#meeting-1:fedoraproject.org log

<@jlebon:fedora.im>

16:30:29

!startmeeting fedora_coreos_meeting

<@meetbot:fedora.im>

16:30:30

Meeting started at 2024-04-10 16:30:29 UTC

<@meetbot:fedora.im>

16:30:30

The Meeting name is 'fedora_coreos_meeting'

<@jlebon:fedora.im>

16:30:35

!topic roll call

<@cverna_:matrix.org>

16:30:56

<@dustymabe:matrix.org>

16:31:00

!hi

<@zodbot:fedora.im>

16:31:04

Dusty Mabe (dustymabe) - he / him / his

<@siosm:matrix.org>

16:31:15

!hi

<@zodbot:fedora.im>

16:31:18

Timothée Ravier (siosm) - he / him / his

<@cverna_:matrix.org>

16:31:27

trying to follow while I am washing the dishes :-P

<@jbrooks:matrix.org>

16:31:33

!hi jasonbrooks

<@zodbot:fedora.im>

16:31:35

Jason Brooks (jasonbrooks) - he / him / his

<@gurssing:matrix.org>

16:31:41

!hi gursewak

<@zodbot:fedora.im>

16:31:42

Gursewak Singh (gursewak)

<@marmijo:fedora.im>

16:32:22

!hi

<@zodbot:fedora.im>

16:32:24

Michael Armijo (marmijo)

<@jlebon:fedora.im>

16:32:51

Clément Verna: that's impressive :)

<@cverna_:matrix.org>

16:33:42

what me washing the dishes? I know :P

<@jlebon:fedora.im>

16:33:50

let's wait another minute

<@jlebon:fedora.im>

16:34:49

!topic Action items from last meeting

<@jlebon:fedora.im>

16:35:02

dustymabe jbtrystram to meet to discuss implementation of wifi firmwares warning/deprecation

<@aaradhak:matrix.org>

16:35:10

!hi aaradhak

<@zodbot:fedora.im>

16:35:11

Aashish Radhakrishnan (aaradhak)

<@dustymabe:matrix.org>

16:35:52

!info dustymabe jbtrystram did meet to discuss implementation of wifi firmwares warning/deprecation. Have not implemented it yet.

<@dustymabe:matrix.org>

16:36:06

jbtrystram: want to get together this week on that ^^ ?

<@jlebon:fedora.im>

16:36:17

nice 👍️

<@ydesouza:fedora.im>

16:36:29

!hi

<@zodbot:fedora.im>

16:36:30

Yasmin Valim de Souza (ydesouza)

<@jlebon:fedora.im>

16:37:05

not sure if he's around right now

<@jlebon:fedora.im>

16:37:24

ok cool, let's move on to meeting topics

<@jlebon:fedora.im>

16:37:28

!topic google-compute-engine-guest-configs-udev has been retired in Fedora

<@jlebon:fedora.im>

16:37:31

!link https://github.com/coreos/fedora-coreos-tracker/issues/1702

<@jlebon:fedora.im>

16:37:36

!link https://github.com/coreos/fedora-coreos-tracker/issues/1702

<@jlebon:fedora.im>

16:38:24

dustymabe: want to intro this one?

<@dustymabe:matrix.org>

16:38:48

yep. it will be short I think because I just got an update

<@dustymabe:matrix.org>

16:39:10

the `google-compute-engine-guest-configs` package got orphaned and then retired in Fedora

<@dustymabe:matrix.org>

16:39:48

but I just got notification that the cloud WG is picking up the pieces because they want to install the full agent from google in their GCP image and this would break if all of those packages didn't exist

<@ravanelli:matrix.org>

16:40:03

.hi

<@siosm:matrix.org>

16:40:04

https://pagure.io/releng/issue/12055

<@dustymabe:matrix.org>

16:40:06

we only use a few udev files in a subpackage (not the full agent)

<@dustymabe:matrix.org>

16:40:44

!info the cloud WG is picking up the retired google packages and we should be able to continue using the subpackage we were using in the past.

<@siosm:matrix.org>

16:40:49

I'll reach out to Neal to offer co-maintenance

<@jlebon:fedora.im>

16:40:50

nice, that's good

<@jlebon:fedora.im>

16:41:45

sounds like we can move on then

<@ravanelli:matrix.org>

16:42:18

+ I also got an update about the evaluation on maintaining google-compute-engine-guest-configs in RHEL

<@ravanelli:matrix.org>

16:42:36

it has been closed as won't do

<@ravanelli:matrix.org>

16:43:28

I our initial idea was to have everything add in RHEL so, we probably need to discuss the next steps for it too

<@siosm:matrix.org>

16:43:50

what?

<@siosm:matrix.org>

16:43:59

is it the auto close?

<@jlebon:fedora.im>

16:44:02

Renata Ravanelli: did that happen during the period of time the package was orphaned in Fedora? might be some automation stuff

<@siosm:matrix.org>

16:44:05

anyway it's not FCOS specific

<@jlebon:fedora.im>

16:45:05

yeah, let's maybe chat more about that outside this meeting

<@ravanelli:matrix.org>

16:45:11

Not an automation, it was manually closed as well, looking the last comment it has: "Since I dropped most of my Google-related packages in Fedora, I think this effort is likely going to be too much work for the team for now."

<@jbtrystram:matrix.org>

16:45:14

!hi

<@zodbot:fedora.im>

16:45:16

Jean-Baptiste Trystram (jbtrystram) - he / him / his

<@jlebon:fedora.im>

16:45:51

Renata Ravanelli: interesting. we'll need to follow up there. let's discuss it after

<@jlebon:fedora.im>

16:46:08

!topic Have the coreos-installer '--copy-network' option also copy generated udev ifname rules

<@jlebon:fedora.im>

16:46:15

!link https://github.com/coreos/fedora-coreos-tracker/issues/1684

<@jlebon:fedora.im>

16:46:43

oh wow, I forgot that I was the one who tagged this in

<@jlebon:fedora.im>

16:49:11

so this is a complex topic, but briefly the issue there is: - someone configures networking during the install boot using network kargs - they want to pass on the network into the installed system, so pass `--copy-network` - `--copy-network` doesn't actually copy everything network-related via kargs, in this case `ifname=` - user is confused

<@dustymabe:matrix.org>

16:50:02

so we do have karg forwarding for network kargs don't we? maybe we don't do that if `--copy-network` is passed?

<@jlebon:fedora.im>

16:50:04

the thing is that the NM configs that get forwarded mention interface names, but those interface names are not going to be set unless ifname= or its udev rule is also forwarded

<@jlebon:fedora.im>

16:50:17

the question then is whether `--copy-network` should do that too

<@jlebon:fedora.im>

16:51:01

dustymabe: it's not clear if they're using the service with the magic forwarding bits. it seemed like not, but i might be misremembering

<@mnguyen:fedora.im>

16:51:50

!hi

<@zodbot:fedora.im>

16:51:51

Michael Nguyen (mnguyen)

<@jlebon:fedora.im>

16:52:29

unfortunately, our network configuration story is quite complex

<@dustymabe:matrix.org>

16:52:43

TBH I think maybe we keep it simple here and don't try to make copy-network smarter

<@dustymabe:matrix.org>

16:53:07

they can do `--karg ifname=foo:bar` too

<@jlebon:fedora.im>

16:53:34

there's definitely multiple ways to work around it. it's more just trying to match user expectations

<@mnguyen:fedora.im>

16:54:23

is this just something we need to document?

<@dustymabe:matrix.org>

16:54:42

not really IMO

<@jlebon:fedora.im>

16:54:51

but yeah, not against keeping the status quo. right now, `--copy-network` just copies NM keyfiles, which is nice and easy to explain

<@dustymabe:matrix.org>

16:55:07

if you are using coreos-installer ISO today and the service runs it copies forward the networking kargs

<@dustymabe:matrix.org>

16:55:34

if you run coreos-installer directly you have the opportunity right there to set kargs for the system

<@dustymabe:matrix.org>

16:56:14

i guess we could add a `--copy-network-kargs` ?

<@dustymabe:matrix.org>

16:56:35

the service that does the karg forwarding was born before coreos-installer was really more featureful

<@jlebon:fedora.im>

16:56:39

right, but just to clarify, the point is that users expect `--copy-network` to include interface naming configuration

<@jlebon:fedora.im>

16:56:58

you could not be using kargs at all and setting the names manually using nmtui

<@jlebon:fedora.im>

16:57:17

(which i think lets you do that)

<@dustymabe:matrix.org>

16:57:27

hmm. don't think so

<@dustymabe:matrix.org>

16:57:42

anything that you can put in a NM config will get copied forward

<@dustymabe:matrix.org>

16:57:50

with `--copy-network`

<@jlebon:fedora.im>

16:58:16

"don't think so" --> on the nmtui part?

<@dustymabe:matrix.org>

16:58:35

correct

<@jlebon:fedora.im>

16:58:56

gotcha

<@jlebon:fedora.im>

16:59:32

maybe `--copy-network-kargs` could make sense. i do think it's odd that we have special logic in the service that's unaccessible outside of it, so that would help.

<@jlebon:fedora.im>

17:00:27

at the same time, i'm not sure we should try to make this change just yet. maybe let's wait some more to see if there's more people hitting this to raise motivation

<@dustymabe:matrix.org>

17:00:57

all that would do underneath the covers is just add them to to the array of `--firstboot-args`, which is all the service is doing

<@jlebon:fedora.im>

17:01:19

maybe `--copy-network` should've been called `--copy-nm-keyfiles`

<@jlebon:fedora.im>

17:01:46

but i guess users might still not know that interface names are not defined there

<@dustymabe:matrix.org>

17:02:15

yeah maybe. we wanted to make it obvious to the user what it was for

<@dustymabe:matrix.org>

17:02:44

but really.. you only need `--copy-network` if you have made some changes to the network after boot OR you are bringing your own config

<@dustymabe:matrix.org>

17:02:48

otherwise you don't need it at all

<@dustymabe:matrix.org>

17:03:12

if they could capture their entire config in kargs and they were using the service everything would just work

<@jlebon:fedora.im>

17:04:16

proposed: we recognize a minor UX gap but currently don't feel like it's enough to warrant changing anything given that our networking story is quite complex already. we will keep an eye on this and reconsider if more information comes to light.

<@dustymabe:matrix.org>

17:06:10

Jonathan Lebon: i think it would be worth in the ticket illustrated our proposed solution if we DO decide to implement something to close this feature.. just so we don't lose that effort

<@dustymabe:matrix.org>

17:06:28

I'm +1 to the proposed, but would like the extra context added in the ticket comment

<@jlebon:fedora.im>

17:06:35

dustymabe: sure

<@dustymabe:matrix.org>

17:06:50

jbtrystram: Clément Verna vote in individual messages so the meeting logs will show it

<@cverna_:matrix.org>

17:07:07

<@siosm:matrix.org>

17:07:17

+1 to proposed

<@jbtrystram:matrix.org>

17:07:41

<@jlebon:fedora.im>

17:07:47

!agreed we recognize a minor UX gap but currently don't feel like it's enough to warrant changing anything given that our networking story is quite complex already. we will keep an eye on this and reconsider if more information comes to light.

<@jlebon:fedora.im>

17:07:55

ok, let's move on

<@jlebon:fedora.im>

17:08:27

dustymabe: did you still want to talk about https://github.com/coreos/fedora-coreos-tracker/issues/99, and is it enough time left?

<@dustymabe:matrix.org>

17:09:32

I think so.

<@jlebon:fedora.im>

17:09:42

!topic Garbage collection policy for OS releases

<@jlebon:fedora.im>

17:09:48

!link https://github.com/coreos/fedora-coreos-tracker/issues/99

<@dustymabe:matrix.org>

17:10:17

The goal with tagging here is to try to raise priority and facilitate discussion.

<@dustymabe:matrix.org>

17:10:36

while we do like keeping around things for historical/forensic purposes, we need to start cleaning things up

<@dustymabe:matrix.org>

17:10:47

the footprint is getting larger

<@dustymabe:matrix.org>

17:11:51

I think gursewak was working on this in the past. If there were any blockers that you hit when investigating please add them to the ticket

<@jlebon:fedora.im>

17:12:35

yeah, this is becoming more and more pressing

<@siosm:matrix.org>

17:12:58

we should probably clean all artifacts that are more than 2 years old

<@cverna_:matrix.org>

17:13:21

Are there per platform APIs that we could be using? for example when we upload say have a policy to delete the image after 2 years or something like that?

<@cverna_:matrix.org>

17:13:34

I am not super familiar with what is possible here

<@siosm:matrix.org>

17:13:43

https://github.com/coreos/coreos-assembler/issues/889

<@gurssing:matrix.org>

17:13:46

I think we wanted to discuss more on if and how we can divide this into sub tasks and which exact sub task to start/prioritize on.

<@dustymabe:matrix.org>

17:14:01

Clément Verna: maybe, but TBH I wouldn't want to rely on that because we'd have to configure everything per platform, which is more maintenance IMO than managing a unified process

<@jlebon:fedora.im>

17:14:30

travier: i think we already have a rough idea of the policy we want. the gap is the actual code to do it :)

<@siosm:matrix.org>

17:14:33

I think we should write script and run it once a year

<@siosm:matrix.org>

17:14:41

yep

<@siosm:matrix.org>

17:15:00

so we need someone to own it

<@dustymabe:matrix.org>

17:15:03

i think it should run at least once a week. so we know when it breaks

<@dustymabe:matrix.org>

17:15:14

otherwise it's just something we'll forget about

<@cverna_:matrix.org>

17:15:23

What the rest of Fedora does?

<@siosm:matrix.org>

17:15:29

once a week is another thing to look at

<@siosm:matrix.org>

17:15:34

I don't think it's worth it

<@cverna_:matrix.org>

17:15:49

Can we align with the other editions?

<@dustymabe:matrix.org>

17:16:00

travier: yeah. a compromise could be a manual process that someone runs as part of the "major version rebase" steps

<@siosm:matrix.org>

17:16:12

so every 6 months

<@dustymabe:matrix.org>

17:16:20

travier: correct

<@siosm:matrix.org>

17:16:25

I don't know about cloud

<@jlebon:fedora.im>

17:16:32

seems fine to me

<@siosm:matrix.org>

17:16:35

I don't know any other edition uploading cloud images AFAIK

<@dustymabe:matrix.org>

17:16:44

cloud doesn't have any policy AFAIK

<@dustymabe:matrix.org>

17:17:02

but there is a infra/releng guy going through and deleting things now, which caused me to start looking at things more

<@siosm:matrix.org>

17:17:28

https://fedoraproject.org/cloud/download > Does not look like they upload images

<@dustymabe:matrix.org>

17:18:09

cloud WG uploads to AWS automatically every night on every compose - the azure and GCP ones are more manual right now, but they are working on it

<@siosm:matrix.org>

17:18:17

AWS ones where managed by David Duncan AFAIR

<@siosm:matrix.org>

17:18:51

anyway, we have more stuff than cloud images so we need a specific process

<@siosm:matrix.org>

17:19:57

Maybe marmijo gursewak jbtrystram can team up to look at this and split the work for each cloud?

<@jbtrystram:matrix.org>

17:20:30

could we have the same approach that people usually do when having cloud backups ? i.e. "keep N versions" or "keep for N months" and on each upload, look for old images that no longer conforms with that and delete accordingly ?

<@jlebon:fedora.im>

17:21:32

that was what i thought we were going for. e.g. have the release job run the gc job

<@dustymabe:matrix.org>

17:21:34

there's really only a few types of resources: 1. aws ami 2. gcp images 3. s3 bucket (builds directories) 4. quay container uploads

<@dustymabe:matrix.org>

17:22:07

5. ostree repo in fedora (but we already have the fedora ostree pruner for that)

<@siosm:matrix.org>

17:22:07

That works as well indeed. Ideally this runs after the releases to not block them if it fails

<@jlebon:fedora.im>

17:22:23

right yeah, it'd be a follow up job

<@dustymabe:matrix.org>

17:23:26

anyway. I think we won't really make much more progress here. the real blocker is just prioritizing this over other thigns

<@dustymabe:matrix.org>

17:23:29

anyway. I think we won't really make much more progress here. the real blocker is just prioritizing this over other things

<@jbtrystram:matrix.org>

17:23:33

https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/release.Jenkinsfile so this one ?

<@jbtrystram:matrix.org>

17:24:16

I can look at the quay containers as I was looking at that recently

<@siosm:matrix.org>

17:24:19

I'd say the integration to the pipeline should come last

<@jlebon:fedora.im>

17:24:37

yeah, first step is enhancing the pruning code in cosa

<@dustymabe:matrix.org>

17:25:09

jbtrystram: :)

<@dustymabe:matrix.org>

17:26:19

we don't actually have a problem with the quay containers yet.. but we will once https://github.com/coreos/fedora-coreos-tracker/issues/1367 is done

<@dustymabe:matrix.org>

17:27:01

that's all I had on the topic

<@jlebon:fedora.im>

17:27:43

maybe it'd help if we sketch out a little more what logic we need so it's easier to get it implemented

<@jlebon:fedora.im>

17:27:51

(not in this meeting to be clear)

<@jlebon:fedora.im>

17:28:11

ok, not much time left. let's move to open floor

<@jlebon:fedora.im>

17:28:19

!topic Open Floor

<@jlebon:fedora.im>

17:28:47

anyone has anything they want to bring up?

<@dustymabe:matrix.org>

17:29:18

test day went well I think

<@dustymabe:matrix.org>

17:29:32

https://testdays.fedoraproject.org/events/179

<@jlebon:fedora.im>

17:30:28

if you haven't seen it already, note that an update went out this week for a CVE fix in Fedora CoreOS (and other Fedora OSTree variants): https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/6HU2MU42QLEHQ5CMRXAKVX52OOTGGIH4/

<@dustymabe:matrix.org>

17:30:32

thanks for running the meeting Jonathan Lebon

<@cverna_:matrix.org>

17:31:07

Jonathan Lebon++

<@zodbot:fedora.im>

17:31:15

No Fedora Accounts users have the @cverna_:matrix.org Matrix Account defined

<@jlebon:fedora.im>

17:31:36

!endmeeting