/srv/irclogs.ubuntu.com/2019/11/13/#snappy.txt

=== Elliot is now known as Guest3774
mborzeckimorning06:35
mborzeckire07:36
mborzeckihate the morning traffic07:36
=== pstolowski|afk is now known as pstolowski
pstolowskimorning08:04
mborzeckipstolowski: hey08:06
mborzeckipstolowski: can you take a look at https://github.com/snapcore/snapd/pull/7702 ? maybe we could land it08:08
mupPR #7702: tests: adding fedora 31 <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/7702>08:08
pstolowskimborzecki: sure, will do08:08
mborzeckipstolowski: thanks!08:08
mborzeckiquick errand, brb10:11
pstolowskihmm something is not right with tumbleweed10:39
mborzeckire10:54
mborzeckipstolowski: got logs?10:55
pstolowskimborzecki: https://paste.ubuntu.com/p/PkdyMvHYjT/10:59
pstolowskihome/gopath/src/github.com/snapcore/snapd/tests/lib/quiet.sh: line 30:   993 Segmentation fault      (core dumped) "$@" &> "$tf"10:59
mborzeckiduh, zypper segfaulted?11:00
pstolowskimborzecki: happened on 2 independent PRs and now when run manually11:01
pstolowskialthough i have no proof it was the same error; but they were definaltely tumbleweed prepare failures11:02
om26erpopey ping! re: building close-source project's snaps with launchpad, did you get a chance to make a video for that ?11:47
om26eror popey_ ^11:47
mupPR snapd#7731 opened: usersession/userd: add "apt" to the white list of URL schemes handled by xdg-open (LP: #1776873) <Created by oSoMoN> <https://github.com/snapcore/snapd/pull/7731>11:59
zygao/12:51
zygagood morning12:51
pstolowskihey zyga!13:00
zygahey guys, how's the day going?13:00
zygamborzecki: can we chat here13:02
mborzeckizyga: call would be quicker ;) unless you're in pyjamas or whatnot13:03
zygamborzecki: yes but yes :)13:03
zygaok, let's use meet13:03
zygahttps://meet.google.com/mym-ngpj-ynj13:04
=== ricab is now known as ricab|lunch
* zyga goes for breakfast13:46
ijohnsonmorning folks13:50
zygahey ijohnson14:02
ijohnsonmorning zyga14:02
roadmrzyga: no breakfast yet 😢14:02
roadmr(unless you go out?)14:02
zygaroadmr: yeah, I had a call with my family; I think brekfast starts later14:03
zygaoh14:03
zygashiny14:03
zygahttps://www.apple.com/macbook-pro-16/14:03
roadmrzyga: yep need to wait 27 min :)14:03
roadmrzyga: haha magic keyboard ?? I anticipate the "yes, magic - press a key, who knows what'll come out on screen 🤣  " memes14:04
* zyga sells his 15" 14:05
roadmr🤑14:05
zyga64GB ram maximum, wow14:06
zygapstolowski: ^14:08
pstolowskizyga: uhm, your predictions were right14:09
zygapstolowski: I will call it the vim macbook14:09
zygapstolowski: it has physical escape key :)14:09
zygapstolowski: but geez, if the keyboard is now "regular" this is a super shiny machine14:10
zygapstolowski: 8TB SSD max, 64GB RAM max14:10
pstolowskizyga: wooot, esc? no way :D14:10
zygapstolowski: (obviously $$$$ but still)14:10
zygapstolowski: yep, physical escape key + rest of touchbar as before14:10
zygapstolowski: but the base model is not unlike other laptops from dell / lenovo14:10
zygapstolowski: 11-14K PLN for a really nice setup14:11
=== mborzeck1 is now known as mborzecki
pstolowskizyga: i see it replaced 15' in the store, only 13 & 16 now14:13
zygaYes, it seems so14:15
zygaI wonder what the GPU is14:15
pstolowskizyga: huh, going with 32GB and ssd >1TB makes the price skyrocket14:20
mborzeckicachio: is there a more recent tumbleweed image that we could use by any chance?14:21
cachiomborzecki, so, we are creating tumbleweed based on the leap 15.014:22
pstolowskicachio: re install slowness, please grab 'snap debug timings <change id>'14:22
cachiomborzecki, and then we update it weekly14:22
cachiopstolowski, sure14:23
cachiomborzecki, which is the problem with the current one?14:23
cachioperhaps we could create a new one14:23
mborzeckicachio: this failed for instance https://api.travis-ci.org/v3/job/611337121/log.txt14:24
mborzeckicachio: this is the relevant part https://paste.ubuntu.com/p/VGYvRc2wG4/14:24
mborzeckicachio: looks like there's a segfault in zypper (?)14:25
mborzeckicachio: although when i run a shell manually, i don't seem to be able to reproduce it with the same zypper command on a clean image14:25
cachiomborzecki, mborzecki I could create a new one based on leap 15.1 latest image14:25
cachiomborzecki, not sure if it is gonna help14:26
mborzeckicachio: do you create a new image from scratch each time, or do you rather keep updating the same image?14:26
* ijohnson drools over the new macbook14:27
cachioI initially created a tumbleweed image from leap 15.014:27
cachiothis is called base image14:27
cachiothen every week I update that and install all the test dependencies14:27
cachioin a new image14:27
cachiothe final image14:27
cachiothis is the image we use for snapd14:28
cachiomborzecki, sometimes I create new base images or update the base image14:28
cachiomborzecki, what I see is that opensuse-cloud added an image for leap 15.1 that we could use14:30
zygapstolowski: the important part is what the baseline has14:31
zygaNo more 256GB 8GB model14:31
zygaIt is a great upgrade!14:31
mborzeckicachio: can you maybe try and update the current image to the latest TW snapshot?14:32
cachiomborzecki, sure14:32
mborzeckicachio: hmm looks like we're using 20191109 already14:32
* ijohnson stops drooling after looking at prices and gets back to work14:33
cachiomborzecki, yes14:33
cachiomborzecki, I updated 2 days ago14:34
pstolowskizyga: for the gpu it apparently has AMD Radeon Pro 5300M and 5600M with 4GB DDR614:34
mborzeckizyga: looks like tehre's some updates, i think it's worth trying the latest snapshot anyway14:36
mborzeckipstolowski: still i9 cpu booo14:37
mborzeckipstolowski: zyga: wonder is i9 is vulnerable https://mdsattacks.com/#ridl-ng14:38
zygapstolowski: not sure how that GPU compares to consumer models14:39
mborzeckizyga: i'm sure it's not as hot14:39
zygapstolowski: i9 -> no zen 2nd gen mobile yet, also very unlikely apple would move to amd on a laptop still14:39
zygamborzecki: well, apple store is 200 m away14:39
zygaI'll check it out :)14:40
mborzeckihahah14:40
pstolowskizyga: :)14:40
pstolowskii can sense zyga returning from the sprint with a new laptop ;)14:41
zygapstolowski: never, I want to get it back home as proper purchase with vat and stuff14:41
zygapstolowski: here it'd be just more complex14:41
mborzeckizyga: for sure it's gonna hit the new split payment regulations :)14:41
zygamborzecki: mhm14:41
zygamborzecki: I really really wonder how that works now14:42
pstolowskiyeah it's confusing14:42
zygaI cannot deny that it is tempting though14:44
zygait looks like great piece of hardware14:44
pstolowskidegville: hey, i think https://snapcraft.io/docs/hotplug-support needs a minor update, the feature is still behind experimental flag and not made widely available with 2.39 as indicated there14:44
cachiopstolowski, https://paste.ubuntu.com/p/Y6TY4WMYXG/14:45
pstolowskizyga: my santa is not reach enough ;). maybe next year..14:45
degvillepstolowski: thanks for letting me know -I'll update it now.14:45
pstolowski*rich14:45
zygapstolowski: my santa is the same, it would depend on selling the 15" first14:45
cachiopstolowski, id: 2514:48
cachioand 2414:48
pstolowskicachio: thanks, looking14:49
pstolowskicachio: it takes 1.5s on my local VM. i'm not sure there is anything wrong there. great chunk of that is seccomp profiles compiler. note this snap has 9 apps in it14:54
pstolowskicachio: not sure why copy-snap-data took 1.7s though. was there any old data?14:55
cachiopstolowski, yes, but it takes more than 2 seconds14:55
cachioseems to be so much compared with the other times14:55
pstolowskicachio: what do you mean by other times?14:56
cachiopstolowski, compared with the other steps and with apparmor14:56
pstolowskicachio: ah, sure. yes, seccomp compiler got very slow a few months ago with a new version14:57
cachioapparmor= 725ms seccomp=2201ms14:57
pstolowskicachio: a few weeks ago i presented some tests on the standup, seccomp got a few times slower afair14:57
pstolowskicachio: so yes, setup-profiles is one of the most expensive tasks, a few seconds is normal, unfortunately14:59
cachiopstolowski, https://paste.ubuntu.com/p/yYnDCPpm7m/15:00
pstolowskidegville: thanks for updating hotplug doc!15:00
cachioin this case I installed over15:00
degvillepstolowski: np!15:00
cachioand didnt setup seccomp15:00
cachiobut did the setup for apparmor15:01
cachiopstolowski, do you know why?15:01
pstolowskicachio: seccomp backend computes new profiles and compares them with what's already on the disk, if there is no change then they are not reloaded. same logic applies to apparmor, i suppose they were reloaded because they have snap paths (specific to snap revision) in them15:07
=== ricab|lunch is now known as ricab
cachiopstolowski, still weird that if it computes the new profiles it makes that super fast15:13
cachioand also it does not appear in the timings15:13
pstolowskicachio: we don't save timings if something is faster than 5ms15:14
cachiopstolowski, we have some stuff with 4ms15:14
pstolowskicachio: computing profiles is fast, loading them with seccomp profiles is slow15:14
cachiopstolowski, ahh15:15
pstolowskicachio: sorry, i wasn't precise: we will still record times of individual tasks (like 4ms with post refresh hook), but we don't store detailed timing breakdown (nested timings) underneath15:16
cachiopstolowski, ah, ok15:16
cachiopstolowski, thanks for the explanation15:16
pstolowskicachio: if we compute a profile and find it's the same, we don't invoke seccomp or apparmor parser at all15:17
cachiopstolowski, perhaps we could see why we are calling apparmot15:19
cachioit I am installing the same snap twice15:19
pstolowskicachio: but it ends up with different revision, no?15:20
cachiopstolowski, ye15:21
cachios15:21
pstolowskicachio: so, paths are differnt in the aa profiles15:21
cachiopstolowski, ah, ok15:21
cachiomakes sense15:22
cachiopstolowski, so seccomp takes more time depending on the number of apps the snap has?15:27
cachiopstolowski, for example the snap test-snapd-framebuffer with 2 apps and 1 interface takes 493ms on seccomp15:28
cachioand 0ms to copy snap data15:28
cachiopstolowski, and first time I saw: 1791ms            -  Copy snap "test-snapd-tools" data15:31
cachioperhaps we could update the snap to make it faster to be installed15:31
cachiobecause it is being used on many tests15:32
pstolowskicachio: what is the data of this snap? it seems we're copying data over to the new revision in the test, maybe it makes no sense15:34
pstolowskicachio: i mean, maybe we should simply rm -rf .. on snap data to avoid copying15:35
cachiopstolowski, I think in the test there is something weird15:39
cachioI ran the samein the pi3 and got 2212ms            -    setup security backend "seccomp" for snap "test-snapd-tools-core18"15:39
cachioseccom takes same time on pi3 than in the vm15:39
cachiohhehe15:39
cachiopstolowski, take a look to this please https://paste.ubuntu.com/p/MKD5MCTtxn/15:41
cachiopstolowski, do we use different seccomps for core than classic?15:42
pstolowskicachio: is it a fast vm?15:46
cachiopstolowski, it is same we use for tests on google15:50
cachiopstolowski, but it should be faster then the pi315:51
cachioin fact in the pi3 apparmor takes more than 2 seoncds15:52
cachiocompared with 700ms on the vm15:52
cachiobut seccomp is the same time in both15:52
pstolowskicachio: i see. i don't know why. this the time of seccomp compiler itself. maybe mborzecki or zyga know what is it doing that explains no difference on pi3 vs vm15:55
mborzeckipstolowski:  hm? why it's so slow?15:55
cachiomborzecki, well, in pi3 is slow as in a vm15:56
pstolowskimborzecki: why it takes same time on pi3 vs vm15:56
cachiomborzecki, https://paste.ubuntu.com/p/MKD5MCTtxn/15:56
pstolowskimborzecki: where it should in theory be faster on vm15:56
cachiopstolowski, but apparmor is much faster in the vm15:57
cachiomborzecki, ~15:57
mborzeckipstolowski: iirc it's cpu bound and single threaded15:57
pstolowskimborzecki: aah, here you go15:57
cachiomborzecki, ahh, that explains it15:57
cachiomborzecki, pstolowski thanks for the explanations15:58
mborzeckicachio: pstolowski: we could run the compiler in parallel, but you'd only benefit when there's more than 1 app15:58
mborzeckisetting up security backends in parallel would give more gains i believe15:59
cachiomborzecki, for testing that should be really usefull15:59
pstolowskiyep.. test-snapd-tools has 9 apps ;)15:59
cachiois it possible to so it by configuration?15:59
pstolowskicachio: no, needs coding15:59
cachiopstolowski, :(15:59
zygacachio, pstolowski: snap-seccomp needs a cache layer15:59
zygavirtually all snaps use the same seccomp profile in the end15:59
mborzeckipstolowski: cachio: i had the patches somewhere, iirc i pointed pawel to the commits at some point15:59
zygathere is far less variability compared to apparmor16:00
mborzeckicachio: if you feel like it i can try to revive the branch with paralell compilation of seccomp profiles and we can try to benchmark that16:00
mborzeckibrb16:00
cachiomborzecki, that should be really nice16:00
cachioon tests we have many snaps with more than 1 app and reviewing times I see most of the time it is installing snaps16:01
cachioand most of that time it is creating seccomp profiles16:01
cachiomborzecki, if you have a branch I could try it16:02
cachioand see the time improvement16:02
=== pstolowski is now known as pstolowski|afk
mborzeckiijohnson: hi, still around?21:06
ijohnsonhey mborzecki21:06
mupPR snapd#7732 opened: [PoC] many: extracted snaps mode <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7732>21:06
mborzeckiijohnson: opened a branch for you ^^21:06
ijohnsonthanks mborzecki, will give it a spin21:06
mborzeckiijohnson: i think it should mostly work, but you may see some issues with layouts, iirc some logic depends on statfs()ing some paths and observing squashfs magic there21:07
mborzeckiijohnson: and you'll need to set SNAPD_EXTRACT_SNAPS in your environment21:08
ijohnsonright I see that from the patch21:08
ijohnsonthat's interesting about layouts needing to introspect the squashfs21:08
ijohnsonI'll see what I can find in any case21:08
mborzeckiijohnson: if you see bugs or issues feel free to patch it ofc :P21:10
ijohnsonsounds good21:10
mborzeckiijohnson: thanks! really looking forward to the numbers, i suppose next thing we could try afterwards is repacking the squashfs locally21:12
ijohnsonyeah I don't want to get too far into repacking without Samuele's blessing however :-)21:13
mborzeckiijohnson: yup, agreed, this should give us some insight though21:15
ijohnsonindeed21:15
mborzeckiall right, wrapping it up, till tomorrow21:16
mupPR snapd#7733 opened: tests: disable nova from install-snaps test <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/7733>22:11
mupPR snapcraft#2786 closed: cli: add support for 'http-proxy' and 'https-proxy' parameters <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2786>22:28
mupPR snapcraft#2769 closed: extensions: skip icon cache creation for theme and runtime snaps  <Created by galgalesh> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2769>22:46
=== alan_g_ is now known as alan_g

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!