The Beta release criteria for rolekit were largely copied from the PRD and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory): ... A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas and I decided during development to defer that (because this information is available through the firewalld API and firewall-cmd as well), but we forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe that this firewall status API is important enough to slip Beta. Because there's no chance we will be able to implement this in time for tonight's compose.
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
I am +1. Please vote immediately, as we do not have much time.
+1
On 10/22/2014 08:30 AM, Stephen Gallagher wrote:
The Beta release criteria for rolekit were largely copied from the PRD and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory): ... A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas and I decided during development to defer that (because this information is available through the firewalld API and firewall-cmd as well), but we forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe that this firewall status API is important enough to slip Beta. Because there's no chance we will be able to implement this in time for tonight's compose.
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
I am +1. Please vote immediately, as we do not have much time.
+1 from me as well.
kevin -- On Wed, 22 Oct 2014 08:31:36 -0400 Máirín Duffy duffy@redhat.com wrote:
+1
On 10/22/2014 08:30 AM, Stephen Gallagher wrote:
The Beta release criteria for rolekit were largely copied from the PRD and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory): ... A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas and I decided during development to defer that (because this information is available through the firewalld API and firewall-cmd as well), but we forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe that this firewall status API is important enough to slip Beta. Because there's no chance we will be able to implement this in time for tonight's compose.
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
I am +1. Please vote immediately, as we do not have much time.
On Wed, 22 Oct 2014 08:30:47 -0400 Stephen Gallagher sgallagh@redhat.com wrote:
The Beta release criteria for rolekit were largely copied from the PRD and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory): ... A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas and I decided during development to defer that (because this information is available through the firewalld API and firewall-cmd as well), but we forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe that this firewall status API is important enough to slip Beta. Because there's no chance we will be able to implement this in time for tonight's compose.
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
I am +1. Please vote immediately, as we do not have much time.
A pity, but it is unrealistic to stop beta for this, so +1
Simo.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 22.10.2014 14:30, Stephen Gallagher wrote:
The Beta release criteria for rolekit were largely copied from the PRD and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory): ... A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas and I decided during development to defer that (because this information is available through the firewalld API and firewall-cmd as well), but we forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe that this firewall status API is important enough to slip Beta. Because there's no chance we will be able to implement this in time for tonight's compose.
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
I agree this is too late to fix.
+1
Stef
On Wed, 2014-10-22 at 08:30 -0400, Stephen Gallagher wrote:
The Beta release criteria for rolekit were largely copied from the PRD and Technical Specification. One of these bits was this:
"Release-blocking roles must be able to report their status in regard to the system firewall as described in the technical specification."
The tech spec reads:
"Roles will be required to support the following API: ... A query interface providing metadata information about the role (not all roles must implement all parts of this, bold lines are mandatory): ... A list of the ports that the role operates on, as well as data about whether those ports are currently firewalled."
Unfortunately, rolekit does not currently have this capability. Thomas and I decided during development to defer that (because this information is available through the firewalld API and firewall-cmd as well), but we forgot to communicate it to the rest of the Server SIG.
As a result, we (the Server WG) need to make a decision: Do we believe that this firewall status API is important enough to slip Beta. Because there's no chance we will be able to implement this in time for tonight's compose.
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
I am +1. Please vote immediately, as we do not have much time.
I've adjusted the criteria and test case for this now. It'd be good to avoid such criteria fudging in future. Someone may want to update the tech spec if this is no longer a part of it.
----- Original Message -----
From: "Stephen Gallagher" sgallagh@redhat.com To: server@lists.fedoraproject.org Cc: "Stef Walter" swalter@redhat.com, david@davidstrauss.net, "Truong Anh. Tuan" tuanta@iwayvietnam.com, "Mairin Duffy" duffy@redhat.com, "Kevin Fenzi" kevin@scrye.com, "Miloslav Trmac" mitr@redhat.com, "Simo Sorce" ssorce@redhat.com, "Adam Williamson" awilliam@redhat.com Sent: Wednesday, October 22, 2014 7:30:47 PM Subject: Server WG Quick Vote: Firewall status API for rolekit
...snip...
Proposal: The requirement to be able to list the role's related firewall state is deferred to Fedora 22 and should be removed from the release criteria.
+1 from me.
Kind regards, Tuan
server@lists.fedoraproject.org
-
Adam Williamson -
Kevin Fenzi -
Miloslav Trmač -
Máirín Duffy -
Simo Sorce -
Stef Walter -
Stephen Gallagher -
Truong Anh Tuan