Wednesday, 2014-02-26

wanyen_	Deva: I want to continue the discussion of ilo driver completion status mechanism. With the mechanism to send the auth token in a floppy image, we need to upload the floppy umage to a web server for iLO to get access to it.	00:05
wanyen_	Will it be okay from security perscpective?	00:06
wanyen_	s/pserscpective/perspective	00:06
NobodyCam	grrr	00:17
NobodyCam	DuplicateOptError: duplicate option: rpc_backend	00:18
NobodyCam	seems celiometer had the same issue	00:19
devananda	wanyen_: what is this webserver?	00:30
*** matsuhashi has joined #openstack-ironic		00:30
devananda	mrda: hi! are you still looking for things to do? :)	00:30
NobodyCam	devananda: got a second to give a quick look over a error?	00:32
devananda	NobodyCam: sure	00:32
NobodyCam	http://paste.openstack.org/show/EGd9ABNGPZNa9gzSddZG/	00:32
devananda	mrda: if so, want to fix this patch up? https://review.openstack.org/#/c/76293/	00:32
NobodyCam	top bit is the test code failing, I have 42 tests that fail all the same way	00:33
mrda	hey devananda, sure. I'm working on +bug/1271317 but I'll take more	00:33
mrda	devananda: I'll take a look, thanks	00:33
devananda	mrda: also, i don't understand this patch of yours: 76094	00:36
devananda	mrda: seems to contradict several other patches we just landed explicitly allowing that field to be viewed and set	00:36
devananda	mrda: oooh. I see.	00:38
mrda	so this allows it to be set, but it is neither mandatory, nor has a default	00:38
mrda	I wasn't sure about Yuriy's comment though	00:38
NobodyCam	brb	00:40
mrda	devananda: do you have a concern with this?	00:40
devananda	mrda: no -- i can confirm lucas' bug is valid and your patch fixes it	00:40
devananda	mrda: also, if you're working on this, it'd be grand if you do two more things	00:41
mrda	sure	00:41
devananda	mrda: 1. remove 'maintenance' from the list of internal_attrs in v1/node.py so that we CAN change it	00:41
devananda	taht should be very simple	00:42
devananda	and then add a helper function in the API to check for the maintenance bit and reject certain [*] requests if it is set	00:43
devananda	[* exactly which ones isn't written down yet]	00:43
mrda	lol, you're not making this easy for me devanada :)	00:44
mrda	Did you want to provide some criteria for this? either as a review comment or in the bug itself?	00:44
wanyen_	[Deva] iLO virtual media requires media location from http or https. Therefore, this is the web server for hosting virtual media images.	00:45
devananda	mrda: i think this is separate from the bug	00:45
devananda	mrda: bug: GET /v1/nodes/ returns maintenance field when it shouldn't. you've got a fix for that -- i'm about to +2 it	00:46
devananda	mrda: making 'maintenance' user-settable: small patch, folks will easily +2 that	00:46
mrda	ok, new patch, gotcha	00:46
devananda	then the work of "make maintenance DO something" can be started in earnest, and other -core folks are likely to dogpile on that too	00:47
mrda	lol, of course. Should be fun.	00:47
devananda	first thing for that would be "dont allow a new deploy to be started if a node is in maintenance"	00:47
* mrda wishes he was in CA next week to have that discussion f2f :(		00:47
devananda	eg, NodeStatesController.provision should chec	00:47
devananda	check maintenance state and return error if it is set	00:48
devananda	and the requested state is not DELETED	00:48
devananda	mrda: oh! and i just found a bug in the API for this, which you'll find quickly too	00:49
devananda	mrda: as soon as I remove 'maintenance' from the internal_attrs list and try to change it, i get	00:49
devananda	Invalid input for field/attribute maintenance. Value: 'True'. Wrong type. Expected '<type 'bool'>', got '<type 'unicode'>'	00:49
devananda	ok - i need to run now :)	00:50
devananda	thanks!	00:50
mrda	thanks devananda!	00:50
devananda	wanyen_: what kind of web server? Ironic doesn't run a separate web server today, so are you introducing a new external dependency? is this part of ilo chassis manager? also - can you raise this on the mailing list and I promise to get back to you later tonight :)	00:51
devananda	wanyen_: also, could you upload it to glance, if it's just a disk image?	00:51
NobodyCam	:) we'll still be on irc	00:55
wanyen_	[Deva] This web server can be a backend store for Glance. Users will upload the virtual media image to the web server and use glance image-create with <--location ulr> to register the image. iLO need access the image via http or https. It does not integrate with Glance.	00:59
wanyen_	[Deva] I meant iLO Iornic driver uses glance to query image info but iLO RIBCL requires image location to be reference via http/https	01:04
*** killer_prince has quit IRC		01:08
*** lazy_prince has joined #openstack-ironic		01:14
* NobodyCam calls it a day... Good night All		01:14
*** lazy_prince is now known as killer_prince		01:14
openstackgerrit	Yongli He proposed a change to openstack/ironic: Remove extraneous vim configuration comments for ironic https://review.openstack.org/73160	01:22
*** rloo has quit IRC		01:25
*** lnxnut has quit IRC		01:33
*** nosnos has joined #openstack-ironic		01:41
*** rongze has joined #openstack-ironic		02:00
openstackgerrit	Haomeng,Wang proposed a change to openstack/ironic: Re-enable lazy translation https://review.openstack.org/74626	02:12
openstackgerrit	Jenkins proposed a change to openstack/ironic: Updated from global requirements https://review.openstack.org/75565	02:32
Haomeng	devananda: ping	02:35
Haomeng	devananda: want to confirm with you about a bug - https://bugs.launchpad.net/ironic/+bug/1284781, I understand we should remove the mandatory fields definnation from API Object, because it is defineds in Obeject JsonPatchType class mandatory_attrs method already, right?	02:38
openstackgerrit	Jenkins proposed a change to openstack/python-ironicclient: Updated from global requirements https://review.openstack.org/75585	02:38
Haomeng	devananda: I left comments in the bug already, check it if you have time, thanks:)	02:46
*** jcooley_ has quit IRC		03:23
*** jcooley_ has joined #openstack-ironic		03:27
*** matsuhashi has quit IRC		03:37
*** harlowja is now known as harlowja_away		03:57
*** jcooley_ has quit IRC		04:27
*** KanagarajM_ has joined #openstack-ironic		04:28
*** matsuhashi has joined #openstack-ironic		04:32
*** ap has joined #openstack-ironic		04:40
*** ap has quit IRC		04:40
*** rongze has quit IRC		04:44
*** rongze has joined #openstack-ironic		04:44
*** rongze has quit IRC		04:49
*** jcooley_ has joined #openstack-ironic		04:55
*** jcooley_ has quit IRC		05:00
*** jcooley_ has joined #openstack-ironic		05:01
*** killer_prince has quit IRC		05:09
*** coolsvap has joined #openstack-ironic		05:11
*** jcooley_ has quit IRC		05:12
*** lazy_prince has joined #openstack-ironic		05:13
*** lazy_prince is now known as killer_prince		05:13
*** rongze has joined #openstack-ironic		05:15
*** rongze_ has joined #openstack-ironic		05:16
*** rongze has quit IRC		05:17
*** jcooley_ has joined #openstack-ironic		05:18
*** killer_prince has quit IRC		05:19
*** rongze_ has quit IRC		05:21
*** jcooley_ has quit IRC		05:21
*** lazy_prince has joined #openstack-ironic		05:28
*** lazy_prince is now known as killer_prince		05:28
*** killer_prince2 has joined #openstack-ironic		05:37
*** killer_prince has quit IRC		05:57
*** lazy_prince has joined #openstack-ironic		05:58
*** lazy_prince is now known as killer_prince		05:58
*** loki_ has joined #openstack-ironic		06:00
openstackgerrit	Jenkins proposed a change to openstack/ironic: Imported Translations from Transifex https://review.openstack.org/71192	06:07
*** vkozhukalov_ has joined #openstack-ironic		06:10
*** rongze has joined #openstack-ironic		06:15
*** vkozhukalov_ has quit IRC		06:16
*** jcooley_ has joined #openstack-ironic		06:19
*** rongze has quit IRC		06:19
*** rongze has joined #openstack-ironic		06:21
*** rwsu has quit IRC		06:27
openstackgerrit	yangxurong proposed a change to openstack/ironic: Fix params order in assertEqual https://review.openstack.org/76077	06:31
*** jcooley_ has quit IRC		06:37
*** saju_m has joined #openstack-ironic		06:50
*** jcooley_ has joined #openstack-ironic		07:15
*** ifarkas has joined #openstack-ironic		07:20
*** rameshg87 has joined #openstack-ironic		07:21
*** jcooley_ has quit IRC		07:21
*** rameshg871 has joined #openstack-ironic		07:31
*** rameshg871 has left #openstack-ironic		07:33
*** rameshg871 has joined #openstack-ironic		07:33
*** rameshg87 has quit IRC		07:34
rameshg871	good morning Haomeng:	07:34
*** xyz__ has joined #openstack-ironic		07:35
*** dshulyak has joined #openstack-ironic		07:39
*** xyz__ has quit IRC		07:39
*** vkozhukalov_ has joined #openstack-ironic		07:48
Haomeng	rameshg871: morning:)	07:52
*** romcheg has joined #openstack-ironic		08:03
*** KanagarajM_ has quit IRC		08:27
*** Kanagaraj has joined #openstack-ironic		08:27
*** rongze has quit IRC		08:34
rameshg871	Haomeng: i just wanted to talk regarding the review comments that you had for https://review.openstack.org/#/c/76144/	08:42
Haomeng	rameshg871: sure	08:43
Haomeng	rameshg871: let me look into it first	08:44
rameshg871	https://review.openstack.org/#/c/76144/1/ironic/drivers/modules/ilo_common.py	08:44
Haomeng	ok	08:44
rameshg871	the error_msg variable doesn't have _() surrounding it, but it is passed to IloLicenseError exception which has i18n enabled	08:45
Haomeng	last two comments	08:45
rameshg871	wouldn't that be fine ?	08:45
rameshg871	yes, last two comments	08:45
Haomeng	ok	08:45
Haomeng	fine	08:45
Haomeng	I will reply you in the patch as inline comments:)	08:45
Haomeng	no worries:)	08:45
Haomeng	:)	08:45
rameshg871	okay :-)	08:46
rameshg871	thanks	08:46
Haomeng	rameshg871: welcome & thanks for your patch:)	08:46
rameshg871	thanks :-)	08:48
*** jistr has joined #openstack-ironic		08:49
Haomeng	rameshg871: one question	08:50
rameshg871	yes Haomeng:	08:50
Haomeng	rameshg871: did you encounter such "tox -evenv -- echo 'done'" issue these days, looks it is not stable to setup the ut env to install test requirements, maybe it is our networking issue:)	08:50
*** killer_prince has quit IRC		08:51
Haomeng	rameshg871: such as - Download error on https://pypi.python.org/simple/pbr/: [Errno 110] Connection timed out -- Some packages may not be found!	08:51
rameshg871	Haomeng: yes, we encounter such issues some times ..	08:51
rameshg871	not everytime ..	08:51
Haomeng	rameshg871: should be networking not stable I think	08:52
Haomeng	rameshg871: need luck:)	08:52
Haomeng	let me try again:)	08:52
rameshg871	some of our machines are behind proxy server, and we were thinking that it was because of the proxy	08:52
Haomeng	yes	08:52
*** rsacharya has quit IRC		08:52
*** rsacharya_ is now known as rsacharya		08:52
*** ndipanov has joined #openstack-ironic		08:53
rameshg871	Haomeng: whenever we have such issue, we go into the virtual environment and make sure that we do "pip install <module>" for all the modules in requirements.txt and test-requirements.txt	08:53
rameshg871	after activating the virtual environment of course :-)	08:53
rameshg871	and then try tox again. it has worked	08:54
*** viktors has joined #openstack-ironic		08:55
Haomeng	rameshg871: ok	08:58
Haomeng	great idea	08:58
Haomeng	install the missing libs by manually:)	08:59
rameshg871	:-)	08:59
Haomeng	:)	08:59
*** aignatov_ is now known as aignatov		09:00
*** lazy_prince has joined #openstack-ironic		09:03
*** lazy_prince is now known as killer_pr		09:03
*** killer_pr is now known as killer_prince		09:03
*** jcooley_ has joined #openstack-ironic		09:03
*** jcooley_ has quit IRC		09:09
*** derekh has joined #openstack-ironic		09:14
*** killer_prince has quit IRC		09:18
*** killer_prince has joined #openstack-ironic		09:19
*** jcooley_ has joined #openstack-ironic		09:20
rameshg871	Haomeng: what time you will be available on the irc usually ?	09:21
*** athomas has quit IRC		09:22
*** pradipta has joined #openstack-ironic		09:25
*** jcooley_ has quit IRC		09:25
*** max_lobur has joined #openstack-ironic		09:28
*** Kanagaraj has quit IRC		09:36
*** athomas has joined #openstack-ironic		09:37
*** martyntaylor has joined #openstack-ironic		09:37
mdurnosvistov	Morning all! :)	09:38
*** lucasagomes has joined #openstack-ironic		09:43
yuriyz	morning Ironic	09:44
*** mdurnosvistov_lt has joined #openstack-ironic		09:44
openstackgerrit	lokesh s proposed a change to openstack/ironic: Ironic deployment docs https://review.openstack.org/74282	09:45
Haomeng	rameshg871: my time is +8	09:48
Haomeng	rameshg871: available from 8am - 10pm:)	09:49
Haomeng	rameshg871: what is your time zone	09:49
Haomeng	rameshg871: now, my local time is around 6pm:)	09:50
*** tatyana has joined #openstack-ironic		09:54
*** mdurnosvistov_lt has quit IRC		09:56
*** viktors has quit IRC		09:57
*** jcooley_ has joined #openstack-ironic		09:59
*** mdurnosvistov_lt has joined #openstack-ironic		09:59
*** jcooley_ has quit IRC		10:06
*** romcheg has quit IRC		10:14
*** mdurnosvistov_lt has quit IRC		10:16
*** mdurnosvistov_lt has joined #openstack-ironic		10:18
openstackgerrit	Michael Davies proposed a change to openstack/ironic: Add option to sync node power state from DB https://review.openstack.org/76293	10:18
*** mdurnosvistov_lt has quit IRC		10:19
mrda	devananda: there's some unit tests added - let me know if you have any feedback :)	10:20
*** mrda is now known as mrda_away		10:21
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Fix race condition when deleting a node https://review.openstack.org/76178	10:21
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Do not delete a Node which is not powered off https://review.openstack.org/76258	10:26
*** aignatov is now known as aignatov_		10:47
*** mdurnosvistov_lt has joined #openstack-ironic		10:53
*** mdurnosvistov_lt has quit IRC		10:53
*** romcheg has joined #openstack-ironic		10:54
rameshg871	Haomeng: my time is +5.30, available from 10am-6pm.	10:56
Haomeng	rameshg871: :)	10:57
rameshg871	good morning mdurnosvistov: yuriyz:	10:57
romcheg	Morningeveryone	10:58
lucasagomes	morning folks :)	10:59
rameshg871	good morning romcheg: lucasagomes:	10:59
*** Xurong has quit IRC		11:12
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Add provision_updated_at to node's resource https://review.openstack.org/76494	11:13
*** pbrooko has joined #openstack-ironic		11:17
*** aignatov_ is now known as aignatov		11:24
openstackgerrit	Shuangtai Tian proposed a change to openstack/ironic: Change the import order in log_hangder https://review.openstack.org/76500	11:24
*** killer_prince2 has quit IRC		11:31
*** rameshg871 has left #openstack-ironic		11:31
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: API: Expose a way to start/stop the console https://review.openstack.org/72998	11:33
*** Alexei_987 has joined #openstack-ironic		11:37
*** matsuhashi has quit IRC		11:46
*** jcooley_ has joined #openstack-ironic		11:48
openstackgerrit	Victor Sergeyev proposed a change to openstack/ironic: WIP: sync oslo.db code https://review.openstack.org/76204	11:53
*** jcooley_ has quit IRC		11:54
*** killer_prince has quit IRC		11:57
*** coolsvap has quit IRC		12:02
*** loki_ has quit IRC		12:05
*** lucasagomes has quit IRC		12:06
*** lucasagomes has joined #openstack-ironic		12:07
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: API: Expose a way to start/stop the console https://review.openstack.org/72998	12:17
*** lazy_prince has joined #openstack-ironic		12:23
*** lazy_prince is now known as killer_prince		12:23
*** lucasagomes is now known as lucas-hungry		12:25
*** zul has joined #openstack-ironic		12:32
openstackgerrit	Fengqian.gao proposed a change to openstack/ironic: Python 3: replace "im_self" by "__self__" https://review.openstack.org/76517	12:35
*** jdob has joined #openstack-ironic		12:44
*** viktors has joined #openstack-ironic		12:45
viktors	lucas-hungry: hello	12:46
openstackgerrit	Victor Sergeyev proposed a change to openstack/ironic: Sync common db code from Oslo https://review.openstack.org/76204	12:49
viktors	lucas-hungry: please see ^	12:50
viktors	lucas-hungry: after lunch I guess :)	12:51
*** killer_prince is now known as lazy_prince		13:05
*** killer_prince has joined #openstack-ironic		13:09
*** lazy_prince has quit IRC		13:09
openstackgerrit	Victor Sergeyev proposed a change to openstack/ironic: WIP: Use oslo.db module (DRAFT) https://review.openstack.org/42159	13:33
openstackgerrit	Victor Sergeyev proposed a change to openstack/ironic: Sync common db code from Oslo https://review.openstack.org/76204	13:33
*** jcooley_ has joined #openstack-ironic		13:36
*** nosnos has quit IRC		13:41
*** zul has quit IRC		13:42
*** rloo has joined #openstack-ironic		13:43
*** zul has joined #openstack-ironic		13:44
*** jistr is now known as jistr\|english		13:44
*** lucas-hungry is now known as lucasagomes		13:48
lucasagomes	viktors, ack :D	13:49
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: API: Expose a way to start/stop the console https://review.openstack.org/72998	13:50
viktors	lucasagomes: oh, you are not hungry now :)	13:53
viktors	lucasagomes: I've made a sync of oslo.db code to ironic. But this sync is not trivial, because we already removed global engine from oslo.db. Can you please take a look at this patch?	13:53
lucasagomes	viktors, sure will do	13:53
viktors	lucasagomes: thanks	13:53
*** jcooley_ has quit IRC		14:16
*** matty_dubs\|gone is now known as matty_dubs		14:23
*** jbjohnso has joined #openstack-ironic		14:35
*** mdurnosvistov_lt has joined #openstack-ironic		14:36
*** mdurnosvistov_lt has quit IRC		14:36
*** jistr\|english is now known as jistr		14:40
*** rameshg87 has joined #openstack-ironic		14:46
*** rameshg87 has quit IRC		14:59
*** saju_m has quit IRC		15:02
*** linggao has joined #openstack-ironic		15:02
NobodyCam	Good Morning Ironic	15:08
romcheg	Morning NobodyCam, lucasagomes and the others!	15:09
NobodyCam	morning romcheg :)	15:09
lucasagomes	morning NobodyCam romcheg :D	15:10
NobodyCam	morning lucasagomes :)	15:12
NobodyCam	lucasagomes: I broke the nova driver tests. but give me a second looks at scroll bac in OOO to see who pinged me lastnight	15:13
*** max_lobur has quit IRC		15:13
lucasagomes	NobodyCam, hey oh I closed my irc client so I don't have the scrollback :(	15:14
lucasagomes	NobodyCam, no worries about the tests, we are going to change a good bit of the code	15:15
lucasagomes	after the changes in Ironic	15:15
NobodyCam	lol ... let me push up what I have	15:15
NobodyCam	i'm getting a reall odd error	15:15
NobodyCam	http://paste.openstack.org/show/EGd9ABNGPZNa9gzSddZG/	15:16
*** jrist_ has quit IRC		15:17
*** jrist_ has joined #openstack-ironic		15:17
*** rwsu has joined #openstack-ironic		15:18
*** max_lobur has joined #openstack-ironic		15:19
*** rameshg87 has joined #openstack-ironic		15:19
lucasagomes	hah lemme see	15:20
lucasagomes	NobodyCam, err what haha	15:20
NobodyCam	just pushed up what I had... I think... still need more coffee	15:21
lucasagomes	off the top of my head idk	15:21
lucasagomes	I gotta take a look to see why it's failing like that	15:21
NobodyCam	ya we dont touch rpc_backend	15:21
lucasagomes	yeah	15:21
lucasagomes	looks a bit unrelated	15:21
NobodyCam	I get 42 of theose errors	15:21
lucasagomes	btw pyghmi coming to fedora: http://pkgs.fedoraproject.org/cgit/python-pyghmi.git/	15:21
lucasagomes	:)	15:21
NobodyCam	I rebsed	15:21
lucasagomes	and ironic is being worked as well :D	15:21
NobodyCam	nice!!!!	15:21
lucasagomes	42!?	15:22
lucasagomes	jeez, yeah... it's not something in ur venv?	15:22
lucasagomes	did you rebuild it?	15:22
NobodyCam	yea	15:24
NobodyCam	watching zuul right now	15:25
lucasagomes	ack	15:25
NobodyCam	found this: (which scared me): http://lists.openstack.org/pipermail/openstack-dev/2013-February/005865.html	15:25
NobodyCam	see the fix attached to https://bugs.launchpad.net/ceilometer/+bug/1130952	15:26
lucasagomes	hmm	15:27
NobodyCam	brb morning walies	15:27
romcheg	Have to go to my Spanish class	15:30
romcheg	Will be later	15:30
romcheg	davidlenwell: ^	15:30
davidlenwell	k	15:30
davidlenwell	hasta la vista	15:31
romcheg	davidlenwell: (: Tengo que correr. Adios :)	15:31
davidlenwell	a qué hora va a regresar?	15:32
NobodyCam	oh it to early to do that to :-p	15:32
NobodyCam	morning davidlenwell :)	15:32
lucasagomes	:P I have a pretty rusty spanish	15:33
davidlenwell	morning NobodyCam	15:33
davidlenwell	I suck at it too .. but I've been helping my girlfriend study for her spanish class	15:33
romcheg	davidlenwell: voy a volver en dos horas	15:33
davidlenwell	bueno	15:33
lucasagomes	coming back in 2 hours	15:33
lucasagomes	:D	15:33
davidlenwell	si	15:34
NobodyCam	lucasagomes: lol seems I also have some pep9 issues in nova driver : ./nova/tests/virt/ironic/test_driver.py:232:68: E502 the backslash is redundant between brackets	15:34
NobodyCam	doh	15:34
romcheg	davidlenwell: I have the same story about my girlfriend and her piano classes :)	15:34
lucasagomes	heh my mother language is portuguese so I can understand a couple of things in spanish but I don't speak it at all	15:34
lucasagomes	NobodyCam, hah	15:35
lucasagomes	NobodyCam, that's an easy one	15:35
NobodyCam	:)	15:35
matty_dubs	lucasagomes: Portuguese always confuses me, because it _looks_ like Spanish, except everything is different	15:35
*** romcheg has quit IRC		15:36
openstackgerrit	Imre Farkas proposed a change to openstack/ironic: Add support for custom libvirt uri https://review.openstack.org/74062	15:39
*** aignatov is now known as aignatov_		15:41
lucasagomes	matty_dubs, lol	15:42
lucasagomes	matty_dubs, yeah, it's very similar	15:42
lucasagomes	but as u said, some words are the same but the meaning is complete different	15:43
*** lnxnut has joined #openstack-ironic		15:44
*** romcheg has joined #openstack-ironic		15:53
*** rloo_ has joined #openstack-ironic		15:53
*** rloo has quit IRC		15:53
*** rloo_ has quit IRC		15:54
*** rloo has joined #openstack-ironic		15:55
*** jrist_ is now known as jrist		15:55
*** max_lobur has quit IRC		15:56
davidlenwell	As soon as I finish installing ubuntu on my boot node.. I have a real 4 node cluster w/ipmi to work with!	15:59
davidlenwell	it was already done with 13.04 but I did a do-release-upgrade that hosed it somehow.. so im just starting it over from scratch	16:00
romcheg	Gah! Confused the time.	16:01
davidlenwell	so no class?	16:02
romcheg	davidlenwell: No, I'm awailable now	16:02
romcheg	It will be later, so we can have a chat, if you have time	16:02
davidlenwell	give me a minute to start this installation of ubuntu	16:03
romcheg	np	16:05
*** dtalton has joined #openstack-ironic		16:06
*** dtalton has left #openstack-ironic		16:07
davidlenwell	romcheg: Can you please link me to your review again too ?	16:07
openstackgerrit	Imre Farkas proposed a change to openstack/ironic: Add support for custom libvirt uri https://review.openstack.org/74062	16:07
*** rameshg87 has quit IRC		16:08
*** romcheg has quit IRC		16:09
*** romcheg2 has joined #openstack-ironic		16:11
romcheg2	davidlenwell: https://review.openstack.org/#/c/75894/	16:11
romcheg2	davidlenwell: We can set up a g+/skype call if you want	16:11
davidlenwell	I've stopped doing skype since they're owned by ms	16:12
romcheg2	g+?	16:12
davidlenwell	sure	16:12
davidlenwell	dlenwell@gmail	16:12
*** dshulyak has quit IRC		16:13
romcheg2	davidlenwell: I've sent you an invite	16:22
davidlenwell	really?	16:23
davidlenwell	to dlenwell@gmail.com? I have to recieved one	16:23
NobodyCam	lucasagomes: ok seems it mush have been something on my mac. tests seem to be passing for Mr J	16:26
*** jcooley_ has joined #openstack-ironic		16:31
*** rloo has quit IRC		16:32
*** ifarkas has quit IRC		16:32
*** rloo has joined #openstack-ironic		16:32
*** datajerk has quit IRC		16:33
*** rsacharya has left #openstack-ironic		16:37
*** aignatov_ is now known as aignatov		16:38
*** aignatov is now known as aignatov_		16:41
shortstop	Warning: Review Nag :-p - Could I please get reviews on 73054? It'd be great to get some comments since I'd be able to incorporate any remaining changes sooner.	16:42
NobodyCam	:)	16:43
*** rloo has quit IRC		16:49
*** rloo has joined #openstack-ironic		16:49
*** coolsvap has joined #openstack-ironic		16:56
*** rloo has quit IRC		16:57
*** jistr has quit IRC		16:57
*** yuriyz has quit IRC		16:58
*** rloo has joined #openstack-ironic		16:58
NobodyCam	shortstop: reviewed	16:59
shortstop	NobodyCam, awesome, thanks :)	17:00
*** killer_prince is now known as lazy_prince		17:01
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: PXE clean_up() to remove the pxe_deploy_key parameter https://review.openstack.org/71879	17:05
*** saju_m has joined #openstack-ironic		17:06
*** tatyana has quit IRC		17:08
*** lazy_prince is now known as killer_prince		17:08
NobodyCam	bbt brb	17:12
*** coolsvap has quit IRC		17:25
*** coolsvap has joined #openstack-ironic		17:25
*** vkozhukalov_ has quit IRC		17:32
*** coolsvap has quit IRC		17:34
NobodyCam	lucasagomes: nova driver patches rebased and pushd up with some other work too	17:35
lucasagomes	NobodyCam, w00t	17:35
lucasagomes	I will take a look later	17:35
*** coolsvap has joined #openstack-ironic		17:35
NobodyCam	walkies time bbiafm	17:35
NobodyCam	:)	17:35
*** Alexei_987 has quit IRC		17:37
*** datajerk has joined #openstack-ironic		17:39
NobodyCam	gah nova.conf.sample is not up to date.	17:48
NobodyCam	:-p	17:48
NobodyCam	fixing volume driver	17:48
*** matty_dubs is now known as matty_dubs\|lunch		17:49
*** jcooley_ has quit IRC		17:52
*** jcooley_ has joined #openstack-ironic		17:56
*** datajerk has quit IRC		17:58
lucasagomes	NobodyCam, hah	17:59
lucasagomes	NobodyCam, btw, we should allow the power state operations in a node which is in maintenancement mode right?	17:59
NobodyCam	lucasagomes: I think as a operator I would want that	18:00
lucasagomes	NobodyCam, ack	18:00
*** jcooley_ has quit IRC		18:01
devananda	good morning, all	18:01
NobodyCam	Good morning devananda :)	18:02
lucasagomes	morning devananda	18:02
* devananda reads scrollback		18:03
* NobodyCam watches tox rebuild his test venv :-p		18:03
devananda	lucasagomes: awesome to see pyghmi & ironic coming to fedora!	18:04
lucasagomes	devananda, yeah, ironic still under review	18:05
devananda	lucasagomes: review?	18:05
lucasagomes	I already pushed pyghmi to the testing repository	18:05
lucasagomes	devananda, yeah package review	18:05
lucasagomes	to check the spec file, see if it builds etc	18:05
devananda	ahh	18:06
*** killer_prince has quit IRC		18:06
lucasagomes	devananda, e.g https://bugzilla.redhat.com/show_bug.cgi?id=1067445	18:06
devananda	jbjohnso: ^^	18:08
*** lazy_prince has joined #openstack-ironic		18:11
*** lazy_prince is now known as killer_prince		18:12
devananda	NobodyCam: you see https://etherpad.openstack.org/p/iLODriverIronicDevstack ?	18:12
* NobodyCam clicks		18:12
NobodyCam	devananda: I need to wrap my head around the web server image stuff	18:16
devananda	NobodyCam: yea, that's a no-go IMO	18:16
devananda	they should be using glance	18:16
*** jcooley_ has joined #openstack-ironic		18:20
*** derekh has quit IRC		18:21
*** killer_prince has quit IRC		18:27
*** killer_prince has joined #openstack-ironic		18:28
openstackgerrit	Lucas Alvares Gomes proposed a change to openstack/ironic: Allow client to set the maintenance mode https://review.openstack.org/76614	18:29
lucasagomes	total wip ^	18:29
lucasagomes	I'll have to run now	18:29
lucasagomes	have a good night devananda NobodyCam others :)	18:29
NobodyCam	devananda: do you know if iLo supports other then http(s) connections?	18:29
NobodyCam	night lucasagomes :)	18:29
*** rameshg87 has joined #openstack-ironic		18:30
NobodyCam	ha /me click the ask It button on his corp windowws image :-p	18:31
*** harlowja_away is now known as harlowja		18:34
*** saju_m has quit IRC		18:35
*** rameshg87 has quit IRC		18:35
*** matty_dubs\|lunch is now known as matty_dubs		18:38
*** ndipanov has quit IRC		18:39
*** lucasagomes has quit IRC		18:40
*** athomas has quit IRC		18:40
wanyen_	[nobodycam] ilo virtual meida only support http/https	18:43
NobodyCam	wanyen_: ahh	18:43
NobodyCam	it cann't pull tftp ?	18:44
devananda	wanyen_: hi! glance uses HTTP(S). Why do you need to put the ISO on a separate web server?	18:44
wanyen_	[deva] this web server can be a backend store for glance but ilo needs to use http directly not glance api	18:45
*** ndipanov has joined #openstack-ironic		18:45
*** aignatov_ is now known as aignatov		18:46
devananda	wanyen_: so the normal work flow is that a user will select an image from glance and issue a request to nova, eg, "nova boot --image some-image-name --flavor some-baremetal-flavor my-instance-name"	18:47
wanyen_	u[deva] users will post virtual media image to the web server and then register the image using glance image-create --location ,http url. to register the image	18:47
* NobodyCam wounders if it would be to hackish to add apahe like interface to vender_passthrough so iLo could request media thru it		18:48
wanyen_	the ilo driver will query glance for image info to get the http url and then pass that url to ilo RIBCL	18:49
devananda	wanyen_: http://docs.openstack.org/developer/glance/glanceapi.html#retrieve-raw-image-data	18:49
*** ndipanov has quit IRC		18:49
devananda	wanyen_: I dont understand why there is a need to use a _separate_ web server for the ISO when glance already supports fetching an image directly via http(s)	18:50
wanyen_	[deva] if user configure web server as a backend store for glance then they don't need to use a seperate web server. However, if user configure swift for backend store then they would need a a seperate web server	18:51
devananda	wanyen_: ilo does not need to implement all of the glance API, just needs to be able to authenticate with glance -- or the image needs to be public	18:52
wanyen_	Proliant ilo does not understand/support glance authentication	18:53
*** rameshg87 has joined #openstack-ironic		18:53
wanyen_	ilo virtual media driver will use glance to retrieve image info based on the image id and get the http url from glance. So iLo virtualmedia driver is using glance but Proliant ilo needs to use http directly	18:54
wanyen_	,deva. The web server requiremnt is only for user using ilo virtual media driver. It is not required if users use ironic pxe driver.	18:58
* NobodyCam steps away from keyboard (prob ~30 minutes).		19:03
devananda	wanyen_: does proliant ilo support http authentication with the webserver?	19:05
rameshg87	devananda: yes, it supports basic authentication where it can provide a username and password to the webserver	19:05
wanyen_	<deva> yes. I believe so. Ramesh can you fill in teh detail?	19:05
openstackgerrit	Victor Sergeyev proposed a change to openstack/ironic: Sync common db code from Oslo https://review.openstack.org/76204	19:06
wanyen_	deva, since user register their image to glance, the normal nova boot flow will work	19:07
rameshg87	yes wanyen_: , proliant ilo supports basic authentication with the web server	19:08
devananda	wanyen_: the external dependency on a web server to provide images is what troubles me, since openstack already has a mechanism for this (glance) and you are duplicating that	19:08
wanyen_	The only difference is that prolinst ilo does not download image from glance, it uses http/https to retrieve images	19:08
devananda	wanyen_: glance serves images over http/s already	19:09
wanyen_	yes. if user configure web server as glance backend store then no addition web server is needed.	19:10
devananda	eg, for my local devstack, i can fetch an image like this	19:10
devananda	$ curl http://192.168.122.81:9292/v1/images/3def324c-8feb-4a83-b7b9-f4b2c26a3201 2>/dev/null \| wc -c	19:10
devananda	3714968	19:10
devananda	there's no separate web server here -- glance-api streams the images over HTTP	19:10
rameshg87	devananda: doesn't glance require authentication for retrieving the image ?	19:11
devananda	all i have done is disable keystone auth in glance as a quick proof of concept	19:11
devananda	rameshg87: yes, but that can be either disabled or modified	19:11
devananda	rameshg87: is it impossible for iLO to send X-Auth-Token header, if the token is supplied for you?	19:12
rameshg87	devananda: yes, iLO can't send X-Auth-Token	19:12
devananda	ok	19:12
jroll	if you use the swift backend for glance, you can generate a temporary http url that does not require auth	19:13
wanyen_	deva, ProLiant ilo does not understand glance and therefore cannot do the glance authentication.	19:13
devananda	jroll: yep, that was what I was about to test & suggest	19:13
rameshg87	jroll: i read about this. is this by swift-proxy-server ?	19:13
jroll	:)	19:13
jroll	rameshg87: let me find a link	19:13
devananda	jroll: thanks :)	19:14
openstackgerrit	Victor Sergeyev proposed a change to openstack/ironic: Sync common db code from Oslo https://review.openstack.org/76204	19:14
devananda	I think it's keystone v3 signed url stuff?	19:14
devananda	I was just talking about this with lifeless yesterday	19:14
jroll	rameshg87: https://swiftstack.com/docs/admin/middleware/tempurl.html	19:14
rameshg87	jroll: thanks	19:16
jroll	rameshg87: http://torgomatic.us/blog/2013/05/08/an-introduction-to-tempurl-in-openstack-swift/ might also be helpful	19:16
jroll	no problem :)	19:16
lifeless	devananda: yes, heat depends on keystone V3 now, we had to upgrade our keystone on the cd-undercloud to keep it working, because it has this feature you need :)	19:17
rameshg87	so devananda: , in such a setup the glance can use backing store for images as swift, right ? and ilodriver can get a temporary url for the object stored in swift, am i correct ?	19:21
devananda	rameshg87: I believe so, yes	19:21
jroll	rameshg87: that's correct	19:21
devananda	rameshg87: and since you are also now making a POST back to Ironic API to signal completion, instead of writing to a status file on the floppy	19:21
devananda	rameshg87: you could upload the floppy image to glance and use a tempurl for that as well (and of course, delete it when done just the same)	19:22
devananda	rameshg87: then there should be no dependency on a separate external web server	19:22
rameshg87	devananda: yes, i think we can do so if the tempurl works...	19:22
devananda	great :)	19:22
wanyen_	deva; ther are other glance backend store such as file, cinder, ...etc	19:23
wanyen_	does tempurl also works for those backend stores?	19:23
devananda	jroll: ^ ?	19:24
jroll	I have no idea	19:26
jroll	I would guess no - I think it's a feature of swift	19:26
*** vkozhukalov_ has joined #openstack-ironic		19:26
jroll	wanyen_: ^	19:27
wanyen_	so if users uses web server and swift as backend stores then the virtual meida image can be host there. However,if user uses file or cinder as backend store then virtual media images will still need to be hosted in a web server	19:28
jroll	right, but I think you can just document that as a dependency of the driver and move on :)	19:29
wanyen_	sound fine.	19:30
devananda	++	19:30
rameshg87	devananda: wanyen_: jroll: one question	19:30
rameshg87	assume if we decide to tempurl mechanism, and use glance with swift for storing the images, the customers would still think okay to setup swift for using the features of the ilo driver, right ?	19:32
*** martyntaylor has left #openstack-ironic		19:32
wanyen_	[ramesh] I think we should allow users to use either swift or web servers as backend store for virtual media images	19:33
devananda	wanyen_: i would strongly prefer the iLO driver have a dependency on existing openstack components (eg, glance and swift) than to add a new external dependency which duplicates existing functionality.	19:34
wanyen_	glance allows web servers as backend store so it's not duplicating or introducting new dependency	19:35
devananda	rameshg87, wanyen_ - if a customer is not concerned about security (eg, simple http auth is OK) because this is on a trusted private network, then they can use glance with auth disabled -- this is still better than adding a new external dependency	19:35
devananda	wanyen_: so there are three possible ways: glance by itself with no auth, glance with webserver with simple auth, glance with swift and signed urls.	19:37
devananda	this seems fine to me -- but saying that it only supports glance with a webserver is not OK, since taht is not how most deployments of glance are set up	19:37
wanyen_	deva: agree. i would like ilo virtual media driver to work as many backend stores as possible,	19:38
*** coolsvap1 has joined #openstack-ironic		19:38
wanyen_	s/work/work with/	19:38
rameshg87	devananda: i had one more question. generally for ironic, are the baremetal node's management console's setup as part of the private provisioning network ?	19:40
rameshg87	devananda: the reason is for ilo virtual media driver, the iLO and glance/swift need to be in the same network to retrieve the image. (as opposed to the pxe mechanism where the image is downloaded via the server's NIC)	19:41
wanyen_	ramesh, do you want to discuss loading auth token in floppy image and upload to glance?	19:41
*** pradipta` has joined #openstack-ironic		19:41
*** vkozhukalov_ has quit IRC		19:41
rameshg87	yes wanyen_:, i think we could discuss that as well.	19:42
devananda	rameshg87: generally speaking, data centers have a lot of incentive to physically isolate the BMC / management network from the data network	19:42
devananda	rameshg87: security is a very big reason for that separation. also, often the management network is slower (eg 1Gbit) rather than 10+	19:43
devananda	rameshg87: pulling anything that contains secure data (eg, the keys contained on the floppy) should happen over the mgmt network	19:43
rameshg87	devananda: but the virtual media solution is currently supported to pull the OS image also over the management network	19:44
devananda	rameshg87: ideally, the OS image would be pulled over the data network and then its signature verified (using the keys transferred over the mgmt network and/or keys embedded in the host)	19:44
rameshg87	devananda: typo, i meant "currently supposed to pull"	19:45
devananda	rameshg87: yes, i understand that. just saying what I think would be best :)	19:45
*** dhellmann is now known as dhellmann_		19:45
devananda	rameshg87: I think it's OK, but let me enumerate my concerns	19:45
* NobodyCam is back		19:45
jbjohnso	devananda, man I'm slow to look at my chat	19:45
rameshg87	devananda: okay	19:45
devananda	* slower network, leads to more network congestion / longer deploys	19:46
jbjohnso	woo.. I can see things	19:46
jbjohnso	devananda, fyi, I made secure deployment payload with everything needed to establish trust for esxi and Linux, the footprint was about 800-ish kilobytes	19:47
*** coolsvap has quit IRC		19:47
*** pradipta has quit IRC		19:47
*** agordeev has quit IRC		19:47
rameshg87	devananda: okay. if at all we put the management and data network in the same subnet (the internal trusted n/w), do you see anything hindering from using ironic features (just asking because it was against the expectation)	19:48
jbjohnso	devananda, this included an iPXE build with https support (I patched it to have a entropy provider in EFI mode), a client certificate and the certificate chain for the deployment manager	19:48
devananda	rameshg87: you do not want the tenants to have access to the mgmt network after provisioning	19:48
devananda	rameshg87: well - i'm assuming you dont	19:48
*** vkozhukalov has joined #openstack-ironic		19:48
rameshg87	devananda: i meant ironic features like remote console, etc. i know it depends on implementation, but just a question	19:49
rameshg87	devananda: okay	19:49
jbjohnso	devananda, well, there is another sticky problem. If you are a tenant getting baremetal after another tenant has had it, there is almost certainly the capacity for a rootkit to have been injected	19:49
devananda	rameshg87: so you need SDN-capable switch to prevent a tenant from accessing the mgmt network, interfering with other deploys, etc	19:49
devananda	jbjohnso: of course	19:49
rameshg87	devananda: okay	19:49
devananda	jbjohnso: but that's a separate vector from "tenant has access to other tenant's BMC"	19:50
rameshg87	devananda: won't keep you bugging for long :-); just one more thing that wanyen_: and myself wanted to discuss	19:50
jbjohnso	devananda, I didn't get to show you what I'm trying to open source, consider it a 'proxy' for consoles (text only, but who needs video)	19:50
devananda	rameshg87: console access via ipmitool / ipminative drivers works by SOL connection to the BMC. so it should be unaffected by whether or not other services (eg glance) are exposed on the control network	19:51
rameshg87	devananda: okay	19:51
rameshg87	devananda: so currently ilo driver, during deployment, takes the token, puts it into floppy image and (as per our new solution) uploads it to glance or swift for the deployment	19:52
rameshg87	devananda: do you see any security concerns in doing so ? i mean putting the token temporarily on an external place	19:53
jbjohnso	question, is that all you are putting in via remot emedia? Some credential, or actually bootstrapping the whole shebang?	19:53
devananda	jbjohnso: see https://etherpad.openstack.org/p/iLODriverIronicDevstack	19:53
devananda	jbjohnso: your answers await there :)	19:54
jbjohnso	devananda, ok, fyi, my solution for that in our world was to use a floppy sized image uploaded to the service processor for he whole shebang	19:54
*** morgabra has quit IRC		19:54
devananda	rameshg87: yea, that's less than ideal. but the same issue applied when you were uploading the floppy to a separate webserver	19:55
jbjohnso	devananda, I suspect remote on-thy-fly access was because the iso's being constructed were too big	19:55
devananda	rameshg87: the PXE driver is passing the token via TFTP right now, which is also less than ideal -- it's unencrypted and on the data network, not the control network	19:55
*** linggao_ has joined #openstack-ironic		19:56
*** athomas has joined #openstack-ironic		19:57
devananda	rameshg87: I think if you clearly document that the glance store should be secured because it will be accessible from the control plane AND hosting temporary secure tokens (both signed URL and keystone token), then it is OK.	19:57
*** morgabra has joined #openstack-ironic		19:57
devananda	rameshg87: in early Juno, I would like Ironic to get signed / temp url support as well, so then there will be no need to pass a token	19:57
*** romcheg has joined #openstack-ironic		19:58
*** agordeev has joined #openstack-ironic		19:58
*** dkehn__ has joined #openstack-ironic		19:58
*** romcheg has quit IRC		19:59
*** agordeev has quit IRC		19:59
*** aignatov2 has joined #openstack-ironic		19:59
NobodyCam	humm somehow I broke the libvirt tests with our volume driver.	19:59
* NobodyCam looks to see why		19:59
rameshg87	devananda: okay	19:59
*** jbjohnso_ has joined #openstack-ironic		20:01
*** aignatov has quit IRC		20:01
*** romcheg2 has quit IRC		20:01
*** linggao has quit IRC		20:01
*** jbjohnso has quit IRC		20:01
*** jdob has quit IRC		20:01
*** jrist has quit IRC		20:01
*** dkehn_ has quit IRC		20:01
jbjohnso_	boy, IRC server decided I should really shut up..	20:01
*** aignatov2 is now known as aignatov		20:01
*** jdob_ has joined #openstack-ironic		20:01
NobodyCam	jbjohnso_: where you netsplit	20:01
JoshNang_	devananda: I can help with the swift/glance temp url stuff when we get there. I just implemented it a couple weeks ago for something similar	20:02
*** jrist has joined #openstack-ironic		20:02
jbjohnso_	devananda, don't know how far my prattling got, but I'll shut up about it unless asked more about it.. .it's really in my mind a very tidy way of addressing this issue	20:03
*** martyntaylor1 has joined #openstack-ironic		20:04
*** romcheg has joined #openstack-ironic		20:05
*** agordeev has joined #openstack-ironic		20:05
devananda	JoshNang_: awesome - it sounds like rameshg87 is looking to add support for swift tempurls to their iLO driver now	20:05
devananda	JoshNang_: and I would like ironic to be able to provide tempurls for deploy agents to POST data back to Ironic	20:06
devananda	rameshg87: if you're interested, i believe jbjohnso_ has implemented a similar system to what you are doing (passing secure tokens via the virtual media channel) and he probably has some good lessons-learned that he might share with you :)	20:07
jbjohnso_	right, the biggest thing was getting to under 800 kilobytes for a firmware https capable downloader, client cert, and CA	20:08
rameshg87	JoshNang_: great. thanks for the offer. it would be helpful to us	20:08
JoshNang_	rameshg87: if you run into any issues or want a hand with temp urls, i'd love to help. I'm in a conference this week, but I can find some time to help. Otherwise, I'll be at the meetup next week as well.	20:08
NobodyCam	:)	20:09
*** dkehn__ is now known as dkehn_		20:09
rameshg87	JoshNang_: thanks. did you mean you have already implemented and submitted some change which uses temp urls	20:09
rameshg87	JoshNang_: if so, sharing the change you have made would be ideal to us.	20:10
JoshNang_	devananda: what's the benefit of tempurls to post back to for deploy agents? i probably just missed the discussion on it.	20:10
JoshNang_	rameshg87: it was for a different project unfortunately	20:11
devananda	JoshNang_: both PXE and iLO driver will signal to /v1/{NODE}/vendor_passthru/ when the deploy is complete	20:11
JoshNang_	devananda: ooo gotcha. didn't realize that's what you meant. that definitely makes sense.	20:12
devananda	JoshNang_: this requires authentication, of course. it's best if we could only grant access to a specific URL by the deploy agent (and even better if we can revoke it when complete / timed out)	20:12
JoshNang_	rameshg87: i'll gist the relevant code, one sec.	20:13
JoshNang_	devananda: makes sense. are you thinking something like sending a token when the deploy agent starts and the deploy agent posting back with that key?	20:15
devananda	JoshNang_: that's what we do today	20:15
devananda	JoshNang_: keystone token is less than ideal, however, because it grants global access to what ever taht user can do (in this case, it must be an admin user)	20:16
wanyen_	[deva] do we allow bug fixes after 03/06?	20:16
devananda	JoshNang_: AIUI, ironic needs keystone v3 support to be able to control per-resource access	20:17
devananda	wanyen_: yes. that time should be used for documentation, increasing test coverage, and fixing bugs	20:17
*** morgabra has quit IRC		20:17
*** morgabra has joined #openstack-ironic		20:18
* NobodyCam makes a bagel		20:18
JoshNang_	rameshg87: https://gist.github.com/pcsforeducation/9237670 so this is what we used. it worked in some limited testing	20:21
rameshg87	JoshNang_: thanks. :-)	20:22
JoshNang_	devananda: ok. will ironic not support keystone v2 and below then? or just use the less secure keystone token passing?	20:23
JoshNang_	rameshg87: no problem!	20:24
rameshg87	devananda: we were just putting together the alternatives. it just seems like one of the alternatives that we had discussed "glance with http backing store" wouldn't work because http backing store doesn't support adding images. it just supports retrieval of images.	20:24
rameshg87	devananda: so we would be left with only 2 - glance w/o authentication, glance + swift temp urls	20:25
wanyen_	[deva] ramesh just checked that glance web-server back-end store only supports image download but not image upload. We would like to allow users to use web server to host virtual media images as users of the virtual meida already have the web server set up to host the images for virtual media in their environment.	20:25
devananda	JoshNang_: is there a good reason to keep support of v2 after we add keystone v3?	20:25
JoshNang_	devananda: i haven't looked into keystone enough to know	20:26
devananda	JoshNang_: nor have I yet. something to discuss at the summit :)	20:27
NobodyCam	devananda: I can see operators wanting to test with their current infrastructure which may not have v3?	20:27
JoshNang_	devananda: haha at least I have something to read up on on the flight home	20:27
devananda	if we add keystone v3 support to improve security around deploys, and someone wants to test ironic without that, i think it's fair that they must do something explicit to do that	20:29
devananda	falling back to a less secure mode automatically doesn't seem appropriate	20:30
NobodyCam	devananda: like setting conf var to v2 Vs. v3?	20:30
NobodyCam	yes I agree no fallback	20:31
wanyen_	[deva] the ilo virtual media driver will support swift with temp url but I believe it would be beneficial to users if we give them an option to upload iamge to a web server as they desire	20:31
*** morgabra has quit IRC		20:32
wanyen_	users will still register their image to glance after they upload it to webserver	20:32
jroll	devananda: +1	20:32
*** morgabra has joined #openstack-ironic		20:33
devananda	wanyen_: sure. so if a deployer chooses to deploy glance-backed-by-webserver, and also chooses to expose that webserver to users to allow them to upload images, I think that's their prerogative, though I also think it's unnecessary :)	20:33
devananda	wanyen_: but that can't be the only supported mechanism. I feel that the iLO driver must support working within the core components of openstack (eg, glance and swift/cinder/file)	20:36
devananda	wanyen_: integration with the core components should be the default and tested approach. deployer may vary from that, that is their choice, but it should not be the reference	20:37
*** martyntaylor1 has left #openstack-ironic		20:38
wanyen_	deva, yes i agree but I want to keep the webserver as backend store open. If user choose web server as backend store then ilo driver will need to upload floppy image to web server directly. For Swift backend, ilo driver willuse glance api to upload floppy image.	20:38
*** dhellmann_ is now known as dhellmann		20:39
jroll	maybe create that as a separate driver on top of the ilo driver and ship it separately from ironic	20:39
jroll	just override only the "get image" bit	20:40
*** romcheg has left #openstack-ironic		20:42
NobodyCam	jroll: that seems like a support nightmare	20:42
NobodyCam	:-p	20:43
jroll	NobodyCam: why?	20:43
NobodyCam	users would forget that step and call in why is this not working	20:43
jroll	maybe	20:44
wanyen_	The whole reason to submit ilo driver upstream is to allow deployers to have access directly without the need to contact vendors. I really would like to have it all on Ironic	20:44
*** max_lobur has joined #openstack-ironic		20:48
NobodyCam	grrr I am not getting the same failures	20:49
devananda	wanyen_: an alternative -- what if the OS image and floppy images were stored in separate places	20:49
devananda	wanyen_: eg, OS image is in glance (whether file, swift, or webserver backed)	20:49
wanyen_	is this acceptable- If user chooses web server as backend store then ilo driver will upload floppy image to web server directly. For Swift backend, ilo driver willuse glance api to upload floppy image.	20:50
devananda	wanyen_: and the floppy image is served directly from the conductor	20:50
devananda	wanyen_: this also addresses rameshg87's concern about uploading the floppy (containing a keystone token) to glance -- which is a valid concern.	20:51
devananda	wanyen_: such security issues are significantly mitigated if the key transfer happens directly from teh conductor to the proliant iLO	20:52
wanyen_	floppy iamge is built in ilo driver if that what you meant by served directly from conductor	20:53
devananda	wanyen_: right now, floppy image is build by the ilo driver on the iornic-conductor, but it is then uploaded somewhere else (web server, glance, etc) before being downloaded via HTTP by the proliant BMC	20:53
devananda	wanyen_: i'm suggesting that it doesn't need to be uploaded at all -- the ironic-conductor process already must have access to the control network, and could serve the floppy image directly to the BMC	20:54
devananda	or more specifically	20:54
devananda	the ilo driver could manage a local process which serves that image	20:54
devananda	the way that the PXE driver manages tftpd to serve kernel/ramdisk/token sets during a PXE deploy	20:55
wanyen_	deva: the problem is that ilo can only access floppy image via http	20:57
rameshg87	devananda: but then, since proliant BMC knows only virtual media over http, it should be a web-server on the ironic conductor node that serves the image. atleast a sort of minimal webserver that runs on the conductor node	20:57
devananda	rameshg87: exactly	20:58
wanyen_	sounds good	20:59
rameshg87	devananda: but even though the webserver is not external to the conductor node, it would still require the customer to setup and enable that http server on the conductor node; just like they would enable tftp on the conductor node for pxe i guess	21:00
rameshg87	devananda: this could be used only for uploading the temporary floppy images	21:01
NobodyCam	devananda: rameshg87 would somehting like starting a wisgi process per deploy work?	21:05
NobodyCam	I really would like the users to not have to setup anyting external.	21:05
rameshg87	NobodyCam: i guess that's a good idea. i think you meant something like this: https://code.google.com/p/wsgi-fileserver/	21:10
rameshg87	am i correct ?	21:10
NobodyCam	basicly... our api is running in a wisgi process (unless you've setup apache)	21:11
devananda	NobodyCam: this is regarding the conductor though, not the API	21:11
NobodyCam	it is basicly just a small foot print web server	21:11
devananda	NobodyCam: analogous to the tftpd process which deployers must start today on conductor nodes	21:11
*** aignatov is now known as aignatov_		21:12
NobodyCam	devananda: ya. but what if conductor spun up a wigi process only for the deploy then kills it after the deploy	21:12
devananda	so either the deployer would start a minimal webserver and set the file path as a CONF option, just like we do with the PXE driver	21:13
lifeless	wanyen_: rameshg87: So I'm curious, what advantage does iLO have over the PXE method then ?	21:13
lifeless	wanyen_: it seems like it will be slower (HTTP == userspace vs iSCSI== kernel or multicast == bandwidth efficient at massive scale)	21:13
lifeless	NobodyCam: PXE depends on tftpd; depending on httpd for an HTTP filesystem exposed area seems fine to me	21:14
devananda	lifeless: transfer keys over secure virtual media channel && single power cycle	21:14
lifeless	devananda: How do those features specifically work?	21:15
devananda	lifeless: PXE driver will always need to transfer keys over the data plane. iLO driver can do that over the control plane	21:15
devananda	lifeless: their notes are here - https://etherpad.openstack.org/p/iLODriverIronicDevstack	21:15
devananda	lifeless: tldr is	21:15
lifeless	Is the virtual media being referred to the floppy disk or the image content ?	21:15
devananda	both	21:15
wanyen_	lifeless,: we have deployers who prefer virtual meida over pxe. Also virtual media cansupport live media for rescure and test drive purposes	21:15
devananda	lifeless: tldr is power off; mount ISO and boot it; mount floppy to get keys; copy image out of ISO onto local disk; POST completion notice to ironic; ironic does cleanup and powers on the machine	21:16
rameshg87	lifeless: another interesting note i think is is virtual media installs are completely done through baremetal node. this would mean no conductor intervention for the deployment. it would need to transfer only the compressed image over the wire, and the image decompression and writing of image to disk will be done on the baremetal node itself	21:16
devananda	lifeless: at least that is my understanding from their etherpad and code review	21:17
lifeless	rameshg87: baremetalnode is the conductor.	21:17
*** dhellmann_ has joined #openstack-ironic		21:17
lifeless	rameshg87: oh, you mean the target node being booted?	21:17
rameshg87	lifeless: yes, the target node being booted	21:17
lifeless	rameshg87: but you're reading data off of an HTTP server. THats precisely as much I/O.	21:18
lifeless	rameshg87: on the conductor	21:18
devananda	lifeless: no. the ISO is pulled from glance, not from the conductor	21:18
lifeless	devananda: I got a different impression from the bit in this conversation where NobodyCam suggested a wsgi http app	21:19
devananda	lifeless: the only thing served from teh conductor would be the floppy (that's what i'm proposing -- right now, that is pulled from some other web server !glance)	21:19
lifeless	devananda: kk	21:19
rameshg87	lifeless: yes, as devananda said, the ISO will be pulled directly from glance/swift backing store onto the target node	21:19
*** sbadia_ has joined #openstack-ironic		21:20
rameshg87	lifeless: the floppy image contains the information to be passed for the deployment. basically the proliant iLO supports two types of virtual media - virtual media cdrom and virtual media floppy	21:20
*** openstackgerrit has quit IRC		21:20
*** dhellmann has quit IRC		21:20
*** sbadia has quit IRC		21:20
*** shortstop has quit IRC		21:20
*** sirushti has joined #openstack-ironic		21:20
*** sbadia_ is now known as sbadia		21:20
rameshg87	lifeless: the virtual media cdrom would server the compress OS image from the glance/swift backing store directly	21:20
*** dhellmann_ is now known as dhellmann		21:21
lifeless	devananda: the etherpad shows two boots to userspace	21:21
rameshg87	lifeless: the virtual media floppy would serve the configuration related stuffs for the deployment (like ironic api url, token for signalling completion of the installation)	21:21
*** jdob has joined #openstack-ironic		21:21
*** jdob_ has quit IRC		21:21
lifeless	devananda: one boot to deploy, but it boots a deploy kernel + ramdisk	21:21
*** openstackgerrit has joined #openstack-ironic		21:21
devananda	lifeless: ooh. you're right	21:21
lifeless	devananda: so secure key path seems to be the only feature tied to iLO AFAICT	21:22
devananda	wanyen_: i thought you were implementing this with only one boot cycle?	21:22
lifeless	devananda: and thats cool - but we can do that and still use common code for everything else	21:22
lifeless	so HP machines will get the multicast stuff	21:22
lifeless	devananda: I am interested in this because I don't want to have to choose between increased security and speed :)	21:22
devananda	lifeless: ++ :)	21:22
*** coolsvap_ has joined #openstack-ironic		21:23
lifeless	devananda: also	21:24
lifeless	devananda: as I read with fine toothed comb	21:24
lifeless	devananda: the floppy is transferred over HTTP	21:24
lifeless	devananda: not HTTPS	21:24
lifeless	devananda: so its no more secure, just more convoluted.	21:24
devananda	...	21:24
lifeless	5. Retrieve the OS image details from glance - http location using direct_url field	21:25
lifeless	sorry	21:25
lifeless	3. Upload the floppy image to the http server using sftp	21:25
lifeless	4. Attach the floppy image as floppy virtual media	21:25
lifeless	those two lines	21:25
*** mdurnosvistov_ has joined #openstack-ironic		21:25
devananda	lifeless: oh. that's what we were discussing	21:25
devananda	lifeless: i proposed NOT uploading it to a separate http server	21:26
devananda	lifeless: but instead serving it from a locally-managed service, akin to the current dependency on tftpd	21:26
devananda	rameshg87: does proliant support mounting virtual floppy over HTTPS?	21:26
wanyen_	yes. it does.	21:27
lifeless	ok, so if its HTTPS then and only then does it become better	21:27
*** mdurnosvistov has quit IRC		21:28
wanyen_	lifeless: it'sa bout deploy's choice as well. we do have a lot of requests to support non-pxe boot.	21:29
lifeless	wanyen_: sure, but do they mean 'local' or !pxe	21:30
lifeless	and if !pxe, what about pxe concerns them ?	21:30
rameshg87	devananda: lifeless: yes https is supported	21:30
wanyen_	As far as i know, some have security concerns and some said their environment is not set up for pxe	21:31
rameshg87	https is supported for mounting virtual floppy	21:31
wanyen_	reamesh: we should look into using https	21:31
lifeless	wanyen_: ok, so I'm not aganist virtual floppy	21:31
lifeless	wanyen_: it just seems like that is the only real difference	21:31
wanyen_	lfeless: live cd can only used for rescure and test drive	21:32
wanyen_	s/only/also	21:32
*** coolsvap has joined #openstack-ironic		21:32
lifeless	wanyen_: sure, but we'll have ramdisk versions of those anyway, right?	21:33
wanyen_	yes. that's in the plan for ironic right?	21:34
devananda	yep	21:34
*** dhellmann has quit IRC		21:34
*** _sirushti has joined #openstack-ironic		21:34
*** dhellmann has joined #openstack-ironic		21:35
*** coolsvap1 has quit IRC		21:35
*** jcooley_ has quit IRC		21:35
*** sirushti has quit IRC		21:35
*** _sirushti is now known as sirushti		21:35
*** coolsvap_ has quit IRC		21:35
*** jcooley_ has joined #openstack-ironic		21:36
devananda	lifeless: one issue with PXE is requiring DHCP to be owned/managed. iLO driver, afaict, does not require that	21:37
*** derekh has joined #openstack-ironic		21:38
*** pbrooko has quit IRC		21:40
rameshg87	devananda: lifeless: i just had a question on (HTTP == userspace vs iSCSI== kernel)	21:40
rameshg87	is deployment using iSCSI happens completely in kernel space ?	21:41
lifeless	rameshg87: all the data mangling yeah - we use dd configured for non-cached writes	21:42
lifeless	rameshg87: AFAICT we saturated 10Gbps links doing the deploy	21:42
rameshg87	lifeless: :-)	21:43
lifeless	rameshg87: and if the ISO with the image being copied from is on the BMC, that means we'll do data transfer about 10 times faster...	21:43
rameshg87	lifeless: yeah i agree, i guess it all depends on how fast iLO can retrieve the data from the http server on the other side and provide it	21:44
devananda	most control plane networks that I've seen are 1Gb or slower. people tend to prefer to spend money making the data network fast :)	21:46
wanyen_	pxe driver needs to download image from glance as well. iLO driver saves the dd part of data xfer.	21:46
devananda	congestion on the control plane seems like a significant limitation when trying to deploy a large quantity of nodes in parallel	21:48
devananda	*like it will be	21:48
wanyen_	okay. To summarize ilo upload auth token to a web server on conductor node, This web server is only used for token passing. ilo driver should support glance/swift and glance/web server backend stores. right?	21:51
wanyen_	Okay. Thanks! I am going off to lunch.	21:53
rameshg87	devananda: lifeless: wanyen_: i will need to leave now. thanks for all your thoughts	21:54
*** rameshg87 has left #openstack-ironic		21:54
NobodyCam	have a good night rameshg87	21:54
*** jdob has quit IRC		21:56
lifeless	wanyen_: pxe driver downloads on a network 10+ times faster than the mgmt network :)	21:59
lifeless	wanyen_: I'm not convinced that doing any bulk transfer on the iLO network makes sense	22:00
lifeless	wanyen_: I think it makes lots of sense to secure things	22:04
devananda	wanyen_: another aspect that I do not see covered -- how will even a rudimentary partition description (eg, size of root fs and swap space) be passed from nova down to the node?	22:10
*** mdurnosvistov_lt has joined #openstack-ironic		22:16
lifeless	devananda: the way I'd do it is use the pxe data handover protocol, just embedded into the floppy boot sequence rather than pxelinux.cfg	22:24
devananda	lifeless: indeed, that looks quite appealing to me	22:29
*** matty_dubs is now known as matty_dubs\|gone		22:29
devananda	lifeless: though from a code perspective, i need to look closer to see what will need to be done	22:29
devananda	lifeless: the key passing is integral to the deploy driver at the moment. not mix-n-match	22:30
lifeless	devananda: helper function, done. :)	22:30
devananda	lifeless: something like taht :)	22:31
*** jbjohnso_ has quit IRC		22:32
*** mrda_away is now known as mrda		22:41
openstackgerrit	A change was merged to openstack/ironic: Fix race condition when deleting a node https://review.openstack.org/76178	22:49
mrda	morning all	22:51
*** romcheg has joined #openstack-ironic		22:55
*** lnxnut has quit IRC		22:55
mrda	lucasagomes: I was going to write patch https://review.openstack.org/#/c/76614/1 today - you beat me to it overnight :)	22:56
NobodyCam	morning mrda	22:58
mrda	morning NobodyCam	22:59
devananda	mrda: g'morning!	23:01
devananda	mrda: I'm just fixing up 76293 right now	23:02
devananda	mrda: thanks for the unit tests :)	23:02
mrda	devananda: cool, hope that's ok	23:02
mrda	devananda: so you'll address Yuriy's comments in your new patch?	23:03
*** harlowja is now known as harlowja_away		23:05
NobodyCam	quick walkies. brb	23:08
devananda	yep	23:11
devananda	just about finished	23:11
*** linggao_ has quit IRC		23:12
openstackgerrit	Devananda van der Veen proposed a change to openstack/ironic: Add option to sync node power state from DB https://review.openstack.org/76293	23:14
*** lazy_prince has joined #openstack-ironic		23:20
*** killer_prince has quit IRC		23:22
*** lazy_prince is now known as killer_prince		23:22
openstackgerrit	Jenkins proposed a change to openstack/ironic: Updated from global requirements https://review.openstack.org/75565	23:27
*** vkozhukalov has quit IRC		23:28
openstackgerrit	Jenkins proposed a change to openstack/python-ironicclient: Updated from global requirements https://review.openstack.org/75585	23:34
openstackgerrit	Michael Davies proposed a change to openstack/ironic: Prevent GET /v1/nodes returning maintenance field https://review.openstack.org/76094	23:39
*** mdurnosvistov_lt has quit IRC		23:39
mrda	devananda: any other things you'd like addressed during your night? :)	23:40
devananda	mrda: hmmm! lemme see :)	23:40
devananda	mrda: so, have you seen https://etherpad.openstack.org/p/IronicReviewDay ?	23:41
devananda	mrda: this is a running list that -core folks are using to keep track of the really-easy and the really-important patches	23:41
* devananda thinks		23:43
devananda	mrda: sun jing's patch for serial console support is, IMO, really close to landing	23:43
mrda	devananda: I'll take a look	23:44
devananda	mrda: there's a little refactoring it needs. It looks like sun wasn't clear on how to do that, despite our comments	23:44
devananda	https://review.openstack.org/#/c/64100/	23:44
NobodyCam	devananda: on 64100 I'd be ok with filing a bug for the http vs https thing	23:46
devananda	NobodyCam: ++	23:47
devananda	NobodyCam: that's pretty much how I feel about everything in that patch aside from the unreleased-lock issue	23:47
devananda	not perfect but good enough to iterate on further	23:47
NobodyCam	even the mocking for the item being tested?	23:48
NobodyCam	devananda: ++ as long as the issues are tracked either via or etherpad	23:48
NobodyCam	*...via BUG or...	23:49
* NobodyCam knows he would forget at least ONE		23:50
devananda	NobodyCam: via LP bugs. better visibility	23:50
openstackgerrit	A change was merged to openstack/python-ironicclient: Fix params order in assertEqual https://review.openstack.org/74745	23:50
devananda	and at this point, yes. we need to merge serial console and ephemeral disk support THIS week	23:51
NobodyCam	so tomorrow really	23:52
devananda	yep	23:56
NobodyCam	devananda: line 323 for locking issue? #323 proc = subprocess.Popen(' '.join(x), shell=True)	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!