Subject: Make default config safe and sane

From: Chet Burgess <cfb@liquidreality.org>

Trac: Refs #102

-Turn off Auth, RPMPackageManager, TweakStartup, and SystemHarden in the
 default config because they can damage a system if the config tree is
 not configured properly.
-Create new profiles (FullWithAPT, FirstBootFullWithAPT) that include
 the full set of plugins with the RPMPackageManager to support old 
 default configurations.

Signed-off-by: Chet Burgess <cfb@liquidreality.org>

spine-mgmt

@@ -67,7 +67,7 @@ use constant DEFAULT_CONFIG => {
         DefaultPlugins => {
             'DISCOVERY/populate' => 'DryRun SystemInfo',
             'DISCOVERY/policy-selection' => 'DescendOrder',
-            'PARSE/complete' => 'Auth Interpolate',
+            'PARSE/complete' => 'Interpolate',
         },
 
         FileSystem => {
@@ -82,18 +82,16 @@ use constant DEFAULT_CONFIG => {
 
          StandardPlugins => {
             PREPARE => 'PrintData Templates Overlay',
-            EMIT => 'Templates Auth',
-            APPLY => 'Overlay RPMPackageManager TweakStartup'
-                         . ' RestartServices Finalize',
-            CLEAN => 'Overlay RPMPackageManager SystemHarden'
+            EMIT => 'Templates',
+            APPLY => 'Overlay RestartServices Finalize',
+            CLEAN => 'Overlay'
          },
 
         FirstRun => {
-            PREPARE => 'PrintData Overlay',
-            EMIT => 'FirstRun Templates Auth',
-            APPLY => 'Overlay RPMPackageManager TweakStartup'
-                         . ' Finalize',
-            CLEAN => 'Overlay SystemHarden',
+            PREPARE => 'PrintData Templates Overlay',
+            EMIT => 'FirstRun Templates',
+            APPLY => 'Overlay Finalize',
+            CLEAN => 'Overlay',
         }
     };
 

spine-mgmt.conf

@@ -15,38 +15,55 @@ Timeout = 5
 [DefaultPlugins]
 DISCOVERY/populate = DryRun SystemInfo
 DISCOVERY/policy-selection = DescendOrder
-PARSE/complete = Auth Interpolate
+PARSE/complete = Interpolate
 
+# Basic safe run
 [StandardPlugins]
 #
 # Templates here is for quicktemplate functionality
 #
 PREPARE = PrintData Templates Overlay
+EMIT = Templates
+APPLY = Overlay RestartServices Finalize
+CLEAN = Overlay
+
+#
+# Full profile with APT and all the features enabled
+# 
+[FullWithAPT]
+DISCOVERY/populate = DryRun SystemInfo
+DISCOVERY/policy-selection = DescendOrder
+PARSE/complete = Auth Interpolate
+PREPARE = PrintData Templates Overlay
 EMIT = Templates Auth
-APPLY = Overlay RPMPackageManager TweakStartup RestartServices Finalize
-CLEAN = Overlay RPMPackageManager SystemHarden
+APPLY = Overlay RPMPackageManager Overlay SystemHarden TweakStartup RestartServices Finalize
+CLEAN = Overlay RPMPackageManager
 
 #
 # The only difference between the StandardPlugins profile and the FirstBoot
 # profile is that FirstBoot doesn't restart any services or delete any packages
 #
 [FirstBoot]
-PREPARE = PrintData Overlay
-EMIT = FirstRun Templates Auth
-APPLY = Overlay RPMPackageManager TweakStartup Finalize
-CLEAN = Overlay SystemHarden
+PREPARE = PrintData Templates Overlay
+EMIT = FirstRun Templates
+APPLY = Overlay Finalize
+CLEAN = Overlay
 
 #
-# Actions
+# First boot profile that corresponds to the Full profile above
 #
-[action_build_auth]
-EMIT = Auth
-
-[action_apply_auth]
-EMIT = Auth
-APPLY = Overlay
+[FirstBootFullWithAPT]
+DISCOVERY/populate = DryRun SystemInfo 
+DISCOVERY/policy-selection = DescendOrder
+PARSE/complete = Auth Interpolate 
+PREPARE = PrintData Templates Overlay
+EMIT = Templates Auth
+APPLY = Overlay RPMPackageManager Overlay SystemHarden TweakStartup Finalize
 CLEAN = Overlay
 
+#
+# Actions
+#
 [action_build_overlay]
 PREPARE = Overlay