#fedora-meeting-1 log

16:31:11 <dustymabe> #startmeeting fedora_coreos_meeting
16:31:12 <zodbot> Meeting started Wed Sep 30 16:31:11 2020 UTC.
16:31:12 <zodbot> This meeting is logged and archived in a public location.
16:31:12 <zodbot> The chair is dustymabe. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:31:12 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:31:12 <zodbot> The meeting name has been set to 'fedora_coreos_meeting'
16:31:15 <cyberpear> .hello2
16:31:18 <dustymabe> #topic roll call
16:31:18 <zodbot> cyberpear: cyberpear 'James Cassell' <fedoraproject@cyberpear.com>
16:32:06 <bgilbert> .hello2
16:32:06 <zodbot> bgilbert: bgilbert 'Benjamin Gilbert' <bgilbert@backtick.net>
16:32:16 <lucab> .hello2
16:32:18 <zodbot> lucab: lucab 'Luca Bruno' <lucab@redhat.com>
16:33:30 <rtsisyk> hi
16:33:30 <nasirhm1> .hello2
16:33:31 <zodbot> nasirhm1: Sorry, but you don't exist
16:33:44 <nasirhm1> .hello nasirhm
16:33:45 <jlebon> .hello2
16:33:45 <zodbot> nasirhm1: nasirhm 'Nasir Hussain' <nasirhussainm14@gmail.com>
16:33:48 <zodbot> jlebon: jlebon 'None' <jonathan@jlebon.com>
16:34:14 <dustymabe> #chair cyberpear bgilbert lucab rtsisyk nasirhm1 jlebon
16:34:14 <zodbot> Current chairs: bgilbert cyberpear dustymabe jlebon lucab nasirhm1 rtsisyk
16:34:17 <dustymabe> welcome rtsisyk
16:34:41 <nasirhm1> Welcome rtsisyk
16:34:41 <lorbus> .hello2
16:34:42 <zodbot> lorbus: lorbus 'Christian Glombek' <cglombek@redhat.com>
16:34:52 <dustymabe> #chair lorbus
16:34:52 <zodbot> Current chairs: bgilbert cyberpear dustymabe jlebon lorbus lucab nasirhm1 rtsisyk
16:35:01 <dustymabe> also
16:35:03 <skunkerk> .hello sohank2602
16:35:03 <zodbot> skunkerk: sohank2602 'Sohan Kunkerkar' <skunkerk@redhat.com>
16:35:04 <dustymabe> .chair lorbus
16:35:06 <zodbot> lorbus is seated in a chair with a nice view of a placid lake, unsuspecting that another chair is about to be slammed into them.
16:35:23 <dustymabe> 🤣
16:35:28 <lorbus> :D
16:35:30 <nasirhm1> dustymabe: Nice one :P
16:35:52 <cverna> hello o/
16:35:55 <dustymabe> #topic Action items from last meeting
16:35:59 <dustymabe> #chair cverna
16:35:59 <zodbot> Current chairs: bgilbert cverna cyberpear dustymabe jlebon lorbus lucab nasirhm1 rtsisyk
16:36:15 <dustymabe> There were no action items from last meeting so we're good there
16:36:30 <dustymabe> moving on
16:36:37 <cverna> \o/
16:36:37 <dustymabe> #topic Move rpmdb path from /usr/share/rpm to /usr/lib/sysimage/rpm
16:37:08 <dustymabe> This was a follow on from a bug discussion some time ago.
16:37:21 <dustymabe> we recently had the database change in rpm from bdb to sqlite
16:37:40 <dustymabe> and at the same time we also proposed to move the database location, but the rpm maintainer didn't want to mix too many changes at once
16:37:46 <dustymabe> IIRC
16:38:03 <dustymabe> so should we file a change request for Fedora 34 to make that happen in F34 time frame?
16:38:15 <cyberpear> maybe smoothest path is to have rpm-ostree do a fallback to /usr/share/rpm if /usr/lib/sysimage/rpm doesn't exist?
16:38:27 <cyberpear> are we trying to do this at the RPM level?
16:38:40 <nasirhm1> cyberpear: Sounds like a nice idea.
16:38:57 <lucab> #link https://github.com/coreos/fedora-coreos-tracker/issues/639
16:39:34 <dustymabe> lucab: thanks for that. sorry I failed to paste the link
16:39:52 <dustymabe> I think walters was part of the original discussion
16:40:21 <dustymabe> now I'm also trying to find a link to the bug where we were discussing this with the rpm maintainer
16:40:27 <aoei> .hello2
16:40:27 <zodbot> aoei: aoei 'Joanna Doyle' <jjadoyle@gmail.com>
16:40:29 <aoei> sory late
16:40:33 <jlebon> original thread is http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html
16:40:41 * dustymabe waves at aoei
16:40:46 <dustymabe> #chair aoei
16:40:47 <zodbot> Current chairs: aoei bgilbert cverna cyberpear dustymabe jlebon lorbus lucab nasirhm1 rtsisyk
16:40:47 <aoei> hey dusty
16:40:55 <dustymabe> #link http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html
16:41:06 <lorbus> hey aoei!
16:41:49 <jlebon> dustymabe: https://bugzilla.redhat.com/show_bug.cgi?id=1838691#c24
16:41:56 <jlebon> that one?
16:42:01 <dustymabe> that's it
16:42:50 <aoei> would SUSE be annoyed at me if I told them to use ZFS instead
16:42:55 <aoei> c:
16:43:06 <dustymabe> so.. if we want this to happen we should take some steps to get there I believe. Is it something we want to happen? Should we file a change request for f34?
16:43:51 * dustymabe leans on jlebon and walters for expertise here since they have the most experience
16:44:27 <jlebon> it'd be a nice change, though would be good to have someone from rpm to lead it
16:44:55 <jlebon> as far as rpm-ostree goes, it wouldn't be very hard to adapt. but changing all of fedora clearly will need a lot of thought and discussions
16:45:37 <dustymabe> jlebon: would you be willing to reach out to the rpm maintainers to see if that's something they'd take up. or maybe offer to co-lead if they seem hesitant?
16:46:01 <jlebon> dustymabe: i can do that, sure
16:46:04 <cyberpear> if it goes thru, I'd expect a similar change for /var/lib/dnf
16:46:09 <aoei> ok having read on a bit more maybe the /usr/lib/rpmdb move is slightly more realistic
16:46:13 <jlebon> we can own the "rpm-ostree-based variants" part of the equation
16:46:35 <dustymabe> yeah, that would at least take that off the rpm maintainers "worry-sphere"
16:47:11 <dustymabe> #action jlebon to reach out to the rpm maintainers to see if the relocation of the rpmdb path is something their willing to own for F34
16:47:59 <dustymabe> #topic Add FCOS to AWS Marketplace
16:48:10 <dustymabe> #link https://github.com/coreos/fedora-coreos-tracker/issues/635
16:48:19 <dustymabe> bgilbert: do you want to intro this one?
16:48:25 <bgilbert> sure
16:48:51 <bgilbert> up to this point, we've considered AWS GovCloud and AWS Marketplace out of scope for Fedora CoreOS
16:49:01 <bgilbert> the main reason is paperwork
16:49:32 <bgilbert> "Fedora" would need to sign agreements etc., "Fedora" isn't an entity that can sign agreements, and then things get messy
16:50:09 <bgilbert> but davdunc from AWS has posted a proposal at the Fedora level which could work around that problem
16:50:19 <bgilbert> #link https://pagure.io/Fedora-Council/tickets/issue/332
16:50:46 <bgilbert> basically, AWS would host Marketplace entries in an account it controls, on behalf of Fedora.
16:51:07 <bgilbert> AWS CI would listen on fedmsg, pick up new AMI builds, copy the AMIs and send them through its publication pipeline.
16:51:29 <bgilbert> once the Marketplace AMIs are updated (which can take a few hours) they'd send back another fedmsg reporting the AMI IDs.
16:52:07 <bgilbert> to connect with this system, we'd need to emit fedmsgs when AMIs are ready, which is
16:52:09 <bgilbert> #link https://github.com/coreos/fedora-coreos-tracker/issues/225
16:52:39 <bgilbert> and we'd presumably want to add the Marketplace AMIs to stream metadata, so we'd want a job that listens for the reply fedmsg and PRs stream metadata.
16:52:48 <bgilbert> there's some additional stuff around rollbacks, but that's the bulk of it.
16:52:51 <bgilbert> what this gains us:
16:53:10 <bgilbert> 1) GovCloud and any other restricted AWS regions
16:53:23 <bgilbert> 2) a nice Marketplace landing page for FCOS
16:53:30 <bgilbert> 3) possibly some additional statistics
16:53:49 <aoei> sounds pretty promising
16:53:50 <bgilbert> 4) easier FCOS access for AWS customers who have compliance requirements satisfied by Marketplace (e.g. its automatic security scans)
16:54:01 <bgilbert> 5) easier for other Marketplace providers to ship their own software on top of FCOS
16:54:46 <bgilbert> I should note that this is still in the proposal phase, but I'm not aware of any opposition at the Fedora level
16:54:48 <dustymabe> sounds great to me. it would be nice if we could retroactively update our metadata to include the marketplace AMIs just for tracking if a user comes to us with an AMI we can't figure out where it came from
16:54:53 <jlebon> huh didn't realize that marketplace AMIs were separate from the AMIs we already upload
16:55:01 <aoei> bgilbert: are there any drawbacks or catches you're aware of ?
16:55:14 <bgilbert> dustymabe: you mean the release metadata?
16:55:24 <bgilbert> presumably we could do that too
16:55:33 <bgilbert> jlebon: yup, Marketplace has always worked that way
16:55:43 <dustymabe> ehh. not even necessarily that.. even if it was just the meta.json
16:55:55 <dustymabe> somewhere where we could look at have that info correlated
16:56:03 <dustymabe> but that's a stretch goal
16:56:09 <jlebon> i guess that means they'll also take care of GC?
16:56:12 <bgilbert> meta.json is an implementation detail IMO, but sure
16:56:23 <dustymabe> so biggest blocker from our end is https://github.com/coreos/fedora-coreos-tracker/issues/225
16:56:27 <dustymabe> ?
16:56:27 <bgilbert> jlebon: hmm, I hadn't thought about GC
16:56:52 <jlebon> it's kinda awkward to have a reference to something in our metadata that we don't actually own
16:56:53 <bgilbert> jlebon: we're not paying for storage, so the only concern there is if we want to actively withdraw old images.  do we?
16:56:54 <lucab> bgilbert: so the stream metadata will contains two sets of AMI, the "normal" one and the marketplace one?
16:57:09 <bgilbert> I think part of the point of Marketplace is that users retain access to old versions; not sure though
16:57:14 <bgilbert> lucab: right
16:57:26 <lucab> (multiplied per each region)
16:57:34 <bgilbert> jlebon: we already have provisions to do that, e.g. for Packet and DO
16:57:43 <bgilbert> jlebon: it's just that those identifiers will be static, not varying per release
16:57:48 <bgilbert> lucab: right
16:57:50 * dustymabe really likes that google just has one image for $global
16:58:03 <bgilbert> aoei: a couple drawbacks
16:58:30 <bgilbert> aoei: we'd be shipping two sets of images per release, which could be confusing
16:59:09 <bgilbert> we wouldn't directly control the Marketplace AMIs (in terms of API access to manipulate them) and there's publishing latency
16:59:18 <aoei> right
16:59:23 <aoei> those don't sound too bad imo
16:59:24 <bgilbert> davdunc expects the latency to be on the order of a couple hours
16:59:26 <lucab> silly question: the marketplace set sounds like a superset of our normal set, won't it obsolete the latter?
16:59:35 <bgilbert> I can tell you that with Container Linux the latency sometimes ran to two weeks
16:59:49 <aoei> bgilbert: i was about to say I don't trust the two hours thing :P
16:59:53 <bgilbert> but this would be much more automated than the pipeline CL was using
17:00:01 <aoei> ah okay
17:00:22 <bgilbert> I think we'd still preferentially recommend the community AMIs for users who can use them
17:00:30 <dustymabe> +1
17:00:32 <bgilbert> but we'd need to be careful to explain the tradeoffs
17:00:41 <aoei> right
17:00:43 <aoei> makes sense
17:00:51 <jlebon> is it one landing page for FCOS in the marketplace or one per marketplace AMI?
17:01:09 <bgilbert> one per 'product', i.e. release stream
17:01:12 <cyberpear> it's a huge win that GovCloud users would be able to use it, though
17:01:19 <jlebon> we could probably just keep publishing the community ones on getfedora.org/coreos, but also link to the marketplace landing page
17:01:25 <bgilbert> here's the old CL landing page: https://aws.amazon.com/marketplace/pp/B01H62FDJM
17:01:38 <bgilbert> jlebon: that's not a bad idea
17:01:49 <bgilbert> jlebon: maybe still list the AMIs in stream metadata though?
17:01:51 <bgilbert> just not on the website
17:01:56 <dustymabe> SGTM
17:02:22 <dustymabe> so we should try to prioritize https://github.com/coreos/fedora-coreos-tracker/issues/225 ? and then they'll do most of the rest of the work?
17:02:34 <jlebon> bgilbert: i think so yeah.  still need to think that part through
17:02:39 <bgilbert> jlebon: +1
17:02:52 <bgilbert> dustymabe: I think that's basically the situation.  with the caveat that I don't know timelines.
17:03:05 <bgilbert> I know davdunc has been working on this for a while already, so it may not move super-fast
17:03:10 <lucab> looping back from fedmsg to github doesn't seem great, maybe we can skip that if there is no actual use of that information?
17:03:26 <jlebon> we definitely want 225 anyway for other purposes
17:03:33 <lucab> sorry, I worded it badly
17:03:39 <bgilbert> lucab: right, IMO we should do that loop only if needed
17:03:55 <dustymabe> where does github come in?
17:04:00 <bgilbert> stream metadata update
17:04:09 <lucab> it is possibly great but with non-negligible additional infra and human involvement
17:04:27 <dustymabe> got ya
17:04:31 <bgilbert> strictly speaking we can always add that part later
17:04:36 * cverna can probably help with infra work
17:05:14 <dustymabe> bgilbert: any particular outcomes we need to end up with from today's discussion?
17:05:42 <bgilbert> dustymabe: I don't think so.  mostly raising awareness.  225 was already something we wanted to do.
17:05:51 <bgilbert> any questions I missed from the scrollback?
17:06:10 <aoei> you answered mine
17:06:11 <lucab> bgilbert: if we plan to being with "linking to marketplace landing page" then yes it seems reasonable to do the "fedmsg-to-PR" part only later and if needed
17:06:18 <lucab> *begin with
17:06:19 <dustymabe> i think everyone is in agreement
17:06:31 <dustymabe> thanks for bringing this up bgilbert!
17:06:43 <aoei> indeed, thanks bgilbert!
17:06:47 <dustymabe> shall we move to the next topic ?
17:06:49 <jlebon> +1 this sounds really nice
17:06:50 <bgilbert> lucab: I think the fedmsg-to-PR part would be a good thing to do, but yeah, we can figure that out
17:06:54 <bgilbert> dustymabe: +1
17:07:04 <dustymabe> #topic Add basic monitoring tools to the base image
17:07:10 <dustymabe> #link https://github.com/coreos/fedora-coreos-tracker/issues/628
17:07:30 <lucab> bgilbert: I had "why not deprecating the community set" but I think you answered already with "latency could be very high and with variance"
17:07:40 <bgilbert> lucab: +1
17:07:53 <dustymabe> so this topic is a bit open ended
17:08:05 <dustymabe> but it has a general theme
17:08:19 <dustymabe> of generically useful tools that we might want to add to the base image
17:08:28 <dustymabe> i think each one of them would need to be considered individually
17:08:32 <rtsisyk> Re #628. My proposal is to add some essential troubleshoting tools such as `strace`, `tcpdump`, `iotop`, `ioping` and others to the base image.
17:08:44 <rtsisyk> yes, let's discuss this list one by one.
17:09:09 <dustymabe> rtsisyk: we might now have enough time for all of them today. if we don't we can carry the discussion in the ticket
17:09:12 <rtsisyk> - `strace` - starce can be used to troubleshoot the container runtime itself. strace is just 1.5MB, wht don't add it?
17:09:29 <rtsisyk> ok
17:09:40 <rtsisyk> what do you suggest?
17:09:57 <dustymabe> bgilbert: lucab: jlebon: do you have any preference on how we carry forward this discussion?
17:10:08 <bgilbert> in-ticket would be better IMO
17:10:09 <dustymabe> is going through each one ideal, or do you think there would be a better way?
17:10:14 <jlebon> i think one useful criterion is whether the tool can be helpful in debugging container runtime issues
17:10:32 <bgilbert> right, basically if you can get network and run a container without the tool, you should probably run the tool in a container
17:10:35 <jlebon> (mentioned this in https://github.com/coreos/fedora-coreos-tracker/issues/628#issuecomment-697765701)
17:10:56 <dustymabe> bgilbert: yep.
17:11:18 <dustymabe> one example that I use is `dig`.. for example if you can't debug dns you might not be able to download a container in order to debug dns :)
17:11:24 <dustymabe> that's why `dig` is in FCOS
17:11:49 <jlebon> just going to try to advocate for at least one of those right now: strace.  i think we should include it
17:11:55 <rtsisyk> I agree that almost everything can be run via container. But anyway. The primary purpose of a host operating symstem (such as CoreOS) is a work with the underlying hradrware. Tools like `dmidecode`, `smartmontools`, `pciutils`, `usbutils` are needed to troubleshoot the bare metal.
17:12:00 <rtsisyk> tcpdump is needed to debug the network
17:12:05 <lucab> just to set the background, "it's just 1KiB" isn't a focal point. "how can this be abused as a turing complete interpreter" and "did you try running in podman" and "in which case this is needed and can't be layered for debugging" are more interesting IMHO
17:12:19 <rtsisyk> I can't download container without working network, but I have IPMI/BMC and tcpdump to fix the network.
17:12:51 <rtsisyk> dig is extremely useful
17:12:56 <dustymabe> so should we lay out some criterion like jlebon stated in the ticket and then evaluate each one (probably in the time between now and next meeting)?
17:13:16 <aoei> yeah, make clear criteria for the ticket
17:13:20 <aoei> then analyse each case with those
17:13:24 <aoei> dustymade +1
17:13:26 <dustymabe> there are some things that might not meet the criteria, but we still want to include
17:13:27 <bgilbert> we're going to keep having questions about this, so yeah, we probably need formal criteria at this point
17:13:29 <aoei> dustymabe sorry
17:13:47 <jlebon> SGTM
17:13:48 <dustymabe> should we try to work out that criteria now?
17:14:09 <aoei> yup, key one being as you mentioned, is it needed to fix something that might stop you downloading the image
17:14:19 <aoei> like, that's a pretty high priority consideration right
17:14:45 <bgilbert> there are a lot of tools that could conceivably be used to troubleshoot things
17:14:48 <aoei> another would be is it impossible to run in a container?
17:14:57 <bgilbert> gdb would be useful for debugging podman but we shouldn't ship it
17:14:59 <aoei> bgilbert: true, but mayb ewe can limit that
17:15:06 <dustymabe> collaborate hacking doc: https://hackmd.io/3LlGUzYjT-C3sbkIDBquKQ
17:15:10 <rtsisyk> I vote +1 for GDB :)
17:15:10 <aoei> gdb is less likely to fix a networking issue stopping you from getting a container image
17:15:39 <rtsisyk> the only reason I excluded GDB is because it depends on Python
17:16:17 <aoei> dustymabe: should some negative criteria be included too? (like, depends on python)
17:16:20 <misc> I am not sure gdb is useful for golang, and it can be debugged remotely using a static stub
17:16:54 <rtsisyk> gdb can be used for getting the stack traces
17:17:07 <rtsisyk> but anyway, I don't insist
17:17:12 <rtsisyk> tcpdump is really needed
17:17:15 <bgilbert> rtsisyk: a minimal OS is never going to feel as comfortable at a command prompt as a full server OS.  we can't ship everyone's preferred tools (or even anyone's preferred tools) and still be minimal.
17:17:48 <rtsisyk> ok. What do you suggest to do without `lspci`, for example?
17:18:07 <rtsisyk> how to understand that this server has NVIDIA GPU, for example?
17:18:18 <jlebon> shouldn't that work fine in a privileged container?
17:18:28 <dustymabe> yeah I think things like dmidecode and lspci have merit
17:18:30 <rtsisyk> everything can be done in a privilefed container
17:18:33 <jlebon> (just tried it here in my pet container and it's not lying :) )
17:18:44 <rtsisyk> the goal is to make life easier for the ops team
17:18:48 <dustymabe> jlebon: think about the live installer environment if someone is doing hardware discovery
17:18:51 <bgilbert> rtsisyk: that's what toolbox is for
17:19:14 <rtsisyk> do you meen an image which used by OpenShift Console when I press "Console" button?
17:19:56 <aoei> oh lol depends on python is already in there
17:20:01 <rtsisyk> OpenShift has some image used to enter into TTY via web
17:20:11 <rtsisyk> but this image also don't have tools... :)
17:20:23 <bgilbert> rtsisyk: I mean /usr/bin/toolbox
17:20:34 <rtsisyk> let me check
17:20:38 <dustymabe> ahh.. bgilbert yeah we should probably mention toolbox in this list of questions
17:20:52 <dustymabe> do we have a "debugging" container that already exists
17:20:59 * dustymabe vaguely remembers one called 'tools'
17:21:09 <lucab> more generalized: any container image that contains your preferred toolset and can be run by podman in privileged mode
17:21:19 <rtsisyk> /usr/bin/toolbox
17:21:20 <rtsisyk> toolbox: missing command
17:21:20 <rtsisyk> These are some common commands:
17:21:20 <rtsisyk> create    Create a new toolbox container
17:21:20 <rtsisyk> enter     Enter an existing toolbox container
17:21:22 <rtsisyk> list      List all existing toolbox containers and image
17:21:28 <rtsisyk> Download registry.fedoraproject.org/f32/fedora-toolbox:32 (500MB)? [y/N]:
17:21:31 <rtsisyk> hmm
17:21:35 <rtsisyk> I have never seen this feature
17:21:41 <cverna> yeah there is tools container in fedora but it is not really maintain afaik
17:21:56 <cverna> https://src.fedoraproject.org/container/tools
17:22:04 <lucab> rtsisyk: see https://cloud.google.com/container-optimized-os/docs/how-to/toolbox to get an idea of how that flow works
17:22:06 <bgilbert> 'git grep toolbox' in fedora-coreos-docs returns no hits :-(
17:22:24 <rtsisyk> https://src.fedoraproject.org/container/tools/blob/master/f/Dockerfile
17:22:26 <dustymabe> we should maybe flesh that out.. anything that can reasonably be done in there we should maybe point users to and add documentation for
17:22:40 <rtsisyk> this list looks like mine
17:22:49 <rtsisyk> everyone needs the same tools... :-)
17:23:16 <dustymabe> but we shouldn't require things that are needed for debugging the container runtime or network those should go higher in the list than "debugging container"
17:23:20 <lucab> rtsisyk: in a container image, absolutely yes
17:23:34 <aoei> right, now is this toolbox something you still need to pull after firing up an image? looks like that judging from the google page
17:23:34 <rtsisyk> I have to same that  container/tools is almost the same list I have in my Ansible playbooks
17:23:51 <bgilbert> filed https://github.com/coreos/fedora-coreos-docs/issues/187 for toolbox
17:24:05 <dustymabe> thanks bgilbert.. us fleshing out our toolbox story has been long overdue
17:24:08 <rtsisyk> OpenShift also have some `toolbox` image
17:24:09 <dustymabe> this might be the kick we need
17:24:12 <jlebon> to clarify: there's toolbox and tools. the former is very much actively used, though IIRC there were still issues with running it as root on FCOS
17:24:28 <jlebon> but those might have been fixed now
17:24:35 <dustymabe> jlebon: that might be fixed.. we need to investigate
17:24:37 <rtsisyk> in openshift console you can one Compute -> Nodes -> nodename -> Terminal and it will launch a toolbox-like image
17:24:54 <dustymabe> rtsisyk: right. yep. this is a similar concept
17:24:59 <rtsisyk> but tht image has almost nothing
17:25:07 <aoei> would it be acceptable to have the toolbox image already included in the fcos image?
17:25:10 <rtsisyk> even iostat doesn't present
17:25:16 <rtsisyk> everyone needs iostat
17:25:23 <rtsisyk> ask any ops
17:25:24 <rtsisyk> top
17:25:25 <rtsisyk> iostat
17:25:29 <dustymabe> aoei: probably not pre-seeded
17:25:30 <rtsisyk> are must have
17:25:38 <aoei> ok dusty
17:25:55 <jlebon> this came up in RHCOS-land too. i think it'd be cool to have some way to embed container images in the VM/metal images
17:26:01 <aoei> but i guess this is also for more general admin than just fixing network/crun in order to get the container working in the first place
17:26:02 <jlebon> doesn't help the live case though
17:26:20 <cverna> silverblue does that with flatpak I think
17:26:21 <dustymabe> rtsisyk: i think that's fair. there will probably be some we do want to include. we're just thinking generically right now
17:26:32 <rtsisyk> ok
17:26:36 <bgilbert> proposal: let's file a tracker ticket to come up with rough criteria for adding packages
17:26:36 <lucab> jlebon: nor the general case of any cloud image, no?
17:26:51 <bgilbert> I don't think we'll ever reduce it to a mechanical set of rules
17:26:58 <aoei> right, but guidelines i guess
17:27:12 <bgilbert> and then consider proposals for individual packages.
17:27:23 <dustymabe> bgilbert: yeah it's probably not a mechanical set of rules, but a set of "questions" is a good way to start the conversation about $tool
17:27:24 <jlebon> lucab: not those we upload ourselves, but user-uploaded ones sure
17:28:00 <bgilbert> in general, rtsisyk, I don't think adding a large set of tools to the distro is something we're enthusiastic about doing.  we absolutely do need better docs about how to use those tools in a container, though.
17:28:12 <dustymabe> #action we'll file a tracker ticket to come up with rough criteria for adding packages
17:28:24 <aoei> dusty have you actioned the thing about better toolbox docs?
17:28:28 <rtsisyk> @bgilbert, I agree
17:28:42 <aoei> / fleshing them out
17:28:45 <bgilbert> #link https://github.com/coreos/fedora-coreos-docs/issues/187
17:28:47 <bgilbert> aoei: ^
17:28:57 <aoei> ah right thats that one
17:29:05 <aoei> nice bgilbert
17:29:47 <dustymabe> rtsisyk: though each tool will stand on its own merit so don't be afraid to propose any :)
17:29:52 <bgilbert> right
17:29:52 <dustymabe> and thanks for the list you did come up with
17:30:11 <dustymabe> this will help kick us in the right direction to flesh out this part of our user experience
17:30:15 <rtsisyk> no problem, thanks
17:30:22 <lucab> also trying to clear out any possible misunderstanding: including any package in FCOS does not directly result in that ending up in RHCOS/OpenShift
17:30:26 <rtsisyk> I will try to play with priv container.
17:30:41 <rtsisyk> I use OKD
17:30:46 <dustymabe> lucab: correct. It will end up in OKD (since it's based on FCOS)
17:30:59 <dustymabe> but not necessarily RHCOS/OCP
17:31:10 <dustymabe> rtsisyk++
17:31:10 <zodbot> dustymabe: Karma for rtsisyk changed to 1 (for the current release cycle):  https://badges.fedoraproject.org/tags/cookie/any
17:31:17 <rtsisyk> wow
17:31:32 <dustymabe> ok I did poor time management today
17:31:36 <dustymabe> #topic open floor
17:31:42 <jlebon> indeed, this is good to discuss. thanks rtsisyk!
17:31:48 <rtsisyk> thanks, guys!
17:31:56 <dustymabe> a few other things I wanted to get to but we'll catch them next week
17:32:06 <dustymabe> anyone with anything for open floor?
17:32:37 <dustymabe> for the f33 rebase I'm going to start opening PRs soon to get some of the work to land in testing-devel that will enable f33
17:32:51 <dustymabe> we won't be moving over testing-devel, just prepping it and conditionalizing some logic
17:33:09 <dustymabe> we will flip next-devel when ready. hopefully thursday or friday
17:33:27 <bgilbert> next week's stable release will require PXE booting with the rootfs image
17:33:33 <bgilbert> if anyone hasn't switched over yet, now is the time :-)
17:33:50 <dustymabe> #info next week's stable release will require PXE booting with the rootfs image if anyone hasn't switched over yet, now is the time :-)
17:34:07 <rtsisyk> any details about how to switch to the root image?
17:34:17 <rtsisyk> I'm still on 20200628 or something like that
17:34:19 <bgilbert> yeah, one sec
17:34:58 <bgilbert> #link https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/#_pxe_rootfs_image
17:35:02 <aoei> im trying to work out whether or not this matters for my VM - do providers simulate PXE boot for VMs (i doubt this) or is this only an issue for FCOS run on bare metal?
17:35:04 <dustymabe> #link https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/#_pxe_rootfs_image
17:35:21 <dustymabe> #undo
17:35:21 <zodbot> Removing item from minutes: <MeetBot.items.Link object at 0x7fcccb367bd0>
17:35:29 <rtsisyk> providers use cloudinit
17:35:32 <dustymabe> aoei: what provider do you use?
17:35:35 <bgilbert> rtsisyk: nothing uses cloudinit :-)
17:35:35 <aoei> GCP dusty
17:35:42 <dustymabe> aoei: you're good then
17:35:44 <jlebon> aoei: more specifically live environments
17:35:49 <aoei> okay, cool
17:35:59 <bgilbert> aoei: mostly bare metal, but some people PXE boot the live image in e.g. VMware
17:36:05 <bgilbert> you'd know you were doing it though
17:36:06 <aoei> ahh okay
17:36:15 <aoei> yeah i figured but i wanted to just check
17:36:17 <aoei> thanks
17:36:21 <dustymabe> rtsisyk: for FCOS we use the user data mechanism to pass an Ignition config to Ignition
17:36:25 <dustymabe> we don't happen to use cloud-init
17:36:28 <rtsisyk> I will try to update some of my OKD clusters to a new rootfs-based image in the next couple weeks.
17:36:52 <dustymabe> ok i'll close out the meeting soon
17:37:03 <rtsisyk> dustymabe: ok, I misled by my OpenStack background.
17:37:12 <aoei> for first boot I use the gcloud cli stuff and some containers for generating the inition file to fire up my instance
17:37:29 <aoei> updates automatically reboot my VM, I actually missed this in the docs until I saw it happen for real lol
17:37:35 <cverna> thanks for running the meeting dustymabe
17:37:38 <jlebon> bgilbert: slightly off-topic, though i feel like we should blog about the rootfs image and osmet for fun. it's pretty cool stuff
17:37:38 <dustymabe> #endmeeting