[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Errors Packaging Nebula

On 7/4/21 3:34 PM, Nilesh Patra wrote:
> I have something to ask here, before upload:
>
> You are installing the example config.yml into /etc right?
>
> I feel being an example file, it really should be installed as an example, i.e. d/example
> Installing something in /etc/ would essentially mean that it is a "default" config file
> 	- It does not look like a good default, since it seems to bind via ports, assumes users and groups, etc
> 	- It also sources things from /etc/nebula/*.crt -- and these things will not be installed when installing the package
> 	- Hence, the systemd service will fail at start unless user manually fixes all of it and starts the service
>
> Can you make a saner default (i.e. config.yml for nebula)?
> If not, it might be better to remove this altogether and install as example instead, and leave the onus on user to set it up
>
> Or, you could write a maintainer script to ask these questions during installation and make a sane default config.yml

Yes, most people start from that example script. From my understanding,
there's no default combination of options that would prevent the service
from failing; users need to generate key pairs to use Nebula. I think it
would save users a lot of time to install a stub configuration file in
/etc/nebula with a accompanying systemd file. That way, there's an easy
and standard method to configure it. I could write a script if necessary
but I don't feel like this would provide the best user experience since
users would have to enter the paths to key files. This would be error
prone and accomplished much better interactively.

Here are the reasonable options as I see it:

(1) Create a reasonable configuration file which lacks the key files. On
installation, the user would be notified to generate the keys and move
them into the proper directory. (With example commands to make it easy.)

(2) Don't package a configuration file and notify the user to create it.

(3) Just package the binaries.

I personally like option (1) since it would require the least work on
behalf of the user. (And this is how I'm guessing the vast majority of
users scaffold it.) But, it would still fail if they started the unit
before configuring Nebula. Let me know what you think.

>
>> [2] https://salsa.debian.org/go-team/packages/golang-github-flynn-noise
>
> Uploaded this, with a few changes.
>
> * You removed vectors.txt in d/rules, however that'd make autopkgtests fail because it wouldn't be able to
> find that in an installed package
> * Minor fix in copyright
>
> All changes pushed to salsa, please take a look
>
>> [3]
>> https://salsa.debian.org/go-team/packages/golang-github-nbrownus-go-metrics-prometheus

Looks great. I was trying to avoid installing 2M of test data. Since
these are just build libraries, it might not be a concern.

> For this one, it looks like a fork of https://github.com/deathowl/go-metrics-prometheus
> and the original repo looks more frequently updated. Would it not be possible to package the original and patch out the import paths?
>
> If not, will it not be possible to merge changes into the original repo?
> IMO, packaging fork is suboptimal, unless the original one is abandoned and/or unmaintained and someone is willing to maintain fork long time
> which doesn't seem to be the case here.

You're correct: it's not ideal. The fork is maintained by the author of
Nebula. There's an open pull that seems like it won't be resolved
anytime soon. I messaged him asking about import path substitution. I'll
let you know what I learn. Would merging these changes into the upstream
be a blocking requirement?

>
>> [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990682
>
> It seems like you opened 2 ITPs for this one by mistake, I reopened both and forcemerged them
> Please note: Record your ownder as: "Alex David <flu0r1ne@flu0r1ne.net>" In future, as
> control@bugs.d.o can reach you easily if you do that for processing replies.
>
> Once you reply my questions above, and it looks fine, I'll upload right away. Thank you for your work! :)
>
> PS: Your email client seems to be appending a blank line after every line of reply you type,
> and it's a bit annoying to quote long emails from you. Can you please fix this?
> Also, do I need to reply to you and CC the list everytime, or are you already subscribed and I simply reply to the list?

Okay, I'm a youngin' and didn't grow up with listservs and such :) Let
me know if this email is formatted correctly.

Best,

Alex
Reply to: