20:01:06 <sgallagh> #startmeeting Fedora Server SIG (2017-05-09)
20:01:06 <zodbot> Meeting started Tue May  9 20:01:06 2017 UTC.  The chair is sgallagh. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:01:06 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
20:01:06 <zodbot> The meeting name has been set to 'fedora_server_sig_(2017-05-09)'
20:01:06 <sgallagh> #meetingname fedoraserver
20:01:07 <zodbot> The meeting name has been set to 'fedoraserver'
20:01:07 <sgallagh> #chair nirik sgallagh mhayden dperpeet smooge jds2001 vvaldez adamw mjwolf
20:01:07 <zodbot> Current chairs: adamw dperpeet jds2001 mhayden mjwolf nirik sgallagh smooge vvaldez
20:01:07 <sgallagh> #topic init process
20:01:19 <sgallagh> .hello sgallagh
20:01:20 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
20:01:23 <dperpeet> .hello dperpeet
20:01:27 <zodbot> dperpeet: dperpeet 'None' <dperpeet@redhat.com>
20:01:34 <zdohnal> .hello zdohnal
20:01:35 <zodbot> zdohnal: zdohnal 'Zdenek Dohnal' <zdohnal@redhat.com>
20:02:56 * sgallagh looks around for the rest of the SIG
20:03:20 <jds2001_> .hello jstanley
20:03:21 <zodbot> jds2001_: jstanley 'Jon Stanley' <jonstanley@gmail.com>
20:03:57 <vvaldez> .hello vvaldez
20:03:59 <zodbot> vvaldez: vvaldez 'Vinny Valdez' <vvaldez@redhat.com>
20:05:27 <sgallagh> OK, that's enough to start with, though it may not be enough to make a decision today.
20:05:38 <sgallagh> #topic CUPS
20:05:38 <sgallagh> #link https://pagure.io/fedora-server/issue/1
20:05:52 <sgallagh> So, a little bit of background:
20:06:13 <sgallagh> Up until recently, the systemd presets have included the line `enable cups.*`
20:06:33 <sgallagh> That asterisk being a glob that expanded out to `cups.service`, `cups.socket` and `cups.path`
20:07:24 <sgallagh> cups.socket will auto-start cups.service when it has been directed to print or otherwise queried from the local machine.
20:08:11 <sgallagh> However, in those cases where the system has been configured to share the printer(s) over the network, the full service must be enabled and started or else it cannot be contacted or discovered.
20:09:23 <sgallagh> Fedora Workstation and FESCo have decided that in the specific case of Workstation and the general case of default Fedora that we will remove cups.service from the presets (so that it will be socket-activated when needed)
20:09:44 <sgallagh> However, the question was raised whether Fedora Server would want to continue to carry it enabled by default.
20:10:02 <sgallagh> On the grounds that we are the Edition most likely to be providing a print server in the wild
20:10:26 <jds2001> is that something for a role?
20:10:39 <jds2001> so as to reduce the exposed attack surface by default
20:10:54 <jds2001> but enabling it for easy use if required?
20:11:14 <sgallagh> For the record, if we change this default, it will *not* impact systems that are currently operating as print servers, because presets only take effect at install-time.
20:11:24 <sgallagh> (or with manual intervention later)
20:11:34 <sgallagh> jds2001: Right, I'm getting to that :)
20:12:33 <sgallagh> The counter-argument is that the default CUPS configuration out of the box does not support network access of the printers. Since manual configuration would be needed to enable this anyway, adding one more step of `systemctl enable cups.service` is not a heavy burden.
20:13:18 <sgallagh> jds2001: For the record, our default firewall configuration also disallows access to CUPS
20:13:58 <dperpeet> given those limitations, I think it makes more sense to follow the Workstation decision
20:14:06 * jds2001 agrees
20:14:24 <dperpeet> especially if we can make enabling it *properly* easier
20:14:41 <dperpeet> it's also feasible to tie those together
20:14:42 <sgallagh> Yeah, I think we probably want to get "Print Server" onto our radar as a server role at least
20:14:48 <dperpeet> disable only once we have proper enabling (via role?)
20:14:53 <sgallagh> Or a Server Application in Cockpit parlance
20:15:09 <jds2001> dperpeet: doeesnt strike me as particularly useful today
20:15:14 <vvaldez> I agree as well, disabled by default, operator action to enable
20:15:15 <sgallagh> dperpeet: Sorry, I don't follow
20:15:25 <jds2001> without further configuration, and adding one more step to that isnt horrible.
20:15:28 <zdohnal> sgallagh: If it doesn't impact currently working print servers, I think we can disable it
20:15:42 <sgallagh> FWIW, I invited zdohnal as the CUPS maintainer as well :)
20:16:23 <dperpeet> sgallagh, I meant leave current configuration (don't follow Workstation) until the actual configuration is solved and made easier
20:16:27 <sgallagh> zdohnal: It should not (barring a change to how systemd handles presets)
20:16:35 <dperpeet> but now that I think about it, that's not necessarily a good idea
20:16:45 <zdohnal> sgallagh: My worries were for if that "disable" will break someone's workflow
20:16:54 * sgallagh nods
20:17:16 <jds2001> zdohnal: would a release note suffice?
20:17:35 * jds2001 speaks as the Real World(TM) voice of the SIG.....
20:18:01 <jds2001> so i guess i should admit in the Real World(TM) no one reads release notes until something breaks :D
20:18:33 <zdohnal> jds2001: yes, I probably add some info message into cups itself, when you will try to create shared printer queue
20:18:54 <jds2001> zdohnal: that makes a lot of sense.
20:18:56 <dperpeet> yeah... detecting disabled systemd units is pretty straightforward
20:19:08 <dperpeet> that should show up in regular "debugging" workflows
20:19:19 <dperpeet> if stuff doesn't work
20:19:27 <sgallagh> Proposal: Fedora Server will ship with cups.service disabled, cups.socket and cups.path enabled by default.
20:19:48 <vvaldez> +1
20:19:51 <dperpeet> +1
20:20:03 <zdohnal> +1
20:20:04 <sgallagh> +1
20:20:07 <jds2001> +1
20:20:26 <sgallagh> mhayden was +1 for disabling cups.service by default on the mailing list as well
20:20:43 <sgallagh> #agreed Fedora Server will ship with cups.service disabled, cups.socket and cups.path enabled by default. (+5, 0, -0)
20:21:00 <sgallagh> (zdohnal: your vote is appreciated but not counted for formal decisions)
20:21:46 <sgallagh> #info Fedora Server should consider adding a printer sharing role and/or Cockpit UI
20:22:01 <sgallagh> Anything else to discuss on this topic?
20:22:46 <sgallagh> #topic Open Floor
20:22:53 <sgallagh> Anything to discuss on any topic?
20:23:22 <dperpeet> Server Applications in Cockpit are making progress
20:23:51 <jds2001> awesome.
20:24:04 <dperpeet> I think next week we'll have a more up to date demo / mockup
20:24:40 <sgallagh> dperpeet: The one from yesterday's meeting notes looked decent.
20:25:15 <dperpeet> more design work this week
20:25:29 <dperpeet> so now is an excellent time to give feedback if you have an opinion :)
20:25:38 <dperpeet> https://github.com/cockpit-project/cockpit/wiki/Server-Applications is one such place
20:26:37 <sgallagh> OK, slight modification to my statements about presets above. The presets are applied when the package that provides that unit file is first installed (but not on package upgrades after that)
20:27:05 <sgallagh> So the conclusion I drew above was correct (it won't affect current deployments), but the path to it was slightly different
20:27:31 <sgallagh> #info Please provide feedback on Cockpit Server Applications efforts at https://github.com/cockpit-project/cockpit/wiki/Server-Applications
20:28:49 <sgallagh> OK, if that's everything, we can call it a short meeting and I'll give you back 30 minutes of your life.
20:28:58 <dperpeet> thanks :)
20:29:14 <jds2001> dont waste them :)
20:29:15 <sgallagh> Thanks for coming, folks.
20:29:25 <sgallagh> Every minute is a gift ;-)
20:29:27 <sgallagh> #endmeeting