profile
viewpoint

niemeyer/gopkg 501

Source code for the gopkg.in service.

niemeyer/godeb 290

godeb transforms upstream tarballs for the Go language in deb packages and installs them.

python-constraint/python-constraint 234

Constraint Solving Problem resolver for Python

niemeyer/hsandbox 135

Hacking Sandbox: Multi-language interactive edit [> compile] > run hacking and experimenting tool.

canonical/operator 75

Pure Python operator framework.

niemeyer/golang 37

The Go Language

CanonicalLtd/landscape-client 22

The Landscape Client is the agent which communicates with the Landscape service.

niemeyer/flex 12

Bootstrap of flex project.

issue commentaws/containers-roadmap

Support `--pids-limit` `docker run` flag

We have also had the same problem @hyksos describes, in production.

Support for --pids-limit would be appreciated.

Currently, we approximate --pids-limit by using a scheduled job to set per-task limits, i.e. something like:

  1. Mount pids cgroup in /etc/cgconfig.conf
  2. yum install libcgroup-tools && systemctl cgconfig enable # amzlinux2
  3. Schedule:
LIMIT=8192
# amzlinux1
if [ -d /cgroup/pids/ecs ]; then find /cgroup/pids/ecs -mindepth 3 -maxdepth 3 -type f -name pids.max -exec sh -c "echo ${LIMIT} > {}" \; ; fi
# amzlinux2
if [ -d /sys/fs/cgroup/pids/ecs ]; then find /sys/fs/cgroup/pids/ecs -mindepth 3 -maxdepth 3 -type f -name pids.max -exec sh -c "echo ${LIMIT} > {}" \; ; fi
kristiantakvam

comment created time in 4 minutes

issue commentaws/containers-roadmap

Support `--pids-limit` `docker run` flag

No special use case required to be needing this except a mixed ECS cluster. One container can fork bomb the entire host, I'm looking at you JAVA containers... At which point everything is degraded and with, most of the time, very tangential or seemingly unrelated error messages because the kernel being at max_pids is not something that leads to very clear error messages at the top of the stack.

We have hit this multiple time in production and the only work around we have so far is to set the host max_pids at 4M and hope we don't run out of something else during a fork bomb. That's when system's guys start to miss the isolation of a VM/hypervisor :) Jokes aside, it would be useful to surface this in the task definition.

kristiantakvam

comment created time in 20 minutes

issue commentaws/containers-roadmap

Is there a way to support FlexVolume plugin in EKS?

The csi driver worked fine for me on EKS, which is better than flexvolume imo. At least the csi-smb driver worked, which solved my issue.

David Berkman


From: JiaDe WU notifications@github.com Sent: Monday, January 18, 2021 11:44:27 PM To: aws/containers-roadmap containers-roadmap@noreply.github.com Cc: David Berkman david.berkman@grenadefish.net; Comment comment@noreply.github.com Subject: Re: [aws/containers-roadmap] Is there a way to support FlexVolume plugin in EKS? (#925)

Is there any update on this issue?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/aws/containers-roadmap/issues/925#issuecomment-762662707, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AACMYJF6M7CJOJNKKMAOYYDS2UZ5XANCNFSM4NOSW2TA.

metabc

comment created time in 2 hours

pull request commentsnapcore/snapcraft

Ensure PYTHONPATH is appropriate for building packages with gnome-3-38

Codecov Report

Merging #3424 (d5dc4b8) into master (be94581) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #3424   +/-   ##
=======================================
  Coverage   90.84%   90.84%           
=======================================
  Files         258      258           
  Lines       18287    18287           
=======================================
  Hits        16612    16612           
  Misses       1675     1675           
Impacted Files Coverage Δ
.../internal/project_loader/_extensions/gnome_3_38.py 95.23% <ø> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update be94581...d5dc4b8. Read the comment docs.

kenvandine

comment created time in 2 hours

PR opened snapcore/snapcraft

Ensure PYTHONPATH is appropriate for building packages with gnome-3-3…

…8-2004-sdk as well as at runtime

  • [ ] Have you followed the guidelines for contributing?
  • [ ] Have you signed the CLA?
  • [ ] Have you successfully run ./runtests.sh static?
  • [ ] Have you successfully run ./runtests.sh tests/unit?

+7 -0

0 comment

3 changed files

pr created time in 3 hours

Pull request review commentsnapcore/snapd

cmd/snap-repair: filter repair assertions based on bases + modes

 func (run *Runner) Applicable(headers map[string]interface{}) bool { 		} 	} -	// TODO:UC20: need to consider filtering by bases and modes in the assertion-	// here+	// also filter by base snaps and modes+	bases, err := stringList(headers, "bases")+	if err != nil {+		return false+	}++	if len(bases) != 0 && !strutil.ListContains(bases, run.state.Device.Base) {+		return false+	}++	modes, err := stringList(headers, "modes")+	if err != nil {+		return false+	}++	// modes is slightly more nuanced, if the modes setting in the assertion+	// header is unset, that means that the assertion should only be run in+	// "run" mode on uc20++	if run.state.Device.Mode == "" {+		// uc16 / uc18 device, the assertion is only applicable to us if modes+		// has "run" in it or if it is unset+		if len(modes) != 0 && !strutil.ListContains(modes, "run") {

this is done now

anonymouse64

comment created time in 4 hours

PR opened snapcore/snapcraft

WIP: gnome-3-38 is no longer experimental
  • [ ] Have you followed the guidelines for contributing?
  • [ ] Have you signed the CLA?
  • [ ] Have you successfully run ./runtests.sh static?
  • [ ] Have you successfully run ./runtests.sh tests/unit?

+0 -4

0 comment

1 changed file

pr created time in 5 hours

pull request commentsnapcore/snapd

interfaces/builtin: Allow DBus property access on org.freedesktop.Notifications

Given CI keeps randomly failing, so this couldn't be merged, I've now added the URL, too.

kbroulik

comment created time in 5 hours

push eventsnapcore/snapcraft

Sergio Schvezov

commit sha be94581c81e1cb34274c97148fe8223f998c6575

Revert "cli: allow validation assertions to be revoked (#3417)" (#3422) This reverts commit 847cd3cd4fa9c7e67231816a84c45bf3070fbef2.

view details

push time in 5 hours

PR merged snapcore/snapcraft

Revert "cli: allow validation assertions to be revoked (#3417)"

This reverts commit 847cd3cd4fa9c7e67231816a84c45bf3070fbef2.

  • [ ] Have you followed the guidelines for contributing?
  • [ ] Have you signed the CLA?
  • [ ] Have you successfully run ./runtests.sh static?
  • [ ] Have you successfully run ./runtests.sh tests/unit?

+2 -57

1 comment

2 changed files

sergiusens

pr closed time in 5 hours

pull request commentsnapcore/snapcraft

Revert "cli: allow validation assertions to be revoked (#3417)"

Codecov Report

Merging #3422 (b5498e2) into master (e8e5d28) will decrease coverage by 0.00%. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3422      +/-   ##
==========================================
- Coverage   90.84%   90.84%   -0.01%     
==========================================
  Files         258      258              
  Lines       18288    18287       -1     
==========================================
- Hits        16614    16612       -2     
- Misses       1674     1675       +1     
Impacted Files Coverage Δ
snapcraft/cli/assertions.py 98.95% <100.00%> (-0.02%) :arrow_down:
snapcraft/_store.py 86.55% <0.00%> (-0.22%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update e8e5d28...b5498e2. Read the comment docs.

sergiusens

comment created time in 8 hours

push eventsnapcore/snapd

Pawel Stolowski

commit sha add0270efb71cd71092d4cfd8d6cca28f352e201

Fix len check (failure on 32-bit). (#12)

view details

Michael Vogt

commit sha 4b1cbdd3a2f54010e9ee78c6e5518b34467b1d7b

udev: skip TestParseUdevEvent on s390x (#13) The input byte data is hardcoded for little-endian architectures. However the s390x is big endian so this test always fails because the data is incorrectly aligned. This will fix the build of snapd on s390x which is broken since udev got merged.

view details

Michael Vogt

commit sha 043677e09b13957b7b5f9589cef69e3367deb981

udev: skip TestParseUdevEvent on ppc (#14) The ppc golang architecture uses big-endian so the TestParseUdevEvent cannot run there. This PR skips it when ppc is detected.

view details

Felix Geyer

commit sha 95c4b726479447079ddc23188835777a1ecfd9fd

Let the kernel set nl_pid automatically (#18) Setting the netlink nl_pid to the pid is problematic if you want to use multiple netlink connections in the same application or the application runs in another pid namespace (nl_pid needs to to system-wide unique). With nl_pid==0 the kernel automatically assigns a unique nl_pid. From netlink(7): There are two ways to assign nl_pid to a netlink socket. If the application sets nl_pid before calling bind(2), then it is up to the application to make sure that nl_pid is unique. If the application sets it to 0, the kernel takes care of assigning it.

view details

Mickaël FRANC

commit sha 521742c219c7f04e09f3154a41acc0e60fc08a1f

test: fix test, now possible to bind to netlink multiple times see: https://github.com/pilebones/go-udev/pull/18

view details

Mickaël FRANC

commit sha 9229d5f53bd46066741633c9d46442063f0ecdca

travis: fix golang version used

view details

Mickaël FRANC

commit sha 74655bbaaa50f599d9ecaad20bbd95d0c6476728

go.mod: add manifest for go module

view details

Paweł Stołowski

commit sha 459ce2298edf3829fc7919694bb8387064766cae

Merge commit '74655bbaaa50f599d9ecaad20bbd95d0c6476728' into update-go-udev

view details

Michael Vogt

commit sha 16cb1b74513900fc4405f02c68ce798d2b3dc916

Merge pull request #9845 from stolowski/update-go-udev osutil: update go-udev package

view details

push time in 9 hours

PR merged snapcore/snapd

osutil: update go-udev package

Update go-udev package with upstream; the project isn't very active and in fact there are just 3 commits since we imported it into osutil, but they just fixed https://github.com/pilebones/go-udev/issues/3 which is good too have.

Updated with:

git subtree pull --prefix=osutil/udev http://github.com/pilebones/go-udev master
+9 -6

1 comment

4 changed files

stolowski

pr closed time in 9 hours

PR opened snapcore/snapcraft

Revert "cli: allow validation assertions to be revoked (#3417)"

This reverts commit 847cd3cd4fa9c7e67231816a84c45bf3070fbef2.

  • [ ] Have you followed the guidelines for contributing?
  • [ ] Have you signed the CLA?
  • [ ] Have you successfully run ./runtests.sh static?
  • [ ] Have you successfully run ./runtests.sh tests/unit?

+2 -57

0 comment

2 changed files

pr created time in 9 hours

push eventsnapcore/snapcraft

Ken VanDine

commit sha e8e5d2852e482aa79cf4be1b2720f8ab17c7b5bb

extensions: add SDK paths to ACLOCAL_PATH for gnome-3-38 (#3419)

view details

push time in 9 hours

PR merged snapcore/snapcraft

Include SDK snap paths in ACLOCAL_PATH

Ensure pulse libs can be found during linking and set ACLOCAL_PATH to include build snap paths

  • [x] Have you followed the guidelines for contributing?
  • [x] Have you signed the CLA?
  • [x] Have you successfully run ./runtests.sh static?
  • [x] Have you successfully run ./runtests.sh tests/unit?

+26 -2

1 comment

2 changed files

kenvandine

pr closed time in 9 hours

push eventsnapcore/snapcraft

Chris Patterson

commit sha 65c7911572359d14a472fa6a16da6954d6c992dc

plainbox spread tests: set tasks to manual (#3420) They intermittently fail and these failures do not appear to be Snapcraft-specific. Until the issue is resolved, set the tasks to manual. Failure log: ``` python3 manage.py validate error: ???: Cannot load '/snapcraft/tests/spread/plugins/v1/plainbox/snaps/provider-with-deps/parts/parent-plainbox-provider/build/units/parent.pxu': (chardet 4.0.0 (/snapcraft/tests/spread/plugins/v1/plainbox/snaps/provider-with-deps/stage/lib/python3.6/site-packages), Requirement.parse('chardet<3.1.0,>=3.0.2'), {'requests'}) NOTE: subsequent units from problematic files are ignored Validation of provider plainbox-provider-parent has failed ``` Signed-off-by: Chris Patterson <chris.patterson@canonical.com>

view details

push time in 9 hours

PR merged snapcore/snapcraft

plainbox spread tests: set tasks to manual

They intermittently fail and these failures do not appear to be Snapcraft-specific. Until the issue is resolved, set the tasks to manual.

Failure log:

python3 manage.py validate
error: ???: Cannot load '/snapcraft/tests/spread/plugins/v1/plainbox/snaps/provider-with-deps/parts/parent-plainbox-provider/build/units/parent.pxu': (chardet 4.0.0 (/snapcraft/tests/spread/plugins/v1/plainbox/snaps/provider-with-deps/stage/lib/python3.6/site-packages), Requirement.parse('chardet<3.1.0,>=3.0.2'), {'requests'})
NOTE: subsequent units from problematic files are ignored
Validation of provider plainbox-provider-parent has failed

Signed-off-by: Chris Patterson chris.patterson@canonical.com

  • [ ] Have you followed the guidelines for contributing?
  • [ ] Have you signed the CLA?
  • [ ] Have you successfully run ./runtests.sh static?
  • [ ] Have you successfully run ./runtests.sh tests/unit?

+6 -0

1 comment

6 changed files

cjp256

pr closed time in 9 hours

Pull request review commentsnapcore/snapd

store: switch to v2/assertions api

 func (s *Store) assertionsEndpointURL(p string, query url.Values) *url.URL { }  type assertionSvcError struct {-	// v1 error fields

Ah, ok, thanks for pointing this out.

stolowski

comment created time in 10 hours

issue commentetcd-io/bbolt

panic: runtime error: unsafe pointer conversion (Go 1.14)

@forsaken628 use bbolt 1.3.5.

klauspost

comment created time in 10 hours

Pull request review commentsnapcore/snapd

cmd/snap-repair: filter repair assertions based on bases + modes

 func (run *Runner) Applicable(headers map[string]interface{}) bool { 		} 	} -	// TODO:UC20: need to consider filtering by bases and modes in the assertion-	// here+	// also filter by base snaps and modes+	bases, err := stringList(headers, "bases")+	if err != nil {+		return false+	}++	if len(bases) != 0 && !strutil.ListContains(bases, run.state.Device.Base) {+		return false+	}++	modes, err := stringList(headers, "modes")+	if err != nil {+		return false+	}++	// modes is slightly more nuanced, if the modes setting in the assertion+	// header is unset, that means that the assertion should only be run in+	// "run" mode on uc20++	if run.state.Device.Mode == "" {+		// uc16 / uc18 device, the assertion is only applicable to us if modes+		// has "run" in it or if it is unset+		if len(modes) != 0 && !strutil.ListContains(modes, "run") {

my naive thinking was to just have:

if len(modes) != 0 {
    return false
}

on this path where Device.Mode == ""

anonymouse64

comment created time in 11 hours

Pull request review commentsnapcore/snapd

cmd/snap-repair: filter repair assertions based on bases + modes

 func (run *Runner) Applicable(headers map[string]interface{}) bool { 		} 	} -	// TODO:UC20: need to consider filtering by bases and modes in the assertion-	// here+	// also filter by base snaps and modes+	bases, err := stringList(headers, "bases")+	if err != nil {+		return false+	}++	if len(bases) != 0 && !strutil.ListContains(bases, run.state.Device.Base) {+		return false+	}++	modes, err := stringList(headers, "modes")+	if err != nil {+		return false+	}++	// modes is slightly more nuanced, if the modes setting in the assertion+	// header is unset, that means that the assertion should only be run in+	// "run" mode on uc20++	if run.state.Device.Mode == "" {+		// uc16 / uc18 device, the assertion is only applicable to us if modes+		// has "run" in it or if it is unset+		if len(modes) != 0 && !strutil.ListContains(modes, "run") {

how do we handle the implication of core20+ here? do we want to hard-code a block list of core and core18, and assume all other base snaps are core20+ like we did previously?

anonymouse64

comment created time in 11 hours

PR closed snapcore/snapd

tests: spread log analyzer that could be used for re execute failed tests

This includes a log analyzer and the new step in the actions to read the log. Then the idea would be to re-execute the failed tests.

+472 -2

0 comment

2 changed files

sergiocazzolato

pr closed time in 11 hours

PullRequestEvent

Pull request review commentsnapcore/snapd

o/snapshotstate: handle conflicts between snapshot forget, export and import

 func (snapshotSuite) TestEstimateSnapshotSizeWithUsers(c *check.C) { 	c.Assert(err, check.IsNil) 	c.Check(gotUsers, check.DeepEquals, []string{"user1", "user2"}) }++func (snapshotSuite) TestExportSnapshotConflictsWithForget(c *check.C) {+	st := state.New(nil)+	st.Lock()+	defer st.Unlock()++	chg := st.NewChange("forget-snapshot-change", "...")+	tsk := st.NewTask("forget-snapshot", "...")+	tsk.SetStatus(state.DoingStatus)+	tsk.Set("snapshot-setup", map[string]int{"set-id": 42})+	chg.AddTask(tsk)++	_, err := snapshotstate.Export(context.TODO(), st, 42)+	c.Assert(err, check.NotNil)+	c.Assert(err.Error(), check.Equals, `cannot operate on snapshot set #42 while change "1" is in progress`)+}++func (snapshotSuite) TestImportSnapshotDuplicatedNoConflict(c *check.C) {+	buf := &bytes.Buffer{}+	var importCalls int+	restore := snapshotstate.MockBackendImport(func(ctx context.Context, id uint64, r io.Reader, flags *backend.ImportFlags) ([]string, error) {+		importCalls+++		c.Check(id, check.Equals, uint64(1))+		// FIXME: DuplicatedSnapshotImportError should include snap names

This is addressed in #9851 , I'll update this PR when 9851 lands.

stolowski

comment created time in 12 hours

PR opened snapcore/snapd

Fix returning of snap names when duplicated snapshot is detected. Bug

The detection and handling of duplicated snapshot and returning the id of the original snapshot has a subtle bug, it doesn't return affected snap names correctly. This wasn't noticed because unit test wasn't good enough, and on the outside (snapshotstate.go line 341) it looked like it did return snap names. This PR fixes this.

+12 -6

0 comment

4 changed files

pr created time in 12 hours

issue commentaws/containers-roadmap

[Fargate] [request]: Mount S3 buckets as filesystem on Fargate, e.g. via FUSE

Just a possibility to copy a file from s3 to the container, like with COPY command in Dockerfile.

That would change the hash of the container image which is perhaps not desirable ... I believe mounting would be ideal in this context.

michalc

comment created time in 12 hours

pull request commentsnapcore/snapd

tests/main/snap-network-errors: disable dns-caching on centos-7

sorry yes this was confusing, let me adjust and force-push a better commit message

anonymouse64

comment created time in 12 hours

pull request commentsnapcore/snapd

OpenGL interface: Support more Tegra libs

AFAICT you do not need to update anything in the profile at this point.

Cool. So that means my PR is "ready", unless someone else have any input to provide ?

om26er

comment created time in 13 hours

more