UbuntuCentralizedServiceAdministrator

Differences between revisions 1 and 16 (spanning 15 versions)
Revision 1 as of 2008-03-12 06:11:27
Size: 2010
Editor: 190
Comment:
Revision 16 as of 2009-03-06 19:37:22
Size: 6524
Editor: ldng
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
 * '''Code''': [https://launchpad.net/ucsa https://launchpad.net/ucsa]  * '''Code''': [[https://launchpad.net/ucsa|https://launchpad.net/ucsa]]
Line 8: Line 8:
'''Release Target''': Ibex '''Release Target''': Ubuntu 10.04
Line 12: Line 12:
Create a tool for centralized server administration, maintenance and configuration. This tool should provide a easy, but powerful user interface based on curses and have support for dynamic module inclusion to add support for new services or packages. Create a tool for centralized server administration, maintenance and configuration. This tool should provide an easy, but powerful user interface based on curses and have support for dynamic module inclusion to add support for new services or packages.
Line 18: Line 18:
Ubuntu has the goal to be 'Linux for human beings', on the desktop the goal has been reached, but on the server side there is no easy and unique way to administrate, configure or maintain the services. Also the current tools are web based, that in a not secure environment can be a security issue, or are GUI based ones, which are not adapted for the servers environments. Also the current tools are very limited and most of them make some non standard configurations files, which make difficult for sysadmins to tune their services. Ubuntu has the goal to be 'Linux for human beings', on the desktop the goal has been reached, but on the server side there is no easy and unique way to administrate, configure or maintain the services. Also the current recommended tools are web based (e.g. eBox), which involves running a web server and can be a security issue, or are GUI based, which are not adapted for the servers environments. Also the current tools are very limited and most of them make some non standard configurations files, which make difficult for sysadmins to tune their services.
Line 22: Line 22:
Alice has a small business and want to add some network services but she has no idea of how to configure them. Alice can use the ucsa UI to help her doing the job. Alice has a small business and wants to add some network services but she has no idea how to configure them. Alice can use the ucsa UI to help her do the job.
Line 24: Line 24:
Bob installs a file server for his small business, he want to use a common configuration with some tunning at the end. Bob can use ucsa to do the base configuration for him and then edit the config files by hand to do the tunning. Bob installs a file server for his small business, he want to use a common configuration with some tunning at the end. Bob can use ucsa to do the base configuration and then edit the config files by hand to do the tuning.
Line 28: Line 28:
The tool will allow users to manage configurations and to administrate the services. However, to fully integrate with the system, packages (services?) should provide a file (or a line in a centralized one) saying that it's installed. However we can change that and make the services provide the augeas lenses, so Ucsa will only open those services.
Line 30: Line 32:
The tool will use [[http://augeas.net|augeas]] as backend, which will manage the configuration files (open, edit and write), the tool will only offer a frontend to libaugeas and a separately curses interface, which will provide a form-like presentation of the file and will pass the files to the augeas tree for it to write it to the config file.
Line 31: Line 35:
There will be no problems with the migration since augeas manages all the config files, and it allows any formats and personal changes to them.
Line 33: Line 38:
First libaugeas is needed on the archives, then we need to write lenses for the most common files, when we are comfortable with the number of lenses the tool will start to be written.
Line 37: Line 43:
Augeas package is waiting for review on revu.
Line 39: Line 46:
Install a service, see if ucsa recognizes it and make some changes to the configuration. Then edit the config file by hand adding new directives (not supported by ucsa) and some comments, open ucsa again, make more changes and save again, it won't break anything.
Line 42: Line 50:
[[http://augeas.net|Augeas]] still doesn't have lenses for all services, it's needed first of all to write lenses for the most common services.

ddumont: Depending on the lense, Augeas may not provide validation of entered data. For instance, it is currently possible to
do "set /files/etc/ssh/sshd_config/Toto titi" and find an unvalid keyword in sshd_config. So Augeas is a great project, but a lot of work is still needed to provide a safe configuration tool for users.
Line 44: Line 57:
=== Meeting Notes 2007/10/29 === === Meeting Notes 2008/05/?? ===
Line 47: Line 60:
JonathanJesse: All backends must provide for reporting, especially a centralized reporting system. A system admin needs to be able find the status across all devices (servers, workstations, mobile, etc). Also the admin will need to be able to answer the question: "How many of devices have X?" where X can be memory, program or other. I like that you are talking about XML already as it is great for storing data and transmitting that data. I feel that a web server does provide the graphical interface needed to present the data and make configuration changes. See http://www.spiceworks.com for a free implementation of a process that provides inventory/network discovery/software deployment. For paid for services see http://www.altiris.com, http://landesk.com, http://kace.com. Note: I am a consultant on the Altiris product set and need to be careful this doesn't copy Altiris to closely if I am going to be involved in it.

NealMcBurnett: note related discussions on the server team list about "Centrilized managment console", "More discussion: GUI, blogs, and pizza", "Bug 2 review pls", etc. at https://lists.ubuntu.com/archives/ubuntu-server/2008-June/thread.html

Note related projects like
 * eBox: EboxSpec
 * Webmin: https://help.ubuntu.com/community/WebMin
 * http://augeas.net/ : Unified API to edit system configuration files
 * Capistrano: http://www.capify.org/ - automating tasks via SSH on remote servers
 * Fabric : http://www.nongnu.org/fab/ - simple pythonic deployment
 * [[http://config-model.wiki.sourceforge.net/|Config::Model]] A Perl framework to provide common UI ([[http://freshmeat.net/projects/config-model-tkui/|Perl/TK]] and [[http://freshmeat.net/projects/config-model-cursesui/|Curses]]) for editing configuration files. Help is provided inline to users and entered data is validated at editing time. See [[http://freshmeat.net/projects/config-model-openssh/|sshd_config editor]] for instance. Also available on [[http://search.cpan.org/~ddumont/|CPAN]]
 * Brian J. Murrell's insights from 2003: http://www.mail-archive.com/cooker@linux-mandrake.com/msg107191.html
 * MDS: http://brainstorm.ubuntu.com/idea/2301/

mkaufmann: It would be a good Idea to integrate an Hardware/Software-Inventory. Since 8.04 OCS NG (see http://www.ocsinventory-ng.org/). With the Inventory the Admin have a good overview over the Clients and Servers in the local net. Björn Sundberg started a new Project, a OCS-Client written in Python (see: https://answers.launchpad.net/pyocsclient)

ddumont: Well, it depends on the scope of this project. Reading the summary, I think the scope is the user's machine, not a cluster.

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

Release Target: Ubuntu 10.04

Name: ucsa (Ubuntu Centralized Service Administrator)

Create a tool for centralized server administration, maintenance and configuration. This tool should provide an easy, but powerful user interface based on curses and have support for dynamic module inclusion to add support for new services or packages.

Release Note

Rationale

Ubuntu has the goal to be 'Linux for human beings', on the desktop the goal has been reached, but on the server side there is no easy and unique way to administrate, configure or maintain the services. Also the current recommended tools are web based (e.g. eBox), which involves running a web server and can be a security issue, or are GUI based, which are not adapted for the servers environments. Also the current tools are very limited and most of them make some non standard configurations files, which make difficult for sysadmins to tune their services.

Use Cases

Alice has a small business and wants to add some network services but she has no idea how to configure them. Alice can use the ucsa UI to help her do the job.

Bob installs a file server for his small business, he want to use a common configuration with some tunning at the end. Bob can use ucsa to do the base configuration and then edit the config files by hand to do the tuning.

Assumptions

The tool will allow users to manage configurations and to administrate the services. However, to fully integrate with the system, packages (services?) should provide a file (or a line in a centralized one) saying that it's installed. However we can change that and make the services provide the augeas lenses, so Ucsa will only open those services.

Design

The tool will use augeas as backend, which will manage the configuration files (open, edit and write), the tool will only offer a frontend to libaugeas and a separately curses interface, which will provide a form-like presentation of the file and will pass the files to the augeas tree for it to write it to the config file.

Migration

There will be no problems with the migration since augeas manages all the config files, and it allows any formats and personal changes to them.

Implementation

First libaugeas is needed on the archives, then we need to write lenses for the most common files, when we are comfortable with the number of lenses the tool will start to be written.

Rollout

Status

Augeas package is waiting for review on revu.

Test/Demo Plan

Install a service, see if ucsa recognizes it and make some changes to the configuration. Then edit the config file by hand adding new directives (not supported by ucsa) and some comments, open ucsa again, make more changes and save again, it won't break anything.

Outstanding Issues

Augeas still doesn't have lenses for all services, it's needed first of all to write lenses for the most common services.

ddumont: Depending on the lense, Augeas may not provide validation of entered data. For instance, it is currently possible to do "set /files/etc/ssh/sshd_config/Toto titi" and find an unvalid keyword in sshd_config. So Augeas is a great project, but a lot of work is still needed to provide a safe configuration tool for users.

BoF agenda and discussion

Meeting Notes 2008/05/??

Comments

JonathanJesse: All backends must provide for reporting, especially a centralized reporting system. A system admin needs to be able find the status across all devices (servers, workstations, mobile, etc). Also the admin will need to be able to answer the question: "How many of devices have X?" where X can be memory, program or other. I like that you are talking about XML already as it is great for storing data and transmitting that data. I feel that a web server does provide the graphical interface needed to present the data and make configuration changes. See http://www.spiceworks.com for a free implementation of a process that provides inventory/network discovery/software deployment. For paid for services see http://www.altiris.com, http://landesk.com, http://kace.com. Note: I am a consultant on the Altiris product set and need to be careful this doesn't copy Altiris to closely if I am going to be involved in it.

NealMcBurnett: note related discussions on the server team list about "Centrilized managment console", "More discussion: GUI, blogs, and pizza", "Bug 2 review pls", etc. at https://lists.ubuntu.com/archives/ubuntu-server/2008-June/thread.html

Note related projects like

mkaufmann: It would be a good Idea to integrate an Hardware/Software-Inventory. Since 8.04 OCS NG (see http://www.ocsinventory-ng.org/). With the Inventory the Admin have a good overview over the Clients and Servers in the local net. Björn Sundberg started a new Project, a OCS-Client written in Python (see: https://answers.launchpad.net/pyocsclient)

ddumont: Well, it depends on the scope of this project. Reading the summary, I think the scope is the user's machine, not a cluster.


CategorySpec

UbuntuCentralizedServiceAdministrator (last edited 2009-03-06 19:37:22 by ldng)