Initial set of proposed release criteria for Server product
Stephen Gallagher
sgallagh at redhat.com
Thu Jun 12 14:35:23 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/11/2014 07:28 PM, Adam Williamson wrote:
> On Fri, 2014-06-06 at 15:55 -0700, Adam Williamson wrote:
>
> More criteria considerations:
>
>> * It must be possible to forward system logs from one system
>> running the release to another using rsyslog.
>>
>> * After system installation, the system firewall must be active,
>> and the only ports which may be open are port 22 and any ports
>> associated with server Roles selected during installation. [pace
>> explicit kickstart configuration]
>
> If you look at these two - they kind of mutually contradict a bit.
> We want log forwarding to work, but we're explicitly requiring that
> any port likely to be used for it be firewalled?
>
It should probably read "the only incoming ports which may be open".
Log forwarding is an outgoing operation.
Also, this is only the default right-after-installation state. If
someone wants to use a machine as an rsyslog aggregation host, they're
going to need to do other configuration; asking them to call
firewall-cmd to open the external port is a reasonable request. It
shouldn't be open by default.
> Would "log server" be a viable role, hence you'd deploy your "log
> server role" and the appropriate firewall ports would be opened as
> a part of that? That could be a long term solution (or even short
> term, if someone wanted to throw that role together).
Yes, this is one I want to strongly consider for F22.
>
> Otherwise I can just write an exception for the firewall port into
> the system logging criterion.
>
See above.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlOZuqsACgkQeiVVYja6o6MCJQCfYRvCzIyP+12XlkveMMWg3Cq4
1D4AoKoH7yEGTTWgD3S2KJNLiDbUUHQq
=da7/
-----END PGP SIGNATURE-----
More information about the server
mailing list