DevHeads.net

RFC: Change the default hostname for Fedora 26+

For as long as I can recall, Fedora has shipped with a default hostname of
"localhost.localdomain"[1]. This default was "safe" for a very long time because
we also shipped an /etc/hosts entry that routed this hostname to the loopback
device for the benefit of some older system services (like sendmail).

However, having the default be the same on all systems introduces other
problems, notably with regards to acting as a client to FreeIPA or Active
Directory domain controllers.

When enrolling with one of these DCs, the machine's current hostname (up to the
first dot) is used to uniquely identify the machine into the domain. If the
machine's hostname is not unique in that domain, the enrollment will either fail
or the machine will take over that name (depending on the server-side
implementation). Neither case is likely to be what the user intended.

Some information on competing platforms:

Windows deals with this on for its systems by assigning all new machines a
random hostname of the form WIN-XXXXXXXXXXX (that's a strict count of 11 random
characters of either capital letters or decimal numerals after the WIN- prefix).
This is because there is a 15-character maximum limit on the machine-name in
Active Directory, after which it is simply truncated (which is a bad behavior,
but one we have to deal with).

Mac OS X and Ubuntu both require the user to pick a machine name at install time
explicitly. They do not autogenerate one at all.

SUSE generates a random name of the format linux-XXXXXX (I'm not sure how many
random characters).

My proposal is that we should consider changing the default hostname for Fedora
26 to be either FED-XXXXXXXXXXX or FEDORA-XXXXXXXX. The former allows for a
longer random string and therefore lower risk of collision in large
environments, while the latter would also provide improved branding for
Fedora[2]. Our default BASH shell prompt includes the current machine's hostname.

Thoughts on how to generate these random strings are of course up for
discussion. Given that initial machine creation may have limited available
entropy, we may want to avoid just calling out to /dev/random. Dusty Mabe
suggested in on IRC that one option might be to use either the first or last
8/11 characters from /etc/machine-id, since presumably those would be
sufficiently random.

[1] Unless there is a DHCP-assigned hostname, in which case it will use that.

[2] There is an ongoing discussion on the desktop@ list about how to subtly
brand the Workstation Edition such that when people are using it or showing it
to others, it is clear that it is *Fedora* as opposed to any other GNOME
distribution.

Comments

Re: RFC: Change the default hostname for Fedora 26+

By J.C. Cleaver at 11/10/2016 - 13:57

On 11/10/2016 8:45 AM, Richard W.M. Jones wrote:
It seems like that should be a policy decision made by an administrator
or user (or at least the spin/distro builder), especially if the
alternative means not having that flexibility at a low level of
infrastructure.

We're still being gently nudged to be using NM on actual servers, right?

-jc

Re: RFC: Change the default hostname for Fedora 26+

By Matthew Miller at 11/10/2016 - 07:30

On Thu, Nov 10, 2016 at 11:17:20AM +0100, Theodore Papadopoulo wrote:
We have something like this already in Firewall Zones. I think it would
be great to develop that further.

Re: RFC: Change the default hostname for Fedora 26+

By Sylvia at 11/09/2016 - 18:37

I think Matthew is right. Maybe we could set a behaviour in Fedora
Server or Cloud and another in Fedora Workstation?

Just an idea, Sylvia

On 09/11/16 14:32, Matthew Miller wrote:

Re: RFC: Change the default hostname for Fedora 26+

By Stephen Gallagher at 11/09/2016 - 00:05

On 11/08/2016 06:25 PM, Andrew Lutomirski wrote:

If this is a problem (and I'm not necessarily convinced it is), it's a problem
already for anyone using DHCP who set a hostname manually. The fact that the
default happens to be constant (and therefore indistinguishable) is a side-effect.

If this is something that is genuinely concerning from a privacy point of view,
then that should be changed in the DHCP client software rather than at the
default hostname level. If it's not acceptable to send a unique default hostname
then it must be equally unacceptable to send a manually selected hostname. (At
least a randomly-generated one is only unique; a chosen one may in fact be
possible to use for individual identification as well.)

Re: RFC: Change the default hostname for Fedora 26+

By Simo Sorce at 11/09/2016 - 09:02

On Tue, 2016-11-08 at 23:05 -0500, Stephen Gallagher wrote:
Although this is true, one thing we could do is set a default hostname
that is static ("fedora" or similar is fine), and teach the utilities
used to join an AD/IPA/etc.. domain to generate a new random hostname if
they detect the hostname is the generic "static" one.

Simo.

Re: RFC: Change the default hostname for Fedora 26+

By Przemek Klosowski at 11/09/2016 - 13:58

On 11/09/2016 08:02 AM, Simo Sorce wrote:

Re: RFC: Change the default hostname for Fedora 26+

By Louis Lagendijk at 11/09/2016 - 17:30

On Wed, 2016-11-09 at 12:58 -0500, Przemek Klosowski wrote:
Is using a unique volume group name not actually preferable. 
If one needs to add a disk from one machine to another it avoids the
problem of having 2 volume groups with the same name and therefore
overlapping LV names.
I got bitten by that once.

/Louis

Re: RFC: Change the default hostname for Fedora 26+

By J.C. Cleaver at 11/09/2016 - 17:44

On 11/9/2016 1:30 PM, Louis Lagendijk wrote:
The problem is that those VG/LV names are distinct from the host they're
a part of.... The only thing worse than a generic label for something is
an incorrect or misleading one, as happens occasionally with clones,
host renames or imaging a VM on top of that.

If we really don't have a better, persistent, local name for a system at
install time, then I don't see why reverting to /dev/VolGroup00/LogVol00
is horrible here. VG names should be human-readable and exist in a
namespace; shouldn't uniqueness should be from VG/LV UUIDs when we need it?

-jc

Re: RFC: Change the default hostname for Fedora 26+

By Richard W.M. Jones at 11/09/2016 - 18:48

On Wed, Nov 09, 2016 at 01:44:25PM -0800, Japheth Cleaver wrote:
We explicitly switched from VolGroup00/LogVol00 because it caused
problems if you tried to mount virtual machine disks on the host (of
course you should use libguestfs instead, but some people still try to
do this).

The bug was: <a href="https://bugzilla.redhat.com/show_bug.cgi?id=207470" title="https://bugzilla.redhat.com/show_bug.cgi?id=207470">https://bugzilla.redhat.com/show_bug.cgi?id=207470</a>

Why don't we just use randomized vgXXXXXX/lvXXXXXX names here,
independent of the hostname?

Rich.

Re: RFC: Change the default hostname for Fedora 26+

By Stephen Gallagher at 11/09/2016 - 14:25

On 11/09/2016 12:58 PM, Przemek Klosowski wrote:
That's actually another classic problem: the fact that the default hostname is
used for creating the partitions often causes issues for people who try to do a
new installation atop older Fedora installations.

Re: RFC: Change the default hostname for Fedora 26+

By Stephen Gallagher at 11/09/2016 - 09:13

On 11/09/2016 08:02 AM, Simo Sorce wrote:

I feel like that's solving a symptom (and one we'd have to keep solving every
time we encountered something for which a non-unique hostname would be a problem).

It's an option though, of course.

Re: RFC: Change the default hostname for Fedora 26+

By Simo Sorce at 11/09/2016 - 09:22

On Wed, 2016-11-09 at 08:13 -0500, Stephen Gallagher wrote:
I do not have any strong preference, as long as we do not break stuff
that works today.

Simo.

Re: RFC: Change the default hostname for Fedora 26+

By King InuYasha at 11/08/2016 - 19:28

On Tue, Nov 8, 2016 at 6:25 PM, Andrew Lutomirski < ... at mit dot edu> wrote:
The idea is that the hostname is randomly generated at install time.
It definitely is constant. And speaking from experience, not including
the hostname in DHCP requests breaks quite a few user expectations
(especially the ability to identify the computer by name).

Re: RFC: Change the default hostname for Fedora 26+

By Andrew Lutomirski at 11/08/2016 - 19:38

If this means that NetworkManager needs to generate a per-network random
client ID, so be it. IMO a per-installation value absolutely should not be
sent to a network that is not explicitly (on an opt-in basis) configured as
trusted.