13:02:41 #startmeeting 13:02:41 Meeting started Mon Aug 24 13:02:41 2015 UTC. The chair is stefw. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:02:41 Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:02:47 .hello mvo 13:02:47 #topic Agenda 13:02:47 mvollmer: mvo 'Marius Vollmer' 13:02:58 .hello stefw 13:02:59 stefw: stefw 'Stef Walter' 13:03:03 * travis/semaphore/... 13:03:08 * Continuous delivery 13:03:16 * generic service api 13:03:18 * SSH agent code 13:03:24 * Accessing non-localhost from bridge 13:03:54 * travis ci 13:05:12 #topic travis/semaphore/... 13:05:26 gentlemen start your engines 13:05:31 right, i have some news about the travis bug 13:05:46 * stefw Is so happy that Travis is open source 13:05:47 big/fast writes to stdout can cause EAGAIN 13:06:07 and we seem to just at the edge of what counts as "big" 13:06:38 make distclean writes very long commands to stdout, and if we add more files to our non-recursive Makefiles, we go over the limit 13:06:40 apparently 13:06:54 and make/anyone doesn't handle EAGAIN 13:07:16 so I made a small workaround that writes more carefully and we pipe through that 13:07:28 PR is in the making 13:07:50 nice 13:07:54 but I am not saying that we shouldn't switch to semaphore 13:08:06 i just have character flaw that I can't let go of a bug 13:08:36 i think the pros are still very strong 13:08:48 but is semaphore open source? 13:08:54 idk 13:09:00 don't think so 13:09:06 badum tsch 13:09:25 yeah 13:09:35 should we also switch to gitlab? :-) 13:09:44 well .... 13:09:46 the thing is 13:09:52 * stefw could talk about this for hours 13:09:58 github is about the social stuff 13:10:03 and it doesn't matter if github is open source 13:10:06 it'll never be 'free software' 13:10:15 in that you can't modify it, even if you had the source code 13:10:33 SaaS + Social needs a new Richard Stallman 13:10:39 or some similar revolution 13:10:49 because it's just a impass 13:10:59 richard care about the code you run in your browser 13:11:12 you can't have social + free software + the current web architecture 13:11:18 mvollmer, yes, that means reinventing the web ... basically 13:11:20 so long story short 13:11:23 but what runs on the server, well, that's a different thing. 13:11:30 if we want the social aspects of GitHub 13:11:44 we can't currently (given the way the web is) anything approaching 'free software' 13:11:59 affero-gpl ftw 13:12:16 but in general we should support open source services 13:12:22 and Travis has no social element 13:12:33 therefore it's replaceable ... and doesn't suffer from these issues 13:12:50 it is capable of, true open source, free software whatever ... so we should support it 13:13:06 suport == using their resources without paying :-) 13:13:13 no, help them fix this bug 13:13:18 but, yes, I agree. 13:13:28 about everything, actually. 13:13:47 i can tolerate github as long as the API is there 13:14:02 and I could in theory write my own client. 13:14:32 anyway, back to the issue 13:14:36 and the social aspect is the reason why we went there in the first place 13:14:38 yep 13:14:41 i guess we should file a bug on travis? 13:14:49 * stefw tries to figure out which component 13:14:50 yes 13:15:04 we ca file it against the top-level, I guess 13:15:07 travis-vi 13:15:12 *travis-ci 13:15:19 travis-emacs 13:15:23 sounds good 13:15:32 I will do that 13:15:39 #info mvollmer will file a bug on travis, and try to help find the source of the issue 13:16:08 #info mvollmer will also install a workaround for us 13:17:03 okay, anything about semaphore? 13:17:13 should we wait for how well the workaround works? 13:17:37 i'll keep my account around for now 13:17:41 or is it decided that we stay with travis? 13:17:51 just because the version we need is invite only 13:18:03 once we have travis working i'll delete it 13:18:06 ohh, that's a con. 13:18:21 okay, we all owe petervo some beer for doing the work 13:18:22 yeah it was in my list 13:18:31 the inotify thing 13:19:42 next topic? 13:19:46 i am not sure I understand 13:20:18 yes, next topic. 13:20:23 yes thanks petervo, for looking into that ... if we do hit a wall with Travis, it's good to know we can switch easily 13:20:32 #topic Continuous Delivery 13:20:44 so now that our continuous integration has been going so well (ha ha) 13:21:07 I've gotten tired of doing the entire tedious and error prone release dance over and over again ... as I imagine so has Peter 13:21:19 I've posted to cockpit-devel mailing list some goals for where we want to be on continuous delivery 13:21:21 the upshot is: 13:21:26 a) tag a release 13:21:48 b) tag becomes a release goes into fedora (specific versions), docker container, github releases page, copr 13:21:51 all automatically 13:21:56 ... and then eventually 13:22:12 c) the release is tested with our integration tests again ... if passes in Fedora, promoted into an update and pushed out 13:22:26 the last release 0.72 was done purely with scripts 13:22:38 everything from %changelog updates, to koji git commits, and builds, to copr 13:22:43 to github release uploaded etc... 13:22:46 was all from a script 13:22:52 so we can polish those scripts a bit for a while 13:22:58 before we actually start triggering them automatically 13:23:16 [cockpit] mvollmer opened pull request #2611: travis: Write build output carefully to stdout. (master...travis-careful-cat) http://git.io/vsPjZ 13:24:01 nice 13:24:11 so anyone against this in principle? 13:24:16 also one of those things that "should exist already", no? 13:24:27 no, sounds very good 13:24:30 well it's hopelessly project and destination specific 13:24:36 i'm using mainly written command line tools 13:24:39 and tying them together 13:24:46 one cool part was that these all run as scripts 13:24:56 and before commiting their changes, each script SIGSTOPs itself 13:25:04 the runner then checks if everything got to that point 13:25:09 and if so, resumes the scripts one by one 13:25:17 so they complete their actual non-draft or scratch change 13:25:47 cool :) 13:26:04 alright, next topic? 13:26:15 #topic Generic Service API 13:26:19 ok 13:26:41 so we have two places now that want to mess with services 13:26:51 multipath wants to switch on the daemon 13:27:04 and we want to switch on/off pmlogger 13:27:21 also docker, right? 13:27:27 yes, true! 13:27:35 three places 13:27:40 nobody expects docker 13:27:43 sorry 13:27:56 :) 13:27:56 so, using systemd directly is tricky 13:28:19 so now I have wrapped it as "system/service" 13:28:28 seems like a good idea 13:28:40 and then I went further and tried to make it a generic API 13:28:46 that also works for sysvinit, say 13:28:54 and how would it know how to map names? 13:28:57 of services? 13:28:59 but stefw was right: this is tricky 13:29:19 i don't even know what "enabled" should mean exactly 13:29:36 you would have to know the names 13:29:49 which are hopefully the same... 13:30:03 seems like it's premature to generalize this no? 13:30:07 but yes, this is trying to abstract things that don't need sbtracting right now 13:30:10 very dangerous 13:30:20 I agree 13:30:30 still, it is good for our own use 13:30:48 yes i just think we shouldn't expect it to be stable 13:30:52 yep 13:30:54 if we don't have a second init system that we support, yet 13:31:11 yes, it would be a solution in search of a problem 13:31:36 so I'll rename things and reword the docs 13:32:20 eot? 13:32:23 #info We won't imagine the general service API is stable yet 13:32:37 #topic SSH agent code 13:32:46 I've done some more review of the SSH code for the PAM module 13:32:54 petervo has done really nice work here 13:33:02 as I discussed with Peter, we've renamed this to be clearer 13:33:05 it's called pam_ssh_add.so 13:33:08 to be clear that's what it does 13:33:20 it adds keys during the pam cofrumblence 13:33:31 well ssh keys 13:33:33 it adds them to an agent 13:33:41 if the agent isn't running, it starts the agent 13:34:43 the selinux issues are kind of ugly 13:34:54 because selinux refuses to let us launch the ssh-agent after it has set up the correct context 13:35:04 and therefore even with our workaround the ssh-agent is started with the wrong context 13:35:26 should we break down and just use sh? 13:35:30 yup 13:35:46 ok 13:35:46 says something when /bin/sh is our tool against the mighty selinux 13:36:03 anything else on this petervo? 13:36:07 i think with that resolved, we'd be ready to merge 13:36:13 do we want to rename retest? 13:36:21 if we are sharing it? 13:36:27 if you want 13:36:30 i don't care either way 13:36:43 ok, i won't either 13:37:04 i'll bring in your changes and update the PR 13:37:59 cool 13:38:09 #topic Accessing non-localhost from bridge 13:38:16 Soooo heads up and food for thought 13:38:26 usually cockpit only accesses local services 13:38:31 and we get to other machines via SSH 13:38:39 that means when doing TCP, we connect to localhost 13:38:47 so far this has served us well 13:38:53 however with more and more thingys in containers 13:39:12 and also with openshift listening on specific addresses (even though they are local) 13:39:23 we now have the need to have bridge connect to specific addresses 13:39:43 which means, in theory at least, connections from the machine could leave the local machine (given the right options to the channel) 13:39:48 does anyone have a problem with this? 13:40:13 at a very minumum, we need to be on the lookout for assumptions that assumed only local connections would be made 13:40:19 i tightened up the TLS validation because of this. 13:40:44 no problems here 13:41:14 we have cockpit.spawn, which can do everything anyway 13:41:23 true 13:41:47 we just need to make sure to look for code confusing the "host" and "address" options 13:41:59 #topic Code to access non-local addresses from TCP channels are merged into master 13:42:04 * stefw wishes that host had been called machine 13:42:08 but it's too late for that 13:43:45 alrighty 13:43:54 #topic Open Floor 13:44:18 phantomjs in mock 13:44:45 or more generally, should we try not to skip tests in mock? 13:44:45 That's not going to work for Brew or Koji builds 13:44:59 right 13:45:09 well, even more generally, we can't make mock test everything right? 13:45:13 so the question is where do we draw the line. 13:45:17 and we have "make check" in cockpit.spec so that brew and koji do at least some testing, right? 13:45:53 we rely on travis to run make check and valgrind and make distcheck, right? 13:46:09 that was my assumption 13:46:15 i wanted 'make check' in the cockpit.spec 13:46:16 because 13:46:19 a) everyone says to do it 13:46:29 b) having continous delivery without it would be silly 13:47:07 so the idea being that building cockpit runs the tests 13:47:14 on the given operating system where we're building 13:47:20 but since these operating systems don't have phantomjs 13:47:29 and we have no way to bring it into the build system there (such as Koji) 13:47:44 i think realistically this doesn't fit under the goals i had in mind when i added 'make check' to cockpit.spec 13:47:53 but perhaps we have different goals for that line? 13:48:48 if we use it as an alternative to travis, then we would have different goals 13:49:00 true 13:49:06 but then we would need to cram everything in there 13:49:10 but if continue to use travis, then it can remain "easy" 13:49:12 including 'make distcheck' and 'make check-memory' 13:49:17 yes 13:49:19 and somehow enable the root tests 13:49:25 yep 13:49:37 i actually tried that... 13:49:41 :-) 13:50:07 but I am happy as things are 13:50:20 we might safe time by _not_ running make check in hubbot 13:50:28 yes, you can do --quick 13:50:34 ahh, ok. 13:50:36 if we decide to do that 13:50:55 tools/make-rpms --quick 13:51:57 i have no strong opinion 13:52:38 well lets let more dust settle 13:52:43 and then make the next round of testing changes once it does 13:52:50 yeah 13:54:14 #endmeeting