Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Server Development (http://www.linux-archive.org/ubuntu-server-development/)
-   -   webmin, zentyal, conf file policy, etc (http://www.linux-archive.org/ubuntu-server-development/709169-webmin-zentyal-conf-file-policy-etc.html)

Neal McBurnett 10-02-2012 10:58 PM

webmin, zentyal, conf file policy, etc
 
This is an effort to get the webmin and ubuntu folks a little closer on the current status. To review, years ago webmin was dropped from Debian and Ubuntu:

Why was webmin dropped? Question #2873 : Questions : Ubuntu
https://answers.launchpad.net/ubuntu/+question/2873

Recently Joe from webmin wrote that there was confusion between the debian webmin package and the webmin's own upstream packages for debian:

Do Webmin and Virtualmin really break Ubuntu? | Virtualmin
https://www.virtualmin.com/node/21110

Related to all this is something Soren wrote in email about turnkey linux: 2010-01-04T08:10:27-0700

If a package upgrade includes a change to a conffile (a configuration file managed by dpkg) compared to the version installed by the old version of the package, and you have made changes to said conffile, you will be prompted about these changes. If, however, something else (e.g. webmin) has made these changes on your behalf, you will be prompted about changes you have not made to a conffile you likely have never heard of. I'm just saying that this is not acceptable, which is a major reason why webmin is not supported in Debian and Ubuntu, because this is /exactly/ what webmin does /all the time/.

I don't have time to look at this again, but I wonder if someone who is current on the policy and support issues could look at the upstream webmin packages, respond on the webmin page to try to clarify things, and answer the Ubuntu question with both the official policy and the practical upsides and downsides of webmin, and how zentyal does (or does not) deal with the conf file policy issues involved.

Or perhaps it would be more effective to just open this as a question on askubuntu, which has lots of references to webmin, but no discussion like this that I see....

Cheers,

Neal McBurnett http://neal.mcburnett.org/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Scott Kitterman 10-03-2012 02:45 AM

webmin, zentyal, conf file policy, etc
 
On Tuesday, October 02, 2012 04:58:37 PM Neal McBurnett wrote:
> This is an effort to get the webmin and ubuntu folks a little closer on the
> current status. To review, years ago webmin was dropped from Debian and
> Ubuntu:
>
> Why was webmin dropped? Question #2873 : Questions : Ubuntu
> https://answers.launchpad.net/ubuntu/+question/2873
>
> Recently Joe from webmin wrote that there was confusion between the debian
> webmin package and the webmin's own upstream packages for debian:
>
> Do Webmin and Virtualmin really break Ubuntu? | Virtualmin
> https://www.virtualmin.com/node/21110
>
> Related to all this is something Soren wrote in email about turnkey linux:
> 2010-01-04T08:10:27-0700
>
> If a package upgrade includes a change to a conffile (a configuration file
> managed by dpkg) compared to the version installed by the old version of
> the package, and you have made changes to said conffile, you will be
> prompted about these changes. If, however, something else (e.g. webmin)
> has made these changes on your behalf, you will be prompted about changes
> you have not made to a conffile you likely have never heard of. I'm just
> saying that this is not acceptable, which is a major reason why webmin is
> not supported in Debian and Ubuntu, because this is /exactly/ what webmin
> does /all the time/.

This is a violation of Debian and (Ubuntu) policy. See
http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

The claims by Webmin people to try and work the way the OS expects are just
nonsense in this regard (it may be perfectly true in others). I don't know if
Zentyal is any better.

> I don't have time to look at this again, but I wonder if someone who is
> current on the policy and support issues could look at the upstream webmin
> packages, respond on the webmin page to try to clarify things, and answer
> the Ubuntu question with both the official policy and the practical upsides
> and downsides of webmin, and how zentyal does (or does not) deal with the
> conf file policy issues involved.
>
> Or perhaps it would be more effective to just open this as a question on
> askubuntu, which has lots of references to webmin, but no discussion like
> this that I see....

The policy is clear and if they aren't supporting it, I'm not sure what
conversation there is to have. There are ways to solve problems like this.
As an example, I wrote postfix-add-filter and postfix-add-policy to give (beyond
what you can do with postconf) external packages some ability to modify postfix
configuration in a policy compliant way.

It's been awhile, but the only time I recall seeing a postfix configuration
accidentally completely missing on an Ubuntu box was when I was helping
someone who used webmin (I only saw it once and it was several years ago now,
so it may be perfectly reliable now, but my limited interactions with it have
not been encouraging).

If the Webmin people want to produce policy compliant packages, then I think
we should help them, but AFAIK they don't.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

"Tyler J. Wagner" 10-03-2012 11:08 AM

webmin, zentyal, conf file policy, etc
 
On 2012-10-03 03:45, Scott Kitterman wrote:
> On Tuesday, October 02, 2012 04:58:37 PM Neal McBurnett wrote:
>> If a package upgrade includes a change to a conffile (a configuration file
>> managed by dpkg) compared to the version installed by the old version of
>> the package, and you have made changes to said conffile, you will be
>> prompted about these changes. If, however, something else (e.g. webmin)
>> has made these changes on your behalf, you will be prompted about changes
>> you have not made to a conffile you likely have never heard of. I'm just
>> saying that this is not acceptable, which is a major reason why webmin is
>> not supported in Debian and Ubuntu, because this is /exactly/ what webmin
>> does /all the time/.
>
> This is a violation of Debian and (Ubuntu) policy. See
> http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

I'm not sure that's entirely fair. One could view Webmin as an attempt to
replicate CLI configuration of your system with web-based GUI
configuration. In that regard, the fact that it edits your config files in
/etc/ is fine with me. I suppose Debian policy wants some kind of
separation such that config files in /etc/ all have hooks into /var/, where
webmin is allowed to make edits?

That is silly. Debian policy in this regard is that software isn't allowed
to edit files in /etc/ for you. Since that is webmin's entire raison
d'Ítre, it is software non grata.

Anyway, installing webmin on Debian or Ubuntu is easy. Deb files are on the
website, or you can use Virtualmin's repo (which has webmin in it):

deb http://software.virtualmin.com/gpl/ubuntu/ virtualmin-lucid main
deb http://software.virtualmin.com/gpl/ubuntu/ virtualmin-universal main

Regards,
Tyler

--
"You'll thank me when you share my politics!"
-- Ryan North in "Dinosaur Comics"

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Scott Kitterman 10-03-2012 01:05 PM

webmin, zentyal, conf file policy, etc
 
On Wednesday, October 03, 2012 12:08:45 PM Tyler J. Wagner wrote:
> On 2012-10-03 03:45, Scott Kitterman wrote:
> > On Tuesday, October 02, 2012 04:58:37 PM Neal McBurnett wrote:
> >> If a package upgrade includes a change to a conffile (a configuration
> >> file
> >>
> >> managed by dpkg) compared to the version installed by the old version of
> >> the package, and you have made changes to said conffile, you will be
> >> prompted about these changes. If, however, something else (e.g. webmin)
> >> has made these changes on your behalf, you will be prompted about changes
> >> you have not made to a conffile you likely have never heard of. I'm just
> >> saying that this is not acceptable, which is a major reason why webmin is
> >> not supported in Debian and Ubuntu, because this is /exactly/ what webmin
> >> does /all the time/.
> >
> > This is a violation of Debian and (Ubuntu) policy. See
> > http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files
>
> I'm not sure that's entirely fair. One could view Webmin as an attempt to
> replicate CLI configuration of your system with web-based GUI
> configuration. In that regard, the fact that it edits your config files in
> /etc/ is fine with me. I suppose Debian policy wants some kind of
> separation such that config files in /etc/ all have hooks into /var/, where
> webmin is allowed to make edits?
>
> That is silly. Debian policy in this regard is that software isn't allowed
> to edit files in /etc/ for you. Since that is webmin's entire raison
> d'Ítre, it is software non grata.
>
> Anyway, installing webmin on Debian or Ubuntu is easy. Deb files are on the
> website, or you can use Virtualmin's repo (which has webmin in it):
>
> deb http://software.virtualmin.com/gpl/ubuntu/ virtualmin-lucid main
> deb http://software.virtualmin.com/gpl/ubuntu/ virtualmin-universal main

It's not a question of fair or not fair. The policy is what it is for good
reasons. It does not say that external packages are not allowed to change
configuration, but that they have to do so via a program provided by the
package. This gives a defined interface and reduces the risk of incorrect
changes. I think this makes a lot of sense.

Webmin could work with either upstreams or Debian/Ubuntu developers to add the
programs necessary to make the configuration changes it makes in a policy
compliant way. It would be a significant piece of work, but I think it would
result in a more robust system.

Webmin isn't "software non grata", it's just being asked to play by the rules
everyone else has to play by. I don't have any real opinion on how well it
works or it doesn't as is, but (while not strictly required for external
packages) I think complying with policy is a good idea and ultimately results
in a better operating system.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

"Tyler J. Wagner" 10-03-2012 01:22 PM

webmin, zentyal, conf file policy, etc
 
On 2012-10-03 14:05, Scott Kitterman wrote:
> It's not a question of fair or not fair. The policy is what it is for good
> reasons. It does not say that external packages are not allowed to change
> configuration, but that they have to do so via a program provided by the
> package. This gives a defined interface and reduces the risk of incorrect
> changes. I think this makes a lot of sense.

I agree, but the problem is that most programs don't have this. If you are
lucky, a program supports "change the configuration files and SIGHUP the
daemon". Why doesn't Debian policy require them have this interface? In the
absence of that requirement, the onus is on the webmin team to do their
work for them.

Regards,
Tyler

--
"To have a child is to give fate a hostage."
-- John F. Kennedy

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Scott Kitterman 10-03-2012 01:30 PM

webmin, zentyal, conf file policy, etc
 
On Wednesday, October 03, 2012 02:22:26 PM Tyler J. Wagner wrote:
> On 2012-10-03 14:05, Scott Kitterman wrote:
> > It's not a question of fair or not fair. The policy is what it is for
> > good
> > reasons. It does not say that external packages are not allowed to change
> > configuration, but that they have to do so via a program provided by the
> > package. This gives a defined interface and reduces the risk of incorrect
> > changes. I think this makes a lot of sense.
>
> I agree, but the problem is that most programs don't have this. If you are
> lucky, a program supports "change the configuration files and SIGHUP the
> daemon". Why doesn't Debian policy require them have this interface? In the
> absence of that requirement, the onus is on the webmin team to do their
> work for them.

There are tens of thousands of packages in the Debian archive. Only a small
fraction would benefit from such a capability. I general requirement is
overkill.

Fundamentally this runs into the problem of there being no standard method in
the *nix world of defining and managing configuration. There are some attempts,
like augeaus. A middle ground would be for webmin to implement support for a
preferred tool like augeaus and then prefer to use it's interface for
applications that ship an augeaus lens (I think that's what they are called).

That would allow webmin to (with a manageable amount of work) support a common
interface standard that upstreams or package maintainers could support (and
would useful on lots of distros, not just Debian and it's derivatives).

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Neal McBurnett 10-03-2012 01:34 PM

webmin, zentyal, conf file policy, etc
 
On Wed, Oct 03, 2012 at 02:22:26PM +0100, Tyler J. Wagner wrote:
> On 2012-10-03 14:05, Scott Kitterman wrote:
> > It's not a question of fair or not fair. The policy is what it is for good
> > reasons. It does not say that external packages are not allowed to change
> > configuration, but that they have to do so via a program provided by the
> > package. This gives a defined interface and reduces the risk of incorrect
> > changes. I think this makes a lot of sense.
>
> I agree, but the problem is that most programs don't have this. If you are
> lucky, a program supports "change the configuration files and SIGHUP the
> daemon". Why doesn't Debian policy require them have this interface? In the
> absence of that requirement, the onus is on the webmin team to do their
> work for them.

How does ebox/zentyal deal with this?

Neal McBurnett http://neal.mcburnett.org/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Scott Kitterman 10-03-2012 01:50 PM

webmin, zentyal, conf file policy, etc
 
On Wednesday, October 03, 2012 07:34:16 AM Neal McBurnett wrote:
> On Wed, Oct 03, 2012 at 02:22:26PM +0100, Tyler J. Wagner wrote:
> > On 2012-10-03 14:05, Scott Kitterman wrote:
> > > It's not a question of fair or not fair. The policy is what it is for
> > > good
> > > reasons. It does not say that external packages are not allowed to
> > > change
> > > configuration, but that they have to do so via a program provided by the
> > > package. This gives a defined interface and reduces the risk of
> > > incorrect
> > > changes. I think this makes a lot of sense.
> >
> > I agree, but the problem is that most programs don't have this. If you are
> > lucky, a program supports "change the configuration files and SIGHUP the
> > daemon". Why doesn't Debian policy require them have this interface? In
> > the
> > absence of that requirement, the onus is on the webmin team to do their
> > work for them.
>
> How does ebox/zentyal deal with this?

Generally, I don't know. I did take a brief look at the ebox mail package
once and it kept a copy of the postfix configs in a non-standard location, left
the normal configuration files alone and then forced postfix to use it's own. My
vague recollection is that it seemed better, but still not policy compliant.

That was a very early version of the package (it wasn't in the Ubuntu archive
yet) so it may be totally different.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam


All times are GMT. The time now is 02:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.