From Fedora Project Wiki
(WIP2)
(cockpit port should be open by default)
 
(24 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
== Fedora Server Technical Specification ==
 
== Fedora Server Technical Specification ==
  
This document aims to describe the technical characteristics Fedora Server product in detail. This includes provided services and APIs, installed software, etc. Some of the desired characteristics may not be entirely achievable in the first version of the Server product, and will be approximated.
+
This document aims to describe the technical characteristics of the Fedora Server product in detail. This includes provided services and APIs, installed software, and the like. Some of the desired characteristics may not be entirely achievable in the first version of the Server product, and will be approximated.
  
The content of the spec unavoidably overlaps with the work of the Base Working Group, and needs to be aligned with their deliverables.
+
The content of this specification unavoidably overlaps with the work of the Base Working Group, and needs to be aligned with their deliverables.
  
 
== Core Services and Features ==
 
== Core Services and Features ==
  
This section should describe the core services of the platform and their intended use. The items here should refer back to the PRD for a functional justification.
+
This section should describe the core services of the platform and their intended use. The items here should refer back to the [[Server/Product_Requirements_Document | Product Requirements Document]] for a functional justification.
  
=== Supported Architectures ===
+
=== Supported Architectures and Install Media ===
Fedora Server will run on and provide install media for i686, x86_64 and armv7hl servers. In the future, Fedora Server will also support armv8 (64-bit) when the hardware becomes available.
+
Fedora Server will run on and provide install media for i686, x86_64, and armv7hl servers.
 +
 
 +
There will be two official install media for the Fedora Server
 +
* A network installation media (either a traditional netinst.iso or a boot.fedoraproject.org style)
 +
* A local installation media providing the default package set as well as any featured roles that are meaningfully installed without a network connection.
 +
** The local installation media will be allowed a maximum size to fit on a 4.0GB USB device.
 +
** The local installation media can be pointed at network resources to make available a larger package set.
  
 
=== File system ===
 
=== File system ===
Line 17: Line 23:
  
 
File-system layout will be discussed with the Anaconda team and reasonable defaults will be selected based on a combination of the number of available, selected disks and the available memory on the system (for determining SWAP space).
 
File-system layout will be discussed with the Anaconda team and reasonable defaults will be selected based on a combination of the number of available, selected disks and the available memory on the system (for determining SWAP space).
 +
 +
An option will be provided in the Fedora Server installer to enable disk encryption.
  
 
=== Service management ===
 
=== Service management ===
  
Systemd provides ways to control and monitor the activity and status of system services, resources they require, etc. System services must provide systemd units to be included in the Fedora Server standard installation. See the systemd [http://0pointer.de/public/systemd-man/systemd.unit.html documentation].
+
Systemd provides ways to control and monitor the activity and status of system services, resources they require, and the like. System services must provide systemd units to be included in the Fedora Server standard installation. See the systemd [http://0pointer.de/public/systemd-man/systemd.unit.html documentation].
  
 
=== Logging ===
 
=== Logging ===
  
The systemd journal will be used as the local storage backend for system logs. For 'managed' scenarios (e.g the 'developer in a large organization' use case of the PRD), it must be possible to collect the logs in a centralized location, off the local machine.
+
Fedora Server will store log files locally by default and will also support sending full log data to an external server to the maximum extent possible. For writing to logs, we recommend the syslog or journal APIs rather than managing application-specific log files.  OpenLMI will provide an API for reading the logs.
  
Applications and services can either use the syslog API or the journal APIs for their logging. See the journal API [http://0pointer.de/public/systemd-man/sd-journal.html documentation].
+
We will use rsyslog for forwarding data to a central server.  The logs of programs using the recommended APIs will be locally stored in the journal database and automatically forwarded; other programs should include appropriate configuration for rsyslog such that their log output is included in the rsyslog-forwarded data stream.
  
 
=== Networking ===
 
=== Networking ===
 
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
  
 
Network devices and connections will be controlled by NetworkManager by default. Server Roles that may need to interact with the network configuration must do so through the public NetworkManager D-BUS API.
 
Network devices and connections will be controlled by NetworkManager by default. Server Roles that may need to interact with the network configuration must do so through the public NetworkManager D-BUS API.
Line 36: Line 42:
 
=== Firewall ===
 
=== Firewall ===
  
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
+
A firewall in its default configuration may not interfere with the normal operation of programs installed by default.
 +
 
 +
On a pristine system, the only open incoming ports are SSH and Cockpit. When [[Server/Product_Requirements_Document#Featured_Server_Roles | Roles]] are deployed, they may elect to open one or more ports based on the most likely need. Roles *must* provide an interface that describes which ports they want open and which ones they currently have opened. The admin must be able to easily modify this configuration.
  
A firewall in its default configuration may not interfere with the normal operation of programs installed by default.
+
Roles that open ports by default must have the set of ports approved by majority vote of the Server Working Group.
  
Server Roles that need to interact with the firewall must do so through the public firewalld D-BUS API. Server Roles that modify the firewall must also provide a public configuration API describing what interfaces are permitted through the firewall.
+
If the user hasn't specified firewall status explicitly, interactive role deployment will inform the user whether the service's ports have been opened by default. It must be possible to query the API for the required state of the firewall to support the role, which can then be compared to the active firewalld state.
  
A public, external API will be provided by the OpenLMI project to manage firewalld centrally. (This is not yet scheduled for a Fedora release, but is a medium-term plan)
+
The OpenLMI project will provide a public, external API to manage firewalld centrally. (This is not yet scheduled for a Fedora release, but is a medium-term plan.)
  
 
=== SELinux ===
 
=== SELinux ===
Line 49: Line 57:
  
 
=== Problem reporting ===
 
=== Problem reporting ===
 
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
  
 
Problems and error conditions (e.g. kernel oopses, Selinux AVCs, application crashes, OOM, disk errors) should all be reported in the systemd
 
Problems and error conditions (e.g. kernel oopses, Selinux AVCs, application crashes, OOM, disk errors) should all be reported in the systemd
Line 56: Line 62:
  
 
Support for sending this information to a central place (like abrt does for crashes today) is mandatory.
 
Support for sending this information to a central place (like abrt does for crashes today) is mandatory.
 
=== Session tracking ===
 
 
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
 
Logind will be used as the session tracking facility.
 
 
Applications that need to interact with sessions can use the logind [http://www.freedesktop.org/software/systemd/man/sd_session_is_active.html library API], the [http://www.freedesktop.org/wiki/Software/systemd/logind/ D-Bus API], or a higher-level API
 
  
 
=== Account handling ===
 
=== Account handling ===
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
 
SSSD is providing the backing storage for identity management. The Fedora Server is expected to nearly always be configured for 'centrally-managed' user information; it must be possible to configure it to rely on a directory service for this information. Fedora Server will provide and support the realmd project for joining FreeIPA and Active Directory domains automatically. Interacting with other identity sources will remain a manual configuration effort.
 
 
The accountsservice is providing a D-Bus interface for user account information; this may be integrated into SSSD at some point.
 
 
Depending on their needs, application and services can either use the POSIX APIs (getpwent(), etc) or the accountsservice D-Bus interface to obtain
 
user information.
 
  
 +
SSSD will provide the backing storage for identity management. The Fedora Server is expected to nearly always be configured for 'centrally-managed' user information; it must be possible to configure it to rely on a directory service for this information. Fedora Server will provide and support the realmd project for joining FreeIPA and Active Directory domains automatically. Interacting with other identity sources will remain a manual configuration effort.
  
 
=== Software updates ===
 
=== Software updates ===
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
  
 
Software updates on the Fedora Server must be possible to perform either locally using command-line tools (e.g. yum/dnf) or centrally by common management systems (e.g. Puppet, Chef, Satellite, Spacewalk, OpenLMI).
 
Software updates on the Fedora Server must be possible to perform either locally using command-line tools (e.g. yum/dnf) or centrally by common management systems (e.g. Puppet, Chef, Satellite, Spacewalk, OpenLMI).
  
 
=== Miscellaneous system information ===
 
=== Miscellaneous system information ===
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
  
 
System locale, timezone, hostname, etc. will be managed through the services provided by systemd for this purpose.
 
System locale, timezone, hostname, etc. will be managed through the services provided by systemd for this purpose.
Line 88: Line 77:
 
[http://www.freedesktop.org/wiki/Software/systemd/localed/ localed],
 
[http://www.freedesktop.org/wiki/Software/systemd/localed/ localed],
 
[http://www.freedesktop.org/wiki/Software/systemd/timedated/ timedated] and  
 
[http://www.freedesktop.org/wiki/Software/systemd/timedated/ timedated] and  
[http://www.freedesktop.org/wiki/Software/systemd/hostnamed/ hostnamed]
+
[http://www.freedesktop.org/wiki/Software/systemd/hostnamed/ hostnamed].
  
 
=== Virtualization ===
 
=== Virtualization ===
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
  
 
libvirt-daemon will be used to manage virtualization capabilities.
 
libvirt-daemon will be used to manage virtualization capabilities.
systemd-nspawn will be used to manage containerization capabilities.
 
 
=== Display manager ===
 
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
 
<Wording?>
 
 
  
 
=== Accessibility ===
 
=== Accessibility ===
{{admon/warning | This is not yet approved! | This statement is a work-in-progress draft and has not been agreed upon yet. }}
 
  
 
Accessibility support on the Fedora Server will be limited to devices supporting the vision-impaired on the console.
 
Accessibility support on the Fedora Server will be limited to devices supporting the vision-impaired on the console.
Line 111: Line 91:
 
=== Input Methods ===
 
=== Input Methods ===
  
The input method framework on the workstation is provided by ibus. Input methods and keyboard layouts can be configured in the control-center, and selected in shell keyboard menu. The supported application toolkits all support ibus.
+
The input method support for the Fedora Server console access will be limited to LOCALE support in the command shell.
  
=== Graphics ===
+
Input method support in the optional graphical console will be aligned with the Fedora Workstation offering.
  
The workstation session will switch to using a Wayland compositor as soon as feasible. Until then, it will be based on X11.
+
=== Graphics and Display Manager ===
Even after the switch, an X server will be included, so applications can either connect to Wayland natively, or run as an X client.
 
  
=== Media support ===
+
The Fedora Server does not mandate a graphical environment at this time. If the administrator elects to install a desktop, they should choose a display manager themselves at this time.
 
 
Sound hardware and audio streams will be managed by pulseaudio. Applications are recommended to use the
 
[http://gstreamer.freedesktop.org/documentation/ gstreamer] framework for media playback.
 
  
 
=== Appearance ===
 
=== Appearance ===
  
The workstation will ship with a single theme, which will have support for the included toolkits: gtk3, qt and gtk2. Applications are expected to work
+
The default user-experience for the Fedora Server will be the bash shell on the console and the Cockpit web management console.
well with this theme, as well as with the high-contrast theme that is used for accessibility. The theme will include a dark variant that applications
 
can opt into using (this is most suitable for certain content-focused applications). The theme also includes an icon theme that provides named icons according to the icon-naming spec, plus symbolic variants.
 
 
 
We will be using the Adwaita theme, with a yet-to-be-written qt variant.
 
 
 
=== Application Integration ===
 
 
 
Installed applications are expected to install a desktop file in /usr/share/applications and an application icon in the hicolor icon theme.
 
 
 
Packaged applications are also expected to provide [http://people.freedesktop.org/~hughsient/appdata/ appdata] for use in the application installer.
 
  
 
=== System Installer ===
 
=== System Installer ===
  
The desired installation experience for the workstation product is to limit the pre-installation user interaction to the minimum. The storage configuration UI should be focused on the classes of hardware that are expected in workstation-class machines. Package selection is not necessary: the installer will install the workstation product as defined. Tweaks, customizations and software additions should be performed after the installation.
+
The desired installation experience for the Fedora Server product is to limit the pre-installation user interaction to the minimum. The storage configuration UI should provide a single sensible default and an alternative, fully customizable configuration UI.
  
One aspect of storage configuration that will be needed is support for dual-boot setups (preserving preexisting Windows or OS X installations), since e.g. students may be required to run software on those platforms for their coursework.
+
Package selection will be supplementary. There will be no option in the installer to install less than the Fedora Server standard installation. Options to install Fedora Server Roles will be provided, as well as a UI to install other software from the Fedora Project repositories.
  
gnome-initial-setup already provides support for post-install user creation, language selection, timezone configuration, etc. If necessary, it should be extended to cover all required setup tasks.
+
Fedora Server will expect to be the sole citizen on the system. Support for coexisting with other operating systems is not a goal.
  
=== Other ===
+
Fedora Server will use kickstart as implemented by pyKickstart and Anaconda as the unattended installation mechanism.
  
TBD: containers, supported languages
+
== Server Roles ==
  
== Core Applications ==
+
The Server Roles listed below are approved to be worked on in the Fedora 21 timeframe.
  
Core applications are part of the Workstation product and can not be removed.
+
The public D-BUS API to support Server Roles will be provided from the Cockpit Project.
  
Applications can depend on any services that are listed above, and can assume that all of the packages listed below are present on the system.
+
=== Role Definition Requirements ===
They can not require other applications to be installed.
+
Roles will be required to provide both a D-BUS API and a web management plugin for the Cockpit management console. During the development of the first few Fedora Server Roles, the Cockpit project will drive the effort of designing this interface.
  
=== Application installer ===
+
Roles will be required to support the following API:
 +
* A mechanism to install the packages necessary to deploy the role. This may include an API for specifying optional components at this time.
 +
* A mechanism to deploy a role whose packages are installed on the system by providing the necessary information to provision it.
 +
* A mechanism to install optional components of a role after deployment.
 +
* A configuration interface to modify high-level configuration options.
 +
* A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory):
 +
** '''A list of system services provided by the role, as well as data about whether those services are currently running (or enabled, in the case of socket-activated services)'''
 +
** '''A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled.'''
 +
** '''A mechanism to open and close ports that the role operates on for some or all interfaces.'''
 +
** '''If the Role is designed to operate on the network, it should automatically open those ports (see [[#firewall|Firewall]]) during deployment.'''
 +
** A list of files on the filesystem that should be included in a backup set.
 +
** An interface to set processor affinity, memory limits, etc. where sensible.
 +
** Whether the role is running in a container.
  
gnome-software will serve as graphical application installer, offering to install and remove applications, system extensions and add-ons (such as fonts, or codecs) and other optional software. To be presented in the application installer, applications need to provide appdata.
 
  
=== Web Browser ===
+
=== Supported Roles ===
  
firefox will be used as the web browser.
+
==== Domain Controller ====
  
=== Terminal emulator ===
+
The Fedora Server Domain Controller Role will be provided by the FreeIPA project.
  
gnome-terminal will be installed as a terminal emulator. More powerful options, such as terminator, can be investigated.
+
This Server Role is a blocker for the release of Fedora Server in Fedora 21.
  
=== Text Editor ===
+
==== Database Server ====
  
gedit will be installed as a simple text editor.
+
The Fedora Server Database Server will be provided by the PostgreSQL project.
  
=== File Manager ===
+
This Server Role is a nice-to-have for the release of Fedora Server in Fedora 21.
 
 
nautilus will be installed as a file manager.
 
 
 
=== Virtualization frontend ===
 
 
 
gnome-boxes will be available for the creation and use of vms, as well as for connecting to remote systems, e.g. ovirt.
 
 
 
=== Developer assistant ===
 
 
 
The developer assistant will provide an easy way to set the workstation up for various software development use cases.
 
 
 
=== TODO ===
 
 
 
* non-core, default applications ?
 
* other developer-focused software
 
  
 
== Core Package list ==
 
== Core Package list ==
  
List the core packages of the product. This list includes all packages that will be shipping on the core media. This is the mandatory minimal list of packages that needs to be installed on a system at all times for it to qualify as a Fedora workstation install. This package list will be the priority focus for QA and bug fixing.
+
List the core packages of the product. This list includes all packages that will be shipping on the core media. This is the mandatory minimal list of packages that needs to be installed on a system at all times for it to qualify as a Fedora Server install. This package list will be the priority focus for QA and bug fixing.
  
 
=== Package list ===
 
=== Package list ===
  
Here is the full list of packages that are installed as dependencies of the various aforementioned packages, in
+
<TBD>
particular
 
systemd,
 
sssd,
 
selinux-policy-targeted,
 
gdm,
 
gnome-shell,
 
gtk2,
 
gtk3,
 
orca,
 
control-center,
 
ibus,
 
qt4 (qt),
 
qt5 (qt5-qtbase and qt5-qtdeclarative),
 
libvirt-daemon,
 
gnome-boxes,
 
gnome-terminal,
 
firefox,
 
gedit,
 
gnome-software,
 
devassistant,
 
pulseaudio,
 
gstreamer1,
 
gstreamer1-plugins-good.
 
 
 
<pre>
 
abattis-cantarell-fonts
 
accountsservice
 
accountsservice-libs
 
acl
 
adwaita-cursor-theme
 
adwaita-gtk2-theme
 
adwaita-gtk3-theme
 
alsa-lib
 
atk
 
at-spi2-atk
 
at-spi2-core
 
audit-libs
 
augeas-libs
 
authconfig
 
autogen-libopts
 
avahi-glib
 
avahi-gobject
 
avahi-libs
 
basesystem
 
bash
 
bind-libs
 
bind-license
 
bind-utils
 
bluez
 
bluez-libs
 
boost-system
 
boost-thread
 
brlapi
 
brltty
 
bzip2
 
bzip2-libs
 
ca-certificates
 
cairo
 
cairo-gobject
 
c-ares
 
caribou
 
caribou-gtk2-module
 
caribou-gtk3-module
 
cdparanoia-libs
 
celt051
 
ceph-libs
 
cheese-libs
 
chkconfig
 
clutter
 
clutter-gst2
 
clutter-gtk
 
cogl
 
colord
 
colord-gtk
 
colord-libs
 
color-filesystem
 
comps-extras
 
control-center
 
control-center-filesystem
 
coreutils
 
corosync
 
corosynclib
 
cpio
 
cracklib
 
cracklib-dicts
 
cronie
 
cronie-anacron
 
crontabs
 
cryptopp
 
cryptsetup
 
cryptsetup-libs
 
cups-libs
 
cups-pk-helper
 
curl
 
cyrus-sasl
 
cyrus-sasl-gssapi
 
cyrus-sasl-lib
 
cyrus-sasl-md5
 
dbus
 
dbus-glib
 
dbus-libs
 
dbus-python
 
dbus-x11
 
dconf
 
desktop-backgrounds-gnome
 
desktop-file-utils
 
devassistant
 
device-mapper
 
device-mapper-event
 
device-mapper-event-libs
 
device-mapper-libs
 
device-mapper-persistent-data
 
diffutils
 
dmidecode
 
dnsmasq
 
dosfstools
 
dotconf
 
dracut
 
e2fsprogs
 
e2fsprogs-libs
 
ebtables
 
elfutils-libelf
 
emacs-filesystem
 
enca
 
enchant
 
epiphany-runtime
 
espeak
 
evolution-data-server
 
exempi
 
expat
 
fedora-bookmarks
 
fedora-logos
 
fedora-release
 
fedora-release-rawhide
 
festival
 
festival-freebsoft-utils
 
festival-lib
 
festival-speechtools-libs
 
festvox-slt-arctic-hts
 
file-libs
 
filesystem
 
findutils
 
fipscheck
 
fipscheck-lib
 
firefox
 
firewalld
 
flac-libs
 
flite
 
fontconfig
 
fontpackages-filesystem
 
freetype
 
fuse
 
fuseiso
 
fuse-libs
 
gawk
 
GConf2
 
gcr
 
gdbm
 
gdisk
 
gdk-pixbuf2
 
gdm
 
gdm-libs
 
gedit
 
genisoimage
 
geoclue
 
geoclue2
 
geocode-glib
 
gettext
 
gettext-libs
 
giflib
 
git
 
gjs
 
glib2
 
glibc
 
glibc-common
 
glib-networking
 
glusterfs
 
glusterfs-api
 
glusterfs-devel
 
glusterfs-fuse
 
glusterfs-libs
 
glx-utils
 
gmime
 
gmp
 
gnome-bluetooth
 
gnome-bluetooth-libs
 
gnome-boxes
 
gnome-desktop3
 
gnome-icon-theme
 
gnome-icon-theme-symbolic
 
gnome-js-common
 
gnome-keyring
 
gnome-keyring-pam
 
gnome-menus
 
gnome-online-accounts
 
gnome-session
 
gnome-session-xsession
 
gnome-settings-daemon
 
gnome-shell
 
gnome-software
 
gnome-terminal
 
gnome-themes-standard
 
gnupg2
 
gnutls
 
gnutls-dane
 
gnutls-utils
 
gobject-introspection
 
gpgme
 
graphite2
 
grep
 
groff-base
 
gsettings-desktop-schemas
 
gsm
 
gssdp
 
gstreamer1
 
gstreamer1-plugins-base
 
gstreamer1-plugins-good
 
gtk2
 
gtk3
 
gtksourceview3
 
gtk-vnc2
 
gupnp
 
gupnp-av
 
gupnp-dlna
 
gvfs
 
gvnc
 
gzip
 
hardlink
 
harfbuzz
 
harfbuzz-icu
 
hawkey
 
heisenbug-backgrounds-base
 
heisenbug-backgrounds-gnome
 
hicolor-icon-theme
 
hostname
 
hunspell
 
hunspell-en
 
hunspell-en-GB
 
hunspell-en-US
 
hwdata
 
ibus
 
ibus-gtk2
 
ibus-gtk3
 
ibus-libs
 
ibus-qt
 
ibus-setup
 
ibus-wayland
 
info
 
initscripts
 
iproute
 
iptables
 
iptables-services
 
iputils
 
ipxe-roms-qemu
 
iscsi-initiator-utils
 
iso-codes
 
jasper-libs
 
jbigkit-libs
 
json-c
 
json-glib
 
kbd
 
kbd-legacy
 
kbd-misc
 
kernel
 
keyutils
 
keyutils-libs
 
kmod
 
kmod-libs
 
kpartx
 
krb5-libs
 
lcms2
 
ldns
 
less
 
leveldb
 
libacl
 
libaio
 
libao
 
libarchive
 
libassuan
 
libasyncns
 
libatasmart
 
libattr
 
libavc1394
 
libbasicobjects
 
libblkid
 
libbluray
 
libcacard
 
libcanberra
 
libcanberra-gtk3
 
libcap
 
libcap-ng
 
libcdio
 
libcdio-paranoia
 
libcgroup
 
libcollection
 
libcom_err
 
libcroco
 
libcue
 
libcurl
 
libdaemon
 
libdb
 
libdb-utils
 
libdhash
 
libdrm
 
libdv
 
libedit
 
libee
 
libestr
 
libevdev
 
libevent
 
libexif
 
libfdt
 
libffi
 
libgcc
 
libgcrypt
 
libgdata
 
libgee
 
libgnomekbd
 
libgnome-keyring
 
libgomp
 
libgovirt
 
libgpg-error
 
libgsf
 
libgtop2
 
libgudev1
 
libgusb
 
libgweather
 
libgxps
 
libibverbs
 
libical
 
libICE
 
libicu
 
libidn
 
libiec61883
 
libimobiledevice
 
libini_config
 
libipa_hbac
 
libiptcdata
 
libiscsi
 
libjpeg-turbo
 
libldb
 
liblouis
 
liblouis-python3
 
libmcpp
 
libmediaart
 
libmetalink
 
libmng
 
libmnl
 
libmodman
 
libmount
 
libnetfilter_conntrack
 
libnfnetlink
 
libnfsidmap
 
libnl3
 
libnm-gtk
 
libnotify
 
liboauth
 
libogg
 
libosinfo
 
libpath_utils
 
libpcap
 
libpciaccess
 
libpeas
 
libplist
 
libpng
 
libproxy
 
libpwquality
 
libqb
 
libquvi
 
libquvi-scripts
 
libraw1394
 
librdmacm
 
libref_array
 
librepo
 
libreport-filesystem
 
librsvg2
 
libsamplerate
 
libseccomp
 
libsecret
 
libselinux
 
libselinux-python
 
libselinux-utils
 
libsemanage
 
libsepol
 
libshout
 
libSM
 
libsmbclient
 
libsndfile
 
libsolv
 
libsoup
 
libss
 
libssh2
 
libsss_idmap
 
libsss_nss_idmap
 
libstdc++
 
libtalloc
 
libtasn1
 
libtdb
 
libtevent
 
libthai
 
libtheora
 
libtiff
 
libtirpc
 
libtool-ltdl
 
libudisks2
 
libunistring
 
libusal
 
libusbx
 
libuser
 
libutempter
 
libuuid
 
libv4l
 
libverto
 
libvirt-client
 
libvirt-daemon
 
libvirt-daemon-driver-interface
 
libvirt-daemon-driver-network
 
libvirt-daemon-driver-nodedev
 
libvirt-daemon-driver-nwfilter
 
libvirt-daemon-driver-qemu
 
libvirt-daemon-driver-secret
 
libvirt-daemon-driver-storage
 
libvirt-daemon-kvm
 
libvirt-gconfig
 
libvirt-glib
 
libvirt-gobject
 
libvisual
 
libvorbis
 
libvpx
 
libwacom
 
libwacom-data
 
libwayland-client
 
libwayland-cursor
 
libwayland-server
 
libwbclient
 
libwebkit2gtk
 
libwebp
 
libwnck3
 
libwsman1
 
libX11
 
libX11-common
 
libXau
 
libxcb
 
libXcomposite
 
libXcursor
 
libXdamage
 
libXdmcp
 
libXevie
 
libXext
 
libXfixes
 
libXft
 
libXi
 
libXinerama
 
libxkbcommon
 
libxkbfile
 
libxklavier
 
libxml2
 
libXmu
 
libXrandr
 
libXrender
 
libXres
 
libxshmfence
 
libxslt
 
libXt
 
libXtst
 
libXv
 
libXxf86misc
 
libXxf86vm
 
libyaml
 
linux-atm-libs
 
linux-firmware
 
logrotate
 
lua
 
lua-expat
 
lua-json
 
lua-lpeg
 
lua-socket
 
lvm2
 
lvm2-libs
 
lyx-fonts
 
lzo
 
lzop
 
make
 
mcpp
 
mdadm
 
mesa-libEGL
 
mesa-libgbm
 
mesa-libGL
 
mesa-libglapi
 
mesa-libGLES
 
mesa-libwayland-egl
 
mobile-broadband-provider-info
 
ModemManager-glib
 
mozilla-filesystem
 
mozjs17
 
mozjs24
 
mpfr
 
mtools
 
mutter
 
mutter-wayland
 
nautilus
 
nautilus-extensions
 
ncurses
 
ncurses-base
 
ncurses-libs
 
netcf-libs
 
net-snmp-libs
 
nettle
 
NetworkManager-glib
 
newt
 
newt-python
 
nfs-utils
 
nmap-ncat
 
nm-connection-editor
 
nspr
 
nss
 
nss-softokn
 
nss-softokn-freebl
 
nss-sysinit
 
nss-tools
 
nss-util
 
ntfs-3g
 
ntfsprogs
 
numactl-libs
 
numad
 
openjpeg-libs
 
openldap
 
openssh
 
openssh-clients
 
openssl
 
openssl-libs
 
opus
 
orc
 
orca
 
p11-kit
 
p11-kit-trust
 
PackageKit
 
PackageKit-glib
 
PackageKit-gtk3-module
 
pam
 
pango
 
parted
 
pciutils
 
pciutils-libs
 
pcre
 
perl
 
perl-Carp
 
perl-constant
 
perl-Encode
 
perl-Error
 
perl-Exporter
 
perl-File-Path
 
perl-File-Temp
 
perl-Filter
 
perl-Getopt-Long
 
perl-Git
 
perl-HTTP-Tiny
 
perl-libs
 
perl-macros
 
perl-Module-CoreList
 
perl-parent
 
perl-PathTools
 
perl-Pod-Escapes
 
perl-podlators
 
perl-Pod-Perldoc
 
perl-Pod-Simple
 
perl-Pod-Usage
 
perl-Scalar-List-Utils
 
perl-Socket
 
perl-Storable
 
perl-TermReadKey
 
perl-Text-ParseWords
 
perl-threads
 
perl-threads-shared
 
perl-Time-HiRes
 
perl-Time-Local
 
perl-version
 
pinentry
 
pixman
 
pkgconfig
 
pm-utils
 
policycoreutils
 
polkit
 
polkit-pkla-compat
 
poppler
 
poppler-data
 
poppler-glib
 
popt
 
procps-ng
 
psmisc
 
pth
 
pulseaudio
 
pulseaudio-gdm-hooks
 
pulseaudio-libs
 
pulseaudio-libs-glib2
 
pulseaudio-module-bluetooth
 
pyatspi
 
pycairo
 
pygobject3
 
pygobject3-base
 
pytalloc
 
python
 
python3
 
python3-brlapi
 
python3-cairo
 
python3-gobject
 
python3-libs
 
python3-pyatspi
 
python3-speechd
 
python-babel
 
python-backports
 
python-backports-ssl_match_hostname
 
python-caribou
 
python-decorator
 
python-jinja2
 
python-libs
 
python-markupsafe
 
python-PyGithub
 
python-setuptools
 
python-six
 
python-slip
 
python-slip-dbus
 
python-sssdconfig
 
PyYAML
 
qemu-common
 
qemu-img
 
qemu-kvm
 
qemu-system-x86
 
qrencode-libs
 
qt
 
qt5-assistant
 
qt5-qtbase
 
qt5-qtconfiguration
 
qt5-qtdeclarative
 
qt5-qtimageformats
 
qt5-qtmultimedia
 
qt5-qtquickcontrols
 
qt5-qttools
 
qt5-qttranslations
 
qt5-qtxmlpatterns
 
qt5-qtwayland
 
qt5-qtx11extras
 
qt-settings
 
qt-x11
 
quota
 
quota-nls
 
radvd
 
readline
 
realmd
 
redhat-menus
 
rest
 
rpcbind
 
rpm
 
rpm-libs
 
rsync
 
rsyslog
 
rsyslog-mmjsonparse
 
rtkit
 
rygel
 
samba-common
 
samba-libs
 
sbc
 
SDL
 
seabios-bin
 
seavgabios-bin
 
sed
 
seed
 
selinux-policy
 
selinux-policy-targeted
 
setup
 
sgabios-bin
 
shadow-utils
 
shared-mime-info
 
sheepdog
 
slang
 
snappy
 
sound-theme-freedesktop
 
sox
 
speech-dispatcher
 
speex
 
spice-glib
 
spice-gtk3
 
spice-server
 
sqlite
 
sssd
 
sssd-ad
 
sssd-client
 
sssd-common
 
sssd-common-pac
 
sssd-ipa
 
sssd-krb5
 
sssd-krb5-common
 
sssd-ldap
 
sssd-proxy
 
startup-notification
 
systemd
 
systemd-libs
 
taglib
 
tcp_wrappers
 
tcp_wrappers-libs
 
telepathy-filesystem
 
telepathy-glib
 
telepathy-logger
 
totem-pl-parser
 
tracker
 
trousers
 
tzdata
 
udisks2
 
unbound-libs
 
upower
 
usbmuxd
 
usbredir
 
ustr
 
util-linux
 
vino
 
vte3
 
wavpack
 
webkitgtk3
 
webrtc-audio-processing
 
which
 
xcb-util
 
xcb-util-image
 
xcb-util-keysyms
 
xcb-util-renderutil
 
xcb-util-wm
 
xfsprogs
 
xml-common
 
xorg-x11-server-utils
 
xorg-x11-xauth
 
xorg-x11-xinit
 
xorg-x11-xkb-utils
 
xz
 
xz-libs
 
yajl
 
zenity
 
zlib
 
</pre>
 
 
 
=== TODO ===
 
 
 
* Add fonts, input methods, VPN
 
* Compare the package list against the current desktop spin
 
* Do we need to pin down versions ?
 
 
 
 
 
=== Policies for software add-ons ===
 
 
 
General rules and policies for how extra software is installed and what requirements are put on that software.
 
 
 
* Optional software must not interfere with the regular functionality of mandatory components. E.g. installing optional audio software must not prevent other applications from using pulseaudio and gstreamer for media playback.
 
 
 
* Optional software should integrate properly into the defined extension points of the OS:
 
** Applications should provide desktop files and icons
 
** Applications should provide appdata (link?) for the software installer
 
** System services should provide systemd units
 
** Desktop environments should provide a desktop file in /usr/share/xsessions
 
 
 
* It must be possible to remove optional software from the system again
 
 
 
== Installation methods and media ==
 
 
 
We will produce a live .iso image. The primary target for this image will be USB sticks, but the ability to burn the image to a DVD should be preserved (since we are still getting regular requests for such media). There is no pressing reason to restrict the image to the current 1GB size target. Persistence is not an important feature of the live media, whose primary focus should be to install the system.
 
 
 
gnome-disks can create USB sticks on Fedora, and liveusb-creator is the tool we have to let people create USB sticks on Windows or Linux. Both of these tools may need to be extended with support for EFI (whatever that means in detail).
 
 
 
== Hardware requirements ==
 
 
 
We expect to support 64bit machines with suitable graphics and display resolutions. Hi-resolution displays, touchscreens and wacom tablets are
 
interesting hardware and should be supported.
 
 
 
== Engineering Roadmap ==
 
 
 
Not sure if we want this section here or if we should just make this a pure description document and put the implementation roadmap in a separate document.
 

Latest revision as of 23:52, 7 July 2014

Fedora Server Technical Specification

This document aims to describe the technical characteristics of the Fedora Server product in detail. This includes provided services and APIs, installed software, and the like. Some of the desired characteristics may not be entirely achievable in the first version of the Server product, and will be approximated.

The content of this specification unavoidably overlaps with the work of the Base Working Group, and needs to be aligned with their deliverables.

Core Services and Features

This section should describe the core services of the platform and their intended use. The items here should refer back to the Product Requirements Document for a functional justification.

Supported Architectures and Install Media

Fedora Server will run on and provide install media for i686, x86_64, and armv7hl servers.

There will be two official install media for the Fedora Server

  • A network installation media (either a traditional netinst.iso or a boot.fedoraproject.org style)
  • A local installation media providing the default package set as well as any featured roles that are meaningfully installed without a network connection.
    • The local installation media will be allowed a maximum size to fit on a 4.0GB USB device.
    • The local installation media can be pointed at network resources to make available a larger package set.

File system

The default file system type for Fedora Server installs will be XFS running atop LVM for all partitions except /boot. The /boot partition will remain a non-LVM partition due to technological limitations of the bootloader.

File-system layout will be discussed with the Anaconda team and reasonable defaults will be selected based on a combination of the number of available, selected disks and the available memory on the system (for determining SWAP space).

An option will be provided in the Fedora Server installer to enable disk encryption.

Service management

Systemd provides ways to control and monitor the activity and status of system services, resources they require, and the like. System services must provide systemd units to be included in the Fedora Server standard installation. See the systemd documentation.

Logging

Fedora Server will store log files locally by default and will also support sending full log data to an external server to the maximum extent possible. For writing to logs, we recommend the syslog or journal APIs rather than managing application-specific log files. OpenLMI will provide an API for reading the logs.

We will use rsyslog for forwarding data to a central server. The logs of programs using the recommended APIs will be locally stored in the journal database and automatically forwarded; other programs should include appropriate configuration for rsyslog such that their log output is included in the rsyslog-forwarded data stream.

Networking

Network devices and connections will be controlled by NetworkManager by default. Server Roles that may need to interact with the network configuration must do so through the public NetworkManager D-BUS API.

Firewall

A firewall in its default configuration may not interfere with the normal operation of programs installed by default.

On a pristine system, the only open incoming ports are SSH and Cockpit. When Roles are deployed, they may elect to open one or more ports based on the most likely need. Roles *must* provide an interface that describes which ports they want open and which ones they currently have opened. The admin must be able to easily modify this configuration.

Roles that open ports by default must have the set of ports approved by majority vote of the Server Working Group.

If the user hasn't specified firewall status explicitly, interactive role deployment will inform the user whether the service's ports have been opened by default. It must be possible to query the API for the required state of the firewall to support the role, which can then be compared to the active firewalld state.

The OpenLMI project will provide a public, external API to manage firewalld centrally. (This is not yet scheduled for a Fedora release, but is a medium-term plan.)

SELinux

SELinux will be enabled in enforcing mode, using the targeted policy. The Fedora Server standard install and all promoted Server Roles must operate in enforcing mode.

Problem reporting

Problems and error conditions (e.g. kernel oopses, Selinux AVCs, application crashes, OOM, disk errors) should all be reported in the systemd journal.

Support for sending this information to a central place (like abrt does for crashes today) is mandatory.

Account handling

SSSD will provide the backing storage for identity management. The Fedora Server is expected to nearly always be configured for 'centrally-managed' user information; it must be possible to configure it to rely on a directory service for this information. Fedora Server will provide and support the realmd project for joining FreeIPA and Active Directory domains automatically. Interacting with other identity sources will remain a manual configuration effort.

Software updates

Software updates on the Fedora Server must be possible to perform either locally using command-line tools (e.g. yum/dnf) or centrally by common management systems (e.g. Puppet, Chef, Satellite, Spacewalk, OpenLMI).

Miscellaneous system information

System locale, timezone, hostname, etc. will be managed through the services provided by systemd for this purpose. See developer documentation for localed, timedated and hostnamed.

Virtualization

libvirt-daemon will be used to manage virtualization capabilities.

Accessibility

Accessibility support on the Fedora Server will be limited to devices supporting the vision-impaired on the console.

Accessibility support in the optional graphical environment will be aligned with the Fedora Workstation offering.

Input Methods

The input method support for the Fedora Server console access will be limited to LOCALE support in the command shell.

Input method support in the optional graphical console will be aligned with the Fedora Workstation offering.

Graphics and Display Manager

The Fedora Server does not mandate a graphical environment at this time. If the administrator elects to install a desktop, they should choose a display manager themselves at this time.

Appearance

The default user-experience for the Fedora Server will be the bash shell on the console and the Cockpit web management console.

System Installer

The desired installation experience for the Fedora Server product is to limit the pre-installation user interaction to the minimum. The storage configuration UI should provide a single sensible default and an alternative, fully customizable configuration UI.

Package selection will be supplementary. There will be no option in the installer to install less than the Fedora Server standard installation. Options to install Fedora Server Roles will be provided, as well as a UI to install other software from the Fedora Project repositories.

Fedora Server will expect to be the sole citizen on the system. Support for coexisting with other operating systems is not a goal.

Fedora Server will use kickstart as implemented by pyKickstart and Anaconda as the unattended installation mechanism.

Server Roles

The Server Roles listed below are approved to be worked on in the Fedora 21 timeframe.

The public D-BUS API to support Server Roles will be provided from the Cockpit Project.

Role Definition Requirements

Roles will be required to provide both a D-BUS API and a web management plugin for the Cockpit management console. During the development of the first few Fedora Server Roles, the Cockpit project will drive the effort of designing this interface.

Roles will be required to support the following API:

  • A mechanism to install the packages necessary to deploy the role. This may include an API for specifying optional components at this time.
  • A mechanism to deploy a role whose packages are installed on the system by providing the necessary information to provision it.
  • A mechanism to install optional components of a role after deployment.
  • A configuration interface to modify high-level configuration options.
  • A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory):
    • A list of system services provided by the role, as well as data about whether those services are currently running (or enabled, in the case of socket-activated services)
    • A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled.
    • A mechanism to open and close ports that the role operates on for some or all interfaces.
    • If the Role is designed to operate on the network, it should automatically open those ports (see Firewall) during deployment.
    • A list of files on the filesystem that should be included in a backup set.
    • An interface to set processor affinity, memory limits, etc. where sensible.
    • Whether the role is running in a container.


Supported Roles

Domain Controller

The Fedora Server Domain Controller Role will be provided by the FreeIPA project.

This Server Role is a blocker for the release of Fedora Server in Fedora 21.

Database Server

The Fedora Server Database Server will be provided by the PostgreSQL project.

This Server Role is a nice-to-have for the release of Fedora Server in Fedora 21.

Core Package list

List the core packages of the product. This list includes all packages that will be shipping on the core media. This is the mandatory minimal list of packages that needs to be installed on a system at all times for it to qualify as a Fedora Server install. This package list will be the priority focus for QA and bug fixing.

Package list

<TBD>