Re: [Userops] a website manager

[Christopher Baines]

On 02/04/15 17:48, Christophe Siraut wrote:
> Installing web applications with a package manager is despite the name
> like adding libraries to the system, they cannot be used per se. We need
> a website manager: a tool for managing web application instances.

What do you mean by "they cannot be used per se"? Do you mean the
package does not fully configure and start the application?

> Here are two use cases:
> 
>  - Developing content locally and testing web applications:
>    Jasmin writes poems, she thinks about publishing some on a website.
>    She wants to experiment with that idea on her laptop before
>    publishing on the web. She heard about CMS and decides to try a few
>    of theses on her computer which runs GNU/Linux. (Current situation:
>    she opens her package manager and successfully installs a bunch of
>    CMS. But reading the documentation of these packages she feels
>    uncomfortable about creating a vhost, changing database permissions,
>    and other tasks needing administrative privileges and skills)
> 
>  - Shared web hosting: a local Linux group have a shared server, they
>    provide their members with mailboxes and webspaces. They want to
>    allow the users to create Wordpress instances with security patches
>    provided by the distribution maintainers. (Current situation:
>    modification of the vhost configuration happens through a web
>    application running with high privileges in order to modify the web
>    daemon configuration files. Obsolete Wordpress versions are installed
>    and left unmaintained)
> 
> While other solutions add layers on top of standard configuration I
> wonder if we could delegate a little of the system configuration (modify
> dns records and virtual hosts, create databases and grant rights) to the
> users, using an interface to validate the changes. It wouldn't probably
> be considered as safe as a system were users have no rights, but the
> point is precisely to empower users. What do you think of delegating
> system administration tasks provided constraints and validation?
> 
> The website manager would enable users in the userops group to manage
> their websites instances. Adding an instance makes it available to the
> browser. If the required packages are already installed there is no need
> to have sudo privileges. The package manager has the setuid attribute,
> and is able to adapt (a small part of) DNS, web, and databases daemons
> configuration, in respect to service safety constraints and quotas.
> 
> The implementation consists of a simplistic configuration management-like
> tool, modular and recipes based. I am unsure about using a big
> configuration management tool, because we want to define a very narrow
> use of it. Using templates, parsers and system calls seems enough.
> 
> The most basic recipe is publishing an HTML website, it enables the user
> to link a domain name to a directory in /srv/www (with a symlink in their
> home) (For use case 1, a little dnsmasq option is enough for the DNS
> part: in /etc/dnsmasq.d/userops.conf add address=/localhost.net/127.0.0.1)
> 
> For more complex recipes the website-manager creates a database and grants
> usage on it, manages a vhost file, configures a per-user instance of
> php-fpm/(g)unicorn/iojs. Configuration files and database manipulations
> happens according to constraints and tests.
> 
> More ideas includes a cross distribution approach, a GUI, content
> synchronisation facilities across local and remote instances, support
> multiple web and database backends, shared SSL certificates.
> 
> Comments and feedback welcome! Do you know of an existing solution or
> ongoing project? Sponsors? Contributors?

Debian has Debconf, the configuration management system for Debian
packages, which integrates in to the package management system.

I didn't quite grasp all of the above, but I think debconf can solve the
first use case, and I am not familiar enough with Wordpress to comment
on the second.

I am not very familiar with it, but it enables packages to ask the user
questions during installation. The answers can then be used by the
package installation scripts.

For example, one package which does this well in my experience is
tt-rss. When you install tt-rss, it will sort out the database (this is
actually delegated to the dbconfig-common package), ask the full url is
that they want (e.g. http://example.org/tt-rss/ ) and ask them if they
want a web server configured (e.g. apache2, lighttpd). Once the package
has finished installing, then tt-rss is ready to be used.

signature.asc
Description: OpenPGP digital signature