Monday, 2020-11-30

« Sunday, 2020-11-29 Index Tuesday, 2020-12-01 »
*** zzzeek has quit IRC00:00
*** zzzeek has joined #openstack-ironic00:04
*** paras333 has joined #openstack-ironic00:04
*** zzzeek has quit IRC00:08
*** zzzeek has joined #openstack-ironic00:11
*** tosky has quit IRC00:39
*** Goneri has quit IRC01:12
*** Goneri has joined #openstack-ironic01:38
*** Goneri has quit IRC02:05
*** xinliang has joined #openstack-ironic02:14
*** mkrai has joined #openstack-ironic03:26
*** xinliang has quit IRC04:00
*** trandles has quit IRC04:24
*** paras333 has quit IRC04:31
*** mkrai has quit IRC04:40
*** mkrai_ has joined #openstack-ironic04:40
*** paras333 has joined #openstack-ironic04:46
*** paras333 has quit IRC04:51
*** ianychoi__ has joined #openstack-ironic04:57
*** ianychoi_ has quit IRC04:59
*** zzzeek has quit IRC05:02
*** zzzeek has joined #openstack-ironic05:04
*** zzzeek has quit IRC05:39
*** zzzeek has joined #openstack-ironic05:42
*** uzumaki has joined #openstack-ironic06:07
*** zzzeek has quit IRC06:45
*** zzzeek has joined #openstack-ironic06:47
*** belmoreira has joined #openstack-ironic07:00
*** zzzeek has quit IRC07:06
*** Qianbiao has joined #openstack-ironic07:06
*** zzzeek has joined #openstack-ironic07:06
*** mkrai_ has quit IRC07:14
*** zzzeek has quit IRC07:27
*** zzzeek has joined #openstack-ironic07:28
*** zzzeek has quit IRC07:37
*** zzzeek has joined #openstack-ironic07:40
openstackgerritvinay50muddu proposed openstack/ironic master: Add support to manage certificates in iLO  https://review.opendev.org/c/openstack/ironic/+/76057307:50
*** ociuhandu has joined #openstack-ironic07:59
*** ociuhandu has quit IRC08:00
openstackgerritvinay50muddu proposed openstack/ironic master: Add support to manage certificates in iLO  https://review.opendev.org/c/openstack/ironic/+/76057308:02
arne_wiebalckGood morning, ironic!08:10
*** zzzeek has quit IRC08:13
*** zzzeek has joined #openstack-ironic08:15
*** mkrai has joined #openstack-ironic08:21
jandersgood morning arne_wiebalck08:34
jandershow was your weekend?08:34
arne_wiebalckvery nice: we had an Italian day yesterday (since we cannot go anywhere atm): tiramisu, cafe, pasta, vino, ... :)08:36
arne_wiebalckjanders: how about you?08:36
janderssounds awesome! :)08:37
janderswent on a two-day 4WD trip with my club - it was good fun :)08:37
*** tosky has joined #openstack-ironic08:37
jandersfood didn't match yours though, just decent country pub fare and local beers08:37
jandersand getting acceptable coffee is always a bit of a challenge in remote areas :)08:39
*** dougsz has joined #openstack-ironic08:40
*** ricolin has quit IRC08:47
*** fmuyassarov has joined #openstack-ironic08:49
openstackgerritvinay50muddu proposed openstack/ironic master: Add support to manage certificates in iLO  https://review.opendev.org/c/openstack/ironic/+/76057308:53
arne_wiebalckjanders: as a coffee specialist I guess your standards are pretty high08:54
*** mgoddard has joined #openstack-ironic08:54
*** lucasagomes has joined #openstack-ironic08:56
*** derekh has joined #openstack-ironic09:12
janders:D09:25
*** k_mouza has joined #openstack-ironic09:25
*** mkrai has quit IRC09:27
*** rpittau|afk is now known as rpittau09:27
rpittaugood morning ironic! o/09:27
*** k_mouza has quit IRC09:30
arne_wiebalckhey rpittau o/09:31
rpittauhey arne_wiebalck :)09:31
*** mkrai has joined #openstack-ironic09:31
jandersgood morning rpittau09:31
rpittauhey janders :)09:31
*** mkrai has quit IRC09:32
jandersspeaking of coffee... how is your new machine going rpittau? :)09:32
*** mkrai has joined #openstack-ironic09:32
*** dougsz has quit IRC09:34
*** k_mouza has joined #openstack-ironic09:34
rpittaujanders: it's working very well :)09:35
rpittauwe tried a couple of different types of coffees and with the grinder we found already a couple of good combinations09:35
rpittauin the end the brita filter just works :)09:36
*** zzzeek has quit IRC09:37
jandersexcellent! :)09:38
janderswe mostly run on doubleshot flat whites and espressos09:39
jandersI like ristrettos every now and then and I use ristrettos for milk based coffee09:39
janderswhat's your favourites?09:39
*** zzzeek has joined #openstack-ironic09:40
*** dougsz has joined #openstack-ironic09:47
rpittauI usually go for ristretto or normal, sometimes double, depends on the moment of the day :)09:49
jandersbut no milk?09:51
jandershave you had any hassles getting everything (machine and grinder) to switch smoothly between single and doubleshots?09:52
rpittauno milk, no sugar, just plain coffee09:54
jandersnice! :)09:55
rpittauto have a longer coffee I just use the single shot with the double-espresso button :D09:56
rpittauno issue in switching between single and double though, just getting a little adjusted on water quantity09:56
jandersmy single and double filters seem to prefer significantly different grinds10:02
jandersmy mods made the grinder work 10/10 for the double filter, but singles come out close to overextracted even on the most coarse setting10:05
janderscant have it both ways apparently :)10:05
*** ociuhandu has joined #openstack-ironic10:05
*** ociuhandu has quit IRC10:20
*** ociuhandu has joined #openstack-ironic10:32
*** ociuhandu has quit IRC10:38
*** mgoddard has quit IRC10:47
*** ociuhandu has joined #openstack-ironic10:51
*** ociuhandu has quit IRC11:05
*** k_mouza has quit IRC11:10
*** k_mouza has joined #openstack-ironic11:22
*** dtantsur|afk is now known as dtantsur11:31
*** ociuhandu has joined #openstack-ironic11:33
dtantsurmorning/afternoon ironic11:34
openstackgerritMerged openstack/bifrost master: Allow inserting SSH public key for dynamic-login  https://review.opendev.org/c/openstack/bifrost/+/76380611:40
*** mgoddard has joined #openstack-ironic11:55
*** mgoddard has quit IRC12:07
*** mkrai has quit IRC12:15
*** mkrai_ has joined #openstack-ironic12:15
*** tosky has quit IRC12:24
*** tosky has joined #openstack-ironic12:25
*** mkrai_ has quit IRC12:35
*** sshnaidm|off is now known as sshnaidm12:38
*** zzzeek has quit IRC12:44
*** zzzeek has joined #openstack-ironic12:44
*** zzzeek has quit IRC12:49
*** zzzeek has joined #openstack-ironic12:50
*** ociuhandu has quit IRC12:57
*** zzzeek has quit IRC12:59
*** zzzeek has joined #openstack-ironic13:02
*** zzzeek has quit IRC13:06
*** zzzeek has joined #openstack-ironic13:08
*** zzzeek has quit IRC13:12
*** zzzeek has joined #openstack-ironic13:14
*** ociuhandu has joined #openstack-ironic13:15
*** ociuhandu has quit IRC13:25
*** paras333 has joined #openstack-ironic13:38
*** ociuhandu has joined #openstack-ironic13:38
*** lbragstad has quit IRC13:39
*** paras333 has quit IRC13:44
*** paras333 has joined #openstack-ironic13:44
*** lbragstad has joined #openstack-ironic13:47
*** zzzeek has quit IRC13:56
*** zzzeek has joined #openstack-ironic13:58
TheJuliagood morning14:01
TheJuliait seems a little quiet today14:03
dtantsurmorning TheJulia14:03
dtantsuryeah14:03
*** uzumaki has quit IRC14:04
TheJuliaI'm updating the meeting agenda, do we need to revisit the RFE's from last week?14:04
TheJuliaI don't remember14:04
dtantsurI don't really think so14:04
* TheJulia removes them for today14:06
TheJuliaHow was last week?14:06
* dtantsur barely remembers14:07
rpittauvery calm14:07
TheJuliaI hope how quiet it is now is not indicitive of the rest of th emonth14:12
*** ayoung has joined #openstack-ironic14:33
*** fmuyassarov has quit IRC14:34
arne_wiebalck"Took 6.74 seconds to build instance."14:39
* arne_wiebalck has adopted the first production nodes into Ironic *and* Nova14:39
dtantsurmmm, adoption into nova? how?14:39
arne_wiebalckwith the fake drivers14:40
arne_wiebalckroughly: enroll, set fake, provide, some placement fiddling, instance creation, set real drivers14:41
arne_wiebalckfor nova, it feels real :)14:42
*** tzumainn has joined #openstack-ironic14:42
TheJuliaInteresting...14:45
*** trandles has joined #openstack-ironic14:45
*** rloo has joined #openstack-ironic14:48
arne_wiebalcknow, these nodes can be handled via openstack commands, although they were installed before Ironic was introduced14:48
arne_wiebalck*"openstack server" commands14:49
*** kaifeng has joined #openstack-ironic14:52
*** johnsag has joined #openstack-ironic14:55
*** ociuhandu has quit IRC14:56
*** ociuhandu has joined #openstack-ironic14:57
TheJuliaIs it just me or do the new gerrit URLs make anyone else think of launchpad?15:00
TheJulia#startmeeting ironic15:00
openstackMeeting started Mon Nov 30 15:00:10 2020 UTC and is due to finish in 60 minutes.  The chair is TheJulia. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
TheJuliao/15:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: ironic)"15:00
openstackThe meeting name has been set to 'ironic'15:00
rpioso\o15:00
dtantsuro/15:00
kaifengo/15:00
TheJuliaWelcome to our weekly meeting of Irony for Ironic. I'll be your host!15:00
rlooo/15:00
ajyao/15:00
bfournieo/15:00
TheJuliaOur agenda an be found on the wiki.15:01
TheJulia#link https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting15:01
TheJuliaOur agenda also looks very bare, so maybe this will be a super quick meeting15:01
TheJulia#topic Announcements / Reminders15:01
*** openstack changes topic to "Announcements / Reminders (Meeting topic: ironic)"15:01
*** tosin has joined #openstack-ironic15:01
TheJuliaI only have one item to announce/remind us of this week which is for contributors to be mindful of reviews. With holidays coming up and a number of people taking time off, it is going to become increasingly difficult to move things forward so earlier feedback will always help.15:02
*** ociuhandu has quit IRC15:02
TheJuliaDoes anyone else have anything to remind us of or announce this week?15:02
*** stendulker has joined #openstack-ironic15:03
stendulkero/15:04
* TheJulia gets out the crickets and lets them make announcements indicating we should likely move on15:04
TheJulia\o stendulker15:04
rpittauo/15:04
TheJuliaWe had no action items from our last meeting, so we can proceed to reviewing subteam status reports15:05
TheJulia#topic Review subteam status reports15:05
*** openstack changes topic to "Review subteam status reports (Meeting topic: ironic)"15:05
TheJulia#link https://etherpad.openstack.org/p/IronicWhiteBoard15:05
TheJuliaStarting at line 25715:05
* TheJulia also makes coffee in hopes that it wakes people up15:05
TheJuliahmm, I must not have uploaded the community goal update to the specs repo :\15:07
TheJuliadoh!15:07
TheJuliabdodd: ajya: Regarding redfish raid, what is the next step for that patch?15:09
arne_wiebalcko/15:09
ajyaTheJulia: I have left some comments around async operations and Tasks - need to decide if taking that approach15:10
*** ociuhandu has joined #openstack-ironic15:10
TheJuliaajya: okay, would it help for others to review that patch this week?15:10
ajyaTheJulia: yeah, can do that for additional input15:11
TheJuliaajya: please add that patch to the list of changes to review this week15:11
*** uzumaki has joined #openstack-ironic15:11
ajyaTheJulia: ok15:11
ajyaTheJulia: there is related sushy patch also to be reviewed, will add that too15:12
TheJuliaok15:12
TheJuliaWell, I guess Iury can't comment on oslo.privsep stuff :(15:13
TheJuliaajya: Is there any updates with regards to configuration molds? Even no-update works on the etherpad :)15:14
TheJuliazer0c00l: Looks like your anaconda spec is getting closer.   :)15:15
ajyaTheJulia: will add update in the pad, checking Swift&tokens, might have questions later15:15
TheJuliaajya: okay15:15
TheJuliaLooks like the interop profile is still under review15:15
arne_wiebalckWould be great to have someone else try them.15:15
*** ociuhandu has quit IRC15:16
arne_wiebalckThe profiles look ok, but we may need a discussion on how to use them.15:16
arne_wiebalckMaybe during the SIG meeting next week.15:16
TheJuliaIs everyone good to proceed to priorities for the week?15:16
TheJuliaarne_wiebalck: ++15:16
arne_wiebalckWhen rpioso is presenting them.15:16
*** Goneri has joined #openstack-ironic15:17
TheJuliaI guess we're good to proceed onward15:18
TheJulia#topic Deciding on priorities for the coming week15:19
*** openstack changes topic to "Deciding on priorities for the coming week (Meeting topic: ironic)"15:19
TheJulia#link https://etherpad.opendev.org/p/IronicWhiteBoard15:19
TheJuliaStarting at line 12015:19
* TheJulia removes merged/not applicable items15:20
TheJuliaLooks like all of the proposed for addition items seem logical to add to me15:21
TheJuliaAnything else to add this week?15:22
*** ayoung has quit IRC15:23
rpittaummm nothing super pressing, but if there's time I'd like to add the tenacity conversion patch https://review.opendev.org/c/openstack/ironic/+/37657415:24
*** ayoung has joined #openstack-ironic15:25
TheJuliaSeems reasonable15:25
rpittauthanks!15:25
TheJuliaAdded15:25
kaifengi'd like to add this https://review.opendev.org/c/openstack/ironic/+/764563 but I think we need to discuss in the rfe review15:25
TheJuliaIs there anything else? or does htis list look good?15:25
TheJuliakaifeng: yes, lets discuss that in rfe review15:26
TheJuliaWell, since we have no discussion items15:26
TheJuliaarne_wiebalck: Anything beyond the redfish profiles for the next SIG meeting15:26
TheJulia?15:26
TheJuliaw/r/t the baremetal sig?15:26
arne_wiebalckTheJulia: no15:27
TheJulia#topic Baremetal SIG15:27
*** openstack changes topic to "Baremetal SIG (Meeting topic: ironic)"15:27
arne_wiebalckMeeting #3 Tue Dec 8, 2020 at 2pm UTC15:27
*** ociuhandu has joined #openstack-ironic15:27
arne_wiebalckhttps://etherpad.opendev.org/p/bare-metal-sig15:27
TheJulia#info Next scheduled session is Tue Dec 8, 2020 at 2pm15:27
TheJulia#link https://etherpad.opendev.org/p/bare-metal-sig15:27
TheJulia#topic RFE Review15:27
*** openstack changes topic to "RFE Review (Meeting topic: ironic)"15:27
TheJuliakaifeng: since you wanted to discuss that item, you as they say, have the floor :)15:28
*** uzumaki has quit IRC15:28
kaifengthanks15:28
kaifengit was an old proposal https://storyboard.openstack.org/#!/story/200309115:28
kaifengthat to have a name field for ports15:29
TheJuliawow, yeah, 201915:29
TheJuliaerr, 201815:29
kaifengyeah, i was thinking differently at that time15:29
TheJuliaso just an idea of a human relatable name storage?15:30
kaifengthings turned out that a name field helps us managing ports like other resources, nodes, portgroups15:30
TheJuliaIt does15:31
TheJuliaor, would15:31
TheJuliaand it keeps the same style of unique constraint15:31
kaifengthe new proposal is to have a unique name fields, so that some operations can be automated15:31
TheJuliaSeems reasonable to me, anyone else?15:31
dtantsurdo we need names for everything then?15:32
dtantsurat least all physical entities?15:32
kaifengprobaly not, but ports are quite important one :)15:32
dtantsuroh, we have port group names? then we should probably have port names15:33
dtantsurI remember having some objection, but I don't remember its essence now, soo..15:33
kaifengportgroup comes later and have a name field15:33
* kaifeng there was a patch to address this proposal but it's quite long ago15:34
TheJuliaI think the objections/concerns were that someone would always try to store the inspection ramdisk identified interface name15:34
TheJuliaand as we've all learned over time, that not be consistent across OSes or upgrades15:35
*** ociuhandu has quit IRC15:35
kaifengyes, that's different15:35
TheJuliaI sense this is RFE-approved if there are no objections.15:35
TheJuliaI don't think it needs a spec at this point, it is a fairly simple change15:36
rlooi'd suggest that the story itself have the highlevel info15:38
rlooeg, API changes. will need data migration thing.15:38
TheJuliakaifeng: yeah, it would kind of help for a slight revamp for historical context15:38
kaifengok, will update the story in a moment15:39
TheJuliaAnyway, with that I think we're good to move to Open Discussion15:39
TheJulia#topic Open Discussion15:39
*** openstack changes topic to "Open Discussion (Meeting topic: ironic)"15:39
TheJuliaEveryone have a good weekend?15:39
dtantsura cold one :)15:40
rpittaucold indeed...15:40
TheJuliagood cold? or just very cold weather moved in?15:40
rlooTheJulia: i can't remember where we discussed this, maybe at the ptg. wrt backports and 'skipping' some older releases. were we going to discuss with the community? (Not sure this is open discussion, i was just reminded of it.)15:40
*** mkrai has joined #openstack-ironic15:41
TheJuliarloo: I thought we had settled given one of the additional jump points stein went EM ?last? week.15:41
rlooi honestly don't recall the details of that discussion but saw that stein went em and was going to update the whiteboard with that info :)15:42
rlooit was something like backport but to eg only queens but not rocky15:43
QianbiaoI have a question: is port group created manually by admin? or has an automatic method to generate it?15:43
TheJuliaQianbiao: manual, you have to know the configuration available to you and what may be represented in the switch config already15:43
Qianbiaoyeah, i guess so.15:44
QianbiaoI am courious that: port name is not volatile15:44
TheJuliarloo: yeah, unless there is a real reason to, we were going to skip and focus on the branches taht are cared about15:44
*** uzumaki has joined #openstack-ironic15:44
*** johnsag has quit IRC15:44
Qianbiaoso, if we use a fixed port name, we need to use stable interface name15:45
stendulkerDuring inspection we do create ports for the MACs discovered https://github.com/openstack/ironic/blob/master/ironic/drivers/modules/redfish/inspect.py#L162-L18215:45
TheJuliaQianbiao: OS precieved port name can be depending on settings and mismatches that can occur between ramdisk, persistant port naming schemes, etc15:45
rlooTheJulia: ah, right. there was something about testing/ci too i think. guess i can look back at the notes. what i recall? is that it seemed like a good idea to get community thoughts about it. to be somewhat consistent or whatever? or maybe needed to discuss with the release team?15:45
TheJuliaNames are really for humans, not the software15:45
Qianbiaoyes, TheJulia kaifang, this is what I was worry about15:45
TheJuliarloo: there are already other projects skipping em branches unless people really want a thing on them15:46
TheJuliaAnything else for us to discuss today?15:46
rlooTheJulia: right. I haven't seen anything though, where this 'awareness' is mentioned in the community as a whole, vs individual projects.15:46
TheJuliarloo: yeah, I don't think there was anything actionable from that. I really don't remember though15:48
rlooTheJulia: for ironic, perhaps you might update our whiteboard (around line 207) about what we decided if it is still appropriate.15:48
rlooah, https://etherpad.opendev.org/p/ironic-wallaby-ptg. around L32615:49
*** johnsag has joined #openstack-ironic15:51
TheJuliaahh, yeah15:52
TheJuliaOkay, I'll try to do that this week15:52
TheJulia#action Julia to sync with stable team w/r/t backport strategy15:52
rloothx TheJulia!15:52
TheJuliaWell everyone, have a wonderful day! And a wonderful week!15:52
rlooand then we ought to doc so I don't forget :D15:52
rloosame to you too TheJulia!15:53
TheJuliao/15:53
TheJuliaThanks everyone!15:53
TheJulia#endmeeting15:53
*** openstack changes topic to "Bare Metal Provisioning | Status: http://bit.ly/ironic-whiteboard | Docs: http://docs.openstack.org/ironic/ | Bugs: https://storyboard.openstack.org/#!/project_group/75 | Contributors are generally present between 6 AM and 12 AM UTC, If we do not answer, please feel free to pose questions to openstack-discuss mailing list."15:53
openstackMeeting ended Mon Nov 30 15:53:41 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:53
openstackMinutes:        http://eavesdrop.openstack.org/meetings/ironic/2020/ironic.2020-11-30-15.00.html15:53
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/ironic/2020/ironic.2020-11-30-15.00.txt15:53
openstackLog:            http://eavesdrop.openstack.org/meetings/ironic/2020/ironic.2020-11-30-15.00.log.html15:53
rpittauthank you!15:53
*** ociuhandu has joined #openstack-ironic15:57
*** tosin has quit IRC15:59
*** ebagakis has joined #openstack-ironic16:00
*** Qianbiao has quit IRC16:00
kaifengthe story is updated :)16:00
*** ociuhandu has quit IRC16:01
*** ociuhandu has joined #openstack-ironic16:01
kaifengbtw, is anyone still using vif id from the extra? I am surprised it's till there16:01
*** stendulker has quit IRC16:02
rloothx kaifeng. Could you do me a favour and add to that story, the pieces that need to be done? ironic, python-ironicclient, openstacksdk? want to make sure we don't forget.16:06
kaifengtbh I haven't investiaged openstacksdk if it needs to be updated, should be trivial if there is any.16:08
kaifenghowever I can put a checklist there :)16:09
*** zzzeek has quit IRC16:11
dtantsurit's probably a two-liner in openstacksdk16:11
*** zzzeek has joined #openstack-ironic16:14
rlooyup :) thx kaifeng16:19
kaifengyw rloo16:19
kaifengdtantsur: i left a comment on the https://review.opendev.org/c/openstack/bifrost/+/763806 wrt the kernel parameters16:20
ajyaTheJulia, dtantsur, re storage of the molds in Swift. Taking a look at options, is idea that Ironic conductor service user has access to all end-users' projects or that Ironic conductor, while running clean/deploy, authenticates on behalf of end-user who initiated clean/deploy (that way can only access that user's project)?16:20
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to troubleshoot high load and poor query caching performance, downtime should be less than 5 minutes16:21
TheJuliaajya: That seems correct16:23
ajyaTheJulia: first or second option?16:23
TheJuliaWell, technically both statements are correct as they focus on different parts of the mechanism. The first action should convey the requestor's authentication, subsequent actions should be performed by ironic itself.16:25
TheJuliabecause the task has been released and the context of the original request is gone.16:25
ajyayes, the context at that time is gone, that's why I'm asking - if Ironic has access to all projects, does it defeat the purpose that knowing other user's project id, user2 can access user1 project via Ironic? Or that's where saving project_id the node comes in - Ironic does not allow going to different project id?16:29
ajya*saving project_id to the node16:29
TheJuliawell, that is ultimately going to depend upon the access configuration of ironic's servic account rights16:29
TheJuliaup front the project would need to be extracted and if later action performed would need to be leveraged. I guess I'm lost in the mechanics of what youre trying to achieve as a multi-step process. In other words, what step in what process is this at?16:31
TheJuliaApplying should be fairly straight forward, download from swift, load into temporary storage somehow, and use from that. Uploading to swift, the user should ideally have granted rights for ironic to post to that location if the original task needs to be released16:32
*** mkrai has quit IRC16:33
ajyaI'm asking that because if user has granted right for ironic to post to that location, then any other user can trick Ironic to post to that location as long as it knows that location16:35
TheJuliathe target location thus must remain secret at the api surface16:36
TheJuliaand transitory16:37
kaifengbye o/16:37
TheJuliagoodnight kaifeng16:37
ajyaTheJulia: are project_id-s considered to be secrets? As for swift location includes project id.16:39
*** ebagakis has quit IRC16:53
TheJuliaajya: in this case, with what your proposing, if it has to persist then it should be in driver_internal_info and masked from view16:57
TheJuliathat is, if I'm understanding the concerns combined with the workflow as your percieving them16:58
*** lucasagomes has quit IRC17:04
NobodyCamGood Morning Folks17:12
NobodyCamHappy Monday17:12
rpittauhey NobodyCam :)17:13
ajyaTheJulia: to make sure we are talking about the same, having user1 that has project1/container1/ and user2 that has project2/container2 and if using full URLs to specify location. What mechanism will prevent user1 to give project2/container2 as location if in the end Ironic will upload stuff to it having all the access it needs? That is, if using user's credentials user1 wouldn't be able17:14
ajyato access project2, but Ironic can access everything.17:14
TheJuliaajya: realistically permissions which they should be able to influence as users for their projects or containers. This all depends on workflow and if such credentials are even accessible though. Perhaps a question would be, does the agent *need* to start to facilitate the extraction of configuration, if not, then the original user's credentials could be used. Otherwise, the only option is preconfigured target17:18
TheJuliato save these items that is set in ironic.conf17:18
openstackgerritTzu-Mainn Chen proposed openstack/ironic-specs master: Allow Ironic to act as a power control intermediary  https://review.opendev.org/c/openstack/ironic-specs/+/76480117:18
TheJuliathe latter is how deploy ops using swift17:18
*** dsneddon has joined #openstack-ironic17:28
*** mgoddard has joined #openstack-ironic17:30
*** ociuhandu has quit IRC17:31
*** ociuhandu has joined #openstack-ironic17:32
*** dsneddon has quit IRC17:33
*** mgoddard has quit IRC17:35
*** ociuhandu has quit IRC17:37
TheJuliatzumainn: do you remember, was it intentional or intentional to prevent to disallow or allow an owner to update the owner field if they are the owner of the node?17:38
tzumainnTheJulia, I don't think it was intentional!17:39
dkingIs there a way that I can easily remove a field from the introspection data once a server is running?17:39
TheJuliaI'm thinking it may have been "hi, I give you this server now"17:39
TheJuliadking: introspection data where?17:39
TheJuliadking: like what is posted to swift?17:39
TheJuliatzumainn: trying to look at this through the lens of the secure rbac effort which you may have heard of17:40
TheJuliaI'm typing up a spec17:40
tzumainnTheJulia, I've heard of it in passing! is there anything I can help with?17:40
rpittaugood night! o/17:42
*** rpittau is now known as rpittau|afk17:42
dkingTheJulia: Like what is output with something like: "openstack baremetal introspection data save <UUID>"17:42
dtantsurdking: you cannot change introspection data without some hackery. why?17:42
TheJuliatzumainn:  code review would be much appreciated, I have a WIP of a spec up and I'm trying to generally articulate the API impact and resulting permission matrix. tl;dr WHEEEEEE17:43
tzumainnTheJulia, haha, definitely! just let me know when the spec is submitted17:43
dkingdtantsur: Because I was hoping to be able to send a password in it. I'm trying to figure out a way to get set random BMC creds upon introspection and then allow Ironic to use those going forward.17:44
openstackgerritTzu-Mainn Chen proposed openstack/ironic-specs master: Allow Ironic to act as a power control intermediary  https://review.opendev.org/c/openstack/ironic-specs/+/76480117:45
dtantsurAssuming you *have* thought twice about the associated risks, you can probably write an ironic-inspector plugin (introspection hook) that intersects the credentials, sets them in ironic and discards them from the data17:46
TheJuliadking: I was thinking exactly that^^17:46
dkingSince the node doesn't exist prior to introspection, this is challenging. I suppose that we could set data returned to be a key to access a temporarily stored password, and then the key would be useless once expired. However, I was hoping to avoid the extra software if I coul.17:46
TheJuliaat least, when you originally raised it17:46
dkingdtantsur: You mentioned and introspection hook. The only thing I was aware of to this point was inspector collectors. I'm looking up introspection hooks now.17:47
dtantsurdking: collectors are agent-side, hooks are server-side17:48
dtantsurdking: take this as an example: https://opendev.org/openstack/ironic-inspector/src/branch/master/ironic_inspector/plugins/extra_hardware.py17:48
dtantsuror better something that does update the node: https://opendev.org/openstack/ironic-inspector/src/branch/master/ironic_inspector/plugins/raid_device.py17:49
*** ociuhandu has joined #openstack-ironic17:50
TheJuliatzumainn: does it make sense for a node owner to be able to change the driver_info field values?17:51
tzumainnTheJulia, probably not; that seems like something only an admin should be able to do17:53
TheJuliatzumainn: what about a project scoped admin ?17:53
dkingdtantsur: Nice. So, it has access to both the introspection data as well as the node information. So, that's good. But it seems to me that it still ends up being about the same as an introspection rule in that it still has to have the data sent back in the data[] object from a collector? I suppose that it has no way to send information back to the node while it is still running?17:53
tzumainnTheJulia, I can't quite see the use case for that, but it's possible I'm missing something17:54
dtantsurTheJulia: I would expect the answer to be highly deployment-specific17:54
TheJuliadtantsur: I'm having that same feeling...17:54
tzumainnTheJulia, generically speaking, we ran into the issues of needing some fine-grained policy-based control over which fields a non-admin could modify and which they couldn't17:54
dtantsurdking: well, you can ssh into it :)17:54
tzumainnwe kinda papered over the issue temporarily by adding two new policy rules that enabled provisioning with metalsmith, but I'm wondering if there's a way to get to a more generic solution17:55
dtantsurbut yes, the pattern is the same.. and I've just realized we allow access to unprocessed data, i.e. before hooks are running17:55
dtantsurtzumainn: aka https://storyboard.openstack.org/#!/story/2006910 ?17:55
dkingdtantsur: from the inspection hook? At this point, I'd even consider sshing in.17:55
dtantsurdking: I also considered it at some point. you need an SSH key in the ramdisk, and you know IP addresses from introspection data.17:56
tzumainndtantsur, that works specifically for deployments, but what if people are using external provisioning tools?17:56
dkingdtantsur: Oh, maybe I just got what you mean. I could perhaps run that hook and use the password and then remove it from the inspection_data object so that it would never have to end up in the database?17:57
dtantsurtzumainn: I haven't thought about such an exotic case17:57
TheJuliatzumainn: secure rbac may be the solution, or the deployment api. I'm trying to think through the matrix and fields and write out words now so an update should be posted in the next hour or two17:57
tzumainndtantsur, oh, the MOC put that case front-and-center in front of me :)17:57
dtantsurdking: I did mean that, but then I realized that we also store introspection data *before* running any processing17:57
dtantsurdking: what we could do is sanitize introspection data before storing it17:58
dtantsurI see no point in storing anything that looks like *password17:58
dkingdtantsur: Well, somebody could have a field like "want_to_reset_password", but maybe if that were stated clearly.17:59
dtantsurwell, ironic already sanitizes things like that from its JSON fields (driver_info, properties)18:00
dkingdtantsur: Or even if there were something to check for fields that have some pre-chosen suffix, like *_sanitize18:00
dtantsurworks for me18:01
dtantsuror starting with secret_18:01
dkingAh. I wondered how it did that. I thought it just hard coded that one specific field.18:01
dkingYep. So, whatever it is, I'm fine with that.18:01
TheJuliadking: fwiw, the santizie will find fields with "password" or "secret" in the name and replace the value with '******'18:01
dkingWould that data then be available for introspection rules also, or would it only be available for introspection hooks as it would be cleared before the rules are processed?18:02
TheJuliathat is on gets of course18:02
dtantsurwe can do it only on returning the data via API18:02
dtantsur(to be clear: it's not implemented yet)18:02
dkingAs long as whatever we use has about the same level of security as .driver_info.ipmi_password, I suppose it would be fine as that's the ultimate destination.18:03
*** ayoung has quit IRC18:03
*** ayoung has joined #openstack-ironic18:05
dkingSo, if implemented, the data would be available to both introspection hooks as well as introspection rules. It will also be stored in the database, so anybody with database access would have access to the data. Also, if debug is on, it would be recorded in logs. However, other than that, and any GET request of the data, through the API, would replace the data with '******' for the return value, and in this way, it would behave18:06
dkingsomewhat like .driver_info.ipmi_password?18:06
dtantsuryep18:07
*** k_mouza has quit IRC18:07
dkingThat sounds great for me.18:07
NobodyCamgood Morning rpittau|afk18:08
dkingHowever, it raises another question in my mind, for another part of the process. For Hardware Manager clean steps, does the node object contain the actual .driver_info.ipmi_password or is that obfuscated there, too?18:08
dtantsurI *think* it's obfuscated18:09
dtantsurcannot remember clearly - brain dead after writing some Go code :)18:09
*** derekh has quit IRC18:09
dkingGo can do that to you. :)18:09
dkingWell, bummer. I hadn't thought about that. So, I'm going to need to find a way to be able to set the BMC creds during a clean step, because during clean, I need to reflash the BMC, and it looses any creds there.18:11
dtantsurmaybe we should lift this restriction now that we have a better TLS story (if it exists at all)18:12
dtantsuranyway, time to go, chat with you tomorrow18:12
*** dtantsur is now known as dtantsur|afk18:13
*** dougsz has quit IRC18:13
*** ociuhandu has quit IRC18:18
*** ociuhandu has joined #openstack-ironic18:19
*** belmoreira has quit IRC18:22
*** ociuhandu has quit IRC18:23
*** trandles has quit IRC18:25
*** k_mouza has joined #openstack-ironic18:26
*** k_mouza has quit IRC18:27
*** gyee has joined #openstack-ironic18:28
*** ayoung has quit IRC18:31
*** ociuhandu has joined #openstack-ironic18:33
*** ociuhandu has quit IRC18:37
*** k_mouza has joined #openstack-ironic18:41
*** kaifeng has quit IRC18:41
*** ayoung has joined #openstack-ironic18:43
*** k_mouza has quit IRC18:45
*** trandles has joined #openstack-ironic18:54
TheJuliaugh, ninjs's rst editor is down.... the main page yeilds a nginx message19:03
TheJuliathe actual app returns a proxy error :(19:03
*** k_mouza has joined #openstack-ironic19:08
*** johnsag has quit IRC19:11
*** ociuhandu has joined #openstack-ironic19:16
openstackgerritJulia Kreger proposed openstack/ironic-specs master: Ironic Secure RBAC  https://review.opendev.org/c/openstack/ironic-specs/+/76407019:18
TheJuliatzumainn: ^^^19:18
*** mgoddard has joined #openstack-ironic19:19
TheJuliadking: interesting that it looses the bmc password... seems like "it is time" to go ahead and setup the ability for the password to be set directly.19:19
TheJuliavia inband means19:20
dkingTheJulia: I haven't actually tested that yet. I'm still testing my code before building a new image to test it. But if so, then yeah, I would like it if it could be passed somehow inband.19:23
tzumainnTheJulia, thanks! I'll take a look19:23
TheJuliatzumainn: I tried to represent the existing model as cleanly as memory permitted me into the world of scoped roles. Hopefully it makes sense and kind of explains what is going on19:24
dkingI should probably try to find a better workflow for testing, but I'm not really sure of a great way to do that inside of the image. So, if anybody has a good workflow down for testing hardware managers inside of IPA and has some time, I'd love to hear how it's being done.19:24
*** hoonetorg has quit IRC19:25
dkingRight now, I just test things and make some assumptions from code, then build those into my unit tests, try to build an image, and then re-think my code if I got an assumption wrong.19:25
TheJuliaThat would be interesting to hear. arne_wiebalck should give a talk on what they do!19:25
*** hoonetorg has joined #openstack-ironic19:26
TheJuliadking: that kind of represents almost all agent code development :(19:26
dking...and I don't even really know how to unit test with dispatch_to_managers, either.19:26
TheJuliayeah, I don't think you can because it would try and dispatch to each hardware manager19:26
arne_wiebalckThe main speed up we implemented for testing is to make our h/w manager just a stub which git clones the real code. This way we do not need to build a new image when we do a change, but only a git push :)19:28
arne_wiebalckThis should maybe go into IPAB as a DIB element.19:29
TheJuliasounds like something that could help folks like dking19:29
dkingTheJulia: I took a bit of a look at how current tests use it, but they have the advantage of only running code inside of the same class, and not a separate hardware manager. I added what seemed to be the relevant mocks, and I did get it to work somewhat. It at least could call the desired function, but got errors from there. At least I gave it a shot.19:29
dkingarne_wiebalck: That's interesting. I'm still a bit fuzzy on how to get the IPA to re-read the hardware manager entry points to grab new code. And even then, I don't know how to start up the inspection or clean steps again while leaving the node in maintenance mode.19:31
*** mgoddard has quit IRC19:33
arne_wiebalckdking: maybe what we should do is collect some use cases (like the ones you describe) and then see what people do to address them19:35
arne_wiebalckdking: sounds like sth we could do in one of the SIG sessions19:36
*** k_mouza has quit IRC19:37
arne_wiebalckdking: or, if noone has a solution, discuss how to address them19:37
dkingThat would be helpful. It seems like not a lot of people build custom hardware managers, or if they do, they learn how and then you never really hear from them again.19:39
TheJulialbragstad: hey,, if you have a few minutes, could you take a look-see at https://review.opendev.org/c/openstack/ironic-specs/+/764070 and see if that kind of jives with your perceptions ?19:40
arne_wiebalckdking: that is probably true, our h/w manager changes very little19:40
arne_wiebalckdking: it is mostly to define which cleaning steps we want to do19:40
arne_wiebalckdking: and gathers some additional h/w info19:41
arne_wiebalckdking: which we post-process with inspector hooks19:41
arne_wiebalckdking: but this, for instance, stems from times when we did not schedule with resource classes19:41
arne_wiebalckdking: so, some of this is not needed anymore19:42
arne_wiebalckI think JayF may also run custom h/w managers19:43
dkingYes, he has been most helpful in learning to use them.19:43
*** tosky has quit IRC19:45
dkingarne_wiebalck: So, perhaps I should ask whether my use cases for the custom h/w managers is still not better handled elsewhere. Currently, we are using them to 1) clean disks (some of that is being reviewed to perhaps go upstream), 2) to reflash the BMC and BIOS firmware to keep it up to date as well as setting any custom BIOS/BMC configurations, and 3) to set or reset the BMC credentials (which is what I'm working on now, and19:46
dkingis necessary during cleaning because the BMC update clears the IPMI creds). Would the firmware updates be better done elsewhere?19:46
arne_wiebalckdking: 1) is sth we do as well19:48
arne_wiebalckdking: 3) is sth we have implemented, but do not use19:48
arne_wiebalck2) is sth we do completely OOB atm19:48
dkingTell me about 3). How is that implemented?19:49
*** ociuhandu has quit IRC19:51
arne_wiebalckdking: this is a disabled cleaning step, it uses ipmitool to check whether the BM users have been tempered with19:51
arne_wiebalckBMC19:52
*** ociuhandu has joined #openstack-ironic19:52
arne_wiebalckdking: I was wrong, we do not reset, we only check the BMC accounts (and can remove accounts which were added by the user of the node)19:53
dkingI would love to see any information on that. It's something that I'm building at the moment for our use. It mostly works, up to the password part, which is what I'm currently trying to figure out.19:53
arne_wiebalckthe IPMI password management is handled outside of Ironic for us19:54
dkingAh. Because of our use case, we'll be needing to update the firmware regularly, at least until our vendor provides a way to consistently check for tamper, which might be a while.19:54
arne_wiebalckdking: regularly means how often?19:55
*** ociuhandu has quit IRC19:55
*** ociuhandu has joined #openstack-ironic19:55
dkingarne_wiebalck: Unfortunately, we do no know that yet as we're still running beta workloads. But it will be however often cleaning is run, which runs automatically when moving to available.19:56
arne_wiebalckdking: right, I was about to assume this19:57
arne_wiebalckdking: I think the cleaning framework is a good place to do this19:57
dkingOkay. It's good to know we're on the right track for that one.19:57
arne_wiebalckdking: we have a cleaning step for benchmarking, for instance, which uploads the results to ES19:58
arne_wiebalckdking: I think so, maybe TheJulia has a better idea?19:58
dkingarne_wiebalck: But since the BMC update wipes out the IPMI creds, we'll need some way to get or reset those.19:58
* TheJulia appears slightly frazzled from rbac19:59
arne_wiebalckdking: just thinking: there is no way to get the creds on the node from the BMC itself, is there?20:00
dkingarne_wiebalck: As for timing, with disk cleaning, BIOS firmware reflashing, and the other steps outside of the BMC update, it takes only 15 minutes or so for our largest servers. However, the BMC update takes 2 hours, which hurts, but should be fine until we start getting close to running out of available hardware.20:00
dkingarne_wiebalck: I'm not entirely sure. I do believe that the option to dump the current config obfuscates the password.20:01
TheJuliaBMC update takes 2 hours?!?20:01
arne_wiebalckdking: in any case, you want to create new credentials, right?20:01
dkingTheJulia: Yes, for Supermicro BMC firmware updates run from their command line untility. It's faster than that through their web utility for some reason. But we're hoping very much that our vendor can get them to provide a tamper check.20:02
TheJuliaa conductor side rotate_ipmi_credentials or assert_ipmi_credentials.20:02
TheJuliadking: yeah, I was going to say the last update I did via their webui didn't take very long20:02
arne_wiebalckTheJulia: atm, there is no way to securely transport data from the conductor to the IPA, is there?20:03
TheJuliaI bet they are having to indirectly signal 64 megabytes to the appropriate chip from with-in the OS.... which can be super slow20:03
dkingTheJulia: yeah, no sure why it does that.20:03
TheJuliaThink programming an arduino20:03
TheJuliaarne_wiebalck: with auto-tls there is, just post it20:04
dkingAh. That's possible. I'm sure that it could be done better, but we're willing to eat the time cost for the moment.20:04
dkingWhere would be a good place for the conductor to send that data to the IPA?20:05
arne_wiebalckTheJulia: so, the conductor could generate a new pw, update the DB and send it to the IPA?20:05
arne_wiebalckTheJulia: prob is if sth goes wrong :-S20:05
TheJuliaarne_wiebalck: that could be done, yes. Just needs code20:05
dkingBut I suppose that before I get too far into looking for a workaround, i should check to confirm that it's not sent in the node object in the hardware manager.20:05
TheJuliadking: the node object would be scrubbed20:06
TheJuliai.e. secrets hidden20:06
dkingbust20:06
lbragstadTheJulia reading - thanks!20:06
arne_wiebalckdking: it is removed I think20:06
TheJuliaThe only exception to that is we explicitly extract the agent_token and send it in a separate field upon lookup20:06
TheJuliabecause... we didn't want a knob to go "show me all the secrets" outside of what the policy can be set to enable20:07
arne_wiebalckdking: is Ironic the source of truth for the IPMI creds?20:07
dkingI was thinking that sending it to the IPA would be a good place to get secret things sent inband.20:07
TheJuliadking: it is likely the only/best way20:07
dkingarne_wiebalck: Ideally, it will be. Because it has to have the creds, and I would prefer to have them in as few places as possible. Technically, there will be admin creds which are separate, but Ironic will not know about those. They would be physically tagged on the server.20:08
arne_wiebalckit'd be great to have a "rotate BMC creds" cleaning step, which assumes Ironic is in control of the user/pw20:09
arne_wiebalckin our case the creds are managed somewhere else20:09
arne_wiebalckso, Ironic is just told what the creds are20:10
dkingarne_wiebalck: I agree. After all, as I said, Ironic already has to know the BMC creds, and as it has BMC access as well as root access (during IPA), it is almost guaranteed to have every access it needs to maintain them.20:10
arne_wiebalckbut if we had such a step, Ironic could call out to the service20:10
arne_wiebalckit may be easier for Ironic to authenticate to such a service than for the IPA20:11
*** k_mouza has joined #openstack-ironic20:11
dkingarne_wiebalck: Regardless, if a password rotation happens, Ironic has to know about it, and has to know the same password that the IPA would know, and it looks like info only flows one way.20:12
arne_wiebalckdking: yes20:13
arne_wiebalckdking: the creds do not need to be set by the IPA20:14
arne_wiebalckdking: could also be set by the conductor directly, no?20:14
arne_wiebalckdking: so, rather than a cleaning step, there would be a node command20:14
dkingarne_wiebalck: I'm not sure that I understand. Are you suggesting having Ironic update the BMC creds using the BMC driver directly?20:17
*** hjensas has quit IRC20:18
arne_wiebalckdking: yes (I'm just thinking)20:18
dkingarne_wiebalck: The reason why it would need to be available during the clean step, at least for my use case, is that when the cleaning happens, it updates the BMC firmware and purges the BMC configs, which means that it also removes the BMC user and sets everything back to default. At that point, IPA is still running and has access, but until creds are set again, Ironic would lose BMC access.20:19
arne_wiebalckdking: I would need to talk to the colleagues who manage the IPMI creds since I think they do this remotely when I ask them for a reset20:19
arne_wiebalckdking: ah, ok20:19
arne_wiebalckdking: true20:20
dkingarne_wiebalck: I imagine that's what most people do. We did that before as well.  Before, any reset would reset to the same admin creds, but now we get our hardware sent to us from the manufacturer with random default credentials.20:21
*** dsneddon has joined #openstack-ironic20:23
*** hjensas has joined #openstack-ironic20:24
arne_wiebalckdking: our env is not so hostile, so we do not do this :)20:30
arne_wiebalckdking: isn't there a way to verify the f/w is unchanged?20:31
arne_wiebalckdking: in our env, BMC f/w updates do not happen very often ... I guess we are lucky :)20:32
dkingarne_wiebalck: Unfortunately, there isn't at the moment. However, even when it does, we would still need to update it sometimes, when updates come. And that has to be automated.20:33
arne_wiebalckdking: yes, that's true20:33
dkingarne_wiebalck: Well, we're giving root access to our servers, and maybe even malware.20:33
arne_wiebalckdking: and you plan to have a h/w manager per platform to do this?20:34
arne_wiebalckdking: our users have root and BMC access20:34
dkingarne_wiebalck: If users have root access, they could potentially upload compromised firmware.20:36
arne_wiebalckdking: absolutely20:36
arne_wiebalckdking: they could also simply add new BMC accounts20:37
dkingarne_wiebalck: Exactly. So, when they return the servers, we need to be able to wipe everything out to be able to be sure they haven't.20:38
arne_wiebalckdking: how will you handle different platforms?20:38
arne_wiebalckdking: a h/w manager for each?20:38
*** k_mouza has quit IRC20:39
arne_wiebalckdking: a h/w manager per BMC which supports only a specific f/w version?20:39
dkingarne_wiebalck: Yes, a h/w manager for each. But really, I was thinking about having a generic command to use ipmitool, and to maybe even abstract that to something and load through through dispatch_to_managers. So, as long as they use IPMI, it should work.20:39
dkingarne_wiebalck: Oh, for the BMC updates? yes, we would do that. Currently the h/w manager I have has a method to try to get the right BMC/BIOS binaries by model number.20:40
dkingIt's not trivial, but the aim is to add security.20:40
arne_wiebalckdking: yes ... we also maintain per type recipes and binaries20:41
*** ociuhandu has quit IRC20:43
arne_wiebalckdking: it's a very interesting problem ... if you find a solution how it could be solved with Ironic, that would be really great!20:43
arne_wiebalckdking: we could still do the SIG thing I mentioned earlier and see if we can crowd-develop a solution (and discuss other less hard issues)20:44
* arne_wiebalck has to go20:45
arne_wiebalckbye, everyone o/20:45
dkingarne_wiebalck: Thank you very much! Have a good night!20:46
*** k_mouza has joined #openstack-ironic20:46
*** k_mouza has quit IRC20:48
*** tosky has joined #openstack-ironic20:48
*** k_mouza has joined #openstack-ironic20:48
*** k_mouza has quit IRC20:59
*** k_mouza has joined #openstack-ironic21:00
*** vesper11 has quit IRC21:01
*** ociuhandu has joined #openstack-ironic21:07
*** zzzeek has quit IRC21:08
*** zzzeek has joined #openstack-ironic21:12
arne_wiebalckdking: Thanks for driving this! Last thought for the day: do you have a story on storyboard for this problem already? If no, this may serve as a good place to collect ideas.21:13
* arne_wiebalck really goes now :)21:14
*** k_mouza has quit IRC21:20
lbragstadTheJulia reviewed your spec - nice write up!21:22
TheJulialbragstad: thanks!21:24
TheJuliastevebaker: I would also appreciate a spec review, fwiw. :)21:27
stevebakerTheJulia: sure thing!21:29
*** ociuhandu has quit IRC21:29
*** ociuhandu has joined #openstack-ironic21:30
TheJuliaThanks!21:30
*** ociuhandu has quit IRC21:30
*** ociuhandu has joined #openstack-ironic21:30
*** ociuhandu has quit IRC21:30
*** ociuhandu has joined #openstack-ironic21:32
*** ociuhandu has quit IRC21:36
*** ociuhandu has joined #openstack-ironic22:00
*** ociuhandu has quit IRC22:21
TheJuliagrrr, I really need to reorganize my desk with new gerrit's ui22:29
TheJulia:(22:29
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to make further query caching and Git garbage collection adjustments, downtime should be less than 5 minutes22:36
*** k_mouza has joined #openstack-ironic22:48
*** ociuhandu has joined #openstack-ironic22:48
*** ociuhandu has quit IRC22:53
openstackgerritJulia Kreger proposed openstack/ironic master: Policy json to yaml migration  https://review.opendev.org/c/openstack/ironic/+/76326223:02
*** rcernin has joined #openstack-ironic23:03
*** ociuhandu has joined #openstack-ironic23:05
*** ociuhandu has quit IRC23:10
*** alexmcleod__ has joined #openstack-ironic23:10
*** alexmcleod_ has quit IRC23:10
*** tkajinam has quit IRC23:10
*** tkajinam has joined #openstack-ironic23:11
*** k_mouza has quit IRC23:17
*** ociuhandu has joined #openstack-ironic23:21
openstackgerritJulia Kreger proposed openstack/ironic-inspector master: Add upgrade check, and json2yaml policy handling  https://review.opendev.org/c/openstack/ironic-inspector/+/76328623:26
jandersgood morning Ironic o/23:30
*** ociuhandu has quit IRC23:46
stevebakerjanders: hi!23:47
TheJuliagood mroning23:58
« Sunday, 2020-11-29 Index Tuesday, 2020-12-01 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!