From 8208620a8e257f09f0654b1e9b0c287c6deca1ee Mon Sep 17 00:00:00 2001 From: Stephen Lowrie Date: Wed, 19 Dec 2018 15:24:41 -0600 Subject: [PATCH 001/238] design: add azure section to cloud agents Adds design decisions from #65 & #97. --- Design.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Design.md b/Design.md index 9604ede..d9cf463 100644 --- a/Design.md +++ b/Design.md @@ -174,6 +174,14 @@ Originally discussed in [#12](https://github.com/coreos/fedora-coreos-tracker/is - For the short term, if we need to include an agent we will bake it into the image. We will not have any specific mechanism for including agents. +### Azure: + +Originally discussed in [#65](https://github.com/coreos/fedora-coreos-tracker/issues/65). + +- We've identified one major gap with not shipping the [Microsoft Azure Linux Agent](https://github.com/Azure/WALinuxAgent): the machine will not check-in and will eventually be culled by Azure for being stuck in the creation process. +- This gap will be covered by work done in [coreos-metadata](https://github.com/coreos/coreos-metadata/issues/120). +- One additional gap which will __not__ be covered is a lack of ephemeral disk support. We plan to ship udev rules but will not have a service which formats the disk unless we receive feature requests in the future. This was discussed in [#97](https://github.com/coreos/fedora-coreos-tracker/issues/97). + ### Open questions: - What do we do about VMware, which has a very involved and intrusive "agent"? From 3f42127f216477811c1f738a7ea72bc774185e2e Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 12 Dec 2018 17:15:42 -0500 Subject: [PATCH 002/238] Add ROADMAP.md - schedule for first Fedora CoreOS release --- ROADMAP.md | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 ROADMAP.md diff --git a/ROADMAP.md b/ROADMAP.md new file mode 100644 index 0000000..ee934df --- /dev/null +++ b/ROADMAP.md @@ -0,0 +1,89 @@ + +This is a rough timeline/roadmap for the work we know we need to do +for Fedora CoreOS and Fedora 30. It is not complete but it is a start +at trying to wrangle all of the things we've discussed onto a calendar +so we can prioritize some things and let others wait until later (i.e. +can be done after first ship date). + +## Fedora 30 schedule as [documented on the WIKI](https://fedoraproject.org/wiki/Releases/30/Schedule) +- 2019-01-29 Change Checkpoint: Proposal submission deadline (Self Contained Changes) +- 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) +- 2019-03-05 Beta Freeze / Bodhi Activation +- 2019-03-26 Beta Release (Preferred Target) +- 2019-04-02 Beta Release (Target #1) +- 2019-04-16 Final Freeze +- 2019-04-30 Fedora 30 Final Release (GA) (Preferred Target) +- 2019-05-07 Fedora 30 Final Release (GA) (Target #1) + +### December +- 2018-12-16 + - **H** - **finalize strategy** *Firewall Management [#26](https://github.com/coreos/fedora-coreos-tracker/issues/26)* + - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* + - gaps identified feature work requested + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - aws [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66), azure [#65](https://github.com/coreos/fedora-coreos-tracker/issues/65). open new tickets for work items + - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* + - Proof of concept complete + - **M** - **collaborate** *Talk to Fedora kernel team about FCOS stream design [#80](https://github.com/coreos/fedora-coreos-tracker/issues/80)* +- 2018-12-23 + - Holidays - Go Rest!! +- 2018-12-30 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items + - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* + + +### January +- 2019-01-07 + - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items +- 2019-01-14 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items + - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* +- 2019-01-21 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items + - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* + - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* +- 2019-01-28 + - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* + - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed + + +### February +- 2019-02-04 + - **H** - **finalize strategy** *Container Linux migration tools and documentation [#48](https://github.com/coreos/fedora-coreos-tracker/issues/48)* +- 2019-02-11 + - **M** - **finalize strategy** *Equivalent to system containers from Fedora Atomic in Fedora CoreOS design [#37](https://github.com/coreos/fedora-coreos-tracker/issues/37)* +- 2019-02-18 + - 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) +- 2019-02-25 + - **H** - **complete** *action items from fedora releng integration discussion ([#44](https://github.com/coreos/fedora-coreos-tracker/issues/44))* + - **H** - **complete aws, azure** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + + +### March +- 2019-03-04 + - **M** **strategize** *reboot coordination: locksmith successor design [#3](https://github.com/coreos/fedora-coreos-tracker/issues/3)* + - **H** - **complete gce** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* +- 2019-03-11 + - **H** - **complete openstack, packet** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* +- 2019-03-18 + - **H** - **complete virtualbox, qemu** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* +- 2019-03-25 + - **H** - **complete vmware, digitalocean** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + +### April +- 2019-04-01 +- 2019-04-08 +- 2019-04-15 + - 2019-04-16 Final Freeze +- 2019-04-22 +- 2019-04-29 + - 2019-04-30 Fedora 30 Final Release (GA) (Preferred Target) + +### May +- 2019-05-06 + - 2019-05-07 Fedora 30 Final Release (GA) (Target #1) From 0c04e48cfcdb02f0d69587e25c18b46b87504353 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 2 Jan 2019 11:23:50 -0500 Subject: [PATCH 003/238] fixup! Add ROADMAP.md - schedule for first Fedora CoreOS release --- ROADMAP.md | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index ee934df..64f3cd8 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,4 +1,3 @@ - This is a rough timeline/roadmap for the work we know we need to do for Fedora CoreOS and Fedora 30. It is not complete but it is a start at trying to wrangle all of the things we've discussed onto a calendar @@ -17,32 +16,36 @@ can be done after first ship date). ### December - 2018-12-16 - - **H** - **finalize strategy** *Firewall Management [#26](https://github.com/coreos/fedora-coreos-tracker/issues/26)* - - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* - - gaps identified feature work requested - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - aws [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66), azure [#65](https://github.com/coreos/fedora-coreos-tracker/issues/65). open new tickets for work items - - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* - - Proof of concept complete - - **M** - **collaborate** *Talk to Fedora kernel team about FCOS stream design [#80](https://github.com/coreos/fedora-coreos-tracker/issues/80)* + - ~~**H** - **finalize strategy** *Firewall Management [#26](https://github.com/coreos/fedora-coreos-tracker/issues/26)*~~ + - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ + - ~~azure [#65](https://github.com/coreos/fedora-coreos-tracker/issues/65). open new tickets for work items~~ + - ~~**M** - **collaborate** *Talk to Fedora kernel team about FCOS stream design [#80](https://github.com/coreos/fedora-coreos-tracker/issues/80)*~~ - 2018-12-23 - Holidays - Go Rest!! - 2018-12-30 - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* + - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* + - Proof of concept complete + - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* + - gaps identified feature work requested ### January - 2019-01-07 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - aws [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66), open new tickets for work items - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items - 2019-01-14 + - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* - 2019-01-21 + - Week of Devconf.cz - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* @@ -55,13 +58,17 @@ can be done after first ship date). ### February - 2019-02-04 - **H** - **finalize strategy** *Container Linux migration tools and documentation [#48](https://github.com/coreos/fedora-coreos-tracker/issues/48)* + - **M** - **finalize strategy** *Determine how to handle automatic rollback [#47](https://github.com/coreos/fedora-coreos-tracker/issues/47)* - 2019-02-11 - **M** - **finalize strategy** *Equivalent to system containers from Fedora Atomic in Fedora CoreOS design [#37](https://github.com/coreos/fedora-coreos-tracker/issues/37)* - 2019-02-18 - 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) - 2019-02-25 + - **H** - **finalize strategy** *Throttled update rollouts [#83](https://github.com/coreos/fedora-coreos-tracker/issues/83)* - **H** - **complete** *action items from fedora releng integration discussion ([#44](https://github.com/coreos/fedora-coreos-tracker/issues/44))* - **H** - **complete aws, azure** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - https://github.com/coreos/coreos-metadata/issues/120 + - https://github.com/coreos/fedora-coreos-tracker/issues/4 ### March From 557d6c7bb259d7d0d8ddb1f8ce3172710ab5f6a8 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 9 Jan 2019 10:07:36 -0500 Subject: [PATCH 004/238] update ROADMAP --- ROADMAP.md | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 64f3cd8..07cf1e3 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -23,26 +23,22 @@ can be done after first ship date). - 2018-12-23 - Holidays - Go Rest!! - 2018-12-30 - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* - - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* - - Proof of concept complete - - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* - - gaps identified feature work requested + - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ + - ~~aws [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66), open new tickets for work items~~ ### January - 2019-01-07 + - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* + - Proof of concept complete + - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - aws [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66), open new tickets for work items - - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items + - openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), open new tickets for work items - 2019-01-14 + - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* + - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* + - gaps identified feature work requested - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* - 2019-01-21 - Week of Devconf.cz @@ -50,13 +46,19 @@ can be done after first ship date). - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - 2019-01-28 - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items ### February - 2019-02-04 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items - **H** - **finalize strategy** *Container Linux migration tools and documentation [#48](https://github.com/coreos/fedora-coreos-tracker/issues/48)* - **M** - **finalize strategy** *Determine how to handle automatic rollback [#47](https://github.com/coreos/fedora-coreos-tracker/issues/47)* - 2019-02-11 From 9d6b8c0789f272c5d9fea406fafbb5542020017a Mon Sep 17 00:00:00 2001 From: Michael Nguyen Date: Wed, 9 Jan 2019 15:17:26 -0500 Subject: [PATCH 005/238] design: add aws section to cloud agents Add design decisions from #66 --- Design.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Design.md b/Design.md index d9cf463..7c96e42 100644 --- a/Design.md +++ b/Design.md @@ -174,6 +174,13 @@ Originally discussed in [#12](https://github.com/coreos/fedora-coreos-tracker/is - For the short term, if we need to include an agent we will bake it into the image. We will not have any specific mechanism for including agents. +### AWS: + +Originally discussed in [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66). + +- AWS does not require a cloud agent but does require NVME EBS udev rules +- The udev rules and script will be packaged in an RPM and included in FCOS with work being tracked in [#104](https://github.com/coreos/fedora-coreos-tracker/issues/104) + ### Azure: Originally discussed in [#65](https://github.com/coreos/fedora-coreos-tracker/issues/65). From 7916b5a6dca8effc95221e9081b0e253b8f8239f Mon Sep 17 00:00:00 2001 From: Luca Bruno Date: Wed, 2 Jan 2019 14:11:25 +0000 Subject: [PATCH 006/238] design: add section on firewall management This summarizes firewalling directions, as discussed in https://github.com/coreos/fedora-coreos-tracker/issues/26 --- Design.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Design.md b/Design.md index 7c96e42..3a9b44b 100644 --- a/Design.md +++ b/Design.md @@ -8,6 +8,7 @@ conclusion should be summarized here with a link to the issue. - [Disk Layout](#disk-layout) - [Approach towards shipping Python](#approach-towards-shipping-Python) - [Identification in `/etc/os-release`](#identification-in-etcos-release) +- [Firewall management](#firewall-management) - [Cloud Agents](#cloud-agents) - [Supported Ignition Versions](#supported-ignition-versions) @@ -162,6 +163,18 @@ Originally discussed in [#21](https://github.com/coreos/fedora-coreos-tracker/is We will identify a Fedora CoreOS server using the `ID=fedora` and `VARIANT_ID=coreos` fields in the `/etc/os-release` file. +## Firewall management + +Originally discussed in [#26](https://github.com/coreos/fedora-coreos-tracker/issues/26). + +### Summary: + + - FCOS will ship without any ad-hoc filtering rules. By default, nodes will boot without firewall. + - Components for both iptables and nft filtering will be provided (namely `iptables`, `nftables`, and `iptables-nft` packages, plus related kernel modules). + - It will be possible to set up static rules (i.e. meant to be valid and unchanged for the whole node lifetime) via Ignition. + - Dynamic rules (i.e. mutable at runtime) are out of scope for FCOS own toolings. + Container runtimes and orchestrators take ownership of those via their own (containerized) rules managers. + ## Cloud Agents Originally discussed in [#12](https://github.com/coreos/fedora-coreos-tracker/issues/12). From 109da49d87641cc4b58e6ad08fd15fb05ea371eb Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 15 Jan 2019 21:59:35 -0500 Subject: [PATCH 007/238] design: ignore SR-IOV interfaces on Azure --- Design.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Design.md b/Design.md index 7c96e42..5549fd5 100644 --- a/Design.md +++ b/Design.md @@ -188,6 +188,7 @@ Originally discussed in [#65](https://github.com/coreos/fedora-coreos-tracker/is - We've identified one major gap with not shipping the [Microsoft Azure Linux Agent](https://github.com/Azure/WALinuxAgent): the machine will not check-in and will eventually be culled by Azure for being stuck in the creation process. - This gap will be covered by work done in [coreos-metadata](https://github.com/coreos/coreos-metadata/issues/120). - One additional gap which will __not__ be covered is a lack of ephemeral disk support. We plan to ship udev rules but will not have a service which formats the disk unless we receive feature requests in the future. This was discussed in [#97](https://github.com/coreos/fedora-coreos-tracker/issues/97). +- As a cosmetic issue, we should also ship a rule to [ignore SR-IOV interfaces](https://github.com/coreos/fedora-coreos-tracker/issues/115). ### Open questions: From f1629474220631b836856b71e77ca35fb407404d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 16 Jan 2019 11:31:24 -0500 Subject: [PATCH 008/238] update ROADMAP --- ROADMAP.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 07cf1e3..daebe32 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -29,25 +29,27 @@ can be done after first ship date). ### January - 2019-01-07 - - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* - - Proof of concept complete - - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), open new tickets for work items + - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ + - ~~openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), open new tickets for work items~~ - 2019-01-14 - - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* - gaps identified feature work requested - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* + - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ + - ~~digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items~~ + - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* + - Proof of concept complete - 2019-01-21 - Week of Devconf.cz + - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items + - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), open new tickets for work items - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items + - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* - 2019-01-28 - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed From b641d3569efcd98630c0f95c53ee6bbae320a933 Mon Sep 17 00:00:00 2001 From: Andrew Jeddeloh Date: Wed, 16 Jan 2019 08:35:32 -0800 Subject: [PATCH 009/238] roadmap: add timeline for Ignition spec 3.0.0 --- ROADMAP.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ROADMAP.md b/ROADMAP.md index daebe32..2faa1ba 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -73,6 +73,8 @@ can be done after first ship date). - **H** - **complete aws, azure** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - https://github.com/coreos/coreos-metadata/issues/120 - https://github.com/coreos/fedora-coreos-tracker/issues/4 + - **M** - Have Ignition spec 3.0.0 finalized with alpha implementation + - https://github.com/coreos/ignition/milestone/5 ### March From bca2b4f4ed099a152dbceedc8b407112f239403f Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 16 Jan 2019 11:05:04 -0500 Subject: [PATCH 010/238] design: add openstack section to cloud agents Add design decisions from #68 --- Design.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Design.md b/Design.md index 5549fd5..10a9009 100644 --- a/Design.md +++ b/Design.md @@ -190,6 +190,13 @@ Originally discussed in [#65](https://github.com/coreos/fedora-coreos-tracker/is - One additional gap which will __not__ be covered is a lack of ephemeral disk support. We plan to ship udev rules but will not have a service which formats the disk unless we receive feature requests in the future. This was discussed in [#97](https://github.com/coreos/fedora-coreos-tracker/issues/97). - As a cosmetic issue, we should also ship a rule to [ignore SR-IOV interfaces](https://github.com/coreos/fedora-coreos-tracker/issues/115). +### OpenStack: + +Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68). + +- OpenStack environments do not require a cloud agent +- We will provide any base level of functionality with ignition and coreos-metadata + ### Open questions: - What do we do about VMware, which has a very involved and intrusive "agent"? From 1288b2e7e30449f340a26123155c41560dd24ae7 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 15 Jan 2019 21:02:02 -0500 Subject: [PATCH 011/238] design: add DigitalOcean section to cloud agents Add design decisions from #71. --- Design.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Design.md b/Design.md index 10a9009..7dc43a5 100644 --- a/Design.md +++ b/Design.md @@ -190,6 +190,14 @@ Originally discussed in [#65](https://github.com/coreos/fedora-coreos-tracker/is - One additional gap which will __not__ be covered is a lack of ephemeral disk support. We plan to ship udev rules but will not have a service which formats the disk unless we receive feature requests in the future. This was discussed in [#97](https://github.com/coreos/fedora-coreos-tracker/issues/97). - As a cosmetic issue, we should also ship a rule to [ignore SR-IOV interfaces](https://github.com/coreos/fedora-coreos-tracker/issues/115). +### DigitalOcean: + +Originally discussed in [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71). + +- DigitalOcean has an [agent](https://github.com/digitalocean/do-agent) that provides instance metrics back to DO. We will not ship it. +- DigitalOcean does not generally offer DHCP. Network configuration is obtained from an HTTP metadata service on a link-local address. On other platforms this is handled by cloud-init. +- Networking should be configured by coreos-metadata running in the initramfs, but coreos-metadata [may need to learn to configure NetworkManager or nm-state](https://github.com/coreos/fedora-coreos-tracker/issues/111) depending on the outcome of [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24). + ### OpenStack: Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68). From 93294d6ef4ecce6b0df6bdc27aabf52e336459c2 Mon Sep 17 00:00:00 2001 From: Stephen Lowrie Date: Tue, 22 Jan 2019 10:16:57 -0600 Subject: [PATCH 012/238] roadmap: fix broken link --- ROADMAP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ROADMAP.md b/ROADMAP.md index 2faa1ba..edfe9b7 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -60,7 +60,7 @@ can be done after first ship date). ### February - 2019-02-04 - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items + - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/73), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items - **H** - **finalize strategy** *Container Linux migration tools and documentation [#48](https://github.com/coreos/fedora-coreos-tracker/issues/48)* - **M** - **finalize strategy** *Determine how to handle automatic rollback [#47](https://github.com/coreos/fedora-coreos-tracker/issues/47)* - 2019-02-11 From eb62472ef250f654c663fd4efd20e558564528b5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 23 Jan 2019 11:19:48 -0500 Subject: [PATCH 013/238] roadmap: update roadmap --- ROADMAP.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index edfe9b7..0a90405 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -32,33 +32,33 @@ can be done after first ship date). - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - ~~openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), open new tickets for work items~~ - 2019-01-14 - - **H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)* - - gaps identified feature work requested - - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* - - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - ~~digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items~~ - - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* - - Proof of concept complete + - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ + - ~~packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items~~ - 2019-01-21 - Week of Devconf.cz - - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), open new tickets for work items + - ~~**H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)*~~ + - ~~gaps identified feature work requested~~ + - ~~**H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)*~~ - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* - - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - - **H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)* + - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* + - Proof of concept complete - 2019-01-28 + - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items + - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* + - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* + - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* ### February - 2019-02-04 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), open new tickets for work items - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/73), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items - **H** - **finalize strategy** *Container Linux migration tools and documentation [#48](https://github.com/coreos/fedora-coreos-tracker/issues/48)* From e69dab0e1448358d0a9ebca9e23047a321bcd9a3 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 23 Jan 2019 19:55:11 -0500 Subject: [PATCH 014/238] design: add no-autologin policy --- Design.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Design.md b/Design.md index e935b46..78d55cd 100644 --- a/Design.md +++ b/Design.md @@ -11,6 +11,7 @@ conclusion should be summarized here with a link to the issue. - [Firewall management](#firewall-management) - [Cloud Agents](#cloud-agents) - [Supported Ignition Versions](#supported-ignition-versions) +- [Security policies](#security-policies) ## OSTree Delivery Format @@ -231,3 +232,11 @@ Originally discussed in [#31](https://github.com/coreos/fedora-coreos-tracker/is - FCOS will only support Ignition spec 3.0.0 and up. - Ignition spec 3.0.0 will break compatibilty with spec 2.x.y, although most configs will only require minor changes. - Tooling should exist to aid converting 2.x.y configs to 3.0.0 configs, although perfect automated translation will not be possible. + +## Security policies + +### No autologin by default + +Originally discussed in [#114](https://github.com/coreos/fedora-coreos-tracker/issues/114). + +We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCE, Packet) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. From 8f651826eff79e43a2886d99af3da1d575f5c187 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 23 Jan 2019 17:57:54 -0500 Subject: [PATCH 015/238] design: add Packet section to cloud agents Add design decisions from #69. --- Design.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Design.md b/Design.md index e935b46..e474bda 100644 --- a/Design.md +++ b/Design.md @@ -218,6 +218,15 @@ Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/is - OpenStack environments do not require a cloud agent - We will provide any base level of functionality with ignition and coreos-metadata +### Packet: + +Originally discussed in [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69). + +- On the first boot, Packet requires the machine to phone home to report a successful boot. This will be [handled by coreos-metadata](https://github.com/coreos/coreos-metadata/issues/120). +- Packet provides the IPv4 public address via DHCP, allowing a machine to acquire network via standard mechanisms. However, to obtain a private IPv4 address or a public IPv6 address (on the same interface), networking must be configured using metadata from an HTTP metadata service. This can be handled by coreos-metadata in the initramfs, but it [may need to learn to configure NetworkManager or nm-state](https://github.com/coreos/fedora-coreos-tracker/issues/111) depending on the outcome of [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24). +- Packet needs the serial console on x86 to be directed to `ttyS1`, not `ttyS0`, requiring [cloud-specific bootloader configuration](https://github.com/coreos/fedora-coreos-tracker/issues/110). A different serial console configuration is required on ARM64. +- On many Linux OSes, Packet sets a randomized root password which is then available from the Packet console for 24 hours. This allows the serial (SOS) console to be used for interactive debugging. Container Linux, instead, enables autologin on the console by default. To avoid surprising users, Fedora CoreOS will do neither. For interactive console access, users can use Ignition to enable autologin or to set a password on the `core` account, and we'll document how to do that. + ### Open questions: - What do we do about VMware, which has a very involved and intrusive "agent"? From d34d4d2263082bd9dcb9a29a3249b59f2af4cea4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 30 Jan 2019 11:12:12 -0500 Subject: [PATCH 016/238] roadmap: update roadmap --- ROADMAP.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 0a90405..4fb97ce 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -41,22 +41,19 @@ can be done after first ship date). - ~~**H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)*~~ - ~~gaps identified feature work requested~~ - ~~**H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)*~~ - - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* - - Proof of concept complete - 2019-01-28 - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* - - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* - - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed - - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* + - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* + - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* + - Proof of concept complete ### February - 2019-02-04 + - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* + - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), open new tickets for work items - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* @@ -65,8 +62,11 @@ can be done after first ship date). - **M** - **finalize strategy** *Determine how to handle automatic rollback [#47](https://github.com/coreos/fedora-coreos-tracker/issues/47)* - 2019-02-11 - **M** - **finalize strategy** *Equivalent to system containers from Fedora Atomic in Fedora CoreOS design [#37](https://github.com/coreos/fedora-coreos-tracker/issues/37)* + - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* + - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed - 2019-02-18 - 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) + - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* - 2019-02-25 - **H** - **finalize strategy** *Throttled update rollouts [#83](https://github.com/coreos/fedora-coreos-tracker/issues/83)* - **H** - **complete** *action items from fedora releng integration discussion ([#44](https://github.com/coreos/fedora-coreos-tracker/issues/44))* From 9c2c2cc4f542f705613d52febb6ee8aeb659b28d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 27 Feb 2019 12:33:58 -0500 Subject: [PATCH 017/238] ROADMAP: point to dynamically updating boards --- README.md | 7 ++++ ROADMAP.md | 102 ++++++----------------------------------------------- 2 files changed, 17 insertions(+), 92 deletions(-) diff --git a/README.md b/README.md index 1f0c2ab..356813d 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,13 @@ Future Link to download page - website at [https://coreos.fedoraproject.org/](https://coreos.fedoraproject.org/) - Twitter: [@coreos](https://twitter.com/coreos) (specific to CoreOS and containers) and [@fedora](https://twitter.com/fedora) (all Fedora and other relevant news) +# Roadmap/Plans + +The first release of Fedora CoreOS will be a +[preview release](https://github.com/coreos/fedora-coreos-tracker/issues/145) +followed by a subsequent stable release. You can seee a link to +our project boards in our [ROADMAP.md](./ROADMAP.md). + # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually diff --git a/ROADMAP.md b/ROADMAP.md index 4fb97ce..d9370b1 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,10 +1,14 @@ -This is a rough timeline/roadmap for the work we know we need to do -for Fedora CoreOS and Fedora 30. It is not complete but it is a start -at trying to wrangle all of the things we've discussed onto a calendar -so we can prioritize some things and let others wait until later (i.e. -can be done after first ship date). +There are some project boards that are dynamically updated that mark +items we'd like to complete for our Preview and Stable releases of +Fedora CoreOS: + +- [Fedora CoreOS Preview Release Project Board](https://github.com/orgs/coreos/projects/82) +- [Fedora CoreOS Stable Release Project Board](https://github.com/orgs/coreos/projects/84) +- [Fedora CoreOS Paper Cuts Board](https://github.com/orgs/coreos/projects/83) + +Below is an overview of the Fedora 30 Schedule as +[documented on the WIKI](https://fedoraproject.org/wiki/Releases/30/Schedule) -## Fedora 30 schedule as [documented on the WIKI](https://fedoraproject.org/wiki/Releases/30/Schedule) - 2019-01-29 Change Checkpoint: Proposal submission deadline (Self Contained Changes) - 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) - 2019-03-05 Beta Freeze / Bodhi Activation @@ -14,89 +18,3 @@ can be done after first ship date). - 2019-04-30 Fedora 30 Final Release (GA) (Preferred Target) - 2019-05-07 Fedora 30 Final Release (GA) (Target #1) -### December -- 2018-12-16 - - ~~**H** - **finalize strategy** *Firewall Management [#26](https://github.com/coreos/fedora-coreos-tracker/issues/26)*~~ - - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - - ~~azure [#65](https://github.com/coreos/fedora-coreos-tracker/issues/65). open new tickets for work items~~ - - ~~**M** - **collaborate** *Talk to Fedora kernel team about FCOS stream design [#80](https://github.com/coreos/fedora-coreos-tracker/issues/80)*~~ -- 2018-12-23 - - Holidays - Go Rest!! -- 2018-12-30 - - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - - ~~aws [#66](https://github.com/coreos/fedora-coreos-tracker/issues/66), open new tickets for work items~~ - - -### January -- 2019-01-07 - - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - - ~~openstack [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68), open new tickets for work items~~ -- 2019-01-14 - - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - - ~~digitalocean [#71](https://github.com/coreos/fedora-coreos-tracker/issues/71), open new tickets for work items~~ - - ~~**H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)*~~ - - ~~packet [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69), open new tickets for work items~~ -- 2019-01-21 - - Week of Devconf.cz - - ~~**H** - **finalize strategy**,**collaborate** *Network Management [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24)*~~ - - ~~gaps identified feature work requested~~ - - ~~**H** - **finalize strategy** *ostree mirroring for better UX [#54](https://github.com/coreos/fedora-coreos-tracker/issues/54)*~~ -- 2019-01-28 - - **M** - **finalize strategy** *Collect metrics from Fedora CoreOS machines design [#86](https://github.com/coreos/fedora-coreos-tracker/issues/86)* - - **H** - **collaborate** *fedora releng integration [#44](https://github.com/coreos/fedora-coreos-tracker/issues/44)* - - **L** - **complete** *merge of fedora-toolbox and coreos-toolbox efforts [#90](https://github.com/coreos/fedora-coreos-tracker/issues/90)* - - **M** - **finalize strategy** *burndown python dependencies [#92](https://github.com/coreos/fedora-coreos-tracker/issues/92)* - - **M** - **complete** *bare metal installer: POC [#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)* - - Proof of concept complete - - -### February -- 2019-02-04 - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - gce [#67](https://github.com/coreos/fedora-coreos-tracker/issues/67), open new tickets for work items - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - vmware [#70](https://github.com/coreos/fedora-coreos-tracker/issues/70), open new tickets for work items - - **H** - **investigate** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - virtualbox [#73](https://github.com/coreos/fedora-coreos-tracker/issues/73), qemu [#74](https://github.com/coreos/fedora-coreos-tracker/issues/74), open new tickets for work items - - **H** - **finalize strategy** *Container Linux migration tools and documentation [#48](https://github.com/coreos/fedora-coreos-tracker/issues/48)* - - **M** - **finalize strategy** *Determine how to handle automatic rollback [#47](https://github.com/coreos/fedora-coreos-tracker/issues/47)* -- 2019-02-11 - - **M** - **finalize strategy** *Equivalent to system containers from Fedora Atomic in Fedora CoreOS design [#37](https://github.com/coreos/fedora-coreos-tracker/issues/37)* - - **M** - **complete** *Host Installer for Fedora CoreOS (bare metal) [#50](https://github.com/coreos/fedora-coreos-tracker/issues/50)* - - Action items, gaps identified from POC ([#91](https://github.com/coreos/fedora-coreos-tracker/issues/91)) have been fixed -- 2019-02-18 - - 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) - - **H** - **finalize strategy** *Kubernetes/OKD strategy [#93](https://github.com/coreos/fedora-coreos-tracker/issues/93)* -- 2019-02-25 - - **H** - **finalize strategy** *Throttled update rollouts [#83](https://github.com/coreos/fedora-coreos-tracker/issues/83)* - - **H** - **complete** *action items from fedora releng integration discussion ([#44](https://github.com/coreos/fedora-coreos-tracker/issues/44))* - - **H** - **complete aws, azure** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - - https://github.com/coreos/coreos-metadata/issues/120 - - https://github.com/coreos/fedora-coreos-tracker/issues/4 - - **M** - Have Ignition spec 3.0.0 finalized with alpha implementation - - https://github.com/coreos/ignition/milestone/5 - - -### March -- 2019-03-04 - - **M** **strategize** *reboot coordination: locksmith successor design [#3](https://github.com/coreos/fedora-coreos-tracker/issues/3)* - - **H** - **complete gce** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* -- 2019-03-11 - - **H** - **complete openstack, packet** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* -- 2019-03-18 - - **H** - **complete virtualbox, qemu** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* -- 2019-03-25 - - **H** - **complete vmware, digitalocean** *no cloud agents [#95](https://github.com/coreos/fedora-coreos-tracker/issues/95)* - -### April -- 2019-04-01 -- 2019-04-08 -- 2019-04-15 - - 2019-04-16 Final Freeze -- 2019-04-22 -- 2019-04-29 - - 2019-04-30 Fedora 30 Final Release (GA) (Preferred Target) - -### May -- 2019-05-06 - - 2019-05-07 Fedora 30 Final Release (GA) (Target #1) From e7c8091297e19f13c461df68c1575e9701544aa7 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 11 Mar 2019 09:35:43 -0400 Subject: [PATCH 018/238] README: fix spelling error --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 356813d..2e574a9 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Future Link to download page The first release of Fedora CoreOS will be a [preview release](https://github.com/coreos/fedora-coreos-tracker/issues/145) -followed by a subsequent stable release. You can seee a link to +followed by a subsequent stable release. You can see a link to our project boards in our [ROADMAP.md](./ROADMAP.md). # Meetings From 97afcb90b622af2649ddd0e9df568729a8c8438a Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 11 Mar 2019 09:35:58 -0400 Subject: [PATCH 019/238] README: fix hyperlink They link was correct but the text was wrong. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2e574a9..7c88628 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Future Link to download page - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - `#fedora-coreos` on IRC (Freenode) -- forum at [https://discussion.fedoraproject.org/c/coreos](https://discussion.fedoraproject.org/c/server/coreos) +- forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://coreos.fedoraproject.org/](https://coreos.fedoraproject.org/) - Twitter: [@coreos](https://twitter.com/coreos) (specific to CoreOS and containers) and [@fedora](https://twitter.com/fedora) (all Fedora and other relevant news) From a8de3b5e47e68a386d1c0892bebdf22f5a33a304 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 20 Mar 2019 19:32:08 -0400 Subject: [PATCH 020/238] Design: GCE -> GCP --- Design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Design.md b/Design.md index c1c215c..6c4d8d2 100644 --- a/Design.md +++ b/Design.md @@ -248,4 +248,4 @@ Originally discussed in [#31](https://github.com/coreos/fedora-coreos-tracker/is Originally discussed in [#114](https://github.com/coreos/fedora-coreos-tracker/issues/114). -We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCE, Packet) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. +We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCP, Packet) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. From 81f3dd3faf5fec3263145d40795c877e66982d9f Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 11 Apr 2019 13:41:53 -0400 Subject: [PATCH 021/238] Add design doc for stream tooling --- stream-tooling.md | 90 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 stream-tooling.md diff --git a/stream-tooling.md b/stream-tooling.md new file mode 100644 index 0000000..0e5fe92 --- /dev/null +++ b/stream-tooling.md @@ -0,0 +1,90 @@ +# Stream tooling + +## Introduction + +FCOS will have multiple streams: + +| Type | Name (SCM branch and ostree ref) | ostree repo | +| -- | -- | -- | +| Production | next | prod | +| Production | testing | prod | +| Production | stable | prod | +| Development | testing-devel | annex | +| Development | next-devel | annex | +| Mechanical | rawhide | annex | +| Mechanical | branched | annex | +| Mechanical | bodhi-updates | annex | +| Mechanical | bodhi-updates-testing | annex | + +Development and mechanical streams are subject to change. + +We need a way to both (1) fix the content set for a particular stream release, and (2) integrate new content into development streams. + +## Current tools at our disposal +- git +- rpm-ostree treefiles: manifest fed to rpm-ostree that contains the list of packages to use during a compose. [Example](https://github.com/coreos/fedora-coreos-config/blob/master/fedora-coreos-base.yaml). +- rpm-ostree treefile locks: [pending rpm-ostree patch]( https://github.com/projectatomic/rpm-ostree/pull/1745) adding "lockfile" functionality similar to Cargo.lock/Gopkg.lock. This essentially means that the rpm-ostree compose is guaranteed to use specific package versions (or fail) as described in the lockfile. (To be clear, all of the below could probably be done without a lock file, since the treefile supports fully specifying the NEVRA, but having a separate lockfile allows for more sophisticated tooling and a cleaner treefile.) +- Koji tags: a way to track packages built in Koji. Koji is capable of creating yum repos from such tags. RPM builds may be "tagged" in so that the next repo regeneration includes it. +- [dist-git](http://src.fedoraproject.org/): git where RPM spec files are kept and Koji builds source from. + +## Proposal + +**Mechanical** streams are not curated; they're automated nightly snapshots of the underlying repos. They source their RPMs from the regular Fedora repos (using 30 here to mean `$currentrelease`): +1. **rawhide** <- f32 +2. **branched** <- f31 when a branch exists, otherwise tracks **rawhide** +3. **bodhi-updates** <- f30-stable + f30-updates +4. **bodhi-updates-testing** <- f30-stable + f30-updates + f30-updates-testing + +**Production** streams are intended for production use. They source their RPMs from a _single_ Koji tag, `coreos-pool`, from which we create a yum repo: +1. **next** <- coreos-pool +2. **testing** <- coreos-pool +3. **stable** <- coreos-pool + +**Development** streams are nightly snapshots of content headed for the production streams. There's one development stream at the base of each promotion path; thus, **stable** doesn't have one because it promotes from **testing** instead. **next-devel** will only be maintained in the periods where **next** is independent of **testing**. Development streams source their RPMs from a _single_ Koji tag, `coreos-pool`, from which we create a yum repo: +1. **next-devel** <- coreos-pool +2. **testing-devel** <- coreos-pool + +The Koji tag ensures that (1) packages are not automatically garbage collected, (2) stream builds are reproducible (up to the GC retention policy we agree upon), and (3) packages are added to the pool (and thus into the production streams) in a controlled manner. + +There is also a second Koji tag, `coreos-release`, for packages which have been included in a production build. Packages in `coreos-release` have a longer TTL than `coreos-pool`, increasing the time that official builds can be reproduced by others. + +### How will the package list be maintained? + +We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no master branch. + +For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The {bodhi-updates, branched} lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. + +The lockfiles produced from the automatic snapshot will never be hand-modified, and in the next/testing/stable branches will never be modified at all except during promotions. Instead, pins (to older NEVRAs) and updates (to newer ones) will be hand-maintained in the Git branches in a separate lockfile that overrides the autogenerated ones. These overrides will be the major distinction between the mechanical refs and the "curated" (development/production) refs. Each curated branch will have one override file, which can carry both CPU-architecture-independent and architecture-specific overrides. + +### How will releases happen? + +When it's time to cut e.g. a promoted testing release, we push a merge commit to the testing branch which takes the testing-devel branch's tree in entirety. (That is, we use the Git "theirs" merge strategy, which, helpfully, doesn't exist.) We then tag the Git commit on the testing branch and do an official build and CI run. In the absence of flakes (ha!) this will pass because the commit is known to be green. If the build is bad, we abandon the release and iterate. Otherwise, we proceed with releasing artifacts. + +If we need to update an existing testing release, there's no need for another merge commit; we just commit changes to the testing branch and tag the release from there. + +### How do packages get added to the koji tags? + +When a lockfile update is merged, this triggers a process which watches for pushes to the curated branches, and adds all the builds from the updated lockfile to `coreos-pool`. + +During production builds, the pipeline tags packages from the lockfile into `coreos-release`. + +### Adding/removing packages to the OS + +Update the development treefile as usual. On the next bot push, the lockfile will be updated to include that package entry. + +To focus development effort, there will be one base treefile shared across all branches, whose canonical copy will live in the testing-devel branch. Changes will automatically be mirrored to next-devel and to the mechanical branches. To address divergence across Fedora releases, each branch will also have an overlay treefile (possibly empty): + +- **testing-devel** -> automatically mirrored to bodhi-updates and bodhi-updates-testing +- **next-devel** -> automatically mirrored to branched +- **rawhide** + +### Dealing with backports + +There are two cases: +1. Backporting an already built Fedora package into a prod release: + - We bump the override file entry for that specific package + - The package automatically gets koji-tagged on push +2. Backporting a patch which isn't in a Fedora package (or the package was already updated too far): + - We build the RPM from a dist-git branch + - We add the RPM to the koji tag (though the build target destination tag could already be set to remove this manual tagging step) + - We bump the override file entry for that specific package From 5b9c59f7b85efb3c44f784d7c35d2e40aa1a3a15 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 1 May 2019 13:11:36 -0400 Subject: [PATCH 022/238] README: document use of Etherpad in meetings --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7c88628..71b5610 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,16 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting +- [Create an agenda Etherpad](https://public.etherpad-mozilla.org/) named `-FCOS-Meeting` and using this template: + +``` +Meeting Agenda: https://github.com/coreos/fedora-coreos-tracker/labels/meeting + - : <link> + +Open floor topics: + - +``` + - Navigate to `#fedora-meeting-1` on freenode - Type `#startmeeting fedora_coreos_meeting` - `#topic roll call` @@ -57,6 +67,7 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. Wait for 2-4 minutes for people to check in for the roll call. - `#chair` all the people present for the meeting +- `#info Please add items to the meeting agenda at <agenda URL>` - `#topic Action items from last meeting` Find the last meeting log from @@ -76,9 +87,13 @@ During the meeting, you can give people action items for them to complete: - `#action <nickname>` description of what needs to be done -When all the tickets are over, go for Open floor +Then, for each discussion topic in the Etherpad: + +- `#topic` Topic name from Etherpad + +When all topics are over, go for open floor: -- `#topic` Open Floor +- `#topic Open Floor` After open floor, end the meeting. From 0b19d138d944f1310120e4399cbc4a807411eee3 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 1 May 2019 13:12:26 -0400 Subject: [PATCH 023/238] README: document scraping meeting URLs from Meetbot footer --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 71b5610..805b8bb 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,8 @@ After open floor, end the meeting. When convenient, send an email to `coreos@lists.fedoraproject.org` with the details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/sresults/?group_id=fedora_coreos_meeting&type=team). Minutes in textual format are directly available using `.txt` as URL extension. +It's easiest to get the Minutes/Minutes (text)/Log URLs by copying the +footer that Meetbot prints after `#endmeeting`. The usual format follows: From 004def8bb7003141fa9a3390dc683f71da0438bb Mon Sep 17 00:00:00 2001 From: Andrew Jeddeloh <andrew.jeddeloh@coreos.com> Date: Wed, 1 May 2019 14:46:27 -0700 Subject: [PATCH 024/238] Design: Add section on FCC/FCCT/FCCL --- Design.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Design.md b/Design.md index 6c4d8d2..852ed10 100644 --- a/Design.md +++ b/Design.md @@ -11,6 +11,7 @@ conclusion should be summarized here with a link to the issue. - [Firewall management](#firewall-management) - [Cloud Agents](#cloud-agents) - [Supported Ignition Versions](#supported-ignition-versions) +- [Configuration Language and Transpiler](#configuration-language-and-transpiler) - [Security policies](#security-policies) ## OSTree Delivery Format @@ -242,6 +243,22 @@ Originally discussed in [#31](https://github.com/coreos/fedora-coreos-tracker/is - Ignition spec 3.0.0 will break compatibilty with spec 2.x.y, although most configs will only require minor changes. - Tooling should exist to aid converting 2.x.y configs to 3.0.0 configs, although perfect automated translation will not be possible. +## Configuration Language and Transpiler + +- Originally discussed in issue [#129](https://github.com/coreos/fedora-coreos-tracker/issues/129). +- Versioning discussed in issue [#89](https://github.com/coreos/fedora-coreos-tracker/issues/89) + +### Summary: + +Fedora CoreOS will have a configuration language similar to the [Container Linux Configuration Language](https://coreos.com/os/docs/latest/configuration.html) named the Fedora CoreOS Configuration Language (FCCL). There will be a tool, the Fedora CoreOS Configuration Transpiler (FCCT) to convert Fedora CoreOS Configs (FCCs) to Ignition configs. + +The FCCL will be versioned using semver, similar to how the Ignition spec is versioned. FCCT will accept all versions of the FCCL. Each FCCL version will target exactly one Ignition spec version. +This means: +- Old FCCs will continue to work with new versions of FCCT without modification. +- Each FCCL version will always emit the same version of Ignition config, regardless of what version of FCCT was used to transpile it. +- Since FCOS will accept old (down to 3.0.0) versions of Ignition configs, old FCCs will continue to work with new FCOS releases without modification. +- To use new features in new FCCT releases, users must update their configs to use the new FCCL spec. + ## Security policies ### No autologin by default From 728b00eff34ed7486a1bb3c2b1983eb56a3b2b98 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 17 May 2019 14:51:48 -0400 Subject: [PATCH 025/238] design: automatically disable SMT when vulnerable --- Design.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Design.md b/Design.md index 852ed10..ee4e526 100644 --- a/Design.md +++ b/Design.md @@ -266,3 +266,13 @@ This means: Originally discussed in [#114](https://github.com/coreos/fedora-coreos-tracker/issues/114). We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCP, Packet) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. + +### Automatically disable SMT when needed to address vulnerabilities + +Originally discussed in [#181](https://github.com/coreos/fedora-coreos-tracker/issues/181). + +There have been multiple rounds of CPU vulnerabilities (L1TF and MDS) which cannot be completely mitigated without disabling Simultaneous Multi-Threading on affected processors. Disabling SMT has a cost: it reduces system performance and changes the apparent number of processors on the system. However, enabling SMT on affected systems would be an insecure default. + +By default, Fedora CoreOS will configure the kernel to disable SMT on vulnerable machines. This conditional approach avoids incurring the performance cost on systems that aren't vulnerable. However, it fails to protect systems affected by undisclosed SMT vulnerabilities, and it allows future OS updates to disable SMT without notice if new vulnerabilities become known. + +We will document this policy and its consequences, and provide instructions for unconditionally enabling or disabling SMT for users who prefer a different policy. From 5514c58f48208eb32f00c92cc306e0eea826acd6 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 31 May 2019 02:03:25 -0400 Subject: [PATCH 026/238] README: drop Etherpad from meeting process --- README.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/README.md b/README.md index 805b8bb..306c5ab 100644 --- a/README.md +++ b/README.md @@ -50,16 +50,6 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting -- [Create an agenda Etherpad](https://public.etherpad-mozilla.org/) named `<YYYYMMDD>-FCOS-Meeting` and using this template: - -``` -Meeting Agenda: https://github.com/coreos/fedora-coreos-tracker/labels/meeting - - <title>: <link> - -Open floor topics: - - -``` - - Navigate to `#fedora-meeting-1` on freenode - Type `#startmeeting fedora_coreos_meeting` - `#topic roll call` @@ -67,7 +57,6 @@ Open floor topics: Wait for 2-4 minutes for people to check in for the roll call. - `#chair` all the people present for the meeting -- `#info Please add items to the meeting agenda at <agenda URL>` - `#topic Action items from last meeting` Find the last meeting log from @@ -87,10 +76,6 @@ During the meeting, you can give people action items for them to complete: - `#action <nickname>` description of what needs to be done -Then, for each discussion topic in the Etherpad: - -- `#topic` Topic name from Etherpad - When all topics are over, go for open floor: - `#topic Open Floor` From f3ad1bd8a3a129f82d199c75a597a86ae9632907 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 3 Jun 2019 11:11:09 -0400 Subject: [PATCH 027/238] README: remove meeting labels after meetings --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 306c5ab..5c9160c 100644 --- a/README.md +++ b/README.md @@ -84,13 +84,17 @@ After open floor, end the meeting. - `#endmeeting` -When convenient, send an email to `coreos@lists.fedoraproject.org` with the +Then, when convenient: + +- Remove `meeting` labels from [tickets that were discussed](https://github.com/coreos/fedora-coreos-tracker/labels/meeting) + +- Send an email to `coreos@lists.fedoraproject.org` with the details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/sresults/?group_id=fedora_coreos_meeting&type=team). Minutes in textual format are directly available using `.txt` as URL extension. It's easiest to get the Minutes/Minutes (text)/Log URLs by copying the -footer that Meetbot prints after `#endmeeting`. - -The usual format follows: +footer that Meetbot prints after `#endmeeting`. You can see examples in the +[archives](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/); +the usual format follows: ``` Subject: Fedora CoreOS Meeting Minutes year-mm-dd @@ -104,8 +108,6 @@ Log: <URL to meetbot .log.html> <Copy/paste content of meetbot .txt> ``` -You can see examples in the [archives](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - # Voting On some topics we will need to vote. The following rules apply to the voting From 6fc260d22e8313fceb9f37619c5d7af6470689d8 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 3 Jun 2019 11:17:34 -0400 Subject: [PATCH 028/238] README: linkify coreos@ mailing list --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5c9160c..95999ca 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ Then, when convenient: - Remove `meeting` labels from [tickets that were discussed](https://github.com/coreos/fedora-coreos-tracker/labels/meeting) -- Send an email to `coreos@lists.fedoraproject.org` with the +- Send an email to [coreos@lists.fedoraproject.org](mailto:coreos@lists.fedoraproject.org) with the details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/sresults/?group_id=fedora_coreos_meeting&type=team). Minutes in textual format are directly available using `.txt` as URL extension. It's easiest to get the Minutes/Minutes (text)/Log URLs by copying the From 8eee7af221a25c1ca85dd6e870fc4a49064dcde9 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Sun, 23 Jun 2019 22:27:49 -0400 Subject: [PATCH 029/238] Add sample stream and release metadata, and release index From #98. --- metadata/release-index.json | 17 ++++ metadata/release.yaml | 117 ++++++++++++++++++++++++++ metadata/stream.yaml | 163 ++++++++++++++++++++++++++++++++++++ 3 files changed, 297 insertions(+) create mode 100644 metadata/release-index.json create mode 100644 metadata/release.yaml create mode 100644 metadata/stream.yaml diff --git a/metadata/release-index.json b/metadata/release-index.json new file mode 100644 index 0000000..862036c --- /dev/null +++ b/metadata/release-index.json @@ -0,0 +1,17 @@ +{ + "releases": [ + { + "commit": "<hash>", + "version": "<version>", + "metadata": "<url endpoint to build release metadata>" + }, + { + "commit": "<hash>", + "version": "<version>", + "metadata": "<url endpoint to build release metadata>" + } + ], + "metadata": { + "last-modified": "<timestamp>" + } +} diff --git a/metadata/release.yaml b/metadata/release.yaml new file mode 100644 index 0000000..73596cb --- /dev/null +++ b/metadata/release.yaml @@ -0,0 +1,117 @@ +# Note: the actual document will be JSON + +release: 30.1.2.3 +stream: stable +metadata: + last-modified: "2019-06-04T16:18:34Z" +architectures: + x86_64: + commit: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + media: + aws: + artifacts: + "vmdk.xz": + disk: + location: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz + signature: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + images: + us-east-1: + image: ami-0123456789abcdef + us-east-2: + image: ami-0123456789abcdef + azure: + artifacts: + "vdi.xz": + disk: + location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz + signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + images: + global: + image: Fedora:CoreOS:Stable:30.1.2.3 + digitalocean: + artifacts: + "raw.xz": + disk: + location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz + signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + gcp: + artifacts: + "tar.gz": + disk: + location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz + signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + image: projects/fedora-cloud/global/images/fedora-coreos-stable-30-1-2-3 + metal: + artifacts: + "raw.xz": + disk: + location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz + signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + iso: + disk: + location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso + signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + pxe: + kernel: + location: https://artifacts.example.com/hkIj8FkCydT3lV9h + signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + initramfs: + location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz + signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + "installer.iso": + disk: + location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso + signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + installer-pxe: + kernel: + location: https://artifacts.example.com/EtqI0KsLIwZOHlCx + signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + initramfs: + location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz + signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + openstack: + artifacts: + "qcow.xz": + disk: + location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz + signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + packet: + artifacts: + "raw.xz": + disk: + location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz + signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + qemu: + artifacts: + "qcow.xz": + disk: + location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz + signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + virtualbox: + artifacts: + ova: + disk: + location: https://artifacts.example.com/yohsh2haiquaeYah.ova + signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + vmware: + artifacts: + ova: + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 diff --git a/metadata/stream.yaml b/metadata/stream.yaml new file mode 100644 index 0000000..60ab99d --- /dev/null +++ b/metadata/stream.yaml @@ -0,0 +1,163 @@ +# Note: the actual document will be JSON + +# Include stream name so the document is self-contained +stream: stable +metadata: + last-modified: "2019-06-04T16:18:34Z" +architectures: + x86_64: + artifacts: + # Some of these will be useful for many users, such as qemu or + # openstack. Some will likely only be useful for cloud operators, + # such as digitalocean or packet. Some, such as aws, are useful + # for users in special situations. + aws: + release: 30.1.2.3 + formats: + # Generally one format per platform, but allow for future expansion + # without obscuring the platform ID (as on Container Linux) + "vmdk.xz": + # Generally only one artifact, but not always + disk: + location: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz + signature: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + # Could also include artifact size/uncompressed-size/uncompressed-sha256 from meta.json + azure: + release: 30.1.2.3 + formats: + "vdi.xz": + disk: + location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz + signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + digitalocean: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz + signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + gcp: + release: 30.1.2.3 + formats: + "tar.gz": + disk: + location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz + signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + metal: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz + signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + iso: + disk: + location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso + signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + pxe: + kernel: + location: https://artifacts.example.com/hkIj8FkCydT3lV9h + signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + initramfs: + location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz + signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + "installer.iso": + disk: + location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso + signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + installer-pxe: + kernel: + location: https://artifacts.example.com/EtqI0KsLIwZOHlCx + signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + initramfs: + location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz + signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + openstack: + release: 30.1.2.3 + formats: + "qcow.xz": + disk: + location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz + signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + packet: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz + signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + qemu: + release: 30.1.2.3 + formats: + "qcow.xz": + disk: + location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz + signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + virtualbox: + release: 30.1.2.3 + formats: + ova: + disk: + location: https://artifacts.example.com/yohsh2haiquaeYah.ova + signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + vmware: + release: 30.1.2.3 + formats: + ova: + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + images: + # Cloud images to be launched directly by users. These are in a + # separate section because they might not always in sync with the + # release artifacts above. + aws: + regions: + us-east-1: + # We know the release because we uploaded it, so might as well + # list it. + release: 30.1.2.3 + image: ami-0123456789abcdef + us-east-2: + release: 30.1.2.3 + image: ami-0123456789abcdef + azure: + # We could give a specific image URN here, but we probably want + # users to always use a Marketplace URN. So this is a static + # string, and represents advice rather than a value we might + # change. + image: Fedora:CoreOS:stable:latest + gcp: + # We could give a specific image name here, but we probably want + # users to always use an image family. So this is a static string, + # and represents advice rather than a value we might change. + image: projects/fedora-cloud/global/images/family/fedora-coreos-stable + digitalocean: + # We don't control platform ingest, so an image slug is probably + # the best we can do. + image: fedora-coreos-stable + packet: + # Images don't have addressable versions, so an operating system + # slug is the best we can do. + image: fedora_coreos_stable + + updates: + # Primarily meant as input to Cincinnati + release: 30.1.2.3 From 79d830be14d6f49780b75e0a8fb7d6fcbec12640 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 25 Jun 2019 17:54:49 -0400 Subject: [PATCH 030/238] metadata: Rename sample release index to releases.json to avoid confusion over naming. --- metadata/{release-index.json => releases.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename metadata/{release-index.json => releases.json} (100%) diff --git a/metadata/release-index.json b/metadata/releases.json similarity index 100% rename from metadata/release-index.json rename to metadata/releases.json From a025d92390aba19053072f5682b28a8fa50d1c02 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 8 Jul 2019 15:54:47 -0400 Subject: [PATCH 031/238] metadata/releases: cleanups --- metadata/releases.json | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/metadata/releases.json b/metadata/releases.json index 862036c..fa976e6 100644 --- a/metadata/releases.json +++ b/metadata/releases.json @@ -1,10 +1,5 @@ { - "releases": [ - { - "commit": "<hash>", - "version": "<version>", - "metadata": "<url endpoint to build release metadata>" - }, + "releases": [ { "commit": "<hash>", "version": "<version>", From 7372248a71381385fc259200ac40825c28f852c5 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 8 Jul 2019 15:54:59 -0400 Subject: [PATCH 032/238] metadata/releases: support multi-arch https://github.com/coreos/fedora-coreos-tracker/issues/98#issuecomment-505104633 --- metadata/releases.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/metadata/releases.json b/metadata/releases.json index fa976e6..429f881 100644 --- a/metadata/releases.json +++ b/metadata/releases.json @@ -1,7 +1,12 @@ { "releases": [ { - "commit": "<hash>", + "commits": [ + { + "architecture": "<basearch>", + "checksum": "<hash>" + } + ], "version": "<version>", "metadata": "<url endpoint to build release metadata>" } From 63a5bcac6d64d78296d7c6c71bbb8a9069820a9f Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 8 Jul 2019 16:00:54 -0400 Subject: [PATCH 033/238] metadata/releases: add stream name Might as well keep the document self-contained. --- metadata/releases.json | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/releases.json b/metadata/releases.json index 429f881..6373e24 100644 --- a/metadata/releases.json +++ b/metadata/releases.json @@ -1,4 +1,5 @@ { + "stream": "stable", "releases": [ { "commits": [ From 5fb197899cdcde91c827e73166967e3b00fb3e17 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 8 Jul 2019 16:08:22 -0400 Subject: [PATCH 034/238] metadata/stream: don't maintain separate update targets per-arch It seems more important to distinguish per-platform targets than per-arch ones, and that would introduce a lot of complexity. So, for now, keep a single update target for the entire stream. --- metadata/stream.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/metadata/stream.yaml b/metadata/stream.yaml index 60ab99d..12a5758 100644 --- a/metadata/stream.yaml +++ b/metadata/stream.yaml @@ -157,7 +157,6 @@ architectures: # Images don't have addressable versions, so an operating system # slug is the best we can do. image: fedora_coreos_stable - - updates: - # Primarily meant as input to Cincinnati - release: 30.1.2.3 +updates: + # Primarily meant as input to Cincinnati + release: 30.1.2.3 From ae07d8a5d3068ae338ff9911a7187160b5f6d93c Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Mon, 24 Jun 2019 15:30:15 -0400 Subject: [PATCH 035/238] design: add bucket layout As discussed in #189. --- Design.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/Design.md b/Design.md index ee4e526..2dd185e 100644 --- a/Design.md +++ b/Design.md @@ -13,6 +13,7 @@ conclusion should be summarized here with a link to the issue. - [Supported Ignition Versions](#supported-ignition-versions) - [Configuration Language and Transpiler](#configuration-language-and-transpiler) - [Security policies](#security-policies) +- [Bucket layout](#bucket-layout) ## OSTree Delivery Format @@ -276,3 +277,42 @@ There have been multiple rounds of CPU vulnerabilities (L1TF and MDS) which cann By default, Fedora CoreOS will configure the kernel to disable SMT on vulnerable machines. This conditional approach avoids incurring the performance cost on systems that aren't vulnerable. However, it fails to protect systems affected by undisclosed SMT vulnerabilities, and it allows future OS updates to disable SMT without notice if new vulnerabilities become known. We will document this policy and its consequences, and provide instructions for unconditionally enabling or disabling SMT for users who prefer a different policy. + +## Bucket Layout + +Originally discussed in [#189](https://github.com/coreos/fedora-coreos-tracker/issues/189). + +The `fcos-builds` bucket, fronted by http://builds.coreos.fedoraproject.org/ will be structured as follows: + +``` +/ + prod/ + streams/ + stable/ + releases.json + builds/ + builds.json + 30.1234-5/ + release.json + x86_64/ + meta.json + commitmeta.json + fedora-coreos-30.8-qemu.x86_64.qcow2.gz + ostree-commit-object + ostree-commit.tar + ... + ppc64le/ + ... + ... + testing/ + next/ + ... + streams/ + stable.json + testing.json + ... +``` + +The artifacts under e.g. `30.1234-5/x86_64/` come directly from [coreos-assembler](https://github.com/coreos/coreos-assembler). The `/streams/*.json`, `release.json`, and `releases.json` are higher-level generated metadata objects. See [#98](https://github.com/coreos/fedora-coreos-tracker/issues/98) and [#207](https://github.com/coreos/fedora-coreos-tracker/pull/207) for more information about those. + +The stream metadata format (under `/streams`) is intended to be stable, and stream metadata objects will contain links to artifacts in the release bucket. *Everything else about the bucket layout, including its directory structure and the formats of other metadata objects, is subject to change without notice. Third-party tooling should not rely on this structure, and should instead read metadata and artifact URLs directly from stream metadata at the officially documented URL*. From e768b7b224cf4247e0d0ba9f91d06c87a6961c93 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 16 Jul 2019 15:51:12 -0400 Subject: [PATCH 036/238] README: update URL for main site --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 95999ca..5c45bab 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Future Link to download page - `#fedora-coreos` on IRC (Freenode) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) -- website at [https://coreos.fedoraproject.org/](https://coreos.fedoraproject.org/) +- website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - Twitter: [@coreos](https://twitter.com/coreos) (specific to CoreOS and containers) and [@fedora](https://twitter.com/fedora) (all Fedora and other relevant news) # Roadmap/Plans From 6ad098d0d62830c25237fa1160c59d5336177e1d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 16 Jul 2019 15:51:22 -0400 Subject: [PATCH 037/238] README: add link to documentation site --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5c45bab..e6c592b 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ Future Link to download page - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) +- documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) - Twitter: [@coreos](https://twitter.com/coreos) (specific to CoreOS and containers) and [@fedora](https://twitter.com/fedora) (all Fedora and other relevant news) # Roadmap/Plans From 198a563a0e949b2576cb6d26228503462b09fd70 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 16 Jul 2019 16:01:43 -0400 Subject: [PATCH 038/238] README: drop coreos Twitter account --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e6c592b..c265464 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Future Link to download page - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) -- Twitter: [@coreos](https://twitter.com/coreos) (specific to CoreOS and containers) and [@fedora](https://twitter.com/fedora) (all Fedora and other relevant news) +- Twitter: [@fedora](https://twitter.com/fedora) # Roadmap/Plans From 19ba2c530778487558d544d87fb92996520f9fa0 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Tue, 16 Jul 2019 17:06:01 -0400 Subject: [PATCH 039/238] Add GitHub issue template We're crafting an operating system with a transactional image-like update mechanism. Let's take advantage of this by asking reporters to include their `rpm-ostree status` in issue reports. --- .github/ISSUE_TEMPLATE.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..7e6d2f3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,4 @@ +<!-- +If reporting a bug in Fedore CoreOS, please include the +output of `rpm-ostree status`. +--> From 77b0975d086d963adb93138594dd5cc21ee4bf8e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 16 Jul 2019 18:33:58 -0400 Subject: [PATCH 040/238] README: link to download page --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c265464..4655f37 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ technologies and produce Fedora CoreOS. # Get Fedora CoreOS -Future Link to download page +[Download a preview of Fedora CoreOS.](https://getfedora.org/coreos/download/) # Communication channels for Fedora CoreOS From 561247f6e437f9cd16c806a941a34163c65f1133 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 16 Jul 2019 18:35:51 -0400 Subject: [PATCH 041/238] README: update roadmap section --- README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4655f37..e2968dc 100644 --- a/README.md +++ b/README.md @@ -37,10 +37,13 @@ technologies and produce Fedora CoreOS. # Roadmap/Plans -The first release of Fedora CoreOS will be a -[preview release](https://github.com/coreos/fedora-coreos-tracker/issues/145) -followed by a subsequent stable release. You can see a link to -our project boards in our [ROADMAP.md](./ROADMAP.md). +Fedora CoreOS is currently in preview. We're continuing to add platforms +and functionality, fix bugs, and write documentation. Please try out Fedora +CoreOS and give us feedback! + +The stable release of Fedora CoreOS is expected in late 2019. Until then, +Fedora CoreOS might change in incompatible ways, and should not be used for +production workloads. # Meetings From d070113cd6a6094c2f0e6a5f943ba774afdaa762 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 16 Jul 2019 18:36:32 -0400 Subject: [PATCH 042/238] drop separate ROADMAP file There's not enough left there to be worth a separate document. --- README.md | 4 ++++ ROADMAP.md | 20 -------------------- 2 files changed, 4 insertions(+), 20 deletions(-) delete mode 100644 ROADMAP.md diff --git a/README.md b/README.md index e2968dc..2995e8e 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,10 @@ The stable release of Fedora CoreOS is expected in late 2019. Until then, Fedora CoreOS might change in incompatible ways, and should not be used for production workloads. +We're tracking some upcoming work for Fedora CoreOS on the [stable release +project board](https://github.com/orgs/coreos/projects/84) and the +papercuts board](https://github.com/orgs/coreos/projects/83). + # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually diff --git a/ROADMAP.md b/ROADMAP.md deleted file mode 100644 index d9370b1..0000000 --- a/ROADMAP.md +++ /dev/null @@ -1,20 +0,0 @@ -There are some project boards that are dynamically updated that mark -items we'd like to complete for our Preview and Stable releases of -Fedora CoreOS: - -- [Fedora CoreOS Preview Release Project Board](https://github.com/orgs/coreos/projects/82) -- [Fedora CoreOS Stable Release Project Board](https://github.com/orgs/coreos/projects/84) -- [Fedora CoreOS Paper Cuts Board](https://github.com/orgs/coreos/projects/83) - -Below is an overview of the Fedora 30 Schedule as -[documented on the WIKI](https://fedoraproject.org/wiki/Releases/30/Schedule) - -- 2019-01-29 Change Checkpoint: Proposal submission deadline (Self Contained Changes) -- 2019-02-19 Branch Fedora 30 from Rawhide (Rawhide becomes future F31) -- 2019-03-05 Beta Freeze / Bodhi Activation -- 2019-03-26 Beta Release (Preferred Target) -- 2019-04-02 Beta Release (Target #1) -- 2019-04-16 Final Freeze -- 2019-04-30 Fedora 30 Final Release (GA) (Preferred Target) -- 2019-05-07 Fedora 30 Final Release (GA) (Target #1) - From 8bc8afe6f1930ad0299cd6eab43665256c5495da Mon Sep 17 00:00:00 2001 From: Sinny Kumari <sinny@redhat.com> Date: Sat, 20 Jul 2019 00:10:45 +0530 Subject: [PATCH 043/238] Remove Updates from stream until we finalize what cincinnati needs cincinnati may require additional information for updates policy. Let's first finalize all needed information and then add Updates field in stream metadata --- metadata/stream.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/metadata/stream.yaml b/metadata/stream.yaml index 12a5758..d2b7518 100644 --- a/metadata/stream.yaml +++ b/metadata/stream.yaml @@ -157,6 +157,3 @@ architectures: # Images don't have addressable versions, so an operating system # slug is the best we can do. image: fedora_coreos_stable -updates: - # Primarily meant as input to Cincinnati - release: 30.1.2.3 From 38dafa0bcd87276c27751a43a1a5f44e2d2bd293 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 1 Aug 2019 01:30:54 -0400 Subject: [PATCH 044/238] design: update streams for development/mechanical split --- Design.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Design.md b/Design.md index 2dd185e..3ddd216 100644 --- a/Design.md +++ b/Design.md @@ -55,9 +55,17 @@ Users will be encouraged to run most of their production systems on `stable`, an ### Development Refs -There will also be some additional unversioned refs for the convenience of Fedora CoreOS developers. These will be public, but won't be exposed to users in the same way as production refs: they might be in a different repo, or in the same repo but not listed in the summary file. None of these are contractual; they might go away if we don't find them useful. +Development for the next `testing` and `next` releases will occur in development refs. These refs will be public, but will be stored in a different ostree repo from production refs. + +- `testing-devel`: Nightly build of the package set that will be snapshotted for the next `testing` release. +- `next-devel`: Nightly build of the package set that will be snapshotted for the next `next` release. + +### Mechanical Refs + +There will also be some additional unversioned refs for the convenience of Fedora CoreOS developers. These will be public and stored in the same ostree repo as development refs. Unlike production and development refs, mechanical refs are not curated; they're simply a snapshot of the corresponding Bodhi repos, with no package pinning and no backports of fixes. None of these refs are contractual; they might go away if we don't find them useful. - `rawhide`: Nightly snapshot of rawhide. +- `branched`: Nightly snapshot of the upcoming Fedora release after it is branched. - `bodhi-updates`: Nightly snapshot of Bodhi `updates` for the Fedora release currently tracked by `testing`. - `bodhi-updates-testing`: Nightly snapshot of Bodhi `updates-testing` for the Fedora release currently tracked by `testing`. From c19484d6ed48fc4f211ec4d10aa2b9e405ebe29f Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 4 Sep 2019 11:18:41 -0400 Subject: [PATCH 045/238] Add file that lists out Fedora requests I can use this during infra and releng meetings to discuss outstanding work items. --- Fedora-Requests.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Fedora-Requests.md diff --git a/Fedora-Requests.md b/Fedora-Requests.md new file mode 100644 index 0000000..d040ae5 --- /dev/null +++ b/Fedora-Requests.md @@ -0,0 +1,14 @@ + +## Existing requests for Fedora Infra: + +- source of truth for AWS IAM permissions + - https://pagure.io/fedora-infrastructure/issue/8142 +- Project Proposal: Artifact signing for Fedora CoreOS + - https://pagure.io/fedora-infrastructure/issue/7884 + +## Existing requests for Fedora Releng: + +- Allow coreos team to regen coreos distrepos + - https://pagure.io/releng/issue/8421 +- koji distrepo and tag2distrepo are prone to race conditions + - https://pagure.io/koji/issue/1630 From cdeede45817988975841fe697212284937cf4c9e Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Fri, 13 Sep 2019 09:49:39 -0400 Subject: [PATCH 046/238] design: Rework partition proposal To clarify there's no `/var` by default, etc. --- Design.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/Design.md b/Design.md index 3ddd216..96f5c7a 100644 --- a/Design.md +++ b/Design.md @@ -109,18 +109,7 @@ Because production refs are unversioned, users will seamlessly upgrade between F FCOS should have a fixed partition layout that Ignition can modify on first boot. The installer will be similar to the Container Linux installer; the core of it will be dd'ing an image to the disk. -The partition layout is still undecided, but initial proposals look something like: - - Number Type Purpose - ----------------------------------- - 1 fat32 Boot partition/ESP - 2 N/A Bios Boot partition - 3 XFS Root - 4 XFS /var - -We also want to support moving the root partition to new locations by recreating the OSTree at the new location. This -would involve downloading the OSTree repo contents and doing the deploy between the Ignition disks and files stage if -the root filesystem has changed. This is currently untested. +The partition layout will support "dual EFI/BIOS" on x86_64, and will have a single root partition as XFS by default. We will support changing the root filesystem storage (but not `/boot`) via Ignition. ### Open Questions: From 8137507a40e7babf9bf3b6f2ac3e5f86eeabd627 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Tue, 17 Sep 2019 17:24:13 -0400 Subject: [PATCH 047/238] Update fedora infra/releng requests list --- Fedora-Requests.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Fedora-Requests.md b/Fedora-Requests.md index d040ae5..edfa4d5 100644 --- a/Fedora-Requests.md +++ b/Fedora-Requests.md @@ -3,8 +3,10 @@ - source of truth for AWS IAM permissions - https://pagure.io/fedora-infrastructure/issue/8142 -- Project Proposal: Artifact signing for Fedora CoreOS - - https://pagure.io/fedora-infrastructure/issue/7884 +- ~~Project Proposal: Artifact signing for Fedora CoreOS~~ + - ~~https://pagure.io/fedora-infrastructure/issue/7884~~ +- non-critical fedora coreos apps in communishift + - https://pagure.io/fedora-infrastructure/issue/8218 ## Existing requests for Fedora Releng: @@ -12,3 +14,5 @@ - https://pagure.io/releng/issue/8421 - koji distrepo and tag2distrepo are prone to race conditions - https://pagure.io/koji/issue/1630 +- method for copying in ostree content to our ostree repos + - https://pagure.io/releng/issue/8811 From c74f6c88ddaeae73de8d0f08a59f625b7a4cbe57 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 25 Sep 2019 15:38:27 -0400 Subject: [PATCH 048/238] Fedora-Requests.md: moved to hackmd doc I was only using this to communicate with releng so I moved it to a note that is a little more lightweight than using git for this. --- Fedora-Requests.md | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 Fedora-Requests.md diff --git a/Fedora-Requests.md b/Fedora-Requests.md deleted file mode 100644 index edfa4d5..0000000 --- a/Fedora-Requests.md +++ /dev/null @@ -1,18 +0,0 @@ - -## Existing requests for Fedora Infra: - -- source of truth for AWS IAM permissions - - https://pagure.io/fedora-infrastructure/issue/8142 -- ~~Project Proposal: Artifact signing for Fedora CoreOS~~ - - ~~https://pagure.io/fedora-infrastructure/issue/7884~~ -- non-critical fedora coreos apps in communishift - - https://pagure.io/fedora-infrastructure/issue/8218 - -## Existing requests for Fedora Releng: - -- Allow coreos team to regen coreos distrepos - - https://pagure.io/releng/issue/8421 -- koji distrepo and tag2distrepo are prone to race conditions - - https://pagure.io/koji/issue/1630 -- method for copying in ostree content to our ostree repos - - https://pagure.io/releng/issue/8811 From 9a30ee5e8ec03c76106695fb88b6e0b6fa54e43c Mon Sep 17 00:00:00 2001 From: Luca Bruno <luca.bruno@coreos.com> Date: Thu, 26 Sep 2019 13:05:05 +0000 Subject: [PATCH 049/238] metadata: list documents and add samples This adds an overall metadata README, listing all kinds of metadata with their endpoints and samples. --- metadata/README.md | 56 +++++++++ metadata/release-index/sample.json | 29 +++++ metadata/release.yaml | 117 ------------------ metadata/release/sample.json | 90 ++++++++++++++ metadata/releases.json | 18 --- .../{stream.yaml => stream/rationale.yaml} | 0 metadata/stream/sample.json | 101 +++++++++++++++ metadata/updates/sample.json | 26 ++++ 8 files changed, 302 insertions(+), 135 deletions(-) create mode 100644 metadata/README.md create mode 100644 metadata/release-index/sample.json delete mode 100644 metadata/release.yaml create mode 100644 metadata/release/sample.json delete mode 100644 metadata/releases.json rename metadata/{stream.yaml => stream/rationale.yaml} (100%) create mode 100644 metadata/stream/sample.json create mode 100644 metadata/updates/sample.json diff --git a/metadata/README.md b/metadata/README.md new file mode 100644 index 0000000..0c4d801 --- /dev/null +++ b/metadata/README.md @@ -0,0 +1,56 @@ +# Fedora CoreOS metadata + +Fedora CoreOS artifacts and streams are described by metadata objects, in the form of JSON documents. +This allows the general audience to consume releases and updates in a machine-friendly way. + +The following types of metadata exist: + * stream metadata + * updates metadata + * release index + * release metadata + +## Stream metadata + +This document contains details about latest available artifacts, on each stream. + + * URL: `https://builds.coreos.fedoraproject.org/streams/${stream}.json` + * Usage: consumed by the [getfedora.org download page](https://getfedora.org/en/coreos/download/) + * (TODO) stream metadata JSON schema + * [stream metadata sample][stream-sample] + * [comments and rationale][stream-rationale] + +[stream-sample]: ./stream/sample.json +[stream-rationale]: ./stream/rationale.yaml + +## Updates metadata + +This document contains details about updates and rollouts, on each stream. + + * URL: `https://builds.coreos.fedoraproject.org/updates/${stream}.json` + * Usage: consumed by Cincinnati to discover valid update-paths + * (TODO) updates metadata JSON schema + * [updates metadata sample][updates-sample] + +[updates-sample]: ./updates/sample.json + +## Release-index + +This piece of metadata is meant to list all existing releases, on each stream. + + * URL: `https://builds.coreos.fedoraproject.org/prod/streams/${stream}/releases.json` + * Usage: consumed by Cincinnati to discover valid releases + * (TODO) release-index JSON schema + * [release-index sample][release-index-sample] + +[release-index-sample]: ./release-index/sample.json + +## Release metadata + +This document contains details about artifacts belonging to each release. + + * URL: dynamic for each release, provided by the release-index + * Usage: internal tooling, artifacts mirroring, auditing + * (TODO) release metadata JSON schema + * [release metadata sample][release-sample] + +[release-sample]: ./release/sample.json diff --git a/metadata/release-index/sample.json b/metadata/release-index/sample.json new file mode 100644 index 0000000..06766e6 --- /dev/null +++ b/metadata/release-index/sample.json @@ -0,0 +1,29 @@ +{ + "note": "For use only by Fedora CoreOS internal tooling. All other applications should obtain release info from stream metadata endpoints.", + "releases": [ + { + "commits": [ + { + "architecture": "x86_64", + "checksum": "a9c8d66d3628d1b9b4c4690777e8b730d08329b4359410cb410a2003296af1ca" + } + ], + "version": "30.20190801.0", + "metadata": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/release.json" + }, + { + "commits": [ + { + "architecture": "x86_64", + "checksum": "b4beca154dab3696fd04f32ddab818102caa9247ec3192403adb9aaecc991bd9" + } + ], + "version": "30.20190905.0", + "metadata": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/release.json" + } + ], + "metadata": { + "last-modified": "2019-09-06T15:56:00Z" + }, + "stream": "testing" +} diff --git a/metadata/release.yaml b/metadata/release.yaml deleted file mode 100644 index 73596cb..0000000 --- a/metadata/release.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# Note: the actual document will be JSON - -release: 30.1.2.3 -stream: stable -metadata: - last-modified: "2019-06-04T16:18:34Z" -architectures: - x86_64: - commit: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - media: - aws: - artifacts: - "vmdk.xz": - disk: - location: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz - signature: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - images: - us-east-1: - image: ami-0123456789abcdef - us-east-2: - image: ami-0123456789abcdef - azure: - artifacts: - "vdi.xz": - disk: - location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz - signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - images: - global: - image: Fedora:CoreOS:Stable:30.1.2.3 - digitalocean: - artifacts: - "raw.xz": - disk: - location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz - signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - gcp: - artifacts: - "tar.gz": - disk: - location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz - signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - image: projects/fedora-cloud/global/images/fedora-coreos-stable-30-1-2-3 - metal: - artifacts: - "raw.xz": - disk: - location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz - signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - iso: - disk: - location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso - signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - pxe: - kernel: - location: https://artifacts.example.com/hkIj8FkCydT3lV9h - signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - initramfs: - location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz - signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - "installer.iso": - disk: - location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso - signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - installer-pxe: - kernel: - location: https://artifacts.example.com/EtqI0KsLIwZOHlCx - signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - initramfs: - location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz - signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - openstack: - artifacts: - "qcow.xz": - disk: - location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz - signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - packet: - artifacts: - "raw.xz": - disk: - location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz - signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - qemu: - artifacts: - "qcow.xz": - disk: - location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz - signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - virtualbox: - artifacts: - ova: - disk: - location: https://artifacts.example.com/yohsh2haiquaeYah.ova - signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - vmware: - artifacts: - ova: - disk: - location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova - signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 diff --git a/metadata/release/sample.json b/metadata/release/sample.json new file mode 100644 index 0000000..4438763 --- /dev/null +++ b/metadata/release/sample.json @@ -0,0 +1,90 @@ +{ + "release": "30.20190801.0", + "stream": "testing", + "architectures": { + "x86_64": { + "media": { + "aws": { + "artifacts": { + "vmdk.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aws.vmdk.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aws.vmdk.xz.sig", + "sha256": "7afd8ebdd61ccb6da45dfb19ccc71c47f43e1189c1fb7eb75df6f23d7c8f87dc" + } + } + }, + "images": { + "us-east-1": { + "image": "ami-0506465824cb1b578" + } + } + }, + "qemu": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz.sig", + "sha256": "4dcc04bd43f48bc74a16bd7d20b47829591a2a2fbe3ee8d59fedef2b1ddd1264" + } + } + } + }, + "metal": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-metal.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-metal.raw.xz.sig", + "sha256": "881178a4794816e623b02012a84b11d59a96dd59035508a0986a5b6c6be074ed" + } + }, + "installer.iso": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer.iso", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer.iso.sig", + "sha256": "aab20fcafc240fa03f7e43370f8be8c14b99b045eca156a0f5e77286b2e9e8c4" + } + }, + "installer-pxe": { + "kernel": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-kernel", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-kernel.sig", + "sha256": "bb493370b3716a009628197b7fce41107f1f5349f1a7ef67a8ecc7eebb3d2183" + }, + "initramfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-initramfs.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-initramfs.img.sig", + "sha256": "04dde273b9e5d1b361beb44fde337f915509ad8e128fb408f793fdd0ae84c17d" + } + } + } + }, + "openstack": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz.sig", + "sha256": "b2cab76cb2038826cb8de99f34d192bda4e805a4eb51be2979ba984424e72501" + } + } + } + }, + "vmware": { + "artifacts": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-vmware.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-vmware.ova.sig", + "sha256": "b905860fadbe0a754729f458c1552c19aa2f214df45d1d49731725038895094c" + } + } + } + } + }, + "commit": "a9c8d66d3628d1b9b4c4690777e8b730d08329b4359410cb410a2003296af1ca" + } + } +} diff --git a/metadata/releases.json b/metadata/releases.json deleted file mode 100644 index 6373e24..0000000 --- a/metadata/releases.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "stream": "stable", - "releases": [ - { - "commits": [ - { - "architecture": "<basearch>", - "checksum": "<hash>" - } - ], - "version": "<version>", - "metadata": "<url endpoint to build release metadata>" - } - ], - "metadata": { - "last-modified": "<timestamp>" - } -} diff --git a/metadata/stream.yaml b/metadata/stream/rationale.yaml similarity index 100% rename from metadata/stream.yaml rename to metadata/stream/rationale.yaml diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json new file mode 100644 index 0000000..ee53843 --- /dev/null +++ b/metadata/stream/sample.json @@ -0,0 +1,101 @@ +{ + "stream": "testing", + "metadata": { + "last-modified": "2019-09-06T16:01:35Z" + }, + "architectures": { + "x86_64": { + "artifacts": { + "aws": { + "release": "30.20190905.0", + "formats": { + "vmdk.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-aws.vmdk.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-aws.vmdk.xz.sig", + "sha256": "561c9011718e8524978160ebff50842ec91f9fdec2a26b93e258715d2e6c825b" + } + } + } + }, + "metal": { + "release": "30.20190905.0", + "formats": { + "installer-pxe": { + "kernel": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-kernel", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-kernel.sig", + "sha256": "db1a31d08b41bad712311d64436c51ea44ea8620f2044c23ff80b25caeb42b2c" + }, + "initramfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-initramfs.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-initramfs.img.sig", + "sha256": "ccb84e9ad2d6e49192f63edf05b2888f0006c8f561ba2e139774437b24536605" + } + }, + "installer.iso": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer.iso", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer.iso.sig", + "sha256": "838d38a733aaac4f53304bde19889008366da5316619ee4f47b46dd82c512437" + } + }, + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-metal.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-metal.raw.xz.sig", + "sha256": "018c0d5d2f9310608aea5fa4e62e6b22ed8df874fd13ecadc39db16e4706edd8" + } + } + } + }, + "openstack": { + "release": "30.20190905.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-openstack.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-openstack.qcow2.xz.sig", + "sha256": "7b6608f03bcf98f41494c0a71fa518256798065c2516ff757e6bdd766f870ede" + } + } + } + }, + "qemu": { + "release": "30.20190905.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-qemu.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-qemu.qcow2.xz.sig", + "sha256": "ed5a960dde75ed25607765eaf3f4988110424e2293fad4731332b6496eadbaed" + } + } + } + }, + "vmware": { + "release": "30.20190905.0", + "formats": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-vmware.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-vmware.ova.sig", + "sha256": "1f9af0eecdbbab216576143970826bef7de308298a94cd723b47be30288ad0a1" + } + } + } + } + }, + "images": { + "aws": { + "regions": { + "us-east-1": { + "release": "30.20190905.0", + "image": "ami-0cdf885a13ed855fc" + } + } + } + } + } + } +} diff --git a/metadata/updates/sample.json b/metadata/updates/sample.json new file mode 100644 index 0000000..c1c5eb1 --- /dev/null +++ b/metadata/updates/sample.json @@ -0,0 +1,26 @@ +{ + "stream": "testing", + "metadata": { + "last-modified": "2019-09-10T13:49:17+00:00" + }, + "releases": [ + { + "version": "30.20190716.1", + "metadata": { + "deadend": { + "reason": "https://github.com/coreos/fedora-coreos-tracker/issues/215" + } + } + }, + { + "version": "30.20190905.0", + "metadata": { + "rollout": { + "start_epoch": 1568125800, + "start_percentage": 0, + "duration_minutes": 1440 + } + } + } + ] +} From 84aecd47bd656bd824f60d7d2b6dfc07916411b5 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 21 Oct 2019 17:13:06 -0400 Subject: [PATCH 050/238] Design: add version numbering scheme --- Design.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/Design.md b/Design.md index 96f5c7a..194bafb 100644 --- a/Design.md +++ b/Design.md @@ -14,6 +14,7 @@ conclusion should be summarized here with a link to the issue. - [Configuration Language and Transpiler](#configuration-language-and-transpiler) - [Security policies](#security-policies) - [Bucket layout](#bucket-layout) +- [Version numbers](#version-numbers) ## OSTree Delivery Format @@ -313,3 +314,48 @@ The `fcos-builds` bucket, fronted by http://builds.coreos.fedoraproject.org/ wil The artifacts under e.g. `30.1234-5/x86_64/` come directly from [coreos-assembler](https://github.com/coreos/coreos-assembler). The `/streams/*.json`, `release.json`, and `releases.json` are higher-level generated metadata objects. See [#98](https://github.com/coreos/fedora-coreos-tracker/issues/98) and [#207](https://github.com/coreos/fedora-coreos-tracker/pull/207) for more information about those. The stream metadata format (under `/streams`) is intended to be stable, and stream metadata objects will contain links to artifacts in the release bucket. *Everything else about the bucket layout, including its directory structure and the formats of other metadata objects, is subject to change without notice. Third-party tooling should not rely on this structure, and should instead read metadata and artifact URLs directly from stream metadata at the officially documented URL*. + +## Version numbers + +Originally discussed in [#81](https://github.com/coreos/fedora-coreos-tracker/issues/81) and [#211](https://github.com/coreos/fedora-coreos-tracker/issues/211). + +Fedora CoreOS versions will have the form `X.Y.Z.A`: + +- X is the Fedora major version, e.g. `31`. +- Y is the datestamp that the package set was snapshotted from Fedora, e.g. `20191014`. For mechanical streams, this is the build date. For development and production streams, it's the date of the snapshot that was promoted. +- For official builds, Z is a code number corresponding to the stream: + +Stream | Z version +-- | -- +next | 1 +testing | 2 +stable | 3 +next-devel | 10 +testing-devel | 20 +rawhide | 91 +branched | 92 +bodhi-updates-testing | 93 +bodhi-updates | 94 + +For developer builds (those not produced by the official pipeline), Z is always `dev`. + +These Z codes were chosen to make production versions short and simple, development versions clearly related to production versions, and mechanical versions clearly separated into a distinct group. + +- A is a revision number, which starts at 0 and is incremented for each new build with the same X.Y.Z parameters as an existing build. + +Some examples: + +Stream | Version | Comment +-- | -- | -- +next | 32.20191018.1.0 | F32-based, first release from this snapshot +testing | 31.20191018.2.1 | F31-based, second release from this snapshot +stable | 31.20191001.3.1 | Second stable release from the 20191001 snapshot +next-devel | 31.20191018.10.10 | 11th build of the day +testing-devel | 31.20191018.20.0 | +rawhide | 33.20191018.91.0 | F33-based, first build of the day +branched | 32.20191018.92.0 | +bodhi-updates-testing | 31.20191018.93.0 | +bodhi-updates | 31.20191018.94.0 | +(any developer build) | 31.20191018.dev.2 | Third build of the day + +We are not committing to this version scheme indefinitely, and may change it in future if it proves unworkable. A new Fedora major release (X bump) would be a good time to make such a change. We don't intend Fedora CoreOS version numbers to be parsed by machine; they're meant to help humans quickly determine the salient properties of a release. From ffcb8d721d10fd8c09c3e504c5e8f6d45f0be381 Mon Sep 17 00:00:00 2001 From: Luca BRUNO <luca.bruno@coreos.com> Date: Tue, 22 Oct 2019 13:23:06 +0000 Subject: [PATCH 051/238] metadata/release-index: add human-friendly specs This adds a human-friendly specification describing the semantics of the release-index document. --- metadata/README.md | 2 ++ metadata/release-index/specifications.md | 14 ++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 metadata/release-index/specifications.md diff --git a/metadata/README.md b/metadata/README.md index 0c4d801..a938c9f 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -39,10 +39,12 @@ This piece of metadata is meant to list all existing releases, on each stream. * URL: `https://builds.coreos.fedoraproject.org/prod/streams/${stream}/releases.json` * Usage: consumed by Cincinnati to discover valid releases + * [JSON document specifications][release-index-specs] * (TODO) release-index JSON schema * [release-index sample][release-index-sample] [release-index-sample]: ./release-index/sample.json +[release-index-specs]: ./release-index/specifications.md ## Release metadata diff --git a/metadata/release-index/specifications.md b/metadata/release-index/specifications.md new file mode 100644 index 0000000..52e143b --- /dev/null +++ b/metadata/release-index/specifications.md @@ -0,0 +1,14 @@ +# Release-index specifications + +The release-index is a JSON document with a single object containing the following fields: + +- `note` (optional, string): a human-friendly documentation text. +- `stream` (mandatory, string): name of the release stream. +- `metadata` (mandatory, object): metadata attributes for this JSON document. + - `last-modified` (mandatory, string): UTC timestamp for the last change, in ISO 8601 format. +- `releases` (mandatory, list of objects): per-release details. Each entry MUST have a unique non-empty `version` field. The list MUST be sorted in ascending order, from oldest to latest release. + - `version` (mandatory, string): release version identifier. + - `metadata` (mandatory, string): URL to the release metadata document for this version. + - `commits` (mandatory, list of objects): per-architecture OSTree commits. Each entry MUST have a unique non-empty `architecture` field. + - `architecture` (mandatory, string): relevant base-architecture for this commit. + - `checksum` (mandatory, string): OSTree commit identifier. From ee8f93be0877df68b1946418bdba8aee06e9e5e2 Mon Sep 17 00:00:00 2001 From: Luca BRUNO <luca.bruno@coreos.com> Date: Tue, 22 Oct 2019 12:42:32 +0000 Subject: [PATCH 052/238] metadata/updates: add human-friendly specs This adds a human-friendly specification describing the semantics of the updates metadata. --- metadata/README.md | 2 ++ metadata/updates/specifications.md | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 metadata/updates/specifications.md diff --git a/metadata/README.md b/metadata/README.md index a938c9f..43fe387 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -28,10 +28,12 @@ This document contains details about updates and rollouts, on each stream. * URL: `https://builds.coreos.fedoraproject.org/updates/${stream}.json` * Usage: consumed by Cincinnati to discover valid update-paths + * [JSON document specifications][updates-specs] * (TODO) updates metadata JSON schema * [updates metadata sample][updates-sample] [updates-sample]: ./updates/sample.json +[updates-specs]: ./updates/specifications.md ## Release-index diff --git a/metadata/updates/specifications.md b/metadata/updates/specifications.md new file mode 100644 index 0000000..da85b81 --- /dev/null +++ b/metadata/updates/specifications.md @@ -0,0 +1,24 @@ +# Updates metadata specifications + +The updates metadata is a JSON document with a single object containing the following fields: + +- `stream` (mandatory, string): name of the update stream. +- `metadata` (mandatory, object): metadata attributes for this JSON document. + - `last-modified` (mandatory, string): UTC timestamp for the last change, in ISO 8601 format. +- `releases` (mandatory, list of objects): per-release updates details. Each entry MUST have a unique non-empty `version` attribute. + - `version` (mandatory, string): release version identifier. + - `metadata` (mandatory, object): updates details. + - `barrier` (optional, object): if present, the corresponding release is marked as an update barrier. + - `reason` (mandatory, string): URL to a resource explaining the reason for this barrier. + - `deadend` (optional, object): if present, the corresponding release is marked as an update dead-end. + - `reason` (mandatory, string): URL to a resource explaining the reason for this dead-end. + - `rollout` (optional, object): if present, the corresponding release is marked as an in-progress update rollout. + - `start_epoch` (optional, signed integer): UNIX epoch timestamp for the start of this rollout. Default: `0`. + - `start_percentage` (optional, float): percentage (ranging from `0.0` to `100.0`) for the starting point of this rollout. Default: `0.0`. + - `duration_minutes` (optional, unsigned integer): duration in minutes for the rollout to progress till reaching 100% completion. Default: `0` (i.e. no progress). + +# Glossary + +- **barrier**: a release which is a forced chokepoint for auto-updates. Releases older than a certain barrier must first update to it before proceding to more recent updates. +- **dead-end**: a release which cannot further auto-update. Manual intervention is required to update out of it. +- **rollout**: a release which can be used as a valid target for auto-updates. Multiple rollouts can exist and progress in parallel. From 1bdfac51f14923c1e6c91b42e6cf4649d0a72ea2 Mon Sep 17 00:00:00 2001 From: Luca BRUNO <luca.bruno@coreos.com> Date: Wed, 30 Oct 2019 10:43:57 +0000 Subject: [PATCH 053/238] metadata: add release-index JSON schema This adds a JSON schema for the release-index. --- metadata/README.md | 3 +- .../fcos-release-index-schema.json | 87 +++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 metadata/release-index/fcos-release-index-schema.json diff --git a/metadata/README.md b/metadata/README.md index 43fe387..6509bfd 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -42,9 +42,10 @@ This piece of metadata is meant to list all existing releases, on each stream. * URL: `https://builds.coreos.fedoraproject.org/prod/streams/${stream}/releases.json` * Usage: consumed by Cincinnati to discover valid releases * [JSON document specifications][release-index-specs] - * (TODO) release-index JSON schema + * [release-index JSON schema][release-index-schema] * [release-index sample][release-index-sample] +[release-index-schema]: ./release-index/fcos-release-index-schema.json [release-index-sample]: ./release-index/sample.json [release-index-specs]: ./release-index/specifications.md diff --git a/metadata/release-index/fcos-release-index-schema.json b/metadata/release-index/fcos-release-index-schema.json new file mode 100644 index 0000000..22d9108 --- /dev/null +++ b/metadata/release-index/fcos-release-index-schema.json @@ -0,0 +1,87 @@ +{ + "definitions": {}, + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "title": "release-index", + "description": "FCOS release-index JSON document.", + "required": [ + "releases", + "metadata", + "stream" + ], + "properties": { + "note": { + "type": "string", + "description": "human-friendly documentation text" + }, + "releases": { + "type": "array", + "description": "Each entry MUST have a unique non-empty version field. The list MUST be sorted in ascending order, from oldest to latest release.", + "items": { + "type": "object", + "description": "Release entry.", + "required": [ + "commits", + "version", + "metadata" + ], + "properties": { + "commits": { + "type": "array", + "title": "OSTree commits", + "description": "Release entries. Each entry MUST have a unique non-empty architecture field.", + "items": { + "type": "object", + "title": "commit entry", + "required": [ + "architecture", + "checksum" + ], + "properties": { + "architecture": { + "type": "string", + "title": "architecture", + "description": "Relevant base-architecture for this commit." + }, + "checksum": { + "type": "string", + "title": "checksum", + "description": "OSTree commit identifier." + } + } + } + }, + "version": { + "type": "string", + "title": "release version", + "description": "Release version." + }, + "metadata": { + "type": "string", + "title": "metadata URL", + "description": "URL to the release metadata document for this version." + } + } + } + }, + "metadata": { + "type": "object", + "title": "document metadata", + "description": "Metadata for this JSON document.", + "required": [ + "last-modified" + ], + "properties": { + "last-modified": { + "type": "string", + "title": "last change timestamp", + "description": "UTC timestamp for the last change, in ISO 8601 format." + } + } + }, + "stream": { + "type": "string", + "description": "Name of the release stream." + } + } +} From 32964c417c371be29cd6747c178a00460eb31a70 Mon Sep 17 00:00:00 2001 From: Luca BRUNO <luca.bruno@coreos.com> Date: Wed, 30 Oct 2019 13:58:55 +0000 Subject: [PATCH 054/238] metadata: add updates metadata JSON schema This adds a JSON schema for the updates metadata. --- metadata/README.md | 3 +- metadata/updates/fcos-updates-schema.json | 116 ++++++++++++++++++++++ 2 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 metadata/updates/fcos-updates-schema.json diff --git a/metadata/README.md b/metadata/README.md index 43fe387..5e4f8a0 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -29,9 +29,10 @@ This document contains details about updates and rollouts, on each stream. * URL: `https://builds.coreos.fedoraproject.org/updates/${stream}.json` * Usage: consumed by Cincinnati to discover valid update-paths * [JSON document specifications][updates-specs] - * (TODO) updates metadata JSON schema + * [updates metadata JSON schema][updates-schema] * [updates metadata sample][updates-sample] +[updates-schema]: ./updates/fcos-updates-schema.json [updates-sample]: ./updates/sample.json [updates-specs]: ./updates/specifications.md diff --git a/metadata/updates/fcos-updates-schema.json b/metadata/updates/fcos-updates-schema.json new file mode 100644 index 0000000..cad2f57 --- /dev/null +++ b/metadata/updates/fcos-updates-schema.json @@ -0,0 +1,116 @@ +{ + "definitions": {}, + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "title": "updates", + "description": "FCOS updates metadata JSON document.", + "required": [ + "releases", + "metadata", + "stream" + ], + "properties": { + "releases": { + "type": "array", + "description": "Each entry MUST have a unique non-empty version field.", + "items": { + "type": "object", + "description": "Release entry.", + "required": [ + "version", + "metadata" + ], + "properties": { + "version": { + "type": "string", + "title": "release version", + "description": "Release version." + }, + "metadata": { + "type": "object", + "title": "release updates", + "description": "Per-release updates metadata.", + "properties": { + "barrier": { + "type": "object", + "title": "barrier", + "description": "Details on a release barrier.", + "properties": { + "reason": { + "type": "string", + "title": "barrier reason", + "description": "URL to a document with the reason for this barrier." + } + }, + "required": [ + "reason" + ] + }, + "deadend": { + "type": "object", + "title": "deadend", + "description": "Details on a release dead-end.", + "properties": { + "reason": { + "type": "string", + "title": "deadend reason", + "description": "URL to a document with the reason for this deadend." + } + }, + "required": [ + "reason" + ] + }, + "rollout": { + "type": "object", + "title": "rollout", + "description": "Details on a release rollout.", + "properties": { + "start_epoch": { + "type": "integer", + "title": "rollout start timestamp", + "description": "UNIX epoch timestamp for the start of this rollout. Default: 0.", + "default": 0 + }, + "start_percentage": { + "type": "number", + "title": "rollout starting percentage", + "description": "Percentage (ranging from 0.0 to 100.0) for the starting point of this rollout. Default: 0.0.", + "default": 0, + "minimum": 0, + "maximum": 100 + }, + "duration_minutes": { + "type": "integer", + "title": "rollout duration", + "description": "Duration in minutes for the rollout to progress till reaching 100% completion. Default: 0 (i.e. no progress).", + "default": 0 + } + } + } + } + } + } + } + }, + "metadata": { + "type": "object", + "title": "document metadata", + "description": "Metadata for this JSON document.", + "required": [ + "last-modified" + ], + "properties": { + "last-modified": { + "type": "string", + "title": "last change timestamp", + "description": "UTC timestamp for the last change, in ISO 8601 format." + } + } + }, + "stream": { + "type": "string", + "description": "Name of the release stream." + } + } +} From b682636d741659cb71225dc5bc3cfb0938466644 Mon Sep 17 00:00:00 2001 From: Luca BRUNO <luca.bruno@coreos.com> Date: Thu, 19 Dec 2019 10:41:01 +0000 Subject: [PATCH 055/238] metadata/updates: fix range This fixes the `start_percentage` range, properly capping it at `1.0`. --- metadata/updates/fcos-updates-schema.json | 8 ++++---- metadata/updates/sample.json | 2 +- metadata/updates/specifications.md | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/metadata/updates/fcos-updates-schema.json b/metadata/updates/fcos-updates-schema.json index cad2f57..d7d23f3 100644 --- a/metadata/updates/fcos-updates-schema.json +++ b/metadata/updates/fcos-updates-schema.json @@ -75,10 +75,10 @@ "start_percentage": { "type": "number", "title": "rollout starting percentage", - "description": "Percentage (ranging from 0.0 to 100.0) for the starting point of this rollout. Default: 0.0.", - "default": 0, - "minimum": 0, - "maximum": 100 + "description": "Starting point of this rollout, as decimal fraction ranging from 0.0 to 1.0. Default: 0.0.", + "default": 0.0, + "minimum": 0.0, + "maximum": 1.0 }, "duration_minutes": { "type": "integer", diff --git a/metadata/updates/sample.json b/metadata/updates/sample.json index c1c5eb1..8673871 100644 --- a/metadata/updates/sample.json +++ b/metadata/updates/sample.json @@ -17,7 +17,7 @@ "metadata": { "rollout": { "start_epoch": 1568125800, - "start_percentage": 0, + "start_percentage": 0.3, "duration_minutes": 1440 } } diff --git a/metadata/updates/specifications.md b/metadata/updates/specifications.md index da85b81..e9287e1 100644 --- a/metadata/updates/specifications.md +++ b/metadata/updates/specifications.md @@ -14,7 +14,7 @@ The updates metadata is a JSON document with a single object containing the foll - `reason` (mandatory, string): URL to a resource explaining the reason for this dead-end. - `rollout` (optional, object): if present, the corresponding release is marked as an in-progress update rollout. - `start_epoch` (optional, signed integer): UNIX epoch timestamp for the start of this rollout. Default: `0`. - - `start_percentage` (optional, float): percentage (ranging from `0.0` to `100.0`) for the starting point of this rollout. Default: `0.0`. + - `start_percentage` (optional, float): starting point of this rollout, as decimal fraction ranging from `0.0` to `1.0`. Default: `0.0`. - `duration_minutes` (optional, unsigned integer): duration in minutes for the rollout to progress till reaching 100% completion. Default: `0` (i.e. no progress). # Glossary From f03df70d70cb44c3a4189e62589d485aed3960cd Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Wed, 8 Jan 2020 17:06:12 -0500 Subject: [PATCH 056/238] Add sample release and stream metadata for aliyun and azure For completeness. --- metadata/release/sample.json | 22 ++++++++++++++++++++++ metadata/stream/sample.json | 24 ++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 4438763..874aebd 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -61,6 +61,28 @@ } } }, + "azure": { + "artifacts": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", + "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" + } + } + } + }, + "aliyun": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", + "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" + } + } + } + }, "openstack": { "artifacts": { "qcow2.xz": { diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index ee53843..d1a2b41 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -61,6 +61,30 @@ } } }, + "azure": { + "release": "30.20190905.0", + "formats": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", + "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" + } + } + } + }, + "aliyun": { + "release": "30.20190905.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", + "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" + } + } + } + }, "qemu": { "release": "30.20190905.0", "formats": { From 20c6e822964727eed4670102f2f089cf33a2b6b8 Mon Sep 17 00:00:00 2001 From: Frederik Nordahl Jul Sabroe <frederikns@gmail.com> Date: Sun, 12 Jan 2020 22:04:19 +0100 Subject: [PATCH 057/238] Fix papercuts board link in main README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2995e8e..14ce5c0 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ production workloads. We're tracking some upcoming work for Fedora CoreOS on the [stable release project board](https://github.com/orgs/coreos/projects/84) and the -papercuts board](https://github.com/orgs/coreos/projects/83). +[papercuts board](https://github.com/orgs/coreos/projects/83). # Meetings From 3c2c4d7bb45f302e25d01ccb1f377ffa44211613 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 11 Mar 2020 09:42:55 -0400 Subject: [PATCH 058/238] Add meeting-people.txt: list of people to ping before meetings --- README.md | 4 ++++ meeting-people.txt | 10 ++++++++++ 2 files changed, 14 insertions(+) create mode 100644 meeting-people.txt diff --git a/README.md b/README.md index 14ce5c0..5ebd6af 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,10 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting +- `cd` to a local checkout of this repo and `git pull` +- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt) in `#fedora-coreos` on freenode + - `bash meeting-people.txt` + - copy lines of output and paste into `#fedora-coreos` channel - Navigate to `#fedora-meeting-1` on freenode - Type `#startmeeting fedora_coreos_meeting` - `#topic roll call` diff --git a/meeting-people.txt b/meeting-people.txt new file mode 100644 index 0000000..fe385ae --- /dev/null +++ b/meeting-people.txt @@ -0,0 +1,10 @@ +# List of people to ping before the Fedora CoreOS community meetings +tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt" +exit 0 + +darkmuggle +dustymabe +jdoss +jlebon +miabbott +skunkerk From 7caa493b64c09efc00dc6b534a6fa2459a644a7f Mon Sep 17 00:00:00 2001 From: David Duncan <297012+davdunc@users.noreply.github.com> Date: Fri, 20 Mar 2020 11:08:04 -0700 Subject: [PATCH 059/238] add davdunc to meeting notify list --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index fe385ae..d7837cb 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -8,3 +8,4 @@ jdoss jlebon miabbott skunkerk +davdunc From dabea33962ee81817951b0a017eead1ff9ae09d9 Mon Sep 17 00:00:00 2001 From: Christian Glombek <LorbusChris@users.noreply.github.com> Date: Wed, 1 Apr 2020 18:39:09 +0200 Subject: [PATCH 060/238] Add lorbus to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index d7837cb..2697d08 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -4,6 +4,7 @@ exit 0 darkmuggle dustymabe +lorbus jdoss jlebon miabbott From 9063f647ab9e2bd03d519d7204893a7f5bd714bd Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 1 Apr 2020 12:45:14 -0400 Subject: [PATCH 061/238] meeting-people: sort --- meeting-people.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index 2697d08..4995d7f 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -3,10 +3,10 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meet exit 0 darkmuggle +davdunc dustymabe -lorbus jdoss jlebon +lorbus miabbott skunkerk -davdunc From 33c6ed068c42419107bc5b697f0443c4330efea7 Mon Sep 17 00:00:00 2001 From: James Cassell <code@james.cassell.me> Date: Wed, 20 May 2020 17:05:20 -0400 Subject: [PATCH 062/238] FCOS is no longer Preview --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ebd6af..c166d68 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ technologies and produce Fedora CoreOS. # Get Fedora CoreOS -[Download a preview of Fedora CoreOS.](https://getfedora.org/coreos/download/) +[Download Fedora CoreOS.](https://getfedora.org/coreos/download/) # Communication channels for Fedora CoreOS From 2d830a70b89dc76097f9f9d80e033ecaff52cff8 Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Fri, 5 Jun 2020 13:58:23 +0000 Subject: [PATCH 063/238] README-internals.md: New doc Imported from https://hackmd.io/0e_oup-qTLeO77k_DfwdTA The idea is this is a quick place to dump links/discussion about internals. --- internals/README-internals.md | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 internals/README-internals.md diff --git a/internals/README-internals.md b/internals/README-internals.md new file mode 100644 index 0000000..66f695a --- /dev/null +++ b/internals/README-internals.md @@ -0,0 +1,42 @@ +# CoreOS Internals docs + +This document intends to be a dumping ground to briefly describe various problem domains we've hit around building/delivering/testing CoreOS style systems. + +Other important links: + + - https://github.com/coreos/coreos-assembler/ + - https://github.com/coreos/fedora-coreos-config + +# Initramfs + +We use [dracut](https://github.com/dracutdevs/dracut/) the same as a number of other (but not all) distributions. It basically gathers binaries/configuration from the real root and generates an initramfs from them. + +The initramfs is critical to CoreOS systems; mainly https://github.com/coreos/ignition/ +https://github.com/coreos/ignition-dracut/ handles running Ignition, and then the other key pieces are in the [fedora-coreos-config overlay.d](https://github.com/coreos/fedora-coreos-config), most notably `40ignition-ostree` which "glues together" the Ignition logic with the OSTree logic plus some CoreOS conventions. + +The OSTree portion of the initramfs is reading the `ostree=` kernel command line argument to find the target root. See [ostree-prepare-root.service](https://github.com/ostreedev/ostree/blob/d9fc1dd55d3ae0b71d303dceae9dd23d5b9497c8/src/boot/ostree-prepare-root.service). + +A big recent effort is [reprovisioning the root filesystem](https://github.com/coreos/fedora-coreos-tracker/issues/94). + +# CPU microcode + +rpm-ostree runs dracut on the server side, and dracut knows how to pick up CPU microcode and prepend it to the initramfs. Relevant bugs: + +- https://bugzilla.redhat.com/show_bug.cgi?id=1199582 +- https://bugzilla.redhat.com/show_bug.cgi?id=1803883 + +# Entropy + +As of recently we enable `CONFIG_RANDOM_TRUST_CPU` which covers modern `x86_64` systems for example. + +- https://bugzilla.redhat.com/show_bug.cgi?id=1830280 +- https://github.com/openshift/machine-config-operator/issues/854 + +# Networking + +In [this tracker issue](https://github.com/coreos/fedora-coreos-tracker/issues/24) a decision was made to use NetworkManager. As of recently we use NetworkManager in the initramfs. And even more recently, things have been reworked so that [afterburn can control initramfs networking](https://github.com/coreos/afterburn/pull/404) on specific clouds. + +# Time synchronization + +We use chrony, with some [additional custom logic for specific clouds](https://github.com/coreos/fedora-coreos-config/blob/faf387eac89d14924a1e2021d2093d0cdb8af8b3/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony). +See also DHCP propagation: https://github.com/coreos/fedora-coreos-config/pull/412 From 5d005d528862e514fc06a0dc748bb6f20f7c432e Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Tue, 30 Jun 2020 13:39:49 +0000 Subject: [PATCH 064/238] Add README-initramfs.md Co-authored with other people on the CoreOS team via hackmd.io. --- internals/README-initramfs.md | 68 +++++++++++++++++++++++++++++++++++ internals/README-internals.md | 9 +---- 2 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 internals/README-initramfs.md diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md new file mode 100644 index 0000000..51a9b81 --- /dev/null +++ b/internals/README-initramfs.md @@ -0,0 +1,68 @@ +# The initramfs + +For CoreOS the initramfs is critical; a key technological pillar of CoreOS is [Ignition](https://github.com/coreos/ignition/) which e.g. handles partitioning disks that happen on the first boot. One way to think about this is that Ignition handles a lot of the roles that a traditional "installer" program might - our initramfs contains `sgdisk`, most others don't. + +# Initramfs history + +See the upstream Linux kernel document: ["what is initramfs"](https://www.kernel.org/doc/html/latest/filesystems/ramfs-rootfs-initramfs.html?highlight=initramfs#what-is-initramfs). + +It's basically a small filesystem that gets passed to the kernel by the bootloader, and the kernel unpacks and runs it. + +The high level goal of the initramfs is to mount the root filesystem (conventionally at `/sysroot`) and switch root into it, i.e. turning `/sysroot` into `/`. + +# Initramfs technologies + +We use [dracut](https://github.com/dracutdevs/dracut/) the same as a number of other (but not all) distributions. It basically gathers binaries/configuration from the real root and generates an initramfs from them. + +Modern systemd has a very clean design for both the initramfs and the real boot. See the ["man bootup"](https://www.freedesktop.org/software/systemd/man/bootup.html) documentation. The software involved implements these abstract `.target` units. + +There are 3 important pieces of software involved in the initramfs: + +- [ignition-dracut](https://github.com/coreos/ignition-dracut/) (i.e. Ignition) +- [ostree-prepare-root](https://github.com/ostreedev/ostree/blob/master/src/switchroot/ostree-prepare-root.c) (Part of OSTree) +- [40ignition-ostree dracut module](https://github.com/coreos/fedora-coreos-config/tree/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree) (fedora-coreos-config) + +Note that Ignition and OSTree are both independent projects consumed by other distributions in addition to Fedora CoreOS. This means that we want to support using each independently. The `40ignition-ostree` dracut module *ties those two together* - it's the place where you will find systemd units that have direct ordering relationship around the two projects. + +# First boot versus subsequent boot + +Ignition runs only on the first boot. To account for this, ignition-dracut ships two targets: + +`ignition-complete.target`: Enabled on first boot +`ignition-subsequent.target`: Enabled on every boot **except** the first + +`-complete` will pull in a lot of units, such as `ignition-fetch.service` and `ignition-disks.service` + +We implement`ignition-subsequent.target` today by hooking in `ignition-ostree-mount-subsequent-sysroot.service` which basically just waits for a filesystem with `LABEL=root` and mounts it - very simple! But see below around the root filesystem. + +# Images and finding filesystems + +An important part of the CoreOS philosophy is to make bare metal as close to cloud workflows as possible. This follows from moving all support for e.g. filesystem provisioning into Ignition. + +[coreos-assembler](https://github.com/coreos/coreos-assembler) generates a disk image with `boot` (`/boot`) and `root` (`/`) labels. Various components of the initramfs (as well as our default GRUB config) use the `label=boot` to find the boot partition. The label `root` is used by `ignition-ostree-mount-firstboot-sysroot.service`. + +# Live versus diskful + +We also ship a "Live" ISO/PXE image which uses a different filesystem (squashfs). This caused us to introduce a separate `ignition-diskful.target` which only runs on cases where we're booted from writable persistent storage (i.e. not ISO/PXE). + +To implement the "live" or "run in RAM" aspects, the `live-generator` sets up an `overlayfs` for `/etc` and a `tmpfs` for `/var`. Everything else is part of the `squashfs` which is read-only. + +The Live OS setup differs currently between the ISO and PXE: https://github.com/coreos/fedora-coreos-tracker/issues/390 + +Currently when generating the ISO image we inject a label onto the root filesystem, and a `coreos.liveiso` kernel argument matching it. The initramfs knows to look for that kernel argument, which it then uses to mount the squashfs which contains the root filesystem. + +In contrast for PXE the squashfs is in the `live-initramfs` directly. + +# SELinux in the initramfs + +SELinux policy is loaded in the real root. This means that every file we create in the initramfs must be relabeled. See this code: https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel + +# Reprovisioning the root + +A big recent effort is [reprovisioning the root filesystem](https://github.com/coreos/fedora-coreos-tracker/issues/94). This will make the "subsequent" boot path work differently based on configuration. + +# Debugging the initramfs + +- https://fedoraproject.org/wiki/How_to_debug_Dracut_problems is generally useful +- Use `cosa buildinitramfs-fast` for fast iteration: https://github.com/coreos/coreos-assembler/pull/1433 +- ignition-dracut contains code to dump the journal to a virtio channel: https://github.com/coreos/ignition-dracut/pull/146 - This is used by parts of coreos-assembler diff --git a/internals/README-internals.md b/internals/README-internals.md index 66f695a..8dd1ed9 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -9,14 +9,7 @@ Other important links: # Initramfs -We use [dracut](https://github.com/dracutdevs/dracut/) the same as a number of other (but not all) distributions. It basically gathers binaries/configuration from the real root and generates an initramfs from them. - -The initramfs is critical to CoreOS systems; mainly https://github.com/coreos/ignition/ -https://github.com/coreos/ignition-dracut/ handles running Ignition, and then the other key pieces are in the [fedora-coreos-config overlay.d](https://github.com/coreos/fedora-coreos-config), most notably `40ignition-ostree` which "glues together" the Ignition logic with the OSTree logic plus some CoreOS conventions. - -The OSTree portion of the initramfs is reading the `ostree=` kernel command line argument to find the target root. See [ostree-prepare-root.service](https://github.com/ostreedev/ostree/blob/d9fc1dd55d3ae0b71d303dceae9dd23d5b9497c8/src/boot/ostree-prepare-root.service). - -A big recent effort is [reprovisioning the root filesystem](https://github.com/coreos/fedora-coreos-tracker/issues/94). +This topic is big enough to have its own document: [README-initramfs.md](README-initramfs.md). # CPU microcode From 04a921d949213d674d9095f1de0aee189c0e8ba2 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Wed, 8 Jul 2020 09:46:36 -0400 Subject: [PATCH 065/238] Add RELEASES.md Add basic short information about FCOS releases, with links to the more in-depth design document. Also add a link to the HackMD release schedule. --- README.md | 15 +++++---------- RELEASES.md | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 RELEASES.md diff --git a/README.md b/README.md index c166d68..32e1a83 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ - Welcome to the Fedora CoreOS issue tracker. This tracker will be used to discuss new features for Fedora CoreOS and also important bugs that are affecting the project. Tickets with the `meeting` label will be @@ -37,17 +36,13 @@ technologies and produce Fedora CoreOS. # Roadmap/Plans -Fedora CoreOS is currently in preview. We're continuing to add platforms -and functionality, fix bugs, and write documentation. Please try out Fedora -CoreOS and give us feedback! +Fedora CoreOS is available for general use and no longer in preview. We're +continuing to add more platforms and functionality, fix bugs, and write +documentation. Please try out Fedora CoreOS and give us feedback! -The stable release of Fedora CoreOS is expected in late 2019. Until then, -Fedora CoreOS might change in incompatible ways, and should not be used for -production workloads. +# Releases -We're tracking some upcoming work for Fedora CoreOS on the [stable release -project board](https://github.com/orgs/coreos/projects/84) and the -[papercuts board](https://github.com/orgs/coreos/projects/83). +See [RELEASES.md](RELEASES.md). # Meetings diff --git a/RELEASES.md b/RELEASES.md new file mode 100644 index 0000000..b04a7bc --- /dev/null +++ b/RELEASES.md @@ -0,0 +1,36 @@ +# Fedora CoreOS Releases + +FCOS releases normally happen every 2 weeks. In addition, +there may be asynchronous releases for e.g. CVEs or bug +fixes. + +For more details, see +[the design doc](Design.md#release-streams). + +## Streams + +There are 3 primary streams: `stable`, `testing`, and +`next`. The `next` stream either tracks `testing` or the +next major version of Fedora. Content in `testing` is +promoted to `stable` after 2 weeks. + +For more details, see +[the design doc](Design.md#release-streams). + +## Versioning + +FCOS versions are of the form `X.Y.Z.A`, where `X` is the +Fedora major version, `Y` is the date of the Fedora RPM +snapshot, `Z` is a stream identifier, and `A` is a revision +number. + +Since `stable` releases are promoted from `testing`, their +`Y` dates will usually be 2 weeks behind `testing`. + +For more details, see +[the design doc](Design.md#version-numbers). + +## Schedule + +The release schedule and release owners are tracked in a +[HackMD document](https://hackmd.io/WCA8XqAoRvafnja01JG_YA). From 6e9a62c3d7540e7578819f1b8848fd8537d10870 Mon Sep 17 00:00:00 2001 From: Nasir Hussain <nasirhussainm14@gmail.com> Date: Mon, 20 Jul 2020 21:16:24 +0500 Subject: [PATCH 066/238] Addition of nasirhm in Meeting people. I've added myself [nasirhm] in the meeting people in order to get notified for the meeting. --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 4995d7f..9c3bb8e 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -9,4 +9,5 @@ jdoss jlebon lorbus miabbott +nasirhm skunkerk From 772cf0d3b2f91dc69f889c120ade40b9499c15e9 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Tue, 11 Aug 2020 14:54:13 -0400 Subject: [PATCH 067/238] internals: document units that mount /boot in the initrd Let's write this down somewhere since it comes up once in a while and it's important to be aware of all the services that do this and when they run. --- internals/README-initramfs.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 51a9b81..dd0e28b 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -17,8 +17,7 @@ We use [dracut](https://github.com/dracutdevs/dracut/) the same as a number of o Modern systemd has a very clean design for both the initramfs and the real boot. See the ["man bootup"](https://www.freedesktop.org/software/systemd/man/bootup.html) documentation. The software involved implements these abstract `.target` units. There are 3 important pieces of software involved in the initramfs: - -- [ignition-dracut](https://github.com/coreos/ignition-dracut/) (i.e. Ignition) +- [30ignition](https://github.com/coreos/ignition/tree/master/dracut/30ignition) (Part of Ignition) - [ostree-prepare-root](https://github.com/ostreedev/ostree/blob/master/src/switchroot/ostree-prepare-root.c) (Part of OSTree) - [40ignition-ostree dracut module](https://github.com/coreos/fedora-coreos-config/tree/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree) (fedora-coreos-config) @@ -53,6 +52,14 @@ Currently when generating the ISO image we inject a label onto the root filesyst In contrast for PXE the squashfs is in the `live-initramfs` directly. +# /boot in the initramfs + +There are multiple services which access the `/boot` partition in the initramfs. They are (in running order): +- `ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition service to run (in parallel with the `-base` service). +- `coreos-copy-firstboot-network.service`: mounts `/boot` read-only to look for NetworkManager keyfiles. This unit runs after Ignition's `ignition-fetch-offline.service` but before networking is optionally brought up as part of `dracut-initqueue.service`. +- (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. +- `coreos-inject-rootmap.service`: mounts `/boot` read-write to append rootmap kargs to the BLS configs. This unit runs near the end of the initrd process, after `ignition-files.service. + # SELinux in the initramfs SELinux policy is loaded in the real root. This means that every file we create in the initramfs must be relabeled. See this code: https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel From c59d1ae5c226202dd9cd27256192733ddcb2eeab Mon Sep 17 00:00:00 2001 From: Joe Doss <joe@solidadmin.com> Date: Tue, 22 Sep 2020 13:13:47 -0500 Subject: [PATCH 068/238] Add info to Working Group Members section. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 32e1a83..8419197 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt) in `#fedora-coreos` on freenode - - `bash meeting-people.txt` + - `bash meeting-people.txt` - copy lines of output and paste into `#fedora-coreos` channel - Navigate to `#fedora-meeting-1` on freenode - Type `#startmeeting fedora_coreos_meeting` @@ -148,4 +148,4 @@ Working days: non-holiday weekdays. Relevant holidays are the national holidays # Working Group Members and Points of Contact -TBD +Please see [meeting-people.txt](https://github.com/jdoss/fedora-coreos-tracker/blob/master/meeting-people.txt). From 6ae14fae92a88e82c3246f8333cd7b204cf5d17c Mon Sep 17 00:00:00 2001 From: Joe Doss <joe@solidadmin.com> Date: Tue, 22 Sep 2020 13:15:53 -0500 Subject: [PATCH 069/238] Update Twitter handle and URL. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8419197..39e2f32 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ technologies and produce Fedora CoreOS. - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) -- Twitter: [@fedora](https://twitter.com/fedora) +- Twitter: [@fedoracoreos](https://twitter.com/fedoracoreos) # Roadmap/Plans From 7fd716094a5e26144fe3703ba0642a804d095bf9 Mon Sep 17 00:00:00 2001 From: Joe Doss <joe@solidadmin.com> Date: Wed, 23 Sep 2020 10:31:24 -0500 Subject: [PATCH 070/238] Fix URL to meeting-people.txt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 39e2f32..d9068a9 100644 --- a/README.md +++ b/README.md @@ -148,4 +148,4 @@ Working days: non-holiday weekdays. Relevant holidays are the national holidays # Working Group Members and Points of Contact -Please see [meeting-people.txt](https://github.com/jdoss/fedora-coreos-tracker/blob/master/meeting-people.txt). +Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt). From f15e48ad9fe2072514743107c3dea052c8e0392a Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Thu, 24 Sep 2020 10:53:36 -0400 Subject: [PATCH 071/238] Document aleph version --- internals/README-internals.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/internals/README-internals.md b/internals/README-internals.md index 8dd1ed9..8045364 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -33,3 +33,10 @@ In [this tracker issue](https://github.com/coreos/fedora-coreos-tracker/issues/2 We use chrony, with some [additional custom logic for specific clouds](https://github.com/coreos/fedora-coreos-config/blob/faf387eac89d14924a1e2021d2093d0cdb8af8b3/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony). See also DHCP propagation: https://github.com/coreos/fedora-coreos-config/pull/412 + +# Aleph version + +`rpm-ostree status` will show admins the state of the ostree, but a few things live outside that and are not subject to in place updates. For example, the on-disk filesystem (default `xfs`) and its specific layout, as well as the bootloader. + +See [this pull request](https://github.com/coreos/coreos-assembler/pull/768/commits/2701e91838e18d3eac0694fd0a5f003befcfb218) which added `/sysroot/.coreos-aleph-version.json` that can be used to track the version of that data. + From a3eafa6a85e0c39118111e1a9476b5befd047881 Mon Sep 17 00:00:00 2001 From: Micah Abbott <miabbott@redhat.com> Date: Tue, 27 Oct 2020 11:41:17 -0400 Subject: [PATCH 072/238] instructions for requesting new packages An initial set of instructions on how to request a new package be added to FCOS. This can be folded into a chooser option for new issues, if desired. Closes #641 --- NEWPACKAGE.md | 19 +++++++++++++++++++ README.md | 11 +++++++++++ 2 files changed, 30 insertions(+) create mode 100644 NEWPACKAGE.md diff --git a/NEWPACKAGE.md b/NEWPACKAGE.md new file mode 100644 index 0000000..ba54c03 --- /dev/null +++ b/NEWPACKAGE.md @@ -0,0 +1,19 @@ +# Request to Include a New Package in Fedora CoreOS + +If you would like to propose the inclusion of a new package into the base +content set of Fedora CoreOS, please open a [new issue](https://github.com/coreos/fedora-coreos-tracker/issues/new) +with the following questions answered. The more detail provided for each +question, the better informed everyone will be. + +Please title the new issue: `Package Request: <name of package>` + +1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) +2. What is the size of the package and its dependencies? +3. What problem are you trying to solve with this package? Or what functionality does the package provide? +4. Can the software provided by the package be run from a container? Explain why or why not. +5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? +6. Can the tool(s) provided by the package be helpful in debugging networking issues? +7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. +8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? +9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) +10. Does the software provided by the package have a history of CVEs? \ No newline at end of file diff --git a/README.md b/README.md index d9068a9..c921936 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,17 @@ Fedora CoreOS is available for general use and no longer in preview. We're continuing to add more platforms and functionality, fix bugs, and write documentation. Please try out Fedora CoreOS and give us feedback! +# Adding Packages to Fedora CoreOS + +We often find people asking for a particular package to be added to the base set of +packages included in Fedora CoreOS. One of the goals of Fedora CoreOS is to +remain as lean as possible, without impacting overall usability for our users. +Thus, new package requests are carefully scrutinized to weigh the benefits and +drawbacks of adding an additional package. + +If you would like to propose the inclusion of a new package in the base set of packages, +please follow the instructions for [requesting a new package](NEWPACKAGE.md). + # Releases See [RELEASES.md](RELEASES.md). From 9a35f5df1076814dacb087bba7178b69567dcd0a Mon Sep 17 00:00:00 2001 From: Micah Abbott <miabbott@redhat.com> Date: Wed, 28 Oct 2020 15:55:25 -0400 Subject: [PATCH 073/238] Bug Report + New Package templates (#656) * Bug Report + New Package templates I took a guess at what would be good for the bug report template. The new package template is taken from #655. Co-authored-by: Dusty Mabe <dusty@dustymabe.com> --- .github/ISSUE_TEMPLATE/bug-report.md | 30 +++++++++++++++++++ .../ISSUE_TEMPLATE/requesting-new-package.md | 30 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug-report.md create mode 100644 .github/ISSUE_TEMPLATE/requesting-new-package.md diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 0000000..e0e2d3f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,30 @@ +--- +name: Bug Report +about: Report issues/problems with Fedora CoreOS +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. +2. +3. + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**System Details:** + - Bare Metal/QEMU/AWS/GCP/etc + - Fedora CoreOS version + +**Ignition Configuration** +Please attach your FCCT or Ignition configuration used to provision your system. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/requesting-new-package.md b/.github/ISSUE_TEMPLATE/requesting-new-package.md new file mode 100644 index 0000000..77ba564 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/requesting-new-package.md @@ -0,0 +1,30 @@ +--- +name: Requesting New Package +about: Request a new package be added to Fedora CoreOS +title: 'New Package Request: <package name>' +labels: '' +assignees: '' + +--- + +Please try to answer the following questions about the package you are requesting: + +1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) + +2. What is the size of the package and its dependencies? + +3. What problem are you trying to solve with this package? Or what functionality does the package provide? + +4. Can the software provided by the package be run from a container? Explain why or why not. + +5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? + +6. Can the tool(s) provided by the package be helpful in debugging networking issues? + +7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. + +8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? + +9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) + +10. Does the software provided by the package have a history of CVEs? From 80aca9496c97a2f5f7c6be31d1f6ad6ebe229426 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Oct 2020 10:34:54 -0400 Subject: [PATCH 074/238] Clean up issue templates (#658) * templates: textual cleanups * templates: add enhancement template It doesn't really have anything in it, but it'd be good to have an enhancement button in the template picker. * templates: add issue labels * templates: fix typo in legacy template * Drop redundant new package checklist --- .github/ISSUE_TEMPLATE.md | 2 +- .github/ISSUE_TEMPLATE/bug-report.md | 23 +++++++++++-------- .github/ISSUE_TEMPLATE/enhancement.md | 18 +++++++++++++++ ...questing-new-package.md => new-package.md} | 6 ++--- NEWPACKAGE.md | 19 --------------- README.md | 2 +- 6 files changed, 36 insertions(+), 34 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/enhancement.md rename .github/ISSUE_TEMPLATE/{requesting-new-package.md => new-package.md} (91%) delete mode 100644 NEWPACKAGE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 7e6d2f3..ef46026 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,4 +1,4 @@ <!-- -If reporting a bug in Fedore CoreOS, please include the +If reporting a bug in Fedora CoreOS, please include the output of `rpm-ostree status`. --> diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index e0e2d3f..9460b43 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -1,8 +1,8 @@ --- -name: Bug Report -about: Report issues/problems with Fedora CoreOS +name: Report a bug +about: Report an issue with Fedora CoreOS title: '' -labels: '' +labels: 'kind/bug' assignees: '' --- @@ -10,7 +10,7 @@ assignees: '' **Describe the bug** A clear and concise description of what the bug is. -**To Reproduce** +**Reproduction steps** Steps to reproduce the behavior: 1. 2. @@ -19,12 +19,15 @@ Steps to reproduce the behavior: **Expected behavior** A clear and concise description of what you expected to happen. -**System Details:** - - Bare Metal/QEMU/AWS/GCP/etc +**Actual behavior** +A clear and concise description of what actually happened. + +**System details** + - Bare Metal/QEMU/AWS/GCP/etc. - Fedora CoreOS version -**Ignition Configuration** -Please attach your FCCT or Ignition configuration used to provision your system. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? +**Ignition config** +Please attach your FCC or Ignition config used to provision your system. Be sure to sanitize any private data. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? -**Additional context** -Add any other context about the problem here. +**Additional information** +Add any other information about the problem here. diff --git a/.github/ISSUE_TEMPLATE/enhancement.md b/.github/ISSUE_TEMPLATE/enhancement.md new file mode 100644 index 0000000..f89404b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.md @@ -0,0 +1,18 @@ +--- +name: Request an enhancement +about: Request a new feature in Fedora CoreOS +title: '' +labels: 'kind/enhancement' +assignees: '' + +--- + +**Describe the enhancement** +A clear and concise description of the desired feature. + +**System details** + - Bare Metal/QEMU/AWS/GCP/etc. + - Fedora CoreOS version + +**Additional information** +Add any other information here. diff --git a/.github/ISSUE_TEMPLATE/requesting-new-package.md b/.github/ISSUE_TEMPLATE/new-package.md similarity index 91% rename from .github/ISSUE_TEMPLATE/requesting-new-package.md rename to .github/ISSUE_TEMPLATE/new-package.md index 77ba564..1c2baa3 100644 --- a/.github/ISSUE_TEMPLATE/requesting-new-package.md +++ b/.github/ISSUE_TEMPLATE/new-package.md @@ -1,8 +1,8 @@ --- -name: Requesting New Package -about: Request a new package be added to Fedora CoreOS +name: Request a new package +about: Ask for a new package to be added to Fedora CoreOS title: 'New Package Request: <package name>' -labels: '' +labels: 'kind/enhancement' assignees: '' --- diff --git a/NEWPACKAGE.md b/NEWPACKAGE.md deleted file mode 100644 index ba54c03..0000000 --- a/NEWPACKAGE.md +++ /dev/null @@ -1,19 +0,0 @@ -# Request to Include a New Package in Fedora CoreOS - -If you would like to propose the inclusion of a new package into the base -content set of Fedora CoreOS, please open a [new issue](https://github.com/coreos/fedora-coreos-tracker/issues/new) -with the following questions answered. The more detail provided for each -question, the better informed everyone will be. - -Please title the new issue: `Package Request: <name of package>` - -1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) -2. What is the size of the package and its dependencies? -3. What problem are you trying to solve with this package? Or what functionality does the package provide? -4. Can the software provided by the package be run from a container? Explain why or why not. -5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? -6. Can the tool(s) provided by the package be helpful in debugging networking issues? -7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. -8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? -9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) -10. Does the software provided by the package have a history of CVEs? \ No newline at end of file diff --git a/README.md b/README.md index c921936..568e924 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Thus, new package requests are carefully scrutinized to weigh the benefits and drawbacks of adding an additional package. If you would like to propose the inclusion of a new package in the base set of packages, -please follow the instructions for [requesting a new package](NEWPACKAGE.md). +please file a [new package request](https://github.com/coreos/fedora-coreos-tracker/issues/new?labels=kind/enhancement&template=new-package.md&title=New+Package+Request%3A+%3Cpackage+name%3E). # Releases From 4a4917ac70e5a6994ab56f56ea1e5042c9f6e931 Mon Sep 17 00:00:00 2001 From: Jason Brooks <jbrooks@redhat.com> Date: Wed, 18 Nov 2020 08:37:03 -0800 Subject: [PATCH 075/238] add jbrooks --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 9c3bb8e..7920c12 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,3 +11,4 @@ lorbus miabbott nasirhm skunkerk +jbrooks From 5dc8b22654e1da4a79f7b45fc11711f3456c73ea Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@backtick.net> Date: Wed, 18 Nov 2020 11:39:10 -0500 Subject: [PATCH 076/238] meeting-people: sort --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 7920c12..a294159 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -5,10 +5,10 @@ exit 0 darkmuggle davdunc dustymabe +jbrooks jdoss jlebon lorbus miabbott nasirhm skunkerk -jbrooks From eafdd40cad84d51df7e909a2a7be94e5f54718b2 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 18 Nov 2020 19:51:37 -0500 Subject: [PATCH 077/238] templates: add template for requesting a new platform Requestors are unlikely to have all this information up front, but it'd be good to document what information we need and have a centralized place to collect it. --- .github/ISSUE_TEMPLATE/new-platform.md | 32 ++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/new-platform.md diff --git a/.github/ISSUE_TEMPLATE/new-platform.md b/.github/ISSUE_TEMPLATE/new-platform.md new file mode 100644 index 0000000..c484e47 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-platform.md @@ -0,0 +1,32 @@ +--- +name: Request a new platform +about: Ask for Fedora CoreOS to support a new cloud environment +title: 'Platform Request: <platform name>' +labels: 'area/platforms, kind/enhancement' +assignees: '' + +--- + +In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can. + +- [ ] Why is the platform important? Who uses it? + +- [ ] What is the official name of the platform? Is there a short name that's commonly used in client API implementations? + +- [ ] How can the OS retrieve instance userdata? What happens if no userdata is provided? + +- [ ] Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided? + +- [ ] How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service? + +- [ ] In particular, how can the OS retrieve the system hostname? + +- [ ] Does the platform require the OS to have a specific console configuration? + +- [ ] Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required? + +- [ ] Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository? + +- [ ] How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected? + +- [ ] Are there any other platform quirks we should know about? From 101993494092b1c9a920e921568e6942b7cf29ea Mon Sep 17 00:00:00 2001 From: Kelvin Fan <kfan@redhat.com> Date: Mon, 23 Nov 2020 14:23:07 -0500 Subject: [PATCH 078/238] internals: Document new `coreos-boot-edit.service` --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index dd0e28b..2e06768 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -58,7 +58,7 @@ There are multiple services which access the `/boot` partition in the initramfs. - `ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition service to run (in parallel with the `-base` service). - `coreos-copy-firstboot-network.service`: mounts `/boot` read-only to look for NetworkManager keyfiles. This unit runs after Ignition's `ignition-fetch-offline.service` but before networking is optionally brought up as part of `dracut-initqueue.service`. - (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. -- `coreos-inject-rootmap.service`: mounts `/boot` read-write to append rootmap kargs to the BLS configs. This unit runs near the end of the initrd process, after `ignition-files.service. +- `coreos-boot-edit.service`: mounts `/boot` read-write late in the initramfs process after `ignition-files.service` to make final edits (e.g. remove firstboot networking configuration files if necessary, append rootmap kargs to the BLS configs). # SELinux in the initramfs From b656bdba4069bed90e49e8bebf75e37c08a76983 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Wed, 2 Dec 2020 17:16:21 -0500 Subject: [PATCH 079/238] README-initramfs.md: add section about networking This documents the design in #460 with some more implementation details. This came up in discussions today while talking about #689, so let's write it down somewhere so it's easier to reference in the future. Closes: #460 --- internals/README-initramfs.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 2e06768..3234475 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -64,6 +64,14 @@ There are multiple services which access the `/boot` partition in the initramfs. SELinux policy is loaded in the real root. This means that every file we create in the initramfs must be relabeled. See this code: https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel +# Networking + +By default, the initramfs does not try to enable networking if it's not needed. This is important in the live ISO case. Software may request networking if they require it. For example, if Ignition detects a config which requires the network, it writes a stamp file at `/run/ignition/neednet` which we then detect and translate into `rd.neednet=1` via `coreos-enable-network.service`. For any other situation in which FCOS needs networking, we should add a triggering condition to that service. In the future if more cases are added, we may provide a cleaner API which does not require continuously expanding this list. + +For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460. + +Actually configuring the network in the initramfs is discussed in depth in the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). + # Reprovisioning the root A big recent effort is [reprovisioning the root filesystem](https://github.com/coreos/fedora-coreos-tracker/issues/94). This will make the "subsequent" boot path work differently based on configuration. From 2df81d4032a4139e101db238903671f1ef89cd62 Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Tue, 12 Jan 2021 21:35:12 +0000 Subject: [PATCH 080/238] metadata: Link to projects/code, also note coreos-assembler Let's make it easier to piece together the awesome Rube Goldberg series of JSON transformations that take a cosa build to a stream. --- metadata/README.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/metadata/README.md b/metadata/README.md index f08f5a1..91c84aa 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -8,13 +8,15 @@ The following types of metadata exist: * updates metadata * release index * release metadata + * coreos-assembler builds ## Stream metadata This document contains details about latest available artifacts, on each stream. * URL: `https://builds.coreos.fedoraproject.org/streams/${stream}.json` - * Usage: consumed by the [getfedora.org download page](https://getfedora.org/en/coreos/download/) + * Usage: Primary entrypoint for users. Documented at https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/ + and e.g. consumed by the [getfedora.org download page](https://getfedora.org/en/coreos/download/) * (TODO) stream metadata JSON schema * [stream metadata sample][stream-sample] * [comments and rationale][stream-rationale] @@ -22,6 +24,11 @@ This document contains details about latest available artifacts, on each stream. [stream-sample]: ./stream/sample.json [stream-rationale]: ./stream/rationale.yaml +Projects/Code: + + - https://github.com/coreos/stream-metadata-go + - https://github.com/coreos/fedora-coreos-stream-generator/ + ## Updates metadata This document contains details about updates and rollouts, on each stream. @@ -50,6 +57,10 @@ This piece of metadata is meant to list all existing releases, on each stream. [release-index-sample]: ./release-index/sample.json [release-index-specs]: ./release-index/specifications.md +Projects/Code: + + - https://github.com/coreos/coreos-assembler/blob/master/mantle/cmd/plume/release.go + ## Release metadata This document contains details about artifacts belonging to each release. @@ -60,3 +71,13 @@ This document contains details about artifacts belonging to each release. * [release metadata sample][release-sample] [release-sample]: ./release/sample.json + +## CoreOS Assembler builds + +This is the primary artifact of coreos-assembler, which turns +RPMs and our configuration into images and ostree commits. + +Projects: + + - https://github.com/coreos/coreos-assembler + - https://github.com/coreos/fedora-coreos-releng-automation/blob/master/coreos-meta-translator/trans.py From 827734ba36d1047c5b76ddb378722ac4e452bb07 Mon Sep 17 00:00:00 2001 From: Jaime Magiera <39681031+JaimeMagiera@users.noreply.github.com> Date: Wed, 13 Jan 2021 11:34:48 -0500 Subject: [PATCH 081/238] Add PanGoat Add PanGoat --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index a294159..8ca669d 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -12,3 +12,4 @@ lorbus miabbott nasirhm skunkerk +PanGoat From 46f06a77dc7bb8df258b484af25d2974a249e54e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@backtick.net> Date: Wed, 13 Jan 2021 13:04:28 -0500 Subject: [PATCH 082/238] meeting-people: sort alphabetically --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 8ca669d..7b3f40a 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,5 +11,5 @@ jlebon lorbus miabbott nasirhm -skunkerk PanGoat +skunkerk From 493362b0f20b1346e759ad4b46ee295cbc84208d Mon Sep 17 00:00:00 2001 From: Micah Abbott <miabbott@redhat.com> Date: Thu, 4 Feb 2021 14:36:53 -0500 Subject: [PATCH 083/238] add minutes from FCOS community sessions During the CoreOS Virtual F2F, we held two sessions open to the community to discuss: - Growing the Fedora CoreOS Community - Making Fedora CoreOS an Official Fedora Edition This captures the HackMD contents from those two sessions. --- docs/20210204_fcos_official_edition.md | 62 ++++++++++++++++++++ docs/20210204_growing_fcos_community.md | 76 +++++++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 docs/20210204_fcos_official_edition.md create mode 100644 docs/20210204_growing_fcos_community.md diff --git a/docs/20210204_fcos_official_edition.md b/docs/20210204_fcos_official_edition.md new file mode 100644 index 0000000..d53ae88 --- /dev/null +++ b/docs/20210204_fcos_official_edition.md @@ -0,0 +1,62 @@ +# Fedora CoreOS Meetup - Fedora CoreOS as an Official Edition + +Fedora Change : https://fedoraproject.org/wiki/Changes/FedoraCoreOS + +Key concepts : +* There is no Fedora CoreOS 33 or 34, I don't think we want to align with the 6 months release cadence of other Fedora Editions. +* How can we integrate within Fedora's process, keeping our fortnigthly release cycle. + + +General Feedback was how do we integrate with the Fedora process + +Fedora's [Edition promotion policy](https://docs.fedoraproject.org/en-US/council/policy/edition-promotion-policy/) +* Development and how we integrate with Fedora's change proposal process ? (Review, Propose Changes) +* Go/No Go process ? Release Blockers +* Release Criteria ? +* When do we switch streams to the latest Fedora base (F33 -> F34, etc...)? +* How do we coordinate with other teams + * Docs + * Marketing + * Translation + * Magazine + * Web +* How much effort do we want to put into making FCOS an edition ? What are the benefits ? +* Have you asked anyone who has gone through this process if it was useful to them? + +## Notes + +- [miabbott/cverna] Short introduction +- [mattdm] how does "we don't have releases" work with the release blocker process? +- [bgilbert] we ship the stable stream later than major Fedora releases for this reason; may not be desirable in all cases. if there is a blocker that only affects FCOS, we may not want to hold the other releases. +- [mattdm] publicity is a factor of concern here +- [bcotton] user perspective on release day is problematic; "why am i getting older Fedora bits?" +- [walters] we think we can address all these concerns over time. i.e. ubuntu has similar issues with software upater/apt - https://www.reddit.com/r/Ubuntu/comments/aofv57/software_updater_lags_behind_apt/ +- [sumantro] Blocker Bugs for Fedora tracked in BZ; FCOS tracks issues in GH +- [bgilbert] FCOS is an appliance, uses automatic updates. Breaking updates incentivizes users to turn off auto-updates. Streams exist towards this goal. +- [mattdm] automatic updates are a selling point; we should use it to our advantage +- [travier/bcotton/mattdm] <discussion of how to rectify how classic Fedora + FCOS handle change proposals, etc> +- [jligon] e.g. If I want to remove Docker from FCOS, do I submit a change to FCOS only, Fedora proper, somewhere on GH? +- [mattdm] feels like a self-contained change; would be discussed by stakeholders and publicized appropriately (picked up by LWN, Phoronix, etc) +- [mattdm] FCOS changes being part of existing Fedora change process is desirable +- [walters] bootupd should have been a change request; but sometimes we need to ship something downstream faster than Fedora allows +- [bgilbert] prefer not stacking big changes around major release; easier for change management +- [bcotton] window between self-contained change proposal and GA is only 3months +- [cglombek] there are still usecases where Fedora Server is better suited (firewall, RPM modules, etc) +- [mattdm] FCOS will likely sit alongside Fedora Server for a while +- [walters] I don't think it's a good idea overall to chain FCOS Edition status into Server's edition status +- [mattdm] should develop an async process for ??? +- [cverna] promoting between streams is gated on testing; what does the formalized process look like +- [cglombek] https://github.com/coreos/enhancements that are going to affect the rest of Fedora, we should "upstream" those enhancements to proper Fedora Change Requests. conversely, Fedora Chagne Requests that affect FCOS should get better review by FCOS +- [walters] we could use an arbitrary component in BZ to capture problems for FCOS +- [dmabe] there is an FCOS component, but it directs folks to use GH issue tracker +- [sumantro] get some basic criteria around stream promotion; can't catch everything in CI; https://fedoraproject.org/wiki/Fedora_Release_Criteria +- [walters] A good example of not-CI currently for us is multi-arch +- [bgilbert] our decision process so far has been case-by-case and consensus-driven +- [jlebon] we should be doing more talking/communication on Fedora devel around change requests that affect FCOS +- [jligon] is there a tradeoff where becoming an official top-level edition where some decision making is surrendered? +- [bcotton] there is some latitude for editions for change proposals; there is marketing/UX benefits to be closer to the rest of Fedora. tl;dr - case by case basis +- [travier] our release criteria exists in CI; we do evaluate each update that we ship is safe to use. when issues are found, we have more options to prevent those issues from being released (i.e downgrades, pinned packages, etc) +- [bgilbert] we snapshot bodhi stable that gets promoted into the testing stream; pkgs are not pinned for an extended amount of time. we do more post-processing than most of Fedora. +- [mattdm] it would be beneficial to check in with mindshare team regularly +- **[sumantro] would like to volunteer to be mindshare rep for FCOS** + diff --git a/docs/20210204_growing_fcos_community.md b/docs/20210204_growing_fcos_community.md new file mode 100644 index 0000000..a1a086c --- /dev/null +++ b/docs/20210204_growing_fcos_community.md @@ -0,0 +1,76 @@ +# 20210204_Growing-FCOS-Community + +- Execution + - Stability: we might lose users if we have instability and "manual intervention" + - Availability in more cloud providers + +- Freely available information/resources + - Publishing release notes + - https://github.com/coreos/fedora-coreos-tracker/issues/194 + - More comprehensive documentation + +- Outreach + - Community event coordination + - especially at conferences we don’t normally have representation + - but also making sure we are present at our regular conferences + - Working with more upstream projects that integrate Fedora CoreOS + - Typhoon has picked us up on their own + - Have others tried and had trouble? + - GSoC/Outreachy FCOS projects + +- Staying in the conversation + - More articles/posts about Fedora CoreOS + - Fedora Magazine, opensource.com, personal blogs, etc + - Podcasts, etc.. + - Boosting our Twitter presence + +- Indirect Progress + - Promoting containerized workflows + - Helping to containerize the world + - If it's not easy to run XYZ workflow in containers people can't use FCOS + +## Running Notes + +Recurring Fedora Events: +- Nest with Fedora/Flock to Fedora +- Release Parties (2 per year) +- Fedora Women's Day +- Video Council Meetings +- Social Hours + +Fedora Content outlets: +- Community Blog: https://communityblog.fedoraproject.org/writing-community-blog-article/ +- Fedora Magazine: https://docs.fedoraproject.org/en-US/fedora-magazine/contributing/ +- Fedora Planet: http://fedoraplanet.org/ +- Podcast: https://x3mboy.fedorapeople.org/podcast/ +- Fedora Classroom: https://fedoraproject.org/wiki/Classroom +- Fedora Youtube: https://www.youtube.com/channel/UCnIfca4LPFVn8-FjpPVc1ow + + +Fedora Resources: +- Request swag: https://docs.fedoraproject.org/en-US/mindshare-committee/procedures/swag/ +- HopIn is accessible to Fedora. A formal process is currently being documented by Mindshare. You can request this resource here: https://pagure.io/mindshare/issues +- Community surveys are accessible to Fedora. There is a drop down template in the Mindshare repo for this request. https://pagure.io/mindshare/issues +- IRL Events (someday): https://docs.fedoraproject.org/en-US/mindshare-committee/small-events/ +- Design requests: https://pagure.io/design/issues +- Fedora Badges: https://badges.fedoraproject.org/ + - https://pagure.io/fedora-badges/issues +- How Do You Fedora? interviews: https://fedoramagazine.org/series/how-do-you-fedora/ + + + +[cverna] What is our messaging to other conferences? +[jbrooks] We can produce a slide deck that can be reused/customized for talks/presentation +[walters] Fedora very RPM-centric; would love to push us towards more pure containers +[travier] tried to run Fedora images for containerizing Matrix and hit issues; having trusted container images outside Dockerhub would be great +[cglombek] not producing enough Fedora containers; maintaining containers in Fedora has high requirements (i.e. must be packagers). also facing problem of where to publish community operators in OKD space. +[jbrooks/dmabe] identified a problem that we don't have the applications people want in our sphere of control (i.e don't have trusted containers for all apps). how can we improve the Fedora container story? +[cverna] need to have a better idea of who we are targeting with our content +[mperez] have connections with linux unplugged, can get FCOS discussed there; interested in producing more video content for communities (i.e. https://ceph.io/community/meetings/). working on templates for hosting this style of content. +[mnordin] FCOS has access to all the Fedora community tools above; willing to help move tickets along in various community resources +[sumantro] Fedora Classrooms would be a good outreach point +[sumantro] Adding FCOS to https://whatcanidoforfedora.org/ will be great. +[vipul] A bit different thing: opening a few GSoC/Outreachy projects can also bring a lot of eyes on the project. They are often not the best but it can help and also identify close all gaps in "How can I get started with FCOS" documentation +[dmabe/mperez] measuring stats for MLs, forums, GH tracker may be informative +[mnordin] would recommend starting with a user survey to gather a baseline from where to start from +[mperez] example survey - https://tracker.ceph.com/attachments/download/5323/Ceph%20User%20Survey%202020%20(3).pdf From 2186487dac48338be6f892c69cd0b4cb9b8579ef Mon Sep 17 00:00:00 2001 From: Clement Verna <cverna@tutanota.com> Date: Mon, 8 Feb 2021 13:17:37 +0100 Subject: [PATCH 084/238] Add the recording link for both sessions Signed-off-by: Clement Verna <cverna@tutanota.com> --- docs/20210204_fcos_official_edition.md | 2 ++ docs/20210204_growing_fcos_community.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/20210204_fcos_official_edition.md b/docs/20210204_fcos_official_edition.md index d53ae88..164c423 100644 --- a/docs/20210204_fcos_official_edition.md +++ b/docs/20210204_fcos_official_edition.md @@ -1,5 +1,7 @@ # Fedora CoreOS Meetup - Fedora CoreOS as an Official Edition +recording : https://www.youtube.com/watch?v=t5VAw8NRXNc + Fedora Change : https://fedoraproject.org/wiki/Changes/FedoraCoreOS Key concepts : diff --git a/docs/20210204_growing_fcos_community.md b/docs/20210204_growing_fcos_community.md index a1a086c..4955ff3 100644 --- a/docs/20210204_growing_fcos_community.md +++ b/docs/20210204_growing_fcos_community.md @@ -1,5 +1,7 @@ # 20210204_Growing-FCOS-Community +recording: https://www.youtube.com/watch?v=HSuBWeosAvQ + - Execution - Stability: we might lose users if we have instability and "manual intervention" - Availability in more cloud providers From cf31fb09921428e6a7cae43c9c937799d6e8570d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Thu, 18 Mar 2021 10:30:19 -0400 Subject: [PATCH 085/238] internals/initramfs: add more details about networking This was missing the bit about how Afterburn fits into the picture. --- internals/README-initramfs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 3234475..ebc2d64 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -68,9 +68,9 @@ SELinux policy is loaded in the real root. This means that every file we create By default, the initramfs does not try to enable networking if it's not needed. This is important in the live ISO case. Software may request networking if they require it. For example, if Ignition detects a config which requires the network, it writes a stamp file at `/run/ignition/neednet` which we then detect and translate into `rd.neednet=1` via `coreos-enable-network.service`. For any other situation in which FCOS needs networking, we should add a triggering condition to that service. In the future if more cases are added, we may provide a cleaner API which does not require continuously expanding this list. -For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460. +Network *enablement* is separate from network *configuration*. Afterburn handles rendering of network kernel arguments via [`afterburn-network-kargs.service`](https://github.com/coreos/afterburn/blob/7835d7cd316668e9dcddfa16d2f8f8b3fcbcdd2e/dracut/30afterburn/afterburn-network-kargs.service). On some platforms, it may use a backchannel to fetch the network kargs. By default, it will use `AFTERBURN_NETWORK_KARGS_DEFAULT`, which is defined in [the fedora-coreos-config repo](https://github.com/coreos/fedora-coreos-config/blob/10ebedac9628273a738872bdcac730bdb0bf1385/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf) to be `ip=dhcp,dhcp6`. -Actually configuring the network in the initramfs is discussed in depth in the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). +For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460 as well as the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). # Reprovisioning the root From e631565e1c7a021b47742e7b46cddb657a036f5c Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Thu, 25 Mar 2021 19:03:33 +0000 Subject: [PATCH 086/238] docs/ci-and-builds.md: Overview of CI and FCOS pipeline Trying to migrate content from https://github.com/coreos/fedora-coreos-tracker/issues/764 which is a proposal into a "how it works" that we can maintain over time. --- docs/ci-and-builds.md | 65 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 docs/ci-and-builds.md diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md new file mode 100644 index 0000000..a14cec4 --- /dev/null +++ b/docs/ci-and-builds.md @@ -0,0 +1,65 @@ +# CoreOS CI+build systems overview + +Fedora CoreOS is tied/related to 3 major things: + + - Upstream git repositores like github.com/coreos/ignition, github.com/coreos/rpm-ostree, github.com/coreos/fedora-coreos-config, etc. + - Actual releases of Fedora CoreOS via [the pipeline](https://github.com/coreos/fedora-coreos-pipeline) + - Downstream [RHEL CoreOS](https://github.com/openshift/os) + +## Infrastructure + +- Github (specifically [the coreos namespace](https://github.com/coreos/)) +- [quay.io](https://quay.io), specifically the [coreos-assembler](https://quay.io/coreos/coreos-assembler) namespace +- [CoreOS CI Jenkins](https://github.com/coreos/coreos-ci) +- [Fedora infrastructure](https://fedoraproject.org/wiki/Infrastructure) +- [OpenShift Prow](https://docs.ci.openshift.org/) + +--- + +## Upstream CI + +Most active repositories in the `coreos/` project are hooked up to at least one of 3 CI systems, being CoreOS CI Jenkins, Github Actions, or OpenShift Prow. These 3 are the ones we are focusing on. + +### CoreOS CI Jenkins + +It is what we use on various repositories, and is how FCOS is released today via [the pipeline](https://github.com/coreos/fedora-coreos-pipeline). +We have a lot of institutional knowledge around this and it gives us a place where we can easily control the end-to-end interactions. Jenkins is a well understood tool. + +This is deployed in [CentOS CI](https://wiki.centos.org/QaWiki/CI) which is a bare metal OpenShift cluster where nested virt is enabled. + +Also of key relevance is the [coreos-ci-lib](https://github.com/coreos/coreos-ci-lib) repository. + +### OpenShift Prow + +Prow is heavily oriented towards testing OpenShift *container* components. However, as of recently we enabled nested virt on the `build02` GCP cluster, which means we can create "container native" flows that still test the OS with [coreos-assembler](https://github.com/coreos/coreos-assembler/). + +A specific reason to include Prow is that it contains tight integration with OpenShift which we need for RHCOS, and it is also maintained and staffed by a team that e.g. also contains a budget and secrets for running infrastructure in public clouds. + +Examples can be found in the [openshift/release coreos/ folder](https://github.com/openshift/release/tree/master/ci-operator/config/coreos). + +### GitHub Actions + +Free for small scale, nice to use. This is a good option for per-repository specific things that don't need centralization. + +A good use case is e.g. validating rustfmt. + +Examples: + + - https://github.com/coreos/rpm-ostree/blob/master/.github/workflows/rust-lints.yml + +--- + +## quay.io/coreos-assembler namespace + +A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on #fedora-coreos IRC. + +### The buildroot container: quay.io/coreos-assembler/fcos-buildroot:testing-devel + +Since [this pull request](https://github.com/coreos/fedora-coreos-config/pull/740), there is also a FCOS-oriented "buildroot" container that can be used in all CI systems. + +## Fedora Infrastructure + +Maintained by a distinct team. FCOS and our container images include most content derived from Koji/Bodhi etc. + +It would potentially make sense to have some of our containers built in Fedora too, such as coreos-assembler. That would give us e.g. multi-arch. But that is not being pursued currently. + From b1673bfc90a96d72d504a82101200d84c40371ad Mon Sep 17 00:00:00 2001 From: Jaime Magiera <39681031+JaimeMagiera@users.noreply.github.com> Date: Wed, 7 Apr 2021 14:34:09 -0400 Subject: [PATCH 087/238] switched to jaimelm --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 7b3f40a..ccd26e3 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -5,11 +5,11 @@ exit 0 darkmuggle davdunc dustymabe +jaimelm jbrooks jdoss jlebon lorbus miabbott nasirhm -PanGoat skunkerk From c1d51bcf2d0ee4923dd17bc5865f10dfce6c4924 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 26 Apr 2021 16:50:22 -0400 Subject: [PATCH 088/238] Design: some updates based on practice Let's delete some content and fixup some wording based on what we've been doing rather than what we planned to do in the past. --- Design.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/Design.md b/Design.md index 194bafb..abd535b 100644 --- a/Design.md +++ b/Design.md @@ -46,9 +46,7 @@ Fedora CoreOS will have several refs for use on production machines. At any giv - `testing`: Periodic snapshot of the current Fedora release plus Bodhi `updates`. - `stable`: Promotion of a `testing` release, including any needed fixes. -- `next`: - 1. After Bodhi is enabled for the upcoming Fedora release, tracks that release; before then, tracks `testing`. - 2. After the upcoming kernel release has reached rc6 and before it goes final, tracks the rawhide kernel. After the kernel goes final and before it is included in the tracked Fedora release, tracks the kernel from Bodhi `updates-testing`. +- `next`: The `next` stream represents the future. It will often be used to experiment with new features and also test out rebases of our platform on top of the next major version of Fedora. All of these refs will be unversioned, in the sense that their names will not include the current Fedora major version. The stream cadences are not contractual, but will initially have two weeks between releases. The stream maintenance policies are also not contractual and may evolve from those described above, but changes will preserve the use cases and intended stability of each stream. @@ -67,17 +65,14 @@ There will also be some additional unversioned refs for the convenience of Fedor - `rawhide`: Nightly snapshot of rawhide. - `branched`: Nightly snapshot of the upcoming Fedora release after it is branched. -- `bodhi-updates`: Nightly snapshot of Bodhi `updates` for the Fedora release currently tracked by `testing`. -- `bodhi-updates-testing`: Nightly snapshot of Bodhi `updates-testing` for the Fedora release currently tracked by `testing`. ### Out-of-Cycle Releases Due to the promotion structure described above, `stable` can contain packages that are as much as four weeks out of date. Sometimes, however, there will be an important bugfix or security fix that cannot wait a month to reach `stable` (or two weeks to reach `next` or `testing`). In that case, the fix will be incorporated into out-of-cycle releases on affected streams. These releases will not affect the regular promotion schedules; for example, a fix might sit in `testing` for only a few days before it is promoted to `stable`. -A fix can take one of two forms: +If a fix is important enough for an out-of-cycle `stable` release, other affected release streams should be updated as well. -1. An updated package taken directly from Fedora -2. A minimal fix applied to the package version already present in the affected stream +In some cases it may make sense to apply a fix to `testing` but not issue an out-of-cycle release, allowing the fix to be picked up automatically when `testing` promotes to `stable`. We'll need infrastructure for both approaches, and the ability to choose between them on a case-by-case basis. Option 1 is cleaner and easier, but may not always be safe. Option 2 is especially useful for the kernel, where we'll want to fix individual bugs without pushing an entire stable kernel update directly to the `stable` stream. From 152989e30052208cd658d57fc9833dcc6e80f44e Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 26 Apr 2021 16:52:56 -0400 Subject: [PATCH 089/238] Design: major version rebasing strategy Add some details about how we approaching Fedora major version rebases. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/785 --- Design.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/Design.md b/Design.md index abd535b..4b86d8a 100644 --- a/Design.md +++ b/Design.md @@ -46,7 +46,7 @@ Fedora CoreOS will have several refs for use on production machines. At any giv - `testing`: Periodic snapshot of the current Fedora release plus Bodhi `updates`. - `stable`: Promotion of a `testing` release, including any needed fixes. -- `next`: The `next` stream represents the future. It will often be used to experiment with new features and also test out rebases of our platform on top of the next major version of Fedora. +- `next`: The `next` stream represents the future. It will often be used to experiment with new features and also test out rebases of our platform on top of the next major version of Fedora. See [Major Fedora Version Rebases](#major-fedora-version-rebases) for more info. All of these refs will be unversioned, in the sense that their names will not include the current Fedora major version. The stream cadences are not contractual, but will initially have two weeks between releases. The stream maintenance policies are also not contractual and may evolve from those described above, but changes will preserve the use cases and intended stability of each stream. @@ -74,11 +74,19 @@ If a fix is important enough for an out-of-cycle `stable` release, other affecte In some cases it may make sense to apply a fix to `testing` but not issue an out-of-cycle release, allowing the fix to be picked up automatically when `testing` promotes to `stable`. -We'll need infrastructure for both approaches, and the ability to choose between them on a case-by-case basis. Option 1 is cleaner and easier, but may not always be safe. Option 2 is especially useful for the kernel, where we'll want to fix individual bugs without pushing an entire stable kernel update directly to the `stable` stream. +### Major Fedora Version Rebases -If a fix is important enough for an out-of-cycle `stable` release, other affected release streams should be updated as well. +The release process integrates with Fedora's release milestones in the following ways: -In some cases it may make sense to apply a fix to `testing` but not issue an out-of-cycle release, allowing the fix to be picked up automatically when `testing` promotes to `stable`. +- Fedora Beta Release + - The `next` stream is switched over to the new release. +- Fedora Final Freeze + - The `next` stream switches to weekly releases to closely track the GA content set. +- Fedora General Availability + - Fedora CoreOS re-orients its release schedule in the following way: + - Week 0 (GA release): triple release;`next` with latest Fedora N content + - Week 1: triple release; `testing` release promoted from previous `next` + - Week 3: triple release; `stable` release promoted from previous `testing`, now fully rebased to Fedora N. `next` and `testing` are now in sync. ### Deprecation From 1abb0bfa7d99875deae080038a072082cd8ac843 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 01:21:59 -0400 Subject: [PATCH 090/238] templates: add checklist for rebasing to a new version of Fedora Based on https://github.com/coreos/fedora-coreos-config/blob/da55a2e50c2d/README.md#moving-to-a-new-major-version-n-of-fedora --- .github/ISSUE_TEMPLATE/rebase.md | 69 ++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/rebase.md diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md new file mode 100644 index 0000000..5ad0637 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -0,0 +1,69 @@ +# Rebase to a new version of Fedora (N) + +## Release engineering changes + +- [ ] Verify that a few tags have been created. These should have been created by releng scripts on branching: + +- `f${releasever}-coreos-signing-pending` +- `f${releasever}-coreos-continuous` + +- [ ] The tag info for the coreos-pool tag has the new release (N) and next release (N+1) signing keys (just to stay ahead of the curve) and removes the old release (N-2) signing key. The following commands view the current settings and then update the list to 32/33/34 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + +- `koji taginfo coreos-pool` +- `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` + +- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 31 key and untags them. + +``` +f31key=3c3359c4 +key=$f31key +untaglist='' +for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do + if koji buildinfo $build | grep $key 1>/dev/null; then + untaglist+="${build} " + echo "Adding $build to untag list" + fi +done + +# After verifying the list looks good: +# - koji untag-build coreos-pool $untaglist +``` + +## coreos-installer changes + +- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. + +## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] PR the result + +## Ship rebased `next` + +- [ ] Ship `next` +- [ ] Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + +## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` +- [ ] PR the result + +## Ship rebased `testing` + +- [ ] Ship `testing` +- [ ] Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). + +## Ship rebased `stable` + +- [ ] Ship `stable` +- [ ] Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). + +## Miscellaneous container updates + +- [ ] Rebase the coreos-assembler Dockerfile onto the new release +- [ ] Rebase the coreos-installer Dockerfile onto the new release From 9c7571e3695887ab8db6f52d6afa4ae2f90a7126 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Thu, 29 Apr 2021 14:28:20 -0400 Subject: [PATCH 091/238] Extra instructions for removing builds from coreos-pool --- .github/ISSUE_TEMPLATE/rebase.md | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5ad0637..5bf2f24 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -12,11 +12,13 @@ - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` -- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 31 key and untags them. +- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. + +Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: ``` -f31key=3c3359c4 -key=$f31key +f32key=12c944d0 +key=$f32key untaglist='' for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do if koji buildinfo $build | grep $key 1>/dev/null; then @@ -24,10 +26,25 @@ for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do echo "Adding $build to untag list" fi done +``` + +Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: + +``` +f32key=12c944d0 +key=$f32key +rpm -qai | grep -B 8 $key +``` + +If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. + +After verifying the list looks good: -# After verifying the list looks good: -# - koji untag-build coreos-pool $untaglist ``` +koji untag-build coreos-pool $untaglist +``` + +Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. ## coreos-installer changes From 9bef81d012e59d325e45e33913a29e599d3f82fb Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 15:24:59 -0400 Subject: [PATCH 092/238] templates: create sub-list for pool untagging --- .github/ISSUE_TEMPLATE/rebase.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5bf2f24..6d48d68 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -12,9 +12,11 @@ - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` -- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. +### Untag old packages -Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: +`koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: + +- [ ] Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: ``` f32key=12c944d0 @@ -28,7 +30,7 @@ for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do done ``` -Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: +- [ ] Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: ``` f32key=12c944d0 @@ -38,13 +40,13 @@ rpm -qai | grep -B 8 $key If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. -After verifying the list looks good: +- [ ] After verifying the list looks good: ``` koji untag-build coreos-pool $untaglist ``` -Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. +- [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. ## coreos-installer changes From 43c43c823b30ff7fb8f2ac07057cd49f089f7e73 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 15:25:25 -0400 Subject: [PATCH 093/238] templates: skip update barriers for now https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-781449178 --- .github/ISSUE_TEMPLATE/rebase.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6d48d68..6a6c5a7 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -62,7 +62,7 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `next` - [ ] Ship `next` -- [ ] Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- ~Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629).~ _(Skip for now, see https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-781449178)_ ## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` @@ -75,12 +75,12 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `testing` - [ ] Ship `testing` -- [ ] Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). +- ~Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ ## Ship rebased `stable` - [ ] Ship `stable` -- [ ] Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). +- ~Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ ## Miscellaneous container updates From 714e32d67bd79fcdb79d3bf9b5c5998668250671 Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Wed, 20 Jan 2021 20:22:16 +0000 Subject: [PATCH 094/238] metadata: Update example stream data to latest stable (including uncompressed-sha256) See https://github.com/coreos/stream-metadata-go/pull/11 This demonstrates that we now have `uncompressed-sha256`. --- metadata/stream/rationale.yaml | 17 +- metadata/stream/sample.json | 405 +++++++++++++++++++++++---------- 2 files changed, 302 insertions(+), 120 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index d2b7518..d354a38 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -22,7 +22,7 @@ architectures: location: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz signature: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - # Could also include artifact size/uncompressed-size/uncompressed-sha256 from meta.json + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 azure: release: 30.1.2.3 formats: @@ -31,6 +31,7 @@ architectures: location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 digitalocean: release: 30.1.2.3 formats: @@ -39,6 +40,7 @@ architectures: location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: @@ -47,6 +49,7 @@ architectures: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: @@ -55,34 +58,41 @@ architectures: location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 iso: disk: location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 pxe: kernel: location: https://artifacts.example.com/hkIj8FkCydT3lV9h signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 initramfs: location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 "installer.iso": disk: location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 installer-pxe: kernel: location: https://artifacts.example.com/EtqI0KsLIwZOHlCx signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 initramfs: location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 openstack: release: 30.1.2.3 formats: @@ -91,6 +101,7 @@ architectures: location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 packet: release: 30.1.2.3 formats: @@ -99,6 +110,7 @@ architectures: location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 qemu: release: 30.1.2.3 formats: @@ -107,6 +119,7 @@ architectures: location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 virtualbox: release: 30.1.2.3 formats: @@ -115,6 +128,7 @@ architectures: location: https://artifacts.example.com/yohsh2haiquaeYah.ova signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 vmware: release: 30.1.2.3 formats: @@ -123,6 +137,7 @@ architectures: location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 images: # Cloud images to be launched directly by users. These are in a diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index d1a2b41..5c1bc8e 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -1,125 +1,292 @@ { - "stream": "testing", - "metadata": { - "last-modified": "2019-09-06T16:01:35Z" - }, - "architectures": { - "x86_64": { - "artifacts": { - "aws": { - "release": "30.20190905.0", - "formats": { - "vmdk.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-aws.vmdk.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-aws.vmdk.xz.sig", - "sha256": "561c9011718e8524978160ebff50842ec91f9fdec2a26b93e258715d2e6c825b" - } - } - } - }, - "metal": { - "release": "30.20190905.0", - "formats": { - "installer-pxe": { - "kernel": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-kernel", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-kernel.sig", - "sha256": "db1a31d08b41bad712311d64436c51ea44ea8620f2044c23ff80b25caeb42b2c" - }, - "initramfs": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-initramfs.img", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-initramfs.img.sig", - "sha256": "ccb84e9ad2d6e49192f63edf05b2888f0006c8f561ba2e139774437b24536605" - } - }, - "installer.iso": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer.iso", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer.iso.sig", - "sha256": "838d38a733aaac4f53304bde19889008366da5316619ee4f47b46dd82c512437" - } + "stream": "stable", + "metadata": { + "last-modified": "2021-04-28T13:46:31Z" + }, + "architectures": { + "x86_64": { + "artifacts": { + "aliyun": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aliyun.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aliyun.x86_64.qcow2.xz.sig", + "sha256": "35e80ce08915e58459537b46e75236f4eec7c2974933d9a32de6922fbce84eea", + "uncompressed-sha256": "e23666a4e8c15bb80d2cbe2eff254037df0052d486c3841892c50025d40547a7" + } + } + } + }, + "aws": { + "release": "33.20210412.3.0", + "formats": { + "vmdk.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aws.x86_64.vmdk.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aws.x86_64.vmdk.xz.sig", + "sha256": "2dc2bd028edd52213c9a3a2ecc818307c2c5a0a13165747cbfeead4b8391e25b", + "uncompressed-sha256": "cc7f0061511bb9949e81aa4d8678ad8eed2b0a3ced956fa64b851502be7dfbbd" + } + } + } + }, + "azure": { + "release": "33.20210412.3.0", + "formats": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azure.x86_64.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azure.x86_64.vhd.xz.sig", + "sha256": "9eaa0504ba6c33bd5baf21335ada861b5e01e8628ba40bc04050a436b3626a05", + "uncompressed-sha256": "2593ac3d4e152fbbde9d7a5b1f0f69746a807148e1dbf64aa4f657da170dcece" + } + } + } + }, + "digitalocean": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-digitalocean.x86_64.qcow2.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-digitalocean.x86_64.qcow2.gz.sig", + "sha256": "2b0c7a697005f00bd99edd2c3bae80f258287843de6dc4e5d79b6ec1b6afb863" + } + } + } + }, + "exoscale": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-exoscale.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-exoscale.x86_64.qcow2.xz.sig", + "sha256": "4acb935fb4ef51c971172f4c71c81ba5fdf659aaad25be6fee83b83a6387cc32", + "uncompressed-sha256": "459ace6388d56fc90281de7ee97dd4cc4cfa61143a894d24d3cf0ccf235ff07e" + } + } + } + }, + "gcp": { + "release": "33.20210412.3.0", + "formats": { + "tar.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-gcp.x86_64.tar.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-gcp.x86_64.tar.gz.sig", + "sha256": "76fcc10bbba4517678217a81f95095702e83dc8ed3a2bc2d10062de214b55396" + } + } + } + }, + "ibmcloud": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-ibmcloud.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-ibmcloud.x86_64.qcow2.xz.sig", + "sha256": "aa1db0898fb88aae956343b99ca70975bd821050f274a79f63d18a2e2a489e26", + "uncompressed-sha256": "cd7d5b979e15336e4c9b44f25cf86927fe4780b5775c2d02fe4f71827d820d4c" + } + } + } + }, + "metal": { + "release": "33.20210412.3.0", + "formats": { + "4k.raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal4k.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal4k.x86_64.raw.xz.sig", + "sha256": "c99e07bbdcb72615830985ddd1d63ab21779b874248952f15fd937ade5593c1c", + "uncompressed-sha256": "8d6508b36095b78c6d306b0857a4a6272f5c25515a5c2f591f434290d63d88e1" + } + }, + "iso": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live.x86_64.iso", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live.x86_64.iso.sig", + "sha256": "97b7aed0086509c2187a4a9f91199aba7c430a5f9aface4e7b06cbcc664a0b4d" + } + }, + "pxe": { + "kernel": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-kernel-x86_64", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-kernel-x86_64.sig", + "sha256": "28314d6a50610dd342684d6edd19f386b8b8ee150f924775d81408be1987c3d8" + }, + "initramfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-initramfs.x86_64.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-initramfs.x86_64.img.sig", + "sha256": "5c7c0cc0a8c5d7a1894599ea1d1f5311a1cba0c8530decf9481d7e6cfc1873b7" + }, + "rootfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-rootfs.x86_64.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-rootfs.x86_64.img.sig", + "sha256": "50e63eddc657b24b86d53fbc267441d5e7e7c43eaac58ad9998dadd6141dc0b6" + } + }, + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal.x86_64.raw.xz.sig", + "sha256": "6d18380dad77b8670767bb082bb6f55ae4381b2b1d4a7405d8a9cdb6e6678263", + "uncompressed-sha256": "c8335d11257d33f7c68ce9720fd35ce0dfd008695348b58c7882d504eed974ed" + } + } + } + }, + "openstack": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-openstack.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-openstack.x86_64.qcow2.xz.sig", + "sha256": "2270ae870cb036d650bb496c94c3fc815126daaa6bebf5b43c348da00e788dab", + "uncompressed-sha256": "5c7e9e072ed6adc4f70ee78deaf5bde76426afcc35f620dad31d8b3eb697e16d" + } + } + } + }, + "qemu": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu.x86_64.qcow2.xz.sig", + "sha256": "8dce159f743c777fe9c429648e8a16928b55d0c1bc8e599a82ba71870fdc5e5a", + "uncompressed-sha256": "a21be448bb0ceee7a373cae232c4cadd979c3db844521d3c10888e42c405c684" + } + } + } + }, + "vmware": { + "release": "33.20210412.3.0", + "formats": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vmware.x86_64.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vmware.x86_64.ova.sig", + "sha256": "0a6c622006e2a13444fc1145970b8a54f52901817165c74b9d265d8ccfc9135d" + } + } + } + }, + "vultr": { + "release": "33.20210412.3.0", + "formats": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vultr.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vultr.x86_64.raw.xz.sig", + "sha256": "6c6a42c8399881e1ecb0ba088b389b4e20a394dacc3dab91f221fe18e5006557", + "uncompressed-sha256": "835f97b63f18031f0eb830ee8766c6be8fec1e52f689156e761a92cd3573f4bb" + } + } + } + } }, - "raw.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-metal.raw.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-metal.raw.xz.sig", - "sha256": "018c0d5d2f9310608aea5fa4e62e6b22ed8df874fd13ecadc39db16e4706edd8" - } - } - } - }, - "openstack": { - "release": "30.20190905.0", - "formats": { - "qcow2.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-openstack.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-openstack.qcow2.xz.sig", - "sha256": "7b6608f03bcf98f41494c0a71fa518256798065c2516ff757e6bdd766f870ede" - } - } - } - }, - "azure": { - "release": "30.20190905.0", - "formats": { - "vhd.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", - "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" - } - } - } - }, - "aliyun": { - "release": "30.20190905.0", - "formats": { - "qcow2.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", - "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" - } - } - } - }, - "qemu": { - "release": "30.20190905.0", - "formats": { - "qcow2.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-qemu.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-qemu.qcow2.xz.sig", - "sha256": "ed5a960dde75ed25607765eaf3f4988110424e2293fad4731332b6496eadbaed" - } - } - } - }, - "vmware": { - "release": "30.20190905.0", - "formats": { - "ova": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-vmware.ova", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-vmware.ova.sig", - "sha256": "1f9af0eecdbbab216576143970826bef7de308298a94cd723b47be30288ad0a1" - } - } - } - } - }, - "images": { - "aws": { - "regions": { - "us-east-1": { - "release": "30.20190905.0", - "image": "ami-0cdf885a13ed855fc" + "images": { + "aws": { + "regions": { + "af-south-1": { + "release": "33.20210412.3.0", + "image": "ami-09d422b66ac91ab2a" + }, + "ap-east-1": { + "release": "33.20210412.3.0", + "image": "ami-05fdddb8ebfcdbbbd" + }, + "ap-northeast-1": { + "release": "33.20210412.3.0", + "image": "ami-0ecf122c9a4ec0c2f" + }, + "ap-northeast-2": { + "release": "33.20210412.3.0", + "image": "ami-08fd2b5b39b93b5ff" + }, + "ap-northeast-3": { + "release": "33.20210412.3.0", + "image": "ami-023a068f639e4d9dc" + }, + "ap-south-1": { + "release": "33.20210412.3.0", + "image": "ami-0bc108bb69dab2855" + }, + "ap-southeast-1": { + "release": "33.20210412.3.0", + "image": "ami-025fce39a4b9582a8" + }, + "ap-southeast-2": { + "release": "33.20210412.3.0", + "image": "ami-09186d20538071e92" + }, + "ca-central-1": { + "release": "33.20210412.3.0", + "image": "ami-0a186cd7e55176be2" + }, + "eu-central-1": { + "release": "33.20210412.3.0", + "image": "ami-06a0c31e4cba0c54d" + }, + "eu-north-1": { + "release": "33.20210412.3.0", + "image": "ami-01f6afff2c77bc11c" + }, + "eu-south-1": { + "release": "33.20210412.3.0", + "image": "ami-083a448ad9aff02c2" + }, + "eu-west-1": { + "release": "33.20210412.3.0", + "image": "ami-05b16c9ca91b37d57" + }, + "eu-west-2": { + "release": "33.20210412.3.0", + "image": "ami-0a5a690659a4e53bb" + }, + "eu-west-3": { + "release": "33.20210412.3.0", + "image": "ami-0ca82f640eae28513" + }, + "me-south-1": { + "release": "33.20210412.3.0", + "image": "ami-0f4a9bb1ea0c84082" + }, + "sa-east-1": { + "release": "33.20210412.3.0", + "image": "ami-0194168b04da77dfa" + }, + "us-east-1": { + "release": "33.20210412.3.0", + "image": "ami-09e2e5104f310ffb5" + }, + "us-east-2": { + "release": "33.20210412.3.0", + "image": "ami-02e593ebdf420390c" + }, + "us-west-1": { + "release": "33.20210412.3.0", + "image": "ami-0cb601c6edd617238" + }, + "us-west-2": { + "release": "33.20210412.3.0", + "image": "ami-0fcfe7120a4492fb9" + } + } + }, + "gcp": { + "project": "fedora-coreos-cloud", + "family": "fedora-coreos-stable", + "name": "fedora-coreos-33-20210412-3-0-gcp-x86-64" + } } - } } - } } - } } From 88511a68dba342b13f613224f287f6efff1d3454 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 17:37:45 -0400 Subject: [PATCH 095/238] stream/rationale: fix format name for DigitalOcean --- metadata/stream/rationale.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index d354a38..73e7e84 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -35,10 +35,10 @@ architectures: digitalocean: release: 30.1.2.3 formats: - "raw.xz": + "raw.gz": disk: - location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz - signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig + location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz + signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: From 997493a48cb3821fbec045c9854a52df0597dc32 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 17:40:03 -0400 Subject: [PATCH 096/238] stream/rationale: drop invalid image formats We've never shipped installer images or VirtualBox images. --- metadata/stream/rationale.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 73e7e84..432b298 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -76,23 +76,6 @@ architectures: signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - "installer.iso": - disk: - location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso - signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - installer-pxe: - kernel: - location: https://artifacts.example.com/EtqI0KsLIwZOHlCx - signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - initramfs: - location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz - signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 openstack: release: 30.1.2.3 formats: @@ -120,15 +103,6 @@ architectures: signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - virtualbox: - release: 30.1.2.3 - formats: - ova: - disk: - location: https://artifacts.example.com/yohsh2haiquaeYah.ova - signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 vmware: release: 30.1.2.3 formats: From c6d25e4746efa24ef4bf6ae1fbeed5a97ad98b73 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 17:41:22 -0400 Subject: [PATCH 097/238] stream/rationale: drop uncompressed-sha256 for non-xz artifacts The ISO and PXE images shouldn't have it, and the .gz images currently don't. --- metadata/stream/rationale.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 432b298..e04ded9 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -40,7 +40,6 @@ architectures: location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: @@ -49,7 +48,6 @@ architectures: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: @@ -64,18 +62,15 @@ architectures: location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 pxe: kernel: location: https://artifacts.example.com/hkIj8FkCydT3lV9h signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 initramfs: location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 openstack: release: 30.1.2.3 formats: @@ -111,7 +106,6 @@ architectures: location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 images: # Cloud images to be launched directly by users. These are in a From 4efb24b1276693c508c74c44188e083e801dc401 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 29 Apr 2021 17:42:01 -0400 Subject: [PATCH 098/238] stream/rationale: add rootfs image; fix up initramfs filename --- metadata/stream/rationale.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index e04ded9..bf3b850 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -68,8 +68,12 @@ architectures: signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 initramfs: - location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz - signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig + location: https://artifacts.example.com/a9ytS8yB4cGZpca1.img + signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.img.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + rootfs: + location: https://artifacts.example.com/Seb8em4QU9p6wEFr.img + signature: https://artifacts.example.com/Seb8em4QU9p6wEFr.img.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 openstack: release: 30.1.2.3 From 5f8c79a8c16b6409059d9d4a2d1bc43a1e9926ec Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 30 Apr 2021 14:15:06 -0400 Subject: [PATCH 099/238] stream/rationale: re-add digitalocean uncompressed-sha256 It's added by https://github.com/coreos/coreos-assembler/pull/2144. --- metadata/stream/rationale.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index bf3b850..d7b739a 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -40,6 +40,7 @@ architectures: location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: From d86810adb0acb11e025556a0fa2377809cbfff4a Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 30 Apr 2021 14:16:34 -0400 Subject: [PATCH 100/238] stream/rationale: fix digitalocean artifact format --- metadata/stream/rationale.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index d7b739a..c08bf5c 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -35,10 +35,10 @@ architectures: digitalocean: release: 30.1.2.3 formats: - "raw.gz": + "qcow2.gz": disk: - location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz - signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig + location: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz + signature: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: From e18de2c4890c6aa29ad52fbd817a7d9715eaeaef Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 5 May 2021 14:36:09 -0400 Subject: [PATCH 101/238] Updates for master -> main branch renamings --- PRD.txt | 2 +- README.md | 4 ++-- docs/ci-and-builds.md | 4 ++-- internals/README-initramfs.md | 4 ++-- meeting-people.txt | 2 +- metadata/README.md | 4 ++-- stream-tooling.md | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/PRD.txt b/PRD.txt index 7bcce17..1cd5a63 100644 --- a/PRD.txt +++ b/PRD.txt @@ -1,4 +1,4 @@ -The source for this document lives at https://github.com/coreos/fedora-coreos-tracker/blob/master/PRD.txt +The source for this document lives at https://github.com/coreos/fedora-coreos-tracker/blob/main/PRD.txt The rendered document lives on the Fedora wiki at https://fedoraproject.org/wiki/CoreOS/PRD diff --git a/README.md b/README.md index 568e924..8e39203 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` -- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt) in `#fedora-coreos` on freenode +- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on freenode - `bash meeting-people.txt` - copy lines of output and paste into `#fedora-coreos` channel - Navigate to `#fedora-meeting-1` on freenode @@ -159,4 +159,4 @@ Working days: non-holiday weekdays. Relevant holidays are the national holidays # Working Group Members and Points of Contact -Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt). +Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt). diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md index a14cec4..e06f704 100644 --- a/docs/ci-and-builds.md +++ b/docs/ci-and-builds.md @@ -35,7 +35,7 @@ Prow is heavily oriented towards testing OpenShift *container* components. Howe A specific reason to include Prow is that it contains tight integration with OpenShift which we need for RHCOS, and it is also maintained and staffed by a team that e.g. also contains a budget and secrets for running infrastructure in public clouds. -Examples can be found in the [openshift/release coreos/ folder](https://github.com/openshift/release/tree/master/ci-operator/config/coreos). +Examples can be found in the [openshift/release coreos/ folder](https://github.com/openshift/release/tree/main/ci-operator/config/coreos). ### GitHub Actions @@ -45,7 +45,7 @@ A good use case is e.g. validating rustfmt. Examples: - - https://github.com/coreos/rpm-ostree/blob/master/.github/workflows/rust-lints.yml + - https://github.com/coreos/rpm-ostree/blob/main/.github/workflows/rust-lints.yml --- diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index ebc2d64..70ce6f8 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -17,8 +17,8 @@ We use [dracut](https://github.com/dracutdevs/dracut/) the same as a number of o Modern systemd has a very clean design for both the initramfs and the real boot. See the ["man bootup"](https://www.freedesktop.org/software/systemd/man/bootup.html) documentation. The software involved implements these abstract `.target` units. There are 3 important pieces of software involved in the initramfs: -- [30ignition](https://github.com/coreos/ignition/tree/master/dracut/30ignition) (Part of Ignition) -- [ostree-prepare-root](https://github.com/ostreedev/ostree/blob/master/src/switchroot/ostree-prepare-root.c) (Part of OSTree) +- [30ignition](https://github.com/coreos/ignition/tree/main/dracut/30ignition) (Part of Ignition) +- [ostree-prepare-root](https://github.com/ostreedev/ostree/blob/main/src/switchroot/ostree-prepare-root.c) (Part of OSTree) - [40ignition-ostree dracut module](https://github.com/coreos/fedora-coreos-config/tree/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree) (fedora-coreos-config) Note that Ignition and OSTree are both independent projects consumed by other distributions in addition to Fedora CoreOS. This means that we want to support using each independently. The `40ignition-ostree` dracut module *ties those two together* - it's the place where you will find systemd units that have direct ordering relationship around the two projects. diff --git a/meeting-people.txt b/meeting-people.txt index ccd26e3..09b6cda 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,5 +1,5 @@ # List of people to ping before the Fedora CoreOS community meetings -tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt" +tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 darkmuggle diff --git a/metadata/README.md b/metadata/README.md index 91c84aa..495495d 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -59,7 +59,7 @@ This piece of metadata is meant to list all existing releases, on each stream. Projects/Code: - - https://github.com/coreos/coreos-assembler/blob/master/mantle/cmd/plume/release.go + - https://github.com/coreos/coreos-assembler/blob/main/mantle/cmd/plume/release.go ## Release metadata @@ -80,4 +80,4 @@ RPMs and our configuration into images and ostree commits. Projects: - https://github.com/coreos/coreos-assembler - - https://github.com/coreos/fedora-coreos-releng-automation/blob/master/coreos-meta-translator/trans.py + - https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-meta-translator/trans.py diff --git a/stream-tooling.md b/stream-tooling.md index 0e5fe92..c0e1a06 100644 --- a/stream-tooling.md +++ b/stream-tooling.md @@ -22,7 +22,7 @@ We need a way to both (1) fix the content set for a particular stream release, a ## Current tools at our disposal - git -- rpm-ostree treefiles: manifest fed to rpm-ostree that contains the list of packages to use during a compose. [Example](https://github.com/coreos/fedora-coreos-config/blob/master/fedora-coreos-base.yaml). +- rpm-ostree treefiles: manifest fed to rpm-ostree that contains the list of packages to use during a compose. [Example](https://github.com/coreos/fedora-coreos-config/blob/main/fedora-coreos-base.yaml). - rpm-ostree treefile locks: [pending rpm-ostree patch]( https://github.com/projectatomic/rpm-ostree/pull/1745) adding "lockfile" functionality similar to Cargo.lock/Gopkg.lock. This essentially means that the rpm-ostree compose is guaranteed to use specific package versions (or fail) as described in the lockfile. (To be clear, all of the below could probably be done without a lock file, since the treefile supports fully specifying the NEVRA, but having a separate lockfile allows for more sophisticated tooling and a cleaner treefile.) - Koji tags: a way to track packages built in Koji. Koji is capable of creating yum repos from such tags. RPM builds may be "tagged" in so that the next repo regeneration includes it. - [dist-git](http://src.fedoraproject.org/): git where RPM spec files are kept and Koji builds source from. @@ -50,7 +50,7 @@ There is also a second Koji tag, `coreos-release`, for packages which have been ### How will the package list be maintained? -We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no master branch. +We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no main branch. For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The {bodhi-updates, branched} lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. From 57d2a2f0ae930a1c7500e04c1e2b13387d98d90d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 7 May 2021 14:07:12 -0400 Subject: [PATCH 102/238] stream/rationale: re-add gcp uncompressed-sha256 It's added by https://github.com/coreos/coreos-assembler/pull/2158. --- metadata/stream/rationale.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index c08bf5c..9452850 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -49,6 +49,7 @@ architectures: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: From d81fa8d95f6974919175580587edb7554ad520f6 Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Wed, 12 May 2021 16:26:26 -0400 Subject: [PATCH 103/238] internals: Talk about ignition.platform.id I want to link to this from https://github.com/cgwalters/coreos-diskimage-rehydrator --- internals/README-internals.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/internals/README-internals.md b/internals/README-internals.md index 8045364..eb697e8 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -40,3 +40,31 @@ See also DHCP propagation: https://github.com/coreos/fedora-coreos-config/pull/4 See [this pull request](https://github.com/coreos/coreos-assembler/pull/768/commits/2701e91838e18d3eac0694fd0a5f003befcfb218) which added `/sysroot/.coreos-aleph-version.json` that can be used to track the version of that data. +# ignition.platform.id + +The design we have today is that each CoreOS system is the same OS content - the same OSTree commit, +and beyond that the exact same bootloader version, etc. + +There are differences per platform on the image formats (VHD versus qcow2 vs raw, etc). However, +what's *inside* the disk image for each platform is almost the same. + +A key difference between each image is the `ignition.platform.id` kernel argument. From the +moment the system boots and the kernel loads the initramfs, our userspace code uses this +to reliably know its target platform. As could be guessed from the name, [https://github.com/coreos/ignition/](ignition) +uses this, and it runs early on. + +But there's other code which dynamically dispatches on the platform ID: + +- https://github.com/coreos/afterburn/ +- [The time sync setup code](https://github.com/coreos/fedora-coreos-config/blob/d87b52bc6a90b53e1afeab2731b52612d5e3bbc0/tests/kola/chrony/coreos-platform-chrony-generator#L9) +- [network requirement detection](https://github.com/coreos/fedora-coreos-config/blob/d87b52bc6a90b53e1afeab2731b52612d5e3bbc0/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service#L13) + +Notice in particular how the time synchronization code ends up reconfiguring chrony dynamically. +For other operating systems which do "per cloud" disk images, it would have been more +natural to just change `/etc/chrony.conf` per platform. But that would mean we have a different +ostree commit checksum per platform, breaking our "image based" update model. + +It's very unlikely that we will change the platform IDs in the future. However, FCOS users are recommended +to avoid parsing `ignition.platform.id`. Generally, higher level code that needs to be +platform aware will have more platform-specific ways to find this information. + From b16d82382e3d66be38eb13b4f37d3f6ecbd2453f Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Fri, 14 May 2021 10:48:25 -0400 Subject: [PATCH 104/238] internals: Talk about multipath Let's collate information on this. --- internals/README-internals.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/internals/README-internals.md b/internals/README-internals.md index eb697e8..07dce6a 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -68,3 +68,32 @@ It's very unlikely that we will change the platform IDs in the future. However, to avoid parsing `ignition.platform.id`. Generally, higher level code that needs to be platform aware will have more platform-specific ways to find this information. +# multipath + +A lot of history here. A TL;DR is that nontrivial multipath setups conceptually conflict +a bit with the "CoreOS model" of booting into the desired configuration from the start. +There's also a long related issue in that we want to use a "pristine" initramfs in +general, and nontrivial multipath configuration needs to be in the initramfs. + +What we ended up with is adding an `rd.multipath=default` kernel argument which +triggers dracut to do "basic" automatic multipath setup in the stock initramfs: +https://github.com/dracutdevs/dracut/pull/780 + +So we still have a model then where the host boots up in a non-multipath +configuration, Ignition runs and the kernel arguments are applied, then we reboot into the +final configuration. + +We don't yet document multipath for FCOS, but we do document this setup for +OpenShift that has a kola test: + +- https://github.com/coreos/coreos-assembler/blob/60f675ec5037b84c01f17192d773a14166dc6a14/mantle/kola/tests/misc/multipath.go#L57 + +More links: + +- https://github.com/coreos/ignition-dracut/issues/154 +- https://bugzilla.redhat.com/show_bug.cgi?id=1944660 + + +An example issue seems to be rooted in our use of labels to find `boot` +and `root`. The labels seem to be racy in our current code because +`multipathd.service` may take over the block devices. From 77602c301bcc4e60d2cb95e12f09cb5408a9b769 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Tue, 18 May 2021 15:42:18 -0400 Subject: [PATCH 105/238] templates: add more steps for container updates to rebase template --- .github/ISSUE_TEMPLATE/rebase.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6a6c5a7..52e7802 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -84,5 +84,21 @@ koji untag-build coreos-pool $untaglist ## Miscellaneous container updates -- [ ] Rebase the coreos-assembler Dockerfile onto the new release -- [ ] Rebase the coreos-installer Dockerfile onto the new release +These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. + +- [ ] Update coreos-assembler or open ticket to update: + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) +- [ ] Update coreos-installer + - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) +- [ ] Update fedora-coreos-cincinnati + - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) +- [ ] Update config-bot + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/config-bot/Dockerfile) +- [ ] Update coreos-koji-tagger + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-koji-tagger/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml) +- [ ] Update coreos-ostree-importer + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-ostree-importer/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml) From 5f937231a66af92c23aa12c8b736198526851692 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Tue, 18 May 2021 17:38:48 -0400 Subject: [PATCH 106/238] templates: replace tabs with spaces in rebase template This fixes up the formatting a bit. --- .github/ISSUE_TEMPLATE/rebase.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 52e7802..e73ed44 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -87,11 +87,11 @@ koji untag-build coreos-pool $untaglist These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. - [ ] Update coreos-assembler or open ticket to update: - - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [ ] Update coreos-installer - - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update fedora-coreos-cincinnati - - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) + - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) - [ ] Update config-bot - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/config-bot/Dockerfile) - [ ] Update coreos-koji-tagger From ce09ace81ad257db034639b47eec979b7a8155db Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Mon, 17 May 2021 08:55:52 -0400 Subject: [PATCH 107/238] docs/internals: Link to main docs for ignition.platform.id Came up in post-commit review that we do support user units dispatching on this. --- internals/README-internals.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/internals/README-internals.md b/internals/README-internals.md index 07dce6a..1b91265 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -42,6 +42,8 @@ See [this pull request](https://github.com/coreos/coreos-assembler/pull/768/comm # ignition.platform.id +See https://docs.fedoraproject.org/en-US/fedora-coreos/platforms/ + The design we have today is that each CoreOS system is the same OS content - the same OSTree commit, and beyond that the exact same bootloader version, etc. @@ -64,10 +66,6 @@ For other operating systems which do "per cloud" disk images, it would have been natural to just change `/etc/chrony.conf` per platform. But that would mean we have a different ostree commit checksum per platform, breaking our "image based" update model. -It's very unlikely that we will change the platform IDs in the future. However, FCOS users are recommended -to avoid parsing `ignition.platform.id`. Generally, higher level code that needs to be -platform aware will have more platform-specific ways to find this information. - # multipath A lot of history here. A TL;DR is that nontrivial multipath setups conceptually conflict From 1f3b8ee08078d77bb498fc8ac0d9461b6cafd269 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Tue, 25 May 2021 16:11:35 -0400 Subject: [PATCH 108/238] templates: rebase: add notes for disabling next-devel stream --- .github/ISSUE_TEMPLATE/rebase.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index e73ed44..028d13b 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -77,6 +77,13 @@ koji untag-build coreos-pool $untaglist - [ ] Ship `testing` - ~Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ +## Disable `next-devel` stream + +We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. + +- [ ] Remove `next-devel` from the list of "development streams" in [the pipeline](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy). [Example PR.](https://github.com/coreos/fedora-coreos-pipeline/pull/343) +- [ ] Update the [promote-config job](https://github.com/coreos/fedora-coreos-streams/blob/main/.github/workflows/promote-config.yml) to promote `next` from `testing-devel`. [Example PR.](https://github.com/coreos/fedora-coreos-streams/pull/322) + ## Ship rebased `stable` - [ ] Ship `stable` From d605b2531d1d375fdb6423dd046f467e780ca379 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 26 May 2021 09:50:28 -0400 Subject: [PATCH 109/238] templates: rebase: add back in steps for adding barrier releases We decided to continue to do this even though it's broken right now. We have a plan to fix it in the future so let's leave the process in place. xref: https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-848290710 --- .github/ISSUE_TEMPLATE/rebase.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 028d13b..b9aa299 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -62,7 +62,7 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `next` - [ ] Ship `next` -- ~Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629).~ _(Skip for now, see https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-781449178)_ +- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). ## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` @@ -75,7 +75,7 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `testing` - [ ] Ship `testing` -- ~Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ +- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). ## Disable `next-devel` stream @@ -87,7 +87,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d ## Ship rebased `stable` - [ ] Ship `stable` -- ~Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ +- Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). ## Miscellaneous container updates From d4444bdb2baf4ce1a7c1b211192089e7865cfce4 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 27 May 2021 16:30:17 -0500 Subject: [PATCH 110/238] README: move to libera.chat The Fedora project as a whole is moving: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org/message/GGGSZ6NAASOQ3R5XYQ5KLG63HMMXY7GH/ --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8e39203..44bf8a4 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- `#fedora-coreos` on IRC (Freenode) +- IRC: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) @@ -58,17 +58,17 @@ See [RELEASES.md](RELEASES.md). # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually -happens in `#fedora-meeting-1` on irc.freenode.net and the schedule for the +happens in `#fedora-meeting-1` on irc.libera.chat and the schedule for the meeting can be found here: https://apps.fedoraproject.org/calendar/CoreOS Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` -- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on freenode +- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat - `bash meeting-people.txt` - copy lines of output and paste into `#fedora-coreos` channel -- Navigate to `#fedora-meeting-1` on freenode +- Navigate to `#fedora-meeting-1` on libera.chat - Type `#startmeeting fedora_coreos_meeting` - `#topic roll call` From 2f18f075b81e75856cdcf8e64da22d680ead7f00 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 10 Jun 2021 17:03:43 -0400 Subject: [PATCH 111/238] templates/rebase: add Ignition and Butane containers --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index b9aa299..f7bf0e1 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -97,6 +97,10 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) +- [ ] Update Ignition + - [Dockerfile.validate](https://github.com/coreos/ignition/blob/main/Dockerfile.validate) +- [ ] Update Butane + - [Dockerfile](https://github.com/coreos/butane/blob/main/Dockerfile) - [ ] Update fedora-coreos-cincinnati - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) - [ ] Update config-bot From 3e5aff3cfca59e187fbe4127877d0e56ae2c1d3b Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 9 Jul 2021 00:01:35 -0400 Subject: [PATCH 112/238] internals/initramfs: update for coreos-ignition-setup-user ignition-setup-base is gone (Ignition handles it internally now) and ignition-setup-user has moved to fedora-coreos-config and renamed to coreos-ignition-setup-user. --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 70ce6f8..0dc511b 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -55,7 +55,7 @@ In contrast for PXE the squashfs is in the `live-initramfs` directly. # /boot in the initramfs There are multiple services which access the `/boot` partition in the initramfs. They are (in running order): -- `ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition service to run (in parallel with the `-base` service). +- `coreos-ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition-related service to run. - `coreos-copy-firstboot-network.service`: mounts `/boot` read-only to look for NetworkManager keyfiles. This unit runs after Ignition's `ignition-fetch-offline.service` but before networking is optionally brought up as part of `dracut-initqueue.service`. - (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. - `coreos-boot-edit.service`: mounts `/boot` read-write late in the initramfs process after `ignition-files.service` to make final edits (e.g. remove firstboot networking configuration files if necessary, append rootmap kargs to the BLS configs). From e9b47f8384f328d3aafd8a40c237d414cfdef0c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <travier@redhat.com> Date: Tue, 20 Jul 2021 17:59:22 +0200 Subject: [PATCH 113/238] docs: Add instructions to help test project documentation changes --- docs/testing-project-documentation-changes.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 docs/testing-project-documentation-changes.md diff --git a/docs/testing-project-documentation-changes.md b/docs/testing-project-documentation-changes.md new file mode 100644 index 0000000..946b0ae --- /dev/null +++ b/docs/testing-project-documentation-changes.md @@ -0,0 +1,52 @@ +# Testing changes for GitHub Pages hosted project documentation + +The first option makes it easy to link to rendered changes for code review but +is slower for rapid changes or iteration where the second option is faster. + +## Option 1: Deploying to your own GitHub Pages sub domain + +- Replace `coreos` with your GitHub username in `docs/_config.yml` on top of + your other changes: + ``` + docs/_config.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + + diff --git a/docs/_config.yml b/docs/_config.yml + index 3ab720a0..801cbb9d 100644 + --- a/docs/_config.yml + +++ b/docs/_config.yml + @@ -1,7 +1,7 @@ + title: coreos/coreos-installer + description: CoreOS Installer documentation + baseurl: "/coreos-installer" + -url: "https://coreos.github.io" + +url: "https://your_github_username.github.io" + # Comment above and use below for local development + # url: "http://localhost:4000" + permalink: /:title/ + ``` +- Push the full changes to the main branch of your GitHub repo fork +- Enable GitHub Pages for the main branch, using `/` as root +- Wait for approximately 1 min for the changes to be deployed +- Access the rendered pages under your username as domain: + <https://your_github_username.github.io/coreos-installer/> + +## Option 2: Local testing + +- In `docs/_config.yml`, replace the line + ``` + url: "https://coreos.github.io" + ``` + by + ``` + url: "http://localhost:4000" + ``` +- Use the following commands to install the Ruby gems and start a local + development server: + ``` + export JEKYLL_ENV="production" + bundle install --path=./vendor/gems/ + bundle exec jekyll serve --livereload --strict_front_matter + ``` +- Access the documentaion by pointing your browser to + <http://localhost:4000/project-name/> From 5714ad90b00debd28e2a748954f95b4002b973f7 Mon Sep 17 00:00:00 2001 From: rugk <rugk+git@posteo.de> Date: Wed, 21 Jul 2021 21:24:18 +0200 Subject: [PATCH 114/238] Add missing line break I guess you've got the Markdown syntax "wrong" here and want a line break here. :slightly_smiling_face: --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 0dc511b..81f9e2c 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -27,7 +27,7 @@ Note that Ignition and OSTree are both independent projects consumed by other di Ignition runs only on the first boot. To account for this, ignition-dracut ships two targets: -`ignition-complete.target`: Enabled on first boot +`ignition-complete.target`: Enabled on first boot `ignition-subsequent.target`: Enabled on every boot **except** the first `-complete` will pull in a lot of units, such as `ignition-fetch.service` and `ignition-disks.service` From ea58eeb213bcf658d281fe1d3bdae3a454f9c10e Mon Sep 17 00:00:00 2001 From: Ben Howard <ben.howard@redhat.com> Date: Wed, 11 Aug 2021 11:52:47 -0600 Subject: [PATCH 115/238] s/darkmuggle// --- meeting-people.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 09b6cda..2441c0b 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -2,7 +2,6 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 -darkmuggle davdunc dustymabe jaimelm From f012dfb67429ed51adbaca47940988c6ae47324d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 17 Aug 2021 22:40:35 -0400 Subject: [PATCH 116/238] templates/rebase: drop image signing key for previous release from coreos-installer. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index f7bf0e1..d3ce086 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -50,7 +50,7 @@ koji untag-build coreos-pool $untaglist ## coreos-installer changes -- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. +- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. Drop the signing key for the obsolete stable release (N-1). ## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` From 3f575f04202963f8e75a258d4e15a2627baf0d60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com> Date: Wed, 1 Sep 2021 19:00:01 +0200 Subject: [PATCH 117/238] meeting-people: Add jcajka --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 2441c0b..d1c323a 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -6,6 +6,7 @@ davdunc dustymabe jaimelm jbrooks +jcajka jdoss jlebon lorbus From 42ee37767c9902855bdbb2cb9103e5c7eb10c511 Mon Sep 17 00:00:00 2001 From: Saqib Ali <saqali@redhat.com> Date: Wed, 1 Sep 2021 12:56:43 -0400 Subject: [PATCH 118/238] meeting-people.txt: add saqali --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 2441c0b..b213e17 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,4 +11,5 @@ jlebon lorbus miabbott nasirhm +saqali skunkerk From aa4f7ee40bd48e6115660a73c626418d3b921b14 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 1 Sep 2021 13:56:28 -0400 Subject: [PATCH 119/238] workflows: verify that meeting-people.txt is sorted Robots reviewing code > humans reviewing code. --- .github/workflows/checks.yml | 18 ++++++++++++++++++ meeting-people.txt | 3 ++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/checks.yml diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml new file mode 100644 index 0000000..74e699d --- /dev/null +++ b/.github/workflows/checks.yml @@ -0,0 +1,18 @@ +--- +name: Checks + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + checks: + name: Checks + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v2 + - name: Verify meeting-people.txt is sorted + run: awk '!/^$/ {if (name) print} /^exit 0$/ { name = 1 }' meeting-people.txt | sort -c diff --git a/meeting-people.txt b/meeting-people.txt index f5ca950..df163e0 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,4 +1,5 @@ -# List of people to ping before the Fedora CoreOS community meetings +# List of people to ping before the Fedora CoreOS community meetings. +# Please keep this list in alphabetical order. tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 From 082ad44c5c6770e89bac12ad1ee5e4664221bf7b Mon Sep 17 00:00:00 2001 From: gursewak1997 <gursmangat@gmail.com> Date: Wed, 1 Sep 2021 18:09:40 +0000 Subject: [PATCH 120/238] meeting-people.txt: Add gurssing --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index f5ca950..45fc693 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -4,6 +4,7 @@ exit 0 davdunc dustymabe +gurssing jaimelm jbrooks jcajka From a622312b68874eebc082a5f9c0152b36fdc8b8fc Mon Sep 17 00:00:00 2001 From: Renata Ravanelli <rravanel@redhat.com> Date: Wed, 1 Sep 2021 14:34:17 -0300 Subject: [PATCH 121/238] meeting-people: Add ravanelli --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index fb4a030..4ab5085 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -14,5 +14,6 @@ jlebon lorbus miabbott nasirhm +ravanelli saqali skunkerk From 3445549ac896d9b98c906268cf840cc8ebd739c9 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 15 Sep 2021 21:39:43 -0400 Subject: [PATCH 122/238] metadata/stream: add metadata.generator field It's useful to record the exact software version that generated an instance of stream metadata. --- metadata/stream/rationale.yaml | 1 + metadata/stream/sample.json | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 9452850..6353e94 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -4,6 +4,7 @@ stream: stable metadata: last-modified: "2019-06-04T16:18:34Z" + generator: "fedora-coreos-stream-generator v0.1.0" architectures: x86_64: artifacts: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 5c1bc8e..d3b2e68 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -1,7 +1,8 @@ { "stream": "stable", "metadata": { - "last-modified": "2021-04-28T13:46:31Z" + "last-modified": "2021-04-28T13:46:31Z", + "generator": "fedora-coreos-stream-generator v0.1.0" }, "architectures": { "x86_64": { From 4988ecab5d2f0324332bea2c28f84400bba229ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Tue, 21 Sep 2021 15:58:07 +0200 Subject: [PATCH 123/238] README: Add link to 'Matrix/Element as IRC client' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 44bf8a4..b48c52d 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) (For Matrix see [How to use Element as an IRC client](https://meta.wikimedia.org/wiki/Matrix.org#Using_Element_as_an_IRC_client)) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From b0aa94e464e76598e1687a91329bc469fc7f0b69 Mon Sep 17 00:00:00 2001 From: Colin Walters <walters@verbum.org> Date: Wed, 6 Oct 2021 13:23:23 -0400 Subject: [PATCH 124/238] meeting-people.txt: Add walters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That's me 👋 --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 4ab5085..323a840 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -17,3 +17,4 @@ nasirhm ravanelli saqali skunkerk +walters From 7e0912da9455dba8e21c4d274a663e3b3bf7f9ce Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Thu, 7 Oct 2021 10:18:33 -0400 Subject: [PATCH 125/238] README-internals: add more multipath documentation This is a complex topic, so let's add more docs. --- internals/README-internals.md | 58 ++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/internals/README-internals.md b/internals/README-internals.md index 1b91265..05fe7ee 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -66,32 +66,60 @@ For other operating systems which do "per cloud" disk images, it would have been natural to just change `/etc/chrony.conf` per platform. But that would mean we have a different ostree commit checksum per platform, breaking our "image based" update model. -# multipath +# Multipath -A lot of history here. A TL;DR is that nontrivial multipath setups conceptually conflict -a bit with the "CoreOS model" of booting into the desired configuration from the start. -There's also a long related issue in that we want to use a "pristine" initramfs in -general, and nontrivial multipath configuration needs to be in the initramfs. +Multipath differs from other storage configurations by a major aspect: it is usually not +configured by Ignition. If we mount an individual path for e.g. `/sysroot`, multipathd will +not be able to take ownership afterwards. Furthermore, directly accessing individual paths +before `multipathd` takes over is unsafe (e.g. it could be a non-optimized path). And since +we need to mount `/boot` very early on, this naturally pushes multipath configuration into +kernel arguments (and ideally soon, initramfs overlays). -What we ended up with is adding an `rd.multipath=default` kernel argument which +What we ended up with is adding an `rd.multipath=default` kernel argument which triggers dracut to do "basic" automatic multipath setup in the stock initramfs: https://github.com/dracutdevs/dracut/pull/780 -So we still have a model then where the host boots up in a non-multipath -configuration, Ignition runs and the kernel arguments are applied, then we reboot into the -final configuration. +By the nature of multipath, a tricky aspect is that e.g. the `by-label/root` symlink is +valid both *before* and *after* multipathd takes ownership. In order to safely wait for the +multipathed rootfs to show up, we have these udev rules which create, for example, +`by-label/dm-mpath-root`: + +https://github.com/coreos/fedora-coreos-config/blob/94e0daa567a658f023d48ac5929c72ed910792bd/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules#L1 + +This is why we require the `root=/dev/disk/by-label/dm-mpath-root` kernel argument; so that +the mount generated by `systemd-fstab-generator` waits for the the multipath version to show +up and doesn't just mount an individual path. + +Firstboot (day-1) support is usually done at coreos-installer time by doing: + +``` +coreos-installer install \ + --append-karg rd.multipath=default \ + --append-karg root=/dev/disk/by-label/dm-mpath-root \ + --append-karg rw + ... +``` + +The `rw` bit is necessary because `systemd-fstab-generator` will create a read-only mount by +default (usually, `rw` is injected by `rdcore rootmap` for subsequent boots, but this does +not happen if there is already a `root` karg). + +That said, turning on multipath on a subsequent (day-2) boot is still supported if the +multipath setup itself is compatible with this. This is done by appending the same kargs as +above using e.g. `rpm-ostree kargs`. (Appending the kargs can also be done via +`ignition-kargs`, though this still counts as "day-2" since on first boot we'd still access +the boot partition directly.) We don't yet document multipath for FCOS, but we do document this setup for OpenShift that has a kola test: -- https://github.com/coreos/coreos-assembler/blob/60f675ec5037b84c01f17192d773a14166dc6a14/mantle/kola/tests/misc/multipath.go#L57 +- https://github.com/coreos/coreos-assembler/blob/f5d003d2ebb81283c3e071ce2ac268884aa7232b/mantle/kola/tests/misc/multipath.go + +We also support multipath on an individual non-root partition. See the test above for how +this works. More links: - https://github.com/coreos/ignition-dracut/issues/154 - https://bugzilla.redhat.com/show_bug.cgi?id=1944660 - - -An example issue seems to be rooted in our use of labels to find `boot` -and `root`. The labels seem to be racy in our current code because -`multipathd.service` may take over the block devices. +- https://github.com/coreos/fedora-coreos-config/pull/1011 From 83c10d24aac255292209e7bb10a558a70e3f5f79 Mon Sep 17 00:00:00 2001 From: Nick Bebout <nebebout@36WTHB2.usi.edu> Date: Fri, 8 Oct 2021 11:33:44 -0500 Subject: [PATCH 126/238] Update Matrix info --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b48c52d..b55fb39 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) (For Matrix see [How to use Element as an IRC client](https://meta.wikimedia.org/wiki/Matrix.org#Using_Element_as_an_IRC_client)) +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) #coreos:fedoraproject.org on Matrix - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From c11789c4560237b13125e56e17f1cb3aa6eaf9ca Mon Sep 17 00:00:00 2001 From: Nick Bebout <nebebout@36WTHB2.usi.edu> Date: Fri, 8 Oct 2021 11:34:29 -0500 Subject: [PATCH 127/238] Change formatting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b55fb39..d4f6046 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) #coreos:fedoraproject.org on Matrix +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) or `#coreos:fedoraproject.org` on Matrix - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From d2dfde5d7aa7513e5200125d36a4e23e58cbb3af Mon Sep 17 00:00:00 2001 From: Joseph Marrero <jmarrero@redhat.com> Date: Tue, 19 Oct 2021 17:17:41 -0400 Subject: [PATCH 128/238] meeting-people.txt: Add jmarrero --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 323a840..72ca3d3 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,6 +11,7 @@ jbrooks jcajka jdoss jlebon +jmarrero lorbus miabbott nasirhm From be0bdce755df0dee78f85caa19423f588227cd09 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 2 Nov 2021 01:59:41 -0400 Subject: [PATCH 129/238] metadata/stream/sample: add release field for GCP For https://github.com/coreos/stream-metadata-go/pull/36. --- metadata/stream/sample.json | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index d3b2e68..6d863b1 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -283,6 +283,7 @@ } }, "gcp": { + "release": "33.20210412.3.0", "project": "fedora-coreos-cloud", "family": "fedora-coreos-stable", "name": "fedora-coreos-33-20210412-3-0-gcp-x86-64" From a5e921ef18714ddbc36dfdda69494cd74c207f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Sun, 7 Nov 2021 17:47:43 +0100 Subject: [PATCH 130/238] README: Update IRC URL & add matrix.to link for Matrix GitHub does not render non-HTTP URLs so use Libera.Chat webchat instead. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d4f6046..186596a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) or `#coreos:fedoraproject.org` on Matrix +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) or [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From 3027e0779ff54c0f8683d18c918726041e3d4c00 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 9 Nov 2021 11:37:17 -0500 Subject: [PATCH 131/238] templates: update link to buildroot Dockerfile --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index d3ce086..ba2139c 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -94,7 +94,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. - [ ] Update coreos-assembler or open ticket to update: - - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/ci/Dockerfile) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From eaf592f0da16da6ba3588e511494f1579826b709 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 9 Nov 2021 13:19:35 -0500 Subject: [PATCH 132/238] Revert "templates: update link to buildroot Dockerfile" It's going away in https://github.com/coreos/coreos-assembler/pull/2550. This reverts commit 3027e0779ff54c0f8683d18c918726041e3d4c00. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ba2139c..d3ce086 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -94,7 +94,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. - [ ] Update coreos-assembler or open ticket to update: - - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/ci/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From 978f731f6335aa71578db9a38ad159ef73c1400e Mon Sep 17 00:00:00 2001 From: Aashish Radhakrishnan <aaradhak@redhat.com> Date: Wed, 8 Dec 2021 17:47:59 -0500 Subject: [PATCH 133/238] Update meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 72ca3d3..955c7f0 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -3,6 +3,7 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 +aaradhak davdunc dustymabe gurssing From 1259c95c8c3819d246e678f4f16d73ccc785d162 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 20 Dec 2021 19:37:59 -0500 Subject: [PATCH 134/238] templates/rebase: disable next-devel using pipeline metadata https://github.com/coreos/fedora-coreos-pipeline/pull/451 added a centralized mechanism for disabling the next-devel stream. Use it during a rebase. --- .github/ISSUE_TEMPLATE/rebase.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index d3ce086..68846ee 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -81,8 +81,7 @@ koji untag-build coreos-pool $untaglist We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. -- [ ] Remove `next-devel` from the list of "development streams" in [the pipeline](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy). [Example PR.](https://github.com/coreos/fedora-coreos-pipeline/pull/343) -- [ ] Update the [promote-config job](https://github.com/coreos/fedora-coreos-streams/blob/main/.github/workflows/promote-config.yml) to promote `next` from `testing-devel`. [Example PR.](https://github.com/coreos/fedora-coreos-streams/pull/322) +- [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` ## Ship rebased `stable` From b14e99daa27455cceea2c2fad5cfa783d45745dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Thu, 6 Jan 2022 13:50:37 +0100 Subject: [PATCH 135/238] README: Update forum URL See: https://discussion.fedoraproject.org/t/fedora-discussion-2022-whats-new/35558 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 186596a..1c30219 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - IRC/Matrix: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) or [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) -- forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) +- forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) From fb0086a5f1bda1a6c22a954e5b16fcd9b0e9f6e1 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Wed, 26 Jan 2022 16:05:29 -0500 Subject: [PATCH 136/238] Design.md: tweak Fedora GA rebase schedule Make `testing` release with GA content on week 0 as discussed in https://github.com/coreos/fedora-coreos-tracker/issues/1024. Closes: #1024 --- Design.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Design.md b/Design.md index 4b86d8a..af85d0c 100644 --- a/Design.md +++ b/Design.md @@ -84,9 +84,16 @@ The release process integrates with Fedora's release milestones in the following - The `next` stream switches to weekly releases to closely track the GA content set. - Fedora General Availability - Fedora CoreOS re-orients its release schedule in the following way: - - Week 0 (GA release): triple release;`next` with latest Fedora N content - - Week 1: triple release; `testing` release promoted from previous `next` - - Week 3: triple release; `stable` release promoted from previous `testing`, now fully rebased to Fedora N. `next` and `testing` are now in sync. + - Week -1 (Fedora "Go" Decision): `next` release: + - `next` release with final Fedora GA content + - Week 0 (GA release): triple release: + - `testing` release promoted from previous `next` + - `next` release contains latest Fedora N content, including Bodhi updates + - Week 2: triple release: + - `stable` release promoted from previous `testing`, now fully rebased to Fedora N + - `testing` and `next` are now in sync + +We have [a checklist](https://github.com/coreos/fedora-coreos-tracker/blob/main/.github/ISSUE_TEMPLATE/rebase.md) to track the exact steps followed during a rebase. ### Deprecation From 202be254ae625a2984cb8825b78153268aa9b00d Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 9 Feb 2022 21:51:23 -0500 Subject: [PATCH 137/238] template: update rebase issue template This reorganizes the structure a bit so that items are organized more based on when they should happen. It also adds various elements that were missing before that happened to come to me as I was re-organizing things. --- .github/ISSUE_TEMPLATE/rebase.md | 107 ++++++++++++++++++++----------- 1 file changed, 71 insertions(+), 36 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 68846ee..ba1bd79 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -1,16 +1,71 @@ # Rebase to a new version of Fedora (N) -## Release engineering changes +## At Branching -- [ ] Verify that a few tags have been created. These should have been created by releng scripts on branching: +Branching is when a new stream is "branched" off of `rawhide`. This eventually becomes the next major Fedora (N). -- `f${releasever}-coreos-signing-pending` -- `f${releasever}-coreos-continuous` +### Release engineering changes -- [ ] The tag info for the coreos-pool tag has the new release (N) and next release (N+1) signing keys (just to stay ahead of the curve) and removes the old release (N-2) signing key. The following commands view the current settings and then update the list to 32/33/34 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). +- [ ] Verify that a few tags were created when branching occurred: -- `koji taginfo coreos-pool` -- `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` +- `f${N+1}-coreos-signing-pending` +- `f${N+1}-coreos-continuous` + +- [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + - `koji taginfo coreos-pool` + - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"` + +### coreos-installer changes + +- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). +- [ ] Drop the signing key for the obsolete stable release (N-2). + +### Update `rawhide` stream + +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever. + +### Enable `branched` stream + +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever. +- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to include the `branched` stream in the list of mechanical refs. + + +## At Fedora (N) Beta + +### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] PR the result + +### Ship rebased `next` + +- [ ] Ship `next` +- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + + +## Preparing for Fedora (N) GA + +### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` +- [ ] PR the result + + +## At Fedora (N) GA + +### Ship rebased `testing` + +- [ ] Ship `testing` +- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + +### Disable `branched` stream + +- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to remove the `branched` stream in the list of mechanical refs. ### Untag old packages @@ -48,46 +103,26 @@ koji untag-build coreos-pool $untaglist - [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. -## coreos-installer changes - -- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. Drop the signing key for the obsolete stable release (N-1). - -## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` - -- [ ] Bump `releasever` in `manifest.yaml` -- [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` -- [ ] PR the result - -## Ship rebased `next` - -- [ ] Ship `next` -- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + - `koji taginfo coreos-pool` + - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` -## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` - -- [ ] Bump `releasever` in `manifest.yaml` -- [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` -- [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` -- [ ] PR the result -## Ship rebased `testing` - -- [ ] Ship `testing` -- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). - -## Disable `next-devel` stream +### Disable `next-devel` stream We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. - [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` -## Ship rebased `stable` + +## After Fedora (N) GA + +### Ship rebased `stable` - [ ] Ship `stable` - Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + ## Miscellaneous container updates These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. From 3a3b15433e4949d3152aaf60b355c2ccffed3f91 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 11 Feb 2022 14:48:15 -0500 Subject: [PATCH 138/238] internals/initramfs: update the new defaults for networking kargs This was updated in https://github.com/coreos/fedora-coreos-config/commit/59ebaba. --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 81f9e2c..66638c0 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -68,7 +68,7 @@ SELinux policy is loaded in the real root. This means that every file we create By default, the initramfs does not try to enable networking if it's not needed. This is important in the live ISO case. Software may request networking if they require it. For example, if Ignition detects a config which requires the network, it writes a stamp file at `/run/ignition/neednet` which we then detect and translate into `rd.neednet=1` via `coreos-enable-network.service`. For any other situation in which FCOS needs networking, we should add a triggering condition to that service. In the future if more cases are added, we may provide a cleaner API which does not require continuously expanding this list. -Network *enablement* is separate from network *configuration*. Afterburn handles rendering of network kernel arguments via [`afterburn-network-kargs.service`](https://github.com/coreos/afterburn/blob/7835d7cd316668e9dcddfa16d2f8f8b3fcbcdd2e/dracut/30afterburn/afterburn-network-kargs.service). On some platforms, it may use a backchannel to fetch the network kargs. By default, it will use `AFTERBURN_NETWORK_KARGS_DEFAULT`, which is defined in [the fedora-coreos-config repo](https://github.com/coreos/fedora-coreos-config/blob/10ebedac9628273a738872bdcac730bdb0bf1385/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf) to be `ip=dhcp,dhcp6`. +Network *enablement* is separate from network *configuration*. Afterburn handles rendering of network kernel arguments via [`afterburn-network-kargs.service`](https://github.com/coreos/afterburn/blob/e0c46db33ece0e003d278be73f2c83e237b315d0/dracut/30afterburn/afterburn-network-kargs.service). On some platforms, it may use a backchannel to fetch the network kargs. By default, it will use `AFTERBURN_NETWORK_KARGS_DEFAULT`, which is defined in [the fedora-coreos-config repo](https://github.com/coreos/fedora-coreos-config/blob/82f22f92620b60b009e94872a7b44fade8e782e1/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf) to be `ip=auto`. For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460 as well as the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). From dc9cabf5cf3ab74edf12670bcaebcb15280fefef Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 22 Feb 2022 04:10:58 -0500 Subject: [PATCH 139/238] templates: s/FCCT/Butane/ --- .github/ISSUE_TEMPLATE/bug-report.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 9460b43..94e2abf 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -27,7 +27,7 @@ A clear and concise description of what actually happened. - Fedora CoreOS version **Ignition config** -Please attach your FCC or Ignition config used to provision your system. Be sure to sanitize any private data. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? +Please attach the Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? **Additional information** Add any other information about the problem here. From f8a63b55c8b8839c6876c3ec28e08fa9f83bdcce Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 23 Feb 2022 20:56:03 -0500 Subject: [PATCH 140/238] templates/rebase: creating initial f${N+1}-coreos-continuous yum repo Let's tag in a package into the continuous tag so that the initial distrepo task will kick off and the yum repo will exist when the first brave souls try to build COSA against the next major version of Fedora. --- .github/ISSUE_TEMPLATE/rebase.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ba1bd79..1a89258 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -11,6 +11,14 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - `f${N+1}-coreos-signing-pending` - `f${N+1}-coreos-continuous` +- [ ] Add and tag a package (any package) which is in the stable repos into the continuous tag. This will create the initial yum repo that's used as input for building the COSA container. + +- `koji add-pkg --owner ${FAS_USERNAME} f${N+1}-coreos-continuous $PKG` + - example: `koji add-pkg --owner dustymabe f36-coreos-continuous fedora-release` + - This example uses the [`fedora-release`](https://src.fedoraproject.org/rpms/fedora-release) RPM, but it could be any other. +- `koji tag-build f${N+1}-coreos-continuous $BUILD` + - example: `koji tag-build f36-coreos-continuous fedora-release-36-0.16` + - [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"` From f8bcfaeceae7293e1e5428b7180d566f3748c372 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 18 Mar 2022 14:37:48 -0400 Subject: [PATCH 141/238] Add notes for how to do a kernel bisect --- docs/fedora-coreos-kernel-bisect.md | 194 ++++++++++++++++++++++++++++ 1 file changed, 194 insertions(+) create mode 100644 docs/fedora-coreos-kernel-bisect.md diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md new file mode 100644 index 0000000..9f7de5c --- /dev/null +++ b/docs/fedora-coreos-kernel-bisect.md @@ -0,0 +1,194 @@ + +# Kernel regressions need bisecting + +Sometimes we encounter kernel regressions and it is valuable to +identify the exact commit where a regression was introduced. An example +of this would be +[this issue for nodes booting in AWS](https://github.com/coreos/fedora-coreos-tracker/issues/1066#issuecomment-1019560658). + +There are various strategies for how to determine the exact kernel +commit where a regression was introduced. Which strategy is most +efficient depends on the problem. Here they are: + +1. directly building and installing the kernel from kernel source git repo +2. directly building and creating an RPM from the kernel source git repo + +For `1.`, it only works if you can reproduce the problem on the +traditional `yum`/`dnf` based Fedora (like Fedora Cloud). If, however, +the problem only presents itself on Fedora CoreOS or is much easier to +reproduce on Fedora CoreOS (i.e. a `kola` test) then you'll want to +build the `rpm` (`2.`) and consume it that way. + +## Kernel Source git Repos + +There are a few kernel source git repositories to know about: + +- `git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git` + - Where the latest upstream development happens +- `git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/` + - Where stable/LTS tags are handled (backports to stable branches happen here) +- `https://gitlab.com/cki-project/kernel-ark.git` + - The `kernel-ark` repo where Red Hat patches/branches are maintained + +The `kernel-ark` repo contains various branches used for feeding into +the [Fedora dist-git repo](https://src.fedoraproject.org/rpms/kernel). +Here's a summary of what those branches are used for: + + +- `os-build` + - The latest bits that track the under development yet to be release kernel. +- `fedora-5.16` + - Follows a particular released kernel stream. This is where things are + merged before they are fed into dist-git. If you want a commit reverted + this is where it will land first. +- `ark-infa` + - This branch contains all the Red Hat bits and nothing else. It can be merged + on top of any other branch and then a SRPM can be created (`make dist-srpm`) + for building using `rpmbuild --rebuild /path/to/srpm`. + +## Creating a Kernel Build Environment + +If running the kernel builds on a Fedora Cloud base machine where you +can install the kernel directly then you can set up the kernel build +environment directly in the VM. If not you'll probably want to use a +container for your kernel builds. Here's how to start up a container: + +``` +podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:35 +``` + +NOTE: try to use the same Fedora Cloud or Fedora container version as + the version of Fedora you are targetting. + +Once inside the VM or container we need to install some software to build the kernel: + +``` +sudo dnf update -y && \ +sudo dnf install -y rpm-build rsync 'dnf-command(builddep)' && \ +sudo dnf builddep -y kernel +# reboot here if in a VM +``` + +We can now make changes to the git repo (revert commits, etc) and run a few +commands to build the kernel. Before building we need to copy down the config +from the kernel dist-git repo and disable DEBUG symbols if they were enabled +(makes very large files): + +``` +cd /path/to/kernel/git/ +curl https://src.fedoraproject.org/rpms/kernel/raw/f35/f/kernel-x86_64-fedora.config > .config +sed -i 's/CONFIG_DEBUG_INFO=y/CONFIG_DEBUG_INFO=n/' .config +``` + +## 1. Directly Building and Installing the Kernel from Kernel Source git repo + +To build and install the kernel directly on the system (i.e. on Fedora Cloud Base) +you can run the following: + +``` +make olddefconfig +make -j$(nproc) bzImage +make -j$(nproc) modules +sudo make modules_install +sudo make install +``` + +On a Fedora Cloud base system the /boot partition is low on extra +space. In order to iterate (i.e. when running a `git bisect`) you can +restore the system back to it's old state before continuing. First, +modify the Makefile and set `EXTRAVERSION = bisect` and also +take a backup of the grub config: + +``` +sudo cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak +``` + +Then run the following script to build and install the kernel: + +``` +cat build.sh +#!/bin/bash +set -eux -o pipefail +make -j$(nproc) bzImage +make -j$(nproc) modules +sudo make modules_install +sudo make install +``` + +After testing and before running the next build I would restore and +free space with this clean script: + +``` +cat clean.sh +#!/bin/bash +set -eux -o pipefail +sudo cp /boot/grub2/grub.cfg.bak /boot/grub2/grub.cfg +sudo rm -vf /boot/initramfs*bisect* /boot/vmlinuz-*bisect* /boot/System.map-*bisect* +sudo rm -rf /lib/modules/*bisect* +``` + +## 2. Directly Building and Creating an RPM from the Kernel Source git repo + +In this scenario we're creating an RPM that can either then be package +layered on an existing FCOS system or used as input to a `cosa build`. + +The commands here are: + +``` +make olddefconfig +make -j$(nproc) binrpm-pkg +``` + +### Package Layering the Kernel RPM + +After copying the built kernel to the target machine you can install it with an override. +Example: + +``` +sudo rpm-ostree override replace ./kernel-5.17.0_rc8-1.x86_64.rpm --remove=kernel-core --remove=kernel-modules +``` + +### Doing a Build with COSA + +Then copy the built RPM into the `overrides/rpm` folder under the COSA build directory. +Update the `manifest-lock.overrides.yaml` to specify the kernel and also update the manifest +to not specify `kernel-core` and `kernel-modules`. Here is an example: + + +```diff +diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml +index 62cfbe5..81de60f 100644 +--- a/manifest-lock.overrides.yaml ++++ b/manifest-lock.overrides.yaml +@@ -8,4 +8,6 @@ + # in the `metadata.reason` key, though it's acceptable to omit a `reason` + # for FCOS-specific packages (ignition, afterburn, etc.). + +-packages: {} ++packages: ++ kernel: ++ evr: 5.17.0_rc8+-2 +diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml +index 784acd4..734f374 100644 +--- a/manifests/bootable-rpm-ostree.yaml ++++ b/manifests/bootable-rpm-ostree.yaml +@@ -7,7 +7,8 @@ + packages: + # Kernel + systemd. Note we explicitly specify kernel-{core,modules} + # because otherwise depsolving could bring in kernel-debug. +- - kernel kernel-core kernel-modules systemd ++ - kernel systemd + # linux-firmware now a recommends so let's explicitly include it + # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b + # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide +``` + +After that you should be able to `cosa fetch --with-cosa-overrides && cosa build` like normal. + + +## Performing a Kernel Bisect + +Now that we know how to build and use a kernel in various ways the bisect is +the easy part. Just follow the +[upstream kernel documentation](https://www.kernel.org/doc/html/latest/admin-guide/bug-bisect.html) +for doing a `git bisect` and repeat the build/test steps in between each step. From d10c006b6aa4a7ac19ad5f3818c2043ecc683297 Mon Sep 17 00:00:00 2001 From: Roman Mohr <rmohr@redhat.com> Date: Mon, 28 Mar 2022 14:42:30 +0200 Subject: [PATCH 142/238] Add KubeVirt to rationale.yaml Signed-off-by: Roman Mohr <rmohr@redhat.com> --- metadata/stream/rationale.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 6353e94..b7b57e2 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -87,6 +87,15 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + kubevirt: + release: 30.1.2.3 + formats: + "qcow.xz": + disk: + location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz + signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 packet: release: 30.1.2.3 formats: @@ -143,6 +152,10 @@ architectures: # We don't control platform ingest, so an image slug is probably # the best we can do. image: fedora-coreos-stable + kubevirt: + release: 30.1.2.3 + # ContainerDisk in a container registry + image: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 packet: # Images don't have addressable versions, so an operating system # slug is the best we can do. From f6a05aa3e3fb5f24a8c110389212e3e802e97331 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 30 Mar 2022 17:27:12 -0400 Subject: [PATCH 143/238] metadata/stream/rationale: update GCP to match current metadata We ended up splitting the image reference into its parts, and including both the image family name and the specific image it currently points to. --- metadata/stream/rationale.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 6353e94..eb6eea6 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -135,10 +135,14 @@ architectures: # change. image: Fedora:CoreOS:stable:latest gcp: - # We could give a specific image name here, but we probably want - # users to always use an image family. So this is a static string, - # and represents advice rather than a value we might change. - image: projects/fedora-cloud/global/images/family/fedora-coreos-stable + # Ideally users use the project + family. These are static strings, + # and represent advice rather than a value we might change. + project: fedora-coreos-cloud + family: fedora-coreos-stable + # As an alternative, we also list the currently recommended image + # and its release. + release: 30.1.2.3 + name: fedora-coreos-30-1-2-3-gcp-x86-64 digitalocean: # We don't control platform ingest, so an image slug is probably # the best we can do. From 846928aa397b3ad0660492a91ea1734d75599879 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 30 Mar 2022 17:29:38 -0400 Subject: [PATCH 144/238] metadata/stream/rationale: drop semi-stale comment We might recommend AWS images with a different OS version than images for other platforms, so it's important that we list the versions of AMIs. Remove comment implying otherwise. --- metadata/stream/rationale.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index eb6eea6..618ad6f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -121,8 +121,6 @@ architectures: aws: regions: us-east-1: - # We know the release because we uploaded it, so might as well - # list it. release: 30.1.2.3 image: ami-0123456789abcdef us-east-2: From 06a09961db38cda693c0c821b72bade310b13f54 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 14 Apr 2022 23:34:20 -0400 Subject: [PATCH 145/238] metadata/stream: add digest reference to KubeVirt image description In the current design, the KubeVirt image is presumed to be a pull spec with an image digest. That implies that the user should reference the image by digest, when we'd prefer that they reference it by a stream-specific floating tag. Define the existing "image" field to contain a pull spec with a floating tag for the stream. We should still record the unique identifier of the current image (as we do for GCP images), so add a "digest-ref" field which always contains a fully-qualified pull spec with digest. --- metadata/stream/rationale.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 52e5f88..033892f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -155,9 +155,14 @@ architectures: # the best we can do. image: fedora-coreos-stable kubevirt: - release: 30.1.2.3 # ContainerDisk in a container registry - image: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 + # Ideally users use this pull spec, which specifies a floating tag. + # This value is expected to be stable over time. + image: exampleregistry.io/fcos/fcos:stable + # As an alternative, we also list a digest-based pull spec for the + # currently recommended image, and its release. + release: 30.1.2.3 + digest-ref: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 packet: # Images don't have addressable versions, so an operating system # slug is the best we can do. From cd240d28642e58120646f3a0474e2c2e5c8f1b58 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Thu, 21 Apr 2022 11:00:24 -0400 Subject: [PATCH 146/238] README: update calendar link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1c30219..d01c229 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ See [RELEASES.md](RELEASES.md). The Fedora CoreOS Working Group has a weekly meeting. The meeting usually happens in `#fedora-meeting-1` on irc.libera.chat and the schedule for the -meeting can be found here: https://apps.fedoraproject.org/calendar/CoreOS +meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting From 2d2c5b370d85fd9e6ef8b9a327d870e3bf62e902 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Mon, 2 May 2022 16:51:39 -0400 Subject: [PATCH 147/238] internals/README-initramfs: add some info about multipath This came up in discussion today. Let's document some of the internal details because multipath support is not straightforward. --- internals/README-initramfs.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 66638c0..962763b 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -60,6 +60,14 @@ There are multiple services which access the `/boot` partition in the initramfs. - (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. - `coreos-boot-edit.service`: mounts `/boot` read-write late in the initramfs process after `ignition-files.service` to make final edits (e.g. remove firstboot networking configuration files if necessary, append rootmap kargs to the BLS configs). +# Multipath handling + +Currently, the way multipath is supported is to add `rd.multipath=default` and `root=/dev/disk/by-label/dm-mpath-root` to the kernel command-line. They can be added day-1 or day-2, but the former is recommended. These kargs play different roles. The `root` karg ensures that systemd-fstab-generator will wait until multipathd has assembled the device and the symlink shows up (rather than trying to mount a single path). The `rd.multipath=default` karg will cause [the multipath dracut module to generate a default configuration](https://github.com/dracutdevs/dracut/blob/ab798f6785513c33f9a71371ceea65bd782973d5/modules.d/90multipath/multipathd-configure.service#L10) that `multipathd` will then act on. + +Crucially, `rd.multipath` on first boot also makes us assume that the `boot` filesystem is multipathed and wait for `/dev/disk/by-label/dm-mpath-boot` to show up. As seen in the previous section, many things need access to the bootfs on first boot. But we can't do any I/O to the boot device if it's multipathed because it's undefined which of the single paths will win the `by-label/boot` race, and it may be a path that is non-optimized (see [this PR](https://github.com/coreos/fedora-coreos-config/pull/1011) and linked RHBZ for details). Instead of trying to automatically determine if the bootfs is on multipath and whether we should wait for `multipathd` to assemble it (which is subject to race conditions), we decide on whether `rd.multipath` is provided (see also [this discussion](https://github.com/coreos/fedora-coreos-config/pull/1022#discussion_r634631063)). + +The `dm-mpath-$label` symlinks are created by [a udev rule we ship](https://github.com/coreos/fedora-coreos-config/blob/8fc657ebb9617a1ab9f1b513123d19ea7775ac68/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules#L24). + # SELinux in the initramfs SELinux policy is loaded in the real root. This means that every file we create in the initramfs must be relabeled. See this code: https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel From 554d045cc7eb02713edc824779e760c3b07e9d42 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 6 Jun 2022 14:55:36 -0400 Subject: [PATCH 148/238] templates/rebase: add instructions for creating tracker tickets These tickets help us stay up on various release processes and changes. Let's formalize them in our toplevel rebase tracker template. --- .github/ISSUE_TEMPLATE/rebase.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 1a89258..167e0a1 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -1,5 +1,13 @@ # Rebase to a new version of Fedora (N) +## At previous Fedora major release + +### Open tickets to track related work for this release + +- [ ] Fedora Changes Considerations ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1222)) +- [ ] Package Additions/Removals ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1221)) +- [ ] Test Week ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1123)) + ## At Branching Branching is when a new stream is "branched" off of `rawhide`. This eventually becomes the next major Fedora (N). @@ -130,6 +138,11 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Ship `stable` - Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +### Open ticket for the next Fedora rebase + +- [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) + - label with `FN` label where `N` is the Fedora version. + ## Miscellaneous container updates From 7e92f4ad911a5090de92b71d5ac3bffaf71b5ef6 Mon Sep 17 00:00:00 2001 From: Micah Abbott <miabbott@redhat.com> Date: Tue, 17 May 2022 15:52:08 -0400 Subject: [PATCH 149/238] new template for organizing a Test Week --- .github/ISSUE_TEMPLATE/test-week.md | 56 +++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/test-week.md diff --git a/.github/ISSUE_TEMPLATE/test-week.md b/.github/ISSUE_TEMPLATE/test-week.md new file mode 100644 index 0000000..b5001b9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/test-week.md @@ -0,0 +1,56 @@ +--- +name: Schedule a Fedora Test Week +about: Schedule a Fedora Test Week for a new Fedora major release +title: '' +labels: 'community', 'meeting' +assignees: '' +--- + +## Initial Tasks (to be done at least one week before test week) + +- [ ] Open this ticket in the `fedora-coreos-tracker` repo +- [ ] Open a ticket with [Fedora QA](https://pagure.io/fedora-qa/issues). + - [F36 example](https://pagure.io/fedora-qa/issue/695) + +To be done after the Fedora QA folks have taken action on the QA ticket: + +- [ ] Confirm the Test Day page is created on the Fedora Wiki. + - For example: <https://fedoraproject.org/wiki/Test_Day:Fedora_36_CoreOS_2022-04-04> +- [ ] Confirm the Test Day results app is created. + - For example: <https://testdays.fedoraproject.org/events/131> +- [ ] Choose a day during the Test Week to host a video session for live debug help +- [ ] Setup a Google Meet or other video conference session +- [ ] Create a HackMD doc for capturing notes during live video session +- [ ] Find volunteers to enumerate new documentation + test cases required for Test Week + - Best done via dedicated video session +- [ ] File an issue on `fedora-coreos-tracker` with TODO items. + - For example: <https://github.com/coreos/fedora-coreos-tracker/issues/1147> +- [ ] File a ticket requesting a Fedora badge is created + - For example: <https://pagure.io/fedora-badges/issue/871> + +## Announcing Test Week + +Should be completed after the Initial Tasks are done + +- [ ] Draft an email to <coreos@lists.fedoraproject.org> announcing the Test Week + - [ ] Include a link to the Fedora Wiki + - [ ] Include a link to the Test Day results app + - [ ] Include a link to `fedora-coreos-tracker` for Test Week + - [ ] Include a link to the video conference + - [ ] Include a link to the HackMD doc +- [ ] Cross-post announcement email to discussion.fedoraproject.org with `#coreos` tag + +- Example format: <https://hackmd.io/lCrVoW_RSMCRf2neiGhiPg> + +## During Test Week + +- Monitor `fedora-coreos-tracker` for new issues reported as part of Test Week +- Monitor #fedora-coreos on IRC for new issues reported as part of Test Week +- Ensure there is one or more representatives of Fedora CoreOS team present for live video session + +## After Test Week + +- [ ] Update `fedora-coreos-tracker` ticket with any issues found +- [ ] Update `fedora-coreos-tracker` ticket with any documentation updates made +- [ ] Review Test Day results app and follow-up on any errors reported, if possible +- [ ] Follow up with the Fedora Badges ticket with Fedora Account System (FAS) usernames that participated in Test Week From c810851d93a7adec062b5c47e146e4fc6ac9c244 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 8 Jun 2022 16:00:05 -0400 Subject: [PATCH 150/238] templates: update Test Week link in rebase template --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 167e0a1..cfb9a80 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -6,7 +6,7 @@ - [ ] Fedora Changes Considerations ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1222)) - [ ] Package Additions/Removals ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1221)) -- [ ] Test Week ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1123)) +- [ ] Test Week ([template](https://github.com/coreos/fedora-coreos-tracker/issues/new?template=test-week.md&title=tracker:+FN+Test+Week)) ## At Branching From ca4ad34599cb3bc1637b433f3d811249a46a9e07 Mon Sep 17 00:00:00 2001 From: Aashish Radhakrishnan <aaradhak@redhat.com> Date: Tue, 31 May 2022 15:50:21 -0400 Subject: [PATCH 151/238] Updated FCOS stream metadata sample/rationale/release To have a complete representation of the artifacts we support in the stream metadata sample, rationale & release, the FCOS stream metadata sample/rationale/release have been updated with the missing platforms. Resolves https://issues.redhat.com/browse/COS-1364 --- metadata/release/sample.json | 159 +++++++++++++++++++++++++++------ metadata/stream/rationale.yaml | 135 +++++++++++++++++++++------- metadata/stream/sample.json | 50 +++++++++++ 3 files changed, 287 insertions(+), 57 deletions(-) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 874aebd..2a1c1d8 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -4,6 +4,22 @@ "architectures": { "x86_64": { "media": { + "aliyun": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", + "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" + } + } + }, + "images": { + "us-east-1": { + "image": "m-6wedcb2rfmhkcl2bsbz5" + } + } + }, "aws": { "artifacts": { "vmdk.xz": { @@ -20,13 +36,79 @@ } } }, - "qemu": { + "azure": { + "artifacts": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", + "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" + } + } + } + }, + "azurestack": { + "artifacts": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azurestack.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azurestack.vhd.xz.sig", + "sha256": "344c1cc084e163c4352235b2accf34d24bb0e1595f66fa1385b9eb4b3e4ca5b1" + } + } + } + }, + "digitalocean": { + "artifacts": { + "qcow2.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-digitalocean.qcow2.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-digitalocean.qcow2.gz.sig", + "sha256": "435224bb0e1595f344c1cc05b1d2484e163c66f35b2accf3a1385b9eb4b3e4ca" + } + } + } + }, + "exoscale": { "artifacts": { "qcow2.xz": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz.sig", - "sha256": "4dcc04bd43f48bc74a16bd7d20b47829591a2a2fbe3ee8d59fedef2b1ddd1264" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-exoscale.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-exoscale.qcow2.xz.sig", + "sha256": "435224bb0e1595f344c1cc05b1d2484e163c66f35b2accf3a1385b9eb4b3e4ca" + } + } + } + }, + "gcp": { + "artifacts": { + "tar.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-gcp.tar.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-gcp.tar.gz.sig", + "sha256": "344c1cc05b1d2484e163c66f35b2accf3a1385b9eb435224bb0e1595f4b3e4ca" + } + } + } + }, + "ibmcloud": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-ibmcloud.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-ibmcloud.qcow2.xz.sig", + "sha256": "344c1cc05b1d2484e163c66f35b2accf3a1385b9eb435224bb0e1595f4b3e4ca" + } + } + } + }, + "kubevirt": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz.sig", + "sha256": "2accf3a1385b9eb435224bb0e1595f4b3e4344c1cc05b1d2484e163c66f35bca" } } } @@ -40,56 +122,72 @@ "sha256": "881178a4794816e623b02012a84b11d59a96dd59035508a0986a5b6c6be074ed" } }, - "installer.iso": { + "iso": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer.iso", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer.iso.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live.iso", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live.iso.sig", "sha256": "aab20fcafc240fa03f7e43370f8be8c14b99b045eca156a0f5e77286b2e9e8c4" } }, - "installer-pxe": { + "pxe": { "kernel": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-kernel", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-kernel.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-kernel", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-kernel.sig", "sha256": "bb493370b3716a009628197b7fce41107f1f5349f1a7ef67a8ecc7eebb3d2183" }, "initramfs": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-initramfs.img", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-initramfs.img.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-initramfs.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-initramfs.img.sig", "sha256": "04dde273b9e5d1b361beb44fde337f915509ad8e128fb408f793fdd0ae84c17d" + }, + "rootfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-rootfs.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-rootfs.img.sig", + "sha256": "509ad8e128fb408f793fdd0ae84c17d04dde273b9e5d1b361beb44fde337f915" } } } }, - "azure": { + "nutanix": { "artifacts": { - "vhd.xz": { + "qcow2": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", - "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-nutanix.qcow2", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-nutanix.qcow2.sig", + "sha256": "1b3e4ca5b1d2463c4352235b2accf95f66f344c1cc084e3a1385b9eb4bb0e154" } } } }, - "aliyun": { + "openstack": { "artifacts": { "qcow2.xz": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", - "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz.sig", + "sha256": "b2cab76cb2038826cb8de99f34d192bda4e805a4eb51be2979ba984424e72501" } } } }, - "openstack": { + "qemu": { "artifacts": { "qcow2.xz": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz.sig", - "sha256": "b2cab76cb2038826cb8de99f34d192bda4e805a4eb51be2979ba984424e72501" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz.sig", + "sha256": "4dcc04bd43f48bc74a16bd7d20b47829591a2a2fbe3ee8d59fedef2b1ddd1264" + } + } + } + }, + "virtualbox": { + "artifacts": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-virtualbox.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-virtualbox.ova.sig", + "sha256": "54729f458c1552c19aa2f2b905860fadbe0a714df45d1d49731725038895094c" } } } @@ -104,6 +202,17 @@ } } } + }, + "vultr": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-vultr.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-vultr.raw.xz.sig", + "sha256": "d7d20b47829591a2a2fbe3ee8d59fe4dcc04bd43f48bc74a16bdef2b1ddd1264" + } + } + } } }, "commit": "a9c8d66d3628d1b9b4c4690777e8b730d08329b4359410cb410a2003296af1ca" diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 033892f..54e8567 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -12,6 +12,15 @@ architectures: # openstack. Some will likely only be useful for cloud operators, # such as digitalocean or packet. Some, such as aws, are useful # for users in special situations. + aliyun: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/g0xah6aenvaaVosh.qcow2.xz + signature: https://artifacts.example.com/g0xah6aenvaaVosh.qcow2.xz.sig + sha256: 149afbf4c8996fb92427ae3b0c44298fc1ce41e4649b934ca495991b7852b855 + uncompressed-sha256: d02d5ac0f2a2789602e9df950c38acb15380d2799b4bdb59394e4eeabdd3a662 aws: release: 30.1.2.3 formats: @@ -27,11 +36,20 @@ architectures: azure: release: 30.1.2.3 formats: - "vdi.xz": + "vhd.xz": disk: - location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz - signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + location: https://artifacts.example.com/6vaaVoshaeng0xah.vhd.xz + signature: https://artifacts.example.com/6vaaVoshaeng0xah.vhd.xz.sig + sha256: f4c8996fb92427ae41e4e3b0c44298fc1c149afb649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + azurestack: + release: 30.1.2.3 + formats: + "vhd.xz": + disk: + location: https://artifacts.example.com/ng0xahos6aevaaVh.vhd.xz + signature: https://artifacts.example.com/ng0xahos6aevaaVh.vhd.xz.sig + sha256: ae41e4649b934ca495991b7852b855e3b0c44298fc1c149afbf4c8996fb92427 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 digitalocean: release: 30.1.2.3 @@ -40,8 +58,17 @@ architectures: disk: location: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz signature: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 427ae41e4649b934ca495991b7852b855e3b0c44298fc1c149afbf4c8996fb92 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + exoscale: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/aeng0xah6vaaVosh.qcow2.xz + signature: https://artifacts.example.com/aeng0xah6vaaVosh.qcow2.xz.sig + sha256: 49afbf4c8996fb92427ae41e464e3b0c44298fc1c19b934ca495991b7852b855 + uncompressed-sha256: f2a2789602e9df950c380d2738acb15d02d5ac099b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: @@ -49,7 +76,25 @@ architectures: disk: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 96fb92427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c895 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + ibmcloud: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/0xah6vaaenVoshga.qcow2.xz + signature: https://artifacts.example.com/0xah6vaaenVoshga.qcow2.xz.sig + sha256: ae3b0c44298fc1ce41e4649b149afbf4c8996fb92427934ca495991b7852b855 + uncompressed-sha256: 02e9df950c38acb1538d02d5ac0f2a278960d2799b4bdb59394e4eeabdd3a662 + kubevirt: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz + signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz.sig + sha256: 2427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb95 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 @@ -58,43 +103,42 @@ architectures: disk: location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 6fb92427ae41e4649b934ca49e3b0c44298fc1c149afbf4c8995991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 iso: disk: location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 8996fb92427ae41e4649b934ca495991b78e3b0c44298fc1c149afbf4c52b855 pxe: kernel: location: https://artifacts.example.com/hkIj8FkCydT3lV9h signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 27ae41e4649b934ca495991b7852be3b0c44298fc1c149afbf4c8996fb924855 initramfs: location: https://artifacts.example.com/a9ytS8yB4cGZpca1.img signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.img.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: ae41e4649b934ca495991b7852be3b0c44298fc1c149afbf4c8996fb92427855 rootfs: location: https://artifacts.example.com/Seb8em4QU9p6wEFr.img signature: https://artifacts.example.com/Seb8em4QU9p6wEFr.img.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - openstack: + sha256: fb92427ae41e4649b93e3b0c44298fc1c149afbf4c89964ca495991b7852b855 + nutanix: release: 30.1.2.3 formats: - "qcow.xz": + "qcow2": disk: - location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz - signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - kubevirt: + location: https://artifacts.example.com/xah6vaaVaeng0osh.qcow2 + signature: https://artifacts.example.com/xah6vaaVaeng0osh.qcow2.sig + sha256: 991b7852b85b0c44298fc1c149afbfe36fb92427ae41e4649b934ca4954c8995 + openstack: release: 30.1.2.3 formats: - "qcow.xz": + "qcow2.xz": disk: - location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz - signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + location: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz + signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig + sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 packet: release: 30.1.2.3 @@ -103,17 +147,25 @@ architectures: disk: location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: e41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb92427a5 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 qemu: release: 30.1.2.3 formats: - "qcow.xz": + "qcow2.xz": disk: - location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz - signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow2.xz + signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow2.xz.sig + sha256: b0c44298fc1c149afbf4c8996fb9242e37ae41e4649991b7852b855b934ca495 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + virtualbox: + release: 30.1.2.3 + formats: + ova: + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 vmware: release: 30.1.2.3 formats: @@ -121,12 +173,29 @@ architectures: disk: location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 96fb92427ae41e4649b934cae3b0c44298fc1c149afbf4c89495991b7852b855 + vultr: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/ah6vaaVaeng0xosh.raw.xz + signature: https://artifacts.example.com/ah6vaaVaeng0xosh.raw.xz.sig + sha256: ae3b0c44298fc1ce41e4649b149afbf4c8996fb92427934ca495991b7852b855 + uncompressed-sha256: 02e9df950c38acb1538d02d5ac0f2a278960d2799b4bdb59394e4eeabdd3a662 images: # Cloud images to be launched directly by users. These are in a # separate section because they might not always in sync with the # release artifacts above. + aliyun: + regions: + ap-northeast-1: + release: 30.1.2.3 + image: m-cb2rfmhkcl2b6wedsbz5 + ap-south-1: + release: 30.1.2.3 + image: m-ef3e19la2d35aftwxz5p aws: regions: us-east-1: @@ -141,6 +210,12 @@ architectures: # string, and represents advice rather than a value we might # change. image: Fedora:CoreOS:stable:latest + digitalocean: + # We don't control platform ingest, so an image slug is probably + # the best we can do. + image: fedora-coreos-stable + exoscale: + image: Linux Fedora CoreOS 64-bit gcp: # Ideally users use the project + family. These are static strings, # and represent advice rather than a value we might change. @@ -150,10 +225,6 @@ architectures: # and its release. release: 30.1.2.3 name: fedora-coreos-30-1-2-3-gcp-x86-64 - digitalocean: - # We don't control platform ingest, so an image slug is probably - # the best we can do. - image: fedora-coreos-stable kubevirt: # ContainerDisk in a container registry # Ideally users use this pull spec, which specifies a floating tag. diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 6d863b1..81c3dd0 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -46,6 +46,19 @@ } } }, + "azurestack": { + "release": "33.20210412.3.0", + "formats": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azurestack.x86_64.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azurestack.x86_64.vhd.xz.sig", + "sha256": "3bd5baf21335ada861b5e01e8628ba40bc04050a436b9eaa0504ba6c33626a05", + "uncompressed-sha256": "de9d7a5b1f0f69746a807148e1dbf64aa2593ac3d4e152fbb4f657da170dcece" + } + } + } + }, "digitalocean": { "release": "33.20210412.3.0", "formats": { @@ -96,6 +109,19 @@ } } }, + "kubevirt": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz.sig", + "sha256": "6343b99ca70975bd821050f274aa1db0898fb88aae95a79f63d18a2e2a489e26", + "uncompressed-sha256": "744f25cf86927fe4780b57cd75c2d5b979e15336e4c9bd02fe4f71827d820d4c" + } + } + } + }, "metal": { "release": "33.20210412.3.0", "formats": { @@ -141,6 +167,18 @@ } } }, + "nutanix": { + "release": "33.20210412.3.0", + "formats": { + "qcow2": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-nutanix.x86_64.qcow2", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-nutanix.x86_64.qcow2.sig", + "sha256": "650bb496c94c3fc815126daaa6beb2270ae870cb036df5b43c348da00e788dab" + } + } + } + }, "openstack": { "release": "33.20210412.3.0", "formats": { @@ -167,6 +205,18 @@ } } }, + "virtualbox": { + "release": "33.20210412.3.0", + "formats": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-virtualbox.x86_64.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-virtualbox.x86_64.ova.sig", + "sha256": "a54f52901817165c74b9d265d8ccf0a6c622006e2a13444fc1145970b8c9135d" + } + } + } + }, "vmware": { "release": "33.20210412.3.0", "formats": { From c3e6b8687d50867b416562dca3da9b9b126cd5a1 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 27 Jun 2022 20:22:17 -0400 Subject: [PATCH 152/238] templates/rebase: add step to update Fedora release in repo-templates --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index cfb9a80..865a5af 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -130,6 +130,10 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` +### Switch upstream packages to shipping release binaries from Fedora (N) + +- [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). + ## After Fedora (N) GA From 281b447975fc206a4e4916327bca4b9a3ef14acf Mon Sep 17 00:00:00 2001 From: Gursewak Mangat <gursmangat@gmail.com> Date: Wed, 13 Jul 2022 11:39:23 -0700 Subject: [PATCH 153/238] meeting-people.txt: Update gursewak username --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 955c7f0..e554da5 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -6,7 +6,7 @@ exit 0 aaradhak davdunc dustymabe -gurssing +gursewak jaimelm jbrooks jcajka From 74ce3fce4a1da05d11e11dec7515124ff42dcccd Mon Sep 17 00:00:00 2001 From: Steven Presti <prestist@gmail.com> Date: Thu, 14 Apr 2022 14:06:33 -0400 Subject: [PATCH 154/238] add documentation for adding a new platform --- .../implementing-new-platform.md | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/implementing-new-platform.md diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md new file mode 100644 index 0000000..ea51af7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -0,0 +1,88 @@ +# Implementing a new supported platform + + ## During Development + Create PR's addressing the following: + + - [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) + - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) + - [ ] Add platform to the `Media` struct in `release/release.go` + - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` + - [ ] (Cloud Only) Cloud Images need to have an `Images` field + + - [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) + - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) + + - [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) + - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) + - [ ] Update the metadata for the new platform + + - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) + - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) + - [ ] Implement required functionality to support new platform + + - [ ] [fedora-web](https://pagure.io/fedora-web/websites) + - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) + - [ ] Add platform to `sites/static/js/coreos-download.js` + +- [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) + - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) + - [ ] Add a list element for new platform in `browser/index.html` + +- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) + - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) + - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact + + - [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) + - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) + - [ ] Add a `provisioning-<platform>.adoc` that walks through how to setup the new platform + - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation + + + + ## At Release + +1. Merge metadata changes: + + - [ ] stream-metadata-go + - [ ] stream-metadata-rust + - [ ] fedora-coreos-tracker + - [ ] fedora website + - [ ] fedora-coreos-browser + + +2. Create and push signed tags with appropriate versions + + ``` + # Ensure gpg key for signing in github settings that is associated to redhat email. + # Verify you are on the upstream repo's main branch. + + git status + + RELEASE_VER=vx.y.z + # Replace 'x.y.z' with the appropriate numbers. + + git tag -s ${RELEASE_VER} + # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' + + git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} + # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. + # e.g. https://github.com/...repo/tags + ``` + + 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. + - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". + - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. + + 2. [ ] Tag fedora-coreos-stream-generator following the above steps. + +3. Merge the following changes: + - [ ] coreos-assembler + +4. Wait for updates made to coreos-assembler to be propagated to latest container + - [ ] Download latest version of coreos-assembler container. Verify platform support functionality. + +5. Merge changes for: + - [ ] Build pipeline + +6. Wait for new images to reach stable then merge documentation. + - [ ] fedora-coreos-docs merged \ No newline at end of file From 6c0772350e52dbc95ca7feba854ab6f83e919ed9 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 26 Aug 2022 16:51:16 -0400 Subject: [PATCH 155/238] docs: updates for kernel bisect docs --- docs/fedora-coreos-kernel-bisect.md | 67 +++++++++++++---------------- 1 file changed, 30 insertions(+), 37 deletions(-) diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md index 9f7de5c..040555b 100644 --- a/docs/fedora-coreos-kernel-bisect.md +++ b/docs/fedora-coreos-kernel-bisect.md @@ -54,7 +54,7 @@ environment directly in the VM. If not you'll probably want to use a container for your kernel builds. Here's how to start up a container: ``` -podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:35 +podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:37 ``` NOTE: try to use the same Fedora Cloud or Fedora container version as @@ -71,13 +71,13 @@ sudo dnf builddep -y kernel We can now make changes to the git repo (revert commits, etc) and run a few commands to build the kernel. Before building we need to copy down the config -from the kernel dist-git repo and disable DEBUG symbols if they were enabled -(makes very large files): +from the kernel dist-git repo and disable making a DEBUG kernel if it was enabled, +which makes very large files: ``` cd /path/to/kernel/git/ -curl https://src.fedoraproject.org/rpms/kernel/raw/f35/f/kernel-x86_64-fedora.config > .config -sed -i 's/CONFIG_DEBUG_INFO=y/CONFIG_DEBUG_INFO=n/' .config +curl https://src.fedoraproject.org/rpms/kernel/raw/f37/f/kernel-x86_64-fedora.config > .config +sed -i 's/CONFIG_DEBUG_KERNEL=y/CONFIG_DEBUG_KERNEL=n/' .config ``` ## 1. Directly Building and Installing the Kernel from Kernel Source git repo @@ -151,40 +151,11 @@ sudo rpm-ostree override replace ./kernel-5.17.0_rc8-1.x86_64.rpm --remove=kerne ### Doing a Build with COSA Then copy the built RPM into the `overrides/rpm` folder under the COSA build directory. -Update the `manifest-lock.overrides.yaml` to specify the kernel and also update the manifest -to not specify `kernel-core` and `kernel-modules`. Here is an example: - - -```diff -diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml -index 62cfbe5..81de60f 100644 ---- a/manifest-lock.overrides.yaml -+++ b/manifest-lock.overrides.yaml -@@ -8,4 +8,6 @@ - # in the `metadata.reason` key, though it's acceptable to omit a `reason` - # for FCOS-specific packages (ignition, afterburn, etc.). - --packages: {} -+packages: -+ kernel: -+ evr: 5.17.0_rc8+-2 -diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml -index 784acd4..734f374 100644 ---- a/manifests/bootable-rpm-ostree.yaml -+++ b/manifests/bootable-rpm-ostree.yaml -@@ -7,7 +7,8 @@ - packages: - # Kernel + systemd. Note we explicitly specify kernel-{core,modules} - # because otherwise depsolving could bring in kernel-debug. -- - kernel kernel-core kernel-modules systemd -+ - kernel systemd - # linux-firmware now a recommends so let's explicitly include it - # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b - # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide -``` - After that you should be able to `cosa fetch --with-cosa-overrides && cosa build` like normal. +While iterating you should be able to skip the `cosa fetch` step. Just delete the old +RPM out of `overrides/rpm`, put the new one in place and then `cosa build`. + ## Performing a Kernel Bisect @@ -192,3 +163,25 @@ Now that we know how to build and use a kernel in various ways the bisect is the easy part. Just follow the [upstream kernel documentation](https://www.kernel.org/doc/html/latest/admin-guide/bug-bisect.html) for doing a `git bisect` and repeat the build/test steps in between each step. + +## Reporting issues upstream + +Unfortunately the kernel doesn't have any git forge structure. It's +mostly email and mailing lists. If you want to report an issue +upstream you can run a command to give you what people/lists to email: + +``` +commit=abcdef +git format-patch --stdout "${commit}^..${commit}" | \ + ./scripts/get_maintainer.pl --norolestats +``` + +example: + +``` +$ commit=a09b314 +$ git format-patch --stdout "${commit}^..${commit}" | ./scripts/get_maintainer.pl --norolestats +Jens Axboe <axboe@kernel.dk> +linux-block@vger.kernel.org +linux-kernel@vger.kernel.org +``` From 8653c42477202d3857e8b16ab78f273d98a97fdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Mon, 17 Oct 2022 13:55:35 +0200 Subject: [PATCH 156/238] GitHub templates: Convert some templates to issue forms See https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema --- .github/ISSUE_TEMPLATE.md | 4 -- .github/ISSUE_TEMPLATE/bug-report.md | 33 ---------- .github/ISSUE_TEMPLATE/bug-report.yml | 70 ++++++++++++++++++++ .github/ISSUE_TEMPLATE/enhancement.md | 18 ----- .github/ISSUE_TEMPLATE/enhancement.yml | 32 +++++++++ .github/ISSUE_TEMPLATE/new-package.md | 30 --------- .github/ISSUE_TEMPLATE/new-package.yml | 84 ++++++++++++++++++++++++ .github/ISSUE_TEMPLATE/new-platform.md | 32 --------- .github/ISSUE_TEMPLATE/new-platform.yml | 87 +++++++++++++++++++++++++ 9 files changed, 273 insertions(+), 117 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE.md delete mode 100644 .github/ISSUE_TEMPLATE/bug-report.md create mode 100644 .github/ISSUE_TEMPLATE/bug-report.yml delete mode 100644 .github/ISSUE_TEMPLATE/enhancement.md create mode 100644 .github/ISSUE_TEMPLATE/enhancement.yml delete mode 100644 .github/ISSUE_TEMPLATE/new-package.md create mode 100644 .github/ISSUE_TEMPLATE/new-package.yml delete mode 100644 .github/ISSUE_TEMPLATE/new-platform.md create mode 100644 .github/ISSUE_TEMPLATE/new-platform.yml diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md deleted file mode 100644 index ef46026..0000000 --- a/.github/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,4 +0,0 @@ -<!-- -If reporting a bug in Fedora CoreOS, please include the -output of `rpm-ostree status`. ---> diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md deleted file mode 100644 index 94e2abf..0000000 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Report a bug -about: Report an issue with Fedora CoreOS -title: '' -labels: 'kind/bug' -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**Reproduction steps** -Steps to reproduce the behavior: -1. -2. -3. - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Actual behavior** -A clear and concise description of what actually happened. - -**System details** - - Bare Metal/QEMU/AWS/GCP/etc. - - Fedora CoreOS version - -**Ignition config** -Please attach the Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? - -**Additional information** -Add any other information about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml new file mode 100644 index 0000000..b83ff6e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -0,0 +1,70 @@ +name: Report a bug +description: Report an issue with Fedora CoreOS +labels: ["kind/bug"] +assignees: [] +body: + - type: textarea + id: bug-description + attributes: + label: Describe the bug + description: A clear and concise description of what the bug is. + placeholder: I'm using foo on bar and it fails with foobar. + validations: + required: true + + - type: textarea + id: bug-reproduction + attributes: + label: Reproduction steps + description: Steps to reproduce the behavior. + placeholder: | + 1. + 2. + 3. + validations: + required: true + + - type: textarea + id: bug-expected + attributes: + label: Expected behavior + description: A clear and concise description of what you expected to happen. + placeholder: Foo should succeed without errors. + validations: + required: true + + - type: textarea + id: bug-actual + attributes: + label: Actual behavior + description: A clear and concise description of what actually happened. + placeholder: Foo failed with ... + validations: + required: true + + - type: textarea + id: bug-system + attributes: + label: System details + description: Version (`rpm-ostree status -b`) and platform (Bare Metal/QEMU/AWS/GCP/etc.) where you've seen the issue. + placeholder: | + - Bare Metal/QEMU/AWS/GCP/etc. + - Fedora CoreOS version + validations: + required: true + + - type: textarea + id: bug-ignition + attributes: + label: Ignition config + description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? + validations: + required: false + + - type: textarea + id: bug-additional + attributes: + label: Additional information + description: Add any other information about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/enhancement.md b/.github/ISSUE_TEMPLATE/enhancement.md deleted file mode 100644 index f89404b..0000000 --- a/.github/ISSUE_TEMPLATE/enhancement.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Request an enhancement -about: Request a new feature in Fedora CoreOS -title: '' -labels: 'kind/enhancement' -assignees: '' - ---- - -**Describe the enhancement** -A clear and concise description of the desired feature. - -**System details** - - Bare Metal/QEMU/AWS/GCP/etc. - - Fedora CoreOS version - -**Additional information** -Add any other information here. diff --git a/.github/ISSUE_TEMPLATE/enhancement.yml b/.github/ISSUE_TEMPLATE/enhancement.yml new file mode 100644 index 0000000..47a4bb0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.yml @@ -0,0 +1,32 @@ +name: Request an enhancement +description: Request a new feature in Fedora CoreOS +labels: ["kind/enhancement"] +assignees: [] +body: + - type: textarea + id: enhancement-description + attributes: + label: Describe the enhancement + description: A clear and concise description of the desired feature. + placeholder: I want to use foo with bar on Fedora CoreOS. + validations: + required: true + + - type: textarea + id: enhancement-system + attributes: + label: System details + description: Platform (Bare Metal/QEMU/AWS/GCP/etc.) where you'd want to see this feature. Version you've tried that does not have it. + placeholder: | + - Bare Metal/QEMU/AWS/GCP/etc. + - Fedora CoreOS version + validations: + required: false + + - type: textarea + id: enhancement-additional + attributes: + label: Additional information + description: Add any other information about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/new-package.md b/.github/ISSUE_TEMPLATE/new-package.md deleted file mode 100644 index 1c2baa3..0000000 --- a/.github/ISSUE_TEMPLATE/new-package.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -name: Request a new package -about: Ask for a new package to be added to Fedora CoreOS -title: 'New Package Request: <package name>' -labels: 'kind/enhancement' -assignees: '' - ---- - -Please try to answer the following questions about the package you are requesting: - -1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) - -2. What is the size of the package and its dependencies? - -3. What problem are you trying to solve with this package? Or what functionality does the package provide? - -4. Can the software provided by the package be run from a container? Explain why or why not. - -5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? - -6. Can the tool(s) provided by the package be helpful in debugging networking issues? - -7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. - -8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? - -9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) - -10. Does the software provided by the package have a history of CVEs? diff --git a/.github/ISSUE_TEMPLATE/new-package.yml b/.github/ISSUE_TEMPLATE/new-package.yml new file mode 100644 index 0000000..f545e01 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-package.yml @@ -0,0 +1,84 @@ +name: Request a new package +description: Ask for a new package to be added to Fedora CoreOS +title: "New Package Request: <package name>" +labels: ["kind/enhancement"] +assignees: [] +body: + - type: markdown + attributes: + value: | + Please try to answer the following questions about the package you are requesting. + + - type: textarea + id: newpackage-dependencies + attributes: + label: What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) + description: Paste here the output of `rpm-ostree install --dry-run <package>` from a fresh Fedora CoreOS node. + validations: + required: true + + - type: textarea + id: newpackage-size + attributes: + label: What is the size of the package and its dependencies? + description: Paste here the output of `rpm -qi <package>` for each package mentioned above. + validations: + required: true + + - type: textarea + id: newpackage-solution + attributes: + label: What problem are you trying to solve with this package? Or what functionality does the package provide? + validations: + required: true + + - type: textarea + id: newpackage-container + attributes: + label: Can the software provided by the package be run from a container? Explain why or why not. + validations: + required: true + + - type: textarea + id: newpackage-debug-container + attributes: + label: Can the tool(s) provided by the package be helpful in debugging container runtime issues? + validations: + required: true + + - type: textarea + id: newpackage-debug-network + attributes: + label: Can the tool(s) provided by the package be helpful in debugging networking issues? + validations: + required: true + + - type: textarea + id: newpackage-day2 + attributes: + label: Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. + description: Can the package be installed on first boot or later with `rpm-ostree install <package>`? + validations: + required: true + + - type: textarea + id: newpackage-service + attributes: + label: In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? + validations: + required: true + + - type: textarea + id: newpackage-interpreter + attributes: + label: Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? + description: E.g. can it be abused as a Turing complete interpreter? + validations: + required: true + + - type: textarea + id: newpackage- + attributes: + label: Does the software provided by the package have a history of CVEs? + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/new-platform.md b/.github/ISSUE_TEMPLATE/new-platform.md deleted file mode 100644 index c484e47..0000000 --- a/.github/ISSUE_TEMPLATE/new-platform.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: Request a new platform -about: Ask for Fedora CoreOS to support a new cloud environment -title: 'Platform Request: <platform name>' -labels: 'area/platforms, kind/enhancement' -assignees: '' - ---- - -In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can. - -- [ ] Why is the platform important? Who uses it? - -- [ ] What is the official name of the platform? Is there a short name that's commonly used in client API implementations? - -- [ ] How can the OS retrieve instance userdata? What happens if no userdata is provided? - -- [ ] Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided? - -- [ ] How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service? - -- [ ] In particular, how can the OS retrieve the system hostname? - -- [ ] Does the platform require the OS to have a specific console configuration? - -- [ ] Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required? - -- [ ] Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository? - -- [ ] How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected? - -- [ ] Are there any other platform quirks we should know about? diff --git a/.github/ISSUE_TEMPLATE/new-platform.yml b/.github/ISSUE_TEMPLATE/new-platform.yml new file mode 100644 index 0000000..35ad0ac --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-platform.yml @@ -0,0 +1,87 @@ +name: Request a new platform +description: Ask for Fedora CoreOS to support a new cloud environment +title: "Platform Request: <platform name>" +labels: ["area/platforms", "kind/enhancement"] +assignees: [] +body: + - type: markdown + attributes: + value: | + In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can. + + - type: textarea + id: newplatform-user + attributes: + label: Why is the platform important? Who uses it? + validations: + required: false + + - type: textarea + id: newplatform-name + attributes: + label: What is the official name of the platform? Is there a short name that's commonly used in client API implementations? + validations: + required: false + + - type: textarea + id: newplatform-userdata + attributes: + label: How can the OS retrieve instance userdata? What happens if no userdata is provided? + validations: + required: false + + - type: textarea + id: newplatform-sshkeys + attributes: + label: Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided? + validations: + required: false + + - type: textarea + id: newplatform-network + attributes: + label: How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service? + validations: + required: false + + - type: textarea + id: newplatform-hostname + attributes: + label: In particular, how can the OS retrieve the system hostname? + validations: + required: false + + - type: textarea + id: newplatform-console + attributes: + label: Does the platform require the OS to have a specific console configuration? + validations: + required: false + + - type: textarea + id: newplatform-boot-success + attributes: + label: Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required? + validations: + required: false + + - type: textarea + id: newplatform-agent + attributes: + label: Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository? + validations: + required: false + + - type: textarea + id: newplatform-image-upload + attributes: + label: How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected? + validations: + required: false + + - type: textarea + id: newplatform-quirks + attributes: + label: Are there any other platform quirks we should know about? + validations: + required: false From e06aafbfe0aa9123324ad15ef861f0b1d3d6331a Mon Sep 17 00:00:00 2001 From: Anthony Rabbito <hello@anthonyrabbito.com> Date: Mon, 21 Nov 2022 15:41:33 -0500 Subject: [PATCH 157/238] Add anthr76 to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index e554da5..a5dc430 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -4,6 +4,7 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meet exit 0 aaradhak +anthr76 davdunc dustymabe gursewak From fd62a94ac753783132d195e6336e15dbe49c418b Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 28 Oct 2022 17:24:32 -0400 Subject: [PATCH 158/238] rebase checklist updates A few things I noticed that could be improved or needed to be different while I was executing the Fedora 37 rebase. --- .github/ISSUE_TEMPLATE/rebase.md | 47 ++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 865a5af..e8615ad 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -43,7 +43,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### Enable `branched` stream - [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever. -- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to include the `branched` stream in the list of mechanical refs. +- [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition. ## At Fedora (N) Beta @@ -52,13 +52,19 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Bump `releasever` in `manifest.yaml` - [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` +- [ ] Run `cosa fetch --dry-run --update-lockfile` + - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. + - in the future we may support [this](https://github.com/coreos/coreos-assembler/issues/3088) in `cosa fetch` directly - [ ] PR the result +- [ ] Re-enable `next-devel` if needed ([docs](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel)) +- [ ] Disable `branched` stream since it is no longer needed. + - Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to comment out the `branched` stream definition. + ### Ship rebased `next` - [ ] Ship `next` -- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Set a new update barrier for the final release of N-1 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ## Preparing for Fedora (N) GA @@ -67,7 +73,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Bump `releasever` in `manifest.yaml` - [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` +- [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` - [ ] PR the result @@ -77,7 +83,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### Ship rebased `testing` - [ ] Ship `testing` -- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Disable `branched` stream @@ -92,29 +98,46 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ``` f32key=12c944d0 key=$f32key -untaglist='' +echo > untaglist # create or empty out file for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do if koji buildinfo $build | grep $key 1>/dev/null; then - untaglist+="${build} " echo "Adding $build to untag list" + echo "${build}" >> untaglist fi done ``` -- [ ] Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: +Now we have a list of builds to untag. But we need a few more sanity checks. + +- [ ] Make sure none of the builds are used in `N` based FCOS. Check by running: ``` f32key=12c944d0 key=$f32key -rpm -qai | grep -B 8 $key +podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep -B 9 $key +podman rmi quay.io/fedora/fedora-coreos:testing-devel ``` If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. -- [ ] After verifying the list looks good: +- [ ] For any RPMS still used by `N-1` based FCOS let's remove them from the untaglist. Check by running: + +``` +f32key=12c944d0 +key=$f32key +podman run -it --rm quay.io/fedora/fedora-coreos:stable rpm -qai | grep -B 9 $key +podman rmi quay.io/fedora/fedora-coreos:stable +``` + +NOTE: This assumes `stable` is still on `N-1`. + +Remove any entries from the `untaglist` file that are still being used. + +- [ ] After verifying the list looks good, untag: ``` -koji untag-build coreos-pool $untaglist +# use xargs so we don't exhaust bash string limit +cat untaglist | xargs -L50 koji untag-build coreos-pool ``` - [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. @@ -140,7 +163,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d ### Ship rebased `stable` - [ ] Ship `stable` -- Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Open ticket for the next Fedora rebase From a1eccbb2e1fa8bd2a88f60fe3cd99227e441e315 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 3 Jan 2023 15:50:44 -0500 Subject: [PATCH 159/238] workflows: update actions to current major versions Fixes deprecation warnings for Node.js 12: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ --- .github/workflows/checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 74e699d..0439425 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -13,6 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Verify meeting-people.txt is sorted run: awk '!/^$/ {if (name) print} /^exit 0$/ { name = 1 }' meeting-people.txt | sort -c From 63933d707cd50ce7bc872860a312f3686c0e995c Mon Sep 17 00:00:00 2001 From: Michael Nguyen <mnguyen@redhat.com> Date: Mon, 30 Jan 2023 16:02:19 -0500 Subject: [PATCH 160/238] Update stream metadata sample/rationale for secure execution Add the secure execution artifact to the stream and release examples. --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 9 +++++++++ metadata/stream/sample.json | 13 +++++++++++++ 3 files changed, 33 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 2a1c1d8..fad5ba1 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -181,6 +181,17 @@ } } }, + "qemu-secex": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu-secex.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu-secex.qcow2.xz.sig", + "sha256": "2afbb0ac4a19f58a55db35db0a690d488f065664e9bcba1b802966f0ae6aad57" + } + } + } + }, "virtualbox": { "artifacts": { "ova": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 54e8567..8bcf65f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -158,6 +158,15 @@ architectures: signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow2.xz.sig sha256: b0c44298fc1c149afbf4c8996fb9242e37ae41e4649991b7852b855b934ca495 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + qemu-secex: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/6d5814250381013f.qcow2.xz + signature: https://artifacts.example.com/6d5814250381013f.qcow2.xz.sig + sha256: 2afbb0ac4a19f58a55db35db0a690d488f065664e9bcba1b802966f0ae6aad57 + uncompressed-sha256: 2b1cb667f3468ef7b462e5ec8395fcd2982e424d1727336e95f74c611d8bbd53 virtualbox: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 81c3dd0..58f25ae 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -205,6 +205,19 @@ } } }, + "qemu-secex": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu-secex.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu-secex.x86_64.qcow2.xz.sig", + "sha256": "2afbb0ac4a19f58a55db35db0a690d488f065664e9bcba1b802966f0ae6aad57", + "uncompressed-sha256": "2b1cb667f3468ef7b462e5ec8395fcd2982e424d1727336e95f74c611d8bbd53" + } + } + } + }, "virtualbox": { "release": "33.20210412.3.0", "formats": { From e01009346d982beaac14b31cf509bc8d2926237d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Sat, 4 Feb 2023 22:41:29 -0500 Subject: [PATCH 161/238] templates: format bug-report Ignition config as YAML Users often post Butane configs rather than Ignition configs, and JSON is upward-compatible with YAML, so cover our bases by calling it YAML. This prevents the user from having to manually add a code block. Also reword the description to avoid asking a question that the field can no longer hold an answer for. --- .github/ISSUE_TEMPLATE/bug-report.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index b83ff6e..c8759cf 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -57,7 +57,10 @@ body: id: bug-ignition attributes: label: Ignition config - description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? + description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, ensure the Ignition config passes validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation). + # Might be Butane YAML or Ignition JSON, which is upward-compatible + # with YAML + render: yaml validations: required: false From e19d799ab3e347cf6e3538d5a1168ae75a39053b Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 6 Feb 2023 12:11:58 -0500 Subject: [PATCH 162/238] templates: reword Ignition config field to "Butane or Ignition config" We usually get Butane configs anyway. --- .github/ISSUE_TEMPLATE/bug-report.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index c8759cf..c0699a7 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -54,9 +54,9 @@ body: required: true - type: textarea - id: bug-ignition + id: bug-config attributes: - label: Ignition config + label: Butane or Ignition config description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, ensure the Ignition config passes validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation). # Might be Butane YAML or Ignition JSON, which is upward-compatible # with YAML From 5ace893f8e684ca0123e82690d1b5c942a8abf44 Mon Sep 17 00:00:00 2001 From: Adam Piasecki <c4rt0gr4ph3r@gmail.com> Date: Wed, 22 Feb 2023 17:00:56 +0000 Subject: [PATCH 163/238] meeting-people.txt: Add apiaseck --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index a5dc430..216425c 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -5,6 +5,7 @@ exit 0 aaradhak anthr76 +apiaseck davdunc dustymabe gursewak From 26cb9218132bc3ce5ec1c71197bcd199edec6090 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 10 Mar 2023 15:39:48 -0500 Subject: [PATCH 164/238] templates/implementing-new-platform: formatting cleanups Remove newlines between items to increase the density of the rendered Markdown. No textual changes. --- .../implementing-new-platform.md | 150 ++++++++---------- 1 file changed, 66 insertions(+), 84 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index ea51af7..ceee4be 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -1,88 +1,70 @@ # Implementing a new supported platform - ## During Development - Create PR's addressing the following: - - - [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) - - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) - - [ ] Add platform to the `Media` struct in `release/release.go` - - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` - - [ ] (Cloud Only) Cloud Images need to have an `Images` field - - - [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) - - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) - - - [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) - - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) - - [ ] Update the metadata for the new platform - - - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) - - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) - - [ ] Implement required functionality to support new platform - - - [ ] [fedora-web](https://pagure.io/fedora-web/websites) - - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) - - [ ] Add platform to `sites/static/js/coreos-download.js` - +## During Development + +Create PR's addressing the following: + +- [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) + - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) + - [ ] Add platform to the `Media` struct in `release/release.go` + - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` + - [ ] (Cloud Only) Cloud Images need to have an `Images` field +- [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) + - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) +- [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) + - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) + - [ ] Update the metadata for the new platform +- [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) + - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) + - [ ] Implement required functionality to support new platform +- [ ] [fedora-web](https://pagure.io/fedora-web/websites) + - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) + - [ ] Add platform to `sites/static/js/coreos-download.js` - [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) - - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) - - [ ] Add a list element for new platform in `browser/index.html` - + - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) + - [ ] Add a list element for new platform in `browser/index.html` - [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) - - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) - - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact - - - [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) - - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) - - [ ] Add a `provisioning-<platform>.adoc` that walks through how to setup the new platform - - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation - - - - ## At Release - -1. Merge metadata changes: - - - [ ] stream-metadata-go - - [ ] stream-metadata-rust - - [ ] fedora-coreos-tracker - - [ ] fedora website - - [ ] fedora-coreos-browser - - -2. Create and push signed tags with appropriate versions - - ``` - # Ensure gpg key for signing in github settings that is associated to redhat email. - # Verify you are on the upstream repo's main branch. - - git status - - RELEASE_VER=vx.y.z - # Replace 'x.y.z' with the appropriate numbers. - - git tag -s ${RELEASE_VER} - # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' - - git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} - # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. - # e.g. https://github.com/...repo/tags - ``` - - 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. - - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". - - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. - - 2. [ ] Tag fedora-coreos-stream-generator following the above steps. - -3. Merge the following changes: - - [ ] coreos-assembler - -4. Wait for updates made to coreos-assembler to be propagated to latest container - - [ ] Download latest version of coreos-assembler container. Verify platform support functionality. - -5. Merge changes for: - - [ ] Build pipeline - -6. Wait for new images to reach stable then merge documentation. - - [ ] fedora-coreos-docs merged \ No newline at end of file + - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) + - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact +- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) + - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) + - [ ] Add a `provisioning-<platform>.adoc` that walks through how to setup the new platform + - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation + +## At Release + +1. Merge metadata changes: + - [ ] stream-metadata-go + - [ ] stream-metadata-rust + - [ ] fedora-coreos-tracker + - [ ] fedora website + - [ ] fedora-coreos-browser +1. Create and push signed tags with appropriate versions + ``` + # Ensure gpg key for signing in github settings that is associated to redhat email. + # Verify you are on the upstream repo's main branch. + + git status + + RELEASE_VER=vx.y.z + # Replace 'x.y.z' with the appropriate numbers. + + git tag -s ${RELEASE_VER} + # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' + + git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} + # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. + # e.g. https://github.com/...repo/tags + ``` + 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. + - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". + - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. + 2. [ ] Tag fedora-coreos-stream-generator following the above steps. +1. Merge the following changes: + - [ ] coreos-assembler +1. Wait for updates made to coreos-assembler to be propagated to latest container + - [ ] Download latest version of coreos-assembler container. Verify platform support functionality. +1. Merge changes for: + - [ ] Build pipeline +1. Wait for new images to reach stable then merge documentation. + - [ ] fedora-coreos-docs merged From 4ca76edfbe0558b02aa67aa32b284f4005331cea Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 10 Mar 2023 15:48:56 -0500 Subject: [PATCH 165/238] templates/implementing-new-platform: move example PRs to same line as repo They're not checklist items, so it's confusing to put them next to those. --- .../implementing-new-platform.md | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index ceee4be..58b54d5 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -4,30 +4,22 @@ Create PR's addressing the following: -- [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) - - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) +- [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) ([example PR](https://github.com/coreos/stream-metadata-go/pull/45/)) - [ ] Add platform to the `Media` struct in `release/release.go` - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` - [ ] (Cloud Only) Cloud Images need to have an `Images` field -- [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) - - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) -- [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) - - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) +- [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) ([example PR](https://github.com/coreos/stream-metadata-rust/pull/16)) +- [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) ([example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213)) - [ ] Update the metadata for the new platform -- [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) - - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) +- [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) ([example PR](https://github.com/coreos/coreos-assembler/pull/2489)) - [ ] Implement required functionality to support new platform -- [ ] [fedora-web](https://pagure.io/fedora-web/websites) - - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) +- [ ] [fedora-web](https://pagure.io/fedora-web/websites) ([example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff)) - [ ] Add platform to `sites/static/js/coreos-download.js` -- [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) - - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) +- [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) ([example PR](https://github.com/coreos/fedora-coreos-browser/pull/35)) - [ ] Add a list element for new platform in `browser/index.html` -- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) - - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) +- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500)) - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact -- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) - - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) +- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) ([example PR](https://github.com/coreos/fedora-coreos-docs/pull/377)) - [ ] Add a `provisioning-<platform>.adoc` that walks through how to setup the new platform - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation From 1f4db02b60f3914b8d12a7af370de4d6f91cd95d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Fri, 10 Mar 2023 16:12:00 -0500 Subject: [PATCH 166/238] templates/implementing-new-platform: updates Mention Ignition, Afterburn, and platforms.yaml. Update the build pipeline step for pipeline changes. --- .../ISSUE_TEMPLATE/implementing-new-platform.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index 58b54d5..a3b3d0c 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -4,6 +4,14 @@ Create PR's addressing the following: +- [ ] [Ignition](https://github.com/coreos/ignition/) ([example PR](https://github.com/coreos/ignition/pull/918)) + - [ ] Add userdata fetch + - [ ] If the platform supports it (unlikely), add userdata deletion +- [ ] [Afterburn](https://github.com/coreos/afterburn/) ([example PR](https://github.com/coreos/afterburn/pull/451)) + - [ ] (Cloud Only) Add relevant attributes + - [ ] (Cloud Only) Add SSH key support if available + - [ ] (Cloud Only) Add hostname support if available + - [ ] (Cloud Only) Add check-in if needed (unlikely) - [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) ([example PR](https://github.com/coreos/stream-metadata-go/pull/45/)) - [ ] Add platform to the `Media` struct in `release/release.go` - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` @@ -13,18 +21,23 @@ Create PR's addressing the following: - [ ] Update the metadata for the new platform - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) ([example PR](https://github.com/coreos/coreos-assembler/pull/2489)) - [ ] Implement required functionality to support new platform +- [ ] [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) + - [ ] Add a stanza to `platforms.yaml` if the system should use a serial console, or both serial and graphical consoles - [ ] [fedora-web](https://pagure.io/fedora-web/websites) ([example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff)) - [ ] Add platform to `sites/static/js/coreos-download.js` - [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) ([example PR](https://github.com/coreos/fedora-coreos-browser/pull/35)) - [ ] Add a list element for new platform in `browser/index.html` -- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500)) - - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact +- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/815)) + - [ ] Add platform to the list found in `config.yaml` for building the new artifact - [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) ([example PR](https://github.com/coreos/fedora-coreos-docs/pull/377)) - [ ] Add a `provisioning-<platform>.adoc` that walks through how to setup the new platform - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation ## At Release +1. Merge upstream changes and put out a release: + - [ ] Ignition + - [ ] Afterburn 1. Merge metadata changes: - [ ] stream-metadata-go - [ ] stream-metadata-rust From 13f217d19eb4cd6dd9eda1bde9431e5173e0eb68 Mon Sep 17 00:00:00 2001 From: gursewak1997 <gursmangat@gmail.com> Date: Fri, 17 Mar 2023 14:43:00 -0700 Subject: [PATCH 167/238] Update kubevirt artifact's format Updating the format for kubevirt artifacts in rationale.yaml and sample.json for streams and releases. --- metadata/release/sample.json | 6 +++--- metadata/stream/rationale.yaml | 7 +++---- metadata/stream/sample.json | 9 ++++----- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index fad5ba1..5de39b8 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -104,10 +104,10 @@ }, "kubevirt": { "artifacts": { - "qcow2.xz": { + "ociarchive": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.ociarchive", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.ociarchive.sig", "sha256": "2accf3a1385b9eb435224bb0e1595f4b3e4344c1cc05b1d2484e163c66f35bca" } } diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 8bcf65f..4a7c2f0 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -90,12 +90,11 @@ architectures: kubevirt: release: 30.1.2.3 formats: - "qcow2.xz": + "ociarchive": disk: - location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz - signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz.sig + location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.ociarchive + signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.ociarchive.sig sha256: 2427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb95 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 58f25ae..47105ad 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -112,12 +112,11 @@ "kubevirt": { "release": "33.20210412.3.0", "formats": { - "qcow2.xz": { + "ociarchive": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz.sig", - "sha256": "6343b99ca70975bd821050f274aa1db0898fb88aae95a79f63d18a2e2a489e26", - "uncompressed-sha256": "744f25cf86927fe4780b57cd75c2d5b979e15336e4c9bd02fe4f71827d820d4c" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.ociarchive", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.ociarchive.sig", + "sha256": "6343b99ca70975bd821050f274aa1db0898fb88aae95a79f63d18a2e2a489e26" } } } From db43d25c5df8d2a674597bb4e4e76091236141b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Tue, 11 Apr 2023 09:59:10 +0200 Subject: [PATCH 168/238] README: Update link to new package request issue See: https://github.com/coreos/fedora-coreos-tracker/pull/1322 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d01c229..db92e0a 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Thus, new package requests are carefully scrutinized to weigh the benefits and drawbacks of adding an additional package. If you would like to propose the inclusion of a new package in the base set of packages, -please file a [new package request](https://github.com/coreos/fedora-coreos-tracker/issues/new?labels=kind/enhancement&template=new-package.md&title=New+Package+Request%3A+%3Cpackage+name%3E). +please file a [new package request](https://github.com/coreos/fedora-coreos-tracker/issues/new/choose). # Releases From 8033a43c945b657e593e8893f79e9db830c0ff97 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Mon, 17 Apr 2023 16:58:43 -0400 Subject: [PATCH 169/238] meeting-people: remove skunkerk Per skunkerk. --- meeting-people.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 216425c..d155e80 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -20,5 +20,4 @@ miabbott nasirhm ravanelli saqali -skunkerk walters From d8fc25040e18dfeef926173fbabac293f61bae85 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 3 May 2023 14:39:45 -0400 Subject: [PATCH 170/238] templates/rebase: Remove 'Disable `branched` stream' section This should have been removed in fd62a94 when a step for this was added to another section. --- .github/ISSUE_TEMPLATE/rebase.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index e8615ad..4fb5eb6 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -85,10 +85,6 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Ship `testing` - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) -### Disable `branched` stream - -- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to remove the `branched` stream in the list of mechanical refs. - ### Untag old packages `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: From 30d09e3b55c55a7f5b16a55c60114a8b6901e50d Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 3 May 2023 14:56:54 -0400 Subject: [PATCH 171/238] templates/rebase: move "Untag old packages" section later This doesn't need to happen until the end which is usually the best place for cleanups anyway. Let's move it later. --- .github/ISSUE_TEMPLATE/rebase.md | 37 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 4fb5eb6..6f9e4ea 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -85,6 +85,24 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Ship `testing` - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) +### Disable `next-devel` stream + +We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. + +- [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` + +### Switch upstream packages to shipping release binaries from Fedora (N) + +- [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). + + +## After Fedora (N) GA + +### Ship rebased `stable` + +- [ ] Ship `stable` +- [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) + ### Untag old packages `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: @@ -142,25 +160,6 @@ cat untaglist | xargs -L50 koji untag-build coreos-pool - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` - -### Disable `next-devel` stream - -We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. - -- [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` - -### Switch upstream packages to shipping release binaries from Fedora (N) - -- [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). - - -## After Fedora (N) GA - -### Ship rebased `stable` - -- [ ] Ship `stable` -- [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) - ### Open ticket for the next Fedora rebase - [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) From 55854e656ff6e880e821d1fd29bae736e654f3a1 Mon Sep 17 00:00:00 2001 From: Quentin Vallin <quentin.vallin@anuvu.com> Date: Mon, 8 May 2023 11:19:04 -0400 Subject: [PATCH 172/238] feat: Adds quentin9696 to notification list --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index d155e80..093c1db 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -18,6 +18,7 @@ jmarrero lorbus miabbott nasirhm +quentin9696[m] ravanelli saqali walters From adb3cfddb345e1c8c8c1cac6f740c980ec9b2c5e Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 22 May 2023 10:14:56 -0400 Subject: [PATCH 173/238] templates/rebase: drop some tagging steps; add comments for clarity I found some of these steps unnecessary, but also needed more context for one problem I ran into during this cycle so I added it here. --- .github/ISSUE_TEMPLATE/rebase.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6f9e4ea..d83cffd 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -132,20 +132,9 @@ podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep - podman rmi quay.io/fedora/fedora-coreos:testing-devel ``` -If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. +If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. -- [ ] For any RPMS still used by `N-1` based FCOS let's remove them from the untaglist. Check by running: -``` -f32key=12c944d0 -key=$f32key -podman run -it --rm quay.io/fedora/fedora-coreos:stable rpm -qai | grep -B 9 $key -podman rmi quay.io/fedora/fedora-coreos:stable -``` - -NOTE: This assumes `stable` is still on `N-1`. - -Remove any entries from the `untaglist` file that are still being used. - [ ] After verifying the list looks good, untag: From ebdfe21b72bad5bacfc981e5834775c81c727097 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 22 May 2023 10:15:58 -0400 Subject: [PATCH 174/238] templates/rebase: add -v to `koji untag-build` This will give you some status updates to the screen while it's running. Otherwise there's not much feedback to the user and you aren't sure if it's working or not. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index d83cffd..a0bd86c 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -140,7 +140,7 @@ If there are any RPMs signed by the old key they'll need to be investigated. May ``` # use xargs so we don't exhaust bash string limit -cat untaglist | xargs -L50 koji untag-build coreos-pool +cat untaglist | xargs -L50 koji untag-build -v coreos-pool ``` - [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. From eb71df4d55cb9c7ca0564b015f2b938068f1a3ac Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 22 May 2023 10:16:52 -0400 Subject: [PATCH 175/238] templates/rebase: additional container update steps - We refactored coreos-cincinnati a bit to look more like the other Apps so let's add steps here for updating it. - Add fedora-ostree-pruner to the list since that's now running in production too. --- .github/ISSUE_TEMPLATE/rebase.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index a0bd86c..6e6cca0 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -169,6 +169,9 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/butane/blob/main/Dockerfile) - [ ] Update fedora-coreos-cincinnati - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-cincinnati/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml) + - [Git Hash Variables (Optional)](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-cincinnati/vars) - [ ] Update config-bot - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/config-bot/Dockerfile) - [ ] Update coreos-koji-tagger @@ -179,3 +182,7 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-ostree-importer/Dockerfile) - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml) - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml) +- [ ] Update fedora-ostree-pruner + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/fedora-ostree-pruner/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml) From 11495a13acaa963590aa4c8860c6b345a1a0de91 Mon Sep 17 00:00:00 2001 From: Guillaume <guillaume@guidon.pro> Date: Wed, 7 Jun 2023 12:04:46 -0400 Subject: [PATCH 176/238] meeting-people: add guidon --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 093c1db..7f175d8 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -8,6 +8,7 @@ anthr76 apiaseck davdunc dustymabe +guidon gursewak jaimelm jbrooks From 79286a93fd0d91db2eb698b40cf0a1dd91d41008 Mon Sep 17 00:00:00 2001 From: sumantrom <sumantrom@localhost.localdomain> Date: Sat, 24 Jun 2023 09:23:20 +0530 Subject: [PATCH 177/238] update version bump --- docs/fedora-coreos-kernel-bisect.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md index 040555b..507d902 100644 --- a/docs/fedora-coreos-kernel-bisect.md +++ b/docs/fedora-coreos-kernel-bisect.md @@ -37,7 +37,7 @@ Here's a summary of what those branches are used for: - `os-build` - The latest bits that track the under development yet to be release kernel. -- `fedora-5.16` +- `fedora-6.3` - Follows a particular released kernel stream. This is where things are merged before they are fed into dist-git. If you want a commit reverted this is where it will land first. @@ -54,7 +54,7 @@ environment directly in the VM. If not you'll probably want to use a container for your kernel builds. Here's how to start up a container: ``` -podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:37 +podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:38 ``` NOTE: try to use the same Fedora Cloud or Fedora container version as From 447ed11f36d6562057e25a534456edfac842e2bf Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 28 Jun 2023 09:07:12 -0400 Subject: [PATCH 178/238] templates/implementing-new-platform: update for website revamp --- .github/ISSUE_TEMPLATE/implementing-new-platform.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index a3b3d0c..fab2e6d 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -23,8 +23,10 @@ Create PR's addressing the following: - [ ] Implement required functionality to support new platform - [ ] [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) - [ ] Add a stanza to `platforms.yaml` if the system should use a serial console, or both serial and graphical consoles -- [ ] [fedora-web](https://pagure.io/fedora-web/websites) ([example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff)) - - [ ] Add platform to `sites/static/js/coreos-download.js` +- [ ] [fedora-websites-3.0](https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/) + - [ ] Add friendly name for platform to `components/utilities/FpDownloadItem.vue` + - [ ] Add artifact to `pages/coreos/download.vue` + - [ ] Possibly add logo to `content/editions/coreos/home.yml` - [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) ([example PR](https://github.com/coreos/fedora-coreos-browser/pull/35)) - [ ] Add a list element for new platform in `browser/index.html` - [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/815)) From 62c8aac92a11bdd14c4fdcdd1ed249d939c4b626 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 28 Jun 2023 09:15:35 -0400 Subject: [PATCH 179/238] templates/implementing-new-platform: manual tagging -> checklists stream-metadata-go and fedora-coreos-stream-generator have release checklists now. Use those instead of providing manual tagging instructions. --- .../implementing-new-platform.md | 27 +++++-------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index fab2e6d..861ad1c 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -46,27 +46,12 @@ Create PR's addressing the following: - [ ] fedora-coreos-tracker - [ ] fedora website - [ ] fedora-coreos-browser -1. Create and push signed tags with appropriate versions - ``` - # Ensure gpg key for signing in github settings that is associated to redhat email. - # Verify you are on the upstream repo's main branch. - - git status - - RELEASE_VER=vx.y.z - # Replace 'x.y.z' with the appropriate numbers. - - git tag -s ${RELEASE_VER} - # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' - - git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} - # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. - # e.g. https://github.com/...repo/tags - ``` - 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. - - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". - - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. - 2. [ ] Tag fedora-coreos-stream-generator following the above steps. +1. Release updated components + - [ ] Create and follow release checklist for [stream-metadata-go](https://github.com/coreos/stream-metadata-go/blob/main/docs/development.md#release-process) + - [ ] Ensure that Dependabot has PRed stream-metadata-go into fedora-coreos-stream-generator and coreos-assembler. Merge the update PRs. + - This can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively, then clicking "Check for updates". + - This might need to be done a few times, as Dependabot might not pick up tag changes for a few attempts after initial tagging. + - [ ] Create and follow release checklist for [fedora-coreos-stream-generator](https://github.com/coreos/fedora-coreos-stream-generator/blob/main/docs/development.md#release-process) 1. Merge the following changes: - [ ] coreos-assembler 1. Wait for updates made to coreos-assembler to be propagated to latest container From d33efd9fa6938521667d038223d3128240ba925e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Wed, 28 Jun 2023 11:43:02 -0400 Subject: [PATCH 180/238] Add Hyper-V metadata Add example metadata for hyperv platform. This supports: * https://github.com/coreos/fedora-coreos-tracker/issues/1411 * https://github.com/coreos/fedora-coreos-tracker/issues/1424 Co-authored-by: Brent Baude <bbaude@redhat.com> --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 5de39b8..4b46161 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -91,6 +91,17 @@ } } }, + "hyperv": { + "artifacts": { + "vhdx.zip": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hyperv.vhdx.zip", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hyperv.vhdx.zip.sig", + "sha256": "a889159d661339e635372b807f0a98bb93c64aabfaf89a801b2f03491488f0ef" + } + } + } + }, "ibmcloud": { "artifacts": { "qcow2.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 4a7c2f0..fb81a66 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -78,6 +78,14 @@ architectures: signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: 96fb92427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c895 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + hyperv: + release: 30.1.2.3 + formats: + "vhdx.zip": + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.vhdx.zip + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.vhdx.zip.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 ibmcloud: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 47105ad..63dc7b6 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -96,6 +96,18 @@ } } }, + "hyperv": { + "release": "33.20210412.3.0", + "formats": { + "vhdx.zip": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.vhdx.zip", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.vhdx.zip.sig", + "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" + } + } + } + }, "ibmcloud": { "release": "33.20210412.3.0", "formats": { From d5b8877ce9e54d740017234e8693080b151ca7c5 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Mon, 17 Jul 2023 23:17:11 -0400 Subject: [PATCH 181/238] meeting-people: add marmijo --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 7f175d8..9e898e5 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -17,6 +17,7 @@ jdoss jlebon jmarrero lorbus +marmijo miabbott nasirhm quentin9696[m] From 607189076246dd5cb8334f18061c09160787aa89 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert <bgilbert@redhat.com> Date: Tue, 1 Aug 2023 16:15:08 -0400 Subject: [PATCH 182/238] templates: add new-feature template Propose a process checklist for implementing a new feature, along with an initial list of potential complications to think about. This may not be universally accepted or widely used. But, I had some process notes sitting around, and maybe they'll be useful as a starting point. --- .github/ISSUE_TEMPLATE/new-feature.md | 59 +++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/new-feature.md diff --git a/.github/ISSUE_TEMPLATE/new-feature.md b/.github/ISSUE_TEMPLATE/new-feature.md new file mode 100644 index 0000000..808e7b6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-feature.md @@ -0,0 +1,59 @@ +--- +name: Implement a feature +about: Propose a design for a new feature +--- + +# Feature proposal + +## Description + +<!-- describe the concept and proposed implementation, in specific detail --> + +## Implementation PRs + +<!-- after PRs are posted, link them here, in a bulleted list so GitHub will show their status --> + +## Did you consider? + +<!-- please expand this list! --> + +- Storage + - [ ] Disk space usage + - [ ] Behavior on 4Kn disks + - [ ] Compatibility with multiple ESPs (Butane `boot_device.mirror`) +- First boot + - [ ] Behavior on first boot vs. second boot + - [ ] initrd networking requirements + - [ ] Reprovisioned systems that reused existing storage devices +- OS update + - [ ] Behavior after an OS rollback + - [ ] Compatibility with old bootloaders +- Architectures + - aarch64 + - [ ] Compatibility with non-UEFI boot + - ppc64le + - [ ] Whether new GRUB directives are supported by petitboot + - s390x + - [ ] Endianness issues + - [ ] Need to rerun `zipl` to update kernel or kargs + - [ ] ECKD/MBR lack of partition labels + - [ ] ECKD maximum partition count +- Implementation + - [ ] How interlocking PRs will be ratcheted into repos + +## Implementation steps + +- [ ] Create tracker ticket with initial design (above) +- [ ] Initial discussion and refinement in the ticket +- [ ] Add `meeting` label +- [ ] Discuss at community meeting +- [ ] Further refinement + - [ ] Post draft [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs/) PR, ideally before doing any implementation, to help identify design problems. +- [ ] Update issue description with final proposal and post a comment saying that you did +- [ ] Verify that rough consensus exists +- [ ] Implement. Post PR links in the section above. In the description of each PR, link to this issue and specify the prerequisites for merging. + - [ ] Add kola test(s) for new feature +- [ ] Land implementation PRs, in order +- [ ] Wait for the functionality to reach FCOS stable +- [ ] Land docs PR +- [ ] Remove any ratcheting glue (e.g. workarounds in coreos-assembler) From bf33033bdc0b226bbd7e45798188130691f4d349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Wed, 9 Aug 2023 18:41:38 +0200 Subject: [PATCH 183/238] README: Add direct IRC webchat link for meetings --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index db92e0a..84429d9 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,8 @@ See [RELEASES.md](RELEASES.md). # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually -happens in `#fedora-meeting-1` on irc.libera.chat and the schedule for the +happens in `#fedora-meeting-1` on irc.libera.chat +([Webchat](https://web.libera.chat/#fedora-meeting-1)) and the schedule for the meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. From 695200b4c1c47a7f51a8b0759f1931b82acb8697 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 11 Aug 2023 22:31:36 -0400 Subject: [PATCH 184/238] docs: updates for kernel bisect docs Every time I run this I come across more to add. --- docs/fedora-coreos-kernel-bisect.md | 50 ++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 4 deletions(-) diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md index 507d902..0742cfc 100644 --- a/docs/fedora-coreos-kernel-bisect.md +++ b/docs/fedora-coreos-kernel-bisect.md @@ -64,7 +64,7 @@ Once inside the VM or container we need to install some software to build the ke ``` sudo dnf update -y && \ -sudo dnf install -y rpm-build rsync 'dnf-command(builddep)' && \ +sudo dnf install -y make rpm-build rsync 'dnf-command(builddep)' && \ sudo dnf builddep -y kernel # reboot here if in a VM ``` @@ -76,7 +76,9 @@ which makes very large files: ``` cd /path/to/kernel/git/ -curl https://src.fedoraproject.org/rpms/kernel/raw/f37/f/kernel-x86_64-fedora.config > .config +RELEASE=f38 # or RELEASE=rawhide +curl "https://src.fedoraproject.org/rpms/kernel/raw/${RELEASE}/f/kernel-x86_64-fedora.config" > .config.fedora +cp .config.fedora .config sed -i 's/CONFIG_DEBUG_KERNEL=y/CONFIG_DEBUG_KERNEL=n/' .config ``` @@ -86,8 +88,10 @@ To build and install the kernel directly on the system (i.e. on Fedora Cloud Bas you can run the following: ``` +# Set make target. See https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel.spec +make_target=bzImage # for x86_64 or vmlinux(ppc64le) or vmlinuz.efi(aarch64) make olddefconfig -make -j$(nproc) bzImage +make -j$(nproc) $make_target make -j$(nproc) modules sudo make modules_install sudo make install @@ -109,7 +113,12 @@ Then run the following script to build and install the kernel: cat build.sh #!/bin/bash set -eux -o pipefail -make -j$(nproc) bzImage +cp .config.fedora .config +sed -i 's/CONFIG_DEBUG_KERNEL=y/CONFIG_DEBUG_KERNEL=n/' .config +# Set make target. See https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel.spec +make_target=bzImage # for x86_64 or vmlinux(ppc64le) or vmlinuz.efi(aarch64) +make olddefconfig +make -j$(nproc) $make_target make -j$(nproc) modules sudo make modules_install sudo make install @@ -127,6 +136,12 @@ sudo rm -vf /boot/initramfs*bisect* /boot/vmlinuz-*bisect* /boot/System.map-*bis sudo rm -rf /lib/modules/*bisect* ``` +Then you can automate with: + +``` +bash clean.sh && bash build.sh +``` + ## 2. Directly Building and Creating an RPM from the Kernel Source git repo In this scenario we're creating an RPM that can either then be package @@ -185,3 +200,30 @@ Jens Axboe <axboe@kernel.dk> linux-block@vger.kernel.org linux-kernel@vger.kernel.org ``` + +## Testing out fixes with Fedora's kernel + +Once you have a proposed fix/patch you can easily build a Fedora kernel RPM by +adding your patch to the [`linux-kernel-test.patch` file](https://docs.fedoraproject.org/en-US/quick-docs/kernel/testing-patches/#_applying_the_patch) +in the [kernel distgit repo](https://src.fedoraproject.org/rpms/kernel). + +After adding your patch you can then use `fedpkg` to build a new +kernel for your target architecture. For example: + +``` +fedpkg scratch-build --srpm --arch=x86_64 +``` + +Once the build is complete you can grab the RPMs using the `koji` CLI: + +``` +koji download-task <task_id> +``` + +Placing these RPMs into the `overrides/rpm` directory and do a new COSA build +will give you a CoreOS build with the patched kernel. + +After the tested patch looks good you can then open a PR to the `fedora-X.Y` +branch in the `kernel-ark` repo. See the above +[Kernel Source git Repos](#kernel-source-git-repos) +section for more details. From 58f95196be9e7806d7967e3153a8436682ce1b68 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 11 Aug 2023 22:38:53 -0400 Subject: [PATCH 185/238] docs: add docs for doing a systemd git bisect --- docs/fedora-coreos-systemd-bisect.md | 66 ++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 docs/fedora-coreos-systemd-bisect.md diff --git a/docs/fedora-coreos-systemd-bisect.md b/docs/fedora-coreos-systemd-bisect.md new file mode 100644 index 0000000..673804a --- /dev/null +++ b/docs/fedora-coreos-systemd-bisect.md @@ -0,0 +1,66 @@ + +# Systemd regressions need bisecting + +Similar to the kernel, systemd is often a core component of our +stack that has regressions that aren't easy to identify just by +inspecting a changelog. + +## Systemd Source git Repos + +There are a few kernel source git repositories to know about: + +- `https://github.com/systemd/systemd.git` + - Where the latest upstream development happens +- `https://github.com/systemd/systemd-stable.git` + - Where stable/LTS tags are handled (backports to stable branches happen here) + +There is also the [Fedora dist-git repo](https://src.fedoraproject.org/rpms/systemd). + +## Creating a Kernel Build Environment + +You can use a container to build systemd from upstream. + +``` +SHARED=/path/to/shared/directory/ +RELEASE=38 +podman run -it --name=systemdbuild -v "${SHARED}:${SHARED}" "registry.fedoraproject.org/fedora:${RELEASE}" +``` + +``` +sudo dnf update -y && \ +sudo dnf install -y make rpm-build rsync 'dnf-command(builddep)' && \ +sudo dnf builddep -y systemd +``` + +We can now make changes to the git repo (revert commits, etc) and run a few +commands to build systemd. If doing a +[`git` bisect](https://www.kernel.org/doc/html/latest/admin-guide/bug-bisect.html) +run the commands needed to start the bisect. + +## Doing the systemd build/test + +To build systemd you can run the following commands. These commands +were adapted from the notes in the +[Systemd README](https://github.com/systemd/systemd/blob/579fbe5b789cbee10546f6274c39be311e71e49c/README#L233-L247). + + +``` +meson setup build/ +``` + +And then the following can be iterated upon for each commit to test: + +``` +export DESTDIR=/path/to/shared/directory/fcos/overrides/rootfs/ +ninja -C build && ninja -C build install +``` + +NOTE: If you run into `permission denied` errors when copying the files around check for SELinux denails. + +Now you can run COSA to build/test. From the COSA directory: + +``` +cosa build && cosa kola run mytest +``` + +Now you can iterate until you find the problematic commit. From 43184b292d45203a80bd1d4405a4aaee2160fea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Mon, 14 Aug 2023 11:43:33 +0200 Subject: [PATCH 186/238] README: Update for Matrix/IRC bridge down --- README.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 84429d9..acdb56e 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,15 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) or [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) +- Chat rooms: + - Matrix: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) + - IRC: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) + - As of 2023-08-06 14UTC, the two rooms are not bridged together anymore thus + writing a message to IRC will not reach Matrix users (and vice versa). Note + that a lot of CoreOS developers have moved to Matrix thus the IRC channel + is likely to get less attention and we recommend joining via Matrix. See + [Matrix to libera.chat (IRC) bridge unavailable](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/). + The meetings still happen on IRC for now. - forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) @@ -63,6 +71,13 @@ happens in `#fedora-meeting-1` on irc.libera.chat meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. +As the +[Matrix/IRC bridge is down](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/), +it is currently not possible to attend the meeting from a Matrix account and +you have to join using IRC. You can use the +[Webchat](https://web.libera.chat/#fedora-meeting-1) to temporarily join the +meeting on IRC. + ## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` From 80d5f824b8d53b3f90821aed514b1435e34e1256 Mon Sep 17 00:00:00 2001 From: Yasmin Valim <ydesouza@redhat.com> Date: Fri, 1 Sep 2023 09:49:45 -0300 Subject: [PATCH 187/238] meeting-people: add ydesouza Add myself in meeting-people.txt file to receive notifications about Fedora CoreOS community meetings --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 9e898e5..39bb15d 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -24,3 +24,4 @@ quentin9696[m] ravanelli saqali walters +ydesouza \ No newline at end of file From 6ec37033deb0f9daeaf0d170359556a855cbbd73 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Thu, 7 Sep 2023 11:54:22 -0400 Subject: [PATCH 188/238] Only mention Matrix channel as chat room We'd like to direct all communications to the Matrix channel going forward, so let's drop mentions of the IRC channel. Related: https://github.com/coreos/fedora-coreos-tracker/issues/1566 --- README.md | 11 ++--------- docs/ci-and-builds.md | 2 +- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index acdb56e..50a1380 100644 --- a/README.md +++ b/README.md @@ -27,15 +27,8 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- Chat rooms: - - Matrix: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) - - IRC: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) - - As of 2023-08-06 14UTC, the two rooms are not bridged together anymore thus - writing a message to IRC will not reach Matrix users (and vice versa). Note - that a lot of CoreOS developers have moved to Matrix thus the IRC channel - is likely to get less attention and we recommend joining via Matrix. See - [Matrix to libera.chat (IRC) bridge unavailable](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/). - The meetings still happen on IRC for now. +- Chat room: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) + - Note that meetings still happen on IRC for now (see below). - forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md index e06f704..de0f206 100644 --- a/docs/ci-and-builds.md +++ b/docs/ci-and-builds.md @@ -51,7 +51,7 @@ Examples: ## quay.io/coreos-assembler namespace -A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on #fedora-coreos IRC. +A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on `#coreos:fedoraproject.org` on Matrix. ### The buildroot container: quay.io/coreos-assembler/fcos-buildroot:testing-devel From f4e9b3a8ee7fe6b20131c9668b9581f1c9e609a3 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Thu, 7 Sep 2023 11:55:39 -0400 Subject: [PATCH 189/238] README: capitalize bullet points in comms section --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 50a1380..eb03fa9 100644 --- a/README.md +++ b/README.md @@ -25,14 +25,14 @@ technologies and produce Fedora CoreOS. # Communication channels for Fedora CoreOS -- main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) -- status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) +- Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) +- Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - Chat room: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) - Note that meetings still happen on IRC for now (see below). -- forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) -- feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) -- website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) -- documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) +- Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) +- Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) +- Website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) +- Documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) - Twitter: [@fedoracoreos](https://twitter.com/fedoracoreos) # Roadmap/Plans From 1297b8d04c851e4128994d6811cf467623d97650 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Thu, 7 Sep 2023 11:57:33 -0400 Subject: [PATCH 190/238] README: link to Fedora's Matrix server --- README.md | 2 +- docs/ci-and-builds.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eb03fa9..75f3f51 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- Chat room: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) +- Chat room: [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) - Note that meetings still happen on IRC for now (see below). - Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md index de0f206..aeffbf0 100644 --- a/docs/ci-and-builds.md +++ b/docs/ci-and-builds.md @@ -51,7 +51,7 @@ Examples: ## quay.io/coreos-assembler namespace -A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on `#coreos:fedoraproject.org` on Matrix. +A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org). ### The buildroot container: quay.io/coreos-assembler/fcos-buildroot:testing-devel From ebef34bc1b011791545457920e0ae535f79fbd66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Mon, 4 Sep 2023 19:08:30 +0200 Subject: [PATCH 191/238] Issue template: Add "emerging platform" template Add a new template that does not include all the steps to generate boot images. We'll use that template for "emerging" platforms where we don't have full support yet. This will help adding new platforms to Fedora CoreOS without imposing an ever increasing burden on our release pipeline and cloud storage by creating more (mostly) duplicated boot images. --- .../implementing-new-emerging-platform.md | 41 +++++++++++++++++++ .../implementing-new-platform.md | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 .github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md diff --git a/.github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md new file mode 100644 index 0000000..de334f4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md @@ -0,0 +1,41 @@ +# Implementing a new emerging platform + +This template is a simplified version of the +[full template](https://github.com/coreos/fedora-coreos-tracker/blob/main/.github/ISSUE_TEMPLATE/implementing-new-platform.md) +that only includes what is strictly needed to get initial support for a new +platform in Fedora CoreOS. This simplified version notably does not include the +steps needed to add new boot images to the release process. + +Platforms added via this process are labelled "emerging" and users will have to +get boot images for them by converting existing images in the right format and +changing the `ignition.platform.id=<platform>` command line parameter. + +This process will be documented using `guestfish` as an example. + +## During Development + +Create PRs addressing the following: + +- [ ] [Ignition](https://github.com/coreos/ignition/) ([example PR](https://github.com/coreos/ignition/pull/918)) + - [ ] Add userdata fetch + - [ ] If the platform supports it (unlikely), add userdata deletion +- [ ] [Afterburn](https://github.com/coreos/afterburn/) ([example PR](https://github.com/coreos/afterburn/pull/451)) + - [ ] (Cloud Only) Add relevant attributes + - [ ] (Cloud Only) Add SSH key support if available + - [ ] (Cloud Only) Add hostname support if available + - [ ] (Cloud Only) Add check-in if needed (unlikely) +- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) ([example PR](https://github.com/coreos/fedora-coreos-docs/pull/377)) + - [ ] Add a `provisioning-<platform>.adoc` that walks through how to setup the new platform + - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation +- [ ] (Optional but recommended) Add support for the platform to [kola](https://github.com/coreos/coreos-assembler) to simplify testing +- Create or ask for a new upstream releases for: + - [ ] Ignition + - [ ] Afterburn +- Wait for new images with updated Ignition and Afterburn to reach stable then + merge documentation with `guestfish` commands: + - [ ] fedora-coreos-docs + +## At Release + +There are no "At Release" steps as we do not produce new boot images for +emerging platforms/ diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index 861ad1c..d297c74 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -2,7 +2,7 @@ ## During Development -Create PR's addressing the following: +Create PRs addressing the following: - [ ] [Ignition](https://github.com/coreos/ignition/) ([example PR](https://github.com/coreos/ignition/pull/918)) - [ ] Add userdata fetch From 71b7807c2fa24018da87868864809d2ea78f42a2 Mon Sep 17 00:00:00 2001 From: Steven Presti <spresti@redhat.com> Date: Wed, 4 Oct 2023 16:57:41 -0400 Subject: [PATCH 192/238] readme: update meeting notes With the addition of the new repo for creating dynamic fcos meeting checklists, update readme to mention its location, and make old meeting notes legacy, and minimized. --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 75f3f51..38b4355 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,14 @@ meeting on IRC. ## Steps to run the meeting +The fedora meeting host can follow the guide which is curated by the [fcos-meeting-action](https://github.com/coreos/fcos-meeting-action) repo. +Every Wednesday a new checklist will be available in the form of a issue in the fcos-meeting-action repo, which can be used to run the meeting. + +If the action meeting repo is not available for some reason, the host can follow the below steps to run the meeting. +<details> +<summary>Legacy Meeting steps</summary> +## Steps to run the meeting + - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat - `bash meeting-people.txt` @@ -134,6 +142,7 @@ Log: <URL to meetbot .log.html> <Copy/paste content of meetbot .txt> ``` +</details> # Voting From 45030379f317e704868f22f0d0b8ed1093e5ecae Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Fri, 3 Nov 2023 09:41:37 -0400 Subject: [PATCH 193/238] templates/rebase: document adding/removing `fedora-candidate-compose` repo This is a repo that we only want during the Beta period. Make sure we remove it otherwise. Closes: #1602 --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6e6cca0..0aad580 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -51,6 +51,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` - [ ] Bump `releasever` in `manifest.yaml` +- [ ] Add the `fedora-candidate-compose` repo in `manifest.yaml` ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2706)) - [ ] Update the repos in `manifest.yaml` if needed - [ ] Run `cosa fetch --dry-run --update-lockfile` - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. @@ -95,6 +96,9 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). +### Disable the `fedora-candidate-compose` repo + +- [ ] Remove from the `manifest.yaml` of `next-devel` the `fedora-candidate-compose` repo ## After Fedora (N) GA From ef2261863e904688e41ca751f2b8b097b4ddafea Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Fri, 3 Nov 2023 09:46:21 -0400 Subject: [PATCH 194/238] templates/rebase: document final `next` release before GA This is what we do in practice but it wasn't documented. --- .github/ISSUE_TEMPLATE/rebase.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 0aad580..599c53f 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -70,6 +70,12 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ## Preparing for Fedora (N) GA +### Ship a final `next` release + +If the packages in `next-devel` don't exactly match the last `next` release that was done, we need to do a release with the final GA content. This ensures that what we'll promote to `testing` has the exact content in GA (plus version fast-tracks). This usually happens on the Thursday of the announcement of Go. + +- [ ] Ensure final `next` release has GA content + ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` - [ ] Bump `releasever` in `manifest.yaml` From d7d4db53e22c3a4b203b4e2e5e8b4f5bb050a5b4 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Fri, 3 Nov 2023 13:59:47 -0400 Subject: [PATCH 195/238] templates/rebase: mention that testing GA release is promoted from next --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 599c53f..9abcafd 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -89,7 +89,7 @@ If the packages in `next-devel` don't exactly match the last `next` release that ### Ship rebased `testing` -- [ ] Ship `testing` +- [ ] Ship `testing`; promote it from the `next` branch instead of `testing-devel` - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Disable `next-devel` stream From 5f1d0ebc551ac8306968875ad91f87523d9b4cba Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Fri, 3 Nov 2023 14:01:44 -0400 Subject: [PATCH 196/238] templates/rebase: clarify `testing` release staging Make a separate step for staging the `testing` build and releasing it since that's what we actually do in practice. --- .github/ISSUE_TEMPLATE/rebase.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 9abcafd..ee3fb56 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -70,12 +70,18 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ## Preparing for Fedora (N) GA +Do these steps as soon as we have a Go confirmation for GA, usually the Thursday of the week before GA. + ### Ship a final `next` release If the packages in `next-devel` don't exactly match the last `next` release that was done, we need to do a release with the final GA content. This ensures that what we'll promote to `testing` has the exact content in GA (plus version fast-tracks). This usually happens on the Thursday of the announcement of Go. - [ ] Ensure final `next` release has GA content +### Build rebased `testing` + +- [ ] Build `testing`; promote it from the `next` branch instead of `testing-devel`. Don't release it yet (i.e. don't run the `release` job). + ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` - [ ] Bump `releasever` in `manifest.yaml` @@ -87,12 +93,14 @@ If the packages in `next-devel` don't exactly match the last `next` release that ## At Fedora (N) GA -### Ship rebased `testing` +Do these steps on GA day. + +### Release rebased `testing` -- [ ] Ship `testing`; promote it from the `next` branch instead of `testing-devel` +- [ ] Run the `release` job and start rollout. - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) -### Disable `next-devel` stream +### Disable `next-devel` stream if not needed We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. From 7e2ec97cd86962539c099668cd1c744d43ba818a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Mon, 6 Nov 2023 15:18:28 -0500 Subject: [PATCH 197/238] templates/rebase: mention the final stable N-1 release Reflects reality, as described in https://github.com/coreos/fedora-coreos-tracker/blob/main/Design.md#major-fedora-version-rebases --- .github/ISSUE_TEMPLATE/rebase.md | 7 ++++--- Design.md | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ee3fb56..7475c41 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -78,8 +78,9 @@ If the packages in `next-devel` don't exactly match the last `next` release that - [ ] Ensure final `next` release has GA content -### Build rebased `testing` +### Build rebased `testing` and final `stable` release on N-1 +- [ ] Build `stable`; promote it from the `testing` branch, which should still be on N-1. Don't release it yet (i.e. don't run the `release` job). - [ ] Build `testing`; promote it from the `next` branch instead of `testing-devel`. Don't release it yet (i.e. don't run the `release` job). ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` @@ -95,9 +96,9 @@ If the packages in `next-devel` don't exactly match the last `next` release that Do these steps on GA day. -### Release rebased `testing` +### Release rebased `testing` and final `stable` release on N-1 -- [ ] Run the `release` job and start rollout. +- [ ] Run the `release` job for the staged `testing` and `stable` builds and start rollout. - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Disable `next-devel` stream if not needed diff --git a/Design.md b/Design.md index af85d0c..71add3d 100644 --- a/Design.md +++ b/Design.md @@ -87,6 +87,7 @@ The release process integrates with Fedora's release milestones in the following - Week -1 (Fedora "Go" Decision): `next` release: - `next` release with final Fedora GA content - Week 0 (GA release): triple release: + - `stable` release promoted from previous `testing` (on N-1) - `testing` release promoted from previous `next` - `next` release contains latest Fedora N content, including Bodhi updates - Week 2: triple release: From 7d03050619949f7fc4e9e826fe63720e4db292ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Wed, 22 Nov 2023 19:17:01 +0100 Subject: [PATCH 198/238] README: Update for Matrix based meetings Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/1616 --- README.md | 50 +++++++++++++++++++++++----------------------- meeting-people.txt | 4 ++-- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 38b4355..c80bfda 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ technologies and produce Fedora CoreOS. - Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - Chat room: [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) - - Note that meetings still happen on IRC for now (see below). - Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - Website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) @@ -59,17 +58,16 @@ See [RELEASES.md](RELEASES.md). # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually -happens in `#fedora-meeting-1` on irc.libera.chat -([Webchat](https://web.libera.chat/#fedora-meeting-1)) and the schedule for the -meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ -Currently, meetings are at `16:30 UTC` on Wednesdays. +happens in +[#meeting-1:fedoraproject.org](https://matrix.to/#/#meeting-1:fedoraproject.org) +on Matrix and the schedule for the meeting can be found here: +https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 +UTC` on Wednesdays. As the [Matrix/IRC bridge is down](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/), -it is currently not possible to attend the meeting from a Matrix account and -you have to join using IRC. You can use the -[Webchat](https://web.libera.chat/#fedora-meeting-1) to temporarily join the -meeting on IRC. +it is currently not possible to attend the meeting from IRC and you have to +join using Matrix. ## Steps to run the meeting @@ -84,47 +82,49 @@ If the action meeting repo is not available for some reason, the host can follow - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat - `bash meeting-people.txt` - - copy lines of output and paste into `#fedora-coreos` channel -- Navigate to `#fedora-meeting-1` on libera.chat -- Type `#startmeeting fedora_coreos_meeting` -- `#topic roll call` + - copy lines of output and paste into + [`#coreos:fedoraproject.org`](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) + on Matrix +- Navigate to + [`#meeting-1:fedoraproject.org`](https://matrix.to/#/#meeting-1:fedoraproject.org) + on Matrix +- Type: + - `!startmeeting fedora_coreos_meeting` + - `!topic roll call` Wait for 2-4 minutes for people to check in for the roll call. -- `#chair` all the people present for the meeting -- `#topic Action items from last meeting` +- `!topic Action items from last meeting` -Find the last meeting log from -[meetbot](https://meetbot-raw.fedoraproject.org/teams/fedora_coreos_meeting) -and post the action items in the meeting for people to -update the status of. +Find the last meeting log from [meetbot](https://meetbot.fedoraproject.org/) +and post the action items in the meeting for people to update the status of. - After they are done move to each `meeting` ticket from [this tracker](https://github.com/coreos/fedora-coreos-tracker/labels/meeting) Do the following for each ticket -- `#topic` Ticket subject -- `#link` link\_to\_the\_ticket +- `!topic` Ticket subject +- `!link <link_to_the_ticket>` During the meeting, you can give people action items for them to complete: -- `#action <nickname>` description of what needs to be done +- `!action <nickname>` description of what needs to be done When all topics are over, go for open floor: -- `#topic Open Floor` +- `!topic Open Floor` After open floor, end the meeting. -- `#endmeeting` +- `!endmeeting` Then, when convenient: - Remove `meeting` labels from [tickets that were discussed](https://github.com/coreos/fedora-coreos-tracker/labels/meeting) - Send an email to [coreos@lists.fedoraproject.org](mailto:coreos@lists.fedoraproject.org) with the -details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/sresults/?group_id=fedora_coreos_meeting&type=team). +details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/). Minutes in textual format are directly available using `.txt` as URL extension. It's easiest to get the Minutes/Minutes (text)/Log URLs by copying the footer that Meetbot prints after `#endmeeting`. You can see examples in the diff --git a/meeting-people.txt b/meeting-people.txt index 39bb15d..0de0a31 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,6 +1,6 @@ # List of people to ping before the Fedora CoreOS community meetings. # Please keep this list in alphabetical order. -tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" +tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #meeting-1:fedoraproject.org' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 aaradhak @@ -24,4 +24,4 @@ quentin9696[m] ravanelli saqali walters -ydesouza \ No newline at end of file +ydesouza From 97c9a3e3144de7e1f0d3a93bc809d8b55232b4af Mon Sep 17 00:00:00 2001 From: Brent Baude <bbaude@redhat.com> Date: Wed, 16 Aug 2023 14:23:51 +0000 Subject: [PATCH 199/238] Update FCOS stream metadata for Apple Hypervisor Add new platform (applehv) for the Apple Hypervisor which uses the raw disk format. See coreos/fedora-coreos-tracker#1533 and coreos/fedora-coreos-tracker#1548 Signed-off-by: Brent Baude <bbaude@redhat.com> --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 4b46161..78ee2fa 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -36,6 +36,17 @@ } } }, + "applehv": { + "artifacts": { + "raw.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-applehv.raw.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-applehv.raw.gz.sig", + "sha256": "a889159d661339e635372b807f0a98bb93c64aabfaf89a801b2f03491488f0ef" + } + } + } + }, "azure": { "artifacts": { "vhd.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index fb81a66..90535d2 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -21,6 +21,14 @@ architectures: signature: https://artifacts.example.com/g0xah6aenvaaVosh.qcow2.xz.sig sha256: 149afbf4c8996fb92427ae3b0c44298fc1ce41e4649b934ca495991b7852b855 uncompressed-sha256: d02d5ac0f2a2789602e9df950c38acb15380d2799b4bdb59394e4eeabdd3a662 + applehv: + release: 30.1.2.3 + formats: + "raw.gz": + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.gz + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.gz.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 aws: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 63dc7b6..a00f325 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -20,6 +20,18 @@ } } }, + "applehv": { + "release": "33.20210412.3.0", + "formats": { + "raw.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-applehv.x86_64.raw.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.raw.gz.sig", + "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" + } + } + } + }, "aws": { "release": "33.20210412.3.0", "formats": { From fe29ffc877c504482dc9bd6e17a1ed9a79eeb628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Wed, 29 Nov 2023 10:37:57 +0100 Subject: [PATCH 200/238] README: Matrix to Libera Chat bridge shutdown --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c80bfda..bcdbc5a 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,8 @@ https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. As the -[Matrix/IRC bridge is down](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/), -it is currently not possible to attend the meeting from IRC and you have to -join using Matrix. +[Matrix bridge to Libera Chat is shutdown](https://matrix.org/blog/2023/11/28/shutting-down-bridge-to-libera-chat/), +you can not attend the meeting from IRC and you have to join using Matrix. ## Steps to run the meeting @@ -75,9 +74,9 @@ The fedora meeting host can follow the guide which is curated by the [fcos-meeti Every Wednesday a new checklist will be available in the form of a issue in the fcos-meeting-action repo, which can be used to run the meeting. If the action meeting repo is not available for some reason, the host can follow the below steps to run the meeting. + <details> <summary>Legacy Meeting steps</summary> -## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat From a107f0385cdb734a056f86ff9ee6857dca75f60b Mon Sep 17 00:00:00 2001 From: jbtrystram <jbtrystram@redhat.com> Date: Fri, 9 Feb 2024 11:20:52 +0100 Subject: [PATCH 201/238] Add jbtrystram to meeting people list --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 0de0a31..9458ac7 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -12,6 +12,7 @@ guidon gursewak jaimelm jbrooks +jbtrystram jcajka jdoss jlebon From 08665f0533ec7a42ed4d140604747a6baaf7389f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr> Date: Tue, 13 Feb 2024 18:16:18 +0100 Subject: [PATCH 202/238] README: Link meeting time to a dynamic time website --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bcdbc5a..95d3ccd 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,8 @@ The Fedora CoreOS Working Group has a weekly meeting. The meeting usually happens in [#meeting-1:fedoraproject.org](https://matrix.to/#/#meeting-1:fedoraproject.org) on Matrix and the schedule for the meeting can be found here: -https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 -UTC` on Wednesdays. +https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at +[`16:30 UTC`](https://time.is/16:30+UTC) on Wednesdays. As the [Matrix bridge to Libera Chat is shutdown](https://matrix.org/blog/2023/11/28/shutting-down-bridge-to-libera-chat/), From bfda76b8c387397d96edbd52e264b15149b984e6 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon <jonathan@jlebon.com> Date: Tue, 20 Feb 2024 10:06:59 -0500 Subject: [PATCH 203/238] template/rebase: add a bunch more example PR links This will help people going through this see what the change should look like. --- .github/ISSUE_TEMPLATE/rebase.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 7475c41..5398429 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -36,15 +36,16 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). - [ ] Drop the signing key for the obsolete stable release (N-2). +Example PR: https://github.com/coreos/coreos-installer/pull/1113 + ### Update `rawhide` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever. +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2855)) ### Enable `branched` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever. -- [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition. - +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2549)) +- [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/904)) ## At Fedora (N) Beta From e787b3e7aaf6682f3512e55a89a192cc4c971296 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Tue, 20 Feb 2024 10:53:04 -0700 Subject: [PATCH 204/238] template/rebase: add more info about updating signing keys Add some useful links to locate the Fedora (N+1) signing keys to assist with this step in the future. --- .github/ISSUE_TEMPLATE/rebase.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5398429..c0884c1 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -34,6 +34,8 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### coreos-installer changes - [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). + - The current set of trusted signing keys is available at https://fedoraproject.org/security/. + - If the Fedora (N+1) signing key isn't available yet at that site, you can also get it from https://src.fedoraproject.org/rpms/fedora-repos/tree/rawhide. - [ ] Drop the signing key for the obsolete stable release (N-2). Example PR: https://github.com/coreos/coreos-installer/pull/1113 From a8bb54fb4cc5a0f58b64df4c304fb49bb3c05d69 Mon Sep 17 00:00:00 2001 From: Jason Brooks <jbrooks@redhat.com> Date: Wed, 17 Apr 2024 09:20:14 -0700 Subject: [PATCH 205/238] Update meeting-people.txt to use Matrix usernames --- meeting-people.txt | 41 ++++++++++++++++++----------------------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index 9458ac7..f830984 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -3,26 +3,21 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #meeting-1:fedoraproject.org' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 -aaradhak -anthr76 -apiaseck -davdunc -dustymabe -guidon -gursewak -jaimelm -jbrooks -jbtrystram -jcajka -jdoss -jlebon -jmarrero -lorbus -marmijo -miabbott -nasirhm -quentin9696[m] -ravanelli -saqali -walters -ydesouza +@aaradhak:matrix.org +@apiaseck:matrix.org +@davdunc:fedora.im +@dustymabe:matrix.org +@guidon:guidon.ems.host +@gurssing:matrix.org +@jaimelm:fedora.im +@jbrooks:matrix.org +@jdoss:fedora.im +@jlebon:fedora.im +@jmarrero:matrix.org +@lorbus:matrix.org +@marmijo:fedora.im +@miabbott:fedora.im +@quentin9696:matrix.org +@ravanelli:fedora.im +@walters:fedora.im +@ydesouza:fedora.im From 0a303d0dc82fcbac4c9cac17549abdab68426b1e Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Thu, 18 Apr 2024 09:27:18 -0400 Subject: [PATCH 206/238] Remove command from meeting-people.txt We are automating this now with https://github.com/coreos/fcos-meeting-action/pull/83 so we have no need for the instructions. --- meeting-people.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index f830984..cc109cf 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,8 +1,5 @@ # List of people to ping before the Fedora CoreOS community meetings. # Please keep this list in alphabetical order. -tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #meeting-1:fedoraproject.org' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" -exit 0 - @aaradhak:matrix.org @apiaseck:matrix.org @davdunc:fedora.im From 144378b918663f4f9f135a53b65cafe08a83ad5f Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Tue, 23 Apr 2024 16:09:18 -0400 Subject: [PATCH 207/238] templates/rebase: Add Communications Tracker to rebase template --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index c0884c1..c052d93 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -7,6 +7,7 @@ - [ ] Fedora Changes Considerations ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1222)) - [ ] Package Additions/Removals ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1221)) - [ ] Test Week ([template](https://github.com/coreos/fedora-coreos-tracker/issues/new?template=test-week.md&title=tracker:+FN+Test+Week)) +- [ ] Communications Tracker ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1655)) ## At Branching From b38adf28b17541bf85fb8a0420d7be78f2a6ba32 Mon Sep 17 00:00:00 2001 From: jbtrystram <jbtrystram@redhat.com> Date: Wed, 24 Apr 2024 17:19:00 +0200 Subject: [PATCH 208/238] Rebase checklist: add Containerfiles for kola containers Since we moved some containers that kola relied on to the coreOS pipeline, let's update the base image as well --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index c0884c1..8a398ed 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -183,6 +183,7 @@ These are various containers in use throughout our ecosystem. We should update o - [ ] Update coreos-assembler or open ticket to update: - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) + - [Dockerfiles for kola test containers](https://github.com/coreos/coreos-assembler/tree/main/tests/containers) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From 0cc6db6ecdf6960f931114c0d4df8aaa32cffa54 Mon Sep 17 00:00:00 2001 From: jbtrystram <jbtrystram@redhat.com> Date: Wed, 15 May 2024 18:22:40 +0200 Subject: [PATCH 209/238] add jbtrystram to meeting people --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index cc109cf..487970e 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -7,6 +7,7 @@ @guidon:guidon.ems.host @gurssing:matrix.org @jaimelm:fedora.im +@jbtrystram:matrix.org @jbrooks:matrix.org @jdoss:fedora.im @jlebon:fedora.im From 4bf4d832f130d5edefd3694ead67eb209652fcc9 Mon Sep 17 00:00:00 2001 From: jbtrystram <jbtrystram@redhat.com> Date: Wed, 22 May 2024 10:45:44 +0200 Subject: [PATCH 210/238] Docs: scrub bodhi-updates references We are not using the bodhi-updates streams, remove it from the docs See https://github.com/coreos/fedora-coreos-tracker/issues/1734 --- Design.md | 12 ++++-------- stream-tooling.md | 8 ++------ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/Design.md b/Design.md index 71add3d..c458776 100644 --- a/Design.md +++ b/Design.md @@ -18,7 +18,7 @@ conclusion should be summarized here with a link to the issue. ## OSTree Delivery Format -- Originally discussed in issue [#23](https://github.com/coreos/fedora-coreos-tracker/issues/23). +- Originally discussed in issue [#23](https://github.com/coreos/fedora-coreos-tracker/issues/23). ### Summary: @@ -29,7 +29,7 @@ end user systems: repo) on a server and fetched via HTTP requests. - rojig: uses a special rojig RPM and re-assembles OSTree commit from RPMs already on mirrors. -- OCI: OSTree commits are packaged up in OCI container images and delivered +- OCI: OSTree commits are packaged up in OCI container images and delivered via a container registry. Currently the plan in Fedora CoreOS is to deliver content via a plain @@ -102,7 +102,7 @@ Because production refs are unversioned, users will seamlessly upgrade between F ## Disk Layout -- Originally discussed in issue [#18](https://github.com/coreos/fedora-coreos-tracker/issues/18). +- Originally discussed in issue [#18](https://github.com/coreos/fedora-coreos-tracker/issues/18). See also [dustymabe's comment](https://github.com/coreos/fedora-coreos-tracker/issues/18#issuecomment-409668929) summarizing the discussion in the FCOS meeting. - Filesystem details were discussed in [#33](https://github.com/coreos/fedora-coreos-tracker/issues/33). @@ -228,7 +228,7 @@ Originally discussed in [#71](https://github.com/coreos/fedora-coreos-tracker/is Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68). - OpenStack environments do not require a cloud agent -- We will provide any base level of functionality with ignition and coreos-metadata +- We will provide any base level of functionality with ignition and coreos-metadata ### Packet: @@ -345,8 +345,6 @@ next-devel | 10 testing-devel | 20 rawhide | 91 branched | 92 -bodhi-updates-testing | 93 -bodhi-updates | 94 For developer builds (those not produced by the official pipeline), Z is always `dev`. @@ -365,8 +363,6 @@ next-devel | 31.20191018.10.10 | 11th build of the day testing-devel | 31.20191018.20.0 | rawhide | 33.20191018.91.0 | F33-based, first build of the day branched | 32.20191018.92.0 | -bodhi-updates-testing | 31.20191018.93.0 | -bodhi-updates | 31.20191018.94.0 | (any developer build) | 31.20191018.dev.2 | Third build of the day We are not committing to this version scheme indefinitely, and may change it in future if it proves unworkable. A new Fedora major release (X bump) would be a good time to make such a change. We don't intend Fedora CoreOS version numbers to be parsed by machine; they're meant to help humans quickly determine the salient properties of a release. diff --git a/stream-tooling.md b/stream-tooling.md index c0e1a06..f8455b8 100644 --- a/stream-tooling.md +++ b/stream-tooling.md @@ -13,8 +13,6 @@ FCOS will have multiple streams: | Development | next-devel | annex | | Mechanical | rawhide | annex | | Mechanical | branched | annex | -| Mechanical | bodhi-updates | annex | -| Mechanical | bodhi-updates-testing | annex | Development and mechanical streams are subject to change. @@ -32,8 +30,6 @@ We need a way to both (1) fix the content set for a particular stream release, a **Mechanical** streams are not curated; they're automated nightly snapshots of the underlying repos. They source their RPMs from the regular Fedora repos (using 30 here to mean `$currentrelease`): 1. **rawhide** <- f32 2. **branched** <- f31 when a branch exists, otherwise tracks **rawhide** -3. **bodhi-updates** <- f30-stable + f30-updates -4. **bodhi-updates-testing** <- f30-stable + f30-updates + f30-updates-testing **Production** streams are intended for production use. They source their RPMs from a _single_ Koji tag, `coreos-pool`, from which we create a yum repo: 1. **next** <- coreos-pool @@ -52,7 +48,7 @@ There is also a second Koji tag, `coreos-release`, for packages which have been We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no main branch. -For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The {bodhi-updates, branched} lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. +For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The branched lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. The lockfiles produced from the automatic snapshot will never be hand-modified, and in the next/testing/stable branches will never be modified at all except during promotions. Instead, pins (to older NEVRAs) and updates (to newer ones) will be hand-maintained in the Git branches in a separate lockfile that overrides the autogenerated ones. These overrides will be the major distinction between the mechanical refs and the "curated" (development/production) refs. Each curated branch will have one override file, which can carry both CPU-architecture-independent and architecture-specific overrides. @@ -74,7 +70,7 @@ Update the development treefile as usual. On the next bot push, the lockfile wil To focus development effort, there will be one base treefile shared across all branches, whose canonical copy will live in the testing-devel branch. Changes will automatically be mirrored to next-devel and to the mechanical branches. To address divergence across Fedora releases, each branch will also have an overlay treefile (possibly empty): -- **testing-devel** -> automatically mirrored to bodhi-updates and bodhi-updates-testing +- **testing-devel** - **next-devel** -> automatically mirrored to branched - **rawhide** From 00c926f749414cc97c5f77680c1897261796e305 Mon Sep 17 00:00:00 2001 From: Guspan Tanadi <36249910+guspan-tanadi@users.noreply.github.com> Date: Wed, 26 Jun 2024 10:33:25 +0700 Subject: [PATCH 211/238] metadata/README: drop dead link to meta translator This was merged into cosa a while ago. --- metadata/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata/README.md b/metadata/README.md index 495495d..8fd7f1d 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -80,4 +80,3 @@ RPMs and our configuration into images and ostree commits. Projects: - https://github.com/coreos/coreos-assembler - - https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-meta-translator/trans.py From 360a8794aad543b62aadbbfe54d39842f10420b5 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Wed, 17 Jul 2024 16:00:46 -0600 Subject: [PATCH 212/238] templates/rebase: add rhcos extensions container update step Add a step to update the Fedora version in the RHCOS extensions container Dockerfile. --- .github/ISSUE_TEMPLATE/rebase.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 7f9a055..ab8526f 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -210,3 +210,5 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/fedora-ostree-pruner/Dockerfile) - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml) - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml) +- [ ] Update RHCOS extensions container + - [Dockerfile](https://github.com/openshift/os/blob/master/extensions/Dockerfile) From 7e830244b0af64f29011703aaa96835612a37a9b Mon Sep 17 00:00:00 2001 From: Yves Siegrist <yves@siegrist.io> Date: Sat, 20 Jul 2024 15:27:23 +0200 Subject: [PATCH 213/238] Add yves:siegrist.io to be notified when meetings happen --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 487970e..4f67fbf 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -19,3 +19,4 @@ @ravanelli:fedora.im @walters:fedora.im @ydesouza:fedora.im +@yves:siegrist.io From 4720d447d7a654b900fe295e2a3a25c07b4f8014 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 6 Dec 2024 12:16:19 -0500 Subject: [PATCH 214/238] add container bump step to rebase tracker This will ensure our test containers that get used are updated to latest Fedora N regularly. --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ab8526f..4434ea7 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -93,6 +93,7 @@ If the packages in `next-devel` don't exactly match the last `next` release that - [ ] Update the repos in `manifest.yaml` if needed - [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` +- [ ] Bump the Fedora version for the test containers in `tests/kola/data/commonlib.sh` - [ ] PR the result From 8166d2249f5f41fe859b3c5af3c7a2c71f60ae74 Mon Sep 17 00:00:00 2001 From: bri <284789+b-@users.noreply.github.com> Date: Wed, 5 Feb 2025 21:51:44 -0500 Subject: [PATCH 215/238] Add @bri:transfem.dev to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 4f67fbf..b24358c 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -2,6 +2,7 @@ # Please keep this list in alphabetical order. @aaradhak:matrix.org @apiaseck:matrix.org +@bri:transfem.dev @davdunc:fedora.im @dustymabe:matrix.org @guidon:guidon.ems.host From d3934516bd2ce919911e59d4de177fa426658be5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 12 Feb 2025 09:55:02 -0500 Subject: [PATCH 216/238] metadata: fix applehv example Copy/Paste left hyperv in the entry for applehv. --- metadata/stream/sample.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index a00f325..23c6665 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -26,7 +26,7 @@ "raw.gz": { "disk": { "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-applehv.x86_64.raw.gz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.raw.gz.sig", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-applehv.x86_64.raw.gz.sig", "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" } } From 2728cdce2db60d1adc0a877ffb9183de5a7244f8 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 12 Feb 2025 09:57:09 -0500 Subject: [PATCH 217/238] metadata: add examples for hetzner https://github.com/coreos/fedora-coreos-tracker/issues/1874 --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 78ee2fa..ac02a1c 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -102,6 +102,17 @@ } } }, + "hetzner": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hetzner.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hetzner.raw.xz.sig", + "sha256": "a889159d661339e635372b807f0a98bb93c64aabfaf89a801b2f03491488f0ef" + } + } + } + }, "hyperv": { "artifacts": { "vhdx.zip": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 90535d2..4f61dab 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -86,6 +86,14 @@ architectures: signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: 96fb92427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c895 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + hetzner: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.xz + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.xz.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 hyperv: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 23c6665..7eafcf9 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -108,6 +108,18 @@ } } }, + "hetzner": { + "release": "33.20210412.3.0", + "formats": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hetzner.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hetzner.x86_64.raw.xz.sig", + "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" + } + } + } + }, "hyperv": { "release": "33.20210412.3.0", "formats": { From a5092b82bb2382dd6305fb2449fec518b7f2d2bd Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Wed, 2 Apr 2025 09:27:04 -0400 Subject: [PATCH 218/238] templates/rebase: add a few more steps for COSA update --- .github/ISSUE_TEMPLATE/implementing-new-platform.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index d297c74..4ede3f2 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -20,7 +20,8 @@ Create PRs addressing the following: - [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) ([example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213)) - [ ] Update the metadata for the new platform - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) ([example PR](https://github.com/coreos/coreos-assembler/pull/2489)) - - [ ] Implement required functionality to support new platform + - [ ] Updated `cmd-generate-release-meta` + - [ ] `cosa osbuild <platform>` works - [ ] [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) - [ ] Add a stanza to `platforms.yaml` if the system should use a serial console, or both serial and graphical consoles - [ ] [fedora-websites-3.0](https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/) From 2a7e6dab83f162e4f9c0c127eaaebd77c3641db8 Mon Sep 17 00:00:00 2001 From: Tiago Bueno <49003339+tlbueno@users.noreply.github.com> Date: Wed, 9 Apr 2025 14:08:41 -0300 Subject: [PATCH 219/238] Add @tlbueno:fedora.im to meeting-people.txt Signed-off-by: Tiago Bueno <49003339+tlbueno@users.noreply.github.com> --- meeting-people.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index b24358c..652c440 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -8,8 +8,8 @@ @guidon:guidon.ems.host @gurssing:matrix.org @jaimelm:fedora.im -@jbtrystram:matrix.org @jbrooks:matrix.org +@jbtrystram:matrix.org @jdoss:fedora.im @jlebon:fedora.im @jmarrero:matrix.org @@ -18,6 +18,7 @@ @miabbott:fedora.im @quentin9696:matrix.org @ravanelli:fedora.im +@tlbueno:fedora.im @walters:fedora.im @ydesouza:fedora.im -@yves:siegrist.io +@yves:siegrist.io \ No newline at end of file From 7f43ba627071750abe9552c3911c8874e4c554f3 Mon Sep 17 00:00:00 2001 From: Bipin B Narayan <bbnaraya@redhat.com> Date: Thu, 8 May 2025 13:43:53 +0530 Subject: [PATCH 220/238] Add Bipin to CoreOS meeting notification list --- meeting-people.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 652c440..be3e97c 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -21,4 +21,5 @@ @tlbueno:fedora.im @walters:fedora.im @ydesouza:fedora.im -@yves:siegrist.io \ No newline at end of file +@yves:siegrist.io +@bipinbn:fedora.im From 8c5a98b0fb242003f989ade860d49ab333bdcdc5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Mon, 12 May 2025 17:08:43 -0400 Subject: [PATCH 221/238] add info on how to view metrics And also generate charts using a tool called sqlitevis. --- README.md | 20 + metrics/README.md | 2 + metrics/fcos-sqlitevis.json | 711 ++++++++++++++++++++++++++++++++++++ 3 files changed, 733 insertions(+) create mode 100644 metrics/README.md create mode 100644 metrics/fcos-sqlitevis.json diff --git a/README.md b/README.md index 95d3ccd..3d8a930 100644 --- a/README.md +++ b/README.md @@ -177,3 +177,23 @@ Working days: non-holiday weekdays. Relevant holidays are the national holidays # Working Group Members and Points of Contact Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt). + +# Metrics + +To view CountME stats you can use a tool called +[sqlitevis](https://sqliteviz.com/) to view the +CountME database and make graphs. This can easily be done with a +single URL but due to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) +you have to run your browser in a specific mode to allow the +application to download the database and the inquiries file: + +``` +chromium-browser --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +# OR +google-chrome-stable --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +``` + +Now navigate to +[this](https://sqliteviz.com/app/#/load?data_url=https%3A%2F%2Fdata-analysis.fedoraproject.org%2Fcsv-reports%2Fcountme%2Ftotals-countme.db&data_format=sqlite&inquiry_url=https%3A%2F%2Fraw.githubusercontent.com%2Fcoreos%2Ffedora-coreos-tracker%2Frefs%2Fheads%2Fmain%2Fmetrics%2Ffcos-sqlitevis.json) +URL in the browser and it should autoload the database and the inquiries. This +URL was generated from the [sqlitevis docs](https://sqliteviz.com/docs/sharing/). diff --git a/metrics/README.md b/metrics/README.md new file mode 100644 index 0000000..24a4941 --- /dev/null +++ b/metrics/README.md @@ -0,0 +1,2 @@ + +See [README.md](../README.md#metrics). diff --git a/metrics/fcos-sqlitevis.json b/metrics/fcos-sqlitevis.json new file mode 100644 index 0000000..1c3c311 --- /dev/null +++ b/metrics/fcos-sqlitevis.json @@ -0,0 +1,711 @@ +{ + "version": 2, + "inquiries": [ + { + "id": "WUPD4gZdu-j4mFgxjHG0P", + "query": "SELECT os_variant FROM countme_totals \n WHERE weeknum = (SELECT MAX(weeknum) FROM countme_totals)\n AND os_variant REGEXP ''\n GROUP BY os_variant;", + "viewType": "chart", + "viewOptions": { + "data": [], + "layout": { + "autosize": true, + "xaxis": { + "range": [ + -1, + 6 + ], + "autorange": true + }, + "yaxis": { + "range": [ + -1, + 4 + ], + "autorange": true + } + }, + "frames": [] + }, + "name": "All OS Variants", + "createdAt": "2025-05-12T20:54:27.120Z" + }, + { + "id": "tcIRiJz5gn5ci4DJyHgqU", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, os_variant, repo_arch, SUM(hits) FROM countme_totals \n WHERE os_variant IS 'coreos'\n AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' \n AND weeknum = (SELECT MAX(weeknum) FROM countme_totals)\n GROUP BY repo_arch;", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "pie", + "mode": "markers", + "values": null, + "valuessrc": "SUM(hits)", + "meta": { + "columnNames": { + "values": "SUM(hits)", + "labels": "repo_arch", + "text": "" + } + }, + "labels": null, + "labelssrc": "repo_arch", + "opacity": 1, + "textinfo": "label+value+percent", + "textfont": { + "size": 26, + "family": "sans-serif" + }, + "hoverinfo": "percent+label+value", + "hoverlabel": { + "align": "auto" + }, + "direction": "counterclockwise", + "rotation": 0, + "hole": 0.52, + "pull": 0, + "marker": { + "line": { + "width": 1 + } + }, + "insidetextorientation": "radial" + } + ], + "layout": { + "xaxis": { + "range": [ + -1, + 6 + ], + "autorange": true + }, + "yaxis": { + "range": [ + -1, + 4 + ], + "autorange": true + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Fedora CoreOS Node Architecture Breakdown Week of <i>2025-05-04</i>", + "font": { + "size": 25 + } + }, + "hiddenlabels": [ + "ppc64le", + "s390x" + ], + "legend": { + "x": 0.7407924239291469, + "y": 0.8257272143643333, + "font": { + "size": 20 + }, + "yanchor": "middle" + }, + "annotations": [], + "meta": [ + "2023-10-08", + "2023-10-08", + "2023-10-08", + "2023-10-08" + ], + "metasrc": "date", + "extendpiecolors": true + }, + "frames": [] + }, + "name": "FCOS Architectures", + "createdAt": "2025-05-12T20:55:12.622Z" + }, + { + "id": "wEj338NrufIRE-3UBDXPK", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(transient_hits), SUM(static_hits), SUM(transient_hits + static_hits) FROM (\n SELECT weeknum, SUM(hits) AS transient_hits, 0 AS static_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS transient_hits, SUM(hits) AS static_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n) WHERE date > '2020-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(static_hits)" + } + }, + "y": null, + "ysrc": "SUM(static_hits)", + "stackgroup": 1, + "name": "Static Nodes", + "hoveron": "points" + }, + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(transient_hits)" + } + }, + "y": null, + "ysrc": "SUM(transient_hits)", + "stackgroup": 1, + "name": "Transient Nodes", + "fillcolor": "rgba(205, 96, 52, 0.5)", + "line": { + "color": "rgb(180, 38, 5)" + } + }, + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(transient_hits + static_hits)", + "text": "" + } + }, + "y": null, + "ysrc": "SUM(transient_hits + static_hits)", + "name": "Total Nodes", + "line": { + "width": 3, + "color": "rgb(95, 100, 96)" + }, + "hovertemplate": "", + "error_x": { + "_template": null, + "visible": false, + "type": "percent", + "symmetric": true, + "value": 10, + "color": "rgb(95, 100, 96)", + "thickness": 2, + "width": 4 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2021-09-19 23:38:29.3717", + "2025-05-22 01:49:05.1712" + ], + "autorange": false, + "rangeselector": { + "visible": false, + "buttons": [ + {} + ] + }, + "showspikes": false, + "rangeslider": { + "visible": false, + "yaxis": {}, + "autorange": true, + "range": [ + "2020-05-03", + "2023-11-28 23:10:02.9513" + ] + }, + "type": "date", + "tickfont": { + "size": 28 + }, + "title": { + "font": { + "size": 17 + } + } + }, + "yaxis": { + "range": [ + -1419.2166576673771, + 123989.902612791 + ], + "autorange": false, + "ticks": "", + "showspikes": false, + "showline": false, + "zeroline": true, + "type": "linear", + "tickfont": { + "size": 28 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "dragmode": "pan", + "title": { + "text": "Fedora CoreOS Node Count", + "font": { + "size": 33 + } + }, + "legend": { + "font": { + "size": 28 + }, + "orientation": "h", + "x": 0.2471859552265083, + "y": 0.9623782823483056 + } + }, + "frames": [] + }, + "name": "FCOS Node Count", + "createdAt": "2025-05-12T20:55:20.874Z" + }, + { + "id": "rcnNNlpFRfhIaX27ownZa", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, upper(trim(repo_tag, 'updates-releaseed-')) as repo_tag, os_variant, SUM(hits) FROM countme_totals\n WHERE os_variant IS 'coreos'\n AND repo_tag REGEXP 'updates-released-f[3-4][0-9]'\n AND weeknum = (SELECT MAX(weeknum) FROM countme_totals)\n GROUP BY repo_tag;", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "pie", + "mode": "markers", + "values": null, + "valuessrc": "SUM(hits)", + "meta": { + "columnNames": { + "values": "SUM(hits)", + "labels": "repo_tag" + } + }, + "labels": null, + "labelssrc": "repo_tag", + "hole": 0.5, + "pull": 0, + "marker": { + "line": { + "width": 2 + } + }, + "textinfo": "label", + "textfont": { + "size": 25 + }, + "sort": false, + "direction": "clockwise", + "rotation": -90, + "legendgroup": 1, + "showlegend": true, + "hoverinfo": "percent+label+value", + "opacity": 1, + "textposition": "inside" + } + ], + "layout": { + "xaxis": { + "range": [ + -1, + 6 + ], + "autorange": true + }, + "yaxis": { + "range": [ + -1, + 4 + ], + "autorange": true + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Fedora CoreOS Release Breakdown", + "x": 0.5, + "font": { + "size": 31 + } + }, + "showlegend": true, + "legend": { + "font": { + "family": "monospace", + "size": 22 + }, + "title": { + "text": "<br>", + "font": { + "size": 34 + } + }, + "y": 0.04329087951849141, + "x": 0.20084040421902638, + "yanchor": "bottom", + "orientation": "v" + }, + "hiddenlabels": [], + "hoverlabel": { + "align": "auto" + }, + "uniformtext": { + "mode": false + }, + "modebar": { + "orientation": "h" + }, + "margin": { + "pad": 0, + "r": 80 + }, + "extendpiecolors": true, + "piecolorway": [ + "#1b9e77", + "#d95f02", + "#7570b3", + "#e7298a", + "#66a61e", + "#e6ab02", + "#a6761d", + "#666666" + ] + }, + "frames": [] + }, + "name": "FCOS Release Breakdown", + "createdAt": "2025-05-12T20:55:31.761Z" + }, + { + "id": "BZlflOgPAYGoaKwjBpIe8", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(coreos_hits), SUM(cloud_hits), SUM(server_hits) FROM (\n SELECT weeknum, 0 AS server_hits, 0 AS cloud_hits, SUM(hits) AS coreos_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS server_hits, SUM(hits) AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'cloud' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n UNION\n SELECT weeknum, SUM(hits) AS server_hits, 0 AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'server' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n) WHERE date > '2022-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(cloud_hits)" + } + }, + "y": null, + "ysrc": "SUM(cloud_hits)", + "name": "Cloud", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(coreos_hits)" + } + }, + "y": null, + "ysrc": "SUM(coreos_hits)", + "name": "CoreOS", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(server_hits)" + } + }, + "y": null, + "ysrc": "SUM(server_hits)", + "name": "Server", + "line": { + "width": 5 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2023-05-18 21:13:31.5607", + "2025-05-04" + ], + "autorange": false, + "type": "date", + "tickfont": { + "size": 22 + } + }, + "yaxis": { + "range": [ + -4149.444444444446, + 85743.15981948335 + ], + "autorange": false, + "type": "linear", + "tickfont": { + "size": 22 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Static Node Count for Fedora Cloud/CoreOS/Server" + }, + "dragmode": "zoom", + "legend": { + "font": { + "size": 28 + }, + "orientation": "h", + "x": 0.4185161699429296, + "y": 0.988780487804878 + } + }, + "frames": [] + }, + "name": "Static Node Count By Edition", + "createdAt": "2025-05-12T20:56:19.303Z" + }, + { + "id": "r6KJ-g1sxjbqtOYuWRJoK", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(coreos_hits), SUM(cloud_hits), SUM(server_hits) FROM (\n SELECT weeknum, 0 AS server_hits, 0 AS cloud_hits, SUM(hits) AS coreos_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS server_hits, SUM(hits) AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'cloud' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n UNION\n SELECT weeknum, SUM(hits) AS server_hits, 0 AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'server' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n) WHERE date > '2022-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(cloud_hits)" + } + }, + "x": null, + "xsrc": "date", + "name": "Cloud", + "y": null, + "ysrc": "SUM(cloud_hits)", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(coreos_hits)" + } + }, + "x": null, + "xsrc": "date", + "y": null, + "ysrc": "SUM(coreos_hits)", + "name": "CoreOS", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(server_hits)" + } + }, + "y": null, + "ysrc": "SUM(server_hits)", + "x": null, + "xsrc": "date", + "name": "Server", + "line": { + "width": 5 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2023-05-14 20:40:13.8728", + "2025-05-04" + ], + "autorange": false, + "type": "date", + "tickfont": { + "size": 22 + } + }, + "yaxis": { + "range": [ + -7660.833333333334, + 155839.15818339647 + ], + "autorange": false, + "type": "linear", + "tickfont": { + "size": 22 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Transient Node Count for Fedora Cloud/CoreOS/Server" + }, + "dragmode": "zoom", + "legend": { + "font": { + "size": 28 + }, + "orientation": "h", + "x": 0.388712745719721, + "y": 1.0030674846625767 + } + }, + "frames": [] + }, + "name": "Transient Node Count By Edition", + "createdAt": "2025-05-12T20:56:34.411Z" + }, + { + "id": "8C93FoFqg3Zpw4wcxyS2e", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(coreos_hits), SUM(cloud_hits), SUM(server_hits) FROM (\n SELECT weeknum, 0 AS server_hits, 0 AS cloud_hits, SUM(hits) AS coreos_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS server_hits, SUM(hits) AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'cloud' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' GROUP BY weeknum\n UNION\n SELECT weeknum, SUM(hits) AS server_hits, 0 AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'server' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' GROUP BY weeknum\n) WHERE date > '2022-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(cloud_hits)" + } + }, + "y": null, + "ysrc": "SUM(cloud_hits)", + "name": "Cloud", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(coreos_hits)" + } + }, + "y": null, + "ysrc": "SUM(coreos_hits)", + "name": "CoreOS", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(server_hits)" + } + }, + "y": null, + "ysrc": "SUM(server_hits)", + "name": "Server", + "line": { + "width": 5 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2023-05-17 21:05:12.1387", + "2025-05-04" + ], + "autorange": false, + "type": "date", + "tickfont": { + "size": 22 + } + }, + "yaxis": { + "range": [ + -10802.38888888889, + 229205.70535714284 + ], + "autorange": false, + "type": "linear", + "tickfont": { + "size": 22 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Total Node Count for Fedora Cloud/CoreOS/Server" + }, + "legend": { + "orientation": "h", + "x": 0.4578313253012048, + "y": 0.9863986313088109, + "font": { + "size": 28 + } + } + }, + "frames": [] + }, + "name": "Total Node Count for Fedora Cloud/CoreOS/Server", + "createdAt": "2025-05-12T20:56:53.783Z" + } + ] +} \ No newline at end of file From 84ffe2606fff4db77a0b8c6bbbcf89caf8c8bd31 Mon Sep 17 00:00:00 2001 From: mikyll <righi.michy@gmail.com> Date: Thu, 22 May 2025 11:52:39 +0200 Subject: [PATCH 222/238] style: sort meeting-people --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index be3e97c..b1e89cd 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -2,6 +2,7 @@ # Please keep this list in alphabetical order. @aaradhak:matrix.org @apiaseck:matrix.org +@bipinbn:fedora.im @bri:transfem.dev @davdunc:fedora.im @dustymabe:matrix.org @@ -22,4 +23,3 @@ @walters:fedora.im @ydesouza:fedora.im @yves:siegrist.io -@bipinbn:fedora.im From 2ff0880b380d1213ae1f8dbff2792a06758a6e30 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Tue, 27 May 2025 09:17:05 -0400 Subject: [PATCH 223/238] README: fix chrome commands The --user-data-dir command requires the `=` I guess because otherwise it tries to launch ~/chrome-disable-web-security/ in the browser upon running. Fixes 8c5a98b. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3d8a930..5eb6f5a 100644 --- a/README.md +++ b/README.md @@ -188,9 +188,9 @@ you have to run your browser in a specific mode to allow the application to download the database and the inquiries file: ``` -chromium-browser --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +chromium-browser --disable-web-security --user-data-dir=~/chrome-disable-web-security/ # OR -google-chrome-stable --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +google-chrome-stable --disable-web-security --user-data-dir=~/chrome-disable-web-security/ ``` Now navigate to From 6bb6743383d4eafacfa051b4cb5f5f1bc1487f36 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Sat, 14 Jun 2025 10:15:58 -0400 Subject: [PATCH 224/238] Clean up references to the Packet platform Packet is now dead and so we can drop any mentions of it. --- Design.md | 11 +---------- PRD.txt | 2 +- metadata/stream/rationale.yaml | 17 ++--------------- 3 files changed, 4 insertions(+), 26 deletions(-) diff --git a/Design.md b/Design.md index c458776..6b83bb1 100644 --- a/Design.md +++ b/Design.md @@ -230,15 +230,6 @@ Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/is - OpenStack environments do not require a cloud agent - We will provide any base level of functionality with ignition and coreos-metadata -### Packet: - -Originally discussed in [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69). - -- On the first boot, Packet requires the machine to phone home to report a successful boot. This will be [handled by coreos-metadata](https://github.com/coreos/coreos-metadata/issues/120). -- Packet provides the IPv4 public address via DHCP, allowing a machine to acquire network via standard mechanisms. However, to obtain a private IPv4 address or a public IPv6 address (on the same interface), networking must be configured using metadata from an HTTP metadata service. This can be handled by coreos-metadata in the initramfs, but it [may need to learn to configure NetworkManager or nm-state](https://github.com/coreos/fedora-coreos-tracker/issues/111) depending on the outcome of [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24). -- Packet needs the serial console on x86 to be directed to `ttyS1`, not `ttyS0`, requiring [cloud-specific bootloader configuration](https://github.com/coreos/fedora-coreos-tracker/issues/110). A different serial console configuration is required on ARM64. -- On many Linux OSes, Packet sets a randomized root password which is then available from the Packet console for 24 hours. This allows the serial (SOS) console to be used for interactive debugging. Container Linux, instead, enables autologin on the console by default. To avoid surprising users, Fedora CoreOS will do neither. For interactive console access, users can use Ignition to enable autologin or to set a password on the `core` account, and we'll document how to do that. - ### Open questions: - What do we do about VMware, which has a very involved and intrusive "agent"? @@ -275,7 +266,7 @@ This means: Originally discussed in [#114](https://github.com/coreos/fedora-coreos-tracker/issues/114). -We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCP, Packet) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. +We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCP) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. ### Automatically disable SMT when needed to address vulnerabilities diff --git a/PRD.txt b/PRD.txt index 1cd5a63..a09dd46 100644 --- a/PRD.txt +++ b/PRD.txt @@ -117,7 +117,7 @@ All artifacts will be downloadable from the getfedora.org website. Similarly, fo === Delivery Format === -Artifacts will be delivered as cloud images on Amazon EC2, Azure, DigitalOcean, Google Compute Engine, and Packet; as downloadable images for OpenStack, QEMU, VirtualBox, and VMware; and as ISO images, netboot images, and installable raw images for bare metal systems. We may add other public cloud images and downloadable formats to meet demand or anticipated need. +Artifacts will be delivered as cloud images on Amazon EC2, Azure, DigitalOcean, and Google Compute Engine; as downloadable images for OpenStack, QEMU, VirtualBox, and VMware; and as ISO images, netboot images, and installable raw images for bare metal systems. We may add other public cloud images and downloadable formats to meet demand or anticipated need. === Architectures === diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 4f61dab..0f6859f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -10,8 +10,8 @@ architectures: artifacts: # Some of these will be useful for many users, such as qemu or # openstack. Some will likely only be useful for cloud operators, - # such as digitalocean or packet. Some, such as aws, are useful - # for users in special situations. + # such as digitalocean. Some, such as aws, are useful for users + # in special situations. aliyun: release: 30.1.2.3 formats: @@ -163,15 +163,6 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - packet: - release: 30.1.2.3 - formats: - "raw.xz": - disk: - location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz - signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig - sha256: e41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb92427a5 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 qemu: release: 30.1.2.3 formats: @@ -266,7 +257,3 @@ architectures: # currently recommended image, and its release. release: 30.1.2.3 digest-ref: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 - packet: - # Images don't have addressable versions, so an operating system - # slug is the best we can do. - image: fedora_coreos_stable From 835cb02346fca2f175ad99f333c048987b135cde Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Sat, 14 Jun 2025 10:20:26 -0400 Subject: [PATCH 225/238] metadata: add examples for proxmoxve https://github.com/coreos/fedora-coreos-tracker/issues/1652 --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index ac02a1c..4556778 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -203,6 +203,17 @@ } } }, + "proxmoxve": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-proxmoxve.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-proxmoxve.qcow2.xz.sig", + "sha256": "394cd6431b19c82a46a7215ebead15960faf9814092203456d56960a1b4d8777" + } + } + } + }, "qemu": { "artifacts": { "qcow2.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 0f6859f..2922fda 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -163,6 +163,14 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + proxmoxve: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/TieshohWah0aewai/.qcow2.xz + signature: https://artifacts.example.com/TieshohWah0aewai/.qcow2.xz.sig + sha256: 394cd6431b19c82a46a7215ebead15960faf9814092203456d56960a1b4d8777 qemu: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 7eafcf9..fedcc6c 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -227,6 +227,18 @@ } } }, + "proxmoxve": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-proxmoxve.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-proxmoxve.x86_64.qcow2.xz.sig", + "sha256": "394cd6431b19c82a46a7215ebead15960faf9814092203456d56960a1b4d8777" + } + } + } + }, "qemu": { "release": "33.20210412.3.0", "formats": { From 28b58fb50fe5ff3286d53f2bc40f7ded0b59174e Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Wed, 25 Jun 2025 10:53:07 -0600 Subject: [PATCH 226/238] README: update the Fedora CoreOS Community Meeting time It was decided in the community meeting on 2025-06-25 to move the meeting time one hour earlier to accomodate more members. See: https://github.com/coreos/fedora-coreos-tracker/issues/1972 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5eb6f5a..6a188e3 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ happens in [#meeting-1:fedoraproject.org](https://matrix.to/#/#meeting-1:fedoraproject.org) on Matrix and the schedule for the meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at -[`16:30 UTC`](https://time.is/16:30+UTC) on Wednesdays. +[`15:30 UTC`](https://time.is/15:30+UTC) on Wednesdays. As the [Matrix bridge to Libera Chat is shutdown](https://matrix.org/blog/2023/11/28/shutting-down-bridge-to-libera-chat/), From a3626c613a378df036e0845ab934397ae28150f0 Mon Sep 17 00:00:00 2001 From: Clement Verna <cverna@tutanota.com> Date: Wed, 2 Jul 2025 09:11:56 +0200 Subject: [PATCH 227/238] Update Discourse tag the coreos tag in discourse is not used anymore. Instead we are using the coreos-wg tag Signed-off-by: Clement Verna <cverna@tutanota.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6a188e3..decca97 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ technologies and produce Fedora CoreOS. - Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - Chat room: [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) -- Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) +- Forum at [https://discussion.fedoraproject.org/tag/coreos-wg](https://discussion.fedoraproject.org/tag/coreos-wg) - Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - Website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - Documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) From 2be92966706d2d3e66592912ec594fe3b9f85e91 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 18 Jul 2025 14:17:46 -0400 Subject: [PATCH 228/238] metadata: add examples for oraclecloud https://github.com/coreos/fedora-coreos-tracker/issues/1967 --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 9 +++++++++ metadata/stream/sample.json | 13 +++++++++++++ 3 files changed, 33 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 4556778..23818b4 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -203,6 +203,17 @@ } } }, + "oraclecloud": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-oraclecloud.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-oracecloud.qcow2.xz.sig", + "sha256": "868da197ae9179aded982ea6445d7d5e30acf8d03cdcdc32acfe2003d2c65491" + } + } + } + }, "proxmoxve": { "artifacts": { "raw.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 2922fda..4072f34 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -163,6 +163,15 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + oraclecloud: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz + signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig + sha256: 868da197ae9179aded982ea6445d7d5e30acf8d03cdcdc32acfe2003d2c65491" + uncompressed-sha256: 75a5c30bf84a605cc9fa617e856d9523d8d4c50607837a7d33e4d81e9809891a proxmoxve: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index fedcc6c..134ebb0 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -227,6 +227,19 @@ } } }, + "oraclecloud": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-oraclecloud.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-oraclecloud.x86_64.qcow2.xz.sig", + "sha256": "868da197ae9179aded982ea6445d7d5e30acf8d03cdcdc32acfe2003d2c65491", + "uncompressed-sha256": "75a5c30bf84a605cc9fa617e856d9523d8d4c50607837a7d33e4d81e9809891a" + } + } + } + }, "proxmoxve": { "release": "33.20210412.3.0", "formats": { From 5623cd963b5fb1d018c460a0ffad07e8395f7160 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Wed, 8 Oct 2025 11:26:55 -0600 Subject: [PATCH 229/238] templates/rebase: untag old pkgs at first change checkpoint instead of GA Move the 'untag old packages' steps up to be performed at at the first change checkpoint instead of after Fedora (N) GA. --- .github/ISSUE_TEMPLATE/rebase.md | 94 ++++++++++++++++---------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 4434ea7..666ef64 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -9,6 +9,54 @@ - [ ] Test Week ([template](https://github.com/coreos/fedora-coreos-tracker/issues/new?template=test-week.md&title=tracker:+FN+Test+Week)) - [ ] Communications Tracker ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1655)) +## At the first change checkpoint + +### Untag old packages + +`koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: + +- [ ] Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: + +``` +f32key=12c944d0 +key=$f32key +echo > untaglist # create or empty out file +for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do + if koji buildinfo $build | grep -i $key 1>/dev/null; then + echo "Adding $build to untag list" + echo "${build}" >> untaglist + fi +done +``` + +Now we have a list of builds to untag. But we need a few more sanity checks. + +- [ ] Make sure none of the builds are used in `N` based FCOS. Check by running: + +``` +f32key=12c944d0 +key=$f32key +podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep -i -B 9 $key +podman rmi quay.io/fedora/fedora-coreos:testing-devel +``` + +If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. + + + +- [ ] After verifying the list looks good, untag: + +``` +# use xargs so we don't exhaust bash string limit +cat untaglist | xargs -L50 koji untag-build -v coreos-pool +``` + +- [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. + +- [ ] Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + - `koji taginfo coreos-pool` + - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` + ## At Branching Branching is when a new stream is "branched" off of `rawhide`. This eventually becomes the next major Fedora (N). @@ -127,52 +175,6 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Ship `stable` - [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) -### Untag old packages - -`koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: - -- [ ] Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: - -``` -f32key=12c944d0 -key=$f32key -echo > untaglist # create or empty out file -for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do - if koji buildinfo $build | grep $key 1>/dev/null; then - echo "Adding $build to untag list" - echo "${build}" >> untaglist - fi -done -``` - -Now we have a list of builds to untag. But we need a few more sanity checks. - -- [ ] Make sure none of the builds are used in `N` based FCOS. Check by running: - -``` -f32key=12c944d0 -key=$f32key -podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep -B 9 $key -podman rmi quay.io/fedora/fedora-coreos:testing-devel -``` - -If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. - - - -- [ ] After verifying the list looks good, untag: - -``` -# use xargs so we don't exhaust bash string limit -cat untaglist | xargs -L50 koji untag-build -v coreos-pool -``` - -- [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. - -- [ ] Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). - - `koji taginfo coreos-pool` - - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` - ### Open ticket for the next Fedora rebase - [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) From 9e27b0eb0445dc20ba05ba07feffd4afb7485420 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Fri, 24 Oct 2025 11:54:23 -0600 Subject: [PATCH 230/238] templates/rebase: add step to update build-args.conf This is a new file that needs to be updated with each rebase. Let's add steps to do that at the proper times. --- .github/ISSUE_TEMPLATE/rebase.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 666ef64..5f254fd 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -105,6 +105,7 @@ Example PR: https://github.com/coreos/coreos-installer/pull/1113 - [ ] Bump `releasever` in `manifest.yaml` - [ ] Add the `fedora-candidate-compose` repo in `manifest.yaml` ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2706)) - [ ] Update the repos in `manifest.yaml` if needed +- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] Run `cosa fetch --dry-run --update-lockfile` - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. - in the future we may support [this](https://github.com/coreos/coreos-assembler/issues/3088) in `cosa fetch` directly @@ -142,6 +143,7 @@ If the packages in `next-devel` don't exactly match the last `next` release that - [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` - [ ] Bump the Fedora version for the test containers in `tests/kola/data/commonlib.sh` +- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] PR the result From 37c9a7511ba4595e7a2efc1b0c982795319fc7e4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 31 Oct 2025 08:49:13 -0400 Subject: [PATCH 231/238] templates/rebase: add example link to step Examples are usually really useful so let's add one here. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5f254fd..c8af8da 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -76,7 +76,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - `koji tag-build f${N+1}-coreos-continuous $BUILD` - example: `koji tag-build f36-coreos-continuous fedora-release-36-0.16` -- [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). +- [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). An example request looks [like this](https://pagure.io/releng/issue/10635). - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"` From 517fc3f002e5c8c887c42c56499492d62051b1be Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Fri, 14 Nov 2025 11:15:44 -0700 Subject: [PATCH 232/238] templates/rebase: also update the cosa ci-operator buildroot image Document this step so we remember to update it with each fedora major release. --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index c8af8da..323d5e2 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -190,6 +190,7 @@ These are various containers in use throughout our ecosystem. We should update o - [ ] Update coreos-assembler or open ticket to update: - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [Dockerfiles for kola test containers](https://github.com/coreos/coreos-assembler/tree/main/tests/containers) + - [Dockerfile for the OpenShift CI buildroot image](https://github.com/openshift/release/blob/master/ci-operator/config/coreos/coreos-assembler/coreos-coreos-assembler-main.yaml) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From e2976b3dfac0ac96e7eba40c549199ace6955b24 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Fri, 21 Nov 2025 11:02:20 -0700 Subject: [PATCH 233/238] templates/rebase: rhcos extensions update no longer required The RHCOS extensions container was updated to use centos:stream9 instead of fedora:N as the builder[1]. Remove the step from the checklist since it's no longer required. [1]: https://github.com/openshift/os/commit/cdd91139ec030bbb3d8d8ba8436f5ee4c7711813 xref: https://github.com/coreos/fedora-coreos-tracker/issues/1935 --- .github/ISSUE_TEMPLATE/rebase.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 323d5e2..0523d72 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -216,5 +216,3 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/fedora-ostree-pruner/Dockerfile) - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml) - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml) -- [ ] Update RHCOS extensions container - - [Dockerfile](https://github.com/openshift/os/blob/master/extensions/Dockerfile) From bb3b71f890896d1af13ef194d704be456bf3ffa0 Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Fri, 21 Nov 2025 11:10:28 -0700 Subject: [PATCH 234/238] templates/rebase: add step to udpate fcos-meeting-action template We need to bump the "Review Fedora N+1 Release Schedule" schedule with each Fedora major release so we can start tracking it during the weekly community meeting. Add a step to do so when Fedora N goes GA. --- .github/ISSUE_TEMPLATE/rebase.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 0523d72..3b52bad 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -182,6 +182,12 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) - label with `FN` label where `N` is the Fedora version. +### Update the FCOS Meeting-Action Template + +Now that Fedora N is GA, we need to start tracking the release schedule of Fedora N+1 during the weekly [Fedora CoreOS Community Meeting](https://github.com/coreos/fedora-coreos-tracker/blob/main/README.md#meetings). + +- [ ] Update the "Review Fedora N Release Schedule" topic and link to point to Fedora N+1 in the [FCOS meeting-action template](https://github.com/coreos/fcos-meeting-action/blob/main/static/meeting-template.md) + ## Miscellaneous container updates From 10cbb194162de2b4553312ebcc17682b29459e77 Mon Sep 17 00:00:00 2001 From: Rolv Apneseth <rolv.apneseth@gmail.com> Date: Wed, 7 Jan 2026 15:26:23 +0000 Subject: [PATCH 235/238] Add @rapneset:matrix.org to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index b1e89cd..5ed1d2b 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -18,6 +18,7 @@ @marmijo:fedora.im @miabbott:fedora.im @quentin9696:matrix.org +@rapneset:matrix.org @ravanelli:fedora.im @tlbueno:fedora.im @walters:fedora.im From c78116bb71769201ebe224096da314b1c748d5fe Mon Sep 17 00:00:00 2001 From: Dusty Mabe <dusty@dustymabe.com> Date: Fri, 6 Feb 2026 15:38:41 -0500 Subject: [PATCH 236/238] templates/rebase: update steps to update build-args.conf We've moved more and more stuff into build-args.conf and we don't need to update the manifest for a lot of these steps now. --- .github/ISSUE_TEMPLATE/rebase.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 3b52bad..9659c8b 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -91,21 +91,20 @@ Example PR: https://github.com/coreos/coreos-installer/pull/1113 ### Update `rawhide` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2855)) +- [ ] Update `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in [build-args.conf](https://github.com/coreos/fedora-coreos-config/blob/rawhide/build-args.conf) ([example PR](https://github.com/coreos/fedora-coreos-config/pull/4003)) ### Enable `branched` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2549)) +- [ ] Update `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in [build-args.conf](https://github.com/coreos/fedora-coreos-config/blob/branched/build-args.conf) ([example PR](https://github.com/coreos/fedora-coreos-config/pull/4005)) - [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/904)) ## At Fedora (N) Beta ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` -- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Bump `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in `build-args.conf` - [ ] Add the `fedora-candidate-compose` repo in `manifest.yaml` ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2706)) - [ ] Update the repos in `manifest.yaml` if needed -- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] Run `cosa fetch --dry-run --update-lockfile` - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. - in the future we may support [this](https://github.com/coreos/coreos-assembler/issues/3088) in `cosa fetch` directly @@ -138,12 +137,11 @@ If the packages in `next-devel` don't exactly match the last `next` release that ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` -- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Bump `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in `build-args.conf` - [ ] Update the repos in `manifest.yaml` if needed - [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` - [ ] Bump the Fedora version for the test containers in `tests/kola/data/commonlib.sh` -- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] PR the result From 462c046f6598b761899d3bb1e4e96adfac4e28fc Mon Sep 17 00:00:00 2001 From: Michael Armijo <marmijo@redhat.com> Date: Tue, 10 Mar 2026 11:20:41 -0600 Subject: [PATCH 237/238] templates/rebase: add step to draft communication at Beta Add a step to the rebase checklist to draft an announcement to users of Fedora CoreOS informing them of upcoming changes in the Beta. We do this every release, so let's add it to the rebase checklist so we are reminded to prepare this in advance of the Beta release. --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 9659c8b..64ad4b4 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -114,6 +114,10 @@ Example PR: https://github.com/coreos/coreos-installer/pull/1113 - [ ] Disable `branched` stream since it is no longer needed. - Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to comment out the `branched` stream definition. +### Prepare Fedora CoreOS (N) Beta announcement + +- [ ] Draft an announcement that contains information found in the "Communications Tracker", created in a step above, to inform users of Fedora CoreOS of upcoming changes in the Fedora (N) version. [(example)](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/thread/GK4RMQ3UFMLJGKMBUVTTWGNFVFNNSH5E/) + ### Ship rebased `next` - [ ] Ship `next` From 69b48f1aab13ba0eb7d6b3abce19dab657a34b9a Mon Sep 17 00:00:00 2001 From: Christian Glombek <LorbusChris@users.noreply.github.com> Date: Mon, 6 Apr 2026 16:32:23 +0200 Subject: [PATCH 238/238] Remove @lorbus:matrix.org from meeting-people.txt Removed myself from the meeting notifications list. --- meeting-people.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 5ed1d2b..967e3cf 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -14,7 +14,6 @@ @jdoss:fedora.im @jlebon:fedora.im @jmarrero:matrix.org -@lorbus:matrix.org @marmijo:fedora.im @miabbott:fedora.im @quentin9696:matrix.org