Announcement

Collapse
No announcement yet.

What Would You Like To See Out Of Fedora Server In The Future?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • What Would You Like To See Out Of Fedora Server In The Future?

    Phoronix: What Would You Like To See Out Of Fedora Server In The Future?

    Stemming from the Fedora Server special interest group planning to update their product requirements with a plan to retire the concept of "server roles", Red Hat / Fedora Server SIG is looking for feedback about what you would like to see from Fedora Server...

    http://www.phoronix.com/scan.php?pag...r-Future-Goals

  • #2
    I probably just need to learn how to set permissions properly/better, but SELinux is a hassle for me on Fedora Server when it comes to 3rd-party software.

    As it stands currently, for any background services I want to run, I set SELinux to permissive, do whatever I can with the background service that will be done normally in order to trigger SELinux permission stuff, generate a policy for those permissions, and turn SELinux back on, but even after that, after a few days or weeks I'll randomly get a new denial (I check services maybe monthly, so unless I happen to notice something broken; the denial will be around and prevent something from working for a good while).

    Specifically, I host a GNU social MediaGoblin instance, and the above happens with both of those services.

    Aside from that, I like Fedora Server, but since I don't really prefer to check those services frequently, I'm on Ubuntu Server currently.

    Comment


    • #3
      Originally posted by Espionage724 View Post
      I probably just need to learn how to set permissions properly/better, but SELinux is a hassle for me on Fedora Server when it comes to 3rd-party software.

      As it stands currently, for any background services I want to run, I set SELinux to permissive, do whatever I can with the background service that will be done normally in order to trigger SELinux permission stuff, generate a policy for those permissions, and turn SELinux back on, but even after that, after a few days or weeks I'll randomly get a new denial (I check services maybe monthly, so unless I happen to notice something broken; the denial will be around and prevent something from working for a good while).

      Specifically, I host a GNU social MediaGoblin instance, and the above happens with both of those services.

      Aside from that, I like Fedora Server, but since I don't really prefer to check those services frequently, I'm on Ubuntu Server currently.
      The Fedora SELinux policy can (and does) include rules for things that aren't shipped in Fedora, so you could maybe get those policies merged into the package even though MediaGoblin isn't in Fedora.

      But yeah, in general, I agree that this can be a bit annoying. It's a bit of an inevitable trade-off for the increased security, though. SELinux can't really provide any security if it doesn't restrict things, after all.

      There *are* mechanisms you can use to get a notification sent out specifically when an AVC occurs, I think - you could use that to help you know better when something's been stomped by SELinux..

      Comment


      • #4
        Working open source OpenCL (closer to performance you can see with the proprietary packages) would be a huge thing (especially with OpenPOWER, AArch64, and maybe eventually RISC-V hardware coming into the market), along with maybe some of the build-time performance work that Intel has done with Clear Linux. If I can figure out how to operate this thingy, I'll say as much. The upshot of the former is that IBM might be willing to spot you a few simoleons.

        Quality has not been a big problem with Fedora, and I don't struggle with the SELinux policies, so features like this are really where it's at.
        Last edited by microcode; 03-26-2018, 07:53 PM.

        Comment


        • #5
          It isn't likely that I will be running Fedora Server anytime soon so can't offer much in the way of comment. The most likely need I will have short term is a robust home media server, I'm not even sure if Fedora is the right solution for that need.

          Comment


          • #6
            Originally posted by Espionage724 View Post
            I probably just need to learn how to set permissions properly/better, but SELinux is a hassle for me on Fedora Server when it comes to 3rd-party software.

            As it stands currently, for any background services I want to run, I set SELinux to permissive, do whatever I can with the background service that will be done normally in order to trigger SELinux permission stuff, generate a policy for those permissions, and turn SELinux back on, but even after that, after a few days or weeks I'll randomly get a new denial (I check services maybe monthly, so unless I happen to notice something broken; the denial will be around and prevent something from working for a good while).

            Specifically, I host a GNU social MediaGoblin instance, and the above happens with both of those services.

            Aside from that, I like Fedora Server, but since I don't really prefer to check those services frequently, I'm on Ubuntu Server currently.
            This is one that we hear a lot, and we're looking into ways to improve the experience. As AdamW mentioned, our SELinux policy includes plenty of content for things we don't actually ship because individuals or upstreams have reported the behavior, so getting that feedback would be a good start. Another thing that we're working on is extending the SELinux troubleshooting support that we have in the Cockpit Admin Console for Fedora Server. Right now, we can get reporting of SELinux denials and provide some basic troubleshooting tips. We need to take this further and provide an easy way to report changes that should be handled by default as well.

            Thanks for the constructive criticism!

            Comment


            • #7
              I think Fedora Server's biggest problem is that its an answer in search of a problem. Red Hat already has an open source server OS. It's called CentOS.

              Comment


              • #8
                I'm a curmudgeonly old-school sysadmin and developer (although I do like systemd). So the things I want are no GUIs. Cockpit is useless to me. I want to understand exactly how things work. Excellent documentat is a plus. For example if there was a Fedora optimized way to configure a network-wide certificate authority, or opportunistic IPSec with DNSSec that should have a few pages of great docs on how it works and what to install and configure. None of this "click here to create a certificate," thanks.

                The way Cockpit is now, I don't hate it or want it to go away because I can just ignore it. So that's fine. It's just that focusing work on it does nothing for me.

                Comment


                • #9
                  Originally posted by torsionbar28 View Post
                  I think Fedora Server's biggest problem is that its an answer in search of a problem. Red Hat already has an open source server OS. It's called CentOS.
                  I think that's definitely part of it... personally, I use Fedora for desktop, but CentOS for any kind of server tasks.

                  Comment


                  • #10
                    Originally posted by torsionbar28 View Post
                    I think Fedora Server's biggest problem is that its an answer in search of a problem. Red Hat already has an open source server OS. It's called CentOS.
                    I think the thing that people forget a lot of the time is that CentOS (and its big brother, Red Hat Enterprise Linux) don't appear out of nowhere. Fedora Server is the public upstream for both of those OSes. Fedora Server isn't a solution in search of a problem, it's a place where the R&D happens. It's where ideas get tried out, tested, (sometimes abandoned) and evolves into the rock-solid enterprise distributions that you know and love.

                    So yes, I certainly understand that it's an uphill battle to try to convince people to use Fedora Server in their *production* environments (though it would probably surprise a lot of people reading this that there are actually quite a few large deployments doing so). Fedora Server's most immediately-visible value however is allowing us to work with projects that want to eventually deploy on RHEL and CentOS to try things out and find the right answers long before a RHEL Beta release drops. Remember systemd in RHEL/CentOS 7? That came through Fedora first. NetworkManager? Fedora. The GCC and glibc upstreams do their development heavily in Fedora, with each Fedora release always being built with the latest stable GCC. Love the way your system integrates with Active Directory? FreeIPA and SSSD were Fedora-developed.

                    Red Hat isn't Microsoft or Google: There are few surprises in what gets delivered in the next major release because we've been working in the community with Fedora Server to get there.

                    So, from that perspective, it wouldn't be unfair to say that the request I'm making to all of you is to tell me what you see as the major problems that a server OS will need to overcome over the next couple years, with an eye towards that work flowing back down through RHEL and CentOS as well.

                    Comment

                    Working...
                    X