[Freedombox-discuss] FBx config mgmt update
bnewbold at robocracy.org
bnewbold at robocracy.org
Tue Jul 10 19:45:04 UTC 2012
Spoke with James and a few others here at the OpenITP event, notes and a
rought plan are below. Some of this feels like reinventing the wheel; a
future/mature implementation might use:
D-Bus for message passing, PolicyKit for access control, Augeas for
read/write
or
building off ubus (IPC from OpenWrt) and netif (network interface
configuration from OpenWrt), extending with augeas configuration
or
libassuan (from GPG) to handle narrow scope trusted IPC
But for now i'm just going to bang something out so that plinth can use
the python-augeas interface through an access controlled unix domain pipe.
-----------------------------------------------------------------------------
requirements/compromises:
- scope of configuration middleware is "regular" system files, mostly in /etc
(no user/identity management)
- files should be edited "in place"
- local changes should be respected
- single root/wheel permissions level for reading, writing, and applying changes
- configuration "versioning" taken as a seperate problem from editing
- "client code" (aka plinth) is responsible for semantic/logical validation,
and service restarts
new program: "exmachina: hand of root"
configuration management daemon which runs with root permissions,
listens on a unix domain socket with access controlled by filesystem
permissions. uses a very simple api to provide access to augeas
configuration file editing and service restarts.
plinth/apache, running not-as-root, is passed access at startup (ENV vars?
file handle pass?)
single-thread, serializes edits
simple, written in python (for now), including python "client library"
which replicates python-augeas interface
extra features (somedaymaybe):
general purpose ncurses, gui, or web interface
no-downtime reloads of daemon via HUP (a la nginx)
fine-grain ACL
dpkg installation
general purpose features: process execution, package installation, file
read/write
-bryan
More information about the Freedombox-discuss
mailing list