05:01:24 #startmeeting Ironic 05:01:24 #chair devananda 05:01:24 Meeting started Tue Feb 17 05:01:24 2015 UTC and is due to finish in 60 minutes. The chair is NobodyCam. Information about MeetBot at http://wiki.debian.org/MeetBot. 05:01:25 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 05:01:26 #chair jroll 05:01:27 The meeting name has been set to 'ironic' 05:01:28 woot 05:01:29 Current chairs: NobodyCam devananda 05:01:30 uh oh 05:01:31 Current chairs: NobodyCam devananda jroll 05:01:36 Welcome everyone to the Ironic meeting. 05:01:40 o/ 05:01:43 o/ 05:01:44 o/ 05:01:46 o/ 05:01:49 I suddenly have responsibility. I don't like it. 05:01:51 Of course the agenda can be found at: 05:01:51 #link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting 05:01:52 \o 05:01:55 o/ 05:01:56 o/ 05:02:00 #topic Greetings, roll-call and announcements 05:02:01 Roll-call: Who's here for the Ironic Meeting? 05:02:04 o/ 05:02:15 howdy all 05:02:24 o/ 05:02:26 o/ 05:02:34 announcements: 05:02:55 * rameshg87 understands i should raise hands only during roll-call 05:03:01 we had a good meetup in SF ... Thanks to rackspace for hosting 05:03:14 Thanks SFO Rackers! 05:03:37 :) 05:03:41 \o/ 05:03:46 y'all are welcome any time, officially or not 05:03:57 I promise to have working internet next time 05:04:02 lol :) 05:04:27 Devananda may be lurking, but I expect he's mostly still recovering from travel plage 05:04:32 moring mrda 05:04:54 afternoon here now :) 05:05:05 o/ 05:05:10 another announcement: we have lots of code that needs reviewing 05:05:13 for k# 05:05:23 k3 even 05:05:44 indeed 05:05:52 #link https://launchpad.net/ironic/+milestone/kilo-3 05:06:02 so much code 05:06:50 and about a mounth to land it all 05:06:53 #link https://wiki.openstack.org/wiki/Kilo_Release_Schedule 05:07:11 :) 05:07:28 focus focus focus 05:08:05 NobodyCam, some blueprint's (merged spec) target need to set 05:08:13 NobodyCam: jroll: devanand_ : I'm really interested in the review statuses which were originally planned kilo-2 05:08:30 NobodyCam, for example https://github.com/openstack/ironic-specs/blob/master/specs/kilo/ironic-generic-raid-interface.rst 05:08:33 :) so the more eyes the better... focus on functionality nit can be addressed in followup patches 05:08:41 NobodyCam: such as ATM, non-glance, and iRMC etc. 05:08:58 rameshg87: when devanand_ is no longer sick, please poke him to do that 05:09:06 naohirot: which, specifically? 05:09:07 jroll, okay 05:09:31 oh I should also anouunce that we will be having someone start to track the spec/bp status starting tomorrow (for us) 05:09:37 Nobodaycam, I would like to add iLO node cleaning to K3 05:09:55 NobodyCam: well, you should introduce them 05:10:00 NobodyCam: who's that? :D 05:10:09 that would be BadCub :) 05:10:11 * jroll \o/ for a BadCub 05:10:14 jroll: https://review.openstack.org/#/c/134865/ and https://review.openstack.org/#/c/146803/ 05:10:39 naohirot: cool, those look targeted for k3 to me 05:10:55 rameshg87: BadCub can help with that, too, now 05:11:10 so starting tomorrow BadCub01_ will be going thru and ensuring everything is insync 05:11:25 NobodyCam: Secure boot support for iLO drivers is also a mergd spec https://review.openstack.org/#/c/135228 05:12:01 stendulker: we reviewed a couple at the meetup and then have been traveling and such 05:12:07 jroll: yes, but those were originally planned in kilo-2 05:12:12 so we'll be jumping into it tomorrow 05:12:34 naohirot: right, we're aware, I think we'll prioritize those 05:12:53 ok thats it for my announcements 05:12:56 NobodyCam: thanks 05:13:02 anyone else have any 05:13:31 ok moving in then 05:13:45 #topic SubTeam: status report (deprecated) 05:13:54 NobodyCam: jroll: I'd like to know the current priority 05:14:32 naohirot: priority for? 05:14:33 NobodyCam: jroll: so that we can schedule tasks in each company 05:14:49 naohirot: I mean, it's a priority for k3 05:14:54 I don't know what to say otherwise 05:15:25 NobodyCam: jroll: current priority of originally planned kilo-2 05:16:00 NobodyCam: such as ATM, non-glance, iRMC Management driver, etc. 05:16:04 naohirot: anything not done should have been bump it k3? 05:16:14 naohirot: right, it's a priority for K3, reviewers are aware of what was bumped to k3 from k2 05:16:22 naohirot: not sure what else I can really say about that 05:16:56 jroll: I'm very afread of happing such kind of bump again in kilo-3 05:16:59 NobodyCam, we need both uefi secure boot and iLo secure boot to complete the secure boot feature. Can you add iLo secure boot to K3? 05:17:48 naohirot: we'll do what we can, we only have so many reviewers and so much time 05:17:51 we'll do our best 05:17:57 wanyen: are the specs landed? 05:18:09 wanyen: I have a +2 on one and will review the other tomorrow 05:18:11 jroll, yes. 05:18:40 wanyen: ok, talk to deva or BadCub tomorrow please 05:18:42 but first are there any questions, on the status we have on hte white board?? 05:19:08 * mrda looks 05:19:30 jroll: I know core team is busy, so I think discussing the review priority in this meeting is important. 05:19:39 (As of Mon, 16 Feb 20:00 UTC) Open: 133 (0). 4 new (-5), 39 in progress (+5), 0 critical, 19 high (+2) and 7 incomplete 05:19:47 naohirot: we're doing what we can :| 05:20:42 jroll: Yes, but I need some information to predict future to report the status to my company :) 05:20:48 ok then moving on 05:20:56 #topic Agenda items 05:21:08 (ramineni) Need Agreement on whether get/set boot mode to be part of ManagementInterface as proposed in the following spec, 05:21:16 ramineni: are you here 05:21:23 NobodyCam: yes 05:21:26 #link https://review.openstack.org/#/c/129529/ 05:21:34 proposed get/set boot mode to be standardized as part of management interface as many drivers would be using it as part of deploy in https://review.openstack.org/#/c/129529/4 05:21:41 naohirot: that's not something I can predict, there's a good chance it will land in K3 assuming reviewers and developers are both responsive to feedback. moving on... 05:21:44 deva has given +1 , but no reviews after that. Not sure if everyone agrees with that 05:22:26 jroll, https://review.openstack.org/#/c/135845/ still need one +2 and ilo secure boot spec already merged. 05:22:31 ramineni: we have been traveling to and from the meetups I expect reviews to pick up here this weel 05:22:35 week even 05:22:44 wanyen: getting off topic... 05:22:50 NobodyCam: thanks 05:23:08 jroll, sure. I ws just try to clarify. 05:23:10 ramineni: these are currently at the driver level? 05:23:50 ramineni: at a glance I'm +1 on this 05:23:53 yes , currently proposed at driver level , would be good if it could be standardized , as every driver needs it 05:24:06 ok, cool 05:24:09 I agree :) 05:24:12 I thou I would say there was some confusion in channel about this and the https://review.openstack.org/#/c/135845/ review 05:24:52 Keep in mind that driver interfaces can't be partially implemented 05:25:08 mmm, true 05:25:33 but drivers that can't do these things could treat set_boot_device('bios') as a noop 05:25:35 So moving those to the mgmt interface means any driver that implements get/set boot mode must also set 05:25:52 Must also define the rest of the interface 05:26:12 yeah, can assume only 'bios' is available if unsupported 05:26:18 raise an exception for everything else 05:28:08 anything else on this topic? 05:28:20 sorry was reading 05:28:28 NobodyCam: I am curious what the difference is 05:28:30 need to read more 05:28:52 I to need to take a closer look 05:28:52 set_(secure_)boot_mode 05:28:54 hm 05:29:19 jroll : you meant between two sepcs .. the latter is for enabling secure boot not boot mode 05:29:59 right 05:30:12 I wonder if those could be the same method 05:30:48 secure boot is only applicable if the machine is in uefi boot mode 05:31:20 jroll: They are independent, in the sense secure boot is property only of uefi boot bode 05:31:21 hmm 05:31:33 jroll: /sbode /mode 05:31:42 right, so there's three options: bios, uefi, uefi_secure, right? 05:31:58 ramineni: I think jroll is suggesting that set boot mode could do "bois" , "uefi" , "uefi Secure" 05:32:04 :0 05:32:05 basically 05:32:26 jroll, only bios or uefi for set_boot_mode, secure boot is seperate 05:32:34 but lest loop back to that one 05:32:46 wanyen: ignoring the actual method name, there's three states it could be in yes? 05:32:56 we have that still to come 05:33:18 let's just talk about that one now/next 05:33:24 since they're somewhat related 05:33:33 jroll, NobodyCam: One cannot set the uefi secure boot mode in a single API call 05:33:39 ok :) 05:33:40 jroll, for kilo only 3 state. In the future, there are more uefi boot options 05:33:54 stendulker: :) 05:33:55 wanyen: like what? 05:33:57 stendulker: why? 05:33:58 #link https://review.openstack.org/#/c/135845/ 05:34:04 jroll, for instance, uefi http boot 05:34:07 jroll, NobodyCam: Current boot mode should be uefi to turn on secure boot 05:34:14 wanyen: so we should make a different method for each of these modes? 05:34:16 yes , but secure boot is one capability which can be set only in uefi boot mode ..not sure if can be merged 05:34:30 stendulker: why couldn't an API call to set secure boot put it in uefi mode first? 05:35:21 I don't see why this couldn't all be one call with many modes 05:35:28 jroll, that's what secure boot does, if secure-boot flavor is present, ten ilo driver will setit to uefi automatically 05:35:29 jroll: yes, you need 2 APi calls to achieve secure boot 05:35:40 jroll: ++ 05:35:45 stendulker: *why* 05:36:10 stendulker: with the code/specs proposed today, that's true. I conjecture that it does not need to be that way 05:36:23 jroll: first to put the node to uefi and then after reboot to turn on the secure boot 05:36:50 stendulker: two calls to the server, sure, but that could be underneath a single ironic API 05:36:59 stendulker: that could still be one API call. PUT /v1/nodes/uuid/boot_mode {'target': 'uefi+secure'} 05:37:01 or something 05:37:22 I tend to think we should consolidate these 05:37:27 stendulker: wait. Why would I have to boot a server *before* I enable secure boot? 05:37:51 get the uefi spec done, then add secure boot spec on top of it to add 'uefi+secure' to set_boot_mode 05:38:11 devanand_ : secure boot could be enable only if the current boot mode is uefi 05:38:15 jroll, we don't have an api for user to turnon secure_boot. secure_boot is turned on by flavor 05:38:56 wanyen: Nova passes information to ironic api to enable secure boot 05:39:13 So yes there is an api 05:39:23 not a cli command maybe 05:39:25 I'm so confused as to why the operator has to do anything to make a node do UEFI or UEFI with secure boot, other than maybe flavors 05:39:51 there shouldn't need to be a REST API to put a node in any boot mode, that should all be automatic 05:40:31 jroll: yes there is no REST API proposed to put to secure boot 05:40:34 deva, waht I meant is that we don't have a standalone api for user to turn on secure_boot. It is enabled as part of the nova boot, which turns into api 05:41:08 and this is all fine 05:41:13 Via the /instance_info/ resource, right? 05:41:32 I think there should be one set_boot_mode in the management interface, that can handle UEFI with or without secure boot 05:41:42 stendulker, I don't think user needs to call set_boot_mode uefi before nova boot with secure boot falvor. right? 05:42:04 wanyen: yes 05:42:36 jroll, basically secure boot can only be enabled by flavor. 05:42:50 ok, that's fine 05:42:51 would like to get to faizan_'s topic so going to time box this at 5 more minutes 05:42:58 wan-yen: Upon getting flavor as secure_boot, in prepare stage, boot mode would be changed to uefi by the driver 05:43:01 there should still be a management interface to set secure boot 05:43:11 and that should be set_boot_mode('uefi+secure') or similar 05:43:16 (imho) 05:43:23 Hmm. Ok, I think I see the problem. A set boot mode endpoint in the api would be duplicating other existing resources 05:43:36 * mrda notes this is an interesting discussion 05:43:36 and in deploy vendor-passthrough, secure boot mode would be enabled on the node 05:44:01 jroll, yes. uefi secure boot mgmt i/f has set_secure_boot_mode to do that 05:44:07 devanand_: I don't see this problem, I think having a "set boot mode" endpoint is a problem 05:44:10 Iiuc, the proposals were to pass this on instance info 05:44:42 jroll: right. That's what I mean. A new REST endpoint fire this *is* a problem 05:44:51 jroll, there is not set_secure_boot_mode end point. The set_secure_boot_mode mgmt i/f is for driver only 05:45:53 wanyen: I understand 05:46:19 by the way, the passing capability flavor to ironic has been extended by Nova to 02/20. 05:46:40 we need to merge the code by 02/20. 05:47:00 ok so to get this wrapped up: does anyone oppose merging set_secure_boot_mode into set_boot_mode? 05:47:20 wanyen: is nova waiting on us for anything? 05:47:39 i think it a good idea 05:47:40 I meant the ffe for passisng capability to ironic instance info has been classified as boderline and need to merge code by 02/20 05:48:04 code has been submitted and reviewed by several ironic core reviewers 05:48:13 should we # vote on it? 05:48:18 but we still need Nova reviewers to approve the code 05:48:36 NobodyCam: I'd rather vote in the review 05:48:39 * jroll makes a review 05:48:48 ack 05:49:18 okay let jump on to: For partition image support in agent driver, submitted the common disk_partitioner code in oslo-incubator as "libironic" 05:49:24 faizan_: thats you 05:49:31 jroll: do you mean set_secure_boot_mode become third or fourth of paramter of set_boot_mode? 05:49:37 #link https://review.openstack.org/#/c/155190/ 05:49:37 should we #topic? 05:49:47 naohirot: I mean make e.g. "uefi+secure" a boot mode 05:49:51 that sets uefi and secure 05:49:51 jroll, I don't think we should merge set secure boot mode to set boot mode 05:49:55 oh I just set a agenda items topic 05:49:58 ........... 05:50:06 wanyen: please express that opinion on the reviw 05:50:09 review, even 05:50:13 is faizan_ here? 05:50:18 jroll: devananda: I wanted to get clarity on where to host this piece of code 05:50:25 set-boot_mode has end poitn but set_ssecure_boot_mode doesn't 05:50:26 ahh 05:50:50 ah, right. 05:50:53 wanyen: lets come back to that in Open Discussion 05:50:59 so we talked about this some with jogo and others at the meetup 05:51:07 we only want it to be enabled via flavor not via a seperate mgmt endpoint. 05:51:09 Also we do not wat the secureboot API to be called except for during deploy 05:51:11 we tend to think putting more things in oslo-incubator is bad 05:51:19 stendulker: wanyen we've moved on 05:51:30 we have 9 minutes 05:51:50 lets move on and come back if theres time 05:51:52 #topic library for disk utils 05:52:05 we talked about this some with jogo and others at the meetup 05:52:06 If everyone is of the opinion of not putting in oslo-incubator, then fine 05:52:12 #topic library for disk utils 05:52:13 we tend to think putting more things in oslo-incubator is bad 05:52:19 @chair devanand_ 05:52:22 gah 05:52:25 Hehe 05:52:26 #chair devanand_ 05:52:27 Current chairs: NobodyCam devanand_ devananda jroll 05:52:36 I don't see any reason why we shouldn't just make this openstack/libironic, openstack/ironic-disk-utils, something like that 05:53:07 Where are these util consumed today? 05:53:18 Ironic, IPA, ...? 05:53:26 this is about disk partitioning stuff, which is currently just ironic 05:53:29 we want it in IPA 05:53:32 #link https://review.openstack.org/#/c/155190/ 05:53:36 yes, only in these two places 05:53:38 that *should* ne it 05:53:43 be* 05:53:44 K 05:54:00 I don't care about names, I care about keeping it out of oslo 05:54:06 Why? 05:54:26 oslo incubator, mostly 05:54:35 jroll, but apart from partitioning library, is there some other ironic functionality that can be shared between ironic and ipa ? 05:54:36 because oslo incubator is weird 05:54:44 rameshg87: it's unclear today, I think 05:54:55 jroll: why? 05:55:06 jroll, if it's a library of one file for now, does it make sense to put it into a separate project of it's own 05:55:41 devanand_: there's too much stuff there, updating sucks, etc 05:55:41 even though put it in oslo.incubator, eventually it will be merged in ironic/IPA under openstack/comm/libironc 05:56:10 Given the current simplicity of this, is the overhead worth it? 05:56:18 devanand_: I hate the concept of oslo-incubator in general, also people are trying to keep it from bloating 05:56:27 I *do* think it should be a library 05:56:45 I tend not to care about where it lives, other than I'd like to keep it out of oslo-incubator 05:56:46 metrics code could be shared between ironic and ipa 05:56:49 Whether Oslo incubator or a separate library project, are we gaining more than it will cost us to maintain? 05:57:01 yes, partiioning is hard 05:57:22 maintaince is my concern 05:57:28 * 3 minutes 05:58:00 Oslo itself would seem a better place then 05:58:06 we know how to maintain a library 05:58:15 Or we do our own library 05:58:40 another reason for keeping it out of oslo-incubator, is that things in oslo-incubator are essentially marked as "unstable" and people are fine with breaking APIs 05:58:53 Well 05:59:09 In this case I think that's accurate 05:59:23 so our own lib? 05:59:42 Or rather guaranteeing q stable api for this, I don't see why that's something we need to do now 05:59:44 what 05:59:48 we already rely on the api 06:00:13 thats officially time 06:00:18 I'm missing something then 06:00:30 can we continue in channel? 06:00:37 yes 06:00:38 Yep 06:00:48 Thank you all 06:01:07 let coninute in channel 06:01:13 @endmeeting 06:01:19 #endmeeting