<spresti[m]>
LOL welp today and tommorrow get confusing when 12am
<spresti[m]>
changing it
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 250 seconds]
vgoyal_ has quit [Quit: Leaving]
ravanelli has joined #fedora-coreos
<bgilbert>
spresti[m]: has there been any discussion of update barriers?
<bgilbert>
hmm. normally we have a barrier on the last release of N-1 to ensure key rotation happens. but we already have a barrier on the second-to-last release for the aarch64 GRUB update. so that's probably good enough.
jlebon has quit [Quit: leaving]
<spresti[m]>
bgilbert: Not that I am aware of. and I was not aware of that 🤯
<spresti[m]>
Oh, ok. So should I hold off on the roll out then? I certainly dont want to break any existing installs.
<bgilbert>
like I said, the barrier from a few weeks ago should be fine
<bgilbert>
strictly speaking, the barrier only needs to be added retroactively before the _next_ rebase
<bgilbert>
which is confusing
<bgilbert>
but is a consequence of when new keys are added. the barrier at the end of F36 already included the F38 key.
<spresti[m]>
Yeah I just wanted to double check lol the 'should' spooked me a bit
<bgilbert>
:-) fair
<spresti[m]>
Thank you for the info, it def helps and is another complication I was not aware of. One of the many things of a nice workflow is the ability to be blissfully ignorant of that stuff lol I might inquire about this verbally for more clarity in our 1:1
<spresti[m]>
* our 1:1 just to make sure I understand it right.
<bgilbert>
+1
<bgilbert>
(in case you weren't aware, there is no message editing in IRC. Matrix sends a separate message with a correction)
<spresti[m]>
Ah was not aware, and that would make sense
<spresti[m]>
welp good to know 🙃
<dustymabe>
bgilbert++
<dustymabe>
spresti[m]++
<dustymabe>
bgilbert: yeah I was thinking the recent barriers that we did would suffice re: key rotation
<bgilbert>
+1
<bgilbert>
dustymabe: the F38 rebase checklist looks a bit stale btw
<dustymabe>
yeah, I'll update it
<bgilbert>
+1
<dustymabe>
was going to possibly farm out the misc items at the end (trying to get some more people to learn those pieces)
gursewak has quit [Ping timeout: 265 seconds]
fifofonix has quit [Read error: Connection reset by peer]
daMaestro has joined #fedora-coreos
mboddu has quit [Remote host closed the connection]
mboddu has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 268 seconds]
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 268 seconds]
ravanelli has quit [Remote host closed the connection]
bgilbert has quit [Ping timeout: 268 seconds]
gursewak has joined #fedora-coreos
sentenza has quit [Remote host closed the connection]
jcajka has joined #fedora-coreos
saschagrunert has joined #fedora-coreos
c4rt0 has joined #fedora-coreos
saschagrunert has quit [Quit: Leaving]
c4rt0 has quit [Quit: Leaving.]
jpn has joined #fedora-coreos
apollo13[m] has quit [Quit: You have been kicked for being idle]
jcajka has quit [Quit: Leaving]
Betal has quit [Quit: WeeChat 3.8]
ravanelli has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
<FSMaxB[m]>
Yeah, I'm familiar with CoreOS, I've been using it since Fedora 36, was just wondering about Cloud.
<dustymabe>
FSMaxB[m]: nice. thanks for being a part of the community
<FSMaxB[m]>
CoreOS is what brought me to try (and stay with) Silverblue actually.
<dustymabe>
nice
<dustymabe>
what do you like about Fedora CoreOS? What's the main thing that keeps you using it?
plarsen has joined #fedora-coreos
<FSMaxB[m]>
I'm using it for my personal setup only, but managing multiple machines got kind of unwieldy over time. With CoreOS the base system is quite stable and I don't need to invest much time updating the base system. And since I migrated all the workloads to containers anyways, this is a perfect fit.
<FSMaxB[m]>
I've been burned with both Ubuntu and Debian on the server in the past and they needed much more maintenance than I would have liked.
<FSMaxB[m]>
I was really pleased to have the update from 36 to 37 just ... happen without having to care too much.
<dustymabe>
cool. Thanks for sharing
<FSMaxB[m]>
Managing it via ansible at the moment. There's still some machines left on other distros, but I'm incrementally migrating them to full containerisation so I can switch over to CoreOS as a final step.
<dustymabe>
are you running ansible in a container?
<FSMaxB[m]>
No, I'm running ansible on my local machine (so no ansible master ultimately). The only thing that was required was layering python to make it work.
<FSMaxB[m]>
Containers run as rootless podman containers started with systemd. Still done manually but I'm planning to switch to quadlet once I find the time.
<dustymabe>
fifofonix: for testing out a `rawhide` node (only do this on a node you can throw away after): `sudo rpm-ostree rebase fedora-compose:fedora/x86_64/coreos/rawhide` should work I think