Tuesday, 2024-01-16

« Monday, 2024-01-15 Index Wednesday, 2024-01-17 »
opendevreviewTakashi Kajinami proposed openstack/ironic master: Enforce a supported value for [deploy] image_server_auth_strategy  https://review.opendev.org/c/openstack/ironic/+/90563902:51
opendevreviewTakashi Kajinami proposed openstack/ironic master: Validate [deploy] image_server_auth_strategy  https://review.opendev.org/c/openstack/ironic/+/90563902:52
opendevreviewTakashi Kajinami proposed openstack/ironic master: [deploy] image_server_password should be secret  https://review.opendev.org/c/openstack/ironic/+/90564002:56
opendevreviewTakashi Kajinami proposed openstack/ironic master: Validate [deploy] image_server_auth_strategy  https://review.opendev.org/c/openstack/ironic/+/90563903:01
opendevreviewTakashi Kajinami proposed openstack/ironic master: Validate [deploy] image_server_auth_strategy  https://review.opendev.org/c/openstack/ironic/+/90563903:38
tonybiurygregory: Are you done with: https://review.opendev.org/c/openstack/project-config/+/904012 Did you regain access to your pypi account?05:44
rpittaugood morning ironic! o/08:09
opendevreviewTakashi Kajinami proposed openstack/ironic master: Validate [deploy] image_server_auth_strategy  https://review.opendev.org/c/openstack/ironic/+/90563909:46
iurygregorytonyb, not yet, https://github.com/pypi/support/issues/270811:23
iurygregorygood morning Ironic11:23
opendevreviewIury Gregory Melo Ferreira proposed openstack/ironic master: RedfishFirmwareInterface - Unit Tests & More logs  https://review.opendev.org/c/openstack/ironic/+/90337914:28
opendevreviewJulia Kreger proposed openstack/ironic master: Revert "RBAC: Fix allocation check"  https://review.opendev.org/c/openstack/ironic/+/90553915:11
*** Continuity__ is now known as Continuity15:48
rpittaugood night! o/17:08
JayFo/17:12
iurygregoryhey JayF o/17:15
JayFhowdy17:15
JayFI thought for a sec you might need something then I realized my goodnight to riccardo is my hello to the channel for the day too :D 17:16
iurygregoryyeah =)17:17
iurygregorydoing good17:17
JayFThat's a tough thing to be doing back from vaca this short of time :D 17:18
JayFusually takes a while to get my motor running at lease 17:18
JayF*least17:18
iurygregoryyeah, I'm still a bit slow to remember my priorities lol17:18
iurygregory5 things on my list, "ok this seems easy, let me work on this task" (it wasn't) =P17:19
opendevreviewJay Faulkner proposed openstack/ironic master: DNM: Testing against devstack perf enhancements  https://review.opendev.org/c/openstack/ironic/+/90574317:35
opendevreviewMerged openstack/ironic master: Revert "RBAC: Fix allocation check"  https://review.opendev.org/c/openstack/ironic/+/90553918:40
opendevreviewMerged openstack/ironic master: [deploy] image_server_password should be secret  https://review.opendev.org/c/openstack/ironic/+/90564018:52
opendevreviewMerged openstack/ironic master: docs: add distribution specific chain of trust warning around grub  https://review.opendev.org/c/openstack/ironic/+/90459718:52
opendevreviewMerged openstack/ironic-python-agent master: Add missing headers to the inspection callback  https://review.opendev.org/c/openstack/ironic-python-agent/+/90512619:17
opendevreviewMerged openstack/ironic-python-agent master: Support several API and Inspector URLs  https://review.opendev.org/c/openstack/ironic-python-agent/+/90399919:17
samcat116Question for those here deploying Ironic via Kolla-ansible. Are you running the ironic tftp/http services on the "internal" interface (where DB, MQ, and other internal APIs run) like it defaults to, or on some other interface. 19:18
opendevreviewJulia Kreger proposed openstack/ironic master: Revert "Revert "RBAC: Fix allocation check"" to use Unauthorized  https://review.opendev.org/c/openstack/ironic/+/90578419:19
TheJuliadtantsur: fixed^19:19
JayFsamcat116: So you'll need the tftp/http services on the same interface that your "target" hosts are (e.g. the hosts Ironic will be deploying to)19:24
JayFsamcat116: what interface that is in a KA environment likely depends on how your environment is seutp19:24
samcat116Does that mean the same as the provisioning network? thats what I've done in the past, however in an OVN setup the port I have for the provisioning network is owned by OVN, so that interface can't have an IP on the controller19:27
wncsllnhello folks o/, anyone already deploy a baremetal with ironic and configure to use SGX instructions?19:36
JayFI'm not sure how you'd get that setup in OVN; but I do know that the TFTP/HTTP servers need to be accessible from the target hosts. TheJulia has done some testing/documentation w/r/t running Ironic in OVN19:37
JayFbut there is some significant limitations I believe19:37
JayFsamcat116: assuming you've seen https://docs.openstack.org/ironic/latest/admin/ovn-networking.html19:37
samcat116yeah the OVN part of it is working just fine19:37
JayFokay cool19:37
JayFyeah, I just don't know the shape of it in OVN :/ sorry for not having more help for you19:38
samcat116Thats ok, it was more of an operational question for folks running ironic and OVN19:38
TheJuliaSo the provisioning network just needs to be abel to reach the endpoint of services, nothing dynamically puts the services on a network, it is all rooted in the cloud's configuration19:38
TheJuliaReally, you would want the services on a separate network/interface and *not* internal ones19:39
samcat116It works if my provisioning network is routable to the aforementioned "internal" network, but I reaaaally don't want that to be routable 19:39
TheJuliabecause you want the provisioning network to be able to reach the resources19:39
TheJuliayeah, I don't blame you19:39
TheJuliayou'd need some other network, really19:39
samcat116but the split is ironic's dnsmasq needs to listen on the interface for the provisioning network, but then http/tftp will on some other routable network19:40
samcat116I'm just trying to figure out why the Kolla-Ansible config defaults this way19:40
TheJuliaironic's dnsmasq?!19:41
TheJuliawhat is that dnsmasq serving? DHCP for the OVN network?19:42
samcat116sorry, Kolla-ansible spins up a dedicated dnsmasq container called "ironic_dnsmasq" for inspector to use19:42
TheJuliaokay, yeah, that is *entirely* separate, more so to support out of band introspection/hardware discovery use cases19:42
TheJuliathe model is you start by attaching the hardware to the provisioning network to start and then move the hardware from that network as time moves on19:42
TheJuliawith up to date OVN, as long as your not using IPv6, you can use the OVN dhcp service as well, just for extra context19:43
samcat116Yep im doing that just fine19:43
samcat116Its just figuring out what IPs the tftp/http server live on and what ovn dhcp therefore gives out19:44
samcat116I'd almost need two interfaces on each controller on the provisioning network, one for OVN to grab and one for tftp/http to listen on19:45
samcat116making it another network seems a bit silly19:45
TheJuliafor nodes being provisioned, ironic asserts that toneutron19:45
TheJuliaOr you want to be able to go "I want the tftp/http to be bound off this ovn network19:45
TheJulia"19:46
samcat116yeah the second one. Basically say 192.168.1.0/24 is the provisioning network, there'19:46
samcat116there's not an easy way for tftp/http to listen on that if ovn owns the interface for that network on the controller19:46
TheJuliaUnfortunately we don't have an ability or tool to do that. We discussed that in part, but there was lots of mixed feelings in part because it requires carrying a lot of extra complexity when the address could just be a loopback on the host.19:51
samcat116Oh thats true I could put it on the loopback19:54
TheJuliaa loopback, you just want $something to be able to respond to the traffic someplace in a way which is routable19:54
TheJuliaas long as everything in the core of the networking knows how to reach $addresses19:54
opendevreviewMerged openstack/bifrost master: Uplift default Ansible version to 8.x  https://review.opendev.org/c/openstack/bifrost/+/90395020:04
opendevreviewMerged openstack/ironic stable/2023.1: Fix system scoped manageable node network failure  https://review.opendev.org/c/openstack/ironic/+/90508720:38
tonybiurygregory: Okay cool.  I've "subscribed" to that issue so hopefully I wont need to pester you ;P20:55
iurygregorytonyb, in any case, happy to merge the change upstream and we can open again when I need to delete the branch 21:24
iurygregoryTheJulia, hey you still around?21:27
iurygregorytrying to understand your comment in https://review.opendev.org/c/openstack/ironic/+/903379/4/ironic/tests/unit/drivers/modules/redfish/test_firmware.py 21:27
TheJuliaI am stepping f away for a little bit, be back in 15 minutes21:28
TheJuliaErr, stepping away for21:28
iurygregoryack =)21:29
tonybiurygregory: It's fine as is I just didn't want it left that way if the need had passed21:47
iurygregorytonyb, ack =)21:47
TheJuliaiurygregory: o/21:47
TheJuliaiurygregory: I guess what I'm trying to get across, and what I suspecct dmitry is also trying to get across, is we shouldn't be expecting a sushy error to be raised up when calling task.driver.firmware.update()21:48
iurygregoryI understand, but at least in the test we have present test_missing_simple_update_action ( the exception that will happen when simple update service attempts to execute the action ) so the idea would be to add a try / catch a re-raise as RedfishError? 21:53
iurygregoryhttps://review.opendev.org/c/openstack/ironic/+/903379/4/ironic/drivers/modules/redfish/firmware.py#179  https://review.opendev.org/c/openstack/ironic/+/903379/4/ironic/drivers/modules/redfish/firmware.py#20921:53
TheJuliaYeah, I think that is reasonable21:53
iurygregoryack =) will change it21:54
TheJuliaSomething that is *within* ironic's exceptions :)21:54
iurygregorythanks for the help TheJulia o/21:54
iurygregorynow time to go to the gym, get some dinner and be back to work in 3hrs =)21:55
JayFI always think of it like this, and I have no idea if this is the right way to frame it21:56
JayFstuff that goes in node history / last_error is sorta part of our API21:56
JayFand should live in Ironic, not clients, because the clients can change independent of Ironic version21:56
opendevreviewJulia Kreger proposed openstack/ironic master: Disable legacy RBAC policy by default.  https://review.opendev.org/c/openstack/ironic/+/90200922:07
opendevreviewMerged openstack/sushy master: Handle a different related properties for missing TransferProtocolType  https://review.opendev.org/c/openstack/sushy/+/90488822:56
opendevreviewMerged openstack/ironic-python-agent-builder master: Switch IPA building to Debian Bookworm  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/90316423:34
opendevreviewMerged openstack/ironic-python-agent-builder stable/2023.2: Fix building images for Bullseye and Bookworm  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/90355023:35
opendevreviewMerged openstack/ironic-python-agent-builder master: Drop TripleO job  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/90449123:38
opendevreviewJulia Kreger proposed openstack/ironic master: Handle Power On/Off for child node cases  https://review.opendev.org/c/openstack/ironic/+/89657023:42
* TheJulia calls it a day23:47
« Monday, 2024-01-15 Index Wednesday, 2024-01-17 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!