HackMD
  • Prime
    Prime  Full-text search on all paid plans
    Search anywhere and reach everything in a Workspace with Prime plan.
    Got it
      • Create new note
      • Create a note from template
    • Prime  Full-text search on all paid plans
      Prime  Full-text search on all paid plans
      Search anywhere and reach everything in a Workspace with Prime plan.
      Got it
      • Options
      • Versions and GitHub Sync
      • Transfer ownership
      • Delete this note
      • Template
      • Save as template
      • Insert from template
      • Export
      • Dropbox
      • Google Drive
      • Gist
      • Import
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
      • Download
      • Markdown
      • HTML
      • Raw HTML
      • Sharing Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Note Permission
      • Read
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Write
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • More (Comment, Invitee)
      • Publishing
        Everyone on the web can find and read all notes of this public team.
        After the note is published, everyone on the web can find and read this note.
        See all published notes on profile page.
      • Commenting Enable
        Disabled Forbidden Owners Signed-in users Everyone
      • Permission
        • Forbidden
        • Owners
        • Signed-in users
        • Everyone
      • Invitee
      • No invitee
    Menu Sharing Create Help
    Create Create new note Create a note from template
    Menu
    Options
    Versions and GitHub Sync Transfer ownership Delete this note
    Export
    Dropbox Google Drive Gist
    Import
    Dropbox Google Drive Gist Clipboard
    Download
    Markdown HTML Raw HTML
    Back
    Sharing
    Sharing Link copied
    /edit
    View mode
    • Edit mode
    • View mode
    • Book mode
    • Slide mode
    Edit mode View mode Book mode Slide mode
    Note Permission
    Read
    Owners
    • Owners
    • Signed-in users
    • Everyone
    Owners Signed-in users Everyone
    Write
    Owners
    • Owners
    • Signed-in users
    • Everyone
    Owners Signed-in users Everyone
    More (Comment, Invitee)
    Publishing
    Everyone on the web can find and read all notes of this public team.
    After the note is published, everyone on the web can find and read this note.
    See all published notes on profile page.
    More (Comment, Invitee)
    Commenting Enable
    Disabled Forbidden Owners Signed-in users Everyone
    Permission
    Owners
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Invitee
    No invitee
       owned this note    owned this note      
    Published Linked with GitHub
    Like BookmarkBookmarked
    Subscribed
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    Subscribe
    # Fedora Server Technical Specification Draft 2 Outdated, replaced by [Fedora Server Technical Specification Proposal 2022](https://hackmd.io/9or6pDs3Qq6DzzgVzXgmeQ) [Abstract] This document aims to describe the technical characteristics of the Fedora Server Edition in detail. This includes provided services and APIs, installed software, and the like. Some of the desired characteristics may currently not be entirely achievable, and will be approximated and the subject of further development work. ~~The content of this specification unavoidably overlaps with the work of the Base Working Group, and needs to be aligned with their deliverables.~~ ## Preamble Fedora Server provides a stable, flexible, and universally-adaptable base for the everyday provisioning of services and applications by organizations and individuals, based on the latest technology and available quickly after the upstream releases. It aims to empower users to deploy the services they need, whether using proven mature techniques or current technical developments, under their own control and adapted to their own needs. For this purpose, it provides a broad spectrum of available techniques from which users can choose completely independently and without predetermined valuations. ## Core Services and Features This section describes the core services of the platform and their intended use. The items here should refer back to the Product Requirements Document for a functional justification. ## Supported Architectures and Install Media Fedora Server will run on and provide install media for ~~i686,~~ x86_64 and aarch64 ~~armv7hl~~ servers. There will be four official install media for the Fedora Server Edition * A *network installation media* providing a basic package set intended intended to expand with downloads according to specific custom needs. * The network installation media will be allowed a maximum size of 700 mb. * A *local installation media* providing the default package set as well as any featured roles that are meaningfully installed without a network connection. * It is a trade-off between completeness and practical download size. It should not exceed 2 GB in order to be fully available even in regions of limited Internet capability. * It can point at network resources to make available a even larger package set. * A *virtual machine disk image* for simplified installation of Fedora Server Edition in a KVM virtual environment. The image reproduces the Server Edition completely and without restrictions, as far as features are usable in a virtual environment. * A raw *aarch64 disk image* for installation on a Singe Board Computer (SBC). ## File system The default file system type for Fedora Server installs is XFS running atop LVM for all partitions except /boot. The /boot partition will remain a non-LVM partition due to technological limitations of the bootloader. The default partitioning scheme creates * a biosboot or efi partition as needed, * a /boot partion of 1 GB * a Volume Group with a Logical Volume of 15 GB at maximum for the root file system. An option will be provided in the Fedora Server installer to enable disk encryption. ## Service management Systemd provides ways to control and monitor the activity and status of system services, resources they require, and the like. System services must provide systemd units to be included in the Fedora Server standard installation. See the systemd documentation (http://0pointer.de/public/systemd-man/systemd.unit.html) ## Logging Fedora Server will store log files locally by default and will also support sending full log data to an external server to the maximum extent possible. For writing to logs, we recommend the syslog or journal APIs rather than managing application-specific log files. OpenLMI will provide an API for reading the logs. We will use rsyslog for forwarding data to a central server. The logs of programs using the recommended APIs will be locally stored in the journal database and automatically forwarded; other programs should include appropriate configuration for rsyslog such that their log output is included in the rsyslog-forwarded data stream. ## Networking Network devices and connections will be controlled by NetworkManager by default. Server Roles that may need to interact with the network configuration must do so through the public NetworkManager D-BUS API. ## Firewall A firewall in its default configuration may not interfere with the normal operation of programs installed by default. On a pristine system, the only open incoming ports are SSH and Cockpit. When Roles are deployed, they may elect to open one or more ports based on the most likely need. Roles *must* provide an interface that describes which ports they want open and which ones they currently have opened. The admin must be able to easily modify this configuration. Roles that open ports by default must have the set of ports approved by majority vote of the Server Working Group. If the user hasn't specified firewall status explicitly, interactive role deployment will inform the user whether the service's ports have been opened by default. It must be possible to query the API for the required state of the firewall to support the role, which can then be compared to the active firewalld state. The OpenLMI project will provide a public, external API to manage firewalld centrally. (This is not yet scheduled for a Fedora release, but is a medium-term plan.) ## SELinux SELinux will be enabled in enforcing mode, using the targeted policy. The Fedora Server standard install and all promoted Server Roles must operate in enforcing mode. ## Problem reporting Problems and error conditions (e.g. kernel oopses, Selinux AVCs, application crashes, OOM, disk errors) should all be reported in the systemd journal. Support for sending this information to a central place (like abrt does for crashes today) is mandatory. ## Account handling SSSD will provide the backing storage for identity management. The Fedora Server is expected to nearly always be configured for 'centrally-managed' user information; it must be possible to configure it to rely on a directory service for this information. Fedora Server will provide and support the realmd project for joining FreeIPA and Active Directory domains automatically. Interacting with other identity sources will remain a manual configuration effort. ## Software updates Software updates on the Fedora Server must be possible to perform either locally using command-line tools (e.g. yum/dnf) or centrally by common management systems (e.g. Puppet, Chef, Satellite, Spacewalk, OpenLMI). ## Miscellaneous system information System locale, timezone, hostname, etc. will be managed through the services provided by systemd for this purpose. See developer documentation for localed (http://www.freedesktop.org/wiki/Software/systemd/localed/), timedated (http://www.freedesktop.org/wiki/Software/systemd/timedated/) and hostnamed (http://www.freedesktop.org/wiki/Software/systemd/hostnamed/). ## Virtualization libvirt-daemon will be used to manage virtualization capabilities. ## Accessibility Accessibility support on the Fedora Server will be limited to devices supporting the vision-impaired on the console. Accessibility support in the optional graphical environment will be aligned with the Fedora Workstation offering. ## Input Methods The input method support for the Fedora Server console access will be limited to LOCALE support in the command shell. Input method support in the optional graphical console will be aligned with the Fedora Workstation offering. ## Graphics and Display Manager The Fedora Server does not mandate a graphical environment at this time. If the administrator elects to install a desktop, they should choose a display manager themselves at this time. ## Appearance The default user-experience for the Fedora Server will be the bash shell on the console and the Cockpit web management console. ## System Installer The desired installation experience for the Fedora Server product is to limit the pre-installation user interaction to the minimum. The storage configuration UI should provide a single sensible default and an alternative, fully customizable configuration UI. Package selection will be supplementary. There will be no option in the installer to install less than the Fedora Server standard installation. Options to install Fedora Server Roles will be provided, as well as a UI to install other software from the Fedora Project repositories. Fedora Server will expect to be the sole citizen on the system. Support for coexisting with other operating systems is not a goal. Fedora Server will use kickstart as implemented by pyKickstart and Anaconda as the unattended installation mechanism. ## ~~Server Roles~~ ~~The Server Roles listed below are approved to be worked on in the Fedora 21 timeframe.~~ ~~The public D-BUS API to support Server Roles will be provided from the Cockpit Project.~~ ## ~~Role Definition Requirements~~ ~~Roles will be required to provide both a D-BUS API and a web management plugin for the Cockpit management console. During the development of the first few Fedora Server Roles, the Cockpit project will drive the effort of designing this interface.~~ ~~Roles will be required to support the following API:~~ * ~~A mechanism to install the packages necessary to deploy the role. This may include an API for specifying optional components at this time.~~ * ~~A mechanism to deploy a role whose packages are installed on the system by providing the necessary information to provision it.~~ * ~~A mechanism to install optional components of a role after deployment.~~ * ~~A configuration interface to modify high-level configuration options.~~ * ~~A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory):~~ * ~~A list of system services provided by the role, as well as data about whether those services are currently running (or enabled, in the case of socket-activated services)~~ * ~~A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled.~~ * ~~A mechanism to open and close ports that the role operates on for some or all interfaces.~~ * ~~If the Role is designed to operate on the network, it should automatically open those ports (see Firewall) during deployment.~~ * ~~A list of files on the filesystem that should be included in a backup set.~~ * ~~An interface to set processor affinity, memory limits, etc. where sensible.~~ * ~~Whether the role is running in a container.~~ ## Supported ~~Roles~~ Services ### Domain Controller The Fedora Server Domain Controller ~~Role~~ will be provided by the FreeIPA project. This Server Role is a blocker for the release of Fedora Server ~~in Fedora 21.~~ ### Local File Server The local File Server will be provided by Samba / CIFS project ### Database Server The Fedora Server Database Server will be provided by the PostgreSQL project. ~~This Server Role is a nice-to-have for the release of Fedora Server in Fedora 21.~~ ### Web Server The Fedora Server Web Server will be provided bei Apache httpd server. ### Application Server The Fedora Server Application Server will be provided by the Wildfly project ## Ansible Support TBD ## Core Package list List the core packages of the product. This list includes all packages that will be shipping on the core media. This is the mandatory minimal list of packages that needs to be installed on a system at all times for it to qualify as a Fedora Server install. This package list will be the priority focus for QA and bug fixing. ### Package list <TBD>

    Import from clipboard

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lost their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template is not available.


    Upgrade

    All
    • All
    • Team
    No template found.

    Create custom template


    Upgrade

    Delete template

    Do you really want to delete this template?

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in via Google

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Tutorials

    Book Mode Tutorial

    Slide Mode Tutorial

    YAML Metadata

    Contacts

    Facebook

    Twitter

    Feedback

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.

    Versions

    Versions and GitHub Sync

    Sign in to link this note to GitHub Learn more
    This note is not linked with GitHub Learn more
     
    Add badge Pull Push GitHub Link Settings
    Upgrade now

    Version named by    

    More Less
    • Edit
    • Delete

    Note content is identical to the latest version.
    Compare with
      Choose a version
      No search result
      Version not found

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub

        Please sign in to GitHub and install the HackMD app on your GitHub repo. Learn more

         Sign in to GitHub

        HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Available push count

        Upgrade

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Upgrade

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully