Second draft of server criteria, questions (was Re: Initial set of proposed release criteria for Server product)

Stephen Gallagher sgallagh at redhat.com
Thu Jun 12 15:39:17 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/12/2014 11:37 AM, Adam Williamson wrote:
> On Thu, 2014-06-12 at 10:44 -0400, Stephen Gallagher wrote:
> 
>> That would be difficult to do, as the current expectation is
>> that Roles will be configured as part of the first-boot
>> environment, after Anaconda has concluded and the system has
>> rebooted.
>> 
>> I think we should not make "resolution order of firewall
>> conflicts" a release criterion.
> 
>> I think testing Role ports + manually-configured is likely to be
>> a mine-field that will never have a p
> 
> A pea? :)
> 

Strange, I definitely typed "erfect solution." after that, but somehow
it got lost.


> That's all fine by me if others agree. I can dial back the draft.
> 
>>> You'll note one criterion missing, because I spotted a rather
>>> big ambiguity. It's the remote auth configuration one. The tech
>>> spec says:
>>> 
>>> "The Fedora Server is expected to nearly always be configured
>>> for 'centrally-managed' user information; it must be possible
>>> to configure it to rely on a directory service for this
>>> information. Fedora Server will provide and support the realmd
>>> project for joining FreeIPA and Active Directory domains
>>> automatically. Interacting with other identity sources will
>>> remain a manual configuration effort."
>>> 
>>> What it never says is whether this is expected to work *at
>>> install time* or post-install. My guess would be that we'd want
>>> to have install time configuration of this, but I wanted to
>>> clarify it before writing it into the criteria.
>>> 
>>> Note that this is *not currently the case*. anaconda does not
>>> have any remote auth configuration support of which I'm aware
>>> at present. (I'm kinda surprised it wasn't considered a blocker
>>> for RHEL 7, in all honesty, but hey, RHEL ain't my beat). So if
>>> we wanted to block on that, we'd need to work out a plan with
>>> anaconda devs to have it implemented, ideally by Alpha.
>>> 
>>> Thoughts on all the above? Thanks!
>> 
>> This is available today with realmd's anaconda plugin (which is
>> also present in RHEL 7.0 final). I'm not sure if there's a
>> graphical solution at present; I'll need to spin up a RHEL 7 VM
>> and check it. I know it works in kickstart though.
> 
> Yeah, sorry, as noted in my other mail I meant that it is not
> possible interactively.
> 

Interactive hasn't been our top priority for the first release
(particularly since our common-case involves headless servers). I'd
definitely keep that off the requirement list for F21 at least.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOZyaQACgkQeiVVYja6o6OfzQCdFhSmucxiIt0B7uDP7fBm8m96
o+UAnAprdeED/EvtQ1JEmQdiQ9/mtTo+
=Duth
-----END PGP SIGNATURE-----

More information about the server mailing list