IRC logs for #baserock for Thursday, 2016-03-03

« Wednesday, 2016-03-02 Index Friday, 2016-03-04 »
*** edcragg has joined #baserock00:30
*** radiofree has quit IRC00:35
*** radiofree has joined #baserock00:38
*** edcragg has quit IRC00:51
*** ratmice_ has quit IRC00:52
*** brlogger` has joined #baserock02:17
*** SotK_ has joined #baserock02:18
*** brlogger has quit IRC02:23
*** SotK has quit IRC02:23
*** gtristan has joined #baserock02:50
*** radiofree has quit IRC03:26
*** radiofree has joined #baserock03:26
*** radiofree has quit IRC03:26
*** radiofree has joined #baserock03:26
*** bfletcher has quit IRC03:29
*** zoli_ has quit IRC03:31
*** zoli_ has joined #baserock05:14
* gtristan thinks he needs some special thing to be done to have push access again... recalling that email... have to have some exception for my IP or smth ?06:11
gtristanhttp://paste.baserock.org/piduceyizu06:12
* gtristan re-reads that email06:12
gtristanhmm, no that was supposed to be sorted within 24 hours... new baserock image for the trove and g.b.o with glibc vulnerability is already up and running right ?06:30
gtristanrandom baserock question: Is morph capable of building a system without running as root ?06:35
gtristanhas anything ever ?06:35
paulsherwoodno06:49
paulsherwoodif morph was capable, i'd have borrowed the method for ybd06:49
paulsherwoodgtristan: try renaming your branch to baserock/something ?06:50
paulsherwoodiirc gbo has some namespacing to prevent clashes with upstreams06:51
gtristanhmmm, ok I'll try that07:00
gtristanfwiw, one reason I can see why it's not possible to build as non-root, is some particular chunks have instructions which try to create files belonging to root (like; install -o root -g root)07:01
paulsherwoodyup07:02
paulsherwoodbitbake runs as non-root, so there has to *be* a solution07:02
paulsherwoodbut it takes less interest in sandboxing iiuc07:03
gtristanI can see one07:03
gtristanbut it may involve some policy change... lemme see07:04
paulsherwoodif you figure out a way... https://github.com/devcurmudgeon/ybd/issues/2407:04
gtristancurrently, you can create a file belonging to root on a filesystem image mounted in qemu07:04
gtristanbut, interestingly, you cannot do it on a filesystem mounted 9p virtfs from that same image07:05
gtristanbecause you're essentially writing to outside the qemu env, to a path, using the privileges of the user running qemu07:05
gtristanWhat I think is correct right now (after not spending very much time thinking on it)... is to disallow creating files belonging to root in chunk build instructions07:06
gtristanbut, to allow it in system-integration07:06
gtristanthat would allow the filesystem sharing and running the whole build as a regular user, and then the system creation pass could be done on a fixed size filesys image from an emulator07:07
* gtristan thinks that would even be interesting for native builds where you do the whole build without any emulators, but still use an emulator for the final pass(es)07:08
gtristana bit long winded, but the wip branches will be: baserock/tristan/wip/aboriginal07:11
gtristanthat worked thanks :)07:11
paulsherwood:)07:11
*** bfletcher has joined #baserock07:29
*** radiofree has quit IRC07:35
*** radiofree has joined #baserock07:37
*** edcragg has joined #baserock07:37
*** toscalix has joined #baserock08:12
*** CTtpollard has quit IRC08:13
*** CTtpollard has joined #baserock08:14
*** will2 is now known as wdutch08:50
*** lc_ has joined #baserock08:52
*** locallycompact has joined #baserock08:52
*** bashrc_ has joined #baserock08:56
*** fay has joined #baserock08:57
*** fay is now known as Guest8264008:57
*** bashrc__ has joined #baserock08:58
*** Guest82640 is now known as faybrocklebank08:59
*** bashrc_ has quit IRC09:00
*** faybrocklebank has quit IRC09:02
*** fay has joined #baserock09:02
*** fay is now known as faybrocklebank09:02
*** franred has joined #baserock09:30
*** ssam2 has joined #baserock09:31
*** ChanServ sets mode: +v ssam209:31
*** jonathanmaw has joined #baserock09:46
*** lc_ has quit IRC10:00
*** locallycompact has quit IRC10:00
*** gtristan has quit IRC10:02
edcraggi seem to now be having problems building expat... http://paste.baserock.org/fekokiciwi any ideas?10:10
pedroalvarezarmv8 right? (for context)10:16
edcraggpedroalvarez: yep10:18
*** SotK_ is now known as SotK10:22
edcraggweirdly the stratum has only pre-configure commands, but morph shows configure commands in its output too10:23
edcraggunless that's the default kicking in10:24
franrededcragg, the configure commands are the default ones10:24
edcraggyep10:24
*** locallycompact has joined #baserock10:26
pedroalvarezedcragg: you might be interested in "git log -p strata/core/libexpat.morph" output10:31
edcraggok, good point10:32
* edcragg looks10:32
edcraggit can be fixed with `mv configure.in configure.ac` anyway :S10:33
pedroalvarez :S10:33
* edcragg wonders how these things don't affect other platforms10:33
pedroalvarezI can give you a build log to compare10:34
edcraggthat could be useful :)10:36
pedroalvarezedcragg: http://paste.baserock.org/edeseguqeg10:36
edcraggta10:37
pedroalvarezedcragg:  and for armv7lhf http://paste.baserock.org/onejaqokev10:38
pedroalvarez /nick buld-log-dealer10:38
edcragg:P10:38
pedroalvarezdifferent behaviour it seems10:40
pedroalvarez:S10:40
*** richard_maw has joined #baserock10:45
edcraggthe two logs you sent me diff the same except the arch strings10:47
pedroalvarezsure, i meant in armv8l10:52
pedroalvarez-l10:52
pedroalvarez"aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in'"10:52
pedroalvarezI'd say that renaming the file in pre-configure would be acceptable10:53
* paulsherwood wonders if this is reproducible in ybd10:53
pedroalvarezit should be10:55
edcraggyep, it could be done so that it doesn't fail if the file's not there10:57
*** jonathanmaw has quit IRC10:58
*** CTtpollard has quit IRC10:59
*** jonathanmaw has joined #baserock11:01
*** CTtpollard has joined #baserock11:01
* paulsherwood is still confused that this behaves differently... that *should not happen* 11:02
edcraggi had some extremely weird things going on in the automake build too11:02
*** ctbruce has joined #baserock11:03
edcraggi feel there is at least a chance that this case is related to that, too11:03
edcraggbut yes, i agree, it shouldn't be different11:04
paulsherwoodedcragg: pls could you repeat with ybd, to see if the weirdness re-occurs?11:04
paulsherwoodweirdness needs to be stamped out, not papered-over11:05
edcraggi have been meaning to attempt the build with ybd too, but partly i haven't had the time yet11:06
edcraggwhen i did try to run the build it silently exited and i didn't know how to go about debugging it11:07
edcragg(on a 64 bit armv8 rootfs)11:07
*** gtristan has joined #baserock11:07
edcraggbut yes, of course, i'm mainly working on getting an up to date baserock rootfs, and intend to come back to fix the errors i've come accross properly11:08
*** gtristan has quit IRC11:08
*** gtristan has joined #baserock11:09
edcraggpaulsherwood: this was the log from ybd when i tried to run on armv8 http://paste.baserock.org/isodamaxib11:10
pedroalvarezthat should be `../ybd/ybd.py systems/build-system-armv8l64.morph armv8l64`11:13
edcraggyep, i did spot that looking back at it11:14
paulsherwoodedcragg: yup. nothing to build for armv811:15
paulsherwoodit's a bug, though :)11:15
paulsherwoodhttps://github.com/devcurmudgeon/ybd/issues/18311:16
edcraggcool11:24
edcraggright, ybd is building too11:25
paulsherwoodtvm :)11:38
locallycompactpedroalvarez, what was the problem with spinning up testgerrit.baserock.org? should I set up my own?11:50
pedroalvarezI couldn't login at all11:52
pedroalvarezsetting one up might take some time though11:52
gtristanIs it correct that glibc.morph specifies the glibc-libs artifact twice under 'products:' ?11:57
gtristanand has ybd been known to do this: http://paste.baserock.org/bozevuxahe ?11:58
ssam2the double libs might be deliberate. check git log/blame12:06
paulsherwoodgtristan: no, that's a new one12:17
pedroalvarezlocallycompact: do you want me to try again and see if I can fix it? Do you need it to install things on it? or for testing sending patches?12:27
locallycompactI don't really know ahead of time12:27
locallycompactI'll try against live and see12:28
locallycompactSorry if zuul does anything crazy to gerrit12:28
*** toscalix_ has joined #baserock12:46
gtristangot the problem, will file a bug for now13:03
gtristanfwiw, this looks a little arbitrary, unintuitive at least: http://git.baserock.org/cgit/baserock/baserock/definitions.git/tree/strata/build-essential.morph#n4413:03
gtristanthe stratum *must* declare a product names build-essential-minimum there, if a chunk is going to refer to it in the splitting rules... or something13:04
gtristanhowever later in the file, here: http://git.baserock.org/cgit/baserock/baserock/definitions.git/tree/strata/build-essential.morph#n26313:05
gtristanit goes ahead and refers to build-essential-runtime as if it were implied (which I suppose, somewhere it is ?)13:05
paulsherwoodgtristan: isn't this about default splitting rules?13:07
rdaleyes, -runtime and -devel are two default splits for a stratum13:07
paulsherwoodhttp://git.baserock.org/cgit/baserock/baserock/definitions.git/tree/DEFAULTS#n15913:07
* gtristan submits: https://github.com/devcurmudgeon/ybd/issues/18413:11
paulsherwoodgtristan: thanks :) i'll look forward to the patch :-)13:14
* paulsherwood still has zero clue about splitting, sadly13:14
paulsherwoodrdale: ^^ ? :)13:14
rdaleas far as i know the build-essential stratum is correct, although the error in ybd splitting appears to be new13:16
gtristanSo, we dont control the defaults as a part of the definition of 'baserock', instead we leave that to any arbitrary definitions author13:16
gtristaninteresting :)13:16
gtristanrdale, no, the build-essential stratum I am writing from scratch is incorrect13:17
rdalethe -runtime and -devel split rules are part of definitions in DEFAULTS13:17
paulsherwoodi (or locallycompact) may have introduced a new error into splitting.py13:18
gtristanrdale, right, and 'definitions' is what the baserock user provides to the baserock builders/mechanics to get something done... ergo it is up to the definitions author (baserock user) to provide them13:18
* gtristan spills can of worms on the floor13:19
gtristaneek :)13:19
rdalei think there is only supposed to be one definitions repo in the world, that each individual user is supposed to clone13:20
gtristanyup, I was afraid at least one person would think that :)13:20
paulsherwoodthat's not true, rdale13:21
paulsherwoodbaserock itself already has two :)13:21
paulsherwood(infrastructure.git)13:22
paulsherwoodthree, if you count the deprecated morphs.git13:22
gtristanright now it's very entangled, with many features which probably need to exist in the build tooling instead written as 'extensions' in ones build definitions13:22
paulsherwoodthis seems to be a fashion argument - fat tie, thin tie - fat client, thin client - in out in out shake it all about :)13:23
SotKgtristan: a lot of the "extensions" used to be a part of morph, but were moved into definitions so they could be used by both morph and ybd13:24
ssam2yeah, the problem with having deployment extensions built into the deployment tool is that suddenly you have a massive API surface between the definitions and the deployment tool13:24
gtristanI was reading the thread about creating a repo for the spec, and was thinking... well, cant help but compare this to a compiler; instinctively my thoughts are: While there is only one implementation of the C compiler, the spec for it belongs in the C compiler source tree, until its a standard and needs to be shared between multiple implementations13:25
ssam2there are multiple implementations13:25
gtristanbut I cant think of any good reason why the spec of the C compiler should exist in the repository with "the only known C program in the world"13:25
ssam2there used to be only one, and the definitions format was laughably useless by anyuthing other than Morph13:25
ssam2gtristan: yes, that's true13:25
locallycompacthow does infrastructure get updated currently13:26
gtristanssam2, one thought I was having regarding that was; specing out a plugin interface that builders (morph & ybd) would necessarily implement ? allowing these extensions to somehow plugin to those but not be part of the definition of a build ?13:27
gtristanbut yeah it's vague13:27
gtristanand it leads to things like... "My C program depends on compiler feature plugin A, B and C, thus it is not really standard C anymore", which is ugly :-/13:28
SotKthe original plan when moving them was that they'd live in a library of their own, which could be used by the build tools, but we changed our mind and decided to just put them in definitions for reasons I can't remember off the top of my head13:28
* paulsherwood wanted to put ybd in definitions, too :-)13:29
gtristanpaulsherwood, this is perhaps the most unattractive thing to me about baserock, it's sort of discouraging that you dont have a developer experience which is A.) Read the docs on the YAML specs B.) Write your set of definitions C.) Use ybd or morph to build your own definitions13:30
gtristanits sort of like, you have to constantly rebase against this upstream set of definitions if you ever want to keep up13:31
* paulsherwood notes that bitbake appears to be in poky, but is also separate13:31
rdalewe have had discussions about that, and some people think it scales and some don't13:31
CTtpollardbitbake is not poky correct13:32
paulsherwoodbitbake is *in* poky, though?13:32
paulsherwoodhttps://github.com/devcurmudgeon/poky/tree/master/bitbake/lib/bb13:32
ssam2locallycompact: `git pull git://git.baserock.org/baserock/baserock/definitions master` into a branch. build/test that branch, then merge to master13:34
CTtpollardpaulsherwood: bitbake is from openembedded, and is the tool used by the yocto project to build poky13:34
ssam2if by 'infrastructure' you mean 'the Baserock infrastructure.git repo'13:34
paulsherwoodgtristan: i like your dream dev experience... but surely for a linux implementation you'd want to re-use, rather than starting from scratch?13:34
rdalei think you should be able to specify multiple definitions repos/namespaces from the build tool command line13:36
CTtpollardbitbake also builds angstrom linux etc13:37
gtristanpaulsherwood, there are multiple angles here, I'd like to be a downstream of something, and add my own components or rebase my subtle changes to that upstream13:40
gtristanpaulsherwood, but I would like to live in a world where there are at least more than one upstream13:40
gtristannot all roads lead to git.baserock.org13:40
paulsherwoodCTtpollard: my point (but i may be wrong) is that the  poky git repo seems to include a copy of the bitbake code... which is equivalent to definitions including ybd or morph13:40
CTtpollardpaulsherwood: yup13:41
paulsherwoodgtristan: we have allupstream.org.... just need some volunteers to populate it with all the things13:41
paulsherwood:)13:41
*** jonathanmaw_ has joined #baserock13:42
locallycompactooh13:42
paulsherwoodbut in any case, i know that there are other instances of troves, beside g.b.o13:42
*** jonathanmaw_ has quit IRC13:42
*** jonathanmaw__ has joined #baserock13:42
gtristaninteresting conversation but I have to run ;-)13:43
paulsherwood:)13:43
SotKyou can already point definitions to multiple upstreams afaik?13:43
paulsherwoodyup13:44
*** jonathanmaw has quit IRC13:46
*** gtristan has quit IRC13:48
*** toscalix_ has quit IRC13:51
*** toscalix has quit IRC14:00
*** toscalix has joined #baserock14:03
*** ctbruce has quit IRC14:30
*** ctbruce has joined #baserock14:37
*** radiofree has quit IRC14:43
*** radiofree has joined #baserock14:44
pedroalvarezgary_perkins: ooi, what behaviour would you be planning on banning using fail2ban?15:18
pedroalvarezssh connections?15:18
gary_perkinspedroalvarez: yes15:18
gary_perkinspedroalvarez: trove has been upgraded15:19
gary_perkins"OpenSSL 1.0.1s  1 Mar 2016" :)15:19
pedroalvareznice!15:19
pedroalvarezNext time you upgrade it, it will come with fail2ban :) https://gerrit.baserock.org/#/c/1963/15:19
gary_perkinspedroalvarez: fantastic :)15:20
gary_perkinspedroalvarez: can fail2ban be added to web-system and possibly other public facing systems?15:23
gary_perkinsthough our web server is behind a proxy, it would be nice if we need to deploy a public facing web-system15:24
pedroalvarezit can be added to any baserock system, It might not make sense to have it included by default for all of them, but for trove I think it does make sense15:25
pedroalvarezalthough I didn't quite understand your question :/15:26
gary_perkinspedroalvarez: your answer indicates you did understand my question. Thank you :)15:31
gary_perkinsand I agree, not required for all systems15:31
pedroalvarezI just couldn't think about any baserock "web-system" that you might be  using :)15:33
gary_perkinscodethink website is running on a web-system-x86_64-generic system15:37
pedroalvarezaha, I understand now15:39
paulsherwoodhow big is fail2ban? add it by default :)15:42
pedroalvarezis not big, but it needs connectivity.morph to be useful15:44
paulsherwoodack15:45
pedroalvarezwhich might not be big either15:46
pedroalvarezs/not be/be not/15:47
* paulsherwood guesses that connnectivity is of interest in lots of systems these days15:59
* persia still thinks fail2ban should be in connectivity by default, but admits that some connected systems don't have services (although this is exceedingly rare)16:03
pedroalvarezi believe fail2ban can be configured to work without iptables at all16:05
pedroalvarezit's basically just a service that for some conditions, triggers some actions16:05
pedroalvarezby default those actions are some iptables runes16:06
gary_perkinsyou can just null-route offending source IPs16:06
* gary_perkins didn't know iptables was in Baserock. At least the user-space tool isn't16:08
gary_perkinsoh, I see a bunch of ip_* files in /proc/net/ :)16:09
locallycompactI did some things16:16
locallycompactWe deployed a gerrit to kvm, and then the gerrit ansible playbook on that but changing the mysql backend to h216:17
locallycompactsystemd says gerrit is running16:17
locallycompactshould I have a webview at this point?16:17
pedroalvarezhm.. are you not?16:17
franredgary_perkins, iptables should be there sice we integrated openstack16:17
locallycompactpedroalvarez, not to my knowledge nope16:17
pedroalvarezlocallycompact: maybe in :8080 ?16:18
pedroalvarezfranred: neutron! that was fun16:18
locallycompactpedroalvarez, nope16:18
pedroalvarez:S it should be in thre. Any errors in the systemd  unit?16:18
* CTtpollard shudders at H216:20
locallycompactpedroalvarez, http://www.fpaste.org/333052/22017145/16:20
locallycompactit didn't go red though16:20
pedroalvarezwell.. something is going wrong there16:23
*** franred has quit IRC16:24
locallycompactgerrit.baserock.org is running on baserock yea?16:35
pedroalvarezyea16:35
*** CTtpollard has quit IRC16:37
*** franred has joined #baserock16:41
gary_perkinsfranred: There is no iptables executable in /sbin. Nor any /usr/share/iptables directory.16:42
gary_perkinsso it looks like fail2ban would just fail to .. ermm ban!16:42
franredgary_perkins, http://paste.baserock.org/cofofegaga <-- iptables is in connectivity stratum... if the system does not have it...16:44
gary_perkins/etc/fail2ban/action.d/iptables.conf indicates fail2ban uses the user-space tool 'iptables'16:44
franredif it does, then we should have a look at why is not getting installed properly16:44
franredgary_perkins, which system are you looking at? connectivity stratum is only in: paste.baserock.org/ovugakomoy16:46
gary_perkinsI've only been looking at my oldish br-dev instance. So I might be getting ahead of myself. Deploying upgrade to trove now :)16:48
franredhehe, yeah, connectivity is not in every system :)16:49
franredgary_perkins, you need https://gerrit.baserock.org/#/c/1963/1/systems/trove-system-x86_64.morph to be mergerd before you can see iptables in a trove system16:53
franredhttps://gerrit.baserock.org/#/c/1963/ <-- sorry16:53
pedroalvarezgary_perkins: wait wait, to what exactly are you upgrading16:57
pedroalvarezhave you added connectivity too? as in my patch?16:57
pedroalvarez(this patch: https://gerrit.baserock.org/#/c/1963/)16:57
gary_perkinsI pulled the latest definitions, but I don't see fail2ban in systems/trove-system-x86_64.morph. The last commit I have here is: ca999848622886afff8e08a02974433afbb1b2c8 which is your "Add fail2ban-common stratum"17:01
gary_perkinshave I missed something?17:01
pedroalvarezyes17:01
pedroalvarezthe patch hasn't been merged yet17:01
pedroalvarez:)17:02
gary_perkinsok, thanks :)17:02
* gary_perkins busies himself with other things :)17:02
ssam2feel free to vote on the patch :-)17:11
locallycompactpedroalvarez, here's how I deployed it https://github.com/locallycompact/infrastructure/commit/57d57e132999748ce470c520c2fe62e67b76f25f17:12
franredpedroalvarez, feel free to merge https://gerrit.baserock.org/#/c/1963/17:14
pedroalvarezgary_perkins: now has been merged :)17:15
gary_perkins\o/ :)17:16
pedroalvarezlocallycompact: hm.. maybe not related, but with "localhost" as canonicalWebUrl it might not work?17:17
pedroalvarezeverything else looks good17:17
pedroalvarezI have no idea about the errors of your previous log17:18
locallycompactoh actually when I deployed it it was still git.baserock.org17:21
locallycompactI dunno what canonicalWebUrl means17:21
*** ssam2 has quit IRC17:29
pedroalvarezI'd say that means the URL you use to access to it17:30
pedroalvarezor, the url you are allowed to use to access to it17:30
locallycompactThat's silly17:35
locallycompactI have an ip/name for the machine17:35
locallycompactWhat use does that field have17:36
pedroalvarezthen put the ip, i guess17:36
locallycompactI have been ofc17:36
locallycompactoh in htat field17:36
*** franred has quit IRC17:37
pedroalvarezbut, you had errors in the log, so I don't expect it to work anyway17:37
pedroalvareznot sure if due h2, or what :S17:37
locallycompactyea17:38
locallycompacthow do I do it with mysql17:38
pedroalvarezwe have mysql running in another VM running fedora17:39
*** gtristan has joined #baserock17:45
*** bashrc__ has quit IRC17:51
*** jonathanmaw__ has quit IRC17:52
*** ctbruce has quit IRC17:57
*** tiagogomes has quit IRC18:11
*** faybrocklebank has quit IRC18:11
*** locallycompact has quit IRC18:11
*** tiagogomes has joined #baserock18:11
*** faybrocklebank has joined #baserock18:12
*** locallycompact has joined #baserock18:13
edcraggpaulsherwood: ybd doesn't show any of the errors as i was seeing when building with morph in a chroot, i have a feeling it might be something about the chroot environment rather than a problem with morph though, should be able to confirm that in due course18:26
*** locallycompact has quit IRC18:31
*** locallycompact has joined #baserock18:38
*** toscalix has quit IRC18:58
*** Lachlan1975 has joined #baserock19:02
*** locallycompact has quit IRC19:49
*** Lachlan1975 has quit IRC20:43
paulsherwoodedcragg: interesting :-)21:20
« Wednesday, 2016-03-02 Index Friday, 2016-03-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!