keithzgUhhhh well that's not good, on the first 16.04 system I've tried rebooting after applying the kernel update, it doesn't actually boot anymore . . .00:47
nacckeithzg: yikes00:47
nacckeithzg: as in, no boot, or doesn't boot that kernel?00:47
keithzgnacc: System certainly powers on and gets me to Grub. Choosing cecovery boot just hangs at saying it's loading the initial RAM disk. Choosing the previous kernel instead everything boots fine.00:48
sarnoldkeithzg: last time I had a non-booting kernel after update was due to forgetting the linux*extra* package00:49
TJ-keithzg: what make/model of system? We know of RHEL/CentOS systems also suffering that but no details as yet00:50
TJ-keithzg: would be good to report this in #ubuntu-kernel so the kernel devs see the info as well as a bug report00:51
keithzgsarnold: Yeah I don't appear to have linux-image-extra-4.4.0-108-generic installed, but then again I also don't have linux-image-extra-4.4.0-104-generic installed either and that booted fine00:52
keithzgTJ-: CPU is an Intel i5-4670K, motherboard is an ASUS Z87-A.00:53
TJ-keithzg: does the size of the /boot/initrd.img for the PTI kernel look sane? as in not truncated00:53
keithzgTJ-: Yeah, 34969733 which seems about in line with the others sitting there00:54
TJ-keithzg: is it booting using UEFI or BIOS? and if UEFI, is it using Secure Boot with -signed images?00:55
keithzgTJ-: Definitely booting via UEFI, admittedly unsure if it's *actually* booting via the -signed image00:57
keithzgsarnold: Wait, I was just foolishly misreading the dpkg output, I do definitely have the correct linux-image-extra-*-generic packages installed for both this and the previous kernels.01:05
sarnoldkeithzg: alright .. I was hoping for an easy "oh yeah" solution :)01:05
keithzgsarnold: Yeah, me too---and I definitely wouldn't have put it past me to have just human error'd it somehow, still seems like a distinct possibility in fact :D01:06
TJ-could be related to this, there's a helpful screenshot too https://askubuntu.com/questions/994067/kernel-panic-after-spectre-meltdown-update-16-0401:08
keithzgI'm not even getting to a kernel panic though :/01:09
TJ-keithzg: do you seen any messages? it may be the console isn't being drawn at the point it occurs, especially if GRUB is in gfxmode01:10
TJ-keithzg: I generally switch GRUB to text mode to ensure the display doesn't get blanked, with GRUB_TERMINAL=console01:11
keithzgTJ-: Hmm do I have to do that even in a recovery boot? I figured that was one of the differences, since in the non-recovery boot the screen was just blank.01:12
TJ-keithzg: does the system use ZFS ?01:13
keithzgTJ-: Nope, I'm a btrfs partisan ;)01:13
keithzg(although that's only for the storage pool, everything's installed to ext4)01:13
keithzg(well, I mean, /boot is vfat 'cause UEFI but you know)01:14
TJ-you have /boot/ in the EFI SP ?01:14
keithzgAh right sorry it's just /boot/efi that's vfat01:15
keithzgI'll go off and reboot this again, temporarily editing the recovery session to have GRUB_TERMINAL=console and see if that shows anything more, then (and actually record what it *does* show this time rather than relying on my fallable memory)01:19
keithzgAh, right it's just an option in /etc/default/grub, I guess I'll just set that generally and see how it goes in a non-recovery session first.01:27
keithzgTJ-: Booting with GRUB_TERMINAL=console just ends up making a normal boot show the same thing as a recovery boot, namely "Loading Linux 4.4.0-generic ..." then on the next line "Loading initial ramdisk ..." then on the next line "_" and it just sits there forever.01:32
TJ-keithzg: OK, one last thing to try, add "debug" to the kernel command line in case we can get *something*01:33
keithzgWait sorry I mixed that up, non-recovery just talks about invalid video mode and then says it's booting in blind mode.01:34
TJ-keithzg: I'll stick to #ubuntu-kernel now so everything is captured in the logs in that channel01:34
keithzgTJ-: Fair enough01:34
Epx998Is there any documentation on network installing ubuntu with an uefi filesystem, preseed is tripping me up02:13
striveEpx998: Maybe this could help? https://help.ubuntu.com/community/UEFI02:16
Epx998strive: I just need to workout my partman junk for uefi - there isnt a lot on it that goes over recipes02:17
Epx998for us simple admin folk02:17
Epx998i might have found a workable template to start from02:19
Epx998hmm there is some doc I can install from a package that has everything in it, dang cant remember the package name02:20
trnealis there an AWS SNS subscription ARN for ubuntu image updates?04:32
Odd_Bloketrneal: There isn't yet, but it is something we've discussed.04:33
trnealah yea, it’s something my company is requiring of me so i’ve gotta make my own I guess haha05:38
trnealif it ever does happen, would you guys make a news announcement on the blog?05:39
Odd_Bloketrneal: I think we would, yes.05:41
trnealcool  :)05:42
trnealthanks for your help Odd_Bloke05:42
Odd_Bloketrneal: If you're happy to do so, would you mind filing a bug at https://bugs.launchpad.net/cloud-images/+filebug describing what you'd want?05:42
trnealyou got it05:42
cpaelzergood morning06:18
nacccpaelzer: morning (for you :)06:24
naccpowersj: fyi, figured out the issue with jenkins and will land MPs fixing it tomorrow06:24
cpaelzernacc: ok06:54
cpaelzernacc: I just sorted out all the branches that I want to review, but need a bit time to actually get to them06:55
cpaelzerI hope that after your night I at least tackled some of them06:55
lordievaderGood morning07:06
johan-hedin40Gbps Network In | 1000Mbps Network Out  | 5TB Transfer can take how much trafic ?09:21
johan-hedinand load ?09:21
trippehhum, vfio apparmor-rules are not beeing added to a VMs unique apparmor profile.15:06
trippehSRIOV managed hostdev networking15:07
cpaelzertrippeh: they are in my tests at least - what release are you on?15:13
cpaelzertrippeh: and can you share the xml snippet that you use to define the hostdev?15:14
trippehcpaelzer: Artful15:14
cpaelzer... deploying a system with working SR-IOV on artful ...15:15
* cpaelzer thanks MAAS15:15
trippehcpaelzer: https://pastebin.com/raw/Gr55tFMv15:16
cpaelzeruh I see - it is a hostdev type network and a "normal" interface define15:17
cpaelzerlet me take a look, but there is a chance that virt-aa-helper at the time invoked has no context to detect that15:17
cpaelzerI'll ping you back in a bit ...15:17
trippehthanks :)15:17
trippehI can always workaround it, but.15:18
cpaelzersure you can, but it is either breaking guest isolation slightly or a real bruden to manage it15:19
cpaelzerif the context doesn't hold the info there is not much I can do, but I want at least to check the details15:19
trippehI see another VM has the vfio entries in the profile - but that one is also has other pci devices mapped in.15:19
trippeh(not network related)15:20
cpaelzertrippeh: yeah that is what I meant with "normal" hostdev15:31
cpaelzerthat virt-aa-helper can read15:31
cpaelzerdrill down to the actual entries, and add to the profile15:31
trippehadding the VF pci devices as normal hostdevs you mean?15:32
cpaelzeryeah that is what work AFAIK15:33
trippehthat is a pain to manage, especially with vlans and such15:33
cpaelzerit is a balance of effort all the time15:33
cpaelzerthe storage pools have a similar issue in that virt-aa-helper can just not tap "into" them15:34
cpaelzerI recently extended some code but it doesn't cover all of it yet15:34
cpaelzerI have a meeting soon with the original author of most of the libvirt apparmor code and hope he might have some good ideas how to better integrate those devices15:34
cpaelzerand in that regard the extternal hostdev network is very similar to the storage pools15:35
cpaelzerinstead of the guest owning it it just refers to an external entity15:35
cpaelzerAt least after my check I should be able to add to the known bug that these kind of devices are affected as well15:35
trippehI think I will apply the workaround in the mean time, that is updating the abstractions/ thing with vfio paths15:36
trippehits not a high security environment or anything :)15:36
trippehhm I guess local/usr.lib.libvirt.virt-aa-helper15:39
cpaelzerno that is what virt-aa-helper is allowed to access15:39
cpaelzerthe libvirt-qemu thins15:40
cpaelzer /etc/apparmor.d/abstractions/libvirt-qemu15:40
trippehit boots \o/15:44
cpaelzertrippeh: assumption confirmed - I added your example to 167739815:59
georgem1I updated the kernel on Ubuntu 16.04 to 4.4.0-109.132 and now I get: apparmor="DENIED" operation="open" profile="libvirt-fac20622-50e9-4ec5-ada1-fca9568a4386" name="/proc/6038/task/24889/comm" pid=24888 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=114 ouid=114 for every operation inside the kvm guest16:18
georgem1I also updated libvirt-bin from 1.3.1-1ubuntu10.15 to 2.5.0-3ubuntu5.6~cloud016:19
cpaelzergeorgem1: that is a non critical deny which is fixes in newer releases16:25
cpaelzerlet me fetch the bug to remember the details16:25
cpaelzerthere are two similar ones - one where qemu wants to write to the log who send it a kill signal16:27
cpaelzerbut that is not yours16:27
cpaelzeryour case georgem1 is the debug-threads features16:27
cpaelzeror debug name I need to check16:27
cpaelzerTL;DR - qemu tries to rename it's threads for more readability16:27
cpaelzerbut is denied to do so16:27
cpaelzerupstream https://bugzilla.redhat.com/show_bug.cgi?id=136928116:28
ubottubugzilla.redhat.com bug 1369281 in libvirt "security: apparmor denies qemu.conf set_process_name" [Unspecified,Closed: upstream]16:28
cpaelzer-name debug-threads=on is triggering that feature of qemu16:29
cpaelzerI'd not see how a kernel updated would be related thou16:29
cpaelzergeorgem1: I think the upgrade to the newer libvirt enabled that16:30
cpaelzerbut TL;DR not critical16:30
georgem1ok, thanks16:37
=== JanC is now known as Guest37549
=== JanC_ is now known as JanC
Epx998Can someone point me to some preseed uefi examples?17:52
ahasenacknacc: what is the git-ubuntu lint checking with this test:17:56
ahasenackVerified old/debian is the same commit as old/debian17:56
naccahasenack: i take it you are using a namespace of '' ?17:57
naccahasenack: we should probably shortcircuit those checks inn that case17:57
naccnormally it's checking that old/debian matches pkg/old/debian17:57
ahasenackwhat sets the namespace?17:57
ahasenackah, pkg17:57
naccor rather ahsenack/old/debian17:57
ahasenackwould that be whatever I gave it in merge start?17:57
ahasenack"git ubuntu merge start ubuntu/devel" vs "git ubuntu merge start pkg/ubuntu/devel"?17:57
naccwell, most often nthose are the same commit17:58
naccso no17:58
naccthe goal is to check that your merge is curret17:58
naccand is merginng what we expect17:58
nacce.g., if you race someonne else doing the merge17:58
naccor if there's a new upload to debia17:58
ahasenackbecause I'm getting a failure,17:59
ahasenackVerified old/ubuntu exists17:59
ahasenackW: Expected old/ubuntu (0ddfe85c73cda4785965a063546d026a753d1d4c) is not the same commit as old/ubuntu (4e4074eadda2c0d637d032a7a4e9dbba0f9b0506)17:59
ahasenacktrying to understand it17:59
ahasenackthat could be that a new ubuntu package was uploaded, for example?17:59
naccahasenack: yes17:59
naccahasenack: what repo?17:59
ahasenacknacc: net-snmp17:59
naccahasenack: i am i the middle of debugginng/fixinng your binnd9 bug, can you show me the repo, the commits, etc? (pastebin)18:00
ahasenacknacc: lint: https://pastebin.ubuntu.com/26361488/https://pastebin.ubuntu.com/26361488/18:04
ahasenacknacc: lint: https://pastebin.ubuntu.com/26361488/18:04
ahasenacknacc: 0ddfe85c73cda4785965a063546d026a753d1d4c: https://pastebin.ubuntu.com/26361506/18:04
ahasenacknacc: 4e4074eadda2c0d637d032a7a4e9dbba0f9b0506 https://pastebin.ubuntu.com/26361509/18:04
naccahasenack: so line 7 is the bit that is showinng the namespace (sort of)18:04
ahasenackbionic has 5.7.3+dfsg-1.7ubuntu118:05
ahasenackshould I pass it pkg?18:05
nacclet me read18:05
naccone sec18:06
ahasenack--lint-namespace pkg doesn't work, then it doesn't find any of the tags18:06
naccahasenack: right18:06
naccahasenack: you're not llinting pkg/18:06
naccso that doesn't make sense18:06
naccahasenack: it's a bit odd that your ubuntu/devel is not tracking pkg/ubuntu/devel18:08
naccahasenack: that's what it is complaining about18:08
naccahasenack: i think this is an older import, right?18:08
ahasenackhow can I set that tracking?18:08
ahasenacknacc: could be18:08
ahasenacknacc: from august probably, that's the last time I merged this18:09
naccahasenack: easiest way, probably is `git checkout ubuntu/devel; git reset --hard pkg/ubuntu/devel` and then re-tag old/ubuntu to point there18:09
ahasenackok, thanks18:10
naccgit tag -f old/ubuntu pkg/ubuntu/devel18:10
naccor so18:10
naccwe have a lot of stuff that's a bit broken right now between the two importer algorithms18:10
naccahasenack: technnically the above was aw arninng18:11
naccahasenack: not an error18:11
naccthe trees matched, which is the technically important bit18:11
naccbut for parenting, it's good to have the commits match what we think they should too18:11
naccthat is harder to get wrong with the newer algo18:12
naccbut also this is why i dont' use local branches for remote-tracking18:12
nacce.g., i don't like ubuntu/devel and debian/sid18:12
naccjust use pkg/ubuntu/devel pkg/debian/sid always18:12
naccannd keep pkg uptodate18:12
ahasenackthis merge was so easy I might start from scratch18:13
ahasenackbut let me try the workaround first18:13
ahasenacknacc: worked18:15
naccahasenack: cool18:21
naccahasenack: fixed your bind9 issue18:31
nacci need to run an errand, do you want me to throw up an MP so you can do that merge?18:31
naccahasenack: https://paste.ubuntu.com/26361665/18:32
ahasenackbig chunk18:34
naccahasenack: and it's not quite right (although it does fix your bind9 case inadvertently)20:47
nacccpaelzer: do you need to pinng LocutusOfBorg on the curl http2 enablemetn?21:26
fullstophi all. How do I prevent resolvconf from adding a search entry in /etc/resolv.conf ?22:11
fullstopoh.  remove the entry from /etc/network/interfaces22:16

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!