[opensuse-factory] Heads-Up: New Partitioning & firewall/sshd defaults on the way
Hi everyone, For a while there has been a significant amount of feedback that some of our installers defaults could do with improvement. I've decided to try and tackle some of them. We have seen a number of users receiving smaller / (rootfs) filesystems than ideal with our default feature set of snapshots and rollback. This results in their systems filling up with snapshots before the space-aware cleanup even has a chance to take effect. A number of users have asked why we mix xfs and btrfs by default, and we've seen bugs where that mixing results in a /home partition that is unusably small. Therefore I've proposed the following PR to both Leap 15.1 and Tumbleweed's installers https://github.com/yast/skelcd-control-openSUSE/pull/153 The changes from the current behaviour as follows: - / will aim to be at least 40GiB by default, and will not be allowed to be smaller than 20GiB - If snapshots are disabled in either the Guided or Expert partitioner, / will aim to be at least 10GiB, and will not be allowed to be smaller than 5GiB - / will try and use all other available space - By default we will NOT propose a separate /home partition - If a separate /home is requested in either the Guided or Expert partitioner, /home will aim to be at least 40GiB and no smaller than 10GiB - If enabled, /home will try to use all other available space at a rate twice as large as / - swap will not grow to the size of RAM by default (but this can still be enabled in the Guided or Expert partitioners) - Unlike previously, all of the above also applies to the "Transactional Server" system role, with the exception that you cannot disable snapshots. All together this means that most users will have a much simpler straightforward partitioning of their systems, be it a VM with a small disk, a laptop with an SSD, or a massive server/workstation with dozens of GB of RAM. In addition to the above I took the opportunity to fix a bug that's been lingering in my backlog for most of the year: https://bugzilla.opensuse.org/show_bug.cgi?id=1090372 As we now have clear "Server" and "Transactional Server" system roles, the firewall & sshd configuration for those roles will now be optimised by default - sshd will be enabled by default - firewalld will be disabled by default I've discussed logic of disabling the firewall was discussed at length with a number of people, especially our Leap release manager Ludwig who's opinion on security I consider very highly. Given that servers are not general purpose machines and will have a limited number of services installed, each manually by the user, we feel that the firewall is a needless complication for that role which users should be saved from by default. The firewall & sshd configuration will not be changed for any of the other system roles. The firewall will remain enabled by default for desktop roles, where there is a much larger risk of software opening up ports without the user being aware of it. Users will of course still be able to modify these settings from their defaults on the "Installation Summary" screen before the install, just as they can today. If there are any significant improvements you see to the above, please speak up quickly as the pull request is on the way already. Regards, Richard -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, On Fri, 2018-11-16 at 16:35 +0100, Richard Brown wrote:
- By default we will NOT propose a separate /home partition
Just to restate, does that mean that /home will end up being backed by a btrfs filesystem by default? Robert -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 16 Nov 2018 at 16:46, Richard Brown <RBrownCCB@opensuse.org> wrote:
But to restate (as 2 people asked me about this in the last 30 seconds) If a user chooses to have a separate /home in the partitioner, then that separate /home partition proposal will be xfs, like today. That's why I didn't include any filesystem types in my change summary in the original post, because I'm not changing anything there. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 2018-11-16 at 16:46 +0100, Richard Brown wrote:
Have you considered disabling copy-on-write for the /home subvolume? It is (in my limited experience) the primary thing that can suprise users in a nasty way under /home. Robert -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 16 Nov 2018 at 16:58, Robert Munteanu <rombert@apache.org> wrote:
The thought crossed my mind, but I don't think it makes sense here Unlike /var, the chances of users having data which will benefit from NoCoW is relatively small - how many users have relational databases stored their /home? Meanwhile having CoW enabled in /home means users can benefit from the *really cool* feature of btrfs send/receive for incremental backups on steroids https://btrfs.wiki.kernel.org/index.php/Incremental_Backup My personal systems have been running for over a year using the config I'm now proposing for everyone by default, and there's no way in heck I could live with /home with CoW disabled. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 2018-11-16 at 17:05 +0100, Richard Brown wrote:
Ack, thanks. I was thinking more of VM images than relational databases, but as long as it's something you took into account and dismissed it's all fine to me. Thanks, Robert -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Freitag, 16. November 2018, 17:05:54 CET schrieb Richard Brown:
On Fri, 16 Nov 2018 at 16:58, Robert Munteanu wrote:
That number might not be as smallas you think ;-) KMail / Akonadi uses a MySQL database, so nearly all KMail users have a database in their home directory (unless they change the Akonadi config to use the system-wide MySQL or PostgreSQL). The various desktop searches like Baloo also use something that looks like a database to me ;-)
Just curious - how big is your btrfs partition? I have a ~500 GB btrfs since some months, and had a few cases where one of the btrfs-* (IIRC balance) cronjobs (actually timers) made the system mostly unusable for some minutes by causing a high IO load. Is this a known issue, or should I report a bug if/when it happens again? (I'm aware of boo#1063638, but I'm not sure if it matches my problem, and given the number of comments I slightly ;-) doubt if adding even more comments there is a good idea ;-) Regards, Christian Boltz -- Registrierter Linux-Nutzer #239431 Linux is like a wigwam: no gates, no windows, but an apache inside. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Freitag, 16. November 2018 18:17:32 CET Christian Boltz wrote:
Baloo disables CoW for its database, as does Akonadi. Not sure about Firefox (which uses a bunch of sqlite3 DBs). Kind regards, Stefan https://github.com/KDE/baloo/blob/b9e1ef29821d4b05d1c903d4214de9f5f0c63ed3/ src/engine/fsutils.cpp#L36 https://github.com/KDE/akonadi/blob/a3cae6e26a0f31e7f92ea9b5717b4739149ed8ea... src/server/utils.cpp#L209 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
16.11.2018 20:17, Christian Boltz пишет:
For a long time (more than a year at least) my TW VM was mostly unusable straight after boot. Actually either boot failed in emergency mode (pressing ^D continued normally) or GDM failed to start with usual "Oh, no ..."; returning to GDM allowed me to log in normally. I was pretty surprised to find it having booted straight into usable DE yesterday (it is not the latest TW snapshot). I have never observed this on Leap 42 or Leap 15 on the same host. My hunch is that it is kernel related. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 16/11/2018 18.17, Christian Boltz wrote:
Yes, that sounds *exactly* like boo#1063638 but you are right, one more "me too" comment will not help to solve it any faster. I myself tend to run all my systems as well without a dedicated home partition on the first disk so same as Richard is proposing now. However, this will make boo#1063638 more likely for even more people. Let's see how that will play out ;) But also could be that I experience less issues after I trigger snapperd itself with IO niceness, see https://github.com/openSUSE/snapper/pull/437#issuecomment-429993992 maybe it helps. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Richard,
I am not sure if by “backed up” he means that /home will be included in system snapshots. And afaik, only root / is used, excluding sub volumes, and since /home will be a sub volume, it will mean that it will not be touched by rollbacks, right? Kind Regards, Sergio-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 16/11/2018 16.46, Richard Brown wrote:
Ok, question then: If one is installing to a previously installed machine with this setup, will the home subvolume be left intact, with all its data, and only the "system" space formatted or erased? A common manner of installing the next release is to replace "/" and leave "/home" partition intact. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On 11/18/2018 11:10 AM, Carlos E. R. wrote:
I take that a step further and mount home directories on /export/home. That's a habit from my old SunOS days. I performed a full install just yesterday on a box with five "home" partitions mounted as /export/home, /export/home1, and so on. Each home partition is about 50-TB formatted with xfs. I do the full installs on butterfly ext4 partitions, where I leave the previous version intact on its own root partition and install on the other one. This has the advantage of being able to easily access and port all the old config files and allows me to boot the old version if necessary. I did exactly this yesterday because I ran out of time. I also use NFS and autofs to cross-mount home partitions on different hosts. I reference them as /home/foo, /home/bar, etc, where foo and bar are hostnames. Using /home for the actual partition messes all of that up. There are lots of different ways to skin the cat, just make sure we have the knife, even if it might be hidden for regular users. Windows doesn't give us a knife. Regards, Lew -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Friday, November 16, 2018 9:35:33 AM CST Richard Brown wrote:
Glad to hear this is being improved. Is there anyway to communicate the reason for the increased root file-system size clearly in the installer so people are not inclined to edit and reduce it or complain based on expectations from non- btrfs+snapshot distros? -- Jimmy -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/11/2018 16.35, Richard Brown wrote:
Ok :-) I think I like most of it, just two doubts :-)
How can the install person choose defaults? Say "I want separate home"? I mean, will it be some sort of button, or do we have to enter expert partioning and edit the partition layout? I would suggest an optional table of choices presented early, including things like "laptop".
- swap will not grow to the size of RAM by default (but this can still be enabled in the Guided or Expert partitioners)
Why? Can you expand on this? Perhaps a button to say swap will be used for hibernation? Thanks :-) - -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas)) -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCW+8mxgAKCRC1MxgcbY1H 1e6MAJ9jonzFy/bzVg3GEOP6TLwUhwXYYQCdHZs8+d4C93GpbThMAdtOzUdC4ec= =XHFr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Carlos,
It can be done with the guided setup like shown here: https://openqa.opensuse.org/tests/798839#step/partitioning_togglehome/3 But after his change is accepted, it would be the opposite.
This can be also done with the guided setup. You can see the checkbox on the same previous screenshot: https://openqa.opensuse.org/tests/798839#step/partitioning_togglehome/3 Feel free to check the screenshots and even the video: https://openqa.opensuse.org/tests/798839/file/video.ogv Kind Regards, Sergio-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 17/11/2018 20.48, Sergio Lindo wrote:
Ah, nice :-)
Ah, that's good :-)
Feel free to check the screenshots and even the video: https://openqa.opensuse.org/tests/798839/file/video.ogv
Ha, the video goes too fast to be able to notice things, I had to step it. :-) Thanks :-) -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
El vie., 16 nov. 2018 a las 12:35, Richard Brown (<RBrownCCB@opensuse.org>) escribió:
I see with the Partitioning defaults a serious problem, because it ALWAYS tries to format and partitioning the /home partition, both in Leap Alpha 15.1 and Tumbleweed. In my pc, the installation program of Tumbleweed stopped at the partition window, and I could edit it. But the last Wednesday installing Tumbleweed in the pc of a friend, the installation program don't stopped at the partition window, and formatted the /home partition, and now I have a serious problem with my friend, because he did not have the data safeguarded. Cheers, Juan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 18.11.18 um 15:50 schrieb Juan Erbes:
Have you tried to restore the partition with tools such as TestDisk? The data may still be there and restorable. Cheers, Ignaz -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/18/2018 03:50 PM, Juan Erbes wrote:
The installer always try to make the sufficient space to install the new system. PROPOSING to delete existing partitions if needed. If there is no free space in the disk for the default recommended layout, it will PROPOSE to delete one of the existing partitions. Which partition to PROPOSE for deletion depends on the sizes and positions of the partitions, not on their content. If your previous /home is at the end of the disk and deleting it provides enough space to install the new system... then the installer will propose to delete it so it can use the resulting free space to install the new system there. What would you expect the installer to do instead of that? We need feedback about what are the user expectations in that regard.
In my pc, the installation program of Tumbleweed stopped at the partition window, and I could edit it.
Do you mean this screen? https://openqa.opensuse.org/tests/798839#step/partitioning_filesystem/1 Yes, Tumbleweed ALWAYS ALWAYS stops in that screen.
Do you mean the installer didn't stop at the "Suggested Partitioning" screen linked above? The installer just started to install stuff without offering you to decide the disk layout in any step? I honestly believe that's impossible. A version of the TW installer that does not stop in the "Suggested Partitioning" screen would have never passed the most elementary openQA test. I bet you actually accepted the default suggested partitioning without reading/noticing it. In other words: YaST logs or it didn't happen. ;-) Cheers. -- Ancor González Sosa YaST Team at SUSE Linux GmbH -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/16/18 4:35 PM, Richard Brown wrote:
I'm fine with new defaults, as long as the user is still free to define the layout of the system, i.e., have ext4 or xfs (or others) for /, /home and other data partitions, and have an extra swap partition. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (14)
-
Ancor Gonzalez Sosa -
Andrei Borzenkov -
Bernhard Voelker -
Brüns, Stefan -
Carlos E. R. -
Christian Boltz -
Ignaz Forster -
Jimmy Berry -
Juan Erbes -
Lew Wolfgang -
Oliver Kurz -
Richard Brown -
Robert Munteanu -
Sergio Lindo