The area of most of the steps is the 2nd stage of installation (after reboot). We internally call this the configuration of the new system and it consists of several steps giving the user maximum flexibility to setup the system before it starts in a full-scale. While the reasoning works for simple servers that get online immediately, it does not fit any of these use cases:
- server running mission-critical service - those servers are installed off-line, running in a testing mode for some time and only after that they are put into production environment
- workstations and home users - there, a user needs to be running full system as quickly as possible
So, one of the goals is to reduce the 2nd stage of installation to only the minimal set of steps.
Status in openSUSE 10.3
There are following steps in the 10.3 installation workflow:
- root password
- hostname and domain
- network hardware proposal
- test of internet access
- setup of updates repository
- application of the already released security and recommended updates
- adding non-root users
- release notes
- hardware configuration proposal
- congratulations screen
How to Simplify?There are several ways to simplify the workflow. It's easy to see that the only absolutely necessary step needed is entering the root password. However, having a normal user is also quite a good security policy, so this step should stay as well.
How to get rid of other steps?
The following steps can wait for the running system:
hostname and domain
test of internet access
setup of updates repository
application of the already released security and recommended updates
Hostname and domain is typically set by DHCP these days, or an admin knows how to set it up. The test of internet access can be easily done by starting Firefox or ping, and that's a typical first action of a user, right?
The question of security updates is a bit more complicated. Yes, it is very important to apply the security fixes as soon as possible, but frankly, who wants to wait for this before the machine can be used? Also, application of the updates are done by the applet, where the tendency is to have it as non-distracting as possible. So, the applet (and of course YaST Online Update (YOU) and zypper) could be enhanced to identify that there are no updates repositories set up and provide an easy option to do it. YOU already has this capability (it detects if there are not repositories containing patches). A final note: firewall is enabled by default during the whole installation.
What about the rest of the steps?
network hardware proposal
adding non-root users
hardware configuration proposal
The current proposal is to move the root password and adding of non-root users to the 1st stage, as they are mandatory for the system to be functional. This introduces quite interesting issues like checking the quality of root password as the cracklib dictionaries are big. Also, how to support LDAP, NIS and all other kinds of 'enterprise' authentication options (here, it would be possible to reactivate the needed parts of the interactive 2nd stage based on the input from the 1st stage).
This leaves us with 2 hardware-related proposals:
network hardware proposal
This contains both hardware proposal, but also configuration of firewall, proxy and remote administration. The hardware part could be easily handled by NetworkManager for workstations while servers need typically a complex static setup which is much easier done and is far less error-prone in the running system. For me, the only crucial part left is the firewall, specifically enabling of ssh access to the machine. Without this, you cannot remotely finish the configuration after the installation is done. OTOH, it's wise to activate the firewall with closed ssh port by default. A possible solution would be to move firewall to the 1st stage as well.
This one might be tricky. The installation currently configures printers, sound, X11 and TV cards. In most cases, sound and TV cards just work with the proposal. Both printers and X11 are heading in direction of autoconfiguration, although if X11 proposal breaks, this can be quite an issue for the system - anyway, I'd consider to be a bug and the X11 configuration that's used during the install is available in the running system as fallback as well. As soon as the system has any running X11, there is plenty of tools to fine-tune the setup. So, the proposal solution would be here to autoconfigure all hardware and leave the fine-tuning to the running system as well.
And of course, let's get rid of the congratulations screen ;-)
The ProposalSo, the summary of the proposed changes:
- root password -> 1st stage
- hostname and domain -> drop
- network hardware proposal -> NetworkManager + firewall in 1st stage
- test of internet access -> drop
- setup of updates repository -> opensuse-updater, zypper, YOU
- application of the already released security and recommended updates -> opensuse-updater, zypper, YOU
- adding non-root users -> 1st stage
- release notes -> 1st stage
- hardware configuration proposal -> autoconfigure in 1st stage
- congratulations screen -> drop
There are quite some assumptions and a big question if we can reach this state for 11.0 already, but in the end, the installation experience of openSUSE would be much improved in my opinion.
Note: This proposal is a result of my discussions with Coolo (who's driving the rewrite of the workflow), kobliha (who's maintaining YaST installation), Jiri Srain (one of the YaST team leads) and others.