[Freedombox-discuss] FBx config mgmt update
Melvin Carvalho
melvincarvalho at gmail.com
Mon Jul 23 16:00:07 UTC 2012
On 10 July 2012 21:45, <bnewbold at robocracy.org> wrote:
>
> Spoke with James and a few others here at the OpenITP event, notes and a
> rought plan are below. Some of this feels like reinventing the wheel; a
> future/mature implementation might use:
>
> D-Bus for message passing, PolicyKit for access control, Augeas for
> read/write
>
> or
>
> building off ubus (IPC from OpenWrt) and netif (network interface
> configuration from OpenWrt), extending with augeas configuration
>
> or
>
> libassuan (from GPG) to handle narrow scope trusted IPC
>
> But for now i'm just going to bang something out so that plinth can use
> the python-augeas interface through an access controlled unix domain pipe.
>
> ------------------------------**------------------------------**
> -----------------
>
> requirements/compromises:
> - scope of configuration middleware is "regular" system files, mostly in
> /etc
> (no user/identity management)
> - files should be edited "in place"
> - local changes should be respected
> - single root/wheel permissions level for reading, writing, and applying
> changes
> - configuration "versioning" taken as a seperate problem from editing
> - "client code" (aka plinth) is responsible for semantic/logical
> validation,
> and service restarts
>
> new program: "exmachina: hand of root"
> configuration management daemon which runs with root permissions,
> listens on a unix domain socket with access controlled by filesystem
> permissions. uses a very simple api to provide access to augeas
> configuration file editing and service restarts.
>
> plinth/apache, running not-as-root, is passed access at startup (ENV
> vars?
> file handle pass?)
>
> single-thread, serializes edits
>
> simple, written in python (for now), including python "client library"
> which replicates python-augeas interface
>
> extra features (somedaymaybe):
> general purpose ncurses, gui, or web interface
> no-downtime reloads of daemon via HUP (a la nginx)
> fine-grain ACL
> dpkg installation
> general purpose features: process execution, package installation, file
> read/write
>
BTW I came across this bootstrap 2 based admin console for sale for $20
lately
http://wbpreview.com/previews/WB00U99JJ/
Perhaps some ideas for jazzing up plinth?
>
> -bryan
>
> ______________________________**_________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.**alioth.debian.org<Freedombox-discuss at lists.alioth.debian.org>
> http://lists.alioth.debian.**org/cgi-bin/mailman/listinfo/**
> freedombox-discuss<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120723/79f6c16a/attachment.html>
More information about the Freedombox-discuss
mailing list