/srv/irclogs.ubuntu.com/2018/09/10/#snappy.txt

=== chihchun_afk is now known as chihchun
mborzeckimorning05:08
mupPR snapd#5761 closed: store: use stable instance key in store refresh requests <Parallel installs> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5761>05:43
mborzeckimvo: hi05:51
mvomborzecki: hey, good morning05:54
mborzeckimvo: could you take a look at https://github.com/snapcore/snapd/pull/5758 ?05:57
mupPR #5758: overlord/snapstate, snap: handle shared snap directories when installing/remove snaps with instance key <Parallel installs> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5758>05:57
mvomborzecki: sure, I'm just looking into the 18.10 upgrade hang, I will check this one in parallel05:59
mborzeckimvo: thank you05:59
mborzeckiwrz 10 08:11:10 galeon snapd[9337]: retry.go:52: DEBUG: The retry loop for https://api.snapcraft.io/api/v1/snaps/names?confinement=strict%2Cclassic finished after 1 retries, elapsed time=303.098089ms, status: cannot decode new commands catalog: got unexpected HTTP status code 403 via GET to "https://api.snapcraft.io/api/v1/snaps/names?confinement=strict%2Cclassic"06:11
mborzecki403?06:11
zygagood morning06:18
mborzeckizyga: hey06:19
zygaok, breakfast done, time to get to work06:32
mvozyga: hey06:32
zygahey06:33
zygaI didn't do much work over weekend06:33
zygaI'm snapshotting now, going to upgrade to cosmic06:33
zygamvo: is this expected?06:37
zygaUpgrades to the development release are only06:37
zygaavailable from the latest supported release.06:37
zygaI can update manually but I was expecting do-release-upgrade -d to work06:37
mvozyga: yes, this should work. you could try change /etc/update-manager/release-upgrades from "Prompt=lts" to "prompt=normal"06:38
zygammm, let's try06:39
zygaindeed, thanks!06:39
mvozyga: I'm confused, why is mkdirAllChown racy? it is that we create mkdirAllChown(/prefix/foo) and mkdirAllChown(/prefix/bar) with different users?06:40
zygamvo: two concurrently running instances will eventually race with each other to mv a file over06:44
zyga(well, a directory)06:45
mvozyga: aha, thats the one06:45
zygamvo: and only one will win06:45
mvozyga: and the other one will get a EEXITS?06:45
zygayes06:45
zygamvo: the version in snap-update-ns is not racy because it chooses to construct the directory in-place and chown it split second later06:45
zygaas such it already handles EEXIST06:45
zygaas a normal operation06:45
zygait's a trade-off06:45
zygatrading temporary visibility of incorrect owner06:46
zygafor robustness06:46
mvozyga: ok06:46
mvozyga: thanks, that makes sense now06:46
zygaE:Problem executing scripts APT::Update::Post-Invoke-Success 'if06:46
zyga/usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli;06:46
zygathen appstreamcli refresh-cache > /dev/null; fi', E:Sub-process06:46
zygareturned an error code06:46
zygamvo: I saw that before but I don't know how I fixed that06:47
zygalet me just upgrade manually06:47
mvozyga: the appastream thing is harmless06:48
mvozyga: just ignore it06:48
zygait broke the upgrade06:48
zygaas in, do-release-upgrade failed06:48
zygaupgrading the old way now06:51
zygathat appstream thing is not very robust06:51
mvozyga: ok06:52
mvozyga: I'm surprised that the appstream thing prevented the upgrade06:52
zygaapt hook magic06:52
mvozyga: but yeah, not super important, I'm keen to learn what you find06:52
mupPR snapd#5787 closed: tests: update the listing expression to support core from different channels <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5787>06:55
zygamvo: upgrade complete07:04
zygano issues07:04
zygado you know if the upgrade was headless/07:05
zygaperhaps that's the key ingredient07:05
=== pstolowski|eow is now known as pstolowski
pstolowskiheyas07:05
zygahey pawel07:05
zygacosmic has new looks!07:07
zygaI was expecting to stay on bionic but ubuntu is like drugs, you just want more and more and more fresh software07:07
zygamvo: do you want me to repeat the test under different conditions?07:10
mvozyga: hm hm, I had no luck reproducing the issue myself earlier too07:10
mvozyga: I think there is soemthing missing no need for you too keep trying07:11
zygaOK07:12
zygahmm, it seems gnome-shell in 18.10 no longer logs errors whenever some window activity happens07:29
Dmitrii-Shhttps://bugs.launchpad.net/snapd/+bug/179158707:37
mupBug #1791587: [2.34.2] snapd ignores proxy settings <cpe-onsite> <snapd:New> <https://launchpad.net/bugs/1791587>07:37
mborzeckizyga: cannot be, wonder if they finally fixed it upstream07:41
mborzeckianyways, super annoying07:41
zygamborzecki: I'm much happier now, it was always annoying to watch journal output with gnome-shell spamming everything07:42
mvomborzecki: I left a bunch of comments in the PR, tl;dr its fine but I have quibbles with some of the naming (yay bike-sheed!)07:43
mvomborzecki: hope its still useful07:44
mborzeckimvo: thanks, will look in a minute once i'm done with the autotools madness07:45
mvomborzecki: no rush, I'm back at apt upgrade madness07:46
mupPR snapd#5800 opened: cmd: use systemdsystemgeneratorsdir, cleanup automake complaints, tweaks <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5800>07:50
mvomborzecki: nice one07:50
mborzeckimvo: duh, i need coffee now, i'm still shaking :P07:50
* mvo hugs mborzecki 07:50
zygamborzecki: "Not it's at the right place to begin with" ?07:54
zygas/Not/Now/ ?07:55
mupPR core18#70 opened: hooks: add rfkill <Created by mvo5> <https://github.com/snapcore/core18/pull/70>07:55
mborzeckiheh, right :)07:55
mborzeckizyga: fixed the description07:56
zygamborzecki: very nice07:57
Chipacazyga: o/07:59
zygahey07:59
Chipacazyga: one question i had left over from friday was: do we really need to loadmountinfo of /proc/self/mountinfo so many times (in quick succession)? if these are all part of the same operation, can't we load it once and pass it around?08:00
zygaChipaca: yeah, we could; it's somewhat "tricky" because interface backends have no state across invocations08:01
zygamborzecki: https://github.com/snapcore/snapd/pull/5801 <- last of the removal PRs08:02
mupPR snapd#5801 opened: cmd/snap-update-ns: remove the unused Secure type <Simple> <Created by zyga> <https://github.com/snapcore/snapd/pull/5801>08:02
mupPR #5801: cmd/snap-update-ns: remove the unused Secure type <Simple> <Created by zyga> <https://github.com/snapcore/snapd/pull/5801>08:02
zygamborzecki: after that it's just the additions; hopefully with a way that lets us decide if the names are ok and if the way they are passed around is ok08:02
Chipacazyga: these 2k+ calls a re all from separate interface backend invocations?08:02
diddledanis forum.snapcraft.com failing for anyone else right now?08:02
zygayes08:02
diddledanerr .io08:02
zygaChipaca: if we had a "mount manager" that could keep a representative state and share it08:02
zygaChipaca: (e.g. use inotify)08:03
mvodiddledan: yes for me as well08:03
zygaChipaca: we could just call it once per mount op08:03
mborzeckididdledan: same here08:03
zygaChipaca: there's a not well known fact that you can poll on /proc/self/mountinfo08:03
zygaand get events when it changes :)08:03
mborzeckididdledan: and it's back08:03
Chipacadiddledan: so _that_'s why the morning was nice and quiet08:03
diddledan:-)08:04
mvohrm, its back and it ate the reply I was typing08:04
mvo*grumpf*08:04
diddledannomnomnom08:04
Chipacamvo: i thought those were in cookies08:04
Chipacaor, well, local state in any case08:04
Chipacaboo08:04
Chipacazyga: hmmm08:05
mvoChipaca: maybe I had a bad cookie08:05
Chipacaor not enough milk08:05
Chipaca¯\_(ツ)_/¯ computers are hard, let's go do something easy like rocket surgery08:05
zygaChipaca: do you think we can sit down and work on this at the sprint?08:06
Chipacazyga: yes08:06
Chipacazyga: if it's all interfaces, then we probably can do the cache+dnotify from interface manager08:06
zygayes, I think so08:06
Chipacazyga: before stopping myself and going off on friday i had it down to where the biggest single memory chunk was bolt08:07
Chipacazyga: this was via a hackish have-a-global-mountinfo that expired after a second, and changing asserts/findwildcard to not load the whole directory every  time08:08
zygaChipaca: so after mountinfo bolt is the biggest heavyweight?08:08
diddledandid someone say rocket surgery? https://youtu.be/fg58hVEY5Og?t=3608:09
Chipacazyga: on my machine, the asserts db is the next one, after that it's  bolt08:09
Chipacadiddledan: … no, nobody. You must be having bad dreams again.08:09
Chipacazyga: bah. There's a json.Unmarshal of *json.RawMessage in there08:10
Chipacabut I ignored that because I'd have to dig into upgrading our go08:10
Chipacaand i'd rather not dream08:10
Chipaca:-)08:11
pedronisChipaca: I probably missed context, what are you looking into? memory usage?08:12
Chipacapedronis: on friday i idlye looked at a memory profile of my snapd after it started up and did 5 things (refresh, find, list, changes, info)08:13
Chipacapedronis: and two things stood out: osutil's strings.Split, and asserts's directory reading08:14
Chipacapedronis: osutil's  is just because it's called eleventy billion times in quick succession and re-reads the whole thing every time08:14
pedronisChipaca: yea,  I would expect snap-revision directory to be growing over time, we will need to do something about it08:14
Chipacapedronis: that one's an easy and clean refactor actually, i could split it out08:15
Chipacaat least if i understood the code correctly -- the tests were green :-)08:15
diddledanship it08:16
Chipacadiddledan: no because then mvo gets nasty emails to his personal inbox08:16
diddledantest green means everything is perfect. right?08:16
Chipacadiddledan: they _should_ though :-)08:17
diddledan:-p08:17
pedronisChipaca: will need to gc snap-revisions as well at some point, but that can wait a bit longer08:17
Chipacaer08:18
Chipacapedronis: directory lookup will become an issue before space, i fear08:18
mborzeckiany idea what issue may this guy have with the CLA? https://github.com/snapcore/snapd/pull/579908:21
mupPR #5799: Install snap-failure binary on Fedora <Created by eyusupov> <https://github.com/snapcore/snapd/pull/5799>08:21
pedronisChipaca: ?08:21
pedronisisn't what I said08:21
pedronisthat gc can wait longer08:21
Chipacapedronis: i meant kernel performance of finding things in a yuge directory08:22
Chipacapedronis: this is separate from go's memory usage from reading a whole big directory into memory08:22
pedronisChipaca: we scan them no08:22
pedronisanyway08:23
pedronisChipaca: are you saying we need to sue a real index?08:23
pedronissooner or later08:23
Chipacapedronis: I'll push the refactor in a bit08:23
pedronisChipaca: we already too many PRs :)08:24
Chipacapedronis: I'm saying if we delay gc a lot more, we should think of moving to a two-level directory layout08:24
mvoso the hang on 18.10 is caused by incomplete seeding. the gtk-common-themes is seeded after the snaps that use it08:35
* mvo scratches head08:36
pedronismvo: yes,  they dediced that we should fix it in snapd08:36
pedronisthey only fixed 18.0408:36
mvopedronis: oh, looks like I did not get the memo08:37
pedronisbut are waiting for our fix for 18.1008:37
mvook08:37
pedronisit's in the bug08:37
pedronismvo: we discussed a  fix I think08:38
pedronisit's not a matter of sorting, we need to add some logic to autoconnect in ifacestate08:38
mvopedronis: well, I think its a terrible choice to let users suffer when there is a trivial workaround availalbe but *shrug*. let me dive into the issue08:40
mvopedronis: yeah08:40
Chipacamvo: quick workaround: on cosmic, ignore the seed08:51
pedronisChipaca: ?08:53
Chipacapedronis: a joke08:54
pedronisheh08:54
Chipacapedronis: calling out the cavalier attitude towards breaking users08:54
mvoChipaca: I was actually thinking to have a preinst to reoder things, I08:56
mvoChipaca: anyway, looking into the real fix now08:56
pedronisChipaca: is your comment  about lookup still relevant with ext4 dir_index, I see here that firefox cache is flat and ext4 is uses a hash directory for it08:59
pedronisChipaca: yea, same for /var/lib/snapd/assertions/asserts-v0/snap-revision/09:02
Chipacapedronis: I think the hashe dir made it fine until ~100k entries, but I'd have to look that up09:04
pedronisChipaca: bit unclear if space will become a problem before or after then, it's not only the size of directory, there is the size of the assertions too09:06
pedronisthough snap-revisions are small09:06
=== chihchun is now known as chihchun_afk
pedronisalso each asssertion is a dir09:09
zygamvo: apt hooks test unhappy?09:13
zygathe test runs forever (49 minutes and times out)09:13
zygahttps://api.travis-ci.org/v3/job/426565106/log.txt09:13
pedronismvo: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1772844/comments/21 is the comment09:14
mupBug #1772844: snapd didn't initialize all the seeded snaps <amd64> <apport-bug> <bionic> <iso-testing> <package-from-proposed> <third-party-packages> <verification-needed> <verification-needed-bionic> <OEM Priority Project:Fix Released by swem> <snapd:New> <livecd-rootfs (Ubuntu):Won't Fix>09:14
mup<ubuntu-meta (Ubuntu):Fix Released> <livecd-rootfs (Ubuntu Bionic):Fix Released> <ubuntu-meta (Ubuntu Bionic):Fix Released> <https://launchpad.net/bugs/1772844>09:14
mvozyga: not sure09:14
pedronisChipaca: anyway playing with debug2fs wasn't actually my morning plan09:15
mvopedronis: thanks, I remembered and found it, I still disagree but it seems like the intended effect was reached09:15
Chipacapedronis: sary09:15
pedronisChipaca: anyway 100000 dirs with 4k blocks are 400 mb ?09:16
Chipacamvo: does this mean #1776622 is a dupe of #1772844 ?09:16
mupBug #1776622: snapd on cosmic never finishes installing/updating. Can't install any other updates. <amd64> <apport-bug> <cosmic> <regression> <snapd:Confirmed> <snapd (Ubuntu):In Progress> <systemd (Ubuntu):Confirmed> <https://launchpad.net/bugs/1776622>09:16
mupBug #1772844: snapd didn't initialize all the seeded snaps <amd64> <apport-bug> <bionic> <iso-testing> <package-from-proposed> <third-party-packages> <verification-needed> <verification-needed-bionic> <OEM Priority Project:Fix Released by swem> <snapd:New> <livecd-rootfs (Ubuntu):Won't Fix>09:16
mup<ubuntu-meta (Ubuntu):Fix Released> <livecd-rootfs (Ubuntu Bionic):Fix Released> <ubuntu-meta (Ubuntu Bionic):Fix Released> <https://launchpad.net/bugs/1772844>09:16
=== chihchun_afk is now known as chihchun
pedronisChipaca: too much stuff is too much stuff (tm)09:21
mvoChipaca: yes09:24
mvoChipaca: well sort of but if the ordering in the seed or our code would be fixed then the bug would be fixed09:25
mvoChipaca: I mean the bug that users see the hang on an upgrade09:25
pedronismvo: we order bases now, but we don't want to order  content providers (also because that's too specific for seed code)09:28
mvopedronis: yeah, I'm building a unit test right now09:29
mvopedronis: once that is done iirc you suggested to fix doAutoConnect in ifstate:handlers.go09:29
mvopedronis: so that it would check the wait chain09:29
pedronisyes09:29
pedroniscorrect09:29
pedronisbut tests is the first order of things09:29
mvopedronis: and if there is a install of the content provider in the wait chain just do nothing (indead of retrying)09:29
pedronisyes09:30
mborzeckiwtf, on arch .dirstamp is created in the $(builddir)/snap-mgmt, on ubuntu it's in $(srcdir)/snap-mgmt and generating snap-mgmt obviously fails09:31
mvopedronis: great, yeah, working on a test now that models the current cosmmic problem closely and once that is done I look at the other bits09:31
mvo(s/other bits/fix/09:31
mvo)09:31
pedronismvo: then the other related  issue (but not related to the bug) would be to teach image to at least warn if there are missing content providers09:32
pedronislike it does for bases now09:32
* mvo nods09:32
Chipacamvo: #5797 green after adding comment as requested; can i merge?09:34
mupPR #5797: osutil, o/snapshotstate, o/sss/backend: quick fixes <Created by chipaca> <https://github.com/snapcore/snapd/pull/5797>09:34
mvoChipaca: nice! out of curiosity, why does runuser fail as root? pardon my ignorance on this09:36
Chipacamvo: because the user doesn't exist09:36
Chipacait's faked09:36
mvoChipaca: ok09:36
Chipacamvo: if you're not root, runuser doesn't come into the picture so it's not an issue09:36
mvoaha, now I get it09:37
Chipacamvo: the test could be changed to fake runuser09:37
mupPR snapd#5797 closed: osutil, o/snapshotstate, o/sss/backend: quick fixes <Created by chipaca> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5797>09:37
Chipacamvo: but it's diminishing returns land09:37
mvoChipaca: no worries, just wanted to understand it better, thats fine09:38
pedronisChipaca: do we run  our unit tests as root in spread?  or do we use a test user there09:39
pedronisspread tests default to root09:39
Chipacapedronis: the unit tests are run as the test user afaik09:40
Chipacapedronis: yep09:40
Chipacapedronis: su -l -c "[...] ./run-checks --unit" test09:40
zygamborzecki: the meat09:41
pedronisChipaca: good09:41
Chipacapedronis: the gccgo tests are run differently, but still as test user: su - -c "cd $GOHOME/src/github.com/snapcore/snapd && dpkg-buildpackage -tc -Zgzip" test09:41
mvowe run the tests as root during package build09:41
Chipacamvo: is that actual root, or fake root? (both would confuse runuser)09:41
mvofakeroot09:42
mvowell09:42
mvousually09:42
mvobut iirc in pbuilder it will be real root09:42
zygamborzecki: https://github.com/snapcore/snapd/pull/580209:42
mupPR #5802: cmd/snap-update-ns: introduce trespassing state tracking <Created by zyga> <https://github.com/snapcore/snapd/pull/5802>09:42
zygamborzecki: I staged it so that we can review the algorithm without discussing how the assumptions/restrictions are passed around09:43
mupPR snapd#5802 opened: cmd/snap-update-ns: introduce trespassing state tracking <Created by zyga> <https://github.com/snapcore/snapd/pull/5802>09:43
zygamborzecki: so that we can separately make that decision in the next branch, either as a new argument or as a helper that holds the state and has MkDir... methods09:43
zygamborzecki: but all of the essential new bits are here now09:43
zygamborzecki: have a look please and let me know, after this I will have the RFC branch that just passes Restrictions as an optional argument (as in the code you read last week)09:44
zygamborzecki: and keeps tracks of Assumptions in main and in a few places below09:45
mborzeckiok09:45
zygamborzecki: I made unit tests 100% cover the new module09:45
zygamborzecki: and moved a pair of helpers there (and made them private since they only exist to fix trespassing issues)09:45
zygamborzecki: one more thing to ask is if we should move this to osutils now09:46
zygamborzecki: or not09:46
mborzeckizyga: iirc there was some concern if we move security sensitive code to osutils, changes tehre may go under the radar or sth09:50
zygamborzecki: yeah but as I said on Friday during the call, I think we're past that and we just need to be mindful about it; we use mount code from osutil already because keeping two copies was less useful09:50
mborzeckizyga: aha, in that case i'm all for it09:51
zygamborzecki: thanks, I'd like Chipaca to weigh in as well (and mvo)09:52
mupPR snapd#5801 closed: cmd/snap-update-ns: remove the unused Secure type <Simple> <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5801>10:05
threshseems like the automated review failed again for VLC, "10:24
threshTask a7261f59-ffc0-4a32-b732-3e9d16f8457b failed.10:24
zygabrb, break10:32
* zyga never does breaks 10:53
zygamborzecki: https://github.com/zyga/snapd/commit/7ab0f9f3344e2306779695aba0c355c767d8b0ee10:53
zygathat's the final cherry on top10:53
zygamvo: ^ CC that's what I mentioned10:53
zygamborzecki: now the question is, is that sensible or is there an easier way to pass the required state around10:53
zygaactually https://github.com/zyga/snapd/commit/75f47d017634159b6415246901a088e308c54cc2 is the better link10:56
zygaanyway10:56
zygabreak for real now :)10:56
zygacoffee and dog10:56
zygattyl10:56
mupPR snapd#5803 opened: ifacestate: fix hang when retrying content providers <Created by mvo5> <https://github.com/snapcore/snapd/pull/5803>11:10
pstolowskimvo: ^ nice, thanks for that11:31
=== chihchun is now known as chihchun_afk
mvopstolowski: thanks, my pleasure11:38
pedronismvo: thank you, couple initial comments11:41
mvopedronis: aha, good one, will address right after lunch11:44
mvopedronis: thank you!11:44
mupPR snapd#5804 opened: ifacestate: fix hang when retrying content providers (2.35) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5804>11:45
mborzeckioff to pick up the kids11:48
Son_Gokuzyga: need karma: https://bodhi.fedoraproject.org/updates/snapd-2.35-1.fc2911:52
zygaSon_Goku: I'll test on my box today11:53
zygathanks!11:54
mupPR snapd#5800 closed: cmd: use systemdsystemgeneratorsdir, cleanup automake complaints, tweaks <Created by bboozzoo> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5800>11:54
Son_Gokuzyga, mborzecki, also one of you guys should package the new deps added to snapd11:57
Son_Gokufor Fedora11:57
Saviqis there a way to order services across snaps? like start my service after another snap's service?12:11
zygamborzecki: I'll incorporate your review of 5760 into the last branch and close it, ok?12:14
zygaSaviq: no, there is no such feature12:14
mupPR snapcraft#2252 closed: build providers: shell in provider if debug is used <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2252>12:25
mupPR snapd#5760 closed: cmd/snap-update-ns: don't trespass on host filesystem in /etc and other places <Blocked> <Created by zyga> <Closed by zyga> <https://github.com/snapcore/snapd/pull/5760>12:34
mupPR snapd#5788 closed: tests: add publisher regex to fix the snap-info test pass on sru <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5788>12:36
mupPR snapd#5514 closed: daemon, overlord/state: warnings pipeline <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/5514>12:40
mborzeckire12:42
mborzeckiSon_Goku: which new deps? juju/ratelimit?12:42
Son_Gokumborzecki, yes12:42
mborzeckiSon_Goku: iirc it's already packaged12:42
Son_Gokuin Fedora?12:42
Son_Gokuwell, then12:42
Son_Gokuapparently it is12:42
mborzeckiSon_Goku: https://src.fedoraproject.org/rpms/golang-github-juju-ratelimit12:43
* Son_Goku wonders what other canonical project is in Fedora...12:43
zygamborzecki: oh, nice, it's already packaged!12:43
ChipacaSon_Goku: simple-scan?12:43
Son_GokuChipaca, is that written in go?12:44
ChipacaSon_Goku: no12:44
mborzeckilxd?12:44
Son_Gokuiirc, it's in glibified C12:44
Son_Gokumborzecki, not in fedora yet, iirc12:44
ChipacaSon_Goku: you didn't ask about go :-D12:44
Son_GokuChipaca, I figured that was implied :P12:44
ChipacaSon_Goku: to a nitpicker like me? heck no12:44
ChipacaSon_Goku: I'd say jhbuild but I think that predates canonical by a couple of years12:46
cjwatsonwell I mean there are going to be a bunch of things whose upstreams happen to be Canonical employees but wearing different hats12:47
cjwatsonI'd have put jhbuild in that category12:47
Chipacacjwatson: :-) yes12:48
Chipacacjwatson: I was just pulling Son_Goku's leg12:49
Chipacaalso, I went to the wiki only to found it gone :-(12:49
Chipacawe used to have a wiki page of all our free software contributions and can't find it now12:49
Chipacaanyhoo12:49
Son_GokuChipaca, that's... depressing12:49
ChipacaSon_Goku: the wiki? yes12:50
ChipacaSon_Goku: too big, not very good search12:50
Son_Gokuanyway, the fedora package review gives me no clues,12:50
Son_Gokuwhatever it was may not be in the distro anymore12:50
Son_Gokuthe reverse dep query brings nothing12:50
ChipacaSon_Goku: about what?12:50
cjwatsonChipaca: you might be thinking of the one on the internal wiki - https://wiki.canonical.com/UbuntuEngineering/UpstreamContributions12:51
Son_Gokuwhat led to golang-github-juju-ratelimit being in Fedora12:51
Son_Gokuthe only projects I know of that use juju libraries are lxd and juju itself12:51
cjwatsonit's the sort of thing that is just about manageable when you're 50 people and completely unmanageable when you're 500 or whatever12:51
Son_Goku(and obviously now snapd)12:51
Chipacacjwatson: I thought there was a more project-level one hanging off of https://wiki.canonical.com/OpenSource (but my memory is only slightly worse than the wiki's search)12:51
cjwatsonmaybe, not sure12:52
ChipacaSon_Goku: there's a what-uses-this-go-lib thing online12:52
Chipacawhere was it12:52
Son_Gokucjwatson, Red Hat recently changed their list to a GitHub thing, that Red Hatters can send PRs for: https://redhatofficial.github.io/#!/main12:52
ChipacaSon_Goku: https://godoc.org/github.com/juju/ratelimit?importers12:53
Son_Gokuit's nowhere near complete, but it's a start12:53
Son_GokuChipaca, so k8s requires it12:53
Son_Gokuand thus openshift, too12:54
ChipacaSon_Goku: openshift is still a thing?12:54
Son_Gokuyes12:54
Son_Gokuthe upstream project is OpenShift Origin / OKD12:54
Son_Gokuhttps://www.okd.io/12:54
ChipacaI've got an openshift pint glass and was thinking how funny it was that it'd survived longer than the thing it was promoting12:55
Chipacaguess I was wrong, for now :-)12:55
Son_GokuOpenShift 3 rebased on top of k8s12:55
Son_Gokuas a consequence, OpenShift devs are now contributing to k8s12:56
ChipacaSon_Goku: the glass 404s now though; http://openshift.com/beershift is no longer a thing12:57
Son_Gokuyeah, that's gone now12:58
=== sergiusens_ is now known as sergiusens
Dmitrii-Shmvo: seems like the proxy stuff is working with the core snap from the edge channel13:26
mvoDmitrii-Sh: cool13:28
mvoDmitrii-Sh: this will be in beta soon13:28
mvoDmitrii-Sh: and ~4-5 weeks until it hits stable13:28
Dmitrii-Shmvo: thanks for the info13:29
Dmitrii-Shmvo: quick question about the overall design: I can see that /etc/environment is not affected (which is good). Neither do http_proxy/https_proxy/no-proxy of snaps themselves (also good in my view). Am I right to assume that core snap settings will only affect the snapd behavior and not apps themselves?13:29
mvoDmitrii-Sh: sorry, at least that is the current design13:30
Dmitrii-Shi.e. we'd rather configure proxy settings in application-specific ways because they may have multiple network destinations (Internet and local DC network)13:30
Dmitrii-Shmvo: what I mean is that the current design is good :^)13:30
mvoDmitrii-Sh: excellent :)13:30
mvoDmitrii-Sh: (in a meeting right now so a bit slow maybe when reading/replying)13:31
Dmitrii-Shmvo: np, thanks for the quick response13:31
dot-tobiasCan somebody give me a hint why my install hook is failing to find bundled binaries (`/usr/bin/env ruby`: no such file or directory), but when I run the exact same script as an app command after installation, everything works fine? I know that hooks run as root, but they should have access to the snap's binaries nonetheless?13:35
Dmitrii-Shdot-tobias: if you are talking about ruby from stage-packages this is similar to what we had to do with staged python2 https://github.com/lolwww/fcbtest/blob/master/snapcraft.yaml#L16 PATH: $SNAP/bin:$SNAP/usr/bin:$PATH13:37
sergiusensdot-tobias: snapd expects all binaries to be called to live inside the snap13:37
sergiusensfor hooks and apps13:38
sergiusensthe difference for apps, is that we write a wrapper around those that satisfies snapd's requirement13:38
sergiusenshooks do not get wrappers if they are just created by adding them to "snap/hooks" but iirc do get them if driven through a part installation13:39
dot-tobiasIt's a ruby bundled by the ruby plugin, so I think it should be in the snap, but I'll investigate and test Dmitrii-Sh 's PATH extension example. Thanks!13:40
pstolowskimvo: do you remember that occasional unit test failure related to default providers, where the number of tasks is off by one?13:52
zygaabeato: hey, just FYI, I'm taking over https://github.com/snapcore/snapd/pull/5469 so that it can land13:53
mupPR #5469: interfaces/apparmor: (un)load profiles in one apparmor_parser call <Created by alfonsosanchezbeato> <https://github.com/snapcore/snapd/pull/5469>13:53
mvopstolowski: I just noticed it in one of the ppa builds13:54
mvopstolowski: do you have a theory about it?13:54
Dmitrii-ShWimpress: around?13:56
pstolowskimvo: no, i just hit it on travis and was going to ask the same ;). if no one is looking at it, i'll nvestigate13:59
mvopstolowski: noone is looking at this yet afaik14:02
mupPR snapcraft#2253 closed: build-providers: add support for --shell-after  <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2253>14:04
pstolowskimvo: good, will see if i can find anytthing14:04
abeatozyga, ah, saw that, thanks!14:04
pstolowskiniemeyer: the PR we talked about that needs your re-review is https://github.com/snapcore/snapd/pull/563214:11
mupPR #5632: overlord: integrate device enumeration with udev monitor <Hotplug> <Created by stolowski> <https://github.com/snapcore/snapd/pull/5632>14:11
niemeyerpstolowski: Ack, thanks14:13
dot-tobiassergiusens / Dmitrii-Sh : Adding $SNAP/bin to $PATH worked to have /usr/bin/env ruby find the bundled ruby binary. Thank you!14:45
* zyga returns from lunch 14:47
mupPR snapd#5805 opened: cmd/snap-update-ns: enforce trespassing checks <Created by zyga> <https://github.com/snapcore/snapd/pull/5805>14:49
Odd_Blokemvo: I _suspect_ the latest snapd in cosmic has broken PATH generation for systemd units: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/179169114:54
mupBug #1791691: PATH broken in systemd units <cloud-images:Confirmed> <snapd (Ubuntu):New> <https://launchpad.net/bugs/1791691>14:54
Odd_BlokeCould you take a look?14:54
=== chihchun_afk is now known as chihchun
=== sergiusens_ is now known as sergiusens
T_XI'm currently trying to start an application installed via snap within an unprivileged LX container. The host is running Debian Stretch, now with a 4.17 kernel from Debian backports15:03
T_Xthe error I'm still having is the following though:15:03
T_XSep 10 14:13:54 rocketchat2 snapd[150]: AppArmor status: apparmor is enabled but some features are missing: dbus, network15:04
T_XSep 10 14:13:54 rocketchat2 snapd[150]: error: cannot start snapd: cannot mount squashfs image using "fuse.squashfuse": mount: /tmp/selftest-mountpoint-278537339: permission denied.15:04
zygaT_X that is just a comment, it should be harmless in practice15:04
zygaT_X: the part about fuse.squashfuse is the real issue15:04
T_Xhm, okay. I do get the following "DENIED" messages in dmesg of the host though:15:05
zygabut having said that, I _don't_ know if this will work for you; mvo  ^ is that part of the unsupported scenarios?15:05
T_X[   70.019332] audit: type=1400 audit(1536588822.918:39): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-rocketchat2_</var/snap/lxd/common/lxd>" name="/sys/fs/cgroup/unified/" pid=2048 comm="systemd" fstype="cgroup2" srcname="cgroup" flags="rw, nosuid, nodev, noexec"15:05
T_X[   70.019405] audit: type=1400 audit(1536588822.918:40): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-rocketchat2_</var/snap/lxd/common/lxd>" name="/sys/fs/cgroup/unified/" pid=2048 comm="systemd" fstype="cgroup2" srcname="cgroup" flags="rw, nosuid, nodev, noexec"15:05
T_X[   74.560221] audit: type=1400 audit(1536588827.462:42): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-rocketchat2_</var/snap/lxd/common/lxd>" name="/run/systemd/unit-root/run/" pid=2247 comm="(networkd)" flags="ro, nosuid, nodev, remount, bind"15:05
T_X[   78.724518] audit: type=1400 audit(1536588831.626:49): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-seafile_</var/snap/lxd/common/lxd>" name="/home/" pid=2393 comm="(networkd)" flags="ro, nosuid, nodev, remount, bind"15:05
zygaT_X: are you using v2 cgroups?15:05
zygaor is that a part of LXD somehow?15:06
T_Xzyga: not sure, would I need to enable that explicitly?15:06
zyganot sure,15:06
T_Xcgroups v2 came with one of the more recent kernels, rights15:06
T_X*right?15:06
zygav2 is not supported widely AFAIK (not in snapd for sure)15:06
=== chihchun is now known as chihchun_afk
T_XI was under the impression that snapd within an unprivileged container should in theory be possible: https://blog.ubuntu.com/2016/02/16/running-snaps-in-lxd-containers15:07
ChipacaT_X: it is15:08
zygaT_X: I'm not an LXD expert15:08
ChipacaT_X: but, there a _lot_ of variables :-)15:08
T_XI'm wondering whether he was using a kernel provided by Ubuntu on the container host, though. with some non-upstream patches15:08
ChipacaT_X: what  os is the guest running?15:09
T_Xand whether that might be creating these issues for me15:09
T_Xthe guest is running Ubuntu15:09
T_Xwith a Debian Stretch in the container I had even more issues15:09
T_XUbuntu 18.04 that is15:10
ChipacaT_X: at this point I'd ask stgraber15:10
ChipacaI hope they don't mind15:10
T_Xalso, within the Ubuntu 18.04 container the squashfuse package, version 0.1.100-0ubuntu2 is installed as suggested by stgraber's excellent blog post15:12
cachiomvo, hey15:20
xnoxmvo, https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1791691 is critical15:20
mupBug #1791691: PATH broken in systemd units <block-proposed> <cloud-images:Confirmed> <snapd (Ubuntu):New> <snapd (Ubuntu Bionic):New> <snapd (Ubuntu Cosmic):New> <https://launchpad.net/bugs/1791691>15:20
xnoxmvo, do you want me to write a patch for handing empty or unset PATH?15:20
xnoxmvo, cause current behaviour is broken =))) i've blocked release of snapd into bionic-updates.15:21
cachiomvo, zyga, should we make this for the other test suites #5806 ?15:30
mupPR snapd#5806 opened: tests: fix install snaps test by adding link to /snap <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5806>15:30
mupPR #5806: tests: fix install snaps test by adding link to /snap <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5806>15:30
cachiomvo, zyga or is something we should fix on the installer/setup15:30
mvoxnox: thanks, feel free to write a patch, otherwise I will fix it in my morning15:37
xnoxmvo, well, it is fairly straight forward, and it can wait until tomorrow. plus we'd want a fix-up uploads into bionic-proposed and cosmic =/ and i don't know how you do those right, to comply with sru process etc.15:38
xnoxmvo, the writting fix is the smallest piece here.15:38
mvoxnox: yes, will do either now (if I manage before I need to leave for hockey) or tomorrow15:39
mvoxnox: first thing15:39
xnoxmvo, i did not test, to see if actually a simple "#!/bin/bin/printf PATH=/snap/bin\n" is actually enough to cover all cases with and without PATH set in systemd.15:39
mvoxnox: I'm slightly puzzled, I thought systemd always sets a PATH if none is set15:39
xnoxmvo, hockey is more important =)15:39
xnoxmvo, it does.... after generators are run15:39
xnoxas i have now found out and confirmed.15:39
Chipacaare we aiming to have /snap/bin prepended, or appended to path?15:39
xnoxbut it does 'gather' envrionment in perculiar ways w.r.t. substitution and expansions15:39
ograappended15:40
mvoxnox: interessting, sounds like the test we added was inadequate :/15:40
xnoxChipaca, always appended.15:40
xnoxmvo, it was fine for initramfs-full boots which have PATH set when /sbin/init is execed; but that's not true in lxd case, or initrmafs-less boots15:40
mvoxnox: what will happen if the generator sets the path to "/snap/bin" only - will systemd still add sensible defaults?15:40
xnoxmvo, it does15:41
mvoxnox: whats the logic then? will it append the default path?15:41
xnoxfor the no-path set in LXD. and i did not feel like rebooting my machine. actually let me test these combos in a vm quickly15:41
xnoxdefault path appears to be prepended15:41
mvoxnox: nice15:41
mvoxnox: that sounds like the fix will be trivial, thats good to know15:41
mupPR snapd#5807 opened: interfaces: extra argument for static attrs in NewConnectedPlug/NewConnectedSlot <Created by stolowski> <https://github.com/snapcore/snapd/pull/5807>15:43
* cachio lunch15:45
mvoxnox: https://github.com/snapcore/snapd/pull/5808/files15:51
mupPR #5808: snapd-env-generator: fix when PATH is empty or unset <Critical> <Created by mvo5> <https://github.com/snapcore/snapd/pull/5808>15:51
mupPR snapd#5808 opened: snapd-env-generator: fix when PATH is empty or unset <Critical> <Created by mvo5> <https://github.com/snapcore/snapd/pull/5808>15:51
kyrofaroadmr, I once again have an inbox full of "manual review requested for version ..." for nextcloud's uploads. They seem to have been resolved (perhaps that was you) but now I have tons of revs that aren't in a chanel. I have to be honest, this is getting very frustrating15:53
niemeyerpstolowski: Just one final detail and looks okay, thanks for the changes!15:55
kyrofaI assume those are reviews timing out again. And the fact that pushes don't remember the channel they're supposed to go to is maddening15:55
pstolowskiniemeyer: thanks, looking15:56
cjwatsonkyrofa: One of my bits of upcoming planned work will have the side-effect of helping with that (see comment on https://docs.google.com/document/d/1vabN2wBNtGdBqShN1xi9a-osfGPtmA8EARdXfs2kfDI/edit#heading=h.l2jjh07gbn3p)15:57
cjwatson(Only specced so far, not yet started and won't be for a while)15:57
WimpressDmitrii-Sh: Sorry, I missed your earlier ping. Can I help?15:58
cjwatsonIt would still need rephrasing the push/release API in some way; but it would avoid the obvious negative side-effects of doing that in the current system15:58
roadmrkyrofa: I have a merge proposal to increase that timeout, hmm perhaps I'll ask for it to be cowboyed now so you don't face so much pain and frustration16:01
roadmrkyrofa: the "don't remember the channel they're supposed to go to" thing is https://bugs.launchpad.net/snapstore/+bug/1684529 but it's not as straightforward as "just remember this"16:01
mupBug #1684529: Need for manual review loses intent to release to channel <Snap Store:New> <https://launchpad.net/bugs/1684529>16:01
xnoxmvo, that looks good to me.16:01
xnoxmvo, it testing things are weird, if PATH is set in the environment, and one doesn't expand it, it looks like it does override things and than initramfs-full boots fail to come up16:02
kyrofacjwatson, that's a helpful doc, thank you. I look forward to those improvements. Are they actually on the store roadmap?16:02
xnoxmvo, so this fix for empty or unset path looks good to me.16:02
xnoxmvo, please upload in all the places =)16:02
cjwatsonkyrofa: yes16:03
cjwatsonwell, modulo unresolved disagreement about the expiry thing, but the rest are16:03
mborzeckiniemeyer: could you take a look at https://github.com/snapcore/snapd/pull/5713 ? i think all outstanding issues have been addressed16:04
mupPR #5713: many: mount namespace mapping for parallel installs of snaps <Parallel installs> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5713>16:04
niemeyermborzecki: Will do later today16:04
mborzeckiniemeyer: thanks16:04
zygacachio: looking16:04
niemeyermborzecki: Now I'll take a break and head outside for a while16:04
niemeyermborzecki: Sorry, that wasn't to you specifically :)16:04
zygacachio: that's a tricky question, I think it depends on what you want t o test16:05
niemeyerSee you all later or tomorrow16:05
cjwatsonadvocacy basically said "iz broken, pls fix" so it's kind of a pile of things that improve the situation in various ways :)16:05
kyrofacjwatson, this cycle's roadmap, or next?16:05
zygacachio: I think it's okay to setup the symlink on prepare.sh but then again, it's not really testing what people will otherwise see so it may hide bugs16:05
cjwatsonkyrofa: depends how quickly we finish with git per-branch permissions.  realistically probably early next cycle16:05
kyrofacjwatson, fair enough, thanks for the info :)16:06
Dmitrii-ShWimpress: we are trying to get this snap into the store for field engineering purposes https://forum.snapcraft.io/t/classic-confinement-review-request/7226 It's a test runner (rally) + a tempest plugin for openstack. It's an MVP for now as it allows us to run openstack validation tests. We called it fcbtesting on purpose because the way we implement it may be team-specific16:08
Dmitrii-Shthe point of having it in the snap store is that we can download it from it in proxied environments where we cannot bring all the pip deps along with us16:09
=== sparkieg` is now known as sparkiegeek
Dmitrii-Shso, I just wanted to know what would be the review procedure and how could we move it forward16:09
zygaDmitrii-Sh: hey, I think you just need two votes that approve it16:12
Dmitrii-Shwe tried working around the python multiprocessing (shmem) issue via a preload but did not have any luck with building the preload on bionic. We'd probably have to ship a patched python2 version with the snap otherwise that allows using custom paths16:13
cachiozyga, so, we should do it as part the the installer?16:14
cachiocreate that symlink?16:14
Dmitrii-Shzyga: from the snapcrafters org or? https://github.com/orgs/snapcrafters/people16:14
cachiothat should be the best solution16:14
cachio?16:14
=== pstolowski is now known as pstolowski|afk
zygacachio: installer?16:17
cachiozyga, when we buidl the deb or rpm16:17
zygaDmitrii-Sh: no, from select group of people on the forum16:18
zygacachio: no, I thonk think we can do that16:18
mborzeckicachio: i see a bunch of failures on amazon linux z with 'no space left'16:18
zygacachio: I mean, the package cannot ship the symlink16:18
cachiozyga, but we can create it when installing the package16:18
cachiomborzecki, do you have a link?16:19
mborzeckicachio: https://travis-ci.org/snapcore/snapd/builds/426715967?utm_source=github_status&utm_medium=notification16:19
zygacachio: maybe let me ask this way, why do you want to change that? is it for a specific test?16:20
zygacachio: I think we could have a helper that installs a locally built snap16:20
zygacachio: that uses classic confinement16:20
zygacachio: and also creates the symlink if it is missing16:20
zygacachio: but again, I don't have the full context16:20
cachiozyga, agree on that}16:21
cachiozyga, I ask if a user could face this problem trying to install a classic snap16:21
zygacachio: yes, that's unfortunately how this is16:22
mborzeckicachio: i'm going to restart that job16:24
cachiomborzecki, go ahead16:25
* zyga focuses on Fedora for now16:25
* zyga hugs Pharaoh_Atem for his tireless packaging effort :)16:25
* Pharaoh_Atem raises eyebrow16:26
cachiomborzecki, it is really weird because that image has not changed16:26
cachioand it is 25GB16:26
Pharaoh_Atemzyga: technically, the package can ship the symlink16:27
Pharaoh_Atemin rpm land, symlinks can be shipped16:27
Pharaoh_Atemthey're just files like any other16:27
cachiozyga, https://paste.ubuntu.com/p/RZnddCXszt/16:27
Pharaoh_Atemyou just have to be careful on how you create them16:27
cachiothis is happening on fedora right now16:27
cachiozyga, is that an issue?16:27
zygacachio: right, that's is expected16:27
zygacachio: the users have to create the /snap symlink to install snaps using classic confinement16:28
zygaPharaoh_Atem: can we ship /snap -> /var/lib/snapd/snap?16:28
Pharaoh_Atemno16:28
Pharaoh_Atembut not because rpm can't do it16:28
Pharaoh_Atembut because we shouldn't have that by default16:28
mupPR snapcraft#2255 opened: catkin plugin: use SnapcraftException <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/2255>16:28
Pharaoh_Atempeople should create the symlink themselves, because we don't know how their systems are going to be set up16:28
zygaPharaoh_Atem: could we create the symlink from snapd iff /snap doesn't exist?16:29
Pharaoh_Atemthat would be a scriptlet, but yes16:29
Pharaoh_Atemthe issue with that is that it makes behavior a bit less predictable16:29
zyganot from a script let, just from snapd's bootstrap phase16:29
Pharaoh_Atemah16:29
Pharaoh_Atempeople would murder you for that16:30
mborzeckizyga: cachio: we have a tests/main/classic-confinement wchich also runs on fedora and creates the symlink on demand16:30
Pharaoh_AtemI'd have to disable it to prevent it being removed from Fedora16:30
zygainstalling classic snap, /snap absent, create symlink16:30
zygaeh, ok :)16:30
zygacachio: ^ there's your answer :)16:30
zygait's just a policy, not a technical limitation16:30
Pharaoh_Atemcorrect16:30
cachiozyga, :(16:30
cachioPharaoh_Atem, zyga thanks for the answer16:31
zygaPharaoh_Atem: where do you need karma? I only see F2916:38
Pharaoh_Atemzyga: F29 is the only one16:38
Pharaoh_Atemall the others are already pushed through16:38
zygaPharaoh_Atem: btw, fix-info-dir problem is back16:52
Pharaoh_Atemeh?16:57
Pharaoh_Atemreally? blech16:57
zygaas is the cache hash checksum issue16:58
zygaI'm ignoring that, just a curiosity on the side16:58
mupPR snapcraft#2256 opened: local source: don't include .snapcraft directory <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/2256>17:34
pedronismvo: is there a reason most call of MockModel*  in snapstate_test.go don't restore?18:22
om26ercan a snap, that uses layout feature be released to "stable" ?18:43
zygaom26er: I actually don't know but I believe it should be18:43
zygaom26er: layouts should be out of beta very soon now18:43
zygaom26er: 2.36 IMO18:44
om26erzyga: I had a snap with "grade: devel" and it got published to store after manual review (using layout). Today I changed that to "grade: stable" and seems my upload requires another review as well.18:45
zygaI think store has no "memory" about the past approval18:45
om26erso I was wondering if the problem is because I changed it to "stable"18:45
zygaI don't think so18:46
om26erhmm, I'll wait for the review then.18:46
om26erin case anyone is interested https://dashboard.snapcraft.io/snaps/xbr-dashboard/revisions/23/18:47
zygaom26er: how have layouts worked for you?18:48
om26erzyga: well, my Qt based app wouldn't start if layouts were not there, so it definitely worked pretty great.18:48
zygadid you see the new documentation page for them?18:48
om26erno, I was probably given a working example from _ogra_18:49
zygaom26er: check out https://forum.snapcraft.io/t/snap-layouts/720718:49
* cachio afk19:02
mupPR snapcraft#2257 opened: meta: take charge of environment used to run commands <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/2257>19:29
zygahm, selinux, ...19:59
marcoceppiNeed some help with snaps an apparmor20:08
zygahello marcoceppi20:08
marcoceppiMy system's apparmor is crashing after a snap refresh20:08
zygacan you please tell me more20:08
zygado you have logs? is the kernel crashing? which system are you using? can you provide the output of "snap version"20:09
marcoceppizyga: snap daemons aren't starting, which lead me to logs, which lead me to a bug, which lead me to apparmor https://paste.ubuntu.com/p/57ZSCCDVp4/20:09
marcoceppizyga: https://paste.ubuntu.com/p/BsvKCkjzY6/20:09
marcoceppikernel is up, but lxd daemon isn't running, complains about File not found, lead me to this bug, but I'm unable to remedy with restarting apparmor https://github.com/lxc/lxd/issues/440220:11
zygaapparmor is not a daemon, the service just loads the profiles into the kernel20:11
zygacan you tell me more about your setup please20:12
zygathis is a lxd container or is the issue on the host?20:12
marcoceppi14.04 with HWE kernel, bare metal server in OVH20:12
marcoceppiissue with the host20:12
zygaOVH?20:12
marcoceppiserver provider, ovh.com20:12
zygaa, I see20:12
zygawhen has this issue started to show up?20:13
marcoceppiIt's been running a long time, moved from apt lxd -> snap lxd about 10 months ago, issue appeared this morning after a container got stuck20:13
zygacan you show me "snap changes" from the host?20:14
zygamaybe some snap refreshed and started causing issues (somehow)20:14
zygaalso, what does systemctl status apparmor.service say?20:14
zygahmm20:14
zygano such file or directory?20:14
marcoceppiIt's in my first pastebin20:14
marcoceppiyes20:14
zygadid you by any chance remove apparmor userspace package from the system?20:14
marcoceppierror: no changes found20:14
zygawhat does dpkg -L apparmor say?20:15
marcoceppiyou want big L or little l?20:15
zyga-L20:15
marcoceppihttps://paste.ubuntu.com/p/NSZHyKnJzH/20:15
zygaah, wait, 14.04 you say?20:16
marcoceppicorrect20:16
* zyga doesn't remember if on 14.04 + snapd apparmor is managed by upstart or by systemd20:16
marcoceppisystemd is on here20:16
zygawhat does /etc/init.d/apparmor status say?20:16
zygayes but that's a special copy of systemd for snapd20:16
zygaI don't believe it actually manages apparmor20:17
marcoceppihttps://paste.ubuntu.com/p/knJxXZGkjg/20:17
zygaok, so you have a number of apparmor profiles loaded20:17
zygaso what's the issue that you observe? is lxd broken?20:17
marcoceppiI suppose, the daemon isn't starting20:18
zygawhat does systemctl status snapd.service say?20:18
marcoceppiactive, running20:18
zygaand sytemctl status snap.lxd.lxd20:19
marcoceppisystemctl status snap.lxd.server snap.lxd.server.service    Loaded: error (Reason: No such file or directory)    Active: inactive (dead)20:19
zygait's not lxd.servcer, it's lxd.lxd.service20:19
zygaor lxd.daemon.service20:19
zygathe app names are the same as apparmor profile names20:19
stgrabersnap.lxd.daemon20:20
zygahey stgraber, thanks for that! :)20:20
marcoceppiinitctl: Unknown job: snap.lxd.daemon20:20
marcoceppisorry,20:20
stgraberyeah, that's going to be a systemd one20:20
marcoceppihttps://paste.ubuntu.com/p/fTfpC9qf52/20:20
zygamarcoceppi: probably not related, "dpkg --configure  -a" (just to rule out dpkg aspects)20:21
stgrabermarcoceppi: journalctl -u snap.lxd.daemon -n 30020:21
zygamarcoceppi: what happens when you "systemctl start snap.lxd.daemon.service" ?20:21
marcoceppiSep 10 15:47:57 notaws.com lxd.daemon[1038]: cannot change profile for the next exec call: No such file or directory20:21
zyganow we are getting somewhere!20:21
stgraberok, so that's a snap-exec thing then20:22
stgraber*snap-confine20:22
zygatoo bad that's a generic apparmor error, not sure if it coming from snap-confine or lxd20:22
marcoceppiapparently, when I ran start just now20:22
zygastgraber: note that one of the other pastebins show that the profiles are loaded20:22
marcoceppilxd woke up20:22
zygastgraber: how does lxd apply apparmor on exec or immediately?20:23
stgraberzyga: LXD only plays with apparmor when containers start, the failure here is much much before that20:23
zygaack20:23
stgraberzyga: what it could be is that our "aa-exec" wrapper which passes "-p unconfined" is somehow failing in this case, but that'd be pretty weird given that unconfined is guaranteed to always exist20:24
stgrabermarcoceppi: uname -a20:24
marcoceppiSo, could this just be that 14.04 + lxd + apparmor profile loading ordering issue?20:24
marcoceppiLinux notaws 4.4.0-134-generic #160~14.04.1-Ubuntu SMP Fri Aug 17 11:07:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux20:24
mupPR #160: Trivial fix for the output of "snappy list" <Created by mvo5> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/160>20:24
zygamarcoceppi: I don't know yet20:24
zygathat looks like a vanilla ubuntu kernel20:24
stgraberyeah, kernel is good, that matches our test system for LXD on 14.0420:24
marcoceppiaye, hwe, but just what comes from the archive20:25
marcoceppihappy to just shove this machine to xenial if that's a plausible fix, now that lxd is run from the snap I'm less worried about a system update20:25
zygamarcoceppi: please describe this on the forum -- it's late anyway so I will EOD soon20:27
zygaI'm looking at a selinux issue now20:27
mupPR snapcraft#2258 opened: build providers: snapcraft images for multipass <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2258>20:47
mupPR snapcraft#2259 opened: cli: show trace if no tty <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/2259>22:08
mupPR snapcraft#2251 closed: pluginhandler: stop using alias for snapcraftctl <Created by kyrofa> <Merged by kyrofa> <https://github.com/snapcore/snapcraft/pull/2251>22:38
mupPR snapd#5809 opened: tests: using single sh snap in interface tests <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5809>22:45
mupPR snapcraft#2254 closed: build providers: add support for --shell <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2254>23:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!