For a while there has been a significant amount of feedback that some of our installers defaults could do with improvement. I've decided to try and tackle some of them.
We have seen a number of users receiving smaller / (rootfs) filesystems than ideal with our default feature set of snapshots and rollback. This results in their systems filling up with snapshots before the space-aware cleanup even has a chance to take effect. A number of users have asked why we mix xfs and btrfs by default, and we've seen bugs where that mixing results in a /home partition that is unusably small.
Therefore I've proposed the following PR to both Leap 15.1 and Tumbleweed's installers
The changes from the current behaviour as follows:
- / will aim to be at least 40GiB by default, and will not be allowed to be smaller than 20GiB - If snapshots are disabled in either the Guided or Expert partitioner, / will aim to be at least 10GiB, and will not be allowed to be smaller than 5GiB - / will try and use all other available space - By default we will NOT propose a separate /home partition - If a separate /home is requested in either the Guided or Expert partitioner, /home will aim to be at least 40GiB and no smaller than 10GiB - If enabled, /home will try to use all other available space at a rate twice as large as / - swap will not grow to the size of RAM by default (but this can still be enabled in the Guided or Expert partitioners) - Unlike previously, all of the above also applies to the "Transactional Server" system role, with the exception that you cannot disable snapshots.
All together this means that most users will have a much simpler straightforward partitioning of their systems, be it a VM with a small disk, a laptop with an SSD, or a massive server/workstation with dozens of GB of RAM.
In addition to the above I took the opportunity to fix a bug that's been lingering in my backlog for most of the year: https://bugzilla.opensuse.org/show_bug.cgi?id=1090372
As we now have clear "Server" and "Transactional Server" system roles, the firewall & sshd configuration for those roles will now be optimised by default
- sshd will be enabled by default - firewalld will be disabled by default
I've discussed logic of disabling the firewall was discussed at length with a number of people, especially our Leap release manager Ludwig who's opinion on security I consider very highly.
Given that servers are not general purpose machines and will have a limited number of services installed, each manually by the user, we feel that the firewall is a needless complication for that role which users should be saved from by default.
The firewall & sshd configuration will not be changed for any of the other system roles. The firewall will remain enabled by default for desktop roles, where there is a much larger risk of software opening up ports without the user being aware of it.
Users will of course still be able to modify these settings from their defaults on the "Installation Summary" screen before the install, just as they can today.
If there are any significant improvements you see to the above, please speak up quickly as the pull request is on the way already.