FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 10-09-2012, 01:18 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Tue, 09.10.12 01:00, Miloslav Trmač (mitr@volny.cz) wrote:

> > is any current data
> > available about how our minimal footprint got worse/better over time in
> > both terms of packages and disk space, and which packages are to blame
> > for it?
> >
> > If the libmicrohttpd dep really is problematic I am happy to split it
> > off, but I'd really like some hard data first whether doing this would
> > help more than a trivial bit to achieve a smaller minimal installation
> > set.
>
> One more network-listening service, let alone an unauthenticated one,
> is way "more than a trivial bit" IMHO.
>
> The disk space aspect is by far the most negligible of the four
> reasons for a minimal installation I have mentioned earlier today.
> (The cost of a megabyte of storage is practically indistinguishable
> from zero, and even multiplied by the number of Fedora users it is not
> a number that would inspire much work.) If you are curious about
> specific data, I don't have it available; I'll ask around.

Well, I actually believe the disk space matters, since copying 1000
container images around with each costing 50M is quite a difference from
each costing 500M.

I wrote this little script now to generate a minimal container installation:

http://0pointer.de/public/miss.sh.txt

This will simply install SSH, systemd, passwd, and rpm into some
directory. This is enough to boot cleanly into it via "systemd-nspawn -b
-D <somedirectory>", and then log in and shut down the container
again. Note that this is much more minimal than what Fedora considers
the basic set. i.e. no kernel (not needed for a container), no syslog
(yay for the journal!) and lacking a few other things.

Here's the data I gathered of the previous releases:

http://0pointer.de/public/miss/

The number of packages this pulls in:

Fedora 15: 131
Fedora 16: 134
Fedora 17: 120
Fedora 18: 106

We got much better here! Great work by everybody involved!

The disk space this takes up on disk:

Fedora 15: 591M
Fedora 16: 617M
Fedora 17: 442M
Fedora 18: 434M

Which is pretty OK, too, I guess.

To build such an image I'd really would have preferred not installing
the docs. It appears rpm once had a feature for that where you could add
excludedocs in rpmrc. This feature seems to have been removed. Why? Can
we get that back? Or can I enable this for yum in some other way? Anyone
has an idea?

From the list of packages this minimal set still installs, that I'd
really like to see gone:

chkconfig
gamin
info
systemd-sysv

But otherwise there's very little to really complain about I must
admit. Heads off to everybody involved in reducing the minimal
installatation set size. And sorry for assuming this initiative was dead.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:21 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Tue, 09.10.12 00:34, Bill Nottingham (notting@redhat.com) wrote:

> Miloslav Trmač (mitr@volny.cz) said:
> > > is any current data
> > > available about how our minimal footprint got worse/better over time in
> > > both terms of packages and disk space, and which packages are to blame
> > > for it?
> > >
> > > If the libmicrohttpd dep really is problematic I am happy to split it
> > > off, but I'd really like some hard data first whether doing this would
> > > help more than a trivial bit to achieve a smaller minimal installation
> > > set.
> >
> > One more network-listening service, let alone an unauthenticated one,
> > is way "more than a trivial bit" IMHO.
>
> Well, it *is* off by default.
>
> Checking the minimal install of the moment:
>
> Install 38 Packages (+160 Dependent packages)
>
> Total download size: 129 M
> Installed size: 505 M
>
> In that minimal install, the following disabled services exist:
> NetworkManager-wait-online.service
> autovt@.service
> console-getty.service
> console-shell.service
> debug-shell.service
> dnsmasq.service
> ip6tables.service
> iptables.service
> rdisc.service
> saslauthd.service
> wpa_supplicant.service
> systemd-journal-gatewayd.socket
>
> The follwing 'traditional' services are enabled:
> auditd.service
> sshd.service
> sm-client.service
> sendmail.service
> NetworkManager.service
> crond.service
> rsyslog.service
>
> Bill

Maybe the definition of the fedora base set needs a bit of updating,
given that it considers rdisc, saslauthd, audit, dnsmasq, syslog, wpa
supplicant and sendmail basic. For container setups I need nothing of
that... (heck! for my non-containerized server I don't need that
either...)

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:23 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Tue, 09.10.12 07:10, "Jhann B. Gumundsson" (johannbg@gmail.com) wrote:

> On 10/09/2012 04:34 AM, Bill Nottingham wrote:
> >rsyslog.service
>
> Remind me again of the reason why we are still shipping rsyslog by
> default now that we have the journal?

For F19 I plan to submit a feature asking for not installing syslog by
default anymore. I wonder how far I'll get with this before this is
shut down by the conservatives... ;-)

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:29 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Mon, 08.10.12 21:00, Ray Strode (halfline@gmail.com) wrote:

> Hi,
>
> On Mon, Oct 8, 2012 at 1:07 PM, Lennart Poettering <mzerqung@0pointer.de> wrote:
>
> > Correct. Note that this is not accessible at all, by default, and mostly
> > a preview for now. Later on we will add http digest auth and proper TLS
> > support (including client certs) if people want to control
> > access. (thankfully, libmicrohttpd already implements auth+tls, so this
> > is easy for us to provide).
> I think negotiate-auth would be a really good feature here, since many
> enterprise deployments use kerberos based SSO in their intranets.

well, this is really computers authenticating against computers, not
users against computers. Hence I think kerberos/SSO is not really the
most appropriate logic, since it's very user-bound, no?

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:39 PM
Seth Vidal
 
Default systemd requires HTTP server and serves QR codes

On Tue, 9 Oct 2012, Lennart Poettering wrote:



Maybe the definition of the fedora base set needs a bit of updating,
given that it considers rdisc, saslauthd, audit, dnsmasq, syslog, wpa
supplicant and sendmail basic. For container setups I need nothing of
that... (heck! for my non-containerized server I don't need that
either...)


For minimal installs you also need a tool that can do automatic
installation of dependencies. Otherwise the first thing every admin who
installs minimal will have to do is to fetch down yum, python, etc to get
themselves rolling. Maybe in the eventual future dnf, libzypp etc will be
fetched down - but in either case minimal requires such a tool as part of
it.


-sv

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:42 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Tue, 09.10.12 12:24, Milan Broz (mbroz@redhat.com) wrote:

> - systemd-cryptsetup
> (generally, to be able to install system without cryptsetup->device-mapper libs
> dependences if only plain partitions are used, as they are in VM)
> - system-readahead
>
> - systemd-udev

Making cryptsetup/readahead/udev optional is certainly doable, but then
again, these things are absolutely trivial, so unless there is a strong
need for it, I'd avoid making things more complicated for me. Note that
it is not possible to boot up a machine withotu udev though. Only in
containers udev is optional as we can rely on a set up environment
there, and do not need to manage devices ever.

> - systemd-journal (or at least that extended httpd part)

The journal cannot be removed really. We require this to capture
stdout/stderr of all services (or in other words: even folks who think
the journal is an abomination will benefit from this, as this means
stdout/stderr data is forwarded to syslog too).

> maybe *.[service|mount|timer|...] unit files could live in separate
> subpackage as well

These hardly make sense separate, and we actually spend some work in the
F18 time-frame to fold them back into the main package.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:43 PM
Lennart Poettering
 
Default systemd requires HTTP server and serves QR codes

On Tue, 09.10.12 13:31, Richard W.M. Jones (rjones@redhat.com) wrote:

> On Tue, Oct 09, 2012 at 12:24:03PM +0200, Milan Broz wrote:
> > - systemd-udev
>
> +1 .. udev should really be a separate package again.

OK, I'll bite, why?

> Also, please stop moving udevd around.

What is it to you where the binary lives?

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:49 PM
Matthew Miller
 
Default systemd requires HTTP server and serves QR codes

On Tue, Oct 09, 2012 at 03:29:05PM +0200, Lennart Poettering wrote:
> > I think negotiate-auth would be a really good feature here, since many
> > enterprise deployments use kerberos based SSO in their intranets.
> well, this is really computers authenticating against computers, not
> users against computers. Hence I think kerberos/SSO is not really the
> most appropriate logic, since it's very user-bound, no?

I think the envisioned use would be admins peeking at the logs, but not
allowing regular users to do so. (Commonly currently accomplished by making
/var/log/messages owned and readable by the wheel group.)


--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:56 PM
Simo Sorce
 
Default systemd requires HTTP server and serves QR codes

On Tue, 2012-10-09 at 15:23 +0200, Lennart Poettering wrote:
> On Tue, 09.10.12 07:10, "Jhann B. Gumundsson" (johannbg@gmail.com) wrote:
>
> > On 10/09/2012 04:34 AM, Bill Nottingham wrote:
> > >rsyslog.service
> >
> > Remind me again of the reason why we are still shipping rsyslog by
> > default now that we have the journal?
>
> For F19 I plan to submit a feature asking for not installing syslog by
> default anymore. I wonder how far I'll get with this before this is
> shut down by the conservatives... ;-)

Does systemd journal populate /var/log/messages ?

If not, don't do that.

I already found myself stranded in F18 a couple of times.
Stuff changed and there is no way to discover how to fix things.
My 2 current gripes:
1.
/etc/systconfig/network is no more, so where do I set the hostname ?
(why anaconda doesn't offer to set it ?) Why isn't there
a /etc/systconfig/network name with a comment that tells where new stuff
is supposed to go ?

2.
The machine came up *with* network, but not using the configuration I
gave in anaconda, and there was no immediate way for me to even shut it
down, which is really bad.
system-config-network is no more
ifconfig is gone (I use ip addr, but this will surprise a lot of people)
/etc/sysconfig/network-script didn't have any ifcfg-eth0 configuration
file, and yet network manager was bringing up eth0 w/o any configuration
I could find using DHCP (I totally DID not want it) and although
NetworkManager.conf included the rh plugin to use sysconfig files.

Now I know 2) is not a systemd fault but it highlight the fact that we
are changing the system without any consideration to the admins that get
to use it.

Can I ask that you *think* about this issue and whenever possible drop a
comment in a file where people would expect to find stuff following the
legacy scheme or provide a shim command that explains what to use
instead ?

For configuring NM I had to finally look at an example file on another
mahcine and create manually my own ifcfg-eth0 file. This is a huge
usability regression and I think bringing up an interface by default
when no configuration is available is also a very serious issue, It is
actually potentially a security issue.

Sorry if this comes out as a rant.
I am *NOT* against these changes.
But I'd like to see more forethought in helping admins find their way
when things get changed. I am not asking for perfect backwards
compatibility either, but leave trails admins can follow to use the new
stuff, please.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 10-09-2012, 01:58 PM
Matthew Miller
 
Default systemd requires HTTP server and serves QR codes

On Tue, Oct 09, 2012 at 03:18:25PM +0200, Lennart Poettering wrote:
> To build such an image I'd really would have preferred not installing
> the docs. It appears rpm once had a feature for that where you could add
> excludedocs in rpmrc. This feature seems to have been removed. Why? Can
> we get that back? Or can I enable this for yum in some other way? Anyone
> has an idea?

+1 to this, although note that we currently ship licenses as doc files, and
so that might need to go by packaging/legal.

There's a yum plugin which sets RPM transaction flags (yum-plugin-tsflags),
and with that we could put "tsflags=nodocs" in the yum.conf. Not sure how to
get that up to spin-creation tools, and if we're going to count on it it
could probably use some polish and integration.

> info

Yeah that goes along with nodocs.


--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@fedoraproject.org>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 10:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org