2020-07-01 07:15:21 ikke: see the billing email? 2020-07-01 07:15:29 we are getting close to the limit 2020-07-01 07:16:30 We should destroy the gitlab-test instance 2020-07-01 07:17:10 yep 2020-07-01 07:17:20 we should do it directly after we finish the test 2020-07-01 07:17:23 Where do I see what the limit is? 2020-07-01 07:17:31 i have no idea 2020-07-01 07:17:36 ok 2020-07-01 07:17:36 from my head it was 400 2020-07-01 07:19:14 deleted it now 2020-07-01 07:31:01 i see it no more 2020-07-01 15:33:57 x86_64 builder is stuck 2020-07-01 15:44:30 mqtt-exec crashed 2020-07-01 15:44:38 (and not using supervisor-daemon yet) 2020-07-01 15:45:12 started it again 2020-07-01 15:46:24 rip 2020-07-01 16:00:45 Now that it's started again, supervisor-daemon is also used 2020-07-01 16:35:01 oooh: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html 2020-07-01 16:36:17 still alpha though 2020-07-01 18:44:04 many (edge) mirrors got APKINDEX.tar.gz from 29-Jun and on mirrors.alpinelinux.org those show status OK, is it normal? 2020-07-01 18:47:01 hours ago I got for example "znc" package upgrade which was built 2 days ago but appeared just now on dl-cdn.alpinelinux.org 2020-07-01 18:47:45 x86_64? 2020-07-01 18:48:07 yep 2020-07-01 18:48:23 The builder was not functioning 2020-07-01 18:49:12 oh ok, thought mirrors.a.o should catch that 2020-07-01 18:50:31 If the builder publishes nothing, there is nothing to get behind from 2020-07-01 18:51:10 :\ 2020-07-01 19:01:55 MY-R: is there any concrete issue you were facing, or just wondering? 2020-07-01 19:02:15 nah, just wondering, sorry for noise :) 2020-07-01 19:02:19 no worry 2020-07-02 04:55:25 clandmeter: ^ 2020-07-02 04:57:33 It's not growing atm 2020-07-02 04:57:40 (significantly) 2020-07-02 09:33:56 can someone please help me trigger alpine-mksite build? 2020-07-02 09:34:08 https://alpinelinux.org/posts/ is still empty while fix was pushed to git 2020-07-02 09:34:18 not sure why it does not automatically update on push 2020-07-02 09:57:15 the 100 biggest packages in edge: https://tpaste.us/vJYQ 2020-07-02 09:57:36 we could save some space by removing xonotic, supertux and wesnoth 2020-07-02 09:58:29 i wonder if we should have a separate "games" repo or similar 2020-07-02 09:58:39 which are not distributed on the mirrors 2020-07-02 10:08:09 i can check it later 2020-07-02 10:08:13 busy with work atm 2020-07-02 10:08:40 i made some modifications last time, not sure why its not working. 2020-07-02 20:46:24 ncopa: i had to manually do a make clean && make all 2020-07-02 20:47:05 ncopa: void just restricts the data packages, so that they aren't built by the distro 2020-07-02 20:47:19 but that was mostly brought about by sauerbraten, which has almost a gig of high res assets 2020-07-02 20:54:55 there is no sauerbraten in Void :\ 2020-07-02 20:56:03 it is a restricted package 2020-07-02 20:56:25 for pretty much the exact reason brought up above, its huge, and it takes valuable space on mirrors 2020-07-02 20:56:33 but I see urbanterror-data 1.35G 2020-07-03 05:58:54 is it safe to keep ssh keys on developers lxc containers which are needed for pushing aports to gitlab.a.o 2020-07-03 06:02:43 well, who has access to override the security policy protecting the containers, and could they obtain or forge those keys in another way? 2020-07-03 06:03:17 I personally find it helpful to reason about data security in terms of "if I didn't put this data there, could someone get it by some other way" 2020-07-03 06:04:19 at the bottom these boxes are owned by sponsors (packet) and I think they can read anything on them at the end 2020-07-03 06:05:17 but syncing aports and other things over my slow ADSL is quite irritating 2020-07-03 06:06:06 right, but in this case Packet would be an evil made, and that's fundamentally indefensible in a cloud environment 2020-07-03 06:06:37 s/made/maid/ 2020-07-03 06:06:37 maldridge meant to say: right, but in this case Packet would be an evil maid, and that's fundamentally indefensible in a cloud environment 2020-07-03 06:06:39 yes, the question is how much we trust them 2020-07-03 06:24:19 mps: I would say it's not safe honestly 2020-07-03 06:26:25 that is what I thought 2020-07-03 06:27:41 I would still posit that that ship has already sailed 2020-07-03 06:30:27 also, gitlab is on linode, so we are already 'in hand' of one of sponsors 2020-07-03 06:32:01 but we would do our best to not compromise our private keys 2020-07-03 06:47:54 ofc 2020-07-03 07:31:11 ikke: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/9903 2020-07-03 07:32:02 mps: I'd say it's always best practice to make a seperate set of keys per machine so you'd only have to invalidate that on set in case things go south 2020-07-03 07:32:23 s/on// 2020-07-03 07:32:23 Cogitri meant to say: mps: I'd say it's always best practice to make a seperate set of keys per machine so you'd ly have to invalidate that on set in case things go south 2020-07-03 07:32:43 Replacing ssh keys everywhere is no fun 2020-07-03 07:40:07 Cogitri: that was not a question at all, it is assumed 2020-07-03 07:40:49 but keep keys to push changes on our sponsors boxes is the question 2020-07-03 07:40:57 Ah okie 2020-07-03 07:41:45 np :) 2020-07-03 20:11:17 MY-R: urbanterror-data was actually dropped because of licensing, but still exists in the repo due to a bug 2020-07-03 20:12:24 ah, ok! 2020-07-04 20:46:27 ikke: Can you maybe check if something suspicious is in appstream-generator's log? Seems like only for a few pkgs the icons are included 2020-07-04 20:46:34 I guess for the applications which got updated in the meantime? 2020-07-04 20:51:05 Cogitri: https://tpaste.us/b4OW 2020-07-04 20:51:12 I don't see anything suspicious 2020-07-04 20:54:03 Hm, same, weird... 2020-07-05 08:56:41 ikke: Changed the cron file a bit for asgen, maybe it properly exports all icons now (can't really test on a 16MBit/s connection, I'd download all week long :D) 2020-07-05 08:57:03 I'll update it later 2020-07-05 08:57:27 Great, thanks. No rush :) 2020-07-05 10:31:25 updated the container 2020-07-06 06:03:48 I think I will need x86_64 lxc on alpine infra, I don't have it locally anymore 2020-07-06 10:23:08 ikke: Seems like my change to asgen didn't fix the icons either (so I'll have yo look into that later), but caused files to not be put into the dated dir. I've reverted my changes, so could you restart the container (and maybe remove the folders which aren't in the dated folders?) 2020-07-06 10:29:02 would it also be possible to switch to nginx-alpine? 2020-07-06 10:38:42 Sure thing 2020-07-06 10:41:44 These ubuntu / debian images have to ommit a lot of things that Alpine has through bb to keep small 2020-07-06 10:42:18 Pushed 2020-07-06 10:42:44 just pulled :P 2020-07-06 10:43:11 ok, should be fixed now 2020-07-06 11:22:40 ikke: i wonder if we could have a meeting about how to set up the new x86/x86_64 builders 2020-07-06 11:24:14 i'd like to get it done today 2020-07-06 11:24:18 i mean this week 2020-07-06 11:43:16 ncopa: fine with me 2020-07-07 08:30:40 clandmeter: FYI: me and ikke are setting up nld8 and nld9 machines to replace the old bld1 and bld2 machines. They are for x86 and x86_64 builders 2020-07-07 08:31:15 ikke: dmvpn is running on both of them now 2020-07-07 08:31:39 ikke: ok, good 2020-07-07 08:31:57 lxcbr0 is still down 2020-07-07 08:32:23 because we dont have any containers running 2020-07-07 08:32:24 I guess it needs containers to bring it up 2020-07-07 08:32:26 yeah 2020-07-07 08:32:32 it should come up with first container 2020-07-07 08:33:14 we should also update dns, delegate {nld8,nld9}.alpin.pw 2020-07-07 08:35:00 yes, I can arrange that 2020-07-07 08:35:35 hm 2020-07-07 08:35:51 i wonder if we should start with the build-newedge-x86 2020-07-07 08:36:41 I'm trying to get local dns working, but it does not resolve yet 2020-07-07 08:37:01 ie, nld8.alpin.pw or nld8-dev1.alpin.pw 2020-07-07 08:37:09 local dnsmasq should be able to resolve that 2020-07-07 08:37:24 lxcbr0: 2020-07-07 08:37:32 maybe the NO-CARRIER thing? 2020-07-07 08:37:45 well, I do get a response 2020-07-07 08:47:11 did you restrat dnsmasq after config changes? 2020-07-07 08:47:25 hmm, good one :) 2020-07-07 08:47:45 I think I changed it before I started the service though 2020-07-07 08:48:23 im copying over build-newedge-x86 to nld8 2020-07-07 08:48:43 ok 2020-07-07 08:54:35 dns resolving is non-working 2020-07-07 08:56:19 ;; Got recursion not available from 172.16.21.2, trying next server 2020-07-07 08:58:00 can you verify /etc/lxc/dnsmasq.conf? 2020-07-07 09:00:52 looks good to me 2020-07-07 09:09:43 ok, i think i know whats wrong 2020-07-07 09:10:33 wrong ip in /etc/resolv.conf 2020-07-07 09:10:52 it was using the .2 address that is auth listener 2020-07-07 09:10:56 the resolver is on .1 2020-07-07 09:11:07 works now 2020-07-07 09:11:21 hmm, ok, I copied that from the current bld servers 2020-07-07 09:49:57 something is wrong with lxc in 3.12 2020-07-07 09:50:02 lxc-start: a1: cgroups/cgfsng.c: cgfsng_monitor_create: 1264 Failed to create cgroup "(null)" 2020-07-07 10:31:02 any idea what is causing that? 2020-07-07 10:31:19 no idea, but i dont think that is the blocker i have at hand 2020-07-07 10:32:08 oh ok 2020-07-07 10:32:23 same error happens in a fresh 3.12 install wher creating a new alpine lxc 2020-07-07 10:32:35 but the container will start 2020-07-07 10:32:55 seems like it fails to set up lxc.monitor in cpuset 2020-07-07 10:33:19 it manages to create it, but fails later, and then does not clean it up 2020-07-07 10:37:42 Anything I can help with? 2020-07-07 10:38:20 it failed to boot due to missing /var/cache/distfiles dir. I have solved that, but it does not get dhcp address now 2020-07-07 10:38:22 not sure why 2020-07-07 10:38:39 i also wonder what that cpuset monitor thing error is 2020-07-07 10:39:03 lxcbr0 is still down 2020-07-07 10:43:11 it comes up as soon i start up the container 2020-07-07 10:43:14 but no dhcp 2020-07-07 10:43:35 hmm 2020-07-07 10:44:11 ok, enabling awall policy adp-dhcp solved that 2020-07-07 10:44:40 aha, maybe the cpuset monitor thing needs iptables of some sort 2020-07-07 10:45:14 ikke: did you configure the delegation of dns to nld8,nld9? 2020-07-07 10:45:21 no, will do that now 2020-07-07 10:49:38 i thikn we need awall policy that allows lxcbr0 2020-07-07 10:49:52 or 172.16/21 2020-07-07 10:50:33 hmm 2020-07-07 10:50:34 ok 2020-07-07 10:51:06 the build-newedge-x86 does not seem to be able to get anything from internet either 2020-07-07 10:51:09 maybe NAT? 2020-07-07 10:51:53 Yeah, I think we need to add that 2020-07-07 10:51:56 and forwarding probably as well 2020-07-07 10:52:08 does awall handle that? 2020-07-07 10:52:10 adp-router policy? 2020-07-07 10:52:41 yes, I believe so 2020-07-07 10:56:33 hmm, it also responds when I push to another branch apparently 2020-07-07 10:58:15 ncopa: the zones should have been added now 2020-07-07 10:58:22 thanks! 2020-07-07 10:59:13 i think maybe firewall is blocking inbound dns traffic 2020-07-07 10:59:27 yeah, you need to explicitly allow everything with adp 2020-07-07 10:59:32 it also blocks traffic to and from the lxc 2020-07-07 10:59:43 even outbound traffic I noticed 2020-07-07 11:00:05 there is an adp policy for outbound 2020-07-07 11:00:11 i enable ssh-client 2020-07-07 11:00:24 but i think we need allow the dmvpn traffic somehow 2020-07-07 11:00:30 local-outbound 2020-07-07 11:00:43 there is a config.json 2020-07-07 11:00:47 we might need to add it there 2020-07-07 11:00:54 ok 2020-07-07 11:00:57 adp-config.json 2020-07-07 11:01:00 my time is up for today 2020-07-07 11:01:03 ok 2020-07-07 11:01:07 adp_dhcp_zones 2020-07-07 11:01:20 adp_lan_private_addrs 2020-07-07 11:01:28 Will try to specify those 2020-07-07 11:01:35 feel free to config the firewall. build-newedge-x86.nld8.alpin.pw should be running 2020-07-07 11:01:46 ok 2020-07-07 11:01:57 it needs to fetch things from internet 2020-07-07 11:02:05 and will need to scp the logs 2020-07-07 11:02:14 right 2020-07-07 11:02:35 i think we should use a *alpin.pw address to push logs 2020-07-07 11:35:48 I've added the dhcp profile and set the interface, but it dhcp does not work yet 2020-07-07 17:16:02 ikke: is there again disk issue on usa4, dmesg show something suspicious 2020-07-07 17:17:15 mps: do you also notice issues? 2020-07-07 17:19:05 sadly bb dmesg doesn't support -T (absolute time) 2020-07-07 17:19:18 So hard to verify when these issues happened 2020-07-07 17:19:22 no, everything works fine for me, but I had segfault in tests for libcap and wanted to look in dmesg 2020-07-07 17:19:47 ikke: -T can be missleading 2020-07-07 17:19:53 oh? 2020-07-07 17:20:05 yeah, help says "may be inaccurate" 2020-07-07 17:20:24 it calculates relative time, not absolute 2020-07-07 17:21:04 or the dmesg from util-linux is buggy 2020-07-07 17:21:04 You mean, it calculates absolute time based on relative time 2020-07-07 17:21:16 yes 2020-07-07 17:21:34 ok, but it looks like those messages were yestday 2020-07-07 17:21:45 (If I may believe the time it gives :)) 2020-07-07 17:21:58 sometimes it works ok but sometimes doesn't 2020-07-07 17:23:00 if we have syslog messages there they can be more accurate 2020-07-07 17:24:03 apparently we only have a couple of hours of syslog 2020-07-07 17:24:15 ah 2020-07-07 17:25:14 you can install util-linux temporary and try with its dmesg -T 2020-07-07 17:25:25 yes, apparently it was already installed and that's what I did 2020-07-07 17:31:25 Do we happen to have a script to cleanup CI runners? My runner is slowly approaching 100G just for docker containers which are months old now 2020-07-07 17:31:37 Cogitri: docker system prune -v 2020-07-07 17:31:40 in a cron job 2020-07-07 17:31:51 (add -f as well) 2020-07-07 17:32:06 Ah okay, wasn't sure if that would cause problems for the runner 2020-07-07 17:32:09 nope 2020-07-07 17:32:16 it will only remove things that are no longer in use 2020-07-07 17:32:34 Just run it once a week a or so 2020-07-07 17:32:49 Okay, thanks :) 2020-07-07 17:32:57 ACTION makes very sure I don't accidentally purge my mail server 2020-07-07 17:33:16 hehe :P 2020-07-07 17:33:30 make sure to add autostart 2020-07-07 17:34:31 Yup, should be enabled since I don't have to manually start it after restarting my VPS 2020-07-07 17:38:52 > Total reclaimed space: 55.65GB 2020-07-07 17:38:53 Wew 2020-07-07 17:39:02 heh 2020-07-07 17:39:48 And mail server and sharelatex instance still seem to be alive, excellent :) 2020-07-07 17:39:50 Thanks! 2020-07-07 17:40:09 no problem 2020-07-08 06:42:20 ncopa: I have dhcp working and traffic out from the container 2020-07-08 07:01:58 morning 2020-07-08 07:04:56 i have a feeling the awall policies are too restrictive, would be nice if it would be configurable with a setting, or a question/option when running setup-firewall. 2020-07-08 07:59:15 doesn't sound like a bad plan 2020-07-08 08:11:41 +1 2020-07-08 10:27:11 clandmeter: there is a local-outbound profile that sets the policy through a variable 2020-07-08 12:25:04 ikke: we need to update gitlab 2020-07-08 12:25:12 i just pushed a new patch release 2020-07-08 12:25:17 but we are 2 behind 2020-07-08 12:25:36 ok 2020-07-08 12:25:37 if you can help by pull/restart that would be nice. 2020-07-08 12:25:51 there are also a few weird repos 2020-07-08 12:25:57 well atleast 1 2020-07-08 12:26:24 You mean that fsck is complaining about? 2020-07-08 12:55:16 ikke: no something like this: https://gitlab.alpinelinux.org/admin/projects/dHannasch/try-to-use-kubernetes 2020-07-08 12:55:25 ah 2020-07-08 20:08:03 So the Gitlab team thingy requires me to setup 2FA. I want to do that, but I can't seem to configure it with my NitroKey (which does support TOTP and I use it for gitlab.com for example) 2020-07-08 20:08:30 Gitlab in this case gives me a key I need to enter in "the OTP app", but the application that comes with NitroKey doesn't support something like that 2020-07-08 20:09:33 Oh, never mind, got it 2020-07-08 20:09:42 PureTryOut[m]: ok, cool 2020-07-08 20:09:58 It's a bit of strange UX but it seems I was just too late the first time I tried it πŸ€·β€β™‚οΈ 2020-07-08 20:10:09 Yeah, it's kind of flaky for me as well 2020-07-08 20:30:06 clandmeter: I've upgraded gitlab btw 2020-07-08 20:30:18 i saw your msg 2020-07-08 20:38:56 ok, good 2020-07-08 20:55:34 One issue with the current team structure is that the parent group does need to have an owner, which is automatically member of all subgroups 2020-07-08 20:55:44 (and owner as well) 2020-07-08 21:53:53 sorry if I've asked this before 2020-07-08 21:53:58 who actually owns alpine's infrastructure? 2020-07-08 21:54:45 I get that a lot of it is donations, but presumably there's some owner somewhere at the bottom 2020-07-09 06:37:58 maldridge: the linode servers are owned by linode, the packet.net servers are owned by packet.net, the s390x and ppc64le machines are owned by IBM, the alpinelinux.org DNS name is owned by me 2020-07-09 06:39:06 ikke: nld8.alpin.pw does not resolve for me here locally 2020-07-09 06:40:04 ncopa: is there an overarching alpine entity that's the consumer of services from those hosts? 2020-07-09 06:40:11 I thought y'all had DO stuff as well? 2020-07-09 06:54:04 no, there is no alpine entity (yet) 2020-07-09 06:54:18 nobody has cared enough to actually do the paperwork for that 2020-07-09 06:54:50 interesting 2020-07-09 07:00:21 ikke: I have enabled DNS from dmvpn -> _fw on nld8 2020-07-09 07:17:06 ncopa: no, I have not 2020-07-09 07:19:57 ncopa: on the other hosts we have these rules: 2020-07-09 07:19:59 -A INPUT -i lxcbr+ -j ACCEPT 2020-07-09 07:20:01 -A INPUT -i gre1 -j ACCEPT 2020-07-09 07:20:03 Do we want something similar? 2020-07-09 07:21:39 i think that may be a good idea 2020-07-09 07:23:46 aha, usa1 is using adp as well 2020-07-09 07:24:25 ok, nice, it has an lxc policy that I can copy 2020-07-09 07:28:24 ncopa: I've copied the basic setup of usa1 now 2020-07-09 08:16:33 thanks! 2020-07-09 08:52:50 ncopa: is everything working now? 2020-07-09 10:31:51 ikke: i think so. just need to migrate the containers 2020-07-09 10:31:55 but im out of time again.. 2020-07-09 10:31:59 ncopa: ok 2020-07-09 10:32:15 if you want me to migrate some containers, let me know 2020-07-09 10:33:49 would be nice. thanks 2020-07-09 10:34:00 maybe take the old, unsupported containers first 2020-07-09 10:34:14 may need modify lxc config 2020-07-09 10:34:19 right 2020-07-09 10:34:24 i added an /etc/lxc/alpine.common.conf 2020-07-09 10:34:41 there seems to some issue with cpuset monitor cgroup something that I dont know what is 2020-07-11 09:05:55 (I've raised the limit a bit for this one ^) 2020-07-11 10:33:46 Hm, how come https://gitlab.alpinelinux.org/Cogitri/alpine-qa-bot/-/merge_requests/8 doesn't run CI? πŸ€” 2020-07-11 10:34:38 The project itself has a private runner (just the one I have for aports too, wanted to see if I could do without shared runners) and I've went ahead and also enabled shared runners to see if that fixed it but apparently to no avail 2020-07-11 10:40:19 Do you have one of these tags defined in the CI job? "ci-build docker-alpine x86_64 " 2020-07-11 10:41:13 Oh no, I think I enabled tagless running on my private runner so I didn't keep in mind that I need that for shared runners, thanks :) 2020-07-11 10:41:24 But it should work for your private runner 2020-07-11 10:41:35 Ah, wasn't sure if those work for forks 2020-07-11 10:41:39 aha, no 2020-07-11 10:42:07 Also, do we have gitlab pages enabled for our instance? Would be neat if I could host the HTML pages of the coverage on gitlab (but it's not problem for me to host them elsewhere either) 2020-07-11 10:45:46 Hm, I've added tags now and shared runners should be available, but seems like it still doesn't like running the pipeline for it: https://gitlab.alpinelinux.org/Cogitri/alpine-qa-bot/-/merge_requests/8 2020-07-11 10:56:55 is that part of the MR? 2020-07-11 10:57:00 or is the MR rebased? 2020-07-11 11:00:29 Yes, I just rebased the MR on top of master 2020-07-11 11:00:40 https://gitlab.alpinelinux.org/Leo/alpine-qa-bot/-/blob/move-to-should-be-move-from/.gitlab-ci.yml 2020-07-11 11:01:18 I don't see that the pipeline was triggered again 2020-07-11 11:01:27 https://gitlab.alpinelinux.org/Leo/alpine-qa-bot/pipelines 2020-07-11 11:05:01 Huh, but I pushed new commits to the MR πŸ€” 2020-07-11 11:05:16 Let's see if closing the MR and opening a new one fixes it 2020-07-11 11:05:25 maxice8: Could you do that? ^ 2020-07-11 11:05:52 ok 2020-07-11 11:08:09 Huh, seems like it worked now 2020-07-11 11:08:58 Seems like the job is stuck now though, I guess the shared runners aren't enabled in the fork for some reason? https://gitlab.alpinelinux.org/Leo/alpine-qa-bot/-/jobs/163436 2020-07-11 11:13:01 at least now they are 2020-07-11 11:13:09 might be that they inherit that from the parent repo? 2020-07-11 11:13:33 Ah, I enabled shared runners in the parent repo, but only after the fork, so maybe that's it 2020-07-12 12:59:25 Could we maybe make the filelist differences in CI an artifact of the pipeline? I want the qa-bot to comment file difference on the MR because otherwise it's really easy to miss them (especially when multiple packages are built) 2020-07-12 13:00:07 And I want to add ABI scanning to pipeline too and use the same mechanism for that, but I'd probably do that at a later point 2020-07-12 14:51:29 ikke: Also, could I maybe get another docker&-compose repo for alpine-qa-bot? :) 2020-07-12 20:55:28 ikke: ^ πŸ˜… 2020-07-12 20:55:46 I'll do that tomowwor or so, it's kind of bed-time for me :) 2020-07-13 07:11:32 Cogitri: good morning, im interested to know why you choose vala to program your bot? 2020-07-13 07:16:19 Morning. I mainly chose Vala because I wanted to learn it 2020-07-13 07:16:49 And I didn't have a strong reason to go with another language, Vala has pretty nice tooling for JSON and event loops/async 2020-07-13 07:17:09 And it's not as safe as Rust, but should be reasonable due to reference counting still 2020-07-13 07:17:35 ikke: Ah yes, no rush. Just wasn't sure if you saw the messages :) 2020-07-13 07:19:01 Cogitri: what about lua for such things 2020-07-13 07:19:30 does it have all needed 'batteries' 2020-07-13 07:19:35 I don't know Lua and have a strong preference against using weakly typed langs 2020-07-13 07:20:02 mps: certainly not included 2020-07-13 07:20:29 mps: the base language / run-time is very light, so to do most things you need a fair amount of libraries 2020-07-13 08:20:25 morning 2020-07-13 08:20:43 i thikn golang would have been a better tool for gitlab hooks server 2020-07-13 08:21:44 i think vala is ok(ish) for gnome gui stuff, but the future for vala is uncertain 2020-07-13 08:22:27 This is not a general hooks server I guess? 2020-07-13 08:22:31 just a hook consumer 2020-07-13 08:22:35 i gave up vala for xfce projects. I ended up fighting the language and framework too much 2020-07-13 08:37:25 The future of Vala is a bit uncertain indeed with GNOME moving to Rust (at least it seems like it) and its main usage being in elementary OS 2020-07-13 08:37:51 But recently new community efforts have been started, like a new LSP server which is pretty great 2020-07-13 08:38:52 And Vala is pretty optimized towards dev productivity while still having excellent execution speed and being somewhat safe (by using reference counting), so it's really nice for me. Coding in Rust seems so slow in comparison (and it's async really is a quite the mindbender) 2020-07-13 08:39:26 I like the GLib API quite a bit, so Vala seemed like a nice choice and I didn't have problems with it yet 2020-07-13 08:40:34 And yes, right now it mainly responds to Gitlab's webhooks (e.g. allowing collaboration on MRs), but I guess eventually I'll have to start to poll the Gitlab API because webhooks are rather limited 2020-07-13 08:41:03 They don't work for forks of the original project unfortunately, so I can't just use webhooks for pipeline status and things like that 2020-07-13 08:42:46 I guess I'll have to throw in a SQLite database or something for that to remember the state of MRs 2020-07-13 08:48:26 there are various things like with vala 2020-07-13 08:52:22 ive done some golang for $dayjob and i think that golang is specially good for infra/devops kind of apps 2020-07-13 08:53:59 I've only done some Golang for a JSON API parser thingie (I think that was actually my first somewhat serious project, as in I really committed to that), but somehow I'm not a huge fan of it 2020-07-13 08:58:18 How come Go is good for infra other than that you can compile it into one big statically linked exe that is easy to deploy? I feel like Docker somewhat does that for other langs too 2020-07-13 08:58:46 its good at concurrency 2020-07-13 08:59:28 i think static compile makes sense for docker deployments 2020-07-13 08:59:49 you lose various of the benefits with shared libs in containers 2020-07-13 09:00:09 but, thats my opinion anyway 2020-07-13 09:20:39 libcap upgrade fail on aarch64 builder, but pass on aarch64 CI and in 'my' aarch64 lxc 2020-07-13 09:21:21 and pass on my local native aarch64 machine 2020-07-13 09:22:19 error is '2020/07/13 09:19:02 go text rep not parsable by c' 2020-07-13 09:22:40 something about/with go lang 2020-07-13 19:30:07 can someone with builder access look at this above, libcap fails on aarch64 2020-07-13 19:31:42 or disable check() temporarily till the aarc64 builder is 'fixed' 2020-07-13 19:53:58 mps: apparently it's something from the test suite itself 2020-07-13 19:54:26 ie, a test failure 2020-07-13 19:55:20 sadly, it does not give a lot of detail about what failed 2020-07-13 19:56:18 mps: apparently there is some addition _cap_debug logging 2020-07-13 20:01:51 mps: and of course it all works in a container :-/ 2020-07-13 20:03:23 mps: it seems it does not run that compare-cap 2020-07-13 20:04:55 ikke: yes, but I can't reproduce this issue on any of my aarch64 'boxes' 2020-07-13 20:05:02 mps: I think I found it 2020-07-13 20:05:13 yup 2020-07-13 20:05:26 there were dependencies left for syncthing, which included go 2020-07-13 20:05:33 without go, it does not run those 2020-07-13 20:05:34 only I can think is maybe go is left behind something on 2020-07-13 20:05:38 yes 2020-07-13 20:05:43 ah, nice 2020-07-13 20:05:52 try installing go 2020-07-13 20:05:58 I bet you get the error as well 2020-07-13 20:06:02 I wanted to tell, please remove go from builder 2020-07-13 20:06:32 It was not installed explicitly 2020-07-13 20:06:40 but I checked /etc/apk/world 2020-07-13 20:07:08 and saw the left-behind .makedepends 2020-07-13 20:08:12 iiuc, go left only on aarch64 builder? 2020-07-13 20:08:25 yes 2020-07-13 20:08:36 and it should be there? 2020-07-13 20:08:38 no 2020-07-13 20:08:44 shouldn't * 2020-07-13 20:08:46 yes 2020-07-13 20:08:53 aha 2020-07-13 20:08:55 it was there as a dependency for syncthing 2020-07-13 20:09:06 it was not properly cleaned up 2020-07-13 20:09:10 maybe due to some crash 2020-07-13 20:09:34 but, I just installed go in a container and ran it again, it and seems to work :S 2020-07-13 20:09:37 yes, that is what I thought when I was error msg, 2020-07-13 20:10:02 when I saw* 2020-07-13 20:10:28 LD_LIBRARY_PATH=../libcap ./compare-cap 2020-07-13 20:10:30 2020/07/13 20:09:49 skipping file cap tests - insufficient privilege 2020-07-13 20:10:32 2020/07/13 20:09:49 skipping proc cap tests - insufficient privilege 2020-07-13 20:10:34 2020/07/13 20:09:49 compare-cap success! 2020-07-13 20:10:36 strange 2020-07-13 20:10:56 maybe to to the insufficient privileges 2020-07-13 20:11:03 that's ok I think, upstream proposed that 2020-07-13 20:11:43 I removed checkroot from options 2020-07-13 20:11:56 That only happens in a container 2020-07-13 20:11:59 I think 2020-07-13 20:12:02 a docker container 2020-07-13 20:12:24 aha, but CI is also docker? 2020-07-13 20:12:26 yes 2020-07-13 20:12:41 but there is no go installed normally 2020-07-13 20:12:45 it's not a dependency 2020-07-13 20:13:01 and because go is in community and this is in main, it cannot be dependency either 2020-07-13 20:13:14 yes 2020-07-13 20:13:30 s/be/be a/ 2020-07-13 20:13:31 ikke meant to say: and be acause go is in community and this is in main, it cannot be dependency either 2020-07-13 20:13:37 :/ 2020-07-13 20:13:55 CIs is created clean on every run? 2020-07-13 20:14:59 yes 2020-07-13 20:16:18 Each job starts a new container based on a prestine image 2020-07-13 20:16:57 nice, so my understand and experience is better now 2020-07-13 20:17:13 understanding* 2020-07-14 17:47:49 Cogitri: It might be possible to use the gitlab API to get a diff 2020-07-14 17:47:55 at least, changed files 2020-07-14 17:53:14 https://gitlab.alpinelinux.org/api/v4/projects/alpine%2faports/merge_requests/10332/versions/26490 2020-07-14 17:57:34 https://gitlab.alpinelinux.org/api/v4/projects/alpine%2faports/merge_requests/10325/versions/26435 | jq -r '.diffs[] | .new_path' shows all the changes files :) 2020-07-14 18:27:31 Oh great, thanks :) 2020-07-14 18:28:04 I had expected that I'd need to parse the CI log otherwise, that's a lot nicer :) 2020-07-14 18:28:09 nope 2020-07-14 18:29:10 hmm 2020-07-14 18:29:11 https://docs.gitlab.com/ee/ci/metrics_reports.html 2020-07-14 18:29:13 what about that? 2020-07-14 18:29:38 ah, ee only 2020-07-15 20:21:18 clandmeter: ping 2020-07-15 21:05:19 Pong 2020-07-15 21:05:49 trying to figure out why I cannot resolve infra-pkgs.alpin.pw on the builders 2020-07-15 21:06:51 dnsmasq is set to forward to 172.16.8.3 2020-07-15 21:07:15 if I ask .8.3 directly, it works 2020-07-16 07:36:23 ncopa: usa4 is low on diskspace due to the newedge builders. I already freed up some space, but bound to fill up again 2020-07-16 08:06:13 morning 2020-07-16 08:10:56 morning 2020-07-16 08:11:13 im trying to clean up some of my stuff 2020-07-16 08:11:28 but i think we will have a challenge with this 2020-07-16 08:19:10 ikke: we have another arm machine right? 2020-07-16 08:19:21 We have usa1 and usa4 2020-07-16 08:19:26 usa1 is aarch64 2020-07-16 08:19:38 at least, hosts aarch64 2020-07-16 08:20:02 90G free on that host 2020-07-16 08:22:56 do we have a machine with much diskspace we can use for archving? 2020-07-16 08:23:12 we could archive build-3-[0-8]-a* 2020-07-16 08:24:36 we could ask if those are still used: disaksen-edge-aarch64 hriomar-edge-aarch64 jirutka-edge-aarch64 2020-07-16 09:47:43 whom I have to ask for x86_64 lxc 2020-07-16 10:29:02 i guess clandmeter 2020-07-16 10:37:15 ok, thanks 2020-07-16 10:37:20 clandmeter: ping 2020-07-16 10:51:37 i have deleted build-3-[5-8]-armhf from usa4. I have a local copy if ever needed 2020-07-16 11:16:09 72% / 134G free 2020-07-16 11:16:25 (72% used) 2020-07-16 20:08:13 huh, newedge fails become annoying on #alpine-commits 2020-07-17 05:01:35 clandmeter: received an e-mail from linode that most of our hosts will be rebooted in about a week or 3 2020-07-17 05:05:03 very specific timeline 2020-07-17 05:06:33 yes 2020-07-17 05:11:48 ie, not all at the same time 2020-07-17 05:11:50 over a couple of days 2020-07-17 06:25:09 ikke: ok 2020-07-17 06:25:23 regarding space, there is one host on linode with 1TB storage 2020-07-17 06:26:07 deu5? with a 1tb volume attached? 2020-07-17 06:26:20 i think so 2020-07-17 06:26:23 there is only 1 2020-07-17 06:26:30 that one then 2020-07-17 06:26:49 I think ncopa wants to move distfiles off the builders 2020-07-17 06:26:52 ncopa: any update on the linode email? 2020-07-17 06:27:12 ncopa: regarding the interveiw 2020-07-17 06:27:59 ikke: that was my plan, but i do not have much motivation recently, probably due lack of time. 2020-07-17 06:28:25 ok 2020-07-17 06:28:46 That was also the host you bootstrapped with ansible, right? 2020-07-17 06:29:04 depends what you call boostrapping :) 2020-07-17 06:29:12 hehe 2020-07-17 06:29:23 i dont use linode api 2020-07-17 06:29:28 yeah, sure 2020-07-17 06:29:43 actually im not 100% sure 2020-07-17 06:29:46 it could be 2020-07-17 06:34:23 ikke: https://gitlab.alpinelinux.org/alpine/infra/ansible/-/blob/master/known_hosts 2020-07-17 07:16:18 clandmeter: mps btw requested an x86_64 lxc container for building 2020-07-17 07:40:15 sure go ahead 2020-07-17 07:43:39 alright 2020-07-17 07:46:50 morning 2020-07-17 07:47:19 clandmeter: i missed another email from linode :-( i responded and gave them my phone number 2020-07-17 10:51:14 mps: I've created a container for you on nld5 2020-07-17 10:51:40 172.16.4.44 (mps-edge-x86_64.nld5.alpin.pw) 2020-07-17 10:52:23 I copied your key from your aarch64 container 2020-07-17 11:55:35 ikke: thanks 2020-07-17 11:56:01 do I need some Port in ssh .config 2020-07-17 11:56:35 Do you have vpn access/ 2020-07-17 11:56:38 ? 2020-07-17 12:00:31 ikke: no 2020-07-17 12:00:40 aha, ok 2020-07-17 12:00:56 clandmeter: is that something we can arrange for mps, given he's helping us with infra? 2020-07-17 12:02:08 iirc, clandmeter told me some time ago that he will create VPN for me but I didn't wanted to bother him with this 2020-07-17 12:57:42 ikke: yes we can 2020-07-17 12:58:08 Just simply create lxc 2020-07-17 12:58:24 mps: you don't have vpn yet? 2020-07-17 12:59:21 Same box as our own container 2020-07-17 13:26:14 clandmeter: I created the LXC container 2020-07-17 13:37:59 clandmeter: no, not yet VPN access 2020-07-17 14:05:44 OK i will fix it later 2020-07-17 14:05:51 Remind me plz 2020-07-17 14:07:25 at what time, approx? 2020-07-17 14:27:25 .at 19:00:00 Europe/Amsterdam clandmeter: arrange a VPN profile for mps 2020-07-17 14:27:25 ikke: Okay, will remind at 2020-07-17 - 18:59:59UTC 2020-07-17 14:32:39 hah, algitbot knows 'at' command 2020-07-17 14:33:37 this is not algitbot 2020-07-17 14:33:43 this is alpine-meetbot ;) 2020-07-17 14:34:19 oh, I'm blind 2020-07-17 16:47:12 for VPN access OpenVPN is used? 2020-07-17 16:55:52 yes 2020-07-17 16:57:04 no plan to switch to wireguard 2020-07-17 16:57:45 Nothing concrete :) 2020-07-17 16:58:52 didn't used openvpn for more than 10 years 2020-07-17 16:59:43 have to reread docs to refresh knowledge 2020-07-17 17:00:26 You get a plug-and-play ovpn profile 2020-07-17 17:01:35 you mean ready-made? 2020-07-17 17:01:40 yes 2020-07-17 17:01:46 it contains all the details you need 2020-07-17 17:01:52 ah, nice 2020-07-17 17:03:19 I don't need (use) my private key? 2020-07-17 17:03:36 No 2020-07-17 17:03:44 One will be generated for you 2020-07-17 17:03:52 It's part of the profile 2020-07-17 17:04:02 ah, simple like these comercial OVPN offers 2020-07-17 17:04:10 yeah 2020-07-17 17:04:16 yes, I know how it works 2020-07-17 17:05:56 looks like I triggered newedge again to spam us 2020-07-17 17:06:42 didn't know that 'retry master' will also retry newedge 2020-07-17 17:21:31 It's based on git branch 2020-07-17 17:21:41 so everything tracking master will be retried 2020-07-17 19:00:00 ikke: Europe/Amsterdam clandmeter: arrange a VPN profile for mps 2020-07-17 19:00:23 :D 2020-07-17 19:01:01 that reads almost like something from the godfather 2020-07-17 19:01:18 "that's a nice VPN profile you've got there. It would be a real shame if something were to happen to it" 2020-07-17 19:15:19 maldridge: :D 2020-07-17 19:39:04 ikke: it is two hours late 2020-07-17 19:39:51 No, it's right on time, just not the time I wanted to 2020-07-17 19:39:58 It didn't take the timezone 2020-07-17 19:40:15 "alpine-meetbot β”‚ ikke: Okay, will remind at 2020-07-17 - 18:59:59UTC" 2020-07-17 19:40:24 19:00 utc is 21:00 CEST 2020-07-17 19:40:26 yes, I see, just kidding a little 2020-07-17 19:40:30 :) 2020-07-17 19:41:56 Ok, you need to concatenate the timezone 2020-07-17 19:48:36 ikke: it asks me for password 2020-07-17 19:48:56 hmm, ok, let me check 2020-07-17 19:49:00 you have a ovpn profile now? 2020-07-17 19:49:02 uh, wait 2020-07-17 19:49:09 I have to login as root? 2020-07-17 19:49:14 Yes 2020-07-17 19:49:24 yup 2020-07-17 19:49:28 I did not create any other user 2020-07-17 19:49:29 eh, yes, that is 2020-07-17 19:49:29 You can setup a different user afterwards 2020-07-17 19:49:54 I forgot that I have to add 'normal' user for builder 2020-07-17 19:50:05 works fine 2020-07-17 19:50:07 Only thing I did is install and enable sshd and add your root key 2020-07-17 19:50:24 can I access 'my' other containers over this VPN 2020-07-17 19:50:45 yes 2020-07-17 19:50:58 Everything is connected :) 2020-07-17 19:51:24 ikke: thanks 2020-07-17 19:51:51 now I can use even mosh 2020-07-17 19:51:57 yes, indeed 2020-07-17 19:52:12 Only thing is that mosh has no agent forwarding 2020-07-17 19:52:22 yes 2020-07-17 19:52:45 but that is not important 2020-07-17 19:52:59 I push from my build containers, so for me it kind of is 2020-07-17 19:53:18 ah, understand 2020-07-17 19:54:12 And do you use something to get a scroll-back buffer? 2020-07-17 19:54:13 I push from my local machine, don't like to keep private keys on 'remote' containers 2020-07-17 19:54:23 Me neither, hence agent forwarding 2020-07-17 19:54:56 that sounds as good idea, will look at that when I find some time 2020-07-17 19:55:47 ofcourse, agent forwarding is not perfectly secure if they can hijack the socket 2020-07-17 19:55:49 and yes, I run tmux first when login after machines are rebooted 2020-07-17 19:55:55 aha ok 2020-07-17 19:56:09 I'm already in a tmux session on my local machine, so nesting is not that pleasant 2020-07-17 19:56:43 heh, I always open new terminal for any remote 2020-07-17 19:57:51 I have 13 tmux sesions, most with multiple terminals 2020-07-17 19:58:10 Would be a lot of terminal windows :) 2020-07-17 19:58:40 And now I can take over this tmux session over ssh from my laptop 2020-07-17 19:59:03 you beat me, I have 12 open 2020-07-17 19:59:34 heh 2020-07-17 19:59:51 Makes it a lot easier to manage alpine infra 2020-07-17 20:00:05 but awesome wm with key shortcuts is really helpful 2020-07-17 20:02:30 Yes, I use that as well 2020-07-17 20:02:40 but it doesn't scale that much 2020-07-17 20:08:19 not perfect, but I can't find anything better for my habit 2020-07-17 20:13:56 btw, besides tmux I build st term with scrollback patches, using keyboard shortcuts also 2020-07-17 20:18:49 yes, but that does not work once you're in a tmux session :) 2020-07-17 20:19:36 true, but nice to have 2020-07-17 20:20:35 I don't have to patch my terminal to get scrolling :P 2020-07-17 20:21:45 well, only usable term for me on these chromebook keyboards are those which I patched 2020-07-18 12:22:05 clandmeter: seems like dmvpn issue. I have connection with ovpn, but I cannot ping anything else 2020-07-18 12:33:18 also I can't ping my lxc 2020-07-18 12:33:26 yeah, that's how I noticed 2020-07-18 12:34:52 ok, fixed 2020-07-18 12:34:59 nhrpd on the dmvpn crashed 2020-07-18 12:35:08 dmvpn hub 2020-07-18 12:35:35 yes, it works again. thanks 2020-07-18 12:35:52 [9560634.412058] nhrpd[2870]: segfault at 55c6ee781bd0 ip 000055c6ee781bd0 sp 00007ffebf20b958 error 15 2020-07-18 12:36:22 hm, you discovered bug 2020-07-18 13:08:26 ugh, it crashed again 2020-07-18 13:08:40 https://gitlab.alpinelinux.org/alpine/aports/-/issues/11755 2020-07-18 14:01:26 time to consider wireguard? ;) 2020-07-18 14:22:40 this is dmvpn 2020-07-18 14:22:47 wireguard does not offer what dmvpn does 2020-07-18 14:23:38 openvpn is only used for users, and openvpn was stable 2020-07-18 16:20:01 ok, understand 2020-07-18 16:20:45 fyi, it crashed again 2020-07-18 16:20:46 I don't know how complex is alpina infra network 2020-07-18 16:21:23 ah, can it be run under supervisor 2020-07-18 16:21:32 yes 2020-07-18 16:21:34 I think so 2020-07-18 16:21:59 runit or s6 2020-07-18 16:22:14 supervisord would suffice 2020-07-18 16:22:38 but crashing so often in so little time sure indicates some bigger issue 2020-07-18 16:22:44 can it send alert in case of crashed supervised process 2020-07-18 16:24:07 or even gdb to see where and why it crashes 2020-07-18 16:33:23 no 2020-07-18 16:35:28 can runnit or s6? 2020-07-18 16:36:04 monit can send alerts on crash and is just a simple add-on 2020-07-18 16:37:31 runit run script is shell so it can do a lot of things 2020-07-18 16:40:01 but I think nhrpd can be run in tmux/screen session under gdb and when it crashes 'bt' can be seen 2020-07-18 16:41:35 might not be a bad idea 2020-07-18 16:41:53 I saw that nhrpd-dbg was already installed, so apparently it has been crashing before 2020-07-18 16:44:46 ok, running it under gdb 2020-07-18 16:44:48 well, all software have bugs, some less some more 2020-07-18 16:44:57 vpn is up 2020-07-18 16:45:05 ok 2020-07-18 16:45:19 lets try crash them :) 2020-07-18 16:58:43 I don't think it will cost a lot of effort 2020-07-18 18:04:54 mps: succes 2020-07-18 18:08:45 switched nhrpd to use supervisor-daemon for now 2020-07-18 18:08:50 supervise-daemon* 2020-07-18 18:12:30 https://gitlab.alpinelinux.org/alpine/aports/-/issues/11755#note_103296 2020-07-18 18:24:29 ok (though I dislike when the servers are run under any supervisor by default, this can hide problems) 2020-07-18 18:25:03 yes 2020-07-18 18:25:18 In this case, we know there is an issue, and we need to work around it for now 2020-07-18 18:26:56 can't 'we' (you) in this case enable supervisor locally, by editing conf.d file file or init script 2020-07-18 18:28:31 that's exactly what I did 2020-07-18 18:28:46 ah, nice then 2020-07-18 18:28:49 I did not adjust the package, just the init file in place 2020-07-18 18:35:34 that is ok imo 2020-07-18 18:35:50 imo too 2020-07-18 18:36:27 if ncopa agrees, I want to add monitoring to that server, the we get actual alerts when the service crashes 2020-07-18 18:36:34 if nhrpd is run already under some supervisor you will probably didn't notice issue so fast 2020-07-18 18:38:13 some (but not much complicated) monitoring is always helpful 2020-07-18 18:38:49 I've added native openrc service monitoring to the zabbix go agent 2020-07-18 18:39:44 https://gitlab.alpinelinux.org/alpine/infra/zabbix-agent2-plugins/-/blob/master/plugins/alpine/openrc.go :) 2020-07-18 18:40:17 I don't know how it works, but by following this channel I'm sure it will be good because I've seen that you do a lot of things with this zabbix agent 2020-07-18 18:40:59 Most monitoring historically has been monitoring network services 2020-07-18 18:41:15 Only recently I've started adding internal monitoring 2020-07-18 18:46:57 I think your approach is good, i.e. monitor what is needed but not 'overmonitor' too much 2020-07-18 18:51:03 ikke: Have you looked into the repos for alpine-qa-bot already? :) 2020-07-18 18:51:23 No, will create them 2020-07-18 18:52:14 should we call it aports-qa-bot? 2020-07-18 18:53:08 Ah sure, sounds good too 2020-07-18 18:56:31 Cogitri: done 2020-07-18 18:56:40 I make them public as soon as you have pushed some content 2020-07-18 19:07:22 Thanks! 2020-07-18 19:09:11 ikke: we didn't waited too long for crash of nhrpd 2020-07-18 19:09:35 Nope, it crashes quite soon 2020-07-18 22:26:33 ikke: the backtrace in /var/crash/nhrpd differs slightly from what you posted in gitlab 2020-07-19 07:05:21 kunkku: it crashed again afterwards 2020-07-19 07:26:53 how long supervisor takes time to restart it after crash 2020-07-19 07:27:38 seems it sleep too long in 'crashed' state 2020-07-19 07:30:24 according to the documentation 'immediately' unless you change the restart delay 2020-07-19 07:30:45 but I noticed that too 2020-07-19 07:30:59 right now it's up for >9h though 2020-07-19 07:32:08 ah good news, maybe I can finish linux-edge upgrade 2020-07-19 08:07:54 is it possible to mount file system or dirs between alpine infra containers 2020-07-19 08:08:03 sshfs for example 2020-07-19 08:08:49 i.e. 'modprobe fuse' on these machines 2020-07-19 08:54:59 clandmeter: Any objections to that? 2020-07-19 09:24:03 Hi 2020-07-19 09:24:46 Did kunkku get the bt? 2020-07-19 09:25:20 mps: between you own containers? 2020-07-19 09:27:44 clandmeter: yes, but I don't insist on fuse, just asked 2020-07-19 09:28:03 It's ok for me 2020-07-19 09:29:36 whatever you think I'm ok 2020-07-19 10:24:23 clandmeter: yes, I have a copy of the core dump 2020-07-19 10:24:39 fabled will also investigate it 2020-07-19 10:41:47 based on the logs, usa5 has stormed the hub with IKE requests at the time of the crash 2020-07-19 10:42:09 which version of the dmvpn package is installed there? I don't have access 2020-07-19 10:44:08 dmvpn-1.2.1-r0 = 1.2.1-r0 2020-07-19 10:58:17 I recommend updating all spokes with dmvpn < 1.2.3 2020-07-19 10:59:32 indeed, there is a race in nhrpd which should be fixed, but ^^^ should recude the likelihood of such a race occuring 2020-07-19 11:00:50 3.11 only has 1.2.1 2020-07-19 11:03:59 3.11 has the fix backported 2020-07-19 11:04:51 3.10 too 2020-07-19 11:05:11 just run "apk upgrade"? 2020-07-19 11:06:47 ah, I see 2020-07-19 11:06:49 -r3 2020-07-19 15:32:19 kunkku: ah, I see fabled pushed a fix? 2020-07-19 16:01:32 ikke: yes, it's related to the crash 2020-07-19 16:01:42 we have been investigating it today 2020-07-19 16:02:44 kunkku: thanks 2020-07-20 11:26:15 Added dmvpn1 to Zabbix 2020-07-20 13:02:03 good! thanks! 2020-07-21 06:24:05 ine-team 2020-07-21 06:24:39 :P 2020-07-21 08:18:09 I get "bad gateway" errors from cgit log: https://git.alpinelinux.org/aports/log/main/redis 2020-07-21 08:18:28 timeout? 2020-07-21 08:18:35 Seems to take quite some time 2020-07-21 08:19:39 ncopa: https://gitlab.alpinelinux.org/alpine/aports/-/commits/master/main%2Fredis :P 2020-07-21 14:04:17 heh... i rsynced build-newedge-armhf to usa4.alpinelinux.org which apparently is not the same machine as usa4.alpin.pw 2020-07-21 14:04:30 heh 2020-07-21 14:04:33 fun 2020-07-21 14:04:50 seems like usa4.alpinelinux.org is usa5-dev1 2020-07-21 14:05:50 strange, both take me to the same machine 2020-07-21 14:05:58 man... im so stupid 2020-07-21 14:06:35 correction: I rsynced it to usa5.alpinelinux.org which is not same machine as usa4.alpin.pw 2020-07-21 14:06:46 which I guess is a good thing :) 2020-07-21 14:06:46 Yes, I can imagine that 2020-07-22 14:49:07 we have an email from IBM 2020-07-22 14:50:36 Not me 2020-07-22 14:50:57 question is if we want to move to a cloud based solution instead of baremetal 2020-07-22 14:51:38 is that for s390x? 2020-07-22 18:39:21 ppc 2020-07-22 18:41:32 ikke: which platform did we have to most issues with? 2020-07-22 18:41:41 s390x? 2020-07-22 19:12:11 I think ppc64le a little bit more 2020-07-22 19:12:20 I haven't seen a lot of stuck jobs on s390x lately 2020-07-22 19:12:33 but ppc64le still has network issues when having to upload things back 2020-07-22 19:24:32 ikke: I added you to the thread 2020-07-22 19:35:19 thanks 2020-07-23 10:38:44 maybe ask what hardware we get from cloud based solution. eg number of cpu's, RAM, if we can get power9 (insetad of current power8) 2020-07-23 20:28:54 clandmeter: any particular reason the armv7 ci VM is running an old kernel? 4.19.75-0-vanilla 2020-07-24 05:27:04 I don't think so 2020-07-24 05:28:26 somewhere I still have the source code for a horrifically bad daemon I wrote called "apr" (any particular reason). It worked to document weird infrastructure problems at a past job 2020-07-24 05:29:50 heh 2020-07-24 05:29:55 apr it was a daemon? :P 2020-07-24 05:30:09 yes, it served an incredibly shitty web page 2020-07-24 05:30:19 though my team had always joked about rewritting it as a gopher service 2020-07-24 05:30:25 ha 2020-07-24 10:07:02 ikke: it seems there will be a 1 hour maintenaince downtime (upgrading the hypervisor) for the s390x machines today (friday) around 10-11am ET time . I mmissed that early this week ... 2020-07-24 10:07:22 aha, ok. Thanks for the heads-up 2020-07-24 10:07:48 That should be around 4pm CEST I gather 2020-07-24 10:09:21 I lost track of saving time thing ... it's been 4-5 hours difference between CET and ET I'd say 2020-07-24 10:10:26 6 hours 2020-07-24 10:11:46 ET is UTC-4 CEST is UTC+2 2020-07-24 10:15:06 +1 2020-07-24 11:55:25 re ppc64[le], we almost have colo up, and could probably sponsor some machines with power9 cpu 2020-07-24 11:56:41 but there is not much difference between power8 and power9 2020-07-24 12:08:27 tmhoang: thank you 2020-07-24 12:35:51 dl-cdn has ~455 req/sec 2020-07-24 12:35:58 thats pretty heavy... 2020-07-26 15:42:16 ikke: I think the aports-qa-bot docker repo can't upload things yet: https://gitlab.alpinelinux.org/alpine/infra/docker/aports-qa-bot/-/jobs/172308 2020-07-26 15:42:30 ah, right 2020-07-26 15:42:47 need to create a repo on docker hub 2020-07-26 15:43:05 Also, I'd somehow have to pass secrets to aports-qa-bot (the secret token for the API so the bot can do things and the secret token Gitlab uses for webhook auth), how would I best do that? 2020-07-26 15:43:34 Currently I just have a config file that is in the dockercompose repo (not pushed yet), but then the secrets are leaked in the repo (and I guess the repo would need to be private then?) 2020-07-26 15:44:09 We typically use .env files in the docker-compose project 2020-07-26 15:46:48 We are also looking into using hashicorp vault 2020-07-26 15:53:23 Alright, I guess I'll just put it in the config then, since that'll effectively be the same as having iy in an .env file 2020-07-26 15:58:49 right, but note that we do not commit these secrets 2020-07-26 15:59:23 Oh, how does that work then? 2020-07-26 15:59:34 We create these files when we deploy the project 2020-07-26 15:59:50 Eventually, we use something like ansible to automate that 2020-07-26 15:59:54 Ah okay, I thought that the docker compose stuff was auto deployed so it'd just use what ever is in the repo 2020-07-26 15:59:55 Ah 2020-07-26 16:00:20 no, we just checkout the repo and run docker-compose up -d :P 2020-07-26 16:00:48 Oh :D 2020-07-26 16:01:06 We do not have something like kubernetes 2020-07-26 16:01:06 I'll just commit the config file with the secret tokens not filled in then 2020-07-26 17:47:29 Cogitri: ok, it should now be able to push the image 2020-07-26 17:49:49 hi all 2020-07-26 17:51:17 hi 2020-07-26 17:56:15 my project would be happy to give the alpine project some hosting 2020-07-26 17:56:39 compute power 2020-07-26 17:59:45 What kind of computing power are we talking about? 2020-07-26 18:00:38 virtual machines with very decent specs, globally. unmetered links. 2020-07-26 18:00:45 ipv6/ipv4 2020-07-26 18:09:08 ikke: seems like the push worked, thanks 2020-07-26 18:47:22 eth01: can you share your project? 2020-07-26 18:48:04 fosshost.org 2020-07-26 18:50:57 I didn't know about fosshost 2020-07-26 18:53:37 clandmeter: in case you might have missed it, the armv7 edge builder is now upgraded to 3.12 with linux-lts 2020-07-26 18:53:47 I mean 2020-07-26 18:53:49 CI host 2020-07-26 18:54:07 the VM 2020-07-26 18:54:14 Right 2020-07-26 18:54:17 Thx 2020-07-26 18:54:33 I guess it was a simple upgrade 2020-07-26 18:54:50 indeed 2020-07-26 18:55:15 Adv of running it in qemu 2020-07-26 18:56:10 There is still some weird issue when building armv7 gitlab runner images due to the musl upgrade 2020-07-26 19:15:40 Not many projects know about us... 2020-07-26 21:14:53 eth01: do you offer it for alpine official or also for alpine developers 2020-07-26 21:16:38 eth01: yeah, coming from void I can say that I've only seen passing references to you 2020-07-26 21:20:11 mps: open source projects / developers unofficial or official 2020-07-26 21:21:24 At the moment we have some spare capacity and it’s sat there not being utilised, so I’m trying to push the word out, to projects I think will benefit. 2020-07-26 21:21:52 maldridge: cool, do you know a project we help? 2020-07-26 21:23:37 eth01: I'm thinking to make alpine unofficial images which could be 'flashed' to mmc cards for some arm32 boards, but can't keep them on my local web servers because of slow link 2020-07-26 21:24:16 and I'm not sure it is good idea to put them on alpine infrastructure 2020-07-26 21:24:39 so, some third party hosting could be good idea 2020-07-26 21:24:59 mps: any particular board you're targeting? 2020-07-26 21:27:37 mps: sounds reasonable, we could help with that 2020-07-26 21:28:23 Fosshost.org/platform 2020-07-26 21:28:34 Here are our locations and specs in each location 2020-07-26 21:30:24 maldridge: for now I have few, bananapi, lamobo r1, and exynos 5800 (peach pi chromebook) 2020-07-26 21:30:39 interesting 2020-07-26 21:30:42 maybe cubie board 2020-07-26 21:32:05 and (if I found time) maybe RPi zero with mainline kernel 2020-07-26 21:32:51 now that would be something I'm interested in 2020-07-26 21:33:11 of course I say this with a number of rpi zero's sitting powered off not doing anything 2020-07-26 21:35:22 I started to work on RPi zero with mainline kernels (5.6 and 5.7) but don't have much time for this to finish these days 2020-07-26 21:35:35 I hope I will have more time in a month 2020-07-27 07:20:51 those host servers are quite old, and vulnerable to meltdown 2020-07-27 07:23:57 the proxmox ones? 2020-07-27 07:26:26 yes the ones eth01 is talking about 2020-07-27 07:26:59 I'd be more concerned about the quarter million lines of perl that make up proxmox rather than the kernel it runs on 2020-07-27 07:27:23 I'm talking about the cpu 2020-07-27 07:27:25 :) 2020-07-27 07:28:07 Xeon 5620 is from 2010 for example 2020-07-27 07:28:50 and meltdown is very relevant in a multi-user vps environment 2020-07-27 07:29:25 performance impact of the mitigations is significant 2020-07-27 07:29:45 I'm concerned with any cpu I didn't made, and I didn't made any ;) 2020-07-27 07:30:21 sure but some CPUs are more broken than others :p 2020-07-27 07:30:40 to be clear, its all just sand that's been taught to think 2020-07-27 07:31:20 maldridge: reminds me of this: https://xkcd.com/505/ 2020-07-27 07:31:20 https://xkcd.com/505 | A Bunch of Rocks | Alt-text: I call Rule 34 on Wolfram's Rule 34. 2020-07-27 07:31:50 yep 2020-07-27 07:33:56 what kind of virt is it anyway? kvm? 2020-07-27 07:34:56 yeah proxmox is all kvm based 2020-07-27 07:35:24 its a 1/4 million lines of perl on top of libvirt 2020-07-27 07:35:43 yuck :) 2020-07-27 07:36:53 my biggest problem with it is that its not bootstrappable 2020-07-27 07:41:20 if you want small scale virtualization, kimchi is quite nice, if not particularly easy to run 2020-07-27 08:58:57 We can run containers if you’d prefer that which uses LXC 2020-07-27 09:00:33 well the point I was making is that alpine itself has much newer hardware 2020-07-27 09:00:57 for example we have amd epyc 128 thread builder for x86 2020-07-27 09:01:39 what Foss devs need more than x86 hosting is non-x86 hosting 2020-07-27 09:05:39 Ariadne: we cant offer that at the minute but I am aware that it is something that projects want so I am looking at different options 2020-07-27 11:47:36 it seems when we moved git.a.o to gitlab (instead of gitloite ?), full git clone from git.a.o seems slower. Reading git.a.o/log also seems slower and sometimes (most of the time) I get 500. Maybe the infra already aware of this. 2020-07-27 11:48:16 git.a.o/log is still cgit 2020-07-27 11:48:29 agreed, but the backend is gitlab ? 2020-07-27 11:48:31 ncopa did mention hey got 500s there from time to time 2020-07-27 11:48:45 cgit is it's own backend 2020-07-27 11:49:00 it's not directly coupled to gitlab 2020-07-27 11:49:06 interesting 2020-07-27 11:49:31 We synchronize from gitlab.a.o to git.a.o 2020-07-27 11:49:48 git.a.o is still gitolite 2020-07-27 11:50:04 more interesting, I wonder what caused the slow 2020-07-27 11:50:05 We did move git.a.o however 2020-07-27 12:09:54 i wonder if cache is enabled in our cgit 2020-07-27 12:11:59 where is that enabled? 2020-07-27 12:13:29 cache-size 2020-07-27 12:13:31 https://linux.die.net/man/5/cgitrc 2020-07-27 12:13:36 which defaults to 0 2020-07-27 12:14:05 ncopa: So I guess you are right 2020-07-27 12:15:06 /var/cache/cgit is empty 2020-07-27 12:23:51 ncopa: enabled caching 2020-07-27 12:23:59 1000 entries, no idea how much we should do 2020-07-27 13:16:34 lets try 1000 and see how that goes 2020-07-27 13:17:56 I increased it even to 10K, but I don't see the load decreasing 2020-07-27 13:18:00 nice ! 2020-07-27 13:18:08 the load of that host is ~18, with 4 cores 2020-07-27 13:19:11 it's at 2800 cache items now 2020-07-27 13:19:18 almost 2900 2020-07-27 13:19:40 I'm pulling :) 2020-07-27 13:21:16 We still get a lot of traffec on secdb 2020-07-27 13:21:21 I thought that clandmeter redirected that 2020-07-27 13:21:55 cache will not improve cgit 2020-07-27 13:22:03 ok 2020-07-27 13:22:10 Which I noticed 2020-07-27 13:22:13 the problem is that the host io is not that fast 2020-07-27 13:22:30 i have a hack 2020-07-27 13:22:34 but its not live 2020-07-27 13:22:46 there is a tmpfs mount on the host 2020-07-27 13:22:56 which we could use as git storage 2020-07-27 13:23:09 8G of memory 2020-07-27 13:23:41 but it would need to clone/update all repos on restart 2020-07-27 13:24:23 nod 2020-07-27 13:24:33 i think i did a test and it was better but for sure not perfect. 2020-07-27 13:24:50 git log is fundamentally slow 2020-07-27 13:25:06 except if you offload it to some different storage 2020-07-27 13:25:11 as in db 2020-07-27 13:25:25 thats what gitlab does i think 2020-07-27 13:25:35 maybe redis or similar 2020-07-27 13:25:55 maybe an init.d service would help on reboot 2020-07-27 13:26:03 if the cost of tmpfs on ram is ok 2020-07-27 13:26:28 its docker, you can add logic to entrypoint 2020-07-27 13:26:50 but on a system reboot you will need to know which repos to clone. 2020-07-27 13:27:07 so you need to define a list or grab the list from gitlab. 2020-07-27 13:27:15 we don't have too much repos, dont we ? 2020-07-27 13:27:18 < 10 2020-07-27 13:27:33 aports seems to be the most cloned on a daily basis, ie. by CI 2020-07-27 13:27:49 CI should clone from gitlab 2020-07-27 13:27:55 +1 2020-07-27 13:27:57 it does 2020-07-27 13:28:13 the list is small 2020-07-27 13:28:13 including the builders 2020-07-27 13:28:20 but its nice if its all automatic 2020-07-27 13:28:46 the api can provide a list i think 2020-07-27 13:28:57 i did some logic before, i just lost interest shortly after. 2020-07-27 13:29:32 ah I think git@gitlab.alpinelinux.org:alpine/aports.git is just fine. I'll start doing that then. Just used to git://git.alpinelinux.org/aports 2020-07-27 13:29:49 git.a.o is just bw compat 2020-07-27 13:29:50 yeah, you should just be able to fetch from gitlab 2020-07-27 13:29:52 remembered that url by heart 2020-07-27 13:30:07 gitlab has a beastly server backing it 2020-07-27 13:30:08 but its slow sometimes to clone also 2020-07-27 13:30:11 because its hammered 2020-07-27 13:30:55 clandmeter: still mostly secdb? 2020-07-27 13:31:02 I see a lot of 301 replies 2020-07-27 13:31:16 the person that implemented the logic in those security scanners didn't think about the consequences for our server. 2020-07-27 13:32:05 ikke: yes i think 99% is sec scanner traffic 2020-07-27 13:34:10 we redirect from nginx as i couldnt find the proper config for traefik 2020-07-27 13:34:27 Perhaps we should take more effective measures.. 2020-07-27 13:34:53 clandmeter: afaik, upstream already changed the url they used, right? 2020-07-27 13:35:01 iptables based on req/m 2020-07-27 13:35:25 im not sure 2020-07-27 13:35:33 i htink its the claire scanner that does it. 2020-07-27 13:35:45 or similar name 2020-07-27 13:36:03 http4s-blaze 2020-07-27 13:36:28 thats the agent? 2020-07-27 13:36:31 One of them 2020-07-27 13:36:39 scala 2020-07-27 13:36:40 but most it seems to be diretly cloning via git 2020-07-27 13:36:51 git/2.17.0 2020-07-27 13:36:59 git/2.11.2 2020-07-27 13:38:27 some kind of tarpitting :P 2020-07-27 13:54:19 if you have good ideas, please share :) 2020-07-27 13:54:28 or better, implement ;-) 2020-07-27 15:30:41 ``` 2020-07-27 15:30:41 kex_exchange_identification: read: Connection reset by peer 2020-07-27 15:30:41 Connection reset by 172.16.4.39 port 22 2020-07-27 15:30:41 ``` 2020-07-27 15:30:41 I think I just grilled my x86_64 container? 2020-07-27 15:31:05 hmm\ 2020-07-27 15:31:15 Has it been a while since you upgraded it? 2020-07-27 15:31:33 Yes, I just upgraded it now and logged out 2020-07-27 15:31:40 Oh right...I should've restarted sshd after that 2020-07-27 15:31:50 aha, will do it now 2020-07-27 15:31:58 Thanks 2020-07-27 15:32:02 done 2020-07-27 15:32:10 Thanks :) 2020-07-27 15:32:24 Works 2020-07-27 15:32:46 no worry 2020-07-27 17:48:42 clandmeter: what redirect were you trying to set, I can check my traefik notes in a bit 2020-07-27 17:50:47 maldridge: traffic to one git repository over cgit redirecting to github 2020-07-27 17:51:06 GET /cgit/alpine-secdb/info/refs?service=git-upload-pack HTTP/1.1" 301 2020-07-27 18:01:46 you want to proxy to github? 2020-07-27 18:02:38 Just redirect traffic 2020-07-27 18:03:01 there are hordes of users cloning alpine-secdb 2020-07-27 18:03:24 which is basicaly causing the majority of the load on git.alpinelinux.org 2020-07-27 18:03:46 But, we kind of already are doing that 2020-07-27 18:12:34 oh, I see now 2020-07-27 18:12:56 you'd need to load a redirect middleware, I'll have to dig through my notes to see how to do that in a bit 2020-07-28 07:08:35 maldridge: if you have an example that actually works, please share. 2020-07-28 07:08:41 i gave up on it long time ago. 2020-07-28 07:10:38 clandmeter: I'll take a look, I've been trying to get void to run in clouds and writing a crappy version of cloud-init for the last few days, so haven't had much time for searching my archives yet 2020-07-28 07:11:57 traefik.http.middlewares.cgit-secdb.redirectregex.regex 2020-07-28 07:12:02 its somet hing like that 2020-07-28 07:12:23 I think you can likely just do a PathPrefix and a PathStrip 2020-07-28 07:12:32 regex shouldn't be necessary here 2020-07-28 07:13:16 how would you handle the replacement? 2020-07-28 07:13:43 well, I'm more of an ass than you, I'd return a 410 for the old path 2020-07-28 07:13:57 heh 2020-07-28 07:14:08 i see that you dont know me very well 2020-07-28 07:14:11 :p 2020-07-28 07:14:16 if I needed to keep both running, I'd probably stick varnish in front of it and proxy through to github 2020-07-28 07:14:26 try to serve as much as possible from cache 2020-07-28 07:14:36 i dont want to serve anything 2020-07-28 07:14:39 its too much 2020-07-28 07:14:50 even redirecting is causing high cpu 2020-07-28 07:14:51 shouldn't a redirect be much lighter? 2020-07-28 07:15:02 its still a socket and a couple of syscalls 2020-07-28 07:15:09 and if people are being dumb and not caching the db 2020-07-28 07:15:21 what i like is to set a limit and then block the address for 1h 2020-07-28 07:15:49 via fw 2020-07-28 07:16:19 you could potentially do that via fail2ban right? 2020-07-28 07:16:22 too bad i cant see the header with iptables 2020-07-28 07:16:47 i guess i can 2020-07-28 07:16:57 i didnt spend too much time on it. 2020-07-28 07:17:30 iptables doesn't do dpi :) 2020-07-28 07:20:54 maldridge: this is what i found in the compose file: https://tpaste.us/xk0w 2020-07-28 07:21:09 not sure what state that is in. long time ago.. 2020-07-28 07:21:19 I think most of your cpu time is probably spent on regex 2020-07-28 07:21:23 its not particularly cheap 2020-07-28 07:21:45 Noticed something similar with graylog using regexp to separate streams 2020-07-28 07:21:56 they cost a lot of CPU time indeed 2020-07-28 07:22:56 that, among other reasons, is why I don't use graylog 2020-07-28 07:23:58 pathprefix is gone in 2.2? 2020-07-28 07:24:34 hmm I didn't think it was 2020-07-28 07:29:35 looking at the docs, i have no clue how to return any http code based on path. 2020-07-28 07:31:20 Is b.a.o down right now? 2020-07-28 07:31:29 b? 2020-07-28 07:31:39 build 2020-07-28 07:32:02 loads for me 2020-07-28 07:32:13 Seems to either not load or say that msg.a.o is unavailable 2020-07-28 07:32:23 says connected for me 2020-07-28 07:32:26 Ah, now it loads :) 2020-07-28 07:33:09 I saw the same 2020-07-28 08:41:43 Btw, can the aports-qa-bot be setup so it's only reachable for the gitlab container and not the public? Currently the only authentication it has to check webhooks are really coming from Gitlab is the HTTP header with the secret token Gitlab sends (but that might be sufficient too as long as we choose a secure token) 2020-07-28 11:23:17 And do we have a test instance for our gitlab/can we do a temporary copy of the aports repo to make sure nothing blows up when we enable the bot? I have pretty good test coverage on alpine-qa-bot but I didn't have a chance to test on such a huge repo yet 2020-07-28 11:25:29 Cogitri: We usually spin up a test instance when we upgrade gitlab 2020-07-28 11:25:35 which is a complete copy 2020-07-28 11:26:14 Ah nice 2020-07-28 11:26:45 if clandmeter agrees, we can start looking into the upgrade to 13.1 2020-07-28 11:27:45 ok here 2020-07-28 11:40:49 Cogitri: That's usually how webhooks work right? Over the internet with a secure token to authenticate? 2020-07-28 11:42:50 Yup, I don't think Gitlab has another way of authentication 2020-07-28 11:43:18 I just thought that if they're on the same internal net anyway we don't have to expose it to the internet :) 2020-07-28 11:46:21 we have dedicated servers for gitlab 2020-07-28 11:46:56 We would most likely host these containers on a different server 2020-07-28 11:47:38 and gitlab is not (yet) part of the dmvpn 2020-07-28 11:48:52 i dont see the issue here? 2020-07-28 11:48:52 Ah okie. Then it shouldn't be a problem to host it publicly either 2020-07-28 11:49:03 Me neither 2020-07-28 11:49:07 api+token is fine 2020-07-28 11:49:13 πŸ‘ 2020-07-28 11:49:13 its what all bots and such do 2020-07-28 11:49:33 over https ofc :) 2020-07-28 11:49:56 If the reverse proxy that's in front of the bot does https, then sure :D 2020-07-28 11:50:02 it does 2020-07-28 11:50:31 gitlab talks to the bot? 2020-07-28 11:50:42 webhooks 2020-07-28 11:51:00 The bot needs to know when to respond 2020-07-28 11:51:05 right 2020-07-28 11:51:15 so it also has a token itself 2020-07-28 11:51:23 a shared secret 2020-07-28 11:51:35 which what tokens usually are :P 2020-07-28 11:54:14 Yup, when setting up the webhook you can set up the token (I wonder why gitlab doesn't auto-generates it, but oh well) 2020-07-28 11:54:46 Right now the bot only handles merge request events (since that's the only interesting hook for us AFAICS) 2020-07-28 11:55:00 So the other event types don't have to be enabled for the webhook 2020-07-28 11:55:07 Cogitri: maybe because the assumption is that the receiving side is determining the token 2020-07-28 11:55:43 Ah, yes, that makes sense 2020-07-28 11:58:14 maybe there is a token policy or the other side 2020-07-28 11:58:35 Or it's just generated 2020-07-28 12:20:07 Anyway, just generated the docker container, I think the bot is ready for testing once we have a gitlab instance up 2020-07-28 12:22:25 Actually, maybe we should have `G_MESSAGES_DEBUG=all` specified for the initial run to get all the debug info we can in case things go wrong 2020-07-28 12:22:52 We can add that to the .env file 2020-07-28 12:40:20 Yup, that'd be good, shouldn't be required once things work 2020-07-31 08:41:05 morning 2020-07-31 08:41:15 ikke: did we have a machine we could use for distfiles? 2020-07-31 08:50:08 gitlab.a.o web interface is sooooo slow 2020-07-31 08:53:06 mps, any example where? :D 2020-07-31 08:54:06 or just in general when switching/pushing buttons? :P 2020-07-31 08:55:55 in general 2020-07-31 08:56:08 heavy JS I think 2020-07-31 08:56:35 but maybe server is overloaded for about two days 2020-07-31 08:58:02 exactly, another reason why I wouldn't be abble to use ARM until those get at least strong single thread or working good enough GPU acceleration 2020-07-31 08:59:11 working god for me, longer time ago it could notice that was slow but now is snappy 2020-07-31 08:59:45 mps: gitlab webif seems quite fast for me 2020-07-31 09:02:00 mps, if you using firefox then you can test "webrender" stuff so most of it is done by GPU, is amazing fast (but even with radeon it spit out lot of weird errors in dmesg) 2020-07-31 09:03:16 MY-R: it worked 'bearable' till few days ago on same machine and I didn't upgrade anything in meantime, nor changed configuration 2020-07-31 09:03:56 gfx.webrender.all=true and gfx.webrender.enabled=true but better save all current projects ;) 2020-07-31 09:04:32 maybe some JS stuff from CDN's were updated 2020-07-31 09:05:41 this is most probable 2020-07-31 09:06:10 something which interfere with dark reader plugin 2020-07-31 09:07:25 oh ye, with that plugin I noticed a huge slow down (more like few seconds delays) that was the reason why uninstalled it 2020-07-31 09:09:29 ACTION using this now: https://github.com/m-khvoinitsky/dark-background-light-text-extension 2020-07-31 09:20:31 MY-R: thanks, but I used this earlier, before switch to dark reader 2020-07-31 09:38:31 :< 2020-07-31 09:39:03 MY-R: switched back to 'Aa' and disabled DR, and now it gitlab is more responsive 2020-07-31 09:39:25 it is* 2020-07-31 09:41:15 DR was working for me nice maybe 3-4 weeks ago but in that time many things could change 2020-07-31 09:43:16 it worked for me till few days ago. and it looks better than 'Aa' 2020-07-31 09:43:49 i am the one who took down the x86 builders. i am moving them to new machine 2020-07-31 09:47:48 waiting for someone to package https://github.com/MichaelMure/git-bug 2020-07-31 10:12:47 waiting for someone to package https://github.com/weaveworks/footloose 2020-07-31 10:13:27 How does that compare to lxc? 2020-07-31 10:14:50 gives you lxc-like containers but with docker 2020-07-31 10:15:27 and let you docker manage the port forwards 2020-07-31 10:15:36 aha ok, sounds a bit like dokken