#meeting-1:fedoraproject.org log

<@jlebon:fedora.im>

16:30:59

!startmeeting fedora_coreos_meeting

<@meetbot:fedora.im>

16:31:01

Meeting started at 2024-07-03 16:30:59 UTC

<@meetbot:fedora.im>

16:31:01

The Meeting name is 'fedora_coreos_meeting'

<@jlebon:fedora.im>

16:31:08

!topic roll call

<@apiaseck:matrix.org>

16:31:17

!hi

<@zodbot:fedora.im>

16:31:19

Adam Piasecki (c4rt0) - he / him / his

<@hricky:fedora.im>

16:32:10

!hi

<@zodbot:fedora.im>

16:32:11

Hristo Marinov (hricky) - he / him / his

<@marmijo:fedora.im>

16:32:27

!hi

<@jmarrero:matrix.org>

16:32:27

!hi

<@zodbot:fedora.im>

16:32:28

Michael Armijo (marmijo)

<@zodbot:fedora.im>

16:32:30

Joseph Marrero (jmarrero)

<@jlebon:fedora.im>

16:34:01

small crowd today, but i think we can at least go through the f41 changes

<@jlebon:fedora.im>

16:34:01

let's wait a minute or two more

<@siosm:matrix.org>

16:34:56

!hi

<@zodbot:fedora.im>

16:34:58

Timothée Ravier (siosm) - he / him / his

<@jlebon:fedora.im>

16:36:29

ok, let's get started!

<@jlebon:fedora.im>

16:36:37

!topic Action items from last meeting

<@jlebon:fedora.im>

16:36:43

- jbtrystram to follow-up on `qed-firmware` removal

<@jlebon:fedora.im>

16:36:57

i think this is resolved. we've added qed-firmware back

<@ravanelli:matrix.org>

16:37:11

.hi ravanelli

<@ravanelli:matrix.org>

16:37:26

!hi ravanelli

<@zodbot:fedora.im>

16:37:27

Renata Ravanelli (ravanelli)

<@jlebon:fedora.im>

16:37:29

!topic tracker: Fedora 41 changes considerations

<@jlebon:fedora.im>

16:37:38

!link https://github.com/coreos/fedora-coreos-tracker/issues/1714

<@jlebon:fedora.im>

16:37:38

<@jlebon:fedora.im>

16:37:45

we have a few more changes to look at

<@marmijo:fedora.im>

16:38:01

I reran the fedora changes script yesterday and there were no new additions since last week.

<@jlebon:fedora.im>

16:38:20

nice, was checking just that :)

<@jlebon:fedora.im>

16:38:33

i'll just run through it real quick

<@jlebon:fedora.im>

16:38:52

- Golang 1.23

<@jlebon:fedora.im>

16:39:10

will affect some packages, but should be transparent otherwise

<@jlebon:fedora.im>

16:39:18

- Removing network-scripts package

<@jlebon:fedora.im>

16:40:00

we haven't shipped that package for a while (possibly ever? don't quite recall)

<@jlebon:fedora.im>

16:40:46

- DNF and bootc in Image Mode Fedora variants

<@jlebon:fedora.im>

16:41:02

we are involved in this and this is already tracked separately

<@jlebon:fedora.im>

16:41:11

- Make Tuned the Default Power Profile Management Daemon

<@jlebon:fedora.im>

16:42:26

we don't ship tuned

<@jlebon:fedora.im>

16:42:33

- LLVM 19

<@jlebon:fedora.im>

16:43:13

not sure if any CoreOS packages use LLVM currently, but should be transparent if so

<@jlebon:fedora.im>

16:43:20

- Replace Redis with Valkey

<@jlebon:fedora.im>

16:43:27

FCOS doesn't ship either

<@jlebon:fedora.im>

16:43:43

- IBus Chewing for Traditional Chinese (Taiwan) Desktop by Default

<@jlebon:fedora.im>

16:43:57

we don't ship ibus

<@jlebon:fedora.im>

16:44:09

and that's all!

<@marmijo:fedora.im>

16:44:27

I'll update the list with those notes. thanks Jonathan Lebon

<@jlebon:fedora.im>

16:44:35

marmijo: thanks!

<@siosm:matrix.org>

16:44:53

We have https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT coming "soon" and it's already tracked on our side

<@jlebon:fedora.im>

16:45:54

the only other topic now is firewalld, but now we have travier but not dustymabe who is also very interested in this

<@jlebon:fedora.im>

16:47:25

travier: should we discuss the composefs work since we don't have other large topics?

<@siosm:matrix.org>

16:47:42

works for me

<@jlebon:fedora.im>

16:47:47

!topic Complete composefs integration in Fedora CoreOS

<@jlebon:fedora.im>

16:47:54

!link https://github.com/coreos/fedora-coreos-tracker/issues/1718

<@siosm:matrix.org>

16:48:45

!link https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT

<@siosm:matrix.org>

16:49:12

We are looking at enabling composefs by default for Fedora 41.

<@jlebon:fedora.im>

16:49:26

so i think it's worth discussing how we'll roll this out exactly

<@siosm:matrix.org>

16:50:11

I was thinking enabling it in the Rawhide stream, then branched, beta, etc

<@siosm:matrix.org>

16:50:21

Do you expect any issues?

<@jlebon:fedora.im>

16:50:32

thinking more about once this gets to production

<@jlebon:fedora.im>

16:51:15

i think we should migrate existing nodes, but maybe we can do a phased rollout where at first we don't migrate and wait a few months

<@siosm:matrix.org>

16:51:21

Note that this initial support does not enable a full integrity chain in that it does not chain the integrity guarantee from a UKI/Secure Boot

<@siosm:matrix.org>

16:51:54

That's not possible with the way it's planned to be enabled

<@jlebon:fedora.im>

16:52:00

so e.g. it would hit stable together with f41 but for new installs only. and then in e.g. 3 months, we add a barrier to migrate them

<@siosm:matrix.org>

16:52:17

https://gitlab.com/fedora/bootc/base-images/-/blob/main/tier-0/ostree.yaml?ref_type=heads#L14

<@jlebon:fedora.im>

16:52:57

ahh right, forgot about that detail

<@siosm:matrix.org>

16:53:16

https://ostreedev.github.io/ostree/composefs/#composefs > we can use the repo option however if we want to do that

<@siosm:matrix.org>

16:53:43

but I vaguely remember Colin saying that we should not

<@jlebon:fedora.im>

16:54:02

yeah, not sure if those docs are fully up to date

<@jbtrystram:matrix.org>

16:54:06

1hui

<@jbtrystram:matrix.org>

16:54:08

!hi

<@zodbot:fedora.im>

16:54:09

Jean-Baptiste Trystram (jbtrystram) - he / him / his

<@jlebon:fedora.im>

16:55:07

hmm OK, i think that's fine but we'll want to message this as soon as it hits next. we know at least one case that will not work (toplevel mount points)

<@siosm:matrix.org>

16:55:46

I think we should redirect users of top level mount points to `rpm-ostree usroverlay` for now

<@siosm:matrix.org>

16:55:59

ah no, that's only for `/usr`

<@jlebon:fedora.im>

16:56:20

they could mount an overlay on / themselves i guess

<@siosm:matrix.org>

16:56:29

that's trickier

<@jlebon:fedora.im>

16:56:45

that'd be closer to the root overlay feature in ostree

<@jlebon:fedora.im>

16:57:05

https://github.com/ostreedev/ostree/pull/3114

<@jbtrystram:matrix.org>

16:57:16

right now there is still a kdump issue with composeFS enabled

<@jlebon:fedora.im>

16:57:39

but that's a *huge* delta of course

<@siosm:matrix.org>

16:58:59

yep, we'll have to investigate that one, but I don't think it's a fundamental incompatibility

<@jlebon:fedora.im>

16:59:14

i think i'd be more comfortable if it'd hit stable for new installs only and only later we migrate older hosts, but we have to evaluate how to do this without too much complexity

<@jlebon:fedora.im>

16:59:35

AFAIK, this will be the first time composefs hits a large install base (right?)

<@jbtrystram:matrix.org>

17:00:01

yeah probably

<@jbtrystram:matrix.org>

17:00:52

Because in fedora you hit the `ostree-grub2` issue

<@jlebon:fedora.im>

17:01:16

travier, jbtrystram: maybe let's bring this up in the next bootc community meeting and see what folks there think

<@jbtrystram:matrix.org>

17:01:21

the only people enabling this would have done it manually

<@siosm:matrix.org>

17:01:45

works for me

<@siosm:matrix.org>

17:02:11

I'm looking at enabling it only for the Atomic Desktops container images for F41, so Universal Blue users will get it

<@siosm:matrix.org>

17:02:21

but not the classic ostree ones

<@jbtrystram:matrix.org>

17:03:02

Jonathan Lebon: what do you mean by `huge delta` for the transient overlay on `/` ?

<@siosm:matrix.org>

17:04:07

the root.transient option in ostree has a lot of implications

<@jlebon:fedora.im>

17:04:12

jbtrystram: it makes everything writable, which is ironically in the opposite direction from where we are and where composefs takes us (locking things down even more)

<@jlebon:fedora.im>

17:05:04

it's useful when you need it, but it changes the semantics entirely

<@siosm:matrix.org>

17:05:12

I wonder how this option interacts with composefs

<@jlebon:fedora.im>

17:05:57

travier: it's basically a rw overlay on top of composefs

<@siosm:matrix.org>

17:06:12

OK, so full RW

<@jlebon:fedora.im>

17:06:27

yup

<@siosm:matrix.org>

17:06:33

yeah, that's a big change

<@jlebon:fedora.im>

17:07:20

for most toplevel mountpoints, the alternative is to create them in a container build. though some like podman may not be able to do that if they're dynamically named

<@siosm:matrix.org>

17:07:24

Podman machine will have to disable composefs however

<@siosm:matrix.org>

17:07:36

yep

<@jlebon:fedora.im>

17:08:16

longer-term we definitely need a solution there

<@jlebon:fedora.im>

17:08:31

ok cool, we can move on

<@siosm:matrix.org>

17:08:55

arbitrary top level mount points on RO / feels impossible

<@siosm:matrix.org>

17:09:44

outside of the turn off everything and make it fully RW option of transient

<@jlebon:fedora.im>

17:10:01

let's bring that up in the bootc community meeting.

<@jlebon:fedora.im>

17:10:01

i guess you could have the initrd do a rw overlay, create the mountpoints, then remount the overlay ro

<@siosm:matrix.org>

17:10:13

Maybe we can make something like sys-ext?

<@siosm:matrix.org>

17:10:48

but that's not good for runtime mount points

<@siosm:matrix.org>

17:11:02

(initrd option) but that's not good for runtime mount points

<@jlebon:fedora.im>

17:13:05

travier: doesn't podman know what mountpoints it needs at machine boot time?

<@siosm:matrix.org>

17:13:07

If we want to talk about that in the next bootc meeting then we should file an issue on the tracker

<@siosm:matrix.org>

17:13:18

no it does not AFAIK

<@siosm:matrix.org>

17:13:26

it's "user controlled"

<@siosm:matrix.org>

17:14:01

we would have to ask Brent

<@jbtrystram:matrix.org>

17:14:02

is there an issue with some more context on that ? I want to understand why people need to have dynamic mountpoints on /

<@jlebon:fedora.im>

17:14:17

gotcha. i guess it might work to remount rw in a private namespace to create it

<@jlebon:fedora.im>

17:14:56

jbtrystram: i'm not sure if there's a dedicated issue for this (yet)

<@siosm:matrix.org>

17:15:00

indeed, sneak a layer with the folder and switch_root

<@jbtrystram:matrix.org>

17:15:11

https://github.com/coreos/rpm-ostree/issues/337

<@jlebon:fedora.im>

17:15:52

that's the generic issue for toplevel mounts. we should probably have one for the podman case

<@jlebon:fedora.im>

17:16:01

ok, let's switch to open floor?

<@siosm:matrix.org>

17:16:55

👍️

<@jlebon:fedora.im>

17:16:58

!topic Open Floor

<@jlebon:fedora.im>

17:17:16

anything anyone wants to bring up?

<@jlebon:fedora.im>

17:20:30

will end meeting in 60s

<@siosm:matrix.org>

17:20:39

!link https://gitlab.com/fedora/bootc/tracker/-/issues/26

<@siosm:matrix.org>

17:20:42

I filed an issue

<@jbtrystram:matrix.org>

17:21:20

thanks for running Jonathan Lebon !

<@jlebon:fedora.im>

17:21:32

!endmeeting