richm · June 28, 2024 20:55
diff --git a/gistfile1.txt b/gistfile1.txt
 NOTES on https://docs.fedoraproject.org/en-US/server-working-group/docs/server-technical-specification/#_4_server_roles

 My comments indicate if Linux System Roles https://linux-system-roles.github.io/ are suitable for the requirement.

 > 4.1 Server Roles Requirements
 > A mechanism to install the packages necessary to deploy the service.

 Yes.  And the mechanism will handle cases where the packages are different depending on the platform/version (which is
 not as important for Fedora as it is for Enterprise Linuxes)

 > A mechanism to deploy a service whose packages are already installed on the system by providing the necessary
 > information and procedures to provision it.

 Yes, depending on what you mean by "information and procedures"

 > A mechanism to install optional components of a service after deployment.

 Most of the roles have something like this e.g. the metrics role allows you to install and configure optional pcp components,
 redis, grafana, etc.

 > A configuration interface to modify high-level configuration options.

 Yes.

 > A helper tool (preferrable based on LVM snapshot) to perform a backup or alternatively
 > a list of files on the filesystem that should be included in a backup set.

 I'm not sure what you mean by this.

 > A list of system services provided by the Supported Server Service, as well as data about whether
 > those services are currently running (or enabled, in the case of socket-activated services)

 This is printed to the Ansible log, but is not available directly e.g. as a role exported variable.

 > A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled.

 No.

 > A mechanism to open and close ports that the server service operates on for some or all interfaces.

 Most system roles use the firewall role (and selinux role) to open/label ports as necessary.

 > If the Server Service is designed to operate on the network, it should automatically open those
 > ports (see Firewall) during deployment.

 Most system roles use the firewall role (and selinux role) to open/label ports as necessary.

 > An interface to set processor affinity, memory limits, etc. where sensible.

 There is a kernel_settings role - but IIUC you want the service role to automatically manage whatever kernel
 settings it needs to operate - that could be easily done.

 > The Fedora Server Domain Controller Service will be provided by the FreeIPA project
 > This Server Service is a blocker for the release of Fedora Server.

 The ansible-freeipa collection.

 > The Fedora Server Database Management Systemn is provided by the PostgreSQL project. This Server Service
 > is a blocker for the release of Fedora Server.

 The role https://github.com/linux-system-roles/postgresql

 > The Fedora Server Fileservice will be provided by the Samba project.

 We do not have a linux system role for that.

 > The Fedora Server Web Server will be provided by the Apache project.

 We do not have a linux system role for that.

 > The Fedora Server Web Application Server service will be provided by the Wildfly project.

 We do not have a linux system role for that.

 > The Fedora Server Mail Service will be provided by the Postfix project and supporting
 > projects like Dovecot, Spamassassin, Dkim, etc.

 We do have a role https://github.com/linux-system-roles/postfix which has some configurability
	NOTES on https://docs.fedoraproject.org/en-US/server-working-group/docs/server-technical-specification/#_4_server_roles

	My comments indicate if Linux System Roles https://linux-system-roles.github.io/ are suitable for the requirement.

	> 4.1 Server Roles Requirements
	> A mechanism to install the packages necessary to deploy the service.

	Yes. And the mechanism will handle cases where the packages are different depending on the platform/version (which is
	not as important for Fedora as it is for Enterprise Linuxes)

	> A mechanism to deploy a service whose packages are already installed on the system by providing the necessary
	> information and procedures to provision it.

	Yes, depending on what you mean by "information and procedures"

	> A mechanism to install optional components of a service after deployment.

	Most of the roles have something like this e.g. the metrics role allows you to install and configure optional pcp components,
	redis, grafana, etc.

	> A configuration interface to modify high-level configuration options.

	Yes.

	> A helper tool (preferrable based on LVM snapshot) to perform a backup or alternatively
	> a list of files on the filesystem that should be included in a backup set.

	I'm not sure what you mean by this.

	> A list of system services provided by the Supported Server Service, as well as data about whether
	> those services are currently running (or enabled, in the case of socket-activated services)

	This is printed to the Ansible log, but is not available directly e.g. as a role exported variable.

	> A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled.

	No.

	> A mechanism to open and close ports that the server service operates on for some or all interfaces.

	Most system roles use the firewall role (and selinux role) to open/label ports as necessary.

	> If the Server Service is designed to operate on the network, it should automatically open those
	> ports (see Firewall) during deployment.

	Most system roles use the firewall role (and selinux role) to open/label ports as necessary.

	> An interface to set processor affinity, memory limits, etc. where sensible.

	There is a kernel_settings role - but IIUC you want the service role to automatically manage whatever kernel
	settings it needs to operate - that could be easily done.

	> The Fedora Server Domain Controller Service will be provided by the FreeIPA project
	> This Server Service is a blocker for the release of Fedora Server.

	The ansible-freeipa collection.

	> The Fedora Server Database Management Systemn is provided by the PostgreSQL project. This Server Service
	> is a blocker for the release of Fedora Server.

	The role https://github.com/linux-system-roles/postgresql

	> The Fedora Server Fileservice will be provided by the Samba project.

	We do not have a linux system role for that.

	> The Fedora Server Web Server will be provided by the Apache project.

	We do not have a linux system role for that.

	> The Fedora Server Web Application Server service will be provided by the Wildfly project.

	We do not have a linux system role for that.

	> The Fedora Server Mail Service will be provided by the Postfix project and supporting
	> projects like Dovecot, Spamassassin, Dkim, etc.

	We do have a role https://github.com/linux-system-roles/postfix which has some configurability