20:01:06 #startmeeting Fedora Server SIG (2017-05-09) 20:01:06 Meeting started Tue May 9 20:01:06 2017 UTC. The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:01:06 Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:01:06 The meeting name has been set to 'fedora_server_sig_(2017-05-09)' 20:01:06 #meetingname fedoraserver 20:01:07 The meeting name has been set to 'fedoraserver' 20:01:07 #chair nirik sgallagh mhayden dperpeet smooge jds2001 vvaldez adamw mjwolf 20:01:07 Current chairs: adamw dperpeet jds2001 mhayden mjwolf nirik sgallagh smooge vvaldez 20:01:07 #topic init process 20:01:19 .hello sgallagh 20:01:20 sgallagh: sgallagh 'Stephen Gallagher' 20:01:23 .hello dperpeet 20:01:27 dperpeet: dperpeet 'None' 20:01:34 .hello zdohnal 20:01:35 zdohnal: zdohnal 'Zdenek Dohnal' 20:02:56 * sgallagh looks around for the rest of the SIG 20:03:20 .hello jstanley 20:03:21 jds2001_: jstanley 'Jon Stanley' 20:03:57 .hello vvaldez 20:03:59 vvaldez: vvaldez 'Vinny Valdez' 20:05:27 OK, that's enough to start with, though it may not be enough to make a decision today. 20:05:38 #topic CUPS 20:05:38 #link https://pagure.io/fedora-server/issue/1 20:05:52 So, a little bit of background: 20:06:13 Up until recently, the systemd presets have included the line `enable cups.*` 20:06:33 That asterisk being a glob that expanded out to `cups.service`, `cups.socket` and `cups.path` 20:07:24 cups.socket will auto-start cups.service when it has been directed to print or otherwise queried from the local machine. 20:08:11 However, in those cases where the system has been configured to share the printer(s) over the network, the full service must be enabled and started or else it cannot be contacted or discovered. 20:09:23 Fedora Workstation and FESCo have decided that in the specific case of Workstation and the general case of default Fedora that we will remove cups.service from the presets (so that it will be socket-activated when needed) 20:09:44 However, the question was raised whether Fedora Server would want to continue to carry it enabled by default. 20:10:02 On the grounds that we are the Edition most likely to be providing a print server in the wild 20:10:26 is that something for a role? 20:10:39 so as to reduce the exposed attack surface by default 20:10:54 but enabling it for easy use if required? 20:11:14 For the record, if we change this default, it will *not* impact systems that are currently operating as print servers, because presets only take effect at install-time. 20:11:24 (or with manual intervention later) 20:11:34 jds2001: Right, I'm getting to that :) 20:12:33 The counter-argument is that the default CUPS configuration out of the box does not support network access of the printers. Since manual configuration would be needed to enable this anyway, adding one more step of `systemctl enable cups.service` is not a heavy burden. 20:13:18 jds2001: For the record, our default firewall configuration also disallows access to CUPS 20:13:58 given those limitations, I think it makes more sense to follow the Workstation decision 20:14:06 * jds2001 agrees 20:14:24 especially if we can make enabling it *properly* easier 20:14:41 it's also feasible to tie those together 20:14:42 Yeah, I think we probably want to get "Print Server" onto our radar as a server role at least 20:14:48 disable only once we have proper enabling (via role?) 20:14:53 Or a Server Application in Cockpit parlance 20:15:09 dperpeet: doeesnt strike me as particularly useful today 20:15:14 I agree as well, disabled by default, operator action to enable 20:15:15 dperpeet: Sorry, I don't follow 20:15:25 without further configuration, and adding one more step to that isnt horrible. 20:15:28 sgallagh: If it doesn't impact currently working print servers, I think we can disable it 20:15:42 FWIW, I invited zdohnal as the CUPS maintainer as well :) 20:16:23 sgallagh, I meant leave current configuration (don't follow Workstation) until the actual configuration is solved and made easier 20:16:27 zdohnal: It should not (barring a change to how systemd handles presets) 20:16:35 but now that I think about it, that's not necessarily a good idea 20:16:45 sgallagh: My worries were for if that "disable" will break someone's workflow 20:16:54 * sgallagh nods 20:17:16 zdohnal: would a release note suffice? 20:17:35 * jds2001 speaks as the Real World(TM) voice of the SIG..... 20:18:01 so i guess i should admit in the Real World(TM) no one reads release notes until something breaks :D 20:18:33 jds2001: yes, I probably add some info message into cups itself, when you will try to create shared printer queue 20:18:54 zdohnal: that makes a lot of sense. 20:18:56 yeah... detecting disabled systemd units is pretty straightforward 20:19:08 that should show up in regular "debugging" workflows 20:19:19 if stuff doesn't work 20:19:27 Proposal: Fedora Server will ship with cups.service disabled, cups.socket and cups.path enabled by default. 20:19:48 +1 20:19:51 +1 20:20:03 +1 20:20:04 +1 20:20:07 +1 20:20:26 mhayden was +1 for disabling cups.service by default on the mailing list as well 20:20:43 #agreed Fedora Server will ship with cups.service disabled, cups.socket and cups.path enabled by default. (+5, 0, -0) 20:21:00 (zdohnal: your vote is appreciated but not counted for formal decisions) 20:21:46 #info Fedora Server should consider adding a printer sharing role and/or Cockpit UI 20:22:01 Anything else to discuss on this topic? 20:22:46 #topic Open Floor 20:22:53 Anything to discuss on any topic? 20:23:22 Server Applications in Cockpit are making progress 20:23:51 awesome. 20:24:04 I think next week we'll have a more up to date demo / mockup 20:24:40 dperpeet: The one from yesterday's meeting notes looked decent. 20:25:15 more design work this week 20:25:29 so now is an excellent time to give feedback if you have an opinion :) 20:25:38 https://github.com/cockpit-project/cockpit/wiki/Server-Applications is one such place 20:26:37 OK, slight modification to my statements about presets above. The presets are applied when the package that provides that unit file is first installed (but not on package upgrades after that) 20:27:05 So the conclusion I drew above was correct (it won't affect current deployments), but the path to it was slightly different 20:27:31 #info Please provide feedback on Cockpit Server Applications efforts at https://github.com/cockpit-project/cockpit/wiki/Server-Applications 20:28:49 OK, if that's everything, we can call it a short meeting and I'll give you back 30 minutes of your life. 20:28:58 thanks :) 20:29:14 dont waste them :) 20:29:15 Thanks for coming, folks. 20:29:25 Every minute is a gift ;-) 20:29:27 #endmeeting