[systemd-devel] Extending machine-info to include machine roles

"Jóhann B. Guðmundsson" johannbg at gmail.com
Tue Jul 8 18:00:35 PDT 2014 

On 07/09/2014 12:14 AM, David Timothy Strauss wrote:
> I don't see much value in choosing a role from a predefined list.
> Rarely do machines fit into one single, straightforward role.

I would disagree here like for one example security wise you want to 
implement only one primary role per server to prevent roles that require 
different security levels from co-existing on the same server. (For 
example the roles of web servers, database servers should be implemented 
on separate servers.) as well as for other practical deployment practices.

>
> It would be more useful to support machine tags/labels/roles that map
> to units, especially if that's dynamically configurable using, say,
> DHCP(v6). Then, something may be WantedBy=nameserver.role. That would
> support both "livestock" deployments with a standardized /usr and
> "pet" deployments where admins sign on and may enable roles shipped
> with the distribution.

I think this would overlap with targets and we really should be very 
restrict on introducing new type units and basically what I was thinking 
was the other way around.

>
> Then again, I don't see how those would be different from shipping
> more <unit>.target files and adding some method to dynamically enable
> them.


The general idea I had in my mind was to define primary role or 
machinerole then trying to get us to agree on standardize predefined set 
of roles.

If we manage to do that, introduce "rolefulfilment=" in units which we 
would define those standardized predefined set of roles as in for 
httpd.service we might have rolefulfilment=web server, for postgresql, 
rolefulfilment=database server etc.  so you could list/query etc the 
machine primary role and at the same time list the daemon/service who 
fulfills that role

As well as all the other running service role fulfilment on the host and 
maybe introduce ConditionRoleFulfilment= or ConditionRole= if valid use 
cases existed for that etc.

That's basically how I pictured the role implementation and from my 
point of view if we cant standardized on predefined set of roles there 
is no point in implementing it since we cant properly integrate roles 
with units

JBG

More information about the systemd-devel mailing list