Difference between revisions of "Platform Team/Server Kit/Mace"
m |
(Move Providers to sepparate section) |
||
Line 37: | Line 37: | ||
In addition to configuration files, Mace can process files with a {{Code|.env}} suffix. These files contain variable declarations in Bash syntax. The values of these variables might be entered in configuration files in the form of {{Code|@VARIABLE@}}, in which case they will be expanded to real values while applying the configuration. | In addition to configuration files, Mace can process files with a {{Code|.env}} suffix. These files contain variable declarations in Bash syntax. The values of these variables might be entered in configuration files in the form of {{Code|@VARIABLE@}}, in which case they will be expanded to real values while applying the configuration. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Configuration application == | == Configuration application == | ||
Line 60: | Line 54: | ||
If the sources path is not the default, {{Code|/etc/sugar-server}}, use the {{Code|--input}} argument to specify the right one. | If the sources path is not the default, {{Code|/etc/sugar-server}}, use the {{Code|--input}} argument to specify the right one. | ||
+ | |||
+ | == Providers == | ||
+ | |||
+ | Providers is the way how Mace can configure particular services. Providers don't contain high-level configuration logic, configuration will happen only basing on configuration sources passed to the Mace to process by these providers. At the same time, providers might do some extra work, e.g., | ||
+ | to make sure that service's directory are created. | ||
+ | |||
+ | Mace supports only a limited number of [http://api.sugarlabs.org/mace/pages/providers.html#supported-systems GNU/Linux distributions] and [http://api.sugarlabs.org/mace/pages/providers.html#list-of-providers services]. That's because Mace is supposed to be used mostly as a school server configuration tool. | ||
== Templates == | == Templates == | ||
Line 107: | Line 108: | ||
== Getting involved == | == Getting involved == | ||
− | + | Please read [http://api.sugarlabs.org/mace/pages/HACKING.html HACKING] file. | |
− | * | + | |
+ | == Resources == | ||
+ | |||
+ | * [http://git.sugarlabs.org/server/mace Sources]. | ||
+ | * [http://api.sugarlabs.org/mace Documentation] auto generated from sources. |
Revision as of 03:25, 7 August 2011
Summary
The mace is a tool to macke final configuration using source templates. Mace is supposed to help with configuration of services on Server based school servers.
These are the core differences compared with tools like Puppet or Cfengine:
- mace doesn't provide new metaphors, people need to follow the same configuration syntax for particular services;
- mace is not intended to be a unified system like Puppet or Cfenginei, it supports only a limited set of services (what Server based solution provides), but does it well, e.g., for iptables, just write rules, and the rest will be done by mace;
- mace doesn't function like a daemon, it just converts configuration sources to the final configuration on the final server, e.g., as a post procedure after installing packages;
- mace is designed to support intermediate customizing, i.e., the original configuration, provided by an upstream project, might be supplemented (not patched) in the downstream product before deploying to the final users.
Configuration sources
Sources for mace
are stored in GNU/Linux distribution agnostic manner in form of:
[<arbitrary-path>]/<service-name>.d/[<service-confile>]/<configuration-file>.conf
The service-confile
is optional and makes sense only if the configured service has several of them, e.g., Bind, or, if a singular configuration file was split at the Mace level into several parts to make it easy to configure, e.g., per IPTables table service-confile
s. The configuration-file
is a configuration file in a particular service configuration's syntax. All configuration-file
files will be merged by mace to the singular service-confile
file and placed in the appropriate distribution-specific directory. The purpose in having arbitrary-path
is that there might be several directories with the same service-name
s to make the configuration more flexible, i.e., it allows having several high-level configuration components in a project that configure the same service.
The following example shows how IPTables and Squid proxy might be configured:
<dir> +010.net <service> | +iptables.d <confile> | +nat <config> | +010.conf <dir> +020.proxy <service> +iptables.d <confile> | +nat <config> | +020.squid.conf <service> +squid.d <confile> +access <config> +010.acl.conf
See sugar-server-templates sources for a more complex examples.
Configuration variables
In addition to configuration files, Mace can process files with a .env
suffix. These files contain variable declarations in Bash syntax. The values of these variables might be entered in configuration files in the form of @VARIABLE@
, in which case they will be expanded to real values while applying the configuration.
Configuration application
Mace will apply a configuration sources tree to the real system by doing the following:
- walk through the sources tree to collect all configuration source files for each supported service;
- apply the configuration by writing the sources content to the proper configuration files for a particular service on the particular OS, the backup copies will be kept;
- ask the mace provider of a particular service to make sure that everything, related to this service, is good, e.g., check if Prosody SSL keys/certificates exist and are not expired, or check if Squid's swap is created;
- if a new configuration is different from a previous one, or if step 3 changed something in the system, restart this service;
- make sure that service will be started at boot time;
- if all the previous steps aborted due to failures, revert to the original configuration.
To start the applying process:
sudo mace apply -v
If the sources path is not the default, /etc/sugar-server
, use the --input
argument to specify the right one.
Providers
Providers is the way how Mace can configure particular services. Providers don't contain high-level configuration logic, configuration will happen only basing on configuration sources passed to the Mace to process by these providers. At the same time, providers might do some extra work, e.g., to make sure that service's directory are created.
Mace supports only a limited number of GNU/Linux distributions and services. That's because Mace is supposed to be used mostly as a school server configuration tool.
Templates
The project sugar-server-templates is intended to provide most of basic configurations that might be useful for schools servers. After installing it from packages, the final configuration might be composed by symlinking templates from /usr/share/sugar-server
directory to the directory where Mace will find it, by default in /etc/sugar-server
.
Testing routines
Before applying a configuration on a real system, it might be applied to a temporary directory (do not forget about --dry-services
argument to not restart services):
mace apply -o /tmp/test -v -S
Mace also supports several listing commands that just walk though the sources tree and print useful information about it:
mace ls
, list sources status for a particular directory;mace dirs
, list sources status by services;mace show
, interpret services status given bymace dirs
command;mace files
, list all configuration files.
The status legend is:
Symbol | Note |
---|---|
-
|
there are configuration files |
*
|
configuration files for the same service were found in more than one directory |
o
|
some of configuration files are overridden by files with the same name but from a different directory |
O
|
all configuration files are overridden by files with the same name but from a different directory |
h
|
some of configuration files are hidden by empty files with the same name but from a different directory |
H
|
all configuration files are hidden by empty files with the same name but from a different directory |
Getting involved
Please read HACKING file.
Resources
- Sources.
- Documentation auto generated from sources.