| opendevreview | Iury Gregory Melo Ferreira proposed openstack/ironic master: Use passlib instead of crypt https://review.opendev.org/c/openstack/ironic/+/931857 | 02:39 |
|---|---|---|
| iurygregory | zigo, ^ | 02:39 |
| tkajinam | iurygregory, I left a comment in the change but I think we need to find a different replacement. passlib hasn't been updated for 10 years (!) and is known to cause different compatibility problems | 06:08 |
| tkajinam | there are a few other projects (eg keystone or nova) using crypto now. I'll check if I can find something else | 06:09 |
| tkajinam | in the worst case we can add a method to oslo.utils ... | 06:10 |
| dtantsur | tkajinam: dependencies... sigh | 06:44 |
| dtantsur | cardoe: auto-loading OEM data would be an interesting topic to discuss | 06:47 |
| TheJulia | another cache issue https://bugs.launchpad.net/ironic/+bug/2084010 | 06:53 |
| TheJulia | I'd +1 crypt | 06:55 |
| TheJulia | err, crypto | 06:59 |
| dtantsur | good morning, you in Brno? | 07:00 |
| TheJulia | indeed | 07:02 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic bugfix/26.0: Fix actual size calculation for storage fallback logic https://review.opendev.org/c/openstack/ironic/+/931874 | 07:08 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic bugfix/25.0: Fix actual size calculation for storage fallback logic https://review.opendev.org/c/openstack/ironic/+/931875 | 07:09 |
| opendevreview | Dmitry Tantsur proposed openstack/ironic bugfix/24.0: Fix actual size calculation for storage fallback logic https://review.opendev.org/c/openstack/ironic/+/931876 | 07:09 |
| rpittau | good morning ironic! o/ | 07:19 |
| rpittau | dtantsur, iurygregory, re crypt deprecation: hashlib is more than enough for us, no need to add another dependency | 07:21 |
| dtantsur | rpittau: I think the salt handling was the issue? | 07:22 |
| rpittau | you can use os.random for the salt | 07:22 |
| rpittau | us.urandom | 07:22 |
| rpittau | .... that! | 07:22 |
| tkajinam | IIUC we need to generate a value for /etc/shadow so the value may need to contain a few more fields like salt or the indicate of the hash algorithm. | 07:31 |
| tkajinam | so we need more than just hashlib.sha512(value).hexdigest() | 07:32 |
| rpittau | tkajinam: the main funciton used by hashlib to hash the password should be enough | 07:32 |
| rpittau | I'm talking about pbkdf2_mac | 07:32 |
| rpittau | pbkdf2_hmac (can't type today) | 07:34 |
| dtantsur | pbkdf2_hmac is not relevant here | 07:35 |
| tkajinam | we are not really talking about the hash method | 07:35 |
| tkajinam | we need to create a record, which is compliant with the format expected by shadow. it contains hash value but need additional prefix fields | 07:36 |
| dtantsur | and salt, yes | 07:36 |
| tkajinam | yes | 07:36 |
| tkajinam | also note if you aim to replace the hash alrogithm then that may mean you kill [conductor] rescue_password_hash_algorithm | 07:36 |
| tkajinam | but that's another topic | 07:36 |
| dtantsur | rpittau: check the link to passlib I pasted yersterday, it should give you an idea of what we're looking for | 07:36 |
| TheJulia | If anyone has questions for operators in the room for OpenInfra Days NA next week, please add it to: https://etherpad.opendev.org/p/ironic-na | 09:01 |
| tkajinam | this is probably the easiest way to replace crypt.crypt https://review.opendev.org/c/openstack/oslo.utils/+/931899 | 10:41 |
| iurygregory | good morning ironic o/ | 10:54 |
| iurygregory | tkajinam, oh wow 10 years is a lot =X | 10:54 |
| iurygregory | rpittau, I didn't go with hashlib just because of the salt like dtantsur said | 11:02 |
| rpittau | iurygregory: the s alt is just a random number | 11:10 |
| iurygregory | rpittau, yeah, I wasn't aware we could use os.urandom for that, will give it a go | 11:12 |
| TheJulia | dtantsur: thank you for those backports on bugfix branches | 12:56 |
| TheJulia | I just approved htem | 12:56 |
| dtantsur | sure thing :) | 12:56 |
| * dtantsur will probably leave for a day because of headache | 12:56 | |
| TheJulia | eek, feel better! | 12:56 |
| dtantsur | thx.. | 12:57 |
| cardoe | morning ironic | 13:10 |
| opendevreview | Merged openstack/ironic bugfix/26.0: Fix actual size calculation for storage fallback logic https://review.opendev.org/c/openstack/ironic/+/931874 | 13:14 |
| opendevreview | Merged openstack/ironic bugfix/25.0: Fix actual size calculation for storage fallback logic https://review.opendev.org/c/openstack/ironic/+/931875 | 13:14 |
| opendevreview | Merged openstack/ironic bugfix/24.0: Fix actual size calculation for storage fallback logic https://review.opendev.org/c/openstack/ironic/+/931876 | 13:14 |
| chris218 | Hi guys, does ironic somehow verify boot_device or it's just stored as string? | 13:55 |
| chris218 | I'm working on custom driver for amt/vpro and it supports weird virtual-media-like solution and was wondering if i can just name it however i want or do i have to pretend it's virtual media | 13:57 |
| TheJulia | chris218: AFAIK we don't attempt to verify, we just tell the "driver" to assert what it thinks what it means | 14:01 |
| chris218 | Oh awesome, thanks! Also i stumbled upon an old patch to implement vnc in drac driver, does ironic support vnc as a web console at all? | 14:05 |
| JayF | No, we are discussing improving console support -- potentially (likely) including that -- at the PTG next week | 14:08 |
| chris218 | Neat thanks | 14:09 |
| JayF | I will note, we'll probably implement support for common types in redfish | 14:09 |
| JayF | so likely not 'drac driver' but redfish stuff (which would include idrac-redish) | 14:10 |
| kubajj | JayF: isn't the PTG the week after next week? | 14:10 |
| chris218 | Does redfish even have any console support atm? | 14:10 |
| JayF | kubajj: It's very possible | 14:13 |
| kubajj | just double checking if it hasn't moved or something | 14:13 |
| JayF | I've been back home for my brothers' wedding for like, 5 days and have been working for 10 minutes | 14:15 |
| JayF | I trust your recollection over mine ;0 | 14:15 |
| JayF | https://openinfra.dev/ptg/ yeah 21-25 | 14:15 |
| JayF | As I'm catching up on reviews, will be linking low-hanging things we can land here | 14:27 |
| JayF | https://review.opendev.org/c/openstack/networking-generic-switch/+/930943 | 14:27 |
| cardoe | Yeah. I've got that in the weekly prio | 14:30 |
| cardoe | https://tinyurl.com/ironic-weekly-prio-dash come on down and give +1 workflows | 14:31 |
| cardoe | https://review.opendev.org/q/topic:%22passlib%22 keystone is dropping passlib | 15:19 |
| rpittau | heh look at that, little issue is that they're using crypt ins some cases, and it is going away in 3.13 | 15:20 |
| rpittau | mmm ok looks like they're just using crypt for a specific case and until sha512_crypt is going away, so should be good | 15:23 |
| chris218 | 3.13 also removes cgi module which breaks webob | 15:36 |
| opendevreview | Merged openstack/ironic master: docs: Add context around asynchronous device initialization https://review.opendev.org/c/openstack/ironic/+/927518 | 15:37 |
| rpittau | \o/ | 15:44 |
| rpittau | 3.13 will be super fan | 15:44 |
| opendevreview | Merged openstack/networking-generic-switch master: Force autospec=True in tests and fix unit tests https://review.opendev.org/c/openstack/networking-generic-switch/+/930745 | 15:56 |
| rpittau | good night! o/ | 16:10 |
| opendevreview | Merged openstack/networking-baremetal master: avoid attribute error on bad password or config https://review.opendev.org/c/openstack/networking-baremetal/+/929650 | 16:37 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!