 All right That's lights great. Hello. I'm Mike Wolf. I'm here to present today the State of the server group So many you probably don't know me. I work for IBM. I'm recently on the server working team And I happen to be one that was coming to Poland And so I could help present this because there's been some changes on the group lately So I might not be the deepest in all the areas But we'll work through that So we're gonna just start with well what's been happening since the last one And with Fedora 23 we've been seeing Some things going in for the server roles The free IPA the cockpit First release with the media installed Did we get some of the other ones? No, let's go back. So I Work for IBM. I'm a secondary arches guy So a couple of them that I care about that I didn't get on here is that We were able to deliver secondary or primary for the first time ever. Thank you Peter One of the other things that I care about just from where we're coming over is on the whole open QA effort So open QA is running on the primary arches One of the things I want to do is find Adam is Adam in the room Okay I really want to get that running on secondary I want to get that running everywhere because I think it's a great thing anytime we can get automated testing We can get scripts going then we can focus on the harder areas. I think that would be great So we've gotten some really good things done But the most of the talk will probably be more about Other changes later. So in 24 they changed the default layout. There's no more home partition They're going to grow the space The free IPA a cockpit update storage de-replacing UDIS Those sorts of things. Oh And here here's a couple of things we were able to do is we were able to add doctor images We're able to add cloud images and bit by bit. We're adding more to that I'm hoping as we get these added My emphasis is actually on power, but I'm always hoping we get things done that, you know The arm can use it yes 390 can use it What once we're adding it for one, let's make sure that's available for all So then this is part where I'm hoping we can get a lot more interaction get some ideas Where is the server going what what do we want this to do over the next few releases till we meet again? Will it be some focus areas? so Steven was working on a roll kit We can keep that going. We'd need volunteers There's talk we could use OpenShift and get a lot more with containers go that route And then the server addition and modules So that's starting to lead in to the modularity talk Langdon is here This is going to be a plug go to his talk go to his workshop When we were meeting on IRC this looked like something that was very positive a lot of people could see how that would be working Maybe we can get a lot of energy around it We have a base runtime stack to boot the system. We have modules. We can install sets of code update them And then we have the other down here. So we're gonna have a working group On Friday, what many of you can attend bring other ideas Supposed to be very collaborative. We don't want to just dictate where it goes. I certainly don't know where it's going So here's a slide a little bit more about the modularity and again It would be better to go to his talk to get the full thing The the idea is is to allow such a code to be added in easily to have 90% of your release be very very stable But the part you want cutting edge the part you want to be updating all the time and using you have a way to do it So this kind of outlines some of the major bullet points for how we would do something like this and As you can see he's added that they're looking on Delivering something maybe by f-26 and he'll be able to tell you about that and start Making the server and the modular working group much tighter get there so Going over this again that the questions I had is just how do we install manage configure it? What do we want on it? What are the file systems that people know how they're being used? One of the things I'd like to get a better grip on is do people know where Fedora servers are being used out there? Do we have use cases? Do we know what we should be focusing on? Do we have the right file system on there? Do we have the right this petitioning on there? It's modularity away. We want to go. I think the server working group would love to hear from people about it There's some open positions on the server working group if you'd want to participate with us that way it'd be awesome and the session is going to be at 130 in the room just down the hall on Friday, so that would be great Documenting where the roles are again The big thing I see different between like the roll and roll kit and what I've heard about modularity Maybe we'll see different it is the install versus installing config and so how do we get that stuff going? What are we going to do about it? Hi, I'm Steven Gallagher I think most of you probably know me. I was formerly on the server working group. I took I've taken some time off to find myself, but Yeah, yeah You don't want to know what's back there so When we started on the server working group What we started on the three editions split each of the editions really was Also trying to find itself now, you know, we built the workstation as not just a fully, you know Fully featured desktop, but it was specifically going to be a desktop for getting stuff done With the cloud with the cloud we wanted a space where we'd be able to Explore some of the really cool new technologies that were coming along the atomic stuff the desk at the cloud the Docker stuff Even just you know enhancements in virtualization with server At first we were a little less certain about exactly where we wanted to go We wanted we knew we needed something that was going to be a little closer to Fedora's historical Developer base, which was you know Fedora redhead Linux those things were started by You know at admins who wanted to get something done Those were and that was our original constituency and then over time We kind of moved towards being more of a desktop distribution and a lot of that traditional audience felt it was feeling sideline so we wanted to build the server to be a place for them to feel part of the community again and Also, we wanted to have a place that was more closely attuned to what our major our major financial contributor Is doing is doing with red headed to drive Linux. We wanted to make sure we weren't Pit taking Fedora to a place where it wasn't going to be Helpful in producing that next level of enterprise distribution So we came up with we have that we had the server addition We took we decided that's where we're going to go and then we we spent quite a few weeks after block in Charleston Figuring out so what does that mean? What what exactly does a an admin a server administrator a data center administrator? need out of a Linux system and What and what are we already doing and what aren't we doing well? and one of the things that we identified that we really weren't doing well and that nobody was doing well was Deploying solutions. We were really really good at getting packages onto your system We were really terrible at helping you make them do anything useful And that's and and different distributions have had different solutions for that for example the the arch Linux Project has absolutely beautiful documentation. Whatever else you want to say about that for that project. They have amazing documentation We didn't Some of that has been improved over the last few years, and I actually think that's despite our best efforts, but With with the server addition what we decided was that We wanted to be able to reduce the barrier to entry for a lot of a lot of people to make it easier to do Common server tasks with the least amount of effort So we developed this kind of concept of server roles and we built one You know and implementation of what we thought that would look like Server role was basically that the the high-level concept of it was to be able to point to a server and say you You're now a domain controller and you You're a database server for a lamp stack and you I don't know what you But The idea would be that for the most part you would just be able to Say okay, I want you to be this and more or less out of the box get something that does this With the least amount of human interaction possible that you know if we want to build a domain controller We bring up free IPA and it's DNS server and we ask you only to provide the admin password Everything else will set up for you at in our best effort and we can tweak it later If it's not quite to your needs, but out of the box you should be able to essentially hit a button and Get a working system So as a basic as a prototype and then later Close-to-production project we built world kit, which was basically just a simple Python wrapper around the installers for a variety of different projects that just took Just took it and applied what we considered common-sense secure defaults and we built it up as an API which had a CLI most that was originally mostly for testing but nobody ever consumed the API so It ended up being the primary interaction and had I know that was going to happen definitely would have involved a designer process but it worked it It it wasn't all pretty and don't look at the code, but it worked You know, I know a number of people who had been struggling for example I know Andrew Alexander who backed me up on a lot of people have trouble installing free IPA It's a complicated piece of software and there's a lot of stuff Even that just needs to be in place before you run the installer That I think we were able to fix with roll kids You know, we were able to tweak some of the other hosts mess and all that just to ensure that Yes, you hit this button and at the end of it. You're going to get something that works That It is funny how often that gets rediscovered Yes Sorry for the sake of the for the sake of the recording the comment from the audiences during free free IPA development It was rediscovered that no one reads documentation So we have And people still Yes, and I use most of it I agree You jumped ahead to my next topic, okay, so This was not Directly part of the server working group discussions, but just prior to its instantiation I had a number of conversations inside of redhat where we were doing essentially what we call a gap analysis figure They're figuring out what what do our competitors do better than we do and first and foremost I said well besides everything at that point. This was this was years ago now but from a user experience perspective It's still if you installed Microsoft Windows Server and turned it on the very first thing it did It was load a graphical environment and give you a list of things you might want to have this wish you can do You were loaded with redhat enterprise Linux server And the first thing you did when you go when you print powered it on was get it was it was getting black and white screen But they go with a you got login prompt and nothing and then once you got your login prompt It was what once you entered your login you got a black and white screen with a you know a dollar sign next to it and No clear indication of where to go next So that was part of the reason why we when we formed the server working group We pretty much all agreed right out of the game that we wanted to Meet that gap we wanted to find a place where we could build a system that a person could that would get Useful information right from the get-go and be able to do something Useful to it now and we looked it around and we saw that the cockpit project was getting a lot closer to that And so what we decided pretty much You know yeah, you know unanimously was okay. We're going to make the cockpit project the official GUI or the Fedora server And then what we would try to do is build our capabilities these roles In such a way that they would be deployable like cockpit that you can have cockpit solve that same first install problem where Nowadays if you start up a Fedora server But then add that log in prompt you also getting notice for the graphical installer Connect to this address of this IP address colon this kind of this board and you will get cockpit you can do a great deal of stuff in a discoverable way and People absolutely love this and I remember hearing an awful lot of people saying how soon can we have that in rel And I think I think as of 73 they can now but it took a while Well, I Got confused Yeah, I was pretty sure that at least that was out just so I got the number wrong So you know and then we were going to try to try and take this roles concept and Make it so that it could be deployed by cockpit and that unfortunately never really materialized and then as time by time passed that project didn't get the it didn't get the other collaboration we needed it didn't get critical mass and The two people that were working out I both got pulled on to other projects, so it's now kind of in life support I'm personally basically maintaining it so anybody discovers a serious bug. I'll hatch it, but otherwise It's not going to see any more active development right now unless you decide to reinvest in it So one of the things that came up in a recent server working group meeting was okay the concept is sound We still certainly want to have the ability to Apply useful services to a machine and have them work So what is the mechanism that we're going to use to do that one one that came up was Ansible another that came up was build open-shift build open-shift or nulecule applications Look at pop it for things that might integrate with satellite You know vague ideas we want to hear What makes sense what can we do there and what will work with? Cockpit, so that's one of the things we were hoping to have as part as part of this conversation And this should be a conversation How do we how do we solve these problems? What is the best approach going forward maybe it's staying with roll kid everyone in this room is suddenly going to decide I'm gonna pick it up and help contribute right now throw hands Well, I got one But realistically It was it was a good try. We can do better. Let's learn from our mistakes and figure out what's the next step Well, no, I mean I like everything you say being a little newer doll on this Getting back to your point. I I personally work better off of examples So if there's anything ever that can come up start configuring it I can see it work and then I go through start learning boy tweak setting by setting. I mean that always appeals to me, so We'll have to work through that because the other downside is we give you defaults if they're crappy defaults, right? No, you're not gonna be happier. You get big, but sure one example At least you get out of court. Yeah So for those who don't know me and that's probably a majority here My name is Alexander Bacaboy. I'm working free AP and some SS is the obvious identity mess that we created over 3040 years and So one thing I wanted to talk about is in IPA We encounter it a problem that It's fine. You set up a role as the main controller. You have this shiny Federal server that runs and wars. It's fine. And then you have Machines that needs to connect to this domain controller and those are AX HP UX and Solaris and old rail machines and old Fedora machines so you have to Kind of backport the knowledge that you have Incorporated within this shiny Fedora to those old Environments and it's not just a code Sometimes it's a change in what software you actually use there or totally different things so what we came in with the idea of You can generate on the server because server knows its own state a sort of Advice how to configure those all the clients and we created the system That's called IP advice that right now is fairly limited in the sense that it only Allows you to generate that wise is how to configure these old clients Against itself, but the advice is effectively what you ask it for is the example how to take the settings that are in the server and Apply them to other machines whether they are servers or clients or whatever Taking that knowledge In the advice with the setting this might be a template that might be something more smart than just a template For the configuration, I can see it being very interesting to build that to an Scap implementation Just generate Scap to apply to X which has its own Scap implementation Yes, so we've happened with a exit might be actually Applying a knowledge that you as a developer on a PSI has about How a X configuration should look like which does not mean that admin managing that Necessarily has this idea how securely it should be configured or might have some problems and actually So this would be probably an interesting topic for the server room Because it's not a role applying on the server itself. It's the role that the server wants to Put on the clients And it might not be just a IPA Thing but an IPA we have this Good position that we know much about the how your Infrastructure card is actually configured How it's a pump in the plot of your enterprise? because identities and all these details and We can actually take it and apply it in some other ways. It's a small idea But again, this idea actually proved to be very helpful for the actual Administrator Yeah, thank you Yeah, I think I saw you were taking notes, which is great. Yeah, that should probably come up in the next week's So We planned on this being about half of the session being a catch up of where we are and then hopefully The Q&A section basically be throw some ideas at us. Let's see what you guys have because I think I was saying somebody before The basic concept of meritocracy is the best idea wins However, the implicit in our requirement of that is that all the ideas are presented so Please help us figure out. How do we how do we reach these goals? I Have some There's a lot of problem that The windows have a one-inch So at present we don't actually offer a server cloud image, but it's been talked about that we may actually swap out the current base image with the server image and then just have server and atomic which do serve different needs though there's also talk about making this about having the server image also be run a project they also be OSG based so short answer is we don't really know what what the right need is there I mean the cloud image as it stands right now is basically trying to solve a problem that we decided we weren't going to try to solve the server which was I want absolute minimum possible stuff on my system and I'll build the rest from there that when we put together the server the server PRD we agreed that was a non-goal for the server our server edition was was meant to provide a known platform not a you know not not that green sheet of the leg that you get in the Legos that you build on everything you build the house on top we wanted to we wanted to well to use one of Matthew's excellent metaphors with with Legos we want to build them and give them a kit not not just a bucket of Lego bricks and the instructions not like you got get the yard sale or just get the block the bricks so it was a specific goal of the door of the server that you would get more than just the minimum set it's not it's not we knew that we were going to alienate a certain subset of the population but we were also hoping that by providing something that means that works out of the box as opposed to you build it into something that's functional would be something that would be more likely to gather new contributors new users if they can just do something right when they get more more experience there's absolutely nothing stopping them from tinkering the Fedora project always allows you to use the net install and do that building from blocks so our specific goal was give them something that is a complete system you know similar to the way Microsoft does it Microsoft Microsoft gives you a complete operating system and a large number of API it's not yes Microsoft give you a minute essentially a minimal or a standardized install right a UX which I was you to configure a domain control right and that's right and that's exactly what that was exactly the model we were trying to match was that you know everything is there I think you can configure it by using this case roll kid to get a domain patrol right using just you know at core which is you know the cloud base images very it is basically at core and cloud and cloud in it that's a very different case from I'm going to provide you the platform necessary to apply anything else on top of it and that was what we were trying to go for with server and it ultimately it wasn't a whole lot more than well you get the minimum get firewall D you get system D you get you get roll kit and you get cockpit you know that those are really the only things on top of the minimum image but they were things we wanted to be able to say you are guaranteed to have these you can rely on this as API well the major the major reason why it's not top of the list is because it's lack of Python 3 support and right now we've actually managed to get to the server I think in 25 they finally got Python 3 out of Samba so I think we're not quite I know it's not a piloting me if I TV we're close though and we've been we've been driving very hard towards getting Python 2 out of the basis that out of the standard install actually it's still not in the standard install because we don't include Santa Samba out of the box yeah we have an easy way to get it but I don't believe we I think you have actually we might have some the some of the client because it's I think it's pulled in by the default this set of oh so there's a bunch of stuff that's falling in my trip last day yeah I'm just gonna say it might it might be pulled in by SSSD but it doesn't have to be we could actually exclude that part but packaging allows it and we just are already pulling in the active key components but we could just switch to having relative photos instead so we could get it off we could theoretically get by 3 out of the right way the plan when all this rule it wasn't even in the scoreboard it's in here so one of the things we get better in gelling yeah right well we're probably a terrible way it's going back to the answer was awesome it has all these default things but you still end up at a text log in front and I have to manually run it so I said that changes when the tower gets open source and we can ship tower at that point also we can put it if we can put a label implementation for limited uses the other part of it is it assumes that we are talking about orchestration more than one machine right now the server is about most of the targeting group with small media businesses to get from a single machine orchestration we need to know about infrastructure so somebody needs to input more details than just a single machine and that means it does yes yeah right how you would deploy particular machines highly dependent on your particular environment some of them might be a real some of them might be yes yeah that's not that's not the use case we're talking about yeah we're talking about taking a single server and having the ability to say give me a lamp stack on that single server at which point yes we'll play that very very convincingly very very easy as a single server a single device sure you can use answer to manage entire sets of infrastructure but you can also use it to configure a single box out of the box we have been stressed that things that correct me if I'm wrong but I'm not sure handsome could install free idea because I don't have to check my books on the cells but not in the central well last I checked IPA server installed wasn't yes which would make it very difficult to use that person so it's quick read that there's a lot of people interested in their historic reasons why that was the major reason why I hadn't been popped up to the front of the list but it was certainly still intention and if I thought to is still stuck there for other reasons maybe it's not blocked further other technical limitations well no the other the other the other items on the list were other things that people were interested in working on so the other one that Mike mentioned was that we talked about possibly switching roles over to be new fuel slash open-shift applications to type it to type better into the efforts we had that have been done by project Tommy and I know that project everyone here has heard of project FAO yet the Fedora Fedora atomic origin which is sorry yeah that's the current working title I don't have piano I was just so you know with the with another large set of the subset of the project working towards that we thought maybe that was something we'd approach as an option also is use a Kubernetes based based deployment system that could theoretically be designed to write the migrated into a project atomic world down the road when you're when you know when you go past one or two servers and you want to start orchestrating and make it trivial to migrate to a cloud and lead to a atomic environment as opposed to a traditional environment so that was that was at the moment that was high at the top on the list or whatever anyway legacy I don't care the terms the terms are meaningless if we don't have an agreement on the definitions so any but anyway at the time when we were discussing this there were more people around who were talking to who are interested in talking about atomic and then containers as a solution so that kind of got bumped up to the forefront that would be on nobody was actively advocating for ads more time so it you know as Brendan is fond of saying he who writes the patch wins the argument the people who were present talking about this other thing so that was the one that was getting steam so if people if people here want to start contributing playbooks that then maybe we write a bit we start working on writing a you know a divus wrapper so they're talking to them I think basically that's what one of the things that's out and I'm not sure we want to wait for tower themselves well it's a pretty red hat world that was then quite a generating revenue hand if you want to integrate with this you integrate with it through tower because it has the API and the GUI and all that I the last I heard on the open sourcing of towers at the festival fest in London in February and they said it will happen at some point but I don't know what I think yeah and I think maybe it will be time it's not the worst idea ever for us to write an API and they're probably already is out there something along those lines and and certainly there's a lot of work to be done to sort of put together a world orchestrated set of playbooks that are not good which would be then consumed whether it's power or something like that so short hands who would want to contribute to that project if we keep it off all right so I got one I got two and a half that's that's better that's better and if it was the origin and if it was origin-based Kubernetes orchestrated kind of containers very different audience from the last time so okay so yeah I think we take that certainly back and let's talk about that more the power certainly yeah I was annoyed by that too and I started trying to put one together to roll kid development was really kind of convenient to the script I had to write to turn cloud it's a nice little arm server image so that's a little arm server image in baby now it doesn't have a good support but that's not helping it yes I think I can agree with that we could I take that to work in groups that a bigger name should be a block that's a different page maybe scratch something else together a vagrant sort of image and enable it in the build build this is Matt's argument for any addition we share any anything we share that seems fair so Langdon is volunteered to work on the bigger image see you've got the experience I had a round sorry it is supported by the technology as it exists today it was our official ruling was that it was never required to be tested together and that we were actually implementing it was that we built the possibility of goals a lot of being able to explicitly conflict other roles so if we knew that they weren't going to work on the same machine they would be allowed you would be allowed to install the one same machine you know if you have two different two different implementations of say might you wouldn't be able to install my and my variety on the same machine but take it with and we only promised to QA as we did one infinite number of combinatorial tests we promised them that they only ever had to test once one role on the server but the technology permits it is just we keep trying and we keep and it keeps not being high enough priority for them to actually manage to get into a sprint but at this point at this point I told them not to I told them to just take it off the list until we figure out what is going to replace will hit because it's become pretty clear that it was not the right it was not the right hammer for that spirit you can't you could do that or no you can't even we had we had broken the role control deploy and we had broken a role control decommission for the three roles that we ever actually managed to release all three of them actually did a complete cleanup you actually did get back to basically the exact same system you had before which was which was actually not an explicit goal but managed to work out it so I have a question for the audience does anyone here a system admit in their in their day job all right thank you Kevin what well actually let me ask you a second question first are any of you using Fedora server in your in your production environment okay those of you who had your hand raised in the first question and not in the second question what would it take well let me ask that question because you answered what you answered with was not you answered this with a specific implementation description of the problem and thoughts what about a support what's that implied what I thought that song so maybe you're for YouTube, we're not specifically the right audience. But let's assume hypothetically that that break it. Sorry. If I could state, I started out with Fedora servers. I'm a system administrator for a school. We started out with Fedora only on our servers. And maybe about five years ago, we migrated most of them over to CentOS. Over the last few years, I have started deploying a few Fedora servers, mainly for, I think, it's beautiful. For what? Thank you. I hate it. The documentation, I at least read the documentation. I got myself in a hole, and it was beautiful. So I do appreciate it. Somebody appreciates it. But one of the things that I know we, one of the main reasons we switched from Fedora to CentOS was the upgrade cycle was just insane. What you say? Now, I'm talking Fedora Core 5. Right. Well, no, I want to know what upgrade cycle is insane. OK, sorry. What it meant to me was I had these. Was it because after the upgrades, things were broken? After the upgrades, things were broken. Now, again, we're talking ancient history. But yeah. Because again, I like to try to hear what the actual problem is, not the symptom of the problem. No, that's sort of right. I would do upgrades, and we would have things not working, and it would take a number of hours, maybe a few days for me to track down what was going on and get it sorted out, which is not the greatest thing when you're working with production servers. Sure. So we switched to CentOS again. Since switching to IPA and running Fedora on the servers that we have IPA on, they have run really, really well. I've gone from, I don't know, 21 up to 23 on one school's system, so I just, a couple weeks ago, set up a brand new IPA server on Fedora 24 for a totally different school that I help out, and it worked beautifully. So I've been really happy with Fedora over the last couple of releases. The one problem I did run into more recently was with Overt. I was running Overt on Fedora, and then there came a point where I think it was basically not really supported, that they strongly recommended switching it to CentOS. I think there's still a recommended install on Fedora. So there was a bug in it that was revealed by everything's kernel that they did to you, and it felt like Fedora's kernel for me to run. Well, and then there was a bunch of stuff that, from a host side of Overt that broke in, and later they fixed it in time and it was retired, and now they've come to a moment and had a bit of a crime. And it's like, well, you were, in fact, like 30 times without fixing this, and you get an email every day, and you broke in that before, and you pay no attention to it. And it's not a question of the policies of Overt, or the responsibilities of Overt, it's up to you to what you provide, regardless of which source you get access to. So, you will have problems if the upstream is not really responsible for what they do, or are interested in assisting. Well, I think one of the things that we, as Fedora's whole bunch of server, we've gotten a lot better at them since Fedora 4.5, is we still move fast and break things, but we usually tell you when the break is coming. We've gotten a lot better at letting people know that the following things that you may be relying on are going to change the API, I mean, in the next release, and here's what is changing. So that has helped a lot. But people don't really know what you're doing. Ah! Thank you, Brandon. Sorry. Maybe a release note. Right. Well, yeah, sometimes they read release notes, and that's where we try to stick some of this stuff. Well, I just want to finish what I thought I was having before about the upgrades. One of the things that people kept coming to us when we first started the server and saying is, well, what we really need for you is a long term life cycle. And when asks would duck down nine times out of 10, and I've got one hand left, I'm sorry, nine times out of 10, what they really meant was we want to know what we got great to them. So we want to know that things are just going to keep breaking up from under us. And so what we said was that, well, the longer life cycle isn't necessarily the only solution to that, the better solution to that is we build up our upgrade testing and make sure that upgrades are clean. So that when you upgrade, it should be more likely, when you upgrade to Dora, we want to be more like going from REL 6.2 to 6.3 than from going from REL 6 to REL 7. And I mean, interestingly, in the REL 7 stuff, they're different from 7.0 to 7.1 to 7.2. It's probably about the equivalent of going from Dora 21 to Dora 23 server additions because there is a lot more movement in the REL side of things and moving a lot faster. I believe that my time is now up. I'm not sure who was supposed to be telling me that, but my watch is doing it. Thank you very much for coming. And to those of you who participated as well, I appreciate it. I'm sure Mike will do it. Thank you. Thank you. Thank you. Thank you.