[Freedombox-discuss] Kerberos and remctl instead of exmachina?

Jonas Smedegaard dr at jones.dk
Tue Sep 3 09:57:44 UTC 2013 

Quoting Tim Retout (2013-09-03 09:31:20)
> On 3 Sep 2013 08:10, "Jonas Smedegaard" <[1]dr at jones.dk> wrote:
>> What I am thinking is a CGI interface run as an isolated user (e.g. 
>> via uwsgi or apache2-suexec) talking to debconf.
> 1. Presumably debconf needs root privileges, so would you grant that user
> some limited sudo rights?

Yes.  No doubt there are even tighter schemes than that, but for sake of 
discussion let's just call it "sudo" for now, to keep focus on the 
larger picture of things.


> 2. The UI may also need to restart services, and these can take time. 
> Using a separate daemon (e.g. exmachina) to handle blocking calls 
> allows the web UI to call it asynchronously and show progress info to 
> the user, which is good for usability.

Ok.  I am no big fan of CGI over more elegant web interface designs.  
Again I was using a simple well-known mechanism for sake of discussion.

Specifically regarding exmachina, please note the beginning of this 
thread indicating that it is dead.  I recommend discussing real things 
(preferrably so real that they exist packaged in Debian and even better 
if in *stable* Debian so that we know that what we are talking about is 
really truly used and tested and stable and trusted in the wild).

...I would prefer an ugly but stable interface if that can provide us an 
actually usable FreedomBox earlier, and then worry about adding progress 
bars later.


> 3. I am sceptical that it will be possible to add debconf hooks for 
> every configuration choice needed by the FreedomBox UI.

I am confident that debconf handling of "every configuration choice" is 
an impossible task.

Providing debconf handling only of configuration choices actually needed 
for FreedomBox is another matter.


> The debian-edu project handles more complex configuration using 
> cfengine - if they found it necessary, I suspect this project will. (I 
> believe Petter might know more about this than me.)

Debian Edu is a far bigger system e.g. including diskless clients 
running desktop applications.

Goal of Debian Edu is minimizing system administration to 1 hour per 
week (or some such number).  FreedomBox must have *zero* administration.

Therefore I see debconf as the *only* possibility we have: Debian 
package maintainers *must* support the configurations that we need for 
FreedomBox, as there are noone else between them and the 
(non-technical!) user.


> A web interface for server management is a really interesting problem, 
> and I think it's worth solving properly. I'd be interested to hear 
> what you think.

I think it should be kept at a minimum!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130903/e79dc94e/attachment-0001.sig>

More information about the Freedombox-discuss mailing list