Latest revision as of 15:33, 27 January 2025

Retire Zezere Provisioning Server (IoT)

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Retire/remove use of the zezere provisioning server, currently used to configure Fedora IoT devices.

Owner

Name: Paul Whalen
Email: pwhalen@fedoraproject.org
Name: Fedora IoT SIG

Current status

Targeted release: Fedora Linux 42
Last updated: 2025-01-27
Announced
Discussion thread
FESCo issue: #3358
Tracker bug: <will be assigned by the Wrangler>
Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

Currently, Fedora IoT users can add an SSH key to the root user account using the Zezere provisioning tool. While convenient for many use cases, users have given feedback that this does not work for all. There are issues using zezere with IPv6, the configuration is limited to the SSH key only and many planned features were never implemented (2, 3, 4).

In Fedora 42 we plan to remove the Zezere provisioning server in favour of offering a local means for user configuaration - systemd-firstboot.

Users will still be able to use the existing configuration options of FIDO Device Onboarding or ignition.

Feedback

Benefit to Fedora

The Zezere provisioning tool has not worked well for all Fedora IoT users. Retiring Zezere in IoT will allow us to replace this configuration method with something that is more robust, well tested and already installed by default with systemd.

Scope

Proposal owners:
- Remove Zezere from the installed packages, enable systemd-firstboot and ensure its compatible with IoT systems
- Document the change

Other developers: N/A

Release engineering: #Releng issue number

Policies and guidelines: N/A (not needed for this Change)

Trademark approval: N/A (not needed for this Change)

Alignment with the Fedora Strategy:

Upgrade/compatibility impact

None.

Early Testing (Optional)

Do you require 'QA Blueprint' support? N

How To Test

To test, users will need to provision a new Fedora IoT system after the change is made to enable systemd-firstboot.

Systems previously configured with Zezere will continue to work as expected.

User Experience

Users who have been unable to use Zezere will have an easier and more straight forward way to configure their system resulting in less frustration during the critical first boot experience.

Dependencies

Contingency Plan

Contingency mechanism: Continue to include Zezere as we do today.

Documentation

Fedora IoT Getting started guide will be updated to reflect the change and new configuration option and how to use systemd-firstboot.
Documentation for using FIDO Device Onboarding and Ignition will be expanded as we remove references to Zezere

Release Notes

@@ Line 1: / Line 1: @@
-{{admon/important | Comments and Explanations | The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.<br/> '''Copy the source to a ''new page'' before making changes!  DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.'''}}
-{{admon/tip | Guidance | For details on how to fill out this form, see the [https://docs.fedoraproject.org/en-US/program_management/changes_guide/ documentation].}}
-{{admon/tip | Report issues | To report an issue with this template, file an issue in the [https://pagure.io/fedora-pgm/pgm_docs pgm_docs repo].}}
 <!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
-= Deprecate Zezere Provisioning Server (IoT) =
+= Retire Zezere Provisioning Server (IoT) =
 {{Change_Proposal_Banner}}
 == Summary ==
-Deprecate use of the Zezere provisioning server, currently used to configure Fedora IoT devices.
+Retire/remove use of the {{package|zezere}} provisioning server, currently used to configure Fedora IoT devices.
 == Owner ==
@@ Line 28: / Line 22: @@
 == Current status ==
-[[Category:ChangePageIncomplete]]
+[[Category:ChangeReadyForFesco]]
 <!-- When your change proposal page is completed and ready for review and announcement -->
 <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
@@ Line 46: / Line 40: @@
 ON_QA -> change is fully code complete
 -->
-* [Announced]
+* [https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/thread/6E43LLLJEPQEEZC2MTWE3IRF5IYBDCPS/ Announced]
-* [<will be assigned by the Wrangler> Discussion thread]
+* [https://discussion.fedoraproject.org/t/f42-change-proposal-deprecate-zezere-provisioning-server-iot-self-contained/142516 Discussion thread]
-* FESCo issue: <will be assigned by the Wrangler>
+* FESCo issue: [https://pagure.io/fesco/issue/3358 #3358]
 * Tracker bug: <will be assigned by the Wrangler>
 * Release notes tracker: <will be assigned by the Wrangler>
 == Detailed Description ==
-Currently, Fedora IoT users can add an SSH key to the root user account using the Zezere provisioning tool. While convenient for most use cases, users have given feedback that this does not work for all. In Fedora 42 we plan to deprecate the Zezere provisioning server in favour of offering a local means for user configuaration - `systemd-firstboot` - as well as the existing options of `FDO` or `ignition`.
+Currently, Fedora IoT users can add an SSH key to the root user account using the Zezere provisioning tool. While convenient for many use cases, users have given feedback that this does not work for all. There are issues using `zezere` with [https://github.com/fedora-iot/zezere/issues/139 IPv6],  the configuration is limited to the SSH key only and many planned features were never implemented ([https://github.com/fedora-iot/zezere/issues/112 2], [https://github.com/fedora-iot/zezere/issues/113 3], [https://github.com/fedora-iot/zezere/issues/114 4]).
+In Fedora 42 we plan to remove the Zezere provisioning server in favour of offering a local means for user configuaration - `systemd-firstboot`.
+Users will still be able to use the existing configuration options of `FIDO Device Onboarding` or `ignition`.
 == Feedback ==
@@ Line 59: / Line 57: @@
 == Benefit to Fedora ==
-The Zezere provisioning tool has not worked well for all Fedora IoT users. Deprecation will allow us to replace this configuration method with something that is more robust, well tested and already installed by default with `systemd`.
+The Zezere provisioning tool has not worked well for all Fedora IoT users. Retiring Zezere in IoT will allow us to replace this configuration method with something that is more robust, well tested and already installed by default with `systemd`.
 == Scope ==
 * Proposal owners:
-** Remove Zezere from the installed packages, enable `systemd-first` boot and ensure its compatible with IoT systems
+** Remove Zezere from the installed packages, enable `systemd-firstboot` and ensure its compatible with IoT systems
 ** Document the change
@@ Line 88: / Line 86: @@
 == How To Test ==
 To test, users will need to provision a new Fedora IoT system after the change is made to enable `systemd-firstboot`.
+Systems previously configured with Zezere will continue to work as expected.
 == User Experience ==
@@ Line 103: / Line 103: @@
 == Documentation ==
-* Fedora IoT Getting started guide will be updated to reflect the change and new configuration option.
+* Fedora IoT Getting started guide will be updated to reflect the change and new configuration option and how to use `systemd-firstboot`.
+* Documentation for using `FIDO Device Onboarding` and `Ignition` will be expanded as we remove references to `Zezere`
 == Release Notes ==

Search

Changes/Retire Zezere: Difference between revisions