[00:57] PR snapcraft#3095 opened: plugins: break out rosdep resolve parsing for external use [01:39] PR snapcraft#3096 opened: pluginhandler: export SNAPCRAFT_BUILD_BASE to build environment [01:48] PR snapcraft#3015 closed: [WIP] ros2 (colcon) extension preview [01:58] PR snapcraft#3097 opened: [WIP] colcon v2 plugin + ros2 extension === xnox|sessions is now known as xnox [05:46] Bug #1875543 opened: Ubuntu 20.04 "A stop job is running for Snappy Daemon" during shutdown <20.04> [06:25] Good morning [06:44] morning [06:46] good morning mborzecki [06:47] mvo: hey, meeting is at 11 right? [06:48] mborzecki: yes [06:49] Hey [06:49] How was day one? [06:50] mvo: cool, i'll go for a walk with kids and do groceries, will be back before 11 [06:52] mborzecki: sounds good, note that you are optional for the meeting, no worries about this [07:08] morning [07:13] good morning pawel :) [07:38] let's see if the store works better today [07:56] hello, how are tests doing today? [08:00] pedronis: running now, all yesterday was red red red [08:01] pedronis: I'll let you know if a single run can pass [08:01] hi pedronis, i just kicked one of my PRs, will know soon [08:22] re [08:23] zyga: pstolowski: I have a PR that I would like to land to let people test in edge, but I will not trigger it if it's hopeless [08:23] zyga: pstolowski: thanks [08:23] ack [08:24] * zyga tests a fix for opensuse [08:38] google:ubuntu-core-16-64:tests/main/core-persistent-journal failed [08:38] + snap set core journal.persistent=false [08:38] 886 [08:38] grep error: pattern not found, got: [08:38] 887 [08:38] error: cannot communicate with server: Put http://localhost/v2/snaps/core/conf: EOF [08:38] preseed tests also failed on 19.10 [08:39] ++ find /mnt/cloudimg/var/lib/snapd/seed/snaps/ -name 'core_*.snap' [08:39] 1316 [08:39] + CORE_IMAGE= [08:39] 1317 [08:39] + unsquashfs '' [08:39] 1318 [08:39] Could not open , because No such file or directory [08:39] 1319 [08:39] pstolowski: let's finish that branch that fixes this [08:39] pstolowski: you said that you had more improvements to my PR? [08:42] zyga: i pushed them all to #8528 [08:42] PR #8528: tests: fix for pre-seeding failures [08:42] super, let's see [08:42] when did you restart this last? [08:43] zyga: let me merge master & push [08:43] was last week [08:43] pstolowski: thanks [08:43] pstolowski: perhaps rebase, the merges are just confusing [08:43] zyga: hmm too late [08:43] no worries [08:43] zyga: do you have a link to core-persistent-journal failure? [08:44] yes, one sec [08:44] https://github.com/snapcore/snapd/pull/8565/checks?check_run_id=625210861 [08:44] PR #8565: osutil: expand FileLock to support shared locks and more [09:13] i cannot reproduce google:ubuntu-core-16-64:tests/main/core-persistent-journal failure [09:15] may have been a random one :/\ [09:26] zyga: we have some selinux denials on centos, and tests failing because of them, looking [09:27] I saw that but I'm unsure how to fix it [09:27] zyga: did we change snap-update-ns recently? [09:27] noo [09:28] no* [09:28] hmm [09:28] I suspect it's the nss modules [09:28] but I didn't go deep on that [09:33] indeed, only a few irrelevant changes there [09:45] zyga: pressed PR failed, i think 19.10 now has core18+snapd too, fun [09:45] zyga: i'm on it [09:45] heh [09:45] thank you [09:45] I'm looking at base policy issue [09:49] pedronis: is it possible to look at earlier revisions of assertions somehow? I'd like to see snap declarations [10:00] pedronis: no longer needed! [10:02] zyga: the answer is no basically, not easily [10:20] zyga: pushed fix to #8528 [10:20] PR #8528: tests: fix for pre-seeding failures [10:21] \o/ [10:21] thank you! [10:24] zyga: have you found anything about opensuse failures? [10:25] I looked but my trivial fix failed, I need to boot suse and just look around [10:25] I suspect I know what it is [10:25] I will probably couple that with package update [10:25] but after the meeting today [10:39] brb === pedronis_ is now known as pedronis [10:46] diddledan: hey, I responded in the forum [11:25] zyga: #8525 green everywhere except for opensuse and centos 8 [11:25] PR #8525: tests: ignore user-12345 slice and service [11:26] zyga: ups, i mean #8528 [11:26] PR #8528: tests: fix for pre-seeding failures [11:33] pstolowski: on unstable systems, can we merge regardless? [11:34] zyga: yes, we should. needs 2nd review [11:34] ok [11:34] maybe ijohnson is around now? [11:34] whats up zyga [11:34] ah, on a call [11:34] also good morning [11:34] ijohnson: just queue it for later ^^^ [11:34] 8258 ? [11:34] hey ijohnson [11:35] hey pstolowski [11:36] ah, actually it needs 2 reviews ;) [11:36] I just cannot review as I wrote some part of it [11:36] i suppose i can't review it [11:36] yeah [11:36] zyga: maybe your and my review would count 0.5 each ;) [11:41] haha, yeah [11:41] I think that's ok [11:50] * juergh_ juergh [11:50] I need to install an old version of snapd that doesn't seem to be in any of the channels anymore. How would I go about that? === juergh_ is now known as juergh [11:51] juergh_: hey, unless it's available in one of the channels you cannot do that [11:51] juergh: is there a particular reason you need to use a older snapd? [11:52] zyga, 2.43.x introduced a workaround for what some people believe is a kernel issue. I need to test with the old snapd that dosn't have the workaround to debug this. [11:55] juergh: perhaps you can download a package from the archive (.deb) and see if that's sufficient [11:55] juergh: I think there are some places that cache them [11:56] zyga, are you saying we don't archive old snaps? [11:57] juergh: we do but we don't allow everyone to download them [11:57] zyga, and you're saying as an Ubuntu kernel maintainer and Canonical employee I'm not allowed :-) [12:02] juergh: only the publisher of a given snap can get every revision [12:03] (and collaborators) [12:16] zyga, whom do I need to talk to get the revision that I need? [12:17] juergh: sorry, in a call [12:17] juergh: I think someone from the store or snapd might be able to help you [12:17] juergh: you need to find a revision of core or snapd that has what you want [12:17] and download that [12:38] juergh: I'll break for lunch now, I can try to help you after the break [12:41] mvo: not sure if you have time but we need https://github.com/snapcore/snapd/pull/8528 to unbreak master [12:41] PR #8528: tests: fix for preseeding failures [12:41] mvo: its green apart from unstable systems and has one review from Pawel who contributed a good chunk of the work [12:55] PR snapd#8574 opened: tests, selinux: update SELinux rule affecting snap-update-ns on centos 8 [12:55] mborzecki: ^ if you have a sec.. not sure if there is a magic macro anywhere in the policy, but this should do .. [13:01] zyga, cachio: going to SU? [13:01] no, I'm in the public review session [13:01] yes [13:01] but trying t o login [13:04] mvo, hi [13:04] cachio: mvo is speaking now [13:05] zyga, ouch [13:05] zyga, thanks for the heads up [13:16] zyga: pstolowski: I have reviewed 8528 [13:17] ijohnson: thanks! i'll remove the TODO comment on next occasion [13:17] sounds good [13:23] cachio: hi [13:24] mvo, sorry for the interruption [13:24] cwayne, asked me to create a test-snapd-tools-core20 snap [13:24] mvo, you created the other 2 ones [13:24] i did do that [13:25] and I cant find where you have the snapcraft.yaml [13:25] cachio: thanks, let me check [13:25] and the snap recipe [13:25] cachio: looking now [13:25] that's the main stuff failing on uc20 runs for us [13:32] mvo, thanks [13:32] cachio: where can I find the core image inside the classic test machine? [13:34] cmatsuoka, /tmp/work-dir/image [13:34] there [13:36] cachio: it's a hand crafted one, I pushed a new one and shared with you, we should make it owned by test-snaps@c.c [13:36] cachio: anyway, should unblock you [13:36] mvo, thanks [13:39] PR snapd#8528 closed: tests: fix for preseeding failures <⚠ Critical> [13:40] cachio: one of the flags made the nested vm boot [13:40] cmatsuoka, awesome [13:40] cmatsuoka, panic? [13:40] cachio: now I must find which one, there are four possibilities [13:41] cmatsuoka, I can help [13:42] cachio: I tried it with -cpu host,-vmx-apicv-register,-vmx-apicv-vid,-vmx-ple,-vmx-rdrand-exit [13:43] cachio: but I also ran with -smp 4 and it rebooted later, so perhaps -smp 1 could help in this case? [13:43] cmatsuoka, yes [13:44] cachio: what I actually did was to run my usual qemu script inside the google-nested machine with -nographics [13:44] adding the extra flags to cpu [13:44] ahh, I am trying now with your parameters [13:45] cachio: there are four flags there but probably one one fixes the msr issue [13:46] cmatsuoka, I am trying now the regular nested with those parameters [14:15] cachio: -vmx-rdrand-exit prevents the crash, let's see if it doesn't cause entropy starvation problems [14:16] cmatsuoka, awesome [14:16] cmatsuoka, so far I couldn't connect through ssh [14:17] cachio: I think it's better to monitor the console to actually see what's going on there, it could be many things now including our dreaded entropy starvation [14:18] I'm not sure what exactly this flag does and documentation isn't great [14:26] cmatsuoka, yes [14:28] cmatsuoka, I see that goes into an infinite loop [14:28] using -smp 1 [14:28] cachio: it freezes? [14:28] cmatsuoka, no [14:28] cachio: or is it a reboot loop? [14:30] does this problem also happen without -cpu? [14:37] it rebooted in install mode many times [14:37] without -cpu I didnt see those reboots usign -smp 1 [14:39] and without -cpu, where did the problem happen again? [14:44] cmatsuoka, so [14:44] I don't see the menu anymore [14:45] so I cant update the kernel command line any more in run mode [14:57] cmatsuoka, also when I run console-conf I dont see any network: https://paste.ubuntu.com/p/2J4vjjxvHw/ [15:01] cmatsuoka, I am going to have lunch now [15:02] * cachio lunch [15:23] PR snapd#8575 opened: packaging/fedora: disable FIPS compliant crypto for static binaries [15:24] pstolowski: ^^ [15:26] PR snapd#8574 closed: tests, selinux: update SELinux rule affecting snap-update-ns on centos 8 === stgraber_ is now known as stgraber [15:43] drat, another failure of google:ubuntu-core-16-64:tests/main/core-persistent-journal, something is flaky after all [15:58] cachio: so if you're reaching console conf the system is booting correctly to run mode, except network? [16:29] cmatsuoka, yes [16:31] cachio: and this is with -cpu or without? [16:31] without [16:31] ok, so entropy starvation was not an issue [16:31] good [16:31] with -cpu it goes to a infinite loop [16:33] cmatsuoka, do you know how to edit the kernel commandline now? [16:33] the menu does not appear anymore [16:34] do you want to edit it for install mode or run mode? [16:34] for run mode it's part of the tpm measurements so you can't change it [16:35] cmatsuoka, ahh [16:35] that makes sense [16:36] now this network problem seems strange, did you see something similar before? [16:38] no [16:38] perhaps this is the reason why ssh cannot be stablished [17:03] PR snapd#8575 closed: packaging/fedora: disable FIPS compliant crypto for static binaries [17:04] yay, thanks mvo! [17:05] hm maybe we could move centos8 back to stable systems now [17:25] cmatsuoka, now without -cpu I see a reboot loop again [17:25] cmatsuoka, this is dmesg output on the host machine https://paste.ubuntu.com/p/JD5WgQkBQG/ [17:26] cmatsuoka, for each reboot I see a vcpu0, guest rIP: 0xffffffffb5e788b4 [17:27] xnox, hey, any idea about what be causing that error? [17:31] this seems to be just a notification message, not necessarily an error [17:35] cmatsuoka, but this vcpu0, guest rIP: [17:35] means that something happens and hte vm was killed right? [17:44] I think it's just a message telling that the guest is trying to access the msr [17:45] if something is crashing you should see a more detailed message [17:49] zyga: LOL, `sejwy`? ;D [17:49] Saviq: *comprehensible* ;) [17:50] Saviq: are you following all new posts? :D [17:50] zyga: only the interesting ones :P [17:50] zyga: "remainder", btw :) [17:50] ah, thanks [17:51] fixed [17:51] Saviq: feedback welcome, it's just an idea at this stage [18:00] * zyga EODs === ijohnson is now known as ijohnson|lunch [18:24] cmatsuoka, did you remember the kvm parameter used to show extra info like crashes? [18:24] do you ? [18:27] cachio: hmm, no, I don't know this parameter [18:28] cachio: maybe Saviq knows? [18:28] no, sorry === ijohnson|lunch is now known as ijohnson [18:32] PR snapd#8576 opened: tests/main/lxd: add test for snaps inside nested lxd containers [18:37] mvo: hey, fyi the discussion in https://github.com/snapcore/core20/issues/48#issuecomment-620509641 [18:38] jdstrand: thanks, checking [18:40] jdstrand: right, I agree we should use the updated libseccomp and rebuild snapd/core with that [18:40] jdstrand: timing is not great, I can probably work on this tomorrow (my) morning but it requires hte updated libseccomp to be available in ppa:snppay-dev/image [18:40] * mvo actually should write this in the bug [18:45] also mvo I proposed the nested lxd test and it fails [18:45] need someone to look into why it fails [18:45] * ijohnson doesn't know [18:46] ijohnson: might be worthwhile to check with stgraber [18:46] mvo: yeah. I'm not pushing for a particular time, just wanted to make sure you saw it [18:46] mvo: thanks [18:46] jdstrand: yeah, if snapcraft enables it we should fix the issue ASAP :) [18:46] ups, ijohnson -^ [18:46] yeah, I mean we could also ask snapcraft team to delay if really needed [18:47] stgraber: is running snapd inside a lxd container which is a nested lxd container supported? [18:47] stgraber: we test that snapd inside a lxd container works as expected and that we can create nested containers, but we heard from the juju team that sometime around eoan release it stopped working to install snaps inside the inner nested container [18:48] ijohnson: it's probably ok, I check in my morning, shouldn't be much work to do a 2.44.4, the only annoying part is that we only have a single beta channel and 2.45~pre1 is there right now, so it needs to go to candidate quickly or we test from a branch or something as we also need to build the beta cu20 image from the beta/ channel [18:49] mvo: I thought that ~pre* releases don't ever got to candidate ? [18:49] ijohnson: yeah, we usually put 2.44.x into beta so it would override 2.45~pre1 etc, I need to think a little bit about this [18:49] ack, let me know if there's anything I can help with [18:50] ijohnson: it's probably fine if we keep 2.44.4 in beta just shortly, 2.44.4 has almost no changes so the regression risk is minimal [18:50] ijohnson: thanks, will do! [18:52] PR snapd#8577 opened: [RFC] secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to secboot [18:55] ijohnson: apparmor only supports one level of nesting, so you can install snaps in a LXD container but you cannot install snaps inside a nested LXD container [18:56] ijohnson: LXD itself if not installed through snapd can nest all the way to the max 32 levels deep and will just re-use the parent level's apaprmor profile when detecting that it can't create a new apparmor namespace [18:56] stgraber: ack, I will let Tim Penhey know [18:57] I had someone reach out about this setup a week or so ago too [18:58] thanks, I can't seem to find him on IRC so I'll drop him an email and CC you on it [20:23] PR snapd#8475 closed: tests: port snap-session-agent-* to session-tool