2021-11-18 13:45:12 hey! how are things going? I'm planning to tag alpine 3.15.0 Monday or Tuesday next week 2021-11-18 15:21:23 hiya ncopa! thanks for the heads up! i have the new alpine-cloud-images build script working - feature partiy with alpine-ec2-ami at the moment. used it to do a full build of all image variants last weekend (including 3.15.0_rc1). i think we'll soon be able to test vs mcrute 's new identity broker code, and in the meantime, i'm woring on an 2021-11-18 15:21:23 interim way to gather artifact references (per region AMI ids) into a format compatible with the existing lua script that builds https://alpinelinux.org/cloud 2021-11-18 15:23:07 I noticed this MR btw the other day: https://gitlab.alpinelinux.org/alpine/infra/alpine-mksite/-/merge_requests/32 2021-11-18 15:25:04 not familiar with builds.sr.ht ... will take a closer look this morning 2021-11-18 15:25:33 That's run by Drew DeVault, which also provides us with lists.alpinelinux.org 2021-11-18 15:25:55 A mailing-list orriented git forge 2021-11-18 15:26:35 err, is that a commercial service? 2021-11-18 15:28:19 other cloud related thing I have been thinking of lately, I have been thinking about write a minimalistic cloud-init implementation. Something that can read subset of cloud-init config to provision alpine machines 2021-11-18 15:29:04 i found the need when setting up a local cluster in libvirt with terraform 2021-11-18 15:30:02 i also noticed that lima-vm (linux on mac) uses some cloud-init bits and needs to do workarounds for alpine 2021-11-18 15:30:04 we have a basic minimal cloud-init in tiny-ec2-bootstrap -- plan to extend it to other clouds and rename to tiny-cloud-bootstra[ 2021-11-18 15:30:24 does it user the python cloud-init implementation? 2021-11-18 15:30:37 no, it's very minimal shell 2021-11-18 15:30:41 ah, right 2021-11-18 15:31:10 and nice! 2021-11-18 15:31:39 the issue with shell and cloud init is that it is not very nice to parse yaml from shell 2021-11-18 15:31:41 expands the root partition to use all space in the root volume, does some network and volume plugin stuff, and executes a script if provided as user_data 2021-11-18 15:32:10 right, i think i might have had a quick look on that 2021-11-18 15:32:12 tiny expects you to provide the code 2021-11-18 15:32:57 how do you provide the user_data? via url or via seed.iso image? 2021-11-18 15:32:58 but iirc it looks for a shebang and we may be able to have an optional plugin for doing stuff as specified from input yaml 2021-11-18 15:33:18 user_data comes from the cloud provider... metadata you set when launching an instance 2021-11-18 15:33:38 how does the instance pick it up? 2021-11-18 15:34:14 tomalok: sr.ht is still under construction, and during that time it's 'encouraged' to pay for hosting projects there 2021-11-18 15:34:18 instance metadata data service, (IMDS) usually acessible from 169.256.169.254 2021-11-18 15:34:21 https://man.sr.ht/billing-faq.md 2021-11-18 15:34:59 ok, i guess that is what the cloud-init aws provider does 2021-11-18 15:35:11 we pull info (including user_data) from IMDS using curl 2021-11-18 15:35:24 (iirc) 2021-11-18 15:35:27 ok. makes sense 2021-11-18 15:35:48 i was thinking of implement the mini cloud-init in either lua or golang 2021-11-18 15:36:05 the sr.ht stuff looks like it's in addition to, instead of replacing the original cloud page contents 2021-11-18 15:37:26 no encouragement for builds.sr.ht; it's paid only already 2021-11-18 15:37:47 because of the crypto miners that abused it 2021-11-18 15:39:57 shell has been sufficient for tiny thus far... ;) but something with more features may make sense to go with go 2021-11-18 15:40:17 ok, i need to stop typing in bed and get breakfast now :) 2021-11-18 15:43:30 good morning! 2021-11-18 15:44:12 enjoy your breakfast :) 2021-11-18 15:46:54 That MR from ddevault rendered: https://wwwdev.alpinelinux.org/cloud/ 2021-11-18 16:02:17 so sr.ht ... is a cloud provider? The MR doesn't really provide any information why this should be added. 2021-11-18 16:10:40 https://man.sr.ht/builds.sr.ht/ 2021-11-18 16:11:05 https://man.sr.ht/builds.sr.ht/compatibility.md 2021-11-19 17:11:38 tomalok: I think you have a good point. Maybe add a comment to the MR? Would be good to have the answer to “why” in the commit message 2021-11-19 17:12:15 i also think that we may want think about where we draw the line 2021-11-20 05:41:59 i don't think builds.sr.ht counts as a cloud service 2021-11-20 05:44:35 it's definitely not meant for any hosting, so i don't think it makes much sense being placed in the context of the amazon images 2021-11-24 14:46:47 3.15.0 is out. what do we need to update the aloud images? 2021-11-24 14:47:20 https://alpinelinux.org/cloud/ still shows 3.14.2 2021-11-24 14:48:57 i'll need to run the new builder (first time with the 3.15.0 virt iso), and when we have images, i have a script that translates the new output format to the one used by alpine-ec2-images' releases.yaml -- i'll update that, and then alpine-mksite can rebuild the cloud page 2021-11-24 14:50:10 the new builder should be much more friendly for running from a gitlab pipeline, but there's some more to do there on the credential broker part of things, i believe. 2021-11-24 14:51:13 (using a gitlab auth token to get the cloud credentials) 2021-11-24 14:52:18 up early for a day job early meeting today, but i'll start the ball rolling and see how far we get. 2021-11-24 15:00:57 2021-11-24T15:00:43Z - build - INFO - Latest Alpine version 3.15 and release 3.15.0 2021-11-24 15:01:05 found it! ;) 2021-11-24 15:01:32 also, 2021-11-24 15:01:34 2021-11-24T15:00:51Z - build - WARNING - 3.11-x86_64-bios-tiny-aws SKIPPED, "3.11" end_of_life 2021-11-01 2021-11-24 15:09:15 2021-11-24T15:06:26Z: ==> alpine.qemu.3.15-aarch64-uefi-tiny-aws: /tmp/script_2281.sh: line 54: /usr/sbin/mkfs.fat: not found 2021-11-24 15:09:36 dosfstools changed its install location? 2021-11-24 15:10:23 tomalok: yes, it moved as otherwise it did not replace the Busybox version 2021-11-24 15:11:22 there was an issue with (I think) setup-disk where it run mkfs.fat and the Busybox version was found 1st in PATH 2021-11-24 15:11:32 yeah, it wasnt' replacing it before, which was causing problems... i shouldn't need the full path to it any more 2021-11-24 15:12:58 (of course the x86_64 variant doesn't need it, so it's still chugging along with the initial test build/import/publish) 2021-11-24 15:14:14 i'll validate the test images and kick off the real builds in 45-60m 2021-11-24 17:16:55 16.5 minutes to build & import 10 aws images with --parallel 5, now publishing (copying to regions) with --parallel 10 2021-11-24 17:17:28 tomalok: if all goes well, the cloud is automatically updated now once you push it to the repo 2021-11-24 17:18:42 ACTION crosses fingers 2021-11-24 17:27:19 7.5 mins to publish -- list of artifacts is including an extra 'null' region for some reason, will filter that in the script that converts to the legacy releases.yaml 2021-11-24 17:43:41 ikke: alpine-ec2-ami has the new releases YAML merged now. 2021-11-24 17:45:14 hmm, it's not updated :( 2021-11-24 17:45:47 is it supposed to kick off a gitlab pipeline somewhere? 2021-11-24 17:45:54 No 2021-11-24 17:46:20 we have gitlab webhooks connected to mqtt, and use mqtt-exec to trigger the rebuild 2021-11-24 17:47:22 iirc we tried this last time (or the time before last) and it didn't work then, either 2021-11-24 17:47:45 yeah, I recall clandmeter mentioning he fixed something, but apparently not 2021-11-24 17:47:56 probably mqtt permissions 2021-11-24 17:48:46 tomalok: lua5.3: _scripts/generate_cloud.lua:37: attempt to index a nil value (field 'creation_date') 2021-11-24 17:49:38 lets make sure i added that field key correctly 2021-11-24 17:50:21 creation_date: '2021-11-24T17:17:33.103711' 2021-11-24 17:50:42 yeah, I see it in there 2021-11-24 17:51:41 okay, i see the problem 2021-11-24 17:52:00 i'm missing another level 2021-11-24 17:52:22 ah 2021-11-24 17:52:42 i have another day job meeting in 8m... it's a race... 2021-11-24 17:53:01 heh, I know, right 2021-11-24 17:53:17 Just let me know when you fixed it 2021-11-24 17:55:29 pushed, merging soon 2021-11-24 17:56:35 merg'd 2021-11-24 17:57:38 Yes, it's most likely an mqtt permission issue 2021-11-24 17:57:51 I can see the messages ariving globally, but not on the site builder 2021-11-24 17:58:09 Anyway, the site is updated now 2021-11-24 17:58:12 \o/ 2021-11-24 17:58:49 ,o/ \o, \o, \o, "what do we want?" 2021-11-24 18:00:06 okay, time for grooming day job backlog with the team (after not having done it for years) 2021-11-24 18:35:38 tomalok: I think I fixed it now (mqtt-exec was not listening the relevant topic) 2021-11-24 19:04:32 got around to checking out https://alpinelinux.org/cloud -- it's reporting version for each section, not release 2021-11-24 19:05:06 You mean only for the major releases 2021-11-24 19:05:37 x.y = version, x.y.z = release (in the terminology i usually work with) 2021-11-24 19:05:52 and EOL isn't right either 2021-11-24 19:06:23 EOL for 3.15.x should always be 2023-11-01 2021-11-24 19:06:42 I see, yes 2021-11-24 19:07:37 not sure if this is datasource related... will check 2021-11-24 19:09:09 AHA. the configs that built this didn't have an EOL set for 3.15 yet, when that happens (usually for edge builds) the EOL gets set to tomorrow. 2021-11-24 19:09:50 that should be fixable without rebuilding (we can update permissions & tags on published images) 2021-11-24 19:10:09 ok 2021-11-24 19:11:00 the version vs. release is an issue with the new --> old releases conversion, easily fixable too. 2021-11-24 19:11:58 though edge versions now have release values equivalent to YYYYMMDD 2021-11-24 19:12:07 (can work around that) 2021-11-24 19:27:54 okay just pushed a fixed releases YAML to alpine-ec2-ami 2021-11-24 19:31:50 2021-11-24 19:07:32 build.sh received topic: gitlab/push/alpine/cloud/alpine-ec2-ami 2021-11-24 19:31:52 yay 2021-11-24 19:32:10 automatically updated now :) 2021-11-24 19:37:24 woohoo! 2021-11-27 19:21:59 ikke: got our first gitlab issue for the lack of sudo in the 3.15.0 aws image... longer term, i think we'll add release notes to the image MOTDs, but in the short term, perhaps we can put a note on the alpinelinux.org/cloud page? 2021-11-27 19:23:27 tomalok: 3.15.0 should still have sudo 2021-11-27 19:23:55 Hmm 2021-11-27 19:24:19 the cloud image used to specifically install it, but with the deprecation we swapped it with doas. it can still be installed with doas apk add sudo, though 2021-11-27 19:36:42 tomalok: perhaps the way is to (a) add sudo to the cloud image but also (b) start to "educate" people to use "doas" rather than "sudo" as with the move of sudo to community in Alpine 3.16 the support for sudo will then be affected 2021-11-27 19:38:42 specifically "the community repository is supported until next stable release", so once Alpine 3.17 comes out then sudo on 3.16 will no longer be supported 2021-11-27 19:39:37 (nod) it wouldn't be too hard to publish a '-r1' for 3.15.0 that also included sudo... it was, for a while, already in community but moved back to main at some point wasn't it? 2021-11-27 19:41:01 no 2021-11-27 19:41:23 I made an MR to move it, but it was held until 3.15 was branched 2021-11-27 19:42:14 But, the idea *was* to move it in 3.15 already 2021-11-27 19:44:25 tomalok: maybe setup /etc/motd in 3.15 to warning/advise people to use doas rather than sudo? Then they can't say they haven't told (unless they're on older version - could also add to 3.14 and 3.13 images) 2021-11-27 19:44:55 https://gitlab.alpinelinux.org/alpine/cloud/alpine-ec2-ami/-/issues/128#note_194868 2021-11-27 19:45:54 the way forward then - add sudo back to 3.15.0, add a MOTD about the deprecation and forthcoming removal, and publish a 3.15.0-r1 image? 2021-11-27 19:46:34 wasn't thinking of a motd link to the release notes but more of a "Please be aware that sudo support will be reduced from Alpine 3.16, please use doas instead" banner 2021-11-27 19:46:43 cloud image has historically had community enabled by default, fwiw 2021-11-27 19:47:02 Same with docker 2021-11-27 19:47:57 even with community enabled the important issue is more the shorter support cycle for sudo once its in community 2021-11-27 19:48:13 correct 2021-11-27 19:51:14 what i'm thinking of for the cloud image motd is a link to release notes in general, but also specifically adding a "hey, doas is replacing sudo, which is going away soon" 2021-11-27 19:51:59 is there any sort of support for /etc/motd.d? 2021-11-27 19:54:02 Don't think so 2021-11-27 19:54:29 apparent ubuntu uses update-motd, which executes scripts in that directory 2021-11-27 19:55:23 tomalok: /etc/motd is handled by the shell (i.e. Busybox ash). I quick "strings" in /bin/sh looking for "motd" only shows /etc/motd so I guess no subdir support 2021-11-27 19:55:59 You can have something that generates /etc/motd based on whats in /etc/motd.d/* 2021-11-27 19:56:00 (nod) i can work multi/variant motd into the build configs 2021-11-27 19:56:42 so, no additional in-image scripting needed 2021-11-27 19:56:57 ubuntu relies on pam 2021-11-27 19:57:38 will allows us to add motd segments for different things as necessary (i.e. if there's something particular about aarch64 or azure or whatnot) 2021-11-27 19:58:38 no pam with the tiny alpine images -- though i think i recall seeing it for cloud-init (which isn't quite ready with this builder yet) 2021-11-27 19:59:07 Yeah, I wouldn't suggest adding pam 2021-11-27 19:59:22 not _just_ for getting a motd.d ;) 2021-11-27 19:59:30 nod 2021-11-27 20:00:03 tomalok: for cloud-init I don't think I added a dependancy but expect PAM-enabled sshd installed as otherwise you can't disable user console login but keep key-based SSH login enabled 2021-11-27 20:00:38 minimal (nod) yeah, that's what i recall seeing 2021-11-27 20:00:41 s/user console login/lock user password/ 2021-11-27 20:00:51 oh yeah, that weird openssh behavior 2021-11-27 20:01:19 Openssh has an IF/ELSE block that treats locked passwords differently depending on whether PAM is enabled or not 2021-11-27 20:01:50 yeah 2021-11-27 20:03:34 it doesn't make sense as (at least to me) it's clear that locking passwords should not also block keys, as there's a different distinct way to disable Linux user accounts 2021-11-27 20:05:00 Even if you think that's the case, deciding whether to do that based on whether pam is enabled is even stranger 2021-11-27 20:05:44 yeah I never dug into it further to work out the "logic" behind it 2021-11-27 20:06:11 I did start to look at tinyssh as an alternative but then got bogged down trying to add support for that to cloud-init 2021-11-27 20:15:37 release notes pretty much always at "https://www.alpinelinux.org/posts/Alpine--released.html", it seems? (haven't gone back through them all) 2021-11-27 20:15:50 Yeah 2021-11-27 20:16:03 cool, that'll get its own motd section 2021-11-27 20:16:10 I just copy the previous post and do s// 2021-11-27 20:17:27 goes back as far as 3.12.x, which is as far back as we make images (for the next 5 months, at least) 2021-11-27 20:18:45 is it worth mentioning both x.y.z and x.y.0 release notes? 2021-11-27 20:19:28 The minor releases are mostly relevant for the iso and docker images 2021-11-27 20:20:32 Though, it might also matter for the cloud images in that they can contain security fixes for the base system 2021-11-27 20:20:59 (nod) big changes in x.y.0, security changes in x.y.z 2021-11-27 20:21:04 generally 2021-11-27 20:21:37 kernels also in x.y.z 2021-11-27 20:21:51 ah, yeah, that's true and applicable here 2021-11-27 20:22:55 adding x.y.[0..z] to motd might be a bit much though 2021-11-27 20:25:26 tomalok: not sure if you are aware, but https://alpinelinux.org/releases.json contains a reference to the post 2021-11-27 20:25:29 posts* 2021-11-27 20:29:16 (nod) i found that shortly after release, will work that into some improvements in determining latest version, release, and EOL too. 2021-11-27 20:29:39 tomalok: Would it help for you to have an explicity latest-stable reference? 2021-11-27 20:29:46 I have a usecase for that 2021-11-27 20:30:23 latest-stable is good for choosing which virt ISO to use for building all the images, and which ovmf packages to pull in for qemu 2021-11-27 20:30:52 but it's been also handy to be able to build/ref _rc's too 2021-11-27 20:32:06 right now i kinda scrape repo_url = f"{CDN_URL}/{alpine_version}/{repo}/{arch}" 2021-11-27 20:32:39 was considering parsing APKINDEX instead, but it appears there are some better sources for some of these things ;) 2021-11-27 20:37:57 hm, seems like someone decided to break github.com today? 2021-11-27 20:39:54 I guess every day someome decides to at least try it :P 2021-11-27 20:40:41 githubstatus.com: "all systems operational" 🤔 2021-11-27 20:41:00 it's offline 2021-11-27 20:42:07 i get a pic of their mascot falling down into a Roadrunner/Wile E. Coyote-style canyon with "Whoops!" 2021-11-27 20:44:45 yea, me too 2021-11-27 20:44:47 500 2021-11-27 20:48:51 they updated status page 2021-11-27 20:50:34 Github down, end of the world is nigh! 2021-11-27 20:54:13 laugs in gitlab 2021-11-27 21:17:47 gitlab(.com) was down just the other week 2021-11-27 21:19:14 they're not very committed to uptime? ;-) 2021-11-27 21:23:04 MS disconnected minimal 2021-11-27 21:38:34 i think i have a flexible motd config solution in place, making some test images for 3.14, 3.15, and edge to see how well it works 2021-11-27 22:12:18 hm, forgot that edge builds wouldn't have any release notes... ;P 2021-11-27 22:14:33 3.15.0 motd: 2021-11-27 22:14:52 nod :P 2021-11-27 22:14:54 Welcome to Alpine! 2021-11-27 22:14:54 The Alpine Wiki contains a large amount of how-to guides and general 2021-11-27 22:14:54 information about administrating Alpine systems. 2021-11-27 22:14:54 See . 2021-11-27 22:14:54 Release Notes: 2021-11-27 22:14:56 NOTE: 'sudo' has been deprecated, please use 'doas' instead. 2021-11-27 22:14:56 * 2021-11-27 22:15:33 3.14.3 motd does not have the NOTE and has links for 3.14.0 and 3.14.3 release notes 2021-11-27 22:15:59 edge has a different NOTE that says "NOTE: 'sudo' is no longer installed by default, please use 'doas' instead." 2021-11-27 22:16:16 right 2021-11-27 22:19:49 I left out the "setup-alpine" bit from motd because in theory, the cloud image should have taken care of most/all of that 2021-11-27 22:21:19 yeah, makes sense 2021-11-27 22:21:22 ikke: if the motd text is looking good to you, i'll publish revised 3.15.0 images -- probably don't need to do this for 2021-11-27 22:21:29 older versions 2021-11-27 22:21:48 Looks good 2021-11-27 22:22:08 and, in theory, the cloud page should auto-update when i update alpine-ec2-ami releases/alpine.yaml 2021-11-27 22:22:23 yes 2021-11-27 22:22:46 i'm glad i sorted out the --revise parameter for the build tool... :) 2021-11-27 22:42:02 mcrute: working on the credential broker? 2021-11-27 22:43:21 not getting a json.load()-able response when trying to get credential url 2021-11-27 23:09:28 seems to have passed 2021-11-28 00:12:05 alpine-ec2-ami releases/alpine.yaml updated 2021-11-29 18:57:19 Hi, official EC2 images have link alpine.linux.org/cloud, should be alpinelinux.org/cloud 2021-11-29 18:57:34 tomalok: ^ 2021-11-29 23:38:17 where's that found at graywolf? 2021-11-29 23:38:27 (who appears to have disappeared in the interim?) 2021-11-29 23:43:05 community AMIs search -- i'm seeing it on the latest ones... :( 2021-11-29 23:45:31 i must've fatfingered the description in the configs some time ago and never noticed. 2021-11-29 23:52:52 i might be able to extend the build script's AWS plugin to update the description during replubishing (the same as we do for access perms, tags, and deprecation date) so we won't have to build/import/publish a revised set 2021-11-30 00:36:52 AWS image descriptions have been fixed