On 07/09/2014 12:14 AM, David Timothy Strauss wrote:
I don't see much value in choosing a role from a predefined list. Rarely do machines fit into one single, straightforward role.
I would disagree here like for one example security wise you want to implement only one primary role per server to prevent roles that require different security levels from co-existing on the same server. (For example the roles of web servers, database servers should be implemented on separate servers.) as well as for other practical deployment practices.
It would be more useful to support machine tags/labels/roles that map to units, especially if that's dynamically configurable using, say, DHCP(v6). Then, something may be WantedBy=nameserver.role. That would support both "livestock" deployments with a standardized /usr and "pet" deployments where admins sign on and may enable roles shipped with the distribution.
I think this would overlap with targets and we really should be very restrict on introducing new type units and basically what I was thinking was the other way around.
Then again, I don't see how those would be different from shipping more <unit>.target files and adding some method to dynamically enable them.
The general idea I had in my mind was to define primary role or machinerole then trying to get us to agree on standardize predefined set of roles.
If we manage to do that, introduce "rolefulfilment=" in units which we would define those standardized predefined set of roles as in for httpd.service we might have rolefulfilment=web server, for postgresql, rolefulfilment=database server etc. so you could list/query etc the machine primary role and at the same time list the daemon/service who fulfills that role
As well as all the other running service role fulfilment on the host and maybe introduce ConditionRoleFulfilment= or ConditionRole= if valid use cases existed for that etc.
That's basically how I pictured the role implementation and from my point of view if we cant standardized on predefined set of roles there is no point in implementing it since we cant properly integrate roles with units
JBG _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel