16:27:53 #startmeeting fedora_coreos_meeting 16:27:53 Meeting started Wed Oct 27 16:27:53 2021 UTC. 16:27:53 This meeting is logged and archived in a public location. 16:27:53 The chair is dustymabe. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 16:27:53 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:27:53 The meeting name has been set to 'fedora_coreos_meeting' 16:27:59 #topic roll call 16:28:04 .hi 16:28:05 dustymabe: dustymabe 'Dusty Mabe' 16:28:09 .hi 16:28:10 ravanelli: ravanelli 'Renata Andrade Matos Ravanelii' 16:28:34 .hi 16:28:35 jmarrero: jmarrero 'Joseph Marrero' 16:28:38 .hi 16:28:41 jdoss: jdoss 'Joe Doss' 16:28:46 .hello2 16:28:47 jlebon: jlebon 'None' 16:29:45 .hello copperi 16:29:46 copperi[m]1: copperi 'Jan Kuparinen' 16:29:58 .hi 16:29:59 lucab: lucab 'Luca BRUNO' 16:30:25 .hi 16:30:26 bgilbert: bgilbert 'Benjamin Gilbert' 16:31:37 .hello jasonbrooks 16:31:38 jbrooks: jasonbrooks 'Jason Brooks' 16:31:47 .hello siosm 16:31:48 travier: siosm 'Timothée Ravier' 16:31:58 #chair ravanelli jmarrero jdoss jlebon copperi[m]1 lucab bgilbert jbrooks travier 16:31:58 Current chairs: bgilbert copperi[m]1 dustymabe jbrooks jdoss jlebon jmarrero lucab ravanelli travier 16:32:14 .hello2 16:32:15 jaimelm: jaimelm 'Jaime Magiera' 16:32:38 #chair jaimelm gursewak_ saqali 16:32:38 Current chairs: bgilbert copperi[m]1 dustymabe gursewak_ jaimelm jbrooks jdoss jlebon jmarrero lucab ravanelli saqali travier 16:32:53 .hello 16:32:53 saqali: (hello ) -- Alias for "hellomynameis $1". 16:33:03 good to see everyone here today.. will get started in just a moment 16:33:28 .hello miabbott 16:33:29 miabbott: miabbott 'Micah Abbott' 16:34:11 #chair miabbott 16:34:11 Current chairs: bgilbert copperi[m]1 dustymabe gursewak_ jaimelm jbrooks jdoss jlebon jmarrero lucab miabbott ravanelli saqali travier 16:34:21 #topic Action items from last meeting 16:34:33 * dustymabe to write docs for rpi4 including updating eeprom 16:34:45 re-actioning - should have a PR from me on this later this week 16:34:53 #action dustymabe to write docs for rpi4 including updating eeprom 16:34:59 and that's it from last time 16:35:17 #topic F35: CHANGE: More flexible use of SSSD fast cache for local users 16:35:23 #link https://github.com/coreos/fedora-coreos-tracker/issues/875 16:35:38 looks like from travier in the ticket that we should be good to go on this for f35 16:35:57 one slight issue with the integration, but it's a delay and will be fixed in f36 16:36:07 https://github.com/coreos/fedora-coreos-tracker/issues/875#issuecomment-952867863 16:36:36 .hi 16:36:37 lorbus: lorbus 'Christian Glombek' 16:36:45 #chair lorbus 16:36:45 Current chairs: bgilbert copperi[m]1 dustymabe gursewak_ jaimelm jbrooks jdoss jlebon jmarrero lorbus lucab miabbott ravanelli saqali travier 16:37:03 i'll update the ticket and close it out - any objections or further discussion? 16:37:12 .hi 16:37:13 walters: walters 'Colin Walters' 16:37:18 #chair walters 16:37:18 Current chairs: bgilbert copperi[m]1 dustymabe gursewak_ jaimelm jbrooks jdoss jlebon jmarrero lorbus lucab miabbott ravanelli saqali travier walters 16:37:43 I think we can close it for now and we'll see if we need to make a change later. Nothing is pressing 16:38:01 +1 16:38:01 #info the report by travier indicates we shouldn't have any issues with the "More flexible use of SSSD fast cache for local users" change 16:38:22 #topic Handle re-invocations of coreos-installer on a new disk 16:38:27 #link https://github.com/coreos/fedora-coreos-tracker/issues/976 16:38:48 anybody want to intro this one? we discussed it in the past, but there is new information/updates? 16:39:10 yup, i can 16:39:32 jlebon: maybe focus on what's changed since https://github.com/coreos/fedora-coreos-tracker/issues/976#issuecomment-930490695 16:39:45 last time I think we decided to keep chatting in the ticket before coming to a proposal 16:40:00 so where we are now is: 16:40:19 - we have code in FCOS which add boot=UUID=... for subsequent boots 16:40:35 - we have code pending for erroring out if multiple boot filesystems are found on first boot 16:40:50 what I'd like to propose is: 16:41:32 - add code to more strongly tie the boot filesystem to a rootfs by adding a stamp file at e.g. /boot/.rootfs-uuid 16:42:11 this will ensure that once we claim a boot filesystem, it can never be claimed by any other rootfs 16:43:16 16:43:34 jlebon: quick question.. what did we do with all the pieces of code that mount boot by label? 16:44:06 dustymabe: it's all still there. 16:44:45 the stamp file approach makes it somewhat safe to use "retroactively" 16:45:09 remember after first boot, nothing really cares aboot /boot in the initrd. and the rootfs now will only mount by UUID 16:45:49 ahh, so if on first boot we error if multiple boot filesystems are found - then we should be safe to mount by label 16:46:06 yeah, exactly 16:46:31 might be worth picking apart "first boot" a bit more (considering kargs reboots and such), but yeah seems like a reasonable approach 16:47:24 ack cool. if there are no objections, i'll implement it 16:47:33 I'm only a bit worried because this adds quite a bit of complexity and I have anyway seen nodes even with duplicated UUIDs, but overall I'm not against trying to tighten it 16:48:27 jlebon: for "we have code pending for erroring out if multiple boot filesystems are found on first boot" - is it possible for the user to remove the 2nd disk and reboot and the system complete firstboot bringup fine? 16:48:38 duplicate uuids seems like it could happen in the case where one installs fcos version X to disk A, then try to reboot into it but end up booting back into the live iso, and installing the same version to disk B 16:48:50 i.e. they're duplicate "golden" uuids 16:48:54 would kind of be sucky UX to say "we found a 2nd /boot, please do a complete re-install" 16:49:27 walters: or someone makes a dd copy of a disk 16:50:00 i think it'd be hard/impossible to guard against bit-for-bit identical copies of the bootfs 16:50:03 so far, we're still having grub pick by label? 16:50:44 dustymabe: we're thinking of having coreos-installer print something as well 16:50:57 so at least it can be easier to catch at install time 16:51:23 yeah, I guess the real question is.. does igntion get far enough on that first boot to dirty the disk (before it detects the error condition) 16:52:25 dustymabe: yeah, it'd happen at the very end. i'm not sure there's much we can do though, because it's possible we've been handling the wrong bootfs the whole time 16:52:38 (at the very end... of the initramfs) 16:53:04 it's tricky once you factor in devices that could take time to show up 16:53:18 yeah 16:53:18 which is why the check is at the end. though we could also check for it at the start 16:53:25 well, good to know either way 16:53:39 jlebon: yeah, maybe add a check at the start 16:53:56 "detected 2nd boot disk, please remove the 2nd disk and reboot" 16:53:58 versus 16:54:05 "detected 2nd boot disk, you must re-install" 16:54:06 I think dustymabe made a good point, checking beforehand would have a better UX 16:54:09 yup, agreed 16:54:30 I guess we have to wait for /boot anyway for the Ignition config, no? 16:54:33 yes, we can check at both points 16:54:45 even before that, multipath 16:54:47 +1 16:56:30 jlebon: do you want to do a #proposed ? 16:56:32 I'm still feeling long term it'd be good to get away from any dependence on labels at any point 16:57:03 in particular, in grub 16:57:18 #proposed we will detect multiple boot filesystems at the start and end of the initramfs. we will add a stamp file to the bootfs to ensure 1:1 binding between bootfs and rootfs. 16:58:19 +0.7 - I think this is going to help and we should do it but I think it won't be the end of the story 16:58:23 walters: i think we could do that for post-firstboot 16:59:01 "at the start and end of the initramfs and fail if detected" 16:59:10 it was implied, but might be worth spelling it out 16:59:39 #proposed we will look for multiple boot filesystems at the start and end of the initramfs and fail if detected. we will add a stamp file to the bootfs to ensure 1:1 binding between bootfs and rootfs. 17:00:10 ack 17:00:12 walters: i.e. once we see there's only one bootfs, and we claim it, we also add a dropin with the UUID that the grub script sources 17:01:34 ack to proposed 17:01:42 #agreed we will look for multiple boot filesystems at the start and end of the initramfs and fail if detected. we will add a stamp file to the bootfs to ensure 1:1 binding between bootfs and rootfs. 17:02:22 nice 17:02:33 jlebon: do you want to update the ticket with that outcome? 17:02:39 yup, will do 17:02:40 belated ack to proposed 17:03:52 #topic Open Floor 17:04:00 ok that's all the topics we had with a meeting label 17:04:23 anything else we want to discuss before closing up shop? 17:04:30 A buddy and I are working on a Python equivalent of https://github.com/coreos/stream-metadata-go/ and a JSON schema for the metadata end point. 17:04:46 jdoss: nice! 17:04:47 jdoss: neat! 17:04:47 We'll open some tickets to discuss when we get our act together. 17:05:14 jdoss++ 17:05:14 there is https://github.com/coreos/enhancements/pull/7 open 17:05:15 jdoss: once it's ready, we could house it in the coreos/ org if you're interested 17:05:22 walters++ 17:05:22 dustymabe: Karma for walters changed to 3 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:05:34 walters: do you think it's worth discussing that next week (video community meeting)? 17:05:46 you can maybe do a short preso on it first 17:05:52 zodbot never gives me muh points! 17:06:14 maybe I've already given you cookie's this cycle 17:06:35 jdoss++ 17:06:35 bgilbert: Karma for jdoss changed to 2 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:06:37 jlebon: def interested in moving it to the coreos org down the road. 17:06:46 TIL about the one karma per person per cycle. 17:06:57 not sure if this was mentioned last week, but kudos to dustymabe for running a successful F35 Test Day for FCOS 🎉 17:07:14 Thanks Benjamin. I feel seen now. 17:07:15 #info reminder about the FCOS release process surrounding Major Fedora Linux GA https://github.com/coreos/fedora-coreos-tracker/blob/main/Design.md#major-fedora-version-rebases 17:07:20 jdoss: :-) 17:07:23 miabbott: :) 17:07:34 here, here 17:07:48 thanks all who participated and thank you bgilbert for fixing the breaking bug for AWS instances before it hit stable 17:07:59 and thank you jlebon for adding a test for Xen instance types in AWS 17:08:00 yeah, nice work all! :) 17:08:22 thanks to DonaldKellett for reporting it! 17:08:54 jdoss: haha - I was your first 17:09:06 :D 17:09:14 let's throw a cookie party for jdoss 17:09:22 bah 17:09:26 I am good, I am good! 17:09:43 jdoss++ 17:09:43 miabbott: Karma for jdoss changed to 3 (for the current release cycle): https://badges.fedoraproject.org/tags/cookie/any 17:09:47 walters: WDYT about discussing that enhancement at the video meeting next week? 17:09:55 anybody with any other cool ideas for video meetings ? 17:10:20 we don't always have to discuss issues.. could do something fun 17:10:35 https://github.com/coreos/fedora-coreos-tracker/issues/998 is so cool 17:10:38 Is there anyone we would benefit from inviting to talk about? Anyone we need to network with? 17:10:57 jdoss++ 17:10:57 Video meetings can be good for that 17:10:58 :) 17:11:10 jaimelm: yeah I imagine there's a lot of people we should start trying to coordinate with in this way 17:11:19 ++ to talking enhancment/7 next week! 17:11:40 I know someone recently was going to start looking at how to make selinux more compatible with ostree - should probably try to get together with them 17:12:03 That would be good 17:12:13 jdoss: have you used quadlet? interested in first impresssions 17:12:58 dustymabe: it is on my list to try for sure. I write a bunch of manual systemd units for launching containers with Podman and quadlet looks fantastic to standardize things a bit. 17:13:13 jdoss: I agree - i'm in the same boat 17:13:21 i would have tried it already if I could package layer it 17:13:27 AFAICT no RPM exists 17:13:29 I think I did see a tweet from dan walsh about them considering pulling it into podman. 17:13:39 and the podman team is considering merging it in, yeah 17:13:41 maybe we should figure out if that is going to happen. 17:14:04 +1 17:14:19 i'll send my little jdoss bird to talk to dwalsh 17:14:21 would much prefer to have it in Go from the podman team team than C 17:14:27 +1 17:14:50 travier: :) - take that dep and make it much larger 17:15:17 dustymabe: ? 17:15:20 what travier said, plus pre-rendering the units so that they can be version-controlled 17:15:29 how much more can we pack into this bikeshed 17:15:31 travier: small size versus large size (files) 17:16:08 lucab: though there's an interesting version binding problem there. not much different than butane/ignition I guess 17:16:21 Given than it is essentially text parsing and template output, that should not be a large go binary 17:16:54 jlebon: true, what 100% sense to couple that with podman releases 17:16:59 that makes* 17:17:15 jlebon: with systemd AND podman versions, yes 17:19:05 anything else to discuss before we close up shop here? 17:19:38 #info we will have a video meeting next week Nov 3rd. 17:19:56 * dustymabe is going to make travier organize one of these video meetings one day (since he suggested them) 17:20:04 😎 17:20:05 hah 17:20:14 dustymabe: :D 17:20:17 too bad they are super late in your day 17:20:26 * dustymabe is reminded of time change 17:20:47 Yeah, better I do not organize them given that I am not sure to attend (and I won't be there next week :) ) 17:21:05 #info the fedora coreos meetings stick with UTC time. Regardless of what happens in your local TZ, we'll be here at 16:30 UTC 17:21:26 :) 17:21:44 containerized TZs, basically 17:21:50 :) 17:22:05 #endmeeting