurmmm, we'll have fun time matching requests to responses13:57
dtantsurit could be easier to actual load the whole JSON RPC mechanism, just through a unix socket13:57
TheJuliayeah13:57
* dtantsur will think more, walkie time now13:57
opendevreviewQueensly Kyerewaa Acheampongmaa proposed openstack/ironic master: Add manual clean and automated verify steps to set BMC clock via Redfish Manager  https://review.opendev.org/c/openstack/ironic/+/95347714:11
TheJuliarofl, in doing what I discussed, I can see why some of the other weirdness occured14:17
TheJuliawhich means eventlet was *never* completely executing service startup14:17
Sandzwerg[m]Hello wonderful people of ironic, as usual I have a question. I'm still trying to get secure boot working. I have issues with the centos images, with the pre-build images by you as well as when I build it myself with the ironic-agent-builder. But centos 9 seems to use a real old shim version so that might be related. When I try it with ubuntu noble the bootloader/esp seems to work but then it doesn't find kernel & ramdisk, if I14:37
Sandzwerg[m]try to build it with the ubuntu-signed element that fails because in noble the package name changed. (From what I found it seems to be the normal kernel images by know). Is there a known working esp & kernel & ramdisk for secure boot? If not what would be the easiest way to change/adapt the ubunut or ubuntu-signed element? I briefly looked at the docs but I don't think I want to build something from the ground up I just to make14:37
Sandzwerg[m]sure some packages like shim are included. But maybe  missunderstood the documentation and it's easier then I thought? I'm grateful for any pointers.14:37
TheJuliaSandzwerg[m]: I'll try to respond, but it may be ~45 minutes, need to walk dog and have a meeting right after getting the dog back in side14:40
Sandzwerg[m]Thanks, have a good walk :)14:42
TheJuliaokay, I think the issue your hitting signing issues. So the tl;dr is each vendor's shim only recognizes their own signed artifacts because it only knows their signing key. The other aspect it sounds like you might be hitting, and percieving it as "old shim" is the signing keys doing the verification on the firmware side are supposed to recognize each signed msft key, there are two of them, and shim may ship from vendors 14:59
TheJuliawith different versions.14:59
TheJuliaThat different version is supposed to be recognized by the firmware, but might not be, so it might result in some weirdness15:00
TheJuliaThere is also an aspect with VMs and what ships, so I guess the question is what are you trying to boot with secure boot. Knowing that will help ground the conversation as well :)15:00
TheJuliadtantsur: approx 298 tests use _start_service ;)15:01
Sandzwerg[m]In this case I have a dell R760 node. If I take the centos9 iso and boot that I think I was able to boot it with secure boot. At least I'm in general able to boot secure boot enabled stuff if I deploy it before. But now I need to get IPA to support secure boot. To my understand that means the ESP that I build must fit to the kernel & ramdisk I use for IPA and both need to include shim & must be signed. 15:11
Sandzwerg[m]My first issue was the ESP. For Centos I still have no esp that "works" even when I build it with the (IMHO) correct shim in a secure booted centos9 VM15:12
Sandzwerg[m]For ubuntu I now have a esp that doesn't give me a "there was an error with secure boot" (or something along these lines) right at the start, also build in a secure boot enabled & booted ubuntu VM15:14
Sandzwerg[m]But then the ramdisk & kernel are not found. My current working theory: because it's not build with shim as I didn't saw shim during the install log 15:16
opendevreviewMerged openstack/ironic-specs master: Add support for standalone network configuration  https://review.opendev.org/c/openstack/ironic-specs/+/95212615:26
Sandzwerg[m]Like, if I sent the output of the ironic-python-agent-builder and grep for packages I find stuff related to efi, grub, kernel but no shim, so my current theory is that shim is missing15:51
Sandzwerg[m]I need to drop now but I'll be back tomorrow. Have a nice timezone o/16:01
dtantsurTheJulia: uuuuugh16:09
* TheJulia appears like an emergency medical hologram16:10
TheJulia"Please state the nature of the technical emergency"16:10
dtantsurlol16:10
cidlol16:11
TheJuliaSandzwerg[m]: reading16:11
TheJuliaSandzwerg[m]: so, ubuntu failing that way seems super weird, how are you booting? virtual media?16:12
TheJuliaSandzwerg[m]: what might help is a file list of the the media and the content layout in the esp image16:12
Sandzwerg[m]Yes this is all virtual media, sorry I forgot to mention it16:13
TheJuliaThe caveat which can also exist I guess is preferred file paths can be burned into shim as well16:14
TheJuliaEach vendor's shim is vendor customized16:14
dtantsurTheJulia: forgot to say: wait_for_start existed because otherwise we're signaling systemd that the start-up was successful before the actual start-up16:17
dtantsurI guess we're regressing in this area now, this is worth adding to known issues or something16:18
TheJuliayeah, absolutely16:18
dtantsur(assuming we even have the systemd notification still)16:18
TheJuliasince we're forking off a thread, yeah. I think the idea moving forward is to try and enhance our pre-flight checking as much as possible for known issues and fail before the new process is launched16:19
TheJuliaAnyhow, one step at a time16:19
dtantsuryeah, I guess stuff like config or driver initialization can be done much earlier than init_host16:21
TheJuliaConfig is, driver init init is a bit harder and in reality it might end up being done twice, one just as a "sanity check for purposes of failing start"16:28
dtantsuryeah, make sure all entrypoints are there. Maybe a new method to validate configuration only.16:29
TheJulia++16:30
dtantsurbtw if oslo.service doesn't have systemd support at all any more (and it looks so), we'll break bifrost and any similar systemd unit configurations16:33
dtantsurthey're set up to wait for sd_notify16:33
TheJuliaYeah, I've got an item on my team's backlog to start trying to figure out what/how we can move that forward16:34
dtantsurI think it's a matter of copying the relevant code from the eventlet backend, which got lost for some reason16:35
dtantsurunless it's in cotyledon already16:35
TheJuliaThat i didn't check16:35
TheJuliaI just created a story for someone to dig into it16:35
dtantsur++16:35
TheJuliaI don't know if it will be on our plans in the next coupld of sprints though, I think undrestanding wise, we will want to be able to take our stack of patches to move to threading and have an a/b comparison to corretly inform tuning/docs16:36
TheJuliaooooohhh ahhhhhh now only 113 tests fail!16:43
dtantsurprogress!16:43
TheJuliashould be better on this next run. The furstraitng thing is some of the tests break/expect the state resolution logic to have also executed (ugh!)16:46
TheJulia110.... 17:15
TheJuliadtantsur: back to no steps returned :\ At least getting closer https://www.irccloud.com/pastebin/8mhw1E3g/17:29
Sandzwerg[m]<TheJulia> "The caveat which can also..." <- So far to me it seems that shim is missing in the kernel & ramdisk image but is present in the esp. 18:00
TheJulia24 tests...18:03
TheJuliayeah, it doesn't need to be in the image itself18:03
TheJuliabut... if its not there then weirdness can occur18:03
TheJuliauhhh in any code expecting it to be a filesystem18:03
Sandzwerg[m]I'm trying to figure out how I can edit a dib element to include it, or that's the plan for tomorrow18:06
TheJuliaits a package... shim-signed I believe18:07
TheJuliaso, easy short term test, add -p shim-signed18:08
TheJuliato the dib build command line18:08
TheJulia21 tests18:09
TheJuliamuahahaha, 1118:46
opendevreviewJulia Kreger proposed openstack/ironic master: Replace GreenThreadPoolExecutor in conductor  https://review.opendev.org/c/openstack/ironic/+/95293922:58
opendevreviewJulia Kreger proposed openstack/ironic master: WIP: Set the backend to threading.  https://review.opendev.org/c/openstack/ironic/+/95368322:58
opendevreviewJulia Kreger proposed openstack/ironic master: Cleanup tests for eventlet migration  https://review.opendev.org/c/openstack/ironic/+/95407322:58
TheJuliacid: I touched up the green thread pool executor patch and put it in line with cleaning up the tests22:58
TheJuliamy backend swap is going to need the A/B performance comparision testing (and more unit tests fixed/retooled since we have to go from booleans for some things to flags for concurrency/interaction across threads.22:59
* TheJulia calls it a day23:00
TheJuliaerr, mabe not23:11
TheJuliamaybe not23:11
opendevreviewJulia Kreger proposed openstack/ironic master: WIP: Set the backend to threading.  https://review.opendev.org/c/openstack/ironic/+/95368323:15
TheJuliacid: dtantsur: unit tests pass on ^, so we'll just need to figure out single process service stuff for inter-process comms, and then benchmark a before and after if I understand where w'ere at correctly.23:16
* TheJulia really goes away now23:16

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!