On Wed, 2013-08-21 at 18:45 +0000, "Jóhann B. Guðmundsson" wrote:
> Greetings all
>
> After sitting Dan's Walsh Secure Linux Containers talk at flock where he
> mentioned him and Dan B. had successfully scaled application containers
> to what 8000 instances or so and I noticing that his slide where a bit
> dated due to the changes in croup I decided to have a look at the
> current state in systemd to see what we needed to fix and properly
> integrate those changes into Fedora and deliver good out of the box
> container experience for our administrators and users as well as
> document those changes ( early readers can jump here [1] just note this
> page is a work in progress ).
...
> I would like us to change our default to use long hostname instead as in
> the fqdn or "container01.ackme.com" and would love any kind of feed back
> in that regard ( why we should not default to that ).
>
> The downside of doing that ofcourse if you have like 6 level domain name
> in your infrastructure like "i'm.a.really.long.domain.name.com" it might
> become a bit of a nuance but administrators could always revert those
> change to use short hostname instead if that was the case.
I perfectly understand the reasons for the change and I think we should
definitely change it at least on the login screen (I like the one
additional line idea from Simo). In the terminal label, full hostname
might make sense as well. But I don't like the idea for the command line
PS1 change. Even if I don't have too long FQDN, it will extend my basic
prompt from 23 to 38 (almost half of 80 chars) on 1 system I use most
and to 20 to 43 on another one. This is imho too much (so if the final
decision would be to change \h to \H, I'm going to change the default
PS1 back on my machine anyway).
Having hostname as separate line will make cut&paste of command sequence
from terminal harder to read. I know that many users modify the basic
PS1 anyway, but IMHO nothing blocks you from having modified PS1 in
~/.bashrc (or directly in /etc/skel/).
> The other issue I would like to get some comments on is that we default
> to setting an empty root password which will allow administrators to log
> into containers as root and set the root password as well as removing
> few line from spin kickstarts as well being beneficial to the arm
> community.
Maybe this could be solved by ssh key in .ssh subdir in /etc/skel and
having containers copying these files for root/container users. This way
you should be able to login without password via ssh from your machine,
but still would be safe for the common usecases.
Defaulting to empty root password is IMHO bad idea (-1 from me), we have
to think about other ways how to achieve this.
Greetings,
Ondrej
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
