| vanou | good morning ironic | 01:04 |
|---|---|---|
| *** JasonF is now known as JayF | 02:17 | |
| janders | hey vanou | 04:28 |
| vanou | Hi janders | 04:48 |
| arne_wiebalck | Good morning janders vanou and Ironic! | 07:26 |
| jssfr | good morning Ironic. | 07:28 |
| rpittau | good morning irocnic! o/ | 08:05 |
| rpittau | yep, managed to write that wrong | 08:05 |
| vanou | Hi arne_wiebalck | 08:07 |
| arne_wiebalck | hey jssfr and rpittau, good morning o/ | 08:12 |
| rpittau | hey arne_wiebalck :) | 08:12 |
| zigo | rpittau: Hi there! Any progress regarding https://bugs.debian.org/1026524 ? | 11:01 |
| rpittau | zigo: unfortunately no progress, haven't had the chance to look at it after the first time | 11:03 |
| rpittau | I'll see if I have time today or tomorrow | 11:03 |
| zigo | That'd be great. | 11:03 |
| iurygregory | good morning Ironic | 11:39 |
| kubajj | Good morning Ironic! | 11:53 |
| rpittau | zigo: I see debian is using py3.11 with stable/zed, I'm sure you're aware that is not supported; besides that I was able to reproduce the issue on master with python 3.11.1 | 13:03 |
| zigo | rpittau: As always, contrary to what everyone believes, Debian is always "on the edge" and we get new version of components early in unstable. No choice, I have to support it ... | 13:04 |
| dtantsur | is it mocking again? | 13:04 |
| zigo | I wrote already *many* Py 3.11 patches. | 13:04 |
| zigo | Something like 3 dozen ... | 13:04 |
| * dtantsur should probably read the bug before asking | 13:04 | |
| rpittau | dtantsur: not sure if it's mocking, it's an issue with the threading module | 13:04 |
| zigo | dtantsur: Riccardo found out that the issue is also present in the latest 3.10 revision ! (ie: 3.10.6 doesn't have the issue, but 3.10.9 does) | 13:06 |
| rpittau | it happends with the latest versions of python 3.10 and 3.11 | 13:06 |
| rpittau | yep | 13:06 |
| dtantsur | hmmm, where did we take is_locked from, it seems to be just locked.. | 13:06 |
| zigo | rpittau: I'm quite convince that I should have a working OpenStack with 3.11 at this time. It's hard for me to test, since we don't have puppetserver yet (we're working on finishing its packaging), but if there's issue, I probably can fix them during the Bookworm freeze. | 13:07 |
| zigo | It was like this for Victoria & Bullseye already... and it worked out kind of well at the end. | 13:08 |
| dtantsur | rpittau: is_locked comes from our code but is somehow used on an upstream lock. I wonder if it's bad mocking nonetheless. | 13:08 |
| rpittau | dtantsur: the offending test is in node_cache, in the release_lock | 13:08 |
| rpittau | I also suspect mocking, I haven't had the time to check the changes between 3.11.0 and 3.11.1, probably something got "fixed" | 13:09 |
| rpittau | oh mmm, I wonder if it's https://github.com/python/cpython/pull/100740 | 13:10 |
| dtantsur | rpittau: no, it's a tiny stupid typo. Lemme show. | 13:11 |
| rpittau | ockam razor it is :) | 13:11 |
| dtantsur | or no? hmm, hold on | 13:11 |
| dtantsur | okay, at least I'm also reproducing it | 13:17 |
| rpittau | it's quite easy with latest Fedora :D | 13:17 |
| dtantsur | rpittau: I have a bad feeling that maybe Mock() objects have a _lock attribute.... | 13:19 |
| rpittau | mmm yeah | 13:19 |
| rpittau | maybe this change? https://github.com/python/cpython/pull/98797/files | 13:19 |
| dtantsur | yep, confirmed | 13:19 |
| * dtantsur is pondering the best way to fix it without affecting the Mock class itself | 13:25 | |
| opendevreview | Dmitry Tantsur proposed openstack/ironic-inspector master: Rename NodeInfo._lock to avoid conflict with Mock._lock in tests https://review.opendev.org/c/openstack/ironic-inspector/+/869719 | 13:31 |
| dtantsur | rpittau, zigo, ^^^ | 13:31 |
| dtantsur | I don't have 3.11, try it if you do | 13:31 |
| zigo | Ah, thanks ! :) | 13:31 |
| rpittau | yeah, I don't see another solution if not renaming that | 13:31 |
| zigo | Let me try. | 13:31 |
| rpittau | let me test | 13:31 |
| rpittau | looks ok on FC37 with python 3.11.1, it was failing without the patch | 13:32 |
| rpittau | heh, should've checked the changelog sooner :/ | 13:33 |
| zigo | One hunk fails, I have to apply manually. | 13:34 |
| * zigo is building the ironic-inspector package with the patch. | 13:39 | |
| zigo | dtantsur: rpittau: +2w from my side ! :) | 13:40 |
| zigo | I'm "fixing" the patch header, and uploading the fixed package ... :P | 13:41 |
| rpittau | awesome, I really hope we'll have a py3.11 non voting job soon | 13:41 |
| zigo | dtantsur: Thanks a lot. | 13:41 |
| opendevreview | waleed mousa proposed openstack/ironic-python-agent master: update NVIDIA NIC firmware images and settings by ironic-python-agent https://review.opendev.org/c/openstack/ironic-python-agent/+/566544 | 13:41 |
| dtantsur | you're always welcome | 13:41 |
| zigo | rpittau: By the time we get it, I'll have all py3.11 patches in good order ! :) | 13:41 |
| rpittau | for sure! :D | 13:42 |
| zigo | Only the Cinder one's missing now ... | 13:42 |
| opendevreview | Jakub Jelinek proposed openstack/ironic master: API for node inventory https://review.opendev.org/c/openstack/ironic/+/866876 | 13:42 |
| kubajj | dtantsur, TheJulia: I tried to implement most of your comments from before the holidays. Now I just need to fix the tests. Any suggestions on how to check that the data retrieved is what was intended for swift? | 13:44 |
| dtantsur | kubajj: I happily forgot what we discussed :) Do you have a WIP patch to comment on? | 13:46 |
| kubajj | dtantsur: It's the one I just pushed to above my message ;) | 13:46 |
| dtantsur | haha, fair | 13:46 |
| dtantsur | kubajj: left a comment | 13:48 |
| kubajj | dtantsur: thanks | 13:49 |
| * zigo uploaded ironic-inspector_11.1.0-2_source.changes | 13:53 | |
| opendevreview | Riccardo Pittau proposed openstack/ironic master: [WIP] [PoC] A metal3 CI job https://review.opendev.org/c/openstack/ironic/+/863873 | 13:56 |
| TheJulia | Anyone thought of more last minute Summit CFP items? | 14:13 |
| * dtantsur will be reading, not writing this time :) | 14:13 | |
| iurygregory | I'm finishing my proposal today | 14:20 |
| TheJulia | less than 10 hours left :) | 14:20 |
| iurygregory | Are we submitting something for Project Onboarding for Ironic in Forum? | 14:21 |
| iurygregory | or Working Groups/BoFs =) | 14:22 |
| opendevreview | Jakub Jelinek proposed openstack/ironic master: API for node inventory https://review.opendev.org/c/openstack/ironic/+/866876 | 14:22 |
| iurygregory | It would be a good thing I would say... | 14:23 |
| kubajj | TheJulia: I am now looking at your comment about rbac testing https://review.opendev.org/c/openstack/ironic/+/866876/comments/85d6154c_815964ad What is the expected behaviour for the inventory. Shouldn't anyone be able to access it? | 14:40 |
| TheJulia | iurygregory: I think it makes sense to submit a BOF or something at a minimum. I've been wondering about an operator feedback session | 14:41 |
| TheJulia | kubajj: so, today, inspector is an Admin-only service inside a scope of system usage. So, only the most privileged of users can access the data | 14:41 |
| iurygregory | ++ to an operator feedback session also | 14:41 |
| iurygregory | I'm wondering if JayF submitted something.. .-. | 14:42 |
| TheJulia | part of that is by limitation, but also need. There is no need for random user to be able to access a bunch of serial numbers inside of a server chassis | 14:42 |
| TheJulia | The funny thing about serial numbers, is you can generally begin to bypass support verification processes because possession of such information gets viewed as making one authoritative | 14:43 |
| TheJulia | for example... I always found it amusing when you could look at Telco room photos and see giant printouts with circuit IDs... because you could take that circuit ID, and a little extra information via Open Source Intellegence or Social Engineering and use that to do naughty things like... have telecom circuits shut off. | 14:44 |
| TheJulia | I don't think JayF has submitted, hopefully he will be around today so we can confirm | 14:46 |
| TheJulia | I think he was looking at the date and punting for now since Forum stuff is still open after today | 14:46 |
| kubajj | TheJulia: do I need to set the privilege scope somewhere? | 14:47 |
| TheJulia | no, you've done it correctly in that | 14:47 |
| TheJulia | your missing testing entries | 14:47 |
| TheJulia | uhh... I have an example here, granted this is a *massive* change, but you'll kind of see what is going on | 14:47 |
| TheJulia | kubajj: Take a look at the two yaml files I'm editing in https://review.opendev.org/c/openstack/ironic/+/869614 | 14:48 |
| TheJulia | now, in that *specific* change, I'm adding an entirely new "service" role to be supported | 14:49 |
| TheJulia | so, the impact is kind of massive | 14:49 |
| * TheJulia looks for a smaller single API change | 14:49 | |
| TheJulia | kubajj: if you look at https://review.opendev.org/c/openstack/ironic/+/803855 the two yaml files are edited | 14:51 |
| kubajj | TheJulia: for admin headers it should be 200 and for anybode else a 404, right? | 14:52 |
| TheJulia | system admin and owner admin headers | 14:54 |
| TheJulia | uhh... 404 or 403 depending on if the node itself can be viewed I think | 14:54 |
| TheJulia | 404 if the user has no rights to see the node | 14:54 |
| TheJulia | err | 14:55 |
| TheJulia | depends on discoverability I guess | 14:55 |
| TheJulia | first pass, give it a spin, when you run the unit tests, you'll see if you've got things mismatched | 14:55 |
| kubajj | TheJulia: yeah, I am getting a 404 (even for admin though) | 14:56 |
| kubajj | is owner admin the scoped member? (in the test_rbac_system there does not seem to be owner admin header) | 14:56 |
| TheJulia | in test_rbac_system_scope, there is no concept of owner | 14:58 |
| TheJulia | it is only "the system" | 14:58 |
| TheJulia | I'd start with system scope and then do project scope | 14:58 |
| TheJulia | so you *might* need to add in some mock or stub data | 14:59 |
| kubajj | ok, thanks | 14:59 |
| TheJulia | kubajj: if you look at https://review.opendev.org/c/openstack/ironic/+/803855/10/ironic/tests/unit/api/test_acl.py | 14:59 |
| TheJulia | you can see what was done there | 14:59 |
| JayF | iurygregory: TheJulia: I've submitted nothing for anything | 15:08 |
| TheJulia | it must be part of your evil plan! | 15:09 |
| TheJulia | :) | 15:09 |
| JayF | my evil plan to [checks notes] actually complete some stuff on my list before adding to it ;) | 15:09 |
| TheJulia | an excellent evil plan! | 15:09 |
| iurygregory | JayF, ack tks! | 15:20 |
| iurygregory | I'm going to grab lunch and after it I will start working on the Forum submissions | 15:20 |
| iurygregory | if anyone is interested let me know and I will add you to the submission | 15:28 |
| * TheJulia raises hand | 15:28 | |
| kubajj | TheJulia: is something wrong here? https://review.opendev.org/c/openstack/ironic/+/866876/8/ironic/common/policy.py It is allowing readers to access it for reason | 15:43 |
| TheJulia | all readers, or just owner readers? | 15:48 |
| kubajj | TheJulia: It seems like all readers (reader_headers) in system scoped | 15:49 |
| TheJulia | that is correct | 15:50 |
| TheJulia | system scope is like... the operators/admins of the cloud | 15:50 |
| TheJulia | so you may have inventory/audit processes that only have reader access | 15:50 |
| TheJulia | humans generally wouldn't have that role unless they are admins or managers of the cloud itself in system scope | 15:50 |
| kubajj | Oh, so I should check in project scope for some non-owner readers? | 15:50 |
| TheJulia | so in project scope, I would imagine lesses wouldn't be able to access | 15:50 |
| TheJulia | but owners would | 15:50 |
| TheJulia | does that help make more sense? | 15:51 |
| kubajj | yeah, I think I understand a bit more now, thanks | 15:51 |
| JayF | FYI I'm going live with my OSS Office Hours in ~8 minutes @ youtube.com/jayofdoom ... unless folks come by with questions; I'm going to be working on node shardingh | 15:52 |
| TheJulia | ack, I'll be around if you have questions, I need to work on a promo document | 15:52 |
| JayF | I think I'll be working on sorting by lists-of-shards | 15:53 |
| JayF | which is just going to be no magic, just do it the long way lol | 15:53 |
| kubajj | TheJulia: what are the leased nodes? | 15:53 |
| kubajj | https://review.opendev.org/c/openstack/ironic/+/803855/10/ironic/tests/unit/api/test_acl.py#409 | 15:53 |
| JayF | node.lessee != null | 15:54 |
| JayF | means it's leased | 15:54 |
| JayF | and that gives extra access to the project in that field | 15:54 |
| JayF | (node.owner is to "node owner" as node.lessee is to "node leasee") | 15:54 |
| kubajj | but they are not the owner, right? | 15:54 |
| JayF | I own an ironic node | 15:54 |
| JayF | I lease it to you so you can do stuff with it | 15:54 |
| JayF | it's two separate fields | 15:55 |
| TheJulia | Jay can take back that node at any time | 15:55 |
| TheJulia | because he is semi-evil :) | 15:55 |
| TheJulia | </joking> | 15:55 |
| JayF | I mean, in this scenario I'm an LL, it's a given ;) /s | 15:55 |
| TheJulia | The use case was there is a giant disaster recovery data center, the hardware needs to be on/used, but has to be available to be recovered by the owner should a disaster occur | 15:56 |
| TheJulia | That same hardware *cannot* run the DR workload, unless a disaster is declaired | 15:56 |
| JayF | There are other use cases around multitenant-ironic to use lessee for, too | 15:56 |
| TheJulia | declared | 15:56 |
| TheJulia | oh yes, but I'm speaking in regards to the original | 15:56 |
| JayF | at least ones I dreamed of when I worked at the big purple LOL | 15:56 |
| TheJulia | kubajj: https://docs.openstack.org/ironic/latest/admin/secure-rbac.html | 15:58 |
| TheJulia | hopefully everything you *ever* wanted to know about rbac in ironic | 15:58 |
| kubajj | thanks | 15:59 |
| kubajj | so anybody leasing a node can't see introspection data is what I'm aiming for? | 16:00 |
| opendevreview | Jakub Jelinek proposed openstack/ironic master: API for node inventory https://review.opendev.org/c/openstack/ironic/+/866876 | 16:01 |
| kubajj | TheJulia, dtantsur: If you wanted to help me win this not-a-race for 1.81 and had a minute to review ^ please do. I need to have something to eat now, but will be back later. | 16:06 |
| opendevreview | Merged openstack/ironic master: Use association_proxy for ports node_uuid https://review.opendev.org/c/openstack/ironic/+/862933 | 16:08 |
| JayF | TheJulia: I wouldn't hate some guideance on these project_scoped rbac tests | 16:13 |
| dtantsur | kubajj: will try to, but probably needs to wait until tomorrow. too much other stuff after vacation :) | 16:14 |
| kubajj | dtantsur: thanks | 16:15 |
| * JayF might have just figured it out but not sure | 16:15 | |
| TheJulia | not sure sounds... good? maybe? | 16:20 |
| TheJulia | what does the test results say? | 16:20 |
| TheJulia | JayF: there is | 16:22 |
| JayF | I think I figured it out | 16:26 |
| JayF | now just trying to see if there is any magic to getting a list of shards filtered | 16:27 |
| JayF | doesn't look like we have anything else in our API that filters that way, afaict | 16:27 |
| TheJulia | kind of, but you might have to modify the query handling in the dbapi | 16:28 |
| TheJulia | to join/remove the parameter | 16:28 |
| JayF | it looks like now, all of our "multiple" ones are like | 16:29 |
| JayF | uuid="1111-1111-1-11" vs uuids_id="111-111-111","222-222-222" | 16:29 |
| TheJulia | yeah, I think that is what I saw | 16:29 |
| TheJulia | on the screen at least | 16:29 |
| TheJulia | err | 16:29 |
| TheJulia | hmm | 16:29 |
| rpittau | goodnight! o/ | 16:36 |
| dtantsur | TheJulia: can I torture you about meta tags for our web site being not quite correct? Or should it be someone else? | 16:38 |
| * dtantsur is trying to figure out from the source | 16:39 | |
| TheJulia | dtantsur: is it something we an just fix by editing the generated code output? | 16:39 |
| TheJulia | I was about to ask that.... | 16:39 |
| dtantsur | TheJulia: ideally not | 16:39 |
| TheJulia | JayF: _in ? | 16:39 |
| dtantsur | TheJulia: are you still on internal slack? | 16:40 |
| TheJulia | JayF: go dbapi my friend | 16:40 |
| TheJulia | dtantsur: I can be | 16:40 |
| dtantsur | TheJulia: I shared a message to you that illustrates the problem. The meta tags are always from the main page, so when you paste a link to the blog post, the preview is quite off (the same problem will happen in twitter/mastodon). | 16:41 |
| dtantsur | some stuff is coming from src/content/site-metadata.json | 16:41 |
| TheJulia | hmm | 16:42 |
| TheJulia | I suspect it is a question for josh@openinfra.dev | 16:42 |
| dtantsur | This is the actual email? (don't have it in my history) | 16:45 |
| TheJulia | yeah, actual email | 16:45 |
| dtantsur | thx. I'll cc you. | 16:45 |
| dtantsur | sent | 16:50 |
| dtantsur | now to fix the issues rloo found | 16:50 |
| JayF | someone available for a bit to help me with this api-list shenanigans I'm fighting with? | 16:50 |
| JayF | I'm in my office hours but close to the end so I can close it and go async if needed | 16:50 |
| JayF | dbapi layer wants uuid_in and provision_state_in for querying lists | 16:50 |
| JayF | but AFAICT there's nothing at node layer that we have currently that allows filtering by a list | 16:51 |
| JayF | and/or if there is, I have been unable to find where it is | 16:51 |
| JayF | so if this is a net new thing; that's OK, I know how to make it work on the dbapi side now; but I do not know the right place for all that translation to end | 16:51 |
| dtantsur | JayF: what's the exact question? how to represent a list in the API design? | 16:51 |
| TheJulia | so you'd have to add the functionality to query it outright | 16:51 |
| TheJulia | to dbapi's code itself | 16:52 |
| JayF | the code exists in dbapi alreayd | 16:52 |
| JayF | for provision_state, uuid -- I added shards to that list and it should work | 16:52 |
| JayF | but what I don't see it anything, ever, exposing that at an API level | 16:53 |
| * TheJulia raises an eyebrow | 16:53 | |
| JayF | (nor do I really see inside-ironic code utilizing that dbapi ability to query for multiples; except for in the tests) | 16:53 |
| JayF | so this makes me really, really suspicious I've missed something | 16:53 |
| JayF | or maybe stumbled on something half-done? | 16:53 |
| JayF | https://github.com/openstack/ironic/blob/e91b59c47e28b94e0c84abf0e50dde985e7ca100/ironic/tests/unit/db/test_nodes.py#L394 | 16:55 |
| JayF | scratch that | 16:55 |
| JayF | https://github.com/openstack/ironic/blob/81e10265ce08bd525388111720b91ca10c99bb28/ironic/db/sqlalchemy/api.py#L400 exists | 16:55 |
| JayF | and is only used in this test: https://github.com/openstack/ironic/blob/e91b59c47e28b94e0c84abf0e50dde985e7ca100/ironic/tests/unit/db/test_nodes.py#L394 and this code https://github.com/openstack/ironic/blob/8811b9b1f56ba6a074160ddca8139f3543dd453a/ironic/conductor/allocations.py#L116 | 16:55 |
| JayF | I'm thinking I need to add something to node api code somewhere, looking at shard, and doing a split on , then seeing if I have >1, and if I do, flip the filter to shard_in instead of shard | 16:56 |
| TheJulia | Yeah, I think that is what you'd need to do | 16:56 |
| TheJulia | simple enough right? | 16:56 |
| JayF | So I have two basic questions: 1) Is my basic understanding right? Have I obviously missed something? (sounds like no) | 16:56 |
| TheJulia | just confusing | 16:56 |
| JayF | 2) Where should that go? _get_node_collection in api layer? | 16:56 |
| TheJulia | I don't thin your missing anything, I've got the same feeling | 16:56 |
| TheJulia | yeah, _get_node_collection sounds right to me | 16:56 |
| JayF | ack | 16:57 |
| JayF | seeing half done stuff is really, really good at raising the "something is wrong" without the flag as to what :? | 16:57 |
| dtantsur | TheJulia, rloo, https://github.com/OpenStackweb/ironic-website/pull/53 | 16:58 |
| JayF | oh dammit, I owe you a zoom link | 16:58 |
| JayF | wait, didn't I give you one? | 16:59 |
| dtantsur | JayF: are we ready to publish it? | 16:59 |
| TheJulia | JayF: in an hour | 16:59 |
| dtantsur | you suggested we don't do it too far in advance | 16:59 |
| TheJulia | err. dofferemt tjomg | 16:59 |
| dtantsur | (maybe it's not too far any more) | 16:59 |
| JayF | oh, oh yeah that's right | 16:59 |
| JayF | I don't want folks brute forcing my room LOL | 17:00 |
| dtantsur | TypeError: Cannot read property 'match' of undefined | 17:02 |
| dtantsur | ....... | 17:02 |
| TheJulia | huh? | 17:25 |
| dtantsur | TheJulia: this is in my website PR | 17:25 |
| * TheJulia blinks | 17:25 | |
| dtantsur | okay, at least I finally guessed which distribution is compatible with building our website (debian 11) | 17:26 |
| dtantsur | I have a strong feeling it does not understand the markdown feature I'm using. Sigh. | 17:45 |
| dtantsur | hopefully fixed: https://github.com/OpenStackweb/ironic-website/pull/53 | 17:48 |
| dtantsur | TheJulia: also, not sure what you think about https://github.com/OpenStackweb/ironic-website/pull/54, but I found no other way to hack on the web site | 18:14 |
| dtantsur | on this positive note - have a nice evening | 18:14 |
| iurygregory | TheJulia, should I add you to both BoF and Forum? | 19:41 |
| iurygregory | I think both would fit under presentation or I'm wrong? | 19:42 |
| TheJulia | iurygregory: sure, it can always be changed later | 19:48 |
| opendevreview | Jay Faulkner proposed openstack/ironic master: API support for CRUD node.shard https://review.opendev.org/c/openstack/ironic/+/866235 | 22:40 |
| JayF | TheJulia: would hooking up comma-separated-GET-filtering for things like uuid/provision_state be a need-a-new-api-version change? | 22:40 |
| -opendevstatus- NOTICE: One of our CI job log storage providers appears to be having trouble with log uploads and retrievals. We are in the process of removing that provider from the pool. | 22:44 | |
| JayF | well, it's trivial to hook up now at least. Just add provision_state and uuid to the constant I added to node.py in ^^ that change | 22:45 |
| opendevreview | Merged openstack/ironic-ui master: Fix tox4 errors https://review.opendev.org/c/openstack/ironic-ui/+/868755 | 23:36 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!