2014-03-04 21:31 GMT+01:00 Simo Sorce <simo@redhat.com>:

On Tue, 2014-03-04 at 14:07 +0100, Miloslav Trmač wrote:
> I see having a firewall running by default, but punching holes in it
> by default, without explicit user involvement, as such a case: the
> underlying reason to have a firewall seems to be defeated by the way
> the firewall is being used.

Here lies the error of your reasoning.

Roles do not do anything without *explicit user involvement*.
You actually have to install *and* setup a role on your system to poke
any hole.

OK, so let's clarify how explicit the involvement is. When the user runs (fedora-role-deploy $rolename), will this

Always punch a hole in the firewall, because the "fedora-role-deploy" was an explicit action?
Ask the user, and acting on the answer, which was an explicit action?
Not ask the user, but do what the role thinks is appropriate, because deploying a role was an explicit action?

My primary objection is to the latest option: If the user can't predict the effect of their command, I don't think the command was an "explicit" user action. It's just unpredictable unless you read all documentation, which many people don't.

And not poking holes for some roles makes no sense, because the role can
only be used (in the common case) if it is reachable from the network,
and if it is unreachable it does not work.

Yes.

One of the assumptions for roles is that we want to have them working as
intended once the setup is complete.

Yes.

For example I think the best default for the domain controller role will
be to open the firewall, while the best default for the database role
will be to keep it closed.

That may be individually true, but the user gets differing behavior without having clearly acknowledged or caused such a difference, put together into a single product doesn't give the user sufficient visibility.
Mirek