| opendevreview | Merged openstack/ironic-python-agent master: Log efibootmgr output as part of the system logs https://review.opendev.org/c/openstack/ironic-python-agent/+/954563 | 02:31 |
|---|---|---|
| dtantsur | TheJulia: I wonder if it's going to work out of box with JSON RPC. Otherwise, I've been thinking about this option (generally moving reads/writes to the conductor) as well. | 10:53 |
| dtantsur | TheJulia: also, check this out! https://review.opendev.org/c/openstack/ironic/+/954755 passes both bifrost and metal3 jobs (both use local RPC) | 10:55 |
| dtantsur | Interestingly, it creates a blueprint for decomposing Ironic into more processes without necessarily affecting upgrades | 10:58 |
| * dtantsur is curious how much RAM new Ironic requires | 10:59 | |
| dtantsur | 500M vsz, 156 rss on bifrost. A bit more IIRC, nothing dramatic though. This is without migrating conductor to normal threads. | 11:01 |
| opendevreview | Dmitry Tantsur proposed openstack/bifrost master: Release note for ironic-inspector deprecation https://review.opendev.org/c/openstack/bifrost/+/954877 | 11:13 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic master: Remove focus from ironic-inspector in the documentation https://review.opendev.org/c/openstack/ironic/+/954879 | 11:18 |
| TheJulia | dtantsur: skimming the code, it looks like it might work out of the box with json rpc with a tweak | 14:32 |
| dtantsur | neat | 14:37 |
| dtantsur | Unrelated thought: now that I'm proposing automatic TLS for the local RPC, I'm seriously pondering automatic TLS for remote JSON RPC too | 14:42 |
| dtantsur | Like, generate a certificate for CONF.host, store its fingerprint in the conductors table | 14:42 |
| TheJulia | its not a bad idea | 14:48 |
| dtantsur | Gemini thinks it's doable and secure, I have no reasons not to trust it :D | 14:59 |
| dtantsur | okay, I got this idea out of my head, now I can get back to Sunday: https://bugs.launchpad.net/ironic/+bug/2116812 | 15:15 |
| TheJulia | heh | 15:38 |
| TheJulia | have a great evening! | 15:38 |
| TheJulia | I just wrapped up meeting minutes that I've been avoiding this past week :) | 15:39 |
| TheJulia | dtantsur: yeah, looking pretty good. I'd do some doc updates as well, and maybe a limitation note around the cert lifetime. FWIW | 16:27 |
| dtantsur | Thanks! Actually, I need to check how large the resulting certificates are. Maybe they can fit in the conductors table directly, that would make the implementation much easier. | 16:43 |
| TheJulia | ++ | 16:43 |
| TheJulia | I'm a little worried about upgrade path, but it also looks isolated | 16:43 |
| dtantsur | Yeah, I'll think about it. Should not be too bad: if fingerprint is not present, assume no auto TLS on the server side. | 16:44 |
| dtantsur | 505 bytes. It's not tiny, especially since the conductors table is a high-traffic one. | 16:47 |
| TheJulia | but if loaded into memory once.. or twice... *shrug* | 16:55 |
| opendevreview | Merged openstack/ironic-python-agent master: Trivial: avoid root logger in modules https://review.opendev.org/c/openstack/ironic-python-agent/+/954243 | 17:23 |
| opendevreview | Queensly Kyerewaa Acheampongmaa proposed openstack/ironic master: Add manual clean and automated verify steps to set BMC clock via Redfish Manager https://review.opendev.org/c/openstack/ironic/+/953477 | 21:35 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!