[EMAIL PROTECTED] wrote on 07/10/2008 02:20:44 PM:
> On Thu, Jul 10, 2008 at 2:07 PM, MJang <[EMAIL PROTECTED]> wrote: > > On Thu, 2008-07-10 at 13:43 -0500, inode0 wrote: > >> On Thu, Jul 10, 2008 at 10:56 AM, Ed Brown <[EMAIL PROTECTED]> wrote: > >> > Bill Nottingham wrote: > >> >> In the meantime, "%packages --nobase" in kickstart should solve your > >> >> needs - if you're trying to install a large group of servers, you > >> >> absolutely should be using kickstart. > >> > > >> > I, and likely everyone else on this thread, absolutely are > using kickstart. > >> > But to be honest, I haven't actually taken a serious look at > --nobase. I > >> > will. And sectool is a step in the right direction, though it > sure doesn't > >> > look like it will be ready for RHEL6 either. > >> > >> While --nobase seems to come up a lot in this thread, and it is what I > >> use, it isn't really anything all that special. Either you use > >> --nobase and add a bunch of things we mostly find useful or you don't > >> use --nobase and remove a bunch of things we mostly find not useful. > > > > I know I've mentioned it in a different part of the thread, but I think > > that's the benefit of a Red Hat version of the Ubuntu JeOS (= "Just > > enough Operating System) installation - it's a starting point with > > virtually no services included by default. > > > > Include just those packages that would come with a --nobase Kickstart. > > I don't think that gives you a useful starting point. It isn't any > more useful to me to have to figure out all the things I need to add, > actually it is easier to figure out which I can delete. > > One thing I wish people would understand is the massive effect on the > world a little bit of effort on their part can produce. An option in > between would save a lot of people a lot of effort figuring out which > packages to toss or which packages to add. Security aside, this is a > sad waste of human energy. I agree completely. I understand that finding a common thread is a difficult thing, but in gerneal so is most of what has been accomplished with F/OSS. Why not work on finding definitions for some of these things, and yes that means finding a good compromise. (kickstart is not a compromise, its a utility that could argueably used to add the things we are being told we should use it to remove). The userbase of RHEL/Fedora is diverse. Different people define minimal as different things. Point taken. So forget Minimal/Full install (IMO and I'm sure anyone else that is a security minded admin, Full is not a server solution). What is a "base" (for lack of a bettter term) server? (RHEL is a server platform, after all) Personally I would define it as a system that has the underlying os, a method for managing it locally and remotely, a method for managing software, and security. What would everyone consider is a base server install: I feel a base install is one that has the kernel, shell(s), drivers, package tools (yum and rpm in this case), firewall, and a remote management method (notably ssh). What is missing from this? what should be added to this? What should be on by default? Personally, I agree with the Debian/Ubuntu policy of "no ports open by default", but I feel it should be "no port on by default". Firewall is nice, and I use them regularly, but I'd rather turn on a box and have it on the network and not worry about it if I get called off to fires (the 1 box i've ever had hijacked was a fresh rh install with ssh open on an insecure version that I got pulled away from working on for a week). If you are doing kickstart installs on headless machines you can set sshd to start via chkconfig. How do we provide this? Make this the default. If you do not select to add packages/groups during install, which is easy manually or with kickstart, then you get this base install. Does it really benefit us to let this distribution slowly bloat? Yes, having all the packages available is great, but thats the point of Yum, RHN, Satellite, etc. Even MS has gotten wise and started trimming the fat on its server installs, which were already its leanest installs. -greg _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
