Wednesday, 2024-10-30

opendevreview	Adam McArthur proposed openstack/ironic master: Added missing fields in API Ref https://review.opendev.org/c/openstack/ironic/+/933699	06:04
dtantsur	JayF: could be a gerrit UI hiccup? I"ll check today again	08:55
*** srelf_ is now known as Continuity		09:34
luca_	hello, not sure if this is the right place for this question, sorry in advance if it's not. I installed and trying to make ironic work with kolla-ansible, i managed to start the inspection of a machine but i get an authorization error Access was denied to the following resource: baremetal:port:create, there is already a bug opened https://bugs.launchpad.net/kolla-ansible/+bug/2064655. I was wondering uf you have any hi	10:23
luca_	deprecated and i should use the agent, but as far as i understand kolla is not really supporting it. I tried adding system_scope=all to the ironic-inpector.conf, but this resulted in another error (Failed to start inspection: The baremetal-introspection service for 10.48.10.254:us-hou-01 exists but does not have any supported versions.), should i change the policy of ironic in order to have baremetal ports created by t	10:23
dtantsur	luca_: your message looks split in the middle	11:52
dtantsur	https://bugs.launchpad.net/kolla-ansible/+bug/2064655 seems like a bug in kolla indeed, I'd bring it to #openstack-kolla	11:53
dtantsur	The last error you mention is probably because ironic-inspector failed to start with your configuration	11:53
luca_	yeah i realize this is a kolla bug, i will post in their channel, i was wondering what is the common way of configuring ironic-inspector user in order to have the authorization for creating baremetal ports	12:04
dtantsur	I'll defer to someone who understands RBAC better than me	12:04
luca_	thanks, i am also quite confused on the inner working of rbac :)	12:05
jovial	With the new secure rbac policy changes? Is there a way to get the openstack CLI to not use a project scoped token? I want `openstack baremetal node list` to return all the nodes.	12:07
dtantsur	jovial: you need something like --os-system-scope=all	12:07
jovial	dtantsur, cheers - that did the trick when not using app creds. What are my options to do the same with app creds? I get: `Error authenticating with application credential: Application credentials cannot request a scope.`.	12:11
dtantsur	That's a question for #openstack-keystone	12:12
jovial	ack, I will ask in #openstack-keystone then - thanks.	12:15
kukacz	hi, I have an issue with metal3/BMO, but the core context is booting idrac-virtualmedia from a Dell server, so I hope it's OK to ask here	12:45
dtantsur	ask away	12:46
kukacz	the inspection is failing in the very beginning, on an iDRAC8 (fw 2.86.86.86) Dell PowerEdge R730. It's failing on some HTTP 500 error without further details. No issues visible in iDRAC logs, I can see virtualmedia mount operation completing succesfully there. This is the error message in BMO. How can I troubleshoot this, what might be wrong?	12:46
kukacz	the message says: "Failed to inspect hardware. Reason: unable to start inspection: Redfish exception occurred." and "Errors: ['Manager 32 ││ 33484f-c0c4-3580-5710-00324c4c4544: HTTP POST https://<REMOVED>:443/redfish/v1/Managers/iDRAC.Embedded.1/Actions/Oem/EID_674_Manager.ImportSystemConfiguration returned code 503. unknown error Extended information: None']"	12:47
dtantsur	iurygregory: rings any bells? ^^^	12:50
dtantsur	I recall someone mentioning a failure in the same call, but I don't remember the outcome	12:50
kukacz	hmm, it's strange that on the server I can see media was succesfully mounted. then something triggering this 503 happens and it's followed by media being unmounted from BMC again	12:51
iurygregory	I remember something similar... but it didn't mount the vmedia...	12:51
iurygregory	I would try cleaning the idrac job queue	12:52
dtantsur	kukacz: this call is telling iDRAC to boot from the mounted vmedai.	12:53
shermanm	I was about to suggest the same, I've seen 500 errors with other redfish calls when there are "stale" jobs in the bmc job queue	12:53
iurygregory	wondering if 2.86.86.86 is bugy ...	12:53
kukacz	iurygregory, shermanm, thanks, I'll try cleaning that. can that be done from the DRAC web UI?	12:54
iurygregory	kukacz, it can	12:54
kukacz	found it	12:54
shermanm	there's also a racadm command: "racadm jobqueue delete -i JID_CLEARALL_FORCE"	12:55
iurygregory	random thought... there was some changes in redfish (moving VirtualMedia from Manager to Systems), it could be that in the fw version Manager is deprecated and sushy-oem-idrac is doing a call that is not necessary?	12:58
dtantsur	iurygregory: it's idrac 8, I highly suspect the call is still necessary	12:59
kukacz	cleaned the job queue (from web UI) and failed again. pasting here the full error, as last time I left out an important phrase "set virtual boot device"	13:02
kukacz	> Failed to inspect hardware. Reason: unable to start inspection: Redfish exception occurred. Error: In system 4c4c4544-0032-5710-8035-c4c04f483332 for node 3a927eb7-745c-4b54-8480-aa98ed7cdee6 all managers failed: set virtual boot device. Errors: ['Manager 3233484f-c0c4-3580-5710-00324c4c4544: HTTP POST https://10.1.16.61:443/redfish/v1/Managers/iDRAC.Embedded.1/Actions/Oem/EID_674_Manager.ImportSystemConfiguration returned	13:02
kukacz	code 503. unknown error Extended information: None']	13:02
kukacz	btw. mentioning the move between Systems and Manager, I've configured the BMC address as "idrac-virtualmedia://<BMC_IP>:443/redfish/v1/Systems/System.Embedded.1"	13:06
iurygregory	dtantsur, agree	13:08
kukacz	one more thing to mention - the BMC account I'm using is Operator role, it's not a full Administrator	13:09
kukacz	not sure if that matters	13:09
cardoe	cid: was it you messing with the port names?	13:13
cid	cardoe: reference?	13:14
cardoe	in the API	13:14
iurygregory	kukacz, hummm maybe	13:14
cardoe	I'm just scratching my head here about port names.	13:14
cardoe	I don't see them from the CLI even though I've set some.	13:15
iurygregory	not sure since I never tested with operator role, dtantsur do you know?	13:15
dtantsur	kukacz: the role might matter	13:15
cardoe	And then I was surprised to find out they are globally unique instead of unique(node_uuid, port_name)	13:15
cid	cardoe: I made a change recently, but not to port names.	13:16
cardoe	I was hoping you might have known if there was a reason. Not that you broke it.	13:18
cid	Oh, got any logs. I could help you look	13:19
kukacz	dtantsur, iurygregory: ok, I'll order a change to administrator and see	13:19
cardoe	cid: https://paste.opendev.org/show/bNaQju7oJiqCrw9W0YaI/ that's what I was seeing.	13:21
*** jcosmao is now known as Guest7955		13:22
cardoe	I was originally thinking of naming the ports along their system name but the column is unique(port_name) instead of unique(port_uuid, port_name)	13:22
cardoe	You can see in the API the port name is coming back in the field.	13:22
cid	That's how I would expect it to work too.	13:25
kukacz	dtantsur, iurygregory: the role change did not help, same error	13:30
dtantsur	Then it's probably something to talk to Dell about	13:31
iurygregory	yeah, it can be a firmware issue (I would check what versions are available)	13:37
kukacz	hmm, this is the latest firmware and since they marked iDRAC8 "End of Software Maintenance" I suspect there will be no more fixes	13:43
kukacz	can I perhaps trick the procedure somehow, like setting the boot media manually, let it run inspection, unmount the media etc.?	13:44
iurygregory	you can try doing a downgrade in the firmware	13:55
iurygregory	I would test if you can get a response without the error doing curl to see if the BMC changes the error message etc	13:55
cid	Based on the log, that looks right to me. cardoe	13:58
opendevreview	cid proposed openstack/ironic master: Fix double JSON encoding of error message https://review.opendev.org/c/openstack/ironic/+/931795	13:59
opendevreview	cid proposed openstack/ironic master: Allow special characters in patch field keys https://review.opendev.org/c/openstack/ironic/+/933743	13:59
opendevreview	Merged openstack/tenks master: Use openstackdocstheme for release notes https://review.opendev.org/c/openstack/tenks/+/933059	14:10
opendevreview	cid proposed openstack/ironic master: Fix double JSON encoding of error message https://review.opendev.org/c/openstack/ironic/+/931795	14:13
dtantsur	TheJulia: hey, have you put any thoughts into (a) non-keystone RBAC, (b) node name collisions with RBAC?	14:36
dtantsur	some future work may make me curious about (a)	14:36
opendevreview	Doug Goldstein proposed openstack/python-ironicclient master: fix port name in Port resource https://review.opendev.org/c/openstack/python-ironicclient/+/933746	14:41
opendevreview	Doug Goldstein proposed openstack/python-ironicclient master: fix port name in Port resource https://review.opendev.org/c/openstack/python-ironicclient/+/933746	14:43
cardoe	cid ^ I think that's the issue why it wasn't displaying.	14:45
cid	I just took a look and that makes sense.	14:46
kukacz	iurygregory, did you mean either downgrade OR the curl debug, as different options, right?	14:48
iurygregory	yeah	14:48
opendevreview	Doug Goldstein proposed openstack/python-ironicclient master: fix port name in Port resource https://review.opendev.org/c/openstack/python-ironicclient/+/933746	14:49
TheJulia	dtantsur: I have in to (a)	14:49
TheJulia	(b) is just a side effect of our data model	14:49
TheJulia	dtantsur: regarding non-keystone rbac, the model of matching role names should work and the ?oauth2? for keystoneauth work should allow non-keystone operation with matching generic role names	14:51
TheJulia	I don't know where the exact state of the oauth2 stuff is	14:51
JayF	perpetually about to start I think, but I'm not 100% sure	14:56
dtantsur	I'm quite sure I don't want to deal with oauth2, thinking more about http basic auth	14:58
TheJulia	... we carry that code so it could just be a group delineator	14:59
cardoe	So maybe a better approach would be to say "external auth"?	14:59
TheJulia	if memory serves, I think the htaccess format actually supports that?!?	14:59
JayF	TheJulia: I pointed you at https://review.opendev.org/c/openstack/ironic/+/933679/2 -- just was hoping you could sanity check the minor changes	14:59
TheJulia	or I might be totally off my rocker	14:59
* TheJulia needs a rocking chair		15:00
cardoe	REMOTE_USER, REMOTE_GROUPS	15:00
JayF	dtantsur: I think I'm getting massively whoooshed by your comment here, somehow? https://review.opendev.org/c/openstack/ironic-python-agent/+/928466/6#message-e485ba856caa7a860b9b5602cdf38d77a2eb935a	15:01
cardoe	Also since there's a decent brain trust here... should port names be unique(name) or unique(node_uuid, name) as the DB constraint?	15:02
kukacz	iurygregory, what should I look for in the curl calls? I tried the failing one from error message (`redfish/v1/Managers/iDRAC.Embedded.1/Actions/Oem/EID_674_Manager.ImportSystemConfiguration`). but I guess it's expecting some additional payload or URI referral - receiving an "Base.1.2.ResourceMissingAtURI" error in ExtendedInfo	15:03
TheJulia	unique(node_uuid, owner, name)	15:03
TheJulia	most likely	15:03
JayF	for node, it's just unique(uuid), right?	15:04
TheJulia	please expect delays, on a call for the next half hour	15:04
JayF	you can repeat names in node, it just makes the name less useful	15:04
JayF	or did we fix that?	15:04
TheJulia	unique name and uuid indepedently	15:04
JayF	"fix"	15:04
iurygregory	kukacz, in the ironic logs you should be able to see what information ironic sends in the payload to the bmc if I recall	15:05
* iurygregory brb lunch time		15:05
cardoe	So I cannot create a port on a different node with the same name.	15:06
TheJulia	Crazy question of the day, how would someone do spot instances with Bare Metal	15:25
shermanm	depending on what you mean by spot instances, we've been using Blazar for something like this, allowing a class of "preemptable instances" to run, but be kicked off by instances launched with a reservation hint	15:30
dtantsur	JayF: yeah, sorry, my initial comment was along the lines of "if you do X, change Y, but better not do X". I can understand how it caused confusion	15:33
JayF	dtantsur: just be like, explcit about what you want, maybe even a suggestion in gerrit, and I'm happy to make a change	15:33
JayF	not trying to argue I just don't get it	15:33
dtantsur	JayF: yeah, so tl;dr: if you add new arguments, ideally add them in the end (before **). Focus on "if" because right now you don't even need this arguments: you don't use them explicitly, just pass into convert_image.	15:35
JayF	I do not understand what that last clause means at all	15:35
JayF	**convert_image is not a direct arg	15:35
JayF	it means I can be like convert_arg1=blah convert_arg2=doubleblah	15:35
JayF	and only works at the end	15:35
JayF	so how do I reorder it?	15:35
JayF	er, not convert_image, whatever the **conv_flags or whatever is	15:36
dtantsur	Thinking more about it, let's stick with your last suggestion in gerrit	15:37
JayF	ack; I'll implement that after my doc visit (I'm about to leave for an hourish)	15:37
dtantsur	we could drop source_format, sparse_size and out_format from the explicit list, but, being too pedantic again, that could be a breaking change	15:38
dtantsur	JayF: good luck and thank you for your patience :)	15:38
JayF	https://review.opendev.org/c/openstack/ironic/+/933678 is a fun set to look at	15:38
JayF	dtantsur: if anything, I'd want to refactor the direction of being less generic since we aren't using a library for that method	15:38
dtantsur	fair	15:40
* dtantsur is never going to stop being pissed by JSON not accepting a trailing comma		15:41
TheJulia	shermanm: how does the workload, with blazar, know its about to get kicked to the workload curb?	15:44
TheJulia	shermanm: partially asking because I know of it for scheduling, but not the "oh, the cloud is under pressure now, need to shed workload" standpoint	15:45
dtantsur	TheJulia: I was thinking indeed of somehow adding roles to htaccess. In fact, I probably only care about SYSTEM_ADMIN and PROJECT_ADMIN, where project == user	15:45
TheJulia	which is partly a critical aspect when you think of spot worklaods	15:45
shermanm	TheJulia: right now it doesn't :) we've been using this to run jobs like opensciencegrid, or other workloads that are inherently interruptible	15:46
TheJulia	Ahh, maybe this is why CERN folks took a slightly different approach	15:46
shermanm	but we'd looked into a modification to blazar such that it would only allow reservations at e.g. time=$NOW+10 minutes, and a workload could query the blazar API for "my use of this node will expire in N minutes"	15:47
shermanm	we're working on that second half now anyway, since users tend to forget that their leases expire	15:47
shermanm	what I'm actually looking at doing is exposing that info via vendordata, so instances don't need to talk to the blazar api directly	15:48
TheJulia	vendor data via nova api?	15:54
shermanm	yep!	15:54
TheJulia	so metadata?	15:54
TheJulia	yeah, I'm not sure you can update that after the fact	15:54
TheJulia	and you surely can't with baremetal :(	15:54
shermanm	no, specifically vendordata: https://docs.openstack.org/nova/latest/user/metadata.html#metadata-vendordata	15:54
shermanm	nova's metadata service redirects to a deployer-defined external service	15:55
shermanm	which can be changed dynamically	15:55
TheJulia	oh!	15:56
TheJulia	okay, cool	15:56
shermanm	https://docs.openstack.org/nova/latest/admin/vendordata.html#dynamicjson "When used, the DynamicJSON module will make a request to any REST services listed in the api.vendordata_dynamic_targets configuration option. There can be more than one of these but note that they will be queried once per metadata request from the instance"	15:57
TheJulia	so would it still be a pass-through API, I guess if one runs the metadata servic ethat is fine	16:04
kukacz	iurygregory, unfortunately I couldn't see the payload detail in ironic log. also, quite strangely, it reports the ExtendedInfo to be None, which usually contains error details when querying manually using curl	16:06
TheJulia	wow this week is just blah	16:08
TheJulia	and by blah, I mean I feel like a constant firehose all day	16:10
TheJulia	dtantsur: project == user could likely be fine, and I think we control that plugin code anyway so likely an easy thing to just wire up	16:12
TheJulia	dtantsur: it is a generic value match so should.. just work.	16:12
iurygregory	kukacz, humm let me check something here	16:12
iurygregory	kukacz, if you try to insert other iso what exactly idrac returns to you?	16:15
opendevreview	Merged openstack/ironic master: Make all API samples valid JSON https://review.opendev.org/c/openstack/ironic/+/933678	16:22
kukacz	iurygregory, I might try it soon. but now, something has changed after I rebooted the whole iDRAC. seems that the configuration was imported and server started, IPA is loading	16:26
cardoe	So who wants to +W the Python 3.8 removal?	16:37
cardoe	Or https://review.opendev.org/c/openstack/ironic/+/927635 ?	16:37
TheJulia	donezo	16:50
JayF	https://github.com/lextudio/pysnmp/issues/133#issuecomment-2410374973 Itamar still has this on his list	16:59
JayF	but I just soured on our new pysnmp overlords :(	16:59
JayF	this == fixing SNMP driver/virtualpdu	17:00
cardoe	TheJulia: https://github.com/oras-project/oras might be interesting to tinker there.	17:04
* dtantsur gets a short break, see you on Monday		17:05
JayF	oh yeah, forgot to close the loop on that	17:05
JayF	TheJulia: my downstream prefers conductor-cached container images	17:05
JayF	TheJulia: so easy path is good path afaict	17:06
JayF	(in context of container-based steps; but I assume we'll use the same foundations)	17:06
kukacz	iurygregory, dtantsur: it's working now, thank you a lot for your help guys. seems that what helped was either rebooting iDRAC or fixing BMC time by configuring NTP sources	17:21
JayF	Nice! \o/	17:21
JayF	Might wanna close the loop for your question on slack in case someone sees it later?	17:21
iurygregory	kukacz, awesome! happy to hear that!	17:21
*** amorin_ is now known as amorin		17:35
TheJulia	break, what is break?!?	17:41
TheJulia	cardoe: so I was mainly just thinking we could likely invoke podman or spokeo commands and achieve the desired effect	17:42
opendevreview	Adam McArthur proposed openstack/ironic master: Added missing fields in API Ref https://review.opendev.org/c/openstack/ironic/+/933699	17:43
TheJulia	JayF: so I don't think we'll turn ironic into a container cache, but cache the file data out	17:43
cardoe	So afaik spokeo works with file system layers	17:46
cardoe	Instead of just the blob data	17:46
TheJulia	well, file in container is just a file in the end	17:48
TheJulia	not a blob in container metadata	17:48
TheJulia	well, blob in the container contents which is not a file	17:48
cardoe	Well yes and no.	17:48
cardoe	So like spokeo wants a rootfs ref list which is gonna be a list of tarballs	17:48
cardoe	Which get extracted on top of each other.	17:49
cardoe	And then you grab the file out.	17:49
cardoe	I can stuff anything into an OCI registry.	17:49
cardoe	I can say have a "kernel" ref that's blob type	17:49
cardoe	That's closer to how swift behaves.	17:50
cardoe	I was thinking you guys wanted to go down the later path when you mentioned registering types.	17:51
TheJulia	I guess at the end of the day, we need to focus on an agnostic layer, not the file details inside of the tool itself	17:51
TheJulia	I think that was sort of a red herring discussion	17:51
cardoe	So like I could do something like..	17:52
cardoe	mytool push registry.internal:5000/ubuntu:24.04 kernel:vmlinuz-6.0.0 initrd:initramfs-6.0.0 rootfs:rootfs.tgz	17:53
TheJulia	so in that case, container as the binary object to be extracted	17:54
TheJulia	not a filesystem with a file on it	17:54
TheJulia	which is sort of also a different case	17:54
cardoe	Right	17:55
TheJulia	I guess there is kind of room for both depending on the lower details	17:55
TheJulia	but the pattern I've seen is file(s) in a container	17:55
cardoe	Now I think nothing prevents us from saying the bootable containers are just regular containers with maybe "kernel" and "initrd" tucked into the manifest?	17:55
TheJulia	bootable containers consist of a whole filesystem which can be translated across	17:55
TheJulia	or at least, can composite out to a whole filesystem	17:56
cardoe	Yeah absolutely is the normal pattern. When they added the multi-arch support into a single container, it became a bit more generic blob.	17:56
TheJulia	yeah	17:56
cardoe	Cause now you'd have to store 2 filesystems for 2 arches with some kind of reference to point the right way.	17:57
TheJulia	yup	17:57
TheJulia	which sort of makes me wonder, what is the right way to approach that selection in a multiarch case	17:58
cardoe	So for me I was thinking of a generic "update firmware" type step where I could have "registry.internal:5000/idrac:latest" for example have something like "PowerEdge R7615" as a blob that contained whatever the current firmware is.	17:58
TheJulia	conductor might be x86, but we need the arm artifact	17:59
cardoe	yeah.	17:59
cardoe	The generic blob case above made me think of a swift alternative.	18:00
TheJulia	your step idea might require the step and ultimately the retrieval logic to be able to gain the necessary context to make the right selection somewhere under the hood	18:00
cardoe	Absolutely. I definitely hand waved a lot of the hard bits there.	18:01
TheJulia	so I think it might be useful if you could put a verbsoe comment which we could detail as a note as a possible future state for the support	18:01
TheJulia	sort of like how in the image retieval code, only http has an interface to get contents of the url right now	18:02
TheJulia	this will as well, in the end, but there could be a "get inventory data" to do a mapping lookup or something	18:02
TheJulia	whatever the $lower_level_hand_wavey_bits_are	18:02
cardoe	Yeah I can add some comments on there.	18:05
cardoe	At the end of the day it's just an HTTP request to registry.internal:5000/idrac/blobs/<sha256> or some such.	18:05
cardoe	So conductor could figure out the right thing and tell the machine to grab the right blob.	18:06
opendevreview	Merged openstack/ironic master: Enable WSGI module entrypoint for Ironic https://review.opendev.org/c/openstack/ironic/+/927635	18:16
opendevreview	Doug Goldstein proposed openstack/ironic master: add pyproject.toml to support pip 23.1 https://review.opendev.org/c/openstack/ironic/+/927544	18:23
TheJulia	OpenInfra Days NA 2025 CFP Closes on Friday!	18:48
TheJulia	Get your ideas in ASAP!	18:48
TheJulia	https://www.socallinuxexpo.org/scale/22x/call-presenters	18:48
* JayF is putting something together around OpenStack being the bearer of bad news ... talking about how to evaluate the availability *of openstack* separately from the availability of your datacenter		18:59
* JayF has a visual aid in his mind's eye of 99.99% uptime being chipped away by power issues, network issues, random failures, etc		19:00
opendevreview	Adam McArthur proposed openstack/ironic master: Added missing fields in API Ref https://review.opendev.org/c/openstack/ironic/+/933699	19:00
TheJulia	if an AI can make an animated gif of Julia with a chainsaw laughing with glee in front of big routers.....	19:03
TheJulia	If all else fails, we could likely find an old Cisco 12000GSR.....	19:04
TheJulia	eh... no 12000s available on ebay	19:06
masghar	Hello ironic! I have a question	19:23
JayF	ask away	19:24
masghar	In python-ironicclient, we provide a Python API, but that functionality is supposed to move to openstacksdk eventually, correct?	19:25
masghar	And only the CLI enabling code is supposed to remain in python-ironicclient? (I understand we dont have a plan or timeline, but thats the long-term goal?)	19:26
JayF	That's a reasonable question. Unsure if we'd want to point the standalone users to openstacksdk	19:26
masghar	Oh I didnt think about standalone	19:26
JayF	yeah, the CLI is there on it's own for stnadalone reasons	19:27
masghar	But wouldn't it be possible to invoke openstacksdk in a standalone-ironic scenario? (Can we turn everything else off?)	19:28
masghar	Or does the openstacksdk ask for a lot of other things too?	19:29
JayF	I don't know, but I know adamcarthur5 and I have hit issues with the integrated clients not always supporting noauth/basic auth as well as the ironic specific ones	19:31
JayF	so I don't think there's an answer to your question yet; but you gotta think about the standalone cases that don't crossover to integrated cases	19:31
JayF	e.g. basic auth	19:31
JayF	(or generally the lack of keystone)	19:31
JayF	and if openstacksdk checks all those boxes, we can consider deprecating the python api in ironicclient	19:32
masghar	I see, I see	19:32
* JayF suspects there may be others in channel with stronger feelings		19:32
JayF	I just go where the code points me :D	19:32
masghar	Would love to hear all relevant feelings :D	19:33
masghar	I was wondering if we could simplify things by removing the duplication	19:33
JayF	Well, another perspective would be	19:34
JayF	from an operator, that would not be simpler	19:34
JayF	because any of the scripts they wrote against $libraryA have to be rewritten for $libraryB	19:34
JayF	so you gotta weigh the benefit of us no longer needing to maintain a thing vs the loss of pushing down more work/complexity on deployers	19:35
masghar	Thats also a fair point	19:35
JayF	there's no right answer as to where that line is, but it's important to try to consider the perspective	19:35
masghar	Yeah, makes sense	19:35
masghar	Alright, I'm going to call it a day for now, and be back tomorrow :)	19:37
masghar	But if anyone has more input on the subject, would like to hear it too :)	19:37
clarkb	I think the sdk has slowly been replacing external implementations for api interaction with internal ones which cuts down on what you need toinstall	19:38
clarkb	you'll still pull in keystoneauth1 or whatever the authentication library is and maybe a few others while things continue to move but thats just disk space. Then its a matter of what you actually use when you use the library	19:38
JayF	clarkb: the rough part for ironic users is we support auth methods, like http basic, that are unique to openstack. More than once we've had to add that support or document how to get it to work in integrated libraries that (reasonably) assume you have a keystone or are using noauth	19:39
JayF	s/to/in/	19:39
clarkb	one upside to the library imo for ironic that you can use a single library against ironic whether your ironic sits behind nova or not (assuming the auth issues above aren't a real problem)	19:39
clarkb	ya that makes sense. I'm saying for end users/operators having one tool that works in both cases is beneficial too	19:39
clarkb	keystoneauth has class HTTPBasicAuthTest and class HTTPBasicAuth	19:41
TheJulia	oh, I guess it got merged in	19:42
* TheJulia doesn't remember allt he details of that entire thing		19:42
JayF	clarkb: I don't disagree, but I will say, I've never heard the "openstack has too many client libraries" complaint from operators; but I have heard "openstack is too hard to upgrade" from operators	19:43
clarkb	but that has nothing to do with this conversation?	19:44
JayF	that's why I'm trying to be more mindful that ... the juice is worth the squeeze if we ask a operator to do ... really anything on upgrade, and changing client libs is a doozy	19:44
JayF	yes, absolutely; having to migrate a script from libraryA to libraryB is exactly the kind of thing that it extremely hard to explain to PHB-types as being anything but a task that openstack requires that is taking time away from other stuff	19:44
clarkb	upgrades should be orthogonal to client tools (the sdk at least is expected to work across versions)	19:44
JayF	To operators, isn't it all one big ecosystem?	19:45
clarkb	I mean people may think that way but as soon as you have more than one cloud endpoint you're talking to you quickly realize that isn't the case (and that is somewhat orthogonal to openstack itself)	19:45
clarkb	as an operator/user I want to install a tool then use it to talk over here or over there and so on	19:46
JayF	by "more than one cloud endpoint" do you mean more than one cloud ecosystem?	19:46
clarkb	multiple kubernetes clusters or say rackspace and openmetal and ovh. I'm not using the same client to talk to k8s and openstack but I use the same client to talk to all the k8s and the same one to talk to all the openstacks	19:46
clarkb	I'm also not necessarily saying remove python-ironicclient. I'm just trying to explain what I perceive to be the benefit of having a common tool that can be used to talk to various ironics regardless of how they are deployed or their versions	19:49
clarkb	because as both an operator and user of all this software (though not ironic specifically) this is my expectation. It is a bug if I have to create a virtualenv or grab a specific binary just to talk to a specific openstack api	19:50
JayF	Yes, this question is not "should Ironic be in osdk", we are, with full (?) coverage	19:50
JayF	if it's not full coverage I'll point cid and adamcarthur5 at those bugs	19:50
clarkb	and it does sometimes happen because the sdk team doesn't have access to all the permutations out there. But they are also usually able track that down and ocrrect it	19:50
JayF	it's a question of if having a second parallel one for historical and standalone reasons is OK	19:50
JayF	so I think we're aligned with the "you shouldn't need a decoder ring to talk to Ironic if you're generally OpenStack-savvy"	19:51
clarkb	right I guess from my perspective I would encourage people using ironic standalone to also use the integrated tool (assuming it works which I don't know) because it reduces your overhead if you add a second ironic installation	19:53
clarkb	and I think the idea of we must keep this around specifically for those users is a bit at odds with that (since it communicates to those users that they should not use the sdk for example)	19:53
clarkb	instead I would keep the tooling around if it solves specific issues that the sdk can't (compatibility with really old installs maybe or broader python support or whatever)	19:55
opendevreview	Jay Faulkner proposed openstack/ironic-python-agent master: Cleanup usage of imported-from-ironic-lib disk_utils https://review.opendev.org/c/openstack/ironic-python-agent/+/928466	19:55
opendevreview	Jay Faulkner proposed openstack/ironic-python-agent master: Remove use of ironic_lib i18n module https://review.opendev.org/c/openstack/ironic-python-agent/+/930080	19:55
opendevreview	Jay Faulkner proposed openstack/ironic-python-agent master: Migrate more trivial code from ironic-lib https://review.opendev.org/c/openstack/ironic-python-agent/+/928779	19:55
JayF	clarkb: Yeah, I think we've done a lot of legwork to try and make this as seamless as possible. I think python-ironicclient will obey a clouds.yaml just like openstacksdk/openstackclient (in fact `openstack baremetal` and `baremetal` both use ironicclient under the hood)	20:02
-opendevstatus- NOTICE: The Gerrit service on review.opendev.org will be offline momentarily at 20:30 utc (half an hour from now) to apply a configuration change		20:02
clarkb	oh interesting. I didn't realize any of the project specific libs honored clouds.yaml	20:02
TheJulia	We're troublemakers.... :)	20:03
clarkb	I mean there was a time where I basically had to use horizon for certain neutron tasks because openstackclient didn't support the neutron things I needed and neutronclient didn't clouds.yaml	20:04
clarkb	having clouds.yaml support is a major boon to users imo	20:04
TheJulia	++	20:05
opendevreview	Jay Faulkner proposed openstack/ironic master: devstack: respect USE_VENV in Ironic https://review.opendev.org/c/openstack/ironic/+/930776	20:11
JayF	clarkb: I mean this 100% seriously: if you find discrepancies in Ironic API support for any major SDKs (I include gophercloud along with any in openstack governance), please let me know. That's something my team (specifically Adam) is trying to eliminate.	20:18
clarkb	good to know will do	20:20
-opendevstatus- NOTICE: The Gerrit service on review.opendev.org will be offline momentarily to apply a configuration change		20:31
opendevreview	Jay Faulkner proposed openstack/ironic master: Remove postgresql testing and documentation https://review.opendev.org/c/openstack/ironic/+/931055	20:39
opendevreview	Jay Faulkner proposed openstack/ironic-python-agent master: Correct invalid docstrings; s/Found/Error/ https://review.opendev.org/c/openstack/ironic-python-agent/+/911598	20:46
opendevreview	Jay Faulkner proposed openstack/ironic-python-agent unmaintained/yoga: Call evaluate_hardware_support exactly once per hwm https://review.opendev.org/c/openstack/ironic-python-agent/+/920218	20:47
opendevreview	Jay Faulkner proposed openstack/ironic-python-agent unmaintained/zed: Call evaluate_hardware_support exactly once per hwm https://review.opendev.org/c/openstack/ironic-python-agent/+/920217	20:47
JayF	can you tell I made a goal for myself to have less outstanding patches this cycle? lol	20:49
JayF	Ironic devstack does not support anything but ubuntu, yeah?	21:06
shermanm	would there be any interest in a guide or post about how to build, test, and deploy custom ironic agent hardware managers? I've been keeping nodes as I go, it wouldn't be a big lift to polish it up	21:07
JayF	There's significant docs in ironic-python-agent docs already, and the examples. Honestly I'd suggest writing a blogpost about your experience to ironicbaremetal.org and updating those docs to reflect any changes that'd be valuable	21:08
JayF	https://docs.openstack.org/ironic-python-agent/latest/contributor/hardware_managers.html	21:09
JayF	I hope you knew that existed, I just realized you may not have /o\	21:09
shermanm	oh yeah, I saw those parts, and a blog post might be more suitable anyway	21:09
JayF	https://github.com/OpenStackweb/ironic-website PR to here to add a blogpost cc: TheJulia	21:10
shermanm	but there's also "how to build a custom agent ramdisk if you haven't done that", and "how to actually install your custom manager in the same venv as the ironic-agent" inside DIB	21:10
JayF	Julia can maybe help you ensure it gets reviewed	21:10
JayF	honestly that last step is a feature gap in ipa-builder	21:10
JayF	moreso than a docs gap	21:10
shermanm	or also, "how to test your changes with qemu so you don't need to wait for a node to boot dozens of times"	21:11
JayF	we used to have a good mode for that, we had to remove it for technical reasons	21:11
shermanm	but thanks for that git link for the website, I'll see what I can whip up	21:12
JayF	thanks shermanm!	21:12
JayF	btw, where are you from/at?	21:12
JayF	trying to place you in the sea of ironic deployments	21:12
shermanm	I'm currently at UChicago, primarily working on ChameleonCloud	21:12
JayF	ah, good stuff! One of my best buds is up there in Berwyn	21:14
shermanm	nice! We/they're having unseasonably nice weather at the moment	21:16
clarkb	meanwhile in the PNW we're having seasonably ugly weather :/	21:17
opendevreview	Jay Faulkner proposed openstack/ironic master: Use patched dnsmasq from PPA https://review.opendev.org/c/openstack/ironic/+/933104	21:18
JayF	clarkb: yeeeeep	21:18
JayF	clarkb: and I had meetings all morning so I missed the little bit of dry to walk the dog :(	21:18
JayF	FYI cores; I added about a million patches to ironic-week-prio; I have lots of old small stuff that needs landing	21:19
JayF	FYI; adamcarthur5 created a bug about the openapi/microversion update work that's happening this cycle that was discussed at PTG. I marked the bug as rfe-approved based on that discussion. Please feel free to untag the approval if you've got an issue. https://bugs.launchpad.net/ironic/+bug/2086121	21:25
opendevreview	Adam McArthur proposed openstack/ironic master: Added missing fields in API Ref https://review.opendev.org/c/openstack/ironic/+/933699	21:55
opendevreview	Adam McArthur proposed openstack/ironic master: Added missing fields in API Ref https://review.opendev.org/c/openstack/ironic/+/933699	22:11

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!