(add post-install requirements header) |
m (add remote authentication criterion) |
||
Line 1: | Line 1: | ||
{{anchor|remote-authentication}} | |||
==== Remote authentication ==== | |||
It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain. | |||
{{hidden|header=Non-interactive only OK|content=The install-time capability is not required to be interactive (i.e. it is acceptable for it to be possible by kickstart only).|headerstyle=background:#e5e5e5|fw1=normal|ta1=left}} | |||
{{hidden|header=No local account requirement|content=This criterion is understood to mandate that there must be no requirement for a local user account to be created during install or first boot of a Server system.|headerstyle=background:#e5e5e5|fw1=normal|ta1=left}} | |||
{{hidden|header=References|content= | |||
* Part of [https://lists.fedoraproject.org/pipermail/server/2014-June/001198.html initial Server release criteria proposal], 2014-06-06 | |||
* Test case: TODO | |||
|headerstyle=background:#e5e5e5|fw1=normal|ta1=left}} | |||
{{anchor|post-install-requirements}} | {{anchor|post-install-requirements}} | ||
=== <span style="text-decoration:underline">Post-install requirements</span> === | === <span style="text-decoration:underline">Post-install requirements</span> === | ||
{{anchor|system-log-forwarding}} | {{anchor|system-log-forwarding}} | ||
==== System log forwarding ==== | ==== System log forwarding ==== | ||
It must be possible to forward system logs | It must be possible to forward system logs between two systems running the release, using rsyslog. | ||
{{hidden|header=Details|content=This criterion assumes a working network connection between the machines, appropriate firewall configuration, and a fairly straightforward rsyslog configuration. A more exotic configuration failing is unlikely to be considered a violation of this criterion.|headerstyle=background:#e5e5e5|fw1=normal|ta1=left}} | {{hidden|header=Details|content=This criterion assumes a working network connection between the machines, appropriate firewall configuration, and a fairly straightforward rsyslog configuration. A more exotic configuration failing is unlikely to be considered a violation of this criterion.|headerstyle=background:#e5e5e5|fw1=normal|ta1=left}} | ||
{{hidden|header=References|content= | {{hidden|header=References|content= | ||
Line 13: | Line 23: | ||
==== Firewall configuration ==== | ==== Firewall configuration ==== | ||
After system installation without explicit firewall configuration, the system firewall must be active on all non-loopback interfaces. The only ports which may be open to incoming traffic are port 22 and any ports associated with server Roles selected during installation. Supported install-time firewall configuration options must work correctly. | After system installation without explicit firewall configuration, the system firewall must be active on all non-loopback interfaces. The only ports which may be open to incoming traffic are port 22 and any ports associated with server Roles selected during installation. Supported install-time firewall configuration options must work correctly. | ||
{{hidden|header=Install time configuration|content=To explain the last part of this criterion - it is possible to include firewall configuration options in a kickstart-driven installation, and the criterion requires that those options work as expected. The options considered to be 'supported' are those documented at [[Anaconda/Kickstart#firewall]]. | {{hidden|header=Install time configuration|content=To explain the last part of this criterion - it is possible to include firewall configuration options in a kickstart-driven installation, and the criterion requires that those options work as expected. The options considered to be 'supported' are those documented at [[Anaconda/Kickstart#firewall]]. The case of a conflict between role-specified and manually-specified firewall configuration is not considered to be covered by these criteria.|headerstyle=background:#e5e5e5|fw1=normal|ta1=left}} | ||
{{hidden|header=References|content= | {{hidden|header=References|content= | ||
* Part of [https://lists.fedoraproject.org/pipermail/server/2014-June/001198.html initial Server release criteria proposal], 2014-06-06 | * Part of [https://lists.fedoraproject.org/pipermail/server/2014-June/001198.html initial Server release criteria proposal], 2014-06-06 |
Revision as of 02:36, 13 June 2014
Remote authentication
It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain.
The install-time capability is not required to be interactive (i.e. it is acceptable for it to be possible by kickstart only).
This criterion is understood to mandate that there must be no requirement for a local user account to be created during install or first boot of a Server system.
- Part of initial Server release criteria proposal, 2014-06-06
- Test case: TODO
Post-install requirements
System log forwarding
It must be possible to forward system logs between two systems running the release, using rsyslog.
This criterion assumes a working network connection between the machines, appropriate firewall configuration, and a fairly straightforward rsyslog configuration. A more exotic configuration failing is unlikely to be considered a violation of this criterion.
- Part of initial Server release criteria proposal, 2014-06-06
- Test case: TODO
Firewall configuration
After system installation without explicit firewall configuration, the system firewall must be active on all non-loopback interfaces. The only ports which may be open to incoming traffic are port 22 and any ports associated with server Roles selected during installation. Supported install-time firewall configuration options must work correctly.
To explain the last part of this criterion - it is possible to include firewall configuration options in a kickstart-driven installation, and the criterion requires that those options work as expected. The options considered to be 'supported' are those documented at Anaconda/Kickstart#firewall. The case of a conflict between role-specified and manually-specified firewall configuration is not considered to be covered by these criteria.
- Part of initial Server release criteria proposal, 2014-06-06
- Test case: TODO
SELinux configuration
Unless explicitly specified otherwise, after system installation SELinux must be enabled and in enforcing mode.
- Part of initial Server release criteria proposal, 2014-06-06
- Test case: TODO