UbuntuCentralizedServiceAdministrator

Differences between revisions 6 and 16 (spanning 10 versions)
Revision 6 as of 2008-06-06 20:40:20
Size: 4554
Editor: c-67-165-213-225
Comment: link to server team discussion, eBox, webmin, augeas,
Revision 16 as of 2009-03-06 19:37:22
Size: 6524
Editor: 84
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
 * '''Code''': [https://launchpad.net/ucsa https://launchpad.net/ucsa]  * '''Code''': [[https://launchpad.net/ucsa|https://launchpad.net/ucsa]]
Line 28: Line 28:
The tool will allow users to manage configurations and to administrate the services. However, to fully integrate with the system, packages (services?) should provide meta-data regarding information about configuration files and managment of the services for easily maintaince of the tool. The tool will still be useful during the transition when packages are not providing this information. The tool will allow users to manage configurations and to administrate the services. However, to fully integrate with the system, packages (services?) should provide a file (or a line in a centralized one) saying that it's installed. However we can change that and make the services provide the augeas lenses, so Ucsa will only open those services.
Line 32: Line 32:
The tool will have backends for every service and, if present, will use metadata from the services provided by the package. The metadata could be defined by the packager (or maintainer) or upstream. These backends will be used by the interface, which will be developed as modules so they can be called by the Frame application for centralized management, also those interfaces could be used separete from the tool, but won't present a curses (or graphical) interface.

The interfaces, or formularies, will be defined in XML files and interpreted by the frame to present them to the user, this xml should be generated using the metadata in the module.
The tool will use [[http://augeas.net|augeas]] as backend, which will manage the configuration files (open, edit and write), the tool will only offer a frontend to libaugeas and a separately curses interface, which will provide a form-like presentation of the file and will pass the files to the augeas tree for it to write it to the config file.
Line 37: Line 35:
There will be no problems with the migration since augeas manages all the config files, and it allows any formats and personal changes to them.
Line 39: Line 38:
First libaugeas is needed on the archives, then we need to write lenses for the most common files, when we are comfortable with the number of lenses the tool will start to be written.
Line 43: Line 43:
Augeas package is waiting for review on revu.
Line 45: Line 46:
Install a service, see if ucsa recognizes it and make some changes to the configuration. Then edit the config file by hand adding new directives (not supported by ucsa) and some comments, open ucsa again, make more changes and save again, it won't break anything.
Line 47: Line 49:

[[http://augeas.net|Augeas]] still doesn't have lenses for all services, it's needed first of all to write lenses for the most common services.

ddumont: Depending on the lense, Augeas may not provide validation of entered data. For instance, it is currently possible to
do "set /files/etc/ssh/sshd_config/Toto titi" and find an unvalid keyword in sshd_config. So Augeas is a great project, but a lot of work is still needed to provide a safe configuration tool for users.
Line 53: Line 60:
JonathanJesse: All backends must provide for reporting, especially a centralized reporting  system. A system admin needs to be able find the status across all devices (servers, workstations, mobile, etc). Also the admin will need to be able to answer the question: "How many of devices have X?" where X can be memory, program or other. I like that you are talking about XML arleady as it is great for storing data and transmiting that data. I feel that a web server does provide the graphical interface needed to present the data and make configuration changes.  See http://www.spiceworks.com for a free implementation of a process that provides inventory/network discovery/software deployment. For paid for services see http://www.altiris.com, http://landesk.com, http://kace.com. Note: I am a consultant on the Altiris product set and need to be careful this doesn't copy Altiris to closely if I am going to be involved in it. JonathanJesse: All backends must provide for reporting, especially a centralized reporting system. A system admin needs to be able find the status across all devices (servers, workstations, mobile, etc). Also the admin will need to be able to answer the question: "How many of devices have X?" where X can be memory, program or other. I like that you are talking about XML already as it is great for storing data and transmitting that data. I feel that a web server does provide the graphical interface needed to present the data and make configuration changes. See http://www.spiceworks.com for a free implementation of a process that provides inventory/network discovery/software deployment. For paid for services see http://www.altiris.com, http://landesk.com, http://kace.com. Note: I am a consultant on the Altiris product set and need to be careful this doesn't copy Altiris to closely if I am going to be involved in it.
Line 60: Line 67:
 * http://augeas.net/  * http://augeas.net/ : Unified API to edit system configuration files
 * Capistrano: http://www.capify.org/ - automating tasks via SSH on remote servers
 * Fabric : http://www.nongnu.org/fab/ - simple pythonic deployment
 * [[http://config-model.wiki.sourceforge.net/|Config::Model]] A Perl framework to provide common UI ([[http://freshmeat.net/projects/config-model-tkui/|Perl/TK]] and [[http://freshmeat.net/projects/config-model-cursesui/|Curses]]) for editing configuration files. Help is provided inline to users and entered data is validated at editing time. See [[http://freshmeat.net/projects/config-model-openssh/|sshd_config editor]] for instance. Also available on [[http://search.cpan.org/~ddumont/|CPAN]]
Line 64: Line 74:
mkaufmann: It would be a good Idea to integrate an Hardware/Software-Inventory. Since 8.04 OCS NG (see http://www.ocsinventory-ng.org/). With the Inventory the Admin have a good overview over the Clients and Servers in the local net. Björn Sundberg started a new Project, a OCS-Client written in Python (see: https://answers.launchpad.net/pyocsclient)

ddumont: Well, it depends on the scope of this project. Reading the summary, I think the scope is the user's machine, not a cluster.

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

Release Target: Ubuntu 10.04

Name: ucsa (Ubuntu Centralized Service Administrator)

Create a tool for centralized server administration, maintenance and configuration. This tool should provide an easy, but powerful user interface based on curses and have support for dynamic module inclusion to add support for new services or packages.

Release Note

Rationale

Ubuntu has the goal to be 'Linux for human beings', on the desktop the goal has been reached, but on the server side there is no easy and unique way to administrate, configure or maintain the services. Also the current recommended tools are web based (e.g. eBox), which involves running a web server and can be a security issue, or are GUI based, which are not adapted for the servers environments. Also the current tools are very limited and most of them make some non standard configurations files, which make difficult for sysadmins to tune their services.

Use Cases

Alice has a small business and wants to add some network services but she has no idea how to configure them. Alice can use the ucsa UI to help her do the job.

Bob installs a file server for his small business, he want to use a common configuration with some tunning at the end. Bob can use ucsa to do the base configuration and then edit the config files by hand to do the tuning.

Assumptions

The tool will allow users to manage configurations and to administrate the services. However, to fully integrate with the system, packages (services?) should provide a file (or a line in a centralized one) saying that it's installed. However we can change that and make the services provide the augeas lenses, so Ucsa will only open those services.

Design

The tool will use augeas as backend, which will manage the configuration files (open, edit and write), the tool will only offer a frontend to libaugeas and a separately curses interface, which will provide a form-like presentation of the file and will pass the files to the augeas tree for it to write it to the config file.

Migration

There will be no problems with the migration since augeas manages all the config files, and it allows any formats and personal changes to them.

Implementation

First libaugeas is needed on the archives, then we need to write lenses for the most common files, when we are comfortable with the number of lenses the tool will start to be written.

Rollout

Status

Augeas package is waiting for review on revu.

Test/Demo Plan

Install a service, see if ucsa recognizes it and make some changes to the configuration. Then edit the config file by hand adding new directives (not supported by ucsa) and some comments, open ucsa again, make more changes and save again, it won't break anything.

Outstanding Issues

Augeas still doesn't have lenses for all services, it's needed first of all to write lenses for the most common services.

ddumont: Depending on the lense, Augeas may not provide validation of entered data. For instance, it is currently possible to do "set /files/etc/ssh/sshd_config/Toto titi" and find an unvalid keyword in sshd_config. So Augeas is a great project, but a lot of work is still needed to provide a safe configuration tool for users.

BoF agenda and discussion

Meeting Notes 2008/05/??

Comments

JonathanJesse: All backends must provide for reporting, especially a centralized reporting system. A system admin needs to be able find the status across all devices (servers, workstations, mobile, etc). Also the admin will need to be able to answer the question: "How many of devices have X?" where X can be memory, program or other. I like that you are talking about XML already as it is great for storing data and transmitting that data. I feel that a web server does provide the graphical interface needed to present the data and make configuration changes. See http://www.spiceworks.com for a free implementation of a process that provides inventory/network discovery/software deployment. For paid for services see http://www.altiris.com, http://landesk.com, http://kace.com. Note: I am a consultant on the Altiris product set and need to be careful this doesn't copy Altiris to closely if I am going to be involved in it.

NealMcBurnett: note related discussions on the server team list about "Centrilized managment console", "More discussion: GUI, blogs, and pizza", "Bug 2 review pls", etc. at https://lists.ubuntu.com/archives/ubuntu-server/2008-June/thread.html

Note related projects like

mkaufmann: It would be a good Idea to integrate an Hardware/Software-Inventory. Since 8.04 OCS NG (see http://www.ocsinventory-ng.org/). With the Inventory the Admin have a good overview over the Clients and Servers in the local net. Björn Sundberg started a new Project, a OCS-Client written in Python (see: https://answers.launchpad.net/pyocsclient)

ddumont: Well, it depends on the scope of this project. Reading the summary, I think the scope is the user's machine, not a cluster.


CategorySpec

UbuntuCentralizedServiceAdministrator (last edited 2009-03-06 19:37:22 by 84)