Fedora Server interactive local installation

Screenshots needed

1. GRUB Boot Screen
2. "Installation Summary" Screen
3. "Installation Destination" Screen
4. "Manual Partitioning" Screen

Things that need to be edited out

• Caution: Need to check netwrk installation with Release 37 medium!
• Caution: Need to upgrade the screen shoot when RC 1 is available (without preview admonition)

Change suggestions

1. Proposed change: Under "Installation Source"

In a standard ("DVD") installation, Anaconda uses "Local media" by default. Do not change anything.

• Possible rewording:

In a standard installation (using the "Standard ISO image"), Anaconda uses "Local media" which will pull packages from the ISO image on your install media.

• since getfedora.org doesn't mention "DVD" and most users will write the ISO image to a USB, I think it is better to use the terminology on the download page.
• "Do not change anything." I felt this was strong language that was unnecessary to use, unless it would mess up the installation to make a different choice. I thought it better to explain the reason for the default setting instead.

1. Proposed change: Under "Networking"

The network configuration should get edited before configuring the installation target. The hostname goes into the naming and replaces

• Possible rewording:

Before configuring the Installation Destination configure the Network & Host Name to give your server a hostname. The new hostname can be entered at the bottom of this screen and then pressing the Apply button.

• For consistency I have changed the configuration sections to their actual names on the installation screen.
• Additionally, the 2nd sentence seemed incomplete.

1. Proposed change: Under "Installation Destination"

In any case. select one (or more) disks on the system to be installed that are to be included in the Server installation. Additionally, you can include e.g. SAN or other network drives into the installation right here. This will save you later some administration work. We don’t get further into this here, allthough.

• Possible rewording:

Select one or more disks where Fedora Server will be installed. You may also include a SAN (Storage Attached Network) or other network attached drives as part of your Fedora Server install in this same configuration screen. However, this configuration is not covered here in this installation guide.

• This rewrite saves a few words, cleans up some grammar, and defines an acronym.

1. Proposed change: Under "Recommended storage organization and partitioning"

If the storage organization...

• Possible rewording:

If you are satisfied with the Fedora Server default hard disk partitioning, you can leave Automatic checked under Storage Configuration. If the disks already contain partitions and file systems, you will want to select the option "Free up space by removing or shrinking existing partitions". A window will open after you click Done giving you the opportunity to delete partitions and file systems to make space for your Fedora Server installation on the install disks.

1. Proposed change: Under "Custom storage organization"

Select Custom Storage Configuration instead of Automatic and select Done int the upper bar. Anaconda will take you to the Manual Partitioning form.

• Possible rewording:

Select Custom Storage Configuration instead of Automatic and select Done in the upper bar. Anaconda will take you to the Manual Partitioning form.

• fixed spelling mistake

1. Proposed change: Under "Raid configuration"

If there is more than one disk available, the default partitioning creates, on each of the other disks, one big partition with a Physical Volume (PV) and adds it to the VG.

• What does "VG" stand for, perhaps give the actual terms followed by "(VG)". I'm not sure what "VG" stands for.

For details see the Creating Software RAID section of the Installation Guide. NOTE: both of these links are to the Fedora 35 version of the docs. Please confirm your are using that version or find the same docs for your version.

• Would it be possible to have these links updated with Fedora 37 versions?

Note: Just in case you need a DOS/MBR partitioning scheme for some goot reason, you can override the GPT default by adding xxxx to the kernel boot parameter at the initial boot screen.

• Spelling change: "goot" to "good"

1. Proposed change: Under "Creating users"

At first ...

• Possible rewording:

First, decide if you desire to have a root account on Fedora Server. Anaconda's default configuration disables the root account to prevent malicious actors from logging in as root. Instead, Anaconda requires a user account that can acquire administrative privileges using sudo.

It is possible to secure root access using an ssh key file, but server administrators may desire to retain the ability to have root access with a password through an attached console or Cockpit login. If you decide that you would like to have password access to the root account, select Root Account, then Enable root account, and enter a password for the root account in the form that appears. For security reasons, ssh login as root is only allowed with an ssh key file by default. You are not encouraged to modify this security setting by clicking on the option, "Allow root SSH login with password".

Second, select User Creation to create a user account for Fedora Server. You are encouraged to keep the default options of "Add administrative privileges to this user account" and "Require a password to use this account" checked. Unless you have decided against the security practice of not allowing root access with a password, your user account will need these options to have administrative access to the server after installation of Fedora Server.

• I'm a little unsure of the last paragraph, but I thought it was a little clearer than what is currently in the documentation.

1. Proposed change: Under "Time zone and time synchronization"

For the operation...

• Possible rewording:

You may want to check Time & Date on the Installation Summary page to ensure that you have the correct time zone and Network Time is activated. These settings ensure that your server will regularly synchronize its time with a trusted source. Having the correct time on your server will make tasks like finding events at a specific time and date in your log files easier.

Review of "Post Installation Tasks"

Change suggestions

1. Proposed change: Intro Paragraph

This guide...

• Possible rewording:

This guide offers a recommended checklist of tasks to ensure the safe and reliable operation of Fedora Server. System administrators may choose whether these tasks apply to their specific use case.

• This is mostly a suggested style change, and my attempt to use a more "active" voice in the directions, and lessens slightly the tone of the introduction.

1. Proposed changes: Under "First login after installation"

• consider dropping "additionally" in the first paragraph.

• I believe using "$" instead of "#" seems more appropriate for these line because you would be using the ssh command from your desktop's user account not the root account.

  […]# ssh hostmin@hostexample.com
  hostmin@host.example.com's password:
  […]# sudo su -

• spelling correction: "[sudo] Passwort for hostmin:" should be "[sudo] password for hostmin:"

• As above I believe it would be more correct to do all of this in your user account on your desktop instead of your root account, so the promote would have "$" instead of "#".

  […]# mkdir ~/.ssh
  […]# chmod 700 ~/.ssh
  […]# cd ~/.ssh
  […]# ssh-keygen -t rsa -b 4096 -C "root@host.example.com" -f ~/.ssh/<outputkeyfile>
  […]# ssh-copy-id -i $outputkeyfile.pub hostmin@host.example.com
  […]# vi ~/.ssh/config
  Host myhost
  Hostname host.example.com
  User hostmin
  ProxyCommand none
  ForwardAgent no
  ForwardX11 no
  Port 22
  KeepAlive yes
  IdentityFile ~/.ssh/$outputkeyfile
  […]# ssh myhost

1. Proposed changes: Under "2. Disable system users password login"

• consider a title change: "2. Disable SSH Login with passwords for system users"

• consider rephrasing: "Is anyone else is rejected with the message "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)" to "Are other users rejected with the message "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"

• consider rephrasing: "If this does not work: Check whether the latest update has been installed. The file /etc/ssh/sshd_config.d/50-redhat.conf there should not include a line „PasswordAuthentication yes“ (as this is already the default and should not be repeated in order not to hinder other configurations)." to "If other users are able to log in with a password besides your know authorized user, install the latest updates. Also, check the file /etc/ssh/sshd_config.d/50-redhat.conf to make sure that it does not include the line "PasswordAuthentication yes" (as this is already the default and should not be repeated or else it could hinder other configurations)."

1. Proposed changes: Under "4. Increase security of Cockpit access"

• consider the following correction in the first paragraph: "Instead, access Cockpit in of three secure alternatives described below." to "Instead, access Cockpit in one of the three secure alternatives described below."

1. Proposed changes: Under "5. Optionally: Set up root login via key file"

• as before, it is described as the "desktop user" so I believe the console output should have "$" instead of "#".

  […]# mkdir ~/.ssh
  […]# cd ~/.ssh
  […]# ssh-keygen -t rsa -b 4096 -C "root@example.com" -f <outputkeyfile>

• also in this line which is console output that comes later:

  […]# sftp hostmin@example.com

1. Proposed change: Under "12. Fedora 35 only: Consolidate systemd-resolved configuration"

• Since at the release of Fedora 37 plus one month (I think this is how this works.) Fedora 35 will be End of Life could we just eliminate this in the Fedora 37 documentation? I'm guessing that it would still be in the Fedora 35 and Fedora 36 documentation, so if someone was still trying to use an out of date server the information would be available.

1. Proposed change: "13. Finally update system and install additional software"

• consider the following change: "Of course, 'useful software' concretizes itself differently depending on the user and application context." to "Of course, 'useful software' varies depending on the use case or applications that will be run on Fedora Server." ("concretizes" is a fun word, but not the most common of words in American English usage).

Both Guides updated as proposed with one exception: commented out the link and text about Fedora Installation Guide, which is really outdated and will probably be removed from F37 according to docs planning.

I'm glad you found my reviews useful. Thanks for all the work you have done to add my proposed suggestions to the documentation.

Everything published and online. Close the ticket.