Tuesday, 2020-11-24

« Monday, 2020-11-23 Index Wednesday, 2020-11-25 »
*** hoonetorg has quit IRC00:14
*** k_mouza has joined #openstack-ironic00:14
*** tosky has quit IRC00:17
*** k_mouza has quit IRC00:19
*** hoonetorg has joined #openstack-ironic00:28
*** Goneri has quit IRC00:37
*** outbrito has joined #openstack-ironic00:53
*** thiagop has quit IRC00:53
*** hoonetorg has quit IRC01:26
*** zzzeek has quit IRC01:26
*** zzzeek has joined #openstack-ironic01:26
*** Qianbiao has joined #openstack-ironic01:29
*** zzzeek has quit IRC01:31
*** zzzeek has joined #openstack-ironic01:32
*** ociuhandu has joined #openstack-ironic01:37
*** hoonetorg has joined #openstack-ironic01:39
dkingDo Ironic-Inspector collectors have access to the node and port classes?01:40
*** ociuhandu has quit IRC01:41
*** outbrito has quit IRC01:41
dkingThose are passed as parameters to clean steps, but I have some code that I would like to run during inspection, and I would like to share a function between inspection and cleaning using dispatch_to_managers, and I'm trying to figure out the best way to do that.01:43
*** rloo has quit IRC01:47
dkingI'm wanting to set .driver_info.ipmi_password during inspection. So far, I'm only seeing that it would have to be set that in data, and then pass it into ipmi_password during introspection rules. However, that doesn't seem to be secure.01:49
Qianbiaohi  dking, there has a rule can archive your goal.01:50
Qianbiaobut i did not use it in fact, i can share you a doc.01:50
*** zzzeek has quit IRC01:50
dkingQianbiao: I would appreciate that.01:51
*** zzzeek has joined #openstack-ironic01:51
Qianbiaowait a minute, need to find it01:51
Qianbiaothat is it: https://docs.openstack.org/ironic-inspector/latest/user/usage.html01:53
Qianbiaodking ^^01:54
dkingQianbiao: Thank you very much. However, I was looking for something different. I know that I can use introspection rules to set that value. However, I was hoping to create the password (and set it) during the inspection step inside of the Ironic Python Agent. I'm going to be using ipmitool to set the BMC credentials to use a random password, and I would like to save that password, preferably directly into the database, at that01:56
dkingtime.01:56
Qianbiaothen you may want to add a customer processor i think01:57
Qianbiaocheck inspect processing config segment, there has : processing_hooks = $default_processing_hooks,extra_hardware,lldp_basic,local_link_connection01:58
dking...and I was hoping to share the same function between introspection (called from a custom collector) and by node cleaning (called from a custom hardware manager).01:58
Qianbiaoyou may add a customer hook to do that01:58
Qianbiaoyes, i think you can share the code.01:59
Qianbiaothey are run in IPA i think.01:59
Qianbiaonot sure.01:59
QianbiaoTheJulia may have a better idea.01:59
TheJuliao/02:00
TheJuliaI've been summoned!02:00
TheJuliawhat is up?02:00
dkingThe problem for me at the moment is that hardware manager clean steps receive the node and port objects, but collectors only receive the data and failures objects.02:00
*** tzumainn has quit IRC02:00
QianbiaoGood night, TheJulia o/. I guess you may still around. :)02:01
dkingI suppose that I could just have a wrapper for each that calls the one routine to create and set the password, and then have the wrappers update in the db, with the one setting it in data for intrpsection rules to pick up, and the other setting in the node object directly.02:01
dkingTheJulia: Oh, wow. You're up late.02:02
TheJulianot that late...02:02
TheJuliaonly 6pm here02:02
TheJuliadking: the anticipated path to use introspection rules, and yeah, that is not great but it is only really viable for those with static BMC passwords. Dynamic is... more difficult.02:02
dkingOh. It's 9pm here, and definitely not work hours (officially).02:02
TheJuliaand really, inspector has no access to that data by default really. often when the collectors are executing, they may have zero context of the ironic node, just that they have data before them02:03
dkingYeah, that's what we're going for, dynamic. We would prefer not having the same password for every machine, and we want it to be set by introspection since we won't know the actual password. We boot right into PXE for our first exposure to a new node, and they all have random pws set by the manufacturer.02:04
TheJuliahmm02:05
TheJuliaThis is a wonderful conundrum02:05
dkingI suppose that makes sense. It seems that the original intent, or common usage, is to have nodes already entered manually. So, we do things a bit differently.02:05
TheJuliaor to reconcile it in the end02:05
TheJuliabut yeah, that is still not fun02:05
*** openstackgerrit has joined #openstack-ironic02:06
openstackgerritSteve Baker proposed openstack/ironic master: JSON conversion followup change  https://review.opendev.org/c/openstack/ironic/+/76327902:06
openstackgerritSteve Baker proposed openstack/ironic master: Improve object_to_dict arguments  https://review.opendev.org/c/openstack/ironic/+/76350102:06
openstackgerritSteve Baker proposed openstack/ironic master: Test patching booleans with string values  https://review.opendev.org/c/openstack/ironic/+/76371302:06
TheJuliadking: out of curiosity, are you getting an inventory of the random passwords?02:06
TheJuliafrom the vendor that is?02:06
*** zzzeek has quit IRC02:07
dkingTechnically, yes. They come to us on tags physically on the servers, which is a huge hassle, and for our first batch, 2 out of 20 didn't seem to respond to the passwords on the stickers.02:07
dkingWe're going to send a request for them to send us that data in a spreadsheet, but even if we know them, we'd have to create a secure system to maintain those creds and serve them, which would be an even bigger hassle.02:08
dkingI suppose that if it comes down to it, perhaps I could see what part of the process finally gets a UUID, from node_not_found_hook, and make some code somewhere to call the API directly, but I was really hoping to use existing tools.02:11
*** zzzeek has joined #openstack-ironic02:11
TheJuliaif you get a spreadsheet, you could just map them up really easily02:11
dkingYjru02:12
dkingsorry02:12
TheJuliaThat is exactly what some folks have done02:12
TheJuliaor create and have a cron job add the password in after matching the host in the state02:12
*** k_mouza has joined #openstack-ironic02:14
TheJuliaif you do that, you could have it just be kicked to the next step by the same script or job02:14
dkingI suppose that we could have the process which updates the node state from enroll to manageable add the IPs. The frustration here is that the process would have to be able to collect that information securely. So, we'd have to create some method for it to be accessed and updated and then secured.02:14
dkingRather than just having the password in the only place where we really want it, the Ironic db.02:15
*** k_mouza has quit IRC02:15
TheJuliaI feel like maybe we do need a "go check $thing" somehow02:16
*** zzzeek has quit IRC02:16
TheJuliabut with the rules that might not be viable02:16
*** zzzeek has joined #openstack-ironic02:18
TheJuliadking: maybe a better question, so once you get the spreadsheet, would that be before or after you have the rack?02:20
TheJuliaor racks02:20
TheJuliaand then, would that be a human and could it be local to them submitting it in whatever process02:21
dkingTheJulia: Ideally, if we can get something worked out, we could get them as they are shipped, before being racked. But we want to save the DC from having to do more work than necessary, and we're planning on doing things on a large scale (we hope).02:22
QianbiaoI am courious if there has a method can update node's management password without getting it first?02:23
*** uzumaki has joined #openstack-ironic02:23
QianbiaoFrom inband?02:23
dkingIn our use case, we're trying to have the process super automated. So, eventually, that's going to mean that we'd probably be having servers shipped to datacenters to which we have very little direct access ourselves, outside of perhaps having them setup. From there, we'd like to just be able to slot machines and power them on.02:23
*** iurygregory has quit IRC02:25
dkingQianbiao: Yes, we won't have the password. But when we power on the servers, they PXE boot, kicking off the inspect process. While all of that is running, we can use command line tools, like ipmitool (or also the vendor specific command line tools), which can set a password without needing one first. So, we can set a secondary user with a random password. I just need to get that random password into Ironic securely.02:25
TheJuliaI think nobodycam had worked out a process where they had the inventory data in advance, dc ops would hookup cables/power, inspection would get the data, $thing would do reconcile set passwords and move them into use02:27
Qianbiaoyeah, that is what i mean, from inband, we can set password directly. IBMC seems has same technical.02:28
TheJuliaQianbiao: we tried that, and ripped the feature out a long long time ago due to bmc issues/inconsistencies with resetting the bmc password from the OS. Also some operators didn't want that as a thing at all02:28
QianbiaoTheJulia IIRC, ibmc can visit a special IPV6 address from inband os, and update password directly.02:29
Qianbiaoforget the details.02:29
TheJuliayeah, there is a standard for that :)02:29
Qianbiaook :)02:30
TheJuliathat is awesome ibmc supports that, btw02:30
*** zzzeek has quit IRC02:30
*** zzzeek has joined #openstack-ironic02:31
Qianbiaodking, from your requirement, I think you should make a modify to IPA, you may did it there i think. and add a hook/rule in inspector to update password02:31
dkingHmm... I'm trying to think. I really don't like the idea of having to maintain a service to serve the creds, which is why we were hoping to just set a new user.02:31
TheJuliato do it via ipmi, I'm fairly sure you have to define a user number02:32
TheJuliaif you collide with the admin, you replace it02:32
TheJuliathat can be good, or bad depending on use case02:32
dkingQianbiao: Yes, I am looking at something in IPA. I'm trying to find a good type of hook to do that.02:32
*** rcernin has quit IRC02:33
dkingTheJulia: yes, you give it user numbers, but admin should always be the same number, and I can do checks for that.02:33
dkingYou give it a number and a username.02:34
TheJuliaI don't think we could just revert the patch that removed password setting, for that and we would likely extend it a little, but maybe it is viable if we can navigate the cases around the account number02:34
dkingTheJulia: I'm not sure I follow entirely. Are you referring to a previous version that set the password? I did see some very old documentation for an Ironic discover process that looked like it did that.02:37
TheJuliayeah02:37
dkingAnd I can understand not wanting to make Ironic maintain the process, as BMCs can be funny. But I do think having some kind of option to allow some kind of custom code to set the password during inspection would be hlepful.02:38
TheJuliaso the conundrum _during_ inspection is there is no way to send commands back to IPA02:39
TheJuliaIt is a one way "Hey, here is that data you may or may not have wanted" action02:39
dkingIs there anything that would allow hardware managers add in steps that could be run during inspection? I assume that one blocker for that has been the fact that most of them don't have any node object set yet?02:39
TheJuliaallow, not at the moment, but nothing preventing an invocation02:40
dkingOh, so IPA during inspection doesn't listen on a socket?02:40
TheJuliadispatch_to_managers could be invoked02:40
TheJuliadking: it doesn't even start the webserver until inspection is done02:40
TheJuliaif your in discovery only mode, you can't send commands at all02:40
TheJuliabecause the agent doesn't know anything and to allow commands in without any sort of authentication is not great02:41
TheJuliabut yeah, there is absolutely nothing preventing a hardware manager from doing $thing really02:41
TheJuliain fact, it could do it on start-up of the hardware manager02:41
TheJulia"If it looks like were in inspection, and we don't have a user in the bmc, let me set a password and save it in the data posted to inspector ?!?02:42
TheJulia"02:42
dkingOne obstacle for me at the moment is that I don't have the node object. Does the data object (sent to the collectors) contain the UUID?02:43
dkingYou mention saving it data posted to the inspector. Does that in some way get back into the db without having to be sent back in the inspector data that gets logged?02:45
dkingI don't really care where it's set, or even if it's set first in the db and then sent in, as long as it gets to some function during inspection. I just need the same thing in the db that's on the server, and that can go either way.02:48
Qianbiaodking inspection has two mode, one trigger by admin, one auto enroll.02:55
Qianbiaofirst one you need to set a password manually, second one, there are no node in ironic util inspection finished.02:56
Qianbiaobasicly, if you know it's auto enroll, you can set a random password, and then send the password back in inspect data.02:57
Qianbiaoand then you can did anything you want like set it to node's driver info.02:57
dkingQianbiao: That is true. The concern I have is that if the data is passed back in the inspection data, it will be logged on the conductor, exposing that password, which is not ideal.03:00
Qianbiaoyes, need to remove the log.03:02
*** rcernin has joined #openstack-ironic03:03
dkingI suppose that I might need to look into node_not_found_hook = enroll to see how that works.03:04
Qianbiaoyes03:05
*** rcernin has quit IRC03:11
*** rcernin has joined #openstack-ironic03:11
*** uzumaki has quit IRC03:15
*** uzumaki has joined #openstack-ironic03:15
TheJuliadking: the uuid that is stamped in the system, but that can be wrong and it can also be all 0's depending on the make or vendor03:22
TheJuliaor like... if you get a replacement motherboard that was never flashed with the OEM details03:22
TheJuliathe uuid assigned in ironic, is assigned on create unless it is posted, and I *don't* think the embedded uuid is used03:23
TheJuliathat is of course it is flashed in03:23
*** ociuhandu has joined #openstack-ironic03:25
dkingTheJulia: I was talking about the UUID for Ironic. I was hoping that at some point, the node would have to know or set that if it's enrolling itself. And if it did, I was thinking I could just do an API call.03:27
TheJuliayou'd have to embed creds into the agent which is downloaded for inspector03:28
dking...but if that's only set on the API's side after the inspection and introspection data is sent, then I suppose that wouldn't work.03:28
TheJuliaan administrative credential03:28
TheJuliayeah03:28
dkingOh, yeah. I suppose there's that, too. I'm not currently using any authentication for Ironic, but I don't plan for it to stay like that.03:29
*** ociuhandu has quit IRC03:29
dkingI really hate it, but I'm starting to re-consider just setting it in the introspection data and just hoping that nobody malicious gets access to that server.03:30
dkingIf they can access the controller, they have access to the nodes, anyway. It just feels very dirty and dangerous.03:31
dkingAnd the conductor logs will likely be exported. I suppose that we could see about filtering those lines out. I just don't see a good solution.03:33
*** uzumaki has quit IRC04:04
TheJuliadking: do you actually need inspetor to save that information? are you using inspectin data post inspection?04:10
*** paras333 has quit IRC04:14
*** k_mouza has joined #openstack-ironic04:15
*** k_mouza has quit IRC04:16
*** k_mouza_ has joined #openstack-ironic04:16
*** zzzeek has quit IRC04:18
*** zzzeek has joined #openstack-ironic04:19
*** k_mouza_ has quit IRC04:21
*** k_mouza has joined #openstack-ironic04:34
*** zzzeek has quit IRC04:34
*** zzzeek has joined #openstack-ironic04:35
*** k_mouza has quit IRC04:38
*** zzzeek has quit IRC04:59
*** zzzeek has joined #openstack-ironic05:00
*** zzzeek has quit IRC05:10
*** zzzeek has joined #openstack-ironic05:11
*** ociuhandu has joined #openstack-ironic05:13
openstackgerritankit proposed openstack/ironic master: Adds config params to support firmware update gate  https://review.opendev.org/c/openstack/ironic/+/76334105:14
*** ociuhandu has quit IRC05:21
openstackgerritJacob Anders proposed openstack/ironic master: Use OOB inspection to fetch MACs for IB inspection  https://review.opendev.org/c/openstack/ironic/+/75094305:47
openstackgerritJacob Anders proposed openstack/ironic-inspector master: Use OOB inspection to fetch MACs for IB inspection  https://review.opendev.org/c/openstack/ironic-inspector/+/75899405:48
*** k_mouza has joined #openstack-ironic06:35
*** Qianbiao has quit IRC06:36
*** k_mouza has quit IRC06:39
*** Qianbiao has joined #openstack-ironic06:48
*** zzzeek has quit IRC06:49
*** zzzeek has joined #openstack-ironic06:49
*** iurygregory has joined #openstack-ironic07:02
iurygregoryGood morning07:03
iurygregoryo/07:03
*** ociuhandu has joined #openstack-ironic07:15
*** ociuhandu has quit IRC07:19
*** ociuhandu has joined #openstack-ironic07:24
*** ociuhandu has quit IRC07:29
arne_wiebalckGood morning iurygregory and ironic!07:37
*** rpittau|afk is now known as rpittau07:39
rpittaugood morning ironic! o/07:39
iurygregoryhey arne_wiebalck and rpittau o/07:40
*** ociuhandu has joined #openstack-ironic07:41
rpittauhey iurygregory :)07:46
*** rcernin has quit IRC07:49
*** ociuhandu has quit IRC07:52
*** rcernin has joined #openstack-ironic07:57
openstackgerritDmitry Tantsur proposed openstack/ironic-python-agent stable/victoria: Make mdadm a soft requirement  https://review.opendev.org/c/openstack/ironic-python-agent/+/76390207:58
*** mkrai has joined #openstack-ironic08:02
*** ociuhandu has joined #openstack-ironic08:06
*** ociuhandu has quit IRC08:13
*** rcernin has quit IRC08:15
*** ociuhandu has joined #openstack-ironic08:22
*** ociuhandu has quit IRC08:22
*** Qianbiao has quit IRC08:30
*** k_mouza has joined #openstack-ironic08:36
*** Qianbiao has joined #openstack-ironic08:36
*** k_mouza has quit IRC08:40
*** ociuhandu has joined #openstack-ironic08:43
*** mgoddard has joined #openstack-ironic08:44
*** tosky has joined #openstack-ironic08:48
*** zzzeek has quit IRC08:50
*** zzzeek has joined #openstack-ironic08:54
*** dougsz has joined #openstack-ironic08:55
*** dtantsur|afk is now known as dtantsur09:01
dtantsurmorning ironic09:02
*** lucasagomes has joined #openstack-ironic09:03
rpittaugood morning dtantsur :)09:04
iurygregorygood morning dtantsur09:08
*** zzzeek has quit IRC09:09
*** zzzeek has joined #openstack-ironic09:09
rpittaubtw there should be a new release soon, I think, but that one should work09:11
*** derekh has joined #openstack-ironic09:12
rpittau^ iurygregory this was for you :D09:16
*** mkrai has quit IRC09:16
*** mkrai has joined #openstack-ironic09:16
iurygregoryrpittau, hehehe good to know09:17
*** zzzeek has quit IRC09:18
*** ricolin has joined #openstack-ironic09:19
*** zzzeek has joined #openstack-ironic09:19
iurygregorydtantsur, since in stable/victoria we did change the default value for api_workers and the latest we have is  16.0.1 we need a minor bump?09:20
dtantsurmmm, no, why?09:20
iurygregorywas wondering because you listed as upgrade09:20
iurygregory=)09:20
dtantsurwe have a track of changing options values in patch release09:21
dtantsurI'd not bother09:21
iurygregoryack09:21
*** fmuyassarov has joined #openstack-ironic09:24
*** dougsz has quit IRC09:25
*** zzzeek has quit IRC09:26
fmuyassarovHello all. Would you mind please to review https://review.opendev.org/c/openstack/ironic/+/762343 ? Thanks in advance.09:26
* dtantsur looks09:27
fmuyassarovdtantsur, thanks09:27
*** zzzeek has joined #openstack-ironic09:28
*** ociuhandu has quit IRC09:32
*** mkrai has quit IRC09:35
dtantsurfmuyassarov: reviewed. this is really close, left a couple more comments. feel free to ping me again after you update it.09:35
fmuyassarovSure, thank you dtantsur09:36
iurygregorybrb need to reboot the pc09:36
*** iurygregory has quit IRC09:37
openstackgerritRiccardo Pittau proposed x/sushy-oem-idrac master: Use safe version of hacking  https://review.opendev.org/c/x/sushy-oem-idrac/+/72726009:38
*** dougsz has joined #openstack-ironic09:40
*** iurygregory has joined #openstack-ironic09:43
*** ricolin has quit IRC09:44
iurygregorydtantsur, newbie question the repo to extend ironic ansible modules is https://opendev.org/openstack/ansible-collections-openstack/ right?09:47
dtantsuriurygregory: correct09:47
iurygregoryoh they don't have any doc page with contributor guide right? only the https://opendev.org/openstack/ansible-collections-openstack/src/branch/master/CONTRIBUTING.rst09:49
jandersgood morning iurygregory arne_wiebalck rpittau dtantsur fmuyassarov and Ironic o/09:49
jandershow's everyone?09:50
iurygregoryhey janders o/09:50
arne_wiebalckhey janders o/09:50
rpittauhey janders :)09:50
iurygregoryalmost ready to travel \o/09:50
*** k_mouza has joined #openstack-ironic09:50
iurygregory(just need to do the covid test tomorrow)09:50
fmuyassarovgood morning janders09:50
jandersiurygregory way to go!09:50
janders(not so enthusiastic about the covid test, but the travel part for sure! :)09:50
iurygregoryis not that bad tbh09:51
*** ociuhandu has joined #openstack-ironic09:51
iurygregoryI did once already hehe, this will be my second time09:51
*** k_mouza has quit IRC09:55
*** derekh has quit IRC10:01
*** derekh has joined #openstack-ironic10:01
*** ociuhandu has quit IRC10:02
*** zzzeek has quit IRC10:04
*** mkrai has joined #openstack-ironic10:05
*** zzzeek has joined #openstack-ironic10:06
*** mgoddard has quit IRC10:11
*** zzzeek has quit IRC10:21
*** zzzeek has joined #openstack-ironic10:22
*** mgoddard has joined #openstack-ironic10:24
*** zzzeek has quit IRC10:26
*** mkrai has quit IRC10:27
*** zzzeek has joined #openstack-ironic10:28
*** mkrai has joined #openstack-ironic10:28
*** ociuhandu has joined #openstack-ironic10:32
*** mgoddard has quit IRC10:35
*** k_mouza has joined #openstack-ironic10:37
*** ociuhandu has quit IRC10:37
*** ociuhandu has joined #openstack-ironic10:38
openstackgerritJacob Anders proposed openstack/ironic-inspector master: Use OOB inspection to fetch MACs for IB inspection  https://review.opendev.org/c/openstack/ironic-inspector/+/75899410:43
*** zzzeek has quit IRC10:47
*** ociuhandu has quit IRC10:47
*** zzzeek has joined #openstack-ironic10:47
*** mgoddard has joined #openstack-ironic10:49
*** ociuhandu has joined #openstack-ironic10:53
*** ociuhandu has quit IRC10:53
*** mkrai has quit IRC10:56
dtantsurianw: I've sent you an email to avoid chatting at weird hours10:56
openstackgerritVerification of a change to openstack/ironic failed: Sync boot mode when changing the boot device via Redfish  https://review.opendev.org/c/openstack/ironic/+/76243911:05
*** ociuhandu has joined #openstack-ironic11:10
*** ociuhandu has quit IRC11:10
*** ociuhandu has joined #openstack-ironic11:10
openstackgerritKaifeng Wang proposed openstack/ironic-specs master: Support node history  https://review.opendev.org/c/openstack/ironic-specs/+/65281111:16
*** mkrai has joined #openstack-ironic11:16
ajyaHi dtantsur, saw you talking about DHCP-less. Are you testing some specific configuration or could it be that the feature currently is not working?11:20
ajyadtantsur: oh, saw the post in the mailing list, it looks like it's not specific to setup11:30
*** zzzeek has quit IRC11:31
*** zzzeek has joined #openstack-ironic11:32
*** ociuhandu has quit IRC11:34
*** ociuhandu has joined #openstack-ironic11:35
*** mkrai has quit IRC11:35
*** ociuhandu has quit IRC11:41
*** ociuhandu has joined #openstack-ironic11:41
*** ociuhandu has quit IRC11:44
*** ociuhandu has joined #openstack-ironic11:45
dtantsurI suspect the latter, but I'd be happy to be proved wrong11:49
openstackgerritMerged openstack/ironic-python-agent stable/victoria: Make mdadm a soft requirement  https://review.opendev.org/c/openstack/ironic-python-agent/+/76390211:53
*** ociuhandu has quit IRC11:55
*** ociuhandu has joined #openstack-ironic11:58
openstackgerritJacob Anders proposed openstack/ironic-inspector master: Use OOB inspection to fetch MACs for IB inspection  https://review.opendev.org/c/openstack/ironic-inspector/+/75899412:00
*** ociuhandu has quit IRC12:04
janderswrapping up for the night, have a good rest of your day Ironic, catch you tomorrow o/12:09
iurygregorybye janders12:10
*** anuradha1904 has joined #openstack-ironic12:10
*** outbrito has joined #openstack-ironic12:11
*** ociuhandu has joined #openstack-ironic12:15
*** ociuhandu has quit IRC12:20
*** dtantsur is now known as dtantsur|brb12:22
*** k_mouza has quit IRC12:35
*** k_mouza has joined #openstack-ironic12:47
*** k_mouza has quit IRC13:05
*** belmoreira has joined #openstack-ironic13:07
*** k_mouza has joined #openstack-ironic13:09
*** k_mouza has quit IRC13:19
*** ociuhandu has joined #openstack-ironic13:26
*** ociuhandu has quit IRC13:30
*** k_mouza has joined #openstack-ironic13:31
*** ociuhandu has joined #openstack-ironic13:35
*** Goneri has joined #openstack-ironic13:36
*** dtantsur|brb is now known as dtantsur13:41
*** paras333 has joined #openstack-ironic13:44
*** mgoddard has quit IRC13:46
QianbiaoHello, does anyone try dynamic vendordata metadata service.?13:52
* dtantsur hasn't13:53
Qianbiaomy vendordata is available through "curl http://169.254.169.254/openstack/2018-08-27/vendor_data2.json"13:53
Qianbiaobut cloud-init seems does not load it.13:53
*** mgoddard has joined #openstack-ironic13:53
*** fmuyassarov has quit IRC13:54
* TheJulia wipes sleep from her eyes13:57
TheJuliagood morning everyone13:57
*** k_mouza has quit IRC13:57
*** k_mouza has joined #openstack-ironic13:58
iurygregorygood morning TheJulia =)13:59
rpittaugood morning TheJulia :)14:01
Qianbiaomorning TheJulia14:03
dtantsurTheJulia: morning!14:03
*** zzzeek has quit IRC14:07
*** zzzeek has joined #openstack-ironic14:09
iurygregorydtantsur, I'm going to push the release for IPA since https://review.opendev.org/c/openstack/ironic-python-agent/+/763902 merged14:11
*** rloo has joined #openstack-ironic14:20
dtantsurack, cool14:24
openstackgerritBob Fournier proposed openstack/ironic master: Add vendor_passthru method for virtual media  https://review.opendev.org/c/openstack/ironic/+/76300714:26
*** fmuyassarov has joined #openstack-ironic14:26
*** mkrai has joined #openstack-ironic14:29
*** zzzeek has quit IRC14:39
*** tzumainn has joined #openstack-ironic14:42
iurygregoryrpioso, hey you around?14:42
*** zzzeek has joined #openstack-ironic14:45
TheJuliastevebaker: I believe congratulations are in order.... See Mailing List.15:03
TheJuliaI feel like I need stronger coffee for today15:06
iurygregorycongrats stevebaker =)15:07
trandlesTheJulia: I need that stronger coffee too. This morning, trying to clear up an issue on a testbed, I nuked /var/lib/mysql. Problem is, I was on my ironic testbed and not the testbed with the problem. I lost everything about my 25-node baremetal cluster. :(15:08
dtantsurstevebaker++15:08
TheJuliatrandles: eek :(15:09
dtantsurouch15:11
TheJuliaHopefully once back up you can celebrate with some colkegan or something similar15:12
trandlesThat's a good suggestion. It won't be too bad to recover, just a pain and squandering time I really should be using to do something else.15:13
JayFstevebaker: \o/15:14
JayFtrandles: /o\15:15
rpittaucongratulations stevebaker! :)15:20
openstackgerritDmitry Tantsur proposed openstack/ironic-python-agent-builder master: Add ironic-python-agent-minimal element  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/76281515:34
*** Qianbiao has quit IRC15:37
openstackgerritMark Goddard proposed openstack/tenks master: CI: Fix ansible-lint failure  https://review.opendev.org/c/openstack/tenks/+/76399115:38
openstackgerritJason Anderson proposed openstack/ironic master: Always retry locking when performing task handoff  https://review.opendev.org/c/openstack/ironic/+/76165315:42
rpittauthanks mgoddard didn't really have the time today for that :)15:44
openstackgerritRiccardo Pittau proposed openstack/tenks master: Increase verbosity of ansible lint command  https://review.opendev.org/c/openstack/tenks/+/76376515:49
openstackgerritDmitry Tantsur proposed openstack/ironic-python-agent-builder master: Repair the previous image name  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/76399315:51
dtantsurrpittau: FYI ^^15:51
dtantsurthis results in old images used by ironic IIUC15:51
JayFdtantsur: I don't understand how that patch does what you say it does. It seems to only add `centos` to the supported elements for centos 8?15:53
JayFoooh, that second ansible stanza is to set the name15:53
JayFgot it15:53
dtantsurJayF: well, we modify the number from {{ distro }} to {{ distro }}{{ release }}15:53
dtantsurouch, which number? the name15:53
dtantsurhttps://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ illustrates the current problem15:54
JayFI +2'd it, I quacked myself through it15:54
dtantsurmy minimal element saves only 1 MiB. sigh. well, that's a start :D15:54
openstackgerritDmitry Tantsur proposed openstack/ironic-python-agent-builder master: Clean up package installation  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/76281616:02
*** mkrai has quit IRC16:15
JayFUgh. With the new gerrit, the emails no long indicate if w+1 was put in16:18
JayFI got an email that rpittau +2'd that image name change, but it didn't show W+1... but he workflow'd it too16:18
rpittauJayF: I WF'ed after you +2ed :)16:18
JayFyeah, and the email only shows your +216:18
JayFnot the W+116:19
rpittauoh ok16:19
dtantsurI've noticed that as well16:22
openstackgerritJulia Kreger proposed openstack/ironic-python-agent master: Option to enable bootloader config failure bypass  https://review.opendev.org/c/openstack/ironic-python-agent/+/76401616:24
iurygregorynew gerrit still doesn't deserve a cookie it seems...16:35
TheJuliawill something so drasticly different ever get a cookie?16:37
fmuyassarovdtantsur, I have addressed your comments in 762343(not pushed yet), but my local test run is failing (link: https://paste.centos.org/view/0078abfb ) to pass the unit test that I added. Do you know what am I missing in this unit test https://paste.centos.org/view/2f5d825b ?16:40
*** hoonetorg has quit IRC16:41
dkingTheJulia: I don't need inspector to save the information, specifically, but I don't know another way to get it into Ironic. The inspector collectors seem to only have access to write to the inspector data, and during inspection, I'm under the impression that there's no way for the new, yet unenrolled node, to talk to Ironic directly? Or am I missing something?16:41
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to troubleshoot an SMTP queuing backlog, downtime should be less than 5 minutes16:42
*** anuradha1904 has quit IRC16:50
*** hoonetorg has joined #openstack-ironic16:53
dtantsurfmuyassarov: your test verifies a negative response, but you expect HTTP OK16:54
dtantsuryou need to change the last line to the correct error code and add expect_errors=True to patch_json()16:54
fmuyassarovgot it. Thanks16:55
dtantsurrpittau, JayF, I've just got a notification about W+1. I guess it is taking time.16:57
JayFyeah; same. Just slow16:57
rpittaummm maybe related to the issue mentioned before16:57
rpittaugood night! o/17:01
*** rpittau is now known as rpittau|afk17:01
*** ociuhandu_ has joined #openstack-ironic17:06
*** ociuhandu_ has quit IRC17:06
TheJuliadking: absolutely no way for the new node to send information to ironic, it would have to go through inspector, but if your not saving the introspection information, then you identify/collect it and then pass it through and it shouldn't be retained. If your logging level is default, I don't think it will even log details about the node so it would be completely transitory to inspector afaik.17:08
*** ociuhandu has quit IRC17:09
*** lucasagomes has quit IRC17:10
arne_wiebalckbye everyone o/17:13
TheJuliagoodnight17:13
dkingTheJulia: Thank you. So, just put put it in the inspect data[], and then let introspect set it into Ironic, and without debug, that shouldn't get logged?17:17
TheJuliaI believe so, dtantsur might think otherwise17:17
openstackgerritFeruzjon Muyassarov proposed openstack/ironic master: Allow disabling automated_clean per node  https://review.opendev.org/c/openstack/ironic/+/76234317:22
openstackgerritFeruzjon Muyassarov proposed openstack/ironic master: Allow disabling automated_clean per node  https://review.opendev.org/c/openstack/ironic/+/76234317:24
*** rloo has quit IRC17:26
*** rloo has joined #openstack-ironic17:27
fmuyassarovdtantsur, updated the patchset. Thank you for your help.17:28
dtantsurthank you, I'll try to get to it before EOD today17:28
fmuyassarovYes, take your time17:29
*** dougsz has quit IRC17:34
*** ociuhandu has joined #openstack-ironic17:41
*** jlvillal has quit IRC17:42
*** jlvillal has joined #openstack-ironic17:43
TheJuliaInteresting... did we turn off notifications for ironic-specs and ironic-python-agent?17:43
dtantsuryou mean, IRC? I don't think so17:44
dtantsurI see a notification about your patch to IPA 1:20 ago17:44
TheJuliabut not on ironic specs I pushed like 3 minutse ago17:45
TheJuliaor irccloud has gotten super smart filtering AI17:45
dtantsurthe bot goes for a smoke from time to time17:45
*** ociuhandu has quit IRC17:45
TheJuliaat which point it migh tas well be named Skynet17:45
dtantsurheh17:45
dtantsurbut yeah, the bot does disappear occasionally17:45
TheJuliaahh, yeah, I see the ipa notification17:45
TheJuliait wasn't instant it looks like 1-2 minutes17:46
dtantsurnothing about the new gerrit seems instant atm :)17:46
TheJuliayeah :(17:47
* TheJulia cracks open a new spec file17:47
TheJulialooks like releases are borked for now17:54
dtantsuryep17:55
*** iurygregory has quit IRC17:59
*** dtantsur is now known as dtantsur|afk18:01
dtantsur|afksee you tomorrow18:01
TheJuliagoodnight dtantsur|afk18:01
*** derekh has quit IRC18:01
*** mgoddard has quit IRC18:07
*** rloo has quit IRC18:18
*** rloo has joined #openstack-ironic18:19
buhmanWhat's the "plan" for metalsmith? https://specs.openstack.org/openstack/ironic-specs/specs/12.1/allocation-api.html describes metalsmith as a "short-term" thing. Is it desired that metalsmith-like functionality be added as new Ironic API features (via the same spec process that the allocation api was added)? Or would some parts be better implemented as a completely separate service, like a lighter-weight nova?18:22
*** rloo has quit IRC18:23
*** rloo has joined #openstack-ironic18:23
*** jamesdenton has quit IRC18:26
*** jamesden_ has joined #openstack-ironic18:26
*** iurygregory has joined #openstack-ironic18:27
*** k_mouza has quit IRC18:29
*** fmuyassarov has quit IRC18:52
iurygregoryrpioso, just fyi the problem I've mentioned yesterday about idrac8 with vmedia http://paste.openstack.org/show/800368/ I was able to get more logs to look at and seems like redfish/v1/Managers/iDRAC.Embedded.1/VirtualMedia/CD/Actions/VirtualMedia.InsertMedia returned 500 .-. wondering if this is expected http://paste.openstack.org/show/800368/18:57
rpiosoiurygregory: o/19:01
rpiosoiurygregory: If memory serves, weren't you chasing down a 40x status yesterday?19:02
rpiosoiurygregory: It would be hard to say an internal server error is ever expected :-)19:03
rpiosoiurygregory: Have you gotten that action to work outside of ironic/sushy, say via curl or https://github.com/dell/iDRAC-Redfish-Scripting/blob/master/Redfish%20Python/InsertEjectVirtualMediaREDFISH.py?19:05
iurygregoryrpioso, yeah but it was a warning log only19:10
iurygregorythey sent a full log later today19:10
rpiosoiurygregory: Gotcha ... And?19:11
iurygregoryand this 500 was what I've found but I do remember they saying idrac8 with 2.75.75.75 should work with vmedia .-.19:12
iurygregoryso it's a bit strange19:12
iurygregoryI'm wondering if maybe there is some configuration that needs to be set on idrac maybe?19:12
iurygregoryI will ask them to run https://github.com/dell/iDRAC-Redfish-Scripting/blob/master/Redfish%20Python/InsertEjectVirtualMediaREDFISH.py aganist the machine19:13
rpiosoiurygregory: I will try to ask around.19:13
iurygregorytks!19:14
rpiosoiurygregory: np19:14
eanderssonIs there a way to make rebuild also clean? or is there a way to clean + rebuild with one api call? if not do you need to undeploy / deploy?19:16
*** dougsz has joined #openstack-ironic19:31
TheJuliaeandersson: rebuild is just re-deploy, so guess maybe with steps, you could clean. I don't think we had ever thought about that.19:33
TheJuliaeandersson: largely rebuild was intended to be used to upgrade a long long time ago in a galaxy far away known as HP Helion.19:34
TheJuliarebuilds in place with nova. So I guess we could also accept feature to do cleaning as well, but yeah, not been thought of before19:35
*** dougsz has quit IRC19:36
TheJuliabuhman: Basically remain a tool people can use to get and deploy baremetal nodes without having to know openstack commands, use ansible, or leverage an API client. Even if the internal lightweight selection logic was stripped out, it would still do the basic data population for users that they or a playbook or a few commands could send to the API.19:39
buhmanOh.. I suppose I read the Allocation API problem description incorrectly. I thought it was blanket saying "metalsmith itself is a short-term hack", but it was referring specifically to the allocation feature as previously implemented in metalsmith.19:45
buhmanCurious: why is "a person doesn't need to leverage an API client" a desirable thing?19:46
buhmanIsn't metalsmith an "API client"?19:47
stevebakerTheJulia, iurygregory, dtantsur|afk, JayF, rpittau|afk: oh wow, thanks everyone :D19:52
TheJuliabuhman: let me clarify. Someone use an api client for their direct interaction, so at worst they are writing their own, or they are basically at a code level, which is not exactly friendly for day to day operations19:53
buhmanNot sure if I understand. Do you mean "so at worst they are writing their own [reimplementation of metalsmith]"?20:00
iurygregoryrpioso, http://paste.openstack.org/show/800386/20:02
iurygregorythis was the output he got running the script with -c "y"20:03
rpiosoiurygregory: Sounds like it was successful.20:04
rpiosoiurygregory: Did he try to one-time boot it, just to confirm?20:04
rpiosoiurygregory: https://github.com/dell/iDRAC-Redfish-Scripting/blob/master/Redfish%20Python/SetNextOneTimeBootVirtualMediaDeviceOemREDFISH.py20:05
iurygregorylet me see if I follow, on idrac8 this need to be done otherwise deploying with vmedia may fail or something?20:07
*** belmoreira has quit IRC20:08
iurygregoryrpioso, ^20:16
openstackgerritMerged openstack/ironic-python-agent-builder master: Repair the previous image name  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/76399320:18
rpiosoiurygregory: That second script is the basis for the sushy-oem-idrac code which sets the one-time boot device to the virtual CD. That's called by the idrac-redfish-virtual-media boot interface.20:20
iurygregoryyeah, they are using the idrac-redfish-virtual-media interface20:21
rpiosoiurygregory: I asked that they run that second script after successful execution of the first to get a second data point on its working.20:22
iurygregoryI see, I will ask20:22
iurygregorydo they needto set any extra args?20:23
iurygregorylike the values for -d and -r20:23
TheJuliastevebaker: internal call?20:32
rpiosoiurygregory: -d 1 -r y20:34
iurygregoryrpioso, ack20:34
rpiosoiurygregory: They should point it at a "unique" OS and watch the system console to determine if it boots :-)20:35
rpiosoiurygregory: Are they exercising DHCP-less?20:35
iurygregoryrpioso, this is with metal3 basically =)20:36
iurygregoryno dhcp-less20:36
jandersgood morning Ironic o/20:41
iurygregorymorning janders o/20:41
stevebakerTheJulia: crap, I've got an appointment in town, I was just getting ready20:47
TheJuliabuhman: if that is what someone wants to do. If you think about it the basic steps are not difficult, the whole key of things is to make things easier and require less lower level knowledge of how APIs operate and behave, and maybe interop with other resources if they are also trying to leverage from the same pool of resources20:55
rpiosoiurygregory: Thank you!20:57
iurygregoryrpioso, np I'll be able to share the results in a few21:07
iurygregoryjust got a message he said the machine booted21:08
iurygregoryso I'm wondering if it was bad luck when they did the deployment with metal3 .-.21:09
*** k_mouza has joined #openstack-ironic21:30
*** k_mouza has quit IRC21:35
*** zzzeek has quit IRC21:38
*** zzzeek has joined #openstack-ironic21:40
*** hjensas has quit IRC21:58
*** hjensas has joined #openstack-ironic21:59
*** rcernin has joined #openstack-ironic22:00
*** Goneri has quit IRC22:08
*** hjensas_ has joined #openstack-ironic22:16
*** hjensas has quit IRC22:17
*** hjensas__ has joined #openstack-ironic22:17
*** hjensas__ has quit IRC22:17
*** hjensas__ has joined #openstack-ironic22:18
rpiosoiurygregory: Interesting ... Sounds like fog of vmedia war ;-)22:19
iurygregoryyeah =(22:19
*** hjensas_ has quit IRC22:21
*** paras333 has quit IRC22:24
openstackgerritMerged x/sushy-oem-idrac master: Use safe version of hacking  https://review.opendev.org/c/x/sushy-oem-idrac/+/72726022:31
openstackgerritJulia Kreger proposed openstack/ironic-specs master: WIP Ironic Secure RBAC  https://review.opendev.org/c/openstack/ironic-specs/+/76407022:35
TheJuliastevebaker: ^22:35
rpiosoTheJulia: Should the first release off a new stable branch include the updates to .gitreview, tox.ini, and Zuul project.yaml file(s) on that branch?22:47
*** hjensas__ has quit IRC22:47
*** hjensas__ has joined #openstack-ironic22:48
*** hjensas__ has quit IRC22:50
*** hjensas__ has joined #openstack-ironic22:50
*** jamesden_ is now known as jamesdenton22:50
TheJuliarpioso: before or after is fine. Those files don't need to be updated in the actual item tagged/released22:52
rpiosoTheJulia: Thank you for clarifying.22:53
*** hjensas__ has quit IRC23:09
*** Goneri has joined #openstack-ironic23:18
*** k_mouza has joined #openstack-ironic23:30
*** k_mouza has quit IRC23:34
*** tosky has quit IRC23:57
*** openstackgerrit has quit IRC23:59
« Monday, 2020-11-23 Index Wednesday, 2020-11-25 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!