ctrees
2017-11-01 12:39
Still getting: Content Upload Failed: ValidationError New layer violates key restrictions: keysCannotBeOverridden: runner.tmpl is already in layer 1 keysCannotBeOverridden: access-keys.sh.tmpl is already in layer 1 keysCannotBeOverridden: change-stage.sh.tmpl is already in layer 1

ctrees
2017-11-01 12:41
when attempting to add os-discovery Content Package

ctrees
2017-11-01 12:41
catmini:CodeOps cat$ ./dr-provision --version dr-provision2017/11/01 12:39:56.773713 Version: v3.1.0-tip-191-7fa9a4ded571250028c61003687bd672d386910d

wdennis
2017-11-01 13:30
If anyone is going to (or already at) LISA?17 in San Fran, @ me and let?s meet up

wdennis
2017-11-01 13:30
Be there this afternoon, leaving Fri AM

spector
2017-11-01 14:29
@wdennis @shane I think Shane was going to try and stop by but I think it is doing a 2nd event as well.

greg
2017-11-01 14:38
@lae - let?s work through your remaining issue and button things up. Something like this local-security-repo true/false. If true don?t add the security repo lines. If false or not present, put the security line in place?

lae
2017-11-01 15:23
@greg I would be if we had that change since all of my other needed changes are in community content now

lae
2017-11-01 15:23
hm

greg
2017-11-01 15:23
okay - the question is: is what I described sufficient?

lae
2017-11-01 15:23
yeah, I think so

greg
2017-11-01 15:30
okay pushed something - testing now

greg
2017-11-01 15:50
That worked.

greg
2017-11-01 15:50
@lae - review the last comment when you can.

shane
2017-11-01 16:11
@wdennis - I'll be at LISA today - around Noon through the rest of the day if anyone cares to meet and discuss DRP ...etc... :slightly_smiling_face:

lae
2017-11-01 16:40
@greg ah sorry, I think I misunderstood and thought you meant the same way you implemented usage of the `local-repo` variable (because of the `if eq (.Param "local-repo") true` line). I want to be able to set `local-security-repo` to a local mirror of a security repository, if possible

lae
2017-11-01 16:41
I'm still waking up apparently

greg
2017-11-01 16:43
So a string

greg
2017-11-01 16:46
okay - I think I get it now.

lae
2017-11-01 16:48
mhm

greg
2017-11-01 16:49
like this: ``` {{if .ParamExists "local-security-repo" -}} d-i apt-setup/security_host string {{.ParseUrl "host" (.Param "local-security-repo")}} d-i apt-setup/security_path string {{.ParseUrl "path" (.Param "local-security-repo")}} {{else -}} {{if (eq "debian" .Env.OS.Family) -}} d-i apt-setup/security_host string http://security.debian.org {{else -}} d-i apt-setup/security_host string http://archive.ubuntu.com d-i apt-setup/security_path string /ubuntu {{end -}} {{end -}} ```

lae
2017-11-01 16:56
does security_path error on debian or will it just ignore it?

ctrees
2017-11-01 17:01
So does anyone know why I can't load a content package (even when I've log into the rackn beta)

greg
2017-11-01 17:01
not sure - but can preface it

greg
2017-11-01 17:01
Yeah - sorry - I forgot @ctrees.

greg
2017-11-01 17:01
Can you send me:

greg
2017-11-01 17:01
```drpcli contents list | jq .[].Name```

greg
2017-11-01 17:02
@lae ``` {{if .ParamExists "local-security-repo" -}} {{if (eq "debian" .Env.OS.Family) -}} d-i apt-setup/security_host string {{.ParseUrl "host" (.Param "local-security-repo")}} {{else -}} d-i apt-setup/security_host string {{.ParseUrl "host" (.Param "local-security-repo")}} d-i apt-setup/security_path string {{.ParseUrl "path" (.Param "local-security-repo")}} {{end -}} {{else -}} {{if (eq "debian" .Env.OS.Family) -}} d-i apt-setup/security_host string http://security.debian.org {{else -}} d-i apt-setup/security_host string http://archive.ubuntu.com d-i apt-setup/security_path string /ubuntu {{end -}} {{end -}}```

ctrees
2017-11-01 17:02
catmini:CodeOps cat$ ./drpcli contents list | jq .[].Name null null null catmini:CodeOps cat$

greg
2017-11-01 17:02
oops

greg
2017-11-01 17:03
```drpcli contents list | jq .[].meta.Name```

ctrees
2017-11-01 17:03
catmini:CodeOps cat$ ./drpcli contents list | jq .[].meta.Name "BackingStore" "drp-community-content" "BasicStore" catmini:CodeOps cat$

greg
2017-11-01 17:04
@ctrees you are trying to update the content with the update button?

ctrees
2017-11-01 17:04
I did try that...

greg
2017-11-01 17:04
Just wanting to make sure where the error is coming from

lae
2017-11-01 17:04
@greg might want to use the Param as-is for debian, since it supports a string with a path

lae
2017-11-01 17:05
so no ParseUrl

greg
2017-11-01 17:05
okay - From the UX while logged in to both saas and DRP @ctrees

greg
2017-11-01 17:05
remove the `drp-community-content`

greg
2017-11-01 17:05
then add it back.

ctrees
2017-11-01 17:06
ok..

ctrees
2017-11-01 17:07
Ok... removed, Added back, then attempted to add os-discovery and got the Content Upload Failed: ValidationError

ctrees
2017-11-01 17:09
Content Upload Failed: ValidationError New layer violates key restrictions: keysCannotBeOverridden: change-stage/map is already in layer 1 keysCannotBeOverridden: gohai-inventory is already in layer 1 keysCannotBeOverridden: kernel-console is already in layer 1 keysCannotBeOverridden: access-keys is already in layer 1 keysCannotBeOverridden: access-ssh-root-mode is already in layer 1

ctrees
2017-11-01 17:10
[GIN] 2017/11/01 - 12:08:37 | 200 | 28.719Ás | 192.168.1.200 | OPTIONS /api/v3/contents [GIN] 2017/11/01 - 12:08:37 | 200 | 1.343583ms | 192.168.1.200 | GET /api/v3/contents [GIN] 2017/11/01 - 12:08:48 | 200 | 12.763Ás | 192.168.1.200 | OPTIONS /api/v3/contents?version=tip [GIN] 2017/11/01 - 12:08:49 | 422 | 173.273486ms | 192.168.1.200 | POST /api/v3/contents?version=tip

greg
2017-11-01 17:13
can you send me: ```drpcli stages list | jq .[].Name```

greg
2017-11-01 17:13
@lae - ```{{if .ParamExists "local-security-repo" -}} {{if (eq "debian" .Env.OS.Family) -}} d-i apt-setup/security_host string {{.Param "local-security-repo"}} {{else -}} d-i apt-setup/security_host string {{.ParseUrl "host" (.Param "local-security-repo")}} d-i apt-setup/security_path string {{.ParseUrl "path" (.Param "local-security-repo")}} {{end -}} {{else -}} {{if .ParamExists "local-repo" -}} {{if eq (.Param "local-repo") true -}} # Use local-repo and !local-security-repo - no security to specify {{else -}} {{if (eq "debian" .Env.OS.Family) -}} d-i apt-setup/security_host string http://security.debian.org {{else -}} d-i apt-setup/security_host string http://archive.ubuntu.com d-i apt-setup/security_path string /ubuntu {{end -}} {{end -}} {{end -}} {{end -}}```

greg
2017-11-01 17:14
@ctrees - tip may have leaked out.

greg
2017-11-01 17:15
You may not need os-discovery.

shane
2017-11-01 17:17
@greg - remove the 'local' and that other file ??

shane
2017-11-01 17:17
not looking at a working drp right now

greg
2017-11-01 17:18
well - I think our SaaS got a dev update that I?m working on and it is getting in the way. I suspect travis/SaaS interaction is a little funky.

greg
2017-11-01 17:18
I?m about to push this all anyway and document a procedure.

greg
2017-11-01 17:18
@ctrees may be starting it.

ctrees
2017-11-01 17:18
yea I remember you telling wdennis that os-discovery was going into core ?

greg
2017-11-01 17:18
I suspect that @ctrees doesn?t need os-discovery and os-linux anymore.

ctrees
2017-11-01 17:18
me too...

greg
2017-11-01 17:19
```drpcli stages list | jq .[].Name```

greg
2017-11-01 17:19
will probably show lots of stages

greg
2017-11-01 17:19
The next step will be to convert the defaults to from ce-* to *

greg
2017-11-01 17:20
and check machines stages and bootenvs to make sure they are converted over.

ctrees
2017-11-01 17:21
@ctrees suspects @ctrees issue is just as the tip and content packages ... should I just wait for @greg merge fix'n

ctrees
2017-11-01 17:22
I'm not really in a rush.... but willing to test things... just let me know... I'll go learn more of the drcli commands

lae
2017-11-01 17:23
@greg lgtm

greg
2017-11-01 17:23
@lae - thanks. testing the not specified path .

greg
2017-11-01 17:24
@ctrees - hopefully a few hours and I?ll make a consistent tip step.

lae
2017-11-01 17:37
Oh yeah, I just remembered (while cleaning up our content to be fireeye-only) the other part to the `part-scheme` feature I wanted to implement - have the part-scheme templates be usable on both centos/debian (so checks included for OS family). Is it alright if I push some changes for that? (not urgent since we're not doing any centos installs anytime soon, I don't think)

greg
2017-11-01 17:37
yes

greg
2017-11-01 17:37
That sounds good

lae
2017-11-01 20:17
@greg are you working on documentation to build content? or is it possible it's been done already (haven't looked into building drbundle yet)

greg
2017-11-01 20:18
That is on the list but not done or really started.

greg
2017-11-01 20:19
drbundler allows you to do this: ``` go get -u http://github.com/digitalrebar/provision/cmds/drbundler PATH=$PATH:$GOPATH/bin ```

greg
2017-11-01 20:20
in a go1.9 build environment

greg
2017-11-01 20:20
```drbundler <directory> <yaml file>```

greg
2017-11-01 20:21
the directory is a digitalrebar/store in directory format.

greg
2017-11-01 20:21
That bundles it up into a digitalrebar/store file format.

greg
2017-11-01 20:21
The content API uses the file format as the transport form

shane
2017-11-01 20:22
@lae - that's on my plate - I'm working on documentation updates, but haven't gotten to building custom content yet

greg
2017-11-01 20:23
You can also bundle with drpcli. You would cd into the directory, run `drpcli contents bundle ../file.yaml --format=yaml`. It will produce the same thing.

lae
2017-11-01 20:33
it looked like for the `provision-content` repo you had a drp-community-content.yml file but I'm not sure what the contents of that should be

greg
2017-11-01 20:34
So in tip, there are now two directories.

greg
2017-11-01 20:34
content and contrib - one for each of the two content bundles.

lae
2017-11-01 20:34
mhm, realised that

lae
2017-11-01 20:34
(just reading through package.sh)

greg
2017-11-01 20:48
- TIP UPDATE - all components have been update and should be updated as a set (really).

greg
2017-11-01 20:48
To update to tip, you should do so in the following order. More specific steps for each will follow.

greg
2017-11-01 20:49
1. Update DRP to tip 2. Remove Old Content 3. Update Add Content 4. Update plugins 5. Fix up things

greg
2017-11-01 20:49
Okay so the first step - updating DRP

greg
2017-11-01 20:49
If you are running isolated, I do this: ```curl -fsSL https://raw.githubusercontent.com/digitalrebar/provision/tip/tools/install.sh | bash -s -- --isolated install --drp-version=tip --force```

greg
2017-11-01 20:50
This will force the update of the local binaries to tip. Make sure you stop drp.

greg
2017-11-01 20:50
You can do this for provision as well. If you modified your service file, you should check to make sure that it is still valid.

greg
2017-11-01 20:50
Restart drp

greg
2017-11-01 20:51
Don?t forget to copy `drpcli` to where you put to make it always available. :slightly_smiling_face:

greg
2017-11-01 20:51
Second Step - Remove old content

greg
2017-11-01 20:52
With the rework of content, you need to remove the following content packages.

greg
2017-11-01 20:52
os-linux

greg
2017-11-01 20:52
os-discovery

greg
2017-11-01 20:52
drp-community-content (if you are really behind, Digital Rebar Community Content).

greg
2017-11-01 20:53
ipmi

greg
2017-11-01 20:53
packet

greg
2017-11-01 20:53
virtualbox

greg
2017-11-01 20:53
Ensure those are gone.

greg
2017-11-01 20:54
Third Step- Put the content back.

greg
2017-11-01 20:54
drp-community-content - it is a must just get it.

greg
2017-11-01 20:54
task-library - New RackN library of services for doing interesting things.

greg
2017-11-01 20:55
drp-community-contrib - this is old or experimental things like centos6 or SL6.

greg
2017-11-01 20:55
Step Four - update the plugins.

greg
2017-11-01 20:55
If you have any plugins installed, update them now.

greg
2017-11-01 20:57
To facilitate version tracking, plugins provide their own content as a injected content from the plugin. When the plugin is added, it will also add a content layer that will show up in the content packages section.

greg
2017-11-01 20:57
Step Five - fix things up. This is mainly if you were using the ce-* version of things.

greg
2017-11-01 20:58
AND making sure all the bootenvs are up to date. This is a task you should always do after updating content.

greg
2017-11-01 20:58
Go to BootEnvs and make sure that discovery, sledgehammer, and your OS install images are still good. These could have updated and new ISOs need to be downloaded.

greg
2017-11-01 20:58
Fix those.

greg
2017-11-01 20:59
Then go to Info and preferences and make sure your default stage and bootenvs are still valid.

greg
2017-11-01 20:59
this is where `ce-sledgehammer` become `sledgehammer` and `ce-discovery` becomes `discovery`

greg
2017-11-01 21:00
The same with `ce-ubuntu-16.04-install` becomes `ubuntu-16.04-install`.

greg
2017-11-01 21:00
The same with `ce-centos-7.4.1708-install` becomes `centos-7-install`.

ctrees
2017-11-01 21:05
I'm up to step 5, so far so good (loading iso now)

greg
2017-11-01 21:06
Cool! One last thing. Make sure your machine?s stages and bootenvs are valid and update them if not.

ctrees
2017-11-01 21:07
will do... I'm doing before and after screen shots too... in hopes that I don't need them :wink:

ctrees
2017-11-01 21:09
I was attempting to figure out how to do the content package remove and update via command line... but seems the gui is involved in gen of tokens ... so used GUI

greg
2017-11-01 21:16
well the GUI (or UX as we call it) has the login access to the SaaS to get the content. You can use the cli if you have the yaml files locally. We don?t have a way for you to get this outside of the UX yet.

greg
2017-11-01 21:16
The content flow is: SaaS -> UX -> DRP

greg
2017-11-01 21:16
where the UX acts a bridge between the two systems.

shane
2017-11-01 21:28
@ctrees - you can do via CLI - it's just not "very pretty" yet, since we don't have the `drpcli` binary baked w/ the content download pieces yet

shane
2017-11-01 21:28
```drpcli contents list # see all contents drpcli contents list | jq -r '.[].meta.Name' # get raw output of just the content packs drpcli contents destroy <name> # remove content # go to RackN UX - log in, go to Hamburger menu (upper left, 3 horizontal lines) # go to Organization - User Profile - copy your UUID for Unique User Identity export RACKN_AUTH="?username=<UUID_Unique_User_Identity>" export CATALOG="https://qww9e4paf1.execute-api.us-west-2.amazonaws.com/main/catalog" curl -s $CATALOG/content/<content_name>${RACKN_AUTH} -o <content_name>.json drpcli contents create -< <content_name>.json # same steps for Plugins - but replace "content_name" with "plugin_name" # change "contents" commands to "plugin_provider"```

shane
2017-11-01 21:30
you can (obviously) chuck the output of the `contents list` and `jq` filter command in to a loop to vaguely automate destroy/curl/create operations

ctrees
2017-11-01 21:31
So I was having an issue with sledgehammer coming up as a stage... but I only loaded : drp-community-content(tip) and task-library(tip)

greg
2017-11-01 21:31
`sledgehammer` should be in `drp-community-content`

ctrees
2017-11-01 21:33
ok... I see it there... so should it show up in the Pref dropdown ?

ctrees
2017-11-01 21:33
and in stages, it an X

greg
2017-11-01 21:34
if it is available. You have to check the bootenv and the stages.

greg
2017-11-01 21:34
if you open it, it should tell you what the error is.

ctrees
2017-11-01 21:34
it's in bootenv... checking status

greg
2017-11-01 21:34
iso upload and explode is now async.

greg
2017-11-01 21:35
So you may need to refresh the screen to see if it finished.

ctrees
2017-11-01 21:39
how long should I wait after iso upload for it to explode ?

ctrees
2017-11-01 21:40
It's in bootenv, but not in Stages

ctrees
2017-11-01 21:41
I've logged out and back in... and hit page refresh and Refresh button in Stages

greg
2017-11-01 21:41
Could take awhile, but not too long. 10 minutes at most. - oh wait.

greg
2017-11-01 21:41
did you do ```drpcli bootenvs uploadiso sledgehammer```

greg
2017-11-01 21:41
That will do the magjc for you. or most of it.

greg
2017-11-01 21:41
I need to run. I?ll be on later.

ctrees
2017-11-01 21:42
catmini:CodeOps cat$ ./dr-provision --version dr-provision2017/11/01 20:54:11.070347 Version: v3.1.0-tip-193-12226aa05308b164a18f164546146eac7c549986 catmini:CodeOps cat$ ./drpcli bootenvs uploadiso sledgehammer catmini:CodeOps cat$ ./drpcli bootenvs uploadiso centos-7-install catmini:CodeOps cat$ ./drpcli bootenvs uploadiso ubuntu-16.04-install catmini:CodeOps cat$

greg
2017-11-01 21:43
```drpcli bootenvs show sledgehammer```

greg
2017-11-01 21:43
That should show what it things the errors are

ctrees
2017-11-01 21:49
catmini:CodeOps cat$ ./drpcli bootenvs show sledgehammer { "Available": true, "BootParams": "rootflags=loop root=live:/sledgehammer.iso rootfstype=auto ro liveimg rd_NO_LUKS rd_NO_MD rd_NO_DM provisioner.web={{.ProvisionerURL}} rs.uuid={{.Machine.UUID}} rs.api={{.ApiURL}} -- {{if .ParamExists \"kernel-console\"}}{{.Param \"kernel-console\"}}{{end}}", "Description": "Ram-Only image loaded with tools to allow for discovery and maintenance", "Errors": [], "Initrds": [ "stage1.img"

ctrees
2017-11-01 21:49
seems fine...

ctrees
2017-11-01 21:50
Boot Environments - sledgehammer (click on it) looks fine...

ctrees
2017-11-01 21:52
Stages - discover - Error: Stage discover wants BootEnv sledgehammer, which is not available

ctrees
2017-11-01 22:10
So.... reboot of server fixed it

ctrees
2017-11-01 22:15
and I THINK I'm getting your overall pattern... saas <file.yml> loads lots of defaults WHICH then drp-data content can 'update'

ctrees
2017-11-01 22:44
ohh... pretty new workflow icons

ctrees
2017-11-01 22:53
So... I got a VBox to start to boot... then it failed to load stage2.img

ctrees
2017-11-01 22:55
@ctrees uploaded a file: https://rackn.slack.com/files/U62R1805P/F7TG0BJPM/stage2_loadfail.png and commented: VBOX pxe to endpoint 192.168.1.200 from 192.168.33.10 via host vboxnet0 192.168.33.1

ctrees
2017-11-01 22:59
I'm sending broadcast to 192.168.33.1 (vboxnet0) ... route ?

ctrees
2017-11-01 23:00
@ctrees uploaded a file: https://rackn.slack.com/files/U62R1805P/F7T34CTU1/stage2_loadfail_netstat.png and commented: netstat -nr on mac hosting endpoint

ctrees
2017-11-01 23:33
I started drp up on the 'fake' vboxnet0 IP 192.168.33.1 and it was able to register... I guess I'll ask in the AM how you guys suggest a dev laptop setup...

lae
2017-11-02 00:54
``` Nov 02 00:50:43 labs-provision dr-provision[26688]: dr-provision2017/11/02 00:50:43.588393 Static FS: Failed to render template for /machines/c25b7315-3d50-4134-9074-5cda9abaeee5/seed: template: :589:5: executing "net-seed.tmpl" at <eq (.Param "local-re...>: error calling eq: incompatible types for comparison ``` @greg okay so I realised I made a grave assumption of what `local-repo` had meant, didn't realise it was specifically a boolean to configure the installer to use a repo from the exploded ISO until now

lae
2017-11-02 00:56
gotta go now but basically I have a need to use a locally hosted mirror for debian/ubuntu/centos

greg
2017-11-02 01:13
@lae I was waiting for this.

greg
2017-11-02 01:14
@lae we can work on a change. I?m in favor of it. We need a better way.

lae
2017-11-02 15:20
@greg I'm thinking about this more throughly -- centos/rhel "primary" mirror is specified by `url --url`, debian/ubuntu by `mirror/http` centos extra repos/mirrors specified by `repo--name=X --baseurl=X` and debian/ubuntu by `apt-setup/local#/repository $mirror $dists` with optional comment/deb-src toggle/URL to key I can use profiles to specify mirrors for different stages (so diff for ubuntu/deb/cent), so maybe a single `mirrors` array of objects parameter could work here? would it be doable to filter out something like a "primary" mirror for all dists and a "security" mirror for deb/ubuntu based on a child parameter? e.g. ``` mirrors: - name: main url: http://packages.local/debian dist: stretch main install_mirror: true - name: updates url: http://packages.local/debian dist: stretch-updates main - name: security url: http://packages.local/debian-security dist: stretch/updates main security_mirror: true ```

greg
2017-11-02 15:54
@lae, I need to think about this a little bit more. I like where this is going. You can then do profile specification of secondary.

greg
2017-11-02 15:55
I?d add a type in the field, primary, secondary, security.

greg
2017-11-02 15:56
maybe - thinking - need to look at a couple of other things first.

greg
2017-11-02 15:58
nvm - no type

greg
2017-11-02 15:58
you have it in `install_mirror` and `security_mirror`

vlowther
2017-11-02 15:59
@lae On the mirrors thing -- do you mostly care about the repos used during the OS install process, or the ones used afterwards?

lae
2017-11-02 15:59
both

vlowther
2017-11-02 16:00
because one of the things I have been kicking around is how to reduce the amount of information we need to make a given bootenv work down to just needing the kernel/initrd pair

lae
2017-11-02 16:00
while I *could* just configure them with ansible afterwards, we've just been using preseed/kickstart to configure them for quite a while

lae
2017-11-02 16:00
the mirrors var would be optional, though?

vlowther
2017-11-02 16:02
I have been reluctant to use distro mirroring schemes

vlowther
2017-11-02 16:02
as it makes fully offline deploys much trickier.

lae
2017-11-02 16:02
what do you mean?

2017-11-02 16:03
whe core become private? i have not access on that

vlowther
2017-11-02 16:04
If I want to run DRP in an environment where I do not have Internet access at all, I cannot rely on whatever default lists of mirrors to try for distro ops.

lae
2017-11-02 16:05
that's...true but that's not my use case

lae
2017-11-02 16:05
we have local mirrors within our own network

vlowther
2017-11-02 16:06
ok

vlowther
2017-11-02 16:06
What I did for DRv2 was to provide in overarching "repos to use" list: https://github.com/digitalrebar/digitalrebar/blob/master/core/barclamps/rebar.yml#L157

vlowther
2017-11-02 16:08

vlowther
2017-11-02 16:08
Would they meet your needs?

vlowther
2017-11-02 16:09
They do not solve the current requirement that DRP needs its own local mirror for OS installation purposes, but that would be a seperate step.

lae
2017-11-02 16:10
yeah, that wouldn't

lae
2017-11-02 16:11
I also don't need to introduce DR in our environment, it'll just cause information overload for people on my team without much benefit over our existing infra

vlowther
2017-11-02 16:11
ok

lae
2017-11-02 16:12
our environment also doesn't have that large of a pipe to the Internet, so for deployments of 5 nodes installing using Internet-hosted repos takes a pretty long time

vlowther
2017-11-02 16:12
I was asking of porting those roles over to DRP tasks would be sufficient

lae
2017-11-02 16:12
and the debian bootenv I don't believe has a fully usable "local-repo" as it currently is specified (using the mini iso)

lae
2017-11-02 16:13
oh

vlowther
2017-11-02 16:13
ya, the Debian bootenvs were more an exercise in minimalism than anything else.

lae
2017-11-02 16:13
Yeah, that would probably work then, but I would still need to be able to specify a repo for installation

vlowther
2017-11-02 16:14
Swalling out the netinstall isos for a more full-featured iso should work with minimal tweaks.

vlowther
2017-11-02 16:14
er, swapping

greg
2017-11-02 16:17
Okay - so there are two problems.

greg
2017-11-02 16:17
1. installation repo specification. We want to values for that: exploded iso in drp, and user specified URL.

greg
2017-11-02 16:18
2. Post-install repos - We want those done in post-install (kickstart,preseed) step.

greg
2017-11-02 16:19
Porting DR code as a task/parameter/stage would take care of #2. The specification structure may want to be simplified if possible. The task should be able to run in both the ks/seed env and post install, but that is more a goal.

greg
2017-11-02 16:20
With regard to #1, the current local-repo isn?t sufficient - it only points at the exploded ISOs repos. A specifier needs to be used. If it could use the same spec as #1 that would work.

vlowther
2017-11-02 16:23
ya -- in addition to #1, we would need a codepath for taking care of kernel and initrd handling.

greg
2017-11-02 16:31
This last one would be for handling not exploding isos at all and just referencing kernel/initrd images only.

vlowther
2017-11-02 16:37
hm... I had forgotten how annyoing the whole security repo vs. non security repo things is for Debianoids

vlowther
2017-11-02 16:43
ok

vlowther
2017-11-02 16:43
so how about this as a strategy

vlowther
2017-11-02 16:44
The stuff I currently use for DRv2 is not really suited to the OS installation phase

vlowther
2017-11-02 16:44
because it is based around working with file snippets, not raw repo information

vlowther
2017-11-02 16:45
So instead, we have a two-part solution.

vlowther
2017-11-02 16:46
1: A parameter that defines repo information in as OS agnostic fashion as we can reasonably define

vlowther
2017-11-02 16:46
something along the lines of whgat you described upstream, lae

vlowther
2017-11-02 16:47
The second part is code baked into DRP that knows how to take repos defined in that parameter and expand them in the context of a target OS

vlowther
2017-11-02 16:49
so that we can get repo definitions approprieate for writing to /etc/sources.list, etc/yum.repos.d, preseed lines, or kickstart lines

vlowther
2017-11-02 16:53
The goal is to have somehting like this: {{range .ReposFor "target-os"}} {{ .Repo "desired-format" . }} {{ end }}

vlowther
2017-11-02 16:54
and have that sequence spit out the repo information for the OS we want and in the format we want.

vlowther
2017-11-02 17:01
We already have a defined place in our template rendering functions to plug helpers like this

vlowther
2017-11-02 17:01
and getting this into DRP is a matter of porting some code I have aying around in some older versions of DRv2.

shane
2017-11-02 17:02
@vlowther do you already have something that can take an abstract "this repo info" and produces all of that apt/yum/ks/seed elements appropriately ?

shane
2017-11-02 17:03
that's not too hard to do - just an annoying exercise ... :slightly_smiling_face:

vlowther
2017-11-02 17:04
I have written code to to that in at least 2 languages so far.

vlowther
2017-11-02 17:04
:slightly_smiling_face:

lae
2017-11-02 17:12
haha

vlowther
2017-11-02 17:31
One of which was some gnarly bash.

vlowther
2017-11-02 17:36
@lae That sound like a reasonable path forward?

lae
2017-11-02 17:38
Yeah, that does

lae
2017-11-02 17:40
does feel like it's somewhat trespassing boundaries of what DRP the binary should do vs what templates should do, but I don't really have a strong opinion on that

vlowther
2017-11-02 17:45
Eh, I tend to err on the side of making the templates easier to write and read

vlowther
2017-11-02 17:46
and the current solution does not make them easy to read.

vlowther
2017-11-02 17:46
and since DRP is the thing doing the template expansion...

vlowther
2017-11-02 17:46
ok

lae
2017-11-02 17:47
yeah, I can see this getting out of hand if it was just done through templates only with current DRP

vlowther
2017-11-02 17:47
ok

lae
2017-11-02 17:47
the local-repo/local-security-repo thing took a bit of wrapping my head around

vlowther
2017-11-02 17:47
I will get started on the DRP side of this path.

lae
2017-11-02 17:48
:+1:

vlowther
2017-11-02 17:48
Should have something to review in a day or so.

lae
2017-11-02 17:50
is drpcli machines processjobs supposed to exit?

lae
2017-11-02 17:51
it seems to process through all of the tasks for the debian-9-install stage but...

lae
2017-11-02 17:52
I tried unsetting change-stage/map, then creating a new one with debian-9-install ? complete though it seems to still get stuck

lae
2017-11-02 17:53
setting the stage manually to `none` for the machine externally seems to let it proceed fine

shane
2017-11-02 17:53
@lae - set it to complete-nowait:Success

lae
2017-11-02 17:53
ah the nowait one

greg
2017-11-02 18:26
I need to document the use of the stages.

vlowther
2017-11-02 20:52
OK, after some more hacking and research, here is what I propose for a package-repositories parameter:

vlowther
2017-11-02 20:53
- name: "centos-7 install" os: "centos-7" # If installSource is true, then the URL points directly # to the location we should use for all OS install purposes # save for fetching kernel/initrd pairs from (for now, we will # still assume that they will live on the DRP server). # The os field must be an exact match for the bootenv's OS.Name field. installSource: true # For redhat-ish distros, this URL contains distro, # component, and arch components, and as such # they do not need to be further specified url: "http://mirrors.kernel.org/centos/7/os/x86_64" - name: "centos-7 everything" # Since installSource is not true here, # we can define several package sources at once by # providing a distribution and a components section, # and having the URL point at the top-level directory # where everything is housed os: centos-7 url: "http://mirrors.kernel.org/centos" distribution: "7" components: - atomic - centosplus - cloud - configmanagement - cr - dotnet - extras - fasttrack - opstools - os - paas - rt - sclo - storage - updates - name: "debian-9 install" os: "debian-9" installSource: true # Debian URLs always follow the same rules, no matter # whether the OS install flag is set. As such, # you must always also specify the distribution and # at least the main component, although you can also # specify other components. url: "http://mirrors.kernel.org/debian" distribution: stretch components: - main - contrib - non-free - name: "debian-9 backports" os: "debian-9" url: "http://mirrors.kernel.org/debian" distribution: stretch-updates components: - main - contrib - non-free - name: "debian-9 security updates" os: "debian-9" url: "http://security.debian.org/debian-security/" securitySource: true distribution: stretch/updates components: - contrib - main - non-free

vlowther
2017-11-02 20:53
(sorry for the spam, but it includes comments!)

shane
2017-11-02 20:55
oye @vlowther! use a "text snippet" for that length of paste, please :slightly_smiling_face:

vlowther
2017-11-02 21:04
As a matter of policy, I only do that when Slack tells me to, :stuck_out_tongue:

vlowther
2017-11-02 21:10
@lae That look sane to you?

shane
2017-11-02 21:12
well the nice thing about text snippets is it'll also do color context highlighting which makes it a LOT easier to read

lae
2017-11-02 21:39
^

lae
2017-11-02 21:43
@vlowther how do you specify arch for centos?

vlowther
2017-11-02 21:45
Right now I am going to let it autodetect.

lae
2017-11-02 21:46
through DRP?

vlowther
2017-11-02 21:46
ya, based on whatever arch the node we are installing is.

vlowther
2017-11-02 21:47
For Centos7 this will be pretty easy. :wink:

vlowther
2017-11-02 21:50
and for all yum-like repo formats it boils down to just using $basearch in the URL line for the individual repo

vlowther
2017-11-02 21:51
The .Repo template function will be responsible for building the urls appropriately for known operating system types.

vlowther
2017-11-02 21:52
I plan on supporting RPM distros that use yum style .repo files and deb sitros that use apt initally.

vlowther
2017-11-02 21:53
Weirder stuff can be added on an as-needed basis.

vlowther
2017-11-02 21:54
much as I like my arch linux install and pacman for package management, it doesn't exactly have a large marketshare or a decent way of doing unattended installs. :slightly_smiling_face:

lae
2017-11-02 22:09
ah right forgot about $basearch

lae
2017-11-02 22:10
also yeah, unattended installs of arch :joy:

lae
2017-11-03 00:02
``` Starting Task: change-stage (8af3d3ff-4bc8-4abe-b369-944fe82a16ea) Running Task Template: change-stage.sh.tmpl Command change-stage.sh.tmpl failed to start: fork/exec ./script: no such file or directory Task Template , change-stage.sh.tmpl, failed Task: change-stage failed ``` woops

lae
2017-11-03 00:03
(no bash on this installer)

lae
2017-11-03 00:34
(i'm trying a statically compiled bash aaand it turns out the kernel on this is 32 bit woops)

greg
2017-11-03 00:39
I have a pending change scheduled to make change-stage part of the runner. IT will avoid this problem. Not there yet though.

lae
2017-11-03 00:41
ok atm I guess I'm making a smaller task just to run drpcli to change stage to complete-nowait for these particular images

vlowther
2017-11-03 13:57
@lae no bash?

vlowther
2017-11-03 13:57
Heresy.

ctrees
2017-11-03 18:16
Just listened to @zehicle and @wdennis youtube.... I'm willing to write docs... in the past I did it by just rebuilding things over and over attempting the marketing 'demo'... So I'd basically do that for a DR demo of what @wdennis was describes.

ctrees
2017-11-03 18:22
What I was doing was writing myself docs to do @greg VBox demo and then move to @zehicle kubespray demo as I'm under the impression that DRP is really "PXE to Node" - (inventory def) -> "Node to Cluster (or system)"... which I intend to use Ansible (as I think @wdennis also intends)

ctrees
2017-11-03 18:30
... ANYWAY... workflow wise... you guys are pretty good at showing your working demos... I'm thinking if I just do what I'm doing (which is going through the video and attempting to re-create) then cross link the resources and documents... what I did in the past was to link resource much like the angular docs but also with video step links ( https://docs.angularjs.org/api/ng/service/$document )

vlowther
2017-11-03 19:46
@lae and other interested parties: https://github.com/digitalrebar/provision/pull/530 is the start of adding support baking basic repo management into DRP at template rendering time.

vlowther
2017-11-03 19:48
If you want better names for the functions that the templates will use to render templates, now is the time to suggest better ones. Preferably as review comments :slightly_smiling_face:

zehicle
2017-11-04 19:57
are you asking for "repo" vs something else?

david.bruce
2017-11-06 00:43
has joined #community201711

greg
2017-11-06 21:28

spector
2017-11-06 21:29
Congrats

spencerj
2017-11-06 21:30
:+1:

wdennis
2017-11-06 22:15
@greg Is it doable to upgrade from v3.2.0-tip-3-00bcb20b04826393bd426478ee260c553225e463 to v3.2.1 ??

greg
2017-11-06 22:15
Yes

shane
2017-11-06 22:15
3.2.0 to 3.2.1 should be easy

shane
2017-11-06 22:15
just the dr-provision binary needs to be replaced

shane
2017-11-06 23:37
tomorrows meetup details are posted ... we look forward to seeing you if you can make it ... : https://www.meetup.com/digitalrebar/events/243490141/

wdennis
2017-11-07 00:58
@shane can I curl/wget the v3.2.1 dr-provision binary from somewhere?

shane
2017-11-07 01:02
not just the binary - but you can get the zip file and just extract the binary - if you check the installer script (https://get.rebar.digital/stable), you'll see: ```echo "Installing Version $DRP_VERSION of Digital Rebar Provision curl -sfL -o dr-provision.zip https://github.com/digitalrebar/provision/releases/download/$DRP_VERSION/dr-provision.zip curl -sfL -o dr-provision.sha256 https://github.com/digitalrebar/provision/releases/download/$DRP_VERSION/dr-provision.sha256```

shane
2017-11-07 01:02
so substitute the DRP_VERSION (eg "stable") for the variable - and you can wget / curl it directly

wdennis
2017-11-07 01:12
OK, done, thx

wdennis
2017-11-07 01:21
Is there any reason that in UX?s ?Machines?, when you edit a node, you cannot change the ?Name? of the node?

wdennis
2017-11-07 01:22
I can see making the UUID immutable, but not the Name?

greg
2017-11-07 01:24
Name should be Changable. Fqdn is required

wdennis
2017-11-07 01:25
FQDN? I?ve always just used a shortname for ?Name?

lae
2017-11-07 01:26
I think in the UI it's not changeable

lae
2017-11-07 01:27
yeah, I can't edit it from the UI

lae
2017-11-07 01:27
or at least, it's not obvious how

wdennis
2017-11-07 01:27
I don?t know why, I can change it thru drpcli

lae
2017-11-07 01:27
I would expect that to be a UI bug

shane
2017-11-07 01:29
that is a UX feature which hasn't been implemented yet ... please feel free to submit an enhancement request ...

wdennis
2017-11-07 01:34
OK, done - #537

shane
2017-11-07 01:35
thx!

wdennis
2017-11-07 15:15
ssh root@912.168.1.143

shane
2017-11-07 15:58
Is that some cool new v4 IP address space ? :slightly_smiling_face:

2017-11-07 18:28
Hey Guys........Can I use DRP to install Firmware on Dell Servers?

2017-11-07 18:41
Not yet. I have not ported the dell-firmware-flash role over from digitalrebar yet.

2017-11-07 20:19
so for now...If I have to use digital rebar to update the firmware...is it not possible?

shane
2017-11-07 20:20
hello @No1 - it's possible that it can be integrated if you have already done some of the automation with the firmware/bios tools - they can be "dropped in place"

shane
2017-11-07 20:21
but @vlowther is referring to the work we've done in Digital Rebar v2 (DRv2) - which hasn't been ported in to Digital Rebar Provision v3 (DRPv3)

2017-11-07 20:21
Ohh I see...

2017-11-07 20:21
Excuse me here for my bluntness... Can we use DigitalRebar instead of Foreman?

2017-11-07 20:22
and can digital rebard do all the things that can be done by foreman?

lae
2017-11-07 20:22
I don't think DR manages virtual machines/vm hosts like foreman can

greg
2017-11-07 20:23
well, DRP can install and provision them, but currently can?t create new instances.

lae
2017-11-07 20:24
right

lae
2017-11-07 20:24
(I mean I'm also using it to provision VMs, but I'm using Proxmox for managing them)

greg
2017-11-07 20:25
drp?

lae
2017-11-07 20:26
yes

greg
2017-11-07 20:26
I?m interested in knowing what path you took to do it?

lae
2017-11-07 20:28
It's...the same as any other physical machine? I just create a machine definition in DRP and let the KVM host PXE boot with DRP's instructions.

2017-11-07 20:29
yeah...we want to use it to provision the physical hardware...?

greg
2017-11-07 20:29
okay - yeah. Sorry, I thought you meant that you were having DRP create the machine. Okay - I understand now.

lae
2017-11-07 20:29
Ah yeah no, although I can see a possibility of having Ansible do both the creation of a VM in Proxmox and then a machine definition in DRP

2017-11-07 20:29
are there any tutorials available on how to deplot DRP and then use it?

greg
2017-11-07 20:30
@lae, I think if you look at the new content, you should be able to use stage-chooser to not even create the machine before had if you want, but ?

lae
2017-11-07 20:30
Terraform too if only there were a maintained Proxmox provider

greg
2017-11-07 20:31
Yeah - that would be nice. @shane is working on some examples with packet for that.

shane
2017-11-07 20:32
@No1 - have you seen the quickstart documentation?? http://provision.readthedocs.io/en/latest/doc/quickstart.html

2017-11-07 20:33
yeah I did .. but from there how to proceed further I don't have any idea ... i will dig deep

shane
2017-11-07 20:41
do you have specific questions ? issues ?

2017-11-07 21:06
I mean would I get an userinterface to provision the systems?

2017-11-07 21:07
to define the subnets/domain/operating systems etc.?

zehicle
2017-11-07 21:12
@No1 - if you connect to https://[endpoint ip]:8092 then you will be redirected to the UX

zehicle
2017-11-07 21:12
there are a lot of videos available that show to work the system

2017-11-07 21:12
okay..thanks lemme try that !


zehicle
2017-11-07 21:13
note: it's actually https://[endpoint ip]:8092/ui

zehicle
2017-11-07 21:13
the REST api is https://[endpoint ip]:8092/api/v3

2017-11-07 22:18
okat thats great...looks like the videos got updated since I saw them last time.

2017-11-07 22:18
Thanks Zehicle :)

zehicle
2017-11-07 22:35
Glad to help. If it's been a while, then a lot has changed.

wdennis
2017-11-07 23:26
So, let me try to define Stages and Tasks...

wdennis
2017-11-07 23:27
Stages have a [optional] BootEnv, [optional] Profiles, and a list of Tasks

wdennis
2017-11-07 23:28
The list of tasks [are | are not] processed serially by a Runner <-- pls advise as to which is correct

wdennis
2017-11-07 23:29
The stage _usually_ ends in a RunnerWait state, but may not

wdennis
2017-11-07 23:30
They also _may_ contain OptionalParams, RequiredParams, and Templates

wdennis
2017-11-07 23:32
Tasks have Templates they render, _usually_ have OptionalParams, and _may_ have RequiredParams

wdennis
2017-11-07 23:34
So, Stages are collections of Tasks, which the Runner processes, then when it hits the end, it [usually] waits for more Tasks to be submitted, which may be the result of a Stage change (which has it's own list of Tasks)

wdennis
2017-11-07 23:36
(May be good to have official definitions of these somewhere, and a graphic showing the relationship and interaction with the Runner process)

wdennis
2017-11-07 23:37
(Let me know if I'm even close on the above def's)

shane
2017-11-07 23:53
@shane uploaded a file: https://rackn.slack.com/files/U6QFVRJNB/F7W3M7P1P/runner-workflow.pdf and commented: Work In Progress - but this is what runner workflow looks like ...

greg
2017-11-08 00:46
The runner process the list of tasks on a machine in order and stops on first failure.

vlowther
2017-11-08 02:41
Precisely what happens in encapsulated in the large comment at the top of https://github.com/digitalrebar/provision/blob/master/backend/jobs.go

vlowther
2017-11-08 02:42
We should probably turn that (and the POST logic for api/v3/jobs at https://github.com/digitalrebar/provision/blob/master/frontend/jobs.go#L241) into an actual document.

ctrees
2017-11-08 14:50

ctrees
2017-11-08 14:51
ietf IoT firmware update working draft

lae
2017-11-08 21:21
got around to updating the drpcli package in AUR to 3.2.1 https://aur.archlinux.org/packages/drpcli/

vlowther
2017-11-08 22:15
aieee!

vlowther
2017-11-08 22:16
you have AUR rights!

vlowther
2017-11-08 22:17
Feel free to do one for dr-provision as well. :slightly_smiling_face:

vlowther
2017-11-08 22:19
I will also gleefully accept a PR for a pkgbuild

vlowther
2017-11-08 22:19
I could use it locally. :slightly_smiling_face:

vlowther
2017-11-08 22:20
although I will have to refresh my makepkg memory. It has been awhile.

lae
2017-11-08 22:28
do you run dr-provision on arch? I don't exactly have that requirement (it gets deployed in a Debian LXC container running in our engineering environment)

vlowther
2017-11-08 22:28
In fact, I do.

vlowther
2017-11-08 22:30
Although in my case, it is from locally-built source, not from the pre-built tarballs. :slightly_smiling_face:

vlowther
2017-11-08 22:31
sudo systemctl stop dr-provision && tools/install.sh install && sudo systemctl start dr-provision is a fairly common thing for me.

vlowther
2017-11-08 22:33
In fact, I will whip up a -git version

justin
2017-11-09 14:24
has joined #community201711

shane
2017-11-09 14:41
good morning/@justin - welcome

ctrees
2017-11-09 16:47
Was going through kubespray and ran into jujucharms... has anyone used ? seems to terraform 'like'

will.acheson
2017-11-09 17:16
has joined #community201711

shane
2017-11-09 17:28
welcome @will.acheson

will.acheson
2017-11-09 17:29
Hey shane! Thanks for the invite. I think it was a great idea for us to use slack for comms.

shane
2017-11-09 17:29
:slightly_smiling_face:

zehicle
2017-11-09 17:53
@ctrees juju is pretty much a Canonical thing, not nearly as mainstream - it's the basis of all their installers so Ubuntu focused. It's pretty interesting in how it builds a deployment graph.

zehicle
2017-11-09 17:56
typically, Juju is coupled with MaaS (which I consider a DRP alternative) because of the Canonical angle.

zehicle
2017-11-09 17:58
@justin if you want to follow-up on the twitter thread about RR, this is the place. We can talk about using the runner for post-provision in Sledgehammer (or any O/S) or other approaches.

zehicle
2017-11-09 17:58
I believe the runner workflow was a topic on the last community meeting (which was recorded).

shane
2017-11-09 17:59
@zehicle @justin - the community meeting centered around `stages`, we indirectly touched on the runner in that presentation - there was some spirited discussion on the Runner (tasks/jobs/queues/etc) related to Stages after the slide-ware presentation

shane
2017-11-09 18:00
the recorded video can be found at: http://bit.ly/2yfRXVW

vlowther
2017-11-09 18:08
Baked-in repo management support in dr-provision is about ready: https://github.com/digitalrebar/provision/pull/530

vlowther
2017-11-09 18:08
@lae ^^

vlowther
2017-11-09 18:12
@ctrees DRv2 built and maintained a complete graph of everything that should happen to all machines. It actually turned out to be harder to explain and made things too rigid once the complexity of what any given workload was trying to do got past a certian point.

vlowther
2017-11-09 18:15
is why DRP has a per-machine list of tasks that get executed in order by the runner (in-order execution is easy to explain and reason about), and a mechanism for making bulk changes to that list (stages)

ctrees
2017-11-09 18:19
Thanks... going over the stages in community and @wdennis summary is really helping it to sinking in...

ctrees
2017-11-09 18:29
I'm going into UNI tomorrow to talk to Dr. Paul Gray... then it's off to talk to prof's at ISU... basically going to see what he thinks of the kubespray and terraform demo's for his microservices classes I think he's using Ceph storage now, but had an AFS (OpenAFS) stack also (which ISU also has) Dr. Gray is a Proxmox fan. My boss just wants to make sure he can hire out of the Universities to support what-ever...

marco.simoes
2017-11-09 19:00
has joined #community201711

shane
2017-11-09 19:17
welcome @marco.simoes

zehicle
2017-11-09 19:41
@ctrees cool and good luck

zehicle
2017-11-09 19:46
I've heard of Proxmox but don't know any users. How light weight?

ctrees
2017-11-09 20:17
So... I take it @shane 5min example is 'sort-of' what provision's CI/CD is/will be ?

ctrees
2017-11-09 20:18
Oh... I'm sure if DocGray likes this, I'll be doing a proxmox setup...

ctrees
2017-11-09 20:19
and I'm pretty sure he will... I already mentioned PXE swagger API and he lit up...

zehicle
2017-11-09 20:27
Takes a special kind of geek to love that phrase. Our kind of geek fwiw

ctrees
2017-11-09 20:27
I'm going to end up doing a Xen one too... plus supporting some Vagrant up... (though I hope to remove as much ruby code as possible as I move old puppet to ansible)

shane
2017-11-09 22:27
@ctrees - the 5min-drp stuff is a good model for integrating DRP into a CI/CD pipeline - right now it has "packet specific" plugin_provider, but it's pretty easy to tweak it to change-up the various content you inject

zehicle
2017-11-09 22:29
@ctrees after listening to the OpenStack discussions about Edge, there's a chance that Proxmox would be interesting if it's lighter weight than openstack

shane
2017-11-09 22:31
proxmox has grown a lot since I last looked at it - it used to be just a lightweight "manage VM compute instances on KVM

shane
2017-11-09 22:31
seems to have matured a fair bit beyond just that


lae
2017-11-09 23:24
but yeah, I mean it still is lightweight compared to openstack

ctrees
2017-11-10 14:34
@lae THANKS (nice repo)

shane
2017-11-10 15:03
@lae - I think the Moon is lightweight compared to OpenStack now ...

zehicle
2017-11-10 17:02
hides from all the shade

shane
2017-11-10 17:03
Moon Shade....

vlowther
2017-11-10 17:06
The repo management patch has been merged. You can try it out by building from source and doing the needful based on https://github.com/digitalrebar/provision/blob/master/doc/arch/data.rst#package-repositories

greg
2017-11-10 17:09
tip has it too.

vlowther
2017-11-10 17:10
The next content and DRP release will have a valid param definition for package-repositories and the server will know how to handle templates that use the .InstallRepos and .MachineRepos helpers.

vlowther
2017-11-10 17:10
The rest of the default templates will be converted over the next few releases.

vlowther
2017-11-10 17:12
The default behaviour in the absence of any defined repos is to fall back to the current local-repos behavior, so current content will continue to function normally.

shane
2017-11-10 17:20
Nice!

justin
2017-11-12 02:53
I can't assume anyone is hanging out here on a Saturday night. I FINIALLY got systems to boot to DRP

shane
2017-11-12 02:54
woot!

shane
2017-11-12 02:54
(yeah - I'm hanging out here...)

shane
2017-11-12 02:54
what was the hurdle ?

greg
2017-11-12 03:02
Nice!!!

justin
2017-11-12 03:18
lots of hurdles. I already have dhcp on my network so enabling it in dr-provision will break other clients. I tried running a dhcp proxy server https://github.com/digitalrebar/provision/issues/532 but had multiple problems with that (port conflicts on a single machine, legacy and efi hosts)

justin
2017-11-12 03:19
so now I literally have a CD in the drive that ipxe boots to DRP

shane
2017-11-12 03:20
proxy DHCP service isn't something we've enabled at the moment (as you are painfully aware) ... we've got it in the issues list, and we'll add it to the back log

justin
2017-11-12 03:20
but I need to read through docs on what to actually do with it. First I'm looking to see how to put unknown machines into a discovery mode (so I don't have to manually add them). Then I need to figure out how to actually provision a k8s cluster with it

shane
2017-11-12 03:20
we do support external DHCP - we just assume a full-featured DHCP server implementation - not the hobbled versions you'll find in (I think it was) wifi routers/etc.

shane
2017-11-12 03:21
I just added that documentation to the quickstart - for "latest" doc revision

justin
2017-11-12 03:21
right, I'm running now with `--disable-dhcp` but I needed a proxy (or in my case a CD) to do anything with it


shane
2017-11-12 03:21
make sure you're on "latest" version

justin
2017-11-12 03:21
I thought sledgehammer would autodiscover machines but I guess I was wrong. Reading through the docs now

shane
2017-11-12 03:22
the basics are to set the "prefs"

shane
2017-11-12 03:22
by default - we attempt to "do no harm" first and foremost

shane
2017-11-12 03:22
so you have to set the default stage/unknown bootenv/default bootenv ... so "discovery" will be enabled after those are set

shane
2017-11-12 03:28
once your Machines are discovered after setting Prefs - you can then add BootEnvs to them and reboot them to be installed. Advanced workflows and adding the IPMI plugin to do machine reboots from DRP can be done as well those require RackN registered account

shane
2017-11-12 03:29
you can also pre-add machines if you know MACs - by setting a reservation - using the "MAC" as the "Strategy", and the "Token" is the MAC address itself

justin
2017-11-12 03:30
`drpcli prefs set unknownBootEnv discovery defaultBootEnv sledgehammer defaultStage discovery` gave Error: POST: prefs: defaultStage: Stage discovery does not exist

shane
2017-11-12 03:30
what version of DRP are you running? ```drpcli info get```

shane
2017-11-12 03:31
did you do a `drpcli bootenvs uploadiso sledgehammer` ??

justin
2017-11-12 03:31
version v3.2.1-0-2ab654478528d1ee59781f7d53bc8f8b9c6853dd

justin
2017-11-12 03:31
I uploaded the iso in 3.2.0. Let me run it again to make sure it has the right image

shane
2017-11-12 03:32
have to rerun - it - as the sledgehammer image gets updated, and you'll need to make sure the content (v3.2.1) that requests sledgehammer matches the version of sledgehammer that is needed

shane
2017-11-12 03:32
are you using the UX ?

justin
2017-11-12 03:33
I logged into the web interface but mostly using cli

shane
2017-11-12 03:33
it's easy to check status of Stages - go to "stages" (oddly enough) - and make sure you have a check mark and not X next to the stage

shane
2017-11-12 03:33
crap

shane
2017-11-12 03:33
my fault

justin
2017-11-12 03:33
same error after uploading the sledgehammer iso

shane
2017-11-12 03:33
`defaultStage discover` (no 'y' on end)

shane
2017-11-12 03:35
hurriedly checks in doc patch ....

justin
2017-11-12 03:37
rebooting system to see if it does the right thing now

shane
2017-11-12 03:38
ok - fixed doc ...

justin
2017-11-12 03:41
k, it added the machine and now in stage discover. The system looks like it loaded sledgehammer and then rebooted to local disk. Is that expected?

justin
2017-11-12 03:41
I'm used to foreman which keeps the system in the discovery image until you decide to provision it

shane
2017-11-12 03:56
can you paste `drpcli prefs list` here ?

shane
2017-11-12 03:57
if `defaultBootEnv` is set to `local`, then that's what it'd do

shane
2017-11-12 03:58
uh - do `drpcli prefs list | grep -v Secret`

shane
2017-11-12 03:58
I don't wanna see your secrets

justin
2017-11-12 05:33
Sorry, got distracted with other things. Looking at this again now ```{ "debugBootEnv": "0", "debugDhcp": "0", "debugFrontend": "1", "debugPlugins": "0", "debugRenderer": "0", "defaultBootEnv": "sledgehammer", "defaultStage": "discover", "knownTokenTimeout": "3600", "unknownBootEnv": "discovery", "unknownTokenTimeout": "600" }```

justin
2017-11-12 05:33
I need to burn some more CDs so I can leave them in the drive. That way I don't have to go out in the garage

greg
2017-11-12 06:20
It should have stayed in sledgehammer @justin

greg
2017-11-12 06:21
Unless you have a workflow defined

justin
2017-11-12 06:46
nope, no workflows defined. I just redid my boot iso. Then going to look at the DPR settings again

justin
2017-11-12 08:04
Well I'm going to call it a night. I tried provisioning centos7 on one system but couldn't figure out the necessary steps. @shane I'm assuming you want to update discovery -> discover http://provision.readthedocs.io/en/stable/doc/operation.html#preference-setting

greg
2017-11-12 16:37
He did on the latest tree. Once we push the next release stable will update.

2017-11-12 18:34
HI all, I seem to be missing something. In the docs you claim 5mins to install on a R-Pi, but there are no ARM binaries?

shane
2017-11-12 18:37
hi @chriscowley - welcome ...

2017-11-12 18:38
hi @rackneng

shane
2017-11-12 18:38
Install can indeed happen in under 5mins - however, I believe our ARM builds were dropped due to lack of interest - if you have an ARM platform w/ Go 1.9 on it - you can pretty easily build from source

shane
2017-11-12 18:38
if there's enough interest in ARM platform - we definitely would add it back in to the builds

2017-11-12 18:38
Given the proliferation of R-Pis in the world, I think it would be cool - at least remove it from the docs :-)

shane
2017-11-12 18:39
can you point me to which doc specifically you're referring to ?

shane
2017-11-12 18:39
I'm working on some doc cleanup right now - I'll address that

shane
2017-11-12 18:39
(BTW - this is Shane, pleased to meet you)

2017-11-12 18:45
http://rebar.digital/#overview "Our extensible stand-alone DHCP/PXE/IPXE service has minimal overhead so it can be installed and provisioning in under 5 minutes on a laptop, RPi or switch"

shane
2017-11-12 18:48
Ah yes - the claim is still true, we just haven't released ARM binaries for a while. Thank you for pointing that out - I'm not hacking on those docs at the moment, but we'll get that cleaned up. It's possible that @greg can add cross-compile support for ARM via our existing build system - not sure off hand how hard that will be to add in though ...

shane
2017-11-12 18:49
In the meantime - I'm taking off for a motorcycle ride ... back in a bit ... :slightly_smiling_face:

greg
2017-11-12 18:51
The compilation is easy. The packaging isn?t too bad. The challenge is the target.

greg
2017-11-12 18:51
Finishing a Sunday. Thing.

shane
2017-11-12 20:01
@chriscowley - if we cut an ARM release for you - do you have a RPi you'll play with it on ??

2017-11-12 20:02
Odroid actually (which is ARM64)

shane
2017-11-12 20:07
if you intend to run w/ the TFTP services enabled for DRP - you'll need the bsdtar, p7zip, and unzip tools installed in your Linux OS - those are (currently) the only external dependencies we have.

2017-11-12 20:07
I know

shane
2017-11-12 20:07
We have plans to get away from them as external dependencies, but the Go Lang libraries are still lacking in ISO support features we need

shane
2017-11-12 20:07
Cool ... just wanted to highlight that. :slightly_smiling_face:

2017-11-12 20:10
@rackneng I can read the docs - even if I am apparently not capable of reading the architecture of the golang binary I download :-( (arm6l != arm64)

2017-11-12 20:11
I've probably got an R-Pi I can test on too

shane
2017-11-12 21:24
- before you get your Turkey fix ... we hope you plan on joining us for our 5th installment of the Digital Rebar Provision online meetup ... our primary discussion will be around the Runner and Jobs as they relate to stage transitions - this was a hot topic we touched on in the previous meetup - and we'll continue in more depth ... see the Meetup pages for more details, RSVP, and link to full agenda: https://www.meetup.com/digitalrebar/events/243490159/

shane
2017-11-12 21:25
Meetup is schedule for Tuesday November 21st at 11am PST ...

yusuf.hussein
2017-11-13 14:42
has joined #community201711

2017-11-13 15:03
hello

shane
2017-11-13 15:04
good morning, @hyusuf01 welcome

zehicle
2017-11-13 16:45
UX added a feature over the weekend... you can now rename your org and endpoints in your org information. This is handy if you have multiple endpoints and switch between them

zehicle
2017-11-13 16:46
on request, RackN can create orgs that are shared by multiple users.

yusuf.hussein
2017-11-13 16:49
ok . thank you

spencerj
2017-11-13 20:39
Can someone explain what the sledgehammer image is exactly? when I PXE a system with sledgehammer as the bootenv should I expect to see any kind of install screen or any output from BMC console?

shane
2017-11-13 20:40
hi @spencerj

spencerj
2017-11-13 20:40
Hey Shane! :slightly_smiling_face:

shane
2017-11-13 20:40
Sledgehammer is a live boot linux distro (based on Centos)

shane
2017-11-13 20:40
it only "live boots" - it does NOT install

shane
2017-11-13 20:40
we use it as a helper to perform workflow tasks (prep physical server for install, collect inventory, etc.)

shane
2017-11-13 20:41
it's primary purpose is to help implement an OS install - by "discovering" Machine info, and enabling more advanced OS install workflow scenarios

shane
2017-11-13 20:41
does that help understand it a bit more ?

spencerj
2017-11-13 20:42
okay cool! and yes it does! I'm probably doing something wrong because I just stood up DRP in "isolated" mode, setup my subnet with DHCP reservations and then PXE'd another system. watching the logs DRP got the request, found the reservation and issued the IP... but then nothing else happened.. the system failed out PXE.

shane
2017-11-13 20:43
that's a "safety mechanism"

spencerj
2017-11-13 20:43
ohhhhhh

shane
2017-11-13 20:43
we do not do any install unless you tell us to

spencerj
2017-11-13 20:43
even for sledgehammer?

spencerj
2017-11-13 20:43
that's the default bootenv I setup.

shane
2017-11-13 20:44
yes - can you copy the `drpcli prefs list | grep -v Secret` output here ?

spencerj
2017-11-13 20:45
``` { "debugBootEnv": "0", "debugDhcp": "0", "debugFrontend": "1", "debugPlugins": "0", "debugRenderer": "0", "defaultBootEnv": "sledgehammer", "defaultStage": "discover", "knownTokenTimeout": "3600", "unknownBootEnv": "discovery", "unknownTokenTimeout": "600" } ```

shane
2017-11-13 20:45
based on this - and assuming your subnet specification is right (along with required or optional Reservations configs)

shane
2017-11-13 20:45
you should boot in to Sledgehammer OS instance - and then stop

shane
2017-11-13 20:46
after this - you'd want to manually specify a BootEnv for OS install (eg `ubuntu-16.04-install`)

shane
2017-11-13 20:46
and reboot the Machine

shane
2017-11-13 20:46
... or ...

shane
2017-11-13 20:46
delve in to the world of our Workflow (stages) to automate the process

spencerj
2017-11-13 20:47
yeah.. after the DHCP response I saw something about a "file not found" or "couldn't download file" or something along those lines but then it failed too quickly for me to capture..

spencerj
2017-11-13 20:47
rebooting the node now to see if I can screenshot it.

shane
2017-11-13 20:48
does `drpcli bootenvs show sledgehammer | jq '.Available'` return "true" ?

spencerj
2017-11-13 20:49
yes

shane
2017-11-13 20:50
also make sure that you don't have an FW rules blocking ports 67, 69, 8091, and 8092 on the DRP Endpoint

spencerj
2017-11-13 20:50
the PXE error I get is "No boot filename received."

spencerj
2017-11-13 20:50
firewall is disabled completely along with SELinux.

shane
2017-11-13 20:51
are you using the built-in DHCP/TFTP - or external services ?

spencerj
2017-11-13 20:53
internal I assume.. I didn't set anything up external.

shane
2017-11-13 21:01
@spencerj do you have another DHCP server on the network ?

spencerj
2017-11-13 21:02
there shouldn't be.. I'm on a private VLAN.

shane
2017-11-13 21:02
does your DRP Endpoint have multiple NIC interfaces ?

shane
2017-11-13 21:02
a simple test would be to disable DRP on the host, then reboot your Machine to see if it gets a DHCP response

spencerj
2017-11-13 21:02
yes.. it's my "jumpnode" into the VLAN.. so it has a routable IP and private IP on separate interfaces.

shane
2017-11-13 21:03
ah - you may need to set the `--static-ip=` option to `dr-provision` to the correct network that you are trying to provision on

spencerj
2017-11-13 21:04
:flushed:

spencerj
2017-11-13 21:04
LOL

spencerj
2017-11-13 21:04
I was wondering about that when I ran the little "install" script.

spencerj
2017-11-13 21:04
I used the production IP because I figured that was needed to ensure the GUI was accessible.

spencerj
2017-11-13 21:05
I setup the subnet to listen on the private vlan though..

spencerj
2017-11-13 21:05
what's the easiest way to point the --static-ip option at the right address?

vlowther
2017-11-13 21:06
Try not specifying it first.

spencerj
2017-11-13 21:06
?? you mean just re-run the script?

vlowther
2017-11-13 21:07
When dr-provison ran, did it run wilt a --static-ip option set?

spencerj
2017-11-13 21:08
yes.. from the docs I ran this: `sudo ./dr-provision --static-ip=<production_ip> --base-root=/root/dr-test/drp-data --local-content="" --default-content="" &`

vlowther
2017-11-13 21:08
ok

shane
2017-11-13 21:08
FYI - the UX never directly talks to the DRP Endpoint (or the other way-round - endpoint never directly talks to UX)

vlowther
2017-11-13 21:08
Try deleting the --static-ip option

spencerj
2017-11-13 21:09
do I need to stop any services or anything before re-running?

vlowther
2017-11-13 21:11
Yeah, kill dr-provision first. :slightly_smiling_face:

spencerj
2017-11-13 21:12
okay! it seems to have run.. anyway to check values now?

spencerj
2017-11-13 21:13
or should I just try to PXE the machine again?

vlowther
2017-11-13 21:13
yes

spencerj
2017-11-13 21:17
same behavior: ``` dr-provision2017/11/13 22:16:43.501114 Received DHCP packet: type Discover xid 0x67cba53e ciaddr 0.0.0.0 yiaddr 0.0.0.0 giaddr 0.0.0.0 chaddr 00:1e:67:cb:a5:3e dr-provision2017/11/13 22:16:43.501992 Reservation for 10.0.0.3 has a lease, using it. dr-provision2017/11/13 22:16:43.504871 xid 0x67cba53e: Discovery handing out: 10.0.0.3 to 00:1e:67:cb:a5:3e via 10.0.0.10 ```

spencerj
2017-11-13 21:17
but the system says "No boot filename received".

vlowther
2017-11-13 21:17
ok

vlowther
2017-11-13 21:18
What is the system?

spencerj
2017-11-13 21:18
what do you mean? what is the hardware?

vlowther
2017-11-13 21:18
is it hardware , a VM, etc.

spencerj
2017-11-13 21:18
oh.. hardware. standard Intel server in a rack.

vlowther
2017-11-13 21:19
ok, cool.

vlowther
2017-11-13 21:19
hm.

vlowther
2017-11-13 21:20
Do you just have a reservation for that mac address, or is there a subnet definition as well?

spencerj
2017-11-13 21:20
I defined a subnet 10.0.0.1/16 and specified "Require DHCP Reservation".

spencerj
2017-11-13 21:20
and then a created the reservation using MAC for the sytem.

vlowther
2017-11-13 21:21
ok cool..

vlowther
2017-11-13 21:21
You have drpcli on the system?

spencerj
2017-11-13 21:21
yes

vlowther
2017-11-13 21:21
Just saw that in the backscroll

spencerj
2017-11-13 21:21
LOL.. no worries!

vlowther
2017-11-13 21:21
What does drpcli subnets list show?

spencerj
2017-11-13 21:22
``` [root@master dr-test]# drpcli subnets list [GIN] 2017/11/13 - 14:22:05 | 200 | 93.935055ms | 127.0.0.1 | GET /api/v3/subnets [ { "ActiveEnd": "10.0.0.5", "ActiveLeaseTime": 60, "ActiveStart": "10.0.0.2", "Name": "enp4s0f1", "NextServer": "10.0.0.10", "OnlyReservations": true, "Options": [ { "Code": 1, "Value": "255.255.0.0" }, { "Code": 28, "Value": "10.0.255.255" } ], "Pickers": [ "hint", "nextFree", "mostExpired" ], "ReservedLeaseTime": 7200, "Strategy": "MAC", "Subnet": "10.0.0.1/16" } ] ```

vlowther
2017-11-13 21:22
Well, that would do it. :slightly_smiling_face:

vlowther
2017-11-13 21:23
No PXE options there.

spencerj
2017-11-13 21:23
:flushed:

spencerj
2017-11-13 21:23
**facepalm**

spencerj
2017-11-13 21:24
how do I add that? I'm looking at the "Edit" page for the subnet.

vlowther
2017-11-13 21:25
Add an option, code=67, value=lpxelinux.0

vlowther
2017-11-13 21:25
Here is what mine liike like for reference:

vlowther
2017-11-13 21:25
[ { "ActiveEnd": "192.168.124.254", "ActiveLeaseTime": 60, "ActiveStart": "192.168.124.10", "Available": true, "Enabled": true, "Errors": [], "Name": "docker0", "NextServer": "192.168.124.11", "OnlyReservations": false, "Options": [ { "Code": 3, "Value": "192.168.124.11" }, { "Code": 6, "Value": "192.168.124.11" }, { "Code": 15, "Value": "http://example.com" }, { "Code": 67, "Value": "lpxelinux.0" }, { "Code": 1, "Value": "255.255.255.0" }, { "Code": 28, "Value": "192.168.124.255" } ], "Pickers": [ "hint", "nextFree", "mostExpired" ], "ReadOnly": false, "ReservedLeaseTime": 7200, "Strategy": "MAC", "Subnet": "", "Validated": true } ]

spencerj
2017-11-13 21:26
okay awesome! giving this a try now!

spencerj
2017-11-13 21:26
does this support iPXE and UEFI?

vlowther
2017-11-13 21:27
Not with that ilename, you will need something a little more complicated for that. :slightly_smiling_face:

spencerj
2017-11-13 21:28
okay I didn't think so. :slightly_smiling_face: We are using Cobbler right now and I'm evaluating DRP as a replacement.

spencerj
2017-11-13 21:29
we were able to get iPXE and UEFI to work in Cobbler with a little "wizardry" but it's not may favorite solution.

spencerj
2017-11-13 21:32
BINGO! that did it! thank you @vlowther

shane
2017-11-13 21:32
excellent !

shane
2017-11-13 21:32
@spencerj did you use any of the DRP Docs to get started ?

vlowther
2017-11-13 21:33
The neat thing is that the bootfile option is actually a template that can be expanded based on the contents of the DHCP packet.

vlowther
2017-11-13 21:33
I an trying to find our usual example -- been awhile since I used it.

greg
2017-11-13 21:34
bootfile

vlowther
2017-11-13 21:39
Of you set option 67 to `{{if (eq (index . 77) ?iPXE?) }}default.ipxe{{else if (eq (index . 93) ?0")}}lpxelinux.0{{else}}bootx64.efi{{end}}` it will ise iPXE if that has already been loaded, otherwise it will use lpxelinux.o on BIOS systems and elilo on UEFI systems.

shane
2017-11-13 21:39
(thank you @vlowther... for adding back ticks :slightly_smiling_face: )

vlowther
2017-11-13 21:40
Similarly, `{{if (eq (index . 77) ?iPXE?) }}default.ipxe{{else if (eq (index . 93) ?0")}}ipxe.pxe{{else}}ipxe.efi{{end}}` will force the use of ipxe for BIOS and UEFI systems.

spencerj
2017-11-13 21:40
:slightly_smiling_face:

vlowther
2017-11-13 21:41
So you can pick and choose what to use based on what has been validated with your gear,.

spencerj
2017-11-13 21:41
this looks pretty close to what we are using in Cobbler: ``` if exists user-class and option user-class = "gPXE" { filename "$_system_filename"; } else if exists user-class and option user-class = "iPXE" { filename "$_system_filename"; } else if exists pxe-system-type and option pxe-system-type != 00:00 { filename "ipxe.efi"; } else { filename "undionly.kpxe"; } ```

greg
2017-11-13 21:42
You could add in the gpxe template test as well.

vlowther
2017-11-13 21:42
Same idea, different mechanism

spencerj
2017-11-13 21:43
sure!

spencerj
2017-11-13 21:43
I think Cobbler just uses gPXE by default which is why it's there.

vlowther
2017-11-13 21:44
Until someone embeds a nice scripting language into their DHCP server, template expansion or weird config language hacks are the order of the day for this particular task. :slightly_smiling_face:

vlowther
2017-11-13 21:45
That little bind config snippet (and variants of it) have been around since before gpxe was forked to make ipxe.

spencerj
2017-11-13 21:45
LOL

vlowther
2017-11-13 21:45
Back a few product generations when we drove bind like that we did the same thing. :slightly_smiling_face:

spencerj
2017-11-13 21:46
okay so my system booted sledgehammer! yay! is there a way to see the system specs it gathered somewhere?

shane
2017-11-13 21:46
`drpcli machines list`

spencerj
2017-11-13 21:47
yeah I saw that. but it just had basic system info, name, description and UUID... does sledgehammer gather "Facts" like ansible? system specs? memory, cpu info etc...

shane
2017-11-13 21:47
also (if you haven't found it already) - you can append `--format=yaml` to view yaml -vs- json output

spencerj
2017-11-13 21:47
oh nice! that's helpful!

vlowther
2017-11-13 21:49
If you are running on tip you should have a Sledgehammer that has gohai

spencerj
2017-11-13 21:50
I think I ran with "stable": `v3.0.1-tip-20-93fd333f6046a4f49e58720647c31e9b1ed9bf07`

vlowther
2017-11-13 21:50
so part of the machine should be a huge blob containing an ever-growing list of what we consider to "interesting" hardware and basic config data

shane
2017-11-13 21:50
Um ... we hope not v3.0.1

shane
2017-11-13 21:50
that's ... ancient ...

vlowther
2017-11-13 21:50
That is a rather old stable. :slightly_smiling_face:

spencerj
2017-11-13 21:50
LOL

shane
2017-11-13 21:50
(which doesn't have inventory capabilities)


spencerj
2017-11-13 21:51

shane
2017-11-13 21:51
HIGHLY recommend you switch to "latest" for the docs

spencerj
2017-11-13 21:51
ohhhh.

spencerj
2017-11-13 21:51
:stuck_out_tongue:

shane
2017-11-13 21:52
we're about to revision the doc versions shortly - but it's lagging a bit behind ATM

shane
2017-11-13 21:52
you can check your DRP endpoint version with `drpcli info get`

spencerj
2017-11-13 21:53
gotcha! I just saw "stable" and well.. ya know.. it felt "safe"! :stuck_out_tongue_winking_eye:

shane
2017-11-13 21:53
you'd want to chuck an `--upgrade=true` on the end of all of that to do an upgrade (after you kill `dr-provision`)

spencerj
2017-11-13 21:53
ha ha.. I just ran `drpcli info get` and it said "unknown command "info""

vlowther
2017-11-13 21:53
too old for info. :slightly_smiling_face:

spencerj
2017-11-13 21:53
LOL

shane
2017-11-13 21:54
current stable is `v3.2.1-0-2ab654478528d1ee59781f7d53bc8f8b9c6853dd`

shane
2017-11-13 21:54
you can also shorten your `curl` a lot ....

shane
2017-11-13 21:55
`curl -s get.rebar.digital/stable | bash -s -- install --isolated --upgrade=true`

spencerj
2017-11-13 21:55
well I like that! :slightly_smiling_face:

shane
2017-11-13 21:55
hmm

shane
2017-11-13 21:56
though ... there are significant changes to "content"

shane
2017-11-13 21:56
it's really better if you wipe and restart - since updating the content pieces is a bit arduous process

shane
2017-11-13 21:57
I don't think we've done an in-house 3.0.1 to 3.2.1 direct upgrade - we do have upgrade steps listed in Doc - but ...

spencerj
2017-11-13 21:57
no worries!

spencerj
2017-11-13 21:57
I did an "isolated" install so I'll just wipe the dir and start over.

shane
2017-11-13 21:57
have you seen the UX for it yet ?

spencerj
2017-11-13 21:58

shane
2017-11-13 21:58
https://<your_drp_endpoint>:8092/

spencerj
2017-11-13 21:58
yes! I LOVE IT!!!!!

shane
2017-11-13 21:58
cool - @zehicle will get a warm fuzzy glow hearing that statement ...

zehicle
2017-11-13 21:59
yes, I did!

spencerj
2017-11-13 21:59
ha ha ha!

spencerj
2017-11-13 21:59
:thumbsup: :thumbsup:

zehicle
2017-11-13 22:00
if you are coming from v3.0 then it's a big jump

spencerj
2017-11-13 22:00
ohh.. I haven't seen the ux for 3.2

spencerj
2017-11-13 22:00
working on the install now.

shane
2017-11-13 22:01
the UX you've seen - is it "green" theme - or "blue" theme ?

spencerj
2017-11-13 22:02
blue theme:

shane
2017-11-13 22:02
ok - that's the new UX :slightly_smiling_face:


spencerj
2017-11-13 22:02
oh okay cool!

shane
2017-11-13 22:02
yep

spencerj
2017-11-13 22:02
:slightly_smiling_face:

spencerj
2017-11-13 22:02

spencerj
2017-11-13 22:03
is this going outside my network for anything?

shane
2017-11-13 22:03
your DRP Endpoint never reaches out (nor does the UX reach in to endpoint)

shane
2017-11-13 22:03
your browser is operating in CORS model - basically a "go-between" for the RackN Portal, and connecting to the DRP Endpoint

shane
2017-11-13 22:03
it's a single page React application you run in your browser

spencerj
2017-11-13 22:04
oh okay!

shane
2017-11-13 22:04
connection is `endpoint <-- browser --> rackn portal`

vlowther
2017-11-13 22:04
and that http://rackn.github.io is just where the app part loads from.

shane
2017-11-13 22:04
(had my arrows bass-ackwards - sorry)

shane
2017-11-13 22:05
exactly - there are some "content" Library pieces that rely on the RackN portal service - so you're browser will call out to our Portal for things like Contents, Plugins, etc...

shane
2017-11-13 22:06
Authentication is two-part - your Auth to your DRP Endpoint (that's the simple Auth w/ the default "rocketskates" username)

spencerj
2017-11-13 22:06
ohhh.. okay! :slightly_smiling_face:

shane
2017-11-13 22:06
and then the RackN (optional) Portal account for storing and managing your endpoint(s) information and managing them - and the contents you use across your infrastructure

shane
2017-11-13 22:07
again - that's Optional - as Endpoint management will work fine without the RackN Portal account - but you lose access to the advanced workflow management pieces w/out the Portal account

spencerj
2017-11-13 22:08
Are you guys collecting data/metrics/telemetry based on access to the Portal (even for non-RackN accounts)? I work for Intel so I gotta ask the "security" questions! :stuck_out_tongue:

shane
2017-11-13 22:08
we have some training slide decks that might be interesting for you: Feature Landscape: https://goo.gl/GYtwNS Installation: https://goo.gl/BoQG8J Configuration: https://goo.gl/BzJzTP Content Introduction: https://goo.gl/LChN6r Understanding Stages: https://goo.gl/iUjNNJ

spencerj
2017-11-13 22:12
awesome! I'll look all of this over.


spencerj
2017-11-13 22:16
not sure if this is a bug.. I was just trying to update the MAC for the reservation but it wont let me.

spencerj
2017-11-13 22:19
also... I ran the new install command: `curl -s get.rebar.digital/stable | bash -s -- install --isolated --upgrade=true` but after drpcli still shows v3.0.1

shane
2017-11-13 22:30
so - you must have an older version binary that's getting started up from a previous install ?

shane
2017-11-13 22:30
did you do a "production" mode install that put a `dr-provision` binary in `/usr/local/bin` ?

shane
2017-11-13 22:31
(and presumably, you're running `drpcli` on the same node as the `dr-provision` binary - the DRP Endpoint) ?

spencerj
2017-11-13 22:32
yes, drpcli is on the same node as dr-provision.. checking /usr/local/bin

shane
2017-11-13 22:32
in _isolated_ install mode - the`dr-provision` binary should be installed as: `bin/linux/amd64/dr-provision`

shane
2017-11-13 22:32
if you run that binary w/ `--version` flag, what does it spit out ?

shane
2017-11-13 22:33
```root@demo:~$ bin/linux/amd64/dr-provision --version dr-provision2017/11/13 22:32:05.195814 Version: v3.2.1-0-2ab654478528d1ee59781f7d53bc8f8b9c6853dd```

spencerj
2017-11-13 22:33
whoa... I guess I was on this same system back in May!! LOL.. whoops!

spencerj
2017-11-13 22:33
drpcli and dr-provision both in /usr/local/bin.. LOL

spencerj
2017-11-13 22:33
I guess I'll delete those and start over.

shane
2017-11-13 22:33
yeah - that would be what we call "production" install mode

shane
2017-11-13 22:34
I'd recommend wiping (or at least archiving off - if you were previously using them and worried about preserving) the following: ```/usr/local/bin/dr-provision /usr/local/bin/drpcli /var/lib/dr-provision/ /var/lib/tftpboot/```

shane
2017-11-13 22:35
those are the defautl paths that v3.0.1 used - so adjust accordingly if you installed in a different location

spencerj
2017-11-13 22:35
okay! all cleaned up!

shane
2017-11-13 22:36
also - there might be an ```/etc/systemd/system/dr-provision``` start up script that should be checked

shane
2017-11-13 22:36
(or other appropriate init script)

spencerj
2017-11-13 22:45
okay I think I'm back up! :slightly_smiling_face:

spencerj
2017-11-13 22:45
``` "version": "v3.2.1-0-2ab654478528d1ee59781f7d53bc8f8b9c6853dd" ```

shane
2017-11-13 22:45
Yay! Welcome to the modern Era !

spencerj
2017-11-13 22:46
LOL

greg
2017-11-13 22:46
lol


spencerj
2017-11-13 22:48
booting to sledgehammer but it looks like it's bombing out.

greg
2017-11-13 22:49
Make sure that your static-ip is not set (and if its not, you may need to specify it).

greg
2017-11-13 22:49
It appears that it is use the static-ip fall back

shane
2017-11-13 22:49
wasn't your DRP endpoint 10.0.0.10 ?

spencerj
2017-11-13 22:49
LOL.. yeah it's not set, or at least I didn't specify one for the initial dr-provision command.

greg
2017-11-13 22:50
192.168.124.11 is our default thing

spencerj
2017-11-13 22:50
the DRP host has 2 NICs.. one routeable and one private.

shane
2017-11-13 22:50
`ps -ef | grep dr-provision | grep -v grep` (plz)

spencerj
2017-11-13 22:50
I only want to listen on the private interface. but I want to access UX on routable.

shane
2017-11-13 22:51
the DRP Endpoint doesn't need access to public internet/RackN Portal for UX

shane
2017-11-13 22:51
you just have to be able to reach the DRP Endpoint from your laptop/desktop/whatever

spencerj
2017-11-13 22:51
``` root 15445 13994 3 15:38 pts/0 00:00:27 ./dr-provision --base-root=/root/dr-test/drp-data --local-content= --default-content= ```

greg
2017-11-13 22:52
so, we try and guess, but somethings we get it wrong. The `static-ip` is the fallback if we can?t guess the outbound interface.

greg
2017-11-13 22:52
Sooo - `--static-ip=10.0.0.10`

spencerj
2017-11-13 22:52
oh okay!

spencerj
2017-11-13 22:52
got it!

greg
2017-11-13 22:53
We may want to re-evaluate that code. It seems like it may not be working correctly.

spencerj
2017-11-13 22:54
so to be clear.. the static-ip should be the interface targeted for DHCP/PXE traffic?

shane
2017-11-13 22:54
yep

spencerj
2017-11-13 22:54
okay cool!

zehicle
2017-11-13 23:00
@spencerj we collect the "drpcli info get" information about endpoints that connect to the UX. That's what we use to determine the features that can be enabled and if there are any version warnings.

spencerj
2017-11-13 23:00
oh okay cool!

zehicle
2017-11-13 23:00
we don't store any passwords, content or other data about the endpoint.

spencerj
2017-11-13 23:01
sweet thanks!

spencerj
2017-11-13 23:01
so now that I'm running the latest stuff on 3.2. Is there a way to see the info that sledgehammer collected? does it collect "facts" like ansible?

shane
2017-11-13 23:02
`drpcli machines list`

shane
2017-11-13 23:03
or, get a list of Machine names: `drpcli machines list | jq '.[].Name'` `"snoopy"` and then show a specific machine: `drpcli machines show snoopy`

shane
2017-11-13 23:03
the Machines menu entry in the UX also shows the inventory information

shane
2017-11-13 23:07
to dump *just* the inventory for a given machine: `drpcli machines list | jq -r '.[] | "\(.Name) \(.Uuid)"'` `snoopy 80b86604-be25-4f27-ba0b-f8382db42b96` then use the UUID to get the inventory for the given machine: `drpcli machines get 80b86604-be25-4f27-ba0b-f8382db42b96 param gohai-inventory`

zehicle
2017-11-13 23:09
@spencerj RE inventory... there are params on the machine AND params from the profiles that are on the machine (including global by default). So the "inventory" per machine merges both together when it expands params in templates

spencerj
2017-11-13 23:18
awesome thanks!

spencerj
2017-11-13 23:19
now who can tell me about the RAID/BIOS capabilities? what does this mean? can DRP automate RAID configuration?

spencerj
2017-11-13 23:20
specifically I'm asking about HW raid controllers like LSI.

shane
2017-11-13 23:21
yes - we can, however - it's not yet 100% baked - @vlowther has been working on the RAID capabilities - porting the MegaRAID tools (which support LSI controllers) from our older DRv2 product to our current DRPv3

spencerj
2017-11-13 23:22
okay awesome!

shane
2017-11-13 23:22
same story - but I believe the porting is a lot further behind ... for BIOS/Firmware capabilities

shane
2017-11-13 23:22
note that RAID/BIOS stuff are "premium" features that are paid content pieces w/ RackN - not part of the OpenSource provisioning pieces

spencerj
2017-11-13 23:24
okay cool! and yeah.. I saw that on the RackN pricing page. so what exactly do we get for the "$1 per server per month" ? obviously not the RAID/BIOS stuff, but what are the main added features with the paid plan?

spencerj
2017-11-13 23:24
I think you, or someone mentioned "Control Workflow" earlier? is that not included with DRP?

zehicle
2017-11-13 23:26
that base is for RackN support of the open source.

zehicle
2017-11-13 23:26
the control workflow was moved into the open source for v3.2

spencerj
2017-11-13 23:27
OH.. SWEET!

zehicle
2017-11-13 23:28
you are right, RAID/BIOS, metal IPMI, direct to disk imaging, licensed O/Ses, etc are ala cart pricing

spencerj
2017-11-13 23:29
okay cool! thank you!

spencerj
2017-11-13 23:30
and thank you to everyone who's chimed in today! SUPER helpful!

shane
2017-11-13 23:41
no problem ! let us know if you run into any other issues ...

shane
2017-11-14 20:04
( @chriscowley ) - we now have an arm64 Linux build in our "tip" version... NOTE - this is extremely minimally tested (i.e. I chucked it on an arm64 centos7 platform in http://packet.net ... and it worked, but YMMV) - please treat it like "alpha" feature. To install - use "tip" version, like: `curl -s get.rebar.digital/tip | bash -s -- install --isolated --drp-version=tip`

2017-11-15 07:51
@rackneng I'll try it on oDroid C2 when I get a chance. The Rpi is not ARM64 though - it is ARMv7 :-)

2017-11-15 07:51
While ARM64 sits me, I think the wider community would benefit more from an ARMv7 build

shane
2017-11-15 15:21
@chriscowley - what does `uname - m` on those v7 platforms return?

yusuf.hussein
2017-11-15 18:10
hello

yusuf.hussein
2017-11-15 18:10
can i assign a static ip for guest vm

shane
2017-11-15 18:20
@yusuf.hussein - yes, you would use a "Reservation" to do that - but you do need to know "some info" about your Guest VM to assign an IP to it

shane
2017-11-15 18:20
usually that's the MAC address

yusuf.hussein
2017-11-15 18:23
for one server we can have mac address

yusuf.hussein
2017-11-15 18:23
what if for more than 100

shane
2017-11-15 18:25
the (minimal) UX doc we have is: http://provision.readthedocs.io/en/latest/doc/ui.html#reservations or - via the `drpcli` command line, you could do: ```echo '{ "Addr": "1.2.3.4", "Available": true, "NextServer": "1.2.3.10", "Options": [], "ReadOnly": false, "Strategy": "MAC", "Token": "00:0c:3f:f1:13:d3" }' > my_reservation.json drpcli reservations create -< my_reservation.json```

shane
2017-11-15 18:25
you could allow the machines to be discovered automatically by DRP - then convert an existing Lease to a static reservation - if you don't want to collect the MAC addrs of all of your Machines

yusuf.hussein
2017-11-15 18:38
ok thank you

yusuf.hussein
2017-11-15 18:38
let me try

yusuf.hussein
2017-11-15 22:57
is it going to be any impact in our excising DHCP server if we add these parameter

yusuf.hussein
2017-11-15 22:57
set next-server 192.168.19.79 ? Rackn server set filename " lpxelinux.0"

zehicle
2017-11-16 01:27
@yusuf.hussein the system can also be set to reserve the ip after assignments. So it keeps getting the same address after the first dhcp

zehicle
2017-11-16 01:29
Oh, @shane said the sand thing earlier

mprzyjazny
2017-11-16 04:57
has joined #community201711

2017-11-16 08:02
@rackneng `uname -m` returns `armv7l`on a R-Pi and `aarch64` on an oDroid

2017-11-16 08:03
@rackneng (I reckon a Pine64 will also return `aarch64`)

2017-11-16 08:53
This may be in the docs, but I haven't seen it. Are you capable of deploying a Windows client OS?

greg
2017-11-16 12:26
Not in community. You would need to work with RackN. The problem is that we are still building up the patterns for that. Also it depends upon your starting windows position.

shane
2017-11-16 14:07
@chriscowley - thx for the uname's

yusuf.hussein
2017-11-16 15:02
@yusuf.hussein pinned a message to this channel.

dongluo.chen
2017-11-16 20:01
has joined #community201711

lae
2017-11-16 21:31
hmm...something in a recent update is causing our builds to fail here... ``` + /usr/local/bin/drpcli machines processjobs e6de1551-4be6-4b9c-b4bb-d960b39a2421 Segmentation fault ```

shane
2017-11-16 21:33
@lae are you using "tip"? what version?

shane
2017-11-16 21:33
can you do a `strings` on the drpcli binary ?

lae
2017-11-16 21:34
iteration is taking a while

shane
2017-11-16 21:34
sorry - don't do "strings" :slightly_smiling_face:

lae
2017-11-16 21:34
oh wait right it's on the drp server

lae
2017-11-16 21:34
hold on

shane
2017-11-16 21:34
I meant `file` to make sure binary architecture is right

lae
2017-11-16 21:34
so it's too late for me to get the original version that segfaulted

lae
2017-11-16 21:35
583d0f24e1fd02140603ce096421467f /var/lib/dr-provision/tftpboot/files/drpcli.amd64.linux but this was the md5sum

lae
2017-11-16 21:35
I updated to current tip and the segfault still occurs

lae
2017-11-16 21:36
and also yeah I checked that the arch was right: ``` + uname -a Linux (none) 4.1.15 #1 SMP Sun Aug 6 23:01:53 PDT 2017 x86_64 GNU/Linux ```

lae
2017-11-16 21:36
Right now I'm trying a provision with 3.2.1's binary

lae
2017-11-16 21:39
3.2.1 also segfaulted (trying 3.1.0 now)

lae
2017-11-16 21:40
I think the one that was previously working with this bootenv/stage was tip sometime after 3.1.0 :v

shane
2017-11-16 21:41
ok - I just deployed `tip` version on x86_64 linux (centos 7) - no problems

shane
2017-11-16 21:42
```root@demo:~/foo$ uname -a Linux 5min-drp-ewr1-00 3.10.0-327.22.2.el7.x86_64 #1 SMP Thu Jun 23 17:05:11 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux root@demo:~/foo$ ./drpcli version Version: v3.2.1-tip-41-6894ee85c5c018192ba9ce9b7378fd0fece724d7```

lae
2017-11-16 21:42
yeah centos 7 worked fine for me (used it for deploying atomic yesterday)

lae
2017-11-16 21:43
this is an in-house distro

shane
2017-11-16 21:43
cool

lae
2017-11-16 21:43
hmm

lae
2017-11-16 21:43
it still segfaulted

shane
2017-11-16 21:43
I did add some armv8 (aarm64) and armv7 (armv7l) architecture builds within the last few days - that includes modifications to the "install.sh" script to stick the "right" binaries in place for a "deployment" install

lae
2017-11-16 21:44
can something wrong with the tasks cause the segfault, you think?

shane
2017-11-16 21:44
I wouldn't think tasks or plugins would cause `drpcli` issues - maybe `dr-provision` binary ...

shane
2017-11-16 21:45
are you running the binary via PATH locating - or directly via fully qualified path ?

lae
2017-11-16 21:45
dr-provision?

lae
2017-11-16 21:45
or drpcli

shane
2017-11-16 21:45
it's drpcli you said that segfaulted, right ?

lae
2017-11-16 21:45
correct

lae
2017-11-16 21:46
`/usr/local/bin/drpcli machines processjobs "e6de1551-4be6-4b9c-b4bb-d960b39a2421"`

shane
2017-11-16 21:48
ok - so this is occurring on a Machine you're trying to provision during a stage, right ?

lae
2017-11-16 21:49
correct

shane
2017-11-16 21:49
are you able to manually run `drpcli` on the machine - say, just w/ the "version" flag ?

shane
2017-11-16 21:49
does it segfault then ?

shane
2017-11-16 21:50
or any other non "processjobs" actions

lae
2017-11-16 21:50
not interactively, I can add it to the template though, hold on

lae
2017-11-16 21:53
well, I added it but I also had redeployed dr-provision 3.2.1

lae
2017-11-16 21:53
so we'll see

shane
2017-11-16 21:53
ok

lae
2017-11-16 21:57
still segfaults

lae
2017-11-16 21:57
with version

shane
2017-11-16 21:58
you have access to the Machine ?

vlowther
2017-11-16 21:58
hm. Any stacktraces?

shane
2017-11-16 21:58
yeah - was hoping you could try and capture one off of the machine

lae
2017-11-16 21:58
access as in?

shane
2017-11-16 21:59
ssh

shane
2017-11-16 21:59
console

lae
2017-11-16 21:59
technically I'm attached to console, though it'll be a bit more effort to bring up an interactive one within this image

lae
2017-11-16 22:00
hold on lemme try something

lae
2017-11-16 22:01
the image is also probably going to be really limited though, I don't think strace will be in it

vlowther
2017-11-16 22:04
If it is not spitting out a stacktrace on the console, check dmesg to see if it has anything weird.

vlowther
2017-11-16 22:05
also, is it happening on just one machine or on more than one?

lae
2017-11-16 22:14
I need to make a separate bootenv/stage - will report soon

vlowther
2017-11-16 22:25
Also, if you have a core dump, I suppose now is as good a time as ever to learn how gdb and go binaries interact. :slightly_smiling_face:

vlowther
2017-11-16 22:25
And by now, I of course mean after I get home. :slightly_smiling_face:

lae
2017-11-16 22:39
alright

lae
2017-11-16 22:40
I should have paid more heed to this particular message:

lae
2017-11-16 22:40
``` # wget -O drpcli "$ProvURL/files/drpcli.amd64.linux" Connecting to 10.11.110.50:8091 (10.11.110.50:8091) wget: short write ```

lae
2017-11-16 22:41
``` # mount -t tmpfs -o size=1g tmpfs /tmp # cd /tmp # wget -O drpcli "$ProvURL/files/drpcli.amd64.linux" Connecting to 10.11.110.50:8091 (10.11.110.50:8091) drpcli 100% |*******************************| 20885k 0:00:00 ETA # md5sum drpcli 3200370360a384e28bd3ca3a54d2e5e8 drpcli # chmod +x drpcli # ./drpcli version Version: v3.2.1-0-2ab654478528d1ee59781f7d53bc8f8b9c6853dd ```

lae
2017-11-16 22:41
so basically / filled up when fetching drpcli

shane
2017-11-16 22:43
oye !

shane
2017-11-16 22:44
jeesh - drpcli is a pretty slim binary !!

lae
2017-11-16 22:45
there's too much code I didn't write to actually look through, but this is the first time I was running this bootenv (fireeye's appliance OS's manufacturing images) on this particular model of appliance, and I know that the manufacturing image does check for model and stuff so it might have, idk, made / a smaller fs than for other appliances that I know it's worked on

lae
2017-11-16 22:46
I actually had to make /tmp a tmpfs in order to run processjobs for other appliances anyway because of the code it pulled, might as well just drop drpcli there instead of /usr/local/bin

lae
2017-11-16 22:46
(due to lack of space)

lae
2017-11-16 22:47
time to upgrade drp back to tip

shane
2017-11-16 22:48
cool - glad it was a simple environment issue !

ekrueger
2017-11-16 23:56
has joined #community201711

lae
2017-11-17 00:14
so one thing i noticed but haven't had much chance to look into is that if the bootenv/stage is set to sledgehammer when a Machine boots up then it doesn't install SSH keys

lae
2017-11-17 00:15
I think that step might be missing on the sledgehammer stages specifically? (something about it being in control.sh in the discovery bootenv but that doesn't get used by sledgehammer last I looked)

shane
2017-11-17 01:10
@ekrueger welcome

shane
2017-11-17 01:10
ssh keys are not installed until after OS (bootenv) is installed - we do have an option to inject SSH keys in to Sledgehammer live boot - but it doesn't do that by default

shane
2017-11-17 01:10
@lae ^^

shane
2017-11-17 03:55
@chriscowley - I have an armv7 build done - it's not pushed for deployment yet - but if you have hardware you want to play with it on - let me know

greg
2017-11-17 20:53
@justin and @yusuf.hussein - this one is for you and all the others in the . :slightly_smiling_face: Tip has been updated to have DHCP Proxy support.

shane
2017-11-17 20:55
woot !

greg
2017-11-17 20:55
You can now build a subnet configuration (mostly so we don?t do it for everything) and set the Proxy flag to true. I don?t have a UI part for this, yet. You will need to use the CLI. UX coming.

greg
2017-11-17 20:56
`drpcli subnets update mysubnet '{ "Proxy": true }'`

greg
2017-11-17 20:57
This will turn the subnet into something sends pxe client proxy DHCP messages to hosts to send boot information. The important options (though others can be sent) are the bootfile (67) and the nextserver (DRP Endpoint IP).

greg
2017-11-17 20:57
I?ve tested this in virtualbox. I?d be interested in how this works for y?all.

shane
2017-11-17 20:58
and for @chriscowley - we have arm64 (v8) and arm_v7 (32 bit - armv7l) builds in the release

greg
2017-11-17 20:58
oh - yeah - that is in tip as well. :slightly_smiling_face:

shane
2017-11-17 20:59
So ... RaspberryPI and ODroid on, my friends !! (and anything else ARMy)

greg
2017-11-17 21:11
UX can now set proxy as well.

yusuf.hussein
2017-11-17 21:31
Thanks greg

yusuf.hussein
2017-11-17 22:38
i am getting error when i am turning on proxy

yusuf.hussein
2017-11-17 22:38
[root@rackn dr-provision-install]# ./drpcli subnets update mysubnet '{ "Proxy": true }' Error: GET: subnets/mysubnet: Not Found

yusuf.hussein
2017-11-17 22:38
not sure if am doing correct

shane
2017-11-17 22:39
"mysubnet" refers to a subnet you create in a previous step

shane
2017-11-17 22:39
your subnet name will likely be different

yusuf.hussein
2017-11-17 22:41
thanks shane

yusuf.hussein
2017-11-17 22:41
my fault

yusuf.hussein
2017-11-17 22:41
it works

shane
2017-11-17 22:42
`drpcli subnets list | jq '.[].Name'`

shane
2017-11-17 22:42
that gives the name of all subnets on your DRP endpoint

yusuf.hussein
2017-11-17 22:54
what is jq ?

vlowther
2017-11-17 22:59
jq is a JSON swiss army knife.

vlowther
2017-11-17 22:59

vlowther
2017-11-17 23:00
We use it basically everywhere we need to mess with JSON on the commandline

yusuf.hussein
2017-11-17 23:07
thank you

wdennis
2017-11-20 02:21
3-

shane
2017-11-20 02:21
7*

zehicle
2017-11-20 03:27
21-

wdennis
2017-11-20 03:30
New math :stuck_out_tongue_winking_eye:

shane
2017-11-20 03:46
Really? @zehicle you had to edit your answer? :face_with_rolling_eyes:

zehicle
2017-11-20 03:46
I'm rusty on my reverse polish

shane
2017-11-20 03:46
lol

zehicle
2017-11-20 03:47
although, my original answer is what would have been the output

wdennis
2017-11-20 14:08
Hi gang :wave: Can we talk about imaging to disk as an OS deployment method?

greg
2017-11-20 14:26
We can.

wdennis
2017-11-20 14:59
So, we have an OS image deployment process that goes like this:

wdennis
2017-11-20 15:01
1) Make a ?gold-master? OS install image on a small HDD via manual config/Ansible, and then saving an image via Clonezilla (FOSS image capture/restore program)

wdennis
2017-11-20 15:01
2) Image the target system disk (almost always much bigger than the image) with aforementioned gold master image

wdennis
2017-11-20 15:02
3) ^^^ is done via a ?LiveCD? ram OS, usually machine booted via a USB key, but also could be PXE - Then after the image is laid down on the machine?s internal HDD, must manually fire up GParted, and resize the partitions to a) create appropriate swap part/n, and b) resize other existing partition to appropriately fill the target disk

wdennis
2017-11-20 15:03
4) Once that is all done, run Ansible from the Live CD (pulling down playbooks from Git) and run them against the target disk which is mounted chroot (which is interesting, as some Ansible ?facts? relate to the in-mem OS, not the target disk OS? So we have to set/use custom facts)

wdennis
2017-11-20 15:04
So, do you folks have a better way to deploy an image to a different size target disk? Or do you assume the target disk is same size as image disk?

ctrees
2017-11-20 16:29
@wdennis so why not PXE a 'release' image, then just ansible it via workflow ?

ctrees
2017-11-20 16:31
I ask as I seem to be messing with the same workflow as you. In my case, I'm attempting to match the Universities 'training of students' to some governmental 'service' companies

greg
2017-11-20 16:31
@wdennis - I?ll try and get back to this as well. On call for a while.

shane
2017-11-20 16:32
@ctrees one big reason not to do it that way - if you do installs based on PKG systems - you must host and carefully control every single package in your own hosted repo. Otherwise, you end up with unknown version numbers and releases of pkgs installed on the Machine.

shane
2017-11-20 16:32
in some environments - especially with large scale systems (1000s to 10000s) - you can NOT afford to be uncertain about an OS deployment with various versions of PKGs installed - and subtle bugs/interactions with your application and services

ctrees
2017-11-20 16:35
Yea, I figured so (which is why I'm looking into this also) but unless you normalize H/W (which is almost impossible now-days)... you still end up with a blizzard of snowflakes :wink:

ctrees
2017-11-20 16:39
I'm debating on where to cut the boundaries for 'the next major update' for these governmental systems but make sure the University grads can service the infra... but what @wdennis describes seems to be what the 'current pattern' is for the companies... storage seems to be the PIA

shane
2017-11-20 16:43
the Image deployment pattern is a major component of Immutable Infrastructure - which is a pattern popularized (not invented) in Cloud - with instantiating a VM - use it, update your VM images - then blow away VM, and re-instantiate it ... sort of workflow

shane
2017-11-20 16:44
there have always been similar Image (both raw image and filesystem image) capabilities in several deployment tools for decades that follow the "Gold Image" pattern and Immutable Infrastructure - what you do **after** the initial install is what dictates whether you're following those principles or not

shane
2017-11-20 16:44
if you PKG upgrade things in place after install - you are NOT following Immutable Infrastructure patterns

shane
2017-11-20 16:44
if you nuke a machine and redeploy when you need to update - you are

shane
2017-11-20 16:45
how you get to a common set of OS, supporting pkgs, and apps - can vary - but the goal is to guarantee WHAT is installed (precisely), along with how you operate that infra after the fact

wdennis
2017-11-20 17:59
@shane @ctrees I wouldn?t call what we are doing ?immutable? - it?s just a OS install acceleration mechanism in our case

wdennis
2017-11-20 18:00
?Immutable? to me means ?read-only?

wdennis
2017-11-20 18:01
Maybe with COW technology, one could deploy an OS image which would be immutable, but then changes, OS state persisted to files, etc would go into a writeable layer on top

zehicle
2017-11-20 18:02
to me "immutable" means only initial configuration. No patch/upgrade. so, it's read only after the initial configuration.

wdennis
2017-11-20 18:02
Not sure if that?s a thing on bare metal

zehicle
2017-11-20 18:03
even cloud immutable & containers get initial configuration before they start taking workload. once they are running, there's nothing in the system that cannot be thrown away

wdennis
2017-11-20 18:03
@zehicle Enforced read-only, or by convention?

zehicle
2017-11-20 18:03
by convention

zehicle
2017-11-20 18:03
and the fact that the systems can be destroyed at any time

wdennis
2017-11-20 18:04
Yes, ok

wdennis
2017-11-20 18:04
Not like a memory-booted system then, but actual bits on disk?

zehicle
2017-11-20 18:05
either way. same effect.

zehicle
2017-11-20 18:05
I did a post about this.... looking it uyp


wdennis
2017-11-20 18:07
Gentlemen?s agreement that local machine state past initial boot/provisioning is ephemeral, right?

wdennis
2017-11-20 18:08
I see the utility in that

shane
2017-11-20 18:12
Immutable Infrastructure as applied to OS and App deployment (generally) separates out the state in 3 layers: 1. OS deployment guaranteed to be the same across all deployments/machines 2. OS state is separate (this includes configuration elements to make a VM or Machine "operate" correctly) 3. application state separated out from deployment/provisioning activities Usually - the "application state" part is via "cloudy" based services (eg highly replicated technologies) - such that any given Application instance can be destroyed, and the state can "carry on" beyond the death of the individual VM/Machine

shane
2017-11-20 18:12
you can consider these "layers", but they don't have to be enforced in a layered filesystem model - but Containers very much adhere to this principle with layers

wdennis
2017-11-20 18:17
We actually have another cluster here wherein the base OS comes in via PXE, and runs memory-resident, but the nodes also have disk in them to persist certain state

greg
2017-11-20 18:52
Well immutable infrastructure not withstanding. I?ve started looking at your steps, @wdennis. I think those are possible and I?ve started that process. With regard to immutable or not. I think DRP should enable all the insanity possible, but encourage best practices. Soooo. all 4 steps are actually allowed and done in some of the experimental imaging stuff I?ve been doing.

ctrees
2017-11-20 18:56
... I'll sign up to build, use, document and rebuild the path blazed by @greg and @wdennis :wink: I've been coming up to speed on sphinx

shane
2017-11-20 18:57
Sweet. I've updated the document on documentation in "latest"

ctrees
2017-11-20 19:02
ok... I think I follow the doc patterns... I used your 5min demo for both doc gray and mailservices, they had a few general questions like 'why sphinx' and why not just md (as kubespay seems to use)... then github has pages.github.com.... (they really don't care that much other than 'choice motivation'

wdennis
2017-11-20 20:04
@greg The sticking point with our imaging process is the manual resizing of partitions after imaging the target disk (as well as creating a swap part?n based on RAM size) - love to hear any ideas for automating that

greg
2017-11-20 20:08
Okay - soooo - I?ve started working on this by using the CoreOS ignition tool with some helpers.

greg
2017-11-20 20:08
It also depends upon what imaging technique you are using.

greg
2017-11-20 20:09
well - backing up.

greg
2017-11-20 20:09
First, This can be done as a task in sledgehammer.

wdennis
2017-11-20 20:12
We use ?Clonezilla? live via PXE-boot ( http://clonezilla.org )

wdennis
2017-11-20 20:20
@greg Is CoreOS Ignition usable as a post-imaging tool? Looks to me from what I?m reading as a pre-install prep tool, as well as an installer...

greg
2017-11-20 20:27
I?ve added imaging capabilities to it.

greg
2017-11-20 20:27
so, you can do pre/post and install.

greg
2017-11-20 20:27
clonezilla looks interesting.

greg
2017-11-20 20:28
An interesting thing is that you could build a clonezilla bootenv with custom templates to restore and/or backup systems.

wdennis
2017-11-20 20:54
Oh sure

2017-11-20 22:28
Can I change the name of a discovered machine?

greg
2017-11-20 22:30
Yes - only through the cli and API (not the UX) currently.

greg
2017-11-20 22:30
`drpcli machines update <uuid> '{ "Name": "newname" }'`

2017-11-20 22:31
Ah thanks

zehicle
2017-11-21 04:51
@ctrees we did use markdown for a while - switching to RST and Sphinx lets us use readthedocs and have all the awesome xref, index and PDF features that come with treating the docs like a book.

wdennis
2017-11-21 13:35
Did not notice an announcement that there?s a v3.3 (new stable) out now?

ctrees
2017-11-21 13:39
I think the community meetup is still on for ?? Wed ??

wdennis
2017-11-21 13:41
idk

greg
2017-11-21 13:41
Today. Sorry about that. Finished it yesterday but had to take care of some family things. Will discuss it today


greg
2017-11-21 13:41
Every other Tuesday

wdennis
2017-11-21 13:42
thx

wdennis
2017-11-21 13:42
Anyways, no problem, just wondered if I missed the announcement?

greg
2017-11-21 13:43
The short of it is. Small release Minor bump is because I tweaked the api in subnets. Addition of field that defaults to good value.

wdennis
2017-11-21 13:44
I see from commits that Swagger is going away soon?

greg
2017-11-21 13:45
The cli generate from swagger. It is a pain. Bloated and wrong. We will talk about that to.

wdennis
2017-11-21 13:45
OK

greg
2017-11-21 13:45
Too

wdennis
2017-11-21 17:09
Could I get some help configuring the IPMI plugin?

shane
2017-11-21 17:57
In just about an hour, we'll be hosting the v005 Digital Rebar online meetup - lots to discuss around new features, the new v3.3 release, content use case, documentation, etc... check out Agenda items, along with links to the meetup zoom URL, at: https://docs.google.com/document/d/1EDme5I05Sxwe111iluQDa1E-OiLY0xkKTCEn7bQIvfA


shane
2017-11-21 17:58
^^^^^^


zehicle
2017-11-21 19:17
a very very simple version of the runner

carl
2017-11-21 20:02
A discussion point for next week unless it's already been covered: UEFI support (it's sadly becoming a problem for me, and will be required for most commercial ARM platforms)

shane
2017-11-21 20:02
we have discussed it very briefly - but have not focused on it much

shane
2017-11-21 20:03
UEFI PXE options

shane
2017-11-21 20:04
In your `subnets` specification - you'd set DHCP options similarly. We also support the use of the Golang Template language within the subnets/DHCP options to do interesting things - namely change which PXE file is provided based on the options we receive from a Machine

shane
2017-11-21 20:04
around the Nov13th time frame there was discussion here in #community you might want to review and see if that helps ?

shane
2017-11-21 20:15
Also discussed in today's meetup was the Runner/Workflow system - here's the drawing:

shane
2017-11-21 20:16
@shane uploaded a file: https://rackn.slack.com/files/U6QFVRJNB/F83QJ667M/digital_rebar_runner_workflow.pdf and commented: From 2017/11/21 DRP v005 meetup discussion.

carl
2017-11-21 20:20
Good to know. Thanks!

wdennis
2017-11-21 20:25
@shane Could I get some help configuring the IPMI plugin? (are there any docs on this?)

shane
2017-11-21 20:27
I don't think there are docs

wdennis
2017-11-21 20:28
I installed the plugin, "activated" it, and have set a param on it for password

wdennis
2017-11-21 20:29
Not sure what else might need to be done, but big issue is how to apply it to the machines...

shane
2017-11-21 20:29
which param

wdennis
2017-11-21 20:29
`ipmi/configure/password`

shane
2017-11-21 20:30
I haven't played w/ the IPMI plugin much lately - but I'm guessing you also have to set a username and machine IP address

shane
2017-11-21 20:30
so you'd have to create either a set of Params you apply to a machine - or a profile which has those settings - per machine

wdennis
2017-11-21 20:31
There's only one entry in Systems > Plugins, correct?

wdennis
2017-11-21 20:34
Corresponding to this from drpcli: ``` [dradmin@dr-admin ~]$ drpcli plugins list [ { "Available": true, "Errors": [], "Name": "ipmi", "Params": { "ipmi/configure/password": "xxxxxxx" }, "PluginErrors": [], "Provider": "ipmi", "ReadOnly": false, "Validated": true } ] ```

shane
2017-11-21 20:35
:slightly_smiling_face:

shane
2017-11-21 20:35
other params: `ipmi/configure/username`

shane
2017-11-21 20:35
`ipmi/address`

wdennis
2017-11-21 20:35
If they are all the same across my hosts, I can set the param values in the plugin, correct?

shane
2017-11-21 20:37
ah - so the ones w/ `configure` in them are for bootenv install time to SET the username/password parameters (etc.)

shane
2017-11-21 20:38
are you just looking to add power management controls ?

wdennis
2017-11-21 20:38
Yes, power cycle, next boot pxe, etc

wdennis
2017-11-21 20:42
I don't see how to "enable" a host for IPMI (and get the power controls in the UX for the host)

wdennis
2017-11-21 20:55
@shane Any idea?

shane
2017-11-21 20:58
discussing it - I haven't played with this plugin - my work to date has only been in packet - which is very different enabling it

shane
2017-11-21 20:58
I am very familiar w/ BMCs and IPMI management - just checking out how to do this properly w/in the product right now

wdennis
2017-11-21 20:58
Cool, thx

shane
2017-11-21 21:00
sadly - I don't have any hardware to really test this against ... so reading code, and what not

wdennis
2017-11-21 21:03
I'm using `ipmitool` outboard right now to kick the machines, like to control them from the UX (a la Rob's recent terraform vid)

shane
2017-11-21 21:03
yep

wdennis
2017-11-21 21:04
maybe it isn't integrated into the UX yet?

shane
2017-11-21 21:05
there's the `task` named `ipmi-configure` which implements the actual configuration which would happen as a stage - there are templates which are used for the configure

shane
2017-11-21 21:05
but looking at pure power management - I think the only 3 params that matter are: `ipmi/address` `ipmi/username` `ipmi/password`

shane
2017-11-21 21:06
you need these applied to a Machine - which then should enable the IPMI power actions in the UX

shane
2017-11-21 21:06
username and password can be a profile - that you apply (even in `global` if you wanted to apply to everything)

wdennis
2017-11-21 21:06
Cool, I have all three set on one of my machines - however, no IPMI buttons showing up...

shane
2017-11-21 21:06
address would have to be a per-Machine param

wdennis
2017-11-21 21:06
yes

vlowther
2017-11-21 21:07
It looks like setting ipmy/enabled, ipmi/username, ipmi/password, and ipmi/address to the proper values on each node (via profile for all but address, which is definitly node-specific) is what is required

vlowther
2017-11-21 21:07
the ipmi-configure task will do that

vlowther
2017-11-21 21:07
if you have existing settings, it looks like ipmi/configure/network=false and ipmi/configure/user=false params will keep the ipmi-configure task from mucking about with your settings.

wdennis
2017-11-21 21:07
Ah, `ipmi/enabled`...

wdennis
2017-11-21 21:07
Let me try setting that

shane
2017-11-21 21:08
make sure you're profile applies the `ipmi/configure/...=false` settings as @vlowther mentioned for safety reasons, too

wdennis
2017-11-21 21:10
OK, now without doing anything... The IPMI buttons are showing up on the machine

vlowther
2017-11-21 21:10
As expected.

wdennis
2017-11-21 21:10
(Perhaps I moved off the machine screen and then back on?)

wdennis
2017-11-21 21:11
When I clicked "Reboot" I got a popup saying "Action Error"

greg
2017-11-21 21:11
The ipmi plugin requires no parameters. The configure parameters would need to be on a machine.

wdennis
2017-11-21 21:12
Just these three? ``` "ipmi/address": "testnode01-ipmi", "ipmi/password": "xxxxxxx", "ipmi/username": "root" ```

shane
2017-11-21 21:13
might be dns problem w/ ipmi address resolution ?

shane
2017-11-21 21:13
from command line on DRP Endpoint - does that short name resolve correctly ?

wdennis
2017-11-21 21:13
yes

wdennis
2017-11-21 21:14
```[dradmin@dr-admin ~]$ dig testnode01-ipmi ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> testnode01-ipmi ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31366 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;testnode01-ipmi. IN A ;; ANSWER SECTION: testnode01-ipmi. 1 IN A 192.168.1.161 ;; Query time: 0 msec ;; SERVER: 192.168.1.254#53(192.168.1.254) ;; WHEN: Tue Nov 21 11:57:16 EST 2017 ;; MSG SIZE rcvd: 60 ```

shane
2017-11-21 21:14
can you confirm that `ipmitool -U root -P xxxxx -H testnode01-ipmi chassis power status` runs successfully **from** the DRP Endpoint ?

wdennis
2017-11-21 21:18
Interesting... I usually don't use the `-P` param (if you omit it, it asks for the password interactively)... When I passed it, here's what I see: ```[dradmin@dr-admin ~]$ ipmitool -I lan -H testnode01-ipmi -U root -P xxxxxxx -a chassis power status Password:```

wdennis
2017-11-21 21:19
If I just hit <CR> at the password prompt, I get a fail: ```[dradmin@dr-admin ~]$ ipmitool -I lan -H testnode01-ipmi -U root -P xxxxxx -a chassis power status Password: Activate Session command failed Error: Unable to establish LAN session Error: Unable to establish IPMI v1.5 / RMCP session```

vlowther
2017-11-21 21:19
-I lanplus

vlowther
2017-11-21 21:20
and -a?

wdennis
2017-11-21 21:20
same diff...

wdennis
2017-11-21 21:20
Let me add `-a`

shane
2017-11-21 21:20
can you `ping testnode01-ipmi` ?

wdennis
2017-11-21 21:21
Nope, still asking for password

wdennis
2017-11-21 21:21
@shane - I can, it resolves the IP, but the IPMI interface doesn't allow pings

wdennis
2017-11-21 21:22
```[dradmin@dr-admin ~]$ ping testnode01-ipmi PING testnode01-ipmi.necla.lab (192.168.1.161) 56(84) bytes of data. ^C --- testnode01-ipmi.necla.lab ping statistics --- 9 packets transmitted, 0 received, 100% packet loss, time 7999ms```

wdennis
2017-11-21 21:22
But, I know IPMI works when I use `ipmitool` with user & password

greg
2017-11-21 21:22
remove the `-a`

wdennis
2017-11-21 21:23
duh

wdennis
2017-11-21 21:23
```[dradmin@dr-admin ~]$ ipmitool -I lanplus -H testnode01-ipmi -U root -P xxxxxx chassis power status Error: Unable to establish IPMI v2 / RMCP+ session```

wdennis
2017-11-21 21:24
This *is* a fairly old box; a PowerEdge 860 circa 2009...

wdennis
2017-11-21 21:25
Needs to use IPMIv2, huh?

vlowther
2017-11-21 21:25
So far it just looks like the dr-admin box cannot talk to that IPMI controller.

vlowther
2017-11-21 21:26
unless I missed somethbing in the backscroll.

wdennis
2017-11-21 21:26
No, I can talk to it via IPMIv1.5...

vlowther
2017-11-21 21:26
Well then.

vlowther
2017-11-21 21:27
We may need to make the IPMI protocol configurable. :slightly_smiling_face:

wdennis
2017-11-21 21:27
```[dradmin@dr-admin ~]$ ipmitool -I lan -H testnode01-ipmi -U root -a chassis power status Password: Chassis Power is on```

vlowther
2017-11-21 21:27
IIRC, we have lanplus hardcoded right now

wdennis
2017-11-21 21:27
ah

greg
2017-11-21 21:27
yes

vlowther
2017-11-21 21:28
due to lan being old, trivially crackable, and the 9 and 10gen box we started dev on way back in the day supporting lanplus. :)\

wdennis
2017-11-21 21:28
OK, then maybe only supporting `lanplus` is reasonable then :slightly_smiling_face:

wdennis
2017-11-21 21:29
notes to self must get more recent test platforms...

wdennis
2017-11-21 21:30
I do have a PE R320 with standard iDRAC on my testbed, lemme try that...

vlowther
2017-11-21 21:35
note that lanplus is also crackable, but it is at least possible to makei it harder to do so

vlowther
2017-11-21 21:41
http://fish2.com/ipmi/cipherzero.html <-- for your viewing pleasure

wdennis
2017-11-21 21:55
@vlowther thx

wdennis
2017-11-21 21:55
shudders

wdennis
2017-11-21 21:56
Yay, working platform!

shane
2017-11-21 21:56
cool - we'll add an option to configure the IPMI Interface type to use

wdennis
2017-11-21 21:57
note to find more recent Dell platforms for testbed

2017-11-21 21:57
Time to feed the :bear:!

wdennis
2017-11-21 21:59
@vlowther @greg What does "Disk" impi plugin button do?

wdennis
2017-11-21 22:00
(and why is "PXE' represented as a paperclip??)

greg
2017-11-21 22:00
Set next boot pxe to disk

wdennis
2017-11-21 22:00
ah ok

shane
2017-11-21 22:02
@wdennis what would you represent "PXE" as in icon form ?

wdennis
2017-11-21 22:23
Tinkerbell?s shoe (the one with the little Pom-Pom on the tip) :stuck_out_tongue_winking_eye:

wdennis
2017-11-21 22:24
?Pixie?, get it? Huh huh huh

shane
2017-11-21 22:37
Yep

ctrees
2017-11-22 16:09
so @wdennis @greg from what I gather, sledgehammer or ?? CoreOS Ignition ?? could preform a / the clonezilla compatible process as a 'task'... I'm assuming the goal could be both to 'create' and / or 'restore' a backup image....

ctrees
2017-11-22 16:18
seems if a sledgehammer task was to 'restore' a clonezilla created image to local disk, that then fits into @wdennis current infra with no change ? ( just coming up to speed on what you both are thinking )

vlowther
2017-11-22 16:24
@wdennis also, the PE860 is 2006, not 2009. :slightly_smiling_face:

greg
2017-11-22 16:44
Yes- I wasn?t looking at clonezilla as the starting point, though that might work. It has some custom tools.

greg
2017-11-22 16:44
I was looking more at Hashicorp?s Packer tools.

wdennis
2017-11-22 16:48
@vlowther how time flies...

wdennis
2017-11-22 16:49
@greg what format is a Packer image?

greg
2017-11-22 16:49
Packer can generate rootfs tgzs, raw disks, amis,

greg
2017-11-22 16:49
from the same config

wdennis
2017-11-22 16:50
Hmmmm... nice

greg
2017-11-22 16:50
So, the imaging tasks I?m looking potentially use ignition and an config file generated by template.

wdennis
2017-11-22 16:50
And the image format?

greg
2017-11-22 16:51
The template defines disks, partitions, sw raid, images, filesystems, and possible files.

greg
2017-11-22 16:51
With resize operations.

greg
2017-11-22 16:51
It is a bit of a side project, but kinda works.

greg
2017-11-22 16:51
The main issue I?m working on right now is get the systems to boot using syslinux bootloaders. May need to switch.

greg
2017-11-22 16:51
The goal would be to allow for windows images as well.

greg
2017-11-22 16:52
Since packer generates both raw disk, raw partition, and filesystem tarballs you can do both.

wdennis
2017-11-22 16:52
I think it?s great that you are working on this...

greg
2017-11-22 16:53
The idea is that you could build an ignition+ template that defines the partition layer, the filesystem type, and then the image tarball for each partition.

greg
2017-11-22 16:53
That would be one level.

greg
2017-11-22 16:53
You could also get a raw disk image with a resize to fill disk option.

greg
2017-11-22 16:53
or a partition option as well.

wdennis
2017-11-22 16:53
FS tarballs could be restored without mucking with partition resizing

greg
2017-11-22 16:54
yes

wdennis
2017-11-22 16:54
Love it

greg
2017-11-22 16:54
Still aways off. I have most of the imaging pieces. I?m still fighting with getting the systems to boot.

greg
2017-11-22 16:54
May have to switch from syslinux based bootign to grub2 based booting.

greg
2017-11-22 16:55
And windows sucks.

wdennis
2017-11-22 16:55
On that we can all agree :)

wdennis
2017-11-22 17:03
@greg looking at Packer docs; what Builder type do you use to create the FS tarballs?

shane
2017-11-22 17:07
packer is a pretty nice tool - it's possible to make images that can be used for VMs and baremetal from the same base code - so you can have consistency across your infrastructure ...

greg
2017-11-22 17:09
Not sure - I know it can be done though.

wdennis
2017-11-22 17:11
Hmmm... wonder how this can be done?

shane
2017-11-22 17:13
the Hashi docs are always awful - they miss about 50 to 75% of functionality - and they don't provide any actually useful examples

shane
2017-11-22 17:13
you have to resort to googley-oogly searches to find real info on most of their products

shane
2017-11-22 17:13
packer is the same - absolutely bare minimal documentation

shane
2017-11-22 17:14
(yeah, I know - glass houses, stones, and all of that ... )

wdennis
2017-11-22 17:18
Power of.... _Google!_

shane
2017-11-22 17:19
Tarball is a post processor, it's not done as a builder

greg
2017-11-22 17:20
yeah - it is complex but pretty powerful.

shane
2017-11-22 17:23
ultimately - packer basically "spins up" ... something ... that's a "builder" ... then you do "stuff" via their DSL (or a "provisioner"). Then you do something with the build - that's the "post processor" part. you can do some pretty cool full CI/CD workflow with it - define, create, configure, deploy, test, create artifacts (eg tarball, raw, etc), then tear down the builder

shane
2017-11-22 17:27
it'll also do staging of your artifacts to "places" - registries, repos, etc.

shane
2017-11-22 17:28
there are a number of non-Hashi maintained plugs too - so there's a lot more out there that you can do - than what you find on Hashi website

wdennis
2017-11-22 17:29
Yup, got that - have played with Packer a bit to build images for AWS and DO

wdennis
2017-11-22 17:32
Someone asked on the Packer Google Group about a builder for bare metal targets (Sep 5 2017 post), someone else answered that Packer only targets cloud providers & hypervisors that support snapshot images

shane
2017-11-22 17:33
building an image is a different thing than creating artifacts to deploy bare metal from ...

shane
2017-11-22 17:33
but most of the Hashi tools are "cloud centric" ...

wdennis
2017-11-22 17:34
Doesn?t sound like quite the right tool for the job...

wdennis
2017-11-22 17:34
I thought from what @greg said that you guys had it working tho

shane
2017-11-22 17:35
we have indeed used it in the past - I'm not sure in what capacity - since I haven't used it w/in RackN - I used it at my previous 2 gigs

greg
2017-11-22 17:43
I said I can deploy tgz fs images, raw disk images, or partition images. Where those come from is up to you. I?ve worked with people who have used packer to generate those.

wdennis
2017-11-22 17:43
Well, I?ll wait to see what you guys come up with...

wdennis
2017-11-22 17:43
@greg oh, misunderstood then...

greg
2017-11-22 17:44
What I can?t do is currently boot the system consistently afterwards. That is why this isn?t finished.

greg
2017-11-22 17:44
We worked with one customer to image-based installs. Generated a very custom system for them. I?ve been looking at generalizing that for wider consumption. I?m not done and may not be done for a while.

wdennis
2017-11-22 17:45
Got it

2017-11-22 17:46
so curious whats used to tie the rebar backend to deploy systems, to say the customer facing side... from a hosting/server reseller perspective.....

2017-11-22 17:47
we want say customer A to be able to login / order/ pay and spin up both physical hardware and XenServer VMs

shane
2017-11-22 17:47
@wdennis - here's an example of how someone is using packer/docker/and tooling to extract rootfs for http://packet.net images: https://github.com/packethost/packet-images

wdennis
2017-11-22 17:50
Very interesting

wdennis
2017-11-22 17:51
Those Packet folks got it going on...

greg
2017-11-22 17:54
@outbackdingo - DRv2 used to have a multi-tenant system to handle some of this. We found it complex and people weren?t using it. So, in DRP, we don?t have that for now. We?ll see if it needs to grow one. DRP does have a object-level restriction system, but using it for multi-tenancy could be a stretch. Doable, but a stretch.

2017-11-22 17:57
@greg so when looking at say hetzner OVH, and every other server/hosting provider out there, what in heck are they using to deploy for clients in the backend... ive looked high and low

greg
2017-11-22 18:01
@outbackdingo - well - not sure. I can guess. I suspect most roll their own in some way shape or form.

greg
2017-11-22 18:01
If I were doing it, I would actually use DRP as part of the solution.

2017-11-22 18:02
@greg yes DRP i plan to try to deploy tonight... wheres the guide again

2017-11-22 18:03
ive contemplated rolling something from ansible / terraform

2017-11-22 18:03
but id figure someones already selling something like this for hosting providers

greg
2017-11-22 18:03
For an SP or HP, you would need a billing system, user/identity/control system, and a provisioning system. I would start them as three separate services than the user/identity control system drive the billing and the provisioning systems. But that is high-level fluff version.

greg
2017-11-22 18:03
:slightly_smiling_face:

2017-11-22 18:04
yeah from the old web hosting only days... WMHCS... blah......


2017-11-22 18:12
@greg Debian 9 host of to deploy? or CentOS 7 better?

2017-11-22 18:13
i prefer FreeBSD.... but.......

2017-11-22 18:13
its all in docker containers still right ?

shane
2017-11-22 18:13
No docker

greg
2017-11-22 18:13
no - single go binary

2017-11-22 18:13
ok... nothing here says what server os should be

shane
2017-11-22 18:14
(unless you want to stick the golang binary in one for fun)

shane
2017-11-22 18:15
Any Linux distro that is running on 64 bit hardware will work.

shane
2017-11-22 18:15
We do recommend centos or Ubuntu as we test on that

2017-11-22 18:15
ok Debian VM it is

shane
2017-11-22 18:17
Debian should work fine, the installer verifies dependencies and takes care of them, I think Debian is working in installer

2017-11-22 18:37
ok how to i stop these damn console messages scrolling by

2017-11-22 18:37
jeeez

2017-11-22 18:39
and why is this giving an error ./drpcli machines bootenv 59bcca1e-7cfb-4ab4-ae2c-7e5475205b36 centos-7-install Error: ValidationError: machines/59bcca1e-7cfb-4ab4-ae2c-7e5475205b36: Can not change bootenv while in a stage unless forced. old: sledgehammer new centos-7-install

greg
2017-11-22 18:43
The first is because you ran in isolated mode and it logs those messages to stdout/stderr. Under production those go to systemctl logging.

greg
2017-11-22 18:43
Second, you need to change the machines stage instead of bootenv. Setting the stage will set the bootenv.

greg
2017-11-22 18:43
Same command change ?bootenv? to ?stage?

2017-11-22 18:46
ok...install doing a centos automated install on an XenServer template

2017-11-22 18:47
interesting....

2017-11-22 18:47
lets see what happens when its done

2017-11-22 18:49
Nice UI by the way... very nice

greg
2017-11-22 18:49
@zehicle will like to hear that. :slightly_smiling_face:

greg
2017-11-22 18:50
Did you do workflows?

2017-11-22 18:52
@greg uhoohhh ? workflows ?

2017-11-22 18:52
i followed the guide

greg
2017-11-22 18:52
well - it may cycle.

greg
2017-11-22 18:52
because you didn?t tell it what to done when done installing.

greg
2017-11-22 18:52
I have a fix for that coming, but it isn?t ready yet. maybe next week.

greg
2017-11-22 18:52
Anyway,

greg
2017-11-22 18:53
In workflows, you want to add centos-7-install -> complete-nowait Success

2017-11-22 18:53
hah... docs stated Reboot your Machine - it should now kick off a BootEnv install as you specified above. watch the console, and you should see the appropriate installer running the machine should reboot in to the Operating System you specified

greg
2017-11-22 18:53
That last bit may not work. :neutral_face:

greg
2017-11-22 18:54
it should, but may not.

2017-11-22 18:54
and it seems sitting there at running post-installation scripts

2017-11-22 18:54
so where do i update this workflow

greg
2017-11-22 18:54
In the UX, under workflows

greg
2017-11-22 18:55
next to the add step button, `From Stage` should be `centos-7-install`. `To Stage` should be `complete-nowait` and leave success.

greg
2017-11-22 18:56
Then click the add step button.

2017-11-22 19:05
shouldnt success be reboot ?

2017-11-22 19:21
still seems stuck sitting there at running post-installation scripts

2017-11-22 19:28
@greg seems no joy

2017-11-22 19:29
darn and i was hping to deploy 3 kubernetes nodes tonight....

2017-11-22 19:55
ok seems even the ubuntu install is broken... at least here for some reason... it states no root filesystem is defined

greg
2017-11-22 19:57
No on reboot. We want the install stage to finish its install instead of us rebooting the system.

greg
2017-11-22 19:58
You can check jobs tab to see if anything failed. It might give hints.

2017-11-22 19:59
centos-7-install Start complete-nowait Success (remove step)

greg
2017-11-22 19:59
The no root FS message indicates an LVM install that isn?t cleared. We have a stage for that now.

greg
2017-11-22 20:00
It is a more complex workflow.

2017-11-22 20:02
im shpwing notthing in failed jobs and no successfulinstalls

2017-11-22 20:05
this cant be that broken, iv e got to be doign something wrong here

2017-11-22 20:27
tried this 8 times now... same result.... nothing installs completely

2017-11-22 20:46
guess its time to nuke the install and try not using TIP

2017-11-22 21:14
grrrrr.... same result....

2017-11-22 21:20
@greg ok maybe im beingg dumb but following the quck start results in 0 vms getting installed properly so where is my screw up :)

shane
2017-11-22 21:37
@outbackdingo - I can give you a hand, but it'll be 2 hrs before I can - traveling right now

greg
2017-11-22 21:48
@outbackdingo - to start, lets recap. You have tip installed. You have VMs discovered through sledgehammer. You then change stage to centos-7-install. That appears to hang in post-install process.

greg
2017-11-22 21:49
Two things - I suspect that the stages and their subtly are getting you. Also, I suspect that you may need more stages.

greg
2017-11-22 21:52
the last one is to address the ubuntu issue.

greg
2017-11-22 21:55
We should set up some things.

greg
2017-11-22 21:55
1. ssh keys for access before and after install.

greg
2017-11-22 21:56
from the cli do this: ```drpcli profiles set global param access-keys to '{ "galthaus": "ssh-rsa bigkeyhere galthaus@Gregs-MacBook-Pro.local" }'```

greg
2017-11-22 21:56
`galthaus` is just a string to identify the key. The second part is the part that will go in the `authorized_keys` file.

greg
2017-11-22 21:56
Next, we need to make sure the workflows are good to go.

greg
2017-11-22 22:00
This is the workflow I use for some of this stuff. 1 Go to UX workflow screen. 2. remove all steps. 3. add these. a. discover -> sledgehammer-wait success b. prep-install -> centos-7-install reboot c. centos-7-install -> complete-nowait success

greg
2017-11-22 22:01
4. Remove the machines from DRP (destroy cli or UX delete) 5. Boot a VM. See that it goes through discover and sits in sledgehammer-wait

greg
2017-11-22 22:02
Once the machine gets to `sledgehammer-wait` stage

greg
2017-11-22 22:03
issue this command `drpcli machines stage <uuid> prep-install` or use the ux to change the stage to `prep-install`

greg
2017-11-22 22:03
The advantage of this workflow set up is that it will do two things.

greg
2017-11-22 22:03
One wipe the disks of data.

greg
2017-11-22 22:03
and two it will reboot the machine automatically for you

greg
2017-11-22 22:04
While the machine is in sledgehammer wait, you should be able to ssh into the box and look around.

greg
2017-11-22 22:05
The install should complete by setting the stage to `complete-nowait` and bootenv to `local`.

greg
2017-11-22 22:06
Once booted to the new OS, you should be able to get in by ssh.

2017-11-22 22:35
ok ill work through this

2017-11-23 07:26
ok... so it seems i can now successfully build an image it boots i cant however ssh into it... is there a default username/password for them ?

2017-11-23 07:26
so making progress

2017-11-23 08:13
im beginning to wonder just how much work is ahead of me... wanting to A: spin up an XenServer VM ..... instal lan OS on it... Then run an ansible playbook against it to configure it all...

2017-11-23 08:15
i see no "XenServer" provider even

shane
2017-11-23 19:31
@outbackdingo - please see @greg's comment on how to inject an SSH key to the server config:

2017-11-23 19:34
@shane funny thing is i did that

shane
2017-11-23 19:36
can you please provide the output of (before pasting it - please obscure your SSH public key piece): `drpcli profiles show global`

shane
2017-11-23 19:36
also - the SSH public key will only be injected on provisioning - AFTER you install an OS (bootenv) - just adding the ssh key to the global profile will not effect/change any existing already provisioned machines

2017-11-23 19:41
@shane https://pastebin.com/6EjmjvuS

2017-11-23 19:50
@shane hrmmm i think i see the issue

2017-11-23 19:50
"access-keys": { "dingo": "ssh-rsa ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxzsx

2017-11-23 19:51
ssh-rsa X 2

shane
2017-11-23 19:56
yep - that'd def. cause an issue ... :slightly_smiling_face:

2017-11-23 19:57
@shane ok trying again... question though why do i have to change something..... is there no way to say boot VM -> discover -> install

2017-11-23 19:58
discover Start sledgehammer-wait Reboot (remove step) centos-7-install Reboot (remove step) complete-nowait Success (remove step)

2017-11-23 19:58
where i have to run ./drpcli machines stage 1fb9e96b-2627-4f6b-a684-0eeac1657217 centos-7-install and reboot the vm

2017-11-23 20:01
ok that VM successfully installed and i can ssh into it

2017-11-23 20:02
now to deal with this Workflow

2017-11-23 20:02
suggestions wlecome

greg
2017-11-23 20:30
Yeah. So what do you want? I suggest to pause tonkeep from wiping out systems. But not you flow. All good.

greg
2017-11-23 20:31
Okay - so not that I?m at a computer and not fighting the phone.

2017-11-23 20:31
@greg id prefer to be able to just go through booting the VM to install to complete-nowait without having do anything

2017-11-23 20:31
no rush

greg
2017-11-23 20:32
@outbackdingo - if you want to just have machines go straight to install, you will want to do something like this:

greg
2017-11-23 20:32
Actually, a couple of questions? Do you wish to inventory the system?

greg
2017-11-23 20:33
and do you want to choose the OS?

2017-11-23 20:34
well initially the game plan is to get to wanting to A: spin up an XenServer VM ..... B: install an OS on that vm... C: Then run an ansible playbook against it to configure it all

2017-11-23 20:34
right now id be happy to be able to choose the os and do the install

2017-11-23 20:34
withoutt intervention

greg
2017-11-23 20:34
Are the disks ?clean? on the VM spin up?

2017-11-23 20:34
always

greg
2017-11-23 20:34
okay - then ? you can do this.

greg
2017-11-23 20:35
In the UI, set the default stage to the OS install you want to install at the moment.

greg
2017-11-23 20:36
In the workflow, make sure you have whatever stage you selected in default stage step that goes from it to complete-nowait.

greg
2017-11-23 20:36
with success.

greg
2017-11-23 20:36
Done

greg
2017-11-23 20:37
Ugh - I really want that to work, but it won?t.

greg
2017-11-23 20:37
Sorry, still have to create a machine.

greg
2017-11-23 20:37
Turkey on the brain - just a second.

2017-11-23 20:37
so just have a workflow like centos-7-install Start complete-nowait Success (remove step)

greg
2017-11-23 20:38
You will need that for an OS you want to install.

greg
2017-11-23 20:38
To auto install, you will want the following workflow steps:

greg
2017-11-23 20:38
discover -> centos-7-install : Reboot

greg
2017-11-23 20:38
centos-7-install -> complete-nowait : Success

greg
2017-11-23 20:39
Keep adding OSes by repeating the last one.

greg
2017-11-23 20:39
When you want to change the OS globally, remove the discover step and change it to discover -> OS of choice : Reboot

2017-11-23 20:40
ok, but i can create multiple workflows correct ?

greg
2017-11-23 20:40
This should have the machines start, boot into sledgehammer, create a machine entry, and then reboot to install the os, then reboot into the final OS with no changes.

2017-11-23 20:40
ok

greg
2017-11-23 20:40
The problem is how to choose the OS you want when you want.

2017-11-23 20:40
right

greg
2017-11-23 20:40
usually, that requires a step to either change the stage or add a parameter/change stage.

greg
2017-11-23 20:41
Do you use terraform?

2017-11-23 20:42
@greg i think its going to be needed if i plan to create xenserver VMs -> then boot them and install an OS

2017-11-23 20:42
i dont see any providers in rebar for xenserver

greg
2017-11-23 20:42
Can you describe your XenServer environment? Single node or multi-node XenServer?

2017-11-23 20:42
lab is single node... deployed is multinode

greg
2017-11-23 20:42
We don?t have providers anymore for anything that creates the machine. We could but don?t. Wasn?t our direct business.

greg
2017-11-23 20:43
Okay - do you have an API that can create and wait for servers?

2017-11-23 20:43
yes

greg
2017-11-23 20:43
hmm - okay - thinking about this.

2017-11-23 20:45
does terraform work with rebar ?

greg
2017-11-23 20:46
We have a provider that plugs into terraform that can drive DRP and choose stage.

greg
2017-11-23 20:46
@shane has the start of mixing packet and DRP to do what you are trying to do. I think he is close.

2017-11-23 20:47
essentially... i have two targets the create boot xenserver vm, install os, run ansible against vm.... second create a group of xenserver vms, install kubernetes cluster

greg
2017-11-23 20:47
We have some cases for that. Or close on most.

2017-11-23 20:47
i did also see the kubernetes stuff... but i am thinking it requires an installed OS in the VM first

greg
2017-11-23 20:48
well - it does today. I?m trying a Live OS k8s cluster, but that is for another day.

2017-11-23 20:49
so if i have say 3 vms installed with centos ? i can deploy kubernetes onto it now ?

greg
2017-11-23 20:49
Well , you can use kubespray ansible playbook and DRP ansible inventory generator to do it. I think @zehicle posted a video with this.

greg
2017-11-23 20:50
You get three machines OS installed through the workflow, then add then into a profile and that can then be used with an ansible inventory generator to build those machines.

greg
2017-11-23 20:51
Checking our youtube channel.




2017-11-23 21:00
cool... ill watch this tonight and again tomorrow morning and see where i get to with it

zehicle
2017-11-23 21:01
Skedgehammer works for testing kubespray too


greg
2017-11-23 21:16
okay - I?m back to thanksgiving partying.

2017-11-23 21:17
@greg enjoy it.... im heading to sleep 10PM where i am in Italy

2017-11-23 21:17
@zehicle ill look at it also

zehicle
2017-11-23 21:34
It's the written version of the video

zehicle
2017-11-23 21:34
We can also get you a slack account

zehicle
2017-11-23 21:35
There is a form for it on RackN. com

zehicle
2017-11-23 21:35
From the ux

2017-11-24 07:21
@zehicle ok slack accoun requested, working o roll this up today and get it done

i.grischott
2017-11-24 12:38
@i.grischott uploaded a file: https://rackn.slack.com/files/U7U02J6LX/F86047EUW/grafik.png and commented: Hi it's my first time here. i'm IT technician and i'm looking for good solution to manage bare metal servers, kubernetes, kvm .. first time il'checked solutions from CoreOS with Tectonic, the Foreman., Promox. now i'm here :slightly_smiling_face: I already have the dr-provision installed and it seems to be running ..

i.grischott
2017-11-24 12:41
i wan't to add some machines .. but i don't know how..

i.grischott
2017-11-24 12:42

i.grischott
2017-11-24 12:42
PXE Boot won't work.

i.grischott
2017-11-24 12:43
In the documentation i didn't find how can i initialize the bare metal machines with PXE Boot...

i.grischott
2017-11-24 13:22
Sorry forget my post I made a reasoning mistake .. I have the dr-provisioner running in a docker container on CoreOS, that can not work ..

2017-11-24 13:30
@i.grischott it can if the ports are exposed

zehicle
2017-11-24 14:25
@i.grischott you need to make sure you set the config preferences to provide the discovery image - the defaults ignore requests. Which also means that you have to upload the sledgehammer image. The discovery image will auto register the machines when it boots.

zehicle
2017-11-24 14:26
Also, you may need to set the --static-ip address for the interface you are listening on depending on the o/s you are installed on.

kamp.scott
2017-11-24 15:03
has joined #community201711

shane
2017-11-24 16:28
@i.grischott - can you please paste the output of the following command on from your DRP Endpoint: `drpcli subnets show`

i.grischott
2017-11-24 16:29
@i.grischott uploaded a file: https://rackn.slack.com/files/U7U02J6LX/F85AW211B/tftpp_read_timeout.jpg and commented: one step further..

shane
2017-11-24 16:29
also - it's important to verify that you map/allow the following ports in to the DRP Endpoint: 67 for DHCP 69 for TFTP 8091 for HTTP 8092 for API access

shane
2017-11-24 16:35
from an external node to the DRP Endpoint, you can verify most of these connections by the following tests: for TFTP test: ```tftp 172.17.0.2 get ipxe.pxe``` for HTTP test: ```curl -s -o /tmp/ipxe.pxe http://172.17.0.1:8091/ipxe.pxe``` for API test - install `drpcli` (or copy the appropriate architecture binary to your remote machine), and run: ```drpcli -E https://172.17.0.1:8092/ info get```

shane
2017-11-24 16:37
you also need to start the `dr-provision` environment with the `--static-ip` set to the external NAT address that maps to the container - otherwise, the DRP Endpoint won't respond correctly

shane
2017-11-24 16:38
so - on starting the DRP endpoint, do: `dr-provision --static-ip=172.17.0.1 ... other args ... `

i.grischott
2017-11-24 16:45
for testing i start the container with --net=host..

i.grischott
2017-11-24 16:48
@i.grischott uploaded a file: https://rackn.slack.com/files/U7U02J6LX/F84M3EHJM/tftp_get_works_locally.jpg and commented: think it's a port mapping problem.. can't tftp get from other machine..

greg
2017-11-24 19:50
Make sure you use the IP that can access the tftp directory as the `--static-ip`

greg
2017-11-24 19:51
`--static-ip=192.168.0.1`

kamp.scott
2017-11-25 08:36
is here a way to provision CentOS 6 machine? or do i have to create tasks for all of it

kamp.scott
2017-11-25 08:53
Missing ISO: Please Upload Explode ISO: iso does not exist: /home/dingo/drp-data/tftpboot/isos/CentOS-6.9-x86_64-bin-DVD1.iso Error You can download the required ISO from http://mirrors.kernel.org/centos/6.9/isos/x86_64/CentOS-6.9-x86_64-bin-DVD1.iso Error bootenv: centos-6.9-install: missing kernel images/pxeboot/vmlinuz (/home/dingo/drp-data/tftpboot/centos-6.9/install/images/pxeboot/vmlinuz) Error bootenv: centos-6.9-install: missing initrd images/pxeboot/initrd.img (/home/dingo/drp-data/tftpboot/centos-6.9/install/images/pxeboot/initrd.img)

kamp.scott
2017-11-25 08:54
but i did upload the iso and it does show under ISOS trying to enable Centos 6 environments

kamp.scott
2017-11-25 08:54
CentOS-6.9-x86_64-bin-DVD1.iso 100%[===================================================================>] 3.70G 20.1MB/s in 3m 13s 2017-11-25 03:49:14 (19.6 MB/s) - ?CentOS-6.9-x86_64-bin-DVD1.iso? saved [3972005888/3972005888] root@streisand:/home/dingo# mv CentOS-6.9-x86_64-bin-DVD1.iso /home/dingo/drp-data/tftpboot/isos/

kamp.scott
2017-11-25 09:10
./drpcli bootenvs uploadiso centos-6-install seems to have worked

i.grischott
2017-11-25 22:11
it works now.. there wasn't set the default gateway on the docker host :disappointed:


i.grischott
2017-11-25 22:14
it's possible to add other OS'ses for deploying ? like Container Linux (aka CoreOS).. i like the update functionality and security of this OS..

i.grischott
2017-11-25 22:47

i.grischott
2017-11-25 22:52
i want to setup openstack on kubernetes.. i try to adopt this video (https://www.youtube.com/watch?v=6xuVm9PJ2ck) to the new UI .. puh.. a lot of new features .. is there a easier guide to initialize openstack on kubernetes?

shane
2017-11-25 23:51
@i.grischott your best bet is to use an existing a ansible playbook, with our a ansible content pack

shane
2017-11-26 01:11
that video is from Digital Rebar ver 2 - the current version (Digital Rebar Provision ver 3) does not support cross-node orchestration - however, we support integrations with third party tools (like Ansible) which allow you to do complex application installations through that tooling

kamp.scott
2017-11-26 09:39
wait ... what? openstack on kubernetes? isnt that backwards? should be kubernetes on opensttack ?

kamp.scott
2017-11-26 09:49
sounds almost like Joyents Triton.....

shane
2017-11-26 15:25
@kamp.scott - yes, there is a big shift in OpenStack to use Kubernetes as the orchestration piece to manage the OpenStack services - there are lots of tooling popping up that containerizes each component of the OpenStack puzzle. This in theory provides a "self-healing" control plane, and also (in theory) minimizes the OpenStack service management overhead ...

kamp.scott
2017-11-26 15:52
id love to see that deployed

kamp.scott
2017-11-26 15:52
though curious how you sin up froms from kubernetes probably ony kvm supported

zehicle
2017-11-26 19:15
@i.grischott those v2 demos were before AT&T moved the project into OpenStack governance and repackaged it a set of stages. We're working on k8s metal install and watching the OpenStack Helm community to see when they get something generic. There are some other OpenStack on K8s efforts (Kolla) that show promise.

zehicle
2017-11-26 19:15
It seems like our Ansible integration is a key for those efforts and servers a more general purpose anyway.

i.grischott
2017-11-27 07:28
you think a good approach is setup k8s with your plugin kubespray then deploy openstack with helm ?

wdennis
2017-11-27 20:10
protip: Filter out voluminous gohai data in machine records via: `drpcli machines show <uuid> | jq 'del(.Profile)'`

wdennis
2017-11-27 20:13
Hi all! back into the fray

shane
2017-11-27 20:14
...and similarly if you want to list all Machines if you don't know the UUID, and filter out gohai: `drpcli machines list | jq 'del(.[].Profile)'`

wdennis
2017-11-27 20:14
Trying to understand where my machine install is at... I see this output on a machine undergoing an install: ```[dradmin@dr-admin drp]$ drpcli machines show 4f316320-fb0c-46f2-8578-f0d8f13177e1 | jq 'del(.Profile)' { "Address": "192.168.1.112", "Available": true, "BootEnv": "ubuntu-16.04-install", "CurrentJob": "a4e0839e-31e0-4a87-af9c-9d07f2e3b158", "CurrentTask": -1, "Errors": [], "Name": "ml47", "OS": "ubuntu-16.04", "Profiles": [ "necla-ubuntu-default" ], "ReadOnly": false, "Runnable": false, "Secret": "xxxxxxxxxxx", "Stage": "ubuntu-16.04-install", "Tasks": [ "ubuntu-drp-only-repos", "ssh-access", "change-stage" ], "Uuid": "4f316320-fb0c-46f2-8578-f0d8f13177e1", "Validated": true }```

wdennis
2017-11-27 20:15
The `CurrentJob` attribute is the last job that ran (I see this in the UX in "Jobs")

wdennis
2017-11-27 20:15
Why is `CurrentTask` value a `-1`?

wdennis
2017-11-27 20:18
What I'm trying to do is see that the machine is actually installing the OS (Ubuntu 16.04 in this case)

wdennis
2017-11-27 20:20
Any way to know that from the data returned from `machines show`?

shane
2017-11-27 20:40
@wdennis I'm not sure off hand what `-1` means - but my (infantile) reading of the `./backend/machines.go` seems to indicate (rather counter-intuitively) that it means we have Tasks to run): ```if n.Tasks != nil && len(n.Tasks) > 0 { n.CurrentTask = -1 }```

shane
2017-11-27 20:40
I believe final interpretation is likely going to be needed by @greg or @vlowther

greg
2017-11-27 20:40
yeah - just a minute. Sorry.

greg
2017-11-27 20:41
-1 means start of list.

greg
2017-11-27 20:41
It hasn?t tried to run anything yet.

greg
2017-11-27 20:41
This is the one spot we don?t have a good view in what is going on.

greg
2017-11-27 20:42
This tells me that the machine is somewhere inbetween the boot into install and drpcli getting control in the post install script of the preseed file.

shane
2017-11-27 20:42
also - you can filter the `gohai-inventory` w/ `jq` - but because `gohai-inventory` contains a dash - it is special to JSON, so you have to "escape" it, as follows: `drpcli machines show <UUID> | jq 'del(.Profile.Params."gohai-inventory")'`

shane
2017-11-27 20:43
your method will also filter out (potentially) other useful `Params` from the JSON output

zehicle
2017-11-27 21:04
@i.grischott I think Helm will _eventually_ be the way to deploy OpenStack. there are some technical items to resolve first.

zehicle
2017-11-27 21:04
we're focused on making k8s installs to metal better b/c that

zehicle
2017-11-27 21:04
is a prereq

ctrees
2017-11-28 14:26
anyone have a good 'ssh key rotation strategy for ops' reference or article ?

ctrees
2017-11-28 14:38
So far... This is what I've got:


vlowther
2017-11-28 14:55
hm, that seems more geared to auditing purposes than anything else.


vlowther
2017-11-28 14:59
along with the SSH certificates section of https://ef.gy/hardening-ssh

vlowther
2017-11-28 15:01
tl;dr: SSH supports auth using signed certs that have valid lifetimes instead of the classic public/provate keypairs with unbounded lifetimes

ctrees
2017-11-28 15:49
Thanks!

wdennis
2017-11-28 17:01
@shane Thx for the more precise gohai removal syntax

shane
2017-11-28 17:01
:slightly_smiling_face: no problem ... I fought that for a bit before I realized a dash was "important" to JSON ...

wdennis
2017-11-28 17:02
There's always a "sin tax" :wink:

shane
2017-11-28 17:04
I added it to the FAQ documentation - will be updated next time we push to "latest"

wdennis
2017-11-28 17:04
So, @greg I'm guessing that `CurrentTask` == `0` means "no more tasks"

greg
2017-11-28 17:12
it depends upon the task list length. :slightly_smiling_face:

greg
2017-11-28 17:12
CurrentTask is the index into the task list.

vlowther
2017-11-28 17:13
CurrentTask == 0 means the zeroth task in the list is the current one.

vlowther
2017-11-28 17:13
:slightly_smiling_face:

vlowther
2017-11-28 17:13
CurrentTask == len(Tasks) means nothing else to do.

greg
2017-11-28 17:13
if CT == len(tasklist), then done. Otherwise, it is that that position (programmer style) in the list.

wdennis
2017-11-28 18:34
ah, got it

wdennis
2017-11-28 18:35
I take it then the `Tasks` list persists until the pointer == len(Tasks), then is deleted?

zehicle
2017-11-28 18:52
the UX machines page should have a task list now (with x-links)

vlowther
2017-11-28 19:25
so, : Spaces in names of things: Awesome, ok i guess, or heresy?

vlowther
2017-11-28 19:27
I am adding validation to various names of things,, and it would be good to know before I make everyone's life just that much harder.

ctrees
2017-11-28 19:50
Jobs: "Awesome" Woz: "Heresy, spaces are my HEX delimiter" ... pick your abstraction camp

vlowther
2017-11-28 20:04
So, here are the validations I am contemplating:

vlowther
2017-11-28 20:04
var ( validName = regexp.MustCompile(`^\pL+([- _.]+|\pN+|\pL+)+$`) validParamName = regexp.MustCompile(`^\pL+([- _./]+|\pN+|\pL+)+$`) )

vlowther
2017-11-28 20:05
the former is for everything that is not a param

vlowther
2017-11-28 20:05
the latter is for params for $REASONS

vlowther
2017-11-28 20:06
\pN is everything Unicode considers a number, and \pL is everything Unicode considers a letter

vlowther
2017-11-28 20:06
the rest of it should be obvious enough to anyone who has stared at too much Perl.

vlowther
2017-11-28 20:07
or obsessed about DFA vs NFA ww.r.t speed and feature completeness.

diego.milhomes
2017-11-28 20:19
has joined #community201711

vlowther
2017-11-28 20:21
@wdennis the Tasks list persists until someone or something changes it

vlowther
2017-11-28 20:21
either directly via the API or indirectly via stage change.

shane
2017-11-28 20:22
@diego.milhomes - welcome

ctrees
2017-11-28 20:47
@vlowther so must start with letter... maybe that's why my "2cld" name had issues

ctrees
2017-11-28 20:49
my regexp foo is weak though...

vlowther
2017-11-28 20:49
well, these are what I am working on right now.

vlowther
2017-11-28 20:50
They are not in a tree you would be using, unless you hafve some crazy access to my laptop I have not noticed. :slightly_smiling_face:

ctrees
2017-11-28 20:51
oh... it was on other 'ansible' or 'vagrant' things... you just got me thinking 'oh... that's probably why'

ctrees
2017-11-28 20:55
i changed to "tocld" name and it worked... didn't dig that deep... I can ping some moz 'data collection log guys' if you need intense regex foo'ness

wdennis
2017-11-28 22:17
@vlowther No to spaces! (and double no to tabs! :stuck_out_tongue_winking_eye: )

vlowther
2017-11-28 22:19
That makes it a tie!

vlowther
2017-11-28 22:20
For now, it is spaces because some of my unit tests have them.

wdennis
2017-11-28 22:21
I need to work on some mods to my preseed file.... Need to create custom one and link it in; how do I go about doing that?

shane
2017-11-29 15:58
@wdennis - pretty easy ```drpcli templates show net-seed.tmpl --format=yaml > /tmp/my_fancy_new-net-seed.yaml vim /tmp/my_fancy_new-net-seed.yaml # change ID to a new template name # change whatever else # leave the late_command stuff in there drpcli templates create -< /tmp/my_fancy_new-net-seed.yaml ``` Now modify a BootEnv to use your new seed instead of the default `net-seed.tmpl`. Basically - clone a BootEnv, and use that as your stage BootEnv for workflow transition.

ctrees
2017-11-29 16:06
speaking of BootEnv ... via the packet docker [root@buildbox ubuntu1604]# save2image ubuntu1604.tar I should be able to use that as a bootenv image directly ?

wdennis
2017-11-29 17:39
@shane Getting this error when I try to create the new template: ```[dradmin@dr-admin ~]$ drpcli templates create - < necla-ubu-seed.yaml Error: Invalid template object: error converting YAML to JSON: yaml: line 143: could not find expected ':' and error converting YAML to JSON: yaml: line 143: could not find expected ':'```

shane
2017-11-29 17:40
can you direct message me your yaml (excise any sensitive bits)...

shane
2017-11-29 17:41
probably just a space format error in the yaml

shane
2017-11-29 17:41
(at around line 143)

wdennis
2017-11-29 17:42
n/m, indentation error from editing... :face_with_rolling_eyes:

shane
2017-11-29 17:43
:slightly_smiling_face:

wdennis
2017-11-29 17:51
@wdennis uploaded a file: https://rackn.slack.com/files/U416T0AAX/F86NJD11P/bootenv-clone-fail-ux.png and commented: Next issue... getting error when trying to save bootenv cloned in the UX

shane
2017-11-29 18:05
use `drpcli`: ```drpcli bootenvs show ubuntu-16.04-install --format=yaml > my-ubuntu-16.04-install.yaml # modify appropriately - make sure to change "ID" vim my-ubuntu-16.04-install.yaml drpcli bootenvs create -< my-ubuntu-16.04-install.yaml```

shane
2017-11-29 18:06
sorry - I don't use UX, so hadn't run in to that bug - but, I get same thing trying to `clone`

wdennis
2017-11-29 18:15
Thought you guys could use the QA help :stuck_out_tongue_winking_eye:

wdennis
2017-11-29 18:16
(On UX)

shane
2017-11-29 18:16
Since we don't actually have a UX person ... I think it's coming along fabulously ... certainly has rough edges though - no doubt ...

wdennis
2017-11-29 18:18
It?s so beautiful that it makes me want to use it...

shane
2017-11-29 18:19
please do ... and ... please file tickets as you bump in to those sharp edges


shane
2017-11-29 23:37
@wdennis - I submitted a pull request for `provision-content` which adds support for a custom preseed to be defined. This lets the stock provided BootEnvs remain unchanged, and you can simply create a Param of `select-seed` with the value of a new template file with your custom preseed changes - it hasn't been approved yet, and will take a little while to work through the system to release... https://github.com/digitalrebar/provision-content/pull/42

wdennis
2017-11-30 00:46
@shane Sounds great! Also do this for RedHat-family distros?

greg
2017-11-30 00:49
Yeah. We are talking about that.

wdennis
2017-11-30 00:56
That would be great -- the more we can stick with DR-provided content, the better (as far as getting updated content etc.)

wdennis
2017-11-30 00:57
Of course, it's still a benefit sometimes of creating custom objects, but this breaks the community/RackN-provided updates via the content system (custom obj's never get updated)

greg
2017-11-30 02:00
Well. Part of me is wondering what you want to do. Could what you want be handled by tasks? Or by @lae?s changes

lae
2017-11-30 02:33
ah so

lae
2017-11-30 02:33
for custom preseeds I maintain my own, "fireeye-content" package...

lae
2017-11-30 02:33
or well, custom anything really

greg
2017-11-30 02:34
Yeah that was part of the purpose for Content Packs. Glad you are using them.

wdennis
2017-11-30 03:43
@greg My goal is to as little as possible in the preseed, and as much of the work as possible in my configuration mgmt system (Ansible in my case.)

wdennis
2017-11-30 03:44
That being said, I do need to handle some stuff in preseed that needs to happen during OS install, to prep for the CM run

wdennis
2017-11-30 03:44
(Well, disk partitioning too)

wdennis
2017-11-30 03:49
My main deltas from the stock DRP seed file are: - enable root account with password (sadly, company std) as well as key exchange - don?t create initial user (root suffices) - install ?python-minimal? pkg (provides Py2.7, which is needed for Ansible runs)

wdennis
2017-11-30 03:51
Haven?t tried to tackle using differing partitioning schemes, which I believe is enabled via sub-template inclusion

greg
2017-11-30 04:39
in ubuntu right?

greg
2017-11-30 04:40
I would do those as three tasks in a stage i sequence into a workflow.

greg
2017-11-30 04:40
Use the custom partitioning pieces for partition magic.

greg
2017-11-30 04:41
@wdennis- something like this:

greg
2017-11-30 04:41
task1 - rmuser rocketskates in a shell script.

greg
2017-11-30 04:42
task2 - usermod -p <encrypted password> (from parameter) in script

greg
2017-11-30 04:43
task3 - apt-get install -y python-minimal

greg
2017-11-30 04:43
stage customize - task1, task2, task3, change-stage - RunnerWait = true.

greg
2017-11-30 04:44
workflow: ubuntu-16.04-install -> customize -> complete-nowait

greg
2017-12-01 03:51
- Hi All!

greg
2017-12-01 03:52
The basis for v3.4.0 has been committed to tip.

greg
2017-12-01 03:53
This contains the CLI conversion to use the API instead of the swagger generated API code. This will allow for better maintenance, smaller codebase, and golang API.

shane
2017-12-01 03:53
woot! if y'all have an opportunity to deploy `tip` and test, we'd appreciate it !

greg
2017-12-01 03:53
Additionally, the `change-stage` feature has been added.

greg
2017-12-01 03:55
The runner will now always try to change stage and check the map to see what it should do. This will make stages cleaner.

greg
2017-12-01 03:55
This change also restores the ability to not require a workflow to install an os.

greg
2017-12-01 03:56
setting the machines stage to <something>-install will set the stage to local and let the install finish if no workflow entries are found upon completion of the installation.

greg
2017-12-01 03:58
The digital rebar and rackn content have been updated to use this. The plugins as well use this as well.

greg
2017-12-01 04:00
Sooooo ?.. If you upgrade content to latest tip: digital rebar content = v1.2.0-tip-8-a2dd261d1da79c5f42d34728e5bfad570890da86 rackn content = v1.1.0-tip-3-4624c28ae569ee7f0c0ecff62d5ff33c89c75e01 rackn plugins = v1.2.0-tip-3-7da6c05aa74907f07ddc0db168e3128aa7f2b0bd you need to use DRP - v3.3.0-tip-19-ac9f7e4d726a579053cdf247d044036b91ff6a12

greg
2017-12-01 04:04
Existing content should continue to work fine. The one caveat is that if you are using the runner-service. You need to upgrade to the latest task-library for that to work on new installs.

greg
2017-12-01 04:04
We will plan on cutting v3.4.0 on Monday heading into the community meeting on Tuesday. :slightly_smiling_face:

zehicle
2017-12-01 04:15
great notes (and progress!)

zehicle
2017-12-01 04:15
it's worth noting that the CLI change included a lot of rework/improvement in the test patterns.