| *** olivierb has joined #openstack-dib | 07:00 | |
| ianw | olivierb: hrm, well that's good news that we at least know what it is | 07:08 |
|---|---|---|
| olivierb | ianw yes but I am still very puzzled on why it works in the CI | 07:09 |
| ianw | i'm pretty sure we have auditd installed there | 07:10 |
| olivierb | as mentioned earlier and if I did look well enough the xenial CI system does not seem to have auditd running | 07:10 |
| ianw | root 264 2 0 07:14 ? 00:00:00 [kauditd] | 07:19 |
| ianw | so audit is enabled; i think that's enough | 07:20 |
| ianw | ? | 07:20 |
| olivierb | http://logs.openstack.org/66/591366/11/check/dib-dsvm-functests-python2-ubuntu-xenial-image/d19ecab/job-output.txt.gz#_2018-08-17_08_41_18_892418 auditd package not present :-( process not running (ps -efH) ... | 07:21 |
| ianw | no, auditd isn't there, but i think what happens is that there's a audit netlink socket and kauditd collects the logs and they end up in syslog | 07:22 |
| ianw | unless auditd is there to collect them. i'm sure i committed something about this once to dib or project-config when we had the logs getting spammed ... | 07:22 |
| olivierb | ok checking this on my failing system right now | 07:32 |
| olivierb | however, again and even if I now understand the reasons better, as a DIB user I would not expect image building to be so dependent of underlying boot parameters of building host even if I agree that it might be very difficult to achieve for some very specific cases | 07:33 |
| *** openstackgerrit has joined #openstack-dib | 07:45 | |
| openstackgerrit | Olivier Bourdon proposed openstack/diskimage-builder master: Fix CentOS image build failure when dib runs on debian based system https://review.openstack.org/559485 | 07:45 |
| ianw | this is what i'm thinking of https://review.openstack.org/#/c/352263/ | 07:45 |
| ianw | olivierb: well, that's the nature of being in a chroot ... | 07:45 |
| olivierb | thanks for digging this out | 07:47 |
| olivierb | may be the new version of the patch will be better matching your expectations. thanks a lot for your time and help | 07:48 |
| olivierb | I can also now confirm that having kernel flag audit=1 is sufficient to get image build properly without adding auditd or any other packages to xenial | 07:57 |
| olivierb | I did a strace on the failing code and the error is | 08:09 |
| olivierb | 18385 socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = -1 EPROTONOSUPPORT (Protocol not supported) | 08:09 |
| olivierb | my kernel is "standard" xenial kernel installed from netboot + FAI | 08:10 |
| olivierb | let me check the config file for AUDIT | 08:13 |
| olivierb | grep AUDIT /boot/config-4.4.0-134-generic | 08:14 |
| olivierb | CONFIG_AUDIT_ARCH=y | 08:14 |
| olivierb | CONFIG_AUDIT=y | 08:14 |
| olivierb | CONFIG_HAVE_ARCH_AUDITSYSCALL=y | 08:14 |
| olivierb | CONFIG_AUDITSYSCALL=y | 08:14 |
| olivierb | CONFIG_AUDIT_WATCH=y | 08:14 |
| olivierb | CONFIG_AUDIT_TREE=y | 08:14 |
| olivierb | CONFIG_NETFILTER_XT_TARGET_AUDIT=m | 08:14 |
| olivierb | CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 | 08:14 |
| olivierb | CONFIG_INTEGRITY_AUDIT=y | 08:14 |
| *** olivierb_ has joined #openstack-dib | 08:42 | |
| *** olivierb has quit IRC | 08:43 | |
| ianw | interesting, i can find nothing that suggests that socket() call should fail with CONFIG_AUDIT=y enabled kernels | 08:46 |
| ianw | /* No auditing will take place until audit_initialized == AUDIT_INITIALIZED. | 08:49 |
| ianw | * (Initialization happens after skb_init is called.) */ | 08:49 |
| ianw | pr_info("initializing netlink subsys (%s)\n", | 08:49 |
| ianw | audit_default ? "enabled" : "disabled"); | 08:49 |
| ianw | so i guess that should be in dmesg | 08:49 |
| *** trungnv has quit IRC | 09:52 | |
| openstackgerrit | Harry Kominos proposed openstack/diskimage-builder master: Fix bootloader packages for aarch64 https://review.openstack.org/598595 | 11:06 |
| *** hkominos_ has joined #openstack-dib | 11:12 | |
| *** tonyb has quit IRC | 12:02 | |
| *** tonyb has joined #openstack-dib | 12:19 | |
| *** mjturek has joined #openstack-dib | 13:18 | |
| *** mjturek has quit IRC | 14:36 | |
| *** mjturek has joined #openstack-dib | 14:43 | |
| *** mjturek has quit IRC | 14:46 | |
| *** mjturek has joined #openstack-dib | 14:47 | |
| *** hkominos_ has left #openstack-dib | 14:51 | |
| openstackgerrit | Harry Kominos proposed openstack/diskimage-builder master: Fix bootloader packages for aarch64 https://review.openstack.org/598595 | 15:02 |
| *** mjturek has quit IRC | 15:05 | |
| *** mjturek has joined #openstack-dib | 15:25 | |
| *** openstackgerrit has quit IRC | 16:06 | |
| *** mjturek has quit IRC | 16:09 | |
| *** mjturek has joined #openstack-dib | 16:10 | |
| olivierb_ | ianw r u still here ? | 16:18 |
| olivierb_ | tried to see if I could find anything meaningfull in dmesg but seems like only dracut output is there finishing with [ 4068.138867] dracut[25743] *** Creating initramfs image file '/boot/initramfs-3.10.0-862.11.6.el7.x86_64.img' done *** | 16:19 |
| olivierb_ | tried other log files without more success I am affraid | 16:25 |
| *** olivierb_ has quit IRC | 16:41 | |
| *** mjturek has quit IRC | 17:27 | |
| *** mjturek has joined #openstack-dib | 17:28 | |
| *** mjturek has quit IRC | 17:37 | |
| *** mjturek has joined #openstack-dib | 17:38 | |
| *** mjturek has quit IRC | 17:45 | |
| *** mjturek has joined #openstack-dib | 17:46 | |
| *** mjturek has quit IRC | 18:33 | |
| *** cmurphy|vacation is now known as cmurphy | 20:58 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!