avsm changed the topic of #mirage to: Good news everyone! Mirage 3.0 released!
copy` has quit [Quit: Connection closed for inactivity]
brson has quit [Quit: leaving]
ubeatlenine has joined #mirage
ubeatlenine is now known as dudelson
_whitelogger has joined #mirage
argent_smith has joined #mirage
_whitelogger has joined #mirage
madgoat has joined #mirage
madgoat has quit [K-Lined]
IRCFrEAK has joined #mirage
IRCFrEAK has quit [K-Lined]
dudelson has quit [Ping timeout: 260 seconds]
dudelson has joined #mirage
dudelson has quit [Ping timeout: 246 seconds]
dudelson has joined #mirage
agarwal1975 has joined #mirage
dudelson has quit [Ping timeout: 258 seconds]
dudelson has joined #mirage
<apache3>
thanks to everyone in marrakech, I had a great time!
dudelson has quit [Ping timeout: 260 seconds]
yomimono has joined #mirage
yomimono has quit [Ping timeout: 240 seconds]
<reynir>
+1
<maker>
hello there
<maker>
I'm still trying to automatize the certificate generation in canopy. I'm at the reasonable point where I can hook up letsencrypt in the tls bootstrap, print out 'dude put this in your dns txt record", wait for letsencrypt to give out the certificate, and then bootstrap the tls server
<maker>
now there's two problems
<maker>
first one is updates, I need to schedule a thread for certificate renewal every three months. Now, is there a decent way of doing this? Do I have to create a thread and put it to sleep for 3 months? that's I time bomb
<maker>
*that's a time bomb
<reynir>
I've considered just restarting the VM every 3 months :v
<maker>
second one is expecting the user to solve the challenge every time is bullshit, it should do that by itself. However, I'm not able to write on the key-value "tls/" since it's read-only and Canopy_store is meant to be for articles so it's a sin to put tls stuff in there
<maker>
passing around this "token" for a few minutes, in order to solve a challenge proposed by the CA, would make the code a mess, plus it means I need to create an http server in order to get a certificate
<maker>
while now http and/or https server are fired at the same time with a decent pattern matching
<maker>
engil: ^^^^
<haesbaert>
hannes: ?
<hannes>
maker: on startup, I'd imagine sth to look into the expiration date of the certificate, and start a Lwt_engine.on_timer to go into letsencrypt mode.
<hannes>
maker: r/w of a key-value store will hopefully happen soon :D
<hannes>
maker: "for a few minutes" -- sounds to me that you would want to (instead of my earlier understanding/thoughts) integrate the dispatch with canopy's and once LE is finished, restart the HTTPS part with the fresh certificate...
<hannes>
(where "restart" is harsh, instead use the new certificate for new connections)
maxus has joined #mirage
maxus has quit [Read error: Connection reset by peer]
maxus_ has joined #mirage
maxus_ has quit [Remote host closed the connection]
argent_smith has quit [Quit: Leaving.]
copy` has joined #mirage
abeaumont has quit [Remote host closed the connection]
abeaumont has joined #mirage
<dmj`>
so, mirage uses travis for CI, how does it perform tests if the container in which the build runs doesn’t have access to a hypervisor
<hannes>
dmj`: travis only tests the build + unit tests for us, no end-to-end testing.
<hannes>
it could work using a qemu on top of travis..
<dmj`>
hannes: ah interesting, so if the xen kernel was loaded into qemu, and then when dom0 loaded, "sudo xl create main.config” was called.. might need to mount disks w/ the unikernels. Many levels of inception going on there
<hannes>
yes, I suspect that's why (at least afaik) nobody does it
<dmj`>
hannes: there’s no way to redirect the xen console output afaik. .. heh yea, the vms on xen would also need access to disks to write test results. Super hairy.
<dmj`>
hannes: can I ask how large the unikernels that mirage creates typically are
<dmj`>
greater than 10MB in size?
<hannes>
ranging from 4 to 13 MB (without any dead code removal), at least those I run