| *** snir has quit IRC | 00:15 | |
| *** crobinso has quit IRC | 00:22 | |
| *** fuentess has quit IRC | 02:12 | |
| *** snir has joined #kata-dev | 05:31 | |
| *** dklyle has quit IRC | 07:35 | |
| *** pcaruana has joined #kata-dev | 07:49 | |
| *** pcaruana has quit IRC | 07:51 | |
| *** pcaruana has joined #kata-dev | 07:51 | |
| *** sgarzare has joined #kata-dev | 08:17 | |
| *** jodh has joined #kata-dev | 08:19 | |
| *** fgiudici has joined #kata-dev | 08:47 | |
| kata-irc-bot | <christophe> I tried from a machine where the repo was set with https, and did not see the problem. But I'm curious, why is your repo called "kc-runtime"? | 09:22 |
|---|---|---|
| kata-irc-bot | <christophe> @wmoschet ^ | 09:22 |
| *** auk has quit IRC | 09:43 | |
| *** pcaruana has quit IRC | 11:08 | |
| kata-irc-bot | <wmoschet> @christophe weird, it seems related to my token. I prefixed my kata containers forks with kc- just to keep my github repos organized. You know, runtime, tests...etc per say means nothing :) | 12:36 |
| *** sameo has quit IRC | 12:47 | |
| *** sameo has joined #kata-dev | 13:03 | |
| *** devimc has joined #kata-dev | 13:21 | |
| *** crobinso has joined #kata-dev | 13:40 | |
| kata-irc-bot | <wmoschet> I found the problem. My github token wasn't set the "workflow" scope, so I could not change any github's workflow files (e.g. changes on the PR porting workflow we have on the runtime repo). I just generated another token with the workflow property set... and worked out | 13:47 |
| *** fuentess has joined #kata-dev | 14:04 | |
| kata-irc-bot | <salvador.fuentes> Hi @fidencio, for containerd, we run a subset of their tests, but we are currently skipping the cri-o functional tests | 14:34 |
| kata-irc-bot | <salvador.fuentes> we use this script to run them, but they are basically the tests that you have in the cri-o repo. | 14:35 |
| kata-irc-bot | <fidencio> And what about k8s integration tests? | 14:37 |
| kata-irc-bot | <fidencio> Are we running the e2e tests with both CRI-O and containerd? | 14:38 |
| kata-irc-bot | <salvador.fuentes> ohh, that is right, we are still missing on enabling e2e with cri-o | 14:38 |
| kata-irc-bot | <fidencio> okay, I'll take a look at that. Enabling specific cri-o tests, from cri-o repo, is something on the scope of the work @fgiudici is doing. | 14:48 |
| kata-irc-bot | <jose.carlos.venegas.m> I think we need somewhere a matrix of what is tested | 14:50 |
| kata-irc-bot | <jose.carlos.venegas.m> @salvador.fuentes du we have ? | 14:50 |
| kata-irc-bot | <salvador.fuentes> only for 1.x, but we need to update to match what we test in 2.x | 14:52 |
| kata-irc-bot | <salvador.fuentes> https://github.com/kata-containers/ci#ci-job-matrix | 14:52 |
| kata-irc-bot | <jose.carlos.venegas.m> got it | 14:54 |
| kata-irc-bot | <jose.carlos.venegas.m> if we are stil on time would be nice (IMO) to have a more meaningful job name | 14:55 |
| kata-irc-bot | <jose.carlos.venegas.m> have the suffix of what it tests each job would be great | 14:55 |
| kata-irc-bot | <jose.carlos.venegas.m> I know in 1.x we have a mix of them | 14:56 |
| kata-irc-bot | <jose.carlos.venegas.m> but for 2.0 would be nice e.g. | 14:56 |
| kata-irc-bot | <fidencio> Ack! Yeah, my main personal focus here is for 2.x now. | 14:56 |
| kata-irc-bot | <fidencio> I'm basically hyped that we achieved test-parity between our own bats when running with cri-o and containerd. | 14:57 |
| kata-irc-bot | <fidencio> I need to take advantage of this feeling and spend on trying to close the other gaps. | 14:57 |
| kata-irc-bot | <jose.carlos.venegas.m> :slightly_smiling_face: go for it | 14:58 |
| kata-irc-bot | <fidencio> Chava, Carlos, would you have time at some point this week to have a call (in English, my Spanish is not that good for speaking yet) so I can ask some questions? (Friday would be the best, as I need to actually dive a little bit into this and have proper questions to ask). | 14:58 |
| kata-irc-bot | <jose.carlos.venegas.m> let me take a look | 14:59 |
| kata-irc-bot | <jose.carlos.venegas.m> but, I think Thursday would work better for me | 15:00 |
| kata-irc-bot | <jose.carlos.venegas.m> but if works for Chava on Friday you may not miss me, he is the pro for this | 15:02 |
| kata-irc-bot | <fidencio> if Thursday is the day, it can be on Thursday. :slightly_smiling_face: | 15:03 |
| *** devimc has quit IRC | 15:19 | |
| *** devimc has joined #kata-dev | 15:19 | |
| *** dklyle has joined #kata-dev | 15:37 | |
| kata-irc-bot | <salvador.fuentes> would 30 min be ok? I have free at 9 or 12 CST on Thu | 15:39 |
| kata-irc-bot | <fidencio> @salvador.fuentes, 30 minutes would be more than fine. Thursday, right? | 15:44 |
| kata-irc-bot | <fidencio> 9 CST works better for me. | 15:45 |
| kata-irc-bot | <jose.carlos.venegas.m> cool | 15:45 |
| kata-irc-bot | <salvador.fuentes> cool | 15:45 |
| kata-irc-bot | <salvador.fuentes> we have an agreement | 15:45 |
| *** crobinso has quit IRC | 16:21 | |
| fidencio | devimc: oiii! quick question, why do we need https://github.com/kata-containers/runtime/blob/738409d831e2d6ae5dc6900244ceb3892f0970ab/virtcontainers/shim.go#L213? | 16:31 |
| fidencio | devimc: asking mostly because of https://github.com/kata-containers/runtime/issues/2982 | 16:31 |
| fidencio | which seems to be an issue on f33 as well | 16:32 |
| devimc | fidencio, I think we can remove it, this was added to steal the tty from a different process | 16:34 |
| devimc | kata-runtime standalone | 16:34 |
| fidencio | devimc: right, let me submit a PR for this. | 16:35 |
| fidencio | devimc: in the worst case we have it tracked and we patch it downstream only | 16:35 |
| devimc | fidencio, let's see what the CI thinks.. | 16:37 |
| *** davidgiluk has joined #kata-dev | 16:46 | |
| *** davidgiluk has quit IRC | 17:06 | |
| kata-irc-bot | <wmoschet> is it possible to trigger only the *jenkins-ci-ubuntu-18-04* job in a PR? i.e. if I send the '/test ubuntu' command it will run all the ubuntu jobs, many aren't actually required for the PR I submitted | 17:18 |
| kata-irc-bot | <fidencio> `/test-ubuntu` | 17:20 |
| kata-irc-bot | <fidencio> mind the `-` | 17:20 |
| kata-irc-bot | <fidencio> otherwise you'll trigger the `test` command | 17:20 |
| kata-irc-bot | <fidencio> @wmoschet, also, mind about: https://github.com/kata-containers/tests/issues/3065 | 17:21 |
| kata-irc-bot | <fidencio> Another thing that I usually do is connecting to the Jenkins and re-running from there, but I'm not proud of myself for doing that. | 17:22 |
| kata-irc-bot | <wmoschet> @fidencio yes, I forgot the '-'. thanks! btw, it also ran '*jenkins-metrics-ubuntu-18-04'* which is not required, but anyway at least now it doesn't run a lot of other jobs | 17:23 |
| kata-irc-bot | <wmoschet> @fidencio I also would like to understand what makes a job 'required'. Is there a formal policy or it is based on feeling that a given job is stable enough to be promoted? | 17:26 |
| kata-irc-bot | <fidencio> @salvador.fuentes and @gabriela.cervantes.te are the ones who can answer that. :slightly_smiling_face: | 17:27 |
| kata-irc-bot | <salvador.fuentes> @wmoschet second one :slightly_smiling_face:, no formal policy right now... which PR is this? sorry, been kind of absent in github these days | 17:29 |
| kata-irc-bot | <wmoschet> @salvador.fuentes asking on the of https://github.com/kata-containers/tests/issues/3065 . I was just curious about it | 17:31 |
| *** sgarzare has quit IRC | 17:34 | |
| *** fgiudici has quit IRC | 17:55 | |
| *** jodh has quit IRC | 18:02 | |
| *** crobinso has joined #kata-dev | 18:41 | |
| *** fuentess has quit IRC | 19:47 | |
| *** fuentess has joined #kata-dev | 20:05 | |
| kata-irc-bot | <fidencio> @jose.carlos.venegas.m, does this look sane? http://jenkins.katacontainers.io/view/Kata%202.0/job/kata-containers-2.0-tests-ubuntu-PR-cri-o-k8s-minimal/configure | 21:17 |
| kata-irc-bot | <jose.carlos.venegas.m> almost | 21:18 |
| kata-irc-bot | <jose.carlos.venegas.m> :slightly_smiling_face: | 21:18 |
| kata-irc-bot | <jose.carlos.venegas.m> | 21:18 |
| kata-irc-bot | <jose.carlos.venegas.m> you want to change how it is shown on Github | 21:18 |
| kata-irc-bot | <fidencio> Aha! | 21:19 |
| kata-irc-bot | <fidencio> I don't have that view here, for some reason | 21:20 |
| kata-irc-bot | <jose.carlos.venegas.m> oh | 21:20 |
| kata-irc-bot | <jose.carlos.venegas.m> @salvador.fuentes any idea? | 21:20 |
| kata-irc-bot | <fidencio> I do! | 21:20 |
| kata-irc-bot | <fidencio> Sorry, it was just hidden | 21:21 |
| kata-irc-bot | <jose.carlos.venegas.m> @fidencio I have this list of steps, I made when I was working on clh integration | 21:21 |
| kata-irc-bot | <jose.carlos.venegas.m> https://github.com/kata-containers/ci/wiki/cloud-hypervisor#adding-a-job | 21:21 |
| kata-irc-bot | <jose.carlos.venegas.m> the good news is that you dont need to replicate in a lot of places | 21:22 |
| kata-irc-bot | <fidencio> How do I set a command to trigger the job? | 21:22 |
| kata-irc-bot | <jose.carlos.venegas.m> its a regex(java syntax I think), in case you want to modify how is triggered | 21:22 |
| kata-irc-bot | <jose.carlos.venegas.m> or add a suffix to only run that job | 21:23 |
| kata-irc-bot | <jose.carlos.venegas.m> for that I would use | 21:23 |
| kata-irc-bot | <fidencio> `.*(\n|^|\s)/(re)?test(-ubuntu)?(\n|$|\s)+.*` | 21:24 |
| kata-irc-bot | <jose.carlos.venegas.m> `/test-k8s-crio-minimal` | 21:24 |
| kata-irc-bot | <jose.carlos.venegas.m> .*(\n|^|\s)/(re)?test(-k8s(-crio(-minimal)?)?)?(\n|$|\s)+.* | 21:25 |
| kata-irc-bot | <jose.carlos.venegas.m> something like that? | 21:25 |
| kata-irc-bot | <jose.carlos.venegas.m> so if want to run all k8s tests | 21:25 |
| kata-irc-bot | <jose.carlos.venegas.m> we only do `/test-k8s` | 21:25 |
| kata-irc-bot | <jose.carlos.venegas.m> but if we only want just k8s test but for crio | 21:26 |
| kata-irc-bot | <jose.carlos.venegas.m> `/tet-k8s-crio` | 21:26 |
| kata-irc-bot | <jose.carlos.venegas.m> or if we want just minimal and not end-to-end | 21:26 |
| kata-irc-bot | <jose.carlos.venegas.m> `/tet-k8s-crio-minimal` | 21:26 |
| kata-irc-bot | <fidencio> The regex I pasted was what was set already. I like your suggestion, a lot! By the way, I was able to trigger the build and let's see how bad it'll be. :slightly_smiling_face: | 21:26 |
| kata-irc-bot | <fidencio> https://github.com/kata-containers/tests/pull/3070 | 21:26 |
| kata-irc-bot | <fidencio> Small victory of the day | 21:27 |
| kata-irc-bot | <jose.carlos.venegas.m> yay ! | 21:27 |
| kata-irc-bot | <fidencio> If it passes, I'd like to make it a required test, but that's something we can discuss tomorrow | 21:27 |
| kata-irc-bot | <fidencio> I'll also try to enable the complete one. | 21:27 |
| kata-irc-bot | <fidencio> Thanks a lot for the help! | 21:27 |
| kata-irc-bot | <eric.ernst> ICYMI - heads up on CVE discolsed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28914 | 21:28 |
| kata-irc-bot | <jose.carlos.venegas.m> no problem :slightly_smiling_face: , I hope all goes green | 21:28 |
| kata-irc-bot | <eric.ernst> Thanks to folks at Atlassian @aprice for bringing it to our attention, and for Alex Chapman for identifying the issue! | 21:29 |
| kata-irc-bot | <fidencio> I doubt, but I like your optimism! | 21:29 |
| kata-irc-bot | <jose.carlos.venegas.m> xD | 21:29 |
| *** crobinso has quit IRC | 21:39 | |
| kata-irc-bot | <archana.m.shinde> I have raised a PR to have a formal KCSA for the above CVE, would like to get some reviews : https://github.com/kata-containers/community/pull/188 | 21:52 |
| kata-irc-bot | Action: fidencio is not part of the community repo | 22:04 |
| *** devimc has quit IRC | 22:08 | |
| kata-irc-bot | <eric.ernst> only question i have is to make it more clear that this requires a container escape and root access in the VM. | 22:10 |
| kata-irc-bot | <eric.ernst> but this matches what is in the CVE so is fine to me. | 22:10 |
| kata-irc-bot | <eric.ernst> ie, without a container breakout (or privileged container), folks aren't exposed | 22:11 |
| kata-irc-bot | <eric.ernst> @archana.m.shinde ^ | 22:11 |
| kata-irc-bot | <archana.m.shinde> @eric.ernst Is does mention in the description `For a container breakout situation, a malicious guest` | 22:53 |
| kata-irc-bot | <archana.m.shinde> Yes, I framed it according to the CVE and the published CVE is according to the feedback I got from the CVE reviewers after I submitted it | 22:54 |
| kata-irc-bot | <archana.m.shinde> so went with that | 22:55 |
| kata-irc-bot | <eric.ernst> Looks good! Thanks | 23:03 |
| *** fuentess has quit IRC | 23:24 | |
| kata-irc-bot | <archana.m.shinde> Seeing travis builds taking forever to trigger and complete these days | 23:36 |
| kata-irc-bot | <archana.m.shinde> like for this build, it seems to be queued forever : https://travis-ci.org/github/kata-containers/community/builds/744526179 | 23:36 |
| kata-irc-bot | <archana.m.shinde> As I was trying to see whats going on, I came accross this : https://mailchi.mp/3d439eeb1098/travis-ciorg-is-moving-to-travis-cicom | 23:37 |
| kata-irc-bot | <archana.m.shinde> @salvador.fuentes @gabriela.cervantes.te | 23:37 |
| kata-irc-bot | <archana.m.shinde> All our repos are using travis-ci.org and we need to move to travis-ci.com before end of this year | 23:38 |
| kata-irc-bot | <archana.m.shinde> they are planning to completely get rid of travis-ci.org by the end of this year | 23:39 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!