#ovirt log

14:03:18 <mburns> #startmeeting oVirt Node Weekly Sync
14:03:18 <ovirtbot> Meeting started Tue Feb 21 14:03:18 2012 UTC.  The chair is mburns. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:18 <ovirtbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:03:32 <mburns> #topic roll call and agenda
14:03:59 <mburns> agenda:  1.  Action Item Review
14:03:59 <mburns> 2.  Release status
14:04:04 <mburns> 3.  Open discussion
14:04:23 <mburns> pmyers: _jboggs:  here?
14:04:26 * pmyers in
14:04:26 * _jboggs here
14:04:40 <mburns> #topic action items
14:04:56 <mburns> #info 2.2.3 built last week, notice sent this morning
14:05:20 <mburns> #info stateless wiki updated this morning as well
14:05:28 <mburns> #link http://ovirt.org/wiki/Node_Stateless
14:05:50 <mburns> #info reviewed presentation from the last workshop and still mostly accurate
14:06:45 <mburns> #info 7 patches currently pending in gerrit
14:07:05 <mburns> mostly require my attention though
14:07:17 <mburns> #action mburns to get on top of gerrit patches
14:07:32 <mburns> _jboggs: did you every get in touch with dnaori?
14:08:07 <_jboggs> he pinged me yesterday morning around 3am est, but with time difference cant seem to work something out
14:08:21 <_jboggs> still awaiting a bios update, ill followup
14:08:35 <mburns> _jboggs: can you try going back and forth on the BZ so we can track it?
14:08:46 <_jboggs> yeah
14:08:49 <mburns> thanks
14:09:05 <mburns> #action _jboggs to follow up with dnaori on install issues
14:09:26 <mburns> that's it for action items from last week
14:09:33 <mburns> #topic release status
14:09:53 <mburns> #info oVirt Project is targetting May for the next big release
14:10:04 <mburns> probably will coincide with 2.4.0 for ovirt-node
14:10:31 <mburns> #info targeting Mid March for 2.3.0 release of ovirt-node
14:10:58 <mburns> #link http://www.ovirt.org/wiki/Node_Backlog
14:11:42 <mburns> #info 2.2.3 is shipped
14:12:12 <mburns> there are currently 20 bugs filed on 2.3.0
14:12:19 <mburns> all are NEW/ASSIGNED
14:13:42 <mburns> we have just over 3 weeks to knock these out
14:13:57 <mburns> _jboggs: let me know if we need to defer some of these or need to reprioritize
14:14:04 <_jboggs> will do
14:14:25 <mburns> #topic Open Discussion
14:14:41 <capri> im note quite sure, but i thought the actually ovirt is 3.0?
14:14:45 <ovirtbot> 14[[07Engine Node Integration14]]4 !10 02http://www.ovirt.org/w/index.php?diff=2475&oldid=2469&rcid=2551 5* 03Dougsland 5* (+78) 10/* Engine core machine */ 
14:14:55 <mburns> #info jenkins builds are still pending for node
14:15:02 <mburns> #action mburns to follow up on jenkins this week
14:15:10 <mburns> capri: yes, but that's the engine version
14:15:19 <mburns> node has different versioning
14:15:39 <capri> ok thanks :-)
14:15:51 <mburns> #info ovirt-node-iso rpms will be available by EOW
14:16:04 <mburns> #action mburns to make ovirt-node-iso builds available by EOW
14:16:19 <mburns> pmyers: _jboggs:  any other topics?
14:16:24 <_jboggs> nothing from me
14:16:46 <pmyers> mburns: do we want to review your changes to stateless wiki?
14:16:49 <pmyers> i just pulled it up
14:16:54 <mburns> sure
14:16:56 <pmyers> let
14:17:04 <pmyers> let's take a few minutes to read it over individually
14:17:09 <mburns> pmyers: mostly, i just pulled all config bundle references out
14:17:12 <pmyers> k
14:17:21 <mburns> and pointed out the need for engine to support stateless nodes
14:17:31 <pmyers> right
14:17:32 <pmyers> ok one sec
14:18:33 <pmyers> ?? Should we *require* adminpw ??
14:18:33 <pmyers> ?? Should we provide a way to set manually ??
14:18:48 <pmyers> if stateless is specified how do we persist the adminpw?
14:18:50 <pmyers> since no disk
14:19:02 <pmyers> hm
14:19:02 <mburns> pmyers: it's session only
14:19:10 <pmyers> hm
14:19:24 <pmyers> I'm wondering if we need to merge stateless w/ plugin support
14:19:29 <mburns> pmyers: we might want to consider not setting it to expire...
14:19:31 <pmyers> to provide tool for setting default admin password offline
14:19:39 <pmyers> so that it's embedded in the image
14:19:45 <pmyers> ack?
14:20:04 <mburns> pmyers: it's a perfectly valid use case
14:20:08 <pmyers> so smth like.... use offline edit to set adminpw
14:20:12 <mburns> to have the ability to set adminpw offline
14:20:15 <pmyers> if boot stateless and adminpw is not set
14:20:28 <pmyers> then prompt during ovirt-firstboot to set password at least for this session
14:20:39 <pmyers> ack?
14:21:16 <mburns> pmyers: ack
14:21:26 <pmyers> so then the question is, if adminpw is not embedded in image
14:21:33 <mburns> _jboggs: can we extract the password screen from the install
14:21:34 <mburns> ?
14:21:56 <_jboggs> and just make a small password type tui?
14:21:59 <pmyers> yeah
14:22:03 <mburns> yes
14:22:05 <_jboggs> should be easy
14:22:07 <pmyers> ok
14:22:09 <pmyers> so next problem
14:22:16 <pmyers> how does one differentiate between true firstboot
14:22:20 <pmyers> and second boot
14:22:22 <pmyers> given stateless?
14:22:24 <pmyers> hmm
14:22:43 <pmyers> thoughts?
14:22:56 <mburns> pmyers: only way by reading kargs i think
14:23:05 <pmyers> kargs would be the same for each boot
14:23:18 <mburns> at least until we get a connection to engine
14:23:22 <mburns> pmyers: my thought is:
14:23:34 <mburns> if no password set, prompt in ovirt-firstboot regardless
14:23:39 <pmyers> hmmm
14:23:46 <mburns> if set in kargs, don't expire if stateless
14:23:46 <pmyers> unless karg that says 'nopwprompt'
14:24:04 <pmyers> so you can make it so that prompt never comes up
14:24:08 <mburns> pmyers: sure
14:24:10 <pmyers> k
14:24:24 <pmyers> but better is to set pw in offline image
14:24:27 <pmyers> that makes this hella easier
14:24:31 <mburns> pmyers: yes
14:24:34 <pmyers> ok
14:24:35 <mburns> one sec
14:24:42 <pmyers> k
14:26:34 <mburns> pmyers: if we disable expiration of the admin password with kargs if it's statless, then we have a solution that works until we get plugins/offline editting
14:26:39 <ovirtbot> 14[[07Building oVirt engine14]]4 !10 02http://www.ovirt.org/w/index.php?diff=2476&oldid=2432&rcid=2552 5* 03Dougsland 5* (+745) 10
14:27:06 <pmyers> mburns: ack, but password is still lost on reboot
14:27:08 <fabiand_> good day, could the dhcp lease time be used to detect a (psuedo) true firstboot? just my 2ct
14:27:08 <ovirtbot> 14[[07Building oVirt engine14]]4 !10 02http://www.ovirt.org/w/index.php?diff=2477&oldid=2476&rcid=2553 5* 03Dougsland 5* (-2) 10/* Copying vdsm bootstrap files */ 
14:27:25 <pmyers> fabiand_: don' t know that we would want to depend on that, but it's a neat idea :)
14:27:39 <mburns> pmyers: lost, yes, but if kargs are consistent between boot, then it gets re-set the next boot
14:27:45 <pmyers> mburns: right
14:28:02 <pmyers> but constant auto prompt on console for an admin password
14:28:04 <mburns> if it's changed in the tui, then we lose that change
14:28:04 <pmyers> is a security issue
14:28:10 <pmyers> so I doubt that we can do that really
14:28:23 <mburns> pmyers: it's stop-gap until we get offline editting
14:28:29 <pmyers> agreed
14:28:35 <pmyers> that particular offline edit
14:28:39 <pmyers> should be REALLY easy
14:28:43 <pmyers> it's not full plugin
14:28:51 <pmyers> it's a simple script to set a password in the offline ISO
14:29:01 <mburns> pmyers: agreed
14:29:09 <pmyers> _jboggs: this would be a really good first step for your work on plugins
14:29:15 <_jboggs> agreed
14:29:17 <pmyers> mburns: ok so next set of problems
14:29:38 <pmyers> let's review 'what the TUI currently allows you to configure that is not oVirt Engine/vdsm specific'
14:29:45 <pmyers> network, which for stateless we assume DHCP
14:29:48 <pmyers> so that's all good
14:29:55 <mburns> #info stateless -- add prompt for password if not set
14:30:11 <pmyers> rsyslog, which we can get from DNS SRV in a stateless environment
14:30:11 <mburns> #info stateless -- don't expire password if stateless
14:30:21 <mburns> pmyers: we can do static in stateless
14:30:25 <mburns> we have kargs to support that
14:30:28 <pmyers> ah right
14:30:35 <pmyers> ok
14:30:35 <mburns> and we just run the autoinstall scripts
14:30:41 <pmyers> that works easy for pxe
14:30:42 <pmyers> but
14:30:49 <pmyers> for cd/usb you'd need a way of editing the image
14:30:55 <pmyers> to embed the kargs on a per ISO/USB basis
14:30:56 <pmyers> ack?
14:31:01 <mburns> ack
14:31:03 <pmyers> so now we have more easy requirements for _jboggs!
14:31:06 <mburns> usb is easy to edit
14:31:08 <pmyers> yep
14:31:15 <mburns> iso is harder
14:31:21 <mburns> but that's why we have edit-livecd
14:31:23 <pmyers> yes
14:31:27 <pmyers> my point exactly :)
14:31:33 <pmyers> i.e. I think the steps should be
14:31:41 <pmyers> run tool to set password, change kargs on ISO
14:31:44 <pmyers> then run iso to usb
14:31:48 <pmyers> we don't need a tool to edit usb
14:31:54 <pmyers> we should focus on always starting with editing ISO
14:31:59 <pmyers> and then just writing ISO to USB
14:32:01 <pmyers> ack?
14:32:27 <mburns> ack
14:32:37 <mburns> iso is least common denominator
14:32:44 <mburns> everyone starts with an iso
14:33:00 <mburns> so we should always start there
14:33:22 <mburns> though for developing a plugin, (once we have the tooling), we might want to recommend using a usb
14:33:38 <mburns> since you can change boot params, etc on the fly with minimal effor
14:33:42 <mburns> t
14:34:28 <mburns> actually, no
14:34:51 <mburns> that really only works for boot param settings, otherwise, you still have the livecd image in there
14:35:04 <pmyers> right
14:35:09 <pmyers> so always start w/ ISO
14:35:13 <mburns> yep
14:35:16 <pmyers> w00t
14:35:21 <pmyers> I think this all will work nicely
14:36:27 <mburns> #info plugins -- always start with iso, edit using tooling, then create derivatives (usb, cd, pxe image)
14:36:57 <mburns> #action _jboggs to create initial plugin to change admin password only
14:37:22 <_jboggs> mburns, pmyers any comments on the tooling for future use, make a menu vs --options?
14:37:28 <pmyers> both
14:37:30 <pmyers> :)
14:37:44 <mburns> _jboggs: i'd make the --options first
14:37:47 <pmyers> ack
14:37:49 <_jboggs> password = preencrypted?
14:37:57 <mburns> then we can build a ui around it
14:37:57 <pmyers> ack
14:38:46 * mburns really doesn't like have to pre-encrypt the password
14:38:53 <mburns> s/have/having
14:38:58 <pmyers> isn't that how adminpw karg works?
14:39:02 <mburns> yes
14:39:05 <mburns> but doesn't mean i like it
14:39:08 <pmyers> maybe take either preencrypted or clear text
14:39:35 <_jboggs> ill make 2 options for pre/not passwd
14:39:36 <mburns> pmyers: it's necessary in the commandline
14:39:48 <mburns> but a tool shouldn't need to do that
14:39:48 <pmyers> unless you're scripting the cmdline ;)
14:40:00 <mburns> pmyers: meant kernel command line
14:40:14 <yossarianuk> If the frontend server (i.e not the node) goes down would the vm's still run ?
14:40:24 <mburns> pmyers: rhevm-manage-domains handles this differently
14:40:43 <pmyers> yossarianuk: yes
14:40:46 <mburns> yossarianuk: yes, they will run, but you can't manage them, they won't migrate, can't statrt new ones
14:41:01 <yossarianuk> thanks for verifiying tha
14:41:03 <yossarianuk> that
14:41:09 <mburns> pmyers: manage-domains uses a password file iirc
14:41:37 <pmyers> ah
14:41:41 <pmyers> be consistent with that then
14:41:44 <mburns> _jboggs: pmyers:  i think 1 password options (--passwd)
14:41:54 <mburns> and --is_encrypted
14:41:57 <pmyers> mburns: admin and root tho
14:42:07 <pmyers> and what about snmp
14:42:10 <pmyers> cim
14:42:11 <pmyers> etc
14:42:15 <pmyers> should be able to set all of those
14:42:19 <mburns> but i really think this should be interactive
14:42:23 <mburns> in general
14:42:36 <mburns> pmyers: initial plugin should be admin only
14:42:37 <pmyers> start noninteractive just for simplicity
14:42:40 <pmyers> ack
14:43:53 <mburns> pmyers: i'd argue that we should have a separate plugin for each
14:44:14 <mburns> maybe one for admin and root passwords
14:44:23 <mburns> but cim and snmp, etc should be separate
14:44:54 <mburns> since, iiuc, they don't use the /etc/passwd file
14:45:00 <mburns> /etc/shadow
14:45:08 <pmyers> mburns: ack
14:45:28 <yossarianuk> for an OT topic - does anyone know an irc room where I can get advice on dmraid ?
14:45:41 <mburns> pmyers: i want to make it hard to set the root password though
14:45:48 <pmyers> ack
14:46:51 <mburns> anything else to cover today?
14:47:45 <mburns> yossarianuk: in relation to oVirt or just in general?
14:49:35 <pmyers> mburns: just get wiki updated for all of the above, otherwise nothing else from me :)
14:49:50 <yossarianuk> in general - usually I use swraid - however Fedora16 seems to not boot if you raid /boot/
14:50:04 <yossarianuk> (and were using FC16 for ovirt..)
14:50:06 <mburns> pmyers: ack
14:50:12 <mburns> #endmeeting