| *** pranjal has quit IRC | 00:25 | |
| *** cdent has quit IRC | 00:34 | |
| *** dlw has joined #kata-dev | 00:34 | |
| *** zerocoolback has quit IRC | 01:07 | |
| *** pranjal has joined #kata-dev | 03:08 | |
| *** pranjal has quit IRC | 03:25 | |
| *** psuriset_ has quit IRC | 05:21 | |
| *** psuriset_ has joined #kata-dev | 05:24 | |
| *** pranjal has joined #kata-dev | 05:26 | |
| *** pranjal has quit IRC | 05:30 | |
| *** psuriset_ has quit IRC | 05:44 | |
| *** psuriset_ has joined #kata-dev | 05:44 | |
| kata-dev-irc-bot | <archana.m.shinde> @bergwolf I have added in some comments for my pidns sharing PR | 06:14 |
|---|---|---|
| kata-dev-irc-bot | <archana.m.shinde> please take a look and let me know if they make sense | 06:17 |
| kata-dev-irc-bot | <bergwolf> @archana.m.shinde please see my reply on github. My main point is that with the new flag in container, there is no need to rely on `NEWPID` settings in container spec. We do not use two flags to set one thing. | 06:24 |
| kata-dev-irc-bot | <bergwolf> I first suggested removing such a flag and just rely on `NEWPID`. And you wanted to have the new flag. Then there is no need to depend on `NEWPID`. | 06:25 |
| *** jodh has joined #kata-dev | 06:27 | |
| *** jodh has quit IRC | 06:27 | |
| *** jodh has joined #kata-dev | 06:27 | |
| kata-dev-irc-bot | <archana.m.shinde> well because they indicate two different things `shared` PID and a new PID | 06:27 |
| kata-dev-irc-bot | <bergwolf> well it's the same thing. You get a new pidns if you do not share global pidns | 06:28 |
| kata-dev-irc-bot | <archana.m.shinde> I thought you can get `NEWPID` with empty path or path of the shared pid NS | 06:30 |
| kata-dev-irc-bot | <archana.m.shinde> if it is absent that means container does not need to join a pid namespace | 06:31 |
| kata-dev-irc-bot | <bergwolf> well, there are only two cases: 1. a container joins the sandbox pidns 2. a container leads its own pidns Do you have other case in mind? | 06:32 |
| kata-dev-irc-bot | <bergwolf> I think we just need one flag to tell which of the two cases it is. | 06:32 |
| kata-dev-irc-bot | <archana.m.shinde> container can join the host namespace as well | 06:33 |
| kata-dev-irc-bot | <archana.m.shinde> which we cant support | 06:33 |
| kata-dev-irc-bot | <bergwolf> that is not the case for kata agent | 06:33 |
| kata-dev-irc-bot | <archana.m.shinde> my understanding is thats the only case where `NEWPID` will be absent | 06:33 |
| kata-dev-irc-bot | <archana.m.shinde> yes, but we can get that from the OCI spec | 06:34 |
| kata-dev-irc-bot | <bergwolf> I'm talking about kata agent grpc semantics. no matter how it is implemented, with `NEWPID` or the new flag | 06:34 |
| kata-dev-irc-bot | <archana.m.shinde> let me check this | 06:34 |
| kata-dev-irc-bot | <bergwolf> No matter what spec we get, we only implement the two cases | 06:34 |
| kata-dev-irc-bot | <archana.m.shinde> my observation was that `NEWPID` is set both the cases you mentioned above , 1) will have a populated path 2) will have an empty path | 06:35 |
| kata-dev-irc-bot | <bergwolf> Yes, that's why I said the new flag is not necessary. The `NEWPID` setting can it along define which case the container is. | 06:37 |
| kata-dev-irc-bot | <archana.m.shinde> only when the container joins that host namespace is NEWPID absent from the namespaces | 06:37 |
| kata-dev-irc-bot | <bergwolf> And if you want to keep the new flag, please do not rely on `NEWPID`. | 06:37 |
| kata-dev-irc-bot | <archana.m.shinde> in our runtime, we are blanking out the paths | 06:38 |
| kata-dev-irc-bot | <archana.m.shinde> not the namespaces themselves | 06:38 |
| kata-dev-irc-bot | <archana.m.shinde> so there is a chance that we can get a spec, where NEWPID is absent | 06:39 |
| kata-dev-irc-bot | <bergwolf> > only when the container joins that host namespace is NEWPID absent from the namespaces that's what kata runtime gets. The kata agent API should have a well defined semantics and the kata runtime is supposed to follow it. IOW, no matter what you choose, `NEWPID` settings or the new flag, the kata runtime needs to depend on it not what it gets from upper layers. | 06:39 |
| kata-dev-irc-bot | <archana.m.shinde> in that case we dont want the container join the agent namespace | 06:39 |
| kata-dev-irc-bot | <archana.m.shinde> I wanted to take into account case where NEWPID is provided but it is some totally arbitrary namespace | 06:40 |
| kata-dev-irc-bot | <bergwolf> For one thing, I'm not sure we don't want that. For another thing, even if we don't want that, kata runtime can do it with either the new flag or adding `NEWPID` to the spec. | 06:41 |
| kata-dev-irc-bot | <archana.m.shinde> that flag was meant to convey the information that its is the sandbox namespace that the container needs to join and just not some arbitrary namespace | 06:41 |
| kata-dev-irc-bot | <bergwolf> I think you are confusing this with kata cli semantics. The only thing kata agent can provide is the two cases I listed above. And we need a way to set it, either by `NEWPID` settings or by the new flag, but not both. | 06:42 |
| kata-dev-irc-bot | <bergwolf> The arbitrary namespace makes no sense to kata agent. | 06:43 |
| kata-dev-irc-bot | <bergwolf> We have two ways to specify which of the two cases to be. First one is use `NEWPID` settings as I first suggested on github: ``` 1. no NEWPID: the container joins the sandbox level pidns 2. NEWPID with empty pidns path: the container lives in its own pidns 3. NEWPID with non-empty pidns path: the container joins the sandbox level pidns ``` The other one is to completely ignore `NEWPID` settings in the spec and use the new flag. I | 06:48 |
| kata-dev-irc-bot | am fine with either one and I am in favor of you new flag because it is more explicit. But I do not want to have a mix of the two. With the case specified, kata agent implementation can play with `NEWPID` settings in the spec to satisfy the semantics when talking to libcontainer. | 06:48 |
| kata-dev-irc-bot | <archana.m.shinde> well I didnt think using both was a bad idea, the flag that I used was being set only by comparing with the first container pids ns in the runtime | 06:52 |
| kata-dev-irc-bot | <archana.m.shinde> with this approach I need to modify when the flag is set | 06:53 |
| kata-dev-irc-bot | <archana.m.shinde> and tie it to NEWPID | 06:53 |
| kata-dev-irc-bot | <bergwolf> you are making the protocol complex with no obvious benefits. the behaviour is sometimes tied to the new flag, and other times tied to `NEWPID` settings. | 06:54 |
| kata-dev-irc-bot | <bergwolf> It's confusing and error prone. | 06:54 |
| kata-dev-irc-bot | <archana.m.shinde> I was trying to keep it simple in fact, I didnt want to tie it to NEWPID at all, just pass all the namespace in the spec as it with paths blanked as we are doing currently , and just introduce a new flag that is tied shared_pid_namespace setting in k8s | 06:59 |
| kata-dev-irc-bot | <archana.m.shinde> if its confusing, i will rework it | 06:59 |
| kata-dev-irc-bot | <bergwolf> Then do not rely on `NEWPID` settings to specify the container pidns behaviour. | 07:00 |
| kata-dev-irc-bot | <bergwolf> https://github.com/kata-containers/agent/pull/233/files#diff-727ccd4217b7f335e689be03bfb69e9bR453 | 07:00 |
| kata-dev-irc-bot | <bergwolf> here without `NEWPID` settings, the container will always join the sandbox pidns. You should check the new flag to determine it instead. | 07:02 |
| kata-dev-irc-bot | <archana.m.shinde> ok and remove the pid namspace altogether before it is passed to the agent | 07:03 |
| kata-dev-irc-bot | <archana.m.shinde> and not just make the path blank | 07:03 |
| kata-dev-irc-bot | <bergwolf> yup | 07:04 |
| kata-dev-irc-bot | <archana.m.shinde> ok, I'll rework this tomorrow and update the PR | 07:05 |
| kata-dev-irc-bot | <bergwolf> cool, thx | 07:05 |
| kata-dev-irc-bot | <archana.m.shinde> thanks @bergwolf for reviewing this | 07:06 |
| *** sameo has joined #kata-dev | 07:27 | |
| *** dlw1 has joined #kata-dev | 07:45 | |
| *** dlw has quit IRC | 07:47 | |
| *** dlw1 is now known as dlw | 07:47 | |
| *** gwhaley has joined #kata-dev | 08:00 | |
| *** zerocoolback has joined #kata-dev | 08:19 | |
| *** zerocoolback has quit IRC | 10:01 | |
| *** zerocoolback has joined #kata-dev | 10:23 | |
| *** gwhaley has quit IRC | 11:00 | |
| *** dlw1 has joined #kata-dev | 11:44 | |
| *** dlw has quit IRC | 11:46 | |
| *** dlw1 is now known as dlw | 11:46 | |
| *** dlw has quit IRC | 11:50 | |
| *** dlw has joined #kata-dev | 11:51 | |
| *** dlw1 has joined #kata-dev | 11:53 | |
| *** dlw has quit IRC | 11:55 | |
| *** dlw1 is now known as dlw | 11:55 | |
| *** gwhaley has joined #kata-dev | 12:19 | |
| *** devimc has joined #kata-dev | 12:31 | |
| *** dlw has quit IRC | 12:36 | |
| *** zerocoolback has quit IRC | 12:53 | |
| *** LinuxMe has joined #kata-dev | 12:56 | |
| *** jugs has quit IRC | 13:03 | |
| *** jugs has joined #kata-dev | 13:03 | |
| *** zerocoolback has joined #kata-dev | 13:04 | |
| *** david-lyle has joined #kata-dev | 13:19 | |
| *** dklyle has quit IRC | 13:19 | |
| *** david-lyle has quit IRC | 13:26 | |
| *** davidgiluk has joined #kata-dev | 13:58 | |
| *** zerocoolback has quit IRC | 14:00 | |
| *** devimc has quit IRC | 14:01 | |
| *** zerocoolback has joined #kata-dev | 14:10 | |
| *** devimc has joined #kata-dev | 14:29 | |
| *** zerocoolback has quit IRC | 14:29 | |
| *** dklyle has joined #kata-dev | 14:36 | |
| *** dklyle has quit IRC | 14:48 | |
| *** sameo has quit IRC | 14:50 | |
| *** dklyle has joined #kata-dev | 14:50 | |
| *** zerocoolback has joined #kata-dev | 15:02 | |
| *** davidgiluk has quit IRC | 15:03 | |
| *** eernst has joined #kata-dev | 15:16 | |
| *** cdent has joined #kata-dev | 15:23 | |
| *** pranjal has joined #kata-dev | 15:27 | |
| kata-dev-irc-bot | <james.o.hunt> @jose.carlos.venegas.m - can you spot the error on https://github.com/kata-containers/osbuilder/pull/101? Travis is *still* failing with the error "/osbuilder/rootfs.sh: line 23: arch: command not found" :,( | 15:29 |
| *** fuentess has joined #kata-dev | 15:31 | |
| *** pranjal has quit IRC | 15:32 | |
| kata-dev-irc-bot | <anne> if you're joining the in person work time at the Summit today, I put a proposed agenda on line 24 so we get through everything :slightly_smiling_face: Full day! https://etherpad.openstack.org/p/KataVancouverAgenda | 15:35 |
| gwhaley | @james.o.hunt: I just ran up an alpine in valilla docker, added coreutils with apk, and it seems not to supply 'arch' :-/ | 15:40 |
| gwhaley | I'm trying to see if I can navigate the arch packages to find if/where you can get arch from - failing so far... | 15:41 |
| gwhaley | it would apear - it is in no package, according to my arch package search :-( | 15:41 |
| gwhaley | s/arch packages/alpine packages/ :-) | 15:42 |
| kata-dev-irc-bot | <james.o.hunt> yikes. that would explain it. odd though. | 15:44 |
| kata-dev-irc-bot | <james.o.hunt> @graham.whaley - confirmed - I don't know why, but you're right - they don't provide arch in that package. An alternative seems to be `uname -m`. | 15:47 |
| kata-dev-irc-bot | <james.o.hunt> git push -f && echo "take 27..." | 15:50 |
| gwhaley | @james.o.hunt - ah, nice alternative ;-) | 15:58 |
| jodh | gwhaley: yep - but as I just commented, I could use it everywhere rather than arch. Personally, I'd prefer to use arch as it's easier to guess what it does that "uname -m" ;) | 15:59 |
| *** cdent has quit IRC | 15:59 | |
| *** LinuxMe has quit IRC | 16:01 | |
| *** LinuxMe has joined #kata-dev | 16:02 | |
| *** eernst has quit IRC | 16:03 | |
| *** jugs has quit IRC | 16:05 | |
| gwhaley | jodh: right, just saw that. I was perusing, and it seems uname calls a uname(2), which is about as 'to the kernel' as you can get :-) | 16:06 |
| *** jugs has joined #kata-dev | 16:07 | |
| *** zerocoolback has quit IRC | 16:10 | |
| *** zerocoolback has joined #kata-dev | 16:11 | |
| *** zerocoolback has quit IRC | 16:11 | |
| *** zerocoolback has joined #kata-dev | 16:11 | |
| kata-dev-irc-bot | <jose.carlos.venegas.m> @james.o.hunt sorry was AFK | 16:12 |
| *** zerocoolback has quit IRC | 16:12 | |
| *** zerocoolback has joined #kata-dev | 16:12 | |
| kata-dev-irc-bot | <james.o.hunt> @jose.carlos.venegas.m - np. I *think* we've resolve it now - latest info on the PR. | 16:12 |
| *** zerocoolback has quit IRC | 16:12 | |
| *** zerocoolback has joined #kata-dev | 16:13 | |
| kata-dev-irc-bot | <jose.carlos.venegas.m> @james.o.hunt cool | 16:13 |
| *** zerocoolback has quit IRC | 16:13 | |
| *** zerocoolback has joined #kata-dev | 16:14 | |
| *** zerocoolback has quit IRC | 16:14 | |
| *** annabelleB has joined #kata-dev | 16:23 | |
| *** eernst has joined #kata-dev | 16:28 | |
| *** cdent has joined #kata-dev | 16:28 | |
| *** eernst has quit IRC | 16:35 | |
| *** eernst has joined #kata-dev | 16:36 | |
| *** mcastelino has joined #kata-dev | 16:37 | |
| *** devimc has quit IRC | 16:54 | |
| *** cdent has quit IRC | 16:55 | |
| *** sameo has joined #kata-dev | 16:55 | |
| *** eernst has quit IRC | 16:57 | |
| *** eernst has joined #kata-dev | 16:57 | |
| *** devimc has joined #kata-dev | 16:59 | |
| *** annabelleB has quit IRC | 17:00 | |
| *** cdent has joined #kata-dev | 17:01 | |
| *** jodh has quit IRC | 17:01 | |
| *** gwhaley has quit IRC | 17:02 | |
| *** dklyle has quit IRC | 17:04 | |
| *** annabelleB has joined #kata-dev | 17:05 | |
| *** pranjal has joined #kata-dev | 17:13 | |
| *** eernst has quit IRC | 17:27 | |
| *** eernst has joined #kata-dev | 17:27 | |
| *** cdent has quit IRC | 17:48 | |
| *** cdent has joined #kata-dev | 17:52 | |
| *** eernst has quit IRC | 17:57 | |
| *** eernst has joined #kata-dev | 17:57 | |
| *** annabelleB has quit IRC | 18:03 | |
| *** annabelleB has joined #kata-dev | 18:16 | |
| *** eernst has quit IRC | 18:27 | |
| *** eernst has joined #kata-dev | 18:27 | |
| *** eernst has quit IRC | 18:57 | |
| *** eernst has joined #kata-dev | 18:57 | |
| *** eernst has quit IRC | 18:58 | |
| *** eernst has joined #kata-dev | 18:59 | |
| *** ChanServ has quit IRC | 19:07 | |
| *** ChanServ has joined #kata-dev | 19:12 | |
| *** barjavel.freenode.net sets mode: +o ChanServ | 19:12 | |
| *** dklyle has joined #kata-dev | 19:13 | |
| *** jugs has quit IRC | 19:17 | |
| *** jugs has joined #kata-dev | 19:17 | |
| *** annabelleB has quit IRC | 19:20 | |
| *** ChanServ has quit IRC | 19:21 | |
| *** eernst has quit IRC | 19:26 | |
| *** LinuxMe has quit IRC | 19:29 | |
| *** cdent has quit IRC | 19:30 | |
| *** ChanServ has joined #kata-dev | 19:30 | |
| *** barjavel.freenode.net sets mode: +o ChanServ | 19:30 | |
| *** LinuxMe has joined #kata-dev | 19:30 | |
| *** core is now known as Guest34370 | 19:34 | |
| *** din is now known as Guest54005 | 19:34 | |
| *** Guest54005 has quit IRC | 19:35 | |
| *** Guest54005 has joined #kata-dev | 19:35 | |
| *** Guest54005 is now known as din | 19:36 | |
| *** din has quit IRC | 19:36 | |
| *** din has joined #kata-dev | 19:36 | |
| *** din has joined #kata-dev | 19:36 | |
| *** devimc has quit IRC | 19:38 | |
| *** LinuxMe_ has joined #kata-dev | 19:48 | |
| *** LinuxMe has quit IRC | 19:50 | |
| *** annabelleB has joined #kata-dev | 19:52 | |
| *** annabelleB has quit IRC | 19:58 | |
| *** annabelleB has joined #kata-dev | 20:01 | |
| kata-dev-irc-bot | <anne> @eric.ernst @sebastien.boeuf @xu we're back up in 304 | 20:02 |
| kata-dev-irc-bot | <eric.ernst> I had to run for 10 (issue with hotel check in)I’ll be back very soon. Hope others are there already. | 20:05 |
| kata-dev-irc-bot | <anne> just the zuul folks thus far | 20:06 |
| *** fiddletwix has quit IRC | 20:12 | |
| *** fiddletwix has joined #kata-dev | 20:12 | |
| kata-dev-irc-bot | <eric.ernst> Ugh. Running back now!! | 20:12 |
| *** zerocoolback has joined #kata-dev | 20:15 | |
| *** jugs has quit IRC | 20:28 | |
| *** jugs has joined #kata-dev | 20:28 | |
| *** sameo has quit IRC | 20:53 | |
| *** zerocoolback has quit IRC | 21:05 | |
| *** zerocoolback has joined #kata-dev | 21:06 | |
| *** zerocoolback has quit IRC | 21:11 | |
| *** annabelleB has quit IRC | 21:37 | |
| *** annabelleB has joined #kata-dev | 21:38 | |
| *** annabelleB has quit IRC | 21:38 | |
| *** annabelleB has joined #kata-dev | 21:39 | |
| *** annabelleB has quit IRC | 21:43 | |
| *** annabelleB has joined #kata-dev | 21:56 | |
| *** annabelleB has quit IRC | 22:24 | |
| *** LinuxMe_ has quit IRC | 22:28 | |
| *** annabelleB has joined #kata-dev | 22:35 | |
| *** LinuxMe_ has joined #kata-dev | 22:36 | |
| *** mnaser has joined #kata-dev | 22:51 | |
| *** cdent has joined #kata-dev | 22:57 | |
| *** cdent has quit IRC | 23:18 | |
| *** annabelleB has quit IRC | 23:18 | |
| *** LinuxMe_ has quit IRC | 23:23 | |
| *** annabelleB has joined #kata-dev | 23:31 | |
| *** annabelleB has quit IRC | 23:34 | |
| *** cdent has joined #kata-dev | 23:47 | |
| *** psuriset_ has quit IRC | 23:52 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!