Friday, 2019-01-04

« Thursday, 2019-01-03 Index Saturday, 2019-01-05 »
kata-irc-bot<fupan> kata-shimv2 will do the same with cli to find the default config files from /etc and /usr/share.01:38
kata-irc-bot<fupan> yes, by now it doesn’t support passing --config option01:39
kata-irc-bot<fupan> @eric.ernst @xu01:42
kata-irc-bot<eric.ernst> I think adding support for --config will help a lot02:15
kata-irc-bot<eric.ernst> with this, the same binary can be used with QEMU and FC02:15
kata-irc-bot<eric.ernst> I think with CLI you can also set the path at compile time02:16
kata-irc-bot<eric.ernst> thx for clarifying @fupan02:16
kata-irc-bot<xu> I have two points: - shimv2 should try more path, such as /usr/local/share - shimv2 should be configured through the cri configuration fields of containerd  I am not sure if the `--config` is essential02:18
kata-irc-bot<fupan> Since the shimv2's cmd option are parsed in the shim pkg located in containerd, if we want support it, we have to communicate with containerd guys.02:20
kata-irc-bot<xu> at least you may try more path and does parsing the environment vars work?02:22
kata-irc-bot<fupan> Hmm,  it depends, if we want to fix the issue of https://github.com/kata-containers/runtime/issues/1082#issuecomment-451303997, I think it’s better to let k8s/containerd pass a  parameter to shimv2. Thus the pod can be assigned to specific hypervisor.02:34
*** lsm5 has joined #kata-dev05:18
*** lpetrut has joined #kata-dev08:15
*** jodh has joined #kata-dev08:35
*** davidgiluk has joined #kata-dev09:01
*** lpetrut has quit IRC09:18
*** stackedsax has quit IRC11:55
kata-irc-bot<eric.ernst> @bergwolf - I have you listed as doing release next week - is that okay?  And, @zhangwei555 you have interest in jumping in this rotation?15:53
kata-irc-bot<eric.ernst> Or if anyone else has any interest (@mvedovati, @sebastien.boeuf , others?).  The wiki is located @ https://github.com/kata-containers/community/wiki/Release-Team-Rota.15:54
*** LinuxMe has joined #kata-dev15:57
kata-irc-bot<eric.ernst> @salvador.fuentes: when do you think it makes sense to switch default of testing runtimeClass?16:12
kata-irc-bot<eric.ernst> and/or, is there a job in place that tests it already?16:12
kata-irc-bot<xu> the two guys in China might be asleep right now :)16:13
kata-irc-bot<mnaser> does anyone know if nested virt works up until 3 layers?16:15
kata-irc-bot<mnaser> in order to test magnum support for kata, we run our CI inside VMS with nested virt16:15
kata-irc-bot<mnaser> so a VM deploys openstack with magnum, creates a cluster (which creates VMs inside the VM) and then if we want to add kata support, it will mean that there will be a third level of VMs...16:16
kata-irc-bot<eric.ernst> *should*?16:16
kata-irc-bot<eric.ernst> I mean, it should work up until you get too confused and fall over :slightly_smiling_face:16:17
kata-irc-bot<eric.ernst> 3, 4, 5...16:17
kata-irc-bot<eric.ernst> right?16:17
kata-irc-bot<eric.ernst> Are you seeing issues?16:17
kata-irc-bot<xu> sounds evil16:17
kata-irc-bot<eric.ernst> things like device pass-through won't16:17
davidgilukwell, 3 level passthrough will be emulation - so that will be slow as a slow thing16:18
davidgiluksorry , 3 level (not 3 level passthrough)16:18
davidgilukand not very well tested16:19
kata-irc-bot<eric.ernst> maybe i'm lame - i'm not sure how big of a delta L2 v L3.  (thinks through it...)16:19
davidgilukI'd expect the L2 to be usable and the L3 to be painful as hell16:20
kata-irc-bot<eric.ernst> I'll wait to hear @mnaser's story first before commenting :slightly_smiling_face:16:20
kata-irc-bot<mnaser> oh yeah, i mean i haven't tried it yet16:21
kata-irc-bot<eric.ernst> Either way it has to drop down to L0 via n-1 anyway; i'm not sure how it'd be different.16:21
kata-irc-bot<eric.ernst> once you are on a pile of turtles...16:21
kata-irc-bot<mnaser> but i'm thinking if we want to get Magnum support with proper CI, it might be problematic16:21
kata-irc-bot<mnaser> so maybe i'm wondering if it will require baremetal16:21
kata-irc-bot<eric.ernst> maybe @manohar.r.castelino is around to comment?16:22
kata-irc-bot<eric.ernst> or @jonolson16:22
kata-irc-bot<eric.ernst> Also, I'm looking @ https://github.com/kata-containers/tests/blob/master/.ci/install_cri_containerd.sh#L44-L64, and wondering - we just grabbed this from one of the installs of containerd or from a repo, or?  Just want to make sure we track if this changes.16:25
kata-irc-bot<manohar.r.castelino> @eric.ernst driving. Be online in about 2016:25
kata-irc-bot<eric.ernst> i think that's more dangerous than a pile of turtles.16:25
kata-irc-bot<eric.ernst> also debating merits of building versus using package from containerd directly.16:26
kata-irc-bot<jonolson> Nested virt works to arbitrary depth, in theory16:26
kata-irc-bot<jonolson> You end up with a stack of shadow VMCS objects, so slowdown depends on how many layers your exit traverses before being handled16:27
kata-irc-bot<jonolson> (sorry, still coming up to speed on conversation here)16:28
kata-irc-bot<eric.ernst> I'm just trying to recall nested story.  I thought there were enhancements  such that you don't traverse each layer, that it'd drop back to L016:29
kata-irc-bot<eric.ernst> Now I wish I didn't go cross-eyed during the L7 debug example at kvm-forum :slightly_smiling_face:16:29
kata-irc-bot<eric.ernst> @gabriela.cervantes.te ^ you know?16:30
kata-irc-bot<mnaser> yeah so i don't know if it would be a reliable CI target16:32
kata-irc-bot<jonolson> Exits themselves always drop back to L0, but that may re-enter into an arbitrary level depending on how the nested guests implemented their nested VMX instruction sets -- I would not trust it as a stable CI target -- you'd be better off doing emulation (slow, but mostly reliable)16:35
kata-irc-bot<eric.ernst> @mnaser there was a good presentation by oracle, who uses L3 a decent amount, at kvm-forum.  let me find the summary..16:35
kata-irc-bot<jonolson> Why... Why do they do that?16:36
kata-irc-bot<eric.ernst> that's the summary i'm looking for :slightly_smiling_face:16:36
kata-irc-bot<jonolson> Monsters.16:36
kata-irc-bot<eric.ernst> ``` Therefore, setup is: ○ L0 = Public cloud provider hypervisor ○ L1 = Ravello’s hypervisor (KVM based) ○ L2 = Ravello guest which is a hypervisor (e.g. ESXi) ○ L3 = L2 guests ```16:36
kata-irc-bot<mnaser> how slow is kata in qemu to run 1 or 2 tests16:37
davidgilukhuh ok, that's.....16:37
kata-irc-bot<mnaser> i dunno why L2 is there16:37
kata-irc-bot<mnaser> seems like you can just skip that part16:37
kata-irc-bot<mnaser> but hey16:37
kata-irc-bot<mnaser> i'm the one here suggesting the same idea so who am i to talk :slightly_smiling_face:16:37
kata-irc-bot<eric.ernst> The deck.  Too long - couldn't find summary aside from "it works, perf suffers"16:39
kata-irc-bot<eric.ernst> https://events.linuxfoundation.org/wp-content/uploads/2017/12/Improving-KVM-x86-Nested-Virtualization-Liran-Alon-Oracle.pdf16:39
kata-irc-bot<krsna1729> Ravello was a company acquired by oracle. i think it used to offer a way to setup labs and testing openstack installations on public cloud16:45
davidgilukyeh16:46
kata-irc-bot<gabriela.cervantes.te> @eric.ernst it is from the repo16:47
kata-irc-bot<eric.ernst> Was there discussion on whether to build from source or use the release before?16:49
kata-irc-bot<eric.ernst> wrt crio/containerd?16:49
kata-irc-bot<eric.ernst> If we just did the release, we'd get the service file, etc, setup 'out of the box'16:49
kata-irc-bot<manohar.r.castelino> folks we are trying to provide and easy to use crio + kata + firecracker + qemu + runc kubernetes setup... and wanted to setup device mapper in a way that worked in any enviornment using a sparse file backed loop device... If anyone has feedback on a better more production worthy setup the achieve the same (with devicemapper) I would appreciate the feedback https://github.com/clearlinux/cloud-native-setup/pull/2517:22
kata-irc-bot<manohar.r.castelino> It is typically hard to setup devicemapper in a production worthy way without dedicated block devices/partitions17:22
kata-irc-bot<eric.ernst> ah, you're just working around CRIO forcing you to have it setup production-wise17:23
kata-irc-bot<manohar.r.castelino> @eric.ernst yes :(17:23
*** LinuxMe has quit IRC17:24
kata-irc-bot<eric.ernst> containerd doesn't force you17:25
kata-irc-bot<eric.ernst> ..but... it also doesn't have its own snapshotter :slightly_smiling_face:17:25
kata-irc-bot<gabriela.cervantes.te> @eric.ernst I did not remember if there was a discussion about building from source or use the release before17:29
*** LinuxMe has joined #kata-dev17:34
*** jodh has quit IRC18:00
*** LinuxMe has quit IRC18:22
*** LinuxMe has joined #kata-dev18:34
*** LinuxMe has quit IRC18:49
kata-irc-bot<raravena80> is devicemapper on CRIO even prod ready?  I'm reading here that it's not yet.  https://docs.openshift.com/container-platform/3.11/crio/crio_runtime.html. I suppose at one point it will be.19:31
kata-irc-bot<raravena80>19:31
kata-irc-bot<eric.ernst> I'll ask mrunal about it19:32
kata-irc-bot<eric.ernst> anyone want to spend their afternoon on a fun bug?  https://docs.openshift.com/container-platform/3.11/crio/crio_runtime.html#configuring-cri-o-storage19:33
*** LinuxMe has joined #kata-dev19:39
*** eernst has joined #kata-dev19:51
*** eernst has quit IRC19:53
*** eernst has joined #kata-dev20:06
*** davidgiluk has quit IRC20:28
*** LinuxMe has quit IRC21:19
*** eernst has quit IRC21:25
*** openstack has joined #kata-dev23:43
*** ChanServ sets mode: +o openstack23:43
« Thursday, 2019-01-03 Index Saturday, 2019-01-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!