Return to more technical work

Monday, January 7, 2019

After the break, I'm tryign to return to slightly more technical work.

Various minor technical issues

Had the maintenance company for our primary heater at home. The overheat security protection was tripping on a regular basis, apparently an issue with insufficient water pressure.

Our A/C won't generate heat below 10C. That seems a little bit below spec. What I read is that this kind of A/C system should work above 0C. The system itself is rated up to -17C. Contacted the installer again. He's going to hate us, these two little systems have been causing nothing but trouble since he installed them. The larger one works fine, which is another reason to believe the smaller ones should work.

RHEL8 documentation

Meeting with Jarda and Jirka. Two big action items:

  • Issues about changes related to BLS (Boot Loader Specification) Jirka had already started working on this, and asked me to review some of the changes. Added to ToDo bookmarks.
  • Complete the write-up about best security practices for VM management. I need to make a choice between two options, and I don't like either. Either run everything as root, which is the current status-quo, and then you need to explain that you need root access for remote machines, yuck. Alternatively, talk about the libvirt group, but according to Dr Alan Gilbert, it's really exactly the same thing because libvirt is only checking that QEMU accesses the files, not what files you access.

Slow VM startup

For some reason, some of my VMs are very slow to startup now. It's funny, because someone asked the question on IRC just last week. Is there some kind of real issue? This happened to me on a machine that was not precisely idle (read: it was loaded like crazy). So I defer judgement until I know more.

AMD Secure Encrypted Virtualization (SEV)

It looks like the way the SEV bit is reported for our lab machines is not correct. It only reports 2 machines, there are apparently a number of additional EPYC machines.

Eric Skultety pointed me to https://elixir.bootlin.com/linux/latest/source/Documentation/virtual/kvm/amd-memory-encryption.rst. The documentation is from last year (Dec 2017), and two of the pointers are already bogus. One is easy, someone replace a space with an underscore. Will send a patch. See mail setup below.

Spent a little bit of time reading about how SEV works internally.

KVM code review

Explored Red Hat Bugzilla 1593190 for my own education. There are variants, e.g. Red Hat Bugzilla 1592276.

Mail and news setup

I'm still not entirely satisfied of the way the mail and news setup works. Today, I tried to send a trivial patch, but I realized I had only configured my guest, not the host.

Added some configuration, did a couple of quick experiments, sent my first patch on KVM (a documentation patch, not much)

Presentation for DevConf.cz

Only getting started, did not really have time to dig into the details.

Red Skin Cat

Daily rants and notes about my work on Spice at Red Hat

January 2019
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Dec  Feb
RSS

Links

This is the work blog of Christophe de Dinechin for Red Hat. Think of it as a public lab book.

This should not be particularly interesting except to myself. It's really more intended as a set of personal notes, so there is no formatting whatsoever. I type tings as I go along during the day. All you'll find here are things like stack traces, Linux commands I want to remember or bugzilla links I want to be able to return to.

If you want to read stuff about my work at Red Hat that I believe is more interesting to the general public, you will find it on A Spice Odyssey. If you want to read my rants about everything else, go to Grenouille Bouillie. This is about as much advertisement as you will find on this site.

2016-2019 - Christophe de Dinechin

All views expressed on this blog are strictly personal. This blog does not represent the views of my employer, nor mine for that matter. This blog is provided as-is, without warrrany of any kind, express or implied, in particular regarding accuracy or interest of the content. The contents of this blog is distributed under a Creative Commons BY-SA 4.0 license .