On Thu, 2014-03-06 at 15:49 -0700, Stephen John Smoogen wrote:
My understanding was that the roles commands were items that the
system administrator ran to set up a system to do a certain task and
was set up to be done for the 60% of the environments which aren't
going to play with defaults in any case.
Exactly, the idea of a role is to have a standard way to deploy some
well defined services we classify as 'roles'. The aim is to have the
roles fully functional once configured. The definition of 'fully
functional' is role-specific of course.
So these were my assumptions:
1) The systems administrator is running these commands.
2) The system administrator level being aimed for is more where they
have a task to do and just want it to work without knowing all these
things. (EG the people who will install cpanel, webadmin, etc without
a thought.) We are just wanting that when they set up those commands
they get a working secure default.
3) The goal is to get these systems up without the admin following the
usual howto of
[snip]
Yes, this is correct, moreover if the admin is expert and has taken the
time to read the role documentation (or has experimented previously) I
expect he will be able to find the additional command line switches of
the 'configure-role' command to change defaults for specific high level
configuration items if he needs/wants to.
So in the firewall case I see a more expert admin passing in at
invocation time the policy he wants to enforce when it comes to opening
firewall ports. If he doesn't, the role-default will be used instead.
Simo.
--
Simo Sorce * Red Hat, Inc * New York