[Freedombox-discuss] FBx config mgmt update

bnewbold at robocracy.org bnewbold at robocracy.org
Tue Jul 10 19:45:04 UTC 2012 

Spoke with James and a few others here at the OpenITP event, notes and a 
rought plan are below. Some of this feels like reinventing the wheel; a 
future/mature implementation might use:

   D-Bus for message passing, PolicyKit for access control, Augeas for
   read/write

     or

   building off ubus (IPC from OpenWrt) and netif (network interface
   configuration from OpenWrt), extending with augeas configuration

     or

   libassuan (from GPG) to handle narrow scope trusted IPC

But for now i'm just going to bang something out so that plinth can use 
the python-augeas interface through an access controlled unix domain pipe.

-----------------------------------------------------------------------------

requirements/compromises:
- scope of configuration middleware is "regular" system files, mostly in /etc
   (no user/identity management)
- files should be edited "in place"
- local changes should be respected
- single root/wheel permissions level for reading, writing, and applying changes
- configuration "versioning" taken as a seperate problem from editing
- "client code" (aka plinth) is responsible for semantic/logical validation,
   and service restarts

new program: "exmachina: hand of root"
   configuration management daemon which runs with root permissions,
   listens on a unix domain socket with access controlled by filesystem
   permissions. uses a very simple api to provide access to augeas
   configuration file editing and service restarts.

   plinth/apache, running not-as-root, is passed access at startup (ENV vars?
   file handle pass?)

   single-thread, serializes edits

   simple, written in python (for now), including python "client library"
   which replicates python-augeas interface

extra features (somedaymaybe):
   general purpose ncurses, gui, or web interface
   no-downtime reloads of daemon via HUP (a la nginx)
   fine-grain ACL
   dpkg installation
   general purpose features: process execution, package installation, file
       read/write

-bryan

More information about the Freedombox-discuss mailing list