02:50 <dustymabe> adamw: I think it's clear sailing over here

11:56 <guesswhat[m]> Is there any tutorial/recommendation how to enable swap in FCOS? Would You say that zram for Podman on instance with 64G ram would be okish?

11:58 <guesswhat[m]> TLDR I am getting weird killed signals when bulding podman images sometimes, but oom_killer and kernel messages dont output anything useful

12:25 <guesswhat[m]> *rootless containers, maybe its related to https://github.com/coreos/fedora-coreos-tracker/issues/840 and missing systemd-oomd-defaults package ?

12:26 <bgilbert> marmijo[m]: are you looking at https://github.com/coreos/fedora-coreos-tracker/issues/1458#issuecomment-1502146483 ?

13:21 <baude> can anyone recommend a good way with fcos to have it create a tap device early in boot? (via command-line, it is two commands)

13:21 <baude> for example, use ignition? or network stuffs, or

13:24 <pwhalen> Hi Coreos folks, looking for your input on an issue we have with some media produced with osbuild in iot. Once created it uses the local repository from the media rather than the 'upstream' fedora-iot repository. Previously we dealt with that in the kickstart by running a few commands ( https://pagure.io/fedora-kickstarts/blob/main/f/fedora-iot.ks#_37-49 ). Can this be done with a config installed during installation (perhaps a startup script

13:24 <pwhalen> would be needed as well if we have to run those commands)?

13:26 <dustymabe> baude: I assume the reason you're asking is because there is no way to do it with NetworkManager. If that's the case then run a systemd unit via Ignition? https://docs.fedoraproject.org/en-US/fedora-coreos/tutorial-services/

13:27 <baude> dustymabe, actually, i think i found a way around that bit from yesterday ... it depends *how* the device is created

13:28 <dustymabe> baude: +1

13:28 <baude> dustymabe, can NM does this on boot ?

13:28 <baude> i assume i have to tell it to

13:29 <dustymabe> baude: I don't know :) - maybe it will create devices for you if you tell it to (i.e. it will create a bond for you), but maybe it doesn't have support for specifically what you are doing

13:29 <dustymabe> the NM team would know

13:29 <baude> i think i am not asking my question correctly ...

13:29 <dustymabe> pwhalen: a startup script should work

13:30 <dustymabe> pwhalen: I'm guessing osbuild isn't using kickstart?

13:30 <baude> ignoring the conversation from eysterday dustymabe, is there a way to create a network device on boot in fcos?

13:31 <dustymabe> guesswhat[m]: here is what we have for zram: https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-configure-swaponzram/

13:32 <dustymabe> baude: we support whatever networkmanager supports. we also support whatever the Linux kernel supports (i.e. if NetworkManager doesn't support something). we don't have any special mechanisms outside of those two pieces of technology

13:33 <dustymabe> if you need to run some commands to set up a network device (i.e. if NM doesn't support something) then you'd do it via a systemd unit

13:34 <guesswhat[m]> dustymabe: yes. thanks, i am aware of this, not if this https://github.com/coreos/fedora-coreos-tracker/issues/840#issuecomment-859094939 is actual, cuz systemd-oom service is disabled by default and seems that systemd-oomd-defaults package is enabling userspace oom, which might be useful when using rootless containers?

13:35 <pwhalen> dustymabe: it doesnt, and it appears not as easy as deleting the old config and dropping in a new one, some ostree commands need to be run on the system. Do you happen to know at what point during the boot would be best to run the commands? ie, what needs to be started for it to work?

13:36 <dustymabe> pwhalen: I don't know exactly but it should be fine as long as you run it before any updates are initiated

13:37 <dustymabe> pwhalen: you'd probably be fine to run it `Before=network-pre.target`

13:37 <dustymabe> along with a `Wants=network-pre.target`

13:38 <dustymabe> guesswhat[m]: right we still don't have systemd-oom enabled, are you asking for it to be enabled?

13:38 <pwhalen> dustymabe: ok, thanks kindly. Would you consider that a decent solution or would you experts recommend against that and prefer to see it fixed in osbuild?

13:39 <guesswhat[m]> dustymabe, no, sometimes my rootless podman buils are killed by Signal: killed and its nowhere reported who/what killed them, even in kernel messages, so trying to debug this, this would be probably OS related

13:39 <dustymabe> pwhalen: :) - often times in life you have to make lemonade out of lemons. I'd consider it a bug in osbuild probably? I guess I'd need to understand the details a little more to say for sure.

13:40 <pwhalen> dustymabe: indeed. Ok, thank you very much :)

13:41 <dustymabe> guesswhat[m]: yeah, I'd assume kernel something - maybe increase debug logging of systemd and the kernel

13:44 <dustymabe> baude: I'm not sure I answered your question? Did it help?

13:45 <baude> dustymabe, go fish works

14:02 <walters> pwhalen: Running on boot is ugly, it should be done at build time. I imagine that would require osbuild work yes. FWIW at least with the new container-native flow it's really easy and built-in https://github.com/coreos/coreos-assembler/blob/25ff3976ff850caa6b2871f9084aac6cf6ca3bb7/src/create_disk.sh#L337

15:18 <pwhalen> walters: thanks

15:47 <dustymabe> gursewak: since you are in the list of standby release executors - any chance you'd like to do the `next` release this week? https://github.com/coreos/fedora-coreos-streams/issues/689

15:58 <gursewak> dustymabe, sure, I can do it this week.

17:01 <marmijo[m]> Could I please get a review on https://github.com/coreos/fedora-coreos-config/pull/2361? Thanks!

17:15 <dustymabe> LGTM

17:15 <marmijo[m]> dustymabe: ty!

17:19 <strnull[m]> Hi all, question maybe some of you guys can point me on the right direction, how does one integrate or coordinate the fcos updates with kubernetes in an way that the upgrades to the cluster happen sequentially and the nodes are drained and cordon before the node restart and uncordon if the upgrade was successful, and if the update breaks something on the node the whole process stops… ?

17:20 <strnull[m]> Does anybody has experience with for example kured ?

18:22 <travier[m]> strnull: https://coreos.github.io/zincati/usage/updates-strategy/#lock-based-strategy

18:57 <dustymabe> jlebon: I don't think the bot likes your title change in https://github.com/openshift/os/pull/1249#issuecomment-1503916143

18:59 <jlebon> i think there's two bots, and one of them doesn't know how to parse out the JIRA bug, but the other does: https://github.com/openshift/os/pull/1249#issuecomment-1503619333

18:59 <jlebon> i think the latter one is the one we need to satisfy? at least it didn't remove any labels so i *think* we can just ignore the other bot's msg

19:00 <dustymabe> sigh.. drowning in process

19:00 <jlebon> :(

19:08 <guesswhat[m]> Any idea how to do this on FCOS semanage fcontext -a -e $HOME/.local/share/containers NEWSTORAGEPATH ? semanage is not installed by default, so thinking about using "some" alternative

19:14 <jlebon> guesswhat[m]: see https://github.com/coreos/ignition/issues/1294#issuecomment-989181944, though the presence of a specific user's homedir in the path makes this less pretty

19:44 <guesswhat[m]> Thanks

20:31 <guesswhat[m]> Any idea why SUB_GID_MAX and SUB_UID_MAX changed to 4294967295 in /etc/login.defs is not respected? I already set /etc/subgid,subuid to containers:100000:4295067294, but getting  newuidmap: subuid overflow detected