IRC logs for #baserock for Friday, 2015-01-09

*** genii [~quassel@ubuntu/member/genii] has joined #baserock01:43
*** genii [~quassel@ubuntu/member/genii] has quit [Remote host closed the connection]02:03
*** zoli_ [] has joined #baserock08:11
*** zoli_ [] has quit [Changing host]08:11
*** zoli_ [~zoli_@linaro/zoli] has joined #baserock08:11
*** mariaderidder [] has joined #baserock08:32
rjekbwh: :(08:44
*** bashrc [] has joined #baserock08:59
*** sambishop [] has joined #baserock09:06
pedroalvarezSo, I've been told that when doing a merge, I should put a Reviewed-by list (or something) pointing to the reviewers of the patch. I normally do this, but without puting emails addresses, which turns up that is not enough to identify a Person. Also I've been told that this is a common practice in opensource projects. How could a Baserock contributor know this? This the first opensource project I colaborate with, and I didn't know about all of this.09:21
persiaWe probably ought document it somehow.  Generally speaking early contributors don't need the Reviewed-By lines because they can't commit the merge.09:22
persiaI presume we have assumed that people will learn from seeing merge commits, but that may not be sufficiently explicit.09:23
persiaI suspect it deserves a paragraph in
pedroalvarezI'll be happy with that09:24
*** jonathanmaw [] has joined #baserock09:26
persiapedroalvarez: What do you think of ?  Do we need more there?09:29
*** ssam2 [] has joined #baserock09:30
Mode #baserock +v ssam2 by ChanServ09:30
*** tiagogomes [] has joined #baserock09:30
pedroalvarezpersia: is "pseudoheaders" enough? I would have failed to understand that09:31
*** wdutch [] has joined #baserock09:31
persiaThen it isn't enough.  Hrm.09:31
persiaHow would you describe them?09:32
pedroalvarezThe thing is that I'm not familiar with the pseudoheaders term09:34
KinnisonThey're often referred to as 'tags' by people in kernel circles09:34
Kinnisonpseudoheaders go at the start of a message09:34
Kinnisontags go at the end09:34
KinnisonAnd signed-off-by, reviewed-by, acked-by, tested-by etc. all go at the end of the commit message09:34
persiabare "tags" or "commit tags"?09:34
KinnisonTextual "tags" in the commit message09:34
Kinnisonit's a poor term09:35
KinnisonBut it's the term used in the 'Submitting patches' document in the linux documentation tree09:35
persiaDo you think s/pseudoheaders/tags/ would be comprehensible?09:35
Kinnisons/pseudoheaders/lines at the end of the commit message/09:35
Kinnisonor similar09:35
persiaI don't like the grammar for that, but yes, that might work.09:36
pedroalvarezcouldn't we put a small example?09:36
pedroalvarezor a link to a place where it's explained?09:36
persiaSo, "Merge commit messages should contain Reviewed-By: lines at the end of the commit message gathered from the review mail in the thread."09:36
Kinnisonpedroalvarez: yes, examples would be a good idea09:36
Kinnisonpersia: that'd get a +1 from me09:37
persiaSo ?09:38
Kinnisonthe double quotes and the cut off sentence make me sad09:39
* pedroalvarez is still not understanding even with the expansion of "pseudoheaders"09:39
Kinnisonbut the example (if you put a $ git log -1 at the top) should be okay09:40
* persia gets annoyed at the vast number of "clipboards" and wishes X selections worked properly09:40
Kinnisonpedroalvarez: are you aware that email messages are split into two major parts -- the headers and the body?09:40
pedroalvarezhm.. I kind of am09:40
Kinnisonpedroalvarez: in the good old days, most people's mail clients had control of the headers in an easy to edit way, and they would put control information into the headers09:40
persia ?09:40
Kinnisone.g. for bug trackers09:40
pedroalvarezNow I get it09:41
KinnisonWhen mail clients became much more "coddling", the practice was shifted to putting them as the first part of the mail body09:41
Kinnisonthese were so-called pseudo-headers09:41
Kinnisonpersia: If you want the commit, merge, author, date lines at the top, then please make it clearer that it's a 'git log' output, otherwise people might think those need to go in the commit message09:42
persiaWe had pseudo-headers back when everyone could edit headers as well, but usually only because some NNTP gateways mangled headers.09:42
Kinnisonpersia: those were the bad old days :-)09:42
persiaYou walk a narrow line :p09:42
* Kinnison chuckles09:43
persia ?09:43
pedroalvarezthanks persia :)09:44
straycatwhy is someone's name not enough to identify them?09:44
straycator did we have a sudden overnight increase in contributors that i'm not yet aware of?09:44
pedroalvareztoo many john smiths in the world :)09:44
persiaAnd we have a mix of email and non-email attributions in the history.  It seems normal practice in other contexts to include email, so it seems easier.09:45
persiaIf you believe we shouldn't, we can change: it's only a wiki page, not the policy page.09:46
straycateh, doesn't hurt to have emails in the commit, i've just not bothered with it so far cause names seem enough atm09:51
franredstraycat, repositories are historical, we should think on the future community members too and give them the possibility to contact people who made some patch in the past ;-)09:56
straycatoh, you mean like git log?09:57
straycatif you want to put emails in review commits go for it, i'd rather not be forced to perform extra manual steps everytime i perform a merge09:58
franredstraycat, reviewers are not in the merge commit nor in the patch commits09:58
straycatrealistically anyone reviewing anything will be easily findable in the git log09:59
straycatso this dicussion is pretty moot09:59
* straycat goes back to stuff09:59
franredstraycat, I disagree but it is my opinion10:00
*** Krin [] has joined #baserock10:02
*** locallycompact [] has joined #baserock10:20
*** tiagogomes [] has quit [Ping timeout: 264 seconds]10:23
*** tiagogomes [] has joined #baserock10:27
*** locallycompact [] has quit [Ping timeout: 255 seconds]10:31
straycatotoh, might not be so bad with a commit template, but still probably unnecessary10:32
ssam2i have a list of ready-written 'Reviewed-By' tags which I just copy from when creating a merge commit, which makes the process fast and also saves mistyping people's names10:36
ssam2it is unnecessary work though, if we switch to having Zuul do merges then I guess we don't have to worry about this10:36
persiaI'd like it if Zuul did that.10:37
*** locallycompact [] has joined #baserock10:46
straycatbah, for some reason I believed the set of args passed to each extension was the same10:54
straycatit now turns out the to_lorry extension doesn't get a version10:54
straycatpresumably because this wasn't needed for rubygems10:54
ssam2that's exactly the reason :)10:56
ssam2if adding a version for .to_lorry would make the set of args the same for all extensions, I'm very much in favour of it10:56
ssam2in fact, if it's necessary then i'm in favour of it either way...10:56
straycatNot quite sadly, looking at it now find_deps gets the source_repo as the first arg as well10:57
straycatas the name10:57
ssam2hmm, yeah10:57
ssam2which makes sense, to_lorry can't get the source repo passed to it for obvious reasons :)10:58
straycatyes :)10:58
ssam2but I can see why, if you need a tarball import, you need to pass a version to the to_lorry program ..10:58
straycatI could make it something specific to the python importer and pass it in through extra_args, but it strikes me that other extensions may want the version number at that stage10:59
ssam2sure, anything doing a tarball import11:00
ssam2i'm surprised i didn't need this when implementing the Omnibus importer. maybe I just didn't get that far.11:00
straycatOkay well if you're fine with it I'm happy to modify that interface and update the other extensions as needed11:03
jmalkhi all, quick question - - this guide uses port 5555 for the VM, is there a reason for this particular port?11:04
persiajmalk: It isn't usually used by other things, but this isn't a particularly strong reason.11:05
jmalkpersia: so if I were confident with my ports it could just as easily be another not-used-much-by-other-things port?11:06
CTtpollardjmalk, you can also do multiple port forwards if needs be, I had 4 mapped at one point 11:06
ssam2straycat: awesome, thanks11:07
persiaI switched to running a system under libvirt after a short while, to make network management easier.11:07
jmalkCTtpollard: any advantages to that, or something that arose from necessity?11:07
CTtpollardI was hosting 3 services from within the vm which I needed external access to 11:08
persiaThe main advantage is being able to deliver more services: e.g. ssh+http+https+http-on-alternate-port11:08
jmalkah, I see11:09
straycatZara_, did we get your stuff merged?11:09
Zara_no, sorry, for the import tool I still need to rebase the commits that jmac asked for rebasing11:11
Zara_I should have it done soon, provided I figure out rebasing. :P Though I'm not totally sure what I do at that point-- I'm guessing I resend the patch to the same thread, but I'm not sure how to do that.11:12
straycateh, you can just rebase it and send it to the list as a v2 or v3 or whatever it is11:13
jmacsI would resend it as a new thread with "v4" or something added to the subject11:13
Zara_ok, thanks :) that definitely sounds easier. 11:15
tiagogomesIf I run `morph edit foo`, will morph always build from the repo created my `morph edit`, or it will look if there is a remote branch with more recent commits11:23
straycati'm pretty sure it just uses your local clone11:24
perrylif i set a value in morph, can anyone tell me how to get that value in the system the morph is deploying?11:25
straycat/baserock/deployment.meta seems to have that11:27
ssam2perryl: what's the exact problem here ?11:28
perrylssam2: i'm probably overthinking the issue; i'm looking at add_settings in morphlib and there's nothing that intuitively states "this is how to pass an argument in from the morph", 11:29
ssam2is this for passing an argument to the firehose plugin? or for passing arguments to firehose.configure ?11:31
perrylpreferably both11:32
ssam2ok. they ate separate problems11:32
perrylmorph seems to do nothing but confuse me, looking at it; is there any documentation on it i can read through?11:32
ssam2perryl: try `man cliapp`11:32
ssam2or (the same thing)11:33
ssam2cliapp is a separate library, which provides some useful features like commandline and config file parsing11:33
ssam2we use it in a few other programs like the import tool11:33
ssam2and we use it in Morph11:33
tiagogomesLorry seems to to have imported the gcc-4.9.2 tarball11:35
tiagogomess/to to/to not11:36
ssam2tiagogomes: I'll have a look why11:38
tiagogomesssam2 thanks11:38
*** ssam2 [] has quit [Quit: Leaving]11:39
*** ssam2 [] has joined #baserock11:40
Mode #baserock +v ssam2 by ChanServ11:40
ssam2seems like one job timed out, and there have been a number of successful jobs subsequently11:44
ssam2but the gcc-4.9.2 tag definitely doesn't exist11:44
ssam2I wonder if the failed job has triggered a bug11:44
franredhi, I need to add python-memcached to a stratum, memcached is databases.morph stratum, should I add it to databases or directly to openstack-services where it will be used?11:45
KinnisonProbably databases11:45
ssam2yeah, the problem is that there's a 0-byte gcc-4.9.2.tar.bz2 in /home/lorry/working-area/delta_gcc-tarball11:45
ssam2suggests a bug in Lorry11:45
Kinnisonor the download timed out and got killed11:46
franredKinnison, I will add to databases then, cheers11:46
Kinnisonor disk space hiccoughed11:46
ssam2however the 0 byte file got there, there's definitely a bug in Lorry because it should have removed it on failure11:46
*** mariaderidder [] has quit [Quit: Ex-Chat]11:47
Kinnisonit's hard for it to remove-on-failure if it got killed though11:47
*** mariaderidder [] has joined #baserock11:47
KinnisonProbably good for it to go "does it exist, and is it > 0 bytes long" rather than just "does it exist" as its check11:47
ssam2hmm, yeah that'd be a good safety measure11:48
ssam2i shall cook up a patch11:48
Kinnisondouble double, toil and trouble, fire burn and asphalt bubble.11:49
persia[ -s ${FILE} ] is a nice way to do this: lots of folk run [ twice for some reason.11:49
Kinnisonpersia: sadly that's not very pythonic :-)11:49
franredKinnison, I've seen that six is now in 4 parts if I add it to databases (as a python-memcached dependency, it will be in 5 strata), should we move six to a foundation or core?11:49
persiaKinnison: Ah, indeed.11:50
Kinnisonfranred: cor, sounds sad.  Erm... what is it?11:50
persiaWe should probably put six wherever we have python11:50
franredKinnison, :S11:51
persiaKinnison: six provides support for code that is both python 2 and python 311:51
pedroalvarezyeah, sounds like it could go to wherever python is11:51
ssam2six should definitely be with python, it's super handy11:52
Kinnisonfranred: put it next to python2 and python3 then11:52
pedroalvarezand it is less than 100K11:53
franredKinnison, cpython is in core11:53
pedroalvarezto core then11:53
* franred moves six to core and remove from the other packages (this change will not be available until we merge openstack)11:54
pedroalvarezfranred: I'm failing to build your WIP openstack_server system11:55
franredpedroalvarez, thats pretty odd11:55
pedroalvarezit is11:56
pedroalvarezsince I can see the sha1 present in g.b.o.11:56
franredpedroalvarez, can you paste the morph.log?11:56
pedroalvarezI'm invetigating11:58
jmacsIs "All Baserock linux systems will use systemd" a reasonable statement to make when submitting a patch to an outside project?11:58
persiaThe minimal system already doesn't, and I've talked to people who want to do even smaller systems not using systemd.11:59
franredpedroalvarez, maybe latest morph?12:00
pedroalvarezfranred: Hm.. I believe that I'm running latest morph12:00
Kinnisonjmacs: "The vast majority of full-featured Baserock systems use systemd"12:00
Kinnisonjmacs: might be a better way of putting it12:00
jmacsKinnison: That will do.12:00
jmacsI have to submit patches to at least two project which determine the choice of sysvinit/systemd/upstart based purely on the distribution name12:01
KinnisonOh dear12:02
Kinnisonthey'll be screwed with ubuntu switching then12:02
Kinnisonand debian's ability to have any/all of the above12:02
* jmacs shrugs12:02
pedroalvarezssam2: did removing the empty file just wokr?12:03
ssam2pedroalvarez: I also ran `curl -X POST -d 'path=delta/gcc-tarball' 'http://local12:03
pedroalvarezyeah, just to avoid the wait12:04
ssam2which reminds me, a commandline client for lorry-controller would be really handy :)12:04
bwhjmacs: Because run-time detection is so hard?12:16
jmacsIt is run-time detection. It's just bad run-time detection.12:17
bwhjmacs: Is it trying to detect from inside the system or outside?12:21
pedroalvarezSo this bug is eithier something weird happening in g.b.o, either a bug in morph12:22
jmacsbwh: Inside.12:22
pedroalvarezAnother way to reproduce the error:
ssam2pedroalvarez: hmm, have you investigated what the object 1f3a975a421c3ccf5d20dcce9d4c88d25676d073 actually is ?12:24
bwhjmacs: These are the tests that Debian hooks into init scripts to hand over to upstart/systemd
ssam2pedroalvarez: `git cat-file -t 1f3a975a421c3ccf5d20dcce9d4c88d25676d073`12:25
ssam2it may be that Morph is giving a perfectly accurate error, if that is a tag object ...12:25
bwhjmacs: So, maybe you can get $project to do the same12:25
ssam2I can't remember if morph understands tag objects directory or not12:25
pedroalvarezssam2: sams says: fatal:  bad file12:26
* pedroalvarez needs another brain12:26
franredpedroalvarez, it serializes for me12:26
pedroalvarezssam2: git says:  "fatal: git cat-file 1f3a975a421c3ccf5d20dcce9d4c88d25676d073: bad file"12:26
jmacsbwh: I'll consider it. It's nice and simple, but I think testing it would get time-consuming12:26
pedroalvarezfranred: what sha1 of morph are you using?12:27
franredpedroalvarez, Im using morph 1bed7a3732e7d6158613609a57fb1f77ec99de1e 12:27
pedroalvarezsame error :(12:29
franredpedroalvarez, very odd12:29
* pedroalvarez nukes the cached git repo, and tries again12:30
pedroalvarezerror again12:36
pedroalvarezthis doesn't make any sense to me12:36
paulsherwoodpedroalvarez: doing what?12:38
pedroalvarezpaulsherwood: building openstack-server system in baserock/frandred/openstack branch. I'm getting also this error but fran doesn't suffer it. Can others confirm that is my problem and nobody else?12:40
paulsherwooddo you have connectivity? i tink it's possible to get that error if it fails to check the upstream repo for ecxample12:41
pedroalvarezalthough my understanding of serialise-artifact is that it asks the trove, so it should behave the same for everyone12:41
pedroalvarezpaulsherwood: yeah, I can see from my dev-vm12:42
ssam2i tried the serialise-artifact command and got: ERROR: Git directory /src/cache/gits/git___git_baserock_org_delta_six has no commit at ref 43c2db60d6aab5e3cf397d5126ba04cf60c24435^{tree}.12:44
ssam2so, who knows  :/12:44
*** zoli_ [~zoli_@linaro/zoli] has quit [Remote host closed the connection]12:45
franredssam2, ?? :/12:45
ssam2i think that's a bug in the hacked-up version of morph I'm using actually, I don't see it with master ;)12:46
ssam2yeah, serialise-artifact succeeds for me with master12:47
ssam2just you Pedro!12:47
pedroalvarezI... I can't believe that is just me12:48
* pedroalvarez finds out that he is not running latest morph from git12:49
pedroalvarezI was running 0861a2054145b9558f108e0662b35061db2a19ec12:50
pedroalvarezwhich should be in morph master12:50
pedroalvarezsame error with morph master12:51
pedroalvarezbut it may be just me12:52
pedroalvarezbut I doubt it12:52
pedroalvarezbut I do believe you franred and ssam2 12:52
ssam2it does suggest cache corruption on your machine ...12:52
ssam2except that we tried that already12:53
ssam2maybe it's the version of Git you have ?12:53
pedroalvarezssam2: but, did't serialize-artifact just ask the trove for info?12:53
ssam2I have 2.1.3 in my baserock chroot12:53
ssam2pedroalvarez: no, it uses info in /src/cache/gits if possible12:53
franredssam2, pedroalvarez, git version 1.8.412:54
* pedroalvarez removes the local git and tries serialise-artifact again12:54
pedroalvarezand that worked12:58
* pedroalvarez tries now with a local build13:00
pedroalvarezsame error :(13:00
* pedroalvarez goes for lunch13:01
*** zoli_ [~zoli_@linaro/zoli] has joined #baserock13:22
*** CTtpollard [] has quit [Ping timeout: 264 seconds]14:02
pedroalvarezcould we move it to guides??14:11
bashrcmore work needs to be done on the sleep, but otherwise it works14:11
bashrcit is in the guides section14:12
richard_mawbashrc: you can make the "Configure the boot." shell script simpler if you use a
*** CTtpollard [] has joined #baserock14:14
pedroalvarezisn't it doable with baserock?14:15
pedroalvarezI mean, using baserock tooling? (e. i. morph)14:15
pedroalvarezit looks to me doable in baserock 14:19
pedroalvarezam I wrong?14:19
paulsherwoodbashrc: any chance you could make a video to show big-endian boot on jetson please?14:20
bashrcmaybe yes14:20
paulsherwoodsuper :)14:20
robtaylorbashrc: might be worth you joining #tegra btw :)14:23
bashrcon freenode?14:24
*** De|ta [~arc@] has quit [Quit: leaving]14:24
*** tpollard_ [] has joined #baserock14:25
*** De|ta [~arc@] has joined #baserock14:26
*** CTtpollard [] has quit [Ping timeout: 240 seconds]14:27
mauricemoss_I'm preparing a system to build a raw image for our chromebook, therefore a signed kernel and another partition layout is needed. Can someone have a look at the patch I'm creating and comment whether this makes sense from a baserock perspective?
bashrcany particular place you'd like the big-endian video uploading to?14:40
richard_mawmauricemoss_: you need to bake-in the kernel flags?14:41
bashrcdoes baserock have an owncloud?14:41
pedroalvarezbashrc: vimeo maybe?14:41
KinnisonBaserock has vimeo and youtube14:43
KinnisonWhichever you'd prefer14:43
mauricemoss_richard_maw, this is one issue.. I need a tool to sign the kernel and write the kernel args, so it's not possible to do this in morphlib/writeexts.py14:43
pedroalvarezKinnison: is the youtube-baserock thingy a channel?14:45
pedroalvarezor an user?14:45
pedroalvarezis something that people can join and upload their videos?14:46
richard_mawmauricemoss_: we can't assume we know the kernel arguments in advance, so we need to do the kernel signing at disk image construction time, so it has to go in morphlib/ somehow. So we need to add the vbutil_kernel command to development systems.14:46
bashrcok here goes. Maybe the font could have been bigger.
richard_mawmauricemoss_: why do you have empty install_commands at the end of linux-acer-cb5-311-tk1.morph?14:47
*** zoli_ [~zoli_@linaro/zoli] has quit [Remote host closed the connection]14:48
Kinnisonpedroalvarez: a channel14:48
Kinnisonpedroalvarez: I believe richard_maw has the credentials14:48
richard_mawmauricemoss_: also, are you sure your configure-commands work? there is no /scripts/config script, it's relative to the current directory for a reason14:49
richard_mawalso, what's /chromeos/scripts/prepareconfig?14:49
richard_mawKinnison: so do you14:50
* richard_maw will forward the e-mail Kinnison sent him to pedroalvarez14:50
mauricemoss_richard_maw, that was a c&p mistake, here's the full one: is it sensible to build vbutil_kernel in morphlib/
pedroalvarezrichard_maw: thanks :)14:51
pedroalvarezbashrc: I'd have expected a `uname -m` instead of `ls` :P14:51
mauricemoss_richard_maw, /chromeos/scripts/prepareconfig is the "chrome os" way of preparing the kernel config:
richard_mawmauricemoss_: I don't know what vbutil_kernel _is_. If it were a 10 line shell script I'd say ok, but I doubt it is, so we probably need to add the tools built in to developer systems14:54
richard_mawmauricemoss_: they don't use /chromeos/scripts/prepareconfig, they use ./chromeos/scripts/prepareconfig14:55
richard_mawis the chromeos subdirectory part of upstream kernel trees, or is it a vendor kernel thing?14:55
mauricemoss_richard_maw, it's not 10 lines :) cgpt will be needed from these built tools as well14:55
mauricemoss_richard_maw, afaik it's only in the chrome os repo14:57
bashrcthe final proof!
franredpedroalvarez, your problem is because thrift has moved the tag to a new sha115:02
pedroalvarezfranred: can you double check that is a stable branch/tag?15:03
franredpedroalvarez, I think it is stable15:04
franredthere are nothing which indicates that the 0.9.2 is/was not stable :S15:05
pedroalvarezmaybe the version number? I tried to upgrade debus to 1.9.4 and I was told that the 9 meant not-stable15:06
mauricemoss_richard_maw, can you point me to the strata of the dev tools? I will prepare a patch then15:07
franredpedroalvarez, -
franredthey are different and both are 0.9.2 tag, in any case I will update to the latest sha115:09
pedroalvarezfranred: thanks for restoring my sanity15:09
pedroalvarezalso the former looks like it was a tag (by the contents of the commit message), but it's not anymorre15:10
franredpedroalvarez, no probs15:10
pedroalvarezthe git object may be in, that's why we can see it using cgit, but is not present when we do a git clone15:11
pedroalvarezfranred: this is what I meant regarding dbus version numbers:
franredpedroalvarez, oh, I didn't know that, cheers15:14
Zara_patch sent. Hopefully, nothing too weird happened.15:23
franredpedroalvarez, I've fixed the ghost tag ;-)15:27
mauricemoss_Is there a way to ignore SSL certificate errors when building from external sources?15:28
pedroalvarezfranred: in #thrift they say that the tag is stable15:28
franredwell.... they may claim the same 3-4 months ago15:30
rjekmauricemoss_: From git?  There's an environment variable you can set15:31
mauricemoss_rjek: yeah from git. are they documented somewhere?15:33
rjekGIT_SSL_NO_VERIFY=true 15:33
rjekGIT_SSL_NO_VERIFY=true git clone ...15:34
rjekI believe you can have it permanently not check SSL certificates with a git config, but I'd recommend against that15:34
pedroalvarezfranred: they said that the tag was created after the rebase :P15:35
franredI wouldn't put 0.9.2 sha1 if it didn't exist, I would put 0.9.1 because in openstack branch I try to use latest tags (or master if tags are very old and master is not very busy)15:37
franredpedroalvarez, ^^15:37
franredin any case we have fixed the error ;-)15:37
ssam2a few of our systems at had PasswordAuthentication enabled in /etc/sshd_confug15:40
ssam2all the Baserock ones, in fact15:40
ssam2I wonder if we should change the default in Baserock to be false ?15:40
ssam2it's not really a security issue by default I guess because we don't have a default root password15:40
straycatoh, these guys are using keyword arg syntax to describe something that's not a keyword arg >.>15:41
ssam2but still quite a gotcha if we expect people to be throwing up baserock machines on the internet15:41
straycatthanks <.<15:41
rjekBoth PasswordAuthentication *and* PermitRootLogin should be disabled.15:43
ssam2that'd be an issue for Baserock, though, until we get user accounts15:43
DavePageInstall fail2ban by default? :)15:43
ssam2unless that does something other than what its name suggests15:43
rjekYes, and fail2ban15:44
ssam2would like to15:44
straycatnot really15:44
ssam2but can't do that in 10 minutes, unlike changing the default SSH config15:44
straycatwe've been meaning to sort out deploying with keys by default for ages15:44
straycatthis might motivate us to do that15:44
persiafail2ban may make sense for servers, but probably not devel systems15:44
rjekpersia: If a devel system is connected to the internet, it makes sense!15:45
DavePagepersia: It makes sense on anything directly Internet-connected IMHO15:45
straycateven with keys?15:45
DavePageSysadmin systems have PermitRootLogin no and PasswordAuthentication no, hardcoded password hashes (for console logins), fail2ban and run sshd on a nonstandard port (doesn't make you more secure, but does mean you should worry more about any attacks)15:45
DavePagestraycat: fail2ban cuts down on your auth.log spam in that case ;)15:45
ssam2what does PermitRootLogin do ?15:45
ssam2I can't find it in `man sshd`15:45
pedroalvarezstraycat: the journal is unreadable after all the attacks15:45
persiaDepends on the internet connectivity.  Most devel systems are behind a dnsmasq on a laptop.15:46
ssam2oh, sshd_config15:46
DavePageThe name is fairly self explanatory :)15:46
straycatpedroalvarez, haha yes i've seen that many times, it's very common :p15:46
ssam2if PermitRootLogin is false than root can't log in at all15:46
persiaThey can access the internet, but several layers of NAT prevent inbound investigation.15:46
ssam2so injecting SSH keys at deploy time is no help15:46
rjekssam2: Correct.15:46
ssam2we'd need user accounts by default in Baserock before we could do it15:46
rjekOne should ssh as a non-root user and then sudo -i15:46
ssam2which we need, but again, my list of tasks has many things on it15:47
DavePageYou can also do PermitRootLogin without-password which only allows SSH keys for root15:47
straycatoh good point sorry15:47
persiaWasn't there some work for user accounts by default done for the vagrant stuff?15:47
DavePagePermitRootLogin without-password may be a reasonable compromise15:47
ssam2including setting up Storyboard so we can track all these tasks!15:47
bashrcalso use the cyphers from within sshd_config15:47
ssam2thanks for the suggestions anyway, I guess I'll add this stuff to for the time being15:48
ssam2it's important that we do it as soon as we have capacity15:48
locallycompactWhat may it mean has happened if a lorry job gets stuck on DEBUG run external command: [['git', 'remote', 'update', 'origin', '--prune']]15:48
locallycompactIt hangs there for a while and then reports an exit code of -915:48
ssam2failing to connect ?15:48
Kinnison-9 means it got killed for taking too long15:48
ssam2oh, yeah15:49
straycatthe -9 means ^15:49
Kinnisonlikely either it fails to connect, or the pull is waaaay too huge15:49
KinnisonI forget what the job timeout is on modern troves, but if the pull takes hours then it is likely to be murdered15:49
DavePagebashrc: I'd advise against that; protecting against government-level hackers at the expense of potential compatability issues probably isn't desirable for Baserock.15:49
locallycompactThe pull is not particularly large15:49
ssam2I remember that timeout causing lots of trouble when we were helping set up a Trove in India15:49
ssam2due to the slow speed of the connection available15:50
bashrcDavePage: I suppose there could be compatabiliy issues with sha215:50
locallycompactBUt it doesn't seem to be getting to pulling, just stuck on this prune command15:50
Kinnisonremote update is the pull15:51
straycatso, deploy with keys would be a start, user accounts would be best15:51
Kinnisonthe --prune causes it to remove local refs no longer present on the remote15:51
locallycompactoh, maybe it is slightly large15:52
locallycompact1.3GB in the working area so far15:53
jmalkbecause I'm new to VMs I'm having some trouble following - problems: don't know name of my VM or path to disk image. is it the desired one for the new baserock I'm trying to deploy or an existing one? if anyone could point me to further reading I'd be v grateful.15:56
jmacsISTR yesterday paulsherwood said that we used to require two network interfaces on baserock deployments, but don't anymore. Is that correct?15:58
jmalkstraycat: thanks.15:59
straycatwait, jmalk and jmacs are different people?15:59
jmalkstraycat: yep15:59
straycatOkay, give me a few minutes to adjust16:00
Kinnisonstraycat: one of them is being john malkovic16:00
straycatI don't know what that means16:00
* Kinnison hides back under his unfunny rock16:00
straycatsounds like a good idea :)16:00
straycatjmacs, I don't think we do? :s16:01
straycatI didn't realise we ever did either :s16:01
KinnisonWe used to require 2 NICs on VirtualBox deployments to allow for a cluster of VMs on one system which regularly changes network location to talk to one another reliably while also having external connectivity16:01
Kinnison(think devel and trove systems on a laptop fr.ex)16:02
jmacsAh, could well be VirtualBox specific16:02
KinnisonIt was16:02
jmalkstraycat: so for path I make up something sensible to name the end result? 16:02
jmacsThere are bits in virtualbox-ssh.write which still require eth0 and eth1 in NETWORK_CONFIG.16:02
straycatjmalk, the format is /vmname/path_to_vm_image16:03
jmalkstraycat: understood. but am I making up vmname as I write the cluster morph file, or does it refer to something in my host OS?16:03
perryldoes anyone know much about cliapp? i'm trying to input values into a plugin via self.settings and having issue16:04
straycatjmalk, you just make up the name16:04
jmalkstraycat: ok, thanks very much16:05
straycatperryl, what sort of values?16:06
perrylstraycat: i want to get a username and url for gerrit set in the deployment morph, and then input them from .conf to a morph plugin16:07
perrylunfortunately i'm not too familiar with cliapp, so i keep getting AttributeError: 'Plugin' object has no attribute 'settings'16:08
straycatcan you paste the code?16:08
ssam2perryl: I think you need to use not self.settings16:09
ssam2cliapp needs better documentation for sure :(16:09
straycatI think bits are missing, mostly cause upstream lacks the time16:10
straycatbut there are some nice examples at least16:10
perrylit works!16:12
perryli'm kinda glad it didn't need a rework, but...i always feel angry when it's a simple fix that i missed16:13
*** ssam2 [] has quit [Quit: Leaving]16:19
*** ssam2 [] has joined #baserock16:20
Mode #baserock +v ssam2 by ChanServ16:20
jmacsSo our instructions on the wiki for virtualbox say eth0 and eth1 are required, and the virtualbox-ssh.write also appears to require them...16:21
KinnisonYes, but simple-network.configure was either deprecated or removed, making it hard to do in the right way16:21
KinnisonI think rationalising virtualbox-ssh.write to cope without them might be the best approach16:21
ssam2i don't think simple-network.configure is deprecated, it's just broken16:22
ssam2i'm going to need to fix it as part of my current project, if nobody gets around to it first16:22
Kinnisonssam2: cool, well if you do, it'll help with the virtualbox stuff too I imagine16:24
Kinnisonssam2: though I said deprecated since it was removed from all the system definitions last I knew16:25
ssam2I guess it's not really needed, you can just use install_files16:25
ssam2to install a /etc/systemd/systemd-networkd.config file16:25
pedroalvarezI wanted to fix the extension, but I failed to see how can we know the name of the network interface before deploying16:27
KinnisonMakes it a tad harder for deployment variables to affect networking, but meh :-)16:27
Kinnisonpedroalvarez: typically we're deploying to devices we know the shape of16:27
pedroalvarezthen, it should be another environment variable16:29
ssam2 is my attempt to sum up the discussion we had previously about security out-of-the-box16:39
pedroalvarezMay I ask what imports are supported now by the import tool?16:40
* pedroalvarez is writting some release notes16:40
pedroalvarezoh, it's called baserock-import16:43
straycatomnibus, python, rubygems? not sure what the state of omnibus is though, ssam2?16:47
straycatnot sure how much of it's 'stable' yet though16:48
pedroalvarezI've put that it's possible to import foreign packaging rom Gems, PIP and NPM. Is that wrong/16:49
straycatnpm's not been merged yet16:49
locallycompactMy giant lorry got to just under 9GB and then timed out, how can I get around this?16:49
pedroalvarezstraycat: thanks16:49
straycatthe pip stuff has known bugs, fixes in flight16:49
straycatyou can import stuff with it, but might run into problems for non-trivial imports16:50
straycat(avoidable problems)16:50
pedroalvarezCurrent draft of the release notes:
Zara_might be worth saying that npm work just needs to be merged, since I'm guessing 'work in progress' could mean it's nowhere near ready.16:54
Zara_but I don't know how much that matters16:55
straycatoh it has been merged16:55
pedroalvarezZara_: it matters, can you help me to rephrase that?16:55
straycatssam2, just merged it16:55
pedroalvarezstraycat: yeah, but the release branch is behind that, and the release build and uploaded :)16:56
Zara_hahaha just saw :)16:56
pedroalvarezI don't know if that matters given the released systems doesn't include it16:56
Zara_oh right, okay, gimme a sec16:56
straycatpedroalvarez, what? we don't release devel-systems anymore?16:56
pedroalvarezstraycat: :/16:57
pedroalvarezdidn't you know>16:57
pedroalvarezdistbuild systems where renamed to build systems as well16:57
pedroalvarezand we release build systems16:58
Zara_maybe go with the wording similar to that in the weekly report, ie: 'npm import tool functionally complete, in the process of being merged'16:58
pedroalvarez"NPM support is complete but not available in this release"17:01
*** tpollard_ [] has quit [Quit: Ex-Chat]17:02
pedroalvarezI think that the release notes are ready :)17:02
ssam2pedroalvarez: 2 p's in 'support'17:20
ssam2sytems -> systems17:20
ssam2assits -> assists17:21
ssam2Zookeper -> Zookeeper17:21
ssam2looks great other than that I think17:21
ssam2also, instead of 'Gems and PIP' I'd say 'RubyGems and PyPI;17:21
ssam2; -> '17:21
ssam2or even ' and'17:22
ssam2i'm being picky cus 'pip' is not a package *repository*, it's a program17:22
pedroalvarezssam2: hey! you know I appreciate your nitpicking :)17:26
pedroalvarezotherwise I wouldn't sent it for review17:26
*** wdutch [] has quit [Quit: Quit]17:27
*** genii [~quassel@ubuntu/member/genii] has joined #baserock17:27
*** mariaderidder [] has quit [Quit: Ex-Chat]17:27
pedroalvarezthen I think I[m going to put [RubyGems] and [PyPI], and put the links17:28
straycatZara_, I take it npm never needs to do tarball imports?17:29
*** jonathanmaw [] has quit [Quit: Leaving]17:33
Zara_straycat: I don't think so, though honestly I'm not sure. Does this help answer your question?
Zara_as far as I can gather widely used npm packages are all on the npm registry, in json format17:38
straycatZara_, the question really is in the npm world can you reliably get hold of the source repo?17:39
straycatalso woohoo, just imported sinatra with the import tool :)17:39
Zara_straycat: tarballs are listed in the registry, though I guess anyone who can change the repo addresses in there would also be able to change what the registry said about the tarball17:42
Zara_I know very little about tarballs and this is probably apparent.17:43
straycatokay, so it roughly looks as though you fetch some packageinfo from repository, and the url field contains a repo to the package's source repo?17:47
straycat*from some package repository17:47
*** Krin [] has quit [Remote host closed the connection]17:53
*** bashrc [] has quit [Quit: Lost terminal]18:02
pedroalvarezHey! Baserock 15.02 has been released!18:06
petefothpedroalvarez: \o/ Time to go to the pub then!18:07
ssam2thanks pedroalvarez!18:10
*** locallycompact [] has quit [Ping timeout: 256 seconds]18:18
*** ssam2 [] has quit [Quit: Leaving]18:24
*** tiagogomes [] has quit [Ping timeout: 256 seconds]18:55
*** zoli_ [~zoli_@linaro/zoli] has joined #baserock19:26
*** SotK [] has quit [Ping timeout: 240 seconds]20:14
*** DavePage [] has quit [Ping timeout: 245 seconds]20:15
*** DavePage [] has joined #baserock20:15
*** SotK [] has joined #baserock20:15
*** rdale [] has quit [Read error: Connection reset by peer]20:48
*** rdale [] has joined #baserock20:48
*** rdale_ [] has joined #baserock20:50
*** rdale [] has quit [Read error: Connection reset by peer]20:53
*** zoli_ [~zoli_@linaro/zoli] has quit [Remote host closed the connection]21:00
*** zoli_ [] has joined #baserock21:00
*** zoli_ [] has quit [Changing host]21:00
*** zoli_ [~zoli_@linaro/zoli] has joined #baserock21:00
*** zoli_ [~zoli_@linaro/zoli] has quit [Remote host closed the connection]21:54
*** rdale [] has joined #baserock22:10
*** rdale_ [] has quit [Ping timeout: 244 seconds]22:13
paulsherwoodpedroalvarez: well done!22:20
*** zoli_ [~zoli_@linaro/zoli] has joined #baserock23:28

Generated by 2.15.3 by Marius Gedminas - find it at!