-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/12/2014 11:37 AM, Adam Williamson wrote:
On Thu, 2014-06-12 at 10:44 -0400, Stephen Gallagher wrote:
> That would be difficult to do, as the current expectation is
> that Roles will be configured as part of the first-boot
> environment, after Anaconda has concluded and the system has
> rebooted.
>
> I think we should not make "resolution order of firewall
> conflicts" a release criterion.
> I think testing Role ports + manually-configured is likely to be
> a mine-field that will never have a p
A pea? :)
Strange, I definitely typed "erfect solution." after that, but somehow
it got lost.
That's all fine by me if others agree. I can dial back the
draft.
>> You'll note one criterion missing, because I spotted a rather
>> big ambiguity. It's the remote auth configuration one. The tech
>> spec says:
>>
>> "The Fedora Server is expected to nearly always be configured
>> for 'centrally-managed' user information; it must be possible
>> to configure it to rely on a directory service for this
>> information. Fedora Server will provide and support the realmd
>> project for joining FreeIPA and Active Directory domains
>> automatically. Interacting with other identity sources will
>> remain a manual configuration effort."
>>
>> What it never says is whether this is expected to work *at
>> install time* or post-install. My guess would be that we'd want
>> to have install time configuration of this, but I wanted to
>> clarify it before writing it into the criteria.
>>
>> Note that this is *not currently the case*. anaconda does not
>> have any remote auth configuration support of which I'm aware
>> at present. (I'm kinda surprised it wasn't considered a blocker
>> for RHEL 7, in all honesty, but hey, RHEL ain't my beat). So if
>> we wanted to block on that, we'd need to work out a plan with
>> anaconda devs to have it implemented, ideally by Alpha.
>>
>> Thoughts on all the above? Thanks!
>
> This is available today with realmd's anaconda plugin (which is
> also present in RHEL 7.0 final). I'm not sure if there's a
> graphical solution at present; I'll need to spin up a RHEL 7 VM
> and check it. I know it works in kickstart though.
Yeah, sorry, as noted in my other mail I meant that it is not
possible interactively.
Interactive hasn't been our top priority for the first release
(particularly since our common-case involves headless servers). I'd
definitely keep that off the requirement list for F21 at least.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlOZyaQACgkQeiVVYja6o6OfzQCdFhSmucxiIt0B7uDP7fBm8m96
o+UAnAprdeED/EvtQ1JEmQdiQ9/mtTo+
=Duth
-----END PGP SIGNATURE-----