Wednesday, 2023-10-11

« Tuesday, 2023-10-10 Index Thursday, 2023-10-12 »
opendevreviewSteve Baker proposed openstack/bifrost master: Use preferred URL for upper constraints  https://review.opendev.org/c/openstack/bifrost/+/89787702:27
opendevreviewSteve Baker proposed openstack/bifrost stable/2023.2: Use preferred URL for upper constraints  https://review.opendev.org/c/openstack/bifrost/+/89787802:28
opendevreviewSteve Baker proposed openstack/bifrost stable/2023.1: Use preferred URL for upper constraints  https://review.opendev.org/c/openstack/bifrost/+/89787902:36
opendevreviewSteve Baker proposed openstack/bifrost stable/zed: Use preferred URL for upper constraints  https://review.opendev.org/c/openstack/bifrost/+/89788002:37
stevebaker[m]I'm assuming CI on stable bifrost branches are broken without the above changes, but I don't have any review data to confirm that02:38
opendevreviewMerged openstack/ironic-python-agent master: Retry on checksum failures  https://review.opendev.org/c/openstack/ironic-python-agent/+/89785303:22
opendevreviewSteve Baker proposed openstack/bifrost stable/2023.2: [DNM] check if stable CI is green  https://review.opendev.org/c/openstack/bifrost/+/89791703:27
opendevreviewSteve Baker proposed openstack/bifrost stable/zed: Use preferred URL for upper constraints  https://review.opendev.org/c/openstack/bifrost/+/89788003:47
stevebaker[m]eh, it was a transient 404, those upper URLs are back to returning 301. I'll abandon the above changes03:54
TheJuliaWheeeee03:58
stevebaker[m]no, I figured it out, its wrong in 2023.2, one fix incoming03:59
TheJuliaAhh03:59
* TheJulia tries to get some sleep03:59
opendevreviewSteve Baker proposed openstack/bifrost stable/2023.2: Fix BRANCH for install-deps.sh  https://review.opendev.org/c/openstack/bifrost/+/89787804:01
* stevebaker[m] waves goodnight04:01
opendevreviewVerification of a change to openstack/ironic master failed: Refactor publishing images into a new module  https://review.opendev.org/c/openstack/ironic/+/89767504:17
opendevreviewVerification of a change to openstack/ironic master failed: Add inspection hooks  https://review.opendev.org/c/openstack/ironic/+/89635505:31
rpittaugood morning ironic! o/06:35
opendevreviewVerification of a change to openstack/ironic master failed: Refactor publishing images into a new module  https://review.opendev.org/c/openstack/ironic/+/89767507:27
opendevreviewVerification of a change to openstack/ironic master failed: Add inspection hooks  https://review.opendev.org/c/openstack/ironic/+/89635507:51
dtantsurwow, CI is really unwell Oo08:09
rpittaunah just arm64 fake08:10
dtantsurmmm?08:10
dtantsurah, damn, you're right08:10
rpittauthe latest 2 msgs are arm64 jobs succeding08:10
rpittau:D08:10
rpittauit fooled me too08:11
dtantsurI used to keep that in mind, but this time it got me08:11
haozhouHello everyone, our proposal in openshift/enhancements (https://github.com/openshift/enhancements/pull/1395) has been merged. Within it, there's a section that requires changes to "ironic". Previously, it was mentioned that changes to this section would be discussed in the ironic community. We have a demo of the modified code. 08:26
haozhouI'd like to ask, What's the best way to bring up this discussion? Should I create a story and then submit the code to the community? Or should we discuss it directly in this channel?08:26
dtantsurhaozhou, hi and welcome! Please create an RFE in launchpad with a detailed design (just linking to openshift is not enough, please extract the parts relevant to ironic).08:29
dtantsurThen we can discuss it here or on the next weekly meeting08:29
haozhouok, got it, thanks!08:31
opendevreviewMerged openstack/ironic master: Add inspection hooks  https://review.opendev.org/c/openstack/ironic/+/89635509:47
opendevreviewMerged openstack/ironic master: Refactor publishing images into a new module  https://review.opendev.org/c/openstack/ironic/+/89767509:53
opendevreviewMerged openstack/ironic master: Extract generic image publishing code from image_utils  https://review.opendev.org/c/openstack/ironic/+/89768109:56
dtantsurmasghar: I guess what is missing in terms of hooks is only the LLDP stuff?10:48
dtantsurso, https://review.opendev.org/c/openstack/ironic/+/892661 (now has conflicts)10:49
iurygregorygood morning Ironic11:56
iurygregorydtantsur, fyi I've created https://bugs.launchpad.net/ironic/+bug/2039042 12:22
iurygregoryshould I create new downstream bugs or just track in the ones we have for the no suitable vmedia device?12:22
dtantsurI think the existing downstream one now FailedQA, so it can/should be reused?12:24
iurygregoryyeah, that's what I was thinking12:29
TheJuliagood morning13:15
TheJuliahaozhou: Also, add an entry to https://wiki.openstack.org/wiki/Meetings/Ironic#Agenda_for_next_meeting under RFE review13:16
iurygregorygood morning TheJulia =)13:32
opendevreviewJulia Kreger proposed openstack/ironic-python-agent stable/2023.2: Retry on checksum failures  https://review.opendev.org/c/openstack/ironic-python-agent/+/89796113:33
opendevreviewJulia Kreger proposed openstack/ironic-python-agent stable/2023.1: Retry on checksum failures  https://review.opendev.org/c/openstack/ironic-python-agent/+/89795013:43
TheJuliawoot, we have a CI job running with OVN now14:04
* TheJulia dances14:04
iurygregorydtantsur, in case we don't pass the boot_device, shouldn't we try to eject media from all devices we find media inserted? thinking a bit here while I was adding tests to the eject media14:22
dtantsurTheJulia, congrats!14:22
dtantsuriurygregory, is it about the new API or the bug?14:22
iurygregorythe bug14:22
TheJuliaiurygregory: I would try to eject everything we don't know about/expect14:22
TheJuliapersonally14:23
dtantsurI"m worried about failing on something exotic, but maybe I'm overthinking it14:23
TheJulia"why is it attached? what did we do wrong?" are the questions I would ask, and then that would jump to "did someone do this outside of ironic? why? is this a security incident?!?!"14:23
dtantsur:D14:24
dtantsuryeah, maybe we should just unconditionally remove everything14:24
TheJuliaYeah, we manage the hardware, if people are doing things directly, we really want to know what/why/etc and also to drive our feedback loop14:25
TheJuliaand one offs are a thing, just it likely got forgotten14:25
* TheJulia has sure left forgotten vmedia config in her supermicro box14:25
TheJuliaJayF: low hanging fruit bug for ipa docs opened14:28
TheJuliain ironic... mainly just for visibility purposes14:29
JayFhttps://infosec.exchange/@tychotithonus/111213832445211051 for the recent curl socks vulnerability, should we put out an ossn advising IPA users to rebuild their ramdisk images?14:29
dtantsurdo we use curl? or socks?14:30
TheJuliavulnerabilities, more than one?!14:30
TheJuliawe *do* support socks for the agent14:30
TheJulia*but* hostnames longer than 255 characters should also be invalid, and I don't think we bounds check them anywhere14:30
JayFI don't know why I thought we used curl...14:30
dtantsurIt's possible that we used to back when we had more bash14:31
TheJuliawe use requests, which uses urllib314:31
iurygregoryI'm really puzzled on how our code is working in this test https://github.com/openstack/ironic/blob/master/ironic/tests/unit/drivers/modules/redfish/test_boot.py#L1485 we call eject_vmedia that will call _eject_vmedia but we don't pass any boot_device.. so I don't think it would eject the media, or I'm reading things wrong O.o https://github.com/openstack/ironic/blob/master/ironic/drivers/modules/redfish/boot.py#L25314:31
JayFI think somehow I was thinking IPA used it when we use it during the IPA build14:31
TheJulia... which I thought uses libcurl14:31
JayFBut that is a good point that there is value in us checking the hostname length14:31
TheJuliaJayF: IPA used it *ages* ago back when write_image.sh existed14:31
dtantsurI thought urllib3 was written ~ from scratch14:32
TheJulia... looking!14:32
TheJuliaI know it has a "split me out a curl command" log feature14:33
TheJuliaor maybe that is requests14:34
TheJuliait is clean14:34
TheJuliaso yeah, no need to tell folks to rebuild their ramdisks unless they have code directly invoking curl and they are concerned about the risk, in the mean time it wouldn't be a bad thing to create and backport a bounds check anyway14:35
JayFSo it sounds like no action for us then. Good stuff.14:35
JayFI'd check to see if urllib has a check before we add an additional14:35
JayFHonestly I would probably even try to propose it there if it doesn't have one that way we fix all of openstack and Python.... But I suspect it already checks14:36
TheJuliaI think the longest host name I’ve seen in reality was 80 something characters and that was Steve’s lab14:36
TheJulia… where we found idracs can’t handle more than 64 characters14:36
JayF😂 that's what you call being four times more secure than curl14:37
TheJuliaWe should regardless since hardware managers can grab parameters and it is third party plugin code at that point14:38
JayFI can see that argument. In reality, I personally never seen a third party hardware manager that made a network call.14:39
TheJuliaThat is a good point14:39
JayFMost integrations of that style were done as patches on the conductor because you would need to have credentials to do a network call14:39
TheJuliaI could see grabbing artifacts, and I could see firmware urls in steps14:40
TheJuliaBut that is all python code14:40
TheJuliaAnd if BMC vendors are using curl in their BMCs… we’ll… sigh?!14:41
JayFAnd in any event, the ability to get an oversized host name into any of those places would require the same kind of access that you require to run whatever ramdisk you want to run on the machine anyway14:41
JayFAt least generally speaking ... I'm sure I can devise a bad design of a third party hardware manager that would violate that, but I would have to try14:42
TheJuliaYeah14:42
* TheJulia tries to get her brain back to what she was going to start this morning14:45
opendevreviewRiccardo Pittau proposed openstack/ironic-python-agent bugfix/9.6: Retry on checksum failures  https://review.opendev.org/c/openstack/ironic-python-agent/+/89796814:53
TheJuliarpittau: fwiw, I'm not backporting that past 2023.1 unless we really see a need for it14:55
rpittau9.6 is after 2023.114:56
TheJuliaack14:56
rpittauI'll skip 9.5 as it's almost expired14:57
TheJuliahmmmm dhcp-less, you need a tempest test15:04
rpittaugood night! o/16:07
opendevreviewVerification of a change to openstack/sushy master failed: Fix wrong _get_registry logic in ResourceBase  https://review.opendev.org/c/openstack/sushy/+/89226116:40
opendevreviewVerification of a change to openstack/ironic master failed: CI: Fix our internal MTU settings  https://review.opendev.org/c/openstack/ironic/+/89311216:41
opendevreviewVerification of a change to openstack/ironic master failed: Introduce conductor touch while offline  https://review.opendev.org/c/openstack/ironic/+/89737517:00
opendevreviewIury Gregory Melo Ferreira proposed openstack/ironic master: Make sure we eject media from DVD when CD is requested  https://review.opendev.org/c/openstack/ironic/+/89798917:05
opendevreviewVerification of a change to openstack/ironic stable/yoga failed: redfish_address - wrap_ipv6 address  https://review.opendev.org/c/openstack/ironic/+/89620917:16
opendevreviewVerification of a change to openstack/ironic master failed: CI: Fix our internal MTU settings  https://review.opendev.org/c/openstack/ironic/+/89311217:18
TheJuliaWell, this is awkward. http://download.cirros-cloud.net/17:27
opendevreviewVerification of a change to openstack/ironic stable/xena failed: redfish_address - wrap_ipv6 address  https://review.opendev.org/c/openstack/ironic/+/89621017:28
clarkbfrickler has been helping out with cirros things and may know what happened?17:32
fricklerwhat may have happened is that another year has passed and the domain expired. I'll ping smoser17:39
TheJuliaIs there anything we can do to assist?17:39
opendevreviewMerged openstack/bifrost stable/2023.2: Fix BRANCH for install-deps.sh  https://review.opendev.org/c/openstack/bifrost/+/89787817:42
fricklerwell since this has been happening a couple of times now, we could either decide to consume cirros from github releases or to mirror it. note that CI images already contain the version(s) of cirros that devstack specifies, maybe you can use those directly, too, avoiding any need for a download?17:46
TheJuliaWe download a different image component that afaik is not mirrored17:47
TheJuliaThere is a third option, we could potentially figure out what it would take to fund it if it is just a pay the hosting bill thing17:48
fricklerso far smoser has claimed that funding is not an issue, clicking the "renew" button in time is17:48
TheJuliaAhh, that can be a challenge17:49
opendevreviewIury Gregory Melo Ferreira proposed openstack/ironic master: Make sure we eject media from DVD when CD is requested  https://review.opendev.org/c/openstack/ironic/+/89798917:52
frickleraccording to my logs, smoser has renewed the domain on 2022-08-04 for two years, so might be some other issue now17:55
opendevreviewVerification of a change to openstack/ironic stable/wallaby failed: redfish_address - wrap_ipv6 address  https://review.opendev.org/c/openstack/ironic/+/89637618:00
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/89800619:42
iurygregoryif anyone has some free time for reviews https://review.opendev.org/c/openstack/ironic/+/897989 a quick fix for the https://bugs.launchpad.net/ironic/+bug/2039042 we forgot to handle the case when we were fixing https://bugs.launchpad.net/ironic/+bug/2031595 =)19:45
TheJuliajoy, do we now unattach everything?19:54
iurygregoryif we don't pass the boot_device, yes19:55
iurygregoryif we pass we try to respect it (unless in the case we request as CD and the hardware only has DVD support19:56
opendevreviewJulia Kreger proposed openstack/ironic master: WIP/DNM: Advanced vmedia deployment test ops  https://review.opendev.org/c/openstack/ironic/+/89801019:59
TheJuliathat makes sense19:59
TheJuliaoh neat, the cirros link is back! Thanks frickler and smoser!19:59
iurygregoryMagic \o/20:00
TheJuliadoh, my test needs to ensure there is a config drive20:00
TheJuliablah20:00
iurygregoryit happens20:06
TheJuliayeah20:09
TheJuliait is a complex scenario I'm trying to model in one of our more advanced features, so bound to happen20:10
opendevreviewJulia Kreger proposed openstack/ironic-tempest-plugin master: WIP: Add test for dhcp-less vmedia based deployment  https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/89800621:51
* TheJulia crosses her fingers hoping21:52
iurygregoryI will love if by only running "sudo apt update && sudo apt -y upgrade" before installing devstack it will solve the problem in gophercloud lol22:36
iurygregorynormally the job would fail before 5min, 7min and counting \o/22:37
iurygregoryyay GREEN23:01
iurygregory<insert happy dance gif>23:01
NobodyCamGood Afternoon folks23:08
iurygregoryhey hey NobodyCam o/23:08
NobodyCamhowdy iurygregory o/23:09
opendevreviewJulia Kreger proposed openstack/ironic master: WIP/DNM: Advanced vmedia deployment test ops  https://review.opendev.org/c/openstack/ironic/+/89801023:44
-opendevstatus- NOTICE: Another short Gerrit outage for updates on review.opendev.org. This update ensures we are using the current versions of all Gerrit plugins.23:46
« Tuesday, 2023-10-10 Index Thursday, 2023-10-12 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!