16:30:25 #startmeeting fedora_coreos_meeting 16:30:25 Meeting started Wed Aug 4 16:30:25 2021 UTC. 16:30:25 This meeting is logged and archived in a public location. 16:30:25 The chair is lucab. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:30:25 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:30:25 The meeting name has been set to 'fedora_coreos_meeting' 16:30:32 #topic roll call 16:31:03 .hi 16:31:03 lorbus: lorbus 'Christian Glombek' 16:31:18 .hi 16:31:19 lucab: lucab 'Luca Bruno' 16:31:23 .hello sohank2602 16:31:27 skunkerk: sohank2602 'Sohan Kunkerkar' 16:31:40 .hello2 16:31:41 jaimelm_: Sorry, but you don't exist 16:31:48 .hello2 16:31:49 .hello2 16:31:49 jaimelm: jaimelm 'Jaime Magiera' 16:31:52 jlebon: jlebon 'None' 16:32:10 .hi 16:32:11 dustymabe: dustymabe 'Dusty Mabe' 16:32:38 #chair lorbus skunkerk jaimelm jlebon dustymabe 16:32:38 Current chairs: dustymabe jaimelm jlebon lorbus lucab skunkerk 16:33:51 .hi 16:33:52 bgilbert: bgilbert 'Benjamin Gilbert' 16:34:42 #chair bgilbert 16:34:42 Current chairs: bgilbert dustymabe jaimelm jlebon lorbus lucab skunkerk 16:35:17 I guess we can start 16:35:27 #topic Action items from last meeting 16:35:43 .hello siosm 16:35:44 travier: siosm 'Timothée Ravier' 16:35:59 last meeting items are at https://meetbot.fedoraproject.org/teams/fedora_coreos_meeting/fedora_coreos_meeting.2021-07-28-16.30.html 16:36:10 #chair travier 16:36:10 Current chairs: bgilbert dustymabe jaimelm jlebon lorbus lucab skunkerk travier 16:36:17 .hi 16:36:18 gurssing: Sorry, but you don't exist 16:36:27 #info dustymabe created #915 to track progress and checklist for becoming a top-level Fedora Edition 16:36:29 #link https://github.com/coreos/fedora-coreos-tracker/issues/915 16:36:40 for the other one - i'm going to re-action myself 16:37:01 #action dustymabe to re-index and look for newly submitted change proposals for f35 that we need to consider 16:37:02 gurssing: you are welcome even if you don't exist :) 16:37:07 .hello miabbott 16:37:08 miabbott: miabbott 'Micah Abbott' 16:37:27 #chair miabbott 16:37:27 Current chairs: bgilbert dustymabe jaimelm jlebon lorbus lucab miabbott skunkerk travier 16:37:37 #info bgilbert filed https://github.com/coreos/fedora-coreos-docs/issues/314 16:39:16 and travier's comment on the same page is a hint we are going to host that next to the normal docs I think 16:39:37 i kinda like the idea of the tracker repo having a github pages 16:40:13 don't know, probably still belongs better on the same docs site 16:40:59 we have a few markdown files in there already but they aren't really aimed at the general audience 16:41:29 let's move to the tickets 16:42:19 dustymabe: there are two from the previous meetings (F35 changes and OOM), do you want to start there? 16:43:35 lucab: either way works 16:44:02 ack, I'll just go in order 16:44:13 i don't think we need to do oomd - removed from list 16:44:14 #topic systemd-oomd for Fedora CoreOS 16:44:26 ahh - :) 16:44:29 heh 16:44:34 aye, next then 16:44:37 +1 16:44:52 #topic tracker: Fedora 35 changes considerations 16:45:33 want to #link it? 16:45:33 on this one, I say the OpenSSL-3.0 perhaps will be delayed 16:45:38 *I saw 16:45:47 #link https://github.com/coreos/fedora-coreos-tracker/issues/856 16:46:29 oh intereesting 16:46:30 we actually have the tasks labeled 16:46:32 #link https://github.com/coreos/fedora-coreos-tracker/labels/F35-changes 16:46:41 jaimelm: might have an update for us 16:47:36 yes, confirmed, it got retargeted to F36 16:47:40 #link https://fedoraproject.org/wiki/Changes/OpenSSL3.0 16:48:20 lucab: sounds like we're pretty much ready for it anyway? 16:48:32 i.e. in f36 there shouldn't be anything for us to do either? 16:49:02 dustymabe: hopefully so 16:50:18 jaimelm_: did you maybe have a look at https://github.com/coreos/fedora-coreos-tracker/issues/872? 16:51:19 I'll update the labels on mine and note on the ticket that it has been retargeted 16:51:28 Sorry, was called away on toddler duty. 16:51:42 No 16:51:46 darkmuggle: anything on https://github.com/coreos/fedora-coreos-tracker/issues/875 too? 16:52:11 Was out of the loop the past few weeks 16:52:21 i think darkmuggle is AFK - he mentioned last time that if we wanted it before next week then he'd be happy if someone else wanted to pick it pu 16:52:32 anybody want to pick up https://github.com/coreos/fedora-coreos-tracker/issues/875 ? 16:54:26 ok, we'll wait for darkmuggle then :) 16:54:27 it looks like is a no, it doesn't seem urgent, but I'll have quick look tomorrow if it has implications on rpm-ostree 16:55:13 just to make sure it doesn't suddenly become a blocker 16:55:13 ok, next topic 16:55:39 #topic Documentation Style Guide 16:55:49 #link https://github.com/coreos/fedora-coreos-tracker/issues/900 16:56:04 jaimelm: ^^^ 16:56:31 I think this is coming from a previous meeting 16:57:01 Yeah, I'll respond to his question later this week and we can discuss on the next meeting. 16:57:08 I'd be for leaving this as an open enhancement ticket 16:57:58 +1 16:58:13 yeah 16:58:26 I'd probably default to an async discussion in the ticket, unless there is something to cover live in a meeting 16:58:41 not really. It's a longer term discussion. 16:58:58 i.e. just drop the label and slowly chop it in the background 16:58:58 ack 16:59:07 yeah, makes sense to me 16:59:10 and I'll probably end up being the person doing any writing of such a guide if folks like the idea. 16:59:11 next one then 16:59:23 we can always tag back if we want to have a specific resolution 17:00:10 jaimelm: totally in favor of having one, as non-native speaker I enjoyed previous places where there were guidelines to follow 17:00:22 #topic IPv6 address on OpenStack renders incorrectly 17:00:32 #link https://github.com/coreos/fedora-coreos-tracker/issues/907 17:01:21 dustymabe: ^^^ 17:01:26 I think this is better described in another ticket though 17:01:33 #link https://github.com/coreos/fedora-coreos-tracker/issues/513 17:02:01 lucab: maybe.. the open questions I had were in https://github.com/coreos/fedora-coreos-tracker/issues/907#issuecomment-886817668 17:02:28 1. What do we think would be most appropriate for FCOS to use for ipv6.addr-gen-mode (eui64 or stable-privacy)? Is the answer the same for all platforms? This might be worth it's own issue tracker discussion ticket. 17:02:59 background context: 17:03:37 interfaces can generate their own IPv6 addresses. This can be predictable or not predictable (for security minded people who roam various networks). 17:03:54 the current default is ipv6.addr-gen-mode=stable-privacy 17:04:13 but that causes some issues (for example the openstack dashboard predicts and displays the wrong address) 17:04:25 this is arguably an issue with the openstack dashboard, but... 17:04:34 hmm, yeah was gonna say :) 17:04:52 others have the issue too (see the other issue about exoscale) 17:04:53 #link https://docs.openstack.org/neutron/wallaby/admin/config-ipv6.html#configuring-interfaces-of-the-guest 17:05:29 so.. should we just make the default for our server operating system be the "predictable" one? 17:05:41 not sure why I used quotes there - bad finger 17:06:00 they document it clearly, but I still stand on the side that it is a very broken usage of ipv6 SLAAC 17:07:14 presumably this is also an issue in Fedora Server/Cloud too, right? 17:07:17 but I don't expect things to change there, not even sure whether it is worth filing a bug asking for a better approach 17:07:53 jlebon: not sure - the cloud image uses cloud-init for bringup and might do something different with its NM settings 17:08:32 I think Cloud doesn't use NM but systemd-networkd, and Server doesn't run in cloud 17:08:34 dustymabe: ahh ok. if that's the case, then maybe we should match that 17:08:34 i think it writes out an ifcfg file so we'd need to map that to see what the value of this setting is for that IF 17:09:04 walters: woah really? i thought it was NM across the board 17:09:39 Cloud used to use legacy initscripts (several releases ago) - it uses NM now 17:09:47 yeah, NM across the board 17:09:52 ah ok 17:10:28 I don't think cloud has this problem (specifically with openstack) but I'd have to double check 17:10:39 server.. not sure, because I've never run that in openstack :) 17:10:42 I'm generally in favor of defaulting to the mac-derived flavors 17:11:09 so ipv6.addr-gen-mode=eui64 ? 17:12:19 yes, though ideally we would have some way to do it with a config fragment to drop-in somewhere 17:12:27 indeed 17:12:32 that's the second part 17:12:35 if cloud does this somehow, then i think it makes sense to match 17:12:39 2. Currently we can't set the ipv6.addr-gen-mode globally. After a brief discussion with the NM team we're going to re-visit and see if it's worth setting that in the global configuration: https://bugzilla.redhat.com/show_bug.cgi?id=1743161#c11 17:12:48 though ideally it'd be driven higher up 17:13:15 jlebon: cloud may be doing it through the combined back-channel of cloud-init + mounted config-drive 17:13:43 (which isn't really SLAAC anymore at that point, though) 17:13:54 #action - dustymabe to figure out how the cloud edition is handling this problem 17:14:04 #undo 17:14:04 Removing item from minutes: ACTION by dustymabe at 17:13:54 : - dustymabe to figure out how the cloud edition is handling this problem 17:14:17 #action - dustymabe to figure out how the cloud edition is handling the ipv6.addr-gen-mode=stable-privacy problem 17:14:22 * walters idly notices that openstack is not listed in https://coreos.github.io/ignition/supported-platforms/ 17:15:04 ok so let me see if we can get some takeaways from the meeting 17:15:14 walters: https://github.com/coreos/ignition/issues/1222 17:15:26 :+1 17:15:42 question: on a high level - do we think it makes sense to try to default our systems to ipv6.addr-gen-mode=eui64 ? 17:16:05 or - do we need the answer to the "what does cloud edition do?" question first? 17:16:37 and Server right? 17:16:42 i think it makes sense IMO. just hoping we don't have to carry it 17:16:50 dustymabe: I think it's more a matter of "how cloud does it", no? 17:16:59 and for that matter, other distros/OSes 17:17:14 lucab: it's one of two answers (which i'll find out before next week) 17:17:22 1. cloud doesn't do it and it's broken there too 17:17:24 or 17:17:38 2. cloud simply gets lucky and writes out and ifcfg file that somehow doesn't have that setting applied 17:18:26 if cloud didn't write out an ifcfg file then it would use the NM defaults (generated nmconecctions) and would be in the same boat 17:18:31 dustymabe: the openstack docs clearly says that they only support the mac-derived method 17:19:37 so what cloud or other distros do, I don't think matters much to us 17:19:55 (other than as an extra datapoint) 17:20:08 lucab: but are you arguing to change it *just* for OpenStack? 17:20:12 lucab: right, so the question there is if we decided to apply the default only to openstack or across the board 17:20:42 I see 17:21:52 anyway - let's revisit next week when I've got the cloud edition info? 17:22:03 unless there's more to discuss 17:22:05 yep 17:23:02 I'd close this topic here 17:23:08 perusing the cloud-init code, definitely looks like it reads network metadata and translates that into an ifcfg 17:23:10 +1 17:23:26 last one 17:23:33 #topic RFC: A new continuous mechanical FCOS stream 17:23:42 #link https://github.com/coreos/fedora-coreos-tracker/issues/910 17:23:46 jlebon: ^^^ 17:24:03 hmm not sure if to discuss now or push back to next week 17:24:37 i guess i can introduce it now and we can rediscuss again if we want 17:25:08 anyway, back in the FAH days, we had a continuous stream, where it was just all the git-main of all the projects we own 17:25:20 that's useful of course for CI 17:25:27 jlebon: any coarse grained doubt that may benefit from rough feedback? 17:26:03 i think we need to decide first whether we want such a stream or not, before discussing how to do it 17:26:23 my main concern is the overhead of adding another stream 17:26:30 adding and maintaining* 17:26:38 yeah good question 17:26:45 in https://github.com/coreos/fedora-coreos-tracker/issues/910#issuecomment-890067526, i suggested we could just make it part of rawhide at least 17:26:54 which i think it makes a lot of sense there 17:27:29 I feel like we have a lot of things we've decided to do, and aren't being worked on 17:27:44 true statement 17:27:50 painfully true :) 17:27:52 i guess it would be nice to know that this would clearly be worth the extra work before we took on the task 17:28:21 maybe worth elaborating on the "part of rawhide" minimized option 17:28:24 would a nightly jenkins run and an ephemeral `qemu` image as output be enough? 17:28:26 I see this one more in the bucket of CI/infra we use to help implement other things 17:29:17 i started on part of this because I wanted a coreos-assembler container with git main rpm-ostree, which I needed for another task 17:29:21 dustymabe: if we go the rawhide path, i think personally the only big task would be keeping all the make&&make install/copr/koji/packit builds non broken 17:29:40 and those would fall to each project owners 17:30:00 so we'd want buy in so it's not just a few keeping builds going 17:30:06 would the rawhide path include actually updating rawhide with those builds? or using a copr or something else? 17:30:33 right, shove RPMs in a repo, add repo to compose 17:30:48 personally I'd find more useful a next-devel based one plus git-main 17:31:19 i.e. knowing that the rest of the base OS is mostly-sane 17:31:43 lucab: i think even if we do that, it'd be sanest to also add to rawhide 17:32:11 anyway, we don't have to decide stuff now. maybe we can discuss in the ticket some more 17:32:33 WFM - I definitely think it would be generally useful.. FAHC and CAHC were back in the day 17:32:44 just a question of "when" I think 17:33:02 I guess it depends on the intended usage, for me it's usually "quickly checking something specific on today git-main" 17:33:35 arguably perhaps we need to implement build GC first 17:33:53 yeah, good point 17:33:53 lucab: for me it would be "did that ignition PR that merged yesterday break zincati test" 17:33:59 it looks like there is also an hanging question of RPMs vs git-main 17:34:12 it's just integrating all our bits more continuously 17:34:39 it actually wouldn't be hard to have CoreOS CI build RPMs for all git-main, but just on x86 17:34:44 rpm-ostree's CI already does this 17:34:58 yeah but where do they get served from? 17:35:20 not hard to add something for that, but copr is OK at the building and serving part too 17:35:43 right yeah, just thinking on how to minimize new parts to maintain 17:36:28 It's worth elaborting, the copr path currently requires adding something like this: https://github.com/coreos/rpm-ostree/blob/main/.copr/Makefile 17:36:48 which duplicates/overlaps with other CI of course 17:36:54 not sure if I'd really want to go that route, but GH actions can build per-PR RPM and store them 17:37:22 hmm, not totally sure we need per PR as much as triggering post-main merge 17:37:29 i guess we're pretty over time now :) let's keep the convo going in the ticket 17:37:49 walters: it can be triggered on that too yes, I think 17:38:04 hmm, CoreOS CI isn't building rpm-ostree's git main anymore, weird. it used to 17:38:07 jlebon: ack, let's stop here 17:38:29 #topic Open Floor 17:39:04 #info Nest with Fedora conference starts tomorrow 17:39:27 #link https://hopin.com/events/nest-with-fedora-2021 17:40:12 nice 17:40:17 and dustymabe and travier will be presenting! 17:40:24 dustymabe: do you know when? 17:40:53 10 AM eastern is our talk 17:41:12 tmw? 17:41:34 yep 17:41:36 sorry 17:41:42 yup indeed. i see the sched now 17:41:54 we went a bit overtime, any other last minute misc item? 17:41:58 none from me 17:42:19 ok, closing it here 17:42:22 #endmeeting