Difference between revisions of "Platform Team/Server Kit/Mace"

From Sugar Labs
Jump to navigation Jump to search
m
Line 3: Line 3:
 
The mace is a tool to ma<strike>c</strike>ke final configuration using source templates. Mace is supposed to help with configuration of services on Server based school servers.
 
The mace is a tool to ma<strike>c</strike>ke final configuration using source templates. Mace is supposed to help with configuration of services on Server based school servers.
  
The core differences with tools like Puppet or Cfengine:
+
These are the core differences compared with tools like Puppet or Cfengine:
  
 
* mace doesn't provide new metaphors, people need to follow the same configuration syntax for particular services;
 
* mace doesn't provide new metaphors, people need to follow the same configuration syntax for particular services;
* mace is not intended to be an unified system like Puppet or Cfenginei, it supports only limited set of services (what Server based solution provides) but does it well, e.g., for iptables just write rules and the rest will be done by mace;
+
* mace is not intended to be a unified system like Puppet or Cfenginei, it supports only a limited set of services (what Server based solution provides), but does it well, e.g., for iptables, just write rules, and the rest will be done by mace;
 
* mace doesn't function like a daemon, it just converts configuration sources to the final configuration on the final server, e.g., as a post procedure after installing packages;
 
* mace doesn't function like a daemon, it just converts configuration sources to the final configuration on the final server, e.g., as a post procedure after installing packages;
* mace is designed to support intermediate customizing, i.e., the original configuration, provided by upstream project, might be supplemented (not patched) in downstream product before deploying to the final users.
+
* mace is designed to support intermediate customizing, i.e., the original configuration, provided by an upstream project, might be supplemented (not patched) in the downstream product before deploying to the final users.
  
 
== Configuration sources ==
 
== Configuration sources ==
Line 16: Line 16:
 
  [<arbitrary-path>]/<service-name>.d/[<service-confile>]/<configuration-file>.conf
 
  [<arbitrary-path>]/<service-name>.d/[<service-confile>]/<configuration-file>.conf
  
The {{Code|service-confile}} is optional and makes sense only if the configured service has several of them, e.g., Bind. The {{Code|configuration-file}} are configuration files in a particular service configuration syntax. All {{Code|configuration-file}} files will be merged to the singular {{Code|service-confile}} file and placed in the specific directory, depending on the particular GNU/Linux distribution, by mace.
+
The {{Code|service-confile}} is optional and makes sense only if the configured service has several of them, e.g., Bind. The {{Code|configuration-file}} is a configuration file in a particular service configuration's syntax. All {{Code|configuration-file}} files will be merged by mace to the singular {{Code|service-confile}} file and placed in the appropriate distribution-specific directory.
  
 
The purpose in having {{Code|arbitrary-path}} is that there might be several directories with the same {{Code|service-name}}s to make the configuration more flexible, i.e., it allows having several high-level configuration components in a project that configure the same service. Subsequent configuration might:
 
The purpose in having {{Code|arbitrary-path}} is that there might be several directories with the same {{Code|service-name}}s to make the configuration more flexible, i.e., it allows having several high-level configuration components in a project that configure the same service. Subsequent configuration might:
Line 24: Line 24:
 
* hide previous configurations by having empty files with the same {{Code|arbitrary-path}} or {{Code|service-name}} name.
 
* hide previous configurations by having empty files with the same {{Code|arbitrary-path}} or {{Code|service-name}} name.
  
Such rules will be applied while walking within the root configuration directories tree when directory and file names are sorted alphabetically. The following example demonstrates the virtual tree of upstream configuration with several high-level components and how downstream tunes them:
+
Such rules will be applied while walking within the root configuration directories tree when directory and file names are sorted alphabetically. The following example demonstrates the virtual tree of upstream configuration with several high-level components and shows how downstream tunes them:
  
 
  <dir>    +upstrem
 
  <dir>    +upstrem
Line 40: Line 40:
 
  <empty>    +0300.proxy
 
  <empty>    +0300.proxy
  
See [http://git.sugarlabs.org/server/base/trees/master/etc sugar-server-base sources] for more complex example.
+
See [http://git.sugarlabs.org/server/base/trees/master/etc sugar-server-base sources] for a more complex example.
  
== Configuration applying ==
+
== Configuration application ==
  
Having configuration sources tree, mace will apply it to the real system by doing:
+
Mace will apply a configuration sources tree to the real system by doing the following:
  
 
# walk through the sources tree to collect all configuration source files for each supported service;
 
# walk through the sources tree to collect all configuration source files for each supported service;
# apply particular service configuration by saving files, the backup copies will be kept;
+
# apply the particular service configuration by saving files, the backup copies will be kept;
# ask mace provider of particular service to make sure that everything, related to this services, is good, e.g., check if Prosody SSL keys/certificates exist and not expired or if Squid's swap is created;
+
# ask mace provider of particular service to make sure that everything, related to this service, is good, e.g., check if Prosody SSL keys/certificates exist and are not expired, or check if Squid's swap is created;
# if new configuration is different to previous one or if 3) changed something in the system, restart this service;
+
# if a new configuration is different from a previous one, or if step 3 changed something in the system, restart this service;
# make sure if service will be started at boot time;
+
# make sure that service will be started at boot time;
# if all previous steps aborted due to fails, revert original configuration.
+
# if all the previous steps aborted due to failures, revert to the original configuration.
  
 
== Testing routines ==
 
== Testing routines ==
  
Before applying configuration on real system, it might be done to the temporary directory (do not forget about {{Code|--dry-services}} argument to not restart services):
+
Before applying a configuration on a real system, it might be applied to a temporary directory (do not forget about {{Code|--dry-services}} argument to not restart services):
  
 
  mace apply -o /tmp/test -S
 
  mace apply -o /tmp/test -S
Line 61: Line 61:
 
Mace also supports several listing commands that just walk though the sources tree and print useful information about it:
 
Mace also supports several listing commands that just walk though the sources tree and print useful information about it:
  
* {{Code|mace ls}}, list sources status for particular directory;
+
* {{Code|mace ls}}, list sources status for a particular directory;
 
* {{Code|mace dirs}}, list sources status by services;
 
* {{Code|mace dirs}}, list sources status by services;
 
* {{Code|mace show}}, interpret services status given by {{Code|mace dirs}} command;
 
* {{Code|mace show}}, interpret services status given by {{Code|mace dirs}} command;
Line 80: Line 80:
 
|-
 
|-
 
| {{Code|o}}
 
| {{Code|o}}
| some of configuration files are overridden by files with the same name but from different directory
+
| some of configuration files are overridden by files with the same name but from a different directory
 
|-
 
|-
 
| {{Code|O}}
 
| {{Code|O}}
| all configuration files are overridden by files with the same name but from different directory
+
| all configuration files are overridden by files with the same name but from a different directory
 
|-
 
|-
 
| {{Code|h}}
 
| {{Code|h}}
| some of configuration files are hidden by empty files with the same name but from different directory
+
| some of configuration files are hidden by empty files with the same name but from a different directory
 
|-
 
|-
 
| {{Code|H}}
 
| {{Code|H}}
| all configuration files are hidden by empty files with the same name but from different directory
+
| all configuration files are hidden by empty files with the same name but from a different directory
 
|-
 
|-
 
|}
 
|}

Revision as of 10:12, 11 June 2011

Summary

The mace is a tool to macke final configuration using source templates. Mace is supposed to help with configuration of services on Server based school servers.

These are the core differences compared with tools like Puppet or Cfengine:

  • mace doesn't provide new metaphors, people need to follow the same configuration syntax for particular services;
  • mace is not intended to be a unified system like Puppet or Cfenginei, it supports only a limited set of services (what Server based solution provides), but does it well, e.g., for iptables, just write rules, and the rest will be done by mace;
  • mace doesn't function like a daemon, it just converts configuration sources to the final configuration on the final server, e.g., as a post procedure after installing packages;
  • mace is designed to support intermediate customizing, i.e., the original configuration, provided by an upstream project, might be supplemented (not patched) in the downstream product before deploying to the final users.

Configuration sources

Sources for mace are stored in GNU/Linux distribution agnostic manner in form of:

[<arbitrary-path>]/<service-name>.d/[<service-confile>]/<configuration-file>.conf

The service-confile is optional and makes sense only if the configured service has several of them, e.g., Bind. The configuration-file is a configuration file in a particular service configuration's syntax. All configuration-file files will be merged by mace to the singular service-confile file and placed in the appropriate distribution-specific directory.

The purpose in having arbitrary-path is that there might be several directories with the same service-names to make the configuration more flexible, i.e., it allows having several high-level configuration components in a project that configure the same service. Subsequent configuration might:

  • supplement a previous configuration by adding new configuration-files,
  • override a previous configuration by having the same configuration-file name with new content,
  • hide previous configurations by having empty files with the same arbitrary-path or service-name name.

Such rules will be applied while walking within the root configuration directories tree when directory and file names are sorted alphabetically. The following example demonstrates the virtual tree of upstream configuration with several high-level components and shows how downstream tunes them:

<dir>    +upstrem
<dir>    |  +0100.base
<dir>    |  |  +iptables.d
<config> |  |     +0100.conf
<dir>    |  +0300.proxy
<dir>    |     +iptables.d
<config> |     |  +0300.squid.conf
<dir>    |     +squid.d
<dir>    +downstream
<dir>       +0100.base
<dir>       |  +iptables.d
<config>    |     +0110.addons.conf
<empty>     +0300.proxy

See sugar-server-base sources for a more complex example.

Configuration application

Mace will apply a configuration sources tree to the real system by doing the following:

  1. walk through the sources tree to collect all configuration source files for each supported service;
  2. apply the particular service configuration by saving files, the backup copies will be kept;
  3. ask mace provider of particular service to make sure that everything, related to this service, is good, e.g., check if Prosody SSL keys/certificates exist and are not expired, or check if Squid's swap is created;
  4. if a new configuration is different from a previous one, or if step 3 changed something in the system, restart this service;
  5. make sure that service will be started at boot time;
  6. if all the previous steps aborted due to failures, revert to the original configuration.

Testing routines

Before applying a configuration on a real system, it might be applied to a temporary directory (do not forget about --dry-services argument to not restart services):

mace apply -o /tmp/test -S

Mace also supports several listing commands that just walk though the sources tree and print useful information about it:

  • mace ls, list sources status for a particular directory;
  • mace dirs, list sources status by services;
  • mace show, interpret services status given by mace dirs command;
  • mace files, list all configuration files.

The status legend is:

Symbol Note
- there are configuration files
* there are several configuration files for the service that will be merged to the same final configuration file
o some of configuration files are overridden by files with the same name but from a different directory
O all configuration files are overridden by files with the same name but from a different directory
h some of configuration files are hidden by empty files with the same name but from a different directory
H all configuration files are hidden by empty files with the same name but from a different directory