| *** crobinso has quit IRC | 00:00 | |
| *** david-lyle has joined #kata-dev | 00:35 | |
| *** dklyle has quit IRC | 00:38 | |
| *** EricAdamsZNC has quit IRC | 00:38 | |
| *** EricAdamsZNC has joined #kata-dev | 00:39 | |
| *** gmmaharaj has joined #kata-dev | 00:45 | |
| *** gmmaha has quit IRC | 00:46 | |
| *** gmmaharaj is now known as gmmaha | 00:46 | |
| *** dklyle_ has joined #kata-dev | 01:03 | |
| *** david-lyle has quit IRC | 01:06 | |
| *** gmmaha has quit IRC | 01:07 | |
| *** gmmaha has joined #kata-dev | 01:09 | |
| *** jugs has quit IRC | 05:50 | |
| *** sameo_ has joined #kata-dev | 05:51 | |
| *** jugs has joined #kata-dev | 06:12 | |
| *** errordeveloper has joined #kata-dev | 06:29 | |
| *** errordeveloper has quit IRC | 06:33 | |
| *** dklyle_ has quit IRC | 06:53 | |
| *** sgarzare has joined #kata-dev | 08:16 | |
| *** jodh has joined #kata-dev | 08:17 | |
| *** gwhaley has joined #kata-dev | 08:58 | |
| *** davidgiluk has joined #kata-dev | 09:04 | |
| kata-irc-bot | <james.o.hunt> @fupan - Hi - I'm looking at ttrpc and have just updated `protobuf-codegen` but this seems to have broken `protoc` with ttrpc which seems to be generating invalid calls to `protobuf::reflect::message::MessageDescriptor::new_pb_name::<T>` . Have you seen that? | 09:10 |
|---|---|---|
| *** errordeveloper has joined #kata-dev | 10:15 | |
| *** errordeveloper has quit IRC | 10:18 | |
| *** errordeveloper has joined #kata-dev | 10:20 | |
| *** davidgiluk has quit IRC | 10:26 | |
| *** davidgiluk has joined #kata-dev | 10:38 | |
| *** davidgiluk has quit IRC | 10:39 | |
| *** davidgiluk has joined #kata-dev | 10:50 | |
| *** kata-irc-bot has quit IRC | 10:57 | |
| *** kata-irc-bot has joined #kata-dev | 10:57 | |
| *** gwhaley has quit IRC | 11:11 | |
| *** gwhaley has joined #kata-dev | 11:13 | |
| *** gwhaley has quit IRC | 12:00 | |
| *** davidgiluk has quit IRC | 12:21 | |
| *** devimc has joined #kata-dev | 12:52 | |
| *** openstack has joined #kata-dev | 13:02 | |
| *** ChanServ sets mode: +o openstack | 13:02 | |
| *** gwhaley has joined #kata-dev | 13:10 | |
| devimc | @crobinso https://github.com/kata-containers/runtime/pull/768#issuecomment-442914008 | 13:12 |
| fidencio | devimc: taking advantage you're around, have you seen my messages from Yesterday? | 13:15 |
| devimc | fidencio: sorry, nop | 13:15 |
| fidencio | while trying to check whether dwalsh's patches for SELinux work, I've found out something quite weird. Seems that s.config.HypervisorConfig (from sandbox) and q.config (from qemu) are totally different pointers | 13:15 |
| fidencio | making the ProcessLabel not be passed, never ever, down to qemu | 13:16 |
| devimc | uhmm that's weird | 13:16 |
| fidencio | devimc: isn't it? | 13:17 |
| devimc | fidencio: let me check dwalsh's patches | 13:18 |
| fidencio | devimc: in order to test the patches I had to hack the code a little bit to expicitly pass the processLabel down as a string to startSandbox() | 13:19 |
| fidencio | which, at least, unblocked us to actually find some issues with the policy we have for Fedora | 13:19 |
| devimc | fidencio: I think you're right because q.config is not a pointer | 13:21 |
| fidencio | devimc: so, first thing to do, is make hypervisor.config a pointer | 13:21 |
| fidencio | devimc: and then store ir properly | 13:21 |
| fidencio | devimc: now, should it be a pointer? | 13:21 |
| devimc | fidencio: I think so | 13:26 |
| devimc | https://github.com/kata-containers/runtime/blob/master/virtcontainers/qemu.go#L239 | 13:26 |
| devimc | fidencio: yes, hypervisor should have a pointer to the sandbox.HypervisorConfig | 13:28 |
| errordeveloper | hi | 13:33 |
| errordeveloper | so I asked earlier about firecracker, see https://github.com/kata-containers/runtime/issues/2564 | 13:34 |
| errordeveloper | but I also have tried to replace the kernel for qemu, and had no luck with that | 13:34 |
| devimc | errordeveloper: custom kernel? | 13:35 |
| errordeveloper | yeah | 13:36 |
| errordeveloper | I just tried to introduce a bzImage I happen to have | 13:36 |
| errordeveloper | first it failed with a misterious `failed to create containerd task: write /sys/class/scsi_host/host1/scan: invalid argument: unknown` | 13:37 |
| errordeveloper | I gathered that actually come | 13:37 |
| errordeveloper | ...actually coms | 13:37 |
| errordeveloper | (sorry, typing to fast, so must used to slack these days) | 13:37 |
| devimc | errordeveloper: I recommend you to use our kernel fragments | 13:38 |
| devimc | https://github.com/kata-containers/packaging/tree/master/kernel/configs/fragments | 13:38 |
| errordeveloper | I gathered that error comes from the VM, and the scsi driver is actually missing | 13:38 |
| devimc | these configs are the minimum required to run kata containers | 13:39 |
| errordeveloper | devimc: I see, I'd use that, but the purpose of my experiment is to enable testing of different kernels with Kata, possibly even Ubuntu and RedHat kernels | 13:39 |
| devimc | errordeveloper: so, you plan is to use distros's kernels ? | 13:39 |
| errordeveloper | so I am trying to figure out if I can use a pre-built kernel and modules | 13:39 |
| errordeveloper | yeah, I'd like to be able to use distro kernel | 13:40 |
| errordeveloper | the use case is basically about testing our software (Cilium), on kubernetes, with different kernel | 13:40 |
| devimc | errordeveloper: take a look to @fidencio and @crobinso's work | 13:40 |
| devimc | they use fedora's kernel | 13:41 |
| errordeveloper | I want to run Kubernetes nodes inside pods that run on kata, and set kernel version | 13:41 |
| errordeveloper | devimc: any more specific pointers? | 13:41 |
| fidencio | errordeveloper: what exactly are you trying to achieve? | 13:42 |
| fidencio | sorry, I was not exactly followin | 13:42 |
| fidencio | *following | 13:42 |
| devimc | fidencio: he wants to use the ubuntu kernel / modules to run kata, so I think he will need dracut/systemd to load the modules | 13:43 |
| errordeveloper | yeah | 13:43 |
| fidencio | devimc: aha, that's quite similar to what we have done for Fedora, I'd say | 13:44 |
| fidencio | errordeveloper: ^ | 13:44 |
| devimc | fidencio: yeah | 13:44 |
| fidencio | errordeveloper: would be okay if I point you to our osbuilder scripts? | 13:44 |
| errordeveloper | fidencio: is there a repo I can look at? | 13:44 |
| errordeveloper | anything will do really | 13:44 |
| fidencio | errordeveloper: https://src.fedoraproject.org/rpms/kata-osbuilder/tree/master | 13:45 |
| fidencio | errordeveloper: mostly, take a look at fedora-kata-osbuilder.sh | 13:45 |
| errordeveloper | so do you take fedora rootfs and kernel, make an image and let kata use that instead of clearlinux one? | 13:47 |
| devimc | errordeveloper: basically the initrd/image has the kernel modules and systemd loads them | 13:47 |
| errordeveloper | ok, so few bits I'm still no clear about, is it up to the user to select either initrd or image? what is the difference? | 13:47 |
| devimc | errordeveloper: clearlinux? | 13:47 |
| errordeveloper | yeah, that's what I meant | 13:48 |
| fidencio | errordeveloper: yeah, we use initrd | 13:48 |
| fidencio | errordeveloper: but that's the idea | 13:48 |
| fidencio | errordeveloper: it's up to the user to choose initrd vs image | 13:48 |
| fidencio | errordeveloper: devimc has some data (as he pointed to Cole) about which one is faster / has less memory footprint / whatnot | 13:49 |
| errordeveloper | ah there alpine-based initrd, and clearlinux-base image | 13:49 |
| errordeveloper | ok, gottcha | 13:49 |
| errordeveloper | I wonder if anyone explored using docker images for this stuff? | 13:50 |
| errordeveloper | at least as a distribution method.. it would be quite convenient | 13:50 |
| errordeveloper | (just an idea) | 13:51 |
| errordeveloper | or a least a dockerize image/kernel build infra would be handy also... | 13:53 |
| gwhaley | the osbuilder can build inside docker images - you set USE_DOCKER or similar iirc - it's in the docs.... | 13:59 |
| gwhaley | and v.soon I will be looking at making a custom build script in a dockerfile - but, custom build scripts will I think be just that - they are by nature specific to the modifications you want to make, so will be non-generic... but, might provide a useful base to build upon. | 14:00 |
| errordeveloper | gwhaley: I see, I'll have a look at osbuilder, thanks! | 14:02 |
| gwhaley | whilst here then - errordeveloper - did https://github.com/kata-containers/runtime/issues/2564 still need looking into? I do suspect we should check if ConfigPath is being picked up by kata-runtime shimv2.... | 14:03 |
| gwhaley | errordeveloper: hmm, it might be that USE_DOCKER only works for osbuilder making rootfs images, and is not available for kernel builds under the packaging repo - sorry, you'll have to wait until I write my dockerfile (or.... volunteer to write one for me ;-) )... I'm hoping to be working on that next week. | 14:06 |
| kata-irc-bot | <dwalsh> So we just got kata-containers using qemu to run with SELinux protections in enforcing mode... Thanks to @fidencio Creating a new release for containers-selinux and will fix patch for kata today or Monday. | 14:45 |
| kata-irc-bot | <fidencio> \o/ | 14:46 |
| *** dklyle has joined #kata-dev | 14:57 | |
| gwhaley | yay! | 15:02 |
| *** sameo_ has quit IRC | 15:20 | |
| kata-irc-bot | <fidencio> @julio.montes what's the concept of old / new Store for sandboxes? | 15:31 |
| *** crobinso has joined #kata-dev | 15:35 | |
| devimc | @fidencio it's just the way sandbox's state and configuration are saved | 15:40 |
| devimc | in theory, new store was added to support live migration | 15:40 |
| devimc | @fidencio btw I don't use slack, so I don't receive the notifications | 15:42 |
| devimc | :D | 15:42 |
| fidencio | devimc: we can use IRC :-) | 15:43 |
| fidencio | devimc: I'm even more comfy here | 15:43 |
| kata-irc-bot | <graham.whaley> we have an irc<->slack bot - so mostly either works - apart from some folks won't see old messages on irc when they log in each day :slightly_smiling_face: | 15:44 |
| kata-irc-bot | Action: graham.whaley sits on both, just because.... | 15:44 |
| kata-irc-bot | <fidencio> I'd say it depends a lot to which audience I'm communicating with while asking stuff here. If I'm in the middle of a conversation with OpenShift guys, slack tend to be easier. | 15:45 |
| kata-irc-bot | <fidencio> if I'm in the middle of a conversation with virt guys, IRC tend to be easier | 15:45 |
| devimc | slack is too millennial for me | 15:49 |
| gwhaley | old skool dood | 15:52 |
| *** sameo has joined #kata-dev | 16:23 | |
| *** devimc has quit IRC | 16:23 | |
| *** devimc has joined #kata-dev | 16:23 | |
| errordeveloper | gwhaley: yeah, #2564 is still a thing for sure | 16:50 |
| gwhaley | errordeveloper: I posted what kata-deploy puts in the containerd config on the Issue for you to check - to see if that helps or hints at all | 17:02 |
| gwhaley | ah, I see maybe you answered (I am behind on my email.... stuck in calls ;-) ) | 17:02 |
| *** pcaruana has quit IRC | 17:10 | |
| errordeveloper | gwhaley: btw, `make USE_DOCKER=true rootfs` doesn't work on macOS at the moment | 17:14 |
| errordeveloper | it trips over `readlink -f`, which is easy to fix | 17:14 |
| errordeveloper | but after that it get into some other teritory, and I'm not so sure... | 17:15 |
| errordeveloper | I guess it would be easier if the the whole script just ran in a linux container, instead of split mode as it seems now | 17:15 |
| errordeveloper | like `docker run -ti -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/src -w /src ubuntu bash -c 'apt update && apt install make docker.io && make USE_DOCKER=true rootfs'` seems to work here | 17:23 |
| errordeveloper | (well, at least it's busy doing something now) | 17:23 |
| *** pcaruana has joined #kata-dev | 17:23 | |
| kata-irc-bot | <graham.whaley> cc @jose.carlos.venegas.m ^^^ for the osbuilder docker thing ;) | 17:48 |
| *** sgarzare has quit IRC | 17:49 | |
| *** gwhaley has quit IRC | 18:02 | |
| *** jodh has quit IRC | 18:02 | |
| *** crobinso has quit IRC | 19:15 | |
| *** jugs1 has joined #kata-dev | 19:45 | |
| *** kgz has quit IRC | 19:45 | |
| *** jugs has quit IRC | 19:45 | |
| *** kgz has joined #kata-dev | 19:47 | |
| *** devimc has quit IRC | 21:57 | |
| *** sameo has quit IRC | 22:47 | |
| *** sameo has joined #kata-dev | 22:47 | |
| *** errordeveloper has quit IRC | 23:02 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!