Re: [rfc] New package idea with policy problems
On Fri, Jun 09, 2000 at 10:33:12PM +1000, Anthony Towns wrote:
> On Thu, Jun 08, 2000 at 07:52:09PM +0100, Roger Gammans wrote:
> > Proposal for Configuration Scheme Management System/Package
> > ==========================================================
> > This a proposal for a package called `sites', although schemes might
> > be a better name this is avoided due to limit confusion with a certain
> > programming language.
>
> Hmmm.
>
> I've written support for something similar for the ifup/ifdown
> utilities. It works at a finer granularity than PCMCIA schemes, so you
>[snip]
> How I'm doing this is somewhat different to what you're doing. First, I,
> personally, don't care for moving config files about and doing symlinks
> and such, so instead I modify them in place with little perl fragments.
> That's not such a big deal.
It depends. I want some pretty general applicability, I have
no knowledge know of what sites I will meet in the future, I
don't what to sudden have to code a new conffile parser when I
on a customers site fighting their broken DECnet for instance.
The symlinks technique while being a tad messy has two points in
it favour for me:-
1) bugs in the parser aren't going to accidently trash a conffile,
and that always happens at the worst time of course, as there
is no parser.
2) It provides a quick safety check to see the conffiles are
in `order' before doing anything.
> Hmmm. I've uploaded ifupdwon 0.6.0 (which is current) to
> ifupdown.sourceforge.net. You should be able to download and compile it
> (diverting the /sbin/ifup and /sbin/ifdown binaries netbase provides,
> if you like) and have a look at it. I haven't updated the documentation
> yet (tsk), but you can test most of the new features with something like:
Ok I'll have a look. I might save me some time.
> > All schemes must contain all the listed configuration files for all the
> > interesting packages, although this does not preclude such files being
> > symlinks to the another configuration schemes equivalent.[1]
>
> I'm not doing that this way: for me, the scripts in /etc/netword/if-*.d/
> will only do anything at all if the appropriate parameter is listed in the
> interfaces file. So since DHCP servers generally tell me the name-server,
> I don't bother specifying that by hand, and just let the DHCP server
> work it out. When I'm disconnected, I don't have a nameserver at all,
> or I have whatever might've gotten left around by my DHCP client.
I think this is the essential difference between our approaches,
I am try to configure the machine as a whole, partly as some services such
as NIS can be fairly talkative, but also because I have a
number of different roles in mind for my machines. Plus I doubt
in many cases for me I'll have a working DHCP server to hand.
> > At switch time the following occurs,[2]
>
> Similarly, I don't have a "switch" operation: you can only down an
> interface, and then bring it back up as something else.
This isn't such a bad idea consider my notebook spends most of it's
time in my car Boot suspended to disk, so it would be -configured-
to the last site even though it's disconnected.
But it doesn't necessarily solve the system services problems partly
because unix tends not to be strong-ended.
> > Installation
> > ------------
> > This is tricky I can't see what it can do safely, sensibly and within
> > policy. If the rest of it hasn't blown policy right out of the water.
>
> conffiles should never be automatically changed, but then, they should
> never *need* to be automatically changed either.
>
> Changing ordinary config files, specifically at the request of the admin
> is fine, of course.
>
> I'm not sure how maintainer scripts would cope with the config files being
> symlinks, but I imagine they should work okay.
> > Removal
> > -------
> > Umm The same applies here really. Purging the package could be
> > messy, unless it resets it cofniguration on removal. If so
> > how should it determine which scheme to use.
>
> Whatever the current scheme is? Prompt the admin?
Yes, that makes sense prompt the admin to the scheme to use
with the default as the surrent scheme.
> > Aware Packages
> > --------------
>
> I'd hope most packages could become aware of this and provide scripts in
> /etc/network/if*.d/. Things that come to mind are changing the upstream
> proxy for squid on a laptop, changing news servers, starting particular
> services (NFS, portmap, a web server) only on some particular networks,
> and so forth.
Well quite. That was exactly what I had in mind, but it my
scheme they only need a custom script if the configuration technique
is truly unsual.
TTFN
--
Roger
Fear is finding cthulhu.tiff in your home directory.
Reply to: