| apuimedo | but the ping works | 00:00 |
|---|---|---|
| fkautz | were you having problems with iproute2? | 00:00 |
| fkautz | i don't think that uses ioctl, should be using netlink | 00:00 |
| apuimedo | fkautz: it was fake iproute2 :P it was busybox | 00:01 |
| fkautz | oh, even worse :p | 00:01 |
| apuimedo | cheeky busybox prettending to be other things | 00:01 |
| fkautz | no idea what busybox uses | 00:01 |
| fkautz | well, busy box is a busy little bee :p | 00:01 |
| apuimedo | banix: I probably need another capability apart from net_admin | 00:01 |
| apuimedo | to modify /sys/class/net | 00:01 |
| apuimedo | I wonder which though | 00:01 |
| fkautz | maybe net_raw? | 00:01 |
| apuimedo | fkautz: no, I think that's just for crafting packets | 00:03 |
| fkautz | and transparent proxying | 00:04 |
| *** abhiraut has joined #openstack-kuryr | 00:05 | |
| fkautz | if you run in privileged, does it still work? | 00:05 |
| fkautz | docker had problems with /sys being mounted read only in the past | 00:05 |
| apuimedo | I think so | 00:05 |
| apuimedo | let me check | 00:05 |
| fkautz | could be a regression if it doesn't work | 00:06 |
| apuimedo | same issue | 00:10 |
| apuimedo | :( | 00:10 |
| openstackgerrit | Abhishek Raut proposed openstack/kuryr: Eliminate duplicate logic to generate ID's for tests https://review.openstack.org/313805 | 00:10 |
| apuimedo | I'll try to mount it as a volume | 00:10 |
| fkautz | i believe sysfs should be unique for each container | 00:10 |
| fkautz | shouldn't just mount host sysfs | 00:10 |
| fkautz | but should be ok for testing | 00:11 |
| fkautz | for non-privileged: sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0 | 00:12 |
| *** yamamoto_ has joined #openstack-kuryr | 00:12 | |
| fkautz | for privileged: sysfs on /sys type sysfs (rw,seclabel,nosuid,nodev,noexec,relatime) | 00:12 |
| apuimedo | fkautz: curious | 00:13 |
| fkautz | that's something else we should look at w/privileged containers... apparmor and selinux labels | 00:13 |
| apuimedo | with privileged it writes to it | 00:13 |
| apuimedo | but | 00:13 |
| apuimedo | it still outputs | 00:13 |
| apuimedo | + echo 0 | 00:14 |
| apuimedo | /usr/libexec/kuryr/ovs: line 49: echo: write error: Invalid argument | 00:14 |
| apuimedo | but it sets the stp and the fd to 0 | 00:14 |
| apuimedo | / # cat /sys/class/net/qbrc5983536-4e/bridge/stp_state | 00:14 |
| apuimedo | 0 | 00:14 |
| fkautz | so the write is successful but still errors? | 00:14 |
| apuimedo | no, I think that's stderr from the echo operation | 00:15 |
| apuimedo | the command, I think returns 0 | 00:15 |
| apuimedo | I can't really make heads or tails of it | 00:18 |
| apuimedo | I see the process exitting with 0 | 00:18 |
| apuimedo | but at the same time it logs an error | 00:18 |
| fkautz | mmm, a long shot... | 00:19 |
| fkautz | check the perms on the file, make sure it is writable by root? | 00:19 |
| apuimedo | fkautz: banix: http://paste.openstack.org/show/496404/ | 00:20 |
| apuimedo | it is | 00:20 |
| banix | apuimedo: problem solved? | 00:21 |
| apuimedo | I'm not sure | 00:22 |
| *** abhiraut has quit IRC | 00:22 | |
| apuimedo | I see the forward_delay and the stp_state set to 0 | 00:22 |
| apuimedo | but, as you can see in the latest paste | 00:22 |
| apuimedo | I can still see invalid argument (though the script finishes returning 0) | 00:22 |
| banix | i see | 00:22 |
| banix | missed the errors | 00:22 |
| apuimedo | and then there's the issue with networkdriver.join | 00:22 |
| banix | no the 404 error is ok | 00:23 |
| fkautz | i have no problems with modifying stp_state in a privileged container by echoing directly to it | 00:23 |
| banix | its from /NetworkDriver.ProgramExternalConnectivity | 00:23 |
| *** abhiraut has joined #openstack-kuryr | 00:23 | |
| banix | kind of newly added to libnetwork api | 00:23 |
| banix | i opened a bug on it the other day | 00:23 |
| apuimedo | ah, ok | 00:23 |
| apuimedo | :-) | 00:23 |
| apuimedo | fkautz: I wonder if there is another cap that makes docker engine mount it rw | 00:24 |
| apuimedo | banix: thanks, at least I'm not going bonkers | 00:24 |
| banix | just need to add a couple of noop catchers for thie ProgremEternalConnectivity and the Revoke ExternalConnectivity | 00:24 |
| apuimedo | banix: fkautz: I found it! | 00:25 |
| apuimedo | I know why even in privileged mode I get write error | 00:25 |
| apuimedo | but not when I do it myself on the terminal | 00:25 |
| fkautz | what happens if you try using brctl? | 00:26 |
| fkautz | brctl stp bridge0 1 | 00:26 |
| apuimedo | http://paste.openstack.org/show/496405/ | 00:26 |
| banix | apuimedo: why? fkautz: that how we had it originally | 00:26 |
| apuimedo | banix: fkautz that would most likely work | 00:26 |
| apuimedo | because it uses ioctl | 00:26 |
| apuimedo | but some distros don't ship it by default anymore | 00:27 |
| fkautz | we should be able to find an equivalent netlink command | 00:27 |
| apuimedo | I wonder wtf is the problem with bash | 00:27 |
| fkautz | some bash implementations drop privileges | 00:27 |
| apuimedo | fkautz: if it exists, it will be ultra recent | 00:27 |
| apuimedo | fkautz: that's true | 00:28 |
| fkautz | we could also write a simple ioctl binary to toggle stp | 00:28 |
| apuimedo | fkautz: I think it has to do with the redirection | 00:28 |
| apuimedo | actually | 00:28 |
| fkautz | stp is spanning tree | 00:29 |
| fkautz | do you need it? | 00:29 |
| apuimedo | fkautz: nova's binding does set it to 0 | 00:30 |
| apuimedo | It could bring problems with the switches, I guess | 00:30 |
| apuimedo | bash-4.3# tee /sys/class/net/qbrc5983536-4e/bridge/stp_state | 00:30 |
| apuimedo | 0 | 00:30 |
| apuimedo | 0 | 00:30 |
| apuimedo | bash-4.3# cat /sys/class/net/qbrc5983536-4e/bridge/stp_state | 00:30 |
| apuimedo | 0 | 00:30 |
| apuimedo | bash-4.3# | 00:30 |
| apuimedo | funnily enough, using tee works :P | 00:30 |
| fkautz | that's the main problem, you want it disabled unless you introduce switching loops | 00:30 |
| fkautz | lol yea | 00:31 |
| fkautz | echo 0 | tee stp_state :p | 00:31 |
| apuimedo | yes, that's what I do | 00:31 |
| apuimedo | :P | 00:31 |
| fkautz | and that worked? :o | 00:31 |
| apuimedo | it does | 00:31 |
| fkautz | weird | 00:31 |
| fkautz | i think you have a broken echo | 00:31 |
| apuimedo | tee is usually coming to the rescue when redirections screw me | 00:32 |
| fkautz | yea, that's likely | 00:32 |
| apuimedo | busybox | 00:32 |
| apuimedo | :P | 00:32 |
| apuimedo | ah no | 00:32 |
| apuimedo | that's actually bash | 00:32 |
| apuimedo | the busybox one works | 00:32 |
| fkautz | yea, i was thinking > | 00:32 |
| apuimedo | mmm | 00:32 |
| fkautz | foo > redirect-breaks | 00:32 |
| apuimedo | I really wish our scripts would be /bin/sh and not /bin/bash | 00:33 |
| fkautz | why not switch them? | 00:33 |
| apuimedo | but I can't force the people to write in that ugly way | 00:33 |
| fkautz | sh is the most portable | 00:33 |
| fkautz | not that bash is particularly bad | 00:33 |
| apuimedo | I know | 00:33 |
| apuimedo | I try not to use the bashisms | 00:33 |
| fkautz | also, lots of apps broke with dash :x | 00:33 |
| fkautz | even those pointing to #!/bin/sh | 00:34 |
| apuimedo | people write in bash nowadays | 00:34 |
| apuimedo | not sh | 00:34 |
| fkautz | apuimedo: so this is for running kuryr in a container? | 00:36 |
| apuimedo | yup | 00:36 |
| apuimedo | It runs fine | 00:37 |
| apuimedo | it only bothers me to have the privileged | 00:37 |
| apuimedo | let me check with brctl | 00:37 |
| apuimedo | that worked | 00:41 |
| apuimedo | banix: mea culpa! | 00:41 |
| apuimedo | I should not have made you move to sysfs | 00:42 |
| apuimedo | brctl, we're back | 00:42 |
| apuimedo | ! | 00:42 |
| banix | great! | 00:43 |
| fkautz | brctl worked with --cap-add=NET_ADMIN | 00:43 |
| fkautz | https://www.irccloud.com/pastebin/bg94ROg2/ | 00:44 |
| *** abhiraut has quit IRC | 00:45 | |
| fkautz | default is off | 00:45 |
| openstackgerrit | Antoni Segura Puimedon proposed openstack/kuryr: containerization: Add dockerfile https://review.openstack.org/279320 | 00:46 |
| apuimedo | good | 00:46 |
| apuimedo | so this is ready | 00:46 |
| apuimedo | when Gal comes back from the weekend we can merge it | 00:46 |
| apuimedo | and have automated builds | 00:46 |
| fkautz | +1 | 00:47 |
| apuimedo | banix: fkautz: http://paste.openstack.org/show/496406/ | 00:50 |
| apuimedo | https://www.youtube.com/watch?v=Ugpg8XruhVk | 00:50 |
| fkautz | :D | 00:51 |
| banix | cool | 00:53 |
| apuimedo | I'll push it now as kuryr/libnetwork:ovs | 00:54 |
| apuimedo | so people can start using it | 00:54 |
| apuimedo | banix: no changes should be necessary for ovn, right? | 00:55 |
| banix | apuimedo: not that i can think of | 00:57 |
| *** gangil has quit IRC | 00:57 | |
| apuimedo | good | 00:58 |
| *** abhiraut has joined #openstack-kuryr | 00:58 | |
| *** shashank_hegde has quit IRC | 01:00 | |
| *** abhiraut has quit IRC | 01:03 | |
| *** gangil has joined #openstack-kuryr | 01:04 | |
| *** gangil has quit IRC | 01:09 | |
| apuimedo | https://hub.docker.com/r/kuryr/libnetwork/tags/ | 01:10 |
| apuimedo | :-) | 01:10 |
| *** gangil has joined #openstack-kuryr | 01:11 | |
| banix | cool; apuimedo you need to fix a pep8 error in the patch | 01:11 |
| apuimedo | :O | 01:11 |
| apuimedo | I'm a sinner | 01:11 |
| banix | 2016-05-07 00:48:51.766 | ./kuryr/server.py:18:1: H306 imports not in alphabetical order (kuryr.common.config, kuryr.app) | 01:11 |
| apuimedo | fixed | 01:12 |
| apuimedo | thanks banix | 01:12 |
| apuimedo | ! | 01:12 |
| openstackgerrit | Antoni Segura Puimedon proposed openstack/kuryr: containerization: Add dockerfile https://review.openstack.org/279320 | 01:13 |
| banix | thanks for the docker file! | 01:13 |
| apuimedo | :-) | 01:13 |
| apuimedo | and now. I deserve to hit the bed with my back, and not just with my butt | 01:13 |
| apuimedo | fkautz: banix: nighty night! | 01:13 |
| banix | good night | 01:13 |
| fkautz | good night! | 01:14 |
| banix | fkautz: where are you located? | 01:14 |
| fkautz | near san francisco | 01:14 |
| banix | cool | 01:14 |
| fkautz | and you? | 01:14 |
| banix | NYC | 01:14 |
| fkautz | visited there once | 01:15 |
| fkautz | my university professor was collaborating with nancy lynch who was working out of CUNY and invited me to participate :x | 01:16 |
| fkautz | advisor* | 01:16 |
| banix | not a bad pace to visit. same goes for SF | 01:17 |
| fkautz | https://en.wikipedia.org/wiki/Nancy_Lynch | 01:17 |
| fkautz | Awards: Dijkstra Prize, Knuth Prize, IEEE Emanuel R. Piore Award, ACM-W Athena Lecturer :o | 01:17 |
| fkautz | yea, visited during a summer, was nice | 01:18 |
| fkautz | SF doesn't matter when you visit | 01:18 |
| fkautz | it's usually the same | 01:18 |
| fkautz | slightly warmer or cooler depending on the year | 01:18 |
| banix | impressive professor! | 01:18 |
| banix | well best time for visiting NYC is spring or fall | 01:18 |
| banix | summers can get pretty uncomfortable | 01:18 |
| banix | and winters you know about :) | 01:19 |
| fkautz | i was coming from texas, so summer visit was a nice reprieve from the heat :p | 01:19 |
| banix | yeah i guess everything is relative :) | 01:20 |
| fkautz | tbh, the one thing i miss in nyc manhattan is the great public transportation | 01:20 |
| fkautz | SF is decent, but wasn't as good as nyc | 01:20 |
| *** gangil has quit IRC | 01:27 | |
| *** yamamoto_ has quit IRC | 01:32 | |
| *** fawadkhaliq has joined #openstack-kuryr | 02:28 | |
| *** fawadkhaliq has quit IRC | 02:31 | |
| *** yamamoto_ has joined #openstack-kuryr | 02:32 | |
| *** yamamoto_ has quit IRC | 02:42 | |
| *** fawadkhaliq has joined #openstack-kuryr | 03:43 | |
| *** salv-orlando has joined #openstack-kuryr | 04:08 | |
| *** banix has quit IRC | 04:15 | |
| *** salv-orlando has quit IRC | 04:18 | |
| *** fawadkhaliq has quit IRC | 04:21 | |
| *** fawadkhaliq has joined #openstack-kuryr | 04:21 | |
| *** fawadkhaliq has quit IRC | 04:33 | |
| *** shashank_hegde has joined #openstack-kuryr | 05:05 | |
| *** oanson has joined #openstack-kuryr | 05:56 | |
| *** gangil has joined #openstack-kuryr | 06:36 | |
| *** yamamoto_ has joined #openstack-kuryr | 06:36 | |
| *** oanson has quit IRC | 06:38 | |
| *** shashank_hegde has quit IRC | 06:44 | |
| *** shashank_hegde has joined #openstack-kuryr | 06:45 | |
| *** shashank_hegde has quit IRC | 06:50 | |
| *** shashank_hegde has joined #openstack-kuryr | 06:53 | |
| *** yamamoto_ has quit IRC | 06:57 | |
| *** gangil has quit IRC | 06:58 | |
| *** yamamoto_ has joined #openstack-kuryr | 07:03 | |
| *** yamamoto_ has quit IRC | 07:05 | |
| *** shashank_hegde has quit IRC | 07:16 | |
| *** shashank_hegde has joined #openstack-kuryr | 07:22 | |
| *** salv-orlando has joined #openstack-kuryr | 07:23 | |
| *** salv-orlando has quit IRC | 07:33 | |
| *** gangil has joined #openstack-kuryr | 07:37 | |
| *** salv-orlando has joined #openstack-kuryr | 07:38 | |
| *** salv-orlando has quit IRC | 07:47 | |
| *** gangil has quit IRC | 07:50 | |
| *** yamamoto has joined #openstack-kuryr | 08:05 | |
| *** yamamoto has quit IRC | 08:13 | |
| *** shashank_hegde has quit IRC | 08:23 | |
| *** yamamoto has joined #openstack-kuryr | 08:24 | |
| *** yamamoto has quit IRC | 09:04 | |
| *** yamamoto has joined #openstack-kuryr | 09:35 | |
| *** yamamoto has quit IRC | 10:00 | |
| *** yamamoto has joined #openstack-kuryr | 10:12 | |
| *** salv-orlando has joined #openstack-kuryr | 10:42 | |
| *** salv-orlando has quit IRC | 10:46 | |
| *** wangfeng has joined #openstack-kuryr | 12:19 | |
| *** banix has joined #openstack-kuryr | 12:26 | |
| *** HenryG has quit IRC | 13:22 | |
| *** HenryG has joined #openstack-kuryr | 13:23 | |
| *** HenryG has quit IRC | 13:23 | |
| *** HenryG has joined #openstack-kuryr | 13:24 | |
| *** banix has quit IRC | 13:48 | |
| *** salv-orlando has joined #openstack-kuryr | 13:49 | |
| *** salv-orlando has quit IRC | 13:57 | |
| *** ramishra has quit IRC | 14:07 | |
| *** ramishra has joined #openstack-kuryr | 14:08 | |
| *** banix has joined #openstack-kuryr | 14:12 | |
| *** openstack has joined #openstack-kuryr | 14:23 | |
| *** banix has quit IRC | 14:28 | |
| *** banix has joined #openstack-kuryr | 14:37 | |
| *** banix has quit IRC | 15:08 | |
| *** salv-orlando has joined #openstack-kuryr | 15:22 | |
| *** salv-orlando has quit IRC | 15:33 | |
| *** irenab_ has joined #openstack-kuryr | 15:47 | |
| *** irenab has quit IRC | 15:50 | |
| *** irenab_ is now known as irenab | 15:50 | |
| *** salv-orlando has joined #openstack-kuryr | 15:54 | |
| *** salv-orlando has quit IRC | 15:58 | |
| *** yamamoto has quit IRC | 16:05 | |
| *** yamamoto has joined #openstack-kuryr | 16:07 | |
| *** banix has joined #openstack-kuryr | 16:21 | |
| *** gangil has joined #openstack-kuryr | 16:24 | |
| *** banix has quit IRC | 16:30 | |
| *** gangil has quit IRC | 16:31 | |
| *** gangil has joined #openstack-kuryr | 16:34 | |
| *** gangil has quit IRC | 16:52 | |
| *** shashank_hegde has joined #openstack-kuryr | 17:16 | |
| *** salv-orlando has joined #openstack-kuryr | 17:30 | |
| *** gangil has joined #openstack-kuryr | 17:34 | |
| *** salv-orlando has quit IRC | 17:34 | |
| *** wangfeng has quit IRC | 18:17 | |
| *** shashank_hegde has quit IRC | 18:27 | |
| *** salv-orlando has joined #openstack-kuryr | 18:31 | |
| *** salv-orlando has quit IRC | 18:36 | |
| *** gangil has quit IRC | 19:20 | |
| *** shashank_hegde has joined #openstack-kuryr | 19:24 | |
| *** gangil has joined #openstack-kuryr | 19:44 | |
| *** salv-orlando has joined #openstack-kuryr | 19:57 | |
| *** salv-orlando has quit IRC | 20:04 | |
| *** shashank_hegde has quit IRC | 20:18 | |
| *** shashank_hegde has joined #openstack-kuryr | 20:25 | |
| *** shashank_hegde has quit IRC | 20:26 | |
| *** salv-orlando has joined #openstack-kuryr | 21:30 | |
| *** salv-orlando has quit IRC | 21:33 | |
| *** salv-orlando has joined #openstack-kuryr | 22:06 | |
| *** gangil has quit IRC | 23:38 | |
| *** salv-orlando has quit IRC | 23:54 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!