[Userops] a website manager

[Christophe Siraut]

Hi,

Installing web applications with a package manager is despite the name
like adding libraries to the system, they cannot be used per se. We need
a website manager: a tool for managing web application instances.
Here are two use cases:

 - Developing content locally and testing web applications:
   Jasmin writes poems, she thinks about publishing some on a website.
   She wants to experiment with that idea on her laptop before
   publishing on the web. She heard about CMS and decides to try a few
   of theses on her computer which runs GNU/Linux. (Current situation:
   she opens her package manager and successfully installs a bunch of
   CMS. But reading the documentation of these packages she feels
   uncomfortable about creating a vhost, changing database permissions,
   and other tasks needing administrative privileges and skills)

 - Shared web hosting: a local Linux group have a shared server, they
   provide their members with mailboxes and webspaces. They want to
   allow the users to create Wordpress instances with security patches
   provided by the distribution maintainers. (Current situation:
   modification of the vhost configuration happens through a web
   application running with high privileges in order to modify the web
   daemon configuration files. Obsolete Wordpress versions are installed
   and left unmaintained)

While other solutions add layers on top of standard configuration I
wonder if we could delegate a little of the system configuration (modify
dns records and virtual hosts, create databases and grant rights) to the
users, using an interface to validate the changes. It wouldn't probably
be considered as safe as a system were users have no rights, but the
point is precisely to empower users. What do you think of delegating
system administration tasks provided constraints and validation?

The website manager would enable users in the userops group to manage
their websites instances. Adding an instance makes it available to the
browser. If the required packages are already installed there is no need
to have sudo privileges. The package manager has the setuid attribute,
and is able to adapt (a small part of) DNS, web, and databases daemons
configuration, in respect to service safety constraints and quotas.

The implementation consists of a simplistic configuration management-like
tool, modular and recipes based. I am unsure about using a big
configuration management tool, because we want to define a very narrow
use of it. Using templates, parsers and system calls seems enough.

The most basic recipe is publishing an HTML website, it enables the user
to link a domain name to a directory in /srv/www (with a symlink in their
home) (For use case 1, a little dnsmasq option is enough for the DNS
part: in /etc/dnsmasq.d/userops.conf add address=/localhost.net/127.0.0.1)

For more complex recipes the website-manager creates a database and grants
usage on it, manages a vhost file, configures a per-user instance of
php-fpm/(g)unicorn/iojs. Configuration files and database manipulations
happens according to constraints and tests.

More ideas includes a cross distribution approach, a GUI, content
synchronisation facilities across local and remote instances, support
multiple web and database backends, shared SSL certificates.

Comments and feedback welcome! Do you know of an existing solution or
ongoing project? Sponsors? Contributors?

Cheers,
Christophe