<stephanepoq>
we had to rollback latest stable release on one instance, because ssh to some of our other server stoped working (with unclear error message) - i checked the issue tracker (but found nothing), I trying to reproduce it on a less critical intance - have you headred of any ssh issue yet?
<lucab>
stephanepoq: do you mean troubles when using the SSH client shipped on FCOS?
<stephanepoq>
yes
gursewak has quit [Ping timeout: 246 seconds]
<stephanepoq>
the rollback fixed the issue
<stephanepoq>
but i cannot reproduce is with a other stable release on current stable version (i'm still trying there)
<lucab>
interesting
<lucab>
no I haven't heard of other client-side SSH issues so far
<stephanepoq>
ok, there is some hints that it migh be an issue with the outgoing firewall
jpn has joined #fedora-coreos
<stephanepoq>
but the switch to nft was already in the prev. version
<stephanepoq>
ok, i think ssh was only a side effect, the main issue should
<stephanepoq>
maybe it a ipv6 issue
<stephanepoq>
ok, reading the logs, i found that there where also curl calls that sopped working
<stephanepoq>
no, ipv6 is noth likely, it's our hosts, they only have A rcords
<stephanepoq>
this all makes no sense at all
<stephanepoq>
ok, how do we go back to current version after doint "rpm-ostree rollback -r"
eballetbo has quit [Quit: You have been kicked for being idle]
<stephanepoq>
after doint that, is it still possilbe to go back, to the last to version?
<stephanepoq>
(rpm-ostree rollback -r)
<lucab>
where "last" is what you are currently on, i.e. "stable - 1"?
<lucab>
I think so yes, it should keep the rollback deployment in place, but honestly I haven't manually tried that
TJR_ has left #fedora-coreos [#fedora-coreos]
<stephanepoq>
ok, i'm not shure how the rollback magic works, and anything will got lost
QuentinTheJerky has joined #fedora-coreos
<QuentinTheJerky>
hello, I swapped hard drives in on my home server (previously running ubuntu server) and decided to change to fedora coreos. The ignition provisioning system looks like it would fit the bill much better for cloud/scaling systems, but for home use, all I have done is provide an ssh key and installed coreos on to bare metal.
<QuentinTheJerky>
What I'd like to know for that is whether my changes that I make to the system (adding systemd units etc) will come undone during the automatic upgrade process (in other words, is it required that everything must be configured in an ignition file to weather system updates?)
wjr has quit [Quit: Client closed]
<lucab>
QuentinTheJerky: no, changes in /etc and /var will persist through upgrades
dwalsh_ has joined #fedora-coreos
<QuentinTheJerky>
lucab great, thanks for that. I also have some docker containers ready to be moved to coreos - I am wondering if now is the time to use podman instead, and if I do am I required to set up systemd units for each container to ensure they start at boot?
<QuentinTheJerky>
stephanepoq great, thanks. will they live in /etc/systemd/system ?
<QuentinTheJerky>
even better, thankyou
<stephanepoq>
we needed the --new flag (without knowing that excist, we were confused, now to handle things)
<stephanepoq>
yes they live there
<QuentinTheJerky>
perfect, Ill do some more reading then
QuentinTheJerky has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
ravanelli has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
TJR_ has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
dwalsh_ has quit [Ping timeout: 258 seconds]
pbrezina has joined #fedora-coreos
<stephanepoq>
sudo rpm-ostree rebase "fedora/${ARCH}/coreos/${STREAM}" --bypass-driver
<stephanepoq>
error: Old and new refs are equal: fedora:fedora/x86_64/coreos/stable
<stephanepoq>
hmm, this is not the correct way
<stephanepoq>
deployment 36.20220522.3.0 (c876d5b2c2b5f472fae8a12e98bdcd4bfc5d1e479a5f1ab81a28cd72e7dda0ba) will be excluded from being a future update target
<QuentinTheJerky>
hello, some of my existing docker containers were made with docker-compose. is the correct way to install docker-compose (or any package) on coreos to use rpm-ostree install x ?
<stephanepoq>
intalling docker-compose with rpm-ostree will work
<QuentinTheJerky>
great thanks (sounds like thats only half the solution however as I still want it to work with podman)
nalind has joined #fedora-coreos
<stephanepoq>
ok, found it, we are using a static (secondary) ip, with the old release all trafic is route via the ip addedn to NetworkManger, with the new release it's using the ip, the system got via dhcp
QuentinTheJerky has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
plarsen has joined #fedora-coreos
QuentinTheJerky has joined #fedora-coreos
mheon1 has joined #fedora-coreos
mheon1 has quit [Quit: WeeChat 3.4]
mheon has joined #fedora-coreos
<stephanepoq>
ip route replace default via 172.31.1.1 dev enp1s0 src X.X.X.X
<stephanepoq>
=> that's fixing the current problem
<stephanepoq>
will open an issue with work arround
<stephanepoq>
I there a well known place in fedora to save that line to?
<dustymabe>
stephanepoq: you'd need to update the NM connection to add the route
<stephanepoq>
ok
<dustymabe>
see those links from above ^^
QuentinTheJerky has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
QuentinTheJerky has joined #fedora-coreos
plarsen has quit [Quit: NullPointerException!]
plarsen has joined #fedora-coreos
nalind has quit [Ping timeout: 260 seconds]
guesswhat has joined #fedora-coreos
<guesswhat>
Guys? I am trying to mount /var/lib/containers to secondary disk, but have problem on FCOS36.., seems its selinux related ( https://pastebin.com/raw/zHQSZXu8 ) , fails to /bin/sh: error while loading shared libraries: libc.so.6: cannot change memory protections
<guesswhat>
Any ideas? Not sure if its fixable via Ignition ?
nalind has joined #fedora-coreos
<stephanepoq>
guesswhat: is a disc > 2TB used?
<guesswhat>
stephanepoq no, its empty one ( AWS )
<guesswhat>
containers folder ( mounted from sendondary disk ) is missing container_var_lib_t label
jpn has quit [Quit: leaving]
jpn has joined #fedora-coreos
gursewak has joined #fedora-coreos
jcajka has quit [Quit: Leaving]
shanduur[m] has quit [Quit: You have been kicked for being idle]
azukku has quit [Remote host closed the connection]
crobinso has joined #fedora-coreos
<QuentinTheJerky>
can you use bind mounts in coreos / podman ?
crobinso has quit [Remote host closed the connection]
<dustymabe>
QuentinTheJerky: should be able to (I do)
<QuentinTheJerky>
dustymabe looks like I needed to add :Z at the end to ensure the container could access the bind
dwalsh__ has joined #fedora-coreos
<dustymabe>
yeah, if the directory doesn't already have the right labels you'd need to do something like that
<dustymabe>
just be careful.. relabeling some host mounts could be baed
<dustymabe>
bad*
<dustymabe>
i.e. you wouldn't want to :Z your home directory
<QuentinTheJerky>
not quite sure what it means tbh
<QuentinTheJerky>
I am trying to get a samba docker service to access a mounted usb drive
<dustymabe>
TL:DR the safest thing to do is create a new empty directory to bind mount in
dwalsh_ has quit [Ping timeout: 248 seconds]
<jlebon>
QuentinTheJerky: in that case, you might consider disabling labeling protection using `--security-opt=label=disable`
<QuentinTheJerky>
jlebon thankyou - that seems to have solved the problem
cyberpear has quit [Quit: Connection closed for inactivity]
jpn has quit [Ping timeout: 258 seconds]
QuentinTheJerky has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
<guesswhat>
I am trying to do ExecStart=semanage fcontext -a -e /var/lib/containers /mnt/containers && restorecon -Rv /mnt/containers, but semanage is not installed on FCOS by default, any ideas?
QuentinTheJerky has joined #fedora-coreos
QuentinTheJerky has quit [Read error: Connection reset by peer]
<miabbott[m]>
jlebon: nope, was letting you merge; probably should have said that 😉
<jlebon>
ahhh heh gotcha
ravanelli has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
<guesswhat>
whats the alternative to semanage ? its not installed by default, i dont want to this via rpm-ostree as it takes some time and I have a lot of servers...
HappyHappyMan has quit [Ping timeout: 244 seconds]
<guesswhat>
jlebon: I am trying to mount /var/lib/containers to secondary disk, but it fails due to missing selinux labels...
pbrezina has quit [Remote host closed the connection]
<jlebon>
guesswhat: are you creating the filesystem using Ignition?
<guesswhat>
jlebon: no, via systemd, there is a problem with mounting disk on AWS ( can not find the issue on GH ) see https://pastebin.com/raw/63D3cjvF
<guesswhat>
so its not possible to use ignition as there is race condition where disk name is not static
<jlebon>
ahh right ok
<jlebon>
so you should be able to mount it at /var/lib/containers directly, then restorecon it
<jlebon>
if you really want to keep it at /mnt/containers and point the container stack at that, you can add a rule in /etc/selinux/targeted/contexts/files/file_contexts
<jlebon>
it'd be
<jlebon>
/mnt/containers /var/lib/containers
<jlebon>
and then restorecon
<guesswhat>
hm, interesting
<jlebon>
sorry, i pasted the wrong path
<jlebon>
it's file_contexts.subs
<guesswhat>
first one would be better option
<guesswhat>
restorecon -Rv /var/lib/containers should be enough, right?
<jlebon>
indeed, i'd agree
<jlebon>
yup
<guesswhat>
thanks, going to try
<jlebon>
once we gain stable symlinks, Ignition will do that for you
ravanelli has quit [Remote host closed the connection]
<guesswhat>
thanks, seems its working !
<guesswhat>
is there any Issue to track for stable symlinks support for datadisks