Deprecate Zezere Provisioning Server (IoT)

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Wiki
Announced

Summary

Deprecate use of the Zezere provisioning server, currently used to configure Fedora IoT devices.

Owner

• Name: Paul Whalen
• Email: pwhalen@fedoraproject.org
• Name: Fedora IoT SIG

Detailed Description

Currently, Fedora IoT users can add an SSH key to the root user account using the Zezere provisioning tool. While convenient for most use cases, users have given feedback that this does not work for all. In Fedora 42 we plan to deprecate the Zezere provisioning server in favour of offering a local means for user configuaration - systemd-firstboot - as well as the existing options of FDO or ignition.

Feedback

Benefit to Fedora

The Zezere provisioning tool has not worked well for all Fedora IoT users. Deprecation will allow us to replace this configuration method with something that is more robust, well tested and already installed by default with systemd.

Scope

• Proposal owners:

  • Remove Zezere from the installed packages, enable systemd-firstboot and ensure its compatible with IoT systems
  • Document the change

• Other developers: N/A

• Release engineering: #Releng issue number

• Policies and guidelines: N/A (not needed for this Change)

• Trademark approval: N/A (not needed for this Change)

• Alignment with the Fedora Strategy:

Upgrade/compatibility impact

None.

Early Testing (Optional)

Do you require ‘QA Blueprint’ support? N

How To Test

To test, users will need to provision a new Fedora IoT system after the change is made to enable systemd-firstboot.

User Experience

Users who have been unable to use Zezere will have an easier and more straight forward way to configure their system resulting in less frustration during the critical first boot experience.

Dependencies

Contingency Plan

• Contingency mechanism: Continue to include Zezere as we do today.

Documentation

• Fedora IoT Getting started guide will be updated to reflect the change and new configuration option.

Release Notes

Last edited by @amoloney 2025-01-15T22:43:25Z

Last edited by @amoloney 2025-01-15T22:43:25Z

How do you feel about the proposal as written?

If you are in favor but have reservations, or are opposed but something could change your mind, please explain in a reply.

We want everyone to be heard, but many posts repeating the same thing actually makes that harder. If you have something new to say, please say it. If, instead, you find someone has already covered what you’d like to express, please simply give that post a instead of reiterating. You can even do this by email, by replying with the heart emoji or just “+1”. This will make long topics easier to follow.

Please note that this is an advisory “straw poll” meant to gauge sentiment. It isn’t a vote or a scientific survey. See About the Change Proposals category for more about the Change Process and moderation policy.

This change proposal has now been submitted to FESCo with ticket #3358 for voting.

To find out more, please visit our Changes Policy documentation.

Remove Zezere from the installed packages, enable systemd-firstboot and ensure its compatible with IoT systems

This sounds like a removal / migration, not a deprecation?

I feel like this proposal is extremely barebones. “We’ll turn off this thing that doesn’t work for some people (but works for others) and we’ll turn on systemd-firstboot and update documentation.”

What exactly is the plan for dealing with headless IoT devices? Using systemd-firstboot via serial cable?

Will someone at least write some functional documentation (a HOWTO) for setting up FDO enrollment? Can you work with the Fedora Server SIG to get the FDO server pieces added to their ever-growing library of linux-system-roles Ansbile tools?