Retire Zezere Provisioning Server (IoT)

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Retire/remove use of the zezere provisioning server, currently used to configure Fedora IoT devices.

Owner

• Name: Paul Whalen
• Email: pwhalen@fedoraproject.org
• Name: Fedora IoT SIG

Current status

• Targeted release: Fedora Linux 42
• Last updated: 2025-01-27
• Announced
• Discussion thread
• FESCo issue: #3358
• Tracker bug: <will be assigned by the Wrangler>
• Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

Currently, Fedora IoT users can add an SSH key to the root user account using the Zezere provisioning tool. While convenient for many use cases, users have given feedback that this does not work for all. There are issues using zezere with IPv6, the configuration is limited to the SSH key only and many planned features were never implemented (2, 3, 4).

In Fedora 42 we plan to remove the Zezere provisioning server in favour of offering a local means for user configuaration - systemd-firstboot.

Users will still be able to use the existing configuration options of FIDO Device Onboarding or ignition.

Feedback

Benefit to Fedora

The Zezere provisioning tool has not worked well for all Fedora IoT users. Retiring Zezere in IoT will allow us to replace this configuration method with something that is more robust, well tested and already installed by default with systemd.

Scope

• Proposal owners:
  • Remove Zezere from the installed packages, enable systemd-firstboot and ensure its compatible with IoT systems
  • Document the change

• Other developers: N/A

• Release engineering: #Releng issue number

• Policies and guidelines: N/A (not needed for this Change)

• Trademark approval: N/A (not needed for this Change)

• Alignment with the Fedora Strategy:

Upgrade/compatibility impact

None.

Early Testing (Optional)

Do you require 'QA Blueprint' support? N

How To Test

To test, users will need to provision a new Fedora IoT system after the change is made to enable systemd-firstboot.

Systems previously configured with Zezere will continue to work as expected.

User Experience

Users who have been unable to use Zezere will have an easier and more straight forward way to configure their system resulting in less frustration during the critical first boot experience.

Dependencies

Contingency Plan

• Contingency mechanism: Continue to include Zezere as we do today.

Documentation

• Fedora IoT Getting started guide will be updated to reflect the change and new configuration option and how to use systemd-firstboot.
• Documentation for using FIDO Device Onboarding and Ignition will be expanded as we remove references to Zezere

Release Notes