| TheJulia | cid: feedback posted on that, really good job it looks like, just a little more verbosity is needed for context setting, I think. :) | 00:08 |
|---|---|---|
| cid | I just saw it, will definitely incorporate that, ... later today | 00:49 |
| *** mmalchuk_ is now known as mmalchuk | 06:49 | |
| rpittau | good morning ironic! o/ | 08:12 |
| opendevreview | Dmitry Tantsur proposed openstack/sushy master: Handle NotAcceptable when Accept-Encoding: identity is not allowed https://review.opendev.org/c/openstack/sushy/+/914118 | 10:06 |
| dtantsur | Works in our testing ^^^ | 10:06 |
| iurygregory | good morning ironic | 11:06 |
| iurygregory | dtantsur, +2 | 11:28 |
| dtantsur | thx! | 11:49 |
| iurygregory | np | 11:51 |
| *** dking is now known as Guest3972 | 12:27 | |
| *** Guest3972 is now known as dking | 12:29 | |
| *** jamesdenton__ is now known as jamesdenton | 12:32 | |
| TheJulia | good morning | 13:11 |
| opendevreview | Julia Kreger proposed openstack/ironic stable/zed: CI: Lock Zed CI to Zed IPA https://review.opendev.org/c/openstack/ironic/+/914243 | 13:33 |
| rpittau | I wonder if there's a way to get this ^ dynamically | 13:34 |
| TheJulia | absolutely | 13:35 |
| TheJulia | but lets do that on master branch | 13:35 |
| rpittau | yeah | 13:35 |
| TheJulia | ZUUL_BRANCH | 13:35 |
| rpittau | exactly | 13:35 |
| TheJulia | I'm going to jump in the shower and try to get my sinuses to clear, afterwards I'll post it to master branch | 13:37 |
| rpittau | great :) | 13:37 |
| TheJulia | well, magical set | 13:37 |
| opendevreview | cid proposed openstack/ironic-tempest-plugin master: Patch to enforce json extension works in existing API behaviour https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/913926 | 13:45 |
| opendevreview | Julia Kreger proposed openstack/ironic master: ci: automatically set the branch for IPA to match zuul_branch https://review.opendev.org/c/openstack/ironic/+/914250 | 13:58 |
| rpittau | wonderful, thanks TheJulia :) | 14:06 |
| TheJulia | I looked at the others with master, and two of them, afaik are branchless actually, so really it didn't make sense to do much more than IPA | 14:07 |
| TheJulia | (being branchless is not an issue, fwiw) | 14:07 |
| rpittau | yep sounds good | 14:09 |
| opendevreview | Merged openstack/sushy master: Handle NotAcceptable when Accept-Encoding: identity is not allowed https://review.opendev.org/c/openstack/sushy/+/914118 | 14:18 |
| TheJulia | cid: so I guess, reading your ironic API change, the base issue forcing the tempest change is there are tests which explicitly expect the bad behavior regardless of future version. I guess it makes sense then as long as we can get the tempest patch merged without the ironic patch. | 14:23 |
| JayF | TheJulia: I suggested to cid, (1) write a tempest test verifying existing behavior, which can later be modified to have a max_microversion, (2) change behavior behind microversion + add a patch on top of i-t-p to cap max_microversion on the existing test (3) write a test with min_microversion asserting new behavior | 14:25 |
| TheJulia | in that case, and at a glance of the tests, I'm unsure the ironic patch needs to be dependent on the ironic-tempest-plugin patch. | 14:27 |
| JayF | the depends-on will let him use the first test to verify he changed behavior in ironic | 14:27 |
| JayF | remember he doesn't have a reliable local testing environment | 14:27 |
| TheJulia | okay, so the intent is to remove it then before merging, that is fine then | 14:27 |
| TheJulia | yeah | 14:27 |
| JayF | so trying to cradle the changes in lots of testing :) | 14:27 |
| TheJulia | ++ | 14:28 |
| TheJulia | https://zuul.opendev.org/t/openstack/build/829cc68c66ab414f98c76259985bcf69 likely suggests we need to fix the microversion logic in the tempest plugin so skiptest gets applied | 14:31 |
| cid | first i-t-p change validated the existing behavior and the dependence setting showed ironic change (second patchset-ish) failed. | 14:31 |
| TheJulia | since the test cannot run if the server can't see/speak it | 14:31 |
| TheJulia | (1.91 being requested against a 1.90 max api | 14:32 |
| TheJulia | ) | 14:32 |
| TheJulia | okay | 14:32 |
| JayF | TheJulia: I think all that logic is driven by conf, yeah? Remember the patch I had to push to zed(?) | 14:36 |
| TheJulia | This seems to be the big issue with the ironic patch, fwiw: AttributeError: <module 'ironic.api.controllers.v1.utils' from '/home/zuul/src/opendev.org/openstack/ironic/ironic/api/controllers/v1/utils.py'> does not have the attribute 'get_rpc_allocation_with_suffix' | 14:36 |
| TheJulia | JayF: conf is likely a bad expectation to set if the test can clearly know based upon mins/maxes discoverable it is impossible | 14:36 |
| TheJulia | think newer test with older ironic :) | 14:37 |
| JayF | The older ironic would have max_microversion set to "x.yy" in the config and would automatically drop tests for newer microversions | 14:37 |
| JayF | I agree it shouldn't /need/ a conf, all the info is there | 14:37 |
| JayF | but the way it's setup now is one patch per branch (at cut time if we were more disciplined) afaict | 14:37 |
| TheJulia | Yeah, that only makes sense if we were the sole consumer/user of the plugin, but people use the plugins externally and the more knowledge which needs to be encoded in configuration, the signifigantly harder the plugin becomes to use | 14:41 |
| TheJulia | I'll post a patch to it after I eat some breakfast unless I get derailed | 14:41 |
| JayF | Ah, I get what you're saying | 14:41 |
| JayF | I'm thinking only CI use case for i-t-p | 14:41 |
| JayF | when other folks (I'm assuming your downstream included) use it to validate installed clouds | 14:41 |
| TheJulia | yup | 14:42 |
| cid | hmm. I'm fixing the AttributeError now though | 14:47 |
| cid | oh, I see.... :D. | 15:34 |
| opendevreview | Julia Kreger proposed openstack/ironic-tempest-plugin master: WIP: leverage remote microversion without requiring human config https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/914270 | 15:48 |
| TheJulia | I think that might do it | 15:50 |
| TheJulia | I guess we can see how horribly it blows up in CI :) | 15:51 |
| TheJulia | janders: dtantsur: some some folks internally are looking to see if we can upload new secure boot keys via redfish. It looks like Dell supports posting to the Secure Boot Certificate Database, where as HPE does not. I've emailed Nisha directly, if you know of a way, I wonder if it might make sense to turn into a feature | 16:06 |
| rpittau | TheJulia: I think we were talking to the same people :) | 16:06 |
| TheJulia | was the answer basically "uhh... looks like the standard suggests read-only" | 16:07 |
| rpittau | ilo 5 does not provide a way to upload certificates for secure boot using redfish API | 16:07 |
| dtantsur | TheJulia: I did some early research and certain sushy patches. We're not crazily far from it, extensive testing on real hardware will be key | 16:07 |
| TheJulia | They ahppen to be looking at ilo6 | 16:07 |
| TheJulia | Happen | 16:07 |
| TheJulia | But even then, looks read only apparently | 16:07 |
| rpittau | mmm it looks like it was ilo5 for me HP gen 10 - DL380 Gen10 and DL360 Gen10 Plus | 16:08 |
| dtantsur | TheJulia: you need to look at the right place though: redfish is convoluted in this area | 16:09 |
| dtantsur | a mix of CertificateService and actual SecureBoot resources | 16:09 |
| rpittau | anyway, looking at the official HP documentation plus the redfish api explorer it does look like it's read only | 16:09 |
| TheJulia | dtantsur: oh yeah, I already figured that out | 16:09 |
| TheJulia | rpittau: the ilo6 page someone sent me showed GET and Delete only | 16:09 |
| dtantsur | yeah, I left a TODO at the most interesting part https://opendev.org/openstack/sushy/commit/4abea1879fb2296b42590b2235a219e5f0a81d76 :D | 16:10 |
| dtantsur | ah, I did https://opendev.org/openstack/sushy/commit/fa2e0015854b2885e6fbc532a0836a01f2ae329d as well | 16:10 |
| TheJulia | dtantsur: i <3 those todos | 16:10 |
| TheJulia | :) | 16:10 |
| TheJulia | well, I emailed Nisha, we can see what she comes back with | 16:11 |
| dtantsur | https://opendev.org/openstack/sushy/commit/d7983c90b2b808e39116150837e961c3e9b8b7bc has interesting stuff, including comments I no longer remember, as well | 16:11 |
| TheJulia | Heh, yup | 16:12 |
| TheJulia | well aware of that one :) | 16:12 |
| TheJulia | rpittau: https://review.opendev.org/c/openstack/releases/+/914200 has a comment now | 16:14 |
| TheJulia | since doing that double bump has bitten us in the past. | 16:14 |
| rpittau | mmm even if the bump is just to avoid conflicts between dependencies? | 16:16 |
| rpittau | I mean, there are not actual changes in either scciclient or proliantutils, just using pyasn1 instead of pyasn1-lextudio | 16:16 |
| rpittau | mm ok nvm, I read it in reverse :D | 16:18 |
| rpittau | I'll for 24.1.1 | 16:18 |
| arne_wiebalck | Good morning, Ironic! | 16:25 |
| TheJulia | good morning arne | 16:26 |
| rpittau | hey arne_wiebalck :) | 16:26 |
| TheJulia | rpittau: either, or | 16:26 |
| TheJulia | Just the release mapping update needs to go in realistically | 16:26 |
| arne_wiebalck | Hi TheJulia and rpittau (and congrats!) | 16:26 |
| rpittau | arne_wiebalck: thanks! :D | 16:26 |
| rpittau | TheJulia: yes, I'd rather have the bumps in ASAP as I'm scared of dependencies conflict :) | 16:27 |
| TheJulia | rpittau: ++++ do it! | 16:27 |
| arne_wiebalck | We're looking into some issue installing/booting Windows images from Ironic and it seems that https://github.com/openstack/ironic-lib/blob/master/ironic_lib/disk_utils.py#L239 may be too restrictive. | 16:38 |
| arne_wiebalck | I have an EFI partition with an MBR partition table, and the flags read 'boot,lba'. | 16:39 |
| Nisha_Agarwal | TheJulia, hi | 16:46 |
| Nisha_Agarwal | i saw ur mail. One query , could you tell me the screen where you see the UI allows the uploading of New Secureboot keys? probably the URI may not have the "secureboot" in it.... | 16:48 |
| opendevreview | Merged openstack/ironic master: Imported Translations from Zanata https://review.opendev.org/c/openstack/ironic/+/913733 | 16:53 |
| rpittau | arne_wiebalck: two questions: 1) why using MBR? 2) isn't it mandatory for Windows to have the boot partition on GPT if using UEFI? | 16:53 |
| JayF | I think you can EFI boot windows on hybrid GPT which is MBR-ish | 16:54 |
| JayF | I'm not 100% sure what that looks like on disk, I haven't seen it in a long time | 16:54 |
| rpittau | I asked because I was reading from the Microsfot FAQs: "Systems that support UEFI require that boot partition must reside on a GPT disk." | 16:58 |
| JayF | rpittau: I am a retro computer hobbyist, and I'm talking about stuff from like, XP/Vista era that may still exist in some form -- I would be surprised if it's relevant ... but for windows, you can never assume "this is the old way" means it's gone :D | 17:00 |
| rpittau | oh yeah, I get it :) | 17:00 |
| arne_wiebalck | rpittau: 1) I would need to check with the Wind experts if there is a specific reason, it just worked up to now (but "now" (Yoga) Ironic became more strict and it does not anymore) | 17:01 |
| arne_wiebalck | rpittau: 2) I am getting mixed answers from the internet on this, but the physical nodes here say "no" :) | 17:01 |
| JayF | https://www.rodsbooks.com/gdisk/hybrid.html I really, really suspect it's hybrid mbr/hybrid gpt | 17:02 |
| arne_wiebalck | the UEFI spec will just ignore the code in the MBR | 17:02 |
| arne_wiebalck | sorry, the UEFI implementation (following the UEFI spec) will just ignore the code in the MBR | 17:02 |
| JayF | Yeah the hybrid stuff I linked exists in the grey area between the specs | 17:03 |
| rpittau | this may be a problem "When confronted with a hybrid MBR, Windows tries to treat the disk as an MBR disk, ignoring the GPT partitions completely" :D | 17:04 |
| rpittau | or THE problem | 17:04 |
| arne_wiebalck | well, THE problem as I see it at the moment is that Ironic fails for a Win image with an MBR which points to a valid EFI partition | 17:05 |
| JayF | Generally even if it's not a hybrid, I think we're maybe dealing with windows being a little less strict about what is labelled what | 17:05 |
| JayF | "MBR with a valid EFI partition" is hybrid \o/ | 17:05 |
| arne_wiebalck | but, I agree, worth checking if it needs to be MBR | 17:05 |
| JayF | at least I think so(?) | 17:05 |
| arne_wiebalck | :-D | 17:06 |
| JayF | arne_wiebalck: do you know the code change which makes that check pass in your env on yoga? | 17:06 |
| arne_wiebalck | JayF: I need to dig it out, but we ignored some errors in the past and mgoddard made it patch at some point to make it more strict again (which looked ok to me) | 17:07 |
| arne_wiebalck | *made a patch | 17:07 |
| JayF | yeah, sometimes those stackhpc local fixes don't make there way upstream without some prodding :D | 17:07 |
| JayF | s/there/their/ | 17:07 |
| rpittau | I'm just thinking that removing the restriction and allowing UEFI on MBR (or hybrid) would actually be a step back | 17:10 |
| rpittau | also even if it does work I'm not sure it follows the EFI standard | 17:10 |
| JayF | Hybrid MBR is not in the EFI standards at all | 17:10 |
| JayF | it's a microsoft invention | 17:10 |
| arne_wiebalck | Couldn't the code use the partition ID rather than the flags ... ? | 17:11 |
| rpittau | yeah :) | 17:11 |
| JayF | that link above describes it in as much detail as I've seen just about anywhere describe it | 17:11 |
| rpittau | just had a glance | 17:11 |
| JayF | I agree with the sentiment of "should we even support this?" generally, but from arne's perspective we already did, and broke it | 17:11 |
| arne_wiebalck | the function tries to find an EFI partition, so a partition with an EFI partition ID should do | 17:11 |
| JayF | accidentally made things work /o\ lolsob | 17:11 |
| arne_wiebalck | well | 17:12 |
| arne_wiebalck | it worked, since we ignored the error | 17:12 |
| arne_wiebalck | (I think) | 17:12 |
| dtantsur | arne_wiebalck: wdym under "partition ID" in the context of MBR? | 17:15 |
| rpittau | arne_wiebalck: I think we decided to use the flags because we wanted specifically GPT | 17:15 |
| rpittau | I just have some concerns at this point | 17:15 |
| dtantsur | I know we could check for a certain GUID, but it won't help you | 17:15 |
| arne_wiebalck | dtantsur: sorry, partition type as per the MBR partition information | 17:16 |
| dtantsur | arne_wiebalck: is there a standard type for UEFI partitions? | 17:17 |
| dtantsur | or at least a de facto standard? | 17:17 |
| arne_wiebalck | https://en.wikipedia.org/wiki/Partition_type#PID_EFh | 17:17 |
| arne_wiebalck | maybe? | 17:17 |
| arne_wiebalck | FWIU, there is one byte in the partition info for each partition described by an MBR | 17:18 |
| dtantsur | GPT protective MBR is a different thing IIRC | 17:18 |
| dtantsur | Just a placeholder in the presence of a real GPT | 17:18 |
| dtantsur | ah, EFh. I looked at EEh | 17:18 |
| rpittau | the protective MBR is definitely a differnt thing | 17:19 |
| arne_wiebalck | I think this is what `fdisk -l` uses | 17:19 |
| dtantsur | Could work. Needs trying on real systems. | 17:19 |
| arne_wiebalck | so, when it displays "EFI" I think it is taking this from the 0xEF on the specific byte in the partition description in the MBR | 17:20 |
| clarkb | linux allows mbr + wfi right? So even if windows theoretically doesn't but maybe does in practice thati s somethign that should generally work? | 17:20 |
| rpittau | I gues depends on the Windows version | 17:20 |
| JayF | clarkb: Yeah I think we're just trying to find the new "edge" to draw the validation on | 17:20 |
| rpittau | most recent ones won't allow it AFAIK | 17:20 |
| arne_wiebalck | clarkb: mbr + efi? I think so: the f/w will just ignore the MBR and look for the EFI partition, but the internet is not consistent on this information :) | 17:21 |
| JayF | rpittau: I'm so tempted to take that as a challenge, to prove it can work ;). So much stuff in Windows works when they document "NOPE IT DOESN'T WORK" almost like they're trying to talk you outta using the backward compat support ;) | 17:21 |
| JayF | I'm pretty sure back in the migrating-y eras, you could EFI boot from MBR but not secure boot from it | 17:22 |
| JayF | but I don't think the installer would get you to that setup | 17:22 |
| dtantsur | I cannot blame them :D | 17:22 |
| JayF | you had to use some manual commands to migrate your MBR+BIOS to MBR+EFI | 17:22 |
| arne_wiebalck | JayF: yes, secure boot is different | 17:22 |
| arne_wiebalck | have to run ... thanks for your input, we'll keep digging :) | 17:23 |
| rpittau | I probably expressing myself poorly, I'm not saying it does not work, but it's not supported | 17:23 |
| rpittau | considering how Windows works, I would not install it in an unsupported way | 17:23 |
| JayF | I agree with you, except for one bit that clarkb shone a light on: Ironic doesn't know Windows vs Linux | 17:24 |
| clarkb | ya my main point is that I don't think windows matters here | 17:24 |
| JayF | and if it can work with linux, there's no reason for us to filter it invalidation | 17:24 |
| JayF | in validation | 17:24 |
| JayF | (that space matters LOL) | 17:24 |
| clarkb | basically you either support this because its valid in some cases or you don't because its weird. Windows is orthogonal | 17:24 |
| arne_wiebalck | clarkb: ++ | 17:25 |
| rpittau | but we don't support it in Linux either :) | 17:25 |
| arne_wiebalck | rpittau: we don't support it by accident :) | 17:26 |
| JayF | rpittau: This is another topic, not urgent -- gmann sent an email to the list about pypi maintainer cleanup; I've tracked Ironic projects here over the last 18 months: https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup-ironic there are still issues in 4 of 'em. Maybe people will respond to your emails ;) | 17:27 |
| rpittau | JayF: thank you for the reminder, I saw that, need to retrieve the emails of the owners, do you have them? | 17:29 |
| JayF | rpittau: how about I send a second round of emails, cc you, it's only a slight bit more effort than just fetching the emails :D | 17:29 |
| rpittau | JayF: sounds great! :) | 17:29 |
| JayF | iurygregory: ^^^ along those lines, did your pypi account ever get recovered? | 17:30 |
| arne_wiebalck | good night everyone o/ | 17:30 |
| rpittau | arne_wiebalck: honestly I would not do anything that goes against Windows supported things, but if the majority wants to relax the rule on the EFI+GPT only I'm not going to block it of course, up to the users then :) | 17:31 |
| rpittau | see you tomorrow everyone! o/ | 17:32 |
| TheJulia | Nisha_Agarwal: dunno, trying to get the person who says it in the UI to join irc, but I don't have hardware I can search on my own at the moment | 17:39 |
| Nisha_Agarwal | TheJulia, thats fine...i searched the ilo rest api documnetation and have shared the details with you... | 17:40 |
| Nisha_Agarwal | i havent tried though | 17:40 |
| Nisha_Agarwal | i will check with firmware team tomorrow and confirm my understanding | 17:41 |
| iurygregory | JayF, nope, not yet | 17:44 |
| iurygregory | I will ping the person in the PR to see if I get an update | 17:45 |
| JayF | iurygregory: can you update the line dedicated to that in the linked etherpad with whatever the status is? | 17:45 |
| iurygregory | JayF, sure | 17:48 |
| JayF | rpittau: Those emails are off now, btw, with you CC'd. Maybe you might know better ways to contact some of these folks :D | 17:48 |
| TheJulia | Nisha_Agarwal: Thanks! | 17:50 |
| iurygregory | JayF, done | 17:56 |
| JayF | thanks! | 17:56 |
| TheJulia | rpittau: dtantsur: Back to secure boot keys: so! It looks like folks have different URLs based upon implementations, at least in terms of modeling and mapping. I think there might actually be a misunderstanding on dell's URL forming, but without having looked at all the location hinting along the way off the root I have no way to know for sure. I think the tl;dr is there might need to be a higher level API defined in the | 18:53 |
| TheJulia | DMTF or just a lack of standardization that needs to be addressed. It just looks like it might also be a slightly difficult area given how far deep "under the hood" that is as well. | 18:53 |
| TheJulia | I guess the way to put it is "I can see where HPE was at, and sort of mostly thinking even if it is not super discoverable", but Dell... after re-checking the docs I think hit page down by accident and superimposed two things together, and then I'm still sort of further confused but maybe I could also sort of see how they might have gotten there as well. | 18:57 |
| *** dmellado6 is now known as dmellado | 22:26 | |
| *** dmellado4 is now known as dmellado | 22:52 | |
| *** zbitter is now known as zaneb | 23:22 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!