Join GitHub today
Proposal for adding to the blueprint customizations #634
I like what's going on here - definitely feels like the right set of customizations - but I have a couple thoughts about config syntax/schema to make sure we retain flexibility, but still without going Full Kickstart
First: I feel like it's generally a good idea if values under
Looking at Ansible's timezone role, though, the only thing it really uses is
[[customizations.firewall]] port = "4222/tcp" state = "enabled" [[customizations.firewall]] port = "22/tcp" state = "disabled"
Or, following the
[customizations.firewall.ports] enabled = ["4022/tcp"] disabled = ["22/tcp"]
But I'm worried about
That helps keep things limited :) ButI see your point.
Yeah, that makes sense if we want to allow setting multiple locales, etc. My plan for that was to give them just enough to get the system setup so they can use it in their native language and apply customizations later.
Yeah, that's fine.
The thought process there is that everything is disabled by default, other than things like ssh that enable themselves. I suppose there may be cases where you want to disable things opened by a service (eg. 3rd party package that doesn't meet your security requirements)
I like this form better, keeps it consistent with service.
Not that I know of. The list doesn't match /etc/services, and I tried reading the firewalld code to see where it gets the list but it was 4 layers of abstraction before I gave up. I'd lean towards just having ports available, but I think some of the services support dynamic port assignment so it's probably a good idea to keep that in there and direct them to the distribution's firewalld documentation.
Pull Request Test Coverage Report for Build 1520
I need someone who understands Anaconda's use of keyboard to check the locale commit, I wrote it thinking I could use the same values for