<fifofonix>
dustymabe: rawhide fedora39 w/moby 23.0.4 seems fine from a docker swarm worker node perspective. no issues noted.
ravanelli has joined #fedora-coreos
baude has quit [Quit: Leaving]
saschagrunert has quit [Remote host closed the connection]
jlebon has joined #fedora-coreos
baude has joined #fedora-coreos
nalind has joined #fedora-coreos
<dustymabe>
fifofonix: good to know - could you add a comment to the issue?
<fifofonix>
+1
Eighth_Doctor has quit [Quit: Bridge terminating on SIGTERM]
shoragan[m] has quit [Quit: Bridge terminating on SIGTERM]
defolos has quit [Quit: Bridge terminating on SIGTERM]
vladan[m] has quit [Quit: Bridge terminating on SIGTERM]
Man2Dev[m] has quit [Quit: Bridge terminating on SIGTERM]
nb[m] has quit [Quit: Bridge terminating on SIGTERM]
travier[m] has quit [Quit: Bridge terminating on SIGTERM]
cmagina has quit [Quit: Bridge terminating on SIGTERM]
go4godvin has quit [Quit: Bridge terminating on SIGTERM]
copperi[m] has quit [Quit: Bridge terminating on SIGTERM]
SumantroMukherje has quit [Quit: Bridge terminating on SIGTERM]
nirik has quit [Quit: Bridge terminating on SIGTERM]
hiredman[m] has quit [Quit: Bridge terminating on SIGTERM]
alebastr[m] has quit [Quit: Bridge terminating on SIGTERM]
cverna has quit [Quit: Bridge terminating on SIGTERM]
lorbus has quit [Quit: Bridge terminating on SIGTERM]
shadowchain has quit [Quit: Bridge terminating on SIGTERM]
x3mboy has quit [Quit: Bridge terminating on SIGTERM]
jmarrero has quit [Quit: Bridge terminating on SIGTERM]
hartan[m] has quit [Quit: Bridge terminating on SIGTERM]
jkonecny[m] has quit [Quit: Bridge terminating on SIGTERM]
FSMaxB[m] has quit [Quit: Bridge terminating on SIGTERM]
MayuraAndrew[m] has quit [Quit: Bridge terminating on SIGTERM]
walters has quit [Quit: Bridge terminating on SIGTERM]
vadaosman[m] has quit [Quit: Bridge terminating on SIGTERM]
ramcq[m] has quit [Quit: Bridge terminating on SIGTERM]
thempans[m] has quit [Quit: Bridge terminating on SIGTERM]
lrossetti[m] has quit [Quit: Bridge terminating on SIGTERM]
Noclip[m] has quit [Quit: Bridge terminating on SIGTERM]
joshuastrobl has quit [Quit: Bridge terminating on SIGTERM]
aobrien[m] has quit [Quit: Bridge terminating on SIGTERM]
miabbott[m] has quit [Quit: Bridge terminating on SIGTERM]
MTRNord[m] has quit [Quit: Bridge terminating on SIGTERM]
uny[m] has quit [Quit: Bridge terminating on SIGTERM]
guesswhat[m] has quit [Quit: Bridge terminating on SIGTERM]
treetheythem[m] has quit [Quit: Bridge terminating on SIGTERM]
JosephGayoso[m] has quit [Quit: Bridge terminating on SIGTERM]
gnfzdz has quit [Quit: Bridge terminating on SIGTERM]
gotmax23 has quit [Quit: Bridge terminating on SIGTERM]
mhayden has quit [Quit: Bridge terminating on SIGTERM]
queeup[m] has quit [Quit: Bridge terminating on SIGTERM]
davdunc[m has quit [Quit: Bridge terminating on SIGTERM]
marmijo[m] has quit [Quit: Bridge terminating on SIGTERM]
apiaseck[m] has quit [Quit: Bridge terminating on SIGTERM]
sgallagh has quit [Quit: Bridge terminating on SIGTERM]
LassePihlainen[m has quit [Quit: Bridge terminating on SIGTERM]
spresti[m] has quit [Quit: Bridge terminating on SIGTERM]
adamw has quit [Quit: Bridge terminating on SIGTERM]
theh has quit [Quit: Bridge terminating on SIGTERM]
nbsadminaccount- has quit [Quit: Bridge terminating on SIGTERM]
alexlarsson[m] has quit [Quit: Bridge terminating on SIGTERM]
obudai[m] has quit [Quit: Bridge terminating on SIGTERM]
jbpratt[m] has quit [Quit: Bridge terminating on SIGTERM]
strnull[m] has quit [Quit: Bridge terminating on SIGTERM]
jmariondev has quit [Quit: Bridge terminating on SIGTERM]
BazilObolensky[m has quit [Quit: Bridge terminating on SIGTERM]
OnuralpSezerhehi has quit [Quit: Bridge terminating on SIGTERM]
brianmcarey[m] has quit [Quit: Bridge terminating on SIGTERM]
baude has quit [Quit: Leaving]
defolos has joined #fedora-coreos
strnull[m] has joined #fedora-coreos
paragan has quit [Quit: Leaving]
aobrien[m] has joined #fedora-coreos
jmarrero has joined #fedora-coreos
shoragan[m] has joined #fedora-coreos
thempans[m] has joined #fedora-coreos
guesswhat[m] has joined #fedora-coreos
apiaseck[m] has joined #fedora-coreos
vladan[m] has joined #fedora-coreos
alexlarsson[m] has joined #fedora-coreos
sgallagh has joined #fedora-coreos
lorbus has joined #fedora-coreos
travier[m] has joined #fedora-coreos
nb[m] has joined #fedora-coreos
nbsadminaccount- has joined #fedora-coreos
walters has joined #fedora-coreos
spresti[m] has joined #fedora-coreos
shadowchain has joined #fedora-coreos
MayuraAndrew[m] has joined #fedora-coreos
Eighth_Doctor has joined #fedora-coreos
hartan[m] has joined #fedora-coreos
miabbott[m] has joined #fedora-coreos
alebastr[m] has joined #fedora-coreos
obudai[m] has joined #fedora-coreos
Noclip[m] has joined #fedora-coreos
SumantroMukherje has joined #fedora-coreos
JosephGayoso[m] has joined #fedora-coreos
copperi[m] has joined #fedora-coreos
adamw has joined #fedora-coreos
OnuralpSezerhehi has joined #fedora-coreos
gnfzdz has joined #fedora-coreos
mhayden has joined #fedora-coreos
go4godvin has joined #fedora-coreos
marmijo[m] has joined #fedora-coreos
LassePihlainen[m has joined #fedora-coreos
hiredman[m] has joined #fedora-coreos
x3mboy has joined #fedora-coreos
davdunc[m has joined #fedora-coreos
ramcq[m] has joined #fedora-coreos
gotmax23 has joined #fedora-coreos
nirik has joined #fedora-coreos
cverna has joined #fedora-coreos
jmariondev has joined #fedora-coreos
MTRNord[m] has joined #fedora-coreos
theh has joined #fedora-coreos
jkonecny[m] has joined #fedora-coreos
Man2Dev[m] has joined #fedora-coreos
brianmcarey[m] has joined #fedora-coreos
lrossetti[m] has joined #fedora-coreos
cmagina has joined #fedora-coreos
uny[m] has joined #fedora-coreos
vadaosman[m] has joined #fedora-coreos
queeup[m] has joined #fedora-coreos
treetheythem[m] has joined #fedora-coreos
FSMaxB[m] has joined #fedora-coreos
BazilObolensky[m has joined #fedora-coreos
joshuastrobl has joined #fedora-coreos
jbpratt[m] has joined #fedora-coreos
plarsen has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
apiaseck has joined #fedora-coreos
fifofonix has quit [Read error: Connection reset by peer]
fifofonix has joined #fedora-coreos
<fifofonix>
Questions on disabling selinux. One can do `sudo rpm-ostree kargs --append=selinux=0`. But is this recommended?
<fifofonix>
Also, should we expect deletion of karg to thus re-enable selinux? Because I believe it does not...
quentin9696[m] has joined #fedora-coreos
ravanelli has joined #fedora-coreos
<quentin9696[m]>
Hello !
<quentin9696[m]>
I just got my production down today. After a quick check, it seams that Coreos stable is now using fedora38 ? Where is the anouncement about that news ? I don't find anything on the bug tracker
ravanelli has quit [Remote host closed the connection]
<dustymabe>
TL;DR `selinux=0` (SELinux disabled) doesn't work, but `enforcing=0` (SELinux enabled, but permissive) should
<dustymabe>
if you'd like to pick up that flag and open a PR to the docs for future users and future you that would be amazing
<fifofonix>
thanks for the link. should have done a better job searching for this myself. as for the PR I will think about it but many plates rn.
<dustymabe>
same here - which leads to have discussed/implemented things like this - you understand :)
<dustymabe>
s/have/half/
<fifofonix>
got it. background here. to get around cifs issue one early thing i did was to disable selinux at first temporarily. then permanently on a node. i didn't realise i was committing to replace the node at that point with the kernel arg (selinux=0 does work actually, it is selinux=1 that doesn't).
<fifofonix>
its all good though. not a big deal to replace.
<dustymabe>
i think the problem with selinux=0 is that when you try to switch the node back to enforcing it breaks (haven't tried this myself). Is that what you are saying when you say `selinux=1` doesn't work?
<fifofonix>
correct. this is the problem. selinux=1 or removing the karg does not bring back a healthy node. per git issue you linked the right next step is reprovision the node. not clear (to me) whether changing /etc/selinux/config still works from a disabling/re-enabling perspective when trying to 'temporarily' disable across multiple boots.
<dustymabe>
fifofonix: I think the answer is don't ever fully disable selinux, just set it to permissive
<dustymabe>
permissive is like "disabled, but still logging"
<dustymabe>
all the pieces are working in the background, just no effect
<fifofonix>
duh. got it. yes, that is what i should have done.
<dustymabe>
I think you made a reasonable mistake. Definitely don't think it was your fault or something.
<fifofonix>
onwards and upwards!
JamesBelchamber[ has joined #fedora-coreos
<JamesBelchamber[>
Hi all. I use Silverblue every day (and love it), and now I'm building a homelab - so I figure, why not CoreOS? And currently I'm getting to grips with how I'll run it. I want to use IaC for everything, but I also want to modify things post-deployment (e.g. to deploy new containers). As such, I'm thinking about creating a fairly minimal ignition file (which I essentially just store for disasters and other rebuilds) and then
<JamesBelchamber[>
handling the rest with Ansible (mainly podman containers). Does this seem like a sane way of going about it, or is there something I'm missing? I figure all I'll want my ignition script to do is deploy an ssh key, layer the python package, set the time and the hostname, and then let Ansible do the rest.
<dustymabe>
JamesBelchamber[: that seems reasonable. I know others have success with that path.
sentenza has joined #fedora-coreos
<dustymabe>
there is a newish model that exists in which you bake you config changes into a derived container image (i.e. podman build to include config updates) but it's a bit more heavyweight in that you own the building and also you now control the updates yourself)
<dustymabe>
we're trying to thread the needle to make it less heavyweight but that's still kind of a WIP
<JamesBelchamber[>
Interesting. I guess my concern would be more reboots, which could add up quickly in a homelab environment
<dustymabe>
JamesBelchamber[: yeah. It depends on how often you are changing the config
<JamesBelchamber[>
With my fat fingers? I would guess often ;)
<JamesBelchamber[>
(I would be using it to experiment with things so - yeh, probably tens of changes in a few hours if I'm working on it actively)
<dustymabe>
fun
<dustymabe>
what kind of projects do you have in mind?
<JamesBelchamber[>
Well to start with I want to deploy Synapse on it
<JamesBelchamber[>
And redeploy home assistant (currently on a pi)
<JamesBelchamber[>
Then I want to get Frigate working, and then Immich.. and at some point, NextCloud
<dustymabe>
nice
<dustymabe>
sounds like some fun projects
<JamesBelchamber[>
I suspect that it will eventually evolve into a multi-node cluster (maybe running OKD?) but for now I just want one node
<JamesBelchamber[>
Yeh, it's not like I'm inventing anything new but I want to run it at home and I don't want to run it on a mutable OS. I'm pretty convinced that CoreOS will give me an easier time (at least keeping the core.. os, cleaner). And it would be good to get some road-miles with it.
<dustymabe>
well. welcome to the community!
<dustymabe>
our docs, while missing some things, are pretty good I would say
<dustymabe>
the tutorials would be a good kickstarter for you if you haven't already checked them out
<JamesBelchamber[>
Thanks! I've already brought up a CoreOS instance so I think I'm ready to start building on it now
<JamesBelchamber[>
I just haven't seen many people using Ansible against CoreOS and was wondering if it was an anti-pattern
<JamesBelchamber[>
I assume most people are just using CoreOS in a more disposable way though (so, just create a new instance - with ignition - every time you want to make changes)
Betal has joined #fedora-coreos
<dustymabe>
well. it is kind of an anti-pattern (at least we haven't encouraged it in the past), but I think enough people are doing it that it's at least a consistently traveled anti-pattern :)
<JamesBelchamber[>
With the preferred pattern being ignition?
<dustymabe>
JamesBelchamber[: I think that depends
<dustymabe>
in an env where you have some sort of container orchestration layer that kind of drives things. outside of that you can have systemd units that keep your containers up to date, but yes, changes to environment (like networking and such) would need to get laid down on the nodes over SSH or re-deploy
<JamesBelchamber[>
Yes, so I plan on configuring the systemd units with Ansible
<JamesBelchamber[>
I guess the "right" solution is a single-instance OKD cluster