Tuesday, February 26, 2008

Getting Rid of 2nd Stage of Installation

As you are already aware, we are re-designing the installation workflow for openSUSE 11.0. One of the goals is to simplify the installation, for example by reducing the number of steps needed to finish the installation.

The area of most of the steps is the 2nd stage of installation (after reboot). We internally call this the configuration of the new system and it consists of several steps giving the user maximum flexibility to setup the system before it starts in a full-scale. While the reasoning works for simple servers that get online immediately, it does not fit any of these use cases:
  1. server running mission-critical service - those servers are installed off-line, running in a testing mode for some time and only after that they are put into production environment
  2. workstations and home users - there, a user needs to be running full system as quickly as possible

So, one of the goals is to reduce the 2nd stage of installation to only the minimal set of steps.

Status in openSUSE 10.3

There are following steps in the 10.3 installation workflow:
  1. root password
  2. hostname and domain
  3. network hardware proposal
  4. test of internet access
  5. setup of updates repository
  6. application of the already released security and recommended updates
  7. adding non-root users
  8. release notes
  9. hardware configuration proposal
  10. congratulations screen
All of those steps are always presented during the installation except for 5) and 6). This makes the 2nd stage in the easiest case quite some 'Next' clicks. Yes, quite some of them can be already skipped, but this also means more clicks and it's a different purpose (avoid setting the particular part during installation).

How to Simplify?

There are several ways to simplify the workflow. It's easy to see that the only absolutely necessary step needed is entering the root password. However, having a normal user is also quite a good security policy, so this step should stay as well.

How to get rid of other steps?

The following steps can wait for the running system:

hostname and domain
test of internet access
setup of updates repository
application of the already released security and recommended updates

Hostname and domain is typically set by DHCP these days, or an admin knows how to set it up. The test of internet access can be easily done by starting Firefox or ping, and that's a typical first action of a user, right?

The question of security updates is a bit more complicated. Yes, it is very important to apply the security fixes as soon as possible, but frankly, who wants to wait for this before the machine can be used? Also, application of the updates are done by the applet, where the tendency is to have it as non-distracting as possible. So, the applet (and of course YaST Online Update (YOU) and zypper) could be enhanced to identify that there are no updates repositories set up and provide an easy option to do it. YOU already has this capability (it detects if there are not repositories containing patches). A final note: firewall is enabled by default during the whole installation.

What about the rest of the steps?

root password
network hardware proposal

adding non-root users
release notes
hardware configuration proposal
congratulations screen

The current proposal is to move the root password and adding of non-root users to the 1st stage, as they are mandatory for the system to be functional. This introduces quite interesting issues like checking the quality of root password as the cracklib dictionaries are big. Also, how to support LDAP, NIS and all other kinds of 'enterprise' authentication options (here, it would be possible to reactivate the needed parts of the interactive 2nd stage based on the input from the 1st stage).

This leaves us with 2 hardware-related proposals:

network hardware proposal
This contains both hardware proposal, but also configuration of firewall, proxy and remote administration. The hardware part could be easily handled by NetworkManager for workstations while servers need typically a complex static setup which is much easier done and is far less error-prone in the running system. For me, the only crucial part left is the firewall, specifically enabling of ssh access to the machine. Without this, you cannot remotely finish the configuration after the installation is done. OTOH, it's wise to activate the firewall with closed ssh port by default. A possible solution would be to move firewall to the 1st stage as well.

hardware proposal
This one might be tricky. The installation currently configures printers, sound, X11 and TV cards. In most cases, sound and TV cards just work with the proposal. Both printers and X11 are heading in direction of autoconfiguration, although if X11 proposal breaks, this can be quite an issue for the system - anyway, I'd consider to be a bug and the X11 configuration that's used during the install is available in the running system as fallback as well. As soon as the system has any running X11, there is plenty of tools to fine-tune the setup. So, the proposal solution would be here to autoconfigure all hardware and leave the fine-tuning to the running system as well.

congratulations screen
And of course, let's get rid of the congratulations screen ;-)

The Proposal

So, the summary of the proposed changes:
  1. root password -> 1st stage
  2. hostname and domain -> drop
  3. network hardware proposal -> NetworkManager + firewall in 1st stage
  4. test of internet access -> drop
  5. setup of updates repository -> opensuse-updater, zypper, YOU
  6. application of the already released security and recommended updates -> opensuse-updater, zypper, YOU
  7. adding non-root users -> 1st stage
  8. release notes -> 1st stage
  9. hardware configuration proposal -> autoconfigure in 1st stage
  10. congratulations screen -> drop

There are quite some assumptions and a big question if we can reach this state for 11.0 already, but in the end, the installation experience of openSUSE would be much improved in my opinion.

Note: This proposal is a result of my discussions with Coolo (who's driving the rewrite of the workflow), kobliha (who's maintaining YaST installation), Jiri Srain (one of the YaST team leads) and others.

Thursday, February 21, 2008

YaST User Interface Library is now independent of YaST

Thanks to hard work of the YaST team hackers HuHa, Bubli, Ricardo and others, the YaST user interface library is now fully independent of the YaST infrastructure. What does it mean? In short, there is now a standalone C++ library that provides API independent of particular toolkit. The current backends are Qt, Gtk+ and ncurses, so the same code can have use the interface written in any of those.

The YaST UI library provides a very simple API to build rather complex but still consistent user interfaces. The particular implementation of the interface depends on the chosen backend - Qt, Gtk+ or ncurses. The primary target for this library is YaST, Yet Another Setup Tool developed for installation and configuration of SUSE products.

However, the library was very deeply tied to the rest of YaST infrastructure which made it nearly impossible to use it outside of YaST. Not anymore. Very soon, there will be packages available in openSUSE that provide the library independently of YaST, so any application that might need to provide both graphical as well as textual interface can easily do so. They provide also examples how to use the library from pure C++.

For future, I believe it makes sense to have a shiny new name for this library (YUI also means Yahoo UI) and I've tried to persuade the team on their IRC channel, but there were no good proposals for those. So, for now, we have the great functionality unleashed outside of YaST, with the old and pretty generic name YUI. Happy hacking!

Wednesday, February 20, 2008

First blog

OK, so this is my first blog post, so nothing really groundbreaking. I need to learn how this really works and hopefully to start posting something really interesting in a near future.