Thursday, 2025-01-16

« Wednesday, 2025-01-15 Index Friday, 2025-01-17 »
TheJuliaThe way everything works that uses the base containers go liberaires, is they all look for that, and ultimatley the authentication systems decode and do similar to keystoneauth00:01
TheJuliabut in that ecosystem there is a model of giving some of that to the user. The system is able to do the end resolution00:01
JayFyeah but it being a single static token is shocking00:01
TheJuliayeah00:07
opendevreviewJay Faulkner proposed openstack/ironic-inspector master: Migrate from ironic-lib  https://review.opendev.org/c/openstack/ironic-inspector/+/93940700:12
JayFlets see how CI likes that00:12
opendevreviewJay Faulkner proposed openstack/ironic-inspector master: Migrate from ironic-lib  https://review.opendev.org/c/openstack/ironic-inspector/+/93940700:18
opendevreviewJay Faulkner proposed openstack/sushy-tools master: Import needed ironic-lib code  https://review.opendev.org/c/openstack/sushy-tools/+/93940000:18
rm_work[m]hey JayF! Looks like i'm around and will be in ironic-land again :)00:23
rm_work[m]actually my first task here is to get firmware updates working via ironic so I may be by later with questions :P for now just reading up00:24
opendevreviewSteve Baker proposed openstack/ironic master: WIP devstack start ironic-novnc-proxy as ir-novnc  https://review.opendev.org/c/openstack/ironic/+/93940200:26
JayFrm_work[m]: Nice to hear it. If there's anything I can do to help you out let me know00:35
rm_work[m]I'm about to become intimately familiar with IPA firmware update code :D00:43
rm_work[m]looks like it only really supports a handful of device types at the moment, is that correct? but if I wanted to add support for something, I'd just add a hardware manager for it?00:43
JayFSo there's a new firmware update interface that landed recently, that Iury worked on. I'm not sure if we have that wired up to in-band yet. Are you sure your devices can't firmware update via redfish?01:59
opendevreviewMerged openstack/ironic-python-agent master: Fix RAID volume name  https://review.opendev.org/c/openstack/ironic-python-agent/+/93934004:13
jandersTheJulia Thank you, will test the patch out in the next few hours04:19
janderswe had some wild storms rolling over with near lightning strikes so preemptively powered off most of the house04:19
jandersback now, should be over, robovac cleaning up the mess on the deck04:20
janders(robovac is running outside ironic/metal3 for the record)04:20
jandersTheJulia it seems like I was able to get a node from "service failed" back to "active" with your patch using the hold step05:05
opendevreviewVerification of a change to openstack/ironic master failed: trivial: remove xclarity remenent  https://review.opendev.org/c/openstack/ironic/+/93597307:16
rpittaugood morning ironic! o/07:52
dtantsurTheJulia: the path can be ~/.docker/config.json, although I think there are other locations too08:00
dtantsursince $HOME is a weird notion for a service, I'm afraid we need a configuration option for it08:00
dtantsur(I see you already found the example)08:00
rpittaurm_work[m]: you can find recent docs on firmware update here https://docs.openstack.org/ironic/latest/admin/firmware-updates.html08:02
rpittauJayF: thanks for the entire ironic-lib deprecation stuff! I'll wait for sushy-tools, ironic-inspector, ipa and ipa-builder patches to merge before moving forward with the actual deprecation (governance, releases, and so on)08:45
rpittaukubajj: hey thanks for https://review.opendev.org/c/openstack/ironic-python-agent/+/939340 , can you please follow up with a release note for that? it will need to be included in the backports too08:55
kubajjrpittau: for sure09:01
rpittauthanks!09:01
rpittauany core around for a quick approval? https://review.opendev.org/c/openstack/metalsmith/+/933154 so we can release metalsmith thanks!09:23
opendevreviewJakub Jelinek proposed openstack/ironic-python-agent master: Add a release note for 939340  https://review.opendev.org/c/openstack/ironic-python-agent/+/93942409:24
kubajjrpittau: I think I did it wrong - I tried to have there the relation chain, but it is not there, sorry09:26
rpittaumm probably chain does not work as the other one is already merged09:30
rpittaukubajj: thanks, I left a comment09:31
opendevreviewJakub Jelinek proposed openstack/ironic-python-agent master: Add a release note for 939340  https://review.opendev.org/c/openstack/ironic-python-agent/+/93942409:34
jssfrhmmm10:56
jssfrlooking into redfish with ironic for the first time10:56
jssfris there a full tutorial somewhere? I'm coming from a PXE/IPMI based workflow and I don't quite see through what we need to change to use redfish.10:56
priteaujssfr: have you read https://docs.openstack.org/ironic/latest/admin/drivers/redfish.html11:17
jssfrpriteau, mostly, yeah11:17
jssfrfrom that I gathered: I cannot just switch to redfish and everything will work. Instead I need to create an ESP which will magically boot the IPA initrd and kernel we already have.11:18
jssfr(provided I want to use redfish-virtual-media as boot method)11:18
dtantsurjssfr: for virtual media - yes. This is because we need to compose an ISO image to boot, and that needs a bootloader (instead of iPXE)11:19
dtantsurIf the docs are too vague, you can also borrow inspiration from Bifrost (but please do tell us where the docs are vague)11:19
jssfrdtantsur, gladly! the link from priteau brought me here: https://docs.openstack.org/ironic/latest/install/configure-esp.html. THere, there's a lot of "from your distribution" and paths which are not filled in. It is not clear to me how to proceed from a place where I have a built IPA kernel + initrd.11:22
dtantsurjssfr: https://opendev.org/openstack/bifrost/src/branch/master/playbooks/roles/bifrost-ironic-install/tasks/create_esp.yml is a real-life script that uses distro-specific vars like https://opendev.org/openstack/bifrost/src/branch/master/playbooks/roles/bifrost-ironic-install/vars/redhat.yml#L9-L12?11:24
dtantsurWould it help if we provided examples in our docs? I"m somewhat worried about them getting outdated with distro changes11:24
priteauYou could also try PXE+Redfish as a first step to validate the Redfish part of your setup11:24
jssfrpriteau, that's a good idea11:25
dtantsurtrue11:26
jssfrwe should definitely do that. I was looking at redfish right now because we've run out of cables for wiring the PXE interfaces, hence I was hoping for a quick fix (which I have by now realized won't get, so we ordered cables already :))11:26
jssfrdtantsur, so, wait, another option would be to compose a complete ISO, right? Maybe we can tweak the IPA build process to generate an ISO, so we don't have to bother with that...11:28
dtantsurYes, a complete ISO is also an option (we use it in openshift)11:30
jssfrI think that's what we'll look into then. Seems like fewer moving parts than attempting to build a working ESP.11:31
jssfrI'm trying to build an ISO with disk-image-builder, I'm getting: https://paste.debian.net/1345472/12:38
jssfrI'm building with `disk-image-create -o ipa ironic-python-agent-ramdisk ubuntu devuser openssh-server mdadm-kill iso` (mdadm-kill is a thing we add, it doesn't install anything python-y, so hopefully that's irrelevant)12:38
jssfrI'll try to trim it down, but maybe someone has an idea what could be wrong there12:38
jssfrthe same error happens with just `DIB_RELEASE=focal disk-image-create -o ipa ironic-python-agent-ramdisk ubuntu`, which I think should be fairly standard?12:40
jssfrthis is with diskimage-builder==3.37.0 and ironic-python-agent-builder==5.4.012:41
dtantsurI haven't seen this error, and it sounds pretty absurd to me (9.7.0 should satisfy the requirement)12:41
jssfryeah, that's what's baffling me, .oo12:42
jssfr*too12:42
dtantsurrpittau: you seem to deal with pip a lot, have you seen ^^?12:43
jssfrlooks like using jammy (ubuntu 22.04) instead of focal (20.04) as base image works...12:48
rpittaummm I was going to ask to try that :)12:57
rpittauIf you're using latest ipa I suggest to use noble actually 12:57
jssfrour deployment process later uses only jammy, I'd like to keep the two in sync13:07
jssfr(otherwise you get funny stuff with interface names)13:07
jssfrpriteau, ftr, swicthing everything except boot to redfish just worked out of the box \o/13:08
priteauGood to hear13:12
jssfralright, now setting up boot via redfish-virtual-media. I built an ISO, put that in a place where Ironic can find it, set it as deploy_iso, and now I get: https://paste.debian.net/1345478/13:27
jssfr("The value http://image.ymc.f1c.cloudandheat.com:32080/redfish/boot-73e10a61-5cac-44af-a342-b325f6bb1f5e.iso for the property Image is of a different format than the property can accept.")13:27
jssfrdoes that mean that the redfish implementation cannot deal with HTTP URLs, or may that also be a different issue (such as that it cannot resolve the hostname or something like that)13:27
jssfroof, reading documentation for this board that smells like the BMC indeed does not support HTTP, only SMB or NFSā€¦13:34
jssfrcan one trick ironic into making an nfs URL for that?13:34
TheJuliagood morning14:23
TheJuliadtantsur: fun, okay, well... easy enough to have config, and parse it :)14:28
TheJuliaOnce I'm caffinated14:28
dtantsurjssfr: we don't support CIFS and NFS sorry15:39
dtantsurgood morning TheJulia 15:39
TheJuliajssfr: That being said, if you develop a patch for it, we would review it. I'm not sure it would be feasible to test in upstream though.. That being said, it should also be a small enough variation in the code path that we might be okay with unit testing if you posted the patch confirming you got $vendor hardware working with it.15:41
jssfrI briefly wondered about messing with the http_url template, but I suspect that would break ironic's attempt to validate the existence of images before deploy, right?15:41
jssfrso vendor hardware which rejects http(s) URLs with redfish-virtual-media, is it likely that it'd work with redfish-https?15:42
TheJuliawe use that url all over the place15:42
jssfrI suspected as much :)15:42
TheJuliaso changing it would be super bad15:42
jssfrI was also surprised to see that ironic copies the image, even though deploy_iso(?) was set to an http URL. I expected it to just pass that URL to the node.15:42
TheJuliaI'd create a new parameter, identify the vendor through existing mechanisms if possible (we save the vendor), and use the new config parameter for virtual media to source that base url to post to the BMC, that way being vendorish specific logic *and* keeping the rest of the overall impact to a minimum15:43
jssfrTheJulia, oh. I was thinking of maybe a deploy_url_template which can be set as driver info.15:43
TheJuliaWell, now it is a good thing it does because you can't hand that bmc a url15:43
jssfrwhich takes the filename relative to http_root15:44
TheJuliaI'd highly suggest trying to do it based upon the hardware vendor15:44
TheJuliathat way the user doesn't need to turn another knob or even know of the knob for that specific type of hardware15:44
jssfrthe user would have to provide an NFS share anyway15:44
jssfr(or SMB)15:44
TheJuliaonly the system admin who configured ironic needs to have the necessary configuration anyway15:44
jssfroh I see15:44
jssfrunderstood15:45
jssfrright15:45
TheJuliaThat can be at a system level, and it could just be an export of the httpboot directory for all we know15:45
jssfrI was only looking at this from the perspective of someone using ironic in the "undercloud", if you know what I mean, not as a MaaS service.15:45
TheJuliaahh, yeah15:45
jssfrIn the latter case, having it be a driver-info would be horrid indeed.15:45
TheJuliastill pretty much the same, but yeah15:45
* TheJulia goes back to OCI image registry stuffs15:45
jssfrokay, so: (1) identify vendor, (2) make config option `nfs_url`(?), (3) select `nfs_url` instead of `http_url` when deploying to that vendor (and maybe force use_swift to false for that vendor, too?)15:46
TheJuliaSort of what I was thinking15:46
TheJuliaits not great they use nfs or cifs only15:47
jssfryeah15:47
TheJulia(this is where you get to share the name of the vendor to shame them ever so slightly)15:47
jssfryou'd think http would be easier to implement than either of these.15:47
jssfrintl15:47
jssfr*intel15:47
TheJulia(very much so)15:47
TheJulia....15:47
TheJuliawhy am I not surprised?!15:47
jssfrthen again, HTTP requires to buffer the image somewhere, unless you're starting to mess with range requests when it probably gets slooow15:47
TheJulia(is this a reference board, or production gear?)15:47
jssfrwhile NFS / CIFS are arguably made for this kind of use.15:47
TheJulia((i ask, because ironic is *stupidly* popular in large scale hardware test labs))15:48
jssfrI'm off my work machine already, I can't look up the hardware---but I'd hope it's production gear, as it's in many of our servers and has been for years.15:48
TheJuliaokay15:48
TheJuliaIntel walks a really weird line about their own servers, and really always has15:48
* TheJulia only once has ordered an "Intel" server.15:49
jssfrI'm not sure if I'd call our DC a "large scale hardware test lab", though some detractors might :D15:49
TheJulia.... and it was an 8 "CPU" beast... which used processor module cards....15:49
jssfrTheJulia, you have a talent for making me consider making a patch for upstream instead of working around issues, I like that :D15:50
TheJulia(If you ever wonder how much of a pain it it was to find those processor cards... it was insane)15:50
TheJuliajssfr: I really hope you do, it stinks that the gear only supports cifs and nfs, but... it is what it is :)15:51
TheJuliaour universal job is to move forward :)15:51
jssfrit is indeed15:51
jssfrI mean iPXE works, but PXE networks are such a mess15:51
TheJuliaYeah15:51
jssfrso do you think a dumb check for "is this intel?" is enough, or should we try to narrow this down somehow?15:51
TheJuliawe save the bmc reported hardware vendor as something like task.node.properties.get('vendor')15:52
TheJulia... I don't know15:52
TheJuliaintel is a wild one15:52
jssfrpractically speaking, I think we have rather consistent hardware and can't even sample more than that.15:53
TheJuliaMaybe try http, if that fails and it is intel try falling back in the actual redfish driver?15:53
jssfroh that's a good idea15:53
jssfrsince we get a clear error from the BMC implementation15:53
TheJuliabecause... honestly, intel should evolve and improve15:53
TheJuliaexactly15:53
TheJulia... I made a funny15:53
jssfrI like that15:53
TheJuliaintel evolving and improving15:53
TheJuliaAnyway! back to work!15:54
jssfrhave fun / good luck15:55
jssfrdepending on what applies in this particular case15:55
TheJuliaSort of both, I'm deep into work to support using oci image registries for artifacts and images15:59
opendevreviewMuhammad Ahmad proposed openstack/ironic master: doc/source/admin fixes part-4  https://review.opendev.org/c/openstack/ironic/+/93946716:03
JayFDoes anyone have any environments where ramdisk driver is used with integrated openstack+nova? I can't think of a reason it wouldn't work...16:03
TheJuliaJayF: likely easier to ask scientific computing folks on their slack16:26
TheJuliasince they are the ideal users16:26
TheJuliaThat being said, you've asked the questio before, and it *should* work16:26
JayFI'll probably just try to get it to work in a devstack16:26
JayFif there's any rough edges I have time to smooth em over16:26
rpittaugood night! o/16:52
* TheJulia laughs evilly was cirros boots18:28
opendevreviewcid proposed openstack/ironic master: Apply Rules: inspection rules migration  https://review.opendev.org/c/openstack/ironic/+/93921818:30
TheJuliawell, kind of booted, might be an isue with 0.6.318:30
TheJulia"close enough"18:30
opendevreviewLuke Odom proposed openstack/ironic-python-agent master: Update mdadm array name for posix compliance  https://review.opendev.org/c/openstack/ironic-python-agent/+/93948319:13
opendevreviewJulia Kreger proposed openstack/ironic master: WIP OCI container adjacent artifact support  https://review.opendev.org/c/openstack/ironic/+/93789621:18
TheJuliaalmost there, just need to sit down and write unit tests for the actual oci client code21:22
TheJuliacurious if we should be backporting raid fixes21:28
opendevreviewcid proposed openstack/ironic-python-agent master: Treat 'No space left on device' error as fatal  https://review.opendev.org/c/openstack/ironic-python-agent/+/93950022:10
opendevreviewJay Faulkner proposed openstack/ironic-inspector master: Migrate from ironic-lib  https://review.opendev.org/c/openstack/ironic-inspector/+/93940722:16
JayFTheJulia: IMO, yes. kubajj said he'd take care of his raid fix22:16
kubajjJayF: do we backport just to stable versions or also unmaintained ones?22:19
JayFso you have to go in reverse order, so you'd do 2024.2, once that lands 2024.1 can land, and so on22:20
JayFunmaintained branches are best effort22:20
JayFso generally: backport to relevant stable branches; if you're feeling charitable or are a user of unmaintained branches, keep putting them back22:21
JayFbut TBH, something of this low impact I'd probably not take that far, the gate gets hairier the further you get back in time :D22:21
opendevreviewJay Faulkner proposed openstack/ironic-lib master: Deprecate ironic-lib master branch  https://review.opendev.org/c/openstack/ironic-lib/+/93927722:22
kubajjJayF: I will try to go as far as I can. Would say the impact is moderate (any node with target RAID config without volume name set is unable to clean)22:23
opendevreviewJay Faulkner proposed openstack/ironic-lib master: Deprecate ironic-lib master branch  https://review.opendev.org/c/openstack/ironic-lib/+/93927722:23
opendevreviewJay Faulkner proposed openstack/ironic-python-agent-builder master: Deprecate ironic-lib  https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/93928822:25
« Wednesday, 2025-01-15 Index Friday, 2025-01-17 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!