Discussion of Fedora Server use-cases

Tue Oct 29 01:30:00 UTC 2013

On 10/28/2013 05:55 PM, Michael R. Davis wrote:
>>>   - /etc/fstab.d/ capability
>> Could you provide an example of why this might be useful? Do you
>> programmatically change mount points enough for this?
> 
> I have applications that need mounts points.  I need to deploy to every server.  I'd like to do this in RPM easily not in chef or puppet or augtool.
> 

There's a compelling case for this, but I don't think you've made it.

>>>   - Moving /etc/yum.repos.d/*.repo files from fedora-release to an
>>> independent package that can optionally not be installed in the
>>> kickstart. THIS IS A BIG SECURITY PET PEEVE OF MINE. 
>> Could you elaborate a bit on this one as well please?
> 
> My IT guys will do a yum update before they remove the default repo files an we'll get Internet installed RPMs on our systems.  Which is a no-no for us.  We are required to only use the local repo which may be behind the latest on the net but that's what's been tested with the apps.
> 

This is a local case, and just makes the case for proper config
management via the tools you seem to want to use. I don't see how this
provides a benefit to other users.

>>> We really need to fix the Oracle instant client mess.
>> I've not found oracle overly willing to help in most aspects. In most
>> cases they've been condescending and arrogant.
> 
> We still need to do the best we can to make it easy.
> 
> These are the RPMs that we have build.  I think most are home grown but there is no need for every company to repeat this mess.
> 
> apr-util-oracle
> oracle-instantclient11.2-httpd
> oracle-instantclient11.2-wrapper
> oracle-instantclient11.2-bashrc
> oracle-instantclient11.2-ldconfig

As you pointed out, there is a licensing issue here that needs to be
addressed.

>>> Bottom line I think Fedora should provide the running building block or
>>> even full running applications like TurnKey Linux with a nice default
>>> configuration.  e.g. I need a running webserver "yum install httpd-on". 
>>> I need a running database "yum install postgresql-server-on".
> 
>> Would there be an equivalent -off for folks who wish to manually tinker
>> prior to enabling? 
> 
> yum erase httpd-on; turns it off it's just a wrapper package...
> 
> but yum install httpd; service httpd start; would still work.
> 
>> I'm not convinced that yum should be in the business of
>> enabling/disabling services like this.
> 
> "yum" would not be. The spec "post" would actually "do" it.  

I don't agree with this approach. This is clearly within the domain of
config management tools and would break the traditional approach for no
perceptible gain. With this approach, a user could have your httpd-on
package installed, and 'chkconfig httpd off'. This would create
confusion and a support issue. I would prefer to leave this in the
capable hands of puppet/ansible/cfengine/chef/bcfg2/salt etc.

> I think if we raise the bar we can start building mansions and the end application only need to build a room. If we raise the bar far enough there's no stopping us.

wat?

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77