| *** tosky has quit IRC | 00:01 | |
| *** tosin has quit IRC | 00:10 | |
| *** ianychoi has joined #openstack-ironic | 00:14 | |
| janders | guilhermesp I am indeed working on NVMe cleaning - please give me more info on your goals/requirements and I may be able to help | 00:40 |
|---|---|---|
| TheJulia | lbragstad: to emulate the cache, with making the suggested change in https://review.opendev.org/c/openstack/ironic/+/768135/1/ironic/tests/unit/api/test_acl.py am I dumping the values out to assemble the cache at that point? Since I can't convert the object to json, and there is not a logical path there, I'm a bit blocked at this point, so any clarity would be super helpful.. | 01:05 |
| TheJulia | JayF: I think metal3 is running under uwsgi | 01:06 |
| TheJulia | but... braaaaaiiinnssss | 01:06 |
| TheJulia | lbragstad: I guess a good example would be useful if you happen to know of one at this point because I'm not sure how I'm sure your suggestion is actually possible to implement. | 01:07 |
| TheJulia | dtantsur|afk: I responded to your questions on https://review.opendev.org/c/openstack/ironic/+/768136/6 of note specifically is explicitly enforcing mocked specific values to be returned in a case where we know the conductor is not present to respond (i.e. assert 503 instead of !403) That is going to be problematic for QE folks trying to do external testing. If you can circle back to that tomorrow and at | 01:12 |
| TheJulia | least provide comments in the review to that end, that would be helpful. I'll likely get to that either tomorrow or thursday at this rate | 01:12 |
| *** tkajinam has quit IRC | 01:41 | |
| *** tkajinam has joined #openstack-ironic | 01:42 | |
| eandersson | How do I get a password using the IPA? | 02:04 |
| eandersson | e.g. for firmware upgrade :D | 02:04 |
| eandersson | Trying to figure out why we failed to login, but seems like the password is being replaced with stars | 02:04 |
| eandersson | or nvm maybe we are looking at the wrong api :D | 02:05 |
| eandersson | Was hitting 9999 manually for debugging but of course it obscures the password :D | 02:09 |
| *** tkajinam has quit IRC | 02:09 | |
| *** tkajinam has joined #openstack-ironic | 02:10 | |
| openstackgerrit | Iury Gregory Melo Ferreira proposed openstack/ironic master: Automaticaly set cipher suite https://review.opendev.org/c/openstack/ironic/+/770526 | 02:18 |
| *** ccstone has quit IRC | 02:26 | |
| *** ccstone has joined #openstack-ironic | 02:26 | |
| eandersson | driver_info.get('test_password') does indeed just store ***** on my hardware_manager | 02:28 |
| eandersson | I assume the obvious workaround is to not name it password? | 02:28 |
| *** zzzeek has quit IRC | 02:30 | |
| *** zzzeek has joined #openstack-ironic | 02:31 | |
| eandersson | Or maybe it just isn't safe to store a password in driver_info for use of the IPA? | 02:33 |
| *** zzzeek has quit IRC | 02:36 | |
| *** zzzeek has joined #openstack-ironic | 02:40 | |
| lbragstad | TheJulia by cache do you mean test values? | 02:43 |
| lbragstad | e.g., BASIC_CACHE_VALUES (it looks like) | 02:44 |
| lbragstad | TheJulia one of the better examples i can think of is what we did in nova and placement | 02:45 |
| lbragstad | we simulated the functionality of keystone_authtoken by populating headers that model the various personas | 02:46 |
| lbragstad | then - oslo.context translates those headers to a context object | 02:46 |
| lbragstad | which removes the dependency on keystone via keystone_authtoken (to validate the token) | 02:47 |
| lbragstad | but it still exercises the functionality of oslo.context by using .from_environ() to create context objects | 02:50 |
| lbragstad | the tests would still exercise this code - https://opendev.org/openstack/ironic/src/branch/master/ironic/api/hooks.py#L97 | 02:51 |
| lbragstad | another advantage is that the placement and nova test code doesn't carry around fake v2.0 or v3 token references | 02:52 |
| lbragstad | so - it's an implementation detail of keystone you don't have to care about | 02:52 |
| *** Qianbiao has joined #openstack-ironic | 02:52 | |
| lbragstad | i hope that helps answer your question - but i'll follow up tomorrow when we're both online and we can talk through it if i'm not making sense | 02:53 |
| lbragstad | i didn't get around to the ironic specification today either, but i plan to do that tomorrow | 02:53 |
| *** rcernin has quit IRC | 02:57 | |
| *** mkrai has joined #openstack-ironic | 03:04 | |
| guilhermesp | hi janders thanks for the heads up! I havent had much time today to test, but right now I have around 4 nodes with one nvme disk each. It is for a specific customer, those nodes wont be shared to different customers so it's not a priority right now ( as the cloud runs with no automated_cleaning ) but should be a requirement in a near future as the nodes can be shared across different tenants. | 03:08 |
| guilhermesp | I though about replacing/adding support to nvme-cli package https://github.com/linux-nvme/nvme-cli , I can totally find a slot to test securely erasing nvme devices so we can come up with the right commands. Do you have any wip to share ? | 03:10 |
| *** rcernin has joined #openstack-ironic | 03:18 | |
| *** rcernin has quit IRC | 03:21 | |
| *** rcernin has joined #openstack-ironic | 03:21 | |
| TheJulia | lbragstad: not exactly answers it. I don't think I correctly conveyed my confusion with fake cache population | 03:39 |
| *** ricolin_ has joined #openstack-ironic | 03:39 | |
| TheJulia | eandersson: Wait... you need IPA to have access to the secrets... or to somehow to be told the secrets to locally execute a firmware upgrade? | 03:40 |
| TheJulia | eandersson: fwiw, anything with password or token in the field name will be obscured by the oslo policy settings that are by default | 03:40 |
| *** ricolin_ has quit IRC | 03:54 | |
| janders | guilhermesp I should have something ready for you to look at in the coming days. Meanwhile, can you run these two commands and paste output somewhere (or email to janders@redhat.com)? http://paste.openstack.org/show/801580/ | 03:55 |
| janders | my current design is along the lines of enabling the current storage cleaning code to figure out if a device is an NVMe or a SATA, and utilising type-specific cleaning (nvme-cli sanitise/format for NVMe or SATA secure erase for SATA) with optional fallback to shred should the "native" cleaning fail | 03:56 |
| janders | so if I understand correctly that should do exactly what you need | 03:57 |
| eandersson | TheJulia: Yea - the IPA plugin we use needs a username/plugin to perform a firmware upgrade locally. We tried to make everything generic enough and wanted all firmware upgrades to be handled in the IPA, but I think that maybe it's just a bad fit and the part that needs a username/pw should probably just be done in Ironic as a plugin. | 03:59 |
| eandersson | Since it can be done remotely as well. | 04:05 |
| eandersson | It was really done as an attempt to stay consistent with how we do firmware upgrade for all hardware types. | 04:05 |
| *** Qianbiao has quit IRC | 04:14 | |
| *** Qianbiao has joined #openstack-ironic | 04:19 | |
| TheJulia | eandersson: yeah, oob has the added benefit if likely being more secure in the grand scheme of the universe | 04:19 |
| *** rcernin has quit IRC | 04:35 | |
| *** rcernin has joined #openstack-ironic | 04:35 | |
| *** pmannidi has quit IRC | 04:53 | |
| TheJulia | lbragstad: re-reading what your saying, I guess I'm feeling even more confused because I thought the semi-ideal path for a service such as ironic was to fake the cache out, and then let the policy check drive all the way down into policy validation using cached token records, but it sounds like the testing model your saying that was actually went with was to mock out the middleware so it never even gets that | 04:57 |
| TheJulia | far. Which I guess might make sense if only attempting to assemble one thing, return one aspect replacing the mock each time (fetch_token?)for every test as opposed to just repeatedly leveraging a common cache. Is any of that making any sense? | 04:57 |
| TheJulia | lbragstad: maybe less confused at this point in the grand scheme, just feeling like mixed messaging has occured. | 05:03 |
| *** gyee has quit IRC | 05:08 | |
| *** tzumainn has quit IRC | 05:14 | |
| *** Qianbiao has quit IRC | 05:24 | |
| *** rcernin_ has joined #openstack-ironic | 05:42 | |
| *** rcernin has quit IRC | 05:42 | |
| arne_wiebalck | Good morning, ironic! | 06:47 |
| janders | good morning arne_wiebalck o/ | 06:49 |
| arne_wiebalck | hey janders, good morning o/ | 06:50 |
| *** mkrai has quit IRC | 06:54 | |
| *** mkrai has joined #openstack-ironic | 06:54 | |
| *** Qianbiao has joined #openstack-ironic | 06:58 | |
| *** mkrai has quit IRC | 07:13 | |
| *** zzzeek has quit IRC | 07:28 | |
| *** rcernin_ has quit IRC | 07:28 | |
| *** zzzeek has joined #openstack-ironic | 07:31 | |
| *** openstackgerrit has quit IRC | 07:47 | |
| *** JayF has quit IRC | 07:52 | |
| *** mkrai has joined #openstack-ironic | 07:52 | |
| *** rcernin_ has joined #openstack-ironic | 08:06 | |
| *** mkrai has quit IRC | 08:13 | |
| *** akahat|rover is now known as akahat|lunch | 08:25 | |
| *** rpittau|afk is now known as rpittau | 08:25 | |
| rpittau | good morning ironic! o/ | 08:25 |
| *** rcernin_ has quit IRC | 08:26 | |
| rpittau | janders: for the nvme erase, I don't have anything to add to waht dtantsur said, I'll check the patches as they evolve though :) | 08:26 |
| *** tosky has joined #openstack-ironic | 08:39 | |
| *** mkrai has joined #openstack-ironic | 08:44 | |
| janders | good morning rpittau o/ | 08:55 |
| janders | rpittau thank you, sounds good! :) | 08:55 |
| *** lucasagomes has joined #openstack-ironic | 09:05 | |
| *** derekh has joined #openstack-ironic | 09:35 | |
| *** openstackgerrit has joined #openstack-ironic | 09:36 | |
| openstackgerrit | Aija Jauntēva proposed x/sushy-oem-idrac master: Update export system configuration https://review.opendev.org/c/x/sushy-oem-idrac/+/759425 | 09:36 |
| *** hoonetorg has joined #openstack-ironic | 09:44 | |
| openstackgerrit | Derek Higgins proposed openstack/ironic master: Add a delay/retry is vmedia insert fails https://review.opendev.org/c/openstack/ironic/+/770270 | 09:51 |
| *** quoth has joined #openstack-ironic | 09:57 | |
| *** akahat|lunch is now known as akahat|rover | 10:04 | |
| openstackgerrit | Derek Higgins proposed openstack/ironic master: Add a delay/retry is vmedia insert fails https://review.opendev.org/c/openstack/ironic/+/770270 | 10:17 |
| *** dougsz has joined #openstack-ironic | 10:36 | |
| *** dougsz has quit IRC | 10:37 | |
| *** ociuhandu has joined #openstack-ironic | 10:40 | |
| *** Qianbiao has quit IRC | 10:40 | |
| *** dtantsur|afk is now known as dtantsur | 10:41 | |
| dtantsur | morning ironic | 10:41 |
| rpittau | hey dtantsur :) | 10:46 |
| dtantsur | TheJulia: what I strongly dislike is us inventing a testing framework in yaml, and we're half way through it. | 10:49 |
| *** abdysn has joined #openstack-ironic | 11:01 | |
| iurygregory | morning arne_wiebalck dtantsur janders rpittau and Ironic o/ | 11:03 |
| rpittau | Hey iurygregory :) | 11:05 |
| iurygregory | o/ | 11:05 |
| *** sshnaidm|afk is now known as sshnaidm|ruck | 11:19 | |
| *** mkrai has quit IRC | 11:26 | |
| *** ociuhandu has quit IRC | 11:36 | |
| janders | hey iurygregory o/ | 11:45 |
| iurygregory | o/ | 11:48 |
| openstackgerrit | Dmitry Tantsur proposed openstack/sushy master: [WIP] Secure boot support https://review.opendev.org/c/openstack/sushy/+/770607 | 12:04 |
| *** tosin has joined #openstack-ironic | 12:39 | |
| *** ociuhandu has joined #openstack-ironic | 12:45 | |
| *** rh-jelabarre has joined #openstack-ironic | 12:53 | |
| *** ociuhandu has quit IRC | 12:55 | |
| *** ociuhandu has joined #openstack-ironic | 12:56 | |
| *** ociuhandu has quit IRC | 12:56 | |
| *** ociuhandu has joined #openstack-ironic | 13:01 | |
| lbragstad | TheJulia i think what you're saying makes sense - but instead of using cached tokens directly, just set the request headers directly and simulate keystone_authtoken middleware | 13:05 |
| lbragstad | TheJulia we weren't prescriptive in telling people how to test their secure RBAC changes, because some service might have things that work for them | 13:06 |
| guilhermesp | mornings! | 13:13 |
| guilhermesp | nice janders ! yep that's what i was imagining how it could be implemented! I will reproduce the commands on your paste today and let you know the results | 13:14 |
| openstackgerrit | Aija Jauntēva proposed x/sushy-oem-idrac master: Add import system configuration https://review.opendev.org/c/x/sushy-oem-idrac/+/770614 | 13:17 |
| *** paras333 has quit IRC | 13:26 | |
| openstackgerrit | Aija Jauntēva proposed openstack/python-ironicclient master: Add 'deploy steps' for provisioning API https://review.opendev.org/c/openstack/python-ironicclient/+/768354 | 13:29 |
| guilhermesp | some outputs janders http://paste.openstack.org/show/801590/ | 13:29 |
| openstackgerrit | Dmitry Tantsur proposed openstack/sushy master: [WIP] Secure boot support https://review.opendev.org/c/openstack/sushy/+/770607 | 13:30 |
| *** juanoterocas has joined #openstack-ironic | 14:18 | |
| openstackgerrit | Aija Jauntēva proposed x/sushy-oem-idrac master: Add import system configuration https://review.opendev.org/c/x/sushy-oem-idrac/+/770614 | 14:21 |
| *** rloo has joined #openstack-ironic | 14:27 | |
| *** mkrai has joined #openstack-ironic | 14:40 | |
| *** tzumainn has joined #openstack-ironic | 14:47 | |
| openstackgerrit | Aija Jauntēva proposed x/sushy-oem-idrac master: Add import system configuration https://review.opendev.org/c/x/sushy-oem-idrac/+/770614 | 14:55 |
| *** ociuhandu_ has joined #openstack-ironic | 14:58 | |
| *** ociuhandu has quit IRC | 15:02 | |
| *** MentalSiege has joined #openstack-ironic | 15:05 | |
| *** abdysn has quit IRC | 15:08 | |
| *** MentalSiege has quit IRC | 15:09 | |
| *** MentalSiege has joined #openstack-ironic | 15:10 | |
| openstackgerrit | Derek Higgins proposed openstack/ironic master: Add a delay/retry is vmedia insert fails https://review.opendev.org/c/openstack/ironic/+/770270 | 15:30 |
| *** ociuhandu_ has quit IRC | 15:35 | |
| *** ociuhandu has joined #openstack-ironic | 15:35 | |
| *** juanoterocas has quit IRC | 15:37 | |
| *** ricolin has quit IRC | 15:38 | |
| openstackgerrit | Dmitry Tantsur proposed openstack/sushy master: Secure boot support: enabling/disabling and resetting keys https://review.opendev.org/c/openstack/sushy/+/770607 | 15:42 |
| *** ricolin has joined #openstack-ironic | 15:47 | |
| TheJulia | lbragstad: the initial internal stuff was at least suggestive, but it doesn't really matter. Anyway, back to banging my head against this. | 16:00 |
| lbragstad | TheJulia i'm on a call but i'll review the spec after | 16:01 |
| TheJulia | lbragstad: reviewing spec has nothing to do with attempting to get pre-change testing into a workable/usable state to help preent breaking changes | 16:02 |
| lbragstad | true- but maybe i can help with the testing changes after that | 16:02 |
| TheJulia | That would actually be worse | 16:02 |
| TheJulia | because it is chicken/egg | 16:03 |
| TheJulia | the spec doesn't cover the previous state testing | 16:03 |
| lbragstad | ok - so you're saying you need help with testing more than you need a spec review? | 16:03 |
| *** mkrai has quit IRC | 16:03 | |
| *** mkrai_ has joined #openstack-ironic | 16:03 | |
| TheJulia | it would be greatly appreciated, although I may be on the right track at this point trying to incorporate review feedback. Maybe.. | 16:04 |
| lbragstad | ok | 16:04 |
| *** rnoriega_ is now known as rnoriega123 | 16:06 | |
| *** rnoriega123 is now known as rnoriega_ | 16:06 | |
| *** rnoriega_ is now known as rnoriega | 16:09 | |
| *** ociuhandu_ has joined #openstack-ironic | 16:11 | |
| *** ociuhandu has quit IRC | 16:11 | |
| *** mkrai_ has quit IRC | 16:22 | |
| *** markguz_ has joined #openstack-ironic | 16:27 | |
| TheJulia | All: Midcycle poll: https://doodle.com/poll/y9afrz6hhq7s23km?utm_source=poll&utm_medium=link | 16:27 |
| TheJulia | Topic Etherpad: https://etherpad.opendev.org/p/ironic-wallaby-midcycle | 16:28 |
| markguz_ | Hello I've been struggling with a weird problem for the last few weeks with ironic. Essentially whenever I spawn a baremetal instance the process starts, scheduler schedules it, and the nova-compute on the ironic conductor node reports "Starting instance". Then nothing for 10mins or sometimes 20mins, then suddenly the ironic conductor will start the node | 16:30 |
| markguz_ | No error is reported, no tracebacks no nothing. it just sits there and does nothing and suddenly springs into life. This only happens with baremetal. VMs spawn as good as instantly | 16:31 |
| markguz_ | I am beginning to lose my mind trying to debug this... . This is Rocky btw | 16:32 |
| TheJulia | markguz_: concurrent baremetal deployments? | 16:32 |
| TheJulia | markguz_: so, how big are the disk images your asking for to be deployed? | 16:32 |
| markguz_ | TheJulia: There's no other activity on the baremetal. This is not a busy deployment. | 16:33 |
| TheJulia | then how big are the disk images? I suspect they are being converted to raw format or something along those lines | 16:33 |
| markguz_ | TheJulia: Images are already RAW. and the images are between 800M and 3G depending on which image is chosen | 16:35 |
| markguz_ | And this worked ok until i upgraded from queens | 16:35 |
| TheJulia | what kind of hardware? | 16:36 |
| markguz_ | I was planning on upgrading all the way to Stein at the time, but stalled out when Ironic stopped working properly | 16:36 |
| TheJulia | are you using ipmi? | 16:36 |
| markguz_ | TheJulia: yes | 16:36 |
| TheJulia | try downgrading your ipmitool binary to an older version | 16:36 |
| *** MentalSiege has quit IRC | 16:37 | |
| TheJulia | there were crypto changes in the last ?year? which doesn't align with HPE hardware | 16:37 |
| TheJulia | at least, in some forks of it | 16:37 |
| markguz_ | TheJulia: The thing is. I don't see any action from ironic conductor that would make me think there's a problem with ipmi. | 16:37 |
| TheJulia | are there hanging ipmitool processes though? | 16:38 |
| markguz_ | No | 16:38 |
| TheJulia | hmm | 16:38 |
| markguz_ | "ipmitool version 1.8.18" | 16:38 |
| TheJulia | okay, so you trigger a deployment on the nova side. Do we immediately go to deploy wait in ironic? | 16:39 |
| markguz_ | no. | 16:39 |
| markguz_ | that's what i'm confused about. nova-compute says "Starting" then literally NOTHING happens for at least 10mins | 16:39 |
| TheJulia | is nova even hitting the API quickly? | 16:39 |
| TheJulia | is there lots of VM activity on this cluster? | 16:39 |
| markguz_ | no very little. we can go days with out spawning a vm | 16:40 |
| TheJulia | anything in the nova-compute process log that lines up with this? | 16:40 |
| *** adrianc has quit IRC | 16:41 | |
| markguz_ | nothing. zip, nada. it's been driving my crazy. | 16:41 |
| TheJulia | hmm | 16:41 |
| *** tosky has quit IRC | 16:41 | |
| TheJulia | have you asked the nova folks what could cause a delay in nova-compute getting the command to spawn an instance? | 16:42 |
| *** adrianc has joined #openstack-ironic | 16:42 | |
| *** tosky has joined #openstack-ironic | 16:42 | |
| markguz_ | no. not yet. since nova is reporting "Starting instance... _do_build_and_run_instance" i really thought it was something to do with ironic | 16:43 |
| * TheJulia cracks open the nova code base | 16:44 | |
| markguz_ | I was trying to decipher what nova compute manager does from there. But i couldn't quite figure out what was happening and where it was called from | 16:44 |
| TheJulia | if memory serves, it is a comamnd over rpc | 16:45 |
| TheJulia | it is *super* hard to follow | 16:45 |
| markguz_ | that's what I thought. and yes it is super super hard to follow :-) | 16:46 |
| markguz_ | i know rabbitmq is working ok. everything else in the deployment is working ok. | 16:46 |
| TheJulia | markguz_: does it say "building" for the vm_state? | 16:48 |
| markguz_ | yep | 16:48 |
| TheJulia | what does task_state say? | 16:49 |
| TheJulia | how quickly after triggering instance deployment are you seeing "Start spawning the instance on the hypervisor." inside the nova-compute logs? | 16:51 |
| markguz_ | Task state is "None" | 16:52 |
| markguz_ | and i see the start pretty much immediatly | 16:52 |
| markguz_ | here's my nova.conf http://paste.openstack.org/show/801598/ | 16:52 |
| markguz_ | nova-compute for the ironic stuff i mean. | 16:52 |
| *** lucasagomes has quit IRC | 16:53 | |
| TheJulia | yeah | 16:53 |
| TheJulia | markguz_: so my theory, based upon the nova rocky code base, is what is happening is your stuck scheduling for some reason | 16:55 |
| TheJulia | beause we're not actually hitting the driver spawn yet given the task state is also none. This is likely best for the nova experts in #openstack-nova, but honestly this is also first I've ever heard of this | 16:55 |
| TheJulia | well, an issue quite like *this* | 16:56 |
| markguz_ | here's the debug output http://paste.openstack.org/show/801599/ | 16:58 |
| *** gyee has joined #openstack-ironic | 17:00 | |
| *** MentalSiege has joined #openstack-ironic | 17:01 | |
| markguz_ | you see goes from 9.40 then 9.46 then 10.05 when the actual process finally starts | 17:01 |
| *** ociuhandu_ has quit IRC | 17:06 | |
| *** ociuhandu has joined #openstack-ironic | 17:09 | |
| *** ociuhandu_ has joined #openstack-ironic | 17:13 | |
| *** MentalSiege has quit IRC | 17:15 | |
| TheJulia | wow | 17:16 |
| *** ociuhandu has quit IRC | 17:16 | |
| markguz_ | Wow? | 17:17 |
| *** ociuhandu_ has quit IRC | 17:17 | |
| *** MentalSiege has joined #openstack-ironic | 17:18 | |
| TheJulia | I'm at a loss | 17:20 |
| markguz_ | well. i don't feel so bad now :-) | 17:21 |
| markguz_ | i'm usually pretty good at ferreting out these little problems but this is a stumper | 17:21 |
| markguz_ | what i wish was that the debug was a bit more verbose.... log prints for every step of the way. like "doing this" "done with that" "now doing this" "now done with that" | 17:22 |
| *** ociuhandu has joined #openstack-ironic | 17:22 | |
| markguz_ | but it seems to skip over a huge amount of steps | 17:22 |
| TheJulia | are you supplying a specific vif? | 17:24 |
| TheJulia | is this cinder integrated deployments? | 17:25 |
| markguz_ | this is how i spin up a vm. http://paste.openstack.org/show/801600/ | 17:25 |
| markguz_ | no whole disk image | 17:25 |
| markguz_ | so storage is noop and network is noop | 17:25 |
| *** ociuhandu has quit IRC | 17:27 | |
| TheJulia | markguz_: what does your ironic-api log look like? | 17:28 |
| TheJulia | I suspect we're getting hung up in here https://github.com/openstack/nova/blob/34c5df7b2b8c7eebbfc8aa0bc3edba501dddcb61/nova/virt/ironic/driver.py | 17:29 |
| *** sshnaidm|ruck is now known as sshnaidm|afk | 17:30 | |
| TheJulia | can you try with a specific vif, and not a network id? | 17:30 |
| markguz_ | i used to do that back in the days of liberty. then something changed in pike or ocata and i had to stop doing that. | 17:32 |
| tosin | Hi TheJulia, could you please check out my change https://review.opendev.org/c/openstack/ansible-collections-openstack/+/770037 | 17:54 |
| TheJulia | tosin: might be good, do you have a change in bifrost to test that ? | 17:59 |
| tosin | TheJulia: yes it passed bifrost | 18:02 |
| TheJulia | link to that change? | 18:03 |
| TheJulia | or log? | 18:03 |
| rpittau | good night! o/ | 18:05 |
| *** rpittau is now known as rpittau|afk | 18:05 | |
| openstackgerrit | Monica Pardhi proposed openstack/ironic stable/victoria: DRAC: Fix a failure to create virtual disk https://review.opendev.org/c/openstack/ironic/+/770655 | 18:05 |
| *** derekh has quit IRC | 18:07 | |
| TheJulia | lbragstad: okay, trying to create contexts and then trying to mock the keystonemiddleware token handling seems to be hitting roadblocks. Do you happen to have a link to where this is being done in nova or any other project? I might be trying to do things too simply or maybe I need to manually map everything, just not sure. | 18:09 |
| lbragstad | TheJulia sure - let me grab an example | 18:10 |
| lbragstad | nova mocked the context objects directly - then supplied a specific context object for the test | 18:10 |
| TheJulia | lbragstad: much appreciated | 18:10 |
| viks____ | TheJulia: after i run `provide` command, the node gets rebooted and i see dhcp request being sent from baremetal node via KVM console. I'm also able to see dhcp messages coming to eth1 i.e. second interface, and br-eth1.. but it seems baremetal node is not getting any dhcp reply back... any idea what i should be looking in to next? | 18:10 |
| lbragstad | placement provided request environment headers and allowed oslo.context middleware to translate those headers into a context object (so no oslo.context mocking was necessary) | 18:11 |
| TheJulia | and here I'm wondering why we even still have the enviroment header stuff wired in place | 18:12 |
| * TheJulia sighs | 18:12 | |
| TheJulia | viks____: have you verified your mac addresses? Is the dhcp server in the namespace that should be getting the request, is it seeing the packets? | 18:12 |
| TheJulia | viks____: i.e. tcpdump in the namespace past the br-eth1 | 18:12 |
| tosin | TheJulia: https://zuul.opendev.org/t/openstack/build/b1585da30a7248b19dc2fa168b04408d | 18:13 |
| tosin | https://zuul.opendev.org/t/openstack/build/fa2844d0458d411d9670ff86a4e1799f | 18:13 |
| lbragstad | TheJulia this is where that code lives in nova https://opendev.org/openstack/nova/src/branch/master/nova/tests/unit/policies and all those tests ultimately inherit from base.py | 18:13 |
| lbragstad | https://opendev.org/openstack/nova/src/branch/master/nova/tests/unit/policies/base.py#L41 | 18:13 |
| openstackgerrit | Monica Pardhi proposed openstack/ironic stable/ussuri: DRAC: Fix a failure to create virtual disk https://review.opendev.org/c/openstack/ironic/+/770277 | 18:13 |
| lbragstad | and the test implementation https://opendev.org/openstack/nova/src/branch/master/nova/tests/unit/policies/test_servers.py#L368 | 18:14 |
| TheJulia | tosin: I was thinking something along the lines of https://review.opendev.org/c/openstack/bifrost/+/769495 where validation is toggled by the playbook so the logs can be observed | 18:14 |
| lbragstad | placement is pursuing this approach https://review.opendev.org/c/openstack/placement/+/760240/13/placement/tests/functional/gabbits/resource-provider-secure-rbac.yaml | 18:15 |
| viks____ | TheJulia: You mean to say the MAC id for `openstack baremetal port create` command... i think i have given it properly.. i gave the one with the PXE boot interface MAC id... | 18:15 |
| openstackgerrit | Monica Pardhi proposed openstack/ironic stable/victoria: DRAC: Fix a failure to create virtual disk https://review.opendev.org/c/openstack/ironic/+/770655 | 18:15 |
| viks____ | TheJulia: dhcp server in the namespace i see a tap interface, in which i do not see any dhcp requests coming in when checked with tcpdump | 18:16 |
| lbragstad | which replaces keystone_authtoken middleware with a "noauth" middleware https://review.opendev.org/c/openstack/placement/+/760240/13/placement/tests/functional/fixtures/gabbits.py#74 | 18:17 |
| lbragstad | and that is implemented here - https://review.opendev.org/c/openstack/placement/+/760240/13/placement/auth.py#35 | 18:17 |
| TheJulia | viks____: ahh, then it is wiring in neutron. Neutron isn't attaching the network properly | 18:18 |
| viks____ | TheJulia: i see it only on `eth1` which is second interface and `br-eth1` | 18:18 |
| TheJulia | viks____: likely... your issue is the bridge mapping is wrong or missing | 18:19 |
| TheJulia | and the network is not configured to use the bridge mapping properly for the barmeetal network. I'd go back to the examples and follow them very carefully in that area to see if something was missed | 18:19 |
| openstackgerrit | Monica Pardhi proposed openstack/ironic stable/ussuri: DRAC: Fix a failure to create virtual disk https://review.opendev.org/c/openstack/ironic/+/770277 | 18:19 |
| TheJulia | Also along with the steps to create the network. | 18:19 |
| tosin | TheJulia: Oh I'll do that now | 18:19 |
| TheJulia | tosin: awesome | 18:19 |
| viks____ | TheJulia: bridge mapping in `/etc/neutron/plugins/ml2/openvswitch_agent.ini`? | 18:22 |
| TheJulia | viks____: yes | 18:24 |
| viks____ | TheJulia: it's mapped to `eth1`(second interface) which seems to be fine?? | 18:25 |
| viks____ | TheJulia: also step 12 in https://docs.openstack.org/ironic/train/install/configure-networking.html needs to be created in any specific NETWORK_CIDR? | 18:27 |
| TheJulia | viks____: it is format physical_network_alias:bridge_mapping_interface(like br-eth1) | 18:34 |
| TheJulia | viks____: not the raw interface | 18:34 |
| TheJulia | viks____: so then the question is, how did you create the network for cleaning/deployment? | 18:34 |
| TheJulia | with what parameters | 18:35 |
| TheJulia | what matters in that is the physical network provider | 18:35 |
| openstackgerrit | Tosin Farai proposed openstack/bifrost master: Test new features added to baremetal_node https://review.opendev.org/c/openstack/bifrost/+/769495 | 18:39 |
| TheJulia | lbragstad: I guess the conundrum is use case evolution being so different at this point :\ | 18:42 |
| *** dtantsur is now known as dtantsur|afk | 18:43 | |
| dtantsur|afk | o/ | 18:43 |
| TheJulia | goodnight dtantsur|afk | 18:44 |
| viks____ | TheJulia: sorry.. my mistake.. my mapping is set to `br-eth1`only.. i created single network as per step 12 in above link and using the same for provisioning and cleaning as of nw.. but there seems to be some mismatch in `physical_network_alias` b/n `openvswitch_agent.ini` and `ml2_conf.ini`... i'll check that now | 18:45 |
| TheJulia | viks____: ahh, those need to match if memory serves | 18:54 |
| TheJulia | lbragstad: good news! only one test failing now :) | 18:54 |
| lbragstad | TheJulia what patch are you working from? | 18:55 |
| TheJulia | uploading | 18:55 |
| openstackgerrit | Julia Kreger proposed openstack/ironic master: WIP Allow different token caches for policy tests https://review.opendev.org/c/openstack/ironic/+/768135 | 18:55 |
| TheJulia | it still needs a lot of cleanup unfortunately ^^^ | 18:56 |
| lbragstad | TheJulia iiuc - your testing approach will hit issues when https://bugs.launchpad.net/keystonemiddleware/+bug/1777177 is fixed | 19:03 |
| openstack | Launchpad bug 1777177 in keystonemiddleware "eliminate v2 keystone support" [Low,In progress] - Assigned to Gage Hugo (gagehugo) | 19:03 |
| lbragstad | if/when | 19:03 |
| TheJulia | how? | 19:04 |
| TheJulia | and I ask that as not being a keystone expert | 19:04 |
| * TheJulia starts looking through the linked patches to gain context | 19:05 | |
| * lbragstad grabs some links | 19:06 | |
| viks____ | TheJulia: can you plz let me know if step 12 in https://docs.openstack.org/ironic/train/install/configure-networking.html needs to be created in any specific NETWORK_CIDR? | 19:06 |
| viks____ | also what step5 is for in https://docs.openstack.org/ironic/train/install/configure-pxe.html#dhcp-server-setup ? | 19:07 |
| TheJulia | lbragstad: yeah, I'm not sure why that would break this, but maybe it is a patch I'm just not seeing? | 19:07 |
| TheJulia | viks____: afaik, no specific network cidr is required as long as it is valid | 19:07 |
| TheJulia | viks____: step 5 is so the kernel sends the reply on the bridge instead of the base ethernet interface | 19:08 |
| TheJulia | a common setup issue | 19:08 |
| viks____ | TheJulia: what that IP should be ? | 19:09 |
| TheJulia | it should match the addressing your using for your provisioning/cleaning networks | 19:10 |
| TheJulia | or flat network upon which your provisioning the nodes | 19:10 |
| TheJulia | all of which is essentially the same $thing | 19:11 |
| viks____ | TheJulia: which means that it should be in same addressing as in the subnet created in the earlier step 12? | 19:13 |
| openstackgerrit | Julia Kreger proposed openstack/ironic master: WIP Allow different token caches for policy tests https://review.opendev.org/c/openstack/ironic/+/768135 | 19:13 |
| TheJulia | lbragstad: ^^^ so, had to change the test because we're not actualy doing full authentiation checks which voids out my resistance to dmitry's ask in a later patch for precise response codes | 19:14 |
| TheJulia | viks____: which step 12? | 19:15 |
| TheJulia | I don't actually see a step 12 | 19:15 |
| lbragstad | TheJulia ok - checking again | 19:15 |
| viks____ | TheJulia: https://docs.openstack.org/ironic/train/install/configure-networking.html | 19:15 |
| lbragstad | i need to pull this down and test it locally | 19:16 |
| TheJulia | lbragstad: no worries, more cleanup will be needed, since I fumbled through it. Like... I literally don't know why one of the methods is getting three arguments instead of two as defined. | 19:17 |
| * TheJulia suspects it is the mystery of the century | 19:17 | |
| TheJulia | viks____: yes, same addressing because the conductor needs to try and know where to send traffic back to | 19:17 |
| TheJulia | that is for tftp specifically, that shouldn't break dhcp since neutron if everything is configured right should enable the network plumbing such that the dhcp server will see the request and then respond to it | 19:18 |
| viks____ | Thanks for your inputs.. will investigate further why tap interface in the network namespace(dhcp) not getting the dhcp traffic... | 19:19 |
| * TheJulia goes and makes some lunch | 19:22 | |
| markguz_ | TheJulia: after shoehorning the patch in, things seem to be working as expected now. | 19:25 |
| TheJulia | is it a sign that I'm loosing my mind when someone says shoehorning a patch in I think of tinytoons? | 19:28 |
| iurygregory | nah =) | 19:29 |
| markguz_ | I don't know what tinytoons is? I'm a scotsman living in Texas, so things i say often cause folks to look confused | 19:29 |
| iurygregory | tinytoons is an animation if I do remember hehe | 19:30 |
| iurygregory | or *cartoon* | 19:30 |
| TheJulia | A cartoon which also had appearances of the Animaniacs and Pinky and the Brain | 19:30 |
| markguz_ | somewhat after my time then.... | 19:31 |
| TheJulia | 1990-1993 | 19:31 |
| TheJulia | err, 1992 | 19:31 |
| markguz_ | yeah i was in college then :-) | 19:31 |
| markguz_ | i recall watching pinky and the brain, or was it ren and stimpy?, while nursing a hangover.. | 19:32 |
| TheJulia | Ren and Stimpy seem like nursing a hangover material | 19:32 |
| markguz_ | yeah that and rugrats | 19:33 |
| TheJulia | rugrats ++ | 19:35 |
| *** MentalSiege has quit IRC | 19:37 | |
| *** MentalSiege has joined #openstack-ironic | 19:40 | |
| *** browzing has joined #openstack-ironic | 19:42 | |
| erbarr | Hi, I'm getting an error status right after openstack server create, I did some digging and I'm thinking I might need to change some properties does this look bad? | 19:42 |
| erbarr | https://usercontent.irccloud-cdn.com/file/s10vxt9K/image.png | 19:42 |
| TheJulia | erbarr: is the trait set? | 19:44 |
| erbarr | no idea, how do i check that? | 19:44 |
| TheJulia | openstack baremetal node trait list... I think | 19:45 |
| erbarr | let me see | 19:45 |
| browzing | hello folks, running into an issue (and nothing's seemingly changed in our stack) where metal that boots into the ironic initramfs will not get a link on the main interfaces -- blowing up w/ a ENETUNREACH. Trying to bring up the link manually via IPMI results in error messages for the bnx2x drivers saying the firmware could not be found/loaded. Any ideas? https://imgur.com/a/7okDMhb | 19:45 |
| * TheJulia wonders if everyone is firing up ironic today | 19:46 | |
| browzing | We were originally suspecting recent changes in ironic-ipa-downloader... but we're lost now. | 19:46 |
| erbarr | TheJulia, I got an empty return | 19:47 |
| TheJulia | erbarr: ahh, well you need that trait or you need to remove the trait from the flavor | 19:47 |
| TheJulia | because the flavor says it is required | 19:47 |
| erbarr | cool, so to remove i guess openstack flavor batemetal trait remove or something along those lines, let me try | 19:48 |
| erbarr | TheJulia, thanks! Tiny toons I loved growing up, and i watched the animaniacs reboot over the holidays, had some moments | 19:49 |
| TheJulia | browzing: so we did start paring down the excess firmware in our public images | 19:49 |
| TheJulia | browzing: but I don't think we nuked network cards | 19:49 |
| TheJulia | browzing: is anything in /usr/lib/firmware ? | 19:51 |
| TheJulia | browzing: https://github.com/openstack/ironic-python-agent-builder/commit/6c9c505ca900dc14b1637175d311c3dc49e85366 | 19:52 |
| openstackgerrit | Iury Gregory Melo Ferreira proposed openstack/networking-baremetal master: Add doc/requirements https://review.opendev.org/c/openstack/networking-baremetal/+/769172 | 19:54 |
| browzing | /lib/firmware is pretty bare | 19:57 |
| browzing | just some microcode stuff | 19:57 |
| TheJulia | what is the ramdisk that is running? | 19:57 |
| TheJulia | centos stream | 19:57 |
| TheJulia | ? | 19:58 |
| browzing | I believe we were using https://images.rdoproject.org/centos8/master/rdo_trunk/current-tripleo/ | 19:58 |
| browzing | tried to roll back to previous-current-tripleo | 19:58 |
| TheJulia | browzing: du -hcs / | 19:58 |
| TheJulia | we can know quickly by size of the ramdisk | 19:58 |
| browzing | and tried the rdo variants too (unsure what differences those have, seemd to be the same size) | 19:58 |
| TheJulia | or cat /etc/os-release | 19:58 |
| browzing | sec | 19:58 |
| browzing | Sorry a bit hard to copy/paste via the IPMI for these dells :p | 19:59 |
| browzing | https://imgur.com/a/ejmwGSO | 19:59 |
| browzing | 1004M for RD size | 20:00 |
| TheJulia | got a link by chance to exactly what the downloader pulled down? | 20:00 |
| browzing | let me k logs -f the statefulset ironic-ipa-downloader... sec | 20:00 |
| TheJulia | should be in the container logs | 20:00 |
| TheJulia | no worries | 20:00 |
| browzing | https://pastebin.com/53nnzjmx | 20:01 |
| TheJulia | downloading | 20:02 |
| TheJulia | I'm going to rip the image apart and see what is going on in there | 20:02 |
| TheJulia | going to be a few minutes to download | 20:03 |
| arne_wiebalck | bye everyone o/ | 20:03 |
| browzing | No worries been debugging for about two days now :) | 20:04 |
| browzing | /waves farewell arne | 20:04 |
| TheJulia | goodnight arne_wiebalck | 20:04 |
| *** hoonetorg has quit IRC | 20:04 | |
| * TheJulia rips it apart | 20:06 | |
| TheJulia | well | 20:11 |
| TheJulia | it is there.... | 20:11 |
| browzing | eeenteresting.... Dell r640's for reference | 20:12 |
| browzing | Where should I be seeing the right firmware? This is p.much what /usr/lib/firmware looks like: | 20:14 |
| TheJulia | in /usr/lib/firmware | 20:14 |
| browzing | https://imgur.com/a/7AxRoch | 20:14 |
| TheJulia | hmmm https://images.rdoproject.org/centos8/master/rdo_trunk/previous-current-tripleo-rdo/ | 20:16 |
| TheJulia | november 18th | 20:16 |
| TheJulia | https://images.rdoproject.org/centos8/master/rdo_trunk/current-tripleo-rdo/ | 20:17 |
| browzing | downloading locally to dig around... | 20:18 |
| TheJulia | https://images.rdoproject.org/centos8/master/rdo_trunk/current-tripleo-rdo/ <-- smaller images | 20:19 |
| TheJulia | err | 20:19 |
| TheJulia | ripping apart the smaller one | 20:19 |
| TheJulia | well | 20:20 |
| TheJulia | bingo | 20:20 |
| TheJulia | no firmware | 20:20 |
| TheJulia | comparing to openstack's mirror | 20:23 |
| TheJulia | well, our pipeline built image | 20:23 |
| TheJulia | not rdoproject's | 20:23 |
| browzing | :) :joy: | 20:23 |
| browzing | hrm yea I downloaded https://images.rdoproject.org/centos8/master/rdo_trunk/previous-current-tripleo-rdo/ironic-python-agent.tar and it appears to have the firmware in /usr/lib/firmware | 20:25 |
| browzing | whats the difference between the rdo and non-rdo ipa tarballs? | 20:31 |
| lbragstad | TheJulia just checking something - but is this always the case? | 20:33 |
| TheJulia | browzing: no idea.... | 20:33 |
| TheJulia | lbragstad: what is this? | 20:34 |
| lbragstad | https://opendev.org/openstack/ironic/src/branch/master/ironic/api/controllers/v1/utils.py#L1462 | 20:34 |
| TheJulia | browzing: I've asked in #tripleo for them to trigger the images to rebuild | 20:34 |
| lbragstad | sorry - i can wait, too | 20:34 |
| TheJulia | lbragstad: I think so, but if the middleware is different It could be we silently don't do anything | 20:38 |
| lbragstad | ok | 20:38 |
| TheJulia | middleware different being the noauth middlware | 20:38 |
| lbragstad | http://paste.openstack.org/show/801609/ | 20:39 |
| lbragstad | looks like we only pass in the policy name | 20:39 |
| lbragstad | and i think that means the ironic fetches the policy values from the context object associated with the API request | 20:39 |
| lbragstad | and it passes that for the credentials and the target | 20:39 |
| TheJulia | that is correct | 20:40 |
| TheJulia | middleware expands it if loaded and populates the data structures | 20:40 |
| lbragstad | the middleware? | 20:41 |
| lbragstad | it looks like the controller utils do that? | 20:41 |
| lbragstad | https://opendev.org/openstack/ironic/src/branch/master/ironic/api/controllers/v1/utils.py#L1461 | 20:41 |
| lbragstad | oh.. https://opendev.org/openstack/ironic/src/branch/master/ironic/common/policy.py#L644-L645 | 20:42 |
| lbragstad | the policy module short circuits enforcement if you're using something other than keystone | 20:43 |
| TheJulia | which is our major other case | 20:43 |
| lbragstad | ok - i might add a wrapper around check_policy? | 20:44 |
| lbragstad | or just add kwargs | 20:44 |
| lbragstad | so that we can start passing in target data, right? | 20:45 |
| TheJulia | Why there? | 20:45 |
| TheJulia | well | 20:45 |
| lbragstad | so - target data is going to change based on the API | 20:45 |
| TheJulia | maybe | 20:45 |
| TheJulia | It is goign to change, largely we consolidated that down into utility methods, so most likely yes, eventually, not at this current patch though | 20:46 |
| lbragstad | target data for nodes is going to be different than target data for chassis | 20:46 |
| lbragstad | and right now i think we're using the same two values for target and credentials for all enforcement calls | 20:46 |
| TheJulia | there are other calls furhter down in the utilities for the more specific methods | 20:47 |
| TheJulia | or more specific checks | 20:47 |
| lbragstad | oh - i see it | 20:48 |
| lbragstad | cool | 20:49 |
| TheJulia | I suspect a reference lookup table will be needed or something to keep it relatively clean | 20:55 |
| lbragstad | ok - i have a bunch of changes on top of the patch you pushed | 20:57 |
| lbragstad | and i think i removed the requirement to stub keystonemiddleware and keep a cache of keystone tokens | 20:57 |
| openstackgerrit | Julia Kreger proposed openstack/ironic master: Enable testing to dynamicly leverage ACL roles https://review.opendev.org/c/openstack/ironic/+/768135 | 21:05 |
| TheJulia | maybe rebase since I cleaned it up? | 21:05 |
| tosin | TheJulia it failed bifrost :( | 21:08 |
| tosin | https://review.opendev.org/c/openstack/bifrost/+/769495 | 21:08 |
| TheJulia | tosin | 21:12 |
| TheJulia | err | 21:12 |
| TheJulia | tosin: I think you changed the wrong module invocation | 21:12 |
| TheJulia | tosin: line 23 https://review.opendev.org/c/openstack/bifrost/+/769495/3/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml | 21:13 |
| TheJulia | maybe the ironic-deploy-dynamic/tasks/main.yaml file instead of ironic-enroll-dynamic/tasks/main.yml file? | 21:13 |
| tosin | Sorry X| I'll fix that now | 21:14 |
| lbragstad | TheJulia ok - so i think i understand things a bit better now | 21:17 |
| lbragstad | i think we have at least two approaches for functional policy testing with ddt in ironic | 21:17 |
| *** hoonetorg has joined #openstack-ironic | 21:18 | |
| lbragstad | 1.) we can stub out the keystonemiddleware implementation, like what is proposed in your patch | 21:18 |
| lbragstad | 2.) implement a new auth_strategy that bypasses authentication completely (just like noauth) | 21:18 |
| TheJulia | I really don't want to expose a second auth plugin/strategy | 21:19 |
| lbragstad | i tried #2 with auth_strategy = noauth and it broke all the existing functional API tests | 21:19 |
| TheJulia | yeah | 21:19 |
| lbragstad | which is a bummer | 21:19 |
| lbragstad | #1 is going to force us to know implementation details of ksm in ironic's functional testing | 21:19 |
| TheJulia | I don't think there is any way to avoid that, and I'd actually suggest insulating against that knowledge will make it more difficult to move foward | 21:24 |
| lbragstad | i agree that i'm not a fan of ksm implementation details in ironic test code | 21:26 |
| tosin | TheJulia I don't think ironic-dynamic-deploy is in the playbooks | 21:26 |
| TheJulia | I kind of feel like that is more minor, in the grand scheme of the universe | 21:26 |
| TheJulia | lbragstad: at least, that is my feeling. I think insulation just makes this all harder to push forward because it further reduces the actual people with knowledge of the underlying thing we're still need to integrate/use | 21:27 |
| lbragstad | another option would be to supply headers for all the existing functional tests so that they work with http://paste.openstack.org/show/801610/ | 21:27 |
| lbragstad | but i imagine that's a lot of work | 21:28 |
| TheJulia | tosin: sorry, had the name a little wrong https://opendev.org/openstack/bifrost/src/branch/master/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml#L55 | 21:28 |
| tosin | thank you | 21:28 |
| TheJulia | lbragstad: so funny enough, we could set it to http_basic | 21:30 |
| lbragstad | the new TestACL strategy? | 21:30 |
| TheJulia | ironic has a basic auth middleware | 21:31 |
| lbragstad | https://github.com/openstack/ironic-lib/blob/master/ironic_lib/auth_basic.py | 21:33 |
| browzing | so just tested the initramfs image out of CI, no firmware... (this one: https://images.rdoproject.org/centos8/master/rdo_trunk/tripleo-ci-testing/ironic-python-agent.tar) | 21:36 |
| TheJulia | browzing: I suspect it has to do with the source images going into the proess | 21:39 |
| openstackgerrit | Tosin Farai proposed openstack/bifrost master: Test new features added to baremetal_node_action https://review.opendev.org/c/openstack/bifrost/+/770669 | 21:39 |
| TheJulia | they are building form the old ironic-agent element deprecated in diskimage-builder | 21:40 |
| browzing | interesting... | 21:40 |
| *** hoonetorg has quit IRC | 21:43 | |
| TheJulia | browzing: okay, it is Centos-Stream | 21:52 |
| TheJulia | no firmware is present in that | 21:52 |
| *** rcernin has joined #openstack-ironic | 21:59 | |
| TheJulia | browzing: https://review.opendev.org/c/openstack/tripleo-common/+/770671 should fix the issue your hitting | 22:02 |
| browzing | fantastic, been watching with popcorn whilst symlinking to older initramfs's :) | 22:07 |
| browzing | Thanks a ton for wading through that TheJulia | 22:07 |
| erbarr | TheJulia, I tried both removing the trait from the flavor and adding it to the baremetal node and still getting the error "No valid host was found" | 22:33 |
| browzing | One more question, what's the timeline for the PR approval, fix rollout, and image build being live? | 22:34 |
| TheJulia | did you give things 3 minutes? | 22:34 |
| openstackgerrit | Lance Bragstad proposed openstack/ironic master: Attempt to slim down protection test base class https://review.opendev.org/c/openstack/ironic/+/770673 | 22:35 |
| lbragstad | TheJulia ok - i think i have things working, but with less cache data and less implementation details of ksm | 22:35 |
| lbragstad | tox -e py3 -- ironic.tests.unit.api.test_acl.TestACLBasic passes for me | 22:35 |
| TheJulia | browzing: hjensas already has +2'ed it, so I expect it will be merged tomorrow morning | 22:35 |
| TheJulia | lbragstad: yay! | 22:35 |
| browzing | cool thank you all - you're lovely :p | 22:36 |
| TheJulia | lbragstad: I'm a few patches down the chain revising now so I can integrate it and evolve it | 22:36 |
| lbragstad | TheJulia ok - feel free to run with it | 22:36 |
| lbragstad | but - i ripped most of the ksm stuff out and all the cache data, it looks like you already removed a bunch of it anyway | 22:37 |
| lbragstad | the side-effect is that it pushes the request authorization headers closer to the tests, which isn't a bad thing IMO, but i'll defer to whatever ironic folks are comfortable with | 22:37 |
| TheJulia | Yeah, I don't know, dmitry really doesn't like the mock usage at all, but... I mean... the happy paths are extremely limited | 22:40 |
| lbragstad | yeah - i can understand that | 22:41 |
| lbragstad | the good thing is the the mock is pretty simple | 22:41 |
| TheJulia | yeah | 22:41 |
| lbragstad | we're really just mocking one method and it isn't doing anything | 22:42 |
| TheJulia | and kind of backing away from the auth side checks, and focusing on roles, it keeps it more simple | 22:42 |
| TheJulia | two methods in a later patch | 22:42 |
| TheJulia | because we need to block it from trying to call the conductor | 22:42 |
| lbragstad | mmm | 22:42 |
| TheJulia | all of the policy checks are in the api | 22:42 |
| lbragstad | ok | 22:46 |
| lbragstad | that's good | 22:46 |
| openstackgerrit | Tosin Farai proposed openstack/bifrost master: Test new features added to baremetal_node_action https://review.opendev.org/c/openstack/bifrost/+/770669 | 22:54 |
| janders | good morning Ironic o/ | 23:01 |
| *** rh-jelabarre has quit IRC | 23:17 | |
| janders | guilhermesp thank you for sending through the outputs. From this, it would seem that your devices don't support NVMe sanitize (and I am yet to find any that do! :). However different flavours of secure format will likely work. Have you tested any nvme-cli commands against those drives? If so I'd be interested to learn more and if not I can give you | 23:26 |
| janders | some things to try and see what approaches work. | 23:26 |
| *** pmannidi has joined #openstack-ironic | 23:33 | |
| openstackgerrit | Tosin Farai proposed openstack/bifrost master: Test baremetal_node_action https://review.opendev.org/c/openstack/bifrost/+/770679 | 23:36 |
| janders | TheJulia regarding the midcycle - would 7pm UTC be an option? That's 5am here. So far I marked 2pm UTC timeslots (midnight here) and see how popular those are. Thank you! | 23:38 |
| TheJulia | I would be okay with it, but I don't know how many of the EU folks would be willing | 23:39 |
| janders | I understand. Let's see what responses come in and I might bring the idea up again. Thanks TheJulia! :) | 23:45 |
| TheJulia | janders: I added more time windows | 23:48 |
| *** rloo has quit IRC | 23:52 | |
| janders | awesome, thank you TheJulia. I put in my times including the extra slots (I don't know what happened to my first submission, it didn't save correctly - but that turned out good in the end :) | 23:54 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!
